Pertinent to your situation forwarding-enabled=remote is added - IIRC this has been mentioned in previous threads that forwarding-enabled=both, or at least forwarding-enabled=local, would be a better choice on upgrade. If strong-crypto=yes then allow-none-crypto=no is added - AFAIK this is fixed in the latest beta. Upgrading to 6.44.5 (and possibly prior 6.44.x releases) does bonkers things to the SSH settings, in particular: If there is a change in the changelog that explains this problem I don't see it. The firmware was not upgraded to 6.44.5 because I could never reconnect to do it (user with ssh permissions is limited to just ssh, so management has to be through a redirected winbox or telnet unless there is a way to change users inside the ssh console window). But when I try to manage the router through ssh port tunnel (redirect) to winbox or telnet it disconnects the ssh session with this error: It allows me to make a connection using Putty as usual, the connection terminal window displays correctly. I upgraded a remote test router from 6.43.16 long-term to 6.44.5 long-term. I connect to manage routers with ssh using an rsa ssh key. Please keep this forum topic strictly related to this specific RouterOS release. If you experience version related issues, then please send supout file from your router to File must be generated while router is not working as suspected or after some problem has appeared on device To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: *) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473) *) wireless - updated "china" regulatory domain information *) wireless - improved installation mode selection for wireless outdoor equipment *) wireless - improved DFS radar detection when using non-ETSI regulated country *) winbox - do not allow setting "dns-lookup-interval" to "0" *) supout - changed IPv6 pool section to output detailed print *) supout - added "pwr-line" section to supout file *) supout - added IPv6 ND section to supout file *) ssh - fixed non-interactive multiple command execution *) snmp - improved reliability on SNMP service packet validation *) rb921 - improved system stability ("/system routerboard upgrade" required) *) rb3011 - improved system stability when receiving bogus packets *) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066) *) ipv6 - improved system stability when receiving bogus packets *) hotspot - moved "title" HTML tag after "meta" tags *) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values *) firewall - process packets by firewall when accepted by RAW with disabled connection tracking *) firewall - fixed fragmented packet processing when only RAW firewall is configured *) e-mail - properly release e-mail sending session if the server's domain name can not be resolved *) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44) *) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS *) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server *) dhcpv6-client - fixed status update when leaving "bound" state *) defconf - automatically set "installation" parameter for outdoor devices *) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160) *) cloud - properly stop "time-zone-autodetect" after disable *) certificate - removed "set-ca-passphrase" parameter *) capsman - fixed interface-list usage in access list *) capsman - fixed CAP system upgrading process for MMIPS *) bridge - correctly handle bridge host table !) security - fixed vulnerability CVE-2019-13074 RouterOS version 6.44.5 has been released in public "long-term" channel!ġ) Remember to make backup/export files before an upgrade and save them on another storage device Ģ) Make sure the device will not lose power during upgrade process ģ) Device has enough free storage space for all RouterOS packages to be downloaded.
0 Comments
Leave a Reply. |