v7.4beta [testing] is released!

RouterOS version 7.4beta2 has been released the “v7 testing” channel!

Before an upgrade:

1. Remember to make backup/export files before an upgrade and save them on another storage device;
2. Make sure the device will not lose power during the upgrade process;
3. Device has enough free storage space for all RouterOS packages to be downloaded.

What’s new in 7.4beta2 (2022-Jun-07 12:08)

*) api - fixed comma encoding within URL when using the “.proplist” argument;
*) bridge - properly process IPsec decapsulated packets through the firewall when the “use-ip-firewall” option is enabled;
*) capsman - require a unique name for configuration and configuration pre-sets;
*) cloud - print critical log message when system clock gets synchronised;
*) console - added “:retry” command;
*) console - fixed situation when print output was not consistent;
*) dns - convert the domain name to lowercase before matching regex;
*) e-mail - added VRF support (CLI only);
*) filesystem - fixed repartition on RB5009 series devices;
*) firewall - added “srcnat” and “dstnat” flags to IPv6/Firewall/Connection table;
*) firewall - added support for IPv6/Firewall/NAT action=src-nat rules (CLI only);
*) firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
*) firewall - fixed IPv6/Firewall/RAW functionality;
*) firewall - include “connection-mark”, “connection-state”, and “packet-mark” when packet logging is enabled;
*) firewall - properly handle interface matcher when VRF interface is specified;
*) hotspot - fixed ARP resolution for clients when address pool is specified on the server;
*) hotspot - fixed Walled Garden entries with action=deny;
*) ipv6 - fixed system stability when adding/removing IPv6 address;
*) ldp - correctly handle AFI selection for usage on dual-stack peers;
*) lte - request connect with the same IP type as in LTE attach status for MBIM;
*) lte - fixed Telit AT interface numbering;
*) lte - improved LTE interface detection for LtAP-2HnD devices;
*) lte - keep MBIM working even if AT channel fails to respond in the initialisation stage;
*) mmips - improved USB device detection after system bootup;
*) mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
*) ovpn - use selected cipher by default when the server does not provide “cipher” option;
*) pimsm - improved system stability when changing configuration;
*) ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
*) quickset - specify the “in-interface-list=WAN” attribute on firewall rules created through “Port Mapping”;
*) route - added option to join static IGMP and MLD groups (available in “/routing/gmp” menu, CLI only)
*) route - fixed false route type detection as blackhole;
*) route - provide more detailed information about prefixes when using “discourse” tool;
*) routing - moved “/interface bgp vpls” to “/routing bgp vpls” menu;
*) routing-filter - fixed regexp community matcher;
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
*) ssh - implemented “server-sig-algs” extension in order to improve rsa-sha2-sha256 support;
*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
*) vxlan - allow to specify MAC address manually;
*) webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
*) webfig - updated link to the WinBox executable;
*) webfig - updated link to the documentation;
*) wifiwave2 - fixed “frequency-scan” functionality (introduced in v7.3);
*) winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
*) winbox - fixed IP/Route and IPv6/Route OSPF type value;
*) winbox - removed unused “Apply Changes” button from BGP sessions menu;
*) wireguard - fixed system stability when adding/removing WireGuard interface;
*) wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
*) x86 - fixed keep old configuration functionality during x86 setup installation;
*) x86 - improved log warning message on failed downgrade attempt;
*) x86 - removed “hdd-model” information from installation screen;

To upgrade, click “Check for updates” at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while the router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.

hAP Lite took 4 minutes to update from 7.3

Interesting that the fix for 328-24P SFP port flopping is to disable a CPU core.

" *) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;"

This one may finally resolve my issues with the CRS328 - but I have a question - is this expected to cause any issues re: performance? Was the second core not operational in v6? The stability issues came about with the upgrade from v6 to v7, so curious if the second core was enabled as part of this.

I remember quite clearly that the 2nd CPU core was enabled with an upgrade from v6 to v7. I’m not sure on how much of a performance difference the 2nd CPU core brings, unless you’re doing a load of things that switches don’t usually do I think it’s fairly minimal.

Sounds like it might be a nice fix then; perhaps a hardware issue that can’t be resolved hence just disabling the core. I was able to trigger the flaps with NAND activity, so this may be for the best.

Hey..It looks like PIMSM is working.. Hoo-Hoo. Kudos Tik !!

Mkay guess i’m skipping stable again. YOLO
Ok, so quick question regarding:

Is it normal to see this after upgrade/reboot without touching anything else? ..

/partitions/print 
Flags: A - ACTIVE; R - RUNNING
Columns: NAME, FALLBACK-TO, VERSION, SIZE
#    NAME   FALLBACK-TO  VERSION                                  SIZE  
0 AR part0  next         RouterOS v7.4beta2 Jun/07/2022 09:08:00  512MiB
1    part1  next         EMPTY                                    512MiB

What if I had more than 512MB on it? 0o

Regarding the IPv6 NAT fixes, you missed one:

/ipv6/firewall/nat/add chain=srcnat src-address=fd01::/64 action=netmap to-address=2001:db8::/64
failure: dstnat/redirect/netmap action must be in dstnat/output chains

For IPv4 there can be netmap action in both srcnat and dstnat chains, and ip6tables in Linux also accept NETMAP in both POSTROUTING and PREROUTING.

Now with the new beta, please use some time to get the logging more uniform.

Prefix mess: http://forum.mikrotik.com/t/logging-prefix-is-a-mess-sup-105353-sup-144261-waiting-for-mt-to-support-rfc-5424/111067/1
Timestamp should be in ISO 8601 format, not jun/02/2022
Events that may log more than one line should have the same ID. Example IPSec login. If many users logs inn more or less at same time, it not possible to see what logline belongs to what user.

Hi,
this is what mine looks like, so it seems to me normal, except you had a second part configured before update:

[admin@badfast] > /partitions/print 
Flags: A - ACTIVE; R - RUNNING
Columns: NAME, FALLBACK-TO, VERSION, SIZE
#    NAME   FALLBACK-TO  VERSION                                  SIZE   
0 AR part0  next         RouterOS v7.4beta2 Jun/07/2022 09:08:00  1024MiB
[admin@badfast] /system/routerboard> print
       routerboard: yes
             model: RB5009UG+S+
     serial-number: ECxxxxxxxxxx
     firmware-type: 70x0
  factory-firmware: 7.0.5
  current-firmware: 7.4beta2
  upgrade-firmware: 7.4beta2

@Jotne: open a ticket as it’s not a version-specific issue.
@woland: tried to partition before, sure, but nothing happened back then, and all the space was still there until now. Someone could’ve used it ..
I don’t know how the partitioning script deals with it
Oh well, if nobody gets hurt, all is fine

@Znevna: I think it was the partitioning bug, which was corrected. The amount of space shown was probably wrong.

I was able to successfully repartition now.

The RB5009 upgrade from 7.2rcX went smoothly. I don´t see anything obviously wrong here. (Lab deployment only, no 2.5G connections…)

W
Ps. missing the container…

“RouterOS WinBox Error — Couldn’t make backup - action failed (6)” when doing backup. 7.4beta2 on RBD53G-5HacD2HnD (Chateau).

Great, partitioning on RB5009 works finally!
Thanks

Have already done some years ago, and was told that they will look at it on a later release.
Posted a new support request. #[SUP-84077]

Chateau updated without issue.
Is DNS over TLS supported yet?

Thanks @Jotne, it’s a good merit to be stubborn and never give in!

Can someone check if this change.
*) wireguard - fixed system stability when adding/removing WireGuard interface;

Means they have addressed the outstanding of issue of having to reboot the client setting or even client device, if the connection to the server gets broken, (either a new IP at the server or the server reboots etc,) and the server endpoint is done via mynetname ddns etc…

If not, hint, Strods put it on the next beta please!

When BGP vrf PE-CE issue will be fix?

This is BGP configuration in v6 and v7

v6.49.6 (works)
2 name=“peer-trial-bgp-ce” instance=bgp1 remote-address=172.19.2.2 remote-as=65500 tcp-md5-key=“” nexthop-choice=default multihop=no route-reflect=no hold-time=3m
ttl=default in-filter=“” out-filter=“” address-families=ip default-originate=always remove-private-as=no as-override=no passive=no use-bfd=no

v7.3 (did not works, BGP session not established)
2 name=“peer-trial-bgp-ce”
remote.address=172.19.2.2/32 .port=179 .as=65500
local.address=172.19.2.1 .role=ebgp
connect=yes listen=yes routing-table=vrf-trial-xxx vrf=vrf-trial-xxx
router-id=172.19.2.1 templates=bgp1 as=65505 address-families=ip
output.network=ebgp-vpnv4-networks .default-originate=always
.no-client-to-client-reflection=no

actually the BGP session di v7 did something in route (see attachment) , it just like leak on memory and BGP status not established.






thx