What's new in 6.35.1 (2016-Apr-25 09:29): *) bonding - do not corrupt bonding statistics on configuration changes; *) bonding - fixed crash when vlan parent mtu is higher than bonding mtu; *) ethernet - do not allow mtu to be higher than l2mtu and l2mtu to be higher than max-l2mtu (reduce automatically on upgrade if it was wrong before); *) log - fixed reboot log messages; *) lte - do not allow to set multiple modes when it is not supported; *) lte - fixed address acquisition on Huaweii LTE interfaces; *) winbox - show voltage in Health only if there actually is voltage monitor; *) wireless - fixed issue when CAPsMAN could lock CAPs interface; What's new in 6.35 (2016-Apr-14 12:55): *) arp - apply Linux Kernel patch to stop RouterOS from randomly exhibiting misplaced ARPs; *) mipsbe - (excluding RB4xx and CRS series) fixed rare ethernet tx buffer corruption; *) nand - implemented once a week nand refresh to improve stored data integrity (will increase sector writes); *) pppoe-client - implemented fastpath support; *) l2tp - implemented l2tp and lns fastpath/fasttrack support; *) queue - added bucket-size setting to queues (derived from max-limit); *) tile - fixed rare situation when some cores decide not to take part in packet processing till next reboot; *) tunnels - fixed performance slowdown on any other tunnel disable/enable; *) winbox - increased minimal required winbox version to 3.4; *) wireless - added new package "wireless-rep"; *) wireless - improved 1-chain 802.11ac station compatibility with other vendor multi-chain APs; *) address-list - fixed crash in low memory situations; *) bonding - fixed crash when creating vlans on bonding interface; *) capsman - added 802.11g/n band; *) capsman - fixed capsman extension channel names; *) certificate - revoked certificates not showing as (R)evoked; *) certificate - allow manual crl url addition; *) chr - added support for VLAN on Hyper-V; *) chr - fixed Hyper-V booting from SCSI; *) chr - fixed Hyper-V on windows 8/10 reboot loop; *) chr - fixed bridge firewall; *) chr - fixed kernel crash when virtual ethernet was not connected to anything in Hyper-V; *) chr - implemented automatic storage increase on disk image size increase; *) chr - implemented kernel crash saving to autosupout.rif (will utilize additional 24Mb of RAM); *) chr - make shutdown request from hyper-v work (might fix other hypervisor as well); *) chr - no more installation on first boot; *) chr - try to renew expired license once a hour instead of 100h; *) cloud - don't write minor status changes to storage; *) console - fixed print follow in "/ip dns cache" menu; *) console - show RouterOS Version in /interface wireless scan; *) console - sort completions/hints in natural order; *) console - update copyright notice; *) defconf - fixed default configuration for SXT LTE; *) dhcpv6-client - fixed wrong error message; *) dhcpv6-client - fix ia expiration and lifetime validation; *) dhcpv6-server - acquire binding on renew if it does not exist; *) dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=8&t=104395); *) dude - fixed dude login logging, no more shows as winbox login; *) email - fixed send cmd server addr override; *) ethernet - add option to see S-GPON-ONU module, GPON side SN in "/int eth mon sfp#"; *) ethernet - do not allow to set self as master port; *) export - bonding did not show up in global export; *) export - exclude default values from export in "/interface l2tp-server server" menu; *) export - fixed export when ipv6 address was taken from pool; *) export - fixed rare situations when not whole config was exported; *) export - updated defaults for compact export; *) fastpath - fixed crash when packet arrives on disabled interface; *) fastpath - fixed show rx-bits-per-second on all VLAN interfaces; *) fastpath - improved vlan fastpath; *) fasttrack - fixed timer updating in connections table for fasttrack connections; *) fetch - decrease connection idle timeout; *) firewall - added experimental "action=route" in mangle prerouting - that forces packets to specific gateway by ignoring routing decisions (CLI only); *) health - always report fan speed (even if it is 0); *) health - swap fan2 and fan3 on CCR1072; *) hotspot - clean-up all dead entries at once; *) hotspot - fixed possible deadlock; *) hotspot - improved html page resistance against attacks; *) hotspot - make video tag work properly on hotspot login.html page *) ip - rename max-arp-entries to less confusing max-neighbor-entries; *) ippool6 - fixed potential crash; *) ipsec - always re-key ph1 because it was possible that ph1 without DPD would expire; *) ipsec - better flush on proposal change; *) ipsec - fixed crash on policy update; *) ipsec - fixed fast ph2 SA addition; *) ipsec - fixed larval SA refresh for display; *) ipsec - fixed multiple consecutive dynamic policy flush; *) l2tp & pppoe - fixed user traffic accounting when fastpath was used; *) l2tp - introduced per tunnel allow-fast-path option; *) l2tp - added support for Hidden AVP, it is needed for proxy authentication; *) l2tp - added support for max-sessions; *) l2tp - added support for proxy authentication when receiving forwarded PPPoE sessions; *) l2tp - fixed small memory leak on reconnects; *) lcd - fixed branding packet logo drawing on startup; *) led - fixed crash on assigned interface removal; *) led - turn on fault led on CCR1072 if CPU too hot; *) leds - fixed AP-CAP led blinking after successful association to CAPsMAN; *) lte - added ipv6 support for SXT LTE; *) lte - changed AT command processing; *) lte - changed AT parsing because supported Huawei modems use unsolicited events instead of polling; *) lte - fixed bandlux modem dialing; *) lte - fixed crash on early initialization; *) lte - improve situation when SXT modem never finds operator; *) lte - replaced signal-strength with rssi in info command; *) lte - support Alt38XX modem; *) lte - support for zte mf820s2; *) lte - supported modems now use unsolicited events for network monitoring; *) lte - use timer for modem info; *) map lite - added hardware WPS button support; *) mpls - do not reset VPLS on TE tunnel re-optimize; *) ntp - fixed ntp client hangs in reached state; *) ospf - fixed crash when getting neighbor router-id in NBMA area; *) ppp - fixed ppp interface reconnect when uPnP was used; *) ppp - close connection if peer wants to re-authenticate; *) ppp - fixed memory leak high number of pppoe clients to the same server; *) ppp - fixed ppp crash if lcp packets were lost and authentication got delayed; *) ppp - fixed some clients can not connect due to LCP restart; *) pppoe - added rfc4679 support; *) pppoe - fixed crash when removing pppoe service; *) pppoe-server - added pado-delay option; *) profiler - classify certificate signing; *) proxy - fixed ftp request url decode; *) queue - improve "/queue interface" menu; *) quickset - fixed invalid date adjusted the signal threshold for the signal chart and refresh rate; *) quickset - fixed situations when hidden password was passed as ******* from winbox nd webfig; *) radius - warn radius client if incorrect secret is being used; *) rb3011 - fixed sfp compatibility with CCR when using direct attached cables; *) rb3011 - fixed time keeping; *) rb3011 - make ether6-ether10 work if SFP module is present on bootup; *) romon-ssh - fixed active addresses for romon user; *) route - do not show duplicate gateway on connected route; *) route - fixed filter by routing table; *) routing - fixed rare kernel failure on different dynamic routing configurations; *) routing - fixed routing-marks were not erased from memory when they are not being used; *) services - do not show ssh entry under ip services if security package is disabled; *) snmp - don't group oids for bulk get with maxreps > 1 ; *) snmp - fixed cpu load reporting to 1min average and change oid to 1.3.6.1.4.1.2021.11.10.0; *) snmp - fixed dhcpv4 lease hwaddr format according to mib; *) snmp - fixed getbulk result ordering with multiple request OIDs; *) ssh - simplify login process; *) ssl - optimized certificate update; *) system - log time changes; *) tile - corrected max-l2mtu; *) tile - fixed fastpath related memory leak; *) tile - fixed performance regression on switch chip (introduced in 6.33rc18); *) tile-crypto - fixed minor memory leak; *) tool fetch - fixed https cleanup on user stop while handshaking; *) trafficgen - fixed console arguments; *) trafficgen - fixed crash when unexpected stream reappears; *) trafflow - fixed potential deadlock; *) ups - fixed entering hibernate mode when below battery capacity limit; *) users - added separate RoMoN policy; *) webfig - fixed firewall rule sorting did not work in other chains except all; *) webfig - show single item groups as optional values; *) webfig - sort numeric columns numerically even if they contain some text; *) winbox - added "pw-type" to "/interface vpls bgp-vpls" menu; *) winbox - added "use-control-word" and "pw-mtu" to "/interface vpls cisco-bgp-vpls" menu; *) winbox - added /interface wireless setup-repeater; *) winbox - added all the rates settings to the capsman; *) winbox - added flip-screen option to lcd settings; *) winbox - added init-delay option to routerboard settings; *) winbox - added ipv6 firewall missing log option; *) winbox - added missing eap-ttls-mschamv2 method to wireless security profile; *) winbox - added mtu=auto support to eoipv6 tunnel; *) winbox - added sfp-mac for GPON interfaces; *) winbox - added support for new settings from wireless-rep package; *) winbox - added support for route action in mangle rules; *) winbox - allow to set additional-network-modes; *) winbox - allow to set multiple dh-groups; *) winbox - disable autostart for wireless scan,snooper,align etc. on open; *) winbox - do not show "enable-jumper-reset" setting on devices without serial port; *) winbox - do not show real-tx-power column in current-tx-power by default; *) winbox - fixed unset options in /routing ospf interface menu; *) winbox - hotspot default-trial user shows profile as "unknown" in Winbox; *) winbox - improved winbox connection loss detection, fixes winbox safe mode; *) winbox - limit ospf key to 16 symbols; *) winbox - make additional-network-mode optional for lte interface; *) winbox - make build with latest lte changes; *) winbox - make mrru disabled and set mtu+mru to auto by default on new servers; *) winbox - show "usb-power-reset" option on all boards that have it; *) wireless - fixed crash on nstreme-dual interface stats update; *) wireless-rep - added 802.11g/n only band; *) wireless-rep - added STEP feature for the scan-list; *) wireless-rep - added WPS client support; *) wireless-rep - added support for saving wireless scan results to file; *) wireless-rep - added support for wireless background scan for 802.11 protocol; *) wireless-rep - added support for wireless repeater mode for 802.11 protocol; *) wireless-rep - added support for wireless scan rounds setting; *) wireless-rep - adjust roaming scan times; *) wireless-rep - allow to connect to AP after scan; *) wireless-rep - do not allow empty ssid for AP modes; *) wireless-rep - fixed crash on non-HT clients; *) wireless-rep - fixed latency issues with Intel wireless clients; *) wireless-rep - fixed nv2 protocol; *) wireless-rep - fixed qos frame-priority when nv2 protocol used in station-wds mode; *) wireless-rep - fixed signal leds; *) wireless-rep - fixed speed issue when connected with Intel 802.11ac; *) wireless-rep - initial support for station roaming for station mode in 802.11 protocol; *) wireless-rep - request interface name for setup-repeater; *) wireless-rep - use full identity where possible; *) wireless-rep,capsman - added more configuration settings; *) wireless-rep,capsman - added rate config support. What's new in 6.34.4 (2016-Mar-24 13:13): *) bonding - fixed crash on bonding slave release; *) bonding - fixed mac-address disappearance after reboot in specific setups; *) chr - fixed reboots with license and queues; *) console - allow unknown scan-list names on wireless configuration to fix import; *) fastpath - fixed rare kernel failure; *) ipsec - take into account ip protocol in kernel policy matcher; *) mac-winbox - try to aggregate packets & resend all pending packets on timeout; *) ppp - do not crash when received multiple CBCP packets; *) ppp - fixed crash when ppp interface gets disconnected and user gets authenticated at the same time (most probable with slow RADIUS server); *) quickset - fixed wan interface selection on devices with SFP interfaces; *) quickset - use 5GHz interface instead of 2GHz interface on SXT Lite5 ac; *) rb3011 - fixed high cpu load breaks ethernet stats; *) rb3011 - fixed link down messages; *) romon - fixed romon discovery after romon ID change; *) timezone - fixed reboot by watchdog when selecting timezones from the end of list; *) userman - fixed www crash; *) winbox - allow to show revoked & authority flags at the same time; *) winbox - correctly recognise if there is need to report fan information under system health; *) winbox - do not use area v2 names instead of ospf v3 area names; *) winbox - make mac-winbox work with RB850. What's new in 6.34.3 (2016-Mar-09 10:03): *) ccr1072 - fix traffic halting when sfp+ 1-4 or 5-8 where all disabled; *) chr - fixed crash when layer7 firewall option used; *) fetch - fixed TTFP download; *) gre - fixed memory leak; *) lcd - fixed security screen did not show ip addresses on ccr; *) netinstall - fixed link negotiation for different sfp modules; *) ppp - fixed ppp crash; *) queue-tree - improved nested queue limit calculation; *) ssh - fixed crash on failed scp read; *) winbox - allow to set multiple dh-groups; *) winbox - do not show fan statuses in passive cooling CCR1009; *) winbox - fixed typo in "echo reply"; *) winbox - fixed unset options in /routing ospf interface menu; What's new in 6.34.2 (2016-Feb-18 06:31): *) dude - updated to the latest Release Candidate revision (v6.35rc11); *) dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=8&t=104395); *) chr - fixed high rate limitation; *) dhcpv6 client - fix pd hint with empty address; *) ipsec - fix console peer aes enc algorithm display; *) l2tp - ipsec peer & policy sometimes was not removed after l2tp interface disable; *) log - try not to loose disk messages and warn if lost any; *) lte - fix allowed bands for RBSXTLTE3-7; *) pptp - fixed kernel crash when receiving fragmented packet with fragmented header; *) proxy - store error.html on flash if it is available; *) ssh - fixed connection stalling; *) ssh - make export verbose work; *) switch - make "sa-learning=yes" by default when adding Ingress VLAN Translation rules; *) tile - fixed possible kernel failure with disabled watchdog timer caused by DDoS attack; *) ups - fix waiting for AC power restore in hibernate mode; *) winbox - added factory-firmware field to system/routerboard; *) winbox - fixed email address saving; *) winbox - fixed multi value field display (i.e. web proxy ports); *) winbox - fixed incomplete ARP entries are not refreshed; *) www - fixed www crash. What's new in 6.34.1 (2016-Feb-02 14:08): *) interface - fixed stats that were 8x smaller; *) traffic-monitor - fixed stats that were 8x smaller; *) smips - properly detect smips boards for winbox & webfig. What's new in 6.34 (2016-Jan-29 10:25): *) mipsle - architecture support dropped (last fully supported version 6.32.x); *) dude - The reports of my death have been greatly exaggerated; *) dude - dude RouterOS package added for tile and x86 (CHR) architecture; *) dude - package included by default to all CHR images; *) dude - initial work on dude integration into RouterOS; *) bgp vpls - fixed initialization after reboot; *) mpls - forwarding of VRF over TE tunnel stopped working after BGP peer reset; *) ipsec - improved TCP performance on CCRs; *) btest - significantly increased TCP bandwidth test performance; *) winbox - fixed possible busy-loop on v2.x with latest 6.34RC versions; *) cerm - allow to sign certificates from imported CAs created with RouterOS; *) ldp - fix MPLS PDU max length; *) net - improve 64bit interface stats support; *) routerboard - print factory-firmware version in routerboard menu; *) snmp - add oid from ucd mib for total cpu load OID 1.3.6.1.4.1.2021.11.52.0; *) winbox - add extra items automatically to multi-line fields if at least one of them is required; *) winbox - implemented full ipv6 dhcp client; *) winbox - update blocked flag if user changed blocked field in dhcp server lease; *) mac-telnet - fixed backspace when typing login username; *) sstp - allow ECDHE when pfs enabled; *) lte - fixed info command for Cinterion EHS5-E modem; *) fast-path - fixed kernel crash on on/off; *) licensing - fixed that some old 7 symbol keys could not be upgraded; *) ssh - fixed possible kernel crash; *) console - fixed crash on creating variable with "?" in it; *) chr - fix SSH key import on AWS; *) crs212 - fix 1Gbps ether1 linking problem; *) timezone - use backward timezone aliases; *) lte - support serial port for DellWireless 5570; *) lte - improved dhcp handling on interfaces that doesn't support it; *) ipsec - allow my-id address specification in main mode; *) dhcpv6 client - fix remove when client reappears on restart; *) default config - fix hAP lite with one wireless; *) firewall - added inversion support for "limit" option; *) firewall - added bit rate matching for "limit" option; *) firewall - improved performance for "limit" option; *) dhcpv6-client - fix ia lifetime check; *) ipsec - prioritize proposals; *) ipsec - support multiple DH groups for phase 1; *) netinstall - fix apply default config; *) tile - make sure that SFP rj45 modules that use forced 1G FD settings work correctly after system reboot; *) wireless - added WPS buttons support on hAP and hAP ac lite; *) upnp - added comment for dynamic dst-nat rules to inform what host/program required it; *) webfig - recognize properly CHR; *) chr - license fix for AWS and similar solutions; *) arm - fix usb modem modules on ARM; *) dhcpv6-client - fixed stopped state; *) netinstall - sort packages by name; *) firewall - do not allow to add new rule before built-in (reverted); *) winbox - include FP in fast-path column names; *) ipsec - fix phase2 hmac-sha-256-128 truncation len from 96 to 128 This will break compatibility with all previous versions and any other currently compatible software using sha256 hmac for phase2; *) ssh, ftp - make read, write user group policy aware; *) tunnel - fix keep-alive (introduced in 6.34rc); *) cerm - show last crl update time; *) quicket - support CAP mode on all existing wireless packages; *) wlan - add united states3 country; *) fast-path - fix locking issue which could lead to reboot loop (introduced in 6.34rc20); *) userman4 - try loading signup files from db path first; *) sstp - allow to limit tls version to v1.2 only; *) chr - make tool profile work on 64bit x86; *) dhcpv6-server - added binding server=all option; *) hotspot - added html-directory-override & recognize default hotspot user; *) hotspot - fixed export of default trial user; *) hotspot - fixed memory leak on https requests; *) winbox - allow to specify amsdu-limit & amsdu-threshold on 11n wifi cards; *) winbox - added multicast-buffering & keepalive-frames settings to wireless interfaces; *) CHR - implemented trial support for different CHR speed tiers; *) dhcpv6-client - fix add route/address; *) usb - enable ch341 serial module; *) lte - make sure that both LTE miniPCI-e cards are recognized; *) winbox - show Common-Name of certificates in certificate list; *) winbox - added units to PCQ queue fields; *) net - do not break connection when interface is added to bridge; *) hotspot - show cookie add/remove events in hotspot,debug log; *) hotspot - allow static entries with the same mac on multiple hotspot servers; *) hotspot - do not remove mac-cookie in case of radius timeout; *) hotspot - added byte limits option for default-trial users; *) ipsec - make sure that dynamic policy always has dynamic flag; *) CAPsMAN - use CAP name in log when remote-cap is deleted (wireless-cm2); *) hotspot - fixed login by mac-cookie when roaming among hotspot servers; *) hotspot - add html-directory-override for read-only directory on usb flash; *) hotspot - add uptime, byte and packet counter variables to logout script; *) net - fix statistics counters jumping up to 4G; *) firewall - SIP helper update for newer Cisco phones; *) usermanager - fixed usermanager web page crash; *) ipsec - fixed active SAs flushing; *) hotspot - added option to login user manually from cli; *) hotspot - fixed trial-uptime parsing from CLI to Winbox/Webfig; *) lte - added support for multiple E3372 on the same device; *) modem - added wpd-600n ppp support; *) console - fixed incorrect disabled firewall rule matching to "invalid flag"; *) dns - fix for situation when dynamic dns servers could disappear; *) sfp - fix 10g ports in 1g mode (introduced in 6.34rc1); *) CCR1072 - added support for S-RJ01 SFP modules; *) trafficgen - fixed issue that traffic-generator could not be started twice without reboot; *) dhcpv6-server - replace delay option with preference option. -- *) winbox - show properly route-distinguisher for bgp vpn4; *) winbox - show dhcp server name in dhcp leases; *) ppp - make CoA work correctly with address-lists; *) winbox - fixed tab names to correspond to console; *) winbox - show only actual switch-cpu ports in switch setting combobox; *) winbox/webfig - fixed version column ordering in ip neighbors list; *) webfig - fixed switch port "default vlan id" has missing "auto" value; *) webfig - fixed firewall connection-bytes option; *) ipsec - fixed kernel failure after underlying tunnel has been disabled/enabled; *) romon - allow to see device identity if it is longer than 31 character; *) fastpath - show fp counters in /interface monitor aggregate; *) bridge firewall - fix chain check (broken since 6.33.2); *) bridge firewall - fixed crash when jump rule points to disabled custom chain; *) smb - fix crash when changing user which has open session; *) address-list - properly remove unused address-lists from drop-downs; *) fetch - fixed closure after 30 seconds; *) capsman - fix radius accounting stop message; *) log - reopen log file if deleted; *) packing - fix tcp/udp checksums when simple packing is used; *) tile - fix ipsec freeze after SA updates; *) upnp - fixed missing in-interface option for dynamic dst-nat rules; *) tunnel - fix complaining about loop after ~248 days; *) vrrp - make sure that VRRP gets state on bootup; *) ppp - fixed rare kernel crash (introduced in v6.33); *) ppp - do not allow empty name ppp secrets; *) ssh - fix active user accounting. What's new in 6.33.5 (2015-Dec-28 09:13): *) mipsle - architecture support dropped (last fully supported version 6.32.3); *) wireless - regular “wireless” package is now retired and replaced by "wireless-fp" and "wireless-cm2"; *) arp - show incomplete ARP entries; *) btest - fix potential crash after btest release; *) btest - improve UDP tx rate precision; *) crypto - fixed kernel failure in talitos HW encryption; *) dhcpv6-client - fix DNS address assignement; *) dhcpv6-client - set correct parameters when rapid commit is used *) e-mail - do not reset server address after changing configuration; *) fastpath - fixed possible kernel failure on multi core systems; *) fetch - added 30 second connection time-out; *) hotspot - added missing favicon.ico in hotspot html pages; *) kernel - general improvement for core process scheduling; *) led - add WLAN led to RB951Ui *) log - log link up/down events only when link actually has changed its state; *) lte - improve support Sierra Wireless 320U; *) lte - speed up first time connection to LTE network on SXT LTE; *) net - apply slave config only if master config has been changed; *) net - do not show L2MTU in VLAN compact export; *) netwatch - make work with ping time-out more precise; *) ppp - make PPP active print radius & !radius conditions work; *) romon - do not accept multicast id; *) romon - fixed crash on RoMON if fast-path was active; *) smb - show correct interface name in SMB debug logs; *) ssh - fix session clean-up; *) sshd - resolved shared secret mismatch issue; *) tile - fixed kernel failure on HW encryption; *) webfig - didn't show zero values in CRS ingress/egress VLAN translation rules; *) winbox - added + & - to IGMP proxy MFC; *) winbox - added LCD menu for RB3011; *) winbox - allow to specify traffic-monitor threshold in k & M units + specify that those are bits; *) winbox - show fast-path per interface counters. What's new in 6.33.3 (2015-Dec-03 16:08): *) ethernet - fixed 10/100Mbps auto-negotiation fails on RB922UAGS ether1 (introduced in v6.33.2); *) upnp - fixed memory leak; *) ssh - avoid double session clean-up; *) email - make password field sensitive in console. What's new in 6.33.2 (2015-Nov-27 15:00): *) bridge - fixed power-cycle-ping for bridge ports (was affecting all bridge); *) ethernet - fixed link resetting on power-cycle-ping value change; *) ppp - fixed dynamic filter rule adding on some firewall filter configurations; *) pppoe - improved MTU discovery compatibility with other vendors; *) pppoe - made MTU discovery more robust; *) pppoe - fixed compliance to RFC4638 (MTU larger than 1488) again; *) vrrp - fix arp=reply-only; *) vrrp - do not warn about version mismatch if VRID does not match; *) vrrp - allow VRRP to work behind firewall and NAT rules; *) vrrp - fixed on-backup script; *) dhcpv4 server - fix kernel crash when restoring lease with queue for non-existent server; *) dhcpv4-client - support /32 address assignment; *) ssh - fix key exchange when first kex packet follows. What's new in 6.33.1 (2015-Nov-17 09:55): *) licensing - fix unneeded connection attempts to 169.254.x.x must be CHR only (introduced in 6.33); *) pppoe - fixed compliance to RFC4638 for MTU larger than 1488 (introduced in 6.33); *) CRS2xx - fixed occasional switchip resets (broken in 6.33); *) fastpath - fixed wireless interface fastpath (broken in 6.33); *) smb - fixed SMB share crash when connection was cancelled; *) lcd - fixed LCD crash on fast disable/enable; *) lcd - refresh LCD after display command is executed; *) vrrp - fix enabling disabled vrrp interface when vrrp program has exited; *) winbox - do not send any changes on OK button press if nothing has been changed; *) www - put correct path to Winbox v3.0 for new installations with branding package; *) webfig - show correctly SFP Tx/Rx; *) winbox - renamed power-cycle-ping-interval to power-cycle-ping-timeout; *) hotspot - fixed missing image at login; *) netinstall - fix branding pack parsing; *) packages - show version tag when no bundle is installed. What's new in 6.33 (2015-Nov-06 12:49): *) dns - initial fix for situation when dynamic dns servers could disappear; *) winbox - dropped support for winbox v3.0beta and v3.0rc (use winbox v3.0); *) dhcpv6 - various improvement and fixes for dhcp-pd client and ippool6; *) defconf - fixed rare situation where configuration was only partially loaded; *) net - fix possible never ending loop when bad CDP discovery packet is received; *) log - make default disk file name to reside in flash dir if it exists; *) romon - change port list to be not ordered in export; *) capsman - limit number of simultaneous DTLS handshakes; *) capsman - fixed memory leak on CAP joining CAPsMAN when ssld is used; *) winbox - added allow-fast-path to eoip, gre & ipip; *) winbox - do not show power-cycle properties on non poe ports; *) l2tp: implemented PPPoE over L2TP in LNS mode, RFC3817; *) webfig - some of the setting were shifted to the right; *) packages - allow to reinstall from bundle to separate packages & vice versa; *) packages - prefer out of bundle packages when both of them are installed; *) packages - fix a problem of upgrading bundle package to non bundled ones; *) ipsec - force flow cache validation once in 1h; *) winbox - make sure that all setting names get shown in full; *) winbox - added poe power-cycle-ping settings to ethernet interfaces; *) ppp - handle properly case were ppp client is given same address for local & remote end; *) winbox - added vlan-mode & vlan-id to virtual-ap interface; *) winbox - added timeout column to ipv6 address lists; *) winbox - show SFP Tx/Rx Power properly; *) winbox - added min-links to bonding interface; *) winbox - do not show health menu on RB951Ui-2HnD; *) winbox - added support for Login-Timeout & MAC-Auth-Mode in hotspot; *) cerm - added option to disable crl download in '/certificate settings'; *) winbox - make user ssh key import work again; *) webfig - make "Copy to Access List" work in CAPsMAN Registration Table; *) userman - fix report generation problem which could result in some users being skipped from it; *) winbox - fix to allow cpu-port as mirror-target *) proxy - error.html parsing enhancement to improve performance *) CCR1072 - improve ether1 performance under heavy load *) routerboard - indicate RouterBOOT type in /system routerboard print; *) mpls - properly use mpls mtu for routes; *) cerm - fix key description for signed certificates; *) trafflow - report flow addresses in v1 and v5 without NAT awareness; *) hotspot - add mac-auth-mode setting for mac-as-passwd option; *) hotspot - add login-timeout setting to force login for unauth hosts; *) auto-upgrade - fixed auto upgrade for smipsbe; *) dns - do not create duplicate entries for same dynamic dns server addresses; *) ipsec - fix set on multiple policies which could result in adding non existent dynamic policies to the list; *) email - allow server to be specified as fqdn which is resolved on each send; *) fastpath - eoip,gre,ipip tunnels support fastpath (new per tunnel setting "allow-fast-path"); *) ppp, pptp, l2tp, pppoe - fix ppp compression related crashes; *) cerm - also accept downloaded CRLs in PEM format; *) userman - added 'history clear' to allow flushing undo history, which may take up significant amount of memory for huge databases with hundreds of users; *) health - fix voltage for CRS109, CRS112 and CRS210 if powered from external adapter; *) userman - added phone number support to signup form; *) ip pool6 - try to acquire the same prefix if info matches recently freed; *) ipsec - fix transport mode ph2 ID ports when policy selects specific ip protocol on initiator; *) ipsec - use local-address for phase 1 matching and initiation; *) route - fixed crash on removing route that was aggregated; *) ipsec - fix replay window, was accidentally disabled since version 6.30; *) ssh - allow host key import/export; *) ssh - use 2048bit RSA host key when strong-crypto enabled; *) ssh - support RSA keys for user authentication; *) wlan - improved WMM-PowerSave support in wireless-cm2 package; *) pptp & l2tp - fixed problem where android client could not connect if both dns names were not provided (was broken since v6.30); *) auto-upgrade - added ability to select which versions to select when upgrading; *) quickset - fixed HomeAP mode; *) lte - improved modem identification to better support multiple identical modems; *) snmp - fix system scripts table; *) tunnels - eoip,eoipv6,gre,gre6,ipip,ipipv6,6to4 tunnels now support dns name as remote address; *) fastpath - active mac-winbox or mac-telnet session no longer suspends fastpath; *) fastpath - added per interface fastpath counters; *) fastpath - added trafflow support in basic ipv4 and fasttrack ipv4 fastpath; *) ppp - added on-up & on-down scripts to ppp profile; *) winbox - allow to specify dns name in all the tunnels; *) pppoe - added support for MTU > 1492 on PPPoE; *) cerm - fix scep server certificate-reply degenerate PKCS#7 signed-data content; *) ppp-client - added default channels for Alcatel OneTouch L100V; *) defconf - fix for boards that had bridge with only wlan ports; *) ovpn: support OpenWRT ovpn clients (or any other with enable-small option enabled); *) cerm - use certificate file name for imported cert name; *) fetch - fixed error message when error code 200 was received; *) cerm - rebuild crl for local ca if crl file does not exist; *) winbox - make directed broadcasts work for neighbor discovery; *) upnp: automatically adjust mappings to new external ip change; *) ppp - added ppp interface to upnp internals/externals if requested; *) ppp - when adding ipv6 default route use user provided distance; *) userman - allow to correctly enable CoA on router; *) cerm - show crl nextupdate time; *) ppp - added CoA support to PPPoE, PPTP & L2TP (Mikrotik-Recv-Limit, Mikrotik-Xmit-Limit, Mikrotik-Rate-Limit, Ascend-Data-Rate, Ascend-XMit-Rate, Session-Timeout); *) ppp - added new option under "ppp aaa" - "use-circuit-id-in-nas-port-id"; *) userman - refresh active sessions/users view dynamically; *) package - added version tag and show everywhere alongside of version number; *) wlan - improved 802.11 protocol single connection TCP performance for ac chipset with cm2 package. What's new in 6.32.3 (2015-Oct-19 11:13): *) switch - fixed CRS settings set back to defaults after a reboot; *) netinstall - include missing RB1200 drivers; *) firewall - fixed connection-rate matcher; *) ppp, pptp, l2tp, pppoe: fixed router dead locked if compression was enabled on link; *) quickset - create proper firewall rules when PPPoE is used for address acquisition; *) sstp - fixed kernel crash when other party started to fragment ppp packets in the middle; *) ippool6 - optimize same prefix acquisition; *) winbox - Shift+Ins & Shift+Del did not work in multi entry fields; *) winbox - allow to specify ipv6 address in traffic flow target; *) winbox - allow to specify eap-radius-accounting in CAPsMAN; *) winbox - allow to enter dns name in email server; *) ups - fix console oid print; *) tunnel - fix loopback keepalives on gre and ipip; *) pptp,l 2tp, sstp, pppoe: do not send data packets before we have negotiated connection with other side (happens on dial-on-demand interfaces), this brakes when connecting to other party servers; *) pptp, l2tp, sstp - make it work when add-default-route & dial-on-demand both are enabled; *) pptp, l2tp, sstp, pppoe clients - fixed problem where they failed to connect at startup and only reboot helped; *) nv2 - fixed kernel failure with frame size accounting; *) ovpn client - fixed crash when ovpn didn't receive it's ip address; *) lcd - fix slideshow for CCR1072, and possible sign issues for temperatures; *) winbox - make console notice correct screen size; *) ssh - allow to specify pass as argument for private key import; *) winbox - refetch hotspot walled garden hit counter; *) winbox - added client-connections & server-connections to web proxy status; *) cerm - fix scep server certificate-reply degenerate PKCS#7 signed-data content; *) bgp - specific BGP networks were changed to different ones; *) cerm - allow export for all types except templates; *) wlan - update brazil-anatel country; *) winbox - fixed context menu actions to apply to all selected items; What's new in 6.32.2 (2015-Sep-17 15:20): *) cerm - guard template from parallel use *) mipsle - fixed missing second level menu in CLI; *) sstp - avoid routing loops on client when adding default route; *) sstp - fixed problem where sometimes sstp ip addresses were invalid; *) switch - fixed bogus log messages about excessive broadcasts/multicasts on master-port; *) tftp - fix request file name reading from packet *) pptp encryption - better handling for out-of-order packets; *) ethernet - added support for new ASIX USB Ethernet dongles; *) CAPsMAN - fix 100% CPU usage when trying to upgrade RouterOS on CAP; *) upgrade - fixed default configuration export; *) ppp - fixed ppp interface stuck in not running state; *) ipsec - fixed kernel failure when packets were not ordered on first call; *) upnp - randomize action urls to fix "filet-o-firewall" vulnerability; *) RB532/RB564 - fixed no link after ethernet disable/enable; *) romon - fixed default configuration export; *) tile - fixed occasional deadlock on module unload; *) mesh - fix router lock-up when interface is added/removed; *) ipsec - fix sockaddr buf size on id generation for ipv6 address; *) health - show correct voltage for CRS109,CRS112,CRS210 when powered through PSU and show voltage up to 27V when powered through PoE; *) email - resolve server address; *) snmp - show firmware upgrade info; *) upgrade - report status in check-for-updates. What's new in 6.32.1 (2015-Sep-07 13:03): *) RB911/912 - fixed lock-up; *) RB493G - fixed reboot loop; *) firewall - do not lose firewall mangle rules on start-up; *) defconf - fix default configuration for routers without wireless package. What's new in 6.32 (2015-Aug-31 14:47): *) trafflow - added support for IPv6 targets; *) switch - fixed port flapping on switch ports of RB750, RB750UP, RB751U-2HnD and RB951-2N (introduced in 6.31) *) ipsec - added compatibility option skip-peer-id-check; *) flash - fix kernel failure (exposed by 6.31); *) bridge firewall - add ipv6 src/dst addr, ip protocol, src/dst port matching to bridge firewall; *) RB911/RB912 - fix SPI bus lock after fast led blink; *) ipsec - fix potential memory leak; *) bridge firewall - vlan matchers support service tag - 0x88a8; *) ippool6 - try to acquire the same prefix if info matches recently freed; *) crs switch - allow to unset port learn-limit, new default is unset to allow more than 1023 hosts per port; *) x86 - fixed 32bit multi-cpu kernel support; *) chr - add hotspot,btest,traffgen support; *) revised change that caused reboot by watchdog problems introduced in v6.31; *) ipsec - use local-address for phase 1 matching and initiation; *) ipsec - fix transport mode ph2 ID ports when policy selects specific ip protocol on initiator; *) certificates -fixed bug where crl stopped working after a while; *) ip accounting - fixed kernel crash; *) snmp - fix system scripts get; *) hotspot - ignore PoD remote requests if no HotSpot configured; *) hotspot - fix kernel failure when www plugin aborts on broken html source; *) torch - add invert filter for src/dst/src6/dst6 addresses ; *) bonding - add min_links property for 802.3ad mode; *) snmp - get vlan speed from master interface; *) hotspot - fix html-directory path on small flash devices; *) mipsbe - make system shutdown work again; *) lcd - fixed parallel port LCD display support on multi-cpu x86; *) bridge - fixed use-ip-firewall-for-vlan in setups with multiple bridges; *) ipv6 - fixed DHCP-PD client skips some steps when renewing lease; *) upnp - fixed protocol port selection for upnp protocol comunications; *) firewall - fixed limit and dst-limit options. *) winbox - fixed wireless interface l2mtu (VirtualAP and WDS interface creation in winbox) *) winbox - fixed multiple firewall rule moving in Winbox 2 *) simple queues - restrict all changes in dynamic simple queues What's new in 6.31 (2015-Aug-14 15:42): *) check-for-update - added ability to select versions channel to check (bugfix, current, RC or development) *) demo mode of Cloud Hosted Router (CHR) added *) chr - added x86_64 image for use in virtual environments *) chr - added support for VMware SCSI virtual disks *) chr - added support for VMware vmxnet3 network card *) chr - added support for HyperV SCSI disks *) chr - added support for HyperV Ethernet interfaces *) chr - added support for virtio disks *) fixed occasional interface resetting on CRS switches *) fixed ethernet stopping on RB NetMetal / SXTG-5HPacD 10Mbit and 100Mbit links *) ipsec - fixed crash in when gcm encryption was used *) ipsec - allow to set peer address as "::/0" *) ipsec - fixed empty sa-src address on acquire in tun mode *) ipsec - show proposal info in export ipsec section *) ipsec - preserve port wildcard when generating policy without port override *) ipsec - fixed replay window, was accidentally disabled since version 6.30; *) certificate manager - fixed memory leak *) ssh - allow host key import/export *) ssh - use 2048bit RSA host key when strong-crypto enabled *) ssh - support RSA keys for user authentication *) conntrack - fixed problem with manual connection removal *) conntrack - added tcp-max-retrans-timeout and tcp-unacked-timeout *) wireless - implemented l2mtu update if wireless-cm2 is enabled *) wireless - improved WMM-PowerSave support in wireless-cm2 package *) mpls - better multicore support for VPLS ingress/egress *) ovpn - better multicore support for interface initialization/authentication/creation. *) mesh - performance improvement *) pptp & l2tp - fixed problem where android client could not connect if both dns names were not provided (was broken since v6.30) *) user-manager - fixed username was not shown in /tool user-manager user *) user-manager - fixed zoom for user-manager homepage when mobile devices used *) winbox - restrict change dynamic interface fields *) winbox - also hide passphrase in CAPsMAN with "Hide Password" *) winbox - restrict reversed ranges in dst-port under firewall *) quickset - fixed HomeAP mode *) lcd - added LCD package for all architectures (for serial port LCD modules) *) lcd - fixed crash (and 100% cpu usage) when interface gets removed from "stats-all" screen *) tool fetch - fixed incomplete ftp download *) tool fetch - don't trim [t]ftp leading slashes *) proxy - adjust time according to time-zone settings in proxy cache contents. *) bridge fastpath - fixed updating bridge FDB on receive (could cause TX traffic flooding on all bridge ports) *) bonding fastpath - fixed possible crash when bonding master was also a bridge port *) route - fixed crash on removing route that was aggregated *) romon - fixed crash on SACKed tx segments *) lte - improved modem identification to better support multiple identical modems *) snmp - fixed system scripts table *) traffic flow - fixed dynamic input/output interface reporting *) ipv6 dhcp-relay - fixed problem loading configuration known issue: *) Dynamic DNS servers can disappear when "allow-remote-requests" are not enabled What's new in 6.30 (2015-Jul-08 09:07): *) wireless - added WMM power save suport for mobile devices; *) firewall - sip helper improved, large packets no longer dropped; *) fixed encryption 'out of order' problem on SMP systems; *) email - fix sending multiple consecutive emails; *) fixed router lockup on leap seconds with installed ntp package; *) ccr - made hardware watchdog work again (was broken since v6.26); *) console - allow users with 'policy' policy to change script owner; *) icmp - use receive interface address when responding with icmp errors; *) ipsec - fail ph2 negitioation when initiator proposed key length does not match proposal configuration; *) timezone - updated timezone information to 2015e release; *) ssh - added option '/ip ssh stong-crypto' *) wireless - improve ac radio coexistence with other wireless clients, optimized transmit times to not interfere with other devices; *) console - values of $".id", $".nextid" and $".dead" are avaliable for use in 'print where' expressions; *) console - ':execute' command now accepts script source in "{}" braces, like '/system scripts add source=' does; *) console - ':execute' command now returns internal number of running job, that can be used to check and stop execution. For example: :local j [:execute {/interface print follow where [:log info "$name"]}] :delay 10s :do { /system script job remove $j } on-error={} *) console - firewall 'print' commands now show all entries including dynamic, 'all' argument now has no effect; *) ipsec - increase replay window to 128; *) fixed file transfer on devices with large RAM memory; *) pptp - fixed "encryption got out of sync" problem; *) ppp - disable vj tcp header compression; *) api - reduce api tcp connection keepalive delay to 30 seconds, will timeout idle connections in about 5 minutes; *) pptp & l2tp & sstp client: support the case were server issues its tunnel ip address the same as its public one; *) removed wireless package from routeros bundle package, new wireless-fp is left in place and wireless-cm2 added as option; *) pptp & l2tp client: when adding default route, add special exception route for a tunnel itself (no need to add it manually anymore); *) improved connection list: added connection packet/byte counters, added separate counters for fasttrack, added current rate display, added flag wheather connection is fasttracked/srcnated/dstnated, removed 2048 connection entry limit; *) tunnels - eoip, eoipv6, gre,gre6, ipip, ipipv6, 6to4 tunnels have new property - ipsec-secret - for easy setup of ipsec encryption and authentication; *) firewall - added ipsec-policy matcher to check wheather packet was/will be ipsec processed or not; *) possibility to disable route cache - improves DDOS attack handling performance up to 2x (note that ipv4 fastpath depends on route cache); *) fasttrack - added dummy firewall rule in filter and mangle tables to show packets/bytes that get processed in fasttrack and bypass firewall; *) fastpath - vlan interfaces support fastpath; *) fastpath - partial support for bonding interfaces (rx only); *) fastpath - vrrp interfaces support fastpath; *) fixed memory leak on CCR devices (introduced in 6.28); *) lte - improved modem identification to better support multiple identical modems; *) snmp - fix system scripts table; What's new in 6.29.1 (2015-Jun-01 13:30): *) fixed vpls bridging (introduced in v6.29); *) fixed problem where some CRS could not be reached (introduced in v6.29); What's new in 6.29 (2015-May-27 11:19): *) ssh server - use custom generated DH primes when possible; *) ipsec - allow to specify custom IP address for my_id parameter; *) ovpn server - use subnet topology in ip mode if netmask is provided (makes android & ios clients work); *) console - allow '-' characters in unknown command argument names; *) snmp - fix rare bug when some OIDs where skipped; *) ssh - added aes-ctr cipher support; *) mesh - fixed kernel crash; *) ipv4 fasttrack fastpath - accelerates connection tracking and nat for marked connections (more than 5x performance improvement compared to regular slow path conntrack/nat) - currently limited to TCP/UDP only; *) added ~fasttrack-connection~ firewall action in filter/mangle tables for marking connections as fasttrack; *) added fastpath support for bridge interfaces - packets received and transmitted on bridge interface can go fastpath (previously only bridge forwarded packets could go fastpath); *) packets now can go half-fastpath - if input interface supports fastpath and packet gets forwarded in fastpath but output interface does not support fastpath or has interface queue other than only-hw-queue packet gets converted to slow path only at the dst interface transmit time; *) trafflow: add natted addrs/ports to ipv4 flow info; *) tilegx: enable autoneg for sfp ports in netinstall; *) health - fix voltage on some RB4xx; *) romon - fix 100% CPU usage; *) romon - moved under tools menu in console; *) email - store hostname for consistency; *) vrrp - do not reset interface when no interesting config changes; *) fixed async. ppp server; *) sstp - fixed router lockup. *) queue tree: some queues would stop working after some configuration changes; *) fixed CRS226 10G ports could lose link (introduced in 6.28); *) fixed FREAK vulnerability in SSL & TLS; *) firewall - fixed sector writes rising starting since 6.28; *) improved support for new hEX lite; What's new in 6.28 (2015-Apr-15 15:18): *) email - increase server greeting timeout to 60s; *) lte - ZTE MF823 may loose configuration; *) userman - update paypal root certificate; *) timezone - updated timezone information to 2015b release; *) cm2 - fixed capsman v2 100% CPU and other stability improvements; *) route - using ldp could cause connected routes with invalid interface nexthop; *) added support for SiS 190/191 PCI Ethernet adapter; *) made metarouter work on boards with 802.11ac support or usb LTE; *) sstp server - allow ADH only when no certificate set; *) make fat32 disk formatting support disks bigger than 134GiB; *) fixed tunnels - could crash when clamp-tcp-mss was enabled; *) added basic counters for ipv4/bridge fast path, also show status wether fast path is active at all; *) trafflow: - fixed crash on disable; *) pppoe over eoip - fixed crash with large packets; *) tilegx - fixed memory leak when queue settings are changed; *) ar9888 - fixed crash when hw reports invalid rate; *) console - fixed "in" operator in console; *) console - make "/system package update print" work again. *) tile - rare situation when CCR devices failed to auto-negotiate ethernet link (introduced in v6.25); *) dhcpv4 client - it is now possible to unset default clientid and hostname options *) initial RoMon (Router Management Overlay Network) support added. What's new in 6.27 (2015-Feb-11 13:24): *) console - added 'comment' parameter for '/system script' *) api - return sentences can have property ".section" that groups values from commands such as "monitor", "traceroute", "print" (with non-zero 'interval' value); *) cloud - add time zone detection feature "/system clock time-zone-autodetect"; *) cloud - rename "/ip cloud enabled" to "/ip cloud ddns-enabled"; *) cloud - make "/ip cloud update-time" independent from "/ip cloud ddns-enabled" *) cloud - when setting "/ip cloud ddns-enabled" to "no" router will send message to server to disable DNS name for this routerboard; *) cloud - "/ip cloud force-update" command now will work also when "/ip cloud ddns-enabled = no". usefull if user wants to disable DDNS; *) RB4xxGL - improved ethernet throughput (less dropped packets); *) RouterBOARD - fixed health reporting; *) check-installation: fixed wrong kernel crc on powerpc boards *) watchdog: fix software watchdog for x86 *) ssh - check conn state before sending disconnect message; *) ipsec - fixed crash that happened in specific situation; What's new in 6.26 (2015-Feb-03 15:18): *) ssh - fixed ssh related crashes; *) ovpn - allow to add VLANs to ovpn server bindings; *) sstp - added pfs option which enables DHE; *) pppoe client - increased timeout when searching for servers; *) sstp - fixed problem were Windows 8 clients couldn't connect; *) console - fixed some missing export entries; *) smb - improved stability, fixed some crashes and problems causing disconnects; *) api - fixed /system check-installation; *) cerm - fix scep client ca caps parsing; *) RouterBOARD - included new RouterBOOT 3.22 to enable protected-routerboot setting (see wiki); *) webfig - fixed various design skin issues; *) NTP client - accepts ipv6 as a server address; *) CCR improvements in link detection for SFP/SFP+ and auto-negotiation for SFP interfaces; *) known issue - /system check-installation incorrectly reports error on PPC; What's new in 6.25 (2015-Jan-19 10:11): *) certificates - fix SCEP RA operation and SCEP client when operating with RA; *) ppp - report authentication failure cause like in v6.6; *) ovpn server - added support for address lists; *) improved boot times; *) api - fixed missing return values of some commands; *) ntp - fixed vulnerabilities; *) mpls/vpls have improved per core balancing on CCRs; *) fixed queue tree no-mark matching (was broken since 6.24); *) fixed nested simple queues (was broken since 6.24); *) fixed occasional crash when ipv6 was used; *) fixed route cache overflow (ipv4/ipv6 stops working) if ipsec is used; *) fixed Omnitik upgrade from v5 where wireless config was not correctly saved *) fixed Webfig Design Skin where some skin changes were not saved *) WPS support added to CM2 wireless package What's new in 6.24 (2014-Dec-23 13:38): *) ntp - fixed vulnerabilities; *) web proxy - fix problem when dscp was not set when ipv6 was enabled; *) fixed problem where some of ethernet cards do not work on x86; *) improved CCR ethernet driver (less dropped packets); *) improved queue tree parent=global performance (especially on SMP systems and CCRs); *) eoip/eoipv6/gre/gre6/ipip/ipipv6/6to4 tunnels have improved per core balancing on CCRs; *) fixed tx for 6to4 tunnels with unspecified dst address; *) fixed vrrp - could sometimes not work properly because of advertising bad set of ip addresses; What's new in 6.23.1 (2014-Dec-08 11:43): *) fixed problem where some of ethernet cards do not work on x86; What's new in 6.23 (2014-Dec-04 14:46): *) pptp - fixed problem where tunnel stopped transmitting packets under heavy load; *) web proxy - caching in RAM for boards with 32MB or less RAM will not cache any content; *) leds - removed 'led' command and added support for 'on', 'off' types under 'system leds'; *) files - allow to move files between different disks in winbox; *) dhcpv4 server - fix adding address lists from radius; *) dhcpv4 server - make radius classless static route tag as dhcp vendor specific; *) smb - fixed HDD used/free space reporting *) made powerpc metarouters work again (were broken in v6.22); *) disks - fixed fat32 formatting where some bogus files with strange names were created (to delete existing files reformatting is needed); *) disks - fixed problem where some of USB disks were not recognized; *) fetch - allow checking certificate trust without crl checking; *) userman - fix more web session problems when user uses customer and administrator interfaces at the same time; *) snmp - fix external storage info reporting; *) snmp - fix bulk walk problem introduced in v6.20; *) fix tunnels - keep keepalive disabled for existing tunnels when upgrading; *) fix tunnels - mtu for eoip tunnels was not allowed to be set less than 1280 since 6.20; *) using routing-marks could lead to tunnel loop detection to turn off tunnels; If you already run some RouterOS v6.x version, simply click “Check for updates” in QuickSet, Webfig or Winbox packages menu. What's new in 6.22 (2014-Nov-11 14:46): *) ovpn - added support for null crypto; *) files - allow to remove empty disk folders; *) sntp - fix problems with dns name resolving failures that were triggering system watchdog timeout; *) eoip/eoipv6/gre/gre6/ipip/ipipv6/6to4 tunnels have new features: tunnels go down when no route to destination; tunnels go down for 1 minute when transmit loop detected, warning gets logged; new keepalive-retries setting; keepalives enabled by default for new tunnels (10sec interval, 10 retries); *) improved connection-state matcher in firewall - can match multiple states in one rule, supports negation; *) added connection-nat-state matcher - can match connections that are srcnatted,dstnatted or both; *) 100% CPU load caused by DNS service fixed; *) 100% CPU load caused by unclassified services fixed; *) 6to4 tunnel fixed; *) new RouterBOOT firmware for Metal 2SHPn to improve wireless stability; What's new in 6.21.1 (2014-Nov-03 15:20): *) fixed ugprading from v5; What's new in 6.21 (2014-Oct-30 12:34): *) userman - fix ~Your session has been reset due to inactivity~ error; *) timezone - updated timezone information to 2014i release; *) wireless - fixed scanning tool crash for 802.11ac interfaces *) wireless - fixed Nv2 kernel panic on 802.11ac interfaces *) quickset - added vpn configuration to Wifi AP %26 Ethernet modes as well; *) lte - changed device identification for devices which regenerate MAC address, most likely this will loose device's configuration; *) sstp - fixed disconnects on high traffic load; *) ovpn client - fixed problem where ip address was not added to bridge interface in ethernet mode; *) webfig - show properly Switch Port configuration; *) disks - fixed support for MMC/SD cards; *) winbox - added filtering by dscp to torch; *) certificate - fix CRL handling in trust chain; *) fixed 6to4 tunnels having inactive routes; *) ipsec - fix downgrade problem to v5; *) ipsec - disallow template-policy-group=none in peer config and set it to 'default'; *) metarouter - some metaroutes didn't have their licenses; *) torch - possibility to filter by dscp; *) fixed - master port on AR8327 switches that is put into bridge could sometimes not work properly; *) fixed queues - could have huge latencies and smaller throughput than specified; *) interfaces report last link up/down time and link down count; What's new in 6.20 (2014-Oct-01 10:06): *) cert scep - use fingerprints for transaction ids; *) ipsec - support fqdn as my id; *) fetch - allow fetching files larger than 4G; *) fetch - fixed problem where files fetched over https were trimmed in size; *) fixed problem - it was not possible to see %26 uninstall dude package; *) stores are replaced with folders and disks are now managed under /disk menu; *) added support for SMSC750x USB Gigabit Ethernet on x86; *) ups - support selftest for smart and hid UPS; *) pppoe client - increase connection timeout to make connection establishment possible on busy pppoe server; *) dhcp server - change default lease time from 3 days to 10 minutes to avoid running out of IPs; *) ipsec - allow binding modeconf address to username; *) eoip/eoipv6/gre/gre6/ipip/ipipv6/6to4 tunnels have new features: auto mtu (enabled by default for new tunnels); dscp (inherit/specific value, inherit by default for new tunnels); clamp-tcp-mss (yes by default for new tunnels); *) eoip/gre/ipip/6to4 tunnels have dont-fragment option (inherit/no, no by default for new tunnels); *) bridge has auto mtu feature (enabled by default for new bridges); *) pppoe-server has auto mtu feature (enabled by default for new pppoe servers); What's new in 6.19 (2014-Aug-26 14:05): *) wireless - improvements for nv2 and 802.11ac *) sstp - make sstp work on i386 as well; *) ippool - improve performance when acquiring address without preference; *) partitions - copying partitions did not work on some boards; *) bridge - added "Auto Isolate" stp enhancement (802.1q-2011, 13.25.6) *) ipsec - when peer config is changed kill only relevant SAs; *) vpls - do not abort BGP connection when receiving invalid 12 byte nexthop encoding; *) dns-update - fix zone update; *) dhcpv4 server - support multiple radius address lists; *) console - added unary operator 'any' that evaluates to true if argument is not null or nothing value; *) CCR - improved performance; *) firewall - packet defragmenting will only happen with connection tracking enabled; *) firewall - optimized option matching order with-in a rule; *) firewall - rules that require CONNTRACK to work will now have Invalid flag when CONNTRACK is disabled; *) firewall - rules that require use-ip-firewall to work will now have invalid flag when use-ip-firewall is disabled; *) firewall - rules that have interface with "Slave" flag specified as in-/out-interface will now have Invalid flag; *) firewall - rules that have interface without "Slave" flag specified as in-/out-bridge-port will now have Invalid flag; *) firewall - rules with Invalid flags will now be auto-commented to explain why; *) l2tp - force l2tp to not use MPPE encryption if IPsec is used; *) sstp - force sstp to not use MPPE encryption (it already has TLS one); *) sstp - make it work for x86 systems *) winbox - added dual PSU stats in health menu *) ipv6 - Gre6 can now correctly fragment large packets *) simple queue performance optimisation/improvement for multi-core RouterOS devices (especially CCR) What's new in 6.18 (2014-Aug-01 10:47): *) sstp - report TLS encryption as well; *) safe mode - do not allow user with less permissions to disrupt active safe mode; *) console - print command does not try to reuse item numbers assigned by previous invocations of 'print' when doing 'print where' or 'print follow', items are numbered consecutively starting from '0'. *) console - fix compact export of some partially modified configuration values; *) api - use the same syntax for property values as is used in 'print detail' output, with the exception of numbers, that are not shown with suffixes (K/M/G/T or bitrate) and are not contracted or separated into digit groups, and "yes"/"no" values that continue to be reported as "true"/"false". *) console - show internal numbers in the form returned by 'find' (like *9A0F) instead of "(unknown)" when configuration refers to deleted items. This change also applies to API. *) ipsec - fix addition of default policy template; *) console - values of type 'nil' were returning 'nil' as result of most operations. Now it compares less than all values except 'nil' and 'nothing', and compares inequal to all values except 'nil'. This was changed to make 'print where' and 'find where' more useful. An example. Previously the following command /ip route print where routing-mark!=nosuch Would not print routes that had no value for 'routing-mark' set, because (nil != "nosuch") was equal to nil. Now it evaluates to 'true', and this command will also print all routes that have no 'routing-mark' value set. *) l2tp - fixed problem on CCR where server responded with wrong source address; *) console export - put qutes around item names that start with a digit; *) sntp client - added support for dns lookup of ntp servers; *) console - when exporting to file, use name ending in '.in_progress', and rename when export finishes; *) bridge setups sometimes could crash on CCR devices; *) fixed port flapping in 1G mode on sfp-sfpplus1 on CRS226; *) fixed SXT ac model losing it's interface if changing regulatory settings in "routerboard" menu What's new in 6.17 (2014-Jul-18 15:14): *) CCR1009 - fixed crash, only affects CCR1009; What's new in 6.16 (2014-Jul-17 13:12): *) 802.11ac support added in wireless-fp package for QCA9880/9882 rev2 (-BR4A) chips; *) ip cloud now allows to set which IP to use - detected (public) or local (private); *) l2tp, pptp, pppoe - fixed possible packet corruption when encryption was enabled; *) ovpn - fixed ethernet mode; *) certificates - use SHA256 for fingerprinting; *) ipsec - fix AH proposal and problem when sometimes policy was not generated; *) snmp - support AES encryption (rfc3826); *) l2tp server: added option to enable IPsec automatically; *) poe-out: added power-cycle-ping and power-cycle-interval settings; *) gps - increased retry duration to 30 seconds; *) time - on routerboards, current time is saved in configuration on reboot and on clock adjustment, and is used to set initial time after reboot; *) sntp - disabling/enabling client was causing dynamic-servers to be ignored (bug introduced in 6.14); *) CCR - fixed rare file system corruption when none of configuration could be changed or some of it disappeared; *) ipsec - allow multiple encryption algorithms per peer; *) email - support tls only connections; *) smb - fixed usb share issues after reboot *) snmp - fix v3 protocol time window checks; *) updated timezone information; *) quickset - added VPN settings for HomeAP mode; *) latency improvements on CCR devices; What's new in 6.15 (2014-Jun-12 12:25): *) fixed upgrade from v5 - on first boot all the optional packages were disabled; *) fixed problem where sntp server could not be specified in winbox %26 webfig; *) metarouter - make openwrt work on ppc metarouter again; What's new in 6.14 (2014-Jun-06 15:34): *) sntp - 'mode' now is a read-only property, it is set to broadcast if no server ip address is specified; *) smb - fixed some SMB1 errors; *) wireless-fp package is now included in routeros one (disabled by default); *) webfig - fixed quickset, it didn't work with disabled wireless pacakge; *) sstp - fixed problem where session was closed every 2min; *) pptp,l2tp,pppoe - fixed problem where some of the static bindings become dynamic interfaces; *) eoip - lowered default MTU to avoid IP packet fragmentation; *) eoip - added clamp-tcp-mss setting with default=yes for new tunnels to avoid IP packet fragmentation; *) fixed - bridge could sometimes get added without "running" flag; *) fixed - simple queues could sometimes crash router; *) fixed - simple queue stats freeze (empty winbox queue window); *) ssh server - allow none cipher; *) proxy - added 'anonymous' option which will skip adding X-* and Via headers; *) dhcp server - added option use-framed-as-classless and added support for DHCP-Classless-Static-Route RADIUS attribute; *) quickset - fixed problem where address mode selection did not work in bridge mode; *) ipv6 address - fixed problem where changing advertise lost ipv6 connected route; CAVEAT: CAPsMAN Layer3 doesn’t work if IPv6 package enabled either on CAPsMAN or CAP device; What's new in 6.13 (2014-May-15 16:03): *) console - comments are now accepted where new command can start, that is, where '/' or ':' characters can be used to start new command, e.g. /interface { # comment until the end of the line print } *) backup - backups by default are encrypted now (with user password). To use backup on older versions, you should disable encryption with dont-encrypt flag when creating it; *) files with '.sensitive.' in the filename require 'sensitive' permission to manipulate; *) lcd - reduce CPU usage when displaying static screens; *) l2tp - fixed occasional server lockup; *) pptp - fixed memory leak; *) sstp - fixed crashes; What's new in 6.12 (2014-Apr-14 09:27): *) l2tp - fixed "no buffer space available" problem; *) ipsec - support IPv4 over IPv6 and vice versa; *) pppoe - report correctly number of active links; *) updated timezone information; *) many fixes for CRS managed switch functionality - particularly improved VLAN support, port isolation, defaults; *) added trunk support for CRS switches; *) added policing support for CRS switches; *) www - added support for HTTP byte ranges; *) lte - provide signal strength using snmp and make 'info once' work in console; What's new in 6.11 (2014-Mar-20 09:16): *) ipsec - fix aes-cbc hardware acceleration on CCR with key sizes 192 and 256; *) wireless - add auto frequency feature; *) ovpn - fixed TLS renegotiation; *) ovpn - make bridge mode work with big packets (do not leave extraneous padding); *) ovpn - fixed require-client-certifcate; *) ppp - revert RADIUS NAS-Port behaviour, report tunnel interface id; *) ppp - mppe encryption together with mrru locked the router; *) dhcp - added support for DHCP option 138 - list of CAPWAP IPv4 servers; *) quickset - added Guest Network setup to Home AP mode; *) console - no longer required to supply value of '/routing bgp instance vrf' property 'instance' for 'add' command; *) ethernet - added option to enable rx/tx flow control (will be disabled by default); *) ethernet - added ability to specify advertised modes for copper ports; *) fixed 100% cpu usage on CCRs; *) ssl - not finding CRL in local store for any certificate in trust chain will cause connection to fail; *) lte - support for Huawei ME609 and ME909u-521; What's new in 6.10 (2014-Feb-12 13:46): *) fix autosupout.rif generation after kernel panic; *) ovpn - make it work again; *) ovpn client - remove cipher=any %26 auth=any options, protocol does not support them; *) pptp - fixed where Windows %26 MacOS clients were disconnecting all the time; *) sstp - make it work with Windows client with AES encryption; *) ipv6 pool - fix dynamic prefix disappearing which may influence large VPNs with IPv6; *) ssh client - fix key agreement when sometimes wrong DH algorithm was selected; *) bgp - multipath eBGP now does not propagate BGP nexthop unless forced in configuration; *) removed 10/100 half duplex from autonegotiation advertisement on CCR; What's new in 6.9 (2014-Jan-31 11:18): *) lcd - added option to change the color-scheme; *) updated bootloader firmware; *) ppp: fixed RADIUS accounting; *) ppp: fixed IPV6-Prefix assigning; *) ppp: fixed dial-on-demand; What's new in 6.8 (2014-Jan-29 15:52): *) bridge - default protocol-mode changed to RSTP for new bridges, fixed bridge mac address changing when port (with lowest mac address) goes down *) userman - improve startup time; *) sstp client - support server name verification from certificate; *) wireless - improved 11n and nv2 stability; *) dhcp client - support interfaces in bridge; *) dhcp - parse decimal strings and IP addreses in options value; *) bgp - don't show community 'internet' in BGP advertisements; *) ipsec - enable hardware acceleration for aes-cbc + md5|sha1|sha256 aead on CCR; *) ospf - fixed checksum calculation for OSPFv3 AS-external-LSAs; *) default configuration - changed dhcp server lease time to 10 minutes; *) fixed port isolation on CRSs (bug introduced in v6.6); *) smb - added support for SMB 2.002 *) timezone information updated; *) ppp - fixed ppp bridging (did not work since v6.6); *) improved speed of PPP, PPPoE, PPTP %26 L2TP on multicore routers; *) address-list - fix crash when adding two identical address list entries; *) fixed multicast forwarding on CCRs; *) firewall - improved address-type matcher, and added it for ipv6 aswell; *) kernel drivers for ppp, pppoe, pptp, l2tp are now lock-less on transmit %26 receive; *) all ppp packets (except discovery packets) now can be handled by multiple cores; *) MPPE driver now can handle up to 256 out-of-order packets; What's new in 6.7 (2013-Nov-29 13:37): *) support Android usb tethering interface; *) ipsec - added aes-gcm icv16 encryption mode; *) wireless - improve rate selection for nstreme protocol *) poe - new poe controller firmware for RB750UP and OmniTIK UPA; *) ipsec - added aes-ctr encryption mode; *) leds - inverted modem signal trigger, now it will trigger when the signal level rises above the treshold; *) ipsec - added sha256 and sha512 support; *) ipsec - proposal defaults changed to aes-128 and sha1 for both phase1 and phase2; *) certificate - support ip, dns and email subject alternative names; *) dhcpv4 server - added REMOTE_ID option variable for relayed packets; *) ipsec - fix policy bypass on IPv6 gre, ipip, eoip tunnels when policy uses protocol filter; *) userman - fix crash on tilera; *) fixed hairpin nat on bridge with use-ip-firewall=yes; *) fixed vlan on bridge after reboot having 00:00:00:00:00:00 mac address; *) address-list - allow manually adding timeoutable entries; *) address-list - show dynamic entry timeout; *) fixed l2mtu changing on CCRs - could cause port flapping; *) disabling/enabling ethernet ports did not work properly on CCRs, could cause port flapping; *) fixed port flapping on CCR - could happen when having other than only-hardware-queue interface queue. Note that having other interface queue than only-hardware-queue dramatically reduces performace, so should be avoided if possible; What's new in 6.6 (2013-Nov-07 13:04): *) winbox - fixed problem where all previous session opened windows were read only; *) certificate - no more 'reset-certificate-cache' and 'decrypt' commands, private keys can be decrypted only on 'import', use 'decrypt' before upgrade if needed; *) fixed arp-reply only with more than one ip address on interface; *) fixed RB400 not to reboot by watchdog during micro-sd format; *) web proxy - fix SPDY server push handling; *) certificate - merged '/certificate ca issued', '/certificate scep client' and '/certificate templates' into '/certificate'; *) console - :foreach command can iterate over keys and values in an array, by specifying two counter variables, e.g.: :foreach k,v in=[/system clock get] do={:put "$k is $v"}; *) added support for new Intel 10Gb ethernet cards (82599); *) certificates - fixed certificate import; *) wireless - fixed crash when dfs was enabled on pre-n wireless cards; *) fixed port flapping on CCR; What's new in 6.5 (2013-Oct-16 15:32): *) tftp - added data packet pipelining for read requests; *) console - exported physical interface configuration uses 'default-name' instead of item number to match relevant interface; *) console - report all constituent errors for parameters with multiple alternative value types; *) certificates - merge '/certificate ca' into '/certificate', use set-ca-passphrase to maintain CA functionality; *) lcd - backlight option is replaced with "/lcd backlight" command *) dhcp server - added option to disable conflict-detection; *) console - ':return' does not trigger 'on-error=' action of ':do' command; *) route - fixed crash that could be triggered by change in nexthop address resolution; *) route - some imported VPNv4 routes were not using MPLS labels; *) route - imported VPNv4 routes were not always updated or removed when the original route changed; *) winbox - fixed problem where all settings were read only on first open; *) ovpn server - use only ciphers that are allowed not that client requested; *) ssh client - fixed public key authentication; *) ipsec - fix peer mathing with non byte aligned masks; *) fix routerboot upgrading if RouterOS is partitioned; *) add support for second serial port on CCR boards; *) fix serial port baudrate selection on CCR boards; *) ethernet interface stats that are behind switch chip show real hw stats instead of just the traffic that goes through cpu; What's new in 6.4 (2013-Sep-12 13:52): *) wireless - improved 802.11n wireless retransmission (doesn't effect nstreme/nv2) *) ovpn - allow to specify server via dns name; *) winbox - fixed problem where ipv6 routes with non local link address gateway could not be added; *) fixed watchdog on mipsle boards; *) traceroute - added count %26 max-hops parameters; *) traceroute - added back use-dns parameter; *) fixed usb Yota LTE modem hangup; *) console - make newly added item names always immediately available; *) graphing - make sure that interface graphs gets preserved across reboots; What's new in 6.3 (2013-Sep-03 12:25): *) ssh - fixed denial of service; *) traceroute - show mpls labels as well; *) bug fix - sometimes some new interfaces could not be created properly any more (f.e. some pppoe clients could not connect); *) console - added '/console clear-history' command that clears command-line history for all users, requires 'policy' policy; *) sstp - limit packet queue for each device; *) RB2011L - fixed occasional gigabit switch-chip lockup; *) user manager - will warn on 1MB and stop before reaching minimum of 500KB disk space; *) hotspot - do not account traffic to local hotspot pages; *) ppp, hotspot - added ability to specify where to insert rate limiting queue, it's parent and type; *) pptp, l2tp, sstp - allow to specify server via dns name; *) dhcp - added ability to specify where to insert rate limiting queue; *) www proxy - support ipv6 parent proxy; *) webfig - fixed problem when opening quickset page country was automaticly changed to etsi; *) traceroute - added mtr like pinging; *) fix queues - correct queue was not installed when last child removed; *) fix simple queues - sometimes some simple queues would stop working after configuration changes; *) console - fixed issue with local variables having non-empty value before first assignment; *) console - fixed command ":global name" without second argument to not create or change global variable "name", only effect is to make "name" refer to global variable. *) console - fixed passing local variables as argument to function; *) RB1200 - fixed crash when receiving over l2mtu size packets on some ethernet interfaces; What's new in 6.2 (2013-Aug-02 10:37): *) console - added "on-error" argument to ':do' command that is executed if command raises error; *) hotspot - fixed chap error after failed http-chap login (broken in v6.1); *) console - added new ':return' command that interrupts execution of script and passes argument as return value if script was called as function; *) routerboot - fixed upgrade from RouterOS (could fail on some units); *) userman - fixed payment gateway response notify processing; *) console - resolved issue with 'from-pool' propery in '/ipv6 address'; *) console - array value syntax in expressions '{1;2;3;4}' now can specify values with word keys as '{a=1;b=2}'; *) console - added 'verbose' argument to '/import' command that enables line-by-line script import. By default import whole script at once and don't print it, as it was in version 6.0; *) console - ':global', ':local' and ':set' commands have new parameter 'do' that allows assigning block of commands to the variable; *) console - global variables now are common to all users and are available to all users with at least "read,write,test,policy" policy; *) console - fixed parameter passing to scripts. Script parameters can be accessed without declaring them with ':local' and ':global' commands. For backwards compatibility global variables are first looked up in script parametrs; *) console - '$var 1 2 a="a" b="b"' syntax for passing parameters to commands stored in a variable. Parameters are accessed as '$1' '$2' '$a' '$b'; *) ipsec - fixed peer address matching; *) ups - query smart ups capabilities before issuing any commands; *) improved CCR responsiveness on other interfaces when one interface is under attack; *) sms tool - added sim-pin setting; *) dhcp server - framed routes are now also added to the server routing table; *) dhcpv6 server - added binding-script option; *) proxy - allow multiple src-address for ipv4 and ipv6; *) eoip,gre tunnels could occasionally crash multicore router; *) fixed bug - sometimes some types of interfaces would stop working; *) ipsec sometimes could crash kernel on CCR; *) connection tracking sometimes could crash kernel on CCR; *) ppp,pptp,l2tp,sstp - added default-route-distance parameter; *) scep - "/cert scep ra" merged into "/cert scep client" without saving ra config; *) ipsec - fix phase1 autonegotiation on little endian platforms; *) pppoe server - allow service with empty service-name to accept all pppoe clients; *) lcd - current-screen option is replaced with "/lcd show" command *) lcd - current-interface option is replaced with "/lcd interface display" command *) graphing - make graphs stable on ppp %26 ovpn interfaces; *) www, hotspot - fixed problem when www service stopped responding on high load; *) winbox, webfig: allow to enter space in the text fields; *) webfig - fixed configuration of VPLS %26 routing filters; *) lcd - added option for enabling or disabling the touch screen; *) lcd - added options for screen switching; *) lcd - up to 10 non-physical interfaces can now be added to the lcd; *) lcd - all interface graph screen can now be customized from /lcd interface page; *) backup - changed default backup file name to - -.backup for file browsers to sort them properly; *) webfig - it did not work in Opera; *) webfig - made terminal work again; *) winbox - added ability to fully set up traffic generator in winbox; *) trafficgen - allow ranges for ip addrs and udp ports; *) trafficgen - add tcp header support; *) queue simple - fixed bug - actual queue order sometimes was wrong; *) queue simple - queue is not invalid when at least one of target interfaces is up; *) fixed crash when setting master-port on AR8327 switch chips; *) fixed addresslist - dynamic entries sometimes would still show up even afther being timed out; *) added /ip settings allow-hw-fast-path setting to control AR8327N hardware ipv4 fast path; *) vrrp - allow more than one vrrp on interface; What's new in 6.1 (2013-Jun-12 11:50): *) pptp, l2tp - fixed crash when tunnel mru was too big and fragmented ip packet was received; *) hotspot - fixed problem when after upgrade hotspot html directory was empty; *) ipv6 nd - dns dynamic-servers were not included in router advertisements; *) winbox - fixed problem Switch menu disappeared on RB2011; *) fixed memory amount issue on RB1100AHx2; *) console - '/import' prints each command that is executed; *) console - 'import' has new argument 'from-line' that starts executing commands after specified line; *) secure api - fixed problem when wrong client ip address was reported; *) hotspot - fixed universal client; *) api - added support for API over TLS (SSL); *) api - api service is now enabled by default; *) ppp - do not show R flag for locally authenticated users; *) vrrp - fixed ah authentication; *) webfig - added support for RADIUS authentication (via MS-CHAPv2); *) ipsec - for peers with full IP address specified system will autostart ISAKMP SA negotiation; *) trafficgen - added inject-pcap command for replaying pcap files into network; *) dns - retry queries with tcp if truncated results received; *) improved queue statistics updating; *) fix 1G linking with some Cisco devices (affects RB7xx, RB9xx, RB1100, RB2011, CCR); What's new in 6.0 (2013-May-17 14:04): *) ipsec - added /peer passive option which will prevent starting ISAKMP negotiation and signifies xauth responder/initiator side; *) RouterBOARD - default wireless config now includes password - serial number; *) lte - support YOTA WLTUBA-107; *) console - fixed crash when variable name was not specified for ':global', ':local', ':set', ':for' and ':foreach' commands; *) hotspot - added mac-cookie login method; http://wiki.mikrotik.com/wiki/Manual:Hotspot_Introduction#MAC_Cookie *) lcd - show a message when system shutdown is complete; *) lcd - added Log screen which is accessible through the Main Menu and shows log messages where action=echo; *) ipsec - added pre-shared-key-xauth and rsa-signature-hybrid authentication methods; *) increased max l2mtu on CCR to 10226 bytes; *) fixed crash on RB1200; *) fixed bonding - did not work after remove, undo; *) fixed queues - router could become unresponsive when configuring queues; What's new in 6.0rc14 (2013-Apr-24 11:52): *) route - make connected routes inactive when interface has no link; *) ipsec - changing or removing unused peer or proposal config won't flush active SAs; *) console - add 'without-paging' to more 'print' commands; *) route - automatically repair FIB inconsistencies; *) ipsec mode-cfg - unity split include support; *) ipsec policy - template matching for policy generation; *) metarouter: fixed occasional lockups on mipsbe boards; *) fixed crash when bridge filter rule had action=return for rule in builtin chain; *) traffic-flow - fixed deadlock and crash on multicore; *) fixed memory leak on CCR with PPPoE interfaces; *) improved PPPoE interface encapsulation performance; *) fixed queues - total amount of traffic passing through queues sometimes was about 1Gbit; What's new in 6.0rc13 (2013-Apr-08 14:25): *) pppoe, l2tp, pptp server - increased lcp retransmit count to 10; *) pptp, l2tp %26 pppoe clients - added ability to specify keepalive timeout; *) graphing - fixed problem were interface graphs are lost on reboot; *) dhcpv6 - added relay; *) sstp server - restore (disabled in rc12) test mode which allows running server without certificate; *) lcd - added option for turning backlight on/off; *) bgp - fix med comparison check if routes are received from iBGP peer; *) fixed simple queues - sometimes some simple queues did not limit traffic (bug introduced in 6.0rc12); *) allow to change arp timeout (in /ip settings); *) added /ip neighbor discovery settings setting "default-for-dynamic" to control discovery on new dynamic interfaces (off by default); What's new in 6.0rc12 (2013-Mar-26 17:18): *) ospf - add use-dn option; *) ospf - fix route-tag handling; *) fixed layer7 matcher - it is case insensitive now; *) remote logging - added iso8601 time format support; *) bgp - change MED propagation logic, now discarded when sending route with non-empty AS_PATH to an external peer; *) fixed occasional nand corruption on CCR; *) ipsec - added ipv4 mode-cfg support for responder; *) ipsec - fixed some issues with removal of dynamic policies; *) email - renamed parameter tls to start-tls for send command; *) wireless - update required when using small width channel RB2011 RB9xx caveat: update remote end/s before updating AP as both side are required to use new/same version for a link *) ipsec - generate-policy now can have port-strict value which will use port from peer's proposal when generating policy or port-override which will always generate policy for any port; *) ipsec - responder side now uses initiator exchange type for peer config selection; *) lcd - changed All interface stat screen (bar graphs) to show total bandwidth usage, combine rx/tx together; *) lcd - removed "all-interface-mode" option; *) lcd - changed "Interfaces" screen to show interface usage similiar to All interface stat screen; *) lcd - improved Interfaces -> * -> Info screen, added more wireless information; *) lcd - added Registration Table screen for wireless interfaces under Interfaces -> 'wireless interface' -> Registration Table; *) fixed occasional kernel crashes on CCR; *) fixed other than only-hardware-queue interface queues on CCR; *) lte - devices with vendor/product id pair 0x0f3d/0x68AA now uses directip inferface; *) dhcp client v4 - option add-default-route now supports special-classless value; *) significantly increased simple queue performance on multi core systems (up to 9x on CCR1036 with at least 32 top level simple queues); *) ip arp - new property published; *) web proxy - added new option max-cache-object-size, upper limit of max-client-connections and max-server-connections is now calculated from system RAM; *) ospf - fixed inconsistency in external ECMP route calculation; *) certificates - CA keys are no more cached, every CA operations now requires a valid CA passphrase. use set-ca-passphrase for scep server to cache CA key in encrypted form; *) ppp - made MPPE encryption work on tilera (bug introduced in 6.0rc10); *) tool fetch - https support with optional certificate verification; *) sstp server - removed test mode which allowed running server without certificate; *) trafficgen - add support for ipv6 header; *) wireless - added support for small channels on SXT lite; What's new in 6.0rc11 (2013-Feb-22 09:17): *) ppp - made MPPE encryption work on tilera (bug introduced in 6.0rc10); *) sstp server - added option to force AES encryption; *) fixed router crash on heavy traffic with sierra lte modem on boards with 32MB RAM; What's new in 6.0rc10 (2013-Feb-15 10:47): *) ppp - added bridge-path-cost %26 bridge-port-priority to ppp profiles; *) ppp - made RSTP work over ppp links as well; *) ppp - added last-logged-out to ppp secrets; *) ppp - made MRRU work propererly on CCR; *) hotspot, ppp - support multiple address-lists; *) fixed problem - could not format disks larger than 2Gb on CCR; *) fixed problem - repartitioning flash second time made system unbootable; *) fixed problem - partition fall back settings got corrupted; *) fixed problem - package made for other architectures could be installed, making whole system non functioning; *) sstp, ipsec - respect CRLs; *) certificates - for certificates marked as trusted=yes, CRL will be automaticly updated once in hour from http sources; *) fixed ppp family interfaces - show it's status (bug introduced in rc8); *) fixed p2p, connection-bytes firewall matcher; *) fixed ip firewall nat action=same; What's new in 6.0rc9 (2013-Feb-08 08:15): *) ospf - fixed Summary-LSA prefix length check for OSPFv3, was not accepting valid LSAs; *) certificates - fix broken certificate handling (bug introduced in rc8) in all related programs; *) fixed - bgp tcp-md5-key crash on CCR; *) fixed interfaces list sometimes showing up empty; *) fixed - ip addrs could be inactive for some types of interfaces which are added as bridge ports and disabled; What's new in 6.0rc8 (2013-Feb-04 13:25): *) ppp,pppoe,pptp,l2tp,sstp - only 2 change mss mangle rules are created for all ppp interfaces; *) wireless - fixed AES encryption speed issues (upgrade suggested); *) dhcpv6 server - handle info requests; *) webfig - compressed all html resource files, speeds up opening of webfig page; *) console - reduced width of address column in '/user print'; *) simple queues requires target arg to be specified when adding; *) do not count packets for unknown protocols as rx_dropped; *) snmp - provide POE info; *) improved cpu usage reporting on CCR boards; *) improved interface reading performance; *) changed CLI interface order - first are ethernets, second wireless, third everything else. Within group interfaces are ordered by name; *) interfaces are deleted much faster, could be bottleneck on systems with many ppp sessions; *) pptp,l2tp,6to4 tunnel encapsulation/decapsulation now resets packet marks to have consistent behavior across tunnels; *) fix simple queue interface matching when doing encapsulation in some tunnel, could result in double accounted packets; *) ip/ipv6 firewall has all-ether,all-wireless,all-vlan,all-ppp interface matchers *) queue limits could be inaccurate for large limits (100M or more); What's new in 6.0rc7 (2013-Jan-18 13:04): *) dhcp relay - possibility to add relay agent information option; *) lcd - options current-interface, time-interval and all-interface-mode no longer get reset after reboot; *) fix reboot in virtualized enviroment; *) lcd - improve slideshow screen; *) console - file print now shows file size as small number with suffix; *) dhcp v4 - fix problem when sometimes client or server failed to send packets most likely it happened on vlan interfaces; *) ipv6 - added setting to disable forwarding; *) added "/ip neighbor discovery settings" menu with "default=yes/no" setting; What's new in 6.0rc6 (2012-Dec-21 12:20): *) fixed problem - netinstall for x86 did not work; *) lcd - added take-screenshot command; *) lcd - fixed calibration, fresh boards no longer require recalibration; *) optimize memory usage - makes 32Mb routerboards more stable; *) support BandRich modems with newer firmware; *) ipsec - authentication using certificate store but without CRL checking for now; *) added feature - flash can be partitioned on routerboards and separate versions can be installed on each of them (requires latest firmware); *) fixed problem - after restoring backup, it gets restored again on every reboot; *) improved router performance when dhcp client/server present in system; *) fixed vlan on bond after reboot; *) fixed occasional queue kernel crash; What's new in 6.0rc5 (2012-Dec-05 15:22): *) wireless - advanced rate selection is the only method supported; *) ssh client - support keyboard-interactive authentication; *) fix simple queue config upgrade; What's new in 6.0rc4 (2012-Nov-28 17:16): *) dhcp server - added two radius string options (24, 25) for use in custom dhcp options; *) fixed problem - ppp dial-on-demand did not work, it allways dialed in; *) fixed problem - password was not saved when adding new user; *) added feature - show last-logged-in in users list; *) snmp - fix interface table; *) dhcp ipv6 - added comment fields; *) dhcp client ipv6 - add/remove default route or ntp server without renew when settings change; *) ppp clients - set up dns dynamic-servers instead of static ones; *) fixed problem - Connect button did not work in wireless scanner; *) dhcp server - added radius framed route support; *) fixed problem - MetaROUTERs did not work on PowerPC boards (RB800, RB1000, RB1100); *) fixed problem - check-for-updates stopped working if it didn't find new updates previously; *) dhcp ipv6 - added dns option support; *) gre - support all protocol encapsulation, not just ip and ipv6; What's new in 6.0rc3 (2012-Nov-09 12:59): *) fixed problem - MetaROUTERs did not work on RB2011s; *) fixed problem - Realtek 1Gbit ethernet cards did not work; *) added "/ip settings" menu with following settings: ip-forward, send-redirects, accept-source-route, accept-redirects, secure-redirects, rp-filter, tcp-syncookies; *) fix some ipv6 firewall matchers; *) improved performance for eoip,eoipv6,gre,gre6 tunnels, especially on multi core; *) /queue tree entries with parent=global are performed separately from /queue simple and before /queue simple; *) snmp - fixed missing OIDs; What's new in 6.0rc2 (2012-Oct-24 11:27): *) added generic fast path support on certain interfaces (all ethernets on RB3xx, RB6xx, RB7xx, RB8xx, RB9xx, RB1000, RB11xx, RB2011); *) added ipv4 fast path, it doubles ipv4 forwarding performance on supported interfaces when no firewall, conntrack, queues. *) added traffic generator fast path; *) addedbridge fast path; More info on fast path: http://wiki.mikrotik.com/wiki/Manual:Fast_Path What's new in 6.0rc1 (2012-Sep-26 14:56): *) i386 - increased number of supported cores to 64; *) userman - fix unpaid profile activation while authenticating; *) dhcp client - custom options; *) dhcp options - allow mixing different data types; *) console - "export compact" now is the default, use "export verbose" to get previous behaviour; *) ntp - make it work again; *) tftpd - if real-file is a existing directory then prefix request with it; *) RB333 ethernets are back; *) dns - rotate servers only on failure; *) fix M3P (/ip packing); What's new in 6.0beta3 (2012-Aug-22 12:12): *) installation - use much less space in storage (works well with 32MiB flash); *) routerboard package is now merged with system package; *) userman - use corresponding time zone data when showing date in console; *) gps - init-string option; *) ipsec - kill phase1 if ipsec-sa in responder expires due to system time change; *) ipsec - rekey phase1 before expiration; *) ipsec - when last ISAKMP-SA is deleted for the remote host remove related IPSec-SAs; *) ipsec - send delete IPSec-SAs on shutdown/reboot; *) user manager - fix user's active profile end time if it has unlimited validity, these users now won't be hidden from reports when date filters are in effect; *) certificate validity is shown using local timezone offset; *) fixed queue bit rate reporting; *) fixed ipv6 firewall; *) upgraded drivers and kernel (to linux-3.3.5); *) added priority matcher to firewall; *) added change-dscp from-priority and from-priority-to-high-3-bits options; *) fixed router crash or hang when rebooting; *) add snif-tzsp,snif-pc actions to ip/ipv6 firewall mangle; *) traffic-generator improvements for multi core; What's new in 6.0beta2 (2012-Apr-24 10:57): *) "/ip address set" and "/ipv6 address set" commands did not work properly; *) fix eoipv6 tunnels, tunnel-ids in packets were shuffled; *) fix dynamic simple queues; *) fix /ipv6 firewall connection-state matcher, was crashing router; *) fix traffic generator, was crashing router when generating traffic on bonding interface; *) fix wds interfaces; *) downgrading to v5 was losing wireless interface configuration; *) fix queue byte and rate statistics; *) fix ethernet port order on all boards; What's new in 6.0beta1 (2012-Apr-13 15:26): *) updated drivers and kernel (to linux-2.6.38.2); *) improved interface management (scales well for up to thousands of interfaces and more); *) improved queue management (/queue simple and /queue tree) - easily handles tens of thousands of queues; *) improved overall router performance when simple queues are used - at least double the performance of v5, even bigger improvements on multicore systems; *) very small overhead for packets that miss simple queues, but simple queues are present in the system; *) pcq queue is NAT aware (just like "/queue simple" and "/ip traffic-flow"; *) in "/ip firewall mangle" can specify "new-priority=from-dscp-high-3-bits"; *) new default queue types: pcq-download-default and pcq-upload-default; *) simple queues have separate priority setting for download/upload/total; *) slave flag shows up for interfaces that are in bridge,bonding or switch group; *) global-in, global-out, global-total parent in /queue tree is replaced with global that is equivalent to global-total in v5; *) simple queues happen in different place - at the very end of postrouting and local-in chains; *) simple queues target-addresses and interface parameters are joined into one target parameter, now supports multiple interfaces match for one queue; *) simple queues dst-address parameter is changed to dst and now supports destination interface matching; *) dns cache logs requests to topics "dns" and "packet";