MikroTik Changelogs
← Back to search All components

Component: ike2

257 changelog entries across 109 version(s)

Releases by channel (stacked)

6.45beta22 Testing 2019-Mar-29 (7 years ago)
  • prefer SAN instead of DN from certificate for ID payload;
6.45beta19 Testing 2019-Mar-22 (7 years ago)
  • added support for ECDSA certificate authentication (rfc4754);
  • prefer SAN instead of DN from certificate for ID payload;
6.45beta16 Testing 2019-Mar-18 (7 years ago)
  • do not send "User-Name" attribute to RADIUS server if not provided;
  • improved XAuth identity conversion on upgrade;
6.44 Stable 2019-Feb-25 (7 years ago)
  • improved subsequent phase 2 initialization when no childs exist;
  • properly handle certificates with empty "Subject";
  • retry RSA signature validation with deduced digest from certificate;
  • send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
  • show weak pre-shared-key warning;
  • added option to specify certificate chain;
  • added peer identity validation for RSA auth (disabled after upgrade);
  • allow to match responder peer by "my-id=fqdn" field;
  • fixed local address lookup when initiating new connection;
6.44beta75 Testing 2019-Feb-08 (7 years ago)
  • retry RSA signature validation with deduced digest from certificate;
6.44beta50 Testing 2018-Dec-17 (7 years ago)
  • allow to match responder peer by "my-id=fqdn" field;
6.44beta39 Testing 2018-Nov-27 (7 years ago)
  • added peer identity validation for RSA auth (disabled after upgrade);
  • allow to match responder peer by "my-id=fqdn" field;
  • properly handle certificates with empty "Subject";
  • send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
6.44beta28 Testing 2018-Oct-29 (7 years ago)
  • added option to specify certificate chain;
  • send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
  • show weak pre-shared-key warning;
6.44beta14 Testing 2018-Oct-01 (7 years ago)
  • improved subsequent phase 2 initialization when no childs exist;
6.42.9 Long-term 2018-Sep-27 (7 years ago)
  • fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
  • improved subsequent phase 2 initialization when no child exist;
6.43.1 Stable 2018-Sep-17 (7 years ago)
  • fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
6.44beta6 Testing 2018-Sep-11 (7 years ago)
  • added option to specify certificate chain;
  • fixed local address lookup when initiating new connection;
  • fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
6.43 Stable 2018-Sep-06 (7 years ago)
  • fixed initiator first policy selection;
  • fixed rekeyed child deletion during another exchange;
  • improved basic exchange logging readability;
  • use "/32" netmask by default on initiator if not provided by responder;
6.43rc56 Testing 2018-Aug-13 (7 years ago)
  • fixed initiator first policy selection;
6.43rc51 Testing 2018-Aug-01 (7 years ago)
  • fixed rekeyed child deletion during another exchange;
  • improved basic exchange logging readability;
6.43rc40 Testing 2018-Jul-02 (7 years ago)
  • use "/32" netmask by default on initiator if not provided by responder;
6.40.8 Long-term 2018-Apr-23 (8 years ago)
  • use "policy-template-group" parameter when picking proposal as initiator;
6.42.1 Stable 2018-Apr-23 (8 years ago)
  • use "policy-template-group" parameter when picking proposal as initiator;
6.43rc3 Testing 2018-Apr-20 (8 years ago)
  • use "policy-template-group" parameter when picking proposal as initiator;
6.42 Stable 2018-Apr-13 (8 years ago)
  • fixed framed IP address received from RADIUS server;
6.42rc56 Testing 2018-Apr-09 (8 years ago)
  • fixed framed IP address received from RADIUS server;
6.40.6 Long-term 2018-Feb-20 (8 years ago)
  • added support for multiple split networks;
  • delay rekeyed peer outbound SA installation;
  • improve half-open connection handling;
  • kill connection when peer changes address;
  • use peer configuration address when available on empty TSi;
6.41.1 Stable 2018-Jan-30 (8 years ago)
  • delay rekeyed peer outbound SA installation;
  • improve half-open connection handling;
6.42rc9 Testing 2018-Jan-15 (8 years ago)
  • delay rekeyed peer outbound SA installation;
6.42rc5 Testing 2018-Jan-03 (8 years ago)
  • improve half-open connection handling;