v7.6rc is released!

emils · Wed Oct 05, 2022 11:58 am

RouterOS version 7.6rc1 has been released "v7 testing" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.6rc1 (2022-Oct-04 18:54):

Changes in this release:

*) certificate - improved certificate management, signing and storing processes;
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) lte - added support for Neoway N75-EA;
*) snmp - improved stability when receiving bogus packets;
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) winbox - added "Reset Traffic Counters" button for all interfaces;

Other changes since v7.5:

*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.

pe1chl · Wed Oct 05, 2022 12:27 pm

RouterOS version 7.6rc1 has been released "v7 testing" channel!

*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);

Yes, it seems like it is working again (tested from my TV app that failed to work in beta10).
However, I am extremely disappointed that yet again we go into release candidate status without BFD support!

rpingar · Wed Oct 05, 2022 1:13 pm

RouterOS version 7.6rc1 has been released "v7 testing" channel!

*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
Yes, it seems like it is working again (tested from my TV app that failed to work in beta10).
However, I am extremely disappointed that yet again we go into release candidate status without BFD support!

you are complining about a not available feature.....
I am complaining that bgp is yet not stable and a new hardware CCR2XXX and new software v7 has shared memory limit that doesn't allow a stable work.
.........

vaka · Wed Oct 05, 2022 1:43 pm

*) bgp - added support for BGP advertisement displaying (CLI only);

Who knows how to display bgp session advertisement ?

own3r1138 · Wed Oct 05, 2022 1:44 pm

*) container - added "start-on-boot" parameter for automatic container startup;
Doesn't work on multi-container boot on startup.

/container/set 0,1 start-on-boot=yes
/container print
0 name="96a1d400-542f-462e-9f17-06bc9e30bafa" tag="latest" os="linux" arch="amd64" interface=veth1 start-on-boot=yes status=running 
1 name="4d768d27-831c-4bec-93bb-50661758d6b6" tag="latest" os="linux" arch="amd64" interface=veth2 start-on-boot=yes status=running

system reboot yes

/container print
0 name="96a1d400-542f-462e-9f17-06bc9e30bafa" tag="latest" os="linux" arch="amd64" interface=veth1 start-on-boot=yes status=stopped
1 name="4d768d27-831c-4bec-93bb-50661758d6b6" tag="latest" os="linux" arch="amd64" interface=veth2 start-on-boot=yes status=running

/container/set 0,1,2 start-on-boot=yes
system reboot yes
0 name="96a1d400-542f-462e-9f17-06bc9e30bafa" tag="latest" interface=veth1 start-on-boot=yes status=stopped
1 name="4d768d27-831c-4bec-93bb-50661758d6b6"  interface=veth2 start-on-boot=yes status=runned for 2 sec / then it stopped
2 name="4ef2ec35-c69a-46bc-985f-045342003e28" tag="latest" interface=veth3 start-on-boot=yes status=running

Dude2048 · Wed Oct 05, 2022 1:45 pm

@ Vaka /routing/stats/adverts print

rextended · Wed Oct 05, 2022 3:05 pm

CCR2116-12G-4S+ on pre-production
from netinstalled 7.6beta7,
previously updated via drag&drop npk from 7.6beta7 to 7.6beta8,
updated again via drag&drop npk from 7.6beta8 to 7.6rc1

Apparently everything works as expected...

mafiosa · Wed Oct 05, 2022 3:14 pm

Updated RB5099 from 7.6 beta 10 without issues. DNS was not resolving so manually had to add the packages.

pe1chl · Wed Oct 05, 2022 3:51 pm

However, I am extremely disappointed that yet again we go into release candidate status without BFD support!
you are complining about a not available feature.....
I am complaining that bgp is yet not stable and a new hardware CCR2XXX and new software v7 has shared memory limit that doesn't allow a stable work.
.........

Well, I tend to use BGP on internal networks with a limited number of routes, not for internet routing with multiple full-route peers. The stability is OK for me.
But I need it to switch over quickly when a path fails, because that is what I use it for. E.g. multiple tunnels to the same place (over IPv4, over IPv6, over LTE) and having BFD and BGP deciding on the path to use.
This was a feature available in RouterOS v6 and it worked well, I also think in this form it is trivial to implement. I have read some times that the v6 BFD was not a complete implementation and there was some usage known from other manufacturer's routers that was not supported in RouterOS, but for me it was just fine: have a quick ping forward and back over a TTL=1 path (a WiFi link, a tunnel) and quick information towards BGP that the path is down.

I am disappointed that this still is not available in v7, I had hoped the first attention in v7 development would be to be feature-complete relative to v6 before extending it with lots of new features. Even "netwatch" has been extended, I would likely even be happy when there would be a BFD-compatible mode in netwatch.

chiem · Wed Oct 05, 2022 4:07 pm

So.. IP Services www and www-ssl don't work on ipv6. The ports just gets answered and closed. I think these used to work, but not sure..

ToTheCLI · Wed Oct 05, 2022 4:43 pm

Is there something wrong with mangle routing marks?
I can not make a device (by src.mac address) go to secondary WAN.
Used to work on 7.5 stable

Update:
After Disabling fastpath in IP settings the mangle rules work again

mikrotikedoff · Wed Oct 05, 2022 5:20 pm

@pe1chl

How often do you get path failures? I apologize if this is an ignorant question I don't use BGP in my simple setups.

Best regards,

pe1chl · Wed Oct 05, 2022 5:22 pm

Is there something wrong with mangle routing marks?
I can not make a device (by src.mac address) go to secondary WAN.

Routing marks work for me, but I use src IP address/network.

pe1chl · Wed Oct 05, 2022 5:26 pm

How often do you get path failures? I apologize if this is an ignorant question I don't use BGP in my simple setups.

Several times per day. There are WiFi links to places several km away, in a country where everyone uses wireless.
Also in case of tunnels, the whole reason to have multiple tunnels and automatic failover is to have people connected all the time without interruptions. It is not acceptable to have a link failover after it has been dead for 3 minutes (BGP default), with BFD the default is 1 second which is sort of OK.
In my v7 test setup I have set BGP hold time to 15 seconds, but even that is too slow when a winbox session runs over the link. The winbox session fails when the link disconnects.
With BFD in place that worked fine! (routes changed to use another working fallback connection quickly enough for winbox to survive)

sirbryan · Wed Oct 05, 2022 6:00 pm

It's also not a matter of how often, but when. *Any* time you have a path failure (could be wireless or fiber, weather or man-made) and you have dozens, hundreds, or thousands of people with live connections, 4-15 seconds is enough to terminate phone and video calls, gaming sessions, and causes everything else to buffer. If you have a link that starts to flap, for whatever reason, the problem is exacerbated.

We have a large number of 60/70/80GHz links with 5GHz or secondary 60GHz links for redundancy, and those high-speed, high-frequency links are prone to rain fade. With a proper design, we can seamlessly transition to the preferred backup path(s) and keep traffic moving. BFD is a crucial part of that design for me, so most of my hub sites have RB4011's with v6 on them.

I use OSPF between sites, with iBGP layered on top of that. OSPF has shorter timers, but 4 seconds is still a lot.

biomesh · Wed Oct 05, 2022 6:08 pm

I finally decided to test ipv6 l3hw offloading on my crs317 with l3hw ipv4 already enabled. It was a few quick changes and now I get full 10gbps ipv6 on my internal vlans.

vikinggeek · Wed Oct 05, 2022 7:48 pm

Well, I tend to use BGP on internal networks with a limited number of routes, not for internet routing with multiple full-route peers. The stability is OK for me.
But I need it to switch over quickly

@pe1chl. I thought that OSPF was designed for the internal network and speedy switching. In v6 we are using OSPF for both IPv4 and IPv6 and it seems to just work. Curious, as we have been reluctant to go to v7 due to all the BGP noise in this forum (messing with the routing is scary). I don't see much comments about OSPF; is that because few networks are using it? Is there a particular reason that OSPF is not suitable for you?

pe1chl · Wed Oct 05, 2022 7:52 pm

I have no experience with OSPF. Early on in the decision between BGP and OSPF I got affected by "what others already were using", and "OSPF reputation of heavy CPU use".
I don't know if that is true or not, but at the moment it isn't practical anymore to switch over and try.
Also, as sirbryan wrote, for some services you really need (sub)second switchover times and BFD would be required with OSPF just as well.

Navegador · Wed Oct 05, 2022 8:31 pm

7.6rc1 broke my LTE on a LTAP Mini with Quectel EP06E modem. Interface wouldn't run even though it was enabled, and when I tried to disable it, it would enable itself back. Weird. If you're running a similar config avoid RC1.

adian009 · Thu Oct 06, 2022 9:43 am

7.6rc1 broke Netflix and Amazon Prime from TV. After trying to identify root cause for an hour, I finally assumed it was DNS related (like 7.6beta10) so reverted back to 7.5 and all was immediately working again. ATM I don't have a spare MT to test, so sorry I can't offer root cause ATM :(

pe1chl · Thu Oct 06, 2022 10:22 am

Did you use beta10 before? Did you restart the TV? The latter helped in my case after update from beta10 to rc1.

sirbryan · Thu Oct 06, 2022 10:35 am

I have no experience with OSPF. Early on in the decision between BGP and OSPF I got affected by "what others already were using", and "OSPF reputation of heavy CPU use".
I don't know if that is true or not, but at the moment it isn't practical anymore to switch over and try.
Also, as sirbryan wrote, for some services you really need (sub)second switchover times and BFD would be required with OSPF just as well.

I don't know enough about your network infrastructure, but those protocols are more complimentary than "either/or." They can both be CPU intensive; it really depends on how much is changing in the network.

With L3HW offloading enabled, my border routers (2116) are about 5% CPU load with full BGP routes (filtering out all but 1 AS-path away), feeding into an internal BGP router (also 2116) which is at 0-2%. Profiler shows mostly "routing," leading me to believe that the CPU's are handling the changes in the full BGP table and doing nothing else, since OSPF states are stable between the routers.

IP Architects has a good blog write-up on using iBGP with loopback IP's over OSPF, where OSPF handles only the subnets needed for routers to talk to each other, and the subnets going to customers advertised via BGP. Route recursion points BGP-learned routes to OSPF-learned destinations, and it works very well, despite the lack of BFD on the v7 routers.

That all said, I still would like to see some attention paid to BFD. I do have to say I'm happy to see 7 come together and 7.4 is running smoothly on my production 2116's, 5009's, and a few CRS3xx's.

pe1chl · Thu Oct 06, 2022 11:01 am

Well, my understanding was that the CPU usage for recalculating of the optimal paths is a lot more in OSPF than in BGP.
In one network, we have a lot of 2011-class (600 MHz MIPSBE) and RB750Gr3 routers in the network. They have to be able to keep up. There are ~100 routers and paths, many of the paths are WiFi links that sometimes can disconnect for different reasons, and the routing has to be re-calculated. That happens several times per day, sometimes a link can be flapping.
So a lot smaller scale than the typical use of BGP for internet routing at a multi-homed company or ISP.
We also need a simple configuration that can be managed in a distributed way. So each operator manages a couple of routers that talk to other such areas. There is not a single authority that manages the whole network and decides on global changes.
That is why we now use mainly eBGP, which works OK in this scenario (sometimes there is iBGP when there are multiple routers at a single site).
As the situation is now, we cannot migrate the network to v7 and when some islands do that, there are problems as a result. We want that to come to an end.

Another scenario is at my workplace where we have ~10 routers to interconnect branch offices and other small locations. GRE and GRE6 tunnels are used between the locations, and several of them have L2TP/IPsec over LTE in addition. We use BGP to select the working tunnel (GRE, then GRE6, then LTE). The users need quick switchover as this network is used for Citrix, VoIP, etc. This setup could in theory be converted to OSPF. All routers are running v6 due to the lack of BFD which is a requirement for quick switchover, which does not happen that frequently but users are in panic when their connection dies for 3 minutes.

chiem · Thu Oct 06, 2022 4:23 pm

Something's not kosher with the way CNAME DNS results are handled in this version.

On FreeBSD, I'm only getting results on the first lookup:

$ ping -4c1 www.yahoo.com
PING new-fp-shed.wg1.b.yahoo.com (74.6.231.21): 56 data bytes
64 bytes from 74.6.231.21: icmp_seq=0 ttl=31 time=57.504 ms

--- new-fp-shed.wg1.b.yahoo.com ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 57.504/57.504/57.504/0.000 ms
$ ping -4c1 www.yahoo.com
ping: cannot resolve www.yahoo.com: Unknown server error
$ ping -4c1 www.yahoo.com
ping: cannot resolve www.yahoo.com: Unknown server error
$ dig www.yahoo.com @192.168.0.1

; <<>> DiG 9.18.7 <<>> www.yahoo.com @192.168.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6448
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.yahoo.com.                 IN      A

;; ANSWER SECTION:
new-fp-shed.wg1.b.yahoo.com. 29 IN      A       98.137.11.163
new-fp-shed.wg1.b.yahoo.com. 29 IN      A       98.137.11.164
new-fp-shed.wg1.b.yahoo.com. 29 IN      A       74.6.231.20
new-fp-shed.wg1.b.yahoo.com. 29 IN      A       74.6.231.21
www.yahoo.com.          32      IN      CNAME   new-fp-shed.wg1.b.yahoo.com.

;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1) (UDP)
;; WHEN: Thu Oct 06 06:14:49 PDT 2022
;; MSG SIZE  rcvd: 133

If I flush the static dns cache on the router, it'll work again for the first request. FreeBSD doesn't cache dns results.

On a different system behind ROS 7.5:

$ ping -4c1 www.yahoo.com
PING new-fp-shed.wg1.b.yahoo.com (74.6.231.20): 56 data bytes
64 bytes from 74.6.231.20: icmp_seq=0 ttl=51 time=58.902 ms
                                                                                
--- new-fp-shed.wg1.b.yahoo.com ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 58.902/58.902/58.902/0.000 ms
$ ping -4c1 www.yahoo.com
PING new-fp-shed.wg1.b.yahoo.com (98.137.11.163): 56 data bytes
64 bytes from 98.137.11.163: icmp_seq=0 ttl=51 time=30.100 ms
                                                                                
--- new-fp-shed.wg1.b.yahoo.com ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 30.100/30.100/30.100/0.000 ms
$ ping -4c1 www.yahoo.com
PING new-fp-shed.wg1.b.yahoo.com (74.6.231.20): 56 data bytes
64 bytes from 74.6.231.20: icmp_seq=0 ttl=51 time=58.882 ms

--- new-fp-shed.wg1.b.yahoo.com ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 58.882/58.882/58.882/0.000 ms             
$ dig www.yahoo.com

; <<>> DiG 9.18.7 <<>> www.yahoo.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11813
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.yahoo.com.                 IN      A

;; ANSWER SECTION:
www.yahoo.com.          31      IN      CNAME   new-fp-shed.wg1.b.yahoo.com.
new-fp-shed.wg1.b.yahoo.com. 31 IN      A       98.137.11.164
new-fp-shed.wg1.b.yahoo.com. 31 IN      A       74.6.231.20
new-fp-shed.wg1.b.yahoo.com. 31 IN      A       74.6.231.21
new-fp-shed.wg1.b.yahoo.com. 31 IN      A       98.137.11.163

;; Query time: 23 msec
;; SERVER: 192.168.125.1#53(192.168.125.1) (UDP)
;; WHEN: Thu Oct 06 06:16:42 PDT 2022
;; MSG SIZE  rcvd: 133

I noticed that the CNAME always comes first in the answer section of ROS 7.5, but it only comes first if results aren't cached in 7.6rc1. If I query 8.8.8.8 or 1.1.1.1 directly, the CNAME result is always first as well, so I'm guessing returning the CNAME last isn't kosher?

cowpoke · Thu Oct 06, 2022 4:30 pm

Something's not kosher with the way CNAME DNS results are handled in this version.

I noticed the same. The 7.6rc1 behaviour of putting extra A response records in responses for AAAA queries for CNAMEs confuses some common DNS client implementations. Windows and dig are not affected, but glibc and it seems FreeBSD are.

armandfumal · Thu Oct 06, 2022 9:33 pm

*) bgp - added support for BGP advertisement displaying (CLI only);

Who knows how to display bgp session advertisement ?

/routing/stats/adverts/print detail
/routing/stats/adverts/show publisher=<peer-session>

curtdept · Fri Oct 07, 2022 5:29 am

Running a pihole and hitting dns issues, not sure this is isolated to just dns hosted on the mikrotik. Same thing if I spam resolutions, it will eventually succeed.

Update: no seems to be isolated to mikrotik. Found out pihole was falling back to querying mikrotik due to an amiss DHCP option :(

On that note apparently unselecting allow remote requests does nothing.

buset1974 · Fri Oct 07, 2022 9:54 am

on v7.6rc1 mpls L3vpn still broken, eventhough PE - CE using static

Thx

pe1chl · Fri Oct 07, 2022 12:16 pm

The "communities" values shown by "/routing/stats/adverts/show publisher=xxx" are completely wrong!
Maybe an endianness issue? (this is on a 4011)

oreggin · Fri Oct 07, 2022 8:19 pm

DNS issue addressing is not success in 7.6rc1. It doesn't work most of the times. I created a bash oneliner to test it with 7.6rc1 and after downgrade to 7.6beta8 it works fine as you can see in the second case:

$ while true; do i=0; while [ $i -lt 20 ]; do getent hosts web.facebook.com > /dev/null && echo -n "!" || echo -n "."; ((i+=1)); sleep 3; done; echo ""; done
....!.!.............
...!................
......!!............
......!!............
......!!............
.......!............
..!...!.............
..!!................
.!!.................
!!.................!
.!.................!
..................!.
!...................
!.................!.
!.................!.
.................!!.
.................!!.
.................!..
.................!!.
.................!!.
................!!..
......^C
$ while true; do i=0; while [ $i -lt 20 ]; do getent hosts web.facebook.com > /dev/null && echo -n "!" || echo -n "."; ((i+=1)); sleep 3; done; echo ""; done
!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!^C

zsolt · Sun Oct 09, 2022 9:30 am

In this version will be implemented the Router Advertisement Guard (RA Guard)?
https://www.rfc-editor.org/rfc/rfc6105
It is a very important security feature, because a hacked PC can advertise a fake router, it is an easy way to middle-of-man attack.
All of other smartswitch (Cisco, HP, Juniper, TP-Link) known this basic security feature.

Jotne · Sun Oct 09, 2022 9:42 am

This is an RC, no new feature are added in RC. Its just releases to make sure its stable enough to become stable version.

depth0cert · Sun Oct 09, 2022 2:55 pm

*) certificate - improved certificate management, signing and storing processes;

[admin@MikroTik] > /certificate/import file-name="r1-ca.crt" name="r1-ca.crt" passphrase=""
     certificates-imported: 1
     private-keys-imported: 0
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0

[admin@MikroTik] > /certificate/import file-name="r1.p12" name="r1.p12" passphrase="passphrase"
     certificates-imported: 1
     private-keys-imported: 1
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0

[admin@MikroTik] > /caps-man/manager/set ca-certificate=r1-ca.crt certificate=r1.p12 enabled=yes require-peer-certificate=yes
input does not match any value of ca-certificate
[admin@MikroTik] >

With a new installation of 7.5beta5 and 7.5beta8, this works, on 7.6rc1 it does not. What are the requirements for certificates now? SUP-94536

Cha0s · Sun Oct 09, 2022 10:01 pm

This is an RC, no new feature are added in RC. Its just releases to make sure its stable enough to become stable version.

Well... this is MikroTik, so version naming conventions do not really apply.

Jotne · Sun Oct 09, 2022 10:16 pm

I have to a agree to you Chaos. Here are a list of what that has been added to various 7.x release candidates.
There should be none, if you ask me.

7.6rc1 lte - added support for Neoway N75-EA
7.6rc1 winbox - added "Reset Traffic Counters" button for all interfaces
7.5rc1 capsman - added randomized range option for "reselect-interval" parameter (CLI only)
7.5rc1 container - added tun/tap support for containers
7.5rc1 dns - added "address-list" parameter for static DNS entries (CLI only)
7.5rc1 dns - added "match-subdomain" option for static entries (CLI only)
7.5rc1 firewall - added support for RTSP helper
7.5rc1 lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems
7.5rc1 lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003)
7.5rc1 lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005)
7.5rc1 port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d)
7.5rc1 port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018)
7.5rc1 routerboard - added "reset-button" script feature for TILE devices
7.5rc1 ssh - added AES support for PEM decryption
7.5rc1 traceroute - added "do-not-fragment" parameter support (CLI only)
7.5rc1 vrrp - added "sync-connection-tracking" compatibility with preemption-mode
7.5rc1 wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation
7.5rc1 wifiwave2 - added support for 802.11k
7.4rc2 chr - fixed booting with added additional SCSI disk
7.4rc2 container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated)
7.4rc2 netwatch - added support for more advanced probing
7.4rc2 wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces
7.4rc1 netwatch - added support for more advanced probing
7.4rc1 ntp - added VRF support for client and server
7.4rc1 ovpn - added "AUTH_FAILED" control message sending
7.4rc1 radius - added VRF support for RADIUS client
7.4rc1 system - added "shutdown" parameter for reset-configuration (CLI only)
7.4rc1 wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces
7.4rc1 winbox - added "VRF" parameter under "Tools/E-mail" menu
7.3rc1 l2tp - added VRF support for L2TP client
7.3rc1 profile - added "wireguard" process classificator
7.3rc1 profile - added "zerotier" process classificator
7.3rc1 snmp - added VRF support
7.3rc1 winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu
7.3rc1 x86 - added support for Solarflare SFC1920 NIC
7.2rc5 bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set)
7.2rc5 dhcpv6 - added VRF support
7.2rc5 log - added warning message when connection tracking table is full
7.2rc5 lte - added support for Uplink CA reporting
7.2rc5 rip - added logging
7.2rc5 routing - added PCAP viewer tool for BGP advertisements debugging purposes
7.2rc5 switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips
7.2rc5 tr069-client - added support for 5G band configuration
7.2rc5 tr069-client - added support for wireless "skip-DFS" configuration
7.2rc5 winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu
7.2rc5 winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu
7.2rc4 lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems
7.2rc4 ppp - added "comment" option for PPPoE servers
7.2rc4 wifiwave2 - added "client-isolation" feature
7.2rc4 winbox - added "host-uniq" parameter to PPPoE client interface
7.2rc4 wireless - added "3gpp-info" parameter to interworking configuration
7.2rc4 wireless - added EAP-AKA to interworking's realm configuration
7.2rc2 bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled
7.2rc2 dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server
7.2rc2 dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules
7.2rc2 dot1x - added NAS-Port-ID attribute for RADIUS Access-Request
7.2rc2 l3hw - added HW offloaded FastTrack support for inter-VLAN routing
7.2rc2 lte - added 3 APN profile support and APN name re-using on R11e-LTE6
7.2rc2 lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems
7.2rc2 lte - added class based support for configless RNDIS LTE modems
7.2rc2 ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type)
7.2rc2 snmp - added SFP vendor name to optical table
7.2rc2 snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's
7.2rc2 winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu
7.2rc2 winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces
7.2rc2 winbox - added "Ignore Missing" selector to "System/Packages" menu
7.2rc2 winbox - added "Routing Table" parameter for IPv6 routes
7.2rc2 winbox - added "VPN" tab to "Routing/BGP" menu
7.2rc2 winbox - added "VRF" parameter to "IP/Services" menu
7.2rc2 winbox - added "comment" parameter to "User Manager/Users" menu
7.2rc2 winbox - added MLAG support
7.2rc2 winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's
7.2rc2 winbox - added ZeroTier support
7.2rc2 winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu
7.2rc2 x86 - added support for Intel E810 NIC
7.2rc1 backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only)
7.2rc1 ipsec - added hardware acceleration support for CCR2116
7.2rc1 lte - added basic information support for Telit LM960 and LM940 in MBIM mode
7.2rc1 ovpn - added SHA2 authentication algorithm support
7.2rc1 ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets
7.2rc1 ovpn - added option to send disconnect message in UDP mode
7.2rc1 pppoe - added option to configure "host-uniq" parameter
7.2rc1 pppoe - added option to ignore PADI messages with empty service name
7.2rc1 pptp - added insecure connection warning
7.2rc1 supout - added "port-controller" bridge section
7.2rc1 tr069-client - added support for wireless client uptime reporting
7.2rc1 wifiwave2 - added support for handling disconnect request messages from RADIUS servers
7.2rc1 winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package
7.2rc1 winbox - added "TLS Version" parameter for "Interface/OVPN"
7.2rc1 winbox - added "VRF" parameter for "SSH" and "Telnet" menus
7.2rc1 winbox - added interface list support for "IP/Traffic Flow" menu
7.2rc1 winbox - added local/remote CPU load parameters for "Bandwidth Test"
7.2rc1 winbox - added support for "Tool/Speedtest" menu
7.2rc1 winbox - added support for W60G align tool
7.2rc1 wireless - added information about client signal strength to log messages about disconnections
7.1rc6 lte - added AT chat support for Telit LN960
7.1rc6 route-filters - added "suppress-hw-offload" parameter
7.1rc5 bonding - added warning when using 802.3ad mode without MII link monitoring
7.1rc5 bridge - added HW offload support for vlan-filtering on MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP)
7.1rc5 certificate - added ability to choose the digest algorithm when generating a certificate
7.1rc5 lte - added "at-chat" support in MBIM mode for Simcom modems in USB composition mode 9003
7.1rc5 mpls - added ICMP handler (send ICMP ttl exceed on MPLS ttl expiry)
7.1rc5 quickset - added 5G signal quality information
7.1rc5 rpki - added "rpki-query" command
7.1rc5 ssl - added support for additional GCM_SHA384 ciphers
7.1rc5 traffic-flow - added systematic count-based packet sampling support
7.1rc5 vxlan - added default L2MTU value for improved connectivity in bridged setups
7.1rc5 winbox - added "netmap" action to IPv6 NAT rules
7.1rc5 winbox - added IPv6 support for "Network" parameter under "Routing/OSFP/Interface Templates" menu
7.1rc5 winbox - added missing IPv6 mangle actions - "mark-routing", "sniff-tzsp", "sniff-pc", "snpt" and "dnpt"
7.1rc5 winbox - added option to upgrade LTE firmware

gittubaba · Mon Oct 10, 2022 3:34 am

Something's not kosher with the way CNAME DNS results are handled in this version.
I noticed the same. The 7.6rc1 behaviour of putting extra A response records in responses for AAAA queries for CNAMEs confuses some common DNS client implementations. Windows and dig are not affected, but glibc and it seems FreeBSD are.

It seems like dns issue isn't 100% solved. But I say this without concrete proof, so apologies in advance. In windows and ubuntu its working fine. But in android I'm getting random ERR DNS RESOLV FAIL in random apps. Not always, and not in all apps. So can't really pinpoint it yet. So maybe most of the apps are compatible like glibc and windows, but some aren't?

Mon Oct 10, 2022 8:45 am

We are aware of the issues regarding the DNS cache and several LTE interfaces in this rc1 release. We are working on fixes and the rc2 release. So if your DNS service or LTE is failing, then we recommend downgrading your device to 7.5 until 7.6rc2 is released.

rpingar · Mon Oct 10, 2022 8:56 am

Moderator note: do not quote preceding post, use "Post Reply".

Strods when do you plan to increase shared memory for large bgp rotuing table?

thanks

peterforeman · Mon Oct 10, 2022 10:17 am

I have a new Samsung Smart TV and the internet setup wouldn't work. It was complaining about unstable internet connection, either wired or wireless. By changing the DNS server to something not-mikrotik (like 1.1.1.1) it immediately started working. I also have problems with MongoDB SRV records where golang is not able to resolve these entries ("cannot unmarshal"). Changing the DNS, again, solves the problem. This does not only seem to be a 7.6rc1 problem but something's definitely wrong with the DNS resolver.

fragtion · Mon Oct 10, 2022 1:48 pm

Moderator note: do not quote preceding post, use "Post Reply".

I wonder what was changed that caused such disruptions to dns operation? .. I'm sticking with 7.6beta4 / 7.6beta6 until these dns issues and container permissions problems are confirmed to be fixed. Hopefully we get a promising new build to test again soon

Mon Oct 10, 2022 1:56 pm

rpingar - Please keep this topic related to the version. It is in our plans, however, we can not provide any ETA. Unfortunately, it is not as simple as increasing the limit by changing its max value.

hecatae · Mon Oct 10, 2022 2:51 pm

Working fine on a Chateau LTE12

pe1chl · Mon Oct 10, 2022 4:05 pm

In this version will be implemented the Router Advertisement Guard (RA Guard)?

Would it not be possible to implement that yourself using a clever bridge (or switch) filter?
That is most likely what those higher-level implementations do anyway. They make it easier by constructing the proper filter for you depending on the role you define for the port.

osc86 · Mon Oct 10, 2022 8:09 pm

wireguard peer rx/tx counters reset to 0 at 4GB

Mon Oct 10, 2022 8:23 pm

Oh, is that new ?
Might be an older bug.
I haven't really paid attention to it yet but I have a daily copy job of about 5 to 6 Gb using 7.5 and must say I was already wondering a couple of times why those counters are not way higher.
But the connection works so I don't really care.

mkx · Mon Oct 10, 2022 8:40 pm

It's nice none the less ... unsigned 32-bit integer. Could have been signed, which would wrap from 2GB to -2GB.

Mon Oct 10, 2022 8:43 pm

Nah... then someone would have seen this a lot sooner.

Chupaka · Tue Oct 11, 2022 1:42 pm

Well, they are actually negative in MikroTik App for Android

I already reported that several months ago...

pe1chl · Tue Oct 11, 2022 3:41 pm

Frankly I cannot understand why someone today would implement a byte counter with less than 64 bits...
In RouterOS v6 there are even some counters that internally are 64 bits, but when read using e.g. SNMP or IPFIX (Netflow) suddenly they are treated as 32 bits.
I would hope that this has been fixed in v7 (not yet checked it)....

connectlife · Tue Oct 11, 2022 6:23 pm

Hi, is it normal that in BGP sessions the prefix count is always 0? It seemed to me it was fixed in 7.6 beta10 or am I wrong?

pe1chl · Tue Oct 11, 2022 6:47 pm

moderator note: do not quote whole preceding mail. Use "Post Reply" instead.

It is not correct, but it is considered to be "normal" for v7.x... hopefully it will be fixed some time. Certainly it has not been fixed in beta10.
(there is another related feature but it is not the prefix count)

Paternot · Wed Oct 12, 2022 12:41 am

Isn't it command line only? I think I've read something about it...

connectlife · Wed Oct 12, 2022 10:16 am

moderator note: do not quote whole preceding mail. Use "Post Reply" instead.

I didn't even find the command from the CLI .. it's amazing that you can't see the number of routes of a BGP peer!

pe1chl · Wed Oct 12, 2022 11:20 am

moderator note: do not quote whole preceding mail. Use "Post Reply" instead.

Well, it is possible to see it but it is a manual command you need to run to see the number at that time. Scan the route table to find the routes via that peer, and count them.
Like this:
/routing/route/print where belongs-to=bgp-IP-xx.xx.xx.xx
Now you get a list of routes via some BGP peer.
However, you will have to count them manually, because when you do this:
/routing/route/print count-only where belongs-to=bgp-IP-xx.xx.xx.xx
It will always print 0. Another bug, I think.

What we of course expect is a column in the sessions window that shows this number dynamically updated.
The column is there (Prefix count) but it is always zero because this number of prefixes is not kept in a variable in the new BGP, it would have to be calculated by walking the route table, which would be inefficient to do all the time in the background.

Rox169 · Wed Oct 12, 2022 12:19 pm

one week gone and no RC2 :/ it takes time to polish it :)

emils · Wed Oct 12, 2022 12:54 pm

What's new in 7.6rc2 (2022-Oct-11 17:51):

*) bgp - added support for BGP advertisement displaying (CLI only);
*) certificate - improved certificate management, signing and storing processes;
*) dns - fixed DNS answer of cached CNAME entries (introduced in v7.6beta10);
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) wifiwave2 - fixed enabling of unconfigured interfaces;

Rox169 · Wed Oct 12, 2022 1:19 pm

good timing...lucky us I wrote it :)

theosoft · Wed Oct 12, 2022 1:37 pm

Still have partition problems on RB5009. Also netinstall doesn't help.
viewtopic.php?p=944201&hilit=partition#p944201

regards

Wed Oct 12, 2022 3:22 pm

/routing/bgp/advertisements/print

Sanity has prevailed !

Thank you Mikrotik staff.

Wed Oct 12, 2022 3:31 pm

Still have partition problems on RB5009. Also netinstall doesn't help.
viewtopic.php?p=944201&hilit=partition#p944201

regards

Partitions work on v7.6rc2 and 5009, please contact support.

eddieb · Wed Oct 12, 2022 3:36 pm

Still no fix for the USB problems

mszru · Wed Oct 12, 2022 4:25 pm

Detect Internet feature does not work after the reboot and as far as I remember never worked well in 7.x.
And the issue of the socks server being unresponsive is still there. It can be detected by setting up a tcp-conn netwatch as shown below. While using the socks server Failed Tests counter increases.

2022-10-12 socks netwatch.png

nkourtzis · Wed Oct 12, 2022 5:54 pm

What's new in 7.6rc2 (2022-Oct-11 17:51):

[...]
*) dns - fixed DNS answer of cached CNAME entries (introduced in v7.6beta10);
[...]

Still the resolver does not resolve all the way to the A record if there are nested CNAMEs. For example let's say that there are the following records:

name1.domain1.com CNAME name2.domain2.com

name2.domain2.com CNAME name3.domain3.com

name3.domain3.com A XXX.XXX.XXX.XXX

In such a case, when name1.domain1.com is requested by a client, the successive CNAMEs are retrieved and cached, but the A record is not retrieved at all. If you force the router to retrieve it by, say, pinging name3.domain3.com then the A record is cached and name resolution works as expected.

own3r1138 · Wed Oct 12, 2022 6:41 pm

Its okay on V7.5.

2022-10-12_19-08-46.jpg

rb9999 · Wed Oct 12, 2022 6:46 pm

... and no fix for arp-ping :(

Jotne · Wed Oct 12, 2022 7:46 pm

Please when you complain that some does not work, post a link to original post on this forum and support ticked used to report it at MikroTik.

rb9999 · Wed Oct 12, 2022 9:19 pm

Pardon my ignorance. Regarding broken arp-ping...
viewtopic.php?t=181199
viewtopic.php?p=910384#p910384
Ticket - SUP-94868
... and possibly more

bma · Wed Oct 12, 2022 10:33 pm

Still have partition problems on RB5009. Also netinstall doesn't help.
viewtopic.php?p=944201&hilit=partition#p944201

If you are running containers, try stopping them and removing all VETH interfaces before /partitions/copy-to. I've seen similar errors when VETH interfaces exist. SUP-87868 was filed on 7/23 and MT was able to reproduce it.

viewtopic.php?t=178342&start=300#p949651

Chaosphere64 · Wed Oct 12, 2022 11:23 pm

Detect Internet feature does not work after the reboot and as far as I remember never worked well in 7.x.
And the issue of the socks server being unresponsive is still there. It can be detected by setting up a tcp-conn netwatch as shown below. While using the socks server Failed Tests counter increases.
2022-10-12 socks netwatch.png

Detect Internet feature is broken for a long period of time now. My first report was in April 2022 (SUP-80518). Maybe in an upcoming release.

ahmdzaki · Thu Oct 13, 2022 7:48 am

L3HW with multiple eBGP private AS still bug when one or more links goes down.
like somehow when deleting or adding prefixes not working until you disable and reenable l3hw on switch.

SUP-94904

Thu Oct 13, 2022 8:18 am

eddieb - Was something broken related to USB in specifically v7.6? Please keep this topic related to version. If the issue is not related to particular version, then please create a support ticket.
mszru, rb9999 - As mentioned multiple times in the forum, we are aware of these issues and it is in our to-do list to resolve them in the upcoming versions. Also these issues has nothing to do with 7.6.
nkourtzis - We are looking into this, however, reagarding the DNS service 7.6rc2 should work the same as v7.5 now.
own3r1138 - Thank you! We managed to reproduce the issue and are working on a fix for it!
bma - We will try to reproduce the same problem in our lab.
ahmdzaki - Thank you for your ticket, we will look into this!

eddieb · Thu Oct 13, 2022 8:44 am

strods - see viewtopic.php?t=189654 support ticket is created. UPS and WOOBM are not working in 7.5 my comment was to point that there is stil no fix for this in the changelog

Thu Oct 13, 2022 9:24 am

eddieb - Changelog did not list any changes that the issue would be solved. We will do our best to solve the issue as soon as possible. Meanwhile please keep this topic strictly related to the issues that are introduced between 7.5 and 7.6rc. The main reason why we create these release topics is to find out what was broken since the previous release.
nkourtzis - We can not seem to reproduce this problem. Can you please create a support ticket so we can discuss this directly?
theosoft - The issue is reproduced now and we will try to fix it as soon as possible

Thu Oct 13, 2022 10:00 am

own3r1138 - we might have found a bit different issue, please contact support regarding this.

theosoft · Thu Oct 13, 2022 10:55 am

theosoft - The issue is reproduced now and we will try to fix it as soon as possible

Sounds good... :-)

Addionatly i have seen still strange percentage during copy progress.
viewtopic.php?p=955173#p955173

Edit:

I can confirm. It is related to VETH.
viewtopic.php?t=189730#p961543

I deleted my VETH (RC2) and tried to repartioning. --> No boot --> Netinstall RC2
Fresh installation, partioning is OK!
Configured containers including VETH --> No copy of partion possible
Deleted VETH --> copy starts working again...

Good catch BMA ! Is it related to /dev in the filesystem ?? Strange

hecatae · Thu Oct 13, 2022 11:22 am

rc2 working fine on rb2011 and rb750gr3 in typical office environments.

pe1chl · Thu Oct 13, 2022 11:35 am

Detect Internet feature is broken for a long period of time now. My first report was in April 2022 (SUP-80518). Maybe in an upcoming release.

One would hope that it would be removed, being a failed experiment that never had any use and potentially caused problems.

Rox169 · Thu Oct 13, 2022 2:58 pm

Stable release today? :)

own3r1138 · Thu Oct 13, 2022 4:31 pm

own3r1138 - we might have found a bit different issue, please contact support regarding this.

Hi,
I raised a ticket, SUP-94961.

Thank you.

emils · Fri Oct 14, 2022 3:21 pm

What's new in 7.6rc3 (2022-Oct-14 12:44):

*) certificate - improved certificate management, signing and storing processes;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;

own3r1138 · Fri Oct 14, 2022 3:35 pm

*) certificate - improved certificate management, signing, and storing processes;

Thank you. I hope this new release will resolve the TLS failure in OVPN too.

2022-10-14_16-02-37.jpg

armandfumal · Fri Oct 14, 2022 7:15 pm

CCR2216, BGP Adverts is ok in RC1
2 feed with full table...

Since RC2 and RC3, entry is moved to /routing/bgp /advertisements.
When I try a print, routing process is used all core and CPU is at 70% for a long time, nothing append, but free memory fall from 15Gb constantly, after 4 mins with free memory value at 6Gb left I decided do downgrade to RC1 before to have no more memory...(not on site).
I revert to rc1...

RavenWing71 · Sat Oct 15, 2022 2:48 am

OSPFv3 seems to be creating extra invalid route entries for local interfaces. See viewtopic.php?t=189285
SUP-95111

[admin@Test MTik] > ipv6/route print detail 
Flags: D - dynamic; X - disabled, I - inactive, A - active; c - connect, s - static, r - rip, b - bgp, o - ospf, d - dhcp, v - vpn, m - modem, y - copy; 
H - hw-offloaded; + - ecmp 
   DIoH  dst-address=2001:db8::/64 routing-table=main gateway=ether5 distance=110 scope=20 target-scope=10 ospf-metric=1 ospf-type=(unknown)
   DAc   dst-address=2001:db8::/64 routing-table=main gateway=ether5 immediate-gw=ether5 distance=0 scope=10 
   DIoH  dst-address=2001:db8:0:10::/64 routing-table=main gateway=ether10 distance=110 scope=20 target-scope=10 ospf-metric=1 ospf-type=(unknown) 
   DAc   dst-address=2001:db8:0:10::/64 routing-table=main gateway=ether10 immediate-gw=ether10 distance=0 scope=10 
[...]

mducharme · Sat Oct 15, 2022 3:11 pm

OSPFv3 seems to be creating extra invalid route entries for local interfaces. See viewtopic.php?t=189285

This is normal behaviour on RouterOS v7 as far as I can determine. I don't believe this is a bug exactly. MPLS also creates additional inactive routes similar to this.

manojlovicl · Sun Oct 16, 2022 12:29 am

*) netwatch - fixed string variable values in script;

Colleagues, can you please implement the option to declare host down only after some failed checks? So can Failed tests be used as trigger for Down? That would be great.

Luka

ivicask · Sun Oct 16, 2022 12:21 pm

I was importing certs on RC3 for NextDNS (/tool fetch url=https://curl.se/ca/cacert.pem) and i noticed this error, is this related to cert changes?

pe1chl · Sun Oct 16, 2022 1:29 pm

Colleagues, can you please implement the option to declare host down only after some failed checks? So can Failed tests be used as trigger for Down? That would be great.

Well, that is implemented as part of the ICMP check type. So when using "ping" to monitor a host it can be configured.
Considering it again, probably it should have been made a "toplevel" handling that applies to all check types.

depth0cert · Mon Oct 17, 2022 1:36 am

*) certificate - improved certificate management, signing and storing processes;

[admin@MikroTik] > /certificate add name="r1-ca" common-name="r1-ca" subject-alt-name="email:r1-ca" key-size=2048 key-usage=key-cert-sign,crl-sign
[admin@MikroTik] > /certificate sign "r1-ca"
  progress: done

[admin@MikroTik] > /certificate add name="r1" common-name="192.168.2.1" subject-alt-name="IP:192.168.2.1" key-size=2048 key-usage=digital-signature,content-commitment,key-encipherment,key-agreement,tls-server
[admin@MikroTik] > /certificate sign "r1" ca="r1-ca"
  progress: done

[admin@MikroTik] > /certificate export-certificate r1-ca file-name=r1-ca export-passphrase=passphrase type=pem
[admin@MikroTik] > /certificate export-certificate r1 file-name=r1 export-passphrase=passphrase type=pkcs12
[admin@MikroTik] > /certificate/remove r1-ca
[admin@MikroTik] > /certificate/import file-name="r1-ca.crt" name="r1-ca" passphrase="passphrase"
     certificates-imported: 1
     private-keys-imported: 0
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0

[admin@MikroTik] > /certificate/import file-name="r1.p12" name="r1" passphrase="passphrase"
     certificates-imported: 1
     private-keys-imported: 1
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0

[admin@MikroTik] > /caps-man/manager/set ca-certificate=r1-ca certificate=r1 enabled=yes require-peer-certificate=yes
input does not match any value of ca-certificate

With a fresh clean installation of 7.6beta8 this works, on 7.6beta10, 7.6rc1, 7.6rc2, 7.6rc3 it does not. What are the requirements for certificates now? SUP-95194

Mon Oct 17, 2022 1:16 pm

own3r1138 - Please send a supout file from your router running v7.6 where such functionality would not be working although it did work in v7.5.
ivicask - It seems that this is not related to 7.6 and did not work also in earlier versions. We are looking into it, however, this issue is not related to 7.6.
depth0cert - You need to import not only the certificate but also the key. Then certificate will work with CAPsMAN.

depth0cert · Mon Oct 17, 2022 1:38 pm

depth0cert - You need to import not only the certificate but also the key. Then certificate will work with CAPsMAN.

I not want save CA private key, in my case the certificate is used only for verification.
On 7.6beta8 its works without issue. I have opened a ticket SUP-95194.

emils · Mon Oct 17, 2022 2:48 pm

You do not need to specify the ca-certificate in that case. The ca-certificate field is used only for new dynamic certificate generation. Verification is performed against the whole certificate store regardless of what is set under the ca-certificate field.

buset1974 · Mon Oct 17, 2022 3:19 pm

Please check this PE-CE BGP issue SUP-79812
Ticket open since mar 2022
And also PE-CE BGP multihoming issue SUP-3085
problem reported since 2019

thx

own3r1138 · Mon Oct 17, 2022 3:24 pm

own3r1138 - Please send a supout file from your router running v7.6 where such functionality would not be working although it did work in v7.5.

Hello,
I raised a new ticket, SUP-95262.

Thank you.

mmc · Mon Oct 17, 2022 6:05 pm

*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;

qsfp 4 x breakout cables still don't work - ccr2116 qsfp to original mikrotik breakout cable 'Q+BC0003-S+' still has no link. last known working version was ros 7.2.3. all other versions after 7.2.3 just don't have a stable link anymore.

reported on every release with a ticket - last was [SUP-95119]

emils · Tue Oct 18, 2022 11:49 am

New version v7.6 has been released!

viewtopic.php?t=190072