Skip to content
Nov 9 / Greg

Mikrotik Changelog 6.33 … A Novel

What’s new in 6.33 (2015-Nov-06 12:49):

*) dns – initial fix for situation when dynamic dns servers could disappear;
*) winbox – dropped support for winbox v3.0beta and v3.0rc (use winbox v3.0);
*) dhcpv6 – various improvement and fixes for dhcp-pd client and ippool6;
*) defconf – fixed rare situation where configuration was only partially loaded;
*) net – fix possible never ending loop when bad CDP discovery packet is received; Snap…interesting DOS vector
*) log – make default disk file name to reside in flash dir if it exists;
*) romon – change port list to be not ordered in export;
*) capsman – limit number of simultaneous DTLS handshakes;
*) capsman – fixed memory leak on CAP joining CAPsMAN when ssld is used;
*) winbox – added allow-fast-path to eoip, gre & ipip;
*) winbox – do not show power-cycle properties on non poe ports;
*) l2tp: implemented PPPoE over L2TP in LNS mode, RFC3817;Just for Thrift hehe
*) webfig – some of the setting were shifted to the right;
*) packages – allow to reinstall from bundle to separate packages & vice versa;
*) packages – prefer out of bundle packages when both of them are installed;
*) packages – fix a problem of upgrading bundle package to non bundled ones;
*) ipsec – force flow cache validation once in 1h;
*) winbox – make sure that all setting names get shown in full;
*) winbox – added poe power-cycle-ping settings to ethernet interfaces;
*) ppp – handle properly case were ppp client is given same address for local & remote end;
*) winbox – added vlan-mode & vlan-id to virtual-ap interface;
*) winbox – added timeout column to ipv6 address lists;
*) winbox – show SFP Tx/Rx Power properly;niceeee
*) winbox – added min-links to bonding interface;
*) winbox – do not show health menu on RB951Ui-2HnD;
*) winbox – added support for Login-Timeout & MAC-Auth-Mode in hotspot;
*) cerm – added option to disable crl download in ‘/certificate settings’;
*) winbox – make user ssh key import work again;
*) webfig – make “Copy to Access List” work in CAPsMAN Registration Table;
*) userman – fix report generation problem which could result in some users being skipped from it;
*) winbox – fix to allow cpu-port as mirror-target
*) proxy – error.html parsing enhancement to improve performance
*) CCR1072 – improve ether1 performance under heavy loadHow odd…I wonder why ether1 alone was having issues. I thought the 1072 had individual pipes to the CPU for each port.
*) routerboard – indicate RouterBOOT type in /system routerboard print;
*) mpls – properly use mpls mtu for routes;
*) cerm – fix key description for signed certificates;
*) trafflow – report flow addresses in v1 and v5 without NAT awareness;
*) hotspot – add mac-auth-mode setting for mac-as-passwd option;
*) hotspot – add login-timeout setting to force login for unauth hosts;
*) auto-upgrade – fixed auto upgrade for smipsbe;
*) dns – do not create duplicate entries for same dynamic dns server addresses;
*) ipsec – fix set on multiple policies which could result in adding non existent dynamic policies to the list;
*) email – allow server to be specified as fqdn which is resolved on each send;Killer
*) fastpath – eoip,gre,ipip tunnels support fastpath (new per tunnel setting “allow-fast-path”);Sick…anyone test yet?
*) ppp, pptp, l2tp, pppoe – fix ppp compression related crashes;Nice…I use this in a few places
*) cerm – also accept downloaded CRLs in PEM format;
*) userman – added ‘history clear’ to allow flushing undo history, which may take up significant amount of memory for huge databases with hundreds of users;
*) health – fix voltage for CRS109, CRS112 and CRS210 if powered from external adapter;
*) userman – added phone number support to signup form;
*) ip pool6 – try to acquire the same prefix if info matches recently freed;
*) ipsec – fix transport mode ph2 ID ports when policy selects specific ip protocol on initiator;
*) ipsec – use local-address for phase 1 matching and initiation;
*) route – fixed crash on removing route that was aggregated;
*) ipsec – fix replay window, was accidentally disabled since version 6.30;
*) ssh – allow host key import/export;
*) ssh – use 2048bit RSA host key when strong-crypto enabled;
*) ssh – support RSA keys for user authentication;
*) wlan – improved WMM-PowerSave support in wireless-cm2 package;
*) pptp & l2tp – fixed problem where android client could not connect if both dns names were not provided (was broken since v6.30);
*) auto-upgrade – added ability to select which versions to select when upgrading;
*) quickset – fixed HomeAP mode;
*) lte – improved modem identification to better support multiple identical modems;
*) snmp – fix system scripts table;
*) tunnels – eoip,eoipv6,gre,gre6,ipip,ipipv6,6to4 tunnels now support dns name as remote address;I believe this is only on initial connection. I wonder if there is a way that if the connection drops it would attempt to DNS query again – if the remote address changed it would reconnect
*) fastpath – active mac-winbox or mac-telnet session no longer suspends fastpath;
*) fastpath – added per interface fastpath counters;
*) fastpath – added trafflow support in basic ipv4 and fasttrack ipv4 fastpath;
*) ppp – added on-up & on-down scripts to ppp profile;
*) winbox – allow to specify dns name in all the tunnels;
*) pppoe – added support for MTU > 1492 on PPPoE;
*) cerm – fix scep server certificate-reply degenerate PKCS#7 signed-data content;
*) ppp-client – added default channels for Alcatel OneTouch L100V;
*) defconf – fix for boards that had bridge with only wlan ports;
*) ovpn: support OpenWRT ovpn clients (or any other with enable-small option enabled);
*) cerm – use certificate file name for imported cert name;
*) fetch – fixed error message when error code 200 was received;
*) cerm – rebuild crl for local ca if crl file does not exist;
*) winbox – make directed broadcasts work for neighbor discovery;
*) upnp: automatically adjust mappings to new external ip change;
*) ppp – added ppp interface to upnp internals/externals if requested;
*) ppp – when adding ipv6 default route use user provided distance;
*) userman – allow to correctly enable CoA on router;
*) cerm – show crl nextupdate time;
*) ppp – added CoA support to PPPoE, PPTP & L2TP (Mikrotik-Recv-Limit, Mikrotik-Xmit-Limit, Mikrotik-Rate-Limit, Ascend-Data-Rate, Ascend-XMit-Rate, Session-Timeout);
*) ppp – added new option under “ppp aaa” – “use-circuit-id-in-nas-port-id”;
*) userman – refresh active sessions/users view dynamically;
*) package – added version tag and show everywhere alongside of version number;
*) wlan – improved 802.11 protocol single connection TCP performance for ac chipset with cm2 package.

So some of A Thrift’s changes were in there…anyone else see some action they like here?

Leave a Comment

*