Community discussions

MikroTik App
 
EdPa
MikroTik Support
MikroTik Support
Topic Author
Posts: 340
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

v7.12.1 [stable] is released!

Thu Nov 09, 2023 2:13 pm

RouterOS versions 7.12, 7.12.1 have been released in the "v7 stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

Notice - SFP/QSFP functionality has been refactored for consistent behavior and better scalability. Now, compliance with SFP/SFP+/QSFP MSA standard is mandatory. This may cause issues with SFP/QSFP modules that are not fully compliant. All current MikroTik modules abide this standard.

What's new in 7.12.1 (2023-Nov-17 13:38):

*) defconf - fixed bogus wifi password on certain Audience devices;
*) ipv6 - do not send out IPv6 RA deprecate message for re-used prefix;
*) ospf - fixed LSA Type3 advertisement for OSPFv2;
*) ppc - fixed RouterOS bootup (introduced in v7.12);
*) qsfp - fixed supported rates for breakout cables;
*) winbox - added missing arguments for "MAC Format" under "Wireless/Security Profiles/RADIUS" menu;

What's new in 7.12 (2023-Nov-09 09:45):

!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) health - removed "temperature" health entry from boards, where it was the same as "sfp-temperature";
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) api - fixed fetching objects with warning option from REST API;
*) bfd - fixed sessions when setting VRF;
*) bfd - improved system stability;
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed "input.filter-chain" argument selection in VPN configuration;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - fixed typos and missing spaces in log messages;
*) bgp - implemented IGP metric sending in BGP messages;
*) bgp - improved logging;
*) bgp - increase "hold-time" limit to 65000;
*) bluetooth - added basic support for connecting to BLE peripheral devices;
*) bluetooth - use "g" units when decoding MikroTik beacon acceleration on peripheral devices menu;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - allow to remove issued certificates when CRL is not used;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - fixed certificate auto renewal via SCEP;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - iavf updated driver to 4.9.1 version;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - added "transform" property for ":convert" command;
*) console - display "End-User License Agreement" prompt after configuration reset;
*) console - export required properties with default values;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved multi-argument property parsing into array;
*) console - improved randomness for ":rndstr" and ":rndnum" commands;
*) console - improved stability and responsiveness;
*) console - improved stability when editing long scripts;
*) console - improved stability when using "special-login";
*) console - improved system stability through RoMON session;
*) console - improved system stability when using autocomplete;
*) console - improved system stability;
*) console - restrict permissions to "read,write,reboot,ftp,romon,test" for scripts executed by DHCP, Hotspot, PPP and Traffic-Monitor services;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) email - rename "address" property to "server";
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) flash - show more accurate "total-hdd-space" resource property;
*) gps - expose GPS port for Quectel EM12-G (vendor-id="0x2c7c", device-id="0x0512");
*) ike1 - fixed invalid key length on phase1 negotiation;
*) ike1 - log an error when non-RSA keys are being used;
*) ike2 - improved rekey collision handling;
*) interface - added "macvlan" interface support;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) ipsec - fixed Diffie-Hellman public value encoding size;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipsec - fixed minor typo in logs;
*) ipsec - reduce disk writes when started without active configuration;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) l3hw - fixed IPv6 route suppression;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - prioritize local IP addresses over the respective /32 and /128 routes;
*) led - fixed "interface-status" configuration for virtual interfaces;
*) led - fixed 5G modem mobile network category LED colours;
*) leds - added "dark-mode" functionality for RBwAPG-5HacD2HnD;
*) leds - added "wireless-status" and "wireless-signal-strength" configuration types for wifiwave2 interfaces;
*) log - improved logging for user actions;
*) lora - added LNS protocol support;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - changed R11e-LTE ARP behavior to NoArp;
*) lte - fixed 5G data-class reporting for Chateau 5G;
*) lte - fixed APN authentification in multi APN setup for R11e-LTE6;
*) lte - fixed FG621-EA possible timeouts during firmware upgrade;
*) lte - fixed IPv6 prefix for MBIM modems in multi-apn setup when IPv6 APN used as not first APN;
*) lte - fixed RSSI for FG621-EA modem to show the correct value;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed Sierra modem initialization;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) lte - fixed sub-interface auto-removal in multiple APN setups;
*) lte - show correct data class when connected to 5G SA network;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) mpls - improved FastPath next-hop selection hash algorithm;
*) mqtt - added on-message feature for subscribed topics;
*) mqtt - added parallel-scripts-limit parameter to set maximum allowed number of scripts executed at the same time;
*) mqtt - added wildcard topic subscription support;
*) netinstall - added option to discard branding package;
*) netinstall - display package filename in GUI Description column if package description is not specified;
*) netinstall-cli - added empty configuration option "-e";
*) netinstall-cli - added option to discard branding package;
*) netinstall-cli - allow ".rsc" script filenames;
*) netinstall-cli - prioritise interface option over address option;
*) netinstall-cli - updated configuration option description;
*) netwatch - decreased "thr-tcp-conn-time" maximum limit to 30 seconds;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ospf - fixed OSPFv3 authentication header length calculation;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) ovpn - improved system stability;
*) pimsm - fixed BSR update process;
*) pimsm - fixed UIB update process;
*) pimsm - improved system stability;
*) poe-out - driver optimization for AF/AT controlled boards;
*) poe-out - fixed rare CRS328 poe-out menu and poe-out port config loss after reboot;
*) poe-out - improved "auto" mode for devices with single PoE-out port;
*) poe-out - removed "auto" mode support for L009 devices;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) qsfp - added 50Gbps rate support for QSFP28 interfaces;
*) qsfp - fixed incorrect QSFP temperature readings in negative temperature;
*) qsfp - improved auto link detection for AOC cables;
*) qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - added "single-process" configuration setting, enabled by default on devices with 64MB or less RAM memory;
*) route - added "suppress-hw-offload" setting for IPv6 routes;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) route - reverse community "delete" and "filter" command behavior;
*) routerboard - added "reset-button" support for RB800, RB1100 and RB1100AHx2 devices;
*) routerboard - fixed "reset-button" support for wAP ac and wAP R ac devices;
*) sfp - added 5Gbps rate for SFP+ interface on 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) sfp - fixed occasional bad EEPROM data reading for L009 devices;
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) sfp - improved system stability with certain modules for 98DX224S, 98DX226S, 98DX3236, 98DX8216 and 98DX8208 switch chips;
*) snmp - changed "mtxrGaugeValue" type to integer;
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) ssh - improved connection stability when pasting large chunks of text into console;
*) supout - added interface list members section;
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) switch - improved resource allocation for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) system - fixed process multithreading (introduced in v7.9);
*) system - improved system stability during booting for L009 devices;
*) system - improved system stability when MD5 checksums are used;
*) tftp - fixed empty file name matching;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) traffic-generator - fixed traffic-generator on CHR and x86;
*) usb - added support for RTL8153 USB ethernet on ARM, ARM64 and x86;
*) vrf - limit maximum VRFs to 1024;
*) vxlan - improved system stability for Tile devices;
*) webfig - fixed "Days" property configuration change under "IP/Firewall" menu;
*) webfig - fixed timezone for interface "Last Link Down/Up Time";
*) webfig - improved Webfig performance and responsiveness;
*) webfig - try to re-establish connection after disconnect;
*) wifiwave2 - added an alternative QoS priority assignment mechanism based on IP DSCP;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - added station-bridge interface mode;
*) wifiwave2 - correctly add interface to specified "datapath.interface-list";
*) wifiwave2 - do not show default "l2mtu" on compact export;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) wifiwave2 - fixed PTK renewal for interfaces in station mode;
*) wifiwave2 - fixed re-connection failures for 802.11ax interfaces in station mode;
*) wifiwave2 - fixed sniffer command not receiving any QoS null function frames when using 802.11ax radios;
*) wifiwave2 - fixed untagged VLAN 1 entry when using "vlan-id" setting together with vlan-filtering bridge;
*) wifiwave2 - fixed warning on CAP devices when radar detected;
*) wifiwave2 - implemented an option to transmit IP multicast packets as unicasts;
*) wifiwave2 - improved compliance with regulatory requirements;
*) wifiwave2 - limit L2MTU to 1560 until a fix is available for a bug causing interfaces to fail transmitting larger frames than that;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) wifiwave2 - log more information regarding authentication failures;
*) wifiwave2 - make 4-way handshake procedure more robust when acting as supplicant (client);
*) wifiwave2 - use CAPsMAN's "datapath.vlan-id" on CAP for bridge port "pvid";
*) winbox - added "Addresses" property under "Routing/BFD/Configuration" menu;
*) winbox - added "BUS" property for USB Power Reset button for LtAP-2HnD and CCR1072;
*) winbox - added "Comment" under "Routing/BFD/Configuration" menu;
*) winbox - added "g" flag under "IPv6/Routes" menu;
*) winbox - added "Host Key Type" setting under "IP/SSH" menu;
*) winbox - added "Key Owner" setting under "System/User/SSH Keys" and "System/User/SSH Private Keys" menus;
*) winbox - added "Name Format" property under "WifiWave2/Provisioning" menu;
*) winbox - added "Remote Min Tx" parameter under "Routing/BFD/Session" menu;
*) winbox - added "Startup Delay" setting under "Tools/Netwatch" menu;
*) winbox - added "USB" button under "System/RouterBOARD" menu for LtAP-2HnD;
*) winbox - added "Use BFD" setting under "Routing/RIP/Interface-Template" menu;
*) winbox - added Enable/Disable button under "Routing/RIP/Static Neighbors" menu;
*) winbox - added missing properties under "WifiWave2" menu;
*) winbox - added MQTT subscription menu;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) winbox - allow to specify server as DNS name under "Tools/Email" menu;
*) winbox - changed "MBR Partition Table" checkbox to unchecked by default under "System/Disks/Format-Drive" menu;
*) winbox - do not show "F" flag for disabled entries under "IP/Routes" menu;
*) winbox - fixed "Address" property under "WifiWave2/Remote-CAP" menu;
*) winbox - fixed "Do" property under "Routing/Filters/Select Rule" menu;
*) winbox - fixed "Group Key Update" maximum value under "WifiWave2/Security" menu;
*) winbox - fixed "Range" property under "Routing/Filters/Num Set" menu;
*) winbox - fixed "Switch" menu for CCR2004-16G-2S+;
*) winbox - fixed entry numbering and ordering under "WifiWave2/Provisioning" menu;
*) winbox - fixed minor typos;
*) winbox - improved support for certain properties under "WifiWave2/Interworking Profiles" menu;
*) winbox - rename "DSCP" setting to "DSCP (+ECN)" under "Tools/Traffic-Generator/Packet-Templates" menu;
*) winbox - rename "Name" setting to "List" under "IP,IPv6/Firewall/Address-List" menu;
*) winbox - rename "Password" button to "Change Now" under "System/Password" menu;
*) winbox - show "unknown" value for "FS" property under "System/Disks" menu if the data is not available;
*) wireguard - added "auto" and "none" parameter for "private-key" and "presharde-key" parameters;
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireguard - allow to specify client settings under peer menu which will be included in configuration file and QR code;
*) wireguard - request public or private key to be specified in order to create peer;
*) wireless - added more "radius-mac-format" options (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) www - fixed allowed address setting for REST API users;
*) www - fixed fragmented POST data for SCEP service;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
*) x86 - i40e updated driver to 2.23.17 version;
*) x86 - igb updated driver to 5.14.16 version;
*) x86 - igbvf updated driver from in-tree Linux kernel;
*) x86 - igc updated driver to 5.10.194 version;
*) x86 - ixgbe updated driver to 5.19.6 version;
*) x86 - Realtek r8169 updated driver;
*) x86 - updated latest available pci.ids;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while a router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.
 
kiaunel
Member Candidate
Member Candidate
Posts: 219
Joined: Mon Jul 21, 2014 7:59 pm
Location: Germany

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 2:23 pm

Finally a "stable" release with udp vpn client working....
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21827
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 2:48 pm

Couple of questions
(1) what is "ein-snat" and "ein-dnat" ( searched mt docs and no match ).
(2) CLI winbox import & export capability - will this get ported to winbox eventually?

Edit: Thanks Strods! = https://help.mikrotik.com/docs/display/ ... pendentNAT

EIN= Endpoint Independent NAT
Last edited by anav on Thu Nov 09, 2023 4:47 pm, edited 2 times in total.
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 3:12 pm

very nice looong changelog :) and looong testing RC state...thanks
 
fragtion
Member Candidate
Member Candidate
Posts: 269
Joined: Fri Nov 13, 2009 10:08 pm
Location: Cape Town, South Africa

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 3:22 pm

Wonderful !!
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1347
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 3:36 pm

I think I'm gonna throw caution to the wind and try this version.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 3:37 pm

https://help.mikrotik.com/docs/display/ ... pendentNAT
Couple of questions
(1) what is "ein-snat" and "ein-dnat" ( searched mt docs and no match ).
(2) CLI winbox import & export capability - will this get ported to winbox eventually?
 
gigabyte091
Forum Guru
Forum Guru
Posts: 1500
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 4:09 pm

AX3, cAP ax, RB5009 updated. No problems so far
 
erlinden
Forum Guru
Forum Guru
Posts: 2592
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 4:13 pm

RB4011, hAP ax2, hEX S, wAP ac and cAP ac upgraded, no problems for me.
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 4:16 pm

7.12 working on Hap AC3, Hap AX3, Hap AX2, Cube 60G AC, WAP 60G, SXT.
 
User avatar
ErfanDL
Member
Member
Posts: 366
Joined: Thu Sep 29, 2016 9:13 am

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 4:24 pm

Working on hAP Lite, RB2011UiAS2hND, 951Ui.
 
FurfangosFrigyes
newbie
Posts: 47
Joined: Sun Feb 25, 2018 11:45 am

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 4:30 pm

The Dude client is corrupt on the download page!
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12921
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 4:31 pm

RB951G boots with 7.12. Can't say if it's stable, nobody's at home ATM. ;-)
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 4:34 pm

What do you mean with "corrupt"? Downloads just fine for me (https://download.mikrotik.com/routeros/ ... l-7.12.exe).
The Dude client is corrupt on the download page!
 
biomesh
Long time Member
Long time Member
Posts: 574
Joined: Fri Feb 10, 2012 8:25 pm

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 4:35 pm

Opened SUP-133893 where RA deprecate messages for an active RA are sent at the same time as the active RA.

Workaround: toggle "use interface duid" to temporarily get a new PD then it reverts back to the actual PD and the RA will be correct.
 
roe1974
Member Candidate
Member Candidate
Posts: 151
Joined: Mon Dec 31, 2018 2:14 pm

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 4:36 pm

I am now planning to switch to 7.12 from 6.49.10 (RB4011iGS, ltAP, cAP ac). Is there anything to consider? ... i don't have a complex config (a few certificates, capsman, ovpn tunnel, DOH, some scripts). Thx for a short answer ;-).
 
holvoetn
Forum Guru
Forum Guru
Posts: 6660
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 4:39 pm

Short answer: it might just work.
Longer answer: in case of odd behavior, consider netinstall to 7.12 so make sure you have your config exported and away from your devices.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 4:48 pm

Why is that a problem? That is intended behaviour at the moment.
Opened SUP-133893 where RA deprecate messages for an active RA are sent at the same time as the active RA.

Workaround: toggle "use interface duid" to temporarily get a new PD then it reverts back to the actual PD and the RA will be correct.
 
biomesh
Long time Member
Long time Member
Posts: 574
Joined: Fri Feb 10, 2012 8:25 pm

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 4:54 pm

Why is that a problem? That is intended behaviour at the moment.
Well you get a non working config:

prefix 2601:2c3:xxxx:dc32::/64
{
AdvValidLifetime 7200;
AdvPreferredLifetime 7200;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition


prefix 2601:2c3:xxxx:dc32::/64
{
AdvValidLifetime 7200;
AdvPreferredLifetime 0;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition

Your client will see the deprecate message and will never get an address. If the PD/RA is active, why would you deprecate it at the same time?
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 5:04 pm

This is actually already fixed in 7.13 which is coming soon. Deprecate message will not be sent if actual prefix is re-used.
 
biomesh
Long time Member
Long time Member
Posts: 574
Joined: Fri Feb 10, 2012 8:25 pm

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 5:12 pm

This is actually already fixed in 7.13 which is coming soon. Deprecate message will not be sent if actual prefix is re-used.
Thanks - I have a workaround (mentioned before), so I'm good for now.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21827
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 6:03 pm

This is actually already fixed in 7.13 which is coming soon. Deprecate message will not be sent if actual prefix is re-used.
7.13? not 7.12.1 ???
 
DeGlucker
just joined
Posts: 14
Joined: Tue Apr 12, 2011 4:35 pm
Location: Moscow, Russia

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 6:34 pm

WiFi is still broken on x86 platform. Was forced to roll back to 7.6 again.
 
marekm
Member
Member
Posts: 416
Joined: Tue Feb 01, 2011 11:27 pm

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 6:40 pm

KNOT-r2 updated to 7.12, #[SUP-130404] Modbus bug (2-register read short by 1 byte if 2nd byte of CRC is 0) still not fixed.
Also tried to downgrade, bug is there at least as far back as 7.1.5 factory software.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10519
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 7:01 pm

Researching the "hang during reboot" problem (when upgrading) again, I now found that this is the way to reproduce it:
- have rose-storage and user-manager packages installed
- add an nfs mount using a command like this: /disk add nfs-address=192.168.1.3 nfs-share=/local/mikrotik slot=nfs type=nfs
- perform a user manager backup like this: /user-manager/database/save name=nfs/umbackup overwrite=yes
- now the nfs mount remains "in use", one can no longer disable the nfs-mounted disk (error message: failure: could not unmount filesystem - probably somebody still uses it)
- when the router is now rebooted using the software command, it hangs. powercycle required.

Apparently making a user manager backup somehow keeps the output file or directory open. Not good.
 
helectro
newbie
Posts: 48
Joined: Mon Jun 28, 2010 1:09 am

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 7:20 pm

Hi buy one Rb L41G-2axD I upgraded from 7.8 to 7.12and the Wireless interface disappeared, what should I do to get the wireless interface back?
You do not have the required permissions to view the files attached to this post.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3341
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 7:21 pm

This is actually already fixed in 7.13 which is coming soon. Deprecate message will not be sent if actual prefix is re-used.
7.13? not 7.12.1 ???
My thought as well. I am looking forward for a stable long term release 7.12.8
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12921
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 7:26 pm

Hi buy one Rb L41G-2axD I upgraded from 7.8 to 7.12and the Wireless interface disappeared, what should I do to get the wireless interface back?
Install wifwave2 package (from extra packages). Next time use built-in upgrade feature which upgrades all installed packages automaticalky.
 
sas2k
Member Candidate
Member Candidate
Posts: 101
Joined: Tue Jan 18, 2022 8:17 am

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 7:49 pm

Updated 3 devices with similar config from 7.11.2 to 7.12 stable:
1. rb750 gr3 - works fine, including DoH. But no BTH feature.
2. Hap ac3- DoH doesnot work. Update: fixed with cli command "/certificate/settings/set crl-use=no";
3. Rb4011 - DoH doesnot work, BtH - unable to connect. Update: fixed with correct connection config. My fault.
Last edited by sas2k on Sun Nov 12, 2023 6:35 pm, edited 3 times in total.
 
helectro
newbie
Posts: 48
Joined: Mon Jun 28, 2010 1:09 am

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 7:54 pm

Hi buy one Rb L41G-2axD I upgraded from 7.8 to 7.12and the Wireless interface disappeared, what should I do to get the wireless interface back?
Install wifwave2 package (from extra packages). Next time use built-in upgrade feature which upgrades all installed packages automaticalky.
Thank You Very Much Work Again
 
gigabyte091
Forum Guru
Forum Guru
Posts: 1500
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 8:07 pm

Updated 3 devices with similar config from 7.11.2 to 7.12 stable:
1. Hex s - works fine, including DoH.
2. Hap ac3- DoH doesnot work.
3. Rb4011 - DoH doesnot work, BtH - unable to connect.
Tested with RB5009 and AX3 and BTH is working without a problem. Will test with my RB4011 tomorrow.
 
DeGlucker
just joined
Posts: 14
Joined: Tue Apr 12, 2011 4:35 pm
Location: Moscow, Russia

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 10:53 pm

Confirm, DoH doesn't work normally after reboot/restart. On two routers I was forced to remove/reset DoH settings, only after that they was able to normally resolve DNS queries. One remote router behind NAT is still unreachable after upgrade because as I suppose it can't resolve DNS and connect via vpn to my home router. A lot of new bugs... WiFi broken, already within a year can't fix. Now DoH... I am so tired
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2965
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v7.12 [stable] is released!

Thu Nov 09, 2023 11:04 pm

1100AHx2 ... upgraded from rc6 ... seems to work ... a little bit of OSPF + iBGP
 
PortalNET
Member Candidate
Member Candidate
Posts: 153
Joined: Sun Apr 02, 2017 7:24 pm

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 1:12 am

Will try it out tomorrow on our test servers.. as i just came to the forum related to other speed issue on our servers Mellanox 40Gbps and 100Gbps adapter cards running ethernet mode.. speed issues..

will try it out tomorrow.
 
User avatar
pothi
newbie
Posts: 47
Joined: Fri Sep 14, 2018 7:48 pm
Location: Srivilliputhur, Tamil Nadu, India
Contact:

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 4:00 am

Upgraded hapAC2 and SXT LTE. No new issues.

ssh - added support for user ed25519 public keys;
Thanks for the added support for ed25519 keys for user authentication.
 
User avatar
djansen
just joined
Posts: 4
Joined: Wed Apr 15, 2015 10:22 am

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 4:41 am

LTE Firmware Not Found - Devices using the FG621-EA LTE Interface

Chateau LTE6 - D53G-5HacD2HnD-TC&FG621-EA
hAP ax lite LTE6 - L41G-2axD&FG621-EA
ROS upgraded to v7.12

Attempting to upgrade the LTE firmware results in download failed.

Check for latest firmware version.
/interface/lte/firmware-upgrade lte1 
  installed: 16121.1034.00.01.01.03
     latest: 16121.1034.00.01.01.04
Attempting standard firmware upgrade.
/interface/lte/firmware-upgrade lte1 upgrade=yes 
  status: download failed
Attempted manual download of the firmware.
/tool/fetch https://upgrade.mikrotik.com/firmware/FG621-EA/16121.1034.00.01.01.04/image
  status: failed

failure: closing connection: <404 Not Found> 159.148.172.226:443 (4)
 
User avatar
braveheartleo
newbie
Posts: 45
Joined: Thu Apr 16, 2020 8:10 pm
Location: /dev/console

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 5:58 am

The correct URL to use to download the firmware upgrade of FG621-EA from 01.03 to 01.04 is
https://upgrade.mikrotik.com/firmware/FG621-EA/16121.1034.00.01.01.03/image
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 7:48 am

sas2k, DeGlucker - Please send supout files from your non-working DoH client routers to support@mikrotik.com. Are you sure that log does not already tell what is wrong here?
 
welan
newbie
Posts: 39
Joined: Thu Jul 10, 2008 12:06 am
Location: Italy
Contact:

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 8:07 am

7.12 not working with CCR2004-1G-12S+2XS and RJ45 SFP-GB-GE-T , very sad thing, you fix one thing and break another.
 
toto4ds
just joined
Posts: 15
Joined: Fri Dec 03, 2021 10:39 pm

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 8:46 am

Yep, Hap ac2 DoH doesnot work too.
 
vecino
just joined
Posts: 7
Joined: Fri Jul 08, 2016 11:59 pm

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 9:15 am

MD5 encryption still doesn't work with OSPFv3 - testing between FRRouting 9.0.1 and 7.12. FRRouting vs FRRouting works fine.

config:
/routing ospf interface-template set *9 area=backbone-v3 auth=md5 auth-id=1 auth-key=************** ...
log:
default-v3 { version: 3 router-id: 10.***.***.1 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::de2c:****:fe45:c**b%ether2 } authentication failed from fe80::3eec:****:fef2:4f**%*2 received message with authentication trailer
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 9:23 am

For those who experience issues with the DoH service? Is "/certificate/settings/set crl-use=" set to "yes" on your routers? If it is "yes", then do DoH work if you change value to "no"?
 
Guscht
Member Candidate
Member Candidate
Posts: 259
Joined: Thu Jul 01, 2010 5:32 pm

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 9:25 am

7.12 not working with CCR2004-1G-12S+2XS and RJ45 SFP-GB-GE-T , very sad thing, you fix one thing and break another.

Yeah true, BUT never install a .0-version from MT in production ;)
They call it "stable" but in real words its more a "public beta".
 
Florian
Member Candidate
Member Candidate
Posts: 124
Joined: Sun Mar 13, 2016 9:45 am
Location: France

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 9:36 am

This is actually already fixed in 7.13 which is coming soon. Deprecate message will not be sent if actual prefix is re-used.
7.13? not 7.12.1 ???

I hope it's soon anyway, it's breaking some ipv6 scenarios...
 
DeGlucker
just joined
Posts: 14
Joined: Tue Apr 12, 2011 4:35 pm
Location: Moscow, Russia

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 9:53 am

For those who experience issues with the DoH service? Is "/certificate/settings/set crl-use=" set to "yes" on your routers? If it is "yes", then do DoH work if you change value to "no"?
Yes, once I set it to "No" DoH immediately starts working properly until next reboot. Then when I set this option back to "Yes" DoH starts working properly again.
Last edited by DeGlucker on Fri Nov 10, 2023 10:01 am, edited 1 time in total.
 
User avatar
baragoon
Member
Member
Posts: 376
Joined: Thu Jan 05, 2017 10:38 am
Location: Kyiv, UA
Contact:

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 9:58 am

Hi there!

If comment (multi words) is set via routing filters the extra quotes are shows in the routes section.

For example: comment set via DHCP script:

Image
as you can see, there is no extrea quotes in the route comment

But, if comment is set via routing filter, you may see the next:
Image

Is it possible to remove these extra quotes in the comment?
Thank you.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26897
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 9:59 am

and now re enable together with the download option too:

/certificate settings
set crl-download=yes crl-use=yes
 
negge
newbie
Posts: 43
Joined: Fri Jul 10, 2009 11:05 am

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 10:04 am

Can confirm that the OpenVPN UDP issues described in viewtopic.php?p=1024643#p1024643 have been fixed in 7.12, at least for me.
 
DeGlucker
just joined
Posts: 14
Joined: Tue Apr 12, 2011 4:35 pm
Location: Moscow, Russia

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 10:09 am

and now re enable together with the download option too:

/certificate settings
set crl-download=yes crl-use=yes
and now I have following error messages in the log:
CRL fetch failed: closing connection: <302 Moved Temporarily location="http://www1.d-trust.net/crl/d-trust_roo ... 2_2009.crl"> 193.28.64.55:80 (6)
DoH server connection error: SSL: ssl: crl not found for: "CN=dns.google" (6)
 
matiss
MikroTik Support
MikroTik Support
Posts: 33
Joined: Fri Dec 30, 2016 10:13 am

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 10:32 am

If crl-use is yes, RouterOS will check CRL for each certificate in a certificate chain, therefore, an entire certificate chain should be installed into a device - starting from Root CA, intermediate CA (if there are such), and certificate that is used for specific service.
For example, Google DoH full chain contains three certificates, Cloudflare has three certificates, and NextDNS has four certificates.
 
BWC
newbie
Posts: 34
Joined: Tue Mar 21, 2006 5:36 pm
Location: Würzburg, Germany
Contact:

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 10:49 am

I updated a CHR on AWS from 7.11.2 to 7.12 and it is not starting anymore, is there a known issue?

Even the serial console isn't showing anything, it looks like the whole instance is broken.
 
jplitza
just joined
Posts: 9
Joined: Mon Sep 20, 2021 4:12 pm

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 11:00 am

*) qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);
Does that mean if I want to have a 40G link on the qsfp28-1 port of a CCR2216-1G-12XS-2XQ, I have to enable all qsfp28-1-{1,2,3,4} interfaces before updating? What will be the state of those sub-interfaces when the 40G link is established?
*) route - reverse community "delete" and "filter" command behavior;
So is the documented behavior the old or the new one? Could you please – whichever it is – clarify the documentation?
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1090
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 11:17 am

and now re enable together with the download option too:

/certificate settings
set crl-download=yes crl-use=yes
How about extending the property verify-doh-cert with a new value yes-without-crl, just like fetch command with its property check-certificate?
 
sas2k
Member Candidate
Member Candidate
Posts: 101
Joined: Tue Jan 18, 2022 8:17 am

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 11:58 am

For those who experience issues with the DoH service? Is "/certificate/settings/set crl-use=" set to "yes" on your routers? If it is "yes", then do DoH work if you change value to "no"?
There is no such item in the winbox gui.
Would you be so kind to provide cli script to get the current value of this param?
Thank you.

Ps. DoH doesnot work when "verify DoH certificate" is unchecked!
Ps2. "certificate/settings/set crl-use=no" resolves a problem.
So mikrotik decided to collect bug requests instead of setting "no" to new param that even cannot be found nowhere in the gui. Wow. . . Thank you for you care!
Last edited by sas2k on Fri Nov 10, 2023 12:50 pm, edited 1 time in total.
 
matiss
MikroTik Support
MikroTik Support
Posts: 33
Joined: Fri Dec 30, 2016 10:13 am

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 12:16 pm

Unfortunately, until 7.11, use-crl setting did not work properly. We fixed CRL check in 7.11 thus, routers with half-certificate chains that worked in the past by mistake will not work anymore until the full certificate chain is not imported.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26897
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 12:20 pm

For those who experience issues with the DoH service? Is "/certificate/settings/set crl-use=" set to "yes" on your routers? If it is "yes", then do DoH work if you change value to "no"?
There is no such item in the winbox gui.
Would you be so kind to provide cli script to get the current value of this param?
Thank you.

Ps. DoH doesnot work when "verify DoH certificate" is unchecked!
There is. Go to Certificates menu
You do not have the required permissions to view the files attached to this post.
 
matiss
MikroTik Support
MikroTik Support
Posts: 33
Joined: Fri Dec 30, 2016 10:13 am

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 12:24 pm

Ps. DoH doesnot work when "verify DoH certificate" is unchecked!
Do you have static DNS record that points to used DOH server DNS name?
What error message do you get in LOG?
 
hasmidzul
just joined
Posts: 2
Joined: Tue Jun 06, 2023 8:45 am

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 12:48 pm

Hap AX3 DOH working fine on 7.12 stable.Using rethinkdns DOH
 
sas2k
Member Candidate
Member Candidate
Posts: 101
Joined: Tue Jan 18, 2022 8:17 am

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 12:53 pm


There is. Go to Certificates menu
I checked it before I wrote:
1. It has another name.
2. It was unchecked!
3. When I did thru cli "certificate/settings/set crl-use=no" it helped. Before that this gui item did not work. Why?
4. Behaviour different on rb750gr3 vs hap ac3.
Both uchecked in the gui, rb750gr3 works fine as before. Hap ac3, rb4011b dont.

Are there any other checkboxes that I need to set thru cli despite their value in the gui?

Ps.
Why dont you name top checkbox as "Download CRL" ?
You should make it vise versa, to be not equal to "crl-download" cli param.
Last edited by sas2k on Sun Nov 12, 2023 6:36 pm, edited 2 times in total.
 
User avatar
ID
newbie
Posts: 35
Joined: Tue Dec 26, 2006 10:36 pm

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 1:27 pm

I updated a CHR on AWS from 7.11.2 to 7.12 and it is not starting anymore, is there a known issue?

Even the serial console isn't showing anything, it looks like the whole instance is broken.
Upgrade v7.12 on vultr and no problem so far. Local instances of CHR and x86 upgraded and working fine also.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26897
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 1:39 pm

sas2k, there are no other checboxes. What RouterOS version are you running?
 
Njumaen
Frequent Visitor
Frequent Visitor
Posts: 95
Joined: Wed Feb 24, 2016 8:41 pm
Location: Bielefeld, Germany
Contact:

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 1:55 pm

I'm missing something in the wireguard client config!

Right now, it creates a config with the line [copy does not work with winbox by the way]

AllowedIPs = 0.0.0.0/0, ::0

It is great for routing everything through the tunnel, but some people (like me ;) ) might need spilt-tunneling.

Please add something like "/interface/wireguard/peers/set client-allowedips"

Ralf.
 
bratislav
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Mon May 05, 2014 10:36 am

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 2:07 pm

*) wifiwave2 - added station-bridge interface mode;
I presume this is incompatible with regular "wireless" package station-bridge and all APs not able to run wifiwave2 right?
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 2:11 pm

Njumaen - Copy actually works. Simply, you do not see the "highlight". We will try to fix this in the future WInBox releases, but at the moment try to highlight the text, press right mouse button, select copy, and you are good to go.

As for the "client-allowed-ips" do you mean the parameter10.155 that will be installed on client device when importing configuration? IPs allowed from remote peer?
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 2:12 pm

When upgrading v6.4x to latest v7.11.x.
value export import route target became invalids (suffix "L" added on the value)

> /routing/bgp/vpn/print
Flags: X - disabled, I - inactive
0 ;;; no available router id value
name="bgp-mpls-vpn-1"
import.route-targets=1L:1
export.route-targets=1L:1
.redistribute=connected,static,vpn,dhcp
route-distinguisher="1:1" vrf=vrf-Cust1


thx
Last edited by buset1974 on Sat Nov 11, 2023 5:55 am, edited 3 times in total.
 
sas2k
Member Candidate
Member Candidate
Posts: 101
Joined: Tue Jan 18, 2022 8:17 am

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 2:15 pm

sas2k, there are no other checboxes. What RouterOS version are you running?
Yesterday posted all the fetails:
Updated 3 devices with similar config from 7.11.2 to 7.12 stable:
1. Hex s - works fine, including DoH.
2. Hap ac3- DoH doesnot work.
3. Rb4011 - DoH doesnot work, BtH - unable to connect.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26897
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 2:16 pm

send your supout.rif file to support@mikrotik.com from 7.12
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1090
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 2:18 pm

I have crazy behavior on LtAP mini... The lte interface vanished after some seconds.

I've wanted to open an issue, thus enabled debug output for lte. It does no longer happen since then... The interface is available and running. A case of race condition caused by command timing perhaps?

Edit... Oh, it's gone now after I disabled debug output. Will open an issue anyway.
 
sas2k
Member Candidate
Member Candidate
Posts: 101
Joined: Tue Jan 18, 2022 8:17 am

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 2:33 pm

send your supout.rif file to support@mikrotik.com from 7.12
No problem, but will it help?
I already set "certificate/settings/set crl-use=no", it resolved DoH problem.
 
Njumaen
Frequent Visitor
Frequent Visitor
Posts: 95
Joined: Wed Feb 24, 2016 8:41 pm
Location: Bielefeld, Germany
Contact:

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 2:39 pm

As for the "client-allowed-ips" do you mean the parameter10.155 that will be installed on client device when importing configuration? IPs allowed from remote peer?
I do not know the internal parameter references of wireguard but simply generate the line

AllowedIPs =

out of the List of client-allowed-ips...

Example:
set client-allowed-ips = 10.200.200.1/32,192.168.1.0/24
should result in wg-config line in the [Peer] section
AllowedIPs = 10.200.200.1, 192.168.1.0/24
Simple as that ;-) wg works now as split-tunnel!

Cheers,

Ralf.
 
Guscht
Member Candidate
Member Candidate
Posts: 259
Joined: Thu Jul 01, 2010 5:32 pm

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 4:25 pm

my smol homenet works fine, but Im doin not DoH and BGP, OSPF stuff...

Screenshot 2023-11-10 152316.jpg
You do not have the required permissions to view the files attached to this post.
 
rajo
newbie
Posts: 45
Joined: Tue Aug 16, 2011 11:12 pm

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 8:22 pm

I updated a CHR on AWS from 7.11.2 to 7.12 and it is not starting anymore, is there a known issue?

Even the serial console isn't showing anything, it looks like the whole instance is broken.
I experienced this exact same issue when going from 7.7 to 7.10 with CHR on Google CE. I had to rebuild using an old snapshot.

In our case, I believe the issue was related to the CHR license not being applied when I upgraded from 6.49.x to 7.x, as evident from the last contact date in the license management page.

So its seems like, if the license cannot be verified within the allowed grace period, the CHR gets trashed during the reboot or upgrade.

This is terrible behavior MikroTik needs to change -- especially since we use CHR in a production environment to terminate hundreds of remote-site VPN connections. Instead of rendering a CHR install non-functional, when the license has not been verified outside the grace period, simply downgrade link speed and/or disable all functionality except that necessary to login to the CHR and correct the license issue.
 
mistercovert
just joined
Posts: 1
Joined: Wed Nov 03, 2021 6:42 pm

Re: v7.12 [stable] is released!

Fri Nov 10, 2023 10:31 pm

Until this version Cloudflare secure DNS worked fine with no issues with the single Cloudflare cert. But DNS over HTTPS is now causing issues. I managed to download the certificate chain from Cloudflare and imported into certificates. Using a single static DNS of 1.1.1.1 with CRL download and Use CRL both ticked, it is continually giving me errors. I then added 8.8.8.8 in as another DNS option, then the certs then downloaded correctly, I deleted my temp 8.8.8.8 server and DNS over HTTPS worked perfectly for approx 20minutes when it disconnected a crapped out again.

Has anyone else had any success in getting cloudflare working with the 3 certificate chain?
 
radik101
just joined
Posts: 3
Joined: Sun Jun 10, 2018 2:17 pm

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 12:16 am

No one was able to succeed, including Mikrotik itself.
For me, DOH only works on mipssbe, it doesn’t work on arm devices, if there are attempts to work, then only until a reboot.
Mikrotik simply cannot produce a new version without breaking something. This is already a tradition. It took so long to give birth to 7.12 and it still turned out broken. The further we go, the more Mikrotik disappoints.
 
User avatar
infabo
Forum Guru
Forum Guru
Posts: 1459
Joined: Thu Nov 12, 2020 12:07 pm

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 1:20 am

DOH enabled here, on a Chateau LTE12 and it is working flawlessly. arm device.
 
aoakeley
Member Candidate
Member Candidate
Posts: 174
Joined: Mon May 21, 2012 11:45 am

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 1:36 am

*) wireguard - added "auto" and "none" parameter for "private-key" and "preshared-key" parameters;

I don't see the 'none' option.
In Winbox:
- For the Private Key, there is no option to select none, if you leave it blank it fills in "none" when you apply
- For the Preshared key, there is no option to select none, if you leave it blank it stays blank when you apply

Does not affect function, but is not intuitive.
 
User avatar
bjohns
Member Candidate
Member Candidate
Posts: 271
Joined: Sat May 29, 2004 4:11 am
Location: Sippy Downs, Australia
Contact:

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 2:22 am

Updated a RB4011iGS+5HacQ2HnD from v7.11.2 to v7.12. Has a Dell 3m 10GbE DAC (L56SF018-SD-R) connecting a CSS326-24G-2S+.

I had to unplug/plug the SFP for traffic to begin to flow, looked okay otherwise.
 
aoakeley
Member Candidate
Member Candidate
Posts: 174
Joined: Mon May 21, 2012 11:45 am

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 3:50 am

*) email - rename "address" property to "server";

That's a lot of scripts that are going to need updating (well for our team anyway).
Not an issue, just thought I would highlight it.

Previous:
# Set Mail Server
/tool e-mail set address=[:resolve "mail.smtp2go.com"];

Change To:
# Set Mail Server
/tool e-mail set server="mail.smtp2go.com";
 
Renfrew
just joined
Posts: 16
Joined: Wed Sep 09, 2015 6:01 pm

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 4:33 am

*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;

Upgraded hAP AX^3 from ROS 7.11.2 to 7.12, and upgraded the firmware, but IPv6 RA Delay Time still shows as 3 seconds and cannot be changed to 500ms. The parameter in ND only accepts seconds. Have I missed something?
 
yap99
just joined
Posts: 1
Joined: Thu Apr 28, 2016 7:22 pm

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 8:29 am

On my rb850gx2 I have no service, I updated it remotely and now it no longer responds.
 
User avatar
braveheartleo
newbie
Posts: 45
Joined: Thu Apr 16, 2020 8:10 pm
Location: /dev/console

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 8:46 am

*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;

Upgraded hAP AX^3 from ROS 7.11.2 to 7.12, and upgraded the firmware, but IPv6 RA Delay Time still shows as 3 seconds and cannot be changed to 500ms. The parameter in ND only accepts seconds. Have I missed something?
I am observing the same here, running 7.12. Perhaps this is a cosmetic issue, where it displays 3s but internally it is 500ms? And yes, you can't set ra-delay to any millisecond value, it rounds it down to 0s when attempting:
/ipv6 nd set 0 ra-delay=500ms
Warning: value of ra-delay was rounded down to 0s
 
User avatar
aspen63
newbie
Posts: 43
Joined: Sat Feb 04, 2023 8:58 am

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 9:01 am

Upgraded my RB5009+three AX2 to 7.12 but still I have very slow speeds on my local network (around 23 MB/s) between my iPad and my NAS whereas I had around 50 MB/s before 7.11 or so. Don’t understand what to do.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12534
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 11:00 am

CCR2116-12G-4S+
Edge router on producion (with HA) 2 BGP IPv4, 1 BGP IPv6.
Uptime 1d 00:36:16, no problem.
 
mada3k
Forum Veteran
Forum Veteran
Posts: 740
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 1:11 pm

Upgraded my RB5009+three AX2 to 7.12 but still I have very slow speeds on my local network (around 23 MB/s) between my iPad and my NAS whereas I had around 50 MB/s before 7.11 or so. Don’t understand what to do.
Most likley wireless conditions change in some way. Wireless is wireless.
 
User avatar
kometchtech
Member Candidate
Member Candidate
Posts: 194
Joined: Sat Jun 15, 2013 4:25 am
Location: Japan
Contact:

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 1:46 pm

On my rb850gx2 I have no service, I updated it remotely and now it no longer responds.
I have also confirmed this situation.
I gave up and reverted to 7.11.2 with netinstall.
 
User avatar
netravnen
Frequent Visitor
Frequent Visitor
Posts: 74
Joined: Sun Dec 31, 2017 2:48 am

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 2:00 pm

MD5 encryption still doesn't work with OSPFv3 - testing between FRRouting 9.0.1 and 7.12. FRRouting vs FRRouting works fine.

config:
/routing ospf interface-template set *9 area=backbone-v3 auth=md5 auth-id=1 auth-key=************** ...
log:
default-v3 { version: 3 router-id: 10.***.***.1 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::de2c:****:fe45:c**b%ether2 } authentication failed from fe80::3eec:****:fef2:4f**%*2 received message with authentication trailer
Why not switch to HMAC-SHA-X Algorithm instead of MD5?

FRRouting 9.0 OSPFv3 docs

I have OSPFv3 running with HMAC-SHA-512 Auth between Bird 2.0.14 and ROS 7.12 with success. After the inclusion of bugfix "ospf - fixed OSPFv3 authentication header length calculation"

ROS 7.12
/routing ospf interface-template
add area=ospf3-backbone auth=sha512 auth-id=0 auth-key=\
    gsCHixQReM8cITbm8-8iedXG63ao8i9s dead-interval=20s disabled=no \
    hello-interval=5s interfaces=bridge1.3999 retransmit-interval=2s
Bird 2.0.14 (on Debian Linux 12)
protocol ospf v3 ospf3_main {
  area 0 {
    interface "br0.3999" {
      type broadcast;
      hello 5; retransmit 2; wait 10; dead 20;
      authentication cryptographic;
      password "gsCHixQReM8cITbm8-8iedXG63ao8i9s" { id 0; algorithm hmac sha512; };
      check link on;
    };
  };
}
Unless you capture the OSPFv3 packets on the wire and analyze the Authentication contents in e.g. Wireshark. It is hard to know what is going wrong for your setup with FRR 9.0.1 and ROS 7.12.

My problem was the the authentication header length before 7.12 was set to an incorrect value. Where ROS missed the addition of 16 bytes in the len field in the OSPFv3 authentication header. ( HMAC-SHA-512 / 8 = 64 bytes, instead of HMAC-SHA-512 / 8 + 16 = 80 bytes)
 
MrYan
Member Candidate
Member Candidate
Posts: 172
Joined: Sat Feb 27, 2010 6:13 pm

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 4:28 pm

Upgrade from 7.11.2 seems to have gone okay on 2x hEX (RB750Gr3) and 1x hAP AX^2. Noticed that on all of them I needed to reboot a second time to upgrade the routerboard firmware despite having "/system routerboard settings set auto-upgrade=yes" configured.

Like the extra logging for scripts that now tells you what it did.
 
User avatar
gabacho4
Member
Member
Posts: 399
Joined: Mon Dec 28, 2020 12:30 pm
Location: Earth

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 4:33 pm

"Noticed that on all of them I needed to reboot a second time to upgrade the routerboard firmware despite having "/system routerboard settings set auto-upgrade=yes" configured."

This has always been required. All the auto-upgrade does is save you the effort of having to go in and manually upgrade the router board firmware before rebooting.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12921
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 4:39 pm

Noticed that on all of them I needed to reboot a second time to upgrade the routerboard firmware despite having "/system routerboard settings set auto-upgrade=yes" configured.

That's expected and has been so ever since auto-upgrade is available. The reason is that .fwf files with new routerboot are part of ROS package and are only available after new ROS version gets installed. What the auto-upgrade=yes does is that it installs the new routerboot firmware right after new ROS boots for the first time (so one doesn't have to go via System->RouterBOARD->Upgrade manually) ... but an extra reboot is still necessary.

This has been discussed on this forum before ... and MT staffers' response was that it is not possible to flash new routerboot image before new ROS is booted. Personaly I have hard time believing this (I guess it would be non-trivial and might pose a threat to stability of upgrade process, but I'm pretty sure it would be possible to do it in same leg as ROS upgrade).
 
rtlx
just joined
Posts: 12
Joined: Wed Apr 16, 2014 2:18 am

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 5:22 pm

Given VPN tunnel:
[OpenVPN Client on MikroTik Router] to [OpenVPN Server on MikroTik router]

in UDP mode
IS STILL BROKEN.

When key renegotiation time arrives, the connection is aborted with the following messages on the server:
<CLIENT IP ADDRESS>: disconnected <TLS error: ssl: unexpected message (6)>
ovpn_server1: terminating... - TLS error: ssl: unexpected message (6)
<CLIENT IP ADDRESS>: disconnected <explicit peer disconnect>
Last edited by rtlx on Thu Nov 16, 2023 1:29 pm, edited 4 times in total.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12921
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 6:47 pm

... I was assured that this bug has been fixed in the 7.12 branch.
Well, it isn't. Still...
[sarcasm]
Well, 7.12 branch isn't abandoned/surpassed yet.
[/sarcasm]
 
rtlx
just joined
Posts: 12
Joined: Wed Apr 16, 2014 2:18 am

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 6:49 pm

[sarcasm]Well, 7.12 branch isn't abandoned/surpassed yet.[/sarcasm]
Corrected/clarified :)
 
User avatar
aspen63
newbie
Posts: 43
Joined: Sat Feb 04, 2023 8:58 am

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 7:40 pm

Upgraded my RB5009+three AX2 to 7.12 but still I have very slow speeds on my local network (around 23 MB/s) between my iPad and my NAS whereas I had around 50 MB/s before 7.11 or so. Don’t understand what to do.
Most likley wireless conditions change in some way. Wireless is wireless.
I have 3 hap x2 as access points. 5GHz spectrum is clear. The AP (in fact ANY of them) is in the line of sight but still…
 
holvoetn
Forum Guru
Forum Guru
Posts: 6660
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 8:00 pm

Start a new thread and post network diagram and config of relevant devices.
 
MrYan
Member Candidate
Member Candidate
Posts: 172
Joined: Sat Feb 27, 2010 6:13 pm

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 8:31 pm

"Noticed that on all of them I needed to reboot a second time to upgrade the routerboard firmware despite having "/system routerboard settings set auto-upgrade=yes" configured."

This has always been required. All the auto-upgrade does is save you the effort of having to go in and manually upgrade the router board firmware before rebooting.
Ah, okay. Thanks for clarifying the behaviour.
 
mike19
just joined
Posts: 12
Joined: Sat Jun 09, 2018 8:10 am

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 9:56 pm

SFP Mikrotik S-RJ01 problem on CCR2216.

no link or 100M
 
holvoetn
Forum Guru
Forum Guru
Posts: 6660
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.12 [stable] is released!

Sat Nov 11, 2023 10:01 pm

No problem on RB5009.
Advertises 1Gb just nicely.
 
User avatar
smotrov
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Mon Dec 26, 2022 8:55 pm
Location: Ukraine 🇺🇦

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 12:52 am

FoxGate ONU 1001XP-SFP is not initializing on RB5009 either Auto negotiation or force . Was working on 7.8 (with eeprom-checksum: bad to be precise).
 
monotsc
just joined
Posts: 13
Joined: Sat Jun 30, 2018 7:15 am
Location: indonesia

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 12:54 am

dhcp server on x86 no longer working after upgrading from 7.11.2, status became "offered", anyone suffer the same ?
 
User avatar
braveheartleo
newbie
Posts: 45
Joined: Thu Apr 16, 2020 8:10 pm
Location: /dev/console

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 12:59 am

FoxGate ONU 1001XP-SFP is not initializing on RB5009 either Auto negotiation or force . Was working on 7.8 (with eeprom-checksum: bad to be precise).
Perhaps you missed this part from the announcement?
Notice - SFP/QSFP functionality has been refactored for consistent behavior and better scalability. Now, compliance with SFP/SFP+/QSFP MSA standard is mandatory. This may cause issues with SFP/QSFP modules that are not fully compliant. All current MikroTik modules abide this standard.
It may have worked before this release, but changes have been made to SFP functionality. It would seem that your SFP module is non-compliant. In that case, replace the SFP module with a compliant one or roll-back to any version before 7.12 if you're not ready to replace the module just yet but need it working.
 
User avatar
smotrov
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Mon Dec 26, 2022 8:55 pm
Location: Ukraine 🇺🇦

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 1:34 am

replace the SFP module with a compliant one
I'd love to replace my SFP module with compliant, however, as far as I understand, Mikrotik is NOT have any compliant (such a simple thing) SFP EPON ONU. :-(

Now, I believe, this phrase should be deleted "MikroTik devices and SFP, SFP+, SFP28, QSFP+, and QSFP28 modules do not have any restrictions for other vendor equipment."

Mikrotik has just clearly restricted me from using other vendor equipment. Unbelievable.
 
guipoletto
Member Candidate
Member Candidate
Posts: 201
Joined: Mon Sep 19, 2011 5:31 am

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 2:15 am


I'd love to replace my SFP module with compliant, however, as far as I understand, Mikrotik is NOT have any compliant (such a simple thing) SFP EPON ONU. :-(

Now, I believe, this phrase should be deleted "MikroTik devices and SFP, SFP+, SFP28, QSFP+, and QSFP28 modules do not have any restrictions for other vendor equipment."

Mikrotik has just clearly restricted me from using other vendor equipment. Unbelievable.
To be fair, "SFP-ONU" modules are not just simple transceivers, as defined in the MTA
they are full-blown router/bridges , with firmware, folded into a SFP mechanical form-factor (sometimes disregarding electrical and thermal specs)
let alone the firmware(and simulated EEPROM responses), those are amongst the crappiest CPE's possible, from a support, and stability standpoints.

To the point that Mikrotik themselves, and even finisar (that specializes in high-end transceivers), had products in this category, and pulled them from the market

The modules themselves are CRAP, This is not mikrotik's fault.
 
iustin
newbie
Posts: 25
Joined: Mon Mar 06, 2023 12:11 am

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 2:26 am


I'd love to replace my SFP module with compliant, however, as far as I understand, Mikrotik is NOT have any compliant (such a simple thing) SFP EPON ONU. :-(

Now, I believe, this phrase should be deleted "MikroTik devices and SFP, SFP+, SFP28, QSFP+, and QSFP28 modules do not have any restrictions for other vendor equipment."

Mikrotik has just clearly restricted me from using other vendor equipment. Unbelievable.
To be fair, "SFP-ONU" modules are not just simple transceivers, as defined in the MTA
they are full-blown router/bridges , with firmware, folded into a SFP mechanical form-factor (sometimes disregarding electrical and thermal specs)
let alone the firmware(and simulated EEPROM responses), those are amongst the crappiest CPE's possible, from a support, and stability standpoints.

To the point that Mikrotik themselves, and even finisar (that specializes in high-end transceivers), had products in this category, and pulled them from the market

The modules themselves are CRAP, This is not mikrotik's fault.
Come on, it's not just SFP-ONU. I have a ticket open for six months for a simple SFP+ from Ubiquity (to replace S+RJ10), it's crickets, I test every new release, and it's still the same.

I wouldn't mind paying 2-3x for Mikrotiks own S+RJ10, if they wouldn't consume 2x power as the most recent chips.
 
toto4ds
just joined
Posts: 15
Joined: Fri Dec 03, 2021 10:39 pm

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 10:31 am

MLAG again began to lose the secondary switch.
This behavior was noticed before, but it worked on 7.11.
Treat the variable by rebooting both switches until the second one becomes available.
Although this may have never been fixed...

CRS326-24S+2Q+ x2
 
toto4ds
just joined
Posts: 15
Joined: Fri Dec 03, 2021 10:39 pm

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 11:04 am

Apparently the mlag is broken again, after about an hour, the primary switch went to 100% load.
And Zabbix started yelling: "Interface bond0: Ethernet has changed to lower speed than it was before". Оn all servers connected to the switches
There is nothing in the logs of the switches themselves
 
t0mm13b
just joined
Posts: 18
Joined: Sat Mar 04, 2023 5:11 pm

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 1:32 pm

Updated D53G-5HacD2HnD successfully, Two things spotted:

* the blue led light flashed pink when performing a modem upgrade, had to reboot twice.
* defconfig script changed the wireless specification from 7.11.2 to 7.12?
# 7.11.2
set $ifcId mode=ap-bridge band=2ghz-b/g/n disabled=no wireless-protocol=802.11 \
distance=indoors installation=indoor
to

# 7.12
set $ifcId mode=ap-bridge band=2ghz-b/g disabled=no wireless-protocol=802.11 \
distance=indoors installation=indoor
and

From:
# 7.11.2
set $ifcId mode=ap-bridge band=5ghz-a/n/ac disabled=no wireless-protocol=802.11 \
distance=indoors installation=indoor
set $ifcId channel-width=20/40/80mhz-XXXX;
To:
# 7.12
set $ifcId mode=ap-bridge band=5ghz-a disabled=no wireless-protocol=802.11 \
distance=indoors installation=indoor
set $ifcId channel-width=20mhz;
Any reason why the change?
 
BWC
newbie
Posts: 34
Joined: Tue Mar 21, 2006 5:36 pm
Location: Würzburg, Germany
Contact:

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 1:53 pm

I updated a CHR on AWS from 7.11.2 to 7.12 and it is not starting anymore, is there a known issue?

Even the serial console isn't showing anything, it looks like the whole instance is broken.
I experienced this exact same issue when going from 7.7 to 7.10 with CHR on Google CE. I had to rebuild using an old snapshot.

In our case, I believe the issue was related to the CHR license not being applied when I upgraded from 6.49.x to 7.x, as evident from the last contact date in the license management page.

So its seems like, if the license cannot be verified within the allowed grace period, the CHR gets trashed during the reboot or upgrade.

This is terrible behavior MikroTik needs to change -- especially since we use CHR in a production environment to terminate hundreds of remote-site VPN connections. Instead of rendering a CHR install non-functional, when the license has not been verified outside the grace period, simply downgrade link speed and/or disable all functionality except that necessary to login to the CHR and correct the license issue.
In my case it was a new instance which I created around Oct 15th and this date is shown as "Last Seen" on the license management as well. I guess the "Next Renewal Date" would be around Nov 15th, can't tell because it's broken :)

Gladly it was still the Trial License and I did not assigned the prepaid key, expiration date for that was Dec14th.

I created a new instance and hope for the best, the update process needs to be rock solid.

--Michael
 
User avatar
pendie
just joined
Posts: 4
Joined: Wed Jun 03, 2020 3:32 pm

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 2:00 pm

I tried updating from 6.49.10 to 7.12 bootloop and tried netinstall, the result was the same, downgrading to 7.11.2, it worked with netinstall, I used an RB 850 GX2, for those of you, it's best to have the same as me, avoid 7.12
 
User avatar
smotrov
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Mon Dec 26, 2022 8:55 pm
Location: Ukraine 🇺🇦

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 2:03 pm

The modules themselves are CRAP, This is not mikrotik's fault.
My device (SFP ONU) was working on RB5009. Now Mikrotik decided that is a CRAP (without offering any equivalent) and forbid me to install any future updates. Nice. Well done, Mikrotik!
 
flapviv
just joined
Posts: 16
Joined: Wed Oct 13, 2021 7:50 am

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 2:04 pm

I tried updating from 6.49.10 to 7.12 bootloop and tried netinstall, the result was the same, downgrading to 7.11.2, it worked with netinstall, I used an RB 850 GX2, for those of you, it's best to have the same as me, avoid 7.12
Thanx to tell us on what kind of router, please...
 
User avatar
pendie
just joined
Posts: 4
Joined: Wed Jun 03, 2020 3:32 pm

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 2:07 pm

I tried updating from 6.49.10 to 7.12 bootloop and tried netinstall, the result was the same, downgrading to 7.11.2, it worked with netinstall, I used an RB 850 GX2, for those of you, it's best to have the same as me, avoid 7.12
Thanx to tell us on what kind of router, please...
rb850gx2
 
slav0nic
just joined
Posts: 9
Joined: Sun Oct 26, 2014 10:14 am

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 4:56 pm

What is requirements for station-bridge mode? Is it possible using old wireless 7.12 devices in station-bridge mode with wave2 7.12 ap or it's only for `wifiwave2 station-bridge < - > wifiwave2 ap` devices?

upd

found answer in the doc
The station-bridge mode, as implemented in the wifiwave2 package, is incompatible with APs running the bundled 'wireless' package and vice versa.
 
sas2k
Member Candidate
Member Candidate
Posts: 101
Joined: Tue Jan 18, 2022 8:17 am

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 6:34 pm

Updated 3 devices with similar config from 7.11.2 to 7.12 stable:
fixed my problems.
 
carobeppe
just joined
Posts: 9
Joined: Tue Mar 26, 2013 6:09 pm

Re: v7.12 [stable] is released!

Sun Nov 12, 2023 11:15 pm

Updated my AX^3 and the old but gold CRS125, everything is fine!
 
yap99
just joined
Posts: 1
Joined: Thu Apr 28, 2016 7:22 pm

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 4:26 am

My rb850gx2 became unusable after updating to version 7.12. Apparently I'm not the only one, Mikrotik has to solve it or raise an alert.
 
vecino
just joined
Posts: 7
Joined: Fri Jul 08, 2016 11:59 pm

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 9:38 am

Why not switch to HMAC-SHA-X Algorithm instead of MD5?

FRRouting 9.0 OSPFv3 docs

I have OSPFv3 running with HMAC-SHA-512 Auth between Bird 2.0.14 and ROS 7.12 with success. After the inclusion of bugfix "ospf - fixed OSPFv3 authentication header length calculation"

ROS 7.12
/routing ospf interface-template
add area=ospf3-backbone auth=sha512 auth-id=0 auth-key=\
    gsCHixQReM8cITbm8-8iedXG63ao8i9s dead-interval=20s disabled=no \
    hello-interval=5s interfaces=bridge1.3999 retransmit-interval=2s
Bird 2.0.14 (on Debian Linux 12)
protocol ospf v3 ospf3_main {
  area 0 {
    interface "br0.3999" {
      type broadcast;
      hello 5; retransmit 2; wait 10; dead 20;
      authentication cryptographic;
      password "gsCHixQReM8cITbm8-8iedXG63ao8i9s" { id 0; algorithm hmac sha512; };
      check link on;
    };
  };
}
Unless you capture the OSPFv3 packets on the wire and analyze the Authentication contents in e.g. Wireshark. It is hard to know what is going wrong for your setup with FRR 9.0.1 and ROS 7.12.

My problem was the the authentication header length before 7.12 was set to an incorrect value. Where ROS missed the addition of 16 bytes in the len field in the OSPFv3 authentication header. ( HMAC-SHA-512 / 8 = 64 bytes, instead of HMAC-SHA-512 / 8 + 16 = 80 bytes)

@netravnen
Thanks for your answer. Yes I know about this option, but I guess to simplify my configuration file I prefer MD5, which I also use in OSPFv2. OSPFv2 can only do MD5 - https://docs.frrouting.org/en/stable-9.0/ospfd.html

I also want to alert Mikrotik guys to this problem so that they can fix it and make all variants functional.
 
User avatar
herger
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Tue Aug 18, 2020 2:48 pm

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 10:08 am

OSPF stopped exporting local areas, again :-/ Has been working fine with 7.11.2, now everything needs to go into the backbone area to be functional. Looks very much like a regression to me, as I've seen this in the past but it then got better (and now worse again *sigh*)
 
User avatar
netravnen
Frequent Visitor
Frequent Visitor
Posts: 74
Joined: Sun Dec 31, 2017 2:48 am

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 10:10 am

Yes I know about this option, but I guess to simplify my configuration file I prefer MD5, which I also use in OSPFv2. OSPFv2 can only do MD5 - https://docs.frrouting.org/en/stable-9.0/ospfd.html
@vecino
From the GitHub Issue tracker (frrouting/frr#14398) It would seem HMAC SHA support in OSPFv2 is on the way for the next FRR 9 point release 🤘
Last edited by netravnen on Mon Nov 13, 2023 10:58 am, edited 1 time in total.
 
vecino
just joined
Posts: 7
Joined: Fri Jul 08, 2016 11:59 pm

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 10:15 am

@netravnen
Wow - thanks for the info.
 
unlikely
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Fri Feb 21, 2020 1:16 pm

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 11:43 am

Not sure if it's related, but

DUDE DATABASE MOVED, 2M SECTOR WRITES IN TWO DAYS. AFTER ROS UPGRADE TO v7.12?

I think I almost immediately upgraded CCR2004 to v7.12 and I noticed today that since a couple of day my dude database was moved from USB/SSD storage to my main disk causing about 2.000.000 sector writes in two days (previously was 2M in 6 month).

Now I disabled dude, moved data directory again to usb/ssd, but dude refuses to stay running; after a reboot it turn stopped and data durectory revert to main disk.

EDIT:
Upgraded Nov 12 2023 from 7.11.2 to 7.12
# 2023-11-11 22:00:00 by RouterOS 7.11.2
# software id = G8MZ-MQ11
# model = CCR2004-16G-2S+
#
# 2023-11-12 22:00:00 by RouterOS 7.12
# software id = G8MZ-MQ11
# model = CCR2004-16G-2S+
Last edited by unlikely on Thu Nov 16, 2023 12:08 pm, edited 1 time in total.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6660
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 1:40 pm

Are you sure it's not because the slot name of USB disk changes after reboot ?
 
User avatar
peracchi
just joined
Posts: 11
Joined: Sat Apr 09, 2022 11:30 pm
Location: RS, Brazil

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 2:14 pm

I was unable to import the public key ED25519 from my YubiKey, either via the WinBox GUI "User List" or via the terminal command
/user ssh-keys import public-key-file=flash/pub/id_ed25519_sk.pub user=my-user
It gives the error "unable to load key file (wrong format or bad passphrase)!".

The contents of the file "id_ed25519_sk.pub" is:
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAA0HdRkQwPCMwy/KxKR3A49kleuXZMvknZbU9aO0Ob2AAAAFnNzaDpZdWJpS2V5XzE4LjA4Ny43OTA= my-user@my-domain.com
I thought this update, to RouterOS v7.12, would allow the use of ED25519 keys for SSH into RouterOS.

Did I do something wrong or misunderstood "ssh - added support for user ed25519 public keys"?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12534
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 2:15 pm

Not sure if it's related, but...
As usual, you do not provide any useful info, like from what version you upgrade...
 
InfoForm
just joined
Posts: 1
Joined: Tue Mar 06, 2018 6:49 pm

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 3:00 pm

That's expected and has been so ever since auto-upgrade is available. The reason is that .fwf files with new routerboot are part of ROS package and are only available after new ROS version gets installed. What the auto-upgrade=yes does is that it installs the new routerboot firmware right after new ROS boots for the first time (so one doesn't have to go via System->RouterBOARD->Upgrade manually) ... but an extra reboot is still necessary.

Just my 2 cents.

Can Mikrotik add a flag to reboot the router automatically just after software + firmware upgrade ?
Like:
/system routerboard settings
set auto-upgrade-reboot=yes
This will have the advantage of having only one down time (and only one operation) for the cost of a small extra down time.
In production this will be very valuable.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10519
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 3:13 pm

Can Mikrotik add a flag to reboot the router automatically just after software + firmware upgrade ?
Like:
/system routerboard settings
set auto-upgrade-reboot=yes
This will have the advantage of having only one down time (and only one operation) for the cost of a small extra down time.
In production this will be very valuable.
It really isn't a good idea (anymore) to set automatic firmware upgrade. The reason is that the firmware version now changes every time, it is the same as the RouterOS version. But usually there is no update at all in the firmware. Update just does nothing, but it incurs a small risk of rendering the router unbootable and requiring a netinstall using the backup booter.

It is best to update the firmware once after purchase of the device, and then only when release notes indicate some firmware change is required for the particular device you are running it on.
Then you can just do a manual update and consider if you even need the change to become active rightaway, or can wait to the next reboot.
 
DarkNate
Forum Guru
Forum Guru
Posts: 1065
Joined: Fri Jun 26, 2020 4:37 pm

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 4:11 pm

It really isn't a good idea (anymore) to set automatic firmware upgrade. The reason is that the firmware version now changes every time, it is the same as the RouterOS version. But usually there is no update at all in the firmware. Update just does nothing, but it incurs a small risk of rendering the router unbootable and requiring a netinstall using the backup booter.

It is best to update the firmware once after purchase of the device, and then only when release notes indicate some firmware change is required for the particular device you are running it on.
Then you can just do a manual update and consider if you even need the change to become active rightaway, or can wait to the next reboot.
More harm can come from running a firmware version from 10 years ago, than upgrading the firmware each time automatically. I've seen too many MikroTik boxes in prod, running latest ROS, but firmware from 1965, and then they whine about why some SFP issue pops up or some other issues buried in the changelogs. I enforce auto-upgrade = yes as company policy, personally. But MikroTik could probably improve the user experience here, for sure.
 
owsugde
newbie
Posts: 40
Joined: Thu Oct 06, 2016 5:01 pm

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 4:42 pm

*) ovpn - improved system stability;
Can confirm that the OpenVPN UDP issues described in viewtopic.php?p=1024643#p1024643 have been fixed in 7.12, at least for me.
So can we assume OpenVPN is in a state comparable to ROS 6 again, stability-wise? Every release after 7.6 has been horribly unstable (including numerous complete lockups) for me, for any system running even one OVPN client.

Would be awesome if I could actually try new versions again on important routers.
 
User avatar
spippan
Member
Member
Posts: 460
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 5:24 pm

Noticed that on all of them I needed to reboot a second time to upgrade the routerboard firmware despite having "/system routerboard settings set auto-upgrade=yes" configured.

That's expected and has been so ever since auto-upgrade is available. The reason is that .fwf files with new routerboot are part of ROS package and are only available after new ROS version gets installed. What the auto-upgrade=yes does is that it installs the new routerboot firmware right after new ROS boots for the first time (so one doesn't have to go via System->RouterBOARD->Upgrade manually) ... but an extra reboot is still necessary.

This has been discussed on this forum before ... and MT staffers' response was that it is not possible to flash new routerboot image before new ROS is booted. Personaly I have hard time believing this (I guess it would be non-trivial and might pose a threat to stability of upgrade process, but I'm pretty sure it would be possible to do it in same leg as ROS upgrade).
no
 
InfoForm
just joined
Posts: 1
Joined: Tue Mar 06, 2018 6:49 pm

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 5:29 pm

More harm can come from running a firmware version from 10 years ago, than upgrading the firmware each time automatically. I've seen too many MikroTik boxes in prod, running latest ROS, but firmware from 1965, and then they whine about why some SFP issue pops up or some other issues buried in the changelogs. I enforce auto-upgrade = yes as company policy, personally. But MikroTik could probably improve the user experience here, for sure.

I fully agree, we run into an issue when upgrading a CCR1009 with old firmware, after software update it never boot up, we have to do a net install.
This appends with 2 CCR1009 with old firmware and never with other CCR1009 having up to date firmware and bought at the same time.
As the firmware change every time now (at least the version), we set auto-upgrade = yes and do a reboot a minute or two after the upgrade.
Having this second reboot done automatically will be a good thing.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10519
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 5:50 pm

Of course he did not read what I wrote. I wrote "It is best to update the firmware once after purchase of the device" so you won't have ancient firmware.
 
DarkNate
Forum Guru
Forum Guru
Posts: 1065
Joined: Fri Jun 26, 2020 4:37 pm

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 7:05 pm

Of course he did not read what I wrote. I wrote "It is best to update the firmware once after purchase of the device" so you won't have ancient firmware.
Bullshit. Buy a device today, netinstall with latest ROS and firmware. Now one year later, ROS version has changed 15 generations and firmware is 15 generations behind, and you're back to ancient firmware.

What advice are you even giving here? I don't see MikroTik advising customers to "run old firmware" in general. The consensus is ROS version and matching firmware versions ensures best possibility experience and stability.
 
vecino
just joined
Posts: 7
Joined: Fri Jul 08, 2016 11:59 pm

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 7:43 pm

@netravnen

I tried sha256, but it doesn't work. I've tried other keys - shorter and nothing.

FRRouting 9.0.1
ipv6 ospf6 authentication key-id 1 hash-algo hmac-sha-256 key 12CBFE21AC3D4D981AD4FD32C1A28E0DBE259A1F60E35BB6C4ADECD2989432F6
RouterOS 7.12
/routing ospf interface-template set *9 area=backbone-v3 auth=sha256 auth-id=1 auth-key=12CBFE21AC3D4D981AD4FD32C1A28E0DBE259A1F60E35BB6C4ADECD2989432F6 + etc
Log:
default-v3 { version: 3 router-id: 10.***.***.1 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::****:6eff:****:c79b%ether2 } authentication failed from fe80::****:efff:fef2:****%*2 sha mismatch
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12534
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 9:27 pm

@pe1chl, @DarkNate
Wrong concept for both:
The point is not to keep the old firmware forever,
but is don't update it "instantly" when the new version comes out, without any test, automatically and without any control...
At least a waiting period of a few months and some test is recommended,
unless there is a very critical security update that do not involve fullshift™ CVE that start with "An authenticated user..."
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12921
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 9:40 pm

I was unable to import the public key ED25519 from my YubiKey,

I successfully imported ed25519 keys, created by openssh. The pub file starts with "ssh-ed25519 ", continues with 69 characters (the actual publuc key) and followed with key owner identification (user@host). Format of file on yubikey is obviously different and it doesn't seem to be supported by ROS.
 
rtlx
just joined
Posts: 12
Joined: Wed Apr 16, 2014 2:18 am

Re: v7.12 [stable] is released!

Mon Nov 13, 2023 10:03 pm

*) ovpn - improved system stability;
Can confirm that the OpenVPN UDP issues described in viewtopic.php?p=1024643#p1024643 have been fixed in 7.12, at least for me.
So can we assume OpenVPN is in a state comparable to ROS 6 again, stability-wise? Every release after 7.6 has been horribly unstable (including numerous complete lockups) for me, for any system running even one OVPN client.

Would be awesome if I could actually try new versions again on important routers.
No in any way - see viewtopic.php?p=1035315#p1035315

Just look at the 7.13beta1 changelog:
*) ovpn - improved memory allocation during key-renegotiation;
Am I the only one with conclusion, that MikroTik programmers are reimplementing existing code? I have such fears for years now.
If they would be taking the original OpenVPN source code, then they won't have such problems - especially on the memory management level.
Last edited by rtlx on Thu Nov 16, 2023 1:30 pm, edited 1 time in total.
 
unlikely
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Fri Feb 21, 2020 1:16 pm

Re: v7.12 [stable] is released!

Tue Nov 14, 2023 12:21 am

Are you sure it's not because the slot name of USB disk changes after reboot ?
Thanks for input. It seems to to me that the slot is always pcie1.
 
unlikely
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Fri Feb 21, 2020 1:16 pm

Re: v7.12 [stable] is released!

Tue Nov 14, 2023 12:24 am

As usual, you do not provide any useful info, like from what version you upgrade...
As usual, I'm akways ready to reply to kind questions about useful informations needed to help me: from the previous version.

If you have any useful info, feel free to reply.
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.12 [stable] is released!

Tue Nov 14, 2023 8:08 am

Until v7.12 in MPLS L3 env/ topology.

/routing/route/print where routing-table=xxxx or /ip/route print where routing-table=xxxx did not show any routes when /ip/vrf interfaces=none.

Interfaces must fill with some working interfaces (dummy loopback) to make it works.
we also have to enable disable the /ip/vrf after interface set/added.

in v6, as long we create /ip route vrf name ,RD, import RT , export RT and even though interfaces value "empty" routing can be received/ shown.

thx
Last edited by buset1974 on Tue Nov 14, 2023 5:25 pm, edited 1 time in total.
 
DarkNate
Forum Guru
Forum Guru
Posts: 1065
Joined: Fri Jun 26, 2020 4:37 pm

Re: v7.12 [stable] is released!

Tue Nov 14, 2023 3:24 pm

MikroTik's software quality is a very bad joke. Guys should go back to the first chapters of any good book on software engineering. It looks like in the past their software was written by the old timers and then the "young, dynamic, from big cities, who think they know better" came on board and ruined everything what the old timers put in place. That's why we have such a nightmare right now and that's why MikroTik can't be seen as a long term solution for production/enterprise/mission-critical networks. To this day, the simple PC with Linux OS is a few galaxys ahead of any MikroTik solution in terms of stability, reliability, updates...

Just look at the 7.13beta1 changelog:
*) ovpn - improved memory allocation during key-renegotiation;
Am I the only one with conclusion, that MikroTik programmers are reimplementing existing code? I have such fears for years now.
If they would be taking the original OpenVPN source code, then they won't have such problems - especially on the memory management level.
I hope MikroTik does a clean, fresh, codebase for ROS v8 with fresh kernel base (latest long-term version at that point in time). Otherwise, we're really f***ed. At this point, Debian + FRR or BIRD or VPP is far more stable.
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 552
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v7.12 [stable] is released!

Tue Nov 14, 2023 5:44 pm

(already said a couple of time in the last months .. and sent support requests)

Old v6 command "ip route check x.y.z.k" still missing!
e.g. /ip route check 8.8.8.8 (linux equivalent "ip route get 8.8.8.8")

It's very usefull when you have many routes in your routing table and you don't want to waste your time looking for the best match (and/or make mistakes chosing the wrong one when in a hurry or under pressure!)

it should be trivial to get it done..
Last edited by bajodel on Tue Nov 14, 2023 5:54 pm, edited 4 times in total.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7175
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.12 [stable] is released!

Tue Nov 14, 2023 5:45 pm

Until v7.12 in MPLS L3 env/ topology.

/routing/route/print where routing-table=xxxx or /ip/route print where routing-table=xxxx did not show any routes when /ip/vrf interfaces=none.
Works for me in any version above 7.11
[admin@MikroTik] /ip/route> /ip vrf/print 
Flags: X - disabled; * - builtin 
 0    name="xx" interfaces=none 

 1  * name="main" interfaces=all 
[admin@MikroTik] /ip/route> /routing/route/print where routing-table=xx
Flags: U - UNREACHABLE; s - STATIC; H - HW-OFFLOADED
Columns: DST-ADDRESS, GATEWAY, AFI, DISTANCE, SCOPE, TARGET-SCOPE
    DST-ADDRESS  GATEWAY  AFI  DISTANCE  SCOPE  TARGET-SCOPE
UsH 0.0.0.0/0    1.2.3.4  ip4  1         30     10 
 
densenator
just joined
Posts: 5
Joined: Tue Mar 10, 2020 3:31 pm

Re: v7.12 [stable] is released!

Tue Nov 14, 2023 6:52 pm

Did you planned fixing upgrade routeros from dude?
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.12 [stable] is released!

Wed Nov 15, 2023 5:17 am

Until v7.12 in MPLS L3 env/ topology.

/routing/route/print where routing-table=xxxx or /ip/route print where routing-table=xxxx did not show any routes when /ip/vrf interfaces=none.
Works for me in any version above 7.11
[admin@MikroTik] /ip/route> /ip vrf/print 
Flags: X - disabled; * - builtin 
 0    name="xx" interfaces=none 

 1  * name="main" interfaces=all 
[admin@MikroTik] /ip/route> /routing/route/print where routing-table=xx
Flags: U - UNREACHABLE; s - STATIC; H - HW-OFFLOADED
Columns: DST-ADDRESS, GATEWAY, AFI, DISTANCE, SCOPE, TARGET-SCOPE
    DST-ADDRESS  GATEWAY  AFI  DISTANCE  SCOPE  TARGET-SCOPE
UsH 0.0.0.0/0    1.2.3.4  ip4  1         30     10 
Dear Mrz,

please take a look this attachment.

this is when interfaces set to loopback
vrf-problem-v7-2.jpg
and this when i set interfaces-list into "none
vrf-problem-v7.jpg
thx
You do not have the required permissions to view the files attached to this post.
 
ZupoLlask
just joined
Posts: 17
Joined: Mon Jan 26, 2015 1:26 pm

Re: v7.12 [stable] is released!

Wed Nov 15, 2023 10:35 am

from the previous version
And what is your previous version? 7.11.2?
 
User avatar
fischerdouglas
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Thu Mar 07, 2019 6:38 pm
Location: Brazil
Contact:

Re: v7.12 [stable] is released!

Wed Nov 15, 2023 12:27 pm

(already said a couple of time in the last months .. and sent support requests)

Old v6 command "ip route check x.y.z.k" still missing!
e.g. /ip route check 8.8.8.8 (linux equivalent "ip route get 8.8.8.8")

It's very usefull when you have many routes in your routing table and you don't want to waste your time looking for the best match (and/or make mistakes chosing the wrong one when in a hurry or under pressure!)

it should be trivial to get it done..
Alias Commands (with args) would be a helpful solution to that...
 
User avatar
fischerdouglas
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Thu Mar 07, 2019 6:38 pm
Location: Brazil
Contact:

Re: v7.12 [stable] is released!

Wed Nov 15, 2023 1:09 pm

https://cve.mitre.org/cgi-bin/cvename.c ... 2023-41570
"MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API."


MikroTik's stance of pretending that problems don't happen, and only recording in their release notes the CVEs that have immense repercussions is something they should feel ashamed of doing.

https://www.enricobassetti.it/2023/11/c ... -rest-api/
Timeline
I followed the responsible disclosure process described in the “Responsible disclosure of discovered vulnerabilities” page. I reported the vulnerability at 2023-08-19 09:46:00 UTC and received the ACK at 2023-08-24 07:43:00 UTC. The fix was released in version 7.12 at 2023-11-09 09:45:00 UTC (time point from RouterOS changelog).


*) www - fixed allowed address setting for REST API users;
 
wernerptu
just joined
Posts: 5
Joined: Wed Nov 23, 2022 9:22 pm

Re: v7.12 [stable] is released!

Wed Nov 15, 2023 2:07 pm

Has anyone other than me noticed that this 7.12 update "killed" the stub area? I use stub area to summarize the PPPoE IPs and other IPs on each routerboard and only export /24 or larger blocks from the routerboard. I used it as follows and it works on 7.11.2 and earlier, but after updating to 7.12 it stopped working and even deleting, resetting and configuring it again, the routerboard doesn't work.
/routing ospf instance
add disabled=no name=backbone-v2 originate-default=never redistribute="" router-id=192.168.0.66 routing-table=main
add disabled=no name=backbone-v3 originate-default=never redistribute="" router-id=192.168.0.66 routing-table=main version=3
/routing ospf area
add disabled=no instance=backbone-v2 name=backbone-v2
add disabled=no instance=backbone-v3 name=backbone-v3
add area-id=0.0.0.66 disabled=no instance=backbone-v2 name=area-stub-v2 type=stub
add area-id=0.0.0.66 disabled=no instance=backbone-v3 name=area-stub-v3 type=stub
/routing ospf area range
add area=area-stub-v2 cost=10 disabled=no prefix=10.177.66.0/24
add area=area-stub-v2 cost=10 disabled=no prefix=100.70.66.0/24
add area=area-stub-v2 cost=10 disabled=no prefix=100.71.66.0/24
add area=area-stub-v2 cost=10 disabled=no prefix=172.17.66.0/24
add area=area-stub-v3 cost=10 disabled=no prefix=2804:XXXX:XXXX::/48
/routing ospf interface-template
add area=backbone-v2 cost=10 disabled=no interfaces=loopback networks=192.168.0.66/32 passive priority=1
add area=backbone-v3 cost=10 disabled=no interfaces=loopback networks=2804:XXXX:XXXX::/64 passive priority=1
add area=backbone-v2 cost=10 disabled=no interfaces=vlan10 networks=172.17.37.8/29 priority=1 type=ptp
add area=backbone-v3 cost=10 disabled=no interfaces=vlan10 priority=1 type=ptp
add area=area-stub-v2 comment="AREA STUB" cost=10 disabled=no networks=10.177.66.0/24,100.70.66.0/24,100.71.66.0/24,172.17.66.0/24 passive priority=1 type=ptp
add area=area-stub-v3 comment="AREA STUB" cost=10 disabled=no networks=2804:XXXX:XXXX::/48 passive priority=1 type=ptp
The only thing that I found strange (but it only works like that), was having to announce the stub area with type=ptp, instead of type=broadcast.
 
OpnsrC
just joined
Posts: 1
Joined: Mon Mar 07, 2022 11:50 pm

Re: v7.12 [stable] is released!

Wed Nov 15, 2023 4:59 pm

I've been struggling with upgrading my hAP AX3 from 7.8. Any releases after, including 7.12, break it with the same disconnection behaviour on the log (see attachment). This setup has worked for me back in the 6.x (hAP AC) up until 7.8 (hAP AX3). I've combed through my config several times but couldn't find any obvious misconfiguration issues. I'm hoping somebody more knowledgeable than me can help. It's a "simple" setup and a short config. I would really appreciate your help, good people!

My hEX S has been upgrading like a champ and is on the latest 7.12 ROS version.

Update: Issue Fixed
- Turns out I just had to set the wireless interfaces as tagged instead of untagged under interface/bridge/vlan.
I don't know how I had that setup running for years but it ran without any issue. I had to reread the manual to find the answer for this updated ROS version.
Last edited by OpnsrC on Thu Nov 16, 2023 4:25 pm, edited 6 times in total.
 
brotherdust
Member Candidate
Member Candidate
Posts: 130
Joined: Tue Jun 05, 2007 1:31 am

Re: v7.12 [stable] is released!

Wed Nov 15, 2023 6:45 pm

Has anyone other than me noticed that this 7.12 update "killed" the stub area? I use stub area to summarize the PPPoE IPs and other IPs on each routerboard and only export /24 or larger blocks from the routerboard. I used it as follows and it works on 7.11.2 and earlier, but after updating to 7.12 it stopped working and even deleting, resetting and configuring it again, the routerboard doesn't work.
/routing ospf instance
add disabled=no name=backbone-v2 originate-default=never redistribute="" router-id=192.168.0.66 routing-table=main
add disabled=no name=backbone-v3 originate-default=never redistribute="" router-id=192.168.0.66 routing-table=main version=3
/routing ospf area
add disabled=no instance=backbone-v2 name=backbone-v2
add disabled=no instance=backbone-v3 name=backbone-v3
add area-id=0.0.0.66 disabled=no instance=backbone-v2 name=area-stub-v2 type=stub
add area-id=0.0.0.66 disabled=no instance=backbone-v3 name=area-stub-v3 type=stub
/routing ospf area range
add area=area-stub-v2 cost=10 disabled=no prefix=10.177.66.0/24
add area=area-stub-v2 cost=10 disabled=no prefix=100.70.66.0/24
add area=area-stub-v2 cost=10 disabled=no prefix=100.71.66.0/24
add area=area-stub-v2 cost=10 disabled=no prefix=172.17.66.0/24
add area=area-stub-v3 cost=10 disabled=no prefix=2804:XXXX:XXXX::/48
/routing ospf interface-template
add area=backbone-v2 cost=10 disabled=no interfaces=loopback networks=192.168.0.66/32 passive priority=1
add area=backbone-v3 cost=10 disabled=no interfaces=loopback networks=2804:XXXX:XXXX::/64 passive priority=1
add area=backbone-v2 cost=10 disabled=no interfaces=vlan10 networks=172.17.37.8/29 priority=1 type=ptp
add area=backbone-v3 cost=10 disabled=no interfaces=vlan10 priority=1 type=ptp
add area=area-stub-v2 comment="AREA STUB" cost=10 disabled=no networks=10.177.66.0/24,100.70.66.0/24,100.71.66.0/24,172.17.66.0/24 passive priority=1 type=ptp
add area=area-stub-v3 comment="AREA STUB" cost=10 disabled=no networks=2804:XXXX:XXXX::/48 passive priority=1 type=ptp
The only thing that I found strange (but it only works like that), was having to announce the stub area with type=ptp, instead of type=broadcast.
I've noticed this problem too. type=PTP doesn't fix it. I'll open a ticket with Mikrotik.

Edit:
Or not. Support portal is down lol
 
pe1chl
Forum Guru
Forum Guru
Posts: 10519
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.12 [stable] is released!

Wed Nov 15, 2023 8:54 pm

Just look at the 7.13beta1 changelog:
*) ovpn - improved memory allocation during key-renegotiation;
Am I the only one with conclusion, that MikroTik programmers are reimplementing existing code? I have such fears for years now.
If they would be taking the original OpenVPN source code, then they won't have such problems - especially on the memory management level.
That is correct! Many functions that are readily available as open source projects are being re-implemented. Not everything, though.
We can only guess what is the reason. Maybe they don't like the licensing terms, maybe they don't want to contribute code back to the upstream when that is a requirement, maybe the open source versions are just too large to fit in that silly 16MB flash that so many MikroTik devices have.
OpenVPN is a wellknown troublespot. It is not an accident that they call it "ovpn" and not "OpenVPN". It is just a VPN that often interworks with OpenVPN, and also often not.

Another one is the DNS resolver. It has been broken again and again during extenstions with new functions, that are often done in a quite peculiar way (look at DoH...). And after all that, we still don't have DNSSEC support.
It would have been so much better when a well-developed and tested open source resolver had been taken onboard. I would say "unbound", others maybe say "dnsmasq". But it would have been through all the cycles of bugs that we now saw in RouterOS, and more feature-complete as well.
Yet they decide to waste time on development. Probably for a good reason, and the space restriction may be an important one.
 
rtlx
just joined
Posts: 12
Joined: Wed Apr 16, 2014 2:18 am

Re: v7.12 [stable] is released!

Wed Nov 15, 2023 9:34 pm

...
Last edited by rtlx on Thu Nov 16, 2023 1:28 pm, edited 1 time in total.
 
User avatar
jbl42
Member Candidate
Member Candidate
Posts: 225
Joined: Sun Jun 21, 2020 12:58 pm

Re: v7.12 [stable] is released!

Thu Nov 16, 2023 12:45 am

I would say "unbound", others maybe say "dnsmasq"
I would also say "powerdns" ;-)

While I agree with your sentiments, at least since we have Docker this can be solved easily.
I started to run PowerDns and dnsmasq images, both working with almost no issues. Especially on the CCR2xxx with internal SSDs. But also on RB5009 with external USB SSD.
 
User avatar
spippan
Member
Member
Posts: 460
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.12 [stable] is released!

Thu Nov 16, 2023 12:51 am

(already said a couple of time in the last months .. and sent support requests)

Old v6 command "ip route check x.y.z.k" still missing!
e.g. /ip route check 8.8.8.8 (linux equivalent "ip route get 8.8.8.8")

It's very usefull when you have many routes in your routing table and you don't want to waste your time looking for the best match (and/or make mistakes chosing the wrong one when in a hurry or under pressure!)

it should be trivial to get it done..
something like that really needs to be implemented ASAP.
even a route table below 200 routes is a PITA to search and look if a given DST matches a fdb installed route!

look at the cisco equivalent "show ip route x.x.x.x" or checkpoint "show route destination x.x.x.x"
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7175
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.12 [stable] is released!

Thu Nov 16, 2023 1:01 am

cisco "show ip route x.x.x.x" is not equivalent to "ip route check".
You can already do the same as ciscos show ip route with
ip route print where x.x.x.x in dst-address
 
User avatar
spippan
Member
Member
Posts: 460
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.12 [stable] is released!

Thu Nov 16, 2023 2:45 am

cisco "show ip route x.x.x.x" is not equivalent to "ip route check".
You can already do the same as ciscos show ip route with
ip route print where x.x.x.x in dst-address
neither is
ip route print where x.x.x.x in dst-address
an equivalent to cisco "show ip route x.x.x.x"
cisco gives a definitive result which mirrors the routers routing decision rather then MTs version of "hey i got these routes which MIGHT could be used to route your asked DST"

a "show" cmd. to reflect the routers routing decision to the current FDB would be great.
maybe there is one i do not know about yet...
 
User avatar
bgp4
just joined
Posts: 22
Joined: Thu Nov 07, 2019 3:48 am
Location: Singapore

Re: v7.12 [stable] is released!

Thu Nov 16, 2023 10:14 am

It seems that v7.12 stable will not generate OSPF LSA type3 - “inter-area-prefix“ while v7.11.2 stable is ok.
Here are configs:
Image
[admin@ROS7.11.2A] >export
/ip address
add address=10.0.0.1/24 interface=ether1 network=10.0.0.0
add address=192.168.1.1/25 interface=ether2 network=192.168.1.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.1.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.1 disabled=no instance=ospf-instance-1 name=1
/routing ospf area range
add area=1 disabled=no prefix=192.168.1.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=1 disabled=no interface=ether2

[admin@ROS7.11.2B] >export
/ip address
add address=10.0.0.2/24 interface=ether1 network=10.0.0.0
add address=192.168.2.1/25 interface=ether2 network=192.168.2.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.2.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.2 disabled=no instance=ospf-instance-1 name=2
/routing ospf area range
add area=2 disabled=no prefix=192.168.2.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=2 disabled=no interface=ether2

[admin@ROS7.12A] >export
/ip address
add address=10.0.0.3/24 interface=ether1 network=10.0.0.0
add address=192.168.3.1/25 interface=ether2 network=192.168.3.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.3.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.3 disabled=no instance=ospf-instance-1 name=3
/routing ospf area range
add area=3 disabled=no prefix=192.168.3.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=3 disabled=no interface=ether2

[admin@ROS7.12B] >export
/ip address
add address=10.0.0.4/24 interface=ether1 network=10.0.0.0
add address=192.168.4.1/25 interface=ether2 network=192.168.4.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.4.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.4 disabled=no instance=ospf-instance-1 name=4
/routing ospf area range
add area=4 disabled=no prefix=192.168.4.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=4 disabled=no interface=ether2
I've opened a ticket in support portal, SUP-134571
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26897
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.12 [stable] is released!

Thu Nov 16, 2023 10:31 am

Well, as far as I know, the GPL license obligates, that any work based on existing GPL-licensed project must also be licensed under GPL. MikroTik doesn't comply to this and that's why in the past there were some questions about this very issue, like viewtopic.php?t=100746
What makes you think mikrotik does not comply? Internet rumors? posts from 10 years ago?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10519
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.12 [stable] is released!

Thu Nov 16, 2023 10:35 am

cisco gives a definitive result which mirrors the routers routing decision rather then MTs version of "hey i got these routes which MIGHT could be used to route your asked DST"

a "show" cmd. to reflect the routers routing decision to the current FDB would be great.
Unfortunately it is not that easy. Remember you can have multiple routing tables with rules, route marking in mangle, and even VRF.
 
unlikely
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Fri Feb 21, 2020 1:16 pm

Re: v7.12 [stable] is released!

Thu Nov 16, 2023 12:09 pm

from the previous version
And what is your previous version? 7.11.2?
The previous version was 7.11.2

Guessing if the issue I had and I have is related to other Dude issue I now read in this topic...
 
brandaoeb
just joined
Posts: 6
Joined: Fri Jan 27, 2017 9:06 am

Re: v7.12 [stable] is released!

Thu Nov 16, 2023 3:29 pm

Hi:
My RB4011 on firmware 7.12 reboot random from 45m to 3 ir 6 hours, on firmware 7.11.2 works fine.!!!
Can anyone help ir a clue, no messages on logs nothing .... Just reboots.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10519
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.12 [stable] is released!

Thu Nov 16, 2023 3:50 pm

My RB4011 on firmware 7.12 reboot random from 45m to 3 ir 6 hours, on firmware 7.11.2 works fine.!!!
Can anyone help ir a clue, no messages on logs nothing .... Just reboots.
My RB4011 runs fine in 7.12
What are the first 5 messages after boot?
When you no longer can see these because there are a lot of other messages, configure logging to disk or syslog server...
 
brandaoeb
just joined
Posts: 6
Joined: Fri Jan 27, 2017 9:06 am

Re: v7.12 [stable] is released!

Thu Nov 16, 2023 5:15 pm

15:09:53 dns,error DoH server connection error: Network unreachable
15:09:53 dns,error DoH server connection error: Network unreachable [ignoring repeated messages]
15:09:56 interface,info BridgeLAN20 detect LAN
15:09:56 interface,info BridgeTSJogos detect LAN
15:10:04 interface,info ISP_1 link up
15:10:05 bridge,info "BridgeLAN20" mac address changed to xx.xx.xx.xx.....
15:10:05 interface,info Vlan98 link up
15:10:05 interface,info Vlan99 link up
15:10:05 interface,info vlan200 link up
15:10:05 interface,info vlan300 link up
15:10:05 interface,info vlan301 link up
 
brandaoeb
just joined
Posts: 6
Joined: Fri Jan 27, 2017 9:06 am

Re: v7.12 [stable] is released!

Thu Nov 16, 2023 5:17 pm

i no longer have 7.12 instaled but it was like this, the time was 00:02 or similar
 
brandaoeb
just joined
Posts: 6
Joined: Fri Jan 27, 2017 9:06 am

Re: v7.12 [stable] is released!

Thu Nov 16, 2023 5:20 pm

i have checked transformer and replaced ... the same i have used POE .. same thing. when i return to 7.11.2 OK..??!!
 
sas2k
Member Candidate
Member Candidate
Posts: 101
Joined: Tue Jan 18, 2022 8:17 am

Re: v7.12 [stable] is released!

Thu Nov 16, 2023 10:22 pm

New problem with DoH.
"Verify DoH certificate" was always on.
" /certificate/settings/set crl-use=no" was set after update to 7.12.

rb4011, after reboot some sites are resolved, some not!
For sure before each test I make DNS cache flush.

My Config :
/ip dns static
add address=192.168.0.1 comment=defconf name=router.lan
add address=8.8.8.8 name=dns.google
add address=8.8.4.4 name=dns.google
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d use-doh-server=\
https://dns.google/dns-query verify-doh-cert=yes

The error can be seen at any device connected to router as unable to resolve dns

Mikrotik does the same:

[sas@MikroTik] > ping libreswan.org
invalid value for argument address:
invalid value of mac-address, mac address required
invalid value for argument ipv6-address
while resolving ip-address: could not get answer from dns server

After I switched off "verify-doh-cert=no", everything works fine.
Trust certs imported of course.
Ipv6 was always disabled.
 
aivarsm
just joined
Posts: 4
Joined: Thu Dec 14, 2017 7:08 pm

Re: v7.12 [stable] is released!

Fri Nov 17, 2023 10:36 am

i can not add new cap to existed old capsMan
 
erlinden
Forum Guru
Forum Guru
Posts: 2592
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: v7.12 [stable] is released!

Fri Nov 17, 2023 10:39 am

i can not add new cap to existed old capsMan
cAP ac or cAP ax? For the latter you will have to wait for v7.13 (currently beta) to be able.
 
aivarsm
just joined
Posts: 4
Joined: Thu Dec 14, 2017 7:08 pm

Re: v7.12 [stable] is released!

Fri Nov 17, 2023 10:40 am

RBcAPGi-5acD2nD to RBD52G-5HacD2HnD
 
holvoetn
Forum Guru
Forum Guru
Posts: 6660
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.12 [stable] is released!

Fri Nov 17, 2023 11:44 am

So you're trying to add cAP XL ac to capsman controller running on AC2.
Correct ?

AC2 is running which version ? And which packages on it ?
cAP XL ac is running which version ? And which packages on it ?
 
aivarsm
just joined
Posts: 4
Joined: Thu Dec 14, 2017 7:08 pm

Re: v7.12 [stable] is released!

Fri Nov 17, 2023 12:42 pm

nop
i am trying add cAP AC to hAP AC2
both are old AC.
manual provisioning works from `CAP Interface` tabs
 
actck
just joined
Posts: 3
Joined: Sun Apr 16, 2017 10:13 am

Re: v7.12 [stable] is released!

Fri Nov 17, 2023 2:38 pm

7.12 broken sfp pon-stick (model:XE-99S)
When the system reboot, pon-stick can not init successful although the port show 10G-UP.
Good job.
 
msaxl
just joined
Posts: 6
Joined: Fri Oct 03, 2014 9:22 am

Re: v7.12 [stable] is released!

Fri Nov 17, 2023 3:24 pm

It seems that v7.12 stable will not generate OSPF LSA type3 - “inter-area-prefix“ while v7.11.2 stable is ok.
Here are configs:
Image
[admin@ROS7.11.2A] >export
/ip address
add address=10.0.0.1/24 interface=ether1 network=10.0.0.0
add address=192.168.1.1/25 interface=ether2 network=192.168.1.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.1.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.1 disabled=no instance=ospf-instance-1 name=1
/routing ospf area range
add area=1 disabled=no prefix=192.168.1.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=1 disabled=no interface=ether2

[admin@ROS7.11.2B] >export
/ip address
add address=10.0.0.2/24 interface=ether1 network=10.0.0.0
add address=192.168.2.1/25 interface=ether2 network=192.168.2.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.2.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.2 disabled=no instance=ospf-instance-1 name=2
/routing ospf area range
add area=2 disabled=no prefix=192.168.2.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=2 disabled=no interface=ether2

[admin@ROS7.12A] >export
/ip address
add address=10.0.0.3/24 interface=ether1 network=10.0.0.0
add address=192.168.3.1/25 interface=ether2 network=192.168.3.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.3.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.3 disabled=no instance=ospf-instance-1 name=3
/routing ospf area range
add area=3 disabled=no prefix=192.168.3.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=3 disabled=no interface=ether2

[admin@ROS7.12B] >export
/ip address
add address=10.0.0.4/24 interface=ether1 network=10.0.0.0
add address=192.168.4.1/25 interface=ether2 network=192.168.4.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.4.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.4 disabled=no instance=ospf-instance-1 name=4
/routing ospf area range
add area=4 disabled=no prefix=192.168.4.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=4 disabled=no interface=ether2
I've opened a ticket in support portal, SUP-134571
had the same issue beginning with 7.12rc2, the issue seems to be, as you said, that "directly" connected routes are not sent over area boundaries (lsa's of other routers are though). 7.13beta1 seems to fix it already, so I think they are aware of this but since nobody noticed the did not bother putting it in changelog (or 7.13 was branched before 7.12rc2 and is about to have that issue backported)
 
Swordforthelord
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Thu Jul 08, 2010 10:18 pm

Re: v7.12 [stable] is released!

Fri Nov 17, 2023 5:02 pm

I created an IPv4 input rule on a hAP ac2 and I restricted it to an address list but the address list restriction did not work until I rebooted the router. Has anyone else encountered this?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12921
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.12 [stable] is released!

Fri Nov 17, 2023 5:08 pm

I'm pretty sure address lists "work" immediately. There's another "gem" with regard to firewall: new drop rules only affect new connections. Already established connectiobs are not affected. Clearing connection tracking table does the job (but drops all the rest of established connections, unrelated to the new rule) and rebooting router is one way to achieve this.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21827
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: v7.12 [stable] is released!

Fri Nov 17, 2023 5:13 pm

Nice explanation!
 
Swordforthelord
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Thu Jul 08, 2010 10:18 pm

Re: v7.12 [stable] is released!

Fri Nov 17, 2023 5:14 pm

I'm pretty sure address lists "work" immediately. There's another "gem" with regard to firewall: new drop rules only affect new connections. Already established connectiobs are not affected. Clearing connection tracking table does the job (but drops all the rest of established connections, unrelated to the new rule) and rebooting router is one way to achieve this.
Agreed, I've never before implemented an address list that did not take effect immediately.
The need to clear the state table to allow new rules to work is normal, both for Mikrotik and other products. I checked the table before rebooting though, just to be thorough, and there were no established connections related to the issue I was experiencing. My logs showed multiple attempts from various sources and I tested myself from an unauthorized IP and was able to get through. After the reboot, everything was properly restricted.
 
User avatar
jbl42
Member Candidate
Member Candidate
Posts: 225
Joined: Sun Jun 21, 2020 12:58 pm

Re: v7.12 [stable] is released!

Fri Nov 17, 2023 5:29 pm

There's another "gem" with regard to firewall: new drop rules only affect new connections
This is based on how iptables work: existing connections are in established stated what us usually handled by "established, related, (untracked)" rules before drop rules.
So new drop rules only apply to connections with state "new", what does not include existing connections.

What can be done is using a script traversing the connection table and dropping all existing connections with source/dest IP addresses/ports as matched by the new drop rule.
 
User avatar
spippan
Member
Member
Posts: 460
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.12 [stable] is released!

Fri Nov 17, 2023 5:33 pm

cisco gives a definitive result which mirrors the routers routing decision rather then MTs version of "hey i got these routes which MIGHT could be used to route your asked DST"

a "show" cmd. to reflect the routers routing decision to the current FDB would be great.
Unfortunately it is not that easy. Remember you can have multiple routing tables with rules, route marking in mangle, and even VRF.
to clarify:
in cisco world "show ip route w.x.y.z" is checked against the "main" routing table
for VRFs it is "show ip route vrf ABC w.x.y.z"

somthing like that i guess could also be implemented in ROS.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10519
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.12 [stable] is released!

Fri Nov 17, 2023 5:37 pm

For VRF, yes. But RouterOS can also policy-route depending on source address, incoming interface, or routing mark (assigned in firewall mangle rule).
This is often used for loadbalancing/failover or for overlay networks, where VRF is much too restrictive.
 
akeeltaj
just joined
Posts: 23
Joined: Fri Oct 16, 2020 9:23 pm
Location: Srinagar, India
Contact:

Re: v7.12 [stable] is released!

Fri Nov 17, 2023 8:45 pm

Any idea why PoE auto was removed for L009?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10519
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.12 [stable] is released!

Fri Nov 17, 2023 10:33 pm

Any idea why PoE auto was removed for L009?
Most likely the hardware did not (reliably) support it...
 
brandaoeb
just joined
Posts: 6
Joined: Fri Jan 27, 2017 9:06 am

Re: v7.12 [stable] is released!

Sat Nov 18, 2023 8:43 am

Router 4011 reboots on 7.12
i have opened a support ticket: SUP-134808
Back to 7.11.2
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 552
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v7.12 [stable] is released!

Sat Nov 18, 2023 1:28 pm

For VRF, yes. But RouterOS can also policy-route depending on source address, incoming interface, or routing mark (assigned in firewall mangle rule).
This is often used for loadbalancing/failover or for overlay networks, where VRF is much too restrictive.
You're right, but I'd be fine with the funcionality already present in ros6. More often than not in a core network you're not using strange policy-routes or magle manipulations, but you've plenty of routers & routes where you have to struggle to find the best match and follow it. When we have an issue and little time to troubleshoot these tools are life savers!
Besides, I guess I'm not the only one that avoid using conntrack in those routers (zero fw rules) to get simplicity and/or top performaces; in these cases if we need load balancing we go for ECMP (even though it's rare).
 
faxxe
newbie
Posts: 40
Joined: Wed Dec 12, 2018 1:46 pm

Re: v7.12 [stable] is released!

Sat Nov 18, 2023 9:37 pm

CCR1009-7G-1C-1S+

As with every version since 7.8:
Suddenly the connection becomes slow; mostly the upload. Only a tenth of the line.

Now also with 7.12
Instead of 50Mbit upload only 10% of it. This after approx. 7 days of uptime.
With 7.8 on CCR1009 it was last +90 days without problems.

Netinstall 7.8

That was it.
 
User avatar
Hominidae
Member
Member
Posts: 316
Joined: Thu Oct 19, 2017 12:50 am

Re: v7.12 [stable] is released!

Sat Nov 18, 2023 11:54 pm

Router 4011 reboots on 7.12
i have opened a support ticket: SUP-134808
Back to 7.11.2
Nope, not mine..must be unique to your setup/environment.
 
Joe1vm
newbie
Posts: 28
Joined: Sat Apr 06, 2013 4:07 pm

Re: v7.12 [stable] is released!

Sun Nov 19, 2023 10:09 am

Hello, I am still facing the SA Query Timeout issue and some WIFi devices do not roam properly between the access points.
The workaround /interface/wifiwave2/configuration> set [find] security.connect-priority=0/1 works, but I am not sure that this is the right approach.
 
bbs2web
Member Candidate
Member Candidate
Posts: 234
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: v7.12 [stable] is released!

Sun Nov 19, 2023 10:34 am

Unable to get hardware offloading working on a hAP ax3 (C53UiG+5HPaxD2HPaxD), any suggestions?
/interface bridge
  add add-dhcp-option82=yes dhcp-snooping=yes name=bridge priority=0x7000 vlan-filtering=yes
/interface bridge port
  add bridge=bridge interface=ether1 trusted=yes comment="Uplink to core:"
  add bpdu-guard=yes bridge=bridge interface=ether2 restricted-role=yes
  add bpdu-guard=yes bridge=bridge interface=ether3 restricted-role=yes
  add bpdu-guard=yes bridge=bridge interface=ether4 restricted-role=yes
  add bpdu-guard=yes bridge=bridge interface=ether5 restricted-role=yes
  add bridge=bridge interface=wifi1
  add bridge=bridge interface=wifi2
  add bridge=bridge interface=wifi3
  add bridge=bridge interface=wifi4
  add bridge=bridge interface=wifi5
  add bridge=bridge interface=wifi6
/interface bridge vlan
  add bridge=bridge tagged=bridge vlan-ids=1
  add bridge=bridge tagged=bridge,ether1,wifi1,wifi2,wifi3,wifi4,wifi5,wifi6 vlan-ids=52
  add bridge=bridge tagged=bridge,ether1,wifi1,wifi2,wifi3,wifi4,wifi5,wifi6 vlan-ids=53
  add bridge=bridge tagged=bridge,ether1,wifi1,wifi2,wifi3,wifi4,wifi5,wifi6 vlan-ids=666
  add bridge=bridge tagged=bridge,ether1,wifi1,wifi2,wifi3,wifi4,wifi5,wifi6 vlan-ids=667
Status:
[admin@Ash - Cottage] > int bridge/port print 
Flags: I - INACTIVE
Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, HOR
IZON
 #   INTERFACE  BRIDGE  HW   PVID  PRIORITY  PATH-COST  IN  HORIZON
 0   ether1     bridge  yes     1  0x80             10  10  none   
 1 I ether2     bridge  yes     1  0x80             10  10  none   
 2 I ether3     bridge  yes     1  0x80             10  10  none   
 3 I ether4     bridge  yes     1  0x80             10  10  none   
 4 I ether5     bridge  yes     1  0x80             10  10  none   
 5   wifi1      bridge          1  0x80             10  10  none   
 6   wifi2      bridge          1  0x80             10  10  none   
 7   wifi3      bridge          1  0x80             10  10  none   
 8   wifi4      bridge          1  0x80             10  10  none   
 9   wifi5      bridge          1  0x80             10  10  none   
10   wifi6      bridge          1  0x80             10  10  none   



Similar configuration on a RB5009UG+S+ works perfectly:
/interface bridge
  add add-dhcp-option82=yes dhcp-snooping=yes name=bridge priority=0x6000 vlan-filtering=yes
/interface bridge port
  add bridge=bridge interface=ether1 restricted-role=yes trusted=yes
  add bridge=bridge interface=ether2 restricted-role=yes
  add bpdu-guard=yes bridge=bridge interface=ether3 pvid=52 restricted-role=yes
  add bridge=bridge interface=ether4 restricted-role=yes
  add bridge=bridge interface=ether5 restricted-role=yes
  add bpdu-guard=yes bridge=bridge interface=ether6 pvid=53 restricted-role=yes
  add bridge=bridge interface=ether7 restricted-role=yes
  add bridge=bridge interface=ether8 restricted-role=yes
  add bpdu-guard=yes bridge=bridge interface=sfp-sfpplus1 restricted-role=yes
/interface bridge vlan
  add bridge=bridge tagged=bridge vlan-ids=1
  add bridge=bridge tagged=bridge,ether1,ether2,ether4,ether5,ether7,ether8 vlan-ids=52
  add bridge=bridge tagged=bridge,ether1,ether2,ether4,ether5,ether7,ether8 vlan-ids=53
  add bridge=bridge tagged=bridge,ether5 vlan-ids=200
  add bridge=bridge tagged=bridge,ether1,ether2,ether5,ether7,ether8 vlan-ids=666
  add bridge=bridge tagged=bridge,ether1,ether2,ether5,ether7,ether8 vlan-ids=667
Status:
[admin@Ash - Core] > int bridge/port print 
Flags: I - INACTIVE; H - HW-OFFLOAD
Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, HORIZON
#    INTERFACE     BRIDGE           HW   PVID  PRIORITY  PATH-COST  IN  HORIZON
0  H ether1        bridge           yes     1  0x80             10  10  none
1  H ether2        bridge           yes     1  0x80             10  10  none   
2  H ether3        bridge           yes    52  0x80             10  10  none   
3  H ether4        bridge           yes     1  0x80             10  10  none   
4  H ether5        bridge           yes     1  0x80             10  10  none   
5 IH ether6        bridge           yes    53  0x80             10  10  none   
6  H ether7        bridge           yes     1  0x80             10  10  none   
7  H ether8        bridge           yes     1  0x80             10  10  none   
8 IH sfp-sfpplus1  bridge           yes     1  0x80             10  10  none   
 
whatever
Member
Member
Posts: 365
Joined: Thu Jun 21, 2018 9:29 pm

Re: v7.12 [stable] is released!

Sun Nov 19, 2023 11:49 am

Hello, I am still facing the SA Query Timeout issue and some WIFi devices do not roam properly between the access points.
The workaround /interface/wifiwave2/configuration> set [find] security.connect-priority=0/1 works, but I am not sure that this is the right approach.
Thank you very much for that hint. I set up a mixed wave2 capsman setup with hap ax² and hap ac² and was wondering why roaming with my android phone was sometimes very slow.
Setting connect-priority=0/1 fixed it for me as well! Reading to the documentation, I don't see any issue with it: All it appears to do is preferring new AP connections to existing ones. Unless someone in your network is spoofing MAC addresses it should be fine.
 
MrYan
Member Candidate
Member Candidate
Posts: 172
Joined: Sat Feb 27, 2010 6:13 pm

Re: v7.12 [stable] is released!

Sun Nov 19, 2023 11:56 am

Unable to get hardware offloading working on a hAP ax3 (C53UiG+5HPaxD2HPaxD), any suggestions?
The IPQ-PPE switch isn't supported yet for L2HW offload.
 
krli
just joined
Posts: 4
Joined: Tue Mar 12, 2019 10:53 pm
Location: Málaga
Contact:

Re: v7.12 [stable] is released!

Sun Nov 19, 2023 5:30 pm

Same thing here. Nothing from local areas is exported, it doesn't work having the area configured as nssa nor default.
OSPF stopped exporting local areas, again :-/ Has been working fine with 7.11.2, now everything needs to go into the backbone area to be functional. Looks very much like a regression to me, as I've seen this in the past but it then got better (and now worse again *sigh*)
 
challado
newbie
Posts: 45
Joined: Tue Jul 01, 2008 2:53 am

Re: v7.12 [stable] is released!

Sun Nov 19, 2023 10:36 pm

Same problem here. Wifi problems with HW-OFFLOAD on hAP ax^3
Latest versions of mikrotik solve the problem to some hardwares, bring problem to others. Solve to others, back to some. Very complicated.
Unable to get hardware offloading working on a hAP ax3 (C53UiG+5HPaxD2HPaxD), any suggestions?
/interface bridge
  add add-dhcp-option82=yes dhcp-snooping=yes name=bridge priority=0x7000 vlan-filtering=yes
/interface bridge port
  add bridge=bridge interface=ether1 trusted=yes comment="Uplink to core:"
  add bpdu-guard=yes bridge=bridge interface=ether2 restricted-role=yes
  add bpdu-guard=yes bridge=bridge interface=ether3 restricted-role=yes
  add bpdu-guard=yes bridge=bridge interface=ether4 restricted-role=yes
  add bpdu-guard=yes bridge=bridge interface=ether5 restricted-role=yes
  add bridge=bridge interface=wifi1
  add bridge=bridge interface=wifi2
  add bridge=bridge interface=wifi3
  add bridge=bridge interface=wifi4
  add bridge=bridge interface=wifi5
  add bridge=bridge interface=wifi6
/interface bridge vlan
  add bridge=bridge tagged=bridge vlan-ids=1
  add bridge=bridge tagged=bridge,ether1,wifi1,wifi2,wifi3,wifi4,wifi5,wifi6 vlan-ids=52
  add bridge=bridge tagged=bridge,ether1,wifi1,wifi2,wifi3,wifi4,wifi5,wifi6 vlan-ids=53
  add bridge=bridge tagged=bridge,ether1,wifi1,wifi2,wifi3,wifi4,wifi5,wifi6 vlan-ids=666
  add bridge=bridge tagged=bridge,ether1,wifi1,wifi2,wifi3,wifi4,wifi5,wifi6 vlan-ids=667
Status:
[admin@Ash - Cottage] > int bridge/port print 
Flags: I - INACTIVE
Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, HOR
IZON
 #   INTERFACE  BRIDGE  HW   PVID  PRIORITY  PATH-COST  IN  HORIZON
 0   ether1     bridge  yes     1  0x80             10  10  none   
 1 I ether2     bridge  yes     1  0x80             10  10  none   
 2 I ether3     bridge  yes     1  0x80             10  10  none   
 3 I ether4     bridge  yes     1  0x80             10  10  none   
 4 I ether5     bridge  yes     1  0x80             10  10  none   
 5   wifi1      bridge          1  0x80             10  10  none   
 6   wifi2      bridge          1  0x80             10  10  none   
 7   wifi3      bridge          1  0x80             10  10  none   
 8   wifi4      bridge          1  0x80             10  10  none   
 9   wifi5      bridge          1  0x80             10  10  none   
10   wifi6      bridge          1  0x80             10  10  none   



Similar configuration on a RB5009UG+S+ works perfectly:
/interface bridge
  add add-dhcp-option82=yes dhcp-snooping=yes name=bridge priority=0x6000 vlan-filtering=yes
/interface bridge port
  add bridge=bridge interface=ether1 restricted-role=yes trusted=yes
  add bridge=bridge interface=ether2 restricted-role=yes
  add bpdu-guard=yes bridge=bridge interface=ether3 pvid=52 restricted-role=yes
  add bridge=bridge interface=ether4 restricted-role=yes
  add bridge=bridge interface=ether5 restricted-role=yes
  add bpdu-guard=yes bridge=bridge interface=ether6 pvid=53 restricted-role=yes
  add bridge=bridge interface=ether7 restricted-role=yes
  add bridge=bridge interface=ether8 restricted-role=yes
  add bpdu-guard=yes bridge=bridge interface=sfp-sfpplus1 restricted-role=yes
/interface bridge vlan
  add bridge=bridge tagged=bridge vlan-ids=1
  add bridge=bridge tagged=bridge,ether1,ether2,ether4,ether5,ether7,ether8 vlan-ids=52
  add bridge=bridge tagged=bridge,ether1,ether2,ether4,ether5,ether7,ether8 vlan-ids=53
  add bridge=bridge tagged=bridge,ether5 vlan-ids=200
  add bridge=bridge tagged=bridge,ether1,ether2,ether5,ether7,ether8 vlan-ids=666
  add bridge=bridge tagged=bridge,ether1,ether2,ether5,ether7,ether8 vlan-ids=667
Status:
[admin@Ash - Core] > int bridge/port print 
Flags: I - INACTIVE; H - HW-OFFLOAD
Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, HORIZON
#    INTERFACE     BRIDGE           HW   PVID  PRIORITY  PATH-COST  IN  HORIZON
0  H ether1        bridge           yes     1  0x80             10  10  none
1  H ether2        bridge           yes     1  0x80             10  10  none   
2  H ether3        bridge           yes    52  0x80             10  10  none   
3  H ether4        bridge           yes     1  0x80             10  10  none   
4  H ether5        bridge           yes     1  0x80             10  10  none   
5 IH ether6        bridge           yes    53  0x80             10  10  none   
6  H ether7        bridge           yes     1  0x80             10  10  none   
7  H ether8        bridge           yes     1  0x80             10  10  none   
8 IH sfp-sfpplus1  bridge           yes     1  0x80             10  10  none   
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.12 [stable] is released!

Mon Nov 20, 2023 5:21 am

It seems that v7.12 stable will not generate OSPF LSA type3 - “inter-area-prefix“ while v7.11.2 stable is ok.
Here are configs:
Image
[admin@ROS7.11.2A] >export
/ip address
add address=10.0.0.1/24 interface=ether1 network=10.0.0.0
add address=192.168.1.1/25 interface=ether2 network=192.168.1.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.1.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.1 disabled=no instance=ospf-instance-1 name=1
/routing ospf area range
add area=1 disabled=no prefix=192.168.1.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=1 disabled=no interface=ether2

[admin@ROS7.11.2B] >export
/ip address
add address=10.0.0.2/24 interface=ether1 network=10.0.0.0
add address=192.168.2.1/25 interface=ether2 network=192.168.2.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.2.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.2 disabled=no instance=ospf-instance-1 name=2
/routing ospf area range
add area=2 disabled=no prefix=192.168.2.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=2 disabled=no interface=ether2

[admin@ROS7.12A] >export
/ip address
add address=10.0.0.3/24 interface=ether1 network=10.0.0.0
add address=192.168.3.1/25 interface=ether2 network=192.168.3.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.3.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.3 disabled=no instance=ospf-instance-1 name=3
/routing ospf area range
add area=3 disabled=no prefix=192.168.3.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=3 disabled=no interface=ether2

[admin@ROS7.12B] >export
/ip address
add address=10.0.0.4/24 interface=ether1 network=10.0.0.0
add address=192.168.4.1/25 interface=ether2 network=192.168.4.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.4.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.4 disabled=no instance=ospf-instance-1 name=4
/routing ospf area range
add area=4 disabled=no prefix=192.168.4.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=4 disabled=no interface=ether2
I've opened a ticket in support portal, SUP-134571
have you try v 7.13.x?
is it fixed yet?

thx
 
msaxl
just joined
Posts: 6
Joined: Fri Oct 03, 2014 9:22 am

Re: v7.12 [stable] is released!

Mon Nov 20, 2023 11:03 am

It seems that v7.12 stable will not generate OSPF LSA type3 - “inter-area-prefix“ while v7.11.2 stable is ok.
Here are configs:
Image
[admin@ROS7.11.2A] >export
/ip address
add address=10.0.0.1/24 interface=ether1 network=10.0.0.0
add address=192.168.1.1/25 interface=ether2 network=192.168.1.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.1.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.1 disabled=no instance=ospf-instance-1 name=1
/routing ospf area range
add area=1 disabled=no prefix=192.168.1.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=1 disabled=no interface=ether2

[admin@ROS7.11.2B] >export
/ip address
add address=10.0.0.2/24 interface=ether1 network=10.0.0.0
add address=192.168.2.1/25 interface=ether2 network=192.168.2.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.2.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.2 disabled=no instance=ospf-instance-1 name=2
/routing ospf area range
add area=2 disabled=no prefix=192.168.2.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=2 disabled=no interface=ether2

[admin@ROS7.12A] >export
/ip address
add address=10.0.0.3/24 interface=ether1 network=10.0.0.0
add address=192.168.3.1/25 interface=ether2 network=192.168.3.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.3.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.3 disabled=no instance=ospf-instance-1 name=3
/routing ospf area range
add area=3 disabled=no prefix=192.168.3.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=3 disabled=no interface=ether2

[admin@ROS7.12B] >export
/ip address
add address=10.0.0.4/24 interface=ether1 network=10.0.0.0
add address=192.168.4.1/25 interface=ether2 network=192.168.4.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.4.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.4 disabled=no instance=ospf-instance-1 name=4
/routing ospf area range
add area=4 disabled=no prefix=192.168.4.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=4 disabled=no interface=ether2
I've opened a ticket in support portal, SUP-134571
have you try v 7.13.x?
is it fixed yet?

thx
as said, 7.13beta1 and beta2 never had that issue. The real question is is that because they forked the 7.13 branch before 7.12rc2 (since they never noted something about ospf in the changelog of 7.13) or did they simply not mention that in the changelog hoping that nobody noticed the issue
 
msaxl
just joined
Posts: 6
Joined: Fri Oct 03, 2014 9:22 am

Re: v7.12 [stable] is released!

Mon Nov 20, 2023 11:05 am

Same thing here. Nothing from local areas is exported, it doesn't work having the area configured as nssa nor default.
OSPF stopped exporting local areas, again :-/ Has been working fine with 7.11.2, now everything needs to go into the backbone area to be functional. Looks very much like a regression to me, as I've seen this in the past but it then got better (and now worse again *sigh*)
my tests showed that it is not that local areas are not exported but routes that are "local" to the router do not cross area boundaries. putting everything in one area is a possibility to workaround this.
 
krli
just joined
Posts: 4
Joined: Tue Mar 12, 2019 10:53 pm
Location: Málaga
Contact:

Re: v7.12 [stable] is released!

Mon Nov 20, 2023 11:34 am

Same thing here. Nothing from local areas is exported, it doesn't work having the area configured as nssa nor default.

my tests showed that it is not that local areas are not exported but routes that are "local" to the router do not cross area boundaries. putting everything in one area is a possibility to workaround this.
Correct. It doesn't redistribute any connected route (I tested with interface templates by interface and by network). I wonder if enabling "redistribute connected" would make it work, but our routers are in production and I cannot test it (there are many connected routes that I don't want to redistribute). I downgraded to 7.11.2 and everything went back to normal.
 
msaxl
just joined
Posts: 6
Joined: Fri Oct 03, 2014 9:22 am

Re: v7.12 [stable] is released!

Mon Nov 20, 2023 11:57 am

it redistributes connected routes, but only on the area the route belongs to (this is why putting everything in for example area 0/backbone "fixes" it). "external" routes (= "redistribute connected") might work though since that is not bound to an area, so if it shows up it should show up on any area.
In short the issue is as someone already mentioned: inter-area routes are not generated.
 
ggr4y
just joined
Posts: 4
Joined: Fri Jul 30, 2010 11:56 am

Re: v7.12 [stable] is released!

Mon Nov 20, 2023 7:16 pm

After upgrade to RouterOS v7.12, my router on x86
experiencing RX errors on 10Gb interface on Intel X520
card. Can anybody help me to solve this problem?
 
User avatar
ID
newbie
Posts: 35
Joined: Tue Dec 26, 2006 10:36 pm

Re: v7.12 [stable] is released!

Mon Nov 20, 2023 8:27 pm

According to changelog intel drivers updated.
*) x86 - ixgbe updated driver to 5.19.6 version;
Be sure card firmware up-to-date also.
 
jplitza
just joined
Posts: 9
Joined: Mon Sep 20, 2021 4:12 pm

Re: v7.12 [stable] is released!

Tue Nov 21, 2023 12:51 pm

To answer my own questions:
*) qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);
Does that mean if I want to have a 40G link on the qsfp28-1 port of a CCR2216-1G-12XS-2XQ, I have to enable all qsfp28-1-{1,2,3,4} interfaces before updating? What will be the state of those sub-interfaces when the 40G link is established?
No, it works with sub-interfaces disabled.
*) route - reverse community "delete" and "filter" command behavior;
So is the documented behavior the old or the new one? Could you please – whichever it is – clarify the documentation?
The documented behavior (delete=remove matching, filter=remove non-matching) is the new one. Before 7.12, it worked the other way round.
 
EdPa
MikroTik Support
MikroTik Support
Topic Author
Posts: 340
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

Re: v7.12.1 [stable] is released!

Tue Nov 21, 2023 2:06 pm

What's new in 7.12.1 (2023-Nov-17 13:38):

*) defconf - fixed bogus wifi password on certain Audience devices;
*) ipv6 - do not send out IPv6 RA deprecate message for re-used prefix;
*) ospf - fixed LSA Type3 advertisement for OSPFv2;
*) ppc - fixed RouterOS bootup (introduced in v7.12);
*) qsfp - fixed supported rates for breakout cables;
*) winbox - added missing arguments for "MAC Format" under "Wireless/Security Profiles/RADIUS" menu;
 
usx
newbie
Posts: 26
Joined: Sun Oct 27, 2013 7:30 pm

Re: v7.12.1 [stable] is released!

Tue Nov 21, 2023 3:33 pm

What does "defconf - fixed bogus wifi password on certain Audience devices;" mean?

I have an Audience device so I'm not sure if I should worry, because other than that there's nothing which would affect me, so I would skip this release.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12921
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.12.1 [stable] is released!

Tue Nov 21, 2023 3:38 pm

defconf means Default Configuration ... which only gets applied when config is reset to factory default. This doesn't apply when upgrading ROS from one version to another.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26897
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.12.1 [stable] is released!

Tue Nov 21, 2023 3:54 pm

It means that if you do a Factory Reset on Audience with earlier version, some incorrect wifi password could have been set on it, even if the device came without password from factory. Now it's fixed.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3341
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.12.1 [stable] is released!

Tue Nov 21, 2023 6:13 pm

Yee, on step closer to a long term release :)
 
mblfone
newbie
Posts: 36
Joined: Sun Feb 02, 2014 2:22 am

Re: v7.12.1 [stable] is released!

Tue Nov 21, 2023 6:20 pm

I want to confirm the SFP issues (noted above) that ensue when the router is upgraded, in my case from 7.11.2 to 7.12.1 on a 2216 router. Initially I couldn't get a MT 10G SFP to come back online. I committed the 7.12.1 routerboard firmware, rebooted and it restored. I was not aware that ALL of my MT RJ45 SFP interfaces were down. I had to manually power cycle the SFP modules to get them back online after being notified by unhappy customers.

I certainly hope a fix for this is in the works at some point in 7.13; I don't see one in the release notes at this point.

We CANNOT have interfaces down after an upgrade!! Again, I have MT SFPs installed a MT router, not foreign vendor SFPs.

Reported as MikroTik support #[SUP-135136]: SFPs not coming online after ROS upgrade

**UPDATE 11/24/23** I found a SFP not fully seated that went down. My theory was that it may have affected other SFPs on the bus. Jira confirmed that theory via the SUP update.
Last edited by mblfone on Fri Nov 24, 2023 11:45 pm, edited 1 time in total.
 
vecino
just joined
Posts: 7
Joined: Fri Jul 08, 2016 11:59 pm

Re: v7.12.1 [stable] is released!

Tue Nov 21, 2023 8:14 pm

@Mikrotik

Please could you finally remove these messages within OSPFv2 ? received wrong LS Ack for network xx.

Thanks
 
prawira
Member
Member
Posts: 362
Joined: Fri Feb 10, 2006 5:11 am
Contact:

Re: v7.12.1 [stable] is released!

Wed Nov 22, 2023 7:11 am

hi all,

i having memory problem on crs1xx (crs112-8p-4s on live network) when using ROS 7.12. see viewtopic.php?p=1037715
please fix it on next bugfix (did not see this on changelog of 7.12.1

EDIT: problem seems to be solved after upgraded to 7.12.1

P
Last edited by prawira on Sat Nov 25, 2023 3:22 am, edited 1 time in total.
 
ahmedelbarbary
just joined
Posts: 19
Joined: Thu Dec 01, 2016 1:23 am

Re: v7.12.1 [stable] is released!

Wed Nov 22, 2023 6:37 pm

Hello!
I have 2 CHR with Tagged Port, i added same vlans on both of them, i see the traffic from chr1 on ch2 just when i do enable
and i see traffic stop when i do disbale for macvlan
 
User avatar
Maggiore81
Trainer
Trainer
Posts: 595
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: v7.12.1 [stable] is released!

Thu Nov 23, 2023 7:39 am

I upgraded two routers, connected together via mikrotik 5mt DAC cable. Their version was 7.11.2
1x CCR2004 16G
1x CCR1036 v3
I upgraded the first to 7.12.1

After upgrading the 2004, on the SFP port on the 1036 appeared fcs error and code error on the port.
upgraded also the 1036, it was the same.
downgraded the 2004 to 7.11.3 and the errors went away. The 1036 kept the latest version
 
User avatar
Ullinator
just joined
Posts: 17
Joined: Tue Jun 08, 2021 12:53 pm
Location: North-West Germany

Re: v7.12.1 [stable] is released!

Thu Nov 23, 2023 9:17 am

I upgraded two routers, connected together via mikrotik 5mt DAC cable. Their version was 7.11.2
1x CCR2004 16G
1x CCR1036 v3
I upgraded the first to 7.12.1

After upgrading the 2004, on the SFP port on the 1036 appeared fcs error and code error on the port.
upgraded also the 1036, it was the same.
downgraded the 2004 to 7.11.3 and the errors went away. The 1036 kept the latest version
Did you also upgrade the RouterBoard FW to 7.12.1?
 
User avatar
Maggiore81
Trainer
Trainer
Posts: 595
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: v7.12.1 [stable] is released!

Thu Nov 23, 2023 10:26 am

[/quote]
Did you also upgrade the RouterBoard FW to 7.12.1?
[/quote]

Of course, it is part of the standard upgrade procedure.
RouterOS upgrade, upgrade routerboot, reboot. Enjoy :-)
 
User avatar
Ullinator
just joined
Posts: 17
Joined: Tue Jun 08, 2021 12:53 pm
Location: North-West Germany

Re: v7.12.1 [stable] is released!

Thu Nov 23, 2023 10:43 am

Did you also upgrade the RouterBoard FW to 7.12.1?
Of course, it is part of the standard upgrade procedure.
RouterOS upgrade, upgrade routerboot, reboot. Enjoy :-)
Okay, I´m asking because I have also two 3m MT-DAC cable in use with 7.12.1, but between an CCR2004-1G-12S+2XS and a CRS326-24S+2Q+ and another CRS328-24P-4S+ with 7.12.1 without any problems. So it may be a device-specific problem...
 
EdPa
MikroTik Support
MikroTik Support
Topic Author
Posts: 340
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

Re: v7.12.1 [stable] is released!

Thu Nov 23, 2023 10:59 am

Hi, Maggiore81.

Can you create supout.rif files from both devices in the bad state and send them to support?

Just a small note, we do not make 5m DAC cables. Could you test if these errors appear when using a different DAC?
 
Reinis
MikroTik Support
MikroTik Support
Posts: 92
Joined: Wed Jan 02, 2019 12:14 pm
Location: Latvia
Contact:

Re: v7.12 [stable] is released!

Thu Nov 23, 2023 12:49 pm

yap99, pendie and kometchtech

7.12.1 Should work fine, sorry for the inconvenience caused.
*) ppc - fixed RouterOS bootup (introduced in v7.12);
 
User avatar
Maggiore81
Trainer
Trainer
Posts: 595
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: v7.12.1 [stable] is released!

Thu Nov 23, 2023 1:42 pm

Hi, Maggiore81.

Can you create supout.rif files from both devices in the bad state and send them to support?

Just a small note, we do not make 5m DAC cables. Could you test if these errors appear when using a different DAC?
https://mikrotik.com/product/s_ao0005


I can't take the supout file, but not now, but I will take it in a different timeslot :-)
 
User avatar
woland
Member
Member
Posts: 310
Joined: Mon Aug 16, 2021 4:49 pm

Re: v7.12.1 [stable] is released!

Thu Nov 23, 2023 2:43 pm

Thats an AOC. A DAC is Copper.
I also frequently make this error. :)
 
User avatar
Maggiore81
Trainer
Trainer
Posts: 595
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: v7.12.1 [stable] is released!

Thu Nov 23, 2023 3:56 pm

Thats an AOC. A DAC is Copper.
I also frequently make this error. :)
you are right!
I read "5m SFP+ 10Gbps Active Optics direct attach cable"
 
User avatar
marsbeetle
newbie
Posts: 48
Joined: Sun Feb 19, 2023 9:57 am

Re: v7.12.1 [stable] is released!

Fri Nov 24, 2023 9:20 am

After update to 7.12.1 my USB flash drive with containers attached to hAP AX3 became unreadable. Might just be me but thought I'd mention it in case the firmware upgrade is not cleanly unmounting the USB drive file systems. I mounted my USB flash drive on a linux system and ran fsck on it which solved the issue and I could attach it to the AX3 again.
 
ivicask
Member
Member
Posts: 438
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: v7.12.1 [stable] is released!

Fri Nov 24, 2023 12:45 pm

Other day 7.12 bricked HAP AC2 after 2nd reboot and routerboard upgrade. Now i updated 4011 to 7.12.1, first boot was ok, did reboot for routerboard and its not comming back online...Whats going on with routerboard updates?
 
User avatar
Deslack
just joined
Posts: 11
Joined: Mon Apr 11, 2016 4:30 pm
Contact:

Re: v7.12 [stable] is released!

Fri Nov 24, 2023 2:39 pm

It seems that v7.12 stable will not generate OSPF LSA type3 - “inter-area-prefix“ while v7.11.2 stable is ok.
Here are configs:
Image
[admin@ROS7.11.2A] >export
/ip address
add address=10.0.0.1/24 interface=ether1 network=10.0.0.0
add address=192.168.1.1/25 interface=ether2 network=192.168.1.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.1.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.1 disabled=no instance=ospf-instance-1 name=1
/routing ospf area range
add area=1 disabled=no prefix=192.168.1.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=1 disabled=no interface=ether2

[admin@ROS7.11.2B] >export
/ip address
add address=10.0.0.2/24 interface=ether1 network=10.0.0.0
add address=192.168.2.1/25 interface=ether2 network=192.168.2.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.2.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.2 disabled=no instance=ospf-instance-1 name=2
/routing ospf area range
add area=2 disabled=no prefix=192.168.2.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=2 disabled=no interface=ether2

[admin@ROS7.12A] >export
/ip address
add address=10.0.0.3/24 interface=ether1 network=10.0.0.0
add address=192.168.3.1/25 interface=ether2 network=192.168.3.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.3.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.3 disabled=no instance=ospf-instance-1 name=3
/routing ospf area range
add area=3 disabled=no prefix=192.168.3.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=3 disabled=no interface=ether2

[admin@ROS7.12B] >export
/ip address
add address=10.0.0.4/24 interface=ether1 network=10.0.0.0
add address=192.168.4.1/25 interface=ether2 network=192.168.4.0
/routing ospf instance
add disabled=no name=ospf-instance-1 router-id=192.168.4.1
/routing ospf area
add disabled=no instance=ospf-instance-1 name=BB
add area-id=0.0.0.4 disabled=no instance=ospf-instance-1 name=4
/routing ospf area range
add area=4 disabled=no prefix=192.168.4.0/24
/routing ospf interface-template
add area=BB disabled=no interface=ether1
add area=4 disabled=no interface=ether2
I've opened a ticket in support portal, SUP-134571
Well 7.12.1 addressed the issue for me. Time to give it a shot!
 
lele
just joined
Posts: 24
Joined: Thu Apr 02, 2015 1:20 am

Re: v7.12.1 [stable] is released!

Fri Nov 24, 2023 4:38 pm

Just an heads up. Last night I upgraded one of our two BGP route reflectors from 7.11.2 to 7.12.1. They have about 200+ iBGP peers/clients, the device in question is a 2004 running v7. For reference the other is a 1072 running on v6.
The RR has been quite stable for months apart for minor issues, on several v7 releases, and has been running on 7.11 for about a month. Configuration wasn't changed, just update/reboot.

About one hour from the update/reboot, during which it looked like working properly, it started propagating a number of routes with his own address as next hop causing routing loops, out of the blue, the situation got progressively worse, until it triggered enough alerts that we brought it down without the time for investigating in detail.
Back to 7.11, seems to be back to normal.
Last edited by lele on Fri Nov 24, 2023 6:09 pm, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10519
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.12.1 [stable] is released!

Fri Nov 24, 2023 5:44 pm

Our CCR2004-16G-2S+ which ran fine with 7.11beta4 has now had two occurrences of "router was rebooted without proper shutdown by watchdog timer".
Did others see this as well? I have submitted a support ticket with supout.rif.
 
K0NCTANT1N
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Thu Jun 08, 2023 9:35 pm

Re: v7.12.1 [stable] is released!

Fri Nov 24, 2023 6:27 pm

After update to 7.12.1 my USB flash drive with containers attached to hAP AX3 became unreadable. Might just be me but thought I'd mention it in case the firmware upgrade is not cleanly unmounting the USB drive file systems. I mounted my USB flash drive on a linux system and ran fsck on it which solved the issue and I could attach it to the AX3 again.
The same thing happened on one of the hAP ax3, on the other hAP ac3

hAP ac2 two problems:
1. flash in 3g modem in the same state;
2. lack of space on flash MT
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.12.1 [stable] is released!

Sat Nov 25, 2023 4:19 am

Our CCR2004-16G-2S+ which ran fine with 7.11beta4 has now had two occurrences of "router was rebooted without proper shutdown by watchdog timer".
Did others see this as well? I have submitted a support ticket with supout.rif.
Usually they ask supout before and after rebooted, well sometime we dont have supout when everything still running well or before we upgraded on something.
 
toto4ds
just joined
Posts: 15
Joined: Fri Dec 03, 2021 10:39 pm

Re: v7.12 [stable] is released!

Sun Nov 26, 2023 9:39 am

MLAG again began to lose the secondary switch.
This behavior was noticed before, but it worked on 7.11.
Treat the variable by rebooting both switches until the second one becomes available.
Although this may have never been fixed...

CRS326-24S+2Q+ x2
*) qsfp - fixed supported rates for breakout cables;

Looks like all the problems were due to qsfp
 
dbjungle
just joined
Posts: 7
Joined: Sat Apr 01, 2023 2:18 am

Re: v7.12 [stable] is released!

Sun Nov 26, 2023 2:24 pm

Any idea why PoE auto was removed for L009?
Most likely the hardware did not (reliably) support it...
That's unfortunate because it had been working reliably for me with a hap ax2 until I upgraded.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10519
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.12.1 [stable] is released!

Sun Nov 26, 2023 8:21 pm

Why can't you set it to "forced on" instead?
 
oldunixguy
just joined
Posts: 9
Joined: Wed Sep 06, 2017 10:27 am

Re: v7.12.1 [stable] is released!

Sun Nov 26, 2023 10:06 pm

Cant get webfig login prompt after updating to 7.12. I was at 7.6 on my RB450Gx4. Performed a package update to 7.12. After initiating the webpage did not update. I waited for 10 minutes and then tried to go to the webfig login. All I got was a "Connecting" in the webpage. Waited overnite and retried the webfig login page. Still reported "Connecting". I power cycled the RB450Gx4. The router is "routing" BUT I still get "Connecting" when trying to get to the webfig login page. I'm not sure what to do now...
oldunixguy
 
oldunixguy
just joined
Posts: 9
Joined: Wed Sep 06, 2017 10:27 am

Re: v7.12.1 [stable] is released!

Mon Nov 27, 2023 3:41 am

I think I saved a config after I upgraded to 7.6. I will have to look. Unfortunately I made a lot of changes to dhcp lease reservation that are not in that backup. I have old linux that I have not had luck getting winbox to work. I think I have an old win7 computer that I might be able to get winbox running on... If I can, should I back rev to something before 7.12? I'm not actually sure how to do it if so. Actually, I'm not certain the 7.12 really installed- I'm guessing it did since the device is scrogged.
thanks, oldunixguy
 
oldunixguy
just joined
Posts: 9
Joined: Wed Sep 06, 2017 10:27 am

Re: v7.12.1 [stable] is released!

Mon Nov 27, 2023 4:28 am

OK I made a tiny progress. I found a win7 and installed winbox 3.40 64bit. I entered the IP, my last admin username (not the default) and the password. After a bit it came up. I selected system-> packages. I reported 7.12.1. I selected Check Installation and it reported OK. So I next clicked on the Downgrade button. The screen working area went clear and after a good while the Package list screen came up but it said the same thing 7.12.1. Since my admin username and password work, what do I have to do to be able to get back in from my linux firefox to webfig? that is the part that is not working? Otherwise since Downgrade doesn't work what older version should I try and can you point me to instructions on how to accomplish that?
thanks, oldunixguy
 
whatever
Member
Member
Posts: 365
Joined: Thu Jun 21, 2018 9:29 pm

Re: v7.12.1 [stable] is released!

Mon Nov 27, 2023 8:45 am

Downgrade only works if you upload the old routeros packages before hitting the downgrade button.
 
erlinden
Forum Guru
Forum Guru
Posts: 2592
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: v7.12.1 [stable] is released!

Mon Nov 27, 2023 9:34 am

Can you share the config, @oldunixguy?
/export file=anynameyoulike
Remove serial and any other private information and place the ouptu between code tags with the </> button.

CLI not the better option for you?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10519
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.12.1 [stable] is released!

Tue Nov 28, 2023 11:20 am

Did someone else notice that at the moment IPsec-encrypted tunnels sometimes go down for a short while when the key lifetime is reached?
In earlier versions the key renegotiation was seamless, but now e.g. a BGP over GRE/IPsec peer with BFD enabled will sometimes go down/up even when there is no issue with the internet connection...
I wonder if others noticed that too. I see it both between routers running 7.12.1 and between 7.12.1 and v6.49.10.
 
Airell
just joined
Posts: 9
Joined: Fri Mar 25, 2016 3:40 pm

Still issues when using PPC (RB850Gx2)?

Tue Nov 28, 2023 6:02 pm

After 'simply' upgrading from the latest v6 to 7.12.1 (because of this: "ppc - fixed RouterOS bootup (introduced in v7.12);") on my RB850Gx2, many internal services, SSH, DNS, NTP, web config are not accessible anymore.

No DNS requests work anymore, `/ping google.com` on the router itself stopped working, clients who could DNS to 192.168.xx.1 do not get any answer anymore etc. The NTP client on the router can't get results, the System:Packages upgrades gives 'ERROR: could not resolve dns name'.

Internal services work, because there is one scenario in which it can connect: when I go from 192.168.48.xx to 192.168.48.1. Same scenario from '192.168.76.xx to 192.168.76.1' fails.

FW rules didn't change, but everything is checked extensively which a colleague running a similar config (VLAN as ports to bridges) on a rb3011.
 
User avatar
Ullinator
just joined
Posts: 17
Joined: Tue Jun 08, 2021 12:53 pm
Location: North-West Germany

Re: Still issues when using PPC (RB850Gx2)?

Tue Nov 28, 2023 7:04 pm

After 'simply' upgrading from the latest v6 to 7.12.1 (because of this: "ppc - fixed RouterOS bootup (introduced in v7.12);") on my RB850Gx2, many internal services, SSH, DNS, NTP, web config are not accessible anymore.

No DNS requests work anymore, `/ping google.com` on the router itself stopped working, clients who could DNS to 192.168.xx.1 do not get any answer anymore etc. The NTP client on the router can't get results, the System:Packages upgrades gives 'ERROR: could not resolve dns name'.

Internal services work, because there is one scenario in which it can connect: when I go from 192.168.48.xx to 192.168.48.1. Same scenario from '192.168.76.xx to 192.168.76.1' fails.

FW rules didn't change, but everything is checked extensively which a colleague running a similar config (VLAN as ports to bridges) on a rb3011.
For an upgrade from V6 to V7 my advice to you is:
- Export config in V6 as RSC file
- Clear config
- upgrade to V7
- clear config once again
- import the RSC file topic by topic via terminal and fix errors
That's the most successful method to migrate your old config from V6 to V7 :-/
All other methods may work, but it could be that afterwards you have to "fight against ghosts"....
 
pe1chl
Forum Guru
Forum Guru
Posts: 10519
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.12.1 [stable] is released!

Tue Nov 28, 2023 7:30 pm

Instead it is often better to:
- export config in v6 just in case
- upgrade to v7
- export config in v7
- clear config or even better: netinstall v7 again, no default config
- connect winbox on MAC address and open terminal, verify that config is empty (/export to terminal)
- upload and /import the v7-exported config
Done this way you do not need to worry about the differences in syntax between v6 and v7, while still doing a clear start.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6660
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.12.1 [stable] is released!

Tue Nov 28, 2023 8:03 pm

My view as well.
Moving from V6 to 7.12, it might be better to netinstall to be sure all cobwebs in the dungeons are cleared.
 
Airell
just joined
Posts: 9
Joined: Fri Mar 25, 2016 3:40 pm

Re: Still issues when using PPC (RB850Gx2)?

Tue Nov 28, 2023 8:08 pm

For an upgrade from V6 to V7 my advice to you is:
- Export config in V6 as RSC file
- Clear config
- upgrade to V7
- clear config once again
- import the RSC file topic by topic via terminal and fix errors
That's the most successful method to migrate your old config from V6 to V7 :-/
All other methods may work, but it could be that afterwards you have to "fight against ghosts"....
will do... thanks.
reverted to 6.49.10 and all running again 'like sunshine'
 
PortalNET
Member Candidate
Member Candidate
Posts: 153
Joined: Sun Apr 02, 2017 7:24 pm

Re: v7.12.1 [stable] is released! server x64bits L2MTU issue

Sun Dec 03, 2023 9:46 pm

Hi guys

i am having issue in changing the L2MTU on V7.12.1 X64

Running 2 cards Intel XDA-520 and Mellanox Card dual 40Gbps all nics show up the same MTU 1500 and L2MTU 0 i cannot change the L2MTU.. is this done automatically? how can i change the L2MTU manually?
MTU.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
CoUL
newbie
Posts: 45
Joined: Thu Feb 05, 2015 11:34 pm
Location: Ukraine

Re: v7.12.1 [stable] is released! server x64bits L2MTU issue

Tue Dec 05, 2023 12:41 am

Hi guys

i am having issue in changing the L2MTU on V7.12.1 X64

Running 2 cards Intel XDA-520 and Mellanox Card dual 40Gbps all nics show up the same MTU 1500 and L2MTU 0 i cannot change the L2MTU.. is this done automatically? how can i change the L2MTU manually?
MTU.png
Unfortunately, this is not possible in ROS x86. Unwritten drivers. This is a very old problem.
 
dave3
newbie
Posts: 46
Joined: Mon Feb 07, 2022 8:06 am

Re: v7.12.1 [stable] is released!

Tue Dec 05, 2023 8:38 am

I was able to import an ed25519 public key. But using:

HostKeyAlgorithms ssh-ed25519

on my client ssh config fails with an error:

Unable to negotiate with 192.168.3.1 port 22: no matching host key type found. Their offer: rsa-sha2-256

If I don't insist on ed25519 as a HostKeyAlgorithm, I can connect fine, though. I think I must be missing something. Is there a key on the mikrotik I need to regenerate, also, or something else?
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1090
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.12.1 [stable] is released!

Tue Dec 05, 2023 9:03 am

Note that host key and public key authentication are different things. To switch the former to ed25519 use:
/ip/ssh/set host-key-type=ed25519;
 
dave3
newbie
Posts: 46
Joined: Mon Feb 07, 2022 8:06 am

Re: v7.12.1 [stable] is released!

Tue Dec 05, 2023 9:20 am

Note that host key and public key authentication are different things. To switch the former to ed25519 use:
/ip/ssh/set host-key-type=ed25519;
That fixed it, thanks!
 
BassTeQ
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Fri Jan 19, 2018 5:52 am

Re: v7.12.1 [stable] is released!

Thu Dec 07, 2023 11:56 pm

I've updated from 7.10.2 and now have an issue where the terminal window is just hanging since updating to this version, in both WinBox and WebFig.
All of schedules and scripts have also disappeared :(

Router: RB3011UiAS

Image
https://imgur.com/a/AWW6AqB

CPU and Memory usage are both low.
CPU : https://imgur.com/a/61Z4IPI
Memory: https://imgur.com/a/YDlOzrd
Any Ideas?

Update
I've restored from a backup and things are back to normal, I'll continue to monitor.
Last edited by BassTeQ on Fri Dec 08, 2023 9:11 am, edited 1 time in total.
 
PortalNET
Member Candidate
Member Candidate
Posts: 153
Joined: Sun Apr 02, 2017 7:24 pm

Re: v7.12 [stable] is released!

Fri Dec 08, 2023 4:57 am

After upgrade to RouterOS v7.12, my router on x86
experiencing RX errors on 10Gb interface on Intel X520
card. Can anybody help me to solve this problem?

Hiya

it looks like i am not the only one having issues then? I am running V7.12.1 stable.. just realized also... i was having queue drops and rx-erros..

queue drops increase i have fixed it using interface queues changing hardware defaul queue to multi-queue-ethernet-default..

but the RX-errors still increasing as shown on attached picture i am also using 2 slots intel x520 dae2 total 4 sfp+ ports and 1 Solarflare SFN7501 dual port sfp+

Rx-error only seems to happen on the Intel x520 cards.. the SFN running fine no erorrs..

wondering if could be and issue with the drivers on the intel x520dae2?
You do not have the required permissions to view the files attached to this post.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3341
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.12.1 [stable] is released!

Fri Dec 08, 2023 12:11 pm

@BassTeQ
Please add image to the post, not a a link.
Use Full Editor & Preview -> Attachments (below the post window), add files.
You can use Place inline to fit it inn to the post.
.
image.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
CoUL
newbie
Posts: 45
Joined: Thu Feb 05, 2015 11:34 pm
Location: Ukraine

Re: v7.12 [stable] is released!

Sat Dec 09, 2023 1:10 am

After upgrade to RouterOS v7.12, my router on x86
experiencing RX errors on 10Gb interface on Intel X520
card. Can anybody help me to solve this problem?

Hiya

it looks like i am not the only one having issues then? I am running V7.12.1 stable.. just realized also... i was having queue drops and rx-erros..

queue drops increase i have fixed it using interface queues changing hardware defaul queue to multi-queue-ethernet-default..

but the RX-errors still increasing as shown on attached picture i am also using 2 slots intel x520 dae2 total 4 sfp+ ports and 1 Solarflare SFN7501 dual port sfp+

Rx-error only seems to happen on the Intel x520 cards.. the SFN running fine no erorrs..

wondering if could be and issue with the drivers on the intel x520dae2?
This problem can be solved. Go to the Interface Queues section. Select the interfaces where there are errors and change the queue type from "only-hardware-queue" to "mq-pfifo" and set the limit to 5000.
 
PortalNET
Member Candidate
Member Candidate
Posts: 153
Joined: Sun Apr 02, 2017 7:24 pm

Re: v7.12 [stable] is released!

Wed Dec 13, 2023 4:21 pm




Hiya

it looks like i am not the only one having issues then? I am running V7.12.1 stable.. just realized also... i was having queue drops and rx-erros..

queue drops increase i have fixed it using interface queues changing hardware defaul queue to multi-queue-ethernet-default..

but the RX-errors still increasing as shown on attached picture i am also using 2 slots intel x520 dae2 total 4 sfp+ ports and 1 Solarflare SFN7501 dual port sfp+

Rx-error only seems to happen on the Intel x520 cards.. the SFN running fine no erorrs..

wondering if could be and issue with the drivers on the intel x520dae2?
This problem can be solved. Go to the Interface Queues section. Select the interfaces where there are errors and change the queue type from "only-hardware-queue" to "mq-pfifo" and set the limit to 5000.


Hi thanks for your reply i will make test soon.. i have changed before from only-hardware-queue to multi-queue-ethernet-default.. will try to changed to mq-pfifo with limit 5000 now and run some testing later.
 
PortalNET
Member Candidate
Member Candidate
Posts: 153
Joined: Sun Apr 02, 2017 7:24 pm

Re: v7.12 [stable] is released!

Fri Dec 15, 2023 2:49 pm

This problem can be solved. Go to the Interface Queues section. Select the interfaces where there are errors and change the queue type from "only-hardware-queue" to "mq-pfifo" and set the limit to 5000.
Hi

ok so i did further testing...

upgraded intel i350, i340, x520, x540 cards firmware via Dell website with firmware version Network_Firmware_WTTP6_WN64_22.0.9_A00.EXE

Version
22.0.9, A00
Release date
10 Apr 2023


after reboot on mikrotik server i made the changes on the only-hardware-queue to mq-pfifo 5000 as you mentioned..

after that i i connected the Mikrotik server direclty to switch CRS317... and decided to make some bandwidth tests... i connected another 2 Mikrotik CCR1036 sfp+ ports.. and fired up bt test client from ccrs side... made testing with TCP connections both and send only for mikrotik.. we have reached.. 9gbps in tcp and 200mbps upload tcp on the Dell R620 server.. WAN 10gbps interface... let it run for around 30minutes.. doind average 19% on cpu load.. with over 1million ppps being sent from bothe ccr1036 in TCP mode.. with random data enabled.

for my surprise no errors shown in 30minutes full blow testing.. so i tought that problem was fixed.. after we stopped testing.. we decided to forward some traffic from OLT clients on vlan and start pppoe-server...

after 5 minutes pppoe-server running with specific VLAN traffic at around 100mbps.. RX-ERRORS started showing up again.

we have flow-control off on mikrotik ethernet and on OLT sfp+ uplink port and also on the CRS317 ports all flow-control OFF disabled..

so i am running out of ideas.. unless there is a newer firmware upgrade i did not find yet. on dell website for this Dell Intel cards?

Any other ideas i could try out?

attached below picture describing error, only showing up on the WAN port.. on the OLT SFP+ Port no errors shown.. (the only difference between both ports is.. OLT SFP+ Uplink port directly connected to the Mikrotik server Port, and the WAN LINK Port connected to switch CRS317)

Image
You do not have the required permissions to view the files attached to this post.
 
Jimmy
Member Candidate
Member Candidate
Posts: 111
Joined: Thu Sep 29, 2011 11:42 pm
Location: Denmark
Contact:

Re: v7.12.1 [stable] is released!

Thu Dec 28, 2023 8:01 pm

damm I really made a fool of myself :( I upgraded my CCR1036-12G to V7.12.1 I was otherwise running V 6.49. It runs as VPN Server and it just doesn't work anymore :( Upload is now only max 2 Mbit and Active Connections don't update so every time a router drops out and comes back on again, I just get a new extra line :( The same applies if remover from Connections, then just a new line with the same name comes up :(
Now comes the vest. I can't downgrade again, I thought that after downgrading to V6 it must be the error so I tried to V 7.6 because it was very stable, but the same everything looks ok until it restarts then it comes up with V.7.12.1. I then tried a 7.11.2 because I'm desperate and it runs really many VPN Site to site but the same thing again, can't downgrade?
All versions of V.6 have always run. I can't say in V7 because it's only now that I've upgraded my server, all clients are updated with V7 and have been running without problems.
Does anyone have a suggestion for a downgrade that works than normal system/routerborad/downgrade?
I can't just take it out and do a net install :(

Regards
Jimmy
 
laca77
just joined
Posts: 14
Joined: Wed Jun 03, 2015 11:35 am

Re: v7.12.1 [stable] is released!

Wed Jan 03, 2024 11:41 am

I upgaded my old 10 and 2 brand new CRS326-24S+2Q+ from 7.6 to 7.12.1

I faced a problem after the upgrade: the ETHER1 (management) interface was not reachable from 3 devices of 12.
One device was brand new, just got a DNS settings and an IP + DEF GW on the ETHER1 for the upgrade process.

The solution was to get back the ETHER 1 reachability to disable and re-enable the IP address on the ETHER1 interface.
 
EdPa
MikroTik Support
MikroTik Support
Topic Author
Posts: 340
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

Re: v7.12.1 [stable] is released!

Mon Jan 08, 2024 11:56 am

RouterOS v7.13 has been released
viewtopic.php?t=202423

Who is online

Users browsing this forum: bratislav, gigabyte091, the2masters, thenetworks and 8 guests