Changelog 6.41 – MikroTik Changelog Tracker

Component	Change
arm	minor improvements on CPU load distribution for RB1100 series devices;
arp	fixed invalid static ARP entries after reboot on interfaces without IP address;
bgp	added 32-bit private ASN support;
bridge	added comment support for VLANs;
bridge	added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
bridge	added support for "/interface list" as a bridge port;
bridge	assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
bridge	automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
bridge	changed "Host" and "MDB" table column order;
bridge	disable "hw-offload" when "horizon" or "external-fdb" is set;
bridge	fixed "fast-forward" counters;
bridge	fixed ARP setting (introduced in v6.40rc36);
bridge	fixed connectivity issues when there are multiple VLAN interfaces on bridge;
bridge	fixed hw-offloaded IGMP Snooping service getting stopped;
bridge	fixed multicast forwarding (introduced in v6.40rc36);
bridge	implemented dynamic entries for active MST port overrides;
bridge	implemented software based "igmp-snooping";
bridge	implemented software based MSTP;
bridge	removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
bridge	set "igmp-snooping=no" by default on new bridges;
bridge	show "admin-mac" only if "auto-mac=no";
bridge	show bridge interface local addresses in the host table;
btest	improved reliability on Bandwidth Test when device`s RAM is almost full;
capsman	added "vlan-mode=no-tag" option;
capsman	added possibility to downgrade CAP with Upgrade command from CAPsMAN;
capsman	return complete CA chain when issuing new certificate;
capsman	use "adaptive-noise-immunity" value from CAP local configuration;
certificate	added option to store CRL in RAM (CLI only);
certificate	fixed SCEP "get" request URL encoding;
certificate	improved CRL update after system startup;
certificate	show "Expired" flag when initial CRL fetch fails;
certificate	show invalid flag when local CRL file does not exist;
chr	added KVM memory balloon support;
chr	added suspend support;
console	do not stop "/certificate sign" process if console times out in 1 minute;
console	removed "/setup";
crs317	added initial support for HW offloaded MPLS forwarding;
crs317	fixed reliability on FAN controller;
crs326	fixed packet processing speed on switch chip if individual port link speed differs;
crs326	improved transmit performance from SFP+ to Ethernet ports;
crs3xx	added ingress/egress rate input limits;
crs3xx	hide unused switch "vlan-mode", "vlan-header-mode" and "default-vlan-id" options;
crs3xx	switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
dhcp	fixed DHCP services failing after reboot when DHCP option was used;
dhcp	fixed unresponsive DHCP service caused by inability to read not set RAW options;
dhcp	require DHCP option name to be unique;
dhcp-client	limit and enforce DHCP client "default-route-distance" minimal value to 1;
dhcp-server	added "option-set" argument (CLI only);
dhcp-server	added basic RADIUS accounting;
dhcpv4-client	add dynamic DHCP client for mobile clients which require it;
dhcpv4-client	allow to use DUID for client as identity string as the option 61;
dhcpv4-server	added "NETWORK_GATEWAY" option variable;
dhcpv4-server	strip trailing "\0" in "hostname" if present;
discovery	use "/interface list" instead of interface name under neighbor discovery settings;
e-mail	do not show errors when sending e-mail from script;
eoip	made L2MTU parameter read-only;
ethernet	removed "master-port" parameter;
export	fixed interface list export;
fetch	accept all HTTP 2xx status codes;
filesystem	implemented additional system integrity checks on reboots;
firewall	added "tls-host" firewall matcher;
health	fixed bogus voltage readings on CCR1009;
hotspot	fixed "dst-port" to require valid "protocol" in "walled-garden ip";
hotspot	fixed Walled Garden IP functionality when address-list is used;
ike1	DPD retry interval set to 5 seconds;
ike1	disallow peer creation using base mode;
ike1	fixed crash on xauth if user does not exist;
ike1	fixed memory corruption when IPv6 is used;
ike1	improved stability on phase1 rekeying;
ike1	release mismatched PH2 peer IDs;
ike1	use /32 netmask if none provided by mode config;
ike2	added support for multiple split networks;
ike2	check identities on "initial-contact";
ike2	do not allow to configure nat-traversal;
ike2	fixed PH1 lifetime reset on boot;
ike2	fixed initiator DDoS cookie processing;
ike2	fixed responder DDoS cookie first notify type check;
ike2	kill connection when peer changes address;
ike2	use peer configuration address when available on empty TSi;
interface	added "/interface reset-counters" command (CLI only);
interface	added default "/interface list" "dynamic" which contains dynamic interfaces;
interface	added option to join and exclude "/interface list" from one and another;
interface	fixed corrupted "/interface list" configuration after upgrade;
ippool6	try to assign desired prefix for client if prefix is not being already used;
ipsec	added DH groups 19, 20 and 21 support for phase1 and phase2;
ipsec	allow to specify "remote-peer" address as DNS name;
ipsec	fixed incorrect esp proposal key size usage;
ipsec	fixed policy enable/disable;
ipsec	improved hardware accelerated IPSec performance on 750Gr3;
ipsec	improved reliability on certificate usage;
ipsec	renamed "firewall" argument to "notrack-chain" in peer configuration;
ipsec	skip invalid policies for phase2;
ipv6	add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
l2tp	improved reliability on packet processing in FastPath;
l2tp-server	fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
lcd	fixed "flip-screen=yes" state after reboot;
log	added "bridge" topic;
log	fixed interface name in log messages;
log	optimized "poe-out" logging topic logs;
lte	added "/interface lte apn" menu (Passthrough requires reconfiguration);
lte	added Passthrough support;
lte	added Yota non-configurable modem support;
lte	added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
lte	automatically add "/ip dhcp-client" configuration on interface;
lte	changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
lte	fixed Passthrough support;
lte	fixed authentication for non LTE modes;
lte	fixed error when trying to add APN profile without name;
lte	fixed rare crash when initializing LTE modem after reset;
lte	fixed user authentication for R11e-LTE when new firmware is used;
lte	integrated IP address acquisition without DHCP client for wAP LTE kit-US;
lte	limited minimal default route distance to 1;
lte	update info command with "location area code" and "physical cell id" values;
m11g	improved ethernet performance on high load;
mac-server	use "/interface list" instead of interface name under MAC server settings;
modem	added initial support for Alcatel IK40 and Olicard 500;
neighbor	show neighbors on actual bridge port instead of bridge itself
netinstall	fixed missing "/flash/etc" on first bootup;
netinstall	fixed missing default configuration prompt on first startup after reset/netinstall;
ospf	fixed OSPF v2 and v3 neighbor election;
ovpn-server	do not periodically change automatically generated server MAC address;
poe	added new "poe-out" status "controller-error";
poe	fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
poe	log PoE status related messages under debug topic;
ppp	added initial support for PLE902;
ppp	added support for Sierra MC7750, Verizon USB730L;
ppp	do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
ppp	fixed "change-mss" functionality when MSS option is missing on forwrded packets;
ppp	fixed L2TP and PPTP encryption negotiation process on configuration changes;
ppp	fixed situation when part of PPP configuration was reset to default values after reboot;
pppoe-client	properly re-establish MLPPP session when one of the lines stopped transmitting packets;
pppoe-server	fixed situation when PPPoE servers become invalid on reboot;
quickset	added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
quickset	fixed LTE quickset mode APN field;
quickset	fixed situation when Quickset automatically changes mode to CPE;
quickset	renamed router IP static DNS name to "router.lan";
radius	limited RADIUS timeout maximum value to 3 seconds;
route	fixed potential route crash on routing table update;
scheduler	properly display long scheduler configuration;
sfp	fixed SFP interface power monitor when bad SFP DDMI information is received;
sftp	added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
sms	fixed minor problem for SMS delivery;
sms	log decoded USSD responses;
snmp	fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
snmp	fixed bridge host requests on devices with multiple bridge interfaces;
snmp	fixed bulk requests when non-repeaters are used;
snmp	fixed consecutive OID bulk get from the same table;
snmp	show only available OIDs under "/system health print oid";
ssh	do not use DH group1 with strong-crypto enabled;
ssh	enforced 2048bit DH group on tile and x86 architectures;
system	show USB topology for the device info;
tile	improved hardware encryption processes;
tr069-client	fixed "/interface lte apn" configuration parameters;
traceroute	improved "/tool traceroute" results processing;
upnp	add "src-address" parameter on NAT rule if it is specified on UPnP request;
upnp	deny UPnP request if port is already used by the router;
ups	fixed duplicate "failed" UPS logs;
userman	allow to generate more than 999 users;
w60g	added "put-stations-in-bridge" and "isolate-stations" options to manage connected clients;
w60g	connected stations are treated as separate interfaces;
webfig	added favicon file;
webfig	fixed router getting reset to default configuration;
webfig	fixed terminal graphic user interface under Safari browser;
winbox	added "W60G station" tab in Wireless menu;
winbox	added "notrack-chain" setting to IPSec peers;
winbox	added support for "_" symbol in terminal window;
winbox	added switch menu on RB1100AHx4;
winbox	do not show MetaROUTER stuff on RB1100AHx4;
winbox	do not show duplicate "Switch" menus for CRS326;
winbox	do not show duplicate "Template" parameters for filter in IPSec policy list;
winbox	do not show duplicate filter parameters "Published" in ARP list;
winbox	do not show unnecessary tabs from "Switch" menu;
winbox	fixed "/certificate sign" process;
winbox	fixed bridge port sorting order by interface name;
winbox	show warnings under "/system routerboard settings" menu;
wireless	added "allow-signal-out-off-range" option for Access List entries;
wireless	added "indonesia3" regulatory domain information;
wireless	added passive scan option for wireless scan mode;
wireless	added support for CHARGEABLE_USER_ID in EAP Accounting;
wireless	check APs against connect-list rules starting with strongest signal;
wireless	do not show background scan frequencies in the monitor command channel field;
wireless	improved reliability on "rx-rate" selection process;
wireless	increased the EAP message retransmit count;
wireless	log "signal-strength" when successfully connected to AP;
wireless	pass interface MAC address in Sniffer TZSP frames;
wireless	updated "UK 5.8 Fixed" and "Australia" country data;
wireless	updated "united kingdom" regulatory domain information;

arm

minor improvements on CPU load distribution for RB1100 series devices;

arp

fixed invalid static ARP entries after reboot on interfaces without IP address;

bgp

added 32-bit private ASN support;

bridge

added comment support for VLANs;

bridge

added initial support for hardware "igmp-snooping" on CRS1xx/2xx;

bridge

added support for "/interface list" as a bridge port;

bridge

assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);

bridge

automatically turn off "fast-forward" feature if both bridge ports have "H" flag;

bridge

changed "Host" and "MDB" table column order;

bridge

disable "hw-offload" when "horizon" or "external-fdb" is set;

bridge

fixed "fast-forward" counters;

bridge

fixed ARP setting (introduced in v6.40rc36);

bridge

fixed connectivity issues when there are multiple VLAN interfaces on bridge;

bridge

fixed hw-offloaded IGMP Snooping service getting stopped;

bridge

fixed multicast forwarding (introduced in v6.40rc36);

bridge

implemented dynamic entries for active MST port overrides;

bridge

implemented software based "igmp-snooping";

bridge

implemented software based MSTP;

bridge

removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);

bridge

set "igmp-snooping=no" by default on new bridges;

bridge

show "admin-mac" only if "auto-mac=no";

bridge

show bridge interface local addresses in the host table;

btest

improved reliability on Bandwidth Test when device`s RAM is almost full;

capsman

added "vlan-mode=no-tag" option;

capsman

added possibility to downgrade CAP with Upgrade command from CAPsMAN;

capsman

return complete CA chain when issuing new certificate;

capsman

use "adaptive-noise-immunity" value from CAP local configuration;

certificate

added option to store CRL in RAM (CLI only);

certificate

fixed SCEP "get" request URL encoding;

certificate

improved CRL update after system startup;

certificate

show "Expired" flag when initial CRL fetch fails;

certificate

show invalid flag when local CRL file does not exist;

chr

added KVM memory balloon support;

chr

added suspend support;

console

do not stop "/certificate sign" process if console times out in 1 minute;

console

removed "/setup";

crs317

added initial support for HW offloaded MPLS forwarding;

crs317

fixed reliability on FAN controller;

crs326

fixed packet processing speed on switch chip if individual port link speed differs;

crs326

improved transmit performance from SFP+ to Ethernet ports;

crs3xx

added ingress/egress rate input limits;

crs3xx

hide unused switch "vlan-mode", "vlan-header-mode" and "default-vlan-id" options;

crs3xx

switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;

dhcp

fixed DHCP services failing after reboot when DHCP option was used;

dhcp

fixed unresponsive DHCP service caused by inability to read not set RAW options;

dhcp

require DHCP option name to be unique;

dhcp-client

limit and enforce DHCP client "default-route-distance" minimal value to 1;

dhcp-server

added "option-set" argument (CLI only);

dhcp-server

added basic RADIUS accounting;

dhcpv4-client

add dynamic DHCP client for mobile clients which require it;

dhcpv4-client

allow to use DUID for client as identity string as the option 61;

dhcpv4-server

added "NETWORK_GATEWAY" option variable;

dhcpv4-server

strip trailing "\0" in "hostname" if present;

discovery

use "/interface list" instead of interface name under neighbor discovery settings;

e-mail

do not show errors when sending e-mail from script;

eoip

made L2MTU parameter read-only;

ethernet

removed "master-port" parameter;

export

fixed interface list export;

fetch

accept all HTTP 2xx status codes;

filesystem

implemented additional system integrity checks on reboots;

firewall

added "tls-host" firewall matcher;

health

fixed bogus voltage readings on CCR1009;

hotspot

fixed "dst-port" to require valid "protocol" in "walled-garden ip";

hotspot

fixed Walled Garden IP functionality when address-list is used;

ike1

DPD retry interval set to 5 seconds;

ike1

disallow peer creation using base mode;

ike1

fixed crash on xauth if user does not exist;

ike1

fixed memory corruption when IPv6 is used;

ike1

improved stability on phase1 rekeying;

ike1

release mismatched PH2 peer IDs;

ike1

use /32 netmask if none provided by mode config;

ike2

added support for multiple split networks;

ike2

check identities on "initial-contact";

ike2

do not allow to configure nat-traversal;

ike2

fixed PH1 lifetime reset on boot;

ike2

fixed initiator DDoS cookie processing;

ike2

fixed responder DDoS cookie first notify type check;

ike2

kill connection when peer changes address;

ike2

use peer configuration address when available on empty TSi;

interface

added "/interface reset-counters" command (CLI only);

interface

added default "/interface list" "dynamic" which contains dynamic interfaces;

interface

added option to join and exclude "/interface list" from one and another;

interface

fixed corrupted "/interface list" configuration after upgrade;

ippool6

try to assign desired prefix for client if prefix is not being already used;

ipsec

added DH groups 19, 20 and 21 support for phase1 and phase2;

ipsec

allow to specify "remote-peer" address as DNS name;

ipsec

fixed incorrect esp proposal key size usage;

ipsec

fixed policy enable/disable;

ipsec

improved hardware accelerated IPSec performance on 750Gr3;

ipsec

improved reliability on certificate usage;

ipsec

renamed "firewall" argument to "notrack-chain" in peer configuration;

ipsec

skip invalid policies for phase2;

ipv6

add dynamic "/ip dns" server address from RA when RA is permitted by configuration;

l2tp

improved reliability on packet processing in FastPath;

l2tp-server

fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;

lcd

fixed "flip-screen=yes" state after reboot;

log

added "bridge" topic;

log

fixed interface name in log messages;

log

optimized "poe-out" logging topic logs;

lte

added "/interface lte apn" menu (Passthrough requires reconfiguration);

lte

added Passthrough support;

lte

added Yota non-configurable modem support;

lte

added support for ZTE ME3630 E1C with additional "/port" for GPS usage;

lte

automatically add "/ip dhcp-client" configuration on interface;

lte

changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";

lte

fixed Passthrough support;

lte

fixed authentication for non LTE modes;

lte

fixed error when trying to add APN profile without name;

lte

fixed rare crash when initializing LTE modem after reset;

lte

fixed user authentication for R11e-LTE when new firmware is used;

lte

integrated IP address acquisition without DHCP client for wAP LTE kit-US;

lte

limited minimal default route distance to 1;

lte

update info command with "location area code" and "physical cell id" values;

m11g

improved ethernet performance on high load;

mac-server

use "/interface list" instead of interface name under MAC server settings;

modem

added initial support for Alcatel IK40 and Olicard 500;

neighbor

show neighbors on actual bridge port instead of bridge itself

netinstall

fixed missing "/flash/etc" on first bootup;

netinstall

fixed missing default configuration prompt on first startup after reset/netinstall;

ospf

fixed OSPF v2 and v3 neighbor election;

ovpn-server

do not periodically change automatically generated server MAC address;

poe

added new "poe-out" status "controller-error";

poe

fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;

poe

log PoE status related messages under debug topic;

ppp

added initial support for PLE902;

ppp

added support for Sierra MC7750, Verizon USB730L;

ppp

do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;

ppp

fixed "change-mss" functionality when MSS option is missing on forwrded packets;

ppp

fixed L2TP and PPTP encryption negotiation process on configuration changes;

ppp

fixed situation when part of PPP configuration was reset to default values after reboot;

pppoe-client

properly re-establish MLPPP session when one of the lines stopped transmitting packets;

pppoe-server

fixed situation when PPPoE servers become invalid on reboot;

quickset

added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;

quickset

fixed LTE quickset mode APN field;

quickset

fixed situation when Quickset automatically changes mode to CPE;

quickset

renamed router IP static DNS name to "router.lan";

radius

limited RADIUS timeout maximum value to 3 seconds;

route

fixed potential route crash on routing table update;

scheduler

properly display long scheduler configuration;

sfp

fixed SFP interface power monitor when bad SFP DDMI information is received;

sftp

added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;

sms

fixed minor problem for SMS delivery;

sms

log decoded USSD responses;

snmp

fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;

snmp

fixed bridge host requests on devices with multiple bridge interfaces;

snmp

fixed bulk requests when non-repeaters are used;

snmp

fixed consecutive OID bulk get from the same table;

snmp

show only available OIDs under "/system health print oid";

ssh

do not use DH group1 with strong-crypto enabled;

ssh

enforced 2048bit DH group on tile and x86 architectures;

system

show USB topology for the device info;

tile

improved hardware encryption processes;

tr069-client

fixed "/interface lte apn" configuration parameters;

traceroute

improved "/tool traceroute" results processing;

upnp

add "src-address" parameter on NAT rule if it is specified on UPnP request;

upnp

deny UPnP request if port is already used by the router;

ups

fixed duplicate "failed" UPS logs;

userman

allow to generate more than 999 users;

w60g

added "put-stations-in-bridge" and "isolate-stations" options to manage connected clients;

w60g

connected stations are treated as separate interfaces;

webfig

added favicon file;

webfig

fixed router getting reset to default configuration;

webfig

fixed terminal graphic user interface under Safari browser;

winbox

added "W60G station" tab in Wireless menu;

winbox

added "notrack-chain" setting to IPSec peers;

winbox

added support for "_" symbol in terminal window;

winbox

added switch menu on RB1100AHx4;

winbox

do not show MetaROUTER stuff on RB1100AHx4;

winbox

do not show duplicate "Switch" menus for CRS326;

winbox

do not show duplicate "Template" parameters for filter in IPSec policy list;

winbox

do not show duplicate filter parameters "Published" in ARP list;

winbox

do not show unnecessary tabs from "Switch" menu;

winbox

fixed "/certificate sign" process;

winbox

fixed bridge port sorting order by interface name;

winbox

show warnings under "/system routerboard settings" menu;

wireless

added "allow-signal-out-off-range" option for Access List entries;

wireless

added "indonesia3" regulatory domain information;

wireless

added passive scan option for wireless scan mode;

wireless

added support for CHARGEABLE_USER_ID in EAP Accounting;

wireless

check APs against connect-list rules starting with strongest signal;

wireless

do not show background scan frequencies in the monitor command channel field;

wireless

improved reliability on "rx-rate" selection process;

wireless

increased the EAP message retransmit count;

wireless

log "signal-strength" when successfully connected to AP;

wireless

pass interface MAC address in Sniffer TZSP frames;

wireless

updated "UK 5.8 Fixed" and "Australia" country data;

wireless

updated "united kingdom" regulatory domain information;