Re: v7.2 is released!
Posted: Sun Apr 10, 2022 7:12 pm
Yes you are right hEX in v7 unstable, interfaces down and up, pppoe all time disconnect
Page 2 of 2
Re: v7.2 is released!
Posted: Sun Apr 10, 2022 8:36 pm
Chateau 5G upgraded successfully
Re: v7.2 is released!
Posted: Sun Apr 10, 2022 10:11 pm
Too many issues with my L2TP/IPSec connections. Remote endpoints pings but I cannot connect to them (get timeout). Next day after a reboot I saw error on Phase 2 IPSec negotiations and all VPNs were down.
DHCP static lease also broke so I lost local LAN routing to a L3 switch.
Sorry, too many issues and bugs (in top of others) that I had to pull off my RB5009 and put my old hEX S with version 6.49.5 and downgrade my remote hEX S as well to version 6.49.5 to get stability and VPNs working normally. I will try again the RB5009 with version 7.1.5 with a script to fix the IPSec identities issue as work around.
I don't see this version Stable enough and I am holding any testing or upgrading other routers until there is a version that is really stable.
I am so annoyed and disappointed.
DHCP static lease also broke so I lost local LAN routing to a L3 switch.
Sorry, too many issues and bugs (in top of others) that I had to pull off my RB5009 and put my old hEX S with version 6.49.5 and downgrade my remote hEX S as well to version 6.49.5 to get stability and VPNs working normally. I will try again the RB5009 with version 7.1.5 with a script to fix the IPSec identities issue as work around.
I don't see this version Stable enough and I am holding any testing or upgrading other routers until there is a version that is really stable.
I am so annoyed and disappointed.
Re: v7.2 is released!
Posted: Sun Apr 10, 2022 10:25 pm
After upgrading from V7.1.5 to V7.2 on my RB5009 I'm getting the following message on System - RouterBOARD option:
Warning: cpu not running at default frequency
Maurício
Warning: cpu not running at default frequency
Maurício
Re: v7.2 is released!
Posted: Sun Apr 10, 2022 10:31 pm
Mikrotik forgot to disable the warning it seems. Maybe next time... ;-)
Re: v7.2 is released!
Posted: Sun Apr 10, 2022 11:13 pm
Echoing the experience. Upgraded from 7.1.5 to 7.2 and some OpenVPN clients using AES on some routers are broken. It does not matter which AES cipher is chosen... none of them work with OpenVPN after the upgrade.OpenVPN client broken with AES-256-CBC since upgraded to RouterOS 7.2 (from 7.1.5), switching to Blowfish 128 works.
I sent the following information to Mikrotik support:
Code: Select all
Subject: RouterOS 7.2 - OpenVPN client with AES appears broken on some routers
OpenVPN client with AES appears to be broken on some routers in RouterOS 7.2. Configs worked just fine prior to upgrade from 7.1.5. Client logs show connecting… disconnected… connecting… disconnect… but no error message. Logs on OpenVPN server (also Mikrotik devices) show no errors. Setting cipher on client and server to blowfish128 will allow tunnel to connect and stay connected. Issue appears only with AES on the following routers:
MMIPS (RB750Gr3, RB760iGS) – OpenVPN AES client FAILED
ARM (RB4011iGS+) – OpenVPN client with AES WORKED
CHR – OpenVPN client with AES WORKED
MIPSBE - OpenVPN client with AES WORKED
POWERPC (RB1200) – OpenVPN client with AES WORKED
TILE (CCR1009-7G-1C-1S+) – OpenVPN client with AES WORKED
Original notes:
Started to test RouterOS 7.2 last night. Upgraded my home office router first (RouterBOARD 750G r3 s/n 6F3806195642) from 7.1.5 to 7.2. This router has several production VPN client connections of various types (L2TP/IPSEC, OpenVPN, SSTP, and Wireguard) to remote Mikrotik devices of various types.
My L2TP/IPSEC, SSTP, and Wireguard client connections worked properly after the upgrade, but my OpenVPN connections would not connect. Two of these were OpenVPN TCP client to RouterOS 7.1.5 CHR instances and one to a Mikrotik 760iGS running 6.49.5. If I use any of the AES ciphers, the connections just bounce (connected… disconnected… connected… disconnected…) with no error messages. If I set the cipher to blowfish128, the OpenVPN clients connect and operate properly.
I then upgraded some other test routers from 7.1.5 to 7.2: two CHR instances, an old RB1200, and an RB760iGS.
• The CHR instances have no problems to other RouterOS OpenVPN servers regardless of protocol (tcp or udp) and cipher.
• The RB1200 and the RB760iGS routers both fail in the same way my home office router fails. Switching the cipher to blowfish128 allows the VPNs to work.
It appears that there is some sort of issue with the OpenVPN AES cipher on certain RouterOS devices in 7.2
As a last test, I took a fresh RB760iGS router out of the box, upgraded it to 7.2, factory reset the config again (no-defaults=yes) added my test VPN configuration, and created the attached supout.rif file.
Please let me know if I can provide any additional information
4/11/2022 Edit: Mikrotik support confirms there is an issue that is affecting the mmips based routers with OpenVPN AES and says it will be resolved in the next release. 🤞
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 1:10 am
home user here:
most of my devices upgraded with no issues, devices upgraded include
1x RB3011
2x RBLHG-2nD
2x RBLHG-5HPnD
1x RB931-2nD (hAP mini)
2x RB960PGS (hEX poe)
1x RBmAP2n
1x RB952Ui-5ac2nD (hAP ac lite)
the one device I attempted upgrading that failed was a RBD52G-5HacD2HnD (hAP ac2), "not enough space for upgrade"
thankfully, its a very basic config (just a wireless AP with all ports bridged) so I plan to netinstall later and just reconfigure from memory.
I have some other devices planned for upgrade later, including, among others, a hEX poe lite, RB4011 (with wireless), and a CRS226-24g-2s+rm
most of my devices upgraded with no issues, devices upgraded include
1x RB3011
2x RBLHG-2nD
2x RBLHG-5HPnD
1x RB931-2nD (hAP mini)
2x RB960PGS (hEX poe)
1x RBmAP2n
1x RB952Ui-5ac2nD (hAP ac lite)
the one device I attempted upgrading that failed was a RBD52G-5HacD2HnD (hAP ac2), "not enough space for upgrade"
thankfully, its a very basic config (just a wireless AP with all ports bridged) so I plan to netinstall later and just reconfigure from memory.
I have some other devices planned for upgrade later, including, among others, a hEX poe lite, RB4011 (with wireless), and a CRS226-24g-2s+rm
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 2:48 am
Simple Queues now don’t immediately break IPv6 (thank you!) however… enabling them causes the router to become slow-to-unresponsive in about 60 seconds (RB750GR3). Only quickly logging in via terminal (webfig is unresponsive) to disable the simple queue rescues it.
edit: Reading the other thread viewtopic.php?p=925637#p925637 and it may be Cake, rather than the Simple Queue. Currently using a Simple Queue with fqcodel and not yet seeing an issue.
edit: Reading the other thread viewtopic.php?p=925637#p925637 and it may be Cake, rather than the Simple Queue. Currently using a Simple Queue with fqcodel and not yet seeing an issue.
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 10:04 am
I realize that MPLS L3VPNs in RouterOS 7 are still under development, but will it be possible to route VXLAN via a VRF using the mangle, e.g.
where VXLAN is the name of the VRF and 1.1.1.1 is the loopback address of the router?
I get the response 22 (Invalid argument) when I try to ping 2.2.2.2 in RouterOS 7.2.
Alternatively, would it be possible to use /routing rule?
Code: Select all
/ip firewall mangle
chain=output action=mark-routing new-routing-mark=VXLAN src-address=1.1.1.1 dst-address=2.2.2.2I get the response 22 (Invalid argument) when I try to ping 2.2.2.2 in RouterOS 7.2.
Alternatively, would it be possible to use /routing rule?
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 10:21 am
Just upgraded on my RB750GR3 and winbox does not open on Windows 10. Lucky the web interface still works fine.
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 10:23 am
Upgrade winbox to 3.35.Just upgraded on my RB750GR3 and winbox does not open on Windows 10. Lucky the web interface still works fine.
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 10:24 am
Terminal is not working for me. Cannot copy paste anything, but i can write normally. On paste try, only characters are showing.......
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 10:54 am
Did you read the manual?Terminal is not working for me. Cannot copy paste anything, but i can write normally. On paste try, only characters are showing.......
How are you pasting? With Ctrl-V? THAT DOES NOT WORK!
You need to paste with Right-mouse-button and then Paste from the menu.
I think there is a keyboard shortcut for it but it is NOT Ctrl-V, the industry standard. That used to be "toggle Hotlock mode" which is now F7.
It is all ridiculous, I know...
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 11:24 am
What are you talking about? CTRL+C and CTRL+V works in WinBox terminal. SSH/Telnet depends on the actual terminal software you are using.
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 11:29 am
This topic is a mess, 90% is out of OP...
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 11:31 am
90.1% now.
Wait, 90.2%
Wait, 90.2%
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 11:36 am
It works but the sequencing is killing. It does not recognize in what status the terminal is.
Paste code and pause, seeing errors. Correct code in external editor and copy. In Terminal press CTRL-c (break), then the clip-board with just copied corrected code is empty.
Paste code and pause, seeing errors. Correct code in external editor and copy. In Terminal press CTRL-c (break), then the clip-board with just copied corrected code is empty.
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 11:45 am
For problems about WinBox, please use the right topic:
If nothing is selected, why CTRL+C clean the clipboard?...
CTRL+C used for stop the script or instruction...
viewtopic.php?p=925701#p925701
If nothing is selected, why CTRL+C clean the clipboard?...
CTRL+C used for stop the script or instruction...
viewtopic.php?p=925701#p925701
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 11:48 am
Oh it has been changed again? I rarely use it because it is so confusing. I'm sure it did not work before.What are you talking about? CTRL+C and CTRL+V works in WinBox terminal.
At least it is fortunate that it does not "toggle Hotlock" anymore. That whole feature should be removed, it is not useful at all.
(for this to be useful it would have to "eat" any matching characters after it has expanded a word, e.g. when typing "ping" in Hotlock mode it should expand pi to ping but then when you type an n it should not make that "ping n" but it should just ignore the n)
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 11:52 am
Here you can find the list of terminal keys
https://help.mikrotik.com/docs/display/ ... ListofKeys
https://help.mikrotik.com/docs/display/ ... ListofKeys
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 11:53 am
Missing: (RouterOS 7.2.1 and WinBox 3.35 64 bit)
Control-C without selection: keyboard interrupt and also EMPTY THE CLIPBOARD
Control-C with something inside terminal selected: copy that on clipboard
Control-V paste the clipboard inside the terminal (if compatible contents)
Control-C without selection: keyboard interrupt and also EMPTY THE CLIPBOARD
Control-C with something inside terminal selected: copy that on clipboard
Control-V paste the clipboard inside the terminal (if compatible contents)
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 11:55 am
As an alternative, you can use CTRL+INS / SHIFT+INS for copy/pasting in Winbox terminal.
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 11:56 am
or mouse right click 
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 11:57 am
But the problem still persist: Control-C without selection EMPTY THE CLIPBOARD
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 12:00 pm
In a terminal, CTRL+C is the interrupt command and should not be used as a copy (despite it is working in some cases).But the problem still persist: Control-C without selection EMPTY THE CLIPBOARD
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 12:00 pm
i do all with mouse, both select & copy and paste, but if I interrupt the script or empty the current line with CTRL+C, I lost the script inside the clipboard, and I must go to copy again the script...
for be clear: I do not want use CTRL+ something for do copy & paste, I hope only than "copy" is removed from CTRL+C operation....
I use CTRL+C only for stop script or clear input line
for be clear: I do not want use CTRL+ something for do copy & paste, I hope only than "copy" is removed from CTRL+C operation....
I use CTRL+C only for stop script or clear input line
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 12:28 pm
There is a difference between "what keys does the commandline interface interpret" and "what keys can be used in terminal".Here you can find the list of terminal keys
https://help.mikrotik.com/docs/display/ ... ListofKeys
That is already obvious because the keys being discussed here are (rightfully) not in that document.
Furthermore, can I suggest that all support for "Hotlock mode" be removed from any new release of RouterOS made from today?
Poll: has anyone here ever made useful use of "Hotlock mode" (the commandline feature where it automatically expands words as soon as they are unique within the current context)?
Has anyone used Hotlock mode except when enabling it by mistake, and questioning whether the router has gone insane when pasting text?
Does anyone think this feature has to be retained in the state it is now?
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 1:47 pm
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 1:49 pm
I've never used it (except by mistakenly hitting ctrl+v in terminal), nor I've ever needed it.Poll: has anyone here ever made useful use of "Hotlock mode" (the commandline feature where it automatically expands words as soon as they are unique within the current context)?
Has anyone used Hotlock mode except when enabling it by mistake, and questioning whether the router has gone insane when pasting text?
Does anyone think this feature has to be retained in the state it is now?
It is indeed confusing. I don't know how it behaves nowadays since I've learned to use shift+ins for pasting into terminal (any terminal - not just ROS).
If "hotlock mode" was removed, I wouldn't miss it.
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 1:52 pm
For terminal use
Ctrl + Insert - copy
Shift + Insert - paste
Ctrl + Insert - copy
Shift + Insert - paste
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 1:52 pm
Yes, a 10 megabyte file downloading at dial-up speed. Same for me. I can envision a 30 year old PC hooked up to a US Robotics 28.8k modem sitting in the corner of an office serving firmware update files. :)90.1% now.
Wait, 90.2%
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 2:00 pm
already wroted, nothing new,For terminal use
Ctrl + Insert - copy
Shift + Insert - paste
the point is ctrl+c used for break script, ALSO delete clipboard.
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 2:12 pm
@pe1chl I understand that reading is overrated, but please look once more at the manual I provided above. hot lock mode is enabled by F7 for quite some time now (not by ctrl+v).
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 3:55 pm
@mrz @normis next release please fix vxlan mac changing after every reboot.
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 4:02 pm
I know that has changed, but that does not mean hotlock mode is now suddenly useful, doesn't it?@pe1chl I understand that reading is overrated, but please look once more at the manual I provided above. hot lock mode is enabled by F7 for quite some time now (not by ctrl+v).
Why is it not simply REMOVED? Or fixed so that it becomes useful?
The "my router is suddenly haunted" reports keep coming in, apparently people hit random keys and still are able to enter hotlock mode.
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 4:08 pm
can you elaborate further on what should be fixed for hot lock mode? AFAIK it is not broken, and it is not causing any trouble to anyone especially now when ctrl+v no longer enables this mode.
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 4:11 pm
sorry if I insist, ctrl-v no longer cause problems, but add "copy to clipboard, also if nothing is selected" to ctrl-c,
a command used for interrupt something or start a "fresh" line on terminal, is ungraceful....
a command used for interrupt something or start a "fresh" line on terminal, is ungraceful....
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 4:23 pm
IMHO what is broken is that when it has expanded a certain word (e.g. you type pi and it expands it to ping) it also adds a space and the next input you type is added as new input.can you elaborate further on what should be fixed for hot lock mode? AFAIK it is not broken, and it is not causing any trouble to anyone especially now when ctrl+v no longer enables this mode.
In a properly working hotlock mode, it would only expand the pi to ping but it would not add the space, and when the user now types n and g it would just "eat" that (knowing it has expanded pi to ping) and wait for the user to type a space to indicate they want to move on to the next word.
As it is now, hotlock mode modifies input and causes e.g. pasted correct input to be made incorrect.
Do you know ANY user who can work in hotlock mode without constantly watching the screen to make sure it does not do anything unexpected? And who actually uses that, instead of using TAB to make predictable expansions when required?
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 4:48 pm
Is that related to the above, i.e. to IPv6? Because for me GRE/IPsec tunnels that transport IPv4 over IPv4 work OK in v7.2.As others have reported previously, GRE-IPSec tunnels are not working well in 7.x. I had no performance issues with them in 6.x, but they are extremely slow in 7.x.
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 5:03 pm
Hi.
in the current release there is a problem with dot1x (mac/dot1x) authentication and dynamic vlan assignment with usermanager as radius server. The same settings were successfully tested with RouterOS release 7.1.5(CHR_x86), but in the current release 7.2 (CHR_x86) the setup fails.
RouterOS sends multiple radius requests, always gets Access-Accept from usermanager, but it fails to unblock the port and assignment to the vlan as untagged port.
Demo Config used to reproduce the problem
Best Regards
in the current release there is a problem with dot1x (mac/dot1x) authentication and dynamic vlan assignment with usermanager as radius server. The same settings were successfully tested with RouterOS release 7.1.5(CHR_x86), but in the current release 7.2 (CHR_x86) the setup fails.
RouterOS sends multiple radius requests, always gets Access-Accept from usermanager, but it fails to unblock the port and assignment to the vlan as untagged port.
Demo Config used to reproduce the problem
Code: Select all
# apr/11/2022 16:06:40 by RouterOS 7.2
# software id =
#
/interface bridge
add ingress-filtering=no name=bridgeLocal protocol-mode=none vlan-filtering=yes
/interface vlan
add interface=bridgeLocal name=vlan200 vlan-id=200
/interface bridge port
add bridge=bridgeLocal frame-types=admit-only-untagged-and-priority-tagged interface=ether3
/ip pool
add name=pool_vlan200 ranges=10.200.0.10-10.200.0.254
/ip dhcp-server
add address-pool=pool_vlan200 interface=vlan200 lease-time=1h name=dhcp_vlan200
/user-manager user
add attributes=Tunnel-Private-Group-ID:200,Tunnel-Medium-Type:6,Tunnel-Type:13 name=00:0C:29:16:E1:B7
/interface bridge vlan
add bridge=bridgeLocal tagged=bridgeLocal vlan-ids=200
/interface dot1x server
add auth-types=mac-auth interface=ether3
/ip address
add address=10.200.0.1/24 interface=vlan200 network=10.200.0.0
/ip dhcp-server network
add address=10.200.0.0/24 dns-server=10.200.0.1 gateway=10.200.0.1 netmask=24
/ip dns
set allow-remote-requests=yes
/radius
add address=127.0.0.1 service=hotspot,ipsec,dot1x src-address=127.0.0.1
/radius incoming
set accept=yes
/system logging
add topics=manager
add topics=dot1x
/user-manager
set enabled=yes
/user-manager router
add address=127.0.0.1 name=local
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 5:12 pm
he.net tunnels are working ok in 7.2. Make sure your endpoint address matches your current public address (tunnelbroker.net), it is not updated automatically. Always use the cli to add routes. Winbox route menu is still buggy af, don't know about webfig.
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 5:39 pm
Doing anything with routes in Webfig has been broken in 7.x for a long time (which is really frustrating since I browse into RouterOS from my Macs or iPhone when Winbox (Mac) or a terminal (iPhone) are often not convenient or available). Until I started deploying 7-only devices, I had no need for Winbox.
As mentioned, CLI is best place to view them for now; I believe they work OK in Winbox.
As mentioned, CLI is best place to view them for now; I believe they work OK in Winbox.
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 7:10 pm
winbox.exe is a portable executable that easily runs under wine on both Linux and Mac.Winbox is not an option for me as it's Mac and Linux only here.
Just download it and type "wine winbox.exe".
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 8:49 pm
or wine64 winbox64.exe
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 9:04 pm
How to install Winbox on MacOS
1. Follow the Mikrotik install instructions: Run Winbox on macOS. You can install Wine64 using brew: "$ brew --cask install wine-stable"
2. Create a start icon using the "Script Editor" with the Apple-script code below and save it as type Application in /Applications/Winbox.
3. Download and copy the 64 bit version of Winbox (winbox64.exe) to /Applications/Winbox.app/Contents/MacOS
4 Start "System Preferences -> Security & Privacy -> Privacy -> Developer Tools" and add /Applications/Winbox
1. Follow the Mikrotik install instructions: Run Winbox on macOS. You can install Wine64 using brew: "$ brew --cask install wine-stable"
2. Create a start icon using the "Script Editor" with the Apple-script code below and save it as type Application in /Applications/Winbox.
Code: Select all
on run
do shell script "/usr/local/bin/wine64 /Applications/Winbox.app/Contents/MacOS/winbox64.exe"
end run 3. Download and copy the 64 bit version of Winbox (winbox64.exe) to /Applications/Winbox.app/Contents/MacOS
4 Start "System Preferences -> Security & Privacy -> Privacy -> Developer Tools" and add /Applications/Winbox
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 11:05 pm
This CRS354-48G-4S+2Q+ feels a little cold (-274 degrees Celsius).
Only a copper pigtail cable is present in one SFP+ port, which has no temperature to report.
It is a Mellanox MCP2104-X01AB cable.
EDIT: I am not sure if this problem is Router OS 7.2 specific, but I just noticed it the first time after upgrading.
Only a copper pigtail cable is present in one SFP+ port, which has no temperature to report.
It is a Mellanox MCP2104-X01AB cable.
Code: Select all
/system/health> print
Columns: NAME, VALUE, TYPE
# NAME VALUE TYPE
0 temperature -274 C
1 cpu-temperature 61 C
2 sfp-temperature -274 C
3 fan1-speed 5550 RPM
4 fan2-speed 5445 RPM
5 fan3-speed 5610 RPM
6 board-temperature1 44 C
7 board-temperature2 27 C
8 psu1-state ok
9 psu2-state ok
Re: v7.2 is released!
Posted: Mon Apr 11, 2022 11:38 pm
7.2 on CCR2004-1G-12S+2XS
PIM-SM still does not work.
I will be submitting an FBI tip.
PIM-SM still does not work.
I will be submitting an FBI tip.
Re: v7.2 is released!
Posted: Tue Apr 12, 2022 12:09 am
I found this! When command is typed there is pcap file on disc that is saved. Downloaded on computer and read with a pcap reader (wireshark in my case)Just upgraded CCR2004-16G-2S+ / Overall OK
BGP Prefix Count still 0
*) bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set); even that i set output.keep-sent-attributes=yes still no info on commandThere are 2 BGP PeersCode: Select all[username@identity] > routing/bgp/session/dump-saved-advertisements numbers: 1 [username@identity] > routing/bgp/session/dump-saved-advertisements numbers: 0
Re: v7.2 is released!
Posted: Tue Apr 12, 2022 7:22 am
Simple Queues now don’t immediately break IPv6 (thank you!) however… enabling them causes the router to become slow-to-unresponsive in about 60 seconds (RB750GR3). Only quickly logging in via terminal (webfig is unresponsive) to disable the simple queue rescues it.
edit: Reading the other thread viewtopic.php?p=925637#p925637 and it may be Cake, rather than the Simple Queue. Currently using a Simple Queue with fqcodel and not yet seeing an issue.
Just to update, Simple Queues with IPv6 and fq-codel are working fine for the past 24 hours. This is most welcome news.
Re: v7.2 is released!
Posted: Tue Apr 12, 2022 9:43 am
On paste i get this now........or mouse right click :)
if u cant paste, writing from begin is time painful
Re: v7.2 is released!
Posted: Tue Apr 12, 2022 12:05 pm
@Note
Can you share your mangle
Or at least ,Qos DSCP
I have 2WAN in loadbalance
Can you share your mangle
Or at least ,Qos DSCP
I have 2WAN in loadbalance
Re: v7.2 is released!
Posted: Tue Apr 12, 2022 9:57 pm
I lost Winbox connectivity after I upgraded my CCR2216. I am using Winbox for MAC 3.30. I could see the router in my neighbors list, and could connect to it. When I tried to login with the default login username and password, the Winbox session simply disappeared. I upgrade a router before I even create a username and password.
Re: v7.2 is released!
Posted: Tue Apr 12, 2022 10:22 pm
I am using Winbox for MAC 3.30.
Winbox 3.35 should be fine.
L3VPN Filters Don't Work
Posted: Wed Apr 13, 2022 4:55 am
Applying an export filter to a VRF results in no routes being distributed.
Code: Select all
/routing filter rule
chain=DISTRIBUTE rule="accept"
/routing bgp vpn
export-filter=DISTRIBUTERe: v7.2 is released!
Posted: Wed Apr 13, 2022 9:47 am
BIG problem!!Echoing the experience. Upgraded from 7.1.5 to 7.2 and some OpenVPN clients using AES on some routers are broken. It does not matter which AES cipher is chosen... none of them work with OpenVPN after the upgrade.OpenVPN client broken with AES-256-CBC since upgraded to RouterOS 7.2 (from 7.1.5), switching to Blowfish 128 works.
I sent the following information to Mikrotik support:
Code: Select allSubject: RouterOS 7.2 - OpenVPN client with AES appears broken on some routers OpenVPN client with AES appears to be broken on some routers in RouterOS 7.2. Configs worked just fine prior to upgrade from 7.1.5. Client logs show connecting… disconnected… connecting… disconnect… but no error message. Logs on OpenVPN server (also Mikrotik devices) show no errors. Setting cipher on client and server to blowfish128 will allow tunnel to connect and stay connected. Issue appears only with AES on the following routers: MMIPS (RB750Gr3, RB760iGS) – OpenVPN AES client FAILED ARM (RB4011iGS+) – OpenVPN client with AES WORKED CHR – OpenVPN client with AES WORKED MIPSBE - OpenVPN client with AES WORKED POWERPC (RB1200) – OpenVPN client with AES WORKED TILE (CCR1009-7G-1C-1S+) – OpenVPN client with AES WORKED Original notes: Started to test RouterOS 7.2 last night. Upgraded my home office router first (RouterBOARD 750G r3 s/n 6F3806195642) from 7.1.5 to 7.2. This router has several production VPN client connections of various types (L2TP/IPSEC, OpenVPN, SSTP, and Wireguard) to remote Mikrotik devices of various types. My L2TP/IPSEC, SSTP, and Wireguard client connections worked properly after the upgrade, but my OpenVPN connections would not connect. Two of these were OpenVPN TCP client to RouterOS 7.1.5 CHR instances and one to a Mikrotik 760iGS running 6.49.5. If I use any of the AES ciphers, the connections just bounce (connected… disconnected… connected… disconnected…) with no error messages. If I set the cipher to blowfish128, the OpenVPN clients connect and operate properly. I then upgraded some other test routers from 7.1.5 to 7.2: two CHR instances, an old RB1200, and an RB760iGS. • The CHR instances have no problems to other RouterOS OpenVPN servers regardless of protocol (tcp or udp) and cipher. • The RB1200 and the RB760iGS routers both fail in the same way my home office router fails. Switching the cipher to blowfish128 allows the VPNs to work. It appears that there is some sort of issue with the OpenVPN AES cipher on certain RouterOS devices in 7.2 As a last test, I took a fresh RB760iGS router out of the box, upgraded it to 7.2, factory reset the config again (no-defaults=yes) added my test VPN configuration, and created the attached supout.rif file. Please let me know if I can provide any additional information
4/11/2022 Edit: Mikrotik support confirms there is an issue that is affecting the mmips based routers with OpenVPN AES and says it will be resolved in the next release. 🤞
maybe before a stable release first to churn out, which is tested well, thankful that I stopped with the updates of the other devices
Re: v7.2 is released!
Posted: Wed Apr 13, 2022 10:01 am
Have had 3 random reboots after updating my RB2011UiAS-2HnD from 7.1.5 to 7.2.
I've never had this problem before, so I went back to 7.1.5 for now.
I've never had this problem before, so I went back to 7.1.5 for now.
Re: v7.2 is released!
Posted: Wed Apr 13, 2022 10:18 am
You can get it from here..........@Note
Can you share your mangle
Or at least ,Qos DSCP
I have 2WAN in loadbalance
viewtopic.php?t=157048
Re: v7.2 is released!
Posted: Wed Apr 13, 2022 2:01 pm
Problem fixed with secret disabled.Works fine for me...After upgrade from 6.49.5 to 7.2 RoMon stopped seeing almost all devices in our network. If needed I can post the config here?
Try the export-netinstall-import route.
(do not forget show-sensitive with the export)
Re: v7.2 is released!
Posted: Wed Apr 13, 2022 2:09 pm