v7.2rc4 is released!

emils · February 23, 2022, 11:02am

RouterOS version 7.2rc4 has been released “v7 testing” channel!

Before an upgrade:

Remember to make backup/export files before an upgrade and save them on another storage device;
Make sure the device will not lose power during upgrade process;
Device has enough free storage space for all RouterOS packages to be downloaded.

What’s new in 7.2rc4 (2022-Feb-22 13:37):

*) bgp - fixed VPNv4 route sending to remote peer;
*) bridge - fixed FastPath when using “frame-types=admit-only-untagged-and-priority-tagged” setting;
*) bridge - fixed IP address on untagged bridge interface when vlan-filtering is enabled (introduced in v7.2rc2);
*) bridge - fixed PPPoE packet forwarding when using “use-ip-firewall-for-pppoe” setting;
*) bridge - fixed destination NAT when using “use-ip-firewall” setting;
*) bridge - fixed filter and NAT “set-priority” on ARM64 devices;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed priority tagged frame forwarding when using “frame-types=admit-only-untagged-and-priority-tagged” setting;
*) console - fixed terminal repainting on F5 and CTRL+L key press (introduced in v7.2rc2);
*) crs3xx - fixed watchdog timer functionality;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) l2tp - improved system stability when processing L2TP control messages;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - made “no” the default value for “use-network-apn” parameter;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ospf - fixed default route origination when “default-originate=if-installed” “redistribute” is enabled;
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ppp - added “comment” option for PPPoE servers;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) queue - improved system stability when using more than 255 unique packet marks;
*) route - fixed ECMP load balancing in FastPath;
) route - fixed route addition to VRF from BGP;
) route-filters - renamed "-set" to "-list";
*) sms - increased “at-chat” timeout when sending SMS;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) ups - fixed UPS support;
*) vxlan - fixed “group” and “interface” setting reset after upgrade (introduced in v7.2rc2);
*) vxlan - fixed running state after reboot when using “interface” and “group” settings;
*) wifiwave2 - added “client-isolation” feature;
*) winbox - added “host-uniq” parameter to PPPoE client interface;
*) winbox - do not show “Antenna Scan” button on devices that do not support it;
*) wireguard - allow same peer’s public key for different interfaces;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireless - added “3gpp-info” parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking’s realm configuration;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - improved nv2 link stability;

To upgrade, click “Check for updates” at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.

rtlx · February 23, 2022, 11:05am

How many RC versions are planned before stable release?

msatter · February 23, 2022, 11:08am

Do I take the JUMP???

…wireguard - allow same peer’s public key for different interfaces;

Thank you!!!

obscurus · February 23, 2022, 11:21am

No release info on update

mozerd · February 23, 2022, 11:25am

On my CCR1009 the wrong version description is displayed in the window:
7.2rc4.GIF

pe1chl · February 23, 2022, 11:31am

*) bgp - fixed VPNv4 route sending to remote peer;

Only ONE item for BGP fixes? At this rate we need to go to 7.2rc19 before it is ready…

obscurus · February 23, 2022, 11:32am

BGP prefix count still 0.
RB5009,750Gr3 and x86 update is ok

404Network · February 23, 2022, 11:43am

Why, according to Mozerds links, its important to have different peer cryptography or did I read that wrong.

I would have preferred the ability to use Firewall Address Lists in routing rules myself!!

Ullinator · February 23, 2022, 11:45am

Is the wrong queue handling for IPv6 already fixed? (IPv6 FW is not working with this…) This bug prevents for me the update on my RB5009…still on 7.0.5 (factory ROS)
I didn´t see anything for this bug in the release notes for any RC versions…

eworm · February 23, 2022, 11:52am

IPv6 with queues is a blocker for me as well… It is not fixed with 7.1.3 - as there’s no log entry I guess the same applies for 7.2rc4.

pe1chl · February 23, 2022, 11:56am

Updated my hAP ac2. It has a small BGP test setup. There was a separate routing table:

/routing table
add disabled=no fib name=ampr

and a BGP template using it:

/routing bgp template
add as=4220406101 disabled=no hold-time=15s name=ampr nexthop-choice=\
    force-self router-id=44.137.41.109 routing-table=ampr

After the update, the routing table was gone, and the template listed “16384” in the routing table field.
The routing table itself had routes with table “unknown”.
I had to add the routing table again, set it in the template, disable/enable the connection to get it OK again.
Yet another case of “some configuration section lost on reboot/upgrade??” or is it something else?
After another reboot, the newly applied config still remained.

mozerd · February 23, 2022, 12:01pm

@404
BEST PRACTICES

The best practices for WireGuard keys are similar to those for SSH keys or client certificates (or any other host-based credentials) — no two hosts should share the same key (even for hosts that are considered simple “clients”). While this takes a little more work to set up, it’s much more maintainable in the long run.

KEY POINT: > Additionally, if you operate more than one WireGuard interface on an individual host, > it’s an okay practice to use the same key for all the interfaces > on the host (it won’t result in a bad user experience) — but the best practice is to use a different key for each individual interface. The same security-practice issues described above also apply when sharing keys among interfaces on the same host (albeit to a lesser degree) — so not sharing keys makes for better/easier auditability, access control, and key rotation.

CTassisF · February 23, 2022, 12:29pm

pppoe-client is not being detected as WAN or INTERNET after upgrading to rc4.

[cesar@MikroTik] > /interface/pppoe-client/print detail 
Flags: X - disabled, I - invalid; R - running 
 0  R name="pppoe-client" max-mtu=1492 max-mru=1492 mrru=disabled interface=ether3 user="xxx@xxx" password="xxx" profile=pppoe-client keepalive-timeout=60 service-name="" ac-name="" add-default-route=yes 
      default-route-distance=1 dial-on-demand=no use-peer-dns=no allow=pap,chap 

[cesar@MikroTik] > /interface/list/member/print detail where interface=pppoe-client 
Flags: X - disabled, D - dynamic 
 5   list=WAN interface=pppoe-client dynamic=no 

[cesar@MikroTik] > /interface/detect-internet/state/print detail where name=pppoe-client 

[cesar@MikroTik] >

pe1chl · February 23, 2022, 12:35pm

I hope you are not really using that feature… just set all “detect internet” interface lists to “none” and add the pppoe-client to list WAN manually.
The way the default firewall is set up, it does not really matter if the WAN list is correct as the rules use !LAN (not LAN) instead of WAN.

DanMos79 · February 23, 2022, 1:22pm

I use different chains to mark the connection and the packets for my queue trees.
Maybe this is a workaround for someone else too.

/ipv6 firewall mangle
add action=mark-connection chain=forward connection-mark=no-mark connection-state=new dst-port=80,443 in-interface=LAN new-connection-mark=http-con out-interface=WAN passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=http-con in-interface=LAN new-packet-mark=http-ul-pkt passthrough=no
add action=mark-packet chain=postrouting connection-mark=http-con new-packet-mark=http-dl-pkt out-interface=LAN passthrough=no

MikroTikTack · February 23, 2022, 1:29pm

Such a trifle … That was in previous versions as well.

wojo · February 23, 2022, 1:31pm

For those with issues on the RB5009 with different link speeds (2.5G, 10G, see http://forum.mikrotik.com/t/rb5009-slow-speed-2-5g-bug-report-as-requested/155362/1) it seems they may have reproduced the issue locally and a fix is pending:

We reproduced a similar behavior locally. We are looking forward to improving such behavior with different link speeds in further RouterOS releases.

hecatae · February 23, 2022, 2:01pm

Has not worked since 6.43, what did you upgrade from?

mikegleasonjr · February 23, 2022, 4:27pm

Cake has improved a lot, I can get more bandwidth all the while having the same bufferbloat timings.

Still waiting on being able to specify the direction of the flow

But a welcome surprise today…

pe1chl · February 23, 2022, 6:00pm

Winbox 3.32 cannot connect to 7.2rc4 !
The log shows logged in/logged out in the same second.
But winbox 3.35 is buggy…
Please do not make such version dependencies!