6.44beta50 changelog:
Important note!!! Backup before upgrade!Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
*) bgp - properly update keepalive time after peer restart;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed IPv6 link-local address generation when auto-mac=yes;
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) cloud - added "ddns-update-interval" parameter;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - properly remove system note after configuration reset;
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) lte - added "ecno" field for "info" command;
*) lte - disallow setting LTE interface as passthrough target;
*) lte - fixed passthrough functionality when interface is removed;
*) lte - improved SimCom 7100e support;
*) lte - increased reported "rsrq" precision;
*) lte - reset USB when non-default slot is used;
*) package - use bundled package by default if standalone packages are installed as well;
*) ppp - added "at-chat" command;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) ssh - fixed public key format compatibility with RFC4716;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) traceroute - improved stability when sending large ping amounts;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) user - require "write" permissions for LTE firmware update;
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - fixed missing w60g interface status values;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) wireless - improvements in wireless frequency selection;
*) wireless - improved system stability for all ARM devices with wireless;
Other changes since v6.43.7:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Download the new 'RouterOS 6.44beta50' version here: https://www.mikrotik.com/download
0 Коментара
Recommended Comments
Няма коментари.
Създайте нов акаунт или се впишете, за да коментирате
За да коментирате, трябва да имате регистрация
Създайте акаунт
Присъединете се към нашата общност. Регистрацията става бързо!
Регистрация на нов акаунтВход
Имате акаунт? Впишете се оттук.
Вписване