v7.1.3 is released!

emils · Mon Feb 21, 2022 3:42 pm

RouterOS version 7.1.3 has been released "v7 stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.1.3 (2022-Feb-11 21:20):

*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) bridge - fixed filter and NAT "set-priority" action;
*) conntrack - properly detect helper status;
*) crs3xx - fixed watchdog timer functionality;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) sms - increased "at-chat" timeout when sending SMS;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) vxlan - allow unsetting "group" and "interface" properties;
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireguard - fixed IPv6 traffic processing with multiple peers;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.

noradtux · Mon Feb 21, 2022 4:02 pm

*) wireguard - fixed IPv6 traffic processing with multiple peers;

Fix confirmed, my issue is gone :)

Kindis · Mon Feb 21, 2022 4:05 pm

So the issues with 3011 that was reported on the forum (bootloop etc) for 7.1.2 is that a confirmed issue that has been solved here? Looked to be more related to firmware then ROS.

eworm · Mon Feb 21, 2022 4:29 pm

This time my CCR1009-7G-1C-1S+ entered boot loop... 😳😢
Have not seen this in a long time myself.

mafiosa · Mon Feb 21, 2022 4:55 pm

PPPoE MTU is still at 1480.

Chupaka · Mon Feb 21, 2022 5:17 pm

PPPoE Client?

Ullinator · Mon Feb 21, 2022 5:29 pm

Update on HEX S (MMIPS) from 7.1.2 to 7.1.3 without problems (ROS and RouterBoard-FW)

didis81 · Mon Feb 21, 2022 5:45 pm

Update on 5009 from 7.1.1 to 7.1.3 without problems too

maaathieu · Mon Feb 21, 2022 6:13 pm

this simple routing rule still does not work:

 0   chain=cymru-in rule="if ( bgp-communities includes 65332:888 ) { accept } else { reject }"

all routes are rejected although they contain the right community:

 Fb   afi=ip4 contribution=filtered dst-address=23.151.160.0/24 routing-table=main gateway=1.2.3.4 immediate-gw=5.6.7.8%ether5_832 distance=20 scope=40 target-scope=30 
       belongs-to="BGP IP routes from 1.2.3.4" 
       bgp.peer-cache-id=*B000004 .as-path="65332" .communities=65332:888,no-export .atomic-aggregate=yes .origin=igp 
       debug.fwp-ptr=0x20302360

Mathieu

borr · Mon Feb 21, 2022 7:02 pm

*) wireguard - fixed IPv6 traffic processing with multiple peers;

still only one peer can use ipv6, not fixed

madejson · Mon Feb 21, 2022 7:31 pm

Any chance to fix problem with disconnecting wireguard peer when endpoint is set by domain (not an IP)? Issue is described here:
viewtopic.php?p=914534#p914534

infabo · Mon Feb 21, 2022 7:46 pm

This release does not break my hAP lite (SMIPS).

pe1chl · Mon Feb 21, 2022 7:46 pm

this simple routing rule still does not work:
Code: Select all
 0   chain=cymru-in rule="if ( bgp-communities includes 65332:888 ) { accept } else { reject }"

For me such rules do work OK. I would advise trying to put the community in a community list and then reference that in the rule.
The syntax for that is [[:name:]] (instead of 65332:888).
It fixed the problem for me when matching AS number.

dave3 · Mon Feb 21, 2022 7:55 pm

I was going to wait, but I decided to try it. From 6.49.3 to 7.1.3 on RB750gr3, with netinstall. So far, so good, as far as I can tell. It's using about 15MB more RAM than before. My setup is pretty vanilla, though I am using IPv6.

I do notice this new hardware offloading:

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes

(log)
hardware offloading activated on bridge "bridge" ports: ether5,ether4,ether2,ether3

So that's nice.

pe1chl · Mon Feb 21, 2022 8:16 pm

That hardware offloading is not new, unless you use a bridge with vlan filtering.
The log message refers to bridge offloading (i.e. usage of the switch chip).

dave3 · Mon Feb 21, 2022 8:32 pm

I thought I read it was new for v7 (perhaps not v7.1.3 exactly), though I could be wrong. I know that "hw-offload=yes" wasn't in the same configuration I had in v6.

buset1974 · Mon Feb 21, 2022 8:35 pm

Any progress on bgp and mpls?

pe1chl · Mon Feb 21, 2022 8:35 pm

Sure, but the message that it is activated is not related to that. It is related to bridge offloading and it was also there in v6.

ormandj · Mon Feb 21, 2022 8:36 pm

Unfortunately, all of the SFP+ ports are still flapping in 7.1.x for me, even with 7.1.3, on a CRS328-24P-4S+. Forcing the interfaces to 1G fixes the problem, but then I lose 10G. It happens at regular 5 minute intervals, which is extremely suspicious.

Screen Shot 2022-02-21 at 12.39.22.png

There hasn't been an update to SUP-68278 since December 23rd about this.

mafiosa · Mon Feb 21, 2022 8:41 pm

PPPoE Client?

Yes

dave3 · Mon Feb 21, 2022 8:43 pm

Sure, but the message that it is activated is not related to that. It is related to bridge offloading and it was also there in v6.

I understand, thanks.

gabacho4 · Mon Feb 21, 2022 8:56 pm

I have 5009 with factory firmware 7.0.5 marked as stable.
When I click to "check for updates" and choose channel "stable" I still see only 6.49.3 ??

Set your package channel to testing and install 7.1. Then reset the channel to stable and 7.1.3 should be there.

PSz · Mon Feb 21, 2022 9:02 pm

I have 5009 with factory firmware 7.0.5 marked as stable.
When I click to "check for updates" and choose channel "stable" I still see only 6.49.3 ??

Channel: upgrade

pe1chl · Mon Feb 21, 2022 9:07 pm

Unfortunately, all of the SFP+ ports are still flapping in 7.1.x for me, even with 7.1.3, on a CRS328-24P-4S+. Forcing the interfaces to 1G fixes the problem, but then I lose 10G. It happens at regular 5 minute intervals, which is extremely suspicious.

Yes, it indicates that you are probably running something like MRTG to graph the temperatures (polled via SNMP). Every 5 minutes, when it asks for the temperature, problems occur.

mafiosa · Mon Feb 21, 2022 9:38 pm

IPv6 torch functionality still not working

Jotne · Mon Feb 21, 2022 10:03 pm

Try to upgrade to latest 6.x, before you look from Upgrade.

pe1chl · Mon Feb 21, 2022 10:27 pm

That does not seem like good advice for a 5009 user...
I think you need to download the 7.1.3 package from the website and upload it to the router, then select reboot from the system menu.

PSz · Mon Feb 21, 2022 10:32 pm

Right, 5009 startup only with ROS 7....

Channel: upgrade
I do not have channel "Upgrade".
Only "long term", "stable", "testing", "development", but only LT and stable sounds reasonable ;)

ormandj · Mon Feb 21, 2022 10:48 pm

Unfortunately, all of the SFP+ ports are still flapping in 7.1.x for me, even with 7.1.3, on a CRS328-24P-4S+. Forcing the interfaces to 1G fixes the problem, but then I lose 10G. It happens at regular 5 minute intervals, which is extremely suspicious.
Yes, it indicates that you are probably running something like MRTG to graph the temperatures (polled via SNMP). Every 5 minutes, when it asks for the temperature, problems occur.

I am not; I have no external polling enabled. Same exact setup as v6.

hecatae · Mon Feb 21, 2022 11:21 pm

hAP Lite TC upgraded from 6.49.2 to 7.1.3 without issue.
Usage Home AP, PPPOE router and DHCP server.

DL7JP · Mon Feb 21, 2022 11:43 pm

RB2011iL, hAP ac2, hAp from 7.1.2 to 7.1.3 no problems noticed.
I am more cautious with my RB1100AHx4 after the last update experience (firewall rules screwed up). Did any update this box?

pe1chl · Tue Feb 22, 2022 12:48 am

I think for now with every v7 update you need to do /export immediately before and immediately after, and use a "diff" tool to see what has changed and why that could be.
(sometimes there are obvious changes like re-ordering, but when a section is missing you likely need to add it again)

Rfulton · Tue Feb 22, 2022 4:26 am

PIM on ccr2004 still not working. no interface shows up as dynamic after making template.

timnis · Tue Feb 22, 2022 8:13 am

This time my CCR1009-7G-1C-1S+ entered boot loop... 😳😢
Have not seen this in a long time myself.

Same here.
Last time when I upgraded to 7.1.1 from 6.49.2 I needed to left RouterBOARD firmware to 6.49.2 because if I upgraded it to 7.1.1 it booted up but no traffic on ethernet ports.
Now upgrade from 7.1.1 to 7.1.3 entered also to boot loop... I netinstalled 7.1.3 and upgraded also RouterBOARD firmware and restored 7.1.1 backup. Atleast it has worked over night so far without problems :)

Hominidae · Tue Feb 22, 2022 9:19 am

Resurrected my first ever MT, a (now) old Hex (RB750G r2, factory FW 3.27) via upgrade channel 👌

han · Tue Feb 22, 2022 10:11 am

Nice to see that such a fossil still gets updates!

Just a pity that the hardware is so outdated that I have no clue what to do today with such old hardware...

Hominidae · Tue Feb 22, 2022 10:20 am

...currently using it as a switch down in the cellar, with PoE-in, in front of my EV-Wallbox and garden AP.
But now I am sure I could even use it as a semi-hot spare (did that in the past with v6), should my RB4011 go down...it would limp along at 30-80Mbps on my 1G Internet, but still I'd get along until replacement arrives.....

kwagga · Tue Feb 22, 2022 10:40 am

Hi,

Upgrading from 6.48.x to 7.1.x - NTP client not working... stuck on waiting.

seems others also having the same issue. viewtopic.php?p=914714

screenshot.2022-02-22 (3).png

I have checked my clock and it's the same as ever:

time: 10:37:31
date: feb/22/2022
time-zone-autodetect: no
time-zone-name: Africa/Johannesburg
gmt-offset: +02:00
dst-active: no

I did notice after the upgrade bootup was at 1970, but never recovered.

Any advice?

I haven't tried resetting the config as this is a production router.

b10up · Tue Feb 22, 2022 10:46 am

BGP stopped working for me after upgrading to 7.1.3

Update: Just had to disable, then re-enable the ip address ranges in firewall/address list.

maaathieu · Tue Feb 22, 2022 10:47 am

I already tried that, but that does not work either. I also tried to remove all the rules and recreate them, it does not work.
It's only the "bgp-communities includes 65332:888" part that does not work. If I change that for "gw == a.b.c.d", then the rule works.

Mathieu

this simple routing rule still does not work:
Code: Select all
 0   chain=cymru-in rule="if ( bgp-communities includes 65332:888 ) { accept } else { reject }"
For me such rules do work OK. I would advise trying to put the community in a community list and then reference that in the rule.
The syntax for that is [[:name:]] (instead of 65332:888).
It fixed the problem for me when matching AS number.

kwagga · Tue Feb 22, 2022 10:52 am

Hi,

Upgrading from 6.48.x to 7.1.x - NTP client not working... stuck on waiting.

seems others also having the same issue. viewtopic.php?p=914714

screenshot.2022-02-22 (3).png

I have checked my clock and it's the same as ever:

time: 10:37:31
date: feb/22/2022
time-zone-autodetect: no
time-zone-name: Africa/Johannesburg
gmt-offset: +02:00
dst-active: no
I did notice after the upgrade bootup was at 1970, but never recovered.

Any advice?

I haven't tried resetting the config as this is a production router.

NTP debug not helping:

screenshot.2022-02-22 (4).png

pe1chl · Tue Feb 22, 2022 11:08 am

After upgrade from 7.1.2 my ipsec lost its identities.

I have that problem at every reboot, including the reboot required to do an upgrade.

pe1chl · Tue Feb 22, 2022 11:14 am

I already tried that, but that does not work either. I also tried to remove all the rules and recreate them, it does not work.
It's only the "bgp-communities includes 65332:888" part that does not work. If I change that for "gw == a.b.c.d", then the rule works.

I am at 7.2rc3 already so I am not going to test with 7.1.3 but in 7.1 and 7.1.1 these filters worked OK for me (and so they do in 7.2rc3).
I had some issues with numbers that were handled wrongly because of signed-unsigned mixup (so in that case 65532 would be handled as -4) and could fix that via the list workaround.
But that was for AS number, not community value, and in fact I am using community values that would be affected by such a bug.
So it apparently is something else. Unclear what.

pe1chl · Tue Feb 22, 2022 11:22 am

I did notice after the upgrade bootup was at 1970, but never recovered.

I think it is a bug with upgrade v6->v7. My theory is like this:
The MikroTik devices do not have a real time clock. What you normally see is a counter that counts timer interrupts, but it is not battery backed up.
Similar to the situation in a Raspberry Pi. Like that device, the current time is regularly stored in a file. So when the system reboots, it can start off where it last was.
In the Raspberry Pi there is a dedicated file for this, but in RouterOS they use the "configuration database", the binary file that holds all your configuration.
At startup the system reads the timestamp of that file and puts it as start value into the clock, and NTP then corrects that time.

However this configuration database is different between v6 and v7. When you first boot v7, the database does not exist and the time setting fails, time is now 1-1-1970 00:00 UTC.
Then, the "crossfig" program is started to convert the v6 database to a new v7 database and that is then used by the running system.
But everything the system does during this phase (e.g. converting items) is all timestamped 1970...

Now the time has to make a big jump, and NTP is always reluctant to do that. When it does not work at the first try it tends to give up on it.
It may depend on your network connection if this is going to work.
I would recommend to manually set the time to nearly OK and then check if NTP now attempts to sync it.

And hopefully MikroTik at some point revise the first boot v7 procedure to set the time from the v6 database that is being converted (e.g. inside the crossfig program).

pe1chl · Tue Feb 22, 2022 11:30 am

Apparently the refresh mechanism in BGP is still as broken as it was before (and is in 7.2rc3)...

eworm · Tue Feb 22, 2022 11:32 am

And another note on the system time... Even on a factory reset (where no v6 configuration is available for conversion) system should not start in 1970.
RouterOS knows when it was compiled, that should be considered the oldest valid date, used as fallback. (The same happens on Raspberry Pi when running a distribution with systemd.)

msatter · Tue Feb 22, 2022 11:45 am

The router can now detect a year long (or even longer) that the date is wrong.

If a recent date is taken then router does not know if that recent date is out of date or correct.

pe1chl · Tue Feb 22, 2022 11:52 am

Well I think the easy solution is to take the time from the v6 config database in the crossfig program and set the system time with that, as the first thing done.
Then all conversion actions are logged with the timestamp of the reboot just before the update, which is only a minute or so behind current time.

maaathieu · Tue Feb 22, 2022 12:55 pm

Hi pe1chl,

There's definitely something weird. I added a rule in the first place that adds the same community:

 0   chain=cymru-in rule="if (gw == a.b.c.d ) { append bgp-communities 65332:888 }"

and now the other rule works for this peer, but not the other one:

 Ab B afi=ip4 contribution=active dst-address=23.135.225.0/24 routing-table=main immediate-gw="" distance=20 scope=40 target-scope=30 belongs-to="BGP IP routes from a.b.c.d" 
       bgp.peer-cache-id=*B000004 .as-path="65332" .communities=no-export,65332:888 .atomic-aggregate=yes .origin=igp 
       debug.fwp-ptr=0x20302420 

 Fb   afi=ip4 contribution=filtered dst-address=23.135.225.0/24 routing-table=main gateway=e.f.g.h immediate-gw=x.x.x.x%ether5_832 distance=20 scope=40 target-scope=30 
       belongs-to="BGP IP routes from e.f.g.h" 
       bgp.peer-cache-id=*B000001 .as-path="65332" .communities=65332:888,no-export .atomic-aggregate=yes .origin=igp 
       debug.fwp-ptr=0x203023C0

Small bug, or maybe it's a feature: if, when changing a rule, I forget the endind double quote, for example

set 1 rule="if ( bgp-communities includes 65332:888 ) { set blackhole yes; accept;} else { reject;}

then I have no error, but the rule is empty

I already tried that, but that does not work either. I also tried to remove all the rules and recreate them, it does not work.
It's only the "bgp-communities includes 65332:888" part that does not work. If I change that for "gw == a.b.c.d", then the rule works.
I am at 7.2rc3 already so I am not going to test with 7.1.3 but in 7.1 and 7.1.1 these filters worked OK for me (and so they do in 7.2rc3).
I had some issues with numbers that were handled wrongly because of signed-unsigned mixup (so in that case 65532 would be handled as -4) and could fix that via the list workaround.
But that was for AS number, not community value, and in fact I am using community values that would be affected by such a bug.
So it apparently is something else. Unclear what.

savage · Tue Feb 22, 2022 1:19 pm

Hi,

Upgrading from 6.48.x to 7.1.x - NTP client not working... stuck on waiting.

Works fine here...

eworm · Tue Feb 22, 2022 1:25 pm

Have seen this as well. Disabling and enabling the NTP client helped here.

kwagga · Tue Feb 22, 2022 1:26 pm

I did notice after the upgrade bootup was at 1970, but never recovered.
I think it is a bug with upgrade v6->v7. My theory is like this:
The MikroTik devices do not have a real time clock. What you normally see is a counter that counts timer interrupts, but it is not battery backed up.
Similar to the situation in a Raspberry Pi. Like that device, the current time is regularly stored in a file. So when the system reboots, it can start off where it last was.
In the Raspberry Pi there is a dedicated file for this, but in RouterOS they use the "configuration database", the binary file that holds all your configuration.
At startup the system reads the timestamp of that file and puts it as start value into the clock, and NTP then corrects that time.

However this configuration database is different between v6 and v7. When you first boot v7, the database does not exist and the time setting fails, time is now 1-1-1970 00:00 UTC.
Then, the "crossfig" program is started to convert the v6 database to a new v7 database and that is then used by the running system.
But everything the system does during this phase (e.g. converting items) is all timestamped 1970...

Now the time has to make a big jump, and NTP is always reluctant to do that. When it does not work at the first try it tends to give up on it.
It may depend on your network connection if this is going to work.
I would recommend to manually set the time to nearly OK and then check if NTP now attempts to sync it.

And hopefully MikroTik at some point revise the first boot v7 procedure to set the time from the v6 database that is being converted (e.g. inside the crossfig program).

Detailed - thanks!
I did manually set the time to about 30 second accuracy but alas NTP still refused to update.

pe1chl · Tue Feb 22, 2022 2:05 pm

Hi pe1chl,

There's definitely something weird. I added a rule in the first place that adds the same community:
Code: Select all
 0   chain=cymru-in rule="if (gw == a.b.c.d ) { append bgp-communities 65332:888 }"
and now the other rule works for this peer, but not the other one:

In that case the 65332:888 community probably is not there...
Try tracing the BGP link using Packet Sniffer (filter with TCP port 179), save to file and examine using wireshark to see what is going on.

pe1chl · Tue Feb 22, 2022 2:06 pm

Have seen this as well. Disabling and enabling the NTP client helped here.

That is what I am expecting... NTP clients often take a big jump on the first request but not on later ones. So when the first request after boot does not get answered because first some link has to be established, it cannot make a large correction as required to recover from date 1-1-1970.

zapata · Tue Feb 22, 2022 2:26 pm

What happened to "arm - fixed "shutdown" command on hAP ac^2;"? Do we have to wait for 7.2?

Tue Feb 22, 2022 2:47 pm

Kindis, eworm, timnis - currently we have not managed to reproduce such an issue, however, we are trying to gather information in order to find a root cause of the problem. Most likely the issue is related to the version from which the router is upgraded, not the version to which it is upgraded;
mafiosa, ormandj, egaspy, Rfulton, kwagga - Please provide supout file from the problematic router to support@mikrotik.com
borr, madejson, donline - Thank you for the report. We will look into this and try to resolve the problem in upcoming releases.
buset1974 - We are working on this all the time. Fixes and improvements are on their way.
mafiosa, pe1chl - Issue reported, we will try to resolve this problem as soon as possible.
dakkonsoulblade - We will look into this and try to see if there is anything we can do about this. Meanwhile please send console output to support@mikrotik.com.
wanarta - What exactly happened with configuration? Part of it is lost? Which part?
b10up, konradk, pe1chl - Seems like this routing problem is a known issue, we have already managed to reproduce it and will resolve it as soon as possible.
zapata - Do you mean that it is not working properly for you?

Kindis · Tue Feb 22, 2022 2:53 pm

@strods: Many thanks! I run 7.1.1 and will try to upgrade tonight to see what happens. I will create supout files before just in case I need to create a case.

emils · Tue Feb 22, 2022 2:53 pm

*) wireguard - fixed IPv6 traffic processing with multiple peers;
still only one peer can use ipv6, not fixed

Works for me. Please double check your configuration.

zapata · Tue Feb 22, 2022 3:52 pm

zapata - Do you mean that it is not working properly for you?

No. I am using 7.1.3 and my hAP ac² always reboots when I try to shut it down. I haven't tested 7.2rc[23] yet.

pe1chl · Tue Feb 22, 2022 3:56 pm

Kindis, eworm, timnis - currently we have not managed to reproduce such an issue, however, we are trying to gather information in order to find a root cause of the problem. Most likely the issue is related to the version from which the router is upgraded, not the version to which it is upgraded;

Are there still remaining issues where upgrading from an earlier version creates invisible internal problems that can be fixed by netinstall and configuring from scratch?
E.g. is the bootloop issue, or the repeated loss of a section of the configuration, such an issue?
Is there any indication that these issues can and will be fixed in a future update?
It can be better for users to know that some things probably will never be fixed and that the way to get rid of them is to netinstall instead of update. Then at least we can prepare for it.

ormandj · Tue Feb 22, 2022 3:58 pm

Kindis, eworm, timnis - currently we have not managed to reproduce such an issue, however, we are trying to gather information in order to find a root cause of the problem. Most likely the issue is related to the version from which the router is upgraded, not the version to which it is upgraded;
mafiosa, ormandj, egaspy, Rfulton, kwagga - Please provide supout file from the problematic router to support@mikrotik.com
borr, madejson, donline - Thank you for the report. We will look into this and try to resolve the problem in upcoming releases.
buset1974 - We are working on this all the time. Fixes and improvements are on their way.
mafiosa, pe1chl - Issue reported, we will try to resolve this problem as soon as possible.
dakkonsoulblade - We will look into this and try to see if there is anything we can do about this. Meanwhile please send console output to support@mikrotik.com.
wanarta - What exactly happened with configuration? Part of it is lost? Which part?
b10up, konradk, pe1chl - Seems like this routing problem is a known issue, we have already managed to reproduce it and will resolve it as soon as possible.
zapata - Do you mean that it is not working properly for you?

I already have a ticket open, and have not seen any updates since Dec. 23: SUP-68278 which includes a supout file. I will add another one to it. Do you mind reviewing this?

ormandj · Tue Feb 22, 2022 4:03 pm

@strods @emils

Screen Shot 2022-02-22 at 08.01.47.png

The initial report (not in screenshot) has all of the details of my configuration to include model numbers of device(s) and SFP+s, as well as a full history of the issue.

SUP-68278

Kindis · Tue Feb 22, 2022 4:20 pm

Kindis, eworm, timnis - currently we have not managed to reproduce such an issue, however, we are trying to gather information in order to find a root cause of the problem. Most likely the issue is related to the version from which the router is upgraded, not the version to which it is upgraded;
Are there still remaining issues where upgrading from an earlier version creates invisible internal problems that can be fixed by netinstall and configuring from scratch?
E.g. is the bootloop issue, or the repeated loss of a section of the configuration, such an issue?
Is there any indication that these issues can and will be fixed in a future update?
It can be better for users to know that some things probably will never be fixed and that the way to get rid of them is to netinstall instead of update. Then at least we can prepare for it.

Reading the forum, which may or may not represent the truth :-), indicates that the firmware have been the issue not the ROS so I'm not 100 % sure. Upgrade path to v7 have been more or less smooth for me apart for a few hiccups with OSPF that where 100 % my fault! I will upgrade both ROS and firmware on a 3011 tonight and report back. Upgrade path for me will be 7.1.1 to 7.1.3.
Should add that I have a confirmed bug when importing large volume of addresses into address list. On all my devices this works well but the 3011 fails to import. When the address list goes beyond 60 000 addresses the import fails, console crash. Issue reproduced and will be fixed according to info in the ticket.

Tue Feb 22, 2022 4:22 pm

zapata - Do you mean that it is not working properly for you?
No. I am using 7.1.3 and my hAP ac² always reboots when I try to shut it down. I haven't tested 7.2rc[23] yet.

It works on 7.2c3 and Hap AC2.
Tried it myself yesterday.

pe1chl · Tue Feb 22, 2022 4:43 pm

Reading the forum, which may or may not represent the truth :-), indicates that the firmware have been the issue not the ROS so I'm not 100 % sure. Upgrade path to v7 have been more or less smooth for me apart for a few hiccups with OSPF that where 100 % my fault!

Well, in my message I am not as much referring to issues in v7 that are the same for everyone.
What I mean is that there appear to be issues that depend on the upgrade path. Issues that cannot be found in the /export. So they can be fixed by netinstall and import of the same /export.
My question is: is that true or not, and is that going to be fixed or not.
This is completely separate from issues in v7 that were not present in v6 (of which there of course are several, especially in BGP. I do not know about OSPF as I do not use it)

pe1chl · Tue Feb 22, 2022 4:51 pm

I already have a ticket open, and have not seen any updates since Dec. 23: SUP-68278 which includes a supout file. I will add another one to it. Do you mind reviewing this?

Well you are lucky that your ticket is still open! I had ticket SUP-64360 open and later got confirmation from others that they had the same issue and also had a ticket open, but on Feb 11 it got closed with message "Your request status changed to Closed with resolution Done." without any info about what was done. So is this resolved, and if so in what version? Not in the current development version 7.2rc3, I can tell. But it was released on Jan 28, so that could be.
So is it resolved in 7.1.3 which was also released on that same Feb 11 date? I don't think I see it mentioned in the What's new list... and usually fixes appear in the development version before they appear in Stable.
I guess I need to "downgrade" to know...

npeca75 · Tue Feb 22, 2022 5:00 pm

Almost working ...
CHR 7.1.3
only 'OID not increasing' error left to be polished. nice, nice !!!

SNMP['/usr/bin/snmpbulkwalk' '-M' '/opt/librenms/mibs:/opt/librenms/mibs/mikrotik' '-v2c' '-c' 'COMMUNITY' '-OQXUte' 'udp:HOSTNAME:161' 'IPV6-MIB::ipv6RouteTable']

Exitcode: 1 ["Error: OID not increasing: IPV6-MIB::ipv6RouteDest[fd00:1:255:0:0:0:6:0][120][538194220]\n >= IPV6-MIB::ipv6RouteDest[fd00:1:255:0:0:0:6:0][120][538194220]\n\n"]

IPV6-MIB::ipv6RouteDest[2000:0:0:0:0:0:0:0][3][2147483657] = 2000:0:0:0:0:0:0:0
IPV6-MIB::ipv6RouteDest[2a00:3300:1000:1f00:0:0:0:0][64][538193932] = 2a00:3300:1000:1f00:0:0:0:0
IPV6-MIB::ipv6RouteDest[2a00:3300:2000:21:0:0:0:0][64][538194124] = 2a00:3300:2000:21:0:0:0:0
IPV6-MIB::ipv6RouteDest[2a00:3300:2000:22:0:0:0:0][64][538194148] = 2a00:3300:2000:22:0:0:0:0
IPV6-MIB::ipv6RouteDest[fd00:0:0:0:0:0:0:0][14][2147483658] = fd00:0:0:0:0:0:0:0
IPV6-MIB::ipv6RouteDest[fd00:1:1:0:0:0:0:0][64][538194184] = fd00:1:1:0:0:0:0:0

eworm · Tue Feb 22, 2022 5:20 pm

Kindis, eworm, timnis - currently we have not managed to reproduce such an issue, however, we are trying to gather information in order to find a root cause of the problem. Most likely the issue is related to the version from which the router is upgraded, not the version to which it is upgraded;

My device was running RouterOS 7.1.2 with firmware 7.1.1 active (and firmware 7.1.2 pending a reboot) when I installed the update.

All my other devices did not suffer any show stopper issues. I did all the upgrades (6.49.2 -> 7.1 -> 7.1.1 -> 7.1.2 -> 7.1.3) with auto-upgrade for firmware enabled.

pe1chl · Tue Feb 22, 2022 5:30 pm

Almost working ...
CHR 7.1.3
only 'OID not increasing' error left to be polished. nice, nice !!!

This problem has been in RouterOS for ages, but you can work around it by passing the option -Cc to the snmpwalk call.

dg1kwa · Tue Feb 22, 2022 6:03 pm

DOM/DDM still not working on RB760iGS. With old ROS it was fine :(

Bildschirmfoto vom 2022-02-22 17-01-23.png

maaathieu · Tue Feb 22, 2022 6:11 pm

Hi pe1chl,

There's definitely something weird. I added a rule in the first place that adds the same community:
Code: Select all
 0   chain=cymru-in rule="if (gw == a.b.c.d ) { append bgp-communities 65332:888 }"
and now the other rule works for this peer, but not the other one:
In that case the 65332:888 community probably is not there...
Try tracing the BGP link using Packet Sniffer (filter with TCP port 179), save to file and examine using wireshark to see what is going on.

I made a capture, and the community is really here, see this screenshot:

Capture d’écran de 2022-02-22 17-07-54.png

npeca75 · Tue Feb 22, 2022 8:00 pm

Almost working ...
CHR 7.1.3
only 'OID not increasing' error left to be polished. nice, nice !!!
This problem has been in RouterOS for ages, but you can work around it by passing the option -Cc to the snmpwalk call.

will wait for next release ...
if there is no fix, well, i need to send PR to LibreNMS

TheRealJLH · Tue Feb 22, 2022 8:04 pm

Are you sure you applied the chain to the input.filter on the connection to the peer?

I already tried that, but that does not work either. I also tried to remove all the rules and recreate them, it does not work.
It's only the "bgp-communities includes 65332:888" part that does not work. If I change that for "gw == a.b.c.d", then the rule works.

Mathieu

For me such rules do work OK. I would advise trying to put the community in a community list and then reference that in the rule.
The syntax for that is [[:name:]] (instead of 65332:888).
It fixed the problem for me when matching AS number.

DL7JP · Tue Feb 22, 2022 8:29 pm

I am more cautious with my RB1100AHx4 after the last update experience (firewall rules screwed up). Did any update this box?

I was brave enough to give it a try: Seems fine, no issues so far with the RB1100AH. Also CRS125-24G updated with no issues.

Kindis · Tue Feb 22, 2022 8:48 pm

Ok so I have upgraded two 3011 now. One acting as redundancy unit for WAN and the second one as a redundancy LAN router, so totally different config between them.
All went well. Both ROS upgrade and firmware upgrade. Upgraded from 7.1.1 (both ROS and firmware).
So it is possible to upgrade a 3011 without bricking it :-)

BrateloSlava · Tue Feb 22, 2022 9:17 pm

RB4011iGS+. Cpu speed not showing after update from 7.1.2 to 7.1.3.
Other my device:

RBD53iG-5HacD2HnD (hAP ac3)

RB951G-2HnD

RB2011UiAS

RB2011UiAS-2HnD

RBcAPGi-5acD2nD (cAP ac)

RBD52G-5HacD2HnD (hAP ac2)

RB951Ui-2HnD

RB750Gr3 (hEX)

CCR1016-12G

RB3011UiAS-RM

look good after update

andrewe02000 · Tue Feb 22, 2022 9:20 pm

How do we aggregate routes in bgp now?

pe1chl · Tue Feb 22, 2022 9:53 pm

How do we aggregate routes in bgp now?

We don't.

fruel · Tue Feb 22, 2022 10:44 pm

*) wireguard - fixed IPv6 traffic processing with multiple peers;

Not fixed for me. See config example in viewtopic.php?t=180482#p914923

gisunms · Tue Feb 22, 2022 11:52 pm

x86 on Dell R720 with Broadcom sfp+
transceivers are not getting up

nexusds · Wed Feb 23, 2022 6:41 am

NTP Client works, just not right away. leave it and check back

nexusds · Wed Feb 23, 2022 6:43 am

IPv6 DHCP Client
must disable default gateway if getting DHCP over a PPPoE connection or you have two gateways
must enable default gateway if getting DHCP over Ethernet, VLAN, Bridge or EoIP etc. or you get no gateway

poirus · Wed Feb 23, 2022 7:42 am

Upgrading to 7.1.3 on RB1100AHx4 removed some of the device configuration. Lost part of the firewall, nat, mangle, static dhcp and other. This is beginning to threaten the functioning of the networks. The situation is simply catastrophic. The situation has not changed for last half year, RouterOS 7 is not working and has a huge number of bugs. Support is playing guess what release candidate will help, but there is no result.

Wed Feb 23, 2022 8:46 am

zapata - The shutdown command is working properly for us. Can you please provide supout file to support@mikrotik.com that would be generated after you did execute this command but the router actually did a reboot, not a shutdown?
pe1chl, eworm - There are no known issue regarding the upgrade process. Yes, it seems that there might be. an issue which we are trying to find out, however, at the moment we are upgrading routers in different scenarios without any problems. We are looking for the cause of it.
ormandj - We are trying to process all of the support tickets as soon as possible.
npeca75, pe1chl - SNMP issue reported, we will try to resolve it as soon as possible.
edupre - There are no changeable values under the settings menu for this model device. We will remove this menu from GUI in upcoming releases.
dg1kwa - We have managed to reproduce this problem. We will try to resolve it as soon as possible.
BrateloSlava - What do you mean by "CPU speed"? Do you refer to CPU usage under SYstem/Resources menu?
gisunms - Please provide supout file from this device to support@mikrotik.com.
nexusds - This seems to be an issue that we have managed to reproduce. We will try to resolve it as soon as possible.
poirus - From which version did you upgrade? Do you have a configuration export? If you import it back on the previous version and try to upgrade once more, does the same thing happen?

pothi · Wed Feb 23, 2022 9:25 am

Upgraded hAP ac² from 7.1.1 to this (skipping the previous version). So far so good.

Dude2048 · Wed Feb 23, 2022 10:53 am

How do we aggregate routes in bgp now?

With a filter. There’s an example in the help, but not quite the answer. You have to change that one.

dadaniel · Wed Feb 23, 2022 11:01 am

export is missing wireless security profiles details like PSK keys. In v6 export is working as expected

BrateloSlava · Wed Feb 23, 2022 11:02 am

strods

BrateloSlava - What do you mean by "CPU speed"? Do you refer to CPU usage under SYstem/Resources menu?

I talk about this: System->RouterBOARD->Settings->CPU freq (missing on 4011, after update)

maaathieu · Wed Feb 23, 2022 11:20 am

Are you sure you applied the chain to the input.filter on the connection to the peer?

I already tried that, but that does not work either. I also tried to remove all the rules and recreate them, it does not work.
It's only the "bgp-communities includes 65332:888" part that does not work. If I change that for "gw == a.b.c.d", then the rule works.

Mathieu

yes:

input.procid=20 .filter=cymru-in ebgp

Wed Feb 23, 2022 11:34 am

dadaniel - Use show-sensitive option on export command.
BrateloSlava - We will try to resolve this problem as soon as possible.

Wed Feb 23, 2022 11:43 am

export is missing wireless security profiles details like PSK keys. In v6 export is working as expected

Default behavior has changed from show-sensitive to hide-sensitive from ROS6 to ROS7.

mada3k · Wed Feb 23, 2022 12:15 pm

All routes in WebFig doesn't show up.

leosedf · Wed Feb 23, 2022 2:08 pm

LTEAp kit (mmips) 7.1.3 the LTE interface is not even shown and when i set it to LTE AP or anything with LTE i get "interface not ready"
When i go to 7.1 Long term it works fine.

Thnx

sebasGST · Wed Feb 23, 2022 3:04 pm

Upgrade my devices, all working property, but, what is (xxxus) after (xxms) ping? i never seen that before upgrade. Thanks

memelchenkov · Wed Feb 23, 2022 3:12 pm

Upgrade my devices, all working property, but, what is (xxxus) after (xxms) ping? i never seen that before upgrade. Thanks

Microseconds (μs).

sebasGST · Wed Feb 23, 2022 3:18 pm

Upgrade my devices, all working property, but, what is (xxxus) after (xxms) ping? i never seen that before upgrade. Thanks
Microseconds (μs).

Oh, thank you so much!, its possibe to disable or remove? thanks

memelchenkov · Wed Feb 23, 2022 3:30 pm

Oh, thank you so much!, its possibe to disable or remove? thanks

I doubt.

Jotne · Wed Feb 23, 2022 5:17 pm

Oh, thank you so much!, its possibe to disable or remove? thanks

Why?

PSz · Wed Feb 23, 2022 7:00 pm

RB3011UiAS update from 7.1.2 to 7.1.3 OK, but upgrade firmware from 7.1.2 to 7.1.3 took a long time, I thought again bootloop. After ~4 min, router work again, but shows in log error...

borr · Wed Feb 23, 2022 7:04 pm

still only one peer can use ipv6, not fixed
Works for me. Please double check your configuration.

/ipv6 address
add address=fd02:28::1 interface=lo1
add address=fd02:29::1 interface=ep1

/ipv6 route
add disabled=no distance=1 dst-address=/0 gateway=fd03:1337::1 scope=30 target-scope=10
add disabled=no distance=1 dst-address=2000::/3 gateway=njalla scope=30 target-scope=10

/interface wireguard
add listen-port=51820 mtu=1420 name=ep1

/interface wireguard peers
add allowed-address=10.2.9.2/32,fd02:29::2/128 interface=ep1 public-key="NFxnCJgrsp/o87nTEXlfyfYdzy5RpD7Ysdx0jzcpwGU="
add allowed-address=10.2.9.3/32,fd02:29::3/128 interface=ep1 public-key="00ka4gYSojyUJuZipcmh/AYJwAQn2gKs/5QGZe4b2E4="
add allowed-address=10.2.9.4/32,fd02:29::4/128 interface=ep1 public-key="OKp0T9mnMi6uM2UO1T6u+Kzns9ylDAQHItTuC+zfwEQ="
add allowed-address=10.2.9.5/32,fd02:29::5/128 interface=ep1 public-key="eD+4f2PefzL3TakT7afLzxinHrEB06Y92jfbtWy+z1I="
add allowed-address=10.2.9.6/32,fd02:29::6/128 interface=ep1 public-key="tpkpl9xSDZL96SPmEawAi32Y2NRvDQYjOt+dAG1XOQQ="
add allowed-address=10.2.9.7/32,fd02:29::7/128 interface=ep1 public-key="URQWbJaNgjGDvBr0aXRk+7lfBQpRRPx3bA5+308tpyg="
add allowed-address=10.2.9.8/32,fd02:29::8/128 interface=ep1 public-key="Grbg3TtJ4YrGu4Lzi75SWuArWriJWqrgnAd2kZn4HXI="

/ipv6 firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=njalla src-address-list=njalla

/ipv6 firewall address-list
add address=fd02:28::/64 list=njalla
add address=fd02:29::/64 list=njalla

And if I want ipv6 connectivity for any of these peers I have to choose one and reenter ipv6 address for that peer (from console or from winbox) and only then my selected peer will use ipv6. Checked on 7.2rc4 with same results, I have to reenter ipv6 address for selected peer.

mhugo · Wed Feb 23, 2022 8:46 pm

OSPF dident work on new unit with 7.1.3 - Downgraded to 7.1.2 and same worked.

Patrinus · Wed Feb 23, 2022 10:15 pm

UPnP Service crashes after a few Minutes on my CCR1036-8G-2S+
Only a Reboot helps.
Router is not discoverable by upnp clients.
Have this Problem on LongTerm 7.1 and Stable 7.1.3

Have a nice day

BrateloSlava · Wed Feb 23, 2022 10:48 pm

RB951Ui-2HnD
Strange problem. I'm try to disable some service ports.

Screenshot_udplite.png

Screenshot_sctp.png

Screenshot_dccp.png

Znevna · Wed Feb 23, 2022 11:32 pm

How are those service ports?

ksteink · Thu Feb 24, 2022 12:26 am

I have upgraded one hAP AC2 to ROS to ver 7.1.3 and I cannot see the content of any window when connect via Winbox or WebFig

After few seconds I get disconnected BUT if I do a connection via SSH it works

Any ideas?

PSz · Thu Feb 24, 2022 1:12 am

Where do all these problems come from, what is happening? there has never been a problem with version 6. I'm afraid to update other devices because they may not start.

Cray · Thu Feb 24, 2022 2:19 am

Does v7.1.3 give us working IPSec site-to-site tunneling between two ROS 7 devices?

Previous v7 releases stop routing traffic between two ROS7 devices after 10-15 seconds of establishing site-to-site tunnel. Tunnels work if either end is v6.x device though.

Can anyone confirm improvement in v7.1.3 IPSec?

DL7JP · Thu Feb 24, 2022 2:59 am

Upgrading to 7.1.3 on RB1100AHx4 removed some of the device configuration. Lost part of the firewall, nat, mangle, static dhcp and other. This is beginning to threaten the functioning of the networks. The situation is simply catastrophic. The situation has not changed for last half year, RouterOS 7 is not working and has a huge number of bugs. Support is playing guess what release candidate will help, but there is no result.

Quite accurate description. Upgrading from 6.x to 7.x is an experiment that I would not risk in a production environment. We use Mikrotik routers since more than a decade in an amateur radio envorinment at https://hamnetdb.net/?m=as&q=db0hup and even there we will not upgrade to 7.x. I haven't seen such a mess with upgrading before, not exactly a success story.

timnis · Thu Feb 24, 2022 9:38 am

Kindis, eworm, timnis - currently we have not managed to reproduce such an issue, however, we are trying to gather information in order to find a root cause of the problem. Most likely the issue is related to the version from which the router is upgraded, not the version to which it is upgraded;
My device was running RouterOS 7.1.2 with firmware 7.1.1 active (and firmware 7.1.2 pending a reboot) when I installed the update.

All my other devices did not suffer any show stopper issues. I did all the upgrades (6.49.2 -> 7.1 -> 7.1.1 -> 7.1.2 -> 7.1.3) with auto-upgrade for firmware enabled.

Yesterday I upgraded RB3011 from 7.1.2 to 7.1.3 and it also ended to boot loop. Not sure which firmware there was installed, but in serial port console it was saying version "7". After netinstall I also updated firmware to 7.1.3 and it also shows version "7.1.3" on serial port console. So could this version "7" firmware cause the problem?

rpingar · Thu Feb 24, 2022 10:45 am

issue related to [SUP-67221], icmp stop working on x86 and chr with connectx-5 mellanox cards after 36/48 horus of functioning.
ticket updated
regards

AshuGite · Thu Feb 24, 2022 10:56 am

CCR2004-16g-2s+ switch chip Flapping issue still there..

elbob2002 · Thu Feb 24, 2022 12:30 pm

Two CRS-125 - Port flapping on both.

Downgraded both to 7.1.2 left one on Firmware 7.1.3 and the other downgraded to Firmware 7.1.2

Switch with Firmware 7.1.3 still had port flapping.

Now have both on ROS 7.1.2 and Firmware 7.1.2 and no more port flapping.

mcskiller · Thu Feb 24, 2022 3:32 pm

Update rb4011 from 6.49 to 7.1.3.
everything works fine, only 1 "extrange" problem, i have 2-5% cpu usage at all times doing nothing.

pe1chl · Thu Feb 24, 2022 4:05 pm

Update rb4011 from 6.49 to 7.1.3.
everything works fine, only 1 problem, i have 2-5% cpu usage at all times doing nothing.

Well, if that is the worst of your "problem"s... I guess you should be able to live with that.

Hejsan · Thu Feb 24, 2022 9:58 pm

Upgraded my RB951G-2HnD, RB2011UiAS-iN, RB3011UiAS-RM, RB1100AHx4 and hAP AC to RouterOS v7.1.3... So far, no issues. Also, didn't have any issues with v7.1, v7.1.1 and v7.1.2

CZFan · Thu Feb 24, 2022 11:24 pm

Oh, thank you so much!, its possibe to disable or remove? thanks
Why?

Proof again you can't please all, everytime

andrewe02000 · Thu Feb 24, 2022 11:51 pm

How do we aggregate routes in bgp now?
We don't.

I see that blackhole routes in the main table can be used to allow BGP to announce networks in bgp-networks list. Is that the best way so far or are there other ways or one that is less cumbersome? Any downsides to using BH routes to accomplish this?

avaz · Fri Feb 25, 2022 12:16 pm

After upgrading to 7.1.3 I noticed on my RB2011UiAS equipment

High consumption of CPU verified, that this consumption comes from the "LCD", almost 10% of CPU for the LCD?

pe1chl · Fri Feb 25, 2022 12:28 pm

I see that blackhole routes in the main table can be used to allow BGP to announce networks in bgp-networks list. Is that the best way so far or are there other ways or one that is less cumbersome? Any downsides to using BH routes to accomplish this?

That is an interesting suggestion... that could be a workaround for us as well (we use aggregation for a large number of tunnels terminated at a single router).
At the moment v7 does not support aggregation, and worse: it also does not corectly handle the forwarding of aggregated routes originating from a v6 router further downstream.
But just advertising a dummy blackhole route should be possible...
In other use cases, maybe not.

zapata · Fri Feb 25, 2022 2:15 pm

zapata - Do you mean that it is not working properly for you?
No. I am using 7.1.3 and my hAP ac² always reboots when I try to shut it down. I haven't tested 7.2rc[23] yet.

Power-off is only fixed in >= 7.2rc2. I am running testing branch until 7.2 (stable) is out. Thanks.

pe1chl · Fri Feb 25, 2022 2:21 pm

Hi.

There is a lot of problems with Guest network. Same pass for Guest and private network? And than, guest pass become SSID for 2,4 GHz network. WTF

And also a lot of problems with scheduler. Not work properly. 7.x.x is total mess.

Device: RB4011.

That sounds like a mistake in your configuration.

akarpas · Fri Feb 25, 2022 2:30 pm

SD card still doesnt work on my CCR1009-7G-1C-1S+

osc86 · Fri Feb 25, 2022 4:46 pm

sounds like you use the same security profile on both interfaces

benlg · Fri Feb 25, 2022 4:51 pm

Face this 7.2rc4 issue in 7.1.3 :
viewtopic.php?t=183548#p915588

Edit :

[admin@MikroTik] > /ip/firewall/service-port/disable dccp 
failure: module dccp is built-in and cannot be individually disabled
[admin@MikroTik] > /ip/firewall/service-port/disable sctp 
failure: module sctp is built-in and cannot be individually disabled
[admin@MikroTik] > /ip/firewall/service-port/disable udplite 
failure: module udplite is built-in and cannot be individually disabled

SUP-75572 created accordingly.

The kernel does not allow them to be turned off, according to MikroTik support.
Thank U !

benlg · Fri Feb 25, 2022 4:59 pm

Face this 7.2rc4 issue in 7.1.3 :
viewtopic.php?p=915589#p915589

Edit :

Strange issue on RB5009 where the following rule does not handle the related ARP traffic :
Code: Select all
/interface ethernet switch rule add dst-address=192.168.192.200/32 new-vlan-id=100 ports=ether2 switch=switch1
No issue on (for example) CRS317.
SUP-74646 created accordingly.

Finally, RB5009 switch chip is simply not able to handle dst-address related ARP traffic, while CRS317 has more advanced switch features, and so properly handles it.
Thank you for the explanation MikroTik support !

qatar2022 · Sat Feb 26, 2022 10:19 am

i upgrade my all mikrotik devices with 7.1.2 and 7.1.3 and a get an port flap issue so i decided to downgrade to 7.1.1 i thing 7.1.1 the most stable

smyrosnik · Sat Feb 26, 2022 7:29 pm

Does v7.1.3 give us working IPSec site-to-site tunneling between two ROS 7 devices?

Previous v7 releases stop routing traffic between two ROS7 devices after 10-15 seconds of establishing site-to-site tunnel. Tunnels work if either end is v6.x device though.

Can anyone confirm improvement in v7.1.3 IPSec?

Installing v.7.1.3 in Hap ac2 and keeping other end (750Gr3) in v.6.4X broke my IPSEC IKEv2 too. Gre-tunnel interface didn't go up despite established connection

Reverted to v.7.1.2 all was good. Upgraded other end too to v.7.1.2 everything working good with Ipsec over gre tunnel IKE v2 and authentication with certificates.

SITE - TO - SITE - Wireguard (Mikrotik)
Tried Wireguard in both ends with v.7.1.2 site to site doesn't work. Not even a sinlge packet is transmitted. Followed every single guide found (even from help.mikrotik.com)

SITE - TO - ROAD WARIOR - Wireguard (Mikrotik - Android/iOS)
Tried exact same configuration (public keys etc.) with road warrior clients and it works flawlessly.

Maybe is something wrong with the implemantation.

Sat Feb 26, 2022 8:29 pm

Wireguard is working since the very first version of ROS7.
So it must be something in your config.

Start a new thread, provide all required details and export of config.

smyrosnik · Sun Feb 27, 2022 4:24 pm

Wireguard is working since the very first version of ROS7.
So it must be something in your config.

Start a new thread, provide all required details and export of config.

For IPSec I found this viewtopic.php?t=176522

Mikrotik has a Mik-only keepalive mechanism, so try disabling that.

Disabling keep alive in Gre-Tunnel Interface was all it needed to have Gre-Tunnel up on both sides with v.7.1.2 and .v7.1.3. Though still no IP Sec connectivity. Will research more.
In v6.4X had no problem with that option enabled

As of Wireguard I will try on Eve-NG a similar configuration to test and will report back.

Tporlapt · Tue Mar 01, 2022 6:06 am

IPv6 still breaks if you apply any Simple Queues. Makes it unusable for me. This has been the same since all 7.x releases and noted many times. Also, not as drastic but still annoying, the graphs URL from Webfig still fails under https.

stevekwok · Tue Mar 01, 2022 7:07 am

Is it possible upgrade to 7.1.3 from 7.1beta directly without downgrade to V6?

Thanks.

Tue Mar 01, 2022 8:05 am

Is it possible upgrade to 7.1.3 from 7.1beta directly without downgrade to V6?

Thanks.

Make backup first then try.
Normal backup and export show-sensitive.

Test and see.
Worst case you do clean config and restore from export, line by line.

There are some settings with different default going from various ros7 versions.
I have 2 devices where I needed to do this to get a specific function working again.
Zero change on the settings I made, only something different in some default.

stevekwok · Tue Mar 01, 2022 8:17 am

I upload 7.1.3 and reboot it do not upgrade.

Tue Mar 01, 2022 8:25 am

mada3k - Are you sure that all of them are missing, not just a part of them? Please write to support@mikrotik.com and send supout file from your router.
leosedf, PSz, mcskiller, avaz - Please send supout file from your router to support@mikrotik.com.
sebasGST - Simple definition from Wikipedia - "A microsecond is an SI unit of time equal to one millionth (0.000001 or 10^−6 or 1⁄1,000,000) of a second. Its symbol is μs, sometimes simplified to us when Unicode is not available. A microsecond is equal to 1000 nanoseconds or 1⁄1,000 of a millisecond.". No, it is not possible to change this behavior.
borr, elbob2002, akarpas, edupre, qatar2022, smyrosnik, smyrosnik - We will look into this.
Patrinus - Please send supout file from your router to support@mikrotik.com. We have fixed a similar problem with UPnP. However, it was fixed after this build was created.
BrateloSlava - Yes, it is not possible to disable these few helpers as explained in the error message.
ksteink - In 99% of cases like this, the problem is communication between computer and router, not the GUI itself. Is it possible that there is a packet loss un this connection?
Cray - In general, IPsec is working just fine in this version. If you still experience this problem, then please provide supout file to support@mikrotik.com from both endpoints of this IPsec connection. Make sure that files are generated after the connection was lost without any apparent reason.
AshuGite - It seems that we have managed to resolve this problem. The fix should be included in all of the upcoming releases.
starfotr - Please provide actual examples to support@mikrotik.com. Provide supout file and detailed description of what is missing after an upgrade. We have not received any complaints like this from anyone else.
benlg - What is the actual issue here?
dakkonsoulblade - Does this device have a serial port?
Tporlapt - This will be fixed in the upcoming releases.
stevekwok - Yes, it is. Why do you think that a downgrade is necessary before an upgrade?

rpingar · Tue Mar 01, 2022 8:37 am

any update about mu icmp issue with Mellanox Connnectx-5 cards in x86 and chr passthrough?
[SUP-67221]
[SUP-75619]

the older ticket is updated with supout about any new release that you release.
thanks
Ros

benlg · Tue Mar 01, 2022 8:54 am

benlg - What is the actual issue here?

I just edited my 2 posts above, got answer from your support team, many thanks Strods !

Elans · Tue Mar 01, 2022 10:40 am

I have a "PSU Fail" error in my CCR2116-12G-4S+ following this, the fans turn on and off and the system health show wrong reading. I have to restart the CCR to fix it. I wonder if the problem it hardware or firmware related. It happen sporadically and on all 7.x versions. Anyone can help with this?

@edupre
Please write to support@mikrotik.com and send supout file from your router.

Tue Mar 01, 2022 1:14 pm

elbob2002, qatar2022 - Please send supout.rif files to support@mikrotik.com from your devices and shortly describe your setup, specify connected devices.

nin · Tue Mar 01, 2022 1:29 pm

[Problem solved and not associated with the release 7.1.3. Danke Ihnen, eworm! :-)]

Hi,

my issue (basically following the official guide of NordVPN*) is this, any help would be great.

IPsec-SA expired before finishing rekey: xxx.xxx.xxx.xxx[4500]<->MYIP.MYIP.MYIP.MYIP[4500] spi=0xc8379e9a
killing ike2 SA: NordVPN-CH MYIP.MYIP.MYIP.MYIP[4500]-xxx.xxx.xxx.xxx[4500] spi:0b7b960ee824441a:ddc090a26674e5ec

I get all 30 min (lifetime in proposal) the above ipsec rekey error, killing ike2 connection.
Apart from that, 3 devices within the addr-list (16 NordVPN-local.8 192.168.8.0/24) work great.

# mar/01/2022 12:09:29 by RouterOS 7.1.3
# model = CCR1016-12G

/ip/ipsec/proposal/ print
1 name="NordVPN" auth-algorithms=sha1 enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m pfs-group=none

Thank you, nin

* https://support.nordvpn.com/?_ga=2.2277 ... 1645825124

eworm · Tue Mar 01, 2022 2:05 pm

My first guess would have been a wrong setting for pfs-group... Are you sure that the given proposal is used? There's a default proposal with pfs-group=modp1024...

nishadul · Tue Mar 01, 2022 3:26 pm

I have upgraded 12 nos. RB951Ui-2Hnd from 6.49.3 to 7.1.3 but after upgrade my all routers CPU uses is increased, in same configuration CPU uses have 3 to 15% of ROS 6.49.3 but now ROS 7.1.3 CPU uses is 8 to 64%.
In previous version 6.49.3 we disabled some package as per our requirement (System > Packages) but now 7.1.3 this system is cancel

pe1chl · Tue Mar 01, 2022 3:44 pm

@nishadul this is both already known and mentioned by others in this and earlier v7 release topics. it is to be expected.

mafiosa · Tue Mar 01, 2022 4:45 pm

Please look into fixing torch for IPv6. It's not working since long time.

nishadul · Tue Mar 01, 2022 5:20 pm

Thank you for your reply.

Another ISSUE, ROS 7.1.3 is work with X86 PC ?
I have try to upgrade ROS 7.1.3 to my x86 pc (download then reboot) but my pc when started then show messages disk file corrupted (ROS not start), for this reason I have installed ROS to my pc again, Now when I click Download&Install button then show message in status bar is:
hotspot-7.1.3.npk,ipv6-7.1.3.npk,dhcp-7.1.3.npk,routing-7.1.3.npk,advanced-tools-7.1.3.npk,security-7.1.3.npk,security-7.1.3.npk,ppp-7.1.3.npk,ntp-7.1.3.npk,missing, use ignore-missing or disable package(s)

Can you help me why show this message.

Download&Install.JPG

pe1chl · Tue Mar 01, 2022 5:22 pm

Set the ignore-missing checkmark and continue.

lebaran · Wed Mar 02, 2022 10:05 am

zapata - Do you mean that it is not working properly for you?
No. I am using 7.1.3 and my hAP ac² always reboots when I try to shut it down. I haven't tested 7.2rc[23] yet.

Same issue with my hAP acc³, system always reboots when I try to shut it down, instead in halt state condition.

kehrlein · Wed Mar 02, 2022 10:08 pm

CRS112-8P-4S: Not usable after upgrade from 6.49.3 to 7.1.3 (soft- and firmware)

Working for some minutes after booting, then ports are starting to flapp and the data transfer between the clients is interrupted permant.

19:20:06 system,info,account user XXXX logged in XXXX via winbox
19:20:27 interface,info ether1 link down
19:20:27 interface,info ether2 link down
19:20:27 interface,info ether3 link down
19:20:27 interface,info ether5 link down
19:20:27 interface,info ether7 link down
19:20:27 interface,info sfp9 link down
19:20:28 interface,info sfp9 link up (speed 1G, full duplex)
19:20:28 interface,info ether7 link up (speed 100M, full duplex)
19:20:29 interface,info ether2 link up (speed 1G, full duplex)
19:20:29 interface,info ether5 link up (speed 1G, full duplex)
19:20:29 interface,info ether1 link up (speed 1G, full duplex)
19:20:30 interface,info ether3 link up (speed 1G, full duplex)
19:20:50 system,info,account user XXXX logged out from XXXX via winbox

No further errors / information in the log.
Downgrade to 6.49.x solved the issue.

Update: Port flapping tested and reproducible with several CRS112-8P-4S. Disabling auto-negotiation didn't help.

kehrlein · Wed Mar 02, 2022 10:15 pm

RBcAPGi-5acD2nD (cAP ac): Upgrading from 6.49.3
Unfortunately the space of the cAP ac is too small for doing an easy in-production update. Of course, all files (e.g. logs) were removed before to gain some more free space.
I needed to delete all packages until only the system package was left. Then I was able to do the upgrade.

kehrlein · Wed Mar 02, 2022 11:36 pm

After upgrading from 6.49.3 to to 7.1.3 RoMON is not working any longer.
Tested with RB760iGS (hEX S), RBcAPGi-5acD2nD (cAP ac) and CRS309-1G-8S+.

Also see viewtopic.php?t=181472#p900955 which seems still being the current state.

Wed Mar 02, 2022 11:42 pm

ROMON works just fine for me ?
Screenshot from hap ac on 7.2rc4, romon neigbours visible both 7.1.3 and 7.2rc4
.

romon.jpg

pe1chl · Thu Mar 03, 2022 10:29 am

RBcAPGi-5acD2nD (cAP ac): Upgrading from 6.49.3
Unfortunately the space of the cAP ac is too small for doing an easy in-production update. Of course, all files (e.g. logs) were removed before to gain some more free space.
I needed to delete all packages until only the system package was left. Then I was able to do the upgrade.

It is a known problem that you cannot upgrade to 7.x (which is single-package) on a router where multiple packages were installed, on devices with only 16MB of flash.
Hopefully this will be fixed sometime, but I think it is a bug in 6.x so to make that effective one would first need to upgrade to the latest v6 release and only then to v7.
(and in the v6.49.4 release notes there is no mention of fixing this bug so probably it is still there...)

bda · Thu Mar 03, 2022 10:47 am

Report. OpenVPN connection in UDP mode on CCR1009-7G-1C-1S+ still causes CCR1009 to reboot, like on 7.1.2 version.
Very bad.

Jotne · Thu Mar 03, 2022 1:07 pm

In 7.x the serial number should be hidden when the command export is used.
Should only be shown with export show-sensitive
Why?
If you use MikroTik Cloud, all can then see your public IP.

infabo · Thu Mar 03, 2022 3:17 pm

WMM enabled by default? When did this happen?

pe1chl · Thu Mar 03, 2022 3:55 pm

Maybe it was time to get a bit more modern?
Hopefully sometime there will be an option to determine WMM priority from DSCP instead of having to go via the DSCP->priority->WMM-priority path (which requires a mangle rule, which can only be done on a bridge when "bridge uses IP firewall" is selected, which makes everything less clear and has more overhead).
Competing products all use DSCP for priority, usually by default, often not even possible to change it.

infabo · Thu Mar 03, 2022 4:04 pm

+1 for the DSCP.

Until recently you had to explicitly enable WMM by setting "wmm-support=enabled"

But look, disabled on all wireless interfaces:

2022-03-03_15-04.png

Could this be a regression by this change?

*) wireless - correctly preserve WMM priority when receiving packets;

sebasGST · Thu Mar 03, 2022 6:42 pm

Hi, when 7.1 version Long Term? Thanks

Jotne · Thu Mar 03, 2022 6:54 pm

It will come, just wait.

infabo · Thu Mar 03, 2022 7:54 pm

Hi, when 7.1 version Long Term? Thanks

I guess people asking these kind of questions are the first ones, that cry out load when a long-term isn't as bug-free as they take for granted.

davestahr · Thu Mar 03, 2022 8:46 pm

Unfortunately, all of the SFP+ ports are still flapping in 7.1.x for me, even with 7.1.3, on a CRS328-24P-4S+.

I'm having the same problem. Have two CRS328-24P-4S+ in a very low network usage warehouse area. After upgrade last night to 7.1.3 things were bad. SFPs reported link downs and throughput to connected devices dropped as well. Interestingly, the CSS610 these switches were connected to reported no link downs. Running 6C-SFP+-LR SFPs. No problems in 6.49.x. Booted both switches to SwOS and all is well. No flapping and nothing monitoring down in the hour or so it's been since rebooting into SwOS.

indy · Thu Mar 03, 2022 9:49 pm

RB3011 updated to v7.1.3 (incl. firmware) without problems.
High CPU usage is still a problem.

muhanadali · Thu Mar 03, 2022 10:20 pm

CCR 1036 Always Crash after upgrade to 7.1.3

It's Crash Between 15-20-30 Minutes after Power On

after crash It's open normally But don't show anything and the Uptime 00:00:00
Date 00:00:00
CPU 0
Time 00:00:00

and Don't show anything in Dashboard

hecatae · Fri Mar 04, 2022 1:34 am

Hi, when 7.1 version Long Term? Thanks

For chateau and rb5009 owners, 7.1 is the minimum supported version.

This doesn't make it long term, but mikrotik support have stated they no longer support 7.0 releases.

bda · Fri Mar 04, 2022 11:50 am

Hi, does anybody have stable ccr1009 with ovpn-udp on 7.1.3(1-2) without crash reboots ?

infabo · Fri Mar 04, 2022 7:54 pm

@ mikrotik staff: why is wmm always enabled?

Fri Mar 04, 2022 10:01 pm

nishadul, pe1chl, indy - Look under Tool/Profile which processes are causing the load and try to determine if the load seems to be appropriate for your configuration. If not, then please provide supout file to support@mikrotik.com.
mafiosa - In our to-do list.
lebaran - Can you please provide supout file to support@mikrotik.com. We can not reproduce such a problem. Maybe the file will tell us more.
kehrlein - Please send supout.rif files to support@mikrotik.com from your devices and briefly describe your setup, specifying the connected devices regarding the link flapping issue. The same goes for RoMON. Make sure that you generate the supout file while it is not working as expected. Please create two separate tickets.
pe1chl - You can upgrade directly from v6 to v7 from separate packages, if you have enough space for v7 and your configuration, and stored files.
bda - We managed to reproduce this problem. It will be fixed in upcoming releases.
Jotne - But you can see the address in the export file (if static) and in supout file (even if it is dynamic). At the moment, I do not think that this is something that should be hidden and/or might be harmful.
eltionit - Please send supout files from server and one client which are not being able to connect together to support@mikrotik.com.
davestahr - Please send supout.rif files to support@mikrotik.com from your devices and briefly describe your setup, specifying connected devices.
muhanadali - Please provide supout file to support. Without it, it is impossible to guess what happened here.
infabo - WMM is disabled by default. Do you see this setting in the wireless export output? If you do, then it will be changed manually.

pe1chl · Fri Mar 04, 2022 11:06 pm

pe1chl - You can upgrade directly from v6 to v7 from separate packages, if you have enough space for v7 and your configuration, and stored files.

Sorry, it is a confirmed problem, see e.g. SUP-66267 which has been "Closed with resolution Done" but it is not specified what is the proper way of avoiding the problem.
(i.e. does it require a v6 update and to what version, is it fixed in some v7 version and if so which version)

ksteink · Fri Mar 04, 2022 11:50 pm

mada3k - Are you sure that all of them are missing, not just a part of them? Please write to support@mikrotik.com and send supout file from your router.
leosedf, PSz, mcskiller, avaz - Please send supout file from your router to support@mikrotik.com.
sebasGST - Simple definition from Wikipedia - "A microsecond is an SI unit of time equal to one millionth (0.000001 or 10^−6 or 1⁄1,000,000) of a second. Its symbol is μs, sometimes simplified to us when Unicode is not available. A microsecond is equal to 1000 nanoseconds or 1⁄1,000 of a millisecond.". No, it is not possible to change this behavior.
borr, elbob2002, akarpas, edupre, qatar2022, smyrosnik, smyrosnik - We will look into this.
Patrinus - Please send supout file from your router to support@mikrotik.com. We have fixed a similar problem with UPnP. However, it was fixed after this build was created.
BrateloSlava - Yes, it is not possible to disable these few helpers as explained in the error message.
ksteink - In 99% of cases like this, the problem is communication between computer and router, not the GUI itself. Is it possible that there is a packet loss un this connection?
Cray - In general, IPsec is working just fine in this version. If you still experience this problem, then please provide supout file to support@mikrotik.com from both endpoints of this IPsec connection. Make sure that files are generated after the connection was lost without any apparent reason.
AshuGite - It seems that we have managed to resolve this problem. The fix should be included in all of the upcoming releases.
starfotr - Please provide actual examples to support@mikrotik.com. Provide supout file and detailed description of what is missing after an upgrade. We have not received any complaints like this from anyone else.
benlg - What is the actual issue here?
dakkonsoulblade - Does this device have a serial port?
Tporlapt - This will be fixed in the upcoming releases.
stevekwok - Yes, it is. Why do you think that a downgrade is necessary before an upgrade?

@strods No packet loss.

- I have a S2S VPN between my Mikrotik with another Mikrotik (Both on 6.49.4) using L2TP/IPSec. Imagine this remote Mikrotik as a Jump Server Network
- The remote Mikrotik is the L2TP VPN Server of the hAP AC2 running v7.1.3. No packet loss there.
- I have deployed another hAP AC2 to the same Mikrotik hub that receives the L2TP on version 7.1.3 trouble device with version 7.1.2 and that works fine (I get access to the GUI).
- Any other Mikrotiks that I have in the similar setup on version 6.49.x works without this issue. Only this one that is running version 7.1.3 that I cannot access via WebFig nor Winbox. Only works SSH.

Sat Mar 05, 2022 8:46 am

pe1chl - My colleague replied to you and did not receive any answer from you for 90 days. Then the ticket is automatically marked as done. The ticket is done, not the issue. The only issue here is a problem with ARM devices with separate packages on v6 and only when you are living on the edge (regarding free disk space). Unfortunately, we can not fix this problem, because the upgrade happens on the old version, not the one which is being installed. We can not install fix on old versions so this is one exception where you will either need to uninstall one package and then upgrade or re-install the router. For example, on your example, you can uninstall the wireless package and upgrade to v7.
ksteink - Then please provide supout files from the server and client to support@mikrotik.com

rpingar · Sat Mar 05, 2022 9:14 am

pe1chl - My colleague replied to you and did not receive any answer from you for 90 days. Then the ticket is automatically marked as done. The ticket is done, not the issue. The only issue here is a problem with ARM devices with separate packages on v6 and only when you are living on the edge (regarding free disk space). Unfortunately, we can not fix this problem, because the upgrade happens on the old version, not the one which is being installed. We can not install fix on old versions so this is one exception where you will either need to uninstall one package and then upgrade or re-install the router. For example, on your example, you can uninstall the wireless package and upgrade to v7.
ksteink - Then please provide supout files from the server and client to support@mikrotik.com

strods any update about ticket 67221 and 45619 (same issue)?
I opened a second ticket because on the first one Artus responds after months and confusing ICMP with ECMP............
In a previous release thread I received several very rude posts from your collegues pushing me to use CHR.... I did...... and I meet the same issue there........
Please need help about them.

regards
Ros

Sat Mar 05, 2022 10:05 am

rpingar - We would really appreciate it if you and anyone else would not create duplicate tickets regarding the same problem. First of all, it makes a double work, second of all that fragments information, if both tickets are not processed by the same support employee. And in the end, it slows down the process, not boosts it up. The reply is provided as soon as possible. If there are any news, we deliver them to you. We do not have any intention to delay ticket processing.

rpingar · Sat Mar 05, 2022 10:09 am

rpingar - We would really appreciate it if you and anyone else would not create duplicate tickets regarding the same problem. First of all, it makes a double work, second of all that fragments information, if both tickets are not processed by the same support employee. And in the end, it slows down the process, not boosts it up. The reply is provided as soon as possible. If there are any news, we deliver them to you. We do not have any intention to delay ticket processing.

Some new news about the issue itself??????

eworm · Sat Mar 05, 2022 11:02 am

Let me cite strods for you:

The reply is provided as soon as possible.

pe1chl · Sat Mar 05, 2022 11:46 am

pe1chl - My colleague replied to you and did not receive any answer from you for 90 days. Then the ticket is automatically marked as done. The ticket is done, not the issue. The only issue here is a problem with ARM devices with separate packages on v6 and only when you are living on the edge (regarding free disk space). Unfortunately, we can not fix this problem, because the upgrade happens on the old version, not the one which is being installed. We can not install fix on old versions so this is one exception where you will either need to uninstall one package and then upgrade or re-install the router. For example, on your example, you can uninstall the wireless package and upgrade to v7.

I understand that the root of the problem is in the old version, but you should understand that these installs (separate packages on a 16MB Flash ARM system) can still be upgraded to a newer version with the same structure. I.e. an upgrade to 6.49.4 works just fine, and it remains separate packages. However, when a combined package of 6.49.x is uploaded to a router which has separate packages installed, it fails.
As v7 is only available as a single combined package, it affects the upgrade to v7. But when it could be fixed by in the v6 series, that could first be installed (e.g. 6.49.5) and then it should be possible to upgrade to v7.
About not receiving reply: In this case the last message from support in the ticket was

Hello,
Thank you, indeed there is an issue with hap ac2, we will check and fix it asap. 
Thanks again.

and its state changes to "waiting for customer", but I did not see it as awaiting further input from me.

pe1chl · Sat Mar 05, 2022 11:53 am

rpingar - We would really appreciate it if you and anyone else would not create duplicate tickets regarding the same problem. First of all, it makes a double work, second of all that fragments information, if both tickets are not processed by the same support employee.

That is a reason why I do not understand why in the forum release topic, when people describe problems so that everyone can read them and avoid reporting the same thing, it is always emphasized that problems should be reported in tickets.
Maybe you should consider opening the visibility of tickets to others, e.g. like in the Bugzilla system where everyone can search tickets and add information to them, and duplicate tickets can be linked to existing ones.
That is more structured than a forum release topic and (with enough discipline from the users) would allow you to combine reports and information about problems experienced by multiple users.

w4rh0und · Sat Mar 05, 2022 12:35 pm

Report. OpenVPN connection in UDP mode on CCR1009-7G-1C-1S+ still causes CCR1009 to reboot, like on 7.1.2 version.
Very bad.

I confirm on CCR1009-8G-1S-1S+, upgraded ROS and firmware to 7.1.3 from RouterOS 6.48.5

OpenVPN on UDP was one of the reason i've upgraded.

It connected, i just tried a traceroute and the router rebooted so I had to put back openvpn in TCP

After the reboot, without any good reason the CPU started going up to 70% and kept going up for no apparent reason with no traffic at all except icmp and me on winbox...
There is one client behind this router

So far, the devices seams stable after the 3rd reboot, but I have 0 confidence on it, and unfortunately I need to migrate some clients behind it.
Is there a safe way to downgrade to a more stable version? either RouterOS 6.48.5 or in case there is a "usable" V7.x

Please advise

thank you

pe1chl · Sat Mar 05, 2022 1:42 pm

The stable version for your router is 6.49.4 but of course it does not support OpenVPN UDP.
You can switch back to the second partition you saved before doing the upgrade - right ?
Or you did not make partitions? Why not?

ormandj · Sat Mar 05, 2022 3:50 pm

Unfortunately, all of the SFP+ ports are still flapping in 7.1.x for me, even with 7.1.3, on a CRS328-24P-4S+.
I'm having the same problem. Have two CRS328-24P-4S+ in a very low network usage warehouse area. After upgrade last night to 7.1.3 things were bad. SFPs reported link downs and throughput to connected devices dropped as well. Interestingly, the CSS610 these switches were connected to reported no link downs. Running 6C-SFP+-LR SFPs. No problems in 6.49.x. Booted both switches to SwOS and all is well. No flapping and nothing monitoring down in the hour or so it's been since rebooting into SwOS.

You can force the ports to 1G and that seems to work as well. Based on the response a few posts prior, it sounds like they want you to create a support ticket, which is hilarious since they literally just asked us not to create duplicate support tickets at the same time, and I already have a ticket open for this, with no response in over three months.

^^ @strods

I suggest opening the support ticket; hopefully they will care more about yours than they do about mine. Here is my ticket so you can reference it: SUP-68278

infabo · Sat Mar 05, 2022 6:37 pm

strods

/interface/wireless/monitor wlan1

It says: wmm-enabled: yes

/interface/wireless/print advanced proplist=name,wmm-support

It says: wmm-support: disabled

That is the tl;dr of my previous posts.

infabo · Sun Mar 06, 2022 11:13 am

Can anyone reproduce that WMM thiny on a wireless device too?

mkx · Sun Mar 06, 2022 11:36 am

I see the same on my RB951G (MIPSBE) running 7.2rc4 as well.

pe1chl · Sun Mar 06, 2022 12:15 pm

I always have wmm support enabled. Why would you want to turn that off???

Sun Mar 06, 2022 1:04 pm

Can anyone reproduce that WMM thiny on a wireless device too?

Confirmed on hAP AC2 (arm) running 7.2rc4, both wlan1 (2Ghz) and wlan2 (5Ghz)
Confirmed on mAPLite (mipsbe) running 7.2rc4.
DOWNgraded that mAPLite to 7.1.3, same. Inconsistent indication of WMM.

I always have wmm support enabled. Why would you want to turn that off???

That's another discussion.
However it is not correct that on the same device it provides 2 different indications depending on how you retrieve the status.
Besides, on the 2 devices I listed, I have it disabled in the settings (default behavior). So why would it show enabled on monitor ?

pe1chl · Sun Mar 06, 2022 1:20 pm

But is it actually enabled? Or is it only a wrong indication?

Sun Mar 06, 2022 1:22 pm

How can you tell ? Is there another option to verify that ?
Again, if I choose to DISABLE it in the settings of the wireless interface, I would expect whatever way the status is retrieved, it should show disabled.

pe1chl · Sun Mar 06, 2022 1:41 pm

Well, when you are so worried about it being enabled, you should be able to see the effects of it on the outside, right?
Connect a client that cannot handle wmm and that will fail, or connect and check the status in the client (is it using wmm?).

Sun Mar 06, 2022 3:38 pm

Well, when you are so worried about it being enabled, you should be able to see the effects of it on the outside, right?
Connect a client that cannot handle wmm and that will fail, or connect and check the status in the client (is it using wmm?).

Not worried at all.
You're missing the whole point. The settings are not displayed consistently.

From what I read I should not be able to get passed 54Mb/s when wmm is disabled on 2.4Ghz.
I can easily get passed that.
So it is enabled, I have to assume ?? Assumptions are #1 reason for mistakes ... so I can not be sure.

Yet my settings show it is DISABLED and 1 of 2 queries also show it is disabled.
Triple-mode redundancy in airspace devices would conclude it is disabled then.
But it might not be ?

Other test (done on hAP AC2, 7.2rc4, connected to 2.4Ghz)
iperf3 test done from Samsung S20, 200Mb, 10sec, tested 5 times each
wmm enabled - 86-89Mb/s
wmm disabled - 86-108Mb/s (I've seen it twice go there, so no fluke)

It doesn't make sense disabling wmm gives better results then when it's enabled nor that both go over 54Mb/s.
Or do I see it wrong ?

infabo · Sun Mar 06, 2022 6:10 pm

) wireless - correctly preserve WMM priority when receiving packets;

As this change also was introduced on 7.2rc4, maybe is related.

nexusds · Sun Mar 06, 2022 7:37 pm

CRS112-8P-4S: Not usable after upgrade from 6.49.3 to 7.1.3 (soft- and firmware)

Working for some minutes after booting, then ports are starting to flapp and the data transfer between the clients is interrupted permant.
Code: Select all
19:20:06 system,info,account user XXXX logged in XXXX via winbox
19:20:27 interface,info ether1 link down
19:20:27 interface,info ether2 link down
19:20:27 interface,info ether3 link down
19:20:27 interface,info ether5 link down
19:20:27 interface,info ether7 link down
19:20:27 interface,info sfp9 link down
19:20:28 interface,info sfp9 link up (speed 1G, full duplex)
19:20:28 interface,info ether7 link up (speed 100M, full duplex)
19:20:29 interface,info ether2 link up (speed 1G, full duplex)
19:20:29 interface,info ether5 link up (speed 1G, full duplex)
19:20:29 interface,info ether1 link up (speed 1G, full duplex)
19:20:30 interface,info ether3 link up (speed 1G, full duplex)
19:20:50 system,info,account user XXXX logged out from XXXX via winbox
No further errors / information in the log.
Downgrade to 6.49.x solved the issue.

Update: Port flapping tested and reproducible with several CRS112-8P-4S. Disabling auto-negotiation didn't help.

We have tons of these in service and have no issues with any 7.x builds. are you doing any special configs and what power supply are you using (we use 48v)

pe1chl · Sun Mar 06, 2022 8:42 pm

) wireless - correctly preserve WMM priority when receiving packets;
As this change also was introduced on 7.2rc4, maybe is related.

Yes, probably there was some mistake while implementing that.
But really, this on/off capability was likely introduced more than 10 years ago when WMM was first added to RouterOS.
Usually when something new like that is introduced it is made switchable in case there is a situation where it does not work.
Similar to the introduction of "802.11k/r/v" which causes issues with some devices and is usually made switchable (except in RouterOS, which just doesn't support it).

On most other manufacturer's devices, WMM is not switchable anymore today. It is just always on. So I expect that by now there are no issues anymore and developers get less careful about switching it on and off and correctly reporting its status.

Does your PC still have a TURBO switch?

infabo · Sun Mar 06, 2022 9:22 pm

To keep the analogy: ROS has the WMM turbo switch telling OFF, but runs with turbo enabled. Regardless the button state. Like that?

And it is not like at other vendors, that WMM just works by just enabling it. In ROS you need to use mangle rules, queue tree and need to adjust ampdu priorities to get it even work properly.

pe1chl · Mon Mar 07, 2022 9:59 am

And it is not like at other vendors, that WMM just works by just enabling it. In ROS you need to use mangle rules, queue tree and need to adjust ampdu priorities to get it even work properly.

That is another problem, but I mentioned that elsewhere.
The WMM feature certainly could use some work to get with the times.
In general of course MikroTik requires expertise to configure the network at a lower level than typical consumer routers, but in some places (like this) it gets a bit ridiculous.
WMM is just something the router should have and that should work without spending time on it. Maybe the facilities should be there to kill it in specific situations, but normally it should just work as intended (splitting traffic in 4 queues depending on DSCP value with possibility to override using the priority field).

kehrlein · Tue Mar 08, 2022 11:52 am

CRS112-8P-4S: Not usable after upgrade from 6.49.3 to 7.1.3 (soft- and firmware)
Working for some minutes after booting, then ports are starting to flapp and the data transfer between the clients is interrupted permant.
No further errors / information in the log.
Downgrade to 6.49.x solved the issue.

We have tons of these in service and have no issues with any 7.x builds. are you doing any special configs and what power supply are you using (we use 48v)

You can see the complete config in the original post. We're using the both power supplies: 28V + 48V
We've also had some (R)STP issues in mind, but couldn't confirm these.

xtrans · Fri Mar 11, 2022 6:25 pm

RB5009UG+S+ version v7.1.3 hotspot captive portal all pages turn to status 404 after couple of hours. even reset html has also the same error after 2-5 hours. I want to downgrade to 6.48.6 but i cant. please fix this. i tried netinstall to downgrade but not working. minimum version requires is only v7.0.9.

Fri Mar 11, 2022 6:53 pm

Already tried 7.2rc4 ? It has some fixes for hotspot.

adigo22 · Sat Mar 12, 2022 12:15 pm

I have a similar problem. After upgrading to 7.1.3, i do have internet connection but in my android winbox, internet is not detected

jezekus · Sat Mar 12, 2022 8:00 pm

I have upgraded my RB2011 from 6.49.4 to 7.1.3 without any issues, added UPS package, but I am unable to add BackUPS 550 connected via USB. It was working correctly on v6 but on v7 I can only add serial0 port in UPS menu. Is there any workarround?

> system/resource/usb/print 
Columns: DEVICE, VENDOR, NAME, SPEED
# DEVICE  VENDOR                     NAME                                        SPEED
0 1-0     Linux 5.6.3 ehci_hcd       RB400 EHCI                                    480
1 1-1     American Power Conversion  Back-UPS RS 550GI FW:857.L1 .I USB FW:L1       12

But

> system/ups/add port=serial0 
alarm-setting  check-capabilities  comment  copy-from  disabled  min-runtime  name  offline-time

serial0 is only port I can select.

Thanks for help.

marlab · Sun Mar 13, 2022 12:13 am

After migration from latest v6 to v7.1.3 - VPLS stopped working (router gets frozen after a few seconds of VPLS activity).

ksteink · Sun Mar 13, 2022 3:54 am

I switched from my hEX S to the RB5009 using this release 7.1.3 and after couple hours working fine I got this annoying error in the log

kernel failure in previous boot

Of course the router rebooted dropping all my connections and VPNs

infabo · Sun Mar 13, 2022 11:55 pm

Funny, a recent change on Mikrotik "wiki". WMM enabled by default.

Bildschirmfoto 2022-03-13 um 22.54.57.png