前回より約3週間ぶりのアップデートとなります。そして、今回から6.46から6.47へ繰り上がることになりました。
更新内容
前回のアップデートよりさほど期間が経っていないと思いましたが更新内容は多めです。
Important note!!! - The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices. - The Dude client must be manually upgraded after upgrading The Dude server. - The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices. - Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used. MAJOR CHANGES IN v6.47: ---------------------- !) dns - added client side support for DNS over HTTPS (DoH) (RFC8484); !) socks - added support for SOCKS5 (RFC 1928); !) user - enable "winbox" policy for groups with "dude" policy automatically on upgrade; ---------------------- Changes in this release: *) api - added ECDHE cipher support for "api-ssl" service; *) bonding - improved slave interface MAC address handling; *) bonding - prefer primary slave MAC address for bonding interface; *) branding - do not ask to confirm configuration applied from branding package; *) branding - fixed identity setting from branding package; *) branding - improved branding package installation process when another branding package is already installed; *) bridge - added logging debug message when a host MAC address is learned on a different bridge port; *) bridge - added warning message when a bridge port gets dynamically added to VLAN range; *) bridge - correctly remove disabled MSTI; *) bridge - improved hardware offloading enabling/disabling; *) certificate - added "skid" and "akid" values for detailed print; *) certificate - allow dynamic CRL removal; *) certificate - disabled CRL usage by default; *) certificate - do not use SSL for first CRL update; *) chr - added support for file system quiescing; *) chr - added support for hardware watchdog on ESXI; *) chr - enabled support for VMBus protocol version 4.1; *) chr - improved system stability when running CHR on Hyper-V; *) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices; *) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices; *) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices; *) crs3xx - improved 10G interface initialization on CRS312 devices; *) crs3xx - improved switch host table updating; *) crs3xx - show correct switch model for netPower 15FR device; *) defconf - fixed default configuration initialization if power loss occurred during the process; *) dhcpv4 - added end option (255) validation for both server and client; *) dhcpv4-client - improved stability when changing client while still receiving advertisements; *) dhcpv4-server - disallow zero lease-time setting; *) dhcpv6-client - improved error logging when when renewed address differs; *) dhcpv6-server - do not require "server" parameter for bindings; *) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present; *) discovery - do not send discovery packets on inactive bonding slave interfaces; *) discovery - do not send discovery packets on interfaces that are blocked by STP; *) disk - improved disk management service stability when receiving bogus packets; *) disk - improved recently created file survival after reboots; *) dns - added support for exclusive dynamic DNS server usage from IPsec; *) dns - added support for forwarding DNS queries of static entries to specific server; *) dns - added support for multiple type static entries; *) dot1x - added "radius-mac-format" parameter; *) dot1x - added hex value support for RADIUS switch rules; *) dot1x - added range "dst-port" support for RADIUS switch rules; *) dot1x - added support for lower case "mac-auth" RADIUS formats; *) dot1x - fixed "reject-vlan-id" value range; *) dot1x - fixed dynamically created switch rule removal when client disconnects; *) dot1x - fixed port blocking when interface changes state from disabled to enabled; *) dot1x - improved Dot1X service stability when receiving bogus packets; *) dot1x - improved debug logging output to "dot1x" topic; *) dot1x - improved value validation for dynamically created switch rules; *) email - added support for multiple "to" recipients; *) ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS; *) fetch - fixed "User-Agent" usage if provided by "http-header-field"; *) graphing - improved graphing service stability when receiving bogus packets; *) health - added "gauges" submenu with SNMP OID reporting; *) health - improved stability for system health monitor on CCR2004-1G-12S+2XS; *) hotspot - updated splash page design ('/ip hotspot reset-html' required); *) ike1 - added error message when specifying "my-id" for XAuth identity; *) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes; *) ike1 - do not try to keep phase 2 when purging phase 1; *) ike1 - improved policy lookup with specific protocol; *) ike1 - improved stability when performing policy lookup on non-existant peer; *) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute; *) ike2 - added support for RADIUS Disconnect-Request message handling; *) ike2 - added support for RFC8598; *) ike2 - allow initiator address change before authentication; *) ike2 - fixed authentication handling when initiator disconnects before RADIUS response; *) interface - improved system stability when receiving bogus packets; *) interface - increased loopback interface MTU to 65536; *) ipsec - added "split-dns" parameter support for mode configuration; *) ipsec - added "use-responder-dns" parameter support; *) ipsec - allow specifying two peers for a single policy for failover; *) ipsec - control CRL validation with global "use-crl" setting; *) ipsec - do full certificate validation for identities with explicit certificate; *) ipsec - fixed minor spelling mistake in logs; *) ipsec - improved IPsec service stability when receiving bogus packets; *) ipsec - place dynamically created IPsec policies by L2TP client at the begining of the table; *) kidcontrol - ignore IPv6 multicast MAC addresses; *) l2tp - added "src-address" parameter for L2TP client; *) l2tp - added "use-peer-dns" parameter for L2TP client; *) l2tp - improved dynamically created IPsec configuration updating; *) l2tp - use L2TP interface when adding dynamic IPsec peer; *) lcd - fixed LCD service becoming unavailable on devices without LCD screen; *) lcd - improved general system stability when LCD is not present; *) led - fixed minor typo in LED warning message; *) log - added logging entry when changing user's password; *) log - added tunnel endpoint address to establishment and disconnect logging entries; *) log - made startup script failures log as critical errors; *) lte - added support for Huawei K5161 modem; *) lte - added support for NEOWAY N720; *) lte - added support for multiple passthrough APN configuration; *) lte - do not allow running "scan" on R11e-4G; *) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE; *) lte - fixed "band" parameter persistence after disable/enable; *) lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6; *) lte - fixed VLAN interface passthrough support; *) lte - fixed multiple APN reactivation after deactivation by operator; *) lte - improved stability during firmware upgrade; *) lte - made "mac-address" parameter read-only; *) lte - show "phy-cellid" value only in LTE mode; *) netinstall - removed "Flashfig" from Netinstall; *) netinstall - removed "Make Floppy" from Netinstall; *) netinstall - signed netinstall.exe with Digital Signature; *) netwatch - improved Netwatch service stability when invalid configuration values are passed; *) ovpn - added "use-peer-dns" parameter for OVPN client; *) port - removed serial console port on hEX S; *) ppp - added "Acct-Session-Id" attribute to "Access-Request" messages; *) ppp - added support for ZTE MF90; *) ppp - fixed minor typo when running "info" command; *) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu; *) pptp - added "use-peer-dns" parameter for PPTP client; *) profile - added support for CCR2004-1G-12S+2XS; *) proxy - increased minimal free RAM that can not be used for proxy services; *) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default; *) quickset - do not show "SINR" field in Quick Set when there is no data; *) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process; *) quickset - removed "EARFCN" field from Quick Set; *) quickset - removed "LTE band" setting from Quick Set; *) quickset - show "Antenna Gain" setting on devices without built-in antennas; *) quickset - use "station-wds" mode when connecting to AP with RouterOS flag; *) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached; *) routerboard - added "hold-time" parameter to mode-button menu; *) routerboard - added "reset-button" menu - custom command execution with reset button; *) routing - improved IGMP-Proxy service stability when receiving bogus packets; *) routing - improved routing service stability when receiving bogus packets; *) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default; *) sniffer - allow setting port for "streaming-server"; *) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB; *) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes; *) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB; *) snmp - improved OID policy checking and error reporting on "set" command; *) snmp - improved stability when polling MAC address related OID; *) ssh - improved SSH service stability when receiving bogus packets; *) supout - added "dot1x" section to supout files; *) supout - improved UPS information reporting; *) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip; *) switch - correctly enable and disable CPU Flow Control on RB3011UiAS; *) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry; *) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic; *) system - improved driver loading speed on startup; *) tr069-client - added LTE firmware update functionality support; *) tr069-client - added additional LTE information parameters; *) tr069-client - added additional wireless registration table parameters; *) tr069-client - added interface type parameter support; *) tr069-client - added multiple simultaneous session support for diagnostics test; *) tr069-client - added total connection tracking entries parameter; *) tr069-client - removed warning log message when not using HTTPS; *) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and NetFlow v9; *) upgrade - fixed space handling in package file names; *) ups - added battery info for APC SmartUPS 2200; *) ups - improved compatibility with APC Smart UPS 1000 and 1500; *) user - improved user management service stability when receiving bogus packets; *) w60g - fixed link status logging; *) w60g - improved rate selection in low traffic conditions; *) w60g - use "arp" and "mtu" parameters from master interface when creating a new station; *) webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience; *) webfig - fixed WinBox download link; *) webfig - fixed skin usage from branding package; *) webfig - updated icon design; *) winbox - added "Rate" parameter for switch ACL rules; *) winbox - added "auth-info" parameter under "Dot1X->Active" menu; *) winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server; *) winbox - added "auto-erase" option to "Tool/SMS" menu; *) winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2; *) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G; *) winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table; *) winbox - added "comment" parameter for Dot1X client; *) winbox - added "region" parameter for W60G interfaces; *) winbox - added "skip-dfs-channels" parameter to wireless interface menu; *) winbox - added comment support for "Switch->VLAN" menu; *) winbox - added enable and disable buttons for "MPLS->MPLS Interface" table; *) winbox - added support for inline bar graphs for LTE signal values; *) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required); *) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces; *) winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu; *) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters; *) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu; *) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required); *) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces; *) winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet; *) winbox - fixed bonding type interface support for "Switch->Host" table; *) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required); *) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac"; *) winbox - fixed wireless sniffer parameter setting; *) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission; *) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area; *) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic"; *) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu; *) winbox - show "Hardware Offload" parameter for bonding interfaces; *) winbox - updated icon design; *) wireless - added "russia 6ghz" regulatory domain information; *) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points; *) wireless - fixed Nstreme wireless protocol performance decrease; *) wireless - improved management service stability when receiving bogus packets; *) wireless - updated "egypt" regulatory domain information; *) wireless - updated "russia4" regulatory domain information; *) www - added "tls-version" parameter in "IP->Services" menu;
v6.47の大きな更新点としては以下になるでしょうか。
- DNS over HTTPS (DoH)のクライアントサイドサポート
- SOCKS5 のサポートを追加
他に気になる更新の中からピックアップすると・・・
- ボンディングインターフェースにプライマリスレーブMACアドレスを使用するように
- スレーブインターフェイスのMACアドレスの取り扱いを改善
- chr – ESXI でハードウェア ウォッチドッグのサポートを追加
- chr – VMBus プロトコル バージョン 4.1 のサポートを有効に
- chr – Hyper-V上でCHRを実行する際のシステムの安定性を改善
- CRS317-1G-16S+ および CRS309-1G-8S+ デバイスのスイッチルールを正しく削除
- CRS309-1G-8S+、CRS312-4C+8XG、CRS326-24S+2Q+デバイスの “ingress-rate “プロパティを修正
- CRS354デバイスのイーサネットインターフェースのハードウェアオフロードボンディングを修正
- CRS312デバイスの10Gインターフェース初期化を改善
- *dhcpv4 /dhcpv6 の動作安定性の向上
- RB3011UiASのCPUフローコントロールを正しく有効化し、無効化できるように
- 起動時のドライバのロード速度を改善
などがあります。ほかにもIPsecやL2TPの接続安定性の向上、Winboxが3.24になったこともあり、表示の問題の改善などが盛り込まれています。
公式サイト
MikroTik
MikroTik makes networking hardware and software, which is used in nearly all countries of the world. Our mission is to make existing Internet technolo...
公式フォーラム
v6.47 [stable] is released! - MikroTik