v7.5rc is released!

RouterOS version 7.5rc1 has been released “v7 testing” channel!

Before an upgrade:

1. Remember to make backup/export files before an upgrade and save them on another storage device;
2. Make sure the device will not lose power during upgrade process;
3. Device has enough free storage space for all RouterOS packages to be downloaded.

What’s new in 7.5rc1 (2022-Aug-19 13:23):

*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when “default-originate” is configured;
*) bridge - fixed “new-priority” value validation for NAT rules;
*) capsman - added randomized range option for “reselect-interval” parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from “debug” to “error” topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added “address-list” parameter for static DNS entries (CLI only);
*) dns - added “match-subdomain” option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed “temperature” and “power-consumption” readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed “CPU” to “switch” for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed “https-redirect” option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added “SIM not inserted” and “SIM failure” messages to “status” and “monitor” commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when “use-local-clock” is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from “debug” to “info” topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for “routes” parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for “VPN” checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed “delete bgp-communities” command;
*) routerboard - added “reset-button” script feature for TILE devices;
*) sfp - fixed “eeprom” reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive “sfp1” interface after disabling “ether1” on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed “dst-port” usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in “nonce matching” state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added “do-not-fragment” parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added “sync-connection-tracking” compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when “sync-connection-tracking=yes” and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with “sync-connection-tracking=yes”;
) webfig - allow to specify NTP server as domain name;
) webfig - fixed displaying of grahs in status pages;
) webfig - fixed floating point field’s negative value in -0. format;
*) wifiwave2 - added “sae-pwe” parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of “ft-nas-identifier” parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under “Tools/Torch” menu;
*) winbox - fixed “Enable”, “Disable” and “Comment” functions for L2TP-ether type interfaces;
*) winbox - fixed “Next Run” parameter displaying under “System/Scheduler” menu;
*) winbox - fixed “Type” and “Value” field displaying under “System/Health” sub-menu’s;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;

To upgrade, click “Check for updates” at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.

Some users have reported that the they still experience issues with wireless on Intel Haswell and older x86 platforms.
This will be addressed in future releases.

Progress is looking good.

I am hoping to see BFD support in the very near future !

Chateau LTE12 and RB750GR3 upgraded successfully from RC11 with no issues.

Two CHRs running containers upgraded with no issues from RC11. Scheduler script started containers successfully at power on.

Updated my RB3011 from RC11 without issues. 2 containers (Adguard & Pihole) running fine. Will create some more

RB5009 upgraded without issue. Looking forward for more bgp related fixes.Uptime still showing 497 days for bgp sessions.

upgrade beta11 to rc1 container AdGuard not start

 09:53:50 container,info,debug 2022/08/23 06:53:50.373246 [info] AdGuard Home, version v0.107.10
 09:53:50 container,info,debug 2022/08/23 06:53:50.468336 [info] Initializing auth module: /opt/adguardhome/work/data/sessions.db
 09:53:50 container,info,debug 2022/08/23 06:53:50.471175 [error] auth: open DB: /opt/adguardhome/work/data/sessions.db: open /opt/adguardhome/work/data/sessions.db: [b]permission denied[/b]
 09:53:50 container,info,debug 2022/08/23 06:53:50.472157 [fatal] Couldn't initialize Auth module

please fix it

Did you create a NEW container or what this your already existing Adguard container that you simply started after the upgrade to RC1 ???
Note that I’m not running the latest Adguard 0.107.x release but still on 0.107.9



EDIT : Permission are not fixed it seems. Tried to deploy fresh Adguard image, same permission errors like in the past.
Not using any mounts or env_variables as a test

We could have dreamed that version 7.5 would achieve feature parity with v6, but it looks like it is not going to be.
The progress around BGP/BFD is not looking good at all. BFD is already mentioned to be a “work in progress” since Sep 4, 2021. Almost a year.

As it seems the BGP programmer has left and there has been some development on “netwatch”, may I suggest to build a “BFD” mode into netwatch so at least we can have a workaround until the apparently very hard BFD feature will be finished?
(like most people we do not need any fancy BFD behavior and capabilities at all, just a fast link check and failover)

using an existing container.

bfd in netwatch would be a nice improvement and even more important, please make the bfd option in check-gateway work.

Nope, still broken. Unfortunately I can’t unplug the drive to see the what’s wrong this time.
LE: Nevermind, this entry is from 7.5beta4 (2022-Jul-22 12:46) which only fixed the creation of mounted directories, not the current broken permissions of the created directories.

I'm trying to get things going forward so that at least we can install v7 in some locations where it is now unusable due to the lack of BFD.
We only need the original v6 functionality of BFD, not additional bells and whistles. That can come later.
Besides, when a BFD mode is added to netwatch, you can do whatever you want in the up and down scripts. I would enable/disable a BGP peer, you can enable/disable a route when you want to.

BFD mode in netwatch should be quick and easy to implement given the framework for different checking methods already is available.
Only particular thing to BFD is that setting a remote system to be monitored implies that the remote can also monitor us (i.e. the local UDP socket acts as a server as well).
It certainly should not require a man-year of coding, as the "super duper BFD under construction" apparently does.

Hi!
*) rb5009 - fixed ether1 status reporting after system reboot;
My rb5009 connected to the cable modem lost connection several times a day if the 2.G port was used (last tested in 7.5beta8). It´s state was reported correctly (1G FDX). I have moved the uplink connection to ether3 and the problem was gone. I can´t test again until next weekend. (I did not see other performance related issues with the 2.5G port, but my uplink speed is only 300Mbps.)

Does someone know if this fix is related to this problem?

Thanks
W

What is the purpose or use of this functionality for the admin, or is something behind the curtain…
bridge - fixed “new-priority” value validation for NAT rules;

WPA3 on hAP AC3 stopped working after update from 7.4 - there is no error info in log.

7.5rc1 still same issue, With 7.4.1 all works fine.

Just to be sure…you have upgraded both packages?

If anyone is having problem connecting devices with WPA3, try

/interface/wifiwave2/security/set (yourWiFiprofile) sae-pwe=hunting-and-pecking

also, GCMP encryption should work with WPA3-Personal? Unable to connect any device.

*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;

still doesn’t work - ccr2116 qsfp to original mikrotik breakout cable ‘Q+BC0003-S+’ still has no link. last known working version was ros 7.2.3.

yes, packages and firmware too