Community discussions

MikroTik App
 
EdPa
MikroTik Support
MikroTik Support
Topic Author
Posts: 328
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

v7.10rc is released!

Fri May 26, 2023 1:09 pm

RouterOS version 7.10rc has been released on the "v7 testing" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.10rc6 (2023-Jun-13 10:52):

!) route - added BFD;
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);

What's new in 7.10rc5 (2023-Jun-08 14:48):

*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);

What's new in 7.10rc4 (2023-Jun-06 11:34):

*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);

What's new in 7.10rc3 (2023-Jun-02 09:43):

!) route - added BFD;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) winbox - added "MPLS/Settings" menu;

What's new in 7.10rc1 (2023-May-25 16:01):

!) route - added BFD (CLI only);
*) console - improved stability when using command completion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved performance of partial offloading;
*) mpls - added FastPath support;
*) system - reduced RAM usage for SMIPS devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;

Other changes since v7.9:

!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8 );
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8 );
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8 );
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while a router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12438
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.10rc is released!

Fri May 26, 2023 1:28 pm

Welldone...
*) console - improved stability when using command completion;
*) mpls - added FastPath support;
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Fri May 26, 2023 2:03 pm

Hi,
it seems that there is no fix for the problem with WiFi and wrong password. I hope MT will not release stable version with this BUG. It is already implementet in ROS "STABLE" 7.9.1
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26815
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.10rc is released!

Fri May 26, 2023 2:05 pm

What bug do you mean? 7.10rc has all the same fixes as 7.9 and more
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Fri May 26, 2023 2:09 pm

Hello,

it has been mentioned many times here.

I had another error login with WiFi on this "STABLE" 9.1. Ït has been reported as SUP-116195. Mobile can not join WiFi mobile say the password is not correct and after reboot all is OK and mobile can join the WiFi without any chage. Im using only WPA/WPA2.

Wifi issues on the 7.10beta8 same as on 7.9. Reported, SUP-115948
hap ax3
 
massinia
Member Candidate
Member Candidate
Posts: 179
Joined: Thu Jun 09, 2022 7:20 pm

Re: v7.10rc is released!

Fri May 26, 2023 2:21 pm

Hi,
it seems that there is no fix for the problem with WiFi and wrong password.
But did you test it before writing?
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Fri May 26, 2023 2:23 pm

It happened me already on 7.9.1 and on 7.10beta8. one device was AX2 and another AX3.I do not see any fix in this RC so it must be there.
Last edited by Rox169 on Fri May 26, 2023 2:24 pm, edited 1 time in total.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26815
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.10rc is released!

Fri May 26, 2023 2:23 pm

In ticket SUP-115948 you report you have no more problems.
So by that logic, 7.10 also has no problems. Because they contain same fixes. 7.10 contains even more.
 
meconiotronic
newbie
Posts: 31
Joined: Wed Mar 14, 2012 9:50 am

Re: v7.10rc is released!

Fri May 26, 2023 2:24 pm

Still problems with openvpn, from version 7.8 onwards it's a tragedy, I have 130 openvpn clients, I think that since you added "key renegotiate sec" after some time the cpu become saturated at 100% forever starting to disconnect all clients. Downgrading to 7.7 solves the problem.
I've already opened several tickets about it, they always told me to try to update to the latest rc to see if it fixes it but in fact it hasn't been fixed yet even in 7.10rc1
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Fri May 26, 2023 2:26 pm

I did not create the SUP but it happened me yesterday in the 7.10beta8 so I did downgrade to 7.8
 
massinia
Member Candidate
Member Candidate
Posts: 179
Joined: Thu Jun 09, 2022 7:20 pm

Re: v7.10rc is released!

Fri May 26, 2023 2:27 pm

I do not see any fix in this RC so it must be there.
I repeat... you should test it before writing.
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Fri May 26, 2023 2:32 pm

I repeat.... it happend me yesterday on the 7.10beta8 and in the RC version is no fix for it. I need to have stable WiFi otherwise family will kill me.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12438
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.10rc is released!

Fri May 26, 2023 2:34 pm

I did not create the SUP [–]
So what do you want?
One of the mikrotik staff who comes to your house?
Currently it doesn't happen to me (ax² 7.9.1, not tested on ax³), so I doubt it's a general problem,
but it only concerns a few people who have configured the device like yours
(of which you have not opened a SEPARATE topic and posted the configuration AND THEN LINKED HERE...)

EDIT: added not tested on ax³
EDIT2: added missing ROS version
Last edited by rextended on Fri May 26, 2023 2:37 pm, edited 2 times in total.
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Fri May 26, 2023 2:37 pm

ok, lets wait till it happend to someone alse..I just wanted to notice, that the issue is not properly sorted out.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12438
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.10rc is released!

Fri May 26, 2023 2:39 pm

To be precise: no one has written that what you write it isn't true, the problem could also be a defect in the power supply or in the routerboard...
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26815
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.10rc is released!

Fri May 26, 2023 3:20 pm

We can only fix things that are reported to support. Above mentioned SUP ticket mentions that issue was gone by itself. If you also have a WiFi issue, rather than post here, make a detailed report, including what devices were connected, what happened, when. Then email to support@mikrotik
 
holvoetn
Forum Guru
Forum Guru
Posts: 6273
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.10rc is released!

Fri May 26, 2023 3:21 pm

But first test with the latest version 😁
 
ToTheFull
Member
Member
Posts: 396
Joined: Fri Mar 24, 2023 3:24 pm

Re: v7.10rc is released!

Fri May 26, 2023 3:44 pm

It would be helpful to know if the fix that was given in this viewtopic.php?p=1003934&hilit=wifi+ax+lineup#p1003788 thread was added to 7.10RC
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Fri May 26, 2023 3:45 pm

We can only fix things that are reported to support. Above mentioned SUP ticket mentions that issue was gone by itself. If you also have a WiFi issue, rather than post here, make a detailed report, including what devices were connected, what happened, when. Then email to support@mikrotik
Im sorry but wife was working from home and I did not have time to elaborate and create anything.......What about the next SUP-116195? It also fixed itself? :)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26815
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.10rc is released!

Fri May 26, 2023 3:49 pm

SUP-116195 is not fixed by itself, it is actually not even clear what to fix. So don't expect any changelog entries, if there is no update in the ticket.

P.S: several wireless reports are not even about the same issue. So don't panic with this "me too" unless you are sure what the report is about
 
gigabyte091
Forum Guru
Forum Guru
Posts: 1449
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: v7.10rc is released!

Fri May 26, 2023 3:50 pm

cAP ax, ax2, ax3 no PMKSA error when using WPA2/WPA3 for now, tested with Samsung S10, 2 x Xiaomi 11 Lite 5G NE, Laptop with Intel AX200 WiFi card.
 
ToTheFull
Member
Member
Posts: 396
Joined: Fri Mar 24, 2023 3:24 pm

Re: v7.10rc is released!

Fri May 26, 2023 3:58 pm

cAP ax, ax2, ax3 no PMKSA error when using WPA2/WPA3 for now, tested with Samsung S10, 2 x Xiaomi 11 Lite 5G NE, Laptop with Intel AX200 WiFi card.
Cheers thats helpful!
 
holvoetn
Forum Guru
Forum Guru
Posts: 6273
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.10rc is released!

Fri May 26, 2023 4:10 pm

Same here on AX2, AX3, AXLite.

Noticed one thing on AX3 ...
HP printer Officejet Pro 8715 directly connected to AX3 starts up with 100M link, after 5 minutes the link shuts down and comes back up with 10M.
Disabling interface and enabling again, brings it back to 100M. But after 5 minutes ... 10M again.
From what I can remember I never saw that happening before.

Supout created and send to support - SUP-117505.
 
Babujnik
newbie
Posts: 35
Joined: Fri May 05, 2017 2:15 pm

Re: v7.10rc is released!

Fri May 26, 2023 5:27 pm

any news on fixing issues with iscsi from QNAP/Synology target ?
SUP-109114 opened since April on this issue...
 
holvoetn
Forum Guru
Forum Guru
Posts: 6273
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.10rc is released!

Fri May 26, 2023 6:06 pm

Noticed one thing on AX3 ...
HP printer Officejet Pro 8715 directly connected to AX3 starts up with 100M link, after 5 minutes the link shuts down and comes back up with 10M.
Disabling interface and enabling again, brings it back to 100M. But after 5 minutes ... 10M again.
From what I can remember I never saw that happening before.

Supout created and send to support - SUP-117505.
And case closed after further investigation.
Someone here at home changed the power settings on the printer so it went to power safe mode after 5 minutes.
Time to set an admin passwd on that device too and have a chat about changing settings for material which is not your own.
 
codelogic
just joined
Posts: 15
Joined: Fri Dec 20, 2019 2:18 am

Re: v7.10rc is released!

Fri May 26, 2023 6:49 pm

I implore MikroTik to *please* reconsider the extremely jarring webfig UI changes (placing item edit boxes in middle of window, forcing scroll bars and hiding config items under collapsed "drop-down" menus by default).

Given previous comments from 7.10beta thread I know I am not the only one that really dislikes this webfig change. Please revert these changes as I fail to see ANY benefit from it whatsoever. Can someone from MikroTik explain how this is at all better than the original design, or how it helps usability in any way?

If this is going to be forced upon us for some stupid reason, please give us an option to toggle back to the webfig UI we all know and love for years now. Or, is that too difficult?
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.10rc is released!

Fri May 26, 2023 7:28 pm

*) mpls - added FastPath support;

how to activate this feature?

thx
Last edited by buset1974 on Sat May 27, 2023 9:42 pm, edited 1 time in total.
 
HACKFRAUD
newbie
Posts: 26
Joined: Sat Apr 01, 2023 6:22 pm

Re: v7.10rc is released!

Fri May 26, 2023 7:31 pm

Has the "can't verify peer's certificate from store" error been fixed? I need IKEv2/IPsec VPN.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10505
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.10rc is released!

Fri May 26, 2023 7:52 pm

(continuation of discussion in beta topic that has been locked)
I found a temporary way to log something when BFD detects a link loss.
I added a logging entry with topics=bgp,debug,!packet,!timer
That logs a "Entering OpenConfirm state BgpStarter ..." message every time BGP is restarted. Of course this is logged at the re-start of the session, rather than at the time it is lost.
(still a bit sad that BGP log messages do not contain the connection or session name they refer to, and also of course it would be nice to have a log from BFD rather than this BGP message that does not point back to the cause for the state change)
 
User avatar
irrwitzer
just joined
Posts: 24
Joined: Mon Apr 11, 2022 11:54 pm

Re: v7.10rc is released!

Fri May 26, 2023 10:30 pm

*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
Can we get this for IPv6 as well PLEASE?

And if I may ask for two things: OSPF(v3) monitoring via SNMP..... would be great as well.

I run several networks, some with RoS v6, some with v7, monitoring them with prometheus and haven't found a well working API based prometheus exporter working with both versions. SNMP support would be a bliss!

Thanks! :-)
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3334
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.10rc is released!

Fri May 26, 2023 11:44 pm

I implore MikroTik to *please* reconsider the extremely jarring webfig UI changes
Will not be fixed in 7.10. This is a RC and will only fix broken stuff that prevents if from being a stable release.
Add it as a Support request to MT
 
User avatar
clambert
Member Candidate
Member Candidate
Posts: 160
Joined: Wed Jun 12, 2019 5:04 am

Re: v7.10rc is released!

Sat May 27, 2023 12:48 am

*) mpls - added FastPath support;

how to activate the this feature?

thx
Maybe it is enabled by default like in ROSv6.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.10rc is released!

Sat May 27, 2023 1:03 am

Hello,

Any updates on SUP-88676 (MPLS EXP bits not being properly set from "set priority" bridge filter rule on VPLS ingress)? I just tested on rc1 and it is still broken. This single issue is preventing is from upgrading the vast majority of routers on our network to v7.x.
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.10rc is released!

Sat May 27, 2023 1:44 am

please check SUP-117545
[RouterOS 7.10rc1] In DNS, dynamic servers will randomly disappear, regardless of whether the DNS is obtained from dhcp-client or pppoe-client.
 
User avatar
msilcher
just joined
Posts: 7
Joined: Mon Mar 09, 2009 9:39 pm
Location: Argentina

Re: v7.10rc is released!

Sat May 27, 2023 11:39 pm

*) ike2 - improved child SA delete request processing;

Not OK. Tunnel goes down every time phase 2 soft timer expires:

05-26 10:29:16 ipsec,info new ike2 SA (I): VPN 192.168.100.13[4500]-X.X.X.X[4500] spi:d0e0179f2f304a52:5081e1b29ca93dc1
05-26 13:44:44 ipsec,info killing ike2 SA: VPN 192.168.100.13[4500]-X.X.X.X[4500] spi:d0e0179f2f304a52:5081e1b29ca93dc1
05-26 13:44:50 ipsec,info new ike2 SA (I): VPN 192.168.100.13[4500]-X.X.X.X[4500] spi:19469d770f08c0dd:2a6beb49e3fc2c36
05-26 20:17:14 ipsec,info killing ike2 SA: VPN 192.168.100.13[4500]-X.X.X.X[4500] spi:19469d770f08c0dd:2a6beb49e3fc2c36
05-26 20:17:19 ipsec,info new ike2 SA (I): VPN 192.168.100.13[4500]-X.X.X.X[4500] spi:435c3f670c5a0328:f6e6769578dc20ca
05-26 23:31:38 ipsec,info killing ike2 SA: VPN 192.168.100.13[4500]-X.X.X.X[4500] spi:435c3f670c5a0328:f6e6769578dc20ca
05-26 23:31:44 ipsec,info new ike2 SA (I): VPN 192.168.100.13[4500]-X.X.X.X[4500] spi:0d9eaff9aaff9aee:764f48b7288dcb6c
05:59:06 ipsec,info killing ike2 SA: VPN 192.168.100.13[4500]-X.X.X.X[4500] spi:0d9eaff9aaff9aee:764f48b7288dcb6c
05:59:10 ipsec,info new ike2 SA (I): VPN 192.168.100.13[4500]-X.X.X.X[4500] spi:0922b6366ad53caa:17f7edd4f22a8c42
09:15:24 ipsec,info killing ike2 SA: VPN 192.168.100.13[4500]-X.X.X.X[4500] spi:0922b6366ad53caa:17f7edd4f22a8c42
09:15:30 ipsec,info new ike2 SA (I): VPN 192.168.100.13[4500]-X.X.X.X[4500] spi:1c48bbc08437db42:a0ea029a768ae75c
12:32:31 ipsec,info killing ike2 SA: VPN 192.168.100.13[4500]-X.X.X.X[4500] spi:1c48bbc08437db42:a0ea029a768ae75c
12:32:37 ipsec,info new ike2 SA (I): VPN 192.168.100.13[4500]-X.X.X.X[4500] spi:72df9f2aa01726cd:056a54fbb76bc21f
15:50:58 ipsec,info killing ike2 SA: VPN 192.168.100.13[4500]-X.X.X.X[4500] spi:72df9f2aa01726cd:056a54fbb76bc21f
15:51:03 ipsec,info new ike2 SA (I): VPN 192.168.100.13[4500]-X.X.X.X[4500] spi:d361c5539db98db6:a7c45904db0d823f


Tested on hAP ac2 agains a Cisco Router. Version 7.9.1 worked fine, had tunnel up for days. I hope you can review and correct this.
 
vecino
just joined
Posts: 7
Joined: Fri Jul 08, 2016 11:59 pm

Re: v7.10rc is released!

Sun May 28, 2023 9:35 pm

For my monitoring system I am used to retrieve these values via SNMP, but for "new" devices CubeG-5ac60ay + SA this does not work. Can you add it?
frequency		1.3.6.1.4.1.14988.1.1.1.8.1.6.1		GHz							
phy rate		iso.3.6.1.4.1.14988.1.1.1.8.1.13.1	Gbps							
rssi			1.3.6.1.4.1.14988.1.1.1.8.1.12.1	dB							
signal quality	        iso.3.6.1.4.1.14988.1.1.1.8.1.8.1	%							
tx sector		iso.3.6.1.4.1.14988.1.1.1.8.1.9.1
Thanks
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3334
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.10rc is released!

Sun May 28, 2023 11:04 pm

SNMP is fine for a lot of stuff, but if there are not SNMP for what you like to monitor but you can see the value via CLI, you can send it out using Syslog and a sylog receiver like Splunk or Kiwi and the graph it there.
 
ivicask
Member
Member
Posts: 437
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: v7.10rc is released!

Mon May 29, 2023 9:45 am

For anyone wondering, wireguard - retry "endpoint-address" DNS query on failed resolve;
Does nothing to help with dynamic peers, i had to re-enable script to fix peer after IP changes because tunnel died.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1350
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.10rc is released!

Mon May 29, 2023 12:37 pm

That's not the intention of the fix, failed resolve isn't the same thing as what you describe.
As for your issue, it is easy fixable by setting `persistent keepalive` on both peers.
`Failed resolve` fix is only there to fix cases where wireguard tries to bring up the peers but the rest of the networking stuff isn't operational yet (dns resolver, wan etc) and resolving of the endpoint fails because of that.
 
ivicask
Member
Member
Posts: 437
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: v7.10rc is released!

Mon May 29, 2023 1:07 pm

persistent keepalive doesnt help with that...and yeah i have it both ends, moments IP changes on server peers never reconnect until i disable/enable peer.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1350
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.10rc is released!

Mon May 29, 2023 1:24 pm

It should work, maybe you have some other issue preventing it from working properly.
Not the topic for that though.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v7.10rc is released!

Mon May 29, 2023 3:20 pm

*) system - reduced RAM usage for SMIPS devices;
Wow, hAP Lite is back on stage? Good news!
 
User avatar
ErfanDL
Member
Member
Posts: 366
Joined: Thu Sep 29, 2016 9:13 am

Re: v7.10rc is released!

Mon May 29, 2023 8:05 pm

hAP Lite before and after memory usage (7.9.1 VS 7.10rc1)
Screenshot 2023-05-29 203020.png
You do not have the required permissions to view the files attached to this post.
 
guipoletto
Member Candidate
Member Candidate
Posts: 199
Joined: Mon Sep 19, 2011 5:31 am

Re: v7.10rc is released!

Mon May 29, 2023 9:40 pm

At least here, no appreciable difference between 7.8/7.9.1/7.10Rc1
how did you get RAM usage down to 16M?
Image
You do not have the required permissions to view the files attached to this post.
 
Guscht
Member Candidate
Member Candidate
Posts: 251
Joined: Thu Jul 01, 2010 5:32 pm

Re: v7.10rc is released!

Tue May 30, 2023 12:13 am

Hi,

what is the gain of the new "endpoint-independent-nat" from the practical point of view?
And does "endpoint-independent-nat" means mapping or filtering?!

I know the definition of the mappings:
Endpoint-independent mapping: The NAT uses the same IP address and port mapping for packets sent from the same private IP address and port to any public IP address and port.
or the RFC definition:
Endpoint-Independent Mapping:

The NAT reuses the port mapping for subsequent packets sent
from the same internal IP address and port (X:x) to any
external IP address and port. Specifically, X1':x1' equals
X2':x2' for all values of Y2:y2.

But these are very theoretical definitions imho. But in what real-world use-cases should I select this new option over the "normal" SNAT or Masquerading action?
 
User avatar
memelchenkov
Member Candidate
Member Candidate
Posts: 204
Joined: Sun Oct 11, 2020 12:00 pm
Contact:

Re: v7.10rc is released!

Tue May 30, 2023 12:33 am

Disabling interface and enabling again, brings it back to 100M. But after 5 minutes ... 10M again.
And case closed after further investigation.
Someone here at home changed the power settings on the printer so it went to power safe mode after 5 minutes.
Time to set an admin passwd on that device too and have a chat about changing settings for material which is not your own.
I have the same issue on 7.9. A device after coming from sleep connects to 10M instead of 1000M. I manually set 1000M on the router side to avoid this.
 
onnoossendrijver
Member
Member
Posts: 488
Joined: Mon Jul 14, 2008 11:10 am
Location: The Netherlands

Re: v7.10rc is released!

Tue May 30, 2023 9:37 am

I have the same issue on 7.9. A device after coming from sleep connects to 10M instead of 1000M. I manually set 1000M on the router side to avoid this.
Why not solve the "problem" at the source?
Disable power saving..
Also, why do you want it to connect at 1G ?
If the device leaves low power mode it will also set the speed to 1G.
You will not notice any problems or low speed with this low power mode mode enabled.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26815
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.10rc is released!

Tue May 30, 2023 9:39 am

I agree with above what onnoossendrijver said. Why need to have a printer constantly at 1G? Printers will never have the need for such speed anyway, and it's apparently doing this to save power. Let it do it's thing.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1650
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.10rc is released!

Tue May 30, 2023 9:50 am

meconiotronic, msilcher - Have you opened support ticket regarding this issue? If not, then please do so and provide supout file which would be generated after the problem has been present on your router.

We have seen several reports in this and other topics about problems with wireless. Please note that the "broken wireless" is the result of some kind of an issue. Definitely there are several issues that have been already addressed and most likely several of them still need to be found. We are actively working on this, but we can do that only through support@mikrotik.com and by checking supout files and doing debugging. Yes, several "broken wireless" issues have been fixed in 7.10rc release, several of them will be fixed in 7.11beta and so on. Please do not make assumptions that a problem that you are experiencing is definitely the same issue that someone else has described in a forum, unless you both are aware on how to reproduce the problem step-by-step. Maybe problems are completely unrelated, but the result is very similar. Same rules apply also for other issues not only wireless.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1087
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.10rc is released!

Tue May 30, 2023 10:00 am

I am still suffering an issue with loaded cpu cores with netwatch. Mikrotik could not reproduce, so I set up a test case.
The device is now wasting my energy and heating my cabinet. Can anybody have a look at SUP-106133, then login in and take the measures?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10505
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.10rc is released!

Tue May 30, 2023 10:51 am

But in what real-world use-cases should I select this new option over the "normal" SNAT or Masquerading action?
Ask that in the topic about "Full-Cone NAT"... those people seem to have a use for it.
 
User avatar
memelchenkov
Member Candidate
Member Candidate
Posts: 204
Joined: Sun Oct 11, 2020 12:00 pm
Contact:

Re: v7.10rc is released!

Tue May 30, 2023 12:21 pm

I agree with above what onnoossendrijver said. Why need to have a printer constantly at 1G? Printers will never have the need for such speed anyway, and it's apparently doing this to save power. Let it do it's thing.
My device is not a printer, it's a dock (with Ethernet adapter) connected to a notebook. Indeed, it was my mistake that I told it was connected to router with 7.9. Actually it was connected to a switch with 6.48.5, I forgot this fact and saw it only after today's re-check. Why I set to strictly "1000M full": because it has issues with re-connection every minute: 10M/1G/10M/1G and so on, and these issues are not cured even after notebook (so a dock too) awakes from sleep. So, this issue is not related to 7.x branch, sorry, just some incompatibility between devices. But the case is similar to the one described by the commentator, so I remembered it.
 
User avatar
mazel
just joined
Posts: 14
Joined: Thu Apr 13, 2023 2:29 pm

Re: v7.10rc is released!

Tue May 30, 2023 3:55 pm

Works on hAP ax2 (2.4GHz AX 20/40MHz, 5GHz AX 20/40/80MHz, WPA2/WPA3 PSK, disabled PMKID). First brief look shows no wireless conectivity issues. Wlan connectivity seems stable, no random disconnects. Works without any configuration changes. Wireless issues from 7.9 seems fixed. Will test more.
 
Guscht
Member Candidate
Member Candidate
Posts: 251
Joined: Thu Jul 01, 2010 5:32 pm

Re: v7.10rc is released!

Tue May 30, 2023 5:25 pm

Ask that in the topic about "Full-Cone NAT"... those people seem to have a use for it.
I remember that topic, this was a very specific use-case.
I was unaware that "Full-Cone" is a synonyme for "endpoint-independent-nat"...
 
BelWaveNOC
just joined
Posts: 1
Joined: Thu Mar 18, 2021 6:40 pm

Re: v7.10rc is released!

Tue May 30, 2023 6:02 pm

BFD for OSPF does not appear to actually run within the vrf. I opened SUP-117843

1 I ;;; BFD forbidden for interface
multihop=no vrf=main remote-address=172.16.0.162%vlan3020
local-address=172.16.0.161%vlan3020@vrf1 desired-tx-interval=0ms
required-min-rx=0ms multiplier=0
 
User avatar
msilcher
just joined
Posts: 7
Joined: Mon Mar 09, 2009 9:39 pm
Location: Argentina

Re: v7.10rc is released!

Tue May 30, 2023 9:40 pm

meconiotronic, msilcher - Have you opened support ticket regarding this issue? If not, then please do so and provide supout file which would be generated after the problem has been present on your router.
Just did: [SUP-117869] - Hopefully support team starts to work on it soon... I'm not having the best support experience for some time now...
 
naxus
just joined
Posts: 2
Joined: Tue Jan 12, 2021 2:33 pm

Re: v7.10rc is released!

Tue May 30, 2023 11:17 pm

Works on hAP ax2 (2.4GHz AX 20/40MHz, 5GHz AX 20/40/80MHz, WPA2/WPA3 PSK, disabled PMKID). First brief look shows no wireless conectivity issues. Wlan connectivity seems stable, no random disconnects. Works without any configuration changes. Wireless issues from 7.9 seems fixed. Will test more.
Still there, but probably related to capsman.
Got:
rejected, can't find PMKSA
, supout provided in SUP-116463
 
nannou9
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Tue Nov 10, 2020 9:56 pm

Re: v7.10rc is released!

Tue May 30, 2023 11:24 pm

Just tried rc1 on my RB4011 with single vlan spanning on both chip ports and sfp and it fails. Had to revert to 7.7 immediately.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6273
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.10rc is released!

Tue May 30, 2023 11:33 pm

Works on hAP ax2 (2.4GHz AX 20/40MHz, 5GHz AX 20/40/80MHz, WPA2/WPA3 PSK, disabled PMKID). First brief look shows no wireless conectivity issues. Wlan connectivity seems stable, no random disconnects. Works without any configuration changes. Wireless issues from 7.9 seems fixed. Will test more.
Still there, but probably related to capsman.
Got:
rejected, can't find PMKSA
, supout provided in SUP-116463
That's probably WPA3-related.
I've seen it too on 7.9 (beta, rc and stable) and am not using capsman.
But less so on 7.10rc1 (yet not 0%).
 
User avatar
aspen63
newbie
Posts: 43
Joined: Sat Feb 04, 2023 8:58 am

Re: v7.10rc is released!

Wed May 31, 2023 7:47 am

ok, lets wait till it happend to someone alse..I just wanted to notice, that the issue is not properly sorted out.
The same here with 7.9. Some Apple devices refuse to connect with wrong password. Restarting them helps, sometimes trying connecting to another network and switching back also helps.
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Wed May 31, 2023 8:43 am

ok, lets wait till it happend to someone alse..I just wanted to notice, that the issue is not properly sorted out.
The same here with 7.9. Some Apple devices refuse to connect with wrong password. Restarting them helps, sometimes trying connecting to another network and switching back also helps.
Hi,

send supout to MT please.
 
noradtux
newbie
Posts: 39
Joined: Mon May 24, 2021 6:33 pm

Re: v7.10rc is released!

Wed May 31, 2023 10:31 am

Finally got around to test BGP with BFD. Session between CCR 2216 and FortiGate came up easily (after configuring properly) and seems to be working fine. (If your BGP session happens to kind of establish and then break down, check that BFD is actually enabled on the involved interfaces ;) )
 
noradtux
newbie
Posts: 39
Joined: Mon May 24, 2021 6:33 pm

Re: v7.10rc is released!

Wed May 31, 2023 10:50 am

BFD for OSPF does not appear to actually run within the vrf. I opened SUP-117843

1 I ;;; BFD forbidden for interface
multihop=no vrf=main remote-address=172.16.0.162%vlan3020
local-address=172.16.0.161%vlan3020@vrf1 desired-tx-interval=0ms
required-min-rx=0ms multiplier=0
You need to allow BFD on the required interfaces, like "/routing bfd configuration add forbid-bfd=no interfaces=LAN".
I just enabled BFD for OSPF (v2 and v3) and it simply works :)
 
tim427
just joined
Posts: 6
Joined: Sat Aug 15, 2020 10:10 am

Re: v7.10rc is released!

Wed May 31, 2023 2:58 pm

@Mikrotik; I'm really happy with the BGP addition in SNMP (1.3.6.1.2.1.15.3.1), could you please also add bgpLocalAs (1.3.6.1.2.1.15.2) :)?
 
ivanfm
newbie
Posts: 48
Joined: Sun May 20, 2012 5:07 pm

Re: v7.10rc is released!

Wed May 31, 2023 9:14 pm

The date show in webfig is wrong with this rc1.

Now its showing "2023-05-30" and "/system/clock/print" on console shows correct date 2023-05-31.
Last edited by ivanfm on Wed May 31, 2023 9:21 pm, edited 1 time in total.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.10rc is released!

Wed May 31, 2023 9:18 pm

The date show in webfig is worng with this rc1.

Now its showing "2023-05-30" and "/system/clock/print" on console shows correct date 2023-05-31.
.
Good catch, confirmed here! webfig shows day 30, console shows 31

webfig
clock1.png
.
console/SSH
clock2.png
You do not have the required permissions to view the files attached to this post.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6273
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.10rc is released!

Wed May 31, 2023 9:37 pm

I don't see that behavior on RB5009.
All time/date indications are correct for me. Terminal, webfig and winbox.

(and before anyone starts about the time diff on terminal output, I did not refresh the terminal screen ...)
You do not have the required permissions to view the files attached to this post.
 
ivanfm
newbie
Posts: 48
Joined: Sun May 20, 2012 5:07 pm

Re: v7.10rc is released!

Wed May 31, 2023 9:44 pm

I don't see that behavior on RB5009.
All time/date indications are correct for me. Terminal, webfig and winbox.

(and before anyone starts about the time diff on terminal output, I did not refresh the terminal screen ...)
I'm using RG751G.
Now testing to use yout timezone Brussels I found that each time I press "apply" on webfig the day on router goes down by one day, even if I did not change nothing on the fields.

Very strange behaviour.
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.10rc is released!

Thu Jun 01, 2023 12:31 am

RouterOS version 7.10rc has been released on the "v7 testing" channel!



SUP-117980


Dear MT.
Why does everything break down every time when PKI is mentioned in the changelog?
IKEv2 between 7.9.2 <> 7.10rc1 does not work. Thank God at least in 7.9.2 <> 7.9.2 its works.


7.9.2

[admin@MikroTik] > /export terse
# may/31/2023 21:02:30 by RouterOS 7.9.2
# software id = 
#
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec policy group add name=group1
/ip ipsec profile add dh-group=ecp256 enc-algorithm=aes-256 hash-algorithm=sha256 name=profile1 prf-algorithm=sha256 proposal-check=strict
/ip ipsec peer add exchange-mode=ike2 local-address=192.168.2.18 name=peer1 passive=yes profile=profile1
/ip ipsec proposal add auth-algorithms="" enc-algorithms=aes-256-gcm lifetime=8h name=proposal1 pfs-group=ecp256
/ip pool add name=r1-r2 ranges=192.168.99.2
/ip ipsec mode-config add address-pool=r1-r2 address-prefix-length=32 name=r1-r2 split-include=0.0.0.0/0 system-dns=no
/ip dhcp-client add interface=ether1
/ip ipsec identity add auth-method=digital-signature certificate=r1 generate-policy=port-strict match-by=certificate mode-config=r1-r2 peer=peer1 policy-template-group=group1 remote-certificate=r1-r2-ether
/ip ipsec policy add dst-address=192.168.99.0/24 group=group1 proposal=proposal1 src-address=0.0.0.0/0 template=yes
/system logging add topics=ipsec,!packet
/system note set show-at-login=no
[admin@MikroTik] > 

7.10rc1

[admin@MikroTik] > /export terse 
# 2023-05-31 21:03:35 by RouterOS 7.10rc1
# software id = 
#
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec mode-config add name=cfg1 responder=no
/ip ipsec policy group add name=group1
/ip ipsec profile add dh-group=ecp256 enc-algorithm=aes-256 hash-algorithm=sha256 name=profile1 prf-algorithm=sha256 proposal-check=strict
/ip ipsec peer add address=192.168.2.18/32 exchange-mode=ike2 name=peer1 profile=profile1
/ip ipsec proposal add auth-algorithms="" enc-algorithms=aes-256-gcm lifetime=8h name=proposal1 pfs-group=ecp256
/ip dhcp-client add interface=ether1
/ip ipsec identity add auth-method=digital-signature certificate=r1-r2-ether generate-policy=port-strict match-by=certificate mode-config=cfg1 my-id=dn peer=peer1 policy-template-group=group1 remote-certificate=r1
/ip ipsec policy add dst-address=0.0.0.0/0 group=group1 proposal=proposal1 src-address=0.0.0.0/0 template=yes
/ip route add distance=254 dst-address=192.168.99.0/24 gateway=ether1 pref-src=192.168.99.2
/system logging add topics=ipsec,!packet
/system note set show-at-login=no
[admin@MikroTik] > 

7.9.2
 21:14:45 ipsec   issuer:    <CN=r1-ca>
 21:14:45 ipsec   subject:   <CN=r1-r2-ether>
 21:14:45 ipsec   notBefore: Sat Dec 31 21:00:00 2022
 21:14:45 ipsec   notAfter:  Thu Dec 30 21:00:00 2032
 21:14:45 ipsec   selfSigned:0
 21:14:45 ipsec   extensions:
 21:14:45 ipsec     key usage: digital-signature, key-encipherment, data-encipherment, key-agreement
 21:14:45 ipsec     extended key usage: tls-client
 21:14:45 ipsec     subject key id:  f3:05:75:fc:1c:8f:e9:f1:6c:31:73:f2:44:07:c6:87:04:65:5a:9f
 21:14:45 ipsec     authority key id:e5:a8:d5:03:ec:8f:45:7d:9e:6a:76:4d:c3:c0:4b:2a:b3:be:a8:d7
 21:14:45 ipsec     subject alternative name: 
 21:14:45 ipsec       rfc822: r1-r2-ether
 21:14:45 ipsec   signed with: 1.2.840.10045.4.3.2 (1.2.840.10045.4.3.2)
 21:14:45 ipsec [EC-PUBLIC]
 21:14:45 ipsec pub.x: a1335a3f.4b9c7e10.7bddff81.160586b9.4186b4e7.9a72bd4b.8b98f5fa.341a7e4e
 21:14:45 ipsec pub.y: c08ba383.7659f821.829013ab.ac296ea1.a7932d33.b3d338c5.71b9baf2.dc635863
 21:14:45 ipsec curveId: 3
 21:14:45 ipsec order: ffffffff.00000000.ffffffff.ffffffff.bce6faad.a7179e84.f3b9cac2.fc632551
 21:14:45 ipsec,debug => certificate (size 0x1a0)
 21:14:45 ipsec,debug 3082019c 30820141 a0030201 02020866 79fd396e f722bb30 0a06082a 8648ce3d
 21:14:45 ipsec,debug 04030230 10310e30 0c060355 04030c05 72312d63 61301e17 0d323231 32333132
 21:14:45 ipsec,debug 31303030 305a170d 33323132 33303231 30303030 5a301631 14301206 03550403
 21:14:45 ipsec,debug 0c0b7231 2d72322d 65746865 72305930 1306072a 8648ce3d 02010608 2a8648ce
 21:14:45 ipsec,debug 3d030107 03420004 a1335a3f 4b9c7e10 7bddff81 160586b9 4186b4e7 9a72bd4b
 21:14:45 ipsec,debug 8b98f5fa 341a7e4e c08ba383 7659f821 829013ab ac296ea1 a7932d33 b3d338c5
 21:14:45 ipsec,debug 71b9baf2 dc635863 a37f307d 300e0603 551d0f01 01ff0404 030203b8 30130603
 21:14:45 ipsec,debug 551d2504 0c300a06 082b0601 05050703 02301d06 03551d0e 04160414 f30575fc
 21:14:45 ipsec,debug 
 21:14:45 ipsec,debug 1c8fe9f1 6c3173f2 4407c687 04655a9f 301f0603 551d2304 18301680 14e5a8d5
 21:14:45 ipsec,debug 03ec8f45 7d9e6a76 4dc3c04b 2ab3bea8 d7301606 03551d11 040f300d 810b7231
 21:14:45 ipsec,debug 2d72322d 65746865 72300a06 082a8648 ce3d0403 02034900 30460221 00d6a2ee
 21:14:45 ipsec,debug e9dfaafd 854998bf 4f9abe1a ea4f789e 4674d5e9 f7e27d27 8d5249ba e2022100
 21:14:45 ipsec,debug c0d393c7 7387fe6d 2b14b72a 10913dea 47e24b6e 59ea1978 83948560 c513b6b6
 21:14:45 ipsec processing payloads: NOTIFY
 21:14:45 ipsec   notify: INITIAL_CONTACT
 21:14:45 ipsec processing payload: AUTH
 21:14:45 ipsec requested auth method: ECDSA-256
 21:14:45 ipsec,debug => peer's auth (size 0x47)
 21:14:45 ipsec,debug 30450221 00fee495 1a16030a 0404d221 b2d84888 f73f8475 bec3a3f7 15bf9a97
 21:14:45 ipsec,debug 2c45d75e 4a02206b e01beed9 66b9ed42 35f7356b 7c0de460 a216e8e1 3691c751
 21:14:45 ipsec,debug d4c122b3 df8517
 21:14:45 ipsec trust chain: 
 21:14:45 ipsec 0: SKID: f3:05:75:fc:1c:8f:e9:f1:6c:31:73:f2:44:07:c6:87:04:65:5a:9f
 21:14:45 ipsec    AKID: e5:a8:d5:03:ec:8f:45:7d:9e:6a:76:4d:c3:c0:4b:2a:b3:be:a8:d7
 21:14:45 ipsec 1: SKID: e5:a8:d5:03:ec:8f:45:7d:9e:6a:76:4d:c3:c0:4b:2a:b3:be:a8:d7
 21:14:45 ipsec,debug => auth nonce (size 0x18)
 21:14:45 ipsec,debug 3cb6c1d9 2d4632ec feb8104b 9f26bb31 a5e1a669 42dd08b6
 21:14:45 ipsec,debug => SK_p (size 0x20)
 21:14:45 ipsec,debug c04e1158 877afc72 b90c0d8e 8d6a500b 6a65b9ac 060e69e5 a03d97ca 764effee
 21:14:45 ipsec,debug => idhash (size 0x20)
 21:14:45 ipsec,debug b5947ef5 6006bd06 82601f43 d1122790 7b3b8db9 95569c46 fa3bba62 835dbafb

 21:14:45 ipsec,error digital signature verification failed

 21:14:45 ipsec reply notify: AUTHENTICATION_FAILED
 21:14:45 ipsec adding notify: AUTHENTICATION_FAILED
 21:14:45 ipsec,debug => (size 0x8)
 21:14:45 ipsec,debug 00000008 00000018
 21:14:45 ipsec <- ike2 reply, exchange: AUTH:1 192.168.2.19[4500] 95b82e65302f0cc5:c574be21d1653097
 21:14:45 ipsec,debug ===== sending 224 bytes from 192.168.2.18[4500] to 192.168.2.19[4500]
 21:14:45 ipsec,debug 1 times of 228 bytes message will be sent to 192.168.2.19[4500]
 21:14:45 ipsec,info,account peer failed to authorize: peer1 192.168.2.18[4500]-192.168.2.19[4500] spi:c574be21d1653097:95b82e65302f0cc5
 21:14:45 ipsec,info killing ike2 SA: peer1 192.168.2.18[4500]-192.168.2.19[4500] spi:c574be21d1653097:95b82e65302f0cc5

7.10rc1
 21:14:37 ipsec     key usage: digital-signature, key-encipherment, data-encipherment, key-agreement
 21:14:37 ipsec     extended key usage: tls-client
 21:14:37 ipsec     subject key id:  f3:05:75:fc:1c:8f:e9:f1:6c:31:73:f2:44:07:c6:87:04:65:5a:9f
 21:14:37 ipsec     authority key id:e5:a8:d5:03:ec:8f:45:7d:9e:6a:76:4d:c3:c0:4b:2a:b3:be:a8:d7
 21:14:37 ipsec     subject alternative name: 
 21:14:37 ipsec       rfc822: r1-r2-ether
 21:14:37 ipsec   signed with: 1.2.840.10045.4.3.2 (1.2.840.10045.4.3.2)
 21:14:37 ipsec [EC-PUBLIC]
 21:14:37 ipsec pub.x: a1335a3f.4b9c7e10.7bddff81.160586b9.4186b4e7.9a72bd4b.8b98f5fa.341a7e4e
 21:14:37 ipsec pub.y: c08ba383.7659f821.829013ab.ac296ea1.a7932d33.b3d338c5.71b9baf2.dc635863
 21:14:37 ipsec curveId: 3
 21:14:37 ipsec order: ffffffff.00000000.ffffffff.ffffffff.bce6faad.a7179e84.f3b9cac2.fc632551
 21:14:37 ipsec adding payload: CERT
 21:14:37 ipsec,debug => (first 0x100 of 0x1a5)
 21:14:37 ipsec,debug 000001a5 04308201 9c308201 41a00302 01020208 6679fd39 6ef722bb 300a0608
 21:14:37 ipsec,debug 2a8648ce 3d040302 3010310e 300c0603 5504030c 0572312d 6361301e 170d3232
 21:14:37 ipsec,debug 31323331 32313030 30305a17 0d333231 32333032 31303030 305a3016 31143012
 21:14:37 ipsec,debug 06035504 030c0b72 312d7232 2d657468 65723059 30130607 2a8648ce 3d020106
 21:14:37 ipsec,debug 082a8648 ce3d0301 07034200 04a1335a 3f4b9c7e 107bddff 81160586 b94186b4
 21:14:37 ipsec,debug e79a72bd 4b8b98f5 fa341a7e 4ec08ba3 837659f8 21829013 abac296e a1a7932d
 21:14:37 ipsec,debug 33b3d338 c571b9ba f2dc6358 63a37f30 7d300e06 03551d0f 0101ff04 04030203
 21:14:37 ipsec,debug b8301306 03551d25 040c300a 06082b06 01050507 0302301d 0603551d 0e041604
 21:14:37 ipsec adding notify: INITIAL_CONTACT
 21:14:37 ipsec,debug => (size 0x8)
 21:14:37 ipsec,debug 00000008 00004000
 21:14:37 ipsec adding payload: SA
 21:14:37 ipsec,debug => (size 0x24)
 21:14:37 ipsec,debug 00000024 00000020 01030402 0d437032 0300000c 01000014 800e0100 00000008
 21:14:37 ipsec,debug 05000000
 21:14:37 ipsec initiator selector: 0.0.0.0/0 
 21:14:37 ipsec adding payload: TS_I
 21:14:37 ipsec,debug => (size 0x18)
 21:14:37 ipsec,debug 00000018 01000000 07000010 0000ffff 00000000 ffffffff
 21:14:37 ipsec responder selector: 0.0.0.0/0 
 21:14:37 ipsec adding payload: TS_R
 21:14:37 ipsec,debug => (size 0x18)
 21:14:37 ipsec,debug 00000018 01000000 07000010 0000ffff 00000000 ffffffff
 21:14:37 ipsec preparing internal IPv4 address
 21:14:37 ipsec preparing internal IPv4 netmask
 21:14:37 ipsec preparing internal IPv6 subnet
 21:14:37 ipsec preparing internal IPv4 DNS
 21:14:37 ipsec preparing internal DNS domain
 21:14:37 ipsec adding payload: CONFIG
 21:14:37 ipsec,debug => (size 0x30)
 21:14:37 ipsec,debug 00000030 01000000 00010004 00000000 00020004 00000000 000d0008 00000000
 21:14:37 ipsec,debug 00000000 00030004 00000000 00190000
 21:14:37 ipsec <- ike2 request, exchange: AUTH:1 192.168.2.18[4500] 95b82e65302f0cc5:c574be21d1653097
 21:14:37 ipsec,debug ===== sending 896 bytes from 192.168.2.19[4500] to 192.168.2.18[4500]
 21:14:37 ipsec,debug 1 times of 900 bytes message will be sent to 192.168.2.18[4500]
 21:14:37 ipsec,debug ===== received 224 bytes from 192.168.2.18[4500] to 192.168.2.19[4500]
 21:14:37 ipsec -> ike2 reply, exchange: AUTH:1 192.168.2.18[4500] 95b82e65302f0cc5:c574be21d1653097
 21:14:37 ipsec payload seen: ENC (196 bytes)
 21:14:37 ipsec processing payload: ENC
 21:14:37 ipsec,debug => iv (size 0x10)
 21:14:37 ipsec,debug a84d118a 88a01c7b 3d44a137 4aa7ac75
 21:14:37 ipsec,debug decrypted packet
 21:14:37 ipsec payload seen: NOTIFY (8 bytes)
 21:14:37 ipsec processing payloads: NOTIFY
 21:14:37 ipsec   notify: AUTHENTICATION_FAILED
 
 21:14:37 ipsec,error got fatal error: AUTHENTICATION_FAILED
 
 21:14:37 ipsec,info killing ike2 SA: peer1 192.168.2.19[4500]-192.168.2.18[4500] spi:95b82e65302f0cc5:c574be21d1653097
 
EdPa
MikroTik Support
MikroTik Support
Topic Author
Posts: 328
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

Re: v7.10rc is released!

Thu Jun 01, 2023 9:57 am

@nannou9 - I did not manage to reproduce any failures in our labs. Can you create a supout.rif file during the issue and send it to support?
 
chubbs596
Frequent Visitor
Frequent Visitor
Posts: 90
Joined: Fri Dec 06, 2013 6:07 pm

Re: v7.10rc is released!

Thu Jun 01, 2023 10:42 am

@Mikrotik; I'm really happy with the BGP addition in SNMP (1.3.6.1.2.1.15.3.1), could you please also add bgpLocalAs (1.3.6.1.2.1.15.2) :)?
Any got the SNMP for BGP working on Observium? where can we find the latest mib file? so I can ask Observium to update
 
pe1chl
Forum Guru
Forum Guru
Posts: 10505
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.10rc is released!

Thu Jun 01, 2023 11:24 am

That OID is a standard MIB-2 one.
 
tim427
just joined
Posts: 6
Joined: Sat Aug 15, 2020 10:10 am

Re: v7.10rc is released!

Thu Jun 01, 2023 12:58 pm

@Mikrotik; I'm really happy with the BGP addition in SNMP (1.3.6.1.2.1.15.3.1), could you please also add bgpLocalAs (1.3.6.1.2.1.15.2) :)?
Any got the SNMP for BGP working on Observium? where can we find the latest mib file? so I can ask Observium to update
That OID is a standard MIB-2 one.
It's indeed standard :)

I'm using LibreNMS (which is an fork of Observium) and it only detects this SNMP tree if bgpLocalAs is present. For that reason I really wish Mikrotik will add this with the next release :)

Does Obsesrvium do something similar like this? I'm using this "hack" for the time being :)

/opt/librenms/includes/discovery/bgp-peers.inc.php
//
// Load OS specific file
//
if (file_exists(Config::get('install_dir') . "/includes/discovery/bgp-peers/{$device['os']}.inc.php")) {
    include Config::get('install_dir') . "/includes/discovery/bgp-peers/{$device['os']}.inc.php";
}
/opt/librenms/includes/discovery/bgp-peers/routeros.inc.php
<?php

if ($device['os'] == 'routeros' && $device['hostname'] == 'router123') {
    $bgpLocalAs = 65123;
} elseif ($device['os'] == 'routeros' && $device['hostname'] == 'router456') {
    $bgpLocalAs = 65456;
}
 
User avatar
jimmer
just joined
Posts: 19
Joined: Wed Mar 06, 2019 10:06 am
Location: Tasmania, Australia

Re: v7.10rc is released!

Thu Jun 01, 2023 2:44 pm

7.10rc1 on my RB3011 breaks OpenVPN connections from my Android 13 device (using latest official OpenVPN client)


on 7.10rc1 I get a constant connect/disconnect/pulling settings from server with the log filled with:

Jun 1 20:54:56 laurel-rb3011-gw : using encoding - AES-256-CBC/SHA256
Jun 1 20:54:56 laurel-rb3011-gw jimmer logged in, 10.10.17.147 from x.xxx.19.218
Jun 1 20:54:56 laurel-rb3011-gw <ovpn-jimmer>: connected
Jun 1 20:54:57 laurel-rb3011-gw <1.152.19.218>: disconnected <poll error>
Jun 1 20:54:57 laurel-rb3011-gw <ovpn-jimmer>: terminating... - poll error
Jun 1 20:54:58 laurel-rb3011-gw connection established from x.xxx.19.218, port: 12886 to xxx.xxx.58.24
Jun 1 20:54:58 laurel-rb3011-gw jimmer logged out, 2 0 0 0 0 from x.xxx.19.218
Jun 1 20:54:58 laurel-rb3011-gw <ovpn-jimmer>: disconnected

The above repeats over and over until i cancel/disconnect.

Roll back to 7.8:
Jun 1 21:03:04 laurel-rb3011-gw connection established from x.xxx.19.218, port: 4651 to xxx.xxx.58.24
Jun 1 21:03:04 laurel-rb3011-gw : using encoding - AES-256-CBC/SHA256
Jun 1 21:03:04 laurel-rb3011-gw jimmer logged in, 10.10.17.150 from x.xxx.19.218
Jun 1 21:03:04 laurel-rb3011-gw <ovpn-jimmer>: connected

connected, stays stable and am able to use the session

OpenVPN server settings:

/interface ovpn-server server
set auth=sha256 certificate=server-certificate cipher=aes256-cbc \
default-profile=vpn-ann-profile enabled=yes protocol=udp \
require-client-certificate=yes tls-version=only-1.2

Nothing special about the profile. basic stuff, dns servers, certificate key size is 2048

Other people seeing similar?

Edit: flipped back to my 7.8 partition and copied it over my 7.10rc1 one, upgraded to 7.9.2 and that works fine. so its something unique to 7.10rc1
 
mutino
just joined
Posts: 2
Joined: Sun Feb 13, 2022 9:18 pm

Re: v7.10rc is released!

Thu Jun 01, 2023 5:52 pm

Running v710rc on MikroTik309. (PC plugged into router directly and router connected also to VDSL modem)

It keeps forgetting the IPv6 gateway on at least one VLAN. I cant see any failures in event log before it happens. (this has happened multiple times)

I try to ping -6 google.com from client within VLAN and get
Pinging google.com [2a00:1450:4009:823::200e] with 32 bytes of data:
Destination host unreachable.
Destination host unreachable

If I go into IPV6/Addresses and open the address for the VLAN and click 'Apply' it starts working again:
Pinging google.com [2a00:1450:4009:815::200e] with 32 bytes of data:
Reply from 2a00:1450:4009:815::200e: time=8ms
Reply from 2a00:1450:4009:815::200e: time=7ms
 
User avatar
npeca75
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Aug 03, 2017 3:12 pm

Re: v7.10rc is released!

Thu Jun 01, 2023 8:49 pm

It's indeed standard :)

I'm using LibreNMS (which is an fork of Observium) and it only detects this SNMP tree if bgpLocalAs is present. For that reason I really wish Mikrotik will add this with the next release :)
+1 for LibreNMS compatibility
 
Dude2048
Member Candidate
Member Candidate
Posts: 212
Joined: Thu Sep 01, 2016 4:04 pm

Re: v7.10rc is released!

Thu Jun 01, 2023 11:08 pm

Other management tools works just fine. Maybe you should contact Librenms for adjustments. In my opinion MT is not at fault here,
 
tim427
just joined
Posts: 6
Joined: Sat Aug 15, 2020 10:10 am

Re: v7.10rc is released!

Fri Jun 02, 2023 12:48 am

Other management tools works just fine. Maybe you should contact Librenms for adjustments. In my opinion MT is not at fault here,
Who is talking about “fault”? We are talking about a Release Candidate, which is, hence the name, not yet released and therefore open for suggestions/feature requests/adjustments.

The bgpLocalAs is implemented by any other brand, so therefore, in my opinion, it would logical to ask Mikrotik to implement this value ;) especially when it’s not yet released as stable ;)
 
kalamaja
Member Candidate
Member Candidate
Posts: 114
Joined: Wed May 23, 2018 3:13 pm

Re: v7.10rc is released!

Fri Jun 02, 2023 6:53 am

Generally 7.10rc1 has been more stable on AX3, WPA3 disabled: no reboots and WiFi needing reboot. BUT found that the same wifi problem still there: at some point all clients are dropped out and cannot connect with wrong password message.
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Fri Jun 02, 2023 7:25 am

Hi, send supout to Mikrotik.
 
EdPa
MikroTik Support
MikroTik Support
Topic Author
Posts: 328
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

Re: v7.10rc is released!

Fri Jun 02, 2023 2:29 pm

What's new in 7.10rc3 (2023-Jun-02 09:43):

!) route - added BFD;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) winbox - added "MPLS/Settings" menu;
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Fri Jun 02, 2023 2:36 pm

Unfortunately no fix for WiFi :/
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6697
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: v7.10rc is released!

Fri Jun 02, 2023 2:42 pm

We are working (researching) this particular issue.
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.10rc is released!

Fri Jun 02, 2023 3:20 pm

What's new in 7.10rc3 (2023-Jun-02 09:43):

!) route - added BFD;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) winbox - added "MPLS/Settings" menu;
Why SUP-117980 Broken PKI in 7.10rc1 Closed with resolution Done?

IKEv2 7.9.2 <> 7.10rc3
1.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.10rc is released!

Fri Jun 02, 2023 3:38 pm

What's new in 7.10rc3 (2023-Jun-02 09:43):

!) route - added BFD;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) winbox - added "MPLS/Settings" menu;
Why SUP-117980 Broken PKI in 7.10rc1 Closed with resolution Done?

IKEv2 7.9.2 <> 7.10rc3

1.png

Closing tickets of customers for what? For internal capitalizm KPI or something?


7.10rc3 with broken PKI (again).


7.9.2

/certificate/add name="r1-ca" common-name="r1-ca" subject-alt-name="email:r1-ca" key-size=prime256v1 key-usage=key-cert-sign,crl-sign
:do {/certificate/sign [find name=r1-ca] name=r1-ca} on-error={:delay 2}
/certificate/add name="r1" common-name="192.168.2.18" subject-alt-name="IP:192.168.2.18" key-size=prime256v1 key-usage=digital-signature,content-commitment,key-encipherment,key-agreement,tls-server
:do {/certificate/sign [find name=r1] ca=r1-ca name=r1} on-error={:delay 2}
/certificate/add name="r1-r2" common-name="r1-r2" subject-alt-name="email:r1-r2" key-size=prime256v1 key-usage=digital-signature,key-encipherment,data-encipherment,key-agreement,tls-client
:do {/certificate/sign [find name=r1-r2] ca=r1-ca name=r1-r2} on-error={:delay 2}
:delay 2
/certificate/export-certificate r1-ca file-name=r1-ca
/certificate/export-certificate r1 file-name=r1
/certificate/export-certificate r1-r2 file-name=r1-r2 type=pkcs12 export-passphrase=passphrase
/ip/pool/add name=r1-r2 ranges=192.168.99.2
/ip/ipsec/mode-config/add address-pool=r1-r2 address-prefix-length=32 name=r1-r2 split-include=0.0.0.0/0 system-dns=no
/ip/ipsec/policy/group/add name=group1
/ip/ipsec/profile/add dh-group=ecp256 enc-algorithm=aes-256 hash-algorithm=sha256 name=profile1 prf-algorithm=sha256 proposal-check=strict
/ip/ipsec/peer/add exchange-mode=ike2 local-address=192.168.2.18 name=peer1 passive=yes profile=profile1
/ip/ipsec/proposal/add auth-algorithms="" enc-algorithms=aes-256-gcm lifetime=8h name=proposal1 pfs-group=ecp256
/ip/ipsec/identity/add auth-method=digital-signature certificate=r1 generate-policy=port-strict match-by=certificate mode-config=r1-r2 peer=peer1 policy-template-group=group1 remote-certificate=r1-r2
/ip/ipsec/policy/add dst-address=192.168.99.0/24 group=group1 proposal=proposal1 src-address=0.0.0.0/0 template=yes

7.10rc3

/certificate/import file-name="r1-ca.crt" name="r1-ca" passphrase=""
/certificate/import file-name="r1.crt" name="r1" passphrase=""
/certificate/import file-name="r1-r2.p12" name="r1-r2" passphrase="passphrase"
/ip/ipsec/mode-config/add name=cfg1 responder=no
/ip/ipsec/policy/group/add name=group1
/ip/ipsec/profile/add dh-group=ecp256 enc-algorithm=aes-256 hash-algorithm=sha256 name=profile1 prf-algorithm=sha256 proposal-check=strict
/ip/ipsec/peer/add address=192.168.2.18/32 exchange-mode=ike2 name=peer1 profile=profile1
/ip/ipsec/proposal/add auth-algorithms="" enc-algorithms=aes-256-gcm lifetime=8h name=proposal1 pfs-group=ecp256
/ip/ipsec/identity/add auth-method=digital-signature certificate=r1-r2 generate-policy=port-strict match-by=certificate mode-config=cfg1 my-id=dn peer=peer1 policy-template-group=group1 remote-certificate=r1
/ip/ipsec/policy/add dst-address=0.0.0.0/0 group=group1 proposal=proposal1 src-address=0.0.0.0/0 template=yes

Maybe just drop MT products and switch to pure Strongswan (FINALLY).

1.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26815
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.10rc is released!

Fri Jun 02, 2023 4:14 pm

This fix was made after the release was made. Check your timings please
 
volkirik
Member Candidate
Member Candidate
Posts: 212
Joined: Sat Jul 23, 2016 2:03 pm

Re: v7.10rc is released!

Fri Jun 02, 2023 5:41 pm

wifi seems running on RouterOS, no error/warn log in system log, SSID is invisible. lots of disconnects.

Please fix wifi, thanks.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6273
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.10rc is released!

Fri Jun 02, 2023 8:29 pm

A tricky one ...

100% reproducible (observed on 3 devices):

cAP AX out of the box with 7.8
Enter device with passwd from label
Reset passwd
Upgrade version to 7.10rc3 (@rex, don't start, I have my reasons)
After reboot no way to get in again.
Not with new passwd
Not with default passwd from label
Not with blank passwd.

Netinstall device to same version 7.10rc3, with option reset to default config (or it will not work)
Enter with default passwd from label
Reset passwd
log out / log in / reset to CAPS keeping user config / whatever ...: new passwd is each time accepted as expected.

It looks like moving from 7.8 to 7.10rc3 is not recommended on this device.
Yesterday I did some others towards 7.10rc1, no problems there.

I will netinstall the remaining 3 I have to do before finishing setup for those devices.

Supout doesn't make sense since I can not get in.
Ticket created: SUP-118196
 
nannou9
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Tue Nov 10, 2020 9:56 pm

Re: v7.10rc is released!

Fri Jun 02, 2023 11:01 pm

Still issue on rb4011 with rc3 with vlan and bridge hw offloading.
Created SUP-118205 with supout file.
Will post updates if I get any response.
Last edited by nannou9 on Sat Jun 03, 2023 6:12 pm, edited 1 time in total.
 
dragoalato1988
just joined
Posts: 7
Joined: Sun Aug 29, 2010 2:06 pm

Re: v7.10rc is released!

Fri Jun 02, 2023 11:38 pm

Welldone...
*) console - improved stability when using command completion;
*) mpls - added FastPath support;
Hi, could you explain the working of *) mpls - added FastPath support; and how to implement it?
 
User avatar
clambert
Member Candidate
Member Candidate
Posts: 160
Joined: Wed Jun 12, 2019 5:04 am

Re: v7.10rc is released!

Sat Jun 03, 2023 4:51 am

MPLS FastPath feature Is enabled by default, but only works for switched traffic.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2171
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v7.10rc is released!

Sat Jun 03, 2023 8:15 am

MPLS FastPath feature Is enabled by default, but only works for switched traffic.
So sad :(
 
pe1chl
Forum Guru
Forum Guru
Posts: 10505
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.10rc is released!

Sat Jun 03, 2023 11:58 am

Still issue on rb4011 with rc3 with vlan and l3hw
RB4011 and L3HW ??? What???
 
wgjhonathan
just joined
Posts: 3
Joined: Sat Jul 21, 2018 12:03 am

Re: v7.10rc is released! GPIO

Sat Jun 03, 2023 9:04 pm

Steps to reproduce the scripts error on a RB924i-2nD-BT5&BG77

1-Open winbox.
2-Open New Terminal.
3-Write a RouterOS script and place the following code:
/iot gpio digital
set pin5 script=":global scriptRunning; :global pulse;\
:if (\$scriptRunning!=true) do={\
:set \$scriptRunning true;\
:set \$pulse (\$pulse+1);\
:log info message=(\"GPIO pulse No. \".\$pulse);\
:delay 1s;\
:set \$scriptRunning false;\
}"
4-Push the pulsator on GPIO Pin5.
5-The script above will create an log entry on each pulse:
15:32:22 script,info GPIO pulse No. 1
15:38:01 script,info GPIO pulse No. 2
15:43:38 script,info GPIO pulse No. 3
15:49:15 script,info GPIO pulse No. 4
15:54:51 script,info GPIO pulse No. 5
16:00:27 script,info GPIO pulse No. 6..........
6-Reboot the Router or unplug the power supply.
7-Push the pulsator on GPIO Pin5, the script does´n work any more.

This happens since V7.9
You do not have the required permissions to view the files attached to this post.
Last edited by wgjhonathan on Sun Jun 04, 2023 7:44 pm, edited 2 times in total.
 
wgjhonathan
just joined
Posts: 3
Joined: Sat Jul 21, 2018 12:03 am

Re: v7.10rc is released! Modbus

Sat Jun 03, 2023 9:12 pm

About Modbus, we are hope in your next release you will include the function 4 Read Input Registers
Last edited by wgjhonathan on Mon Jun 05, 2023 8:31 pm, edited 1 time in total.
 
jsadler
just joined
Posts: 5
Joined: Tue Sep 18, 2018 1:10 pm
Location: New Zealand

Re: v7.10rc is released! - OVPN Server disconnects with TLS issue at 1 Hr of Connection Time (Mikrotik Clients)

Sun Jun 04, 2023 8:19 pm

Have an issue with OVPN server on 7.10RC3 (and also 7.9.2) where Mikrotik Clients disconnect after exactly 1 hour of connected time. Not every connected client disconnects - we have approx 200 clients connected to one OVPN server, about 120 of them will drop off at the 1 hour connected mark. With the server side on ROS 6 there is no issue and clients will remain connected for several months without issue, but any recent release of ROS 7 on the server side has this issue. Clients on ROS7 work fine if it is a ROS6 server. Client end logs "terminating... - TLS failed" and then immediately reconnects OK. Server side logs "<ip-address>: disconnected <TLS error: std failure: unknown id (4)>". I had read elsewhere that ovpn TLS issues were fixed in 7.10rc3 but it appears not.

UPDATE: I found a workaround, if you increase the 'reneg-sec=' (Key Renegotiate) value which defaults to 3600sec (1 hour) this stops the clients disconnecting every hour. I'm not sure yet if this will cause any other impacts. I guess that there is some problem with key renegotiation.
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.10rc is released!

Mon Jun 05, 2023 6:46 pm

prefix count still goes crazy in 7.10rc3 about ipv6 sessions: prefix-count=4294965894
 
BelWaveNOC
just joined
Posts: 1
Joined: Thu Mar 18, 2021 6:40 pm

Re: v7.10rc is released!

Tue Jun 06, 2023 12:08 am

BFD for OSPF does not appear to actually run within the vrf. I opened SUP-117843

1 I ;;; BFD forbidden for interface
multihop=no vrf=main remote-address=172.16.0.162%vlan3020
local-address=172.16.0.161%vlan3020@vrf1 desired-tx-interval=0ms
required-min-rx=0ms multiplier=0
You need to allow BFD on the required interfaces, like "/routing bfd configuration add forbid-bfd=no interfaces=LAN".
I just enabled BFD for OSPF (v2 and v3) and it simply works :)
This was posted for beta5, SUP-117843 was supposed to be corrected in rc1. I so however still have an issue with rc3 where each side is TX'ing BFD packet on the VRF interface, but none are being RX'd. BFD on the main VRF is however working just fine.

/routing bfd configuration
add address-list=BFD disabled=no forbid-bfd=no vrf=vrf1
add disabled=no forbid-bfd=no interfaces="vlan3028 SiteA to SiteB" vrf=vrf1
add disabled=no forbid-bfd=no interfaces=Client vrf=vrf1
add disabled=no forbid-bfd=no interfaces=BelWave

/routing ospf interface-template
add area=client-backbone auth-id=1 auth-key="" dead-interval=15s disabled=no \
hello-interval=5s interfaces="vlan3028 SiteA to SiteB" priority=1 \
retransmit-interval=2s type=ptp use-bfd=yes

/routing ospf instance
add disabled=no in-filter-chain=ospf-in name=default-v2 out-filter-chain=ospf-out redistribute=\
connected,static router-id=belwave-id
add disabled=no name=client redistribute=connected router-id=client-id vrf=vrf1

/routing ospf area
add disabled=no instance=default-v2 name=backbone-v2
add disabled=no instance=client name=client-backbone

[] /routing/bfd/session> pr
Flags: U - up, I - inactive
0 multihop=no vrf=vrf1 remote-address=172.16.0.226%vlan3028 SiteA to SiteB@vrf1
local-address=172.16.0.225%vlan3028 SiteA to SiteB@vrf1 state=down state-changes=0
desired-tx-interval=200ms required-min-rx=200ms remote-min-rx=1us multiplier=5 packets-rx=0
packets-tx=4452
 
lluu131
just joined
Posts: 14
Joined: Sun Jan 15, 2023 9:18 am

Re: v7.10rc is released!

Wed Jun 07, 2023 7:55 am

I have upgraded 10 arm devices to rc3 and everything is working fine now, looking forward to the release
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1379
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.10rc is released!

Wed Jun 07, 2023 8:25 am

still RR need improvement , it seems that is not advertising the routes in the main table (i'm not expecting to ping)
 
EdPa
MikroTik Support
MikroTik Support
Topic Author
Posts: 328
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

Re: v7.10rc is released!

Wed Jun 07, 2023 10:12 am

What's new in 7.10rc4 (2023-Jun-06 11:34):

*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Wed Jun 07, 2023 11:02 am

Hi, thank you..only small fixes so it looks like we are close to stable :)
 
holvoetn
Forum Guru
Forum Guru
Posts: 6273
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.10rc is released!

Wed Jun 07, 2023 11:24 am

Not unless all wifi changes which are in the 7.10alpha237 (or so) which has been floating around for some users are also included in this version ?
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Wed Jun 07, 2023 12:09 pm

Im not software engineer but the development should be like this..... pre-alpha, alpha, beta, release candidate and stable version. So if you are testing any alpha with wifi fixes they should be already all in RC.
 
erlinden
Forum Guru
Forum Guru
Posts: 2463
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: v7.10rc is released!

Wed Jun 07, 2023 12:49 pm

I think ity should be the other way around, @Rox169. Alpha -> Beta -> RC -> Stable ->LTS
So if test are okay, any improvement will go first from Alpha then Beta, etc.
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Wed Jun 07, 2023 1:07 pm

thats what I wrote...
 
erlinden
Forum Guru
Forum Guru
Posts: 2463
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: v7.10rc is released!

Wed Jun 07, 2023 1:40 pm

thats what I wrote...
Then I misinterpretted the "So if you are testing any alpha with wifi fixes they should be already all in RC."
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12568
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.10rc is released!

Wed Jun 07, 2023 2:14 pm

I wouldn't bet my money on alpha numbering and sequencing. It could well be that alpha237 contains some code which won't go into beta or RC or release. It could simply mean that there wasn't fork of 7.11alpha from 7.10 code base yet. One could think of alpha releases as "nightly builds" while beta (and subsequent releases) contains only changes which were already "signed off" ...
 
Simonej
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Sun Aug 22, 2021 3:34 am

Re: v7.10rc is released!

Wed Jun 07, 2023 3:10 pm

Related to the @holvoetn question, it would be nice to receive a clear statement about the Wi-Fi issues.

About my specific case, I'm using AC devices updated to v7.10rc3 and still affected by those issues:
- ...rejected, can't find PMKSA.
- ...rejected, FT: PMKID in Reassoc Req did not match with the PMKR1Name derived from auth request.

Did you see something like this in your logs?
Are those issues addressed in any alpha release?

(Ticket already opened with support)
Thanks for all your extra efforts MT Staff!
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Wed Jun 07, 2023 6:05 pm

You will see the statement in log. At the moment downgrade to 7.8
 
nannou9
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Tue Nov 10, 2020 9:56 pm

Re: v7.10rc is released!

Thu Jun 08, 2023 12:42 am

Still issue on rb4011 with rc3 with vlan and bridge hw offloading.
Created SUP-118205 with supout file.
Will post updates if I get any response.
Got response from support team.
My issue was that my bridge interface had pvid set to the same value as vlan id.
As soon as I reset it to default 1, all started working.
This was working on pre 7.8, but was told that it is not fully correct.
Can’t claim to understand however why it is not right.
Anyway, problem solved on my rb4011.
Massive thanks to MikroTik Support team for coming back to me so quickly.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12568
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.10rc is released!

Thu Jun 08, 2023 8:22 am

My issue was that my bridge interface had pvid set to the same value as vlan id.
...
Can’t claim to understand however why it is not right.

Without seeing exact config that caused you problems we can only guess. But my guess: if any bridge interface (including bridge interface) has pvid set (and frame-types is not set to admit-only-vlan-tagged), then it's automatically added as untagged member of that VLAN (under /interface/bridge/vlan). If the same interface is set as tagged member of same VLAN (under /interface/bridge/vlan), then the interface is tagged and untagged (for egress) at the same time and I guess there can be some not very well defined behaviour there (which, in turn, may have changed between two ROS versions) and it pretty much depends on how ROS configures hardware (in case of RB4011 this means the two switch chips). For bridge interface egress in this context means from hardware towards ROS processes ... Since it's not possible to unset pvid property on bridge interfaces, there are two possibilities: either set pvid to some otherwise unused value (but then there still can be some unexpected behaviour when certain conditions are met) or set property vlan-filtering properly (and ingress-filtering as well).
 
User avatar
ErfanDL
Member
Member
Posts: 366
Joined: Thu Sep 29, 2016 9:13 am

Re: v7.10rc is released!

Thu Jun 08, 2023 8:39 am

after update to 7.10rc4 the ntp client not working !

update:
Sorry, the problem was with the ISP
Last edited by ErfanDL on Thu Jun 08, 2023 9:47 am, edited 1 time in total.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6273
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.10rc is released!

Thu Jun 08, 2023 8:44 am

after update to 7.10rc4 the ntp client not working !
Not true.
It's working just fine on 3 of my devices.

Example on AX Lite
[xyz@AXLite] /system/ntp/client> print
enabled: yes
mode: unicast
servers: be.pool.ntp.org
vrf: main
freq-drift: 0 PPM
status: synchronized
synced-server: be.pool.ntp.org
synced-stratum: 2
system-offset: 70.003 ms
 
erlinden
Forum Guru
Forum Guru
Posts: 2463
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: v7.10rc is released!

Thu Jun 08, 2023 9:44 am

after update to 7.10rc4 the ntp client not working !
Can you at least show what is not working for you?
Anything in the logging?

/system/ntp/client> print
 
User avatar
ErfanDL
Member
Member
Posts: 366
Joined: Thu Sep 29, 2016 9:13 am

Re: v7.10rc is released!

Thu Jun 08, 2023 9:47 am

Sorry, the problem was with the ISP
 
chiem
newbie
Posts: 42
Joined: Fri Oct 24, 2014 4:48 pm

Re: v7.10rc is released!

Thu Jun 08, 2023 3:31 pm

Any word on the "invalid mtu #### on <interface> from <mac>" warnings that was reported by w0lt in the 7.9 beta thread and myself and others in the 7.9 release thread?

It's still in 7.9.2 and I see nothing in these logs about it.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10505
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.10rc is released!

Thu Jun 08, 2023 4:07 pm

That in fact is also a "problem with the ISP"...
 
daaf
just joined
Posts: 11
Joined: Sun Jan 12, 2020 4:39 am

Re: v7.10rc is released!

Thu Jun 08, 2023 4:37 pm

The symptoms of the global variables now appear again in an hAP ax3, something is not being done right in the RouterOS code, they reintroduce bugs that were solved at least in the RB750Gr3.

viewtopic.php?p=944663#p944663
 
chiem
newbie
Posts: 42
Joined: Fri Oct 24, 2014 4:48 pm

Re: v7.10rc is released!

Thu Jun 08, 2023 4:54 pm

That in fact is also a "problem with the ISP"...
Image
 
pe1chl
Forum Guru
Forum Guru
Posts: 10505
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.10rc is released!

Thu Jun 08, 2023 5:35 pm

The symptoms of the global variables now appear again in an hAP ax3, something is not being done right in the RouterOS code, they reintroduce bugs that were solved at least in the RB750Gr3.
Most RouterOS code is not dependent on the device it is running on.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12438
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.10rc is released!

Thu Jun 08, 2023 5:39 pm

but the disappear problem happen only on arm devices....
 
User avatar
pants6000
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Fri Sep 26, 2014 5:30 am

Re: v7.10rc is released! - OVPN Server disconnects with TLS issue at 1 Hr of Connection Time (Mikrotik Clients)

Thu Jun 08, 2023 5:46 pm

jsadler, have you tried setting reneg-sec to 0?

Have an issue with OVPN server on 7.10RC3 (and also 7.9.2) where Mikrotik Clients disconnect after exactly 1 hour of connected time...
 
troffasky
Member
Member
Posts: 436
Joined: Wed Mar 26, 2014 4:37 pm

Re: v7.10rc is released!

Thu Jun 08, 2023 8:02 pm

*) w60g - improved interface stability for PTMP setups;
Not helping me, unfortunately. autosupout.rif sent to support....
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Fri Jun 09, 2023 8:44 am

Hi,

I had another situation on 7.10rc4. I was connecter to AX3 with my phone OnePlus9 and suddendly I was disconected and I cound not connect to WiFi. I tried to connect with laptop and no way how to connect WiFi. I had to reboot AX3 and everythings works fine again. MT please release fix asap otherwise my family will kill me :/
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1650
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.10rc is released!

Fri Jun 09, 2023 8:53 am

We are aware of the issue with AX Wireless becoming unavailable/inaccessible at some point. Believe it or not, we can not reproduce this locally at the moment in order to fix the issue. At the moment our assumption is that some specific traffic or client must be present in the network in order to trigger the problem. We are constantly working with clients through support@mikrotik.com in order to find the root cause for this or these issues. The fact that the nature of the issue is the same or similar does not necessarily mean that all of these problems listed in the forum are "the same problems". The same rules apply also not just to wireless, but also to everything else. Service becoming unavailable can be the result of many different or the same issue. But without debugging it is not useful and reasonable to assume that all the issues are related without any common ground figured out first.

We are doing our best in order to solve this and the issue is treated seriously. If you have useful information, then please feel free to write to support@mikrotik.com Meanwhile please keep the RouterOS release versions related to the particular release, not to the issues that were there already before this or any other release.
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Fri Jun 09, 2023 9:06 am

OK, thank you for info and your work..
 
pe1chl
Forum Guru
Forum Guru
Posts: 10505
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.10rc is released!

Fri Jun 09, 2023 10:46 am

It can be tricky to debug. In this case apparently the WiFi interface becomes unresponsive. With newest firmware on the competitor's devices we see infrequent kernel crashes. As they make the "oops" output available to the user (including stack backtrace), we can see that it is happening in buffer allocation or freeing.
That will be tough as well. Probably corruption of the memory. It was OK before but went bad after some upgrade, it can be running for two weeks and then crash.
You are right, it could be dependent on a certain type of device, a certain kind of traffic, some sequence, etc. Every new beta release it appears to be more stable, and at first I think they solve it, but then again one of them crashes (we have a lot of these).
 
EdPa
MikroTik Support
MikroTik Support
Topic Author
Posts: 328
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

Re: v7.10rc is released!

Fri Jun 09, 2023 11:34 am

What's new in 7.10rc5 (2023-Jun-08 14:48):

*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Fri Jun 09, 2023 12:11 pm

This is fix for already fixed bug :) almost non changes so stable is around corner :)
 
ToTheFull
Member
Member
Posts: 396
Joined: Fri Mar 24, 2023 3:24 pm

Re: v7.10rc is released!

Fri Jun 09, 2023 12:53 pm

Much better Thankyou
hAP ax2
You do not have the required permissions to view the files attached to this post.
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Fri Jun 09, 2023 12:57 pm

what is much better?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10505
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.10rc is released!

Fri Jun 09, 2023 2:46 pm

Anyone with experience with these versions on the CCR1009 or other CCR10xx devices?
Before, I read about general instability on TILE so before taking the plunge (I have tested on CHR) it is good to know...
 
gtj0
just joined
Posts: 15
Joined: Wed Sep 23, 2020 8:08 pm

Re: v7.10rc is released!

Fri Jun 09, 2023 4:04 pm

Anyone with experience with these versions on the CCR1009 or other CCR10xx devices?
I've been keeping at least 1 CCR1009v1 up to date with the testing/dev releases (now 7.10rc4). Although I don't do ipsec or advanced routing, everything else seems to be on par with the other architectures.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10505
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.10rc is released!

Fri Jun 09, 2023 4:14 pm

Ok thanks! I'm preparing to run a CCR1009 on v7.10 once it is released as "stable". Of course it is partitioned so I can switch back when required.
I already prepared the 6.49 config (I know some snags in BGP config) and imported it in a CHR and upgraded that, and the result does not look bad.
I'm also running v7.10 beta on a RB4011 with similar config, including BFD, and it seems stable.
 
User avatar
npeca75
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Aug 03, 2017 3:12 pm

Re: v7.10rc is released!

Fri Jun 09, 2023 10:21 pm

Looks like Mikrotik staff really does not like wireguard & IPv6

CHR, rc5

wg peer (fdff:255::2) is pingable from router (fdff:255::1)
wg network is unreachable behind wg peer (fd00:2:1::1)
same config work in v7.9.2
peca@eleservice-mkt] > ping fdff:255::2
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                                                                       
    0 fdff:255::2                                56  64 7ms408us   echo reply                                                                                                   
    1 fdff:255::2                                56  64 7ms567us   echo reply                                                                                                   
    2 fdff:255::2                                56  64 7ms440us   echo reply
    
peca@eleservice-mkt] > ping fd00:2:1::1
  SEQ HOST                                     SIZE TTL TIME       STATUS                                                                                                       
    0 fdff:255::1                               104  64 165us      address unreachable                                                                                          
    1 fdff:255::1                               104  64 164us      address unreachable                                                                                          
    2 fdff:255::1                               104  64 351us      address unreachable                                                                                          
    sent=3 received=0 packet-loss=100% 
    
[peca@eleservice-mkt] /interface/wireguard/peers> export verbose 
    add allowed-address=fdff:255::2/128,fd00:2::/32,169.254.255.202/32,169.254.2.0/24 comment="202 - Soada" disabled=no endpoint-address=XXXXXXXXX endpoint-port=8000 \
    interface="wg: Mgmn (NMS)" persistent-keepalive=15s public-key="XXXXXXXXXXXXXXXXXXXXXXX="

/ipv6 route
add disabled=no distance=1 dst-address=fd00:2::/32 gateway=fdff:255::2 routing-table=main scope=30 target-scope=10

IPv4 work as expected, IPv6 does not
as i said, v7.9.2 running OK
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.10rc is released!

Sat Jun 10, 2023 3:54 am

When you will fix bgp advertisement?

Thx
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.10rc is released!

Sat Jun 10, 2023 8:36 am

When you will fix bgp advertisement?

Thx
may you explain the issue you experience about bgp advertisement?
I have just a delay in advertisement, delay that icrease over time.
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.10rc is released!

Sun Jun 11, 2023 4:18 am

When you will fix bgp advertisement?

Thx
may you explain the issue you experience about bgp advertisement?
I have just a delay in advertisement, delay that icrease over time.
This command missing in v7 /routing/bgp/advertisements print
 
pe1chl
Forum Guru
Forum Guru
Posts: 10505
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.10rc is released!

Sun Jun 11, 2023 7:34 pm

You will have to understand that v7 bgp is different from v6 bgp, many commands are different and some things are no longer there.
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.10rc is released!

Mon Jun 12, 2023 5:16 am

You will have to understand that v7 bgp is different from v6 bgp, many commands are different and some things are no longer there.
So could u tech me or maybe us how?

Thx
 
holvoetn
Forum Guru
Forum Guru
Posts: 6273
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.10rc is released!

Mon Jun 12, 2023 7:31 am

 
uCZBpmK6pwoZg7LR
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Mon Jun 15, 2015 12:23 pm

Re: v7.10rc is released!

Mon Jun 12, 2023 11:54 am

any chance to fix MPLS packets which does not follow packet flow diagram in case if destination ip is interface ip address member of VRF ( ie input interface unknown isue)?
 
Ikk
just joined
Posts: 1
Joined: Fri Nov 19, 2010 3:47 pm

Re: v7.10rc is released!

Mon Jun 12, 2023 2:49 pm

*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);

Hello, could you please be more specific about what changes were made to the firmware of the LoRaWAN gateway (for R11e-LoRa8).
Thank you for your response.
 
fs0c13ty
just joined
Posts: 18
Joined: Fri Jun 09, 2017 8:33 am

Re: v7.10rc is released!

Mon Jun 12, 2023 5:37 pm

there is a missing "-->" in side the status.html.

original status.html contains the following comment section at the end of the form but comment blocks signs are not balanced.

<!-- user manager link. if user manager resides on other router, replace $(hostname) by its address
<button onclick="document.location='http://$(hostname)/user?subs='; return false;">status</button>
<!-- end of user manager link -->
 
apyka
just joined
Posts: 2
Joined: Thu May 18, 2023 6:41 pm

Re: v7.10rc is released!

Mon Jun 12, 2023 6:59 pm

hAP ax^3, 2.4GHz network wifi2 (physical interface) set to 2437MHz channel. Created two vitrual networks wifi3 and wifi4, where master is wifi2. All in status shows channel 2437/ax (well!) but on the main summary table, the freq. is different - 2412MHz which is not true!
rc5.png
You do not have the required permissions to view the files attached to this post.
 
patrick7
Member
Member
Posts: 351
Joined: Sat Jul 20, 2013 2:40 pm

Re: v7.10rc is released!

Mon Jun 12, 2023 8:40 pm

Please revert to the old WebFig Style or at least give the user the choice.

- The new one is confusing
- Everything needs more clicks.
- Traffic stats now have the size of a stamp
- There is no (really, 0) advantage
- The width of columns is not saved which is annoying.

I'm using it on a 24" screen, not on the smartwatch. Please urgently revert.
Mikrotik New UI.png
traffic stats.png
confusing mikrotik.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
spippan
Member
Member
Posts: 449
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.10rc is released!

Mon Jun 12, 2023 9:57 pm

Please revert to the old WebFig Style or at least give the user the choice.

- The new one is confusing
- Everything needs more clicks.
- Traffic stats now have the size of a stamp
- There is no (really, 0) advantage
- The width of columns is not saved which is annoying.

I'm using it on a 24" screen, not on the smartwatch. Please urgently revert.

Mikrotik New UI.png

traffic stats.png

confusing mikrotik.png
fornthe last Screenshot with the "???".... that is the negate checkbox to invert the match
 
patrick7
Member
Member
Posts: 351
Joined: Sat Jul 20, 2013 2:40 pm

Re: v7.10rc is released!

Mon Jun 12, 2023 11:44 pm

I know, but it makes no sense at this place and has zero description.
 
codelogic
just joined
Posts: 15
Joined: Fri Dec 20, 2019 2:18 am

Re: v7.10rc is released!

Tue Jun 13, 2023 4:41 am

Please revert to the old WebFig Style or at least give the user the choice.

- The new one is confusing
- Everything needs more clicks.
- Traffic stats now have the size of a stamp
- There is no (really, 0) advantage
- The width of columns is not saved which is annoying.
I agree 100%
viewtopic.php?p=1004463#p1004463

Unfortunately as someone else said this is RC and they are unlikely to back out such a large change from an RC before release.

I trust there must be some good reason they are making such changes, as I, like you, fail to see any tangible benefit. I posed a general question to anyone to explain the changes in my linked previous post and of course there is no information forthcoming. What is the benefit of changing webfig in this manner? Is it supposed to be easier to use or understand? It's definitely not.
 
User avatar
sirbryan
Member
Member
Posts: 373
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.10rc is released!

Tue Jun 13, 2023 5:55 am

Please revert to the old WebFig Style or at least give the user the choice.

- The new one is confusing
- Everything needs more clicks.
- Traffic stats now have the size of a stamp
- There is no (really, 0) advantage
- The width of columns is not saved which is annoying.
I agree 100%
I trust there must be some good reason they are making such changes, as I, like you, fail to see any tangible benefit. I posed a general question to anyone to explain the changes in my linked previous post and of course there is no information forthcoming. What is the benefit of changing webfig in this manner? Is it supposed to be easier to use or understand? It's definitely not.
Also also, to all of the above.

Furthermore, on 60GHz, if I want to see the settings or the status, I have to click on all those sections every time I go back and forth to the page (or refresh it), and with the newer releases (4,5), the stats no longer update in realtime.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3334
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.10rc is released!

Tue Jun 13, 2023 8:08 am

fornthe last Screenshot with the "???".... that is the negate checkbox to invert the match
That would everyone clearly see 😁
 
pe1chl
Forum Guru
Forum Guru
Posts: 10505
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.10rc is released!

Tue Jun 13, 2023 10:18 am

Well, when you click it it does not show a checkmark but an exclamation mark. That indicates "not".
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3334
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.10rc is released!

Tue Jun 13, 2023 2:36 pm

Then you have to click it to see that its a not. Problem is the position of the not.
In firewall rules, not are in front of all places it can be selected. Like this:
.
not.png
To make it more easy to see, it should have used color, some like this:
.
not_color.png
You do not have the required permissions to view the files attached to this post.
 
erlinden
Forum Guru
Forum Guru
Posts: 2463
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: v7.10rc is released!

Tue Jun 13, 2023 2:48 pm

To make it more easy to see, it should have used color, some like this:
Especially for people who are color blind.. ;-)
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12568
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.10rc is released!

Tue Jun 13, 2023 2:57 pm

To make it more easy to see, it should have used color, some like this:
Especially for people who are color blind.. ;-)
For color blind it won't make any difference. For the rest (I'm estimating to cover at least 99% of MT admins) would make quite some difference.
 
erlinden
Forum Guru
Forum Guru
Posts: 2463
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: v7.10rc is released!

Tue Jun 13, 2023 3:41 pm

Ok, missed the exclemation mark in red...black on red is far from ideal...
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12568
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.10rc is released!

Tue Jun 13, 2023 3:53 pm

When designing colourful UI it's sensible to verify the accessibility aspect of it ... and I'm sure some experts could come up with a good combination of coloured backgrounds and character colours that would work for both "normal" and colour-blind people. The only hard thing is for project management to actually think of this requirement.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10505
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.10rc is released!

Tue Jun 13, 2023 4:20 pm

Then you have to click it to see that its a not. Problem is the position of the not.
In firewall rules, not are in front of all places it can be selected. Like this:
Well, when use winbox, a firewall rule and open the "connection state" matcher, there also is a single "not" box that is unmarked and applies to all the others.
It seems that it is mainly the layout (different checkmarks not all on one line) that is different.
The "what is this for???" remains the same.
 
DarkNate
Forum Guru
Forum Guru
Posts: 1065
Joined: Fri Jun 26, 2020 4:37 pm

Re: v7.10rc is released!

Wed Jun 14, 2023 11:21 am

The full cone NAT implementation lacks support for TCP on MikroTik, exclusively. Strange implementation, it shouldn't be in an RC or stable release, as it's beta, until it supports TCP as well.
 
EdPa
MikroTik Support
MikroTik Support
Topic Author
Posts: 328
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

Re: v7.10rc is released!

Wed Jun 14, 2023 11:39 am

What's new in 7.10rc6 (2023-Jun-13 10:52):

!) route - added BFD;
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Wed Jun 14, 2023 12:11 pm

It takes time to release 7.10 stable :) I think Mt do not want to release it before WiFi bug is fixed but they can not replicate it in their laboratory :/
 
connectlife
Member Candidate
Member Candidate
Posts: 101
Joined: Tue Sep 01, 2020 10:20 pm

Re: v7.10rc is released!

Wed Jun 14, 2023 12:34 pm

Hi, does this resolve support request SUP-116233 ?
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
Thank you
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Wed Jun 14, 2023 12:47 pm

could you please share with us what is SUP-116233? is it the wifi problem?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12438
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.10rc is released!

Wed Jun 14, 2023 1:45 pm

could you please share with us what is SUP-116233? is it the wifi problem?
and from what would you have deduced that it concerns the wi fi? from the description it seems anything but...
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Wed Jun 14, 2023 1:48 pm

sorry Im idiot :) I saw FT - as fast transitions but there is FastPath. Im blind going to see doctor :)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12438
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.10rc is released!

Wed Jun 14, 2023 1:54 pm

sorry Im idiot :) I saw FT - as fast transitions but there is FastPath. Im blind going to see doctor :)
you wouldn't be the only one wearing eyeglasses ;)
Image
 
connectlife
Member Candidate
Member Candidate
Posts: 101
Joined: Tue Sep 01, 2020 10:20 pm

Re: v7.10rc is released!

Wed Jun 14, 2023 2:20 pm

could you please share with us what is SUP-116233? is it the wifi problem?
Fix this:

viewtopic.php?p=1007009
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.10rc is released!

Wed Jun 14, 2023 7:05 pm

is there any plan to add feature to make mikrotik can resolve ipv6 domain.
example:

ping6 microsoft.com


thx
 
wispmikrotik
Member Candidate
Member Candidate
Posts: 144
Joined: Tue Apr 25, 2017 10:43 am

Re: v7.10rc is released!

Wed Jun 14, 2023 9:22 pm

Hi,

What is the change here?
What's new in 7.10rc6 (2023-Jun-13 10:52):

!) route - added BFD;

What's new in 7.10rc3 (2023-Jun-02 09:43):

!) route - added BFD;
Regards,
 
hagoyi
newbie
Posts: 31
Joined: Wed May 17, 2023 8:36 pm

Re: v7.10rc is released!

Wed Jun 14, 2023 10:14 pm

Think second time they added BFG!
Last edited by BartoszP on Thu Jun 15, 2023 6:05 am, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart. lines of quote, 1 line of post.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1350
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.10rc is released!

Wed Jun 14, 2023 10:20 pm

is there any plan to add feature to make mikrotik can resolve ipv6 domain.
example:
ping6 microsoft.com
thx
It's been over a decade since this topic exists: viewtopic.php?t=47189
Surely it'll be implemented soon.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3334
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.10rc is released!

Wed Jun 14, 2023 10:29 pm

Same with:

7.10beta8 added BFD (CLI only)
7.10rc1 added BFD (CLI only)

Not sure why MT repeat the same stuff in various releases.
But I guess:
!) route - added BFD;
is telling that its also added to gui.

But why two times?
 
felixka
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Mon Oct 19, 2020 4:12 am
Location: Canada

Re: v7.10rc is released!

Wed Jun 14, 2023 11:37 pm

Because so many people have been asking for it for so long, so vehemently. As a result they felt it prudent to add at least four BFD thus far. More to come! Look out for that final release change log.
 
teleport
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Mon Sep 07, 2020 11:51 pm

Re: v7.10rc is released!

Thu Jun 15, 2023 3:28 am

What's new in 7.10rc6 (2023-Jun-13 10:52):

*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
above is not fixed in 7.10rc6. still get same 'authentication failure' when accessing remote SSH host as ssh-exec and 'welcome back' message as ssh.
works fine when tried from linux client
this used to work fine before 7.9 and now has suddenly stopped working.
 
User avatar
sirbryan
Member
Member
Posts: 373
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.10rc is released!

Thu Jun 15, 2023 6:23 am

Same with:

7.10beta8 added BFD (CLI only)
7.10rc1 added BFD (CLI only)

Not sure why MT repeat the same stuff in various releases.
But I guess:
!) route - added BFD;
is telling that its also added to gui.

But why two times?
They added BFD to CLI for BGP first (7.10b8).
Then they added BFD via CLI for OSPF (7.10rc1).
Then they added the BFD submenu, configuration, sessions, and "Use BFD" flag to BGP in Winbox/Webfig (7.10rc3). [During RC4 I reported that it wasn't part of the GUI in Webfig for OSPF.]
Then they added "Use BFD" flag to OSPF in Webfig (7.10rc6).
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1650
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.10rc is released!

Thu Jun 15, 2023 6:29 am

As it has been already for several years, the beta/rc changelog has been written as you would read it from previous stable release (at the moment 7.9.2) point of view. Since between beta/rc releases there have been multiple additional fixes for BFD, the same changelog entry has been repeated.
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.10rc is released!

Thu Jun 15, 2023 7:52 am

I like the changelog in first topic. It is easy to read and it is not confusing. Keep it please.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3334
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.10rc is released!

Thu Jun 15, 2023 8:18 am

Then they added "Use BFD" flag to OSPF in Webfig (7.10rc6).
That is not written in the change log, just:
!) route - added BFD;
Same as in 7.10rc3

Other strange thing. MT clearly stated that RC are just for fixing problems found in beta to make a stable software so they can release it.
Here it seems that they have added new functionality...
 
vecino
just joined
Posts: 7
Joined: Fri Jul 08, 2016 11:59 pm

Re: v7.10rc is released!

Thu Jun 15, 2023 10:06 am

Beware that these units will not boot after the update to 7.10rc6 - a power reset is required. This happened to me with both the AP and all connected clients.

AP: CubeG-5ac60ay-SA
clients: CubeG-5ac60ay
 
msatter
Forum Guru
Forum Guru
Posts: 2936
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v7.10rc is released!

Thu Jun 15, 2023 10:40 am

"!) " could be used to indicate a new functionality and might not be fully developed. "Adding" should be te first step and later you can use "update".

!) added:
^!) update:
<!) retracted:
>!) fixed:
*) = bugfix
-*) = retracted bugfix
+*) = fixed bugfix
 
User avatar
sirbryan
Member
Member
Posts: 373
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.10rc is released!

Thu Jun 15, 2023 11:54 am

Then they added "Use BFD" flag to OSPF in Webfig (7.10rc6).
That is not written in the change log, just:
!) route - added BFD;
Same as in 7.10rc3
I know that, which is why I shared what I noticed in each of those releases where something related to BFD was changed. Whoever updated the changelog just regurgitated the same "route - added BFD" tag for each fix.

As for why they're updating them in RC's, my assumption is that BFD being 100% complete for 7.10 was intended all along, and they may have forgotten/overlooked/rushed some steps in an attempt to get 7.10 out the door. It's not uncommon for developers to kick the small cans down the road and pick them up later if you have a release schedule to follow, despite internal or externally published policies. I get it.

7.10 is a big milestone, and I'm loving what I'm seeing from it so far.
 
User avatar
sirbryan
Member
Member
Posts: 373
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.10rc is released!

Thu Jun 15, 2023 11:56 am

FYI, and also reported via support, the new date/timestamp is off (behind) by one day. With all clocks synced via NTP, the date is showing as yesterday on all devices upgraded to 7.10rcX, both on logs and under System/Clock.
 
EdPa
MikroTik Support
MikroTik Support
Topic Author
Posts: 328
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

Re: v7.10rc is released!

Thu Jun 15, 2023 2:33 pm

RouterOS v7.10 has been released
viewtopic.php?t=197095

Who is online

Users browsing this forum: angelost, K0NCTANT1N and 4 guests