MikroTik RouterOS PPC Firmware 6.44
Dateityp: Firmware.
Betriebssystem: AnyOS.
Dateiname: all_packages-ppc-6.44.zip.
Bit: 32/64 Bit.
Lizenz: Kostenlos.
Beschreibung
MAJOR CHANGES IN v6.44:
– cloud – added command “/system backup cloud” for backup storing on cloud (CLI only);
– ipsec – added new “identity” menu with common peer distinguishers;
– ipsec – removed “main-l2tp” exchange-mode, it is the same as “main” exchange-mode;
– ipsec – removed “users” menu, XAuth user configuration is now handled by “identity” menu;
– radius – initial implementation of RadSec (RADIUS communication over TLS);
– speedtest – added “/tool speed-test” for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
Änderungen in dieser Version:
– bgp – properly update keepalive time after peer restart;
– bridge – added option to monitor fast-forward status;
– bridge – count routed FastPath packets between bridge ports under FastPath bridge statistics;
– bridge – disable fast-forward when using SlowPath features;
– bridge – fixed BOOTP packet forwarding when DHCP Snooping is enabled;
– bridge – fixed DHCP Option 82 parsing when using DHCP Snooping;
– bridge – fixed log message when hardware offloading is being enabled;
– bridge – fixed packet forwarding when changing MSTI VLAN mappings;
– bridge – fixed packet forwarding with enabled DHCP Snooping and Option 82;
– bridge – fixed possible memory leak when using MSTP;
– bridge – fixed system’s identity change when DHCP Snooping is enabled (introduced in v6.43);
– bridge – improved packet handling when hardware offloading is being disabled;
– bridge – improved packet processing when bridge port changes states;
– btest – added multithreading support for both UDP and TCP tests;
– btest – added warning message when CPU load exceeds 90% (CLI only);
– capsman – always accept connections from loopback address;
– certificate – added support for multiple “Subject Alt. Names”;
– certificate – enabled RC2 cipher to allow P12 certificate decryption;
– certificate – fixed certificate signing by SCEP client if multiple CA certificates are provided;
– certificate – show digest algorithm used in signature;
– chr – assign interface names based on underlying PCI device order on KVM;
– chr – distribute NIC queue IRQ’s evenly across all CPUs;
– chr – fixed IRQ balancing when using more than 32 CPUs;
– chr – improved system stability when insufficient resources are allocated to the guest;
– cloud – added “ddns-update-interval” parameter;
– cloud – do not reuse old UDP socket if routing changes are detected;
– cloud – ignore “force-update” command if DDNS is disabled;
– cloud – improved DDNS service disabling;
– cloud – made address updating faster when new public address detected;
– conntrack – added new “loose-tcp-tracking” parameter (equivalent to “nf_conntrack_tcp_loose” in netfilter);
– console – renamed IP protocol 41 to “ipv6-encap”;
– console – updated copyright notice;
– crs317 – fixed packet forwarding when LACP is used with hw=no;
– crs3xx – fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
– crs3xx – improved fan control stability;
– defconf – fixed configuration not generating properly on upgrade;
– defconf – fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
– defconf – fixed IPv6 link-local address range in firewall rules;
– dhcp – added “allow-dual-stack-queue” setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
– dhcp – properly load DHCP configuration if options are configured;
– dhcpv4-server – added “parent-queue” parameter (CLI only);
– dhcpv4-server – added “User-Name” attribute to RADIUS accounting messages;
– dhcpv4-server – fixed service becoming unresponsive after interface leaves and enters the same bridge;
– dhcpv4-server – use ARP for conflict detection;
– dhcpv6-client – use default route distance also for unreachable route added by DHCPv6 client;
– dhcpv6-server – allow to add DHCPv6 server with pool that does not exist;
– dhcpv6-server – fixed missing gateway for binding’s network if RADIUS authentication was used;
– dhcpv6-server – improved DHCPv6 server stability when using “print” command;
– dhcpv6-server – show “client-address” parameter for bindings;
– discovery – detect proper slave interface on bounded interfaces;
– discovery – fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
– discovery – send master port in “interface-name” parameter;
– discovery – show neighbors on actual bridge port instead of bridge itself for LLDP;
– e-mail – added info log message when e-mail is sent successfully;
– ethernet – added “tx-rx-1024-max” counter to Ethernet stats;
– ethernet – fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
– ethernet – fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
– ethernet – fixed packet forwarding when SFP interface is disabled on hEX S;
– ethernet – fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
– ethernet – improved per core ethernet traffic classificator on mmips devices;
– export – fixed “silent-boot” compact export;
– fetch – added “http-header-field” parameter;
– fetch – added option to specify multiple headers under “http-header-field”, including content type;
– fetch – fixed “without-paging” option;
– fetch – improved file downloading to slow memory;
– fetch – improved stability when using HTTP mode;
– fetch – removed “http-content-type” parameter;
– gps – increase precision for dd format;
– gps – moved “coordinate-format” from “monitor” command to “set” parameter;
– health – improved fan control stability on CRS328-24P-4S+RM;
– hotspot – added “https-redirect” under server profiles;
– hotspot – added per-user NAT rule generation based on “incoming-filter” and “outgoing-filter” parameters;
– ike1 – do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
– ike1 – fixed memory leak;
– ike2 – added option to specify certificate chain;
– ike2 – added peer identity validation for RSA auth (disabled after upgrade);
– ike2 – allow to match responder peer by “my-id=fqdn” field;
– ike2 – fixed local address lookup when initiating new connection;
– ike2 – improved subsequent phase 2 initialization when no childs exist;
– ike2 – properly handle certificates with empty “Subject”;
– ike2 – retry RSA signature validation with deduced digest from certificate;
– ike2 – send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
– ike2 – show weak pre-shared-key warning;
– interface – added “pwr-line” interface support (more information will follow in next newsletter);
– ipsec – added account log message when user is successfully authenticated;
– ipsec – added basic pre-shared-key strength checks;
– ipsec – added new “remote-id” peer matcher;
– ipsec – allow to specify single address instead of IP pool under “mode-config”;
– ipsec – fixed active connection killing when changing peer configuration;
– ipsec – fixed all policies not getting installed after startup (introduced in v6.43.8);
– ipsec – fixed stability issues after changing peer configuration (introduced in v6.43);
– ipsec – hide empty prefixes on “peer” menu;
– ipsec – improved invalid policy handling when a valid policy is uninstalled;
– ipsec – made dynamic “src-nat” rule more specific;
– ipsec – made peers autosort themselves based on reachability status;
– ipsec – moved “profile” menu outside “peer” menu;
– ipsec – properly detect AES-NI extension as hardware AEAD;
– ipsec – removed limitation that allowed only single “auth-method” with the same “exchange-mode” as responder;
– ipsec – require write policy for key generation;
– kidcontrol – added IPv6 support;
– kidcontrol – added “reset-counters” command for “device” menu (CLI only);
– kidcontrol – added statistics web interface for kids (http://router.lan/kid-control);
– kidcontrol – added “tur-fri”, “tur-mon”, “tur-sat”, “tur-sun”, “tur-thu”, “tur-tue”, “tur-wed” parameters;
– kidcontrol – dynamically discover devices from DNS activity;
– kidcontrol – fixed validation checks for time intervals;
– kidcontrol – properly detect time zone changes;
– kidcontrol – use “/128” prefix-length for IPv6 addresses;
– l2tp – fixed IPsec secret not being updated when “ipsec-secret” is changed under L2TP client configuration;
– lcd – made “pin” parameter sensitive;
– led – fixed default LED configuration for RBSXTsq-60ad;
– led – fixed default LED configuration for wAP 60G AP devices;
– led – fixed PWR-LINE AP Ethernet LED polarity (“/system routerboard upgrade” required);
– lldp – fixed missing capabilities fields on some devices;
– lte – added additional ID support for Novatel USB730L modem;
– lte – added “cell-monitor” command for R11e-LTE international modem (CLI only);
– lte – added “ecno” field for “info” command;
– lte – added “firmware-upgrade” command for R11e-LTE international modems (CLI only);
– lte – added initial support for multiple APN for R11e-4G (new modem firmware required);
– lte – added initial support for Telit LN940;
– lte – added multiple APN support for R11e-4G;
– lte – added option to lock the LTE operator;
– lte – added support for JioFi JMR1040 modem;
– lte – fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
– lte – fixed DHCP IP acquire (introduced in v6.43.7);
– lte – fixed DHCP relay packet forwarding when in passthrough mode;
– lte – fixed IPv6 activation for R11e-LTE-US modems;
– lte – fixed Jaton/SQN modems preventing router from booting properly;
– lte – fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
– lte – fixed missing running flag for Jaton LTE modems;
– lte – fixed passthrough DHCP address forward when other address is acquired from operator;
– lte – fixed reported “rsrq” precision (introduced in v6.43.8);
– lte – improved compatibility for Alt38xx modems;
– lte – improved SIM7600 initialization after reset;
– lte – improved SimCom 7100e support;
– lte – query “cfun” on initialization;
– lte – require write policy for at-chat;
– lte – update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
– netinstall – do not show kernel failure critical messages in the log after fresh install;
– ntp-client – fixed “dst-active” and “gmt-offset” being updated after synchronization with server;
– port – improved “remote-serial” TCP performance in RAW mode;
– ppp – added “at-chat” command;
– ppp – fixed dynamic route creation towards VPN server when “add-default-route” is used;
– profiler – classify kernel crypto processing as “encrypting”;
– profile – removed obsolete “file-name” parameter;
– proxy – removed port list size limit;
– radius – implemented Proxy-State attribute handling in CoA and disconnect requests;
– rb3011 – implemented multiple engine IPsec hardware acceleration support;
– rb4011 – fixed SFP+ interface full duplex and speed parameter behavior;
– rb4011 – improved SFP+ interface linking to 1Gbps;
– rbm33g – improved stability when used with some USB devices;
– romon – improved reliability when processing RoMON packets on CHR;
– routerboard – removed “RB” prefix from PWR-LINE AP devices;
– routerboard – require at least 10 second interval between “reformat-hold-button” and “max-reformat-hold-button”;
– smb – added commenting option for SMB users (CLI only);
– smb – fixed macOS clients not showing share contents;
– smb – fixed Windows 10 clients not able to establish connection to share;
– sniffer – save packet capture in “802.11” type when sniffing on w60g interface in “sniff” mode;
– snmp – added “dot1qPortVlanTable” and “dot1dBasePortTable” OIDs;
– snmp – changed fan speed value type to Gauge32;
– snmp – fixed “rsrq” reported precision;
– snmp – fixed w60g station table;
– snmp – removed “rx-sector” (“Wl60gRxSector”) value;
– snmp – report bridge ifSpeed as “0”;
– snmp – report ifSpeed 0 for sub-layer interfaces;
– ssh – added “allow-none-crypto” parameter to disable “none” encryption usage (CLI only);
– ssh – added error log message when key exchange fails;
– ssh – close active SSH connections before IPsec connections on shutdown;
– ssh – fixed public key format compatibility with RFC4716;
– supout – fixed “poe-out” output not showing all interfaces;
– supout – fixed Profile output on single core devices;
– switch – added comment field to switch ACL rules;
– switch – fixed ACL rules on IPQ4018 devices;
– system – accept only valid path for “log-file” parameter in “port” menu;
– system – removed obsolete “/driver” command;
– tr069-client – added “check-certificate” parameter to allow communication without certificates;
– tr069-client – added “connection-request-port” parameter (CLI only);
– tr069-client – added support for InformParameter object;
– tr069-client – fixed certificate verification for certificates with IP address;
– tr069-client – fixed HTTP cookie getting duplicated with the same key;
– tr069-client – increased reported “rsrq” precision;
– traceroute – improved stability when sending large ping amounts;
– traffic-flow – reduced minimal value of “active-flow-timeout” parameter to 1s;
– tunnel – properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as “remote-address”;
– upgrade – made security package depend on DHCP package;
– usb – improved power-reset error message when no bus specified on CCR1072-8G-1S+;
– usb – improved USB device powering on startup for hAP ac^2 devices;
– usb – increased default power-reset timeout to 5 seconds;
– userman – added first and last name fields for signup form;
– userman – show redirect location in error messages;
– user – require “write” permissions for LTE firmware update;
– vrrp – made “password” parameter sensitive;
– w60g – added “10s-average-rssi” parameter to align mode (CLI only);
– w60g – added align mode “/interface w60g align” (CLI only);
– w60g – fixed scan in bridge mode;
– w60g – improved PtMP performance;
– w60g – improved reconnection detection;
– w60g – improved “tx-packet-error-rate” reading;
– w60g – renamed disconnection message when license level did not allow more connected clients;
– w60g – renamed “frequency-list” to “scan-list”;
– watchdog – allow specifying DNS name for “send-smtp-server” parameter;
– webfig – improved file handling;
– winbox – added 4th chain selection for “HT TX chains” and “HT RX chains” under “CAPsMAN/CAP Interface/Wireless” tab;
– winbox – added “allow-dual-stack-queue” parameter in “IP/DHCP Server” and “IPv6/DHCP Server” menus;
– winbox – added “challenge-password” field when signing certificate with SCEP;
– winbox – added “conflict-detection” parameter in “IP/DHCP Server” menu;
– winbox – added “coordinate-format” parameter in LTE interface settings;
– winbox – added “radio-name” setting to “CAPsMAN/CAP Interface/General” tab;
– winbox – added “secondary-channel” setting to “CAPsMAN/CAP Interface/Channel” tab;
– winbox – added src/dst address and in/out interface list columns to default firewall menu view;
– winbox – added support for dynamic devices in “IP/Kid Control/Devices” tab;
– winbox – allow setting “network-mode” to “auto” under LTE interface settings;
– winbox – allow specifying interface lists in “CAPsMAN/Access List” menu;
– winbox – fixed “IPv6/Firewall” “Connection limit” parameter not allowing complete IPv6 prefix lengths;
– winbox – fixed L2MTU parameter setting on “W60G” type interfaces;
– winbox – fixed “LCD” menu not shown on RB2011UiAS-2HnD;
– winbox – fixed missing w60g interface status values;
– winbox – improved file handling;
– winbox – moved “Too Long” statistics counter to Ethernet “Rx Stats” tab;
– winbox – organized wireless parameters between simple and advanced modes;
– winbox – renamed “Default AP Tx Rate” to “Default AP Tx Limit”;
– winbox – renamed “Default Client Tx Rate” to “Default Client Tx Limit”;
– winbox – show “R” flag under “IPv6/DHCP Server/Bindings” tab;
– winbox – show “System/RouterBOARD/Mode Button” on devices that have such feature;
– winbox – show “W60G” wireless tab on wAP 60G AP;
– wireless – added new “installation” parameter to specify router’s location;
– wireless – improved AR5212 response to incoming ACK frames;
– wireless – improved connection stability for new model Apple devices;
– wireless – improved NV2 performance for all ARM devices;
– wireless – improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac (“/system routerboard upgrade” required);
– wireless – improved system stability for all ARM devices with wireless;
– wireless – improved system stability for all devices with 802.11ac wireless;
– wireless – improved system stability when scanning for other networks;
– wireless – removed G/N support for 2484MHz in “japan” regulatory domain;
– wireless – report last seen IP address in RADIUS accounting messages;
– wireless – show “installation” parameter when printing configuration;
Download