v7.5beta [testing] is released!

emils · Wed Jul 27, 2022 9:43 am

RouterOS version 7.5beta4 has been released "v7 testing" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.5beta4 (2022-Jul-22 12:46):

*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.

wispmikrotik · Wed Jul 27, 2022 9:52 am

😍 Thanks!

rextended · Wed Jul 27, 2022 9:59 am

Is possible to have more detail about «fixed Netinstall procedure for ARM devices», please?

Why would I want to know? To prevent any problems with previous stable versions, until stable 7.5.x is available.

Thanks and good work.

slimmerwifi · Wed Jul 27, 2022 10:17 am

Nice to see the work at wifiwave2!

nescafe2002 · Wed Jul 27, 2022 10:48 am

*) dns - added "match-subdomain" option for static entries (CLI only);

This is a nice addition!

E.g. to delegate a domain + subnet without having to use regexp:

/ip dns static 
add forward-to=192.168.89.2 match-subdomain=yes name=otherdomain.lan type=FWD
add forward-to=192.168.89.2 match-subdomain=yes name=89.168.192.in-addr.arpa type=FWD
add forward-to=2001:db8:200::1 match-subdomain=yes name=0.0.2.0.8.b.d.0.1.0.0.2.ip6.arpa type=FWD

Will forward otherdomain.lan, *.otherdomain.lan and reverse lookups (192.168.89.*) to 192.168.89.2 and reverse ipv6 lookups (2001:db8:200::/48) to 2001:db8:200::1.

osc86 · Wed Jul 27, 2022 10:56 am

does this now also work when DoH is enabled?

elbob2002 · Wed Jul 27, 2022 11:24 am

*) container - added tun/tap support for containers;

This brings us one step closer to Zerotier on CHR. Is there any documentation on how to enable tun/tap devices for a container?

Rox169 · Wed Jul 27, 2022 11:33 am

Hi,

*) wifiwave2 - added support for 802.11k;

it is nice to see that Mikrotik is working on few years old wifi standards. Finally we have 802.11 r and 802.11 k only one left 802.11 v I hope they will not forget this standard.

The last question is where is HW on which I could run this roaming?

Only HAP AC3 and Audience?? That is very sad that MT is not possible to deploy this wifiwave to CAP HW....

hecatae · Wed Jul 27, 2022 11:34 am

Is possible to have more detail about «fixed Netinstall procedure for ARM devices», please?

Why would I want to know? To prevent any problems with previous stable versions, until stable 7.5.x is available.

Thanks and good work.

Here's hoping we get a detailed reply, I'm not updating a single ARM device until this is clarified.

elbob2002 · Wed Jul 27, 2022 11:36 am

Figured out Tun/tap devices. Just add them as environment variables

ZTTUNTAP.png

mkx · Wed Jul 27, 2022 12:25 pm

The last question is where is HW on which I could run this roaming?

Only HAP AC3 and Audience?? That is very sad that MT is not possible to deploy this wifiwave to CAP HW....

I guess we'll be blessed with CAPsMAN working with wifiwave2 driver in 7.8 or something. Roaming will then get into another dimension (right now it's 1D, it'll become 3D).

dksoft · Wed Jul 27, 2022 12:29 pm

*) firewall - added support for RTSP helper;

Works! Great, thank you.
I will try with multiple cameras and come back.

Edit: I have multiple cams on the camera site (7.4) which are NATed with different ports x, y, z ... By simply adding all the ports in the "rtsp" entry under "service ports" on the viewing site (7.5b4) they all work now. Did not work before the RTSP helper. I needed to create a VPN to directly access the cameras back then.

Znevna · Wed Jul 27, 2022 1:03 pm

Is possible to have more detail about «fixed Netinstall procedure for ARM devices», please?

Why would I want to know? To prevent any problems with previous stable versions, until stable 7.5.x is available.

Thanks and good work.

Probably it means just that, that they fixed some problems reported in v7 regarding netinstall and arm devices.
How is this stopping you from doing upgrades?

rextended · Wed Jul 27, 2022 1:05 pm

That do not stop me to use upgrade inside routeros.
I ask details for «prevent any problems with previous stable versions» when netinstall is used...

Znevna · Wed Jul 27, 2022 1:14 pm

I don't know what that means.

hecatae · Wed Jul 27, 2022 2:34 pm

Nor do we, that's why rextended is asking for clarity.

anav · Wed Jul 27, 2022 2:48 pm

Im with rextended, not literally,
What is wrong with my netwinstall processes for ARM on current firmware
Also curious as to what was fail threshold before and why changed............

*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;

Znevna · Wed Jul 27, 2022 2:58 pm

There's nothing in the changelog about netinstall and "previous versions" so please explain, rextended.

rextended · Wed Jul 27, 2022 3:02 pm

*) netinstall - fixed Netinstall procedure for ARM devices;

Is simple: if on THIS version the "Netinstall procedure for ARM devices" is fixed,
it is implied that in one or more previous versions (and it is not explained "from which version")
there was something "broken", otherwise why "fix" it?
I, and the others, just want to know what is this problem because we use 7.4 (stable) which apparently has this problem.

.

Wed Jul 27, 2022 3:26 pm

rextended - If you tried to Netinstall ARM device and it either freezes before the installation process (you could see that on a serial console) or reboots itself before the installation process is started, then this fix should be the one that helps. In general, the fix should be safe enough so you could use v7.5beta Netinstall for any RouterOS installation.

anav · Wed Jul 27, 2022 3:30 pm

There's nothing in the changelog about netinstall and "previous versions" so please explain, rextended.

Sorry, there is nothing in the v7.5 beta that improves eyesight or literacy ;-PP

rextended · Wed Jul 27, 2022 3:38 pm

@strods !!!
Oh, how nice, this confirms the habit I already have: I always use the latest netinstall even to install older versions...
Thanks for the reply, have all a nice day.

[
for three reasons:
it leaves nothing of itself after installation
the new version supports more hardware, for sure
if there is a problem they have solved it, even if it is not in the changelog
]

*************

@anav

haedertowfeq · Wed Jul 27, 2022 5:26 pm

802.11k support
How can configure that?

Guscht · Wed Jul 27, 2022 5:29 pm

*) dns - added "match-subdomain" option for static entries (CLI only);
Please explain this function! Do I understand it correct w/o this, test.com will match only, but site1.test.com not. If I enable this all under "test.com" will match. Like: site1.test.com, site2.test.com. abc.test.com 123.test.com...???

*) firewall - added support for RTSP helper;
What is a "RTSP-Helper"? I know RTSP is some kind of Video-Straming Protocol. Why do I need a "helper" and for what reason?

pe1chl · Wed Jul 27, 2022 5:57 pm

BGP: sessions screen in winbox (3.37) shows an uptime of 497d 02:23:00 shortly after the reboot at installation, ticking DOWN instead of UP!
It also does not reflect the actual uptime of the session, it is just the same for all sessions.
Remote ID is shown as 0.0.0.0 for all sessions.
Is BGP session monitoring now getting worse in preparation for it getting much better??

dksoft · Wed Jul 27, 2022 6:31 pm

*) firewall - added support for RTSP helper;
What is a "RTSP-Helper"? I know RTSP is some kind of Video-Straming Protocol. Why do I need a "helper" and for what reason?

-> viewtopic.php?t=172168

pe1chl · Wed Jul 27, 2022 6:49 pm

BGP: well, now at least it logs the message "HoldTimer expiredsessionname" when a session times out.
A space between the word expired and the sessionname would be great! But it is better than "Session *=0x30100010" as it was before!

batarang · Wed Jul 27, 2022 7:37 pm

Getting permission error using plain nginx image.

 jul/28 00:33:10 container,info,debug /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
 jul/28 00:33:10 container,info,debug /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
 jul/28 00:33:12 container,info,debug /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
 jul/28 00:33:16 container,info,debug 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
 jul/28 00:33:22 container,info,debug 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
 jul/28 00:33:22 container,info,debug /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
 jul/28 00:33:29 container,info,debug /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
 jul/28 00:33:29 container,info,debug /docker-entrypoint.sh: Configuration complete; ready for start up
 jul/28 00:33:31 container,info,debug nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
 jul/28 00:33:31 container,info,debug 2022/07/27 16:33:31 [emerg] 1#1: open() "/var/log/nginx/error.log" failed (13: Permission denied)

root-dir=disk1/nginx. /var/log/nginx is not mounted.

fragtion · Wed Jul 27, 2022 9:50 pm

I guess this is expected. Until 7.4beta5 it was possible to write into non-mounted directories (internal container directories as extracted from tar file), which should not be permitted. I guess you'll either need to mount /var/log, or modify the docker file to mount it as tmpfs. Maybe Mikrotik should allow us to write to those directories but just not save the changes, like docker does

pants6000 · Wed Jul 27, 2022 10:57 pm

*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;

This seemed to have fixed my hourly-disconnect problem! I thought it had to do with the "reneg-secs" OVPN parameter but I see that's still set to 3600. In any case, a client/config that wouldn't make it past 60 mins before is now at the 90 minute mark.

Thanks!!!

rpingar · Thu Jul 28, 2022 9:07 am

any official words from MT about icmp/ping issue?
in 7.4 netwatch was fixed, but ping tool doesn't.

regards
Ros

rextended · Thu Jul 28, 2022 11:21 am

Check/Update your ticket SUP-67221

slimmerwifi · Thu Jul 28, 2022 12:48 pm

802.11k support
How can configure that?

It's added in the documentation:

https://help.mikrotik.com/docs/display/ROS/WifiWave2

kobuki · Thu Jul 28, 2022 1:05 pm

Containers: is it possible to create mounts that the container can write into? My current tests with this beta show that it's not possible (permission error). It's an important function for many containers.

Thu Jul 28, 2022 1:37 pm

stop/start newly created and started container and mounts should appear. We will fully fix this in next releases.

wispmikrotik · Thu Jul 28, 2022 2:58 pm

BGP: sessions screen in winbox (3.37) shows an uptime of 497d 02:23:00 shortly after the reboot at installation, ticking DOWN instead of UP!

+1

Regards,

kobuki · Thu Jul 28, 2022 3:03 pm

Containers: is it possible to create mounts that the container can write into? My current tests with this beta show that it's not possible (permission error). It's an important function for many containers.
stop/start newly created and started container and mounts should appear. We will fully fix this in next releases.

Mounts do appear, that's not the issue. The problem is, the CT cannot write to the mounted directory, I get permission errors.

hecatae · Thu Jul 28, 2022 5:37 pm

rb2011il-rm updated without issue

rpingar · Thu Jul 28, 2022 7:19 pm

no update since a month ago :(

rextended · Thu Jul 28, 2022 10:15 pm

Try to contact again, on same ticket...

pe1chl · Thu Jul 28, 2022 10:23 pm

On the other hand, I found and reported (above) 3 new issues in BGP and none of them are even remotely related to a "What's new" item about BGP in the opening post.
So clearly there are changes that do not appear in there. It could well be that BFD has been added in this release and we would not have noticed.

urbanserj · Thu Jul 28, 2022 11:23 pm

iOS devices still have hard time with 802.11r [1]. They can't re-connect to AP after the latter gets restarted or when wifi interfaces are on -> off -> on. The logs show the same:

mac-address@wifi2 rejected, can't find PMKSA
mac-address@wifi1 rejected, can't find PMKSA
mac-address@wifi2 rejected, can't find PMKSA
mac-address@wifi1 rejected, can't find PMKSA
mac-address@wifi2 rejected, can't find PMKSA
mac-address@wifi1 rejected, can't find PMKSA

[1] viewtopic.php?p=943402#p943214

whatever · Fri Jul 29, 2022 3:39 pm

802.11k support
How can configure that?
It's added in the documentation:

https://help.mikrotik.com/docs/display/ROS/WifiWave2

I only find an on/off switch for the feature.
Isn't 802.11k supposed to provide the client with a list of neighboring APs? Where does this list come from? I suppose the list should either be manually configurable (I think this is possible in OpenWRT), created by a centralized management solution (like capsman) or populated by the AP itself by scanning its neighborhood (might cause short outages while scanning other channels).

pe1chl · Fri Jul 29, 2022 4:13 pm

The current 802.11k/r functionality is just a work in progress in preparation for future use in real applications.
At the moment, it only knows about the 2 interfaces of the same AP (2 GHz and 5 GHz) to roam between them. More or less a toy.
Of course for real usability it has to have a "backbone interconnect" between the involved APs, yes. That would likely be part of a new CAPsMAN2 that manages them.

emils · Mon Aug 01, 2022 2:39 pm

What's new in 7.5beta5 (2022-Jul-28 10:59):

*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) l3hw - fixed HW offloaded NAT;
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;

Mon Aug 01, 2022 3:02 pm

That would likely be part of a new CAPsMAN2 that manages them.

I'm showing my age, but the current Capsman is V2

Solear · Mon Aug 01, 2022 9:28 pm

Maybe a stupid question: Is create folders in mounted folders in container possible/fixed? I cant get Adguardhome to work because the mkdir-permission-error.

Znevna · Mon Aug 01, 2022 9:29 pm

Not yet.

npeca75 · Tue Aug 02, 2022 7:30 am

*) sfp - fixed "eeprom" reading on single SFP port ARM devices;

maybe one day rb760 igs SFP port will have (again) SFP status ?

mmc · Thu Aug 04, 2022 10:15 am

hi,

with ros 7.5beta4 all the sfp and DAC cables still don't work under ccr2116 & ccr2004. the link just flaps endless, whatever setting you make. reported to support since months now, but still no fix.

even original mikrotik DAC cable doesn't work anymore since ros 7.3. latest working version in terms of sfp support was 7.2.3.

those are the one we have tested in all combinations and are not working in the top of the line mikrotik hardware with the 'stable' ros7 versions:
- mikrotik DAC cable Q+BC0003-S+
- fs.com DAC cable Q-4SPC01
- fs.com DAC cable Q-4SPC03
- fs.com MTP PLFI SM Cable with fs.com sfp

rpingar · Thu Aug 04, 2022 10:24 am

MT seems able to identify and fix the issue, producing a test release. I am not able to test it because I don't have spare parts.
Ask MT about this release to test.
regards
Ros

hecatae · Thu Aug 04, 2022 4:09 pm

Chateau 5G successfully updated to 7.5beta5

nithinkumar2000 · Fri Aug 05, 2022 7:51 am

Any Chance of Adding Advertisements in BGP Option. Really Useful to Check what is getting Advertised to peers.
Currently in ROSv7 its very difficult to find our the Advertisements compared to ROSv6.

Please Mikrotik Team Look in to it....

mafiosa · Fri Aug 05, 2022 11:31 am

Any Chance of Adding Advertisements in BGP Option. Really Useful to Check what is getting Advertised to peers.
Currently in ROSv7 its very difficult to find our the Advertisements compared to ROSv6.

Please Mikrotik Team Look in to it....

+1

adithepocz · Fri Aug 05, 2022 5:38 pm

Any Chance of Adding Advertisements in BGP Option. Really Useful to Check what is getting Advertised to peers.
Currently in ROSv7 its very difficult to find our the Advertisements compared to ROSv6.

Please Mikrotik Team Look in to it....

+1

pe1chl · Fri Aug 05, 2022 5:45 pm

This is just one small detail of the general "improve monitoring capabilities for BGP"...

armandfumal · Fri Aug 05, 2022 10:11 pm

Any Chance of Adding Advertisements in BGP Option. Really Useful to Check what is getting Advertised to peers.
Currently in ROSv7 its very difficult to find our the Advertisements compared to ROSv6.

Please Mikrotik Team Look in to it....

+1

ech1965 · Sat Aug 06, 2022 2:09 pm

Documentation is not yet clear
* https://help.mikrotik.com/docs/display/ ... quirements page says "container package must be installed" but does not tell you how
* There is no /system/package/install command
* no package repository configured in routeros to list available packages
* https://help.mikrotik.com/docs/display/ROS/Packages does not tell anything about existence of a "container" package
* in https://mikrotik.com/download there is no such thing as a "container" package. only an "main" an an extra package
* which architecture do I need to select ? it's not shown in /system/routerboard nor in /system/identiy not in /system/package
* how to ship package inside router ?

nescafe2002 · Sat Aug 06, 2022 2:16 pm

ech1965, get architecture via /system resource print, download Extra packages, upload container-*.npk via ftp, scp or winbox and reboot to trigger the installation.
Container package is compatible with arm arm64 and x86 architectures.

ech1965 · Sat Aug 06, 2022 2:31 pm

MANY Thanks !!! glad we have people like you on this forum, because... doc writers have a lot to catch up at mikrotik !

Sat Aug 06, 2022 2:54 pm

Hmmm... I wonder which part of these instructions on the help page was not clear.
https://help.mikrotik.com/docs/display/ROS/Container

Container package needs to be installed

pe1chl · Sat Aug 06, 2022 3:43 pm

Documentation is not yet clear
* https://help.mikrotik.com/docs/display/ ... quirements page says "container package must be installed" but does not tell you how
* There is no /system/package/install command
* no package repository configured in routeros to list available packages

I agree with you (and I have proposed several times) that the package menu should have some sort of listing of available packages and a way to install them by command (both commandline and the GUI version) instead of having to fiddle with zip files and uploading.
It should be easy to do, as the required packages are available from the upgrade server. The device knows how to download them when you do an upgrade. So why not when initially adding them?
No idea.

Sat Aug 06, 2022 4:04 pm

I will apologize, you are correct.

https://help.mikrotik.com/docs/display/ROS/Packages
That page does NOT indicate HOW a package should be installed ...

But that's nothing new related to this release, is it ?

volkirik · Sat Aug 06, 2022 4:59 pm

bug report:

ppp on-up and on-down scripts do not run when they have empty line after their (script)name in profile window.

please fix it. it was annoying.

nescafe2002 · Sat Aug 06, 2022 5:37 pm

volkirik, your issue is not related to 7.5beta.

E.g. on 6.48.6:

/system script add name=test policy=test source=":log info test"
/system scheduler add interval=10s name=test on-event="test\r\n" policy=test

Will not run, but

/system script add name=test policy=test source=":log info test"
/system scheduler add interval=10s name=test on-event="test" policy=test

Will.

The newline makes the difference between a script (name) and actual code. I think this is by design.
So if you reference to a script (name) in any code window (ppp/dhcp/scheduler/...), make sure you don't append a newline.

volkirik · Sat Aug 06, 2022 5:43 pm

this design must be fixed sir!

eworm · Sat Aug 06, 2022 5:53 pm

No, it must not. If you want a newline, use this:

/system/scheduler/add interval=10s name=test on-event="/system/script/run test\r\n" policy=test

Should work...

pe1chl · Mon Aug 08, 2022 3:02 pm

Hopefully there will soon be a new beta that fixes this:

What's new in 7.4.1 (2022-Aug-04 14:48):

*) firewall - fixed "in-interface-list" matcher when VRF is used;

My VRF experiment stranded on this bug but I am running beta version...

JJT211 · Tue Aug 09, 2022 5:42 am

So that fix...did NOT fix?

mducharme · Tue Aug 09, 2022 10:31 am

I think pe1chl wants to test this on 7.5betaX and not 7.4.x, and that the fix came out on 7.4.x before 7.5betaX.

pe1chl · Tue Aug 09, 2022 11:29 am

That is right, it is a bit strange that a fix is released in the stable version before first trying it in a beta...
I tried to convert my manually setup config that uses 2 route tables, BGP and routing rules into a VRF config and it failed in the firewall config that entirely uses interface lists.
Of course I have 2 partitions so I reverted to my config prior to this change (which I copied). So when a 7.5beta with this fix is released I will try again.

volkirik · Tue Aug 09, 2022 6:38 pm

same here.

indeed weird that its fixed in stable channel while not in testing.

emils · Wed Aug 10, 2022 2:56 pm

What's new in 7.5beta8 (2022-Aug-09 12:36):

*) bridge - fixed "new-priority" value validation for NAT rules;
*) certificate - fixed handling of empty AKID by SCEP client;
*) container - fixed free disk space checking;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) leds - fixed wireless LED functionality on LHGG;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed UDP performance on MMIPS devices;
*) ping - improved service stability;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) ssh - added AES support for PEM decryption;
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;

rpingar · Wed Aug 10, 2022 4:11 pm

is this
*) ping - improved service stability;
the fix about ticket 67221?? varius ping issue posted into the forum?

Wed Aug 10, 2022 4:13 pm

yes it should fix various reported ping issues

eworm · Wed Aug 10, 2022 4:15 pm

I hope we will see this fix in a stable release soon.

rpingar · Wed Aug 10, 2022 4:27 pm

yes it should fix various reported ping issues

almost one year after the first report.... Just to learn......
4 months just to fight about it is a real issue and not a configuration issue
3 months to fight about a x86 pltaaform issue... "x86 is dead use chr...." Chr had the same issue........ then "it is a mellanox issue....:"
then just 5 months to fix it....

12 months where the first 7 seven could be saved........
regards
Ros

Chaosphere64 · Wed Aug 10, 2022 4:30 pm

Any chance the broken Detect Internet feature is going to be fixed soon (report since 7.2)?

Thanks!

Znevna · Wed Aug 10, 2022 4:52 pm

Yes, stop using it.
----
I was hoping the container fix was miraculously related to this:

container,info,debug 2022/08/10 13:53:18.589837 [fatal] Cannot create DNS data dir at /opt/adguardhome/work/data: mkdir /opt/adguardhome/work/data: permission denied

but apparently not :(

Chaosphere64 · Wed Aug 10, 2022 5:06 pm

Stop using containers.

Helpful, right?

Znevna · Wed Aug 10, 2022 5:23 pm

containers don't compare to the useless detect-internet :D

pe1chl · Wed Aug 10, 2022 7:53 pm

same here.

indeed weird that its fixed in stable channel while not in testing.

Now it gets even more weird, the fix is not listed in the 7.5beta8 change list either... I would expect it to be at least in the next beta when it is fixed in stable already.
(and of course I am disappointed once more w.r.t. BGP fixes)

pe1chl · Wed Aug 10, 2022 7:54 pm

Any chance the broken Detect Internet feature is going to be fixed soon

Hopefully they will remove the entire feature, it is just a nuisance.

Paternot · Wed Aug 10, 2022 9:55 pm

Hopefully they will remove the entire feature, it is just a nuisance.

One can always dream...

winap · Wed Aug 10, 2022 10:19 pm

I have problem with ntp for now. When I setup some ntp servers to stratum 1 it shows: WARNING: frequency out of range: 0.000542. MAX: 0.000500
Is it normal?

2022-08-10_211151.jpg

Znevna · Wed Aug 10, 2022 10:31 pm

Considering it appeared right after a time sync, you figure it out.

cklee234 · Thu Aug 11, 2022 4:24 am

Thanks for the update on this
*) wireless - fixed interface initialization on x86 devices;

There is no error now but seems not yet working. scan frequency is ok but does not discover other APs which are next to it.

Let me do more testings later

Thu Aug 11, 2022 8:08 am

The fix was tested with our R11 series wireless cards. Failure to detect a nearby AP may be due to the scan-list (governed by the country setting) not covering frequencies that the APs are operating on.
If you've ensured that the settings are correct, but the interface still does not work, please open a support ticket and include a supout.

Thu Aug 11, 2022 8:50 am

same here.

indeed weird that its fixed in stable channel while not in testing.
Now it gets even more weird, the fix is not listed in the 7.5beta8 change list either... I would expect it to be at least in the next beta when it is fixed in stable already.
(and of course I am disappointed once more w.r.t. BGP fixes)

A Beta changelog contains changes from the last stable release. All changes that were released in stable/RC versions are present in the following betas by default.

cklee234 · Thu Aug 11, 2022 8:56 am

Thanks for the update on this
*) wireless - fixed interface initialization on x86 devices;

There is no error now but seems not yet working. scan frequency is ok but does not discover other APs which are next to it.

Let me do more testings later
The fix was tested with our R11 series wireless cards. Failure to detect a nearby AP may be due to the scan-list (governed by the country setting) not covering frequencies that the APs are operating on.
If you've ensured that the settings are correct, but the interface still does not work, please open a support ticket and include a supout.

I am using a generic MikroTik R11e-5HacT.

In the wireless, it is recognized as Wireless (Atheros AR9888)
I am locating in Hong Kong. I look at the ac2 I have which I did not set anything but it just works

However, now in x86, seems I still miss something

volkirik · Thu Aug 11, 2022 10:37 am

Now it gets even more weird, the fix is not listed in the 7.5beta8 change list either... I would expect it to be at least in the next beta when it is fixed in stable already.
(and of course I am disappointed once more w.r.t. BGP fixes)

A Beta changelog contains changes from the last stable release. All changes that were released in stable/RC versions are present in the following betas by default.

Correct. VRF is working now.

Znevna · Thu Aug 11, 2022 11:01 am

A Beta changelog contains changes from the last stable release. All changes that were released in stable/RC versions are present in the following betas by default.

I wish this was documented somewhere! This is news for most of us!

pe1chl · Thu Aug 11, 2022 12:20 pm

Indeed. I would not have guessed that. Then, at least it should refer to the release number of the stable release from which it has all the fixes.

Thu Aug 11, 2022 2:23 pm

There are two lists on the official change log:

What's new in 7.5beta8 (2022-Aug-09 12:36)
Other changes since v7.4.1

Usually, users install a beta version for faster access to features and fixes they are interested in. Otherwise, there is no point in using beta - just play safe and install the stable version.

bpwl · Thu Aug 11, 2022 2:46 pm

ROS 7.5beta8: wireless
In wireless table if on tab Wifiwave2, selecting "detail mode" crashes WinBox (64 bit) V3.35 and V3.37.

winap · Thu Aug 11, 2022 3:25 pm

Considering it appeared right after a time sync, you figure it out.

That's fresh basic config and update to latest beta...On v6 and HAP AC2 is everythink ok. So it is my problem find the solution? Haha
What if is a problem on a buggy FW..

Znevna · Thu Aug 11, 2022 3:39 pm

Are you experiencing a problem or you just don't like the warning? because you can hide the warning.

pe1chl · Thu Aug 11, 2022 4:15 pm

There are two lists on the official change log:

What's new in 7.5beta8 (2022-Aug-09 12:36)

Other changes since v7.4.1

Usually, users install a beta version for faster access to features and fixes they are interested in. Otherwise, there is no point in using beta - just play safe and install the stable version.

Ok it would be better when the above was also present in the annoucement on the forum. Now we have to gather the info from so many different places...
I had experimented with VRF in 7.4 and encountered the above-mentioned bug, but I am using the beta versions to keep up with the latest additions, because, you never know, maybe the BGP programmer comes back and starts fixing his work.
Then I see the 7.4.1 announcement and I am happy the problem encountered in VRF is fixed there but of course I want to continue using the beta.
So now I will install beta8 knowing that at least this VRF problem is fixed.

ech1965 · Thu Aug 11, 2022 7:14 pm

[

...Ok it would be better when the above was also present in the annoucement on the forum. ...

+1 And please create a new thread for each release ( eg:1 separate post for beta4 and another one for beta8 )

Posts become so cluttered with issue unrelated with the current release
( see post about docker, if you start using docker on 7.5 beta you have a huge thread full of stale info to digest..... )

winap · Thu Aug 11, 2022 8:20 pm

Are you experiencing a problem or you just don't like the warning? because you can hide the warning.

No no, warning is some problem and I want to know which...But I didn't find, what kind of broblem it is (on internet).
So I don't know, if it's bug, or some problem on other side (NTP server). But v 6.49.6 is ok..

mkx · Thu Aug 11, 2022 8:35 pm

Are you experiencing a problem or you just don't like the warning? because you can hide the warning.
No no, warning is some problem and I want to know which...But I didn't find, what kind of broblem it is (on internet).
So I don't know, if it's bug, or some problem on other side (NTP server). But v 6.49.6 is ok..

It's a warning, which means very likely nothing's gonna explode. Lack of similar warning doesn't mean that underlying problem (whatever it might be) didn't exist before. In any case, if nobody from MT doesn't comment on this warning here on forum, you can open a ticket, hopefully you'll get some sensible answer (and pass it forward to us). OTOH you can wait for next beta (or RC) to verify if the message is here to stay or not.

Thu Aug 11, 2022 11:42 pm

ROS 7.5beta8: wireless
In wireless table if on tab Wifiwave2, selecting "detail mode" crashes WinBox (64 bit) V3.35 and V3.37.

I'm not seeing that.
Winbox-64 v3.37 on hAP AC3 7.5beta8, using wifiwave2
Toggling mode like crazy, no crash.

bpwl · Fri Aug 12, 2022 1:02 am

I'm not seeing that.

I'm not 'seeing' it either. WinBox is just gone. TAB is wifi wave2, not registration (which works normal)

daaf · Sun Aug 14, 2022 9:31 am

What happened to the scripts? The problem of the environment variables still persists.
viewtopic.php?p=944654#p944663

emils · Wed Aug 17, 2022 3:20 pm

What's new in 7.5beta11 (2022-Aug-17 13:14):

*) bgp - improved stability when "default-originate" is configured;
*) console - fixed automatic command completion with <TAB> keypress;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) hotspot - improved stability when receiving bogus packets;
*) interface - fixed default interface naming on RB1100x2;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) webfig - allow to specify NTP server as domain name;
*) winbox - enabled all filters by default under "Tools/Torch" menu;

rpingar · Wed Aug 17, 2022 3:33 pm

What's new in 7.5beta11 (2022-Aug-17 13:14):
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;

Is this the fix we tested on 7.99 release date Aug/01 18.20.39 to fix qsfp28 stability on CCR2216?

so we can "safetly" upgrade to a testing release.

regards
Ros

winap · Wed Aug 17, 2022 4:09 pm

What's new in 7.5beta11 (2022-Aug-17 13:14):

*) ntp - fixed NTP server when "use-local-clock" is used;

Thank you Mikrotik!

guipoletto · Wed Aug 17, 2022 4:13 pm

*) winbox - enabled all filters by default under "Tools/Torch" menu;

Beautifull!!

msatter · Wed Aug 17, 2022 6:32 pm

*) dns - added "address-list" parameter for static DNS entries (CLI only);

WOW!

chiem · Wed Aug 17, 2022 7:07 pm

*) dns - added "address-list" parameter for static DNS entries (CLI only);

WOW!

What is it?

pe1chl · Wed Aug 17, 2022 7:13 pm

*) dns - added "address-list" parameter for static DNS entries (CLI only);

WOW!

What we also need is improvements in the inverse function:
- higher limit on the maximum number of addresses in a DNS query for an address list (specified as DNS name)
- some way to return subnets from the DNS query and insert them in the address list, e.g. TXT records with 1.2.3.0/24 content and similar.
(the DNS type APL (42) described in RFC 3123 would be ideal for that but it does not seem to be widely recognized)

Sob · Wed Aug 17, 2022 7:24 pm

I'm usually good at spotting what things are for, but I'm gonna need some help here. If I do:

/ip/dns/static add address=192.168.88.10 address-list=dnstest name=device.local ttl=600

Nothing happens at first. Then when router's DNS resolver receives query for device.local, address list "dnstest" gets new dynamic entry with 192.168.88.10. Cool. But what can I do with it? I first thought it's supposed to return addresses from address list, I could probably see some possible uses for that. But this?

anav · Wed Aug 17, 2022 7:42 pm

Probably my fault, I asked for address lists in Routing Rules and it got lost in translation ;-)

volkirik · Wed Aug 17, 2022 8:02 pm

you can create address list for advertisements and null route them by DNS

wombat · Wed Aug 17, 2022 8:11 pm

WPA3 on 2.4GHz hAP AC3 stopped working after update from 7.4 - there is no error info in log.

7.5beta11 still same issue, With 7.4.1 all works fine.

pe1chl · Wed Aug 17, 2022 8:50 pm

I first thought it's supposed to return addresses from address list, I could probably see some possible uses for that.

Ah I thought as well that was what it would do: instead of an address you provide an address-list and it returns the address(es) in that list when the name is queried.
Apparently not?
If it would work like that, it could be used to mirror address lists between routers...

msatter · Wed Aug 17, 2022 10:55 pm

I'm usually good at spotting what things are for, but I'm gonna need some help here. If I do:
Code: Select all
/ip/dns/static add address=192.168.88.10 address-list=dnstest name=device.local ttl=600
Nothing happens at first. Then when router's DNS resolver receives query for device.local, address list "dnstest" gets new dynamic entry with 192.168.88.10. Cool. But what can I do with it? I first thought it's supposed to return addresses from address list, I could probably see some possible uses for that. But this?

It is clearly not what I expected reading that line. Have you tried with omitting the IP address?

I expected having multiple dynamic DNS resolved in the address-list that would reflect into the static DNS and so enabling grouping of those resolves, to a custom static DNS entry.

Update: upgraded and tested, if the IP address is omitted then 0.0.0.0 is inserted. If type is stated than an error is displayed (address-list LIST exists).

add name=device.local address-list=LIST type=A 
failure: bad A data: IPv4 address expected

Update two: The current working can be used as a temporary activation of a rule giving access by means of an address-list. When the DNS is resolved the TTL values starts a timer for the duration of the set TTL. But what Mikrotik had in mind with this is unknown.

Sob · Wed Aug 17, 2022 11:51 pm

My findings so far:

- if adds addresses to address list, it doesn't get anything from address list
- it happens when first query for hostname comes and static record exists for it, then it adds its address to list
- if there are more static records with same name, it adds them all
- it uses TTL from static record as address list timeout
- subsequent queries don't do anything (they don't reset address list timeout as one might expect) ^(*1)
- you can set it for all record types, but it only does something with A/AAAA/FWD
- when used with FWD records (which are not real records, just pointers to external servers), it adds addresses from A/AAAA queries and uses their TTLs as timeout

The last thing with FWD records is something that could be possibly useful to create some dynamic access list, because such hostnames can point to different addresses not known in advance. Same could be done with A/AAAA, although if you're adding static DNS records, you already know their addresses, so you could also add them to address list. This would just make the linking easier, but it would require a fix for ^(*1), because resolver returns static records with full TTL, while timeout in address list is going down until it expired and address is then removed, but at that point the client can have still valid (possibly for a long time) resolved address.

Edit: It can be a fix/workaround for using wildcards in address list. If you want hostname-based address list, it's possible for specific hostnames:

/ip firewall address-list
add list=mikrotik address=forum.mikrotik.com
add list=mikrotik address=www.mikrotik.com

But if you want *.mikrotik.com, it's not possible, because * can be anything, that's too many combinations to be resolved in advance. But if you do:

/ip dns static
add address-list=mikrotik match-subdomain=yes name=mikrotik.com type=FWD

then it seems to work (I didn't know it, but you can omit forward-to and then it uses default resolvers), you'll get address list with addresses of actually used hostnames.

fragtion · Wed Aug 17, 2022 11:57 pm

Probably my fault, I asked for address lists in Routing Rules and it got lost in translation ;-)

+1 for routing/rules address-lists

Thu Aug 18, 2022 12:02 am

There is no linux support for address lists for route rules. If you want to use more advanced matching then use mangle.

msatter · Thu Aug 18, 2022 1:13 am

Sadly I can't reproduce that:

/ip/dns/static add address-list=mikrotik match-subdomain=yes name=mikrotik.com type=FWD 
:put [:resolve www2.mikrotik.com]
159.148.147.252

Nothing is added to the address-list mikrotik.

Sob · Thu Aug 18, 2022 1:34 am

It seems that it works only for external queries, i.e. when some other device uses router as resolver.

johnsonX · Thu Aug 18, 2022 10:42 am

15:37:41 dhcp,debug,packet send ether1 -> ff02::1:2%5
15:37:41 dhcp,debug,packet type: solicit
15:37:41 dhcp,debug,packet transaction-id: 0f5c06
15:37:41 dhcp,debug,packet -> clientid: 00030001 dc2c6e79 7d52
15:37:41 dhcp,debug,packet -> ia_na:
15:37:41 dhcp,debug,packet t1: 1800
15:37:41 dhcp,debug,packet t2: 2880
15:37:41 dhcp,debug,packet id: 0x1
15:37:41 dhcp,debug,packet -> oro: 23
15:37:41 dhcp,debug,packet -> elapsed_time: 16
15:37:41 dhcp,debug,packet -> rapid_commit: [empty]
15:37:41 dhcp,debug,packet -> ia_pd:
15:37:41 dhcp,debug,packet t1: 1800
15:37:41 dhcp,debug,packet t2: 2880
15:37:41 dhcp,debug,packet id: 0x1
15:37:41 dhcp,debug,packet recv client: ether1 fe80::1 -> fe80::de2c:6eff:fe79
:7d52
15:37:41 dhcp,debug,packet type: advertise
15:37:41 dhcp,debug,packet transaction-id: 0f5c06
15:37:41 dhcp,debug,packet -> clientid: 00030001 dc2c6e79 7d52
15:37:41 dhcp,debug,packet -> serverid: 00030001 ec8ac704 6b5c
15:37:41 dhcp,debug,packet -> status: 6 - no prefix
15:37:41 dhcp,debug,packet -> status: 2 - no address
15:37:41 dhcp,debug,packet -> dns_servers:
15:37:41 dhcp,debug,packet fe80::1
15:37:41 dhcp,debug ia_pd: not found
Cannot obtain ipv6 address from telecom operator equipment through dhcpv6 client

mmc · Thu Aug 18, 2022 11:24 am

7.5beta11 still doesn't work with ccr2116 or ccr2004 in combination with mikrotik Q+BC0003-S+ (4 x 10g DAC breakout cable).
still no chance to use ros > 7.2.3 in proper datacenter environments (till 7.2.3 all sfp's and DAC breakout cables worked stable).

pe1chl · Thu Aug 18, 2022 2:39 pm

It seems that it works only for external queries, i.e. when some other device uses router as resolver.

Once again it is obvious that those 1-line change notices are sometimes completely insufficient. Especially when the relevant documentation page is not updated. Everyone is at a loss about what this change does, and what it is useful for.

tpedko · Thu Aug 18, 2022 3:03 pm

after upgrade beta5 to beta8 container AdGuard not start
and
after upgrade beta8 to beta11 container AdGuard not start
log
15:50:08 container,info,debug 2022/08/15 12:50:08.460390 [info] AdGuard Home, version v0.107.8
15:50:08 container,info,debug 2022/08/15 12:50:08.482883 [info] Initializing auth module: /opt/adguardhome/work/data/sessions.db
15:50:08 container,info,debug 2022/08/15 12:50:08.483123 [error] auth: open DB: /opt/adguardhome/work/data/sessions.db: open /opt/adguardhome/work/data/sessions.db: permission denied
15:50:08 container,info,debug 2022/08/15 12:50:08.483258 [fatal] Couldn't initialize Auth module
please fix it

jvanhambelgium · Thu Aug 18, 2022 3:10 pm

after upgrade beta5 to beta8 container AdGuard not start
log
15:50:08 container,info,debug 2022/08/15 12:50:08.460390 [info] AdGuard Home, version v0.107.8
15:50:08 container,info,debug 2022/08/15 12:50:08.482883 [info] Initializing auth module: /opt/adguardhome/work/data/sessions.db
15:50:08 container,info,debug 2022/08/15 12:50:08.483123 [error] auth: open DB: /opt/adguardhome/work/data/sessions.db: open /opt/adguardhome/work/data/sessions.db: permission denied
15:50:08 container,info,debug 2022/08/15 12:50:08.483258 [fatal] Couldn't initialize Auth module
please fix it

Can you try on beta11 ??
I've updated from beta8 > beta11 and I only had to start the containers.
You HAD them running before no ? Because after the fresh deploy or redeploy the file permission are broken and I need to take the USB-stick (on which both container "live") out, fix the permissions and re-insert in the RB3011 and then they start fine.

[@rb3011] /container> print
0 name="6854c06d-c61c-4b53-9ae5-c1fe0d4a2045" tag="pihole/pihole:latest" os="linux" arch="arm" interface=veth1 root-dir=disk3/pihole mounts="" dns=""
logging=yes status=running
1 name="13dea836-a00b-459d-8580-a565cd61035d" tag="adguard/adguardhome:latest" os="linux" arch="arm" interface=veth2 root-dir=disk3/adguard mounts="" dns=""
workdir="/opt/adguardhome/work" logging=yes status=running
[@rb3011] /container>

tpedko · Thu Aug 18, 2022 3:50 pm

Can you try on beta11 ??

yes when upgrading from beta8 to beta11 the same
helps to recreate the container
my 4011
[@home] /container> print
0 ;;; adguard
name="3616b40d-9483-4297-b372-83d2ef4166e2" tag="adguard/adguardhome:latest" os="linux" arch="arm" interface=veth1 root-dir=adguardhome mounts=agh_workdir,agh_conf dns="" hostname="adguardhome" workdir="/opt/adguardhome/work" logging=yes
status=running
/container/mounts> print
2 name="agh_workdir" src="/adguardhome/tmp" dst="/opt/adguardhome/work"
3 name="agh_conf" src="/adguardhome/home" dst="/opt/adguardhome/conf"

Thu Aug 18, 2022 7:10 pm

after the fresh deploy or redeploy the file permission are broken

One of the things you have to understand about Docker is that user and group databases are different inside the container relative to outside it. If you ever used NFS without something like idmapd or NIS+ alongside it, it's the same problem: user 1234 might not even exist on both sides, much less be the same user.

This is one reason why Docker has volumes, which RouterOS's container implementation calls "mounts." Permission changes then persist along with the data, so they don't have to be fixed after each container redeployment.

I need to take the USB-stick (on which both container "live") out, fix the permissions and re-insert in the RB3011 and then they start fine.

If you're using volumes, you should be able to do this on-device, even if the container doesn't start. Try something like this:

/container
add …same parameters as normal… cmd=sh
start 1      ; not 0, that's broken at the moment
shell 1
chown myuser /path/to/broken/file
exit
stop 1
start 0

The old container should start now and attach the mounts that you fixed with the temporary container.

It's too bad you have to keep the tarball around, or re-fetch from a remote-image to create the second container. The copy-from parameter should accept another local container by number, name, tag… Anything unique it can latch onto. Cloning one existing container to create another is a normal thing in the Docker world.

mounts=""

That's part of your problem. No mounts means all the data gets stored inside the container, so when the container is nuked, so is the data. Put it on external volumes, and it will persist beyond the lifetime of the container.

Having user data in the container is fine if it's normally recreated, such as by an automated container build pipeline that stuffs fresh data in each time, but when you have a case like this where you need persistent configuration, use volumes/mounts.

buset1974 · Fri Aug 19, 2022 5:51 pm

What's new in 7.5beta11 (2022-Aug-17 13:14):

*) bgp - improved stability when "default-originate" is configured;

BGP vrf still broken,
- "default originate" now successfully advertised to CE,
- BGP vrf session now can show "Established"
- BGP uptime still show "496 days"
- prefix count still show "0"
- BGP advertised from CE still not propagate / withdrawn correctly.

jvanhambelgium · Fri Aug 19, 2022 6:17 pm

One of the things you have to understand about Docker is that user and group databases are different inside the container relative to outside it. If you ever used NFS without something like idmapd or NIS+ alongside it, it's the same problem: user 1234 might not even exist on both sides, much less be the same user.

This is one reason why Docker has volumes, which RouterOS's container implementation calls "mounts." Permission changes then persist along with the data, so they don't have to be fixed after each container redeployment.

If you're using volumes, you should be able to do this on-device, even if the container doesn't start. Try something like this:

Thanks for pointing out the shell command. Looked over it.
Also for the other detailed clarifications. Although I have 10-20 "containers" running on my Synology NAS and have dozens of "mounts" around I never looked down to the nifty details.
On my NAS, I make the folders, make sure they are writable by the specific user and never had any issue on the Synology with that.

rpingar · Fri Aug 19, 2022 8:24 pm

we still have bgp crash when have more the 200 peers and more then one fullroute provider.
Up to the first full route it s fine, load fast and update slow, check rpki is working.

then when we enable the second full route provider it stops to receive messages stay up for a while then the session starts to flap and we see the memory going up.
Then after some huors the bgp crashes and all the bgp info are inaccessible through cli or winbox.

regards
Ros

loloski · Sat Aug 20, 2022 8:36 am

@rpingar

Do you have existing report and ticket re: your issue what does MT say on this? we have in the same situation it just that we don't have luxury on waiting for MT to stabilize BGP in ROS v7

rpingar · Sat Aug 20, 2022 8:50 am

sure, MikroTik support #[SUP-81652]
with daily update with supout, but very few or no reply by MT.
we have in our NAPs CCR2216 and CCR1072 with v7 and we provided supout from both of them.
While they improve bgp stability I advice you to leave only routeserver sessions and one fullroute provider.

regards
Ros

mmc · Sun Aug 21, 2022 8:25 am

bgp advertisement monitoring still doesn't work, too:

https://help.mikrotik.com/docs/display/ ... rtisements

nothing happens when you follow the sample...

Simonej · Tue Aug 23, 2022 12:16 am

If anyone is having problem connecting devices with WPA3, try

/interface/wifiwave2/security/set (yourWiFiprofile) sae-pwe=hunting-and-pecking

also, GCMP encryption should work with WPA3-Personal? Unable to connect any device.

emils · Tue Aug 23, 2022 8:50 am

RouterOS v7.5rc1 has been released

viewtopic.php?t=188651

Who is online