Manual:RouterOS6 news: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
No edit summary
 
(56 intermediate revisions by 4 users not shown)
Line 1: Line 1:
__TOC__
__TOC__
{{ Warning | This guidance is kept for archival purpose and information in it are not updated. Latest RouterOS v6 changes you can find [https://mikrotik.com/download/changelogs here]!  }}


==General==
==General==


*updated drivers and kernel (to linux-3.3.5);
* Updated drivers and Kernel (to linux-3.3.5)
* Connected routes become inactive when Interface goes down. It also means that dynamic routing protocols will stop distributing connected routes without Active flag.
* Initial [[Manual:OpenFlow | OpenFlow]] support
* Configurable kernel options in "/ip settings" menu (ip forward, rp filters etc)
* New [[Manual:LCD_TouchScreen | LCD Touch screen]] features
* Arp timeout can be changed in /ip settings
* Hotspot [[Manual:Hotspot_Introduction#MAC_Cookie|mac-cookie login method]] (mostly used for smartphones)
* FastPath support
* Configurable Kernel options in '''/ip settings''' and '''/ipv6 settings''' menu (ip forward, rp filters etc)
* Neighbor discovery can be disabled by default on dynamic interfaces in "/ip neighbor discovery settings" menu
* ARP timeout can be changed in '''/ip settings'''
* Renamed e-mail parameter <var>tls</var> to <var>start-tls</var>
* Neighbor discovery can be disabled by default on dynamic interfaces in '''/ip neighbor discovery settings''' menu
* DHCP v4 client now have special-classless option for <var>add-default-route</var> parameter
* To enable/disable discovery on interface you now must use command: "'''/ip neighbor discovery set (interface number/name) discover=yes/no'''".
* Fetch tool now has HTTPS support
* Show <var>last-logged-in</var> in users list
* Added ipv6 header support for traffic generator
* GRE supports all protocol encapsulation, not just ip and ipv6;
* Slave flag shows up for interfaces that are in bridge,bonding or switch group;
* SSH client has new property <var>output-to-file</var>, useful for scripting.
* Support for [[M:API | API]] over TLS (SSL)
* [[M:API | API]] is now enabled by default
* DNS retry queries with tcp if truncated results received
* DNS rotates servers only on failure
* DNS cache logs requests to topics "dns" and "packet";
* [[M:Webfig | WebFig]] now supports RADIUS authentication (via MS-CHAPv2)
* New Web Proxy parameter <var>max-cache-object-size</var>
* Increased Max client/server connection count for Web Proxy
* If NTP client is enabled, logs show correct time and date when router was rebooted.
* [[Manual:Switch_Chip_Features#Example_-_802.1Q_Trunking_with_Atheros_switch_chip_in_RouterOS_v6 | 802.1Q Trunking]] with Atheros switch chip
== PPP ==
 
* SSTP can now force AES encryption instead of default RC4
* SSTP can now force AES encryption instead of default RC4
* added bridge-path-cost & bridge-port-priority to ppp profiles
* PPP profile now has <var>bridge-path-cost</var> amd <var>bridge-port-priority</var> parameters
* added last-logged-out to ppp secrets
* Secrets shows  <var>last-logged-out</var> date and time
* hotspot, ppp - support multiple address-lists
* Hotspot and PPP now support multiple address-lists
* Only 2 change mss mangle rules are created for all ppp interfaces;
* Only 2 change mss mangle rules are created for all ppp interfaces;
* ip/ipv6 firewall has all-ether,all-wireless,all-vlan,all-ppp interface matchers
 
* dhcp relay - possibility to add relay agent information option;
== Firewall ==
* flash can be partitioned on routerboards and separate versions can be installed on each of them
 
* show last-logged-in in users list
* New all-ether,all-wireless,all-vlan,all-ppp interface matchers
* dhcp ipv6 - added dns option support
* Priority matcher
* gre - support all protocol encapsulation, not just ip and ipv6;
* New <var>change-dscp</var> options '''from-priority''' and '''from-priority-to-high-3-bits'''
* dhcp client - custom options;
* New Mangle Actions '''snif-tzsp,snif-pc'''
* dns - rotate servers only on failure
 
* added priority matcher to firewall;
 
* added change-dscp from-priority and from-priority-to-high-3-bits option
== Wireless ==
* add snif-tzsp,snif-pc actions to ip/ipv6 firewall mangle;
 
* slave flag shows up for interfaces that are in bridge,bonding or switch group;
* Wireless [[Manual:Wireless Advanced Channels|Channels options]] - creating custom channel lists
* dns cache logs requests to topics "dns" and "packet";
 
==DHCP==
 
* DHCP client now support custom options
* DHCP v4 client now have '''special-classless''' option for <var>add-default-route</var> parameter
* Possibility to add [[Manual:IP/DHCP_Relay | DHCP]] relay agent information option (Option 82)
* DHCPv6 DNS option support
* DHCPv6 Relay support
* DHCP server RADIUS framed route support
* DHCP option configuration per lease


==IpSec==
==IpSec==


Significantly improved Road Warrior setup usage with Mode Configuration support.
Significantly improved Road Warrior setup usage with Mode Configuration support.
Detailed configuration example can be found in the [[Manual:IP/IPsec#Road_Warrior_setup_with_Mode_Conf | manual]].
Detailed configuration example can be found in the [[Manual:IP/IPsec#Road_Warrior_setup_with_Mode_Conf | manual]].


Full list of new features:
Full list of new features:
* Mode Conf support (unity split include, address pools, DNS)
* Mode Conf support (unity split include, address pools, DNS)
* Passive IpSec peer
* Ipsec peer can be set as passive - will not start ISAKMP SA negotiation
* Xauth support ( xauth PSK and Hybrid RSA)
* Xauth support ( xauth PSK and Hybrid RSA)
* Policy templates
* Policy templates - allow to generate policy only if src/dst address, protocol and proposal matches the template
* Peer groups
* Peer groups
* Multiple peers with the same IP can be used.
* For peers with full IP address specified system will auto-start ISAKMP SA negotiation.
* For peers with full IP address specified system will auto-start ISAKMP SA negotiation.
* generate-policy now can have <var>port-strict</var> value which will use port from peer's proposal
* generate-policy now can have <var>port-strict</var> value which will use port from peer's proposal
* Source address of phase1 is now configurable


==Certificates==
==Certificates==


* CA keys are no more cached, every CA operations now requires a valid CA passphrase. Use set-ca-passphrase for scep server to cache CA key in encrypted form;
* CA keys are no more cached, every CA operations now requires a valid CA passphrase. Use <var>set-ca-passphrase</var> for scep server to cache CA key in encrypted form;
* for certificates marked as trusted=yes, CRL will be automaticly updated once in hour from http sources;
* For certificates marked as trusted=yes, CRL will be automatically updated once in an hour from http sources;
* Ipsec and SSTP respects CRLs
* Ipsec and SSTP respects CRLs
* SCEP server/client support
* SCEP server/client support
* Certificate manager now can issue self signed certificates.


== Routing ==
== Routing ==


* added OSPF <var>use-dn</var> option
* New OSPF parameter <var>use-dn</var>. Forces to ignore DN bit in LSAs.
* Changed BGP MED propagation logic, now discarded when sending route with non-empty AS_PATH to an external peer
* Changed BGP MED propagation logic, now discarded when sending route with non-empty AS_PATH to an external peer
*  
* Connected routes become inactive when Interface goes down. It also means that dynamic routing protocols will stop distributing connected routes without Active flag.


==Queues==
==Queues==
Line 64: Line 95:
* improved queue management (/queue simple and /queue tree) - easily handles tens of thousands of queues;
* improved queue management (/queue simple and /queue tree) - easily handles tens of thousands of queues;
* /queue tree entries with parent=global are performed separately from /queue simple and before /queue simple;
* /queue tree entries with parent=global are performed separately from /queue simple and before /queue simple;
* new default queue types: pcq-download-default and pcq-upload-default;
* new default queue types: <var>pcq-download-default</var> and <var>pcq-upload-default</var>;
* simple queues have separate priority setting for download/upload/total;
* simple queues have separate priority setting for download/upload/total;
* global-in, global-out, global-total parent in /queue tree is replaced with global that is equivalent to global-total in v5;
* <var>global-in</var>, <var>global-out</var>, <var>global-total</var> parent in /queue tree is replaced with <var>global</var> that is equivalent to global-total in v5;
* simple queues happen in different place - at the very end of postrouting and local-in chains;
* simple queues happen in different place - at the very end of postrouting and local-in chains;
* simple queues target-addresses and interface parameters are joined into one target parameter, now supports multiple interfaces match for one queue;
* simple queues <var>target-addresses</var> and interface parameters are joined into one target parameter, now supports multiple interfaces match for one queue;
* simple queues dst-address parameter is changed to dst and now supports destination interface matching;
* simple queues <var>dst-address</var> parameter is changed to dst and now supports destination interface matching;
 


== Compact configuration export ==
== Compact configuration export ==
Line 80: Line 110:
/export verbose file=myConfig
/export verbose file=myConfig
</pre>
</pre>
==Tools==
* [[Manual:Fast_Path | FastPath]] support
* Renamed e-mail <var>tls</var> to <var>start-tls</var> and added it as a configurable parameter
* [[Manual:Tools/Fetch | Fetch tool]] now has HTTPS support
* Added ipv6 header support for traffic generator
* Playback pcap files into network using new trafficgen <var>inject-pcap</var> command
* NAND Flash can be [[Manual:Partitions|Partitioned]] on routerboards and separate RouterOS versions can be installed on each of the partitions
{{cont}}
[[Category:Manual| ]]

Latest revision as of 08:49, 11 April 2019


Warning: This guidance is kept for archival purpose and information in it are not updated. Latest RouterOS v6 changes you can find here!


General

  • Updated drivers and Kernel (to linux-3.3.5)
  • Initial OpenFlow support
  • New LCD Touch screen features
  • Hotspot mac-cookie login method (mostly used for smartphones)
  • Configurable Kernel options in /ip settings and /ipv6 settings menu (ip forward, rp filters etc)
  • ARP timeout can be changed in /ip settings
  • Neighbor discovery can be disabled by default on dynamic interfaces in /ip neighbor discovery settings menu
  • To enable/disable discovery on interface you now must use command: "/ip neighbor discovery set (interface number/name) discover=yes/no".
  • Show last-logged-in in users list
  • GRE supports all protocol encapsulation, not just ip and ipv6;
  • Slave flag shows up for interfaces that are in bridge,bonding or switch group;
  • SSH client has new property output-to-file, useful for scripting.
  • Support for API over TLS (SSL)
  • API is now enabled by default
  • DNS retry queries with tcp if truncated results received
  • DNS rotates servers only on failure
  • DNS cache logs requests to topics "dns" and "packet";
  • WebFig now supports RADIUS authentication (via MS-CHAPv2)
  • New Web Proxy parameter max-cache-object-size
  • Increased Max client/server connection count for Web Proxy
  • If NTP client is enabled, logs show correct time and date when router was rebooted.
  • 802.1Q Trunking with Atheros switch chip

PPP

  • SSTP can now force AES encryption instead of default RC4
  • PPP profile now has bridge-path-cost amd bridge-port-priority parameters
  • Secrets shows last-logged-out date and time
  • Hotspot and PPP now support multiple address-lists
  • Only 2 change mss mangle rules are created for all ppp interfaces;

Firewall

  • New all-ether,all-wireless,all-vlan,all-ppp interface matchers
  • Priority matcher
  • New change-dscp options from-priority and from-priority-to-high-3-bits
  • New Mangle Actions snif-tzsp,snif-pc


Wireless

DHCP

  • DHCP client now support custom options
  • DHCP v4 client now have special-classless option for add-default-route parameter
  • Possibility to add DHCP relay agent information option (Option 82)
  • DHCPv6 DNS option support
  • DHCPv6 Relay support
  • DHCP server RADIUS framed route support
  • DHCP option configuration per lease

IpSec

Significantly improved Road Warrior setup usage with Mode Configuration support.

Detailed configuration example can be found in the manual.

Full list of new features:

  • Mode Conf support (unity split include, address pools, DNS)
  • Ipsec peer can be set as passive - will not start ISAKMP SA negotiation
  • Xauth support ( xauth PSK and Hybrid RSA)
  • Policy templates - allow to generate policy only if src/dst address, protocol and proposal matches the template
  • Peer groups
  • Multiple peers with the same IP can be used.
  • For peers with full IP address specified system will auto-start ISAKMP SA negotiation.
  • generate-policy now can have port-strict value which will use port from peer's proposal
  • Source address of phase1 is now configurable

Certificates

  • CA keys are no more cached, every CA operations now requires a valid CA passphrase. Use set-ca-passphrase for scep server to cache CA key in encrypted form;
  • For certificates marked as trusted=yes, CRL will be automatically updated once in an hour from http sources;
  • Ipsec and SSTP respects CRLs
  • SCEP server/client support
  • Certificate manager now can issue self signed certificates.

Routing

  • New OSPF parameter use-dn. Forces to ignore DN bit in LSAs.
  • Changed BGP MED propagation logic, now discarded when sending route with non-empty AS_PATH to an external peer
  • Connected routes become inactive when Interface goes down. It also means that dynamic routing protocols will stop distributing connected routes without Active flag.

Queues

  • improved overall router performance when simple queues are used
  • improved queue management (/queue simple and /queue tree) - easily handles tens of thousands of queues;
  • /queue tree entries with parent=global are performed separately from /queue simple and before /queue simple;
  • new default queue types: pcq-download-default and pcq-upload-default;
  • simple queues have separate priority setting for download/upload/total;
  • global-in, global-out, global-total parent in /queue tree is replaced with global that is equivalent to global-total in v5;
  • simple queues happen in different place - at the very end of postrouting and local-in chains;
  • simple queues target-addresses and interface parameters are joined into one target parameter, now supports multiple interfaces match for one queue;
  • simple queues dst-address parameter is changed to dst and now supports destination interface matching;

Compact configuration export

Now by default configuration is exported in compact mode.

To make full config export verbose parameter should be used:

/export verbose file=myConfig

Tools

  • FastPath support
  • Renamed e-mail tls to start-tls and added it as a configurable parameter
  • Fetch tool now has HTTPS support
  • Added ipv6 header support for traffic generator
  • Playback pcap files into network using new trafficgen inject-pcap command
  • NAND Flash can be Partitioned on routerboards and separate RouterOS versions can be installed on each of the partitions


[ Top | Back to Content ]