MikroTik Changelogs
← Back to search All components

Component: ipsec

511 changelog entries across 207 version(s)

Releases by channel (stacked)

6.37 Stable 2016-Sep-23 (9 years ago)
  • fixed crash with enabled fragmentation;
  • fixed dynamic policy not deleted on disconnect for nat-t peers;
  • fixed fragmentation use negotiation;
  • fixed kernel crash when sha512 was used;
6.36.3 Stable 2016-Sep-05 (9 years ago)
  • don't log authtype mismatch as critical;
  • fixed xauth parameter printing in terminal;
6.36 Stable 2016-Jul-20 (9 years ago)
  • add dead ph2 detection exception for windows msgid noncompliance with rfc;
  • added dead ph2 reply detection;
  • don't register temporary ph2 on dead list;
  • fix initiator modecfg dynamic dns;
  • fixed AH with SHA2;
  • fixed checks before accessing ph1 nat options;
  • fixed mode-config export;
  • fixed route cache overflow when using ipsec with route cache disabled;
  • fixed windows msgid check on x86 devices;
  • show remote peer address in error messages when possible;
  • store udp encapsulation type in proposal;
6.35.4 Stable 2016-Jun-09 (9 years ago)
  • fixed mode-config export;
  • fixed route cache overflow when using ipsec with route cache disabled;
6.34.5 Long-term 2016-May-27 (9 years ago)
  • better flush on proposal change;
  • fixed crash on policy update;
6.35 Stable 2016-Apr-14 (10 years ago)
  • always re-key ph1 because it was possible that ph1 without DPD would expire;
  • better flush on proposal change;
  • fixed crash on policy update;
  • fixed fast ph2 SA addition;
  • fixed larval SA refresh for display;
  • fixed multiple consecutive dynamic policy flush;
6.34.4 Stable 2016-Mar-24 (10 years ago)
  • take into account ip protocol in kernel policy matcher;
6.34.2 Stable 2016-Feb-18 (10 years ago)
  • fix console peer aes enc algorithm display;
6.32.4 Long-term 2016-Feb-09 (10 years ago)
  • fixed kernel failure after underlying tunnel has been disabled/enabled;
6.34 Stable 2016-Jan-29 (10 years ago)
  • allow my-id address specification in main mode;
  • prioritize proposals;
  • support multiple DH groups for phase 1;
  • fix phase2 hmac-sha-256-128 truncation len from 96 to 128 This will break compatibility with all previous versions and any other currently compatible software using sha256 hmac for phase2;
  • make sure that dynamic policy always has dynamic flag;
  • fixed active SAs flushing;
  • improved TCP performance on CCRs;
6.33 Stable 2015-Nov-06 (10 years ago)
  • force flow cache validation once in 1h;
  • fix set on multiple policies which could result in adding non existent dynamic policies to the list;
  • fix transport mode ph2 ID ports when policy selects specific ip protocol on initiator;
  • use local-address for phase 1 matching and initiation;
  • fix replay window, was accidentally disabled since version 6.30;
6.32.2 Stable 2015-Sep-17 (10 years ago)
  • fixed kernel failure when packets were not ordered on first call;
  • fix sockaddr buf size on id generation for ipv6 address;
6.32 Stable 2015-Aug-31 (10 years ago)
  • added compatibility option skip-peer-id-check;
  • fix potential memory leak;
  • use local-address for phase 1 matching and initiation;
  • fix transport mode ph2 ID ports when policy selects specific ip protocol on initiator;
6.30.2 Long-term 2015-Jul-22 (10 years ago)
  • fixed crash in when gcm encryption was used
6.30.1 Long-term 2015-Jul-14 (10 years ago)
  • disallow changing dynamic peer;
6.30 Stable 2015-Jul-08 (10 years ago)
  • fail ph2 negitioation when initiator proposed key length does not match proposal configuration;
  • increase replay window to 128;
6.29 Stable 2015-May-27 (10 years ago)
  • allow to specify custom IP address for my_id parameter;
6.27 Stable 2015-Feb-11 (11 years ago)
  • fixed crash that happened in specific situation;
6.21 Stable 2014-Oct-30 (11 years ago)
  • fix downgrade problem to v5;
  • disallow template-policy-group=none in peer config and set it to 'default';
6.20 Stable 2014-Oct-01 (11 years ago)
  • support fqdn as my id;
  • allow binding modeconf address to username;
6.19 Stable 2014-Aug-26 (11 years ago)
  • when peer config is changed kill only relevant SAs;
6.18 Stable 2014-Aug-01 (11 years ago)
  • fix addition of default policy template;
6.16 Stable 2014-Jul-17 (11 years ago)
  • fix AH proposal and problem when sometimes policy was not generated;
  • allow multiple encryption algorithms per peer;
6.12 Stable 2014-Apr-14 (12 years ago)
  • support IPv4 over IPv6 and vice versa;
6.11 Stable 2014-Mar-20 (12 years ago)
  • fix aes-cbc hardware acceleration on CCR with key sizes 192 and 256;