en-usMikroTik Candidatehttps://www.mikrotik.comCopyright 2018, Mikrotikls LtdMikroTik Rss60Feed for newest RouterOS updates.RouterOS 6.42rc11 [Release candidate]https://www.mikrotik.com/download/changelogs/release

6.42rc11 changelog:

*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed allowed MSTI priority values;
*) certificate - do not use utf8 for SCEP challange password;
*) chr - automaticly generate new systemID on first startup;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6-client - implement confirm after reboot;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss funcionality in some specific traffic (introduced in v6.41);
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed nv2 (introduced in v6.42rc);

Other changes since 6.41:

*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-server - added DHCPv4 style user options;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for W60G interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) winbox - added possibility to delete SMS from Inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behaviour;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;


Download the new 'RouterOS 6.42rc11' version here: https://www.mikrotik.com/download

]]>
Release candidateThu, 18 Jan 2018 17:48:33 +0200a1e6462ebf3220f2fb1f49ab527df861
RouterOS 6.42rc9 [Release candidate]https://www.mikrotik.com/download/changelogs/release

6.42rc9 changelog:

*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-server - added DHCPv4 style user options;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike2 - delay rekeyed peer outbound SA installation;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature (CLI only);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for W60G interfaces;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) winbox - added possibility to delete SMS from Inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behaviour;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) wireless - fixed frequency-monitor/sniffer/snooper; (introduced in v6.42rc);
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;

Other changes since 6.41:

*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv6-client - added possibility to specify options (CLI only);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;


Download the new 'RouterOS 6.42rc9' version here: https://www.mikrotik.com/download

]]>
Release candidateMon, 15 Jan 2018 15:12:26 +02008a702f0d7daa2daf63527e13e8049b35
RouterOS 6.42rc6 [Release candidate]https://www.mikrotik.com/download/changelogs/release

6.42rc6 changelog:

*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) snmp - added w60g support;
*) wireless - fixed device becoming unresponsive (introduced in v6.42rc5);

Other changes since 6.41:

*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed “aes-ctr” and “aes-gcm” encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;

Download the new 'RouterOS 6.42rc6' version here: https://www.mikrotik.com/download

]]>
Release candidateThu, 04 Jan 2018 16:13:10 +02005f9df309f6e8114e6a78449205424666
RouterOS 6.42rc5 [Release candidate]https://www.mikrotik.com/download/changelogs/release

6.42rc5 changelog:

*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed “aes-ctr” and “aes-gcm” encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - fixed HTTPS authentication process;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;

Other changes since 6.41:

*) dude - fixed e-mail notifications when default port is not used;
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) tile - fixed USB device speed detection after reboot;
*) traffic-flow - do not count single extra packet per each flow;

Download the new 'RouterOS 6.42rc5' version here: https://www.mikrotik.com/download

]]>
Release candidateWed, 03 Jan 2018 14:33:40 +0200c8c7ba19227866cdc315382773d0290a
RouterOS 6.42rc2 [Release candidate]https://www.mikrotik.com/download/changelogs/release

6.42rc2 changelog:

*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher;
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) tile - fixed USB device speed detection after reboot;
*) traffic-flow - do not count single extra packet per each flow;

Download the new 'RouterOS 6.42rc2' version here: https://www.mikrotik.com/download

]]>
Release candidateWed, 27 Dec 2017 10:48:52 +02007ef77c069c3defd8345cc9107831f870
RouterOS 6.41rc66 [Release candidate]https://www.mikrotik.com/download/changelogs/release

6.41rc66 changelog:

*) capsman - added possibility to downgrade CAP with upgrade command from CAPsMAN;
*) crs326 - improved transmit performance from SFP+ to Ethernet ports;
*) dhcp-server - added basic RADIUS accounting;
*) ike1 - disallow peer creation using base mode;
*) ike2 - added support for multiple split networks;
*) ike2 - do not allow to configure nat-traversal;
*) ipsec - improved hardware accelerated IPSec performance on 750Gr3;
*) ppp - fixed "change-mss" functionality when MSS option is missing on forwarded packets;
*) ppp - fixed L2TP and PPTP encryption negotiation process on configuration changes;
*) pppoe-client - properly re-establish MLPPP session when one of the lines stopped transmitting packets;
*) quickset - fixed LTE quickset mode APN field;
*) route - improved reliability on routing table update;
*) snmp - fixed bulk requests when non-repeaters are used;
*) wireless - added support for CHARGEABLE_USER_ID in EAP Accounting;
*) wireless - updated "UK 5.8 Fixed" and "Australia" regulatory domain information;

Other changes since 6.40.5:

!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
!) w60g - added Point to Multipoint support;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs;
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) capsman - use "adaptive-noise-immunity" value from CAP local configuration;
*) certificate - added option to store CRL in RAM (CLI only);
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - improved CRL update after system startup;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) certificate - show invalid flag when local CRL file does not exist;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs317 - fixed reliability on FAN controller;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) dhcpv4-server - added "NETWORK_GATEWAY" option variable;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed PH1 lifetime reset on boot;
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed Passthrough support;
*) lte - fixed authentication for non LTE modes;
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) lte - update info command with "location area code" and "physical cell id" values;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added initial support for PLE902;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) sms - log decoded USSD responses;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - fixed consecutive OID bulk get from the same table;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) system - show USB topology for the device info;
*) tile - improved hardware encryption processes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) userman - allow to generate more than 999 users;
*) w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
*) w60g - connected stations are treated as separate interfaces;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) w60g - renamed modes - "master" to "ap-bridge", "slave" to "station-bridge";
*) webfig - added favicon file;
*) webfig - fixed router getting reset to default configuration;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "W60G station" tab in Wireless menu;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - added switch menu on RB1100AHx4;
*) winbox - do not show MetaROUTER stuff on RB1100AHx4;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan option for wireless scan mode;
*) wireless - check APs against connect-list rules starting with strongest signal;
*) wireless - do not show background scan frequencies in the monitor command channel field;
*) wireless - fixed channel selection when special channels used (introduced in v6.41rc);
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - increased the EAP message retransmit count;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;

Download the new 'RouterOS 6.41rc66' version here: https://www.mikrotik.com/download

]]>
Release candidateFri, 15 Dec 2017 13:47:54 +0200bf6c51c6d2e0acc50781db25de2a229b
RouterOS 6.41rc61 [Release candidate]https://www.mikrotik.com/download/changelogs/release

6.41rc61 changelog:

*) bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
*) bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
*) capsman - use "adaptive-noise-immunity" value from CAP local configuration;
*) certificate - added option to store CRL in RAM (CLI only);
*) certificate - improved CRL update after system startup;
*) certificate - show invalid flag when local CRL file does not exist;
*) crs317 - fixed reliability on FAN controller;
*) dhcpv4-server - added "NETWORK_GATEWAY" option variable;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher;
*) lte - fixed Passthrough support;
*) lte - update info command with "location area code" (LAC);
*) lte - provide lte info "physical cell id" values (R11e-LTE only);
*) ppp - added initial support for PLE902;
*) sms - log decoded USSD responses;
*) snmp - fixed consecutive OID bulk get from the same table when non-repeaters are > 0;
*) system - show USB topology for the device info;
*) webfig - fixed router getting reset to default configuration;
*) winbox - added switch menu on RB1100AHx4;
*) winbox - do not show MetaROUTER stuff on RB1100AHx4;
*) wireless - check APs against connect-list rules starting with strongest signal;
*) wireless - do not show background scan frequencies in the monitor command channel field;
*) wireless - fixed channel selection when special channels used (introduced in v6.41rc);
*) wireless - increased the EAP message retransmit count;

Other changes since 6.40.5:

!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) w60g - added Point to Multipoint support;
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed PH1 lifetime reset on boot;
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed authentication for non LTE modes;
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) userman - allow to generate more than 999 users;
*) w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
*) w60g - connected stations are treated as separate interfaces;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) w60g - renamed modes - "master" to "ap-bridge", "slave" to "station-bridge";
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "W60G station" tab in Wireless menu;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan option for wireless scan mode;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;

Download the new 'RouterOS 6.41rc61' version here: https://www.mikrotik.com/download

]]>
Release candidateWed, 06 Dec 2017 15:25:10 +0200146f60f01d931bc60e7efbda01a3818e
RouterOS 6.41rc56 [Release candidate]https://www.mikrotik.com/download/changelogs/release

6.41rc56 changelog:

*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher (CLI only);
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) ike2 - fixed PH1 lifetime reset on boot;
*) lte - fixed authentication for non LTE modes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) userman - allow to generate more than 999 users;
*) wireless - added passive scan option for wireless scan mode;

Other changes since 6.40.5:

!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;

Download the new 'RouterOS 6.41rc56' version here: https://www.mikrotik.com/download

]]>
Release candidateFri, 24 Nov 2017 14:05:50 +0200f63772b7e503f2642d31be69dbc40086
RouterOS 6.41rc52 [Release candidate]https://www.mikrotik.com/download/changelogs/release

6.41rc52 changelog:

*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan functionality (CLI only);

Other changes since 6.40.5:

!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limited DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - added Yota non-configurable modem support;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;

Download the new 'RouterOS 6.41rc52' version here: https://www.mikrotik.com/download

]]>
Release candidateWed, 22 Nov 2017 15:46:59 +02001a2659053ab2a59756012647e81ccb8a
RouterOS 6.41rc50 [Release candidate]https://www.mikrotik.com/download/changelogs/release

6.41rc50 changelog:

*) bridge - set "igmp-snooping=no" by default on new bridges;
*) crs3xx - added ingress/egress rate input limits;
*) dhcp-client - limited DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) health - fixed bogus voltage readings on CCR1009;
*) ike1 - fixed crash after downgrade if DH groups 19,20,21 were used for phase1;
*) ike1 - fixed crash on xauth if user does not exist;
*) ipv6 - fixed IPv6 addresses constructed from prefix and static address entry;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) m11g - improved ethernet performance on high load;
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sms - fixed minor problem for SMS delivery;
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) wireless - new driver with initial support for 160 and 80+80 MHz channel width;

Other changes since 6.40.4:

!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - fixed import of certificates with empty SKID;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) firewall - do not NAT address to 0.0.0.0 after reboot if to-address is used but not specified;
*) ike1 - fixed RSA authentication for Windows clients behind NAT;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed lost value for "remote-certificate" parameter after disable/enable;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) log - properly recognize MikroTik specific RADIUS attributes;
*) lte - added Passthrough support (CLI only);
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - do not reset modem when it is not possible to access SMS storage;
*) lte - fixed PIN option after setting up the band;
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed modem initialization after reboot;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - include timestamps in SMS delivery reports;
*) sms - properly initialize SMS storage;
*) snmp - fixed "/system license" parameters for CHR;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - allow shorten bytes to k,M,G in Hotspot user limits;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - fixed rate selection process when "rate-set=configured" and NV2 protocol is used;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;

Download the new 'RouterOS 6.41rc50' version here: https://www.mikrotik.com/download

]]>
Release candidateWed, 01 Nov 2017 15:01:08 +0200bf03ce4d6d01b16bedc4977763561da1