RouterOS version 7.4 is released in the "v7 stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during the upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.4 (2022-Jul-19 14:25):

Important note!!!

- Container package is not available in v7.4. Development and testing continues in "testing" channel.

Changes in this release:

*) api - fixed comma encoding within URL when using the ".proplist" argument;
*) bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
*) capsman - require a unique name for configuration and configuration pre-sets;
*) certificate - fixed new CRL updating;
*) chr - fixed booting with added additional SCSI disk;
*) cloud - print critical log message when system clock gets synchronized;
*) console - added ":retry" command;
*) console - fixed situation when print output was not consistent;
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) dhcp-relay - fixed DHCPv6 relay forward and reply creation (introduced in v7.1.3);
*) dhcp-server - change "vendor-class-id" matcher to generic option matcher;
*) dhcpv4-server - disallowed overriding message type option;
*) dhcpv4-server - log message when user option updates existing option;
*) dhcpv4-server - placed option 53 as the first one in the packet;
*) dns - convert the domain name to lowercase before matching regex;
*) dot1x - fixed "undo" command for server instances;
*) e-mail - added VRF support;
*) filesystem - fixed repartition on RB5009 series devices;
*) firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
*) firewall - added support for IPv6/Firewall/NAT action=src-nat rules;
*) firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
*) firewall - fixed IPv6/Firewall/RAW functionality;
*) firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
*) firewall - properly handle interface matcher when VRF interface is specified;
*) health - fixed requesting data from sensor when issuing "get" command;
*) health - fixed voltage reporting on some RBmAP-2nD devices;
*) hotspot - fixed ARP resolution for clients when address pool is specified on the server;
*) hotspot - fixed Walled Garden entries with action=deny;
*) ipv6 - fixed system stability when adding/removing IPv6 address;
*) l2tp - improved stability when establishing l2tp-ether connection (introduced in v7.3);
*) ldp - correctly handle AFI selection for usage on dual-stack peers;
*) leds - fixed GPS LED configuration on LtAP LTE kit;
*) leds - fixed LTE signal strength LED configuration on LHGG LTE kit;
*) leds - fixed LTE signal strength LED configuration on LtAP LTE kit;
*) lte - added AT chat support for Dell dw5821e modem;
*) lte - fixed LTE interface running state after modem reconnection;
*) lte - fixed Telit AT interface numbering;
*) lte - improved LTE interface detection for LtAP-2HnD devices;
*) lte - keep MBIM working even if AT channel fails to respond in the initialization stage;
*) lte - request connect with the same IP type as in LTE attach status for MBIM;
*) lte - show current value for "antenna" parameter when auto antenna selection fails;
*) lte - validate LTE attached IP type in MBIM mode;
*) mmips - improved USB device detection after system bootup;
*) mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
*) mpls - improved stability with enabled loop-detect;
*) mqtt - fixed log flooding with disconnect messages;
*) mqtt - fixed socket error handling;
*) netwatch - added support for more advanced probing;
*) ntp - added VRF support for client and server;
*) ntp - fixed manycast server support;
*) ntp - improved "debug" log level logging;
*) ovpn - added "AUTH_FAILED" control message sending;
*) ovpn - fixed "called-station-id" RADIUS attribute value for OVPN server;
*) ovpn - use selected cipher by default when the server does not provide "cipher" option;
*) pimsm - improved system stability when changing configuration;
*) poe - hide "poe-voltage" parameter on devices that do not support it;
*) ppp - do not fail connection when trying to add existing IP address to address list;
*) ppp - log warning message when remote IP address can not be added;
*) ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
*) quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
*) radius - added VRF support for RADIUS client;
*) route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu);
*) route - expose all valid routes to route select filter from BGP;
*) route - expose all valid routes to route select filter from OSPF and RIP;
*) route - fixed false route type detection as blackhole;
*) route - fixed log messages when changing routing configuration;
*) route - made export run faster on tables with a large number of dynamic routes;
*) route - provide more detailed information about prefixes when using "discourse" tool;
*) route-filter - fixed route select filter rules;
*) routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
*) routing-filter - added origin matcher to match for example routes of a specific OSPF instance;
*) routing-filter - fixed regexp community matcher;
*) routing-filter - made "do-jump" work in select rules;
*) rpki - fix potential memory leak;
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
*) ssh - fixed host key generation (introduced in v7.3);
*) ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
*) switch - fixed multicast flooding when HW offloaded bridge port gets disabled;
*) system - added "shutdown" parameter for reset-configuration (CLI only);
*) system - fixed configuration reset with "run-after-reset" with file stored on ramdisk;
*) upgrade - ignore same version packages during upgrade procedure;
*) upgrade - improved RouterOS upgrade stability with attached USB modem on MIPSBE, SMIPS and MMIPS devices;
*) vpls - improved system stability with enabled connection tracking;
*) vxlan - allow to specify MAC address manually;
*) w60g - fixed interface "reset-configuration" on Cube 60 devices;
*) w60g - improved interface initialization after being inactive for a while;
*) w60g - improved system stability when using mismatched L2MTU between station and AP;
*) webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
*) webfig - updated link to the WinBox executable;
*) webfig - updated link to the documentation;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
*) wifiwave2 - improved WPA3 support stability;
*) winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
*) winbox - added "name" parameter under "Routing/BGP/Session" menu;
*) winbox - added "to-address" and "to-ports" parameters under "IPv6/Firewall/NAT" menu;
*) winbox - added support for "veth" interface types;
*) winbox - fixed "inactive" flag naming under "MPLS/Local Mapping" menu;
*) winbox - fixed IP/Route and IPv6/Route OSPF type value;
*) winbox - fixed filename dropdown value filtering;
*) winbox - fixed minor typo under "Interface" stats;
*) winbox - fixed units for "reachable-time" parameter under "IPv6/ND" menu;
*) winbox - removed "TLS Host" parameter from "IP/Firewall/NAT" menu;
*) winbox - removed duplicate signal strength column under "Wireless/Registration Table" menu;
*) winbox - removed unused "Apply Changes" button from BGP sessions menu;
*) wireguard - fixed system stability when adding/removing WireGuard interface;
*) wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
*) x86 - fixed Broadcom NIC support;
*) x86 - fixed keep old configuration functionality during x86 setup installation;
*) x86 - improved log warning message on failed downgrade attempt;
*) x86 - removed "hdd-model" information from installation screen;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while the router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.

So stuff that was inside a release candidate is withdrawn.
Mikrotik is totally bonkers!!!!

Mikrotik is totally bonkers!!!!

Docker isn't really important to me. Glad it has lower priority than all the other improvements.
But you can still run test, can't you!?

Mikrotik is totally bonkers!!!!

Docker isn't really important to me. Glad it has lower priority than all the other improvements.
But you can still run test, can't you!?

I don't give a fuck about containers.
But when something was in a beta and than in a release candidate than it is very strange to withdraw it

So stuff that was inside a release candidate is withdrawn.
Mikrotik is totally bonkers!!!!

if you talk about a bug fix then you are right.
But if you talk about a new feature i believe is good to remove it as long as they are not stable.
Stability is the most important for me, so any removal in order to improve stability is welcome.

For me is very weird to see a feature present on release candidates and be removed in the final one.
for the "I prefer stability and dont need containers" the main rOS package does not contain it, you need to download it yourself.
Still the same lack of transparency as always...

The USB bottleneck problem still persists in RB2011UiAS

As usual no changes in BGP. Will wait for 7 days before upgrading because last time they screwed up 7.3

[admin@RB5009] /partitions> copy-to part1
status: ERROR: /flash/rw/run/netns/23: Invalid argument

seems to be NOT solved and an old release note entry.

*) filesystem - fixed repartition on RB5009 series devices;


I will try netinstall vs. update --> doesn't help
now i get:
[admin@RB5009] /partitions> copy-to part1
status: ERROR: /flash/rw/run/netns/22-user: Invalid argument

Changelog vs 7.4rc2? except the obvious missing container package.

So stuff that was inside a release candidate is withdrawn.
Mikrotik is totally bonkers!!!!

When it involves changing actual code of RC version - i would agree with you.
But in this case it is just not making container package available publicaly, so tehnically there are no code change from RC.

Hi,

any tested HW from users? Hap AC? WiFi 60Ghz ? All OK?

Thank you

Please post a change list relative to 7.4rc2 as well.

Please post a change list relative to 7.4rc2 as well.

That change list should be the last post in corresponding RC thread. Doesn't really belong here as it's titled "vX.Y [stable] ir released!" and to avoid confusion, change list should be against previous stable (which in this case was 7.3.1 I believe).

Upgrading audience with wifiwave2 installed, after upgrading from 7.2.3 there's still the infamous error message in logs:

jul/20/2022 12:11:14 system,error,critical error while running customized default configuration script: bad command name wireless (line 985 column 25)
jul/20/2022 12:11:14 system,error,critical

MT, will you kindly fix this ugliness, please?

Please post a change list relative to 7.4rc2 as well.

That change list should be the last post in corresponding RC thread. Doesn't really belong here as it's titled "vX.Y [stable] ir released!" and to avoid confusion, change list should be against previous stable (which in this case was 7.3.1 I believe).

Yes that would be a good idea, but it does not appear there either.
It would be useful to know in which of the items listed above there still were changes between 7.4rc2 and 7.4.
If it is only "container npk omitted" that is fine as well. But it should be possible to know if there is any value in installing 7.4 when already having 7.4rc2.

i have upgraded hap ac2 , and the router just die, that is second time last time was on 7.3.1

There's nothing new in this changelog vs 7.4beta+7.4rc combined, but there are a few things omitted:
*) route - changed "mode" setting to "exclude" for group management protocol (CLI only);
^ this probably was just some fix for the initial *) route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu);
and these:
*) winbox - added "VRF" parameter under "Tools/E-mail" menu;
*) winbox - added support for "Routing/GMP" menu;
I don't know if these were left out or just didn't make it in writing.
And obviously, the container support.

i have upgraded hap ac2 , and the router just die, that is second time last time was on 7.3.1

Anyone alse already tried this "STABLE" version?

*) lte - improved LTE interface detection for LtAP-2HnD devices;

Does this have to do with the LTE interface totally missing in some occasions ?

Anyone alse already tried this "STABLE" version?

i need to hard reset to make it work

Anyone alse already tried this "STABLE" version?

i need to hard reset to make it work

After upgrading from what version ?

After upgrading from what version ?

v7.3.1

update my home router hap^ac2 from 7.3.1 to 7.4 so far it's working ok basic nat + zerotier

Updated my home router RB4011 from 7.3.1 to 7.4, so far it is working (Wireguard, lots of VLAN's, NAT, etc.)

I've upgraded the packages+firmware, so far everything's ok, RB1100AHx4DE, RB2011,Groove A52.

Detect Internet feature still broken. Reported for 7.2 and all versions since then, was confirmed and set to be fixed with the "next update". Please fix it. Thanks!

*) health - fixed voltage reporting on some RBmAP-2nD devices;

I guess there's a strong emphasis on the word "some", here, because even on this version my RBmAP-2nD shows no voltage or temperature. I guess it has neither of the sensors, or what?

All my other devices staying on 7.4rc2 because it is more recent in terms of container support

I would like to see 7.3.2. As it is know it seems to be a rush to release new main version.
Need a 7.x long term version.

ccr1009
crs318
crs317
crs326-24G
crs112-8G
cap-ac

All upgraded with no issues- upgraded from 7.3.

*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;

This is welcome as I seem to suffer from these a bit (still didn't pinpoint exact reason and patiently testing while checking version, firmware, uptime etc..) However, this made me look on specs (which say it is single-core device) and compare that with my switches (which say it has two cores in 7.2.1 and 7.3.1).

So my question is: what the heck happened here? Did we get accidental HW upgrade (as with 256MB batch of hAP ac2)? 98DX3236 is meant to be dual core so why sell it as a single core product? Does that mean the CPU performance will get even worse?

Oh no, don't start that again. Read starting from here: viewtopic.php?t=186583#p939187
And I'll ask here too, since nobody answered in the other topic, did you ever see CPU usage on the 2nd core? And did you see some measurable performance penalty after the 2nd core got disabled?

RB5009 still reports: Warning CPU not running at default frequency.

Normal warning if you have cpu frequency set to anything else instead of "auto".

RB5009 still reports: Warning CPU not running at default frequency.

in system -> routerboard what settings for CPU frequency you have available?

On the RBD52G-5HACD2Hnd it gives me the same default frequency error in red

6x wap ac, 4x D53, 2x CRS326, CCR1009, RB5009, 2x RB2011, 2x3011, hap ac - upgrade from 7.3.1 to 7.4, reboot and then routerboard upgrade and reboot. All OK.

Usual office/home setups - nat/filters/IPsec/some queues, and monitoring , (static routing), ww2 package wherever possible. so far all green

All boards were netinstalled (reformated) to v7.2, since then i have no issues on upgrade what so ever. AFAIK v7 uses new filesystem, that can be changed only with v7 Netinstall. from my experience that seems to be cause on all the upgrade issues.

On the RBD52G-5HACD2Hnd it gives me the same default frequency error in red

Should be set to auto on hAP ac2 as well.

Need a 7.x long term version.

The whole v7 is "stable" in MT's parlance, nothing qualifies for long-term because none of versions were actually really stable before moving forward with newer minor version. With the pace of pushing out "stable" releases it seems like there's a missing digit in version number. I.e. 7.1 -> 7.0.1; 7.2 -> 7.0.2; 7.3 -> 7.0.3; 7.3.1 -> 7.0.3.1 (just joking, but as with every joke there's some truth in it).

My opinion is that until all v6 functionality is ported/reimplemented to v7 (at least what can be done, e.g. accounting is obviously out of question ... and including "obscure" features, such as BGP), no version should be actually called long-term ... because calling some v7 "long-term" will make upgrade even those the most conservative users (who still follow ROS development ... I'm not talking about those who never upgrade their devices but still bitch about vulnerabilities found well later than their installed software release date). And the hell will break loose.

Just upgraded my RB5009: Under 7.3.1 it was not able to pick up a DHCP address from a UK Virgin Media HUB4 (in modem mode), so had to revert to 7.2.3. This applied whether I was used a bonded pair of interfaces (balance-rr) or a single interface.

Mikrotik support advised me it had been fixed in one of the 7.4 betas, but I did not try that.

However, I've upgraded to the 7.4 release and it now works as per 7.2.3 and a bonded interface can correctly initiate and accept a DHCP client request.

Interesting that there is no mention of any dhcp client fixes in the release notes... only dhcp relay/server....

On the RBD52G-5HACD2Hnd it gives me the same default frequency error in red

Should be set to auto on hAP ac2 as well.

Ok perfect, can I see the real working frequency of the CPU?

So stuff that was inside a release candidate is withdrawn.
Mikrotik is totally bonkers!!!!

Some of us have CRS328s with flapping SFP+s impacting connectivity for 6+ months, or are impacted by other major issues fixed in this release. Waiting for a stable release for container support indefinitely until all the container-related issues got resolved would have been silly. It's not like the work on containers suddenly was deleted; it'll be released in the future when it's ready. I assume Mikrotik pushed this out in order to satisfy those with production-breaking problems/needs (and speaking for myself, I am quite relieved).

So stuff that was inside a release candidate is withdrawn.
Mikrotik is totally bonkers!!!!

if you talk about a bug fix then you are right.
But if you talk about a new feature i believe is good to remove it as long as they are not stable.
Stability is the most important for me, so any removal in order to improve stability is welcome.

Very much concur and is obvious to anyone that has software development experience. Its good to see QA processes are alive and well!!

for winbox, would it be possible to show where a prefix terminates when hovering cursor on it in `ip/firewall/address-list`? very annoying not easily being able to know what something like 10.0.128.0/19 ends at, my workaround is adding the prefix in `ip/address` as disabled and hovering the cursor there since it works that way.

also in the topic of `ip/firewall/address-list`, since it is now heavily used for routing protocols like BGP, would it not make more sense to move it somewhere else? maybe a dedicated menu in `ip/address-list` and possibly incorporate `ip/pool` into it as well.
i'm sure others have already suggested this before, just giving it a +1.

Should be set to auto on hAP ac2 as well.

Ok perfect, can I see the real working frequency of the CPU?

ROS v7.4, running on Audience (requires auto setting as well) shows it when executing command /system/resource/print ... I don't recal seeing any value other than 448MHz though. That's the lowest value available to set on my device, but cpu-load is sitting at 0% as well, that might explain it.
Things are pretty much the same on my hAP ac2 running v6.49.6 (488MHz is the lowest settable value and shown whenever I care to look at).

Just upgraded my RB5009: Under 7.3.1 it was not able to pick up a DHCP address from a UK Virgin Media HUB4 (in modem mode), so had to revert to 7.2.3. This applied whether I was used a bonded pair of interfaces (balance-rr) or a single interface.

Mikrotik support advised me it had been fixed in one of the 7.4 betas, but I did not try that.

However, I've upgraded to the 7.4 release and it now works as per 7.2.3 and a bonded interface can correctly initiate and accept a DHCP client request.

Interesting that there is no mention of any dhcp client fixes in the release notes... only dhcp relay/server....

@emils, can you point out which fix either in this or previous version addressed the Ops concern, or do you like mystery in life LOL.

*) wireguard - fixed system stability when adding/removing WireGuard interface;

@emils: Can you provide details of what this actually addresses?
- if the server IP is unavailable for any period of time and is accessed via DYNDNS (dynamic) ??

i have upgraded hap ac2 , and the router just die, that is second time last time was on 7.3.1

come over to testing, at least you know that you may have to netinstall.

For moving from 7.24c to this release 7.4 stable. Is there a recommended method/process ??

7.2rc?

Or you netinstall (suggested ) or install first 7.3.1
I do not know if the "fsck" added on 7.3.1 for the lost of data partition is also present on 7.4

No problems updating my hAP ac² from 7.3.1 to 7.4

Haha, close enough v 7.2rc4
Yes, want to avoid KoD :-) and going from a stable to stable is diff from rc to stable........

Important note!!!

- Container package is not available in v7.4. Development and testing continues in "testing" channel.

Wow, every day we check the stable release, in order to start a project via containers. All I had to do was check again ...
Honestly, something has changed in your company and I don't see it going in a really good direction ... Or you get into too many products on the market and it seems that you are losing control ... That's how it seems to me.

A super black ball from me. Cius!

Anyone who can confirm if the problem with missing SFP module information is being addressed? I highly doubt but at the moment the test device isn't available and I do not want to upgrade the used devices just to find out that this is still not resolved. I know that in RC it wasn't but hope is a strong thing.

Successfully upgraded 2x CCR2116 from 7.3 and 7.2.3, and 2x RB5009 from 7.2.1. 2116's running NAT, DHCP, etc. and all four running BGP (internal routes only) and OSPF. RB5009's share the load of 1-2Gbps of production traffic 24/7.

Will be testing on three other 2116's with larger tables later on this week/next week.

So stuff that was inside a release candidate is withdrawn.
Mikrotik is totally bonkers!!!!

The stuff that was not included, most likely isnt considered "stable"

- "Prefix Count" for BGP running session?
- BFD (for OSPF and BGP) ?

That these features are (still) not implemented is holding me back from deploying v7 as well.
Also, according to IPArchitects, there are some unresolved issues causing occasional memory leaks. As as our whole network depends on BGP, it'd be nice if these issues could be looked at.

Upgraded my RB5009 from 7.2.3 to 7.4 and looks like it's bricked. Can't even get it to show up in Netinstall.

To elaborate further, when power is supplied (using OEM adapter), Blue LED1 comes on. Ethernet port 2's green LED comes on faintly, and there is no other activity.
Holding RESET button down when power is supplied results in no change in behavior.

1. In Dude, packages are still listed as "system"
2. Dude upgrade "needed packages are not available" message still appears.

So Dude still can't update managed devices.

This is welcome as I seem to suffer from these a bit (still didn't pinpoint exact reason and patiently testing while checking version, firmware, uptime etc..) However, this made me look on specs (which say it is single-core device) and compare that with my switches (which say it has two cores in 7.2.1 and 7.3.1).

So my question is: what the heck happened here? Did we get accidental HW upgrade (as with 256MB batch of hAP ac2)? 98DX3236 is meant to be dual core so why sell it as a single core product? Does that mean the CPU performance will get even worse?

If this finally fixes the port flapping issues I've been having since I bought this switch I'm going to cry.

It should, I reported this last year and have been back and forward about it since (it started with 7.x). I’ve been running 7.4 since b2, and the issue has been gone since. I was seeing flaps on all NAND activity, sometimes every five minutes with some configs doing writes often. Zero flaps since. I’m on 7.4 stable and the issue does appear to be gone on it, as well, as you’d expect. It does blow my mind how long it took to get this fixed, but I am very glad it is resolved now.

Oh no, don't start that again. Read starting from here: viewtopic.php?t=186583#p939187
And I'll ask here too, since nobody answered in the other topic, did you ever see CPU usage on the 2nd core? And did you see some measurable performance penalty after the 2nd core got disabled?

Thanks for pointing that out! I don't regularly go through test/rc channels so I missed that discussion. To answer your questions:
1) Yes, I see usage of both cores. (partially my fault because I don't use it only as a simple L2 switch, but even simple management traffic can take few % off)
2) No, because I didn't jump on 7.4 yet. Both my CRS328 are in production so I have to be very careful on what I install. Company does not let me have these expensive devices spare in lab. However I noticed that there has been huge improvement in 7.3.1 already (see attached screenshot. qsfp1-2 with CRS running 7.3.1 dropped only once per last few days while qsfp1-1 is dropping every few hours and is attached to CRS running 7.2.1

rb1100ahx2 not able to get upgraded from 7.3.1 to 7.4, lack of flash size...: the ppc npk file has 21mb, free space on device is 19.5mb. any chance to upgrade without a fresh netinstall?

the ppc npk file has 21mb, free space on device is 19.5mb. any chance to upgrade without a fresh netinstall?

See if you can free up some space ... in /file ... perhaps there are some backup files, export files, dangling npk files that can be removed.

the ppc npk file has 21mb, free space on device is 19.5mb. any chance to upgrade without a fresh netinstall?

See if you can free up some space ... in /file ... perhaps there are some backup files, export files, dangling npk files that can be removed.

already removed everything there, which is accessable via winbox, missing just one mbyte :(

@ObliteRon

Upgraded my RB5009 from 7.2.3 to 7.4 and looks like it's bricked. Can't even get it to show up in Netinstall.

Have you ever netinstalled the device before, or is it the first try?
I've searched the forum for "rb5009" netinstall.

So:
1. I used a switch to connect RB5009. I used ETH1 as port.
2. I set the address for BOOTP server (setting in netinstall) to 192.168.88.199
3. On the windows machine, i set the IP to 192.168.88.2
4. Open windows firewall ( windows asked me to do that)

viewtopic.php?t=180233

See if you can free up some space ... in /file ... perhaps there are some backup files, export files, dangling npk files that can be removed.

already removed everything there, which is accessable via winbox, missing just one mbyte :(

Apparently something has gone wrong earlier and it kept some file it should have deleted. You should have way more space than that.
However, it apparently is partitioned, you could also recover it by un-partitioning it, upgrading, then partition again and see what space you have.
Doing a netinstall is probably the better way.

Let's Encrypt does not work , unlike 7.3.1

RB760iGS upgraded from 7.4rc1 -> works
RB912R-2ND-LTM-KIT upgraded via netinstall just to check if missing LTE interface deigns to come back ... no cooperation

fetch has been broken with ftp connect in 7.3.1 and 7.4:

/tool fetch address=ip port=21 user="user" password="pass" upload=yes mode=ftp src-path="backupfile.backup" dst-path="/path/Backup/Mikrotiks/MY/backupfile.backup"
status: failed

failure: Unrecognized FTP server response: The local time is:
230 User user logged in

but if i connect from total commander and others clients - all is ok.

Service proftp

fetch has been broken with ftp connect in 7.3.1 and 7.4:

failure: Unrecognized FTP server response: The local time is:
230 User user logged in

Does the FTP server send that response "The local time is: " without numeric prefix (220)?
Then it is the FTP server that is broken. A proftp server that I can access does not do that, so maybe someone has fiddled with it?

Still seeing lots of DHCP issues with various devices[...]
Windows reports IP Configuration invalid on affected machines

Can you provide a screenshot of such a report? or copy-paste?

RB760iGS upgraded from 7.4rc1 -> works :)
RB912R-2ND-LTM-KIT upgraded via netinstall just to check if missing LTE interface deigns to come back ... no cooperation :(

still i'm not filing confutable to update the remote devices to any v7.x

Anyone knows anything about this *) lte - improved LTE interface detection for LtAP-2HnD devices; ?

fetch has been broken with ftp connect in 7.3.1 and 7.4:

failure: Unrecognized FTP server response: The local time is:
230 User user logged in

Does the FTP server send that response "The local time is: " without numeric prefix (220)?
Then it is the FTP server that is broken. A proftp server that I can access does not do that, so maybe someone has fiddled with it?

in the example i removed the timestamp
Real Proftp response is correct:
failure: Unrecognized FTP server response: The local time is: Thu 21 14:01:28 2022

in the example i removed the timestamp
Real Proftp response is correct:
failure: Unrecognized FTP server response: The local time is: Thu 21 14:01:28 2022

No, that is NOT a correct FTP server response!
It should be like "220-The local time is: Thu 21 14:01:28 2022" (when more lines follow) or "220 The local time is: Thu 21 14:01:28 2022" (when it is the last or only response).
Note the "220" at the start of the line. It should be there. It should be followed by "-" when more lines follow, " " when it is the final line.

But what about other ftp client that connect without issue? This problem appeared after upgrade to version 7.3.1

Upgraded my RB3011 to 7.4, still unusable, massive packet loss over GRE tunnels and OpenVPN tunnels, all of the comments are stripped out of my NAT rules upon upgrading from 7.1.5.
Short of attempting to rebuild my extensive configuration from scratch in the hopes of figuring out what the issue actually is I don't see what upgrade path I have.

Am I the only one having issues?

Every upgrade went well from 7.1.0 through 7.1.5 and I just can't seem to get it to reliably play ball beyond it, I also lose logging to syslog hosts when upgrading, even though the host is configured and I can SSH from said host to the router.

Thoughts?

Let's Encrypt does not work , unlike 7.3.1

It works perfectly for me 🤔

Hi,

I have upgraded lab from 7.1.something to 7.4
CRS317 with mlag working fine
CCR2004-1g-12s with vrf and bgp inside vrf working also fine
Not other functions tested.

It bricked my 951ui-2hnd. The router seems to be working fine but when I connect via WinBox I get only blank screens (For example if I go to interfaces it doesn't show any interfaces). and WinBox drops me every 20 seconds. Totally not "STABLE"

But what about other ftp client that connect without issue? This problem appeared after upgrade to version 7.3.1

Please paste exactly what a commandline ftp client shows when you logon to that server.

Every upgrade went well from 7.1.0 through 7.1.5 and I just can't seem to get it to reliably play ball beyond it, I also lose logging to syslog hosts when upgrading, even though the host is configured and I can SSH from said host to the router.

Thoughts?

When you have it running in a 7.x release, do a /export show-sensitive file=name and download the .rsc file. Also make a .backup file just in case.
Then netinstall version 7.4. connect from winbox via MAC address, upload the .rsc file and reset the config to completely blank (no defaults) and /import the .rsc file with option verbose
Should it stop halfway, use the command again with option from-line to start past the offending line.
When finished, make a new /export and use a text compare tool to compare the files to see if you did not miss something.

It bricked my 951ui-2hnd. The router seems to be working fine but when I connect via WinBox I get only blank screens (For example if I go to interfaces it doesn't show any interfaces). and WinBox drops me every 20 seconds. Totally not "STABLE"

Maybe you should clear WinBox session in WinBox folder as it could be WinBox problem, not 7.4 upgrade.

But what about other ftp client that connect without issue? This problem appeared after upgrade to version 7.3.1

Please paste exactly what a commandline ftp client shows when you logon to that server.

Please see attachments.

Proftpd 1.3.7a

well, dear MT staff

this does NOT work any more
why change something which worked before ???

how to match UEFI from now ?

as MT DEVs could see

UEFI client asked for IP and totally wrong answer came from MKT
lpxelinux.0 instead of grubnetx64.efi.signed

clearly, Class-Id = "PXEClient:Arch:00007:UNDI:003000" does not match in DHCP server

bravo !!!

@ObliteRon

Upgraded my RB5009 from 7.2.3 to 7.4 and looks like it's bricked. Can't even get it to show up in Netinstall.

Have you ever netinstalled the device before, or is it the first try?
I've searched the forum for "rb5009" netinstall.

So:
1. I used a switch to connect RB5009. I used ETH1 as port.
2. I set the address for BOOTP server (setting in netinstall) to 192.168.88.199
3. On the windows machine, i set the IP to 192.168.88.2
4. Open windows firewall ( windows asked me to do that)

viewtopic.php?t=180233

Yes, I have. But what I've observed in the past, is that the RB5009 (or RB4011, my previous) would show certain activity via the LEDs when powered on, and getting into Netboot via the RESET button, the activity changes.
My RB5009 simply powers on, shows the Blue LED, and the Eth2 LED (faintly), and nothing changes. This is whether powered on "normally", powered on with RESET held, or holding RESET immediately after power on.

I believe I've seen posts online saying that the faint LED on Eth2 is more than likely an indicator of a hardware failure.

if it looks like that, it's probably dead. I had to rma my RB5009, just 4 days after I got it. Died during fw update.

@osc86 how about trying to netinstall the device ?

Updated without incident the following router:

Please paste exactly what a commandline ftp client shows when you logon to that server.

Please see attachments.

Proftpd 1.3.7a

When that " The local time is" line indeed has a CR/LF in front of it, this certainlu is a fault of the FTP server!
There should be "230-" in front of that line, just like the "230-Welcome user" line.
So try to find why it outputs that line and how it can be removed or corrected.

Why did it not fail in previous RouterOS? Likely, someone reported that the FTP client did not handle errors properly,
e.g. when the user/password was refused it would not notice that, and now the FTP client does proper parsing of those
3-digit numbers on each line (which are error/status codes). It now fails because your FTP server sends garbage.

It bricked my 951ui-2hnd. The router seems to be working fine but when I connect via WinBox I get only blank screens (For example if I go to interfaces it doesn't show any interfaces). and WinBox drops me every 20 seconds. Totally not "STABLE"

Maybe you should clear WinBox session in WinBox folder as it could be WinBox problem, not 7.4 upgrade.

Thank you BartoszP, I have tried it but unfortunately did not help, also tried getting the latest WinBox off MT's website. I did figure that login via MAC locally works fine but login via IP is having the disconnection problem every 20 seconds. Strange is, the connection via IP has been working for the last 3 years without any issues and just now got bricked with the 7.4 release

@Zacharias netinstall didn’t work. RMA center confirmed that the device is broken.

if it looks like that, it's probably dead. I had to rma my RB5009, just 4 days after I got it. Died during fw update.
IMG_0755.jpeg

That's exactly what mine looks like.

When that " The local time is" line indeed has a CR/LF in front of it, this certainlu is a fault of the FTP server!
There should be "230-" in front of that line, just like the "230-Welcome user" line.

I don't think that's right:

Thus the format for multi-line replies is that the first line will begin with the exact required reply code, followed immediately by a Hyphen, "-" (also known as Minus), followed by text. The last line will begin with the same code, followed immediately by Space <SP>, optionally some text, and the Telnet end-of-line code.

For example:

123-First line
Second line
234 A line beginning with numbers (<-- quote ate the space at the beginning of this line)
123 The last line

The user-process then simply needs to search for the second occurrence of the same reply code, followed by <SP> (Space), at the beginning of a line, and ignore all intermediary lines. If an intermediary line begins with a 3-digit number, the Server must pad the front to avoid confusion.

Ok I apparently assumed to easily that the line format for FTP would be the same as for SMTP, where certainly it is as I described.
I seem to remember that FTP servers sending large banners always formatted them with those continuation reply codes in front of every line, but maybe that was just the safest thing to do.
At the moment, it is difficult to confirm that as FTP has been phased out by most sites by now.

Edit: this is what I meant: But then indeed it appears that the changes in v7.4 do not conform to the RFC959 standard and need more work to handle the format as described in the RFC.
Well, well...

For obscurus: note that likely nothing further will happen unless you make a ticket about this (either by mailing it or by directly creating the ticket in the support system). Bugs reported in the release topics are usually not picked up by MikroTik staff, unless a developer of a particular piece of code sees it and creates the ticket himself.

I have a pair of hAP lites that I upgraded to 7.2rc4 a few months ago - I don't remember using Netinstall but maybe I just suppressed the memory. I just purchased another one, running 6.47.9, and it appears there isn't enough free disk space to upload the package via Winbox. The /files area is empty - but I don't have 8M available. Is the only upgrade option a Netinstall?

The problem with Simple Queues with cake (only cake) locking the router so far appears to be fixed in 7.4

can anyone confirm whether vpn 4 works on v7?
i got feeling that Mikrotik is hidesign that info,correct me if i'm wrong

what is vpn 4?

u can taka a look here they si one the e.g.

viewtopic.php?t=109921

Never had to do with that MPLS, BGP stuff. So, no glue what VPN4 is nor if it works.

I have a pair of hAP lites that I upgraded to 7.2rc4 a few months ago - I don't remember using Netinstall but maybe I just suppressed the memory. I just purchased another one, running 6.47.9, and it appears there isn't enough free disk space to upload the package via Winbox. The /files area is empty - but I don't have 8M available. Is the only upgrade option a Netinstall?

1- hap lite might be too "light" on resources to run ROS7 properly, depending on what else you configure on it
2- netinstall might indeed be the best option

Only 'issue' that I have is that the WireGuard interface (wireguard1) is placed by internet-detect in the WAN interface list; and it is supposed to be in the LAN interface list.
According to the manual: https://help.mikrotik.com/docs/display/ROS/WireGuard

Or simply add the WireGuard interface to "LAN" interface list.
/interface list member
add interface=wireguard1 list=LAN

This is working correct, but the interface is due to internet-detect also placed in the WAN list... this results in some not that unexpected behavior :)
At the moment I've disabled the WAN entry by issuing: /interface/list/member/disable numbers=<use-correct-number>
And I've created a ticket for this.

For more flexibility, I've create a ZT-ZONE (Zerotier) and WG-ZONE (Wireguard) lists/zones in which my service interfaces resides. It makes things more granular. As a best-practice, any user coming in through either VPN "services" does not deserve the same level of trust by default.

CubePRO with 7.4 = kernel failure
ticket: SUP-82999

For more flexibility, I've create a ZT-ZONE (Zerotier) and WG-ZONE (Wireguard) lists/zones in which my service interfaces resides. It makes things more granular. As a best-practice, any user coming in through either VPN "services" does not deserve the same level of trust by default.

Just curious, why not ? I would assume someone entering via VPN should be super-trusted ?
Otherwise it COMPLETELY negates the use for that VPN service ...
My view.

[...]
This is working correct, but the interface is due to internet-detect also placed in the WAN list... this results in some not that unexpected behavior :)
[...]

Please take some time to write in this topic here: viewtopic.php?t=187814 What purpose does detect-internet serve for you?
Besides fscking up your config. We're eager to hear your input.

For more flexibility, I've create a ZT-ZONE (Zerotier) and WG-ZONE (Wireguard) lists/zones in which my service interfaces resides. It makes things more granular. As a best-practice, any user coming in through either VPN "services" does not deserve the same level of trust by default.

Just curious, why not ? I would assume someone entering via VPN should be super-trusted ?
Otherwise it COMPLETELY negates the use for that VPN service ...
My view.

Anyone that knows a ZeroTier "id" can join the cloud-switch and suddenly be part of your network, luckily by default "Private" flag is set requiring an "OK" from you, but once changed to "Public" and the network-ID is all that is needed to join.
Wireguard is a fixed config without additional authentication, If somebody takes my phone and they simply enable the WG-interface with a simple press they are "in" . Sure, my phone is "locked" normally but,but,but ;-)
Agree these are "academic" questions and the likelihood of anything bad happening is about "0" , but that's how we work on Cisco ASA, Palo Alto, Fortinet during office-hours.
I just like to play with these things, split up as much as possible. More work sure and possible prone to human errors if not careful

Looking at it from that angle, I understand.

Hi.
OpenVPN client (and/or server) is broken.
OpenVPN client to a remote OpenVPN server on the Mikrotik with same 7.4 version stopped to work, both udp and tcp.
Looks like the client spams lot of requests, the server does not have any errors. Many connections are visible in the server firewall.
The client logs are following: connecting... initializing... disconnected, terminating... - peer disconnected.
Connection to the same OpenVPN server from the Android works good.

Upgrading CCR1009-7G-1C-1S+(tile) from 6.49.6 (Stable) to 7.4 (Stable), stopped working micro sd card.
It's a shame and problematic when there is a Dude to install on it

The SD card not working is a known issue... I have an open ticket on this for a long time.

For obscurus: note that likely nothing further will happen unless you make a ticket about this (either by mailing it or by directly creating the ticket in the support system). Bugs reported in the release topics are usually not picked up by MikroTik staff, unless a developer of a particular piece of code sees it and creates the ticket himself.

Yes, the ticket has been opened. waiting...

The SD card not working is a known issue... I have an open ticket on this for a long time.

I don't understand, why is v7 so different in code...I understand it is different in router mode, but why is gone functionality of SD card, or other normal functions? Why is so difficult copy and paste some functions code from v6..?

Because significant jump in linux kernel version. That means old drivers and functions are useless and have to be completely rewritten.

Because significant jump in linux kernel version. That means old drivers and functions are useless and have to be completely rewritten.

I don't understand. On my Hex, SD card works just fine (microSD, to be correct)
With V7.4.

Or is it the architecture which causes this problem ?

It is an issue with CCR (TILE) at least.

Upgraded my RB5009 from 7.2.3 to 7.4 and looks like it's bricked. Can't even get it to show up in Netinstall.

Same here.
Updated RB5009 to 7.4 and it never came back.
Netinstall is not working.

Great Work!

Upgraded my RB5009 from 7.2.3 to 7.4 and looks like it's bricked. Can't even get it to show up in Netinstall.

Same here.
Updated RB5009 to 7.4 and it never came back.
Netinstall is not working.

Great Work!

I feel your pain. It was really "itching" to update my RB5009 from 7.3.1 (which works well) to 7.4 "stable" (which is probably Latvian for something else....)
These messages quickly bring me back to reality and remind me to be very careful with this gear ;-)

Netinstall is not working.

You may need to run Netinstall 5 or 6 times ... and switch Netinstall to 1 version lower ..... that's been my experience with Netinstall on some version of Tik devices.

Netinstall is not working.

You may need to run Netinstall 5 or 6 times ... and switch Netinstall to 1 version lower ..... that's been my experience with Netinstall on some version of Tik devices.

And use Linux to start. Less hassle then Windows...

Upgraded my RB5009 from 7.2.3 to 7.4 and looks like it's bricked. Can't even get it to show up in Netinstall.

Same here.
Updated RB5009 to 7.4 and it never came back.
Netinstall is not working.

Great Work!

Great news: After many tries and finally using Netinstall on Linux, i was able to reinstall it and restore my backup.

Mindblown. MT finally resolved the segmentation fault in netinstall cli for linux.

A small cosmetic bug, reported by me on the 7.2.1 thread, is still present on v7.4

viewtopic.php?p=927171#p927171

I can edit a skin to disable some options, save it, seems to work, but logout/login, and the options will appear again.

picture 1: edited skin, some "Add New" options are successfully hidden .
picture 2: logout, login, tne options are all there again, showing skin saving/applying is not working as expected

Thank you BartoszP, I have tried it but unfortunately did not help, also tried getting the latest WinBox off MT's website. I did figure that login via MAC locally works fine but login via IP is having the disconnection problem every 20 seconds. Strange is, the connection via IP has been working for the last 3 years without any issues and just now got bricked with the 7.4 release

confirm, work login via MAC locally

@j0n1th4n

Same here.
Updated RB5009 to 7.4 and it never came back.
Netinstall is not working.

Great Work!

Great news: After many tries and finally using Netinstall on Linux, i was able to reinstall it and restore my backup.

Just curious... was your RB5009 still showing activity (LEDs blinking / turning on and off) after power on, or was it just the Blue LED1 (solid) and Ether2 Green LED (solid but faint)?

@j0n1th4n

Great news: After many tries and finally using Netinstall on Linux, i was able to reinstall it and restore my backup.

Just curious... was your RB5009 still showing activity (LEDs blinking / turning on and off) after power on, or was it just the Blue LED1 (solid) and Ether2 Green LED (solid but faint)?

It had LED activity on eth1, reset button and it was responding to holding the reset button.

Thanks for the reply @j0n1th4n. Sounds like yours wasn't completely dead then.

Upgraded my RB5009 from 7.2.3 to 7.4 and looks like it's bricked. Can't even get it to show up in Netinstall.

Same here with a hap ac2 from 7.2.3 to 7.4.

Had to netinstall 7.2.3

Same here with a hap ac2 from 7.2.3 to 7.4.

Had to netinstall 7.2.3

What happens if you netinstall 7.4 ? Just curious ...

We need to delete dynamic queues. It's not working anymore with this version
Is there any workaround?

Example:
```
Couldn't remove Simple Queue <<pppoe-ppp-3>> - not permitted (9)
```
This is critical to our system

Important note!!!

- Container package is not available in v7.4. Development and testing continues in "testing" channel.

Wow, every day we check the stable release, in order to start a project via containers. All I had to do was check again ...
Honestly, something has changed in your company and I don't see it going in a really good direction ... Or you get into too many products on the market and it seems that you are losing control ... That's how it seems to me.

A super black ball from me. Cius!

Well it's not considered stable yet. Would you rather they shoved it in there before it was considered stable or held back 7.4 all together?

The following bug report was just sent to support@mikrotik.com:

[SUP-87865] After upgrading a CCR1009 from 6.49.6 to 7.4, I found that the new-routing-mark entries in all mangle rules were reset to "main" instead of the previously configured route marks.

After upgrading a CCR1009 from 6.49.6 to 7.4, I found that the new-routing-mark entries in all mangle rules were reset to "main" instead of the previously configured route marks.

That is "a known problem". I don't know if they plan to eventually fix it.
I have seen problems with routing table/mark related entries several times during my v7 experiments. Sometimes the named routing marks suddenly show up as some hexadecimal number (e.g. 0x4000) and there is another entry for the original name, which no longer corresponds to the rules.
Hopefully you have noted that any routing table name or mark now first has to be created in "/routing table" with an "add fib name=tablename" before it can be used.
So check if your mark(s) appear there. Then, manually fix everything.

How does it happen? No idea. But I think the process of upgrading from v6, and even worse: downgrading from v7 to v6 and later upgrading again, can disturb things that later still come back when upgrading to a newer v7 version.
Advise: once you have everything configured OK again, do a "/export show-sensitive file=name" and download the file, then netinstall the router to v7.4 and reset the configuration and import the file. That assures that everything is clean in the configuration database. After I did that I did not have issues anymore.

RB912R-2ND-LTM-KIT upgraded via netinstall just to check if missing LTE interface deigns to come back ... no cooperation

LTE appears after power-on with power plug and than vanishes after restart.
Ugraded firmware - no change
R11e-LTE changed to Huawei 909s and LTE works stable - no vanishing.

Same here with a hap ac2 from 7.2.3 to 7.4.

Had to netinstall 7.2.3

What happens if you netinstall 7.4 ? Just curious ...

I'm going to test on two other ac2 and report back.

mine from 7.3.1 to 7.4 on hap ac2 no problem

hap-ac (1) upgraded without problems.

CRS317 also upgraded from 7.3.1 without problems but I have one question:

*) switch - fixed multicast flooding when HW offloaded bridge port gets disabled;

Is this fix related to SUP-86916?
Because after upgrading I have not encountered the issue so far.
Forum post for anyone interested is here viewtopic.php?t=187531

I just ordered an SXT LTE6 Kit and would like to know if I can safely run this release on it. I have no experience with any lte products from mikrotik. Usually I connect everything using dsl or fibre but this time the isp can't provide such a connection in time, so I have to use lte for a few weeks. I'd like to use V7 because of easy remote management using wireguard, but if the modem / lte connection somehow is not stable with this release, there's no other option for me to use V6 and ikev2 instead. Interested in your opinion.

@osc
7.3.1 definitely yes.
7.4, can't tell. My device is 930km away and I will not risk upgrading it remotely. Something for end of August.

Looking at comment from couple of posts earlier, same modem, I'm double careful.

update RB4011 ver. 6.49.6 to 7.4 without problems.
how to manage the ``Route-list-Rules'' section in the future? Rules must be executed only through Firewall filter?

This all went to the "routing" menu.

Oh yes! Thank you very much for the answer!

had 7.3.1 in production of bgp router ccr1009 for couple of weeks without issue, now upgraded to 7.4.
i like the way this v7 of route print that so fast. whatever you guys call it not stable, blabla. i dont wan't to go back v6 lol

had 7.3.1 in production of bgp router ccr1009 for couple of weeks without issue, now upgraded to 7.4.
i like the way this v7 of route print that so fast. whatever you guys call it not stable, blabla. i dont wan't to go back v6 lol

How is route aggregation working for you? And what about BFD?
Do you monitor your BGP peers for being active? And for number of advertised prefixes? How?

had 7.3.1 in production of bgp router ccr1009 for couple of weeks without issue, now upgraded to 7.4.
i like the way this v7 of route print that so fast. whatever you guys call it not stable, blabla. i dont wan't to go back v6 lol

How is route aggregation working for you? And what about BFD?
Do you monitor your BGP peers for being active? And for number of advertised prefixes? How?

my case is not as complex as you have but at least in my scenario it is stable.
they are working on that https://help.mikrotik.com/docs/display/ ... l+Overview

I just ordered an SXT LTE6 Kit and would like to know if I can safely run this release on it. I have no experience with any lte products from mikrotik. Usually I connect everything using dsl or fibre but this time the isp can't provide such a connection in time, so I have to use lte for a few weeks. I'd like to use V7 because of easy remote management using wireguard, but if the modem / lte connection somehow is not stable with this release, there's no other option for me to use V6 and ikev2 instead. Interested in your opinion.

I upgraded the same model to 7.4. No issues so far.

Regards.

crs305
crs326-24g
crs317
chr
all updated from 7.2.3 to 7.4: ALL seems ok
Best Regards From Rome

I jumped in and updated my RB3011 towards 7.4 , coming from 6.49.2 (selected the "upgrade channel" to it allowed to jump into the 7.x tree)
Zero issues so far, to be honest, didn't expect that...;-)
But the router is not used much, the CPU % seem to have risen slightly compared to 6.x branch.

Tested on hAPAC3 and RB4011igs+5hacq2hnd-IN all works no error.

One thing for sure this patch fix my error before, which PPPoE client (OpenWRT) try to connect to PPPoE Server (RB4011igs+5hacq2hnd-IN) using RADIUS UserManager. Before, at v7.3.1 still got error 'RADIUS not responding'. But today as I patch to v7.4, connection successfull, no more Radius not responding.
But the problem now, when the limit for the user have reached, UserManager user-session will be terminated (UserManager Session Terminate cause : Um Limits Reached), BUT PPPoE status connection WILL REMAIN ACTIVE. This lead to PPPoE client still get Internet from the link.
I set limitation time based and/or volume based limitation, using UserManager UserGroups Attributes, UserManager Profile, and UserManager Limitations.
Can anyone englightned me? Tyvm.

is this version resolved ping problem yet?

viewtopic.php?t=185381

No, I do not think so.
We will probably see the fix in 7.5beta first.

hAP ac^2 updated to 7.4 and Winbox to 3.37. I see there are some bugs when I open the rules list in Filter Rules in Firewall. The list doesn't load completely, but when I switch to the NAT tab and return to Filter Rules, the list loads completely.

Winbox issue, it seems.
See here:
viewtopic.php?p=947514#p947514

is this version resolved ping problem yet?

viewtopic.php?t=185381

I have this bug only on x86 platforms. After 36/48h i got the ping tool not working. So all the route with check-gateway=ping are disabled.
To workaround it I reboot the router each night.

Now with 7.4 there is a differnt behavior:
- netwatch works correctly, this mean that this tool correctly identifies if an host is up (also if the regular ping tool don't get reply due to the bug) and down, in fact blocking icmp for an host it get the host down.
- the check-gateway=ping in route follow not the netwatch but the ping tool, so during the issue, the routes with check-gateway=ping got disabled and at the same time the netwatch report the gateway up…..
this pushes me to thing that ping tool during the issue works on a wrong vrf or socket or something like that.

I updated my ticket SUP-67221 about it.
regards
Ros

With recent release numbering scheme, I wonder if there is enough numbers left to get stable before we get to 8.0 ;-)

I think we're good for another 10 years or so ... v6 is now at .49.6, v7 is at .4.0 ... quite some room for growth.

With recent release numbering scheme, I wonder if there is enough numbers left to get stable before we get to 8.0 ;-)

Well, we could easily go far beyond 7.100. So... I wouldn't worry too much about lack of numbers. Now, worrying about BGP is another thing...

Any idea of when we are likely to get an upgrade to ZeroTier? The current version is quite a way behind.

With recent release numbering scheme, I wonder if there is enough numbers left to get stable before we get to 8.0 ;-)

And it will be a new router series will released CCR3xxxx

thx

Hi,

May i know is there anyways that we could display ping reading in ms instead us under version 7?

Thanks

Anyone alse already tried this "STABLE" version?

i need to hard reset to make it work

hard reset, or hard reset with netinstall? My experience was the same. Upgraded from 7.3.1 to 7.4 and unit is unresponsive since. in my case, suspect not enough memory, very old HW...

After upgrading my hap ac 2 from 7.3.1 to 7.4 via Winbox upgrade packages it is now bricked.

After upgrading my hap ac 2 from 7.3.1 to 7.4 via Winbox upgrade packages it is now bricked.

Read a couple of posts above, has been reported before on multiple occasions.
What if you netinstall directly 7.4 ? Should work.

And I hope you first made a usable export of your config ...

After upgrading my hap ac 2 from 7.3.1 to 7.4 via Winbox upgrade packages it is now bricked.

Mine isn't. Did it have a long upgrade history? It is better to netinstall at least once with a v7.x version as described many times.

Yeah, luckily I had recent backups from when I went from ROS 6 to 7.
It was a pain to netinstall though, but managed to get it going to ROS 7.4 in the end.

Yeah, I guess so pe1chl. Long stable upgrade history on ROS 6 and then a lot of issues trying to get it stable on 7 :)

Yeah, I guess so pe1chl. Long stable upgrade history on ROS 6 and then a lot of issues trying to get it stable on 7 :)

My personal view on what's happening:
somewhere in the process during upgrades from ROS6 to version - version - version - ROS7 - version - version ... "something" is left behind which completely messes up the install which at that point bricks everything.
A clean netinstall and then import of previous config, gets rid of that left-over rogue setting (or multiple ?).
We may not forget moving from ROS6 to ROS7 means a complete new kernel under the hood.
FWIW so far I only had to do this once myself on ROS7 (with 7.1.1 on Hex, whereas 7.2rc3 on SXT was not an issue then). Never again afterwards.

My personal view on what's happening:
somewhere in the process during upgrades from ROS6 to version - version - version - ROS7 - version - version ... "something" is left behind which completely messes up the install which at that point bricks everything.
A clean netinstall and then import of previous config, gets rid of that left-over rogue setting (or multiple ?).
We may not forget moving from ROS6 to ROS7 means a complete new kernel under the hood.

I think more important than a new kernel: it has a completely new config database as well. Which is converted during the first run of v7. There is no command to remove the v6 database, it remains on the device.
That is why I think it is best to install v7 and load the config from a /export (not a load of a backup), to build the v7 config database from commands, not from that converted v6 database.
I had issues at almost every v7.x upgrade until I did this, and never after that.

DOM/DDM still not work on my RB760iGS. With ROS6 it works fine!!

DOM/DDM still not work on my RB760iGS. With ROS6 it works fine!!

Yes that seems to be a topic related to kernel patches etc that they do not really have under control.
In the v6 days I have been asking for similar functions for VDSL SFP modules but that never got implemented either, apparently it is not so easy.

What happens if you netinstall 7.4 ? Just curious ...

It just works :)
Netinstalled 8 of those without any issue.

Yes netinstall just works, anyway where's the new testing release?

My personal view on what's happening:
somewhere in the process during upgrades from ROS6 to version - version - version - ROS7 - version - version ... "something" is left behind which completely messes up the install which at that point bricks everything.
A clean netinstall and then import of previous config, gets rid of that left-over rogue setting (or multiple ?).
We may not forget moving from ROS6 to ROS7 means a complete new kernel under the hood.

I think more important than a new kernel: it has a completely new config database as well. Which is converted during the first run of v7. There is no command to remove the v6 database, it remains on the device.
That is why I think it is best to install v7 and load the config from a /export (not a load of a backup), to build the v7 config database from commands, not from that converted v6 database.
I had issues at almost every v7.x upgrade until I did this, and never after that.

That's not practical though for the hundreds of devices in the field I'd love to get onto ROS 7 once stable.

That's not practical though for the hundreds of devices in the field I'd love to get onto ROS 7 once stable.

Yes, as I wrote before (e.g. above in viewtopic.php?p=947288#p947288 ) I hope these issues will eventually be fixed. But it appears the current stat is still "denial" so we first need to have "confirmation" and "debugging"... even a (also often mentioned) improvement of import of /export config (so you can export your config, then do a "/system reset-configuration no-defaults=yes run-after-reset=exportfile" without the many problems that now causes), would be good. I never see a "yes that is right, we will be working on that!" reply on those messages, so little hope for that as well.

@holvoetn @jhbarrantes thank you for your feedback, installation went well today using 7.4. (what is going on with that sim slot? I had to use so much force to get it in..)

when do you plan to do BGP on SMPIS?

🤣 Never I guess.

anyway where's the new testing release?

As usual, under development.
Or MT workers may have vacation.

*) lte - improved LTE interface detection for LtAP-2HnD devices;

Does this have to do with the LTE interface totally missing in some occasions ?

+1

With recent release numbering scheme, I wonder if there is enough numbers left to get stable before we get to 8.0 ;-)

Well, we could easily go far beyond 7.100. So... I wouldn't worry too much about lack of numbers. Now, worrying about BGP is another thing...

That's me being stupid, sorry. I, for some reason thought, that After 7.9, there is 8.0 naturally, simply versions being a single digits. I would welcome more 7.x.y release schema.

Please do not make background noise in the release topics,
or the MikroTik staff may not be able to hear the problems, hidden by the other sounds...

Thank you.

Hi.
OpenVPN client (and/or server) is broken.
OpenVPN client to a remote OpenVPN server on the Mikrotik with same 7.4 version stopped to work, both udp and tcp.
Looks like the client spams lot of requests, the server does not have any errors. Many connections are visible in the server firewall.
The client logs are following: connecting... initializing... disconnected, terminating... - peer disconnected.
Connection to the same OpenVPN server from the Android works good.

Checked following setup and it worked: ovpn-server 7.4. ovpn-client 7.3.1. Both tcp and udp.
So either ovpn-client 7.4 is broken or ovpn-server 7.4 became incompatible with the 7.4 client.

I have upgraded my installation from 6.49.6 to 7.4 via the update option (using upgrade channel), update was smooth.

The issue now is looks like my license key is no longer valid or there is something wrong.

I didn't see any reference to license requirements when upgrading. Do I need to purchase a new license ?

*) e-mail - added VRF support;
*) ntp - added VRF support for client and server;
*) radius - added VRF support for RADIUS client;

Hi there,

e-mail with VRF works
ntp with VRF ended with timeout
radius server with VRF ended also with timeout - no option to set for VRF?

After much hesitation, I upgraded my RB4011 from 6.48.6 to 7.4 using "Check for updates" at /system package and the upgrade went very, very smoothly.
Fortunately, a netinstall was not necessary.
Everything is running fine.

https://help.mikrotik.com/docs/pages/vi ... edfeatures

It is a bit unfortunate that for NTP server and client, of which there can be only one instance, the VRF is set globally.
One would expect the NTP client have server config like RADIUS (@vrf added to each server address).

However, it already is very good that VRF is supported more and more. At some time I may be able to replace my "multiple route tables with routing rules" setup with a VRF config. Last time I tried that (7.4rc1) there were still issues with that.

After much hesitation, I upgraded my RB4011 from 6.48.6 to 7.4 using "Check for updates" at /system package and the upgrade went very, very smoothly.
Fortunately, a netinstall was not necessary.
Everything is running fine.

To assure that this will remain like that, I would still advise to do a full export (/export show-sensitive file=name) and do a clean netinstall and import the exported config.
Lots of users end up having to do that, and it is better to do it at your convenience.

(when do that, do NOT select "Keep old configuration" on netinstall and do NOT select "Apply default config",
on this way you can import back the export.rsc without already existent item that can fail the import)

I said "a clean netinstall". I have explained the procedure and the pitfalls many times already.

@pe1chl, @rextended,
Thank you for the advice and recommendations.
I take them wholeheartedly.

hap ac2 v7.4 , TLS Host and L7 protocol is not catching any traffic.

hap ac2 v7.4 , TLS Host and L7 protocol is not catching any traffic.

Is this a new problem (i.e. it worked fine in previous versions) or entirely new observation? Because TLS and L7 don't play particularly well together due to fact most of communication is encrypted.

The SSH host key regeneration problem is still very present in 7.4
Tested with three devices (SXT LTE6, RB2011 and CRS318), all of them show 100% (resp. 50% on CRS318) CPU load after boot when either:
- SSH connect from another device
- open /ip/ssh settings
- trying to reboot the device
Prerequisite is. to set the SSH settings to a big key size like 8192 and then regenerate the key. This never finishes even after several hours.
Rebooting the device then brings the behavior seen above.

maybe someone has tested version 7.4 on a device hAP_AC2? Works well? https://mikrotik.com/product/hap_ac2

As of 7.4 simple queues are not automatically cleaned with radius server.
This happens randomly and happens on CCR1072 with 1500+ ppp clients. Only fix is restart Mikrotik.
Any Solution Please?

Installed 7.4 on one hEX.
Netinstalled, and rebuilt all config from zero. So far, so good. Running 4 BGP sessions, with a total of 2572 routes. Some (very) basic filtering and 4 Wireguard peers.
Fingers crossed. :D

BGP VPLS signaled route reflect doesn't work.

@mahoutchian for not fill this topic with screenshots,
since you did not respond to my and other users' request to clear the Winbox cache and try again,
as this behavior only occurs on your device and I have personally tested it on my machine and I cannot replicate the problem,
and it has not currently happened to others,
BEFORE doing anything PLEASE create supout.rif and check the files inside / skins if there is anything,
and send everything to support@mikrotik.com with a full description of the problem.

Thanks.

For that problem, continue here: viewtopic.php?t=188044 [SOLVED]

Updated from 6.48.6 to 7.4 changed the software ID and now I can't insert the license. Please tell me what to do how to return the old software ID

Without details, they are just words thrown at random.
You haven't specified what you're talking about.

What if you have x86 installed on a real machine?
Reload the disk image you made before upgrade.

Why do you backup them, right?

I bought a license for Routeros v 6.48.6 x86, there is a softoware id in my personal account, but it became different, after updating to 7.4 the softoware id changed, I don’t understand how this can happen if it is attached to the ssd disk in this case

I don't remember the details, but I THINK there was something like this, some time ago. Was it something about old keys? Or was it some weird bug, bringing the key during the upgrade?

I really don't remember, but for some reason this story rings a bell somewhere... Maybe a forum search gets some results?

Reload the backup disk image you made before upgrade.

Probably the BIOS of the motherboard act like some old BIOS than change boot from "classic" to "efi"
or change sata support from IDE to AHCI if detect capable OS...
Changing the (same) disk access from IDE to AHCI, also change bus info and serial number and to the OS appear like a new disk...
Try to force IDE mode on sata, on BIOS or disable EFI and enable old method.

[...] for some reason this story rings a bell somewhere [...]

Yes, from v3 to v4 change software id from XYZ-ABC to JKLM-NOPR

@7sergeynazarov7
Contact MikroTik and they will help out.
support@mikrotik.com

I don’t see more opportunities, I wrote very much, I’m waiting for a positive answer, so that they change the license, under my software id, which has become now.

Tell me, please, did you find a way out of this situation, I also lost the license for the x86 platform

Reload the backup disk image you made before upgrade.

or

Install again 6.49.6 and reload backup maded before upgrade.

Is it normal to see constant 100% CPU usage on one CPU core on CCR2116-12G-4S+?
Profiler shows "networking" using the CPU.
There is no config (/system/reset-configuration no-defaults=yes) and nothing is connected to it except the mgmt port and mac-telnet for WinBox.

My mangle rules were working fine in 7.3.1 and now they are broken in 7.4. The first rule is supposed to mark all traffic to blocked_sites address list with a `personal-vpn` connection mark. It's showing 0 in the counter and not even touching any packets at all and all the traffic is being routed normally.

Sometimes, Router OS/Winbox will show 1 thing when in reality it's actually something else. This has happened several times so I assumed maybe it's that and to eliminate any chances of this, I removed _all_ mangle rules and re-added them and still the same problem.