Community discussions

MikroTik App
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 653
Joined: Thu Dec 11, 2014 8:53 am

v7.1beta2 [development] is released!

Fri Aug 21, 2020 2:00 pm

RouterOS version 7.1beta2 has been released in public "development" channel!

What's new in 7.1beta2 (2020-Aug-21 12:29):

!) added "bgp-network" output filter flag;
!) added bonding interface support for Layer3 hardware offloading;
!) added IPv6 nexthop support for IPv4 routes;
!) added Layer3 hardware offloading support for CRS309-1G-8S+IN, CRS312-4C+8XG-RM and CRS326-24S+2Q+RM;
!) added WireGuard support;
*) disk - improved external disk read/write speeds;
*) ospf - fixed point to point routes becoming inactive;
*) route - fixed source address selection of outgoing packets;
*) other minor fixes and improvements;

All released RouterOS v7 changelogs are available here:
https://mikrotik.com/download/changelog ... lease-tree

How to report RouterOS v7 bugs:
viewtopic.php?f=1&t=152006
 
Kindis
Member
Member
Posts: 328
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 2:07 pm

This level 3 offloading looks very interesting. Do we have any numbers to show what it can mean as this has the potential to put emphasis on the R in CRS :-)
 
santyx32
Member Candidate
Member Candidate
Posts: 140
Joined: Fri Oct 25, 2019 2:17 am

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 2:15 pm

Finally Wireguard
OpenWRT build download for hAP ac2, don't forget to backup ROS license

I'm the guy known as geminis3
 
mafiosa
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Fri Dec 09, 2016 8:10 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 2:36 pm

RouterOS version 7.1beta2 has been released in public "development" channel!

What's new in 7.1beta2 (2020-Aug-21 12:29):

!) added "bgp-network" output filter flag;
!) added bonding interface support for Layer3 hardware offloading;
!) added IPv6 nexthop support for IPv4 routes;
!) added Layer3 hardware offloading support for CRS309-1G-8S+IN, CRS312-4C+8XG-RM, CRS326-24S+2Q+RM and CRS354-48G-4S+2Q+RM;
!) added WireGuard support;
*) disk - improved external disk read/write speeds;
*) ospf - fixed point to point routes becoming inactive;
*) route - fixed source address selection of outgoing packets;
*) other minor fixes and improvements;

All released RouterOS v7 changelogs are available here:
https://mikrotik.com/download/changelog ... lease-tree

How to report RouterOS v7 bugs:
viewtopic.php?f=1&t=152006
Good to see ospf issue to be resolved. Also wireguard is a much awaited feature. Thanks!
 
User avatar
leoktv
Trainer
Trainer
Posts: 142
Joined: Thu Dec 01, 2005 1:39 pm
Location: sweden
Contact:

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 2:40 pm

Any update in the v7 Routing Protocol Status?
_________________
Leo De Geer, Mikrotik Certified Consultant/Trainer #TR0003, MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE, MTCUME, MTCIPv6E MTCSE MTCASE MTCSWE & MikroTik Distributor
http://www.mikrotik.se
support[at]mikrotik.se
Office: +46 325 660 650
 
Paternot
Forum Veteran
Forum Veteran
Posts: 758
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 2:49 pm

This level 3 offloading looks very interesting. Do we have any numbers to show what it can mean as this has the potential to put emphasis on the R in CRS :-)
It does routing at wirespeed, in all ports. There are several constraints, and a limit of 4096 connections, if I'm not wrong. But in some use cases it will be a killing feature.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6914
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 2:55 pm

Observations (not really new for this build but maybe off the radar):
- when a static route is disabled, it disappears from the listing entirely, as if it has been deleted. when the window is closed/reopened, it appears again in greyed-out status.
- the BGP functionality still exists only in CLI and not in winbox. I would have hoped (or maybe this is the time to do that!) that all GUI info is derived from a common set of tables that is shared by all the user interfaces, so the work does not have to be done 3 times...
- when I close the Log window and re-open it, winbox completely hangs.
 
User avatar
null31
Member Candidate
Member Candidate
Posts: 183
Joined: Fri Dec 23, 2016 6:07 pm
Location: Brazil

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 3:07 pm

WireGuard implementation was done like MikroTik did to OpenVPN or kept as is in Linux 5.6?
Thank you.
Last edited by null31 on Fri Aug 21, 2020 3:18 pm, edited 2 times in total.
 
mrshark
just joined
Posts: 11
Joined: Sun Aug 16, 2020 2:42 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 3:09 pm

any hint on how to flash this on a HAP MINI? On previous beta, it said internal storage is not enough to upgrade... it's a brand new model, factory reset... maybe because of beta and so build not optimized yet? Will it ever be a version for low storage devices?

thanks in advance
 
User avatar
null31
Member Candidate
Member Candidate
Posts: 183
Joined: Fri Dec 23, 2016 6:07 pm
Location: Brazil

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 3:13 pm

any hint on how to flash this on a HAP MINI?
thanks in advance
Use NetInstall to flash hAP Mini.
 
ludvik
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Mon May 26, 2008 4:36 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 3:14 pm

winbox 3.24 64bit on win7, rb450gx4. Open interfaces, add Virtual ethernet. Winbox closed.
 
Quasar
just joined
Posts: 21
Joined: Sun Oct 05, 2014 1:11 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 3:26 pm

WireGuard implementation was done like MikroTik did to OpenVPN or kept as is in Linux 5.6?
Thank you.
It's Wireguard v1.0.0 proper (as shipped with v5.6).

Note for whoever wants to give it a spin: you need to use the cli to set the peer endpoint - Winbox doesn't allow you to set the port (it will default to 0).
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1023
Joined: Tue Oct 11, 2005 4:53 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 3:42 pm

!) added WireGuard support;
Gave it a try on a hEX (RB750Gr3) and it worked out of the box!

The performance was capped at around 100mbit though. Maybe the hEX is not powerful enough.
More tests are warranted :)
 
User avatar
mozerd
Member
Member
Posts: 452
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 3:43 pm

This level 3 offloading looks very interesting. Do we have any numbers to show what it can mean as this has the potential to put emphasis on the R in CRS :-)
It does routing at wirespeed, in all ports. There are several constraints, and a limit of 4096 connections, if I'm not wrong. But in some use cases it will be a killing feature.
@Paternot
I 4 1 do NOT believe that It will do routing at wire-speed ... why I do not believe that .... because for L3 wire-speed requires an ASIC and non of the hardware specs I see have that L3 ASIC in the gear. Yes there will be an improvement in performance but nowhere near wire-speed.
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1735
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 3:54 pm

@Paternot
I 4 1 do NOT believe that It will do routing at wire-speed ... why I do not believe that .... because for L3 wire-speed requires an ASIC and non of the hardware specs I see have that L3 ASIC in the gear. Yes there will be an improvement in performance but nowhere near wire-speed.
https://i.mt.lv/cdn/product_files/CRS32 ... 200149.png
Are you sure that mention switchip doesn't have that feature?
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
msatter
Forum Guru
Forum Guru
Posts: 1876
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 3:55 pm

Just tried this version and had to go back to 6.4x.
  • Bug [SUP-15464] which is partly fixed in 6.4x is still present in 7.1x (retain correct MTU PPPoE through a SFP on a 4011) restarting the SFP does not help.
  • Changing the MTU manually on a interface crashes the router (tested it on a 4011 and 750-Gr2) remark, MTU set in the configuration by a 6.4x seems to be honored
  • In routing I noticed something different on the route for the gateway PPPoE connection, the first was 0.0.0.0/0 but that a label DAv instead of DAS (v from VPN) and I have IKEv2 defined but not all traffic has to go through a tunnel. I assume this "v" indicates that the IKEv2 tunnels are terminated on the PPPoE.

I did upgrade my firmware to 7.1x but to no avail. And I first downgraded to 6.47.2 before upgrading to the 7.1beta2
One RB4011 (cooled) and a RB760iGS (hEX S) in series. The 4011 Does PPPoE/IKEv2.
The cooler: viewtopic.php?f=3&t=138613&start=300#p799879
Running:
RouterOS 6.48beta35 / Winbox 3.27 64bits / MikroTik APP 1.3.15
 
mbovenka
Member Candidate
Member Candidate
Posts: 205
Joined: Mon Oct 14, 2019 10:14 am

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 4:09 pm

I 4 1 do NOT believe that It will do routing at wire-speed ... why I do not believe that .... because for L3 wire-speed requires an ASIC and non of the hardware specs I see have that L3 ASIC in the gear. Yes there will be an improvement in performance but nowhere near wire-speed.

What do you think the, let's say 98DX8208 chip in the CRS309 is? It's a switching ASIC that has lots of functionality built in, L3 forwarding among them. MT simply didn't implement it up to now.
 
DarkNate
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Fri Jun 26, 2020 4:37 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 4:17 pm

WireGuard Support! Finally! About time!
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2321
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 4:32 pm

Any update in wireless?
LAN, FTTx, Wireless. ISP operator
 
User avatar
mozerd
Member
Member
Posts: 452
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 4:33 pm

https://i.mt.lv/cdn/product_files/CRS32 ... 200149.png
Are you sure that mention switchip doesn't have that feature?
@macgaiver
I am not familiar with that specific switch chip so I am in part writing out of ignorance of that specific chip.

I am familiar with how CISCO does in on their MLS devices. Typically for wire-speed routing in the Cisco Switch world Cisco requires three entities to implement multilayer switching: the switching engine (SE), the route processor (RP), and the MLS protocol. The SE performs the switching function, the RP performs the routing function, and the MLS protocol provides for communication between these two devices. This aside, there is one very simple concept that makes it all possible: the flow. A flow can be defined as a stream of packets from the same source to the same destination using the same application. As an example, a flow could be an HTTP session between a source browser and a target server. In a Cisco MLS network, the initial packet in a session is routed via the RP, but all subsequent packets in that particular session are switched by the SE. The SE maintains a cache about these flows and can determine whether or not a given packet is part of an established session. If so, the SE rewrites the pertinent packet info as if it had been processed by the router and then switches the packet. This process is commonly referred to as “route once, switch many.” It occurs at switch speed, not at the slower router speed.

So in terms of MikroTik and RouterOS I do not see ANY functionality that mimics or deals with wire-speed Routing at the switch level.
 
reddin
just joined
Posts: 8
Joined: Mon May 04, 2020 11:46 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 4:38 pm

Hello!
Just upgraded to v7.1b2 and spotted a few issues:
First and most important is routing marks don't work
The second one is about wireguard. Why I can't specify the port number for peer? Is it intended or a bug as well?
 
mrshark
just joined
Posts: 11
Joined: Sun Aug 16, 2020 2:42 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 4:55 pm

any hint on how to flash this on a HAP MINI?
thanks in advance
Use NetInstall to flash hAP Mini.
not able to put device in netboot mode in any way tried... short, direct cable from pc eth to eth2, i add this command:
/system routerboard settings set boot-device=try-ethernet-once-then-nand
then unplug power and eth, move eth to eth1 port, replug power, it never appears in netinstall...

left eth cable in eth1, unplug power, keep pressed reset for more than 2 minutes, nothing, never appeared in netinstall...
again, unplugged power, keep pressed reset, replug power, left reset after lights went off, nothing again...

windows firewall disabled, av disabled, ip pc 192.168.88.2/24-->.1, ip netboot 192.168.88.3...
 
mrshark
just joined
Posts: 11
Joined: Sun Aug 16, 2020 2:42 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 4:57 pm

The second one is about wireguard. Why I can't specify the port number for peer? Is it intended or a bug as well?
in comments above is said to use cli for now, probably winbox is not yet updated to include gui for wireguard
 
cxcool
just joined
Posts: 1
Joined: Sun May 12, 2019 5:13 am

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 5:03 pm

Wireguard endpoint port need to be fix in winbox .
there is no way to enter IP:port in winbox
CLI OK
 
reddin
just joined
Posts: 8
Joined: Mon May 04, 2020 11:46 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 5:04 pm

The second one is about wireguard. Why I can't specify the port number for peer? Is it intended or a bug as well?
in comments above is said to use cli for now, probably winbox is not yet updated to include gui for wireguard
Yeah, it works via cli, thanks.
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1023
Joined: Tue Oct 11, 2005 4:53 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 5:14 pm

So in terms of MikroTik and RouterOS I do not see ANY functionality that mimics or deals with wire-speed Routing at the switch level.
L3 offloading happens on the switch chip.
That's why it's called "L3 offloading". They offload the routing functionality from the CPU, to the switch chip, thus achieving wirespeed.

The switch chips used in those RB models (which are ASICs basically) do support L3 routing at wirespeed as per Marvell's datasheet.
The hardware support was already there, but MikroTik just started supporting it on ROS.
Last edited by Cha0s on Fri Aug 21, 2020 5:15 pm, edited 1 time in total.
 
User avatar
null31
Member Candidate
Member Candidate
Posts: 183
Joined: Fri Dec 23, 2016 6:07 pm
Location: Brazil

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 5:14 pm

not able to put device in netboot mode in any way tried... short, direct cable from pc eth to eth2
@mrshark
You need to use a switch between pc and router. Direct connection is prone to fail, since you have a change on link state.
So, the netinstall "become" slow to detect the router.
Also, typically ether1 is used by netboot, except if is identified another port for that role.
Last edited by null31 on Fri Aug 21, 2020 5:24 pm, edited 1 time in total.
 
User avatar
mozerd
Member
Member
Posts: 452
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 5:23 pm

The switch chips used in those RB models (which are ASICs basically) do support L3 routing at wirespeed as per Marvell's datasheet.
The hardware support was already there, but MikroTik just started supporting it on ROS.
@Cha0s
Do you have a link to the Marvell's datasheet.for the Chjp referred to please?
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1023
Joined: Tue Oct 11, 2005 4:53 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 5:27 pm

I don't have it at hand, but I remember someone had posted it in the forum a while ago.
 
User avatar
mozerd
Member
Member
Posts: 452
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 5:44 pm

I don't have it at hand, but I remember someone had posted it in the forum a while ago.
OK thanks .... I found the following that looks very interesting and exciting for MikroTik users :-)
Marvell PRESTERA 98DX83xx Family

In reading the specs I do not see L3 wire-speed benefits.
 
Paternot
Forum Veteran
Forum Veteran
Posts: 758
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 6:02 pm

This level 3 offloading looks very interesting. Do we have any numbers to show what it can mean as this has the potential to put emphasis on the R in CRS :-)
It does routing at wirespeed, in all ports. There are several constraints, and a limit of 4096 connections, if I'm not wrong. But in some use cases it will be a killing feature.
@Paternot
I 4 1 do NOT believe that It will do routing at wire-speed ... why I do not believe that .... because for L3 wire-speed requires an ASIC and non of the hardware specs I see have that L3 ASIC in the gear. Yes there will be an improvement in performance but nowhere near wire-speed.
Well, the switch chipset has the circuitry. If they will implement it all they way is another question. But the hardware is already there.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6914
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 6:18 pm

There is no need to question the possibility of doing L3 routing on a switch, there have been competing switches from other companies that do wirespeed routing for a long time.
It must be like 20 years ago when I got my first 3com L3 switch and was amazed at how it could route so fast, for that price, when compared to Cisco routers of the day (3640 etc).
And indeed, it normally works as described: the first packet for a src/dst ip pair is handled by the CPU, then an item is programmed in the switch that forwards the remainder of the traffic.
Just like it is done for L2 switching (where a MAC table is kept in the switch hardware to know where to forward the traffic.
 
poisons
just joined
Posts: 12
Joined: Wed Sep 18, 2013 3:50 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 6:40 pm

Wireguard support cool thing, but where is an instruction how to use it?
 
mistry7
Forum Guru
Forum Guru
Posts: 1417
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 6:41 pm

Any update in wireless?
Still waiting for something?
 
User avatar
eworm
Long time Member
Long time Member
Posts: 662
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 6:50 pm

Wireguard support cool thing, but where is an instruction how to use it?
Configuring wireguard is pretty straight forward. Just look at the options available.
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
ksteink
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Thu Mar 31, 2016 6:54 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 7:02 pm

Very nice features!!! love them so far and keep going!!

Any time frame to move off development phase and make it ready for production / stable?
 
mducharme
Trainer
Trainer
Posts: 1019
Joined: Tue Jul 19, 2016 6:45 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 7:34 pm

IPv6 BGP is working now! Thanks MikroTik!
 
mducharme
Trainer
Trainer
Posts: 1019
Joined: Tue Jul 19, 2016 6:45 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 7:53 pm

Any time frame to move off development phase and make it ready for production / stable?
They still have to implement MPLS - I think that is the one major feature still missing from the current beta. Otherwise, there are probably many small fixes needed here and there.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1805
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 8:22 pm

any hint on how to flash this on a HAP MINI? On previous beta, it said internal storage is not enough to upgrade... it's a brand new model, factory
Do a search on this forum and you find many answer. Netinstall is one way. You can also downgrade to an older version that is much smaller, like some 6.44.x version, then upgrade to latest.
 
How to use Splunk to monitor your MikroTik Router(s)

MikroTik->Splunk
 
 
User avatar
IPAsupport
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Fri Sep 20, 2019 4:02 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 8:28 pm

Any time frame to move off development phase and make it ready for production / stable?
They still have to implement MPLS - I think that is the one major feature still missing from the current beta. Otherwise, there are probably many small fixes needed here and there.
Totally agree! I will love to see MPLS implemented
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
metricmoose
newbie
Posts: 44
Joined: Sat Nov 21, 2015 2:03 am

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 9:08 pm

Wireguard is working well, except for that minor winbox issue with the endpoint port. With how easy it was to setup, I totally get the Wireguard hype now. IPSEC has a frustrating amount of knobs to turn.

Between a couple hAP ac² routers, I was getting about 280 Mbps UDP. When I changed out one of those hAP ac² routers with an older RB951G-2HnD, I was getting about 75 Mbps. That's probably better than I'd get out of IPSEC on the same device!
 
User avatar
rooted
Member Candidate
Member Candidate
Posts: 122
Joined: Tue Feb 04, 2020 5:58 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 9:35 pm

Wireguard is included in the beta, that's awesome. Thank you to all the devs for the addition, looking forward to setting it up then I get home.
 
mducharme
Trainer
Trainer
Posts: 1019
Joined: Tue Jul 19, 2016 6:45 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 10:30 pm

P.S. One thing I would really like to see in the new RouterOS v7 MPLS implementation is MPLS mangle for QoS purposes - specifically, "mark packet" and "set priority" actions for MPLS. Right now to do MPLS QoS on RouterOS we have to create a bunch of extra bridges and use bridge filters for QoS. A simple MPLS mangle table would allow us to get rid of those extra bridges.

Also, please add "set priority" to the IPv6 Mangle. We have to use bridge filters as a workaround for that too at the moment.
 
User avatar
IPAsupport
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Fri Sep 20, 2019 4:02 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 11:32 pm

This level 3 offloading looks very interesting. Do we have any numbers to show what it can mean as this has the potential to put emphasis on the R in CRS :-)

Here is the preliminary testing we have done on this version with two CHRs on ProxMox that are each on a different VLAN and the CRS317 routes between the VLANs

This is very quick UDP test - we will do more work using TCP with traffic generator and iperf3

4 to 5 Gbps with UDP and 0 to 3% CPU load


Image
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
anuser
Member
Member
Posts: 474
Joined: Sat Nov 29, 2014 7:27 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 11:39 pm

Any update in wireless?
Still waiting for something?
We are waiting for the usual stuff:
1. airtime fairness improvvements (http://blog.cerowrt.org/post/real_results/, https://forum.openwrt.org/t/aql-and-the ... vely/59002)
2. MU-MIMO
3. 802.11 k/v/r
...
Last edited by anuser on Fri Aug 21, 2020 11:52 pm, edited 2 times in total.
 
anuser
Member
Member
Posts: 474
Joined: Sat Nov 29, 2014 7:27 pm

Re: v7.1beta2 [development] is released!

Fri Aug 21, 2020 11:43 pm

There is no need to question the possibility of doing L3 routing on a switch, there have been competing switches from other companies that do wirespeed routing for a long time.
3Com 4800G switch from 2009 is my bread and butter switch: IS-IS, BGP, OSPF, VRF; PIM-SSM all running with full IPv4 and IPv6 support.
 
santyx32
Member Candidate
Member Candidate
Posts: 140
Joined: Fri Oct 25, 2019 2:17 am

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 1:23 am

Any update in wireless?
Still waiting for something?
We are waiting for the usual stuff:
1. airtime fairness improvvements (http://blog.cerowrt.org/post/real_results/, https://forum.openwrt.org/t/aql-and-the ... vely/59002)
2. MU-MIMO
3. 802.11 k/v/r
...
For sure we'll get those features on ROS just wait till WiFi 7 gets announced xD
OpenWRT build download for hAP ac2, don't forget to backup ROS license

I'm the guy known as geminis3
 
sfrode
just joined
Posts: 8
Joined: Thu Apr 16, 2020 12:12 am
Location: Oslo, Norway
Contact:

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 2:27 am

This level 3 offloading looks very interesting. Do we have any numbers to show what it can mean as this has the potential to put emphasis on the R in CRS :-)

I have no problem pushing ~9.3Gbit/s IPv4 in a single thread using iperf3 between two hosts routed on the CRS317 with L3 offloading enabled. IPv6 is, as expected, another story - it gives me ~370Mbit/s.
 
UpRunTech
Member Candidate
Member Candidate
Posts: 136
Joined: Fri Jul 27, 2012 12:11 pm

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 3:35 am

WireGuard implementation was done like MikroTik did to OpenVPN or kept as is in Linux 5.6?
Thank you.
You'd be a fool to reimplement it yourself. Have a look at the Wireguard site and code and see for yourself how carefully it's been developed. Mikrotik would/might have only done some interface changes to make it work the ROS way.
 
reddin
just joined
Posts: 8
Joined: Mon May 04, 2020 11:46 pm

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 3:48 am

Can't add key in wireguard via cli with "=" at the end. But can add it later via edit and can add it via gui.
 
killersoft
Member Candidate
Member Candidate
Posts: 166
Joined: Mon Apr 11, 2011 2:34 pm
Location: Victoria, Australia
Contact:

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 4:11 am

I still cannot get MACSEC running between devices("Gets to negotiating only").
Any suggestions ?
/interface macsec
add cak=4cb39ed149d0e0dbea5fad4b91e5456f ckn=f98446584e49ad9e2cd99b2aff00adb73e0b4109eb916b8d5bbe208dda274abb \
    disabled=no interface=ether5 name=macsec1 profile=default
[admin@under desk] /interface/macsec> print
Flags: I - inactive, X - disabled, R - running 
 0   name="macsec1" interface=ether5 status="negotiating" cak=4cb39ed149d0e0dbea5fad4b91e5456f 
     ckn=f98446584e49ad9e2cd99b2aff00adb73e0b4109eb916b8d5bbe208dda274abb profile=default 
[admin@under desk] /interface/macsec> 
MTCNA
MIT, BIT,CERT IV Electronics.
ITIL
 
nathan1
Member Candidate
Member Candidate
Posts: 159
Joined: Sat Jan 16, 2016 7:05 pm

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 4:38 am

OpenVPN UDP still broken in this release. :(
For anyone else wondering, 7.0beta5 is the latest version that has OpenVPN UDP working. 7.1beta1 and and 7.1beta2 both have kernel crashes when you attempt to use it.

I reported it to Mikrotik and it has been acknowledged but it seemingly did not make it into this release.
 
nescafe2002
Long time Member
Long time Member
Posts: 692
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 10:11 am

Can't add key in wireguard via cli with "=" at the end. But can add it later via edit and can add it via gui.

Put the key value between quotes, you may find the correct syntax using the export command.
[admin@MikroTik] /interface/wireguard> add private-key="EMjwk8mpDylWKGU0c/z9TR1e5u1D75OUz2jsv3lZu3k="
[admin@MikroTik] /interface/wireguard> peers/
[admin@MikroTik] /interface/wireguard/peers> add allowed-address=10.20.30.40 public-key="ObVREVOUlpRvqPxshivdYGiirVhb/U/dt1T7rQE2WFk=" interface=wireguard1

[admin@MikroTik] /interface/wireguard/peers> export 
# aug/22/2020 09:10:46 by RouterOS 7.1beta2
/interface wireguard peers
add allowed-address=10.20.30.40/32 interface=wireguard1 public-key="ObVREVOUlpRvqPxshivdYGiirVhb/U/dt1T7rQE2WFk="
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8465
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 1:03 pm

By the way, there's no "export" command under new /routing menus :(
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8465
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 1:21 pm

I tried to setup point-to-point OSPF via SSTP tunnel, and in /routing/route/print I see duplicated routes without gateway. WAIDW?
Flags: I - INACTIVE, U - UNREACHABLE, A - ACTIVE; c - CONNECT, o - OSPF, d - DHCP, l - LDP-MAPPING
Columns: DST-ADDRESS, GATEWAY, DISTANCE, SCOPE, TARGET-SCOPE, IMMEDIATE-GW
      DST-ADDRESS               GATEWAY         DIS  SC  TA  IMMEDIATE-GW   
  Ad  0.0.0.0/0                 10.0.0.1          1  30  10  10.0.0.1%ether1
  Io  10.0.0.0/23                               110  20  10                 
  Ao  10.0.0.0/23               sstp-odesskaya  110  20  10  sstp-odesskaya 
  Ac  10.0.0.0/24               ether1            0  10      ether1         
  Io  10.52.56.0/24                             110  20  10                 
  Ao  10.52.56.0/24             sstp-odesskaya  110  20  10  sstp-odesskaya 
  Io  100.64.0.0                                110  20  10                 
  Ao  100.64.0.0                sstp-odesskaya  110  20  10  sstp-odesskaya 
  Io  100.64.0.1                                110  20  10                 
  Ao  100.64.0.1                sstp-odesskaya  110  20  10  sstp-odesskaya 
  Io  100.64.0.2                                110  20  10                 
  Ao  100.64.0.2                sstp-odesskaya  110  20  10  sstp-odesskaya 
  Io  100.64.0.3                                110  20  10                 
   o  100.64.0.3                sstp-odesskaya  110  20  10  sstp-odesskaya 
  Ac  100.64.0.3                sstp-odesskaya    0  10      sstp-odesskaya 
  Io  100.64.0.4                                110  20  10                 
  Ao  100.64.0.4                sstp-odesskaya  110  20  10  sstp-odesskaya 
  Io  100.64.0.5                                110  20  10                 
  Ao  100.64.0.5                sstp-odesskaya  110  20  10  sstp-odesskaya 
  Io  100.64.0.6                                110  20  10                 
  Io  100.64.1.0/24                             110  20  10                 
  Ao  100.64.1.0/24             sstp-odesskaya  110  20  10  sstp-odesskaya 
  Io  100.64.3.0/24                             110  20  10                 
  Ao  100.64.3.0/24             sstp-odesskaya  110  20  10  sstp-odesskaya 
  Io  100.64.6.0/24                             110  20  10                 
  Ao  100.64.6.0/24             sstp-odesskaya  110  20  10  sstp-odesskaya 
The config is the simplest one:
/routing ospf instance
add name=ospf_v2 router-id=100.64.0.7 version=2
/routing ospf area
add area-id=0.0.0.0 instance=ospf_v2 name=backbone_v2
/routing ospf interface
add area=backbone_v2 network=sstp-odesskaya network-type=point-to-point
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
danbit
just joined
Posts: 4
Joined: Sun Aug 16, 2020 10:48 pm

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 2:12 pm

Is there any examples on how to configure wireguard as client on mikrotik? I'd like to connect my mikrotik router to an existing wireguard server. Also, while setting up the peer endpoint, only IP addresses are allowed? Can't I use a domain name?

Thanks!
Last edited by danbit on Sat Aug 22, 2020 2:33 pm, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6914
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 2:13 pm

Wireguard is working well, except for that minor winbox issue with the endpoint port. With how easy it was to setup, I totally get the Wireguard hype now. IPSEC has a frustrating amount of knobs to turn.
When you don't like that, just don't turn the knobs!
It is always easy (at least at first) to create something as a single supplier and focus on a single use-case, and make it look simple. Look at Microsoft Windows.
But as more and more features are added (e.g. multiple different encryption methods, as in IPsec), it becomes more complicated over time.
See how it went with OpenVPN, that was also simple at first but got more complicated on the way, especially because there was little forethought on how to accomodate future flexibility in the initial protocol.
IMHO the same will happen with wireguard.
In IPsec it happened right from the start because lots of options for lots of selections were there all the time. But without that, it would have been even more difficult to introduce stronger encryption and hashing protocols, for example.
 
Paternot
Forum Veteran
Forum Veteran
Posts: 758
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 3:20 pm

One thing that need to be done is to allow Wireguard to use FQDN instead of just IP addresses. For two reasons, basically:

1) Not everyone have a static IP
2) With IPv6, DNS names will make a huge difference. So much easier to remember and to check the spelling...

Yes, yes, I know. Wireguard doesn't do FQDNs. It doesn't matter: just put the name on the configuration, and do a DNS lookup at connection time. Exactly like we have with IPSEC today.
 
comet48
newbie
Posts: 31
Joined: Fri Aug 23, 2019 4:39 am

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 6:10 pm

So announcement says CRS309-1G-8S+IN, CRS312-4C+8XG-RM, CRS326-24S+2Q+RM and CRS354-48G-4S+2Q+RM for L3 offload but CRS317 mentioned above as working.

I have CRS326-24G-2S+ (arm). Will it take advantage of L3 offloading? If so, what else will?
 
User avatar
xvo
Forum Veteran
Forum Veteran
Posts: 969
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 7:27 pm

For CRS317 it was added earlier.
 
amirali
just joined
Posts: 6
Joined: Thu Nov 16, 2017 11:33 pm

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 8:03 pm

hi
please help about wg config
i setup peer and wg interface but cant get any traffic throw the tunnel
[admin@MikroTik] /interface/wireguard> export
# aug/22/2020 21:33:34 by RouterOS 7.1beta2
# software id = xxxx-xxxx
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = xxxxxxxxxxxxx
/interface wireguard
add listen-port=53 mtu=1420 name=wireguard private-key=\
    "private_key"
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint=185.253.xx.x:53 interface=wireguard \
    preshared-key="preshared key" public-key=\
    "pub_key"
 
parham
newbie
Posts: 35
Joined: Sun Feb 15, 2015 11:35 pm

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 8:13 pm

RouterOS version 7.1beta2 has been released in public "development" channel!

What's new in 7.1beta2 (2020-Aug-21 12:29):

!) added "bgp-network" output filter flag;
!) added bonding interface support for Layer3 hardware offloading;
!) added IPv6 nexthop support for IPv4 routes;
!) added Layer3 hardware offloading support for CRS309-1G-8S+IN, CRS312-4C+8XG-RM, CRS326-24S+2Q+RM and CRS354-48G-4S+2Q+RM;
!) added WireGuard support;
*) disk - improved external disk read/write speeds;
*) ospf - fixed point to point routes becoming inactive;
*) route - fixed source address selection of outgoing packets;
*) other minor fixes and improvements;

All released RouterOS v7 changelogs are available here:
https://mikrotik.com/download/changelog ... lease-tree

How to report RouterOS v7 bugs:
viewtopic.php?f=1&t=152006
WOW, fantastic job, RouterOS getting better and better, thanks, we just need letsencrypt integrated to RouterOS.
 
User avatar
mozerd
Member
Member
Posts: 452
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 8:42 pm

But as more and more features are added (e.g. multiple different encryption methods, as in IPsec), it becomes more complicated over time.
See how it went with OpenVPN, that was also simple at first but got more complicated on the way, especially because there was little forethought on how to accomodate future flexibility in the initial protocol.
IMHO the same will happen with wireguard.
i absolutely disagree with you @pe1chl
https://www.wireguard.com/#conceptual-overview
“ WireGuard securely encapsulates IP packets over UDP. You add a WireGuard interface, configure it with your private key and your peers' public keys, and then you send packets across it. All issues of key distribution and pushed configurations are out of scope of WireGuard; these are issues much better left for other layers, lest we end up with the bloat of IKE or OpenVPN. In contrast, it more mimics the model of SSH and Mosh; both parties have each other's public keys, and then they're simply able to begin exchanging packets through the interface.”
 
User avatar
floaty
Member Candidate
Member Candidate
Posts: 231
Joined: Sat Oct 20, 2018 1:24 am
Location: 52°08'32.34"N 14°39'05.0"E

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 8:43 pm

L3-offloading is a broad topic ... the prestera-chip also supports "NVGRE, VXLAN-GPE, GENEVE, SPB, and 802.1BR port extender"
... is vxlan-tunneling now also implemented with hardware-flow-support ... or we talking just base L3-forwarding capabilities ( ... for now) ?
~~
We know what happens to people who stay in the middle of the road. They get run over.
 
FezzFest
newbie
Posts: 37
Joined: Wed Jun 03, 2015 12:03 am

Re: v7.1beta2 [development] is released!

Sat Aug 22, 2020 9:03 pm

Both Sierra MC7430 and Quectel EC25 work in MBIM mode in ROS7. Big difference with 6.47.x, as the MC7430 was only supported in PPP mode and the EC25 was supported in PPP and ECM modes. I do notice the amount of information the cards report is different. The MC7430 only reports RSSI, whereas the Quectel cards report RSSI, RSRP, SINR and RSRQ.
EC25AU.PNG
MC7430.PNG

Edit: I noticed the APN doesn't get set up properly on EC25. I can make it work with AT+CGDCONT=1,"IP","apn-name". This was not needed in 6.47.
You do not have the required permissions to view the files attached to this post.
Last edited by FezzFest on Sun Aug 23, 2020 5:07 pm, edited 3 times in total.
 
BrokenLink
just joined
Posts: 1
Joined: Sun Aug 23, 2020 11:42 am

Re: v7.1beta2 [development] is released!

Sun Aug 23, 2020 11:46 am

hi
please help about wg config
i setup peer and wg interface but cant get any traffic throw the tunnel
[admin@MikroTik] /interface/wireguard> export
# aug/22/2020 21:33:34 by RouterOS 7.1beta2
# software id = xxxx-xxxx
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = xxxxxxxxxxxxx
/interface wireguard
add listen-port=53 mtu=1420 name=wireguard private-key=\
    "private_key"
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint=185.253.xx.x:53 interface=wireguard \
    preshared-key="preshared key" public-key=\
    "pub_key"
I have the same issue, I think firewall rules are not setup correctly (although I accept traffic on the listening port and forward to/from the interface), it doesn't seem to flow. The tunnel sets up correctly and the client routes to the WG server, but I can't figure out how to correctly set it up so that traffic is routed back correctly. Does anyone have a complete example including firewall rules where how to connect a roaming client to the WG server such that all (internet) traffic is routed through the MikroTik WG system?
 
pe1chl
Forum Guru
Forum Guru
Posts: 6914
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1beta2 [development] is released!

Sun Aug 23, 2020 2:38 pm

“ WireGuard securely encapsulates IP packets over UDP. You add a WireGuard interface, configure it with your private key and your peers' public keys, and then you send packets across it. All issues of key distribution and pushed configurations are out of scope of WireGuard; these are issues much better left for other layers, lest we end up with the bloat of IKE or OpenVPN. In contrast, it more mimics the model of SSH and Mosh; both parties have each other's public keys, and then they're simply able to begin exchanging packets through the interface.”
When you restrict yourself to site-to-site tunnels between equipment running the same software, IPsec is not complicated either. E.g. a GRE/IPsec tunnel using pre-shared keys between two MikroTik routers can be configured with a couple of mouseclicks.
It becomes more complicated when you want more advanced functionality, like auto-config road warrior clients, certificates, etc. Simply declaring that "out of scope" is like burying your head in the sand; that is not going to be sustainable. Like with OpenVPN, the demand for those features will sooner or later lead to additions to wireguard, and by then it (including its new layer of additions) will be as "complicated" as OpenVPN.
Sure, IPsec can be frustrating. But only when dealing with unknown and uncontrollable peers that inconsistently publish their config. Between routers of the same manufacturer that you both control, it isn't a problem.
And with wireguard that is (for now) essentially what you have: the same software at either end.
Once the protocol develops and diverts between implementations, that will no longer be the case.
 
Znevna
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.1beta2 [development] is released!

Sun Aug 23, 2020 3:05 pm

So.. little broblem.
I've upgraded from 6.46.6 to 7.1beta2 directly (I know, bad) ...and this happend with my static routes. I made an export before and after the upgrade to see what changed.
I get the missing gateway, but the IP in pref-src? (and only there?) why?
before:
/ip route
add distance=1 dst-address=172.28.248.0/24 gateway=ipip-tunnel-z3 pref-src=\
    192.168.69.1
add distance=1 dst-address=192.168.134.0/24 gateway=ipip-tunnel-z3 pref-src=\
    192.168.69.1
add distance=1 dst-address=192.168.135.0/24 gateway=ipip-tunnel-z3 pref-src=\
    192.168.69.1
add distance=1 dst-address=192.168.136.0/24 gateway=ipip-tunnel-z3 pref-src=\
    192.168.69.1
add distance=1 dst-address=192.168.248.0/24 gateway=ipip-tunnel-z3 pref-src=\
    192.168.69.1
after:
/ip route
add dst-address=172.28.248.0/24 gateway="" pref-src=1.69.168.192
add dst-address=192.168.134.0/24 gateway="" pref-src=1.69.168.192
add dst-address=192.168.135.0/24 gateway="" pref-src=1.69.168.192
add dst-address=192.168.136.0/24 gateway="" pref-src=1.69.168.192
add dst-address=192.168.248.0/24 gateway="" pref-src=1.69.168.192
LE: I do have to read and understand the routing changes from the manual for v7.
For now I can't seem to get the IPIP tunnel to work properly over IKEv2. The other end (running 6.46.6) shows the tunnel coming up and running but nothing on the v7.1b2, and I can't send anything over it.
 
ujsd
just joined
Posts: 4
Joined: Sun Aug 23, 2020 2:56 pm

Re: v7.1beta2 [development] is released!

Sun Aug 23, 2020 3:21 pm

Both Sierra MC7430 and Quectel EC25 work great in MBIM mode in ROS7. Big difference with 6.47.x, as the MC7430 was only supported in PPP mode and the EC25 was supported in PPP and ECM modes. I do notice the amount of information the cards report is different. The MC7430 only reports RSSI, whereas the Quectel cards report RSSI, RSRP, SINR and RSRQ.

EC25AU.PNG
MC7430.PNG

I also notice the lte1 interface of the device with the EC25 card sometimes disappears after a reboot.
I like to add and ask others (if they are seeing the same) that I am seeing a similar issue with the LTE modem disappearing after a Router boot or USB Modem unplugging and plugging
The Quectel USB Modem EM12 reports no SIM detected,
I have to go into teh Qucetel EM12 modem and use AT commands to reset the SIM detect
 
miroslaw
just joined
Posts: 1
Joined: Mon Aug 10, 2020 4:44 pm

Re: v7.1beta2 [development] is released!

Sun Aug 23, 2020 5:39 pm

Thank you guys for wireguard support, that's what I've been waiting for.
One minor bug I found, can't set comment for wireguard peers (cli & webfig, havent tried winbox).
I'm using hap ac2 RBD52G-5HacD2HnD
 
rpress
Member Candidate
Member Candidate
Posts: 109
Joined: Thu May 07, 2009 5:13 am

Re: v7.1beta2 [development] is released!

Sun Aug 23, 2020 8:44 pm

Yes, I noticed also comments don't save for wireguard peers at all. Also ipv6 addresses can only be used in CLI.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6914
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1beta2 [development] is released!

Sun Aug 23, 2020 8:56 pm

I've upgraded from 6.46.6 to 7.1beta2 directly (I know, bad) ...and this happend with my static routes.
For now I'd assume that conversion from older versions does not work yet (for those features that drastically changed, like routing) and setup everything from scratch.
 
msatter
Forum Guru
Forum Guru
Posts: 1876
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v7.1beta2 [development] is released!

Sun Aug 23, 2020 10:50 pm

Request: make it possible to ignore the provided dynamic DNS by the VPN providers, also for WireGuard?
One RB4011 (cooled) and a RB760iGS (hEX S) in series. The 4011 Does PPPoE/IKEv2.
The cooler: viewtopic.php?f=3&t=138613&start=300#p799879
Running:
RouterOS 6.48beta35 / Winbox 3.27 64bits / MikroTik APP 1.3.15
 
vitalys
just joined
Posts: 1
Joined: Mon Aug 24, 2020 9:15 am

Re: v7.1beta2 [development] is released!

Mon Aug 24, 2020 9:20 am

OpenVPN realization in Mikrotik is still useless due to lack of SHA256/SHA512 support (SHA-1 deprecated https://shattered.io/)

When SHA512 will be supported in Mikrotik?
 
bratislav
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Mon May 05, 2014 10:36 am

Re: v7.1beta2 [development] is released!

Mon Aug 24, 2020 11:57 am

OpenVPN realization in Mikrotik is still useless due to lack of SHA256/SHA512 support (SHA-1 deprecated https://shattered.io/)

When SHA512 will be supported in Mikrotik?
There is a difference between hashing (as SHA1) and encryption (as AES...) and just because someone is able to generate 2 different PDF files that produce same SHA1 hash does not mean he could reversely generate private keys used in VPN ...
 
User avatar
raimondsp
MikroTik Support
MikroTik Support
Posts: 12
Joined: Mon Apr 27, 2020 10:14 am

Re: v7.1beta2 [development] is released!

Mon Aug 24, 2020 2:25 pm

The wiki page has been updated with the most-recent information regarding L3 HW Offloading:
https://wiki.mikrotik.com/wiki/Manual:C ... Offloading
 
rpress
Member Candidate
Member Candidate
Posts: 109
Joined: Thu May 07, 2009 5:13 am

Re: v7.1beta2 [development] is released!

Mon Aug 24, 2020 3:48 pm

In IPv6 firewall filter the "reject" action is not working. It causes the whole IPv6 firewall to be bypassed and the counters show bogus numbers. I tried on both "input" and "forward" chains.
 
npeca75
just joined
Posts: 21
Joined: Thu Aug 03, 2017 3:12 pm

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 6:26 am

rb 760igs
if i try to make any change on PoE / eth5 router is rebooting with kernek failure message
PoE does not work with "auto", aways say "too low"
in prev v6 release this was worked without problem
 
tpedko
just joined
Posts: 5
Joined: Wed May 22, 2019 9:58 am

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 9:39 am

model: RB4011iGS+5HacQ2HnD
add
/queue simple
add max-limit=30M/30M name=All_30Mbit queue=pcq-upload-default/pcq-download-default target=192.168.0.0/24
result, boot loop
 
krisjanisj
MikroTik Support
MikroTik Support
Posts: 75
Joined: Wed Feb 20, 2019 2:53 pm
Contact:

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 10:09 am

@miroslaw & @rpress - Wireguard peers unable to set a comment has been reported to our developers and fix will be included in next RouterOS release.
@npeca75 & @tpedko - Is it possible for You to send supout.rif files to support@mikrotik.com, referencing this forum thread, so we can troubleshoot this further?
 
evgenij
just joined
Posts: 8
Joined: Tue May 26, 2020 11:40 am

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 12:28 pm

ROS: 7.1beta2

1) Unable to create GRE6 and IPIPv6 interfaces
CLI and winbox says - failure: adding tunnel failed

2) Unable to set peer Endpoint port in winbox. CLI works

3) Unable to add IPv6 routes using the winbox: routes are deleted immediately after creation or disabling. CLI works

4) IPv4 routes are deleted immediately after disabling (winbox)
 
msatter
Forum Guru
Forum Guru
Posts: 1876
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 12:43 pm

ROS: 7.1beta2

2) Unable to set peer Endpoint port in winbox. CLI works

4) IPv4 routes are deleted immediately after disabling (winbox)
Number two was already mentioned in this thread. Number four is cosmetic and on re-entering the route window they are displayed as disabled.
One RB4011 (cooled) and a RB760iGS (hEX S) in series. The 4011 Does PPPoE/IKEv2.
The cooler: viewtopic.php?f=3&t=138613&start=300#p799879
Running:
RouterOS 6.48beta35 / Winbox 3.27 64bits / MikroTik APP 1.3.15
 
User avatar
raimondsp
MikroTik Support
MikroTik Support
Posts: 12
Joined: Mon Apr 27, 2020 10:14 am

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 2:52 pm

So announcement says CRS309-1G-8S+IN, CRS312-4C+8XG-RM, CRS326-24S+2Q+RM and CRS354-48G-4S+2Q+RM for L3 offload but CRS317 mentioned above as working.

I have CRS326-24G-2S+ (arm). Will it take advantage of L3 offloading? If so, what else will?
CRS326-24G-2S+ has an older switch chip, for which L3 offloading is not supported yet. Here is the list of supported devices:
https://help.mikrotik.com/docs/display/ ... heirlimits
 
elbob2002
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 3:05 pm

Upgraded my RB3011 this morning to 7.1beta 2.

I reset the router before upgrading and only configured it with a WAN connection to upgrade to Beta2.

Upgrade seemed to go okay so I set about configuring it correctly.

First issue was renaming an interface (ether1 renamed to WAN) would result in a reboot as soon as I clicked OK or Apply.

Second issue was a deal breaker and that was all 10 interfaces were limited to 10Mb only. I tried manually setting them to 1Gb full duplex but to no avail.

I reverted back to 6.47.2 so unfortunately I can't generate a supout but just wondering if anyone has seen anything similar? Surely there are other RB3011 users out there that have upgraded?
RB3011UiAS, RB750GR3, CRS328-24P-4S+, CRS125-24G-1S, CRS125-24G-1S-2HnD, 8 x CHR
 
evgenij
just joined
Posts: 8
Joined: Tue May 26, 2020 11:40 am

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 3:14 pm

Does anyone have problems with GRE/IPIP (v4) tunnels (interfaces don't work)? EoIP works
Last edited by evgenij on Tue Aug 25, 2020 4:31 pm, edited 1 time in total.
 
User avatar
eworm
Long time Member
Long time Member
Posts: 662
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 3:21 pm

You have to unset the timeout for GRE interfaces:
/ interface gre unset timeout [ find ]
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
evgenij
just joined
Posts: 8
Joined: Tue May 26, 2020 11:40 am

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 4:29 pm

You have to unset the timeout for GRE interfaces:
/ interface gre unset timeout [ find ]
Are you sure about timeout? there is no such option
 
User avatar
eworm
Long time Member
Long time Member
Posts: 662
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 4:49 pm

Ah, stupid me... Of course it's keepalive.
/ interface gre unset keepalive [ find ]
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
evgenij
just joined
Posts: 8
Joined: Tue May 26, 2020 11:40 am

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 5:01 pm

@eworm Thanks, now it works
 
Znevna
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 5:12 pm

Ah, stupid me... Of course it's keepalive.
/ interface gre unset keepalive [ find ]
!!!!! this fixed my IPIP tunnel too. lol (unsetting keepalive for ipip that is).
THANKS.
[admin@gw-viper-rds] /interface/ipip> print       
Flags: R - RUNNING
Columns: NAME, MTU, ACTUAL-MTU, LOCAL-ADDRESS, REMOTE-ADDRESS, DSCP
  #     NAME            MTU   ACTU  LOCAL-ADDRESS  REMOTE-ADDRE  DSCP   
  0  R  ipip-tunnel-z3  auto  1402  172.28.252.69  172.28.252.1  inherit
Running! ^^
 
sinisa
just joined
Posts: 7
Joined: Sun Apr 17, 2011 12:46 am

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 5:30 pm

Hello!
You have done a very nice work with Wireguard, I honestly did not expect it this year.

My problem with 7.1 is that recursive routes are not working (same problem as here: viewtopic.php?t=165021)

Everything else that I use is working fine (and since now we have Wiregiard, I don't need OpenVPN any more, do I don't care about UDP support)

Best regards...
 
msatter
Forum Guru
Forum Guru
Posts: 1876
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 5:35 pm

Upgraded my RB3011 this morning to 7.1beta 2.

I reset the router before upgrading and only configured it with a WAN connection to upgrade to Beta2.

Upgrade seemed to go okay so I set about configuring it correctly.

First issue was renaming an interface (ether1 renamed to WAN) would result in a reboot as soon as I clicked OK or Apply.

Second issue was a deal breaker and that was all 10 interfaces were limited to 10Mb only. I tried manually setting them to 1Gb full duplex but to no avail.

I reverted back to 6.47.2 so unfortunately I can't generate a supout but just wondering if anyone has seen anything similar? Surely there are other RB3011 users out there that have upgraded?
I still consider 7.x as a pre-Beta as it just reboots you touch someting that is untouchable. You only will know it was untouchable because, after the reboot the change was lost.

I went back to a stable Beta within minutes after walking into reboot walls.
One RB4011 (cooled) and a RB760iGS (hEX S) in series. The 4011 Does PPPoE/IKEv2.
The cooler: viewtopic.php?f=3&t=138613&start=300#p799879
Running:
RouterOS 6.48beta35 / Winbox 3.27 64bits / MikroTik APP 1.3.15
 
Znevna
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 6:02 pm

Are the issues with RAW Firewall known?
If you have any rules there (two+) issuing a disable/enable on any of them makes the counters for the existing enabled rules go crazy.
Also I have a rule that keeps counting packets when enabled even though there shouldn't be any matching traffic (the notrack one), setting a log for it doesn't show anything..
/ip/firewall/raw> print stats
Flags: X - DISABLED, I - INVALID
Columns: CHAIN, ACTION, BYTES, PACKETS
  #     CHAIN       ACTION                           BYTES                     PACKETS
  0     prerouting  drop             7 182 164 577 801 072   9 367 141 933 521 187 617
  1  X  prerouting  drop                                 0                           0
  2  X  prerouting  notrack      9 890 406 038 755 190 484  15 743 512 066 554 732 580
  3  X  prerouting  passthrough  3 821 585 153 310 984 802       6 668 097 643 014 512
You do not have the required permissions to view the files attached to this post.
 
npeca75
just joined
Posts: 21
Joined: Thu Aug 03, 2017 3:12 pm

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 6:40 pm

@npeca75 & @tpedko - Is it possible for You to send supout.rif files to support@mikrotik.com, referencing this forum thread, so we can troubleshoot this further?
Ok
supout was sent today
SUP-25925
 
elbob2002
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 7:43 pm

I still consider 7.x as a pre-Beta as it just reboots you touch someting that is untouchable. You only will know it was untouchable because, after the reboot the change was lost.

I went back to a stable Beta within minutes after walking into reboot walls.
Yeah. I wasn't expecting too much but I found the RB3011 much more unstable than the CHR and two CRS125s I have it running on.
RB3011UiAS, RB750GR3, CRS328-24P-4S+, CRS125-24G-1S, CRS125-24G-1S-2HnD, 8 x CHR
 
npeca75
just joined
Posts: 21
Joined: Thu Aug 03, 2017 3:12 pm

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 8:44 pm

Is there a plan for resolving DNS peer names in WireGuard properties?
or we are doomed to script/resolve/set wireguard peer endpoint?
 
Paternot
Forum Veteran
Forum Veteran
Posts: 758
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 10:17 pm

Is there a plan for resolving DNS peer names in WireGuard properties?
or we are doomed to script/resolve/set wireguard peer endpoint?
Yes, this is a must! Is so easy to do, since almost all the needed code is already there.
 
danbit
just joined
Posts: 4
Joined: Sun Aug 16, 2020 10:48 pm

Re: v7.1beta2 [development] is released!

Tue Aug 25, 2020 11:14 pm

Is there a plan for resolving DNS peer names in WireGuard properties?
or we are doomed to script/resolve/set wireguard peer endpoint?
Yes, this is a must! Is so easy to do, since almost all the needed code is already there.
+1 on that request. Using a domain would make things much easier indeed.

Also, I can't seem to find a way to enable logging for wireguard. Is this not yet implemented in this latest beta?
 
Paternot
Forum Veteran
Forum Veteran
Posts: 758
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.1beta2 [development] is released!

Wed Aug 26, 2020 12:16 am

Also, I can't seem to find a way to enable logging for wireguard. Is this not yet implemented in this latest beta?
Yes, it is. Just like the rest:

1) Choose the topic (info, debug, etc)
2) Choose the prefix (wireguard)
 
romas
just joined
Posts: 5
Joined: Wed Aug 26, 2020 12:27 am

Re: v7.1beta2 [development] is released!

Wed Aug 26, 2020 12:32 am

It's good news about wireguard! I updated my RB951G-2HnD and all works well. But might you help me? I have wireguard remote server (172.16.0.1) my mikrotik (172.16.0.3 / 192.168.1.1) and my laptop (192.168.1.2) and I can't understand how to setup vpn to my remote server for my laptop without mark routing?
 
redskilldough
just joined
Posts: 14
Joined: Mon Jan 04, 2016 12:40 pm

Re: v7.1beta2 [development] is released!

Wed Aug 26, 2020 3:27 am

Hi,

Let's say I have this in my wireguard configuration file, how would I deploy it in my mikrotik router?
Also, how would I route traffic from client 192.168.0.44 only, through this tunnel?

Any help would be greatly appreciated

Thanks!
[Interface]
PrivateKey = 123456=
Address = 172.16.0.12/32
Address =111:222:aaa/128
DNS = 8.8.8.8
[Peer]
PublicKey = 456789=
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
Endpoint = aaa.bbb.com:2255
 
rplant
just joined
Posts: 18
Joined: Fri Sep 29, 2017 11:42 am

Re: v7.1beta2 [development] is released!

Wed Aug 26, 2020 1:22 pm

Minor issue with Wireguard
Mostly seems great, quite impressed with it, I have not used wireguard before.

If I don't set the peer address, so any address can connect, when a peer does connect to it
it seems to set the peer address/port itself in its config :(

I would also like DNS connect
Thanks
 
User avatar
eworm
Long time Member
Long time Member
Posts: 662
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.1beta2 [development] is released!

Wed Aug 26, 2020 1:29 pm

This is by design. Peers are identified by their public key, changing the endpoint automatically makes it roam seamlessly.
If the peer changes its address the configuration should update again.
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
npeca75
just joined
Posts: 21
Joined: Thu Aug 03, 2017 3:12 pm

Re: v7.1beta2 [development] is released!

Wed Aug 26, 2020 6:29 pm

hi @krisjanisj

another issue with rb760igs

temperature sensor is missing
no such item in Winbox and also sensor is missing from SNMP

:( pitty
 
UserFan
just joined
Posts: 1
Joined: Wed Aug 26, 2020 9:00 pm

Re: v7.1beta2 [development] is released!

Wed Aug 26, 2020 9:20 pm

Please add parent proxy authentication
 
m0x35
just joined
Posts: 2
Joined: Thu Aug 27, 2020 12:38 am

Re: v7.1beta2 [development] is released!

Thu Aug 27, 2020 12:54 am

Does anyone have some issues with wifi? On my hap ac^2 from time to time wifi clients can't get ip addresses from dhcp. I have tried to reset wifi settings to default, reset router itself, configure wifi via quick setup web page. Nothing works for me. I have downgraded routeros back to the stable version and everything works just fine again. Only strange thing in logs that I saw was something like "disconnected, group exchange timeout".
 
subway
just joined
Posts: 23
Joined: Sat Oct 07, 2017 1:58 pm

Re: v7.1beta2 [development] is released!

Thu Aug 27, 2020 6:26 pm

What I tried to find out if the ROS 7 betas can run on anything else than ARM based devices? For example can it work on the CCRs?

Maybe a bit of clarification on the supported hardware would be nice as I cant find anything about that except for a single entry by Normis from 2019 (only ARM for now).
 
Paternot
Forum Veteran
Forum Veteran
Posts: 758
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.1beta2 [development] is released!

Thu Aug 27, 2020 6:37 pm

What I tried to find out if the ROS 7 betas can run on anything else than ARM based devices? For example can it work on the CCRs?

Maybe a bit of clarification on the supported hardware would be nice as I cant find anything about that except for a single entry by Normis from 2019 (only ARM for now).
Here you will find the RoS 7.1beta download link. It shows each supported architecture.
https://mikrotik.com/download
 
PaullJD
just joined
Posts: 1
Joined: Thu Aug 27, 2020 8:30 pm
Contact:

Re: v7.1beta2 [development] is released!

Thu Aug 27, 2020 8:38 pm

thanks for an added new update in 7.1beta2.
 
rpress
Member Candidate
Member Candidate
Posts: 109
Joined: Thu May 07, 2009 5:13 am

Re: v7.1beta2 [development] is released!

Thu Aug 27, 2020 9:27 pm

Looks like only one wireguard interface is working at a time, whatever is started first. Only the first shows as "running".

Does anyone have more than one simultaneous wireguard interface working?
 
User avatar
mozerd
Member
Member
Posts: 452
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v7.1beta2 [development] is released!

Thu Aug 27, 2020 10:32 pm

Does anyone have more than one simultaneous wireguard interface working?
I am not running the MikroTik implementation so I have no idea if in its current state of RouterOS 7.1beta2 how may peers can be run .... and yes under ubnt EdgeRouter I have multiple Peers running in client sites.

Following link shows how it should be done ... hope this helps you ... assuming the TiK way does not imped.

https://www.zahradnik.io/wireguard-a-vp ... ge-in-mind
scroll down to Everyone is a peer where the CLI info is shown.
 
Paternot
Forum Veteran
Forum Veteran
Posts: 758
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.1beta2 [development] is released!

Fri Aug 28, 2020 12:21 am

Looks like only one wireguard interface is working at a time, whatever is started first. Only the first shows as "running".

Does anyone have more than one simultaneous wireguard interface working?
I have one little test, with 3 CHRs. I named them after their IP, so we have 115, 116 and 118 machines.

I inserted static routes, sou The left machine should be able to ping the right machine - passing through the center one. Pay attention to the IP addresses on the Wireguard config - You will have to adjust them to your network.

This is NOT a production example. It is just the absolute minimum, in order to test two wireguard interfaces on a single machine. I didn't even set a password to the admin user.
You do not have the required permissions to view the files attached to this post.
 
rpress
Member Candidate
Member Candidate
Posts: 109
Joined: Thu May 07, 2009 5:13 am

Re: v7.1beta2 [development] is released!

Fri Aug 28, 2020 12:50 am

Looks like only one wireguard interface is working at a time, whatever is started first. Only the first shows as "running".

Does anyone have more than one simultaneous wireguard interface working?
Thanks both for your input. I have found the problem: using WebFig the listen-port always defaults to 12321. Although I was not using the port, it would conflict with the other interface. Setting one of the listen-port to something else worked fine.

Interestingly using the terminal, the listen-port seems to be randomly generated, thereby not having this issue. But I wonder if this seemingly random port could have it's own problems. With Wireguard is it possible to disable listening altogether? Maybe this would be the best default.
 
User avatar
Mannsean
just joined
Posts: 6
Joined: Thu Aug 13, 2020 3:32 pm
Location: England London

Re: v7.1beta2 [development] is released!

Fri Aug 28, 2020 1:56 am

winbox 3.24 64bit on win7, rb450gx4. Open interfaces, add Virtual ethernet. Winbox closed.
Same issue
 
kylepharo
just joined
Posts: 2
Joined: Thu Aug 22, 2019 11:49 am

Re: v7.1beta2 [development] is released!

Sat Aug 29, 2020 2:18 am

Does anyone have some issues with wifi? On my hap ac^2 from time to time wifi clients can't get ip addresses from dhcp. I have tried to reset wifi settings to default, reset router itself, configure wifi via quick setup web page. Nothing works for me. I have downgraded routeros back to the stable version and everything works just fine again. Only strange thing in logs that I saw was something like "disconnected, group exchange timeout".
I'm having similar problems on my rb4011igs+5hacq2hnd-in. Also did a reset to defaults with minor adjustments (ssid, wpa2 psk etc).
Clients appear to lose DHCP lease, then disconnect completely. Phones (iphones) appears to to experience the problem the most often

Clearing and netinstalling the latest testing 6.48beta27 issues go away, no dhcp loss/disconnections on wifi
 
romas
just joined
Posts: 5
Joined: Wed Aug 26, 2020 12:27 am

Re: v7.1beta2 [development] is released!

Sat Aug 29, 2020 9:47 am

I have a small issue with DNS over HTTPS. It works perfectly in 6.47.2, but now mikrotik can't verify certificate. I tried to re-import it, but nothing helps.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6914
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1beta2 [development] is released!

Sat Aug 29, 2020 12:09 pm

I have a small issue with DNS over HTTPS. It works perfectly in 6.47.2, but now mikrotik can't verify certificate. I tried to re-import it, but nothing helps.
Are you sure you have imported the entire chain from the root, and not only the server certificate?
 
romas
just joined
Posts: 5
Joined: Wed Aug 26, 2020 12:27 am

Re: v7.1beta2 [development] is released!

Sat Aug 29, 2020 1:56 pm

I have a small issue with DNS over HTTPS. It works perfectly in 6.47.2, but now mikrotik can't verify certificate. I tried to re-import it, but nothing helps.
Are you sure you have imported the entire chain from the root, and not only the server certificate?
Yes I'm, and it was validated succesfully on stable branch
 
romas
just joined
Posts: 5
Joined: Wed Aug 26, 2020 12:27 am

Re: v7.1beta2 [development] is released!

Sat Aug 29, 2020 2:02 pm

Hi,

Let's say I have this in my wireguard configuration file, how would I deploy it in my mikrotik router?
Also, how would I route traffic from client 192.168.0.44 only, through this tunnel?

Any help would be greatly appreciated

Thanks!
[Interface]
PrivateKey = 123456=
Address = 172.16.0.12/32
Address =111:222:aaa/128
DNS = 8.8.8.8
[Peer]
PublicKey = 456789=
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
Endpoint = aaa.bbb.com:2255
You might be interested this howto : https://rickfreyconsulting.com/wireguard/ , but how to route one client without marking I don't know, unfortunately.
 
Znevna
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.1beta2 [development] is released!

Sat Aug 29, 2020 3:00 pm

Tiny (not realy) bug:
I don't know why but my dynamic DNS servers went *poof* from the config. (Which are set by the pppoe client).
No wan disconnect, nothing in the logs. They just went missing.
And I was wondering why the DNS cache is empty...
 
redskilldough
just joined
Posts: 14
Joined: Mon Jan 04, 2016 12:40 pm

Re: v7.1beta2 [development] is released!

Sat Aug 29, 2020 3:08 pm

Hi,

Let's say I have this in my wireguard configuration file, how would I deploy it in my mikrotik router?
Also, how would I route traffic from client 192.168.0.44 only, through this tunnel?

Any help would be greatly appreciated

Thanks!
[Interface]
PrivateKey = 123456=
Address = 172.16.0.12/32
Address =111:222:aaa/128
DNS = 8.8.8.8
[Peer]
PublicKey = 456789=
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
Endpoint = aaa.bbb.com:2255
You might be interested this howto : https://rickfreyconsulting.com/wireguard/ , but how to route one client without marking I don't know, unfortunately.
Hi,

Thanks for the reply.

Anyway, I managed to get it to work, this should help those who want to connect to vpn providers that provide wireguard support, eg. I think nordvpn does.

Once you have such a configuration file for the wireguard client in windows, mac, do this, using winbox

1. Go to the wireguard menu, add a new interface

2. Leave the default setting, just add the private key from the interface section of the wireguard config file, in this example, 123456=, click apply

3. Go to the peer tab, add a new peer, use the public key from the peer section of the wireguard config file, in this example,456789=,
Since I want to route all traffic from specific clients to through this interface, put 0.0.0.0/0 in allowed ips

4. Use nslookup, resolve the endpoint, in this case, aaa.bbb.com to its ip address. Put that ip address in the end point.

5. Use the terminal go to /interface/wireguard/peers. if there is only 1 peer, run this, set 0 endpoint=[ip address]:2255

6. Go to IP addresses, set the ip address for the wireguard interface, in this case, 172.16.0.2/32

7. Go to IP firewall NAT, add a masquerade rule, chain srcnat, outgoing interface -> your wireguard interface, action=masquerade

8. Run this command in the terminal, /routing table add name=VPNProvider fib

9. Go to IP firewall mangle, add a mangle rule, use source address for the client whose traffic you want to route through the vpn interface, or use source address list for several clients.
Chain=prerouting, Action=mark routing, new routing mark, choose VPNProvider from the combo box. (This was the tricky part, you cant just type in VPNProvider like in ROS 6, you have to add it to the routing table first, the only can you choose it as a new routing mark)

10. Finally add a new route in the terminal, like this, /ip route add dst-address=0.0.0.0/0 gateway=[your wireguard interface]@main routing-table=VPNProvider

That's it, your specified clients should now be routed through your vpn connection
 
erkexzcx
just joined
Posts: 17
Joined: Mon Oct 07, 2019 11:42 pm

Re: v7.1beta2 [development] is released!

Sat Aug 29, 2020 9:32 pm

Does this beta release work great with Winbox? Or is it console-only while it's beta?
 
Sob
Forum Guru
Forum Guru
Posts: 5899
Joined: Mon Apr 20, 2009 9:11 pm

Re: v7.1beta2 [development] is released!

Sat Aug 29, 2020 9:47 pm

Most of it is ok in WinBox. There's problem with Wireguard port mentioned in this thread. Also 'routing-table' parameter is missing from IP->Route.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
romas
just joined
Posts: 5
Joined: Wed Aug 26, 2020 12:27 am

Re: v7.1beta2 [development] is released!

Sun Aug 30, 2020 11:52 am


10. Finally add a new route in the terminal, like this, /ip route add dst-address=0.0.0.0/0 gateway=[your wireguard interface]@main routing-table=VPNProvider

That's it, your specified clients should now be routed through your vpn connection
Thank you for the tricky way with marking. I did it, pings between server and mikrotik is good, DNS is working on well, but internet on the client is incredibly slow, trying to troubleshoot it
Last edited by romas on Sun Aug 30, 2020 1:01 pm, edited 1 time in total.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1848
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v7.1beta2 [development] is released!

Sun Aug 30, 2020 11:57 am

@romas:

Do you REALLY need to quote such a long post? What for?

Please edit it.
Real admins use real keyboards.
 
redskilldough
just joined
Posts: 14
Joined: Mon Jan 04, 2016 12:40 pm

Re: v7.1beta2 [development] is released!

Sun Aug 30, 2020 1:18 pm



Thank you for the tricky way with marking. I did it, pings between server and mikrotik is good, DNS is working on well, but internet on the client is incredibly slow, trying to troubleshoot it
Yes, I noticed that too. I can max out my 500/100 internet connection with ROS 6.47.2, fasttrack enabled, but with ROS 7.1b2, I'm getting only about 100+/100, even with fasttrack enabled (using a mikrotik hex).

I guess it's still in beta and will probably get better later.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8465
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v7.1beta2 [development] is released!

Sun Aug 30, 2020 3:53 pm

Could somebody check SOCKS5 with password auth in ROS v7? It's not working for me. SOCKS4 looks good.
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
NilKad
just joined
Posts: 1
Joined: Wed Sep 02, 2020 2:59 pm

Re: v7.1beta2 [development] is released!

Wed Sep 02, 2020 3:12 pm

lte1 receives DNS via DHCP (from the modem) with the checkbox off in LTE APN - Use Peer DNS. I can't turn off the use of DNS from the router side.
Mikr_DNS.png
You do not have the required permissions to view the files attached to this post.
Last edited by NilKad on Wed Sep 02, 2020 3:29 pm, edited 4 times in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6914
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1beta2 [development] is released!

Wed Sep 02, 2020 3:38 pm

You need to turn it off in the DHCP client!
 
sindy
Forum Guru
Forum Guru
Posts: 5657
Joined: Mon Dec 04, 2017 9:19 pm

Re: v7.1beta2 [development] is released!

Wed Sep 02, 2020 4:28 pm

You need to turn it off in the DHCP client!
For some modem types, the DHCP client is dynamically created and cannot be modified (nor prevented from being dynamically generated and created manually), so this advice is not applicable. For the dynamically created DHCP client, the setting in question (plus other ones) is (in theory) inherited from the apn profile.

For yet other modems (R11e-LTE6), there is no DHCP client at all, and nevertheless the IP address is assigned and the default route and other settings from apn profile are used (also in "direct IP" mode, i.e. not PPP/serial).
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6914
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1beta2 [development] is released!

Wed Sep 02, 2020 4:59 pm

You need to turn it off in the DHCP client!
For some modem types, the DHCP client is dynamically created and cannot be modified (nor prevented from being dynamically generated and created manually), so this advice is not applicable. For the dynamically created DHCP client, the setting in question (plus other ones) is (in theory) inherited from the apn profile.
Ok, but it can be clearly seen above that "Use peer DNS" is OFF in the LTE profile and it is ON in the DHCP client. So that is a bug?
 
User avatar
Gnubyte
just joined
Posts: 12
Joined: Sat Aug 15, 2020 7:31 pm
Location: Toulon - France

I just found a reproductible bug causing reboot

Wed Sep 02, 2020 5:22 pm

Hi all,
I just installed v7.1beta2 on the CCR2004 I have here in tests. I was looking for better support of 1Gbps+ SFPs interfaces inserted in SFP+ ports, and I found a bug.

*********************************************
Presentation of reproduction conditions
*********************************************

A brand New CCR2004, with an Optical GPON ONU SFP recognized as brand "ODI"
The ONU is fully functionnal under v6.47.2, seems to let change the AUto Negotiation Speed to more than 1000M Full, but allways limited to 1000M.
According to https://www.dslreports.com/forum/r32230 ... 57810S-NIC SGMII linux patches can let SFP sticks run at more that 1000M, so I give a try to v7.1beta2.
I upgraded the fimrware, go to the sfp-sfpplus interface, doble clic, and yes, it's still recognized, but this time eligible speeds are not pre checked. So I check 2.5G Full, and instant reboot.
No way to change the neciable speed. Everytime I try to change it, it reboots. Unfortunately, It seems limited to 1000M.
Capture1.PNG
  • I give a try with another stick of this kind, and I come back. I do have several sticks of this kind.
  • When I do exactly the same procedure with another SFP ONU Stick (CarllitoxxPro), it reboots.
  • It's exactly the same reboot changing the negociated speed of a S+RJ10 Mikrotik Interface
This bug, about SFP speed negociation, seems generic, including with Mikrotik Interfaces.

I can make you more explicit capture CLI, most of all for the first ONU stick of course, If you can let it run 2.5Gbps patching this bug, I would be gracefull.

Hope this helps. Feel free to contact me by email.
You do not have the required permissions to view the files attached to this post.
 
lupusx
just joined
Posts: 4
Joined: Tue Sep 20, 2011 12:13 am

Re: v7.1beta2 [development] is released!

Wed Sep 02, 2020 7:00 pm

Do beta releases require licence for testing ?

In other words can I install it f.e. on x86 for tests without any additional licence ?
 
rpress
Member Candidate
Member Candidate
Posts: 109
Joined: Thu May 07, 2009 5:13 am

Re: v7.1beta2 [development] is released!

Wed Sep 02, 2020 7:09 pm

Do beta releases require licence for testing ?

In other words can I install it f.e. on x86 for tests without any additional licence ?
Yes it requires a license. You can get a trial as usual.

And actually, when upgrading from v6 the old license is now invalid. So the license must be transferred to the new v7 install, making it not easy to go back to v6.
 
redskilldough
just joined
Posts: 14
Joined: Mon Jan 04, 2016 12:40 pm

Re: v7.1beta2 [development] is released!

Thu Sep 03, 2020 6:31 am

Thank you for the tricky way with marking. I did it, pings between server and mikrotik is good, DNS is working on well, but internet on the client is incredibly slow, trying to troubleshoot it
Hi, disabling fasttrack seems to solve this problem
 
kylepharo
just joined
Posts: 2
Joined: Thu Aug 22, 2019 11:49 am

Re: I just found a reproductible bug causing reboot

Thu Sep 03, 2020 8:03 am

A brand New CCR2004, with an Optical GPON ONU SFP recognized as brand "ODI"
The ONU is fully functionnal under v6.47.2, seems to let change the AUto Negotiation Speed to more than 1000M Full, but allways limited to 1000M.
According to https://www.dslreports.com/forum/r32230 ... 57810S-NIC SGMII linux patches can let SFP sticks run at more that 1000M, so I give a try to v7.1beta2.
I upgraded the fimrware, go to the sfp-sfpplus interface, doble clic, and yes, it's still recognized, but this time eligible speeds are not pre checked. So I check 2.5G Full, and instant reboot.
No way to change the neciable speed. Everytime I try to change it, it reboots. Unfortunately, It seems limited to 1000M.

Capture1.PNG
  • I give a try with another stick of this kind, and I come back. I do have several sticks of this kind.
  • When I do exactly the same procedure with another SFP ONU Stick (CarllitoxxPro), it reboots.
  • It's exactly the same reboot changing the negociated speed of a S+RJ10 Mikrotik Interface
This bug, about SFP speed negociation, seems generic, including with Mikrotik Interfaces.

I can make you more explicit capture CLI, most of all for the first ONU stick of course, If you can let it run 2.5Gbps patching this bug, I would be gracefull.

Hope this helps. Feel free to contact me by email.
Have you tried changing the speed/duplex etc via the CLI instead of via the web ui?

I had a similar issue forcing a 10gbit interface to be 1gbit on a CRS 317 running 7.1beta2. Via winbox would cause the router to crash, via CLI worked fine.
 
bozko
just joined
Posts: 5
Joined: Wed Nov 13, 2019 3:06 pm

Re: v7.1beta2 [development] is released!

Thu Sep 03, 2020 9:31 am

Hello,

Can someone provide a working example of wireguard setup WITHOUT Endpoint on RouterOS device?
 
User avatar
eworm
Long time Member
Long time Member
Posts: 662
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.1beta2 [development] is released!

Thu Sep 03, 2020 9:39 am

Wireguard endpoints are set and updated automatically on handshake.
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
User avatar
Gnubyte
just joined
Posts: 12
Joined: Sat Aug 15, 2020 7:31 pm
Location: Toulon - France

Re: I just found a reproductible bug causing reboot

Thu Sep 03, 2020 10:23 am


Have you tried changing the speed/duplex etc via the CLI instead of via the web ui?

I had a similar issue forcing a 10gbit interface to be 1gbit on a CRS 317 running 7.1beta2. Via winbox would cause the router to crash, via CLI worked fine.
Thanks for the advice. I try it.
 
bozko
just joined
Posts: 5
Joined: Wed Nov 13, 2019 3:06 pm

Re: v7.1beta2 [development] is released!

Thu Sep 03, 2020 10:29 am

Wireguard endpoints are set and updated automatically on handshake.

Huh. Are you sure that both of endpoint can be updated automatically?

Nevertheless, I can't find any example of routeros setup with one of the peers is with endpoint (e.g. "client") and other is without ("server"). May be I'm on wrong path...
 
User avatar
eworm
Long time Member
Long time Member
Posts: 662
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.1beta2 [development] is released!

Thu Sep 03, 2020 12:02 pm

Wireguard endpoints are set and updated automatically on handshake.
Huh. Are you sure that both of endpoint can be updated automatically?

Nevertheless, I can't find any example of routeros setup with one of the peers is with endpoint (e.g. "client") and other is without ("server"). May be I'm on wrong path...
No, only one endpoint (at a time). The other side has to initiate the handshake.

But Wireguard does not follow a classic client and server model. It has just peers, so both sides can initiate the handshake.
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
thadrumr
just joined
Posts: 24
Joined: Sat Dec 23, 2017 2:02 am

Re: v7.1beta2 [development] is released!

Thu Sep 03, 2020 4:40 pm

7.1 beta2 no longer boots in i686/32bit mode. This kernel seems to only have 64bit enabled. Is this on purpose? Are 32bit machines finally getting the ax?
 
rpress
Member Candidate
Member Candidate
Posts: 109
Joined: Thu May 07, 2009 5:13 am

Re: v7.1beta2 [development] is released!

Thu Sep 03, 2020 4:53 pm

Huh. Are you sure that both of endpoint can be updated automatically?

Nevertheless, I can't find any example of routeros setup with one of the peers is with endpoint (e.g. "client") and other is without ("server"). May be I'm on wrong path...
I don't have a single Wireguard interface with one peer as server and one as client. But I do have two Wireguard interfaces, where one is a server (listening) and has two peers. On these, the peer endpoints update automatically as already mentioned. My other Wireguard interface is a client with one peer. The CLI is needed to set the endpoint port for this one.

As I found the hard way the Wireguard interface listens regardless if you want it to or not. I expect that you should have no problem having one Wireguard interface like you want.
 
User avatar
rooted
Member Candidate
Member Candidate
Posts: 122
Joined: Tue Feb 04, 2020 5:58 pm

Re: v7.1beta2 [development] is released!

Sat Sep 05, 2020 7:40 pm

Removed due to complaining.
Last edited by rooted on Sat Sep 05, 2020 7:40 pm, edited 1 time in total.
 
nostromog
Member Candidate
Member Candidate
Posts: 199
Joined: Wed Jul 18, 2018 3:39 pm

Re: v7.1beta2 [development] is released!

Sat Sep 05, 2020 9:17 pm

lte1 receives DNS via DHCP (from the modem) with the checkbox off in LTE APN - Use Peer DNS. I can't turn off the use of DNS from the router side.
Mikr_DNS.png
In my case, even with user-peer-dns off both in lte1 and the dynamic dhcp-client, ip dns is showing it in the "dynamic-servers" and there is no way to get rid of them once installed, no matter what I do.

I'm using a USB cable with an android phone in "USB tethering" mode with a hAP ac^2. Other than this it works like a charm. The /ip/dns/dynamic-servers remain set when I unplug the cable and lte1 disapperars and remains visible only as something like *00008 in some places.
 
Znevna
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.1beta2 [development] is released!

Sat Sep 05, 2020 9:59 pm

This gentlemen wrote an in-depth tutorial for MikroTik site to site VPN:

https://rickfreyconsulting.com/wireguar ... n-example/
That's hardly an "in depth tutorial". And don't get me started on the quality of the screenshots, missing accompanied selectable text for whatever goods are or aren't in them, or the discrepancies between the screenshots and the settings export provided. Or the missing proper explanation of allowed address fields with proper examples.
Or how about the MTU? barely mentions something about it but that's it, nothing about setting up proper MTU for the interface.
"in depth", pft.
It's not rocket science to build up a Wireguard tunnel and route something over it.
Do you guys get a cut for traffic generated to his site or out of how many "clients" that guy "gets" thanks to you?:)
 
evgenij
just joined
Posts: 8
Joined: Tue May 26, 2020 11:40 am

Re: v7.1beta2 [development] is released!

Sun Sep 06, 2020 12:09 am

Does anyone have a problem with the bridge firewall?

IP firewall is enabled
I can see network traffic between the two interfaces, but not in the bridge statistics and the bridge-firewall is not catching any packets in the forward chain
 
User avatar
mozerd
Member
Member
Posts: 452
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v7.1beta2 [development] is released!

Sun Sep 06, 2020 2:38 am

This gentlemen wrote an in-depth tutorial for MikroTik site to site VPN:

https://rickfreyconsulting.com/wireguar ... n-example/
It's not rocket science to build up a Wireguard tunnel and route something over it.
Do you guys get a cut for traffic generated to his site or out of how many "clients" that guy "gets" thanks to you?:)
@ Znevna ....
IMO Rick Frey provides an excellent tutorial on using WireGuard and MikroTik and I hope that he gets as many clients as he deserves.
 
Arcticfox
just joined
Posts: 19
Joined: Fri Mar 29, 2013 2:29 pm

Re: v7.1beta2 [development] is released!

Sun Sep 06, 2020 11:12 am

Nice version, but on CRS326-24S+2Q something goes wrong: Kernel panic on much of reasons.
1. Connected to HP virtual connect via SFP+ - kernel panic
2. Connected to Procurve switch and assigned vlan to port via Copper SFP- kernel panic
3. Connected to cisco n3k-c3064pq kernel panic

And this panic is so deep that console is unreachable after reboot. Only reset to factory defaults helps to move it out.

What I did wrong (else trying beta).
 
Znevna
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.1beta2 [development] is released!

Sun Sep 06, 2020 12:08 pm

This gentlemen wrote an in-depth tutorial for MikroTik site to site VPN:

https://rickfreyconsulting.com/wireguar ... n-example/
It's not rocket science to build up a Wireguard tunnel and route something over it.
Do you guys get a cut for traffic generated to his site or out of how many "clients" that guy "gets" thanks to you?:)
@ Znevna ....
IMO Rick Frey provides an excellent tutorial on using WireGuard and MikroTik and I hope that he gets as many clients as he deserves.
Ofc you'd say that, you're in the same business model. I also hope he gets as many clients as he deserves.
"excellent" and "in depth" tutorials should be written on the forum if the intention was to share some knowledge with the users, not on some personal website for personal gain *cough* and drop the link randomly on the forum so that his website would get hits from the curious users. Luckily those two tutorials by him fits neither.
Writing a tutorial on the forum also allows you to get some feedback on your solution from other experienced users and maybe ways to improve your tutorial/solution (see the VLAN articles by pcunite for example).
As a bonus the forum provides support for proper CODE blocks that the users are used to.
As I've said, dropping links to your personal website on this forum and reddit screams only one thing and nothing good about it.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6914
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1beta2 [development] is released!

Sun Sep 06, 2020 12:12 pm

...
I fully agree with you, and also I think he is mainly a wireguard fanboi and makes false claims about the alternative methods (especially on RouterOS).
But hey, there are many of them.
 
huntermic
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Wed Oct 26, 2016 3:42 pm

Re: v7.1beta2 [development] is released!

Sun Sep 06, 2020 12:43 pm

I have an issue here with the 7.1 beta 2 on 3 hAp ac^2 devices. Had te return to the stable branch for wireless to become stable again.
On all devices i had serious stability issues.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6914
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1beta2 [development] is released!

Sun Sep 06, 2020 12:45 pm

I have an issue here with the 7.1 beta 2 on 3 hAp ac^2 devices. Had te return to the stable branch for wireless to become stable again.
On all devices i had serious stability issues.
Such a posting would actually be useful when it included relevant details of what you were experiencing.
 
nostromog
Member Candidate
Member Candidate
Posts: 199
Joined: Wed Jul 18, 2018 3:39 pm

Re: v7.1beta2 [development] is released!

Sun Sep 06, 2020 1:22 pm

I have an issue here with the 7.1 beta 2 on 3 hAp ac^2 devices. Had te return to the stable branch for wireless to become stable again.
On all devices i had serious stability issues.
He told that the same I am seeing: devices get stuck but otherwise connected on both interfaces.
Some time after last disable/enable cycle or reboot, any of the devices stop flowing through the wireless connection. If they are "clever" they migrate to the other, say wlan2. I often find after a few hours that all devices except one are in, say wlan1 and only one is in registration table at wlan2, but not working. disable/enable makes it work again, until it failed
It was not happening in 7.1beta1, it takes a few hours to happen, seems to be related with noise and distance, as it got better to me by:
* increasing the antenna gain in both interfaces (which also made for better signal overall and less warm router, BTW).
* changing a few other wireless settings.
Currently I have:
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-key-update=1h mode=dynamic-keys supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode antenna-gain=4 band=2ghz-onlyn channel-width=\
    20/40mhz-Ce country=spain disabled=no frequency=auto installation=indoor mode=ap-bridge ssid=MT \
    wireless-protocol=802.11 wmm-support=enabled
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode antenna-gain=5 band=5ghz-onlyac basic-rates-a/g=12Mbps \
    channel-width=20/40/80mhz-XXXX country=spain disabled=no frequency=auto installation=indoor mode=ap-bridge rate-set=configured \
    ssid=MT vht-supported-mcs=mcs0-9,mcs0-9,none wireless-protocol=802.11 wmm-support=enabled
and it happens less than with the default settings. Failing devices are mostly android, but also a windows and a linux laptop occassionally. I have set wireless debug in one of the phones and saw a message like NETWORK_UNAVAILABLE DHCP NOT RESPONDING=1 (I'm inventing the message but it was the idea). The router thought that the phone was happily connected, BTW, but it disappeared from registration table when I switched wifi off / on in the phone, only to return to the same when I forced to reconnect. After disable/enable of the wlanN interface everything works again... for a few hours.
 
huntermic
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Wed Oct 26, 2016 3:42 pm

Re: v7.1beta2 [development] is released!

Sun Sep 06, 2020 1:39 pm

I have an issue here with the 7.1 beta 2 on 3 hAp ac^2 devices. Had te return to the stable branch for wireless to become stable again.
On all devices i had serious stability issues.
Such a posting would actually be useful when it included relevant details of what you were experiencing.
I know and i'm sorry for that but i had to revert to a stable situation because of work i had to do. But still i thought it might be usefull to report.
The issues i had were with wifi.
Clients disconnected frequently and could often not get an ip address.
Sometimes wifi totally stopt functioning until turned of and on again on the hAp ac^2.
Last edited by huntermic on Sun Sep 06, 2020 6:53 pm, edited 1 time in total.
 
User avatar
rooted
Member Candidate
Member Candidate
Posts: 122
Joined: Tue Feb 04, 2020 5:58 pm

Re: v7.1beta2 [development] is released!

Sun Sep 06, 2020 2:02 pm

I don't know the guy who wrote the tutorial and I'm not a network engineer, seemed in depth enough to help me so I thought it may help others.

Lighten up, I removed the post...
 
Znevna
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.1beta2 [development] is released!

Sun Sep 06, 2020 8:20 pm

bug: 7.1beta2, hAP ac2
changing any interface name belonging to the internal switch using WinBox GUI makes the router reboot:
sep/06/2020 20:14:55 system,error,critical router rebooted because some critical program crashed
Doing the same thing from terminal however: /interface/ethernet/print; /interface/ethernet/set X name=ethX; works fine.

LE: another bug(?) same version/hardware.
Leaving CPU Frequency to auto, I can see the frequency going up to 896MHz on high load. Ain't this dangerous?
Shouldn't we have an option to set max freq to the default frequency of the CPU? and not overclock it? As overclocking it can lead to .. well, problems?
Thanks.
 
subway
just joined
Posts: 23
Joined: Sat Oct 07, 2017 1:58 pm

Re: v7.1beta2 [development] is released!

Sun Sep 06, 2020 11:13 pm

Bug:

1. After the upgrade (from latest stable), the PPPoE server was completely gone, but just that: the Secrets, Profiles and the rest of the PPP interfaces stayed.
2. After (or since) the upgrade, it is not possible to configure an interface as gateway under IP --> Routes. The only possibility is to set an IP as gateway.
 
Znevna
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.1beta2 [development] is released!

Sun Sep 06, 2020 11:19 pm

You can write the interface name manually and it will work even if there's no list from which you could easily select it.
On another note, I can't figure out how to setup load balancing using ECMP. More exactly how to adapt this old tutorial for v7: https://wiki.mikrotik.com/wiki/ECMP_loa ... masquerade
 
teleport
just joined
Posts: 1
Joined: Mon Sep 07, 2020 11:51 pm

Re: v7.1beta2 [development] is released!

Tue Sep 08, 2020 12:01 am

have RBG450GX4 with latest stable version. am trying to apply 7.1 beta 2. no matter what approach i take(use webfig/winbox->quickset/winbox->system->packages for upgrade,dropping npk file), i get the 'not enough space for upgrade' in the log after reboot.
here is log line 1 and 2 after reboot:
system,info 'installed system-7.1beta2'
system,error 'not enough space for upgrade'

mine is a plain vanilla install for home use with no additional configurations/packages/customizations.
please let me know
 
subway
just joined
Posts: 23
Joined: Sat Oct 07, 2017 1:58 pm

Re: v7.1beta2 [development] is released!

Tue Sep 08, 2020 1:15 pm

You can write the interface name manually and it will work even if there's no list from which you could easily select it.
Thanks! Is this just a bug in the beta that the drop down list is not visible?

After the upgrade the routes that had interfaces as gateway were all in red, and the interfaces were gone.
 
nostromog
Member Candidate
Member Candidate
Posts: 199
Joined: Wed Jul 18, 2018 3:39 pm

Re: v7.1beta2 [development] is released!

Tue Sep 08, 2020 1:22 pm

. Failing devices are mostly android, but also a windows and a linux laptop occasionally. I have set wireless debug in one of the phones and saw a message like NETWORK_UNAVAILABLE DHCP NOT RESPONDING=1 (I'm inventing the message but it was the idea).
I saw it again. The message was "NETWORK_SELECTION_DISABLED_DHCP_FAILURE=2 " (It was 1 last time I saw it. It recovers with disable/enable in wlan2 , disable/enable wlan1 in the router.

I'm not sure if the problem is due to connection o some other corruption: the wireless logs indicate good association followed by "sending station leaving (3)" about 8 seconds later, as if the station couldn't get dhcp going... but the router does not see any dhcp packet.
 
casus
just joined
Posts: 7
Joined: Wed Sep 02, 2020 9:49 am

Re: v7.1beta2 [development] is released!

Tue Sep 08, 2020 3:10 pm

Wireguard does not connect from Mikrotik behind NAT to a Linux server with a white IP.
 
User avatar
eworm
Long time Member
Long time Member
Posts: 662
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.1beta2 [development] is released!

Tue Sep 08, 2020 3:15 pm

Wireguard does not connect from Mikrotik behind NAT to a Linux server with a white IP.
What is a "white IP"?
But Wireguard with Mikrotik behind NAT is not a problem for me.
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
sindy
Forum Guru
Forum Guru
Posts: 5657
Joined: Mon Dec 04, 2017 9:19 pm

Re: v7.1beta2 [development] is released!

Tue Sep 08, 2020 3:25 pm

What is a "white IP"?
"White IP" is used in the post-soviet area instead of "public IP". "Grey" means "private". No idea what's the origin of this.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
casus
just joined
Posts: 7
Joined: Wed Sep 02, 2020 9:49 am

Re: v7.1beta2 [development] is released!

Tue Sep 08, 2020 3:30 pm

What is a "white IP"?
Without using NAT. Without port forwarding, the interface address is not in the private or gray IP range.
Linux - conditionally server, Mikrotik - peer.
But Wireguard with Mikrotik behind NAT is not a problem for me.
Share a secret )
 
User avatar
eworm
Long time Member
Long time Member
Posts: 662
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.1beta2 [development] is released!

Tue Sep 08, 2020 3:48 pm

But Wireguard with Mikrotik behind NAT is not a problem for me.
Share a secret )
I'm sorry, but there's no secret... Just works for me.
Show you configuration export, possibly there's something fishy.
/interface/wireguard/export hide-sensitive
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
casus
just joined
Posts: 7
Joined: Wed Sep 02, 2020 9:49 am

Re: v7.1beta2 [development] is released!

Tue Sep 08, 2020 4:51 pm

follow the instructions from here : https://rickfreyconsulting.com/wireguar ... n-example/
and: https://www.cyberciti.biz/faq/ubuntu-20 ... pn-server/
# model = 960PGS
# serial number = CB540BCF02D3
/interface wireguard
add listen-port=8526 mtu=1420 name=3001
/interface wireguard peers
add allowed-address=192.168.160.0/24 endpoint=XX.181.201.XXX:61830 interface=3001 public-key=\
    "Fp9D00OEAHH9zotl3pw6cMTmwICL/OkZEj7KBo4ZWns="
 
Tinuva
just joined
Posts: 8
Joined: Fri May 01, 2009 11:21 am

Re: v7.1beta2 [development] is released!

Wed Sep 09, 2020 9:32 am

Upgraded my RB3011 this morning to 7.1beta 2.
Image
I reset the router before upgrading and only configured it with a WAN connection to upgrade to Beta2.

Upgrade seemed to go okay so I set about configuring it correctly.

First issue was renaming an interface (ether1 renamed to WAN) would result in a reboot as soon as I clicked OK or Apply.

Second issue was a deal breaker and that was all 10 interfaces were limited to 10Mb only. I tried manually setting them to 1Gb full duplex but to no avail.

I reverted back to 6.47.2 so unfortunately I can't generate a supout but just wondering if anyone has seen anything similar? Surely there are other RB3011 users out there that have upgraded?
I have a similar issue like this on my RB750Gr3.

Upgraded to 7.2beta2 from 6.47 without resetting the router before the upgrade. It was then in a reboot loop until I reset it.

Afterwards, all 5 ports would connect at 1Gbps however, after a while, my WAN port ether1 would be stuck on 10Mbps sync, no matter what I do, different cables, different devices, it was stuck.
So moved the WAN port to ether5 and after a week same thing, except now I have both ether1 and ether5 stuck on 10Mbps sync.
I have moved the WAN to ether2 now, but if this keeps on happening, I will have to look at downgrading too :(

Really liked using wireguard, but 1Gbps ports are more important.

edit:
Actually I see this:
[admin@MikroTik] >> /interface/ethernet/export                                                
# sep/09/2020 08:38:45 by RouterOS 7.1beta2
# software id = VQDT-J37Q
#
# model = RouterBOARD 750G r3
# serial number = 8AFF080AF8C6
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full
set [ find default-name=ether5 ] advertise=10M-half,10M-full
Trying unset doesnt work:
/interface ethernet unset [ find default-name=ether1 ] value-name=advertise
What is the correct way to unset this advertise command ?
 
sindy
Forum Guru
Forum Guru
Posts: 5657
Joined: Mon Dec 04, 2017 9:19 pm

Re: v7.1beta2 [development] is released!

Wed Sep 09, 2020 11:06 am

What is the correct way to unset this advertise command ?

/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full

Before issuing the command above, use /interface ethernet export verbose - it will show you that the value of the advertise parameter is set to this list for ether2-ether4; it's just that without the verbose modifier, the export does not show parameters with default values.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
Tinuva
just joined
Posts: 8
Joined: Fri May 01, 2009 11:21 am

Re: v7.1beta2 [development] is released!

Wed Sep 09, 2020 11:18 am

Thank you @sindy that fixed it for me ;)
 
rplant
just joined
Posts: 18
Joined: Fri Sep 29, 2017 11:42 am

Re: v7.1beta2 [development] is released!

Thu Sep 10, 2020 4:18 am

Minor SFTP issue

winscp logging into router (hapac^2)
The top level directories (/flash, /disk1) show as broken links.
I can't click on them and go there.
I can type in /flash into winscp's open directory menu and that works fine.
 
reddin
just joined
Posts: 8
Joined: Mon May 04, 2020 11:46 pm

Re: v7.1beta2 [development] is released!

Thu Sep 10, 2020 4:53 am

Wireguard does not connect from Mikrotik behind NAT to a Linux server with a white IP.
I've tried to connect like this to a dozen of a servers and everything worked well enough for me.

I've been wondering is it possible to generate keys on mikrotik for wireguard peers?
 
huntermic
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Wed Oct 26, 2016 3:42 pm

Re: v7.1beta2 [development] is released!

Thu Sep 10, 2020 7:37 am

I would like to install v7.1beta2 on a RB4011 but it complains that it is missing multicast-7.1beta2-arm.npk
At the moment i'm running 6.48beta35 with the multicast package as extra package.
How do i upgrade without loosing the multicast functionality ( i use it for igmp-proxy ) ?

I got an answer from mikrotik: There is no multicast package, it is now part of system package, however IGMP-Proxy is not available in ROSv7 at the moment.
 
casus
just joined
Posts: 7
Joined: Wed Sep 02, 2020 9:49 am

Re: v7.1beta2 [development] is released!

Thu Sep 10, 2020 10:18 am

I've tried to connect like this to a dozen of a servers and everything worked well enough for me.

I've been wondering is it possible to generate keys on mikrotik for wireguard peers?
The Packet Sniffer on Mikrotik itself does not see any attempts to communicate with the server at all, filters by IP or port do not catch any packets in the direction of the server when the Wireguard interface is turned on and off.
Settings are made after Hard Reset, minimal - external interface and wireguard (+ manual IP for Wireguard interface).
 
rplant
just joined
Posts: 18
Joined: Fri Sep 29, 2017 11:42 am

Re: v7.1beta2 [development] is released!

Fri Sep 11, 2020 2:45 am

I've been wondering is it possible to generate keys on mikrotik for wireguard peers?
You can make a second wireguard interface, and copy the private and public key out of it.
Then delete it.
 
rplant
just joined
Posts: 18
Joined: Fri Sep 29, 2017 11:42 am

Re: v7.1beta2 [development] is released!

Fri Sep 11, 2020 2:46 am

Wireguard implementation seems to have gone pretty smoothly.

I don't suppose a backport to V6 is possible :)
 
rplant
just joined
Posts: 18
Joined: Fri Sep 29, 2017 11:42 am

Re: v7.1beta2 [development] is released!

Fri Sep 11, 2020 9:01 am

One issue with wireguard.

Sometimes It doesn't seem to keep its connection mark on output
The input to wg is coming in with a connection mark, but the output sometimes has
no connection mark.

Actually, on further review, its only when the output needs to go via a non default route.
(route marking needed), and also happens with Openvpn (and perhaps others)
sstp (tcp) using the same connection and route marking works correctly.
Last edited by rplant on Sun Sep 13, 2020 1:38 am, edited 2 times in total.
 
cihancan
just joined
Posts: 17
Joined: Thu May 14, 2020 7:51 pm

Re: v7.1beta2 [development] is released!

Fri Sep 11, 2020 10:35 pm

Ive asked in the forums before updating to V7. One of the supports said it wont harm your device. I did it and it bricked my device. Thanks and sadly i will need to buy another retarded mikrotik device because its my only option. Plus LDF-5 doesnt work in net install mode my computer doesnt recognize it. Sad...
 
pe1chl
Forum Guru
Forum Guru
Posts: 6914
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1beta2 [development] is released!

Fri Sep 11, 2020 11:05 pm

Users claiming netinstall doesn't work normally have made a mistake. It is not wise to try netinstall first on a device that already is in trouble, as when you tried it on a working device you would have found it is usually finicky.
You have to get the feel of it, and of course you have to have all the necessary preconditions present.
When you do it all correctly, it will also work on your dead LDF 5.
 
nostromog
Member Candidate
Member Candidate
Posts: 199
Joined: Wed Jul 18, 2018 3:39 pm

Re: v7.1beta2 [development] is released!

Sat Sep 12, 2020 3:20 pm

Ive asked in the forums before updating to V7. One of the supports said it wont harm your device. I did it and it bricked my device. Thanks and sadly i will need to buy another retarded mikrotik device because its my only option. Plus LDF-5 doesnt work in net install mode my computer doesnt recognize it. Sad...
Follow the manual until you arrive to configure netbooting. Then ignore what the image days (192.168.88.3) and set instead 192.168.88.1.

Then it will work.

Enviado desde mi Redmi Note 5 mediante Tapatalk

 
sapphire112
just joined
Posts: 2
Joined: Mon May 25, 2020 11:38 pm

Re: v7.1beta2 [development] is released!

Sat Sep 12, 2020 11:43 pm

downgrade V7.1 beta2 impossible to downgrade Mikrotik chateau LTE12 stable version 6.47.3 no working Need help
 
sindy
Forum Guru
Forum Guru
Posts: 5657
Joined: Mon Dec 04, 2017 9:19 pm

Re: v7.1beta2 [development] is released!

Sun Sep 13, 2020 4:22 pm

Any change on the wireguard interface changes the mtu to 1420.
[me@chr-7-1] > interface/wireguard/print
 0 name="wg-0" mtu=1500 listen-port=5555 private-key="CE8v6Js/u5gw4qyIvVbY0idQ7fu4dArDK2dwDz4q33c=" public-key="Mrm8SbfGOmEnIUfmWrI+YBRV8fClymdgaceY+EjHqhY="
[me@chr-7-1] > interface/wireguard/set [find name=wg-0] name=wg-1
[me@chr-7-1] > interface/wireguard/print
 0 name="wg-1" mtu=1420 listen-port=5555 private-key="CE8v6Js/u5gw4qyIvVbY0idQ7fu4dArDK2dwDz4q33c=" public-key="Mrm8SbfGOmEnIUfmWrI+YBRV8fClymdgaceY+EjHqhY="
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
santyx32
Member Candidate
Member Candidate
Posts: 140
Joined: Fri Oct 25, 2019 2:17 am

Re: v7.1beta2 [development] is released!

Sun Sep 13, 2020 4:24 pm

downgrade V7.1 beta2 impossible to downgrade Mikrotik chateau LTE12 stable version 6.47.3 no working Need help
The device was launched with 7.X out of the box, you can't go lower than that
OpenWRT build download for hAP ac2, don't forget to backup ROS license

I'm the guy known as geminis3
 
sapphire112
just joined
Posts: 2
Joined: Mon May 25, 2020 11:38 pm

Re: v7.1beta2 [development] is released!

Sun Sep 13, 2020 6:43 pm

downgrade V7.1 beta2 impossible to downgrade Mikrotik chateau LTE12 stable version 6.47.3 no working Need help
The device was launched with 7.X out of the box, you can't go lower than that
thank
to select the external antenna the menu which I must select both div main! ::
 
Shizumi
just joined
Posts: 1
Joined: Wed Feb 27, 2019 10:09 pm

Re: v7.1beta2 [development] is released!

Sun Sep 13, 2020 9:44 pm

I have an issue here with the 7.1 beta 2 on 3 hAp ac^2 devices. Had te return to the stable branch for wireless to become stable again.
On all devices i had serious stability issues.
He told that the same I am seeing: devices get stuck but otherwise connected on both interfaces.
Some time after last disable/enable cycle or reboot, any of the devices stop flowing through the wireless connection. If they are "clever" they migrate to the other, say wlan2. I often find after a few hours that all devices except one are in, say wlan1 and only one is in registration table at wlan2, but not working. disable/enable makes it work again, until it failed
It was not happening in 7.1beta1, it takes a few hours to happen, seems to be related with noise and distance, as it got better to me by:
* increasing the antenna gain in both interfaces (which also made for better signal overall and less warm router, BTW).
* changing a few other wireless settings.
Currently I have:
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-key-update=1h mode=dynamic-keys supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode antenna-gain=4 band=2ghz-onlyn channel-width=\
    20/40mhz-Ce country=spain disabled=no frequency=auto installation=indoor mode=ap-bridge ssid=MT \
    wireless-protocol=802.11 wmm-support=enabled
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode antenna-gain=5 band=5ghz-onlyac basic-rates-a/g=12Mbps \
    channel-width=20/40/80mhz-XXXX country=spain disabled=no frequency=auto installation=indoor mode=ap-bridge rate-set=configured \
    ssid=MT vht-supported-mcs=mcs0-9,mcs0-9,none wireless-protocol=802.11 wmm-support=enabled
and it happens less than with the default settings. Failing devices are mostly android, but also a windows and a linux laptop occassionally. I have set wireless debug in one of the phones and saw a message like NETWORK_UNAVAILABLE DHCP NOT RESPONDING=1 (I'm inventing the message but it was the idea). The router thought that the phone was happily connected, BTW, but it disappeared from registration table when I switched wifi off / on in the phone, only to return to the same when I forced to reconnect. After disable/enable of the wlanN interface everything works again... for a few hours.
Can confirm the DHCP issue on RB4011iGS+5HacQ2HnD-IN, though I've only had it happen with one laptop (AC 9560, Arch Linux: linux 5.8.7.arch1-1 networkmanager 1.26.2-1). I was initially reluctant to blame RouterOS since I do tinker with a lot of experimental stuff (and the network card allegedly sometimes has issues with BT, got a new BT mouse recently, etc.), and all other devices seemed to operate normally, but after finally spending a few hours troubleshooting this I have to assume it's the router. RouterOS log only shows the client connecting and disconnecting. Linux/networkmanager log shows a DHCP timeout, which will (by default) make it disconnect after 45s and try reconnecting again. I noticed a DHCP lease does exist for the MAC address.

It isn't very consistent though, 7.1b2 worked normally at first, then the issue would occasionally kill the connection, but would be successfully reestablished after a few reconnects. It gets worse over time, from 1-2 times per day to every few minutes, until DHCP would fail every single time (no clear indication why). All other devices I checked worked normally at the time. Router restart fixes the issue temporarily.
Everything worked fine with 7.0 (I think b5, pretty sure I didn't test out 7.0b7 onwards with the new kernel).
 
gzgenm
just joined
Posts: 3
Joined: Sun Oct 07, 2018 7:09 pm

Re: v7.1beta2 [development] is released!

Mon Sep 14, 2020 12:48 am

Can't make ptp ospf work with mikrotik running 6.47
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8465
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v7.1beta2 [development] is released!

Mon Sep 14, 2020 10:22 pm

I have ospf working over L2TP and SSTP, but there's some (visual?) weirdness in /ip routes with dynamic routes...
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6111
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.1beta2 [development] is released!

Tue Sep 15, 2020 10:00 am

What kind of weirdness? Known issue is that ospf route can appear twice in routing table.
 
2be
just joined
Posts: 1
Joined: Tue Sep 15, 2020 10:28 am

Re: v7.1beta2 [development] is released!

Tue Sep 15, 2020 10:37 am

Hello guys,

Could you please tell me, how can I set gateway value to the specific interface for incoming BGP filter?
/routing/filter/rule/add action=accept chain=bgp_in set-in-nexthop-direct=gateway1
doesn't seem to work. Perhaps set-in-nexthop-direct isn't implemented yet in ROS 7?

Is there any workaround for this?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8465
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v7.1beta2 [development] is released!

Tue Sep 15, 2020 3:56 pm

What kind of weirdness? Known issue is that ospf route can appear twice in routing table.
Exactly: viewtopic.php?p=812440#p812440
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
Fopwoc
just joined
Posts: 6
Joined: Mon Nov 18, 2019 3:23 pm
Location: Moscow

Re: v7.1beta2 [development] is released!

Tue Sep 15, 2020 11:28 pm

my router was hacked on this beta version!

Ip of the malware from Hong Kong
telegram: @NotCuckold
First year of computer science
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1805
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: v7.1beta2 [development] is released!

Tue Sep 15, 2020 11:31 pm

I guess you have opened the admin (web/winbox/ssh or other) from internet.
Do you use VPN or secure your ruter better.
 
How to use Splunk to monitor your MikroTik Router(s)

MikroTik->Splunk
 
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8465
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v7.1beta2 [development] is released!

Wed Sep 16, 2020 12:03 am

my router was hacked on this beta version!

Ip of the malware from Hong Kong
Any details?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
4903000
just joined
Posts: 3
Joined: Wed Oct 09, 2019 10:32 am

Re: v7.1beta2 [development] is released!

Thu Sep 17, 2020 4:56 am

Consider IPv6 NAT function please!
In my network enviroment I use 6in4 tunnel to access IPv6 resource ,It's just provide only one IPv6 address,so I need IPv6 NAT(ip6tables) to masquerade private IPv6 address.
Thanks!
 
spaxton
Member Candidate
Member Candidate
Posts: 181
Joined: Fri Jan 01, 2010 12:18 pm

Re: v7.1beta2 [development] is released!

Thu Sep 17, 2020 10:26 am

Hello,

I didn't install this version but I would like to ask if there will be any FTTH GPON settings parameters in this version..? Means that if I insert a GPON L2 SFP like Huawei HPSP2120, will there be any settings in mikrotik to add like LOID, password, PON serial...?

Best Regards.
 
xayide
just joined
Posts: 2
Joined: Sun Aug 18, 2019 8:11 pm

Re: v7.1beta2 [development] is released!

Fri Sep 18, 2020 4:26 pm

Can you get 1Gbps wireguard throughput on any of the mikrotik devices at this time?
 
Paternot
Forum Veteran
Forum Veteran
Posts: 758
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.1beta2 [development] is released!

Fri Sep 18, 2020 7:33 pm

Can you get 1Gbps wireguard throughput on any of the mikrotik devices at this time?
They posted a print with one hAP AC2 doing 700 Mbps. Given the CPU used by the RB4011, with also 4 cores and much higher processing power, I'd say yes.
 
xayide
just joined
Posts: 2
Joined: Sun Aug 18, 2019 8:11 pm

Re: v7.1beta2 [development] is released!

Fri Sep 18, 2020 9:18 pm

Thats a dream coming true. Getting away from the monster high frequency Intel Xeon (running openvpn at 700Mbps and now wireguard at 1Gbps, which is no problem) down to a single small router with poe and 1 gbps of protected internet....Just move all servers over to a tiny intel nuc to, if one can do with mikrotik I will not even need dual NIC or 2,5gbps to do full duplex firewalling at 1gbps. This is awesome!
 
sku
just joined
Posts: 1
Joined: Sat Sep 19, 2020 11:29 am

Re: v7.1beta2 [development] is released!

Sat Sep 19, 2020 11:35 am

They posted a print with one hAP AC2 doing 700 Mbps. Given the CPU used by the RB4011, with also 4 cores and much higher processing power, I'd say yes.
I just setup Wireguard on my hAP AC² to replace the IPSEC tunnel I had before and am seeing around ~ 230 Mbit/s with max overclocked CPU on it. Would be nice to squeeze out a little bit more. Here is the CPU load while it's running and I have fasttrack disabled.

Image

Thanks to Mikrotik for Wireguard in the first place it's an amazing addition.

I can also confirm that 2,4 GHZ Wifi is broken and client's don't get dhcp on that one, 5 GHZ seems to work fine.
Last edited by sku on Sat Sep 19, 2020 11:50 am, edited 1 time in total.
 
nostromog
Member Candidate
Member Candidate
Posts: 199
Joined: Wed Jul 18, 2018 3:39 pm

Re: v7.1beta2 [development] is released!

Sun Sep 20, 2020 1:09 pm

I just setup Wireguard on my hAP AC²

(...)

I can also confirm that 2,4 GHZ Wifi is broken and client's don't get dhcp on that one, 5 GHZ seems to work fine.
For me it works... until it stops working. Then I do
/interface/wireless { disable wlan1; enable wlan1}
ant it works again... until it stops working again, in a few hours.
 
14459278
just joined
Posts: 1
Joined: Tue Aug 25, 2020 6:32 pm
Location: Dhaka,Bangladesh
Contact:

Re: v7.1beta2 [development] is released!

Sun Sep 20, 2020 10:24 pm

System>Resources> CPU & CPU frequency not showing on RouterOS v7 BETA... Its problem???
You do not have the required permissions to view the files attached to this post.
 
User avatar
anthonws
newbie
Posts: 34
Joined: Sat Jan 09, 2016 6:46 pm

Re: v7.1beta2 [development] is released!

Mon Sep 21, 2020 8:10 am

I just setup Wireguard on my hAP AC²

(...)

I can also confirm that 2,4 GHZ Wifi is broken and client's don't get dhcp on that one, 5 GHZ seems to work fine.
For me it works... until it stops working. Then I do
/interface/wireless { disable wlan1; enable wlan1}
ant it works again... until it stops working again, in a few hours.
+1 quite unstable WiFi connection. Devices don't get DHCP. Had to force static lease for my Android phone, otherwise it would never connect... Same thing happens with my iPad.
 
ksteink
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Thu Mar 31, 2016 6:54 pm

Re: v7.1beta2 [development] is released!

Mon Sep 21, 2020 6:03 pm

Any dates to get the Stable Release? I like to not continue using 6.xx and already push to get 7.xx
 
nemoforum
newbie
Posts: 38
Joined: Thu Jan 05, 2017 11:08 pm

Re: v7.1beta2 [development] is released!

Mon Sep 21, 2020 10:42 pm

RouterOS version 7.1beta2 has been released in public "development" channel!
Can also confirm a DHCP issues on hAP ac2: wireless clients time to time are unable to get IP address and reconnect in a loop.
WLAN interface disabling/enabling temporary "fix" the problem.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6914
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1beta2 [development] is released!

Mon Sep 21, 2020 10:54 pm

Any dates to get the Stable Release? I like to not continue using 6.xx and already push to get 7.xx
There are still so many small issues (and likely some big ones) that it would be foolish to promote it to "stable" anytime soon!
And of course it would have to go via "testing" anyway.
 
Paternot
Forum Veteran
Forum Veteran
Posts: 758
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.1beta2 [development] is released!

Mon Sep 21, 2020 11:41 pm

Any dates to get the Stable Release? I like to not continue using 6.xx and already push to get 7.xx
There are still so many small issues (and likely some big ones) that it would be foolish to promote it to "stable" anytime soon!
And of course it would have to go via "testing" anyway.
All true. But sometimes I start thinking about it. No idea when it will be released, but I hope it will be before june 2021. One can always dream... :D
 
User avatar
NAB
Trainer
Trainer
Posts: 515
Joined: Tue Feb 10, 2009 4:08 pm
Location: UK
Contact:

Re: v7.1beta2 [development] is released!

Thu Sep 24, 2020 5:29 pm

I can confirm that WireGuard 'just works'. Did a lab configuration and it was fine, so reconfigured the office anonymous VPN with our preferred supplier (https://vpn.ac/) who we have no hesitation in recommending, and that just worked too.
Can't wait for a proper 'stable' release of ROS7 now so we can start replacing various L2TP/IPSec and other VPNs across our entire customer base. Shame we lost that huuuuuuuuge potential customer some time ago though :-(

Thank you for WireGuard, Mikrotik.

I have several issues with v7 though....

* I'm not bothered about only being able to specify the WireGuard port from the command line, but I do get annoyed by having to reset the endpoint from the command line after I change something else in the peer definition.
* The packet sniffer doesn't show source and destination IPs in its live packet log (this actually stopped working at some point in v6).
* The drop-down route/interface box has gone when you create a route - now you have to type interface names in rather than just select them.
 
Znevna
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.1beta2 [development] is released!

Fri Sep 25, 2020 10:41 am

Ah, stupid me... Of course it's keepalive.
/ interface gre unset keepalive [ find ]
!!!!! this fixed my IPIP tunnel too. lol (unsetting keepalive for ipip that is).
THANKS.
[admin@gw-viper-rds] /interface/ipip> print       
Flags: R - RUNNING
Columns: NAME, MTU, ACTUAL-MTU, LOCAL-ADDRESS, REMOTE-ADDRESS, DSCP
  #     NAME            MTU   ACTU  LOCAL-ADDRESS  REMOTE-ADDRE  DSCP   
  0  R  ipip-tunnel-z3  auto  1402  172.28.252.69  172.28.252.1  inherit
Running! ^^
Wanted to write about this earlier but forgot.
Things are half working.
The only way I managed to keep the tunnel running and alive was to leave keep-alive set on the 6.46.x end and leave it off on the 7.1b2 end, but also had to set a netwatch on 7.1b2 to ping the 6.46.x end every 10 seconds. Or else the tunnel goes down (the 6.46.x end stops running).
Weird.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6914
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.1beta2 [development] is released!

Fri Sep 25, 2020 11:39 am

That is likely due to an unrelated issue, e.g. there is a NAT router somewhere inbetween or you use connection-tracking and not enough rules to be able to open the connection from both ends.
In such a situation the tunnel will fail when there is no traffic for more than the timeout of the connection tracking.
 
Znevna
Member Candidate
Member Candidate
Posts: 126
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.1beta2 [development] is released!

Fri Sep 25, 2020 12:01 pm

Excluded, same config works fine without "workarounds" between 6.46.x versions.
Without the netwatch set in 7.1b2, the end from 6.46 fails after the keepalive timeout (10,3 = it stops running after 30 sec.) nothing to do with conntrack.
 
mafiosa
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Fri Dec 09, 2016 8:10 pm

Re: v7.1beta2 [development] is released!

Fri Sep 25, 2020 6:01 pm

One year since v7 came into existence yet it is till in BETA. Hope to see RC by next year.

Who is online

Users browsing this forum: nz_monkey and 8 guests