RouterOS 6.42 [current]が公開になりました。

この記事は約26分で読めます。

2週間ぶりにcurrentブランチがアップデートされました。6.41からは約4か月ぶりになり、6.42へ切り替わりました。

さすがに今回は更新量が多いです。

RouterOS version 6.42 has been released in public "current" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.42 (2018-Apr-13 11:03):

!) tile - improved system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for CRS3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge - added per-port learning options;
*) bridge - added support for static hosts;
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac^2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface matching by name on VMware installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make Virtio disks visible under "/disk" on KVM installations;
*) chr - run startup scripts on the first boot on AWS and Google Cloud installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot when connected to boot server through CRS326 device;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) crs3xx - added “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) dns - do not generate "Undo" messages on changes to dynamic servers;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - added log warning when switching between redundant power supplies;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) ike2 - fixed framed IP address received from RADIUS server;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ippool6 - added pool name to "no more addresses left" error message;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) ipv6 - fixed IPv6 behaviour when bridge port leaves bridge;
*) ipv6 - update IPv6 DNS from RA only when it is changed;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - added "Dark Mode" support for wAP 60G;
*) led - added w60g alignment trigger;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed LTE band setting for SXT LTE;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - fixed MMIPS RouterOS package description;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - do not show "poe-out-current" on devices which can not determine it;
*) poe - hide PoE related properties on interfaces that does not provide power output;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) quickset - use "/24" subnet for local network by default;
*) r11e-lte - improved LTE connection initialization process;
*) rb1100ahx4 - improved reliability on hardware encryption;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly detect hAP ac^2 RAM size;
*) sniffer - fixed "/tool sniffer packet" results listed in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - fixed SSH service becoming unavailable;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-CRS3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) w60g - added "tx-power" setting (CLI only);
*) w60g - added RSSI information (CLI only);
*) w60g - added TX sector alignment information (CLI only);
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certificate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show dual SIM options only for RouterBOARDS which does have two SIM slots;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RB911-5HnD low transmit power issue;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - fixed wsAP wrong 5 GHz interface MAC address;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless performance on hAP ac^2 devices while USB is being used;
*) wireless - improved wireless scan functionality;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to [email protected]. File must be generated while router is not working as suspected or after some problem has appeared on device

さすがに更新内容が多いので掻い摘んでご紹介します。

とりあえず一番最初にtile搭載機器の動作改善が入っています。これは以前から行われているようですが、いまだに大きく改善していないということでしょうか。気になる方は適用して確認してみてください。

また、次にbridgeインターフェース周りの改善が入っています。とくにfloodプロテクト周りが追加され、lerningについても改善が入っているようです。

CAPsMANについては、”allow-signal-out-of-range“がAccess-listに追加されました。ちょっと確認した限りでは、適用信号範囲外になった場合、指定時間が経過した後は切断する、という動作になるようです。
他にもクライアントが接続されたときに、接続されたときの信号の強さがlogに出力されるようになりました。

次にCHRです。こちらは特にCloudでの使用においての動作改善が中心のようです。フォーラムでも多くの書き込みがあるようで、今後もこのあたりが更新の中心になっていくものと思われます。

CRS3xxシリーズに関しても、これから新商品が出てくる関係か、機能追加が行われています。筆者のCRS317は再度RMAされてしまったので手元になく確認するすべがないのですが・・・

DHCP-serverに関しても修正が入っており、フォーラムではVLAN使用時に適切にIPアドレスが配布されない、などの書き込みがあったので、このあたりの修正がされているものと思われます。
また以前あったと思うのですが、配布順について指定できるようになりました。

IPv6については、”*) ipv6 – update IPv6 DNS from RA only when it is changed;”という内容があるので、RAからのDNSの取得が出来るようになった、という理解で良いのでしょうか。

あと、もしかしたら一部のユーザーにはありがたい機能になるかもしれない、RouterBOOT(Firmware)の自動更新機能が追加されました。”*) routerboard – added RouterBOOT “auto-upgrade” after RouterOS upgrade (extra reboot required);”

デフォルトでは無効になっているのですが、以下のようにコマンドを実行するか、/system > Routerboard > setting に移動すると、auto-upgradeという項目が追加されているので、こちらのチェックボックスをONにすることで有効になると思います。

[admin@MikroTik] > /system routerboard settings set auto-upgrade=yes 

基本的にRouterBOOTはボード自体の動作改善などで、セキュリティに絡むことはごくごくわずかだと思うので、無理に有効にすることはないと思いますが・・・

Winboxも多くの更新があります。基本的には表示の修正および新規機能への対応だけのはずです。

Wirelessについても多くの修正があるようですが、一番はフォーラムでも多くの書き込みがあった、hAP ac^2で5GHz通信時にスループットが出ないという問題への対処がされたといっていることでしょうか。rcでも52ぐらいから改善されたとの書き込みがありましたので、こちらのcurrentにマージされたということだと思います。(とはいえ国内ではまだ確認するすべはないはずですが・・)

以上になります。

筆者の環境では、mipsbeのRouterboardに適用したところ、CPU使用率が100%になり、再起動を指定しても再起動が出来なかった問題が発生しました。こちらについては一度電源アダプタを抜き、再度電源を投入したところ、問題は再発していません。

また、別のmipsbeなRouterboardでは/exportコマンドを実行すると、出力途中で応答が無くなる症状を確認しました。こちらは6.42のnetinstallで上書きしないと、症状は改善しませんでした。

ppcなRouterboardに適用したものについては、不規則に再起動が発生する症状があるのですが、こちらは以前から発生しているので、今回のバージョンに関係しているのか、今のところ不明です。

いつも通りのコメントなのですが、アップデート前にはテストを十分に行ってから行うようにしてください。できない場合でもbackupの取得をするなどしてください。

問題が発生した場合は、supout.rifを取得し、Mikrotikサポートに送付するようにしてください。英語で伝えるのは難しいと思っている方は、Google Groupsへ書き込んでいただくのでも結構です。

v6.42 [current] – MikroTik

MikroTik

タイトルとURLをコピーしました