RouterOS 6.44 [stable] がリリースされました。

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (RADIUS communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
----------------------

Changes in this release:

*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - improved fan control stability;
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv4-server - use ARP for conflict detection;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed "without-paging" option;
*) fetch - improved file downloading to slow memory;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
*) ike1 - fixed memory leak;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) interface - added "pwr-line" interface support (more information will follow in next newsletter);
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added initial support for Telit LN940;
*) lte - added multiple APN support for R11e-4G;
*) lte - added option to lock the LTE operator;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) smb - added commenting option for SMB users (CLI only);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed public key format compatibility with RFC4716;
*) supout - fixed "poe-out" output not showing all interfaces;
*) supout - fixed Profile output on single core devices;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) webfig - improved file handling;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - improved file handling;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - organized wireless parameters between simple and advanced modes;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved NV2 performance for all ARM devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;