二週間ぶりにCurrentブランチがアップデートしました。
今回も更新内容は多めです。
What's new in 6.38.1 (2017-Jan-13 05:51): *) bridge - disallow manual removal of dynamic bridge ports; *) bridge - fixed MAC address learning from switch master-port; *) bridge - fixed access loss to device through bridge if master port had a loop (introduced in v6.38); *) certificate - added year cap (invalid-after date will not exceed year 2039); *) certificate - fixed fail on import from CAPs when both key and name already exist; *) dhcpv6-client - fixed DHCPv6 rebind on startup; *) dhcpv6-server - fixed server removal crash if static binding was present; *) dns - fixed typo in regexp error message; *) dude - (changes discussed here: https://forum.mikrotik.com/viewtopic.php?f=21&t=116356); *) fan - improved RPM monitor on CCR1009; *) firewall - nat action "netmap" now requires to-addresses to be specified; *) health - report fan speed for RB800 and RB1100 when 3-pin fan is being used; *) ike1 - fixed ph1 rekey in setups with mode-cfg; *) ike2 - allow empty selectors to reach policy handler; *) ike2 - auto-negotiate split nets; *) ike2 - default to tunnel mode in setups without policy; *) ike2 - fixed error packet from initiator on responder reply; *) ike2 - fixed initiator TS updating; *) ike2 - fixed ph1 initial-contact rare desync; *) ike2 - fixed policy setting for /0 selector with different address families; *) ike2 - fixed split policy active flag; *) ike2 - fixed traffic selector prefix calculation; *) ike2 - fixed xauth add check; *) ike2 - include identity in peer address info; *) ike2 - log empty TS payload; *) ike2 - minor logging update; *) ike2 - show peer identity of connected peers; *) ike2 - traffic selector improvements; *) ike2 - update also local port when peer changes port; *) ike2 - use first split net for empty TS; *) ike2 - use standard retransmission timers for DPD; *) ike2 - xauth like auth method with user support; *) ipsec - added ability to kill particular remote-peer; *) ipsec - fixed flush speed and SAs on startup; *) ipsec - fixed peer port export; *) ipsec - port is used only for initiators; *) ipv6 - added warning about having interface MTU less than minimal IPv6 packet fragment (1280); *) license - fixed demo license expiration after installation on x86; *) log - improved firewall log messages when NAT has changed only connection ports; *) logs - work on false CPU/RAM overclocked alarms; *) mpls - fixed crash on active tunnel loss in MPLS TE setups; *) ovpn - fixed address acquisition when ovpn-in interface becomes slave; *) proxy - fixed "max-cache-object-size" export; *) proxy - speed-up almost empty disk cache clean-up; *) quickset - various small changes; *) rb751u - fixed ethernet LEDs (broken since 6.38rc16); *) ssh - fixed high memory consumption when transferring file over ssh tunnel; *) webfig - show properly large BGP AS numbers; *) winbox - added "make-static" to IPv6 DHCP server bindings; *) winbox - added "prefix-pool" to DHCPv6 server binding; *) winbox - added IPsec to radius services; *) winbox - added upstream flag to IGMP proxy interfaces; *) winbox - allow to specify "connection-bytes" & "connection-rate" for any protocol in “/ip firewall” rules; *) winbox - allow to specify "sip-timeout" under ip firewall service-ports; *) winbox - do not create empty rates.vht-basic/supported-mcs if not specified in CAPsMAN; *) winbox - hide "nat-traversal" setting in IPsec peer if IKEv2 is selected; *) winbox - show dynamic IPv6 pools properly; *) winbox - show errors on IPv6 addresses; *) winbox - specify metric for “/ip dns cache-used” setting; *) wireless - show comment on "security-profile" if it is set;
IPsec/IKEv2とWinbox周りの修正が主なようです。IPsec/IKEv2については動作に関わりますので、十分にテストをするようにしてください。また、bridgeなどについても修正が入っているようなので、こちらもテストをしたほうが良いでしょう。
currentブランチなので、大きなバグはないはずですが、気になる方は公式フォーラムを覗いてどんな様子か確認するのもありだと思います。
また、合わせてRouterOS 6.39rc対応を含めたWinbox3.9が公開になっています。一部の機能が使用できなかったとあるので、気になる方はアップデートしても良いと思います。
MikroTik Routers and Wireless: Software /
http://www.mikrotik.com/download