v7.18beta [testing] is released!

RouterOS version 7.18beta has been released on the “v7 testing” channel!
Before an upgrade:

  1. Remember to make backup/export files before an upgrade and save them on another storage device;
  2. Make sure the device will not lose power during upgrade process;
  3. Device has enough free storage space for all RouterOS packages to be downloaded.

What’s new in 7.18beta6 (2025-Feb-12 11:20):
*) bridge - improved stability when using MLAG with MSTP (introduced in v7.17);
*) cloud - added file-share feature (additional fixes);
*) file - improved handling of filesystems with many files (additional fixes);
*) ipsec - added hardware acceleration support for hEX refresh (additional fixes);
*) l3hw - added initial HW offloading for VXLAN on compatible switches (additional fixes);
*) lte - added at-chat support for EC21EU;
*) lte - added confirmation-code parameter for eSIM provisioning;
*) lte - added initial eSIM management support (additional fixes);
*) lte - fixed R11eL-EC200A-EU modem RAT mode selection (introduced in v7.18beta2);
*) ovpn - disable hardware accelerator for GCM on Alpine CPUs (introduced in v7.17);
*) routerboot - disable packet switching during etherboot for hEX refresh (“/system routerboard upgrade” required);
*) winbox - fixed usb power-reset bus selection for RB924iR-2nD-BT5&BG77 (introduced in v7.18beta2);
*) winbox - show LTE “CA Band” field only when CA info is available;

What’s new in 7.18beta5 (2025-Feb-07 12:25):
*) device-mode - do not allow changing CPU frequency if “routerboard” is not allowed by device mode (introduced in v7.17);
*) device-mode - fixed feature and mode update via power-reset on PPC devices;
*) dhcpv4-client - allow selecting to which routing tables add default route (additional fixes);
*) disk - allow to add swap space without container package;
*) disk - fixed showing free space on tmpfs (introduced in v7.17);
*) disk - improved system stability when SMB interface list is used (introduced in v7.17);
*) dns - do not show warning messages for DNS static entries when they are not needed;
*) file - fixed missing meta information from special files such as packages (introduced in v7.18beta2);
*) file - hide store directories, such as container (introduced in v7.18beta2);
*) sfp - improved system stability with some GPON modules for CCR2004 and CCR2116 devices (additional fixes);
*) snmp - added “mtxrAlarmSocketStatus” OID to MIKROTIK-MIB;
*) switch - allow entering IPv6 netmask for switch rules (CLI only);
*) switch - fixed dynamic switch rules created by dot1x server (introduced in v7.17);
*) switch - fixed issues with inactive hardware-offloaded bond ports;
*) switch - improved egress-rate on QSFP28 ports;
*) system - fixed a potential memory leak that occurred when resetting states after an error;

What’s new in 7.18beta4 (2025-Jan-31 15:46):
*) bridge - fixed endless MAC update loop (introduced in v7.17);
*) chr/x86 - fixed error message on bootup;
*) cloud - added file-share feature (additional fixes);
*) console - added dsv.remap to :serialize command to unpack array of maps from print as-value (additional fixes);
*) defconf - added IPv6 FastTrack configuration;
*) dhcpv4-server - fixed framed-route removal;
*) dhcpv4-server - fixed lease assigning when server address is not bind to server interface (introduced in v7.17);
*) fetch - fixed IPv6 handling in URL (introduced in v7.18beta2);
*) file - improved handling of filesystems with many files (additional fixes);
*) hotspot - fixed an issue where extra “flash/” is added to html-directory for devices with flash folders (introduced in v7.17);
*) igmp-proxy - fixed multicast routing after upstream interface flaps (introduced in v7.17);
*) ipsec - fixed chacha20 poly1305 proposal;
*) ipv6 - added routing FastPath support (enabled by default) (additional fixes);
*) ipv6 - fixed configuration loss due to conflicting settings after upgrade (introduced in v7.17);
*) l3hw - added initial HW offloading for VXLAN on compatible switches (additional fixes);
*) log - added CEF format support for remote logging (additional fixes);
*) lte - added basic support for Quectel RG255C-GL modem in “at+qcfg=“usbnet”,0” USB composition;
*) lte - added initial eSIM management support (CLI only) (additional fixes);
*) lte - reduced SIM slot switchover time for modems with AT control channel;
*) net - added initial support for automatic multicast tunneling (AMT) interface (additional fixes);
*) ovpn - added requirement for server name when exporting configuration;
*) poe-out - fixed invalid poe-in status detection for RB5009 (introduced in v7.18beta2);
*) port - improved handling of USB device plug/unplug events;
*) ppc - fixed HW encryption (introduced in v7.17);
*) queue - improved system stability when many simple queues are added (introduced in v7.17);
*) resolver - fixed static FQDN resolving (introduced in v7.17);
*) routerboot - improved stability for IPQ8072 (“/system routerboard upgrade” required);
*) smb - fixed connection issues with clients using older SMB versions (introduced in v7.17);
*) supout - added IPv6 settings section;
*) switch - improvements to certain switch operations (port disable, shaper and switch initialization) (additional fixes);
*) vxlan - added IPv6 FastPath support;
*) vxlan - fixed unset for “group” and “interface” properties;
*) vxlan - replaced the “inherit” with “auto” option for dont-fragment property (new default);
*) wifi-qcom - fixed potentially lowered throughput for station interfaces if channel.width property is set (introduced in v7.18beta2);
*) winbox - fixed locked input fields when creating new certificate template;
*) winbox - show warning messages for static DNS entries;
*) x86 - fixed “unsupported speed” warning (additional fixes);

What’s new in 7.18beta2 (2025-Jan-21 11:27):
*) 60ghz - improved system stability;
*) bgp - fixed certain affinity options not working properly;
*) bgp - improved system stability when printing BGP advertisements;
*) bgp - make NO_ADVERTISE, NO_EXPORT, NO_PEER communities work;
*) bond - added transmit hash policies for encapsulated traffic;
*) bridge - added MLAG heartbeat property;
*) bridge - avoid duplicate VLAN entries with dynamic wifi VLANs;
*) bridge - do not reset MLAG peer port on heartbeat timeout (log warning instead);
*) bridge - fixed missing S flag on interface configuration changes;
*) bridge - improvements to MLAG host table updates;
*) bridge - process more DHCP message types (decline, NAK, inform);
*) bridge - removed controller-bridge (CB) and port-extender (PE) support;
*) bridge - show VXLAN remote-ip in host table;
*) btest - allow limiting access to server by IP address;
*) certificate - fixed localized text conversion to UTF-8 on certificate creation;
*) chr - fixed limited upgrades for expired instances;
*) chr/x86 - added network driver for Huawei SP570/580 NIC;
*) chr/x86 - fixed GRE issues with ice network driver;
*) chr/x86 - Realtek r8169 updated driver;
*) cloud - added file-share feature;
*) cloud,bth - use in-interface matcher for masquerade rule;
*) console - added dsv.remap to :serialize command to unpack array of maps from print as-value;
*) console - added file-name parameter to :serialize;
*) console - allow ISO timezone format in :totime command;
*) console - allow tab as dsv delimiter;
*) console - allow to toggle script error logging with “/console settings log-script-errors”;
*) console - do not autocomplete arguments when match is both exact and ambiguous;
*) console - do not show numbering in print follow;
*) console - fixed “get” and “proplist” for certain settings;
*) console - fixed issue where ping command displays two lines at the same time;
*) console - fixed issue with disappearing global variable;
*) console - implement scriptable safe-mode commands and safe-mode handler;
*) console - improved hints;
*) console - log errors within scripts to the system log;
*) console - make non-pseudo terminals work with imports;
*) console - put !empty sentence when API query returns nothing;
*) container - add default registry-url=https: //lscr.io;
*) container - allow HTTP redirects when accessing container registry;
*) container - allow specifying registry using remote-image property;
*) container - improved image arch choice;
*) container - use parent directory of container root-dir for unpack by default, so that container layer files are downloaded directly on target disk;
*) dhcpv4-client - allow selecting to which routing tables add default route;
*) dhcpv4-client - fixed default option export output;
*) dhcpv4-server - fixed “active-mac-address” update when client has changed MAC address;
*) dhcpv6-client - added “validate-server-duid” option;
*) dhcpv6-client - allow specifying custom DUID;
*) dhcpv6-client - do not run script on prefix renewal;
*) dhcpv6-relay - add routes for bindings passing through relay;
*) dhcpv6-server - respond to client in case of RADIUS reject;
*) discovery - advertise IPv6 capabilities based on “Disable IPv6” global setting;
*) discovery - improved stability during configuration changes;
*) discovery - report actual PSE power-pair with LLDP;
*) discovery - use power-via-mdi-short LLDP TLV only on pse-type1 802.3af;
*) disk - add disk trim command (/disk format-drive diskx file-system=trim);
*) disk - fix detecting disks on virtual machines;
*) ethernet - fixed issue with default-names for RB4011 and RB1100Dx4 devices;
*) ethernet - improved link speed reporting on 2.5G-baseT and 10Gbase-T ports;
*) fetch - added “http-max-redirect-count” parameter, allows to follow redirects;
*) fetch - do not require “content-length” or “transfer-encoding” for HTTP;
*) file - added “recursive” and “relative” parameters to “/file/print” for use in conjunction with “path” parameter;
*) file - allow printing specific directories via path parameter;
*) file - improved handling of filesystems with many files;
*) firewall - allow in-interface/in-bridge-port/in-bridge matching in postrouting chains;
*) firewall - fixed incorrectly inverted hotspot value configuration;
*) firewall - increased maximum connection tracking entry count based on device total RAM size;
*) iot - added new “iot-bt-extra” package for ARM, ARM64 which enables use of USB Bluetooth adapters (LE 4.0+);
*) iot - improvements to LoRa logging and stability;
*) iot - limited MQTT payload size to 32 KB;
*) ip - added support for /31 address;
*) ippool - added pool usage statistics;
*) ipsec - added hardware acceleration support for EN7562CT (hEX refresh);
*) ipsec - fixed installed SAs update process when SAs are removed;
*) ipv6 - added ability to disable dynamic IPv6 LL address generation on non-VPN interfaces;
*) ipv6 - added FastTrack support;
*) ipv6 - added routing FastPath support;
*) ipv6 - added support for neighbor removal and static entries;
*) l2tp - added IPv6 FastPath support;
*) l3hw - added initial HW offloading for VXLAN on compatible switches;
*) l3hw - added neigh-dump-retries property;
*) l3hw - fixed /32 (IPv6 /128) route offloading when using interface as gateway;
*) l3hw - fixed partial route offloading for 98DX224S, 98DX226S, 98DX3236 switches;
*) l3hw - respect interface specifier (%) when matching a gateway;
*) log - added CEF format support for remote logging:
*) log - added option to select TCP or UDP for remote logging;
*) lte - added initial eSIM management support (CLI only);
*) lte - fixed Huawei ME909s-120 support;
*) lte - fixed missing 5G info for “/interface lte print” command;
*) lte - fixed missing IPv6 prefix advertisement on renamed LTE interfaces;
*) lte - fixed prolonged reboots on Chateau 5G ax;
*) lte - fixed SIM slot initialization with multi-APN setups;
*) lte - lte monitor, show CQI when modem reports it as 0 - undetectable, no RX/down-link resource block assigned to modem by provider;
*) lte - R11eL-EC200A-EU fixed online firmware upgrade and added support for firmware update from local file;
*) lte - R11eL-EC200A-EU improved failed connection handling and recovery;
*) lte - removed nonexistent CQI reading for EC200A-EU modem;
*) net - added initial support for automatic multicast tunneling (AMT) interface;
*) netinstall - try to re-create socket if link status changes;
*) netinstall-cli - fixed DHCP magic cookie;
*) ospf - fixed DN bit not being set;
*) ospfv3 - fixed ignored metric for intra-area routes;
*) ovpn-client - added 1000 character limit for password;
*) pimsm - fixed incorrect neighbor entry when using lo interface;
*) poe-out - added “power-pair” info to poe-out monitor (CLI only);
*) poe-out - added console hints;
*) poe-out - added new modes “forced-on-a” and “forced-on-bt”, where old “forced-on” mean “forced-on-bt” (CLI only);
*) poe-out - upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
*) ppp - add support for configuration of upload/download queue types in profile;
*) ppp - added support for random UDP source ports;
*) ppp - fixed setting loss when adding new ppp-client interface for BG77 modem from CLI;
*) ppp - properly cleanup failed inactive sessions on pppoe-server;
*) ptp - do not send packets on STP blocked ports;
*) qos-hw - fixed global buffer limits for 98CX8410 switch;
*) queue - improved system stability;
*) queue - prevent CAKE bandwidth config from potentially causing lost connectivity to a device;
*) rip - fixed visibility of added key-chains in interface-template;
*) rose-storage - add btrfs filesystem add-device/remove-device/replace-device/replace-cancel commands to add/remove/replace disks to/from a live filesystem;
*) rose-storage - add btrfs filesystem balance-start/cancel commands;
*) rose-storage - add btrfs filesystem scrub-start, scrub-cancel commands (CLI only);
*) rose-storage - add btrfs transfers, supports send/receive into/from file for transferring subvolumes across btrfs filesystems;
*) rose-storage - add support to add/remove btrfs subvolumes/snapshots;
*) rose-storage - added support for advanced btrfs features: multi-disk support, subvolumes, snapshots, subvolume send/receive, data/metadata profiles, compression, etc;
*) rose-storage - allow to separately mount any btrfs subvolumes;
*) rose-storage - update rsync to 3.4.1;
*) rose-storage,ssh - support btrfs send/receive over ssh;
*) route - added /ip/route/check tool;
*) route - added subnet length validation on route add;
*) route - do not use disabled addresses when selecting routing id;
*) route - fixed busy loops (route lockups);
*) route - fixed incorrect H flag usage;
*) route - improved stability when polling static routes via SNMP;
*) route - properly resolve imported BGP VPN routes;
*) routing-filter - improved stability when using large address lists (>5000);
*) routing-filter - improved usage of quotes in filter rules;
*) sfp - fixed missing “1G-baseX” supported rate for NetMetal ac2 and hEX S devices;
*) sfp - improved linking with certain QSFP modules on CRS354 devices;
*) sfp - improved system stability with some GPON modules for CCR2004 and CCR2116 devices;
*) sfp,qsfp - improved initialization and linking;
*) smb - improved system stability;
*) snmp - added disk serial number through description field;
*) snmp - sort disk list and assign correct disk types;
*) supout - added per CPU load information;
*) switch - improved system stability for CRS304 switch;
*) switch - improvements to certain switch operations (port disable, shaper and switch initialization);
*) system - added option to list and install available packages (after using “check-for-updates”);
*) system - do not allow to install multiple wireless driver packages at the same time;
*) system - do not cause unnecessary sector writes on check-for-updates;
*) system - enable “ipv6” package on RouterOS v6 downgrade if IPv6 is enabled;
*) system - force time to be at least at package build time minus 1d;
*) system - improved HTTPS speed;
*) system - improved stability on busy systems;
*) system,arm - automatically increase boot part size on upgrade or netinstall (fixed upgrade failed due to a lack of space on kernel disk/partition);
*) tile - improved system stability;
*) traceroute - added “too many hops” error when max-hops are reached;
*) traceroute - limit max-hops maximum value to 255;
*) user - improved authentication procedure when RADIUS is not used;
*) vxlan - added disable option for VTEPs;
*) vxlan - added option to dynamically bridge interface and port settings (hw, pvid);
*) vxlan - added TTL property;
*) vxlan - changed default port to 4789;
*) webfig - added confirmation when quitting in Safe Mode;
*) webfig - do not reload form when failed to create new object;
*) webfig - fixed “TCP Flags” property when inverted flags are set in console;
*) webfig - fixed datetime setting under certain menus;
*) webfig - fixed displaying passwords;
*) webfig - fixed Switch/Ports menu not showing correctly;
*) webfig - hide certificate information in IP Services menu when not applicable;
*) webfig - remember expand/fold state;
*) wifi - added max-clients parameter;
*) wifi - avoid excessive re-transmission of SA Query action frames;
*) wifi - fix issue which made it possible for multiple concurrent WPA3 authentications to interfere with each other;
*) wifi - implement steering parameters to delay probe responses to clients in the 2.4GHz band;
*) wifi - log a warning when a client requests power save mode during association as this may prevent successful connection establishment;
*) wifi - re-word the “can’t find PMKSA” log message to “no cached PMK”;
*) wifi - try to authenticate client as non-FT client if it provides incomplete set of FT parameters;
*) wifi-qcom - fix reporting of radio minimum antenna gain for hAP ax^2;
*) winbox - added “Copy to Provisioning” button under “WiFi/Radios” menu;
*) winbox - added “Last Logged In/Out” and “Times Matched” properties under “WiFi/Access List” menu;
*) winbox - added L3HW Advanced and Monitor;
*) winbox - added TCP settings under “Tools/Traffic Generator/Packet Templates” menu;
*) winbox - do not show 0 Tx/Rx rate under “WiFi/Registration” menu when values are not known;
*) x86 - fixed “unsupported speed” warning;

To upgrade, click “Check for updates” at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. The file must be generated while a router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.

Ouhhhhh thanks!

*) ipv6 - added FastTrack support;

Finally! <3

Amazing job, this really is impressive and the reason why I only use Mikrotik wherever possible. Keep up the solid work!

What’s this about? Could somebody provide some info?

*) l3hw - added initial HW offloading for VXLAN on compatible switches;

very interesting !!!

I cannot wait for free time in the day to play with this! I was hoping to see radsec get fixed but this is a nice, distracting, consolation prize.

OH WOW!

*) ip - added support for /31 address;
*) route - added /ip/route/check tool;

finally! ..thank you!

Some nice fixes, I like the look of this one *) wifi - try to authenticate client as non-FT client if it provides incomplete set of FT parameters;

Hey, I’m inclined to get happy!
They decided to return to do some efforts in hardware offload things.

Still soon to say something, but it sounds good.

This will surely be an exciting release, lot’s of changes across the board most notable changes mlag fixes, ipv6 fasttrack and /31 support

IPv6 getting some love! :smiley:

Hi,

hex constantly rebooting itself. Only has IPsec tunnel configured for lab.

  MikroTik RouterOS 7.18beta2 (c) 1999-2025       https://www.mikrotik.com/


Press F1 for help

(7 messages not shown)
2025-01-21 16:29:20 system,error,critical router was rebooted without proper shutdown by watchdog timer
2025-01-21 16:31:00 system,clock,critical,info ntp change time Jan/21/2025 16:30:02 => Jan/21/2025 16:31:00
2025-01-21 16:31:02 system,error,critical router was rebooted without proper shutdown by watchdog timer
2025-01-21 16:44:33 system,clock,critical,info ntp change time Jan/21/2025 16:31:38 => Jan/21/2025 16:44:33
2025-01-21 16:44:35 system,error,critical router was rebooted without proper shutdown by watchdog timer
2025-01-21 16:46:23 system,error,critical router was rebooted without proper shutdown by watchdog timer
2025-01-21 16:48:03 system,clock,critical,info ntp change time Jan/21/2025 16:47:00 => Jan/21/2025 16:48:03
2025-01-21 16:48:04 system,error,critical router was rebooted without proper shutdown by watchdog timer

Config:

/interface bridge
add frame-types=admit-only-vlan-tagged name=BDI100 protocol-mode=none pvid=99 vlan-filtering=yes
/interface vlan
add interface=BDI100 name=vlan2 vlan-id=2
add interface=ether1 name=vlan30 vlan-id=30
/interface list
add name=WAN
add name=LAN
add name=DMZ
/ip ipsec policy group
add name=group_pelvet
add name=group_core
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
add dh-group=ecp384 enc-algorithm=aes-128 lifetime=2h name=pf_pha1_pelvet
add dh-group=ecp256 enc-algorithm=aes-128 hash-algorithm=sha384 name=pf_pha1_core prf-algorithm=sha384
/ip ipsec peer
add address=<> exchange-mode=ike2 name="peer=>Radiusa_pelvet" profile=pf_pha1_pelvet
add address=<> exchange-mode=ike2 name="peer=>PBXa_pelvet" profile=pf_pha1_pelvet
add address=<> exchange-mode=ike2 name="peer=>PBXb-Radiusb_pelvet" profile=pf_pha1_pelvet
add address=<> exchange-mode=ike2 name="peer=>core01" port=4501 profile=pf_pha1_core
/ip ipsec proposal
set [ find default=yes ] disabled=yes
add enc-algorithms=aes-128-cbc name=pp_pha2_pelvet pfs-group=ecp384
add enc-algorithms=aes-128-cbc lifetime=4h name=pp_pha2_core pfs-group=ecp384
/ip pool
add name=pool_vlan2 ranges=10.2.2.10-10.2.2.30
/routing ospf instance
add disabled=yes in-filter-chain=ospf100_in name=ospf100 out-filter-chain=ospf100_out redistribute=connected
/routing ospf area
add disabled=yes instance=ospf100 name=area0
/interface bridge port
add bridge=BDI100 interface=ether2 pvid=2
add bridge=BDI100 interface=ether3 pvid=2
add bridge=BDI100 interface=ether4 pvid=2
add bridge=BDI100 interface=ether5 pvid=2
/ip firewall connection tracking
set enabled=yes tcp-established-timeout=2h udp-stream-timeout=2m
/ip neighbor discovery-settings
set discover-interface-list=none protocol=""
/interface bridge vlan
add bridge=BDI100 tagged=all untagged=ether2,ether3,ether4,ether5 vlan-ids=2
/interface list member
add interface=lte1 list=WAN
add interface=vlan30 list=WAN
/interface ovpn-server server
add mac-address=FE:35:CD:54:08:7F name=ovpn-server1
/ip address
add address=100.64.2.1 interface=lo network=100.64.2.1
add address=10.2.2.1/27 interface=vlan2 network=10.2.2.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=5m update-time=no
/ip dhcp-client
add add-default-route=no interface=vlan30 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server
add add-arp=yes address-pool=pool_vlan2 interface=vlan2 lease-time=2h name=dhcp_vlan2
/ip dhcp-server config
set store-leases-disk=never
/ip dhcp-server network
add address=10.2.2.0/27 dns-server=10.2.2.1 gateway=10.2.2.1
/ip dns
set allow-remote-requests=yes servers=195.76.102.1
/ip firewall address-list
add address=10.0.2.0/27 list=ACL150
add address=10.0.3.0/28 list=ACL150
add address=10.0.4.0/27 list=ACL150
add address=10.0.5.0/24 list=ACL150
add address=195.76.102.0/24 list=ACL150
add address=cloud2.mikrotik.com list=ACL180
add address=upgrade.mikrotik.com list=ACL180
add address=cloud.mikrotik.com list=ACL180
add address=pool.ntp.org list=ACL180
add address=3.pool.ntp.org list=ACL180
/ip firewall filter
add action=accept chain=input comment=INPUT src-address-list=ACL150
add action=accept chain=input in-interface-list=WAN packet-size=0-256 protocol=icmp
add action=drop chain=input dst-port=7000,7001,22900 in-interface-list=WAN protocol=tcp src-address-list=ACL180
add action=accept chain=input in-interface-list=WAN src-address-list=ACL180
add action=drop chain=input in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=MGMT-LTE_modem dst-address=192.168.8.1 out-interface-list=WAN \
    src-address=0.0.0.0/0 to-addresses=192.168.8.100
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip ipsec identity
add generate-policy=port-strict peer="peer=>PBXa_pelvet" policy-template-group=group_pelvet secret=\
    <laquesea>
add generate-policy=port-strict peer="peer=>PBXb-Radiusb_pelvet" policy-template-group=group_pelvet secret=\
    <laquesea>
add generate-policy=port-strict peer="peer=>Radiusa_pelvet" policy-template-group=group_pelvet secret=\
    <laquesea>
add auth-method=digital-signature certificate=IKEv2_MGMT_cl.crt generate-policy=port-strict peer="peer=>core01" \
    policy-template-group=group_core
/ip ipsec policy
set 0 disabled=yes
add comment=Policy_pelvet dst-address=10.142.0.7/32 level=unique peer="peer=>PBXa_pelvet" proposal=\
    pp_pha2_pelvet src-address=100.64.2.1/32 tunnel=yes
add dst-address=10.128.0.11/32 level=unique peer="peer=>Radiusa_pelvet" proposal=pp_pha2_pelvet src-address=\
    100.64.2.1/32 tunnel=yes
add dst-address=10.128.0.15/32 level=unique peer="peer=>PBXb-Radiusb_pelvet" proposal=pp_pha2_pelvet \
    src-address=100.64.2.1/32 tunnel=yes
add dst-address=10.142.0.7/32 level=unique peer="peer=>PBXa_pelvet" proposal=pp_pha2_pelvet src-address=\
    10.2.2.0/27 tunnel=yes
add dst-address=10.128.0.11/32 level=unique peer="peer=>Radiusa_pelvet" proposal=pp_pha2_pelvet src-address=\
    10.2.2.0/27 tunnel=yes
add dst-address=10.128.0.15/32 level=unique peer="peer=>PBXb-Radiusb_pelvet" proposal=pp_pha2_pelvet \
    src-address=10.2.2.0/27 tunnel=yes
add comment=Policy_Core01 dst-address=100.64.0.1/32 level=unique peer="peer=>core01" proposal=pp_pha2_core \
    src-address=100.64.2.1/32 tunnel=yes
add dst-address=10.0.3.0/28 level=unique peer="peer=>core01" proposal=pp_pha2_core src-address=10.2.2.0/27 \
    tunnel=yes
/ip route
add disabled=no distance=5 dst-address=10.0.2.0/27 gateway=195.76.102.1%vlan30 routing-table=main scope=20 \
    suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=22910
set api disabled=yes
set winbox port=8000
set api-ssl disabled=yes
/routing filter rule
add chain=ospf100_out disabled=no rule="if (dst in 0.0.0.0/0 && dst-len>0) {reject}"
add chain=ospf100_in disabled=no rule="if (dst in 10.0.2.0/27) {accept}\
    \nif (dst in 10.0.3.0/28) {reject}\
    \nif (dst in 10.0.4.0/27) {accept}\
    \nif (dst in 10.0.5.0/24) {accept}\
    \nif (dst in 10.0.6.0/24) {accept}\
    \nif (dst in 100.64.0.2/32) {accept}\
    \nif (dst in 192.168.1.0/24) {accept}"
/routing ospf interface-template
add area=area0 disabled=yes interfaces=vlan30 networks=195.76.102.0/24
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Madrid
/system identity
set name=hex01.lb
/system logging
add disabled=yes topics=ipsec,debug,!packet
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=pool.ntp.org
add address=3.pool.ntp.org
/system package update
set channel=testing
/system routerboard settings
set auto-upgrade=yes silent-boot=yes
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no

/file/print now shows the contents of container store :exploding_head:

Not sure this is a good idea. It gets too cluttered too easily.

*) log - added CEF format support for remote logging:
*) log - added option to select TCP or UDP for remote logging;

After 10+ years of waiting, we may have hopefully a working modern logging for Mikrotik.
Will test it out as soon as I get home :slight_smile:

PS I did make several post before this, so history of request is much older :slight_smile:
http://forum.mikrotik.com/t/logging-prefix-is-a-mess-sup-105353-sup-144261-waiting-for-mt-to-support-rfc-5424/111067/1

It may be to much to also support syslog using TLS (so we get encrypted logs)

NICE WORK.

I’m undecided on what to report the most beautiful, besides the FastTrak, I should copy half the list…

Can’t believe it’s been only 9 years and 8 months since we are waiting for this, seems like yesterday.

Thank you, MikroTik!

Yeah for ipv6 fasttrack \o/

This release adds a lot of improvements. Mikrotik, very strong!