v7.9 [stable] is released!

Tue May 02, 2023 3:57 pm

RouterOS version 7.9 has been released in the "v7 stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.9 (2023-May-02 08:35):

*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) defconf - added CAPs mode script for wifiwave2 devices;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8 );
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) ovpn - improved system stability for Tile devices;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8 );
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - improved WPS connection speed;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8 );
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while a router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.

stathismes · Tue May 02, 2023 4:04 pm

Finally! May I ask, what has happened to SwOS and SwOS Lite? They seem to be left out of development for a long time.

pothi · Tue May 02, 2023 4:26 pm

Can't wait to test it on my LTE device.

@stathismes didn't you read the last line of the post?

Please keep this forum topic strictly related to this particular RouterOS release.

ErfanDL · Tue May 02, 2023 4:39 pm

Netwatch not working on RB2011UiAS-2HnD !!!

Larsa · Tue May 02, 2023 4:40 pm

I have to give a big thanks to the Mikrotik staff for managing information about all the ongoing updates in a very good way this time. I'm keeping my fingers crossed that MT also managed to catch all issues reported and the internal tests are of the same high quality. Thank you!

w0lt · Tue May 02, 2023 4:45 pm

Still can't copy a wireless registration to the access list on a wifiwave2 device like a hAP_AX_3.

Tue May 02, 2023 4:46 pm

It is likely due to:
*) netwatch - added "startup-delay" setting (CLI only);
"startup-delay (Default: 5m)
Time to wait until starting Netwatch probe after system startup"
It seems to be working for us. Please let us know, if it's a different issue.

Larsa · Tue May 02, 2023 5:21 pm

@ErfanDL, "startup-delay" is still missing in WinBox (at least in v3.37) so you have to use the cli (ie /tool/netwatch) to change the time.

dutn · Tue May 02, 2023 5:41 pm

Netwatch not working on RB2011UiAS-2HnD !!!

Tested with: RB2011UiAS on v7.9. Netwatch is running fine (after the 5 min delay)

leonardogyn · Tue May 02, 2023 5:54 pm

Being a person that uses the webfig much more than winbox, this change:
.

*) webfig - added inline comments;

.
is plain terrible. I'd love being able to at least choose the old behavior and having the comments on a different line instead of inline. Please consider having this as an option and not fixed inline. For those who don't have very big screens/resolutions, this is a TERRIBLE change.

ErfanDL · Tue May 02, 2023 5:59 pm

Netwatch not working on RB2011UiAS-2HnD !!!
Tested with: RB2011UiAS on v7.9. Netwatch is running fine (after the 5 min delay)

yeah it's working after rebooting.

aoakeley · Tue May 02, 2023 6:23 pm

Being a person that uses the webfig much more than winbox, this change:

Why? Genuinely curious as to why anyone would use WebFig over Winbox if they have the option to use Winbox.

Guscht · Tue May 02, 2023 6:24 pm

simply works :)

Screenshot 2023-05-02 172026.jpg

RohanAJoshi · Tue May 02, 2023 6:42 pm

Does anyone confirms that this Fixes Memory leak reboots for ccr2004 and same model in 2xxx family ?

EvilBart · Tue May 02, 2023 6:43 pm

I tried to do bgp vpn in dedicated vrf on 7.8 and 7.9.
Does not work.
it is not advertising.
if I move everything to main it works.

is there a way to make it work in vrf?

all other stuff ldp, ospf etc works fine in vrf except bgp vpn.

/routing bgp connection
add address-families=vpnv4 as=65000 disabled=no local.address=10.10.1.4 \
    .role=ibgp name=to_R3 remote.address=10.10.1.5/32 routing-table=mpls \
    templates=default vrf=mpls
    
/routing bgp vpn
add disabled=no export.route-targets=65000:1 import.route-targets=65000:1 \
    label-allocation-policy=per-vrf name=bgp-mpls-vpn-1 route-distinguisher=\
    65000:1 vrf=cust1

/routing/bgp/advertisements/print
... empty

If I move everything back to main (ospf, mpls ldp, bgp), remove dedicated vrf "mpls" then it works fine ....
Any hint ?

stich86 · Tue May 02, 2023 7:01 pm

upgraded from 7.6 (x86), looks like "PPPoE Scan" is broken

Someone told me that is broken from 7.8

infabo · Tue May 02, 2023 7:15 pm

Genuinely curious as to why anyone would use WebFig over Winbox if they have the option to use Winbox.

Personal preference? I prefer CLI over Winbox/webfig.

Joni · Tue May 02, 2023 7:29 pm

upgraded from 7.6 (x86), looks like "PPPoE Scan" is broken

Someone told me that is broken from 7.8

Someone told me it works on my computer.

crowderjd · Tue May 02, 2023 7:35 pm

Still having issues with the 5Ghz radio on my US locked hAP ax2's. The 5Ghz radio is enabled, but I am not getting any signal from it. 2.4Ghz works fine. I've been having this issue since 7.7. I guess I'll go back to 7.6.

mrigi · Tue May 02, 2023 7:37 pm

dhcpv4-server - release lease if "check-status" reveals no conflict;

Can someone elaborate what this line fixes please?
I am getting "offering lease without success" issue from time to time thought it might be related somehow.

leonardogyn · Tue May 02, 2023 7:41 pm

Why? Genuinely curious as to why anyone would use WebFig over Winbox if they have the option to use Winbox.

.
Personal preference, easier to bookmark accesses on my browser, customizable using skins ... and last but not least, why not?? :) It's an option and I prefer that one.

Rox169 · Tue May 02, 2023 7:45 pm

MT good work, I like proper testing before releasing stable version. Cant wait for ROS 9.10 I hope there will be fix for SMB v1 to work with Hikvision cameras and impovements for 60 Ghz :)

ToTheCLI · Tue May 02, 2023 8:59 pm

upgraded from 7.6 (x86), looks like "PPPoE Scan" is broken

Someone told me that is broken from 7.8
Someone told me it works on my computer.

Does that someone happen to be you!!!
On a less sarcastic note what router are you using?

Traveller · Tue May 02, 2023 9:20 pm

*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8 );

hAP ac^2 item "Sector writes" is present. But the item "Bad Blocks" is missing

PaJaBuzz · Tue May 02, 2023 10:12 pm

*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices

Considering I complained about this on the CRS310 very recently, I was pretty happy to see this implemented already... sadly it doesn't appear to work, at least on this particular model.

Any value that triggers the fan to be on just makes it full on, there is no graduation to the RPM. So if I set the min speed to be 1% I get the same behaviour as if I set it to 30%, or 100%, regardless of changes to the "Target Temp".

Setting it to 0 is the only way to get the fan to switch off, then the behaviour goes back to the way it used to, but at least it will come on a little earlier now.

liviu2004 · Tue May 02, 2023 10:27 pm

Does the hardware have pwm speed control of some sorts? Otherwise you can wait until year 2500 for software solution.

PaJaBuzz · Tue May 02, 2023 10:29 pm

Does the hardware has pwm speed control of some sorts? Otherwise you can wait until year 2500 for software solution.

I don't know specifically, but it comes with a 4 pin fan, and has a 4 pin header.

liviu2004 · Tue May 02, 2023 10:40 pm

That tells not much on pcb setup. I can put 4 pins anywhere and connect only 2. You can have a detailed look to the pcb.

PaJaBuzz · Tue May 02, 2023 11:17 pm

That tells not much on pcb setup. I can put 4 pins anywhere and connect only 2. You can have a detailed look to the pcb.

I can see there are traces on pin 4 (PWM) but I can't trace them very far and I don't think the PCB is double sided. Doesn't look promising.

The middle circle is where the trace appears to end from the header. There is an unconnected pad here.
If the middle pad was connected, it would be connected to the circled pin on the ST IC. This is also parallel with the left circled pad, which is also not connected.
Hitting the edges of my capability now though.

BrianHiggins · Tue May 02, 2023 11:49 pm

several bugs found with regards to WebFig & Skins and Branding maker. Created ticket SUP-115140

In summary:
-Branding maker upload of skins file does not appear on device, uploading of the same file via the custom files does work correctly.
-Winbox still fails to load skins without sensitive permission, and still crashes with some skins.
-WebFig does not display custom logo (worked in v7.7, broken in v7.8, previously reported bug as SUP-109443). Downgrading back to v7.7 the logo reappears and disappears again once upgraded to v7.8 or v7.9

Voklav · Wed May 03, 2023 12:55 am

Ikev2 IPsec VPN with certificate is broken.
ipsec, error got fatal error: AUTHENTICATION_FAILED
More details for setup tomorrow.

edit: my bad:
subject certificate invalid (valid from Apr 28 00:45:11 2020 to Apr 28 00:45:11 2023)

sirbryan · Wed May 03, 2023 1:11 am

Being a person that uses the webfig much more than winbox, this change:

Why? Genuinely curious as to why anyone would use WebFig over Winbox if they have the option to use Winbox.

I use the web interface from multiple Macs and my iPhone all day long. Winbox has its place, but can be finicky at times where the web browser from most any device "just works."

nichky · Wed May 03, 2023 4:08 am

vpn4 works!!!

mwaaa MT

brg3466 · Wed May 03, 2023 4:15 am

Somehow, I never succeed in upgrading my modem firmware to R11eL_v05.04.193841 on my LtAP mini LTE-US（R11e-LTE-US）

saimens · Wed May 03, 2023 4:32 am

Hi all

Can you confirm that the "CTS SFP-31W2A(SM-10)-DR" is still broken in "hEX S (MMIPS)"?
see viewtopic.php?t=193986#p987210

Is there any hope that this will be fixed?

Is there a list of SFP modules that are supported? Can you recommend a cheap replacement Module for mine?

Thanks

Simon

Wed May 03, 2023 6:48 am

Not so smooth on my RB4011iGS+ with ZeroTier package installed before upgrading:

- Upgraded ROS from 7.8 to 7.9 [OK]
- Upgraded RouterBoot from 7.8 to 7.9 [OK]
- Reboot after "system,info,critical Firmware upgraded successfully, please reboot for changes to take effect!" message [Locked during reboot]

Had to manually restart by power-cycle.

Working fine on the following hardware:
- RB952Ui-5ac2nD (hAP ac lite)
- RBD52G-5HacD2HnD (hAP ac^2)
- RB5009UG+S+
- RB4011iGS+ (after power-cycle)

mevara · Wed May 03, 2023 7:25 am

SUP-111669 still present:
On the 1100x4 IKEv2 client peer does not connect to the server after upgrading from 7.7. In order for the connection to be established, I need to disable and re-enable the peer

Kaldek · Wed May 03, 2023 8:46 am

Being a person that uses the webfig much more than winbox
Why? Genuinely curious as to why anyone would use WebFig over Winbox if they have the option to use Winbox.

It's way off topic for this thread of course, but I can't stand Winbox. The windowed and tabular format for sub-config items drives me mad. Don't know why, it just does.

Kaldek · Wed May 03, 2023 8:54 am

Anybody know if the DHCP server on 7.9 stable is borking stuff like Google Nest Doorbell DHCP requests?

rb9999 · Wed May 03, 2023 10:45 am

So, I have an issue establishing l2 ovpn via TCP on rb4011 with 7.9 and rb443 6.49.6 on the other side. TCP conenction establishes and then drops.. It keeps doing that for hours. I had to downgrade 7.9 back to 7.7 and now it works.

lordimac · Wed May 03, 2023 10:52 am

Getting many packet loss to router after upgrading on CR2004-16G-2S+. Downgrading to 7.8 fixed it.

pe1chl · Wed May 03, 2023 11:15 am

When looking at the "/ip dns cache" it appears that in the Name column, every instance of .com is replaced with .cOm
This is not happening in the Data column (e.g. for a CNAME to a .com domain)
Why is that?

Edit: nevermind, apparently Cloudflare DNS is doing that...

rextended · Wed May 03, 2023 11:43 am

Anybody know if the DHCP server on 7.9 stable is borking stuff like Google Nest Doorbell DHCP requests?

Try yourself.

marcodmb · Wed May 03, 2023 12:06 pm

upgraded from 7.6 (x86), looks like "PPPoE Scan" is broken

Someone told me that is broken from 7.8

Me too... "PPPoE Scan" feature broken (tested with RouterOS 7.9 on 4011 and ChateauLTE12)

ech1965 · Wed May 03, 2023 2:09 pm

Being a person that uses the webfig much more than winbox, this change:

Why? Genuinely curious as to why anyone would use WebFig over Winbox if they have the option to use Winbox.

Winbox needs to be installed, WebFig is available using pre-installed browser. So why even bother with Winbox ?

erlinden · Wed May 03, 2023 2:16 pm

Winbox needs to be installed, WebFig is available using pre-installed browser. So why even bother with Winbox ?

Because it can be used with MAC addresses as well as via IP. Well...at least for me this is one of the reasons for using Winbox.

saimens · Wed May 03, 2023 2:55 pm

Can anyone confirm that "TP-Link TL-SM321B" SFP converter is supported in v7.9?

Thank you!

Simon

BrianHiggins · Wed May 03, 2023 4:30 pm

Why? Genuinely curious as to why anyone would use WebFig over Winbox if they have the option to use Winbox.
Winbox needs to be installed, WebFig is available using pre-installed browser. So why even bother with Winbox ?

There's no installer, it's just a stand alone executable you can run from anywhere, but to each their own, nothing wrong with using webfig, though I do agree that Winbox is generally preferred and more versatile, they will both get the job done.

fl4co · Wed May 03, 2023 4:37 pm

upgraded from 7.6 (x86), looks like "PPPoE Scan" is broken

Someone told me that is broken from 7.8
Me too... "PPPoE Scan" feature broken (tested with RouterOS 7.9 on 4011 and ChateauLTE12)

Yes, it’s still broken.

RohanAJoshi · Wed May 03, 2023 4:50 pm

Getting many packet loss to router after upgrading on CR2004-16G-2S+. Downgrading to 7.8 fixed it.

are you experiencing memory leak on v7.8 ?
I am going to update ccr2004 to v7.9 only because of memory leak issue.

flapviv · Wed May 03, 2023 4:56 pm

Getting many packet loss to router after upgrading on CR2004-16G-2S+. Downgrading to 7.8 fixed it.
are you experiencing memory leak on v7.8 ?
I am going to update ccr2004 to v7.9 only because of memory leak issue.

:-(
Do you suspect any service reponsible of this memory leak?

ufm · Wed May 03, 2023 5:13 pm

RB4011iGS+5HacQ2HnD
After upgrade - lost packets (3%-7%).
After downgrade to 7.8 - the problem is gone

RohanAJoshi · Wed May 03, 2023 5:29 pm

are you experiencing memory leak on v7.8 ?
I am going to update ccr2004 to v7.9 only because of memory leak issue.
:-(
Do you suspect any service reponsible of this memory leak?

no, tried disabling all services one by one.
but still memory leak happening

erlinden · Wed May 03, 2023 5:36 pm

Where do you find this information, @ufm?
Or is this a ping test (and are you referring to packet loss)?

Kindis · Wed May 03, 2023 5:41 pm

Updated 3 cAP AX running without CapsMAN but with VLAN. Killed the dataflow for all VLAN tagged networks. Had to remove all the wireless interfaces in the bridge so the dynamic interfaces could be created for the VLAN to start running again (tagged). Apart from this no issues.
With bridge ports now assigning VLAN properly I will try going to CapsMAN on Wifiwave 2 and see how that goes.

floeff · Wed May 03, 2023 5:47 pm

Very simple setup here, PPPoE dialup, no production VLAN yet - updates on 4x RBwAPG-5HacD2HnD, 7x RBwAPG-5HacT2HnD, (all RBwAP with CaPSMAN), 3x CRS328-24P-4S+, 1x CRS226-24G-2S+ and 1x CRS112-8P-4S went well, no issues so far.

Reluctant to update the CCR1009-8G-1S-1S+ yet due do the issues with DHCP and packet loss I hear, still on 7.6 with that (as previous versions seem to have OpenVPN issues).

Ed25519 host keys work well it seems.

ufm · Wed May 03, 2023 5:57 pm

Where do you find this information, @ufm?
Or is this a ping test (and are you referring to packet loss)?

Pingflood test
And smokeping monitoring.

mkx · Wed May 03, 2023 6:07 pm

Where do you find this information, @ufm?
Or is this a ping test (and are you referring to packet loss)?
Pingflood test
And smokeping monitoring.

Pinging router's IP address ... or through router another device? Does it help if you increase timeout?

pe1chl · Wed May 03, 2023 6:24 pm

Packet loss is 0% on my RB4011. You will need to provide more details.

ivanfm · Wed May 03, 2023 6:57 pm

Being a person that uses the webfig much more than winbox, this change:
.
*) webfig - added inline comments;
.
is plain terrible. I'd love being able to at least choose the old behavior and having the comments on a different line instead of inline. Please consider having this as an option and not fixed inline. For those who don't have very big screens/resolutions, this is a TERRIBLE change.

I agree, previous format was better to read comments

urknall · Wed May 03, 2023 7:25 pm

ovpn still unstable like in 7.8, so downgrade to 7.7 again...

pe1chl · Wed May 03, 2023 7:50 pm

Being a person that uses the webfig much more than winbox, this change:
.
*) webfig - added inline comments;
.
is plain terrible. I'd love being able to at least choose the old behavior and having the comments on a different line instead of inline. Please consider having this as an option and not fixed inline. For those who don't have very big screens/resolutions, this is a TERRIBLE change.

I quite like it! The previous form of comments on a separated line wasted way more screen space. And the default column width is quite narrow, but you can still decrease it.
Maybe it would have been better to put the comment in the last column as it is (by default) on winbox, but overall it is an improvement.

sirbryan · Wed May 03, 2023 8:05 pm

I'd love being able to at least choose the old behavior and having the comments on a different line instead of inline.
The previous form of comments on a separated line wasted way more screen space. And the default column width is quite narrow, but you can still decrease it.

If your comments are short, like 10-30 characters, this might be fine. But I rely heavily on the comments in my routing filters and DHCP pools and lease tables, with explanations and/or snippets of filter "code" on the former, and customer VLAN info or hostnames (or reasons for enabling/disabling leases) on the latter. Other routers might have more verbose comments on interfaces or settings I commonly enable/disable in different scenarios.

Having them at the end would be worse, when so many of us are used to seeing them on the right (for RTL languages) above the interface, address, or other element they refer to.

On mobile devices, where the screen real-estate is already narrow, the problem is aggravated.

Paternot · Wed May 03, 2023 9:00 pm

It's way off topic for this thread of course, but I can't stand Winbox. The windowed and tabular format for sub-config items drives me mad. Don't know why, it just does.

I hear you - it's the same for me. That thing get me crawling up the walls. No idea why, it just does.

madgrok · Wed May 03, 2023 10:12 pm

ovpn still unstable like in 7.8, so downgrade to 7.7 again...

+

nannou9 · Wed May 03, 2023 10:26 pm

In case if anybody has misbehaving rb4011 using vlans, please make sure you have MSTP enabled on bridge.
Interestingly I had RSTP used previously and all was working fine on 7.7 and older.
Took me some reading to find it.

marcodmb · Wed May 03, 2023 11:39 pm

ovpn still unstable like in 7.8, so downgrade to 7.7 again...

It's the same here... OpenVPN client randomly restarts in the 24h with >=7.8. 7.7 it's ok (4011, CCR1009, MapLite, ... and others).

Halfeez92 · Thu May 04, 2023 1:06 am

I am getting error "can't verify peer's certificate from store" again on the ipsec setup. I tried reupload the root CA again but no avail.

dioeyandika · Thu May 04, 2023 2:18 am

In case if anybody has misbehaving rb4011 using vlans, please make sure you have MSTP enabled on bridge.
Interestingly I had RSTP used previously and all was working fine on 7.7 and older.
Took me some reading to find it.

i have similiar issue with RB750Gr3 it have only 1 vlan in bridge and RSTP is enable,and cisco 2960 switch after upgrade to 7.9 my internet connection become really slow, after disable the RSTP to none in the bridge my internet become normal again, i decided to enable RSTP in cisco 2960 switch it seem the problem solved for now

TomSF · Thu May 04, 2023 2:57 am

ROS 7.9 seems to have broken IPv6 for at least tile on a CCR1009-7G-1C. With 7.9 there are no connections to global WAN addresses. Trying to ping one says there is no route. I downgraded to 7.8 and immediately had lots of IPv6 global connections. I reinstalled 7.9 and again could not get any global connections. I have downgraded to 7.9 for now.

killersoft · Thu May 04, 2023 4:15 am

Why? Genuinely curious as to why anyone would use WebFig over Winbox if they have the option to use Winbox.
Winbox needs to be installed, WebFig is available using pre-installed browser. So why even bother with Winbox ?

Winbox is fantastic in "Windows world", apple / linux... wine I guess, but its fast, reliable( usually ), and networkable protocol(if you use IP) especially if you using units that don't expose or have IP addresses on the box, as you can get to the box/VM via MAC-ADDRESS only ( FYI. I manage 100+ MT devices with ), and the use of ROMON too is a fantastic way of doing router config when you dont have direct layer-3 to a downstream device ( Eg. CRS series gear ). So yes, I'll keep winbox going...

ufm · Thu May 04, 2023 4:22 am

Pingflood test
And smokeping monitoring.
Pinging router's IP address ... or through router another device? Does it help if you increase timeout?

Ping through router. For example

DeGlucker · Thu May 04, 2023 10:53 am

x86 + Atheros AR9380 (AR5BXB112): WiFi is still broken. Forced to rollback to ROS 7.6 again. When finally it will be fixed ?

Frederick88 · Thu May 04, 2023 12:21 pm

Any more info on the new radio/reg-info console command?

/interface/wifiwave2/radio/reg-info country=Greenland number=???????????

serkamil · Thu May 04, 2023 12:59 pm

Dear All,

I'm really don't know if I do something wrong, or is still problem with containers on ROS7.9.

I try to pull jc21/nginx-proxy-manager on CHR, without success.

/interface bridge add name=dockers
/interface veth add address=172.17.0.2/24 gateway=172.17.0.1 name=veth2
/interface bridge port add bridge=dockers interface=veth2
/container mounts add dst=/data name=npm_data src=/slot1/docker/npm/data
/container mounts add dst=/etc/letsencrypt name=npm_etc_letsencrypt src=/slot1/docker/npm/etc/letsencrypt
/container add interface=veth2 mounts=npm_data,npm_etc_letsencrypt root-dir=/slot1/docker/npm/root-dir/ remote-image=jc21/nginx-proxy-manager:latest

I guess that it is problem with OCI, but on changelog is still information that it is improoved.

Can enybody check this image on x86/x86_64/CHR?

Thu May 04, 2023 1:07 pm

Any more info on the new radio/reg-info console command?

/interface/wifiwave2/radio/reg-info country=Greenland number=???????????

.

Works but as indicated only on AC interfaces (e.g. AC3 using wifiwave2)

*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);

[xyz@MikroTik] > interface/wifiwave2/radio/reg-info country=Belgium number=0
ranges: 2402-2482/20
5170-5250/23/indoor
5250-5330/23/indoor/dfs
5490-5710/30/dfs

usx · Thu May 04, 2023 1:26 pm

Following works ok:

RBmAP2n ("mAP 2n")
RBD25G-5HPacQD2HPnD ("Audience")
2011UiAS-2HnD
hAP RB951Ui-2nD ("hAP")
RB4011iGS
hEX 750G r3 ("hEX")

stich86 · Thu May 04, 2023 1:27 pm

upgraded from 7.6 (x86), looks like "PPPoE Scan" is broken

Someone told me that is broken from 7.8
Someone told me it works on my computer.

doesn't work on my RB and also on other two one... on 7.6 works without any problem

jimint · Thu May 04, 2023 1:39 pm

Packet loss is 0% on my RB4011. You will need to provide more details.

https://ibb.co/rt25wKR

pe1chl · Thu May 04, 2023 2:03 pm

"rx drop" is not packet loss.

jimint · Thu May 04, 2023 2:06 pm

"rx drop" is not packet loss.

And where is the packet loss in winbox?
I make a ping www.google.com packet-loss=0%

rextended · Thu May 04, 2023 2:10 pm

"rx drop" is not packet loss.
And where is the packet loss in winbox?

Can you explain to me how do you count lost packets if they never arrived?
Only the higher-level protocols that count the packets they expect can give any idea of packet-loss.
There are no "expected" packets in transport.

Ping is a service, use ICMP protocol, not a transport, and can count expected not-replied pings.

jimint · Thu May 04, 2023 2:15 pm

moderation

Could you give me an example with a transport?

rextended · Thu May 04, 2023 2:20 pm

I just wrote that is not there, did you read it?

The courier who brings the parcels doesn't know if he has lost one or it hasn't been delivered to him on departure,
unless SOMETHING ELSE of a higher level (the waybill) tells him what is missing.

In fact, the truck itself knows nothing about the packages it carries,
but the transport note, which USES the truck to be transported, has the list instead.
But the truck cannot read the delivery note, and only at the end, when the load has arrived,
can someone who reads the delivery note, also transported by the truck, be able to determine if any parcels are missing,
but by now the transport has already taken place and ended...

cyayon · Thu May 04, 2023 4:03 pm

Hi,

Some users have bad performances with ipv4 and enabled bridge filters actives.
In previous versions (7.7 and 7.8) there was no issue. Since 7.9 (stable) ipv4 bandwith is lower for about 35%.

Anyone else ?

pe1chl · Thu May 04, 2023 4:25 pm

"rx drop" is not packet loss.
And where is the packet loss in winbox?
I make a ping www.google.com packet-loss=0%

So what is your problem?
I see the same thing. Packet loss is 0% on ping from either router or host behind it.
So my conclusion is: no problem.
But apparently some people believe they have a problem. What is it? You see "rx drop" and assume that is a problem?

rextended · Thu May 04, 2023 4:26 pm

@pe1chl
Because the user @jimint probably don't understand the difference between data transport and the services transported by transport....

OndrejHolas · Thu May 04, 2023 4:28 pm

Some users have bad performances with ipv4 and enabled bridge filters actives.
In previous versions (7.7 and 7.8) there was no issue. Since 7.9 (stable) ipv4 bandwith is lower for about 35%.

It seems that something in bridging code has indeed been changed - in my case the wired bridge ports on RB952 (CPU mipsbe, switch chip 8227) with hw=yes setting do not communicate (except DHCP) if they turn up AFTER another port with hw=no is already up. If the port with hw=yes turns up as the first one in the bridge, everything works as configured. I worked around this inconsistent behavior by setting hw=no on all wired bridge ports and will investigate it in a detail when I find some spare time.

Ondrej

Tporlapt · Thu May 04, 2023 4:59 pm

I'm having issues with the switch ports on RB750Gr3. Very strange behaviour. Sometimes no packets Tx or Rx shown under "interfaces" (but the port is active and transmitting packets). Shows no link active (but it is...). Seems to be the last port plugged in. E.g., by unplugging the "bad" port and one "good" port, then plugging back in the bad port first, the "good" port now becomes bad!

And the log shows link up and link down all the time, even though... it isn't. And sometimes, all the switch ports go inactive. Setup is basically stock. Reverting to 7.8 fixes all issues. Going back to 7.9 brings them back.

Never had this kind of issue before. Anyone else, or am I blessed or have done something daft?

nmt1900 · Thu May 04, 2023 5:10 pm

Winbox needs to be installed, WebFig is available using pre-installed browser. So why even bother with Winbox ?
Winbox is fantastic in "Windows world", apple / linux... wine I guess, but its fast, reliable( usually ), and networkable protocol(if you use IP) especially if you using units that don't expose or have IP addresses on the box, as you can get to the box/VM via MAC-ADDRESS only ( FYI. I manage 100+ MT devices with ), and the use of ROMON too is a fantastic way of doing router config when you dont have direct layer-3 to a downstream device ( Eg. CRS series gear ). So yes, I'll keep winbox going...

It is just as fantastic on any other platform where wine can be used as MAC-address and ROMON access works on there as well...

Thu May 04, 2023 5:12 pm

I'm having issues with the switch ports on RB750Gr3. Very strange behaviour. Sometimes no packets Tx or Rx shown under "interfaces" (but the port is active and transmitting packets). Shows no link active (but it is...). Seems to be the last port plugged in. E.g., by unplugging the "bad" port and one "good" port, then plugging back in the bad port first, the "good" port now becomes bad!

And the log shows link up and link down all the time, even though... it isn't. And sometimes, all the switch ports go inactive. Setup is basically stock. Reverting to 7.8 fixes all issues. Going back to 7.9 brings them back.

...

Checked on my Hex, can't confirm (pretty basic config as well).
I switched it on this morning around 7 AM and up til now (16h11), no messages in log about ports being toggled.

Best to create supout.rif and send it to support.

MTL7 · Thu May 04, 2023 5:23 pm

Hardware: RB5009
Issue: Container import problem in v7.9. After upgraded firmware v7.9 to RB5009, I tried to update the existing working container for Adguardhome to the latest version as well (adguard/adguardhome:latest). The following error was found in the log.
Registry in use : https://registry-1.docker.io
Solution: viewtopic.php?t=192810#p981824

... importing remote image: adguard/adguardhome, tag: latest
... was unable to import, container d9f3b14b-efe0-4788-90ee-edeb024f08fb

Tporlapt · Thu May 04, 2023 5:51 pm

I'm having issues with the switch ports on RB750Gr3....
Checked on my Hex, can't confirm (pretty basic config as well).
I switched it on this morning around 7 AM and up til now (16h11), no messages in log about ports being toggled.

Best to create supout.rif and send it to support.

Thanks for checking. Mine ran okay for around 10 hours or so. I also noted something in the logs about configuring switch ports for hw offload (not sure if I have seen that before?) after upgrading to 7.9. System is performing normally now I have "downgraded" to 7.8. I am reluctant to revert to 7.9 to get a support.rif or dig deeper for fear of inducing user anger (I have teenagers...).

As I don't need any of the fixes, I will wait for 7.10 perhaps. Logging this here in case others see the same thing.

rpingar · Thu May 04, 2023 5:55 pm

still present a memory leak about rotuing bgp when:
- the memory usage is above 5GB (6M routes with 250 sessions running for some days)
- there is a number of sessions flapped

this pushes something in loop, with 3 or 4 cores at 100% and bgp parameters/configuration not accessible via winbox or cli, and the memory usage grows costantly.
support #[SUP-110510]

Problem seems no more present in x86 (it was up to 7.8).

regards

osc86 · Thu May 04, 2023 6:17 pm

Since I upgraded to 7.9 (from 7.9rc2) my Homepod seems to have connection issues. I'm getting "The Home hub is not responding / The Home hub is now responding" notifications several times a day.
Wifi controller shows an uptime of 1d+ for this device without an increased rate in retransmissions in comparison to the last few days, so I'd rule this out.
Nothing else was changed, may be related to the packet loss issue, a few people have reported. I'm still investigating, I'll update this post if I have found the cause.

Edit: In the connection tracking table, I only saw connections with state 'syn received' for this device. To be sure Apple didn't mess up the homepod with one of it's auto installing updates, I fully reset it. Now there are only 'established' connections like it should be. I hope this fixed my issue. Still strange it occurred right after the ros upgrade..

TomSF · Thu May 04, 2023 6:33 pm

Since I upgraded to 7.9 (from 7.9rc2) my Homepod seems to have connection issues. I'm getting "The Home hub is not responding / The Home hub is now responding" notifications several times a day.
Wifi controller shows an uptime of 1d+ for this device without an increased rate in retransmissions in comparison to the last few days, so I'd rule this out.
Nothing else was changed, may be related to the packet loss issue, a few people have reported. I'm still investigating, I'll update this post if I have found the cause.

Assuming you are using IPv6, take a look at the IPv6 firewall connections. Are there any connections to global IPv6 addresses? As I reported earlier, IPv6 does not work for me with V7.9.

osc86 · Thu May 04, 2023 6:36 pm

yes, I have fully deployed IPv6, I'll take a look, thanks.

pe1chl · Thu May 04, 2023 6:50 pm

IPv6 works fine for me on version 7.9

ksteink · Thu May 04, 2023 6:53 pm

I have updated a bunch of devices from 7.7 to 7.9 (Sorry 7.8 but I didn't like you much :))

- 2 x RB5009
- 3 x RB4011
- 6 x CRS326-24G
- 1 x CRS328-24P
- 1 x RB3011
- 8 x hAP AC2
- 6 x hEX S
- 2 x RB450Gx4

All upgraded without issues and running stable after couple days.

TomSF · Thu May 04, 2023 7:11 pm

IPv6 works fine for me on version 7.9

Are you using stateful or slaac? I am using slaac. The dhcpv6 client asks for and gets a prefix for ND. I add an address from the pool for the router which creates a route. This works fine with 7.8 but not 7.9. I will dig into it later but was curious what is working for you.

Hejsan · Thu May 04, 2023 7:41 pm

Upgraded from 7.8... No issues so far

2x hAP AC
1x RB1100AHx4
2x RB2011-UiAS-iN
1x RB3011-RM
2x RB951G-2HnD
1x LtAP Mini LTE

pe1chl · Thu May 04, 2023 9:58 pm

IPv6 works fine for me on version 7.9
Are you using stateful or slaac? I am using slaac. The dhcpv6 client asks for and gets a prefix for ND. I add an address from the pool for the router which creates a route. This works fine with 7.8 but not 7.9. I will dig into it later but was curious what is working for you.

I am using DHCPv6 PD client over PPPoE to the ISP, obtain a /48 pool from the provider, and assign that to local clients using SLAAC.
I have been doing that forever and it works, also in 7.9.

The only issue I have is (as mentioned before) that dynamic VLAN assignment to Wireless connections has a bug. It does not pass multicast for the assigned VLAN to the client, hence no SLAAC and no IPv6 on dynamically assigned VLAN.
But I think that issue has started earlier than 7.9.

stathismes · Thu May 04, 2023 10:55 pm

@stathismes didn't you read the last line of the post?

Please keep this forum topic strictly related to this particular RouterOS release.

Sorry I didn't :)

BTW 7.9 works fantastically on my 4011's.

TomSF · Thu May 04, 2023 11:40 pm

Are you using stateful or slaac? I am using slaac. The dhcpv6 client asks for and gets a prefix for ND. I add an address from the pool for the router which creates a route. This works fine with 7.8 but not 7.9. I will dig into it later but was curious what is working for you.
I am using DHCPv6 PD client over PPPoE to the ISP, obtain a /48 pool from the provider, and assign that to local clients using SLAAC.
I have been doing that forever and it works, also in 7.9.

The only issue I have is (as mentioned before) that dynamic VLAN assignment to Wireless connections has a bug. It does not pass multicast for the assigned VLAN to the client, hence no SLAAC and no IPv6 on dynamically assigned VLAN.
But I think that issue has started earlier than 7.9.

I got IPv6 working but I am not sure why things worked in 7.8 and earlier releases, but I had to make a change to get it working in 7.9.

ether1 is my WAN interface. I only had ND on my LAN bridge, not ether1. When I enabled ND on ether1, I got IPv6 global connections. When I disabled it on ether1, I lost all global connections. I now have ND set to advertise on my LAN bridge and not advertise on ether1. With the ND change, the system now automatically adds an address from the pool for ether1. Also, it now adds a route with the gateway address of the <upstream router link local address>%ether1 whereas I didn't have a route before I made the change. With 7.8 and earlier versions, I got an invalid address automatically added with the address of DHCPv6 server. I now get a valid, but unreachable and inactive, address for the DHCPv6 server.

nexusds · Thu May 04, 2023 11:45 pm

Also showing dropped packets making it unusable on RB4011iGS+

In my case, it is using SFP, I see other poster was Ether2.. so some issue with some versions of the RB4011

pe1chl · Fri May 05, 2023 1:16 am

I got IPv6 working but I am not sure why things worked in 7.8 and earlier releases, but I had to make a change to get it working in 7.9.

Most likely the config is wrong and it happened to work.
Please start a new topic with you export included. Not useful to discuss within this release topic.

pe1chl · Fri May 05, 2023 1:18 am

Also showing dropped packets making it unusable on RB4011iGS+

You are also thinking that "rx drop" indicates a problem?

rextended · Fri May 05, 2023 1:30 am

@pe1chl
Because the user @jimint some users probably don't understand the difference between data transport and the services transported by transport....

Maggiore81 · Fri May 05, 2023 6:48 am

I have upgraded my routers from 7.7 to 7.9 everything is running OK.
The issue with L3-HW is still not resolved. The ticket is open since january.
We wait...

I have noticed that on the 4011 the CPU is now set to auto and its speed is dynamic. Maybe to reduce heat?

Fri May 05, 2023 7:29 am

I try to pull jc21/nginx-proxy-manager on CHR

CHR implies a hypervisor, so why are you using containers? Put this on a VM out on the host. I see no reason to confine this to RouterOS's emaciated "container" feature.

Don't tell me it's because of efficiency. This 600 meg container is an absolute pig. They've got at least four different programming language runtimes in there (Node, Python, Lua, and C++) including development headers! 🤮

If the argument is because you want the proxy to be inside the CHR's main bridge, big-boy hypervisors let you do that out at that level, forcing packets to go through CHR before they can appear at this nginx-proxy VM's virtual Ethernet interface.

nexusds · Fri May 05, 2023 8:22 am

Also showing dropped packets making it unusable on RB4011iGS+
You are also thinking that "rx drop" indicates a problem?

No, actually dropped packets and very slow/dropping speeds (nothing more than 100-200kbps).. took a lot of playing around and rebuilding to discover that 7.9 package stopped XS+2733LC15D from negotiating at 10G.. setting to 1G for now will work under 7.9 or back the software to 7.8 and seems to use 10G without issue again.

Kaldek · Fri May 05, 2023 9:02 am

Anybody know if the DHCP server on 7.9 stable is borking stuff like Google Nest Doorbell DHCP requests?

I've confirmed that DHCP is working for all my devices on 7.9 stable. This includes the Google Nest Doorbell.

dibatech · Fri May 05, 2023 10:52 am

X509 certificate import still not working. (SUP-114596 logged 26/Apr/23 11:01 AM)
Worked up until 7.6.
7.9 still not functioning.

pe1chl · Fri May 05, 2023 10:57 am

@pe1chl
Because the user @jimint some users probably don't understand the difference between data transport and the services transported by transport....

Sorry but I lost track of that discussion due to excessive quote stripping (probably mandated by a dictator moderator).
It looks like it is time for another complaint...

hashbang · Fri May 05, 2023 12:30 pm

I tried upgrading CRS 317 from 7.6 to 7.9. It failed lost the switch. After connecting with console. Switch was up but os version was old. Resetting the switch brought back the switch. The reconfigured it with older versihn 7.6
ty

mkx · Fri May 05, 2023 12:33 pm

Any more info on the new radio/reg-info console command?

/interface/wifiwave2/radio/reg-info country=Greenland number=???????????
.

Works but as indicated only on AC interfaces (e.g. AC3 using wifiwave2)

I guess that number=X is supposed to refer to wireless interface (or something). It is silly that then command returns exactly the same info regardless the interface indicated. I'm running this on Audience, which has 3 radio interfaces (1x 2.4GHz and 2x 5GHz) and I can set number to values 0-2. But then it returns the same info.

mkx · Fri May 05, 2023 12:35 pm

I tried upgrading CRS 317 from 7.6 to 7.9. It failed lost the switch. After connecting with console. Switch was up but os version was old. Resetting the switch brought back the switch. The reconfigured it with older versihn 7.6
ty

After first boot there was probably something in /log/print about it. If device doesn't have logging set up with destination other than memory, then this information was lost. So if you feel adventurous and decide to try again (and it fails again), do check the log about the reasons. And if reasons are not clean, create supout.rif file and send it to MT support.

Paternot · Fri May 05, 2023 5:23 pm

Sorry but I lost track of that discussion due to excessive quote stripping (probably mandated by a dictator moderator).
It looks like it is time for another complaint...

I hear You. This is getting out of hand. I just lost the will to post here - too much hassle.

Wilmar · Fri May 05, 2023 6:13 pm

Upgrade RB760iGS from v7.8 to 7.9 results in MT that losing all connections every 1 or 2 minutes.
Had to go back to v7.8 because could not find the why this behaviour
Wilmar

BrianHiggins · Fri May 05, 2023 7:47 pm

In my setup I have

	/system logging action add name=System target=memory
	/system logging add action=System topics=interface
	/system logging add action=System topics=system,!account
	/system logging add action=System topics=health

After upgrading a device from 7.7 to 7.9 last night these settings were lost and had to be re created. After upgrade the entire /system logging section was back to default settings.

Can anyone else duplicate?

nsaldanh · Fri May 05, 2023 7:50 pm

ROS 7.9 seems to have broken IPv6 for at least tile on a CCR1009-7G-1C. With 7.9 there are no connections to global WAN addresses. Trying to ping one says there is no route. I downgraded to 7.8 and immediately had lots of IPv6 global connections. I reinstalled 7.9 and again could not get any global connections. I have downgraded to 7.9 for now.

I have the same problem. IPV6 works directly on the router. No downstream device gets an IPV6 address with ROS 7.9. IPV6 ND shows invalid prefixes.

cyayon · Fri May 05, 2023 7:58 pm

I have upgraded my routers from 7.7 to 7.9 everything is running OK.
The issue with L3-HW is still not resolved. The ticket is open since january.
We wait...

I have noticed that on the 4011 the CPU is now set to auto and its speed is dynamic. Maybe to reduce heat?

Hi,
What is the issue with l3-hw please ?
Thanks

TomSF · Fri May 05, 2023 8:43 pm

ROS 7.9 seems to have broken IPv6 for at least tile on a CCR1009-7G-1C. With 7.9 there are no connections to global WAN addresses. Trying to ping one says there is no route. I downgraded to 7.8 and immediately had lots of IPv6 global connections. I reinstalled 7.9 and again could not get any global connections. I have downgraded to 7.9 for now.
I have the same problem. IPV6 works directly on the router. No downstream device gets an IPV6 address with ROS 7.9. IPV6 ND shows invalid prefixes.

In my situation I got a valid prefix and clients could configure their addresses with it. They just couldn't get to global address because there was no gateway to the WAN. I am using slaac and the DHCPv6 client just asks for a prefix and creates a pool with it. I then add a ::1/64 address from the pool for the bridge with all my LAN and wifi interfaces. If you are getting a bad prefix, then maybe there is something wrong with your DHCPv6 client configuration. In case you didn't see a later post, I had to enable ND on my WAN (ether1) interface to get things working, whereas that wasn't needed before 7.9.

vuk · Fri May 05, 2023 9:11 pm

HI!

After upgrading to V7.9 from v7.8 my IPIP tunnels with IPSec has become totally unusable (slow).
I restored a previous version of my config, it has not solved the problem, but when I downgraded to v7.8 everything is just fine.

I created a supout file, should I upload somewhere?
Anyone else with same issue?

MrYan · Fri May 05, 2023 10:50 pm

I am getting error "can't verify peer's certificate from store" again on the ipsec setup. I tried reupload the root CA again but no avail.

Same for me. Working ProtonVPN connection broke. Uploaded the root certificate again and still doesn't work.

rtlx · Sat May 06, 2023 12:55 am

I confirm that OpenVPN is not stable.

I've just updated from v7.7 where OpenVPN was working in TCP mode, now on v7.9 I've switched to UDP.

After a while I receive the following error messages:

On the server:

<IP Address>: disconnected <TLS error: std failure: unknown id (4)>
[interface name]: terminating... - TLS error: std failure: unknown id (4)

On the client:

[interface name]: disconnected <TLS error: ssl: wrong alert structure (6)>
[interface name]: terminating... - TLS error: ssl: wrong alert structure (6)

Moreover, when using the aes-256-gcm with auth set on the client (in my case to sha512), then there is an infinite loop in establishing connections, so I get many OpenVPN connections from the same router at the same time.

Plugpulled · Sat May 06, 2023 1:49 am

Upgraded my RB4011(Wifi) to 7.9, working stable both on WIfi/LAN. Using Hap AX3 as AP connected from port 1 of AX3 to POE port of 4011 which i'm using for my AX devices. After few hours/mins wifi is very unstable, devices are getting disconnected and unable to connect until device(AX3) reboot. After reboot i am able to connect again and it gets disconnected permanently after few hours/mins, i'm able to see my access point on Mac/iPhone but unable to connect.

Tporlapt · Sat May 06, 2023 2:21 am

I tried 7.9 again, it worked for a while then failed again. I downgraded back to 7.8 but as a test, left the 7.9 firmware loaded. Still had issues. Reverting to 7.8 firmware and 7.8 RouterOS and all is well again. I wonder if the 7.9 firmware has affected the switch behaviour? RB750Gr3, Ether 1 is WAN, Ether 2-5 (bridge) in use as LAN. Basically the stock setup, although I do use IPv6 on the bridge.

kreb · Sat May 06, 2023 9:03 am

Not sure if this is related to the mentioned IPv6 malfunction, nevertheless, IPv6 wasn't working well on 7.9 /CCR2116 after upgrade, a little investigation showed removing IPv6 firewall filters fixed the issue, further digging showed interfaces list was messed up, particularly LAN list with 'unknown interfaces', remove the unknowns add actual interfaces to LAN list, re-add firewall filters and all is good.

Uncertain if this was introduced during the upgrade to 7.9, but it might worth verifying.

manojlovicl · Sat May 06, 2023 9:45 am

I have CHR with 10 CPU cores and 4GB memory on Hyper-V and 190 OVPN connections and 190 EoIP tunnels with 10 Bridges - the OVPN is really unstable - sessions get duplicated and in couple of hours router is stuck (unresponsive - in console there was an message about bug, cpu... (I was unable to create a screenshot as a production was down and we were in hurry to bring it up again) ... I downgraded back to 7.7 where OVPN is also unstable (duplicated sessions) but it happens less often (let say once in couple of days).

massinia · Sat May 06, 2023 11:20 am

Upgraded my RB4011(Wifi) to 7.9, working stable both on WIfi/LAN. Using Hap AX3 as AP connected from port 1 of AX3 to POE port of 4011 which i'm using for my AX devices. After few hours/mins wifi is very unstable, devices are getting disconnected and unable to connect until device(AX3) reboot. After reboot i am able to connect again and it gets disconnected permanently after few hours/mins, i'm able to see my access point on Mac/iPhone but unable to connect.

Yours looks like a configuration problem...

connectlife · Sat May 06, 2023 1:03 pm

Hello, I have a WORKING configuration in MLAG with 4 switches CRS326-24S+2Q+ and ROS 7.6 which I will call SW1 - SW2 - SW3 - SW4

SW1/SW2 are in MLAG between logos thanks to the 40Gbps port
SW3/SW4 are in MLAG between logos thanks to the 40Gbps port

SW1 does LACP with SW3/SW4 via two SFP ports, one going to SW3 and the other going to SW4

Same thing goes for SW2

In practice, the two pairs of switches do MLAG and then BONDING with the corresponding ones using MLAG.

The problem:

With ROS 7.9 nothing works anymore, the MAC Addresses on the ARP table continue to switch between the MLAG port and the LACP one driving the network completely crazy.

So I downgraded to 7.7 which I see has several fixes on BRIDGE/RSTP etc.. The problem also occurs with 7.7 so I think the malfunction starts from this version..

As soon as I downgrade to 7.6 the network starts working fine..

Plugpulled · Sat May 06, 2023 1:28 pm

Upgraded my RB4011(Wifi) to 7.9, working stable both on WIfi/LAN. Using Hap AX3 as AP connected from port 1 of AX3 to POE port of 4011 which i'm using for my AX devices. After few hours/mins wifi is very unstable, devices are getting disconnected and unable to connect until device(AX3) reboot. After reboot i am able to connect again and it gets disconnected permanently after few hours/mins, i'm able to see my access point on Mac/iPhone but unable to connect.
Yours looks like a configuration problem...

It was perfectly stable and working fine on 7.6,7.7,7.8.

TomSF · Sat May 06, 2023 6:14 pm

v7.9 on hap ax^3 drops wifi registrations and will not allow new ones until a reboot. This problem was observed and reported by at least 2 of us using v7.9 rc4. It seemed fixed in rc5 and v7.9 stable but after 3 days of running, all registrations were gone. There were registrations last evening and this morning there were none. The log had nothing related to disconnects, reauthenticating or connections. Immediately after a reboot, connections started occurring and the log shows that activity.

Plugpulled · Sat May 06, 2023 6:36 pm

Upgraded my RB4011(Wifi) to 7.9, working stable both on WIfi/LAN. Using Hap AX3 as AP connected from port 1 of AX3 to POE port of 4011 which i'm using for my AX devices. After few hours/mins wifi is very unstable, devices are getting disconnected and unable to connect until device(AX3) reboot. After reboot i am able to connect again and it gets disconnected permanently after few hours/mins, i'm able to see my access point on Mac/iPhone but unable to connect.
Yours looks like a configuration problem...

You were right. It was a config issue. On my RB4011 i had to goto IP->DHCP->Leases->Select the IP/Mac/Device Name for Hap Ax3-> Make it Static IP. Seems to have worked and been stable for hours.

Update: Still getting disconnected. Seems to be when 802.11ac only devices are connected to hap ax3 in my case its Homepod. As soon as i start playing some songs it hapax3 wifi stops working. This only seems to have started with 7.9.

volkirik · Sat May 06, 2023 7:33 pm

IPv6 Works OK for me without packet-loss.

Upgrade from 7.8 to 7.9 did not broke my interface-lists.

noradtux · Sat May 06, 2023 8:40 pm

Upgraded CRS317, RB5009, Chateau 5g ax and CCR2216 without apparent issues (solved some I had on 7.8). Features used involve IPv6, Wireguard, OSPFv2 and v3, BGP and IPSec

b10up · Sat May 06, 2023 9:31 pm

Upgraded an RB4011.
I have 2 VLANs and 2 PPPoE WANs.
Since the upgrade, the port forwarding is broken on the secondary pppoe interface. The traffic starts there are rx and tx packets, but the browsers returning ERR_SOCKET_NOT_CONNECTED.
This can be fixed by turning off fasttrack, but it drops the speed from gigabit to <300Mbit/s

chiem · Sun May 07, 2023 3:48 am

After upgrading, I'm getting these:

invalid mtu 9086 on sfp-sfpplus1 from fe80::ea5c:aff:fe83:f43c

.. warnings. Not sure what to do about it, since it's the upstream gateway to the router and I have no control over it, and the interface is set to mtu 1500.

Simonej · Sun May 07, 2023 6:20 am

Just a reminder, v7.9 is still affected with the bug from v7.8 on Bridge Hardware Offloading on devices with multiple switch chips (like RB4011 series).
viewtopic.php?p=989794#p989794

Ticket is closed and fix should be released in the next version.
in the meantime Support suggested to set HW=no on Bridge ports, I found easier to enable IGMP-Snooping or disable all the ethernet ports on the second switch.

Sun May 07, 2023 8:30 am

invalid mtu 9086 on sfp-sfpplus1 from fe80::ea5c:aff:fe83:f43c

fe80::/10 is the prefix for IPv6 link-local addresses, so it means one of your LAN hosts (the one that’s assigned itself that IP) is trying to use jumbo packets and is getting slapped down by the router.

It’s likely harmless, since the host should be able to do PMTUD and figure this out, but it’s better if you configure it not to try. Jumbo packets are rarely helpful.

revan · Sun May 07, 2023 10:22 am

What alternatively gifted person thought up in the web interface to cram a comment as a column into the firewall tables (and the rest of the tables look no better)?! Now to see the rules, you either need to compress the comment column, or turn the horizontal scroll! Return it as it was!

new_comment.jpg

pekr · Sun May 07, 2023 10:38 am

What alternatively gifted person thought up in the web interface to cram a comment as a column into the firewall tables (and the rest of the tables look no better)?! Now to see the rules, you either need to compress the comment column, or turn the horizontal scroll! Return it as it was!
new_comment.jpg

Well, my take is more radical. The web interface looks really awful for quite some time already, just scrap it. I would prefer Mikrotik Mobile app ported to the desktop anyday, especially if you turn on the table/grid design. It is good enough to slowly start replacing Winbox imo.

In today's world, there is no place for such a shitty design, looking like a 90ties Unix clone. Just look at Ubi Unifi interface - that's how modern interface should look like.

Znevna · Sun May 07, 2023 10:41 am

@revan: Or get a bigger monitor?
Or use winbox?
Or file a bug report to include some options to hide columns in the webfig that few gifted persons use it?

revan · Sun May 07, 2023 11:01 am

In today's world, there is no place for such a shitty design, looking like a 90ties Unix clone. Just look at Ubi Unifi interface - that's how modern interface should look like.

Normal design. Functional. It is quite sufficient to perform most administrative tasks. Ubi Unifi - does not contain even 25% of the functionality of mikrotik, therefore they can afford to draw a pretty interface in which you can change a couple of parameters. If you try to cram dozens of parameters into such an interface (as in mikrotik), the router processor will die in an attempt to draw it. Or it will jump significantly in price.

soonwai · Sun May 07, 2023 11:10 am

v7.9 on hap ax^3 drops wifi registrations and will not allow new ones until a reboot. This problem was observed and reported by at least 2 of us using v7.9 rc4. It seemed fixed in rc5 and v7.9 stable but after 3 days of running, all registrations were gone. There were registrations last evening and this morning there were none. The log had nothing related to disconnects, reauthenticating or connections. Immediately after a reboot, connections started occurring and the log shows that activity.

I have this problem too (occurs for me from rc2-rc5.) Seems to happen less on v7.9 Stable. Similarly, only a reboot will revive the ax3. Still observing the problem before I make a report to support.

revan · Sun May 07, 2023 11:15 am

@revan: Or get a bigger monitor?
Or use winbox?
Or file a bug report to include some options to hide columns in the webfig that few gifted persons use it?

To control the setup of the SOHO router, a standard 15-inch screen like most laptops should be enough.

webfig allows you to control the router even through highly filtered channels (for example, hotspot), since https is passed everywhere. To manage via winbox, you need to set up a vpn, which can also be filtered. winbox is not a panacea.

as for the bug report, it's not a bug, it's a new feature, the need for which is doubtful. But I'll probably make a ticket.

soonwai · Sun May 07, 2023 11:17 am

After upgrading, I'm getting these:
Code: Select all
invalid mtu 9086 on sfp-sfpplus1 from fe80::ea5c:aff:fe83:f43c
.. warnings. Not sure what to do about it, since it's the upstream gateway to the router and I have no control over it, and the interface is set to mtu 1500.

Same here. I've been getting "radvd, warning invalid mtu 1492 on pppoe-out1 from fe80::200:5eff:fe00:10d" Not sure what to make of it.

fe80::200:5eff:fe00:10d is my ISPs DHCP server. (as reported by my DHCPv6 client)

Unsure where the MTU 1492 is coming. My PPPoE is currently set at MTU 1480. The highest I can set it to is MTU 1488.

volkirik · Sun May 07, 2023 12:24 pm

After upgrading, I'm getting these:
Code: Select all
invalid mtu 9086 on sfp-sfpplus1 from fe80::ea5c:aff:fe83:f43c
.. warnings. Not sure what to do about it, since it's the upstream gateway to the router and I have no control over it, and the interface is set to mtu 1500.
Same here. I've been getting "radvd, warning invalid mtu 1492 on pppoe-out1 from fe80::200:5eff:fe00:10d" Not sure what to make of it.

fe80::200:5eff:fe00:10d is my ISPs DHCP server. (as reported by my DHCPv6 client)

Unsure where the MTU 1492 is coming. My PPPoE is currently set at MTU 1480. The highest I can set it to is MTU 1488.

maybe they are using 1492 mtu at their end? maybe safely ignore?

Sun May 07, 2023 12:31 pm

Just noticed problems connecting wifi clients to AX2 ( after 4 days uptime).
Normal network using wpa2/3 became unavailable.
IoT network with only wpa2 was still possible.
Reboot of AX2 solved it, for now.

ToTheFull · Sun May 07, 2023 1:31 pm

I had a strange crash last night, I couldn't connect to any wifi on my cAP-ax which caused big slow-downs on my main router (ax2), tried restarting a few times but still the same. IE I couldn't connect to it via ip.. only by using MAC address, so I just snatched it off the ceiling and left it off all night. Got up today re-loaded the config and all is well again. Just bizarre!
Uptime 3 days or so.

Plugpulled · Sun May 07, 2023 2:01 pm

Just noticed problems connecting wifi clients to AX2 ( after 4 days uptime).
Normal network using wpa2/3 became unavailable.
IoT network with only wpa2 was still possible.
Reboot of AX2 solved it, for now.

Same here :(. Downgraded AX3 to 7.8 and its been stable so far.

ToTheFull · Sun May 07, 2023 2:03 pm

So 3 people with the same problem then so far.

TomSF · Sun May 07, 2023 4:44 pm

So 3 people with the same problem then so far.

I am not sure if I am one of the three but include me in the list. I am using wpa2 & 3 and as I had reported, registrations get dropped and no new ones can be created with my ax^3, thus requiring a reboot. Holvoeth's post hopefully narrowed things down to wpa2 & 3. I may roll back to v7.8 which was stable.

soonwai · Sun May 07, 2023 4:55 pm

Same here. I've been getting "radvd, warning invalid mtu 1492 on pppoe-out1 from fe80::200:5eff:fe00:10d" Not sure what to make of it.

fe80::200:5eff:fe00:10d is my ISPs DHCP server. (as reported by my DHCPv6 client)

Unsure where the MTU 1492 is coming. My PPPoE is currently set at MTU 1480. The highest I can set it to is MTU 1488.
maybe they are using 1492 mtu at their end? maybe safely ignore?

Yeah, atm I'm just ignoring it. Doesn't seem to affect anything. Highly possible a configuration error on the ISP's side.

spippan · Sun May 07, 2023 6:22 pm

running on 7.9 stable now
hap ac²
hap ac
rb1100ahx4

all good so far.
2 container (kuma uptime, adguard) running well
BGP sessions over wireguard peers also running fine.

noticed bgp stability improvement when refreshing route informations.

thanks for the effort to MT
now ... back to waiting on BFD ;) ;) cheers

osc86 · Sun May 07, 2023 6:51 pm

I'm still seeing random ospf timeouts every few hours with 7.9. With 7.6 I had days of uptime without any disconnects or timeouts.
I already set up netwatch to check the reachability of the neighbor, no downtimes reported in the log.
The dead timer is set to 40 seconds (default), which should be more than enough, even if one or two Hello packets get lost in transit.
These probe lines in the log also indicate that there's still a bug in displaying or resolving the correct interface (*15).

spippan · Sun May 07, 2023 8:26 pm

In today's world, there is no place for such a shitty design, looking like a 90ties Unix clone. Just look at Ubi Unifi interface - that's how modern interface should look like.

you really cannot compare unifi (home and small business grade) with the flexibility and function richness of routerOS
that comparison is simply invalid tbh.

Spirch · Sun May 07, 2023 9:54 pm

being a rb5009 home user doing basic stuff (firewall, vlan, wireguard, pppoe client for internet, ipv4 only) on 7.6, no issue to my knowledge

is there something for me from 7.7 to 7.9 that would benefit me? looking at the changelog i see nothing and i'm kind of, if not broken dont updating it

Sun May 07, 2023 9:57 pm

is there something for me from 7.7 to 7.9 that would benefit me? looking at the changelog i see nothing and i'm kind of, if not broken dont updating it

Then don't :-)

It's running fine on my rb5009.

coddy · Mon May 08, 2023 1:57 am

ok, make that 4 of us, both of my Hap AX3 completely drop wireless clients after around 24 hours. They continue to advertise the SSIDs but no new registrations occur. I'm using CAPsMAN server on one AX3, the other AX3 is a client. Both stop registrations. As a test I rebooted the remote 'client' AX3 and registrations started working again on it (The CAPsMAN AX3 showed the remote registrations). The other AX3 (CAPsMAN Server) still did not accept any client registrations, So this appears to be at the wifiwave2 driver level, since other functions (SSH/CAPsMAN server etc) continued to function.

This issue became very obvious with the 7.9 release, the RC's all had the same problem (reported in the RC beta thread), but could sometimes stay up for over a week.

I am using WPA2 authentication only (No WPA3). Since rebooting AP restores connections, and this has been reported by multiple people (standalone config, CAPsMAN config etc), it appears to be at the wifiwave2 driver level.

Kaldek · Mon May 08, 2023 5:14 am

ok, make that 4 of us, both of my Hap AX3 completely drop wireless clients after around 24 hours. They continue to advertise the SSIDs but no new registrations occur. I'm using CAPsMAN server on one AX3, the other AX3 is a client. Both stop registrations. As a test I rebooted the remote 'client' AX3 and registrations started working again on it (The CAPsMAN AX3 showed the remote registrations). The other AX3 (CAPsMAN Server) still did not accept any client registrations, So this appears to be at the wifiwave2 driver level, since other functions (SSH/CAPsMAN server etc) continued to function.

This issue became very obvious with the 7.9 release, the RC's all had the same problem (reported in the RC beta thread), but could sometimes stay up for over a week.

I am using WPA2 authentication only (No WPA3). Since rebooting AP restores connections, and this has been reported by multiple people (standalone config, CAPsMAN config etc), it appears to be at the wifiwave2 driver level.

I concur - two cAP ax units managed via CAPsMAN with the same issue.

Mon May 08, 2023 8:30 am

Did anyone have the chance to pull a supout.rif and send it to support ?

luckybuilding · Mon May 08, 2023 9:35 am

Thanks for this version features. However, It has a issue on SSTP Server! It does not start correctly and I could not connect after upgrade! I had to downgrade to 7.8 !

Znevna · Mon May 08, 2023 9:42 am

I wonder (yet again) if it's that hard for them to have a test bench where they have devices pre-configured with every fancy feature they offer and actually test the releases before launching a stable version.
They can't expect from users to jump on the beta and rc versions train and test all the features & functionality for them.
Having a version just boot successfully with a default config shouldn't count as "yay, it works" .

mkx · Mon May 08, 2023 10:49 am

I wonder (yet again) if it's that hard for them to have a test bench where they have devices pre-configured with every fancy feature they offer and actually test the releases before launching a stable version.

I guess they actually might do ... the functionality part of tests. And some test portfolio (as ROS is so much versatile, it's hard to test all cases that users might be using).

But the problematic part is stability test ... e.g. wifiwave2 glitches some users are observing. It seems that those happen only after a while (users report different time periods after which wireless drops) and possibly depending on device activity (which again can vary very much and it's hard to make a test scenario which would catch all the various use cases).
One use case which is very hard to test is a (known) fact that devices, which are continuously upgraded and have jumped from v6 to v7 at some point, can run into unstable operation. Netinstalling them and re-configuring (either from scratch or by using text export of config) them seems to improve stability. But such a history is extremely hard to include into test bed ... because there are so many combinations of different versions available and it's not known which combination triggers the issue and when.

So again we're back to the well known fact that we, advanced users, are their "gamma" testers ... and with some luck (and after ROS v7 stabilizes enough) our test reports will get due attention and resolutions (in form of dot releases).

pe1chl · Mon May 08, 2023 10:56 am

Just look at Ubi Unifi interface - that's how modern interface should look like.

When the look of the user interface is important to you, select the product that has the look you like!
I think most users of MikroTik equipment do not care a bit how the webfig looks.
Furthermore, I don't think "modern interface" is better at all. The removal of al border lines and the use of low-contrast colors really does not help me.

masseselsev · Mon May 08, 2023 11:48 am

Hardware: RB5009
Issue: Container import problem in v7.9. After upgraded firmware v7.9 to RB5009, I tried to update the existing working container for Adguardhome to the latest version as well (adguard/adguardhome:latest). The following error was found in the log.
Registry in use : https://registry-1.docker.io
Solution: viewtopic.php?t=192810#p981824
Code: Select all
... importing remote image: adguard/adguardhome, tag: latest
... was unable to import, container d9f3b14b-efe0-4788-90ee-edeb024f08fb

Was already discussed in the 7.8 thread, and promised to be fixed in the RC following the 7.9 release.

Mon May 08, 2023 11:51 am

One use case which is very hard to test is a (known) fact that devices, which are continuously upgraded and have jumped from v6 to v7 at some point, can run into unstable operation. Netinstalling them and re-configuring (either from scratch or by using text export of config) them seems to improve stability. But such a history is extremely hard to include into test bed ... because there are so many combinations of different versions available and it's not known which combination triggers the issue and when.

I understand the background of your comment (been there, done that on a couple of devices) but for AX devices this is not applicable. They were from the start foreseen with ROS7.

So again we're back to the well known fact that we, advanced users, are their "gamma" testers ... and with some luck (and after ROS v7 stabilizes enough) our test reports will get due attention and resolutions (in form of dot releases).

Personally, I don't mind for my home devices. I know this can be unstable.

massinia · Mon May 08, 2023 11:56 am

ok, make that 4 of us, both of my Hap AX3 completely drop wireless clients after around 24 hours. They continue to advertise the SSIDs but no new registrations occur. I'm using CAPsMAN server on one AX3, the other AX3 is a client. Both stop registrations. As a test I rebooted the remote 'client' AX3 and registrations started working again on it (The CAPsMAN AX3 showed the remote registrations). The other AX3 (CAPsMAN Server) still did not accept any client registrations, So this appears to be at the wifiwave2 driver level, since other functions (SSH/CAPsMAN server etc) continued to function.

This issue became very obvious with the 7.9 release, the RC's all had the same problem (reported in the RC beta thread), but could sometimes stay up for over a week.

I am using WPA2 authentication only (No WPA3). Since rebooting AP restores connections, and this has been reported by multiple people (standalone config, CAPsMAN config etc), it appears to be at the wifiwave2 driver level.

I have a very similar setup to yours and have never had any problems.
Do you use vlans?

coddy · Mon May 08, 2023 12:57 pm

Yes I have multiple SSIDs and VLANs. Due to 7.9 not dynamically adding VLANs to remote CAPsMAN managed AXs (Works on a local AX if that AX is the CAPsMAN server also), I have to manually bridge the wifi SSID's to the appropriate VLANs.

Having said that, others are experiencing the same issues with standalone AX3's also.

The general symptom of failure is phones come back saying invalid password (IOS 14 and Samsung S10), Windows 11 also says the password is invalid. (Static WPA2 password). I have tried disabling and re-enabling SSID interfaces without success. Only solution is to reboot the AP. Once the AP is rebooted, on the phones you need to select the SSID from the list again before they re-connect (I guess they give up trying after a certain number of attempts). The laptop seems to reconnect automatically.

It will fail again in a day or two. It has failed for me 3 times already (Deployed 7.9 as soon as it was released). Time for 7.10 beta?!

volkirik · Mon May 08, 2023 1:22 pm

Time for 7.10 beta?!

I requested 7.10alpha. and the response was negative. :D

Hello,

Thank You, for contacting Mikrotik support team!

The answer to Your inquiry is - no.

We are not at liberty to provide You alpha or beta builds of our software.

All the publicly available software is listed on Mikrotik`s official page:

https://mikrotik.com/download

Have a Good day!
Gļebs K.

stich86 · Mon May 08, 2023 3:25 pm

Me too... "PPPoE Scan" feature broken (tested with RouterOS 7.9 on 4011 and ChateauLTE12)
Yes, it’s still broken.

looks like a timeout issue, for someone there is an output. May be the remote RAS reply faster than others... anyway on 7.6 was working, so hope they fix in the next release.
It's important to test if the VLAN or ONT are working as expected

borr · Mon May 08, 2023 3:40 pm

After upgrading, I'm getting these:
Code: Select all
invalid mtu 9086 on sfp-sfpplus1 from fe80::ea5c:aff:fe83:f43c
.. warnings. Not sure what to do about it, since it's the upstream gateway to the router and I have no control over it, and the interface is set to mtu 1500.
Same here. I've been getting "radvd, warning invalid mtu 1492 on pppoe-out1 from fe80::200:5eff:fe00:10d" Not sure what to make of it.

fe80::200:5eff:fe00:10d is my ISPs DHCP server. (as reported by my DHCPv6 client)

Unsure where the MTU 1492 is coming. My PPPoE is currently set at MTU 1480. The highest I can set it to is MTU 1488.

Same behavior on hap ac2. And got two kernel panics in with out of memory. Downgraded to 7.8 and everything is stable.

massinia · Mon May 08, 2023 3:56 pm

Yes I have multiple SSIDs and VLANs. Due to 7.9 not dynamically adding VLANs to remote CAPsMAN managed AXs (Works on a local AX if that AX is the CAPsMAN server also), I have to manually bridge the wifi SSID's to the appropriate VLANs.

Having said that, others are experiencing the same issues with standalone AX3's also.

The general symptom of failure is phones come back saying invalid password (IOS 14 and Samsung S10), Windows 11 also says the password is invalid. (Static WPA2 password). I have tried disabling and re-enabling SSID interfaces without success. Only solution is to reboot the AP. Once the AP is rebooted, on the phones you need to select the SSID from the list again before they re-connect (I guess they give up trying after a certain number of attempts). The laptop seems to reconnect automatically.

It will fail again in a day or two. It has failed for me 3 times already (Deployed 7.9 as soon as it was released). Time for 7.10 beta?!

I confirm, after 5 days of uptime I just had the same problem...
Have you already contacted support?

TomSF · Mon May 08, 2023 5:25 pm

I have a very similar setup to yours and have never had any problems.
Do you use vlans?

For the record, I have the problem and do not have vlans. Also, I do not have to do anything special after a reboot for devices to start registering again.

As far as MT's QA procedures, I naively assumed somebody at MT was reading the RC and stable release threads and was investigating reported problems. I was surprised when v7.9 was declared stable when very little time elapsed following reports of wifiwave2/ax^3 problems and there were no posts from MT personnel acknowledging the issue. I guess we are their QA department, but it would be nice to know our feedback was actually accomplishing something. I too am a home user and can deal with ROS instability but am annoyed that MT would declare something stable when it obviously isn't.

luckybuilding · Mon May 08, 2023 7:07 pm

Thanks for this version features. However, It has a issue on SSTP Server! It does not start correctly and I could not connect after upgrade! I had to downgrade to 7.8 !

Update: It only happens on one of my devices and I think it is an ssl prblem! One of CPU cores is always 100 and the profile show it is ssl!

nexusds · Mon May 08, 2023 7:24 pm

initially reporting issues with 4011 @ 10Gbps issues on SFP, now it seems an issue also with CR354/CRS326

All use different DAC/SFP+ modules with same issue. hard coding links to 10G or auto make no difference.. shows connected but very little data seems to go through (<1Mbps) or drops packets.

rolling back to 7.7 works perfectly.

nexusds · Mon May 08, 2023 7:32 pm

ok, make that 4 of us, both of my Hap AX3 completely drop wireless clients after around 24 hours. They continue to advertise the SSIDs but no new registrations occur. I'm using CAPsMAN server on one AX3, the other AX3 is a client. Both stop registrations. As a test I rebooted the remote 'client' AX3 and registrations started working again on it (The CAPsMAN AX3 showed the remote registrations). The other AX3 (CAPsMAN Server) still did not accept any client registrations, So this appears to be at the wifiwave2 driver level, since other functions (SSH/CAPsMAN server etc) continued to function.

This issue became very obvious with the 7.9 release, the RC's all had the same problem (reported in the RC beta thread), but could sometimes stay up for over a week.

I am using WPA2 authentication only (No WPA3). Since rebooting AP restores connections, and this has been reported by multiple people (standalone config, CAPsMAN config etc), it appears to be at the wifiwave2 driver level.

Plus one from us also.. Ax3s suddenly stop allowing registrations until a reboot.

massinia · Mon May 08, 2023 10:32 pm

ok, make that 4 of us, both of my Hap AX3 completely drop wireless clients after around 24 hours. They continue to advertise the SSIDs but no new registrations occur. I'm using CAPsMAN server on one AX3, the other AX3 is a client. Both stop registrations. As a test I rebooted the remote 'client' AX3 and registrations started working again on it (The CAPsMAN AX3 showed the remote registrations). The other AX3 (CAPsMAN Server) still did not accept any client registrations, So this appears to be at the wifiwave2 driver level, since other functions (SSH/CAPsMAN server etc) continued to function.

This issue became very obvious with the 7.9 release, the RC's all had the same problem (reported in the RC beta thread), but could sometimes stay up for over a week.

I am using WPA2 authentication only (No WPA3). Since rebooting AP restores connections, and this has been reported by multiple people (standalone config, CAPsMAN config etc), it appears to be at the wifiwave2 driver level.
Plus one from us also.. Ax3s suddenly stop allowing registrations until a reboot.

I don't understand the cause...
It was running well for 5 days and crashed twice today.
Wifi clients are still the same and i haven't changed the configuration.
Never had this problem with the beta/RC versions

BrianHiggins · Mon May 08, 2023 10:46 pm

Last week I had a site with a CCR1036-12G-4S, running nearly identical config to well over a dozen other sites with that same model router, all running v7.7. It recently started to experience kernel failures and spontaneous reboots with uptime rarely lasting 24 hours. We first tried swapping out for a new CCR1036-12G-4S which we rebuilt the config from scratch on (aka. we did not load a backup from the old device), but that new device was experiencing the same kernel failures and reboots and crashed within 24 hours. The only thing that differentiates this site from all the other sites with that same router is this one had a VLAN sub interface on sfp1 as the uplink, where all other sites were using ether1 or sfp1 without any VLAN as the uplink. On Friday we upgraded the device to v7.9 and it's been stable and running now for 90 hours without any issues.

There are several notes in the v7.9 changelogs that could seem relevant, but none of them apply to the CCR1036 according to the descriptions. Just wanted to let others know that the kernel failures might be VLAN related, and also that 7.9 might fix them for devices not indicated in the change logs (or maybe it doesn't and I'm just getting lucky).

usx · Mon May 08, 2023 11:12 pm

There is a new bug in WebFig. When toggling the enabled/disabled state from disabled to enabled, the entire row stays grey as if it were disabled.

For example in WiFi Interfaces or Firewall rules, I think it applies all the tables with rows which can be toggled.

dioeyandika · Tue May 09, 2023 4:38 am

I'm having issues with the switch ports on RB750Gr3. Very strange behaviour. Sometimes no packets Tx or Rx shown under "interfaces" (but the port is active and transmitting packets). Shows no link active (but it is...). Seems to be the last port plugged in. E.g., by unplugging the "bad" port and one "good" port, then plugging back in the bad port first, the "good" port now becomes bad!

And the log shows link up and link down all the time, even though... it isn't. And sometimes, all the switch ports go inactive. Setup is basically stock. Reverting to 7.8 fixes all issues. Going back to 7.9 brings them back.

Never had this kind of issue before. Anyone else, or am I blessed or have done something daft?

i decided too go back to 7.8, my wan port ether1 behave like that too, i tried to change to ether2 for WAN port remove from bridge port still same behavior, there must be something change on bridge, in 7.9 my internet become really slow, Reverting to 7.8 fixes all issues.
*) route - improved system stability when making routing decision;
Dont know about this but in my case not so stable :)

cdemers · Tue May 09, 2023 6:54 am

This is just a comment/observation about the release and not a complaint. Only odd issue that I saw with this update, on my 2011UiAS, updated late Saturday night from 7.6 to 7.9, I experienced intermittent loss of internet connectivity (randomly every 10-90 minutes, would loose internet for a few minutes, strange though i could still get to the modem, no issues detected at the modem, was making the wife upset while i was out working on Sunday, always have a bunch of winbox sessions open so i could see on the log server every time they disconnected and reconnected when i checked later on), tried just rebooting the router same behavior, till I updated RouterBOOT firmware and restarted once more (I normally do it just didn't this time). This router has less than 100Mbps cable internet so wan port is on Ether 6, and has a BGP blackhole feed (it's less than 30K routes just an experiment, doesn't use up that much ram or cpu), besides that and some extra firewall rules, it's based on the default nat config. Since the reboot after the RouterBOOT firmware update it's been ok. Just found that odd. Didn't experience any issues on 2 wAP ac's, or any of the other equipment I have been using for testing.

EgidijusL · Tue May 09, 2023 10:54 am

Also Wifi issues with ax3. At random times the phone stopped working even though the Wifi was active. The phone receives the IP "169.254.57.102" and keeps trying to connect to Wifi.
Only ax3 reboot helped.

maigonis · Tue May 09, 2023 11:13 am

Also Wifi issues with ax3. At random times the phone stopped working even though the Wifi was active. The phone receives the IP "169.254.57.102" and keeps trying to connect to Wifi.
Only ac3 reboot helped.

You need to check the logs in ax3 (or is it ac3?). I have noticed, that my phone (Galaxy S22) get disconnected whit error: "blā, blā rejected, can't find PMKSA". After, I assume, SAE process resets it get connected. Did a "forget and reconnect", didn't helped. I dunno if this is 7.9 related issue, but noticed just now.

uCZBpmK6pwoZg7LR · Tue May 09, 2023 11:43 am

vpn4 works!!!

mwaaa MT

For me now it is completely broken.
Now VPN4 on ROS7 not add routes to VRF

nichky · Tue May 09, 2023 1:13 pm

export your config

rextended · Tue May 09, 2023 1:28 pm

export your config

Open a separate topic, do not pollut this topic.

uCZBpmK6pwoZg7LR · Tue May 09, 2023 3:42 pm

export your config

nothing really special :

/routing bgp template
set default address-families=vpnv4 disabled=no multihop=yes router-id=\
    10.29.193.27 routing-table=main
/routing bgp connection
add address-families=vpnv4 as=65530 connect=yes disabled=no local.address=\
    10.29.193.27 .role=ibgp-rr-client multihop=yes name=bgp1 remote.address=\
    10.29.192.19/32 .as=65530 routing-table=main templates=default
/routing bgp vpn
add disabled=no export.route-targets=10.29.192.2:10013 import.route-targets=\
    10.29.192.2:13 label-allocation-policy=per-vrf name=bgp-mpls-vpn-1 \
    route-distinguisher=10.29.193.27 vrf=CeV10001

it is EDGE router
on ROS 7.8 works on 7.9 routes from RD 10.29.192.2:13 not added to vrf

leonardogyn · Tue May 09, 2023 4:54 pm

There is a new bug in WebFig. When toggling the enabled/disabled state from disabled to enabled, the entire row stays grey as if it were disabled.
For example in WiFi Interfaces or Firewall rules, I think it applies all the tables with rows which can be toggled.

.
Confirmed here, i'm also experiencing this behavior starting v7.9

nannou9 · Tue May 09, 2023 8:50 pm

In case if anybody has misbehaving rb4011 using vlans, please make sure you have MSTP enabled on bridge.

Didn’t work in long run. I tried also disabling hw offloading on bridge ports or enable ign snooping as someone suggested and none of it helped.
Gave up and reverted to 7.7 again.

Simonej · Tue May 09, 2023 9:18 pm

@nannou9, if you are affected by the same problem I have, bridge hardware offload on devices with 2 switch chips, you need to disable HW offloading then reboot.
On RB4011 series SFP+ port is always working.

I was fooled by MSTP but not related.

Just received confirmation that v7.10 beta "will" fix this.

nichky · Wed May 10, 2023 12:29 am

@uCZBpmK6pwoZg7LR

i can see some mistakes, but let we do what @rextended suggested.
He is the user which i respect a lot.

EgidijusL · Wed May 10, 2023 10:19 am

Also Wifi issues with ax3. At random times the phone stopped working even though the Wifi was active. The phone receives the IP "169.254.57.102" and keeps trying to connect to Wifi.
Only ac3 reboot helped.
You need to check the logs in ax3 (or is it ac3?). I have noticed, that my phone (Galaxy S22) get disconnected whit error: "blā, blā rejected, can't find PMKSA". After, I assume, SAE process resets it get connected. Did a "forget and reconnect", didn't helped. I dunno if this is 7.9 related issue, but noticed just now.

My bad. I have hap ax3.
Yesterday after 5 hours the same thing happened again, all devices could not connect to Wifi. In the morning I found the same problem again, the logs show that since 4 in the morning the wifi was rejecting.

npero · Wed May 10, 2023 11:10 am

I have some problem on ax2 but after couple days, device not connected to WiFi in log say some type of authentication error something with PMKSA.
Reboot device and working again.

rtlx · Wed May 10, 2023 11:15 am

MikroTik guys, PLEASE release version 7.10 (or 7.9.1) as soon as possible with fixes to above problems. I have all of my OpenVPN links down due to it's instability in version 7.9.

pe1chl · Wed May 10, 2023 11:17 am

In case if anybody has misbehaving rb4011 using vlans, please make sure you have MSTP enabled on bridge.
Didn’t work in long run. I tried also disabling hw offloading on bridge ports or enable ign snooping as someone suggested and none of it helped.
Gave up and reverted to 7.7 again.

My 4011 is doing VLAN on 7.9 OK.
(vlan-filtering bridge with hardware accel enabled and VLAN subinterfaces on the bridge. bridge is tagged member of the VLANs)
When you have mysterious problems that others don't see, try to export your config, netinstall 7.9, and import config again. Use export/import, not backup/restore.

kiaunel · Wed May 10, 2023 11:31 am

MikroTik guys, PLEASE release version 7.10 (or 7.9.1) as soon as possible with fixes to above problems. I have all of my OpenVPN links down due to it's instability in version 7.9.

Same here.
I have a ticket ( https://help.mikrotik.com/servicedesk/ ... SUP-115831 ) send to miktorik support, let`s see what they will answer

nicolap · Wed May 10, 2023 11:45 am

Many of the bugs fixed in version 7.9 have been introduced in the 7.8 beta. And many errors seem to occur randomly.
This is a sign of bad programming: before 'fixing' old bugs, you should review your development team.