MikroTik Changelogs
← Back to search All components

Component: ike2

257 changelog entries across 109 version(s)

Releases by channel (stacked)

6.41 Stable 2017-Dec-22 (8 years ago)
  • added support for multiple split networks;
  • check identities on "initial-contact";
  • do not allow to configure nat-traversal;
  • fixed PH1 lifetime reset on boot;
  • fixed initiator DDoS cookie processing;
  • fixed responder DDoS cookie first notify type check;
  • kill connection when peer changes address;
  • use peer configuration address when available on empty TSi;
6.41rc66 Testing 2017-Dec-14 (8 years ago)
  • added support for multiple split networks;
  • do not allow to configure nat-traversal;
6.41rc56 Testing 2017-Nov-24 (8 years ago)
  • fixed PH1 lifetime reset on boot;
6.41rc37 Testing 2017-Oct-02 (8 years ago)
  • fixed initiator DDoS cookie processing;
  • fixed responder DDoS cookie first notify type check;
6.38.7 Long-term 2017-Jun-20 (8 years ago)
  • allow multiple child SA traffic selectors on re-key;
  • fixed last EAP authentication payload type;
  • fixed policy release during SA negotiation;
  • fixed RSA authentication without EAP;
  • fixed situation when traffic selector prefix was parsed incorrectly;
6.39.2 Stable 2017-Jun-01 (8 years ago)
  • fixed rare kernel failure on address acquire;
  • fixed situation when traffic selector prefix was parsed incorrectly;
6.39 Stable 2017-Apr-27 (9 years ago)
  • allow multiple child SA traffic selectors on re-key;
  • always replace empty TSi with configured address if it is available;
  • check child state before allowing rekey;
  • default to /32 peer address mask;
  • fixed CTR mode;
  • fixed EAP message length;
  • fixed ISA handler object removal on SA delete;
  • fixed RSA authentication without EAP;
  • fixed disabled DPD;
  • fixed last EAP auth payload type;
  • fixed ph2 state when sending notify;
  • fixed policy release during SA negotion;
  • fixed state when sending delete packet;
  • improved logging;
  • kill only child SAs which are not re-keyed by remote peer;
  • log RADIUS timeout message under error topic;
  • remove old SA after rekey;
  • send EAP identity as user-name RADIUS attribute;
  • update "calling_station_id" RADIUS attribute;
  • update peer identity after successful EAP authentication;
6.38.4 Stable 2017-Mar-08 (9 years ago)
  • also kill IKEv2 connections on proposal change;
  • always limit empty remote selector;
  • fixed proposal change crash;
  • fixed responder subsequent new child creation when PFS is used;
  • fixed responder TS updating on wild match;
6.38.1 Stable 2017-Jan-13 (9 years ago)
  • allow empty selectors to reach policy handler;
  • auto-negotiate split nets;
  • default to tunnel mode in setups without policy;
  • fixed error packet from initiator on responder reply;
  • fixed initiator TS updating;
  • fixed ph1 initial-contact rare desync;
  • fixed policy setting for /0 selector with different address families;
  • fixed split policy active flag;
  • fixed traffic selector prefix calculation;
  • fixed xauth add check;
  • include identity in peer address info;
  • log empty TS payload;
  • minor logging update;
  • show peer identity of connected peers;
  • traffic selector improvements;
  • update also local port when peer changes port;
  • use first split net for empty TS;
  • use standard retransmission timers for DPD;
  • xauth like auth method with user support;