v7.1rc4 [development] is released!

emils · Mon Sep 20, 2021 2:55 pm

RouterOS version 7.1rc4 has been released in public "development" channel!

What's new in 7.1rc4 (2021-Sep-20 13:18):

*) improved filesystem and configuration storage stability;
*) show "expired password" prompt for users with blank password;
*) other fixes and improvements;

All released RouterOS v7 changelogs are available here:
https://mikrotik.com/download/changelog ... lease-tree

mafiosa · Mon Sep 20, 2021 3:02 pm

Any specific improvements to MPLS or BGP?

Tremor021 · Mon Sep 20, 2021 3:03 pm

Changelog couldn't be more vague even if you tried...

Unintentional · Mon Sep 20, 2021 3:06 pm

Installed and running okay on RB2011 - would love some detail on the improvements to test.

biomesh · Mon Sep 20, 2021 3:09 pm

My chr test system can no longer start the container that worked on rc3. No debug log output at all.

mhugo · Mon Sep 20, 2021 3:25 pm

Please update https://help.mikrotik.com/docs/display/ ... col+Status

elter · Mon Sep 20, 2021 4:12 pm

Upgraded to 7.1rc4, IPSec hardware acceleration for aes-256 gcm is still not working on x86_64 CHR and worked just fine with the same config on 6.48.4, same virtualization environment.

SiB · Mon Sep 20, 2021 4:15 pm

no changelog in

CTassisF · Mon Sep 20, 2021 4:26 pm

How to explore and get files from container mounts now that they are stored as "container store" and not as directories/files as before?

krisjanisj · Mon Sep 20, 2021 4:30 pm

How to explore and get files from container mounts now that they are stored as "container store" and not as directories/files as before?

Fastest and easiest way is via FTP.

SiB · Mon Sep 20, 2021 4:33 pm

ReSize of terminal destroy MikroTik logo/code/output
Still slow paste of code.

5auw8OkqA2.gif

biomesh · Mon Sep 20, 2021 4:37 pm

Removing and re-adding the veth interface and container allowed it to start again. Containers should be able to start properly after an OS upgrade.

Mon Sep 20, 2021 4:40 pm

*) other fixes and improvements;

mAPLite (7.1rc3 downgraded to rc2, now upgraded to rc4):
- LEDs functioning normal again
- No more need to toggle Wireguard peer status to have it kick in gear after startup (will have to verify on mAP 2nD and Hex when I am home but I assume it will be the same there)

dksoft · Mon Sep 20, 2021 4:45 pm

Still no IPv6 prefix via DHCPv6 if PPPoE interface is VLAN tagged on RB5009:

/interface vlan
add interface=ether1 name=FTTH vlan-id=7
    
/interface pppoe-client
add add-default-route=yes interface=FTTH name=TELEKOM user=xxx#0001@t-online.de

/ipv6 dhcp-client
add interface=TELEKOM pool-name=GUA-pool6 request=prefix use-peer-dns=no

dksoft · Mon Sep 20, 2021 4:48 pm

Export creates code, that import can not read (starting with 7.1rc3):

Export:

/ip dhcp-client
add add-default-route=no disabled=yes interface=FFNK script=":if (\$bound = \"\

Import:

[admin@router] > import file-name=export.rsc verbose=yes
#line 1
/ip dhcp-client
#line 2
add add-default-route=no disabled=yes interface=FFNK script=":if (\$bound = \"\
expected end of command (line 1 column 75)
[admin@router] >

mikegleasonjr · Mon Sep 20, 2021 4:49 pm

Still not able to specify the direction (ingress/egress) for the Cake queue. Defaults to egress. So every Cake queue we create, however it is used as (ingress/egress), its internal algorithm thinks it is used as egress...

EDIT: grammar

anav · Mon Sep 20, 2021 4:51 pm

I am not playing the c3,c4 game but if I was, I would not be upgrading based on the improvement or changes which are frugal to almost none.
So for all the people complaining it still doesnt do X and Y, why do you ? They didnt state it was fixed?

Something needs to change, and that clearly is a detailed list of actual changes to existing functionality.
I can understand not noting clean up code or spelling fixes, stuff either to benign or not visible to the users.........
In that way people can make rational decisions on whether or not to try the next c upgrade.
Am I missing some logic here?

Even better communication, and a standard that needs to be reached is the following.

RC -X REPORT
ISSUES/FUNCTIONALITY FIXED
ISSUES/FUNCTIONALLY IMPROVED
ISSUES UNDER WORK FOR NEXT C release
ISSUES TO BE FIXED BEFORE FINAL RELEASE
ISSUES FOR IMPLEMENTATION AFTER FINAL RELEASE
ISSUES WILL NOT BE ADDRESSED IN SHORT OR LONG TERM ( without serious cash donations

)

jookraw · Mon Sep 20, 2021 4:52 pm

Still no IPv6 prefix via DHCPv6 if PPPoE interface is VLAN tagged on RB5009:

/interface vlan
add interface=ether1 name=FTTH vlan-id=7
    
/interface pppoe-client
add add-default-route=yes interface=FTTH name=TELEKOM user=xxx#0001@t-online.de

/ipv6 dhcp-client
add interface=TELEKOM pool-name=GUA-pool6 request=prefix use-peer-dns=no

Have you tried to attach the vlan interface to the bridge and use the vlan filtering to allow only this vlan on that particular port?

mikegleasonjr · Mon Sep 20, 2021 5:00 pm

So for all the people complaining it still doesnt do X and Y, why do you ? They didnt state it was fixed?

I've seen the opposite quite often.. "hey this quite major thing is fixed, but it wasn't in the changelog"!

The LEDs now working as the user said above, is another example that wasn't in the changelogs.

So I now shoot everything to the wall and see what sticks.

I am a software engineer and I don't approve of Mikrotik practices regarding the software cycle, but they make good hardware. It would benefit them first, having a good change log.

msatter · Mon Sep 20, 2021 5:01 pm

On RC7 my IKEv2 connection to my VPN providers keeps working and it look that I can stay for a while on v7 now.

On two routes a automatic ECMP is created while that is not intention and finding the off switch for that is unknown to me. It seems that everything a /24 range is seen as so.

Scripting is still tricky because some parts are not working as before and checking a syntax by pasting into Terminal is taking AGES. For the rest I am a happy bunny and Unbound say hi also an no more pull-overs knitted till now.

Update: still running and smoother than before. On the PPPoE not able to use MTU 1500, I switch all MTU fields in PPPoE off and it now connects at 1492. That is better than the 1480 I got before on v7.

Mon Sep 20, 2021 5:10 pm

*) other fixes and improvements;

I thought the days of "fixed some stuff" were long behind Mikrotik

Not knowing _exactly_ what has changed wastes a lot of customers time testing to try and discover what the Mikrotik dev's have changed.

mfrey · Mon Sep 20, 2021 5:12 pm

After upgrade from rc3 to rc4 Cloudflare DoH does no longer work because of SSL errors, even though the DigiCert CA is in the certificate store. Deleting and reimporting the CA does not work.

After downgrade to rc3 DoH works as expected again.

IPv6 connection tracking with simple queue (cake and pcq) and queue tree is also still broken.

mikegleasonjr · Mon Sep 20, 2021 5:23 pm

After upgrade from rc3 to rc4 Cloudflare DoH does no longer work because of SSL errors, even though the DigiCert CA is in the certificate store. Deleting and reimporting the CA does not work.

After downgrade to rc3 DoH works as expected again.

Same here

eworm · Mon Sep 20, 2021 5:24 pm

After upgrade from rc3 to rc4 Cloudflare DoH does no longer work because of SSL errors, even though the DigiCert CA is in the certificate store. Deleting and reimporting the CA does not work.

I've seen this myself. Works again after importing the new intermediate certificate "DigiCert TLS Hybrid ECC SHA384 2020 CA1". No idea what changed to cause this.

erkexzcx · Mon Sep 20, 2021 5:29 pm

Out of curiosity - when does the Mikrotik is planning to release v7 as stable?

This is great that you are working on new features, but isn't it better to completely stop for now, focus on bug-fixes only and finally release v7 as stable?

davestahr · Mon Sep 20, 2021 5:32 pm

I only upgraded to 7.1rc3 and now rc4 as my first testing of the platform. hEX S PoE out when set to auto-detect doesn't work on either of those. When set to forced on, it works. Unit behind that port is a Ubiquiti CPE of some kind. Sorry don't know the exact model, it's up on a pole and installed by my WISP. Used to work fine throughout 6.x. Other PoE internally seems to be fine, but that's all Mikrotik gear powering other Mikrotik gear.

mikegleasonjr · Mon Sep 20, 2021 5:34 pm

After upgrade from rc3 to rc4 Cloudflare DoH does no longer work because of SSL errors, even though the DigiCert CA is in the certificate store. Deleting and reimporting the CA does not work.
I've seen this myself. Works again after importing the new intermediate certificate "DigiCert TLS Hybrid ECC SHA384 2020 CA1". No idea what changed to cause this.

/tool fetch url=https://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt
/certificate import file-name=DigiCertTLSHybridECCSHA3842020CA1-1.crt passphrase=""

see https://www.digicert.com/kb/digicert-ro ... icates.htm

Thanks, worked for me after that...

ivicask · Mon Sep 20, 2021 6:03 pm

Export creates code, that import can not read (starting with 7.1rc3):

Export:

/ip dhcp-client
add add-default-route=no disabled=yes interface=FFNK script=":if (\$bound = \"\

Import:

[admin@router] > import file-name=export.rsc verbose=yes
#line 1
/ip dhcp-client
#line 2
add add-default-route=no disabled=yes interface=FFNK script=":if (\$bound = \"\
expected end of command (line 1 column 75)
[admin@router] >

Can confirm issue still exists, exported code doesn't import back.

mkx · Mon Sep 20, 2021 6:13 pm

Still slow paste of code.

Emulation of tty at 2400 baud?

w0lt · Mon Sep 20, 2021 6:29 pm

*) other fixes and improvements;
I thought the days of "fixed some stuff" were long behind Mikrotik

Not knowing _exactly_ what has changed wastes a lot of customers time testing to try and discover what the Mikrotik dev's have changed.

My sentiments exactly !!

rextended · Mon Sep 20, 2021 6:38 pm

export not work

routing-mark=*4000 instead of mytable

/routing table
add disabled=no name=mytable

/ip firewall nat
add action=log chain=srcnat routing-mark=*4000

paintballer4lfe · Mon Sep 20, 2021 6:50 pm

export not work

routing-mark=*4000 instead of mytable
Code: Select all
/routing table
add disabled=no name=mytable

/ip firewall nat
add action=log chain=srcnat routing-mark=*4000

What's the routing mark it uses? I genuinely can't read that small of font size.

dksoft · Mon Sep 20, 2021 6:54 pm

Still no IPv6 prefix via DHCPv6 if PPPoE interface is VLAN tagged on RB5009:

Have you tried to attach the vlan interface to the bridge and use the vlan filtering to allow only this vlan on that particular port?

Yes, same result. As it works on CCR2004-1G-12X-2XS and RB4011, it might be something with the new switch chip. I don't know.

infabo · Mon Sep 20, 2021 6:56 pm

*) other fixes and improvements;

When you look at any v7 changelog, this is always the last line. v7 is actually the development-branch and they do not want to name/reflect each change in the changelog. They could for example create a changelog out of their for example VCS commits (if using a version control) and just provide us that auto-generated list of commit-messages. But there is either a barrier like maybe they write commit-messages not in english - so it would be not useful for most of us - or there is a management-barrier that denies doing so. We won't ever know.

osc86 · Mon Sep 20, 2021 7:19 pm

@dksoft, have you set use-ipv6=yes in your pppoe profile?

elbob2002 · Mon Sep 20, 2021 7:46 pm

Date and timestamp issue with netflow has been fixed!

Easen · Mon Sep 20, 2021 8:10 pm

The configuration no longer disappears when my RB4011 is rebooted.

Easen · Mon Sep 20, 2021 8:13 pm

This has been broken for a while. Have you raised a support ticket? I raised one a few weeks ago, perhaps if you raise one it might bump it up the priority queue.

export not work

routing-mark=*4000 instead of mytable
Code: Select all
/routing table
add disabled=no name=mytable

/ip firewall nat
add action=log chain=srcnat routing-mark=*4000
What's the routing mark it uses? I genuinely can't read that small of font size.

dksoft · Mon Sep 20, 2021 8:25 pm

@dksoft, have you set use-ipv6=yes in your pppoe profile?

Yes. The configuration works if you remove the VLAN tag and tag outside, e.g. with a switch between RB5009 and modem.
The root of the problem is VLAN on RB5009.

svmk · Mon Sep 20, 2021 8:43 pm

The configuration disappeared after upgrading my RB450Gx4 from RC3 to RC4 -. It's great that I made a backup

cAP ac (Caps-man mode) as well as RB750Gr3 and hAPac2 did not lose configuration

nescafe2002 · Mon Sep 20, 2021 8:48 pm

svmk, the config disappearing problem has been fixed - this was probably the last time

Try restoring the config on rc4 and rebooting - should work properly now.

Mon Sep 20, 2021 8:59 pm

*) other fixes and improvements;
mAPLite (7.1rc3 downgraded to rc2, now upgraded to rc4):
- LEDs functioning normal again
- No more need to toggle Wireguard peer status to have it kick in gear after startup (will have to verify on mAP 2nD and Hex when I am home but I assume it will be the same there)

Re: WG interface - strike that remark. Still not working on Map (tested 3 times, waited up to 15 minutes each) and Map Lite also did not come up on itself after reboot when coming home (10 minute wait).
I need to disable the peer on mAP (Lite) side, wait a bit and then enable the peer again (on mAP I have a script on button which does disable, waits 5 sec, enable). And THEN it comes up nicely (I have a simple netwatch with Hex IP and toggle of CAP/AC led as visible indicator so I can see it from the other side of the room). Once it's up, it's going for days.
I did not touch the Hex which acts as central point for my Wireguard testing.
Not a biggy for now (and something which can easily be fixed with a simple script, I'll take it as a learning opportunity

).
I do realize it's not finished yet and might need a bit more polishing to get these quirks ironed out but these interfaces need to start on their own. Don't they ?

One thing I also tried is completely removing the Wireguard settings on mAP and setting it up again. No difference.

mafiosa · Mon Sep 20, 2021 9:02 pm

After upgrade my bgp broke. Now my routes are not being announced to peers.

fragtion · Mon Sep 20, 2021 9:13 pm

After upgrade my bgp broke. Now my routes are not being announced to peers.

I had the same problem. What seems to have fixed it for me was disabling all BGP address-lists and re-enabling them.

infabo · Mon Sep 20, 2021 9:29 pm

Chateau LTE12: 7.1rc3 - > 7.1.rc4. Update ok. No issues so far.

mafiosa · Mon Sep 20, 2021 9:36 pm

After upgrade my bgp broke. Now my routes are not being announced to peers.
I had the same problem. What seems to have fixed it for me was disabling all BGP address-lists and re-enabling them.

Thanks for the tip it worked.

mducharme · Mon Sep 20, 2021 10:13 pm

IPv6 firewall nat has action=netmap available now, although not yet in winbox.

ofca · Mon Sep 20, 2021 10:27 pm

MTU >1500 on RB4011 SFP+ port still not fixed.

mjraiha · Mon Sep 20, 2021 10:28 pm

QuickSet & WebFig modes get mixed up on Web GUI when logging in:

Screenshot 2021-09-20 at 22.16.14.png

LTE transaction error I have already reported to support with supout.rif file.

msatter · Mon Sep 20, 2021 10:38 pm

MTU >1500 on RB4011 SFP+ port still not fixed.

I have a higher MTU on the SFP, PPPoE won't go further than 1492.

ofca · Mon Sep 20, 2021 10:47 pm

MTU >1500 on RB4011 SFP+ port still not fixed.
I have a higher MTU on the SFP, PPPoE won't go further than 1492.

Even 1501 byte pings do not pass through. Is this working on your side?

Grant · Mon Sep 20, 2021 11:09 pm

Hello,
hap ac2, low speed when the fasttrack rule is off and high speed if the fasttrack rule is on

as if the shaper turns on

on version 6 this was not

fragtion · Mon Sep 20, 2021 11:10 pm

My chr test system can no longer start the container that worked on rc3. No debug log output at all.

One of my chr also completely failed update from rc3 to rc4... it rebooted to blank screen and halted. I'd strongly recommend anyone using chr to create backup and/or snapshot before updating to rc4, until this can be confirmed ..

afink · Mon Sep 20, 2021 11:20 pm

Any specific improvements to MPLS or BGP?

Creating BGP4 peers in the web guis now works for the field local-AS. it shows something like 1234/0
the field for remote-AS however is not working. you can enter 1234/1234 but not just 1234.

Given nobody has a clue what /... means for an AS number this is rather weird.

So BGP4 is still 100% unusable under 7.1rc4... *sight*

msatter · Tue Sep 21, 2021 12:07 am

I have a higher MTU on the SFP, PPPoE won't go further than 1492.
Even 1501 byte pings do not pass through. Is this working on your side?

I did not manage to get any pings through the SFP or through the VLAN in front of it.

The packetsize (not fragemented) I can send is 1492 and added is 8 for PPPoE and 4 for VLAN so I am then on 1502

Sit75 · Tue Sep 21, 2021 1:09 am

Still no IPv6 prefix via DHCPv6 if PPPoE interface is VLAN tagged on RB5009:

/interface vlan
add interface=ether1 name=FTTH vlan-id=7
    
/interface pppoe-client
add add-default-route=yes interface=FTTH name=TELEKOM user=xxx#0001@t-online.de

/ipv6 dhcp-client
add interface=TELEKOM pool-name=GUA-pool6 request=prefix use-peer-dns=no

I have had the same issue on hAP ac^2. Due to I have raised ticket and there was good news today - people from Mikrotik were able to reproduce it and fix should be available in RC5.

In addition, I am using MTU = 1500, so PPPoE +8.

SiB · Tue Sep 21, 2021 1:56 am

Sit75 write:

I have had the same issue on hAP ac^2. Due to I have raised ticket and there was good news today - people from Mikrotik were able to reproduce it and fix should be available in RC5.
In addition, I am using MTU = 1500, so PPPoE +8.

You read post #35 from osc86? :

have you set use-ipv6=yes in your pppoe profile?

Jotne · Tue Sep 21, 2021 3:58 am

In older v7 version and for 6.x version, this command

:if ([/system routerboard get routerboard]) do={

gives no on CHR router OS, so that part will not run.

In 7.1 rc4 (not sure when it start to fail) this command fails and just give an error and hence my script does not work on latest RouterOS RC.

I can change it to some

:if ([/system resource get board-name]!="CHR") do={

but what other version should I test for?

nokipa · Tue Sep 21, 2021 8:05 am

PIM SM
what's that ?

deadkat · Tue Sep 21, 2021 8:47 am

...
hap ac2, low speed when the fasttrack rule is off and high speed if the fasttrack rule is on
...
on version 6 this was not

FastTrack enabled means firewall, queues, etc don't apply to your traffic. this is not a bug. its how ROS works.
https://help.mikrotik.com/docs/display/ ... -FastTrack

elbob2002 · Tue Sep 21, 2021 9:01 am

PIM SM
what's that ?

https://help.mikrotik.com/docs/pages/vi ... d=61767728

Kipk · Tue Sep 21, 2021 10:04 am

Updated my HAP AC2 fro rc3: it seems like bug with missing parts of configuration after reboot sucessfully fixed

afink · Tue Sep 21, 2021 10:14 am

Any specific improvements to MPLS or BGP?
Creating BGP4 peers in the web guis now works for the field local-AS. it shows something like 1234/0
the field for remote-AS however is not working. you can enter 1234/1234 but not just 1234.

Given nobody has a clue what /... means for an AS number this is rather weird.

So BGP4 is still 100% unusable under 7.1rc4... *sight*

for some reason this issue went away by itself. Maybe GUI code in cache or something like this. I'm really puzzled.
Now I upgraded one of my BGP edge routers to 7.1rc4 and hell broke loose. Route filters are gone. totally different to configure and impossible complex to do even the simplest things. This is really a huge step back in RouterOS despite a lot of improvements in OSPF and general routing (routing IPv6 on VLANs finally works...!)

A BGP4 routing filter I'm struggling with to convert from Release 6 to Release 7:

/routing filter>
add action=accept bgp-as-path="^\$" chain=MY_NETWORKS set-bgp-prepend=2
add action=accept bgp-as-path="^(_1234)+\$" chain=MY_NETWORKS
add action=accept bgp-as-path="^(_5678)+\$" chain=MY_NETWORKS
add action=accept bgp-as-path="^(_9102)+\$" chain=MY_NETWORKS
add action=accept bgp-as-path="^(_3456)+\$" chain=MY_NETWORKS
add action=reject bgp-as-path=.* chain=MY_NETWORKS

It basically includes all networks (AS1234,5678,9102,3456) which are transiting through me and it prepends my own AS 2 times.
The prepend is not so important right now so I skipped it for later. But only announcing my own and my customer's route to my peers is vital. If I send them a full routing table, they will kill the connection (route limit reached) or I will get lots of unwanted, unpaid traffic.

Due to the fact that the upgrade process does not convert route filters automatically, I have to convert it by hand. Well we are still in alpha release where not all features are complete so this is not so unexpected. However the new way of defining filters is twisting my head.

When converting this by hand into Release 7, I get into quoting / escaping hell.

The closest I got is this:

/routing filter rule
add chain= MY_NETWORKS rule="if(bgp-as-path ^\$ ) {accept}"
add chain= MY_NETWORKS rule="if(bgp-as-path 1234+\$ ) {accept}"
add chain= MY_NETWORKS rule="if(bgp-as-path 5678+\$ ) {accept}"
add chain= MY_NETWORKS rule="if(bgp-as-path 9102+\$ ) {accept}"
add chain= MY_NETWORKS rule="if(bgp-as-path 3456+\$ ) {accept}"

However when trying to use a regular expression containing _ or ( or ), you get syntax errors in masses.
If you use _ you end up with a real space in the config doing nothing.
If you use ^ you need to put \\\ in front
If you use ) it closes the "if" instead of being part of the expression etc etc.

If anyone has a clue on how to encode this correctly, let me know....
As above the rule let pass AS991234 as well which it shouldn't. So the whitespace in front of the number is important.

For non Regex experts:

_1234+$ means 1234 at the end of the string must be present preceded by a whitespace (or the start of the string).
1234+$ only means any string ending with 1234. So this also matches 991234, 11234 etc.

anthonws · Tue Sep 21, 2021 10:21 am

Date and timestamp issue with netflow has been fixed!

Finally! I stopped bothering and did not check. I will do it now

Update: I can confirm it is indeed fixed! I've spent so many hours tshooting this, thinking the issue was with my Kibana or logstash that I can no longer count them... Eventually I pinpointed it to ROS update.
I collected all of the evidences pointing out that it was indeed a ROS issue. I've opened a support case with Mikrotik and sent all of the detailed info. Many weeks later I got an answer that they could not repro.
Funny that something that was not possible to repro was fixed...
So, not only it is not part of the change log, as no one actually cares about customer reporting bugs with detailed info. Not happy...

jookraw · Tue Sep 21, 2021 11:08 am

I have a higher MTU on the SFP, PPPoE won't go further than 1492.
Even 1501 byte pings do not pass through. Is this working on your side?

Strange, I have PPPoE(MTU 1540) over a VLAN(MTU 1600) on a bridge(MTU 6000) and have no MTU issues...

[@RB4011] > interface print 
Flags: X, R - RUNNING; S - SLAVE
Columns: NAME, TYPE, ACTUAL-MTU, L2MTU, MAX-L2MTU, MAC-ADDRESS
 #    NAME          TYPE       ACTUAL-MTU  L2MTU  MAX-L2MTU  MAC-ADDRESS      
 0 RS 10g-sfp+1     ether            6000   6200       9586  XX:XX:XX:XX:XX:xx
...
13 R  Home_vlan     vlan             4088   6196             XX:XX:XX:XX:XX:xx
...
15 R  PPPoEv4       pppoe-out        1540                                     
16 R  PPPoEv6       pppoe-out        1540                                     
...
18 R  WAN_vlan      vlan             1600   6196             XX:XX:XX:XX:XX:xx
19 R  bridge        bridge           6000   6200             XX:XX:XX:XX:XX:xx
...

[@RB4011] > interface vlan export

/interface vlan
add interface=bridge mtu=4088 name=Home_vlan vlan-id=88
add interface=bridge mtu=1600 name=WAN_vlan vlan-id=35
[@RB4011] > interface bridge export

/interface bridge
add name=bridge priority=0x4000
/interface bridge port
add bridge=bridge ingress-filtering=no interface=10g-sfp+1

[@RB4011] > interface pppoe-client export 
/interface pppoe-client
add add-default-route=yes disabled=no interface=WAN_vlan name=PPPoEv4 user=blablabla
add disabled=no interface=WAN_vlan name=PPPoEv6 user=blablabla/ipv6

afink · Tue Sep 21, 2021 11:14 am

I have a higher MTU on the SFP, PPPoE won't go further than 1492.
Even 1501 byte pings do not pass through. Is this working on your side?

larger MTUs in 7.1rc4 work for me. I'm not using PPPoE but bridges & vlans & ipsec tunnels over it. And OSPF also dislikes MTU mismatches.
So getting your MTU's right is vital.

If you have VLAN's on a bridge, make sure your physical interface has a large enough MTU and the Bridge is configured for a MTU size large enough.
If only one physical interface added to a bridge has a smaller MTU, the whole bridge inherits this smaller MTU and thus your VLAN interface inherits it too.

The WebGUI usually shows the current MTU and does not let you set a bigger value if the underlying infrastructure has smaller ones.

vaka · Tue Sep 21, 2021 11:16 am

I had the same problem. What seems to have fixed it for me was disabling all BGP address-lists and re-enabling them.
Thanks for the tip it worked.

and how and where do you describe BGP address-lists?

I have described the address list in the firewall

/ip firewall address-list
add address=172.16.10.0/24 list=AS65172
add address=172.16.11.0/24 list=AS65172

created routing filter

/routing filter rule
add chain=bgp_AS65172_out rule="if(dst in AS65172) {accept} else {reject}"

and added it as output filter to AS65172 connection

/routing bgp connection
add as=65172 connect=yes disabled=no input.filter=bgp_AS65172_in listen=yes local.role=ibgp name=AS65172 \
output.filter-chain=bgp_AS65172_out .redistribute=connected,static remote.address=xx.xx.xx.xx .as=65172 \
router-id=yy.yy.yy.yy routing-table=main

but It does not advertised to the neigbor

Manfred · Tue Sep 21, 2021 11:17 am

Updated a RB2011 and a Chateau LTE12 from rc3 to rc4.
Problem with OVPN - Server on both boards:
If the "Require Client Certificate" in the Server settings is checked,
no tunnel can be established.
Logging on Server side shows TLS-error !
After unchecking, tunnels are established as excpected.

So I downgraded to rc3 and everything ( even with activated "Require Client Certificate" ) went back to normal !

Anybody else observed this problem ?

Sit75 · Tue Sep 21, 2021 1:07 pm

Sit75 write:
I have had the same issue on hAP ac^2. Due to I have raised ticket and there was good news today - people from Mikrotik were able to reproduce it and fix should be available in RC5.
In addition, I am using MTU = 1500, so PPPoE +8.
You read post #35 from osc86? :
have you set use-ipv6=yes in your pppoe profile?

Sure, flag IPv6 is "Yes" in assigned profile.

doubleluck · Tue Sep 21, 2021 2:01 pm

Still showing wrong voltage 0,5v and temperature doesn't presents on rb750gr3

nokipa · Tue Sep 21, 2021 2:43 pm

Thanks for the tip it worked.
and how and where do you describe BGP address-lists?

I have described the address list in the firewall
Code: Select all
/ip firewall address-list
add address=172.16.10.0/24 list=AS65172
add address=172.16.11.0/24 list=AS65172
created routing filter
Code: Select all
/routing filter rule
add chain=bgp_AS65172_out rule="if(dst in AS65172) {accept} else {reject}"
and added it as output filter to AS65172 connection
Code: Select all
/routing bgp connection
add as=65172 connect=yes disabled=no input.filter=bgp_AS65172_in listen=yes local.role=ibgp name=AS65172 \
output.filter-chain=bgp_AS65172_out .redistribute=connected,static remote.address=xx.xx.xx.xx .as=65172 \
router-id=yy.yy.yy.yy routing-table=main
but It does not advertised to the neigbor

Try disable enable your filter rule, it works for me

msatter · Tue Sep 21, 2021 2:47 pm

Crossfig converted my Mangle route rules wrong.

In the converted rule, the target IP was changed to the gateway IP of the target router. The target router was asking himself where the traffic then should be directed.

This was traffic incoming from the outside.

fragtion · Tue Sep 21, 2021 2:52 pm

Thanks for the tip it worked.
and how and where do you describe BGP address-lists?

I have described the address list in the firewall
Code: Select all
/ip firewall address-list
add address=172.16.10.0/24 list=AS65172
add address=172.16.11.0/24 list=AS65172
created routing filter
Code: Select all
/routing filter rule
add chain=bgp_AS65172_out rule="if(dst in AS65172) {accept} else {reject}"
and added it as output filter to AS65172 connection
Code: Select all
/routing bgp connection
add as=65172 connect=yes disabled=no input.filter=bgp_AS65172_in listen=yes local.role=ibgp name=AS65172 \
output.filter-chain=bgp_AS65172_out .redistribute=connected,static remote.address=xx.xx.xx.xx .as=65172 \
router-id=yy.yy.yy.yy routing-table=main
but It does not advertised to the neigbor

You need to set "output.network=AS65172" for your bgp Connection instance. That's where you tell it to advertise the prefixes in the address list now

anthonws · Tue Sep 21, 2021 2:55 pm

SUP-61109 - Still cannot update RB2011 past 7.1 beta 6...

Thanks,
anthonws.

vaka · Tue Sep 21, 2021 3:58 pm

Try disable enable your filter rule, it works for me

I removed whole bgp-related config and paste it again. And it works now. A kind of mystery...

You need to set "output.network=AS65172" for your bgp Connection instance. That's where you tell it to advertise the prefixes in the address list now

No, this is not necessary.

Thank you guys!

nokipa · Tue Sep 21, 2021 4:31 pm

hello,

please don't forget about logging system on the next rc, since to few to see on v7 (i've been wondering why ospf state stays on exchange to long

no error about MTU missmatch, we use to have this kind of error

)

dmfr · Tue Sep 21, 2021 5:41 pm

Export creates code, that import can not read (starting with 7.1rc3):

Unfortunately true.
However,

/export show-sensitive terse

produces export code that can be imported successfully, for a full config restore.

On the bright side, such export now works with :

/system/reset-configuration keep-users=yes no-defaults=yes skip-backup=yes run-after-reset=myexport.rsc

with no need to insert a ":delay xx" on first statement, even with RB4011iGS+5HacQ2HnD.

dksoft · Tue Sep 21, 2021 6:24 pm

Export creates code, that import can not read (starting with 7.1rc3):
Unfortunately true.
However,
Code: Select all
/export show-sensitive terse
produces export code that can be imported successfully, for a full config restore.

I can not confirm that. If there is a script in the command, as in my example above, it still fails.

vmarcelino · Tue Sep 21, 2021 6:30 pm

RouterOS version 7.1rc4 has been released in public "development" channel!

What's new in 7.1rc4 (2021-Sep-20 13:18):

*) improved filesystem and configuration storage stability;
*) show "expired password" prompt for users with blank password;
*) other fixes and improvements;

All released RouterOS v7 changelogs are available here:
https://mikrotik.com/download/changelog ... lease-tree

My router comes back unconfigured after upgrading from version 7.1rc3 to 7.1rc4.
When trying to restore a backup of version 7.1rc3 or any version 6.x over 7.1rc4 software the hardware restarts, after boot the router remains unconfigured.
It was necessary to reconfigure the router.
I hope to have alerted new testers!

mafiosa · Tue Sep 21, 2021 6:57 pm

My router comes back unconfigured after upgrading from version 7.1rc3 to 7.1rc4.
When trying to restore a backup of version 7.1rc3 or any version 6.x over 7.1rc4 software the hardware restarts, after boot the router remains unconfigured.
It was necessary to reconfigure the router.
I hope to have alerted new testers!

Mine went fine from RC3 to RC4 on both RB3011 and HAP AC^2

Grant · Tue Sep 21, 2021 7:02 pm

...
hap ac2, low speed when the fasttrack rule is off and high speed if the fasttrack rule is on
...
on version 6 this was not
FastTrack enabled means firewall, queues, etc don't apply to your traffic. this is not a bug. its how ROS works.
https://help.mikrotik.com/docs/display/ ... -FastTrack

This is not the right job. On v6 there was no such behavior. v6 easily transferred over wi-fi 100 megabits without FastTrack!

irghost · Tue Sep 21, 2021 8:48 pm

wireguard Peer problem with "::/0" still exist

jookraw · Tue Sep 21, 2021 8:57 pm

Yes. The configuration works if you remove the VLAN tag and tag outside, e.g. with a switch between RB5009 and modem.
The root of the problem is VLAN on RB5009.

I just got my RB5009 and my FTTH connection works perfectly using a tagged vlan with IPv6 and prefix works.

Maybe the fact that my ISP gives me IPv4 and IPv6 via separate PPPoE may be the reason?

my relevant parts of the config are below (try reproducing it):

# sep/21/2021 19:50:42 by RouterOS 7.1rc4
# model = RB5009UG+S+
/interface bridge
add ingress-filtering=no name=bridge vlan-filtering=yes
/interface vlan
add interface=bridge mtu=1600 name=WAN_vlan vlan-id=35
/interface pppoe-client
add add-default-route=yes interface=WAN_vlan name=PPPoEv4 user=*****
add interface=WAN_vlan name=PPPoEv6 user=*****
/interface bridge port
add bridge=bridge ingress-filtering=no interface=ether8 pvid=88
/interface bridge vlan
add bridge=bridge tagged=bridge,ether8 vlan-ids=35
/ipv6 dhcp-client
add add-default-route=yes interface=PPPoEv6 pool-name=GUA-pool rapid-commit=\
    no request=prefix use-peer-dns=no

Kindis · Tue Sep 21, 2021 9:14 pm

RouterOS version 7.1rc4 has been released in public "development" channel!

What's new in 7.1rc4 (2021-Sep-20 13:18):

*) improved filesystem and configuration storage stability;
*) show "expired password" prompt for users with blank password;
*) other fixes and improvements;

All released RouterOS v7 changelogs are available here:
https://mikrotik.com/download/changelog ... lease-tree
My router comes back unconfigured after upgrading from version 7.1rc3 to 7.1rc4.
When trying to restore a backup of version 7.1rc3 or any version 6.x over 7.1rc4 software the hardware restarts, after boot the router remains unconfigured.
It was necessary to reconfigure the router.
I hope to have alerted new testers!

I'm willing to bet that this issue is related to rc3 and did not happen due to upgrade but due to reboot.
I had a CHR and a 750gr3 that all lost config during reboot if they had been running for more then a few hours with load.
If I did a reboot it was config reset and even the user became admin with blank password.
Did a test now on RC4 and the issue did not happen during reboot so I hope it is fixed.

mducharme · Tue Sep 21, 2021 10:45 pm

SUP-61109 - Still cannot update RB2011 past 7.1 beta 6...

This is probably not an issue with 7.1rc4, but rather with 7.1beta6. I was unable to upgrade my RB4011 above 7.1beta6 until I did a reset to no-defaults and uploaded the 7.1rc npk file to the device using MAC Winbox. A bug in 7.1beta6 caused it to crash on reboot, preventing any successful upgrade or downgrade.

SirPrikol · Tue Sep 21, 2021 11:04 pm

We are waiting for "synthetic" routes for / 32, / 25, etc

Advertise it from ip firewall address-list

deadkat · Wed Sep 22, 2021 12:02 am

A couple of observations from poking around the new RC with a coworker today:

the container package stays installed when downgrading from RC4 to 6.47.10.

steps to reproduce:
1) have hardware running RC4, does not matter how it was installed
2) upload appropriate 6.47.10 NPKs for your device
3) /system package downgrade

This was done on a hAP ac3 LTE6

Screenshot 2021-09-21 143158.png

--------------------------------------------------

looks like the protected routerboot option is gone from hAP ac3 LTE6 and RB4011

Screenshot 2021-09-21 154742.png

Screenshot 2021-09-21 160117.png

edit: removed inaccurate info

benoitc · Wed Sep 22, 2021 12:06 am

Is MLAG working better with these latest releases?

dmfr · Wed Sep 22, 2021 1:07 am

Unfortunately true.
However,
Code: Select all
/export show-sensitive terse
produces export code that can be imported successfully, for a full config restore.
I can not confirm that. If there is a script in the command, as in my example above, it still fails.

My mistake. You're right.
Didn't test "export terse" with inline scripts.

mducharme · Wed Sep 22, 2021 1:12 am

looks like the protected routerboot option is gone from hAP ac3 LTE6 and RB4011

Protected routerboot seems to be gone from Winbox but still present in the CLI.

deadkat · Wed Sep 22, 2021 2:01 am

looks like the protected routerboot option is gone from hAP ac3 LTE6 and RB4011
Protected routerboot seems to be gone from Winbox but still present in the CLI.

confirmed, its still in CLI, sorry I didn't think to check that before posting. I've just rolled my 4011 back to RC3, RC2, RC1, and confirmed it does the same thing on those versions as well. tried using both winbox 3.30 and 3.31. can't use older versions of winbox since ROS v7.1RC1. I also downgraded routerboot with each ROS change. gui option is gone on all of the above.

After that I tried going to 7.1beta6, which will allow older versions of winbox, and the gui option is there on winbox versions 3.31, 3.30, and 3.29. not sure if worth mentioning but all of the above testing was done with 64bit version of WB, not 32bit.

ivantirado · Wed Sep 22, 2021 4:34 am

IPv6 traffic doesn't flow through the router when a Simple Queue is active. I setup a Simple Queue with target LAN Interface and Destination WAN interface - and queue type FQ_Codel. When the queue is active, IPv6 traffic doesn't work, queue inactive - it works again. This problem isn't new, also had it in 7.1rc3

Wed Sep 22, 2021 5:37 am

Is MLAG working better with these latest releases?

There are still issues in rc4 with MLAG. Specifically if you add ports to the bridge that has MLAG ports in it, it will cause traffic flow across the bridge to stop to some ports. You then need to disable/enable the bridge to get it working, or reboot the switch.

mducharme · Wed Sep 22, 2021 5:40 am

This problem isn't new, also had it in 7.1rc3

As a workaround, you can use queue trees with the parent set to the LAN and WAN interfaces, rather than simple queues. I've been running this since earlier betas with fq_codel with both IPv4 and IPv6 traffic and had no issues.

colin · Wed Sep 22, 2021 6:54 am

Which is correct about the disk format?

format_disk.png

diskformat_gui.png

diskformat_cli.png

nokipa · Wed Sep 22, 2021 7:28 am

hi guys, sorry maybe it's noob question

but how to create filter rule on v7, like from v6 ?
i've been looking on wiki, but could find prefix-length, or just use dst-len ?

Flags: X - disabled 
 0   chain=bgp-out prefix=10.10.0.0/16 prefix-length=16-24 action=accept

giulianoz · Wed Sep 22, 2021 8:15 am

RC -X REPORT
ISSUES/FUNCTIONALITY FIXED
ISSUES/FUNCTIONALLY IMPROVED
ISSUES UNDER WORK FOR NEXT C release
ISSUES TO BE FIXED BEFORE FINAL RELEASE
ISSUES FOR IMPLEMENTATION AFTER FINAL RELEASE
ISSUES WILL NOT BE ADDRESSED IN SHORT OR LONG TERM ( without serious cash donations )

I would suggest opening a GitHub project (or similar) to manage issues and milestones. This would make things easier once it is up and running

Wed Sep 22, 2021 8:18 am

Using tool ip-scan and interface wireguard throws an error although the interface is up and running, traffic goes over it.

Observed on 7.1rc3 (Hex) and 7.1rc4 (mAP)
Doing the same with no interface specified, does give results.

[-----@mAP2nD] > tool ip-scan interface=wireguard address-range=10.255.255.0/24
failure: interface is not enabled
[-----@mAP2nD] > tool ip-scan address-range=10.255.255.0/24
Columns: ADDRESS, TIME
ADDRESS TIME
10.255.255.2 7ms
10.255.255.1 59ms

This capture was made using ssh from Hex to mAP, which also proves the WG itf itself IS working

mkx · Wed Sep 22, 2021 8:22 am

I would suggest opening a GitHub project (or similar) to manage issues and milestones. This would make things easier once it is up and running

Being a positive person I'm pretty sure MT is using some sort of change tracking in ROS (e.g. GitHub), but their business decision is to keep pretty silent about particular changes in ROS. After all, isn't that what's closed source software all about? And I don't see this changing with ROS ...

ivicask · Wed Sep 22, 2021 9:13 am

4011 rebooted after 1 day 15 hours uptime RC4, no crash log generated..

Wed Sep 22, 2021 9:17 am

hi guys, sorry maybe it's noob question

but how to create filter rule on v7, like from v6 ?
i've been looking on wiki, but could find prefix-length, or just use dst-len ?

Here:
https://help.mikrotik.com/docs/display/ ... ingFilters

nokipa · Wed Sep 22, 2021 9:24 am

Here:
https://help.mikrotik.com/docs/display/ ... ingFilters

like this ?

/routing/filter/rule
add chain=BGP_OUT rule="if (dst-len>13 && dst-len<31 && dst in 172.16.0.0/16) { accept }"

anthonws · Wed Sep 22, 2021 10:10 am

SUP-61109 - Still cannot update RB2011 past 7.1 beta 6...
This is probably not an issue with 7.1rc4, but rather with 7.1beta6. I was unable to upgrade my RB4011 above 7.1beta6 until I did a reset to no-defaults and uploaded the 7.1rc npk file to the device using MAC Winbox. A bug in 7.1beta6 caused it to crash on reboot, preventing any successful upgrade or downgrade.

Understood. Will try that.

Thanks!

GShock · Wed Sep 22, 2021 10:47 am

Strange story, but I found that now default antenna gain is 2db but previously was 0 db and now there is no option on WInbox to change antenna gain. hap ac lite. Check please is it only for me?

mkx · Wed Sep 22, 2021 11:59 am

Strange story, but I found that now default antenna gain is 2db but previously was 0 db and now there is no option on WInbox to change antenna gain. hap ac lite. Check please is it only for me?

This is an old story, didn't start with v7.

Antenna gain information is used in calculations about maximum actual Tx power that is allowed to be used in order to stay within country limitations. Devices with built-in antennae have this information set in factory as minimum setting and it is not possible to set it lower.
With recent versions of ROS v6, it is possible to set antenna gain via CLI (the minimum value allowed limitation still applies).

vaka · Wed Sep 22, 2021 12:06 pm

hi guys, sorry maybe it's noob question

but how to create filter rule on v7, like from v6 ?
i've been looking on wiki, but could find prefix-length, or just use dst-len ?
Code: Select all
Flags: X - disabled 
 0   chain=bgp-out prefix=10.10.0.0/16 prefix-length=16-24 action=accept

something like this

/routing/filter/rule/add chain=bgp_out rule="if(dst==10.10.0.0/16 && dst-len in 16-24) {accept}"

eworm · Wed Sep 22, 2021 12:17 pm

something like this

/routing/filter/rule/add chain=bgp_out rule="if(dst==10.10.0.0/16 && dst-len in 16-24) {accept}"

I think you can not use "in" with "dst-len"...
Even ">=" and "<=" do not work. At least the latter would be nice, makes it more readable imho.

rplant · Wed Sep 22, 2021 12:59 pm

Hapac^2

in RC4, iperf3 in container seems pretty solid.

I made a script to remove/create the /container settings on reboot,
seems to work ok. (Though doesn't reuse the existing container)

Might be nice to be able to use name=mycontainername

vaka · Wed Sep 22, 2021 1:51 pm

something like this
Code: Select all
/routing/filter/rule/add chain=bgp_out rule="if(dst==10.10.0.0/16 && dst-len in 16-24) {accept}"
I think you can not use "in" with "dst-len"...
Even ">=" and "<=" do not work. At least the latter would be nice, makes it more readable imho.

look at filter rule syntax. https://help.mikrotik.com/docs/pages/vi ... d=74678285

[num prop readable]
dst-len
...
[matcher]
...
[num prop readable]
in
{int..int}|{int-int}
==|!=|<=|>=|<|>
{int}

so you can use
dst-len in 16-24, dst-len in 16..24, or any combination of == != <= >= < > with a single number followed

nokipa · Wed Sep 22, 2021 2:16 pm

something like this

/routing/filter/rule/add chain=bgp_out rule="if(dst==10.10.0.0/16 && dst-len in 16-24) {accept}"

my goodness.. thank you

anyone find where we can check advertisement route ?
v6 would be routing bgp advertisement where peer=<peername>

trying on v7
ip route no luck
routing/route no luck
routing/bgp/session no luck
searching help.mikrotik no luck

thank you for the help

vaka · Wed Sep 22, 2021 3:14 pm

anyone find where we can check advertisement route ?

Nowhere for now. Waiting if it appeared in next releases.

eworm · Wed Sep 22, 2021 3:21 pm

look at filter rule syntax. https://help.mikrotik.com/docs/pages/vi ... d=74678285

Ah, interesting... Still my findings are different from what the documentation says.

This one works:

/routing filter rule add chain=ospf_out rule="if (dst in 10.0.0.0/8 && dst-len>19 && dst-len<23 && protocol static) { accept }"

Tried this and it made my router go mad:

/routing filter rule add chain=ospf_out disabled=yes rule="if (dst in 10.0.0.0/8 && dst-len in 20-22 && protocol static) { accept }"

And this is not even accepted:

[admin@MikroTik] /routing/filter/rule> add chain=ospf_out rule="if (dst in 10.0.0.0/8 && dst-len >= 20 && dst-len <= 22 && protocol static) { accept }"
failure: "Word {dst-len} > Word {=} Word {20} " - invalid argument

vaka · Wed Sep 22, 2021 5:38 pm

look at filter rule syntax. https://help.mikrotik.com/docs/pages/vi ... d=74678285
Ah, interesting... Still my findings are different from what the documentation says.

Tried such syntax (dst==a.b.c.d/22 && dst-len in 24-24) in my filters and broke bgp routing at all.
Also lost access via winbox. now ssh only

So I think filters stability and correctness is far to be complete

rextended · Wed Sep 22, 2021 5:48 pm

Because "in" work for check if an IP are inside one range, not for check if a number is inside an interval...

[prfx prop readable]
!=|==|in
{address 46/}

like

1.1.1.1/32 in 1.0.0.0/8

probably this is the right way

/routing filter rule add chain=ospf_out disabled=yes \
    rule="if ( (dst in 10.0.0.0/8) && (dst-len>=20) && (dst-len<=22) && (protocol static) ) { accept }"

eworm · Wed Sep 22, 2021 6:11 pm

Your example is covered by prefix property. Have another look at the documentation, my example is covered by num property.

rextended · Wed Sep 22, 2021 6:22 pm

Your example is covered by prefix property. Have another look at the documentation, my example is covered by num property.

what I copy & paste from help is the fact that the "in" can be applied only to prefix...

vaka · Wed Sep 22, 2021 6:23 pm

Because "in" work for check if an IP are inside one range, not for check if a number is inside an interval...

[prfx prop readable]
!=|==|in
{address 46/}

read carefully. dst-len is [num prop readable] not prfx.

[num prop readable]
in <---- in allowed
{int..int}|{int-int} <----- interval
==|!=|<=|>=|<|>
{int}

I assume it just not implemented yet but documented

rextended · Wed Sep 22, 2021 6:26 pm

Please at this point put "all" not under or lower part

rule code

[num prop readable]
dst-len

[prfx prop readable]
dst

[num prop readable]
    in
        {int..int}|{int-int}
    ==|!=|<=|>=|<|>
        {int}
    [num prop readable]

[prfx prop readable]
    !=|==|in
        {address 46/}

Wed Sep 22, 2021 6:26 pm

dst-len in 24-24 can be simply written as dst-len == 24

rextended · Wed Sep 22, 2021 6:28 pm

dst-len in 24-24 can be simply written as dst-len == 24

Please ignore @vaka wrong example, consider this:

@eworm
dst-len in 20-22

eworm · Wed Sep 22, 2021 6:35 pm

@eworm
dst-len in 20-22

That's exactly what I tried. Device goes nuts: Rule does not work, device becomes unresponsive and CPU is at 100%.

aleksis · Wed Sep 22, 2021 6:38 pm

Currently this causes a crash. Will be fixed in rc5.

aleksis · Wed Sep 22, 2021 6:40 pm

And this is not even accepted:

[admin@MikroTik] /routing/filter/rule> add chain=ospf_out rule="if (dst in 10.0.0.0/8 && dst-len >= 20 && dst-len <= 22 && protocol static) { accept }"
failure: "Word {dst-len} > Word {=} Word {20} " - invalid argument

Also fixed in rc5.

vaka · Wed Sep 22, 2021 8:08 pm

dst-len in 24-24 can be simply written as dst-len == 24

Yes I know. But dst-len in 24-24 is the correct syntax and should do the same as dst-len==24

Thu Sep 23, 2021 8:09 am

Strange story, but I found that now default antenna gain is 2db but previously was 0 db and now there is no option on WInbox to change antenna gain. hap ac lite. Check please is it only for me?

devices with build in antennas have their actual gain hardcoded. if you wanted to change output power, use it with the proper setting and leave the gain alone

Thu Sep 23, 2021 8:54 am

7.1rc3 and 4
btest server / bandwidth test
the counters for TX don't show any values.

Not on server side, not on client side.
Reversing server and client gives the same result: no TX counters.

Info from server side:

# CLIENT                                                            PROTOCOL DIRECTION USER                          TX-CURRENT RX-CURRENT
 0 ::ffff:10.255.255.1                                               udp      send      holvoetn                            0bps
 0 ::ffff:10.255.255.1                                               udp      send      holvoetn                            0bps
 0 ::ffff:10.255.255.1                                               udp      send      holvoetn                            0bps
 0 ::ffff:10.255.255.1                                               udp      send      holvoetn                            0bps
 0 ::ffff:10.255.255.1                                               udp      send      holvoetn                            0bps
 0 ::ffff:10.255.255.1                                               udp      send      holvoetn                            0bps
 0 ::ffff:10.255.255.1                                               udp      send      holvoetn                            0bps
 0 ::ffff:10.255.255.1                                               udp      send      holvoetn                            0bps

[holvoetn@mAP2nD] /tool/bandwidth-server/session> print follow
 # CLIENT                                                            PROTOCOL DIRECTION USER                          TX-CURRENT RX-CURRENT
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                       0bps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                    2.3Mbps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                  932.8kbps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                 1239.9kbps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                 1160.3kbps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                 1285.4kbps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                 1376.4kbps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                 1478.8kbps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                 1490.2kbps
 0 ::ffff:10.255.255.1                                               udp      receive   holvoetn                                 1319.6kbps

Info from client side:

[holvoetn@MTHex] /tool> bandwidth-test 192.168.90.1 duration=120 protocol=udp user=----- passw
ord=----- direction=receive
                status: done testing
              duration: 2m
            rx-current: 0bps
  rx-10-second-average: 0bps
      rx-total-average: 0bps
          lost-packets: 0
           random-data: no
             direction: receive
               rx-size: 1450
      connection-count: 20
        local-cpu-load: 1%
       remote-cpu-load: 5%

[holvoetn@MTHex] /tool> bandwidth-test 192.168.90.1 duration=120 protocol=udp user=----- passw
ord=----- direction=transmit
                status: done testing
              duration: 2m
            tx-current: 193.3kbps
  tx-10-second-average: 195.6kbps
      tx-total-average: 430.4kbps
           random-data: no
             direction: transmit
               tx-size: 1450
      connection-count: 20
        local-cpu-load: 1%
       remote-cpu-load: 6%

[holvoetn@MTHex] /tool>

Milecus · Thu Sep 23, 2021 9:02 am

Devices:

1) RBLHGR r2 (mipsbe), F/W: 7.1rc4

2) Telit LM960A18, F/W: 32.00.116 (latest)
MBIM mode (AT#USBCFG=2)

Problems:

1) Periodically occur: lte1 transaction error
(introduced in v7.0beta7)

2) together with the lte1 interface
the ppp-out1 interface rises;
when trying to change it to the "Disable" state:
in log: ppp-out1: terminating...
after a while a window appears:
Couldn't change Interface <ppp-out1> - timeout (13)
(introduced in v7.1rc1)

3) Monitor lte1:
CA Band - shows nothing (Telit AT#CAINFO? shows it)
RSSI - shows incorrectly
RSRP - shows correctly
RSRQ - shows values divided by 10
(introduced in v7.1beta6)

rpingar · Thu Sep 23, 2021 10:44 am

we discovered two issue about bonding and 7.1rc4 on x86 and intel cards:
- first issue: After the reboot the phisical ports remain down
To have them working again you have to disable the bonding. As soon as you disable the bonding MT starts to report the ports UP and then eneable the bonding you have it working.
I am able to reproduce the issue also on a working bonding, where I disable one bonding interface, then reenabled it, the renabled port doesn't go up in Running mode, the only way to have to port working again is to disable the bonding and reenable it.

- second issue simmes related to "link monitoring=none", when there is the bonding in this config and I chanhe the remote side, for exemple changing the hash from l3/l4 to l2 the bonding stops to forward the traffic.
my workaround for this is to use linkmonitoring =mii on both side of the bonding (v6 is at the remote side).

hope you can catch and fix the issue ASAP.

MikroTik support #[SUP-61316]: v7.1rc4 and bonding on x86 Intel Cards - 2 issues

regards
Ros

mjraiha · Thu Sep 23, 2021 11:15 am

Devices:

1) RBLHGR r2 (mipsbe), F/W: 7.1rc4

2) Telit LM960A18, F/W: 32.00.116 (latest)
MBIM mode (AT#USBCFG=2)

Problems:

1) Periodically occur: lte1 transaction error
(introduced in v7.0beta7)

2) together with the lte1 interface
the ppp-out1 interface rises;
when trying to change it to the "Disable" state:
in log: ppp-out1: terminating...
after a while a window appears:
Couldn't change Interface <ppp-out1> - timeout (13)
(introduced in v7.1rc1)

3) Monitor lte1:
CA Band - shows nothing (Telit AT#CAINFO? shows it)
RSSI - shows incorrectly
RSRP - shows correctly
RSRQ - shows values divided by 10
(introduced in v7.1beta6)

I have created support ticket and delivered supout.rif (SUP-58554) about similar issues with RBM33G + Telit LM960A18, F/W: 32.00.116 (latest) MBIM mode (AT#USBCFG=2). I see the same transaction error message also.

1) modem settings are broken on /interface lte at-chat 0 input="AT+CGDCONT?" as these don't seem to match what's set on active /interface/lte/apn
2) on WebGUI
-band string is broken
-CA band is missing although it’s is use
-MCS value is missing
3) I'm trying to take multi-APN into use to get multiple addresses into use
-"public IPv4" to enable VPN access into my network
-"private IPv4" to enable better performance and "public IPv4" is bottlenecked on ISP side
-IPv6 - still trying to out find reason why address is not taken into use although logs show that address is given by modem side

benoitc · Thu Sep 23, 2021 12:04 pm

Is MLAG working better with these latest releases?
There are still issues in rc4 with MLAG. Specifically if you add ports to the bridge that has MLAG ports in it, it will cause traffic flow across the bridge to stop to some ports. You then need to disable/enable the bridge to get it working, or reboot the switch.

thanks! If it is "just" that I may to try it to replace the active-backup pattern I am using on servers with 2 CRS317. Hopefully it will be fixed soon...

Thu Sep 23, 2021 2:33 pm

thanks! If it is "just" that I may to try it to replace the active-backup pattern I am using on servers with 2 CRS317. Hopefully it will be fixed soon...

Mikrotik support are able to repeat the issue, and have reported that it will be fixed in a coming release.

mjraiha · Thu Sep 23, 2021 4:42 pm

1) modem settings are broken on /interface lte at-chat 0 input="AT+CGDCONT?" as these don't seem to match what's set on active /interface/lte/apn

This was fixed by using "use-network-apn=no" on all configs on /interface/lte/apn .

SiB · Thu Sep 23, 2021 5:21 pm

"use-network-apn=no"

=no Should be default at ros7

mkamau · Thu Sep 23, 2021 8:19 pm

Any specific improvements to MPLS or BGP?

Any updates team on mpls bgp ? i have my ibgp peers going down with no logs to explain whats happening

infabo · Thu Sep 23, 2021 8:30 pm

Nope.

use-network-apn=yes

This is the default value in v7 (on my Chateau) for the name=default apn.

clambert · Thu Sep 23, 2021 9:22 pm

Any specific improvements to MPLS or BGP?

MPLS deployment status for v7.1rc4 has not been updated at https://help.mikrotik.com/docs/display/ ... col+Status.

BitHaulers · Thu Sep 23, 2021 9:27 pm

7.1rc3 broke the SXT LTE ability to see the SIM card in any slot. This issue appears resolved in 7.1rc4.

mducharme · Fri Sep 24, 2021 12:28 am

MPLS deployment status for v7.1rc4 has not been updated at https://help.mikrotik.com/docs/display/ ... col+Status.

From what I can tell there are no routing changes from rc3 to rc4 that would affect the colour/status of any features on that page. VPLS still crashes the router with rc4 as it did on rc3, same behavior.

nescafe2002 · Fri Sep 24, 2021 12:51 am

Partial configuration loss in 7.1rc4, after a few succesful reboots..
Same section got lost as 7.1rc3 => /ip ipsec identity
SUP-60031

I have a higher MTU on the SFP, PPPoE won't go further than 1492.

Could you tried creating a bridge-wan with a single port (sfp) and use this bridge in your configuration?

I've had a similar problem on my RB4011 with 6to4 tunnels and ICMPv6 Packet Too Big messages related to either:

1) 6to4 via sfp directly
2) 6to4 via bridge-wan (with single port) with packet sniffer enabled

Internally, packets were reassembled to packets of 2922 bytes in length (!)

When I create a bridge with a single port AND don't run packet sniffer - the tunnel runs fine. No ICMPv6 Packet Too Big messages flooding the link.

mjbnz · Fri Sep 24, 2021 1:34 am

I have had no luck getting GPS to work in an LtAP with v7 - however, I'm not 100% sure I ever tried it on v6. Has anyone else here had luck with GPS?

And bgp-as-path regexp matching in bgp filters still doesn't work. (ticket open with support)

mjbnz · Fri Sep 24, 2021 2:07 am

The closest I got is this:
Code: Select all
/routing filter rule
add chain= MY_NETWORKS rule="if(bgp-as-path ^\$ ) {accept}"
add chain= MY_NETWORKS rule="if(bgp-as-path 1234+\$ ) {accept}"
add chain= MY_NETWORKS rule="if(bgp-as-path 5678+\$ ) {accept}"
add chain= MY_NETWORKS rule="if(bgp-as-path 9102+\$ ) {accept}"
add chain= MY_NETWORKS rule="if(bgp-as-path 3456+\$ ) {accept}"
However when trying to use a regular expression containing _ or ( or ), you get syntax errors in masses.
If you use _ you end up with a real space in the config doing nothing.
If you use ^ you need to put \\\ in front
If you use ) it closes the "if" instead of being part of the expression etc etc.

If anyone has a clue on how to encode this correctly, let me know....
As above the rule let pass AS991234 as well which it shouldn't. So the whitespace in front of the number is important.

Yeah, you've done pretty well getting converted as far as you have.

bgp-as-path

matching is just plain broken in v7, I have a ticket open about it. Even when you do have a regex which should match, it just doesn't do anything. I have some test rules which just tweak the local-pref up or down a bit, and even with a very very basic bare number as the regex, it fails to work.

And yes, advanced regex characters fail to parse. It seems Mikrotik engineers are eternally struggling with the age old quoting and escaping issues surrounding parsing of strings with odd characters.

For non Regex experts:

_1234+$ means 1234 at the end of the string must be present preceded by a whitespace (or the start of the string).
1234+$ only means any string ending with 1234. So this also matches 991234, 11234 etc.

Almost.. it's not standard regex,

in BGP is a shortcut character in which matches the equivalent of

(^|[,{}() ]|$)

- effectively anything that can be the boundary of an AS.

Edit:

This is a weird code block to force the following blocks to be inline, because the forum code is crap
and is not able to work out what should be inline what what should not because it's the same bbcode.
perhaps it should use markdown instead, where ` and ``` are really easy to use and understand.

also, your

in the example above is probably not doing what you expect

means the previous character (actually, a group, but I digress) can repeat 1 or more times (

is 0 or more). In your example you can repeat the 4: 1234, 12344, 123444, etc. Perhaps you meant

.+

where the period means "any character".

mducharme · Fri Sep 24, 2021 4:59 am

In order for action=netmap to be useful for WAN failover scenarios in IPv6, it should probably be allowed in the srcnat chain as well, not just dstnat. Hopefully this is coming at some point?

fragtion · Fri Sep 24, 2021 6:34 am

Partial configuration loss in 7.1rc4, after a few succesful reboots..
Same section got lost as 7.1rc3 => /ip ipsec identity
SUP-60031

I also randomly lost some cfg on reboot (some wireguard interfaces, peers, and a network bridge - hopefully that's all..), on an otherwise healthy chr 7rc4 on aws
There was also one messed up wg interface (with weird AAAAAAAAAAAAAAAA private key) which I'm guessing is one of the interfaces that got corrupt in the process

doneware · Fri Sep 24, 2021 2:31 pm

*) other fixes and improvements;
I thought the days of "fixed some stuff" were long behind Mikrotik

P: Something loose in cockpit
S: Something tightened in cockpit

rpingar · Fri Sep 24, 2021 4:37 pm

cosmetic bug!!

regards
Ros

rextended · Fri Sep 24, 2021 5:47 pm

and where is the cosmetic bug?

mkx · Fri Sep 24, 2021 7:35 pm

Font, displaying instructions, should be friendlier...

rpingar · Sat Sep 25, 2021 1:29 am

and where is the cosmetic bug?

no hyperlink visible to click and expand the route list!

tbutter · Sat Sep 25, 2021 8:35 am

With 7.1rc4 i can't enable watchdog:

[admin@x] /system/watchdog> print
          watch-address: none
         watchdog-timer: no
  ping-start-after-boot: 5m
           ping-timeout: 1m
       automatic-supout: yes
       auto-send-supout: no
[admin@x] /system/watchdog> set watchdog-timer=yes
failure: failed to enable watchdog timer

SiB · Sat Sep 25, 2021 11:52 am

rpingar

no hyperlink visible to click and expand the route list!

When you ENABLE filtering but not provide what you want filter then you get this message: Please specify more specific Dst. Address Filter.
When you want see all results, disable Filtering icon.

P.S. WinBox not use a HTML5 as GUI and any "link" not help with thinking instead of user

maherhaddad · Sat Sep 25, 2021 11:56 am

Guys, RIP routing protocol on ROS v7 is still not working. You mentioned in the changelog that RIP is supported but in fact it is not operational. I have made the tests and routes are not being learned.
Can you please fix this issue ASAP?

Thanks.

infabo · Sat Sep 25, 2021 3:34 pm

I found I can't unset LTE interface band value. I recall this was working earlier.

/interface/lte/unset value-name=band lte1
input does not match any value of value-name

But it only allows to unset these values:

ValueName ::= allow-roaming | modem-init | network-mode

But I can't find a non-weird way to set

band=""

- or even better remove the band-value at all - again.

/interface/lte/set band="" lte1 
ambiguous value of band, more than one possible value matches input

That is non-working too.

The only way to set band to empty again, is to edit ad clear the editor. But that is quite cumbersome.

/interface/lte/edit value-name=band lte1

Maybe you can reset band via WinBox or WebFig - but I do not use these.

Is this a bug? Or do I need another command? reset seems to do something else (which I dont know what exactly, because it is not documented anywhere). Even unset is not documented at help.mikrotik.com. F1 is kind of not helpful in some/most situations.

https://help.mikrotik.com/docs/display/ ... +Interface

I wonder why so less things are documented INLINE. When you have a Linux background, you are used to "man foobar-command" and you just have your info - WITHOUT leaving CLI.
But at Mikrotik CLI, you get hardly any infos. Need to visit help.mikrotik.com and/or wiki.mikrotik.com. And even after that - you have a great chance to still be puzzled and worried.

nokipa · Sat Sep 25, 2021 6:53 pm

cosmetic bug!!

regards
Ros

it's the new winbox version
all my v6 router are now like that (before the new winbox release and also 7.1rc4 release, ip routes still showing)

SiB · Sat Sep 25, 2021 8:07 pm

SOLVED in 7.1rc5

infabo write

I found I can't unset LTE interface band value. I recall this was working earlier.

TRUE, this not work. SUP-61515
Even more, edit lte1 band; reset the network-mode to default too !

That's why this is DEVELOPMENT channel and we are a test rabbit :)

EDIT:
/interface lte set lte1 band="" ;

SOLVED in 7.1rc5

sindy · Sat Sep 25, 2021 8:39 pm

That's why this is DEVELOPMENT channel and we are a test rabbit

(except SiB who is a test panda)

w0lt · Sat Sep 25, 2021 9:06 pm

I hope that when 7.1rc5 comes out it has PIMSM complete.

and...D O C U M E N T E D !!....

-tp

ishanjain · Sun Sep 26, 2021 4:57 am

It still shows gateway unreachable in the nexthops menu. Is there a timeline on when will that be fixed? I want to enable the check-gateway functionality.

xrayd78 · Sun Sep 26, 2021 12:27 pm

Supported v7.1rc4 Wave2 for MIPSBE?
See: https://www.qualcomm.com/products/qca9982

mkx · Sun Sep 26, 2021 2:52 pm

Supported v7.1rc4 Wave2 for MIPSBE?

How many mipsbe devices come with mentioned wireless chip and 256MB RAM? Not to mention that mipsbe CPUs are mostly too weak even to maintain full-speed ac wireless.

anav · Sun Sep 26, 2021 3:48 pm

Supported v7.1rc4 Wave2 for MIPSBE?
See: https://www.qualcomm.com/products/qca9982

OMG, I spit out my coffee reading that line.
We'll get a fifth wave of covid before mipse gets wave2. ;-PP

hoh · Sun Sep 26, 2021 4:38 pm

What's new in 7.1rc4 (2021-Sep-20 13:18):

*) improved filesystem and configuration storage stability;

We tried to use some mibsbe devices with 7.1 (due to lack of support for Huawei e3372h LTE modem in stable). I truly hope that "improved stability" means that a bug causing random outages and dead device has actually been fixed. Any details about this improvement from MT would be welcomed.

teleport · Mon Sep 27, 2021 1:11 am

in 7.1rc4 on rb450gx4, i see these sporadic errors: "DoH server connection error: Idle timeout - waiting data"
its configured for cloudflare DNS.

msatter · Mon Sep 27, 2021 2:13 am

Darn! After a reboot I lost about 5000 of my 22000 address-list entries. Good that I had a reasonable recent export so I could restore more than 99%. The router is a 4011.

emils · Mon Sep 27, 2021 8:11 am

msatter, please clarfiy. It was a simple reboot on an already installed rc4 device or an upgrade from previous versions?

ivicask · Mon Sep 27, 2021 9:04 am

Darn! After a reboot I lost about 5000 of my 22000 address-list entries. Good that I had a reasonable recent export so I could restore more than 99%. The router is a 4011.

Manual reboot or crash?My 4011 crash rebooted 2nd time now after 4 day uptime, no supout was generated, just" router rebooted without proper shutdown"
.So far my address list (around 8k) is fine tho.

nannou9 · Mon Sep 27, 2021 10:31 am

I have HP 107w printer at home.
Haven't been using it for a month but it was working fine on betas.
Now however I cannot connect to WIFI anymore.

My short config:
set [ find default-name=wifi1 ] channel.band=2ghz-n .width=20/40mhz configuration.country=Malaysia .mode=ap .ssid=XXXXXXX disabled=no security.authentication-types=wpa2-psk,wpa3-psk .disable-pmkid=no .wps=disable

Tried to reset the printer completely.
Manual setup (no WPS) fail and I can see in logs:
XXXXXXXXXXXX:16@wifi1 disconnected, key handshake failure, signal strength -65

WPS Setup also fails with below in turn:
XXXXXXXXXXXX:16@wifi1 rejected, does not provide suitable security method

Anybody having similar problems?

msatter · Mon Sep 27, 2021 11:42 am

msatter, please clarfiy. It was a simple reboot on an already installed rc4 device or an upgrade from previous versions?

It was an upgrade to v7RC4 that is running now for some time and was rebooted at least 10 times before over that period. The config was coming from 6.48.4 when it was upgraded to v7RC4 a time ago.

It seems that the last part of the address-list cut short and it not saved or not reloaded on startup. I did not reboot again since then and did not check the log.

I will make backup and reboot to see if it crops up again.

Update: Rebooted and all is the address-list is still at 22001, so no losses.

SiB · Mon Sep 27, 2021 1:27 pm

SOLVED in rc7.1rc5

SUP-61613
/system scheduler with 2 lines shows error in syntax at export it.
/import test.rsc show error of importing scheduler.

Reproduction: create a scheduler and paste this extreme of code:

# comment
local abc1 123

export to file, remove it, try import.

no workaround by long version :local name=abc1 value=123

SOLVED in rc7.1rc5

tbutter · Mon Sep 27, 2021 3:26 pm

When i enable IPv6 my CRS326 looses all connections and is unreachable after about 3hours45min. There is no problem if I disable IPv6. The only thing that might be related to the 3:45 time is the lease time for the dhcp prefix I receive.

I think this is the relevant config:

/interface vlan
add interface=ether2 name=telekom-vlan vlan-id=7
/interface pppoe-client
add add-default-route=yes disabled=no interface=telekom-vlan keepalive-timeout=disabled max-mtu=1480 name=pppoe-telekom user=\
    xxxx@t-online.de
/ipv6 settings
set accept-redirects=no accept-router-advertisements=no disable-ipv6=no
/ipv6 address
add address=::1 from-pool=telekom-ipv6 interface=bridge
/ipv6 dhcp-client
add interface=pppoe-telekom pool-name=telekom-ipv6 rapid-commit=no request=prefix use-peer-dns=no
/ipv6 firewall filter
add action=accept chain=input comment="allow established and related" connection-state=established,related
add action=accept chain=input comment="accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/16
add action=drop chain=input disabled=yes in-interface=pppoe-telekom log-prefix=dropLL_from_public src-address=fe80::/16
add action=drop chain=input
/ipv6 nd
set [ find default=yes ] advertise-dns=no advertise-mac-address=no interface=bridge mtu=1480 ra-lifetime=15m

vaka · Mon Sep 27, 2021 4:30 pm

Can't create routing bgp connection via WEB-GUI. Remote AS field is always red (Invalid value in Remote AS)

winap · Mon Sep 27, 2021 5:36 pm

Hello,
I am new here...I have a question, how can I get FW from my routerboard RB5009?
Because from support I don't have any answer, what I want. They only told me, so I can download via downloads from mikrotik..
In rourerboard is v7 stable. But if I reinstall to 7rc4, there is no chance to turn back to "official" stable version, which is not i mikrotik site..
Because when I found some bugs..I have prolems to keep back.
Thank you so much.

irghost · Mon Sep 27, 2021 6:30 pm

wrong voltage on 750Gr3

/system/health> print 
Columns: NAME, VALUE, TYPE
#  NAME     VALUE  TYPE
0  voltage  0.5    V

Sit75 · Tue Sep 28, 2021 10:15 am

When i enable IPv6 my CRS326 looses all connections and is unreachable after about 3hours45min. There is no problem if I disable IPv6. The only thing that might be related to the 3:45 time is the lease time for the dhcp prefix I receive.

I think this is the relevant config:

/interface vlan
add interface=ether2 name=telekom-vlan vlan-id=7
/interface pppoe-client
add add-default-route=yes disabled=no interface=telekom-vlan keepalive-timeout=disabled max-mtu=1480 name=pppoe-telekom user=\
    xxxx@t-online.de
/ipv6 settings
set accept-redirects=no accept-router-advertisements=no disable-ipv6=no
/ipv6 address
add address=::1 from-pool=telekom-ipv6 interface=bridge
/ipv6 dhcp-client
add interface=pppoe-telekom pool-name=telekom-ipv6 rapid-commit=no request=prefix use-peer-dns=no
/ipv6 firewall filter
add action=accept chain=input comment="allow established and related" connection-state=established,related
add action=accept chain=input comment="accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/16
add action=drop chain=input disabled=yes in-interface=pppoe-telekom log-prefix=dropLL_from_public src-address=fe80::/16
add action=drop chain=input
/ipv6 nd
set [ find default=yes ] advertise-dns=no advertise-mac-address=no interface=bridge mtu=1480 ra-lifetime=15m

It should be repaired in RC5, as I mentioned above. Stay tuned.

jookraw · Tue Sep 28, 2021 10:46 am

Hello,
I am new here...I have a question, how can I get FW from my routerboard RB5009?
Because from support I don't have any answer, what I want. They only told me, so I can download via downloads from mikrotik..
In rourerboard is v7 stable. But if I reinstall to 7rc4, there is no chance to turn back to "official" stable version, which is not i mikrotik site..
Because when I found some bugs..I have prolems to keep back.
Thank you so much.

I've asked support for the "stable" rOS, the reply was that the rc4 was more stable than the 7.0.5(it seems that it is not that stable) that came with it. but I haven't got any bugs with it for now.

Manfred · Tue Sep 28, 2021 11:00 am

Another OVPN - Problem:
Upgraded a Chateau LTE12 from 7.1Beta5 to 7.1rc3.
Same with 7.1rc4 !

Under PPP/Interface OVPN - Server Button and PPPoE Scan Button disappeard in Winbox AND Webfig !

msatter · Tue Sep 28, 2021 11:17 am

Hello,
I am new here...I have a question, how can I get FW from my routerboard RB5009?
Because from support I don't have any answer, what I want. They only told me, so I can download via downloads from mikrotik..
In rourerboard is v7 stable. But if I reinstall to 7rc4, there is no chance to turn back to "official" stable version, which is not i mikrotik site..
Because when I found some bugs..I have prolems to keep back.
Thank you so much.

It looks that the firmware is included in the software itself. If Mikrotik has removed previous versions then their is no way back or you have ask others here if they have they have that earlierversion for you.

winap · Tue Sep 28, 2021 11:20 am

I've asked support for the "stable" rOS, the reply was that the rc4 was more stable than the 7.0.5(it seems that it is not that stable) that came with it. but I haven't got any bugs with it for now.

Hi,
Thank you so much..They didn't say that to me..
I ask, is this a normal version only rename (6.48.x) , but no answer..So I know more now.

winap · Tue Sep 28, 2021 11:25 am

It looks that the firmware is included in the software itself. If Mikrotik has removed previous versions then their is no way back or you have ask others here if they have they have that earlierversion for you.

I have still 7.0.5, because I don't know, how buggy is 7rc4..So I only want to know, how to save it, before I want to upgrade..
So is it possible to backup old FW if something happen with new FW?
Thanks

msatter · Tue Sep 28, 2021 11:42 am

I've asked support for the "stable" rOS, the reply was that the rc4 was more stable than the 7.0.5(it seems that it is not that stable) that came with it. but I haven't got any bugs with it for now.
Hi,
Thank you so much..They didn't say that to me..
I ask, is this a normal version only rename (6.48.x) , but no answer..So I know more now.

The 5009 is a v7 only device so there is no 6.4x vetsion for it. v7.0x is in your case the 'stable' version. RC is an updated and improved version of that. But you have doubt tjen wait a while for RC5 and a bit more patience added, to if the are initial problems with that version.

jookraw · Tue Sep 28, 2021 11:58 am

I have still 7.0.5, because I don't know, how buggy is 7rc4..So I only want to know, how to save it, before I want to upgrade..
So is it possible to backup old FW if something happen with new FW?
Thanks

No, you can't make a backup.
regarding the "how buggy" It depends what you want to do, in the normal "home/office" use case, it should be fine. I did not have any issues with mine on both RB5009 and RB4011 when using rc4.

I'm using IPv4/IPv6 with firewall, OSPF, Wireguard and ZeroTier (testing) with no issues for now

vaka · Tue Sep 28, 2021 12:06 pm

Another OVPN - Problem:
Upgraded a Chateau LTE12 from 7.1Beta5 to 7.1rc3.
Same with 7.1rc4 !

Under PPP/Interface OVPN - Server Button and PPPoE Scan Button disappeard in Winbox AND Webfig !

ccr2004 - 7.1rc4. all buttons in place

tpedko · Tue Sep 28, 2021 1:09 pm

does not work socks 5 + auth-method=password

winap · Tue Sep 28, 2021 4:06 pm

No, you can't make a backup.
regarding the "how buggy" It depends what you want to do, in the normal "home/office" use case, it should be fine. I did not have any issues with mine on both RB5009 and RB4011 when using rc4.

I'm using IPv4/IPv6 with firewall, OSPF, Wireguard and ZeroTier (testing) with no issues for now

Thank you for specification..it will be ok for me

mhugo · Tue Sep 28, 2021 4:34 pm

Please update https://help.mikrotik.com/docs/display/ ... col+Status

Its still missing and needed for us to really test the correct things.

Manfred · Tue Sep 28, 2021 6:06 pm

Another OVPN - Problem:
Upgraded a Chateau LTE12 from 7.1Beta5 to 7.1rc3.
Same with 7.1rc4 !

Under PPP/Interface OVPN - Server Button and PPPoE Scan Button disappeard in Winbox AND Webfig !
ccr2004 - 7.1rc4. all buttons in place

Seems to be a problem with the Chateau LTE12 !
On RB2011 also all buttons are available !

rextended · Tue Sep 28, 2021 6:59 pm

...or simply the user disable the button on skin?...

infabo · Tue Sep 28, 2021 9:13 pm

Well, is there going to be a stable wifiwave2 package when 7.1 goes out of RC?

SiB · Wed Sep 29, 2021 4:27 am

Next BUG, reported: SUP-61789
Ping for timeout with count=1 return nil instead of 0
Ping for 'net unreachable' with count=[1,2] return nil instead of 0
workaround: just use count=3 or more

vfreex · Wed Sep 29, 2021 6:04 am

Hi,

I found 2 issues with v7.1rc4:

1. using igmp-snooping with frame-types breaks VLAN interfaces:
With igmp-snooping enabled on bridge interface, setting frame-types=admit-only-untagged-and-priority-tagged or admit-only-vlan-tagged will block the access to VLAN interfaces on that bridge interface. Disabling igmp-snooping will unblock the VLAN interface.

2. High CPU load due to broadcast or unicast packets flooding to the bridge interface.
I described this issue in detail in https://help.mikrotik.com/servicedesk/s ... /SUP-61649.

infabo · Wed Sep 29, 2021 9:34 am

In rc4 I already experienced 2 complete device lockups. Happens after a few days uptime. The device did not auto-reboot nor did the watchdog generate an autosupout.rif nor any log entry. I thought that times are long behind me, but in this recent RC the instability has catched up again.

infabo · Wed Sep 29, 2021 9:41 am

Another OVPN - Problem:
Upgraded a Chateau LTE12 from 7.1Beta5 to 7.1rc3.
Same with 7.1rc4 !

Under PPP/Interface OVPN - Server Button and PPPoE Scan Button disappeard in Winbox AND Webfig !

Chateau here and I have both buttons in Winbox and Webfig. As rextended already mentioned: maybe they are hidden in active design.

jookraw · Wed Sep 29, 2021 11:29 am

In rc4 I already experienced 2 complete device lockups. Happens after a few days uptime. The device did not auto-reboot nor did the watchdog generate an autosupout.rif nor any log entry. I thought that times are long behind me, but in this recent RC the instability has catched up again.

Which hardware you have? Do you have l2mtu set bigger than the default (1592)?

skylark · Wed Sep 29, 2021 11:31 am

IPv6 traffic doesn't flow through the router when a Simple Queue is active. I setup a Simple Queue with target LAN Interface and Destination WAN interface - and queue type FQ_Codel. When the queue is active, IPv6 traffic doesn't work, queue inactive - it works again. This problem isn't new, also had it in 7.1rc3

And

IPv6 connection tracking with simple queue (cake and pcq) and queue tree is also still broken.

Please send us supout.rif files to the support@mikrotik.com
Simply configuring IPv6, queues, and dst/target interfaces, limitations work for us, so there must be some specific settings we are missing.

ingus16 · Wed Sep 29, 2021 12:54 pm

Hi guys,
Did anyone else noticed that ntp server doesn't work. Clients to stratum 0 works as expected ?

elbob2002 · Wed Sep 29, 2021 8:40 pm

Not sure if this happened to anyone else but the 3 devices I had running 7.1RC4 stopped routing after 7 days uptime.

RB3011, 750GR3 and a CHR.

I could connect to each device on their management IP but even the devices themselves couldn't ping other subnets they were each connected to.

They are running OSPF but static routes were also inaccessible. No crashes or supout recorded.

Rebooted each device and issue gone.

mfrey · Wed Sep 29, 2021 10:53 pm

IPv6 traffic doesn't flow through the router when a Simple Queue is active. I setup a Simple Queue with target LAN Interface and Destination WAN interface - and queue type FQ_Codel. When the queue is active, IPv6 traffic doesn't work, queue inactive - it works again. This problem isn't new, also had it in 7.1rc3
And
IPv6 connection tracking with simple queue (cake and pcq) and queue tree is also still broken.

Please send us supout.rif files to the support@mikrotik.com
Simply configuring IPv6, queues, and dst/target interfaces, limitations work for us, so there must be some specific settings we are missing.

I just tried to get a minimal config working on a hex PoE (freshly reset without default) which produces this issue:

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/queue type
add cake-bandwidth=70.0Mbps kind=cake name=cake-download
add cake-bandwidth=10.0Mbps kind=cake name=cake-upload
/queue simple
add name=queue1 queue=cake-download/cake-upload target=ether1
/ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=inet-prefix request=\
    address,prefix
/ipv6 firewall filter
add action=accept chain=input connection-state=invalid,new log=yes log-prefix=\
    ipv6,invalid,new

That's it. Nothing complex. When logging onto the device using Winbox MAC and pinging some random IPv6 internet host all incoming packets are new and invalid according to the log.

woro · Thu Sep 30, 2021 11:55 am

I had 7.1rc4 on my RB4011 for some days now w/o stability issues.
Yesterday I installed
- zerotier
- user-manager
- container
packages and since then the devices rebooted at least 2 times within 24 hours w/o a supout.

I haven't done anything yet with the above packages but it seems to me that one of them is causing the crashes as before that was no issue at all.

jult · Thu Sep 30, 2021 2:17 pm

Most of us are more interested in when the stable v7 is released (with the newer cake/fq_codel supporting linux kernels), because honestly, cake is what everybody needs (now) and is waiting for.
And, not unimportant, many other big brands are already using it. So, users are fleeing towards those other brands because of that.

huntermic · Thu Sep 30, 2021 2:23 pm

Most of us are more interested in when the stable v7 is released (with the newer cake/fq_codel supporting linux kernels), because honestly, cake is what everybody needs (now) and is waiting for.
And, not unimportant, many other big brands are already using it. So, users are fleeing towards those other brands because of that.

This is funny, you just joined the forum but appear to know wat all people here want.
Trust me, cake/fq_codel is not that important for most people.

mikegleasonjr · Thu Sep 30, 2021 2:36 pm

Most of us are more interested in when the stable v7 is released (with the newer cake/fq_codel supporting linux kernels), because honestly, cake is what everybody needs (now) and is waiting for.
And, not unimportant, many other big brands are already using it. So, users are fleeing towards those other brands because of that.

Not only v7 is not stable, CAKE is not implemented fully at the moment. (When specifying a queue, you can't tell it it will be ingress or egress and defaults to egress).

tc qdisc ... cake
       ...
       [ mpu N ]
       [ ingress | egress* ]   <----------
       (* marks defaults)

See https://man7.org/linux/man-pages/man8/tc-cake.8.html

I also opened SUP-59224 since rc3 if I recall correctly about that.