Page 1 of 1

v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 2:00 pm
by emils
RouterOS version 7.1beta2 has been released in public "development" channel!

What's new in 7.1beta2 (2020-Aug-21 12:29):

!) added "bgp-network" output filter flag;
!) added bonding interface support for Layer3 hardware offloading;
!) added IPv6 nexthop support for IPv4 routes;
!) added Layer3 hardware offloading support for CRS309-1G-8S+IN, CRS312-4C+8XG-RM and CRS326-24S+2Q+RM;
!) added WireGuard support;
*) disk - improved external disk read/write speeds;
*) ospf - fixed point to point routes becoming inactive;
*) route - fixed source address selection of outgoing packets;
*) other minor fixes and improvements;

All released RouterOS v7 changelogs are available here:
https://mikrotik.com/download/changelog ... lease-tree

How to report RouterOS v7 bugs:
viewtopic.php?f=1&t=152006

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 2:07 pm
by Kindis
This level 3 offloading looks very interesting. Do we have any numbers to show what it can mean as this has the potential to put emphasis on the R in CRS :-)

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 2:15 pm
by santyx32
Finally Wireguard

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 2:36 pm
by mafiosa
RouterOS version 7.1beta2 has been released in public "development" channel!

What's new in 7.1beta2 (2020-Aug-21 12:29):

!) added "bgp-network" output filter flag;
!) added bonding interface support for Layer3 hardware offloading;
!) added IPv6 nexthop support for IPv4 routes;
!) added Layer3 hardware offloading support for CRS309-1G-8S+IN, CRS312-4C+8XG-RM, CRS326-24S+2Q+RM and CRS354-48G-4S+2Q+RM;
!) added WireGuard support;
*) disk - improved external disk read/write speeds;
*) ospf - fixed point to point routes becoming inactive;
*) route - fixed source address selection of outgoing packets;
*) other minor fixes and improvements;

All released RouterOS v7 changelogs are available here:
https://mikrotik.com/download/changelog ... lease-tree

How to report RouterOS v7 bugs:
viewtopic.php?f=1&t=152006
Good to see ospf issue to be resolved. Also wireguard is a much awaited feature. Thanks!

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 2:40 pm
by leoktv
Any update in the v7 Routing Protocol Status?

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 2:49 pm
by Paternot
This level 3 offloading looks very interesting. Do we have any numbers to show what it can mean as this has the potential to put emphasis on the R in CRS :-)
It does routing at wirespeed, in all ports. There are several constraints, and a limit of 4096 connections, if I'm not wrong. But in some use cases it will be a killing feature.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 2:55 pm
by pe1chl
Observations (not really new for this build but maybe off the radar):
- when a static route is disabled, it disappears from the listing entirely, as if it has been deleted. when the window is closed/reopened, it appears again in greyed-out status.
- the BGP functionality still exists only in CLI and not in winbox. I would have hoped (or maybe this is the time to do that!) that all GUI info is derived from a common set of tables that is shared by all the user interfaces, so the work does not have to be done 3 times...
- when I close the Log window and re-open it, winbox completely hangs.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 3:07 pm
by null31
WireGuard implementation was done like MikroTik did to OpenVPN or kept as is in Linux 5.6?
Thank you.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 3:09 pm
by mrshark
any hint on how to flash this on a HAP MINI? On previous beta, it said internal storage is not enough to upgrade... it's a brand new model, factory reset... maybe because of beta and so build not optimized yet? Will it ever be a version for low storage devices?

thanks in advance

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 3:13 pm
by null31
any hint on how to flash this on a HAP MINI?
thanks in advance
Use NetInstall to flash hAP Mini.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 3:14 pm
by ludvik
winbox 3.24 64bit on win7, rb450gx4. Open interfaces, add Virtual ethernet. Winbox closed.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 3:26 pm
by Quasar
WireGuard implementation was done like MikroTik did to OpenVPN or kept as is in Linux 5.6?
Thank you.
It's Wireguard v1.0.0 proper (as shipped with v5.6).

Note for whoever wants to give it a spin: you need to use the cli to set the peer endpoint - Winbox doesn't allow you to set the port (it will default to 0).

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 3:42 pm
by Cha0s
!) added WireGuard support;
Gave it a try on a hEX (RB750Gr3) and it worked out of the box!

The performance was capped at around 100mbit though. Maybe the hEX is not powerful enough.
More tests are warranted :)

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 3:43 pm
by mozerd
This level 3 offloading looks very interesting. Do we have any numbers to show what it can mean as this has the potential to put emphasis on the R in CRS :-)
It does routing at wirespeed, in all ports. There are several constraints, and a limit of 4096 connections, if I'm not wrong. But in some use cases it will be a killing feature.
@Paternot
I 4 1 do NOT believe that It will do routing at wire-speed ... why I do not believe that .... because for L3 wire-speed requires an ASIC and non of the hardware specs I see have that L3 ASIC in the gear. Yes there will be an improvement in performance but nowhere near wire-speed.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 3:54 pm
by macgaiver
@Paternot
I 4 1 do NOT believe that It will do routing at wire-speed ... why I do not believe that .... because for L3 wire-speed requires an ASIC and non of the hardware specs I see have that L3 ASIC in the gear. Yes there will be an improvement in performance but nowhere near wire-speed.
https://i.mt.lv/cdn/product_files/CRS32 ... 200149.png
Are you sure that mention switchip doesn't have that feature?

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 3:55 pm
by msatter
Just tried this version and had to go back to 6.4x.
  • Bug [SUP-15464] which is partly fixed in 6.4x is still present in 7.1x (retain correct MTU PPPoE through a SFP on a 4011) restarting the SFP does not help.
  • Changing the MTU manually on a interface crashes the router (tested it on a 4011 and 750-Gr2) remark, MTU set in the configuration by a 6.4x seems to be honored
  • In routing I noticed something different on the route for the gateway PPPoE connection, the first was 0.0.0.0/0 but that a label DAv instead of DAS (v from VPN) and I have IKEv2 defined but not all traffic has to go through a tunnel. I assume this "v" indicates that the IKEv2 tunnels are terminated on the PPPoE.

I did upgrade my firmware to 7.1x but to no avail. And I first downgraded to 6.47.2 before upgrading to the 7.1beta2

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 4:09 pm
by mbovenka
I 4 1 do NOT believe that It will do routing at wire-speed ... why I do not believe that .... because for L3 wire-speed requires an ASIC and non of the hardware specs I see have that L3 ASIC in the gear. Yes there will be an improvement in performance but nowhere near wire-speed.

What do you think the, let's say 98DX8208 chip in the CRS309 is? It's a switching ASIC that has lots of functionality built in, L3 forwarding among them. MT simply didn't implement it up to now.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 4:17 pm
by DarkNate
WireGuard Support! Finally! About time!

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 4:32 pm
by honzam
Any update in wireless?

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 4:33 pm
by mozerd
https://i.mt.lv/cdn/product_files/CRS32 ... 200149.png
Are you sure that mention switchip doesn't have that feature?
@macgaiver
I am not familiar with that specific switch chip so I am in part writing out of ignorance of that specific chip.

I am familiar with how CISCO does in on their MLS devices. Typically for wire-speed routing in the Cisco Switch world Cisco requires three entities to implement multilayer switching: the switching engine (SE), the route processor (RP), and the MLS protocol. The SE performs the switching function, the RP performs the routing function, and the MLS protocol provides for communication between these two devices. This aside, there is one very simple concept that makes it all possible: the flow. A flow can be defined as a stream of packets from the same source to the same destination using the same application. As an example, a flow could be an HTTP session between a source browser and a target server. In a Cisco MLS network, the initial packet in a session is routed via the RP, but all subsequent packets in that particular session are switched by the SE. The SE maintains a cache about these flows and can determine whether or not a given packet is part of an established session. If so, the SE rewrites the pertinent packet info as if it had been processed by the router and then switches the packet. This process is commonly referred to as “route once, switch many.” It occurs at switch speed, not at the slower router speed.

So in terms of MikroTik and RouterOS I do not see ANY functionality that mimics or deals with wire-speed Routing at the switch level.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 4:38 pm
by reddin
Hello!
Just upgraded to v7.1b2 and spotted a few issues:
First and most important is routing marks don't work
The second one is about wireguard. Why I can't specify the port number for peer? Is it intended or a bug as well?

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 4:55 pm
by mrshark
any hint on how to flash this on a HAP MINI?
thanks in advance
Use NetInstall to flash hAP Mini.
not able to put device in netboot mode in any way tried... short, direct cable from pc eth to eth2, i add this command:
/system routerboard settings set boot-device=try-ethernet-once-then-nand
then unplug power and eth, move eth to eth1 port, replug power, it never appears in netinstall...

left eth cable in eth1, unplug power, keep pressed reset for more than 2 minutes, nothing, never appeared in netinstall...
again, unplugged power, keep pressed reset, replug power, left reset after lights went off, nothing again...

windows firewall disabled, av disabled, ip pc 192.168.88.2/24-->.1, ip netboot 192.168.88.3...

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 4:57 pm
by mrshark
The second one is about wireguard. Why I can't specify the port number for peer? Is it intended or a bug as well?
in comments above is said to use cli for now, probably winbox is not yet updated to include gui for wireguard

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 5:03 pm
by cxcool
Wireguard endpoint port need to be fix in winbox .
there is no way to enter IP:port in winbox
CLI OK

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 5:04 pm
by reddin
The second one is about wireguard. Why I can't specify the port number for peer? Is it intended or a bug as well?
in comments above is said to use cli for now, probably winbox is not yet updated to include gui for wireguard
Yeah, it works via cli, thanks.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 5:14 pm
by Cha0s
So in terms of MikroTik and RouterOS I do not see ANY functionality that mimics or deals with wire-speed Routing at the switch level.
L3 offloading happens on the switch chip.
That's why it's called "L3 offloading". They offload the routing functionality from the CPU, to the switch chip, thus achieving wirespeed.

The switch chips used in those RB models (which are ASICs basically) do support L3 routing at wirespeed as per Marvell's datasheet.
The hardware support was already there, but MikroTik just started supporting it on ROS.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 5:14 pm
by null31
not able to put device in netboot mode in any way tried... short, direct cable from pc eth to eth2
@mrshark
You need to use a switch between pc and router. Direct connection is prone to fail, since you have a change on link state.
So, the netinstall "become" slow to detect the router.
Also, typically ether1 is used by netboot, except if is identified another port for that role.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 5:23 pm
by mozerd
The switch chips used in those RB models (which are ASICs basically) do support L3 routing at wirespeed as per Marvell's datasheet.
The hardware support was already there, but MikroTik just started supporting it on ROS.
@Cha0s
Do you have a link to the Marvell's datasheet.for the Chjp referred to please?

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 5:27 pm
by Cha0s
I don't have it at hand, but I remember someone had posted it in the forum a while ago.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 5:44 pm
by mozerd
I don't have it at hand, but I remember someone had posted it in the forum a while ago.
OK thanks .... I found the following that looks very interesting and exciting for MikroTik users :-)
Marvell PRESTERA 98DX83xx Family

In reading the specs I do not see L3 wire-speed benefits.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 6:02 pm
by Paternot
This level 3 offloading looks very interesting. Do we have any numbers to show what it can mean as this has the potential to put emphasis on the R in CRS :-)
It does routing at wirespeed, in all ports. There are several constraints, and a limit of 4096 connections, if I'm not wrong. But in some use cases it will be a killing feature.
@Paternot
I 4 1 do NOT believe that It will do routing at wire-speed ... why I do not believe that .... because for L3 wire-speed requires an ASIC and non of the hardware specs I see have that L3 ASIC in the gear. Yes there will be an improvement in performance but nowhere near wire-speed.
Well, the switch chipset has the circuitry. If they will implement it all they way is another question. But the hardware is already there.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 6:18 pm
by pe1chl
There is no need to question the possibility of doing L3 routing on a switch, there have been competing switches from other companies that do wirespeed routing for a long time.
It must be like 20 years ago when I got my first 3com L3 switch and was amazed at how it could route so fast, for that price, when compared to Cisco routers of the day (3640 etc).
And indeed, it normally works as described: the first packet for a src/dst ip pair is handled by the CPU, then an item is programmed in the switch that forwards the remainder of the traffic.
Just like it is done for L2 switching (where a MAC table is kept in the switch hardware to know where to forward the traffic.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 6:40 pm
by poisons
Wireguard support cool thing, but where is an instruction how to use it?

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 6:41 pm
by mistry7
Any update in wireless?
Still waiting for something?

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 6:50 pm
by eworm
Wireguard support cool thing, but where is an instruction how to use it?
Configuring wireguard is pretty straight forward. Just look at the options available.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 7:02 pm
by ksteink
Very nice features!!! love them so far and keep going!!

Any time frame to move off development phase and make it ready for production / stable?

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 7:34 pm
by mducharme
IPv6 BGP is working now! Thanks MikroTik!

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 7:53 pm
by mducharme
Any time frame to move off development phase and make it ready for production / stable?
They still have to implement MPLS - I think that is the one major feature still missing from the current beta. Otherwise, there are probably many small fixes needed here and there.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 8:22 pm
by Jotne
any hint on how to flash this on a HAP MINI? On previous beta, it said internal storage is not enough to upgrade... it's a brand new model, factory
Do a search on this forum and you find many answer. Netinstall is one way. You can also downgrade to an older version that is much smaller, like some 6.44.x version, then upgrade to latest.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 8:28 pm
by IPAsupport
Any time frame to move off development phase and make it ready for production / stable?
They still have to implement MPLS - I think that is the one major feature still missing from the current beta. Otherwise, there are probably many small fixes needed here and there.
Totally agree! I will love to see MPLS implemented

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 9:08 pm
by metricmoose
Wireguard is working well, except for that minor winbox issue with the endpoint port. With how easy it was to setup, I totally get the Wireguard hype now. IPSEC has a frustrating amount of knobs to turn.

Between a couple hAP ac² routers, I was getting about 280 Mbps UDP. When I changed out one of those hAP ac² routers with an older RB951G-2HnD, I was getting about 75 Mbps. That's probably better than I'd get out of IPSEC on the same device!

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 9:35 pm
by rooted
Wireguard is included in the beta, that's awesome. Thank you to all the devs for the addition, looking forward to setting it up then I get home.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 10:30 pm
by mducharme
P.S. One thing I would really like to see in the new RouterOS v7 MPLS implementation is MPLS mangle for QoS purposes - specifically, "mark packet" and "set priority" actions for MPLS. Right now to do MPLS QoS on RouterOS we have to create a bunch of extra bridges and use bridge filters for QoS. A simple MPLS mangle table would allow us to get rid of those extra bridges.

Also, please add "set priority" to the IPv6 Mangle. We have to use bridge filters as a workaround for that too at the moment.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 11:32 pm
by IPAsupport
This level 3 offloading looks very interesting. Do we have any numbers to show what it can mean as this has the potential to put emphasis on the R in CRS :-)

Here is the preliminary testing we have done on this version with two CHRs on ProxMox that are each on a different VLAN and the CRS317 routes between the VLANs

This is very quick UDP test - we will do more work using TCP with traffic generator and iperf3

4 to 5 Gbps with UDP and 0 to 3% CPU load


Image

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 11:39 pm
by anuser
Any update in wireless?
Still waiting for something?
We are waiting for the usual stuff:
1. airtime fairness improvvements (http://blog.cerowrt.org/post/real_results/, https://forum.openwrt.org/t/aql-and-the ... vely/59002)
2. MU-MIMO
3. 802.11 k/v/r
...

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 21, 2020 11:43 pm
by anuser
There is no need to question the possibility of doing L3 routing on a switch, there have been competing switches from other companies that do wirespeed routing for a long time.
3Com 4800G switch from 2009 is my bread and butter switch: IS-IS, BGP, OSPF, VRF; PIM-SSM all running with full IPv4 and IPv6 support.

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 1:23 am
by santyx32
Any update in wireless?
Still waiting for something?
We are waiting for the usual stuff:
1. airtime fairness improvvements (http://blog.cerowrt.org/post/real_results/, https://forum.openwrt.org/t/aql-and-the ... vely/59002)
2. MU-MIMO
3. 802.11 k/v/r
...
For sure we'll get those features on ROS just wait till WiFi 7 gets announced xD

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 2:27 am
by sfrode
This level 3 offloading looks very interesting. Do we have any numbers to show what it can mean as this has the potential to put emphasis on the R in CRS :-)

I have no problem pushing ~9.3Gbit/s IPv4 in a single thread using iperf3 between two hosts routed on the CRS317 with L3 offloading enabled. IPv6 is, as expected, another story - it gives me ~370Mbit/s.

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 3:35 am
by UpRunTech
WireGuard implementation was done like MikroTik did to OpenVPN or kept as is in Linux 5.6?
Thank you.
You'd be a fool to reimplement it yourself. Have a look at the Wireguard site and code and see for yourself how carefully it's been developed. Mikrotik would/might have only done some interface changes to make it work the ROS way.

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 3:48 am
by reddin
Can't add key in wireguard via cli with "=" at the end. But can add it later via edit and can add it via gui.

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 4:11 am
by killersoft
I still cannot get MACSEC running between devices("Gets to negotiating only").
Any suggestions ?
/interface macsec
add cak=4cb39ed149d0e0dbea5fad4b91e5456f ckn=f98446584e49ad9e2cd99b2aff00adb73e0b4109eb916b8d5bbe208dda274abb \
    disabled=no interface=ether5 name=macsec1 profile=default
[admin@under desk] /interface/macsec> print
Flags: I - inactive, X - disabled, R - running 
 0   name="macsec1" interface=ether5 status="negotiating" cak=4cb39ed149d0e0dbea5fad4b91e5456f 
     ckn=f98446584e49ad9e2cd99b2aff00adb73e0b4109eb916b8d5bbe208dda274abb profile=default 
[admin@under desk] /interface/macsec> 

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 4:38 am
by nathan1
OpenVPN UDP still broken in this release. :(
For anyone else wondering, 7.0beta5 is the latest version that has OpenVPN UDP working. 7.1beta1 and and 7.1beta2 both have kernel crashes when you attempt to use it.

I reported it to Mikrotik and it has been acknowledged but it seemingly did not make it into this release.

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 10:11 am
by nescafe2002
Can't add key in wireguard via cli with "=" at the end. But can add it later via edit and can add it via gui.

Put the key value between quotes, you may find the correct syntax using the export command.
[admin@MikroTik] /interface/wireguard> add private-key="EMjwk8mpDylWKGU0c/z9TR1e5u1D75OUz2jsv3lZu3k="
[admin@MikroTik] /interface/wireguard> peers/
[admin@MikroTik] /interface/wireguard/peers> add allowed-address=10.20.30.40 public-key="ObVREVOUlpRvqPxshivdYGiirVhb/U/dt1T7rQE2WFk=" interface=wireguard1

[admin@MikroTik] /interface/wireguard/peers> export 
# aug/22/2020 09:10:46 by RouterOS 7.1beta2
/interface wireguard peers
add allowed-address=10.20.30.40/32 interface=wireguard1 public-key="ObVREVOUlpRvqPxshivdYGiirVhb/U/dt1T7rQE2WFk="

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 1:03 pm
by Chupaka
By the way, there's no "export" command under new /routing menus :(

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 1:21 pm
by Chupaka
I tried to setup point-to-point OSPF via SSTP tunnel, and in /routing/route/print I see duplicated routes without gateway. WAIDW?
Flags: I - INACTIVE, U - UNREACHABLE, A - ACTIVE; c - CONNECT, o - OSPF, d - DHCP, l - LDP-MAPPING
Columns: DST-ADDRESS, GATEWAY, DISTANCE, SCOPE, TARGET-SCOPE, IMMEDIATE-GW
      DST-ADDRESS               GATEWAY         DIS  SC  TA  IMMEDIATE-GW   
  Ad  0.0.0.0/0                 10.0.0.1          1  30  10  10.0.0.1%ether1
  Io  10.0.0.0/23                               110  20  10                 
  Ao  10.0.0.0/23               sstp-odesskaya  110  20  10  sstp-odesskaya 
  Ac  10.0.0.0/24               ether1            0  10      ether1         
  Io  10.52.56.0/24                             110  20  10                 
  Ao  10.52.56.0/24             sstp-odesskaya  110  20  10  sstp-odesskaya 
  Io  100.64.0.0                                110  20  10                 
  Ao  100.64.0.0                sstp-odesskaya  110  20  10  sstp-odesskaya 
  Io  100.64.0.1                                110  20  10                 
  Ao  100.64.0.1                sstp-odesskaya  110  20  10  sstp-odesskaya 
  Io  100.64.0.2                                110  20  10                 
  Ao  100.64.0.2                sstp-odesskaya  110  20  10  sstp-odesskaya 
  Io  100.64.0.3                                110  20  10                 
   o  100.64.0.3                sstp-odesskaya  110  20  10  sstp-odesskaya 
  Ac  100.64.0.3                sstp-odesskaya    0  10      sstp-odesskaya 
  Io  100.64.0.4                                110  20  10                 
  Ao  100.64.0.4                sstp-odesskaya  110  20  10  sstp-odesskaya 
  Io  100.64.0.5                                110  20  10                 
  Ao  100.64.0.5                sstp-odesskaya  110  20  10  sstp-odesskaya 
  Io  100.64.0.6                                110  20  10                 
  Io  100.64.1.0/24                             110  20  10                 
  Ao  100.64.1.0/24             sstp-odesskaya  110  20  10  sstp-odesskaya 
  Io  100.64.3.0/24                             110  20  10                 
  Ao  100.64.3.0/24             sstp-odesskaya  110  20  10  sstp-odesskaya 
  Io  100.64.6.0/24                             110  20  10                 
  Ao  100.64.6.0/24             sstp-odesskaya  110  20  10  sstp-odesskaya 
The config is the simplest one:
/routing ospf instance
add name=ospf_v2 router-id=100.64.0.7 version=2
/routing ospf area
add area-id=0.0.0.0 instance=ospf_v2 name=backbone_v2
/routing ospf interface
add area=backbone_v2 network=sstp-odesskaya network-type=point-to-point

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 2:12 pm
by danbit
Is there any examples on how to configure wireguard as client on mikrotik? I'd like to connect my mikrotik router to an existing wireguard server. Also, while setting up the peer endpoint, only IP addresses are allowed? Can't I use a domain name?

Thanks!

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 2:13 pm
by pe1chl
Wireguard is working well, except for that minor winbox issue with the endpoint port. With how easy it was to setup, I totally get the Wireguard hype now. IPSEC has a frustrating amount of knobs to turn.
When you don't like that, just don't turn the knobs!
It is always easy (at least at first) to create something as a single supplier and focus on a single use-case, and make it look simple. Look at Microsoft Windows.
But as more and more features are added (e.g. multiple different encryption methods, as in IPsec), it becomes more complicated over time.
See how it went with OpenVPN, that was also simple at first but got more complicated on the way, especially because there was little forethought on how to accomodate future flexibility in the initial protocol.
IMHO the same will happen with wireguard.
In IPsec it happened right from the start because lots of options for lots of selections were there all the time. But without that, it would have been even more difficult to introduce stronger encryption and hashing protocols, for example.

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 3:20 pm
by Paternot
One thing that need to be done is to allow Wireguard to use FQDN instead of just IP addresses. For two reasons, basically:

1) Not everyone have a static IP
2) With IPv6, DNS names will make a huge difference. So much easier to remember and to check the spelling...

Yes, yes, I know. Wireguard doesn't do FQDNs. It doesn't matter: just put the name on the configuration, and do a DNS lookup at connection time. Exactly like we have with IPSEC today.

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 6:10 pm
by comet48
So announcement says CRS309-1G-8S+IN, CRS312-4C+8XG-RM, CRS326-24S+2Q+RM and CRS354-48G-4S+2Q+RM for L3 offload but CRS317 mentioned above as working.

I have CRS326-24G-2S+ (arm). Will it take advantage of L3 offloading? If so, what else will?

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 7:27 pm
by xvo
For CRS317 it was added earlier.

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 8:03 pm
by amirali
hi
please help about wg config
i setup peer and wg interface but cant get any traffic throw the tunnel
[admin@MikroTik] /interface/wireguard> export
# aug/22/2020 21:33:34 by RouterOS 7.1beta2
# software id = xxxx-xxxx
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = xxxxxxxxxxxxx
/interface wireguard
add listen-port=53 mtu=1420 name=wireguard private-key=\
    "private_key"
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint=185.253.xx.x:53 interface=wireguard \
    preshared-key="preshared key" public-key=\
    "pub_key"

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 8:13 pm
by parham
RouterOS version 7.1beta2 has been released in public "development" channel!

What's new in 7.1beta2 (2020-Aug-21 12:29):

!) added "bgp-network" output filter flag;
!) added bonding interface support for Layer3 hardware offloading;
!) added IPv6 nexthop support for IPv4 routes;
!) added Layer3 hardware offloading support for CRS309-1G-8S+IN, CRS312-4C+8XG-RM, CRS326-24S+2Q+RM and CRS354-48G-4S+2Q+RM;
!) added WireGuard support;
*) disk - improved external disk read/write speeds;
*) ospf - fixed point to point routes becoming inactive;
*) route - fixed source address selection of outgoing packets;
*) other minor fixes and improvements;

All released RouterOS v7 changelogs are available here:
https://mikrotik.com/download/changelog ... lease-tree

How to report RouterOS v7 bugs:
viewtopic.php?f=1&t=152006
WOW, fantastic job, RouterOS getting better and better, thanks, we just need letsencrypt integrated to RouterOS.

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 8:42 pm
by mozerd
But as more and more features are added (e.g. multiple different encryption methods, as in IPsec), it becomes more complicated over time.
See how it went with OpenVPN, that was also simple at first but got more complicated on the way, especially because there was little forethought on how to accomodate future flexibility in the initial protocol.
IMHO the same will happen with wireguard.
i absolutely disagree with you @pe1chl
https://www.wireguard.com/#conceptual-overview
“ WireGuard securely encapsulates IP packets over UDP. You add a WireGuard interface, configure it with your private key and your peers' public keys, and then you send packets across it. All issues of key distribution and pushed configurations are out of scope of WireGuard; these are issues much better left for other layers, lest we end up with the bloat of IKE or OpenVPN. In contrast, it more mimics the model of SSH and Mosh; both parties have each other's public keys, and then they're simply able to begin exchanging packets through the interface.”

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 8:43 pm
by floaty
L3-offloading is a broad topic ... the prestera-chip also supports "NVGRE, VXLAN-GPE, GENEVE, SPB, and 802.1BR port extender"
... is vxlan-tunneling now also implemented with hardware-flow-support ... or we talking just base L3-forwarding capabilities ( ... for now) ?

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 22, 2020 9:03 pm
by FezzFest
Both Sierra MC7430 and Quectel EC25 work in MBIM mode in ROS7. Big difference with 6.47.x, as the MC7430 was only supported in PPP mode and the EC25 was supported in PPP and ECM modes. I do notice the amount of information the cards report is different. The MC7430 only reports RSSI, whereas the Quectel cards report RSSI, RSRP, SINR and RSRQ.
EC25AU.PNG
MC7430.PNG

Edit: I noticed the APN doesn't get set up properly on EC25. I can make it work with AT+CGDCONT=1,"IP","apn-name". This was not needed in 6.47.

Re: v7.1beta2 [development] is released!

Posted: Sun Aug 23, 2020 11:46 am
by BrokenLink
hi
please help about wg config
i setup peer and wg interface but cant get any traffic throw the tunnel
[admin@MikroTik] /interface/wireguard> export
# aug/22/2020 21:33:34 by RouterOS 7.1beta2
# software id = xxxx-xxxx
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = xxxxxxxxxxxxx
/interface wireguard
add listen-port=53 mtu=1420 name=wireguard private-key=\
    "private_key"
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint=185.253.xx.x:53 interface=wireguard \
    preshared-key="preshared key" public-key=\
    "pub_key"
I have the same issue, I think firewall rules are not setup correctly (although I accept traffic on the listening port and forward to/from the interface), it doesn't seem to flow. The tunnel sets up correctly and the client routes to the WG server, but I can't figure out how to correctly set it up so that traffic is routed back correctly. Does anyone have a complete example including firewall rules where how to connect a roaming client to the WG server such that all (internet) traffic is routed through the MikroTik WG system?

Re: v7.1beta2 [development] is released!

Posted: Sun Aug 23, 2020 2:38 pm
by pe1chl
“ WireGuard securely encapsulates IP packets over UDP. You add a WireGuard interface, configure it with your private key and your peers' public keys, and then you send packets across it. All issues of key distribution and pushed configurations are out of scope of WireGuard; these are issues much better left for other layers, lest we end up with the bloat of IKE or OpenVPN. In contrast, it more mimics the model of SSH and Mosh; both parties have each other's public keys, and then they're simply able to begin exchanging packets through the interface.”
When you restrict yourself to site-to-site tunnels between equipment running the same software, IPsec is not complicated either. E.g. a GRE/IPsec tunnel using pre-shared keys between two MikroTik routers can be configured with a couple of mouseclicks.
It becomes more complicated when you want more advanced functionality, like auto-config road warrior clients, certificates, etc. Simply declaring that "out of scope" is like burying your head in the sand; that is not going to be sustainable. Like with OpenVPN, the demand for those features will sooner or later lead to additions to wireguard, and by then it (including its new layer of additions) will be as "complicated" as OpenVPN.
Sure, IPsec can be frustrating. But only when dealing with unknown and uncontrollable peers that inconsistently publish their config. Between routers of the same manufacturer that you both control, it isn't a problem.
And with wireguard that is (for now) essentially what you have: the same software at either end.
Once the protocol develops and diverts between implementations, that will no longer be the case.

Re: v7.1beta2 [development] is released!

Posted: Sun Aug 23, 2020 3:05 pm
by Znevna
So.. little broblem.
I've upgraded from 6.46.6 to 7.1beta2 directly (I know, bad) ...and this happend with my static routes. I made an export before and after the upgrade to see what changed.
I get the missing gateway, but the IP in pref-src? (and only there?) why?
before:
/ip route
add distance=1 dst-address=172.28.248.0/24 gateway=ipip-tunnel-z3 pref-src=\
    192.168.69.1
add distance=1 dst-address=192.168.134.0/24 gateway=ipip-tunnel-z3 pref-src=\
    192.168.69.1
add distance=1 dst-address=192.168.135.0/24 gateway=ipip-tunnel-z3 pref-src=\
    192.168.69.1
add distance=1 dst-address=192.168.136.0/24 gateway=ipip-tunnel-z3 pref-src=\
    192.168.69.1
add distance=1 dst-address=192.168.248.0/24 gateway=ipip-tunnel-z3 pref-src=\
    192.168.69.1
after:
/ip route
add dst-address=172.28.248.0/24 gateway="" pref-src=1.69.168.192
add dst-address=192.168.134.0/24 gateway="" pref-src=1.69.168.192
add dst-address=192.168.135.0/24 gateway="" pref-src=1.69.168.192
add dst-address=192.168.136.0/24 gateway="" pref-src=1.69.168.192
add dst-address=192.168.248.0/24 gateway="" pref-src=1.69.168.192
LE: I do have to read and understand the routing changes from the manual for v7.
For now I can't seem to get the IPIP tunnel to work properly over IKEv2. The other end (running 6.46.6) shows the tunnel coming up and running but nothing on the v7.1b2, and I can't send anything over it.

Re: v7.1beta2 [development] is released!

Posted: Sun Aug 23, 2020 3:21 pm
by ujsd
Both Sierra MC7430 and Quectel EC25 work great in MBIM mode in ROS7. Big difference with 6.47.x, as the MC7430 was only supported in PPP mode and the EC25 was supported in PPP and ECM modes. I do notice the amount of information the cards report is different. The MC7430 only reports RSSI, whereas the Quectel cards report RSSI, RSRP, SINR and RSRQ.

EC25AU.PNG
MC7430.PNG

I also notice the lte1 interface of the device with the EC25 card sometimes disappears after a reboot.
I like to add and ask others (if they are seeing the same) that I am seeing a similar issue with the LTE modem disappearing after a Router boot or USB Modem unplugging and plugging
The Quectel USB Modem EM12 reports no SIM detected,
I have to go into teh Qucetel EM12 modem and use AT commands to reset the SIM detect

Re: v7.1beta2 [development] is released!

Posted: Sun Aug 23, 2020 5:39 pm
by miroslaw
Thank you guys for wireguard support, that's what I've been waiting for.
One minor bug I found, can't set comment for wireguard peers (cli & webfig, havent tried winbox).
I'm using hap ac2 RBD52G-5HacD2HnD

Re: v7.1beta2 [development] is released!

Posted: Sun Aug 23, 2020 8:44 pm
by rpress
Yes, I noticed also comments don't save for wireguard peers at all. Also ipv6 addresses can only be used in CLI.

Re: v7.1beta2 [development] is released!

Posted: Sun Aug 23, 2020 8:56 pm
by pe1chl
I've upgraded from 6.46.6 to 7.1beta2 directly (I know, bad) ...and this happend with my static routes.
For now I'd assume that conversion from older versions does not work yet (for those features that drastically changed, like routing) and setup everything from scratch.

Re: v7.1beta2 [development] is released!

Posted: Sun Aug 23, 2020 10:50 pm
by msatter
Request: make it possible to ignore the provided dynamic DNS by the VPN providers, also for WireGuard?

Re: v7.1beta2 [development] is released!

Posted: Mon Aug 24, 2020 9:20 am
by vitalys
OpenVPN realization in Mikrotik is still useless due to lack of SHA256/SHA512 support (SHA-1 deprecated https://shattered.io/)

When SHA512 will be supported in Mikrotik?

Re: v7.1beta2 [development] is released!

Posted: Mon Aug 24, 2020 11:57 am
by bratislav
OpenVPN realization in Mikrotik is still useless due to lack of SHA256/SHA512 support (SHA-1 deprecated https://shattered.io/)

When SHA512 will be supported in Mikrotik?
There is a difference between hashing (as SHA1) and encryption (as AES...) and just because someone is able to generate 2 different PDF files that produce same SHA1 hash does not mean he could reversely generate private keys used in VPN ...

Re: v7.1beta2 [development] is released!

Posted: Mon Aug 24, 2020 2:25 pm
by raimondsp
The wiki page has been updated with the most-recent information regarding L3 HW Offloading:
https://wiki.mikrotik.com/wiki/Manual:C ... Offloading

Re: v7.1beta2 [development] is released!

Posted: Mon Aug 24, 2020 3:48 pm
by rpress
In IPv6 firewall filter the "reject" action is not working. It causes the whole IPv6 firewall to be bypassed and the counters show bogus numbers. I tried on both "input" and "forward" chains.

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 6:26 am
by npeca75
rb 760igs
if i try to make any change on PoE / eth5 router is rebooting with kernek failure message
PoE does not work with "auto", aways say "too low"
in prev v6 release this was worked without problem

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 9:39 am
by tpedko
model: RB4011iGS+5HacQ2HnD
add
/queue simple
add max-limit=30M/30M name=All_30Mbit queue=pcq-upload-default/pcq-download-default target=192.168.0.0/24
result, boot loop

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 10:09 am
by krisjanisj
@miroslaw & @rpress - Wireguard peers unable to set a comment has been reported to our developers and fix will be included in next RouterOS release.
@npeca75 & @tpedko - Is it possible for You to send supout.rif files to support@mikrotik.com, referencing this forum thread, so we can troubleshoot this further?

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 12:28 pm
by evgenij
ROS: 7.1beta2

1) Unable to create GRE6 and IPIPv6 interfaces
CLI and winbox says - failure: adding tunnel failed

2) Unable to set peer Endpoint port in winbox. CLI works

3) Unable to add IPv6 routes using the winbox: routes are deleted immediately after creation or disabling. CLI works

4) IPv4 routes are deleted immediately after disabling (winbox)

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 12:43 pm
by msatter
ROS: 7.1beta2

2) Unable to set peer Endpoint port in winbox. CLI works

4) IPv4 routes are deleted immediately after disabling (winbox)
Number two was already mentioned in this thread. Number four is cosmetic and on re-entering the route window they are displayed as disabled.

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 2:52 pm
by raimondsp
So announcement says CRS309-1G-8S+IN, CRS312-4C+8XG-RM, CRS326-24S+2Q+RM and CRS354-48G-4S+2Q+RM for L3 offload but CRS317 mentioned above as working.

I have CRS326-24G-2S+ (arm). Will it take advantage of L3 offloading? If so, what else will?
CRS326-24G-2S+ has an older switch chip, for which L3 offloading is not supported yet. Here is the list of supported devices:
https://help.mikrotik.com/docs/display/ ... heirlimits

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 3:05 pm
by elbob2002
Upgraded my RB3011 this morning to 7.1beta 2.

I reset the router before upgrading and only configured it with a WAN connection to upgrade to Beta2.

Upgrade seemed to go okay so I set about configuring it correctly.

First issue was renaming an interface (ether1 renamed to WAN) would result in a reboot as soon as I clicked OK or Apply.

Second issue was a deal breaker and that was all 10 interfaces were limited to 10Mb only. I tried manually setting them to 1Gb full duplex but to no avail.

I reverted back to 6.47.2 so unfortunately I can't generate a supout but just wondering if anyone has seen anything similar? Surely there are other RB3011 users out there that have upgraded?

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 3:14 pm
by evgenij
Does anyone have problems with GRE/IPIP (v4) tunnels (interfaces don't work)? EoIP works

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 3:21 pm
by eworm
You have to unset the timeout for GRE interfaces:
/ interface gre unset timeout [ find ]

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 4:29 pm
by evgenij
You have to unset the timeout for GRE interfaces:
/ interface gre unset timeout [ find ]
Are you sure about timeout? there is no such option

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 4:49 pm
by eworm
Ah, stupid me... Of course it's keepalive.
/ interface gre unset keepalive [ find ]

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 5:01 pm
by evgenij
@eworm Thanks, now it works

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 5:12 pm
by Znevna
Ah, stupid me... Of course it's keepalive.
/ interface gre unset keepalive [ find ]
!!!!! this fixed my IPIP tunnel too. lol (unsetting keepalive for ipip that is).
THANKS.
[admin@gw-viper-rds] /interface/ipip> print       
Flags: R - RUNNING
Columns: NAME, MTU, ACTUAL-MTU, LOCAL-ADDRESS, REMOTE-ADDRESS, DSCP
  #     NAME            MTU   ACTU  LOCAL-ADDRESS  REMOTE-ADDRE  DSCP   
  0  R  ipip-tunnel-z3  auto  1402  172.28.252.69  172.28.252.1  inherit
Running! ^^

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 5:30 pm
by sinisa
Hello!
You have done a very nice work with Wireguard, I honestly did not expect it this year.

My problem with 7.1 is that recursive routes are not working (same problem as here: viewtopic.php?t=165021)

Everything else that I use is working fine (and since now we have Wiregiard, I don't need OpenVPN any more, do I don't care about UDP support)

Best regards...

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 5:35 pm
by msatter
Upgraded my RB3011 this morning to 7.1beta 2.

I reset the router before upgrading and only configured it with a WAN connection to upgrade to Beta2.

Upgrade seemed to go okay so I set about configuring it correctly.

First issue was renaming an interface (ether1 renamed to WAN) would result in a reboot as soon as I clicked OK or Apply.

Second issue was a deal breaker and that was all 10 interfaces were limited to 10Mb only. I tried manually setting them to 1Gb full duplex but to no avail.

I reverted back to 6.47.2 so unfortunately I can't generate a supout but just wondering if anyone has seen anything similar? Surely there are other RB3011 users out there that have upgraded?
I still consider 7.x as a pre-Beta as it just reboots you touch someting that is untouchable. You only will know it was untouchable because, after the reboot the change was lost.

I went back to a stable Beta within minutes after walking into reboot walls.

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 6:02 pm
by Znevna
Are the issues with RAW Firewall known?
If you have any rules there (two+) issuing a disable/enable on any of them makes the counters for the existing enabled rules go crazy.
Also I have a rule that keeps counting packets when enabled even though there shouldn't be any matching traffic (the notrack one), setting a log for it doesn't show anything..
/ip/firewall/raw> print stats
Flags: X - DISABLED, I - INVALID
Columns: CHAIN, ACTION, BYTES, PACKETS
  #     CHAIN       ACTION                           BYTES                     PACKETS
  0     prerouting  drop             7 182 164 577 801 072   9 367 141 933 521 187 617
  1  X  prerouting  drop                                 0                           0
  2  X  prerouting  notrack      9 890 406 038 755 190 484  15 743 512 066 554 732 580
  3  X  prerouting  passthrough  3 821 585 153 310 984 802       6 668 097 643 014 512

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 6:40 pm
by npeca75
@npeca75 & @tpedko - Is it possible for You to send supout.rif files to support@mikrotik.com, referencing this forum thread, so we can troubleshoot this further?
Ok
supout was sent today
SUP-25925

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 7:43 pm
by elbob2002
I still consider 7.x as a pre-Beta as it just reboots you touch someting that is untouchable. You only will know it was untouchable because, after the reboot the change was lost.

I went back to a stable Beta within minutes after walking into reboot walls.
Yeah. I wasn't expecting too much but I found the RB3011 much more unstable than the CHR and two CRS125s I have it running on.

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 8:44 pm
by npeca75
Is there a plan for resolving DNS peer names in WireGuard properties?
or we are doomed to script/resolve/set wireguard peer endpoint?

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 10:17 pm
by Paternot
Is there a plan for resolving DNS peer names in WireGuard properties?
or we are doomed to script/resolve/set wireguard peer endpoint?
Yes, this is a must! Is so easy to do, since almost all the needed code is already there.

Re: v7.1beta2 [development] is released!

Posted: Tue Aug 25, 2020 11:14 pm
by danbit
Is there a plan for resolving DNS peer names in WireGuard properties?
or we are doomed to script/resolve/set wireguard peer endpoint?
Yes, this is a must! Is so easy to do, since almost all the needed code is already there.
+1 on that request. Using a domain would make things much easier indeed.

Also, I can't seem to find a way to enable logging for wireguard. Is this not yet implemented in this latest beta?

Re: v7.1beta2 [development] is released!

Posted: Wed Aug 26, 2020 12:16 am
by Paternot
Also, I can't seem to find a way to enable logging for wireguard. Is this not yet implemented in this latest beta?
Yes, it is. Just like the rest:

1) Choose the topic (info, debug, etc)
2) Choose the prefix (wireguard)

Re: v7.1beta2 [development] is released!

Posted: Wed Aug 26, 2020 12:32 am
by romas
It's good news about wireguard! I updated my RB951G-2HnD and all works well. But might you help me? I have wireguard remote server (172.16.0.1) my mikrotik (172.16.0.3 / 192.168.1.1) and my laptop (192.168.1.2) and I can't understand how to setup vpn to my remote server for my laptop without mark routing?

Re: v7.1beta2 [development] is released!

Posted: Wed Aug 26, 2020 3:27 am
by redskilldough
Hi,

Let's say I have this in my wireguard configuration file, how would I deploy it in my mikrotik router?
Also, how would I route traffic from client 192.168.0.44 only, through this tunnel?

Any help would be greatly appreciated

Thanks!
[Interface]
PrivateKey = 123456=
Address = 172.16.0.12/32
Address =111:222:aaa/128
DNS = 8.8.8.8
[Peer]
PublicKey = 456789=
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
Endpoint = aaa.bbb.com:2255

Re: v7.1beta2 [development] is released!

Posted: Wed Aug 26, 2020 1:22 pm
by rplant
Minor issue with Wireguard
Mostly seems great, quite impressed with it, I have not used wireguard before.

If I don't set the peer address, so any address can connect, when a peer does connect to it
it seems to set the peer address/port itself in its config :(

I would also like DNS connect
Thanks

Re: v7.1beta2 [development] is released!

Posted: Wed Aug 26, 2020 1:29 pm
by eworm
This is by design. Peers are identified by their public key, changing the endpoint automatically makes it roam seamlessly.
If the peer changes its address the configuration should update again.

Re: v7.1beta2 [development] is released!

Posted: Wed Aug 26, 2020 6:29 pm
by npeca75
hi @krisjanisj

another issue with rb760igs

temperature sensor is missing
no such item in Winbox and also sensor is missing from SNMP

:( pitty

Re: v7.1beta2 [development] is released!

Posted: Wed Aug 26, 2020 9:20 pm
by UserFan
Please add parent proxy authentication

Re: v7.1beta2 [development] is released!

Posted: Thu Aug 27, 2020 12:54 am
by m0x35
Does anyone have some issues with wifi? On my hap ac^2 from time to time wifi clients can't get ip addresses from dhcp. I have tried to reset wifi settings to default, reset router itself, configure wifi via quick setup web page. Nothing works for me. I have downgraded routeros back to the stable version and everything works just fine again. Only strange thing in logs that I saw was something like "disconnected, group exchange timeout".

Re: v7.1beta2 [development] is released!

Posted: Thu Aug 27, 2020 6:26 pm
by subway
What I tried to find out if the ROS 7 betas can run on anything else than ARM based devices? For example can it work on the CCRs?

Maybe a bit of clarification on the supported hardware would be nice as I cant find anything about that except for a single entry by Normis from 2019 (only ARM for now).

Re: v7.1beta2 [development] is released!

Posted: Thu Aug 27, 2020 6:37 pm
by Paternot
What I tried to find out if the ROS 7 betas can run on anything else than ARM based devices? For example can it work on the CCRs?

Maybe a bit of clarification on the supported hardware would be nice as I cant find anything about that except for a single entry by Normis from 2019 (only ARM for now).
Here you will find the RoS 7.1beta download link. It shows each supported architecture.
https://mikrotik.com/download

Re: v7.1beta2 [development] is released!

Posted: Thu Aug 27, 2020 8:38 pm
by PaullJD
thanks for an added new update in 7.1beta2.

Re: v7.1beta2 [development] is released!

Posted: Thu Aug 27, 2020 9:27 pm
by rpress
Looks like only one wireguard interface is working at a time, whatever is started first. Only the first shows as "running".

Does anyone have more than one simultaneous wireguard interface working?

Re: v7.1beta2 [development] is released!

Posted: Thu Aug 27, 2020 10:32 pm
by mozerd
Does anyone have more than one simultaneous wireguard interface working?
I am not running the MikroTik implementation so I have no idea if in its current state of RouterOS 7.1beta2 how may peers can be run .... and yes under ubnt EdgeRouter I have multiple Peers running in client sites.

Following link shows how it should be done ... hope this helps you ... assuming the TiK way does not imped.

https://www.zahradnik.io/wireguard-a-vp ... ge-in-mind
scroll down to Everyone is a peer where the CLI info is shown.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 28, 2020 12:21 am
by Paternot
Looks like only one wireguard interface is working at a time, whatever is started first. Only the first shows as "running".

Does anyone have more than one simultaneous wireguard interface working?
I have one little test, with 3 CHRs. I named them after their IP, so we have 115, 116 and 118 machines.

I inserted static routes, sou The left machine should be able to ping the right machine - passing through the center one. Pay attention to the IP addresses on the Wireguard config - You will have to adjust them to your network.

This is NOT a production example. It is just the absolute minimum, in order to test two wireguard interfaces on a single machine. I didn't even set a password to the admin user.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 28, 2020 12:50 am
by rpress
Looks like only one wireguard interface is working at a time, whatever is started first. Only the first shows as "running".

Does anyone have more than one simultaneous wireguard interface working?
Thanks both for your input. I have found the problem: using WebFig the listen-port always defaults to 12321. Although I was not using the port, it would conflict with the other interface. Setting one of the listen-port to something else worked fine.

Interestingly using the terminal, the listen-port seems to be randomly generated, thereby not having this issue. But I wonder if this seemingly random port could have it's own problems. With Wireguard is it possible to disable listening altogether? Maybe this would be the best default.

Re: v7.1beta2 [development] is released!

Posted: Fri Aug 28, 2020 1:56 am
by Mannsean
winbox 3.24 64bit on win7, rb450gx4. Open interfaces, add Virtual ethernet. Winbox closed.
Same issue

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 29, 2020 2:18 am
by kylepharo
Does anyone have some issues with wifi? On my hap ac^2 from time to time wifi clients can't get ip addresses from dhcp. I have tried to reset wifi settings to default, reset router itself, configure wifi via quick setup web page. Nothing works for me. I have downgraded routeros back to the stable version and everything works just fine again. Only strange thing in logs that I saw was something like "disconnected, group exchange timeout".
I'm having similar problems on my rb4011igs+5hacq2hnd-in. Also did a reset to defaults with minor adjustments (ssid, wpa2 psk etc).
Clients appear to lose DHCP lease, then disconnect completely. Phones (iphones) appears to to experience the problem the most often

Clearing and netinstalling the latest testing 6.48beta27 issues go away, no dhcp loss/disconnections on wifi

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 29, 2020 9:47 am
by romas
I have a small issue with DNS over HTTPS. It works perfectly in 6.47.2, but now mikrotik can't verify certificate. I tried to re-import it, but nothing helps.

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 29, 2020 12:09 pm
by pe1chl
I have a small issue with DNS over HTTPS. It works perfectly in 6.47.2, but now mikrotik can't verify certificate. I tried to re-import it, but nothing helps.
Are you sure you have imported the entire chain from the root, and not only the server certificate?

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 29, 2020 1:56 pm
by romas
I have a small issue with DNS over HTTPS. It works perfectly in 6.47.2, but now mikrotik can't verify certificate. I tried to re-import it, but nothing helps.
Are you sure you have imported the entire chain from the root, and not only the server certificate?
Yes I'm, and it was validated succesfully on stable branch

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 29, 2020 2:02 pm
by romas
Hi,

Let's say I have this in my wireguard configuration file, how would I deploy it in my mikrotik router?
Also, how would I route traffic from client 192.168.0.44 only, through this tunnel?

Any help would be greatly appreciated

Thanks!
[Interface]
PrivateKey = 123456=
Address = 172.16.0.12/32
Address =111:222:aaa/128
DNS = 8.8.8.8
[Peer]
PublicKey = 456789=
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
Endpoint = aaa.bbb.com:2255
You might be interested this howto : https://rickfreyconsulting.com/wireguard/ , but how to route one client without marking I don't know, unfortunately.

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 29, 2020 3:00 pm
by Znevna
Tiny (not realy) bug:
I don't know why but my dynamic DNS servers went *poof* from the config. (Which are set by the pppoe client).
No wan disconnect, nothing in the logs. They just went missing.
And I was wondering why the DNS cache is empty...

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 29, 2020 3:08 pm
by redskilldough
Hi,

Let's say I have this in my wireguard configuration file, how would I deploy it in my mikrotik router?
Also, how would I route traffic from client 192.168.0.44 only, through this tunnel?

Any help would be greatly appreciated

Thanks!
[Interface]
PrivateKey = 123456=
Address = 172.16.0.12/32
Address =111:222:aaa/128
DNS = 8.8.8.8
[Peer]
PublicKey = 456789=
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
Endpoint = aaa.bbb.com:2255
You might be interested this howto : https://rickfreyconsulting.com/wireguard/ , but how to route one client without marking I don't know, unfortunately.
Hi,

Thanks for the reply.

Anyway, I managed to get it to work, this should help those who want to connect to vpn providers that provide wireguard support, eg. I think nordvpn does.

Once you have such a configuration file for the wireguard client in windows, mac, do this, using winbox

1. Go to the wireguard menu, add a new interface

2. Leave the default setting, just add the private key from the interface section of the wireguard config file, in this example, 123456=, click apply

3. Go to the peer tab, add a new peer, use the public key from the peer section of the wireguard config file, in this example,456789=,
Since I want to route all traffic from specific clients to through this interface, put 0.0.0.0/0 in allowed ips

4. Use nslookup, resolve the endpoint, in this case, aaa.bbb.com to its ip address. Put that ip address in the end point.

5. Use the terminal go to /interface/wireguard/peers. if there is only 1 peer, run this, set 0 endpoint=[ip address]:2255

6. Go to IP addresses, set the ip address for the wireguard interface, in this case, 172.16.0.2/32

7. Go to IP firewall NAT, add a masquerade rule, chain srcnat, outgoing interface -> your wireguard interface, action=masquerade

8. Run this command in the terminal, /routing table add name=VPNProvider fib

9. Go to IP firewall mangle, add a mangle rule, use source address for the client whose traffic you want to route through the vpn interface, or use source address list for several clients.
Chain=prerouting, Action=mark routing, new routing mark, choose VPNProvider from the combo box. (This was the tricky part, you cant just type in VPNProvider like in ROS 6, you have to add it to the routing table first, the only can you choose it as a new routing mark)

10. Finally add a new route in the terminal, like this, /ip route add dst-address=0.0.0.0/0 gateway=[your wireguard interface]@main routing-table=VPNProvider

That's it, your specified clients should now be routed through your vpn connection

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 29, 2020 9:32 pm
by erkexzcx
Does this beta release work great with Winbox? Or is it console-only while it's beta?

Re: v7.1beta2 [development] is released!

Posted: Sat Aug 29, 2020 9:47 pm
by Sob
Most of it is ok in WinBox. There's problem with Wireguard port mentioned in this thread. Also 'routing-table' parameter is missing from IP->Route.

Re: v7.1beta2 [development] is released!

Posted: Sun Aug 30, 2020 11:52 am
by romas

10. Finally add a new route in the terminal, like this, /ip route add dst-address=0.0.0.0/0 gateway=[your wireguard interface]@main routing-table=VPNProvider

That's it, your specified clients should now be routed through your vpn connection
Thank you for the tricky way with marking. I did it, pings between server and mikrotik is good, DNS is working on well, but internet on the client is incredibly slow, trying to troubleshoot it

Re: v7.1beta2 [development] is released!

Posted: Sun Aug 30, 2020 11:57 am
by BartoszP
@romas:

Do you REALLY need to quote such a long post? What for?

Please edit it.

Re: v7.1beta2 [development] is released!

Posted: Sun Aug 30, 2020 1:18 pm
by redskilldough


Thank you for the tricky way with marking. I did it, pings between server and mikrotik is good, DNS is working on well, but internet on the client is incredibly slow, trying to troubleshoot it
Yes, I noticed that too. I can max out my 500/100 internet connection with ROS 6.47.2, fasttrack enabled, but with ROS 7.1b2, I'm getting only about 100+/100, even with fasttrack enabled (using a mikrotik hex).

I guess it's still in beta and will probably get better later.

Re: v7.1beta2 [development] is released!

Posted: Sun Aug 30, 2020 3:53 pm
by Chupaka
Could somebody check SOCKS5 with password auth in ROS v7? It's not working for me. SOCKS4 looks good.

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 02, 2020 3:12 pm
by NilKad
lte1 receives DNS via DHCP (from the modem) with the checkbox off in LTE APN - Use Peer DNS. I can't turn off the use of DNS from the router side.
Mikr_DNS.png

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 02, 2020 3:38 pm
by pe1chl
You need to turn it off in the DHCP client!

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 02, 2020 4:28 pm
by sindy
You need to turn it off in the DHCP client!
For some modem types, the DHCP client is dynamically created and cannot be modified (nor prevented from being dynamically generated and created manually), so this advice is not applicable. For the dynamically created DHCP client, the setting in question (plus other ones) is (in theory) inherited from the apn profile.

For yet other modems (R11e-LTE6), there is no DHCP client at all, and nevertheless the IP address is assigned and the default route and other settings from apn profile are used (also in "direct IP" mode, i.e. not PPP/serial).

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 02, 2020 4:59 pm
by pe1chl
You need to turn it off in the DHCP client!
For some modem types, the DHCP client is dynamically created and cannot be modified (nor prevented from being dynamically generated and created manually), so this advice is not applicable. For the dynamically created DHCP client, the setting in question (plus other ones) is (in theory) inherited from the apn profile.
Ok, but it can be clearly seen above that "Use peer DNS" is OFF in the LTE profile and it is ON in the DHCP client. So that is a bug?

I just found a reproductible bug causing reboot

Posted: Wed Sep 02, 2020 5:22 pm
by Gnubyte
Hi all,
I just installed v7.1beta2 on the CCR2004 I have here in tests. I was looking for better support of 1Gbps+ SFPs interfaces inserted in SFP+ ports, and I found a bug.

*********************************************
Presentation of reproduction conditions
*********************************************

A brand New CCR2004, with an Optical GPON ONU SFP recognized as brand "ODI"
The ONU is fully functionnal under v6.47.2, seems to let change the AUto Negotiation Speed to more than 1000M Full, but allways limited to 1000M.
According to https://www.dslreports.com/forum/r32230 ... 57810S-NIC SGMII linux patches can let SFP sticks run at more that 1000M, so I give a try to v7.1beta2.
I upgraded the fimrware, go to the sfp-sfpplus interface, doble clic, and yes, it's still recognized, but this time eligible speeds are not pre checked. So I check 2.5G Full, and instant reboot.
No way to change the neciable speed. Everytime I try to change it, it reboots. Unfortunately, It seems limited to 1000M.
Capture1.PNG
  • I give a try with another stick of this kind, and I come back. I do have several sticks of this kind.
  • When I do exactly the same procedure with another SFP ONU Stick (CarllitoxxPro), it reboots.
  • It's exactly the same reboot changing the negociated speed of a S+RJ10 Mikrotik Interface
This bug, about SFP speed negociation, seems generic, including with Mikrotik Interfaces.

I can make you more explicit capture CLI, most of all for the first ONU stick of course, If you can let it run 2.5Gbps patching this bug, I would be gracefull.

Hope this helps. Feel free to contact me by email.

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 02, 2020 7:00 pm
by lupusx
Do beta releases require licence for testing ?

In other words can I install it f.e. on x86 for tests without any additional licence ?

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 02, 2020 7:09 pm
by rpress
Do beta releases require licence for testing ?

In other words can I install it f.e. on x86 for tests without any additional licence ?
Yes it requires a license. You can get a trial as usual.

And actually, when upgrading from v6 the old license is now invalid. So the license must be transferred to the new v7 install, making it not easy to go back to v6.

Re: v7.1beta2 [development] is released!

Posted: Thu Sep 03, 2020 6:31 am
by redskilldough
Thank you for the tricky way with marking. I did it, pings between server and mikrotik is good, DNS is working on well, but internet on the client is incredibly slow, trying to troubleshoot it
Hi, disabling fasttrack seems to solve this problem

Re: I just found a reproductible bug causing reboot

Posted: Thu Sep 03, 2020 8:03 am
by kylepharo
A brand New CCR2004, with an Optical GPON ONU SFP recognized as brand "ODI"
The ONU is fully functionnal under v6.47.2, seems to let change the AUto Negotiation Speed to more than 1000M Full, but allways limited to 1000M.
According to https://www.dslreports.com/forum/r32230 ... 57810S-NIC SGMII linux patches can let SFP sticks run at more that 1000M, so I give a try to v7.1beta2.
I upgraded the fimrware, go to the sfp-sfpplus interface, doble clic, and yes, it's still recognized, but this time eligible speeds are not pre checked. So I check 2.5G Full, and instant reboot.
No way to change the neciable speed. Everytime I try to change it, it reboots. Unfortunately, It seems limited to 1000M.

Capture1.PNG
  • I give a try with another stick of this kind, and I come back. I do have several sticks of this kind.
  • When I do exactly the same procedure with another SFP ONU Stick (CarllitoxxPro), it reboots.
  • It's exactly the same reboot changing the negociated speed of a S+RJ10 Mikrotik Interface
This bug, about SFP speed negociation, seems generic, including with Mikrotik Interfaces.

I can make you more explicit capture CLI, most of all for the first ONU stick of course, If you can let it run 2.5Gbps patching this bug, I would be gracefull.

Hope this helps. Feel free to contact me by email.
Have you tried changing the speed/duplex etc via the CLI instead of via the web ui?

I had a similar issue forcing a 10gbit interface to be 1gbit on a CRS 317 running 7.1beta2. Via winbox would cause the router to crash, via CLI worked fine.

Re: v7.1beta2 [development] is released!

Posted: Thu Sep 03, 2020 9:31 am
by bozko
Hello,

Can someone provide a working example of wireguard setup WITHOUT Endpoint on RouterOS device?

Re: v7.1beta2 [development] is released!

Posted: Thu Sep 03, 2020 9:39 am
by eworm
Wireguard endpoints are set and updated automatically on handshake.

Re: I just found a reproductible bug causing reboot

Posted: Thu Sep 03, 2020 10:23 am
by Gnubyte

Have you tried changing the speed/duplex etc via the CLI instead of via the web ui?

I had a similar issue forcing a 10gbit interface to be 1gbit on a CRS 317 running 7.1beta2. Via winbox would cause the router to crash, via CLI worked fine.
Thanks for the advice. I try it.

Re: v7.1beta2 [development] is released!

Posted: Thu Sep 03, 2020 10:29 am
by bozko
Wireguard endpoints are set and updated automatically on handshake.

Huh. Are you sure that both of endpoint can be updated automatically?

Nevertheless, I can't find any example of routeros setup with one of the peers is with endpoint (e.g. "client") and other is without ("server"). May be I'm on wrong path...

Re: v7.1beta2 [development] is released!

Posted: Thu Sep 03, 2020 12:02 pm
by eworm
Wireguard endpoints are set and updated automatically on handshake.
Huh. Are you sure that both of endpoint can be updated automatically?

Nevertheless, I can't find any example of routeros setup with one of the peers is with endpoint (e.g. "client") and other is without ("server"). May be I'm on wrong path...
No, only one endpoint (at a time). The other side has to initiate the handshake.

But Wireguard does not follow a classic client and server model. It has just peers, so both sides can initiate the handshake.

Re: v7.1beta2 [development] is released!

Posted: Thu Sep 03, 2020 4:40 pm
by thadrumr
7.1 beta2 no longer boots in i686/32bit mode. This kernel seems to only have 64bit enabled. Is this on purpose? Are 32bit machines finally getting the ax?

Re: v7.1beta2 [development] is released!

Posted: Thu Sep 03, 2020 4:53 pm
by rpress
Huh. Are you sure that both of endpoint can be updated automatically?

Nevertheless, I can't find any example of routeros setup with one of the peers is with endpoint (e.g. "client") and other is without ("server"). May be I'm on wrong path...
I don't have a single Wireguard interface with one peer as server and one as client. But I do have two Wireguard interfaces, where one is a server (listening) and has two peers. On these, the peer endpoints update automatically as already mentioned. My other Wireguard interface is a client with one peer. The CLI is needed to set the endpoint port for this one.

As I found the hard way the Wireguard interface listens regardless if you want it to or not. I expect that you should have no problem having one Wireguard interface like you want.

Re: v7.1beta2 [development] is released!

Posted: Sat Sep 05, 2020 7:40 pm
by rooted
Removed due to complaining.

Re: v7.1beta2 [development] is released!

Posted: Sat Sep 05, 2020 9:17 pm
by nostromog
lte1 receives DNS via DHCP (from the modem) with the checkbox off in LTE APN - Use Peer DNS. I can't turn off the use of DNS from the router side.
Mikr_DNS.png
In my case, even with user-peer-dns off both in lte1 and the dynamic dhcp-client, ip dns is showing it in the "dynamic-servers" and there is no way to get rid of them once installed, no matter what I do.

I'm using a USB cable with an android phone in "USB tethering" mode with a hAP ac^2. Other than this it works like a charm. The /ip/dns/dynamic-servers remain set when I unplug the cable and lte1 disapperars and remains visible only as something like *00008 in some places.

Re: v7.1beta2 [development] is released!

Posted: Sat Sep 05, 2020 9:59 pm
by Znevna
This gentlemen wrote an in-depth tutorial for MikroTik site to site VPN:

https://rickfreyconsulting.com/wireguar ... n-example/
That's hardly an "in depth tutorial". And don't get me started on the quality of the screenshots, missing accompanied selectable text for whatever goods are or aren't in them, or the discrepancies between the screenshots and the settings export provided. Or the missing proper explanation of allowed address fields with proper examples.
Or how about the MTU? barely mentions something about it but that's it, nothing about setting up proper MTU for the interface.
"in depth", pft.
It's not rocket science to build up a Wireguard tunnel and route something over it.
Do you guys get a cut for traffic generated to his site or out of how many "clients" that guy "gets" thanks to you?:)

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 06, 2020 12:09 am
by evgenij
Does anyone have a problem with the bridge firewall?

IP firewall is enabled
I can see network traffic between the two interfaces, but not in the bridge statistics and the bridge-firewall is not catching any packets in the forward chain

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 06, 2020 2:38 am
by mozerd
This gentlemen wrote an in-depth tutorial for MikroTik site to site VPN:

https://rickfreyconsulting.com/wireguar ... n-example/
It's not rocket science to build up a Wireguard tunnel and route something over it.
Do you guys get a cut for traffic generated to his site or out of how many "clients" that guy "gets" thanks to you?:)
@ Znevna ....
IMO Rick Frey provides an excellent tutorial on using WireGuard and MikroTik and I hope that he gets as many clients as he deserves.

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 06, 2020 11:12 am
by Arcticfox
Nice version, but on CRS326-24S+2Q something goes wrong: Kernel panic on much of reasons.
1. Connected to HP virtual connect via SFP+ - kernel panic
2. Connected to Procurve switch and assigned vlan to port via Copper SFP- kernel panic
3. Connected to cisco n3k-c3064pq kernel panic

And this panic is so deep that console is unreachable after reboot. Only reset to factory defaults helps to move it out.

What I did wrong (else trying beta).

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 06, 2020 12:08 pm
by Znevna
This gentlemen wrote an in-depth tutorial for MikroTik site to site VPN:

https://rickfreyconsulting.com/wireguar ... n-example/
It's not rocket science to build up a Wireguard tunnel and route something over it.
Do you guys get a cut for traffic generated to his site or out of how many "clients" that guy "gets" thanks to you?:)
@ Znevna ....
IMO Rick Frey provides an excellent tutorial on using WireGuard and MikroTik and I hope that he gets as many clients as he deserves.
Ofc you'd say that, you're in the same business model. I also hope he gets as many clients as he deserves.
"excellent" and "in depth" tutorials should be written on the forum if the intention was to share some knowledge with the users, not on some personal website for personal gain *cough* and drop the link randomly on the forum so that his website would get hits from the curious users. Luckily those two tutorials by him fits neither.
Writing a tutorial on the forum also allows you to get some feedback on your solution from other experienced users and maybe ways to improve your tutorial/solution (see the VLAN articles by pcunite for example).
As a bonus the forum provides support for proper CODE blocks that the users are used to.
As I've said, dropping links to your personal website on this forum and reddit screams only one thing and nothing good about it.

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 06, 2020 12:12 pm
by pe1chl
...
I fully agree with you, and also I think he is mainly a wireguard fanboi and makes false claims about the alternative methods (especially on RouterOS).
But hey, there are many of them.

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 06, 2020 12:43 pm
by huntermic
I have an issue here with the 7.1 beta 2 on 3 hAp ac^2 devices. Had te return to the stable branch for wireless to become stable again.
On all devices i had serious stability issues.

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 06, 2020 12:45 pm
by pe1chl
I have an issue here with the 7.1 beta 2 on 3 hAp ac^2 devices. Had te return to the stable branch for wireless to become stable again.
On all devices i had serious stability issues.
Such a posting would actually be useful when it included relevant details of what you were experiencing.

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 06, 2020 1:22 pm
by nostromog
I have an issue here with the 7.1 beta 2 on 3 hAp ac^2 devices. Had te return to the stable branch for wireless to become stable again.
On all devices i had serious stability issues.
He told that the same I am seeing: devices get stuck but otherwise connected on both interfaces.
Some time after last disable/enable cycle or reboot, any of the devices stop flowing through the wireless connection. If they are "clever" they migrate to the other, say wlan2. I often find after a few hours that all devices except one are in, say wlan1 and only one is in registration table at wlan2, but not working. disable/enable makes it work again, until it failed
It was not happening in 7.1beta1, it takes a few hours to happen, seems to be related with noise and distance, as it got better to me by:
* increasing the antenna gain in both interfaces (which also made for better signal overall and less warm router, BTW).
* changing a few other wireless settings.
Currently I have:
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-key-update=1h mode=dynamic-keys supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode antenna-gain=4 band=2ghz-onlyn channel-width=\
    20/40mhz-Ce country=spain disabled=no frequency=auto installation=indoor mode=ap-bridge ssid=MT \
    wireless-protocol=802.11 wmm-support=enabled
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode antenna-gain=5 band=5ghz-onlyac basic-rates-a/g=12Mbps \
    channel-width=20/40/80mhz-XXXX country=spain disabled=no frequency=auto installation=indoor mode=ap-bridge rate-set=configured \
    ssid=MT vht-supported-mcs=mcs0-9,mcs0-9,none wireless-protocol=802.11 wmm-support=enabled
and it happens less than with the default settings. Failing devices are mostly android, but also a windows and a linux laptop occassionally. I have set wireless debug in one of the phones and saw a message like NETWORK_UNAVAILABLE DHCP NOT RESPONDING=1 (I'm inventing the message but it was the idea). The router thought that the phone was happily connected, BTW, but it disappeared from registration table when I switched wifi off / on in the phone, only to return to the same when I forced to reconnect. After disable/enable of the wlanN interface everything works again... for a few hours.

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 06, 2020 1:39 pm
by huntermic
I have an issue here with the 7.1 beta 2 on 3 hAp ac^2 devices. Had te return to the stable branch for wireless to become stable again.
On all devices i had serious stability issues.
Such a posting would actually be useful when it included relevant details of what you were experiencing.
I know and i'm sorry for that but i had to revert to a stable situation because of work i had to do. But still i thought it might be usefull to report.
The issues i had were with wifi.
Clients disconnected frequently and could often not get an ip address.
Sometimes wifi totally stopt functioning until turned of and on again on the hAp ac^2.

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 06, 2020 2:02 pm
by rooted
I don't know the guy who wrote the tutorial and I'm not a network engineer, seemed in depth enough to help me so I thought it may help others.

Lighten up, I removed the post...

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 06, 2020 8:20 pm
by Znevna
bug: 7.1beta2, hAP ac2
changing any interface name belonging to the internal switch using WinBox GUI makes the router reboot:
sep/06/2020 20:14:55 system,error,critical router rebooted because some critical program crashed
Doing the same thing from terminal however: /interface/ethernet/print; /interface/ethernet/set X name=ethX; works fine.

LE: another bug(?) same version/hardware.
Leaving CPU Frequency to auto, I can see the frequency going up to 896MHz on high load. Ain't this dangerous?
Shouldn't we have an option to set max freq to the default frequency of the CPU? and not overclock it? As overclocking it can lead to .. well, problems?
Thanks.

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 06, 2020 11:13 pm
by subway
Bug:

1. After the upgrade (from latest stable), the PPPoE server was completely gone, but just that: the Secrets, Profiles and the rest of the PPP interfaces stayed.
2. After (or since) the upgrade, it is not possible to configure an interface as gateway under IP --> Routes. The only possibility is to set an IP as gateway.

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 06, 2020 11:19 pm
by Znevna
You can write the interface name manually and it will work even if there's no list from which you could easily select it.
On another note, I can't figure out how to setup load balancing using ECMP. More exactly how to adapt this old tutorial for v7: https://wiki.mikrotik.com/wiki/ECMP_loa ... masquerade

Re: v7.1beta2 [development] is released!

Posted: Tue Sep 08, 2020 12:01 am
by teleport
have RBG450GX4 with latest stable version. am trying to apply 7.1 beta 2. no matter what approach i take(use webfig/winbox->quickset/winbox->system->packages for upgrade,dropping npk file), i get the 'not enough space for upgrade' in the log after reboot.
here is log line 1 and 2 after reboot:
system,info 'installed system-7.1beta2'
system,error 'not enough space for upgrade'

mine is a plain vanilla install for home use with no additional configurations/packages/customizations.
please let me know

Re: v7.1beta2 [development] is released!

Posted: Tue Sep 08, 2020 1:15 pm
by subway
You can write the interface name manually and it will work even if there's no list from which you could easily select it.
Thanks! Is this just a bug in the beta that the drop down list is not visible?

After the upgrade the routes that had interfaces as gateway were all in red, and the interfaces were gone.

Re: v7.1beta2 [development] is released!

Posted: Tue Sep 08, 2020 1:22 pm
by nostromog
. Failing devices are mostly android, but also a windows and a linux laptop occasionally. I have set wireless debug in one of the phones and saw a message like NETWORK_UNAVAILABLE DHCP NOT RESPONDING=1 (I'm inventing the message but it was the idea).
I saw it again. The message was "NETWORK_SELECTION_DISABLED_DHCP_FAILURE=2 " (It was 1 last time I saw it. It recovers with disable/enable in wlan2 , disable/enable wlan1 in the router.

I'm not sure if the problem is due to connection o some other corruption: the wireless logs indicate good association followed by "sending station leaving (3)" about 8 seconds later, as if the station couldn't get dhcp going... but the router does not see any dhcp packet.

Re: v7.1beta2 [development] is released!

Posted: Tue Sep 08, 2020 3:10 pm
by casus
Wireguard does not connect from Mikrotik behind NAT to a Linux server with a white IP.

Re: v7.1beta2 [development] is released!

Posted: Tue Sep 08, 2020 3:15 pm
by eworm
Wireguard does not connect from Mikrotik behind NAT to a Linux server with a white IP.
What is a "white IP"?
But Wireguard with Mikrotik behind NAT is not a problem for me.

Re: v7.1beta2 [development] is released!

Posted: Tue Sep 08, 2020 3:25 pm
by sindy
What is a "white IP"?
"White IP" is used in the post-soviet area instead of "public IP". "Grey" means "private". No idea what's the origin of this.

Re: v7.1beta2 [development] is released!

Posted: Tue Sep 08, 2020 3:30 pm
by casus
What is a "white IP"?
Without using NAT. Without port forwarding, the interface address is not in the private or gray IP range.
Linux - conditionally server, Mikrotik - peer.
But Wireguard with Mikrotik behind NAT is not a problem for me.
Share a secret )

Re: v7.1beta2 [development] is released!

Posted: Tue Sep 08, 2020 3:48 pm
by eworm
But Wireguard with Mikrotik behind NAT is not a problem for me.
Share a secret )
I'm sorry, but there's no secret... Just works for me.
Show you configuration export, possibly there's something fishy.
/interface/wireguard/export hide-sensitive

Re: v7.1beta2 [development] is released!

Posted: Tue Sep 08, 2020 4:51 pm
by casus
follow the instructions from here : https://rickfreyconsulting.com/wireguar ... n-example/
and: https://www.cyberciti.biz/faq/ubuntu-20 ... pn-server/
# model = 960PGS
# serial number = CB540BCF02D3
/interface wireguard
add listen-port=8526 mtu=1420 name=3001
/interface wireguard peers
add allowed-address=192.168.160.0/24 endpoint=XX.181.201.XXX:61830 interface=3001 public-key=\
    "Fp9D00OEAHH9zotl3pw6cMTmwICL/OkZEj7KBo4ZWns="

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 09, 2020 9:32 am
by Tinuva
Upgraded my RB3011 this morning to 7.1beta 2.
Image
I reset the router before upgrading and only configured it with a WAN connection to upgrade to Beta2.

Upgrade seemed to go okay so I set about configuring it correctly.

First issue was renaming an interface (ether1 renamed to WAN) would result in a reboot as soon as I clicked OK or Apply.

Second issue was a deal breaker and that was all 10 interfaces were limited to 10Mb only. I tried manually setting them to 1Gb full duplex but to no avail.

I reverted back to 6.47.2 so unfortunately I can't generate a supout but just wondering if anyone has seen anything similar? Surely there are other RB3011 users out there that have upgraded?
I have a similar issue like this on my RB750Gr3.

Upgraded to 7.2beta2 from 6.47 without resetting the router before the upgrade. It was then in a reboot loop until I reset it.

Afterwards, all 5 ports would connect at 1Gbps however, after a while, my WAN port ether1 would be stuck on 10Mbps sync, no matter what I do, different cables, different devices, it was stuck.
So moved the WAN port to ether5 and after a week same thing, except now I have both ether1 and ether5 stuck on 10Mbps sync.
I have moved the WAN to ether2 now, but if this keeps on happening, I will have to look at downgrading too :(

Really liked using wireguard, but 1Gbps ports are more important.

edit:
Actually I see this:
[admin@MikroTik] >> /interface/ethernet/export                                                
# sep/09/2020 08:38:45 by RouterOS 7.1beta2
# software id = VQDT-J37Q
#
# model = RouterBOARD 750G r3
# serial number = 8AFF080AF8C6
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full
set [ find default-name=ether5 ] advertise=10M-half,10M-full
Trying unset doesnt work:
/interface ethernet unset [ find default-name=ether1 ] value-name=advertise
What is the correct way to unset this advertise command ?

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 09, 2020 11:06 am
by sindy
What is the correct way to unset this advertise command ?

/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full

Before issuing the command above, use /interface ethernet export verbose - it will show you that the value of the advertise parameter is set to this list for ether2-ether4; it's just that without the verbose modifier, the export does not show parameters with default values.

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 09, 2020 11:18 am
by Tinuva
Thank you @sindy that fixed it for me ;)

Re: v7.1beta2 [development] is released!

Posted: Thu Sep 10, 2020 4:18 am
by rplant
Minor SFTP issue

winscp logging into router (hapac^2)
The top level directories (/flash, /disk1) show as broken links.
I can't click on them and go there.
I can type in /flash into winscp's open directory menu and that works fine.

Re: v7.1beta2 [development] is released!

Posted: Thu Sep 10, 2020 4:53 am
by reddin
Wireguard does not connect from Mikrotik behind NAT to a Linux server with a white IP.
I've tried to connect like this to a dozen of a servers and everything worked well enough for me.

I've been wondering is it possible to generate keys on mikrotik for wireguard peers?

Re: v7.1beta2 [development] is released!

Posted: Thu Sep 10, 2020 7:37 am
by huntermic
I would like to install v7.1beta2 on a RB4011 but it complains that it is missing multicast-7.1beta2-arm.npk
At the moment i'm running 6.48beta35 with the multicast package as extra package.
How do i upgrade without loosing the multicast functionality ( i use it for igmp-proxy ) ?

I got an answer from mikrotik: There is no multicast package, it is now part of system package, however IGMP-Proxy is not available in ROSv7 at the moment.

Re: v7.1beta2 [development] is released!

Posted: Thu Sep 10, 2020 10:18 am
by casus
I've tried to connect like this to a dozen of a servers and everything worked well enough for me.

I've been wondering is it possible to generate keys on mikrotik for wireguard peers?
The Packet Sniffer on Mikrotik itself does not see any attempts to communicate with the server at all, filters by IP or port do not catch any packets in the direction of the server when the Wireguard interface is turned on and off.
Settings are made after Hard Reset, minimal - external interface and wireguard (+ manual IP for Wireguard interface).

Re: v7.1beta2 [development] is released!

Posted: Fri Sep 11, 2020 2:45 am
by rplant
I've been wondering is it possible to generate keys on mikrotik for wireguard peers?
You can make a second wireguard interface, and copy the private and public key out of it.
Then delete it.

Re: v7.1beta2 [development] is released!

Posted: Fri Sep 11, 2020 2:46 am
by rplant
Wireguard implementation seems to have gone pretty smoothly.

I don't suppose a backport to V6 is possible :)

Re: v7.1beta2 [development] is released!

Posted: Fri Sep 11, 2020 9:01 am
by rplant
One issue with wireguard.

Sometimes It doesn't seem to keep its connection mark on output
The input to wg is coming in with a connection mark, but the output sometimes has
no connection mark.

Actually, on further review, its only when the output needs to go via a non default route.
(route marking needed), and also happens with Openvpn (and perhaps others)
sstp (tcp) using the same connection and route marking works correctly.

Re: v7.1beta2 [development] is released!

Posted: Fri Sep 11, 2020 10:35 pm
by cihancan
Ive asked in the forums before updating to V7. One of the supports said it wont harm your device. I did it and it bricked my device. Thanks and sadly i will need to buy another retarded mikrotik device because its my only option. Plus LDF-5 doesnt work in net install mode my computer doesnt recognize it. Sad...

Re: v7.1beta2 [development] is released!

Posted: Fri Sep 11, 2020 11:05 pm
by pe1chl
Users claiming netinstall doesn't work normally have made a mistake. It is not wise to try netinstall first on a device that already is in trouble, as when you tried it on a working device you would have found it is usually finicky.
You have to get the feel of it, and of course you have to have all the necessary preconditions present.
When you do it all correctly, it will also work on your dead LDF 5.

Re: v7.1beta2 [development] is released!

Posted: Sat Sep 12, 2020 3:20 pm
by nostromog
Ive asked in the forums before updating to V7. One of the supports said it wont harm your device. I did it and it bricked my device. Thanks and sadly i will need to buy another retarded mikrotik device because its my only option. Plus LDF-5 doesnt work in net install mode my computer doesnt recognize it. Sad...
Follow the manual until you arrive to configure netbooting. Then ignore what the image days (192.168.88.3) and set instead 192.168.88.1.

Then it will work.

Enviado desde mi Redmi Note 5 mediante Tapatalk


Re: v7.1beta2 [development] is released!

Posted: Sat Sep 12, 2020 11:43 pm
by sapphire112
downgrade V7.1 beta2 impossible to downgrade Mikrotik chateau LTE12 stable version 6.47.3 no working Need help

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 13, 2020 4:22 pm
by sindy
Any change on the wireguard interface changes the mtu to 1420.
[me@chr-7-1] > interface/wireguard/print
 0 name="wg-0" mtu=1500 listen-port=5555 private-key="CE8v6Js/u5gw4qyIvVbY0idQ7fu4dArDK2dwDz4q33c=" public-key="Mrm8SbfGOmEnIUfmWrI+YBRV8fClymdgaceY+EjHqhY="
[me@chr-7-1] > interface/wireguard/set [find name=wg-0] name=wg-1
[me@chr-7-1] > interface/wireguard/print
 0 name="wg-1" mtu=1420 listen-port=5555 private-key="CE8v6Js/u5gw4qyIvVbY0idQ7fu4dArDK2dwDz4q33c=" public-key="Mrm8SbfGOmEnIUfmWrI+YBRV8fClymdgaceY+EjHqhY="

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 13, 2020 4:24 pm
by santyx32
downgrade V7.1 beta2 impossible to downgrade Mikrotik chateau LTE12 stable version 6.47.3 no working Need help
The device was launched with 7.X out of the box, you can't go lower than that

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 13, 2020 6:43 pm
by sapphire112
downgrade V7.1 beta2 impossible to downgrade Mikrotik chateau LTE12 stable version 6.47.3 no working Need help
The device was launched with 7.X out of the box, you can't go lower than that
thank
to select the external antenna the menu which I must select both div main! ::

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 13, 2020 9:44 pm
by Shizumi
I have an issue here with the 7.1 beta 2 on 3 hAp ac^2 devices. Had te return to the stable branch for wireless to become stable again.
On all devices i had serious stability issues.
He told that the same I am seeing: devices get stuck but otherwise connected on both interfaces.
Some time after last disable/enable cycle or reboot, any of the devices stop flowing through the wireless connection. If they are "clever" they migrate to the other, say wlan2. I often find after a few hours that all devices except one are in, say wlan1 and only one is in registration table at wlan2, but not working. disable/enable makes it work again, until it failed
It was not happening in 7.1beta1, it takes a few hours to happen, seems to be related with noise and distance, as it got better to me by:
* increasing the antenna gain in both interfaces (which also made for better signal overall and less warm router, BTW).
* changing a few other wireless settings.
Currently I have:
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-key-update=1h mode=dynamic-keys supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode antenna-gain=4 band=2ghz-onlyn channel-width=\
    20/40mhz-Ce country=spain disabled=no frequency=auto installation=indoor mode=ap-bridge ssid=MT \
    wireless-protocol=802.11 wmm-support=enabled
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode antenna-gain=5 band=5ghz-onlyac basic-rates-a/g=12Mbps \
    channel-width=20/40/80mhz-XXXX country=spain disabled=no frequency=auto installation=indoor mode=ap-bridge rate-set=configured \
    ssid=MT vht-supported-mcs=mcs0-9,mcs0-9,none wireless-protocol=802.11 wmm-support=enabled
and it happens less than with the default settings. Failing devices are mostly android, but also a windows and a linux laptop occassionally. I have set wireless debug in one of the phones and saw a message like NETWORK_UNAVAILABLE DHCP NOT RESPONDING=1 (I'm inventing the message but it was the idea). The router thought that the phone was happily connected, BTW, but it disappeared from registration table when I switched wifi off / on in the phone, only to return to the same when I forced to reconnect. After disable/enable of the wlanN interface everything works again... for a few hours.
Can confirm the DHCP issue on RB4011iGS+5HacQ2HnD-IN, though I've only had it happen with one laptop (AC 9560, Arch Linux: linux 5.8.7.arch1-1 networkmanager 1.26.2-1). I was initially reluctant to blame RouterOS since I do tinker with a lot of experimental stuff (and the network card allegedly sometimes has issues with BT, got a new BT mouse recently, etc.), and all other devices seemed to operate normally, but after finally spending a few hours troubleshooting this I have to assume it's the router. RouterOS log only shows the client connecting and disconnecting. Linux/networkmanager log shows a DHCP timeout, which will (by default) make it disconnect after 45s and try reconnecting again. I noticed a DHCP lease does exist for the MAC address.

It isn't very consistent though, 7.1b2 worked normally at first, then the issue would occasionally kill the connection, but would be successfully reestablished after a few reconnects. It gets worse over time, from 1-2 times per day to every few minutes, until DHCP would fail every single time (no clear indication why). All other devices I checked worked normally at the time. Router restart fixes the issue temporarily.
Everything worked fine with 7.0 (I think b5, pretty sure I didn't test out 7.0b7 onwards with the new kernel).

Re: v7.1beta2 [development] is released!

Posted: Mon Sep 14, 2020 12:48 am
by gzgenm
Can't make ptp ospf work with mikrotik running 6.47

Re: v7.1beta2 [development] is released!

Posted: Mon Sep 14, 2020 10:22 pm
by Chupaka
I have ospf working over L2TP and SSTP, but there's some (visual?) weirdness in /ip routes with dynamic routes...

Re: v7.1beta2 [development] is released!

Posted: Tue Sep 15, 2020 10:00 am
by mrz
What kind of weirdness? Known issue is that ospf route can appear twice in routing table.

Re: v7.1beta2 [development] is released!

Posted: Tue Sep 15, 2020 10:37 am
by 2be
Hello guys,

Could you please tell me, how can I set gateway value to the specific interface for incoming BGP filter?
/routing/filter/rule/add action=accept chain=bgp_in set-in-nexthop-direct=gateway1
doesn't seem to work. Perhaps set-in-nexthop-direct isn't implemented yet in ROS 7?

Is there any workaround for this?

Re: v7.1beta2 [development] is released!

Posted: Tue Sep 15, 2020 3:56 pm
by Chupaka
What kind of weirdness? Known issue is that ospf route can appear twice in routing table.
Exactly: viewtopic.php?p=812440#p812440

Re: v7.1beta2 [development] is released!

Posted: Tue Sep 15, 2020 11:28 pm
by Fopwoc
my router was hacked on this beta version!

Ip of the malware from Hong Kong

Re: v7.1beta2 [development] is released!

Posted: Tue Sep 15, 2020 11:31 pm
by Jotne
I guess you have opened the admin (web/winbox/ssh or other) from internet.
Do you use VPN or secure your ruter better.

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 16, 2020 12:03 am
by Chupaka
my router was hacked on this beta version!

Ip of the malware from Hong Kong
Any details?

Re: v7.1beta2 [development] is released!

Posted: Thu Sep 17, 2020 4:56 am
by 4903000
Consider IPv6 NAT function please!
In my network enviroment I use 6in4 tunnel to access IPv6 resource ,It's just provide only one IPv6 address,so I need IPv6 NAT(ip6tables) to masquerade private IPv6 address.
Thanks!

Re: v7.1beta2 [development] is released!

Posted: Thu Sep 17, 2020 10:26 am
by spaxton
Hello,

I didn't install this version but I would like to ask if there will be any FTTH GPON settings parameters in this version..? Means that if I insert a GPON L2 SFP like Huawei HPSP2120, will there be any settings in mikrotik to add like LOID, password, PON serial...?

Best Regards.

Re: v7.1beta2 [development] is released!

Posted: Fri Sep 18, 2020 4:26 pm
by xayide
Can you get 1Gbps wireguard throughput on any of the mikrotik devices at this time?

Re: v7.1beta2 [development] is released!

Posted: Fri Sep 18, 2020 7:33 pm
by Paternot
Can you get 1Gbps wireguard throughput on any of the mikrotik devices at this time?
They posted a print with one hAP AC2 doing 700 Mbps. Given the CPU used by the RB4011, with also 4 cores and much higher processing power, I'd say yes.

Re: v7.1beta2 [development] is released!

Posted: Fri Sep 18, 2020 9:18 pm
by xayide
Thats a dream coming true. Getting away from the monster high frequency Intel Xeon (running openvpn at 700Mbps and now wireguard at 1Gbps, which is no problem) down to a single small router with poe and 1 gbps of protected internet....Just move all servers over to a tiny intel nuc to, if one can do with mikrotik I will not even need dual NIC or 2,5gbps to do full duplex firewalling at 1gbps. This is awesome!

Re: v7.1beta2 [development] is released!

Posted: Sat Sep 19, 2020 11:35 am
by sku
They posted a print with one hAP AC2 doing 700 Mbps. Given the CPU used by the RB4011, with also 4 cores and much higher processing power, I'd say yes.
I just setup Wireguard on my hAP AC² to replace the IPSEC tunnel I had before and am seeing around ~ 230 Mbit/s with max overclocked CPU on it. Would be nice to squeeze out a little bit more. Here is the CPU load while it's running and I have fasttrack disabled.

Image

Thanks to Mikrotik for Wireguard in the first place it's an amazing addition.

I can also confirm that 2,4 GHZ Wifi is broken and client's don't get dhcp on that one, 5 GHZ seems to work fine.

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 20, 2020 1:09 pm
by nostromog
I just setup Wireguard on my hAP AC²

(...)

I can also confirm that 2,4 GHZ Wifi is broken and client's don't get dhcp on that one, 5 GHZ seems to work fine.
For me it works... until it stops working. Then I do
/interface/wireless { disable wlan1; enable wlan1}
ant it works again... until it stops working again, in a few hours.

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 20, 2020 10:24 pm
by 14459278
System>Resources> CPU & CPU frequency not showing on RouterOS v7 BETA... Its problem???

Re: v7.1beta2 [development] is released!

Posted: Mon Sep 21, 2020 8:10 am
by anthonws
I just setup Wireguard on my hAP AC²

(...)

I can also confirm that 2,4 GHZ Wifi is broken and client's don't get dhcp on that one, 5 GHZ seems to work fine.
For me it works... until it stops working. Then I do
/interface/wireless { disable wlan1; enable wlan1}
ant it works again... until it stops working again, in a few hours.
+1 quite unstable WiFi connection. Devices don't get DHCP. Had to force static lease for my Android phone, otherwise it would never connect... Same thing happens with my iPad.

Re: v7.1beta2 [development] is released!

Posted: Mon Sep 21, 2020 6:03 pm
by ksteink
Any dates to get the Stable Release? I like to not continue using 6.xx and already push to get 7.xx

Re: v7.1beta2 [development] is released!

Posted: Mon Sep 21, 2020 10:42 pm
by nemoforum
RouterOS version 7.1beta2 has been released in public "development" channel!
Can also confirm a DHCP issues on hAP ac2: wireless clients time to time are unable to get IP address and reconnect in a loop.
WLAN interface disabling/enabling temporary "fix" the problem.

Re: v7.1beta2 [development] is released!

Posted: Mon Sep 21, 2020 10:54 pm
by pe1chl
Any dates to get the Stable Release? I like to not continue using 6.xx and already push to get 7.xx
There are still so many small issues (and likely some big ones) that it would be foolish to promote it to "stable" anytime soon!
And of course it would have to go via "testing" anyway.

Re: v7.1beta2 [development] is released!

Posted: Mon Sep 21, 2020 11:41 pm
by Paternot
Any dates to get the Stable Release? I like to not continue using 6.xx and already push to get 7.xx
There are still so many small issues (and likely some big ones) that it would be foolish to promote it to "stable" anytime soon!
And of course it would have to go via "testing" anyway.
All true. But sometimes I start thinking about it. No idea when it will be released, but I hope it will be before june 2021. One can always dream... :D

Re: v7.1beta2 [development] is released!

Posted: Thu Sep 24, 2020 5:29 pm
by NAB
I can confirm that WireGuard 'just works'. Did a lab configuration and it was fine, so reconfigured the office anonymous VPN with our preferred supplier (https://vpn.ac/) who we have no hesitation in recommending, and that just worked too.
Can't wait for a proper 'stable' release of ROS7 now so we can start replacing various L2TP/IPSec and other VPNs across our entire customer base. Shame we lost that huuuuuuuuge potential customer some time ago though :-(

Thank you for WireGuard, Mikrotik.

I have several issues with v7 though....

* I'm not bothered about only being able to specify the WireGuard port from the command line, but I do get annoyed by having to reset the endpoint from the command line after I change something else in the peer definition.
* The packet sniffer doesn't show source and destination IPs in its live packet log (this actually stopped working at some point in v6).
* The drop-down route/interface box has gone when you create a route - now you have to type interface names in rather than just select them.

Re: v7.1beta2 [development] is released!

Posted: Fri Sep 25, 2020 10:41 am
by Znevna
Ah, stupid me... Of course it's keepalive.
/ interface gre unset keepalive [ find ]
!!!!! this fixed my IPIP tunnel too. lol (unsetting keepalive for ipip that is).
THANKS.
[admin@gw-viper-rds] /interface/ipip> print       
Flags: R - RUNNING
Columns: NAME, MTU, ACTUAL-MTU, LOCAL-ADDRESS, REMOTE-ADDRESS, DSCP
  #     NAME            MTU   ACTU  LOCAL-ADDRESS  REMOTE-ADDRE  DSCP   
  0  R  ipip-tunnel-z3  auto  1402  172.28.252.69  172.28.252.1  inherit
Running! ^^
Wanted to write about this earlier but forgot.
Things are half working.
The only way I managed to keep the tunnel running and alive was to leave keep-alive set on the 6.46.x end and leave it off on the 7.1b2 end, but also had to set a netwatch on 7.1b2 to ping the 6.46.x end every 10 seconds. Or else the tunnel goes down (the 6.46.x end stops running).
Weird.

Re: v7.1beta2 [development] is released!

Posted: Fri Sep 25, 2020 11:39 am
by pe1chl
That is likely due to an unrelated issue, e.g. there is a NAT router somewhere inbetween or you use connection-tracking and not enough rules to be able to open the connection from both ends.
In such a situation the tunnel will fail when there is no traffic for more than the timeout of the connection tracking.

Re: v7.1beta2 [development] is released!

Posted: Fri Sep 25, 2020 12:01 pm
by Znevna
Excluded, same config works fine without "workarounds" between 6.46.x versions.
Without the netwatch set in 7.1b2, the end from 6.46 fails after the keepalive timeout (10,3 = it stops running after 30 sec.) nothing to do with conntrack.

Re: v7.1beta2 [development] is released!

Posted: Fri Sep 25, 2020 6:01 pm
by mafiosa
One year since v7 came into existence yet it is till in BETA. Hope to see RC by next year.

Re: v7.1beta2 [development] is released!

Posted: Sun Sep 27, 2020 11:46 pm
by scampbell
@Paternot
I 4 1 do NOT believe that It will do routing at wire-speed ... why I do not believe that .... because for L3 wire-speed requires an ASIC and non of the hardware specs I see have that L3 ASIC in the gear. Yes there will be an improvement in performance but nowhere near wire-speed.
https://i.mt.lv/cdn/product_files/CRS32 ... 200149.png
Are you sure that mention switchip doesn't have that feature?
https://www.marvell.com/content/dam/mar ... 016-12.pdf

Re: v7.1beta2 [development] is released!

Posted: Mon Sep 28, 2020 5:33 pm
by NAB
I appear to have found a problem with WireGuard.

From a x86_64 build, I can connect successfully to a Hap AC Lite, a Debian box and various VPN providers.
Unfortunately, when I try to bring up a connection to a CCR1009-8G=1S=1S+ (tile) box, the CCR crashes with a kernel failure.

I then tried to do a sup-output on the CCR, but that got to 8% and then did nothing more.

Re: v7.1beta2 [development] is released!

Posted: Mon Sep 28, 2020 5:37 pm
by NAB
I then tried to do a sup-output on the CCR, but that got to 8% and then did nothing more.
Update - after around half an hour, it jumped to 100% and finished!

Re: v7.1beta2 [development] is released!

Posted: Mon Sep 28, 2020 5:46 pm
by pe1chl
That is "normal", also for 6.47 versions. It does not always take half an hour but it can take considerable time, being stuck at 7 or 8%.

Re: v7.1beta2 [development] is released!

Posted: Mon Sep 28, 2020 7:49 pm
by NAB
That is "normal", also for 6.47 versions. It does not always take half an hour but it can take considerable time, being stuck at 7 or 8%.
:-) That shows how long it is since I've needed to generate one then!

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 30, 2020 11:49 am
by anuser
When can we expect the next v7 beta release?

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 30, 2020 1:49 pm
by Paternot
When can we expect the next v7 beta release?
When it's ready!

Sorry, couldn't resist. I thought it would be released last friday, but...

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 30, 2020 1:52 pm
by msatter
Friday is not a good day being the start of the Mikrotik weekend.

Sorry, couldn't resist.

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 30, 2020 2:06 pm
by Paternot
Friday is not a good day being the start of the Mikrotik weekend.

Sorry, couldn't resist.
But they ARE releasing it on fridays. At least the last 2 or 3 releases where on a friday. Yes, yes. I know: joking and all that. :D

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 30, 2020 2:28 pm
by pe1chl
That is correct, unless there is some urgent fix the new releases are normally on friday at the end of their business hours....
Good strategy, it prevents a lot of phonecalls etc.

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 30, 2020 5:37 pm
by Chupaka
Yeah, at least you can evaluate the scale of disaster by Monday, not jumping into every small reported bug right after the release :)

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 30, 2020 5:58 pm
by pe1chl
Yeah, at least you can evaluate the scale of disaster by Monday, not jumping into every small reported bug right after the release :)
Also lots of users would probably tend to call or file bugreports immediately when it was during the workweek, while in the weekend they know there will be no immediate response and they first study the matter a bit more, and find the solution themselves...

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 30, 2020 6:43 pm
by Paternot
To be honest, no one should jump the gun e install a new release into production. Well, there are exceptions, but...

Even (especially) if You don't have a lab to test: Wait and let the others do this for You.

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 30, 2020 8:50 pm
by mkx
Guys, stop telling everybody that they should wait for other people do testing of new release. If you do it long enough, nobody will test new release.

BTW, anybody installing beta version (the thread is about v7.1beta) in any approximation of production environment is living on the cutting edge and deserves whatever hits him/her.

Re: v7.1beta2 [development] is released!

Posted: Wed Sep 30, 2020 9:43 pm
by Paternot
Guys, stop telling everybody that they should wait for other people do testing of new release. If you do it long enough, nobody will test new release.

BTW, anybody installing beta version (the thread is about v7.1beta) in any approximation of production environment is living on the cutting edge and deserves whatever hits him/her.
LOLing here. :D

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 01, 2020 1:49 am
by SiB
mkx
Guys, stop telling everybody that they should wait for other people do testing of new release. If you do it long enough, nobody will test new release.

BTW, anybody installing beta version (the thread is about v7.1beta) in any approximation of production environment is living on the cutting edge and deserves whatever hits him/her.
but people with Chateau not have a way to go back to ros v6 bcs mtk give them only Ros7 and no way of installing v6 (except v6.99.x :p ).

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 01, 2020 11:15 am
by mafiosa
Lets hope to see 7.1 b3 or porbably 7.1 rc tomorrow xD

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 01, 2020 11:56 am
by huntermic
Lets hope to see 7.1 b3 or porbably 7.1 rc tomorrow xD
Don't expect rc in for long time, they first need to include all functionality and have that tested for some time.
Probably won't see a rc version this year.
I would be surprised to see a stable version 7 next year.

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 01, 2020 12:09 pm
by mafiosa
Lets hope to see 7.1 b3 or porbably 7.1 rc tomorrow xD
Don't expect rc in for long time, they first need to include all functionality and have that tested for some time.
Probably won't see a rc version this year.
I would be surprised to see a stable version 7 next year.
it is already 13 months since first beta was out.

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 01, 2020 12:12 pm
by huntermic
Lets hope to see 7.1 b3 or porbably 7.1 rc tomorrow xD
Don't expect rc in for long time, they first need to include all functionality and have that tested for some time.
Probably won't see a rc version this year.
I would be surprised to see a stable version 7 next year.
it is already 13 months since first beta was out.
Point being?

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 01, 2020 12:47 pm
by Eliot
Can't wait the stable one

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 01, 2020 2:28 pm
by santyx32
Looks like Mikrotik knows how to treat their employees, other companies would have rushed to push V7 into production as soon as possible.

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 01, 2020 3:38 pm
by bruins0437
Looks like Mikrotik knows how to treat their employees, other companies would have rushed to push V7 into production as soon as possible.
Can't rush perfection! :) Glad they are taking their time to get it right.

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 01, 2020 4:35 pm
by mkx
mkx
BTW, anybody installing beta version (the thread is about v7.1beta) in any approximation of production environment is living on the cutting edge and deserves whatever hits him/her.
but people with Chateau not have a way to go back to ros v6 bcs mtk give them only Ros7 and no way of installing v6 (except v6.99.x :p ).
My condolences go to victims of MT ;-)

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 01, 2020 11:08 pm
by mafiosa

Re: v7.1beta2 [development] is released!

Posted: Fri Oct 02, 2020 1:57 pm
by Chupaka
https://help.mikrotik.com/docs/display/ ... col+Status
seems like beta3 is almost there.
Check "Page history". Those changes are one month old :)

Re: v7.1beta2 [development] is released!

Posted: Fri Oct 02, 2020 2:55 pm
by Mikuser17
Installed beta 2 on a cap ac unit
The device was setup doing NAT and running Capsman.
CAP interfaces seemed ok but dhcp clients didn't receive an IP
After some time the CAP interfaces started disapearing in the interfaces list.
After 2 hours uptime alle interfaces including ether1 & ether2 were gone from the interfaces list.
15 min later I was unable to connect to the unit using web/ssh/winbox.
KR

Re: v7.1beta2 [development] is released!

Posted: Fri Oct 02, 2020 4:04 pm
by bruins0437
Lets hope to see 7.1 b3 or porbably 7.1 rc tomorrow xD
Maybe next week haha

Re: v7.1beta2 [development] is released!

Posted: Sat Oct 03, 2020 2:36 pm
by picnicsecurity
Any update on VTI support?
viewtopic.php?t=65734

Re: v7.1beta2 [development] is released!

Posted: Wed Oct 07, 2020 9:16 am
by madejson
RouterOS version 7.1beta2 has been released in public "development" channel!
Can also confirm a DHCP issues on hAP ac2: wireless clients time to time are unable to get IP address and reconnect in a loop.
WLAN interface disabling/enabling temporary "fix" the problem.
Also confirm DHCP Issue on 3 devices, two hAP ac2 and 962UiGS-5HacT2HnT. Even disabling/enabling wlan1 interface don't work for me. Removing host from DHCP server leases working, but not in whole situations.

Additionaly I registered rebooting and not saving settings for ethernet speed settings. I'm trying to disable autonegotiation and set speed manually, after confirm RB reboting and settings doesnt change.
Is someone have this same issue?
regards

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 08, 2020 8:12 am
by mafiosa
RouterOS version 7.1beta2 has been released in public "development" channel!
Can also confirm a DHCP issues on hAP ac2: wireless clients time to time are unable to get IP address and reconnect in a loop.
WLAN interface disabling/enabling temporary "fix" the problem.
Also confirm DHCP Issue on 3 devices, two hAP ac2 and 962UiGS-5HacT2HnT. Even disabling/enabling wlan1 interface don't work for me. Removing host from DHCP server leases working, but not in whole situations. Even if I set dhcp pool like 192.168.20.* i'm receiving from DHCP server ip's from 192.168.88.*, gateway 192.168.88.1. I have to set manually IP from my network, then working ok.

Additionaly I registered rebooting and not saving settings for ethernet speed settings. I'm trying to disable autonegotiation and set speed manually, after confirm RB reboting and settings doesnt change.
Is someone have this same issue?
regards
I faced the same issue so reverted back to stable. This is a very basic thing that should be working.

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 08, 2020 8:43 am
by BartoszP
@mafiosa

Is it a problem to press "Post reply" button to comment preceeding post instead of quoting it as a whole just to write few words?
Do you think that people are unable to follow the thread?

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 08, 2020 8:51 am
by notToNew
Do you think that people are unable to follow the thread?
What is the problem? It is just efficient and the forum Software shortens the text anyway. Instead of hist post, your post actually has nothing to add to the thread.
Why you think someone should read this value-less Post?

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 08, 2020 8:58 am
by BartoszP
You are asking right ... What is the problem to press "Post reply" instead of "Quote"? It is just a different button.

If I see a quote I wonder if poster has joined some replies or just quoted whole previous post so I have to check it.
Don't you think it is unneeded waste of time?

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 08, 2020 9:07 am
by notToNew
Don't you think it is unneeded a waste of time?
No, Not at all. I am much faster in understanding his point an have no need in ycrolling up and reading the last messages to understand.
It is just efficient!

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 08, 2020 9:29 am
by eworm
It is just efficient!
Right you are. But it is important to shorten the quote to what you actually intend to quote, just as we both did.
Quoting a post including a quote, including a quote, including a quote .... does not add mutch value.
So I am all for quotes if done right.

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 08, 2020 2:30 pm
by Guntis
m0x35, kylepharo, nostromog, Shizumi, sku, anthonws if you have issues with clients connecting to wlan and acquiring addresses from DHCP server, please write to support@mikrotik.com or contact us via our support portal https://help.mikrotik.com/servicedesk
In support ticket, please describe issue in detail, your network setup and create supout.rif file once issue is present and share it with us. Thank you for reporting the issue.

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 08, 2020 4:37 pm
by nostromog
(...) nostromog (...) please write to support@mikrotik.com or contact us via our support portal https://help.mikrotik.com/servicedesk In support ticket, please describe issue in detail, your network setup and create supout.rif file once issue is present and share it with us. Thank you for reporting the issue.
I can't because I had to go to stable in the only machine it had this problem (hAP ac^2). The rest of the machines I have running 7.1betas (no ARM, all one-core MIPSBE) are doing ok, so I guess it is either architecture dependent or dependent on number of cores, configuration, history of installs/configuration, or a mixture of those.

But you have enough people having the same problem.

Re: v7.1beta2 [development] is released!

Posted: Fri Oct 09, 2020 2:22 am
by dalami
Has anyone been able to restore normal/stable wifi operation on this beta? I loaded it on my home router for Wireguard - wifi is now useless. Fortunately I have a secondary wifi AP available.

Re: v7.1beta2 [development] is released!

Posted: Fri Oct 09, 2020 2:38 am
by dalami
Has anyone been able to restore normal/stable wifi operation on this beta? I loaded it on my home router for Wireguard - wifi is now useless. Fortunately I have a secondary wifi AP available.
At least for the past few minutes - after performing a "/interface wireless reset-configuration" for both 2G and 5G, and then setting the channel widths back to 20/40XX and 20/40/80XXXX, things seem to be working. We'll see if it stays that way for a while. Based on some other inconsistencies I'm guessing/hoping there's some issues with upgrading that might not exist in "clean" installs of 7.1b2.

Re: v7.1beta2 [development] is released!

Posted: Fri Oct 09, 2020 5:04 pm
by manbot
Hello everyone!

Have installed latest ROS7.1beta2 on CCR1009-7G-1C-1S+
Wireguard is not working on TILE architecture devices: can't point port on endpoint for PEER not from Winbox (as expected - was in thread earlier)not from console (Winbox terminal)

Suggestion, on my point of view - wait for next version.
Or, any advices from other "lucky" TILE device owners :)

Re: v7.1beta2 [development] is released!

Posted: Sat Oct 10, 2020 1:09 pm
by madejson
Is someone prepared tickets with mentioned wifi issue? I'm not so experienced as most of you so basing on my konwledge could be wrong. I hope that new release will have fixes for all problems discussed here.

Other thing: should we register tickets for every single issue mentioned here?
Regards

Re: v7.1beta2 [development] is released!

Posted: Sat Oct 10, 2020 11:48 pm
by maxsmith
I'm currently using and this is working good...

Thanks

Re: v7.1beta2 [development] is released!

Posted: Tue Oct 13, 2020 9:45 am
by izytech
It would be really great if statistics for outgoing hardware queues could be visible in cli, winbox and snmp. For most of the CRS3xx switches the chipset have 8 hw output queues. But we cant see any stats for them.

It would also be very nice to have a ratelimiter per outgoing qos queue but thats a nice to have only.

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 15, 2020 9:17 pm
by lucim101
OVPN over UDP works great for me on CHR

I did notice when I try to add a routing mark I cant type any New Routeing Mark , It only have one option and that is to choose main,

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 15, 2020 9:23 pm
by lucim101
Hello!
Just upgraded to v7.1b2 and spotted a few issues:
First and most important is routing marks don't work
The second one is about wireguard. Why I can't specify the port number for peer? Is it intended or a bug as well?
The Routing Marks it a bummer, basically the only thing holding me back to do some proper testing on OVPN UDP

Re: v7.1beta2 [development] is released!

Posted: Fri Oct 16, 2020 2:04 pm
by osc86
We know that DHCP doesn't work in the current beta (for wireless clients), but for me the wireless interfaces are not passing any kind of traffic. Even if I use a static ip address / DNS / Gateway on a wireless device, it can't connect to any host on the network or the internet. The traffic is bridged out locally.
I can't find an error in my configuration.
Is it working for anyone?

Re: v7.1beta2 [development] is released!

Posted: Fri Oct 16, 2020 2:10 pm
by mrz
OVPN over UDP works great for me on CHR

I did notice when I try to add a routing mark I cant type any New Routeing Mark , It only have one option and that is to choose main,
Probably this will help you to set up routing tables:
https://help.mikrotik.com/docs/display/ ... icyRouting

Re: v7.1beta2 [development] is released!

Posted: Fri Oct 16, 2020 4:14 pm
by dgnevans
I put on a test unit. RB951G-2HnD
Testing OSPF. wanted to add a filter if you click routing then filter nothing appears in Winbox.
Under OSPF Instances if you try to choose Ou-Filter Winbox will close.

Re: v7.1beta2 [development] is released!

Posted: Fri Oct 16, 2020 5:05 pm
by mrz
From v7 changelog:
-) Winbox does not show all features, use CLI for most functionality

Re: v7.1beta2 [development] is released!

Posted: Fri Oct 16, 2020 9:51 pm
by matlib
Hey all,
someone with Chateau 12LTE who was able to get properly working with SIM card?
Modem is very unstable and connection after a while drops.

Re: v7.1beta2 [development] is released!

Posted: Fri Oct 16, 2020 11:01 pm
by dalami
I just had my hAP AC2 powered down for a period (about 12 hours) - and on turning it back on I found it...wiped. Totally reset to default including wiping the file storage...where I had stored a couple backup configs. And being brilliant as usual I hadn't downloaded them for safekeeping.

Given that this is my home router re-configuring wasn't that big a deal. But...dunno if this has been seen by anyone else or not. I don't *think* I pushed anything for reset purposes during the startup, and I don't *think* anybody else fiddled with the equipment last night.

On the positive side - this theoretically means I'm starting with a clean QuickSet config for Home Dual AP so things *should* be setup optimally...right?

Daniel

Re: v7.1beta2 [development] is released!

Posted: Fri Oct 16, 2020 11:35 pm
by xvo
including wiping the file storage...where I had stored a couple backup configs
Are you sure they were in /flash folder, not in the root directory that is mounted to RAM?

Re: v7.1beta2 [development] is released!

Posted: Sat Oct 17, 2020 12:16 am
by dalami
I learned something new again. Thanks! Yes - I'm sure the backup files were in the root level - though they were there previously during other reboots.

Re: v7.1beta2 [development] is released!

Posted: Sat Oct 17, 2020 10:52 am
by pe1chl
It is normal that you lose all the files stored in the filesystem and not in the flash directory (and you should not keep a stash of backups there because it fill fill up the small flash space available).
However, it is NOT normal that the unit comes back with all the settings set to defaults. Settings should be always saved in flash.

Re: v7.1beta2 [développement] est libéré!

Posted: Sun Oct 18, 2020 1:31 am
by sapphire112
Hey all,
someone with Chateau 12LTE who was able to get properly working with SIM card?
Modem is very unstable and connection after a while drops.
I have the same problem the C.A falls quickly

Re: v7.1beta2 [développement] est libéré!

Posted: Tue Oct 20, 2020 4:42 pm
by SiB
sapphire112
I have the same problem the C.A falls quickly
Long story short:

Re: v7.1beta2 [development] is released!

Posted: Wed Oct 21, 2020 4:28 am
by sdegler
Hey I do aspects of the Datacenter world in my day job. HW enabled wirespeed L3 routing on a single ASIC is pretty standard fare in that world, and has been so for some time. However, I wouldn't look for policy based routes, full internet routing tables, smart queues, complex firewall filtering, or anything like that. So its a mixed blessing, and many datacenter network software failure scenarios center on the disparities between the capabilities of the asic and the cpu, which are basically the only two chips on a top of rack or spine switch. Its relatively easy to overwhelm the CPU and the usually PCIE interface to it from the asic. This is why there is so much todo about "control plane policing" COPP with these devices. A few million pps means nothing to the asic but a fraction of it will melt the CPU if its control plane traffic like spanning tree and routing protocol updates.

However you are correct in that only a few vendors provide routers that can forward millions of pps with arbitrarily complex routing policy and flow based shaping and analysis.
I am familiar with how CISCO does in on their MLS devices. Typically for wire-speed routing in the Cisco Switch world Cisco requires three entities to implement multilayer switching: the switching engine (SE), the route processor (RP), and the MLS protocol. The SE performs the switching function, the RP performs the routing function, and the MLS protocol provides for communication between these two devices. This aside, there is one very simple concept that makes it all possible: the flow. A flow can be defined as a stream of packets from the same source to the same destination using the same application. As an example, a flow could be an HTTP session between a source browser and a target server. In a Cisco MLS network, the initial packet in a session is routed via the RP, but all subsequent packets in that particular session are switched by the SE. The SE maintains a cache about these flows and can determine whether or not a given packet is part of an established session. If so, the SE rewrites the pertinent packet info as if it had been processed by the router and then switches the packet. This process is commonly referred to as “route once, switch many.” It occurs at switch speed, not at the slower router speed.

So in terms of MikroTik and RouterOS I do not see ANY functionality that mimics or deals with wire-speed Routing at the switch level.

Re: v7.1beta2 [development] is released!

Posted: Wed Oct 21, 2020 9:18 am
by dgnevans
On OSPF, I have mutiple vlans o nmy router. if their are other routers or devices using OSPF on the vlan then the VLAN is advertised to the other routers if not the vlan is omitted from the other routers. as a result have to setup static routes.
It appears to not redistribute the connected routes as it is not seeing them as active.
So have managed to get it to work.
What I had to do was add all my Vlans to one Area. lets say default 0.0.0.0
Before I was able to have default where all my routers connected to each other ie on a backbone vlan and then have an area with different area id for vlans not facing the backbone that are behind the router. now I had to add them all to the same area as temp work around. I think there are some bugs in OSPF. sure they will be resolved in upcoming version.

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 22, 2020 4:17 pm
by bruins0437
I think I am suffering from beta withdrawals. Lol

Image

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 22, 2020 4:30 pm
by 0xid0
This beta has a lot of bugs in ac2. Is there any way to downgrade to 6.48 but keeping configuration?

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 22, 2020 5:16 pm
by pe1chl
You can force a downgrade and then restore the backup you made before you installed the beta (you made a backup, right?).
Or you could make an export of the currently running version and keep that as a guide (download it to a PC and open it in notepad)
when configuring a 6.x version after you have reset it to defaults.
Most paragraphs from the export can probably still be cut/paste into a telnet to the router.
It is the usual somewhat-laborious work of transferrring a config to another router, that is not streamlined well in MikroTik.

Re: v7.1beta2 [development] is released!

Posted: Fri Oct 23, 2020 2:19 am
by mafiosa
Can we expect the next beta version today as it is a Friday and over 2 months since the last beta release?

Re: v7.1beta2 [development] is released!

Posted: Fri Oct 23, 2020 8:56 am
by mkx
Can we expect the next beta version today as it is a Friday and over 2 months since the last beta release?
We've got 6.47.6 yesterday. And it wasn't even Friday. I think that's enough for this weekend ;-)

Re: v7.1beta2 [development] is released!

Posted: Sat Oct 24, 2020 3:21 pm
by torstorm
micro SDCARD is not yet supported? Tile-Gx OHCI is not listed in usb resources...

Re: v7.1beta2 [development] is released!

Posted: Mon Oct 26, 2020 11:56 am
by nellson
Hello Folks

We are running routeros v7.1beta2 on a RBD53G-5HacD2HnD (Chateau LTE12), and have experienced some instability, all we can see when it happens, is one log entry:

router rebooted because some critical program crashed

I am not entirely sure, but I think we can provoke it, by changing port speed on an interface ex. to "100 half duplex" and back to "auto negotiate".
How can I help the developers debug this, in a meaningful way.

Update:
We can replicate this behaviour 100% of the times, when we are changing port speed on an interface.

Re: v7.1beta2 [development] is released!

Posted: Mon Oct 26, 2020 12:26 pm
by pe1chl
I am not entirely sure, but I think we can provoke it, by changing port speed on an interface ex. to "100 half duplex" and back to "auto negotiate".
While of course a router should not crash under these circumstances, this is a setting that you normally should not touch. It does not work like most people think it would!
When you want to control the speed/duplex, keep the "auto negotiate" setting but remove the "Advertise" checkmarks for the modes you do not want it to choose.

Re: v7.1beta2 [development] is released!

Posted: Mon Oct 26, 2020 12:30 pm
by SiB
nellson
How can I help the developers debug this, in a meaningful way.

Update:
We can replicate this behaviour 100% of the times, when we are changing port speed on an interface.
Write directly to support@mikrotik.com or create a case by https://help.mikrotik.com/servicedesk
Attach the last supout.rif, check if autosupout.rif not generate automatically on crash ?

Re: v7.1beta2 [development] is released!

Posted: Mon Oct 26, 2020 1:20 pm
by nellson
Thank you for your quick the responses.

I have systematically tried changing every possible speed and or duplex setting, it does not matter, the router crashes and reboots.

It will send in the suggested support files to mikrotik support.

Re: v7.1beta2 [development] is released!

Posted: Mon Oct 26, 2020 1:28 pm
by nellson
Here is a workaround, for those who need might need it before a fix is committed, you can set the advertised port speed and duplex setting via the console, then the router does not crash.

Update:
Settings will not be reflected in winbox, only on the console, but it works!

Re: v7.1beta2 [development] is released!

Posted: Mon Oct 26, 2020 2:49 pm
by rooneybuk
anyone tried configuring BGP in ROS7.1beta2 I would love to see some examples :)

Re: v7.1beta2 [development] is released!

Posted: Tue Oct 27, 2020 2:48 am
by MoNsTeRRR
anyone tried configuring BGP in ROS7.1beta2 I would love to see some examples :)
There is a full example in the doc https://help.mikrotik.com/docs/display/ ... figuration

Re: v7.1beta2 [development] is released!

Posted: Wed Oct 28, 2020 11:51 am
by mafiosa
anyone tried configuring BGP in ROS7.1beta2 I would love to see some examples :)
yes me too especially with filters. Also it's been 2 months since last beta release.

Re: v7.1beta2 [development] is released!

Posted: Wed Oct 28, 2020 12:05 pm
by rooneybuk
anyone tried configuring BGP in ROS7.1beta2 I would love to see some examples :)
There is a full example in the doc https://help.mikrotik.com/docs/display/ ... figuration
Thanks just want i needed :)

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 29, 2020 2:27 am
by McSee
Fasttrack doesn't work for me in 7.1beta2 on Chateau. It's shown as active in IP Settings, but counters there and in dummy rules in Firewall are all zeros.
Config is pretty basic and fasttrack works with the same config in 7.1beta1.

Edit: Also doesn't work with default config in 7.1beta2 and works in 7.1beta1.
no_ft.png

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 29, 2020 1:07 pm
by nellson
I am seeing the same behaviour on 7.1beta2, the fasttrack counters are indeed not working.

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 29, 2020 1:16 pm
by nellson
We are also experiencing unstable WiFi in version 7.1beta2 on a RBD53G-5HacD2HnD, clients are not able to receive a DHCP offer on 2G, not sure if 5G is affected though.

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 29, 2020 4:16 pm
by nemoforum
It seems wi-fi issue has been fixed in 7.1beta3. Running it for a week without any issues.
PS: not yet available for everyone.

Re: v7.1beta2 [development] is released!

Posted: Thu Oct 29, 2020 5:09 pm
by SiB
It seems wi-fi issue has been fixed in 7.1beta3. Running it for a week without any issues.
PS: not yet available for everyone.
We still wait for it bcs ppl have two other big problems: Both work's properly in ros7beta5

Re: v7.1beta2 [development] is released!

Posted: Fri Oct 30, 2020 3:32 pm
by mafiosa
It seems wi-fi issue has been fixed in 7.1beta3. Running it for a week without any issues.
PS: not yet available for everyone.
Beta 3? How did you get it?