MikroTik Changelog Tracker
← Back to search All components

Component: ike2

155 changelog entries across 45 version(s)

Releases by channel (stacked)

7.21 Stable 2026-Jan-12 (1 month ago)
  • adapt rekey procedure for compatibility with Libreswan;
7.19.6 Stable 2025-Sep-12 (5 months ago)
  • improved system stability;
7.19 Stable 2025-May-22 (9 months ago)
  • improved initial key exchange process on slow or unreliable connections;
7.17 Stable 2025-Jan-16 (1 year ago)
  • improved performance by balancing multicore CPU usage for key exchange calculation also for initiator;
7.16 Stable 2024-Sep-20 (1 year ago)
  • improved performance by balancing multicore CPU usage for key exchange calculation;
7.13 Stable 2023-Dec-14 (2 years ago)
  • fixed ike2 double reply;
7.12 Stable 2023-Nov-09 (2 years ago)
  • improved rekey collision handling;
7.11 Stable 2023-Aug-15 (2 years ago)
  • improved SA rekeying reply process;
  • improved system stability when closing phase1;
  • improved system stability when making configuration changes on active setup;
  • log "reply ignored" as non-debug log message;
7.10 Stable 2023-Jun-15 (2 years ago)
  • improved child SA delete request processing;
7.9 Stable 2023-May-02 (2 years ago)
  • fixed minor logging typo;
7.8 Stable 2023-Feb-24 (3 years ago)
  • added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
  • fixed active SA flush on responder after an unsuccessful peer connection attempt;
7.7 Stable 2023-Jan-12 (3 years ago)
  • added support for ChaChaPoly1305 encryption;
  • added support for DH Group 31 (EC25519) (CLI only);
  • fixed rekey notify creation;
  • improved certificate payload parsing;
7.5 Stable 2022-Aug-30 (3 years ago)
  • allow sending certificate chain as initiator;
7.2 Stable 2022-Mar-31 (3 years ago)
  • ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
6.49 Stable 2021-Oct-06 (4 years ago)
  • added support for ASN.1 DN "my-id" value setting for initiators;
  • check if TS is still valid after obtaining SPI;
  • fixed initiator packet retransmit with DDOS cookie;
6.48.5 Long-term 2021-Sep-21 (4 years ago)
  • check if TS is still valid after obtaining SPI;
6.48.4 Stable 2021-Aug-18 (4 years ago)
  • added "MS-CHAP-Domain" attribute to RADIUS requests;
6.48.2 Stable 2021-Apr-09 (4 years ago)
  • added "MS-CHAP-Domain" attribute to RADIUS requests;
  • fixed DH group negotiation with EAP;
  • fixed EAP MSK length validation (introduced in v6.48);
  • fixed initial traffic selector's protocol and port in transport mode;
6.48.1 Stable 2021-Feb-03 (5 years ago)
  • fixed phase 2 rekeying with enabled PFS (introduced in v6.48);
  • improved stability when invalid certificate is configured (introduced in v6.48);
  • properly register packet time after expensive CPU operations;
6.48 Stable 2020-Dec-22 (5 years ago)
  • added "prf-algorithm" support for phase 1;
  • added support for IKEv2 Message Fragmentation (RFC7383);
  • fixed EAP MSK length validation;
  • fixed too small payload parsing;
  • improved EAP message integrity checking;
  • improved child SA rekeying process;
6.46.7 Long-term 2020-Sep-07 (5 years ago)
  • fixed local side NAT detection;
  • fixed policy reference for pending acquire;
  • retry RSA signature validation with deduced digest from certificate;
6.47.3 Stable 2020-Sep-01 (5 years ago)
  • fixed local side NAT detection;
6.47.1 Stable 2020-Jul-08 (5 years ago)
  • fixed initiator child SA init without policy;
  • fixed policy reference for pending acquire;
  • retry RSA signature validation with deduced digest from certificate;
6.47 Stable 2020-Jun-02 (5 years ago)
  • added support for "INTERNAL_DNS_DOMAIN" payload attribute;
  • added support for RADIUS Disconnect-Request message handling;
  • added support for RFC8598;
  • allow initiator address change before authentication;
  • fixed authentication handling when initiator disconnects before RADIUS response;
6.46.4 Stable 2020-Feb-21 (6 years ago)
  • fixed DHCP Inform package handling when received on PPPoE interface;