Community discussions

MikroTik App
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

v7.8beta [testing] is released!

Fri Jan 20, 2023 3:52 pm

RouterOS version 7.8beta2 has been released "v7 testing" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.8beta2 (2023-Jan-20 12:27):

Important note!!!

Version is not recommended on CRS3xx devices.

Changes in this release:


!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters (CLI only);
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support (CLI only);
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters (CLI only);
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5324
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.8beta [testing] is released!

Fri Jan 20, 2023 4:19 pm

1 of my AC3 devices upgraded, so far no issues seen (it's running for a whole 5 minutes :-) ).
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.8beta [testing] is released!

Fri Jan 20, 2023 4:44 pm

Nice changelog, I don't know how to find that "rose-storage" ..
 
User avatar
antonsb
MikroTik Support
MikroTik Support
Posts: 385
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: v7.8beta [testing] is released!

Fri Jan 20, 2023 4:49 pm

Nice changelog, I don't know how to find that "rose-storage" ..
documentation draft:
https://help.mikrotik.com/docs/display/ROS/ROSE-storage

you need to install rose-storage package first
 
User avatar
achu
just joined
Posts: 1
Joined: Mon Mar 30, 2020 11:48 am
Location: PL

Re: v7.8beta [testing] is released!

Fri Jan 20, 2023 4:50 pm

Still no hardware acceleration for OpenVPN tunnel and IPQ-6010 processor (hAP ax3)
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.8beta [testing] is released!

Fri Jan 20, 2023 4:52 pm

you need to install rose-storage package first
I've downloaded the extra packages but somehow I've missed it, now I've found it :) thank you!
LE: I see you're using ksmbd, please be sure to keep it up to date with latest security patches as some nasty flaws were discovered..
 
Quaziee
newbie
Posts: 25
Joined: Wed May 23, 2018 2:42 pm

Re: v7.8beta [testing] is released!

Fri Jan 20, 2023 6:01 pm

What does this mean?
upgrade - show error message when license prohibits upgrade;
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: v7.8beta [testing] is released!

Fri Jan 20, 2023 6:03 pm

Why do you quote whole preceding post? Does it help answering? Do you repeat what your interlocutor says when you discuss?
For a CHR instance without an active license
Last edited by BartoszP on Sat Jan 21, 2023 1:57 am, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart, save network traffic
 
rpingar
Long time Member
Long time Member
Posts: 592
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.8beta [testing] is released!

Fri Jan 20, 2023 7:33 pm

may you elaborate little bit further?
*) x86 - fixed SR-IOV support for Intel X710 series NIC;

we use them and the only issue is the fact that we must use only auto about cpu irq interface queue. Is it something about?
 
mikrotikedoff
newbie
Posts: 29
Joined: Mon Nov 06, 2017 7:27 pm

Re: v7.8beta [testing] is released!

Fri Jan 20, 2023 7:51 pm

What is the reasoning for not allowing new devices being sold now with V7 to be reinstalled with V6? Seems like it'd be reasonable and considerate to remove this limitation until 7 becomes fit for professional use.
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: v7.8beta [testing] is released!

Fri Jan 20, 2023 8:04 pm

Intresting. Mikrotik planning to enter the SAN/NAS business?
 
User avatar
CTassisF
newbie
Posts: 35
Joined: Thu Jun 11, 2020 10:26 pm
Location: São Paulo, Brazil
Contact:

Re: v7.8beta [testing] is released!

Fri Jan 20, 2023 8:30 pm

Since updating to 7.8beta2 I'm having issues importing remote container image zabbix/zabbix-proxy-sqlite3:alpine-6.0-latest on my RB5009 (arm64). It was working fine on 7.7rc5.

 16:43:05 container,info,debug importing remote image: zabbix/zabbix-proxy-sqlite3, tag: alpine-6.0-latest
 16:43:05 system,info item added by cesar
 16:43:07 container,info,debug error response getting manifests: 404
 16:43:07 container,info,debug was unable to import, container 4a07240c-862b-4861-a16a-68605478ad54

After changing to zabbix/zabbix-proxy-sqlite3:alpine-6.0.12 it works fine again:

 16:45:28 container,info,debug importing remote image: zabbix/zabbix-proxy-sqlite3, tag: alpine-6.0.12
 16:45:28 system,info item added by cesar
 16:45:31 container,info,debug getting layer sha256:6875df1f535433e5affe18ecfde9acb7950ab5f76887980ff06c5cdd48cf98f4
 16:45:32 container,info,debug layer sha256:6875df1f535433e5affe18ecfde9acb7950ab5f76887980ff06c5cdd48cf98f4 downloaded
 16:45:32 container,info,debug getting layer sha256:2068be5b412156c5bc2936aeb988446cb6ac458c4c408ac51b5143e9632073f0
 16:45:33 container,info,debug layer sha256:2068be5b412156c5bc2936aeb988446cb6ac458c4c408ac51b5143e9632073f0 downloaded
 16:45:33 container,info,debug getting layer sha256:35af6ce2b615d78f6617ef90fdbb0aef91a77c766594c28325a8e9e589d0e002
 16:45:33 container,info,debug layer sha256:35af6ce2b615d78f6617ef90fdbb0aef91a77c766594c28325a8e9e589d0e002 downloaded
 16:45:33 container,info,debug getting layer sha256:7becd6903f60f84a63358dbfbf033e34094e07d255085fe0d9a2fe48481e74b6
 16:45:34 container,info,debug layer sha256:7becd6903f60f84a63358dbfbf033e34094e07d255085fe0d9a2fe48481e74b6 downloaded
 16:45:34 container,info,debug getting layer sha256:21bb24f368b7ae4b135a1ef432a6379a54310c37e8a7b8d54d0260d7cd768f9d
 16:45:35 container,info,debug layer sha256:21bb24f368b7ae4b135a1ef432a6379a54310c37e8a7b8d54d0260d7cd768f9d downloaded
 16:45:35 container,info,debug getting layer sha256:9e1e869413aec50921ae70ba3b2098e56ab598bb6a26d2b0d5c697f7c433cb00
 16:45:37 container,info,debug layer sha256:9e1e869413aec50921ae70ba3b2098e56ab598bb6a26d2b0d5c697f7c433cb00 downloaded
 16:45:38 container,info,debug getting layer sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1
 16:45:38 container,info,debug layer sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 downloaded
 16:45:38 container,info,debug getting layer sha256:e4034d2118985bc524c23df0d8c998c604ee97aef464494c39111bf32ebd9335
 16:45:39 container,info,debug layer sha256:e4034d2118985bc524c23df0d8c998c604ee97aef464494c39111bf32ebd9335 downloaded
 16:45:39 container,info,debug import successful, container c3a27c76-186a-47bf-ace4-04fcff0790fd

zabbix/zabbix-proxy-sqlite3:alpine-6.0-latest was updated a few hours ago. Maybe something is wrong on Docker Hub? Or is it a bug in 7.8beta2?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: v7.8beta [testing] is released!

Fri Jan 20, 2023 10:04 pm

Zero Trust Cloudflare package option missing. :-P
 
ksteink
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Thu Mar 31, 2016 6:54 pm

Re: v7.8beta [testing] is released!

Fri Jan 20, 2023 11:14 pm

Nice start for this new version but I like to see in the roadmap to get High Availability (HA) in which I can have 2 CRS3xx/CRS5xx in a stack in which all the configurations on the primary and connection states are sync-up constantly in the secondary (including DHCP leases). That will be a killer feature to have :)
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 12:39 am

Zero Trust Cloudflare package option missing. :-P
https://www.youtube.com/watch?v=BbDnBxlBTdY
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 1:18 am

Why do you quote whole preceding post? Does it help answering? Do you repeat what your interlocutor says when you discuss?
First, one shouldnt feed the troll posts like mine ;-PP
Secondly, accessing it via container is discriminatory and dumb, it should be a package avail on all MT devices.
Last edited by BartoszP on Sat Jan 21, 2023 1:59 am, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart, save network traffic
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 1:53 am

Bon appetit!
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 2:11 am

I do like new stuff and new version. But for me this seems to be more like 7.7.1 beta, not 7.8 beta
Mostly fixes and improvements, and new stuff added are just cosmetic.
 
User avatar
npeca75
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Aug 03, 2017 3:12 pm

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 4:13 am

yessss

after so many v7 iterations ...

1. SFP data is back
2. SLAAC address show as expected
3. RA route show as expected
4. SNMP readout of SFP values as expected
rb760igs
You do not have the required permissions to view the files attached to this post.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 5:06 am

pls fix BGP-VRF-VPNv4 - working with RR
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 7:57 am

I think most people are missing the (possibly) bigger "news" here.

"RouterOS Enterprise" (using modern NAS tech) allows us to leverage the untapped CPU/disk resources of our beefier boxes. Or, more particularly, beefier boxes yet to be released.

The RAID examples in the docs (https://help.mikrotik.com/docs/display/ROS/ROSE-storage) use NVMe as examples. One could expect to see more 2x16's with more RAM and NVMe slots--or possibly some 2x32's, with 32 cores, 32GB of RAM, 2-4-more NVMe slots, and 40G or 100G networking.

Or, you could just put it on the bare metal and leverage whatever you have today.

I just got NFS working between an AX3 and a 2116 in the lab and it was painless. Next up will be to spin up containers on the AX3, without having to attach a USB drive.
 
flapviv
just joined
Posts: 7
Joined: Wed Oct 13, 2021 7:50 am

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 10:06 am

The RAID examples in the docs (https://help.mikrotik.com/docs/display/ROS/ROSE-storage) use NVMe as examples. One could expect to see more 2x16's with more RAM and NVMe slots--or possibly some 2x32's, with 32 cores, 32GB of RAM, 2-4-more NVMe slots, and 40G or 100G networking.
Yes you're right, 10 NVMe slot is not for a router but for a server. ;-)
 
FattyAcid
just joined
Posts: 9
Joined: Thu Aug 11, 2022 11:28 pm

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 10:24 am

This is a disappointing release as 7.8, should have been 7.7.1.

When are we going to see Mikrotik address those critical route/switch features that most enterprises use. Specifically:

1. BFD fixed
2. BGP-VPNv4-VRF RR fixed
3. Something equivalent to Cisco DMVPN, HP DVPN, Meraki AutoVPN, or Fortinet ADVPN, etc.
4. EVPN
5. MPLS Fast Reroute
6. BGP Multi-path
7. L3HW off loading that is compatible with MLAG and VRRP
8. L3HW off loading for VXLAN
9. L3HW off loading for QinQ

Until those are delivered I can’t use Mikrotik in any medium or large US companies I support. Cant use it in the data center, can’t use it in the WAN edge, can’t use it in the LAN.

ROSE is nice but it’s not helping me get Mikrotik into the enterprise in the US.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 10:42 am

While I agree with many of the flaws, point #3 is generally referred to as SDWAN and is implemented in RoS using ZeroTier.
 
User avatar
woland
Member Candidate
Member Candidate
Posts: 258
Joined: Mon Aug 16, 2021 4:49 pm

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 11:00 am

This is a disappointing release as 7.8, should have been 7.7.1.

When are we going to see Mikrotik address those critical route/switch features that most enterprises use. Specifically:
Yep, couldn´t agree more, I am disappointed by 7.8 as well: people are not waiting for ROS to have perfect storage support (ROSE). Having containers is great, but it should not be the focus. I am waiting for solid WIFI features (band steering, roaming, wireless bridging for wifiwave2, single capsman to manage old and new wifi), better IPv6 support (fast track, rfc9096), more HW acceleration.
I would also love to see CCR2004-PCIe card BSD support, which was spoken about, but was never realized!
What about more modular wifiwave2, so that it fits on my CAPac, HAPac2 ? Those would be the real killer features for me!
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 11:07 am

RouterOS version 7.8beta2 has been released "v7 testing" channel!
*) certificate - improved certificate management, signing and storing processes;

Hello.
I have problem on new fresh clean installation chr-7.8beta2.img with ipsec,error can't get private key.
SUP-105306 https://help.mikrotik.com/servicedesk/s ... SUP-105306
On a new fresh clean installation from the chr-7.8beta2.img file, there is an error that does not exist on stable chr-7.7.img.

r1:
/certificate/add name="r1-ca" common-name="r1-ca" subject-alt-name="email:r1-ca" key-size=prime256v1 key-usage=key-cert-sign,crl-sign
:do {/certificate/sign [find name=r1-ca] name=r1-ca} on-error={:delay 3}
/certificate/add name="r1" common-name="192.168.2.14" subject-alt-name="IP:192.168.2.14" key-size=prime256v1 key-usage=digital-signature,content-commitment,key-encipherment,key-agreement,tls-server
:do {/certificate/sign [find name=r1] ca=r1-ca name=r1} on-error={:delay 3}
/certificate/add name="r1-r2" common-name="r1-r2" subject-alt-name="email:r1-r2" key-size=prime256v1 key-usage=digital-signature,key-encipherment,data-encipherment,key-agreement,tls-client
:do {/certificate/sign [find name=r1-r2] ca=r1-ca name=r1-r2} on-error={:delay 3}
:delay 2
/certificate/export-certificate r1-ca file-name=r1-ca
/certificate/export-certificate r1 file-name=r1
/certificate/export-certificate r1-r2 file-name=r1-r2 type=pkcs12 export-passphrase=passphrase
/ip/pool/add name=r1-r2 ranges=192.168.1.2
/ip/ipsec/mode-config/add address-pool=r1-r2 address-prefix-length=32 name=r1-r2 split-include=0.0.0.0/0 system-dns=no
/ip/ipsec/policy/group/add name=group1
/ip/ipsec/profile/add dh-group=ecp256 enc-algorithm=aes-256 hash-algorithm=sha256 name=profile1 prf-algorithm=sha256 proposal-check=strict
/ip/ipsec/peer/add exchange-mode=ike2 local-address=192.168.2.14 name=peer1 passive=yes profile=profile1
/ip/ipsec/proposal/add auth-algorithms=sha256 enc-algorithms=aes-256-cbc,aes-256-gcm lifetime=8h name=proposal1 pfs-group=ecp256
/ip/ipsec/identity/add auth-method=digital-signature certificate=r1 generate-policy=port-strict match-by=certificate mode-config=r1-r2 peer=peer1 policy-template-group=group1 remote-certificate=r1-r2
/ip/ipsec/policy/add dst-address=192.168.1.0/24 group=group1 proposal=proposal1 src-address=0.0.0.0/0 template=yes

r2:
/certificate/import file-name="r1-ca.crt" name="r1-ca" passphrase=""
/certificate/import file-name="r1.crt" name="r1" passphrase=""
/certificate/import file-name="r1-r2.p12" name="r1-r2" passphrase="passphrase"
:delay 2
/ip/ipsec/mode-config/add name=cfg1 responder=no
/ip/ipsec/policy/group/add name=group1
/ip/ipsec/profile/add dh-group=ecp256 enc-algorithm=aes-256 hash-algorithm=sha256 name=profile1 prf-algorithm=sha256 proposal-check=strict
/ip/ipsec/peer/add address=192.168.2.14/32 exchange-mode=ike2 name=peer1 profile=profile1
/ip/ipsec/proposal/add auth-algorithms="" enc-algorithms=aes-256-gcm lifetime=8h name=proposal1 pfs-group=ecp256
/ip/ipsec/identity/add auth-method=digital-signature certificate=r1-r2 generate-policy=port-strict match-by=certificate mode-config=cfg1 my-id=dn peer=peer1 policy-template-group=group1 remote-certificate=r1
/ip/ipsec/policy/add dst-address=0.0.0.0/0 group=group1 proposal=proposal1 src-address=0.0.0.0/0 template=yes

Result:
09:02:34 ipsec,info new ike2 SA (I): peer1 192.168.2.15[4500]-192.168.2.14[4500] spi:283ba582c62ec4fa:57b2c5210d7931a4
09:02:34 ipsec,error can't get private key
09:02:34 ipsec,info killing ike2 SA: peer1 192.168.2.15[4500]-192.168.2.14[4500] spi:283ba582c62ec4fa:57b2c5210d7931a4
09:02:36 ipsec,info new ike2 SA (I): peer1 192.168.2.15[4500]-192.168.2.14[4500] spi:1e4c321c0f62bbb0:b86fa5304054f5df
09:02:36 ipsec,error can't get private key
09:02:36 ipsec,info killing ike2 SA: peer1 192.168.2.15[4500]-192.168.2.14[4500] spi:1e4c321c0f62bbb0:b86fa5304054f5df
09:02:37 ipsec,info new ike2 SA (I): peer1 192.168.2.15[4500]-192.168.2.14[4500] spi:005d4fe0daeadb1d:5319ddb77408abbb
09:02:37 ipsec,error can't get private key

I attached the command-history.txt and supout.rif files from stable chr-7.7.img where everything works and from chr-7.8beta2.img where it does not work.
Please, fix it.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 11:19 am

This is a disappointing release as 7.8, should have been 7.7.1.

When are we going to see Mikrotik address those critical route/switch features that most enterprises use.
While I agree with your point, of course this is NOT a release. It is not 7.8.
It is the first in a row of betas that will add more and more features, until finally we get a 7.8rc1 in about a month, and THEN it is time to complain that it again does not fix those features and issues.
However, like you I fear that this will again be the case by then. We get things like a disk manager, instead of some long awaited fixes in the basic functionality of a router.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 11:57 am

By now my hAP ac2 has only 1452 KiB of free space on the flash, with just the routeros package and a simple bridge mode AP only configuration.
Is that typical for this device, or is it time for a netinstall?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 1:26 pm

By now my hAP ac2 has only 1452 KiB of free space on the flash
My hAP ac2 (running 6.49.6, but nevertheless) has 696kiB of free space on flash. So nothing new for 7.8beta ...
 
User avatar
woland
Member Candidate
Member Candidate
Posts: 258
Joined: Mon Aug 16, 2021 4:49 pm

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 2:22 pm

I have recently netinstalled my HAPac2 (maybe around the release of 7.4). I have 1,7MB free after the upgrade to 7.8. So a netinstall probably wont help much.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 3:37 pm

Thanks! I was worried that during one of the upgrades a couple of MB was left behind... I have another AP that is MIPSBE and it has 3800 KiB free, but apparently ARM code is a lot larger than MIPSBE.
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 3:48 pm

This is a disappointing release as 7.8, should have been 7.7.1.

When are we going to see Mikrotik address those critical route/switch features that most enterprises use. Specifically:

1. BFD fixed
2. BGP-VPNv4-VRF RR fixed
3. Something equivalent to Cisco DMVPN, HP DVPN, Meraki AutoVPN, or Fortinet ADVPN, etc.
4. EVPN
5. MPLS Fast Reroute
6. BGP Multi-path
7. L3HW off loading that is compatible with MLAG and VRRP
8. L3HW off loading for VXLAN
9. L3HW off loading for QinQ

Until those are delivered I can’t use Mikrotik in any medium or large US companies I support. Cant use it in the data center, can’t use it in the WAN edge, can’t use it in the LAN.

ROSE is nice but it’s not helping me get Mikrotik into the enterprise in the US.
I agree. I think Mikrotik has to decide what segment to focus on. Home users that demand bleeding-edge all-in-one boxes or enterprise that need proven solutions and functions.

"DMVPN" is such a killer feature in the enterprise world. VyOS has support for it since years.
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 167
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 3:49 pm

9 cAP ac. Only two of them have 10% free space. The rest - from 5% to 8%. There are no user files in the memory of access points.
3 hAP ac2. Everyone has similar problems with free space.

On all devices, version 7.5 was installed via netinstall, then the usual update.
 
curtdept
just joined
Posts: 2
Joined: Wed Nov 17, 2021 8:00 am

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 5:12 pm

Use of DHCP snooping on a bridge breaks IPV6 PD on an RB5009
 
dadaniel
Member Candidate
Member Candidate
Posts: 220
Joined: Fri May 14, 2010 11:51 pm

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 10:39 pm

It would be great if OVPN would get static key support soon. Can you please tell me what's the problem implementing this?
 
hecatae
Member Candidate
Member Candidate
Posts: 244
Joined: Thu May 21, 2020 2:34 pm

Re: v7.8beta [testing] is released!

Sat Jan 21, 2023 11:58 pm

Is that support for the Fibocom L850?

I've got one here I'm just curious about the fixed dialing mentioned
 
maigonis
Member Candidate
Member Candidate
Posts: 180
Joined: Sat Jul 20, 2019 8:16 pm

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 12:00 am

Nobody noticed wave2 CAPSMAN GUI is here?

As someone have already mentioned - how realistic is wave2 on 40xx devices?
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 12:22 am

As someone have already mentioned - how realistic is wave2 on 40xx devices?
I've been running wave2 at home since 7.7 with no complaints on a 4011 and an Audience, although I wasn't really using the 2.4ghz on the 4011 so I didn't really miss it.

If I did need the 2.4ghz I would be tempted to pick up a 2.4ghz radio that was compatible and switch out the one in the 4011 for that one.
 
ITDave
just joined
Posts: 10
Joined: Sat Sep 09, 2017 11:37 am

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 12:33 am

I am not sure if anyone noticed but under IPv6 ICMP Packets seem to have a 30s timeout??
It would be nice to be able to alter the connection tracking separately for both IPV4 and IPV4
 
korzus
just joined
Posts: 3
Joined: Mon Oct 13, 2014 2:18 am

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 12:44 am

On rb4011, with 2 wans interfaces, a wireguard tunnel is using both links very like as round robin balancing. Pretty weird.
Restored to 7.7rc5.
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 997
Joined: Fri Jun 26, 2020 4:37 pm

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 2:34 am

Upgraded a hAP ax2 to this version and now I keep getting a log message on every reboot with this:
"error while running customized default configuration script: no such item"

Any way to fix this? Downgrading back to 7.7 stable, didn't fix it.

5GHz Wi-Fi is “running” but clients fail to connect, working fine on 7.7 stable.
 
korzus
just joined
Posts: 3
Joined: Mon Oct 13, 2014 2:18 am

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 3:03 am

Have you tried reset with "no default configuration" option? Or even netinstall?

Upgraded a hAP ax2 to this version and now I keep getting a log message on every reboot with this:
"error while running customized default configuration script: no such item"

Any way to fix this? Downgrading back to 7.7 stable, didn't fix it.

5GHz Wi-Fi is “running” but clients fail to connect, working fine on 7.7 stable.
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 997
Joined: Fri Jun 26, 2020 4:37 pm

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 3:10 am

Have you tried reset with "no default configuration" option? Or even netinstall?
Yes. No. I do not want to netinstall as that's what I just did 5 days ago with this new box using 7.7. It's a lot of efforts for bugs that should be fixed by MikroTik.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 9:26 am

5 1/2 year and still no change in the logging prefix mess, that MT should look at.
viewtopic.php?t=124291

Please look at rfc 5424, released in mars 2009....
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 10:57 am

where's your ticket number and what does it have to do with the current release?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 11:08 am

1. Ticket#2019071722004055] PS this are not the first one. Did not find the one form 2017(mail deleted), this one are from 2019
Newer ticket SUP-105353, and Mikrotik reads this forum as well.
3. This is a new mayor release, so new function can be added. Until fixed, I will ask for MT to do some thing with it.

It may not be an importante function for you, but if you run MT in a larger scale, logging is important.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 11:24 am

"DMVPN" is such a killer feature in the enterprise world. VyOS has support for it since years.

in general called SD-WAN. This is implemented in v7 using ZeroTier.
 
alibloke
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Fri Jun 03, 2016 12:13 am

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 11:33 am

I'm getting the following error on only one of my hAPax3's:
 jan/20 14:16:47 system,error,critical error while running customized default configuration script: invalid internal item number 
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 11:36 am

Upgraded a hAP ax2 to this version and now I keep getting a log message on every reboot with this:
"error while running customized default configuration script: no such item"
In the past this was often caused by renaming wlan interfaces in your local config (combined with programming errors in MikroTik's scripts).
E.g. when you rename wlan1 to wlan-2ghz because that is clearer to you, it will cause such failures.
Don't know if that mistake (of referring directly to wlan1 in scripts instead of something like [ find default-name=wlan1 ] ) still hasn't been fixed.
 
User avatar
Maggiore81
Trainer
Trainer
Posts: 558
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 12:03 pm

MT is currently missing a big point. Apart from routing features present in v6 that are not available on v7... they advertise the L3-HW that is BROKEN!
I have since 7.4 a support file, that is not fixed and they dindt give me any ETA for the fix.
We need every one hour to stop and restart the l3-hw engine on the CRS317. They are NOT READY for the isp business, but they ignore it.
SUP-95367 is still unfixed.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 2:27 pm

*) disk - limit maximum TMPFS size;
What is this limit? And is there a way to create a tmpfs with a sane default? Giving no size just fails now...
[admin@MikroTik] > /disk/add type=tmpfs 
failure: too much memory requested for tmpfs/ramdisk
 
dg1kwa
just joined
Posts: 19
Joined: Tue Aug 17, 2010 12:32 pm
Location: Monheim

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 2:37 pm

yeah, now DOM/DDM work on my hEX S (RB760iGS). Great job!
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 2:40 pm


It may not be an importante function for you, but if you run MT in a larger scale, logging is important.
Logging works fine unless you're trying some weird shit gathering data in splunk or whatever.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 3:00 pm

*) disk - limit maximum TMPFS size;
What is this limit? And is there a way to create a tmpfs with a sane default? Giving no size just fails now...
I suggest that you enable memory graphing and watch after a while what is the maximum amount of money consumed in your setup, and set the ramdisk so that it occupies less than the space that is always free.
I have added a ramdisk of size 800M on my RB4011 which has 1GB of RAM and typically 120MB in use.
Note that a ramdisk does not immediately occupy the space allocated to it. That happens only when it is filled with files.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 3:05 pm

5 1/2 year and still no change in the logging prefix mess, that MT should look at.
I agree that it is a mess and needs improvement, but I fear that making any change to how it is now will cause an even bigger mess in existing installations than we have now.
Probably things that could be changed with relatively low impact:
- add a new type of prefix, something like "err######" which is unique for every possible message in the system, where the ###### is a permanently assigned error number documented on the help site. allows matching of a single message type that you want to log (or not log).
- add a "regexp matching" capability in the log rules, that matches on the message content
- fix the remote logging so that the prefixes can (optionally) be sent in the BSD format, maybe via some way to add a script in a remote logging definition that can alter the logged message as per the operator preference.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 3:31 pm

Logging works fine unless you're trying some weird shit gathering data in splunk or whatever.
No need to use bad words. Many people do use logging in various form, not only Splunk.
And following standard are always at better way to success.

@pe1chl
I do agree that a change may not be a good option. Add an extra option called for example rfc 5424 that would give the new and more standard format. This way user can select what to do and not break all the old stuff.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 3:48 pm

Agree with @pe1chl. Specifically, the prefix is only thing that helps find things today. So without the prefixes in remote/BSD logging, it's extremely difficult to search or read even since there is 0 context.

I'd add "don't use multi-line log entries" (DHCP being the worst oftener): one event, one entry.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 3:54 pm

Note that a ramdisk does not immediately occupy the space allocated to it. That happens only when it is filled with files.
Yes, I know that. That's why I am not really happy with the change. I want to place backup files and exports on tmpfs, generated from scripts.

Well, looks like using a third of total memory works on all devices... Probably using that then.
 
tangent
Forum Guru
Forum Guru
Posts: 1333
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 9:43 pm

new "rose-storage"…ARM, ARM64, Tile and x86

Several comments:

  1. The clients should be added to MIPS, since they need network storage the worst of all machine types. I don't care whether it's SMB, NFS, iSCSI, or nVME-over-TCP, all four, or some subset, but something would be welcome. I can live without the servers; pressing a hEX into service as an iSCSI server with its piddlin' USB 2.0 port would be mondo silly.
  2. All of the "*-address" fields should be renamed to just "address". You can't use them together. You know the type of address from the "type" parameter already.
  3. If you don't do that, then you've at least got a copy-paste error to fix: "add type=nfs iscsi-address=192.168.1.1"
  4. Those wishing for RouterOS to become a competitive NAS using these features are dreaming, given its fixed RAID levels. There's nothing like the flexible RAID levels pioneered by Drobo, then copied by Synology, QNAP, Lacie, etc. There are uses for DIY fixed RAID, but in a world where we've got things like TrueNAS Core, I don't see this feature taking over any significant slice of the NAS market.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 11:02 pm

Any MIPS devices with more than 16MB of storage?
Because of the great modularity options that RouterOS provides you can't fit that package on such little storage.
 
tangent
Forum Guru
Forum Guru
Posts: 1333
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: v7.8beta [testing] is released!

Sun Jan 22, 2023 11:50 pm

Any MIPS devices with more than 16MB of storage?

With a little sorting on the product matrix, I count 32 products. Compressing it to product families, we get:

  • BaseBox 2, 5, 6
  • CRS109-8G-1S-2HnD-IN
  • CRS125-24G-1S-2HnD-IN
  • KNOT LR8 & LR9 kits
  • mANTBox 15s & 19s; mANTBox 2 12s
  • NetBox 5
  • NetMetal 5 series
  • QRT 5 series
  • RB2011 series
  • RB911, 912, 922, and 951 series
  • SXT SA5 series

I don't know how to quickly verify which ones are both in production and have ready stock, but there are some familiar pieces on that list such as the venerable CRS109 and RB2011.

you can't fit that package on such little storage.

My understanding is that MIPS boxes have under 2 MB of flash free these days. I looked at the ARM package, and it's nearly 4 MB. However, I did say it should be pared down to the clients alone. That might be enough, and if not, then you take the next step and remove them in fattest-to-slimmest order until you get under the limit. I suspect "nVME-over-TCP" is the slimmest, but whatever it turns out to be, one is better than none.
 
105547111
Member Candidate
Member Candidate
Posts: 135
Joined: Fri Jun 22, 2012 9:46 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 4:40 am

Confirmed the SSTP bug is fixed and resolved :-)
 
holvoetn
Forum Guru
Forum Guru
Posts: 5324
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 7:05 am

Nobody noticed wave2 CAPSMAN GUI is here?
I just have been toying with it.
Experienced complete crash on AC3 when enabling capsman.
Log files after reboot seem to indicate system and wave2 package were installed. Again ?

It did not happen again afterwards so maybe a glitch ?
 
murrayis
just joined
Posts: 21
Joined: Tue Sep 29, 2020 11:57 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 7:08 am

@mikrotik - Why the delay on BFD - It's time to be real!

BFD is far more important than adding RAID/iSCSI/NFS support to a "Router"
 
User avatar
antonsb
MikroTik Support
MikroTik Support
Posts: 385
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 10:08 am

Several comments:
Thanks noted.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 11:59 am

The storage package needs a lot more doc. It seems that it is possible to mount an iSCSI volume, and to export an NFS volume, but is it also possible to mount an NFS shared directory from another system? I do not see the parameter to specify the server path. As in:
mount -t nfs server:/path /mountpoint
type nfs and mountpoint are clear.
 
arm920t
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Sat Aug 03, 2019 8:02 am

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 12:25 pm

may you elaborate little bit further?
*) x86 - fixed SR-IOV support for Intel X710 series NIC;

we use them and the only issue is the fact that we must use only auto about cpu irq interface queue. Is it something about?
Same problem here.Only read-only irq for xxv710 nic.
 
rpingar
Long time Member
Long time Member
Posts: 592
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 12:30 pm

may you elaborate little bit further?
*) x86 - fixed SR-IOV support for Intel X710 series NIC;

we use them and the only issue is the fact that we must use only auto about cpu irq interface queue. Is it something about?
Same problem here.Only read-only irq for xxv710 nic.
yes and the strange think is that one queue is used a lot more the others, loading manly one core.
 
hecatae
Member Candidate
Member Candidate
Posts: 244
Joined: Thu May 21, 2020 2:34 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 12:39 pm

Chateau LTE12 updated without issue.
 
User avatar
antonsb
MikroTik Support
MikroTik Support
Posts: 385
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 12:48 pm

mount -t nfs server:/path /mountpoint
nfs-share=...
documentation is still in progress
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 1:09 pm

Just tried rose-storage. Using 2 SATA-III SSDs inside RB1100, I can at least create a "mirrored disks" (RAID 1). So that part works!

But noticed several things:

1. Files window in winbox still shows a "sata1-part1", even though that doesn't exist. The raid volume does show up e.g. raid1-part1 okay however.

2a. Setting the slot= on a raid partition, doesn't persist reboot. e.g. I'd set the slot=disk1, but after reboot comes back as default raid1-part1.
2b. Similar nfs-export and smb-export also don't seem to persist reboot.

3. Could NOT mount RouterOS ROSE disks using NFS Mac after using nfs-export=yes - tried various things: Finder using URL, Terminal using mount, using both :/ and :/raid1-part1 in path – nothing obvious seem to work and docs less helpful here.

4. The relationship with existing /ip/smb is unclear. I do NOT have /ip/smb enabled, but did try smb-export=yes in /disks. Similar issues to NFS - couldn't figure out any way to mount. Only thing that got close was if I add smb-share=/disk1, then MacOS prompts for a password when using smb://<MT_IP>/disk1 - but neither using "Guest" or "Registered User" with ROS creds failed so no mount. If you set smb-user=/smb-password=, then it doesn't even prompt for a password on MacOS and doesn't work either - but those seem more to mount a SMB volume on RouterOS (I'm was trying to share the ROSE disk as SMB share)

Basically I have a working mirrored disk, that cannot be renamed or shared. RAID alone is still useful, but clearly some better docs and/or bug fixes might be needed...
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 1:53 pm

I would wait until they actually releases any SAN/NAS hardware, or else it's pointless (since it exists so many NAS platforms for generic x86 already)
in general called SD-WAN. This is implemented in v7 using ZeroTier.
Thats properitary and requires a central controller somewhere, and can't co-exist with regular routing.
 
dcavni
Member Candidate
Member Candidate
Posts: 107
Joined: Sun Mar 31, 2013 6:02 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 3:29 pm

Can Wave 2 CAPSMAN also control non Wave2 Wifi interfaces (devices)?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 3:33 pm

NO
 
holvoetn
Forum Guru
Forum Guru
Posts: 5324
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 3:37 pm

Small nuance:
NO as it is right now.
But it has been stated the possibility might come in the future that both legacy and wave2 capsman could be integrated in one solution. ETA ? Crystal ball needed ...
 
dcavni
Member Candidate
Member Candidate
Posts: 107
Joined: Sun Mar 31, 2013 6:02 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 3:39 pm

That's a bit sad, since i have 6 non Wave 2 devices and two Wave 2 (AC3), that will now be replaced by RB5009 and left as an AP. So no way to put them on the same network. It is what it is.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5324
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 3:41 pm

You can still put them on the same network.
But you will need 2 different CAPSMAN controllers for the time being: one for legacy, one for wave2 (and if you also want redundancy, multiply by 2).
Like you say: it is what it is.
 
dcavni
Member Candidate
Member Candidate
Posts: 107
Joined: Sun Mar 31, 2013 6:02 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 3:46 pm

I know that, but in this case, phones won't seamlessly switch from one device to another.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5324
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 3:52 pm

Even with APs within the same capsman constellation, there is no seamless switch.
I believe you need roaming parts of the wifi-specs for that to happen. It's being worked on but not fully implemented yet (as it is now to my knowledge, only within same AP = from 2.4 to 5Ghz and vice versa if same SSID is used. Unless I missed something in the latest versions in that context.).
 
dcavni
Member Candidate
Member Candidate
Posts: 107
Joined: Sun Mar 31, 2013 6:02 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 3:59 pm

Not realy sure. When i tested this with PING from my phone i moved from one AP to another and PING didn't drop inbetween. But sometimes i notice, that phone doesn't switch to another AP when it should. Especialy this is noticable when doing WiFi calling and call drops.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 4:02 pm

capsman currently doesn't improve roaming experience of wireless clients. capsman2 might (and hopefully will in the future). If you configure APs with same security profile (replicate it on APs directly or in other capsmans) and make sure resulting wireless interfaces are part of same L2 network (e.g. served by same DHCP server without resorting to DHCP relay or anything similarly redundant), then client roaming experience will be the same whether APs are provisioned by same capsman or if they are configured individually.

Eitehr way, it's up to client to decide when it wants to switch, newer standards (802.11 r/k/v; only /r is implemented in wifiwave2 driver and works between radios of same AP) assist client by providing more information (k/v) and by allowing faster registration to target radio (r). When everything works as designed, then switch is very fast and user normally doesn't notice it.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 4:06 pm

... but it will never be as fast as with some competing products that provide "seamless roaming", i.e. the entire installation operates as a single AP MAC address on a single channel.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 4:09 pm

the entire installation operates as a single AP MAC address on a single channel.
I hope this is one of your jokes.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 4:14 pm

the entire installation operates as a single AP MAC address on a single channel.
I hope this is one of your jokes.
Nope, it's real.
 
llag
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Sat Aug 04, 2018 12:12 am

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 4:18 pm



Important note!!!

Version is not recommended on CRS3xx devices.

Changes in this release:

What are the limitations for the CRS3xx devices that cause this version not to be recommended?
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 4:19 pm



I hope this is one of your jokes.
Nope, it's real.
example?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 4:54 pm

the entire installation operates as a single AP MAC address on a single channel.
I hope this is one of your jokes.
No, really. There are manufacturers that offer a WiFi where there is only a single AP MAC for the controller, all APs listen on the same frequency and the same MAC, the traffic they receive is forwarded to the controller together with a signal strength value (RSSI), and the controller keeps the location of the strongest received signal so when they need to transmit data it can be sent via the AP where the signal is strongest.
With such a system there is no real roaming, it is just like a large single-frequency diversity system. There are absolutely no interruptions due to roaming.
But of course the fact that there is a single channel can limit the performance. However, more modern systems can operate several channels in parallel each with this system, so the users will be distributed over different channels.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 5:02 pm

Please provide an example of a manufacturer currently advertising such a feature.
 
Dude2048
Member Candidate
Member Candidate
Posts: 212
Joined: Thu Sep 01, 2016 4:04 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 5:30 pm

 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 5:35 pm

which comes from acquisition of Meru Networks
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 6:15 pm

Just tried rose-storage. Using 2 SATA-III SSDs inside RB1100, I can at least create a "mirrored disks" (RAID 1). So that part works!
...
3. Could NOT mount RouterOS ROSE disks using NFS Mac after using nfs-export=yes - tried various things: Finder using URL, Terminal using mount, using both :/ and :/raid1-part1 in path – nothing obvious seem to work and docs less helpful here.

4. The relationship with existing /ip/smb is unclear....
It feels to me that, at least at this stage, it's meant more for router-to-router use, particularly for containers on diskless devices. I couldn't get a router to mount an iSCSI target from my TrueNAS box. I tried NFS and Samba from the 2116 to my Mac too. I couldn't get anything to work the way one would expect to another computer.

I then loaded 7.8b2 on a hAP AC3 and connected it to the 2116 using NFS and it worked immediately. However, when trying to connect the hAP to the 2116 via iSCSI, the hAP just hung. Now, even after a reboot, it hangs when trying to export or print the disk config. I can't even remove it, so I'll have to reset it and try again.

[Edit] Turns out NFS works with Linux and macOS, provided you have the correct options: viewtopic.php?p=979643#p979643
Last edited by sirbryan on Mon Jan 23, 2023 7:39 pm, edited 1 time in total.
 
fragtion
Member Candidate
Member Candidate
Posts: 257
Joined: Fri Nov 13, 2009 10:08 pm
Location: Johannesburg, South Africa

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 6:26 pm

*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
Yes - finally!! Confirmed fixed, Thanks!!
 
Rox169
Member
Member
Posts: 432
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 6:32 pm

Hi,
I appreciate storage management but at the moment Im not able to use SAMBA on 7.7 stable with my camers HIKVISION: I have already sent (SUP-104510) but no solution yet. I have hAP AX3 and I would like to use it as SAMBA server for my cameras but I have to keep old ASUS router with 1GB HDD to be able save vidoes from Cameras.

Image

MIKROTIK PLEASE TAKE THIS SUP SERIOUSLY THERE ARE MILIONS OF HIKVISION CAMERAS AROUND THE GLOBE.
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 7:01 pm

I got MacOS to mount the NFS share:
sudo mkdir /Volumes/2116/
sudo mount -t nfs -o vers=4,hard,bg,intr,resvport,rw 192.168.x.x:/nvme1 /Volumes/2116/
I also got it to auto mount the share:
# add to /etc/auto_master if you don't already have it
/-			auto_nfs	-nobrowse,nosuid

# create /etc/auto_nfs, then add this line for Catalina and later; 2116 is the name of my share, change it to what you want
# nvme1 is my disk's name on the 2116
/System/Volumes/Data/../Data/Volumes/2116	-fstype=nfs,vers=4,hard,bg,intr,resvport,rw  nfs://192.168.x.x/nvme1/
 
aussetg
just joined
Posts: 19
Joined: Sat Jan 16, 2021 7:31 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 8:09 pm

> supporting disk monitoring, improved formatting, RAIDs, iSCSI ,NVMe over TCP,

Mmmm the PCIe CCR2004 will probably get much more interesting ;)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Mon Jan 23, 2023 10:15 pm

I got the NFS mount working. However, there apparently are no error messages. So when I configured something incorrectly, it just silently accepted the "add" and then in showing the status the nfs line would not show the M status. I would have expected an error in the log indicating the failed mount, but there wasn't any.
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 5:54 am

I got one of these for my lab CCR2116 (Orico M.2 NVMe to SATA Expansion Card):
61kz--cHiLL._AC_SL1200_.jpg
Here's what it looks like installed (top is off, sitting in rack):
IMG_0015.jpg
I hooked up a Kingston 256GB SSD that I had in an enclosure and powered it via a separate power supply.
Flags: B - BLOCK-DEVICE; M, F - FORMATTING; p - PARTITION
Columns: SLOT, MODEL, SERIAL, INTERFACE, SIZE, FREE, FS, RAID-MASTER
#     SLOT               MODEL             SERIAL             INTERFACE                 SIZE             FREE  FS    RAID
0     pcie1              SATA Controller                      PCIe 2x8 GT/s                                          none
1 B   pcie1-sata1        KINGSTON SH103S3  50026B73XXXXXXXX   SATA 6.0 Gbps  240 057 409 536                         none
2 BMp pcie1-sata1-part1                    @512-240057409536                 240 057 409 024  235 152 457 728  ext4  none
Exported it via NFS, mounted the NFS share on my Mac, and with Blackmagic Disk Speed Test, I'm getting 136MB/s write, 496MB/s read (specs claim 555MB/s read, 510MB/s write).

I've ordered a 6-bay SSD 2.5" chassis to hook up to this thing to experiment with RAID and with exporting drives and/or partitions to diskless routers for containers, particularly my 2004's with 4GB of RAM.

Now if I could only find a way to route those cables straight out a whole in the back and put the lid back on...
You do not have the required permissions to view the files attached to this post.
 
User avatar
DanielTheFox
just joined
Posts: 2
Joined: Mon Jan 11, 2021 9:48 pm
Location: Mexico

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 6:45 am

Does RouterOS support TRIM/UNMAP?
 
rpingar
Long time Member
Long time Member
Posts: 592
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 9:47 am

for us 7.8beta2 still has critical pppoe server issues:
- after 48h the pppoe-servers (more 10.000 servers on the box) crashe and let the dynamic pppoe queues go invalid (reboot needed)
- some time the dynamic pppoe-client interface doesn't go running (you can manually remove them and let the client router to reauthneticate)
[SUP-97493] updated with all the supout and autosupout generated
 
User avatar
Phaere
just joined
Posts: 23
Joined: Thu Jul 17, 2014 3:01 pm
Location: Kyiv

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 11:01 am

Nice
New storage and container fixes for routers
No core routing (BFD,EVPN, buggy VPN4) functionality for routers
Nice. No more words, sorry
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 11:39 am

Now if I could only find a way to route those cables straight out a whole in the back and put the lid back on...
You do not have the required permissions to view the files attached to this post.
 
Guscht
Member Candidate
Member Candidate
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 3:17 pm

We get things like a disk manager, instead of some long awaited fixes in the basic functionality of a router.

Thats is a development I dont really like. There are TONS of bug in basic stuff and they come up with docker and some kind of strogae manager.
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 4:30 pm

I had something more elegant in mind, like a drill and hole saw. But the plugs are also too tall for the lid. Right-angle SATA ends would work for one or two, but I wonder if they have any that come off sideways…

Those that are frustrated with the seemingly useless features being released need to realize that most of this stuff they’re “adding” comes with Linux anyway. The other stuff we want (BFD et al) have to be written or rewritten.

While I agree there needs to be focus on high priority issues that we feel have long been overlooked (I miss BFD too), I wager there are several developers/development teams all working on different pieces of the stack. Some of it is harder to implement, some of it is super easy. I don’t expect the data center/devops guys to be BGP/BFD/SDN wizards, nor would I expect the GUI guys to be experts in embedded systems.

As a former CIO/CTO and now as a service provider and home user/tinkerer, I welcome it all. I’ve always considered RouterOS the Swiss Army Knife in this industry.
 
cdemers
Member Candidate
Member Candidate
Posts: 224
Joined: Sun Feb 26, 2006 3:32 pm
Location: Canada
Contact:

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 4:39 pm

@sirbryan something like this? Is there enough clearance for the cables to go off to the side?
https://www.startech.com/en-ca/cables/sata12rsa1
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 4:43 pm

Nice
New storage and container fixes for routers
No core routing (BFD,EVPN, buggy VPN4) functionality for routers
Nice. No more words, sorry
Those modules present in "rose-storage" are all modules that required just to be enabled in the linux kernel, and the MikroTik team added some options to control them. Everything else that isn't upstreamed in the kernel yet isn't that easy to add.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26291
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 5:08 pm

Bugs and things like BFD have no "enabled=yes" switch in RouterOS configuration files, sorry. It is easy to add some basic things, but there are complex things that need to be made from 0.
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 5:13 pm

Please, check 7.8beta2 bug with ipsec,error can't get private key SUP-105306
viewtopic.php?t=192810#p979168
Last edited by depth0cert on Tue Jan 24, 2023 5:40 pm, edited 1 time in total.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 5:37 pm

Please, check 7.8beta2 bug
SUP-105306
It help more people if you at least post the title/bug summary here. If everyone simply put the SUP#'s to check, the forum be way less useful.
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 5:42 pm

@sirbryan something like this [Startech Side Angle SATA cable]? Is there enough clearance for the cables to go off to the side?
Those are too tall for the lid, and they'd hit the heat sink shroud.

But these low-profile, lateral SATA cables should do the trick:

https://silverstonetek.com/en/product/i ... ries/CP11/
https://www.youtube.com/watch?v=H76CKNc_stw&t=216s
cp11-34-1.jpg
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 5:51 pm

The rose-storage module also has command additions in /file/sync.
However that is completely undocumented and not so easy to figure out...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 5:55 pm

Bugs and things like BFD have no "enabled=yes" switch in RouterOS configuration files, sorry. It is easy to add some basic things, but there are complex things that need to be made from 0.
By now it becomes more like "WE determine how long you can do without BFD!". It has been a "work in progress" for a year and a half, and thus it cannot be explained by "it is a complex thing to make" anymore.
I wonder how many hundreds of man-hours the BFD feature has been estimated to take, and how many of those have already been spent.
 
User avatar
antonsb
MikroTik Support
MikroTik Support
Posts: 385
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 5:57 pm

please comment ROSE package in designated topic viewtopic.php?t=192888
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 7:14 pm

Not specific to 7.8b2, but seems to affect it. Starting from v7.7, it seems the dns resolver has a memory leak that eats up all the Mikrotik memory until the RouterOS crash and reboots. Not all are affected, but all affected confirmed to be providing DNS services for client devices.

If you're running 7.8 and providing DNS services for your connected networks, watch out for your box memory usage! This is really bad specially for the low-memory spec models, but seems to affect a variety of different models. Those with more RAM will just take longer to crash and (luckly) reboot.

viewtopic.php?t=192427#p979415
 
benkreuter
just joined
Posts: 7
Joined: Mon Nov 29, 2021 1:30 am

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 8:39 pm

Bugs and things like BFD have no "enabled=yes" switch in RouterOS configuration files, sorry. It is easy to add some basic things, but there are complex things that need to be made from 0.
At this point the lack of BFD support is inexcusable. There is clear demand from users, it was previously implemented in RouterOS, it is implemented in competing stacks, and there are common situations for which no reasonable workaround exists. BFD is relatively simple compared with OSPF (though the v7 implementation of OSPF leaves a lot to be desired) so it is hard to understand why it is still missing and apparently receiving no attention whatsoever.

Is there even a plan to implement basic features like BFD? Is there anyone even working on this?
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 9:35 pm

No core routing (BFD,EVPN, buggy VPN4) functionality for routers
Would be nice to have an alternative to hideously expensive Cisco/Juniper/Arista EVPN switches instead of relying on spanning-tree.
 
User avatar
jbl42
Member Candidate
Member Candidate
Posts: 214
Joined: Sun Jun 21, 2020 12:58 pm

Re: v7.8beta [testing] is released!

Tue Jan 24, 2023 10:35 pm

Bugs and things like BFD have no "enabled=yes" switch in RouterOS configuration files, sorry
Sorry Normis, but writing nonsense like "there is no enabled=true for BFD" after 18+ months of claiming to work on it is just pathetic.
If 18 months is not enough for MikroTik to bring BFD from ROS6 to ROS 7, probably serious routing is to complex for MikroTik and you should focus on SOHO routers.

Especially now as there are expensive beasts like CCR2116. Clearly made for large table routing with l3hw offload.
Why would I buy such an expensive box with bug ridden l3hw offload, plenty of IPv6 issues and no BFD? Our CCR2116 gathers dust in the lab as it is is clearly not fit for its intended purposes with current state of ROS7.

I start to think CCR2116 is not available anywhere because MT is embarrassed by the state of serious routing features in ROS7.
What about having different ROS versions for SOHO boxes and serious routers? So one team can work on nerdy-stuff like containers and similar and another team can work on finally fixing and implementing basic routing stuff for CCR2x16 boxes?
 
uCZBpmK6pwoZg7LR
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Mon Jun 15, 2015 12:23 pm

Re: v7.8beta [testing] is released!

Wed Jan 25, 2023 10:09 am

pls fix BGP-VRF-VPNv4 - working with RR
Agree. This issue is upgrade blocker cannot migrate due to it to ROS 7.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.8beta [testing] is released!

Wed Jan 25, 2023 1:37 pm

It is already fixed in v7.7 and v7.8betas
 
User avatar
clambert
Member Candidate
Member Candidate
Posts: 120
Joined: Wed Jun 12, 2019 5:04 am

Re: v7.8beta [testing] is released!

Wed Jan 25, 2023 9:13 pm

Great news!
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: v7.8beta [testing] is released!

Wed Jan 25, 2023 9:59 pm

What about having different ROS versions for SOHO boxes and serious routers? So one team can work on nerdy-stuff like containers and similar and another team can work on finally fixing and implementing basic routing stuff for CCR2x16 boxes?
I tend to agree. I can see that making RouterOS interface for mdadm/mkfs/iscsid/etc.. is low hanging fruit.. but why?

No one in their right mind buys a $995 router to play with containers. You buy a Mini-PC or some second hand Dell/HPE to play with virtualization and containers.
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 4:58 am

No one in their right mind buys a $995 router to play with containers. You buy a Mini-PC or some second hand Dell/HPE to play with virtualization and containers.
<Raises hand> Um, I have six 2116's and just bought two more.</hand down> I also have a farm of NUCs, Mac Mini's, and Mac Pro 5,1's running ESXi or macOS, backed by TrueNAS storage.

For the same money I spent on my NUCs, the 2116 has more cores, similar RAM & storage, 40Gbps of connectivity into a Layer 3 switch with 16 ports, redundant power supplies, all in a rack mount case. And it can switch and route a heck of a lot more data.

Until containers came out for MikroTik, I didn't really have any experience with them, since most of my apps run on dedicated hosts or in VM's. Now I'm in the process of migrating much of what I ran on my Mac Pro ESXi host at home office onto my 2116, allowing me to save power and space and eventually decommission my Xeon servers.

With all the complaints about The DUDE dying or lacking in development (and the fact that it's stuck on Windows only), I can build or deploy the NMS of my choice, including sensors, on any number of RouterOS devices, with modern interfaces and customizable code.
Last edited by sirbryan on Thu Jan 26, 2023 5:40 am, edited 1 time in total.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 5:02 am

It is already fixed in v7.7 and v7.8betas

@mrz
doesn't work on v7.7, defiantly
Last edited by nichky on Thu Jan 26, 2023 6:19 am, edited 1 time in total.
 
FattyAcid
just joined
Posts: 9
Joined: Thu Aug 11, 2022 11:28 pm

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 5:57 am

"DMVPN" is such a killer feature in the enterprise world. VyOS has support for it since years.

in general called SD-WAN. This is implemented in v7 using ZeroTier.
This will be my last post on this as it's getting off-topic, but ZeroTier is a pretty basic SD-WAN and is in no way equivalent to the capabilities, flexibility, and scalability of SD-WAN from vendors like Cisco-Viptela, Palo Alto-CloudGenix,VMware-VeloCloud, Fortinet SD-WAN, etc.

Cisco DMVPN, HP DVPN, and Fortinet ADVPN can be used in a non-SD-WAN configuration/context as they predate SD-WAN and aren't a requirement for SD-WAN. For example, Fortinet SD-WAN can be used in conjunction with Fortinet ADVPN or without depending on your use cases. As another example, Cisco-Viptela/IOS-XE SD-WAN is an entirely separate feature/product from DMVPN.

ZeroTier is sufficient for some basic home/SOHO/small business deployments/use cases--that's about it. MikroTik + ZeroTier is no way a substitute for DMVPN or real SD-WAN.
 
FattyAcid
just joined
Posts: 9
Joined: Thu Aug 11, 2022 11:28 pm

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 6:00 am

It is already fixed in v7.7 and v7.8betas
Can you please elaborate? What is fixed in v7.7 and v7.8 betas.
 
markonen
just joined
Posts: 23
Joined: Tue Aug 11, 2020 4:28 pm

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 9:46 am

Can you please elaborate? What is fixed in v7.7 and v7.8 betas.
No he can't, because that would be excessive quoting.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 10:19 am

This will be my last post on this as it's getting off-topic, but ZeroTier is a pretty basic SD-WAN and is in no way equivalent to the capabilities, flexibility, and scalability of SD-WAN from vendors like Cisco-Viptela, Palo Alto-CloudGenix,VMware-VeloCloud, Fortinet SD-WAN, etc.

mpvpn, meshvpn, sd-wan... same, same different name. I've used many of them thus the core functionality (l2/l3, end2end encryption, etc) and performance is more or less exactly the same.

What differs is deployment, administration and how well they jack into repective brands legacy system. I'd say the zt admin interface and api would fit any size as the client preparation process is the key factor that makes the difference in how well a large scale deployment will work (as always).
Last edited by Larsa on Thu Jan 26, 2023 10:28 am, edited 1 time in total.
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 10:23 am

This will be my last post on this as it's getting off-topic, but ZeroTier is a pretty basic SD-WAN and is in no way equivalent to the capabilities, flexibility, and scalability of SD-WAN from vendors like Cisco-Viptela, Palo Alto-CloudGenix,VMware-VeloCloud, Fortinet SD-WAN, etc.

mpvpn, meshvpn, sd-wan... same, same different name. I've used many of them thus the core functionality (l2/l3, end2end encryption, etc) and performance is more or less exactly the same.

What differs is deployment, administration and how well they jack into repective brands legacy system. I'd say the zt admin interface and api would fit any size as the client preparation process is the key factor that makes the difference in how well the deployment will work (as always).
MT will never play any role in any SDWAN unless the boxes can understand & detect (many) application and steer accordingly.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 10:42 am

MT will never play any role in any SDWAN unless the boxes can understand & detect (many) application and steer accordingly.
Well, for one, MT doesn't drive the sd-wan market, they just adopted and implemented an existing open solution. Please feel free to elaborate what you mean by "unless the boxes can understand & detect (many) applications and steer accordingly." Btw, since this topic has nothing to do with v7.8Beta, please continue this discussion in another thread. I'll join you there in that case.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 12:15 pm

It is already fixed in v7.7 and v7.8betas
Can you please elaborate? What is fixed in v7.7 and v7.8 betas.
Everything mentioned in the changelogs.
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 12:29 pm


MT will never play any role in any SDWAN unless the boxes can understand & detect (many) application and steer accordingly.
despite being OT but SDWAN does not have anything to do with application detection.
on the other hand, maybe this is just a misunderstanding as your wrote it
 
User avatar
woland
Member Candidate
Member Candidate
Posts: 258
Joined: Mon Aug 16, 2021 4:49 pm

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 12:42 pm

despite being OT but SDWAN does not have anything to do with application detection.
Of course it has! The selling point of SDWAN: it can replace great quality leased lines / MPLS by redundant cheap Internet uplinks. To achieve this you want to measure the quality of your cheap links and send important stuff over the better lines, while sending the rest of it over the worse lines.
You should also be able to direct for example every o365 directly to the cloud and not passing it through your central hub. Believe me, while this is possible to achieve manually, you just want the box to "know" what o365 traffic is.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 12:49 pm

@Znevna
Everything mentioned in the changelogs
@mrz -said that RR has been fixed

Have u seen that at the changelogs?
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 12:54 pm

It is already fixed in v7.7 and v7.8betas
Can u explain more exactly what you have fixed for bpg vpn4?
It still have problem with best path calculation?

Thx
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 1:01 pm

Some SDWAN solutions can detect protocols, hostnames & applications and take decision what path it should take. It's great for it's purpose, but often proprietary.

<Raises hand> Um, I have six 2116's and just bought two more.</hand down> I also have a farm of NUCs, Mac Mini's, and Mac Pro 5,1's running ESXi or macOS, backed by TrueNAS storage.

For the same money I spent on my NUCs, the 2116 has more cores, similar RAM & storage, 40Gbps of connectivity into a Layer 3 switch with 16 ports, redundant power supplies, all in a rack mount case. And it can switch and route a heck of a lot more data.

Until containers came out for MikroTik, I didn't really have any experience with them, since most of my apps run on dedicated hosts or in VM's. Now I'm in the process of migrating much of what I ran on my Mac Pro ESXi host at home office onto my 2116, allowing me to save power and space and eventually decommission my Xeon servers.

With all the complaints about The DUDE dying or lacking in development (and the fact that it's stuck on Windows only), I can build or deploy the NMS of my choice, including sensors, on any number of RouterOS devices, with modern interfaces and customizable code.
Sound really affordable to use Mac's as VMware hosts.

It can't be that heavy workloads if you can replace them with some ARM boxes with 16G of RAM.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 1:22 pm

SDN means something different to everyone (to me, it's a buzzword for not following the standard/RFCs and ignoring ISO layer seperation). But "SDN" is not claimed to be supported by v7.8beta, so it's not a bug or regression.
Please keep this forum topic strictly related to this particular RouterOS release.
Mikrotik started a different thread soliciting feedback on the topic a while back,: viewtopic.php?t=186352
that seems better place for this SDN discussion.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 4:08 pm

Believe me, while this is possible to achieve manually, you just want the box to "know" what o365 traffic is.
That is not something a generic router can do. You need to buy a special box that has a maintenance contract to provide you with the dynamic information required for that.
 
uCZBpmK6pwoZg7LR
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Mon Jun 15, 2015 12:23 pm

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 4:52 pm

It is already fixed in v7.7 and v7.8betas
Can u explain more exactly what you have fixed for bpg vpn4?
It still have problem with best path calculation?

Thx
It was fix of issue
that MT send reflected route back to sender with own self as nexthop . Due to it sender installed reflected route which it got from reflector and bgp session was broken . In moment when bgp session broken it again established bgp session and again send own routes which were reflected back to sender. it was binded with MP_REACH_NLRI
This is a copy of my support ticket i create to fix this issue
ROS 7 ibgp rr - ROS 6 ibgp .

Ros 6 establish connection and send update (MP_REACH_NLRI) with NLRI nexthop self ip (for example 10.29.193.134 )to ROS 7 RR

ROS 7 RR send back MP_REACH_NLRI with own self ip (for example 10.29.192.19 ) address and of course it also not care about propagate flag which also not right.

due to it ROS 6 reply MP_UNREACH_NLRI and ROS 7 reflect it back as well .

After it whole cycle repeat endless.

I attached wireshark capture , sipout from hub. and some screens which illustrate issue. 1 screen from ROS7 which show setting and 2 screens from ROS 6 where visible endless looped updates and export / import vrf rd.
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 5:57 pm

Sound really affordable to use Mac's as VMware hosts.

It can't be that heavy workloads if you can replace them with some ARM boxes with 16G of RAM.
The sarcasm does little to bolster your point. Those machines were made in 2009/2012 and ran through their useful macOS lifetime years ago.

Who said anything about a heavy workload? Your argument is that "nobody in their right mind" buys MikroTik to experiment with containers. I'm telling you I just did, for all the reasons listed previously. For my purposes, the CCR2116 is a better value than an i7 NUC.

I've been doing this for 25 years. Hardware/Software vendors see a much bigger picture than what 20-30 vocal people on an Internet forum thread see. In the case of containers (7.6) and storage (7.8), exposing more of the Linux ecosystem in RouterOS makes each box that much more powerful, and makes customers like me want to buy more of their product for additional purposes. And the work one (or two) people are doing to create a wrapper around existing things isn't taking anybody away from the more pressing problems with BGP, BFD, etc.

To bring it back on topic, I have one 2116 in production running 7.8b2, and it's working fine. The 2116 and AX3 in the lab are also working fine. No problems to report (yet).
 
User avatar
woland
Member Candidate
Member Candidate
Posts: 258
Joined: Mon Aug 16, 2021 4:49 pm

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 6:26 pm

That is not something a generic router can do. You need to buy a special box that has a maintenance contract to provide you with the dynamic information required for that.
:) And yet most of ASRs & ISRs of the biggest router vendor support it... search for "SD-WAN Application Intelligence Engine"
Sincere apologies! I swear this is my last OT message in this thread!
 
FattyAcid
just joined
Posts: 9
Joined: Thu Aug 11, 2022 11:28 pm

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 9:59 pm

Believe me, while this is possible to achieve manually, you just want the box to "know" what o365 traffic is.
That is not something a generic router can do. You need to buy a special box that has a maintenance contract to provide you with the dynamic information required for that.
What is a generic router? Even Mikrotik routers aren't "generic".

FortiNet FortiGate firewalls can do NGFW, IPS, UTP, SD-WAN, BGP and OSPF. And SD-WAN doesn't require a license or maintenance contract.

Cisco routers can do SD-WAN now too; it's an additional license but it's the same platforms. And the can both identify Office365. What does generic mean again?
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.8beta [testing] is released!

Thu Jan 26, 2023 10:09 pm

Since you have so many options to choose from, why don't you go with that vendor instead of barfing offtopic in the MikroTik Forums in all release topics?
 
nevolex
Member Candidate
Member Candidate
Posts: 167
Joined: Mon Apr 20, 2020 1:09 pm

Re: v7.8beta [testing] is released!

Fri Jan 27, 2023 3:40 am

Still no hardware acceleration for OpenVPN tunnel and IPQ-6010 processor (hAP ax3)
is that actually supported ?
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: v7.8beta [testing] is released!

Fri Jan 27, 2023 11:40 am

What is a generic router? Even Mikrotik routers aren't "generic". FortiNet FortiGate firewalls can do NGFW, IPS, UTP, SD-WAN, BGP and OSPF. And SD-WAN doesn't require a license or maintenance contract. Cisco routers can do SD-WAN now too; it's an additional license but it's the same platforms. And the can both identify Office365. What does generic mean again?

You are mixing up L7 firewalls and IDPS (intrusion detection and prevention systems) with routers. And the way you throw around acronyms, it's hard to tell if you even know the difference.

All types of application awareness are becoming increasingly difficult to achieve these days due to web-based applications and end-to-end encryption, you are left with just IP addresses and port numbers to play with. And for the same reason you can forget about "dynamic application routing" based on L7 filtering.
 
hzdrus
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Mon May 14, 2012 3:58 pm

Re: v7.8beta [testing] is released!

Fri Jan 27, 2023 12:28 pm

MT is currently missing a big point. Apart from routing features present in v6 that are not available on v7... they advertise the L3-HW that is BROKEN!
I have since 7.4 a support file, that is not fixed and they dindt give me any ETA for the fix.
We need every one hour to stop and restart the l3-hw engine on the CRS317. They are NOT READY for the isp business, but they ignore it.
SUP-95367 is still unfixed.
Hi, can you elaborate a bit more on the scenario where you're facing this issue? I was considering to use CRS317 for a basic L3 routing with OSPF ...
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.8beta [testing] is released!

Fri Jan 27, 2023 12:56 pm



You are mixing up L7 firewalls and IDPS (intrusion detection and prevention systems) with routers. And the way you throw around acronyms, it's hard to tell if you even know the difference.

All types of application awareness are becoming increasingly difficult to achieve these days due to web-based applications and end-to-end encryption, you are left with just IP addresses and port numbers to play with. And for the same reason you can forget about "dynamic application routing" based on L7 filtering.
thank you for phrasing that out the way you did - that was the point why i mentioned SDWAN does not have to do anything with app-detection in it's basic implementation.
that is more for IDPS topics as you wrote.

SDWAN in its core functionallity mostly is a deployment and configuration/administration system based on overlay a software (mostly a central controler) over a underlying L2/L3 network for the most part. everything else are additional "features" to a SDWAN/SDN deployment/setup

... enough off-topic -> SDN stuff over there to be discussed :-D viewtopic.php?t=186352
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Fri Jan 27, 2023 12:58 pm

All types of application awareness are becoming increasingly difficult to achieve these days due to web-based applications and end-to-end encryption, you are left with just IP addresses and port numbers to play with. And for the same reason you can forget about "dynamic application routing" based on L7 filtering.
It will not be long before "destination port number" will be a constant that is always 443. We can get a new version of TCP that omits it.
When you have a VPN where you want to route certain traffic (like realtime voice) over different tunnels than other traffic (like large file transfers) you might get away with identifying traffic during the session setup, using techniques like the L7 matcher and the TLS host matcher, then mark the connection and route it differently. But that has no use when routing Office365, where your decision is not "which tunnel between branches do we select" but rather "which internet connection do we select for the outgoing connection".
By the time you have identified an outgoing TCP connection to port 443 as being for Office365, it is too late to re-route it to another outgoing line.
The only thing you can do is have address lists for Microsoft servers known to be used for Office365. And that is dynamic data that has to be updated.
 
noradtux
newbie
Posts: 39
Joined: Mon May 24, 2021 6:33 pm

Re: v7.8beta [testing] is released!

Fri Jan 27, 2023 5:38 pm

That is not something a generic router can do. You need to buy a special box that has a maintenance contract to provide you with the dynamic information required for that.
:) And yet most of ASRs & ISRs of the biggest router vendor support it... search for "SD-WAN Application Intelligence Engine"
Sincere apologies! I swear this is my last OT message in this thread!
And most of these devices are a _LOT_ more expensive than even the CCR2216.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: v7.8beta [testing] is released!

Fri Jan 27, 2023 6:22 pm

.. search for "SD-WAN Application Intelligence Engine"
And most of these devices are a _LOT_ more expensive than even the CCR2216.

Application awareness like Cisco's Application Intelligence Engine and similar solutions are pure MBS based on some marketing directors wet dream long way back in time when they came up with the acronym NGFW. They all depend on DPI and similar obsolete techniques that will soon be totally useless for obvious reasons.
 
TheNetworkBerg
just joined
Posts: 15
Joined: Mon Sep 30, 2019 9:50 am

Re: v7.8beta [testing] is released!

Sat Jan 28, 2023 1:47 pm

@mrz

Can you guys please update your docs regarding MP-BGP? I still cannot get VPNv4 to work with either 7.7 or 7.8beta2, I can learn the routes from the route reflector, however traffic does not effectively flow. Either I am making some configuration mistake, or this still does not work.

Thanks in advance.
 
EgidijusL
just joined
Posts: 12
Joined: Fri Feb 07, 2020 1:25 am

Re: v7.8beta [testing] is released!

Sat Jan 28, 2023 2:09 pm

Hap ax3. Wifi 5Ghz speed same shit from v7.7...
 
holvoetn
Forum Guru
Forum Guru
Posts: 5324
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.8beta [testing] is released!

Sat Jan 28, 2023 2:45 pm

Hap ax3. Wifi 5Ghz speed same shit from v7.7...
What shit ? Please be more specific or nobody will be able to know what you mean.
I have mine since yesterday, upgraded to 7.8beta and I can easily get around 600mbs with Galaxy S20 (which I think is pretty decent).
On ac3 with wave2 it was low 500.
 
User avatar
clambert
Member Candidate
Member Candidate
Posts: 120
Joined: Wed Jun 12, 2019 5:04 am

Re: v7.8beta [testing] is released!

Sat Jan 28, 2023 2:46 pm

@mrz

Can you guys please update your docs regarding MP-BGP? I still cannot get VPNv4 to work with either 7.7 or 7.8beta2, I can learn the routes from the route reflector, however traffic does not effectively flow. Either I am making some configuration mistake, or this still does not work.

Thanks in advance.

I had to explicitly disable fastpath for VPNv4 to work.
 
JoaoS
just joined
Posts: 9
Joined: Thu May 14, 2020 9:18 pm

Re: v7.8beta [testing] is released!

Sat Jan 28, 2023 5:31 pm

I would like to leave my two cents, in defense of Mikrotik:

Keeping these discussions on topic, obfuscates developers to keep track of what is really needed. Making a complaint I think is valid and positive, but holding a discussion is not. Preferable to call for a new topic and the most interesting for MT to listen too.

SDWAN, IDPS , NGFW or things like that. I don't see MT as a business rule. We shouldn't have any kind of hope.

Now a little disappointment:

Routing is MT's business and the main focus should be on improving and delivering new functions, with their fastest possible fixes. As much as I like new functions, like ROSE, Containers, Wireguard... It gives me the feeling that the MT is not keeping the focus. As the resolution and improvement of:
BFD fixed
BGP-VPNv4-VRF RR fixed
EVPN
MPLS Fast Reroute
BGP Multipath
L3HW off loading that is compatible with MLAG and VRRP
L3HW off loading for VXLAN
L3HW off loading for QinQ
OSPF improvements
IPsec Virtual Tunnel Interface

I think that such requirements already satisfies almost all of the public, as it opens up potential possibilities for us.

Improvement of the wireless network, I also support it, I see it as a business rule for you too, but secondary. I see such more enterprise features like:
band steering,
roaming,
wireless bridging for wifiwave2,
 
User avatar
jbl42
Member Candidate
Member Candidate
Posts: 214
Joined: Sun Jun 21, 2020 12:58 pm

Re: v7.8beta [testing] is released!

Sat Jan 28, 2023 11:07 pm

---
Last edited by jbl42 on Sat Jan 28, 2023 11:09 pm, edited 1 time in total.
 
User avatar
jbl42
Member Candidate
Member Candidate
Posts: 214
Joined: Sun Jun 21, 2020 12:58 pm

Re: v7.8beta [testing] is released!

Sat Jan 28, 2023 11:08 pm

To add something more constructive to all the complaints:
I'm happy with the state of ROS 7.x on RB5009. For heavy SOHO and small branch applications, they work reliable with not much complaints except some SFP+ module issues solvable by using other SFPs. Also Docker is appreciated to run services like pi-hole, VoIP/SIP proxies or small local syslog servers. Same for Wireguard.

But CRS2x16 boxes mainly make sense for large/full table routing with 40/100Gbit. For such applications L3HW and BFD/OSPF issues are dealbreakers and having containers, Wireguard and ROSE does not compensate for anything.

Covering everything from hAP to CRS2x16 with one ROS seems to be a far stretch.
This is why I feel it might be worth to considering splitting up ROS into different versions for SOHO/CEP and large scale routers with different feature priorities.
 
theprojectgroup
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Tue Feb 21, 2017 11:40 pm

Re: v7.8beta [testing] is released!

Sun Jan 29, 2023 12:14 am

hAP ax3 wifi is very slow and unstable (but it's also on stable ROS):
viewtopic.php?p=980696&hilit=hap+ax3#p980696
Looks like it's bridge related. When routing and natting, throughput is stable in both directions.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5324
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.8beta [testing] is released!

Sun Jan 29, 2023 12:39 am

hAP ax3 wifi is very slow and unstable (but it's also on stable ROS):
No, it's not.
 
theprojectgroup
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Tue Feb 21, 2017 11:40 pm

Re: v7.8beta [testing] is released!

Sun Jan 29, 2023 2:54 am

No, it's not.
I am very sorry, but it is.
hAP ax2 & 3 have major stability and performance issues since their release for at least a few people.

But I am very glad you seem to be not affected .
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 277
Joined: Mon Mar 15, 2021 9:10 pm

Re: v7.8beta [testing] is released!

Sun Jan 29, 2023 3:12 am

To add something on what needs to be improved IPV6 fasttrack is a must and should be at least with significant priority and VPDN (LAC) for serious consideration

what are the odds in the next beta code drop the elusive BFD feature is in? :)
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v7.8beta [testing] is released!

Sun Jan 29, 2023 5:15 am

@mrz

Can you guys please update your docs regarding MP-BGP? I still cannot get VPNv4 to work with either 7.7 or 7.8beta2, I can learn the routes from the route reflector, however traffic does not effectively flow. Either I am making some configuration mistake, or this still does not work.

Thanks in advance.
Do VPLS tunnels work in your configuration?

This may seem like a stupid question, but I'm just trying to work backward with you. There are a few non-obvious changes to MPLS in v7 and if VPLS is not working it will help to pinpoint the problem
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.8beta [testing] is released!

Sun Jan 29, 2023 6:55 am

also, we need static VPLS name , when we running them over BGP
 
holvoetn
Forum Guru
Forum Guru
Posts: 5324
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.8beta [testing] is released!

Sun Jan 29, 2023 8:44 am

No, it's not.
I am very sorry, but it is.
hAP ax2 & 3 have major stability and performance issues since their release for at least a few people.
For one, it doesn't help if you generalize.
The forum would be swamped with problem reports if this was the case.
Secondly, start a separate thread with full exported config and as much surrounding detail as possible. Unless i missed it, i have not seen that yet in your other thread.
Also create a support ticket with supout of your device when the issue occurs.
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: v7.8beta [testing] is released!

Sun Jan 29, 2023 2:59 pm

...
Well made points.

The market is already flooded with SDWAN, IDS, NGFW stuff, and it's probably very hard to gain any foot there because those who want's this are willing to pay for it.

But RouterOS is the only alternative I know besides the "giants" that does advanced BGP, BGP-VPNv4, MPLS, VPLS, L3HW etc. And it some extent managed Wifi-solutions (the alternative is UniFi). This with efficent/affordable hardware is their strongest place.


Covering everything from hAP to CRS2x16 with one ROS seems to be a far stretch.
This is why I feel it might be worth to considering splitting up ROS into different versions for SOHO/CEP and large scale routers with different feature priorities.
Yes and no. We run IOS-XE on both ISR 1000 boxes and our 25/100G Catalyst. But the software image is about 800MB. Not the "within 16MB" principle that RouterOS has.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Sun Jan 29, 2023 3:08 pm

Note that MikroTik in fact is moving in the opposite direction. In v6 there still were separate packages for things like wireless, hotspot, capsman, mpls, bgp, etc.
In v7 all is put together in a single right-for-everyone package. So instead of differentiation we have movement towards a single version.
I can understand how that desire occurred, because there were more and more packages with cross dependencies and the installer could not deal with that.
I would have no problem with a system package that includes what was in e.g. dhcp, ppp, security, ipv6 and advanced-tools because those were all mutually dependent and/or the situation where one was not installed made operation of the other more complicated.
But I really do not understand why we are all forced to have stuff like wireless, hotspot, capsman, mpls and bgp on each and every device.
 
User avatar
sirbryan
Member Candidate
Member Candidate
Posts: 298
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.8beta [testing] is released!

Sun Jan 29, 2023 3:16 pm

For those wondering where MikroTik is going with all of this, especially CCR2000 and beyond...

From Cisco: https://www.cisco.com/c/en/us/products/ ... 42415.html (emphasis mine)

Cisco IOS XE 16.12.1 introduces native Docker container support on certain models of Catalyst 9000 switches. This enables users to build and bring their own applications without additional packaging. Developers don’t have to reinvent the wheel by rewriting the applications every time there is an infrastructure change. Once packaged within Docker, the applications will work within any infrastructure that supports docker containers...

From Arista: https://www.arista.com/en/products/eos/ ... ogrammable

EOS offers the ability to write scripts and load applications directly onto the Linux operating system and to run these applications as guest VMs. Features of EOS extensibility include:
  • Installation without modification of third-party software for Linux
  • Scripting and Linux shell-level access for automation
  • Programmable at all layers: Linux kernel, hardware forwarding tables, switch configuration and CLI, switch control plane as well as management layer
  • Support for running Docker containers directly on the switch

I applaud and welcome the fact that we also get it on the little ARM/ARM64 boxes. In the coming months, out of the hundreds of RouterOS devices I have installed in the field, more will be using newer features like Wireguard/ZeroTier and simple containers than MPLS/BGP/OSPF/etc.
 
benkreuter
just joined
Posts: 7
Joined: Mon Nov 29, 2021 1:30 am

Re: v7.8beta [testing] is released!

Sun Jan 29, 2023 5:36 pm

For those wondering where MikroTik is going with all of this, especially CCR2000 and beyond...

From Cisco: https://www.cisco.com/c/en/us/products/ ... 42415.html (emphasis mine)

You know what else also those Cisco/etc. routers can do? OSPF, BGP, BFD, and other basic routing protocols that we rightly expect a router to support. I do not doubt that there are legitimate use-cases for containers, but it remains secondary to core routing features -- especially on machines with support for L3 offloading and other routing/switching specific hardware features.
 
benkreuter
just joined
Posts: 7
Joined: Mon Nov 29, 2021 1:30 am

Re: v7.8beta [testing] is released!

Sun Jan 29, 2023 5:42 pm

also, we need static VPLS name , when we running them over BGP
That is not necessarily the right thing, BGP signalled VPLS tunnels are created dynamically and there may be a lot of them in any given bridge. It is not clear to me how static names would even work in that case.

What would really help is the ability to specify a VLAN for BGP-signalled VPLS. The need is somewhat niche, but I have found myself resorting to all kinds of brittle workarounds when it has come up.
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: v7.8beta [testing] is released!

Sun Jan 29, 2023 5:59 pm

From Cisco: https://www.cisco.com/c/en/us/products/ ... 42415.html (emphasis mine)

I applaud and welcome the fact that we also get it on the little ARM/ARM64 boxes. In the coming months, out of the hundreds of RouterOS devices I have installed in the field, more will be using newer features like Wireguard/ZeroTier and simple containers than MPLS/BGP/OSPF/etc.
I know, we have those at work. But using $9,000 switches for hosting containers is insane when you have a working VMware envoriment. The price difference GB/CPU per $ is astronomical. It only makes sense for a branch/edge site that needs a on-site agent of some kind (security, proxy, monitoring, authentication, etc.)
 
User avatar
jbl42
Member Candidate
Member Candidate
Posts: 214
Joined: Sun Jun 21, 2020 12:58 pm

Re: v7.8beta [testing] is released!

Mon Jan 30, 2023 1:20 am

Beside running services, I can also see value in Docker for testing and debugging: Temporary starting up a minimal Debian or Ubuntu image on a remote router to run tools like flent, cacti or nagios from the router's remote point of view could come in handy.
 
EgidijusL
just joined
Posts: 12
Joined: Fri Feb 07, 2020 1:25 am

Re: v7.8beta [testing] is released!

Mon Jan 30, 2023 1:39 am

hAP ax3 wifi is very slow and unstable (but it's also on stable ROS):
No, it's not.
Yes, with v7.7 and v7.8 speed slow... downgrade to v7.6 and OK.
 
EgidijusL
just joined
Posts: 12
Joined: Fri Feb 07, 2020 1:25 am

Re: v7.8beta [testing] is released!

Mon Jan 30, 2023 1:49 am

Hap ax3. Wifi 5Ghz speed same shit from v7.7...
What shit ? Please be more specific or nobody will be able to know what you mean.
I have mine since yesterday, upgraded to 7.8beta and I can easily get around 600mbs with Galaxy S20 (which I think is pretty decent).
On ac3 with wave2 it was low 500.
With v7.6 5Ghz speed ~800Mbs, with v7.7 speed ~400Mbs using Iphone 12 pro max
 
holvoetn
Forum Guru
Forum Guru
Posts: 5324
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.8beta [testing] is released!

Mon Jan 30, 2023 6:19 am

As replied on other thread:
went over 7.6, 7.7, 7.8beta using Samsung S20: all give for me the same figures on my devices (obviously with some variation when doing multiple test runs but everything falls consistently in the same fork).
Nothing special on that device (just unboxed it, wanted to toy first with AX before moving one of the home AC3's to this one).
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.8beta [testing] is released!

Mon Jan 30, 2023 7:52 am

With v7.6 5Ghz speed ~800Mbs, with v7.7 speed ~400Mbs using Iphone 12 pro max
Where is your config and what hardware are your running on..
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.8beta [testing] is released!

Mon Jan 30, 2023 8:38 am

With v7.6 5Ghz speed ~800Mbs, with v7.7 speed ~400Mbs using Iphone 12 pro max
Where is your config and what hardware are your running on..
hAP ax3
 
User avatar
kosyot
newbie
Posts: 36
Joined: Wed Jan 16, 2019 1:28 pm
Contact:

Re: v7.8beta [testing] is released!

Mon Jan 30, 2023 10:46 am

BGP - one step ahead, two back..

fixed cli command (not @winbox)
/ip/route/print count-only  where 
not always show 0

but..
belongs-to= where cause gone ?

how to print routes received by specific BGP peer ? (immediate-gw is not a option)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Mon Jan 30, 2023 11:30 am

belongs-to works fine for me! you should not use /ip/route/print but rather /routing/route/print.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.8beta [testing] is released!

Mon Jan 30, 2023 12:26 pm

The mix of location has given me headache several times.
Example:
Cli /user
Gui System->Users

Cli /interface/bridge
Gui Bridge

Cli /routing/route
Gui ip -> Routes

It may have been done to get to it more quickly?
Name should be equal and same with path.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.8beta [testing] is released!

Mon Jan 30, 2023 12:28 pm

Cli /routing/route
Gui ip -> Routes
This is not the same! There is
/ip/route/
and
/routing/route/
!
 
User avatar
clambert
Member Candidate
Member Candidate
Posts: 120
Joined: Wed Jun 12, 2019 5:04 am

Re: v7.8beta [testing] is released!

Mon Jan 30, 2023 12:50 pm

What would really help is the ability to specify a VLAN for BGP-signalled VPLS. The need is somewhat niche, but I have found myself resorting to all kinds of brittle workarounds when it has come up.

The ability to define a VLAN for dynamically created interfaces using VPLS within a bridge would be very useful for our implementations.
 
xh116
just joined
Posts: 16
Joined: Wed Oct 17, 2018 3:44 pm

Re: v7.8beta [testing] is released!

Mon Jan 30, 2023 5:31 pm

Since updating to 7.8beta2 I'm having issues importing remote container image zabbix/zabbix-proxy-sqlite3:alpine-6.0-latest on my RB5009 (arm64). It was working fine on 7.7rc5.

 16:43:05 container,info,debug importing remote image: zabbix/zabbix-proxy-sqlite3, tag: alpine-6.0-latest
 16:43:05 system,info item added by cesar
 16:43:07 container,info,debug error response getting manifests: 404
 16:43:07 container,info,debug was unable to import, container 4a07240c-862b-4861-a16a-68605478ad54

After changing to zabbix/zabbix-proxy-sqlite3:alpine-6.0.12 it works fine again:

 16:45:28 container,info,debug importing remote image: zabbix/zabbix-proxy-sqlite3, tag: alpine-6.0.12
 16:45:28 system,info item added by cesar
 16:45:31 container,info,debug getting layer sha256:6875df1f535433e5affe18ecfde9acb7950ab5f76887980ff06c5cdd48cf98f4
 16:45:32 container,info,debug layer sha256:6875df1f535433e5affe18ecfde9acb7950ab5f76887980ff06c5cdd48cf98f4 downloaded
 16:45:32 container,info,debug getting layer sha256:2068be5b412156c5bc2936aeb988446cb6ac458c4c408ac51b5143e9632073f0
 16:45:33 container,info,debug layer sha256:2068be5b412156c5bc2936aeb988446cb6ac458c4c408ac51b5143e9632073f0 downloaded
 16:45:33 container,info,debug getting layer sha256:35af6ce2b615d78f6617ef90fdbb0aef91a77c766594c28325a8e9e589d0e002
 16:45:33 container,info,debug layer sha256:35af6ce2b615d78f6617ef90fdbb0aef91a77c766594c28325a8e9e589d0e002 downloaded
 16:45:33 container,info,debug getting layer sha256:7becd6903f60f84a63358dbfbf033e34094e07d255085fe0d9a2fe48481e74b6
 16:45:34 container,info,debug layer sha256:7becd6903f60f84a63358dbfbf033e34094e07d255085fe0d9a2fe48481e74b6 downloaded
 16:45:34 container,info,debug getting layer sha256:21bb24f368b7ae4b135a1ef432a6379a54310c37e8a7b8d54d0260d7cd768f9d
 16:45:35 container,info,debug layer sha256:21bb24f368b7ae4b135a1ef432a6379a54310c37e8a7b8d54d0260d7cd768f9d downloaded
 16:45:35 container,info,debug getting layer sha256:9e1e869413aec50921ae70ba3b2098e56ab598bb6a26d2b0d5c697f7c433cb00
 16:45:37 container,info,debug layer sha256:9e1e869413aec50921ae70ba3b2098e56ab598bb6a26d2b0d5c697f7c433cb00 downloaded
 16:45:38 container,info,debug getting layer sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1
 16:45:38 container,info,debug layer sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 downloaded
 16:45:38 container,info,debug getting layer sha256:e4034d2118985bc524c23df0d8c998c604ee97aef464494c39111bf32ebd9335
 16:45:39 container,info,debug layer sha256:e4034d2118985bc524c23df0d8c998c604ee97aef464494c39111bf32ebd9335 downloaded
 16:45:39 container,info,debug import successful, container c3a27c76-186a-47bf-ace4-04fcff0790fd

zabbix/zabbix-proxy-sqlite3:alpine-6.0-latest was updated a few hours ago. Maybe something is wrong on Docker Hub? Or is it a bug in 7.8beta2?

I have the same problem with my own build, all newly pushed to docker hub are the same error. if you pull from other linux os and upload to routeros, it works.
 
User avatar
CTassisF
newbie
Posts: 35
Joined: Thu Jun 11, 2020 10:26 pm
Location: São Paulo, Brazil
Contact:

Re: v7.8beta [testing] is released!

Mon Jan 30, 2023 5:41 pm

I have the same problem with my own build, all newly pushed to docker hub are the same error. if you pull from other linux os and upload to routeros, it works.

Same behavior here: not working on RouterOS, but on macOS with Docker it works fine.

I've opened a ticket (SUP-105409) but it was closed by MikroTik as "not our bug".

I also reported this to the maintainers of Zabbix images on Docker Hub (https://github.com/zabbix/zabbix-docker/issues/1049) and they said to wait next release. I'm waiting to see if they will be able to fix this.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.8beta [testing] is released!

Mon Jan 30, 2023 7:31 pm

I've opened a ticket (SUP-105409) but it was closed by MikroTik as "not our bug".

No wonder with error message
16:43:07 container,info,debug error response getting manifests: 404
which indicates http error 404 (not found). That's a problem on remote side (github) and if things worked previously it may mean some necessary platform-specific files are missing.
 
User avatar
kosyot
newbie
Posts: 36
Joined: Wed Jan 16, 2019 1:28 pm
Contact:

Re: v7.8beta [testing] is released!

Mon Jan 30, 2023 9:04 pm

belongs-to works fine for me! you should not use /ip/route/print but rather /routing/route/print.
my mistake :(
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Wed Feb 01, 2023 10:56 am

It would be great if OVPN would get static key support soon. Can you please tell me what's the problem implementing this?
Well, the "official" OpenVPN version 2.6.0 just released has dropped the support for static key, so that would be one possible reason for not bothering with it anymore...
 
dadaniel
Member Candidate
Member Candidate
Posts: 220
Joined: Fri May 14, 2010 11:51 pm

Re: v7.8beta [testing] is released!

Wed Feb 01, 2023 2:20 pm

Well, the "official" OpenVPN version 2.6.0 just released has dropped the support for static key, so that would be one possible reason for not bothering with it anymore...
Yes, but they write: static key mode (non-TLS) is no longer considered "good and secure enough" for today's requirements. Use TLS mode instead. If deploying a PKI CA is considered "too complicated", using --peer-fingerprint makes TLS mode about as easy as using --secret.”

But Mikrotik does not support TLS authentication at all...
https://help.mikrotik.com/docs/display/ROS/OpenVPN (Limitations)
 
troffasky
Member
Member
Posts: 431
Joined: Wed Mar 26, 2014 4:37 pm

Re: v7.8beta [testing] is released!

Wed Feb 01, 2023 3:05 pm


MT will never play any role in any SDWAN unless the boxes can understand & detect (many) application and steer accordingly.
Ask three network engineers what "SDWAN" is and you will get at least three different answers.
 
troffasky
Member
Member
Posts: 431
Joined: Wed Mar 26, 2014 4:37 pm

Re: v7.8beta [testing] is released!

Wed Feb 01, 2023 3:07 pm

While I agree with many of the flaws, point #3 is generally referred to as SDWAN and is implemented in RoS using ZeroTier.
Sure, so long as you're using ARM. Three times now we have deployed Zerotier for a customer and *not* used CHR for the soft-router element because it doesn't support Zerotier.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: v7.8beta [testing] is released!

Wed Feb 01, 2023 3:52 pm

Is it just me? Do others also experiencing the same? I didn't see any issue on ARM devices. The screenshot is from a CHR.
2023-02-01_17-18-18.jpg
update
The certificate CRL download doesn't work when only the DOH is used.
/ip dns
use-doh-server=https://dns-record.domain.tdl/dns-query verify-doh-cert=yes
/ip dns static
add address=public-ip name=dns-record.domain.tdl
You do not have the required permissions to view the files attached to this post.
Last edited by own3r1138 on Fri Feb 03, 2023 12:20 am, edited 1 time in total.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.8beta [testing] is released!

Wed Feb 01, 2023 3:55 pm

That is the distribution point for Let's Encrypt R3 certificate revocation list.

Open your browser, point it to a website secured by Let's encrypt and see the certificate details...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Wed Feb 01, 2023 4:08 pm

If deploying a PKI CA is considered "too complicated", using --peer-fingerprint makes TLS mode about as easy as using --secret.”

But Mikrotik does not support TLS authentication at all...
https://help.mikrotik.com/docs/display/ROS/OpenVPN (Limitations)
When you want a simple no-certificate-hassle VPN, MikroTik offers more than enough alternatives: IPsec, SSTP, Wireguard, ...
When it is about VPN support, there is always somebody who asks for an option (or an entire protocol) that isn't supported...
 
dadaniel
Member Candidate
Member Candidate
Posts: 220
Joined: Fri May 14, 2010 11:51 pm

Re: v7.8beta [testing] is released!

Wed Feb 01, 2023 5:06 pm

When you want a simple no-certificate-hassle VPN, MikroTik offers more than enough alternatives: IPsec, SSTP, Wireguard, ...
When it is about VPN support, there is always somebody who asks for an option (or an entire protocol) that isn't supported...
It's all about money: Our software solution provider says OpenVPN connection is free, IPsec connection is 410 Euro one-time-fee and 25 EUR monthly fee.
Sometimes you can't control both VPN endpoints....
 
holvoetn
Forum Guru
Forum Guru
Posts: 5324
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.8beta [testing] is released!

Wed Feb 01, 2023 7:36 pm

Wireguard is free.
Faster then openvpn too.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Wed Feb 01, 2023 8:01 pm

It's all about money: Our software solution provider says OpenVPN connection is free
"Solution provider" that offers OpenVPN only with static keys? That is pretty sad... they will not be happy finding that they need to point their users to obsolete software from now on, I guess...
In this sense I am a "solution provider" myself and my OpenVPN server (which is not running on RouterOS but plain Linux) works with the standard easy-rsa certificate system.
I don't know if RouterOS can connect to it by now, it used to be not possible because it uses UDP only, and users with MikroTik routers get L2TP/IPsec or GRE tunnels instead.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.8beta [testing] is released!

Wed Feb 01, 2023 9:38 pm

.....
I don't know if RouterOS can connect to it by now, it used to be not possible because it uses UDP only, and users with MikroTik routers get L2TP/IPsec or GRE tunnels instead.
.
RouterOS version 7 is now capable of using UDP OpenVPN connections. There are still some limitations, as it seems to use a proprietary implementation of OpenVPN. But it can do TCP and also UDP on RoSv7. RoSv6 is really limited to TCP connections only.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Wed Feb 01, 2023 9:43 pm

RouterOS version 7 is now capable of using UDP OpenVPN connections. There are still some limitations, as it seems to use a proprietary implementation of OpenVPN.
I know that... there are many config parameters and also features that could make it fail. Compression, push of routes and other parameters, etc.
That is why I mention I did not test it. There probably will be some reason why it fails.
 
shaw627
just joined
Posts: 11
Joined: Wed Aug 29, 2018 6:34 pm

Re: v7.8beta [testing] is released!

Wed Feb 01, 2023 10:41 pm

Not specific to 7.8b2, but seems to affect it. Starting from v7.7, it seems the dns resolver has a memory leak that eats up all the Mikrotik memory until the RouterOS crash and reboots. Not all are affected, but all affected confirmed to be providing DNS services for client devices.

If you're running 7.8 and providing DNS services for your connected networks, watch out for your box memory usage! This is really bad specially for the low-memory spec models, but seems to affect a variety of different models. Those with more RAM will just take longer to crash and (luckly) reboot.

viewtopic.php?t=192427#p979415
me2, dns cache can't be freed though I flush dns cache since v7.7 stable. (tested on hap ac2 and RB4011)
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.8beta [testing] is released!

Thu Feb 02, 2023 12:18 am

*) route - fixed IPv6 default route presence when received from RA;
This does not seem to be working - I do not see this route either in the Winbox GUI or the CLI.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Thu Feb 02, 2023 11:03 am

*) route - fixed IPv6 default route presence when received from RA;
This does not seem to be working - I do not see this route either in the Winbox GUI or the CLI.
It works for me... maybe there is some other factor in your setup that influences it.
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.8beta [testing] is released!

Thu Feb 02, 2023 11:10 am

*) certificate - improved certificate management, signing and storing processes;
SUP-105306
This does not seem to be working - I have error "ipsec,error can't get private key".
I attached the command-history.txt and supout.rif files from 7.7 where everything works and from 7.8beta2 where it does not work.
 
snowzach
just joined
Posts: 2
Joined: Wed Jan 19, 2022 3:55 pm

Re: v7.8beta [testing] is released!

Thu Feb 02, 2023 10:16 pm

I've opened a ticket (SUP-105409) but it was closed by MikroTik as "not our bug".

No wonder with error message
16:43:07 container,info,debug error response getting manifests: 404
which indicates http error 404 (not found). That's a problem on remote side (github) and if things worked previously it may mean some necessary platform-specific files are missing.
Yeah, I figured out what the issue was.. I tried to build my own docker image and I couldn't get anything but 404 when I tried to pull the image to the Mikrotik. The issue is that the new Docker buildx uploads images in this OCI format. You'll also find that if you do `docker inspect <image name>` it will say the image isn't found because the inspect command also does not support this format. (funny right?) It's related to this issue: https://github.com/moby/moby/issues/43126 You can fix your own images by following this: https://github.com/docker/buildx/issues ... 1378538197

As for vendor images, you'll need to pull them, save them as a tar and upload them to the Mikrotik to get them to work.

Mikrotik will need to update their docker daemon to support this new manifest format. I opened a ticket and provided them the information.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.8beta [testing] is released!

Thu Feb 02, 2023 10:22 pm

It works for me... maybe there is some other factor in your setup that influences it.
Perhaps - but I just reset my hAP mini (which I only use for testing) to no-default-configuration, logged into it and disabled "IPv6 forward" so that it gets an address from the RA. The address appears, but default route does not, but the default route is actually there because it can ping the IPv6 address for ipv6.google.com.

It doesn't work on my hAP ac either. If it is some other factor in the setup, it must be something about the RA itself that it doesn't like, preventing it from installing the default route for some reason.
 
chiem
newbie
Posts: 41
Joined: Fri Oct 24, 2014 4:48 pm

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 1:44 pm

No fix for the non-compliant mixing of static and upstream DNS results?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 2:37 pm

It doesn't work on my hAP ac either. If it is some other factor in the setup, it must be something about the RA itself that it doesn't like, preventing it from installing the default route for some reason.
I did not have IPv6 forwarding enabled on my test router, I use IPv6 only for a potential tunnel there, but after enabling it it still works.
The router gets an address and default router from another MikroTik that is running 6.49.7 and it looks like it is all working fine.
 
EdPa
MikroTik Support
MikroTik Support
Posts: 274
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 3:15 pm

What's new in 7.8beta3 (2023-Feb-01 16:10):

Important note!!!

Version is not recommended on CRS3xx devices.

Changes in this release:

!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bridge - fixed adding disabled MSTI;
*) bridge - improved HW offloading logic;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved multiple certificate import process;
*) console - improved ":execute" command to output a string when a file is not specified;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) dns - fixed CNAME reading from the cache;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) led - fixed signal reading for KNOT device;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) pppoe - fixed PPPoE client scan showing only one server;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added FastPath support;
*) webfig - improved terminal operation;
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing cipher properties for OVPN server and client;
*) winbox - added missing filtering properties under "Tools/Packet Sniffer" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) zeroter - fixed routes after VRF change;
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 3:51 pm

*) console - improved ":execute" command to output a string when a file is not specified;

Not sure it "output a string", but it does "returns the command's output" now, instead of some execution ID in previous versions.
[admin@MikroTik] > :global x [:execute ":put \"test\""]
[admin@MikroTik] > put $x
test

But previously this would return immediately and was non-blocking. My only concern is that :execute used be asynchronous, but now code in execute can theoretically block a script in 7.8beta3:
:global z [:execute ":while (1) do={:put here; :delay 1s}"]
What the reason for the change? I've always thought :execute is a background operation, while [:parse] was for the foreground, so I'm just not sure how this change is useful...
 
alibloke
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Fri Jun 03, 2016 12:13 am

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 4:46 pm

The change is explained in this video:
https://youtu.be/xYLYRmpM-Zo?t=217
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 5:05 pm

The change is explained in this video:
https://youtu.be/xYLYRmpM-Zo?t=217
I wouldn't say explained. :execute has worked for years the same way – it does NOT wait for a return value, and that will break some existing scripts people use.

Other ways to solve whatever issue in this telegram script than changing core functions in the scripting language IMO.
 
dksoft
Member Candidate
Member Candidate
Posts: 148
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 5:10 pm

The ROSE documentation tells about rsync support.
Is there any information how to use it?
Also, will ROSE be available with final 7.8 (asking because of experiences with container in the past) ?

Regards
dksoft
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 5:11 pm

What's new in 7.8beta3 (2023-Feb-01 16:10):

Important note!!!

Version is not recommended on CRS3xx devices.

Changes in this release:

*) certificate - fixed PBES2 certificate import;
*) certificate - improved multiple certificate import process;

SUP-105306
This does not seem to be working - I have error "ipsec,error can't get private key".
I attached the command-history.txt and supout.rif files from 7.7 where everything works and NETINSTALLED 7.8beta2 and NETINSTALLED 7.8beta3 where it does not work.


r1
/certificate/add name="r1-ca" common-name="r1-ca" subject-alt-name="email:r1-ca" key-size=prime256v1 key-usage=key-cert-sign,crl-sign
:do {/certificate/sign [find name=r1-ca] name=r1-ca} on-error={:delay 3}
/certificate/add name="r1" common-name="192.168.2.14" subject-alt-name="IP:192.168.2.14" key-size=prime256v1 key-usage=digital-signature,content-commitment,key-encipherment,key-agreement,tls-server
:do {/certificate/sign [find name=r1] ca=r1-ca name=r1} on-error={:delay 3}
/certificate/add name="r1-r2" common-name="r1-r2" subject-alt-name="email:r1-r2" key-size=prime256v1 key-usage=digital-signature,key-encipherment,data-encipherment,key-agreement,tls-client
:do {/certificate/sign [find name=r1-r2] ca=r1-ca name=r1-r2} on-error={:delay 3}
:delay 2
/certificate/export-certificate r1-ca file-name=r1-ca
/certificate/export-certificate r1 file-name=r1
/certificate/export-certificate r1-r2 file-name=r1-r2 type=pkcs12 export-passphrase=passphrase
/ip/pool/add name=r1-r2 ranges=192.168.1.2
/ip/ipsec/mode-config/add address-pool=r1-r2 address-prefix-length=32 name=r1-r2 split-include=0.0.0.0/0 system-dns=no
/ip/ipsec/policy/group/add name=group1
/ip/ipsec/profile/add dh-group=ecp256 enc-algorithm=aes-256 hash-algorithm=sha256 name=profile1 prf-algorithm=sha256 proposal-check=strict
/ip/ipsec/peer/add exchange-mode=ike2 local-address=192.168.2.14 name=peer1 passive=yes profile=profile1
/ip/ipsec/proposal/add auth-algorithms=sha256 enc-algorithms=aes-256-cbc,aes-256-gcm lifetime=8h name=proposal1 pfs-group=ecp256
/ip/ipsec/identity/add auth-method=digital-signature certificate=r1 generate-policy=port-strict match-by=certificate mode-config=r1-r2 peer=peer1 policy-template-group=group1 remote-certificate=r1-r2
/ip/ipsec/policy/add dst-address=192.168.1.0/24 group=group1 proposal=proposal1 src-address=0.0.0.0/0 template=yes

r2
/certificate/import file-name="r1-ca.crt" name="r1-ca" passphrase=""
/certificate/import file-name="r1.crt" name="r1" passphrase=""
/certificate/import file-name="r1-r2.p12" name="r1-r2" passphrase="passphrase"
:delay 2
/ip/ipsec/mode-config/add name=cfg1 responder=no
/ip/ipsec/policy/group/add name=group1
/ip/ipsec/profile/add dh-group=ecp256 enc-algorithm=aes-256 hash-algorithm=sha256 name=profile1 prf-algorithm=sha256 proposal-check=strict
/ip/ipsec/peer/add address=192.168.2.14/32 exchange-mode=ike2 name=peer1 profile=profile1
/ip/ipsec/proposal/add auth-algorithms="" enc-algorithms=aes-256-gcm lifetime=8h name=proposal1 pfs-group=ecp256
/ip/ipsec/identity/add auth-method=digital-signature certificate=r1-r2 generate-policy=port-strict match-by=certificate mode-config=cfg1 my-id=dn peer=peer1 policy-template-group=group1 remote-certificate=r1
/ip/ipsec/policy/add dst-address=0.0.0.0/0 group=group1 proposal=proposal1 src-address=0.0.0.0/0 template=yes

r1
[admin@MikroTik] > /log/print 
 17:56:50 system,info crossfig will upgrade version 6 configuration
 17:56:50 system,info router rebooted
 17:56:56 dhcp,info dhcp-client on ether1 got IP address 192.168.2.14
 17:57:26 system,info,account user admin logged in from 192.168.2.12 via winbox
 17:57:35 system,info,account user admin logged in from 192.168.2.12 via local
 17:57:55 certificate,info generated CA certificate: r1-ca
 17:57:55 certificate,info generated certificate 58D11DB0B6FC086E:192.168.2.14::::::IP:192.168.2.14 ec-curve:prime256v1 usage:80000017 valid:365 for CA r1-ca
 17:57:55 certificate,info generated certificate 635C8FE1F8067C04:r1-r2::::::email:r1-r2 ec-curve:prime256v1 usage:4000001d valid:365 for CA r1-ca
 17:57:57 system,info pool r1-r2 added by admin
 17:57:57 system,info ipsec modecfg r1-r2 added by admin
 17:57:57 system,info ipsec policy group added by admin
 17:57:57 system,info peer proposal profile1 added by admin
 17:57:57 system,info ipsec peer peer1 added by admin
 17:57:57 system,info ipsec proposal proposal1 added by admin
 17:57:57 system,info ipsec identity added by admin
 17:57:57 system,info ipsec policy added by admin
 17:58:17 ipsec,info new ike2 SA (R): peer1 192.168.2.14[4500]-192.168.2.15[4500] spi:3c1d6cb395cc01d2:6d092be31bed4e80
 17:58:17 ipsec,error got fatal error: AUTHENTICATION_FAILED
 17:58:17 ipsec,info killing ike2 SA: peer1 192.168.2.14[4500]-192.168.2.15[4500] spi:3c1d6cb395cc01d2:6d092be31bed4e80
 17:58:27 ipsec,info new ike2 SA (R): peer1 192.168.2.14[4500]-192.168.2.15[4500] spi:60f9761f291a8e80:7f0c0161d5d1c77b
 17:58:27 ipsec,error got fatal error: AUTHENTICATION_FAILED
 17:58:27 ipsec,info killing ike2 SA: peer1 192.168.2.14[4500]-192.168.2.15[4500] spi:60f9761f291a8e80:7f0c0161d5d1c77b
 17:58:37 ipsec,info new ike2 SA (R): peer1 192.168.2.14[4500]-192.168.2.15[4500] spi:e7a61a9079b43bde:2554939c1b6bef4f
 17:58:37 ipsec,error got fatal error: AUTHENTICATION_FAILED
 17:58:37 ipsec,info killing ike2 SA: peer1 192.168.2.14[4500]-192.168.2.15[4500] spi:e7a61a9079b43bde:2554939c1b6bef4f
 17:58:47 ipsec,info new ike2 SA (R): peer1 192.168.2.14[4500]-192.168.2.15[4500] spi:f8f8ffcf6c778b67:f72f141417a39316
 17:58:47 ipsec,error got fatal error: AUTHENTICATION_FAILED
 17:58:47 ipsec,info killing ike2 SA: peer1 192.168.2.14[4500]-192.168.2.15[4500] spi:f8f8ffcf6c778b67:f72f141417a39316
 

r2
[admin@MikroTik] > /log/print 
 17:56:58 system,info crossfig will upgrade version 6 configuration
 17:56:58 system,info router rebooted
 17:57:04 dhcp,info dhcp-client on ether1 got IP address 192.168.2.15
 17:57:29 system,info,account user admin logged in from 192.168.2.12 via winbox
 17:57:36 system,info,account user admin logged in from 192.168.2.12 via local
 17:58:17 system,info ipsec modecfg cfg1 added by admin
 17:58:17 system,info ipsec policy group added by admin
 17:58:17 system,info peer proposal profile1 added by admin
 17:58:17 system,info ipsec peer peer1 added by admin
 17:58:17 system,info ipsec proposal proposal1 added by admin
 17:58:17 system,info ipsec identity added by admin
 17:58:17 ipsec,info new ike2 SA (I): peer1 192.168.2.15[4500]-192.168.2.14[4500] spi:6d092be31bed4e80:3c1d6cb395cc01d2
 17:58:17 ipsec,error can't get private key
 17:58:17 ipsec,info killing ike2 SA: peer1 192.168.2.15[4500]-192.168.2.14[4500] spi:6d092be31bed4e80:3c1d6cb395cc01d2
 17:58:21 system,info ipsec policy added by admin
 17:58:27 ipsec,info new ike2 SA (I): peer1 192.168.2.15[4500]-192.168.2.14[4500] spi:7f0c0161d5d1c77b:60f9761f291a8e80
 17:58:27 ipsec,error can't get private key
 17:58:27 ipsec,info killing ike2 SA: peer1 192.168.2.15[4500]-192.168.2.14[4500] spi:7f0c0161d5d1c77b:60f9761f291a8e80
 17:58:37 ipsec,info new ike2 SA (I): peer1 192.168.2.15[4500]-192.168.2.14[4500] spi:2554939c1b6bef4f:e7a61a9079b43bde
 17:58:37 ipsec,error can't get private key
 17:58:37 ipsec,info killing ike2 SA: peer1 192.168.2.15[4500]-192.168.2.14[4500] spi:2554939c1b6bef4f:e7a61a9079b43bde
 17:58:46 system,info,account user admin logged in from 192.168.2.12 via local
 17:58:47 ipsec,info new ike2 SA (I): peer1 192.168.2.15[4500]-192.168.2.14[4500] spi:f72f141417a39316:f8f8ffcf6c778b67
 17:58:47 ipsec,error can't get private key
 17:58:47 ipsec,info killing ike2 SA: peer1 192.168.2.15[4500]-192.168.2.14[4500] spi:f72f141417a39316:f8f8ffcf6c778b67
 17:58:57 ipsec,info new ike2 SA (I): peer1 192.168.2.15[4500]-192.168.2.14[4500] spi:092169a7e0132082:de8a29cf2fbc6a16
 17:58:57 ipsec,error can't get private key
 17:58:57 ipsec,info killing ike2 SA: peer1 192.168.2.15[4500]-192.168.2.14[4500] spi:092169a7e0132082:de8a29cf2fbc6a16
 
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 5:53 pm

dksoft - We will see about that... New packages are included in stable versions when we can consider them "stable". At the moment we can not promise that ROSE-storage will be included in v7.8, but we will do our best in order to make that happen. Of course, even if it will not be released with 7.8, it will be back in 7.9beta releases.
depth0cert - Changelog entries that you reder to are related to the "/ertificate import" command, not to the problem tha tyou refer to.
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 6:06 pm

depth0cert - Changelog entries that you reder to are related to the "/ertificate import" command, not to the problem tha tyou refer to.

This problem started with netinstalled 7.8beta2. I have repeatedly written on the forum and created a ticket SUP-105306. This bug is very easy to reproduce on the netinstalled 7.8beta2 and 7.8beta3.
Previously, my tickets with bugs (ipsec and certificate) were answered very quickly and competently by Emils Z. (great man) on bugtracker. But now the ticket SUP-105306 has no feedback at all.
 
massinia
Member Candidate
Member Candidate
Posts: 159
Joined: Thu Jun 09, 2022 7:20 pm

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 6:06 pm

*) zeroter - fixed routes after VRF change;
Many thanks :)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 6:07 pm

*) console - improved ":execute" command to output a string when a file is not specified;
.............................
Last edited by rextended on Fri Feb 03, 2023 7:22 pm, edited 2 times in total.
 
dksoft
Member Candidate
Member Candidate
Posts: 148
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 6:07 pm

dksoft - We will see about that... New packages are included in stable versions when we can consider them "stable". At the moment we can not promise that ROSE-storage will be included in v7.8, but we will do our best in order to make that happen. Of course, even if it will not be released with 7.8, it will be back in 7.9beta releases.
ROSE is pretty cool. I tried Btrfs/ext4 but they all do not allow faster SFTP transfers than 14Mbyte/s on a CCR2216 with NVMe. The interface says PCIe 4x8 GT/s and 31.5 Gbps.
What is the reason for that slow transfer?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 6:34 pm

...
.............................

What does it cost you to add one parameter instead of change the default values?

To simulate previous behaviour:
{
:put "OK"
:put [:execute ":resolve notexist.sht" file=/useless_change_that_broke_the_balls]
:put "OK"
}

>"OK"
>*24
>"OK"

Is not better to keep same previous behaviour simply adding a parameter instead of change the logic?

pseudo code

{
:put "OK"
:put [:execute ":resolve notexist.sht" return-errors=yes]
# return-errors can be no (and must be the default for keep the integrity of what already exist) or yes (the new wanted feature)
:put "OK"
}

>OK
>failure: dns name does not exist
>OK
However this addition IS ABSOLUTELY USEFUL... I already have some ideas in mind...
But it's how it's implemented, which destroys all existing scripts (which use ":execute", of course), that is bulls–t.
Last edited by rextended on Fri Feb 03, 2023 7:25 pm, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 6:43 pm

Well, actually I would welcome a new command or option that runs any other command and catches its output in a string or array without printing it on the terminal!
Preferably also waiting for the command to complete so no need to check in a loop if it has completed.
But of course it is never a good idea to implement that by changing critical existing behavior.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 7:04 pm

I'm happy for any scripting "improvements", but there is a list that's a mile long, which this wasn't one. And, I'm not sure the effects of changing :execute were fully considered. The new. :execute logic may be useful, but potentially breaking existing scripts is a pretty heavy burden...
But it's how it's implemented, which destroys all existing scripts (which use ":execute", of course), that is bulls–t.
Perhaps an "as-string" or "wait=yes" or whatever option to trigger it. Or it be better still if somehow preserved types on the return (e.g. "as-value"). More say existing syntax, while more complex, would have solve the telegram script's need & if y'all were going to muck with scripting to make things easier, way better targets than changing :execute.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 7:08 pm

Well, I think the construct [/command parameters] should just return any output from the command without printing the same on the terminal.
So, for example, :set $variable [/command parameters] should assign the output to a variable, similar to what $(command) does in Unix shells.
In MikroTik scripting, it sometimes is possible to do that, sometimes it requires additional as-value parameter, and often it does not work at all.
It would be better to fix THAT, so no :execute is required at all.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 7:16 pm

:execuite on this case is not for skip the print... of print... command...
is for do some things that RouterOS do not do itself...
 
User avatar
msilcher
just joined
Posts: 7
Joined: Mon Mar 09, 2009 9:39 pm
Location: Argentina

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 7:35 pm

*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;

Hi Mikrotik team,

Can you be more specific about this? I'm having random phase 2 IKEv2 rekey issues to a Cisco device and I'd like to know if this is related. BTW I created ticket [SUP-106360] but no news so far.

Thank you!!
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 7:41 pm

I'd say MT is pretty consistent with "as-value" (other than here), with only "/[cmd] get" implying as-value (since "print" is what you use at CLI instead of "get"). The only example where an as-value is missing that I recall is /tool/snmp-get (which I reported 2 years ago and remains unfixed).

To me, the CORE feature of :execute "code" is it a background operation, with no possible output and returns a "handle" to the task. I don't see why using some [:parse "..."] syntax wouldn't work instead of changing :execute?
 
fs0c13ty
just joined
Posts: 18
Joined: Fri Jun 09, 2017 8:33 am

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 7:51 pm

when pasting DoH address in winbox, it does not show DoH options unless you click mouse button or change url by space or backspace.
also when i upgrade routeros my schedulers was gone some how deleted.
 
fs0c13ty
just joined
Posts: 18
Joined: Fri Jun 09, 2017 8:33 am

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 7:55 pm

changing tmpfs max size does not affect immediately. if it is not possible to change it dynamically it is better to be seen as read only field after creation and cannot be set in cli.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 8:00 pm

Would be easy to handle that with a remount in the background...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 8:48 pm

I'd say MT is pretty consistent with "as-value" (other than here), with only "/[cmd] get" implying as-value (since "print" is what you use at CLI instead of "get"). The only example where an as-value is missing that I recall is /tool/snmp-get (which I reported 2 years ago and remains unfixed).
Another big one is "count-only". You can print count-only, but you cannot "get" it. And when you print count-only you cannot use "as-value".
Case where I encountered that: attempt to work around the "BGP received prefix count value always 0" bug in v7. See viewtopic.php?t=193118
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 9:00 pm

Another big one is "count-only". You can print count-only, but you cannot "get" it.
Fair enough, but [:len [find]] kinda does that for you. (And fixing the performance of the [find] in the first place ;) )
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 9:20 pm

Another big one is "count-only". You can print count-only, but you cannot "get" it.
Fair enough, but [:len [find]] kinda does that for you. (And fixing the performance of the [find] in the first place ;) )
Do you really think that when I want to know the number of routes for a certain "where" query, I need to fetch them all into an array and count the number of elements?
That is ridiculous, isn't it?
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 9:30 pm

Do you really think that when I want to know the number of routes for a certain "where" query, I need to fetch them all into an array and count the number of elements?
That is ridiculous, isn't it?
I believe you, but more odd that count-only be quicker, it has to do some enumeration. Anyway, certainly not arguing against some "print count-only as-value" – as that doesn't break anything in scripting
 
BluThunder
just joined
Posts: 11
Joined: Fri Aug 18, 2006 1:26 am

Re: v7.8beta [testing] is released!

Fri Feb 03, 2023 11:49 pm

CCR2004-16G-2S+ running good so far. Noticing the 7.8 betas are handling my 2gig internet much better. 7.7 I was getting tons of RX drops and the 7.8 betas have made a huge difference on this.
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.8beta [testing] is released!

Sat Feb 04, 2023 1:13 am

Bgp vpn4 path distribution and calculation still problem, i am not using this version for production yet
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 997
Joined: Fri Jun 26, 2020 4:37 pm

Re: v7.8beta [testing] is released!

Sat Feb 04, 2023 1:42 am

"ipv6 - improved handling of "advertise" IPv6 address status changes;"

What does this actually mean or do?
 
guipoletto
Member Candidate
Member Candidate
Posts: 195
Joined: Mon Sep 19, 2011 5:31 am

Re: v7.8beta [testing] is released!

Sat Feb 04, 2023 3:11 am

*) bridge - fixed adding disabled MSTI;
Hun, i think i'm affected by this (on CRS317 running V6.49)

Could you ellaborate more on the "not recommended for CRS3xx" flag?

I was actually planning to upgrade to v7.7 due to the MSTP fixes.
 
snowzach
just joined
Posts: 2
Joined: Wed Jan 19, 2022 3:55 pm

Re: v7.8beta [testing] is released!

Sat Feb 04, 2023 3:23 am

The breaking changes to DNS on Router OS 7.7 are slightly better but still not fixed on 7.8b3. The issues is that there is no way to make the Router the authoritative DNS server for a domain.. (which is fine) It ends up hanging in some cases (from servers) or just returning NXDOMAIN for AAAA records and the host will never try to do an A lookup for a domain that lives in the router because it thinks the domain doesn’t exist.

There is potentially an easy fix for this that hopefully would not require a huge overhaul...

Allow the user to enter an A or AAAA static entry but have no address or point to an empty address list. If it hit this static rule, it would return a valid response with no entries. (this is NOERROR which is what router OS 7.6 used to return instead of NXDOMAIN in 7.7)

This would allow the router to mimic being an authoritative DNS server for a domain and would fix many networking issues.

The reason this is an issue is because a lot of machines will first query for an AAAA record, if it gets an NXDOMAIN it gives up and never tries for an A record. If we can create a static entry for an AAAA record with no address a returns valid request for a domain but no answers (NOERROR), it will then correctly query for an A record.
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.8beta [testing] is released!

Sat Feb 04, 2023 9:32 am

After upgrade to 7.8beta3 RB5009UPr+ PoE issue happen again. fix on 7.8alpha227
please check ticket SUP-105042

on ether1-2.5G is UBNT U6-Enterprise
on ether5-1G is UBNT U6-LR
10:14:30 interface,info ether5 link down
 10:14:33 interface,info ether5 link up (speed 1G, full duplex)
 10:15:35 interface,info sfp-sfpplus1 link down
 10:15:35 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:16:34 interface,info sfp-sfpplus1 link down
 10:16:34 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:16:42 interface,info sfp-sfpplus1 link down
 10:16:42 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:17:00 interface,info sfp-sfpplus1 link down
 10:17:01 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:17:29 interface,info sfp-sfpplus1 link down
 10:17:29 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:18:17 interface,info sfp-sfpplus1 link down
 10:18:17 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:18:35 poe-out,debug ether5 detected poe-out status: disabled
 10:18:35 interface,info ether5 link down
 10:18:45 poe-out,debug ether5 detected poe-out status: wait_for_load
 10:18:45 poe-out,debug ether5 detected poe-out status: on
 10:18:53 interface,info ether5 link up (speed 1G, full duplex)
 10:19:01 interface,info sfp-sfpplus1 link down
 10:19:01 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:19:03 interface,info ether5 link down
 10:19:16 interface,info ether5 link up (speed 1G, full duplex)
 10:19:18 interface,info sfp-sfpplus1 link down
 10:19:18 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:19:42 interface,info sfp-sfpplus1 link down
 10:19:43 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:20:00 interface,info sfp-sfpplus1 link down
 10:20:00 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:21:18 interface,info ether1 link down
 10:21:20 interface,info ether1 link up (speed 2.5G, full duplex)
 10:21:32 interface,info sfp-sfpplus1 link down
 10:21:32 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:21:33 interface,info sfp-sfpplus1 link down
 10:21:33 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:21:37 interface,info sfp-sfpplus1 link down
 10:21:37 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:21:47 interface,info sfp-sfpplus1 link down
 10:21:47 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:21:51 interface,info ether1 link down
 10:21:52 interface,info ether1 link up (speed 2.5G, full duplex)
 10:21:55 interface,info ether1 link down
 10:22:01 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:03 interface,info ether1 link down
 10:22:04 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:07 interface,info ether1 link down
 10:22:09 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:10 interface,info sfp-sfpplus1 link down
 10:22:10 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:22:22 interface,info ether1 link down
 10:22:24 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:38 interface,info ether1 link down
 10:22:40 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:43 interface,info ether1 link down
 10:22:44 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:48 interface,info ether1 link down
 10:22:50 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:53 interface,info ether1 link down
 10:22:55 interface,info ether1 link up (speed 2.5G, full duplex)
 10:23:07 interface,info ether1 link down
 10:23:13 interface,info ether1 link up (speed 2.5G, full duplex)
 10:23:15 interface,info ether1 link down
 10:23:16 interface,info ether1 link up (speed 2.5G, full duplex)
 10:26:07 interface,info ether1 link down
 10:26:10 interface,info ether1 link up (speed 2.5G, full duplex)
 
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.8beta [testing] is released!

Sat Feb 04, 2023 3:39 pm

What's new in 7.8beta3 (2023-Feb-01 16:10):

Important note!!!

Version is not recommended on CRS3xx devices.
can someone please further describe what are the impacts those releases are not recommended on CRS3xx devices?
 
gabacho4
Member
Member
Posts: 329
Joined: Mon Dec 28, 2020 12:30 pm
Location: Earth

Re: v7.8beta [testing] is released!

Sat Feb 04, 2023 4:14 pm

If I had to guess it's the L3 offloading. I remember a similar warning being given previously. It's probably not stable on the CRS3xx or something like that right now.
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.8beta [testing] is released!

Sat Feb 04, 2023 4:21 pm

What's new in 7.8beta3 (2023-Feb-01 16:10):

Important note!!!

Version is not recommended on CRS3xx devices.

Changes in this release:

*) certificate - fixed PBES2 certificate import;
*) certificate - improved multiple certificate import process;

SUP-106766 private-keys-imported: 0

NETINSTALLED 7.7 - OK
[admin@MikroTik] > /certificate add common-name=r1-ca days-valid=3652 key-size=prime256v1 key-usage=key-cert-sign,crl-sign name=r1-ca subject-alt-name=email:r1-ca
[admin@MikroTik] > :do {/certificate sign [find name=r1-ca] name=r1-ca} on-error={:delay 3}
  progress: done
[admin@MikroTik] > /certificate export-certificate r1-ca file-name=r1-ca export-passphrase=passphrase type=pem
[admin@MikroTik] > /certificate remove r1-ca
[admin@MikroTik] > /certificate import file-name=r1-ca.crt name=r1-ca passphrase=passphrase
     certificates-imported: 1
     private-keys-imported: 0
            files-imported: 0
       decryption-failures: 0
  keys-with-no-certificate: 0
[admin@MikroTik] > /certificate import file-name=r1-ca.key name=r1-ca passphrase=passphrase
     certificates-imported: 0
     private-keys-imported: 1
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0


NETINSTALLED 7.8beta2 - OK

[admin@MikroTik] > /certificate add common-name=r1-ca days-valid=3652 key-size=prime256v1 key-usage=key-cert-sign,crl-sign name=r1-ca subject-alt-name=email:r1-ca
[admin@MikroTik] > :do {/certificate sign [find name=r1-ca] name=r1-ca} on-error={:delay 3}
  progress: done
[admin@MikroTik] > /certificate export-certificate r1-ca file-name=r1-ca export-passphrase=passphrase type=pem
[admin@MikroTik] > /certificate remove r1-ca
[admin@MikroTik] > /certificate import file-name=r1-ca.crt name=r1-ca passphrase=passphrase
     certificates-imported: 1
     private-keys-imported: 0
            files-imported: 0
       decryption-failures: 0
  keys-with-no-certificate: 0
[admin@MikroTik] > /certificate import file-name=r1-ca.key name=r1-ca passphrase=passphrase
     certificates-imported: 0
     private-keys-imported: 1
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0


NETINSTALLED 7.8beta3 - NO

[admin@MikroTik] > /certificate add common-name=r1-ca days-valid=3652 key-size=prime256v1 key-usage=key-cert-sign,crl-sign name=r1-ca subject-alt-name=email:r1-ca
[admin@MikroTik] > :do {/certificate sign [find name=r1-ca] name=r1-ca} on-error={:delay 3}
  progress: done
[admin@MikroTik] > /certificate export-certificate r1-ca file-name=r1-ca export-passphrase=passphrase type=pem
[admin@MikroTik] > /certificate remove r1-ca
[admin@MikroTik] > /certificate import file-name=r1-ca.crt name=r1-ca passphrase=passphrase
     certificates-imported: 1
     private-keys-imported: 0
            files-imported: 0
       decryption-failures: 0
  keys-with-no-certificate: 0
[admin@MikroTik] > /certificate import file-name=r1-ca.key name=r1-ca passphrase=passphrase
     certificates-imported: 0
     private-keys-imported: 0
            files-imported: 0
       decryption-failures: 0
  keys-with-no-certificate: 0
Last edited by depth0cert on Sat Feb 04, 2023 4:42 pm, edited 4 times in total.
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.8beta [testing] is released!

Sat Feb 04, 2023 4:27 pm

What's new in 7.8beta3 (2023-Feb-01 16:10):

Important note!!!

Version is not recommended on CRS3xx devices.

Changes in this release:

SUP-105306 ipsec,error can't get private key- support just simple ingore this bug
 
maigonis
Member Candidate
Member Candidate
Posts: 180
Joined: Sat Jul 20, 2019 8:16 pm

Re: v7.8beta [testing] is released!

Sat Feb 04, 2023 4:49 pm

After upgrade to 7.8beta3 RB5009UPr+ PoE issue happen again. fix on 7.8alpha227
please check ticket SUP-105042

on ether1-2.5G is UBNT U6-Enterprise
on ether5-1G is UBNT U6-LR
10:14:30 interface,info ether5 link down
 10:14:33 interface,info ether5 link up (speed 1G, full duplex)
 10:15:35 interface,info sfp-sfpplus1 link down
 10:15:35 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:16:34 interface,info sfp-sfpplus1 link down
 10:16:34 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:16:42 interface,info sfp-sfpplus1 link down
 10:16:42 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:17:00 interface,info sfp-sfpplus1 link down
 10:17:01 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:17:29 interface,info sfp-sfpplus1 link down
 10:17:29 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:18:17 interface,info sfp-sfpplus1 link down
 10:18:17 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:18:35 poe-out,debug ether5 detected poe-out status: disabled
 10:18:35 interface,info ether5 link down
 10:18:45 poe-out,debug ether5 detected poe-out status: wait_for_load
 10:18:45 poe-out,debug ether5 detected poe-out status: on
 10:18:53 interface,info ether5 link up (speed 1G, full duplex)
 10:19:01 interface,info sfp-sfpplus1 link down
 10:19:01 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:19:03 interface,info ether5 link down
 10:19:16 interface,info ether5 link up (speed 1G, full duplex)
 10:19:18 interface,info sfp-sfpplus1 link down
 10:19:18 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:19:42 interface,info sfp-sfpplus1 link down
 10:19:43 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:20:00 interface,info sfp-sfpplus1 link down
 10:20:00 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:21:18 interface,info ether1 link down
 10:21:20 interface,info ether1 link up (speed 2.5G, full duplex)
 10:21:32 interface,info sfp-sfpplus1 link down
 10:21:32 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:21:33 interface,info sfp-sfpplus1 link down
 10:21:33 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:21:37 interface,info sfp-sfpplus1 link down
 10:21:37 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:21:47 interface,info sfp-sfpplus1 link down
 10:21:47 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:21:51 interface,info ether1 link down
 10:21:52 interface,info ether1 link up (speed 2.5G, full duplex)
 10:21:55 interface,info ether1 link down
 10:22:01 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:03 interface,info ether1 link down
 10:22:04 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:07 interface,info ether1 link down
 10:22:09 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:10 interface,info sfp-sfpplus1 link down
 10:22:10 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:22:22 interface,info ether1 link down
 10:22:24 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:38 interface,info ether1 link down
 10:22:40 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:43 interface,info ether1 link down
 10:22:44 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:48 interface,info ether1 link down
 10:22:50 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:53 interface,info ether1 link down
 10:22:55 interface,info ether1 link up (speed 2.5G, full duplex)
 10:23:07 interface,info ether1 link down
 10:23:13 interface,info ether1 link up (speed 2.5G, full duplex)
 10:23:15 interface,info ether1 link down
 10:23:16 interface,info ether1 link up (speed 2.5G, full duplex)
 10:26:07 interface,info ether1 link down
 10:26:10 interface,info ether1 link up (speed 2.5G, full duplex)
 
I have flapping ports also, but not POE related. I use 7.8beta3 on my Rb450G4 and ax3 connected to it (also cap ac). ax3 reboots whit kernel failure quite often.
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.8beta [testing] is released!

Sat Feb 04, 2023 4:55 pm

Dear MT, whats happening?!
For last 6 mount i have closed 5 bugs in tracker for PKI in 7.7. Thank you for that.
But now you just ignore without ANY feedback my new tickets SUP-106766 and SUP-105306.
What it is? Cancelling me or what?
PKI is critical system and now i willing to bet what this bugs will go in stable 7.8.
 
shaw627
just joined
Posts: 11
Joined: Wed Aug 29, 2018 6:34 pm

Re: v7.8beta [testing] is released!

Sat Feb 04, 2023 7:40 pm

Just had a quick review on AC2 and RB4011 with 7.8b3, and I found a new issue of logging.
Log files would not completely show up all messages such as red warning and blue error sometimes.
BTW, DNS cache problem that cache couldn't be flushed has been fixed since 7.8b3.
Last edited by shaw627 on Sat Feb 04, 2023 7:48 pm, edited 1 time in total.
 
MartinsG
just joined
Posts: 12
Joined: Thu Sep 15, 2022 7:58 am

Re: v7.8beta [testing] is released!

Sat Feb 04, 2023 7:42 pm

Hi!
How far is wifiwave2 caps-man in 7.8beta3? Looks like datapath.local-forwarding is set YES, or rather this paramater do not exist and caps-man forwarding do not exist. Would be nice to have it soon back, manage diferent sumbnets in CAP netwokr is a hassele.
 
ivicask
Member
Member
Posts: 417
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: v7.8beta [testing] is released!

Sun Feb 05, 2023 3:34 pm

After beta 3 my HAP AC2 has only 2% disk free(zero files on disk) i cant even make config backup now.
 
MartinsG
just joined
Posts: 12
Joined: Thu Sep 15, 2022 7:58 am

Re: v7.8beta [testing] is released!

Mon Feb 06, 2023 10:33 am

I have flapping POE port also.
hAP ax3 (C53UiG+5HPaxD2HPaxD) with 7.8beta3 powreing ATLGM (7.7) and since 7.8beta3 on hAP ax3 it tryes to negosiate 1G, then it drops donw to 100Mbps and then link down and back to 100Mbs.
 07:12:02 interface,info ether1 link up (speed 1G, full duplex)
 09:07:54 interface,info ether1 link down
 09:08:08 interface,info ether1 link up (speed 100M, full duplex)
 09:08:46 interface,info ether1 link down
 09:09:00 interface,info ether1 link up (speed 100M, full duplex)
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.8beta [testing] is released!

Mon Feb 06, 2023 11:10 am

Another big one is "count-only". You can print count-only, but you cannot "get" it. And when you print count-only you cannot use "as-value".
Not sure what do you mean by "get", if you mena to use the value in scripts you can certainly do it
[admin@3C22-atombumba] /ip/route> :global a [print count-only ]
36
[admin@3C22-atombumba] /ip/route> :put $a 
36

 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Mon Feb 06, 2023 11:25 am

Another big one is "count-only". You can print count-only, but you cannot "get" it. And when you print count-only you cannot use "as-value".
Not sure what do you mean by "get", if you mena to use the value in scripts you can certainly do it
[admin@3C22-atombumba] /ip/route> :global a [print count-only ]
36
[admin@3C22-atombumba] /ip/route> :put $a 
36

The problem is the first printing of "36". That should not happen. I want to "get" the value in a variable, NOT "print it on the terminal".
Only the second one (the :put $a) should print anything, the first should just be silent.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.8beta [testing] is released!

Mon Feb 06, 2023 11:36 am

It is printed only when you run it manually from the terminal. The point is that you can use it in the scripts.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Mon Feb 06, 2023 11:40 am

The point is that you can use it in the scripts.
I want to make a script that I can start from the terminal and that collects some values like that and prints them in a formatted table.
The bare values retrieved appear as noise before the normal output of the script. That is annoying.
I think the :set variable [command] construct should run any command and put the output of that command in the variable, and not on the terminal.
That would be useful in other contexts, and with that change there would be no reason to use the tricky :execute construct (and no reason to break it, as in this release).

Of course it would also be useful to have a possibility to run a script directly from the GUI and get its output in a window, but that is another topic.
 
alacis
just joined
Posts: 1
Joined: Sat Feb 04, 2023 2:16 pm

Re: v7.8beta [testing] is released!

Mon Feb 06, 2023 11:55 am

More like information for others, if facing similar issue:

After upgrading Chateau LTE12 (RBD53G-5HacD2HnD) and Chateau 5G devices from 7.8beta2 to 7.8beta3 the LEDs indicating modem signal strength stop working (no LEDs for signal strength 1-5 are working, other LEDs are working as expected), rebooting device doesn't fix the issue. Currently I have find out that manually going to LEDs section and disabling/enabling "modem signal" configuration resolves the problem and LEDs turn on and works correctly.
 
dksoft
Member Candidate
Member Candidate
Posts: 148
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.8beta [testing] is released!

Mon Feb 06, 2023 2:57 pm

dksoft - We will see about that...
This was about rsync support in ROSE-package as statet out in the online documentation.
All I found is /rsync-daemon set enabled=yes.

Any update how to use it?
 
User avatar
antonsb
MikroTik Support
MikroTik Support
Posts: 385
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: v7.8beta [testing] is released!

Mon Feb 06, 2023 3:03 pm

What is the reason for that slow transfer?
SFTP is slow single connection protocol, run multiple instances parallel to get faster results.
For rsync - please read rose manual page.
 
EBMCreative
just joined
Posts: 3
Joined: Fri Sep 03, 2021 7:01 pm

Re: v7.8beta [testing] is released!

Mon Feb 06, 2023 7:31 pm

Why are crs3?? Devices being recommended to not upgrade version 7.8?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5324
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.8beta [testing] is released!

Mon Feb 06, 2023 8:02 pm

Because it is a beta version and they know already in advance it doesn't work on that platform.
It needs more work.
Simple.
Would you prefer it otherwise ?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.8beta [testing] is released!

Mon Feb 06, 2023 8:12 pm

@holvoetn
Wasted time, people instantly install anything new, they install it right away, they don't care if it's alpha, beta or omega, and often don't even read the release notes...
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.8beta [testing] is released!

Mon Feb 06, 2023 8:23 pm

The point is that you can use it in the scripts.
I think the :set variable [command] construct should run any command and put the output of that command in the variable, and not on the terminal.
This make some sense to me. I'm just note sure it comes up in a lot of cases... I still think the problem with your "print count-only" is that RouterOS should respect an "as-value" which could prevent the output in your formatted table. (Or [find] should be closer in performance ;))

And still a -1 to the :execute changes here.
 
hecatae
Member Candidate
Member Candidate
Posts: 244
Joined: Thu May 21, 2020 2:34 pm

Re: v7.8beta [testing] is released!

Mon Feb 06, 2023 9:53 pm

After upgrading Chateau LTE12 (RBD53G-5HacD2HnD) and Chateau 5G devices from 7.8beta2 to 7.8beta3 the LEDs indicating modem signal strength stop working (no LEDs for signal strength 1-5 are working, other LEDs are working as expected), rebooting device doesn't fix the issue.
I am unable to recreate this on my 5G or LTE12, are you updating both routerboard and RouterOS?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Mon Feb 06, 2023 10:29 pm

I think the :set variable [command] construct should run any command and put the output of that command in the variable, and not on the terminal.
This make some sense to me. I'm just note sure it comes up in a lot of cases...
It would be the same as the $(command) construct in e.g. bash. It is handy in a lot of cases!
What I still do not understand is how it would be design to have [command] return a value for use in a variable assignment, but AT THE SAME TIME still output to the terminal!
Output redirection (into a file, a variable, a pipe, whatever) always REPLACES the default output to the terminal, in any other system.
To have both the redirected output and the plain terminal output, one would expect a specific duplication tool like "tee" to be used.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: v7.8beta [testing] is released!

Mon Feb 06, 2023 10:45 pm

Yeah, I also dislike that construction and the wrongly used "semantics" as well the lack of error numbers (for use in scripts and logging) and the inability to catch errors message.

I had hoped that this would have been fixed in v7 but alas..
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 12:02 am

It would be the same as the $(command) construct in e.g. bash. It is handy in a lot of cases!
What I still do not understand is how it would be design to have [command] return a value for use in a variable assignment, but AT THE SAME TIME still output to the terminal!
Output redirection (into a file, a variable, a pipe, whatever) always REPLACES the default output to the terminal, in any other system.
To have both the redirected output and the plain terminal output, one would expect a specific duplication tool like "tee" to be used.
All of what you write is about low level scripting languages. In bash you have just variable substitution ($(command)), in- and output redirection (|, <, >, ...) and numerical return code (available with $? or when using && and ||).

The scripting in RouterOS is more like higher level scripting or programming languages here. There you can make a function return complex variables, data structures or objects. Please do not break this.

There are some rough edges in RouterOS scripting, but most of this is really well done.
 
ivicask
Member
Member
Posts: 417
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 1:01 am

And another issue I just noticed on beta 3 my Dyndns script cant finish updating IP, it doesn't come to part where it writes to disk, but If I manually run script instead scheduler it finishes.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 1:04 am

Can be a bug on your script, open a separate topic.

************************

The problem is the same of
/export verbose compact
Is exported compact or verbose?
Verbose override compact,
and count-only override as-value,
tons of other similar examples can be possible.
Simply some instruction combination provide unexpected results.
Is better something like
/export format=verbose (default is format=compact)
:local totiponaddrlist [/ip firewall address-list count-only where list="testlist"] (no find or print, simple a count-only function)
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 1:55 am

Me doth protest to too much re :execute... I went to quote the Scripting help page for :execute (since I know it mentioned backgrounding) but seem they resolved with 'as-string'. While it adds to the oddities, that doesn't break old scripts.
:execute
Execute the script in the background.
The result can be written in the file by setting a "file" parameter or printed to the CLI by setting "as-string".
When using "as-string" parameter executed script is blocking (not executed in the background).
The docs are ahead of the release, that's a welcomed first!
 
EBMCreative
just joined
Posts: 3
Joined: Fri Sep 03, 2021 7:01 pm

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 1:59 am

Because it is a beta version and they know already in advance it doesn't work on that platform.
It needs more work.
Simple.
Would you prefer it otherwise ?
I am ok with that. Just more worried that 7.7 would be the last update for them.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 2:19 am

The docs are ahead of the release, that's a welcomed first!

I hope someone has read this and be inspired from that...
viewtopic.php?t=192810#p982011
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 2:38 am



I am ok with that. Just more worried that 7.7 would be the last update for them.
it won't. why would it?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 10:36 am

And still a -1 to the :execute changes here.
:execute change was a mistake for this beta and will be fixed in the next beta.
 
dksoft
Member Candidate
Member Candidate
Posts: 148
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 11:08 am

For rsync - please read rose manual page.
Please give me a help: All I find is this page: https://help.mikrotik.com/docs/display/ROS/ROSE-storage
It only tells that rsync is support. I can't more searching the manual pages with keyword "rsync".
Also, I can not find any information about "/rsync-daemon".

Thanks,
dksoft
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 11:15 am

:execute change was a mistake for this beta and will be fixed in the next beta.

Excellent, thank you! While you're at it, it would be really great if you someway could try to separate or redirect error message in the output stream as well.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 11:59 am

All of what you write is about low level scripting languages. In bash you have just variable substitution ($(command))
Wait! $(command) is NOT variable substitution! It means: run "command", catch its output, and return that as a value. It was before known as `command`.
Do NOT confuse it with $variable. You would use it in an assignment like var=$(hostname) where hostname is a COMMAND that prints the hostname. You would get the hostname in the variable var, but it would NOT appear on your screen, unless you e.g. to echo $var.
That is exactly equivalent to RouterOS :set $variable [command] and it does result in the same thing for most commands, except that it still prints the command output on the terminal. That is just silly.
The scripting in RouterOS is more like higher level scripting or programming languages here. There you can make a function return complex variables, data structures or objects. Please do not break this.
I agree, but that is not what I am asking for. What I am asking for is that ANY command that outputs text to the terminal can be run in a [command] construct and that will return the output in a string form (maybe an array when it is multi-line) and it will NOT print the same thing on the terminal. Of course there would still be the possibility of returning structured data in some situations using the strangely named as-value option (why not as-array?).
There are some rough edges in RouterOS scripting, but most of this is really well done.
I think there are unexpected and unreasonable limitations in the expression evaluator (you cannot write everything you want as a single expression, at some point you need to split it in multiple steps or it will not work correctly), and also the diagnostics and debug info in such cases is really problematic.
But it is great that there is a scripting language at all. Pity that they abandoned the use of a standard language and went fully RouterOS-specific after hitting some security problems when using lua.
 
fragtion
Member Candidate
Member Candidate
Posts: 257
Joined: Fri Nov 13, 2009 10:08 pm
Location: Johannesburg, South Africa

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 12:11 pm

And another issue I just noticed on beta 3 my Dyndns script cant finish updating IP, it doesn't come to part where it writes to disk, but If I manually run script instead scheduler it finishes.

I noticed same issue here. My dyndns script doesn't update anymore from on scheduler (although the "Last Time Started" counter for the script does suggest the script runs). If I execute the script manually it works.

Scheduler:
/system scheduler add interval=5m name=dyndns on-event="/system script run dyndns" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=may/04/2020 start-time=00:00:00
Script:
/system script add dont-require-permissions=no name=dyndns owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="
    \n:local myip [/ip/address/get [find where interface=pppoe1] address]\r\
    \n:set myip [:pick \$myip 0 [:find \$myip \"/\"]]\r\
    \n\r\
    \n/tool fetch keep-result=no url=(\"http://freedns.afraid.org/dynamic/update.php\\\?abcdREMOVEDefghijk=&address=\$myip\")\r\
    \n/tool fetch keep-result=no url=(\"https://www.duckdns.org/update\?domains=REMOVED&token=abcdREMOVEDefghijk&ip=\$myip\")"
This script is very simple - it just gets IP address and does http fetch (I've removed any local/env checking to see if the IP actually changed before doing the fetch)

Edit
* I updated the script to output/log a message at each stage of the script running. It all works fine until "fetch", so that's where things are breaking (if /tool/fetch is called by scheduler)
* Same problem if the code is moved to scheduler section without running a separate script
* Same problem if the code is moved to PPP profiles "On Up" Scripts. So actually it isn't a problem with Scheduler, but with scripts Executed by the system rather than manually by user.
Last edited by fragtion on Tue Feb 07, 2023 12:43 pm, edited 6 times in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 12:12 pm

The docs are ahead of the release, that's a welcomed first!
What still surprises me is that that luxurious ATLASSIAN documentation system does not support documentation tied to a product release version...
(so you can show the documentation as it pertains to the product release you are using, and the team members can already work on documentation changes for a next version before it is released)
It does have version control on the documentation pages itself, but it is only the version of the page, not the version of the product.
It would be so nice when you could toggle some setting at the top and see the docs for 6.49.7 instead of 7.7 or 7.8beta.... and even better when you could hover over some item and see the version where this capability was introduced.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 12:29 pm

What still surprises me is that that luxurious ATLASSIAN documentation system does not support documentation tied to a product release version...

But it does (and maybe you're being ironic ;- ). It's a central part of release management using jira, you just have to know how to manage it.
 
dksoft
Member Candidate
Member Candidate
Posts: 148
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 1:32 pm

And another issue I just noticed on beta 3 my Dyndns script cant finish updating IP, it doesn't come to part where it writes to disk, but If I manually run script instead scheduler it finishes.
I noticed same issue here. My dyndns script doesn't update anymore from on scheduler (although the "Last Time Started" counter for the script does suggest the script runs). If I execute the script manually it works.
Same here, I changed to
/tool fetch url="..." as-value output=user
and things worked again.
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 1:46 pm

I am ok with that. Just more worried that 7.7 would be the last update for them.
Mikrotik have a policy of supporting any given model for 5 years after it's discontinued. At least had, and I don't think it changed. So...
 
DenisPDA
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Tue Sep 04, 2018 5:42 pm

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 2:14 pm

Looks like DoH prioritization was broken in 7.8beta3
MT_DoH.JPG
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 2:39 pm

And still a -1 to the :execute changes here.
:execute change was a mistake for this beta and will be fixed in the next beta.
Image
 
ivicask
Member
Member
Posts: 417
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 3:09 pm


I noticed same issue here. My dyndns script doesn't update anymore from on scheduler (although the "Last Time Started" counter for the script does suggest the script runs). If I execute the script manually it works.
Same here, I changed to
/tool fetch url="..." as-value output=user
and things worked again.
Could you share full script as you got working now if its not a problem ?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 3:20 pm

Open separate topic, or go to one of the thousand topic about dyndns & similar that already exist
 
ivicask
Member
Member
Posts: 417
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 4:49 pm

Open separate topic, or go to one of the thousand topic about dyndns & similar that already exist
Why if its 100% related to beta 3 update, it needs to be adressed and known why it happens, this script worked untouched for 5 + years for me on 100+ routers, its first time stoped working on v7.8 beta.3.
And its not even that the script it doesnt work, it works FINE, it doesnt work when called from Scheduler or on Up/Down scripts etc.

Why?What was documented change that broke it?
 
darkmanlv
newbie
Posts: 35
Joined: Thu Mar 26, 2015 3:19 pm
Location: Riga, Latvia
Contact:

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 6:08 pm

7.8beta2 is more stable than 7.8beta3

had problem with device freezes with 7.7, tried to use 7.8beta2 problem was resolved, now after updating to 7.8beta3 device again started to freeze or random reboot with kernel failure...

tested on hex s and hap ac3, same behaviour. Hex S with no advanced fw, hap ac3 without any rules like AP.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 6:59 pm

7.8beta2 is more stable than 7.8beta3
tested on hex s and hap ac3, same behavior.
I am running 7.8b3 on HAP AC3 without any issues.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 7:04 pm

7.8beta2 is more stable than 7.8beta3

had problem with device freezes with 7.7, tried to use 7.8beta2 problem was resolved, now after updating to 7.8beta3 device again started to freeze or random reboot with kernel failure...
In such cases, export the config, netinstall the device, and import the config from the export file.
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 997
Joined: Fri Jun 26, 2020 4:37 pm

Re: v7.8beta [testing] is released!

Tue Feb 07, 2023 8:14 pm

@holvoetn
Wasted time, people instantly install anything new, they install it right away, they don't care if it's alpha, beta or omega, and often don't even read the release notes...
Even sigma?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 4:05 am

On the greek alphabet, the Alpha is the first, Omega is the last, and Sigma obviously is included...
 
maigonis
Member Candidate
Member Candidate
Posts: 180
Joined: Sat Jul 20, 2019 8:16 pm

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 10:18 am

After upgrade to 7.8beta3 RB5009UPr+ PoE issue happen again. fix on 7.8alpha227
please check ticket SUP-105042

on ether1-2.5G is UBNT U6-Enterprise
on ether5-1G is UBNT U6-LR
10:14:30 interface,info ether5 link down
 10:14:33 interface,info ether5 link up (speed 1G, full duplex)
 10:15:35 interface,info sfp-sfpplus1 link down
 10:15:35 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:16:34 interface,info sfp-sfpplus1 link down
 10:16:34 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:16:42 interface,info sfp-sfpplus1 link down
 10:16:42 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:17:00 interface,info sfp-sfpplus1 link down
 10:17:01 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:17:29 interface,info sfp-sfpplus1 link down
 10:17:29 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:18:17 interface,info sfp-sfpplus1 link down
 10:18:17 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:18:35 poe-out,debug ether5 detected poe-out status: disabled
 10:18:35 interface,info ether5 link down
 10:18:45 poe-out,debug ether5 detected poe-out status: wait_for_load
 10:18:45 poe-out,debug ether5 detected poe-out status: on
 10:18:53 interface,info ether5 link up (speed 1G, full duplex)
 10:19:01 interface,info sfp-sfpplus1 link down
 10:19:01 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:19:03 interface,info ether5 link down
 10:19:16 interface,info ether5 link up (speed 1G, full duplex)
 10:19:18 interface,info sfp-sfpplus1 link down
 10:19:18 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:19:42 interface,info sfp-sfpplus1 link down
 10:19:43 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:20:00 interface,info sfp-sfpplus1 link down
 10:20:00 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:21:18 interface,info ether1 link down
 10:21:20 interface,info ether1 link up (speed 2.5G, full duplex)
 10:21:32 interface,info sfp-sfpplus1 link down
 10:21:32 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:21:33 interface,info sfp-sfpplus1 link down
 10:21:33 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:21:37 interface,info sfp-sfpplus1 link down
 10:21:37 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:21:47 interface,info sfp-sfpplus1 link down
 10:21:47 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:21:51 interface,info ether1 link down
 10:21:52 interface,info ether1 link up (speed 2.5G, full duplex)
 10:21:55 interface,info ether1 link down
 10:22:01 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:03 interface,info ether1 link down
 10:22:04 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:07 interface,info ether1 link down
 10:22:09 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:10 interface,info sfp-sfpplus1 link down
 10:22:10 interface,info sfp-sfpplus1 link up (speed 10G, full duplex)
 10:22:22 interface,info ether1 link down
 10:22:24 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:38 interface,info ether1 link down
 10:22:40 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:43 interface,info ether1 link down
 10:22:44 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:48 interface,info ether1 link down
 10:22:50 interface,info ether1 link up (speed 2.5G, full duplex)
 10:22:53 interface,info ether1 link down
 10:22:55 interface,info ether1 link up (speed 2.5G, full duplex)
 10:23:07 interface,info ether1 link down
 10:23:13 interface,info ether1 link up (speed 2.5G, full duplex)
 10:23:15 interface,info ether1 link down
 10:23:16 interface,info ether1 link up (speed 2.5G, full duplex)
 10:26:07 interface,info ether1 link down
 10:26:10 interface,info ether1 link up (speed 2.5G, full duplex)
 
I have flapping ports also, but not POE related. I use 7.8beta3 on my Rb450G4 and ax3 connected to it (also cap ac). ax3 reboots whit kernel failure quite often.
It was POE port related. ax3 in my network topology is connected to rb450g4 on port 5 (that is POE). I am powering device whit mains power, but still POE ports did their thing. As result ax3 crashed whit kernel failure, rb450g4 just flapped ports, 4 bridge ports. I disabled POE feature on both devices and issue stopped. ax3 have no downtime and rb450g4 port are up for 4 days. On 7.7 all was fine.
 
dksoft
Member Candidate
Member Candidate
Posts: 148
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 10:29 am

Same here, I changed to
/tool fetch url="..." as-value output=user
and things worked again.
Could you share full script as you got working now if its not a problem ?

Here is my he.net DDNS update script for IPv4 and IPv6. It was not running on 7.8b3 before I made the above change.
:global IPv4addr
:global IPv6addr
:global IPv6prefix
:global DDNSforce

:local WAN4 "1U1-FTTH"
:local POOL6 "1U1-pool6"

# get actual IPv4 address
:local actualIPv4 [/ip address get [find interface="$WAN4"] address]

# check if WAN IPv4 address did change or update is forced
:if ($DDNSforce = "YES" or [:tostr $actualIPv4] != [:tostr $IPv4addr]) do= {
  :if ($DDNSforce = "YES") do= {
    /log info ("DDNS-check: WAN IPv4 forced DDNS update to $actualIPv4")
  } else= {
    /log info ("DDNS-check: WAN IPv4 address changed from $IPv4addr to $actualIPv4")
  }

  # strip netmask from IP address
  :local IPv4 [:pick $actualIPv4 0 [:find $actualIPv4 "/"]]

  # update Hurricane Electric DDNS IPv4 address
  :local FURL "https://dyn.dns.he.net/nic/update\?password=xxx-xxx-xxx"

  /tool fetch url="$FURL&hostname=host1.foo.bar&myip=$IPv4" as-value output=user
  /tool fetch url="$FURL&hostname=ipv4.host1.foo.bar&myip=$IPv4" as-value output=user
  /tool fetch url="$FURL&hostname=host2.foo.bar&myip=$IPv4" as-value output=user

  # store new IPv4 address for later comparisment
  :set IPv4addr $actualIPv4
}


# get actual IPv6 address
:local actualIPv6 [/ipv6 address get [find comment="$POOL6" interface="LAN"] address]

# check if WAN IPv6 address did change or update is forced
:if ($DDNSforce = "YES" or [:tostr $IPv6addr] != [:tostr $actualIPv6]) do= {
  :if ($DDNSforce = "YES") do= {
    /log info ("DDNS-check: WAN IPv6 forced DDNS update to $actualIPv6")
  } else= {
    /log info ("DDNS-check: WAN IPv6 address changed from $IPv6addr to $actualIPv6")
  }

  # strip netmask from IP address
  :local IPv6 [:pick $actualIPv6 0 [:find $actualIPv6 "/"]]

  # get IPv6 prefix from IP address
  :local pos [:find $IPv6 ":" 0]
  :set pos [:find $IPv6 ":" $pos]
  :set pos [:find $IPv6 ":" $pos]
  :set pos [:find $IPv6 ":" $pos]
  :set IPv6prefix [:pick $IPv6 0 $pos]

  # update Hurricane Electric DDNS IPv6 address
  :local FURL "https://dyn.dns.he.net/nic/update\?password=xxx-xxx-xxx"

  /tool fetch url="$FURL&hostname=host1.foo.bar&myip=$IPv6prefix::1" as-value output=user
  /tool fetch url="$FURL&hostname=ipv6.host1.foo.bar&myip=$IPv6prefix::1" as-value output=user
  /tool fetch url="$FURL&hostname=host2.foo.bar&myip=$IPv6prefix::2" as-value output=user

  # store new IPv6 address for later comparisment
  :set IPv6addr $actualIPv6
}


# reset forced DDNS update flag
:set $DDNSforce "NO"
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 12:48 pm

I'm not sure what would have changed in /too/fetch. But if you're not storing the result of fetch to variable, you should be able to use just "output=none" NOT "as-value output=user". Since the /tool/fetch default is "output=file", if you didn't specify an output before, you'd end up writing a file each time it ran.

What did the /tool fetch line have before your change?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 1:43 pm

Before investigate if is roueros problem or not, is better write script correctly...
Cleaned up version:

revised code

{
:local WAN4  "1U1-FTTH"
:local POOL6 "1U1-pool6"

:global DDNSforce
:global IPv4addr
:local actualIPv4 [/ip address get [find where interface="$WAN4"] address]
:set   actualIPv4 [:pick $actualIPv4 0 [:find $actualIPv4 "/" -1]]
:if (($DDNSforce = "YES") or ($actualIPv4 != $IPv4addr)) do= {
    :if ($DDNSforce = "YES") do= {
        :log info ("DDNS-check: WAN IPv4 forced DDNS update to $actualIPv4")
    } else={
        :log info ("DDNS-check: WAN IPv4 address changed from $IPv4addr to $actualIPv4")
    }
    :local FURL "https://dyn.dns.he.net/nic/update\3Fpas ... xx-xxx-xxx"
    /tool fetch url="$FURL&hostname=host1.foo.bar&myip=$actualIPv4" output=none
    /tool fetch url="$FURL&hostname=ipv4.host1.foo.bar&myip=$actualIPv4" output=none
    /tool fetch url="$FURL&hostname=host2.foo.bar&myip=$actualIPv4" output=none
    :set IPv4addr $actualIPv4
}

:global IPv6addr
:global IPv6prefix
:local actualIPv6 [/ipv6 address get [find where comment="$POOL6" and interface="LAN"] address]
:set   actualIPv6 [:pick $actualIPv6 0 [:find $actualIPv6 "/" -1]]
:if ($DDNSforce = "YES" or [:tostr $IPv6addr] != [:tostr $actualIPv6]) do= {
    :if ($DDNSforce = "YES") do= {
        :log info ("DDNS-check: WAN IPv6 forced DDNS update to $actualIPv6")
    } else={
        :log info ("DDNS-check: WAN IPv6 address changed from $IPv6addr to $actualIPv6")
    }
# *** unchecked part start ***
    :local pos [:find $actualIPv6 ":" -1]
    :set pos [:find $actualIPv6 ":" $pos]
    :set pos [:find $actualIPv6 ":" $pos]
    :set pos [:find $actualIPv6 ":" $pos]
    :set IPv6prefix [:pick $actualIPv6 0 $pos]
# *** unchecked part end ***
    :local FURL "https://dyn.dns.he.net/nic/update\3Fpas ... xx-xxx-xxx"
    /tool fetch url="$FURL&hostname=host1.foo.bar&myip=$IPv6prefix::1" output=none
    /tool fetch url="$FURL&hostname=ipv6.host1.foo.bar&myip=$IPv6prefix::1" output=none
    /tool fetch url="$FURL&hostname=host2.foo.bar&myip=$IPv6prefix::2" output=none
    :set IPv6addr $actualIPv6
}

:set DDNSforce "NO"
}

The unchecked part must be rewrited, with a cycle, because can produce wrong IPv6:
myip=2508:4e5e::cff::1
 
dksoft
Member Candidate
Member Candidate
Posts: 148
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 2:06 pm

Before investigate if is roueros problem or not, is better write script correctly...
Does not care. If you read about the problem, it appears above.
 
dksoft
Member Candidate
Member Candidate
Posts: 148
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 2:09 pm

What did the /tool fetch line have before your change?
/tool fetch keep-result=no mode=https url="$FURL&hostname=host.boo.bar&myip=$IPv4"
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 2:14 pm

Before investigate if is roueros problem or not, is better write script correctly...
Does not care. If you read about the problem, it appears above.
(Always care write the script correctly...)
Try my version if it works....
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 5:22 pm

What did the /tool fetch line have before your change?
/tool fetch keep-result=no mode=https url="$FURL&hostname=host.boo.bar&myip=$IPv4"
Well the difference between is "keep-result=no" vs "output=none". In theory... keep-result=no should have ignored the default output=file & do the same thing... At least in my reading of the docs.

Since multiple folks say this used to work, something did change here.
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 5:30 pm

please check
SUP-107205: dns-static CNAME not working.
 
dksoft
Member Candidate
Member Candidate
Posts: 148
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 5:41 pm

/tool fetch keep-result=no mode=https url="$FURL&hostname=host.boo.bar&myip=$IPv4"
Well the difference between is "keep-result=no" vs "output=none". In theory... keep-result=no should have ignored the default output=file & do the same thing... At least in my reading of the docs.

Since multiple folks say this used to work, something did change here.
Agree. I can downgrade to 7.7 and it works, upgrade back to 7.8b3 and it failes like others here say.
The difference is exactly:
/tool fetch keep-result=no mode=https url="$FURL&hostname=host1.foo.bar&myip=$IPv4"
vs
/tool fetch url="$FURL&hostname=host1.foo.bar&myip=$IPv4" as-value output=user

Fail means, it just aborts the script when run by the scheduler. It runs perfectly by /system script run. Also it runs multiple time via the scheduler when once run by hand. Then fails again.
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 5:48 pm

please check
SUP-107210: dns dynamic server random lost, happen again, last time on 7.6 or 7.7 beta/rc
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 6:07 pm

I think "output=none" is clearer, and theoretically avoids creation of the results array in memory from using "as-value output=user" (to then not use the array created).

I've never used the keep-result=no with HTTP and /tool/fetch. But in your v7.7 version, does the script with "keep-results=no" actually output a files with the HTTP results? e.g. default option is output=file, since I'm really not 100% on what keep-result=no is actually doing WRT to http.

keep-results more an FTP option AFAIK, and the output= was add later for HTTP if I recall.

Also it runs multiple time via the scheduler when once run by hand. Then fails again.
The permission context could be different between scheduler vs script is another thing that's possible.
 
dksoft
Member Candidate
Member Candidate
Posts: 148
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 6:16 pm

I think "output=none" is clearer, and theoretically avoids creation of the results array in memory from using "as-value output=user" (to then not use the array created).
We are getting nearer: I changed "as-value output=user" to "output=none" and it failed. E.g. the very first fetch aborted.
I change back to "as-value output=user" and it run through all 8 fetch commands and worked.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 6:30 pm

I guess you could confirm if your original code worked in 7.8beta2...
 
dksoft
Member Candidate
Member Candidate
Posts: 148
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 7:42 pm

I guess you could confirm if your original code worked in 7.8beta2...
Can't as I switched to 7.8b3 because of the DNS/NOERR fix from 7.7.
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: v7.8beta [testing] is released!

Wed Feb 08, 2023 8:19 pm

please check
SUP-107205: dns-static CNAME not working.
works here ...

command on shell is "dig orfcname.at" after setting the entry
statCnameRB1100v7.8b3.png
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: eworm and 20 guests