MikroTik Changelog Tracker
← Back to search All components

Component: ipsec

296 changelog entries across 97 version(s)

Releases by channel (stacked)

7.21 Stable 2026-Jan-12 (1 month ago)
  • fixed CHACHA20 typo in log messages;
  • support Post-Quantum Pre-shared Key (PPK) with QKD integration (CLI only);
7.20 Stable 2025-Sep-29 (5 months ago)
  • fixed degraded IPsec performance for IPQ-6010 (introduced in v7.17);
  • move raw RSA keys to /ip/ipsec/key/rsa;
7.19.2 Stable 2025-Jun-20 (8 months ago)
  • fixed responder on key exchange compute failure (introduced in v7.19);
7.19 Stable 2025-May-22 (9 months ago)
  • fixed system failure on MMIPS devices when using IPsec services;
  • lower standalone cipher, hash priority when using ctr aead;
7.18 Stable 2025-Feb-24 (1 year ago)
  • added hardware acceleration support for hEX refresh;
  • fixed chacha20 poly1305 proposal;
  • fixed installed SAs update process when SAs are removed;
7.17.1 Stable 2025-Jan-30 (1 year ago)
  • fixed chacha20 poly1305 proposal;
  • fixed installed SAs update process when SAs are removed;
7.17 Stable 2025-Jan-16 (1 year ago)
  • ike2 improved process for policies;
7.16 Stable 2024-Sep-20 (1 year ago)
  • changed default dpd-interval from 2 minutes to 8 seconds and dpd-maximum-failures from 5 to 4;
  • improved installed SA statistics update;
7.12 Stable 2023-Nov-09 (2 years ago)
  • fixed Diffie-Hellman public value encoding size;
  • fixed IPSec policy when using modp3072;
  • fixed minor typo in logs;
  • reduce disk writes when started without active configuration;
7.11.1 Stable 2023-Aug-30 (2 years ago)
  • fixed IPSec policy when using modp3072;
7.11 Stable 2023-Aug-15 (2 years ago)
  • fixed public key export (introduced in v7.10);
  • fixed signature authentication using secp521r1 certificate (introduced in v7.10);
  • improved IKE2 rekey process;
  • properly check ph2 approval validity when using IKE1 exchange mode;
7.10 Stable 2023-Jun-15 (2 years ago)
  • added hardware acceleration support for IPQ-5010 (hAP ax lite);
  • refactor public key authentication;
  • removed "ec2n185" and "ec2n155" values from proposal configurations;
7.9 Stable 2023-May-02 (2 years ago)
  • added error log message when peer ID does not match certificate;
  • fixed packet processing by hardware encryption engine on RB850Gx2 device;
  • refactor X.509 implementation;
7.8 Stable 2023-Feb-24 (3 years ago)
  • added support for "Framed-Route" RADIUS attribute support;
  • do not match incoming IKE requests by unresolved DNS name peers;
  • fixed peer matcher for incoming connection with unresolved DNS;
7.7 Stable 2023-Jan-12 (3 years ago)
  • added "current-address" parameter for peers with DNS address;
  • added hardware acceleration support for IPQ-6010;
  • added support for AVX optimized SHA acceleration;
  • improved "H" (hw-aead) flag presence for accelerated SA's;
  • improved IKE payload processing;
  • improved configuration of IPsec proposal auth-algorithms;
  • removed Blowfish and Camellia encryption algorithms for IKE;
7.6 Stable 2022-Oct-17 (3 years ago)
  • added "invalid-packets" counter for Installed SA's menu;
  • fixed packet processing by hardware encryption engine on MMIPS devices;
7.3 Stable 2022-Jun-06 (3 years ago)
  • fixed IPsec IRQ initialization on startup on TILE;
  • fixed printing of active peer statistics;
7.2 Stable 2022-Mar-31 (3 years ago)
  • added hardware acceleration support for CCR2116;
  • fixed "identities" menu emptying after RouterOS upgrade/reboot;
6.49 Stable 2021-Oct-06 (4 years ago)
  • fixed memory leak when processing DHCP packets;
  • improved SA update by SPI;
  • improved system stability on CHR;
  • improved system stability on MMIPS devices;
6.48.5 Long-term 2021-Sep-21 (4 years ago)
  • improved SA update by SPI;
6.47.10 Long-term 2021-May-31 (4 years ago)
  • fixed SA address parameter exporting;
6.48.3 Stable 2021-May-25 (4 years ago)
  • fixed SA address parameter exporting;
6.48.1 Stable 2021-Feb-03 (5 years ago)
  • improved stability when processing IPv6 packets larger than interface MTU;
6.48 Stable 2020-Dec-22 (5 years ago)
  • added SHA384 hash algorithm support for phase 1;
  • do not kill connection when peer's "name" or "comment" is changed;
  • fixed client certificate usage when certificate is renewed with SCEP;
  • fixed multiple warning message display for peers;
  • inactivate peer's policy on disconnect;
  • refresh peer's DNS only when phase 1 is down;
6.47.1 Stable 2020-Jul-08 (5 years ago)
  • do not update peer endpoints for generated policy entries (introduced in v6.47);