میکروتیکنرم افزار های شبکه
موضوعات داغ

دانلود MikroTik RouterOS 6.45.1 Level 6 کرک شده

در این پست آخرین نسخه MikroTik RouterOS یعنی ورژن 6.45.1 که در تاریخ 2019-Jun-27 منتشر شده است را قرار می دهیم. این نسخه دارای License سطح 6 می باشد. تغییرات صورت گرفته در این نسخه بسیار زیاد می باشد که بجز قابلیت های جدیدی که به آن اضافه شده بسیاری از مشکلات امنیتی مانند CVE-2018-1157, CVE-2018-1158, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-13074, CVE-2011-1473 رفع شده است و در این نسخه از API جدیدی استفاده می کند که اطلاعات آن را در اینجا می توانید ببینید، لیست تغییرات در آخر پست قرار گرفته است. همچنین نرم افزار Winbox به نسخه 3.19 بروزرسانی شد.

دانلود MikroTik RouterOS 6.45.1 Level 6

MikroTik-RouterOS-6.44.3-CLI
MikroTik-RouterOS-6.44.3-CLI
MikroTik-RouterOS-6.44.3-winbox
MikroTik-RouterOS-6.44.3-winbox
لینک دانلود MikroTik RouterOS 6.45.1 Level 6
لینک دانلود Winbox version 3.19

نکته 1: برای استفاده از این ماشین مجازی (VM) ابتدا فایل را از حالت فشرده خارج نمایید و سپس فایل OVA Template مربوط به VM را به نرم افزار مجازی ساز معرفی – Import کنید. مخصوص ماشین مجازی VMware

نکته 2: برای این که مشکل MAC Address پیش نیاید پیشنهاد می شود در تنظیمات – Setting کارت شبکه MAC Address را با زدن دکمه Generate تغییر دهید.

MAC Address VMware
MAC Address VMware

نکته 3: در صورتیکه پس از اجرای VM، از شما پرسیده شد که این ماشین رو کپی – Copy کرده اید یا انتقال – Move داده اید، که در پاسخ بگویید که کپی – Copy شده است.

نکته 4: برای بروزرسانی مک آدرس میکروتیک هم میتوانید از طریق Winbox به شکل زیر عمل کنید

mikrotik routeros change mac address
mikrotik routeros change mac address

معرفی میکروتیک:

میکروتیک (به انگلیسی: MikroTik) نام شرکتی در لتونی است که تجهیزات شبکه رایانه‌ای و مخابرات بی‌سیم تولید می‌کند. مهمترین محصول این شرکت سیستم‌عامل میکروتیک است. سیستم‌عامل میکروتیک مسیریابی است که با استفاده از هسته لینوکس ساخته شده است. سیستم‌عامل میکروتیک علاوه‌بر قابلیت نصب بر روی رایانه‌های خانگی، به صورت بسته نرم‌افزاری-سخت‌افزاری نیز ارائه شده است. سیستم‌عامل میکروتیک در سال 1995 میلادی توسط دو دانشجوی دانشگاه ام‌ای‌تی آمریکا به وسیله نگارشی از سیستم‌عامل لینوکس بنیان گذاشته شد. همزمان با شکل‌گیری استانداردهای 802.11 و توسعه سخت‌افزاری این سیستم‌عامل قابلیت بیسیم نیز به آن افزوده شد.

این دستگاه جزو مسیریاب‌های قوی ارائه شده و همرده مسیریاب‌های شرکت سیسکو می‌باشد و دارای قابلیت‌های منحصر به فرد می‌باشد.

از قابلیت‌های میکروتیک می‌توان به موارد زیر اشاره کرد:
مسیریابی (به انگلیسی: routing)
دیوار آتش (به انگلیسی: firewall)
بی‌سیم به (به انگلیسی: wireless)
پروتکل پیکربندی پویای میزبان (به انگلیسی: Dhcp server)
برگردان نشانی شبکه و میزبان نماینده (به انگلیسی: nat and proxy server)
پشتیبانی از آی‌پی نسخه ۶ (به انگلیسی: IPv6 support)
مدیریت کاربر (به انگلیسی: user managment)
تعادل‌رسانی بارگذاری (به انگلیسی: load balancing)
صفحه مدارهای مسیریاب‌های میکروتیک به طور کلی به دوسته مسیریاب‌ها و بی‌سیم‌ها تقسیم می‌شوند البته دستگاه‌های بی‌سیم هم توانایی مسیریابی را دارند اما عمده استفاده آنها در صنعت بی‌سیم می‌باشد.

RouterOS
محصول اصلی میکروتیک سیستم عامل مبتنی بر لینوکس است که به عنوان MikroTik RouterOS شناخته می‌شود. با نصب بر روی سخت‌افزار اختصاصی همان شرکت (RouterBOARD) و یا بر روی رایانه‌های استاندارد مبتنی بر x86، سخت‌افزار را به یک مسیریاب شبکه تبدیل می‌کند و بسیاری از ویژگی‌های اضافه مختلف را به اجرا درمی‌آورد؛ مانند دیواره آتش، خدمات دهنده و سرویس گیرنده شبکه خصوصی مجازی، شکل دهنده و ارتقا دهنده کیفیت خدمات پهنای باند. همچنین ویژگی نقطه دسترسی (Access Point) و دیگر ویژگی‌ها را در شبکه‌های بیسیم بازی می‌کند. به منظور ارتقای سطح عملکرد این سیستم عامل باید مجوز (لایسنس) هر ویژگی را دریافت کرد. برنامه کاربردی این شرکت برای سیستم عامل مایکروسافت ویندوز، Winbox نام دارد؛ که یک رابط گرافیکی کاربر برای پیکربندی مسیریاب و نظارت بر کارکرد آن فراهم می‌کند. درعین حال RouterOS امکان دسترسی را از طریق FTP، telnet، و SSH مهیا می‌کند. به علاوه، برای مدیریت و نظارت یک برنامه کاربردی رابط (API) جهت دسترسی مستقیم از طریق برنامه‌های کاربردی نیز وجود دارد

ویژگی‌های RouterOS
RouterOS از بسیاری برنامه‌های کاربردی که توسط ارائه دهندگان خدمات اینترنت استفاده شده می‌شود پشتیبانی می‌کند. به عنوان مثال OSPF و سوئیچینگ برچسب چندقرارداری (VPLS / MPLS). پشتیبانی محصول توسط میکروتیک از طریق انجمن و ویکی انجام می‌گیرد. بدین وسیله نمونه‌هایی از تنظیمات حرفه‌ای و کلی ارائه می‌شود. RouterOS از IPv4 و | پروتکل_اینترنت_نسخه_۴ (IPv4) را و همچنین پروتکل_اینترنت_نسخه_۶ (از IPv6).

پشتیانی رابط‌های شبکه در این نرم‌افزار تقریباً شامل تمام رابط‌های شبکه (NIC) که هسته لینوکس پشتیبانی می‌کند، بجز رابط بی‌سیم؛ که در این بین رابط‌های ساخت Atheros و PRISM مستثنی هستند.

سیستم‌عامل میکروتیک
سیستم‌عامل میکروتیک در واقع همان هسته مرکزی دستگاه‌های میکروتیک اند و مشابه سیستم‌عامل در روترهای سیسکو عمل می‌کنند. در حال حاضر جدیدترین سیستم‌عاملی که توسط شرکت میکروتیک ارائه شده همین نسخه موجود در سایت می‌باشد که نسخه پایدار و قابل اطمینان این سیستم‌عامل است، البته نسخه آزمایشی آن هم در سایت خود میکروتیک برای علاقه‌مندان ارائه شده‌ است.

مجوز استفاده
میکروتیک برای کاهش هزینه‌ها از مجوزهای (به انگلیسی: License) مختلفی در بکارگیری دستگاه‌ها استفاده کرده‌است آنچه امروز قابل ارائه است مجوزهای سطح سه، چهار، پنج و شش است. هرگاه شما دستگاه میکروتیک را خریداری می‌کنید بر روی آن دستگاه شما مجوز استفاده با یکی از سطوح سه، چهار، پنج و یا 6 را دارید. هر مجوز امکان مدیریت کاربران بیشتری را در شبکه به شما می‌دهد. بالاترین سطح مجوز که سطح شش است به شما امکان مدیریت در تمامی امکانات و کاربران نامحدود را می‌دهد.

MikroTik certified training programs

دوره های میکروتیک - Mikrotik Certification Roadmap
دوره های میکروتیک – Mikrotik Certification Roadmap
  • MTCNA – MikroTik Certified Network Associate (view outline)
  • MTCRE – MikroTik Certified Routing Engineer (view outline)
  • MTCWE – MikroTik Certified Wireless Engineer (view outline)
  • MTCTCE – MikroTik Certified Traffic Control Engineer (view outline)
  • MTCUME – MikroTik Certified User Management Engineer (view outline)
  • MTCIPv6E – MikroTik Certified IPv6 Engineer (view outline)
  • MTCINE – MikroTik Certified Inter-networking Engineer (view outline)
  • MTCSE – MikroTik Certified Security Engineer (view outline)
  • MTCASE – MikroTik Certified Advanced Security Engineer (view outline)

What’s new in 6.45.1 (2019-Jun-27 10:23):

Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login

MAJOR CHANGES IN v6.45.1:
———————-
!) dot1x – added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 – added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) security – fixed vulnerabilities CVE-2018-1157, CVE-2018-1158;
!) security – fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security – fixed vulnerability CVE-2019-13074;
!) user – removed insecure password storage;
———————-

Changes in this release:

*) bridge – correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge – correctly handle bridge host table;
*) bridge – fixed log message when hardware offloading is being enabled;
*) bridge – improved stability when receiving traffic over USB modem with bridge firewall enabled;
*) capsman – fixed CAP system upgrading process for MMIPS;
*) capsman – fixed interface-list usage in access list;
*) ccr – improved packet processing after overloading interface;
*) certificate – added “key-type” field;
*) certificate – added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) certificate – fixed self signed CA certificate handling by SCEP client;
*) certificate – made RAM the default CRL storage location;
*) certificate – removed DSA (D) flag;
*) certificate – removed “set-ca-passphrase” parameter;
*) chr – legacy adapters require “disable-running-check=yes” to be set;
*) cloud – added “replace” parameter for backup “upload-file” command;
*) conntrack – fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack – significant stability and performance improvements;
*) crs317 – fixed known multicast flooding to the CPU;
*) crs3xx – added ethernet tx-drop counter;
*) crs3xx – correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx – fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx – fixed “tx-drop” counter;
*) crs3xx – improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf – added “custom-script” field that prints custom configuration installed by Netinstall;
*) defconf – automatically set “installation” parameter for outdoor devices;
*) defconf – changed default configuration type to AP for cAP series devices;
*) defconf – fixed channel width selection for RU locked devices;
*) dhcp – create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp – do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp – show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server – added “client-mac-limit” parameter;
*) dhcpv4-server – added IP conflict logging;
*) dhcpv4-server – added RADIUS accounting support with queue based statistics;
*) dhcpv4-server – added “vendor-class-id” matcher (CLI only);
*) dhcpv4-server – improved stability when performing “check-status” command;
*) dhcpv4-server – replaced “busy” lease status with “conflict” and “declined”;
*) dhcpv6-client – added option to disable rapid-commit;
*) dhcpv6-client – fixed status update when leaving “bound” state;
*) dhcpv6-server – added additional RADIUS parameters for Prefix delegation, “rate-limit” and “life-time”;
*) dhcpv6-server – added “address-list” support for bindings;
*) dhcpv6-server – added “insert-queue-before” and “parent-queue” parameters;
*) dhcpv6-server – added RADIUS accounting support with queue based statistics;
*) dhcpv6-server – added “route-distance” parameter;
*) dhcpv6-server – fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server – override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery – correctly create neighbors from VLAN tagged discovery messages;
*) discovery – fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery – improved neighbour’s MAC address detection;
*) discovery – limit max neighbour count per interface based on total RAM memory;
*) discovery – show neighbors on actual mesh ports;
*) e-mail – include “message-id” identification field in e-mail header;
*) e-mail – properly release e-mail sending session if the server’s domain name can not be resolved;
*) ethernet – added support for 25Gbps and 40Gbps rates;
*) ethernet – fixed running (R) flag not present on x86 interfaces and CHR legacy adapters;
*) ethernet – increased loop warning threshold to 5 packets per second;
*) fetch – added SFTP support;
*) fetch – improved user policy lookup;
*) firewall – fixed fragmented packet processing when only RAW firewall is configured;
*) firewall – process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps – fixed missing minus close to zero coordinates in dd format;
*) gps – make sure “direction” parameter is upper case;
*) gps – strip unnecessary trailing characters from “longtitude” and “latitude” values;
*) gps – use “serial0” as default port on LtAP mini;
*) hotspot – added “interface-mac” variable to HTML pages;
*) hotspot – moved “title” HTML tag after “meta” tags;
*) ike1 – adjusted debug packet logging topics;
*) ike2 – added support for ECDSA certificate authentication (rfc4754);
*) ike2 – added support for IKE SA rekeying for initiator;
*) ike2 – do not send “User-Name” attribute to RADIUS server if not provided;
*) ike2 – improved certificate verification when multiple CA certificates received from responder;
*) ike2 – improved child SA rekeying process;
*) ike2 – improved XAuth identity conversion on upgrade;
*) ike2 – prefer SAN instead of DN from certificate for ID payload;
*) ippool – improved logging for IPv6 Pool when prefix is already in use;
*) ipsec – added dynamic comment field for “active-peers” menu inherited from identity;
*) ipsec – added “ph2-total” counter to “active-peers” menu;
*) ipsec – added support for RADIUS accounting for “eap-radius” and “pre-shared-key-xauth” authentication methods;
*) ipsec – added traffic statistics to “active-peers” menu;
*) ipsec – disallow setting “src-address” and “dst-address” for transport mode policies;
*) ipsec – do not allow adding identity to a dynamic peer;
*) ipsec – fixed policies becoming invalid after changing priority;
*) ipsec – general improvements in policy handling;
*) ipsec – properly drop already established tunnel when address change detected;
*) ipsec – renamed “remote-peers” to “active-peers”;
*) ipsec – renamed “rsa-signature” authentication method to “digital-signature”;
*) ipsec – replaced policy SA address parameters with peer setting;
*) ipsec – use tunnel name for dynamic IPsec peer name;
*) ipv6 – improved system stability when receiving bogus packets;
*) ltap – renamed SIM slots “up” and “down” to “2” and “3”;
*) lte – added initial support for Vodafone R216-Z;
*) lte – added passthrough interface subnet selection;
*) lte – added support for manual operator selection;
*) lte – allow setting empty APN;
*) lte – allow to specify URL for firmware upgrade “firmware-file” parameter;
*) lte – do not show error message for info commands that are not supported;
*) lte – fixed session reactivation on R11e-LTE in UMTS mode;
*) lte – improved firmware upgrade process;
*) lte – improved “info” command query;
*) lte – improved R11e-4G modem operation;
*) lte – renamed firmware upgrade “path” command to “firmware-file” (CLI only);
*) lte – show alphanumeric value for operator info;
*) lte – show correct firmware revision after firmware upgrade;
*) lte – use default APN name “internet” when not provided;
*) lte – use secondary DNS for DNS server configuration;
*) m33g – added support for additional Serial Console port on GPIO headers;
*) ospf – added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf – fixed opaque LSA type checking in OSPFv2;
*) ospf – improved “unknown” LSA handling in OSPFv3;
*) ovpn – added “verify-server-certificate” parameter for OVPN client (CVE-2018-10066);
*) ppp – added initial support for Quectel BG96;
*) proxy – increased minimal free RAM that can not be used for proxy services;
*) rb3011 – improved system stability when receiving bogus packets;
*) rb4011 – fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb921 – improved system stability (“/system routerboard upgrade” required);
*) routerboard – renamed ‘sim’ menu to ‘modem’;
*) sfp – fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms – added USSD message functionality under “/tool sms” (CLI only);
*) sms – allow specifying multiple “allowed-number” values;
*) sms – improved delivery report logging;
*) snmp – added “dot1dStpPortTable” OID;
*) snmp – added OID for neighbor “interface”;
*) snmp – added “write-access” column to community print;
*) snmp – allow setting interface “adminStatus”;
*) snmp – fixed “send-trap” not working when “trap-generators” does not contain “temp-exception”;
*) snmp – fixed “send-trap” with multiple “trap-targets”;
*) snmp – improved reliability on SNMP service packet validation;
*) snmp – properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh – accept remote forwarding requests with empty hostnames;
*) ssh – added new “ssh-exec” command for non-interactive command execution;
*) ssh – fixed non-interactive multiple command execution;
*) ssh – improved remote forwarding handling (introduced in v6.44.3);
*) ssh – improved session rekeying process on exchanged data size threshold;
*) ssh – keep host keys when resetting configuration with “keep-users=yes”;
*) ssh – use correct user when “output-to-file” parameter is used;
*) sstp – improved stability when received traffic hits tarpit firewall;
*) supout – added IPv6 ND section to supout file;
*) supout – added “kid-control devices” section to supout file;
*) supout – added “pwr-line” section to supout file;
*) supout – changed IPv6 pool section to output detailed print;
*) switch – properly reapply settings after switch chip reset;
*) tftp – added “max-block-size” parameter under TFTP “settings” menu (CLI only);
*) tile – improved link fault detection on SFP+ ports;
*) tr069-client – added LTE CQI and IMSI parameter support;
*) tr069-client – fixed potential memory corruption;
*) tr069-client – improved error reporting with incorrect firware upgrade XML file;
*) traceroute – improved stability when sending large ping amounts;
*) traffic-generator – improved stability when stopping traffic generator;
*) tunnel – removed “local-address” requirement when “ipsec-secret” is used;
*) userman – added support for “Delegated-IPv6-Pool” and “DNS-Server-IPv6-Address” (CLI only);
*) w60g – do not show unused “dmg” parameter;
*) w60g – prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g – show running frequency under “monitor” command;
*) winbox – added “System/SwOS” menu for all dual-boot devices;
*) winbox – do not allow setting “dns-lookup-interval” to “0”;
*) winbox – show “LCD” menu only on boards that have LCD screen;
*) wireless – fixed frequency duplication in the frequency selection menu;
*) wireless – fixed incorrect IP header for RADIUS accounting packet;
*) wireless – improved 160MHz channel width stability on rb4011;
*) wireless – improved DFS radar detection when using non-ETSI regulated country;
*) wireless – improved installation mode selection for wireless outdoor equipment;
*) wireless – set default SSID and supplicant-identity the same as router’s identity;
*) wireless – updated “china” regulatory domain information;
*) wireless – updated “new zealand” regulatory domain information;
*) www – improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);

What’s new in 6.44.3 (2019-Apr-23 12:37):

*) certificate – fixed SAN being duplicated on status change (introduced in v6.44);
*) conntrack – fixed “loose-tcp-tracking” parameter not taken in action (introduced in v6.44);
*) dhcpv4-server – fixed commenting option for alerts;
*) dhcpv6-server – fixed binding setting update from RADIUS;
*) ike1 – improved stability for transport mode policies on initiator side;
*) ipsec – fixed freshly created identity not taken in action (introduced in v6.44);
*) ipsec – fixed possible configuration corruption after import (introduced in v6.44);
*) ipv6 – adjusted IPv6 route cache max size;
*) ipv6 – improved IPv6 neighbor table updating process;
*) lte – reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) rb2011 – removed “sfp-led” from “System/LEDs” menu;
*) smb – fixed possible buffer overflow;
*) snmp – added “radio-name” (mtxrWlRtabRadioName) OID support;
*) ssh – added “both”, “local” and “remote” options for “forwarding-enabled” parameter;
*) ssh – do not generate host key on configuration export;
*) ssh – fixed multiline non-interactive command execution;
*) switch – fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) userman – updated authorize.net gateway DNS name;
*) wireless – added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless – improved wireless country settings for EU countries; 

What’s new in 6.44.2 (2019-Apr-01 12:47):

MAJOR CHANGES IN v6.44.2:
———————-
!) ipv6 – fixed soft lockup when forwarding IPv6 packets;
!) ipv6 – fixed soft lockup when processing large IPv6 Neighbor table;
———————-

Changes in this release:

*) ipv6 – adjust IPv6 route cache max size based on total RAM memory;

What’s new in 6.44.1 (2019-Mar-13 08:38):

Changes in this release:

*) bridge – fixed possible memory leak when using “ingress-filtering=yes” on bridge interface;
*) certificate – force 3DES encryption for P12 certificate export;
*) dhcp – fixed dual stack queue addition;
*) dhcpv6-server – use MAC address for RADIUS user when “allow-dual-stack-queue=yes”;
*) e-mail – fixed missing “from” address for sent e-mails (introduced in v6.44);
*) gps – increase precision for dd format;
*) gps – removed unnecessary leading “0” for dd format;
*) ipsec – allow identities with empty XAuth login and password if RADIUS is enabled (introduced in v6.44);
*) ipsec – fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec – use “remote-id=ignore” for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 – do not allow setting “preferred-lifetime” longer than “valid-lifetime”;
*) lte – do not show “session-uptime” if session is not up;
*) lte – fixed LTE interface band setting on RBSXTLTE3-7 (introduced in v6.44);
*) rb4011 – fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) winbox – added “use-local-address” parameter in “IP/Cloud” menu;
*) wireless – fixed antenna gain setting on RBSXT5nDr2;

What’s new in 6.44 (2019-Feb-25 14:11):

MAJOR CHANGES IN v6.44:
———————-
!) cloud – added command “/system backup cloud” for backup storing on cloud (CLI only);
!) ipsec – added new “identity” menu with common peer distinguishers;
!) ipsec – removed “main-l2tp” exchange-mode, it is the same as “main” exchange-mode;
!) ipsec – removed “users” menu, XAuth user configuration is now handled by “identity” menu;
!) radius – initial implementation of RadSec (RADIUS communication over TLS);
!) speedtest – added “/tool speed-test” for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
———————-

Changes in this release:

*) bgp – properly update keepalive time after peer restart;
*) bridge – added option to monitor fast-forward status;
*) bridge – count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge – disable fast-forward when using SlowPath features;
*) bridge – fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge – fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge – fixed log message when hardware offloading is being enabled;
*) bridge – fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge – fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge – fixed possible memory leak when using MSTP;
*) bridge – fixed system’s identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge – improved packet handling when hardware offloading is being disabled;
*) bridge – improved packet processing when bridge port changes states;
*) btest – added multithreading support for both UDP and TCP tests;
*) btest – added warning message when CPU load exceeds 90% (CLI only);
*) capsman – always accept connections from loopback address;
*) certificate – added support for multiple “Subject Alt. Names”;
*) certificate – enabled RC2 cipher to allow P12 certificate decryption;
*) certificate – fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate – show digest algorithm used in signature;
*) chr – assign interface names based on underlying PCI device order on KVM;
*) chr – distribute NIC queue IRQ’s evenly across all CPUs;
*) chr – fixed IRQ balancing when using more than 32 CPUs;
*) chr – improved system stability when insufficient resources are allocated to the guest;
*) cloud – added “ddns-update-interval” parameter;
*) cloud – do not reuse old UDP socket if routing changes are detected;
*) cloud – ignore “force-update” command if DDNS is disabled;
*) cloud – improved DDNS service disabling;
*) cloud – made address updating faster when new public address detected;
*) conntrack – added new “loose-tcp-tracking” parameter (equivalent to “nf_conntrack_tcp_loose” in netfilter);
*) console – renamed IP protocol 41 to “ipv6-encap”;
*) console – updated copyright notice;
*) crs317 – fixed packet forwarding when LACP is used with hw=no;
*) crs3xx – fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx – improved fan control stability;
*) defconf – fixed configuration not generating properly on upgrade;
*) defconf – fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf – fixed IPv6 link-local address range in firewall rules;
*) dhcp – added “allow-dual-stack-queue” setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp – properly load DHCP configuration if options are configured;
*) dhcpv4-server – added “parent-queue” parameter (CLI only);
*) dhcpv4-server – added “User-Name” attribute to RADIUS accounting messages;
*) dhcpv4-server – fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv4-server – use ARP for conflict detection;
*) dhcpv6-client – use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server – allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server – fixed missing gateway for binding’s network if RADIUS authentication was used;
*) dhcpv6-server – improved DHCPv6 server stability when using “print” command;
*) dhcpv6-server – show “client-address” parameter for bindings;
*) discovery – detect proper slave interface on bounded interfaces;
*) discovery – fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery – send master port in “interface-name” parameter;
*) discovery – show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail – added info log message when e-mail is sent successfully;
*) ethernet – added “tx-rx-1024-max” counter to Ethernet stats;
*) ethernet – fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet – fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet – fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet – fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet – improved per core ethernet traffic classificator on mmips devices;
*) export – fixed “silent-boot” compact export;
*) fetch – added “http-header-field” parameter;
*) fetch – added option to specify multiple headers under “http-header-field”, including content type;
*) fetch – fixed “without-paging” option;
*) fetch – improved file downloading to slow memory;
*) fetch – improved stability when using HTTP mode;
*) fetch – removed “http-content-type” parameter;
*) gps – increase precision for dd format;
*) gps – moved “coordinate-format” from “monitor” command to “set” parameter;
*) health – improved fan control stability on CRS328-24P-4S+RM;
*) hotspot – added “https-redirect” under server profiles;
*) hotspot – added per-user NAT rule generation based on “incoming-filter” and “outgoing-filter” parameters;
*) ike1 – do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
*) ike1 – fixed memory leak;
*) ike2 – added option to specify certificate chain;
*) ike2 – added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 – allow to match responder peer by “my-id=fqdn” field;
*) ike2 – fixed local address lookup when initiating new connection;
*) ike2 – improved subsequent phase 2 initialization when no childs exist;
*) ike2 – properly handle certificates with empty “Subject”;
*) ike2 – retry RSA signature validation with deduced digest from certificate;
*) ike2 – send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 – show weak pre-shared-key warning;
*) interface – added “pwr-line” interface support (more information will follow in next newsletter);
*) ipsec – added account log message when user is successfully authenticated;
*) ipsec – added basic pre-shared-key strength checks;
*) ipsec – added new “remote-id” peer matcher;
*) ipsec – allow to specify single address instead of IP pool under “mode-config”;
*) ipsec – fixed active connection killing when changing peer configuration;
*) ipsec – fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec – fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec – hide empty prefixes on “peer” menu;
*) ipsec – improved invalid policy handling when a valid policy is uninstalled;
*) ipsec – made dynamic “src-nat” rule more specific;
*) ipsec – made peers autosort themselves based on reachability status;
*) ipsec – moved “profile” menu outside “peer” menu;
*) ipsec – properly detect AES-NI extension as hardware AEAD;
*) ipsec – removed limitation that allowed only single “auth-method” with the same “exchange-mode” as responder;
*) ipsec – require write policy for key generation;
*) kidcontrol – added IPv6 support;
*) kidcontrol – added “reset-counters” command for “device” menu (CLI only);
*) kidcontrol – added statistics web interface for kids );
*) kidcontrol – added “tur-fri”, “tur-mon”, “tur-sat”, “tur-sun”, “tur-thu”, “tur-tue”, “tur-wed” parameters;
*) kidcontrol – dynamically discover devices from DNS activity;
*) kidcontrol – fixed validation checks for time intervals;
*) kidcontrol – properly detect time zone changes;
*) kidcontrol – use “/128” prefix-length for IPv6 addresses;
*) l2tp – fixed IPsec secret not being updated when “ipsec-secret” is changed under L2TP client configuration;
*) lcd – made “pin” parameter sensitive;
*) led – fixed default LED configuration for RBSXTsq-60ad;
*) led – fixed default LED configuration for wAP 60G AP devices;
*) led – fixed PWR-LINE AP Ethernet LED polarity (“/system routerboard upgrade” required);
*) lldp – fixed missing capabilities fields on some devices;
*) lte – added additional ID support for Novatel USB730L modem;
*) lte – added “cell-monitor” command for R11e-LTE international modem (CLI only);
*) lte – added “ecno” field for “info” command;
*) lte – added “firmware-upgrade” command for R11e-LTE international modems (CLI only);
*) lte – added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte – added initial support for Telit LN940;
*) lte – added multiple APN support for R11e-4G;
*) lte – added option to lock the LTE operator;
*) lte – added support for JioFi JMR1040 modem;
*) lte – fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte – fixed DHCP IP acquire (introduced in v6.43.7);
*) lte – fixed DHCP relay packet forwarding when in passthrough mode;
*) lte – fixed IPv6 activation for R11e-LTE-US modems;
*) lte – fixed Jaton/SQN modems preventing router from booting properly;
*) lte – fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte – fixed missing running (R) flag for Jaton LTE modems;
*) lte – fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte – fixed reported “rsrq” precision (introduced in v6.43.8);
*) lte – improved compatibility for Alt38xx modems;
*) lte – improved SIM7600 initialization after reset;
*) lte – improved SimCom 7100e support;
*) lte – query “cfun” on initialization;
*) lte – require write policy for at-chat;
*) lte – update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall – do not show kernel failure critical messages in the log after fresh install;
*) ntp-client – fixed “dst-active” and “gmt-offset” being updated after synchronization with server;
*) port – improved “remote-serial” TCP performance in RAW mode;
*) ppp – added “at-chat” command;
*) ppp – fixed dynamic route creation towards VPN server when “add-default-route” is used;
*) profiler – classify kernel crypto processing as “encrypting”;
*) profile – removed obsolete “file-name” parameter;
*) proxy – removed port list size limit;
*) radius – implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 – implemented multiple engine IPsec hardware acceleration support;
*) rb4011 – fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 – improved SFP+ interface linking to 1Gbps;
*) rbm33g – improved stability when used with some USB devices;
*) romon – improved reliability when processing RoMON packets on CHR;
*) routerboard – removed “RB” prefix from PWR-LINE AP devices;
*) routerboard – require at least 10 second interval between “reformat-hold-button” and “max-reformat-hold-button”;
*) smb – added commenting option for SMB users (CLI only);
*) smb – fixed macOS clients not showing share contents;
*) smb – fixed Windows 10 clients not able to establish connection to share;
*) sniffer – save packet capture in “802.11” type when sniffing on w60g interface in “sniff” mode;
*) snmp – added “dot1qPortVlanTable” and “dot1dBasePortTable” OIDs;
*) snmp – changed fan speed value type to Gauge32;
*) snmp – fixed “rsrq” reported precision;
*) snmp – fixed w60g station table;
*) snmp – removed “rx-sector” (“Wl60gRxSector”) value;
*) snmp – report bridge ifSpeed as “0”;
*) snmp – report ifSpeed 0 for sub-layer interfaces;
*) ssh – added “allow-none-crypto” parameter to disable “none” encryption usage (CLI only);
*) ssh – added error log message when key exchange fails;
*) ssh – close active SSH connections before IPsec connections on shutdown;
*) ssh – fixed public key format compatibility with RFC4716;
*) supout – fixed “poe-out” output not showing all interfaces;
*) supout – fixed Profile output on single core devices;
*) switch – added comment field to switch ACL rules;
*) switch – fixed ACL rules on IPQ4018 devices;
*) system – accept only valid path for “log-file” parameter in “port” menu;
*) system – removed obsolete “/driver” command;
*) tr069-client – added “check-certificate” parameter to allow communication without certificates;
*) tr069-client – added “connection-request-port” parameter (CLI only);
*) tr069-client – added support for InformParameter object;
*) tr069-client – fixed certificate verification for certificates with IP address;
*) tr069-client – fixed HTTP cookie getting duplicated with the same key;
*) tr069-client – increased reported “rsrq” precision;
*) traceroute – improved stability when sending large ping amounts;
*) traffic-flow – reduced minimal value of “active-flow-timeout” parameter to 1s;
*) tunnel – properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as “remote-address”;
*) upgrade – made security package depend on DHCP package;
*) usb – improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb – improved USB device powering on startup for hAP ac^2 devices;
*) usb – increased default power-reset timeout to 5 seconds;
*) userman – added first and last name fields for signup form;
*) userman – show redirect location in error messages;
*) user – require “write” permissions for LTE firmware update;
*) vrrp – made “password” parameter sensitive;
*) w60g – added “10s-average-rssi” parameter to align mode (CLI only);
*) w60g – added align mode “/interface w60g align” (CLI only);
*) w60g – fixed scan in bridge mode;
*) w60g – improved PtMP performance;
*) w60g – improved reconnection detection;
*) w60g – improved “tx-packet-error-rate” reading;
*) w60g – renamed disconnection message when license level did not allow more connected clients;
*) w60g – renamed “frequency-list” to “scan-list”;
*) watchdog – allow specifying DNS name for “send-smtp-server” parameter;
*) webfig – improved file handling;
*) winbox – added 4th chain selection for “HT TX chains” and “HT RX chains” under “CAPsMAN/CAP Interface/Wireless” tab;
*) winbox – added “allow-dual-stack-queue” parameter in “IP/DHCP Server” and “IPv6/DHCP Server” menus;
*) winbox – added “challenge-password” field when signing certificate with SCEP;
*) winbox – added “conflict-detection” parameter in “IP/DHCP Server” menu;
*) winbox – added “coordinate-format” parameter in LTE interface settings;
*) winbox – added “radio-name” setting to “CAPsMAN/CAP Interface/General” tab;
*) winbox – added “secondary-channel” setting to “CAPsMAN/CAP Interface/Channel” tab;
*) winbox – added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox – added support for dynamic devices in “IP/Kid Control/Devices” tab;
*) winbox – allow setting “network-mode” to “auto” under LTE interface settings;
*) winbox – allow specifying interface lists in “CAPsMAN/Access List” menu;
*) winbox – fixed “IPv6/Firewall” “Connection limit” parameter not allowing complete IPv6 prefix lengths;
*) winbox – fixed L2MTU parameter setting on “W60G” type interfaces;
*) winbox – fixed “LCD” menu not shown on RB2011UiAS-2HnD;
*) winbox – fixed missing w60g interface status values;
*) winbox – improved file handling;
*) winbox – moved “Too Long” statistics counter to Ethernet “Rx Stats” tab;
*) winbox – organized wireless parameters between simple and advanced modes;
*) winbox – renamed “Default AP Tx Rate” to “Default AP Tx Limit”;
*) winbox – renamed “Default Client Tx Rate” to “Default Client Tx Limit”;
*) winbox – show “R” flag under “IPv6/DHCP Server/Bindings” tab;
*) winbox – show “System/RouterBOARD/Mode Button” on devices that have such feature;
*) winbox – show “W60G” wireless tab on wAP 60G AP;
*) wireless – added new “installation” parameter to specify router’s location;
*) wireless – improved AR5212 response to incoming ACK frames;
*) wireless – improved connection stability for new model Apple devices;
*) wireless – improved NV2 performance for all ARM devices;
*) wireless – improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac (“/system routerboard upgrade” required);
*) wireless – improved system stability for all ARM devices with wireless;
*) wireless – improved system stability for all devices with 802.11ac wireless;
*) wireless – improved system stability when scanning for other networks;
*) wireless – removed G/N support for 2484MHz in “japan” regulatory domain;
*) wireless – report last seen IP address in RADIUS accounting messages;
*) wireless – show “installation” parameter when printing configuration;

What’s new in 6.43.4 (2018-Oct-17 06:37):

Changes in this release:

*) bridge – do not learn untagged frames when filtering only tagged packets;
*) bridge – fixed possible memory leak when VLAN filtering is used;
*) bridge – improved packet handling when hardware offloading is being disabled;
*) bridge – properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) crs328 – improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx – fixed possible memory leak when disabling bridge interface;
*) crs3xx – properly read “eeprom” data after different module inserted in disabled interface;
*) dhcpv4-server – use client MAC address for dual stack queue when “client-id” is not received;
*) dhcpv6-server – fixed dynamic binding addition on solicit when IA_PD does not contain prefix (introduced in v6.43);
*) dhcpv6-server – recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) ipsec – allow multiple peers to the same address with different local-address (introduced in v6.43);
*) led – added “dark-mode” functionality for LHG and LDF series devices;
*) led – added “dark-mode” functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) led – fixed default LED configuration for SXT LTE kit devices;
*) led – fixed power LED turning on after reboot when “dark-mode” is used;
*) ntp – fixed possible NTP server stuck in “started” state;
*) romon – improved packet processing when MTU in path is lower than 1500;
*) routerboard – show “boot-os” option only on devices that have such feature;
*) traffic-flow – fixed post NAT port reporting;
*) w60g – added “frequency-list” setting;
*) w60g – added interface stats;
*) w60g – fixed interface LED status update on connection;
*) w60g – general stability and performance improvements;
*) w60g – improved stability for short distance links;
*) w60g – renamed “mcs” to “tx-mcs” and “phy-rate” to “tx-phy-rate”;
Release 6.43.3 2018-10-18

What’s new in 6.43.3 (2018-Oct-05 13:12):

(factory only release)
Release 6.43.2 2018-09-20

What’s new in 6.43.2 (2018-Sep-18 12:12):

Changes in this release:

*) routerboot – fixed RouterOS booting on devices with particular NAND memory (introduced in v6.43);
Release 6.43.1 2018-09-18

What’s new in 6.43.1 (2018-Sep-17 06:53):

Changes in this release:

*) crs317 – fixed packet forwarding on bonded interfaces without hardware offloading;
*) defconf – properly clear global variables when generating default configuration after RouterOS upgrade;
*) dhcpv6-client – log only failed pool additions;
*) hotspot – properly update dynamic “walled-garden” entries when changing “dst-host”;
*) ike2 – fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte – fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) rb3011 – added IPsec hardware acceleration support;
*) routerboard – fixed memory tester reporting false errors on IPQ4018 devices (“/system routerboard upgrade” required);
*) sniffer – made “connection”, “host”, “packet” and “protocol” sections read-only;
*) switch – fixed port mirroring on devices that do not support CPU Flow Control;
*) upnp – improved UPnP service stability when handling HTTP requests;
*) webfig – allow to change user name when creating a new system user (introduced in v6.43);
*) webfig – fixed time interval settings not applied properly under “IP/Kid Control/Kids” menu;
*) winbox – added “allow-dual-stack-queue” setting to “IP/DHCP Server/Leases” menu;
*) winbox – added “allow-dual-stack-queue” setting to “IPv6/DHCPv6 Server/Bindings” menu;
*) winbox – fixed corrupt user database after specifying allowed address range (introduced in v6.43);
*) winbox – make bridge port “untrusted” by default when creating new port;
*) winbox – show “IP/Cloud” menu on CHR;
*) winbox – show “System/RouterBOARD/Mode Button” on devices that have such feature;
*) wireless – removed “czech republic 5.8” regulatory domain information as it overlaps with “ETSI 5.7-5.8”;
Release 6.43 2018-09-10

What’s new in 6.43 (2018-Sep-06 12:44):

MAJOR CHANGES IN v6.43:
———————-
!) api – changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup – do not encrypt backup file unless password is provided;
!) btest – requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud – added IPv6 support;
!) cloud – added support for licensed CHR instances (including trial);
!) cloud – reworked “/ip cloud ddns-enabled” implementation (suggested to disable service and re-enable after installation process);
!) radius – use MS-CHAPv2 for “login” service authentication;
!) romon – require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig – improved authentication process;
!) winbox – improved authentication process excluding man-in-the-middle possibility;
!) winbox – minimal required version is v3.15;
———————-

Changes in this release:

*) backup – added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup – generate proper file name when devices identity is longer than 32 symbols;
*) bridge – add dynamic CAP interface to tagged ports if “vlan-mode=use-tag” is enabled;
*) bridge – added an option to manually specify ports that have a multicast router (CLI only);
*) bridge – added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge – added ingress filtering options to bridge interface;
*) bridge – added initial Q-in-Q support;
*) bridge – added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge – added per-port based “tag-stacking” feature;
*) bridge – added support for BPDU Guard;
*) bridge – added support for DHCP Option 82;
*) bridge – added support for DHCP Snooping;
*) bridge – added support for IGMP Snooping fast-leave feature (CLI only);
*) bridge – fixed dynamic VLAN table entries when using ingress filtering;
*) bridge – fixed “ingress-filtering”, “frame-types” and “tag-stacking” value storing;
*) bridge – forward LACPDUs when “protocol-mode=none”;
*) bridge – ignore tagged BPDUs when bridge VLAN filtering is used;
*) bridge – improved packet handling;
*) bridge – improved packet processing when bridge port changes states;
*) bridge – improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge – renamed option “vlan-protocol” to “ether-type”;
*) capsman – added ability to use chain 3 for “HT TX chains” and “HT RX chains” selections (CLI only);
*) capsman – allow to change “radio-name” (CLI only);
*) capsman – increase timeout for the CAP to CAPsMAN communication;
*) certificate – added “expires-after” parameter;
*) certificate – do not allow to perform “undo” on certificate changes;
*) certificate – fixed RA “server-url” setting;
*) check-installation – improved system integrity checking;
*) chr – added checksum offload support for Hyper-V installations;
*) chr – added large send offload support for Hyper-V installations;
*) chr – added multiqueue support on Xen installations;
*) chr – added support for multiqueue feature on “virtio-net”;
*) chr – added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr – by default enable link state tracking for virtual drivers with “/interface ethernet disable-running-check=no”;
*) chr – do not show IRQ entries from removed devices;
*) chr – fixed interface name assign process when running CHR on Hyper-V;
*) chr – fixed interface name order when “virtio-net is not being used on KVM installations;
*) chr – fixed MTU changing process when running CHR on Hyper-V;
*) chr – fixed NIC hotplug for “virtio-net”;
*) chr – improved balooning process;
*) chr – improved boot time for Hyper-V installations;
*) chr – provide part of network interface GUID at the beginning of “bindstr2” value when running CHR on Hyper-V;
*) chr – reduced RAM memory required per interface;
*) cloud – added simultaneous IPv4/IPv6 support;
*) cloud – close local UDP port if no activity;
*) console – added “dont-require-permissions” parameter for scripts;
*) console – added error log message when netwatch tries to execute script with insufficient permissions;
*) console – added error log message when scheduler tries to execute script with insufficient permissions;
*) console – do not show spare parameters on ping command;
*) console – made “once” parameter mandatory when using “as-value” on “monitor” commands;
*) console – removed automatic swapping of “from=” and “to=” in “for” loops;
*) crs317 – fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 – fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs328 – fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx – added hardware support for DHCP Snooping and Option 82;
*) crs3xx – added Q-in-Q hardware offloading support;
*) crs3xx – do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx – fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx – fixed flow control;
*) crs3xx – fixed SwOS config import;
*) defconf – fixed default configuration for RBSXTsq5nD;
*) defconf – fixed missing bridge ports after configuration reset;
*) dhcp – added dynamic IPv4/IPv6 “dual-stack” simple queue support, based on client’s MAC address;
*) dhcp – reduced resource usage of DHCP services;
*) dhcpv4-client – fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client – fixed double ACK packet handling;
*) dhcpv4-server – added “allow-dual-stack-queue” implementation (CLI only);
*) dhcpv4-server – do not allow override lease “always-broadcast” value based on offer type;
*) dhcpv4-server – improved performance when “rate-limit” and/or “address-list” setting is present;
*) dhcpv6-client – added missing “Server identifier” parameter in release message;
*) dhcpv6-client – fixed “add-default-route” parameter;
*) dhcpv6-client – fixed option handling;
*) dhcpv6-client – improved dynamic IPv6 pool addition process;
*) dhcpv6-server – added additional RADIUS parameters for Prefix delegation, “rate-limit” and “life-time”;
*) dhcpv6-server – added “allow-dual-stack-queue” implementation (CLI only);
*) dhcpv6-server – added initial dynamic simple queue support;
*) dhcpv6-server – do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server – fixed dynamic simple queue creation for RADIUS bindings;
*) dns – fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);
*) dude – fixed client auto upgrade (broken since 6.43rc17);
*) ethernet – do not show “combo-state” field if interface is not SFP or copper;
*) ethernet – properly handle Ethernet interface default configuration;
*) export – do not show w60g password on “hide-sensitive” type of export;
*) fetch – added “as-value” output format;
*) fetch – fixed address and DNS verification in certificates;
*) filesystem – fixed NAND memory going into read-only mode (requires “factory-firmware” >= 3.41.1 and “current-firmware” >= 6.43);
*) filesystem – improved software crash handling on devices with FLASH type memory;
*) health – added missing parameters from export;
*) health – fixed voltage measurements for RB493G devices;
*) health – improved speed of health measurement readings;
*) hotspot – allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot – fixed RADIUS CoA & PoD by allowing to accept “NAS-Port-Id”;
*) ike1 – added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 – purge both SAs when timer expires;
*) ike1 – zero out reserved bytes in NAT-OA payload;
*) ike2 – fixed initiator first policy selection;
*) ike2 – fixed rekeyed child deletion during another exchange;
*) ike2 – improved basic exchange logging readability;
*) ike2 – use “/32” netmask by default on initiator if not provided by responder;
*) interface – improved interface “last-link-down-time” and “last-link-up-time” values;
*) interface – improved reliability on dynamic interface handling;
*) ippool – improved used address error message;
*) ipsec – added “responder” parameter for “mode-config” to allow multiple initiator configurations;
*) ipsec – added “src-address-list” parameter for “mode-config” that generates dynamic “src-nat” rule;
*) ipsec – added warning messages for incorrect peer configuration;
*) ipsec – do not allow removal of “proposal” and “mode-config” entries that are in use;
*) ipsec – fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
*) ipsec – fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec – fixed “static-dns” value storing;
*) ipsec – improved invalid policy handling when a valid policy is uninstalled;
*) ipsec – improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec – improved stability when using IPsec with disabled route cache;
*) ipsec – install all DNS server addresses provided by “mode-config” server;
*) ipsec – separate phase1 proposal configuration from peer menu;
*) ipsec – separate phase1 proposal configuration from peer menu;
*) ipsec – use monotonic timer for SA lifetime check;
*) kidcontrol – allow to edit discovered devices;
*) l2tp – allow setting “max-mtu” and “max-mru” bigger than 1500;
*) led – improved w60g alignment trigger;
*) leds – fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) log – fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log – show interface name on OSPF “different MTU” info log messages;
*) lte – added additional D-Link PIDs;
*) lte – added additional ID support for SIM7600 modem;
*) lte – added additional low endpoint SIM7600 PIDs;
*) lte – added eNB ID to info command;
*) lte – added extended LTE signal info for SIM7600 modules;
*) lte – added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte – added ICCID reading for info command R11e-LTE and R11e-LTE-US;
*) lte – added “registration-status” parameter under “/interface lte info” command;
*) lte – added roaming status reading for info command;
*) lte – added “sector-id” to info command;
*) lte – added support for alternative SIM7600 PID;
*) lte – added support for Novatel USB730LN modem with new ID;
*) lte – added support for Quanta 1k6e modem;
*) lte – allow to execute concurrent internal AT commands;
*) lte – allow to use multiple PLS modems at the same time;
*) lte – do not allow to remove default APN profile;
*) lte – do not allow to send “at-chat” commands for configless modems;
*) lte – expose GPS channel for PLS modems;
*) lte – fixed LTE registration in 2G/3G mode;
*) lte – fixed SIM7600 registration info;
*) lte – fixed SIM7600 series module support with newer device IDs;
*) lte – ignore empty MAC addresses during Passthrough discovery phase;
*) lte – improved modem event processing;
*) lte – improved r11e-LTE and r11e-LTE-US dialling process;
*) lte – improved r11e-LTE configuration exchange process;
*) lte – improved reading of SMS message after entering running state;
*) lte – improved readings of info command results for the SXT LTE;
*) lte – improved stability of USB LTE interface detection process;
*) lte – properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte – renamed LTE scan tool field “scan-code” to “mcc-mnc”;
*) lte – show UICC in correct format for SXT LTE devices;
*) lte – use “/32” address for the Passthrough feature when R11e-LTE module is used;
*) lte – use alphanumeric operator format in info command;
*) mac-telnet – improved reliability when connecting from RouterOS versions prior 6.43;
*) multicast – allow to add more than one RP per IP address for PIM;
*) ntp – allow to specify link-local address for NTP server;
*) ospf – improved link-local LSA flooding;
*) ospf – improved stability when originating LSAs with OSPFv3;
*) package – renamed “current-version” to “installed-version” under “/system package install”;
*) ppp – added support for additional ID for E3531 modem;
*) ppp – added support for Alfa Network U4G modem;
*) ppp – added support for Telit LM940 modem;
*) ppp – improved modem mode switching;
*) ppp – show comments from “/ppp secrets” menu within “/ppp active” menu when client is connected;
*) quickset – recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 – added DES and 3DES hardware acceleration support;
*) romon – fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon – properly classify RoMON sessions in log and active users list;
*) routerboard – allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard – fixed “protected-routerboot” feature (introduced in v6.42);
*) routerboard – fixed wrongly reported RAM size on ARM devices;
*) routerboot – removed RAM test from TILE devices (routerboot upgrade required);
*) sfp – fixed default advertised link speeds;
*) smb – fixed valid request handling when additional options are used;
*) sms – converted “keep-max-sms” feature to “auto-erase”;
*) sms – do not require “port” and “interface” parameters when sending SMS if already present in configuration;
*) sms – improved reliability on SMS reader;
*) snmp – added CAPsMAN “remote-cap” table;
*) snmp – added EAP identity to CAPsMAN registration table;
*) snmp – added “phy-rate” reading for “station-bridge” mode;
*) snmp – added “temp-exception” trap;
*) snmp – fixed interface speed reporting for predefined rates;
*) snmp – fixed “remote-cap” peer MAC address format;
*) ssh – disconnect all active connections when device gets rebooted or turned off;
*) ssh – strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout – added “files” section to supout file;
*) supout – added info log message when supout file is created;
*) supout – added monitored bridge VLAN table to supout file;
*) supout – added “w60g” section to supout file;
*) switch – added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
*) switch – added support for port isolation by switch chip;
*) switch – fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos – implemented “/system swos” menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile – added DES and 3DES hardware acceleration support;
*) tile – fixed false HW offloading flag for MPLS;
*) tr069-client – allow editing of “provisioning-code” attribute;
*) tr069-client – fixed setting of “DeviceInfo.ProvisioningCode” parameter;
*) tr069-client – use SNI extension for HTTPS;
*) upgrade – fixed RouterOS upgrade process from RouterOS v5 on PowerPC;
*) ups – improved UPS serial parsing stability;
*) usb – fixed modem initialisation on LtAP mini;
*) usb – fixed power-reset for hAP ac^2 devices;
*) user – all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman – fixed “shared-secret” parameter requiring “sensitive” policy;
*) vrrp – improved reliability on VRRP interface configured as a bridge port when “use-ip-firewall” is enabled;
*) w60g – added “beamforming-event” stats counter;
*) w60g – fixed random disconnects;
*) w60g – general stability and performance improvements;
*) watchdog – added “ping-timeout” setting;
*) webfig – do not automatically re-log in after logging out;
*) webfig – fixed occasional authentication failure when logging in;
*) webfig – fixed www service becoming unresponsive;
*) webfig – properly display time interval within Kid Control menu;
*) webfig – properly handle double clicking when logging in or out;
*) webfig – properly show NTP clients “last-adjustment” value;
*) winbox – added bridge Fast Forward statistics counters;
*) winbox – added “poe-fault” LED trigger;
*) winbox – added “tag-stacking” option to “Bridge/Ports”;
*) winbox – allow to specify LTE interface when sending SMS;
*) winbox – fixed arrow key handling within table filter fields;
*) winbox – fixed “bad-blocks” value presence under “System/Resources”;
*) winbox – fixed bridge port MAC learning parameter values;
*) winbox – fixed “IP/IPsec/Peers” section sorting;
*) winbox – fixed “write-sect-since-reboot” value presence under “System/Resources”;
*) winbox – properly close session when uploading multiple files to the device at the same time;
*) winbox – removed duplicate “20/40/80MHz” value from “channel-width” setting options;
*) winbox – renamed “VLAN Protocol” to “EtherType” under bridge interface “VLAN” tab;
*) winbox – show HT MCS tab when “5ghz-n/ac” band is used;
*) winbox – show “Switch” menu on hAP ac^2 devices;
*) winbox – show “System/RouterBOARD/Mode Button” on devices that has such feature;
*) wireless – accept only valid path for sniffer output file parameter;
*) wireless – accept only valid path for sniffer output file parameter;
*) wireless – added “czech republic 5.8” regulatory domain information;
*) wireless – added “etsi2” regulatory domain information;
*) wireless – added option for RADIUS “called-station-id” format selection;
*) wireless – added option to disable PMKID for WPA2;
*) wireless – do not disconnect clients when WDS master connects with MAC address “00:00:00:00:00:00”;
*) wireless – fixed “/interface wireless sniffer packet print follow” output;
*) wireless – fixed wireless interface lockup after period of inactivity;
*) wireless – improved Nv2 reliability on ARM devices;
*) wireless – improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless – require “sniff” policy for wireless sniffer;
*) wireless – updated “czech republic” regulatory domain information;
*) wireless – updated “germany 5.8 ap” and “germany 5.8 fixed p-p” regulatory domain information;
*) x86 – improved Ethernet driver for Davicom DM9x0x;
Release 6.42.7 2018-08-20

What’s new in 6.42.7 (2018-Aug-17 09:48):

MAJOR CHANGES IN v6.42.7:
———————-
!) security – fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
———————-

*) bridge – improved bridge port state changing process;
*) crs326/crs328 – fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx – added command that forces fan detection on fan-equipped devices;
*) crs3xx – fixed port disable on CRS326 and CRS328 devices;
*) crs3xx – fixed tagged packet forwarding without VLAN filtering (introduced in 6.42.6);
*) crs3xx – fixed VLAN filtering when there is no tagged interface specified;
*) dhcpv4-relay – fixed false invalid flag presence;
*) dhcpv6-client – allow to set “default-route-distance”;
*) dhcpv6 – improved reliability on IPv6 DHCP services;
*) dhcpv6-server – properly update interface for dynamic DHCPv6 servers;
*) ethernet – improved large packet handling on ARM devices with wireless;
*) ethernet – removed obsolete slave flag from “/interface vlan” menu;
*) ipsec – fixed “sa-src-address” deduction from “src-address” in tunnel mode;
*) ipsec – improved invalid policy handling when a valid policy is uninstalled;
*) ldp – properly load LDP configuration;
*) led – fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte – added signal readings under “/interface lte scan” for 3G and GSM modes;
*) lte – fixed memory leak on USB disconnect;
*) lte – fixed SMS send feature when not in LTE network;
*) package – do not allow to install out of bundle package if it already exists within bundle;
*) ppp – fixed interface enabling after a while if none of them where active;
*) sfp – hide “sfp-wavelength” parameter for RJ45 transceivers;
*) tr069-client – fixed unresponsive tr069 service when blackhole route is present;
*) upgrade – fixed RouterOS upgrade process from RouterOS v5;
*) userman – fixed compatibility with PayPal TLS 1.2;
*) vrrp – fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) w60g – added distance measurement feature;
*) w60g – fixed random disconnects;
*) w60g – general stability and performance improvements;
*) w60g – improved MCS rate detection process;
*) w60g – improved MTU change handling;
*) w60g – properly close connection with station on disconnect;
*) w60g – stop doing distance measurements after first successful measurement;
*) winbox – added “secondary-channel” setting to wireless interface if 80 MHz mode is selected;
*) winbox – fixed “sfp-connector-type” value presence under “Interface/Ethernet”;
*) winbox – fixed warning presence for “IP/IPsec/Peers” menu;
*) winbox – properly display all flags for bridge host entries;
*) winbox – show “System/RouterBOARD/Mode Button” on devices that has such feature;
*) wireless – added option to disable PMKID for WPA2;
*) wireless – fixed memory leak when performing wireless scan on ARM;
*) wireless – fixed packet processing after removing wireless interface from CAP settings;
*) wireless – updated “united-states” regulatory domain information;
Release 6.42.6 2018-07-12

What’s new in 6.42.6 (2018-Jul-06 11:56):

*) bridge – improved packets processing when bridge port changes states;
*) crs3xx – fixed bonding slave failover when packets are sent out of the bridge interface;
*) crs3xx – fixed LACP member failover;
*) crs3xx – improved link state detection when one side has disabled interface;
*) defconf – fixed bridge default configuration for SOHO devices with more than 9 Ethernet interfaces;
*) package – free up used storage space consumed by old RouterOS upgrades;
*) snmp – fixed w60g “phy-rate” readings;
*) supout – added “ip-cloud” section to supout file;
*) w60g – fixed random disconnects;
*) w60g – general stability and performance improvements;
*) winbox – added 64,8 GHz frequency to w60g interface frequency settings;
*) winbox – show “sector-writes” on devices that have such counters;
Release 6.42.5 2018-06-27

What’s new in 6.42.5 (2018-Jun-26 12:12):

*) api – properly classify API sessions in log;
*) chr – enabled promiscuous mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) kidcontrol – added dynamic accept firewall rules to allow bandwidth limit when FastTrack is enabled;
*) led – fixed LED default configuration for LtAP mini;
*) snmp – added “rssi” and “tx-sector-info” value support for w60g type interfaces;
*) snmp – added station “distance”, “phy-rate”, “rssi” value support for w60g type interfaces;
*) ssh – allow to use “diffie-hellman-group1-sha1” on TILE and x86 devices with “strong-crypto” disabled;
*) w60g – added 4th 802.11ad channel (CLI only);
*) w60g – added distance measurement;
*) w60g – do not reset interface after adding comment;
*) w60g – general stability and performance improvements;
*) w60g – improved maximum achievable distance;
*) w60g – properly report center status under “tx-sector-info”;
*) winbox – show “sector-writes” on ARM devices that have such counters;
*) winbox – show “System/Health” only on devices that have health monitoring;
Release 6.42.4 2018-06-19

What’s new in 6.42.4 (2018-Jun-15 14:14):

*) bridge – allow to make changes for bridge port when it is interface list;
*) bridge – fixed FastPath for bridge master interfaces (introduced in v6.42);
*) certificate – fixed “add-scep” template existence check when signing certificate;
*) chr – fixed adding MSTI entries;
*) chr – fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr – fixed various network hang scenarios when running CHR on Hyper-V;
*) console – fixed script permissions if script is executed by other RouterOS service;
*) dhcpv4-server – fixed DHCP server that was stuck on invalid state;
*) health – changed “PSU-Voltage” to “PSU-State” for CRS328-4C-20S-4S+;
*) health – fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ipsec – improved reliability on IPsec hardware encryption for RB1100Dx4;
*) kidcontrol – fixed dynamically created firewall rules order;
*) led – added “dark-mode” functionality for hEX S and SXTsq 5 ac devices;
*) led – fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led – use routers uptime as a starting point when turning off LEDs if option was not enabled on boot;
*) ppp – fixed “hunged up” grammar to “hung up” within PPP log messages;
*) quickset – added missing wireless “channel-width” settings;
*) quickset – added support for “5ghz-a/n” band when CPE mode is used;
*) snmp – added remote CAP count OID for CAPsMAN;
*) snmp – fixed readings for CAPsMAN slave interfaces;
*) supout – added “partitions” section to supout file;
*) usb – properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) userman – improved unique username generation process when adding batch of users;
*) w60g – improved RAM memoy allocation processes;
*) winbox – added missing “dscp” and “clamp-tcp-mss” settings to IPv6 tunnels;
*) winbox – allow to specify full URL in SCEP certificate signing process;
*) winbox – by default specify keepalive timeout value for tunnel type interfaces;
*) winbox – show “scep-url” for certificates;
*) winbox – show “System/Health” only on boards that have health monitoring;
*) winbox – show firmware upgrade message at the bottom of “System/RouterBOARD” menu;
*) wireless – enable all chains by default on devices without external antennas after configuration reset;
*) wireless – improved Nv2 reliability on ARM devices;
Release 6.42.3 2018-05-25

What’s new in 6.42.3 (2018-May-24 09:20):

*) lte – fixed automatic LTE band selection for R11e-LTE;
*) wireless – improved client “channel-width” detection;
*) wireless – improved Nv2 PtMP performance;
*) wireless – increased stability on hAP ac^2 and cAP ac with legacy data rates;

برچسب ها

نوشته های مشابه

4 دیدگاه

  1. salam
    cheturi mitonam khodam az aval ye mikrotik nasb konam va bad crackesh konam
    va ya andazeye hard an ra afzayesh daham va crack on naparad
    mamnoon

    1. سلام
      عملا بعد از نسخه 5 میکروتیک نسخه ای به اسم کرک شده وجود ندارد و تمام نسخه های ورژن 6 به بعد همه از یک لایسنس استفاده می کنند که امکان ویرایش سخت افزار و استفاده همان لایسنس در دستگاه دیگر امکان پذیز نمی باشد.

      1. salam
        mitonid hard aval in mikrotik crack shodeh ra afzayesh dahid va baraye man ersal konid
        akheh vaghti mikham update konameh ba moshkel mahdudiat hajm movajeh misham
        mamnoon misham az hamkaritun

دیدگاهتان را بنویسید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *

دکمه بازگشت به بالا
بستن
بستن