MikroTik Changelog Tracker
← Back to search All components

Component: ipsec

296 changelog entries across 97 version(s)

Releases by channel (stacked)

6.33 Stable 2015-Nov-06 (10 years ago)
  • force flow cache validation once in 1h;
  • fix set on multiple policies which could result in adding non existent dynamic policies to the list;
  • fix transport mode ph2 ID ports when policy selects specific ip protocol on initiator;
  • use local-address for phase 1 matching and initiation;
  • fix replay window, was accidentally disabled since version 6.30;
6.32.2 Stable 2015-Sep-17 (10 years ago)
  • fixed kernel failure when packets were not ordered on first call;
  • fix sockaddr buf size on id generation for ipv6 address;
6.32 Stable 2015-Aug-31 (10 years ago)
  • added compatibility option skip-peer-id-check;
  • fix potential memory leak;
  • use local-address for phase 1 matching and initiation;
  • fix transport mode ph2 ID ports when policy selects specific ip protocol on initiator;
6.30.2 Long-term 2015-Jul-22 (10 years ago)
  • fixed crash in when gcm encryption was used
6.30.1 Long-term 2015-Jul-14 (10 years ago)
  • disallow changing dynamic peer;
6.30 Stable 2015-Jul-08 (10 years ago)
  • fail ph2 negitioation when initiator proposed key length does not match proposal configuration;
  • increase replay window to 128;
6.29 Stable 2015-May-27 (10 years ago)
  • allow to specify custom IP address for my_id parameter;
6.27 Stable 2015-Feb-11 (11 years ago)
  • fixed crash that happened in specific situation;
6.21 Stable 2014-Oct-30 (11 years ago)
  • fix downgrade problem to v5;
  • disallow template-policy-group=none in peer config and set it to 'default';
6.20 Stable 2014-Oct-01 (11 years ago)
  • support fqdn as my id;
  • allow binding modeconf address to username;
6.19 Stable 2014-Aug-26 (11 years ago)
  • when peer config is changed kill only relevant SAs;
6.18 Stable 2014-Aug-01 (11 years ago)
  • fix addition of default policy template;
6.16 Stable 2014-Jul-17 (11 years ago)
  • fix AH proposal and problem when sometimes policy was not generated;
  • allow multiple encryption algorithms per peer;
6.12 Stable 2014-Apr-14 (11 years ago)
  • support IPv4 over IPv6 and vice versa;
6.11 Stable 2014-Mar-20 (11 years ago)
  • fix aes-cbc hardware acceleration on CCR with key sizes 192 and 256;
6.7 Stable 2013-Nov-29 (12 years ago)
  • added aes-gcm icv16 encryption mode;
  • added aes-ctr encryption mode;
  • added sha256 and sha512 support;
  • proposal defaults changed to aes-128 and sha1 for both phase1 and phase2;
  • fix policy bypass on IPv6 gre, ipip, eoip tunnels when policy uses protocol filter;
6.5 Stable 2013-Oct-16 (12 years ago)
  • fix peer mathing with non byte aligned masks;
6.2 Stable 2013-Aug-02 (12 years ago)
  • fixed peer address matching;
  • fix phase1 autonegotiation on little endian platforms;
6.1 Stable 2013-Jun-12 (12 years ago)
  • for peers with full IP address specified system will autostart ISAKMP SA negotiation;
6.0 Stable 2013-May-17 (12 years ago)
  • added /peer passive option which will prevent starting ISAKMP negotiation and signifies xauth responder/initiator side;
  • added pre-shared-key-xauth and rsa-signature-hybrid authentication methods;
5.8 Stable 2011-Nov-01 (14 years ago)
  • support authorization with raw RSA keys;
5.7 Stable 2011-Sep-14 (14 years ago)
  • new exchange mode (main-l2tp) for l2tp tunnel users to allow FQDN as a peer ID with preshared key authorization in main mode;
  • fixed problem of RB1200 rebooting when large amount of UDP traffic is sent through IPsec;