RouterOSのcurrentブランチがアップデートしました。ついに6.40に突入です。
今回の更新内容は以下の通り。
What's new in v6.40 (2017-Jul-21 08:45): !) lte - added initial fastpath support (except SXT LTE and Sierra modems); !) lte - added initial support for passthrough mode for lte modems that supports fastpath; !) wireless - added Nv2 AP synchronization feature "nv2-modes" and "nv2-sync-secret" option; *) bonding - fixed 802.3ad mode on RB1100AHx4; *) btest - fixed crash when packet size has been changed during test; *) capsman - added "current-registered-clients" and "current-authorized-clients" count for CAP interfaces; *) capsman - fixed EAP identity reporting in "registration-table"; *) capsman - set minimal "caps-man-names" and "caps-man-certificate-common-names" length to 1 char; *) certificate - added "crl-use" setting to disable CRL use (CLI only); *) certificate - update and reload old certificate with new one if SKID matches; *) chr - fixed MAC address assignment when hot plugging NIC on XenServer; *) chr - maximal system disk size now limited to 16GB; *) conntrack - fixed IPv6 connection tracking enable/disable; *) console - fixed different command auto complete on ; *) crs212 - fixed Optech sfp-10G-tx module compatibility with SFP ports; *) defconf - added IPv6 default firewall configuration (IPv6 package must be enabled on reset); *) defconf - improved IPv4 default firewall configuration; *) defconf - renamed 192.168.88.1 address static DNS entry from "router" to "router.lan"; *) dhcp - added "debug" logs on MAC address change; *) dhcpv4-client - added "gateway-address" script parameter; *) dhcpv4-server - fixed lease renew for DHCP clients that sends renewal with "ciaddr = 0.0.0.0"; *) dhcpv4-server - fixed server state on interface change in Winbox and Webfig; *) discovery - fixed timeouts for LLDP neighbours; *) dns - remove all dynamic cache RRs of same type when adding static entry; *) dude - fixed server crash; *) email - added support for multiple attachments; *) ethernet - fixed occasional broken interface order after reset/first boot; *) ethernet - fixed rare linking problem with forced 10Mbps full-duplex mode; *) export - added "terse" option; *) export - added default "init-delay" setting for "/routerboard settings" menu; *) export - added router model and serial number to configuration export; *) export - fixed "/interface list" verbose export; *) export - fixed "/ipv6 route" compact export; *) export - fixed MPLS "dynamic-label-range" export; *) export - fixed SNMP "src-address" for compact export; *) fastpath - improved performance when packets for slowpath are received; *) fastpath - improved process of removing dynamic interfaces; *) fasttrack - fixed fasttrack over interfaces with dynamic MAC address; *) fetch - added "src-address" parameter for HTTP and HTTPS; *) filesystem - improved error correcting process on tilera and RB1100AHx4 storage; *) firewall - added "none-dynamic" and "none-static" options for "address-list-timeout" parameter; *) firewall - fixed bridge "action=log" rules; *) firewall - fixed cosmetic "inactive" flag when item was disabled; *) firewall - fixed crash on fasttrack dummy rule manual change attempt; *) firewall - removed unique address list name limit; *) hAP ac lite - removed nonexistent "wlan-led"; *) hotspot - added "address-list" support in "walled-garden" IP section; *) hotspot - require "dns-name" to contain "." symbol under Hotspot Server Profile configuration; *) ike1 - added log error message if netmask was not provided by "mode-config" server; *) ike1 - added support for "framed-pool" RADIUS attribute; *) ike1 - create tunnel policy when no split net provided; *) ike1 - fixed minor memory leak on peer configuration change; *) ike1 - kill phase1 instead of rekey if "mode-config" is used; *) ike1 - removed SAs on DPD; *) ike1 - send phase1 delete; *) ike1 - wait for cfg set reply before ph2 creation with xAuth; *) ike2 - added RADIUS attributes "Framed-Pool", "Framed-Ip-Address", "Framed-Ip-Netmask"; *) ike2 - added pfkey kernel return checks; *) ike2 - added support for "Mikrotik_Address_List" RADIUS attribute; *) ike2 - added support for "mode-config" static address; *) ike2 - by default use "/24" netmask for peer IP address in split net; *) ike2 - fixed duplicate policy checking with "0.0.0.0/0" policies; *) ike2 - prefer traffic selector with "mode-config" address; *) ipsec - added "firewall=add-notrack" peer option (CLI only); *) ipsec - added information in console XML for "mode-config" menu; *) ipsec - added support for "key-id" peer identification type; *) ipsec - allow to specify chain in "firewall" peer option; *) ipsec - do not deduct "dst-address" from "sa-dst-address" for "/0" policies; *) ipsec - enabled modp2048 DH group by default; *) ipsec - fixed connections cleanup on policy or proposal modification; *) ipsec - optimized logging under IPSec topic; *) ipsec - removed policy priority; *) l2tp - fixed handling of pre-authenticated L2TP sessions with CHAP authentication; *) l2tp-server - added "one-session-per-host" option; *) log - added "poe-out" topic; *) log - improved "l2tp" logs; *) log - optimized "wireless,info" topic logs; *) log - work on false CPU/RAM overclocked alarms; *) lte - added "accounting" logs for LTE connections; *) lte - added additional driver support for DWR-910; *) lte - added info command support for the Jaton LTE modem; *) lte - added initial support for "NTT DoCoMo" modem; *) lte - added support for Huawei E3531-6; *) lte - added support for ZTE TE W120; *) lte - fixed info command when it is executed at the same time as modem restarts/disconnects; *) lte - improved SMS delivery report; *) lte - improved reliability on SXT LTE; *) metarouter - fixed display of bogus error message on startup; *) mmips - added support for NVME disks; *) ovpn - added support for "push-continuation"; *) ovpn - added support for topology subnet for IP mode; *) ovpn - fixed duplicate default gateway presence when receiving extra routes; *) ovpn - improved performance when receiving too many options; *) packages - increased automatic download retry interval to 5 minutes if there is no free disk space; *) ping - fixed ping getting stuck (after several thousands of ping attempts); *) ppp - added initial support for ZTE K4203-Z and ME3630-E; *) ppp - added output values for "info" command for finding the GSM base station's location ("LAC" and "IMSI"); *) ppp - fixed "user-command" output; *) ppp - fixed non-standart PAP or CHAP packet handling; *) ppp - improved MLPPP packet forwarding performance; *) ppp - use interface name instead of IP as default route gateway; *) proxy - fixed potential crash; *) proxy - fixed rare program crash after closing client connection; *) quickset - added "Band" setting to "CPE" and "PTP CPE" modes; *) quickset - added special firewall exception rules for IPSec; *) quickset - fixed incorrect VPN address value on arm and tilera; *) quickset - simplified LTE status monitoring; *) quickset - use active user name and permissions when applying changes; *) rb1100ahx4 - fixed startup problems (requires additional reboot after upgrade); *) rb3011 - fixed packet passthrough on switch2 while booting; *) rb750gr3 - fixed USB power; *) routerboard - added "caps-mode" option for "reset-configuration"; *) routerboard - added "caps-mode-script" for default-configuration print; *) routing - allow to disable "all" interface entry in BFD; *) safe-mode - fixed session handling when Safe Mode is used on multiple sessions at the same time; *) sfp - fixed invalid temperature reporting when ambient temperature is less than 0; *) sms - decode reports in readable format; *) sniffer - do not skip L2 packets when "all" interface mode was used; *) snmp - added "ifindex" on interface traps; *) snmp - added CAPsMAN interface statistics; *) snmp - added ability to set "src-address"; *) snmp - fixed "/system resource cpu print oid" menu; *) snmp - fixed crash on interface table get; *) snmp - fixed wireless interface walk table id ordering; *) socks - fixed crash while processing many simultaneous sessions; *) ssl - added Wildcard support for "left-most" DNS label (will allow to use signed Wildcard certificate on VPN servers); *) supout - fixed IPv6 firewall section; *) switch - fixed "loop-protect" on CRS SFP/SFP+ ports; *) switch - fixed multicast forwarding on CRS326; *) tile - fixed copying large amount of text over serial console; *) tr069-client - fixed lost HTTP header on authorization; *) trafficgen - added "lost-ratio" to statistics; *) ups - show correct "line-voltage" value for usbhid UPS devices; *) userman - added "/tool user-manager user clear-profiles" command; *) userman - do not send disconnect request for user when "simultaneous session limit reached"; *) userman - lookup language files also in "/flash" directory; *) vlan - do not delete existing VLAN interface on "failure: already have such vlan"; *) webfig - fixed wireless "scan-list" parameter not being saved after applying changes; *) winbox - added "eap-identity" to CAPsMAN registration table; *) winbox - added "no-dad" setting to IPv6 addresses; *) winbox - added "reselect-channel" to CAPsMAN interfaces; *) winbox - added "session-uptime" to LTE interface; *) winbox - added TR069 support; *) winbox - do not autoscale graphs outside known maximums; *) winbox - fixed wireless interface "amsdu-threshold" max limit; *) winbox - hide LCD menu on CRS112-8G-4S; *) winbox - make IPSec policies table an order list; *) winbox - moved LTE info fields to status tab; *) winbox - show "/interface wireless cap print" warnings; *) winbox - show "/system health" only on boards that have health monitoring; *) winbox - show "D" flag under "/interface mesh port" menu; *) wireless - NAK any methods except MS-CHAPv2 as inner method in PEAP; *) wireless - added option to change "nv2-downlink-ratio" for nv2 protocol; *) wireless - added option to set "fixed-downlink" mode for nv2 protocol; *) wireless - allow VirutalAP on Level0 (24h demo) license; *) wireless - always use "multicast-helper" when DHCP is being used; *) wireless - do not skip >2462 channels if interface is WDS slave; *) wireless - fixed 802.11u wireless request processing; *) wireless - fixed EAP PEAP success processing; *) wireless - fixed compatibility with "AR5212" wireless chips; *) wireless - fixed rare crash on cap disable; *) wireless - fixed registration table "signal-strength" reporting for chains when using nv2;
今回は更新は多めです。
特にIKEv1、IKEv2を中心としたIPsec周りの修正およびfirewall周りの修正、LTE関連の追加が主な内容のようです。LTEの機能追加によってPPP周りも修正が入っています。
また機能追加が大幅に行われた影響でWinboxに関しても修正が入っています。Wirelessについても、ROS6.40rcではNv2周りの機能追加が行われたが反映されて、いくつか更新されているようです。
RouterOS 6.40rcで行われていたSwitchのHW-offload実装ですが、RouterOS 6.40での正式実装は見送られ、RouterOS 6.41rcで継続してテストが行われることになりました。
RouterOS 6.40rcを適用していて、今回のRouterOS 6.40 currentを適用した場合は、Master-Slave構成のSwitch Port周りの設定が戻っていません。また、HW-offload機能もありませんので、Bridge構成だと問題がある場合は、設定を切り戻すことを忘れないでください。
なお、RouterOS 6.41rcについては、昨日ROS6.40が公開になったと同時に、rcブランチも切り替わっています。更新内容から、とりあえずBridge周りを継続して作業していくようです。
なお、余談ですがCloud Smart Switch 326-24G-2S+RM、Cloud Router Switch 326-24G-2S+RM、Cloud Router Switch 317-1G-16S+RMについても、幾つかのストアで販売が開始になっています。rcブランチについては、当分の間、このあたりの製品の修正も入ってくると思います(新採用のCPUということもあるので)。