v7.11.2 [stable] is released!

Guscht · August 15, 2023, 4:55pm

Just da smol home-network:

Found no issues.

pcunite · August 15, 2023, 5:15pm

Yes, please.

Institor · August 15, 2023, 5:36pm

“DoH server connection error: SSL: ssl: CRL not found (6)” error (same as in previous RC versions mentioned in http://forum.mikrotik.com/t/v7-11rc-is-released/168431/1)
I don’t understand this:

http://forum.mikrotik.com/t/v7-11rc-is-released/168431/1

If use-crl is set to yes, RouterOS will check CRL for each certificate in a certificate chain, therefore, an entire certificate chain should be installed into a device - starting from Root CA, intermediate CA (if there are such), and server certificate that is used for specific service.

Why should it require the entire chain, especially “server certificate that is used for specific service”? This cert can be changed on server side at any time.

Guscht · August 15, 2023, 6:06pm

+1 this would solve the whole brainfck with the recursive route lookup target-scope-with-undocumented-incremnt stuff

Paternot · August 15, 2023, 7:33pm

Just upgraded one hAP ac lite that was laying around here. It’s working as a 5GHz station, connected on another hAP ac lite.

What I did:

Created an wireguard tunnel, and
Created an EoIP tunnel, using wireguard.

Why? Just because. I wanted to see how well it would do. Bear in mind that both tunnels run on local network - so latency is negligible.

The test was CPU bound (100% usage with 0% packet loss) and the result is this (on a 800/800 link):

Larsa · August 15, 2023, 7:48pm

WG/ChaCha lack support för HW acceleration

Fmarte · August 15, 2023, 7:56pm

Hello,

ipsec - refresh peer’s DNS only when phase 1… is down.

Confirmed, this problem still persists in version 7.11 Stable.

Fmarte · August 15, 2023, 8:07pm

In 6.48 (I think) a feature was added for “ipsec - refresh peer’s DNS only when phase 1 is down”. This resolved an issue in older versions where VPN providers with DNS records with short TTLs would disconnect and reconnect after refreshing the DNS record and receiving a different IP, even theough the tunnel was still active and working.

Since version 7.8 the problem is back, so it seems that the function has been removed again.

I just updated to version 7.11 and the problem still persists.

Is anyone able to confirm this, and is it planned to be reimplemented? Failing that does anyone have a viable workaround other than static DNS records / connecting by IP?

Thanks.

Jotne · August 15, 2023, 8:31pm

So its ok for 7.7?
And you have made a support case for it?

Fmarte · August 15, 2023, 8:45pm

Yes, in version 7.7 this problem does not exist.

I have not contacted support, I thought it was something that was going to be solved but I see that from version 7.8 to 7.11 it is a lot.

I will be contacting support.

Thank you!

Paternot · August 15, 2023, 9:18pm

Yes, it does. But so does IPSec on this hardware. So…

jookraw · August 15, 2023, 10:36pm

After the upgrade to rOS 7.11, no device is able to connect to any SSID on the 2.4Ghz radio on my hAP ax2. SUP-125184

I only see the following log repeating:
xx:xx:xx:xx:xx:xx@SSID reauthenticating

Already tried:

Removed the full wifiwave2 config and reapplied it
downgrade to 7.10.2
upgraded back to 7.11 wihout any wifi config and applied the config again

oeyre · August 15, 2023, 11:14pm

Hi,

Can I please get some more detail about this? Link to RFC, forum topic, etc?

*) mpls - improved MPLS TCP performance;

mhenriques · August 15, 2023, 11:50pm

Keep us posted. I have 02 of those beasts on a customer network running V7.10.2. Will refrain from upgrading until hear more from Mikrotik.

Mauricio

mhenriques · August 15, 2023, 11:52pm

Keep us posted. Have a RB5009UG+S+ at home and will refrain from upgrading until hearing more from Mikrotik.

Mauricio

kreb · August 16, 2023, 1:38am

interestingly CCR2116 has better temps after 7.11 upgrade, with 20% min fan speed.

rolling · August 16, 2023, 6:20am

Hi,

RB5009UG, CRS328, CRS326, CRS317, hAP, hAP_AC3 upgraded without issues.

Site to site WG tunnels, static routes, wifiwave2…

Regads.

jookraw · August 16, 2023, 7:02am

Another one for my collection.
My RB4011 does not allow a device connected to bridge port on a specific vlan to reach to any other device on that vlan, unless I’m running “Torch” on the port.
SUP-125214
Downgrade to 7.10.2 fixes it.

I’m also suspecting issues on my RB5009, I’ll downgrade it to see if I’m right

eworm · August 16, 2023, 7:05am

Generating an export results in this before console crashes, just again:

#error exporting "/caps-man/channel" (timeout)
#error exporting "/caps-man/configuration" (timeout)
#error exporting "/caps-man/datapath" (timeout)
#error exporting "/caps-man/rates" (timeout)
#error exporting "/caps-man/security" (timeout)

Also I have seen this on CHR now, running CAPsMAN as well. I think the issue is hidden there, and not related to architecture.

Happily I could generate a support output file this time on CHR, so let’s hope for some results.

diamuxin · August 16, 2023, 7:46am

Hi,

Issues with CAPSMAN on a RB4011 router, error type “removing stale connection”. Back to version v7.10 and OK.

BR.