v7.7beta [testing] is released!

RouterOS version 7.7beta3 has been released “v7 testing” channel!

Before an upgrade:

1. Remember to make backup/export files before an upgrade and save them on another storage device;
2. Make sure the device will not lose power during upgrade process;
3. Device has enough free storage space for all RouterOS packages to be downloaded.

What’s new in 7.7beta3 (2022-Oct-26 11:31):

*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed “edge=yes” setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added “discovered-by” parameter to indicate which protocol discovered the neighbor;
*) discovery - added “mode” parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added “install-hotspot-queue” parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved “interval” and “packet-interval” coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router’s IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to “auto”;
*) sfp - allow usage of “10G Base-LR” mode for XS+31LC10D module;
*) snmp - added support for “lldpRemLocalPortNum” OID’s;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added “local-address” parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for “VPLS ID” parameter;
*) webfig - fixed setting of “DHCP Option Set” parameter;
*) wifiwave2 - added “datapath” settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added “provisioning” menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added “Active” prefix for current “Circuit ID” and “Cookie Length” fields for L2TP-Ether interfaces;
*) winbox - added “Make Static” button to “IP/DHCP Server/Leases” menu;
*) winbox - fixed minor typo in “Zerotier” menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save “Interfaces/Detect Internet/Detect Internet State” menu in session file;
*) winbox - show “Switch” menu on Chateau 5G ax;
*) winbox - show “System/Health/Settings” only on boards that have configurable values;
*) winbox - show “System/RouterBOARD/Mode Button” on devices that have such feature;
*) winbox - show “USB Power Reset” menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;

To upgrade, click “Check for updates” at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.

Very thanks!

SUP-95194 On clean fresh install 7.7beta3 it is reproduced. Please, fix it.
I not want save private key of CA in RouterOS. In 7.6beta8 its worked.

[admin@MikroTik] > /certificate add name="r1-ca" common-name="r1-ca" subject-alt-name="email:r1-ca" key-size=2048 key-usage=key-cert-sign,crl-sign
[admin@MikroTik] > /certificate sign "r1-ca"
  progress: done

[admin@MikroTik] > /certificate add name="r1" common-name="192.168.2.14" subject-alt-name="IP:192.168.2.14" key-size=2048 key-usage=digital-signature,content-commitment,key-encipherment,key-agreement,tls-server
[admin@MikroTik] > /certificate sign "r1" ca="r1-ca"
  progress: done

[admin@MikroTik] > /certificate export-certificate r1-ca file-name=r1-ca export-passphrase=passphrase type=pem
[admin@MikroTik] > /certificate export-certificate r1 file-name=r1 export-passphrase=passphrase type=pkcs12
[admin@MikroTik] > /certificate/remove r1-ca
[admin@MikroTik] > /certificate/import file-name="r1-ca.crt" name="r1-ca" passphrase="passphrase"
     certificates-imported: 1
     private-keys-imported: 0
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0

[admin@MikroTik] > /certificate/import file-name="r1.p12" name="r1" passphrase="passphrase"
     certificates-imported: 1
     private-keys-imported: 1
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0

[admin@MikroTik] > /caps-man/manager/set ca-certificate=r1-ca certificate=r1 enabled=yes require-peer-certificate=yes
input does not match any value of ca-certificate

Your configuration is invalid, I already explained it to you in 7.6rc topic.

is this fixing [SUP-81652] about crash of bgp process that saturated 4gb shared memory?
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;

so now the shared memory allow 4GB for each process?
right?

I don’t understand why if p12 of CA is used in new ROS - the “ca-certificate” works. But if only the cert of CA is used - it does not work.
What is the case of the ca-certificate key in /caps-man/manager/? Is the “ca-certificate” parameter deprecated (if it is not necessary to specify it in my case)? I’m sorry, it’s not entirely logical.

P12 is a certificate bundle and consists of the whole chain of trust including private key for the host certificate.
The “ca-certificate” parameter for CAPsMAN is used for new certificate distribution (signing) for newly added CAPs with dynamic certificate generation enabled. To sign new certificates, private key for the CA certificate is required. Thus you can not specify a CA certificate in CAPsMAN config without a private key.
Validation of existing CAP certificates does not require the private key for the CA certificate, nor the CA certificate to be configured under the “ca-certificate” parameter. The validation is performed against the whole Certificate store just like it is in any other system or service.

system log is blank

Using version 7.6 we had several problems with ppppoe, disconnection, simple queue not being removed, we had to go back to CCR1036 with version 6.48 and remove CCR2116 .
In version 7.7 I’m not seeing anything on the subject of pppoe.

Good Morning
We were testing with the CCR2116 using it for PPPoE, we got 2400 connections, we had some problems…
CPU rising to 100% with 2GB of traffic
PPPoE disconnecting in bulk
Simple Queue not being removed and not allowing pppoe to reconnect because it said it already had a simple queue running.
We had to take out the CCR2116 and put the CCR1036 in place.
In version 7.7 beta, I didn’t see anything talking about PPPoE, was something done?

fabeni - Which version did you test before? It sounds like an issue solved in 7.6 “ppp - improved service stability when multiple users disconnect simultaneously”. If you did still experience a such problem with 7.6 or 7.7, then please send supout to support@mikrotik.com.

Strods,
tests performed on 7.5 and 7.6 both had the same problems.
I will report to the mentioned email

Strods.
tests performed on 7.5 and 7.6 both had the same problems.
A ticket was opened with the support file in my mikrotik account

*) filesystem - fixed repartition on devices with containers;

Seems ok!

Now containering starts

1. Adguard home with ssh → ok!
2. Openspeedtest with ssh → ok!
3. FreePBX missing till now … ongoing
   Nice

Thanks

What’s new in 7.7beta4 (2022-Oct-27 09:00):

*) conntrack - improved system stability when PPTP helper is used;
*) hotspot - fixed maximum allowed connections limitation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) ospf - fixed MD5 checksum calculation;
*) sfp - added 2.5G SFP module support for RB5009;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;

any answer?

Hi,
im just wonderng if we can expect 802.11 k support? This is the latest missing…

Support for 802.11k for the wifiwave2 package was introduced in RouterOS 7.5

FToms
What about 802.11v🤔

802.11v has not yet been implemented.
It is a large ammendment, so suggestions on which features of it users are most interested in would be welcome. If you have such suggestions, please make a dedicated thread or a support ticket.