MikroTik RouterOS v6.43 [current] publicado
Esta disponible para actualizar la rama current del RouterOS a la versión v6.43, la cual trae una lista grande de agregados y arreglos que los listaremos a continuación.
Hay que tener precaución al actualizar, porque hay un cambio en el proceso de autenticación via API, que hará que la mayoría de los sistemas de facturación o sistemas que utilicen API dejen de funcionar hasta tanto no se actualicen.
Otro de los cambios o agregados que se tiene nivel de bridge, es el soporte de Q-in-Q, DHCP Snooping y DHCP option 82, funcionalidades que eran solicitadas por los usuarios del sistema operativo.
La funcionalidad a nivel de DHCP server para crear queues dual-stack será de gran utilidad para quienes estén utilizando este método para brindar conectividad tanto IPv4 como IPv6.
What's new in 6.43 (2018-Sep-06 12:44): MAJOR CHANGES IN v6.43: ---------------------- !) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login); !) backup - do not encrypt backup file unless password is provided; !) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required; !) cloud - added IPv6 support; !) cloud - added support for licensed CHR instances (including trial); !) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process); !) radius - use MS-CHAPv2 for "login" service authentication; !) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device; !) webfig - improved authentication process; !) winbox - improved authentication process excluding man-in-the-middle possibility; !) winbox - minimal required version is v3.15; ---------------------- Changes in this release: *) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256); *) backup - generate proper file name when devices identity is longer than 32 symbols; *) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled; *) bridge - added an option to manually specify ports that have a multicast router (CLI only); *) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled; *) bridge - added ingress filtering options to bridge interface; *) bridge - added initial Q-in-Q support; *) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only); *) bridge - added per-port based "tag-stacking" feature; *) bridge - added support for BPDU Guard; *) bridge - added support for DHCP Option 82; *) bridge - added support for DHCP Snooping; *) bridge - added support for IGMP Snooping fast-leave feature (CLI only); *) bridge - fixed dynamic VLAN table entries when using ingress filtering; *) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing; *) bridge - forward LACPDUs when "protocol-mode=none"; *) bridge - ignore tagged BPDUs when bridge VLAN filtering is used; *) bridge - improved packet handling; *) bridge - improved packet processing when bridge port changes states; *) bridge - improved performance when bridge VLAN filtering is used without hardware offloading; *) bridge - renamed option "vlan-protocol" to "ether-type"; *) capsman - added ability to use chain 3 for "HT TX chains" and "HT RX chains" selections (CLI only); *) capsman - allow to change "radio-name" (CLI only); *) capsman - increase timeout for the CAP to CAPsMAN communication; *) certificate - added "expires-after" parameter; *) certificate - do not allow to perform "undo" on certificate changes; *) certificate - fixed RA "server-url" setting; *) check-installation - improved system integrity checking; *) chr - added checksum offload support for Hyper-V installations; *) chr - added large send offload support for Hyper-V installations; *) chr - added multiqueue support on Xen installations; *) chr - added support for multiqueue feature on "virtio-net"; *) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions); *) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no"; *) chr - do not show IRQ entries from removed devices; *) chr - fixed interface name assign process when running CHR on Hyper-V; *) chr - fixed interface name order when "virtio-net is not being used on KVM installations; *) chr - fixed MTU changing process when running CHR on Hyper-V; *) chr - fixed NIC hotplug for "virtio-net"; *) chr - improved balooning process; *) chr - improved boot time for Hyper-V installations; *) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V; *) chr - reduced RAM memory required per interface; *) cloud - added simultaneous IPv4/IPv6 support; *) cloud - close local UDP port if no activity; *) console - added "dont-require-permissions" parameter for scripts; *) console - added error log message when netwatch tries to execute script with insufficient permissions; *) console - added error log message when scheduler tries to execute script with insufficient permissions; *) console - do not show spare parameters on ping command; *) console - made "once" parameter mandatory when using "as-value" on "monitor" commands; *) console - removed automatic swapping of "from=" and "to=" in "for" loops; *) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed; *) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled; *) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces; *) crs3xx - added hardware support for DHCP Snooping and Option 82; *) crs3xx - added Q-in-Q hardware offloading support; *) crs3xx - do not report SFP interface as running when interface on opposite side is disabled; *) crs3xx - fixed ACL rate rules (introduced in v6.41rc27); *) crs3xx - fixed flow control; *) crs3xx - fixed SwOS config import; *) defconf - fixed default configuration for RBSXTsq5nD; *) defconf - fixed missing bridge ports after configuration reset; *) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address; *) dhcp - reduced resource usage of DHCP services; *) dhcpv4-client - fixed DHCP client that was stuck on invalid state; *) dhcpv4-client - fixed double ACK packet handling; *) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only); *) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type; *) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present; *) dhcpv6-client - added missing "Server identifier" parameter in release message; *) dhcpv6-client - fixed "add-default-route" parameter; *) dhcpv6-client - fixed option handling; *) dhcpv6-client - improved dynamic IPv6 pool addition process; *) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time"; *) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only); *) dhcpv6-server - added initial dynamic simple queue support; *) dhcpv6-server - do not allow to run DHCPv6 server on slave interface; *) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings; *) dns - fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42); *) dude - fixed client auto upgrade (broken since 6.43rc17); *) ethernet - do not show "combo-state" field if interface is not SFP or copper; *) ethernet - properly handle Ethernet interface default configuration; *) export - do not show w60g password on "hide-sensitive" type of export; *) fetch - added "as-value" output format; *) fetch - fixed address and DNS verification in certificates; *) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43); *) filesystem - improved software crash handling on devices with FLASH type memory; *) health - added missing parameters from export; *) health - fixed voltage measurements for RB493G devices; *) health - improved speed of health measurement readings; *) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage; *) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id"; *) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication; *) ike1 - purge both SAs when timer expires; *) ike1 - zero out reserved bytes in NAT-OA payload; *) ike2 - fixed initiator first policy selection; *) ike2 - fixed rekeyed child deletion during another exchange; *) ike2 - improved basic exchange logging readability; *) ike2 - use "/32" netmask by default on initiator if not provided by responder; *) interface - improved interface "last-link-down-time" and "last-link-up-time" values; *) interface - improved reliability on dynamic interface handling; *) ippool - improved used address error message; *) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations; *) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule; *) ipsec - added warning messages for incorrect peer configuration; *) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use; *) ipsec - fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM; *) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator; *) ipsec - fixed "static-dns" value storing; *) ipsec - improved invalid policy handling when a valid policy is uninstalled; *) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used; *) ipsec - improved stability when using IPsec with disabled route cache; *) ipsec - install all DNS server addresses provided by "mode-config" server; *) ipsec - separate phase1 proposal configuration from peer menu; *) ipsec - separate phase1 proposal configuration from peer menu; *) ipsec - use monotonic timer for SA lifetime check; *) kidcontrol - allow to edit discovered devices; *) l2tp - allow setting "max-mtu" and "max-mru" bigger than 1500; *) led - improved w60g alignment trigger; *) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces; *) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+; *) log - show interface name on OSPF "different MTU" info log messages; *) lte - added additional D-Link PIDs; *) lte - added additional ID support for SIM7600 modem; *) lte - added additional low endpoint SIM7600 PIDs; *) lte - added eNB ID to info command; *) lte - added extended LTE signal info for SIM7600 modules; *) lte - added extended signal information for Quectel LTE EC25 and EP06 modem; *) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US; *) lte - added "registration-status" parameter under "/interface lte info" command; *) lte - added roaming status reading for info command; *) lte - added "sector-id" to info command; *) lte - added support for alternative SIM7600 PID; *) lte - added support for Novatel USB730LN modem with new ID; *) lte - added support for Quanta 1k6e modem; *) lte - allow to execute concurrent internal AT commands; *) lte - allow to use multiple PLS modems at the same time; *) lte - do not allow to remove default APN profile; *) lte - do not allow to send "at-chat" commands for configless modems; *) lte - expose GPS channel for PLS modems; *) lte - fixed LTE registration in 2G/3G mode; *) lte - fixed SIM7600 registration info; *) lte - fixed SIM7600 series module support with newer device IDs; *) lte - ignore empty MAC addresses during Passthrough discovery phase; *) lte - improved modem event processing; *) lte - improved r11e-LTE and r11e-LTE-US dialling process; *) lte - improved r11e-LTE configuration exchange process; *) lte - improved reading of SMS message after entering running state; *) lte - improved readings of info command results for the SXT LTE; *) lte - improved stability of USB LTE interface detection process; *) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem; *) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc"; *) lte - show UICC in correct format for SXT LTE devices; *) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used; *) lte - use alphanumeric operator format in info command; *) mac-telnet - improved reliability when connecting from RouterOS versions prior 6.43; *) multicast - allow to add more than one RP per IP address for PIM; *) ntp - allow to specify link-local address for NTP server; *) ospf - improved link-local LSA flooding; *) ospf - improved stability when originating LSAs with OSPFv3; *) package - renamed "current-version" to "installed-version" under "/system package install"; *) ppp - added support for additional ID for E3531 modem; *) ppp - added support for Alfa Network U4G modem; *) ppp - added support for Telit LM940 modem; *) ppp - improved modem mode switching; *) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected; *) quickset - recognize 160 MHz channel as HomeAP mode; *) rb1100ahx4 - added DES and 3DES hardware acceleration support; *) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process; *) romon - properly classify RoMON sessions in log and active users list; *) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage; *) routerboard - fixed "protected-routerboot" feature (introduced in v6.42); *) routerboard - fixed wrongly reported RAM size on ARM devices; *) routerboot - removed RAM test from TILE devices (routerboot upgrade required); *) sfp - fixed default advertised link speeds; *) smb - fixed valid request handling when additional options are used; *) sms - converted "keep-max-sms" feature to "auto-erase"; *) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration; *) sms - improved reliability on SMS reader; *) snmp - added CAPsMAN "remote-cap" table; *) snmp - added EAP identity to CAPsMAN registration table; *) snmp - added "phy-rate" reading for "station-bridge" mode; *) snmp - added "temp-exception" trap; *) snmp - fixed interface speed reporting for predefined rates; *) snmp - fixed "remote-cap" peer MAC address format; *) ssh - disconnect all active connections when device gets rebooted or turned off; *) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1); *) supout - added "files" section to supout file; *) supout - added info log message when supout file is created; *) supout - added monitored bridge VLAN table to supout file; *) supout - added "w60g" section to supout file; *) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip; *) switch - added support for port isolation by switch chip; *) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips; *) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only); *) tile - added DES and 3DES hardware acceleration support; *) tile - fixed false HW offloading flag for MPLS; *) tr069-client - allow editing of "provisioning-code" attribute; *) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter; *) tr069-client - use SNI extension for HTTPS; *) upgrade - fixed RouterOS upgrade process from RouterOS v5 on PowerPC; *) ups - improved UPS serial parsing stability; *) usb - fixed modem initialisation on LtAP mini; *) usb - fixed power-reset for hAP ac^2 devices; *) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades); *) userman - fixed "shared-secret" parameter requiring "sensitive" policy; *) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled; *) w60g - added ability to specify MCS range (CLI only); *) w60g - added "beamforming-event" stats counter; *) w60g - fixed random disconnects; *) w60g - general stability and performance improvements; *) watchdog - added "ping-timeout" setting; *) webfig - do not automatically re-log in after logging out; *) webfig - fixed occasional authentication failure when logging in; *) webfig - fixed www service becoming unresponsive; *) webfig - properly display time interval within Kid Control menu; *) webfig - properly handle double clicking when logging in or out; *) webfig - properly show NTP clients "last-adjustment" value; *) winbox - added bridge Fast Forward statistics counters; *) winbox - added "poe-fault" LED trigger; *) winbox - added "tag-stacking" option to "Bridge/Ports"; *) winbox - allow to specify LTE interface when sending SMS; *) winbox - fixed arrow key handling within table filter fields; *) winbox - fixed "bad-blocks" value presence under "System/Resources"; *) winbox - fixed bridge port MAC learning parameter values; *) winbox - fixed "IP/IPsec/Peers" section sorting; *) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources"; *) winbox - properly close session when uploading multiple files to the device at the same time; *) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options; *) winbox - renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab; *) winbox - show HT MCS tab when "5ghz-n/ac" band is used; *) winbox - show "Switch" menu on hAP ac^2 devices; *) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature; *) wireless - accept only valid path for sniffer output file parameter; *) wireless - accept only valid path for sniffer output file parameter; *) wireless - added "czech republic 5.8" regulatory domain information; *) wireless - added "etsi2" regulatory domain information; *) wireless - added option for RADIUS "called-station-id" format selection; *) wireless - added option to disable PMKID for WPA2; *) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00"; *) wireless - fixed "/interface wireless sniffer packet print follow" output; *) wireless - fixed wireless interface lockup after period of inactivity; *) wireless - improved Nv2 reliability on ARM devices; *) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices; *) wireless - require "sniff" policy for wireless sniffer; *) wireless - updated "czech republic" regulatory domain information; *) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information; *) x86 - improved Ethernet driver for Davicom DM9x0x;