Tag Archives: RouterOS

RouterOS ChangeLog

What’s new in 6.38rc25 (2016-Nov-07 08:34):

!) queues – significantly improved hashing algorithm in dynamic simple queue setups (fixes CPU load spikes on queue removal);
!) ipsec – added IKEv1 xauth user authentication with RADIUS “/ip ipsec user settings set radius=yes” (cli only);
!) ipsec – added IKEv2 experimental support with pre-shared-key and rsa-signature authentication methods (cli only);
!) ipsec – added support unique policy generation which will allow multiple peers behind the same NAT (cli only);
*) discovery – added LLDP support;
*) routerboot – show log message if router CPU/RAM is overclocked;

Other changes since 6.37.1:

!) ethernet – optimized packet processing on low load when irq re-balance is not necessary;
!) fastpath – let one packet per second through slow path to properly update connection timeouts;
!) snmp – added basic get and walk functionality “/tool snmp-[get|walk]”;
!) switch – added hardware stp functionality for CRS devices and small Atheros switch chips (http://wiki.mikrotik.com/wiki/Manual:CRS_examples#Spanning_Tree_Protocol);
!) tr069-client – initial implementation (as separate package);
!) winbox – now Winbox 3.7 is the minimum version that can connect to RouterOS;
*) arm – improved watchdog reliability;
*) arp – added local-proxy-arp feature;
*) bonding – added “forced-mac-address” option (cli only);
*) bonding – fixed 802.3ad load balancing over routed VLANs with fastpath enabled;
*) bonding – fixed mac address selection after upgrade;
*) bridge – fixed rare crash on bridge port removal;
*) capsman – added possibility to change arp, mtu, l2mtu values in datapath configuration;
*) certificates – fixed trust chain update on local certificate revocation in programs using ssl;
*) chr – fixed “/interface print”;
*) chr – fixed reboot;
*) console – fixed “/interface ethernet switch export” on some boards;
*) crs – added comment ability in more switch menus;
*) crs – fixed port mirroring halt after L2MTU change;
*) crs – fixed rare kernel failure on switch reset (for example, reboot);
*) dhcp – do not allow to create dhcp-server on slave interface;
*) dhcp – fixed dhcp-client crash (introduced in 6.37rc14);
*) dhcp – show dhcp server as invalid and log an error when interface becomes a slave;
*) discovery – removed 6to4 tunnels from /ip neighbor discovery menu;
*) dns – improved static dns entry add speed when regexp is being used;
*) dude – (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=8&t=112599);
*) ethernet – fixed interface speed reporting for x86 in log after reboot or if “disable-running-check=yes”;
*) ethernet – fixed potential loopprotect crash;
*) export – do not show interface comment in “/ip neighbor discovery” menu;
*) fastpath – fixed kernel failure when fastpath traffic goes into loop;
*) fastpath – fixed rare crash;
*) fastpath – improved connection tracking timeout updates;
*) firewall – added creation-time to address list entries;
*) firewall – do not allow to increase/decrease ttl and hop-limit by 0;
*) firewall – fixed “connection-state” value disappearance in rules that were created before v6.22;
*) firewall – fixed compact export (introduced in 6.37rc14);
*) firewall – improved “time” option (ranges like 22h-10h now are acceptable);
*) firewall – increased max size of connection tracking table to 1048576;
*) firewall – new faster “connection-limit” option implementation;
*) health – show power consumption on devices which has voltage and current monitor;
*) hotspot – fixed nat rule dst-port by making it visible again for Walled Garden ip return rules;
*) interface – changed loopback interface mtu to 1500;
*) interface – do not treat multiple zeros as single zero on name comparison;
*) interface – show link stats in “/interface print stats-detail” output;
*) ipsec – added ability to specify static IP address at send-dns option (CLI only);
*) ipsec – added ph2 accounting for each policy “/ip ipsec policy ph2-count” (cli only);
*) ipsec – allow to specify explicit split dns address;
*) ipsec – changed logging topic from error to debug for ph2 transform mismatch messages;
*) ipsec – changed logging topic from error to debug when empty pfkey messages are received;
*) ipsec – non passive peers will also establish SAs from policy without waiting for the first packet;
*) ipsec – send xauth password without trailing null;
*) ipv6 – increased default max-neighbor-entries value to 8192, same as ipv4;
*) led – fixed cAP 2nD stuck in dark mode all the time;
*) led – fixed dark mode for cAP2nD (http://wiki.mikrotik.com/wiki/Manual:System/LEDS#Leds_Setting);
*) log – fixed “System rebooted because of kernel failure” message to show after 1st crash reboot;
*) lte – added support for PANTECH UML295;
*) lte – allow to execute concurrent info commands;
*) lte – fixed Pantech UML296 support;
*) lte – fixed dwm-222 support;
*) lte – fixed init delay after power reset;
*) lte – increased delay when setting sms send mode;
*) lte – return info data when all the fields are populated;
*) mmips – fixed traffic accounting in “/interface” menu;
*) mmips – improved watchdog reliability;
*) mobile – added support for more Vodafone K4201-Z and ZTE MF90 modems;
*) package – show minimal supported RouterOS version under “/system resource” menu if it is specified;
*) profiler – added ability to monitor cpu usage per core;
*) queue – fixed rare crash on statistic gathering in “/queue tree”;
*) queue – improved “time” option (ranges like 22h-10h are now usable);
*) rb2011 – fixed crash on l2mtu changes;
*) rb850Gx2 – fixed pcb temperature monitor if temperature was above 60C;
*) resolver – ignore cache entries if specific server is used;
*) script – increment run count value when script is executed from snmp;
*) sms – fixed crash after modem has failed to start;
*) snmp – provide sinr in lte table;
*) ssh – fixed lost “/ip ssh” settings on upgrade from version older than 5.15;
*) ssl – fixed potential memory leak ( when using dude for example);
*) torch – fixed aggregate statistics appearance;
*) traffic-flow – fixed dst-port reporting if connection is not maintained by connection tracking;
*) trafficgen – fixed crash when IPv6 traffic is processed;
*) trafficgen – fixed potential crash when very big frame is generated;
*) trafficgen – improved fastpath support;
*) tunnel – properly export keepalive value;
*) usb – fixed kernel failure when Nexus 6P device is removed;
*) userman – fixed memory leak on user limitation calculations;
*) users – added TikApp policy;
*) vlan – allow to add multiple vlans which name starts with same number and has same length;
*) vlan – fixed CRS switch egress-vlan-tag export;
*) winbox – added led settings menu;
*) winbox – allow to run profiler from “/system resources” menu;
*) winbox – do not show hotspot user profile incoming and outgoing filters and marks as set if there is no value specified;
*) winbox – fixed missing switch menu for mmips devices;
*) winbox – properly show VHT basic and supported rates in CAPsMAN;
*) winbox – removed spare values from loop-protect menu;
*) winbox – show primary and secondary ntp addresses as 0.0.0.0 if none are set;
*) wireless – added CRL checking for eap-tls;
*) wireless – added api command to report country-list (/interface/wireless/info/country-list);
*) wireless – fixed custom channel extension-channel appearance in console;
*) wireless – fixed rare kernel failure when connecting to nv2 access point with legacy rate select;
*) wireless – take in account channel width when returning supported channels;

Changelog archive

What’s new in 6.37.1 (2016-Sep-30 10:28):

!) package – fixed wireless package status after upgrade to 6.37 (extra reboot after upgrade is necessary);
!) ssl – fixed peer address/dns verification from certificate (affects sstp, fetch, capsman);
!) winbox – now Winbox 3.6 is the minimum version that can connect to RouterOS;
*) console – fixed typo in web-proxy (passthru to passhtrough);
*) dude – (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=8&t=112599);
*) export – do not show mac-address in export when it is not necessary;
*) firewall – fixed dynamic dummy firewall rules appearance in raw tables;
*) hotspot – fixed nat rule dst-port by making it visible again;
*) led – fixed default led settings for wAP2nDr2;
*) snmp – do not allow to execute script if user does not have write permission;
*) tile – do not reboot device after watchdog disable/enable;
*) userman – always re-fetch table data when switching between different menus;
*) userman – fixed timezone adjustment in reports;
*) webfig – fixed channel selection in check-for-update menu in Firefox;
*) winbox – added loop-protect settings;
*) winbox – added passthrough state to web-proxy;
*) winbox – allow to unset http-proxy field for sstp client;
*) winbox – do not show health menu on RB951-2n;
*) winbox – fixed typo in dhcpv6 relay (DCHP to DHCP);
*) winbox – show address expiration time in dhcp client list;
*) wireless – show DFS flag in country-info command output;

Changelog archive

What’s new in 6.36.4 (2016-Oct-05 11:24):

!) ssl – fixed peer address/dns verification from certificate (affects sstp, fetch, capsman);
*) console – hotspot setup show wrong certificate name;
*) ethernet – added support for LAN9514 ethernet dongle;
*) ethernet – allow to force mtu value when actual-mtu is already the same;
*) firewall – fixed dynamic dummy firewall rules appearance in raw tables;
*) firewall – fixed time based rules on time/timezone changes (again);
*) hotspot – fixed nat rule dst-port by making it visible again;
*) ipsec – changed logging topic from error to debug for ph2 transform mismatch messages;
*) ipsec – fixed dynamic policy not deleted on disconnect for nat-t peers;
*) ipv6 – improved system responsiveness when ipv6 routes are frequently modified;
*) led – fixed default led settings for wAP2nDr2;
*) lte – added dlink dwm-157 D, dwm-222, Pantech UML295, Vodafone K4201-Z, ZTE MF823/MF831 support;
*) lte – added rndis for ZTE MF8xx;
*) lte – added ZTE K5008-Z back;
*) lte – fixed setting correct lte band for sxt lte;
*) mpls – fixed memory leak;
*) pppoe – fixed disconnects by idle timeout when fastpath is used;
*) rb3011 – fixed rare occasions when router would hang while loading kernel;
*) sstp – allow to specify proxy by dns name;
*) tile – do not reboot device after watchdog disable/enable;
*) traffic-flow – fixed dst-port reporting if connection is not maintained by connection tracking;
*) userman – always re-fetch table data when switching between different menus;
*) userman – fixed memory leak on user limitation calculations;
*) userman – fixed timezone adjustment in reports;
*) webfig – fixed certificate signing;
*) webfig – fixed channel selection in check-for-update menu in Firefox;
*) winbox – added auto refresh for BFD neighbors;
*) winbox – adjust on-event field dynamically depending on window size;
*) winbox – adjusted allowed values for http-proxy field;
*) winbox – allow to unset http-proxy field for sstp client;
*) winbox – fixed typo in dhcpv6 relay (DCHP to DHCP);
*) winbox – removed health menu from devices that do not support it;
*) winbox – removed unset button for L2MTU field;
*) wireless – show DFS flag in country-info command output;

Changelog archive