RouterOS 6.34 (current) が公開になりました。

Blog

ros6336

RouterOSのcurrentブランチがメジャーバージョンアップしていました。

更新内容はてんこ盛りです。

What's new in 6.34 (2016-Jan-29 10:25):

*) mipsle - architecture support dropped (last fully supported version 6.32.x);
*) dude - The reports of my death have been greatly exaggerated;
*) dude - dude RouterOS package added for tile and x86 (CHR) architecture;
*) dude - package included by default to all CHR images;
*) dude - initial work on dude integration into RouterOS;
*) bgp vpls  - fixed initialization after reboot;
*) mpls - forwarding of VRF over TE tunnel stopped working after BGP peer reset;
*) ipsec - improved TCP performance on CCRs;
*) btest - significantly increased TCP bandwidth test performance;
*) winbox - fixed possible busy-loop on v2.x with latest 6.34RC versions;
*) cerm - allow to sign certificates from imported CAs created with RouterOS;
*) ldp - fix MPLS PDU max length;
*) net - improve 64bit interface stats support;
*) routerboard - print factory-firmware version in routerboard menu;
*) snmp - add oid from ucd mib for total cpu load OID 1.3.6.1.4.1.2021.11.52.0;
*) winbox - add extra items automatically to multi-line fields if at least one of them is required;
*) winbox - implemented full ipv6 dhcp client;
*) winbox - update blocked flag if user changed blocked field in dhcp server lease;
*) mac-telnet - fixed backspace when typing login username;
*) sstp - allow ECDHE when pfs enabled;
*) lte - fixed info command for Cinterion EHS5-E modem;
*) fast-path - fixed kernel crash on on/off;
*) licensing - fixed that some old 7 symbol keys could not be upgraded;
*) ssh - fixed possible kernel crash;
*) console - fixed crash on creating variable with "?" in it;
*) chr - fix SSH key import on AWS;
*) crs212 - fix 1Gbps ether1 linking problem;
*) timezone - use backward timezone aliases;
*) lte - support serial port for DellWireless 5570;
*) lte - improved dhcp handling on interfaces that doesn't support it;
*) ipsec - allow my-id address specification in main mode;
*) dhcpv6 client - fix remove when client reappears on restart;
*) default config - fix hAP lite with one wireless;    
*) firewall - added inversion support for "limit" option;
*) firewall - added bit rate matching for "limit" option;
*) firewall - improved performance for "limit" option;
*) dhcpv6-client - fix ia lifetime check;
*) ipsec - prioritize proposals;
*) ipsec - support multiple DH groups for phase 1;
*) netinstall - fix apply default config;
*) tile -  make sure that SFP rj45 modules that use forced 1G FD settings work correctly after system reboot;
*) wireless - added WPS buttons support on hAP and hAP ac lite;
*) upnp - added comment for dynamic dst-nat rules to inform what host/program required it;
*) webfig - recognize properly CHR;
*) chr - license fix for AWS and similar solutions;
*) arm - fix usb modem modules on ARM;
*) dhcpv6-client - fixed stopped state;
*) netinstall - sort packages by name;
*) firewall - do not allow to add new rule before built-in (reverted);
*) winbox - include FP in fast-path column names;
*) ipsec - fix phase2 hmac-sha-256-128 truncation len from 96 to 128
This will break compatibility with all previous versions and any other
currently compatible software using sha256 hmac for phase2;
*) ssh, ftp - make read, write user group policy aware;
*) tunnel - fix keep-alive (introduced in 6.34rc);
*) cerm - show last crl update time;
*) quicket - support CAP mode on all existing wireless packages;
*) wlan - add united states3 country;
*) fast-path - fix locking issue which could lead to reboot loop (introduced in 6.34rc20);
*) userman4 - try loading signup files from db path first;
*) sstp - allow to limit tls version to v1.2 only;
*) chr - make tool profile work on 64bit x86;
*) dhcpv6-server - added binding server=all option;
*) hotspot - added html-directory-override & recognize default hotspot user;
*) hotspot - fixed export of default trial user;
*) hotspot - fixed memory leak on https requests;
*) winbox - allow to specify amsdu-limit & amsdu-threshold on 11n wifi cards;
*) winbox - added multicast-buffering & keepalive-frames settings to wireless interfaces;
*) CHR - implemented trial support for different CHR speed tiers;
*) dhcpv6-client - fix add route/address;
*) usb - enable ch341 serial module;
*) lte - make sure that both LTE miniPCI-e cards are recognized;
*) winbox - show Common-Name of certificates in certificate list;
*) winbox - added units to PCQ queue fields;
*) net - do not break connection when interface is added to bridge;
*) hotspot - show cookie add/remove events in hotspot,debug log;
*) hotspot - allow static entries with the same mac on multiple hotspot servers;
*) hotspot - do not remove mac-cookie in case of radius timeout;
*) hotspot - added byte limits option for default-trial users;
*) ipsec - make sure that dynamic policy always has dynamic flag;
*) CAPsMAN - use CAP name in log when remote-cap is deleted (wireless-cm2);
*) hotspot - fixed login by mac-cookie when roaming among hotspot servers;
*) hotspot - add html-directory-override for read-only directory on usb flash;
*) hotspot - add uptime, byte and packet counter variables to logout script;
*) net - fix statistics counters jumping up to 4G;
*) firewall - SIP helper update for newer Cisco phones;
*) usermanager - fixed usermanager web page crash;
*) ipsec - fixed active SAs flushing;
*) hotspot - added option to login user manually from cli;
*) hotspot - fixed trial-uptime parsing from CLI to Winbox/Webfig;
*) lte - added support for multiple E3372 on the same device;
*) modem - added wpd-600n ppp support;
*) console - fixed incorrect disabled firewall rule matching to "invalid flag";
*) dns - fix for situation when dynamic dns servers could disappear;
*) sfp - fix 10g ports in 1g mode (introduced in 6.34rc1);
*) CCR1072 - added support for S-RJ01 SFP modules;
*) trafficgen - fixed issue that traffic-generator could not be started twice without reboot;
*) dhcpv6-server - replace delay option with preference option.
--
*) winbox - show properly route-distinguisher for bgp vpn4;
*) winbox - show dhcp server name in dhcp leases;
*) ppp - make CoA work correctly with address-lists;
*) winbox - fixed tab names to correspond to console;
*) winbox - show only actual switch-cpu ports in switch setting combobox;
*) winbox/webfig - fixed version column ordering in ip neighbors list;
*) webfig - fixed switch port "default vlan id" has missing "auto" value;
*) webfig - fixed firewall connection-bytes option;
*) ipsec - fixed kernel failure after underlying tunnel has been disabled/enabled;
*) romon - allow to see device identity if it is longer than 31 character;
*) fastpath - show fp counters in /interface monitor aggregate;
*) bridge firewall - fix  chain check (broken since 6.33.2);
*) bridge firewall - fixed crash when jump rule points to disabled custom chain;
*) smb - fix crash when changing user which has open session;
*) address-list - properly remove unused address-lists from drop-downs;
*) fetch - fixed closure after 30 seconds;
*) capsman - fix radius accounting stop message;
*) log - reopen log file if deleted;
*) packing - fix tcp/udp checksums when simple packing is used;
*) tile - fix ipsec freeze after SA updates;
*) upnp - fixed missing in-interface option for dynamic dst-nat rules;
*) tunnel - fix complaining about loop after ~248 days;
*) vrrp - make sure that VRRP gets state on bootup;
*) ppp - fixed rare kernel crash (introduced in v6.33);
*) ppp - do not allow empty name ppp secrets;
*) ssh - fix active user accounting.

mipsleのサポートが、6.32.xまでになりました。終息です。

FirewallやPPPに関する修正も多く入っています。特にHotspotは多いようなので、公衆無線LANなどの機能を利用している場合は要注意かもしれません。

マイナーバージョンアップではなくメジャーバージョンアップなので適用には、最新の注意を払って適用したほうが良いでしょう。
できればテスト環境を用意したうえで確認したほうが良いと思い割れます。

それでは良いRouterOSライフを!