RouterOSのCurrentブランチの最新版、6.33が公開になりました。
(7031) 6.33 version released! – MikroTik RouterOS https://forum.mikrotik.com/viewtopic.php?t=101948
更新内容はかなり多くに渡っています。
What's new in 6.33 (2015-Nov-06 12:49): *) dns - initial fix for situation when dynamic dns servers could disappear; *) winbox - dropped support for winbox v3.0beta and v3.0rc (use winbox v3.0); *) dhcpv6 - various improvement and fixes for dhcp-pd client and ippool6; *) defconf - fixed rare situation where configuration was only partially loaded; *) net - fix possible never ending loop when bad CDP discovery packet is received; *) log - make default disk file name to reside in flash dir if it exists; *) romon - change port list to be not ordered in export; *) capsman - limit number of simultaneous DTLS handshakes; *) capsman - fixed memory leak on CAP joining CAPsMAN when ssld is used; *) winbox - added allow-fast-path to eoip, gre & ipip; *) winbox - do not show power-cycle properties on non poe ports; *) l2tp: implemented PPPoE over L2TP in LNS mode, RFC3817; *) webfig - some of the setting were shifted to the right; *) packages - allow to reinstall from bundle to separate packages & vice versa; *) packages - prefer out of bundle packages when both of them are installed; *) packages - fix a problem of upgrading bundle package to non bundled ones; *) ipsec - force flow cache validation once in 1h; *) winbox - make sure that all setting names get shown in full; *) winbox - added poe power-cycle-ping settings to ethernet interfaces; *) ppp - handle properly case were ppp client is given same address for local & remote end; *) winbox - added vlan-mode & vlan-id to virtual-ap interface; *) winbox - added timeout column to ipv6 address lists; *) winbox - show SFP Tx/Rx Power properly; *) winbox - added min-links to bonding interface; *) winbox - do not show health menu on RB951Ui-2HnD; *) winbox - added support for Login-Timeout & MAC-Auth-Mode in hotspot; *) cerm - added option to disable crl download in '/certificate settings'; *) winbox - make user ssh key import work again; *) webfig - make "Copy to Access List" work in CAPsMAN Registration Table; *) userman - fix report generation problem which could result in some users being skipped from it; *) winbox - fix to allow cpu-port as mirror-target *) proxy - error.html parsing enhancement to improve performance *) CCR1072 - improve ether1 performance under heavy load *) routerboard - indicate RouterBOOT type in /system routerboard print; *) mpls - properly use mpls mtu for routes; *) cerm - fix key description for signed certificates; *) trafflow - report flow addresses in v1 and v5 without NAT awareness; *) hotspot - add mac-auth-mode setting for mac-as-passwd option; *) hotspot - add login-timeout setting to force login for unauth hosts; *) auto-upgrade - fixed auto upgrade for smipsbe; *) dns - do not create duplicate entries for same dynamic dns server addresses; *) ipsec - fix set on multiple policies which could result in adding non existent dynamic policies to the list; *) email - allow server to be specified as fqdn which is resolved on each send; *) fastpath - eoip,gre,ipip tunnels support fastpath (new per tunnel setting "allow-fast-path"); *) ppp, pptp, l2tp, pppoe - fix ppp compression related crashes; *) cerm - also accept downloaded CRLs in PEM format; *) userman - added 'history clear' to allow flushing undo history, which may take up significant amount of memory for huge databases with hundreds of users; *) health - fix voltage for CRS109, CRS112 and CRS210 if powered from external adapter; *) userman - added phone number support to signup form; *) ip pool6 - try to acquire the same prefix if info matches recently freed; *) ipsec - fix transport mode ph2 ID ports when policy selects specific ip protocol on initiator; *) ipsec - use local-address for phase 1 matching and initiation; *) route - fixed crash on removing route that was aggregated; *) ipsec - fix replay window, was accidentally disabled since version 6.30; *) ssh - allow host key import/export; *) ssh - use 2048bit RSA host key when strong-crypto enabled; *) ssh - support RSA keys for user authentication; *) wlan - improved WMM-PowerSave support in wireless-cm2 package; *) pptp & l2tp - fixed problem where android client could not connect if both dns names were not provided (was broken since v6.30); *) auto-upgrade - added ability to select which versions to select when upgrading; *) quickset - fixed HomeAP mode; *) lte - improved modem identification to better support multiple identical modems; *) snmp - fix system scripts table; *) tunnels - eoip,eoipv6,gre,gre6,ipip,ipipv6,6to4 tunnels now support dns name as remote address; *) fastpath - active mac-winbox or mac-telnet session no longer suspends fastpath; *) fastpath - added per interface fastpath counters; *) fastpath - added trafflow support in basic ipv4 and fasttrack ipv4 fastpath; *) ppp - added on-up & on-down scripts to ppp profile; *) winbox - allow to specify dns name in all the tunnels; *) pppoe - added support for MTU > 1492 on PPPoE; *) cerm - fix scep server certificate-reply degenerate PKCS#7 signed-data content; *) ppp-client - added default channels for Alcatel OneTouch L100V; *) defconf - fix for boards that had bridge with only wlan ports; *) ovpn: support OpenWRT ovpn clients (or any other with enable-small option enabled); *) cerm - use certificate file name for imported cert name; *) fetch - fixed error message when error code 200 was received; *) cerm - rebuild crl for local ca if crl file does not exist; *) winbox - make directed broadcasts work for neighbor discovery; *) upnp: automatically adjust mappings to new external ip change; *) ppp - added ppp interface to upnp internals/externals if requested; *) ppp - when adding ipv6 default route use user provided distance; *) userman - allow to correctly enable CoA on router; *) cerm - show crl nextupdate time; *) ppp - added CoA support to PPPoE, PPTP & L2TP (Mikrotik-Recv-Limit, Mikrotik-Xmit-Limit, Mikrotik-Rate-Limit, Ascend-Data-Rate, Ascend-XMit-Rate, Session-Timeout); *) ppp - added new option under "ppp aaa" - "use-circuit-id-in-nas-port-id"; *) userman - refresh active sessions/users view dynamically; *) package - added version tag and show everywhere alongside of version number; *) wlan - improved 802.11 protocol single connection TCP performance for ac chipset with cm2 package.
目玉機能としてはWinbox3準拠になったこと、RFC3817準拠のLNS mode対応、VPNのDNSネーム対応、などがあります。
*) fastpath - eoip,gre,ipip tunnels support fastpath (new per tunnel setting "allow-fast-path"); *) ipsec - fix transport mode ph2 ID ports when policy selects specific ip protocol on initiator; *) ipsec - use local-address for phase 1 matching and initiation;
FastPathやIPsec周りも変わっているようなので、充分にテストが必要かと思います。
currentブランチのバージョンアップなので、できればテスト環境などで試してからの導入が宜しいかと思います。
それではよいRouterOSライフを!
