Manual:RouterOS6 news

From MikroTik Wiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.


Icon-warn.png

Warning: This guidance is kept for archival purpose and information in it are not updated. Latest RouterOS v6 changes you can find here!


General

  • Updated drivers and Kernel (to linux-3.3.5)
  • Initial OpenFlow support
  • New LCD Touch screen features
  • Hotspot mac-cookie login method (mostly used for smartphones)
  • Configurable Kernel options in /ip settings and /ipv6 settings menu (ip forward, rp filters etc)
  • ARP timeout can be changed in /ip settings
  • Neighbor discovery can be disabled by default on dynamic interfaces in /ip neighbor discovery settings menu
  • To enable/disable discovery on interface you now must use command: "/ip neighbor discovery set (interface number/name) discover=yes/no".
  • Show last-logged-in in users list
  • GRE supports all protocol encapsulation, not just ip and ipv6;
  • Slave flag shows up for interfaces that are in bridge,bonding or switch group;
  • SSH client has new property output-to-file, useful for scripting.
  • Support for API over TLS (SSL)
  • API is now enabled by default
  • DNS retry queries with tcp if truncated results received
  • DNS rotates servers only on failure
  • DNS cache logs requests to topics "dns" and "packet";
  • WebFig now supports RADIUS authentication (via MS-CHAPv2)
  • New Web Proxy parameter max-cache-object-size
  • Increased Max client/server connection count for Web Proxy
  • If NTP client is enabled, logs show correct time and date when router was rebooted.
  • 802.1Q Trunking with Atheros switch chip

PPP

  • SSTP can now force AES encryption instead of default RC4
  • PPP profile now has bridge-path-cost amd bridge-port-priority parameters
  • Secrets shows last-logged-out date and time
  • Hotspot and PPP now support multiple address-lists
  • Only 2 change mss mangle rules are created for all ppp interfaces;

Firewall

  • New all-ether,all-wireless,all-vlan,all-ppp interface matchers
  • Priority matcher
  • New change-dscp options from-priority and from-priority-to-high-3-bits
  • New Mangle Actions snif-tzsp,snif-pc


Wireless

DHCP

  • DHCP client now support custom options
  • DHCP v4 client now have special-classless option for add-default-route parameter
  • Possibility to add DHCP relay agent information option (Option 82)
  • DHCPv6 DNS option support
  • DHCPv6 Relay support
  • DHCP server RADIUS framed route support
  • DHCP option configuration per lease

IpSec

Significantly improved Road Warrior setup usage with Mode Configuration support.

Detailed configuration example can be found in the manual.

Full list of new features:

  • Mode Conf support (unity split include, address pools, DNS)
  • Ipsec peer can be set as passive - will not start ISAKMP SA negotiation
  • Xauth support ( xauth PSK and Hybrid RSA)
  • Policy templates - allow to generate policy only if src/dst address, protocol and proposal matches the template
  • Peer groups
  • Multiple peers with the same IP can be used.
  • For peers with full IP address specified system will auto-start ISAKMP SA negotiation.
  • generate-policy now can have port-strict value which will use port from peer's proposal
  • Source address of phase1 is now configurable

Certificates

  • CA keys are no more cached, every CA operations now requires a valid CA passphrase. Use set-ca-passphrase for scep server to cache CA key in encrypted form;
  • For certificates marked as trusted=yes, CRL will be automatically updated once in an hour from http sources;
  • Ipsec and SSTP respects CRLs
  • SCEP server/client support
  • Certificate manager now can issue self signed certificates.

Routing

  • New OSPF parameter use-dn. Forces to ignore DN bit in LSAs.
  • Changed BGP MED propagation logic, now discarded when sending route with non-empty AS_PATH to an external peer
  • Connected routes become inactive when Interface goes down. It also means that dynamic routing protocols will stop distributing connected routes without Active flag.

Queues

  • improved overall router performance when simple queues are used
  • improved queue management (/queue simple and /queue tree) - easily handles tens of thousands of queues;
  • /queue tree entries with parent=global are performed separately from /queue simple and before /queue simple;
  • new default queue types: pcq-download-default and pcq-upload-default;
  • simple queues have separate priority setting for download/upload/total;
  • global-in, global-out, global-total parent in /queue tree is replaced with global that is equivalent to global-total in v5;
  • simple queues happen in different place - at the very end of postrouting and local-in chains;
  • simple queues target-addresses and interface parameters are joined into one target parameter, now supports multiple interfaces match for one queue;
  • simple queues dst-address parameter is changed to dst and now supports destination interface matching;

Compact configuration export

Now by default configuration is exported in compact mode.

To make full config export verbose parameter should be used:

/export verbose file=myConfig

Tools

  • FastPath support
  • Renamed e-mail tls to start-tls and added it as a configurable parameter
  • Fetch tool now has HTTPS support
  • Added ipv6 header support for traffic generator
  • Playback pcap files into network using new trafficgen inject-pcap command
  • NAND Flash can be Partitioned on routerboards and separate RouterOS versions can be installed on each of the partitions


[ Top | Back to Content ]