Описание текущих изменений в новых версиях RouterOS(+rc)
RouterBOOT changelog (изменения в boot-версиях загрузчика RouterOS)
RouterOS ChangeLog
What’s new in 6.28 (2015-Apr-15 15:18):
*) email – increase server greeting timeout to 60s;
*) lte – ZTE MF823 may loose configuration;
*) userman – update paypal root certificate;
*) timezone – updated timezone information to 2015b release;
*) cm2 – fixed capsman v2 100% CPU and other stability improvements;
*) route – using ldp could cause connected routes with
invalid interface nexthop;
*) added support for SiS 190/191 PCI Ethernet adapter;
*) made metarouter work on boards with 802.11ac support or usb LTE;
*) sstp server – allow ADH only when no certificate set;
*) make fat32 disk formatting support disks bigger than 134GiB;
*) fixed tunnels – could crash when clamp-tcp-mss was enabled;
*) added basic counters for ipv4/bridge fast path, also show status wether fast
path is active at all;
*) trafflow: – fixed crash on disable;
*) pppoe over eoip – fixed crash with large packets;
*) tilegx – fixed memory leak when queue settings are changed;
*) ar9888 – fixed crash when hw reports invalid rate;
*) console – fixed “in” operator in console;
*) console – make “/system package update print” work again.
*) tile – rare situation when CCR devices failed to auto-negotiate ethernet link (introduced in v6.25);
*) dhcpv4 client – it is now possible to unset default clientid and hostname options
*) initial RoMon (Router Management Overlay Network) support added.
What’s new in 6.27 (2015-Feb-11 13:24):
*) console – added ‘comment’ parameter for ‘/system script’
*) api – return sentences can have property “.section” that groups values
from commands such as “monitor”, “traceroute”,
“print” (with non-zero ‘interval’ value);
*) cloud – add time zone detection feature “/system clock time-zone-autodetect”;
*) cloud – rename “/ip cloud enabled” to “/ip cloud ddns-enabled”;
*) cloud – make “/ip cloud update-time” independent from “/ip cloud ddns-enabled”
*) cloud – when setting “/ip cloud ddns-enabled” to “no” router will send
message to server to disable DNS name for this routerboard;
*) cloud – “/ip cloud force-update” command now will work also when
“/ip cloud ddns-enabled = no”. usefull if user wants to disable DDNS;
*) RB4xxGL – improved ethernet throughput (less dropped packets);
*) RouterBOARD – fixed health reporting;
*) check-installation: fixed wrong kernel crc on powerpc boards
*) watchdog: fix software watchdog for x86
*) ssh – check conn state before sending disconnect message;
*) ipsec – fixed crash that happened in specific situation;
What’s new in 6.26 (2015-Feb-03 15:18):
*) ssh – fixed ssh related crashes;
*) ovpn – allow to add VLANs to ovpn server bindings;
*) sstp – added pfs option which enables DHE;
*) pppoe client – increased timeout when searching for servers;
*) sstp – fixed problem were Windows 8 clients couldn’t connect;
*) console – fixed some missing export entries;
*) smb – improved stability, fixed some crashes and problems causing disconnects;
*) api – fixed /system check-installation;
*) cerm – fix scep client ca caps parsing;
*) RouterBOARD – included new RouterBOOT 3.22 to enable protected-routerboot setting (see wiki);
*) webfig – fixed various design skin issues;
*) NTP client – accepts ipv6 as a server address;
*) CCR improvements in link detection for SFP/SFP+ and auto-negotiation for SFP interfaces;
*) known issue – /system check-installation incorrectly reports error on PPC;
What’s new in 6.25 (2015-Jan-19 10:11):
*) certificates – fix SCEP RA operation and SCEP client when operating with RA;
*) ppp – report authentication failure cause like in v6.6;
*) ovpn server – added support for address lists;
*) improved boot times;
*) api – fixed missing return values of some commands;
*) ntp – fixed vulnerabilities;
*) mpls/vpls have improved per core balancing on CCRs;
*) fixed queue tree no-mark matching (was broken since 6.24);
*) fixed nested simple queues (was broken since 6.24);
*) fixed occasional crash when ipv6 was used;
*) fixed route cache overflow (ipv4/ipv6 stops working) if ipsec is used;
*) fixed Omnitik upgrade from v5 where wireless config was not correctly saved
*) fixed Webfig Design Skin where some skin changes were not saved
*) WPS support added to CM2 wireless package
What’s new in 6.24 (2014-Dec-23 13:38):
*) ntp – fixed vulnerabilities;
*) web proxy – fix problem when dscp was not set when ipv6 was enabled;
*) fixed problem where some of ethernet cards do not work on x86;
*) improved CCR ethernet driver (less dropped packets);
*) improved queue tree parent=global performance (especially on SMP systems and CCRs);
*) eoip/eoipv6/gre/gre6/ipip/ipipv6/6to4 tunnels have improved per core balancing on CCRs;
*) fixed tx for 6to4 tunnels with unspecified dst address;
*) fixed vrrp – could sometimes not work properly because of advertising bad set of ip addresses;
What’s new in 6.23.1 (2014-Dec-08 11:43):
*) fixed problem where some of ethernet cards do not work on x86;
What’s new in 6.23 (2014-Dec-04 14:46):
*) pptp – fixed problem where tunnel stopped transmitting packets under heavy load;
*) web proxy – caching in RAM for boards with 32MB or less RAM will not cache any content;
*) leds – removed ‘led’ command and added support for ‘on’, ‘off’ types under ‘system leds';
*) files – allow to move files between different disks in winbox;
*) dhcpv4 server – fix adding address lists from radius;
*) dhcpv4 server – make radius classless static route tag as dhcp vendor specific;
*) smb – fixed HDD used/free space reporting
*) made powerpc metarouters work again (were broken in v6.22);
*) disks – fixed fat32 formatting where some bogus files with strange names were created
(to delete existing files reformatting is needed);
*) disks – fixed problem where some of USB disks were not recognized;
*) fetch – allow checking certificate trust without crl checking;
*) userman – fix more web session problems when user uses
customer and administrator interfaces at the same time;
*) snmp – fix external storage info reporting;
*) snmp – fix bulk walk problem introduced in v6.20;
*) fix tunnels – keep keepalive disabled for existing tunnels when upgrading;
*) fix tunnels – mtu for eoip tunnels was not allowed
to be set less than 1280 since 6.20;
*) using routing-marks could lead to tunnel loop detection to turn off tunnels;
What’s new in 6.22 (2014-Nov-11 14:46):
*) ovpn – added support for null crypto;
*) files – allow to remove empty disk folders;
*) sntp – fix problems with dns name resolving failures that were triggering
system watchdog timeout;
*) eoip/eoipv6/gre/gre6/ipip/ipipv6/6to4 tunnels have new features:
tunnels go down when no route to destination;
tunnels go down for 1 minute when transmit loop detected, warning gets logged;
new keepalive-retries setting;
keepalives enabled by default for new tunnels (10sec interval, 10 retries);
*) improved connection-state matcher in firewall – can match multiple states in one rule, supports negation;
*) added connection-nat-state matcher – can match connections that are srcnatted,dstnatted or both;
*) 100% CPU load caused by DNS service fixed;
*) 100% CPU load caused by unclassified services fixed;
*) 6to4 tunnel fixed;
*) new RouterBOOT firmware for Metal 2SHPn to improve wireless stability;
What’s new in 6.21.1 (2014-Nov-03 15:20):
*) fixed ugprading from v5;
What’s new in 6.21 (2014-Oct-30 12:34):
*) userman – fix ~Your session has been reset due to inactivity~ error;
*) timezone – updated timezone information to 2014i release;
*) wireless – fixed scanning tool crash for 802.11ac interfaces
*) wireless – fixed Nv2 kernel panic on 802.11ac interfaces
*) quickset – added vpn configuration to Wifi AP %26 Ethernet modes as well;
*) lte – changed device identification for devices which regenerate MAC address,
most likely this will loose device’s configuration;
*) sstp – fixed disconnects on high traffic load;
*) ovpn client – fixed problem where ip address was not added to bridge interface in ethernet mode;
*) webfig – show properly Switch Port configuration;
*) disks – fixed support for MMC/SD cards;
*) winbox – added filtering by dscp to torch;
*) certificate – fix CRL handling in trust chain;
*) fixed 6to4 tunnels having inactive routes;
*) ipsec – fix downgrade problem to v5;
*) ipsec – disallow template-policy-group=none in peer config and set it to ‘default';
*) metarouter – some metaroutes didn’t have their licenses;
*) torch – possibility to filter by dscp;
*) fixed – master port on AR8327 switches that is put into bridge could sometimes not work properly;
*) fixed queues – could have huge latencies and smaller throughput than specified;
*) interfaces report last link up/down time and link down count;
What’s new in 6.20 (2014-Oct-01 10:06):
*) cert scep – use fingerprints for transaction ids;
*) ipsec – support fqdn as my id;
*) fetch – allow fetching files larger than 4G;
*) fetch – fixed problem where files fetched over https were trimmed in size;
*) fixed problem – it was not possible to see %26 uninstall dude package;
*) stores are replaced with folders and disks are now managed under /disk menu;
*) added support for SMSC750x USB Gigabit Ethernet on x86;
*) ups – support selftest for smart and hid UPS;
*) pppoe client – increase connection timeout to make connection establishment
possible on busy pppoe server;
*) dhcp server – change default lease time from 3 days to 10 minutes
to avoid running out of IPs;
*) ipsec – allow binding modeconf address to username;
*) eoip/eoipv6/gre/gre6/ipip/ipipv6/6to4 tunnels have new features:
auto mtu (enabled by default for new tunnels);
dscp (inherit/specific value, inherit by default for new tunnels);
clamp-tcp-mss (yes by default for new tunnels);
*) eoip/gre/ipip/6to4 tunnels have dont-fragment option (inherit/no, no by default for new tunnels);
*) bridge has auto mtu feature (enabled by default for new bridges);
*) pppoe-server has auto mtu feature (enabled by default for new pppoe servers);
What’s new in 6.19 (2014-Aug-26 14:05):
*) wireless – improvements for nv2 and 802.11ac
*) sstp – make sstp work on i386 as well;
*) ippool – improve performance when acquiring address without preference;
*) partitions – copying partitions did not work on some boards;
*) bridge – added “Auto Isolate” stp enhancement (802.1q-2011, 13.25.6)
*) ipsec – when peer config is changed kill only relevant SAs;
*) vpls – do not abort BGP connection when receiving invalid 12 byte
nexthop encoding;
*) dns-update – fix zone update;
*) dhcpv4 server – support multiple radius address lists;
*) console – added unary operator ‘any’ that evaluates to true if argument
is not null or nothing value;
*) CCR – improved performance;
*) firewall – packet defragmenting will only happen with connection tracking enabled;
*) firewall – optimized option matching order with-in a rule;
*) firewall – rules that require CONNTRACK to work will now have Invalid flag
when CONNTRACK is disabled;
*) firewall – rules that require use-ip-firewall to work will now have invalid flag
when use-ip-firewall is disabled;
*) firewall – rules that have interface with “Slave” flag specified as in-/out-interface
will now have Invalid flag;
*) firewall – rules that have interface without “Slave” flag specified as in-/out-bridge-port
will now have Invalid flag;
*) firewall – rules with Invalid flags will now be auto-commented to explain why;
*) l2tp – force l2tp to not use MPPE encryption if IPsec is used;
*) sstp – force sstp to not use MPPE encryption (it already has TLS one);
*) sstp – make it work for x86 systems
*) winbox – added dual PSU stats in health menu
*) ipv6 – Gre6 can now correctly fragment large packets
*) simple queue performance optimisation/improvement for multi-core RouterOS devices (especially CCR)
What’s new in 6.18 (2014-Aug-01 10:47):
*) sstp – report TLS encryption as well;
*) safe mode – do not allow user with less permissions to disrupt active safe mode;
*) console – print command does not try to reuse item numbers assigned by
previous invocations of ‘print’ when doing ‘print where’ or ‘print follow’,
items are numbered consecutively starting from ‘0’.
*) console – fix compact export of some partially modified
configuration values;
*) api – use the same syntax for property values as is used in ‘print detail’
output, with the exception of numbers, that are not shown with suffixes
(K/M/G/T or bitrate) and are not contracted or separated into digit groups,
and “yes”/”no” values that continue to be reported as “true”/”false”.
*) console – show internal numbers in the form returned by ‘find’ (like *9A0F)
instead of “(unknown)” when configuration refers to
deleted items. This change also applies to API.
*) ipsec – fix addition of default policy template;
*) console – values of type ‘nil’ were returning ‘nil’ as result of most
operations. Now it compares less than all values except ‘nil’
and ‘nothing’, and compares inequal to all values except ‘nil’.
This was changed to make ‘print where’ and ‘find where’ more useful.
An example. Previously the following command
/ip route print where routing-mark!=nosuch
Would not print routes that had no value for ‘routing-mark’ set, because
(nil != “nosuch”) was equal to nil. Now it evaluates to ‘true’, and this
command will also print all routes that have no ‘routing-mark’ value set.
*) l2tp – fixed problem on CCR where server responded with wrong source address;
*) console export – put qutes around item names that start with a digit;
*) sntp client – added support for dns lookup of ntp servers;
*) console – when exporting to file, use name ending in ‘.in_progress’, and
rename when export finishes;
*) bridge setups sometimes could crash on CCR devices;
*) fixed port flapping in 1G mode on sfp-sfpplus1 on CRS226;
*) fixed SXT ac model losing it’s interface if changing regulatory settings in “routerboard” menu
What’s new in 6.17 (2014-Jul-18 15:14):
*) CCR1009 – fixed crash, only affects CCR1009;
What’s new in 6.16 (2014-Jul-17 13:12):
*) 802.11ac support added in wireless-fp package for QCA9880/9882 rev2 (-BR4A) chips;
*) ip cloud now allows to set which IP to use – detected (public) or local (private);
*) l2tp, pptp, pppoe – fixed possible packet corruption when encryption was enabled;
*) ovpn – fixed ethernet mode;
*) certificates – use SHA256 for fingerprinting;
*) ipsec – fix AH proposal and problem when sometimes policy was not generated;
*) snmp – support AES encryption (rfc3826);
*) l2tp server: added option to enable IPsec automatically;
*) poe-out: added power-cycle-ping and power-cycle-interval settings;
*) gps – increased retry duration to 30 seconds;
*) time – on routerboards, current time is saved in configuration on reboot
and on clock adjustment, and is used to set initial time after reboot;
*) sntp – disabling/enabling client was causing dynamic-servers to be ignored
(bug introduced in 6.14);
*) CCR – fixed rare file system corruption when none
of configuration could be changed or some of it disappeared;
*) ipsec – allow multiple encryption algorithms per peer;
*) email – support tls only connections;
*) smb – fixed usb share issues after reboot
*) snmp – fix v3 protocol time window checks;
*) updated timezone information;
*) quickset – added VPN settings for HomeAP mode;
*) latency improvements on CCR devices;
What’s new in 6.15 (2014-Jun-12 12:25):
*) fixed upgrade from v5 – on first boot all the optional packages were disabled;
*) fixed problem where sntp server could not be specified in winbox %26 webfig;
*) metarouter – make openwrt work on ppc metarouter again;
What’s new in 6.14 (2014-Jun-06 15:34):
*) sntp – ‘mode’ now is a read-only property, it is set to broadcast if no
server ip address is specified;
*) smb – fixed some SMB1 errors;
*) wireless-fp package is now included in routeros one (disabled by default);
*) webfig – fixed quickset, it didn’t work with disabled wireless pacakge;
*) sstp – fixed problem where session was closed every 2min;
*) pptp,l2tp,pppoe – fixed problem where some of the static bindings
become dynamic interfaces;
*) eoip – lowered default MTU to avoid IP packet fragmentation;
*) eoip – added clamp-tcp-mss setting with default=yes for new tunnels to avoid
IP packet fragmentation;
*) fixed – bridge could sometimes get added without “running” flag;
*) fixed – simple queues could sometimes crash router;
*) fixed – simple queue stats freeze (empty winbox queue window);
*) ssh server – allow none cipher;
*) proxy – added ‘anonymous’ option which will skip adding X-* and Via headers;
*) dhcp server – added option use-framed-as-classless and
added support for DHCP-Classless-Static-Route RADIUS attribute;
*) quickset – fixed problem where address mode selection did not work in
bridge mode;
*) ipv6 address – fixed problem where changing advertise lost ipv6 connected route;
CAVEAT: CAPsMAN Layer3 doesn’t work if IPv6 package enabled either
on CAPsMAN or CAP device;
What’s new in 6.13 (2014-May-15 16:03):
*) console – comments are now accepted where new command can start, that is,
where ‘/’ or ‘:’ characters can be used to start new command, e.g.
/interface { # comment until the end of the line
print
}
*) backup – backups by default are encrypted now (with user password).
To use backup on older versions, you should disable encryption with dont-encrypt
flag when creating it;
*) files with ‘.sensitive.’ in the filename require ‘sensitive’
permission to manipulate;
*) lcd – reduce CPU usage when displaying static screens;
*) l2tp – fixed occasional server lockup;
*) pptp – fixed memory leak;
*) sstp – fixed crashes;
What’s new in 6.12 (2014-Apr-14 09:27):
*) l2tp – fixed “no buffer space available” problem;
*) ipsec – support IPv4 over IPv6 and vice versa;
*) pppoe – report correctly number of active links;
*) updated timezone information;
*) many fixes for CRS managed switch functionality –
particularly improved VLAN support, port isolation, defaults;
*) added trunk support for CRS switches;
*) added policing support for CRS switches;
*) www – added support for HTTP byte ranges;
*) lte – provide signal strength using snmp and make ‘info once’ work in console;
What’s new in 6.11 (2014-Mar-20 09:16):
*) ipsec – fix aes-cbc hardware acceleration on CCR with key sizes 192 and 256;
*) wireless – add auto frequency feature;
*) ovpn – fixed TLS renegotiation;
*) ovpn – make bridge mode work with big packets (do not leave extraneous padding);
*) ovpn – fixed require-client-certifcate;
*) ppp – revert RADIUS NAS-Port behaviour, report tunnel interface id;
*) ppp – mppe encryption together with mrru locked the router;
*) dhcp – added support for DHCP option 138 – list of CAPWAP IPv4 servers;
*) quickset – added Guest Network setup to Home AP mode;
*) console – no longer required to supply value of ‘/routing bgp instance vrf’
property ‘instance’ for ‘add’ command;
*) ethernet – added option to enable rx/tx flow control
(will be disabled by default);
*) ethernet – added ability to specify advertised modes for copper ports;
*) fixed 100% cpu usage on CCRs;
*) ssl – not finding CRL in local store for any certificate in trust chain will cause connection to fail;
*) lte – support for Huawei ME609 and ME909u-521;
What’s new in 6.10 (2014-Feb-12 13:46):
*) fix autosupout.rif generation after kernel panic;
*) ovpn – make it work again;
*) ovpn client – remove cipher=any %26 auth=any options,
protocol does not support them;
*) pptp – fixed where Windows %26 MacOS clients were disconnecting all the time;
*) sstp – make it work with Windows client with AES encryption;
*) ipv6 pool – fix dynamic prefix disappearing which may influence large
VPNs with IPv6;
*) ssh client – fix key agreement when sometimes wrong DH algorithm was selected;
*) bgp – multipath eBGP now does not propagate BGP nexthop unless
forced in configuration;
*) removed 10/100 half duplex from autonegotiation advertisement on CCR;
What’s new in 6.9 (2014-Jan-31 11:18):
*) lcd – added option to change the color-scheme;
*) updated bootloader firmware;
*) ppp: fixed RADIUS accounting;
*) ppp: fixed IPV6-Prefix assigning;
*) ppp: fixed dial-on-demand;
What’s new in 6.8 (2014-Jan-29 15:52):
*) bridge – default protocol-mode changed to RSTP for new bridges,
fixed bridge mac address changing when port (with lowest mac address) goes down
*) userman – improve startup time;
*) sstp client – support server name verification from certificate;
*) wireless – improved 11n and nv2 stability;
*) dhcp client – support interfaces in bridge;
*) dhcp – parse decimal strings and IP addreses in options value;
*) bgp – don’t show community ‘internet’ in BGP advertisements;
*) ipsec – enable hardware acceleration for aes-cbc + md5|sha1|sha256 aead on CCR;
*) ospf – fixed checksum calculation for OSPFv3 AS-external-LSAs;
*) default configuration – changed dhcp server lease time to 10 minutes;
*) fixed port isolation on CRSs (bug introduced in v6.6);
*) smb – added support for SMB 2.002
*) timezone information updated;
*) ppp – fixed ppp bridging (did not work since v6.6);
*) improved speed of PPP, PPPoE, PPTP %26 L2TP on multicore routers;
*) address-list – fix crash when adding two identical address list entries;
*) fixed multicast forwarding on CCRs;
*) firewall – improved address-type matcher, and added it for ipv6 aswell;
*) kernel drivers for ppp, pppoe, pptp, l2tp are now lock-less on transmit %26 receive;
*) all ppp packets (except discovery packets) now can be handled by multiple cores;
*) MPPE driver now can handle up to 256 out-of-order packets;
What’s new in 6.7 (2013-Nov-29 13:37):
*) support Android usb tethering interface;
*) ipsec – added aes-gcm icv16 encryption mode;
*) wireless – improve rate selection for nstreme protocol
*) poe – new poe controller firmware for RB750UP and OmniTIK UPA;
*) ipsec – added aes-ctr encryption mode;
*) leds – inverted modem signal trigger, now it will trigger when the signal
level rises above the treshold;
*) ipsec – added sha256 and sha512 support;
*) ipsec – proposal defaults changed to aes-128 and sha1 for both phase1 and phase2;
*) certificate – support ip, dns and email subject alternative names;
*) dhcpv4 server – added REMOTE_ID option variable for relayed packets;
*) ipsec – fix policy bypass on IPv6 gre, ipip, eoip tunnels when policy
uses protocol filter;
*) userman – fix crash on tilera;
*) fixed hairpin nat on bridge with use-ip-firewall=yes;
*) fixed vlan on bridge after reboot having 00:00:00:00:00:00 mac address;
*) address-list – allow manually adding timeoutable entries;
*) address-list – show dynamic entry timeout;
*) fixed l2mtu changing on CCRs – could cause port flapping;
*) disabling/enabling ethernet ports did not work properly on CCRs,
could cause port flapping;
*) fixed port flapping on CCR – could happen when having other than
only-hardware-queue interface queue.
Note that having other interface queue than only-hardware-queue
dramatically reduces performace, so should be avoided if possible;
What’s new in 6.6 (2013-Nov-07 13:04):
*) winbox – fixed problem where all previous session opened windows were read only;
*) certificate – no more ‘reset-certificate-cache’ and ‘decrypt’ commands,
private keys can be decrypted only on ‘import’, use ‘decrypt’
before upgrade if needed;
*) fixed arp-reply only with more than one ip address on interface;
*) fixed RB400 not to reboot by watchdog during micro-sd format;
*) web proxy – fix SPDY server push handling;
*) certificate – merged ‘/certificate ca issued’, ‘/certificate scep client’ and
‘/certificate templates’ into ‘/certificate';
*) console – :foreach command can iterate over keys and values in an array,
by specifying two counter variables, e.g.:
:foreach k,v in=[/system clock get] do={:put “$k is $v”};
*) added support for new Intel 10Gb ethernet cards (82599);
*) certificates – fixed certificate import;
*) wireless – fixed crash when dfs was enabled on pre-n wireless cards;
*) fixed port flapping on CCR;
What’s new in 6.5 (2013-Oct-16 15:32):
*) tftp – added data packet pipelining for read requests;
*) console – exported physical interface configuration uses ‘default-name’
instead of item number to match relevant interface;
*) console – report all constituent errors for parameters with multiple
alternative value types;
*) certificates – merge ‘/certificate ca’ into ‘/certificate’,
use set-ca-passphrase to maintain CA functionality;
*) lcd – backlight option is replaced with “/lcd backlight” command
*) dhcp server – added option to disable conflict-detection;
*) console – ‘:return’ does not trigger ‘on-error=’ action of ‘:do’ command;
*) route – fixed crash that could be triggered by change in nexthop
address resolution;
*) route – some imported VPNv4 routes were not using MPLS labels;
*) route – imported VPNv4 routes were not always updated or removed when
the original route changed;
*) winbox – fixed problem where all settings were read only on first open;
*) ovpn server – use only ciphers that are allowed not that client requested;
*) ssh client – fixed public key authentication;
*) ipsec – fix peer mathing with non byte aligned masks;
*) fix routerboot upgrading if RouterOS is partitioned;
*) add support for second serial port on CCR boards;
*) fix serial port baudrate selection on CCR boards;
*) ethernet interface stats that are behind switch chip
show real hw stats instead of just the traffic that goes through cpu;
What’s new in 6.4 (2013-Sep-12 13:52):
*) wireless – improved 802.11n wireless retransmission (doesn’t effect nstreme/nv2)
*) ovpn – allow to specify server via dns name;
*) winbox – fixed problem where ipv6 routes with non local link address gateway
could not be added;
*) fixed watchdog on mipsle boards;
*) traceroute – added count %26 max-hops parameters;
*) traceroute – added back use-dns parameter;
*) fixed usb Yota LTE modem hangup;
*) console – make newly added item names always immediately available;
*) graphing – make sure that interface graphs gets preserved across reboots;
What’s new in 6.3 (2013-Sep-03 12:25):
*) ssh – fixed denial of service;
*) traceroute – show mpls labels as well;
*) bug fix – sometimes some new interfaces could not be created properly any more (f.e. some pppoe clients could not connect);
*) console – added ‘/console clear-history’ command that clears command-line
history for all users, requires ‘policy’ policy;
*) sstp – limit packet queue for each device;
*) RB2011L – fixed occasional gigabit switch-chip lockup;
*) user manager – will warn on 1MB and stop before reaching minimum of 500KB disk space;
*) hotspot – do not account traffic to local hotspot pages;
*) ppp, hotspot – added ability to specify where to insert rate limiting queue,
it’s parent and type;
*) pptp, l2tp, sstp – allow to specify server via dns name;
*) dhcp – added ability to specify where to insert rate limiting queue;
*) www proxy – support ipv6 parent proxy;
*) webfig – fixed problem when opening quickset page country
was automaticly changed to etsi;
*) traceroute – added mtr like pinging;
*) fix queues – correct queue was not installed when last child removed;
*) fix simple queues – sometimes some simple queues would stop
working after configuration changes;
*) console – fixed issue with local variables having non-empty value
before first assignment;
*) console – fixed command “:global name” without second argument to not
create or change global variable “name”, only effect is to make “name”
refer to global variable.
*) console – fixed passing local variables as argument to function;
*) RB1200 – fixed crash when receiving over l2mtu size packets
on some ethernet interfaces;
What’s new in 6.2 (2013-Aug-02 10:37):
*) console – added “on-error” argument to ‘:do’ command that is executed
if command raises error;
*) hotspot – fixed chap error after failed http-chap login (broken in v6.1);
*) console – added new ‘:return’ command that interrupts execution of script
and passes argument as return value if script was called as function;
*) routerboot – fixed upgrade from RouterOS (could fail on some units);
*) userman – fixed payment gateway response notify processing;
*) console – resolved issue with ‘from-pool’ propery in ‘/ipv6 address';
*) console – array value syntax in expressions ‘{1;2;3;4}’ now can
specify values with word keys as ‘{a=1;b=2}';
*) console – added ‘verbose’ argument to ‘/import’ command that enables
line-by-line script import. By default import whole script at once
and don’t print it, as it was in version 6.0;
*) console – ‘:global’, ‘:local’ and ‘:set’ commands have new parameter ‘do’
that allows assigning block of commands to the variable;
*) console – global variables now are common to all users and are
available to all users with at least “read,write,test,policy” policy;
*) console – fixed parameter passing to scripts. Script parameters can
be accessed without declaring them with ‘:local’ and ‘:global’ commands.
For backwards compatibility global variables are first looked up in
script parametrs;
*) console – ‘$var 1 2 a=”a” b=”b”‘ syntax for passing parameters to commands
stored in a variable. Parameters are accessed as ‘$1′ ‘$2′ ‘$a’ ‘$b';
*) ipsec – fixed peer address matching;
*) ups – query smart ups capabilities before issuing any commands;
*) improved CCR responsiveness on other interfaces when one interface is under attack;
*) sms tool – added sim-pin setting;
*) dhcp server – framed routes are now also added to the server routing table;
*) dhcpv6 server – added binding-script option;
*) proxy – allow multiple src-address for ipv4 and ipv6;
*) eoip,gre tunnels could occasionally crash multicore router;
*) fixed bug – sometimes some types of interfaces would stop working;
*) ipsec sometimes could crash kernel on CCR;
*) connection tracking sometimes could crash kernel on CCR;
*) ppp,pptp,l2tp,sstp – added default-route-distance parameter;
*) scep – “/cert scep ra” merged into “/cert scep client” without saving ra config;
*) ipsec – fix phase1 autonegotiation on little endian platforms;
*) pppoe server – allow service with empty service-name to accept all pppoe clients;
*) lcd – current-screen option is replaced with “/lcd show” command
*) lcd – current-interface option is replaced with “/lcd interface display” command
*) graphing – make graphs stable on ppp %26 ovpn interfaces;
*) www, hotspot – fixed problem when www service stopped responding on high load;
*) winbox, webfig: allow to enter space in the text fields;
*) webfig – fixed configuration of VPLS %26 routing filters;
*) lcd – added option for enabling or disabling the touch screen;
*) lcd – added options for screen switching;
*) lcd – up to 10 non-physical interfaces can now be added to the lcd;
*) lcd – all interface graph screen can now be customized from /lcd interface page;
*) backup – changed default backup file name to–.backup
for file browsers to sort them properly;
*) webfig – it did not work in Opera;
*) webfig – made terminal work again;
*) winbox – added ability to fully set up traffic generator in winbox;
*) trafficgen – allow ranges for ip addrs and udp ports;
*) trafficgen – add tcp header support;
*) queue simple – fixed bug – actual queue order sometimes was wrong;
*) queue simple – queue is not invalid when at least one of target interfaces is up;
*) fixed crash when setting master-port on AR8327 switch chips;
*) fixed addresslist – dynamic entries sometimes would still
show up even afther being timed out;
*) added /ip settings allow-hw-fast-path setting to control AR8327N hardware ipv4 fast path;
*) vrrp – allow more than one vrrp on interface;
What’s new in 6.1 (2013-Jun-12 11:50):
*) pptp, l2tp – fixed crash when tunnel mru was too big and fragmented ip packet
was received;
*) hotspot – fixed problem when after upgrade hotspot html directory was empty;
*) ipv6 nd – dns dynamic-servers were not included in router advertisements;
*) winbox – fixed problem Switch menu disappeared on RB2011;
*) fixed memory amount issue on RB1100AHx2;
*) console – ‘/import’ prints each command that is executed;
*) console – ‘import’ has new argument ‘from-line’ that starts executing
commands after specified line;
*) secure api – fixed problem when wrong client ip address was reported;
*) hotspot – fixed universal client;
*) api – added support for API over TLS (SSL);
*) api – api service is now enabled by default;
*) ppp – do not show R flag for locally authenticated users;
*) vrrp – fixed ah authentication;
*) webfig – added support for RADIUS authentication (via MS-CHAPv2);
*) ipsec – for peers with full IP address specified system will
autostart ISAKMP SA negotiation;
*) trafficgen – added inject-pcap command for replaying pcap files into network;
*) dns – retry queries with tcp if truncated results received;
*) improved queue statistics updating;
*) fix 1G linking with some Cisco devices (affects RB7xx, RB9xx, RB1100, RB2011, CCR);
What’s new in 6.0 (2013-May-17 14:04):
*) ipsec – added /peer passive option which will prevent starting ISAKMP negotiation
and signifies xauth responder/initiator side;
*) RouterBOARD – default wireless config now includes password – serial number;
*) lte – support YOTA WLTUBA-107;
*) console – fixed crash when variable name was not specified for
‘:global’, ‘:local’, ‘:set’, ‘:for’ and ‘:foreach’ commands;
*) hotspot – added mac-cookie login method;
http://wiki.mikrotik.com/wiki/Manual:Hotspot_Introduction#MAC_Cookie
*) lcd – show a message when system shutdown is complete;
*) lcd – added Log screen which is accessible through the Main Menu
and shows log messages where action=echo;
*) ipsec – added pre-shared-key-xauth and rsa-signature-hybrid
authentication methods;
*) increased max l2mtu on CCR to 10226 bytes;
*) fixed crash on RB1200;
*) fixed bonding – did not work after remove, undo;
*) fixed queues – router could become unresponsive when configuring queues;
What’s new in 6.0rc14 (2013-Apr-24 11:52):
*) route – make connected routes inactive when interface has no link;
*) ipsec – changing or removing unused peer or proposal config won’t
flush active SAs;
*) console – add ‘without-paging’ to more ‘print’ commands;
*) route – automatically repair FIB inconsistencies;
*) ipsec mode-cfg – unity split include support;
*) ipsec policy – template matching for policy generation;
*) metarouter: fixed occasional lockups on mipsbe boards;
*) fixed crash when bridge filter rule had action=return for rule in builtin chain;
*) traffic-flow – fixed deadlock and crash on multicore;
*) fixed memory leak on CCR with PPPoE interfaces;
*) improved PPPoE interface encapsulation performance;
*) fixed queues – total amount of traffic passing through queues sometimes was
about 1Gbit;
What’s new in 6.0rc13 (2013-Apr-08 14:25):
*) pppoe, l2tp, pptp server – increased lcp retransmit count to 10;
*) pptp, l2tp %26 pppoe clients – added ability to specify keepalive timeout;
*) graphing – fixed problem were interface graphs are lost on reboot;
*) dhcpv6 – added relay;
*) sstp server – restore (disabled in rc12) test mode which allows
running server without certificate;
*) lcd – added option for turning backlight on/off;
*) bgp – fix med comparison check if routes are received from iBGP peer;
*) fixed simple queues – sometimes some simple queues did not limit traffic
(bug introduced in 6.0rc12);
*) allow to change arp timeout (in /ip settings);
*) added /ip neighbor discovery settings setting “default-for-dynamic” to control
discovery on new dynamic interfaces (off by default);
What’s new in 6.0rc12 (2013-Mar-26 17:18):
*) ospf – add use-dn option;
*) ospf – fix route-tag handling;
*) fixed layer7 matcher – it is case insensitive now;
*) remote logging – added iso8601 time format support;
*) bgp – change MED propagation logic, now discarded when sending route with
non-empty AS_PATH to an external peer;
*) fixed occasional nand corruption on CCR;
*) ipsec – added ipv4 mode-cfg support for responder;
*) ipsec – fixed some issues with removal of dynamic policies;
*) email – renamed parameter tls to start-tls for send command;
*) wireless – update required when using small width channel RB2011 RB9xx
caveat: update remote end/s before updating AP as both side are
required to use new/same version for a link
*) ipsec – generate-policy now can have port-strict value which will use port
from peer’s proposal when generating policy or port-override which
will always generate policy for any port;
*) ipsec – responder side now uses initiator exchange type for peer
config selection;
*) lcd – changed All interface stat screen (bar graphs) to show total
bandwidth usage, combine rx/tx together;
*) lcd – removed “all-interface-mode” option;
*) lcd – changed “Interfaces” screen to show interface usage
similiar to All interface stat screen;
*) lcd – improved Interfaces -> * -> Info screen, added more wireless information;
*) lcd – added Registration Table screen for wireless interfaces under
Interfaces -> ‘wireless interface’ -> Registration Table;
*) fixed occasional kernel crashes on CCR;
*) fixed other than only-hardware-queue interface queues on CCR;
*) lte – devices with vendor/product id pair 0x0f3d/0x68AA now
uses directip inferface;
*) dhcp client v4 – option add-default-route now supports special-classless value;
*) significantly increased simple queue performance on multi core systems
(up to 9x on CCR1036 with at least 32 top level simple queues);
*) ip arp – new property published;
*) web proxy – added new option max-cache-object-size,
upper limit of max-client-connections and max-server-connections
is now calculated from system RAM;
*) ospf – fixed inconsistency in external ECMP route calculation;
*) certificates – CA keys are no more cached, every CA operations
now requires a valid CA passphrase.
use set-ca-passphrase for scep server to cache CA key in encrypted form;
*) ppp – made MPPE encryption work on tilera (bug introduced in 6.0rc10);
*) tool fetch – https support with optional certificate verification;
*) sstp server – removed test mode which allowed running server without certificate;
*) trafficgen – add support for ipv6 header;
*) wireless – added support for small channels on SXT lite;
What’s new in 6.0rc11 (2013-Feb-22 09:17):
*) ppp – made MPPE encryption work on tilera (bug introduced in 6.0rc10);
*) sstp server – added option to force AES encryption;
*) fixed router crash on heavy traffic with sierra lte
modem on boards with 32MB RAM;
What’s new in 6.0rc10 (2013-Feb-15 10:47):
*) ppp – added bridge-path-cost %26 bridge-port-priority to ppp profiles;
*) ppp – made RSTP work over ppp links as well;
*) ppp – added last-logged-out to ppp secrets;
*) ppp – made MRRU work propererly on CCR;
*) hotspot, ppp – support multiple address-lists;
*) fixed problem – could not format disks larger than 2Gb on CCR;
*) fixed problem – repartitioning flash second time made system unbootable;
*) fixed problem – partition fall back settings got corrupted;
*) fixed problem – package made for other architectures could be installed,
making whole system non functioning;
*) sstp, ipsec – respect CRLs;
*) certificates – for certificates marked as trusted=yes,
CRL will be automaticly updated once in hour from http sources;
*) fixed ppp family interfaces – show it’s status (bug introduced in rc8);
*) fixed p2p, connection-bytes firewall matcher;
*) fixed ip firewall nat action=same;
What’s new in 6.0rc9 (2013-Feb-08 08:15):
*) ospf – fixed Summary-LSA prefix length check for OSPFv3, was not
accepting valid LSAs;
*) certificates – fix broken certificate handling
(bug introduced in rc8) in all related programs;
*) fixed – bgp tcp-md5-key crash on CCR;
*) fixed interfaces list sometimes showing up empty;
*) fixed – ip addrs could be inactive for some types of interfaces
which are added as bridge ports and disabled;
What’s new in 6.0rc8 (2013-Feb-04 13:25):
*) ppp,pppoe,pptp,l2tp,sstp – only 2 change mss mangle rules are
created for all ppp interfaces;
*) wireless – fixed AES encryption speed issues (upgrade suggested);
*) dhcpv6 server – handle info requests;
*) webfig – compressed all html resource files, speeds up opening of webfig page;
*) console – reduced width of address column in ‘/user print';
*) simple queues requires target arg to be specified when adding;
*) do not count packets for unknown protocols as rx_dropped;
*) snmp – provide POE info;
*) improved cpu usage reporting on CCR boards;
*) improved interface reading performance;
*) changed CLI interface order – first are ethernets,
second wireless, third everything else.
Within group interfaces are ordered by name;
*) interfaces are deleted much faster, could be bottleneck on
systems with many ppp sessions;
*) pptp,l2tp,6to4 tunnel encapsulation/decapsulation now resets packet marks to
have consistent behavior across tunnels;
*) fix simple queue interface matching when doing encapsulation in some tunnel,
could result in double accounted packets;
*) ip/ipv6 firewall has all-ether,all-wireless,all-vlan,all-ppp interface matchers
*) queue limits could be inaccurate for large limits (100M or more);
What’s new in 6.0rc7 (2013-Jan-18 13:04):
*) dhcp relay – possibility to add relay agent information option;
*) lcd – options current-interface, time-interval and all-interface-mode
no longer get reset after reboot;
*) fix reboot in virtualized enviroment;
*) lcd – improve slideshow screen;
*) console – file print now shows file size as small number with suffix;
*) dhcp v4 – fix problem when sometimes client or server failed to send packets
most likely it happened on vlan interfaces;
*) ipv6 – added setting to disable forwarding;
*) added “/ip neighbor discovery settings” menu with “default=yes/no” setting;
What’s new in 6.0rc6 (2012-Dec-21 12:20):
*) fixed problem – netinstall for x86 did not work;
*) lcd – added take-screenshot command;
*) lcd – fixed calibration, fresh boards no longer require recalibration;
*) optimize memory usage – makes 32Mb routerboards more stable;
*) support BandRich modems with newer firmware;
*) ipsec – authentication using certificate store but without CRL checking for now;
*) added feature – flash can be partitioned on routerboards and
separate versions can be installed on each of them (requires latest firmware);
*) fixed problem – after restoring backup, it gets restored again on every reboot;
*) improved router performance when dhcp client/server present in system;
*) fixed vlan on bond after reboot;
*) fixed occasional queue kernel crash;
What’s new in 6.0rc5 (2012-Dec-05 15:22):
*) wireless – advanced rate selection is the only method supported;
*) ssh client – support keyboard-interactive authentication;
*) fix simple queue config upgrade;
What’s new in 6.0rc4 (2012-Nov-28 17:16):
*) dhcp server – added two radius string options (24, 25)
for use in custom dhcp options;
*) fixed problem – ppp dial-on-demand did not work, it allways dialed in;
*) fixed problem – password was not saved when adding new user;
*) added feature – show last-logged-in in users list;
*) snmp – fix interface table;
*) dhcp ipv6 – added comment fields;
*) dhcp client ipv6 – add/remove default route or ntp server
without renew when settings change;
*) ppp clients – set up dns dynamic-servers instead of static ones;
*) fixed problem – Connect button did not work in wireless scanner;
*) dhcp server – added radius framed route support;
*) fixed problem – MetaROUTERs did not work
on PowerPC boards (RB800, RB1000, RB1100);
*) fixed problem – check-for-updates stopped working if it didn’t find new updates
previously;
*) dhcp ipv6 – added dns option support;
*) gre – support all protocol encapsulation, not just ip and ipv6;
What’s new in 6.0rc3 (2012-Nov-09 12:59):
*) fixed problem – MetaROUTERs did not work on RB2011s;
*) fixed problem – Realtek 1Gbit ethernet cards did not work;
*) added “/ip settings” menu with following settings:
ip-forward, send-redirects, accept-source-route, accept-redirects,
secure-redirects, rp-filter, tcp-syncookies;
*) fix some ipv6 firewall matchers;
*) improved performance for eoip,eoipv6,gre,gre6 tunnels, especially on multi core;
*) /queue tree entries with parent=global are performed
separately from /queue simple and before /queue simple;
*) snmp – fixed missing OIDs;
What’s new in 6.0rc2 (2012-Oct-24 11:27):
*) added generic fast path support on certain interfaces
(all ethernets on RB3xx, RB6xx, RB7xx, RB8xx, RB9xx, RB1000, RB11xx, RB2011);
*) added ipv4 fast path, it doubles ipv4 forwarding performance
on supported interfaces when no firewall, conntrack, queues.
*) added traffic generator fast path;
*) addedbridge fast path;
More info on fast path: http://wiki.mikrotik.com/wiki/Manual:Fast_Path
What’s new in 6.0rc1 (2012-Sep-26 14:56):
*) i386 – increased number of supported cores to 64;
*) userman – fix unpaid profile activation while authenticating;
*) dhcp client – custom options;
*) dhcp options – allow mixing different data types;
*) console – “export compact” now is the default, use “export verbose” to get
previous behaviour;
*) ntp – make it work again;
*) tftpd – if real-file is a existing directory then prefix request with it;
*) RB333 ethernets are back;
*) dns – rotate servers only on failure;
*) fix M3P (/ip packing);
What’s new in 6.0beta3 (2012-Aug-22 12:12):
*) installation – use much less space in storage (works well with 32MiB flash);
*) routerboard package is now merged with system package;
*) userman – use corresponding time zone data when showing date in console;
*) gps – init-string option;
*) ipsec – kill phase1 if ipsec-sa in responder expires due to system time change;
*) ipsec – rekey phase1 before expiration;
*) ipsec – when last ISAKMP-SA is deleted for the remote host
remove related IPSec-SAs;
*) ipsec – send delete IPSec-SAs on shutdown/reboot;
*) user manager – fix user’s active profile end time if it has unlimited validity,
these users now won’t be hidden from reports when date filters are in effect;
*) certificate validity is shown using local timezone offset;
*) fixed queue bit rate reporting;
*) fixed ipv6 firewall;
*) upgraded drivers and kernel (to linux-3.3.5);
*) added priority matcher to firewall;
*) added change-dscp from-priority and from-priority-to-high-3-bits options;
*) fixed router crash or hang when rebooting;
*) add snif-tzsp,snif-pc actions to ip/ipv6 firewall mangle;
*) traffic-generator improvements for multi core;
What’s new in 6.0beta2 (2012-Apr-24 10:57):
*) “/ip address set” and “/ipv6 address set” commands did not work properly;
*) fix eoipv6 tunnels, tunnel-ids in packets were shuffled;
*) fix dynamic simple queues;
*) fix /ipv6 firewall connection-state matcher, was crashing router;
*) fix traffic generator, was crashing router when generating traffic
on bonding interface;
*) fix wds interfaces;
*) downgrading to v5 was losing wireless interface configuration;
*) fix queue byte and rate statistics;
*) fix ethernet port order on all boards;
What’s new in 6.0beta1 (2012-Apr-13 15:26):
*) updated drivers and kernel (to linux-2.6.38.2);
*) improved interface management
(scales well for up to thousands of interfaces and more);
*) improved queue management (/queue simple and /queue tree) – easily handles tens
of thousands of queues;
*) improved overall router performance when simple queues are used –
at least double the performance of v5,
even bigger improvements on multicore systems;
*) very small overhead for packets that miss simple queues,
but simple queues are present in the system;
*) pcq queue is NAT aware (just like “/queue simple” and “/ip traffic-flow”;
*) in “/ip firewall mangle” can specify “new-priority=from-dscp-high-3-bits”;
*) new default queue types: pcq-download-default and pcq-upload-default;
*) simple queues have separate priority setting for download/upload/total;
*) slave flag shows up for interfaces that are in bridge,bonding or switch group;
*) global-in, global-out, global-total parent in /queue tree is
replaced with global that is equivalent to global-total in v5;
*) simple queues happen in different place – at the very end of
postrouting and local-in chains;
*) simple queues target-addresses and interface parameters are joined into one
target parameter, now supports multiple interfaces match for one queue;
*) simple queues dst-address parameter is changed to dst and now supports
destination interface matching;
*) dns cache logs requests to topics “dns” and “packet”;
RouterBOOT changelog (изменения в boot-версиях загрузчика RouterOS)
RouterOS ChangeLog
What’s new in 6.28 (2015-Apr-15 15:18):
*) email – increase server greeting timeout to 60s;
*) lte – ZTE MF823 may loose configuration;
*) userman – update paypal root certificate;
*) timezone – updated timezone information to 2015b release;
*) cm2 – fixed capsman v2 100% CPU and other stability improvements;
*) route – using ldp could cause connected routes with
invalid interface nexthop;
*) added support for SiS 190/191 PCI Ethernet adapter;
*) made metarouter work on boards with 802.11ac support or usb LTE;
*) sstp server – allow ADH only when no certificate set;
*) make fat32 disk formatting support disks bigger than 134GiB;
*) fixed tunnels – could crash when clamp-tcp-mss was enabled;
*) added basic counters for ipv4/bridge fast path, also show status wether fast
path is active at all;
*) trafflow: – fixed crash on disable;
*) pppoe over eoip – fixed crash with large packets;
*) tilegx – fixed memory leak when queue settings are changed;
*) ar9888 – fixed crash when hw reports invalid rate;
*) console – fixed “in” operator in console;
*) console – make “/system package update print” work again.
*) tile – rare situation when CCR devices failed to auto-negotiate ethernet link (introduced in v6.25);
*) dhcpv4 client – it is now possible to unset default clientid and hostname options
*) initial RoMon (Router Management Overlay Network) support added.
What’s new in 6.27 (2015-Feb-11 13:24):
*) console – added ‘comment’ parameter for ‘/system script’
*) api – return sentences can have property “.section” that groups values
from commands such as “monitor”, “traceroute”,
“print” (with non-zero ‘interval’ value);
*) cloud – add time zone detection feature “/system clock time-zone-autodetect”;
*) cloud – rename “/ip cloud enabled” to “/ip cloud ddns-enabled”;
*) cloud – make “/ip cloud update-time” independent from “/ip cloud ddns-enabled”
*) cloud – when setting “/ip cloud ddns-enabled” to “no” router will send
message to server to disable DNS name for this routerboard;
*) cloud – “/ip cloud force-update” command now will work also when
“/ip cloud ddns-enabled = no”. usefull if user wants to disable DDNS;
*) RB4xxGL – improved ethernet throughput (less dropped packets);
*) RouterBOARD – fixed health reporting;
*) check-installation: fixed wrong kernel crc on powerpc boards
*) watchdog: fix software watchdog for x86
*) ssh – check conn state before sending disconnect message;
*) ipsec – fixed crash that happened in specific situation;
What’s new in 6.26 (2015-Feb-03 15:18):
*) ssh – fixed ssh related crashes;
*) ovpn – allow to add VLANs to ovpn server bindings;
*) sstp – added pfs option which enables DHE;
*) pppoe client – increased timeout when searching for servers;
*) sstp – fixed problem were Windows 8 clients couldn’t connect;
*) console – fixed some missing export entries;
*) smb – improved stability, fixed some crashes and problems causing disconnects;
*) api – fixed /system check-installation;
*) cerm – fix scep client ca caps parsing;
*) RouterBOARD – included new RouterBOOT 3.22 to enable protected-routerboot setting (see wiki);
*) webfig – fixed various design skin issues;
*) NTP client – accepts ipv6 as a server address;
*) CCR improvements in link detection for SFP/SFP+ and auto-negotiation for SFP interfaces;
*) known issue – /system check-installation incorrectly reports error on PPC;
What’s new in 6.25 (2015-Jan-19 10:11):
*) certificates – fix SCEP RA operation and SCEP client when operating with RA;
*) ppp – report authentication failure cause like in v6.6;
*) ovpn server – added support for address lists;
*) improved boot times;
*) api – fixed missing return values of some commands;
*) ntp – fixed vulnerabilities;
*) mpls/vpls have improved per core balancing on CCRs;
*) fixed queue tree no-mark matching (was broken since 6.24);
*) fixed nested simple queues (was broken since 6.24);
*) fixed occasional crash when ipv6 was used;
*) fixed route cache overflow (ipv4/ipv6 stops working) if ipsec is used;
*) fixed Omnitik upgrade from v5 where wireless config was not correctly saved
*) fixed Webfig Design Skin where some skin changes were not saved
*) WPS support added to CM2 wireless package
What’s new in 6.24 (2014-Dec-23 13:38):
*) ntp – fixed vulnerabilities;
*) web proxy – fix problem when dscp was not set when ipv6 was enabled;
*) fixed problem where some of ethernet cards do not work on x86;
*) improved CCR ethernet driver (less dropped packets);
*) improved queue tree parent=global performance (especially on SMP systems and CCRs);
*) eoip/eoipv6/gre/gre6/ipip/ipipv6/6to4 tunnels have improved per core balancing on CCRs;
*) fixed tx for 6to4 tunnels with unspecified dst address;
*) fixed vrrp – could sometimes not work properly because of advertising bad set of ip addresses;
What’s new in 6.23.1 (2014-Dec-08 11:43):
*) fixed problem where some of ethernet cards do not work on x86;
What’s new in 6.23 (2014-Dec-04 14:46):
*) pptp – fixed problem where tunnel stopped transmitting packets under heavy load;
*) web proxy – caching in RAM for boards with 32MB or less RAM will not cache any content;
*) leds – removed ‘led’ command and added support for ‘on’, ‘off’ types under ‘system leds';
*) files – allow to move files between different disks in winbox;
*) dhcpv4 server – fix adding address lists from radius;
*) dhcpv4 server – make radius classless static route tag as dhcp vendor specific;
*) smb – fixed HDD used/free space reporting
*) made powerpc metarouters work again (were broken in v6.22);
*) disks – fixed fat32 formatting where some bogus files with strange names were created
(to delete existing files reformatting is needed);
*) disks – fixed problem where some of USB disks were not recognized;
*) fetch – allow checking certificate trust without crl checking;
*) userman – fix more web session problems when user uses
customer and administrator interfaces at the same time;
*) snmp – fix external storage info reporting;
*) snmp – fix bulk walk problem introduced in v6.20;
*) fix tunnels – keep keepalive disabled for existing tunnels when upgrading;
*) fix tunnels – mtu for eoip tunnels was not allowed
to be set less than 1280 since 6.20;
*) using routing-marks could lead to tunnel loop detection to turn off tunnels;
What’s new in 6.22 (2014-Nov-11 14:46):
*) ovpn – added support for null crypto;
*) files – allow to remove empty disk folders;
*) sntp – fix problems with dns name resolving failures that were triggering
system watchdog timeout;
*) eoip/eoipv6/gre/gre6/ipip/ipipv6/6to4 tunnels have new features:
tunnels go down when no route to destination;
tunnels go down for 1 minute when transmit loop detected, warning gets logged;
new keepalive-retries setting;
keepalives enabled by default for new tunnels (10sec interval, 10 retries);
*) improved connection-state matcher in firewall – can match multiple states in one rule, supports negation;
*) added connection-nat-state matcher – can match connections that are srcnatted,dstnatted or both;
*) 100% CPU load caused by DNS service fixed;
*) 100% CPU load caused by unclassified services fixed;
*) 6to4 tunnel fixed;
*) new RouterBOOT firmware for Metal 2SHPn to improve wireless stability;
What’s new in 6.21.1 (2014-Nov-03 15:20):
*) fixed ugprading from v5;
What’s new in 6.21 (2014-Oct-30 12:34):
*) userman – fix ~Your session has been reset due to inactivity~ error;
*) timezone – updated timezone information to 2014i release;
*) wireless – fixed scanning tool crash for 802.11ac interfaces
*) wireless – fixed Nv2 kernel panic on 802.11ac interfaces
*) quickset – added vpn configuration to Wifi AP %26 Ethernet modes as well;
*) lte – changed device identification for devices which regenerate MAC address,
most likely this will loose device’s configuration;
*) sstp – fixed disconnects on high traffic load;
*) ovpn client – fixed problem where ip address was not added to bridge interface in ethernet mode;
*) webfig – show properly Switch Port configuration;
*) disks – fixed support for MMC/SD cards;
*) winbox – added filtering by dscp to torch;
*) certificate – fix CRL handling in trust chain;
*) fixed 6to4 tunnels having inactive routes;
*) ipsec – fix downgrade problem to v5;
*) ipsec – disallow template-policy-group=none in peer config and set it to ‘default';
*) metarouter – some metaroutes didn’t have their licenses;
*) torch – possibility to filter by dscp;
*) fixed – master port on AR8327 switches that is put into bridge could sometimes not work properly;
*) fixed queues – could have huge latencies and smaller throughput than specified;
*) interfaces report last link up/down time and link down count;
What’s new in 6.20 (2014-Oct-01 10:06):
*) cert scep – use fingerprints for transaction ids;
*) ipsec – support fqdn as my id;
*) fetch – allow fetching files larger than 4G;
*) fetch – fixed problem where files fetched over https were trimmed in size;
*) fixed problem – it was not possible to see %26 uninstall dude package;
*) stores are replaced with folders and disks are now managed under /disk menu;
*) added support for SMSC750x USB Gigabit Ethernet on x86;
*) ups – support selftest for smart and hid UPS;
*) pppoe client – increase connection timeout to make connection establishment
possible on busy pppoe server;
*) dhcp server – change default lease time from 3 days to 10 minutes
to avoid running out of IPs;
*) ipsec – allow binding modeconf address to username;
*) eoip/eoipv6/gre/gre6/ipip/ipipv6/6to4 tunnels have new features:
auto mtu (enabled by default for new tunnels);
dscp (inherit/specific value, inherit by default for new tunnels);
clamp-tcp-mss (yes by default for new tunnels);
*) eoip/gre/ipip/6to4 tunnels have dont-fragment option (inherit/no, no by default for new tunnels);
*) bridge has auto mtu feature (enabled by default for new bridges);
*) pppoe-server has auto mtu feature (enabled by default for new pppoe servers);
What’s new in 6.19 (2014-Aug-26 14:05):
*) wireless – improvements for nv2 and 802.11ac
*) sstp – make sstp work on i386 as well;
*) ippool – improve performance when acquiring address without preference;
*) partitions – copying partitions did not work on some boards;
*) bridge – added “Auto Isolate” stp enhancement (802.1q-2011, 13.25.6)
*) ipsec – when peer config is changed kill only relevant SAs;
*) vpls – do not abort BGP connection when receiving invalid 12 byte
nexthop encoding;
*) dns-update – fix zone update;
*) dhcpv4 server – support multiple radius address lists;
*) console – added unary operator ‘any’ that evaluates to true if argument
is not null or nothing value;
*) CCR – improved performance;
*) firewall – packet defragmenting will only happen with connection tracking enabled;
*) firewall – optimized option matching order with-in a rule;
*) firewall – rules that require CONNTRACK to work will now have Invalid flag
when CONNTRACK is disabled;
*) firewall – rules that require use-ip-firewall to work will now have invalid flag
when use-ip-firewall is disabled;
*) firewall – rules that have interface with “Slave” flag specified as in-/out-interface
will now have Invalid flag;
*) firewall – rules that have interface without “Slave” flag specified as in-/out-bridge-port
will now have Invalid flag;
*) firewall – rules with Invalid flags will now be auto-commented to explain why;
*) l2tp – force l2tp to not use MPPE encryption if IPsec is used;
*) sstp – force sstp to not use MPPE encryption (it already has TLS one);
*) sstp – make it work for x86 systems
*) winbox – added dual PSU stats in health menu
*) ipv6 – Gre6 can now correctly fragment large packets
*) simple queue performance optimisation/improvement for multi-core RouterOS devices (especially CCR)
What’s new in 6.18 (2014-Aug-01 10:47):
*) sstp – report TLS encryption as well;
*) safe mode – do not allow user with less permissions to disrupt active safe mode;
*) console – print command does not try to reuse item numbers assigned by
previous invocations of ‘print’ when doing ‘print where’ or ‘print follow’,
items are numbered consecutively starting from ‘0’.
*) console – fix compact export of some partially modified
configuration values;
*) api – use the same syntax for property values as is used in ‘print detail’
output, with the exception of numbers, that are not shown with suffixes
(K/M/G/T or bitrate) and are not contracted or separated into digit groups,
and “yes”/”no” values that continue to be reported as “true”/”false”.
*) console – show internal numbers in the form returned by ‘find’ (like *9A0F)
instead of “(unknown)” when configuration refers to
deleted items. This change also applies to API.
*) ipsec – fix addition of default policy template;
*) console – values of type ‘nil’ were returning ‘nil’ as result of most
operations. Now it compares less than all values except ‘nil’
and ‘nothing’, and compares inequal to all values except ‘nil’.
This was changed to make ‘print where’ and ‘find where’ more useful.
An example. Previously the following command
/ip route print where routing-mark!=nosuch
Would not print routes that had no value for ‘routing-mark’ set, because
(nil != “nosuch”) was equal to nil. Now it evaluates to ‘true’, and this
command will also print all routes that have no ‘routing-mark’ value set.
*) l2tp – fixed problem on CCR where server responded with wrong source address;
*) console export – put qutes around item names that start with a digit;
*) sntp client – added support for dns lookup of ntp servers;
*) console – when exporting to file, use name ending in ‘.in_progress’, and
rename when export finishes;
*) bridge setups sometimes could crash on CCR devices;
*) fixed port flapping in 1G mode on sfp-sfpplus1 on CRS226;
*) fixed SXT ac model losing it’s interface if changing regulatory settings in “routerboard” menu
What’s new in 6.17 (2014-Jul-18 15:14):
*) CCR1009 – fixed crash, only affects CCR1009;
What’s new in 6.16 (2014-Jul-17 13:12):
*) 802.11ac support added in wireless-fp package for QCA9880/9882 rev2 (-BR4A) chips;
*) ip cloud now allows to set which IP to use – detected (public) or local (private);
*) l2tp, pptp, pppoe – fixed possible packet corruption when encryption was enabled;
*) ovpn – fixed ethernet mode;
*) certificates – use SHA256 for fingerprinting;
*) ipsec – fix AH proposal and problem when sometimes policy was not generated;
*) snmp – support AES encryption (rfc3826);
*) l2tp server: added option to enable IPsec automatically;
*) poe-out: added power-cycle-ping and power-cycle-interval settings;
*) gps – increased retry duration to 30 seconds;
*) time – on routerboards, current time is saved in configuration on reboot
and on clock adjustment, and is used to set initial time after reboot;
*) sntp – disabling/enabling client was causing dynamic-servers to be ignored
(bug introduced in 6.14);
*) CCR – fixed rare file system corruption when none
of configuration could be changed or some of it disappeared;
*) ipsec – allow multiple encryption algorithms per peer;
*) email – support tls only connections;
*) smb – fixed usb share issues after reboot
*) snmp – fix v3 protocol time window checks;
*) updated timezone information;
*) quickset – added VPN settings for HomeAP mode;
*) latency improvements on CCR devices;
What’s new in 6.15 (2014-Jun-12 12:25):
*) fixed upgrade from v5 – on first boot all the optional packages were disabled;
*) fixed problem where sntp server could not be specified in winbox %26 webfig;
*) metarouter – make openwrt work on ppc metarouter again;
What’s new in 6.14 (2014-Jun-06 15:34):
*) sntp – ‘mode’ now is a read-only property, it is set to broadcast if no
server ip address is specified;
*) smb – fixed some SMB1 errors;
*) wireless-fp package is now included in routeros one (disabled by default);
*) webfig – fixed quickset, it didn’t work with disabled wireless pacakge;
*) sstp – fixed problem where session was closed every 2min;
*) pptp,l2tp,pppoe – fixed problem where some of the static bindings
become dynamic interfaces;
*) eoip – lowered default MTU to avoid IP packet fragmentation;
*) eoip – added clamp-tcp-mss setting with default=yes for new tunnels to avoid
IP packet fragmentation;
*) fixed – bridge could sometimes get added without “running” flag;
*) fixed – simple queues could sometimes crash router;
*) fixed – simple queue stats freeze (empty winbox queue window);
*) ssh server – allow none cipher;
*) proxy – added ‘anonymous’ option which will skip adding X-* and Via headers;
*) dhcp server – added option use-framed-as-classless and
added support for DHCP-Classless-Static-Route RADIUS attribute;
*) quickset – fixed problem where address mode selection did not work in
bridge mode;
*) ipv6 address – fixed problem where changing advertise lost ipv6 connected route;
CAVEAT: CAPsMAN Layer3 doesn’t work if IPv6 package enabled either
on CAPsMAN or CAP device;
What’s new in 6.13 (2014-May-15 16:03):
*) console – comments are now accepted where new command can start, that is,
where ‘/’ or ‘:’ characters can be used to start new command, e.g.
/interface { # comment until the end of the line
}
*) backup – backups by default are encrypted now (with user password).
To use backup on older versions, you should disable encryption with dont-encrypt
flag when creating it;
*) files with ‘.sensitive.’ in the filename require ‘sensitive’
permission to manipulate;
*) lcd – reduce CPU usage when displaying static screens;
*) l2tp – fixed occasional server lockup;
*) pptp – fixed memory leak;
*) sstp – fixed crashes;
What’s new in 6.12 (2014-Apr-14 09:27):
*) l2tp – fixed “no buffer space available” problem;
*) ipsec – support IPv4 over IPv6 and vice versa;
*) pppoe – report correctly number of active links;
*) updated timezone information;
*) many fixes for CRS managed switch functionality –
particularly improved VLAN support, port isolation, defaults;
*) added trunk support for CRS switches;
*) added policing support for CRS switches;
*) www – added support for HTTP byte ranges;
*) lte – provide signal strength using snmp and make ‘info once’ work in console;
What’s new in 6.11 (2014-Mar-20 09:16):
*) ipsec – fix aes-cbc hardware acceleration on CCR with key sizes 192 and 256;
*) wireless – add auto frequency feature;
*) ovpn – fixed TLS renegotiation;
*) ovpn – make bridge mode work with big packets (do not leave extraneous padding);
*) ovpn – fixed require-client-certifcate;
*) ppp – revert RADIUS NAS-Port behaviour, report tunnel interface id;
*) ppp – mppe encryption together with mrru locked the router;
*) dhcp – added support for DHCP option 138 – list of CAPWAP IPv4 servers;
*) quickset – added Guest Network setup to Home AP mode;
*) console – no longer required to supply value of ‘/routing bgp instance vrf’
property ‘instance’ for ‘add’ command;
*) ethernet – added option to enable rx/tx flow control
(will be disabled by default);
*) ethernet – added ability to specify advertised modes for copper ports;
*) fixed 100% cpu usage on CCRs;
*) ssl – not finding CRL in local store for any certificate in trust chain will cause connection to fail;
*) lte – support for Huawei ME609 and ME909u-521;
What’s new in 6.10 (2014-Feb-12 13:46):
*) fix autosupout.rif generation after kernel panic;
*) ovpn – make it work again;
*) ovpn client – remove cipher=any %26 auth=any options,
protocol does not support them;
*) pptp – fixed where Windows %26 MacOS clients were disconnecting all the time;
*) sstp – make it work with Windows client with AES encryption;
*) ipv6 pool – fix dynamic prefix disappearing which may influence large
VPNs with IPv6;
*) ssh client – fix key agreement when sometimes wrong DH algorithm was selected;
*) bgp – multipath eBGP now does not propagate BGP nexthop unless
forced in configuration;
*) removed 10/100 half duplex from autonegotiation advertisement on CCR;
What’s new in 6.9 (2014-Jan-31 11:18):
*) lcd – added option to change the color-scheme;
*) updated bootloader firmware;
*) ppp: fixed RADIUS accounting;
*) ppp: fixed IPV6-Prefix assigning;
*) ppp: fixed dial-on-demand;
What’s new in 6.8 (2014-Jan-29 15:52):
*) bridge – default protocol-mode changed to RSTP for new bridges,
fixed bridge mac address changing when port (with lowest mac address) goes down
*) userman – improve startup time;
*) sstp client – support server name verification from certificate;
*) wireless – improved 11n and nv2 stability;
*) dhcp client – support interfaces in bridge;
*) dhcp – parse decimal strings and IP addreses in options value;
*) bgp – don’t show community ‘internet’ in BGP advertisements;
*) ipsec – enable hardware acceleration for aes-cbc + md5|sha1|sha256 aead on CCR;
*) ospf – fixed checksum calculation for OSPFv3 AS-external-LSAs;
*) default configuration – changed dhcp server lease time to 10 minutes;
*) fixed port isolation on CRSs (bug introduced in v6.6);
*) smb – added support for SMB 2.002
*) timezone information updated;
*) ppp – fixed ppp bridging (did not work since v6.6);
*) improved speed of PPP, PPPoE, PPTP %26 L2TP on multicore routers;
*) address-list – fix crash when adding two identical address list entries;
*) fixed multicast forwarding on CCRs;
*) firewall – improved address-type matcher, and added it for ipv6 aswell;
*) kernel drivers for ppp, pppoe, pptp, l2tp are now lock-less on transmit %26 receive;
*) all ppp packets (except discovery packets) now can be handled by multiple cores;
*) MPPE driver now can handle up to 256 out-of-order packets;
What’s new in 6.7 (2013-Nov-29 13:37):
*) support Android usb tethering interface;
*) ipsec – added aes-gcm icv16 encryption mode;
*) wireless – improve rate selection for nstreme protocol
*) poe – new poe controller firmware for RB750UP and OmniTIK UPA;
*) ipsec – added aes-ctr encryption mode;
*) leds – inverted modem signal trigger, now it will trigger when the signal
level rises above the treshold;
*) ipsec – added sha256 and sha512 support;
*) ipsec – proposal defaults changed to aes-128 and sha1 for both phase1 and phase2;
*) certificate – support ip, dns and email subject alternative names;
*) dhcpv4 server – added REMOTE_ID option variable for relayed packets;
*) ipsec – fix policy bypass on IPv6 gre, ipip, eoip tunnels when policy
uses protocol filter;
*) userman – fix crash on tilera;
*) fixed hairpin nat on bridge with use-ip-firewall=yes;
*) fixed vlan on bridge after reboot having 00:00:00:00:00:00 mac address;
*) address-list – allow manually adding timeoutable entries;
*) address-list – show dynamic entry timeout;
*) fixed l2mtu changing on CCRs – could cause port flapping;
*) disabling/enabling ethernet ports did not work properly on CCRs,
could cause port flapping;
*) fixed port flapping on CCR – could happen when having other than
only-hardware-queue interface queue.
Note that having other interface queue than only-hardware-queue
dramatically reduces performace, so should be avoided if possible;
What’s new in 6.6 (2013-Nov-07 13:04):
*) winbox – fixed problem where all previous session opened windows were read only;
*) certificate – no more ‘reset-certificate-cache’ and ‘decrypt’ commands,
private keys can be decrypted only on ‘import’, use ‘decrypt’
before upgrade if needed;
*) fixed arp-reply only with more than one ip address on interface;
*) fixed RB400 not to reboot by watchdog during micro-sd format;
*) web proxy – fix SPDY server push handling;
*) certificate – merged ‘/certificate ca issued’, ‘/certificate scep client’ and
‘/certificate templates’ into ‘/certificate';
*) console – :foreach command can iterate over keys and values in an array,
by specifying two counter variables, e.g.:
:foreach k,v in=[/system clock get] do={:put “$k is $v”};
*) added support for new Intel 10Gb ethernet cards (82599);
*) certificates – fixed certificate import;
*) wireless – fixed crash when dfs was enabled on pre-n wireless cards;
*) fixed port flapping on CCR;
What’s new in 6.5 (2013-Oct-16 15:32):
*) tftp – added data packet pipelining for read requests;
*) console – exported physical interface configuration uses ‘default-name’
instead of item number to match relevant interface;
*) console – report all constituent errors for parameters with multiple
alternative value types;
*) certificates – merge ‘/certificate ca’ into ‘/certificate’,
use set-ca-passphrase to maintain CA functionality;
*) lcd – backlight option is replaced with “/lcd backlight” command
*) dhcp server – added option to disable conflict-detection;
*) console – ‘:return’ does not trigger ‘on-error=’ action of ‘:do’ command;
*) route – fixed crash that could be triggered by change in nexthop
address resolution;
*) route – some imported VPNv4 routes were not using MPLS labels;
*) route – imported VPNv4 routes were not always updated or removed when
the original route changed;
*) winbox – fixed problem where all settings were read only on first open;
*) ovpn server – use only ciphers that are allowed not that client requested;
*) ssh client – fixed public key authentication;
*) ipsec – fix peer mathing with non byte aligned masks;
*) fix routerboot upgrading if RouterOS is partitioned;
*) add support for second serial port on CCR boards;
*) fix serial port baudrate selection on CCR boards;
*) ethernet interface stats that are behind switch chip
show real hw stats instead of just the traffic that goes through cpu;
What’s new in 6.4 (2013-Sep-12 13:52):
*) wireless – improved 802.11n wireless retransmission (doesn’t effect nstreme/nv2)
*) ovpn – allow to specify server via dns name;
*) winbox – fixed problem where ipv6 routes with non local link address gateway
could not be added;
*) fixed watchdog on mipsle boards;
*) traceroute – added count %26 max-hops parameters;
*) traceroute – added back use-dns parameter;
*) fixed usb Yota LTE modem hangup;
*) console – make newly added item names always immediately available;
*) graphing – make sure that interface graphs gets preserved across reboots;
What’s new in 6.3 (2013-Sep-03 12:25):
*) ssh – fixed denial of service;
*) traceroute – show mpls labels as well;
*) bug fix – sometimes some new interfaces could not be created properly any more (f.e. some pppoe clients could not connect);
*) console – added ‘/console clear-history’ command that clears command-line
history for all users, requires ‘policy’ policy;
*) sstp – limit packet queue for each device;
*) RB2011L – fixed occasional gigabit switch-chip lockup;
*) user manager – will warn on 1MB and stop before reaching minimum of 500KB disk space;
*) hotspot – do not account traffic to local hotspot pages;
*) ppp, hotspot – added ability to specify where to insert rate limiting queue,
it’s parent and type;
*) pptp, l2tp, sstp – allow to specify server via dns name;
*) dhcp – added ability to specify where to insert rate limiting queue;
*) www proxy – support ipv6 parent proxy;
*) webfig – fixed problem when opening quickset page country
was automaticly changed to etsi;
*) traceroute – added mtr like pinging;
*) fix queues – correct queue was not installed when last child removed;
*) fix simple queues – sometimes some simple queues would stop
working after configuration changes;
*) console – fixed issue with local variables having non-empty value
before first assignment;
*) console – fixed command “:global name” without second argument to not
create or change global variable “name”, only effect is to make “name”
refer to global variable.
*) console – fixed passing local variables as argument to function;
*) RB1200 – fixed crash when receiving over l2mtu size packets
on some ethernet interfaces;
What’s new in 6.2 (2013-Aug-02 10:37):
*) console – added “on-error” argument to ‘:do’ command that is executed
if command raises error;
*) hotspot – fixed chap error after failed http-chap login (broken in v6.1);
*) console – added new ‘:return’ command that interrupts execution of script
and passes argument as return value if script was called as function;
*) routerboot – fixed upgrade from RouterOS (could fail on some units);
*) userman – fixed payment gateway response notify processing;
*) console – resolved issue with ‘from-pool’ propery in ‘/ipv6 address';
*) console – array value syntax in expressions ‘{1;2;3;4}’ now can
specify values with word keys as ‘{a=1;b=2}';
*) console – added ‘verbose’ argument to ‘/import’ command that enables
line-by-line script import. By default import whole script at once
and don’t print it, as it was in version 6.0;
*) console – ‘:global’, ‘:local’ and ‘:set’ commands have new parameter ‘do’
that allows assigning block of commands to the variable;
*) console – global variables now are common to all users and are
available to all users with at least “read,write,test,policy” policy;
*) console – fixed parameter passing to scripts. Script parameters can
be accessed without declaring them with ‘:local’ and ‘:global’ commands.
For backwards compatibility global variables are first looked up in
script parametrs;
*) console – ‘$var 1 2 a=”a” b=”b”‘ syntax for passing parameters to commands
stored in a variable. Parameters are accessed as ‘$1′ ‘$2′ ‘$a’ ‘$b';
*) ipsec – fixed peer address matching;
*) ups – query smart ups capabilities before issuing any commands;
*) improved CCR responsiveness on other interfaces when one interface is under attack;
*) sms tool – added sim-pin setting;
*) dhcp server – framed routes are now also added to the server routing table;
*) dhcpv6 server – added binding-script option;
*) proxy – allow multiple src-address for ipv4 and ipv6;
*) eoip,gre tunnels could occasionally crash multicore router;
*) fixed bug – sometimes some types of interfaces would stop working;
*) ipsec sometimes could crash kernel on CCR;
*) connection tracking sometimes could crash kernel on CCR;
*) ppp,pptp,l2tp,sstp – added default-route-distance parameter;
*) scep – “/cert scep ra” merged into “/cert scep client” without saving ra config;
*) ipsec – fix phase1 autonegotiation on little endian platforms;
*) pppoe server – allow service with empty service-name to accept all pppoe clients;
*) lcd – current-screen option is replaced with “/lcd show” command
*) lcd – current-interface option is replaced with “/lcd interface display” command
*) graphing – make graphs stable on ppp %26 ovpn interfaces;
*) www, hotspot – fixed problem when www service stopped responding on high load;
*) winbox, webfig: allow to enter space in the text fields;
*) webfig – fixed configuration of VPLS %26 routing filters;
*) lcd – added option for enabling or disabling the touch screen;
*) lcd – added options for screen switching;
*) lcd – up to 10 non-physical interfaces can now be added to the lcd;
*) lcd – all interface graph screen can now be customized from /lcd interface page;
*) backup – changed default backup file name to–.backup
for file browsers to sort them properly;
*) webfig – it did not work in Opera;
*) webfig – made terminal work again;
*) winbox – added ability to fully set up traffic generator in winbox;
*) trafficgen – allow ranges for ip addrs and udp ports;
*) trafficgen – add tcp header support;
*) queue simple – fixed bug – actual queue order sometimes was wrong;
*) queue simple – queue is not invalid when at least one of target interfaces is up;
*) fixed crash when setting master-port on AR8327 switch chips;
*) fixed addresslist – dynamic entries sometimes would still
show up even afther being timed out;
*) added /ip settings allow-hw-fast-path setting to control AR8327N hardware ipv4 fast path;
*) vrrp – allow more than one vrrp on interface;
What’s new in 6.1 (2013-Jun-12 11:50):
*) pptp, l2tp – fixed crash when tunnel mru was too big and fragmented ip packet
was received;
*) hotspot – fixed problem when after upgrade hotspot html directory was empty;
*) ipv6 nd – dns dynamic-servers were not included in router advertisements;
*) winbox – fixed problem Switch menu disappeared on RB2011;
*) fixed memory amount issue on RB1100AHx2;
*) console – ‘/import’ prints each command that is executed;
*) console – ‘import’ has new argument ‘from-line’ that starts executing
commands after specified line;
*) secure api – fixed problem when wrong client ip address was reported;
*) hotspot – fixed universal client;
*) api – added support for API over TLS (SSL);
*) api – api service is now enabled by default;
*) ppp – do not show R flag for locally authenticated users;
*) vrrp – fixed ah authentication;
*) webfig – added support for RADIUS authentication (via MS-CHAPv2);
*) ipsec – for peers with full IP address specified system will
autostart ISAKMP SA negotiation;
*) trafficgen – added inject-pcap command for replaying pcap files into network;
*) dns – retry queries with tcp if truncated results received;
*) improved queue statistics updating;
*) fix 1G linking with some Cisco devices (affects RB7xx, RB9xx, RB1100, RB2011, CCR);
What’s new in 6.0 (2013-May-17 14:04):
*) ipsec – added /peer passive option which will prevent starting ISAKMP negotiation
and signifies xauth responder/initiator side;
*) RouterBOARD – default wireless config now includes password – serial number;
*) lte – support YOTA WLTUBA-107;
*) console – fixed crash when variable name was not specified for
‘:global’, ‘:local’, ‘:set’, ‘:for’ and ‘:foreach’ commands;
*) hotspot – added mac-cookie login method;
http://wiki.mikrotik.com/wiki/Manual:Hotspot_Introduction#MAC_Cookie
*) lcd – show a message when system shutdown is complete;
*) lcd – added Log screen which is accessible through the Main Menu
and shows log messages where action=echo;
*) ipsec – added pre-shared-key-xauth and rsa-signature-hybrid
authentication methods;
*) increased max l2mtu on CCR to 10226 bytes;
*) fixed crash on RB1200;
*) fixed bonding – did not work after remove, undo;
*) fixed queues – router could become unresponsive when configuring queues;
What’s new in 6.0rc14 (2013-Apr-24 11:52):
*) route – make connected routes inactive when interface has no link;
*) ipsec – changing or removing unused peer or proposal config won’t
flush active SAs;
*) console – add ‘without-paging’ to more ‘print’ commands;
*) route – automatically repair FIB inconsistencies;
*) ipsec mode-cfg – unity split include support;
*) ipsec policy – template matching for policy generation;
*) metarouter: fixed occasional lockups on mipsbe boards;
*) fixed crash when bridge filter rule had action=return for rule in builtin chain;
*) traffic-flow – fixed deadlock and crash on multicore;
*) fixed memory leak on CCR with PPPoE interfaces;
*) improved PPPoE interface encapsulation performance;
*) fixed queues – total amount of traffic passing through queues sometimes was
about 1Gbit;
What’s new in 6.0rc13 (2013-Apr-08 14:25):
*) pppoe, l2tp, pptp server – increased lcp retransmit count to 10;
*) pptp, l2tp %26 pppoe clients – added ability to specify keepalive timeout;
*) graphing – fixed problem were interface graphs are lost on reboot;
*) dhcpv6 – added relay;
*) sstp server – restore (disabled in rc12) test mode which allows
running server without certificate;
*) lcd – added option for turning backlight on/off;
*) bgp – fix med comparison check if routes are received from iBGP peer;
*) fixed simple queues – sometimes some simple queues did not limit traffic
(bug introduced in 6.0rc12);
*) allow to change arp timeout (in /ip settings);
*) added /ip neighbor discovery settings setting “default-for-dynamic” to control
discovery on new dynamic interfaces (off by default);
What’s new in 6.0rc12 (2013-Mar-26 17:18):
*) ospf – add use-dn option;
*) ospf – fix route-tag handling;
*) fixed layer7 matcher – it is case insensitive now;
*) remote logging – added iso8601 time format support;
*) bgp – change MED propagation logic, now discarded when sending route with
non-empty AS_PATH to an external peer;
*) fixed occasional nand corruption on CCR;
*) ipsec – added ipv4 mode-cfg support for responder;
*) ipsec – fixed some issues with removal of dynamic policies;
*) email – renamed parameter tls to start-tls for send command;
*) wireless – update required when using small width channel RB2011 RB9xx
caveat: update remote end/s before updating AP as both side are
required to use new/same version for a link
*) ipsec – generate-policy now can have port-strict value which will use port
from peer’s proposal when generating policy or port-override which
will always generate policy for any port;
*) ipsec – responder side now uses initiator exchange type for peer
config selection;
*) lcd – changed All interface stat screen (bar graphs) to show total
bandwidth usage, combine rx/tx together;
*) lcd – removed “all-interface-mode” option;
*) lcd – changed “Interfaces” screen to show interface usage
similiar to All interface stat screen;
*) lcd – improved Interfaces -> * -> Info screen, added more wireless information;
*) lcd – added Registration Table screen for wireless interfaces under
Interfaces -> ‘wireless interface’ -> Registration Table;
*) fixed occasional kernel crashes on CCR;
*) fixed other than only-hardware-queue interface queues on CCR;
*) lte – devices with vendor/product id pair 0x0f3d/0x68AA now
uses directip inferface;
*) dhcp client v4 – option add-default-route now supports special-classless value;
*) significantly increased simple queue performance on multi core systems
(up to 9x on CCR1036 with at least 32 top level simple queues);
*) ip arp – new property published;
*) web proxy – added new option max-cache-object-size,
upper limit of max-client-connections and max-server-connections
is now calculated from system RAM;
*) ospf – fixed inconsistency in external ECMP route calculation;
*) certificates – CA keys are no more cached, every CA operations
now requires a valid CA passphrase.
use set-ca-passphrase for scep server to cache CA key in encrypted form;
*) ppp – made MPPE encryption work on tilera (bug introduced in 6.0rc10);
*) tool fetch – https support with optional certificate verification;
*) sstp server – removed test mode which allowed running server without certificate;
*) trafficgen – add support for ipv6 header;
*) wireless – added support for small channels on SXT lite;
What’s new in 6.0rc11 (2013-Feb-22 09:17):
*) ppp – made MPPE encryption work on tilera (bug introduced in 6.0rc10);
*) sstp server – added option to force AES encryption;
*) fixed router crash on heavy traffic with sierra lte
modem on boards with 32MB RAM;
What’s new in 6.0rc10 (2013-Feb-15 10:47):
*) ppp – added bridge-path-cost %26 bridge-port-priority to ppp profiles;
*) ppp – made RSTP work over ppp links as well;
*) ppp – added last-logged-out to ppp secrets;
*) ppp – made MRRU work propererly on CCR;
*) hotspot, ppp – support multiple address-lists;
*) fixed problem – could not format disks larger than 2Gb on CCR;
*) fixed problem – repartitioning flash second time made system unbootable;
*) fixed problem – partition fall back settings got corrupted;
*) fixed problem – package made for other architectures could be installed,
making whole system non functioning;
*) sstp, ipsec – respect CRLs;
*) certificates – for certificates marked as trusted=yes,
CRL will be automaticly updated once in hour from http sources;
*) fixed ppp family interfaces – show it’s status (bug introduced in rc8);
*) fixed p2p, connection-bytes firewall matcher;
*) fixed ip firewall nat action=same;
What’s new in 6.0rc9 (2013-Feb-08 08:15):
*) ospf – fixed Summary-LSA prefix length check for OSPFv3, was not
accepting valid LSAs;
*) certificates – fix broken certificate handling
(bug introduced in rc8) in all related programs;
*) fixed – bgp tcp-md5-key crash on CCR;
*) fixed interfaces list sometimes showing up empty;
*) fixed – ip addrs could be inactive for some types of interfaces
which are added as bridge ports and disabled;
What’s new in 6.0rc8 (2013-Feb-04 13:25):
*) ppp,pppoe,pptp,l2tp,sstp – only 2 change mss mangle rules are
created for all ppp interfaces;
*) wireless – fixed AES encryption speed issues (upgrade suggested);
*) dhcpv6 server – handle info requests;
*) webfig – compressed all html resource files, speeds up opening of webfig page;
*) console – reduced width of address column in ‘/user print';
*) simple queues requires target arg to be specified when adding;
*) do not count packets for unknown protocols as rx_dropped;
*) snmp – provide POE info;
*) improved cpu usage reporting on CCR boards;
*) improved interface reading performance;
*) changed CLI interface order – first are ethernets,
second wireless, third everything else.
Within group interfaces are ordered by name;
*) interfaces are deleted much faster, could be bottleneck on
systems with many ppp sessions;
*) pptp,l2tp,6to4 tunnel encapsulation/decapsulation now resets packet marks to
have consistent behavior across tunnels;
*) fix simple queue interface matching when doing encapsulation in some tunnel,
could result in double accounted packets;
*) ip/ipv6 firewall has all-ether,all-wireless,all-vlan,all-ppp interface matchers
*) queue limits could be inaccurate for large limits (100M or more);
What’s new in 6.0rc7 (2013-Jan-18 13:04):
*) dhcp relay – possibility to add relay agent information option;
*) lcd – options current-interface, time-interval and all-interface-mode
no longer get reset after reboot;
*) fix reboot in virtualized enviroment;
*) lcd – improve slideshow screen;
*) console – file print now shows file size as small number with suffix;
*) dhcp v4 – fix problem when sometimes client or server failed to send packets
most likely it happened on vlan interfaces;
*) ipv6 – added setting to disable forwarding;
*) added “/ip neighbor discovery settings” menu with “default=yes/no” setting;
What’s new in 6.0rc6 (2012-Dec-21 12:20):
*) fixed problem – netinstall for x86 did not work;
*) lcd – added take-screenshot command;
*) lcd – fixed calibration, fresh boards no longer require recalibration;
*) optimize memory usage – makes 32Mb routerboards more stable;
*) support BandRich modems with newer firmware;
*) ipsec – authentication using certificate store but without CRL checking for now;
*) added feature – flash can be partitioned on routerboards and
separate versions can be installed on each of them (requires latest firmware);
*) fixed problem – after restoring backup, it gets restored again on every reboot;
*) improved router performance when dhcp client/server present in system;
*) fixed vlan on bond after reboot;
*) fixed occasional queue kernel crash;
What’s new in 6.0rc5 (2012-Dec-05 15:22):
*) wireless – advanced rate selection is the only method supported;
*) ssh client – support keyboard-interactive authentication;
*) fix simple queue config upgrade;
What’s new in 6.0rc4 (2012-Nov-28 17:16):
*) dhcp server – added two radius string options (24, 25)
for use in custom dhcp options;
*) fixed problem – ppp dial-on-demand did not work, it allways dialed in;
*) fixed problem – password was not saved when adding new user;
*) added feature – show last-logged-in in users list;
*) snmp – fix interface table;
*) dhcp ipv6 – added comment fields;
*) dhcp client ipv6 – add/remove default route or ntp server
without renew when settings change;
*) ppp clients – set up dns dynamic-servers instead of static ones;
*) fixed problem – Connect button did not work in wireless scanner;
*) dhcp server – added radius framed route support;
*) fixed problem – MetaROUTERs did not work
on PowerPC boards (RB800, RB1000, RB1100);
*) fixed problem – check-for-updates stopped working if it didn’t find new updates
previously;
*) dhcp ipv6 – added dns option support;
*) gre – support all protocol encapsulation, not just ip and ipv6;
What’s new in 6.0rc3 (2012-Nov-09 12:59):
*) fixed problem – MetaROUTERs did not work on RB2011s;
*) fixed problem – Realtek 1Gbit ethernet cards did not work;
*) added “/ip settings” menu with following settings:
ip-forward, send-redirects, accept-source-route, accept-redirects,
secure-redirects, rp-filter, tcp-syncookies;
*) fix some ipv6 firewall matchers;
*) improved performance for eoip,eoipv6,gre,gre6 tunnels, especially on multi core;
*) /queue tree entries with parent=global are performed
separately from /queue simple and before /queue simple;
*) snmp – fixed missing OIDs;
What’s new in 6.0rc2 (2012-Oct-24 11:27):
*) added generic fast path support on certain interfaces
(all ethernets on RB3xx, RB6xx, RB7xx, RB8xx, RB9xx, RB1000, RB11xx, RB2011);
*) added ipv4 fast path, it doubles ipv4 forwarding performance
on supported interfaces when no firewall, conntrack, queues.
*) added traffic generator fast path;
*) addedbridge fast path;
More info on fast path: http://wiki.mikrotik.com/wiki/Manual:Fast_Path
What’s new in 6.0rc1 (2012-Sep-26 14:56):
*) i386 – increased number of supported cores to 64;
*) userman – fix unpaid profile activation while authenticating;
*) dhcp client – custom options;
*) dhcp options – allow mixing different data types;
*) console – “export compact” now is the default, use “export verbose” to get
previous behaviour;
*) ntp – make it work again;
*) tftpd – if real-file is a existing directory then prefix request with it;
*) RB333 ethernets are back;
*) dns – rotate servers only on failure;
*) fix M3P (/ip packing);
What’s new in 6.0beta3 (2012-Aug-22 12:12):
*) installation – use much less space in storage (works well with 32MiB flash);
*) routerboard package is now merged with system package;
*) userman – use corresponding time zone data when showing date in console;
*) gps – init-string option;
*) ipsec – kill phase1 if ipsec-sa in responder expires due to system time change;
*) ipsec – rekey phase1 before expiration;
*) ipsec – when last ISAKMP-SA is deleted for the remote host
remove related IPSec-SAs;
*) ipsec – send delete IPSec-SAs on shutdown/reboot;
*) user manager – fix user’s active profile end time if it has unlimited validity,
these users now won’t be hidden from reports when date filters are in effect;
*) certificate validity is shown using local timezone offset;
*) fixed queue bit rate reporting;
*) fixed ipv6 firewall;
*) upgraded drivers and kernel (to linux-3.3.5);
*) added priority matcher to firewall;
*) added change-dscp from-priority and from-priority-to-high-3-bits options;
*) fixed router crash or hang when rebooting;
*) add snif-tzsp,snif-pc actions to ip/ipv6 firewall mangle;
*) traffic-generator improvements for multi core;
What’s new in 6.0beta2 (2012-Apr-24 10:57):
*) “/ip address set” and “/ipv6 address set” commands did not work properly;
*) fix eoipv6 tunnels, tunnel-ids in packets were shuffled;
*) fix dynamic simple queues;
*) fix /ipv6 firewall connection-state matcher, was crashing router;
*) fix traffic generator, was crashing router when generating traffic
on bonding interface;
*) fix wds interfaces;
*) downgrading to v5 was losing wireless interface configuration;
*) fix queue byte and rate statistics;
*) fix ethernet port order on all boards;
What’s new in 6.0beta1 (2012-Apr-13 15:26):
*) updated drivers and kernel (to linux-2.6.38.2);
*) improved interface management
(scales well for up to thousands of interfaces and more);
*) improved queue management (/queue simple and /queue tree) – easily handles tens
of thousands of queues;
*) improved overall router performance when simple queues are used –
at least double the performance of v5,
even bigger improvements on multicore systems;
*) very small overhead for packets that miss simple queues,
but simple queues are present in the system;
*) pcq queue is NAT aware (just like “/queue simple” and “/ip traffic-flow”;
*) in “/ip firewall mangle” can specify “new-priority=from-dscp-high-3-bits”;
*) new default queue types: pcq-download-default and pcq-upload-default;
*) simple queues have separate priority setting for download/upload/total;
*) slave flag shows up for interfaces that are in bridge,bonding or switch group;
*) global-in, global-out, global-total parent in /queue tree is
replaced with global that is equivalent to global-total in v5;
*) simple queues happen in different place – at the very end of
postrouting and local-in chains;
*) simple queues target-addresses and interface parameters are joined into one
target parameter, now supports multiple interfaces match for one queue;
*) simple queues dst-address parameter is changed to dst and now supports
destination interface matching;
*) dns cache logs requests to topics “dns” and “packet”;
Комментариев нет:
Отправить комментарий