- Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
- dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
- ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
- security - fixed vulnerabilities CVE-2018-1157, CVE-2018-1158;
- security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
- security - fixed vulnerability CVE-2019-13074;
- user - removed insecure password storage;
- bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
- bridge - correctly handle bridge host table;
- bridge - fixed log message when hardware offloading is being enabled;
- bridge - improved stability when receiving traffic over USB modem with bridge firewall enabled;
- capsman - fixed CAP system upgrading process for MMIPS;
- capsman - fixed interface-list usage in access list;
- ccr - improved packet processing after overloading interface;
- certificate - added "key-type" field;
- certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
- certificate - fixed self signed CA certificate handling by SCEP client;
- certificate - made RAM the default CRL storage location;
- certificate - removed DSA (D) flag;
- certificate - removed "set-ca-passphrase" parameter;
- chr - legacy adapters require "disable-running-check=yes" to be set;
- cloud - added "replace" parameter for backup "upload-file" command;
- conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
- conntrack - significant stability and performance improvements;
- crs317 - fixed known multicast flooding to the CPU;
- crs3xx - added ethernet tx-drop counter;
- crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
- crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
- crs3xx - fixed "tx-drop" counter;
- crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
- defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
- defconf - automatically set "installation" parameter for outdoor devices;
- defconf - changed default configuration type to AP for cAP series devices;
- defconf - fixed channel width selection for RU locked devices;
- dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
- dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
- dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
- dhcpv4-server - added "client-mac-limit" parameter;
- dhcpv4-server - added IP conflict logging;
- dhcpv4-server - added RADIUS accounting support with queue based statistics;
- dhcpv4-server - added "vendor-class-id" matcher (CLI only);
- dhcpv4-server - improved stability when performing "check-status" command;
- dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
- dhcpv6-client - added option to disable rapid-commit;
- dhcpv6-client - fixed status update when leaving "bound" state;
- dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
- dhcpv6-server - added "address-list" support for bindings;
- dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
- dhcpv6-server - added RADIUS accounting support with queue based statistics;
- dhcpv6-server - added "route-distance" parameter;
- dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
- dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
- discovery - correctly create neighbors from VLAN tagged discovery messages;
- discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
- discovery - improved neighbour's MAC address detection;
- discovery - limit max neighbour count per interface based on total RAM memory;
- discovery - show neighbors on actual mesh ports;
- e-mail - include "message-id" identification field in e-mail header;
- e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
- ethernet - added support for 25Gbps and 40Gbps rates;
- ethernet - fixed running flag not present on x86 interfaces and CHR legacy adapters;
- ethernet - increased loop warning threshold to 5 packets per second;
- fetch - added SFTP support;
- fetch - improved user policy lookup;
- firewall - fixed fragmented packet processing when only RAW firewall is configured;
- firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
- gps - fixed missing minus close to zero coordinates in dd format;
- gps - make sure "direction" parameter is upper case;
- gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
- gps - use "serial0" as default port on LtAP mini;
- hotspot - added "interface-mac" variable to HTML pages;
- hotspot - moved "title" HTML tag after "meta" tags;
- ike1 - adjusted debug packet logging topics;
- ike2 - added support for ECDSA certificate authentication (rfc4754);
- ike2 - added support for IKE SA rekeying for initiator;
- ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
- ike2 - improved certificate verification when multiple CA certificates received from responder;
- ike2 - improved child SA rekeying process;
- ike2 - improved XAuth identity conversion on upgrade;
- ike2 - prefer SAN instead of DN from certificate for ID payload;
- ippool - improved logging for IPv6 Pool when prefix is already in use;
- ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
- ipsec - added "ph2-total" counter to "active-peers" menu;
- ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
- ipsec - added traffic statistics to "active-peers" menu;
- ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
- ipsec - do not allow adding identity to a dynamic peer;
- ipsec - fixed policies becoming invalid after changing priority;
- ipsec - general improvements in policy handling;
- ipsec - properly drop already established tunnel when address change detected;
- ipsec - renamed "remote-peers" to "active-peers";
- ipsec - renamed "rsa-signature" authentication method to "digital-signature";
- ipsec - replaced policy SA address parameters with peer setting;
- ipsec - use tunnel name for dynamic IPsec peer name;
- ipv6 - improved system stability when receiving bogus packets;
- ltap - renamed SIM slots "up" and "down" to "2" and "3";
- lte - added initial support for Vodafone R216-Z;
- lte - added passthrough interface subnet selection;
- lte - added support for manual operator selection;
- lte - allow setting empty APN;
- lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
- lte - do not show error message for info commands that are not supported;
- lte - fixed session reactivation on R11e-LTE in UMTS mode;
- lte - improved firmware upgrade process;
- lte - improved "info" command query;
- lte - improved R11e-4G modem operation;
- lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
- lte - show alphanumeric value for operator info;
- lte - show correct firmware revision after firmware upgrade;
- lte - use default APN name "internet" when not provided;
- lte - use secondary DNS for DNS server configuration;
- m33g - added support for additional Serial Console port on GPIO headers;
- ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
- ospf - fixed opaque LSA type checking in OSPFv2;
- ospf - improved "unknown" LSA handling in OSPFv3;
- ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
- ppp - added initial support for Quectel BG96;
- proxy - increased minimal free RAM that can not be used for proxy services;
- rb3011 - improved system stability when receiving bogus packets;
- rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
- rb921 - improved system stability ("/system routerboard upgrade" required);
- routerboard - renamed 'sim' menu to 'modem';
- sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
- sms - added USSD message functionality under "/tool sms" (CLI only);
- sms - allow specifying multiple "allowed-number" values;
- sms - improved delivery report logging;
- snmp - added "dot1dStpPortTable" OID;
- snmp - added OID for neighbor "interface";
- snmp - added "write-access" column to community print;
- snmp - allow setting interface "adminStatus";
- snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
- snmp - fixed "send-trap" with multiple "trap-targets";
- snmp - improved reliability on SNMP service packet validation;
- snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
- ssh - accept remote forwarding requests with empty hostnames;
- ssh - added new "ssh-exec" command for non-interactive command execution;
- ssh - fixed non-interactive multiple command execution;
- ssh - improved remote forwarding handling (introduced in v6.44.3);
- ssh - improved session rekeying process on exchanged data size threshold;
- ssh - keep host keys when resetting configuration with "keep-users=yes";
- ssh - use correct user when "output-to-file" parameter is used;
- sstp - improved stability when received traffic hits tarpit firewall;
- supout - added IPv6 ND section to supout file;
- supout - added "kid-control devices" section to supout file;
- supout - added "pwr-line" section to supout file;
- supout - changed IPv6 pool section to output detailed print;
- switch - properly reapply settings after switch chip reset;
- tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
- tile - improved link fault detection on SFP+ ports;
- tr069-client - added LTE CQI and IMSI parameter support;
- tr069-client - fixed potential memory corruption;
- tr069-client - improved error reporting with incorrect firware upgrade XML file;
- traceroute - improved stability when sending large ping amounts;
- traffic-generator - improved stability when stopping traffic generator;
- tunnel - removed "local-address" requirement when "ipsec-secret" is used;
- userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
- w60g - do not show unused "dmg" parameter;
- w60g - prefer AP with strongest signal when multiple APs with same SSID present;
- w60g - show running frequency under "monitor" command;
- winbox - added "System/SwOS" menu for all dual-boot devices;
- winbox - do not allow setting "dns-lookup-interval" to "0";
- winbox - show "LCD" menu only on boards that have LCD screen;
- wireless - fixed frequency duplication in the frequency selection menu;
- wireless - fixed incorrect IP header for RADIUS accounting packet;
- wireless - improved 160MHz channel width stability on rb4011;
- wireless - improved DFS radar detection when using non-ETSI regulated country;
- wireless - improved installation mode selection for wireless outdoor equipment;
- wireless - set default SSID and supplicant-identity the same as router's identity;
- wireless - updated "china" regulatory domain information;
- wireless - updated "new zealand" regulatory domain information;
- www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Before you consider downloading this firmware, go to the system information page of the router and make sure that the currently installed version isn't either newer or matching this release.
Due to the large variety of router models and different methods for upgrading the device, it is highly recommended that you read and, above all, understand the installation steps before you apply the new firmware, even if you are a power user.
In theory, these steps shouldn't be much of a hassle for anyone, because manufacturers try to make them as easy as possible, even if they don't always succeed. Basically, you must upload the new firmware to the router through its administration page and allow it to upgrade.
If you install a new version, you can expect increased security levels, different vulnerability issues to be resolved, improved overall performance and transfer speeds, enhanced compatibility with other devices, added support for newly developed technologies, as well as several other changes.
If you're looking for certain safety measures, remember that it would be best if you perform the upload using an Ethernet cable rather than a wireless connection, which can be interrupted easily. Also, make sure you don't power off the router or use its buttons during the installation, if you wish avoid any malfunctions.
If this firmware meets your current needs, get the desired version and apply it to your router unit; if not, check with our website as often as possible so that you don't miss the update that will improve your device.
Top 4 Download periodically updates information of MikroTik RouterOS X86 Firmware 6.45.1 full driver from the manufacturer, but some information may be slightly out-of-date.
Using warez version of MikroTik RouterOS X86 Firmware 6.45.1 driver is hazardous. Our driver download links are directly from our mirrors or publisher's website, MikroTik RouterOS X86 Firmware 6.45.1 torrent files or shared files from free file sharing and free upload services, including Rapidshare, HellShare, HotFile, FileServe, MegaUpload, YouSendIt, MailBigFile, DropSend, MediaMax, zUpload, MyOtherDrive, SendSpace, DepositFiles, Letitbit, LeapFile, DivShare or MediaFire, are not allowed!
It is not recommended to download drivers from illegal sites which distribute a keygens, key generators, pirate keys, serial numbers, warez full versions or cracks for MikroTik RouterOS X86 Firmware 6.45.1. These drivers might corrupt your computer installation or breach your privacy. A driver might contain a trojan horse opening a backdoor on your computer. Hackers can use this backdoor to take control of your computer, copy data from your computer or to use your computer to distribute viruses and spam to other people.