MikroTik Changelog Tracker
← Back to search All components

Component: ipsec

296 changelog entries across 97 version(s)

Releases by channel (stacked)

6.47 Stable 2020-Jun-02 (5 years ago)
  • added "split-dns" parameter support for mode configuration;
  • added "use-responder-dns" parameter support;
  • allow specifying two peers for a single policy for failover;
  • control CRL validation with global "use-crl" setting;
  • do full certificate validation for identities with explicit certificate;
  • fixed minor spelling mistake in logs;
  • improved IPsec service stability when receiving bogus packets;
  • place dynamically created IPsec policies by L2TP client at the begining of the table;
6.45.9 Long-term 2020-Apr-30 (5 years ago)
  • improved system stability when handling fragmented packets;
6.46.5 Stable 2020-Apr-07 (5 years ago)
  • improved system stability when handling fragmented packets;
6.45.8 Long-term 2020-Jan-23 (6 years ago)
  • improved system stability when processing decrypted packet on unregistered interface;
6.46.1 Stable 2019-Dec-13 (6 years ago)
  • improved system stability when processing decrypted packet on unregistered interface;
6.46 Stable 2019-Dec-02 (6 years ago)
  • added "error" topic for identity check failure logging messages;
  • fixed DNS resolving when domain has only AAAA entries;
  • fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
6.44.6 Long-term 2019-Oct-24 (6 years ago)
  • allow inline "passphrase" parameter when importing keys;
  • fixed minor spelling mistakes in logs;
6.45.5 Stable 2019-Aug-26 (6 years ago)
  • allow inline "passphrase" parameter when importing keys;
  • fixed "eap-radius" authentication method (introduced in v6.45);
  • fixed minor spelling mistakes in logs;
6.45.2 Stable 2019-Jul-17 (6 years ago)
  • added "connection-mark" parameter for mode-config initiator;
  • allow peer argument only for "encrypt" policies (introduced in v6.45);
  • fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
  • improved stability for peer initialization (introduced in v6.45);
  • show warning for policies with "unknown" peer;
6.45.1 Stable 2019-Jun-27 (6 years ago)
  • renamed "remote-peers" to "active-peers";
  • renamed "rsa-signature" authentication method to "digital-signature";
  • replaced policy SA address parameters with peer setting;
  • use tunnel name for dynamic IPsec peer name;
  • added dynamic comment field for "active-peers" menu inherited from identity;
  • added "ph2-total" counter to "active-peers" menu;
  • added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
  • added traffic statistics to "active-peers" menu;
  • disallow setting "src-address" and "dst-address" for transport mode policies;
  • do not allow adding identity to a dynamic peer;
  • fixed policies becoming invalid after changing priority;
  • general improvements in policy handling;
  • properly drop already established tunnel when address change detected;
6.44.3 Stable 2019-Apr-23 (6 years ago)
  • fixed freshly created identity not taken in action (introduced in v6.44);
  • fixed possible configuration corruption after import (introduced in v6.44);
6.44.1 Stable 2019-Mar-13 (6 years ago)
  • allow identities with empty XAuth login and password if RADIUS is enabled (introduced in v6.44);
  • fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
  • use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
6.43.13 Long-term 2019-Mar-13 (6 years ago)
  • fixed all policies not getting installed after startup (introduced in v6.43.8);
  • fixed stability issues after changing peer configuration (introduced in v6.43);
6.44 Stable 2019-Feb-25 (7 years ago)
  • added account log message when user is successfully authenticated;
  • added basic pre-shared-key strength checks;
  • added new "remote-id" peer matcher;
  • allow to specify single address instead of IP pool under "mode-config";
  • fixed active connection killing when changing peer configuration;
  • fixed all policies not getting installed after startup (introduced in v6.43.8);
  • fixed stability issues after changing peer configuration (introduced in v6.43);
  • hide empty prefixes on "peer" menu;
  • improved invalid policy handling when a valid policy is uninstalled;
  • made dynamic "src-nat" rule more specific;
  • made peers autosort themselves based on reachability status;
  • moved "profile" menu outside "peer" menu;
  • properly detect AES-NI extension as hardware AEAD;
  • removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
  • require write policy for key generation;
6.42.12 Long-term 2019-Feb-12 (7 years ago)
  • accept only valid path for "export-pub-key" parameter in "key" menu;
6.43.11 Stable 2019-Feb-04 (7 years ago)
  • accept only valid path for "export-pub-key" parameter in "key" menu;
6.43.7 Stable 2018-Nov-30 (7 years ago)
  • fixed hw-aead (H) flag presence under Installed SAs on startup;
  • improved stability when uninstalling multiple SAs at once;
  • properly handle peer profiles on downgrade;
  • properly update warnings under peer menu;
6.42.10 Long-term 2018-Nov-14 (7 years ago)
  • fixed hw-aead (H) flag presence under Installed SAs on startup;
  • improved stability when uninstalling multiple SAs at once;
  • properly update warnings under peer menu;
6.43.4 Stable 2018-Oct-17 (7 years ago)
  • allow multiple peers to the same address with different local-address (introduced in v6.43);
6.42.9 Long-term 2018-Sep-27 (7 years ago)
  • improved invalid policy handling when a valid policy is uninstalled;
  • improved stability when using IPsec with disabled route cache;
6.43 Stable 2018-Sep-06 (7 years ago)
  • added "responder" parameter for "mode-config" to allow multiple initiator configurations;
  • added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule;
  • added warning messages for incorrect peer configuration;
  • do not allow removal of "proposal" and "mode-config" entries that are in use;
  • fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
  • fixed AES-CTR and AES-GCM key size proposing as initiator;
  • fixed "static-dns" value storing;
  • improved invalid policy handling when a valid policy is uninstalled;
  • improved reliability on generated policy addition when IKEv1 or IKEv2 used;
  • improved stability when using IPsec with disabled route cache;
  • install all DNS server addresses provided by "mode-config" server;
  • separate phase1 proposal configuration from peer menu;
  • use monotonic timer for SA lifetime check;
6.40.9 Long-term 2018-Aug-20 (7 years ago)
  • fixed policies becoming invalid if added after a disabled policy;
6.42.7 Stable 2018-Aug-17 (7 years ago)
  • fixed "sa-src-address" deduction from "src-address" in tunnel mode;
  • improved invalid policy handling when a valid policy is uninstalled;
6.42.4 Stable 2018-Jun-15 (7 years ago)
  • improved reliability on IPsec hardware encryption for RB1100Dx4;
6.42.2 Stable 2018-May-17 (7 years ago)
  • fixed policies becoming invalid if added after a disabled policy;
  • improved reliability on IPsec hardware encryption for ARM devices except RB1100Dx4;