Обновление MikroTik RouterOS v6.41

Производитель MikroTik обновил операционную систему RouterOS до версии 6.41.

Прошивку RouterOS версии 6.41 можно скачать с сайта http://www.mikrotik.com/download.html

Внимание! Перед обновлением обязательно сделайте бэкап настроек!

RouterOS (v6.40rc36-rc40 and) v6.41rc1+ содержит новую реализацию bridge интерфейса, которая поддерживает аппаратную разгрузку (hw-offload).

Это обновление преобразует все настройки интерфейса «master-port» в новую конфигурацию и исключает вариант «master-port» как таковой.

Интерфейс bridge будет обрабатывать всю пересылку Layer2, и использование switch-чипа (hw-offload) будет включаться автоматически на основе соответствующих условий.

Остальные настройки Switch в настоящее время остаются нетронутыми в обычных меню RouterOS.

Обратите внимание, что при откате на старую версию RouterOS, настройки "master-port" не будут автоматически восстановлены. После отката необходимо использовать резервную копию для восстановления настроек "master-port".

В версии 6.41 сделаны следующие улучшения и исправления (22 декабря 2017 г.):

• ! bridge - implemented software based vlan-aware bridges;
  https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
• ! switch - "master-port" conversion into a bridge with hardware offload "hw" option;
  https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
• ! detnet - implemented "/interface detect-internet" feature;
  https://wiki.mikrotik.com/wiki/Manual:Detect_internet
• ! bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
• ! routerboot - RouterBOOT version numbering system merged with RouterOS;
• ! w60g - added Point to Multipoint support;
• ! w60g - revised "master" and "slave" interface modes to more familiar "bridge", "ap-bridge", "station-bridge";
• ! wireless - new driver with initial support for 160 and 80+80 MHz channel width;
• arm - minor improvements on CPU load distribution for RB1100 series devices;
• arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
• bgp - added 32-bit private ASN support;
• bridge - added comment support for VLANs;
• bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
• bridge - added support for "/interface list" as a bridge port;
• bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
• bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
• bridge - changed "Host" and "MDB" table column order;
• bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
• bridge - fixed "fast-forward" counters;
• bridge - fixed ARP setting (introduced in v6.40rc36);
• bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
• bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
• bridge - fixed multicast forwarding (introduced in v6.40rc36);
• bridge - implemented dynamic entries for active MST port overrides;
• bridge - implemented software based "igmp-snooping";
• bridge - implemented software based MSTP;
• bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
• bridge - set "igmp-snooping=no" by default on new bridges;
• bridge - show "admin-mac" only if "auto-mac=no";
• bridge - show bridge interface local addresses in the host table;
• btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
• capsman - added "vlan-mode=no-tag" option;
• capsman - added possibility to downgrade CAP with Upgrade command from CAPsMAN;
• capsman - return complete CA chain when issuing new certificate;
• capsman - use "adaptive-noise-immunity" value from CAP local configuration;
• certificate - added option to store CRL in RAM (CLI only);
• certificate - fixed SCEP "get" request URL encoding;
• certificate - improved CRL update after system startup;
• certificate - show "Expired" flag when initial CRL fetch fails;
• certificate - show invalid flag when local CRL file does not exist;
• chr - added KVM memory balloon support;
• chr - added suspend support;
• console - do not stop "/certificate sign" process if console times out in 1 minute;
• console - removed "/setup";
• crs317 - added initial support for HW offloaded MPLS forwarding;
• crs317 - fixed reliability on FAN controller;
• crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
• crs326 - improved transmit performance from SFP+ to Ethernet ports;
• crs3xx - added ingress/egress rate input limits;
• crs3xx - hide unused switch "vlan-mode", "vlan-header-mode" and "default-vlan-id" options;
• crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
• dhcp - fixed DHCP services failing after reboot when DHCP option was used;
• dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
• dhcp - require DHCP option name to be unique;
• dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
• dhcp-server - added "option-set" argument (CLI only);
• dhcp-server - added basic RADIUS accounting;
• dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
• dhcpv4-client - allow to use DUID for client as identity string as the option 61;
• dhcpv4-server - added "NETWORK_GATEWAY" option variable;
• dhcpv4-server - strip trailing "\0" in "hostname" if present;
• discovery - use "/interface list" instead of interface name under neighbor discovery settings;
• e-mail - do not show errors when sending e-mail from script;
• eoip - made L2MTU parameter read-only;
• ethernet - removed "master-port" parameter;
• export - fixed interface list export;
• fetch - accept all HTTP 2xx status codes;
• filesystem - implemented additional system integrity checks on reboots;
• firewall - added "tls-host" firewall matcher;
• health - fixed bogus voltage readings on CCR1009;
• hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
• hotspot - fixed Walled Garden IP functionality when address-list is used;
• ike1 - DPD retry interval set to 5 seconds;
• ike1 - disallow peer creation using base mode;
• ike1 - fixed crash on xauth if user does not exist;
• ike1 - fixed memory corruption when IPv6 is used;
• ike1 - improved stability on phase1 rekeying;
• ike1 - release mismatched PH2 peer IDs;
• ike1 - use /32 netmask if none provided by mode config;
• ike2 - added support for multiple split networks;
• ike2 - check identities on "initial-contact";
• ike2 - do not allow to configure nat-traversal;
• ike2 - fixed PH1 lifetime reset on boot;
• ike2 - fixed initiator DDoS cookie processing;
• ike2 - fixed responder DDoS cookie first notify type check;
• ike2 - kill connection when peer changes address;
• ike2 - use peer configuration address when available on empty TSi;
• interface - added "/interface reset-counters" command (CLI only);
• interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
• interface - added option to join and exclude "/interface list" from one and another;
• interface - fixed corrupted "/interface list" configuration after upgrade;
• ippool6 - try to assign desired prefix for client if prefix is not being already used;
• ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
• ipsec - allow to specify "remote-peer" address as DNS name;
• ipsec - fixed incorrect esp proposal key size usage;
• ipsec - fixed policy enable/disable;
• ipsec - improved hardware accelerated IPSec performance on 750Gr3;
• ipsec - improved reliability on certificate usage;
• ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
• ipsec - skip invalid policies for phase2;
• ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
• l2tp - improved reliability on packet processing in FastPath;
• l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
• lcd - fixed "flip-screen=yes" state after reboot;
• log - added "bridge" topic;
• log - fixed interface name in log messages;
• log - optimized "poe-out" logging topic logs;
• lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
• lte - added Passthrough support;
• lte - added Yota non-configurable modem support;
• lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
• lte - automatically add "/ip dhcp-client" configuration on interface;
• lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
• lte - fixed Passthrough support;
• lte - fixed authentication for non LTE modes;
• lte - fixed error when trying to add APN profile without name;
• lte - fixed rare crash when initializing LTE modem after reset;
• lte - fixed user authentication for R11e-LTE when new firmware is used;
• lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
• lte - limited minimal default route distance to 1;
• lte - update info command with "location area code" and "physical cell id" values;
• m11g - improved ethernet performance on high load;
• mac-server - use "/interface list" instead of interface name under MAC server settings;
• modem - added initial support for Alcatel IK40 and Olicard 500;
• neighbor - show neighbors on actual bridge port instead of bridge itself
• netinstall - fixed missing "/flash/etc" on first bootup;
• netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
• ospf - fixed OSPF v2 and v3 neighbor election;
• ovpn-server - do not periodically change automatically generated server MAC address;
• poe - added new "poe-out" status "controller-error";
• poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
• poe - log PoE status related messages under debug topic;
• ppp - added initial support for PLE902;
• ppp - added support for Sierra MC7750, Verizon USB730L;
• ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
• ppp - fixed "change-mss" functionality when MSS option is missing on forwrded packets;
• ppp - fixed L2TP and PPTP encryption negotiation process on configuration changes;
• ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
• pppoe-client - properly re-establish MLPPP session when one of the lines stopped transmitting packets;
• pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
• quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
• quickset - fixed LTE quickset mode APN field;
• quickset - fixed situation when Quickset automatically changes mode to CPE;
• quickset - renamed router IP static DNS name to "router.lan";
• radius - limited RADIUS timeout maximum value to 3 seconds;
• route - fixed potential route crash on routing table update;
• scheduler - properly display long scheduler configuration;
• sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
• sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
• sms - fixed minor problem for SMS delivery;
• sms - log decoded USSD responses;
• snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
• snmp - fixed bridge host requests on devices with multiple bridge interfaces;
• snmp - fixed bulk requests when non-repeaters are used;
• snmp - fixed consecutive OID bulk get from the same table;
• snmp - show only available OIDs under "/system health print oid";
• ssh - do not use DH group1 with strong-crypto enabled;
• ssh - enforced 2048bit DH group on tile and x86 architectures;
• system - show USB topology for the device info;
• tile - improved hardware encryption processes;
• tr069-client - fixed "/interface lte apn" configuration parameters;
• traceroute - improved "/tool traceroute" results processing;
• upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
• upnp - deny UPnP request if port is already used by the router;
• ups - fixed duplicate "failed" UPS logs;
• userman - allow to generate more than 999 users;
• w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
• w60g - connected stations are treated as separate interfaces;
• webfig - added favicon file;
• webfig - fixed router getting reset to default configuration;
• webfig - fixed terminal graphic user interface under Safari browser;
• winbox - added "W60G station" tab in Wireless menu;
• winbox - added "notrack-chain" setting to IPSec peers;
• winbox - added support for "_" symbol in terminal window;
• winbox - added switch menu on RB1100AHx4;
• winbox - do not show MetaROUTER stuff on RB1100AHx4;
• winbox - do not show duplicate "Switch" menus for CRS326;
• winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
• winbox - do not show duplicate filter parameters "Published" in ARP list;
• winbox - do not show unnecessary tabs from "Switch" menu;
• winbox - fixed "/certificate sign" process;
• winbox - fixed bridge port sorting order by interface name;
• winbox - show warnings under "/system routerboard settings" menu;
• wireless - added "allow-signal-out-off-range" option for Access List entries;
• wireless - added "indonesia3" regulatory domain information;
• wireless - added passive scan option for wireless scan mode;
• wireless - added support for CHARGEABLE_USER_ID in EAP Accounting;
• wireless - check APs against connect-list rules starting with strongest signal;
• wireless - do not show background scan frequencies in the monitor command channel field;
• wireless - improved reliability on "rx-rate" selection process;
• wireless - increased the EAP message retransmit count;
• wireless - log "signal-strength" when successfully connected to AP;
• wireless - pass interface MAC address in Sniffer TZSP frames;
• wireless - updated "UK 5.8 Fixed" and "Australia" country data;
• wireless - updated "united kingdom" regulatory domain information.