RouterOSのcurrentブランチがマイナーアップデートしました。6.41から本格的に修正が入るようになったbridge周りの修正が主な内容になっています。
主な更新内容は以下の通り。
RouterOS version 6.41.1 has been released in public "current" channel! Before an upgrade: 1) Remember to make backup/export files before an upgrade and save them on another storage device; 2) Make sure the device will not lose power during upgrade process; 3) Device has enough free storage space for all RouterOS packages to be downloaded. What's new in 6.41.1 (2018-Jan-30 10:26): *) bridge - fixed "mst-override" export; *) bridge - fixed allowed MSTI priority values; *) bridge - fixed ARP option changing on bridge (introduced v6.41); *) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured; *) bridge - fixed hw-offload disabling when adding a port with "horizon" set; *) bridge - fixed IGMP Snooping after disabling/enabling bridge; *) bridge - fixed interface list moving in "/interface bridge port" menu; *) bridge - fixed repetitive port "priority" set; *) bridge - fixed situation when packet could be sent with local MAC as dst-mac; *) bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41); *) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41); *) btest - fixed TCP test accuracy when low TX/RX rates are used; *) certificate - do not use utf8 for SCEP challenge password; *) certificate - fixed PKCS#10 version; *) crs317 - improved transmit performance between 10G and 1G ports; *) crs326 - fixed possible packet leaking from CPU to switch ports; *) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu; *) detnet - additional work on "detect-internet" implementation; *) dhcpv4-server - fixed framed and classless route received from RADIUS server; *) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41); *) dude - fixed e-mail notifications when default port is not used; *) firewall - fixed "tls-host" firewall feature (introduced v6.41); *) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s; *) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41); *) ike2 - delay rekeyed peer outbound SA installation; *) ike2 - improve half-open connection handling; *) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer; *) log - properly report bridge interface MAC address changes; *) netinstall - improved LTE package description; *) netinstall - properly generate skins folder when branding package is installed; *) ovpn - fixed resource leak on systems with high CPU usage; *) ppp - changed default value of "route-distance" to 1; *) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41); *) radius - added warning if PPP authentication over RADIUS is enabled; *) radius - increase allowed RADIUS server timeout to 60s; *) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used; *) rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41); *) routerboot - fixed missing upgrade firmware for "ar7240" devices; *) sfp - improved SFP module compatibility; *) snmp - allow also IPv6 on default public community; *) tile - fixed USB device speed detection after reboot; *) traffic-flow - do not count single extra packet per each flow; *) webfig - added support for proper default policies when adding script or scheduler job; *) webfig - fixed bridge port sorting order by name; *) webfig - fixed MAC address ordering; *) webfig - fixed wireless snooper address, SSID and other column ordering; *) winbox - added "dhcp-option-set" to DHCP server; *) winbox - allow to specify "to-ports" for "action=masquerade"; *) winbox - do not show "hw" option on non-Ethernet interfaces; *) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards; *) wireless - updated "Czech Republic" country 5.8 GHz frequency range; To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download If you experience version related issues, then please send supout file from your router to [email protected]. File must be generated while router is not working as suspected or after crash.
今回からアップデート前の注意が文章になりました。
とはいえ、今まで通りアップデート前のバックアップ、アップデート中の電源断を避ける、デバイスの空き容量に注意する、ぐらいですが。
bridgeについてはhw-offloadの修正や、6.41から追加されたMSTの修正、細かいところだとSNMPのIPv6対応とかになるでしょうか。
フォーラムを覗いていると、Discovery Interfaceで使用できる設定パラメータ周りの不具合があるようです。普通に使用している限りは問題ないでしょうが、allで設定しても!dynamicに戻っちゃう不具合みたいです。このしようもない不具合は次のバージョンで修正されるようです。
# now running v6.41.1 - after reboot - can NOT make changes to neighbor discovery-settings from cli or winbox [user@router] /ip neighbor discovery-settings > /ip neighbor discovery-settings [user@router] /ip neighbor discovery-settings > print discover-interface-list: !dynamic [user@router] /ip neighbor discovery-settings>
あとはfirewallのルールにTLS-hostというMatchが追加されました。SSLで保護されたサーバに対してのルールみたいですね。
さらにWinbox周りの修正が行われていますが、これは同時に公開になったWinbox 3.12を使用することで修正を確認できると思います。
Winbox 3.12 released! – MikroTik
以下でダウンロードできますので、十分に対策を取ったうえで適用ください。
MikroTik Routers and Wireless – Software /
https://mikrotik.com/download
