Community discussions

MikroTik App
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

v7.7beta [testing] is released!

Wed Oct 26, 2022 4:38 pm

RouterOS version 7.7beta3 has been released "v7 testing" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.7beta3 (2022-Oct-26 11:31):

*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.
 
wispmikrotik
Member Candidate
Member Candidate
Posts: 144
Joined: Tue Apr 25, 2017 10:43 am

Re: v7.7beta [testing] is released!

Wed Oct 26, 2022 4:48 pm

Very thanks!
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.7beta [testing] is released!

Wed Oct 26, 2022 5:39 pm

RouterOS version 7.7beta3 has been released "v7 testing" channel!

*) certificate - improved certificate management, signing and storing processes;
SUP-95194 On clean fresh install 7.7beta3 it is reproduced. Please, fix it.
I not want save private key of CA in RouterOS. In 7.6beta8 its worked.
[admin@MikroTik] > /certificate add name="r1-ca" common-name="r1-ca" subject-alt-name="email:r1-ca" key-size=2048 key-usage=key-cert-sign,crl-sign
[admin@MikroTik] > /certificate sign "r1-ca"
  progress: done

[admin@MikroTik] > /certificate add name="r1" common-name="192.168.2.14" subject-alt-name="IP:192.168.2.14" key-size=2048 key-usage=digital-signature,content-commitment,key-encipherment,key-agreement,tls-server
[admin@MikroTik] > /certificate sign "r1" ca="r1-ca"
  progress: done

[admin@MikroTik] > /certificate export-certificate r1-ca file-name=r1-ca export-passphrase=passphrase type=pem
[admin@MikroTik] > /certificate export-certificate r1 file-name=r1 export-passphrase=passphrase type=pkcs12
[admin@MikroTik] > /certificate/remove r1-ca
[admin@MikroTik] > /certificate/import file-name="r1-ca.crt" name="r1-ca" passphrase="passphrase"
     certificates-imported: 1
     private-keys-imported: 0
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0

[admin@MikroTik] > /certificate/import file-name="r1.p12" name="r1" passphrase="passphrase"
     certificates-imported: 1
     private-keys-imported: 1
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0

[admin@MikroTik] > /caps-man/manager/set ca-certificate=r1-ca certificate=r1 enabled=yes require-peer-certificate=yes
input does not match any value of ca-certificate
Last edited by depth0cert on Wed Oct 26, 2022 5:55 pm, edited 1 time in total.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v7.7beta [testing] is released!

Wed Oct 26, 2022 5:41 pm

Your configuration is invalid, I already explained it to you in 7.6rc topic.
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7beta [testing] is released!

Wed Oct 26, 2022 5:46 pm

is this fixing [SUP-81652] about crash of bgp process that saturated 4gb shared memory?
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;

so now the shared memory allow 4GB for each process?
right?
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.7beta [testing] is released!

Wed Oct 26, 2022 6:21 pm

Your configuration is invalid, I already explained it to you in 7.6rc topic.
I don't understand why if p12 of CA is used in new ROS - the "ca-certificate" works. But if only the cert of CA is used - it does not work.
What is the case of the ca-certificate key in /caps-man/manager/? Is the "ca-certificate" parameter deprecated (if it is not necessary to specify it in my case)? I'm sorry, it's not entirely logical.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v7.7beta [testing] is released!

Wed Oct 26, 2022 6:44 pm

P12 is a certificate bundle and consists of the whole chain of trust including private key for the host certificate.
The "ca-certificate" parameter for CAPsMAN is used for new certificate distribution (signing) for newly added CAPs with dynamic certificate generation enabled. To sign new certificates, private key for the CA certificate is required. Thus you can not specify a CA certificate in CAPsMAN config without a private key.
Validation of existing CAP certificates does not require the private key for the CA certificate, nor the CA certificate to be configured under the "ca-certificate" parameter. The validation is performed against the whole Certificate store just like it is in any other system or service.
 
fabeni
just joined
Posts: 1
Joined: Thu Oct 20, 2022 9:57 pm

Re: v7.7beta [testing] is released!

Thu Oct 27, 2022 3:37 pm

Good Morning
We were testing with the CCR2116 using it for PPPoE, we got 2400 connections, we had some problems....
CPU rising to 100% with 2GB of traffic
PPPoE disconnecting in bulk
Simple Queue not being removed and not allowing pppoe to reconnect because it said it already had a simple queue running.
We had to take out the CCR2116 and put the CCR1036 in place.
In version 7.7 beta, I didn't see anything talking about PPPoE, was something done?
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.7beta [testing] is released!

Thu Oct 27, 2022 9:56 pm

fabeni - Which version did you test before? It sounds like an issue solved in 7.6 "ppp - improved service stability when multiple users disconnect simultaneously". If you did still experience a such problem with 7.6 or 7.7, then please send supout to support@mikrotik.com.
 
fabeni
just joined
Posts: 1
Joined: Thu Oct 20, 2022 9:57 pm

Re: v7.7beta [testing] is released!

Thu Oct 27, 2022 11:42 pm

Strods.
tests performed on 7.5 and 7.6 both had the same problems.
A ticket was opened with the support file in my mikrotik account
 
theosoft
just joined
Posts: 10
Joined: Fri Jan 27, 2017 5:48 pm

Re: v7.7beta [testing] is released!

Fri Oct 28, 2022 9:53 am

*) filesystem - fixed repartition on devices with containers;
Seems ok!

Now containering starts :-)
1. Adguard home with ssh --> ok!
2. Openspeedtest with ssh --> ok!
3. FreePBX missing till now .... ongoing
Nice

Thanks
Last edited by theosoft on Fri Oct 28, 2022 11:49 am, edited 1 time in total.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v7.7beta [testing] is released!

Fri Oct 28, 2022 10:19 am

What's new in 7.7beta4 (2022-Oct-27 09:00):

*) conntrack - improved system stability when PPTP helper is used;
*) hotspot - fixed maximum allowed connections limitation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) ospf - fixed MD5 checksum calculation;
*) sfp - added 2.5G SFP module support for RB5009;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7beta [testing] is released!

Fri Oct 28, 2022 11:29 am

is this fixing [SUP-81652] about crash of bgp process that saturated 4gb shared memory?
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;

so now the shared memory allow 4GB for each process?
right?
any answer?
 
Rox169
Member
Member
Posts: 467
Joined: Sat Sep 04, 2021 1:47 am

Re: v7.7beta [testing] is released!

Fri Oct 28, 2022 2:04 pm

Hi,
im just wonderng if we can expect 802.11 k support? This is the latest missing....
 
User avatar
FToms
MikroTik Support
MikroTik Support
Posts: 90
Joined: Fri Jul 24, 2020 3:28 pm

Re: v7.7beta [testing] is released!

Fri Oct 28, 2022 2:41 pm

Hi,
im just wonderng if we can expect 802.11 k support? This is the latest missing....
Support for 802.11k for the wifiwave2 package was introduced in RouterOS 7.5
 
haedertowfeq
just joined
Posts: 15
Joined: Thu Nov 19, 2020 5:58 pm

Re: v7.7beta [testing] is released!

Fri Oct 28, 2022 3:16 pm

FToms
What about 802.11v🤔
 
User avatar
FToms
MikroTik Support
MikroTik Support
Posts: 90
Joined: Fri Jul 24, 2020 3:28 pm

Re: v7.7beta [testing] is released!

Fri Oct 28, 2022 3:35 pm

802.11v has not yet been implemented.
It is a large ammendment, so suggestions on which features of it users are most interested in would be welcome. If you have such suggestions, please make a dedicated thread or a support ticket.
 
User avatar
own3r1138
Forum Veteran
Forum Veteran
Posts: 727
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: v7.7beta [testing] is released!

Fri Oct 28, 2022 3:56 pm

@fabeni
Simple Queue is not being removed and not allowing PPPoE to reconnect because it said it already had a simple queue running.
Is this similar to your problem?
asd.jpg
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Fri Oct 28, 2022 5:18 pm

Do you really think you can silence the people asking for BFD by deleting their comments?
The lack of BFD is the main reason blocking an upgrade from v6 to v7 for me and many others.
We NEED it to be worked on. Really worked on. Not only claimed it is a "work in progress".
 
fabeni
just joined
Posts: 1
Joined: Thu Oct 20, 2022 9:57 pm

Re: v7.7beta [testing] is released!

Fri Oct 28, 2022 6:03 pm

@own3r1138
Exactly, this happened with 2400 concurrent clients and the simple queue could not be removed.
 
fabeni
just joined
Posts: 1
Joined: Thu Oct 20, 2022 9:57 pm

Re: v7.7beta [testing] is released!

Fri Oct 28, 2022 6:08 pm

@own3r1138
What I find strange is that this kind of PPPoE problem did not exist in versions 6.x
Because it is something used all over the world, it should be given some importance to correct it, I believe they are focused on the routing part that they forgot the PPPoE part
 
User avatar
sirbryan
Member
Member
Posts: 400
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.7beta [testing] is released!

Fri Oct 28, 2022 8:34 pm

802.11v has not yet been implemented.
It is a large ammendment, so suggestions on which features of it users are most interested in would be welcome. If you have such suggestions, please make a dedicated thread or a support ticket.
Posted:

viewtopic.php?t=190436

Based on Apple's points outlined here: https://support.apple.com/en-us/HT202628
 
User avatar
own3r1138
Forum Veteran
Forum Veteran
Posts: 727
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: v7.7beta [testing] is released!

Fri Oct 28, 2022 8:44 pm

@fabeni
I have three CHRs currently running V 7.6 with the same configuration. This one is the busiest, which I run into a problem with. Since @strods asked for a supout, I will raise a ticket as soon as the issue occurs again. I urge you to do the same, please.
 
fabeni
just joined
Posts: 1
Joined: Thu Oct 20, 2022 9:57 pm

Re: v7.7beta [testing] is released!

Fri Oct 28, 2022 11:43 pm

@own3r1138
I already opened a support with the file and sent it by email
 
cklee234
newbie
Posts: 44
Joined: Tue Sep 29, 2020 6:49 am

Re: v7.7beta [testing] is released!

Sat Oct 29, 2022 4:13 pm

Encountered issues in CAPsMan
No 5G wireless in the AP
Reverted back to 7.6 ok
 
cklee234
newbie
Posts: 44
Joined: Tue Sep 29, 2020 6:49 am

Re: v7.7beta [testing] is released!

Sat Oct 29, 2022 4:14 pm

Also still no support for intelligent i225-V ethernet interface

Looking forward to have this in upcoming beta
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7beta [testing] is released!

Sat Oct 29, 2022 7:57 pm

@fabeni
Simple Queue is not being removed and not allowing PPPoE to reconnect because it said it already had a simple queue running.
Is this similar to your problem?
asd.jpg
we are experiencing the same with pppoe on x86 platform, around 5000 vlan with 5000 ppposerver (one for each client) over them.
some time the simple queue got not removed when the client disconnect. The only way to recover is to reboot it.

regards
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7beta [testing] is released!

Sun Oct 30, 2022 3:21 am

One PPPoE server and VLAN for each client? What is the purpose of such a complicated setup?
 
User avatar
loloski
Member
Member
Posts: 420
Joined: Mon Mar 15, 2021 9:10 pm

Re: v7.7beta [testing] is released!

Sun Oct 30, 2022 3:29 am

@mduchame

Most likely is for the broadcast storm mitigation, i might be wrong but that's the only logical explanation i can think off.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7beta [testing] is released!

Sun Oct 30, 2022 4:14 am

There are usually other ways of handling that without resorting to making a VLAN per customer.
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7beta [testing] is released!

Sun Oct 30, 2022 5:28 am

There are usually other ways of handling that without resorting to making a VLAN per customer.
this is the way OF and TIM deliver access customer to isp in Italy
Last edited by rpingar on Sun Oct 30, 2022 9:03 am, edited 1 time in total.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7beta [testing] is released!

Sun Oct 30, 2022 7:45 am

*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
This new feature seems to be listing MNDP for everything, including my Windows desktop (which is sending LLDP but I doubt Microsoft programmed an MNDP client in there). The LLDP and CDP detection seems to be working though.
 
hecatae
Member Candidate
Member Candidate
Posts: 247
Joined: Thu May 21, 2020 2:34 pm

Re: v7.7beta [testing] is released!

Sun Oct 30, 2022 7:12 pm

Beta4 successfully installed on a Chateau LTE12.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6762
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7beta [testing] is released!

Sun Oct 30, 2022 7:18 pm

Dito on Sxt lte6
 
User avatar
jbl42
Member Candidate
Member Candidate
Posts: 225
Joined: Sun Jun 21, 2020 12:58 pm

Re: v7.7beta [testing] is released!

Sun Oct 30, 2022 7:36 pm

*) sfp - added 2.5G SFP module support for RB5009;
Thanks. If AutoNeg is disabled and speed fixed to 2.5GB, it works with an ISP provided PON-ONT in RB5009 SFP+ port.
 
dg1kwa
just joined
Posts: 19
Joined: Tue Aug 17, 2010 12:32 pm
Location: Monheim

Re: v7.7beta [testing] is released!

Sun Oct 30, 2022 9:21 pm

DOM/DDM still not work on my RB760iGS (hex S)
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1352
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.7beta [testing] is released!

Sun Oct 30, 2022 9:48 pm

And it is still not mentioned to be fixed.
 
User avatar
Maggiore81
Trainer
Trainer
Posts: 600
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: v7.7beta [testing] is released!

Mon Oct 31, 2022 6:25 am

Anyone encountered the issue with l3-hw that some routes stop being reached? The solution is to stop and start again l3-hw ?
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.7beta [testing] is released!

Mon Oct 31, 2022 7:41 am

rpingar - Yes. these changes should allow routing processes to consume more than 2 GB of RAM
Rox169 - Please keep these version topics related to the issues introduced in the particular release. These are not meant for feature requests.
own3r1138, fabeni, rpingar - Yes, this seems to be the same problem as mentioned above. Please send supout to support@mikrotik.com. Unfortunately, it is not as simple as creating a PPPoE server with more than X users and it will crash. Some particular timing or feature set must be used, which is why we need to debug your "bad" setups to resolve these issues. As for simple queues - since 7.5 you can not delete dynamic queues at all. That is why they are dynamic. In order to remove them, they must be disabled on a particular service that adds them.
pe1chl - We are well aware of the requests about BFD and it is still a work in progress. Please remember that these are version release topics in order to find out what was "broken" in a particular release. Not for repeated feature requests.
cklee234 - Please send supout file to support@mikrotik.com. Generate it when CAP has tried to connect to the CAPsMAN but was not able to do so.
cklee234 - Please keep these version topics related to the issues introduced in the particular release.
mducharme - Yes, LLDP support has been there for a while now and RouterOS under IP/Neighbo list can also show other installations, besides RouterOS.
dg1kwa - Yes, the issue with RB760 SFP modules is a known problem and will be solved as soon as possible.
Maggiore81 - Please send supout ifle to support@mikrotik.com. Generate it when these routes are not marked as reachable, although they should be reachable.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7beta [testing] is released!

Mon Oct 31, 2022 7:56 am

mducharme - Yes, LLDP support has been there for a while now and RouterOS under IP/Neighbo list can also show other installations, besides RouterOS.
Yes, I know this, that isn't what I mean. I mean RouterOS shows for my Windows system "discovered by: MNDP, LLDP". I don't think Microsoft has built an MNDP stack into Windows, so I think this is incorrect. I do know Windows is sending LLDP packets, but it appears every device shows as discovered by MNDP even if it isn't sending MNDP packets.

RouterOS does seem to be able to properly identify which neighbors are sending LLDP and CDP properly and so the "discovered by" is accurate for those two protocols, but to me it does not make much sense to show "discovered by MNDP" for devices that are not sending MNDP in the first place.
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7beta [testing] is released!

Mon Oct 31, 2022 8:12 am

rpingar - Yes. these changes should allow routing processes to consume more than 2 GB of RAM
this is not going to fix the issue on my ticket.
Above a certain routes/peeer we still get unstable (hold time expire) peers, when reestabilsihed it is unable to load more then 7-9k messages from a peer then reset again.
ticket update with supout and logs.
the strange thing is that now the router doesn't crash the routing but more dangerous it reboot itself with the message:
oct/30/2022 10:36:52 system,error,critical router rebooted without proper shutdown, probably power outage

also we still get a lot of this logs:
07:20:00 route,bgp,info Write to bgp failed (32) { #buf=1 max=64 sk=Socket{ 555 a } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=2 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=3 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=4 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=5 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=6 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=7 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=8 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=9 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=10 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=11 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=12 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=13 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=14 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=15 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (32) { #buf=1 max=64 sk=Socket{ 573 a } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=2 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=3 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=4 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=5 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=6 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=7 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=8 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=9 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=10 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=11 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=12 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=13 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=14 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=15 max=64 sk=Socket{ -1 } }

regards
 
dg1kwa
just joined
Posts: 19
Joined: Tue Aug 17, 2010 12:32 pm
Location: Monheim

Re: v7.7beta [testing] is released!

Mon Oct 31, 2022 9:08 am

And it is still not mentioned to be fixed.
how long allready? With ROS6 all fine and ROS7 is now at V7.6 :(
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7beta [testing] is released!

Mon Oct 31, 2022 9:17 am

in beta4 there is also a problem about rpki log showing in winbox.
attached the winboxlog.

here the cli log:
08:04:36 route,rpki,info Session { validator 83.229.8.211:3323 Sync } state change to Prepare
08:04:36 route,rpki,info Session { validator 83.229.8.211:3323 Prepare } send serial query version: 1 id: 33428 serial: 98
08:04:36 route,rpki,info Group validator cache update start
08:04:36 route,rpki,info Session { validator 83.229.8.211:3323 Prepare } state change to Loading
08:04:36 route,rpki,info Group validator cache update done
08:04:36 route,rpki,info Session { validator 83.229.8.211:3323 Loading } sync update serial: 99
08:04:36 route,rpki,info Session { validator 83.229.8.211:3323 Loading } state change to Sync


seems that the order of logs is inverse
You do not have the required permissions to view the files attached to this post.
 
EdPa
MikroTik Support
MikroTik Support
Posts: 340
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

Re: v7.7beta [testing] is released!

Mon Oct 31, 2022 9:54 am

mducharme - Yes, LLDP support has been there for a while now and RouterOS under IP/Neighbo list can also show other installations, besides RouterOS.
Yes, I know this, that isn't what I mean. I mean RouterOS shows for my Windows system "discovered by: MNDP, LLDP". I don't think Microsoft has built an MNDP stack into Windows, so I think this is incorrect. I do know Windows is sending LLDP packets, but it appears every device shows as discovered by MNDP even if it isn't sending MNDP packets.

RouterOS does seem to be able to properly identify which neighbors are sending LLDP and CDP properly and so the "discovered by" is accurate for those two protocols, but to me it does not make much sense to show "discovered by MNDP" for devices that are not sending MNDP in the first place.
It does not show discovered by MNDP if the device is not actually sending MNDP. Your PC most likely got discovered by MNDP when you open a WinBox.
 
User avatar
armandfumal
Member Candidate
Member Candidate
Posts: 163
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: v7.7beta [testing] is released!

Mon Oct 31, 2022 11:14 am

rpingar - Yes. these changes should allow routing processes to consume more than 2 GB of RAM
this is not going to fix the issue on my ticket.
Above a certain routes/peeer we still get unstable (hold time expire) peers, when reestabilsihed it is unable to load more then 7-9k messages from a peer then reset again.
ticket update with supout and logs.
the strange thing is that now the router doesn't crash the routing but more dangerous it reboot itself with the message:
oct/30/2022 10:36:52 system,error,critical router rebooted without proper shutdown, probably power outage

also we still get a lot of this logs:
07:20:00 route,bgp,info Write to bgp failed (32) { #buf=1 max=64 sk=Socket{ 555 a } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=2 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=3 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=4 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=5 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=6 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=7 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=8 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=9 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=10 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=11 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=12 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=13 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=14 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=15 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (32) { #buf=1 max=64 sk=Socket{ 573 a } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=2 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=3 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=4 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=5 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=6 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=7 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=8 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=9 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=10 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=11 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=12 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=13 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=14 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=15 max=64 sk=Socket{ -1 } }

regards
I had this with version 7.5....fixed in 7.6b8, witch version do you use ?
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7beta [testing] is released!

Mon Oct 31, 2022 11:29 am

.......
CCR2216 - 7.7beta4, unfortunately beta8 is not available, with NOT updated bootloader because it needs a powercycle each time i upgrade it.
which platform do you use?
Last edited by BartoszP on Mon Oct 31, 2022 2:04 pm, edited 1 time in total.
Reason: removed excessive quotting
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1389
Joined: Tue Jun 23, 2015 2:35 pm

Re: v7.7beta [testing] is released!

Mon Oct 31, 2022 11:48 am

it is possible to do static name for the bgp-vpls, rather than create dynamic after any bounced?
 
connectlife
Member Candidate
Member Candidate
Posts: 101
Joined: Tue Sep 01, 2020 10:20 pm

Re: v7.7beta [testing] is released!

Mon Oct 31, 2022 1:34 pm

There are usually other ways of handling that without resorting to making a VLAN per customer.
this is the way OF and TIM deliver access customer to isp in Italy
Hi, that's not quite the case .. They send you the traffic on a collection SVLAN where they then encapsulate a Customer VLAN. In your BRAS server you just need to create a single PPPoE Server and bridge the SVLAN + CVLAN. Then you create an L2 rule where you block inbound traffic and only allow PPPoE and PPPoE Discover ...
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7beta [testing] is released!

Mon Oct 31, 2022 2:59 pm

good luck about it.
Last edited by BartoszP on Tue Nov 01, 2022 11:46 am, edited 1 time in total.
Reason: removed excessive quotting
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Mon Oct 31, 2022 5:33 pm

pe1chl - We are well aware of the requests about BFD and it is still a work in progress. Please remember that these are version release topics in order to find out what was "broken" in a particular release. Not for repeated feature requests.
Well, I do not consider this a "feature request", but more a "things that are broken in v7.x".
When a new 7.x beta is released and it again does not achieve feature parity with 6.49, that is something that needs to be worked on with more priority than new features of v7.
Only when v7 achieves full feature parity (for all except features that are officially abandoned) we can leave v6 behind.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1352
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.7beta [testing] is released!

Mon Oct 31, 2022 7:19 pm

But your spam is still annoying, like that guy with his socks problem.
It's not something that was working in previous 7.7 or 7.6 release and it broke in this beta release.
Nor is it something that was implemented in the previous release and it has bugs to squash.
So yeah, offtopic.
 
User avatar
armandfumal
Member Candidate
Member Candidate
Posts: 163
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: v7.7beta [testing] is released!

Mon Oct 31, 2022 7:58 pm

CCR2216 - 7.7beta4, unfortunately beta8 is not available, with NOT updated bootloader because it needs a powercycle each time i upgrade it.
which platform do you use?
@rpingar

2 x CCR2216 beta8 was 7.6 channel...no had anymore new issue since...
 
User avatar
own3r1138
Forum Veteran
Forum Veteran
Posts: 727
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: v7.7beta [testing] is released!

Mon Oct 31, 2022 9:26 pm

own3r1138, fabeni, rpingar - Yes, this seems to be the same problem as mentioned above. Please send supout to support@mikrotik.com.


Hello,
I raised a ticket, SUP-96432.

Thank you.
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7beta [testing] is released!

Tue Nov 01, 2022 1:27 am

CCR2216 - 7.7beta4, unfortunately beta8 is not available, with NOT updated bootloader because it needs a powercycle each time i upgrade it.
which platform do you use?
@rpingar

2 x CCR2216 beta8 was 7.6 channel...no had anymore new issue since...
7.6beta8 didn't work for me.
I have, on NAP routers, between 280 and 350 sessions each.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Tue Nov 01, 2022 7:29 pm

Sending a Route Refresh from a v6 router to a v7 router still results in the message: RECV RouteRefresh with invalid subtype: 0
Not new for this release but quite unfortunate as it results in routing instability when route filters are changed on a v6 router and refresh is requested.
Hopefully BGP can receive some love again!
 
Njumaen
Frequent Visitor
Frequent Visitor
Posts: 96
Joined: Wed Feb 24, 2016 8:41 pm
Location: Bielefeld, Germany
Contact:

Re: v7.7beta [testing] is released!

Tue Nov 01, 2022 8:06 pm

Maybe I found an issue with macsec and DHCP client.

When a macsec-interface is connected to a bridge, the DHCP-client on that bridge does not take the offers from the DHCP-server on the "other side". So I hat to add a static address and route.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1611
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: v7.7beta [testing] is released!

Tue Nov 01, 2022 11:05 pm

@Struds wrote:
pe1ch - We are well aware of the requests about BFD and it is still a work in progress. Please remember that these are version release topics in order to find out what was "broken" in a particular release. Not for repeated feature requests.

BFD is absolutely not what you call it a ”feature request”!

It's rather a very important piece of the v6 functional set that is still missing in v7.
Last edited by Larsa on Wed Nov 02, 2022 9:03 am, edited 3 times in total.
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 552
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v7.7beta [testing] is released!

Tue Nov 01, 2022 11:10 pm

this is the way OF and TIM deliver access customer to isp in Italy
Hi, that's not quite the case .. They send you the traffic on a collection SVLAN where they then encapsulate a Customer VLAN. In your BRAS server you just need to create a single PPPoE Server and bridge the SVLAN + CVLAN. Then you create an L2 rule where you block inbound traffic and only allow PPPoE and PPPoE Discover ...
I might be wrong, but you still need some sort of port isolation otherwise you might be targeted by some rogue pppoe traffic. Maybe you can control (L2) the pppoe discovery direction, I'm not sure about that and I should check. Do you have any insight ?
Our BRASes are Cisco (LAC) where we do L2TP towards a bunch of Mikrotiks (LNS) so we don't have the scenario above.
It would be amazing to have LAC capabilities in ROS .. at some time!
 
jangdong
just joined
Posts: 15
Joined: Sun Oct 11, 2020 1:58 am

Re: v7.7beta [testing] is released!

Wed Nov 02, 2022 2:39 am

What's new in 7.7beta4 (2022-Oct-27 09:00):

*) conntrack - improved system stability when PPTP helper is used;
*) hotspot - fixed maximum allowed connections limitation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) ospf - fixed MD5 checksum calculation;
*) sfp - added 2.5G SFP module support for RB5009;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
please add support:

sfp - added 2.5G SFP module support for RB4011, why not?
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7beta [testing] is released!

Wed Nov 02, 2022 7:47 am

I do not use BFD myself, but since it is a working feature in RouterOS v6 (at least for the most part), I hope MikroTik does not release a "long-term" RouterOS v7 version without it.

I still need a bunch of other bugs fixed before I can move certain routers to v7 myself.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Wed Nov 02, 2022 11:36 am

Well, in general I would hope that MikroTik put more priority in finishing the v6->v7 migration even when that reduces the priority on working on new features in v7.
We now are in the situation where many routers cannot be upgraded from v6 to v7 and that is not good, neither for the customer nor for MikroTik.
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7beta [testing] is released!

Wed Nov 02, 2022 4:27 pm

MT was able to fix the BGP issue on my router using a 7.99 release and soon the fixes will be available in 7.7beta.
thanks to all the MT team
 
User avatar
armandfumal
Member Candidate
Member Candidate
Posts: 163
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: v7.7beta [testing] is released!

Wed Nov 02, 2022 6:57 pm

cool
Last edited by BartoszP on Thu Nov 03, 2022 12:38 am, edited 1 time in total.
Reason: removed excessive quotting of preceding post
 
User avatar
Ullinator
just joined
Posts: 17
Joined: Tue Jun 08, 2021 12:53 pm
Location: North-West Germany

Re: v7.7beta [testing] is released!

Wed Nov 02, 2022 7:19 pm

Okay, updated 2x CRS326-24G-2S+ and 1x CRS328-24P-4S+ from 7.6 to 7.7Beta4 (ROS and FW).
After activating the IPv6 Hw Offloading in the Switch menu all switches start to reboot every few minutes spontaniously (Switch was rebooted without proper shutdown).
After deactivating this feature the problem has gone. All switches are configured with IPv4 and IPv6, but a connection was only possible with Layer 2 (MAC), so the whole IP-Stack was gone. No special configurations, only 2 VLANS, RSTP, that´s all.
All 3 switches are connected via SFP+ (1x Fiber and 2x Copper).
@MT: I´ve reported this problem also with ROS 7.6Beta, a ROS 7.7Alpha49 had similar problems.
I hope this problem can be fixed until to the stable version.
 
User avatar
clambert
Member Candidate
Member Candidate
Posts: 161
Joined: Wed Jun 12, 2019 5:04 am

Re: v7.7beta [testing] is released!

Wed Nov 02, 2022 7:58 pm

MT was able to fix the BGP issue on my router using a 7.99 release and soon the fixes will be available in 7.7beta.
thanks to all the MT team

What was the BGP issue fixed?
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7beta [testing] is released!

Wed Nov 02, 2022 8:41 pm

on a lot of sessions (more then 200) and with a lot of prefixes received (mpr then 2M) the router was not able to handle some session getting them disconnected by holdtimer expration.
regards
Last edited by BartoszP on Thu Nov 03, 2022 12:37 am, edited 1 time in total.
Reason: removed excessive quotting
 
hecatae
Member Candidate
Member Candidate
Posts: 247
Joined: Thu May 21, 2020 2:34 pm

Re: v7.7beta [testing] is released!

Wed Nov 02, 2022 10:49 pm

Well, in general I would hope that MikroTik put more priority in finishing the v6->v7 migration even when that reduces the priority on working on new features in v7.
We now are in the situation where many routers cannot be upgraded from v6 to v7 and that is not good, neither for the customer nor for MikroTik.
We are also in the situation where new hardware to replace the same model in the case of replacement failure is shipping with V7 not V6.

Successfully updated an rb2011
 
User avatar
armandfumal
Member Candidate
Member Candidate
Posts: 163
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: v7.7beta [testing] is released!

Thu Nov 03, 2022 1:20 pm

MT was able to fix the BGP issue on my router using a 7.99 release and soon the fixes will be available in 7.7beta.
thanks to all the MT team

What was the BGP issue fixed?
described early in this section...
 
User avatar
clambert
Member Candidate
Member Candidate
Posts: 161
Joined: Wed Jun 12, 2019 5:04 am

Re: v7.7beta [testing] is released!

Thu Nov 03, 2022 2:07 pm

Ok thanks, I found the post with the reference.
 
Simonej
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Sun Aug 22, 2021 3:34 am

Re: v7.7beta [testing] is released!

Thu Nov 03, 2022 9:46 pm

Hello, I want to report that with WifiWave2 /interface wifiwave2 add...configuration.client-isolation=yes is not working anymore
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 203
Joined: Wed Aug 09, 2017 1:15 pm

Re: v7.7beta [testing] is released!

Fri Nov 04, 2022 2:51 pm

*) vxlan - added "local-address" parameter support;
Please add local-address and vrf parameter support also to vtep configuration
 
LynxChaus
newbie
Posts: 29
Joined: Tue Jul 08, 2014 2:24 pm

Re: v7.7beta [testing] is released!

Fri Nov 04, 2022 9:49 pm

What's new in 7.7beta4 (2022-Oct-27 09:00):
Still unable establish OSPFv3 session with two ROS v6 routers.
22:00:17 route,ospf,info instance { version: 3 router-id: 10.0.0.252 } created
22:00:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } area { 0.0.0.0 } created
22:00:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } created
22:00:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } state change to Waiting
22:00:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Down } state change to Init
22:00:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Init } state change to TwoWay
22:00:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Down } state change to Init
22:00:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Init } state change to TwoWay
22:00:24 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: TwoWay } state change to Init
22:00:27 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Init } state change to TwoWay
22:00:34 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: TwoWay } state change to Init
22:00:37 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Init } state change to TwoWay
22:00:44 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: TwoWay } state change to Init
22:00:47 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Init } state change to TwoWay
22:00:54 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: TwoWay } state change to Init
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor election
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } state change to DR
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } change DR: me BDR: 10.0.0.1
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: TwoWay } state change to ExStart
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Init } state change to TwoWay
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: TwoWay } state change to ExStart
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: ExStart } negotiation done
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: ExStart } state change to Exchange
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Exchange } exchange lsdb size 1
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: ExStart } negotiation done
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: ExStart } state change to Exchange
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Exchange } exchange lsdb size 1
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Exchange } exchange done
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Exchange } state change to Loading
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Exchange } exchange done
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Exchange } state change to Loading
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Loading } loading done
22:00:57 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Loading } state change to Full
22:01:03 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Loading } loading done
22:01:03 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Loading } state change to Full
22:01:03 route,ospf,warning default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Full } received wrong LS Ack for router 0.0.0.0 10.0.0.253 0x80000eaf expected 0x80000eb0
22:01:04 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Full } state change to Init
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Init } state change to TwoWay
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: TwoWay } state change to ExStart
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: ExStart } negotiation done
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: ExStart } state change to Exchange
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Exchange } exchange lsdb size 18
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Full } sequence mismatch
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Full } state change to ExStart
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Exchange } exchange done
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Exchange } state change to Loading
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: ExStart } negotiation done
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: ExStart } state change to Exchange
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Exchange } exchange lsdb size 16
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Loading } loading done
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Loading } state change to Full
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Exchange } exchange done
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Exchange } state change to Loading
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Loading } loading done
22:01:07 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Loading } state change to Full
22:01:08 route,ospf,warning default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Full } received wrong LS Ack for intra-area-prefix 0.0.0.0 10.0.0.252 0x80000001 expected 0x80000002
22:01:08 route,ospf,warning default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Full } received wrong LS Ack for router 0.0.0.0 10.0.0.252 0x80000001 expected 0x80000002
22:01:14 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Full } state change to Init
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Init } state change to TwoWay
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: TwoWay } state change to ExStart
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: ExStart } negotiation done
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: ExStart } state change to Exchange
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Exchange } exchange lsdb size 18
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Full } sequence mismatch
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Full } state change to ExStart
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Exchange } exchange done
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Exchange } state change to Loading
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: ExStart } negotiation done
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: ExStart } state change to Exchange
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Exchange } exchange lsdb size 16
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Loading } loading done
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Loading } state change to Full
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Exchange } exchange done
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Exchange } state change to Loading
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Loading } loading done
22:01:17 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Loading } state change to Full
22:01:18 route,ospf,warning default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Full } received wrong LS Ack for intra-area-prefix 0.0.0.0 10.0.0.252 0x80000002 expected 0x80000003
22:01:18 route,ospf,warning default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Full } received wrong LS Ack for router 0.0.0.0 10.0.0.252 0x80000002 expected 0x80000003
22:01:24 route,ospf,info default-v3 { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Full } state change to Init
22:01:24 route,ospf,info instance { version: 3 router-id: 10.0.0.252 } shutdown
22:01:24 route,ospf,info instance { version: 3 router-id: 10.0.0.252 } backbone-v3 { 0.0.0.0 } shutdown
22:01:24 route,ospf,info instance { version: 3 router-id: 10.0.0.252 } area { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.1 state: Full } state change to Down
22:01:24 route,ospf,info instance { version: 3 router-id: 10.0.0.252 } area { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } neighbor { router-id: 10.0.0.253 state: Init } state change to Down
22:01:24 route,ospf,info instance { version: 3 router-id: 10.0.0.252 } area { 0.0.0.0 } interface { broadcast fe80::d6ca:6dff:fe0e:dd4b%vlan4091 } destroyed
22:01:24 route,ospf,info instance { version: 3 router-id: 10.0.0.252 } area { 0.0.0.0 } destroyed
22:01:24 route,ospf,info instance { version: 3 router-id: 10.0.0.252 } destroyed
and this cycle again and again...
 
Kindis
Member
Member
Posts: 441
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: v7.7beta [testing] is released!

Sat Nov 05, 2022 12:23 am

Is this over a VPN tunnel?
 
Guscht
Member Candidate
Member Candidate
Posts: 263
Joined: Thu Jul 01, 2010 5:32 pm

Re: v7.7beta [testing] is released!

Sat Nov 05, 2022 12:41 am

We now are in the situation where many routers cannot be upgraded from v6 to v7 and that is not good, neither for the customer nor for MikroTik.

Why would you want to update an in-production router to V7?
V6 is perfectly stable, there is absolutely no reason to do this step.

V7 is still a (more or less) better beta and FAR(!!!) away from any production-level.
My home-networks runs V7, but any network I am working on professionally is V6. The glitches and bug I see with V7... maybe in 2 - 5 years is V7 production ready. In the meantime its a playground for us. Another problem is, MT introduces 5 new feature and breaks 50 things. From this 50 things they fix maybe 20 to 25. And with the next version is begins again. They introduce more glitches as they are able to fix. Another point, look at their new "Wiki". Its a shame to see almost no progress there. I'd never install a product without a good documentation.

To come back, the is no reason to go to V7, Stay with V6 and be happy.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7beta [testing] is released!

Sat Nov 05, 2022 8:41 am

V6 is perfectly stable, there is absolutely no reason to do this step.
There is, if you need to install a new device. Deploying CCR1xxx seems like a mistake now, it is a product that will be end of life sooner than later, and who knows if MikroTik will bother having RouterOS v8 (when that comes out) support the platform. I'm sure that is still years away, but CCR2xxx is the way to go for future proofing, and you can only run v7 on them.

We are starting to roll out CCR2xxx models with RouterOS v7 at new sites, not because we feel they are completely ready, but because we don't want to roll out CCR1xxx models.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Sat Nov 05, 2022 10:34 am

We now are in the situation where many routers cannot be upgraded from v6 to v7 and that is not good, neither for the customer nor for MikroTik.

Why would you want to update an in-production router to V7?
V6 is perfectly stable, there is absolutely no reason to do this step.
Because all development is happening in v7, and we "need" some of it. E.g. now we have 2 internet connections and an elaborate load balancing/failover configuration on it, but it is only working for IPv4. For IPv6 we can only use one of the providers and no load balancing (failover maybe would be possible but I do not want to invest in that).
With v7 at least there are more capabilities in IPv6 to do that, although they are not bugfree so not sure if we can really deploy that already. But when we have v7 running at least I can submit documented bugreports about it.

Also, in another network, we have many independent users/admins that together form a network. There is no real control about who upgrades and at what time, but when people upgrade to v7 certain things do break. It would be nice to have at least feature parity between v6 and v7 so people can upgrade without running into immediate problems because they lost important features (e.g. BFD).
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 254
Joined: Thu Nov 05, 2015 12:30 pm

Re: v7.7beta [testing] is released!

Sun Nov 06, 2022 12:17 pm

We now are in the situation where many routers cannot be upgraded from v6 to v7 and that is not good, neither for the customer nor for MikroTik.

Why would you want to update an in-production router to V7?
V6 is perfectly stable, there is absolutely no reason to do this step.

V7 is still a (more or less) better beta and FAR(!!!) away from any production-level.
My home-networks runs V7, but any network I am working on professionally is V6. The glitches and bug I see with V7... maybe in 2 - 5 years is V7 production ready
I am running ALL of my devices on ROS 7 (7.6 for these days) in my BIG NETWORK in our BIG company. Which BTW running 24/7/365.

Switches, routers, capmans, VPN. All of it.

No problem whatsoever.

So I really do not agree with you.

If I would need some ospf, bgp and similar...
Yeah, I would rather wait for deploying ROS 7 for later times.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Sun Nov 06, 2022 12:54 pm

I am running ALL of my devices on ROS 7 (7.6 for these days) in my BIG NETWORK in our BIG company. Which BTW running 24/7/365.

Yeah, I would rather wait for deploying ROS 7 for later times.
You are running a BIG NETWORK in a BIG COMPANY without autorouting protocol?
I find that hard to believe... even when the network layout is clean and routes could be static, you usually at least want to have some backup/failover which is easiest to achieve with e.g. BGP+BFD.
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 254
Joined: Thu Nov 05, 2015 12:30 pm

Re: v7.7beta [testing] is released!

Sun Nov 06, 2022 2:11 pm

One big building, several separate subnets on separate wires. Any dynamic routing is really not needed in our scenario.
Failover is done on 2L.
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1160
Joined: Tue Oct 11, 2005 4:53 pm

Re: v7.7beta [testing] is released!

Sun Nov 06, 2022 7:14 pm

One big building, several separate subnets on separate wires. Any dynamic routing is really not needed in our scenario.
Failover is done on 2L.
So it is not a BIG NETWORK.

For actual big and complex networks that require dynamic routing with complex routing policies, v7 is beta at best.
Crucial features are missing (BFD), and others barely work (BGP).
I am sure MikroTik will now quote only the line above and say that BGP works fine, that they have no known bugs and that's what they use for their routing.

And right now we are at a dangerous crossroads, where MikroTik models that support v6 are becoming obsolete (ie: Nvidia EOLed Tilera chipsets) and new MikroTik models only support v7 which is not usable in critical workloads - which is a shame because new models are really cool in terms of specs.

If MikroTik doesn't get their act together and focus in bringing v7 in par with v6 in terms of functionality and usability, it's not going to be long before we have to move to other vendors. Not because we prefer them, but because there will be no other choice. Despite v7's slow development, projects still run and have to be delivered. We cannot wait forever.
 
huntermic
Member Candidate
Member Candidate
Posts: 111
Joined: Wed Oct 26, 2016 3:42 pm

Re: v7.7beta [testing] is released!

Sun Nov 06, 2022 9:30 pm

I’m moving to opnsense as V7 doesn’t tick all my boxes.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 12:26 pm

What's new in 7.7beta6 (2022-Nov-04 15:59):

*) bgp - improved BGP session load distribution across multiple CPU cores;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed access to "/dev/stderr" from containers;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ipsec - added hardware acceleration support for IPQ-6010;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) swos - improved default SwOS backup file name;
*) vxlan - added VRF support;
*) webfig - ensure login page is displayed after each log out;
*) webfig - improved WEB caching capabilities;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
 
User avatar
Hominidae
Member
Member
Posts: 316
Joined: Thu Oct 19, 2017 12:50 am

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 12:55 pm

*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
...finally...can't wait for the Version wth Ui/winbox support
Will this capsman version support a mixed infrastructure (wifiwave2 and non-ww2 APs)?
 
Guntis
MikroTik Support
MikroTik Support
Posts: 203
Joined: Fri Jul 20, 2018 1:40 pm

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 12:58 pm

No, WifiWave2 CAPsMAN is only compatible with WifiWave2 interfaces.
 
dani9
just joined
Posts: 20
Joined: Tue Dec 14, 2021 12:18 am

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 1:07 pm

No, WifiWave2 CAPsMAN is only compatible with WifiWave2 interfaces.
Is it possible to run capsman and capsman-wave2 at the same time?
 
ivicask
Member
Member
Posts: 438
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 1:13 pm

No, WifiWave2 CAPsMAN is only compatible with WifiWave2 interfaces.
What are plans for later?If we want to manage mix of new/old devices? Are we able to run 2 capsman instances, or we gona have to have 2 different Mikrotik devices in order to do it?
 
blimbach
just joined
Posts: 13
Joined: Fri Mar 04, 2016 3:39 pm
Location: Hennef, Germany

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 2:07 pm

Is it not possible to run a Wifiwave2 cAP on an existing cAPsMan? I just tried this, but could not specify "interfaces" on the CLI under /interfaces/wifiwave2/cap/. Are the controllers compatible at all?
 
Guntis
MikroTik Support
MikroTik Support
Posts: 203
Joined: Fri Jul 20, 2018 1:40 pm

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 2:24 pm

Unfortunately, it's not possible to run both types of CAPsMAN on the same device. For a configuration example, please see: https://help.mikrotik.com/docs/display/ ... ionexample:
 
blimbach
just joined
Posts: 13
Joined: Fri Mar 04, 2016 3:39 pm
Location: Hennef, Germany

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 2:33 pm

Thank you very much for the documentation. The question is still open if a wifiwave2 cAP can work on an old cAPsMan.

Does not work for me with the following configuration:
/interface wifiwave2
add configuration.manager=capsman .mode=ap disabled=no
add configuration.manager=capsman .mode=ap disabled=no
/interface wifiwave2 cap
set discovery-interfaces=bridge-home enabled=yes


So are the systems incompatible in both directions cAP->cAPsMAN and cAPsMAN->cAP?

Thank you!
-Boris
 
Guntis
MikroTik Support
MikroTik Support
Posts: 203
Joined: Fri Jul 20, 2018 1:40 pm

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 2:38 pm

Yes, WifiWave2 CAPsMAN can only manage WifiWave2 interfaces, and WifiWave2 interfaces can only be managed by WifiWave2 CAPsMAN.
 
blimbach
just joined
Posts: 13
Joined: Fri Mar 04, 2016 3:39 pm
Location: Hennef, Germany

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 2:42 pm

Yes, WifiWave2 CAPsMAN can only manage WifiWave2 interfaces, and WifiWave2 interfaces can only be managed by WifiWave2 CAPsMAN.
Will that change in the future to have a flexible upgrade path? I think many of our customers would like to successively replace their cAPs.
 
Guntis
MikroTik Support
MikroTik Support
Posts: 203
Joined: Fri Jul 20, 2018 1:40 pm

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 2:43 pm

Unfortunately, it's unlikely that it will change.
 
blimbach
just joined
Posts: 13
Joined: Fri Mar 04, 2016 3:39 pm
Location: Hennef, Germany

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 2:49 pm

Unfortunately, it's unlikely that it will change.
Okay, that leaves the simultaneous operation of the new and old cAPsMan each taking care of their cAPs. Do both systems interfere with each other in the same Layer2?
 
User avatar
own3r1138
Forum Veteran
Forum Veteran
Posts: 727
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 3:12 pm

@MikroTik
Can you elaborate on these two, Please?
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ppp - do not inherit routing mark for encapsulated packets;
 
flyfinlander
just joined
Posts: 4
Joined: Tue Nov 27, 2018 4:47 pm

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 4:12 pm

Hi,
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
Does this mean we can expect Brain Pool DH groups 28,29,30?
 
psannz
Member Candidate
Member Candidate
Posts: 128
Joined: Mon Nov 09, 2015 3:52 pm
Location: Stuttgart, Germany

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 4:26 pm

Unfortunately, it's unlikely that it will change.
Will you entertain the idea of a CAPSMANv1 Container, or a RouterOS Container limited to CAPSMANv1 and the relevant functionality?
If not full free RouterOS containers with their license bound to the underlying RouterOS they're running on?
 
User avatar
spippan
Member
Member
Posts: 464
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 5:45 pm

What's new in 7.7beta6 (2022-Nov-04 15:59):

*) firewall - made "dynamic" parameter settable for IPv4 address lists;
did not find a corresponding entry/description which made that a little more clear to me
what's the actual change here?

cheers
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 7:05 pm

What's new in 7.7beta6 (2022-Nov-04 15:59):
On fresh new on 7.7beta6 i cant choose enc-algorithms=aes-256-gcm in /ip/ipsec/proposal/add - failure: AEAD already provides authentication.
But aes-256-cbc - works (on 7.7beta4 add aes-256-gcm - works, problem with 7.7beta6).
SUP-97212
[admin@MikroTik] > /certificate add name="r1-ca" common-name="r1-ca" subject-alt-name="email:r1-ca" key-size=prime256v1 key-usage=key-cert-sign,crl-sign
[admin@MikroTik] > /certificate sign "r1-ca"
  progress: done

[admin@MikroTik] > /certificate add name="r1" common-name="192.168.2.14" subject-alt-name="IP:192.168.2.14" key-size=prime256v1 key-usage=digital-signature,content-commitment,key-encipherment,key-agreement,tls-se
rver
[admin@MikroTik] > /certificate sign "r1" ca="r1-ca"
  progress: done

[admin@MikroTik] > /certificate add name="r1-r2" common-name="r1-r2" subject-alt-name="email:r1-r2" key-size=prime256v1 key-usage=digital-signature,key-encipherment,data-encipherment,key-agreement,tls-client
[admin@MikroTik] > /certificate sign "r1-r2" ca="r1-ca"
  progress: done

[admin@MikroTik] > /ip/pool/add name=r1-r2 ranges=192.168.1.2
[admin@MikroTik] > /ip/ipsec/mode-config/add address-pool=r1-r2 address-prefix-length=32 name=r1-r2 split-include=0.0.0.0/0 system-dns=no
[admin@MikroTik] > /ip/ipsec/policy/group/add name=group1
[admin@MikroTik] > /ip/ipsec/profile/add dh-group=ecp256 enc-algorithm=aes-256 hash-algorithm=sha256 name=profile1 prf-algorithm=sha256 proposal-check=strict
[admin@MikroTik] > /ip/ipsec/peer/add exchange-mode=ike2 local-address=192.168.2.14 name=peer1 passive=yes profile=profile1
[admin@MikroTik] > /ip/ipsec/proposal/add auth-algorithms=sha256 enc-algorithms=aes-256-cbc,aes-256-gcm lifetime=8h name=proposal1 pfs-group=ecp256
failure: AEAD already provides authentication
[admin@MikroTik] > /ip/ipsec/proposal/add auth-algorithms=sha256 enc-algorithms=aes-256-gcm lifetime=8h name=proposal1 pfs-group=ecp256
failure: AEAD already provides authentication
[admin@MikroTik] > /ip/ipsec/proposal/add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=8h name=proposal1 pfs-group=ecp256
Last edited by depth0cert on Mon Nov 07, 2022 7:20 pm, edited 1 time in total.
 
User avatar
gabacho4
Member
Member
Posts: 399
Joined: Mon Dec 28, 2020 12:30 pm
Location: Earth

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 7:11 pm

@depth0cert - try the proposal with no auth-algorithm. According to Netgate (PfSense) no auth-algorithm is required with AES-GCM for Phase 2. Believe that is why you are getting the error message.
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 8:05 pm

@depth0cert - try the proposal with no auth-algorithm. According to Netgate (PfSense) no auth-algorithm is required with AES-GCM for Phase 2. Believe that is why you are getting the error message.

Yes, with auth-algorithms="" and enc-algorithms=aes-256-gcm on 7.7beta6 responder and 7.7beta6 initiator IKEv2 state is established. Thank you.

But what can i do with Apple devices (https://developer.apple.com/business/do ... erence.pdf) - i must choose The IKESecurityAssociationParameters and ChildSecurityAssociationParameters dictionaries may contain the following keys:
IntegrityAlgorithm String Optional. One of:
• SHA1-96
• SHA1-160
• SHA2-256 (Default)
• SHA2-384
• SHA2-512
 
User avatar
gabacho4
Member
Member
Posts: 399
Joined: Mon Dec 28, 2020 12:30 pm
Location: Earth

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 8:26 pm

But what can i do with Apple devices
Unfortunately, you'll have to dumb down your configuration to support the apple devices. So you'd have to use AES-CBC with SHA256. That or your have a P1/P2 for your site to site connection and then a separate P1/P2 for your remote clients. If that doesn't work for you, then GCM is out and CBC it is. The joys of Apple telling you how you will configure things.
 
User avatar
depth0cert
just joined
Posts: 21
Joined: Thu Sep 08, 2022 11:03 pm

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 9:26 pm

I was able to check Apple as initiator (AES-256-GCM/SHA2-256) and 7.7beta6 as a responder (auth-algorithms="" enc-algorithms=aes-256-gcm). Everything works, thanks for the help!
 
User avatar
Hominidae
Member
Member
Posts: 316
Joined: Thu Oct 19, 2017 12:50 am

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 11:03 pm

Unfortunately, it's unlikely that it will change.
...this makes me feel sad :-(
For me, that means no new WiFi-Ax products from MT on the Xmas shopping list
 
holvoetn
Forum Guru
Forum Guru
Posts: 6762
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 11:14 pm

Yes, WifiWave2 CAPsMAN can only manage WifiWave2 interfaces, and WifiWave2 interfaces can only be managed by WifiWave2 CAPsMAN.

From Wiki page (updated this evening):
Requirements:

Any RouterOS device, that supports the WifiWave2 package, can be a controlled wireless access point (CAP) as long as it has at least a Level 4 RouterOS license.
WifiWave2 CAPsMAN server can be installed on any RouterOS device that supports the WifiWave2 package, even if the device itself does not have a wireless interface
Unlimited CAPs (access points) supported by CAPsMAN

Do I understand correctly that only device able to use the wifiwave2 package are the devices able to be used as ww2-capsman ?
That leaves out A LOT of devices then ...
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7beta [testing] is released!

Mon Nov 07, 2022 11:37 pm

That leaves out A LOT of devices then ...
Are you wanting to use a mipsbe device for wifiwave2-capsman or something?
 
brg3466
Member Candidate
Member Candidate
Posts: 181
Joined: Sat Aug 01, 2015 7:29 am

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 4:05 am

No, WifiWave2 CAPsMAN is only compatible with WifiWave2 interfaces.
Does that mean only those who have wifiwave2 interface can act as the CAPsMAN ? like CHR/x86 architecture RouterOS, they cannot act as the CAPsMAN, correct ?

i have several hap ax2, and I tried today with x86 and CCR1009 as CAPsMAN but failed.
Last edited by brg3466 on Tue Nov 08, 2022 4:18 am, edited 1 time in total.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 4:14 am

Does that mean only those who have wifiwave2 interface can act as the CAPsMAN ? like CHR/x86 architecture RouterOS, they cannot act as the CAPsMAN, correct ?
Any device that has the wifiwave2 package available for that architecture can be used as the CAPsMAN, you just have to install the wifiwave2 package on it. It doesn't matter if it has wireless interfaces itself or not, as they said in an earlier post. Currently, this means that any arm or arm64 device can be the wifiwave2 CAPsMAN provided that it has enough memory and flash size, so something like an RB5009 or CCR2xxx model could easily be used as a wifiwave2 CAPsMAN. However, if the arm or arm64 device you want to use as a wifiwave2 CAPsMAN has wireless interfaces that are not supported by wifiwave2, you probably do not want to select it as the wifiwave2 CAPsMAN, otherwise the wireless interfaces built into it will no longer work. Therefore, you are better off selecting a device that either has no wireless interfaces or one that only has wifiwave2-compatible interfaces as your wifiwave2 CAPsMAN.

CHR/x86 cannot currently act as a wifiwave2 CAPsMAN only because there is no wifiwave2 package compiled for x86. I imagine this is just a temporary situation and that we will get a wifiwave2 package for the x86 architecture at some point to allow setting up a CHR as a wifiwave2 CAPsMAN.
 
brg3466
Member Candidate
Member Candidate
Posts: 181
Joined: Sat Aug 01, 2015 7:29 am

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 4:29 am

Looking forward to it ! Thanks for the quick reply !
 
ezhangiso
newbie
Posts: 28
Joined: Tue Feb 23, 2021 9:07 am

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 8:43 am

One PPPoE server and VLAN for each client? What is the purpose of such a complicated setup?
This kind of application is connected to OLT under ROS to prevent users from roaming. This problem is not found in version 6. Please pay attention to it and improve it in version 7
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 11:12 am

CHR/x86 cannot currently act as a wifiwave2 CAPsMAN only because there is no wifiwave2 package compiled for x86.
It again shows that the architecture used for CAPsMAN is not reasonable. There should be no need at all to have support for a local wireless interface on the controller.
Hopefully the separate project "to investigate a new controller" will lead to a more reasonable corporate WiFi management solution, where you can host the controller wherever you like (e.g. on a VM, maybe even externally hosted at some cloud provider) instead of being limited to some MikroTik device where storage is always problematic.
 
User avatar
FToms
MikroTik Support
MikroTik Support
Posts: 90
Joined: Fri Jul 24, 2020 3:28 pm

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 11:42 am

It again shows that the architecture used for CAPsMAN is not reasonable. There should be no need at all to have support for a local wireless interface on the controller.
CAPsMAN does not architecturally require support for local wireless interfaces.
Bundling CAPsMAN with drivers for supporting local wireless interfaces is a software distribution decision. One which may well be reviewed.
 
User avatar
woland
Member
Member
Posts: 310
Joined: Mon Aug 16, 2021 4:49 pm

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 12:46 pm

Hi,
I have installations of CapsMAN currently running on MIPS (HEX, HEXs, HEXpoe). In some of those networks, the only ARM devices are the CAPs themselves.
It would be a problem to replace the CAPacs by the next generation CAP ax devices with the new Capsman not capable of running on the existing HEXxx.

Of course not an unsolvable one, just a nuissance.

BR
W
 
mhugo
Member Candidate
Member Candidate
Posts: 179
Joined: Mon Sep 19, 2005 11:48 am

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 1:05 pm

On beta 4 I get FCS from a 2004 connected to a 1016 with an SFP+ DAC after some days of uptime.

Ill upgrade tonight to latest beta and see if it goes away.
 
blimbach
just joined
Posts: 13
Joined: Fri Mar 04, 2016 3:39 pm
Location: Hennef, Germany

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 1:06 pm

Unfortunately, it's not possible to run both types of CAPsMAN on the same device. For a configuration example, please see: https://help.mikrotik.com/docs/display/ ... ionexample:
@Guntis Can I ask you to extend the example to how local offloading of different SSIDs to different VLANs on the CAP works? CAPSMAN forwarding has been abolished, if I read this correctly.
Also, the question is still open whether a simultaneous installation of Wifiwave2-Capsman and Capsman in the same VLAN may interfere with each other or coexist.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6762
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 1:58 pm

Are you wanting to use a mipsbe device for wifiwave2-capsman or something?

Hi,
I have installations of CapsMAN currently running on MIPS (HEX, HEXs, HEXpoe). In some of those networks, the only ARM devices are the CAPs themselves.
It would be a problem to replace the CAPacs by the next generation CAP ax devices with the new Capsman not capable of running on the existing HEXxx.

Of course not an unsolvable one, just a nuissance.
And this is where I was going to ... Hex (or alike) are perfectly capable of being capsman controllers.
Why discard them from ww2-capsman ?
What with combined installations having non-arm caps and arm-caps ? You need 2 (ideally 4 for backup) controllers then ? That's just crazy.

You need to take into account the upgrade path.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 2:23 pm

They could yet release wifiwave2 packages for other architectures, like mmips or tile, to allow them to act as a wifiwave2 CAPsMAN. I can't see MikroTik deciding to restrict wifiwave2 CAPsMAN to only arm/arm64 architectures.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 2:48 pm

All the mips devices have limited processing power, does not make any sense there. But would be nice to have the package for TILE in future...
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 2:53 pm

I think it doesn't make any sense to have a wifiwave2 CAPsMAN on mipsbe, but the ability to have them on mmips (hEX devices) might be useful.
 
User avatar
woland
Member
Member
Posts: 310
Joined: Mon Aug 16, 2021 4:49 pm

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 3:19 pm

Hi,
In my world, mostly a HEXpoe (MIPSBE) powers a few CAPs and it is also running the Capsman. It might not make much sense for hundreds of APs, but for small home/small business installations, it does. Of course those setups use local forwarding and HEXpoe is just used as a switch to forward to some other router (which is mostly not an MT).
The HEXpoe idles most of the time.
So yes, for me MIPSBE is an important architecture, as well as MMIPS.
This is a very power efficient setup, which is also important for some places.

BR
W
 
guipoletto
Member Candidate
Member Candidate
Posts: 201
Joined: Mon Sep 19, 2011 5:31 am

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 3:55 pm

All the mips devices have limited processing power, does not make any sense there. But would be nice to have the package for TILE in future...
Well, and i'd like to see "wifi" package dropped from the CRS3xx build... there are better uses for the extremelly limited flash storage.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 5:11 pm

Well, and i'd like to see "wifi" package dropped from the CRS3xx build... there are better uses for the extremelly limited flash storage.
I think it wasn't a good idea to merge everything into a single package, especially in case of alternative packages like wireless/wifiwave2.
But also applications like samba, proxy, etc could have been kept separate.
I understand the need to merge system, ppp, security, ipv6, dhcp, advanced-tools and maybe routing into one package. But that should not have included wifi drivers and capsman.
 
whatever
Member
Member
Posts: 366
Joined: Thu Jun 21, 2018 9:29 pm

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 6:30 pm

Unfortunately, it's unlikely that it will change.
What is preventing you from releasing a stripped down "wifiwave2-light" package for cAP ac + hAP ac² which contains only the drivers for their wifi chipset and fit the small storage? This would allow mixed deployments with old and new devices.
 
User avatar
spippan
Member
Member
Posts: 464
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 6:45 pm

so this is all about capsman now.
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 6:50 pm

One big building, several separate subnets on separate wires. Any dynamic routing is really not needed in our scenario.
Failover is done on 2L.
So it is not a BIG NETWORK.

For actual big and complex networks that require dynamic routing with complex routing policies, v7 is beta at best.
Crucial features are missing (BFD), and others barely work (BGP).
I am sure MikroTik will now quote only the line above and say that BGP works fine, that they have no known bugs and that's what they use for their routing.

And right now we are at a dangerous crossroads, where MikroTik models that support v6 are becoming obsolete (ie: Nvidia EOLed Tilera chipsets) and new MikroTik models only support v7 which is not usable in critical workloads - which is a shame because new models are really cool in terms of specs.

If MikroTik doesn't get their act together and focus in bringing v7 in par with v6 in terms of functionality and usability, it's not going to be long before we have to move to other vendors. Not because we prefer them, but because there will be no other choice. Despite v7's slow development, projects still run and have to be delivered. We cannot wait forever.
You can use alternative opensource like vyos to get better BGP advance service, i don't know when BGP in mikrotik will be ready and fixed.
i wonder if "vyos" can run in mikrotik hardware, metarouter or container.

thx
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 7:05 pm

You can use alternative opensource like vyos to get better BGP advance service, i don't know when BGP in mikrotik will be ready and fixed.
i wonder if "vyos" can run in mikrotik hardware, metarouter or container.
The big problem is the investment in knowledge and configurations for RouterOS.
That would all have to be re-learned when using different software.
There is a reason why we, a couple of years ago, switched from using plain Linux boxes as routers with all custom config/scripting, towards using MikroTik.
It would be a shame to have to abandon that, just because MikroTik cannot get a new project "finished" and has abandoned the old.
(I would be perfectly happy with a RouterOS v7 where you can select between a "routing-legacy" and "routing-new" package and run the v6 autorouting modules. they worked fine. we are not doing internet routing, only local networks)
 
User avatar
sirbryan
Member
Member
Posts: 400
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 7:12 pm

On beta 4 I get FCS from a 2004 connected to a 1016 with an SFP+ DAC after some days of uptime.

Ill upgrade tonight to latest beta and see if it goes away.
I have had three GbE ports from a CCR2116 plugged into a CCR1036 as a backup path for months now, where the 2116 was running 7.x and the 1036 was on 6.49. I recently upgraded the 1036 to 7.6 and it's complaining of FCS errors from one of the three ports connected to the 2116 every hour or so.

On yours, which device is complaining about the FCS errors?
 
holvoetn
Forum Guru
Forum Guru
Posts: 6762
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 8:01 pm

so this is all about capsman now.
It happens to be the big new feature for this 7.7beta6 version.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 8:46 pm

A feature that is even bigger for me than that is the set-priority being added to IPv6 mangle - we can finally have QoS fully working on IPv6.
 
User avatar
spippan
Member
Member
Posts: 464
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 8:55 pm

so this is all about capsman now.
It happens to be the big new feature for this 7.7beta6 version.
would love to see existing features to be completed/stable and on par with previous rOS release (yes. v6)!
got 3 2116s at work which are scheduled for implementation as a cisco replacement and i am really worried to see a lot of hickups on those with that update path
and there are more in the pipeline
3x 1072
3x 2004
about 10x hEX(-S)

yes the hEX, 2004 and 1072s can be run on rOS6. no real point in that (2004 is RAM capped at 1792MB* in rOS6; 1072 and hEX would then be "version mismatched" with the central routers)
2116 is v7 only anyway
(and spare me "hEX is not recommended v7 ..." - i know mips boards are not recommendet but yet have some in good service for quite some time now)

EDIT: *) https://i.mt.lv/cdn/product_files/CCR20 ... 210911.pdf
 
holvoetn
Forum Guru
Forum Guru
Posts: 6762
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 11:52 pm

Hex works just fine with ROS7.
Been running it since first beta.
 
User avatar
spippan
Member
Member
Posts: 464
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.7beta [testing] is released!

Tue Nov 08, 2022 11:55 pm

Hex works just fine with ROS7.
Been running it since first beta.
same.
got 2 hEX S running v7 which build a VXLAN through wireguard ... ~160-200mbit through there just fine
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 6:09 am

You can use alternative opensource like vyos to get better BGP advance service, i don't know when BGP in mikrotik will be ready and fixed.
i wonder if "vyos" can run in mikrotik hardware, metarouter or container.
The big problem is the investment in knowledge and configurations for RouterOS.
That would all have to be re-learned when using different software.
There is a reason why we, a couple of years ago, switched from using plain Linux boxes as routers with all custom config/scripting, towards using MikroTik.
It would be a shame to have to abandon that, just because MikroTik cannot get a new project "finished" and has abandoned the old.
(I would be perfectly happy with a RouterOS v7 where you can select between a "routing-legacy" and "routing-new" package and run the v6 autorouting modules. they worked fine. we are not doing internet routing, only local networks)
Even in "routing-legacy" there is also a lot bugs on it (full routes bugs, BGP vpn4 best routes calculation etc).
so many years mikrotik customers operate mikrotik devices with bugs until today.

thx
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 6:21 am

I would be perfectly happy with a RouterOS v7 where you can select between a "routing-legacy" and "routing-new" package and run the v6 autorouting modules. they worked fine.
I don't think this is even possible. The v6 routing protocols were all written with route caching in mind, and removing route caching I believe would require a rewrite of them, which is almost as much work as creating the v7 routing protocols.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 8:33 am

Unfortunately, it's unlikely that it will change.
What is preventing you from releasing a stripped down "wifiwave2-light" package for cAP ac + hAP ac² which contains only the drivers for their wifi chipset and fit the small storage? This would allow mixed deployments with old and new devices.
The drivers are the biggest thing
 
User avatar
Hominidae
Member
Member
Posts: 316
Joined: Thu Oct 19, 2017 12:50 am

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 10:55 am

...if capsman in a mixed wiFi+ww2 will not be made possible, I can only urge you to enable ww2 on the smaller devices somehow.
...maybe introduce a staged boot for capsman, where drivers can be fetched remotely, once a cap gets connected or something else.
It is a shame letting these devices go to e-waste (not that availability - and money - for an infrastructure refresh is a given, these days).
Hell, I'd even pay a nominal license fee, i.e. managed via MT cloud- like for CHR - for my old cAP/wAP-ac in order to extend their lifetime with ww2 drivers.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 10:57 am

We are working on alternative solutions, but it is hard to say how long it will take.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 10:59 am

The drivers are the biggest thing
I think the guess is that the wifiwave2 package is so big because it contains drivers for several different chips, and maybe a wifiwave2-ipq4019 package could be compiled that is only for the hAP ac2 and would be small enough to fit in there.
However, considering that a 7.7beta install on the hAP ac2 only leaves about 1.5MB of free space on the flash, I don't think that is going to work, especially not when the main package is not split (i.e. the legacy wireless removed from that, amongst other big chunks that are not required in a home AP).
 
User avatar
Hominidae
Member
Member
Posts: 316
Joined: Thu Oct 19, 2017 12:50 am

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 11:01 am

...at least there is hope, then. Thanks Normis, much appreciated!
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 11:02 am

Yes, we are contemplating the possibility of per-product packages. But that is only in discussion stage.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 11:07 am

I would be perfectly happy with a RouterOS v7 where you can select between a "routing-legacy" and "routing-new" package and run the v6 autorouting modules. they worked fine.
I don't think this is even possible. The v6 routing protocols were all written with route caching in mind, and removing route caching I believe would require a rewrite of them, which is almost as much work as creating the v7 routing protocols.
On the "plain Linux" systems where I run BGP daemons like quagga or bird (both are in use), I never encountered any problem with moving towards a kernel version without route caching. I think this is happening on a lower level. The routing daemons create their own route database, do their selection algorithms, and then load the resulting FIB in the system routing table. The system itself then caches that into the route cache, on older kernels. The only thing that visibly changed at that point is that originally you needed to do a "ip route flush table cache" (or equivalent system call) whenever you changed something else than a route insert/delete (e.g. a policy routing change), and now that command is a no-op. However, it is still accepted.

In v7 there is more visibility of the different tables (in /ip/route and /routing/route) but I don't think it would require "a rewrite", especially not of the higher levels of the BGP and BFD implementation.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12557
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 11:07 am

Yes, we are contemplating the possibility of per-product packages. But that is only in discussion stage.
Please don't, just add one more big mess...
One of the strengths of RouterOS is "the one package" for each architecture...
Last edited by rextended on Wed Nov 09, 2022 11:10 am, edited 2 times in total.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 11:09 am

But then there are issues like above. Too many drivers and tools that no longer fit on all models.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12557
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 11:14 am

.
In the past it was solved with separate packages ...
Don't care about the routing, ppp, hotspot and mpls on this access-point?
I don't put them there ...

or at least provide a separate package but just for the "drivers"
 
User avatar
spippan
Member
Member
Posts: 464
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 11:17 am

But then there are issues like above. Too many drivers and tools that no longer fit on all models.
if it is possible, you could determine the packages which are elegible for install an a given hardware via e.g. netinstall or winbox.

what i mean hereby is, that, if a npk file is installed, netinstall/winbox could (if that is possible) determine which certain driver inside the npk is fit for the destined hardware and only that driver is installed ("de-bloat" so to say)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 11:18 am

rextended: the drivers package includes drivers for all wireless models :) this takes up a LOT of space.
special package per MODEL is the only way to solve it
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1352
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 11:19 am

The firmware files are indeed big, but besides that there are a few kernel modules in there that are also huge, and those alone won't fit in the space left on a hAP ac2 for example.
04/11/2022  04:39 pm             9,156 asf.ko
04/11/2022  04:39 pm             4,580 mem_manager.ko
04/11/2022  04:39 pm           222,056 monitor.ko
04/11/2022  04:39 pm         1,733,420 qca_ol.ko
04/11/2022  04:39 pm           137,472 qca_spectral.ko
04/11/2022  04:39 pm           150,716 qdf.ko
04/11/2022  04:39 pm         3,961,076 umac.ko
04/11/2022  04:39 pm           621,712 wifi_2_0.ko
04/11/2022  04:39 pm           918,700 wifi_3_0.ko
Running wifiwave2 drivers with so little RAM (128MB) could be problematic too.
So don't get your hopes up that you'll ever see hAP ac2 or something with similar specs with wifiwave2 drivers running RouterOS.
Last edited by Znevna on Wed Nov 09, 2022 11:25 am, edited 4 times in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12557
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 11:19 am

@normis
sorry, but then at first you meant separate wireless packages for drivers? not separate system package for each model??
I did not understand???
 
User avatar
spippan
Member
Member
Posts: 464
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 11:21 am

.
In the past it was solved with separate packages ...
Don't care about the routing, ppp, hotspot and mpls on this access-point?
I don't put them there ...

or at least provide a separate package but just for the "drivers"
liked the separated packages management like in rOS v6 more. on a simple AP i always deinstalled packages such as mpls,routing,ppp....

i would appreciate such option turning back again
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12557
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 11:23 am

[…]
the drivers package […] for […] wireless
special package per MODEL is the only way to solve it
[…]
Now I understand!
I had misunderstood before...
So it seems fair to me!


P.S.: It's time to drop SMPIS like old mipsLE...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 11:27 am

rextended: the drivers package includes drivers for all wireless models :) this takes up a LOT of space.
special package per MODEL is the only way to solve it
Another way would be to have the drivers all in the wifiwave2 distribution package, but then have some automatic procedure during install that checks which drivers are required on that model and only installs those in the flash, and discards the others.
At least then the user would not be faced with selecting the proper package for each model.

Still I think that joining some low-level stuff like security, ppp, dhcp, ipv6 etc into the main package was a good idea, because there were more and more inter-dependencies, but it was bad to merge essentially everything into one package. Stuff that is an application should be easy to make into a separate package.
(especially when the package management is made only slightly better: extend the package list to all available packages (on the update server) and allow the user to install them in the same way as they are removed and upgraded, so not by having to download a .zip and upload a file but just clicking an "install" button on a package that is listed as "not installed" in that list)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12557
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 11:33 am

Another way is to remove all unused drivers from RouterBOARD products,
such as additional USB devices or miniPCIe and all the other frills,
so that only people using non-mikrotik products have to be bothered to install drivers.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 12:32 pm

Back to the topic of the new release...
*) firewall - added "set-priority" option for IPv6 mangle firewall;
It appears the action=set-priority new-priority=from-dscp-high-3-bits in the ipv6 mangle rules does not work correctly. Priority is nearly always 0.
But with new-priority=from-dscp it seems to get a priority between 0 and 7, unlike with IPv4.
Maybe got some shifting and/or masking wrong?
It would be handy to have a "log" action or option that logs more attributes of the packet, so this could be adequately debugged.
(the current "log" option logs neither DSCP nor Priority)
 
hecatae
Member Candidate
Member Candidate
Posts: 247
Joined: Thu May 21, 2020 2:34 pm

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 2:33 pm

Audience owner here, does the new CapMAN implementation allow my 2 Audiences to still mesh together, or is it going to horribly break things and best be left alone?
 
basicmonkey
just joined
Posts: 4
Joined: Tue Aug 24, 2021 2:10 pm

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 5:45 pm

Will CAPsMAN ww2 support central forwarding eventually or has that gone away for good? I currently have a Cisco CAPWAP setup and really like having all the forwarding done centrally as I can maintain better control over traffic and security rather than done at the AP. I don't really want to expose each VLAN required to all APs.
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7beta [testing] is released!

Wed Nov 09, 2022 5:53 pm

One PPPoE server and VLAN for each client? What is the purpose of such a complicated setup?
This kind of application is connected to OLT under ROS to prevent users from roaming. This problem is not found in version 6. Please pay attention to it and improve it in version 7
with more then 2200 pppoeclient our x86 v7.6 (stable) concentrator is experiencing slowness:
- Winbox is very very late updating the interface counters;
- sometime the pppoe dynamic interface goes not in RUN state and remains on top of interfaces' list (frequently);
- sometime the dynamic simple-queue created by the pppoe are not deleted when the pppoe cleint disconnects (rarely)

tried to open a ticket by email but today seems your mta refuses my smtp.

regards
 
cklee234
newbie
Posts: 44
Joined: Tue Sep 29, 2020 6:49 am

Re: v7.7beta [testing] is released!

Thu Nov 10, 2022 2:22 am

I have issues with CAPsMan since v7.7 beta 4 that force me to back to v7.6.
After installed the beta 4 and 6, my 5G wifi parts stopped working. 2.4G wifi remained ok.
I saw reloading of CAPsMan from time to time.

Not sure if this happened in x86 only but reverting beta to v7.6 resumes normal
 
User avatar
own3r1138
Forum Veteran
Forum Veteran
Posts: 727
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: v7.7beta [testing] is released!

Thu Nov 10, 2022 3:11 pm

There is still PPP and Queue problem in the 7.7beta6 version.
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7beta [testing] is released!

Thu Nov 10, 2022 7:17 pm

There is still PPP and Queue problem in the 7.7beta6 version.
please report opening the ticket by web, because MT has mta server issue, and adding supout.
they need to look into it.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3343
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.7beta [testing] is released!

Thu Nov 10, 2022 7:49 pm

@own3r1138
Also post support ticket here.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Thu Nov 10, 2022 11:49 pm

A feature that is even bigger for me than that is the set-priority being added to IPv6 mangle - we can finally have QoS fully working on IPv6.
Did you try it? It does not work for me (set priority from DSCP)...
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7beta [testing] is released!

Fri Nov 11, 2022 2:57 am

Did you try it? It does not work for me (set priority from DSCP)...
No, I have not tried it yet, unfortunately, these are a crazy few weeks for me.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2182
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v7.7beta [testing] is released!

Fri Nov 11, 2022 6:28 am

I have issues with CAPsMan since v7.7 beta 4 that force me to back to v7.6.
After installed the beta 4 and 6, my 5G wifi parts stopped working. 2.4G wifi remained ok.
I saw reloading of CAPsMan from time to time.

Not sure if this happened in x86 only but reverting beta to v7.6 resumes normal
I am having issues with Capsman and 2.4Ghz on 7.7beta6. Some devices will connect briefly then disconnect. If I roll back to 7.6 it works perfectly.
 
cklee234
newbie
Posts: 44
Joined: Tue Sep 29, 2020 6:49 am

Re: v7.7beta [testing] is released!

Fri Nov 11, 2022 8:39 am

Could it be related to different versions in the CAPsMan and AP? AP is using V7.6
Last edited by BartoszP on Fri Nov 11, 2022 8:50 pm, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart.
 
User avatar
own3r1138
Forum Veteran
Forum Veteran
Posts: 727
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: v7.7beta [testing] is released!

Sat Nov 12, 2022 3:41 pm

There is still PPP and Queue problem in the 7.7beta6 version.
SUP-96432 was raised on 29/Oct/22. I also have added the V7.7b6 supout file.
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7beta [testing] is released!

Sun Nov 13, 2022 6:38 pm

I have SUP-97395 opened for the same issue.
regards
Last edited by BartoszP on Tue Nov 15, 2022 3:18 pm, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart. 3 lines of quote, 1 line of post.
 
mhugo
Member Candidate
Member Candidate
Posts: 179
Joined: Mon Sep 19, 2005 11:48 am

Re: v7.7beta [testing] is released!

Mon Nov 14, 2022 7:43 pm

On yours, which device is complaining about the FCS errors?
The 1016 connected to a 2004 was the one complaining.
 
jhbarrantes
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Wed Aug 21, 2019 2:56 pm

Re: v7.7beta [testing] is released!

Tue Nov 15, 2022 10:23 am

Hi!

I'm trying to replicate the CAPsMAN example you have in documentation for a brand new hAP-ax2. However, I'm unable to get the wireless interfaces up and running. As I'm trying to run CAPsMAN and CAP under the same device, the only modification I did from your example was to set caps-man-addresses=127.0.0.1 when I enabled the wireless interfaces as CAP.
Apparently the interfaces are joining CAPsMAN (in logs I can see messages for selected CAPsMAN MikroTik@127.0.0.1 and connected to MikroTik@127.0.0.1, and under WifiWave2 menu I can see both interfaces with message saying "managed by CAPsMAN"), however SSID is not broadcasted and seems not to be running.

Is this already supported (running CAP / CAPsMAN on the same device)? I'm running latest testing version, 7.7beta6

Thanks!

screenshot_capsman_setup.png
You do not have the required permissions to view the files attached to this post.
 
Guntis
MikroTik Support
MikroTik Support
Posts: 203
Joined: Fri Jul 20, 2018 1:40 pm

Re: v7.7beta [testing] is released!

Tue Nov 15, 2022 11:15 am

It's not supported that the local interface will be controlled by CAPsMAN. But given how configuration profiles work - CAPsMAN uses the same exact "configuration", "datapath", "security" etc., you can just set the same configuration profile on the local interface, as the one you would pass to remote CAPs.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Tue Nov 15, 2022 11:40 am

It's not supported that the local interface will be controlled by CAPsMAN.
WHAT??
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12557
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7beta [testing] is released!

Tue Nov 15, 2022 12:46 pm

It's not supported that the local interface will be controlled by CAPsMAN
urlo_gatto.png
You do not have the required permissions to view the files attached to this post.
 
Guntis
MikroTik Support
MikroTik Support
Posts: 203
Joined: Fri Jul 20, 2018 1:40 pm

Re: v7.7beta [testing] is released!

Tue Nov 15, 2022 12:58 pm

/interface/wifiwave2/set wifi1 configuration=x
versus
/interface/wifiwave2/cap set enabled=yes
/interface/wifiwave2/ set wifi1 configuration.manager=capsman-or-local

The second scenario only works for remote CAPs, but while the same configuration is passed, end result is exactly the same. There is no separate wireless interface menu, like with the previous CAPsMAN, everything is under /interface/wifiwave2/
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12557
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7beta [testing] is released!

Tue Nov 15, 2022 1:02 pm

Ok, sorry...

One question please: "usual" (if not better) roaming, is supported between local and remote devices on this way?
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1352
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.7beta [testing] is released!

Tue Nov 15, 2022 1:07 pm

That wasn't mentioned as being implemented yet ;D
 
jhbarrantes
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Wed Aug 21, 2019 2:56 pm

Re: v7.7beta [testing] is released!

Tue Nov 15, 2022 7:40 pm

It's not supported that the local interface will be controlled by CAPsMAN. But given how configuration profiles work - CAPsMAN uses the same exact "configuration", "datapath", "security" etc., you can just set the same configuration profile on the local interface, as the one you would pass to remote CAPs.

I tried to setup that way (make sense what you said, as most of config is similar) and it seems to be working. However, I found a small issue when using "datapath" option for a configuration (non CAPsMAN). I tried to setup two different datapath with the same bridge (where vlan filtering is up and running), using the following config:
interface wifiwave2 datapath
add bridge=bridge client-isolation=no name=home vlan-id=10
add bridge=bridge client-isolation=yes name=guest vlan-id=11
But then these ports are added into the bridge, they are not setting up PVID = this tag. Is there any other change in datapath, appart of not having the flag "vlan-mode=use-tag" anymore? Am I doing something wrong?

Thanks!
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Fri Nov 18, 2022 10:57 am

I just had a ethernet driver hangup on my RB4011. The ethernet ports 6-10 went down simultanously with a message:
interface,info ether6 link down
The devices connected to those ports lost their communication, however I saw that the router still received data from the device (e.g. DHCP request), but sending data from the router no longer worked.
The ether10 port has PoE enabled with "auto on", it remained powering the device (LHG) but communication was lost.
This was after about 8.5 days of uptime. I have never seen this before.
I tried disable/enable on one port but there was no change. A reboot fixed it. Have others encountered this problem?
 
User avatar
armandfumal
Member Candidate
Member Candidate
Posts: 163
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: v7.7beta [testing] is released!

Fri Nov 18, 2022 4:30 pm

is it a way to use wifiwave2 with wds ?
 
User avatar
spippan
Member
Member
Posts: 464
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.7beta [testing] is released!

Fri Nov 18, 2022 4:54 pm

I just had a ethernet driver hangup on my RB4011. The ethernet ports 6-10 went down simultanously with a message:
interface,info ether6 link down
The devices connected to those ports lost their communication, however I saw that the router still received data from the device (e.g. DHCP request), but sending data from the router no longer worked.
The ether10 port has PoE enabled with "auto on", it remained powering the device (LHG) but communication was lost.
This was after about 8.5 days of uptime. I have never seen this before.
I tried disable/enable on one port but there was no change. A reboot fixed it. Have others encountered this problem?
never seen such a behaviour
SUPOUT in a ticket to mikrotik support maybe?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12980
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7beta [testing] is released!

Fri Nov 18, 2022 5:33 pm

is it a way to use wifiwave2 with wds ?

I don't remember seeing announcement that the 4-address mode was implemented yet. Until that's done, neither WDS nor bridge modes will work.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Fri Nov 18, 2022 7:08 pm

never seen such a behaviour
SUPOUT in a ticket to mikrotik support maybe?
When it happens again I will make a supout file, this time I needed to reboot to fix it and did not think about making a supout.
(also this router config is quite complicated so always very large supout... I would hope someone sees the same thing on a default-config device)
 
miasharmse84
just joined
Posts: 23
Joined: Fri Sep 02, 2022 6:19 pm
Location: South Africa

Re: v7.7beta [testing] is released!

Sat Nov 19, 2022 10:52 am

rpingar - Yes. these changes should allow routing processes to consume more than 2 GB of RAM
this is not going to fix the issue on my ticket.
Above a certain routes/peeer we still get unstable (hold time expire) peers, when reestabilsihed it is unable to load more then 7-9k messages from a peer then reset again.
ticket update with supout and logs.
the strange thing is that now the router doesn't crash the routing but more dangerous it reboot itself with the message:
oct/30/2022 10:36:52 system,error,critical router rebooted without proper shutdown, probably power outage

also we still get a lot of this logs:
07:20:00 route,bgp,info Write to bgp failed (32) { #buf=1 max=64 sk=Socket{ 555 a } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=2 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=3 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=4 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=5 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=6 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=7 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=8 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=9 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=10 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=11 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=12 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=13 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=14 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=15 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (32) { #buf=1 max=64 sk=Socket{ 573 a } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=2 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=3 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=4 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=5 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=6 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=7 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=8 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=9 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=10 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=11 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=12 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=13 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=14 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=15 max=64 sk=Socket{ -1 } }

regards
I have the same issues on CCR2116 edge router Routeros v7.5

Was told the problem was fixed in 7.6, so i upgraded to 7.6 stable when it was released, but no success, still get exactly the same error message as you rpingar.

route,bgp,info Write to bgp failed (9) { #buf=15 max=64 sk=Socket{ -1 } }
 
User avatar
armandfumal
Member Candidate
Member Candidate
Posts: 163
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: v7.7beta [testing] is released!

Sat Nov 19, 2022 3:26 pm

is it a way to use wifiwave2 with wds ?

I don't remember seeing announcement that the 4-address mode was implemented yet. Until that's done, neither WDS nor bridge modes will work.
That's exclude all new devices like ax2....
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v7.7beta [testing] is released!

Mon Nov 21, 2022 9:55 am



this is not going to fix the issue on my ticket.
Above a certain routes/peeer we still get unstable (hold time expire) peers, when reestabilsihed it is unable to load more then 7-9k messages from a peer then reset again.
ticket update with supout and logs.
the strange thing is that now the router doesn't crash the routing but more dangerous it reboot itself with the message:
oct/30/2022 10:36:52 system,error,critical router rebooted without proper shutdown, probably power outage

also we still get a lot of this logs:
07:20:00 route,bgp,info Write to bgp failed (32) { #buf=1 max=64 sk=Socket{ 555 a } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=2 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=3 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=4 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=5 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=6 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=7 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=8 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=9 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=10 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=11 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=12 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=13 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=14 max=64 sk=Socket{ -1 } }
07:20:00 route,bgp,info Write to bgp failed (9) { #buf=15 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (32) { #buf=1 max=64 sk=Socket{ 573 a } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=2 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=3 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=4 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=5 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=6 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=7 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=8 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=9 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=10 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=11 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=12 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=13 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=14 max=64 sk=Socket{ -1 } }
07:20:38 route,bgp,info Write to bgp failed (9) { #buf=15 max=64 sk=Socket{ -1 } }

regards
I have the same issues on CCR2116 edge router Routeros v7.5

Was told the problem was fixed in 7.6, so i upgraded to 7.6 stable when it was released, but no success, still get exactly the same error message as you rpingar.

route,bgp,info Write to bgp failed (9) { #buf=15 max=64 sk=Socket{ -1 } }
7.7beta6 definitely fix it.
Now remain to fix a very low speed in update to peers (in some cases) and a little memory leak in rpki when a full route provider flap the bgp session (not confirmed).

regards
 
daaf
just joined
Posts: 11
Joined: Sun Jan 12, 2020 4:39 am

Re: v7.7beta [testing] is released!

Mon Nov 21, 2022 10:27 pm

The problem of global variables that disappear still persists, someone from mikrotik who can say if they are taking action on the matter, test on hAP AC3?

viewtopic.php?p=944654#p944663
 
curtdept
just joined
Posts: 2
Joined: Wed Nov 17, 2021 8:00 am

Re: v7.7beta [testing] is released!

Tue Nov 22, 2022 5:54 pm

Anyone else have an issue with v6 PD on this version?

Mine (at night, I suspect it has thing to do with DHCPv6 renewals) will occasionally not get a PD anymore for some amount of time (up to 12 hours) even post reboot. I talked with my ISP and they couldnt find anything, I then downgraded and it seemed fine.
Last edited by curtdept on Wed Nov 23, 2022 1:16 am, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Tue Nov 22, 2022 6:28 pm

There could be an issue, when I check my IPv6 PD status I see there is no expire time (the field is empty).
However in my case the addresses remain valid. So I did not notice it until now. Maybe it depends on the actual expiry time in use by the ISP.
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 552
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v7.7beta [testing] is released!

Wed Nov 23, 2022 12:01 pm

Premise: I've just updated my RB3011 from 6.49.7 to v.7.7beta6 on a 2nd partition just to test what I'll need to fix (some small adjustments to route scopes /target scopes and route tables/VRF and I'm almost done)

I've just noticed that the DNS redirect on my home router is not working (v 7.7beta6).
/ip firewall nat add action=redirect chain=dstnat dst-port=53 in-interface-list=LANs protocol=udp to-ports=53

It works if I forward the dns query externally:
/ip firewall nat add action=dst-nat chain=dstnat dst-port=53 in-interface-list=LANs protocol=udp to-addresses=208.67.222.123 to-ports=53

If I make the dns query directly to the router IP, it works (Allow remote requests is obviously active and it's working).

Is the "redirect" action different in Ros7 in some way? Am I missing something ?
Any help or confirmation would be appreciated, thanx.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12557
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7beta [testing] is released!

Wed Nov 23, 2022 12:40 pm

Since for me work as expected on 7.6, and you didn't specify if it works on 7.6 or not,
open a separate topic, as it may be your fault on the configuration, before spamming this whole topic with useless posts.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12980
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7beta [testing] is released!

Wed Nov 23, 2022 1:40 pm

I've just noticed that the DNS redirect on my home router is not working (v 7.7beta6).
/ip firewall nat add action=redirect chain=dstnat dst-port=53 in-interface-list=LANs protocol=udp to-ports=53

Conceptually: missing properties in NAT rules mean that those fields don't get changed. Since your NAT rule does not define to-addresses, the dst-address remains unchanged hence the rule doesn't do anything. So conceptually you have to set to-addresses to router's own IP address (if that's the destination you want to redirect DNS queries). The only mystery to me is why the same NAT command worked for you so far (if it actually worked?).
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 552
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v7.7beta [testing] is released!

Wed Nov 23, 2022 2:30 pm

mkx) The same command works perfectly in Ros6 (you probably missed that the action is different, action=redirect already means "to the router itself" and you cannot specify an address).

rextended) I'm quite sure I already used that rule in previous Ros7.x so I thought it was version dependent. This is why I posted here.
Also, you said "work as expected on 7.6", so it kind of confirms that indeed it's version dependent.
tip: don't be too aggressive with moderation, it's worst than spam :-)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Wed Nov 23, 2022 4:09 pm

The documentation says "redirect - replaces the destination port of an IP packet with one specified by to-ports parameter and destination address to one of the router's local addresses". It apparently selects a random address, not necessarily the address of the interface the packet is arriving on. Maybe this behavior has changed.
It could be that your input firewall drops the packet because it does not consider the address acceptable for the interface, or e.g. because you have decided to drop DNS traffic towards "the external address" (instead of: incoming on the external interface).
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 552
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v7.7beta [testing] is released!

Wed Nov 23, 2022 7:23 pm

[cut] ..It could be that your input firewall drops the packet ..[cut]
It's allowed, to be sure I added a specific rule to allow (on top, and the rule was hit and the log reported correctly the query) -> no answer from the local DNS server.
Tomorrow I'll try to downgrade to 7.6 to see if something changes. I'll update if it's relevant.
Thank you all for your help.

UPDATE: I think I've found the problem, not it works. It seems that now, if the packet get marked before the 'redirect', the DNS server ignore the request. Before it wasn't the case; I'll dig deeper but the actual workaround works (in mangle/pre-routing avoid/bypass any packet marking for the specific traffic that will hit a "redirect" in NAT table).
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: v7.7beta [testing] is released!

Wed Nov 23, 2022 9:09 pm

... if the packet get marked before the 'redirect', the DNS server ignore the request.
Not exactly, it's just that routing marks now have maximum priority, so your packets are going to internet instead of to router, see 1) in viewtopic.php?p=956630#p956630
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 552
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v7.7beta [testing] is released!

Wed Nov 23, 2022 9:39 pm

Not exactly, it's just that routing marks now have maximum priority, so your packets are going to internet instead of to router, see 1) in viewtopic.php?p=956630#p956630

You're absolutely correct, that's it!!
I was still debugging and following the logic. So now, my marking rules were not specific enough, I need to add a specific bypass for external destinations that will be redirected becoming local destinations afterwards.

P.S. Sorry rextended, after all ..it was spam :-) Have a nice evening you all, thanks
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v7.7beta [testing] is released!

Thu Nov 24, 2022 2:25 pm

What's new in 7.7beta8 (2022-Nov-23 09:19):

*) branding - fixed identity setting from branding package;
*) bridge - fixed host moving with fast-path;
*) bridge - removed "age" monitoring property from the host table;
*) container - fixed tar extracting;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike2 - improved certificate payload parsing;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - fixed error handling on opening AT control channel;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i <interface>" parameter for Netinstall (CLI Linux);
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added support for IPv6 tunnelling;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) sfp - added 2.5G SFP module support for RB5009;
*) ssh - added support for Ed25519 key exchange;
*) ssh - fixed handling of non standard size RSA keys;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) swos - fixed "allow-from-ports" setting;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - fixed displaying of VRF routes;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
 
dadaniel
Member Candidate
Member Candidate
Posts: 221
Joined: Fri May 14, 2010 11:51 pm

Re: v7.7beta [testing] is released!

Thu Nov 24, 2022 3:06 pm

@emils: Could you please comment if scenario mentioned in SUP-27777 (CAPsMAN layer 3 provisioning rules don't work "out of the box" for new devices in CAPs mode) could be cared of with wifiwave2-CAPsMAN?
 
leosmendes
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Fri Jun 20, 2008 1:03 pm
Location: Brazil
Contact:

Re: v7.7beta [testing] is released!

Thu Nov 24, 2022 3:21 pm

does beta 8 fix the ppp+queue related issue in this thread?
 
User avatar
msilcher
just joined
Posts: 7
Joined: Mon Mar 09, 2009 9:39 pm
Location: Argentina

Re: v7.7beta [testing] is released!

Thu Nov 24, 2022 4:58 pm

Hi, just noticed that on 7.7beta8 my DNS conditional forwarding config via REGEX stopped working. Please advice!
 
User avatar
pothi
newbie
Posts: 47
Joined: Fri Sep 14, 2018 7:48 pm
Location: Srivilliputhur, Tamil Nadu, India
Contact:

Re: v7.7beta [testing] is released!

Thu Nov 24, 2022 5:36 pm

ssh - added support for Ed25519 key exchange;
While I am okay with RSA, I've been waiting for this for a long time to streamline part of my work. Thank you for adding support to ed25519 format.
 
dmfr
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Thu Oct 15, 2020 11:14 am

Re: v7.7beta [testing] is released!

Thu Nov 24, 2022 5:41 pm

Hi, just noticed that on 7.7beta8 my DNS conditional forwarding config via REGEX stopped working. Please advice!
Facing same regression.
add forward-to=10.39.1.51 regexp=".*\\.int\\.mydomain\\.com\$" type=FWD
Above rule non functional on beta8.

Downgraded to 7.7beta6, dns condtional forwarding operates again.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12557
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v7.7beta [testing] is released!

Thu Nov 24, 2022 7:32 pm

Try with this:
(^|\\.)int\\.mydomain\\.com\$
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: v7.7beta [testing] is released!

Thu Nov 24, 2022 7:45 pm

It seems that FWD records don't work at all, same result without regexp:
/ip dns static
add type=FWD name=int.mydomain.com match-subdomain=yes forward-to=10.39.1.51
Log when querying <anything>.int.mydomain.com says "dns name exists, but no appropriate record", and router isn't even trying to query server in forward-to (there are no outgoing packets).
 
haedertowfeq
just joined
Posts: 15
Joined: Thu Nov 19, 2020 5:58 pm

Re: v7.7beta [testing] is released!

Thu Nov 24, 2022 8:18 pm

*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
.
.
.
How to configure this?
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.7beta [testing] is released!

Thu Nov 24, 2022 9:48 pm

*) ssh - added support for Ed25519 key exchange;
But this is key exchange only, which uses curve25519-sha256 now. Is this still work in progress, so we will see support for ed25519 host keys and ed25519 public key authentication later?
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.7beta [testing] is released!

Thu Nov 24, 2022 9:53 pm

*) netwatch - added support for "https-get" type (CLI only);
Thanks a lot for this one, much appreciated! Looks like this brings new options "certificate" and "check-certificate"... What exactly does the former do?

Will have to play with this.
 
chiem
newbie
Posts: 42
Joined: Fri Oct 24, 2014 4:48 pm

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 2:54 am

*) dns - do not query upstream DNS servers for matched regex records;
Please don't? I use regex records to modify AAAA results to ::ffff to essentially disable ipv6 for some addresses (for split tunneling purposes). Or provide an alternate way to do that.
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 3:43 am

I don't want to sound ungrateful, I'm actually happy that something is happening, but these DNS changes are hit and miss. There should be first some solid plan how it should all work, how to make it flexible enough to cover all use cases, and how to get rid of existing inconsistencies (FWDs not working with DoH is well-known for years, but it's not only that, see e.g. first half of this post).
 
cklee234
newbie
Posts: 44
Joined: Tue Sep 29, 2020 6:49 am

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 6:17 am

Previous issues on CAPSMan with start and stop behaviours remain since v7.7beta 6 and 8. Seems it is related to 5G part but anyway the CAPsMan
Last edited by BartoszP on Sat Nov 26, 2022 12:56 am, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart. 30 lines of quote, 1 line of post.
 
riv
newbie
Posts: 31
Joined: Wed Jun 07, 2006 4:16 am

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 7:14 am

VPNV4 still not working
 
cklee234
newbie
Posts: 44
Joined: Tue Sep 29, 2020 6:49 am

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 7:49 am

May need to look at what changes in beta 6 and beta 8 affecting the stability of CAPsMan
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 9:27 am

We have managed to reproduce the issue with FWD regex DNS static entries. We are very sorry for any inconvenience caused. Fix is on the way!
 
User avatar
Ullinator
just joined
Posts: 17
Joined: Tue Jun 08, 2021 12:53 pm
Location: North-West Germany

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 9:49 am

I´ve updated the following devices from 7.7Beta6 to Beta 8 (ROS and FW):
hc_352.jpg
But unfortunatly 2 of the switches (both CRS326-24-G-2S+) reboot unexpected without any obvious reasons.
It is the same behaviour as with Beta6.
I guess it has something to do with L3HW-Offloading, because it´s a similar behaviour as described in my support ticket (SUP-92398)
No special config, only 2 VLANS, IPv4 & IPv6 addresses, connected via SFP+, that´s all.
@MT: if you need additional infos, please give me a notice (here or via eMail)
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 10:43 am

I don't want to sound ungrateful, I'm actually happy that something is happening, but these DNS changes are hit and miss. There should be first some solid plan how it should all work, how to make it flexible enough to cover all use cases, and how to get rid of existing inconsistencies (FWDs not working with DoH is well-known for years, but it's not only that, see e.g. first half of this post).
I fully agree with that! Every change in the DNS resolver breaks something. It is awful. Maybe it is time to ditch the whole thing and start from scratch.
(well, maybe not. we saw how that went with BGP...)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 10:45 am

*) netwatch - added support for "https-get" type (CLI only);
Thanks a lot for this one, much appreciated!
Nice to see you are happy. I would have been happy when they had added a "bfd" type. (I don't see much use for DoS'ing a website from a router...)
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2182
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 10:49 am

Nice to see you are happy. I would have been happy when they had added a "bfd" type. (I don't see much use for DoS'ing a website from a router...)
I still dont understand the request for some hybrid netwatch + bfd combo.

Wouldnt it just be better to have normal BFD ?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 11:02 am

I still dont understand the request for some hybrid netwatch + bfd combo.

Wouldnt it just be better to have normal BFD ?
Yes it would, but all signs indicate that the routing programmer (who is supposed to finish BGP including features like BFD) has left the building, and there is an active programmer working on netwatch. Look at the recent change lists: nothing significant about BGP. BFD is already a "work in progress" for well over a year.
As it is a trivial protocol, and I need it NOW, I would prefer a hacky temporary implementation that could be made available in THIS beta, over waiting yet another undetermined amount of time.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 11:42 am

*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
Now that this is being worked on... Any chance to make FWD entries work with enabled DoH?
 
User avatar
msilcher
just joined
Posts: 7
Joined: Mon Mar 09, 2009 9:39 pm
Location: Argentina

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 12:26 pm

We have managed to reproduce the issue with FWD regex DNS static entries. We are very sorry for any inconvenience caused. Fix is on the way!
Thank you sir!!
 
User avatar
msilcher
just joined
Posts: 7
Joined: Mon Mar 09, 2009 9:39 pm
Location: Argentina

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 12:38 pm

I don't want to sound ungrateful, I'm actually happy that something is happening, but these DNS changes are hit and miss. There should be first some solid plan how it should all work, how to make it flexible enough to cover all use cases, and how to get rid of existing inconsistencies (FWDs not working with DoH is well-known for years, but it's not only that, see e.g. first half of this post).
I completely agree! Mikrotik should shed some light on DNS topics.
Personaly I use DNS FWD a lot and I'd really like to see the option to set more than one "forward-to" address for backup/failover purposes. AFAIK setting up multiple entries doesn't do the job (only the first entry is matched)
 
uCZBpmK6pwoZg7LR
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Mon Jun 15, 2015 12:23 pm

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 1:48 pm

Is it planned to fix BGP propagate? Option do not work for VPN4. VPN4 is completely broken due to it.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2182
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 2:49 pm

Yes it would, but all signs indicate that the routing programmer (who is supposed to finish BGP including features like BFD) has left the building
I don't see any signs of this being the case...

Updates are still happening e.g. VPLS debug messages, OSPF Auth fixes, BGP thread balancing and BGP advertisements print in 7.7beta's
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 3:38 pm

BGP features have been incomplete (relative to 6.49.x) for well over a year now, without any relevant changes except some minor bug fixes.
It looks like sometimes someone is assigned the task of fixing some urgent problem reported by an important customer, but general development is at a standstill.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6762
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 3:47 pm

Cap AC upgraded tot 7.7b8 (for testing)
log file shows default entry for ospf being created
instance { version: 2 router-id: 192.168.99.18 } created

When I go to Route - OSPF, I effectively see something is there.
In tab Area I also see some default backbone (disabled).
I could remove those entries manually.

I seem to recall some similar issue but with BGP (?) in a waaaaay back previous version of ROS7.

Mind you, this device has been netinstalled using ROS7 already in the past so this is not something coming from rogue ROS6 settings.

EDIT: CORRECTION: The device was not yet upgraded to 7.7b8. It's still on 7.7b4.
Will move to 7.7b8 now.
 
Quasar
newbie
Posts: 33
Joined: Sun Oct 05, 2014 1:11 pm

Re: v7.7beta [testing] is released!

Fri Nov 25, 2022 3:51 pm

WiFi on hAP ax² fails for me on v7.7beta8 (it was fine on v7.7beta6).

On both 2.4 GHz and 5 GHz stations try to connect, but fail
disconnected, key handshake timeout, signal strength -42
I would create a ticket, if it wasn't for the fact that MikroTik isn't even answering the one I've had open for a week (SUP-98496) about IGMP misbehaving. Also the reason why I got into this mess in the first place (hoping a beta release would fix things).
 
User avatar
CTassisF
newbie
Posts: 36
Joined: Thu Jun 11, 2020 10:26 pm
Location: São Paulo, Brazil
Contact:

Re: v7.7beta [testing] is released!

Sat Nov 26, 2022 12:31 am

My Samsung Galaxy S22 5G with Snapdragon 8 Gen 1 can't connect to my hAP ac3 running 7.7beta8 with WifiWave2 + WPA3 unless I set sae-pwe=hunting-and-pecking.

I thought this was fixed since v7.6 [stable], it is mentioned in the changelog, but still seems to be broken.

SUP-99820
Last edited by CTassisF on Thu Dec 01, 2022 2:16 pm, edited 1 time in total.
 
jovaf32128
just joined
Posts: 24
Joined: Sun Apr 26, 2020 9:22 pm

Re: v7.7beta [testing] is released!

Sat Nov 26, 2022 2:48 pm

Hap ac3. Try to use 2g chain in station mode and also change MAC several times. Got kernel failure 3 times. Same was on 7.6 stable
 
ahmedelbarbary
just joined
Posts: 19
Joined: Thu Dec 01, 2016 1:23 am

Re: v7.7beta [testing] is released!

Sat Nov 26, 2022 4:33 pm

7.7beta8 looks stable than 7.6 on 750 gr3 as a switch.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3343
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.7beta [testing] is released!

Sat Nov 26, 2022 5:01 pm

Have several 750gr3 running v7.6 having complex configuration without any problem. So it may be your config.
 
ahmedelbarbary
just joined
Posts: 19
Joined: Thu Dec 01, 2016 1:23 am

Re: v7.7beta [testing] is released!

Sat Nov 26, 2022 5:47 pm

Default configuration from official website.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3343
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.7beta [testing] is released!

Sat Nov 26, 2022 6:47 pm

And the problem is what? And what is the Mikrotik support ticket number?
 
hoeser
just joined
Posts: 17
Joined: Wed Jan 13, 2021 5:45 pm

Re: v7.7beta [testing] is released!

Sat Nov 26, 2022 9:03 pm

WiFi on hAP ax² fails for me on v7.7beta8 (it was fine on v7.7beta6).

On both 2.4 GHz and 5 GHz stations try to connect, but fail
disconnected, key handshake timeout, signal strength -42
I would create a ticket, if it wasn't for the fact that MikroTik isn't even answering the one I've had open for a week (SUP-98496) about IGMP misbehaving. Also the reason why I got into this mess in the first place (hoping a beta release would fix things).
+1 for this exact same issue. I was given 2 different alpha builds by support, same issue there as well. key handshake timeout with WPA2 - works with open wireless networks. I am only on the latest branches because running stable just causes my wireless interfaces to randomly disappear until disable/re-enable. I think I just have a bad piece of kit.
 
jhbarrantes
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Wed Aug 21, 2019 2:56 pm

Re: v7.7beta [testing] is released!

Sat Nov 26, 2022 10:11 pm

7.7beta8 totally screwed WiFi on hAP-ax2. Authentication failed for any device, no matter what kind of security you select (wpa2 only, wpa3 only, wpa2 + wpa3, not specify any authenticatio type). Only open wifi with no security seems to work.

Could you please review?

Thanks!
 
nemoforum
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Thu Jan 05, 2017 11:08 pm

Re: v7.7beta [testing] is released!

Sun Nov 27, 2022 12:11 am

>Authentication failed for any device
The same. Have to revert to 7.7beta6
 
User avatar
Maggiore81
Trainer
Trainer
Posts: 600
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: v7.7beta [testing] is released!

Sun Nov 27, 2022 9:27 am

7.7beta8 looks stable than 7.6 on 750 gr3 as a switch.
Hello
what is the concrete data to confirm this?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Sun Nov 27, 2022 12:51 pm

Confirm WHAT? The claim "7.7beta8 looks stable than" is not even clear. LESS stable? MORE stable? it does not tell it.
 
WeWiNet
Long time Member
Long time Member
Posts: 610
Joined: Thu Sep 27, 2018 4:11 pm

Re: v7.7beta [testing] is released!

Sun Nov 27, 2022 11:27 pm

Audience with 7.7beta8 and Wifiwave2, an iPad model 2022 can not connect with WPA3 anymore.
Error message:
authentication rejected, unsuccessful SAE
Need to remove WPA3 and only keep WPA2 to be able to connect.
In ROS7.6, WPA 3 worked.
 
ahmedelbarbary
just joined
Posts: 19
Joined: Thu Dec 01, 2016 1:23 am

Re: v7.7beta [testing] is released!

Mon Nov 28, 2022 6:51 am

Hello
what is the concrete data to confirm this?
Hello
7.6 stable tag port all time go 100 Mbps, reboot everything work fine 1Gbps,while open winbox from my pc disconnected every 1min. this router connected to my main NAT router as a managment switch, main nat 7.6 stable as BNG 7.6 stable, no any config change. the only change is the switch updated 7.7 beta8 from 7.6 stable. i saw speed hits max , some users told that this is perfect,
tag port no down 2 days 1 Gbps.
Last edited by ahmedelbarbary on Mon Nov 28, 2022 7:06 am, edited 3 times in total.
 
ahmedelbarbary
just joined
Posts: 19
Joined: Thu Dec 01, 2016 1:23 am

Re: v7.7beta [testing] is released!

Mon Nov 28, 2022 6:55 am

Confirm WHAT? The claim "7.7beta8 looks stable than" is not even clear. LESS stable? MORE stable? it does not tell it.
i speak about my scenario i don't know yours.
 
User avatar
spippan
Member
Member
Posts: 464
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.7beta [testing] is released!

Mon Nov 28, 2022 9:20 am

what IS your scenario then?? could you provide some more useful information ("/export hide-sensitive" could be a good start for example...?)
Last edited by BartoszP on Mon Nov 28, 2022 6:42 pm, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart. lines of quote, 1 line of post.
 
User avatar
spippan
Member
Member
Posts: 464
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.7beta [testing] is released!

Mon Nov 28, 2022 9:22 am

Hello
what is the concrete data to confirm this?
Hello
7.6 stable tag port all time go 100 Mbps, reboot everything work fine 1Gbps,while open winbox from my pc disconnected every 1min. this router connected to my main NAT router as a managment switch, main nat 7.6 stable as BNG 7.6 stable, no any config change. the only change is the switch updated 7.7 beta8 from 7.6 stable. i saw speed hits max , some users told that this is perfect,
tag port no down 2 days 1 Gbps.
changed the cables? duplex settings okay?
what does the log say?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Mon Nov 28, 2022 11:00 am

Confirm WHAT? The claim "7.7beta8 looks stable than" is not even clear. LESS stable? MORE stable? it does not tell it.
i speak about my scenario i don't know yours.
You speak but you do not provide information. "7.7beta8 looks stable than". What do you mean?
I presume now that you mean: "7.7beta8 looks LESS stable than". Ok. How did you get 7.x installed. Did you upgrade from version 6.x?
If so, have you already done the "/export show-sensitive filename", download file, do a clean netinstall, connect on mac using winbox, and import the file again?
That is often required after a v6->v7 update and then some further 7.x updates. After some time the config database is corrupt and subtle errors appear.
 
User avatar
spippan
Member
Member
Posts: 464
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.7beta [testing] is released!

Mon Nov 28, 2022 11:24 am

After some time the config database is corrupt and subtle errors appear.

wow
didn't know about that one...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Mon Nov 28, 2022 11:30 am

You must be new. It has been mentioned and explained in the release topic MANY times!
Last edited by BartoszP on Mon Nov 28, 2022 6:41 pm, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart.
 
User avatar
spippan
Member
Member
Posts: 464
Joined: Wed Nov 12, 2014 1:00 pm

Re: v7.7beta [testing] is released!

Mon Nov 28, 2022 2:58 pm

well new to frequently checking on the (beta) release forum posts, yes.
new to MT? no
Last edited by BartoszP on Mon Nov 28, 2022 6:41 pm, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart.
 
ahmedelbarbary
just joined
Posts: 19
Joined: Thu Dec 01, 2016 1:23 am

Re: v7.7beta [testing] is released!

Mon Nov 28, 2022 6:25 pm

changed the cables? duplex settings okay?
what does the log say?
yes i replaced the cable nothing change, to avoid this i just reboot every 23H
what is wrong with the release ? as a managment switch untill now its perfect
log says interface down and up 3 or 4 times untill work as 100 Mbps.
maybe 7.7 changelog fixed some errors.
 
ahmedelbarbary
just joined
Posts: 19
Joined: Thu Dec 01, 2016 1:23 am

Re: v7.7beta [testing] is released!

Mon Nov 28, 2022 6:46 pm


You speak but you do not provide information. "7.7beta8 looks stable than". What do you mean?
I presume now that you mean: "7.7beta8 looks LESS stable than". Ok. How did you get 7.x installed. Did you upgrade from version 6.x?
If so, have you already done the "/export show-sensitive filename", download file, do a clean netinstall, connect on mac using winbox, and import the file again?
That is often required after a v6->v7 update and then some further 7.x updates. After some time the config database is corrupt and subtle errors appear.
No V6 update since 7.4 i erased everything and setup again.
i use the default config from Basic VLAN switching the only change is i don't use Ingress filtering on bridge ports table.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v7.7beta [testing] is released!

Mon Nov 28, 2022 7:46 pm

What's new in 7.7beta8 (2022-Nov-23 09:19):
*) w60g - improved system stability for Cube Pro devices;
Has anyone tried it? I don't see any improvement for me
 
elbob2002
Member Candidate
Member Candidate
Posts: 270
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: v7.7beta [testing] is released!

Mon Nov 28, 2022 10:00 pm

changed the cables? duplex settings okay?
what does the log say?
yes i replaced the cable nothing change, to avoid this i just reboot every 23H
what is wrong with the release ? as a managment switch untill now its perfect
log says interface down and up 3 or 4 times untill work as 100 Mbps.
maybe 7.7 changelog fixed some errors.

Just out of curiosity - the device that's plugged into the port that's flapping - What NIC is is?

By any chance is it a Realtek NIC?

Also what is the manufacturer of the device that's in the flapping port?

Reason I'm asking is I am having issues now for a long time with Realtek NICs on Lenovo hardware connected to various Mikrotik devices.

For for example the Realtek NIC in the built in hub in a Lenovo P24h-20 monitors and also the gigabit USB-C NIC supplied with Thinkpad Yoga laptops which also uses a Realtek NIC.
 
ahmedelbarbary
just joined
Posts: 19
Joined: Thu Dec 01, 2016 1:23 am

Re: v7.7beta [testing] is released!

Mon Nov 28, 2022 11:20 pm

the device that connected to the routerboard is UBNT wireless AC, other side is other Device AC and extreme managment switch connected, sever is HP with ethernet Intel connected to main NAT server.
 
User avatar
Maggiore81
Trainer
Trainer
Posts: 600
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: v7.7beta [testing] is released!

Wed Nov 30, 2022 8:35 am

Confirm WHAT? The claim "7.7beta8 looks stable than" is not even clear. LESS stable? MORE stable? it does not tell it.
i speak about my scenario i don't know yours.
Well. a switch is always a switch.
wich is your scenario, wich data do you have to confirm that in your scenario is going better since it is used as a switch?
thank you
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12980
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7beta [testing] is released!

Wed Nov 30, 2022 8:52 am

Well. a switch is always a switch.

Switch has to be configured after power-up. By management entity running on the device. And management entity is prone to errors and bugs, meaning that switch chip can be wrongly configured, which may lead to instability.
 
prague
newbie
Posts: 32
Joined: Tue Sep 25, 2012 10:37 am

Re: v7.7beta [testing] is released!

Wed Nov 30, 2022 10:48 am

What's new in 7.7beta8 (2022-Nov-23 09:19):
*) w60g - improved system stability for Cube Pro devices;
Has anyone tried it? I don't see any improvement for me
Even worse than before. I'm trying CubeG-5ac60ay-SA and CubeG-5ac60ay for ptmp, it's disconnecting like crazy
 
donkeyKong
just joined
Posts: 7
Joined: Sat Aug 13, 2022 1:13 am

Re: v7.7beta [testing] is released!

Wed Nov 30, 2022 1:41 pm

DHCP-client script does not run with version 7.7beta8. A script to log only one option returned by dhcp server does not run, not even a simple log command (e.g. :log error "testing").

Opened ticket SUP-99727
[user@router] > /ip/dhcp-client/export
/ip dhcp-client
add default-route-distance=5 dhcp-options=hostname,clientid,authsend,userclass,vendor-class-identifier interface=vlan832-wan script=":if (\$bound=1) do={\r\
    \n    :local VendorSpecificInfo(\$\"lease-options\"->\"125\")\r\
    \n    :log info \$VendorSpecificInfo\r\
    \n    :log info \"DHCPv4 info: Lease Option 125 (Vendor-Specific) is \$VendorSpecificInfo\"\r\
    \n}" use-peer-dns=no use-peer-ntp=no
Last edited by donkeyKong on Wed Nov 30, 2022 6:20 pm, edited 1 time in total.
 
XaTTa6bl4
just joined
Posts: 18
Joined: Wed Dec 16, 2015 10:53 pm

Re: v7.7beta [testing] is released!

Wed Nov 30, 2022 5:55 pm

OSPF with stub or totally-stub areas
ABR originates the default route to the STUB area, even if the link to the BACKBONE is down. And the setting originate-default=never or originate-default=if-installed in instance does not affect at all...
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7186
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.7beta [testing] is released!

Wed Nov 30, 2022 6:06 pm

Not sure why you think that link to the backbone and originate-default should relate to STUB area.
When you set ABR for the stub area, you are setting the exit point out of the stub area which means that ABR should inject default route (and summaries if configured to do so) into the stub.
 
XaTTa6bl4
just joined
Posts: 18
Joined: Wed Dec 16, 2015 10:53 pm

Re: v7.7beta [testing] is released!

Wed Nov 30, 2022 6:50 pm

Not sure why you think that link to the backbone and originate-default should relate to STUB area.
I am based at the experience of operating the other vendor devices. Examples: HP and Juniper, where it's enabled by default.
Maybe this functionality has not yet been implemented, but it seems to me that in RouterOS 6 it was worked.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7186
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v7.7beta [testing] is released!

Wed Nov 30, 2022 6:53 pm

originate-default generates type5 lsa, which is not flooded to stub areas, this is true for any vendor.
 
XaTTa6bl4
just joined
Posts: 18
Joined: Wed Dec 16, 2015 10:53 pm

Re: v7.7beta [testing] is released!

Wed Nov 30, 2022 7:02 pm

originate-default generates type5 lsa, which is not flooded to stub areas, this is true for any vendor.
please, look at the links at my previous post. I'm talking about functionality, like "active backbone" in JunOS, which enabled there by default (with HP it is responslible by default-route-advertise-always option, which disabled by default).
Junos OS supports active backbone detection. Active backbone detection is implemented to verify that ABRs are connected to the backbone. If the connection to the backbone area is lost, then the routing device’s default metric is not advertised, effectively rerouting traffic through another ABR with a valid connection to the backbone. Active backbone detection enables transit through an ABR with no active backbone connection. An ABR advertises to other routing devices that it is an ABR even if the connection to the backbone is down, so that the neighbors can consider it for interarea routes.
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v7.7beta [testing] is released!

Thu Dec 01, 2022 5:15 am

originate-default generates type5 lsa, which is not flooded to stub areas, this is true for any vendor.
@mrz, could you check my Ticket that has not been reply yet SUP-3085
the problem reported since 2019, regarding BGP vpn4 problem with route calculate/ withdrawn
And the problem still happen in v7

thx
 
chubbs596
Frequent Visitor
Frequent Visitor
Posts: 90
Joined: Fri Dec 06, 2013 6:07 pm

Re: v7.7beta [testing] is released!

Thu Dec 01, 2022 11:06 am

DOM/DDM still not work on my RB760iGS (hex S)
Same for me, I have tried various different sfp modules, that work on V6
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v7.7beta [testing] is released!

Thu Dec 01, 2022 11:23 am

What's new in 7.7beta9 (2022-Nov-30 14:54):

*) bgp - added comment functionality for BGP VPN (CLI only);
*) bluetooth - added unique advertise message filtering;
*) bridge - fixed master port conversion;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike2 - fixed rekey notify creation;
*) interface - do not allow adding invalid "veth" interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) lte - added AT channel support for Telit FN990;
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - increased the maximum value of "rate" for ACL rules;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
 
alibloke
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Fri Jun 03, 2016 12:13 am

Re: v7.7beta [testing] is released!

Thu Dec 01, 2022 12:13 pm

*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;

Could this mean the memory requirement might be lowered in future? Not many MMIPS devices with large amounts of RAM.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Thu Dec 01, 2022 12:25 pm

Probably because of the requirement that the package must be available on the system used to remotely manage other APs... (CAPsMAN)
 
alibloke
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Fri Jun 03, 2016 12:13 am

Re: v7.7beta [testing] is released!

Thu Dec 01, 2022 12:28 pm

Ah yes, probably aimed at the hex devices.
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.7beta [testing] is released!

Thu Dec 01, 2022 12:43 pm

7.7beta9 dns-forwad STOP working
failure: dns name exists, but no appropriate record
downgrade to 7.7beta6 works well
 
Guntis
MikroTik Support
MikroTik Support
Posts: 203
Joined: Fri Jul 20, 2018 1:40 pm

Re: v7.7beta [testing] is released!

Thu Dec 01, 2022 12:56 pm

Just to clarify WifiWave2 package released for other architectures is solely meant for CAPsMAN usage.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v7.7beta [testing] is released!

Thu Dec 01, 2022 1:49 pm

What about wifiwave2 for MIPSBE (hEX PoE)?
 
jhbarrantes
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Wed Aug 21, 2019 2:56 pm

Re: v7.7beta [testing] is released!

Thu Dec 01, 2022 11:27 pm

7.7beta9 dns-forwad STOP working
failure: dns name exists, but no appropriate record
downgrade to 7.7beta6 works well

Same here with a hAP-ax2. I can’t use the router as DNS provider. Router can use its DNS to resolve internet domains, but not clients using router as dns provider.

Wifi issues seems to be resolved however. Don’t understand, as it seems there are no changes on wifiwave2 package, according changelog.

Hope stable version comes without issues after all.

Thx!
 
cklee234
newbie
Posts: 44
Joined: Tue Sep 29, 2020 6:49 am

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 12:25 am

in 7.7 beta 9, the CAPsMan issues still resolved in x86.

*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;

What kinds of wireless cards supported in x86? my R11e-5HacT disappears after adding wifiwave2 package but anyway it still not working in x86

*) x86 - improved igc driver support;
What has included in igc driver?
 
cklee234
newbie
Posts: 44
Joined: Tue Sep 29, 2020 6:49 am

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 12:36 am

Just to clarify WifiWave2 package released for other architectures is solely meant for CAPsMAN usage.
You mean for CAPsMan to control CAP device installed with wifiwave2?

But installing wifiwave2 in x86 will disable the existing local wireless device, but add the menu for wifiwave2
 
fragtion
Member Candidate
Member Candidate
Posts: 269
Joined: Fri Nov 13, 2009 10:08 pm
Location: Cape Town, South Africa

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 1:26 am

Still waiting patiently for fix for container permissions issue which occurs on each upgrade on chr when using native storage instead of secondary disk (SUP-92866). Several beta iterations have passed and still no mention of this... please give this some priority as it is really holding back container adoption on several of my clients projects
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 2:42 am

But installing wifiwave2 in x86 will disable the existing local wireless device, but add the menu for wifiwave2
Yes, so you currently have to choose between your x86 device supporting local wireless interfaces vs. it being able to act as a CAPsMAN for wifiwave2 CAP devices.

In many cases the x86 devices are actually CHRs and a CHR cannot have wireless interfaces to begin with, so installing the wifiwave2 package is no loss there.
 
cklee234
newbie
Posts: 44
Joined: Tue Sep 29, 2020 6:49 am

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 3:24 am

Yes, so you currently have to choose between your x86 device supporting local wireless interfaces vs. it being able to act as a CAPsMAN for wifiwave2 CAP devices.

In many cases the x86 devices are actually CHRs and a CHR cannot have wireless interfaces to begin with, so installing the wifiwave2 package is no loss there.
I am still using hardware x86 which is a tiny one. Besides, there are many faster x86 with intel 225 or 226 ethernet for 2.5GB network. If the update works, it would be wonderful.
 
User avatar
Maggiore81
Trainer
Trainer
Posts: 600
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 7:13 am

Any updates on SUP-95367 ?
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 254
Joined: Thu Nov 05, 2015 12:30 pm

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 9:27 am

What about wifiwave2 for MIPSBE (hEX PoE)?
+1

I have A LOT of these (mipsbe)....
 
elbob2002
Member Candidate
Member Candidate
Posts: 270
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 9:40 am

It's been mentioned somewhere else here before but apparently the 16Mb of flash storage on most MIPSBE devices means there will never be wifiwave2 for those devices. The driver package for ARM is 10MB in size alone!
Last edited by elbob2002 on Fri Dec 02, 2022 9:43 am, edited 1 time in total.
 
User avatar
sch
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Tue Feb 26, 2013 1:05 pm

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 9:42 am

*) x86 - improved igc driver support;
What has included in igc driver?
support for Intel I226 eth controller
 
cklee234
newbie
Posts: 44
Joined: Tue Sep 29, 2020 6:49 am

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 10:11 am

*) x86 - improved igc driver support;
What has included in igc driver?
support for Intel I226 eth controller
Excited.

Let me try at the weekend
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12980
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 10:44 am

It's been mentioned somewhere else here before but apparently the 16Mb of flash storage on most MIPSBE devices means there will never be wifiwave2 for those devices.

Since there are no MIPSBE devices that have wave2 chipsets (not the stock devices anyway), its pretty possible that wifivawe2 package for this architecture (and others mentioned as new architectures earlier) will come without any actual wireless driver. Which will make possible to make such package really small in size (and will make RAM requirements pretty low as well).
 
holvoetn
Forum Guru
Forum Guru
Posts: 6762
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 10:48 am

Currently we're still stuck on requiring 2 different controllers if you have 2 kinds of Wifi-APs.
What would be really interesting is a capsman version able to support both legacy and wifiwave2 radios from the same controller.

But I guess we're moving towards that direction.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 11:15 am

kcarhc, jhbarrantes - Can you please provide a precise example of the DNS forward rule which does not work with 7.7beta9? We can not seem to reproduce this problem with our regular tests.

WW2 support for other architectures besides ARM is provided in this release strictly for CAPsMAN functionality as stated above. It is not provided in order to add wireless functionality to x86 installations or anything else - CAPsMAN for WW2 devices. Unfortunately, at the moment package size remains as it is. We are aware of the request to make the package smaller and we will see what we can do about that in the future but at the moment no promises of when and even if that will be possible.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1352
Joined: Mon Sep 23, 2019 1:04 pm

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 12:38 pm

Wifi issues seems to be resolved however. Don’t understand, as it seems there are no changes on wifiwave2 package, according changelog.
There are changes to two kernel modules: ipq_cnss2.ko and qca_ol.ko, and a tiny change in the ww2 binary, they don't always list everything they change.....
 
dkenguru
just joined
Posts: 2
Joined: Fri Jun 12, 2020 4:55 pm

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 2:45 pm

After 7.7beta 8 devices can't connect to Wi-Fi. 2.4/5Ghz (WPA2/3 PSK). Beta6 works fine. 8 and 9 same problem. On beta9 raspberry pi zero 2 can connect to 2.4Ghz, but after router reboot also can't connect. Smartphone (Pixel 5a, 6a) can see spots, but can't authorize. No settings changes. Rollback to beta6 or 7.6 stable solve the problem.

hAP AX2.
 
paraplu
just joined
Posts: 14
Joined: Fri Sep 18, 2015 9:35 pm

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 7:19 pm

*) l3hw - fixed offloaded NAT for CRS309 switch;
I can confirm that CRS309 seems more stable now and does not require a scheduled L3HW on/off switching anymore.
Also noticed an update in the documentation: max L3HW NAT connections for CRS309 reduced to 3.9K from 4K. Probably related to this fix?
Thank you!
 
kcarhc
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Feb 01, 2018 9:54 am

Re: v7.7beta [testing] is released!

Fri Dec 02, 2022 7:49 pm

@strods, check SUP-99805, SUP-98385, SUP-99151.
 
elbob2002
Member Candidate
Member Candidate
Posts: 270
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: v7.7beta [testing] is released!

Sat Dec 03, 2022 12:43 am

It's been mentioned somewhere else here before but apparently the 16Mb of flash storage on most MIPSBE devices means there will never be wifiwave2 for those devices.

Since there are no MIPSBE devices that have wave2 chipsets (not the stock devices anyway), its pretty possible that wifivawe2 package for this architecture (and others mentioned as new architectures earlier) will come without any actual wireless driver. Which will make possible to make such package really small in size (and will make RAM requirements pretty low as well).

So what? in a world of ARM SoCs it makes it unlikely (although not impossible) that there will be any new MIPSBE Mikrotik devices. And the hEX PoE will still not get a wifiwave2 driver.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12980
Joined: Thu Mar 03, 2016 10:23 pm

Re: v7.7beta [testing] is released!

Sat Dec 03, 2022 11:48 am

So what?

Since you quoted my entire previous post: you managed to completely miss my point. And seems you also missed the point of releasing WW2 package for platforms other than ARM and ARM64.
 
User avatar
tangent
Forum Guru
Forum Guru
Posts: 1656
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: v7.7beta [testing] is released!

Sat Dec 03, 2022 1:01 pm

…unlikely (although not impossible) that there will be any new MIPSBE Mikrotik devices…

The CRS518 was released just this last July on MIPSBE.

Perhaps you meant "no MIPSBE wireless routers"?

However, to the point of this subthread, maybe the goal is to push such devices into the role of CAPSMAN manager nodes, and for some reason they need the WW2 package to do that when managing WW2 wireless gateways. My guess: to get access to the channel maps, to avoid telling the gateways to do something illegal in the local radio regulatory regime.
 
cklee234
newbie
Posts: 44
Joined: Tue Sep 29, 2020 6:49 am

Re: v7.7beta [testing] is released!

Sat Dec 03, 2022 3:02 pm



support for Intel I226 eth controller
Excited.

Let me try at the weekend
yes, it supports intel i225
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7beta [testing] is released!

Sat Dec 03, 2022 11:19 pm

I have been reporting a cosmetic bug since v7.2.1 ( viewtopic.php?p=927171#p927171 ) and it's still present on 7.7beta9. I still can't disable some "Add New" interfaces via skin editors. It seems to work, but logout/login and all the disabled options are there again. Exactly like reported on the 7.2.1 thread.
 
karnauskas
just joined
Posts: 7
Joined: Sat Aug 05, 2017 12:47 am

Re: v7.7beta [testing] is released!

Sun Dec 04, 2022 5:29 am

Looks like Mikrotik Hap Lite is running out of free space to install further updates. What could be improved here apart from buying new hardware?

Screenshot:
https://drive.google.com/file/d/1vb9MUK ... share_link
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3343
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v7.7beta [testing] is released!

Sun Dec 04, 2022 7:47 am

I have been reporting a cosmetic bug since v7.2.1
Do you have a tracking number for the Bug? If not, you have not reportert to MikroTik.
See here on how to:
viewtopic.php?t=152006
 
holvoetn
Forum Guru
Forum Guru
Posts: 6762
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: v7.7beta [testing] is released!

Sun Dec 04, 2022 12:04 pm

Looks like Mikrotik Hap Lite is running out of free space to install further updates. What could be improved here apart from buying new hardware?
It only has 32Mb of RAM, what do you expect ? It has been announced already by MT staff ROS7 is not intented for those devices (even if it may work).
You could try netinstall instead of normal upgrade.
Otherwise the alternative will be to stay on current version of ROS7 or go back to ROS6.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Sun Dec 04, 2022 12:15 pm

Do you have a tracking number for the Bug? If not, you have not reportert to MikroTik.
I have reported many bugs, both here on the forum and via the bug tracking system, and I do not really observe a difference in the chance that they get
resolved and how quick that will happen. I always have the feeling that by reporting it via the tracking system, I am loading their personnel with extra
work that would better be spent on solving bugs. As the tracking system does not allow "public" reports, it must be loaded with duplicates that all have
to be handled and closed.
When MikroTik does not want to scan the release topics to collect bugs reported here, they should have a tracker like Bugzilla that allows open reports
that others can see, add their info to, or take for granted ("it has been reported, no need to do that again").
 
prmfeddema
newbie
Posts: 35
Joined: Sun Aug 23, 2020 1:53 pm

Re: v7.7beta [testing] is released!

Sun Dec 04, 2022 9:39 pm

A number of users (including myself) having a rb5009upr+s+in are reporting problems connecting to Delta Fiber networks in the Netherlands. Not sure if this is due to sfp compatibility or routerOS bugs.
Config issues do not seem to be at play here as the config and sfp module works flawlessly in a HexS.
 
leonardogyn
just joined
Posts: 18
Joined: Wed Dec 04, 2019 4:47 pm

Re: v7.7beta [testing] is released!

Mon Dec 05, 2022 1:01 am

I have been reporting a cosmetic bug since v7.2.1
Do you have a tracking number for the Bug? If not, you have not reportert to MikroTik.
See here on how to:
viewtopic.php?t=152006
No, I don't ... as there are Mikrotik people collecting data here on the forum threads, I haven't reported there yet. While this is a cosmetic bug only, I have been reporting it for quite some time and, to this date, it got no attention at all. Maybe really opening a ticket for it is the next step. Thanks for the orientation!
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v7.7beta [testing] is released!

Mon Dec 05, 2022 10:31 am

Thank you for your reprots. We have managed to reproduce 7.7beta9 DNS type=FWD entry issue and will try to fix it as soon as possible.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v7.7beta [testing] is released!

Mon Dec 05, 2022 10:58 am

Are there any updates on four address mode support in wifiwave2?
 
DenisPDA
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Tue Sep 04, 2018 5:42 pm
Contact:

Re: v7.7beta [testing] is released!

Mon Dec 05, 2022 1:27 pm

What's new in 7.7beta6 (2022-Nov-04 15:59):

*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
Hi all!
Has anyone tried using ChaChaPoly1305 IKEv2?
strongswan customer goes crazy

Log
Dec  5 14:37:23 00[DMN] +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Dec  5 14:37:23 00[DMN] Starting IKE service (strongSwan 5.9.3rc1, Android 13 - NE2213_11_C.22/2022-11-05, NE2213 - OnePlus/NE2213/OnePlus, Linux 5.10.101-android12-9-00018-g39cc9b2386ef-ab9041667, aarch64)
Dec  5 14:37:23 00[LIB] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey chapoly curve25519 pkcs1 pkcs8 pem xcbc hmac socket-default revocation eap-identity eap-mschapv2 eap-md5 eap-gtc eap-tls x509
Dec  5 14:37:23 00[JOB] spawning 16 worker threads
Dec  5 14:37:23 00[LIB] all OCSP validation disabled
Dec  5 14:37:23 00[LIB] all CRL validation disabled
Dec  5 14:37:23 02[CFG] loaded user certificate 'C=EU, L=MO, CN=VPNClient_001' and private key
Dec  5 14:37:23 02[CFG] loaded CA certificate 'C=EU, CN=CA'
Dec  5 14:37:23 02[IKE] initiating IKE_SA android[3] to 11.22.82.83
Dec  5 14:37:23 02[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:23 02[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (716 bytes)
Dec  5 14:37:23 05[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (38 bytes)
Dec  5 14:37:23 05[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Dec  5 14:37:23 05[IKE] peer didn't accept DH group ECP_256, it requested CURVE_25519
Dec  5 14:37:23 05[IKE] initiating IKE_SA android[3] to 11.22.82.83
Dec  5 14:37:23 05[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:23 05[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (684 bytes)
Dec  5 14:37:23 06[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (213 bytes)
Dec  5 14:37:23 06[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) CERTREQ ]
Dec  5 14:37:23 06[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
Dec  5 14:37:23 06[IKE] local host is behind NAT, sending keep alives
Dec  5 14:37:23 06[IKE] sending cert request for "C=EU, CN=CA"
Dec  5 14:37:23 06[IKE] authentication of 'C=EU, L=MO, CN=VPNClient_001' (myself) with RSA signature successful
Dec  5 14:37:23 06[IKE] sending end entity cert "C=EU, L=MO, CN=VPNClient_001"
Dec  5 14:37:23 06[IKE] establishing CHILD_SA android{3}
Dec  5 14:37:23 06[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Dec  5 14:37:23 06[ENC] splitting IKE message (1632 bytes) into 2 fragments
Dec  5 14:37:23 06[ENC] generating IKE_AUTH request 1 [ EF(1/2) ]
Dec  5 14:37:23 06[ENC] generating IKE_AUTH request 1 [ EF(2/2) ]
Dec  5 14:37:23 06[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (1364 bytes)
Dec  5 14:37:23 06[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (340 bytes)
Dec  5 14:37:23 07[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (1252 bytes)
Dec  5 14:37:23 07[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ]
Dec  5 14:37:23 07[ENC] received fragment #1 of 2, waiting for complete IKE message
Dec  5 14:37:23 08[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (484 bytes)
Dec  5 14:37:23 08[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ]
Dec  5 14:37:23 08[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1360 bytes)
Dec  5 14:37:23 08[ENC] parsed IKE_AUTH response 1 [ CERT IDr AUTH CPRP(ADDR MASK SUBNET DNS) TSi TSr SA ]
Dec  5 14:37:23 08[IKE] received end entity cert "C=EU, L=MO, OU=VPN, CN=11.22.82.83"
Dec  5 14:37:23 08[CFG]   using certificate "C=EU, L=MO, OU=VPN, CN=11.22.82.83"
Dec  5 14:37:23 08[CFG]   using tEUsted ca certificate "C=EU, CN=CA"
Dec  5 14:37:23 08[CFG]   reached self-signed root ca with a path length of 0
Dec  5 14:37:23 08[IKE] authentication of '11.22.82.83' with RSA signature successful
Dec  5 14:37:23 08[IKE] IKE_SA android[3] established between 10.98.124.170[C=EU, L=MO, CN=VPNClient_001]...11.22.82.83[11.22.82.83]
Dec  5 14:37:23 08[IKE] scheduling rekeying in 35438s
Dec  5 14:37:23 08[IKE] maximum IKE_SA lifetime 37238s
Dec  5 14:37:23 08[CFG] handling INTERNAL_IP4_NETMASK attribute failed
Dec  5 14:37:23 08[CFG] handling INTERNAL_IP4_SUBNET attribute failed
Dec  5 14:37:23 08[IKE] installing DNS server 172.20.20.254
Dec  5 14:37:23 08[IKE] installing new virtual IP 172.30.30.191
Dec  5 14:37:23 08[CFG] selected proposal: ESP:CHACHA20_POLY1305/NO_EXT_SEQ
Dec  5 14:37:23 08[IKE] CHILD_SA android{3} established with SPIs 67b3410c_i 06728055_o and TS 172.30.30.191/32 === 0.0.0.0/0
Dec  5 14:37:23 08[DMN] setting up TUN device for CHILD_SA android{3}
Dec  5 14:37:23 08[DMN] successfully created TUN device
Dec  5 14:37:23 09[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (240 bytes)
Dec  5 14:37:23 09[ENC] parsed INFORMATIONAL request 0 [ D ]
Dec  5 14:37:23 09[IKE] received DELETE for IKE_SA android[3]
Dec  5 14:37:23 09[IKE] deleting IKE_SA android[3] between 10.98.124.170[C=EU, L=MO, CN=VPNClient_001]...11.22.82.83[11.22.82.83]
Dec  5 14:37:23 09[DMN] setting up TUN device without DNS
Dec  5 14:37:23 09[DMN] successfully created TUN device without DNS
Dec  5 14:37:23 09[IKE] installing new virtual IP 172.30.30.191
Dec  5 14:37:23 09[IKE] restarting CHILD_SA android
Dec  5 14:37:23 09[IKE] initiating IKE_SA android[4] to 11.22.82.83
Dec  5 14:37:23 09[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:23 09[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (716 bytes)
Dec  5 14:37:23 09[IKE] IKE_SA deleted
Dec  5 14:37:23 09[ENC] generating INFORMATIONAL response 0 [ ]
Dec  5 14:37:23 09[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (80 bytes)
Dec  5 14:37:24 02[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (38 bytes)
Dec  5 14:37:24 02[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Dec  5 14:37:24 02[IKE] peer didn't accept DH group ECP_256, it requested CURVE_25519
Dec  5 14:37:24 02[IKE] initiating IKE_SA android[4] to 11.22.82.83
Dec  5 14:37:24 02[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:24 02[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (684 bytes)
Dec  5 14:37:24 04[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (213 bytes)
Dec  5 14:37:24 04[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) CERTREQ ]
Dec  5 14:37:24 04[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
Dec  5 14:37:24 04[IKE] local host is behind NAT, sending keep alives
Dec  5 14:37:24 04[IKE] sending cert request for "C=EU, CN=CA"
Dec  5 14:37:24 04[IKE] authentication of 'C=EU, L=MO, CN=VPNClient_001' (myself) with RSA signature successful
Dec  5 14:37:24 04[IKE] sending end entity cert "C=EU, L=MO, CN=VPNClient_001"
Dec  5 14:37:24 04[IKE] establishing CHILD_SA android{4}
Dec  5 14:37:24 04[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Dec  5 14:37:24 04[ENC] splitting IKE message (1632 bytes) into 2 fragments
Dec  5 14:37:24 04[ENC] generating IKE_AUTH request 1 [ EF(1/2) ]
Dec  5 14:37:24 04[ENC] generating IKE_AUTH request 1 [ EF(2/2) ]
Dec  5 14:37:24 04[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (1364 bytes)
Dec  5 14:37:24 04[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (340 bytes)
Dec  5 14:37:24 03[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (1236 bytes)
Dec  5 14:37:24 03[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ]
Dec  5 14:37:24 03[ENC] received fragment #1 of 2, waiting for complete IKE message
Dec  5 14:37:24 05[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (484 bytes)
Dec  5 14:37:24 05[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ]
Dec  5 14:37:24 05[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1360 bytes)
Dec  5 14:37:24 05[ENC] parsed IKE_AUTH response 1 [ CERT IDr AUTH CPRP(ADDR MASK SUBNET DNS) TSi TSr SA ]
Dec  5 14:37:24 05[IKE] received end entity cert "C=EU, L=MO, OU=VPN, CN=11.22.82.83"
Dec  5 14:37:24 05[CFG]   using certificate "C=EU, L=MO, OU=VPN, CN=11.22.82.83"
Dec  5 14:37:24 05[CFG]   using tEUsted ca certificate "C=EU, CN=CA"
Dec  5 14:37:24 05[CFG]   reached self-signed root ca with a path length of 0
Dec  5 14:37:24 05[IKE] authentication of '11.22.82.83' with RSA signature successful
Dec  5 14:37:24 05[IKE] IKE_SA android[4] established between 10.98.124.170[C=EU, L=MO, CN=VPNClient_001]...11.22.82.83[11.22.82.83]
Dec  5 14:37:24 05[IKE] scheduling rekeying in 35798s
Dec  5 14:37:24 05[IKE] maximum IKE_SA lifetime 37598s
Dec  5 14:37:24 05[CFG] handling INTERNAL_IP4_NETMASK attribute failed
Dec  5 14:37:24 05[CFG] handling INTERNAL_IP4_SUBNET attribute failed
Dec  5 14:37:24 05[IKE] installing DNS server 172.20.20.254
Dec  5 14:37:24 05[IKE] installing new virtual IP 172.30.30.191
Dec  5 14:37:24 05[CFG] selected proposal: ESP:CHACHA20_POLY1305/NO_EXT_SEQ
Dec  5 14:37:24 05[IKE] CHILD_SA android{4} established with SPIs f60c23b1_i 0e07fbf3_o and TS 172.30.30.191/32 === 0.0.0.0/0
Dec  5 14:37:24 05[DMN] setting up TUN device for CHILD_SA android{4}
Dec  5 14:37:24 05[DMN] successfully created TUN device
Dec  5 14:37:24 06[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (224 bytes)
Dec  5 14:37:24 06[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Dec  5 14:37:24 06[IKE] received message ID 1, expected 2, ignored
Dec  5 14:37:24 07[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (224 bytes)
Dec  5 14:37:24 07[ENC] parsed INFORMATIONAL request 0 [ D ]
Dec  5 14:37:24 07[IKE] received DELETE for IKE_SA android[4]
Dec  5 14:37:24 07[IKE] deleting IKE_SA android[4] between 10.98.124.170[C=EU, L=MO, CN=VPNClient_001]...11.22.82.83[11.22.82.83]
Dec  5 14:37:24 07[DMN] setting up TUN device without DNS
Dec  5 14:37:24 07[DMN] successfully created TUN device without DNS
Dec  5 14:37:24 07[IKE] installing new virtual IP 172.30.30.191
Dec  5 14:37:24 07[IKE] restarting CHILD_SA android
Dec  5 14:37:24 07[IKE] initiating IKE_SA android[5] to 11.22.82.83
Dec  5 14:37:24 07[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:24 07[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (716 bytes)
Dec  5 14:37:24 07[IKE] IKE_SA deleted
Dec  5 14:37:24 07[ENC] generating INFORMATIONAL response 0 [ ]
Dec  5 14:37:24 07[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (80 bytes)
Dec  5 14:37:24 08[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (38 bytes)
Dec  5 14:37:24 08[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Dec  5 14:37:24 08[IKE] peer didn't accept DH group ECP_256, it requested CURVE_25519
Dec  5 14:37:24 08[IKE] initiating IKE_SA android[5] to 11.22.82.83
Dec  5 14:37:24 08[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:24 08[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (684 bytes)
Dec  5 14:37:24 10[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (213 bytes)
Dec  5 14:37:24 10[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) CERTREQ ]
Dec  5 14:37:24 10[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
Dec  5 14:37:24 10[IKE] local host is behind NAT, sending keep alives
Dec  5 14:37:24 10[IKE] sending cert request for "C=EU, CN=CA"
Dec  5 14:37:24 10[IKE] authentication of 'C=EU, L=MO, CN=VPNClient_001' (myself) with RSA signature successful
Dec  5 14:37:24 10[IKE] sending end entity cert "C=EU, L=MO, CN=VPNClient_001"
Dec  5 14:37:24 10[IKE] establishing CHILD_SA android{5}
Dec  5 14:37:24 10[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Dec  5 14:37:24 10[ENC] splitting IKE message (1632 bytes) into 2 fragments
Dec  5 14:37:24 10[ENC] generating IKE_AUTH request 1 [ EF(1/2) ]
Dec  5 14:37:24 10[ENC] generating IKE_AUTH request 1 [ EF(2/2) ]
Dec  5 14:37:24 10[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (1364 bytes)
Dec  5 14:37:24 10[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (340 bytes)
Dec  5 14:37:24 09[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (1252 bytes)
Dec  5 14:37:24 09[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ]
Dec  5 14:37:24 09[ENC] received fragment #1 of 2, waiting for complete IKE message
Dec  5 14:37:24 02[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (484 bytes)
Dec  5 14:37:24 02[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ]
Dec  5 14:37:24 02[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1360 bytes)
Dec  5 14:37:24 02[ENC] parsed IKE_AUTH response 1 [ CERT IDr AUTH CPRP(ADDR MASK SUBNET DNS) TSi TSr SA ]
Dec  5 14:37:24 02[IKE] received end entity cert "C=EU, L=MO, OU=VPN, CN=11.22.82.83"
Dec  5 14:37:24 02[CFG]   using certificate "C=EU, L=MO, OU=VPN, CN=11.22.82.83"
Dec  5 14:37:24 02[CFG]   using tEUsted ca certificate "C=EU, CN=CA"
Dec  5 14:37:24 02[CFG]   reached self-signed root ca with a path length of 0
Dec  5 14:37:24 02[IKE] authentication of '11.22.82.83' with RSA signature successful
Dec  5 14:37:24 02[IKE] IKE_SA android[5] established between 10.98.124.170[C=EU, L=MO, CN=VPNClient_001]...11.22.82.83[11.22.82.83]
Dec  5 14:37:24 02[IKE] scheduling rekeying in 35468s
Dec  5 14:37:24 02[IKE] maximum IKE_SA lifetime 37268s
Dec  5 14:37:24 02[CFG] handling INTERNAL_IP4_NETMASK attribute failed
Dec  5 14:37:24 02[CFG] handling INTERNAL_IP4_SUBNET attribute failed
Dec  5 14:37:24 02[IKE] installing DNS server 172.20.20.254
Dec  5 14:37:24 02[IKE] installing new virtual IP 172.30.30.191
Dec  5 14:37:24 02[CFG] selected proposal: ESP:CHACHA20_POLY1305/NO_EXT_SEQ
Dec  5 14:37:24 02[IKE] CHILD_SA android{5} established with SPIs 7a502d3d_i 05629929_o and TS 172.30.30.191/32 === 0.0.0.0/0
Dec  5 14:37:24 02[DMN] setting up TUN device for CHILD_SA android{5}
Dec  5 14:37:24 02[DMN] successfully created TUN device
Dec  5 14:37:24 04[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (224 bytes)
Dec  5 14:37:24 04[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Dec  5 14:37:24 04[IKE] received message ID 1, expected 2, ignored
Dec  5 14:37:24 03[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (240 bytes)
Dec  5 14:37:24 03[ENC] parsed INFORMATIONAL request 0 [ D ]
Dec  5 14:37:24 03[IKE] received DELETE for IKE_SA android[5]
Dec  5 14:37:24 03[IKE] deleting IKE_SA android[5] between 10.98.124.170[C=EU, L=MO, CN=VPNClient_001]...11.22.82.83[11.22.82.83]
Dec  5 14:37:24 03[DMN] setting up TUN device without DNS
Dec  5 14:37:24 03[DMN] successfully created TUN device without DNS
Dec  5 14:37:24 03[IKE] installing new virtual IP 172.30.30.191
Dec  5 14:37:24 03[IKE] restarting CHILD_SA android
Dec  5 14:37:24 03[IKE] initiating IKE_SA android[6] to 11.22.82.83
Dec  5 14:37:24 03[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:24 03[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (716 bytes)
Dec  5 14:37:24 03[IKE] IKE_SA deleted
Dec  5 14:37:24 03[ENC] generating INFORMATIONAL response 0 [ ]
Dec  5 14:37:24 03[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (80 bytes)
Dec  5 14:37:24 11[DMN] reading from TUN device failed: Invalid argument
Dec  5 14:37:24 06[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (38 bytes)
Dec  5 14:37:24 06[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Dec  5 14:37:24 06[IKE] peer didn't accept DH group ECP_256, it requested CURVE_25519
Dec  5 14:37:24 06[IKE] initiating IKE_SA android[6] to 11.22.82.83
Dec  5 14:37:24 06[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:24 06[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (684 bytes)
Dec  5 14:37:25 07[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (213 bytes)
Dec  5 14:37:25 07[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) CERTREQ ]
Dec  5 14:37:25 07[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
Dec  5 14:37:25 07[IKE] local host is behind NAT, sending keep alives
Dec  5 14:37:25 07[IKE] sending cert request for "C=EU, CN=CA"
Dec  5 14:37:25 07[IKE] authentication of 'C=EU, L=MO, CN=VPNClient_001' (myself) with RSA signature successful
Dec  5 14:37:25 07[IKE] sending end entity cert "C=EU, L=MO, CN=VPNClient_001"
Dec  5 14:37:25 07[IKE] establishing CHILD_SA android{6}
Dec  5 14:37:25 07[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Dec  5 14:37:25 07[ENC] splitting IKE message (1632 bytes) into 2 fragments
Dec  5 14:37:25 07[ENC] generating IKE_AUTH request 1 [ EF(1/2) ]
Dec  5 14:37:25 07[ENC] generating IKE_AUTH request 1 [ EF(2/2) ]
Dec  5 14:37:25 07[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (1364 bytes)
Dec  5 14:37:25 07[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (340 bytes)
Dec  5 14:37:25 08[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (1204 bytes)
Dec  5 14:37:25 08[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ]
Dec  5 14:37:25 08[ENC] received fragment #1 of 2, waiting for complete IKE message
Dec  5 14:37:25 10[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (468 bytes)
Dec  5 14:37:25 10[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ]
Dec  5 14:37:25 10[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1360 bytes)
Dec  5 14:37:25 10[ENC] parsed IKE_AUTH response 1 [ CERT IDr AUTH CPRP(ADDR MASK SUBNET DNS) TSi TSr SA ]
Dec  5 14:37:25 10[IKE] received end entity cert "C=EU, L=MO, OU=VPN, CN=11.22.82.83"
Dec  5 14:37:25 10[CFG]   using certificate "C=EU, L=MO, OU=VPN, CN=11.22.82.83"
Dec  5 14:37:25 10[CFG]   using tEUsted ca certificate "C=EU, CN=CA"
Dec  5 14:37:25 10[CFG]   reached self-signed root ca with a path length of 0
Dec  5 14:37:25 10[IKE] authentication of '11.22.82.83' with RSA signature successful
Dec  5 14:37:25 10[IKE] IKE_SA android[6] established between 10.98.124.170[C=EU, L=MO, CN=VPNClient_001]...11.22.82.83[11.22.82.83]
Dec  5 14:37:25 10[IKE] scheduling rekeying in 35623s
Dec  5 14:37:25 10[IKE] maximum IKE_SA lifetime 37423s
Dec  5 14:37:25 10[CFG] handling INTERNAL_IP4_NETMASK attribute failed
Dec  5 14:37:25 10[CFG] handling INTERNAL_IP4_SUBNET attribute failed
Dec  5 14:37:25 10[IKE] installing DNS server 172.20.20.254
Dec  5 14:37:25 10[IKE] installing new virtual IP 172.30.30.191
Dec  5 14:37:25 10[CFG] selected proposal: ESP:CHACHA20_POLY1305/NO_EXT_SEQ
Dec  5 14:37:25 10[IKE] CHILD_SA android{6} established with SPIs 7b8f15cb_i 06dd7bf6_o and TS 172.30.30.191/32 === 0.0.0.0/0
Dec  5 14:37:25 10[DMN] setting up TUN device for CHILD_SA android{6}
Dec  5 14:37:25 10[DMN] successfully created TUN device
Dec  5 14:37:25 09[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (288 bytes)
Dec  5 14:37:25 09[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Dec  5 14:37:25 09[IKE] received message ID 1, expected 2, ignored
Dec  5 14:37:25 02[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (288 bytes)
Dec  5 14:37:25 02[ENC] parsed INFORMATIONAL request 0 [ D ]
Dec  5 14:37:25 02[IKE] received DELETE for IKE_SA android[6]
Dec  5 14:37:25 02[IKE] deleting IKE_SA android[6] between 10.98.124.170[C=EU, L=MO, CN=VPNClient_001]...11.22.82.83[11.22.82.83]
Dec  5 14:37:25 02[DMN] setting up TUN device without DNS
Dec  5 14:37:25 02[DMN] successfully created TUN device without DNS
Dec  5 14:37:25 02[IKE] installing new virtual IP 172.30.30.191
Dec  5 14:37:25 02[IKE] restarting CHILD_SA android
Dec  5 14:37:25 02[IKE] initiating IKE_SA android[7] to 11.22.82.83
Dec  5 14:37:25 02[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:25 02[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (716 bytes)
Dec  5 14:37:25 02[IKE] IKE_SA deleted
Dec  5 14:37:25 02[ENC] generating INFORMATIONAL response 0 [ ]
Dec  5 14:37:25 02[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (80 bytes)
Dec  5 14:37:25 04[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (38 bytes)
Dec  5 14:37:25 04[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Dec  5 14:37:25 04[IKE] peer didn't accept DH group ECP_256, it requested CURVE_25519
Dec  5 14:37:25 04[IKE] initiating IKE_SA android[7] to 11.22.82.83
Dec  5 14:37:25 04[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:25 04[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (684 bytes)
Dec  5 14:37:25 03[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (213 bytes)
Dec  5 14:37:25 03[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) CERTREQ ]
Dec  5 14:37:25 03[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
Dec  5 14:37:25 03[IKE] local host is behind NAT, sending keep alives
Dec  5 14:37:25 03[IKE] sending cert request for "C=EU, CN=CA"
Dec  5 14:37:25 03[IKE] authentication of 'C=EU, L=MO, CN=VPNClient_001' (myself) with RSA signature successful
Dec  5 14:37:25 03[IKE] sending end entity cert "C=EU, L=MO, CN=VPNClient_001"
Dec  5 14:37:25 03[IKE] establishing CHILD_SA android{7}
Dec  5 14:37:25 03[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Dec  5 14:37:25 03[ENC] splitting IKE message (1632 bytes) into 2 fragments
Dec  5 14:37:25 03[ENC] generating IKE_AUTH request 1 [ EF(1/2) ]
Dec  5 14:37:25 03[ENC] generating IKE_AUTH request 1 [ EF(2/2) ]
Dec  5 14:37:25 03[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (1364 bytes)
Dec  5 14:37:25 03[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (340 bytes)
Dec  5 14:37:25 07[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (1220 bytes)
Dec  5 14:37:25 07[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ]
Dec  5 14:37:25 07[ENC] received fragment #1 of 2, waiting for complete IKE message
Dec  5 14:37:25 08[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (436 bytes)
Dec  5 14:37:25 08[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ]
Dec  5 14:37:25 08[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1360 bytes)
Dec  5 14:37:25 08[ENC] parsed IKE_AUTH response 1 [ CERT IDr AUTH CPRP(ADDR MASK SUBNET DNS) TSi TSr SA ]
Dec  5 14:37:25 08[IKE] received end entity cert "C=EU, L=MO, OU=VPN, CN=11.22.82.83"
Dec  5 14:37:25 08[CFG]   using certificate "C=EU, L=MO, OU=VPN, CN=11.22.82.83"
Dec  5 14:37:25 08[CFG]   using tEUsted ca certificate "C=EU, CN=CA"
Dec  5 14:37:25 08[CFG]   reached self-signed root ca with a path length of 0
Dec  5 14:37:25 08[IKE] authentication of '11.22.82.83' with RSA signature successful
Dec  5 14:37:25 08[IKE] IKE_SA android[7] established between 10.98.124.170[C=EU, L=MO, CN=VPNClient_001]...11.22.82.83[11.22.82.83]
Dec  5 14:37:25 08[IKE] scheduling rekeying in 35556s
Dec  5 14:37:25 08[IKE] maximum IKE_SA lifetime 37356s
Dec  5 14:37:25 08[CFG] handling INTERNAL_IP4_NETMASK attribute failed
Dec  5 14:37:25 08[CFG] handling INTERNAL_IP4_SUBNET attribute failed
Dec  5 14:37:25 08[IKE] installing DNS server 172.20.20.254
Dec  5 14:37:25 08[IKE] installing new virtual IP 172.30.30.191
Dec  5 14:37:25 08[CFG] selected proposal: ESP:CHACHA20_POLY1305/NO_EXT_SEQ
Dec  5 14:37:25 08[IKE] CHILD_SA android{7} established with SPIs 13b61b1d_i 0c4bf340_o and TS 172.30.30.191/32 === 0.0.0.0/0
Dec  5 14:37:25 08[DMN] setting up TUN device for CHILD_SA android{7}
Dec  5 14:37:25 08[DMN] successfully created TUN device
Dec  5 14:37:25 10[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (288 bytes)
Dec  5 14:37:25 10[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Dec  5 14:37:25 10[IKE] received message ID 1, expected 2, ignored
Dec  5 14:37:25 09[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (240 bytes)
Dec  5 14:37:25 09[ENC] parsed INFORMATIONAL request 0 [ D ]
Dec  5 14:37:25 09[IKE] received DELETE for IKE_SA android[7]
Dec  5 14:37:25 09[IKE] deleting IKE_SA android[7] between 10.98.124.170[C=EU, L=MO, CN=VPNClient_001]...11.22.82.83[11.22.82.83]
Dec  5 14:37:25 09[DMN] setting up TUN device without DNS
Dec  5 14:37:25 09[DMN] successfully created TUN device without DNS
Dec  5 14:37:25 09[IKE] installing new virtual IP 172.30.30.191
Dec  5 14:37:25 09[IKE] restarting CHILD_SA android
Dec  5 14:37:25 09[IKE] initiating IKE_SA android[8] to 11.22.82.83
Dec  5 14:37:25 09[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:25 09[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (716 bytes)
Dec  5 14:37:25 09[IKE] IKE_SA deleted
Dec  5 14:37:25 09[ENC] generating INFORMATIONAL response 0 [ ]
Dec  5 14:37:25 09[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (80 bytes)
Dec  5 14:37:25 04[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (38 bytes)
Dec  5 14:37:25 04[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Dec  5 14:37:25 04[IKE] peer didn't accept DH group ECP_256, it requested CURVE_25519
Dec  5 14:37:25 04[IKE] initiating IKE_SA android[8] to 11.22.82.83
Dec  5 14:37:25 04[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:25 04[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (684 bytes)
Dec  5 14:37:25 03[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (213 bytes)
Dec  5 14:37:25 03[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) CERTREQ ]
Dec  5 14:37:25 03[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
Dec  5 14:37:25 03[IKE] local host is behind NAT, sending keep alives
Dec  5 14:37:25 03[IKE] sending cert request for "C=EU, CN=CA"
Dec  5 14:37:25 03[IKE] authentication of 'C=EU, L=MO, CN=VPNClient_001' (myself) with RSA signature successful
Dec  5 14:37:25 03[IKE] sending end entity cert "C=EU, L=MO, CN=VPNClient_001"
Dec  5 14:37:25 03[IKE] establishing CHILD_SA android{8}
Dec  5 14:37:25 03[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Dec  5 14:37:25 03[ENC] splitting IKE message (1632 bytes) into 2 fragments
Dec  5 14:37:25 03[ENC] generating IKE_AUTH request 1 [ EF(1/2) ]
Dec  5 14:37:25 03[ENC] generating IKE_AUTH request 1 [ EF(2/2) ]
Dec  5 14:37:25 03[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (1364 bytes)
Dec  5 14:37:25 03[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (340 bytes)
Dec  5 14:37:26 07[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (1252 bytes)
Dec  5 14:37:26 07[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ]
Dec  5 14:37:26 07[ENC] received fragment #1 of 2, waiting for complete IKE message
Dec  5 14:37:26 08[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (436 bytes)
Dec  5 14:37:26 08[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ]
Dec  5 14:37:26 08[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1360 bytes)
Dec  5 14:37:26 08[ENC] parsed IKE_AUTH response 1 [ CERT IDr AUTH CPRP(ADDR MASK SUBNET DNS) TSi TSr SA ]
Dec  5 14:37:26 08[IKE] received end entity cert "C=EU, L=MO, OU=VPN, CN=11.22.82.83"
Dec  5 14:37:26 08[CFG]   using certificate "C=EU, L=MO, OU=VPN, CN=11.22.82.83"
Dec  5 14:37:26 08[CFG]   using tEUsted ca certificate "C=EU, CN=CA"
Dec  5 14:37:26 08[CFG]   reached self-signed root ca with a path length of 0
Dec  5 14:37:26 08[IKE] authentication of '11.22.82.83' with RSA signature successful
Dec  5 14:37:26 08[IKE] IKE_SA android[8] established between 10.98.124.170[C=EU, L=MO, CN=VPNClient_001]...11.22.82.83[11.22.82.83]
Dec  5 14:37:26 08[IKE] scheduling rekeying in 35582s
Dec  5 14:37:26 08[IKE] maximum IKE_SA lifetime 37382s
Dec  5 14:37:26 08[CFG] handling INTERNAL_IP4_NETMASK attribute failed
Dec  5 14:37:26 08[CFG] handling INTERNAL_IP4_SUBNET attribute failed
Dec  5 14:37:26 08[IKE] installing DNS server 172.20.20.254
Dec  5 14:37:26 08[IKE] installing new virtual IP 172.30.30.191
Dec  5 14:37:26 08[CFG] selected proposal: ESP:CHACHA20_POLY1305/NO_EXT_SEQ
Dec  5 14:37:26 08[IKE] CHILD_SA android{8} established with SPIs 90e80b99_i 04d25577_o and TS 172.30.30.191/32 === 0.0.0.0/0
Dec  5 14:37:26 08[DMN] setting up TUN device for CHILD_SA android{8}
Dec  5 14:37:26 08[DMN] successfully created TUN device
Dec  5 14:37:26 10[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (272 bytes)
Dec  5 14:37:26 10[ENC] parsed INFORMATIONAL request 0 [ D ]
Dec  5 14:37:26 10[IKE] received DELETE for IKE_SA android[8]
Dec  5 14:37:26 10[IKE] deleting IKE_SA android[8] between 10.98.124.170[C=EU, L=MO, CN=VPNClient_001]...11.22.82.83[11.22.82.83]
Dec  5 14:37:26 10[DMN] setting up TUN device without DNS
Dec  5 14:37:26 11[DMN] reading from TUN device failed: Invalid argument
Dec  5 14:37:26 10[DMN] successfully created TUN device without DNS
Dec  5 14:37:26 10[IKE] installing new virtual IP 172.30.30.191
Dec  5 14:37:26 10[IKE] restarting CHILD_SA android
Dec  5 14:37:26 10[IKE] initiating IKE_SA android[9] to 11.22.82.83
Dec  5 14:37:26 10[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:26 10[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (716 bytes)
Dec  5 14:37:26 10[IKE] IKE_SA deleted
Dec  5 14:37:26 10[ENC] generating INFORMATIONAL response 0 [ ]
Dec  5 14:37:26 10[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (80 bytes)
Dec  5 14:37:26 03[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (38 bytes)
Dec  5 14:37:26 03[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Dec  5 14:37:26 03[IKE] peer didn't accept DH group ECP_256, it requested CURVE_25519
Dec  5 14:37:26 03[IKE] initiating IKE_SA android[9] to 11.22.82.83
Dec  5 14:37:26 03[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:26 03[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (684 bytes)
Dec  5 14:37:26 05[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (213 bytes)
Dec  5 14:37:26 05[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) CERTREQ ]
Dec  5 14:37:26 05[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
Dec  5 14:37:26 05[IKE] local host is behind NAT, sending keep alives
Dec  5 14:37:26 05[IKE] sending cert request for "C=EU, CN=CA"
Dec  5 14:37:26 05[IKE] authentication of 'C=EU, L=MO, CN=VPNClient_001' (myself) with RSA signature successful
Dec  5 14:37:26 05[IKE] sending end entity cert "C=EU, L=MO, CN=VPNClient_001"
Dec  5 14:37:26 05[IKE] establishing CHILD_SA android{9}
Dec  5 14:37:26 05[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Dec  5 14:37:26 05[ENC] splitting IKE message (1632 bytes) into 2 fragments
Dec  5 14:37:26 05[ENC] generating IKE_AUTH request 1 [ EF(1/2) ]
Dec  5 14:37:26 05[ENC] generating IKE_AUTH request 1 [ EF(2/2) ]
Dec  5 14:37:26 05[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (1364 bytes)
Dec  5 14:37:26 05[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (340 bytes)
Dec  5 14:37:26 07[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (1252 bytes)
Dec  5 14:37:26 07[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ]
Dec  5 14:37:26 07[ENC] received fragment #1 of 2, waiting for complete IKE message
Dec  5 14:37:26 08[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (452 bytes)
Dec  5 14:37:26 08[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ]
Dec  5 14:37:26 08[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1360 bytes)
Dec  5 14:37:26 08[ENC] parsed IKE_AUTH response 1 [ CERT IDr AUTH CPRP(ADDR MASK SUBNET DNS) TSi TSr SA ]
Dec  5 14:37:26 08[IKE] received end entity cert "C=EU, L=MO, OU=VPN, CN=11.22.82.83"
Dec  5 14:37:26 08[CFG]   using certificate "C=EU, L=MO, OU=VPN, CN=11.22.82.83"
Dec  5 14:37:26 08[CFG]   using tEUsted ca certificate "C=EU, CN=CA"
Dec  5 14:37:26 08[CFG]   reached self-signed root ca with a path length of 0
Dec  5 14:37:26 08[IKE] authentication of '11.22.82.83' with RSA signature successful
Dec  5 14:37:26 08[IKE] IKE_SA android[9] established between 10.98.124.170[C=EU, L=MO, CN=VPNClient_001]...11.22.82.83[11.22.82.83]
Dec  5 14:37:26 08[IKE] scheduling rekeying in 35580s
Dec  5 14:37:26 08[IKE] maximum IKE_SA lifetime 37380s
Dec  5 14:37:26 08[CFG] handling INTERNAL_IP4_NETMASK attribute failed
Dec  5 14:37:26 08[CFG] handling INTERNAL_IP4_SUBNET attribute failed
Dec  5 14:37:26 08[IKE] installing DNS server 172.20.20.254
Dec  5 14:37:26 08[IKE] installing new virtual IP 172.30.30.191
Dec  5 14:37:26 08[CFG] selected proposal: ESP:CHACHA20_POLY1305/NO_EXT_SEQ
Dec  5 14:37:26 08[IKE] CHILD_SA android{9} established with SPIs 000a4816_i 0ebe8640_o and TS 172.30.30.191/32 === 0.0.0.0/0
Dec  5 14:37:26 08[DMN] setting up TUN device for CHILD_SA android{9}
Dec  5 14:37:26 08[DMN] successfully created TUN device
Dec  5 14:37:26 09[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (256 bytes)
Dec  5 14:37:26 09[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Dec  5 14:37:26 09[IKE] received message ID 1, expected 2, ignored
Dec  5 14:37:26 02[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (256 bytes)
Dec  5 14:37:26 02[ENC] parsed INFORMATIONAL request 0 [ D ]
Dec  5 14:37:26 02[IKE] received DELETE for IKE_SA android[9]
Dec  5 14:37:26 02[IKE] deleting IKE_SA android[9] between 10.98.124.170[C=EU, L=MO, CN=VPNClient_001]...11.22.82.83[11.22.82.83]
Dec  5 14:37:26 02[DMN] setting up TUN device without DNS
Dec  5 14:37:26 02[DMN] successfully created TUN device without DNS
Dec  5 14:37:26 02[IKE] installing new virtual IP 172.30.30.191
Dec  5 14:37:26 02[IKE] restarting CHILD_SA android
Dec  5 14:37:26 02[IKE] initiating IKE_SA android[10] to 11.22.82.83
Dec  5 14:37:26 02[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:26 02[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (716 bytes)
Dec  5 14:37:26 02[IKE] IKE_SA deleted
Dec  5 14:37:26 02[ENC] generating INFORMATIONAL response 0 [ ]
Dec  5 14:37:26 02[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (80 bytes)
Dec  5 14:37:26 03[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (38 bytes)
Dec  5 14:37:26 03[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Dec  5 14:37:26 03[IKE] peer didn't accept DH group ECP_256, it requested CURVE_25519
Dec  5 14:37:26 03[IKE] initiating IKE_SA android[10] to 11.22.82.83
Dec  5 14:37:26 03[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:26 03[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (684 bytes)
Dec  5 14:37:26 05[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (213 bytes)
Dec  5 14:37:26 05[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) CERTREQ ]
Dec  5 14:37:26 05[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
Dec  5 14:37:26 05[IKE] local host is behind NAT, sending keep alives
Dec  5 14:37:26 05[IKE] sending cert request for "C=EU, CN=CA"
Dec  5 14:37:26 05[IKE] authentication of 'C=EU, L=MO, CN=VPNClient_001' (myself) with RSA signature successful
Dec  5 14:37:26 05[IKE] sending end entity cert "C=EU, L=MO, CN=VPNClient_001"
Dec  5 14:37:26 05[IKE] establishing CHILD_SA android{10}
Dec  5 14:37:26 05[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Dec  5 14:37:26 05[ENC] splitting IKE message (1632 bytes) into 2 fragments
Dec  5 14:37:26 05[ENC] generating IKE_AUTH request 1 [ EF(1/2) ]
Dec  5 14:37:26 05[ENC] generating IKE_AUTH request 1 [ EF(2/2) ]
Dec  5 14:37:26 05[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (1364 bytes)
Dec  5 14:37:26 05[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (340 bytes)
Dec  5 14:37:26 10[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (1204 bytes)
Dec  5 14:37:26 10[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ]
Dec  5 14:37:26 10[ENC] received fragment #1 of 2, waiting for complete IKE message
Dec  5 14:37:26 08[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (484 bytes)
Dec  5 14:37:26 08[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ]
Dec  5 14:37:26 08[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1360 bytes)
Dec  5 14:37:26 08[ENC] parsed IKE_AUTH response 1 [ CERT IDr AUTH CPRP(ADDR MASK SUBNET DNS) TSi TSr SA ]
Dec  5 14:37:26 08[IKE] received end entity cert "C=EU, L=MO, OU=VPN, CN=11.22.82.83"
Dec  5 14:37:26 08[CFG]   using certificate "C=EU, L=MO, OU=VPN, CN=11.22.82.83"
Dec  5 14:37:26 08[CFG]   using tEUsted ca certificate "C=EU, CN=CA"
Dec  5 14:37:26 08[CFG]   reached self-signed root ca with a path length of 0
Dec  5 14:37:26 08[IKE] authentication of '11.22.82.83' with RSA signature successful
Dec  5 14:37:26 08[IKE] IKE_SA android[10] established between 10.98.124.170[C=EU, L=MO, CN=VPNClient_001]...11.22.82.83[11.22.82.83]
Dec  5 14:37:26 08[IKE] scheduling rekeying in 35460s
Dec  5 14:37:26 08[IKE] maximum IKE_SA lifetime 37260s
Dec  5 14:37:26 08[CFG] handling INTERNAL_IP4_NETMASK attribute failed
Dec  5 14:37:26 08[CFG] handling INTERNAL_IP4_SUBNET attribute failed
Dec  5 14:37:26 08[IKE] installing DNS server 172.20.20.254
Dec  5 14:37:26 08[IKE] installing new virtual IP 172.30.30.191
Dec  5 14:37:26 08[CFG] selected proposal: ESP:CHACHA20_POLY1305/NO_EXT_SEQ
Dec  5 14:37:26 08[IKE] CHILD_SA android{10} established with SPIs 4acf13d5_i 0f64529b_o and TS 172.30.30.191/32 === 0.0.0.0/0
Dec  5 14:37:26 08[DMN] setting up TUN device for CHILD_SA android{10}
Dec  5 14:37:26 08[DMN] successfully created TUN device
Dec  5 14:37:26 09[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (256 bytes)
Dec  5 14:37:26 09[ENC] parsed INFORMATIONAL request 0 [ D ]
Dec  5 14:37:26 09[IKE] received DELETE for IKE_SA android[10]
Dec  5 14:37:26 09[IKE] deleting IKE_SA android[10] between 10.98.124.170[C=EU, L=MO, CN=VPNClient_001]...11.22.82.83[11.22.82.83]
Dec  5 14:37:26 09[DMN] setting up TUN device without DNS
Dec  5 14:37:27 09[DMN] successfully created TUN device without DNS
Dec  5 14:37:27 09[IKE] installing new virtual IP 172.30.30.191
Dec  5 14:37:27 09[IKE] restarting CHILD_SA android
Dec  5 14:37:27 09[IKE] initiating IKE_SA android[11] to 11.22.82.83
Dec  5 14:37:27 09[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:27 09[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (716 bytes)
Dec  5 14:37:27 09[IKE] IKE_SA deleted
Dec  5 14:37:27 09[ENC] generating INFORMATIONAL response 0 [ ]
Dec  5 14:37:27 09[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (80 bytes)
Dec  5 14:37:27 03[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (38 bytes)
Dec  5 14:37:27 03[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Dec  5 14:37:27 03[IKE] peer didn't accept DH group ECP_256, it requested CURVE_25519
Dec  5 14:37:27 03[IKE] initiating IKE_SA android[11] to 11.22.82.83
Dec  5 14:37:27 03[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 14:37:27 03[NET] sending packet: from 10.98.124.170[43482] to 11.22.82.83[500] (684 bytes)
Dec  5 14:37:27 11[DMN] reading from TUN device failed: Invalid argument
Dec  5 14:37:27 06[NET] received packet: from 11.22.82.83[500] to 10.98.124.170[43482] (213 bytes)
Dec  5 14:37:27 06[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) CERTREQ ]
Dec  5 14:37:27 06[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
Dec  5 14:37:27 06[IKE] local host is behind NAT, sending keep alives
Dec  5 14:37:27 06[IKE] sending cert request for "C=EU, CN=CA"
Dec  5 14:37:27 06[IKE] authentication of 'C=EU, L=MO, CN=VPNClient_001' (myself) with RSA signature successful
Dec  5 14:37:27 06[IKE] sending end entity cert "C=EU, L=MO, CN=VPNClient_001"
Dec  5 14:37:27 06[IKE] establishing CHILD_SA android{11}
Dec  5 14:37:27 06[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Dec  5 14:37:27 06[ENC] splitting IKE message (1632 bytes) into 2 fragments
Dec  5 14:37:27 06[ENC] generating IKE_AUTH request 1 [ EF(1/2) ]
Dec  5 14:37:27 06[ENC] generating IKE_AUTH request 1 [ EF(2/2) ]
Dec  5 14:37:27 06[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (1364 bytes)
Dec  5 14:37:27 06[NET] sending packet: from 10.98.124.170[40540] to 11.22.82.83[4500] (340 bytes)
Dec  5 14:37:27 09[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (256 bytes)
Dec  5 14:37:27 09[ENC] parsed INFORMATIONAL request 0 [ D ]
Dec  5 14:37:27 09[IKE] ignoring INFORMATIONAL in IKE_SA state CONNECTING
Dec  5 14:37:27 09[NET] received packet: from 11.22.82.83[4500] to 10.98.124.170[40540] (256 bytes)
Dec  5 14:37:27 09[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Dec  5 14:37:27 09[IKE] received AUTHENTICATION_FAILED notify error
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 4324
Joined: Sun May 01, 2016 7:12 pm
Location: California
Contact:

Re: v7.7beta [testing] is released!

Mon Dec 05, 2022 4:28 pm

What's new in 7.7beta9 (2022-Nov-30 14:54):
*) disk - improved external storage file system mounting, formatting and naming;
Should I expect the file system on RouterOS to go from using "disk1" to "sata1-part1" as the "root" directory name?

Background: I think there is some regression in this from 7.7beta8. I had a bash script on Mac that was uploading files using `scp`, that stopped working after going to 7.7beta9. Upon inspection, on a RB1100+dude I was using, the file system changed from using "disk1" to "sata1-part1". After changing the path, `scp` started working.

But I wasn't expecting "renaming" of the file system, this will have side-effects in other scripts I'm sure. So curious if this is a bug, or the change in file system directory names is expected/needed in future? e.g. I personally like the clarity of the name, instead of "disk1", but the release note wasn't quite telling... e.g. renaming everything path on the device "randomly on upgrade" wasn't expected here based on "improved external storage".

Some clarity on this particular RN be helpful.

I hadn't looked at /disk in a long time, but here is what /disk looks like after upgrade to 7.7beta9:
/disk/print detail 
Flags: X - disabled, E - empty, M - mounted, F - formatting; 
f - raid-member-failed; r - raid-member; p - partition; m - manual-partition; 
o - read-only 
 0        slot="sata1" slot-default="sata1" parent=none device="sda" 
          model="FORESEE 64GB SSD" serial="I31214J003472" fw-version="V3.24" 
          size=64 023 257 088 interface="SATA 6.0 Gbps" interface-speed=6.0Gbps 
          raid-master=none nvme-tcp-export=no iscsi-export=no nfs-export=no 
          smb-export=no 

 1 M  p   slot="sata1-part1" slot-default="sata1-part1" parent=sata1 
          device="sda1" uuid="2a20d81d-1b436fbd-ac8bee92-bd0022b2" fs=ext4 
          serial="@512-64017354240" size=64 017 353 728 free=56 592 363 520 
          partition-number=1 partition-offset=512 partition-size=64 017 353 728 
          raid-master=none nvme-tcp-export=no iscsi-export=no nfs-export=no 
          smb-export=no 
[code]
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v7.7beta [testing] is released!

Mon Dec 05, 2022 5:29 pm

I would expect that this "new naming scheme" is seen as an improvement, and you have to live with it for once.
Sequentially assigning names like "disk1" probably caused problems for others, e.g. when they plugged in a USB stick and rebooted.

Who is online

Users browsing this forum: No registered users and 5 guests