MikroTik

Posted: **Fri Sep 02, 2022 2:31 pm**

RouterOS version 7.6beta4 has been released "v7 testing" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.6beta4 (2022-Sep-01 11:35):

*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) netwatch - fixed string variable values in script;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ovpn - added IPv6 support for ethernet mode;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) tr069-client - do not allow ":" symbols in username;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.

Posted: **Fri Sep 02, 2022 2:37 pm**

†

*) radius - require "policy" policy for "login" service configuration;

Nooo....

Unfortunately you have noticed it...
I have always used it to scale permissions and become an administrator even in RouterBOARD which I did not have administrative access...

Now than the pandora box is open, please add this critical security fix also on 7.5, 6.48.6 and 6.49.6...

Posted: **Fri Sep 02, 2022 3:15 pm**

My CCR2116 is unable to update to this version, there's nothing in the logs, 42MB free diskspace. It downloads the 7.6beta4 image, reboots and comes up again with version 7.5.
2-Partition setup, user-manager and zerotier extra packages are installed.

Posted: **Fri Sep 02, 2022 3:18 pm**

7.6beta4: RB5009 no longer shows and provides access to mounted USB T5 Samsung SSD drive partition. It works in 7.5 and earlier.

[admin@MikroTik] > :put ([/system/resource/print as-value]->"version")
7.6beta4 (development)
[admin@MikroTik] > :put ([/system/routerboard/print as-value]->"current-firmware")
7.6beta4
[admin@MikroTik] > /system/resource/usb/print
Columns: DEVICE, VENDOR, NAME, SPEED
# DEVICE  VENDOR                NAME                  SPEED
0 2-1     Samsung               Portable SSD T5        5000
1 1-0     Linux 5.6.3 xhci-hcd  xHCI Host Controller    480
2 2-0     Linux 5.6.3 xhci-hcd  xHCI Host Controller   5000
[admin@MikroTik] > /disk/print

[admin@MikroTik] > 

-------------------------------------------------------------------------------------------------------

[admin@MikroTik] > :put ([/system/resource/print as-value]->"version")
7.5 (stable)
[admin@MikroTik] > :put ([/system/routerboard/print as-value]->"current-firmware")
7.5
[admin@MikroTik] > /system/resource/usb/print
Columns: DEVICE, VENDOR, NAME, SPEED
# DEVICE  VENDOR                NAME                  SPEED
0 2-1     Samsung               Portable SSD T5        5000
1 1-0     Linux 5.6.3 xhci-hcd  xHCI Host Controller    480
2 2-0     Linux 5.6.3 xhci-hcd  xHCI Host Controller   5000
[admin@MikroTik] > /disk/print
Flags: M, r - RAID-MEMBER
Columns: SLOT, MODEL, SERIAL, INTERFACE, NAME, FS, FREE, SIZE
#   SLOT  MODEL                    SERIAL        INTERFACE          NAME   FS    FREE      SIZE    
0 M usb1  Samsung Portable SSD T5  000000000000  USB 3.10 5000Mbps  disk1  ext4  914.5GiB  931.5GiB
[admin@MikroTik] >

Posted: **Fri Sep 02, 2022 3:27 pm**

Hi,

please implement last reaoming standard 802.11v...this is the last missing....

Posted: **Fri Sep 02, 2022 3:29 pm**

ros 7.5 create container AdGuard Home, upgrade to 7.6 beta4 don`t run :(
log
2022/09/02 12:23:13.847315 [info] AdGuard Home, version v0.107.11
2022/09/02 12:23:14.012107 [info] Initializing auth module: /opt/adguardhome/work/data/sessions.db
2022/09/02 12:23:14.013476 [error] auth: open DB: /opt/adguardhome/work/data/sessions.db: open /opt/adguardhome/work/data/sessions.db: permission denied
2022/09/02 12:23:14.013491 [fatal] Couldn't initialize Auth module
fix please

Posted: **Fri Sep 02, 2022 3:30 pm**

This is very exciting...

*) l3hw - added support for IPv6 route offloading (disabled by default);

Can anyone provide more information on this? What switch chips are supported? Does this mean that IPv6 fast-track is being worked on?

Robert

Posted: **Fri Sep 02, 2022 4:04 pm**

This is very exciting...

*) l3hw - added support for IPv6 route offloading (disabled by default);
Can anyone provide more information on this? What switch chips are supported? Does this mean that IPv6 fast-track is being worked on?

Robert

L3HW IPv6 is now supported by all CRS3xx, CRS5xx, and CCR2x16 devices.
IPv6 FastTrack HW Offloading is not implemented because the software IPv6 FastTrack needs to be implemented first. Unfortunately, I don't have information about the latter.

Posted: **Fri Sep 02, 2022 4:09 pm**

†
*) radius - require "policy" policy for "login" service configuration;
Nooo.... 😥😥😥
Unfortunately you have noticed it...
I have always used it to scale permissions and become an administrator even in RouterBOARD which I did not have administrative access...

Now than the pandora box is open, please add this critical security fix also on 7.5, 6.48.6 and 6.49.6...

wow you should have reported that when you saw it.

simply wow...

Posted: **Fri Sep 02, 2022 4:15 pm**

†
*) radius - require "policy" policy for "login" service configuration;
Nooo.... 😥😥😥
Unfortunately you have noticed it...
I have always used it to scale permissions and become an administrator even in RouterBOARD which I did not have administrative access...

Now than the pandora box is open, please add this critical security fix also on 7.5, 6.48.6 and 6.49.6...

You didn’t report a bug for a vulnerability like this just for your own ease of use? Wow.

Posted: **Fri Sep 02, 2022 4:29 pm**

ros 7.5 create container AdGuard Home, upgrade to 7.6 beta4 don`t run

It's working fine.

/container mounts
add dst=/opt/adguardhome/work/data name=adguardhome_data src=/container/adguardhome
add dst=/opt/adguardhome/conf/ name=adguardhome_conf src=/container/adguardhome
add dst=/opt/adguardhome/work/ name=adguardhome_work src=/container/adguardhome
/container
add interface=veth1 mounts=adguardhome_data,adguardhome_conf,adguardhome_work root-dir=container/adguardhome workdir=/opt/adguardhome/work
/container config
set registry-url=https://registry-1.docker.io tmpdir=container/tmp

2022-09-02_18-00-53.jpg

Posted: **Fri Sep 02, 2022 4:32 pm**

Upgraded hap ac3 wifiwave2 coming from 7.5

One remark: somehow I managed to tick WPA3-EAP as security mode before and wifi did not come up after upgrade.
It showed a red message "wpa3-eap can only be combined with wpa2-eap".
When I unticked wpa3-eap, all impacted wifi interfaces came up.

Is that intentional ? It wasn't like that before (and nothing was mentioned in changelog about this, unless I missed something ?).

Posted: **Fri Sep 02, 2022 5:21 pm**

Upgraded RB5009 and hAP ac3 from 7.5rc2 to 7.6beta4. No issues so far.

Containers, USB flash drive as external disk, WifiWave2... Everything working as expected.

Posted: **Fri Sep 02, 2022 5:22 pm**

YES! container mounts look like they have the right permissions now, thank you! <3

Posted: **Fri Sep 02, 2022 5:22 pm**

Port flapping issue on RB5009 which was triggered by showing the "bridge port" field (in dchp leases window, arp window, interface details window, etc) appears to be resolved in this build. A huge relief and best news of the day for me.

I also haven't experienced a bricked router or config corruption since several builds ago (7.2.x) and have been staying up to date on testing channel on my whole fleet (10+ routers, various models) for each testing release so the upgrade process seems to be reliable at the moment, touch wood !

Thanks MikroTik

Posted: **Fri Sep 02, 2022 5:28 pm**

Export hang at those menus seems to be fixed too, (probably also the high cpu usage spikes but I can't confirm right now).
Weird that there's nothing about it in the changelog. Thank you!

Posted: **Fri Sep 02, 2022 7:18 pm**

*) l3hw - added support for IPv6 route offloading (disabled by default);

I never thought I'd see the day; but here we are! Status on a CRS317 after enabling l3hw-ipv6 and running iperf3 between two IPv6 subnets:

[SUM]   0.00-10.00  sec  10.7 GBytes  9.20 Gbits/sec                  receiver

Great work, MikroTik!

Posted: **Fri Sep 02, 2022 7:56 pm**

My CCR2116 is unable to update to this version, there's nothing in the logs, 42MB free diskspace. It downloads the 7.6beta4 image, reboots and comes up again with version 7.5.
2-Partition setup, user-manager and zerotier extra packages are installed.

Do you have any active ZeroTier networks configured, i.e. any enabled entries under

/zerotier/interface

?

Posted: **Fri Sep 02, 2022 9:08 pm**

@aliclubb yes there's an active network. I disabled it, but no luck. I even removed the whole zerotier package and tried to update without success. routeros is the only package installed now on that device and it won't let me update, I also tried to upload the firmware file manually. Still nothing in the logs except this ntp change time ... message.

Posted: **Sat Sep 03, 2022 5:08 am**

My CCR2116 is unable to update to this version, there's nothing in the logs, 42MB free diskspace. It downloads the 7.6beta4 image, reboots and comes up again with version 7.5.
2-Partition setup, user-manager and zerotier extra packages are installed.

I was able to update from 7.5RC to 7.6Beta4 without issue on my CCR2116. No ZeroTier package or config.

Posted: **Sat Sep 03, 2022 1:05 pm**

Why is the router connecting to the upgrade server (and retrieve the most recent version number and changelist) all the time?
On my own router it does this exactly once per hour, but I have seen another that does it once every 30 seconds...
Is there a need for this?

Posted: **Sat Sep 03, 2022 11:34 pm**

*) pppoe - fixed MRU negotiation even when it is set to 1500;

Perfect !!! It seems this was a nasty bug. My home router with VDSL2 connection 120/25 is working now as a charm. I have hAP ac^2 (hAP ax^2 soon).

Posted: **Sun Sep 04, 2022 6:45 am**

on v7.5 loop has happening on vrrp, has that been fixed?

Posted: **Mon Sep 05, 2022 7:03 am**

Please add the M in Winbox too.

1.jpg

2.jpg

Posted: **Mon Sep 05, 2022 11:52 am**

DOM/DDM still not work on my RB760iGS

Posted: **Mon Sep 05, 2022 7:03 pm**

@aliclubb yes there's an active network. I disabled it, but no luck. I even removed the whole zerotier package and tried to update without success. routeros is the only package installed now on that device and it won't let me update, I also tried to upload the firmware file manually. Still nothing in the logs except this ntp change time ... message.

Hmm strange. Not exactly the issue I had then. Can you connect to the device via console and post the whole output whilst you do an upgrade?

Posted: **Mon Sep 05, 2022 8:01 pm**

Got IPv6 hw-offload working in my home network. It's great!

https://www.reddit.com/r/mikrotik/comme ... nd_crs328/

Posted: **Mon Sep 05, 2022 10:09 pm**

*) route - fixed memory leak;

Upgraded rb2011 with MPLS (OSPF+LDP) - dead within hour. Multicast packet loss - kill box with OOM. 7.4.1/7.5rc2 shows same results.

Posted: **Mon Sep 05, 2022 10:26 pm**

Upgraded rb2011 with MPLS (OSPF+LDP) - dead within hour. Multicast packet loss - kill box with OOM.

What is the scenario and config that triggers the memory leak?

Posted: **Tue Sep 06, 2022 9:57 am**

Container image names are lost when restoring from a configuration backup.

Posted: **Tue Sep 06, 2022 2:26 pm**

Got IPv6 hw-offload working in my home network. It's great!

https://www.reddit.com/r/mikrotik/comme ... nd_crs328/

Hmmm....stange behavior on my two CRS326-24G-2S+ Switches. Winbox told me L3HW-Offloading is activated in the switch menu, CLI said it wasn´t.
After activating it via CLI both switches died after a few seconds and didn´t came back, even after a cold boot.
I had to netinstall both....

Posted: **Tue Sep 06, 2022 8:50 pm**

Can you connect to the device via console and post the whole output whilst you do an upgrade?

MikroTik 7.5 (stable)
CORE Login:
Rebooting...
ERROR: upgrade failed, free 33 kB disk space for a (null)upgrade
[277810.368297] reboot: Restarting system
stage2_loader v3.63.2
Memory repair completed within 226 uSecs
DDR ECC static poisoning address: (0x1e0000)
DDR ECC static poisoning address: (0x1e1100)
SPD I2C Address: 52, offset 0000(0)
DRAM ch 0: 8GB
SPD I2C Address: 53, offset 0000(0)
DRAM ch 1: 8GB
DRAM total size: 16GB
Executing next at 0x01000000!
agent_wakeup v3.53

The error message is obviously BS, as there were at least 40MB of free space available. I tried again after removing the second partition, so there was even more free space available, same outcome.
In the end I just used netinstall to flash 7.6beta4, reset the configuration, upgraded routerboot and restored the binary backup. Router is up and running again.
First thing I noticed after reboot, my wireguard tunnels didn't receive any traffic, RX counters stayed at 0, while TX counters went up. I could fix it by toggling l3hw-offloading in switch settings. I'm currently using only fasttrack hw-offloading, l3hw-offloading is disabled on all interfaces. I hope this will be the only "surprise" with this beta..

Posted: **Tue Sep 06, 2022 9:07 pm**

ros 7.5 create container AdGuard Home, upgrade to 7.6 beta4 don`t run

It's working fine.

/container mounts
add dst=/opt/adguardhome/work/data name=adguardhome_data src=/container/adguardhome
add dst=/opt/adguardhome/conf/ name=adguardhome_conf src=/container/adguardhome
add dst=/opt/adguardhome/work/ name=adguardhome_work src=/container/adguardhome
/container
add interface=veth1 mounts=adguardhome_data,adguardhome_conf,adguardhome_work root-dir=container/adguardhome workdir=/opt/adguardhome/work
/container config
set registry-url=https://registry-1.docker.io tmpdir=container/tmp

2022-09-02_18-00-53.jpg

Thank you for your information about setting up the source of the mount points as /container/adguardhome instead of /container/adguardhome/work etc.
No more "mkdir /opt/adguardhome/work/data: permission denied". It works on v7.5 as well now!

Posted: **Tue Sep 06, 2022 9:32 pm**

Thank you for your information. It works on v7.5 as well now!

You're welcome. Currently, I have an ad guard container. Now I'm worried about the RAM usage. I would appreciate it if you or anyone else could share your ram usage for the container.

2022-09-06_22-43-53.jpg

Posted: **Tue Sep 06, 2022 10:36 pm**

Thank you for your information about setting up the source of the mount points as /container/adguardhome instead of /container/adguardhome/work etc.
No more "mkdir /opt/adguardhome/work/data: permission denied". It works on v7.5 as well now!

That's just bad practice, don't do it, son.

Posted: **Wed Sep 07, 2022 12:27 pm**

The Xiaomi device cannot connect via Wifiwave2, it only cycles connected and after 2s disconnected.

i have hAP ac3

If I connect via the old hAP lite, everything works immediately.

/interface/wifiwave2/actual-configuration> print
0 name="wifi1" mac-address=08:55:31 arp-timeout=auto
radio-mac=08:55:31
configuration.mode=ap .ssid="x" .country=Czech
security.authentication-types=wpa2-psk,wpa3-psk
.passphrase="xx" .sae-pwe=hunting-and-pecking

1 name="wifi2" mac-address=08:55:31 arp-timeout=auto
radio-mac=08:55:31
configuration.mode=ap .ssid="G" .country=Czech
security.authentication-types=wpa2-psk,wpa3-psk
.passphrase="xx" .sae-pwe=hunting-and-pecking

2 name="wifi3" mac-address=0A:55:31 arp-timeout=auto
master-interface=wifi2
configuration.mode=ap .ssid="xx" .country=Czech
security.authentication-types=wpa2-psk,wpa3-psk
.passphrase="xx" .sae-pwe=hunting-and-pecking

3 name="wifi4" mac-address=0A:55:31 arp-timeout=auto
master-interface=wifi1
configuration.mode=ap .ssid="xx" .country=Czech
security.authentication-types=wpa2-psk,wpa3-psk
.passphrase="xx" .sae-pwe=hunting-and-pecking

Posted: **Wed Sep 07, 2022 12:33 pm**

That kind of behavior often is not caused by the wifi itself, but by some "is the network OK" check made by the device.
E.g. it cannot get a DHCP lease or it cannot ping the gateway. When it fails, it just disconnects, and when it is stupid, it just tries again immediately.

Posted: **Wed Sep 07, 2022 1:15 pm**

Ok, but how is it possible that with hap lite, old wireless package, identical SSID settings, the device connects immediately? BTW on hAP ac3 with wifiwave2 on which Xiaomi does not work (disconnects) many other devices run without problems.

Posted: **Wed Sep 07, 2022 1:51 pm**

Thank you for your information. It works on v7.5 as well now!
You're welcome. Currently, I have an ad guard container. Now I'm worried about the RAM usage. I would appreciate it if you or anyone else could share your ram usage for the container.
2022-09-06_22-43-53.jpg

It just consumes ~1xxMB of memory.

scrn.png

Posted: **Wed Sep 07, 2022 1:55 pm**

It just consumes ~1xxMB of memory.

Let it run for few days :d

Posted: **Wed Sep 07, 2022 2:48 pm**

The Xiaomi device cannot connect via Wifiwave2, it only cycles connected and after 2s disconnected.

i have hAP ac3

If I connect via the old hAP lite, everything works immediately.

Check this out - I had similar issues with a OnePlus phone, issues solved after applying that fix.

Posted: **Wed Sep 07, 2022 3:51 pm**

What's new in 7.6beta6 (2022-Sep-07 12:06):

*) container - added "start-on-boot" parameter for automatic container startup;
*) dot1x - fixed incorrect error when using "mac-auth";
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) lte - fixed at-chat on Telit FN980m;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) w60g - improved system stability (introduced in v7.5);
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow to rename mounted disks;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;

Posted: **Wed Sep 07, 2022 4:21 pm**

Thank you for your information about setting up the source of the mount points as /container/adguardhome instead of /container/adguardhome/work etc.
No more "mkdir /opt/adguardhome/work/data: permission denied". It works on v7.5 as well now!
That's just bad practice, don't do it, son.

If i used mount point like /diskN/adguardhome/work or /diskN/adguardhome/data, I got permission denied as the fatal error and AdGuard Home just can not be brought up.
I learnt that this issue can be fixed by inserting the USB disk to a Linux machine and create folders with 777 permission manually.

Do you have any advice, pls? Is this a bug that mikrotik should solve? Thx.

Posted: **Wed Sep 07, 2022 4:28 pm**

MT Staff, please fix this bug, on this post is also present the ready soluction...
viewtopic.php?t=188851#p955204

Posted: **Wed Sep 07, 2022 4:46 pm**

What's new in 7.6beta6 (2022-Sep-07 12:06):

*) container - added "start-on-boot" parameter for automatic container startup;

how to enable this option - container - added "start-on-boot"

command line?

Posted: **Wed Sep 07, 2022 4:49 pm**

Read guide?

Posted: **Wed Sep 07, 2022 5:07 pm**

model RB5009UG+S+
ros 7.6beta4 create container AdGuard Home, upgrade to 7.6 beta6, don`t run
log

17:00:55 container,info,debug 2022/09/07 14:00:55.135264 [info] AdGuard Home, version v0.107.11
17:00:55 container,info,debug 2022/09/07 14:00:55.265404 [info] Initializing auth module: /opt/adguardhome/work/data/sessions.db
17:00:55 container,info,debug 2022/09/07 14:00:55.265558 [error] auth: open DB: /opt/adguardhome/work/data/sessions.db: open /opt/adguardhome/work/data/sessions.db: permission denied
17:00:55 container,info,debug 2022/09/07 14:00:55.265614 [fatal] Couldn't initialize Auth module

 
/container mounts
add dst=/opt/adguardhome/work/data name=adguardhome_data src=/container/adguardhome
add dst=/opt/adguardhome/conf/ name=adguardhome_conf src=/container/adguardhome
add dst=/opt/adguardhome/work/ name=adguardhome_work src=/container/adguardhome
/container
add interface=veth1 logging=yes mounts=adguardhome_data,adguardhome_conf,adguardhome_work root-dir=container/adguardhome workdir=/opt/adguardhome/work
/container config
set registry-url=https://registry-1.docker.io tmpdir=container/tmp

please fix it

Posted: **Wed Sep 07, 2022 5:28 pm**

Why are you creating duplicated, nested mounts for /opt/adguardhome/work and for /opt/adguardhome/work/data? This might be your problem.

Create just one mount for /opt/adguardhome/conf and another one for /opt/adguardhome/work and it should work. It is working here for me using this configuration:

/interface veth
add address=172.31.0.1/24 gateway=172.31.0.254 name=adguard

/container config
set ram-high=768.0MiB registry-url=https://registry-1.docker.io tmpdir=disk1/container-tmp

/container mounts
add dst=/opt/adguardhome/conf name=adguard-opt-adguardhome-conf src=/disk1/adguard-opt-adguardhome-conf
add dst=/opt/adguardhome/work name=adguard-opt-adguardhome-work src=/disk1/adguard-opt-adguardhome-work

/container
add dns=172.31.0.254 hostname=adguard interface=adguard mounts=adguard-opt-adguardhome-conf,adguard-opt-adguardhome-work root-dir=disk1/adguard remote-image=adguard/adguardhome:latest

Posted: **Wed Sep 07, 2022 5:51 pm**

Why are you creating duplicated, nested mounts for /opt/adguardhome/work and for /opt/adguardhome/work/data? This might be your problem.

this post viewtopic.php?p=955911#p955095

previously done as you suggested, result does not change.

Posted: **Wed Sep 07, 2022 5:59 pm**

this post viewtopic.php?p=955911#p955095

previously done as you suggested, result does not change.

I guess this was a workaround for when it was not possible to create folders/directories inside container mounts. It was a restriction on RouterOS containers that was fixed in 7.5rc2, I think.

To my understanding you should never create nested mounts like you did.

And, as I said before, it is working great on my RB5009UG+S+ using the configuration I shown.

Posted: **Wed Sep 07, 2022 6:53 pm**

What's new in 7.6beta6 (2022-Sep-07 12:06):

*) container - added "start-on-boot" parameter for automatic container startup;

Installed on RB3011. This function does not work consistent.
I've 2 containers (Pihole & Adguard) and only Adguard "auto-boots"
Both have the correct flags. Pihole can be started manually, it starts without a problem.
Did not re-create container from scratch since enabling the option worked fine for Adguard.

Anyone else this experience with 2 containers + auto-start ?

Posted: **Wed Sep 07, 2022 7:20 pm**

in this release, in BGP sessions
- missing RemoteID, Remote Capabilities, Prefix count & Uptime....
- Not refreshing sessions list, I have to change tab and come back to view new sessions up...

Posted: **Wed Sep 07, 2022 7:42 pm**

That's just bad practice, don't do it, son.
If i used mount point like /diskN/adguardhome/work or /diskN/adguardhome/data, I got permission denied as the fatal error and AdGuard Home just can not be brought up.
I learnt that this issue can be fixed by inserting the USB disk to a Linux machine and create folders with 777 permission manually.

Do you have any advice, pls? Is this a bug that mikrotik should solve? Thx.

There was a bug that prevented mounts from working properly, that bug was silently fixed in 7.6beta4.
Every "solution" posted up until v7.6beta4 were ugly hacks.
Containers should have root-dir set to a directory dedicated for containers, in a unique directory for each container.
Same goes for mounts.
I use something like this:

/container mounts
add dst=/opt/adguardhome/conf name=agh_conf src=\
    /disk1/docker/mounts/agh/conf
add dst=/opt/adguardhome/work name=agh_work src=\
    /disk1/docker/mounts/agh/work
/container
add interface=veth2 logging=yes mounts=\
    agh_conf,agh_work root-dir=\
    disk1/containers/adguardhome workdir=\
    /opt/adguardhome/work
/container config
set ram-high=96.0MiB registry-url=\
    https://registry-1.docker.io/ tmpdir=\
    disk1/docker/tmp

Posted: **Wed Sep 07, 2022 7:49 pm**

*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
this for me is untrue, because uptime is empty any way, for estabilished and not estabilished sessions.

the difference from previous version is the before it was a coundown, now it is just empty.
regards
Ros

Posted: **Wed Sep 07, 2022 7:57 pm**

the difference from previous version is the before it was a coundown, now it is just empty.

Being empty is their fix for now. They had completely removed the uptime field for some reason, I believe on purpose. You cannot see it in the CLI at all either (and you could in earlier versions when it displayed properly in Winbox), but when they removed it from the CLI, Winbox started displaying some strange value as a glitch instead of displaying nothing, like the command line does.

I assume it will be put back in the CLI and winbox at some point, but it is not a bug, it is just a feature that seems to have been temporarily removed.

Posted: **Wed Sep 07, 2022 8:23 pm**

the difference from previous version is the before it was a coundown, now it is just empty.

The previous version showed the current uptime in commandline but when you opened the sessions tab in winbox it showed a fake ticking uptime...
Even when the session is down or has been down/up, still it showed the incorrect ticking time until using F5 to refresh it.
In v6 the screen is automatically refreshed to show the real values (not only uptime but also remote ID, prefix count, state etc).
I hope in v7 a screen like that will come back, instead of more and more info being removed.

Posted: **Wed Sep 07, 2022 9:38 pm**

The previous version showed the current uptime in commandline but when you opened the sessions tab in winbox it showed a fake ticking uptime...

I'm still running 7.5 with BGP and can confirm that it does not show the uptime in the command line, and it displays in winbox with a fake uptime.

I have another router running BGP on 7.4 and that does show the uptime in the command line, but it also shows the correct uptime in winbox.

Which version is it that you speak of that shows the correct uptime in the CLI but the wrong uptime in Winbox?

Posted: **Wed Sep 07, 2022 9:45 pm**

What I mean with previous version is the 7.4 behavior. The winbox uptime is copied from the router when you open the window, but then it continues ticking upward even when the connection actually is down.

Posted: **Thu Sep 08, 2022 5:33 am**

What's new in 7.6beta6 (2022-Sep-07 12:06):

*) container - added "start-on-boot" parameter for automatic container startup;

how to enable this option - container - added "start-on-boot"

command line?

Got it from the help wiki.
Can add to the existing running docker

Posted: **Thu Sep 08, 2022 6:04 am**

What I mean with previous version is the 7.4 behavior. The winbox uptime is copied from the router when you open the window, but then it continues ticking upward even when the connection actually is down.

I understand now. I suspect, to fix this issue, they might have had to re-engineer the peer uptime display a bit, and that would explain why it has been temporarily removed.

Posted: **Thu Sep 08, 2022 9:05 am**

And, as I said before, it is working great on my RB5009UG+S+ using the configuration I shown.

it's a usb flash drive??
src=/disk1/

Posted: **Thu Sep 08, 2022 1:02 pm**

Seems like it's impossible to set certain permissions on mounted files from inside container. For example chmod +x some script, but it's still not executable. So no scripts in a mounted directory can work. Is this intended design, or more of a bug? I understand mounts are usually used for non-executable storage but there are cases where it could be necessary or desirable to host an entire application including the main executable binaries on the mountpoint

Edit: And I'm still getting permission problems after upgrading RouterOS and trying to start a container that I made in 7.6beta4 ....

permsproblem.png

this has been a problem for me ever since containers were re-introduced, that the entire container needs to be recreated each upgrade and data is lost. I thought this was fixed by now as per changelogs?? :/

This is with `jc21/nginx-proxy-manager:latest` & `jc21/mariadb-aria:latest` images. I don't think it's an issue with the images, because everything works on deployment and continues to work fine (including stopping/starting/rebooting the chr instance and/or containers) until routeros upgrades to a new version

Posted: **Thu Sep 08, 2022 1:35 pm**

What is the scenario and config that triggers the memory leak?

In our case - cheap Dlink DES-3200-A1 in the middle between rb1100ahx2 and rb2011 randomly drops multicast packets in both directions. So, LDP session periodically restarted (and OSPFv2 too) - rb2011 die due OOM. It's still alive, but with CPU under 100% loads, networking process consume 85%, SNMP not working, VPLS tunnel dead, telnet/mac-telnet still alive.

What's new in 7.6beta6 (2022-Sep-07 12:06):

....
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
....

OSPFv3 broken - now it complains about wrong checksum every 10 seconds...

Posted: **Thu Sep 08, 2022 2:54 pm**

Seems like it's impossible to set permissions on mounted files from inside container. For example chmod +x some script, but it's still not executable. So no scripts in a mounted directory can work. Is this intended design, or more of a bug? I understand mounts are usually used for non-executable storage but there are cases where it could be necessary or desirable to host an entire application including the main executable binaries on the mountpoint

Are you by chance using a USB stick formatted with exfat/fat filesystem as storage on router for your container mount points ?
If underlying filesystem does not support permissions, chmod from inside a container to a mounted directory won't do anything.

Posted: **Thu Sep 08, 2022 3:13 pm**

Are you by chance using a USB stick formatted with exfat/fat filesystem as storage on router for your container mount points ?
If underlying filesystem does not support permissions, chmod from inside a container to a mounted directory won't do anything.

Nope, described issue is on a chr with no other external disk, just mounting to a path on the native storage

Aand I think I just found another issue. The new "start-on-boot" feature only seems to work on a single container even if it was enabled for multiple containers.

My chr also didn't reboot properly after I enabled that on my containers (not accessible several minutes after rebooting to test the feature). Fortunately it did boot up fine again after manually resetting the instance through the cloud console. I'm not sure if that was some bad luck on my side or a reproducible bug, but I'm leaving it here for the record anyway...

Posted: **Thu Sep 08, 2022 5:14 pm**

Got IPv6 hw-offload working in my home network. It's great!

https://www.reddit.com/r/mikrotik/comme ... nd_crs328/

Hmmm....stange behavior on my two CRS326-24G-2S+ Switches. Winbox told me L3HW-Offloading is activated in the switch menu, CLI said it wasn´t.
After activating it via CLI both switches died after a few seconds and didn´t came back, even after a cold boot.
I had to netinstall both....

I´ve taken a new CRS326-24G-2S+, blow away the config, build up from scratch a simple bridge config, have updated ROS and FW to 7.6Beta6 and activated in the Switch-menu L3HW-offloading. After that I´ve activated the IPv6-HW offloading, too via CLI and like the first time the Switch died after a few seconds.
So in my conclusion this feature is not production ready!!

Posted: **Thu Sep 08, 2022 5:23 pm**

*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
does this work for anyone? I have l3hw offloading enabled on my CCR2116 and fasttrack enabled for all established,related connections but I've never seen a H flag in the connection list (ipv4/ipv6). Even when I filter hw-offloaded connections, there are 0 entries. I know it's working, else I wouldn't get 2% cpu utilization at 2.5Gb/s throughput.

Posted: **Thu Sep 08, 2022 6:13 pm**

And, as I said before, it is working great on my RB5009UG+S+ using the configuration I shown.
it's a usb flash drive??
src=/disk1/

Yes. USB flash drive formatted as ext4.

Posted: **Fri Sep 09, 2022 1:03 am**

Hmmm....stange behavior on my two CRS326-24G-2S+ Switches. Winbox told me L3HW-Offloading is activated in the switch menu, CLI said it wasn´t.
After activating it via CLI both switches died after a few seconds and didn´t came back, even after a cold boot.
I had to netinstall both....
I´ve taken a new CRS326-24G-2S+, blow away the config, build up from scratch a simple bridge config, have updated ROS and FW to 7.6Beta6 and activated in the Switch-menu L3HW-offloading. After that I´ve activated the IPv6-HW offloading, too via CLI and like the first time the Switch died after a few seconds.
So in my conclusion this feature is not production ready!!

Just did a test on my CRS309, it worked one way for me (traffic from one port to another offloaded, the other direction not). Then I tried to disable and re-enable ip6 l3hw, and it caused temporarily loss of connectivity to the router, once recovered the ipv6 was no longer working, even after disabling the l3hw. Afterwards the connectivity to the router lost a few more times (for a few seconds). After that I rebooted the router and re-enabled l3hw again, and for now it works OK both directions... I only have a couple of test servers with ipv6, don't use ipv6 for anything else for now...

So, yes, looks like definitely not production ready yet, but so was the ipv4 l3hw in the first versions, so I am hopeful that all the issues will get resolved soon...

Posted: **Fri Sep 09, 2022 8:01 pm**

Just did a test on my CRS309, it worked one way for me (traffic from one port to another offloaded, the other direction not). Then I tried to disable and re-enable ip6 l3hw, and it caused temporarily loss of connectivity to the router, once recovered the ipv6 was no longer working, even after disabling the l3hw. Afterwards the connectivity to the router lost a few more times (for a few seconds). After that I rebooted the router and re-enabled l3hw again, and for now it works OK both directions... I only have a couple of test servers with ipv6, don't use ipv6 for anything else for now...

So, yes, looks like definitely not production ready yet, but so was the ipv4 l3hw in the first versions, so I am hopeful that all the issues will get resolved soon...

Thanks for the feedback! We reproduced the issue and already fixed it! The fix will be in the next beta. Meanwhile, it is recommended to restart the router after enabling l3hw ipv6.

Posted: **Fri Sep 09, 2022 8:03 pm**

*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
does this work for anyone? I have l3hw offloading enabled on my CCR2116 and fasttrack enabled for all established,related connections but I've never seen a H flag in the connection list (ipv4/ipv6). Even when I filter hw-offloaded connections, there are 0 entries. I know it's working, else I wouldn't get 2% cpu utilization at 2.5Gb/s throughput.

Maybe the packets are routed by the hardware (switch chip) and do not enter the CPU at all? Do you non-wh-offloaded FastTrack connections (without H flag) in the connection list? Or is the list empty? The latter means the routing is fully performed by the hardware (which is good, unless you want to Firewall it first).

Posted: **Fri Sep 09, 2022 8:07 pm**

Hmmm....stange behavior on my two CRS326-24G-2S+ Switches. Winbox told me L3HW-Offloading is activated in the switch menu, CLI said it wasn´t.
After activating it via CLI both switches died after a few seconds and didn´t came back, even after a cold boot.
I had to netinstall both....
I´ve taken a new CRS326-24G-2S+, blow away the config, build up from scratch a simple bridge config, have updated ROS and FW to 7.6Beta6 and activated in the Switch-menu L3HW-offloading. After that I´ve activated the IPv6-HW offloading, too via CLI and like the first time the Switch died after a few seconds.
So in my conclusion this feature is not production ready!!

While we found some issues with l3hw ipv6 in DX3000 switch chips, we couldn't reproduce your issue. Does your CRS326 become completely unresponsive, or does only IPv6 traffic gets dropped? Can you access the switch via Winbox L2 (by MAC address)?

Posted: **Fri Sep 09, 2022 8:57 pm**

@raimondsp: all 3 Switches became completly unresponsive, no L2 and no L3.
I only got access back after resetting the config via reset-button.

Posted: **Sun Sep 11, 2022 8:29 pm**

I seem to have lost 5G on this beta and the latest RG502QEAAAR13A02M4G modem firmware on my Chateau 5G.

Posted: **Mon Sep 12, 2022 1:39 pm**

@raimondsp: all 3 Switches became completly unresponsive, no L2 and no L3.
I only got access back after resetting the config via reset-button.

That's strange. Please create a support ticket, so we can try to reproduce your issue.

Posted: **Mon Sep 12, 2022 5:09 pm**

Support ticket raised, 7.6beta runs fine on my Chateau LTE12 while I await a response.

Posted: **Mon Sep 12, 2022 11:07 pm**

Anyone seeing issues with WPA3 and iOS 16 (released today)?

After upgrading iPhone 12 to iOS 16.0 it was unable to connect to wpa2-psk,wpa3-psk networks I have on my hAP ac3 running RouterOS 7.6beta6 with WifiWave2 package. Before the upgrade (iOS 15.6) it was connecting fine.

After changing the interface to be only wpa2-psk the iPhone is connecting fine again.

Posted: **Tue Sep 13, 2022 1:41 am**

@CTassisF
In a previous release this type of issue with WPA3 was mentioned. Maybe this will help:
viewtopic.php?p=953191&hilit=wpa3#p953191
Mentioned setting this helped:
/interface/wifiwave2/security/set (yourWiFiprofile) sae-pwe=hunting-and-pecking

Posted: **Tue Sep 13, 2022 4:37 am**

What this quote was for? Removed

Thanks! Changing this config fixed the issue with iPhone + iOS 16 + WPA3.

Posted: **Tue Sep 13, 2022 8:00 am**

The problem of global variables that disappear still persists, someone from mikrotik who can say if they are taking action on the matter?

viewtopic.php?p=944654#p944663

Posted: **Tue Sep 13, 2022 9:32 am**

If you have not created a support ticket, they might not even be aware since they do not read each and every post on this forum. It's a user forum. Not a technical forum.
Did you create a support ticket ?
Did they respond to it ?

Posted: **Tue Sep 13, 2022 9:50 am**

Hi,
Dose MT container supports the systemd, privileged docker image ?
Examples

docker run -ti --privileged=true -v /sys/fs/cgroup:/sys/fs/cgroup:ro -p 80:80 local/centos7-systemd
docker run --tmpfs /tmp --tmpfs /run -it -v /sys/fs/cgroup:/sys/fs/cgroup:ro  -p 80:80 local/r8-systemd-httpd

MT


 MikroTik RouterOS 7.6beta6 (c) 1999-2022       

[admin@MikroTik] > container/shell number=0
0;root@MikroTik:/[root@MikroTik /]# systemctl
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down

0;root@MikroTik:/[root@MikroTik /]# cat etc/os-release
NAME="Rocky Linux"
VERSION="8.6 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.6"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.6 (Green Obsidian)"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"

Posted: **Tue Sep 13, 2022 2:17 pm**

@raimondsp: all 3 Switches became completly unresponsive, no L2 and no L3.
I only got access back after resetting the config via reset-button.

That's strange. Please create a support ticket, so we can try to reproduce your issue.

@raimondsp
Okay, support ticket opened: SUP-92398

Posted: **Tue Sep 13, 2022 2:44 pm**

in a ccr2216 device the l3hw option on some ports is disabled, however when it is restarted the l3hw option is enabled again and the NAT fails.

Posted: **Tue Sep 13, 2022 2:57 pm**

@ IPv6-HW offloading:
@ raimondsp:
It seems to be, that the issue has something to do with the SPP+ connection. When I connect the switch via 1GBit copper everything seems to work.
But when I use the SFP+ slot, the switch stops responding via L2 and L3.
(used SFP+ module: MikroTik S+RJ10)

Posted: **Tue Sep 13, 2022 3:39 pm**

For me l3hw offloading doesn't seem to work at all. I read the help page multiple times, but couldn't find anything I may have misconfigured. I got it working once for a few seconds, after making changes to the bridge configuration, then there was a H entry in the connection list. But a few seconds later the connection disappeared and the list remained empty. I can't use port-based hw-offloading, because I use many tunnels that can't be offloaded, so I'd need a lot of acl rules to redirect the traffic to the cpu. But when I tried it, not even simple inter-vlan routing worked between some networks. Some hosts were only reachable by ping, while others couldn't be reached at all. This was between a 802.3ad bond (2xSFP+) and a SFP+ port, didn't try 1G ports.

Posted: **Tue Sep 13, 2022 4:02 pm**

Anyone seeing issues with WPA3 and iOS 16 (released today)?

After upgrading iPhone 12 to iOS 16.0 it was unable to connect to wpa2-psk,wpa3-psk networks I have on my hAP ac3 running RouterOS 7.6beta6 with WifiWave2 package. Before the upgrade (iOS 15.6) it was connecting fine.

After changing the interface to be only wpa2-psk the iPhone is connecting fine again.

I'm having the same issue, but I'm on 7.5, having wpa2-psk only has resolved the issue (wpa3-psk was previously enabled).

Interestingly though, iOS 16 had no issue connecting to our guest network (slave interface), which had the exact same security config.

Posted: **Tue Sep 13, 2022 4:23 pm**

@raimondsp
Okay, support ticket opened: SUP-92398

We received the support ticket and investigating the issue. Thank you!

Posted: **Tue Sep 13, 2022 4:25 pm**

For me l3hw offloading doesn't seem to work at all. I read the help page multiple times, but couldn't find anything I may have misconfigured. I got it working once for a few seconds, after making changes to the bridge configuration, then there was a H entry in the connection list. But a few seconds later the connection disappeared and the list remained empty. I can't use port-based hw-offloading, because I use many tunnels that can't be offloaded, so I'd need a lot of acl rules to redirect the traffic to the cpu. But when I tried it, not even simple inter-vlan routing worked between some networks. Some hosts were only reachable by ping, while others couldn't be reached at all. This was between a 802.3ad bond (2xSFP+) and a SFP+ port, didn't try 1G ports.

Are we talking about IPv4 or IPv6 HW Offloading? Please post your "/interface/export", "/ip/export", and (in the case of ipv6) "/ipv6/export" output.

Posted: **Tue Sep 13, 2022 4:56 pm**

*) lte - disabled RPLMN on Chateau 5G;

RG502QEAAAR11A07M4G_01.001.01.001
Solved the problem that AT+QNWCFG="clr_rplmn" could not clear RPLMN
when you used certain SIM cards

Hi MikroTik, is the above fix, solving a problem that has already been resolved by Quectel on the latest R11A07 firmware?

Posted: **Tue Sep 13, 2022 7:53 pm**

@raimondsp
IPv6 hw offload didn't work either in my test, but currently I'm focusing only on IPv4.
I removed like 90% of the configuration and ended up with probably the most simple setup. However it still isn't working.
Here is the export of /int and /ip. There are some routes with invalid gateways, which are only visible in the export, not in the cli or winbox, so I couldn't remove them. (another issue that needs to be fixed)
For the test I ran iperf3 between 172.20.164.8 - 192.168.66.2.

/int/ex
# sep/13/2022 18:14:45 by RouterOS 7.6beta6
# software id = 
#
# model = CCR2116-12G-4S+
# serial number = 
/interface bridge
add add-dhcp-option82=yes dhcp-snooping=yes frame-types=admit-only-vlan-tagged name=BRIDGE protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-full,100M-full,1000M-full disabled=yes l2mtu=1580 name=E01.WAN
set [ find default-name=ether2 ] advertise=10M-full,100M-full,1000M-full disabled=yes l2mtu=1580 name=E02
set [ find default-name=ether3 ] advertise=10M-full,100M-full,1000M-full disabled=yes l2mtu=1580 loop-protect=on name=E03
set [ find default-name=ether4 ] advertise=10M-full,100M-full,1000M-full l2mtu=1580 name=E04.PVE-MGMT
set [ find default-name=ether5 ] advertise=10M-full,100M-full,1000M-full disabled=yes l2mtu=1580 name=E05
set [ find default-name=ether6 ] advertise=10M-full,100M-full,1000M-full disabled=yes l2mtu=1580 name=E06
set [ find default-name=ether7 ] advertise=10M-full,100M-full,1000M-full disabled=yes l2mtu=1580 name=E07
set [ find default-name=ether8 ] disabled=yes l2mtu=1580 name=E08
set [ find default-name=ether9 ] disabled=yes l2mtu=1580 name=E09
set [ find default-name=ether10 ] disabled=yes l2mtu=1580 name=E10
set [ find default-name=ether11 ] disabled=yes l2mtu=1580 name=E11
set [ find default-name=ether12 ] disabled=yes l2mtu=1580 name=E12
set [ find default-name=ether13 ] disabled=yes name=OOBM
set [ find default-name=sfp-sfpplus1 ] advertise=1000M-half,1000M-full,2500M-full,5000M-full l2mtu=9570 mtu=9000 name=S1.UPLINK speed=10Gbps
set [ find default-name=sfp-sfpplus2 ] advertise=10000M-full l2mtu=9570 mtu=9000 name=S2.UPLINK speed=10Gbps
set [ find default-name=sfp-sfpplus3 ] l2mtu=9570 mtu=9000 name=S3.PVE speed=2.5Gbps
set [ find default-name=sfp-sfpplus4 ] disabled=yes name=S4
/interface vlan
add interface=BRIDGE name=0066.SERVER vlan-id=66
add interface=BRIDGE name=0099.MGMT vlan-id=99
add interface=BRIDGE name=0164.LAN vlan-id=164
/interface bonding
add lacp-rate=1sec mode=802.3ad mtu=9000 name=BOND.SWITCH slaves=S1.UPLINK,S2.UPLINK transmit-hash-policy=layer-3-and-4
/interface ethernet switch
set 0 l3-hw-offloading=yes
/interface ethernet switch port
set 0 l3-hw-offloading=no
set 1 l3-hw-offloading=no
set 2 l3-hw-offloading=no
set 3 l3-hw-offloading=no
set 4 l3-hw-offloading=no
set 5 l3-hw-offloading=no
set 6 l3-hw-offloading=no
set 7 l3-hw-offloading=no
set 8 l3-hw-offloading=no
set 9 l3-hw-offloading=no
set 10 l3-hw-offloading=no
set 11 l3-hw-offloading=no
set 12 l3-hw-offloading=no
set 13 l3-hw-offloading=no
set 14 l3-hw-offloading=no
set 15 l3-hw-offloading=no
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged interface=E04.PVE-MGMT pvid=99
add bridge=BRIDGE frame-types=admit-only-vlan-tagged interface=S3.PVE
add bridge=BRIDGE frame-types=admit-only-vlan-tagged interface=BOND.SWITCH multicast-router=disabled trusted=yes
/interface ethernet switch l3hw-settings
set ipv6-hw=yes
/interface bridge vlan
add bridge=BRIDGE comment=LAN tagged=BRIDGE,BOND.SWITCH,S3.PVE vlan-ids=164
add bridge=BRIDGE comment=MGMT tagged=BRIDGE,BOND.SWITCH vlan-ids=99
add bridge=BRIDGE comment=SERVER tagged=BRIDGE,S3.PVE vlan-ids=66
/interface ovpn-server server
set auth=sha1 cipher=aes128,aes192,aes256 mac-address=00:24:D3:F2:66:C7 max-mtu=1492 netmask=30 port=5222

/ip/ex
# sep/13/2022 18:13:34 by RouterOS 7.6beta6
# software id = 
#
# model = CCR2116-12G-4S+
# serial number = 
/ip ipsec profile
set [ find default=yes ] dh-group=ecp256 enc-algorithm=aes-256 hash-algorithm=sha512 prf-algorithm=sha512 proposal-check=strict
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=12h pfs-group=ecp256
/ip pool
add name=LAN ranges=172.20.164.1-172.20.164.59
/ip dhcp-server
add add-arp=yes address-pool=LAN allow-dual-stack-queue=no authoritative=after-2sec-delay bootp-support=none interface=0164.LAN lease-time=1w name=LAN
/ip address
add address=192.168.99.1/28 interface=0099.MGMT network=192.168.99.0
add address=172.20.164.60/24 interface=0164.LAN network=172.20.164.0
add address=192.168.66.1/24 interface=0066.SERVER network=192.168.66.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip dhcp-server lease
add address=172.20.164.1 allow-dual-stack-queue=no client-id=1:4c:20:b8:e5:2:3c mac-address=4C:20:B8:E5:02:3C server=LAN
add address=172.20.164.6 allow-dual-stack-queue=no client-id=1:42:4b:fc:6d:b:7f mac-address=42:4B:FC:6D:0B:7F server=LAN
/ip dhcp-server network
add address=172.20.164.0/24 dns-server=192.168.66.21 domain=lan gateway=172.20.164.60 ntp-server=172.20.164.60
/ip firewall address-list
add address=172.20.164.0/24 list=ADMIN
add address=10.0.0.0/8 list=PRIVATE
add address=172.16.0.0/12 list=PRIVATE
add address=192.168.0.0/16 list=PRIVATE
/ip firewall connection tracking
set icmp-timeout=4s loose-tcp-tracking=no udp-timeout=30s
/ip neighbor discovery-settings
set discover-interface-list=all protocol=lldp,mndp
/ip settings
set max-neighbor-entries=8192
/ip firewall filter
add action=fasttrack-connection chain=forward comment="FASTTRACK HW-OFFLOAD" connection-state=established,related dst-address-list=PRIVATE hw-offload=yes \
    src-address-list=PRIVATE
add action=fasttrack-connection chain=forward comment=FASTTRACK connection-state=established,related hw-offload=no
add action=accept chain=forward comment="ESTABLISHED, RELATED" connection-state=established,related
/ip firewall service-port
set irc disabled=no ports=6667,6697
set sip disabled=yes ports=5060,5061,5070
/ip proxy
set max-cache-object-size=512000KiB
/ip route
add check-gateway=none disabled=no distance=1 dst-address=172.16.0.0/14 gateway=*1A routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no dst-address=10.13.37.2/32 gateway=*1A routing-table=main suppress-hw-offload=no
add dst-address=10.242.6.1/32 gateway=*1A
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.33.2 pref-src=0.0.0.0 routing-table=*404 scope=30 suppress-hw-offload=no target-scope=10
add disabled=no dst-address=10.242.99.0/24 gateway=*1A routing-table=main suppress-hw-offload=no
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes port=4480
set www-ssl tls-version=only-1.2
set api disabled=yes
set api-ssl disabled=yes
/ip socks
set max-connections=250 version=5
/ip ssh
set always-allow-password-login=yes forwarding-enabled=both host-key-size=4096 strong-crypto=yes
/ip traffic-flow
set cache-entries=256k

2022-09-13 at 18.43.44.png

S1+S2 use XS+DA0001; S3 uses S+RJ10 module, will try 1G ports tomorrow, to see if there's a difference / problem with SFP+ ports.

Posted: **Tue Sep 13, 2022 10:42 pm**

I found on 7.5 that for L3 hardware off loading on my CRS328, not all VLANs would be offloaded.Each new VLAN I added required a reboot for it to work. But I can see on yours that you've rebooted.

Posted: **Tue Sep 13, 2022 11:34 pm**

dumped-saved-advertisements is broken in 7.5 and 7.6beta6 as per this thread viewtopic.php?p=956793#p956793

Posted: **Wed Sep 14, 2022 8:54 am**

Soooo.......
Question.

/system/device-mode/print 
            mode: enterprise
[...]
            l2tp: no
[...]

/interface/l2tp-server/export verbose
/interface l2tp-server server
# inactivated, not allowed by device-mode
[...] enabled=no [...]

/log/print
05:46:01 l2tp,info first L2TP UDP packet received from x.y.x.z
05:46:02 l2tp,info first L2TP UDP packet received from x.y.z.x

l2tp is disabled via setting and via device-mode, how is it listening?

Posted: **Wed Sep 14, 2022 1:35 pm**

@ IPv6-HW offloading:
@ raimondsp: even the 7.7Alpha72 preview doesn´t help... :-/
Short update, with an SFP+ connection the switch doesn´t boot but with only some copper connections it does.
BUT: even only with copper connections the switch reboots sponaniously every several minutes with a kernel failure. MT is investigating the issue :-)

Posted: **Wed Sep 14, 2022 3:03 pm**

+1 for OSPFv3 wrong checksum (7.6beta6 on rb2011)

Posted: **Wed Sep 14, 2022 8:23 pm**

"Wrong checksum" problem will be fixed in the next beta

Posted: **Thu Sep 15, 2022 5:21 am**

7.6beta4: RB5009 no longer shows and provides access to mounted USB T5 Samsung SSD drive partition. It works in 7.5 and earlier.

Was able to get 32b windows netinstall working today and after installing 7.6beta6 the drive now works correctly. I wasn't expecting netinstall to fix this but since no one else reported a similar problem it seemed worth trying.

Posted: **Thu Sep 15, 2022 10:32 am**

Hello. When will BFD appear?

Posted: **Thu Sep 15, 2022 10:56 am**

@ IPv6-HW offloading:
@ raimondsp: good news, the deactivation of IGMP Snooping was the deal
Switch didn´t reboot spontaniously anymore and even the problem with the SFP+ connection which prevents the boot is gone. (in 7.7 Alpha72)
So you “only” have to fix the IGMP Snooping problem ;-)
Good Job!! :-)

P.S: if you need additional files or infos from me, ask!

Posted: **Thu Sep 15, 2022 11:39 am**

CCR2116: L3HW NAT is fixed with 7.6beta6 (broke with 7.5)
CPU switch rules are still broken though.

Posted: **Thu Sep 15, 2022 11:43 am**

Hello. When will BFD appear?

BFD is a work in progress. It has been since Sep 4, 2021. For over a year now.

Posted: **Thu Sep 15, 2022 9:36 pm**

Hello. When will BFD appear?

waiting on this one too in v7...

Posted: **Mon Sep 19, 2022 1:51 pm**

What's new in 7.6beta7 (2022-Sep-16 09:27):

*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - allow changing container related parameters while it is running;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) ospf - fixed checksum calculation;
*) ospf - improved logging when invalid configuration is detected;
*) route - fixed disappearance of inactive static routes after upgrade;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) webfig - fixed creation of new IPv6 routes;
*) winbox - changed order of tabs under "User Manager" menu;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;

Posted: **Mon Sep 19, 2022 2:08 pm**

What's new in 7.6beta7 (2022-Sep-16 09:27):

Problem SUP-92054 is not solved with 7.6beta7. Please, fix it.

Posted: **Mon Sep 19, 2022 2:14 pm**

The changelog does not even indicate that the issue is resolved in this release. Wait for the release that fixes the issue.

Posted: **Mon Sep 19, 2022 2:49 pm**

What about recognition of LTE modules? Is it going to be resolved? No mention in the changelog

Posted: **Mon Sep 19, 2022 3:24 pm**

badperms.png

I know nothing is explicitly mentioned in the changelogs for this, but Once again the container was working fine until the version upgrade and occurs every time after upgrading to new beta (already reported for 7.6beta6: viewtopic.php?p=957696#p956039)...

It's a real tedious and time-consuming headache to recreate and reconfigure each time. When will this be fixed?? Pls guys

Posted: **Mon Sep 19, 2022 5:25 pm**

badperms.png
I know nothing is explicitly mentioned in the changelogs for this, but Once again the container was working fine until the version upgrade and occurs every time after upgrading to new beta (already reported for 7.6beta6: viewtopic.php?p=957696#p956039)...

It's a real tedious and time-consuming headache to recreate and reconfigure each time. When will this be fixed?? Pls guys

I don't know what problem you're still having, I've just upgraded from 7.6beta6 to 7.6beta7 and my AdGuadHome container auto started just fine:

 17:19:18 container[...] [info] AdGuard Home, version v0.107.13
 17:19:18 container[...] [error] creating dhcpv4 srv: dhcpv4: <nil> is not an IP address
 17:19:18 container[...] [info] Initializing auth module: /opt/adguardhome/work/data/sessions.db
 [...]
 17:19:19 container[...] [info] saving filter 1 contents to: /opt/adguardhome/work/data/filters/1.txt
 17:19:19 container[...] [info] updated filter 1: 949769 bytes, 49146 rules
 17:19:19 container[...] [info] Updated filter #1.  Rules: 48908 -> 49146

Show a /container config export , so we can see what you did there.

Posted: **Mon Sep 19, 2022 6:32 pm**

7.6b7 bgp sessions information ok now...

Posted: **Mon Sep 19, 2022 7:45 pm**

7.6b7 bgp sessions information ok now...

No! The uptime is ticking but it still displays fake information when a winbox "sessions" screen is open!
The uptime continues to tick up even when the session has been closed or failed.

Posted: **Mon Sep 19, 2022 7:47 pm**

7.6beta7 (2022-Sep-16 09:27):

Started with the previous beta LTE interface reboots when trying to connect . LtAP-2HnD

Posted: **Tue Sep 20, 2022 5:03 am**

No! The uptime is ticking but it still displays fake information when a winbox "sessions" screen is open!
The uptime continues to tick up even when the session has been closed or failed.

It seems to be fixed at the CLI. They might need to do additional things to fix this in Winbox, as it is quite common for them to add a new feature in the CLI and it only works in Winbox in a future version. What I see now in the CLI is that the session timer is back when the session is active, but it disappears entirely when the session has stopped. I think Winbox doesn't know how to handle this and instead just keeps counting the seconds from where it was before rather than clearing it. Probably, in a future version, we will see Winbox fixed.

The nice enhancement we have now, compared to 7.4, is that there are now fields for BGP session last-started and last-stopped date and time at the CLI.

Posted: **Tue Sep 20, 2022 8:28 am**

BGP VRF MPLS L3 (PE-CE) in v7.6 beta7
still having problem with routing propagation.
route sent from PE did not propagate correctly to Other PE's, missing AS-PATH

capture-7.6beta7.jpg

thx

Posted: **Tue Sep 20, 2022 9:58 am**

Hello. When will BFD appear?
waiting on this one too in v7...

So am I, I cannot go into production with ROS v7 until this is added, I have several BGP sessions with BFD requirement,

Also still have an issue with BGP-MED values not advertised on IBGP sessions

Posted: **Tue Sep 20, 2022 10:05 am**

7.6b7 bgp sessions information ok now...
No! The uptime is ticking but it still displays fake information when a winbox "sessions" screen is open!
The uptime continues to tick up even when the session has been closed or failed.

Seeing the same, Session dropped after a few minutes, and nothing helps restoring the session, have to reboot the router

Posted: **Tue Sep 20, 2022 11:00 am**

I don't know what problem you're still having, I've just upgraded from 7.6beta6 to 7.6beta7 and my AdGuadHome container auto started just fine:
Code: Select all
 17:19:18 container[...] [info] AdGuard Home, version v0.107.13
 17:19:18 container[...] [error] creating dhcpv4 srv: dhcpv4: <nil> is not an IP address
 17:19:18 container[...] [info] Initializing auth module: /opt/adguardhome/work/data/sessions.db
 [...]
 17:19:19 container[...] [info] saving filter 1 contents to: /opt/adguardhome/work/data/filters/1.txt
 17:19:19 container[...] [info] updated filter 1: 949769 bytes, 49146 rules
 17:19:19 container[...] [info] Updated filter #1.  Rules: 48908 -> 49146
Show a /container config export , so we can see what you did there.

where is your data stored? on an external flash drive?

Posted: **Tue Sep 20, 2022 11:05 am**

No! The uptime is ticking but it still displays fake information when a winbox "sessions" screen is open!
The uptime continues to tick up even when the session has been closed or failed.
It seems to be fixed at the CLI. They might need to do additional things to fix this in Winbox, as it is quite common for them to add a new feature in the CLI and it only works in Winbox in a future version. What I see now in the CLI is that the session timer is back when the session is active, but it disappears entirely when the session has stopped. I think Winbox doesn't know how to handle this and instead just keeps counting the seconds from where it was before rather than clearing it. Probably, in a future version, we will see Winbox fixed.

What we need in winbox is an auto-refresh of the BGP sessions window, as it was with v6 with the BGP peers window!
It should poll the router for actual information (including the actual uptime) rather than make a single query and display that info forever, including a fake ticking uptime.

Posted: **Tue Sep 20, 2022 11:09 am**

Seeing the same, Session dropped after a few minutes, and nothing helps restoring the session, have to reboot the router

That is not what I am claiming! The session gets disconnected and gets restored when the link comes back, but that does not show in the sessions display.
No idea why it does not work for you. I never seen that happening. Did you check the log? Maybe it says something like "EBGP peer is not on a shared network and multihop is not configured"? There is a bug in the new BGP that sometimes makes it mis-detect this situation and you have to enable multihop even though the peer isn't multihop!

Posted: **Tue Sep 20, 2022 11:11 am**

where is your data stored? on an external flash drive?

Of course, yes.

Posted: **Tue Sep 20, 2022 11:28 am**

where is your data stored? on an external flash drive?
Of course, yes.

so try on the internal flash drive. you will also get an error.
for example, there is no usb port on 4011. And there is this problem.

Posted: **Tue Sep 20, 2022 11:32 am**

I don't run containers on internal memory that's not that easy to replace (if even possible at all), sorry.

Posted: **Tue Sep 20, 2022 12:11 pm**

I don't know what problem you're still having, I've just upgraded from 7.6beta6 to 7.6beta7 and my AdGuadHome container auto started just fine:

Show a /container config export , so we can see what you did there.

Yeah it's definitely still a problem for me hey.. happening after each update, I'm not just making things up here.

Here's exactly what I use (except passwords changed obviously):

/container mounts add dst=/data name=nginxpm-app-data src=/container/nginxpm-app/data
/container mounts add dst=/etc/letsencrypt name=nginxpm-app-letsencrypt src=/container/nginxpm-app/letsencrypt
/container mounts add dst=/var/lib/mysql name=nginxpm-db-mysql src=/container/nginxpm-db/mysql
/container envs add key=DB_MYSQL_HOST name=nginxpm-app value=172.18.0.3
/container envs add key=DB_MYSQL_PORT name=nginxpm-app value=3306
/container envs add key=DB_MYSQL_USER name=nginxpm-app value=myuser
/container envs add key=DB_MYSQL_PASSWORD name=nginxpm-app value=somepass
/container envs add key=DB_MYSQL_NAME name=nginxpm-app value=nginxpm
/container envs add key=MYSQL_ROOT_PASSWORD name=nginxpm-db value=somepass
/container envs add key=MYSQL_DATABASE name=nginxpm-db value=nginxpm
/container envs add key=MYSQL_USER name=nginxpm-db value=myuser
/container envs add key=MYSQL_PASSWORD name=nginxpm-db value="somepass"
/container add envlist=nginxpm-app interface=veth1-nginxpm-app logging=yes mounts=nginxpm-app-data,nginxpm-app-letsencrypt remote-image=jc21/nginx-proxy-manager:latest
/container add envlist=nginxpm-db interface=veth2-nginxpm-db logging=yes mounts=nginxpm-db-mysql remote-image=jc21/mariadb-aria

"/container/" is not on on an external storage - it's a directory which gets created by routeros when creating the containers on the built-in storage.
since the last 2 updates (from 7.6beta4->7.6beta6, and beta7.6beta6->7.6beta7), I made sure to completely rebuild the containers when I noticed the permissions problem. That means I deleted all the container instances, envlists and mountpoints config, and the whole /containers directory, and started over. But that didn't help.
So I'm not too sure why I seem to be the only person still experiencing this issue. Maybe something's wrong with my CHR's filesystem ? Why does it only break on update though?
I have a ticket open, SUP-92866. Hoping for the best.. & Sorry for flooding the thread a bit with my complaint xD

Posted: **Tue Sep 20, 2022 12:27 pm**

Any reason why you're not setting a root-dir for your containers? where do they get created?
Post an output of /file/print

Posted: **Tue Sep 20, 2022 12:54 pm**

Any reason why you're not setting a root-dir for your containers? where do they get created?
Post an output of /file/print

Yeah I'm wondering if that might not be the cause. RouterOS generates a random ID & root-dir automatically, which I assumed was by design. This is retained after the upgrade, but perhaps there's an issue with permissions if root-dir isn't manually specified like you say?

[admin@chr] > /file/print
Columns: NAME, TYPE, SIZE, CREATION-TIME
# NAME TYPE SIZE CREATION-TIME
0 supout.rif .rif file 614.5KiB sep/20/2022 03:54:34
1 us2.rsc script 43.8KiB aug/30/2022 08:08:55
2 8771505e-94ad-41a8-b2e6-9ba67a2dcd05 container store sep/19/2022 08:16:06
3 8a21452c-17d5-4b41-b688-ae88797ceb13 container store sep/19/2022 08:14:46
4 container directory sep/19/2022 08:16:15
5 container/nginxpm-app directory sep/19/2022 08:16:06
6 container/nginxpm-app/data container store sep/19/2022 08:16:06
7 container/nginxpm-app/letsencrypt container store sep/20/2022 04:16:28
8 container/nginxpm-db directory sep/19/2022 08:16:15
9 container/nginxpm-db/mysql container store sep/19/2022 08:16:18
[admin@chr] >

The bold lines represent the automatically generated root dirs

Posted: **Tue Sep 20, 2022 1:01 pm**

Nah, doubt it, I thought they might interfere with your mounts but it doesn't seem to be the case. I'll try testing AdGuardHome in a CHR and see what I come up with.
But since it's a CHR can't you add to it another disk for containers?

Posted: **Tue Sep 20, 2022 1:17 pm**

Nah, doubt it, I thought they might interfere with your mounts but it doesn't seem to be the case. I'll try testing AdGuardHome in a CHR and see what I come up with.
But since it's a CHR can't you add to it another disk for containers?

It's an actual cloud-hosted CHR which comes with 50GB disk included the package (plenty enough for some small containers without needing to add another disk which I'd have to pay more for)...

*But* support have just gotten back to me with good news! -- "Thank you for the report! We have managed to reproduce the issue locally in our labs and look forward to fixing it on upcoming RouterOS versions, unfortunately, I cannot provide a release date now. Best regards," -- So hopefully we can put this one to rest now ;) Thanks for all the suggestions & feedback

Posted: **Tue Sep 20, 2022 1:53 pm**

So I'm not too sure why I seem to be the only person still experiencing this issue.

You are not the only one having this problem. I already write about every release about it.
AdGuardHome has the same problem.

Posted: **Tue Sep 20, 2022 2:04 pm**

[...]
*But* support have just gotten back to me with good news! -- "Thank you for the report! We have managed to reproduce the issue locally in our labs and look forward to fixing it on upcoming RouterOS versions, unfortunately, I cannot provide a release date now. Best regards," -- So hopefully we can put this one to rest now ;) Thanks for all the suggestions & feedback

Nice, I've managed to reproduce it too in the meantime.
I've installed CHR 7.6beta6, resized the main disk, installed AdGuardHome, upgraded to 7.6beta7 -> problem.
I've installed CHR 7.6beta6, added an extra disk, installed AdGuardHome on the 2nd disk, upgraded to 7.6beta7 -> ok.
So yes there still is a bug when you run containers on internal storage, probably same thing @tpedko is experiencing on his RB4011.
I don't have any MikroTik router with enough internal storage to sacrifice for a test.
Yes it's a problem with CHR instances, but with actual routers you SHOULD NOT run containers on their internal memory, as if the warning on the documentation page isn't enough.

Posted: **Tue Sep 20, 2022 2:18 pm**

Yes it's a problem with CHR instances, but with actual routers you SHOULD NOT run containers on their internal memory, as if the warning on the documentation page isn't enough.

On 5009 the same problem.
I think they can't fix the problem and that's why the documentation has a warning.

Posted: **Tue Sep 20, 2022 2:24 pm**

No, the documentation has a warning so that you don't wear out the internal memory with container garbage and then cry that your router died too soon.
This bug regarding mount permissions was recently fixed in 7.6beta4 but it only applies to containers sitting outside of the internal memory, it seems. It'll get fixed, like the reply that @fragtion posted above says.
The warning that you shouldn't put garbage on your internal precious memory will always be there.

Posted: **Tue Sep 20, 2022 8:23 pm**

No! The uptime is ticking but it still displays fake information when a winbox "sessions" screen is open!
The uptime continues to tick up even when the session has been closed or failed.
Seeing the same, Session dropped after a few minutes, and nothing helps restoring the session, have to reboot the router

I don't have this issue, using CCR2216 with 58 bgp peers...sessions are stable...

Posted: **Thu Sep 22, 2022 5:57 pm**

DOM/DDM on my RB760iGS still not work.

Posted: **Fri Sep 23, 2022 1:05 pm**

What's new in 7.6beta8 (2022-Sep-21 09:20):

Important note!!!

Version not recommended on TILE and RB5009 devices if MACsec is used;

Changes in this release:

*) bgp - added support for BGP advertisement displaying (CLI only);
*) certificate - fixed SHA1 certificate name lookup;
*) dhcpv4-server - fixed matcher functionality;
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - removed interface from SMIPS devices;
*) ospf - added SHA hashing for authentication;
*) queue - improved stability for CAKE type queues;
*) snmp - improved retrieval of routing related OID's;
*) sstp - added IPv6 support (CLI only);
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) tile - improved system stability when processing packets;
*) webfig - fixed hex input for "Host Uniq" field;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added MACsec support;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) wireless - disallowed using "default" as scan list or channel names;

Posted: **Fri Sep 23, 2022 1:07 pm**

New /routing/stats/adverts menu, feedback, and suggestions are welcome.

Posted: **Fri Sep 23, 2022 1:19 pm**

Q:
*) wireless - disallowed using "default" as scan list or channel names

What is this specifically about ?
How does this relate to Connect List ?

Posted: **Fri Sep 23, 2022 2:07 pm**

Q:
*) wireless - disallowed using "default" as scan list or channel names

What is this specifically about ?
How does this relate to Connect List ?

OK, you can drop this question.
Completely unrelated.

Posted: **Fri Sep 23, 2022 2:12 pm**

/stats/adverts menu, feedback, and suggestions are welcome.
Need adverts prefix send peer bgp

Posted: **Fri Sep 23, 2022 2:21 pm**

DOM/DDM on my RB760iGS still not work.

Posted: **Fri Sep 23, 2022 2:27 pm**

DOM/DDM on my RB760iGS still not work.

Is there any fix mentioned in the changelog and it doesn't work?

Posted: **Fri Sep 23, 2022 3:02 pm**

BGP VRF MPLS L3 (PE-CE) in v7.6 beta7
still having problem with routing propagation.
route sent from PE did not propagate correctly to Other PE's, missing AS-PATH

capture-7.6beta7.jpg

thx

This problem still exist in 7.6beta8

thx

Posted: **Fri Sep 23, 2022 3:34 pm**

Need adverts prefix send peer bgp

what do you mean exactly?

Posted: **Fri Sep 23, 2022 4:02 pm**

Need adverts prefix send peer bgp
what do you mean exactly?

I think it says that the advertisment to peer of the prefix is very slow when there is an huge rotuing table.
In my cases it need 3/4h to send all the advertised prefix.

several supouts (about several 7.6bx) sent for ticket 81652 e 86404

regards
Ros

Posted: **Fri Sep 23, 2022 4:08 pm**

[admin@R2] > /interface/macsec/print detail 
Flags: I - inactive, X - disabled, R - running 
 0 R name="macsec1" interface=ether2 status="open-encrypted" 
     cak=5509eb30c8515ad7e383f52a7d612e6c 
     ckn=6cbda7b285ddf825a8db1659995d87c43cc11b36a3727f10f4388cd4d7344b85 
     profile=default 
[admin@R2] > ping 10.10.10.1
  SEQ HOST                                     SIZE TTL TIME       STATUS        
    0 10.10.10.1                                 56  64 2ms294us  
    1 10.10.10.1                                 56  64 2ms421us  
    2 10.10.10.1                                 56  64 2ms846us  
    sent=3 received=3 packet-loss=0% min-rtt=2ms294us avg-rtt=2ms520us 
   max-rtt=2ms846us 

[admin@R2] >

macsec basic test working

Posted: **Fri Sep 23, 2022 4:13 pm**

New /routing/stats/adverts menu, feedback, and suggestions are welcome.

We need both the advertised and the received number of routes.

Posted: **Fri Sep 23, 2022 4:50 pm**

no, but still not work since upgrade from ROS 6 .. long time allready :(

DOM/DDM on my RB760iGS still not work.
Is there any fix mentioned in the changelog and it doesn't work?

Posted: **Fri Sep 23, 2022 5:28 pm**

New /routing/stats/adverts menu, feedback, and suggestions are welcome.

What is adverts? advertisement? i would prefer the name similar with v6, "advertisements".

Posted: **Fri Sep 23, 2022 7:30 pm**

CR2116-12G-4S+ originally netinstaleld with 7.6beta7, update via drag&drop file from 7.6beta7 to 7.6beta8 without problem.
No config lost.

Unreported FIXs:
*) On CCR2116-12G-4S+ with S-31DLC20D now do not need everytime manual disable/enable the sfp interface when reboot the router.
*) On CCR2116-12G-4S+ the S-31DLC20D now correctly support Auto Negotiation.

BUG:
Upgrade RouterBOOT require everytime dual boot.
(temporary fix: extract right firmware with 7-zip from .npk, and upgrade the BIOS before reboot for upgrade the OS)

Posted: **Sat Sep 24, 2022 12:27 am**

My CCR2116 is unable to update to this version, there's nothing in the logs, 42MB free diskspace. It downloads the 7.6beta4 image, reboots and comes up again with version 7.5.
2-Partition setup, user-manager and zerotier extra packages are installed.

I got RB3011UiAS-RM
it also got 128MB memory only but i update almost always to latest "testing" version without any problem
I can suggest bu your mikrotik and zero IT tottaly

You can also update it from other mikrotik
They release couple of days ago on youtube movie how to do that.

Posted: **Sat Sep 24, 2022 12:47 am**

I can suggest bu your mikrotik and zero IT tottaly

You can also update it from other mikrotik
They release couple of days ago on youtube movie how to do that.

Okay, but on the issue of release don't write like this, it's incomprehensible,
and if he needs help he has to open his own topic, not to mix everything up here.

Posted: **Sat Sep 24, 2022 4:11 am**

Need adverts prefix send peer bgp
what do you mean exactly?

similar command /routing bgp> advertisements

Posted: **Sat Sep 24, 2022 4:13 am**

New /routing/stats/adverts menu, feedback, and suggestions are welcome.
We need both the advertised and the received number of routes.

YES

Posted: **Sat Sep 24, 2022 5:20 am**

I think they plan to put the received number of routes in /routing/bgp/sessions in the prefix-count field, which currently always reads 0.

Posted: **Sat Sep 24, 2022 8:12 am**

New /routing/stats/adverts menu, feedback, and suggestions are welcome.

Finally, this release help me a lot, bgp issue is resolved with this release...

Posted: **Sat Sep 24, 2022 10:35 am**

New /routing/stats/adverts menu, feedback, and suggestions are welcome.
Finally, this release help me a lot, bgp issue is resolved with this release...

we still have issue:
- 352 sessions
- 3 fullroute providders
- 10 routeservers

It starts after some minutes:
- drpping sessiong about holdtimer expire
- stop loading the routes from bigger provider
- very late adverstisment of our prefixes

I think there is a bottleneck in updating the main routing table by bgp.
regards

Posted: **Sat Sep 24, 2022 12:23 pm**

[admin@R2] > /interface/macsec/print detail 
Flags: I - inactive, X - disabled, R - running 
 0 R name="macsec1" interface=ether2 status="open-encrypted" 
     cak=5509eb30c8515ad7e383f52a7d612e6c 
     ckn=6cbda7b285ddf825a8db1659995d87c43cc11b36a3727f10f4388cd4d7344b85 
     profile=default 
[admin@R2] > ping 10.10.10.1
  SEQ HOST                                     SIZE TTL TIME       STATUS        
    0 10.10.10.1                                 56  64 2ms294us  
    1 10.10.10.1                                 56  64 2ms421us  
    2 10.10.10.1                                 56  64 2ms846us  
    sent=3 received=3 packet-loss=0% min-rtt=2ms294us avg-rtt=2ms520us 
   max-rtt=2ms846us 

[admin@R2] >

macsec basic test working

finally. on which hardware did you test that?

Posted: **Sat Sep 24, 2022 12:35 pm**

hapac2 -> hapac2 just for the sake of the test

Posted: **Sat Sep 24, 2022 12:39 pm**

Once one party reconnects, the network stops working.
You have to disable both ends and then enable both.

test between hap ac lite & hap ac2.

[admin@R2] > /interface/macsec/print detail 
Flags: I - inactive, X - disabled, R - running 
 0 R name="macsec1" interface=ether2 status="open-encrypted" 
     cak=5509eb30c8515ad7e383f52a7d612e6c 
     ckn=6cbda7b285ddf825a8db1659995d87c43cc11b36a3727f10f4388cd4d7344b85 
     profile=default 
[admin@R2] > ping 10.10.10.1
  SEQ HOST                                     SIZE TTL TIME       STATUS        
    0 10.10.10.1                                 56  64 2ms294us  
    1 10.10.10.1                                 56  64 2ms421us  
    2 10.10.10.1                                 56  64 2ms846us  
    sent=3 received=3 packet-loss=0% min-rtt=2ms294us avg-rtt=2ms520us 
   max-rtt=2ms846us 

[admin@R2] >

macsec basic test working

finally. on which hardware did you test that?

Posted: **Sat Sep 24, 2022 12:53 pm**

New /routing/stats/adverts menu, feedback, and suggestions are welcome.

The stats should be made available as part of /routing/bgp/session instead of as a separate menu. So it can be displayed as a column in the sessions window and on the stats tab of the detail window of a session.

Posted: **Sat Sep 24, 2022 12:57 pm**

[admin@R2] > /interface/macsec/print detail 
Flags: I - inactive, X - disabled, R - running 
 0 R name="macsec1" interface=ether2 status="open-encrypted" 
     cak=5509eb30c8515ad7e383f52a7d612e6c 
     ckn=6cbda7b285ddf825a8db1659995d87c43cc11b36a3727f10f4388cd4d7344b85 
     profile=default 
[admin@R2] > ping 10.10.10.1
  SEQ HOST                                     SIZE TTL TIME       STATUS        
    0 10.10.10.1                                 56  64 2ms294us  
    1 10.10.10.1                                 56  64 2ms421us  
    2 10.10.10.1                                 56  64 2ms846us  
    sent=3 received=3 packet-loss=0% min-rtt=2ms294us avg-rtt=2ms520us 
   max-rtt=2ms846us 

[admin@R2] >

macsec basic test working

I tried on CRS328-24P-4S+ (7.6beta8) on an ethernet interface which is not part of a bridge, but get "Invalid slave interface". Any idea?

[user@host] /interface/macsec> print
Flags: I - inactive, X - disabled, R - running
 0 I ;;; Invalid slave interface
     name="macsec1" interface=e20__TEST status="invalid" cak=4d84367e465e28c63333eb9589f6ec70
     ckn=6cbda7b285ddf825a8db1659995d87c43cc11b36a3727f10f4388cd4d7344b85 profile=default

Posted: **Sat Sep 24, 2022 1:55 pm**

@elpeh the slave interfaces have to be enabled and connected on both sides

Posted: **Sat Sep 24, 2022 2:05 pm**

@arainbow

Yeah i notice that too, sometimes disabling both side and re-enable them doesn't work either the workaround is to change cak and ckn values on both side and reconnect :) but it's a progress maybe next beta would fix this, another thing i notice the macsec interface is not available if you want to make it as a trunk port at least in winbox

Posted: **Sat Sep 24, 2022 2:09 pm**

@elpeh i don't have that kind of hardware you have so, i try CHR to CHR and hapac2 to hapac2 i can't reproduce your issue, i can only reproduce it when the interface is a member of an existing bridge hence the error or the macsec slave interface is offline

Posted: **Sat Sep 24, 2022 2:29 pm**

what I don't understand is why the MTU is reduced by 32 bytes when using macsec. The 802.1AE header + ICV are injected into the ethernet frame. Sure your L2MTU needs to be large enough to fit the additional 32 bytes, but the MTU should stay the same.. Maybe I'm wrong but it doesn't make sense to me.

45  R  macsec1         macsec             1468                    DC:2C:6E:D6:AB:52

Posted: **Sat Sep 24, 2022 5:52 pm**

@elpeh the slave interfaces have to be enabled and connected on both sides

Thanks, yes: made some mistake while testing remotely (and also can confirm the reenabling is necessary on both sides)

Posted: **Sat Sep 24, 2022 5:55 pm**

what I don't understand is why the MTU is reduced by 32 bytes when using macsec. The 802.1AE header + ICV are injected into the ethernet frame. Sure your L2MTU needs to be large enough to fit the additional 32 bytes, but the MTU should stay the same.. Maybe I'm wrong but it doesn't make sense to me.
Code: Select all
45  R  macsec1         macsec             1468                    DC:2C:6E:D6:AB:52

It's possible to set physical (ethernet) interface mtu to 1532. Haven't made any systematic bigger packets (or throughput) tests, yet (because of bridge problems), but at least effect on bridge/vlan actual-mtu is as expected.

Posted: **Sat Sep 24, 2022 6:07 pm**

7.6beta8 (between CRS328-24P-4S+ and hEX S): macsec and bridges... seems not ready yet:
It's possible to add macsec interface as port of bridge. But adding it as tagged (probably also untagged) interface in /interface/bridge/vlan[/code] is not working (interface name not accepted).
If I set pvid to my management VLAN ID (not 1), I can reach the "remote" (hEX S) system on ipv4 address configured for mgmt vlan interface.
BUT: test client on another port configured as mgmt vlan untagged cannot communicate successfully with macsec interface beeing the "uplink" in contrast to (other) ethernet link in a trunk configuration. --EDIT: have to recheck this after disabling vlan-filtering on both bridges.
As the setup is (a bit remote) no time yet for packet sniffing.

Posted: **Sat Sep 24, 2022 9:04 pm**

test between hAP ac² and a CRS326-24G-2S+
macsec connection works

adding to the bridge also works (not hardware offloaded, as i thought it would be anyway)
but at the moment one is not able to select it in the bridge -> vlan menu as a tagged or untagged port (only via PVID settings as untagged)

Posted: **Sat Sep 24, 2022 9:48 pm**

New /routing/stats/adverts menu, feedback, and suggestions are welcome.
The stats should be made available as part of /routing/bgp/session instead of as a separate menu. So it can be displayed as a column in the sessions window and on the stats tab of the detail window of a session.

not really sure how do you imagine showing, for example, a list of 100 advertised prefixes in the session menu.

Posted: **Sat Sep 24, 2022 10:01 pm**

not really sure how do you imagine showing, for example, a list of 100 advertised prefixes in the session menu.

I'm really excited this is finally done so thanks for getting it in the code. I do, however agree with pe1chl that it should probably be moved to something like:

/routing/bgp/session/advertisements/print where session=bgp_peer_name

or

/routing/route/advertisements/print where belongs-to=system_name_for_bgp_peer

With an output format more like /routing/route

If you use MikroTik routers to sell transit, run an IX or otherwise send full tables and need to verify a large number of advertisements, the current output format will make that operationally much harder.

Posted: **Sat Sep 24, 2022 10:08 pm**

the main reason why it is not in the BGP submenu, is because the adverts will be able to show advertisements also from other publishers, not just a BGP peers.

Posted: **Sun Sep 25, 2022 2:00 am**

Then it seems like it would make sense to put all advertised routes in /routing/route/advertisements and use existing flags to identify what protocol is advertising the route.

That would match the behavior of /routing/route since it already knows about all learned routes

Posted: **Sun Sep 25, 2022 11:56 am**

the main reason why it is not in the BGP submenu, is because the adverts will be able to show advertisements also from other publishers, not just a BGP peers.

Then at least there should be a linked version of that same field in the BGP sessions stats.
(implemented internally not as a copy but as a link between the session and the advertisements from that session)
It is one special case of the general deficiency in the monitoring of the BGP sessions in RouterOS v7. This should be improved so there is again an overview of the session status of all BGP peers in a single table, which is auto-refreshed in winbox.
And of course this time effort should be made as well to make it available via SNMP.

Posted: **Sun Sep 25, 2022 11:58 am**

The stats should be made available as part of /routing/bgp/session instead of as a separate menu. So it can be displayed as a column in the sessions window and on the stats tab of the detail window of a session.
not really sure how do you imagine showing, for example, a list of 100 advertised prefixes in the session menu.

It could at least have the "count" field (number of advertised routes). And then a subcommand (button) to show the list.

Posted: **Sun Sep 25, 2022 1:09 pm**

Then it seems like it would make sense to put all advertised routes in /routing/route/advertisements and use existing flags to identify what protocol is advertising the route.

That would match the behavior of /routing/route since it already knows about all learned routes

I like that idea, that is one place where I would intuitively look for this. Also (please correct me if I am wrong) the verb "show" isn't used anywhere else. It took me a moment to notice that "print" would not show me the advertisements.

Posted: **Sun Sep 25, 2022 10:38 pm**

not really sure how do you imagine showing, for example, a list of 100 advertised prefixes in the session menu.
It could at least have the "count" field (number of advertised routes). And then a subcommand (button) to show the list.

yes yes

Posted: **Mon Sep 26, 2022 9:36 am**

†
*) radius - require "policy" policy for "login" service configuration;
Nooo.... 😥😥😥
Unfortunately you have noticed it...
I have always used it to scale permissions and become an administrator even in RouterBOARD which I did not have administrative access...

Now than the pandora box is open, please add this critical security fix also on 7.5, 6.48.6 and 6.49.6...

What does this exactly mean?
Could someone with just "reboot, read, winbox, web" policies, authenticated through radius, escalate its policies to full admin status?

Regards,
M.

Posted: **Mon Sep 26, 2022 3:55 pm**

*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;

Can someone please explain what symptoms this fixed? I've had some seriously messed up WiFi performance lately (down to 12Kbs even though the MCS rate is 400Mbs) for one of my SSIDs on one of my cAP ac units. 7.6beta8 seems to have fixed it but I note this particular item was in beta6.

Posted: **Mon Sep 26, 2022 5:31 pm**

Not sure what has changed but had to reset my Chateau LTE12 after upgrading to beta8, the LTE interface would not initialize.
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;

EE UK Connection, both ipv6 and ipv4 available.

Posted: **Mon Sep 26, 2022 6:22 pm**

*) bgp - added support for BGP advertisement displaying (CLI only);

Excellent Feature... Most Required and awaited Feature

Posted: **Mon Sep 26, 2022 8:41 pm**

Are you able to clarify what issue the below is resolving?

*) tile - improved system stability when processing packets;

Many thanks.

Posted: **Thu Sep 29, 2022 5:05 am**

New /routing/stats/adverts menu, feedback, and suggestions are welcome.

The syntax in general is not very fluid, you cant just "follow your nose" and get the information you need, you have to actually know what you are looking for and where to find it. I agree with Kevin's feedback about an improved syntax.

The adverts "show" format is quite verbose. It would be nice if the default output was a simple list of the prefixes that are advertised, and the "detailed" output gave the verbose result (Like how it was in RouterOS v6)

Posted: **Thu Sep 29, 2022 8:39 am**

*) tile - improved system stability when processing packets; - fixes a kernel crash that can happen in some fringe scenarios.

Posted: **Thu Sep 29, 2022 10:31 am**

*) bgp - added support for BGP advertisement displaying (CLI only);

Excellent Feature... Most Required and awaited Feature

For me, the most required and awaited feature definately is BFD. But it is a work in progress. For over a year, now.

Posted: **Thu Sep 29, 2022 3:22 pm**

*) tile - improved system stability when processing packets; - fixes a kernel crash that can happen in some fringe scenarios.

Thanks Guntis. Do you have any details on what these fringe scenarios are? We've had some kernel panics running 7.5 on TILE, so would be good to know if these could be related.

Posted: **Thu Sep 29, 2022 3:45 pm**

Soooo.......
Question.

/system/device-mode/print 
            mode: enterprise
[...]
            l2tp: no
[...]

/interface/l2tp-server/export verbose
/interface l2tp-server server
# inactivated, not allowed by device-mode
[...] enabled=no [...]

/log/print
05:46:01 l2tp,info first L2TP UDP packet received from x.y.x.z
05:46:02 l2tp,info first L2TP UDP packet received from x.y.z.x

l2tp is disabled via setting and via device-mode, how is it listening?

The same thing happens to me on 7.5 stable (HW: RB4011iGS+5HacQ2HnD). Have you found what is causing this?

[admin@MikroTik] /interface/l2tp-server/server> print
                 enabled: no

Log:

 sep/24 04:53:34 l2tp,info first L2TP UDP packet received from 146.88.240.4
 sep/24 05:50:50 l2tp,info first L2TP UDP packet received from 154.89.5.92
 sep/24 05:50:51 l2tp,info first L2TP UDP packet received from 154.89.5.75
 sep/25 04:49:04 l2tp,info first L2TP UDP packet received from 146.88.240.248
 sep/25 04:59:09 l2tp,info first L2TP UDP packet received from 146.88.240.4
 sep/26 04:54:05 l2tp,info first L2TP UDP packet received from 146.88.240.4
 sep/27 04:47:15 l2tp,info first L2TP UDP packet received from 146.88.240.4
 sep/28 04:57:33 l2tp,info first L2TP UDP packet received from 146.88.240.4
 sep/28 15:06:49 l2tp,info first L2TP UDP packet received from 154.89.5.92
 04:54:51 l2tp,info first L2TP UDP packet received from 146.88.240.248
 04:57:07 l2tp,info first L2TP UDP packet received from 146.88.240.4

Posted: **Fri Sep 30, 2022 3:53 am**

WinBox/WebFig 'prefix count' for BGP sessions is still 0, but looks OK in CLI - 7.6beta8

Posted: **Fri Sep 30, 2022 5:49 am**

dear emils,
is there any plan to put recursive via or similar on /ip route or perhaps on /routing route for recursive condition ?

Posted: **Fri Sep 30, 2022 7:15 am**

WinBox/WebFig 'prefix count' for BGP sessions is still 0, but looks OK in CLI - 7.6beta8

where did you see them in CLI?

regards

Posted: **Fri Sep 30, 2022 7:19 am**

moderator note: do not quote preceding post, use "Post Reply"

/routing/stats/adverts print

Posted: **Fri Sep 30, 2022 4:27 pm**

What's new in 7.6beta10 (2022-Sep-29 20:02):

Important note!!!

Version is not recommended for devices where VXLAN interfaces are already configured.

Changes in this release:

*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - improved certificate management, signing and storing processes;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) qsfp - added interface temperature warnings and shutdown;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) routerboard - return router's short name in "model" parameter;
*) serial - added support for newer PL2303 serial controllers;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added quick filtering option for route list;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;

Posted: **Fri Sep 30, 2022 4:49 pm**

Code: Select all
/routing/stats/adverts print

That shows the number of advertised prefixes, not the "prefix count" (= the number of RECEIVED prefixes)!

Posted: **Fri Sep 30, 2022 7:29 pm**

BGP VRF MPLS L3 (PE-CE) in v7.6 beta7
still having problem with routing propagation.
route sent from PE did not propagate correctly to Other PE's, missing AS-PATH

capture-7.6beta7.jpg

thx

When will you fix this BGP issue?
How many longer we should wait?

Posted: **Fri Sep 30, 2022 8:12 pm**

Please add source-ip parameter to vtep config, currently it's a big mess when using loopback addresses as remote endpoints.

Posted: **Fri Sep 30, 2022 8:42 pm**

This beta10 version is giving me DNS issues with certain domains such as Amazon and YouTube with MikroTik Chateau 5G. In the Winbox Terminal, the DNS look-up gives strange errors about invalid MAC and IPv6 addresses (my ISP Three Ireland is IPv4 only). This issue also occurs when I use the Google DNS 8.8.8.8 in RouterOS:

These DNS lookups resolve again after a reboot or DNS flush, however, the issue returns a few minutes later such as shown in the following screenshot.

RouterOS 7.6beta10 DNS problem.png

I did not have this issue with Router v7.6beta6 (the last version before updating). I downgraded RouterOS to v7.5 and this issue no longer occurs.

Posted: **Fri Sep 30, 2022 10:23 pm**

This beta10 version is giving me DNS issues with certain domains such as Amazon and YouTube

Indeed! The DNS resolver is broken. Please fix ASAP!

Posted: **Fri Sep 30, 2022 11:09 pm**

What's new in 7.6beta7 (2022-Sep-16 09:27):

...
*) ospf - fixed checksum calculation;
...

Great. No more messages about wrong checksum, but 7.6beta10 can't establish sessions with multiple neighbors in one broadcast domain.

Posted: **Fri Sep 30, 2022 11:36 pm**

@Seán in case you want to upgrade to beta10 again, please post the output of :put [:resolve smile.amazon.co.uk] when this error occurs

Posted: **Sat Oct 01, 2022 12:02 am**

moderator note: do not quote preceding post, use "Post Reply"

Able to reproduce this with 7.6beta10 on RB4011iGS+

[user@host] > :put [:resolve smile.amazon.co.uk]
failure: dns name exists, but no appropriate record

Not able to test for longer systematically, but I see that smile.amazon.co.uk is a CNAME to CNAME configuration.

Posted: **Sat Oct 01, 2022 2:13 am**

Happy to report MACSEC on v7.6 beta 10 on CHR is now working and passing IP....
Excellent work...

Now for VLAN's over MACSEC ...

MikroTik

v7.6beta [testing] is released!

v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!

Re: v7.6beta [testing] is released!