Community discussions

MikroTik App
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

v7.6 [stable] is released!

Tue Oct 18, 2022 11:48 am

RouterOS version 7.6 is released in the "v7 stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during the upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.6 (2022-Oct-17 13:55):

*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT;
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while the router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.
 
User avatar
Maggiore81
Trainer
Trainer
Posts: 558
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 12:09 pm

Hello
wich are the differencies betweeen RC3 and final ? This night I applied the 7.6RC3 :-) on a CRS317
 
gotsprings
Forum Guru
Forum Guru
Posts: 2087
Joined: Mon May 14, 2012 9:30 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 12:14 pm

POE Tabs are back in Winbox for crs328-24p-4s+rm
POE also stayed on during the update reboots

As for Winbox and having the POE tabs... that's pretty impressive. I pointed it out in the 7.5 Announcement YESTERDAY, and its fixed in the 7.6 a few hours later.
Last edited by gotsprings on Tue Oct 18, 2022 3:33 pm, edited 1 time in total.
 
Rox169
Member
Member
Posts: 432
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 12:23 pm

Hi,
anyone tried this on HAP AC3 and W60g?
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 277
Joined: Mon Mar 15, 2021 9:10 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 12:25 pm

hap ac2 here so far no ill effects
 
User avatar
Kanzler
newbie
Posts: 30
Joined: Wed Oct 05, 2022 6:55 pm
Location: Ukraine

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 12:36 pm

hAP AC3 (ww2) work perfectly fine
Last edited by Kanzler on Tue Oct 18, 2022 6:39 pm, edited 1 time in total.
 
cklee234
newbie
Posts: 44
Joined: Tue Sep 29, 2020 6:49 am

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 12:44 pm

*) x86 - improved ixgbe driver support;

Can you elaborate on the improved support? What included and added?
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 12:45 pm

Hello
wich are the differencies betweeen RC3 and final ? This night I applied the 7.6RC3 :-) on a CRS317
There are no changes between v7.6 and v7.6rc3.
 
mohamads
just joined
Posts: 6
Joined: Mon Oct 09, 2017 5:38 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 1:32 pm

*) x86 - improved ixgbe driver support;

Can you elaborate on the improved support? What included and added?
I second that !
 
usmank
just joined
Posts: 2
Joined: Tue Jun 05, 2018 7:27 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 2:00 pm

Session time left not working...
 
Guscht
Member Candidate
Member Candidate
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 2:22 pm

So far, no issues with 7.6:
Screenshot 2022-10-18 132051.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 2:27 pm

RouterOS version 7.6 is released in the "v7 stable" channel!
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;

Since version 7, certificates signed on the ROS do not have legacy Netscape extensions (nsComment = "Generated by RouterOS").
Please answer, now this extension will not be used in the work of internal services, such as CAPsMAN and others?
 
shyrwall
just joined
Posts: 19
Joined: Tue Nov 08, 2011 10:45 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 2:28 pm

Upgrading HAP AC3 (RBD53iG-5HacD2HnD) from 7.6rc2 results in "kernel failure in previous boot". Multiple retries.
 
giulianoz
newbie
Posts: 27
Joined: Sat Apr 08, 2017 6:44 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 2:38 pm

Upgrading HAP AC3 (RBD53iG-5HacD2HnD) from 7.6rc2 results in "kernel failure in previous boot". Multiple retries.
Thanks, I will stay on rc2 for a while
 
shyrwall
just joined
Posts: 19
Joined: Tue Nov 08, 2011 10:45 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 2:40 pm

Upgrading HAP AC3 (RBD53iG-5HacD2HnD) from 7.6rc2 results in "kernel failure in previous boot". Multiple retries.
Same 7.6rc2 -> rc3
 
Rox169
Member
Member
Posts: 432
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 2:41 pm

HAP AC3 from 7.5 to 7.6 is OK.

I have WiFi disbaled on this hAP AC3.
Last edited by Rox169 on Tue Oct 18, 2022 3:16 pm, edited 1 time in total.
 
User avatar
Luizfilipesl
just joined
Posts: 4
Joined: Tue Oct 13, 2020 10:04 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 2:42 pm

And what about the L3HW for VxLAN? Any news?
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 2:45 pm

*) ovpn - added VRF support for client;

cant see that on v7.6
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 2:46 pm

 
shyrwall
just joined
Posts: 19
Joined: Tue Nov 08, 2011 10:45 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 3:03 pm

Upgrading HAP AC3 (RBD53iG-5HacD2HnD) from 7.6rc2 results in "kernel failure in previous boot". Multiple retries.
Same 7.6rc2 -> rc3
We're so far unable to reproduce this locally. Please open a support ticket and provide a supout file.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 3:24 pm

Glad I didn't remotely upgrade my hAP ac3.
Others might not be so lucky ;p
 
holvoetn
Forum Guru
Forum Guru
Posts: 5320
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 3:27 pm

Hmm .. I think I'll wait a bit with my AC3's using wifiwave2 ...
 
mmc
newbie
Posts: 41
Joined: Wed Dec 29, 2004 1:44 am

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 3:28 pm

*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;

qsfp 4 x breakout cables still don't work - ccr2116 qsfp to original mikrotik breakout cable 'Q+BC0003-S+' still has no link. last known working version was ros 7.2.3. all other versions after 7.2.3 just don't have a stable link anymore.

reported on every release with a ticket - last was [SUP-95119]
 
Rox169
Member
Member
Posts: 432
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 3:29 pm

Is the problem only when you upgrade from RC? Is it safe when you upgrade from 7.5? Did you bricked hAP AC3?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5320
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 3:30 pm

There are no changes between v7.6 and v7.6rc3.
Then how come there are problems using wifiwave2 now ?
 
dapilori90
just joined
Posts: 2
Joined: Tue May 26, 2015 8:54 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 3:57 pm

ospf simple auth error "route,ospf,info Discarding packet: wrong chekcsum" between 6.49.7 and 7.6
7.5 and 6.x works well
I'm having the same issue between 7.6 and Cisco IOS-XE:
%OSPF-4-ERRRCV: Received invalid packet: Bad Checksum
7.5 and IOS-XE works well.

To fix it, I had to disable OSPF authentication (not a big deal, since it is a point-to-point IPsec/GRE tunnel).
 
dimacbz
just joined
Posts: 2
Joined: Sat Jul 02, 2016 11:04 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 4:09 pm

Updated 7.5 -> 7.6:

RBD25GR-5HPacQD2HPnD - x1 (Audience LTE6 kit)
RBD53iG-5HacD2HnD - x3 (hAP ac3)

wifi is on everywhere
No problem. including wifi2wave
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Tue Feb 20, 2018 12:31 am

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 4:16 pm

After the update, I can't enter Winbox, stay still on: download descriptors
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 4:18 pm

Possible that the details are always asked and are not automatically written???
Winbox version and on what platform?
 
shyrwall
just joined
Posts: 19
Joined: Tue Nov 08, 2011 10:45 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 4:22 pm



Same 7.6rc2 -> rc3
Possibly because of wifi2wave,

wlan: [69:E:QDF] qdf_fs_read[55]: Fail to Open File /lib/firmware/.fileindex
wlan: [69:E:QDF] qdf_fs_write[137], Failed to open file /lib/firmware/.fileindex

wlan: [69:E:ANY] ramdump_work_handler: ** STARTING DUMP options:2
wlan: [69:E:ANY] ol_get_tgt_dump_location: ERROR: No wifi_dump dts node available in the dts entry file
wlan: [69:E:ANY] fw_get_core_dump: Assertion failed! 0:fw_get_core_dump /opt/atlassian/bamboo-agent/xml-data/build-dir/ROS-V73-JOB1/7/wireless-qca/drivers/arm/qca-wifi/os/linux/../../qca_ol/wifi2.0/../../offl>
CPU: 2 PID: 69 Comm: kworker/2:1 Tainted: G O L 5.6.3 #2
Hardware name: IPQ4019
Workqueue: events __qdf_defer_func [qdf@0x7f3fb000]
{8fbbddcc} _stext+0x97e8/0x465b68
{8fbbddd4} _stext+0x451920/0x465b68
{8fbbdde4} ol_diag_read_sram+0x750/0x810 [wifi_2_0@0x7f456000]
{8fbbde6c} ramdump_work_handler+0x78/0x17c [wifi_2_0@0x7f456000]
{8fbbdf0c} ahb_defer_reconnect+0x30/0x200 [qca_ol@0x7f8d1000]
{8fbbdf3c} _stext+0x2d3b4/0x465b68
{8fbbdf64} _stext+0x2d6b4/0x465b68
{8fbbdf8c} _stext+0x32274/0x465b68
{8fbbdfac} _stext+0x10e8/0x465b68
Exception stack(0x8fbbdfb0 to 0x8fbbdff8)
dfa0: 00000000 00000000 00000000 00000000
dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
dfe0: 00000000 00000000 00000000 00000000 00000013 00000000
WLAN Panic @ fw_get_core_dump:3216: Take care of the TARGET ASSERT first
Disabling the wlan interfaces -> scheduling wifi2wave for uninstall -> reboot -> upgrade to 7.6 + add wifi2wave -> enabling wlan interfaces and adding conf back worked.
 
Rox169
Member
Member
Posts: 432
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 4:38 pm

MT any statement? Is it safe to upgrade from 7.5 to 7.6? Are you working on fix?
 
Guscht
Member Candidate
Member Candidate
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 4:44 pm

Findings:

*) ethernet - added "5Gbps" option for speed setting;

NOPE:
Screenshot 2022-10-18 153547.jpg

--------------------

*) l3hw - added "l3hw-settings" sub menu under the switch menu;

NOPE again:
Screenshot 2022-10-18 154011.jpg

--------------------

*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;

But still only 50% of the CPU capacity for CRS328??!!

--------------------

*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;

It is not linked to the IP/Firewall/Adress Lists? Which "Lists" do I enter here?

Screenshot 2022-10-18 153639.jpg
You do not have the required permissions to view the files attached to this post.
 
gotsprings
Forum Guru
Forum Guru
Posts: 2087
Joined: Mon May 14, 2012 9:30 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 4:45 pm

MT any statement? Is it safe to upgrade from 7.5 to 7.6? Are you working on fix?
Do it on your bench or someplace where you can run Netinstall... In case the $#!+ Hits the Fan.
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Tue Feb 20, 2018 12:31 am

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 4:47 pm

Possible that the details are always asked and are not automatically written???
Winbox version and on what platform?
winbox 3.37 windows
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 4:51 pm

NOPE:
NOPE again:
Those two changelog entries don't mention anything about WinBox, from which you provided the screenshots.
Look for them in CLI.
 
Guntis
MikroTik Support
MikroTik Support
Posts: 153
Joined: Fri Jul 20, 2018 1:40 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 4:52 pm

In our tests, hAP ac3 and WifiWave2 seem to work fine with 7.6. If you encounter any issues, please contact support with supout.rif file and backup file, if possible, create backup file prior to upgrade, and share it with us.
 
Guscht
Member Candidate
Member Candidate
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 4:58 pm

Those two changelog entries don't mention anything about WinBox, from which you provided the screenshots.
Look for them in CLI.
Normally, they write "CLI only" if so, and if not, its referred to Winbox and CLI?! So far is my understanding of their changelog-nomenclature.

Like in:
*) dns - added "match-subdomain" option for static entries (CLI only);
 
Rox169
Member
Member
Posts: 432
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 5:23 pm

Just upgraded in hap AC3 from 7.5 to 7.6 with WiFiwave2 and no issues...
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 5:30 pm

Those two changelog entries don't mention anything about WinBox, from which you provided the screenshots.
Look for them in CLI.
These work via winbox on all of the devices that I upgraded.

crs317, crs318, crs326, ccr2004, crs112, cap ac. For the cap ac and crs112 obviously the l3hw options are not there. I did update the firmware and ROS.
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 5:40 pm

@Guscht
*) ethernet - added "5Gbps" option for speed setting;
is it visible via the CLI ?
*) l3hw - added "l3hw-settings" sub menu under the switch menu;
"MT" might not support L3HW?!
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 6:06 pm

MT any statement? Is it safe to upgrade from 7.5 to 7.6? Are you working on fix?
I see you have already upgraded. But a simple answer on this is:
Wait some weeks and see what other writes in this thread.
Never ever upgrade a production router first day of a new release.
 
netbus
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Mon Sep 04, 2017 12:42 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 6:08 pm

where can I find macsec settings in winbox?
 
User avatar
malobert
just joined
Posts: 5
Joined: Mon Feb 14, 2022 2:30 pm
Location: Westland, the Netherlands

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 6:15 pm

Upgrade went well on my RB5009 from 7.6rc3 to 7.6. But there is a problem with partitions, I can not copy part1 to part0 anymore.
Copying goes to > 750% and than copying stops with an error
Schermafbeelding 2022-10-18 om 16.57.28.png
Schermafbeelding 2022-10-18 om 17.14.07.png
Tried do downgrade, pulled my usb disk, uninstalled the container package.
Repartitioned to 1 part, and after that partitioned back to 2 parts, copy still has an error.
Booting form part1 is not possible.
You do not have the required permissions to view the files attached to this post.
Last edited by malobert on Tue Oct 18, 2022 8:23 pm, edited 1 time in total.
 
dmayan
newbie
Posts: 34
Joined: Sun Nov 10, 2013 9:28 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 6:39 pm

- BGP Sessions stopped for no reason (wich previously worked OK)
- BGP Sessions prefix count still at 0
- BGP advertisements dump not working (I know you can see them on CLI now, but the button is there and it doesn't work)

Are we still testing a pre-alpha?
 
Guscht
Member Candidate
Member Candidate
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 6:52 pm

where can I find macsec settings in winbox?

A "tab" under Interfcaes:
Screenshot 2022-10-18 175142.jpg
You do not have the required permissions to view the files attached to this post.
 
theosoft
just joined
Posts: 10
Joined: Fri Jan 27, 2017 5:48 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 7:23 pm

@malobert
Upgrade went well on my RB5009 from 7.6rc3 to 7.6. But there is a problem with partitions, I can not copy part1 to part0 anymore.
Copying goes to 750% and than copying stops with an error
viewtopic.php?p=961612&hilit=theosoft#p961612

It is reproduced and solution in progress..

VETH related bug...
 
User avatar
armandfumal
Member Candidate
Member Candidate
Posts: 158
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 8:13 pm

Like 7.6rc2 and 7.6.rc3 this 7.6 release has the same issue for us.

CCR2216, 2 bgp links full table, around 1.900.000 prefixes in routing table.

issue with cli command : /routing/bgp/advertisements/

when using /routing/bgp/advertisements/print with where command to filter a peer, that working with no issue.

but
when using just /routing/bgp/advertisements/print, causing 100% cpu at routing & management process and memory is falling down rapidly. after lost 9Gb RAM we device to force reboot...

nobody has this issue ?

regards
 
evilsabc
just joined
Posts: 5
Joined: Wed Jan 26, 2022 4:16 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 9:31 pm

CCR2116 - Reboot every 2 hours without any reasons

I'm using 295 nats rules actually i plan to remove all of them and route directly but for the moment the router keep rebooting anyone with this problem ?
 
User avatar
armandfumal
Member Candidate
Member Candidate
Posts: 158
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 9:36 pm

CCR2116 - Reboot every 2 hours without any reasons

I'm using 295 nats rules actually i plan to remove all of them and route directly but for the moment the router keep rebooting anyone with this problem ?
did you have an autosupout file created at reboot ?
 
User avatar
malobert
just joined
Posts: 5
Joined: Mon Feb 14, 2022 2:30 pm
Location: Westland, the Netherlands

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 9:50 pm

@theosoft
@malobert
Upgrade went well on my RB5009 from 7.6rc3 to 7.6. But there is a problem with partitions, I can not copy part1 to part0 anymore.
Copying goes to 750% and than copying stops with an error
viewtopic.php?p=961612&hilit=theosoft#p961612

It is reproduced and solution in progress..

VETH related bug...
Aah, thank you for the answer !
I deleted my VETH, and indeed copy works again.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 10:34 pm


still no,

let say

/interface eoip/ovpn/l2tp...
add remote-address=192.168.1.1@vrf1


the error that im geting is not a valid dns name (6)
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 10:58 pm

Updated my RB5009 from 7.5 to 7.6 (both RouterOS + firmware)
No issues in my setup.
 
evilsabc
just joined
Posts: 5
Joined: Wed Jan 26, 2022 4:16 pm

Re: v7.6 [stable] is released!

Tue Oct 18, 2022 11:04 pm

CCR2116 - Reboot every 2 hours without any reasons

I'm using 295 nats rules actually i plan to remove all of them and route directly but for the moment the router keep rebooting anyone with this problem ?
did you have an autosupout file created at reboot ?
No what happen is the router boot me out of the winbox and all the vlan stop working nothing work i have to reboot it manually to make it work again for about 2 hours and so on
 
evilsabc
just joined
Posts: 5
Joined: Wed Jan 26, 2022 4:16 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 12:01 am

After the problem came back again it seem that the SFP+2 stop passing traffic until i disable and renable the port ...
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 12:17 am

Upgraded my SOHO CCR2116 from 7.4.1 to 7.6, and reenabled L3HW for fasttrack NAT offloading only. So far, so good.

Anecdotally, speed tests between my desktop and my Ookla server improved (from 2500Mbps upload to 3000Mbps upload), and tests to WiFi 6 endpoints improved by 100mbps or so, while router CPU sits at 0%.

It's nice to see BGP advertisements again.
 
ormandj
just joined
Posts: 18
Joined: Tue Jun 15, 2021 12:25 am

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 12:24 am

When adding new or opening an existing DHCP Server in Webfig, "DHCP Option Set" will get pre-filled to one of those you have configured. Even on an existing DHCP server, it will pre-fill one of your options. If you click "OK" without deselecting it, you will end up with a configuration you may not have intended. SUP-95439 submitted.
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 197
Joined: Wed Aug 09, 2017 1:15 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 12:32 am

not a valid dns name (6)
I'm getting the same error on my device (arm64).
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 12:33 am

I've seen the DHCP option set issue with RouterOS 7.5 already... So this is not new.
 
bbs2web
Member Candidate
Member Candidate
Posts: 232
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 12:42 am

Any chance MikroTik could consider adding an option to enable/disable IPv6 Router Advertisement (RA) Guard when adding interfaces to a bridge?

The following forum post appear to provide the necessary requirements to allow one to 'tick the box' to comply with RFC 6105 or superseding RFC 7113:

[SOLVED] CRS - Hardware offloaded (MC-LAG compatible) bridge with IPv6 RA Guard
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 1:29 am

I have a second CCR2116 that I was trying to install this on. It has been partitioned just like my first, running 7.4.1. Both say 64MB per file system. The second one keeps failing on update with "not enough space for upgrade." What's ironic is the first one that was successful has the extra packages (ZeroTier, Dude, etc.) but the second has hardly anything, and has 42MB of space left. It originally had 7.4, and I was able to upgrade to 7.4.1, but it won't go to 7.6, neither from uploading the package directly, or from "Check for Updates" in Webfig.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 2:11 am

*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;

do we need to pun macsec interface in to the bridge to make it work ?
 
User avatar
armandfumal
Member Candidate
Member Candidate
Posts: 158
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 2:35 am

After the problem came back again it seem that the SFP+2 stop passing traffic until i disable and renable the port ...
Not SFP or dac câble issue ? Or used brand not working correctly with this version...
 
evilsabc
just joined
Posts: 5
Joined: Wed Jan 26, 2022 4:16 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 2:40 am

After the problem came back again it seem that the SFP+2 stop passing traffic until i disable and renable the port ...
Not SFP or dac câble issue ? Or used brand not working correctly with this version...
I tried with different dac cable and transceiver all is working correctly it seem that over 1 gbps the bug occur
 
moutazsalem
just joined
Posts: 3
Joined: Sat Mar 26, 2022 4:33 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 2:46 am

I wanted to report a bug in ROS 7.6 (RB760iGS):
I use the usb power-reset feature to control power of an auxiliary device.

so i set it to sleep for one day using this command
#> system/routerboard/usb/power-reset duration=1d

usually, i cancel the power-reset command before the day passes, using the command
#> system/routerboard/usb/power-reset duration=1s

the later command overrides the first one and the device boots up.

With the 7.6 update, when trying to execute the second command, i get an error message stating that there is a power reset already in progress and the device would still be off.

Is there any way in 7.6 to cancel the power reset command or override it?
 
stanelie
newbie
Posts: 30
Joined: Sun Jun 03, 2012 9:32 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 3:29 am

CapsMan stopped working when I upgraded from 7.5. None of the controlled access points (CAPs) would connect to CapsMan. I downgraded and everything went back to normal. (small setup with 20 access points)
 
ttys0
just joined
Posts: 2
Joined: Sun Jun 05, 2022 3:26 am

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 3:47 am

Just upgraded from 7.4.3 to 7.6 on a CRS354-48P-4S+2Q+ and everything seems to be working just fine.
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 897
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 8:26 am

Is there any way in 7.6 to cancel the power reset command or override it?

moutazsalem, nice example of how every change breaks someone's workflow :)
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 8:43 am

moutazsalem, nice example of how every change breaks someone's workflow :)
https://m.xkcd.com/1172/

😝
 
holvoetn
Forum Guru
Forum Guru
Posts: 5320
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 8:56 am

Being close to those devices I bit the bullet...
Upgraded 2x AC3 with wifiwave2 and Hex.
No noticeable problems.
 
mantouboji
newbie
Posts: 40
Joined: Mon Aug 01, 2022 2:21 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 11:04 am

IPv6 wireguard bug still exists
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Tue Feb 20, 2018 12:31 am

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 12:13 pm

Possible that the details are always asked and are not automatically written???
Winbox version and on what platform?
winbox 3.37 windows
If I run Winbox from local, it works, if I perform winbox from wireguard tunnel, it blocks and does not enter.
 
erlinden
Forum Guru
Forum Guru
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 12:19 pm

If I run Winbox from local, it works, if I perform winbox from wireguard tunnel, it blocks and does not enter.
Is this new behaviour? Can you share your config (/ip/firewall/filter/ export)? Make sure to remove any privacy related information
 
evbocharov
newbie
Posts: 26
Joined: Tue May 25, 2021 11:06 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 12:20 pm

fix arp-ping?
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 12:35 pm

no, even ip route check does not
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Tue Feb 20, 2018 12:31 am

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 12:38 pm

If I run Winbox from local, it works, if I perform winbox from wireguard tunnel, it blocks and does not enter.
Is this new behaviour? Can you share your config (/ip/firewall/filter/ export)? Make sure to remove any privacy related information

/interface bridge
add admin-mac=X:X:X:X:X:X auto-mac=no comment=defconf name=bridge \
    protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether2 ] name=ether2-WAN-SKY
set [ find default-name=ether4 ] name=ether4-WIFI
/interface wireguard
add listen-port=51820 name=TUNNEL-NEGOZIO
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add comment="Always TCP: No fixed port" name=speedtest-servers regexp=\
    "^.*(get|GET).+speedtest.*\$"
add name=Youtube regexp="^.+(youtube.com|youtube.net|.youtube.|.youtube).*\$"
add name=WhatsApp regexp=\
    "^.+(whatsapp.com|whatsapp.net|.whatsapp.|.whatsapp).*\$"
add name=Facebook regexp=\
    "^.+(facebook.com|facebook.net|.facebook.|.facebook).*\$"
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/port
set 0 name=serial0
/ppp profile
add local-address=10.0.8.1 name=OVPN use-encryption=yes
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/routing table
add fib name=WAN1
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge ingress-filtering=no interface=ether4-WIFI
/interface bridge settings
set allow-fast-path=no
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set route-cache=no tcp-syncookies=yes
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1-WAN list=WAN
add interface=TUNNEL-NEGOZIO list=LAN
add interface=ether2-WAN-SKY list=WAN
/interface ovpn-server server
set auth=sha1 certificate=SERVER cipher=aes256 default-profile=OVPN enabled=\
    yes port=1180 protocol=udp require-client-certificate=yes
/interface wireguard peers
add allowed-address=10.0.8.1/32,192.168.0.0/24 endpoint-address=X.X.X.X \
    endpoint-port=51820 interface=TUNNEL-NEGOZIO persistent-keepalive=10s \
    public-key="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=\
    192.168.1.0
add address=10.7.2.1/16 comment=INTERNET interface=ether1-WAN network=\
    10.7.0.0
add address=10.0.8.2 interface=TUNNEL-NEGOZIO network=10.0.8.1
add address=192.168.11.100/24 interface=ether2-WAN-SKY network=192.168.11.0
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
/ip firewall address-list
add address=0.0.0.0/8 comment="defconf: RFC6890" list=no_forward_ipv4
add address=169.254.0.0/16 comment="defconf: RFC6890" list=no_forward_ipv4
add address=224.0.0.0/4 comment="defconf: multicast" list=no_forward_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=no_forward_ipv4
add address=127.0.0.0/8 comment="defconf: RFC6890" list=bad_ipv4
add address=192.0.0.0/24 comment="defconf: RFC6890" list=bad_ipv4
add address=192.0.2.0/24 comment="defconf: RFC6890 documentation" list=\
    bad_ipv4
add address=198.51.100.0/24 comment="defconf: RFC6890 documentation" list=\
    bad_ipv4
add address=203.0.113.0/24 comment="defconf: RFC6890 documentation" list=\
    bad_ipv4
add address=240.0.0.0/4 comment="defconf: RFC6890 reserved" list=bad_ipv4
add address=0.0.0.0/8 comment="defconf: RFC6890" list=not_global_ipv4
add address=10.0.0.0/8 comment="defconf: RFC6890" disabled=yes list=\
    not_global_ipv4
add address=100.64.0.0/10 comment="defconf: RFC6890" list=not_global_ipv4
add address=169.254.0.0/16 comment="defconf: RFC6890" list=not_global_ipv4
add address=172.16.0.0/12 comment="defconf: RFC6890" list=not_global_ipv4
add address=192.0.0.0/29 comment="defconf: RFC6890" list=not_global_ipv4
add address=192.168.0.0/16 comment="defconf: RFC6890" disabled=yes list=\
    not_global_ipv4
add address=198.18.0.0/15 comment="defconf: RFC6890 benchmark" list=\
    not_global_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=not_global_ipv4
add list=ddos-attackers
add list=ddos-target
add address=192.168.1.200 list=SMB
add address=192.168.0.200 list=SMB
add address=10.0.8.1 disabled=yes list=SMB
/ip firewall filter
add action=drop chain=forward comment="BLOCK WHATSAP" disabled=yes \
    layer7-protocol=WhatsApp
add action=drop chain=forward comment="BLOCK FACEBOOK" disabled=yes \
    layer7-protocol=Facebook
add action=drop chain=forward comment="BLOCK YOUTUBE" disabled=yes \
    layer7-protocol=Youtube
add action=drop chain=input comment="BLOCK DNS Wan" connection-state=new \
    dst-port=53 in-interface-list=WAN protocol=udp
add action=drop chain=input comment="BLOCK DNS Wan" connection-state=new \
    dst-port=53 in-interface-list=WAN protocol=tcp
add action=add-src-to-address-list address-list=smb-flood \
    address-list-timeout=none-dynamic chain=forward comment=\
    "SMB Flood Gathering" connection-limit=100,32 dst-port=445 in-interface=\
    bridge protocol=tcp
add action=add-src-to-address-list address-list=snpp-flood \
    address-list-timeout=none-dynamic chain=forward comment=\
    "SNPP/Backdoor Flood\r\
    \nGathering" connection-limit=20,32 dst-port=444 in-interface=bridge \
    protocol=tcp
add action=add-src-to-address-list address-list=msf-indication \
    address-list-timeout=none-dynamic chain=forward comment=\
    "Metasploit Indication" connection-limit=20,32 dst-port=4444 \
    in-interface=bridge protocol=tcp
add action=add-src-to-address-list address-list=ssh-flood \
    address-list-timeout=none-dynamic chain=forward comment=\
    "SSH Flood Gathering" connection-limit=20,32 dst-port=22 in-interface=\
    bridge protocol=tcp
add action=add-src-to-address-list address-list=telnet-flood \
    address-list-timeout=none-dynamic chain=forward comment=\
    "Telnet Flood\r\
    \nGathering" connection-limit=20,32 dst-port=23 in-interface=bridge \
    protocol=tcp
add action=log chain=forward comment="Abnormal Traffic" connection-bytes=\
    80000000 disabled=yes limit=1,5:packet log-prefix=Abnormal-Traffic
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=forward comment="Port scanners to list " \
    in-interface=!bridge log-prefix="port scanner" protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="Port scanners to list " \
    protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \
    tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \
    tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\
    tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp \
    tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \
    tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=DoS_Attacked \
    address-list-timeout=5m chain=input comment=DoS_Attacked \
    connection-limit=32,32 protocol=tcp
add action=tarpit chain=input comment=DoS_Attacked connection-limit=10,32 \
    protocol=tcp src-address-list=DoS_Attacked
add action=drop chain=forward comment="Bloccare IP addresses BOGON" \
    src-address=0.0.0.0/8
add action=return chain=detect-ddos comment="SYN-ACK Flood" dst-limit=\
    32,32,src-and-dst-addresses/10s protocol=tcp tcp-flags=syn,ack
add action=drop chain=forward comment="dropping port scanners" \
    src-address-list="port scanners"
add action=drop chain=input comment="dropping port scanners" \
    src-address-list="port scanners"
add action=drop chain=input comment="drop echo request" icmp-options=8:0 \
    in-interface-list=WAN protocol=icmp
add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=\
    icmp
add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 \
    protocol=icmp
add action=accept chain=icmp comment="host unreachable" icmp-options=3:1 \
    protocol=icmp
add action=accept chain=icmp comment=\
    "host unreachable fragmentation required" icmp-options=3:4 protocol=icmp
add action=accept chain=icmp comment="allow source quench" icmp-options=4:0 \
    protocol=icmp
add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 \
    protocol=icmp
add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 \
    protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 \
    protocol=icmp
add action=accept chain=input comment="Allow OpenVPN" dst-port=1180 protocol=\
    tcp
add action=accept chain=input comment="Allow Wireguard" dst-port=51820 \
    protocol=udp
add action=accept chain=input comment=winbox dst-port=1170 protocol=tcp
add action=accept chain=input comment="Allow Established connections" \
    connection-state=established,related
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="ACCETTA TRAFFICO DA WIREGUARD" \
    in-interface=TUNNEL-NEGOZIO src-address=192.168.0.0/24
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=accept chain=forward comment="COMPUTER METEO" src-mac-address=\
    X:X:X:X:X:X
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=add-src-to-address-list address-list=FW_Block_unkown_port \
    address-list-timeout=1d chain=input comment=\
    "Add IP of user to access list if they have tried port that is not open." \
    disabled=yes in-interface-list=WAN log-prefix=FI_AS_port-test \
    src-address=!10.7.0.1
add action=drop chain=icmp comment="deny all other types"
add action=drop chain=input comment="Drop Invalid connections" \
    connection-state=invalid in-interface-list=!LAN
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=drop chain=input comment="BLOCCO BLACKLIST" connection-state=new \
    in-interface-list=!LAN src-address-list=blacklist
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed NO DROP TUNNEL TRAFFIC" \
    connection-nat-state=!dstnat connection-state=new dst-address-list=!SMB \
    in-interface-list=!LAN
add action=accept chain=forward comment=\
    "defconf: accept all that matches IPSec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed NO DROP TUNNEL TRAFFIC" \
    connection-nat-state=!dstnat connection-state=new dst-address-list=!SMB \
    in-interface-list=WAN
add action=drop chain=forward comment="defconf: drop bad forward IPs" \
    src-address-list=no_forward_ipv4
add action=drop chain=forward comment="defconf: drop bad forward IPs" \
    dst-address-list=no_forward_ipv4
add action=drop chain=forward comment="Drop invalid connections" \
    connection-state=invalid
/ip firewall mangle
add action=change-mss chain=forward comment=MTU in-interface=TUNNEL-NEGOZIO \
    new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
add action=change-ttl chain=prerouting comment="NO TRaceroute" new-ttl=\
    increment:1 passthrough=yes
add action=mark-connection chain=prerouting comment="MARK PER WAN1" \
    connection-state=new in-interface=ether1-WAN new-connection-mark=\
    WAN1_conn
add action=mark-routing chain=prerouting comment="MARK PER WAN1" \
    connection-mark=WAN1_conn in-interface-list=LAN new-routing-mark=WAN1
/ip firewall nat
add action=dst-nat chain=dstnat comment="Force using DNS LAN" disabled=yes \
    dst-port=53 in-interface=bridge protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="DNS GOOGLE VALERIO" disabled=yes \
    dst-port=53 protocol=udp src-mac-address=X:X:X:X:X:X to-addresses=\
    8.8.8.8 to-ports=53
add action=dst-nat chain=dstnat comment="WEBCAM CASA" dst-port=8181 \
    in-interface=ether1-WAN protocol=tcp src-address=!192.168.0.0/24 \
    to-addresses=192.168.1.51 to-ports=8080
add action=dst-nat chain=dstnat comment="Winbox WIFI" dst-port=1175 \
    in-interface=TUNNEL-NEGOZIO protocol=tcp src-address=192.168.0.11 \
    to-addresses=192.168.1.100 to-ports=1170
add action=dst-nat chain=dstnat comment="DAVIS WIFI" dst-port=8090 \
    in-interface=TUNNEL-NEGOZIO protocol=tcp src-address=192.168.0.11 \
    to-addresses=192.168.5.40 to-ports=80
add action=masquerade chain=srcnat comment="TUNNEL NEGOZIO" dst-address=\
    192.168.0.0/24 ipsec-policy=out,none out-interface=TUNNEL-NEGOZIO
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip firewall raw
add action=accept chain=icmp4 comment="defconf: echo reply" icmp-options=0:0 \
    limit=5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="defconf: net unreachable" \
    icmp-options=3:0 protocol=icmp
add action=accept chain=icmp4 comment="defconf: host unreachable" \
    icmp-options=3:1 protocol=icmp
add action=accept chain=icmp4 comment="defconf: protocol unreachable" \
    icmp-options=3:2 protocol=icmp
add action=accept chain=icmp4 comment="defconf: port unreachable" \
    icmp-options=3:3 protocol=icmp
add action=accept chain=icmp4 comment="defconf: fragmentation needed" \
    icmp-options=3:4 protocol=icmp
add action=accept chain=icmp4 comment="defconf: echo" icmp-options=8:0 limit=\
    5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="defconf: time exceeded " icmp-options=\
    11:0-255 protocol=icmp
add action=drop chain=icmp4 comment="defconf: drop other icmp" protocol=icmp
add action=drop chain=prerouting comment=DDOS dst-address-list=ddos-target \
    src-address-list=ddos-attackers
add action=drop chain=prerouting comment="DNS Amplification" dst-port=53 \
    in-interface-list=WAN protocol=udp
add action=drop chain=prerouting comment="Well-Known Port+ winbox da wan" \
    dst-port=2000,22,23,80,53,1170 in-interface=!TUNNEL-NEGOZIO \
    in-interface-list=WAN protocol=tcp
add action=drop chain=prerouting comment=\
    "Well-Known Virus/Flooding Port- esscludo ip nas" dst-address-list=!SMB \
    dst-port=445,2000,4444,444 in-interface-list=LAN protocol=tcp
add action=drop chain=prerouting comment="Memcached Flood" in-interface-list=\
    LAN protocol=udp src-port=11211
add action=drop chain=prerouting comment="drop port scanner" in-interface=\
    !TUNNEL-NEGOZIO src-address-list="port scanners"
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
    src-address-list=bad_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
    dst-address-list=bad_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
    src-address-list=bad_src_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
    dst-address-list=bad_dst_ipv4
add action=drop chain=prerouting comment="defconf: drop non global from WAN" \
    in-interface-list=WAN log=yes src-address-list=not_global_ipv4
add action=drop chain=bad_tcp comment="defconf: TCP flag filter" protocol=tcp \
    tcp-flags=!fin,!syn,!rst,!ack
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,syn
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,rst
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,!ack
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,urg
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=syn,rst
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=rst,urg
add action=drop chain=bad_tcp comment="defconf: TCP port 0 drop" port=0 \
    protocol=tcp
add action=accept chain=prerouting in-interface=TUNNEL-NEGOZIO src-address=\
    192.168.0.0/24
add action=accept chain=icmp4 comment="defconf: echo reply" icmp-options=0:0 \
    limit=5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="defconf: net unreachable" \
    icmp-options=3:0 protocol=icmp
add action=accept chain=icmp4 comment="defconf: host unreachable" \
    icmp-options=3:1 protocol=icmp
add action=accept chain=icmp4 comment="defconf: protocol unreachable" \
    icmp-options=3:2 protocol=icmp
add action=accept chain=icmp4 comment="defconf: port unreachable" \
    icmp-options=3:3 protocol=icmp
add action=accept chain=icmp4 comment="defconf: fragmentation needed" \
    icmp-options=3:4 protocol=icmp
add action=accept chain=icmp4 comment="defconf: echo" icmp-options=8:0 limit=\
    5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="defconf: time exceeded " icmp-options=\
    11:0-255 protocol=icmp
add action=drop chain=icmp4 comment="defconf: drop other icmp" protocol=icmp
add action=drop chain=prerouting in-interface-list=WAN protocol=!tcp \
    src-address=!X.X.X.X src-address-list=FW_Block_unkown_port
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
    10.7.0.1 pref-src=0.0.0.0 routing-table=WAN1 scope=30 \
    suppress-hw-offload=no target-scope=10
add disabled=no distance=2 dst-address=192.168.5.0/24 gateway=192.168.1.100 \
    pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add check-gateway=ping disabled=no distance=3 dst-address=192.168.0.0/24 \
    gateway=10.0.8.1 pref-src="" routing-table=main scope=30 \
    suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.11.1 pref-src=0.0.0.0 routing-table=main scope=30 \
    suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.1.0/24,10.0.8.0/30,192.168.0.11/32 port=1170
set api-ssl disabled=yes
/ppp secret
add name=vrcomputer profile=OVPN remote-address=10.0.8.5 service=ovpn
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=ROUTER-CASA
/system ntp client
set mode=broadcast
/tool bandwidth-server
set enabled=no
/tool e-mail
set address=X.X.X.X from=noreply@XXXXXXX.com user=smtp@XXXXXXXX.it
/tool graphing interface
add interface=ether1-WAN
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool mac-server ping
set enabled=no
Last edited by BartoszP on Wed Oct 19, 2022 4:00 pm, edited 1 time in total.
 
User avatar
reevansxyz
just joined
Posts: 18
Joined: Sat Jul 02, 2022 7:49 pm
Location: Asia/Kuala_Lumpur
Contact:

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 12:39 pm

Nothing seriously troubling, it's just that I know—I logged out from the web interface, but it says that I am still logged on via web; RB5009UG+S+IN.

Image
 
MikroUser
newbie
Posts: 47
Joined: Sat Sep 07, 2013 1:56 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 12:47 pm

Have problems on a CCR2004-16g-2s and sfponu module.
Issue shows after firmware update add next boot, no pon link at sfp.
SFP is visible and hardware info is ok, but no pon link.
So after every firmware update i need get out sfponu and insert it again, only after that pon link is ok. Simple rebooting doesnt solve problem
That same problem was on a rb4011, rb5009. I think some power reset solution for sfp+ port needed.

And onemore, when fasttrack is enabled (action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes ) all wireguard connections works very slow and dropping packets. Tried play with mtu but only disabling fasttrack helps.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 1:00 pm

/routing/bgp/advertisements/print now shows a detailed list, where on rc1 it showed only a summary. There was a "show" command that showed the full list.
So now I tried /routing/bgp/advertisements/print count-only to see if it maybe shows a summary only.
It showed:
704
no such item (4)
From now on, /routing/bgp/advertisements/print only shows a single item and then it prints that no such item (4) error.
 
Safic
just joined
Posts: 4
Joined: Sun Jun 19, 2016 10:26 am

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 1:09 pm

CapsMan stopped working when I upgraded from 7.5. None of the controlled access points (CAPs) would connect to CapsMan. I downgraded and everything went back to normal. (small setup with 20 access points)
Are your cAPs running ROS 7.6?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 1:40 pm

/routing/bgp/advertisements/print now shows a detailed list, where on rc1 it showed only a summary. There was a "show" command that showed the full list.
So now I tried /routing/bgp/advertisements/print count-only to see if it maybe shows a summary only.
It showed:
704
no such item (4)
From now on, /routing/bgp/advertisements/print only shows a single item and then it prints that no such item (4) error.

[admin@dr_05] /routing/bgp/advertisements> print count-only 
848915
[admin@dr_05] /routing/bgp/advertisements> print 
 0 peer=bgp_feed-1 dst=23.161.0.0/24 
   bgp.nexthop=10.155.101.183 .origin=0 .as-path=sequence 444 

 0 peer=to_231-1 dst=60.48.0.0/14 
   bgp.nexthop=10.155.101.1 .origin=0 .as-path=sequence 444 65530 100 6667 1273 4788 4788 
   .communities=35859:2842,41743:2842,47883:2842,49940:2842,51200:46098,53760:46098,55855:63748 
   .atomic-aggregate=yes 

....
Works, maybe anything else you did to trigger the problem? Or list is changing when you are doing the print?
 
User avatar
Ullinator
just joined
Posts: 8
Joined: Tue Jun 08, 2021 12:53 pm
Location: North-West Germany

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 2:03 pm

CapsMan stopped working when I upgraded from 7.5. None of the controlled access points (CAPs) would connect to CapsMan. I downgraded and everything went back to normal. (small setup with 20 access points)
Are your cAPs running ROS 7.6?
Update of CAPsMAN from 7.5 to 7.6 went smooth, even on CAPsMAN itself and on all AP´s (5x) also. (ROS and FW).
From what version did you came from? (AP´s)
 
erlinden
Forum Guru
Forum Guru
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 2:06 pm

/interface bridge
add admin-mac=X:X:X:X:X:X auto-mac=no comment=defconf name=bridge \
protocol-mode=none
What a most creative implementation of firewall rules. You have to do some work on that.
In that mess you will probably find the blocking rule as well.
 
jovaf32128
just joined
Posts: 24
Joined: Sun Apr 26, 2020 9:22 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 2:07 pm

Hap ac3 log: error while running customized default configuration script: no such item

Tried to rename wifi back to wlan1 and wlan2 (also to wifi1 and wifi2) and reboot, nothing changed
 
User avatar
Phaere
just joined
Posts: 23
Joined: Thu Jul 17, 2014 3:01 pm
Location: Kyiv

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 2:34 pm

Waiting for BFD in 2025, ok..
 
User avatar
rumahnetmks
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Mon Dec 21, 2020 10:00 am

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 2:57 pm

RB4011iGS+5HacQ2HnD-IN + hAP-AC3 at two different location 7.5 to 7.6 seems working fine.
RB4011iGS+5HacQ2HnD-IN have simple office network with vlan filtering on. Using regular wireless package all seem fine, no problems with connected device.
hAP-AC3 have simple home network with vlan filtering on. Using wifiwave2 wpa3 enable, all device still connect without any problem.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 4:04 pm

/routing/bgp/advertisements/print now shows a detailed list, where on rc1 it showed only a summary. There was a "show" command that showed the full list.
So now I tried /routing/bgp/advertisements/print count-only to see if it maybe shows a summary only.
It showed:
704
no such item (4)
From now on, /routing/bgp/advertisements/print only shows a single item and then it prints that no such item (4) error.
...
Works, maybe anything else you did to trigger the problem? Or list is changing when you are doing the print?
I did not do much, at first I entered the /routing/bgp/advertisements/print command, which in rc1 (I never installed rc2 or rc3) printed a short listing of my BGP peers and the number of advertisements to each of them.
Now under 7.6 it started to print a list of advertisements (each with peer, dst, details like AS list) in paginated mode, I printed 3 or 4 pages then interrupted it.
Then I did the /routing/bgp/advertisements/print count-only to see what that would do, and from then on the no such item (4) message appeared after a single item. This item is for an iBGP peer. I can no longer scroll back far enough to see what would have been the next item and if there is anything particular about it.

Is the original brief list that only showed the number of advertisements to each peer still somehow accessible?
 
breili
just joined
Posts: 13
Joined: Thu Jan 27, 2011 11:09 am

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 6:13 pm

Looks like sstp-client with mschap2 is broken since 7.4 and with 7.6 the log doesn't seem to contain useful data anymore:
(sorry for the long code snippet showing log messages for 7.3.1, 7.4 and 7.6. BB seemed not to like it as 3 code snippets)
################################################
# 7.3.1 is the last one working
 11:27:55 sstp,ppp,debug uw: LCP open
 11:27:55 sstp,ppp,debug,packet  uw: sent LCP ConfReq id=0x1
 11:27:55 sstp,ppp,debug,packet    <magic 0x20b5cf3b>
 11:27:55 sstp,ppp,debug,packet  uw: rcvd LCP ConfReq id=0x0
 11:27:55 sstp,ppp,debug,packet    <mru 4091>
 11:27:55 sstp,ppp,debug,packet    <magic 0x9f299f49>
 11:27:55 sstp,ppp,debug,packet    <pcomp>
 11:27:55 sstp,ppp,debug,packet    <accomp>
 11:27:55 sstp,ppp,debug,packet    <auth 0xc227>
 11:27:55 sstp,ppp,debug,packet    <callback 0x06>
 11:27:55 sstp,ppp,debug,packet    <mrru 1614>
 11:27:55 sstp,ppp,debug,packet    <ed 0x01 4c 31 e9 33 4b af 41 e6 96 bd 10 1a 2e 91 cc e5 00 00 00 00>
 11:27:55 sstp,ppp,debug,packet  uw: sent LCP ConfRej id=0x0
 11:27:55 sstp,ppp,debug,packet    <pcomp>
 11:27:55 sstp,ppp,debug,packet    <accomp>
 11:27:55 sstp,ppp,debug,packet    <callback 0x06>
 11:27:55 sstp,ppp,debug,packet    <mrru 1614>
 11:27:55 sstp,ppp,debug,packet    <ed 0x01 4c 31 e9 33 4b af 41 e6 96 bd 10 1a 2e 91 cc e5 00 00 00 00>
 11:27:55 sstp,ppp,debug,packet  uw: rcvd LCP ConfAck id=0x1
 11:27:55 sstp,ppp,debug,packet    <magic 0x20b5cf3b>
 11:27:55 sstp,ppp,debug,packet  uw: rcvd LCP ConfReq id=0x1
 11:27:55 sstp,ppp,debug,packet    <mru 4091>
 11:27:55 sstp,ppp,debug,packet    <magic 0x9f299f49>
 11:27:55 sstp,ppp,debug,packet    <auth 0xc227>
 11:27:55 sstp,ppp,debug,packet  uw: sent LCP ConfNak id=0x1
 11:27:55 sstp,ppp,debug,packet    <auth  mschap2>
 11:27:55 sstp,ppp,debug,packet  uw: rcvd LCP ConfReq id=0x2
 11:27:55 sstp,ppp,debug,packet    <mru 4091>
 11:27:55 sstp,ppp,debug,packet    <magic 0x9f299f49>
 11:27:55 sstp,ppp,debug,packet    <auth  mschap2>
 11:27:55 sstp,ppp,debug,packet  uw: sent LCP ConfAck id=0x2
 11:27:55 sstp,ppp,debug,packet    <mru 4091>
 11:27:55 sstp,ppp,debug,packet    <magic 0x9f299f49>
 11:27:55 sstp,ppp,debug,packet    <auth  mschap2>
 11:27:55 sstp,ppp,debug uw: LCP opened

################################################
# 7.4 is the first not working version.
 16:25:31 sstp,ppp,debug uw: LCP lowerup
 16:25:31 sstp,ppp,debug,packet  uw: sent LCP ConfReq id=0x3
 16:25:31 sstp,ppp,debug,packet    <magic 0x3c390d4d>
 16:25:31 sstp,ppp,debug uw: LCP open
 16:25:31 sstp,ppp,debug,packet  uw: rcvd LCP ConfReq id=0x0
 16:25:31 sstp,ppp,debug,packet    <mru 4091>
 16:25:31 sstp,ppp,debug,packet    <magic 0xd275f908>
 16:25:31 sstp,ppp,debug,packet    <pcomp>
 16:25:31 sstp,ppp,debug,packet    <accomp>
 16:25:31 sstp,ppp,debug,packet    <auth 0xc227>
 16:25:31 sstp,ppp,debug,packet    <callback 0x06>
 16:25:31 sstp,ppp,debug,packet    <mrru 1614>
 16:25:31 sstp,ppp,debug,packet    <ed 0x01 4c 31 e9 33 4b af 41 e6 96 bd 10 1a 2e 91 cc e5 00 00 00 00>
 16:25:31 sstp,ppp,debug,packet  uw: sent LCP ConfRej id=0x0
 16:25:31 sstp,ppp,debug,packet    <pcomp>
 16:25:31 sstp,ppp,debug,packet    <accomp>
 16:25:31 sstp,ppp,debug,packet    <auth 0xf0e9>
 16:25:31 sstp,ppp,debug,packet    <callback 0x06>
 16:25:31 sstp,ppp,debug,packet    <mrru 1614>
 16:25:31 sstp,ppp,debug,packet    <ed 0x01 4c 31 e9 33 4b af 41 e6 96 bd 10 1a 2e 91 cc e5 00 00 00 00>
 16:25:31 sstp,ppp,debug,packet  uw: rcvd LCP ConfAck id=0x3
 16:25:31 sstp,ppp,debug,packet    <magic 0x3c390d4d>
 16:25:31 sstp,ppp,debug,packet  uw: rcvd LCP TermReq id=0x1
 16:25:31 sstp,ppp,debug,packet     08F9uD200<CDt00000397
 16:25:31 sstp,ppp,debug,packet  uw: sent LCP TermAck id=0x1
 16:25:31 sstp,ppp,debug uw: LCP lowerdown

################################################
# 7.6 is not working either but debug logs for sstp/ppp have gone sparse too
 16:43:04 sstp,ppp,info uw: initializing...
 16:43:04 sstp,ppp,info uw: initializing...
 16:43:04 sstp,ppp,info uw: connecting...
 16:43:04 sstp,ppp,info uw: connecting...
 16:43:05 sstp,packet uw sending
 16:43:05 sstp,packet SSTP_DUPLEX_POST /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ HTTP/1.1r
 16:43:05 sstp,packet Content-Length: 18446744073709551615r
 16:43:05 sstp,packet Host: ::r
 16:43:05 sstp,packet r
 16:43:05 sstp,packet
 16:43:05 sstp,ppp,debug uw: CCP close
 16:43:05 sstp,ppp,debug uw: BCP close
 16:43:05 sstp,ppp,debug uw: IPCP close
 16:43:05 sstp,ppp,debug uw: IPV6CP close
 16:43:05 sstp,ppp,debug uw: MPLSCP close
 16:43:05 sstp,ppp,info uw: terminating... - closed by remote peer
 16:43:05 sstp,ppp,info uw: terminating... - closed by remote peer
 16:43:05 sstp,ppp,debug uw: LCP lowerdown
 
The client conntects to an windows ras server (I've little control over that one).
Client config is simple:
/interface sstp-client
add authentication=mschap2 connect-to=some.host.net http-proxy=0.0.0.0 name=uw pfs=yes profile=uw tls-version=only-1.2 user="domain\\some.user" \
    verify-server-address-from-certificate=no verify-server-certificate=yes
/ppp profile
add change-tcp-mss=yes name=uw use-encryption=yes use-ipv6=no use-mpls=no use-upnp=no
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 6:56 pm

CCR2116-12G-4S+ now on production
from netinstalled 7.6beta7 on "test",
previously updated via drag&drop npk from 7.6beta7 to 7.6beta8 on "test",
previously updated via drag&drop npk from 7.6beta8 to 7.6rc1 on "pre-production",
updated again via drag&drop npk from 7.6rc1 to 7.6 (stable) on "production"

BGP v4: WORK (AS->not-MikroTik AS multi-peer ebgp)
BGP v6: WORK (AS->not-MikroTik AS single-peer ebgp)

BUG:
1) Dual boot still required for upgrade the RouterBOOT.
2) RouterOS package still called "routeros" instead of "routeros-arm64" (on this model) and this prevent "The Dude" to be able to upgrade the device.
3) The Original User-Manager not exist on RouterOS v7. The surrogate can not even be compared with the Original v6.
 
ilmars
just joined
Posts: 4
Joined: Thu Jun 21, 2018 11:19 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 7:06 pm

After full upgrade to v7.6 no issues with CCR1072, CRS317, CRS326-24S+2Q+, CRS328 this far. BGP works fine.

Yet MLAG (on top of 2 interface bonding) between two CRS317 switches (intialially 7.5) was flapping when only one of the switches was update/upgraded. After second MLAG switch was updated/upgraded to 7.6 MLAG flapping issue went away.
 
nexusds
newbie
Posts: 30
Joined: Fri Aug 16, 2019 6:51 am

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 7:39 pm

Have problems on a CCR2004-16g-2s and sfponu module.
Issue shows after firmware update add next boot, no pon link at sfp.
SFP is visible and hardware info is ok, but no pon link.
So after every firmware update i need get out sfponu and insert it again, only after that pon link is ok. Simple rebooting doesnt solve problem
That same problem was on a rb4011, rb5009. I think some power reset solution for sfp+ port needed.

And onemore, when fasttrack is enabled (action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes ) all wireguard connections works very slow and dropping packets. Tried play with mtu but only disabling fasttrack helps.
Disabling Fasttrack made it worse for my testing. definitely something changed in wireguard as its dropping packets etc. What port are you using for your wireguard?
 
godovic
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Sun Mar 08, 2009 11:52 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 7:48 pm

I have a problem with RB921GS-5HPacD-15S and RBSXTsqG-5acD. The client can "see" mANTbox15s only on 5500 mhz?
I cannot confirm if it is only an 7.6 version issue, because the devices are new, and both devices was upgraded to 7.6 with latest firmware - before setup.
 
User avatar
qatar2022
Member Candidate
Member Candidate
Posts: 141
Joined: Mon Aug 24, 2020 11:12 am

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 7:55 pm

it's very very slow to download update for 11 MT device
 
gstitt
just joined
Posts: 5
Joined: Sat Sep 24, 2016 10:49 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 8:01 pm

*) ospf - fixed checksum calculation;

All routers upgraded to this version now complain with "wrong checksum from <blah>" and OSPF isn't propogating routes.
 
kenyloveg
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Tue Jul 14, 2009 3:25 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 8:03 pm

The ugly premission denied issue seems still exist in 7.6
I'm able to run adguardhome without errors, until I edit AdguardHome.yaml to set upstream_dns_file: disk1/adguardhome/conf/greatfire.txt
Then log report permission denied error.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 8:08 pm

Hap ac3 log: error while running customized default configuration script: no such item

Tried to rename wifi back to wlan1 and wlan2 (also to wifi1 and wifi2) and reboot, nothing changed
I think with the wifiwave2 package installed, it is now to be considered "the normal and accepted behavior".... or else it would have been fixed by now.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 8:12 pm

@mkx
sep/02/2022 16:13:17 system,error,critical error while running customized default configuration script: bad command name wireless (line 985 column 25)
sep/02/2022 16:13:17 system,error,critical
When the "get-custom-defconf" is interrupted for some reason, the "flag" get-custom-defconf runned successfully is not set, and everytime at reboot it try to run the script,
is why everytime, for every reboot, you get that error.
(The error is on the file "get-custom-defconf" on system package, not on wifiwave2 package)


MikroTik Staff, please, deliver to who manage the get-custom-defconf file this message:

   # wait wlan3 it takes 7sec slower to load than wlan1/2 on Audience
    $addCL ("  :local count 0;")
    $addCL ("  :while ([/interface wireless find default-name=\"wlan3\"] = \"\") do={ ")
    $addCL ("    :if (\$count = 15) do={")
    $addCL ("      :log warning \"DefConf: Unable to find wlan3 interface\";")
    $addCL ("      /quit")
    $addCL ("    }")
    $addCL ("    :delay 1s; :set count (\$count +1);")
    $addCL ("  };")

    # TODO: set band and ext, probably use setWlan function
    $addCL ("  /interface wireless {")
    $addCL ("    :local wl3 [find default-name=\"wlan3\"]")
    $addCL ("    :local wlanMac  [get \$wl3 mac-address];")
    $addCL ("    :set ssid \"SYNC-\$[:pick \$wlanMac 9 11]\$[:pick \$wlanMac 12 14]\$[:pick \$wlanMac 15 17]\"")
    $addCL ("    set \$wl3 disabled=no mode=ap-bridge band=5ghz-a/n/ac ssid=\$ssid security-profile=wpsSync wps-mode=push-button")
    # set channnel width 20/40/80mhz-XXXX (russia 20/40mhz-XX)


<<< LINE 983 >>>    # wait wlan3 it takes 7sec slower to load than wlan1/2 on Audience
    :local count 0;
<<< @mkx LINE 985 >>>    :while ([/interface wireless find default-name="wlan3"] = "") do={
      :if ($count = 30) do={
        :log warning "DefConf: Unable to find wlan3 interface";
        /quit
      }
      :delay 1s; :set count ($count +1);
    };

<<< LINE 993 >>>    :local hwInfo [/interface wireless info hw-info [.. find where default-name="wlan3"] as-value];
      $addDL ("#|     channel-width: 20/40mhz-XX;")
<<< LINE 995 >>>      $addCL ("    set \$wl3 channel-width=20/40mhz-XX")
    $addCL ("  };")
}
Accidentally the already converted block was not deleted, old code and unused chunks were left from line 983 to line 995.
[Also on line 993 is present a useless local variable (never used anywhere) that give error, becase call directly /int wireless for set his value]

Simply deleting the lines from 983 to 995 solve the problem.

Thanks.
 
User avatar
NetHorror
just joined
Posts: 21
Joined: Fri Dec 06, 2013 8:12 am

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 8:19 pm

*) ospf - fixed checksum calculation;

All routers upgraded to this version now complain with "wrong checksum from <blah>" and OSPF isn't propogating routes.
+1

has the same issue on hap ac3 and 951G-2HnD
 
holvoetn
Forum Guru
Forum Guru
Posts: 5320
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 10:04 pm

@rextended
Shoot a mail to support pointing to your post. Maybe it gets more attention that way.
 
User avatar
irrwitzer
just joined
Posts: 23
Joined: Mon Apr 11, 2022 11:54 pm

Re: v7.6 [stable] is released!

Wed Oct 19, 2022 11:27 pm

I think I've got a bug with /routing/bgp/advertisements/print with IPv6 sessions:
 > /routing/bgp/advertisements/print detail where peer=bgp-22-2-1
 0 peer=bgp-22-2-1 dst=2001:c76:a00:300::/56 local-pref=100 nexthop=10c:760a::2200 origin=0
The next-hop value ist just bullshit. Fortunately it's just a display bug, because the routes are advertised with the correct next-hop:
> ipv6/route/print where dst-address=2001:c76:a00:300::/56
Flags: D - DYNAMIC; A - ACTIVE; b, y - COPY
Columns: DST-ADDRESS, GATEWAY, DISTANCE
    DST-ADDRESS            GATEWAY           DISTANCE
DAb 2001:c76:a00:300::/56  2001:c76:a00::22       200
BR,
Johannes
 
nexusds
newbie
Posts: 30
Joined: Fri Aug 16, 2019 6:51 am

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 1:22 am

Have problems on a CCR2004-16g-2s and sfponu module.
Issue shows after firmware update add next boot, no pon link at sfp.
SFP is visible and hardware info is ok, but no pon link.
So after every firmware update i need get out sfponu and insert it again, only after that pon link is ok. Simple rebooting doesnt solve problem
That same problem was on a rb4011, rb5009. I think some power reset solution for sfp+ port needed.

And onemore, when fasttrack is enabled (action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes ) all wireguard connections works very slow and dropping packets. Tried play with mtu but only disabling fasttrack helps.
Disabling Fasttrack made it worse for my testing. definitely something changed in wireguard as its dropping packets etc. What port are you using for your wireguard?
My issue in the end was an in-path CR354-48G-4S+2Q+ causing issues with Bonding of interfaces to another switch as well as packets dropping around 20% inside the switch. Rebooting it didnt help, but backing this switch down to 7.5 solved the issue.
 
WildWest
just joined
Posts: 16
Joined: Sat Feb 23, 2019 12:02 am

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 1:35 am

Can somebody explain how to do that?
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
 
User avatar
pothi
newbie
Posts: 46
Joined: Fri Sep 14, 2018 7:48 pm
Location: Srivilliputhur, Tamil Nadu, India
Contact:

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 4:35 am

Updated hAP AC2 from 7.5 to 7.6. No issues so far.
 
gotsprings
Forum Guru
Forum Guru
Posts: 2087
Joined: Mon May 14, 2012 9:30 pm

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 5:37 am

Updated Audience from 7.5 to 7.6. was already using wave 2 driver.

Seems channels can no longer be B/G/N. Also it didn't like whatever I had left the key exchange time out as, and zeroed it.

Gave it the benefit of the doubt and netinstalled 7.6 with WAVE2 and Zerotier.

Still get a red error in log after booting.

Rebuilt bridge, ports, dhcp-client, then rebuilt WiFi. Redid all the wifi settings and set channels, SSID and password with WPA2.

And yes I have more problems keeping clients connected...

Turning the radios back off again.
 
pexeforadagua
just joined
Posts: 2
Joined: Fri May 25, 2018 4:00 am
Location: Brazil
Contact:

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 8:10 am

ospf simple auth error "route,ospf,info Discarding packet: wrong chekcsum" between 6.49.7 and 7.6
7.5 and 6.x works well
It gave the same error here (all were previously in version 7.5), when updating to 7.6, OSPF stopped working with the checksum error, I tried to remove and reconfigure and it still didn't solve it, the way was to go back to version 7.5 , done everything went back to normal!
 
kenyloveg
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Tue Jul 14, 2009 3:25 pm

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 8:43 am

The ugly premission denied issue seems still exist in 7.6
I'm able to run adguardhome without errors, until I edit AdguardHome.yaml to set upstream_dns_file: disk1/adguardhome/conf/greatfire.txt
Then log report permission denied error.
No more issues by uploading file through sftp, instead of ftp.
 
thedix
just joined
Posts: 9
Joined: Sun Apr 26, 2015 12:35 pm

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 8:54 am

After upgrading hEX S from 7.5 to 7.6 I see IPSec errors when connecting from client to server (connection is established successfully):
Oct/20/2022 12:42:07   ipsec, error    unable to get certificate CRL(3) at depth:0 cert:CN=...
Oct/20/2022 12:42:07   ipsec, error    unable to get certificate CRL(3) at depth:1 cert:C=...
All the CRLs are accessible and visible at Certificates/CRL.
7.5 works fine without errors.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 9:10 am

I noticed that in active-peers menu the id is now prefixed with "CN=" and I had to adopt that change in some scripts.
Possibly this causes more issues with specific configurations? Do you have key IDs in your configuration?
Last edited by eworm on Thu Oct 20, 2022 10:18 am, edited 1 time in total.
 
draid
Member Candidate
Member Candidate
Posts: 106
Joined: Wed Aug 22, 2018 5:42 pm

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 10:14 am

Hex S SFP info is still unavaliable. All boxes are empty. Does anyone still have this problem?
 
giulianoz
newbie
Posts: 27
Joined: Sat Apr 08, 2017 6:44 pm

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 12:18 pm

Ac3 from 7.6rc2 to 7.6 updated successfully
Packages installed
Wifiwave2
Container
ZeroTier
 
HasanAlawlaki
just joined
Posts: 6
Joined: Wed Sep 06, 2017 1:18 pm

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 1:51 pm

Session time left
Still not shown on hotspot active?
Any solution?
 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 2:20 pm

CCR1036-8G-2S+
log says: "snmp, warning timeout while waiting for program 48"
=> All CAPs lost connection, echo timeout
 
johnson73
Member Candidate
Member Candidate
Posts: 172
Joined: Wed Feb 05, 2020 10:07 am

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 3:07 pm

Updated hAP AC3 from 7.5 to 7.6. So far there are no problems.
 
StepBee
just joined
Posts: 10
Joined: Wed Oct 19, 2022 8:44 pm

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 3:20 pm

I think I've got a bug with /routing/bgp/advertisements/print with IPv6 sessions:
 > /routing/bgp/advertisements/print detail where peer=bgp-22-2-1
 0 peer=bgp-22-2-1 dst=2001:c76:a00:300::/56 local-pref=100 nexthop=10c:760a::2200 origin=0
The next-hop value ist just bullshit. Fortunately it's just a display bug, because the routes are advertised with the correct next-hop:
> ipv6/route/print where dst-address=2001:c76:a00:300::/56
Flags: D - DYNAMIC; A - ACTIVE; b, y - COPY
Columns: DST-ADDRESS, GATEWAY, DISTANCE
    DST-ADDRESS            GATEWAY           DISTANCE
DAb 2001:c76:a00:300::/56  2001:c76:a00::22       200
BR,
Johannes
+1 - in my case the characters of the IPv6 address are shifted and ::<less than 4 characters> is resolved wrong for example ::15 is resolved to :1500 instead of :0015
But indeed, luckily its only a display bug
 
stanelie
newbie
Posts: 30
Joined: Sun Jun 03, 2012 9:32 pm

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 4:31 pm

CapsMan stopped working when I upgraded from 7.5. None of the controlled access points (CAPs) would connect to CapsMan. I downgraded and everything went back to normal. (small setup with 20 access points)
Are your cAPs running ROS 7.6?
Not yet. To be able to update them to 7.6 from capsman, you need to upgrade the capsman server first. But it's a catch 22, since the access points lose connectivity as soon as I upgrade the capsman server.
 
stanelie
newbie
Posts: 30
Joined: Sun Jun 03, 2012 9:32 pm

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 4:32 pm



Are your cAPs running ROS 7.6?
Update of CAPsMAN from 7.5 to 7.6 went smooth, even on CAPsMAN itself and on all AP´s (5x) also. (ROS and FW).
From what version did you came from? (AP´s)
The access points are on 7.5.
 
gotsprings
Forum Guru
Forum Guru
Posts: 2087
Joined: Mon May 14, 2012 9:30 pm

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 9:56 pm

Log into the caps and update them directly.
 
k0n24d
just joined
Posts: 1
Joined: Sun Oct 02, 2022 8:32 pm

Re: v7.6 [stable] is released!

Thu Oct 20, 2022 10:52 pm

*) firewall - fixed usage of "netmap" action for IPv6 source NAT;

Not sure what this means. From what I see source nat using netmap doesn't seem to work correctly.

I have a srcnat rule to netmap from fdyy:yyyy:yyyy:yyyy::/64 to 2a01:xxxx:xxxx:xxxx::/64.
But every single outgoing connection has an ipv6 source address set to 2a01:xxxx:xxxx:xxxx::
 
gotsprings
Forum Guru
Forum Guru
Posts: 2087
Joined: Mon May 14, 2012 9:30 pm

Re: v7.6 [stable] is released!

Fri Oct 21, 2022 12:33 am



Are your cAPs running ROS 7.6?
Not yet. To be able to update them to 7.6 from capsman, you need to upgrade the capsman server first. But it's a catch 22, since the access points lose connectivity as soon as I upgrade the capsman server.
I just did a new install.

Updated the router to 7.6 out of the box. Loaded my caps-man template.
Set the caps to caps mode.
They all connected and requested an update.

Had to log into each to set passwords and update firmware.

MTU value kept setting itself to zero.

And now log doesn't show clients connecting and disconnecting.

Ohh joy.
 
Safic
just joined
Posts: 4
Joined: Sun Jun 19, 2016 10:26 am

Re: v7.6 [stable] is released!

Fri Oct 21, 2022 9:39 am


Update of CAPsMAN from 7.5 to 7.6 went smooth, even on CAPsMAN itself and on all AP´s (5x) also. (ROS and FW).
From what version did you came from? (AP´s)
The access points are on 7.5.
Yesterday I've updated from 7.5 to 7.6 ccr1016 with capsman, crs328, some capAC2 and wAPac. All fine! cAPs get update before capsman router.
Last edited by Safic on Fri Oct 21, 2022 12:48 pm, edited 1 time in total.
 
mabels
newbie
Posts: 26
Joined: Sun Feb 24, 2013 11:47 pm

Re: v7.6 [stable] is released!

Fri Oct 21, 2022 11:31 am

I just updated from 7.5 to 7.6 on CRS326-24G-2S+RM and now it's a brick.
I did not try to debug into it --- i just want to let know this.
I tried now the factory-reset procedure and the device shows no reaction --- only the blue power led is flashing -- not link on ether1 to netinstall ....

Thx

Meno
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.6 [stable] is released!

Fri Oct 21, 2022 11:41 am

There is a difference between the factory-reset procedure and the netinstall procedure. You need to follow them (the orchestration of pressing/releasing the reset button and the application of power) very closely, or else you get the wrong thing or nothing at all.
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 277
Joined: Mon Mar 15, 2021 9:10 pm

Re: v7.6 [stable] is released!

Fri Oct 21, 2022 12:47 pm

i have much higher success rate of doing netinstall in linux rather than windows 10 or 11, even though i have only 1 interface enable on this environment, if you see in the commandline sendfile you can safely release the button and rest assured netinstall will do its thing from formatting the device send the actual firmware and rebooting the device
 
holvoetn
Forum Guru
Forum Guru
Posts: 5320
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.6 [stable] is released!

Fri Oct 21, 2022 1:17 pm

Same here.
I keep on old Dell laptop especially for that purpose (2008 and no battery).
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Fri Oct 21, 2022 2:19 pm

I just updated from 7.5 to 7.6 on CRS326-24G-2S+RM and now it's a brick.
I haved the same problem some weeks ago, but is not RouterOS the problem: after reboot do not start.
Check the capacitor on power adapter, try to replace it with another new...
(any between 12V/24V is good, but must be 1A at least)
 
User avatar
Panbambaryla
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Sat Jun 08, 2019 12:12 pm

Re: v7.6 [stable] is released!

Fri Oct 21, 2022 2:37 pm

Same here.
I keep on old Dell laptop especially for that purpose (2008 and no battery).
Doesn't make sense, IMHO, as it works perfectly well under Ubuntu as virtual machine (Hyper-V) in Windows 10/11.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Fri Oct 21, 2022 2:39 pm

CCR2116-12G-4S+ now on production
[…]
BGP v4: WORK (AS->not-MikroTik AS multi-peer ebgp)
BGP v6: WORK (AS->not-MikroTik AS single-peer ebgp)
[…]
Still true after 2 days...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Fri Oct 21, 2022 2:41 pm

Till now, I never have a single problem with netinstall on old / new computers, if the OS is correctly configured, and netinstall correctly configured and used.
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Tue Feb 20, 2018 12:31 am

Re: v7.6 [stable] is released!

Fri Oct 21, 2022 4:57 pm



winbox 3.37 windows
If I run Winbox from local, it works, if I perform winbox from wireguard tunnel, it blocks and does not enter.
news this problem?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5320
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.6 [stable] is released!

Fri Oct 21, 2022 5:05 pm

news this problem?
Most likely this is your problem
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
Your wireguard interface is not part of the LAN list.
So it gets dropped.

Either add wireguard to LAN.
Or add a rule before this one allowing wireguard on input.
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Tue Feb 20, 2018 12:31 am

Re: v7.6 [stable] is released!

Fri Oct 21, 2022 7:21 pm

moderator nite: no need to quote whole preceding post. Just use "Post Reply" button.
The Wireguard interface is on the LAN list
 
chiem
newbie
Posts: 41
Joined: Fri Oct 24, 2014 4:48 pm

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 12:43 am

How about some documentation on how the /ip/dns/static address-list field is supposed to be used?
 
mafiosa
Member Candidate
Member Candidate
Posts: 266
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 10:58 am

Till now, I never have a single problem with netinstall on old / new computers, if the OS is correctly configured, and netinstall correctly configured and used.
Offtopic: Good to see your powers clipped. Simping for mikrotik and telling that all bugs or missing features are user's fault doesn't help in the long run. One of the worst moderator on a technical forum.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 12:06 pm

Obviously I can't refer to the linux version, which I don't use.
Sorry to disappoint you, but whatever you write, it doesn't change the facts, after 15 years and dozens of PCs,
if netinstall doesn't work, it's definitely the fault of how the user tries to use it, or Windows settings.
Netinstall cannot solve Windows problems and MikroTik staff can not solve them for Microsoft.
 
User avatar
Panbambaryla
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Sat Jun 08, 2019 12:12 pm

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 12:30 pm

moderator nite: no need to quote whole preceding post. Just use "Post Reply" button.
That's simply not true... MT is using some uncommon functions which makes it almost impossible to use it right form the start in Windows. Don't you think if it was a good product there would be no complains? There are many different for example TFTP implementations which simply work without any extra work required, the same should apply to this product. We are here with some extra IT knowledge then average user and almost everybody here knows how to handle Windows. The problem is the app itself which should be redesigned according to nowadays systems specification and probably written from scratch.

To moderator: during my message composition time another post can appear, so quoting the one I am responding to, is the best, direct approach to keep things tight. The forum should eventually cut the quotations to a few first sentences if not implemented yet.
Also, if quoting is allowed in the editor it's up to me to use it or not. I don't want anybody edit my post if I decided how I wanted it to look like!
Last edited by Panbambaryla on Sat Oct 22, 2022 7:50 pm, edited 3 times in total.
 
gotsprings
Forum Guru
Forum Guru
Posts: 2087
Joined: Mon May 14, 2012 9:30 pm

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 12:45 pm

I can get netinstall to work on windows, as soon as I take down every single firewall program, and make sure my network is set as private.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 12:56 pm

@Panbambaryla:
L2 protocol used for MAC level access to device is really uncommon feature not available for other brands.
It's a HUGE adventage when it comes to configuration errors and lets you to go back from "point of no return" but ...
L2 protocols are not so simple to manage as setting IP for particular interface. Even then you have to deal with proper priorities of gateways to let the traffic go lo proper interface. World is not so simple.

Not blaming Microsoft and beeing "advocatus diaboli" of MT or vice-versa if you wish but you have consider that some nonstandard solutions are not as obvious to use as simple straight console connection.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 1:02 pm

I second the opinion that it is definitely possible to make netinstall less fragile. There are quite a few apps around which utilize (win)pcap library to do the low-level data transfers (e.g. binding to a particular network interface) ... which seems to be one of bigger problems of windows executable.
The question, which remains to be answered, is whether MT will dedicate some developers' time to improve things in due time (yeah, it's not a bug report, it's a feature/improvement request).
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 1:05 pm

Yes it also needs an interface select widget, and that would be part of such an improvement as well. The program fails to work on systems with more network interfaces, even on Linux.
As the protocol isn't documented anyway, it may also be best to just overhaul it completely and change to a simple TCP connection that does everything. That should solve the firewall issues too.
Last edited by pe1chl on Sat Oct 22, 2022 1:06 pm, edited 1 time in total.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 1:06 pm

Check the capacitor on power adapter, try to replace it with another new...(any between 12V/24V is good, but must be 1A at least)
Capacitor or fuse as 1A requirement for capacitors makes no sense.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 1:27 pm

Is for another power adapter, not for anotehr capacitor for replace the damaged on power adapter...
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 1:29 pm

As the protocol isn't documented anyway, it may also be best to just overhaul it completely and change to a simple TCP connection that does everything. That should solve the firewall issues too.
"Simple" TCP might not be so simple ... I guess the tricky part of netinstall binary is that it includes BOOTP/DHCP server and TFTP server, additionally device opens sort of control connection (could be it's actually a service which gets started after device boots from image received from netinstall server via TFTP) which allows netinstall binary to push actual npk files and default configuration ... none of which is possible using simple TFTP. Surely netinstall could relly on other (standard) servers to provide these services, but that would mean multiple servers (by multiple vendors) with appropriate config. I guess that would proove a nightmare for every Mikrotik user but hard-core network admins. I guess the tricky part is to bind BOOTP/DHCP and TFTP services to correct interface, at least BOOTP/DHCP service has to listen to "raw" IP/UDP network interface to catch those broadcasts from client. Even standard ISC DHCP server on linux used to bind to raw network device to deal with requests reliably (I'm not sure about recent versions though).
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 3:51 pm

That is what I mean: do not use BOOTP, TFTP etc but just run a TCP service on some port where a client can make a TCP connection and do all the things it needs to do (upload the image, the parameters, etc). it could be port 80 or 443, even. The netinstall could likely be done from a browser extension or javascript app.
That way there will be no firewall issues on the client. The IP of the router can be fixed. Of course then there still is the inconvenient issue that you need to set a fixed IP on the computer, but with the current netinstall you need to do that anyway.
I guess the reason for not doing it this way in the pat was to keep the ROM code as small as possible, and a "simple" UDP BOOTP and TFTP client would be smaller than a TCP implementation, but I guess with todays devices that issue is not that important anymore.
 
DL7JP
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Sat Oct 19, 2013 4:14 pm

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 4:26 pm

RB1100AH, CRS125-24G, hAP ac, hAP ac^2, CCR2004-16G: Upgraded, no problems noticed.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 5:42 pm

That is what I mean: do not use BOOTP, TFTP etc but just run a TCP service ...

To do that, device (client) has to do full IP self-setup anyway ... which means DHCP server somewhere. And for simple bootstrap client currently re-uses standard protocols (BOOTP and TFTP). According to your idea this part would be part of routerboot (making it more complex and prone to bugs preventing device from being unbricked). The rest of process (uploading packages and config) is probably (I didn't wireshark that part) already over IP and only fails occasionally (the part where upload "finishes" in microseconds, but device doesn't do anything).

I still think it's a good idea to have bare minimum routerboot and have everything else neatly packed in single executable so the netinstall can be performed with direct connection between device and management computer, without any additional 3rd party services. The whole thing only has to become less fragile and it seems the fragility is in the windows executable (since linux executable seems to perform much better with same routerboot in devices).
 
User avatar
Panbambaryla
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Sat Jun 08, 2019 12:12 pm

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 7:36 pm

@Panbambaryla:
L2 protocol... [...]
I don't understand what you wanted to explain. If L2 would be enough for Netinstall to work defining IP addresses would be unnecessary.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 7:51 pm

To moderator: during my message composition time another post can appear, so quoting the one I am responding to, is the best, direct approach to keep things tight. The forum should eventually cut the quotations to a few first sentences if not implemented yet.
You can see after you have posted if a new message in the mean time has entered between your latest post and replied post(not a problem on this small forum). Then you can edit your post and quote whats needed. Another stuff happens when you quote a post, an email are sent to the user.
Continue discuss quoting here: viewtopic.php?t=168474

This thread is a about 7.6. Make a new thread about Netinstall. I never have needed to do it. One reason is that I never upgrade the first day after new releases, so avoid mayor flaws.
 
Omar007
just joined
Posts: 9
Joined: Fri Oct 26, 2018 11:50 pm

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 7:55 pm

*) firewall - fixed usage of "netmap" action for IPv6 source NAT;

Not sure what this means. From what I see source nat using netmap doesn't seem to work correctly.

I have a srcnat rule to netmap from fdyy:yyyy:yyyy:yyyy::/64 to 2a01:xxxx:xxxx:xxxx::/64.
But every single outgoing connection has an ipv6 source address set to 2a01:xxxx:xxxx:xxxx::
Same here but with a /48 on both sides. It looks like IPv6 NETMAP is still broken, no matter which direction you go in (prerouting/dstnat or postrouting/srcnat).
Last edited by Omar007 on Sat Oct 22, 2022 8:11 pm, edited 1 time in total.
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 8:02 pm

Sooo, back to 7.6.

I have three CCR2116's, two of which do full BGP tables to three providers (filtered to a single AS away) and feed the combination into a third 2116 that then feeds our CGNAT core. The 2116's were all running 7.4.1 with L3HW offload and BGP overlaid on OSPF between them, and working fine. The two border routers have a 10Gbps fiber connection to each other and the one in the middle is connected to the other two via low-latency (<1ms) E-band radios. We see roughly 500-700Mbps per provider, for a combination of 1-2Gbps throughout most of the day and evening.

After testing 7.6 on a few smaller routers, I loaded it onto these three. For the bulk of the day, things seemed to be just fine with the exact same config. But later in the day customers started complaining of random disconnects and slow bandwidth. Further investigation showed OSPF resets in the logs, particularly between the middle one and one of the borders. Monitoring the live graphs of both routers and radios showed traffic stopping for a second or two. One at a time, I backed off the routers to 7.4.1 (hoorah for partitions and exceedingly fast boot time of the 2116's!). From what I could tell, as long as L3HW offload was off on the router(s) that had 7.6, OSPF stopped bouncing.

Now they're all backed off to 7.4.1, L3HW offload is re-enabled, and I've had no OSPF resets or traffic drops. Unfortunately I wasn't in a position to grab support files, but perhaps this scenario can be rebuilt in a lab, or other providers who see this will benefit and perhaps share anything else they've learned.
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.6 [stable] is released!

Sat Oct 22, 2022 11:14 pm

On the upside,

I am running 7.6 on the home/office CCR2116. I put in a 500GB NVME disk and loaded up piHole to start. Pretty slick. Containers have come a long way since 7.1.

With 1TB-4TB SSD's at a reasonable price, I'm thinking some owncloud, FreePBX/Asterisk, etc. and you've got a sweet box for managed services. Also excited to see what I can do with my cluster of RB5009's and CCR2004-16G-2S+ and their USB3 ports.
 
User avatar
drasir
just joined
Posts: 24
Joined: Sat Sep 11, 2021 4:48 pm

Re: v7.6 [stable] is released!

Sun Oct 23, 2022 12:59 am

ros76_partition.jpg
So this isn't right? Rb5009UPr
Part1 now broken after i canceled this process.. Anything known?
You do not have the required permissions to view the files attached to this post.
 
User avatar
malobert
just joined
Posts: 5
Joined: Mon Feb 14, 2022 2:30 pm
Location: Westland, the Netherlands

Re: v7.6 [stable] is released!

Sun Oct 23, 2022 12:40 pm

ros76_partition.jpg

So this isn't right? Rb5009UPr
Part1 now broken after i canceled this process.. Anything known?
Search in this thread for partition for the solution, you are not the only one. I had this after the upgrade. Delete your veth interface and everything works well after that.
 
User avatar
drasir
just joined
Posts: 24
Joined: Sat Sep 11, 2021 4:48 pm

Re: v7.6 [stable] is released!

Sun Oct 23, 2022 7:17 pm

ros76_partition.jpg

So this isn't right? Rb5009UPr
Part1 now broken after i canceled this process.. Anything known?
Search in this thread for partition for the solution, you are not the only one. I had this after the upgrade. Delete your veth interface and everything works well after that.
That's what i did beforehand.. Funny enough "partitioN" does not return results.. searching for "veth" however did!

Thanks, that did it!
 
miasharmse84
just joined
Posts: 23
Joined: Fri Sep 02, 2022 6:19 pm
Location: South Africa

Re: v7.6 [stable] is released!

Mon Oct 24, 2022 11:57 am

CCR2116-12G-4S+ now on production
from netinstalled 7.6beta7 on "test",
previously updated via drag&drop npk from 7.6beta7 to 7.6beta8 on "test",
previously updated via drag&drop npk from 7.6beta8 to 7.6rc1 on "pre-production",
updated again via drag&drop npk from 7.6rc1 to 7.6 (stable) on "production"

BGP v4: WORK (AS->not-MikroTik AS multi-peer ebgp)
BGP v6: WORK (AS->not-MikroTik AS single-peer ebgp)

BUG:
1) Dual boot still required for upgrade the RouterBOOT.
2) RouterOS package still called "routeros" instead of "routeros-arm64" (on this model) and this prevent "The Dude" to be able to upgrade the device.
3) The Original User-Manager not exist on RouterOS v7. The surrogate can not even be compared with the Original v6.
Sounds positive,
How many routes are you receiving from BGP peers?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Mon Oct 24, 2022 12:07 pm

Only the default routes from all 3 peers, they are the same provider, the second IPv4 is for failover.
As long as you have no special routing needs or have multiple providers, etc., it is useless to have any full route table.
 
miasharmse84
just joined
Posts: 23
Joined: Fri Sep 02, 2022 6:19 pm
Location: South Africa

Re: v7.6 [stable] is released!

Mon Oct 24, 2022 12:13 pm

Thx @rextended.
I would be interested to know if anyone is running 7.6 in production with full internet routing table or at least receiving more than 500k routes from peers.
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.6 [stable] is released!

Mon Oct 24, 2022 2:25 pm

/routing/bgp/advertisements/print now shows a detailed list, where on rc1 it showed only a summary. There was a "show" command that showed the full list.
So now I tried /routing/bgp/advertisements/print count-only to see if it maybe shows a summary only.
It showed:
704
no such item (4)
From now on, /routing/bgp/advertisements/print only shows a single item and then it prints that no such item (4) error.
It's the same for me.
hEX, upgraded from a netinstalled 7.4.1 to 7.6
> /routing/bgp/advertisements/print count-only 
4366
no such item (4)
Everything else looks like it's working for me. Wireguard, IPSEC, GRE tunnels, SSH, BGP...
 
User avatar
armandfumal
Member Candidate
Member Candidate
Posts: 158
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: v7.6 [stable] is released!

Mon Oct 24, 2022 2:52 pm

Only the default routes from all 3 peers, they are the same provider, the second IPv4 is for failover.
As long as you have no special routing needs or have multiple providers, etc., it is useless to have any full route table.
Thx @rextended.
I would be interested to know if anyone is running 7.6 in production with full internet routing table or at least receiving more than 500k routes from peers.
I'm using it with 2 BGP full tables, around 1.900.000 prefixes in table...
 
miasharmse84
just joined
Posts: 23
Joined: Fri Sep 02, 2022 6:19 pm
Location: South Africa

Re: v7.6 [stable] is released!

Mon Oct 24, 2022 3:00 pm

Thanks for the reply. Can you comment on the stability?
- How long does it take to build the routing table if the router reboots or if the eBGP peer is disconnected?
- Do you have any concerns or is running stable?
- Would you recommend for ISP production environment?

Many thx.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Mon Oct 24, 2022 4:49 pm

On my test for make working v7 like v6 I dump all both full tables (not the IPv6 table) (I do not remember total number of records) on less than 3 min for sure.
I do not remember exact time.
 
MEDO11
just joined
Posts: 5
Joined: Wed Feb 23, 2022 10:49 am

Re: v7.6 [stable] is released!

Mon Oct 24, 2022 8:53 pm

Hap ac3 with ww2 succesfully updated from 7.5 stable thru system->packages. Routerboard updated without issues too.
 
User avatar
armandfumal
Member Candidate
Member Candidate
Posts: 158
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: v7.6 [stable] is released!

Mon Oct 24, 2022 10:08 pm

Thanks for the reply. Can you comment on the stability?
- How long does it take to build the routing table if the router reboots or if the eBGP peer is disconnected?
- Do you have any concerns or is running stable?
- Would you recommend for ISP production environment?

Many thx.
It is stable, I have 2 CCR2216 with 2 BGP full table each, it works as edge routers, I can reboot each without impact of the backbone. iBgp is instant running, eBgp is about 3 mins to be 100%...all is IPV4 and IPV6...
Know issues: prefix counters still not works, don't check advertised prefix without filter data(all lists) it take 100% CPU and memory leaks when build the list...
At overall it is running BGP as edge without issues, stable connection...
Last edited by armandfumal on Tue Oct 25, 2022 1:44 am, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Mon Oct 24, 2022 10:15 pm

Are the CCR2116-12G-4S+ model?
Very powerful
 
User avatar
jbl42
Member Candidate
Member Candidate
Posts: 214
Joined: Sun Jun 21, 2020 12:58 pm

Re: v7.6 [stable] is released!

Mon Oct 24, 2022 10:40 pm

Installed 7.6 without issues on several RB4011(no WiFi) and R5009. Basic setups (NAT, VLAN filtered bridge, some simple queues, basic firewalling, DHCP client/server), all working fine so far.

Different on CCR2216:
BPG/OSPF with large (300'000+) tables and L3HW enabled is unstable and peer connections flap with OSPF resets in the log.
For us, this issues started with 7.5 and did not improve with 7.6.
The OSPF CRC "fix" causes packet drops with ("%OSPF-4-ERRRCV: Received invalid packet: Bad Checksum")

Had to go back to 7.4.1 to get things stable.
 
nannou9
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Tue Nov 10, 2020 9:56 pm

Re: v7.6 [stable] is released!

Tue Oct 25, 2022 2:06 am

Cloud backup stopped working for me on all 7.6 devices( rb4011, crs305, audience)
Says error from apis.
Was working on 7.5.
 
miasharmse84
just joined
Posts: 23
Joined: Fri Sep 02, 2022 6:19 pm
Location: South Africa

Re: v7.6 [stable] is released!

Tue Oct 25, 2022 9:23 am

Thx @rextended @armandfumal

We are planning an upgrade from 7.5 to 7.6 later this week on our BGP router, CCR2116. We are currently receiving around 130 000 routes from one eBGP peer, however when trying to add a second eBGP peer which would send us an estimated additional 160 000 routes we see the following error messages in the log "Write to bgp failed (32) { #buf=1 max=64 sk=Socket{ 5[0] } }"

This causes my entire routing table to stop working and routes to working BGP peers have to rebuild as well.
I am hoping 7.6 will fix this issue for us.

I will revert with some feedback.
 
User avatar
armandfumal
Member Candidate
Member Candidate
Posts: 158
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: v7.6 [stable] is released!

Tue Oct 25, 2022 10:16 am

@miasharmse84

I had the same issue with 7.5, corrected since 7.6 beta8....
Last edited by armandfumal on Tue Oct 25, 2022 6:40 pm, edited 1 time in total.
 
alexspils
Member Candidate
Member Candidate
Posts: 180
Joined: Thu Jun 05, 2008 8:57 pm

Re: v7.6 [stable] is released!

Tue Oct 25, 2022 1:35 pm

updated hex from 7.2 to 7.6 but version remains the same
You do not have the required permissions to view the files attached to this post.
 
juniorespow
just joined
Posts: 2
Joined: Thu Feb 24, 2022 10:06 pm

Re: v7.6 [stable] is released!

Tue Oct 25, 2022 2:20 pm

Like 7.6rc2 and 7.6.rc3 this 7.6 release has the same issue for us.

CCR2216, 2 bgp links full table, around 1.900.000 prefixes in routing table.

issue with cli command : /routing/bgp/advertisements/

when using /routing/bgp/advertisements/print with where command to filter a peer, that working with no issue.

but
when using just /routing/bgp/advertisements/print, causing 100% cpu at routing & management process and memory is falling down rapidly. after lost 9Gb RAM we device to force reboot...

nobody has this issue ?

regards
I have the same problem
 
hecatae
Member Candidate
Member Candidate
Posts: 244
Joined: Thu May 21, 2020 2:34 pm

Re: v7.6 [stable] is released!

Tue Oct 25, 2022 4:58 pm

updated hex from 7.2 to 7.6 but version remains the same
Hi,

You've updated RouterOS but not Routerboard, please follow https://www.youtube.com/watch?v=WPW3mHlEzn4
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Tue Oct 25, 2022 5:24 pm

Hi,

You've updated RouterOS but not Routerboard, please follow https://www.youtube.com/watch?v=WPW3mHlEzn4
Hi,

You've posted on the forum without understanding the post you mention, please view download/file.php?id=56334
 
kenyloveg
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Tue Jul 14, 2009 3:25 pm

Re: v7.6 [stable] is released!

Tue Oct 25, 2022 5:36 pm

My scripts in /ppp/profile is randomly not working anymore after upgraded to 7.6
:global new
:global old
:global status
    :set status [/interface get [/interface find  name=("pppoe-out1")] running]
    :if ($status=true) do={
     :set new [/ip address get [/ip address find dynamic=yes interface=("pppoe-out1")] address]
     :set new [:pick $new 0 ([:len $new] -3)]
     :set old [/ip firewall nat get [find comment=("src-nat")] to-addresses]
      :if  (!($new=$old)) do={
      /ip firewall nat set [/ip firewall nat find comment=("src-nat")] to-addresses=$new
       }}
By enable, disable interface pppoe-out1, to address=xx.xx.xx.xx sometimes don't change, sometimes do.
/ip firewall nat
add action=src-nat chain=srcnat comment=src-nat ipsec-policy=out,none out-interface=pppoe-out1 to-addresses=xx.xx.xx.xx
Thanks
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Tue Oct 25, 2022 6:27 pm

you must write script correctly, regardless routeros version, the differencies between v6 and v7 are on get address only
:if ([/interface get pppoe-out1 running]) do={
    :local new [/ip address get ([find where interface=pppoe-out1]->0) address]
    :set   new [:pick $new 0 [:find $new "/"]]
    :local old [/ip firewall nat get [find where comment="src-nat"] to-addresses]
    :if  ($new != $old) do={
        /ip firewall nat set [find where comment="src-nat"] to-addresses=$new
    }
}

or better, removing all useless parts, if you put this on ppp profile / scripts / on up:
/ip firewall nat set [find where comment="src-nat"] to-addresses=$"local-address"
 
riv
just joined
Posts: 16
Joined: Wed Jun 07, 2006 4:16 am

Re: v7.6 [stable] is released!

Tue Oct 25, 2022 8:17 pm

VPNV4 routes not advertising to BGP peers

Anyone having the same issue?
 
kenyloveg
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Tue Jul 14, 2009 3:25 pm

Re: v7.6 [stable] is released!

Tue Oct 25, 2022 9:01 pm

or better, removing all useless parts, if you put this on ppp profile / scripts / on up:
/ip firewall nat set [find where comment="src-nat"] to-addresses=$"local-address"
If "local-address" would never be broken, this should be the best way.
Thank you.
 
kenyloveg
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Tue Jul 14, 2009 3:25 pm

Re: v7.6 [stable] is released!

Tue Oct 25, 2022 9:02 pm

or better, removing all useless parts, if you put this on ppp profile / scripts / on up:
/ip firewall nat set [find where comment="src-nat"] to-addresses=$"local-address"
If "local-address" would never be broken, this should be the best way.
Thank you.
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.6 [stable] is released!

Tue Oct 25, 2022 10:09 pm

Thx @rextended.
I would be interested to know if anyone is running 7.6 in production with full internet routing table or at least receiving more than 500k routes from peers.
I was, until my internal OSPF links started flapping.
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.6 [stable] is released!

Tue Oct 25, 2022 10:12 pm

BPG/OSPF with large (300'000+) tables and L3HW enabled is unstable and peer connections flap with OSPF resets in the log.
For us, this issues started with 7.5 and did not improve with 7.6.
The OSPF CRC "fix" causes packet drops with ("%OSPF-4-ERRRCV: Received invalid packet: Bad Checksum")

Had to go back to 7.4.1 to get things stable.
Glad to see it wasn't just me. Did you try disabling L3HW offload? That fixed it for me on 7.6, but kind of defeated the purpose of using those routers in the first place. :-)
 
User avatar
jbl42
Member Candidate
Member Candidate
Posts: 214
Joined: Sun Jun 21, 2020 12:58 pm

Re: v7.6 [stable] is released!

Tue Oct 25, 2022 10:44 pm

No, I did not try to disable L3HW.
I don't see any value in running a ROS version with broken L3HW on a CCR2216. As you mentioned, the large scale L3HW capabilities are the reason to pay the extra money for a CCR2216 in the first place.
 
tommyd
just joined
Posts: 14
Joined: Mon Apr 03, 2017 10:37 am

Re: v7.6 [stable] is released!

Wed Oct 26, 2022 11:14 am


when using /routing/bgp/advertisements/print with where command to filter a peer, that working with no issue.
but
when using just /routing/bgp/advertisements/print, causing 100% cpu at routing & management process and memory is falling down rapidly. after lost 9Gb RAM we device to force reboot...

nobody has this issue ?
I do, for way smaller tables on WAN routers (CCR2004-1G-12S+2XS). Rapid memory leak and reboot in few minutes after issuing the
print
command

Edit: even
/routing/bgp/advertisements/print count-only 
causes memory leak and eventually reboot
Last edited by tommyd on Wed Oct 26, 2022 11:38 am, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.6 [stable] is released!

Wed Oct 26, 2022 11:31 am

I see no such leaks but I have only 750 routes so maybe it is not so visible then. I presume the command makes some temporary table in memory for all routes it is going to print.
However I had that "No such item (4)" problem I mentioned above and now I see it rectified itself after the BGP peers went down/up due to the ISP modem having rebooted last night. That has apparently cleared something up. That problem now is not reproducible.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.6 [stable] is released!

Wed Oct 26, 2022 11:32 am

2.4 on v7.6
You do not have the required permissions to view the files attached to this post.
 
DenisPDA
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Tue Sep 04, 2018 5:42 pm

Re: v7.6 [stable] is released!

Wed Oct 26, 2022 1:20 pm

Why such loading at an empty configuration????
hex_7.6.JPG
hex_7.6_2.JPG
What was done
1. Full configuration reset
2. Netinstall
Problem persists
You do not have the required permissions to view the files attached to this post.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26289
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v7.6 [stable] is released!

Wed Oct 26, 2022 1:37 pm

Please send or post supout.rif file. Maybe we can see a little more from the file
 
DenisPDA
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Tue Sep 04, 2018 5:42 pm

Re: v7.6 [stable] is released!

Wed Oct 26, 2022 1:59 pm

Please send or post supout.rif file. Maybe we can see a little more from the file
supout.zip
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Wed Oct 26, 2022 3:55 pm

@DenisPDA
The unwritten question is:
>>>Why does it take so long to export and so much CPU is used during export one "blank" configuration?
Otherwise it seems the question is simply:
>>>Why does the CPU have such high usage without any configuration?

The answer is simple, the device must not use optimized network functions, but various CPU calculations during the export,
because it does not just "copy" a file from the internal memory to the .rsc file,
but must check the configuration of each individual item,
and dynamically create the difference file to export to the configuration.
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Tue Feb 20, 2018 12:31 am

Re: v7.6 [stable] is released!

Wed Oct 26, 2022 4:09 pm

Image
moderator nite: no need to quote whole preceding post. Just use "Post Reply" button.
The Wireguard interface is on the LAN list
I have excluded all the rules of the Mangle and Raw firewall, but the connection does not work, there must be some other problems.
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Wed Oct 26, 2022 4:21 pm

Non usare le sessioni di altri dispositivi... che magari sono di versioni differenti. Seleziona su Session <none>
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Wed Oct 26, 2022 4:23 pm

RB5009UG+S+ with netinstalled 7.2.3 => /sys rou up 7.6
Apparently work without problems.
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Tue Feb 20, 2018 12:31 am

Re: v7.6 [stable] is released!

Wed Oct 26, 2022 6:33 pm

Non usare le sessioni di altri dispositivi... che magari sono di versioni differenti. Seleziona su Session <none>
niente da fare, non funziona
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Wed Oct 26, 2022 7:02 pm

I do not understand where is the problem :(
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Tue Feb 20, 2018 12:31 am

Re: v7.6 [stable] is released!

Wed Oct 26, 2022 7:15 pm

I do not understand where is the problem :(
does not enter on winbox, blocks on that screen
 
miasharmse84
just joined
Posts: 23
Joined: Fri Sep 02, 2022 6:19 pm
Location: South Africa

Re: v7.6 [stable] is released!

Thu Oct 27, 2022 9:41 am

@miasharmse84

I had the same issue with 7.5, corrected since 7.6 beta8....
We upgrade the CCR2116 to 7.6 this morning but our second BGP peer is still not coming up. When enabling the peer it starts to load some routes and then suddenly stops with the same error message as version 7.5 in the log: Write to bgp failed (32) { #buf=1 max=64 sk=Socket{ 5 a } }
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Thu Oct 27, 2022 9:47 am

does not enter on winbox, blocks on that screen
ok, I understand that, ma non ho capito perché ti ci fa ¯\_( ͡° ͜ʖ ͡°)_/¯
 
User avatar
Taner
just joined
Posts: 12
Joined: Thu Nov 22, 2018 11:48 am

Re: v7.6 [stable] is released!

Thu Oct 27, 2022 10:47 am

Hello, do you have any issues with RB1100AHx2 after upgrading to 7.6 from 7.5?
 
fabeni
just joined
Posts: 1
Joined: Thu Oct 20, 2022 9:57 pm

Re: v7.6 [stable] is released!

Thu Oct 27, 2022 3:37 pm

Good Morning
We were testing with the CCR2116 using it for PPPoE, we got 2400 connections, we had some problems....
CPU rising to 100% with 2GB of traffic
PPPoE disconnecting in bulk
Simple Queue not being removed and not allowing pppoe to reconnect because it said it already had a simple queue running.
We had to take out the CCR2116 and put the CCR1036 in place.
In version 7.7 beta, I didn't see anything talking about PPPoE, was something done?
 
arainbow
newbie
Posts: 36
Joined: Sat Sep 15, 2012 12:05 pm

Re: v7.6 [stable] is released!

Fri Oct 28, 2022 11:58 am

ROS 7.6:
rb750gr3, ipv6 dhcpclient on pppoe-client can't get prefix.Tried multiple times, still doesn't work.
hap ac2 work fine.
 
dakobg
Member Candidate
Member Candidate
Posts: 120
Joined: Mon Nov 06, 2017 8:58 am

Re: v7.6 [stable] is released!

Fri Oct 28, 2022 6:28 pm

Ovpn. - vrf .. cool :)
 
User avatar
Maggiore81
Trainer
Trainer
Posts: 558
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Fri Oct 28, 2022 10:07 pm

Hello, do you have any issues with RB1100AHx2 after upgrading to 7.6 from 7.5?
No.
We have on duty 3x 1100AHx2 that were upgraded successfully with no issues.
 
rpingar
Long time Member
Long time Member
Posts: 592
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.6 [stable] is released!

Sat Oct 29, 2022 8:23 pm

we are experiencing problems with simple-queue by pppoe on x86 platform, around 5000 vlan with 5000 pppoe-server (one for each client) over them.
sometime the simple queue got not removed when the client disconnect. So the client is not able to reauthenticate because it found a same queue present.
The only way to recover is to reboot it.

regards
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 277
Joined: Mon Mar 15, 2021 9:10 pm

Re: v7.6 [stable] is released!

Sun Oct 30, 2022 2:27 am

@rpingar

Wow that was huge and to avoid broadcast storm you guys create one instance and a vlan per customer, is this BRAS in bare metal or under hypervisor? care to share the setup a little bit
 
rpingar
Long time Member
Long time Member
Posts: 592
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.6 [stable] is released!

Sun Oct 30, 2022 5:26 am

bare metal
Last edited by BartoszP on Sun Oct 30, 2022 10:08 pm, edited 1 time in total.
Reason: Removed unneded quote
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.6 [stable] is released!

Sun Oct 30, 2022 12:04 pm

As written elsewhere, when you have a separate company that manages the customer connection network (e.g. the local telecom company) and they deliver the customer connections at a handover point, it is quite common to deliver a separate VLAN for each customer. Then you will have to handle that.
 
pawelluk
just joined
Posts: 3
Joined: Mon Jul 20, 2020 6:17 pm

Re: v7.6 [stable] is released!

Sun Oct 30, 2022 9:49 pm

Is there a x86_64 lcd package that is available? As I though this was available back in 6.x.
 
User avatar
AryanProphet
just joined
Posts: 5
Joined: Tue May 03, 2022 1:16 pm

Re: v7.6 [stable] is released!

Mon Oct 31, 2022 10:11 am

Thanks for the release.

I have a request. It would be really nice, if you could compile "The Dude" client also for 64-bit systems... then we Linux/BSD users don't have to install wine32, ergo activate the 32-bit repository/branch on a 64 bit system... which is very annoying, disk space consuming and not really recommended to do.

Compiling "The Dude" client for 64-bit, does save many yottabytes around the world.

Kind regards,
Ben
 
User avatar
Taner
just joined
Posts: 12
Joined: Thu Nov 22, 2018 11:48 am

Re: v7.6 [stable] is released!

Mon Oct 31, 2022 5:47 pm

Hello, do you have any issues with RB1100AHx2 after upgrading to 7.6 from 7.5?
No.
We have on duty 3x 1100AHx2 that were upgraded successfully with no issues.
Hi, thank you for the confirmation.
 
zojka
just joined
Posts: 20
Joined: Tue Aug 12, 2014 12:26 pm

Re: v7.6 [stable] is released!

Mon Oct 31, 2022 11:01 pm

Hi,

After upgrade CHR to 7.5 I noticed problem with incorect VPN connection state "D" flag. This is the same situation which has been fixed in 6.3x.
The problem occurs PPTP and OpenVPN. I have 10 users and today I had 400 incorrect sessions with "D" flag.
Mikrotik is install on vmWare 6.7 and was upgraded from 6.48 to 7.5 -> 7.6 ( I attached screen)
You do not have the required permissions to view the files attached to this post.
 
zvekyf
just joined
Posts: 21
Joined: Thu Sep 29, 2016 1:29 am

Re: v7.6 [stable] is released!

Wed Nov 02, 2022 5:13 am

we have same issue with OpenVPN UDP connections but because we allow [only one] clients can't connect after that any more and we must manually clear connections.
Image
Connection is not cleared by OpenVPN even [keep alive] is set to 60 sec.
Image

I catched next pool error when this happened
Image

This happens when client losses internet connection, switch to different AP when going to different building flor, plug out cable and take laptop and similar situations.
 
arainbow
newbie
Posts: 36
Joined: Sat Sep 15, 2012 12:05 pm

Re: v7.6 [stable] is released!

Wed Nov 02, 2022 12:10 pm

ROS 7.6:
rb750gr3, ipv6 dhcpclient on pppoe-client can't get prefix.Tried multiple times, still doesn't work.
hap ac2 work fine.
Has anyone encountered a similar situation?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.6 [stable] is released!

Wed Nov 02, 2022 12:55 pm

No, it works for me. Try to do a /export show-sensitive file=name and download the file, then reset the router configuration, no defaults, connect via MAC address and upload the same exported config file and import it.
 
arainbow
newbie
Posts: 36
Joined: Sat Sep 15, 2012 12:05 pm

Re: v7.6 [stable] is released!

Wed Nov 02, 2022 4:48 pm

I left home in October last year. The rb750gr3 at home is still version 6.9, and a UPS is installed for networking. For more than a year, I never came back, and there was no one at home. Therefore, in order to continue to function properly after an upgrade, the upgrade must be done very carefully. If reset, you can no longer connect.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v7.6 [stable] is released!

Wed Nov 02, 2022 6:14 pm

6.9? Really ... you should go up to 6.40 , good copy , jump to 6.41 which changed "a lot", then up to 6.49.x and then to 7.x
 
winap
just joined
Posts: 20
Joined: Thu Sep 23, 2021 10:57 pm

Re: v7.6 [stable] is released!

Wed Nov 02, 2022 6:33 pm

6.9? Really ... you should go up to 6.40 , good copy , jump to 6.41 which changed "a lot", then up to 6.49.x and then to 7.x
Is there any improvement for now in v7 over v6? I mean v7 has a lot of bug fixies, but any new function? Is still v6 better, than v7?
Thanks
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.6 [stable] is released!

Wed Nov 02, 2022 7:04 pm

I'm totally confused by the above discussion. But anyway, it should not be in the release topic.
 
dave3
newbie
Posts: 45
Joined: Mon Feb 07, 2022 8:06 am

Re: v7.6 [stable] is released!

Fri Nov 04, 2022 9:44 pm

I just netinstalled 7.6 on my 750gr3 and ran into a problem with the ssh login.

Using the same 4096 bit RSA key that I used successfully in 6.48.6, 6.49.x, 7.1, 7.2, I got:

Server refused public-key signature despite accepting key!

After generating a new 2048 bit RSA key to use, it accepted that and let me login. Are 4096 bit RSA keys no longer possible with 7.6?
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.6 [stable] is released!

Tue Nov 08, 2022 12:09 am

RouterOS version 7.6 is released in the "v7 stable" channel!

*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;

can confirm. bridge support/vlan-filtering works as with a usual ethernet port (add macsec interface to the bridge instead of the ethernet interface)

tested between 2 hAP ac lite and
1 hAP ac lite and 1 CRS326-24G-S+
works, but performance is - as expected - poor. really poor. the L2 link is a 1Gbps ethernet connection and the throughput
according to BTest is around 25Mbit send/receive or around 10-15Mbit if both is tested

waiting for hw-offload and will test on CCR2116 and CCR1072 if i got some spare time at work.

for now i stick to vxlan workaround via wireguard :)
 
john231
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Wed Aug 08, 2018 12:11 pm

Re: v7.6 [stable] is released!

Tue Nov 08, 2022 12:36 pm

Can someone please clarify that if i move from 6.48.6 to 7.6 for example then my download speed will be affected? Meaning that if i download a single file from the internet with a 300Mbit/s connection using lets say hap ac for that i will be downloading it around 300 Mbit/s with 6.48.6 but with 7.6 the download speed will be reduced to around ~250 ?

There are a few topics that say the speedtest results are lower due to some software architectural changes. What i want to know is that, are single file download speeds affected as well?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Tue Nov 08, 2022 1:58 pm

Why change if the previous one is better, and you do not need any "new" feature?
 
winap
just joined
Posts: 20
Joined: Thu Sep 23, 2021 10:57 pm

Re: v7.6 [stable] is released!

Tue Nov 08, 2022 2:14 pm

Can someone please clarify that if i move from 6.48.6 to 7.6 for example then my download speed will be affected? Meaning that if i download a single file from the internet with a 300Mbit/s connection using lets say hap ac for that i will be downloading it around 300 Mbit/s with 6.48.6 but with 7.6 the download speed will be reduced to around ~250 ?

There are a few topics that say the speedtest results are lower due to some software architectural changes. What i want to know is that, are single file download speeds affected as well?
Which HW?
 
john231
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Wed Aug 08, 2018 12:11 pm

Re: v7.6 [stable] is released!

Tue Nov 08, 2022 6:31 pm

Can someone please clarify that if i move from 6.48.6 to 7.6 for example then my download speed will be affected? Meaning that if i download a single file from the internet with a 300Mbit/s connection using lets say hap ac for that i will be downloading it around 300 Mbit/s with 6.48.6 but with 7.6 the download speed will be reduced to around ~250 ?

There are a few topics that say the speedtest results are lower due to some software architectural changes. What i want to know is that, are single file download speeds affected as well?
Which HW?
hap ac
 
john231
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Wed Aug 08, 2018 12:11 pm

Re: v7.6 [stable] is released!

Tue Nov 08, 2022 6:33 pm

Why change if the previous one is better, and you do not need any "new" feature?
So is this a yes?
 
dave3
newbie
Posts: 45
Joined: Mon Feb 07, 2022 8:06 am

Re: v7.6 [stable] is released!

Tue Nov 08, 2022 6:55 pm

If you're using the default firewall rules and ipv4 is fasttracked, ipv4 speed will probably not be an issue, but ipv6 is slower. Not sure if you'd notice it at 300mbps on hap ac, or not.
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.6 [stable] is released!

Tue Nov 08, 2022 7:07 pm

I've not seen any noticeable changes on hAP's running 7.6. I'm able to get 400-600Mbps just fine through them (wired) to my Speedtest.net server. The ability to run Cake and fq-codel for my customers is a huge plus.
 
User avatar
rekeds
just joined
Posts: 13
Joined: Fri Mar 14, 2014 10:45 pm

Re: v7.6 [stable] is released!

Wed Nov 09, 2022 11:48 pm

anybody else having issues with BGP peer "stopped"?

WinBox gui "connection" stopped, but Sessions show "Established".
commandline reports different statuses.
changing policy on the fly, refreshes, sometimes end up in "stopped".

will try to replicate and send to MT.

For some directly subnet connected peers it asked for a multihop. Adding a /30 for the peer, removed the multihop log message, but wouldn't establish the session.
Why the "remote address" needs a /32 at the end?

"Output network" is cool tho.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.6 [stable] is released!

Thu Nov 10, 2022 10:38 am

anybody else having issues with BGP peer "stopped"?

WinBox gui "connection" stopped, but Sessions show "Established".
commandline reports different statuses.
changing policy on the fly, refreshes, sometimes end up in "stopped".
It is a known bug. See also the 7.7beta topic where this is mentioned (it is not yet solved in 7.7beta either!).
 
complex1
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Wed Jan 04, 2017 9:55 pm
Location: NL-NH

Re: v7.6 [stable] is released!

Fri Nov 11, 2022 11:10 am

FWIW, but yesterday I have upgraded my RB4011iGS and PWR-Line(s) (PL7411-2nD) from 7.4 to 7.6, and they are still running fine.
I'm happy.
 
huntah
Member Candidate
Member Candidate
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

Re: v7.6 [stable] is released!

Fri Nov 11, 2022 8:03 pm

Seems like ! is not working in fasttrack and queues
I am trying to disable fastrack for GuestNetwork (Capsman and one Vlan interface) so I can enabel queues
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes src-address-list=!GuestsNetwork

/queue simple
add max-limit=5M/5M name=WiFiGuests queue=pcq-upload-default/pcq-download-default target=10.5.50.0/24 total-queue=wireless-default

If I remove ! (Exclamation mark) from src-address-list and ajust IPs in the GuestsNetwork AddressList then the queues are working..
Also the same is true if you use src-address instead of src-address-list

Can anyone confirm this bug
 
crowderjd
just joined
Posts: 1
Joined: Thu Oct 06, 2022 6:23 pm

Re: v7.6 [stable] is released!

Fri Nov 11, 2022 11:37 pm

I upgraded my CRS354-48P-4S+2Q+ to 7.6 today. Everything seems to be working just fine, except Inter-VLAN IPv6 HW Offloading doesn't seem to be working at all. I can see the H flag for my VLAN routes, however when I run iperf tests between systems I am only getting about 50-80Mbps. Any ideas?
[jcrowder@csw-sundown01] > ipv6 route print
Flags: D - DYNAMIC; I, A - ACTIVE; c, o, y - COPY; H - HW-OFFLOADED
Columns: DST-ADDRESS, GATEWAY, DISTANCE
     DST-ADDRESS            GATEWAY                          DISTANCE
DAoH ::/0                   fe80::1afd:74ff:fe05:6b49%bond1       110
DIoH 2001:470:4327::/64     bond1                                 110
DAcH 2001:470:4327::/64     bond1                                   0
DAoH 2001:470:4327::a/128   fe80::1afd:74ff:fe05:6b49%bond1       110
DAoH 2001:470:4327:1::/64   fe80::1afd:74ff:fe05:6b49%bond1       110
DAcH 2001:470:4327:32::/64  vlan10                                  0
DAcH 2001:470:4327:34::/64  vlan15                                  0
DAcH 2001:470:4327:62::/64  vlan255                                 0
DAcH fe80::%bridge/64       bridge                                  0
DAcH fe80::%bond1/64        bond1                                   0
DAcH fe80::%vlan15/64       vlan15                                  0
DAcH fe80::%vlan255/64      vlan255                                 0
DAc  fe80::%vlan30/64       vlan30                                  0
DAcH fe80::%vlan10/64       vlan10                                  0
[jcrowder@csw-sundown01] >
[SUM]   0.00-10.00  sec  49.8 MBytes  41.8 Mbits/sec  4992             sender
[SUM]   0.00-10.00  sec  49.0 MBytes  41.1 Mbits/sec                  receiver
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.6 [stable] is released!

Mon Nov 14, 2022 6:19 am

i'm having issues sending email from v7.6, unlike v6
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.6 [stable] is released!

Mon Nov 14, 2022 8:09 am

It works fin for me. Do you use gmail? Make sure you have a username with a local password generated for that account, and a correctly setup host: /tool e-mail set address="smtp.gmail.com"

viewtopic.php?t=186588
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.6 [stable] is released!

Mon Nov 14, 2022 10:26 am

@Jotne
i have my own. The gmail has implemented to feature,so it stops as well. With my own smtp on v6 no problem
 
User avatar
pothi
newbie
Posts: 46
Joined: Fri Sep 14, 2018 7:48 pm
Location: Srivilliputhur, Tamil Nadu, India
Contact:

Re: v7.6 [stable] is released!

Mon Nov 14, 2022 2:12 pm

I use Amazon SES to send emails using SMTP. Works well on both v7 and v6 stable versions.

Did you try debugging the issue with...
/system logging add topics=e-mail
/log print follow-only

# on a separate terminal, please execute the following command to send a test email
# please use an actual email address.
/tool e-mail send to=noreply@example.com subject="test" body="test"
Once troubleshooted the issue, please make sure to turn off / remove logging with
/system logging remove [find topics="e-mail"]
Last edited by pothi on Wed Dec 07, 2022 6:00 am, edited 1 time in total.
 
prawira
Trainer
Trainer
Posts: 357
Joined: Fri Feb 10, 2006 5:11 am

Re: v7.6 [stable] is released!

Tue Nov 15, 2022 3:20 pm

hi all,

i did simple UM Lab for couple hours today with l2tp-server services.

here are some of my notes...

Caller ID:
if v clicked, than the default entry is bind. when the client connected, the field change into the current of client ip-address; not mac-address (like UM v6). so please do revise so it will replace to client mac-address. i try to manually enter the client mac-address, the result is failed to authenticated ourselfs to peer on the log.
EDITED: re-try the lab with pppoe services and bind return the mac-address of the client. i will try again with hotspot.

shared-users:
there are two location to define the shared users: tab Users and User Profiles
  • when user added even under winbox or CLI, the default shared-users=1.
    http://<ip>/um menu Status show Max simultaneous sessions: 1
    as soon as the profile (shared users=2) get actived than the actual shared-users become 2. when the third user try to log in, than the second login get disconnected with reason Um Simultaneous Sessions. i can confirm this cause the calling station ID are different from the second and the third users.
  • when the shared-users=3 under tab Users (the Profiles shared users=2):
    http://<ip>/um menu Status show Max simultaneous sessions: 3
    but the third user still can not login with the same above reason. please correct this bug.

Limitation :
it advisible to add parent queue and insert before parameters

tab User Profiles
it advisible move it between User Groups and Sessions

User Profiles:
the column end-time show the same date and time (Feb/07/2106 06:28:15) for all users even if it actived on different time.
the column end-time, better changed to start-time

Sessions:
it advisible to add terminate cause column like the one under winbox
plus the total duration, total upload, total download, and the total upload+download at bottom part.

http://<ip>/um/
Under menu Status and the profile name clicked, the Profile limits say Not yet implemented.... what is have to shown ?
Under menu Profiles, it shows all available profiles. is it correct or it should show the current and or all profiles attached ?
when the payment has not defined, better not to show Payment menu.

also...
i miss the existing feature on UM v6 where we can create multiple customers with results :
+ HRD can create, edit, delete users for internal staffs
+ Reception can create, edit, delete users for guests
+ HRD can not touch the users created by Reception and vice versa.
is it possible to implement this old feature on UM v7 ?
 
hoh
just joined
Posts: 5
Joined: Fri Aug 27, 2021 12:13 pm

Re: v7.6 [stable] is released!

Wed Nov 16, 2022 8:54 am

WPA2-EAP as wireless station is broken in v7.6 (didn't test other 7x versions, nor beta). Works fine in 6.49.7.
Jan/02/1970 00:05:55 wireless,info        XX:XX:XX:XX:XX:XX@wlan2 established connection on 5700000, SSID eduroam
Jan/02/1970 00:06:55 wireless,info        XX:XX:XX:XX:XX:XX@wlan2: lost connection, 802.1x authentication timeout
 
Domyos
just joined
Posts: 1
Joined: Fri Mar 08, 2019 6:56 pm

Re: v7.6 [stable] is released!

Thu Nov 17, 2022 10:26 am

Has anyone seen this before as well in 7.6?
It looks as if the mikrotik is sending all traffic out of all interfaces, when torching them, you don't see all traffic coming from another port for example.
Also when a port is enabled that is slower than the others(our tv is max 100mbps for example) it limits ALL interfaces to 100Mbps for some reason.

Will check if downgrading resolves this, as i also switched to a hap ac3 recently.
 
ahmedelbarbary
just joined
Posts: 19
Joined: Thu Dec 01, 2016 1:23 am

Re: v7.6 [stable] is released!

Fri Nov 18, 2022 4:50 pm

Hello
I have a problem with 750 GR3
all 1G interfaces after 2 days it goes to 100 Mb, 7.6 release
 
BillyVan
newbie
Posts: 36
Joined: Tue Sep 04, 2018 10:29 pm
Location: Greece

Re: v7.6 [stable] is released!

Fri Nov 18, 2022 7:51 pm

1. Replace lan cables
2 Try to export config first.
Netinstall with 7.6 and import config.

I have 7.6 on 750gr3 many days without problem.
 
ahmedelbarbary
just joined
Posts: 19
Joined: Thu Dec 01, 2016 1:23 am

Re: v7.6 [stable] is released!

Sun Nov 20, 2022 3:44 am


I have 7.6 on 750gr3 many days without problem.
Thanks for answer.
I use 750 gr3 as a switch with the defualt config from the Documentation, I tested new cable nothing change, Wire length is 20M, just normal reboot everthing works perfectly.
 
ykiril
just joined
Posts: 3
Joined: Tue May 25, 2021 8:36 pm

Re: v7.6 [stable] is released!

Tue Nov 22, 2022 5:02 pm

Hi All!

There is no name resolution through Windows AD DNS when using scripts and in WinBox terminal or ssh. The problem also exists in version 7.5, but at the moment I don't have the opportunity to test on an older one.

In more detail. In a backup script containing a fetch command, I want to use a canonical name sftp.mydomain.local . But I get an error "failure: unable to resolve hostname".

I thought I had some error in the configuration, and decided to run a traceroute through WinBox graphics window, using a canonical name - it works. Ping (graphical) - too. But ping and traceroute to anything from the local domain from a terminal doesn't work.

To check if I can access the domain DNS server at all, I removed all DNS servers except the domain DNS server from the router configuration. If in a terminal I try to resolv something outside my local domain - I have no problems, but I can't resolve anything on the domain. In WinBox, I have no problem with resolving in ping and traceroute windows...

Anyone with same problem?
 
aivarsm
just joined
Posts: 4
Joined: Thu Dec 14, 2017 7:08 pm

Re: v7.6 [stable] is released!

Wed Nov 23, 2022 8:12 am

GRE tunnel between two mikrotik routers works only if default proposals contains 3DES.
If 3DES remove, then traffic does not passed.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.6 [stable] is released!

Wed Nov 23, 2022 10:45 am

GRE tunnel between two mikrotik routers works only if default proposals contains 3DES.
If 3DES remove, then traffic does not passed.
That is not true. I have not had 3DES in the proposal for years. Maybe you need to show the relevant export of your config, but do it in a
new topic because it likely has nothing to do with this specific version.
 
dmcken
newbie
Posts: 34
Joined: Fri Mar 24, 2006 8:21 pm

Re: v7.6 [stable] is released!

Mon Nov 28, 2022 2:11 am

Just curious is the make supout.rif disabled on the tile arch?

Its there via the CLI but missing in winbox
 
aoakeley
Member Candidate
Member Candidate
Posts: 170
Joined: Mon May 21, 2012 11:45 am

Re: v7.6 [stable] is released!

Tue Nov 29, 2022 3:51 pm


I thought I had some error in the configuration, and decided to run a traceroute through WinBox graphics window, using a canonical name - it works. Ping (graphical) - too. But ping and traceroute to anything from the local domain from a terminal doesn't work.

DNS resolution in Winbox comes from the computer you are connecting from
DNS resolution in terminal comes from the DNS Servers set in IP-DNS

If you want the router to be able to resolve domain DNS make sure it is set to use the internal Domain DNS Servers, not an internet DNS Server

post results of [Router] /ip dns export if you need advice

.
 
akschu
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Mar 15, 2012 2:09 am

Re: v7.6 [stable] is released!

Tue Nov 29, 2022 9:54 pm

viewtopic.php?p=969627#p969627

My CCR1009 reboots every 30 minutes on this release. Apparently I'm not the only one.
 
ferilagi
just joined
Posts: 6
Joined: Mon Jun 01, 2020 6:35 am

Re: v7.6 [stable] is released!

Wed Nov 30, 2022 3:31 pm

in my setup hotspot not redirect to login page, if using routing mark.. goes fine in 7.2.1
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.6 [stable] is released!

Wed Nov 30, 2022 6:07 pm

The behavior of routing marks has changed. You may need to adapt your config.
 
badmonkey
just joined
Posts: 6
Joined: Sat Jun 11, 2022 3:03 pm

Re: v7.6 [stable] is released!

Sat Dec 03, 2022 1:00 pm

Having trouble with Wireguard with Android client since updating from 7.3.1 without altering config.
It is weird behavior, mostly works, all apps have internet access, but some specific things are broken such as BitWarden app sync'ing, Signal app calling (and msgs very slow to send), images & media in Twitter app (but not timeline itself).
Turning off Wireguard on the phone fixes everything. Do not see anything in the app log that indicates error, app itself last updated May.
 
BillyVan
newbie
Posts: 36
Joined: Tue Sep 04, 2018 10:29 pm
Location: Greece

Re: v7.6 [stable] is released!

Mon Dec 05, 2022 1:53 pm

on all 7.xx versions i have no Current Tx Power info
wifi 2,4 and 5
all rates fixed
TxPower 22
with ros 6.49.6 everything appears right
photos from ac2
You do not have the required permissions to view the files attached to this post.
 
User avatar
domodial
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Mon Aug 24, 2020 7:27 pm

Re: v7.6 [stable] is released!

Tue Dec 06, 2022 11:43 am

routerOS V7.6 not shows reachable OR unreachable network details (exemple : route table)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.6 [stable] is released!

Tue Dec 06, 2022 11:52 am

routerOS V7.6 not shows reachable OR unreachable network details (exemple : route table)
When making such broad statements, please include some detail.
- what do you expect
- in what version did it do what you expect
- what user interface are you using (command, winbox, webfig)
 
User avatar
domodial
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Mon Aug 24, 2020 7:27 pm

Re: v7.6 [stable] is released!

Tue Dec 06, 2022 12:21 pm

to the right of the gateways, in general it is marked whether it is reachable or not. This allows you to quickly see what is wrong. Here we are waiting.
Winbox 3.37 / RouterOS V7.6
Image
 
holvoetn
Forum Guru
Forum Guru
Posts: 5320
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.6 [stable] is released!

Tue Dec 06, 2022 1:33 pm

What happens when you open that little drop-down arrow to add the column ?
 
User avatar
domodial
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Mon Aug 24, 2020 7:27 pm

Re: v7.6 [stable] is released!

Tue Dec 06, 2022 3:02 pm

nothing happens, there is no need to click on anything, it must appear in the column, do not add a column. I have this problem on 2 routers in version 7 on 2 different sites.
 
User avatar
domodial
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Mon Aug 24, 2020 7:27 pm

Re: v7.6 [stable] is released!

Tue Dec 06, 2022 3:21 pm

This is a good and real view on "reacheable" and " unreachable"
things have changed, I see it in the dialog boxes. It's a shame that it no longer exists. to forget ?
Image

And now this is the view on V7.6
Image
 
holvoetn
Forum Guru
Forum Guru
Posts: 5320
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.6 [stable] is released!

Tue Dec 06, 2022 3:57 pm

I see ... That's more clear.
Haven't really paid attention to it and my 7.6 installations on Hex and AC3 shows the same as your "faulty" screenshot.
Went back to check on a 7.5 and 7.4 config, I don't see it there either.
So could be normal now.
 
User avatar
domodial
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Mon Aug 24, 2020 7:27 pm

Re: v7.6 [stable] is released!

Tue Dec 06, 2022 4:34 pm

7.1x work fine or 6.x (don't remember)
 
User avatar
DanielTheFox
just joined
Posts: 2
Joined: Mon Jan 11, 2021 9:48 pm
Location: Mexico

Re: v7.6 [stable] is released!

Tue Dec 06, 2022 8:34 pm

I noticed that if a user logs out after a CoA packet is sent for a user and before the CoA request actually succeeds, the router will report "Radius CoA failed: user logged out" (which is the truth) but the queue associated with that session won't be deleted and the next time the user tries to log back in, there will be an error: failed to add queue: already have such name (6)

The CoA request is supposed to set a new traffic rate limit (using the Ascend codes) to a user, and I'm using this for Hotspot. However, it's worth checking if the same happens to PPPoE servers under the same conditions. I've reported this as the code SUP-100186, for MikroTik staff to see
 
bentw
just joined
Posts: 3
Joined: Mon Oct 03, 2022 5:29 pm

Re: v7.6 [stable] is released!

Fri Dec 09, 2022 3:03 pm

in my setup hotspot not redirect to login page, if using routing mark.. goes fine in 7.2.1
Did you find a solution to this? I am also having an issue with the hotspot not redirecting to a custom page
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.6 [stable] is released!

Fri Dec 09, 2022 3:53 pm

The behavior of routing marks has changed. You may need to adapt your config.
 
djdrastic
Member
Member
Posts: 367
Joined: Wed Aug 01, 2012 2:14 pm

Re: v7.6 [stable] is released!

Fri Dec 09, 2022 5:39 pm

So 2 things in this release seemingly address 2 now published cves

"hotspot - improved stability when receiving bogus packets;" which seemingly correlates to CVE-2022-45313

"snmp - improved stability when receiving bogus packets;" which seemingly correlates to CVE-2022-45315

Are we going to see these security patches backported to v6 or is v6 a done deal now ?
 
User avatar
maks750i
newbie
Posts: 30
Joined: Tue Feb 19, 2013 11:18 pm
Location: Serbia Nis
Contact:

Re: v7.6 [stable] is released!

Sun Dec 11, 2022 11:44 pm

Mikrotik Dyna dish rev3 and CCR 1016 have problem with watchdog timer and devices reboot when cpu is 80-100% .I run bw test on tcp connections and devices crash.when i back on 6.48.6 all is good.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Fri Dec 16, 2022 10:11 pm

I just wanted to let you know that (apart from the disappearing :global variable bug, already reproduced and already working on),
the two production devices using 7.6, one of which deals with BGP (CCR2116-12G-4S+), have not given me any problem so far.

The only thing is that if I accidentally turn off the power, they turn off without warning. :lol:
 
dcavni
Member Candidate
Member Candidate
Posts: 107
Joined: Sun Mar 31, 2013 6:02 pm

Re: v7.6 [stable] is released!

Sat Dec 17, 2022 12:58 pm

I'm getting "router was rebooted without proper shutdown by watchdog timer" and "kernel failure in previous boot" on AC3 (7.6) almost every night in the middle of the night usualy between 1 and 3 PM. What could be causing this? I'm also using adguard container on this device, so free RAM is arround 67 MB. Realy strange, that reboot usualy happens when nobody is using internet.
 
User avatar
Ullinator
just joined
Posts: 8
Joined: Tue Jun 08, 2021 12:53 pm
Location: North-West Germany

Re: v7.6 [stable] is released!

Sat Dec 17, 2022 3:21 pm

@dcavni:
Did you check the FW logs (maybe you must enable it first!?) to see if any DDOS or TCP Syn attacks did happen in the night, or some kind of other attacks?
That could cause an "out-of-memory" situation for the device....
Only an idea ....
 
Zaesch
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Thu Apr 16, 2009 12:43 pm

Re: v7.6 [stable] is released!

Tue Dec 20, 2022 6:45 pm

Hi,
is it normal that the second port LED on CRS328-24S+2Q+RM devices are always on, if a SFP module is present AND the speed/duplex is set to a fixed rate? Even if there is no cable attached. This is a bit annoying, because you have a look at the first LED of the port to tell, if there is a active link or not :-/

edit 2022-12-21: After config reset to defaults the device act like this:
  • After reboot: Module present and all port LEDs are off.
  • Setting the speed of a populated port to 100/FD: all LEDs are off.
  • Remove the SFP of this port and putting it back in: Second port LED turns on.
  • Setting the speed and duplex of this port back to auto: Second LED stays on.
  • Remove the SFP of this port and putting it back in: Second port LED turns off.

edit 2022-12-23: MT support confirmed the behavior and there will be SFP module improvements in the future :-)
 
vitaly2016
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Jan 20, 2016 9:26 am
Location: Ukraine

Re: v7.6 [stable] is released!

Mon Dec 26, 2022 10:37 am

I'm getting "router was rebooted without proper shutdown by watchdog timer" and "kernel failure in previous boot" on AC3 (7.6) almost every night in the middle of the night usualy between 1 and 3 PM. What could be causing this? I'm also using adguard container on this device, so free RAM is arround 67 MB. Realy strange, that reboot usualy happens when nobody is using internet.
I have "router was rebooted without proper shutdown by watchdog timer" at my RB3011 after upgrading from 6.49.6 to 7.6 too. It happened randomly 3 times already within 3 weeks after upgrading.
And I wonder what could be causing this too
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.6 [stable] is released!

Mon Dec 26, 2022 11:43 am

I have "router was rebooted without proper shutdown by watchdog timer" at my RB3011 after upgrading from 6.49.6 to 7.6 too. It happened randomly 3 times already within 3 weeks after upgrading.
And I wonder what could be causing this too
Unless you can derive a scenario yourself (some thing you do or something externally that triggers it) the only way to hopefully get it resolved is to make a supout file as short as possible after the crash and make a support ticket where you include it.
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.6 [stable] is released!

Mon Dec 26, 2022 2:24 pm

I have "router was rebooted without proper shutdown by watchdog timer" at my RB3011 after upgrading from 6.49.6 to 7.6 too. It happened randomly 3 times already within 3 weeks after upgrading.
And I wonder what could be causing this too
One thing we found out is that the best way to upgrade from 6.x to 7.x is upgrading through netinstall (do an export first, to guide You and do a backup too - in case You want to rollback), then starting over. This is only needed going from 6.x to 7.x. Upgrades from 7.x to 7.y can be done the usual way.
 
emunt6
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Fri Feb 02, 2018 7:00 pm

Re: v7.6 [stable] is released!

Wed Dec 28, 2022 1:49 pm

*) macsec -
Is there any documentation about it?

Questions:
- MKA support (MACsec Key Agreement protocol) ?
- Topology support ( point-to-point , point-to-multipoint aka WAN MACSEC ) ?
- Performance (GCM-AES-128 / GCM-AES-256 / GCM-AES-XPN-128 / GCM-AES-XPN-256 )?
- Hardware support ?

Thx.
 
User avatar
kehrlein
newbie
Posts: 48
Joined: Tue Jul 09, 2019 1:35 am

Re: v7.6 [stable] is released!

Wed Dec 28, 2022 9:19 pm

Updated soft- and firmware on these models without any issues:
RB750GL
CRS309-1G-8S+
RBcAPGi-5acD2nD (cAP ac)
RB760iGS (hEX S)
RBD52G-5HacD2HnD (hAP ac2)

Update 09.01.2023:
Several issues after more days in production and deeper analysis with RB1100AHx4 (regarding VLAN, Bridge, SSH, connections issues in general), CRS112-8P-4S (regarding SSH / Host Keys > 4096, flapping STP, slow SNMP, CPU load)
Last edited by kehrlein on Mon Jan 09, 2023 11:34 pm, edited 2 times in total.
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.6 [stable] is released!

Wed Dec 28, 2022 9:35 pm

MikroTik ... could you please provide a list with hardware which supports MACsec with support regarding hw-offloading ... you yet implement some devices with chips which are capable of do MACsec in hardware ....
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.6 [stable] is released!

Wed Dec 28, 2022 9:38 pm

another weird "bug"(?) i came across lately is with open vpn ... clients connect and they are not able to reconnect again unless i change any setting and back in the open vpn server which, i guess, does a service restart.
also if i just disable and then re-enable the ovpn server again the clients are again able to reconnect.
if a client drops and tries to reconnect it fails unless i restart the ovpn server.
connections a refused and nothing shows up in the log or firewall when this happens.
Last edited by spippan on Thu Dec 29, 2022 1:23 pm, edited 1 time in total.
 
User avatar
rumahnetmks
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Mon Dec 21, 2020 10:00 am

Re: v7.6 [stable] is released!

Thu Dec 29, 2022 4:23 am

From 7.2.1 to 7.6 my hotspot login page can only be access automatically from internal android browser opened by the pop up after login to the ap (3rd party AP).
If try via browser, login page can only be accessed from 'http://hotspotipgateway/status'. The 'http://hotspotdns/status' will not work. For DNS I have push the all network behind mikrotik to use DNS provide by mikrotik RB4011 then set static entry (auto from hotspot wizard) for 'hotspotipgateway' 'hotspotdns'...
It just minimalist setup of hotspot that works fine in v6, no any custom redirection. I have read some mention about routing ros v7 different from ros v6 but have no idea where to check. My routing table only contain "main, FIB=yes"
The hostpot (v7.6) itself can works fine, the only problem is that login page behavior.
Any enlightment?
 
User avatar
kehrlein
newbie
Posts: 48
Joined: Tue Jul 09, 2019 1:35 am

Re: v7.6 [stable] is released!

Fri Dec 30, 2022 2:23 am

Usually (experienced on 6.x.y) regenerating host keys takes only a couple of seconds [or minutes].
I do have two boxes with 7.6 (CRS112-8P-4S mibsbe & CRS309-1G-8S+ arm) where the process 'certificate' is running for more than 24 hours after initiating the regeneration. Even if the selected Host Key Size is only 1024. Rebooting the devices didn't help.

Does anyone of you guys see the same behavoir?

Update: Validated with a brand new CRS112-8P-4S without any config:
Host Key Generation with
- 6.49.7: No issues, done in approx. 10 min.
- 7.6: CPU load 100%, not finished after several hours
 
User avatar
kosyot
newbie
Posts: 36
Joined: Wed Jan 16, 2019 1:28 pm
Contact:

Re: v7.6 [stable] is released!

Tue Jan 03, 2023 11:48 am

BGP MEMORY LEAK after massive routes reinstallation
RouterBoard: CCR1036-8G-2S+ revision: r2
ROS: 7.6 (stable) /Oct/17/2022 10:55:40/

EDGE BGP router - several upstreams with full BGP tables and couple of IXs - total > 6M installed IPv4 & IPv6 routes (6059493 at the moment).
After planned reboot of core switches lost and after 5 mins came back about half of BGP peers and routes. Without executing any command of router /not even logged in/ started memory leak which lead routing service to stop. After reboot everything backed to normal.
Screenshot 2023-01-03 113749.png
On the next day other part of switches was offline - same behavior -> another reboot.

Uptime of the router was >60 days - from 7.6 release date.
You do not have the required permissions to view the files attached to this post.
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.6 [stable] is released!

Wed Jan 04, 2023 12:58 pm

noticed, that temp. shutdown settings seemingly have no effect
even the temp. readings are above the set value for shutdown, SFP still being kept active
04-01-2023_MTforum_7.6stable_sfpTempShutdown.png
You do not have the required permissions to view the files attached to this post.
 
laca77
just joined
Posts: 14
Joined: Wed Jun 03, 2015 11:35 am

Re: v7.6 [stable] is released!

Wed Jan 04, 2023 11:49 pm

After upgraded my 4 CRS326-24S+2Q+ devices from 7.2 to 7.6, 2 of them shows a high CPU load (they are in one MLAG pair like the other 2 too where is no problem. The config is very simple, there are just some vlan on the bridge, nothing special L3 or filtering or queue setup. Just a pure switch with same VLAN and the MLAG of course.
In the Profile looks like the unclassified traffic is more than 25% I just opened a support case about it but would like to sign here this problem too.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.6 [stable] is released!

Mon Jan 09, 2023 2:53 am

Huge bug in script compiler: after two calls "[ ]" executes all functions defined in the script.

to find out how I got there:
viewtopic.php?p=976194#p976194

to quickly test the bug:

Example code

{
:local test1 do={:put "test1"}
:local test2 do={:put "test2"}
:local test3 do={:put "test3"}
:local test4 do={:put "test4"}
:local test5 do={:put "test5"}
[]
[]
}
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.6 [stable] is released!

Thu Jan 12, 2023 2:38 pm

Version 7.7 has been released:
viewtopic.php?t=192427

Who is online

Users browsing this forum: bschapendonk, Dish, kivimart, lubolubo, TeWe and 19 guests