Manual:RouterOS6 news: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
Line 11: Line 11:
* [[Manual:Tools/Fetch | Fetch tool]] now has HTTPS support
* [[Manual:Tools/Fetch | Fetch tool]] now has HTTPS support
* Added ipv6 header support for traffic generator
* Added ipv6 header support for traffic generator
* Flash can be partitioned on routerboards and separate versions can be installed on each of them
* Show <var>last-logged-in</var> in users list
* GRE supports all protocol encapsulation, not just ip and ipv6;
* DNS rotates servers only on failure
* Slave flag shows up for interfaces that are in bridge,bonding or switch group;
* DNS cache logs requests to topics "dns" and "packet";
== PPP ==
* SSTP can now force AES encryption instead of default RC4
* SSTP can now force AES encryption instead of default RC4
* added <var>bridge-path-cost</var> & <var>bridge-port-priority</var> to ppp profiles
* added <var>bridge-path-cost</var> & <var>bridge-port-priority</var> to ppp profiles
Line 16: Line 26:
* hotspot, ppp - support multiple address-lists
* hotspot, ppp - support multiple address-lists
* Only 2 change mss mangle rules are created for all ppp interfaces;
* Only 2 change mss mangle rules are created for all ppp interfaces;
* ip/ipv6 firewall has all-ether,all-wireless,all-vlan,all-ppp interface matchers
* Flash can be partitioned on routerboards and separate versions can be installed on each of them
* Show <var>last-logged-in</var> in users list
* gre - support all protocol encapsulation, not just ip and ipv6;
* DNS rotates servers only on failure
* added priority matcher to firewall
* added <var>change-dscp</var> from-priority and from-priority-to-high-3-bits option
* add snif-tzsp,snif-pc actions to ip/ipv6 firewall mangle;
* slave flag shows up for interfaces that are in bridge,bonding or switch group;
* dns cache logs requests to topics "dns" and "packet";


== Firewall ==
* New all-ether,all-wireless,all-vlan,all-ppp interface matchers
* Priority matcher
* New <var>change-dscp</var> options '''from-priority''' and '''from-priority-to-high-3-bits'''
* New Mangle Actions '''snif-tzsp,snif-pc'''


==DHCP==
==DHCP==

Revision as of 14:55, 22 May 2013

General

  • Updated drivers and kernel (to linux-3.3.5);
  • Configurable kernel options in /ip settings and /ipv6 settings menu (ip forward, rp filters etc)
  • Arp timeout can be changed in /ip settings
  • FastPath support
  • Neighbor discovery can be disabled by default on dynamic interfaces in /ip neighbor discovery settings menu
  • Renamed e-mail parameter tls to start-tls
  • Fetch tool now has HTTPS support
  • Added ipv6 header support for traffic generator
  • Flash can be partitioned on routerboards and separate versions can be installed on each of them
  • Show last-logged-in in users list
  • GRE supports all protocol encapsulation, not just ip and ipv6;
  • DNS rotates servers only on failure
  • Slave flag shows up for interfaces that are in bridge,bonding or switch group;
  • DNS cache logs requests to topics "dns" and "packet";


PPP

  • SSTP can now force AES encryption instead of default RC4
  • added bridge-path-cost & bridge-port-priority to ppp profiles
  • added last-logged-out to ppp secrets
  • hotspot, ppp - support multiple address-lists
  • Only 2 change mss mangle rules are created for all ppp interfaces;


Firewall

  • New all-ether,all-wireless,all-vlan,all-ppp interface matchers
  • Priority matcher
  • New change-dscp options from-priority and from-priority-to-high-3-bits
  • New Mangle Actions snif-tzsp,snif-pc

DHCP

  • DHCP client now support custom options
  • DHCP v4 client now have special-classless option for add-default-route parameter
  • Possibility to add DHCP relay agent information option
  • DHCPv6 DNS option support

IpSec

Significantly improved Road Warrior setup usage with Mode Configuration support.

Detailed configuration example can be found in the manual.

Full list of new features:

  • Mode Conf support (unity split include, address pools, DNS)
  • Ipsec peer can be set as passive - will not start ISAKMP SA negotiation
  • Xauth support ( xauth PSK and Hybrid RSA)
  • Policy templates - allow to generate policy only if src/dst address, protocol and proposal matches the template
  • Peer groups
  • Multiple peers with the same IP can be used.
  • For peers with full IP address specified system will auto-start ISAKMP SA negotiation.
  • generate-policy now can have port-strict value which will use port from peer's proposal

Certificates

  • CA keys are no more cached, every CA operations now requires a valid CA passphrase. Use set-ca-passphrase for scep server to cache CA key in encrypted form;
  • for certificates marked as trusted=yes, CRL will be automaticly updated once in hour from http sources;
  • Ipsec and SSTP respects CRLs
  • SCEP server/client support

Routing

  • added OSPF use-dn parameter
  • Changed BGP MED propagation logic, now discarded when sending route with non-empty AS_PATH to an external peer
  • Connected routes become inactive when Interface goes down. It also means that dynamic routing protocols will stop distributing connected routes without Active flag.

Queues

  • improved overall router performance when simple queues are used
  • improved queue management (/queue simple and /queue tree) - easily handles tens of thousands of queues;
  • /queue tree entries with parent=global are performed separately from /queue simple and before /queue simple;
  • new default queue types: pcq-download-default and pcq-upload-default;
  • simple queues have separate priority setting for download/upload/total;
  • global-in, global-out, global-total parent in /queue tree is replaced with global that is equivalent to global-total in v5;
  • simple queues happen in different place - at the very end of postrouting and local-in chains;
  • simple queues target-addresses and interface parameters are joined into one target parameter, now supports multiple interfaces match for one queue;
  • simple queues dst-address parameter is changed to dst and now supports destination interface matching;


Compact configuration export

Now by default configuration is exported in compact mode.

To make full config export verbose parameter should be used:

/export verbose file=myConfig