What's new in 6.32.4 (2016-Feb-09 09:17): Contains all relevant fixes that was confirmed till v6.34 release. *) address-list - properly remove unused address-lists from drop-downs; *) arp - show incomplete ARP entries; *) bridge - fixed power-cycle-ping for bridge ports (was affecting all bridge); *) bridge firewall - fixed crash when jump rule points to disabled custom chain; *) btest - fix potential crash after btest release; *) btest - improve UDP tx rate precision; *) crypto - fixed kernel failure in talitos HW encryption; *) dhcpv6-client - fix DNS address assignement; *) dhcpv6-client - set correct parameters when rapid commit is used *) e-mail - do not reset server address after changing configuration; *) email - make password field sensitive in console. *) ethernet - fixed link resetting on power-cycle-ping value change; *) fastpath - fixed possible kernel failure on multi core systems; *) fastpath - show fp counters in /interface monitor aggregate; *) fetch - added 30 second connection time-out; *) fetch - fixed closure after 30 seconds; *) hotspot - added missing favicon.ico in hotspot html pages; *) hotspot - fixed missing image at login; *) ipsec - fixed kernel failure after underlying tunnel has been disabled/enabled; *) kernel - general improvement for core process scheduling; *) lcd - fixed LCD crash on fast disable/enable; *) lcd - refresh LCD after display command is executed; *) led - add WLAN led to RB951Ui *) log - log link up/down events only when link actually has changed its state; *) log - reopen log file if deleted; *) lte - improve support Sierra Wireless 320U; *) lte - speed up first time connection to LTE network on SXT LTE; *) net - apply slave config only if master config has been changed; *) net - do not show L2MTU in VLAN compact export; *) netinstall - fix branding pack parsing; *) netwatch - make work with ping time-out more precise; *) packages - show version tag when no bundle is installed. *) packing - fix tcp/udp checksums when simple packing is used; *) ppp - do not allow empty name ppp secrets; *) ppp - fixed dynamic filter rule adding on some firewall filter configurations; *) ppp - make PPP active print radius & !radius conditions work; *) romon - allow to see device identity if it is longer than 31 character; *) romon - do not accept multicast id; *) romon - fixed crash on RoMON if fast-path was active; *) smb - fix crash when changing user which has open session; *) smb - fixed SMB share crash when connection was cancelled; *) smb - show correct interface name in SMB debug logs; *) ssh - avoid double session clean-up; *) ssh - fix active user accounting; *) ssh - fix key exchange when first kex packet follows. *) ssh - fix session clean-up; *) sshd - resolved shared secret mismatch issue; *) tile - fix ipsec freeze after SA updates; *) tile - fixed kernel failure on HW encryption; *) upnp - fixed memory leak; *) upnp - fixed missing in-interface option for dynamic dst-nat rules; *) vrrp - allow VRRP to work behind firewall and NAT rules; *) vrrp - do not warn about version mismatch if VRID does not match; *) vrrp - fix arp=reply-only; *) vrrp - fix enabling disabled vrrp interface when vrrp program has exited; *) vrrp - fixed on-backup script; *) vrrp - make sure that VRRP gets state on bootup; *) webfig - didn't show zero values in CRS ingress/egress VLAN translation rules; *) webfig - fixed firewall connection-bytes option; *) webfig - show correctly SFP Tx/Rx; *) winbox - added + & - to IGMP proxy MFC; *) winbox - allow to specify traffic-monitor threshold in k & M units + specify that those are bits; *) winbox - do not send any changes on OK button press if nothing has been changed; *) winbox - fixed tab names to correspond to console; *) winbox - fixed tab names to correspond to console; *) winbox - renamed power-cycle-ping-interval to power-cycle-ping-timeout; *) winbox - show dhcp server name in dhcp leases; *) winbox - show fast-path per interface counters; *) winbox - show only actual switch-cpu ports in switch setting combobox; *) winbox - show properly route-distinguisher for bgp vpn4; *) winbox/webfig - fixed version column ordering in ip neighbors list. What's new in 6.32.3 (2015-Oct-19 11:13): *) switch - fixed CRS settings set back to defaults after a reboot; *) netinstall - include missing RB1200 drivers; *) firewall - fixed connection-rate matcher; *) ppp, pptp, l2tp, pppoe: fixed router dead locked if compression was enabled on link; *) quickset - create proper firewall rules when PPPoE is used for address acquisition; *) sstp - fixed kernel crash when other party started to fragment ppp packets in the middle; *) ippool6 - optimize same prefix acquisition; *) winbox - Shift+Ins & Shift+Del did not work in multi entry fields; *) winbox - allow to specify ipv6 address in traffic flow target; *) winbox - allow to specify eap-radius-accounting in CAPsMAN; *) winbox - allow to enter dns name in email server; *) ups - fix console oid print; *) tunnel - fix loopback keepalives on gre and ipip; *) pptp,l 2tp, sstp, pppoe: do not send data packets before we have negotiated connection with other side (happens on dial-on-demand interfaces), this brakes when connecting to other party servers; *) pptp, l2tp, sstp - make it work when add-default-route & dial-on-demand both are enabled; *) pptp, l2tp, sstp, pppoe clients - fixed problem where they failed to connect at startup and only reboot helped; *) nv2 - fixed kernel failure with frame size accounting; *) ovpn client - fixed crash when ovpn didn't receive it's ip address; *) lcd - fix slideshow for CCR1072, and possible sign issues for temperatures; *) winbox - make console notice correct screen size; *) ssh - allow to specify pass as argument for private key import; *) winbox - refetch hotspot walled garden hit counter; *) winbox - added client-connections & server-connections to web proxy status; *) cerm - fix scep server certificate-reply degenerate PKCS#7 signed-data content; *) bgp - specific BGP networks were changed to different ones; *) cerm - allow export for all types except templates; *) wlan - update brazil-anatel country; *) winbox - fixed context menu actions to apply to all selected items; What's new in 6.32.2 (2015-Sep-17 15:20): *) cerm - guard template from parallel use *) mipsle - fixed missing second level menu in CLI; *) sstp - avoid routing loops on client when adding default route; *) sstp - fixed problem where sometimes sstp ip addresses were invalid; *) switch - fixed bogus log messages about excessive broadcasts/multicasts on master-port; *) tftp - fix request file name reading from packet *) pptp encryption - better handling for out-of-order packets; *) ethernet - added support for new ASIX USB Ethernet dongles; *) CAPsMAN - fix 100% CPU usage when trying to upgrade RouterOS on CAP; *) upgrade - fixed default configuration export; *) ppp - fixed ppp interface stuck in not running state; *) ipsec - fixed kernel failure when packets were not ordered on first call; *) upnp - randomize action urls to fix "filet-o-firewall" vulnerability; *) RB532/RB564 - fixed no link after ethernet disable/enable; *) romon - fixed default configuration export; *) tile - fixed occasional deadlock on module unload; *) mesh - fix router lock-up when interface is added/removed; *) ipsec - fix sockaddr buf size on id generation for ipv6 address; *) health - show correct voltage for CRS109,CRS112,CRS210 when powered through PSU and show voltage up to 27V when powered through PoE; *) email - resolve server address; *) snmp - show firmware upgrade info; *) upgrade - report status in check-for-updates. What's new in 6.32.1 (2015-Sep-07 13:03): *) RB911/912 - fixed lock-up; *) RB493G - fixed reboot loop; *) firewall - do not lose firewall mangle rules on start-up; *) defconf - fix default configuration for routers without wireless package. What's new in 6.32 (2015-Aug-31 14:47): *) trafflow - added support for IPv6 targets; *) switch - fixed port flapping on switch ports of RB750, RB750UP, RB751U-2HnD and RB951-2N (introduced in 6.31) *) ipsec - added compatibility option skip-peer-id-check; *) flash - fix kernel failure (exposed by 6.31); *) bridge firewall - add ipv6 src/dst addr, ip protocol, src/dst port matching to bridge firewall; *) RB911/RB912 - fix SPI bus lock after fast led blink; *) ipsec - fix potential memory leak; *) bridge firewall - vlan matchers support service tag - 0x88a8; *) ippool6 - try to acquire the same prefix if info matches recently freed; *) crs switch - allow to unset port learn-limit, new default is unset to allow more than 1023 hosts per port; *) x86 - fixed 32bit multi-cpu kernel support; *) chr - add hotspot,btest,traffgen support; *) revised change that caused reboot by watchdog problems introduced in v6.31; *) ipsec - use local-address for phase 1 matching and initiation; *) ipsec - fix transport mode ph2 ID ports when policy selects specific ip protocol on initiator; *) certificates -fixed bug where crl stopped working after a while; *) ip accounting - fixed kernel crash; *) snmp - fix system scripts get; *) hotspot - ignore PoD remote requests if no HotSpot configured; *) hotspot - fix kernel failure when www plugin aborts on broken html source; *) torch - add invert filter for src/dst/src6/dst6 addresses ; *) bonding - add min_links property for 802.3ad mode; *) snmp - get vlan speed from master interface; *) hotspot - fix html-directory path on small flash devices; *) mipsbe - make system shutdown work again; *) lcd - fixed parallel port LCD display support on multi-cpu x86; *) bridge - fixed use-ip-firewall-for-vlan in setups with multiple bridges; *) ipv6 - fixed DHCP-PD client skips some steps when renewing lease; *) upnp - fixed protocol port selection for upnp protocol comunications; *) firewall - fixed limit and dst-limit options. *) winbox - fixed wireless interface l2mtu (VirtualAP and WDS interface creation in winbox) *) winbox - fixed multiple firewall rule moving in Winbox 2 *) simple queues - restrict all changes in dynamic simple queues What's new in 6.31 (2015-Aug-14 15:42): *) check-for-update - added ability to select versions channel to check (bugfix, current, RC or development) *) demo mode of Cloud Hosted Router (CHR) added *) chr - added x86_64 image for use in virtual environments *) chr - added support for VMware SCSI virtual disks *) chr - added support for VMware vmxnet3 network card *) chr - added support for HyperV SCSI disks *) chr - added support for HyperV Ethernet interfaces *) chr - added support for virtio disks *) fixed occasional interface resetting on CRS switches *) fixed ethernet stopping on RB NetMetal / SXTG-5HPacD 10Mbit and 100Mbit links *) ipsec - fixed crash in when gcm encryption was used *) ipsec - allow to set peer address as "::/0" *) ipsec - fixed empty sa-src address on acquire in tun mode *) ipsec - show proposal info in export ipsec section *) ipsec - preserve port wildcard when generating policy without port override *) ipsec - fixed replay window, was accidentally disabled since version 6.30; *) certificate manager - fixed memory leak *) ssh - allow host key import/export *) ssh - use 2048bit RSA host key when strong-crypto enabled *) ssh - support RSA keys for user authentication *) conntrack - fixed problem with manual connection removal *) conntrack - added tcp-max-retrans-timeout and tcp-unacked-timeout *) wireless - implemented l2mtu update if wireless-cm2 is enabled *) wireless - improved WMM-PowerSave support in wireless-cm2 package *) mpls - better multicore support for VPLS ingress/egress *) ovpn - better multicore support for interface initialization/authentication/creation. *) mesh - performance improvement *) pptp & l2tp - fixed problem where android client could not connect if both dns names were not provided (was broken since v6.30) *) user-manager - fixed username was not shown in /tool user-manager user *) user-manager - fixed zoom for user-manager homepage when mobile devices used *) winbox - restrict change dynamic interface fields *) winbox - also hide passphrase in CAPsMAN with "Hide Password" *) winbox - restrict reversed ranges in dst-port under firewall *) quickset - fixed HomeAP mode *) lcd - added LCD package for all architectures (for serial port LCD modules) *) lcd - fixed crash (and 100% cpu usage) when interface gets removed from "stats-all" screen *) tool fetch - fixed incomplete ftp download *) tool fetch - don't trim [t]ftp leading slashes *) proxy - adjust time according to time-zone settings in proxy cache contents. *) bridge fastpath - fixed updating bridge FDB on receive (could cause TX traffic flooding on all bridge ports) *) bonding fastpath - fixed possible crash when bonding master was also a bridge port *) route - fixed crash on removing route that was aggregated *) romon - fixed crash on SACKed tx segments *) lte - improved modem identification to better support multiple identical modems *) snmp - fixed system scripts table *) traffic flow - fixed dynamic input/output interface reporting *) ipv6 dhcp-relay - fixed problem loading configuration known issue: *) Dynamic DNS servers can disappear when "allow-remote-requests" are not enabled What's new in 6.30 (2015-Jul-08 09:07): *) wireless - added WMM power save suport for mobile devices; *) firewall - sip helper improved, large packets no longer dropped; *) fixed encryption 'out of order' problem on SMP systems; *) email - fix sending multiple consecutive emails; *) fixed router lockup on leap seconds with installed ntp package; *) ccr - made hardware watchdog work again (was broken since v6.26); *) console - allow users with 'policy' policy to change script owner; *) icmp - use receive interface address when responding with icmp errors; *) ipsec - fail ph2 negitioation when initiator proposed key length does not match proposal configuration; *) timezone - updated timezone information to 2015e release; *) ssh - added option '/ip ssh stong-crypto' *) wireless - improve ac radio coexistence with other wireless clients, optimized transmit times to not interfere with other devices; *) console - values of $".id", $".nextid" and $".dead" are avaliable for use in 'print where' expressions; *) console - ':execute' command now accepts script source in "{}" braces, like '/system scripts add source=' does; *) console - ':execute' command now returns internal number of running job, that can be used to check and stop execution. For example: :local j [:execute {/interface print follow where [:log info "$name"]}] :delay 10s :do { /system script job remove $j } on-error={} *) console - firewall 'print' commands now show all entries including dynamic, 'all' argument now has no effect; *) ipsec - increase replay window to 128; *) fixed file transfer on devices with large RAM memory; *) pptp - fixed "encryption got out of sync" problem; *) ppp - disable vj tcp header compression; *) api - reduce api tcp connection keepalive delay to 30 seconds, will timeout idle connections in about 5 minutes; *) pptp & l2tp & sstp client: support the case were server issues its tunnel ip address the same as its public one; *) removed wireless package from routeros bundle package, new wireless-fp is left in place and wireless-cm2 added as option; *) pptp & l2tp client: when adding default route, add special exception route for a tunnel itself (no need to add it manually anymore); *) improved connection list: added connection packet/byte counters, added separate counters for fasttrack, added current rate display, added flag wheather connection is fasttracked/srcnated/dstnated, removed 2048 connection entry limit; *) tunnels - eoip, eoipv6, gre,gre6, ipip, ipipv6, 6to4 tunnels have new property - ipsec-secret - for easy setup of ipsec encryption and authentication; *) firewall - added ipsec-policy matcher to check wheather packet was/will be ipsec processed or not; *) possibility to disable route cache - improves DDOS attack handling performance up to 2x (note that ipv4 fastpath depends on route cache); *) fasttrack - added dummy firewall rule in filter and mangle tables to show packets/bytes that get processed in fasttrack and bypass firewall; *) fastpath - vlan interfaces support fastpath; *) fastpath - partial support for bonding interfaces (rx only); *) fastpath - vrrp interfaces support fastpath; *) fixed memory leak on CCR devices (introduced in 6.28); *) lte - improved modem identification to better support multiple identical modems; *) snmp - fix system scripts table; What's new in 6.29 (2015-May-27 11:19): *) ssh server - use custom generated DH primes when possible; *) ipsec - allow to specify custom IP address for my_id parameter; *) ovpn server - use subnet topology in ip mode if netmask is provided (makes android & ios clients work); *) console - allow '-' characters in unknown command argument names; *) snmp - fix rare bug when some OIDs where skipped; *) ssh - added aes-ctr cipher support; *) mesh - fixed kernel crash; *) ipv4 fasttrack fastpath - accelerates connection tracking and nat for marked connections (more than 5x performance improvement compared to regular slow path conntrack/nat) - currently limited to TCP/UDP only; *) added ~fasttrack-connection~ firewall action in filter/mangle tables for marking connections as fasttrack; *) added fastpath support for bridge interfaces - packets received and transmitted on bridge interface can go fastpath (previously only bridge forwarded packets could go fastpath); *) packets now can go half-fastpath - if input interface supports fastpath and packet gets forwarded in fastpath but output interface does not support fastpath or has interface queue other than only-hw-queue packet gets converted to slow path only at the dst interface transmit time; *) trafflow: add natted addrs/ports to ipv4 flow info; *) tilegx: enable autoneg for sfp ports in netinstall; *) health - fix voltage on some RB4xx; *) romon - fix 100% CPU usage; *) romon - moved under tools menu in console; *) email - store hostname for consistency; *) vrrp - do not reset interface when no interesting config changes; *) fixed async. ppp server; *) sstp - fixed router lockup. *) queue tree: some queues would stop working after some configuration changes; *) fixed CRS226 10G ports could lose link (introduced in 6.28); *) fixed FREAK vulnerability in SSL & TLS; *) firewall - fixed sector writes rising starting since 6.28; *) improved support for new hEX lite; What's new in 6.28 (2015-Apr-15 15:18): *) email - increase server greeting timeout to 60s; *) lte - ZTE MF823 may loose configuration; *) userman - update paypal root certificate; *) timezone - updated timezone information to 2015b release; *) cm2 - fixed capsman v2 100% CPU and other stability improvements; *) route - using ldp could cause connected routes with invalid interface nexthop; *) added support for SiS 190/191 PCI Ethernet adapter; *) made metarouter work on boards with 802.11ac support or usb LTE; *) sstp server - allow ADH only when no certificate set; *) make fat32 disk formatting support disks bigger than 134GiB; *) fixed tunnels - could crash when clamp-tcp-mss was enabled; *) added basic counters for ipv4/bridge fast path, also show status wether fast path is active at all; *) trafflow: - fixed crash on disable; *) pppoe over eoip - fixed crash with large packets; *) tilegx - fixed memory leak when queue settings are changed; *) ar9888 - fixed crash when hw reports invalid rate; *) console - fixed "in" operator in console; *) console - make "/system package update print" work again. *) tile - rare situation when CCR devices failed to auto-negotiate ethernet link (introduced in v6.25); *) dhcpv4 client - it is now possible to unset default clientid and hostname options *) initial RoMon (Router Management Overlay Network) support added. What's new in 6.27 (2015-Feb-11 13:24): *) console - added 'comment' parameter for '/system script' *) api - return sentences can have property ".section" that groups values from commands such as "monitor", "traceroute", "print" (with non-zero 'interval' value); *) cloud - add time zone detection feature "/system clock time-zone-autodetect"; *) cloud - rename "/ip cloud enabled" to "/ip cloud ddns-enabled"; *) cloud - make "/ip cloud update-time" independent from "/ip cloud ddns-enabled" *) cloud - when setting "/ip cloud ddns-enabled" to "no" router will send message to server to disable DNS name for this routerboard; *) cloud - "/ip cloud force-update" command now will work also when "/ip cloud ddns-enabled = no". usefull if user wants to disable DDNS; *) RB4xxGL - improved ethernet throughput (less dropped packets); *) RouterBOARD - fixed health reporting; *) check-installation: fixed wrong kernel crc on powerpc boards *) watchdog: fix software watchdog for x86 *) ssh - check conn state before sending disconnect message; *) ipsec - fixed crash that happened in specific situation;