v6.47rc [testing] is released!

Version 6.47rc2 has been released.

Before an upgrade:

1. Remember to make backup/export files before an upgrade and save them on another storage device;
2. Make sure the device will not lose power during upgrade process;
3. Device has enough free storage space for all RouterOS packages to be downloaded.

What’s new in 6.47rc2 (2020-May-25 12:30):

**Important note!!!
\

• The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
• The Dude client must be manually upgraded after upgrading The Dude server.
• Make sure LTE APN Profile name does not match any of the DHCP server’s names if LTE passthrough is used.
• The Dude requires “winbox” policy instead of “dude” to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.**

**MAJOR CHANGES IN v6.47:

!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable “winbox” policy for groups with “dude” policy;
----------------------**

Changes since last beta release:

*) api - added ECDHE cipher support for “api-ssl” service;
*) bonding - fixed ALB and TLB bonding modes after interface disable/enable (introduced in v6.47beta19);
*) bonding - fixed packet receiving on bonding slave ports (introduced in v6.47beta19);
*) bridge - added warning message when a bridge port gets dynamically added to VLAN range;
*) chr - added support for hardware watchdog on ESXI;
*) crs3xx - fixed tagged VLAN packet receiving on Ethernet interfaces for CRS354 devices (introduced in v6.47beta49);
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-server - do not require “server” parameter for bindings;
*) dns - added support for multiple type static entries;
*) dot1x - added “radius-mac-format” parameter;
*) dot1x - improved Dot1X service stability when receiving bogus packets;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple “to” recipients;
*) ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
*) ike2 - added support for RFC8598;
*) ike2 - allow initiator address change before authentication;
*) ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
*) interface - improved system stability when receiving bogus packets;
*) ipsec - added “split-dns” parameter support for mode configuration;
*) ipsec - added “use-responder-dns” parameter support;
*) ipsec - allow specifying two peers for a single policy for failover;
*) ipsec - place dynamically created IPsec policies at the begining of the table;
*) l2tp - added “src-address” parameter for L2TP client;
*) l2tp - added “use-peer-dns” parameter for L2TP client;
*) l2tp - improved dynamically created IPsec configuration updating;
*) l2tp - use L2TP interface when adding dynamic IPsec peer;
*) lcd - improved general system stability when LCD is not present;
*) log - added logging entry when changing user’s password;
*) log - added tunnel endpoint address to establishment and disconnect logging entries;
*) log - fixed logging topic for MAC address learning on a different bridge port events;
*) log - made startup script failures log as critical errors;
*) lte - fixed “band” parameter persistence after disable/enable;
*) lte - fixed “ecno” and “rscp” value reporting on R11e-LTE6;
*) lte - fixed VLAN interface passthrough support;
*) lte - improved stability during firmware upgrade;
*) netwatch - improved Netwatch service stability when invalid configuration values are passed;
*) ovpn - added “use-peer-dns” parameter for OVPN client;
*) poe - fixed missing PoE out settings on CRS354-48P-4S+2Q (introduced in v6.47beta49);
*) port - removed serial console port on hEX S;
*) ppp - removed “comment”, “set” and “edit” commands from “PPP->Active” menu;
*) pptp - added “use-peer-dns” parameter for PPTP client;
*) profile - added support for CCR2004-1G-12S+2XS;
*) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) routerboard - added “hold-time” parameter to mode-button menu;
*) routerboard - added “reset-button” menu - custom command execution with reset button;
*) routing - improved routing service stability when receiving bogus packets;
*) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
*) sfp28 - fixed interface linking after power cycle on CCR2004-1G-12S+2XS (introduced in v6.47beta49);
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) tr069-client - added LTE firmware update functionality support;
*) tr069-client - added additional LTE information parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added interface type parameter support;
*) tr069-client - added multiple simultaneous session support for diagnostics test;
*) tr069-client - added total connection tracking entries parameter;
*) ups - added battery info for APC SmartUPS 2200;
*) webfig - fixed 5GHz wireless interface “frequency” parameter value list on Audience;
*) winbox - added “auth-info” parameter under “Dot1X->Active” menu;
*) winbox - added “auth-types”, “comment”, “mac-auth-mode” and “reject-vlan-id” parameters for Dot1X server;
*) winbox - added “bus” parameter for “USB Power Reset” command on NetMetal ac^2;
*) winbox - added “comment” parameter and “dynamic” flag support under “Switch->Rule” table;
*) winbox - added “comment” parameter for Dot1X client;
*) winbox - added “region” parameter for W60G interfaces;
*) winbox - added “skip-dfs-channels” parameter to wireless interface menu;
*) winbox - added enable and disable buttons for “MPLS->MPLS Interface” table;
*) winbox - do not allow to enter empty strings in “caps-man-names” and “common-name” parameters;
*) winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
*) winbox - fixed wireless sniffer parameter setting;
*) wireless - fixed Nstreme wireless protocol performance decrease;
*) wireless - updated “egypt” regulatory domain information;

Full changelog is available here: https://mikrotik.com/download/changelogs/testing-release-tree

Prev: v6.47beta [testing] is released!

Which previous versions are/were affected by this issue?

*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);

finally, thanks

Can you give more information about this?

I can now connect over SFP and get a link up of 1Gbit/s. However like with 6.46.x the PPPoE connection drops back to a MTU of 1480 instead of the usual MTU of 1500 after short time.

Back to using the media converter connected to a ether-port.

Hoping this can be solve this before release of 6.47

Addition: When I set not MTU then it becomes 1488 and that is 1500 minus 12 used for PPPoE and VLAN.

Update: writing the addition I thought let’s try it again. I set the MTU of the SFP MTU to 1512 and also 1512 to to the vlan and with without any MTU manual setting on the PPPoE I got at MTU of 1492 on the PPPoE and so the VLAN was already above 1500. Then I set also the MTU of 1500 to the PPPoE and did not got an connection. hmmmmm
While having the PPPoE trying to connect I disabled the SFP and enabled it again, and BOOM I have also a MTU of 1500 on the PPPoE.

I also lowered the L2MTU of the SFP from 1600 to 1592 to be the same as the that of the ether ports.

Not going to touch it again now it is running. Bit more stable would be nice in case of a reboot of the 4011 router.

This has…

*) dns - added support for multiple type static entries;

… but is missing from 6.47beta60…

*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only);

This can still be configured, but still does not work when DNS over HTTPS is enabled.

I would like to have DNS over HTTPS and conditional forwarding of DNS queries, at the same time.

whatever All versions.The fix is quite trivial and improves how files are handled on NAND type memory.
eworm Currently DoH will be prioritized over all other DNS configuration. Not sure if this will change any time soon.

On boot system logs:

system;error;critical error while running customized default configuration script: no such item

Is this expected? (If it is I would like to see the severity reduced. “error” and “critical” raise alerts here.)

In general this makes sense. But I vote for an excepting with conditional forwarding of DNS queries.

*) wireless - fixed Nstreme wireless protocol performance decrease;

there was problem with Nstreme wireless protocol?
since when?

Frankly since 802.11n, but I am curious what exactly they fixed.

Sad but true

Did someone check if the breakage of IPsec in beta60 has been completely fixed?
(it is not mentioned in the release notes)

Is ROS 7 still being developed?, I wonder since there haven’t been new betas since February.

I’m a little cautious, but…yes So far so good..at least to the parts of IPSec that I am using.
Still going to leave many on 6.45.9 for a while yet..
Definitely only using dual partition capable to be able to switch back if necessary.
I wish Tiki’s would put enough ram in all models to be able to do this.

-tp

agree with you.
dns forwarding via DOH is a very useful feature.

+1. I’d like to forward internal zones via VPN to an organization DNS and all the rest - to 1.1.1.1 via DoH

Exactly my use case.
Two great now features - would be frustrating to have to choose between them.

Ok thanks! I updated one router that is not so critical and it appears to work with L2TP/IPsec (which completely failed in beta60).