MikroTik RouterOS MIPS-BE Firmware 6.39 RC 76

  n/a
Manufacturer:

Description

DOWNLOAD NOW

What's new in 6.39rc76:

- capsman - added EAP identity to registration table;
- capsman - added support for "background-scan" and channel "reselect-interval";
- ike2 - fixed RSA authentication without EAP;
- ike2 - fixed policy release during SA negotion;
- l2tp - fixed hidden attribute decryption in forwarded CHAP responses for LNS;
- ppp - include rates, limits and address-lists parameters in RADIUS accounting requests;
- pppoe - added warning on PPPoE client/server, if it is configured on slave interface;
- tile - fixed IPSec crash (introduced in 6.39rc64);
- webfig - allow to change global variable contents;
- webfig - allow to enter frequency ranges in wireless scan list;
- webfig - do not allow to reorder items if table is sorted by some column;
- webfig - fixed bridge property display;
- webfig - show proper error messages for optional erroneous text fields;
- winbox - added "k" and "M" unit support to PPP secret limit-bytes parameters;
- winbox - added "Flush" button under unicast-fdb menu;
- winbox - added "memory-scroll", "filter-cpu", "filter-ipv6-address", "filter-operation-between-entries" parameters;
- winbox - added protected routerboard parameters under routerboard settings menu;
- winbox - hide "wps-mode" & "security-profile" in wireless nv2 mode;
- winbox - properly show wireless registration table stat counters;
- wireless - fixed dynamic wireless interface removal from bridge ports when changing wireless mode;

Other changes since 6.38.5:

- bridge - added "fast-forward" setting and counters (enabled by default only for new bridges) (CLI only);
- bridge - added support for special and faster case of fastpath called "fast-forward" (available only on bridges with 2 interfaces);
- bridge - fixed BPDU rx/tx when protocol-mode=none;
- filesystem - fixed rare situation when filesystem failed to read all configuration on startup;
- filesystem - fixed rare situation when filesystem went into read-only mode (some configuration might have gotten lost on reboot);
- firewall - discontinued support for p2p matcher (old rules will become invalid);
- l2tp - added fastpath support when MRRU is enabled;
- ppp - completely rewritten internal fragmentation algorithm (when MRRU is used), optimized for multicore;
- ppp - implemented internal algorithm for "change-mss", no mangle rules necessary;
- pppoe - added fastpath support when MRRU and MLPPP are enabled;
- quickset - configuration changes are now applied only on "OK" and "Apply" (not on mode change);
- tile - fixed IPSec hardware acceleration out-of-order packet problem, significantly improved performance;
- winbox - minimal required version is v3.11;
- address - fixed crash when address is assigned to another bridge port;
- api - fixed double dynamic flags for "/ip firewall address-list print";
- capsman - added "extension-channel" XX and XXXX auto matching modes;
- capsman - added "keepalive-frames" setting;
- capsman - added "skip-dfs-channels" setting;
- capsman - added CAP discovery interface list support;
- capsman - added DFS support;
- capsman - added ability to specify multiple channels in frequency field;
- capsman - added save-channel option to speed up frequency selection on CAPsMAN restart;
- capsman - added support for "background-scan" (CLI only) and channel "reselect-interval";
- capsman - added support for static virtual interfaces on CAP;
- capsman - changed channel "width" name to "control-channel-width" and changed default values;
- capsman - improved CAP status querying;
- capsman - improved support for communicating frame priority between CAP and CAPsMAN;
- certificate - SCEP client now supports FQDN URL and port;
- certificate - allow CRL address to be specified as DNS name;
- console - fixed "/ip neighbor discovery" export;
- console - fixed DHCP/PPP add-default-route distance minimal value to 1;
- console - fixed crash;
- console - fixed incorrect ":put [/lcd get enabled]" value;
- ddns - improved "dns-update" authentication validation;
- defconf - fixed Groove 52 ac band settings;
- defconf - fixed default configuration generation when wireless package is disabled;
- dhcp-client - added "script" option which executes script on state changes;
- dhcpv4 - fixed string option parser;
- dhcpv4-server - added "lease-hostname" script parameter;
- dhcpv4-server - by default make server “authoritative”;
- dhcpv4-server - do some lease checks only on enabled object;
- discovery - fixed LLDP discovery, IPv6 address was not parsed correctly;
- email - check for errors during SMTP exchange process;
- ethernet - added "voltage-too-low" status for single port power injector devices;
- ethernet - fixed "loop-protect" on "master-port";
- ethernet - fixed rare switch chip hang (could cause port flapping);
- ethernet - fixed unnecessary power cycle of powered device when changing any poe-out related setting on single port power injector devices;
- ethernet - renamed "rx-lose" to "rx-loss" in ethernet statistics;
- ethernet - reversed poe-priority on hEX PoE and OmniTIK 5 PoE to make "poe-priority" consistent to all other RouterOS priorities;
- fastpath - fixed rare crash on devices with dynamic interfaces;
- fetch - added "http-data" and "http-method" parameters to allow delete, get, post, put methods (content-type=application/x-www-form-urlencoded by default);
- gps - added "fix-quality" and "horizontal-dilution" parameters;
- graphing - fixed graph disappearance after power outage;
- hotspot - added access to HTTP headers using $(http-header-name);
- ike1 - fixed ph2 ID logging;
- ike2 - allow multiple child SA traffic selectors on re-key;
- ike2 - always replace empty TSi with configured address if it is available;
- ike2 - check child state before allowing rekey;
- ike2 - default to /32 peer address mask;
- ike2 - fixed CTR mode;
- ike2 - fixed EAP message length;
- ike2 - fixed ISA handler object removal on SA delete;
- ike2 - fixed ctr mode;
- ike2 - fixed disabled DPD;
- ike2 - fixed last EAP auth payload type;
- ike2 - fixed ph2 state when sending notify;
- ike2 - fixed state when sending delete packet;
- ike2 - improved logging;
- ike2 - kill only child SAs which are not re-keyed by remote peer;
- ike2 - log RADIUS timeout message under error topic;
- ike2 - remove old SA after rekey;
- ike2 - send EAP identity as user-name RADIUS attribute;
- ike2 - update "calling_station_id" RADIUS attribute;
- ike2 - update peer identity after successful EAP authentication;
- ippool - return proper error message when trying to create duplicate name;
- ipsec - added "last-seen" parameter to active connection list;
- ipsec - allow mixing aead algorithms in proposal;
- ipsec - better responder flag calculator for console;
- ipsec - disallow AH+ESP combined policies ;
- ipsec - do not loose "use-ipsec=yes" parameter after downgrade;
- ipsec - enable aes-ni on i386 and x64 for cbc, ctr and gcm modes;
- ipsec - fixed "/ip ipsec policy group export verbose";
- ipsec - fixed "mode-cfg" verbose export;
- ipsec - fixed SA authentication flag;
- ipsec - renamed "hw-authenc" flag to "hw-aead";
- ipsec - show hardware accelerated authenticated SAs;
- ipsec - updated tilera classifier for UDP encapsulated ESP;
- l2tp - added support for multiple L2TP tunnels (not to be confused with sessions) between same endpoints (required in some LNS configurations);
- l2tp-server - added "caller-id-type" to forward calling station number to RADIUS on authentication;
- l2tp-server - added "use-ipsec=required" option;
- l2tp-server - fixed upgrade to keep "use-ipsec=yes" in L2TP server;
- leds - added LTE modem access technology trigger;
- leds - changed error message on unsupported board;
- leds - do not update single LED state when it is not changed;
- leds - show warning on print when "modem-signal-threshold" is not available;
- log - added "gps" topic;
- log - added "tr069" topic;
- log - added missing "license limit exceeded" log entry;
- log - added warning when Winbox/Dude sessions were denied;
- log - do not show changes in packet if NAT has not been used;
- log - make SNMP logs more compact;
- lte - added "session-uptime" in info command;
- lte - added LTE signal level reading for Cinterion modems;
- lte - added error handling for remote AT execute;
- lte - added initial support for Quectel ec25;
- lte - added initialization for Cinterion;
- lte - added log entry for SMS delivery report;
- lte - added support for Vodafone R216 (Huawei);
- lte - buffer AT events while info command is active;
- lte - fixed "/interface lte info X once";
- lte - fixed IPv6 address prefix on interface
- lte - fixed network mode selection for me909u, mu609;
- lte - fixed older standard CEREG parsing;
- lte - fixed support for Huawai R216;
- lte - fixed user-command;
- lte - reset interface stats on "link-down";
- netinstall - fixed typos;
- ntp - restart NTP client when it is stuck in error state;
- ppp - added "bridge-horizon" option under PPP/Profile;
- ppp - added option to specify "interface-list" in PPP/Profile;
- ppp - fixed rare kernel failure on PPP client connection;
- ppp - fixed rare kernel failure when receiving IPv6 address on PPP interface;
- ppp-client - added support for Datacard 750UL, DWR-730 and K4607-Zr;
- pppoe - added warning on PPPoE client/server, if it is configured on slave interface;
- pppoe - set default keepalive 10s for newly created PPPoE clients;
- rb1100ahx2 - fixed random counter resets for ether12,13;
- rb3011 - added partitioning support;
- smb - fixed different memory leaks and crashes;
- smb - fixed share path on devices with "/flash" directory;
- smips - reduced RouterOS main package size;
- snmp - "No Such Instance" error message is replaced with "No Such Object";
- snmp - added fan-speed OIDs in "/system health print oid";
- snmp - added optical table;
- snmp - fixed rare crash;
- snmp - improved getall filter;
- snmp - improved response speed when multiple requests are received within short period of time;
- snmp - increase “engineBoots” value on reboot;
- snmp - optimized bridge table processing;
- tile - added initial support for NVMe SSD disk drives;
- tile - optimized hardware encryption;
- tr069-client - added "Device.Hosts.Host.{i}." support;
- tr069-client - added "Device.WiFi.NeighboringWiFiDiagnostic." support;
- tr069-client - added "Ethernet.Interface.{i}.MACAddress" parameter;
- tr069-client - added DHCP server support;
- tr069-client - added Upload RPC "2 Vendor Log File" support;
- tr069-client - added architecture name parameter (X_MIKROTIK_ArchName - vendor specific);
- tr069-client - added basic stats parameters for some interface types;
- tr069-client - added basic support for "/ip firewall filters";
- tr069-client - added connection request authentication;
- tr069-client - added firewall NAT support using vendor Parameters;
- tr069-client - added parameters for DNS client management support;
- tr069-client - added ping diagnostics support;
- tr069-client - added support for escaped entity references (& < > ' ");
- tr069-client - added support for managing "/system/identity/" value;
- tr069-client - added support for memory and CPU load parameters;
- tr069-client - added support for uploading/downloading factory script;
- tr069-client - added traceroute diagnostics support;
- tr069-client - close connection if CPE considers XML as invalid;
- tr069-client - fixed "AddObjectResponse" “InstanceNumber” value;
- tr069-client - fixed "Device.ManagementServer." value update;
- tr069-client - fixed XML special character parsing;
- tr069-client - fixed crash on =acs-url change special case;
- tr069-client - fixed special escape characters on XML data send;
- tr069-client - fixed write for "Device.ManagementServer.URL";
- tr069-client - general improvements on reducing storage space;
- tr069-client - generate random connection request target path;
- tr069-client - hide "Device.PPP.Interface.{i}.Password" value;
- tr069-client - improved LTE monitoring process;
- tr069-client - increased performance on GetParameterValues;
- tr069-client - made any Download RPC overwrite configuration except ".alter";
- tr069-client - make more Parameters deny active notifications;
- tr069-client - set CHR license ID as ".SerialNumber" value to avoid "no serial number" error in ACS;
- traceroute - small fix;
- tunnels - fixed reboot loop on configurations with IPIP and EoIP tunnels (introduced in 6.39rc68);
- usb - added support for more CP210X devices;
- userman - allow "name-for-user" to be empty and not unique;
- userman - automatically select all newly created users to generate vouchers;
- userman - fixed rare crash when User Manager requested file does not exist on router;
- userman - fixed rare web interface crash while using Users section;
- wAP ac - improved 2.4GHz wireless performance;
- webfig - added menu bar to quickly select between Webfig, Quickset and Terminal;
- webfig - allow shorten bytes to k,M,G in firewall "connection-bytes" and "connection-rates";
- webfig - allow to select "default-encryption" profile on PPP tunnels;
- webfig - correctly specify routing filter prefix;
- webfig - fixed delays on key press in terminal;
- webfig - fixed tab ordering on Google Chrome;
- webfig - fixed “last-link-up” & “last-link-down” time information;
- webfig - improved field layout;
- webfig - make Terminal window work within Webfig window;
- webfig - show all available options under “Advanced Mode” for wireless interfaces;
- winbox - added "group-key-update" to CAPsMAN security settings;
- winbox - added "save-selected" setting under CAPsMAN channels;
- winbox - added "static-virtual" to wireless CAP;
- winbox - added GPS menu;
- winbox - allow shorten bytes to k,M,G in firewall "connection-bytes" and "connection-rates";
- winbox - allow to change user password to empty one;
- winbox - allow to not specify certificate in IPSec peer settings;
- winbox - allow to specify "route-distance" in "dhcp-client" if "special-classless" mode is selected;
- winbox - allow to specify certificate type when exporting it;
- winbox - allow to specify interfaces that CAPsMAN can use for management;
- winbox - allow unhide SNMP passwords;
- winbox - allowed to specify static-dns as list;
- winbox - do not allow Packet Sniffer "memory-limit" and "file-limit" lower than 10KiB;
- winbox - do not create time field when copying CAPsMAN access list entry;
- winbox - do not show "dpd-max-failures" on IKEv2;
- winbox - do not show empty LTE fields in Info menu;
- winbox - do not start Traffic Generator automatically when opening "Quick Start";
- winbox - do not try to disable dynamic items from firewall tables;
- winbox - fixed "Montly" typo to "Monthly" in Graphing menu;
- winbox - fixed CAPsMAN channels frequency (allow to specify a list of them);
- winbox - fixed IPSec "mode-config" DNS settings;
- winbox - fixed issue when working IPSec policies were shown as invalid;
- winbox - fixed misleading error when trying to export certificate;
- winbox - hide health menu on RB450;
- winbox - improved "/tool torch";
- winbox - increased maximal number of Winbox sessions 20->100;
- winbox - properly name CAP Interface on new interface creation;
- winbox - properly show "dhcp-server" warnings;
- winbox - properly show IPSec "installed-sa" "enc-algorithm" when it is aes-gcm;
- winbox - removed "sfp-rate-select" setting from ethernet interface;
- winbox - set default "dhcp-client" "default-route-distance" value to 1;
- winbox - show "A" flag for IPSec policies;
- winbox - show "H" flag for IPSec installed SAs;
- winbox - show PoE-OUT current, voltage and power only on devices which can report these values;
- wireless - added Egypt 5.8 country settings;
- wireless - added PEAP authentication support for wireless station mode;
- wireless - apply broadcast bit to DHCP requests when using "station-pseudobridge" mode;
- wireless - do not allow equal MAC addresses between multiple Virtual APs when same "master-interface" is used;
- wireless - fixed RBSXT5HacD2nr2 small channel support;
- wireless - fixed crash while running "spectral-scan";
- wireless - fixed false positive DFS radar detection caused by iPhone 6s devices;
- wireless - fixed issue when wireless interfaces might not show up in CAP mode;
- wireless - fixed occasional crash on interface disabling;
- wireless - fixed rare crash on nv2 configurations;
- wireless - fixed rare wireless ac interface lockup;
- x86 - added support for NVMe SSD disk drives;

About Router Firmware:

Before you consider downloading this firmware, go to the system information page of the router and make sure that the currently installed version isn’t either newer or matching this release.

Due to the large variety of router models and different methods for upgrading the device, it is highly recommended that you read and, above all, understand the installation steps before you apply the new firmware, even if you are a power user.

In theory, these steps shouldn’t be much of a hassle for anyone, because manufacturers try to make them as easy as possible, even if they don’t always succeed. Basically, you must upload the new firmware to the router through its administration page and allow it to upgrade.

If you install a new version, you can expect increased security levels, different vulnerability issues to be resolved, improved overall performance and transfer speeds, enhanced compatibility with other devices, added support for newly developed technologies, as well as several other changes.

If you’re looking for certain safety measures, remember that it would be best if you perform the upload using an Ethernet cable rather than a wireless connection, which can be interrupted easily. Also, make sure you don’t power off the router or use its buttons during the installation, if you wish avoid any malfunctions.

If this firmware meets your current needs, get the desired version and apply it to your router unit; if not, check with our website as often as possible so that you don’t miss the update that will improve your device.

MikroTik RouterOS Firmware MikroTik MIPS-BE Architecture Firmware MikroTik Router Firmware Router RouterOS Firmware MikroTik