v7.1rc1 [development] is released!

aussetg · Sat Aug 28, 2021 9:21 pm

There are few fixes included there, such as like fix for nv2, and few other minor issues that were reported here since release.

Fantastic!

I've noticed that the Cake settings include the "via ethernet" keyword, which is deprecated. Is it an old version of cake ?

And can we get the "ingress" keyword ? It's useful

DarkFox · Sat Aug 28, 2021 9:36 pm

The OVPN client does not work in this version. Gives the message ovpn-out1: terminating ... - wrong OVPN data

Tested NAT IPv6 everything works well. Only it is not clear where to register the DNS server for the bridge interface?

OVPN configuration:

 [admin@MikroTik] > /int ovpn-cli print deta
Flags: X - disabled; R - running 
 0 X  name="ovpn-out1" mac-address=xx:xx:xx:xx:xx:xx 
      max-mtu=1500 connect-to=xxxxx.xxx port=1196 
      mode=ip protocol=tcp user="none" 
      profile=default-encryption 
      certificate=xxxxx.crt_0 
      verify-server-certificate=no auth=sha1 cipher=aes128 
      use-peer-dns=no add-default-route=no

IPv6 configuration:

 [admin@MikroTik] > /ipv6 export
# aug/28/2021 20:49:03 by RouterOS 7.1rc1
# software id = NLPV-K8V7
#
# model = RB4011iGS+
# serial number = xxxxxx
/ipv6 dhcp-server
add address-pool=pool1 interface=bridge name=server1
/ipv6 pool
add name=pool1 prefix=2a00::/60 prefix-length=62
/ipv6 address
add address=::xxx:xxxx:xxxx:xxxx eui-64=yes from-pool=pool1 interface=bridge
/ipv6 dhcp-client
add add-default-route=yes interface=ether1 request=address \
    use-interface-duid=yes use-peer-dns=no
/ipv6 dhcp-server binding
add address=2a00::/62 duid=0x0003000xxxxxxxxxxxxe prefix-pool=pool1 server=server1
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" \
    connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=\
    udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=\
    546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" \
    ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" \
    connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=\
    bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=\
    bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 \
    protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" \
    ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" \
    in-interface-list=!LAN
/ipv6 firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN

Znevna · Sat Aug 28, 2021 9:39 pm

@Buster2
You never seen the ipsec logging then, nobody complained.
ipsec has some logs without any "level" set, there are messages you'd miss if you only enable 'debug' topic, you have to add another rule just for ipsec.

21:04:21 ipsec payload seen: ENC (80 bytes) 
21:04:21 ipsec processing payload: ENC 
21:04:21 ipsec,debug => iv (size 0x10) 
 time=21:04:21 topics=ipsec,debug message=9e90bcf2 312755a1 cb12c4ea e1954dba
 time=21:04:21 topics=ipsec,debug message=decrypted packet
 time=21:04:21 topics=ipsec message=respond: info

Also, bug? what's with time= on some of the lines?
Anywhoo, I've seen other users bothered by the wireguard messages.
Those messages can be easily hidden adding !wireguard to the info rule.
So you'd have this:

/system logging
set 0 topics=info,!wireguard

Or whatever number your rule is.
Until MikroTik decides if those wireguard messages are debug or info.

santyx32 · Sun Aug 29, 2021 3:42 am

And can we get the "ingress" keyword ? It's useful

AFAIK the ingress keyword only works when CAKE is both the qdisc and the shaper such as in OpenWrt, when using ROS simple queues or queue trees the shaper is HTB with your qdisc attached to it.

riv · Sun Aug 29, 2021 7:43 am

I cannot set RD values on VRF, and upgrading my RB1100AHx2 from beta6 to rc1 somehow crashes my box, that I need to reset using reset button

And please give us the ability for management VRF, currently all management services only works for master instance

MattK · Sun Aug 29, 2021 9:10 am

Hi everyone, thanks for this release!

remote logging with BSD Syslog flag enabled produces unreadable logs in remote syslog server (full of #000#000#000#000).

No BSD Syslog flag ->
Aug 25 11:11:12 tik-vpn-1-lan.hellasdirect.gr system,info log action changed by admin
Aug 25 11:11:13 warning denied winbox/dude connect from 118.174.111.6
Aug 25 11:11:47 warning denied message repeated 12 times: [ winbox/dude connect from 118.174.111.6]

Enable BSD Syslog flag ->
Aug 25 11:11:49 tik-vpn-1-lan.hellasdirect.gr #000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000
Aug 25 11:11:50 tik-vpn-1-lan.hellasdirect.gr #000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000#000

Also, enabling BSD syslog flag seems to cause a complete loss of configuration/reset to defaults on reboot.

mikee · Sun Aug 29, 2021 9:46 am

On my hap ac (RB962UiGS-5HacT2HnT) i don't see any IPv6 connections in torch and in firewall connections table. That also means firewall cant work properly.
Code: Select all
/ipv6 firewall filter
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" disabled=yes in-interface-list=!LAN
packet counter says 12 packets after almost 5 days uptime for first rule. Enabling second rule makes all ipv6 being dropped.

Exactly the same observation on mine:

board-name: hEX S
model: RB760iGS
firmware-type: mt7621L
factory-firmware: 6.43.10
current-firmware: 7.1rc1
upgrade-firmware: 7.1rc1

So IPv6 is quite unusable, because if you want it to work, you have to expose all your devices to the internet. And this is apparently only a forward chain issue, as input chain works OK.

EDIT
If I disable mangle rules on IPv6 which marks packets/connections for Queue tree the connection tracking on forward chain works. So it has to do with mangle/queues.

osc86 · Sun Aug 29, 2021 11:05 am

And please give us the ability for management VRF, currently all management services only works for master instance

+1

ivicask · Sun Aug 29, 2021 11:47 am

For me cake is crashing my SXTSQ 5 in matter of minutes even on RC2, its just simple wifi client with basic firewall rules..
It did create autosupout if any of devs wants it tell me,

aussetg · Sun Aug 29, 2021 1:00 pm

And can we get the "ingress" keyword ? It's useful
AFAIK the ingress keyword only works when CAKE is both the qdisc and the shaper such as in OpenWrt, when using ROS simple queues or queue trees the shaper is HTB with your qdisc attached to it.

I hope this is not true or will change because it's a little lame if it's the case. One of the points of the Cake is to drop HTB and use the builtin shaper as it's lighter and more accurate...

poppycomp · Sun Aug 29, 2021 1:12 pm

Hi,
On an RB4011 router I configured dual wan active - active. I need the traffic on one side not to interfere with the traffic on the other, both interfaces being active. In RouterOS 6.x it works.
This is the configuration for 6.x. I need to translate this configuration into RouterOS 7.1rc1 ( RB4011)

/ip firewall mangle
add action=mark-connection chain=input comment=WAN1 in-interface=ether1 new-connection-mark=MWAN1
add action=mark-routing chain=output connection-mark=MWAN1 new-routing-mark=RWAN1 passthrough=no
add action=mark-connection chain=forward comment=WAN1PF connection-state=new in-interface=ether1 new-connection-mark=PFMWAN1
add action=mark-routing chain=prerouting connection-mark=PFMWAN1 in-interface=bridge-local new-routing-mark=RWAN1
add action=mark-connection chain=input comment=WAN2 in-interface=ether2 new-connection-mark=MWAN2
add action=mark-routing chain=output connection-mark=MWAN2 new-routing-mark=RWAN2 passthrough=no
add action=mark-connection chain=forward comment=WAN2PF connection-state=new in-interface=ether2 new-connection-mark=PFMWAN2
add action=mark-routing chain=prerouting connection-mark=PFMWAN2 in-interface=bridge-local new-routing-mark=RWAN2

/ip route
add distance=1 gateway=GW-IPaddress-ether2 routing-mark=RWAN2
add distance=1 gateway=GW-IPaddress-ether1 routing-mark=RWAN1

if at ip firewall mangle seems to work, at routing I don't succeed at all. I don't understand the syntax and any combination I wrote, it doesn't work

It should be:
/routing table add name=RWAN2 fib
/routing table add name=RWAN1 fib
[...]
Thanks

icsterm · Sun Aug 29, 2021 2:31 pm

Is there any possibility to load the wifi wave2 package if I got the 256MB RAM hap ac2 version of the router?
I can put in a flash drive for extra storage, will that work?

aussetg · Sun Aug 29, 2021 3:24 pm

AFAIK the ingress keyword only works when CAKE is both the qdisc and the shaper such as in OpenWrt, when using ROS simple queues or queue trees the shaper is HTB with your qdisc attached to it.
I hope this is not true or will change because it's a little lame if it's the case. One of the points of the Cake is to drop HTB and use the builtin shaper as it's lighter and more accurate...

Can we have more details on how cake is handled from Mikrotik? If we set the "general" bandwdith limit at unlimited and the cake specific limit at X, is the shaping done by cakeor by HTB?

mrleongalaxyum · Sun Aug 29, 2021 4:36 pm

Does anyone know where can I get the rc2 for hap ac2?

Sun Aug 29, 2021 4:46 pm

Wait till it will be officialy released.

infabo · Sun Aug 29, 2021 7:59 pm

I hope this is not true or will change because it's a little lame if it's the case. One of the points of the Cake is to drop HTB and use the builtin shaper as it's lighter and more accurate...
Can we have more details on how cake is handled from Mikrotik? If we set the "general" bandwdith limit at unlimited and the cake specific limit at X, is the shaping done by cakeor by HTB?

Most likely. I am figuring out myself right now. My thesis: create 2 separate cake queue types. one for upload one for download. configure bandwidth and enable autoingress if needed. then assign to simple queue. set no limits there. dunno if that works.

Liopleus · Mon Aug 30, 2021 8:19 am

ROS v7 seems to have a much better default firewall configuration. After resetting my hap ac^3 due to boot-loop caused by cake, I found that it drops input from outside of LAN by default. Other settings mostly align with the securing your router page in the wiki aside from drop not_in_internet.

mkx · Mon Aug 30, 2021 8:58 am

ROS v7 seems to have a much better default firewall configuration.

Can you post output of /system default-configuration print (make terminal window real wide, long lines get truncated otherwise) for us to compare to contemporary v6 defaults?

pe1chl · Mon Aug 30, 2021 9:57 am

ROS v7 seems to have a much better default firewall configuration. After resetting my hap ac^3 due to boot-loop caused by cake, I found that it drops input from outside of LAN by default. Other settings mostly align with the securing your router page in the wiki aside from drop not_in_internet.

That has actually been the default firewall in version 6 for quite some time!
Unfortunately, when you have upgraded version 6 along the way for a long time, you never got that updated firewall. It is only installed on a reset-to-defaults.

Even people "recently" buying a router with version 6 not always get it, because a router when it is first powered on executes the default script using the RouterOS version installed at that time, and when you then immediately update it to the latest version 6 RouterOS it still has the old default firewall.
A similar problem occurs when enabling IPv6: the defaults for IPv6 will not be loaded when just enabling the IPv6 package in RouterOS v6.
So in general the recommended sequence is:
- enable IPv6 package when you require it in your installation
- update RouterOS to latest version
- again do a "reset to defaults", this will now install the defaults for the latest version, both for IPv4 and IPv6.

(of course in RouterOS v7 the IPv6 package is already enabled by default, but the reset to defaults is still required when you want the newest state)

vaka · Mon Aug 30, 2021 11:54 am

what is the syntax to use BGP AS-PATH in the ROSv7 filter ?

Captura de Tela 2021-08-24 às 16.40.37.png

Where did you find "Route Filter" dialog?
I have no such selection in my winbox 3.29

pe1chl · Mon Aug 30, 2021 11:57 am

Where did you find "Route Filter" dialog?
I have no such selection in my winbox 3.29

Strange... for me it appears in the menu.

Trunkz · Mon Aug 30, 2021 12:05 pm

I've got a dual-wan setup, however 7.1rc1 doesnt seem to like the way the routing is setup:

# aug/30/2021 09:59:55 by RouterOS 6.48.4
# software id = QHFP-3FXW
#
# model = RB4011iGS+5HacQ2HnD
# serial number = A2830A726A10
/ip route
add check-gateway=ping distance=1 gateway=1.1.1.1
add check-gateway=ping distance=10 gateway=1.0.0.1
add distance=1 dst-address=1.0.0.1/32 gateway=62.xxx.xxx.xxx scope=10
add distance=1 dst-address=1.1.1.1/32 gateway=81.xxx.xxx.xxx scope=10
add distance=1 dst-address=192.168.128.0/24 gateway=bridge

On 6.48.4; the first two recursive routes work correctly; however in 7.1rc1 the system reports as unable to find the gateways. Is this because of a syntax change in the 7.1x codebase?

MarcSN · Mon Aug 30, 2021 12:37 pm

Does anyone know where can I get the rc2 for hap ac2?

yes we all know. The info is in this thread, just read it.

vaka · Mon Aug 30, 2021 12:50 pm

Where did you find "Route Filter" dialog?
I have no such selection in my winbox 3.29
Strange... for me it appears in the menu.

It appears if I connected to ros6.xx device but not on ros7.1rc1

Liopleus · Mon Aug 30, 2021 4:48 pm

ROS v7 seems to have a much better default firewall configuration.
Can you post output of /system default-configuration print (make terminal window real wide, long lines get truncated otherwise) for us to compare to contemporary v6 defaults?

Here's the output but it doesn't seem to contain the firewall rules.
script: #| Welcome to RouterOS!
#| 1) Set a strong router password in the System > Users menu
#| 2) Upgrade the software in the System > Packages menu
#| 3) Enable firewall on untrusted networks
#| 4) Set your country name to observe wireless regulations
#| -----------------------------------------------------------------------------
#| RouterMode:
#| * WAN port is protected by firewall and enabled DHCP client
#| * Wireless and Ethernet interfaces (except WAN port/s)
#| are part of LAN bridge
#| LAN Configuration:
#| IP address 192.168.88.1/24 is set on bridge (LAN port)
#| DHCP Server: enabled;
#| DNS: enabled;
#| wifi1 Configuration:
#| mode: ap;
#| band: 2ghz-n;
#| tx-chains: 0;1;
#| rx-chains: 0;1;
#| installation: indoor;
#| ht-extension: 20/40mhz;
#| wifi2 Configuration:
#| mode: ap;
#| band: 5ghz-ac;
#| tx-chains: 0;1;
#| rx-chains: 0;1;
#| installation: indoor;
#| ht-extension: 20/40/80mhz;
#| WAN (gateway) Configuration:
#| gateway: ether1 ;
#| ip4 firewall: enabled;
#| ip6 firewall: enabled;
#| NAT: enabled;
#| DHCP Client: enabled;

:global ssid;
:global defconfMode;
:log info "Starting defconf script";
#-------------------------------------------------------------------------------
# Apply configuration.
# these commands are executed after installation or configuration reset
#-------------------------------------------------------------------------------
:if ($action = "apply") do={
# wait for interfaces
:local count 0;
:while ([/interface ethernet find] = "") do={
:if ($count = 30) do={
:log warning "DefConf: Unable to find ethernet interfaces";
/quit;
}
:delay 1s; :set count ($count +1);
};
:local count 0;
:while ([/interface wifiwave2 print count-only] < 2) do={
:set count ($count +1);
:if ($count = 40) do={
:log warning "DefConf: Unable to find wireless interface(s)";
/ip address add address=192.168.88.1/24 interface=ether1 comment="defconf";
/quit
}
:delay 1s;
};

pe1chl · Mon Aug 30, 2021 5:12 pm

Instead of relying on terminal window size, it is better to use:
/system default-configuration print file=default
and then download the generated file.

ominous · Mon Aug 30, 2021 5:34 pm

Will wifiwave2 ever be supported via capsman? Running it on my Audience and the speeds are awesome in comparison to regular wireless, but missing capsman.

Rfulton · Mon Aug 30, 2021 6:10 pm

Will wifiwave2 ever be supported via capsman? Running it on my Audience and the speeds are awesome in comparison to regular wireless, but missing capsman.

capsman doesn't work at all in ros7 so it might be a long while.

haedertowfeq · Mon Aug 30, 2021 6:21 pm

Capsman work fine in my hEXS router
RoterOS7.1rc1
Hope to see support for wave2

osc86 · Mon Aug 30, 2021 6:27 pm

is repartitioning working for anyone? I tried it with 7.0.5 and 7.1rc1. After a reboot the router still showed 1 partition. Tried the same with rc2 and it didn't boot up, I think I have to netinstall.

sander123 · Mon Aug 30, 2021 7:42 pm

On the routing status page it says that /31 adresses are not supported, but does anybody know if it works like v6?

https://help.mikrotik.com/docs/display/ ... col+Status

So:
IP-Adress: 10.0.0.2
Network: 10.0.0.3

And the other side exactly the opposit.

Without setting a /31 behind the IP?

woro · Mon Aug 30, 2021 9:49 pm

People have commented here that they cannot update to 7.1rc1 because of "kernel failure in previous boot".
I have the very same on RB2011 with 7.1beta6 running and sent support data as SUP-58570.

But what concerns me even more is that I cannot _downgrade_ to 6.48.4 either.
It seems I'm stuck with 7.1beta6 now on that device!

za7 · Mon Aug 30, 2021 9:57 pm

With RouterOS v7 will it be easier for the RouterOS developers to update the Linux Kernel version so as not stuck with a 10 year old Linux Kernel like RouterOS v6?

mducharme · Mon Aug 30, 2021 9:59 pm

It seems I'm stuck with 7.1beta6 now on that device!

I had a similar issue on my RB4011 upgrading to 7.1rc1, what I wound up doing to upgrade was to reset to no-default-configuration so that it was completely blank and use mac winbox to upload 7.1rc1. You could give that a try on your 2011.

mkx · Mon Aug 30, 2021 10:10 pm

With RouterOS v7 will it be easier for the RouterOS developers to update the Linux Kernel version so as not stuck with a 10 year old Linux Kernel like RouterOS v6?

It's not kernel version per-se, it's changes in API that sometimes makes kernel upgrades next to impossible. Kernel upgradability in ROSv7 will depend on support for 3rd party drivers (if driver is not ported to newer kernel, you're stuck to certain kernel version) and flexibility of ROS layer (when kernel API changes, how complex is the task of adjusting userland executables which drive kernel functions).

The situation with ROSv7? It's everybody's guess (devs probably know it a bit better).

CTassisF · Mon Aug 30, 2021 10:13 pm

ROS v7 seems to have a much better default firewall configuration.
Can you post output of /system default-configuration print (make terminal window real wide, long lines get truncated otherwise) for us to compare to contemporary v6 defaults?

Apparently there is no change in the firewall between v6.48.4 and v7.1rc1.
Here is a diff of the script that generates the default configuration: https://pastebin.com/0R02J2XM

woro · Mon Aug 30, 2021 10:27 pm

I had a similar issue on my RB4011 upgrading to 7.1rc1, what I wound up doing to upgrade was to reset to no-default-configuration so that it was completely blank and use mac winbox to upload 7.1rc1. You could give that a try on your 2011.

My configuration has grown over years and I most likely forgot several details.
As I never had to restore things I'm wondering what the right approach is? I've got a more or less recent backup. Is that one sufficient to restore everything on the same device (also independent from the software version)?

mducharme · Mon Aug 30, 2021 11:07 pm

Is that one sufficient to restore everything on the same device (also independent from the software version)?

Take both a .backup file and also do an export file=mybackup.rsc (or whatever name you want to give it) from the command line, and copy both the .backup and the mybackup.rsc off the device. The .backup file may not restore properly depending on changes between the versions that affect config lines, and so you may have to use the .rsc to restore. The rsc would contain everything except certificates and users, whereas the .backup would contain everything.

icsterm · Mon Aug 30, 2021 11:57 pm

None answered so far, for 256MB RAM devices, loading the wave2 package on arm32 (hap ac2) will work if external flash is connected to router?
ROS 7 packages are tied 100% to internal NAND only?

verbylab · Tue Aug 31, 2021 1:25 am

1) Firewall filter rules creation in WebFig doesn't work anymore. A click on 'Add New' has no effect.
2) Routing rules are still incomplete when used in combination with VRF, i.e. multiple routing tables.

santyx32 · Tue Aug 31, 2021 1:41 am

None answered so far, for 256MB RAM devices, loading the wave2 package on arm32 (hap ac2) will work if external flash is connected to router?
ROS 7 packages are tied 100% to internal NAND only?

You can give it a try since my hAP ac2 only has 128MB RAM

LSan83 · Tue Aug 31, 2021 8:49 am

None answered so far, for 256MB RAM devices, loading the wave2 package on arm32 (hap ac2) will work if external flash is connected to router?
ROS 7 packages are tied 100% to internal NAND only?

Short answer NO
I already had the answer on this forum for Chateau LTE12... No wave2 package for small internal flash.....

infabo · Tue Aug 31, 2021 11:34 am

1) Firewall filter rules creation in WebFig doesn't work anymore. A click on 'Add New' has no effect.

Can confirm. That's why I do not trust WinBox/WebFig in v7. And I always have the feel, when I actually save something in WinBox - that other parts break somehow. So every time I really need to save in WebFig or Winbox, I actually do a `/export` afterwards on CLI, make a diff to verify no other settings changed by accident. ROFL

pe1chl · Tue Aug 31, 2021 12:01 pm

None answered so far, for 256MB RAM devices, loading the wave2 package on arm32 (hap ac2) will work if external flash is connected to router?
ROS 7 packages are tied 100% to internal NAND only?

Of course MikroTik do not want to have packages installed on an external memory device that you can easily take out of the router.
It would make it easier to analyze what is going on in RouterOS (although that already is easy in versions like CHR and x86), but worse it would make the router break when someone removes that external memory, or when it is unreliable.
Technically it would be no problem to have some config command that says "add mounted external storage to the flash space" so you could have a USB stick, SD card, or whatever your router supports, and expand the NAND flash space, but I think it just isn't going to happen.
The support issues would just be too bad. Especially with all the fake storage devices out there.

emils · Tue Aug 31, 2021 12:32 pm

New version 7.1rc2 has been released in development RouterOS channel:

viewtopic.php?f=1&t=178045

Who is online