slideshow 1 slideshow 1 slideshow 2 slideshow 2

Kdy bude verze RouterOS v7 ?

Tato otázka snad zajímá každého. Především každé, který chce používat nějaký novější HW, který nemá podporu ve starém kernelu. Bohužel musím na základě korespondence s Mikrotik supportem sdělit, že dříve jak v druhé polovině roku 2016 nikoli.


Bylo naznačeno, že má v druhé polovině roku 2016 má vyjít nejprve testovací beta a ta určitě nějaký čas bude jen pro testování, tedy reálné nasazení v roce 2017? Možná protože se jedná o verzi 7 tak rok 2017.
Je třeba si uvědomit, že verze 7 je ve vývoji skoro již 3 roky a tak opravdu všechny předpovědi, je dobré brát s rezervou.
Nicméně nezoufejte. Mikrotik support doporučuje: „Pokud váš HW není podporován naistalujte si virtuální SW například Vmware a tam si naistalujte Router OS CHR tedy Cloud Hosted Router.“
Ano je to řešení, ale do jaké míry se přijde o výkon oproti klasické instalaci X86 je otázkou. Toto bych rád zkusil v blízké době zjistit a případně napsat krátký příspěvek.

Kategorie: 

Nové verzování Mikrotiku?

Nedávno byla zvěřejněna informace na stránkách Mikrotiku, že bude nejspíš nové verzování a to následovně. Pokud bude nějaká nová funkce, tak bude klasicky verze X.X a pokud bude nalezena v této verzi nějaká chyba tak potom bude verze X.X.X Příklad ve verzi 6.30 bude nějaká nová funkce fast tracku a bude nalezena nějaká chyba v této funkci tak potom bude další verze 6.30.1
Osobně si myslím, že to špatný nápad není, uvidíme jestli bude skutečně zavedeno.

Kategorie: 

Nové verze 6.25 a 6.26

Nějaký čas jsem již nepsal o nových verzích ROS, jelikož se neudály zas tak zásadní změny. Nicméně ale kdo ví třeba jsou tam změny skryté, což se již několikrát stalo 
Novinky 6.25

*) certificates - fix SCEP RA operation and SCEP client when operating with RA;
*) ppp - report authentication failure cause like in v6.6;
*) ovpn server - added support for address lists;
*) improved boot times;
*) api - fixed missing return values of some commands;
*) ntp - fixed vulnerabilities;
*) mpls/vpls have improved per core balancing on CCRs;
*) fixed queue tree no-mark matching (was broken since 6.24);
*) fixed nested simple queues (was broken since 6.24);
*) fixed occasional crash when ipv6 was used;
*) fixed route cache overflow (ipv4/ipv6 stops working) if ipsec is used;
*) fixed Omnitik upgrade from v5 where wireless config was not correctly saved
*) fixed Webfig Design Skin where some skin changes were not saved
*) WPS support added to CM2 wireless package


Verzi 6.25 raději přeskočte, jelikož se vyskytla u některých bezdrátových spojů chyba s prouštěním OSPF protokolu, prý bude opraveno ve verzi 6.26.


Novinky 6.26

*) ssh - fixed ssh related crashes;
*) ovpn - allow to add VLANs to ovpn server bindings;
*) sstp - added pfs option which enables DHE;
*) pppoe client - increased timeout when searching for servers;
*) sstp - fixed problem were Windows 8 clients couldn't connect;
*) console - fixed some missing export entries;
*) smb - improved stability, fixed some crashes and problems causing disconnects;
*) api - fixed /system check-installation;
*) cerm - fix scep client ca caps parsing;
*) RouterBOARD - included new RouterBOOT 3.22 to enable protected-routerboot setting (see wiki);
*) webfig - fixed various design skin issues;
*) NTP client - accepts ipv6 as a server address;
*) known issue - /system check-installation incorrectly reports error on PPC;

Kategorie: 

Verze 6.24

Mikrotik nám nadělil, nejspíše pod stromeček novou verzi 6.24, ale nepřináší nějaké převratené změny.
Zěmny:

*) ntp - fixed vulnerabilities;
*) web proxy - fix problem when dscp was not set when ipv6 was enabled;
*) fixed problem where some of ethernet cards do not work on x86;
*) improved CCR ethernet driver (less dropped packets);
*) improved queue tree parent=global performance (especially on SMP systems and CCRs);
*) eoip/eoipv6/gre/gre6/ipip/ipipv6/6to4 tunnels have improved per core balancing on CCRs;
*) fixed tx for 6to4 tunnels with unspecified dst address;
*) fixed vrrp - could sometimes not work properly because of advertising bad set of ip addresses;


Možná že tam je nějaký super vánoční vylepšovák ,který není v changelogu :)


Veselé Vánoce 2014!

Kategorie: 

Nová verze 6.23, že by povedená?

Mikrotik nedavno vydal další verzi Routeros 6.23.

Změny:

*) pptp - fixed problem where tunnel stopped transmitting packets under heavy load;
*) web proxy - caching in RAM for boards with 32MB or less RAM will not cache any content;
*) leds - removed 'led' command and added support for 'on', 'off' types under 'system leds';
*) files - allow to move files between different disks in winbox;
*) dhcpv4 server - fix adding address lists from radius;
*) dhcpv4 server - make radius classless static route tag as dhcp vendor specific;
*) smb - fixed HDD used/free space reporting
*) made powerpc metarouters work again (were broken in v6.22);
*) disks - fixed fat32 formatting where some bogus files with strange names were created
(to delete existing files reformatting is needed);
*) disks - fixed problem where some of USB disks were not recognized;
*) fetch - allow checking certificate trust without crl checking;
*) userman - fix more web session problems when user uses
customer and administrator interfaces at the same time;
*) snmp - fix external storage info reporting;
*) snmp - fix bulk walk problem introduced in v6.20;
*) fix tunnels - keep keepalive disabled for existing tunnels when upgrading;
*) fix tunnels - mtu for eoip tunnels was not allowed
to be set less than 1280 since 6.20;
*) using routing-marks could lead to tunnel loop detection to turn off tunnels;


Zatím dle ohlasů uživatelů jede až nezvykle dobře. Ťuk, ťuk.

Kategorie: 

Nová verze 6.22


*) ovpn - added support for null crypto;
*) files - allow to remove empty disk folders;
*) sntp - fix problems with dns name resolving failures that were triggering
system watchdog timeout;
*) eoip/eoipv6/gre/gre6/ipip/ipipv6/6to4 tunnels have new features:
tunnels go down when no route to destination;
tunnels go down for 1 minute when transmit loop detected, warning gets logged;
new keepalive-retries setting;
keepalives enabled by default for new tunnels (10sec interval, 10 retries);
*) improved connection-state matcher in firewall - can match multiple states in one rule, supports negation;
*) added connection-nat-state matcher - can match connections that are srcnatted,dstnatted or both;
*) 100% CPU load caused by DNS service fixed;
*) 100% CPU load caused by unclassified services fixed;
*) 6to4 tunnel fixed;
*) new RouterBOOT firmware for Metal 2SHPn to improve wireless stability;


Dle neoficiálních informací nefunguje dobře kontrola routy pomocí pingu vůči BGP.

Kategorie: 

Verze 6.21 a 6.21.1

Novinky:

*) userman - fix "Your session has been reset due to inactivity" error;
*) timezone - updated timezone information to 2014i release;
*) wireless - fixed scanning tool crash for 802.11ac interfaces
*) wireless - fixed Nv2 kernel panic on 802.11ac interfaces
*) quickset - added vpn configuration to Wifi AP %26 Ethernet modes as well;
*) lte - changed device identification for devices which regenerate MAC address,
most likely this will loose device's configuration;
*) sstp - fixed disconnects on high traffic load;
*) ovpn client - fixed problem where ip address was not added to bridge interface in ethernet mode;
*) webfig - show properly Switch Port configuration;
*) disks - fixed support for MMC/SD cards;
*) winbox - added filtering by dscp to torch;
*) certificate - fix CRL handling in trust chain;
*) fixed 6to4 tunnels having inactive routes;
*) ipsec - fix downgrade problem to v5;
*) ipsec - disallow template-policy-group=none in peer config and set it to 'default';
*) metarouter - some metaroutes didn't have their licenses;
*) torch - possibility to filter by dscp;
*) fixed - master port on AR8327 switches that is put into bridge could sometimes not work properly;
*) fixed queues - could have huge latencies and smaller throughput than specified;
*) interfaces report last link up/down time and link down count;


Verze 6.21 byla prakticky ihned stažena, protože vznikl problém pokud se upgradovalo ze starší verze 5.x
Z toho důvodu byla vydána brzy verze 6.21.1, která opravila již tuto chybu.

Kategorie: 

Verze 6.20

Novinky:

*) cert scep - use fingerprints for transaction ids;
*) ipsec - support fqdn as my id;
*) fetch - allow fetching files larger than 4G;
*) fetch - fixed problem where files fetched over https were trimmed in size;
*) fixed problem - it was not possible to see %26 uninstall dude package;
*) stores are replaced with folders and disks are now managed under /disk menu;
*) added support for SMSC750x USB Gigabit Ethernet on x86;
*) ups - support selftest for smart and hid UPS;
*) pppoe client - increase connection timeout to make connection establishment
possible on busy pppoe server;
*) dhcp server - change default lease time from 3 days to 10 minutes
to avoid running out of IPs;
*) ipsec - allow binding modeconf address to username;
*) eoip/eoipv6/gre/gre6/ipip/ipipv6/6to4 tunnels have new features:
auto mtu (enabled by default for new tunnels);
dscp (inherit/specific value, inherit by default for new tunnels);
clamp-tcp-mss (yes by default for new tunnels);
*) eoip/gre/ipip/6to4 tunnels have dont-fragment option (inherit/no, no by default for new tunnels);
*) bridge has auto mtu feature (enabled by default for new bridges);
*) pppoe-server has auto mtu feature (enabled by default for new pppoe servers);


Tato verze byla výjimečná, především tím, že byla dlouho otevřená jako RC a měla se připomínkovat.

Kategorie: 

Po výpadku proudu se vypne wireless interface

Již delší dobu řeším problém, že se mi po výpadku proudu v nějaké lokalitě u zákazníka sám od sebe vypne na routerboardu wireless interface. Dále se smaže nastavení country a SSID se změní na hodnotu v identity u routerboardu. Již několikrát, byl tento problém reportován přímo na podporu Mikrotiku, ale bohužel bez výsledku, dnes jsem jim reportoval znovu. Aktuálně se problém stal na verzi 6.19 s biosem 3.17.
Tento problém je značně nepříjemný, protože se nedá vyřešit vzdálenou opravou, ale jedině výjezdem, který stojí zbytečné peníze. Problém se vyskytuje naprosto náhodně a na náhodných routerboardech. Zatím se to stalo na RB SXT, RB411, RB711. Problém pozoruji již od verze 6.4.

Kategorie: 

Nová verze 6.19 - CCR upgare

V nové verzi 6.19 vyšla spousta oprav a hlavně zlepšení výkonu ve firewallu u CCR.


*) wireless - improvements for nv2 and 802.11ac
*) sstp - make sstp work on i386 as well;
*) ippool - improve performance when acquiring address without preference;
*) partitions - copying partitions did not work on some boards;
*) bridge - added "Auto Isolate" stp enhancement (802.1q-2011, 13.25.6)
*) ipsec - when peer config is changed kill only relevant SAs;
*) vpls - do not abort BGP connection when receiving invalid 12 byte
nexthop encoding;
*) dns-update - fix zone update;
*) dhcpv4 server - support multiple radius address lists;
*) console - added unary operator 'any' that evaluates to true if argument
is not null or nothing value;
*) CCR - improved performance;
*) firewall - packet defragmenting will only happen with connection tracking enabled;
*) firewall - optimized option matching order with-in a rule;
*) firewall - rules that require CONNTRACK to work will now have Invalid flag
when CONNTRACK is disabled;
*) firewall - rules that require use-ip-firewall to work will now have invalid flag
when use-ip-firewall is disabled;
*) firewall - rules that have interface with "Slave" flag specified as in-/out-interface
will now have Invalid flag;
*) firewall - rules that have interface without "Slave" flag specified as in-/out-bridge-port
will now have Invalid flag;
*) firewall - rules with Invalid flags will now be auto-commented to explain why;
*) l2tp - force l2tp to not use MPPE encryption if IPsec is used;
*) sstp - force sstp to not use MPPE encryption (it already has TLS one);
*) sstp - make it work for x86 systems
*) winbox - added dual PSU stats in health menu
*) ipv6 - Gre6 can now correctly fragment large packets
*) simple queue performance optimisation/improvement for multi-core RouterOS devices (especially CCR)


Verzi jsem zatím nezkoušel CCR nemám k dispozici.

Kategorie: 

Nová verze 6.18

Co je nového:


*) sstp - report TLS encryption as well;
*) safe mode - do not allow user with less permissions to disrupt active safe mode;
*) console - print command does not try to reuse item numbers assigned by previous invocations of 'print' when doing 'print where' or 'print follow', items are numbered consecutively starting from '0'.
*) console - fix compact export of some partially modified configuration values;
*) api - use the same syntax for property values as is used in 'print detail' output, with the exception of numbers, that are not shown with suffixes (K/M/G/T or bitrate) and are not contracted or separated into digit groups, and "yes"/"no" values that continue to be reported as "true"/"false".
*) console - show internal numbers in the form returned by 'find' (like *9A0F) instead of "(unknown)" when configuration refers to deleted items. This change also applies to API.
*) ipsec - fix addition of default policy template;
*) console - values of type 'nil' were returning 'nil' as result of most operations. Now it compares less than all values except 'nil' and 'nothing', and compares inequal to all values except 'nil'. This was changed to make 'print where' and 'find where' more useful. An example. Previously the following command /ip route print where routing-mark!=nosuch Would not print routes that had no value for 'routing-mark' set, because (nil != "nosuch") was equal to nil. Now it evaluates to 'true', and this command will also print all routes that have no 'routing-mark' value set.
*) l2tp - fixed problem on CCR where server responded with wrong source address;
*) console export - put qutes around item names that start with a digit;
*) sntp client - added support for dns lookup of ntp servers;
*) console - when exporting to file, use name ending in '.in_progress', and rename when export finishes;
*) bridge setups sometimes could crash on CCR devices;
*) fixed port flapping in 1G mode on sfp-sfpplus1 on CRS226;
*) fixed SXT ac model losing it's interface if changing regulatory settings in "routerboard" menu


Verzi jsem již testoval a moc ji zatím nedoporučuji. Některá zařízení vůbec nechtějí naskočit a u některých se vyskytují zajímavé hlášky u snmp: "timeout blacklisting program 24". Při testu na CRS vykazoval switch větší packet loss než normálně.

Kategorie: 

Nová verze ROS 6.16 a 6.17

Vyšla nová verze 6.16 a den po ní oprava fatální chyby ve verzi 6.17

*) 802.11ac support added in wireless-fp package;
*) winbox - fixed random disconnection over encrypted tunnels;
*) l2tp, pptp, pppoe - fixed possible packet corruption when encryption was enabled;
*) ovpn - fixed ethernet mode;
*) certificates - use SHA256 for fingerprinting;
*) ipsec - fix AH proposal and problem when sometimes policy was not generated;
*) snmp - support AES encryption (rfc3826);
*) l2tp server: added option to enable IPsec automatically;
*) poe-out: added power-cycle-ping and power-cycle-interval settings;
*) gps - increased retry duration to 30 seconds;
*) time - on routerboards, current time is saved in configuration on reboot
and on clock adjustment, and is used to set initial time after reboot;
*) sntp - disabling/enabling client was causing dynamic-servers to be ignored
(bug introduced in 6.14);
*) CCR - fixed rare file system corruption when none
of configuration could be changed or some of it disappeared;
*) ipsec - allow multiple encryption algorithms per peer;
*) email - support tls only connections;
*) smb - fixed usb share issues after reboot
*) snmp - fix v3 protocol time window checks;
*) updated timezone information;
*) quickset - added VPN settings for HomeAP mode;
*) latency improvements on CCR devices;


Verze 6.17

*) CCR1009 - fixed crash, only affects CCR1009;

Kategorie: 

Mikrotik přidal podporu 802.11ac

Standardu 802.11ac se dočkáme u Mikrotiku tento rok. Bude to díky velmi širokým kanálům zkáza outdoor WiFi sítí? Vše ukáže až čas :)
Mikrotik přidal do své další RC verze verze 6.16 experimentální podporu standardu 802.11ac. Podpora je pro čipy: QC9880/9882.

Kategorie: 

Rychlá nová verze ROS 6.15

Mikrotik vydal bleskem novo verzi 6.15 kde byla opravena podstatná chyba a to jest:


*) fixed upgrade from v5 - on first boot all the optional packages were disabled;

Další opravy:

*) fixed problem where sntp server could not be specified in winbox & webfig;
*) metarouter - make openwrt work on ppc metarouter again;

Kategorie: 

Nová verze ROS 6.14

Dnes ve velkým vedrech vyšla verze 6.14, novinky:


*) sntp - 'mode' now is a read-only property, it is set to broadcast if no
server ip address is specified;
*) smb - fixed some SMB1 errors;
*) wireless-fp package is now included in routeros one (disabled by default);
*) webfig - fixed quickset, it didn't work with disabled wireless pacakge;
*) sstp - fixed problem where session was closed every 2min;
*) pptp,l2tp,pppoe - fixed problem where some of the static bindings
become dynamic interfaces;
*) eoip - lowered default MTU to avoid IP packet fragmentation;
*) eoip - added clamp-tcp-mss setting with default=yes for new tunnels to avoid
IP packet fragmentation;
*) fixed - bridge could sometimes get added without ~running~ flag;
*) fixed - simple queues could sometimes crash router;
*) fixed - simple queue stats freeze (empty winbox queue window);
*) ssh server - allow none cipher;
*) proxy - added 'anonymous' option which will skip adding X-* and Via headers;
*) dhcp server - added option use-framed-as-classless and
added support for DHCP-Classless-Static-Route RADIUS attribute;
*) quickset - fixed problem where address mode selection did not work in
bridge mode;
*) ipv6 address - fixed problem where changing advertise lost ipv6 connected route;


Kategorie: 

Nová verze ROS 6.13

Novinky ve verzi:

*) console - comments are now accepted where new command can start, that is,
where '/' or ':' characters can be used to start new command, e.g.
/interface { # comment until the end of the line
print
}
*) backup - backups by default are encrypted now (with user password).
To use backup on older versions, you should disable encryption with dont-encrypt
flag when creating it;
*) files with '.sensitive.' in the filename require 'sensitive'
permission to manipulate;
*) lcd - reduce CPU usage when displaying static screens;
*) l2tp - fixed occasional server lockup;
*) pptp - fixed memory leak;
*) sstp - fixed crashes;


Tato verze nikterak nepřinášní zásadní změny. Jediné, co bych rád vyzkoušel je menší zátěž CPU u LCD display na RB.

Kategorie: 

Nová verze 6.12

Dnes vyšla nová verze RouterOS. Tato verze přinesla hlavně opravy pro CRS

What's new in 6.12 (2014-Apr-14 09:27):

*) l2tp - fixed "no buffer space available" problem;
*) ipsec - support IPv4 over IPv6 and vice versa;
*) pppoe - report correctly number of active links;
*) updated timezone information;
*) many fixes for CRS managed switch functionality -
particularly improved VLAN support, port isolation, defaults;
*) added trunk support for CRS switches;
*) added policing support for CRS switches;
*) www - added support for HTTP byte ranges;
*) lte - provide signal strength using snmp and make 'info once' work in console;

Kategorie: 

Nová verze SWOS 1.12


*) fixed problem - SFP port stops after ethernet port cfg change (RB260 only);
*) change default vlan mode on RB260 to 'optional';
*) fixed problem - SNMP worked even when disabled;
*) fixed problem - SFP autonegotiation setting was not saved (RB260 only);
*) fixed uptime to be correct;
*) fixed RB260GSP poe-out to work correctly after downgrade & upgrade back;


Verzi jsem nezkoušel a zatím nemám potřebu, jelikož pro starší switche RB250G (které mám) nepřináší prakticky žádné změny.

Kategorie: 

Nová verze 6.11 slíbená oprava IPsec

*) ipsec - fix aes-cbc hardware acceleration on CCR with key sizes 192 and 256;
*) wireless - add auto frequency feature;
*) ovpn - fixed TLS renegotiation;
*) ovpn - make bridge mode work with big packets (do not leave extraneous padding);
*) ovpn - fixed require-client-certifcate;
*) ppp - revert RADIUS NAS-Port behaviour, report tunnel interface id;
*) ppp - mppe encryption together with mrru locked the router;
*) dhcp - added support for DHCP option 138 - list of CAPWAP IPv4 servers;
*) quickset - added Guest Network setup to Home AP mode;
*) console - no longer required to supply value of '/routing bgp instance vrf'
property 'instance' for 'add' command;
*) ethernet - added option to enable rx/tx flow control
(will be disabled by default);
*) ethernet - added ability to specify advertised modes for copper ports;
*) fixed 100% cpu usage on CCRs;
*) ssl - not finding CRL in local store for any certificate in trust chain will cause connection to fail;
*) lte - support for Huawei ME609 and ME909u-521;


Verzi jsem zatím nezkoušel. Velmi zajímavé bude automatické lazení kanálů na rádiu a flow control

Kategorie: 

Verze 5.26 a IPsec - problém

Ve verzi 5.26 jsem narazil na problém, když jsem chtěl postavit l2tp tunel via IPsec. Verze byla na straně klienta tunelu a tunel se za žádnou cenu nechtěl spojit, pomohlo až když jsem verzi 5.26 odstranil a nahradil třeba 6.10 verzí. Na druhé straně jsem měl verzi 6.4 a ta zůstala i nadále. Zjistil, jsem, že ve verzi 5.26 i Mikrotik oficiálně přiznal problémy s IPsec.

Kategorie: 

Verze 6.10

Co je nového:


**KNOWN ISSUE: IPsec AES-CBC 256 Bit encryption algorithm doesn't work in some
cases. Use 128 bit AES, or hold on for v6.11**
*) fix autosupout.rif generation after kernel panic;
*) ovpn - make it work again;
*) ovpn client - remove cipher=any & auth=any options,
protocol does not support them;
*) pptp - fixed where Windows & MacOS clients were disconnecting all the time;
*) sstp - make it work with Windows client with AES encryption;
*) ipv6 pool - fix dynamic prefix disappearing which may influence large
VPNs with IPv6;
*) ssh client - fix key agreement when sometimes wrong DH algorithm was selected;
*) bgp - multipath eBGP now does not propagate BGP nexthop unless
forced in configuration;
*) removed 10/100 half duplex from autonegotiation advertisement on CCR;


Tuto verzi jsem zatím nezkoušel, nicméně problém s upgrade routerbootu snad byl
vyřešen.

Kategorie: 

Stránky

Vzhled Danetsoft and Danang Probo Sayekti inspired by Maksimer