v7.10beta [testing] is released!

Wed May 10, 2023 11:23 am

RouterOS version 7.10beta has been released on the "v7 testing" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.10beta8 (2023-May-22 18:52):

!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD (CLI only);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8 );
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - fixed "print without-paging" output in some cases;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sniffer - fixed large .pcap file limit;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;

What's new in 7.10beta5 (2023-May-09 13:38):

*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8 );
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - improved system stability for partial routing table offload;
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8 );
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while a router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.

honzam · Wed May 10, 2023 11:33 am

CubeSA upgraded without problems

Rox169 · Wed May 10, 2023 11:54 am

*) smb - improved SMB v1 operation;

I reported this bug. FYI Hikvision cameras should be able to use MT router USB as FTP remote storage for recording or recorging motion.

Thank you Mikrotik :) Now I will have to buy another hap AX3 :)

own3r1138 · Wed May 10, 2023 11:56 am

*) ovpn - improved system stability

The supout file is available, Ticket #SUP-96432.

DeGlucker · Wed May 10, 2023 12:03 pm

What is ice driver ? I am still waiting for fix for Atheros AR9380 for x86...

volkirik · Wed May 10, 2023 12:05 pm

bug-report:
endpoint-independent-nat:
ether1 (wan port) has one static IP address to reach modem's WEBUI that is in bridge mode: 192.168.0.2/24
ether1 (wan port) has one dynamic IP address to reach internet via DHCPv4 client: 178.233.176.XX/20

if i disable static IP, endpoint-independent-nat works.. otherwise it will route WAN connections back to 192.168.0.2 address

volkirik · Wed May 10, 2023 12:21 pm

bug-report:
endpoint-independent-nat:
connections timeout in 10 seconds, instead of 3 minutes (udp stream timeout)

lyubomirtraykov · Wed May 10, 2023 12:36 pm

*) ipsec - refactor public key authentication
I can report that IPSec has integrity check failure with DH Group modp3072 and up in Profile.

Railander · Wed May 10, 2023 12:43 pm

*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);

could someone expand on this?

lyubomirtraykov · Wed May 10, 2023 12:48 pm

*) webfig - removed auto-login with default credentials (admin without a password)
The WebFig does not save my last used username as in previews versions.

Rox169 · Wed May 10, 2023 12:49 pm

viewtopic.php?t=196068

Wed May 10, 2023 12:49 pm

*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
could someone expand on this?

viewtopic.php?t=196068

nichky · Wed May 10, 2023 12:50 pm

how about vpn6?

https://help.mikrotik.com/docs/display/ ... l+Overview

coddy · Wed May 10, 2023 1:00 pm

*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;

Hap-AX3 remote CAPsMAN controlled dynamic VLAN addition to bridge does not work still. I need to manually bridge wifi interfaces to correct vlan, and ensure the upstream ethernet port (trunk port) is marked as not hardware offloaded, to get ithe wifi interfaces to pass traffic.

Wed May 10, 2023 1:43 pm

*) upgrade - do not run manual upgrade if some packages are missing;

Smart to add this. Too many reports lately from people with AX devices forgetting an important part during manual upgrade.

rextended · Wed May 10, 2023 1:46 pm

*) console - changed time format according to ISO standard;

OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

FINALLY!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Ahhhhhhhhhh............. also this...........

*) console - disable output when using "as-value" parameter;

anav · Wed May 10, 2023 2:12 pm

Now rextended has no excuses for missing appointments. :-)

rextended · Wed May 10, 2023 2:29 pm

*) console - hide past commands with sensitive arguments;
Oh...... welldone!!!!

*) ssh - added inline key "passphrase" property;
Another bug fixed...

*) upgrade - do not run manual upgrade if some packages are missing;
Clever...

*) webfig - changed time format according to ISO standard;
WHEN ALSO ON WINBOX?

msilcher · Wed May 10, 2023 2:31 pm

*) mpls - added FastPath support;

Bravo!!!

*) ike2 - improved child SA delete request processing;
*) ipsec - refactor public key authentication;

Can someone elaborate on this? I experienced rekey issues to Cisco devices with PFS enabled, I wonder if this might help...

eworm · Wed May 10, 2023 2:37 pm

*) console - changed time format according to ISO standard;

Oh... 😳 While I welcome this in general... I guess it will break a lot of existing scripts. So watch out...

rextended · Wed May 10, 2023 2:39 pm

@eworm / @all
viewtopic.php?t=196072

Please remove the SHITTY 4-modes from logs:

1) only time is just happened,
2) only day if is the same month
3) only month-day if is the same year
4) full date (year-month-day) only if the log is of another year....

LOG MUST HAVE EVERYTIME FULL DATE...

Wed May 10, 2023 2:42 pm

See (very sensible) comment from msatter in other thread.
viewtopic.php?p=1001179#p1001175

For backwards compatibility, best to leave the old format as it was.
Introduce new variable which can be used moving forward.
Everybody happy.

rextended · Wed May 10, 2023 2:46 pm

see this:
viewtopic.php?t=196061#p1001195

anav · Wed May 10, 2023 2:54 pm

For backward compatibility, this approach with new variable is the only way forward. Old stuff will still work. New stuff can use the new format. Everybody happy.

CONCUR Holvoe!

mSATTER brilliance, after silly hats, clogs, dykes, legalized weed and prostitution the dutch provide.......
@EdPa"Something like: [/system clock get isodate]"

rextended · Wed May 10, 2023 2:57 pm

See (very sensible) comment from msatter in other thread.
[…]
For backwards compatibility, best to leave the old format as it was.
Introduce new variable which can be used moving forward.

mSATTER brilliance, after silly hats, clogs, dykes, legalized weed and prostitution the dutch provide.......
@EdPa "Something like: [/system clock get isodate]"

Sorry, but is better this:

Since the date format is changed also on LOGs, certificates, system scheduler, etc. and WebFig (and on future I hope Winbox)

Better add something like this, that influence all the places where a date can be retrieved [clock / log / certificate, etc.].

/system clock set format=<VALUE>

format can be yyyy-MM-dd or mmm/dd/yyyy, the default is yyyy-MM-dd

leonardogyn · Wed May 10, 2023 2:58 pm

*) webfig - redesigned top menu bar;

.
Great one, really enjoyed the new design! Also enjoyed the removal (not listed on the changelogs) of the actual RouterOS version on the webfig login screen.

inline comments are still a thing, and that's not a good one :( Please consider reverting to the old style or, at least, give us the option to choose which one to use! The inline comments really blew up the usage experience, specially when using large comments, on not-huge screens!

mazel · Wed May 10, 2023 3:10 pm

hAP ax2 - issue with wireless clients (not able to connect to WiFi and receive IP address - viewtopic.php?t=195929, viewtopic.php?t=190902, viewtopic.php?t=191304,...) still persists...

Wed May 10, 2023 3:19 pm

Also when you disable WPA3 ?

marsbeetle · Wed May 10, 2023 3:41 pm

Any chance we will get additional wireless interface modes for WifiWave2 anytime soon e.g. ap-bridge ?

radeksima · Wed May 10, 2023 4:52 pm

What´s this meaning? :)
ovpn - added initial support for V2 data transfer protocol;

volkirik · Wed May 10, 2023 5:00 pm

hello dear mikrotik team

could you please allow to specify firewall address list in routing->rules?

fasttrack doesnt work due to mark-routing rules, but we can use routing->rules page, if you add ability to specify dynamic address list for a routing rule.

this will be nice speed improvement for VPN tunnels

thanks and regards

volkirik · Wed May 10, 2023 5:08 pm

Unfortunately, it is not possible, linux kernel does not support address lists in route rules.
Māris B.

but you can write kernel module or user-space program to sync address list into route rules and remove them when address-list entry times out
example script: viewtopic.php?p=1001255#p1001255
please MikroTik Team! this is very important!

rpingar · Wed May 10, 2023 5:11 pm

qsfp28 modules issue still persists on CCR2216
modules flap failed to inizialize, failed to get the link on, or some times get the link but disconnect randomly (very weird behavior)
[SUP-115401] updated about supout with 7.10beta5
modules that works on qsfp2-1 doesn't work on qsfp1-1 and vice versa.

massinia · Wed May 10, 2023 5:12 pm

hAP ax2 - issue with wireless clients (not able to connect to WiFi and receive IP address - viewtopic.php?t=195929, viewtopic.php?t=190902, viewtopic.php?t=191304,...) still persists...

Wireless for me now seems stable.
hAP ax3 7.10beta5 (CAPsMAN)+hAP ax2 7.10beta5 (cAP)+hAP ax2 7.10beta5 (cAP), approximately 25 wireless clients connected.

ToTheCLI · Wed May 10, 2023 5:15 pm

PPPoE Scan in RB5009 works now in 7.10beta5.

Larsa · Wed May 10, 2023 5:29 pm

Nice that the date format issue is finally being addressed even if the initial implementation creates compatibility issues completely unnecessarily IMO. Seriously Mikrotik, please consider a different implementation.

It can easly be solved using my proposal: viewtopic.php?p=1001227#p1001227

Ullinator · Wed May 10, 2023 6:05 pm

*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
Hap-AX3 remote CAPsMAN controlled dynamic VLAN addition to bridge does not work still. I need to manually bridge wifi interfaces to correct vlan, and ensure the upstream ethernet port (trunk port) is marked as not hardware offloaded, to get ithe wifi interfaces to pass traffic.

For me neither....additionally 7.10Beta5 breaks my AX WLAN completly.
After upgrading my working config from 7.9 stable to 7.10Beta5 the CAPsMAN (CHR without local Wifi interfaces) shows the following error:

5393205921695517717_121.jpg

and all WLAN´s where unavailable.
Interestingly the 4 radios from the two CAPS were connected ....

rextended · Wed May 10, 2023 6:19 pm

Nice that the date format issue is finally being addressed even if the initial implementation creates compatibility issues completely unnecessarily IMO. Seriously Mikrotik, please consider a different implementation.

It can easly be solved using my proposal: viewtopic.php?p=1001227#p1001227

Sorry, my proposal is closer to RouterOS language and is easy manageable instead to add parameters to all points where date can be retrieved.
viewtopic.php?t=196061#p1001195

Amm0 · Wed May 10, 2023 6:40 pm

Speaking of datetimes...

*) console - fixed ":terminal inkey" input when resizing terminal;

/terminal/inkey timeout=time ... is still broken in v7.10beta5

sirbryan · Wed May 10, 2023 6:53 pm

I do like the attempt to clean up/modernize Webfig. I've used Webfig almost exclusively for the past three years because it's 1) universally accessible and 2) I can get to and see all the settings in one place, unlike Winbox, where it takes more effort to see/change information & settings.

Since some of the changes are messing with my muscle-memory and workflow, I'm going to throw out what suggestions I can before things get too cemented into place. (Presuming anybody is listening....)

I love the addition of Safe Mode (would have saved me a trip to a site yesterday)
Centering the details in the middle of the screen is jarring visually when we've got browser windows open wide to see/monitor the huge amounts of data in the tables and we're generally looking at the left side already (in LTR languages). Also, when quickly moving through settings or information pages (setting up new devices, troubleshooting existing installations, or turning up new BGP sessions), that added distance adds extra mouse travel time (i.e. hand fatigue), as opposed to having the DIV left-aligned.
The huge amount of white space (well, gray) below the scrollable DIV in the absence of the OK/Apply/Cancel buttons gives the user the impression that they're at the end of available options. That DIV needs some kind of visual indicators that there's more data/settings hidden behind the invisible block, such as a hairline border around it, or maybe arrows or something.
Grouping on the detail page is nice, but adds extra clicks. Perhaps an "expand all" button would be useful here.
Comments need to go back above the line they're a part of, or that option should be configurable. I have a lot of multi-word/multi-sentence comments. (They've been multi-line in Winbox forever, why shrink it on the details page and make it harder to see everywhere else?)
What is with this trend of removing the software version from the top of the screen? Ubiquiti is doing it too on their radios and I hate having to dig further to determine what release I'm running. I get into dozens of devices per day and am testing a number of software versions across hundreds of devices. That is vital information if I'm either configuring a device, if it needs upgrading, or if I'm troubleshooting known or unknown issues. With Webfig, there's plenty of room where the version used to be. The hostname does not need to take up 75% of the width of my browser window.

Short version of the rant: Please don't hide information that was readily visible before. Or else, make a "pretty" skin and a "utility" skin.

That all said, I'm really excited about everything else in 7.10.

Jotne · Wed May 10, 2023 7:06 pm

*) webfig - changed time format according to ISO standard;
WHEN ALSO ON WINBOX?

And the same for Syslog

RFC 5424 is 14 years old !!!!

Larsa · Wed May 10, 2023 7:40 pm

Sorry, my proposal is closer to RouterOS language and is easy manageable instead to add parameters to all points where date can be retrieved. forum.mikrotik.com/viewtopic.php?t=196061#p1001195

Absolutely not! 😄😘 viewtopic.php?p=1001272#p1001272

anav · Wed May 10, 2023 8:09 pm

Please gato and mouse take your time quibbles to another thread LOL. I think MT gets the picture ...........half baked time solution creates more work then it solves, they need to go back to the drawing board.

mazel · Wed May 10, 2023 8:27 pm

Also when you disable WPA3 ?

Nope, even disabling WPA3-PSK and Disable PMKID did not help - wlan devices unable to connect and obtain IP from DHCP (using vlans). Still the same issue...

mazel · Wed May 10, 2023 8:30 pm

hAP ax2 - issue with wireless clients (not able to connect to WiFi and receive IP address - viewtopic.php?t=195929, viewtopic.php?t=190902, viewtopic.php?t=191304,...) still persists...
Wireless for me now seems stable.
hAP ax3 7.10beta5 (CAPsMAN)+hAP ax2 7.10beta5 (cAP)+hAP ax2 7.10beta5 (cAP), approximately 25 wireless clients connected.

I dunno but it is still the same for me (seems like SW+HW issue to me). If you could check my config at viewtopic.php?t=195929 I would be really glad if you find something problematic there.

npeca75 · Wed May 10, 2023 9:50 pm

well, maybe it is too early for joy, but looks like WireGuard IPv6 spoke&hub finally working on mmips
it was known problem that only last enabled WG peer will route properly IPv6, others will be lost, but now ...wooow

dakobg · Wed May 10, 2023 11:30 pm

For some unknown reason for me I expect to see ros v8.0 after v7.9 .. I was excited since from what I see BFD will be available in ros v8.0 .. now I'm disappointed .. no v8.0 no BFD
note: I hope everyone understand this is a ironic joke :) .. however my disappointment for missing BDF is not :(
note2: however I appreciate the hap ax lite ipsec hw offload , thank you!

leonardogyn · Thu May 11, 2023 12:04 am

...
[*]Comments need to go back above the line they're a part of, or that option should be configurable. I have a lot of multi-word/multi-sentence comments. (They've been multi-line in Winbox forever, why shrink it on the details page and make it harder to see everywhere else?)
....

.
This forced inline comments on the webfig really discourages the use of comments(which is bad!), as expanding the column to see the comments forces you to scroll horizontally. It might be a good one for big monitors people, but for laptop guys, like me, this is a TERRIBLE change.
.
Please revert or, at least, have it configurable!

depe · Thu May 11, 2023 2:39 am

Already sent in a different post.

winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;

Any chance to add queue type to winbox or cli ? or even Scripts in IPV6 ?

Thu May 11, 2023 4:06 am

Can we please get more details of MPLS FastPath in version 7

e.g. is this Forwarding only ? or does it support Push/Pop ?

Kaldek · Thu May 11, 2023 4:51 am

Nope, even disabling WPA3-PSK and Disable PMKID did not help - wlan devices unable to connect and obtain IP from DHCP (using vlans). Still the same issue...

Message me directly and I'll see if I can help you. I have VLANs with 7.9 and 7.10beta5 working.

dragoalato1988 · Thu May 11, 2023 5:38 am

Can we please get more details of MPLS FastPath in version 7

e.g. is this Forwarding only ? or does it support Push/Pop ?

I agree, you could get more information on what's new in the implementation of MPLS FastPath. Thanks

mazel · Thu May 11, 2023 9:28 am

Nope, even disabling WPA3-PSK and Disable PMKID did not help - wlan devices unable to connect and obtain IP from DHCP (using vlans). Still the same issue...
Message me directly and I'll see if I can help you. I have VLANs with 7.9 and 7.10beta5 working.

Unfortunately, I am not able to find a way to send you a PM. So, may we continue in my topic viewtopic.php?t=195929?

EgidijusL · Thu May 11, 2023 9:34 am

Wifi issues same as 7.9. Reported, SUP-115948
hap ax3

Thu May 11, 2023 10:46 am

Yup, upgraded only AX Lite to 7.10b5 and using it as AP for my PC so I can keep an eye on it and I am seeing the infamous PMKSA errors in log.

[mac address]@wifi1 rejected, can't find PMKSA

Also have PingInfoView running on local PC targetting that AX Lite (via wifi), seeing a bit over 4% packet loss.

EDIT: 1hr later, didn't see that error anymore, packet loss dropped to 1.25%.
Startup issues ? Dust needs to settle first ? Who knows ...

parham · Thu May 11, 2023 3:42 pm

anymore info please for *) ovpn - added initial support for V2 data transfer protocol;

ToTheFull · Thu May 11, 2023 6:10 pm

The only thing I can find in my configuration of 7.10b5 is QOS simple queues Upstream isn't working as expected. But even better news, switching over to FQ_Codel is working very well. WiFi in general seems a lot more stable.

johnsonX · Thu May 11, 2023 6:25 pm

CCR2116 upgrades 7.10beta5, the file is lost, and the NVME DISK is unavailable

rextended · Thu May 11, 2023 6:29 pm

CCR2116 upgrades 7.10beta5, the file is lost, and the NVME DISK is unavailable

From what version?

johnsonX · Thu May 11, 2023 7:45 pm

CCR2116 upgrades 7.10beta5, the file is lost, and the NVME DISK is unavailable
From what version?

7.9 stable upgrade 7.10beta5

pants6000 · Thu May 11, 2023 8:36 pm

I like most of the webfig changes (including/especially the inline comments!), but the centered detail screens just strike me as odd, like the pages aren't rending correctly.

maigonis · Thu May 11, 2023 10:49 pm

Yup, upgraded only AX Lite to 7.10b5 and using it as AP for my PC so I can keep an eye on it and I am seeing the infamous PMKSA errors in log.

[mac address]@wifi1 rejected, can't find PMKSA

Also have PingInfoView running on local PC targetting that AX Lite (via wifi), seeing a bit over 4% packet loss.

EDIT: 1hr later, didn't see that error anymore, packet loss dropped to 1.25%.
Startup issues ? Dust needs to settle first ? Who knows ...

What device give that error? I got on my Samsung S22, but S10+ is fine.

Thu May 11, 2023 10:56 pm

Laptop with Intel Wireless AC9560.
Samsung S20 was ok too.

fakeusername2022 · Fri May 12, 2023 12:47 am

Please add reboot command to containers.
Sometime it is required to reboot my container on a regular basis due to some bugs... Could not achieve this by scripting Stop and Start commands of the container...

attila123 · Fri May 12, 2023 9:28 am

*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);

Could you please explain what it means? Will this solve the problem with our CCR2116, which is rebooting every 1-2 days with a watchdog timer error?

buset1974 · Fri May 12, 2023 1:05 pm

*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);

Could you please explain what it means? Will this solve the problem with our CCR2116, which is rebooting every 1-2 days with a watchdog timer error?

Oh my god,
The problem still exist on v7? I
The hardware already diff with ccr1xxx , the software also already on v7, but the problem still hapen.
I dont think they now and seek what the cause it.
Unless someone can clear reproduce the problem, eventhough alot of people reported having the same issues.
Thx

gigabyte091 · Fri May 12, 2023 3:37 pm

Yup, upgraded only AX Lite to 7.10b5 and using it as AP for my PC so I can keep an eye on it and I am seeing the infamous PMKSA errors in log.

[mac address]@wifi1 rejected, can't find PMKSA

Also have PingInfoView running on local PC targetting that AX Lite (via wifi), seeing a bit over 4% packet loss.

EDIT: 1hr later, didn't see that error anymore, packet loss dropped to 1.25%.
Startup issues ? Dust needs to settle first ? Who knows ...

ax2, 7.10rc5 same SSID for 2.4 and 5 GHz, default config, same PMKSA error, phone can't connect to 5GHz WiFi, on 2.4 work just fine. Laptop connects to 5 GHz (Preferred band 5GHz in driver)

ToTheFull · Fri May 12, 2023 4:32 pm

Sadly I've had to downgrade to 7.9 due to problems with QOS.

rextended · Fri May 12, 2023 4:43 pm

Sadly I've had to downgrade to 7.9 due to problems with QOS.

I hope you open a supoort ticket wit supout.rif before downgrade....

massinia · Fri May 12, 2023 4:50 pm

ax2, 7.10rc5 same SSID for 2.4 and 5 GHz, default config, same PMKSA error, phone can't connect to 5GHz WiFi

Just out of curiosity, have you tried disabling WPA3?
I am now using WPA2 only (hAp ax3+hAP ax2) and have no PMKSA error.

gigabyte091 · Fri May 12, 2023 8:35 pm

I tried to enable only WPA2 and now error is gone and i can see in logs that phone connects to 5 GHz no problem. So why is WPA 3 making a problem ?

massinia · Fri May 12, 2023 8:45 pm

I tried to enable only WPA2 and now error is gone and i can see in logs that phone connects to 5 GHz no problem. So why is WPA 3 making a problem ?

I don't know, it only happens with some devices using WPA 3.

gigabyte091 · Fri May 12, 2023 8:55 pm

Yea, but for eg. if I have separated SSID for 2.4 and 5 GHz, then I don't have a problem with connecting.

massinia · Fri May 12, 2023 8:59 pm

OK then try with a single SSID, WPA 3 but with FT enabled.

gigabyte091 · Fri May 12, 2023 9:32 pm

I set my AX200 WiFi card back to "preferred band: None" just to see if now laptop connects to 5 GHz and now it's working like a charm. I will leave my laptop and phone connected to ax2 instead of my U6-Lite.

ivicask · Fri May 12, 2023 9:48 pm

Seeing alot of Handshake timeouts and pkmsa errors also...

npeca75 · Fri May 12, 2023 10:49 pm

looks like beta5 break wireguard IPv6 on ARM
IPv4 works fine

# model = RB3011UiAS
# serial number = 783D085F624D
/interface wireguard peers
add allowed-address=fdff:255::/112,169.254.255.192/26 endpoint-address=xxx.yyy.224.42 endpoint-port=8000 interface="wg: Mgmn (NMS)" persistent-keepalive=15s public-key=\
    "xxxxxxx="

same config works fine with 7.9 but beta5 have a problem with IPv6
it simply does not work

if i try to ping WG HUB i get this error

 ping fdff:255::200
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                                                                                                           
    0                                                              126 (No error information)                                                                                                                       
    0 fdff:255::202                             104  64 588us      address unreachable                                                                                                                              
    1                                                              126 (No error information)                                                                                                                       
    1 fdff:255::202                             104  64 495us      address unreachable

MIPSBE and MMIPS works fine

soonwai · Fri May 12, 2023 11:23 pm

ax3 standalone 7.9 wifi lasted 7 days. viewtopic.php?t=191304#p1001468

Time to test out 7.10beta5.

• Containers ok (have not tested docker pull)
• Wifi ? (it's only been 10 mins.)
• Zerotier ok

maigonis · Fri May 12, 2023 11:43 pm

Disabling WPA3 should eliminate PMKSA error, as it is WPA3 related.

https://documentation.meraki.com/MR/Wi- ... tion_Guide

gigabyte091 · Sat May 13, 2023 6:32 am

WiFi is now stable, no random disconnects, signal is better now, I have full signal upstairs with speed between 573 and 626 Mbps reported by phone. (Concrete floor with metal armature)

I didn't test FT, and it's default configuration but for now it's looking good. Much stable than before, at least for me. I hope that Mikrotik will solve a problem with WPA3

Sat May 13, 2023 10:44 am

Disabling WPA3 should eliminate PMKSA error, as it is WPA3 related.

I am not so sure about that.

2GHz SSID with WPA2 and WPA3 which gives me frequent PMKSA errors (as in: multiple times per day I see it appearing in log).
Another 2GHz SSID using both WPA2 and WPA3, slave of first one, no issues.
5GHz SSID with ONLY WPA3, no problems for days.

pe1chl · Sat May 13, 2023 12:06 pm

Sadly I've had to downgrade to 7.9 due to problems with QOS.

What did you configure w.r.t QoS and what problems do you have? I presume it isn't related to qos-hw.

ToTheFull · Sat May 13, 2023 12:12 pm

Sadly I've had to downgrade to 7.9 due to problems with QOS.
I hope you open a supoort ticket wit supout.rif before downgrade....

I need to do more testing, that would mean starting fresh from 7.10 and setting up again which I didn't have the time for. I do however have my cAP ax working with Zero issues and i'm pretty impressed so far with that but the firewall is not being used on that device, only on my hAP ax with queues enabled on ether1. I think 7.10 for me and my devices with wpa2/wpa3 enabled just works well. I'm hoping it's just a silly configuration in my config which is causing it.

ToTheFull · Sat May 13, 2023 12:19 pm

Sadly I've had to downgrade to 7.9 due to problems with QOS.
What did you configure w.r.t QoS and what problems do you have? I presume it isn't related to qos-hw.

My uploads were aweful, like I said above, i need to test more! but whatever type i used over time it got worse be-it cake/FQ_Codel or simple queues.
now i've downgraded all is well.

Edit
No it's not related to HW QOS

gigabyte091 · Sat May 13, 2023 12:27 pm

Disabling WPA3 should eliminate PMKSA error, as it is WPA3 related.
I am not so sure about that.

2GHz SSID with WPA2 and WPA3 which gives me frequent PMKSA errors (as in: multiple times per day I see it appearing in log).
Another 2GHz SSID using both WPA2 and WPA3, slave of first one, no issues.
5GHz SSID with ONLY WPA3, no problems for days.

Did you try same SSID 2.4 and 5 only with WPA3 ?

soonwai · Sat May 13, 2023 12:33 pm

ax3 7.10beta5
It's only been 12 hours but so far 1 x "can't find PMKSA" on the 2.4Ghz. No "key handshake timeout."
2.4Ghz is wpa & wpa2. 5Ghz is wpa2 & wpa3.

Sat May 13, 2023 12:34 pm

Did you try same SSID 2.4 and 5 only with WPA3 ?

No, I didn't. Don't want it like that at home for now.

gigabyte091 · Sat May 13, 2023 12:42 pm

So I did a little test, same SSID for 2.4 and 5 GHz, WPA3 only, no errors, devices connects to 5 GHz no problem. WPA2 and WPA3 PMKSA error and devices connects to 2.4 only

pe1chl · Sat May 13, 2023 12:46 pm

Disabling WPA3 should eliminate PMKSA error, as it is WPA3 related.
I am not so sure about that.

For sure it is. But it depends on the connected clients. It may well be that your modern clients on 5GHz have no problem, and the old crap or IoT devices (ESP based) have problems.

pe1chl · Sat May 13, 2023 12:49 pm

My uploads were aweful, like I said above, i need to test more! but whatever type i used over time it got worse be-it cake/FQ_Codel or simple queues.
now i've downgraded all is well.

Ok I use only DSCP-based marking of traffic and translation to 802.11p priority tagging which is processed by my DSL modem. No queues required.
This is similar to what qos-hw also does.

gigabyte091 · Sat May 13, 2023 12:56 pm

For sure it is. But it depends on the connected clients. It may well be that your modern clients on 5GHz have no problem, and the old crap or IoT devices (ESP based) have problems.

Interesting, in my case all devices that experienced problems were at most year and a half old, also had problem on Intel AX200.

ToTheFull · Sat May 13, 2023 1:16 pm

My uploads were aweful, like I said above, i need to test more! but whatever type i used over time it got worse be-it cake/FQ_Codel or simple queues.
now i've downgraded all is well.
Ok I use only DSCP-based marking of traffic and translation to 802.11p priority tagging which is processed by my DSL modem. No queues required.
This is similar to what qos-hw also does.

Could VPN traffic cause anything like that to happen with queues, thats the only other thing that might of been running but at the time of testing I didn't see any traffic above a few kb's here and there.

ToTheFull · Sat May 13, 2023 1:19 pm

For sure it is. But it depends on the connected clients. It may well be that your modern clients on 5GHz have no problem, and the old crap or IoT devices (ESP based) have problems.
Interesting, in my case all devices that experienced problems were at most year and a half old, also had problem on Intel AX200.

It's all very frustrating isn't it, we have a load of old tat connnecting here with wpa2/wpa3 enabled with zero PMKSA fualts seen since 7.8

pe1chl · Sat May 13, 2023 1:27 pm

It is actually quite common to see issues like this whenever new WiFi standards are introduced and also when they are implemented by AP manufacturers...
I have seen it all on our Unifi system.
It will take some time before the perfect balance between new features and compatibilty is found.
For now, I would not recommend the use of WPA3. (independent from the use of MikroTik WiFi)

Sat May 13, 2023 1:28 pm

I am not so sure about that.
For sure it is. But it depends on the connected clients. It may well be that your modern clients on 5GHz have no problem, and the old crap or IoT devices (ESP based) have problems.

The old crap IoT devices in my home are on the slave 2GHz network and show ZERO errors.
So I'm still not sure about that.

gigabyte091 · Sat May 13, 2023 1:37 pm

Well, it is... But with 7.10rc5 I can see improvements, it's default config for now only, no VLANs for now and no multiple SSIDs so it's looking good for me right now but i think that i will wait a little bit longer until i return ax2 and 3 as AP in my house.

gigabyte091 · Sat May 13, 2023 1:39 pm

For now, I would not recommend the use of WPA3. (independent from the use of MikroTik WiFi)

I don't have problems with WPA3 on Ubiquiti AP, i have combo WPA2/3 but then, i only have them for like 2-3 months now.

Also, all IoT devices have their own network, 2GHz and no problem with them on Mikrotik or Ubiquiti. Also is true for my security cameras, own network and SSID 2GHz WPA/WPA2

pe1chl · Sat May 13, 2023 4:27 pm

For now, I would not recommend the use of WPA3. (independent from the use of MikroTik WiFi)
I don't have problems with WPA3 on Ubiquiti AP, i have combo WPA2/3 but then, i only have them for like 2-3 months now.

I have tested with WPA2/WPA3 on Ubiquiti and I find that some devices won't connect to that either.
Unfortunately on these APs it is not possible to see which devices connect in WPA2 and which in WPA3, nor which devices cannot connect at all after you change settings.

FezzFest · Sat May 13, 2023 4:41 pm

Unfortunately, I've just had to reboot my hAP ax^2 again because none of my clients could associate anymore ("key handshake timeout"). Seems this issue hasn't been fully resolved yet in 7.10beta5. WPA2 only, so WPA3 compatibility issues are excluded.

soonwai · Sat May 13, 2023 4:56 pm

@FezzFest That's not good. How long did it last?

I upgraded my ax3 to 7.10beta5 17hrs ago. So far so good. The ax3's v7.9 record is 7 days and a few hrs Mine is 2.4Ghz, wpa & wpa2 and 5Ghz, wpa2 & wpa3.

gigabyte091 · Sat May 13, 2023 5:24 pm

I have tested with WPA2/WPA3 on Ubiquiti and I find that some devices won't connect to that either.
Unfortunately on these APs it is not possible to see which devices connect in WPA2 and which in WPA3, nor which devices cannot connect at all after you change settings.

What kind of devices ? On Ubiquiti only device that was giving me a problem was heating gateway... Everything else works just fine.

pe1chl · Sat May 13, 2023 5:52 pm

We have over 700 devices and not all of them connected. As mentioned, impossible to know which ones.

FezzFest · Sat May 13, 2023 8:59 pm

@FezzFest That's not good. How long did it last?

Lasted about 3 days, installed 7.10beta5 right after it was released. Sent MikroTik a supout, let's hope that'll help them solve the issue.

ivicask · Sun May 14, 2023 2:29 am

Unfortunately, I've just had to reboot my hAP ax^2 again because none of my clients could associate anymore ("key handshake timeout"). Seems this issue hasn't been fully resolved yet in 7.10beta5. WPA2 only, so WPA3 compatibility issues are excluded.

Exactly the same issue here both on stable 7.9 and 7.10, wifi works for one day then all clients get handshake timeout and I need to reboot to fix it.
Im loosing all faith in mikrotik wireless at this point..

soonwai · Sun May 14, 2023 1:08 pm

@FezzFest That's not good. How long did it last?
Lasted about 3 days, installed 7.10beta5 right after it was released. Sent MikroTik a supout, let's hope that'll help them solve the issue.

Mine just died.

Update:
14 May 5:00pm. ax3 7.10beta5 wifi died again. Total wifi uptime: 1 days 12hrs.
15 May 12:20pm. ax3 7.10beta5 wifi died again. Total wifi uptime: 7 hrs 20 mins. (Had FT turned on. Maybe shouldn't have done that. Back to off.)

May 14: key handshake timeout: 117 (in a space of 40mins), can't find PMKSA: 0
May 15: key handshake timeout: 64 (in a space of 2hrs), can't find PMKSA: 0

As usual, had to reboot.

massinia · Sun May 14, 2023 1:21 pm

Mine hAP ax3 resists for now, uptime 2d and 20h.
If it happens again before restarting generate the supout.rif file to send to support.

Kaldek · Sun May 14, 2023 1:24 pm

For what it's worth, I seem to have gotten some WiFi stability by disabling all of my access list rules in WiFi. I had noticed that in 7.8, some of my ACLs just did not apply, when those same rules (for a specific MAC address) worked on CAPsMANv1. When I upgraded to 7.9 and had the issue with not being able to connect, I removed all my ACLs. It seemed to resolve the issue.

Units are cAP ax, CAPsMAN controller is RB5009, all running 7.10beta5 currently.

gigabyte091 · Sun May 14, 2023 7:05 pm

My ax2 uptime 2d 3h still going strong, no signs of any kind of error. I updated ax2 at my parents house, no problems for now.

oliver0513 · Sun May 14, 2023 9:11 pm

What´s this meaning? :)
ovpn - added initial support for V2 data transfer protocol;

Hi,

i hope this means full compatibility with openvpn 2.6 personally

coddy · Mon May 15, 2023 12:11 am

7.10beta5 - Remote CAPsMAN managed AX3 - Uptime approximately 4 days 10 hours, "invalid password" prompt across Win11 Laptop, iPhone and Samsung phone - again... Rebooting AX3 resolved problem.

Created SUP-116195 with support.rif file whilst it was in its failed state.

The other AX3 (acting as CAPsMAN server) was still working correctly, and moving devices in range of that AX3 resulted in them reconnecting. Moving the devices back in range of the failed AX3 resulted in the invalid password after multiple attempts of it trying to connect... After this testing I created a support.rif file on the failed AX3, and rebooted it. The reboot cleared the problem (for now....).

Waiting on the other AX3 to fail now, I am guessing that is only a matter of time...

dewitpj · Mon May 15, 2023 1:42 am

Please give us themes for the UI changes - the new one sucks for me

Jotne · Mon May 15, 2023 8:18 am

Starting with V7.9 the following commands stopped returning the right information:

interface/ethernet/print proplist=speed
interface/ethernet/print proplist=full-duplex

Both commands return "empty" values.

Mauricio

Broken in 7.10beta5 as well. Did work fin in 7.6 (Testet on RB951)

DarkNate · Mon May 15, 2023 9:00 am

I hope MikroTik adds proper support for TCP NAT punching as well with the full cone NAT feature now:
viewtopic.php?p=1000604&hilit=full+cone#p998143

EgidijusL · Mon May 15, 2023 11:19 am

Lasted about 3 days, installed 7.10beta5 right after it was released. Sent MikroTik a supout, let's hope that'll help them solve the issue.
Mine just died.

Update: 14 May 5:00pm
ax3 7.10beta5 wifi died again. Total wifi uptime: 1 days 12hrs.
May 14: key handshake timeout: 117 (in a space of 40mins), can't find PMKSA: 0

As usual, had to reboot.

From support get alpha version, 3d 22hours no problems

mh04 · Mon May 15, 2023 11:40 am

Since version 7.9 there is an error when you fetch the routing table via SNMP (1.3.6.1.2.1.4.24.4.1.4):

snmpwalk -v1 -c public 192.168.88.1 1.3.6.1.2.1.4.24.4.1
iso.3.6.1.2.1.4.24.4.1.1.0.0.0.0.0.0.0.0.0.10.44.10.69 = IpAddress: 0.0.0.0
iso.3.6.1.2.1.4.24.4.1.1.0.0.0.0.0.0.0.0.0.0.0.0.0 = IpAddress: 0.0.0.0
Error: OID not increasing: iso.3.6.1.2.1.4.24.4.1.1.0.0.0.0.0.0.0.0.0.10.44.10.69
 >= iso.3.6.1.2.1.4.24.4.1.1.0.0.0.0.0.0.0.0.0.0.0.0.0

The error did not exist in previous versions.

soonwai · Mon May 15, 2023 1:48 pm

From support get alpha version, 3d 22hours no problems

15 May 12:20pm. ax3 7.10beta5 wifi died again. Total wifi uptime: 7 hrs 20 mins.
Hung again. (Had FT turned on. Maybe shouldn't have done that. Back to off.)

Been meaning to send support an email and supout but keep forgetting to generate it. Gonna do that the next time it dies.

I was really happy when 7.9 went on for 6 days. Then it died on the 7th day. :-(

connectlife · Mon May 15, 2023 3:22 pm

MLAG on 4 CRS326-24S+2Q+ starting from version 7.7 up to 7.10 beta 5 is broken..

On 7.6 everything works fine. The problem seems to start from 7.7, version which makes several changes to the bridges

SUP-116274
SUP-115519
SUP-116233

leonardogyn · Mon May 15, 2023 3:22 pm

[ ..... ]
.
[*]Centering the details in the middle of the screen is jarring visually when we've got browser windows open wide to see/monitor the huge amounts of data in the tables and we're generally looking at the left side already (in LTR languages). Also, when quickly moving through settings or information pages (setting up new devices, troubleshooting existing installations, or turning up new BGP sessions), that added distance adds extra mouse travel time (i.e. hand fatigue), as opposed to having the DIV left-aligned.
[*]The huge amount of white space (well, gray) below the scrollable DIV in the absence of the OK/Apply/Cancel buttons gives the user the impression that they're at the end of available options. That DIV needs some kind of visual indicators that there's more data/settings hidden behind the invisible block, such as a hairline border around it, or maybe arrows or something.
[ .... ]

.
Kind of adding to these, in some places "centering" everything is plain dumb. When editing big scripts, for example, the amount of actual "script space" on 7.10 is greatly reduced while compared to 7.9 and older. Screenshots are editing the same script, on the same monitor/resolution, only changing from 7.9 to 7.10b5. The difference is HUGE, being 7.10 absolutely worst.

ROSv7.9

ROS7.9.png

.
ROSv7.10b5

ROS7.10b5.png

rextended · Mon May 15, 2023 3:31 pm

Kind of adding to these, in some places "centering" everything is plain dumb.

Is it the same programmer / "artist" / "GUI expert" who on Windows 11 weighed well to center the taskbar and remove "ungroup" icons?
A damn good choice that prevents me from migrating to Windows 11 for this crap that interferes with productivity...

Also forcing inline comments...

Truly GUI experts both...

infabo · Mon May 15, 2023 4:03 pm

I am still wondering why the comment is now a column? And I actually wonder and question the decision-process behind this change. This is either some input from some "UX expert" ("streamline the interface and remove that disruptive comment line" )or simply a bad design decision by some newcomer. People may write long comments, that's why this was a really dumb change.

infabo · Mon May 15, 2023 4:06 pm

*) webfig - redesigned item configuration display;

And when centering all the form fields is the result of this change, then: holy batman. please get external expertise in web design or hire someone who knows how to do it.

pe1chl · Mon May 15, 2023 5:06 pm

I am still wondering why the comment is now a column? And I actually wonder and question the decision-process behind this change.

I think it is great! It has always been possible in winbox, and the setting "inline comments" is always the first thing I do when using winbox on a new device.
Probably it would have been better to put comment in the rightmost column just as it is in winbox, instead of in the second column.
What I would like to see is the capability to add/remove/re-order columns in webfig like it is in winbox. (and saved for later visits)

leonardogyn · Mon May 15, 2023 5:10 pm

I think it is great! It has always been possible in winbox, and the setting "inline comments" is always the first thing I do when using winbox on a new device......

.
In winbox it was always possible to CHOOSE which one you'd like to use: inline comments or "newline" ones. Having the option to choose which one to use is the key here. It was simply changed to FORCED inline comments on webfig, interface in which you cannot reorder columns.

Would be awesome to have inline comments as an OPTION on webfig.

infabo · Mon May 15, 2023 6:15 pm

I think such an toggle-option (inline comments yes/no) could be part of the webfig skin-editor.

"inline comments" is always the first thing I do when using winbox on a new device

Are you having an ultra wide display? I did not even know about that option, as I hardly use Winbox. But when I use Winbox every now an then, I use it with at least 6 windows arranged inside the main window. And "inline comments" adds a dramatically huge horizontal scrollbar (when I set the fitting width for comments column, so I can read even long comments). But YMMV. And being able to choose, makes this not worth to start a "inline vs separate line"-war. User's personal choice.

DSprecic · Mon May 15, 2023 10:34 pm

For now, I would not recommend the use of WPA3. (independent from the use of MikroTik WiFi)

For now, I would recommend trying Aruba 5xx APs with WPA3, probably Ruckus no different, same with Ciscrap.

WPA3 is a change in security, not in rf waves, if your client has it implemented as expected and your AP too it just works. Got a few Aruba APs running and if there's something that has been working no matter what it's WPA3.

Unless you have a crap Android phone that doesn't even get those patches anymore.

Or if the implementation of WPA3 sucks on your AP. It's the same story as wether your wifi has a proper WPA2-KRACK counter implementation or not, done properly no issues, done wrong and you will see issues.

pe1chl · Tue May 16, 2023 10:41 am

WPA3 is a change in security, not in rf waves, if your client has it implemented as expected and your AP too it just works. Got a few Aruba APs running and if there's something that has been working no matter what it's WPA3.

Unless you have a crap Android phone that doesn't even get those patches anymore.

That is what I mean. It does not work on all clients, and when your clients are not under your own control (e.g. it is your home wifi) it is difficult to make sure
that it will work. Of course you can use WPA2/WPA3 transition mode, but even that does not guarantee it will always work.

It is like enabling 802.11k/r/v. On most devices it is OK, but some devices will either fail to connect or they will connect once and then fail to roam.
Not a problem when it is your home wifi and you can determine which devices have problems (e.g. your doorbell), not so good when it is an office with company
and visitor devices and you never know who wants to use it.

gigabyte091 · Tue May 16, 2023 5:03 pm

Regarding roaming in ROS, i found this at Mikrotik help:

Screenshot_2023-05-16-15-59-39-163_com.android.chrome-edit.jpg

So if I have for eg. ax3 and ax2, for devices to be able to roam i have to have capsman enabled ?

leonardogyn · Tue May 16, 2023 5:11 pm

..... Of course you can use WPA2/WPA3 transition mode, but even that does not guarantee it will always work.

.
Some days ago I had my first real problem with a device not being able to connect to a WPA2/WPA3 transition mode enabled SSID. I have already setup that way in several locations, but never had a problem or, at least, nobody ever complained about it. And funny enough, it was an Apple device, a Gen1 Apple TV. It simply refused to even ask the password for the network, giving a -100 error. I really had to "downgrade" the network to WPA2 mode only, and it worked immediately.

From all sort of devices, I would really not expect an Apple device to give me headaches on that matter, while all other chinese cheap crap can use the network with no problems :)

massinia · Tue May 16, 2023 5:20 pm

So if I have for eg. ax3 and ax2, for devices to be able to roam i have to have capsman enabled ?

Yes, and there are many useful discussions about this.

gigabyte091 · Tue May 16, 2023 5:36 pm

For eg ? Have any links ? I will pretty soon return home wifi from Ubiquiti to Mikrotik again and want to test it further with configuration that will be in use.

massinia · Tue May 16, 2023 5:46 pm

For eg ? Have any links ? I will pretty soon return home wifi from Ubiquiti to Mikrotik again and want to test it further with configuration that will be in use.

We are very OT here…
The first ones i found:
viewtopic.php?t=194331
viewtopic.php?t=194778

gigabyte091 · Tue May 16, 2023 6:12 pm

Thanks, no more OT. Right now I migrated my IoT devices to Mikrotik and it's stable for now, tomorrow i will migrate security cameras.

naxus · Tue May 16, 2023 11:03 pm

And after few days again (getting this when not using/using capsmanv2)
so WPA3 is bit unusable...
Getting in on 2 hapax2 and audience as well
Created SUP-116463 with supout
Xx:xx...@wifi2 rejected, can't find PMKSA

mantouboji · Wed May 17, 2023 2:33 pm

maybe IPv6 is broken.

I use dynv6 to register a dynamic domain name with only IPv6 address . and then try to get a LetsEncrypt centification using:
`/certificate/enable-ssl-certificate dns-name=MYNAME.dynv6.net `

and then get a "resolv error"

switch back to 7.9, it's OK .

hAP AX3

attila123 · Wed May 17, 2023 4:27 pm

Our CCR2116 has rebooted with watchdog timer error after 4 days of uptime. SUP-116550 was created.

arnaudf92 · Wed May 17, 2023 6:01 pm

Dear Mikrotik,

I see some movement about QoS, pcp and dscp.

Therefore regarding this pcp and dscp thing, could it be possible to fix the long-lasting bug that I could summarize by :
==> "priority set from ROS firewall or bridge rules is not translated into vlan pcp header"

Ie. SUP-80065

Regards.

pe1chl · Wed May 17, 2023 7:35 pm

That must be a bug that involves more than setting a priority, as I use that to set 802.1p priority and it mostly works for me.
I know about one peculiar bug: a GRE tunnel with "DSCP inherit" and IPsec transport, over PPPoE on a VLAN with 802.1p priority, will not work on the 4011 while the same config works on the 2011. SUP-64360.

arnaudf92 · Thu May 18, 2023 12:20 am

That must be a bug that involves more than setting a priority, as I use that to set 802.1p priority and it mostly works for me.
I know about one peculiar bug: a GRE tunnel with "DSCP inherit" and IPsec transport, over PPPoE on a VLAN with 802.1p priority, will not work on the 4011 while the same config works on the 2011. SUP-64360.

Which MT device do you use ? (for me it's a CRS326-24G-2S+).
Currently, the only approach that works to set 802.1p is to use switch rules, and thus only works for traffic that ingress ports (not for traffic passing through router processes).

nichky · Thu May 18, 2023 7:54 am

What´s this meaning? :)
ovpn - added initial support for V2 data transfer protocol;

Hi,

i hope this means full compatibility with openvpn 2.6 personally

not enough, need more info

volkirik · Thu May 18, 2023 11:19 am

is it the time for 7.10 next beta release? or rc1?

Rox169 · Thu May 18, 2023 12:21 pm

You can see many problems and you are asking RC version after first beta? :)

Thu May 18, 2023 1:42 pm

Better they stick a bit longer to beta now before moving to rc ... my 0.02€

naxus · Thu May 18, 2023 1:57 pm

I don't really understand such questions... It will come when ready, sometimes it's fast, sometimes takes longer to properly test...

Jotne · Thu May 18, 2023 2:27 pm

naxus answer it the correct one.

If looking at the past, you can see here how many betas has been released to the public (posted here on the forum) before RC was released:
ver #beta
7.9 1
7.8 2
7.7 5
7.6 5
7.5 4
7.4 3
7.3 4
7.2 0 (no beta found)
7.1 5
7.0 3

Thu May 18, 2023 3:14 pm

naxus answer it the correct one.

If looking at the past, you can see here how many betas has been released to the public (posted here on the forum) before RC was released:
ver #beta
7.9 1
7.8 2
7.7 5
7.6 5
7.5 4
7.4 3
7.3 4
7.2 0 (no beta found)
7.1 5
7.0 3

To be precise, the above are numbers of public betas. As you may notice, the first public 7.10beta is beta5, meaning there were four private betas before that didn't pass QA to become a public release. We are not aiming at any number - it depends on how many betas pass QA but are not stable enough yet to become release candidates.

leonardogyn · Thu May 18, 2023 6:42 pm

is it the time for 7.10 next beta release? or rc1?

.
Absolutely NOT! Let the dev team take the time they need to get it to the closest to stable conditions. There's absolutely no need to rush anything :)

volkirik · Fri May 19, 2023 8:24 am

is it the time for 7.10 next beta release? or rc1?
.
Absolutely NOT! Let the dev team take the time they need to get it to the closest to stable conditions. There's absolutely no need to rush anything :)

alpha, beta, and rc releases do not have to be stable.. actually they could release alpha's in dev channel (if they dont brick the hardware)

even MS windows has insider program for that purpose..

ToTheFull · Fri May 19, 2023 12:11 pm

It looks like I started getting these 4 days in on both radios on cAP ax. About 1 per day across both radios and different devices.
Any thoughts please.

05-11 06:31:45 system,info router rebooted
05-15 10:25:43 wireless,info F4:XX:XX:XX:XX@wifi2 disconnected, association SA Query timed out, signal strength -42
05-16 05:07:41 wireless,info 62:XX:XX:XX:XX@wifi1 disconnected, association SA Query timed out, signal strength -62
05-17 06:49:07 wireless,info 3A:XX:XX:XX:XX@wifi1 disconnected, association SA Query timed out, signal strength -69
05-18 07:35:17 wireless,info 1C:XX:XX:XX:XX@wifi2 disconnected, association SA Query timed out, signal strength -87

uptime: 1w1d2h35m30s
version: 7.10beta5 (development)
build-time: May/09/2023 10:38:53
factory-software: 7.7
free-memory: 612.8MiB
total-memory: 928.0MiB
cpu: ARM64
cpu-count: 4
cpu-frequency: 864MHz
cpu-load: 3%
free-hdd-space: 95.2MiB
total-hdd-space: 128.5MiB
write-sect-since-reboot: 460
write-sect-total: 71592
bad-blocks: 0%
architecture-name: arm64
board-name: cAP ax
platform: MikroTik

Rox169 · Sat May 20, 2023 9:40 am

Hi,

I have the same problem as SUP-116195. All devices are disconnected and mobile cannot join WiFi it says wrong password after reboot all ok. I did downgrade to 7.9 stable and I had the same situation happened.
I turn off wpa3 but I'm not sure if this will help.

Do you have any advice how to eliminate this problem?

My WiFi needs WiFi working for her home office...

nonolk · Sat May 20, 2023 10:19 am

@Rox169, downgrade to 7.8, it’s rock solid for more than 20 days on my side (3 ax2 and 1 ax lite, with capsman).

Sat May 20, 2023 10:27 am

My WiFi needs WiFi working for her home office...

First WiFi = wifey ? 🤣

bsiege · Sat May 20, 2023 5:05 pm

Could it be that time format changes include export config? This started with 7.10beta
In oxidized i get a "config change" on every run, because time changes in output:

--- a/rbhapax01.
+++ b/rbhapax01.
@@ -108,7 +108,7 @@
 # U device changed                            admin  write 
 # U wifiwave2 configuration settings changed  admin  write 
 # 
-# 2023-05-17 18:12:49 by RouterOS 7.10beta5
+# 2023-05-17 19:12:50 by RouterOS 7.10beta5
 # software id = B4G6-6IJM
 #
 # model = C52iG-5HaxD2HaxD

of course i can omit this in rancid/oxidized config, but it is a unneeded change of behavior anyway....

rextended · Sat May 20, 2023 9:25 pm

I don't understand your problem, since the line where there is the date and time always has the current date and time, so it is always different, and it has ALWAYS been like this.The time chante on each export,

bsiege · Sat May 20, 2023 10:44 pm

I don't understand your problem, since the line where there is the date and time always has the current date and time, so it is always different, and it has ALWAYS been like this.The time chante on each export,

Ok, doing config backups since 1901 days 12 hours with oxidized. This was RouterOS 6.41.2. And since 7.10beta5 detection of config changes is broken in oxidized. It was definitive NOT ALWAYS like this.

leonardogyn · Sat May 20, 2023 10:49 pm

I don't understand your problem, since the line where there is the date and time always has the current date and time, so it is always different, and it has ALWAYS been like this.The time chante on each export,
Ok, doing config backups since 1901 days 12 hours with oxidized. This was RouterOS 6.41.2. And since 7.10beta5 detection of config changes is broken in oxidized. It was definitive NOT ALWAYS like this.

.
I'm with @rextended ... /export *ALWAYS* had the current timestamp, so diffing two different exports, done at different times, would always show that difference, despite no other config changes. This always happened and it's really not new on 7.10beta or even RoSv7 at all. Data format indeed changed on 7.10, but the timestamp itself was always there and always different if generated at different times.

This from latest RoSv6 for example:

[admin@ShoppingGallo] > /export terse
# may/20/2023 16:47:07 by RouterOS 6.49.7
# software id = 7DZ4-DVS2
#
# model = RouterBOARD 3011UiAS
# serial number = .......

.
and this from RoSv7.9
.

[admin@CASAGCELdaOAB] > /export
# may/20/2023 16:50:13 by RouterOS 7.9
# software id = 3A7Y-M73T
#
# model = RB750Gr3

mkx · Sat May 20, 2023 10:58 pm

Perhaps oxidized recognizes the date part of export and filters it out ... but fails to do so with new datetime format?

rextended · Sat May 20, 2023 11:24 pm

[…] since 7.10beta5 detection of config changes is broken in oxidized […]

Is oxidized the problem, not RouterOS...
Instead of skipping the first line comparison, what does the program do?
I have been using "diff" for years and making it skip the first line, however it goes it always works even if the router version or the date and time change...

It was definitive NOT ALWAYS like this.

It's an oxidized problem, so ask on oxidized forum for it to be updated.

leonardogyn · Sun May 21, 2023 7:28 pm

It's an oxidized problem, so ask on oxidized forum for it to be updated.

.
I was looking at RouterOS procedures on the oxidizer sources ( https://github.com/ytti/oxidized/blob/m ... outeros.rb ) and to my best regexp knowledge, I couldn't find anywhere it would remove the first (timestamped) line on the /export ... maybe it's done in another place. But I fully agree with you, that's an oxidized problem, not RouterOS one.
.
EDIT: actually it seems line 48 would be the one that rejects the timestamped line ... that seems the one that needs to be adjusted to match the new timestamp (and the old as well, to keep compatibility with versions <7.10)

rextended · Sun May 21, 2023 7:38 pm

I do not want investigate this syntax, is uselessly precise at the start, for accept later all, for nonsense.
cfg = cfg.split("\n").reject { |line| line[/^#\s\w{3}\/\d{2}\/\d{4}.*$/] }
but why not simply
cfg = cfg.split("\n").reject { |line| line[/^#.* by RouterOS .*$/] }
or uselessly precise (like the original),
cfg = cfg.split("\n").reject { |line| line[/^#\s(\w{3}\/\d{2}\/\d{4}|d{4}-d{2}-d{2}).*$/] }
???????

bsiege · Sun May 21, 2023 8:36 pm

It's an oxidized problem, so ask on oxidized forum for it to be updated.

Oh, did I? My intention was to confirm that datum changes affects oxidized too. And so it's written....
Why is the kitty so pitbully?

massinia · Sun May 21, 2023 11:39 pm

Hi,

I have the same problem as SUP-116195. All devices are disconnected and mobile cannot join WiFi it says wrong password after reboot all ok. I did downgrade to 7.9 stable and I had the same situation happened.
I turn off wpa3 but I'm not sure if this will help.

Do you have any advice how to eliminate this problem?

My WiFi needs WiFi working for her home office...

It just happened to me too, I only use wpa2.
Supout.rif generated before reboot and sent (SUP-116928), I hope it helps the support.

Rox169 · Mon May 22, 2023 10:02 am

Hi Massinia,
do you know if it was only on one radio? 2,4 or 5,4? I tried to split one ssid to two and I hope when one will be blocked laptop will join the next one.

rpingar · Mon May 22, 2023 10:05 am

BFD has been marked as "initial support" in 7.10 here:
https://help.mikrotik.com/docs/display/ ... l+Overview

it is coming soon!!!!!!!

Phaere · Mon May 22, 2023 11:50 am

BFD has been marked as "initial support" in 7.10 here:
https://help.mikrotik.com/docs/display/ ... l+Overview

it is coming soon!!!!!!!

I didn't drink alcohol for about 3 years but now it's time i think :D

Rox169 · Mon May 22, 2023 11:52 am

I would prefered to have stable wifi than BFD :)

rextended · Mon May 22, 2023 12:17 pm

Why is the kitty so pitbully?

I must have expressed myself badly, but in addition to complaining about how the code was written wrong, I also provided the solution.

Larsa · Mon May 22, 2023 12:23 pm

Perhaps oxidized recognizes the date part of export and filters it out ... but fails to do so with new datetime format?

Yeah, that was just one example of the consequences with the new date format that totally unnecessary breaks script compatibility. I really hope MT rethinks and fixes this asap.

Pure stupidity IMO!

rextended · Mon May 22, 2023 12:28 pm

Sorry, but unfortunately it is the oxidized code that is done with the feet, in this case...
viewtopic.php?p=1003427#p1003306
If it was written right from the start, there was no problem.
Then the fact that it excludes other lines that I consider important from the comparison is another story...

leonardogyn · Mon May 22, 2023 4:24 pm

Yeah, that was just one example of the consequences with the new date format that totally unnecessary breaks script compatibility. I really hope MT rethinks and fixes this asap.

.
By Mikrotik staff comments, I would say it's here to stay, and scripts will have to be adjusted. At least for me, adjusts were simple to make, 2 minutes and everything was done.

rextended · Mon May 22, 2023 4:27 pm

Is possible to write scripts that work on both regardless the date format:
viewtopic.php?t=196072#p1001344

Larsa · Mon May 22, 2023 5:01 pm

By Mikrotik staff comments, I would say it's here to stay, and scripts will have to be adjusted. At least for me, adjusts were simple to make, 2 minutes and everything was done.

Well, we'll see what they decide.

I want to emphasize that we welcome the new date format. HOWEVER, implementing it in a way that breaks compatibility, and in addition absolutely unnecessarily, is just plain stupidity.

And of course, you can "fix" the problem with various modifications, but the level of effort required varies depending on its occurrence. People who don't understand the implications of this issue shouldn't comment on the matter IMO.

leonardogyn · Mon May 22, 2023 5:59 pm

And of course, you can "fix" the problem with various modifications, but the level of effort required varies depending on its occurrence. People who don't understand the implications of this issue shouldn't comment on the matter IMO.

.
Well, I believe that you're having me among those "who don't understand the implications" ... and i'd say you're really wrong on that one. Accepting it will happen doesn't means I don't understand it. But that decision is not on me. I would have made it on different ways, but that's really not on me.
.
And that all being said, seems kind of censorship expecting that only those who agree with you can comment on something, doesn't it ??? Everybody is free to comment, no matter their opinions.

Larsa · Mon May 22, 2023 8:56 pm

You are, of course, entitled to say whatever you want!

And I still stand by the belief that individuals with a "fixer-upper" attitude (i.e., hacker hero) who lack insight into the implications of large-scale operations should refrain from commenting on that particular matter (in my opinion!)

Please feel free to continue this debate in the thread: "WARNING: RouterOS v7.10+ will break all scripts based on [/system clock get date] or other date(s)"

rextended · Tue May 23, 2023 2:19 am

@larsa
so you shouldn't comment?

**********************

Tell us from your wisdom what these blessed "implications of large-scale operations" are, that only you seem to know about them.
That by chance these operations are installing a beta in production? Or the inability to distribute "commands" beyond the update?
Tell me, from your highest and deepest vision, what these problems are, instead of continuing to insinuate that others don't have the insight.
Maybe the others are better than the mediocre employees of these large companies?

**********************

Yeah, a stupid and insignificant little person who can act in an instant,
instead of the giants who don't know what mediocre and banal employees they hire,
those big companies, they are much more organized and efficient, who are put into crisis MONTHS/YEARS before something beta and unstable go into production...

Yeah, luckily there are big companies that have smarter and better people who go into crisis for so little.

daaf · Tue May 23, 2023 7:26 am

RouterOS version 7.10beta has been released on the "v7 testing" channel!

Tue May 23, 2023 8:26 am

@daaf
Chalenge accepted but no clue what you report?

Tue May 23, 2023 8:37 am

Same sentiments when I saw it ...

I guess the error line about "no such item" ?

@daaf:
you need to be A LOT more detailed about what your specific issue is.
You're running a customized default script or the default ?
What are you expecting which is not there now ?

massinia · Tue May 23, 2023 10:17 am

hAP ax3 + hAP ax2 + cAP ax
After only two days the problem with the wifi returns.
No one can log in : wrong password error.

Now I have added a scheduled reboot every 24 hours but, please mikrotik, this bug is really urgent to fix...

Jotne · Tue May 23, 2023 10:18 am

this bug is really urgent to fix...

Why is it urgent to fix? This is a beta, just for testing and not for production.

massinia · Tue May 23, 2023 10:20 am

this bug is really urgent to fix...
Why is it urgent to fix? This is a beta, just for testing and not for production.

It is urgent because the same problem exists also with the stable 7.9.1, there are many discussions about it.

Tue May 23, 2023 10:57 am

It seemed before there was some combination using WPA3 which triggered this.
I reverted back to 7.8 for quite a while on my AX devices to circumvent this, using only WPA2 just to be sure (no wifi for wifey can be ... "a challenge" at home 🤣).
Now running for 5 days already on AX2 and AX3 using 7.10b5 using both WPA2/WPA3, so far no lockouts seen (which I did have a couple of times on 7.9, so I assume also in 7.9.1).
Which indicates there is something else which triggers it ?

@massinia: send supout to support whenever you see it happening. It's the only way to make them aware and provide them enough info to investigate.

Chicken and egg problem. You need to have the problem to have it investigated but I understand you also want working devices.
Likely not an easy one to catch.

Rox169 · Tue May 23, 2023 11:36 am

Holvoen,
I gave her instruction how to reset the router in case it freeze again :) Be carefull at version 7.10b5 it happen to me here as well and I had the same combination of WPA2/WPA3 allowed.

Tue May 23, 2023 1:40 pm

What's new in 7.10beta8 (2023-May-22 18:52):

!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD (CLI only);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8 );
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - fixed "print without-paging" output in some cases;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sniffer - fixed large .pcap file limit;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;

FezzFest · Tue May 23, 2023 2:00 pm

BFD! And BGP prefix counters! And BGP SNMP support! It's Christmas in May!

wispmikrotik · Tue May 23, 2023 2:07 pm

Thank you very much mikrotik!

Rox169 · Tue May 23, 2023 2:17 pm

Hi,
MT please is in this new beta fixed SUP-116195? . All devices are disconnected and clients say wrong password after reboot all ok.

tpedko · Tue May 23, 2023 2:57 pm

BFD!!!! you heard us, yeah. it works!

Njumaen · Tue May 23, 2023 4:10 pm

*) wireguard - retry "endpoint-address" DNS query on failed resolve;

Great idea! ;-) Thanks!

ivicask · Tue May 23, 2023 4:19 pm

@EdPa can you give more details about "wireguard - retry "endpoint-address" DNS query on failed resolve;"
How many times will it retry? Does this solve our problems with dynamic ips on peers where we need to re-toggle tunnel to fix it after IP change?

gabacho4 · Tue May 23, 2023 4:38 pm

I was expecting nothing more than the fix for the CVE. Holy crap! And finally all the BFD and BGP complaints will stop!!!!!

Amm0 · Tue May 23, 2023 5:48 pm

!) route - added BFD (CLI only);

F1/help is missing descriptions for the BFD attributes in CLI

Raf44 · Tue May 23, 2023 5:55 pm

beta 10 : BGP VPN4 have same problems as before 7.9 ; type "copy" routes, and no BGP attributes

elmomac · Tue May 23, 2023 5:57 pm

SUP-114337 updated as even with the latest fixes in 7.10beta8, all routing ceases to work on my CCR2216 after a few minutes when the L3HW table fills up

[admin@ccr2216] > /interface/ethernet/switch/l3hw-settings/monitor
ipv4-routes-total: 146268
ipv4-routes-hw: 146233
ipv4-routes-cpu: 34
ipv4-shortest-hw-prefix: 0
ipv4-hosts: 137
ipv6-routes-total: 176865
ipv6-routes-hw: 645
ipv6-routes-cpu: 176219
ipv6-shortest-hw-prefix: 48
ipv6-hosts: 133
route-queue-size: 0
fasttrack-ipv4-conns: 0
fasttrack-hw-min-speed: 0
nexthop-cap: 8192
nexthop-usage: 339

https://help.mikrotik.com/docs/display/ ... ng-CCR2000 was last updated for ROS 7.1 - are these numbers still correct? As i am seeing more routes in the above table, although lots of instability!

Tue May 23, 2023 6:36 pm

beta 10 : BGP VPN4 have same problems as before 7.9 ; type "copy" routes, and no BGP attributes

Maybe you didn't actually upgrade, since since beta10 do not have "copy" routes anymore and BGP attributes are there for bgp vpn routes.

pe1chl · Tue May 23, 2023 7:36 pm

*) bgp - show approximate received prefix count by the session;

As expected (feared), the count is before route filtering, whereas in v6 it was after route filtering.
But still better than nothing!

rpingar · Tue May 23, 2023 7:41 pm

*) bgp - show approximate received prefix count by the session;
As expected (feared), the count is before route filtering, whereas in v6 it was after route filtering.
But still better than nothing!

I like to have them before the filtering!!!!

MT why don't you develop both values (before and after route filtering)???? It could be very nice.
regards

leonardogyn · Tue May 23, 2023 8:17 pm

PLEASE Mikrotik staff that reads this thread ... reconsider the inline comments on the webfig and also the 'centering of everything', as it wastes A LOT of space on the new layout (please see my previous comment showing editing scripts at viewtopic.php?t=196061#p1002223 ).

While making things prettier is great, making everything worse to use is not. Some of these changes really adds too little while taking A LOT on the usability.

Please reconsider them, PLEASE :)

pe1chl · Tue May 23, 2023 8:40 pm

It looks like the BFD actually works fine! Hooray!
Next wish-list item: make the "BGP Sessions" tab in winbox auto-refreshing like the "BGP Peers" tab in version 6.
Right now the information displayed w.r.t. active sessions, prefixes, rx/tx messages and uptime is stale unless you press F5 all the time.
The "uptime" field is misleading as it is always counting up from the moment the tab has been opened, even when the session is not up at all...

Tue May 23, 2023 9:10 pm

One wish granted per year, ok ?

loloski · Tue May 23, 2023 9:14 pm

Finally, we can pickup where we left off in IX deployment and hope we can use our few dozen of MT gear as supplemental to the existing infrastructure, if only this is available last year we are not in the current predicament right now that we are mixing platform in DC.

@MT please next in your roadmap should be as follows :)
QinQ, VXLAN and MACSEC offload in hardware, Openflow,VPDN and 802.1ah-2008 if this happen MT will be a household name in DC :p