Manual:RouterOS6 news: Difference between revisions

General

• Updated drivers and Kernel (to linux-3.3.5)
• Initial OpenFlow support
• Hotspot mac-cookie login method (mostly used for smartphones)
• Configurable Kernel options in /ip settings and /ipv6 settings menu (ip forward, rp filters etc)
• ARP timeout can be changed in /ip settings
• Neighbor discovery can be disabled by default on dynamic interfaces in /ip neighbor discovery settings menu
• Show last-logged-in in users list
• GRE supports all protocol encapsulation, not just ip and ipv6;
• Slave flag shows up for interfaces that are in bridge,bonding or switch group;
• SSH client has new property output-to-file, useful for scripting.
• Support for API over TLS (SSL)
• API is now enabled by default
• DNS retry queries with tcp if truncated results received
• DNS rotates servers only on failure
• DNS cache logs requests to topics "dns" and "packet";
• WebFig now supports RADIUS authentication (via MS-CHAPv2)
• New Web Proxy parameter max-cache-object-size
• Increased Max client/server connection count for Web Proxy

PPP

• SSTP can now force AES encryption instead of default RC4
• PPP profile now has bridge-path-cost amd bridge-port-priority parameters
• Secrets shows last-logged-out date and time
• Hotspot and PPP now support multiple address-lists
• Only 2 change mss mangle rules are created for all ppp interfaces;

Firewall

• New all-ether,all-wireless,all-vlan,all-ppp interface matchers
• Priority matcher
• New change-dscp options from-priority and from-priority-to-high-3-bits
• New Mangle Actions snif-tzsp,snif-pc

Wireless

• Wireless Channels options - creating custom channel lists

DHCP

• DHCP client now support custom options
• DHCP v4 client now have special-classless option for add-default-route parameter
• Possibility to add DHCP relay agent information option (Option 82)
• DHCPv6 DNS option support
• DHCPv6 Relay support
• DHCP server RADIUS framed route support

IpSec

Significantly improved Road Warrior setup usage with Mode Configuration support.

Detailed configuration example can be found in the manual.

Full list of new features:

• Mode Conf support (unity split include, address pools, DNS)
• Ipsec peer can be set as passive - will not start ISAKMP SA negotiation
• Xauth support ( xauth PSK and Hybrid RSA)
• Policy templates - allow to generate policy only if src/dst address, protocol and proposal matches the template
• Peer groups
• Multiple peers with the same IP can be used.
• For peers with full IP address specified system will auto-start ISAKMP SA negotiation.
• generate-policy now can have port-strict value which will use port from peer's proposal

Certificates

• CA keys are no more cached, every CA operations now requires a valid CA passphrase. Use set-ca-passphrase for scep server to cache CA key in encrypted form;
• For certificates marked as trusted=yes, CRL will be automatically updated once in an hour from http sources;
• Ipsec and SSTP respects CRLs
• SCEP server/client support

Routing

• New OSPF parameter use-dn. Forces to ignore DN bit in LSAs.
• Changed BGP MED propagation logic, now discarded when sending route with non-empty AS_PATH to an external peer
• Connected routes become inactive when Interface goes down. It also means that dynamic routing protocols will stop distributing connected routes without Active flag.

Queues

• improved overall router performance when simple queues are used
• improved queue management (/queue simple and /queue tree) - easily handles tens of thousands of queues;
• /queue tree entries with parent=global are performed separately from /queue simple and before /queue simple;
• new default queue types: pcq-download-default and pcq-upload-default;
• simple queues have separate priority setting for download/upload/total;
• global-in, global-out, global-total parent in /queue tree is replaced with global that is equivalent to global-total in v5;
• simple queues happen in different place - at the very end of postrouting and local-in chains;
• simple queues target-addresses and interface parameters are joined into one target parameter, now supports multiple interfaces match for one queue;
• simple queues dst-address parameter is changed to dst and now supports destination interface matching;

Compact configuration export

Now by default configuration is exported in compact mode.

To make full config export verbose parameter should be used:

/export verbose file=myConfig

Tools

• FastPath support
• Renamed e-mail parameter tls to start-tls and added it as a configurable parameter
• Fetch tool now has HTTPS support
• Added ipv6 header support for traffic generator
• Playback pcap files into network using new trafficgen inject-pcap command
• NAND Flash can be Partitioned on routerboards and separate RouterOS versions can be installed on each of the partitions

[ Top | Back to Content ]