RouterOS version 7.2 has been released in "v7 stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.2 (2022-Mar-31 12:11):

*) api - accept "Content-Type" with specified charset;
*) arm - fixed "auto" CPU frequency setting;
*) arm - fixed "shutdown" command on hAP ac^2;
*) arm64 - improved Watchdog initiated reboot reason reporting;
*) arm64 - improved low disk space handling condition on upgrade;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) backup - fixed cloud backup's creation timezone;
*) bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
*) bgp - do not export default BGP values;
*) bgp - fixed VPNv4 route sending to remote peer;
*) bgp - fixed link-local iBGP address selection;
*) bgp - fixed network advertisement from address-lists after reboot;
*) bgp - fixed routing table and BGP configuration order in export;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) bluetooth - allow to export device, advertiser and scanner configuration;
*) bluetooth - disable scanning by default;
*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
*) bridge - fixed FastPath when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter and NAT "set-priority" action;
*) bridge - fixed filter and NAT "set-priority" on ARM64 devices;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) capsman - improved stability when running background scan on CAP;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) ccr2004 - improved PCI timeout handling on CCR2004-1G-2XS-PCIe;
*) ccr2004 - improved system stability on CCR2004-12S+2XS;
*) certificate - allow to choose digest algorithm for CSR signing;
*) certificate - made "fingerprint" parameter read-only;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) clock - properly notify all instances about time changes;
*) conntrack - properly detect helper status;
*) console - fixed "print" command with additional "where" condition;
*) console - improved console responsiveness when processing received characters;
*) console - made "password" parameter mandatory when creating a new user;
*) console - properly erase CLI history after configuration reset;
*) console - updated copyright notice;
*) crs1xx/2xx - fixed static switch host addresses after link down;
*) crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
*) crs3xx - fixed CPU load balancing for ARM dual core devices;
*) crs3xx - fixed QSFP+ interface LEDs;
*) crs3xx - fixed watchdog timer functionality;
*) crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcp-server - fixed statistics sending in "Accounting Stop" packets;
*) dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) dhcpv4-server - allow adding comments;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
*) dhcpv6 - added VRF support;
*) dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
*) dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
*) dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
*) dude - fixed The Dude client compatibility with RouterOS v7;
*) dude - fixed The Dude compatibility with ARM64;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) firewall - improved available port lookup for source NAT when free port range is exhausted;
*) graphing - properly generate interface graph for traffic higher than 2.1Gbps;
*) hotspot - fixed login page over HTTPS;
*) hotspot - fixed memory leak on every web page loading;
*) hotspot - fixed web page loading using HTTPS;
*) ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) ipsec - added hardware acceleration support for CCR2116;
*) ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
*) ipv6 - do not add duplicate dynamic prefix when static already exists;
*) ipv6 - fixed "retransmissit-interval" unit value;
*) ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
*) l2tp - fixed CHAP challenge packet processing over IPsec;
*) l2tp - improved service stability when disabling L2TP server with connected clients;
*) l2tp - improved system stability when processing L2TP control messages;
*) l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
*) l3hw - fixed HW offloaded NAT;
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
*) l3hw - fixed bonding source MAC address;
*) l3hw - fixed default route offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) l3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) led - fixed LED behavior on Audience;
*) led - reduced LTE signal LED range to -70;
*) leds - fixed user LED on RB750Gr3;
*) log - added warning message when connection tracking table is full;
*) log - include message also in e-mail body;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - add IPv6 address on interface as well;
*) lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - added support for Uplink CA reporting;
*) lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
*) lte - do not loose "band" configuration after reboot on Chateau 5G;
*) lte - do not show external antenna selector on devices that does not support it;
*) lte - enabled multi-APN and name re-use support for Chateau;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed "monitor" command to not report old info;
*) lte - fixed AT command response handling on R11e-LTE;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed MBIM modem reset on AT timeout;
*) lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
*) lte - fixed support for Sierra MC7710;
*) lte - fixed support for Telit 960;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - improved stability when modem disappears during firmware upgrade;
*) lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ntp - improved service stability when none of the NTP servers are reachable for a while;
*) ntp - improved source address usage for reply packets;
*) ntp - print log change time with time-zone applied;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed MD5 authentication;
*) ospf - fixed NBMA hello's not being sent if priority is set to 0;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed default type-3 LSA's not being injected to stub area;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ospf - fixed incorrect LSA types when changing area types;
*) ospf - fixed neighbor election failure;
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - general stability improvements;
*) ospf - improved DB retransmit logging;
*) ospf - improved logging;
*) ospf - improved overall stability;
*) ospf - improved stability for very large LSDB;
*) ospf - improved stability on OSPFv3 instance disabling;
*) ospf - improved stability when DR goes down;
*) ospf - improves stability when handling looped back OSPF packets;
*) ospf - properly set VRF for gateway;
*) ospf - send notifies for neighbors;
*) ovpn - added SHA2 authentication algorithm support;
*) ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
*) ovpn - added option to send disconnect message in UDP mode;
*) ovpn - fixed large option message parsing;
*) ovpn - improved UDP session handling;
*) ovpn - improved memory allocation on Tile in "ethernet" mode;
*) ovpn - improved system stability in high load scenarios;
*) pimsm - fixed menu prints;
*) pimsm - general stability improvements;
*) poe - fixed PoE driver loading on CRS354-48P-4S+2Q+;
*) poe - update PoE firmware only on devices that support it;
*) ppp - added "comment" option for PPPoE servers;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) ppp - show local and remote IPv6 addresses (CLI only);
*) pppoe - added option to configure "host-uniq" parameter;
*) pppoe - added option to ignore PADI messages with empty service name;
*) pppoe - use default MTU of 1492;
*) pptp - added insecure connection warning;
*) pptp - show insecure connection warning on dynamic interfaces;
*) qsfp - correctly display auto-negotiation status;
*) queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
*) queue - improved system stability when processing traffic;
*) queue - improved system stability when using more than 255 unique packet marks;
*) rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
*) rip - added logging;
*) rip - fixed route metrics;
*) rip - fixed route redistribution;
*) rip - use nexthop with interface;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - fixed "min-prefix" configuration when set to 0;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed BGP atomic aggregate value;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed ECMP route removal;
*) route - fixed route addition to VRF from BGP;
*) route - fixed router's LSA for PTP networks;
*) route - fixed routing configuration export on SMIPS devices;
*) route - general stability improvements;
*) route - improved routing table print speed;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed "return" action;
*) route-filter - fixed complex matchers with "|| or and &&";
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) route-filters - allow to filter and modify default route if "originate-default" is set to "always";
*) route-filters - fixed possible address list race condition and memory leak;
*) route-filters - renamed "*-set" to "*-list";
*) routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
*) routerboard - fixed WPS button functionality on Audience;
*) routing - added PCAP viewer tool for BGP advertisements debugging purposes;
*) routing-filter - fixed "bgp-*-communities-empty" matcher;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) smb - fixed SMB2.0 disk size reporting;
*) smips - improved RAM allocation;
*) sms - increased "at-chat" timeout when sending SMS;
*) snmp - added SFP vendor name to optical table;
*) snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
*) snmp - allow two level nesting for vlan, bonding speed query;
*) socks - fixed SOCKS5 support;
*) ssh - fixed forwarding with IPv6 link-local addresses;
*) ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
*) supout - added "port-controller" bridge section;
*) switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) switch - properly limit maximum number of switch rules to 256 on RB5009;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) tr069-client - accept 200-299 codes for HTTP diagnostics;
*) tr069-client - added support for 5G band configuration;
*) tr069-client - added support for wireless "skip-DFS" configuration;
*) tr069-client - added support for wireless client uptime reporting;
*) tr069-client - fixed RPC download of "3 Vendor Configuration File" with branding package;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) traffic-generator - fixed transmit speed for multiple asymmetric streams;
*) upgrade - improved 404 error handling when checking for new versions;
*) upgrade - improved downgrade prompt message;
*) ups - fixed UPS support;
*) usb - fixed display of incorrect port count for USB serial ports;
*) user - removed obsolete "tikapp" policy;
*) user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) vxlan - allow unsetting "group" and "interface" properties;
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) webfig - fixed default configuration popup presence;
*) webfig - fixed user policy lookup for skin designer;
*) wifiwave2 - added "client-isolation" feature;
*) wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
*) wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
*) winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
*) winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
*) winbox - added "Ignore Missing" selector to "System/Packages" menu;
*) winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
*) winbox - added "Routing Table" parameter for IPv6 routes;
*) winbox - added "TLS Version" parameter for "Interface/OVPN";
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added "comment" parameter to "User Manager/Users" menu;
*) winbox - added "host-uniq" parameter to PPPoE client interface;
*) winbox - added MLAG support;
*) winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
*) winbox - added ZeroTier support;
*) winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
*) winbox - added interface list support for "IP/Traffic Flow" menu;
*) winbox - added local/remote CPU load parameters for "Bandwidth Test";
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
*) winbox - added support for "Tool/Speedtest" menu;
*) winbox - added support for W60G align tool;
*) winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
*) winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
*) winbox - do not require "name" and "file name" parameters for certificate import/export;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - do not show connection tracking table if it has more than 10000 entries;
*) winbox - fixed "00:00:00" time printing;
*) winbox - fixed "Switch" menu on Chateau devices;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed "expires-after" certificate parameter value;
*) winbox - fixed CHR License renewing process;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed error message when adding NTH rule with "0" value;
*) winbox - fixed minor typo under "LTE" interface menu;
*) winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
*) winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
*) winbox - properly save "IPv6/Settings" menu in session file;
*) winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
*) winbox - properly update ethernet auto negotiation status on CHR;
*) winbox - properly update server list under "System/NTP Client/Servers" menu;
*) winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
*) winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
*) winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
*) winbox - report local terminal session as "local" instead of "telnet";
*) winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
*) winbox - require non empty "Packet Mark" value under "Queues" menu;
*) winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
*) winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
*) winbox - show "Routes" column by default under "PPP/Secrets" menu;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/SwOS" menu only on boards that have dual boot;
*) winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
*) winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) winbox - use "total" as default value for "Tools/Profile";
*) wireguard - allow same peer's public key for different interfaces;
*) wireguard - fixed IPv6 LL address generation;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - made "preshared-key" and "private-key" values sensitive;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - added information about client signal strength to log messages about disconnections;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - fixed frequency range information for IPQ4019 interfaces;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) wireless - improved nv2 link stability;
*) wireless - improved wireless connection stability during background scans;
*) www - fixed "tls-version" for SSL;
*) x86 - added support for Intel E810 NIC;
*) x86 - allow to select disk for install image;
*) x86 - fixed NVME partition path;
*) x86 - fixed VLAN tagged packet transmit;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) zerotier - fixed IPv6 support;
*) zerotier - made MAC and MTU values read-only;
*) zerotier - properly handle IP address change;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.

Holly Molly what a changelog. Great work but I need a day just to ingest the changelog :-)

Tjeez ... that's a LOONG changelog indeed ...

BGP prefix count :((((

Upgraded rb2011-uias-2hnd from 7.1.5 to 7.2 with no issues. WiFi station pseudobridge, a few vlans, ospf. Working without issues. Winbox 3.32 with Wine on mac causes winbox to crash on login, Winbox 3.35 works fine.

JF.

*) x86 - added support for Intel E810 NIC;
Em810 doesn't work correctly, the interfaces are reported running also when nothing is connected into the qsfp28 ports.
ticket 78769

regards
Ros

Looks like hAP lite received a super pursuit mode or something. While the last upgrade from 7.1.3 to 7.1.5 took like 10 minutes, this 7.2 now was installed within some minutes. Reboot seem to take less time too (+/- 50sec). CLI is way more snappy now too. now finishing within < 1min too. No errors. A lot has improved for smips it seems.

hEX S remotely upgraded from 7.1.5 to 7.2 ... OSPF+BGP ... seems to work. No need to travel

after upgrade hap lite to 7.2 the WiFi couldn't authentication with clients.
@WLAN-HotSpot: disconnected, extensive data loss, signal strength -58

ErfanDL please contact support@mikrotik.com with more details, such as, what version you upgraded from, what kinds of clients, and if all are affected, and attach a supout.rif file from the device, if possible while it's running 7.2, and clients are experiencing this issue.

Upgraded:

local
RB4011iGS+RM
2x hEX PoE
PowerBox

remote
hEX S
cAP ac

Smooth and fast upgrade.

The "Rare Config loss" issue is unfortunately still present for sure - I upgraded my home RB5009 from v7.2rc7 to 7.2. After 10 minutes unit was not coming online, so I connected serial cable and saw most interfaces were removed from bridge. Added main access ether port back to bridge and logged in with winbox, to find that more "devastation" had occured, for instance:
Luckily I anticipated this as it's been happening on this device several times before with past versions, so I created an export just before the upgrade.
I will post "before and after" export rsc to a new support ticket, along with an "after" supout..
Edit: Details posted to SUP-78899.

Another interesting bug is that I can't seem to paste (from clipboard) my export into the winbox terminal window (I've noticed this since a few builds ago) - even if I only do a few lines at a time. The lines seem to "self-corrupt" as it's busy pasting in. So there seems to be a bug with pasting to terminal, I'm not sure yet if it only affects mac-based winbox sessions or ipv4 winbox sessions also. (I'm on winbox x64 v3.35)
Basically I need to add an IP address to the router and ssh/telnet from a different terminal in order to paste the exported config cleanly. I prefer to paste to console than use /import, as I can paste line-by-line and see any issues as they occur

Other than that, it seems a lot of good progress here and I'm happy to be on this new version. We should just keep regular backups until this particular issue is definitively resolved

Cosmetic/Minor Bug:

Almost every non-CHR Device I upgraded is now showing a warning under System --> Routerboard:

Warning: cpu not running at default frequency

750GR3, RB5009, Chateau 12, CRS-125.

The only device that doesn't show this error is an RB3011.

omg, so much of your work

thx mikrotik, awesome job 👍

ErfanDL please contact support@mikrotik.com with more details, such as, what version you upgraded from, what kinds of clients, and if all are affected, and attach a supout.rif file from the device, if possible while it's running 7.2, and clients are experiencing this issue.

After three times reboots, the problem was solved

SSTP on CHR, still unusable! SUP-67642
It was reported at 2021-12-02; I am deeply disappointed that one of the most wanted feauture is still ignored by Mikrotik.

in MPLS L3 case, (PE v7.2 and CPE v6.49.3)

BGP vpnv4 Peering between PE and CPE are not working, BGP session were established but PE did not receive any prefix sent by CPE and CPE did not receive any prefix sent by PE.

Please make it BGP stable and completed soon !!

Again an issue with the routing tables... sigh.
After update, under /routing/tables the user added routing table ampr appears twice.
Well, maybe better than routing tables disappearing, but still not OK!
I removed the second entry and it appears everything is normal (no *0x1234 references anywhere)

still cannot print multiple vouchers in user manager.

Another interesting bug is that I can't seem to paste (from clipboard) my export into the winbox terminal window (I've noticed this since a few builds ago) - even if I only do a few lines at a time. The lines seem to "self-corrupt" as it's busy pasting in. So there seems to be a bug with pasting to terminal, I'm not sure yet if it only affects mac-based winbox sessions or ipv4 winbox sessions also. (I'm on winbox x64 v3.35)

"that is not a bug, it is a feature!"
A very useless and irritating feature. It has been present from long ago.
This they call "Hotlock mode". In that mode, every command and parameter is expanded to full length once it is uniquely matched, but then when you continue to type it adds the new input after that. I could think it was sort of useful when it did not do that.

In RouterOS v6 it was even worse: Hotlock mode was enabled using Ctrl-V. People often wanted to paste stuff into the terminal and typed Ctrl-V. "nothing happened". Then they pasted using right-button and got into this terrible mess.
But in RouterOS v7 the Hotlock key has been changed to F7. So less likely to make this mistake.

Still I think it should simply be removed. You can always auto-expand things using TAB.

Tjeez ... that's a LOONG changelog indeed ...

Yeah, because it is relative to 7.1. They should have made a changelog relative to 7.2rc7 as well.

Watch out, upgrade and reboot seemed OK, did the reboot to update the firmware and now it's bricked. RB4011 with Wifi. Family is about to riot.

<edit> I have reset it and not netinstalled. ROS was then at 7.2 and firmware at 6.44.4 and all is OK. Updating the firmware to 7.2 makes the same brick behaviour. I am going to use 7.1.5 firmware and 7.2 ROS for now.

Tjeez ... that's a LOONG changelog indeed ...

Yeah, because it is relative to 7.1. They should have made a changelog relative to 7.2rc7 as well.

That's something i'm missing everytime we go out of test/beta/rc to a stable version!

They should have made a changelog relative to 7.2rc7 as well.

That is some I do miss as well. If you look at Cisco, you have a tool where you can compare each version against each other and even select different hardware.

Cisco Feature Navigator
https://cfnng.cisco.com/
Not sure how much you can see there without a Cisco account.

That is some I do miss as well. If you look at Cisco, you have a tool where you can compare each version against each other and even select different hardware.

Cisco Feature Navigator
https://cfnng.cisco.com/
Not sure how much you can see there without a Cisco account.

I suggested that here before as well. Make a database with all changes (at which version they occur, probably at which version they become irrelevant) and then make a website where you can enter two version numbers and see the changes between them.
Should be relatively easy to make, and can be used by the online updater as well (to show the relevant changes between the version you currently have and the one you download).

Please MT

make this ugly red line at least blue, informative
or take it away when PPTP is disabled

it is irritating, annoying,
and at first look, when you open winbox, you start to panic what went wrong now??
some of my interfaces are red, ooo dear god
then, you realize, nah, it is only pptp :(
so please, remove or repaint this red sh*t

make this ugly red line at least blue, informative
or take it away when PPTP is disabled

I disagree.
That's the right color for that sort of message.

hAP Lite updated, snappier than testing release.

I disagree.
That's the right color for that sort of message.

well, mister @holvoetn

i understood this approach when you, for example build a new network
but, no
it is not my choice to use pptp
and if you think, that someone could call the multi/hyper/giga/mega company and tell them: you know, my MT router is red , please change vpn type ...
hahaha
no, it is not our choice what will we use

I fully understand it may not be your choice but it remains the appropriate color for that message.

So.. what's the changelog vs the last rc?

I disagree.
That's the right color for that sort of message.

well, mister @holvoetn

i understood this approach when you, for example build a new network
but, no
it is not my choice to use pptp
and if you think, that someone could call the multi/hyper/giga/mega company and tell them: you know, my MT router is red , please change vpn type ...
hahaha
no, it is not our choice what will we use

Indeed, it's network/sys admins choice, if you're not that person, suck it up.

The "Rare Config loss" issue is unfortunately still present for sure...

If it is filesystems issue and it might be one, upgrade will not solve it, you will need to netinstall it with newest netinstall, to get newest filesystem up and running.

I fully understand it may not be your choice but it remains the appropriate color for that message.

oh, no
it is not

red color - > log, error

do we have error on PPTP interface ?
no

blue color -> log, warning
informative, please use other vpn

so, no, no, and no
if we start using random colors for random things ...

next time, when you missconfigure DHCP client, put it on bridge leg, and color change to red
then you will say, ooo, noo, it is not an error :) i saw red paint already on other place, so no, it is not big deal

again, no
red -> error
blue -> warning

1. In RB2011 at export rsc
i have in all rules in ipv6 firewall mangle:
dst-prefix=::/0
src-prefix=::/0
I have not the above statements in 6.x and i cant show in winbox in rules properties
not even when I select the corresponding columns from the winvox ipv6/mangle window.

2. I cant have ipv6 advertise in ovpn connection with udp enable.
The ovpn connection takes place without a problem but i get only ipv4 address.
All the configuration with ovpn (except udp enable) and ipv6 is the same with 6.x in which i get ipv6 address in ovpn connections.

Upgraded at home:
Hex
hAP AC3
hAP AC2
hAP
map Lite
CHR

No problems so far upgrading nor afterwards. From the limited time it was active on Hex (updated around 09h00) it "looks" like that memory leak is still present.
Usage is slightly going up every hour without any clear indication what causes it.

Thanks, long changelog.

Wow, this is great. Now it seems I'll migrate my infra to 7.2 from 6.xx.
MT, great work 👍

*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);

Don't we need something like "discard-v6-configuration-completely-please-I-am-from-v7" to remove any "historical" data from a router?

Also not working graphs under https
Error 404: Not Found

The "Rare Config loss" issue is unfortunately still present for sure...

If it is filesystems issue and it might be one, upgrade will not solve it, you will need to netinstall it with newest netinstall, to get newest filesystem up and running.

If it is a filesystem issue then there is a bug in v7 that should urgently be fixed. This problem is so commonly reported that it apparently occurs under normal operating conditions, and that should not happen.

Changes since last rc (rc7) Find using compare duplicate cells in Excel.

No new stuff added since rc7


List of all changes and when they was introduced in 7.2 train
RC `7.2.0
rc5 *) api - accept "Content-Type" with specified charset;
rc5 *) arm - fixed "auto" CPU frequency setting;
rc2 *) arm - fixed "shutdown" command on hAP ac^2;
rc5 *) arm64 - improved Watchdog initiated reboot reason reporting;
rc1 *) arm64 - improved low disk space handling condition on upgrade;
rc1 *) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
rc1 *) backup - fixed automatic backup generation when resetting configuration;
rc5 *) backup - fixed cloud backup's creation timezone;
rc5 *) bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
rc1 *) bgp - do not export default BGP values;
rc4 *) bgp - fixed VPNv4 route sending to remote peer;
rc5 *) bgp - fixed link-local iBGP address selection;
rc5 *) bgp - fixed network advertisement from address-lists after reboot;
rc2 *) bgp - fixed routing table and BGP configuration order in export;
rc1 *) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
rc1 *) bluetooth - allow to export device, advertiser and scanner configuration;
rc2 *) bluetooth - disable scanning by default;
rc2 *) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
rc4 *) bridge - fixed FastPath when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
rc4 *) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
rc2 *) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
rc4 *) bridge - fixed destination NAT when using "use-ip-firewall" setting;
rc3 *) bridge - fixed filter and NAT "set-priority" action;
rc4 *) bridge - fixed filter and NAT "set-priority" on ARM64 devices;
rc4 *) bridge - fixed filter rules when using interface lists;
rc5 *) bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
rc4 *) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
rc2 *) capsman - improved stability when running background scan on CAP;
rc1 *) capsman - improved system stability when processing CAP packet by Mangle;
rc6 *) ccr2004 - improved PCI timeout handling on CCR2004-1G-2XS-PCIe;
rc5 *) ccr2004 - improved system stability on CCR2004-12S+2XS;
rc1 *) certificate - allow to choose digest algorithm for CSR signing;
rc1 *) certificate - made "fingerprint" parameter read-only;
rc1 *) chr - improved system stability when writing into memory;
rc1 *) chr - temporarily suspended downgrade to RouterOS v6;
rc2 *) clock - properly notify all instances about time changes;
rc2 *) conntrack - properly detect helper status;
rc1 *) console - fixed "print" command with additional "where" condition;
rc2 *) console - improved console responsiveness when processing received characters;
rc1 *) console - made "password" parameter mandatory when creating a new user;
rc1 *) console - properly erase CLI history after configuration reset;
rc2 *) console - updated copyright notice;
rc5 *) crs1xx/2xx - fixed static switch host addresses after link down;
rc5 *) crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
rc1 *) crs3xx - fixed CPU load balancing for ARM dual core devices;
rc2 *) crs3xx - fixed QSFP+ interface LEDs;
rc4 *) crs3xx - fixed watchdog timer functionality;
rc2 *) crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
rc4 *) crs3xx - improved maximum allowed ACL rule calculation;
rc4 *) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
rc2 *) defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
rc1 *) dhcp-server - fixed DHCP Option decimal value parsing;
rc1 *) dhcp-server - fixed statistics sending in "Accounting Stop" packets;
rc1 *) dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
rc1 *) dhcpv4-server - allow adding comments;
rc2 *) dhcpv4-server - remove dynamic leases when server configuration is removed;
rc1 *) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
rc1 *) dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
rc5 *) dhcpv6 - added VRF support;
rc2 *) dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
rc2 *) dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
rc2 *) dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
rc5 *) dude - fixed The Dude client compatibility with RouterOS v7;
rc6 *) dude - fixed The Dude compatibility with ARM64;
rc1 *) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
rc5 *) firewall - improved available port lookup for source NAT when free port range is exhausted;
rc1 *) graphing - properly generate interface graph for traffic higher than 2.1Gbps;
rc1 *) hotspot - fixed login page over HTTPS;
rc2 *) hotspot - fixed memory leak on every web page loading;
rc2 *) hotspot - fixed web page loading using HTTPS;
rc2 *) ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
rc2 *) interface - fixed minor memory leak when interface or connected route is changed;
rc1 *) ipsec - added hardware acceleration support for CCR2116;
rc5 *) ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
rc5 *) ipv6 - do not add duplicate dynamic prefix when static already exists;
rc5 *) ipv6 - fixed "retransmissit-interval" unit value;
rc5 *) ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
rc5 *) l2tp - fixed CHAP challenge packet processing over IPsec;
rc6 *) l2tp - improved service stability when disabling L2TP server with connected clients;
rc4 *) l2tp - improved system stability when processing L2TP control messages;
rc2 *) l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
rc2 *) l3hw - fixed HW offloaded NAT;
rc1 *) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
rc1 *) l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
rc1 *) l3hw - fixed bonding source MAC address;
rc6 *) l3hw - fixed default route offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
rc5 *) l3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
rc1 *) l3hw - improved system stability when using 7 or more VLAN interfaces;
rc5 *) led - fixed LED behavior on Audience;
rc5 *) led - reduced LTE signal LED range to -70;
rc2 *) leds - fixed user LED on RB750Gr3;
rc5 *) log - added warning message when connection tracking table is full;
rc2 *) log - include message also in e-mail body;
rc1-rc2 *) lora - fixed "antenna-gain" parameter unit;
rc5 *) lte - add IPv6 address on interface as well;
rc2 *) lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
rc2-rc4 *) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
rc1 *) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
rc2 *) lte - added class based support for configless RNDIS LTE modems;
rc5 *) lte - added support for Uplink CA reporting;
rc5 *) lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
rc5 *) lte - do not loose "band" configuration after reboot on Chateau 5G;
rc2 *) lte - do not show external antenna selector on devices that does not support it;
rc6 *) lte - enabled multi-APN and name re-use support for Chateau;
rc1 *) lte - expose diagnostics channel for all modems;
rc1 *) lte - fixed "monitor" command to not report old info;
rc5 *) lte - fixed AT command response handling on R11e-LTE;
rc2 *) lte - fixed IPv6 address addition after startup on R11e-LTE6;
rc5 *) lte - fixed MBIM modem reset on AT timeout;
rc5 *) lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
rc1 *) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
rc2 *) lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
rc2 *) lte - fixed support for Sierra MC7710;
rc2 *) lte - fixed support for Telit 960;
rc2 *) lte - improved stability on "+EGMR" response in MBIM mode;
rc6 *) lte - improved stability when modem disappears during firmware upgrade;
rc2 *) lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
rc4 *) lte - made "no" the default value for "use-network-apn" parameter;
rc2 *) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
rc4 *) ntp - allow adding duplicate server address if dynamic entry exists;
rc4 *) ntp - fixed multicast mode support;
rc4 *) ntp - improved IPv6 address support;
rc5 *) ntp - improved service stability when none of the NTP servers are reachable for a while;
rc6 *) ntp - improved source address usage for reply packets;
rc1 *) ntp - print log change time with time-zone applied;
rc2 *) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
rc2 *) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
rc2 *) ospf - fixed MD5 authentication;
rc2 *) ospf - fixed NBMA hello's not being sent if priority is set to 0;
rc4 *) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
rc2 *) ospf - fixed default type-3 LSA's not being injected to stub area;
rc1 *) ospf - fixed distance if "originate-default" is set to "always";
rc4 *) ospf - fixed external LSA not updating after prefix netmask change;
rc2 *) ospf - fixed incorrect LSA types when changing area types;
rc2 *) ospf - fixed neighbor election failure;
rc1 *) ospf - fixed neighbor stuck in ExStart;
rc1 *) ospf - fixed simple authentication;
rc5 *) ospf - general stability improvements;
rc5 *) ospf - improved DB retransmit logging;
rc1-rc2 *) ospf - improved logging;
rc1 *) ospf - improved overall stability;
rc1 *) ospf - improved stability for very large LSDB;
rc2 *) ospf - improved stability on OSPFv3 instance disabling;
rc1 *) ospf - improved stability when DR goes down;
rc1 *) ospf - improves stability when handling looped back OSPF packets;
rc6 *) ospf - properly set VRF for gateway;
rc5 *) ospf - send notifies for neighbors;
rc1 *) ovpn - added SHA2 authentication algorithm support;
rc1 *) ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
rc1 *) ovpn - added option to send disconnect message in UDP mode;
rc1 *) ovpn - fixed large option message parsing;
rc2 *) ovpn - improved UDP session handling;
rc5 *) ovpn - improved memory allocation on Tile in "ethernet" mode;
rc5 *) ovpn - improved system stability in high load scenarios;
rc5 *) pimsm - fixed menu prints;
rc5 *) pimsm - general stability improvements;
rc6 *) poe - fixed PoE driver loading on CRS354-48P-4S+2Q+;
rc1 *) poe - update PoE firmware only on devices that support it;
rc4 *) ppp - added "comment" option for PPPoE servers;
rc2 *) ppp - fixed AT+CPIN chat when SIM PIN is specified;
rc4 *) ppp - improved stability when handling large amount of connections simultaneously;
rc1 *) ppp - show local and remote IPv6 addresses (CLI only);
rc1 *) pppoe - added option to configure "host-uniq" parameter;
rc1 *) pppoe - added option to ignore PADI messages with empty service name;
rc1 *) pppoe - use default MTU of 1492;
rc1 *) pptp - added insecure connection warning;
rc2 *) pptp - show insecure connection warning on dynamic interfaces;
rc2 *) qsfp - correctly display auto-negotiation status;
rc5 *) queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
rc1-rc2 *) queue - improved system stability when processing traffic;
rc4 *) queue - improved system stability when using more than 255 unique packet marks;
rc5 *) rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
rc5 *) rip - added logging;
rc5 *) rip - fixed route metrics;
rc5 *) rip - fixed route redistribution;
rc5 *) rip - use nexthop with interface;
rc6-rc7 *) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
rc1 *) route - fixed "min-prefix" configuration when set to 0;
rc2 *) route - fixed "suppress-hw-offload" update;
rc5-rc6 *) route - fixed "table" menu emptying after RouterOS upgrade;
rc5 *) route - fixed BGP atomic aggregate value;
rc4 *) route - fixed ECMP load balancing in FastPath;
rc5 *) route - fixed ECMP route removal;
rc4 *) route - fixed route addition to VRF from BGP;
rc2 *) route - fixed router's LSA for PTP networks;
rc2 *) route - fixed routing configuration export on SMIPS devices;
rc5 *) route - general stability improvements;
rc2 *) route - improved routing table print speed;
rc2 *) route - show OSPF and RIP specific attributes in "/routing route" table;
rc2 *) route-filter - fixed "return" action;
rc2 *) route-filter - fixed complex matchers with "|| or and &&";
rc2 *) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
rc2 *) route-filter - fixed range conversion after update from RouterOS v6;
rc1 *) route-filters - allow to filter and modify default route if "originate-default" is set to "always";
rc1 *) route-filters - fixed possible address list race condition and memory leak;
rc4 *) route-filters - renamed "*-set" to "*-list";
rc5 *) routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
rc5 *) routerboard - fixed WPS button functionality on Audience;
rc5 *) routing - added PCAP viewer tool for BGP advertisements debugging purposes;
rc5 *) routing-filter - fixed "bgp-*-communities-empty" matcher;
rc2 *) rpki - made RPKI verify non-strict, introduces new state "unverified";
rc2 *) rpki - show expire timer;
rc5 *) sfp - improved SFP module detection on CRS106 and CRS112;
rc2 *) smb - fixed SMB2.0 disk size reporting;
rc5 *) smips - improved RAM allocation;
rc4 *) sms - increased "at-chat" timeout when sending SMS;
rc2 *) snmp - added SFP vendor name to optical table;
rc2 *) snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
rc2 *) snmp - allow two level nesting for vlan, bonding speed query;
rc1 *) socks - fixed SOCKS5 support;
rc1 *) ssh - fixed forwarding with IPv6 link-local addresses;
rc1 *) ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
rc1 *) supout - added "port-controller" bridge section;
rc5 *) switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
rc4 *) switch - fixed port-isolation misconfiguration detection when using multiple switches;
rc5 *) switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
rc4 *) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
rc6 *) switch - properly limit maximum number of switch rules to 256 on RB5009;
rc2 *) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
rc1 *) tr069-client - accept 200-299 codes for HTTP diagnostics;
rc5 *) tr069-client - added support for 5G band configuration;
rc5 *) tr069-client - added support for wireless "skip-DFS" configuration;
rc1 *) tr069-client - added support for wireless client uptime reporting;
rc6 *) tr069-client - fixed RPC download of "3 Vendor Configuration File" with branding package;
rc2 *) traffic-flow - do not handle NAT events when "nat-events" is disabled;
rc2 *) traffic-generator - fixed transmit speed for multiple asymmetric streams;
rc1 *) upgrade - improved 404 error handling when checking for new versions;
rc1 *) upgrade - improved downgrade prompt message;
rc4 *) ups - fixed UPS support;
rc2 *) usb - fixed display of incorrect port count for USB serial ports;
rc1 *) user - removed obsolete "tikapp" policy;
rc1 *) user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
rc2 *) vlan - fixed improper VLAN priority addition for routed packets;
rc2 *) vxlan - allow unsetting "group" and "interface" properties;
rc4 *) vxlan - fixed running state after reboot when using "interface" and "group" settings;
rc2 *) webfig - do not show side menu if WebFig is disabled by skin;
rc1 *) webfig - fixed default configuration popup presence;
rc1 *) webfig - fixed user policy lookup for skin designer;
rc4 *) wifiwave2 - added "client-isolation" feature;
rc1 *) wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
rc1 *) wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
rc2 *) winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
rc2 *) winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
rc2 *) winbox - added "Ignore Missing" selector to "System/Packages" menu;
rc1 *) winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
rc2 *) winbox - added "Routing Table" parameter for IPv6 routes;
rc1 *) winbox - added "TLS Version" parameter for "Interface/OVPN";
rc2 *) winbox - added "VPN" tab to "Routing/BGP" menu;
rc1 *) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
rc2 *) winbox - added "VRF" parameter to "IP/Services" menu;
rc2 *) winbox - added "comment" parameter to "User Manager/Users" menu;
rc4 *) winbox - added "host-uniq" parameter to PPPoE client interface;
rc2 *) winbox - added MLAG support;
rc2 *) winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
rc2 *) winbox - added ZeroTier support;
rc2 *) winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
rc1 *) winbox - added interface list support for "IP/Traffic Flow" menu;
rc1 *) winbox - added local/remote CPU load parameters for "Bandwidth Test";
rc5 *) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
rc5 *) winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
rc1 *) winbox - added support for "Tool/Speedtest" menu;
rc1 *) winbox - added support for W60G align tool;
rc5 *) winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
rc5 *) winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
rc2 *) winbox - allow setting "Interface" parameter for 100G LED types;
rc1 *) winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
rc1 *) winbox - do not require "name" and "file name" parameters for certificate import/export;
rc2-rc4 *) winbox - do not show "Antenna Scan" button on devices that do not support it;
rc1 *) winbox - do not show connection tracking table if it has more than 10000 entries;
rc5 *) winbox - fixed "00:00:00" time printing;
rc1 *) winbox - fixed "Switch" menu on Chateau devices;
rc2 *) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
rc1 *) winbox - fixed "expires-after" certificate parameter value;
rc2 *) winbox - fixed CHR License renewing process;
rc1 *) winbox - fixed address list type parameters in "Routing" menu;
rc2 *) winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
rc2 *) winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
rc1 *) winbox - fixed error message when adding NTH rule with "0" value;
rc1 *) winbox - fixed minor typo under "LTE" interface menu;
rc5 *) winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
rc1 *) winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
rc1 *) winbox - made "Routing Filters/Rules" table sortable;
rc2 *) winbox - made OSPF interface type names consistent between CLI and GUI;
rc1 *) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
rc5 *) winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
rc1 *) winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
rc2 *) winbox - properly save "IPv6/Settings" menu in session file;
rc5 *) winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
rc1 *) winbox - properly update ethernet auto negotiation status on CHR;
rc5 *) winbox - properly update server list under "System/NTP Client/Servers" menu;
rc1 *) winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
rc2 *) winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
rc1 *) winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
rc1 *) winbox - report local terminal session as "local" instead of "telnet";
rc1 *) winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
rc1 *) winbox - require non empty "Packet Mark" value under "Queues" menu;
rc2 *) winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
rc1 *) winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
rc1 *) winbox - show "Routes" column by default under "PPP/Secrets" menu;
rc5 *) winbox - show "System/Health/Settings" only on boards that have configurable values;
rc2 *) winbox - show "System/SwOS" menu only on boards that have dual boot;
rc1 *) winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
rc2 *) winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
rc1 *) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
rc1 *) winbox - use "total" as default value for "Tools/Profile";
rc4 *) wireguard - allow same peer's public key for different interfaces;
rc1 *) wireguard - fixed IPv6 LL address generation;
rc4 *) wireguard - fixed IPv6 traffic processing with multiple peers;
rc1 *) wireguard - made "preshared-key" and "private-key" values sensitive;
rc4 *) wireless - added "3gpp-info" parameter to interworking configuration;
rc4 *) wireless - added EAP-AKA to interworking's realm configuration;
rc1 *) wireless - added information about client signal strength to log messages about disconnections;
rc4 *) wireless - correctly preserve WMM priority when receiving packets;
rc1 *) wireless - fixed frequency range information for IPQ4019 interfaces;
rc2 *) wireless - fixed interface initialization on Metal 2SHPn;
rc4 *) wireless - improved nv2 link stability;
rc2 *) wireless - improved wireless connection stability during background scans;
rc5 *) www - fixed "tls-version" for SSL;
rc2 *) x86 - added support for Intel E810 NIC;
rc5 *) x86 - allow to select disk for install image;
rc5 *) x86 - fixed NVME partition path;
rc6 *) x86 - fixed VLAN tagged packet transmit;
rc2 *) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
rc2 *) x86 - properly distinguish multiple NICs that share the same PCI bus number;
rc5 *) zerotier - fixed IPv6 support;
rc2 *) zerotier - made MAC and MTU values read-only;
rc1 *) zerotier - properly handle IP address change;

Changes since last rc (rc7) Find using compare duplicate cells in Excel.

Nice work

again, no
red -> error
blue -> warning

Winbox uses the red colored font for any messages. e.g. for informing you that a new LTE-firmware is available. I guess you would agree, that a firmware-update is not an error. And many more places, where they use that color.

But regardless, why do you insist for a blue colored message? Red is not reserved for "error" only. It can be a alert or warning as well. Sure, usually you use red=error, orange=warning and for anything completely informational maybe a completely "un-annoying" color like blue. But would you freak out for a orange warning message as well? I would assume so.

regarding changelog:

as always, there were changes backported to 7.1.x already. So not everything stated in the changelog is completely new. Some changes were already included in 7.1.5.

In CAPSMAN, we have duplication of
- Provisioning
- Configurations
- Channels
- Datapaths
- Security Cfg.

Deleting the added ones (other but first entry for each "block" cleans this up - no malfunctions, just confusion.

dot1x still broken on 7.2

*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);

Don't we need something like "discard-v6-configuration-completely-please-I-am-from-v7" to remove any "historical" data from a router?

RouterOS already has such a feature, it is called /system reset-configuration. "force config upgrade" feature was added, to trigger v6 config reimport whenever RouterOS add parts of config upgrade that were not implemented in previous v7 versions.

RouterOS already has such a feature, it is called /system reset-configuration.

How to safely use it on remote devices available only over L3 networks?

The upgrade went ok on an rb750gr3 from 7.1.5 to 7.2. It still downloaded very, very slowly, but without constant timeouts this time.

Comparing an export from before and after the upgrade, everything remained the same, except this was added in 7.2:
I don't use the openvpn server. I don't think it's a problem, though.

Updated successfull from 7.2RC7 or 7.1.5 to 7.2 (ROS and FW) on following devices:
- RB5009UG+S+
- CRS326-24S+2Q+
- 2x CRS328+24P-4S+
- 2x CRS326-24G-2S+, one lost the "bridge" after ROS update
- 4x CAP AC
- CAP AC XL
- RB4011iGS+5HacQ2HnD (CAPsMAN)

Except the one with the lost "bridge" all went smooth and without problems.
Until now everything looks fine :-)

Wow, this is great. Now it seems I'll migrate my infra to 7.2 from 6.xx.
MT, great work 👍

I would hold off on that for at least a week, you do not want critical infrastructure on a just released stable.

unfortunately, the memory leak is not fixed (hap ac2)

Don't we need something like "discard-v6-configuration-completely-please-I-am-from-v7" to remove any "historical" data from a router? :)

RouterOS already has such a feature, it is called /system reset-configuration.

That resets the v7 config as well. It would be reasonable to expect a command that removes v6 configuration from a v7 device, to be sure that it will never bite in the future (and reduce the size of backups).

unfortunately, the memory leak is not fixed (hap ac2)

It will likely never be fixed when there are only reports like that, without supout.rif file sent to support/jira.

@peichl I have a ticket open (with supout files), it was just to inform others that it's still not fixed in 7.2 stable

*) ccr2004 - improved system stability on CCR2004-12S+2XS;

Thanks a Lot, this fixes long awaited bug of ccr2004 random reboot.
finally wait is over 1.5 Year.
thanks a lot Mikrotik.

Wow, this is great. Now it seems I'll migrate my infra to 7.2 from 6.xx.
MT, great work 👍

I would hold off on that for at least a week, you do not want critical infrastructure on a just released stable.

It mainly depends on what features you use and do not use. When you use BGP, you likely want to wait for a 7.3 release. When it is a home router/AP, you could likely upgrade without many issues.

any hope to get a smaller wifiwave2 packages, i have an early cap ac / hap ac2 version with 256 meg of ram but with the small space, i would love to try it out

Graphs still not working over https on WebFig. Error 404: Not Found. You should really fix this. Pretty much you fixed hotspot, but not Graphs. This issue is been there for ages.

any hope to get a smaller wifiwave2 packages, i have an early cap ac / hap ac2 version with 256 meg of ram but with the small space, i would love to try it out

I have it running on AC3. I am not that impressed as far 5Ghz is concerned. I get more or less the same speeds as the old drivers.
On 2.4 it is a positive step, there I see improvement (speed and stability).

CAPsMAN broken on my RB3011, both of my CAPS (running 7.1.5) get failed: timeout when trying to register.

e.g.:

Apr 5 07:20:47 aruma-downstairs-cap-hapac2 CAP selected CAPsMAN aruma-RB3011-gw (::ffff:10.1.xxx.xxx:5246)
Apr 5 07:21:07 aruma-downstairs-cap-hapac2 CAP connect to aruma-RB3011-gw (::ffff:10.1.xxx.xxx:5246) failed: timeout
Apr 5 07:21:07 aruma-downstairs-cap-hapac2 CAP failed to join aruma-RB3011-gw (::ffff:10.1.xxx.xxx:5246)
Apr 5 22:21:07 aruma-upstairs-cap-hapac2 CAP connect to aruma-RB3011-gw (B8:69:F4:8E:88:97/6/0) failed: timeout
Apr 5 22:21:07 aruma-upstairs-cap-hapac2 CAP failed to join aruma-RB3011-gw (B8:69:F4:8E:88:97/6/0)

Had to roll back to 7.1.5 on my RB3011 to resolve.. will wait for 7.2.1 for a fix.

EDIT: As soon as I rolled back to 7.1.5 on the RB3011 CAPsMAN Controller:

Apr 5 02:00:19 aruma-RB3011-gw CAPsMAN: [48:8F:5A:DE:EB:BB/23/658e,Join,[48:8F:5A:DE:EB:BB]] joined, provides radio(s): 48:8F:5A:DE:EB:C1,48:8F:5A:DE:EB:C0
Apr 5 22:27:25 aruma-RB3011-gw CAPsMAN: [48:8F:5A:DF:06:17/23/e4ec,Join,[48:8F:5A:DF:06:17]] joined, provides radio(s): 48:8F:5A:DF:06:1D,48:8F:5A:DF:06:1C
Apr 5 22:27:29 aruma-RB3011-gw CAPsMAN: 2Ghz-aruma-downstairs-cap-hapac2-1: selected channel 2412/20-Ce/gn/P(25dBm)
Apr 5 22:27:29 aruma-RB3011-gw CAPsMAN: 2Ghz-aruma-downstairs-cap-hapac2-1: reselect channel in 82800 seconds
Apr 5 22:27:32 aruma-RB3011-gw CAPsMAN: 5Ghz-aruma-downstairs-cap-hapac2-1: selected channel 5200/20-eC/ac/P(23dBm)
Apr 5 22:27:32 aruma-RB3011-gw CAPsMAN: 5Ghz-aruma-downstairs-cap-hapac2-1: reselect channel in 82800 seconds
Apr 5 22:27:35 aruma-RB3011-gw CAPsMAN: 2Ghz-aruma-upstairs-cap-hapac2-1: selected channel 2412/20-Ce/gn/P(25dBm)
Apr 5 22:27:35 aruma-RB3011-gw CAPsMAN: 2Ghz-aruma-upstairs-cap-hapac2-1: reselect channel in 82800 seconds
Apr 5 22:27:39 aruma-RB3011-gw CAPsMAN: A8:47:4A:XX:XX:XXX@5Ghz-aruma-downstairs-cap-hapac2-1-1 connected, signal strength -73
Apr 5 22:27:40 aruma-RB3011-gw CAPsMAN: B8:69:F4:XX:XXX:XX@5Ghz-aruma-downstairs-cap-hapac2-1-1 connected, signal strength -57
Apr 5 22:27:41 aruma-RB3011-gw CAPsMAN: 5Ghz-aruma-upstairs-cap-hapac2-1: selected channel 5240/20-eC/ac/P(23dBm)
Apr 5 22:27:41 aruma-RB3011-gw CAPsMAN: 5Ghz-aruma-upstairs-cap-hapac2-1: reselect channel in 82800 seconds
Apr 5 22:27:43 aruma-RB3011-gw CAPsMAN: 5C:C5:D4:XXX:XX:XX@5Ghz-aruma-downstairs-cap-hapac2-1-1 connected, signal strength -86

CAPsMAN broken on my RB3011, both of my CAPS (running 7.1.5) get failed: timeout when trying to register.

e.g.:

Apr 5 07:20:47 aruma-downstairs-cap-hapac2 CAP selected CAPsMAN aruma-RB3011-gw (::ffff:10.1.xxx.xxx:5246)
Apr 5 07:21:07 aruma-downstairs-cap-hapac2 CAP connect to aruma-RB3011-gw (::ffff:10.1.xxx.xxx:5246) failed: timeout
Apr 5 07:21:07 aruma-downstairs-cap-hapac2 CAP failed to join aruma-RB3011-gw (::ffff:10.1.xxx.xxx:5246)
Apr 5 22:21:07 aruma-upstairs-cap-hapac2 CAP connect to aruma-RB3011-gw (B8:69:F4:8E:88:97/6/0) failed: timeout
Apr 5 22:21:07 aruma-upstairs-cap-hapac2 CAP failed to join aruma-RB3011-gw (B8:69:F4:8E:88:97/6/0)

Had to roll back to 7.1.5 on my RB3011 to resolve.. will wait for 7.2.1 for a fix.

Seems not to be a general problem, my CAPsMAN on RB4011 (7.2) runs smooth with 5x CAP AC (XL) on 7.1.5. Even the update on the CAPs to 7.2 went smooth, also.

runs smooth with 5x CAP AC (XL) on 7.1.5....

Side question: where the hell did you get those ? There is nowhere cAP AC or XL AC to be found anymore ...

Seems not to be a general problem, my CAPsMAN on RB4011 (7.2) runs smooth with 5x CAP AC (XL) on 7.1.5. Even the update on the CAPs to 7.2 went smooth, also.
[/quote]

Maybe its an RB3011 thing, swapped back to my 7.1.5 partition and it all came back up, even with the 7.2 routerboard routerboot firmware active (didnt roll that back)

Edit: Just to expand, both of my CAP's are hAPac2's running RouterOS 7.1.5, never had this issue upgrading with CAPsMAN failing to register on previous versions. I'll stick to 7.1.5 on the RB3011 for now until somebody can shed some light on what the issue may be.

runs smooth with 5x CAP AC (XL) on 7.1.5....

Side question: where the hell did you get those ? There is nowhere cAP AC or XL AC to be found anymore ...

CAP AC: https://mikrotik.com/product/cap_ac
CAP XL AC: https://mikrotik.com/product/cap_xl_ac

I´ve bought them ca. 1 year ago....

For example: https://www.getic.de/product/routerboard-cap-ac

Tjeez ... that's a LOONG changelog indeed ...

Yeah, because it is relative to 7.1. They should have made a changelog relative to 7.2rc7 as well.

100% agree.
The top section should be new since latest RC candidate, like baby fresh spanking new!! ( THANKS JOTNE!!)
(No new stuff added since rc7)
The next section should include all the changes due to the last RC candidate
The next section should include all the changes due to the previous RC candidate and so ON.

In that way all can appreciate where they sit in relation to the changes.

Wow, this is great. Now it seems I'll migrate my infra to 7.2 from 6.xx.
MT, great work 👍

I would hold off on that for at least a week, you do not want critical infrastructure on a just released stable.

Sage advice, and I would go one step further, wait for the first LONG term release on vers7 !!

The defaults changed, to get rid:

Code: Select all

/interface/ovpn-server/server/set auth=md5,sha1,sha256,sha512;

Thanks.

any hope to get a smaller wifiwave2 packages, i have an early cap ac / hap ac2 version with 256 meg of ram but with the small space, i would love to try it out

I have it running on AC3. I am not that impressed as far 5Ghz is concerned. I get more or less the same speeds as the old drivers.

...really? I get 500+ Mbps compared to 280Mpbs on my ac3 units, running wifiwave2 (on 7.1.1)
Edit: see viewtopic.php?p=909465#p909378

...really? I get 500+ Mbps compared to 280Mpbs on my ac3 units, running wifiwave2 (on 7.1.1)
Edit: see viewtopic.php?p=909465#p909378

I get 400+ before and after wifiwave2, maybe a tad more on the latter. So really not impressed :lol:

*) pppoe - use default MTU of 1492;

Still waiting for the bugfix for this. This happens when ethernet MTU > 1500 and ISP doesn't support more than 1492 MTU for PPPoE.
As mentioned in the reopened SUP-38224.

Is it from now on recommended to run cpu-frequency set to auto?
I have the strong feel, that "auto" caused problems (lockups, overheating or even device-damage?) in the past.

It seems that on some devices where the max possible CPU clock was higher than the default, AUTO would crank up the clock to that max value when the device was overloaded.
That does not seem like a good plan. It should not use a higher CPU clock than the recommended value in AUTO mode (no overclocking).
No idea if that was fixed now... is a bit difficult to check.

@pe1chl it will probably never get fixed since not many problems were found to be related to overclocking, or just overlooked as a possible cause(?).
See here, new product: https://mikrotik.com/product/cube_60pro_ac
The same ipq4019 advertised as 448 - 896 MHz instead of the default 716MHz.
So this seems to be the new default, sadly, for these chips.

I get 400+ before and after wifiwave2, maybe a tad more on the latter. So really not impressed :lol:

...then you are one of the lucky users, where standard wifi drivers worked good already (never had 300+ here). Maybe you should upgrade your clients to see a difference like I do ;-)

@Ullinator: I think he meant to buy available cap ac's - also Getic/EuroDK does not have cap ac's in stock, but expects them in mid-June.

See here, new product: https://mikrotik.com/product/cube_60pro_ac
The same ipq4019 advertised as 448 - 896 MHz instead of the default 716MHz.
So this seems to be the new default, sadly, for these chips.

Well, when it is used in a link device without a lot of features enabled it likely is not loaded that heavily and the clock remains low.
But when it somehow ends up in a CPU loop or is loaded heavily due to unwise configuration (L7 matchers etc) it could crank up the clock and when it is in hot weather that may not be a good idea.
When we are lucky, there is feedback from the CPU temperature measurement into the clock selection. Difficult to know without documentation.

EDIT: got up after almost 10 minutes of waiting.

....standard for DFS channel search/wait on 5GHz band...has always been there (must be, as per country regulations).

hAP-ac3, after upgrade to 7.2 only 2.4 GHz wifi is announced, 5 GHz is not visible although WiFi interface is present and enabled.

Anyone else facing same issue?

EDIT: got up after almost 10 minutes of waiting.

Radar detection-avoidance?

What is the frequency/channel?

EDIT: got up after almost 10 minutes of waiting.

....standard for DFS channel search/wait on 5GHz band...has always been there (must be, as per country regulations).

Yup. Look no further then this.

But something was fixed. We do not know.

Code: Select all

*) arm - fixed "auto" CPU frequency setting;

But something was fixed. We do not know.

How can you change the frequency on devices which allow to do so ?

*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);

Don't we need something like "discard-v6-configuration-completely-please-I-am-from-v7" to remove any "historical" data from a router? :)

I'd say this:
But I'm not sure what that does ;).

By the same token, while export format using the spaces, the CLI forces "slash commands" like /ip/address/print syntax – but that's not what export uses. So all stored configuration is V6 format? And ROS stores the old V6 configuration someplace? Very confusing conceptually. But in reality ROS does seem to deal with slash vs space okay. And I haven't seen a V6 route table accidentally get re-applied.

I had a strange experience when I updated my CCR1009-7G-1C from 7.1.5 to 7.2. I updated using winbox and system/packages, router rebooted and came back almost not responsive. Pings to the router were varying wildly in their response time, winbox and terminal commands were extremely slow. It felt like 1 or 0.5 frames per second for a refresh. I tried /tool/profile and there was no particular load, it showed about 1-5 % cpu usage. One reboot didn't help, it came back the same and didn't stabilize in minutes. Fortunately I had copied the previous system to another partition and was able to reboot back to 7.1.5. Everything was back to normal then.

I had the same symptoms a couple of weeks ago while I tried to use a GPON-SFP. While the SFP-module was active, the same symptoms appeared. Pulling the module brought everything back to normal. Therefore I decided that this might be a SFP problem and continued using the ISP GPON-ONT connected by patch cable. But today the symptom came simply by upgrading to V7.2. Has anyone experienced something similar?

How can you change the frequency on devices which allow to do so ?

/system/routerboard/settings/set cpu-frequency=
and press <TAB> for see possible values for that model

Hello,
I just upgraded my RB4011 and no more IPv6 routing... (or firewalling blocking evrything ? even if I piut an acceot as first rule).
Do someone see something similar ?

I just upgraded my RB4011 and no more IPv6 routing... (or firewalling blocking evrything ? even if I piut an acceot as first rule).

You upgraded from what version?

The problem with clock set backwards and "router was rebooted without proper shutdown" every ca. 3h 43min is still there for RB3011 or RB4011. A stack overflow or memory leak? If my calculation is correct - the reboot happens every 13435 seconds.
NTP client is not active. After the reboot clock on the router goes backwards by 3h 43 mins. This was since I've upgraded to v7...



btw: CAPsMAN works fine for me for both RB3011 and 4011. I have 3 x hAP-ac2 attached. OSPF - no issues. VXLAN - no issues.

I just upgraded my RB4011 and no more IPv6 routing... (or firewalling blocking evrything ? even if I piut an acceot as first rule).

You upgraded from what version?

I upgraded from 7.1.5, just downgraded back to 7.1.5 and I get same problem.. So options are now :
1) I must also downgrade firmware (but How can I do it)
2) Problem is with next router, and it stopped working just when I upgraded...

I upgraded from 7.1.5, just downgraded back to 7.1.5 and I get same problem.. So options are now :
1) I must also downgrade firmware (but How can I do it)

System Routerboard and hit upgrade.
It will align with installed ROS version (so downgrade).

Awesome, have already started labbing 7.2.0, interesting though seems like L3VPN with route reflector still not working correctly, can see my routes dancing to a beat here https://streamable.com/3b8y3j

I Just upgrade CHR x86_64 from 7.1.5 to 7.2 but now wont start and keeps giving me Kernel panic error

It is time that we have IPv6 torch functionality working. It is a very basic thing.

Not sure if this has been reported, as its kind of an unoffical thing, but when upgrading my home RB4011 from 7.1.5 to 7.2 my ATT Gateway bypass using bridge method is no longer working. Did multiple reboots of both gateway and router and still wont obtain dhcp address. I then downgraded back to 7.1.5 and all is working again.

I think I have a new bug (same as I reported over the 7.1.5 version).. Here is the situation:

- I have an RB5009 with version 7.2 (was previously on 7.1.5) that has a S2S VPN using L2TP/IPSec to a remote hEX S (let's call it jump network server).
- The remote hEX S was using v6.49.5 but few days ago I upgrade it to version 7.2 (was previously on 7.1.5)
- The hEX S has L2TP/IPSec S2S VPNs to multiple clients.
- Testing 3 different remote clients (1 x RB4011 with remote IP 10.1.97.1, 1 x hAP AC2 with remote IP 10.1.64.1 and 1 x hEX S with remote IP 10.1.32.2).
- When I need to access the remote clients I go via the S2S VPN from my RB5009 into the hEX S and via noutive routing go via the S2S VPN to any of the 3 remote routes (RB4011, the other hEX S and the hAP AC2).
- The RB4011 and the hAP AC2 responds to ping but I cannot do either SSH or Winbox directly (The connection hangs like waiting to complete the 3 way handshake). The remote hEX S doesn't even respond to ping from my RB5009. but from the hEX S that has the S2S VPN I can ping it.

All my problems started when I upgraded the remote hEX S (let's call it jump network server) from 6.49.5 to 7.2. Before that I could access all the remote devices without a problem.

Let me add tests from RB5009:

To the RB4011: RB5009 --> hEX S (jump network server running 7.2) --> RB4011

[admin@MAK-IE01] > ping 10.1.97.1
SEQ HOST SIZE TTL TIME STATUS
0 10.1.97.1 56 63 177ms173us
1 10.1.97.1 56 63 180ms281us
sent=2 received=2 packet-loss=0% min-rtt=177ms173us avg-rtt=178ms727us max-rtt=180ms281us

[admin@MAK-IE01] > /tool traceroute 10.1.97.1
Columns: ADDRESS, LOSS, SENT, LAST, AVG, BEST, WORST, STD-DEV
# ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV
1 192.168.8.106 0% 4 155.1ms 158.4 155.1 160.7 2.4
2 10.1.97.1 0% 3 172.4ms 174.2 170.5 179.7 4

[admin@MAK-IE01] > /system/ssh user=admin 10.1.97.1 --> Here it hangs and never prompts for credentials

To the hAP AC2: RB5009 --> hEX S (jump network server running 7.2) --> hAP AC2

[admin@MAK-IE01] > ping 10.1.64.1
SEQ HOST SIZE TTL TIME STATUS
0 10.1.64.1 56 63 180ms998us
1 10.1.64.1 56 63 178ms718us
2 10.1.64.1 56 63 182ms464us
3 10.1.64.1 56 63 174ms432us
4 10.1.64.1 56 63 188ms320us
sent=5 received=5 packet-loss=0% min-rtt=174ms432us avg-rtt=180ms986us max-rtt=188ms320us

[admin@MAK-IE01] > /tool/traceroute 10.1.64.1
Columns: ADDRESS, LOSS, SENT, LAST, AVG, BEST, WORST, STD-DEV
# ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV
1 192.168.8.106 0% 4 155.3ms 164.1 155.3 174.1 7.7
2 10.1.64.1 0% 3 173.4ms 176 173.4 181.3 3.7

[admin@MAK-IE01] > /system/ssh user=admin 10.1.64.1 --> Here it hangs and never prompts for credentials

To the hEX S: RB5009 --> hEX S (jump network server running 7.2) --> hEX S

[admin@MAK-IE01] > ping 10.1.32.2
SEQ HOST SIZE TTL TIME STATUS
0 10.1.32.2 timeout
1 10.1.32.2 timeout
2 10.1.32.2 timeout
sent=3 received=0 packet-loss=100%

[admin@MAK-IE01] > /tool/traceroute 10.1.32.2
Columns: ADDRESS, LOSS, SENT, LAST, AVG, BEST, WORST, STD-DEV
# ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV
1 192.168.8.106 0% 1 155.4ms 155.4 155.4 155.4 0
2 100% 1 timeout
3 100% 1 timeout
4 0% 1 0ms

Let me add tests from hEX S (Jump Network Server):

To the RB4011: From hEX S (jump network server running 7.2) --> RB4011

[kirk@IMKS-RO01] > ping 10.1.97.1
SEQ HOST SIZE TTL TIME STATUS
0 10.1.97.1 56 64 26ms455us
1 10.1.97.1 56 64 20ms272us
2 10.1.97.1 56 64 17ms338us
sent=3 received=3 packet-loss=0% min-rtt=17ms338us avg-rtt=21ms355us max-rtt=26ms455us

[kirk@IMKS-RO01] > /tool/traceroute 10.1.97.1
Columns: ADDRESS, LOSS, SENT, LAST, AVG, BEST, WORST, STD-DEV
# ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV
1 10.1.97.1 0% 5 25.8ms 20.6 16.3 25.8 4

[kirk@IMKS-RO01] > /system/ssh user=admin 10.1.97.1
password: --> It type the password I get connection via SSH

To the hAP AC2: From hEX S (jump network server running 7.2) --> hAP AC2

[kirk@IMKS-RO01] > ping 10.1.64.1
SEQ HOST SIZE TTL TIME STATUS
0 10.1.64.1 56 64 26ms462us
1 10.1.64.1 56 64 17ms959us
2 10.1.64.1 56 64 23ms515us
sent=3 received=3 packet-loss=0% min-rtt=17ms959us avg-rtt=22ms645us max-rtt=26ms462us

[kirk@IMKS-RO01] > /tool/traceroute 10.1.64.1
Columns: ADDRESS, LOSS, SENT, LAST, AVG, BEST, WORST, STD-DEV
# ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV
1 10.1.64.1 0% 2 26.3ms 26.3 26.3 26.3 0

[kirk@IMKS-RO01] > /system/ssh user=admin 10.1.64.1
password: --> It type the password I get connection via SSH

To the hEX S: From hEX S (jump network server running 7.2) --> hEX S

[kirk@IMKS-RO01] > ping 10.1.32.2
SEQ HOST SIZE TTL TIME STATUS
0 10.1.32.2 56 64 16ms85us
1 10.1.32.2 56 64 10ms331us
2 10.1.32.2 56 64 10ms215us
sent=3 received=3 packet-loss=0% min-rtt=10ms215us avg-rtt=12ms210us max-rtt=16ms85us

[kirk@IMKS-RO01] > /tool/traceroute 10.1.32.2
Columns: ADDRESS, LOSS, SENT, LAST, AVG, BEST, WORST, STD-DEV
# ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV
1 10.1.32.2 0% 2 10.2ms 11.1 10.2 12 0.9

[kirk@IMKS-RO01] > /system/ssh user=admin 10.1.32.2
password: --> It type the password I get connection via SSH even from the RB5009 it doesn't even respond to ping.

I have checked routes in both routers and they are good:

From RB5009:

[admin@MAK-IE01] > /ip/route/print
Flags: D - DYNAMIC; X, I, A - ACTIVE; c, s, d, v, y - COPY
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
DAv 10.1.32.0/19 <l2tp-l2tp-imks-ro01> 1
DAv 10.1.64.0/19 <l2tp-l2tp-imks-ro01> 1
DAv 10.1.96.0/21 <l2tp-l2tp-imks-ro01> 1

From the hEX S (Network Jump Server)

[kirk@IMKS-RO01] > /ip route/print
Flags: D - DYNAMIC; A - ACTIVE; c, s, d, v, y - COPY
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
DAc 192.168.8.100/32 l2tp-mak-out1 0

Note: I do Source NAT from the RB5009 to the hEX S with the 192.168.100/32 and I have those correctly working

Some my questions are:
- Why can I ping the remote devices but cannot connect to them via SSH and Winbox?
- Why I can ping 2 routers from the RB5009 but there is one that doesn't even respond to ping.

Looks to me that there is a weird or serious bug here based on this behavior. I can access remote devices if I do an SSH from my RB5009 to the hEX S jump server and from there I do another SSH to the target router instead of going directly.

Also checking logs I still see the CHAP Challenge not resolved between remote 6.49.x versions and the hEX S jump Server running 7.2 as seeing in this screenshot:

THIS IS ONLY A BIG MESS...
DO NOT POST EVERY PROBLEM AND DISCUSS ALL HERE,
Open separate topics for each problem AFTER SEARCH IF IS NOT PRESENT ALREADY ONE OPEN topic about the same,
and post here only the link with a brief description...
ALL THIS IS ULESESS AND MAKE ONLY CONFUSION.

How can you expect help if you are just making a big mess?

OpenVPN is not working anymore - log:
21:24:37 ovpn,info ovpn-out_1: initializing...
21:24:37 ovpn,info ovpn-out_1: connecting...
21:24:38 ovpn,info ovpn-out_1: using encoding - AES-256-CBC/SHA256
21:24:38 ovpn,info ovpn-out_1: connected
21:24:38 ovpn,info ovpn-out_1: terminating... - explicit peer disconnect
21:24:39 ovpn,info ovpn-out_1: disconnected

OpenVPN server:
model = RouterBOARD M33G
/interface ovpn-server server
set auth=sha1,sha256,sha512 certificate=osrv2 cipher=aes128,aes192,aes256 default-profile=default-encryption \
enabled=yes mode=ethernet netmask=30 port=1199 protocol=udp require-client-certificate=yes
OpenVPN client:
model = RouterBOARD cAP Gi-5acD2nD
/interface ovpn-client
add auth=sha256 certificate=ocl2 cipher=aes256 comment="LOPEN VPN" connect-to=xxxxxxxxxx.sn.mynetname.net disabled=yes \
mac-address=02:64:D9:E0:5E:69 mode=ethernet name=ovpn-out_1 port=1199 profile=L2TP_BCP protocol=udp use-peer-dns=no user=\
LOVPN

deprecate openvpn in routeros! for the love of wireguard peers, get rid of this thing.

Issue with 7.2

I try to upgrade CHR 6.49.5 running DUDE to 7.2.
at reboot "no system package found!"
Kernel panic.

JohnTRIVOLTA only tcp works

Issue with 7.2

I try to upgrade CHR 6.49.5 running DUDE to 7.2.
at reboot "no system package found!"
Kernel panic.

Dude server isn't released yet for 7.x under any platform that I know of.

*) wireguard - fixed IPv6 traffic processing with multiple peers;

IPv6 traffic processing with multiple peers is not fixed, broken since 7.1rc4. Have to reenter allowed address to allow IPv6 but only for one peer. SUP-78547.

Audience CPU Frequency bounces all over the place.

rb5009
hap ac2
crs305

all devices upgraded and look ok however

ros 7.2rc7 testing > 7.2 stable -> after click download and install -> hardware power off/on was needed for all 3 devices !!!
rb firmware 7.2rc7 testing -> 7.2 stable - no issues

I guess some issue with rb hardware version 7.2.rc7?! (no issues with chr from 7.2rc7 to 7.2 stable)

Upgraded an RB4011iGS+5HacQ2HnD-IN from 7.1.5 to 7.2
In my configuration I have a bonding interface setup on ether2 and ether3 (balance xor) which is a trunk port to a CRS326.
After the upgrade, the interface disappeared completely. I reloaded a 7.1.5 back-up file on the 7.2 installation and the configuration restored normally.
I did not notice any other problem, IPSec identities remained.
After recovering the RB4011, I also did an upgrade to the CRS326, from 7.1.5 to 7.2, without any issues - the bonding interface was ok.
I also updated a couple of hAP ac2's as well, again without any problems.
In fact, until now, I only encountered problems on upgrade with RB4011. The upgrade from 7.1.3 to 7.1.5 caused an issue with the routerboard firmware. After updating RouterOS, on restart, the router did not come back up and was not accessible anymore. I did a reset to default and on further investigation I discovered that the routerboard firmware reverted to factory default version 6.45.1. I did the firmware upgrade and after that restored the device from back-up.

*) wireguard - fixed IPv6 traffic processing with multiple peers;

IPv6 traffic processing with multiple peers is not fixed, broken since 7.1rc4. Have to reenter allowed address to allow IPv6 but only for one peer. SUP-78547.

Are you sure your config is correct? This was broken before for me aswell. But it has been working since some rc-versions now and still works.

Like with previous v7.x versions my Internet Detect feature was borked after the update (RB4011, hex S, hAP ac2). Disable and re-enable does the trick. No clue why this is ...

I upgraded from 7.1.5, just downgraded back to 7.1.5 and I get same problem.. So options are now :
1) I must also downgrade firmware (but How can I do it)

System Routerboard and hit upgrade.
It will align with installed ROS version (so downgrade).

Thanks. Indeed, it seems to be a bug was corrected that lead to this on my particular setting.

My RB4011 is behind a box from my ISP (Free in France). This box will route 8 /64 ranges to the mikrotik, but onky to a link local address (in fe80::/10)
The mac address of the bridge interface is 4A:8F:5A:98:36:82

In 7.1 link local address was fe80::4a8f:5aff:fe98:3682, 7.2 it is fe80::488f:5aff:fe98:3682
Difference is just one bit set to 0, and it is in the definition of EUI64 generation from Mac address. So it seems there was a bug in 7.1, corrected in 7.2 and so I have to change the setting of the ISP box. Everything works now

Like with previous v7.x versions my Internet Detect feature was borked after the update (RB4011, hex S, hAP ac2). Disable and re-enable does the trick. No clue why this is ...

Perhaps it's just that Detect Internet is adding a dhcp-client if there is no "internet" being detected?

This often an unexpected side-effect of the documented behavior:

an interface can obtain (or has obtained) an address from DHCP (does not apply if DHCP server is also running Detect Internet on the DHCP server interface).

So if an interface does not have a DHCP client listening, detect internet may add one for you – to solve the "can obtain...DHCP address". But this "feature" of internet detect has messed me up before –e.g. an unexpected default route being injected by dhcp-client taking over all routing.

IPv6 traffic processing with multiple peers is not fixed, broken since 7.1rc4. Have to reenter allowed address to allow IPv6 but only for one peer. SUP-78547.

Are you sure your config is correct? This was broken before for me aswell. But it has been working since some rc-versions now and still works.

Hello noradtux, I'm pretty sure it should suffice:

Like with previous v7.x versions my Internet Detect feature was borked after the update (RB4011, hex S, hAP ac2). Disable and re-enable does the trick. No clue why this is ...

Or, if you do follow the docs like:
That will add the detected interfaces to an interface list, as document. But your firewall has rules for WAN or LAN, that intermediate state at start up could get them in the wrong list and "stuck". So a timing issue at start up could get a WAN into a LAN list or vice version. So if you just want to "detect internet" & not modify you /interface/list/member you just need:

as that will not modify your interface lists (but still potentially add a DHCP client, depending on how careful reader you are, "randomly").


I do wish "detect internet" feature worked better actually. And docs are kinda sparse at all the various side-effects of using it... It pretty visible in the iOS app, so we have end customers try to enable it with a rather friendly "Do you want to enable Detect Internet?" & say "sure"... but this seemingly harmless choice has caused issues before....

But it does do what has done what docs say it does.

Do these apply to RB3011? Because I see hardware offloading gets disabled if I enable vlan-filtering on the bridge.

*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
*) l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
*) l3hw - fixed HW offloaded NAT;
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;

Issue with 7.2

I try to upgrade CHR 6.49.5 running DUDE to 7.2.
at reboot "no system package found!"
Kernel panic.

Dude server isn't released yet for 7.x under any platform that I know of.

Dude is back since 7.2 in all plateform

Do these apply to RB3011? Because I see hardware offloading gets disabled if I enable vlan-filtering on the bridge.

No. RB3011 does not support l3hw and fastpath/fasttrack is not hardware offloading either.
On the RB4011, hw offloading on vlan-filtering bridge is supported.

Upgraded RB1100AHx4, RB2011iL, CRS125-24G, cAP Lite, hAP ac, hAP ac^2 and mAP lite without problems.

Awesome, have already started labbing 7.2.0, interesting though seems like L3VPN with route reflector still not working correctly, can see my routes dancing to a beat here https://streamable.com/3b8y3j

Thanks for the info. Have you tried BGP signaled by VPLS?

CRS328-24P-4S+ still has SFP+ ports flapping when set at 10G. SUP-68278 in from last year about this with 7.x...

nRAY 60G link P2MP after update on 7.2 wireless dosnt connect. For the first time outside of long term. Let the devil quench my curiosity.

make this ugly red line at least blue, informative
or take it away when PPTP is disabled

I disagree.
That's the right color for that sort of message.

its dumb.. most people know what PPTP is.. but many of us have to work on Old stuff.. we still have devices out in the world running on modems and floppy drives.. not my choice but it works and we get paid to fix them..

same as PPTP.. nope its much less secure but putting red banners makes the customers go bonkers that we are installing insecure equipment. (when its really their stuff that is insecure... )..

if MT wants to put up banners give us a way to turn it off..

upgrade hAP ac^2 from 6.48.4 to 7.2 finish fine
But after upgrade, youtube videos, netflix video too, are very long to start (from 10 to 30s), some video/film pictures in youtube & netflix stay black too, it seems the download is difficult to start.
Never see that with another version.
I've roll back to 6.48.4 to check and videos are working fine again, so I've upgrade again to 7.2 but still the problem

(MKT support contacted)

upgrade hAP ac^2 from 6.48.4 to 7.2 finish fine
But after upgrade, youtube videos, netflix video too, are very long to start (from 10 to 30s), some video/film pictures in youtube & netflix stay black too, it seems the download is difficult to start.
Never see that with another version.
I've roll back to 6.48.4 to check and videos are working fine again, so I've upgrade again to 7.2 but still the problem

(MKT support contacted)

Did you check CPU Frequence?
Auto does not seem to work in mA hap ap2 aswell

upgrade hAP ac^2 from 6.48.4 to 7.2 finish fine
But after upgrade, youtube videos, netflix video too, are very long to start (from 10 to 30s), some video/film pictures in youtube & netflix stay black too, it seems the download is difficult to start.
Never see that with another version.
I've roll back to 6.48.4 to check and videos are working fine again, so I've upgrade again to 7.2 but still the problem

(MKT support contacted)

I've try to set each of the available values wo any change... so I've set back to auto

upgrade hAP ac^2 from 6.48.4 to 7.2 finish fine
But after upgrade, youtube videos, netflix video too, are very long to start (from 10 to 30s), some video/film pictures in youtube & netflix stay black too, it seems the download is difficult to start.
Never see that with another version.
I've roll back to 6.48.4 to check and videos are working fine again, so I've upgrade again to 7.2 but still the problem

(MKT support contacted)

Did you check CPU Frequence?
Auto does not seem to work in mA hap ap2 aswell

with CPU set at 716Mhz, it is a little bit better (less time to wait) but still not like with v6.48.4, it was playing instantly

Are you using IPv6 too? because your config might be broken now.

Did you check CPU Frequence?
Auto does not seem to work in mA hap ap2 aswell

with CPU set at 716Mhz, it is a little bit better (less time to wait) but still not like with v6.48.4, it was playing instantly

No v6, the is little bit complicated, with 2 vpn and som fw rules
I will try to reset the conf and redo it form scratch

with CPU set at 716Mhz, it is a little bit better (less time to wait) but still not like with v6.48.4, it was playing instantly

No v6, the is little bit complicated, with 2 vpn and som fw rules
I will try to reset the conf and redo it form scratch

After reconfigure from scratch : it is working fine !
So, it meens that's better to export configuration before upgrading, reset the conf after upgrade, then redo all the conf and reboot ... after all is working fine
:)

Chateau LTE12 completely dead after Upgrading Firmware to 7.2 !!!!
Any idea what to do now ?

Chateau LTE12 completely dead after Upgrading Firmware to 7.2 !!!!
Any idea what to do now ?

https://help.mikrotik.com/docs/display/UM/Chateau+LTE12
NETInstall procedure

Hawkeye583: when the "use-doh-server" parameter is set, the "servers" parameter is ignored. Since you have used an fqdn as the doh server, it can't be resolved.
You either have to create a static A/AAAA record for cloudflare-dns.com or use the ip address in the url.
The easiest would be to set your doh-server=https://1.1.1.1/dns-query

Netinstall didn't work !
Resetted to factory defaults and then restored the Backup.
Strange thing but for now it looks ok

Mikrotik's SNMP MIB is not being answered in this release. Updated machine is very colorful in the monitoring right now :-/ apart from that, update on CRS328 went very smooth.

Netinstall didn't work !
Resetted to factory defaults and then restored the Backup.
Strange thing but for now it looks ok

I didn´t tried netinstall in 7.2 but in my experience netinstall is a pricky thing. :-/
I´ve bought an external USB2ETH adapter (Realtek) only for netinstall and have to disable ALL other network interfaces (incl. Bluetooth) to make it work.
And only a direct connection between MT device and the NIC works, not a connection over a switch.

In dhcpv6 client when i select add default rout, i get prefix but nothing add in ipv6 address list, so ipv6 for clients does not work.
When i have not add default route and manual add ipv6 address for pool in address list, everything work perfect.

If you have specific improvement ideas in mind that should be added to https://help.mikrotik.com/docs/display/ ... forWindows ,please write to support@mikrotik.com

one most concrete one is to handle multiple interfaces on machine running netinstall binary gracefully (e.g. present dialog asking user which interface he wants to use).

This one would resolve like a tons of issues.

OpenVPN client broken with AES-256-CBC since upgraded to RouterOS 7.2 (from 7.1.5), switching to Blowfish 128 works.

OpenVPN server (Ubuntu server, OpenVPN 2.4.7) log, with flapping (up and down) OVPN client interface in my HEX-S:

If you have specific improvement ideas in mind that should be added to https://help.mikrotik.com/docs/display/ ... forWindows ,please write to support@mikrotik.com

1. please fix IPv6 on help.mikrotik.com it has been down for quite some time already. when you cannot keep IPv6 working on the webservers it is better to remove it.
2. the netinstall tools (both for Windows and for Linux) need a "network interface selection" capability. the tools use the first available interface which fails on systems with more than one. It tried to netinstall on my Linux box spending lots of time to find this, and it is also reported by others (also on Windows).

Finally a great improvement in OpenVPN compared to previous version.
But I wish it could add TLS static key support in future version.

Have a new BGP Gateway Stack - Access Switch, Auth server and Border router - CCR 1072 x2 and a CRS317.
Upgraded as our new provider advertises 1M+ routes. Was Buit and tested on 7.1.3/7.1.5.
Border Routes seems happy enough - but freezes up when showing large chunks or routes (on 7.1.5 was just slow). Closing the route window or putting in a filter fixes this (as long as you filter out enough routes to view)
Access router has been in testing for over a month - now falls over every 1-5 hours on 7.2. have caught it 2 times and manually rebooted - but the last 2 times were "watchdog". Just before the last reboot it was showing data throughput to the border ~ 2-3x actual throughput. This was on the screen - updates in winbox were every 40-60seconds and were showing ~ correct throughput. Also - when this dies - the ethernet port fails - and the SFP+ port lights that are connected blink in unison on the act light (normally random with data)
that's the CCR's - the CRS317 seems to be happy enough - no apparent dramas there.
Had yet to put in my second access router - will be doing soon and will roll back the 1072 Acess router to 7.1.5 to hopefully stabilise it... if not will give it a rebuild and see how we go.

Regretting pulling the trigger for the bgp "improvements" considering the build went so well. if i get a chance will update.

MKX Thank you for your suggestions regarding the Netinstall process. We do take such suggestions into account, and many similar ones are already registered. Though unfortunately, at this time, I can't guarantee their implementation or give any estimates regarding them. As currently, RouterOS itself takes priority development-wise.
My question was more about how documentation could be adjusted, as from our point of view it seems fairly complete. Though I specifically meant Netinstall documentation, seems like your issue was mainly with Etherboot documentation. As for your ticket, it should be soon processed, sorry for the wait, and sending unrelated suggestions, likely won't affect that. This is just to outline that we welcome feedback.

And regarding Etherboot for all devices, the most error-free method is - to press the reset button, keep it pressed, power on the device, and wait until the device shows up in the Netinstall window, then release the button. This holds true for the Audience as well.
Which is described here as well: https://wiki.mikrotik.com/wiki/Manual:E ... set_button

In case anyone has suggestions, please send them to us directly, let's try to keep this topic release specific.

After update to 7.2 on my hap ac3 CPU settings:

716 is the default frequency for this device.
And if you set the value to "Auto", the warning disappears. But the frequency of the device varies from 448 to 678 (and in some places much higher)

Is HW offloading for limited to certain models? Because all of my routes on RB3011 are not hardware offloaded at all.

*) route - fixed "suppress-hw-offload" update;

And regarding Etherboot for all devices, the most error-free method is - to press the reset button, keep it pressed, power on the device, and wait until the device shows up in the Netinstall window, then release the button. This holds true for the Audience as well.
Which is described here as well: https://wiki.mikrotik.com/wiki/Manual:E ... set_button

It would be nice when there would be a new selection in System->RouterBoard->settings->Boot Device like "ethernet-if-fail-then-nand".
Sort of like the current "try-ethernet-once-then-nand" but with a timeout and which will stick in the config.
When you have radios mounted up on roofs and in towers it is an uncomfortable situation that should you need to netinstall them after an upgrade disaster, you can only do so with physical access.
It would be better when a device would show up in netinstall after just powercycling it. Of course this would be optional, some people may object to it as being "insecure", but with the outdoor devices on a closed network it should not matter much.
In the past I have set devices to "try-ethernet-once-then-nand" under the assumption that this would exactly be what I need, but unfortunately it gets reset to "nand-if-fail-then-ethernet" after reboot.

Is HW offloading for

Code: Select all

/ip routes

limited to certain models? Because all of my routes on RB3011 are not hardware offloaded at all.

Of course it is! It works only on the newest switches that have a switch chip that can do L3 routing.

@MT: Graphing is still broken with 7.2. If activated it breaks regulary my fiber connection between two CRS Switches. The SFP+ modules are on both sides S+85DLC03D onces After deactivating Graphing the error went away....
The fiber connection is ~35m long

Is the fix below, which was introduced in 7.2rc2, also included in the final 7.2?

*) crs3xx - improved SFP+/QSFP+ link stability for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v7.2rc1);

Is the fix below, which was introduced in 7.2rc2, also included in the final 7.2?

*) crs3xx - improved SFP+/QSFP+ link stability for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v7.2rc1);

If you use CTRL-F in your browser and search for part of that line, you would see it is included in the change log for 7.2 posted in the very first post of this thread.
If it is in the changelog, it should be included.
Makes sense, no ?

Is the fix below, which was introduced in 7.2rc2, also included in the final 7.2?

If you use CTRL-F in your browser and search for part of that line, you would see it is included in the change log for 7.2 posted in the very first post of this thread.
If it is in the changelog, it should be included.
Makes sense, no ?

It doesn't make sense to me, I can't find the text.
only that below:

*) crs1xx/2xx - fixed static switch host addresses after link down;
*) crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
*) crs3xx - fixed CPU load balancing for ARM dual core devices;
*) crs3xx - fixed QSFP+ interface LEDs;
*) crs3xx - fixed watchdog timer functionality;
*) crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;

Yes, changes that are introduced in rc1 and fixed in rc2, will not be mentioned in 7.2, because the changelog is comparison between last 7.1 release. People who are staying on "stable" branch would not have seeen any such issues, they were not affected.

My bad, only used "*) crs3xx - improved SFP" to search.
So I stand corrected (but it IS included as indicated by normis).

Is HW offloading for

Code: Select all

/ip routes

limited to certain models? Because all of my routes on RB3011 are not hardware offloaded at all.

Of course it is! It works only on the newest switches that have a switch chip that can do L3 routing.

Weird? I had an old RB2011 and the routes were marked hardware offloaded?

To clarify, the H flag does not mean that route IS hardware offloaded, but rather indicates that the route is a candidate to be chosen for hardware offloading.

After upgrade CAP AC i see warning "cpu not running at default frequency", but i use default frequency is 716 Mhz.
I don't want to set "auto".
Please fix it

Upgraded packages and firmware on 1x CHR, 1x RB3011, 2x wAP ac, 1x CRS309, 1x CRS112-8P-4S without any issues

After upgrade CAP AC i see warning "cpu not running at default frequency", but i use default frequency is 716 Mhz.
I don't want to set "auto".
Please fix it

Why?

Set it at 716, ignore the warning.

Why does RB5009 not show cpu type in system>resources

Set it at 716, ignore the warning.

Shouldn't that be auto ? It's there for a reason.

@holvoetn: It was a reply to viewtopic.php?t=184778#p924417

After upgrade CAP AC i see warning "cpu not running at default frequency", but i use default frequency is 716 Mhz.
I don't want to set "auto".
Please fix it

So, as I've said, the fix is to set it at 716MHz and ignore the warning.
I won't bother to understand why MikroTik devs implemented a half-broken-overclocking scaling governor as to tell you the reason behind it, feel free to ask them!

Yes, changes that are introduced in rc1 and fixed in rc2, will not be mentioned in 7.2, because the changelog is comparison between last 7.1 release. People who are staying on "stable" branch would not have seeen any such issues, they were not affected.

I am still seeing SFP+ port flapping with CRS328s, that has now spread to ethernet ports as well. SUP-68278 has been updated, yet again, since 7.2 is impacted, not just 7.1. No support has responded to the ticket in months, even though multiple supouts are attached. I've verified with other friends and forum members who have these switches that they encounter the same problems ever since 7.x upgrades.

The switch has been netinstalled with 7.2, reverted to default configuration, then had the RSC applied for my configuration, which is relatively basic. I definitely noticed that disk writes tend to trigger it, and have disabled as many as I can, but the device still periodically writes out.

Hi there,

OpenVPN is not working anymore - log:
21:24:37 ovpn,info ovpn-out_1: initializing...
21:24:37 ovpn,info ovpn-out_1: connecting...
21:24:38 ovpn,info ovpn-out_1: using encoding - AES-256-CBC/SHA256
21:24:38 ovpn,info ovpn-out_1: connected
21:24:38 ovpn,info ovpn-out_1: terminating... - explicit peer disconnect
21:24:39 ovpn,info ovpn-out_1: disconnected

Same thing for me on a hex-S with AES-256-CBC/SHA-1 and SHA-256 using TCP-Mode. This broken OpenVPN implementation resets its successfully established connection in an infinite loop.
In RouterOS 7.1.5 everything was fine tough... :-(((

Regards,
bronco

*) arm - fixed "auto" CPU frequency setting;

This was introduced in 7.2rc5. Several users reported over in the 7.2rc5 topic, that using cpu-frequency=auto is either unstable or slows things down (like queues which are quite cpu-intensive). So I am still waiting for a detailed explanation of this changelog entry.

Upgrading from 6.49.5 to 7.2 - RIP filters removed in migration, added back using new method (Rule) and applied. not sure if anything else missing, but working so far, so assuming just filters were missed in migration

Routing filter or prefix-list was removed? If it was routing filters then please provide the export from v6 routing filters that did not upgrade.

Routing filter or prefix-list was removed? If it was routing filters then please provide the export from v6 routing filters that did not upgrade.

Good point, Ill have to restore an image to check, but I believe for RIP I was using Prefix Lists and for BGP I use Routing Filters. If using Prefix Lists, are these depreciated in 7,x?

If using Prefix Lists, are these depreciated in 7,x?

Yes, prefix lists are deprecated, now everything is filtered by routing filters.

mrz write:

Yes, prefix lists are deprecated, now everything is filtered by routing filters.

Maybe some Guide / Introduction into changes to Router7.

added note to the basic example page

mrz write:

Yes, prefix lists are deprecated, now everything is filtered by routing filters.

Maybe some Guide / Introduction into changes to Router7.

There is documentation at https://help.mikrotik.com/docs/display/ROS/Routing
Unfortunately not really a "when you are used to doing things like this, now it is done like that".

Since the update to 7.2 I have "router was rebooted without proper shutdown" events every few hours.
Installed April 5th at 22:50 hours local time. With firmware reboot at 22:54 hours.
Now April 6th 16:05 hours and I have 22 connection failure events. 2 of them are the update.
The other 20 are unknown spontanious reboots of my routerboard.

The same problem on firmware 7.2, rolled back to 7.1.5, the problem is gone. Model: RB4011iGS+5HacQ2HnD

Hi all,

Someone have a problem with route -> checking gateway with bfd, on hEX, on V7.2 (fresh install) ?

I have this config who works like a charm on hEX/Chateau (tuned for each, of course) on 7.1.3 (not tested on newer):
And the bfd seems doesn't work anymore on v7.2 :-(. I have test with ping, but the delay is too long.

BFD is not yet implemented :-(