RouterOS 6.41.1 [current] が公開になりました。

Blog

RouterOSのcurrentブランチがマイナーアップデートしました。6.41から本格的に修正が入るようになったbridge周りの修正が主な内容になっています。

主な更新内容は以下の通り。

RouterOS version 6.41.1 has been released in public "current" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.41.1 (2018-Jan-30 10:26):

*) bridge - fixed "mst-override" export;
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed ARP option changing on bridge (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) certificate - do not use utf8 for SCEP challenge password;
*) certificate - fixed PKCS#10 version;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) log - properly report bridge interface MAC address changes;
*) netinstall - improved LTE package description;
*) netinstall - properly generate skins folder when branding package is installed;
*) ovpn - fixed resource leak on systems with high CPU usage;
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) sfp - improved SFP module compatibility;
*) snmp - allow also IPv6 on default public community;
*) tile - fixed USB device speed detection after reboot;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-Ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

今回からアップデート前の注意が文章になりました。

とはいえ、今まで通りアップデート前のバックアップ、アップデート中の電源断を避ける、デバイスの空き容量に注意する、ぐらいですが。

bridgeについてはhw-offloadの修正や、6.41から追加されたMSTの修正、細かいところだとSNMPのIPv6対応とかになるでしょうか。

フォーラムを覗いていると、Discovery Interfaceで使用できる設定パラメータ周りの不具合があるようです。普通に使用している限りは問題ないでしょうが、allで設定しても!dynamicに戻っちゃう不具合みたいです。このしようもない不具合は次のバージョンで修正されるようです。

# now running v6.41.1 - after reboot - can NOT make changes to neighbor discovery-settings from cli or winbox
[user@router] /ip neighbor discovery-settings> /ip neighbor discovery-settings 
[user@router] /ip neighbor discovery-settings> print 
  discover-interface-list: !dynamic
[user@router] /ip neighbor discovery-settings> set discover-interface-list=all 
[user@router] /ip neighbor discovery-settings> print 
  discover-interface-list: !dynamic
[user@router] /ip neighbor discovery-settings>

あとはfirewallのルールにTLS-hostというMatchが追加されました。SSLで保護されたサーバに対してのルールみたいですね。

さらにWinbox周りの修正が行われていますが、これは同時に公開になったWinbox 3.12を使用することで修正を確認できると思います。

Winbox 3.12 released! – MikroTik

以下でダウンロードできますので、十分に対策を取ったうえで適用ください。

MikroTik Routers and Wireless – Software /
https://mikrotik.com/download