Page 1 of 2

v7.10, 7.10.1 and more [stable] are released!

Posted: Thu Jun 15, 2023 2:31 pm
by EdPa
RouterOS version 7.10 has been released in the "v7 stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.10.2 (2023-Jul-12 12:45):

*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);

What's new in 7.10.1 (2023-Jun-27 12:03):

*) ovpn - fixed OVPN server peer-id negotiation;
*) webfig - use router time zone for date and time;

What's new in 7.10 (2023-Jun-15 08:17):

!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8 );
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8 );
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8 );
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - other system stability improvements;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while a router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 3:00 pm
by loloski
Upgraded a testbed hapac2 so far working

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 3:02 pm
by tim427
I'm super happy with the BGP addition in SNMP; `bgpPeerTable` (https://oidref.com/1.3.6.1.2.1.15.3)
It would be awesome if are also added for some NMS-products.

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 3:14 pm
by pe1chl
Why is a stable version released with a half-hearted implementation of the change in time format?
I think it is a good change in principle, but it seems controversial for scripting (discussion elsewhere) and now we have a mix of formats all over the place.
Would it not be better to make the complete change, or roll back when it cannot be completed, at the point of stable release?

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 3:15 pm
by mafiosa
Upgraded Rb5009 non poe. Seems to be working fine.

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 3:24 pm
by ivanfm
Why is a stable version released with a half-hearted implementation of the change in time format?
I think it is a good change in principle, but it seems controversial for scripting (discussion elsewhere) and now we have a mix of formats all over the place.
Would it not be better to make the complete change, or roll back when it cannot be completed, at the point of stable release?
Also they know that are a problem on dates show on webfig, and I just found that it depends of your browser timezone.

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 3:40 pm
by Grant
Hello
*) l3hw - added monitoring options for L3HW utilization (CLI only);

How to use it?

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 3:58 pm
by seedbedUnmoved
Anyone test on a Hap ax2 or 3? I can't test until later but I've been stuck on 7.8 because of a stability bug introduced in 7.9

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 4:00 pm
by Rox169
Fix for WiFi will be in 7.11 so stay at 7.8

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 4:01 pm
by EdPa
L3HW monitor: https://help.mikrotik.com/docs/display/ ... ng-Monitor

Usage:
/interface/ethernet/switch/l3hw-settings monitor

/interface/ethernet/switch/l3hw-settings/advanced monitor

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 4:12 pm
by usx
.

The following Bug which was introduced in 7.9 still exists:

Re: v7.9 [stable] is released! -- Post by usx » Mon May 08, 2023 9:12 pm

There is a new bug in WebFig. When toggling the enabled/disabled state from disabled to enabled, the entire row stays grey as if it were disabled.

For example in WiFi Interfaces or Firewall rules, I think it applies all the tables with rows which can be toggled.

.

Other than that, no issues on mAP

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 4:16 pm
by Caci99
Fix for WiFi will be in 7.11 so stay at 7.8
What fix are you referring to? This release has several fixes on wifi wave2.

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 4:31 pm
by ToTheCLI
Just updated to 7.10 firmware and routerboard on RB5009 everything working as expected with MA5671A.

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 4:39 pm
by pitron
RB4011 after update lost ovpn.
Connecting
Established
Disconndcted

<user> detect UNKNOWN
I am not sure how was before
Any ideas?

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 4:51 pm
by anav
Still waiting to get a response from MT of how this is to be used and why it was implemented............... ?????
*) firewall - added "endpoint-independent-nat" support;

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 5:12 pm
by rextended
<post for topic subscription>

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 5:37 pm
by Larsa
Why is a stable version released with a half-hearted implementation of the change in time format?

I'll second that! When will this be fixed??

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 5:38 pm
by tyu
Endpoint-independent NAT is documented in the help pages and has a link to an RFC describing what it might be used for.

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 6:20 pm
by Rox169
Fix for WiFi will be in 7.11 so stay at 7.8
What fix are you referring to? This release has several fixes on wifi wave2.

Clients can not connect WiFi only reboot will help. Check forum there is plenty of reports.

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 6:21 pm
by rextended
Still waiting to get a response from MT of how this is to be used and why it was implemented............... ?????
*) firewall - added "endpoint-independent-nat" support;

"Endpoint-Independent Mapping" is defined in [BEH-UDP] as follows:

The NAT reuses the port mapping for subsequent packets sent from
the same internal IP address and port (X:x) to any external IP
address and port.


"Endpoint-Independent Filtering" is defined in [BEH-UDP] as follows:

The NAT filters out only packets not destined to the internal
address and port X:x, regardless of the external IP address and
port source (Z:z). The NAT forwards any packets destined to
X:x. In other words, sending packets from the internal side of
the NAT to any external IP address is sufficient to allow any
packets back to the internal endpoint
.


A NAT device employing the combination of "Endpoint-Independent
Mapping" and "Endpoint-Independent Filtering" will accept incoming
traffic to a mapped public port from ANY external endpoint on the
public network
.



Simply put, the whole World can have access to that permanently open port in the NAT.

Basically it's only for online play, if you can't configure UPnP or whoever programmed the game did it like shit.
Once the connection from the PC/Console to another host is opened, any other host, indeed anything else in the world, not only the game...
can reach the gaming peripheral, with the consequent security risks.

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 6:22 pm
by dioeyandika
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8 );
*) bridge - fixed incorrect host moving between ports with enabled FastPath;

setup before upgrade too 7.10 (before is 7.8) STP = none, HW Offload run
1.jpg
internet really slow after upgrade too 7.10 before is normal with that setup (7.8)
setup after upgrade enable RSTP and IGMP Snooping, DHCP Snooping, Add DHCP Option 82, HW Offload off, internet back too normal
2.jpg
This on RB750Gr3, i am scratch my head over one hours are this the best setting for 7.10 for now?

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 6:37 pm
by pitron
OVPN log:
⏎[Jun 15, 2023, 17:32:18] Client exception in transport_recv: process_server_push_error: Problem accepting server-pushed peer-id: parse/range issue

works well til 7.10

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 6:58 pm
by anav
NM..................

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 7:04 pm
by rextended
You read my post? ;)
viewtopic.php?t=197095#p1007949

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 7:09 pm
by rextended
Put into production on CCR2116-12G-4S+ with 3 full BGP tables (2 IPv4 only, 1 IPv6 only)
No, I haven't gone crazy, I have multiple RouterBOARDs in HA on the same link...

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 7:20 pm
by kenyloveg
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8 );
*) bridge - fixed incorrect host moving between ports with enabled FastPath;

setup before upgrade too 7.10 (before is 7.8) STP = none, HW Offload run 1.jpg internet really slow after upgrade too 7.10 before is normal with that setup (7.8)
setup after upgrade enable RSTP and IGMP Snooping, DHCP Snooping, Add DHCP Option 82, HW Offload off, internet back too normal 2.jpg
This on RB750Gr3, i am scratch my head over one hours are this the best setting for 7.10 for now?
According to
https://help.mikrotik.com/docs/display/ ... +Switching
you should't enable any STP or snooping on your bridge, only if you know exactly why you need these...

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 7:22 pm
by anav
You read my post? ;)
viewtopic.php?t=197095#p1007949
Now I did LOL.
So instead of implementing ZeroTrust Cloudflare tunnel for all devices to help so many users setup servers more securely,
MT opted to implement an obscure protocol needed for shittily designed games that in comparison is a fraction of the use cases compared to
the real need by home users and some business users to secure servers.
In fact, while MT is opening up routers to get hacked with that so questionable 'feature', they refuse to implement one that actually
allows users to run servers WITHOUT exposing their public IP to the world and their networks.

Please tell me this is not EU logic but strictly Latvian logic??

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 7:40 pm
by rextended
NO, this is the logic "the game is broken, router must fix that". You can replace "game" with any other word, and is still the same approach.

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 7:58 pm
by npeca75
IPv6 wireguard broken on

CHR
RB5009
HEX S

working on
RB450G
HEX


same configs & network work as expected on 7.9.2

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 8:20 pm
by dioeyandika
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8 );
*) bridge - fixed incorrect host moving between ports with enabled FastPath;

setup before upgrade too 7.10 (before is 7.8) STP = none, HW Offload run 1.jpg internet really slow after upgrade too 7.10 before is normal with that setup (7.8)
setup after upgrade enable RSTP and IGMP Snooping, DHCP Snooping, Add DHCP Option 82, HW Offload off, internet back too normal 2.jpg
This on RB750Gr3, i am scratch my head over one hours are this the best setting for 7.10 for now?
According to
https://help.mikrotik.com/docs/display/ ... +Switching
you should't enable any STP or snooping on your bridge, only if you know exactly why you need these...
your right i delete all the firewall filter rule and restore to default config it seem back to normal again, something must be the couse in that rule

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 8:37 pm
by wintech2003
I'm super happy with the BGP addition in SNMP; `bgpPeerTable` (https://oidref.com/1.3.6.1.2.1.15.3)
It would be awesome if are also added for some NMS-products.
Does this actually work for you? I'm not getting any output for that oid when I do an snmpwalk, nor does Observium/LibreNMS get a list of BGP peers.

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 8:43 pm
by nik247
Try upgrade CAP AC without success from 7.9 to 7.10.
[xxx@cap-ac] > system/routerboard/print 
       routerboard: yes
        board-name: cAP ac
             model: RBcAPGi-5acD2nD
          revision: r2
     serial-number: B9320BEXXXXX
     firmware-type: ipq4000L
  factory-firmware: 6.44
  current-firmware: 7.9
  upgrade-firmware: 7.9
After downloading router go to reboot and still on 7.9. In log next error....
router was rebooted without proper shutdown, probably kernel failure

Updated: successfully updated to 7.10 over downgrade to 7.8

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 8:56 pm
by vovan700i
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
Hello! Please, beware that some of these improvements make Chinese SFP modules (e.g. ONTi Gigabit RJ45 SFP module from Aliexpress) report temperature of 255 degrees which triggers SFP module disabling (for 10 minutes, but it repeats) since the default SFP shutdown temperature is 95 degrees. Thus, you may have problems connecting to your devices after this update if you use such modules.

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 8:57 pm
by irrwitzer
Does this actually work for you? I'm not getting any output for that oid when I do an snmpwalk, nor does Observium/LibreNMS get a list of BGP peers.
Here it's working fine for IPv4 only. 99% of my network is ipv6 though.

Regarding observium/librenms, that's exactly why he's asking for bgpLocalAs and bgpIdentifier to enable observium's discovery feature.

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 9:03 pm
by wintech2003
Does this actually work for you? I'm not getting any output for that oid when I do an snmpwalk, nor does Observium/LibreNMS get a list of BGP peers.
Here it's working fine for IPv4 only. 99% of my network is ipv6 though.
The thing is that for me that OID doesn't give any output at all :(
snmpwalk -v 1 -c <community> <router_ip> 1.3.6.1.2.1.15
just comes out empty.
Regarding observium/librenms, that's exactly why he's asking for bgpLocalAs and bgpIdentifier to enable observium's discovery feature.
Amen to that! :)

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 9:06 pm
by hagoyi
My mistake

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 9:08 pm
by leonardogyn
Where is /System/LCD settings on RB2011? Is ROS7 stop supporting it?
.
I'm running RoSv7 on quite a few RB2011s, and LCD menu is there as always, supported and working.

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 9:09 pm
by twingman
BFD is working, but I think desired and actual TX/RX intervals are not working. On one side there is some time (0,05s), on second there is 0.1s and used interval is 0.1s. If I remember, BFD should choose bigger TX/RX interval (which side has it bigger). Isn't it?

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 10:00 pm
by denisun
RB4011 after update lost ovpn.
Connecting
Established
Disconndcted

<user> detect UNKNOWN
I am not sure how was before
Any ideas?
In rb4011 i have a poll error.
Image
Everything worked ok in previous version.
I get data in firewall > filter > input
but not in NAT record.
Usr/psw its ok but i get poll error.

What is this error?
I cant find anything for this.

Its the same issue from 7.10rc1:
viewtopic.php?p=1005699#p1005699

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 10:25 pm
by whatever
Fix for WiFi will be in 7.11 so stay at 7.8
Fix for what issue?

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 10:31 pm
by Rox169
Fix for WiFi will be in 7.11 so stay at 7.8
Fix for what issue?
can you read? read above in this topic....

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 10:38 pm
by pe1chl

The thing is that for me that OID doesn't give any output at all :(
snmpwalk -v 1 -c <community> <router_ip> 1.3.6.1.2.1.15
Works fine here!

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 10:40 pm
by doctorrock
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
Hello! Please, beware that some of these improvements make Chinese SFP modules (e.g. ONTi Gigabit RJ45 SFP module from Aliexpress) report temperature of 255 degrees which triggers SFP module disabling (for 10 minutes, but it repeats) since the default SFP shutdown temperature is 95 degrees. Thus, you may have problems connecting to your devices after this update if you use such modules.
I got problems with DACs (Direct Attach cables) since the update.
They don't work anymore, both with auto-negociation and manual transfer rate setting.
One is Ipolex and other is HiFiber. Both don't work anymore. Very annoying ...

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 11:03 pm
by teleport
RouterOS version 7.10 has been released in the "v7 stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.10 (2023-Jun-15 08:17):


*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
can confirm above is fixed. if you still have issues do these steps:

remove private (on RouterOS) and public (on the remote host) keys;
downgrade RouterOS to version 7.8;
Export RouterOS SSH keys;
import new private key in RouterOS, the public key in the remote host;
check if ssh-exec to the remote host works;
upgrade RouterOS to version 7.10 and check if ssh-exec to the remote host works.

Re: v7.10 [stable] is released!

Posted: Thu Jun 15, 2023 11:39 pm
by krafg
Upgraded all my devices from ROS6. My first time with ROS7. For now all is working flawlessly.

LtAP, PowerBox Pro, BaseBox 2 and BaseBox 5.

Regards.

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 12:06 am
by DudeBeFishing
I'm using a CCR-2004-16G-2S+ and a wAP AC (RBwAPG-5HacD2HnD).

I upgraded the CCR-2004-16G-2S+ to 7.10. I tried upgrading the wAP AC through CAPsMAN and noticed the Upgrade button is not working. I click Upgrade and nothing happens.I waited about 10 minutes. It usually confirms if I want to upgrade, then the wAP comes back up in 30s or so. I tried Winbox and the web interface.

EDIT: I think I'm blocking the wAP's access to WAN. I uploaded RouterOS 7.10 to the CCR-2004 and now the upgrade button works.

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 12:08 am
by infabo
<post for topic subscription>
Sir, there is a funcionality for this already.

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 1:23 am
by dooh
RouterOS version 7.10 has been released in the "v7 stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 7.10 (2023-Jun-15 08:17):

!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
Thank you for the new features, I can confirm that prefix count seems to work fine, but what does "bgp - show address family in advertisements" mean?

/routing/bgp/advertisements/print is still empty, all session have ".keep-sent-attributes=yes"
[admin@CCR1] > /routing/bgp/advertisements/print detail

[admin@CCR1] > /routing/bgp/advertisements/print count-only
0

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 4:44 am
by Amm0
!) route - added BFD;
In docs it says: "Features not yet supported [...] enabling BFD for ip route gateways"

Is that a forever thing, or "coming soon"?

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 6:25 am
by felixka


Hello! Please, beware that some of these improvements make Chinese SFP modules (e.g. ONTi Gigabit RJ45 SFP module from Aliexpress) report temperature of 255 degrees which triggers SFP module disabling (for 10 minutes, but it repeats) since the default SFP shutdown temperature is 95 degrees. Thus, you may have problems connecting to your devices after this update if you use such modules.
I got problems with DACs (Direct Attach cables) since the update.
They don't work anymore, both with auto-negociation and manual transfer rate setting.
One is Ipolex and other is HiFiber. Both don't work anymore. Very annoying ...
Yes, this has been an issue for me on CCR2004-16G-2S+ since a few releases ago (I think it started with 7.8). Luckily that device has a backup GbE into the network. But for a few releases the DAC has not been working for me anymore. I see RX traffic on it but nothing on the TX side.

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 7:33 am
by nichky
we got issues with RR, is not exchanging the routes on the main table between iBGP

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 7:52 am
by pitron
RB4011 after update lost ovpn.
Connecting
Established
Disconndcted

<user> detect UNKNOWN
I am not sure how was before
Any ideas?
In rb4011 i have a poll error.
Image
Everything worked ok in previous version.
I get data in firewall > filter > input
but not in NAT record.
Usr/psw its ok but i get poll error.

What is this error?
I cant find anything for this.

Its the same issue from 7.10rc1:
viewtopic.php?p=1005699#p1005699
Ovpn client log show more info.
I have similar ovpn setup and I am back to 7.9.2 working fine again.

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 8:51 am
by disappointed
IPsec not working after update. Freezes on first packet phase1 and can not auth on Strongswan server.
I spent an hour trying to find the cause and couldn't. I had to go back to the previous ROS.
The same config on 7.9.2 is working.

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 9:13 am
by Hominidae
thanks, updated my small zoo:
  • RB4011 (SFP+: MT S+AO)
  • hex Gr2 (Switch mode)
  • CRS309 (SFP+: DACs from Aristo, Cisco, MT S+AO, fs.com 80m 10G-T)
  • CRS326-24G-2S (SFP+: DACs from Aristo), running wifi capsman
  • LHGG
  • wAP-ac 2ndGen (CAP)
  • 2x hap-ac^3 (WW2 APs) no ww2-capsman, container (Adguard-home)
  • CHR
...VLANs, Wireguard, SFP+ Modules all good.
Container on hap-ac^3 needed re-install to start properly.

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 10:29 am
by Caci99


What fix are you referring to? This release has several fixes on wifi wave2.

Clients can not connect WiFi only reboot will help. Check forum there is plenty of reports.
That is a very general statement you are stating. There are plenty of reports but not all can be attributed to ROS, many can be misconfiguration. When you say fix will come at 7.11, it is understood that some particular fix will come at 7.11.
In the change log of 7.10 there are some wifi wave2 fixes like
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
and many others

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 10:30 am
by Jaggl
Since this Update my OpenVPN Windows Clients are unable to connect. Mikrotik to Mikrotik with OpenVPN is working. Anyone else see this Problem?

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 10:35 am
by kcarhc
please check SUP-119380
RouterOS 7.10 dns dynamic-servers random lost on all type device, RB5009/RB4011/RB450Gx4/CHR
Downgrading to version 7.9.2 everything is fine, but when upgrading to 7.10, random loss occurs.
1.jpg
2.jpg
this link
viewtopic.php?t=196774
maybe the same issue

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 12:05 pm
by fakeusername2022
My OpenVPN Server stopped working after this update!
I get this error on client side:
"Client exception in transport_recv: process_server_push_error: Problem accepting server-pushed peer-id: parse/range issue"
After downgrading to 7.9 the problem solved!

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 12:06 pm
by fakeusername2022
OVPN log:
⏎[Jun 15, 2023, 17:32:18] Client exception in transport_recv: process_server_push_error: Problem accepting server-pushed peer-id: parse/range issue

works well til 7.10
Same problem here...

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 12:13 pm
by pe1chl
I don't use MikroTik OVPN but when I read the above error message I would guess maybe the peer-id used by MikroTik is the "/system identity" that you have set, and you may be able to solve that issue by using a more plain identity than you have now? (try only letters and numbers, for example).

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 12:17 pm
by denisun


In rb4011 i have a poll error.
Image
Everything worked ok in previous version.
I get data in firewall > filter > input
but not in NAT record.
Usr/psw its ok but i get poll error.

What is this error?
I cant find anything for this.

Its the same issue from 7.10rc1:
viewtopic.php?p=1005699#p1005699
Ovpn client log show more info.
I have similar ovpn setup and I am back to 7.9.2 working fine again.
This is logs from stock openvpn client in android 13.1.

[Jun 15, 2023, 21:37:23] OpenVPN core 3.git:: android arm64 64-bit PT_PROXY

[Jun 15, 2023, 21:37:23] ----- OpenVPN Start -----

[Jun 15, 2023, 21:37:23] EVENT: CORE_THREAD_ACTIVE

[Jun 15, 2023, 21:37:23] Frame=512/2048/512 mssfix-ctrl=1250

[Jun 15, 2023, 21:37:23] EVENT: RESOLVE

[Jun 15, 2023, 21:37:26] Contacting .201:1194 via UDP

[Jun 15, 2023, 21:37:26] EVENT: WAIT

[Jun 15, 2023, 21:37:26] Connecting to [.sn.mynetname.net]:1194 (.201) via UDPv4

[Jun 15, 2023, 21:37:26] EVENT: CONNECTING

[Jun 15, 2023, 21:37:26] Tunnel Options:V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client

[Jun 15, 2023, 21:37:26] Creds: Username/Password

[Jun 15, 2023, 21:37:26] Peer Info:
IV_VER=3.git::
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
IV_GUI_VER=net.openvpn.connect.android_3.3.4-9290
IV_SSO=webauth,openurl,crtext


[Jun 15, 2023, 21:37:26] VERIFY OK: depth=1, /C=GR/ST=TH/L=T/O=HomeMikrotik/OU=changeme/CN=HomeMikrotikCA/name=changeme/emailAddress=mail@host.domain, signature: RSA-SHA1

[Jun 15, 2023, 21:37:26] VERIFY OK: depth=0, /C=GR/ST=TH/L=T/O=HomeMikrotik/OU=changeme/CN=server/name=changeme/emailAddress=mail@host.domain, signature: RSA-SHA1

[Jun 15, 2023, 21:37:26] SSL Handshake: peer certificate: CN=server, 1024 bit RSA, cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD


[Jun 15, 2023, 21:37:26] Session is ACTIVE

[Jun 15, 2023, 21:37:26] Sending PUSH_REQUEST to server...

[Jun 15, 2023, 21:37:26] EVENT: WARN info='TLS: received certificate signed with SHA1. Please inform your admin to upgrade to a stronger algorithm. Support for SHA1 signatures will be dropped in the future'

[Jun 15, 2023, 21:37:26] EVENT: GET_CONFIG

[Jun 15, 2023, 21:37:26] OPTIONS:
0 [redirect-gateway]
1 [dhcp-option] [DNS] [192.168.5.36]
2 [ping] [20]
3 [ping-restart] [60]
4 [topology] [subnet]
5 [route-gateway] [192.168.5.39]
6 [ifconfig] [192.168.5.115] [255.255.255.0]
7 [peer-id] [16777215]


[Jun 15, 2023, 21:37:26] Client exception in transport_recv: process_server_push_error: Problem accepting server-pushed peer-id: parse/range issue

[Jun 15, 2023, 21:37:26] Client terminated, restarting in 2000 ms...


[Jun 15, 2023, 21:46:52] ----- OpenVPN Stop -----

[Jun 15, 2023, 21:46:52] EVENT: CORE_THREAD_DONE



Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 12:27 pm
by vuk
Since v7.9 and now with v7.10 VPN (L2TP) via IPIP tunnel with IPSec is unusable, totally slow, but I see no errors in the log.
This issue was/is not present with v7.8, only since then.

I tried to turn off IPSec over the IPIP tunnel, but same, totally slow, e.g. web pages doesn't even load.

Router1: hAP AX3 (initiator)
Router2: hAP AC3 (responder)

supout file attached
7.10_supout.zip
UPDATE: after downgrading to 7.8 only on hAP AX3, VPN works fine again. hAP AC3 is still on 7.10, issue seems to occur only on AX3.

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 1:27 pm
by mrz
BFD is working, but I think desired and actual TX/RX intervals are not working.
There's been some confusion with the naming, actual tx actually shows the value of the remote tx interval. But actual tx is actually picked the highest value as it should. Will be fixed in one of the next versions.

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 2:12 pm
by HeinoHomm
After the upgrade to v7.10 (stable). The ovpn client will no longer emerge into the the ip/address table. Also there will be a missing entry in the routing table, i.e. there is no gateway. Due to this, the router is no longer able to exchange ip packets between the network and the ovpn client.

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 2:15 pm
by rextended
Put into production on CCR2116-12G-4S+ with 3 full BGP tables (2 IPv4 only, 1 IPv6 only)
No, I haven't gone crazy, I have multiple RouterBOARDs in HA on the same link...
For now, all BGPs uptime for 19:10:13 without interruption....

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 2:26 pm
by jimmer
RB4011 after update lost ovpn.
Connecting
Established
Disconndcted

<user> detect UNKNOWN
I am not sure how was before
Any ideas?
I have the same problem, also found it in 7.10rc3 and reported it in the thread a few weeks back, bug still in 7.10 in the stable release :(
Remote clients constantly connect via OpenVPN and disconnect every second

Jun 16 21:14:30 laurel-rb3011-gw connection established from 10.3.xx.xx, port: 34599 to 10.1.xx.xx
Jun 16 21:14:30 laurel-rb3011-gw : using encoding - AES-256-CBC/SHA256
Jun 16 21:14:30 laurel-rb3011-gw jimmer logged in, 10.10.17.148 from 10.3.xx.xx
Jun 16 21:14:30 laurel-rb3011-gw <ovpn-jimmer>: connected
Jun 16 21:14:30 laurel-rb3011-gw <10.1.36.60>: disconnected <poll error>
Jun 16 21:14:30 laurel-rb3011-gw <ovpn-jimmer>: terminating... - poll error
Jun 16 21:14:31 laurel-rb3011-gw jimmer logged out, 1 0 0 0 0 from 10.3.xx.xx
Jun 16 21:14:31 laurel-rb3011-gw <ovpn-jimmer>: disconnected

This happens over and over every second until I kill the login process on the client, works fine in 7.8 and 7.9.2, somethings got cooked in the 7.10rc build and it's made its way (again) into the 7.10 stable branch.

Same OpenVPN login using RouterOS 7.9.2:

Jun 16 21:23:11 laurel-rb3011-gw connection established from 10.3.xx.xx, port: 44765 to 10.1.xx.xx
Jun 16 21:23:11 laurel-rb3011-gw : using encoding - AES-256-CBC/SHA256
Jun 16 21:23:11 laurel-rb3011-gw jimmer logged in, 10.10.17.149 from 10.3.xx.xx
Jun 16 21:23:11 laurel-rb3011-gw <ovpn-jimmer>: connected

Stays connected, can pass data over it.


Platform is RB3011-iUAS-RM.

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 3:34 pm
by mikrotikshell
The same, while using OpenVPN:
Client exception in transport_recv: process_server_push_error: Problem accepting server-pushed peer-id: parse/range issue

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 4:04 pm
by kai
SSH client seems a bit broken.
I use the mikrotik as a client to connect to something like a UniFi - it attempts a connection but it immediately quits. It doesn't get as far as asking for a login or password.

It works in 7.7

Edit: also works ok in 7.10rc1

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 4:50 pm
by teleport
SSH client seems a bit broken.
I use the mikrotik as a client to connect to something like a UniFi - it attempts a connection but it immediately quits. It doesn't get as far as asking for a login or password.

It works in 7.7

Edit: also works ok in 7.10rc1
refer
viewtopic.php?t=196154

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 5:18 pm
by Aurum
RB4011 after update lost ovpn.
Connecting
Established
Disconndcted

<user> detect UNKNOWN
Same. Downgraded and it works again...

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 6:17 pm
by raphaps
I also have a problem with openvpn, on an RB4011. Since version 7.8, the system is unstable and restarts before completing 15 minutes of uptime. I have around 150 ovpn connections. I updated to v7.10 and the same problem occurred, the last version that worked fine was v7.7.

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 6:21 pm
by johnson73
After upgrade to 7.10 this device is ok.
RB4011
CCR1009

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 6:52 pm
by bandini981
OVPN log:
⏎[Jun 15, 2023, 17:32:18] Client exception in transport_recv: process_server_push_error: Problem accepting server-pushed peer-id: parse/range issue

works well til 7.10
Same here. Also stopped working Passepartout (iOS app) and other Mikrotik OpenVPN clients.

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 6:53 pm
by Paternot
"bgp - show approximate received prefix count by the session;"

How much is this "approximate"? Is it a case of "we run a second thread to count this, so may be a little off if something changes during the count" or is it "we will count it one time, when the connection is made, and never again?"

How (in)exact is this number?

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 7:03 pm
by bandini981
OVPN log:
⏎[Jun 15, 2023, 17:32:18] Client exception in transport_recv: process_server_push_error: Problem accepting server-pushed peer-id: parse/range issue

works well til 7.10
Same here. Also stopped working Passepartout (iOS app) and other Mikrotik OpenVPN clients.
Downgraded to 7.9.2 and everything is ok

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 7:06 pm
by donkeyKong
After upgrade to v7.10, seeing problems with switches using the 98DX8212 switch chip.

Ticket is SUP-119408

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 7:10 pm
by macak
Android OpenVPN Connect is fail to connect.

From logs: disconnected <poll error>.

Note - mikrotik to mikrotik connected without problems. I don't test too much that connection is stable.
Downgraded to 7.9.1 - I can connect from Android again.

Please fix it.

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 8:01 pm
by wavestar
Upgraded Rb5009 non POE version. Everything is working.

I don't use any VPN.

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 10:13 pm
by estradmes
Upgraded CCR2116, for now route delete with l3hw works

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 10:54 pm
by Rox169
The wifi bug is still present. I had another situation. I was connected to WiFi with Oneplus9, Lenovo T431s and samsung TV and suddendly no internet and I can not login to WiFi anymore. This time I had time to send supout. SUP-119465.

MT please fix this ASAP it is present already in two "stable" versions..

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 11:20 pm
by pe1chl
"bgp - show approximate received prefix count by the session;"

How much is this "approximate"? Is it a case of "we run a second thread to count this, so may be a little off if something changes during the count" or is it "we will count it one time, when the connection is made, and never again?"

How (in)exact is this number?
In my router it seems to be accurate, noting that it includes prefixes discarded by the in-filter in the count (which v6 does not include). Prefixes filtered by the "Input accept NLRI" are not counted.
It also is re-calculated at least regularly (maybe everytime you request it?).

Still, there is the problem that has been present since the first v7 release that an open window on the BGP Sessions list is NOT refreshed automatically, so the displayed number of prefixes will remain the same until you hit F5.
Hopefully at some time MikroTik can fix this and make the window auto-refreshing just like the BGP Peers window was in v6, and so many other windows still are in v7.

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 11:29 pm
by vuk
BFD is working, but I think desired and actual TX/RX intervals are not working.
There's been some confusion with the naming, actual tx actually shows the value of the remote tx interval. But actual tx is actually picked the highest value as it should. Will be fixed in one of the next versions.
@mrz are there any know issues in 7.9 and 7.10 regarding L2TP and IPIP Tunnel + IPSec, which might cause this: viewtopic.php?p=1008075#p1008075
Others report similar issues, I see OVPN related problems?!

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 11:46 pm
by nexusds
After upgrade to v7.10, seeing problems with switches using the 98DX8212 switch chip.

Ticket is SUP-119408
what is the issue you are having?

Re: v7.10 [stable] is released!

Posted: Fri Jun 16, 2023 11:52 pm
by nexusds
default ipsec phase1 profile algorithm (when used for eoip for example) if using DES will no longer work.. have to change it to something else (I chose aes-256 - didn't test other algorithms as I would need to adjust a number of units)

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 1:28 am
by AUsquirrel
Upgrade was successful.

Now have a suspected bug in the IPV6 filter rule that has a source IPV6 address list and an IPV6 address range. It is going past the rule to the drop and log rule. Tried with various combinations and no luck.

Both networks are VLANs

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 1:40 am
by donkeyKong
After upgrade to v7.10, seeing problems with switches using the 98DX8212 switch chip.

Ticket is SUP-119408
what is the issue you are having?
Switch is not detecting anymore an SFP ONT Sercomm FGS202. This use case is common for several users in France of a large ISP (Orange) who have replaced the vendor’s original hardware with MikroTik HW.

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 2:25 am
by Paternot
In my router it seems to be accurate, noting that it includes prefixes discarded by the in-filter in the count (which v6 does not include). Prefixes filtered by the "Input accept NLRI" are not counted.
It also is re-calculated at least regularly (maybe everytime you request it?).
Ah, thanks. Looks like the "inaccurate" was just to prevent someone trying to debug something and taking the "count differs by two" seriously.

Or, in other words, "close enough for government work".

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 3:03 am
by anav
7.10 (almost) stable. Just get rid of OVPN and solves a bulk of issues.

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 8:42 am
by own3r1138
7.10 (almost) stable. Just get rid of OVPN and solves a bulk of issues.
ezgif.com-optimize.gif

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 9:14 am
by ech1965
Small request:

I understand stable releases topics are read by people upgrading from stable to stable. in that case single big squashed changelog makes sense
People being in the testing train recevice "incremental" change log ( 1st post of the topic updated). this is also great
We only miss the last step: incremental changelog between last rc and stable. is stable identical to last rc or are there last minute changes ?
Would it be possible to add this changelog eg in "locking" post of rc thread ( #184 )
Many thanks
EC

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 10:18 am
by thuety
updated fine on CRS305, RB2011, RB951
sstp tunnels still work

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 10:55 am
by t0mm13b
Updated ok on Chateau LTE 18

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 12:05 pm
by pe1chl
Ah, thanks. Looks like the "inaccurate" was just to prevent someone trying to debug something and taking the "count differs by two" seriously.

Or, in other words, "close enough for government work".
I use these values (and I presume most people would) not as an indication if there are 400 or 401 routes via some peer, but to generally
oversee what is behind each peer connection, and relate that to what I know is "normal". So when I see 1 or 3 where I normally see 766,
I know that this peer still advertises its own local network(s) but has lost a connection to some other place in the network which has a
lot of routes. This is also the reason why I requested this feature to be back, and apparently it is a commonly requested one.

Of course it is not perfect but it does not have to be. What makes it less usable is that it isn't refreshed anymore, like it was in v6.
There is a MISLEADING "Uptime" column that instead of showing the uptime at the moment the window was refreshed, shows a ticking
uptime increasing all the time, even when the connection is actually DOWN. Either refresh should come back, or that ticking should go.

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 12:14 pm
by pe1chl
I understand stable releases topics are read by people upgrading from stable to stable. in that case single big squashed changelog makes sense
People being in the testing train recevice "incremental" change log ( 1st post of the topic updated). this is also great
We only miss the last step: incremental changelog between last rc and stable. is stable identical to last rc or are there last minute changes ?
I proposed before that instead of these one-line change logs, MikroTik should put all changes in a database that has fields for this single line,
for a pointer to relevant documentation (page in the help site), a possible warning related to the change ("date format has changed, you will
need to adapt your scripts when they use the system date"), a longer description of the change when relevant (what exactly has been fixed),
etc. And then there should be a webpage where you can input two different version numbers, and the output will be the change list as we get
now, but "between those two versions"). With clickable items to send you to documentation or more info.

I think it should not be more work than what we get now, but it would be much more usable. And the old style plain text one-line lists can
be automatically generated from this for the changes list displayed by the device itself.

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 12:31 pm
by nichky
*) ovpn - improved system stability;

not to sure what u mean by that. On v7.10 ovpn is totally broken

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 12:44 pm
by mantouboji
ssh client broken , it even works well in 7.10rc serials .

I don't want to downgrade, pls fix it ASAP

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 12:54 pm
by volkirik
*) ovpn - improved system stability;

not to sure what u mean by that. On v7.10 ovpn is totally broken
indeed. doesnt even show local & remote addresses

lets hope stable ovpn in next release..

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 1:58 pm
by nichky
ssh client broken , it even works well in 7.10rc serials
what exactly?

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 2:03 pm
by mantouboji
OK. I tried to downgrade to 7.8 re-add private and public keys , and then upgrade to 7.10 again, solved it.

I think that must because a bug in 7.9 destroyed the inner key data record.

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 3:21 pm
by patrickmkt
Still no fix on certificate crl using sha512
viewtopic.php?p=1008226#p1008226

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 3:32 pm
by eddieb
Just upgraded a bunch of MT to 7.10 without problems

CRS125/HAP AC/hEX/RB750

Re: Load Balancing Configuration Issue and Software Errors with RouterOS Version 7.10

Posted: Sat Jun 17, 2023 8:15 pm
by Jotne
This is unacceptable for a "stable" update channel
It may be stable for 99.9% of all the user. You will never ever find a 100% stable software. Not sure how many times the last 20+ years I have updated stable Cisco software due to bugs, sometimes serious bugs that takes down the network.

It may be a combination of some of your settings that create the problem.
Why do you have UPnP enabled?
https://nordvpn.com/no/blog/what-is-upnp/

Some of the function you have:
Capsman
Bgp
Ospf
Zerotier
Ovpn
IPv6

Try simplify your config. Test function for function.

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 8:59 pm
by zdiv
Still no "?" in CLI.
F1 has replaced "?" but terminals only understand characters, not keys.

Function keys are naturally captured by applications.
yes it works from Winbox, but is at best cumbersome solution and makes no sense.
"?" works on almost anything else having CLI.
F1 is to be used for help about applications and not commands typed inside CLI.

So ^[OP from terminal or F1 from Winbox terminal ... !

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 9:00 pm
by securex
What is the latest version of dude client ( x86 platform) ?
a see 7.10 - https://mikrotik.com/download, download and see inside 7.9....

Re: v7.10 [stable] is released!

Posted: Sat Jun 17, 2023 9:02 pm
by rextended
What is the latest version of dude client ( x86 platform) ?
a see 7.10 - https://mikrotik.com/download, download and see inside 7.9....
Is the same identical program just with the version number changed....

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 3:11 am
by tangent
terminals only understand characters,

We’ve had F1 on ANSI X3.64 compatible terminals at least since the VT220, released in 1983. If you’re using a terminal emulator that can’t send F1, get a better terminal emulator; they’re plentiful.

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 7:22 am
by mantouboji
1) remove any public and private keys
2) downgrad to 7.8
3) import both public and private keys , ssh client is OK
4) upgrade to 7.10
5) ssh client OK

but If remove all key and re-import in 7.10, ssh client broken.

In 7.10. letsencrypt broken again? my duckdns.org dynamic domain name only has a AAAA ipv6 address .

Re: Load Balancing Configuration Issue and Software Errors with RouterOS Version 7.10

Posted: Sun Jun 18, 2023 11:38 am
by pe1chl
This is unacceptable for a "stable" update channel
It may be stable for 99.9% of all the user. You will never ever find a 100% stable software.
Once again: "stable" in the name of the MikroTik releases does not mean the software itself is stable, in that it does not crash and does not
have serious other problems (bugs).

The tag "stable" only means this is a release that will not be changed for some time, unless important problems are fixed.
The other tags "alpha" and "beta" and "rc" are for testing new developments, and would be updated ~weekly. That is not the case for "stable".
So "stable" refers to the stability of the release, not to the stability of the software itself.
And "long-term" is another "stable" release that for an even longer time receives those minor updates for important problems.

I know it is all too tempting to interpret "stable" in the context of software stability, but I don't think that claim has been made by MikroTik.
Regularly development versions with known problems are released into "stable" in the middle of hefty discussions about the problems.

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 11:56 am
by rextended
Put into production on CCR2116-12G-4S+ with 3 full BGP tables (2 IPv4 only, 1 IPv6 only)
No, I haven't gone crazy, I have multiple RouterBOARDs in HA on the same link...
For now, all BGPs uptime for 19:10:13 without interruption....
Still all up and working without problems. (2d 16:54:56)

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 1:17 pm
by ech1965
I understand stable releases topics are read by people upgrading from stable to stable. in that case single big squashed changelog makes sense
People being in the testing train recevice "incremental" change log ( 1st post of the topic updated). this is also great
We only miss the last step: incremental changelog between last rc and stable. is stable identical to last rc or are there last minute changes ?
I proposed before that instead of these one-line change logs, MikroTik should put all changes in a database that has fields for this single line,
for a pointer to relevant documentation (page in the help site), a possible warning related to the change ("date format has changed, you will
need to adapt your scripts when they use the system date"), a longer description of the change when relevant (what exactly has been fixed),
etc. And then there should be a webpage where you can input two different version numbers, and the output will be the change list as we get
now, but "between those two versions"). With clickable items to send you to documentation or more info.

I think it should not be more work than what we get now, but it would be much more usable. And the old style plain text one-line lists can
be automatically generated from this for the changes list displayed by the device itself.
No need to change the changelog structure, In the last "locking post" in RC topic, just add the changelog between last rc and stable or "stable is the same as rxX" and "that's it"

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 2:48 pm
by pe1chl
That is only a solution for that particular case. My proposal also solves the issue where people upgrade from version x.y to x.y+2 in one jump, read the x.y+2 change notes (that are displayed on their screen as part of the upgrade process), but have never seen the x.y+1 change notes and the important information and warnings it contains.
Making a "custom" change note would generate the proper list of changes, including omission of notes in x.y+2 saying "fixed bug introduced in x.y+1" which would be irrelevant to those people.
It should be relatively easy to do and remove the "editorial" task of generating change notes by scanning all internally registered changes.

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 3:25 pm
by DeGlucker
x86 Atheros 9380 (AR5BXB112) WiFi is still not working !!!
Was forced to rollback to ROS 7.6 again !!!
Already during four releases you broke WiFi on Atheros 9380 and can't fix it !!!

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 4:54 pm
by densenator
Try to upgrade my Hap ax^2 to 7.10 And problem with wi-fi still exist.
key handshake timeout
I have default config and opened support ticked already.
Downgrade to 7.8 and problem is solved.

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 5:53 pm
by Jotne
Stop posting things that do not relate to v7.10 stable release.

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 6:28 pm
by rextended
This forum is not reddit...
When common sense isn't enough...
I'd like to see if I started posting pornographic images how many people would be shocked, but it's not prohibited anywhere...
So it goes without saying that avatars that are offensive to others should be avoided.
Then if one puts a daisy and someone complains because he hates flowers....



MikroTik - Registration code

By accessing “MikroTik” (hereinafter “we”, “us”, “our”, “MikroTik”, “https://forum.mikrotik.com”),
you agree to be legally bound by the following terms.
If you do not agree to be legally bound by all of the following terms then please do not access and/or use “MikroTik”.
We may change these at any time and we’ll do our utmost in informing you,
though it would be prudent to review this regularly yourself as your continued usage of “MikroTik” after changes mean you agree to be legally bound
by these terms as they are updated and/or amended.

Our forums are powered by phpBB (hereinafter “they”, “them”, “their”, “phpBB software”, “www.phpbb.com”, “phpBB Limited”, “phpBB Teams”)
which is a bulletin board solution released under the “GNU General Public License v2” (hereinafter “GPL”) and can be downloaded from www.phpbb.com.
The phpBB software only facilitates internet based discussions;
phpBB Limited is not responsible for what we allow and/or disallow as permissible content and/or conduct.
For further information about phpBB, please see: https://www.phpbb.com/.

You agree not to post any abusive, obscene, vulgar, slanderous, hateful, threatening, sexually-orientated
or any other material that may violate any laws be it of your country, the country where “MikroTik” is hosted or International Law.
Doing so may lead to you being immediately and permanently banned, with notification of your Internet Service Provider if deemed required by us.
The IP address of all posts are recorded to aid in enforcing these conditions.
You agree that “MikroTik” have the right to remove, edit, move or close any topic at any time should we see fit.
As a user you agree to any information you have entered to being stored in a database.
While this information will not be disclosed to any third party without your consent,
neither “MikroTik” nor phpBB shall be held responsible for any hacking attempt that may lead to the data being compromised.

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 6:42 pm
by anav

You agree not to post any abusive, obscene, vulgar, slanderous, hateful, threatening, sexually-orientated, negative feline comments
or any other material that may violate.......
Fixed it for ya........

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 6:50 pm
by Amm0
Well, v7.10 must relatively stable if the discussion turns to politics.

But I think @pe1chl has a worthwhile suggestion here in the context of winbox's system>packages's view showing all of the release notes between the current and purposed version...
My proposal also solves the issue where people upgrade from version x.y to x.y+2 in one jump, read the x.y+2 change notes (that are displayed on their screen as part of the upgrade process), but have never seen the x.y+1 change notes and the important information and warnings it contains.

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 7:12 pm
by theosoft
OpenVPN Connection interupted.

I do have this effect also. So i started playing arround.
1. In the log i recognized, that the connection is interupted with a period of a multiple of hours. That means 1h, 2h, or even 6 hours and so on.
Is there a timeout of 3600 sec. somewhere?
2. On the client side (OpenWRT) i found a setting called "reneg_sec", Renegotiate data chan. key after seconds.
I set it to 90 sec. and the frequency of interuption increased. And again a multiple of 90 sec.
3. OK. I tried it in the opposite direction. Now 86400 sec. But then the interuption was a multiple of 1h again. Maybe the microtik also triggers the
negotiation with a timeout of 3600 sec.
4. With OPENVPN,DEBUG on, there are entries regarding openvpn handling. It seems, that the SOFTREST Trigger is not succesfull, but the HARRESET
trigger does.

So i think it is related to "Renegotiate data channel key" process.

regards

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 8:21 pm
by jaxed7
7.10 (almost) stable. Just get rid of OVPN and solves a bulk of issues.
My friend, I'm curious as to why you're opposed to OVPN and actively seeking its removal from RouterOS. However, a simple poll would reveal that a significant number of RouterOS users rely on OVPN. Why, you ask? It's because in areas and countries with high levels of restriction, OVPN is often the last and only solution that works. Additionally, it's highly compatible with a wide range of operating systems and devices, making it a versatile choice for many users.

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 9:12 pm
by Plugpulled
Upgraded both my RB4011 and HAP AX3 using as AP.

RB4011 (Wifi) - stable on 7.9 and 7.10 via LAN and Wifi.

HAP AX3 i upgraded from 7.8 because 7.9 was very unstable with constant Wifi disconnections, random restarts so had to downgrade to 7.8. But even on 7.10 i'm still having the same issue. Downgrading to 7.8 its stable. I have connected Hap Ax3's Ether1 port to ether10 POE port of RB4011 so made my ether1 port of hap ax3 as LAN. DHCP on bridge(ether1, wifi2g, wifi5g). Wifi works for some 30mins then none of my devices are getting connected Mac, iPhone, Homepod, PS5, TV etc until i reboot the ax3. I have no errors in log.

Is anyone else having the same problem?

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 9:14 pm
by anav
7.10 (almost) stable. Just get rid of OVPN and solves a bulk of issues.
My friend, I'm curious as to why you're opposed to OVPN and actively seeking its removal from RouterOS. However, a simple poll would reveal that a significant number of RouterOS users rely on OVPN. Why, you ask? It's because in areas and countries with high levels of restriction, OVPN is often the last and only solution that works. Additionally, it's highly compatible with a wide range of operating systems and devices, making it a versatile choice for many users.
Hi Jax, thanks for taking the time to make a thoughtful reply. I didnt know that was the case ( last hope for VPN in some areas ) and if so, then agree the ongoing lack of focus to fix the issues is more than annoying, its disrespectful.
I thought ovpn was something cooked up by those using non ipsec routers and using merlin and other after market hack firmwares to emulate VPN. With the advent of wireguard I saw no purpose for a hack job VPN. Wireguard is also cross platform. Are you saying that OVPN is possible where Wireguard is not? I would have thought zerotier a much better solution for such difficult situations?

In any case, I will no longer mention OVPN in a negative light, and come on Mikrotik FIX IT ALREADY!! Then add zerotrust cloudflare tunnel!!

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 9:23 pm
by Rox169
Upgraded both my RB4011 and HAP AX3 using as AP.

RB4011 (Wifi) - stable on 7.9 and 7.10 via LAN and Wifi.

HAP AX3 i upgraded from 7.8 because 7.9 was very unstable with constant Wifi disconnections, random restarts so had to downgrade to 7.8. But even on 7.10 i'm still having the same issue. Downgrading to 7.8 its stable. I have connected Hap Ax3's Ether1 port to ether10 POE port of RB4011 so made my ether1 port of hap ax3 as LAN. DHCP on bridge(ether1, wifi2g, wifi5g). Wifi works for some 30mins then none of my devices are getting connected Mac, iPhone, Homepod, PS5, TV etc until i reboot the ax3.

Is anyone else having the same problem?
Yes, read the forum... many people reported this bug. It is in 7.9 and 7.10. You should downgrade to 7.8

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 9:27 pm
by Plugpulled
Upgraded both my RB4011 and HAP AX3 using as AP.

RB4011 (Wifi) - stable on 7.9 and 7.10 via LAN and Wifi.

HAP AX3 i upgraded from 7.8 because 7.9 was very unstable with constant Wifi disconnections, random restarts so had to downgrade to 7.8. But even on 7.10 i'm still having the same issue. Downgrading to 7.8 its stable. I have connected Hap Ax3's Ether1 port to ether10 POE port of RB4011 so made my ether1 port of hap ax3 as LAN. DHCP on bridge(ether1, wifi2g, wifi5g). Wifi works for some 30mins then none of my devices are getting connected Mac, iPhone, Homepod, PS5, TV etc until i reboot the ax3.

Is anyone else having the same problem?
Yes, read the forum... many people reported this bug. It is in 7.9 and 7.10. You should downgrade to 7.8
Yeah i have downgraded to 7.8 :(

Re: v7.10 [stable] is released!

Posted: Sun Jun 18, 2023 10:40 pm
by frank333
With webfig you can no longer see the data clearly, every time you have to open the submenu.
Even when writing scripts, the input form is really painful.
I wonder why when there is a functional interface it is always changed to a nonsensical one.
The remove and run script buttons are too close together sometimes you risk deleting the script .😡
Schermata del 2023-06-18 21.30.39.jpeg

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 5:05 am
by buset1974
finally v7 can do /routing/bgp/advertisement print.
i dont know when exactly this feature silently added.

thx

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 8:58 am
by Paternot
I thought ovpn was something cooked up by those using non ipsec routers and using merlin and other after market hack firmwares to emulate VPN. With the advent of wireguard I saw no purpose for a hack job VPN. Wireguard is also cross platform. Are you saying that OVPN is possible where Wireguard is not? I would have thought zerotier a much better solution for such difficult situations?
Far from it. The implementation of OVPN used by Mikrotik is... not great. But the VPN itself is quite good, and have several capabilities that are usefull. One of them is easy of use when dealing with a huge number of clients - since one can force configurations on them, and they can be made by templates. Another is the use of signed certificates - that is another great thing in several situations.

One thing that OVPN does different from Wireguard is the possibility of using TCP. One can pass through several simple firewalls (if they don't do DPI) just using OVPN/TCP on port 443.

Wireguard has a smaller codebase, is easier to do simple things with and is faster. OVPN does several things that we would have to hack away with Wireguard to get working.

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 9:08 am
by nichky
does anyone have ovpn running on v7.10?

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 9:41 am
by own3r1138
Anyone who uses OVPN knows that anything higher than 7.7 will render OVPN unusable.

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 9:51 am
by own3r1138
I thought ovpn was something cooked up by those using non ipsec routers and using merlin and other after market hack firmwares to emulate VPN.
viewtopic.php?t=196619#p1005390

Are you saying that OVPN is possible where Wireguard is not? YES

I would have thought zerotier a much better solution for such difficult situations?
That one is also restricted due to US sanctions.

In any case, I will no longer mention OVPN in a negative light, and come on Mikrotik FIX IT ALREADY!! Then add zerotrust cloudflare tunnel!!
Firstly, thank you for not being toxic about OVPN anymore.
Secondly, don't we all wait for that day to come?

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 11:37 am
by mantouboji
In 7.10 Let's Encrypt problem still exists?

If my dynamic DNS have both IPv4 and IPv6 address, /certificate/enable-ssl-certificate dns-name=MYNAME.duckdns.org will run , but since IPv4 port 80 was blocked by ISP, failed at end.

If DDNS has only IPv6 address, without IPv4 . it will fail at all, like this:
[admin@RB4011] > /certificate/enable-ssl-certificate dns-name=my4011.duckdns.org
  progress: [error] could not resolve 'my4011.duckdns.org'
but reolve OK:

[admin@RB4011] > :put [ :resolv  my4011.duckdns.org ]               
240e:xxxx:xxxx:xxxx::1


Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 11:49 am
by petardo
After the upgrade to v7.10 (stable). The ovpn client will no longer emerge into the the ip/address table. Also there will be a missing entry in the routing table, i.e. there is no gateway. Due to this, the router is no longer able to exchange ip packets between the network and the ovpn client.
same here

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 11:55 am
by miasharmse84
Upgraded our CCR2216 to 7.10. We are running BGP with around 500k routes on IPv4. This is working for us at least for the last 24 hours.

We have an issue with IPv6. When going to "IPv6 - Routes", it seems as if Winbox is loading all IPv4 Routes
When running "ipv6/route/print count-only" in terminal I get 30 routes on IPv6, howerver, when opening the IPv6 -Routes window in Winbox it is counting up to 500k (see screenshot)
IPv6-Routes.png

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 2:20 pm
by pe1chl
Yes that is correct, it seems that the IP->Routes and IPv6->Routes views are just "filters" on a single table with all the routes.
However, there seems to be a problem in your case. In my router I *do* see the IPv6 routes in that window.
(but then it shows "22 items out of 1180" where 1180 is the total number of routes for IPv4 and IPv6)
Doesn't it show the routes after it has finished the counting?

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 2:55 pm
by DarkNate
For those asking for EIM-NAT aka full cone NAT, as I kept saying, MikroTik's implementation is broken.

I tested it with this tool:
https://github.com/HMBSbige/NatTypeTester

While it is "endpoint independent mapping", it fails to comply with the RFCs. Because when I test using the tool, it is port restricted cone, meaning only the original destination peer can reach back to your IP:Port. ANY external peers cannot reach your IP:Port, therefore RFC violation.

This problem doesn't exist on Cisco, Juniper and many other vendors like Huawei that supports REAL full cone NAT.

I have no idea what's going on with MikroTik software quality. I disabled the EIM-NAT config in my personal lab because it's simply broken and seems to make it even worse than tradtional netmap config.

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 3:21 pm
by hashbang
mpls - added FastPath support;
wht will be the advantage of this feature. We are planning to use crs 317 for mpls/vpls . Will it benefit in P case scenario
ty

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 3:28 pm
by strods
Regarding the OVPN issue with "Problem accepting server-pushed peer-id: parse/range issue"! We have managed to reproduce the problem and are working on a fix for it.

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 3:35 pm
by miasharmse84
Yes that is correct, it seems that the IP->Routes and IPv6->Routes views are just "filters" on a single table with all the routes.
However, there seems to be a problem in your case. In my router I *do* see the IPv6 routes in that window.
(but then it shows "22 items out of 1180" where 1180 is the total number of routes for IPv4 and IPv6)
Doesn't it show the routes after it has finished the counting?
It does eventually show the IPv6 routes, but I have to wait several minutes for it to work through all the IPv4 routes.
Is it supposed to be like that?

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 3:49 pm
by pe1chl
It does eventually show the IPv6 routes, but I have to wait several minutes for it to work through all the IPv4 routes.
Is it supposed to be like that?
Well, I think not. But at the moment it seems to be how it works.
I have two suggestions for improvement:
1. for this particular case, there should be a separate command to retrieve IPv4 and IPv6 routes only, which does fast selection before going through the entire list
2. in general, winbox should be changed so that filters specified in the GUI are actually sent to the router and applied there, instead of applying them locally in winbox on the plain data retrieved from the router.

This is especially important on large collections of data like route tables, connection tables, DNS cache, etc.

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 3:56 pm
by VadiKO
I also have a problem with my hAP AX3

Wi-Fi disappears and the log gives an error: key handshake timeout

Solved the problem by rolling back to 7.8

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 5:01 pm
by DarkNate
I also have a problem with my hAP AX3

Wi-Fi disappears and the log gives an error: key handshake timeout

Solved the problem by rolling back to 7.8
This seems to have fixed that problem for me:
disable-pmkid=yes

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 5:11 pm
by leonardogyn
After the upgrade to v7.10 (stable). The ovpn client will no longer emerge into the the ip/address table. Also there will be a missing entry in the routing table, i.e. there is no gateway. Due to this, the router is no longer able to exchange ip packets between the network and the ovpn client.
.
I *cannot* confirm that ... everything working just fine here with v7.10 as openvpn-client on several (about 30) boxes of different models. And overal, ovpn-client seems pretty stable now, after the v7.8 nightmare has ended.

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 5:33 pm
by spippan


For now, all BGPs uptime for 19:10:13 without interruption....
Still all up and working without problems. (2d 16:54:56)
BFD activated or BFD not in use at the moment?

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 6:05 pm
by ksteink
I have updated the following devices:

- 1 x CRS328-24P
- 2 x RB5009UG
- 2 x RB450Gx4
- 2 x cAP
- 5 x CRS326-24G
- 3 x RB4011
- 1 x RB3011
- 2 x RB2011
- 10 x hAP AC2
- 6 x hEX S
- 1 x RB951Ui-2HnD

All went well with no issues detected during the upgrade or afterwards :)

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 8:41 pm
by obscurus
After update to v7.10 on RB5009 and BFD enable i see
OSPFv2 crypto sequence invalid spam in log every 2-5 second, but i can't see any problem with ospf.
ospf-1 { version: 2 router-id: 192.168.77.1 } ospf-area-1 { 0.0.0.0 } interface { p2p 172.16.18.1%wireguard3 } neighbor { router-id: 192.168.100.2 state: Full } crypto sequence invalid
How i can disable it?

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 10:58 pm
by lele

That is a very general statement you are stating. There are plenty of reports but not all can be attributed to ROS, many can be misconfiguration. When you say fix will come at 7.11, it is understood that some particular fix will come at 7.11.
It's a general statement for sure. But 7.10 still has some major issue with wifiwave2 at least on the hap ax^[2|3].
We have several systems, they work perfectly stable on 7.8, can't stay up more than 24hrs on 7.9 and 7.10 final before needing a reboot, or no client can associate ('key handshake timeout').

Wouldn't bet a finger on configuration, given how quirky wifiwave2 configuration is, yet, if it works fine for 24 hours, and works on 7.10, the odds are slim.

Re: v7.10 [stable] is released!

Posted: Mon Jun 19, 2023 11:30 pm
by macak
After the upgrade to v7.10 (stable). The ovpn client will no longer emerge into the the ip/address table. Also there will be a missing entry in the routing table, i.e. there is no gateway. Due to this, the router is no longer able to exchange ip packets between the network and the ovpn client.
.
I *cannot* confirm that ... everything working just fine here with v7.10 as openvpn-client on several (about 30) boxes of different models. And overal, ovpn-client seems pretty stable now, after the v7.8 nightmare has ended.
Hi.

What do you mean 'boxes'? Other mikrotik routers?. Do you try ovpn clients on other OSes like Android/Windows/Linux?

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 12:14 am
by dooh
Ok, so prefix count for IPv6 does not seem to work ok, prefinx count shows as "4294909605" which is invalid, it should show about 174K
#sh ipv6 bgp neighbors 1011::15 advertised-routes
There are 174824 routes advertised to neighbor 1011::15
routing-table=peerings nexthop-choice=force-self multihop=yes hold-time=1m30s keepalive-time=30s uptime=20h36m51s880ms last-started=2023-06-19 03:25:31 last-stopped=2023-06-19 03:25:21 prefix-count=4294909605

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 4:06 am
by leonardogyn
What do you mean 'boxes'? Other mikrotik routers?. Do you try ovpn clients on other OSes like Android/Windows/Linux?
.
By "boxes" i mean different MK routers, different models. All my MK routers are using ovpn-client, protocol TCP, to a Linux server. Have not tried other combinations indeed.

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 7:15 am
by kcarhc
pleacse check SUP-119718
[RouterOS 7.10]router was rebooted without proper shutdown
on RouerOS 7.9 CHR working well for long time.
SUP-119718.jpg

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 9:17 am
by mazel
Still having issues with Wireless Clients. But now, it seems that after upgrade from 7.8 to 7.10 only devices with WiFi6 chips - Samsung S22 (6) and laptop with Intel AX210 (6E) - having issues and not connecting, other devices connects without issues (configuration more or less the same as in topic viewtopic.php?t=195929). When I downgrade back to 7.8 all devices connects flawlessly.

ROS 7.10 on RB5009 ok.
ROS 7.10 on LtAP mini ok.
ROS 7.10 on LHG XL 5 ac ok.
ROS 7.10 on hAP (RB951Ui-2nD) ok.
ROS 7.10 on HEX S ok.
ROS 7.10 on hEX ok.

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 9:38 am
by gigx205
Also having problems with my OpenVPN on 7.10.

I reverted back to 7.9.2. - everything works fine

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 11:18 am
by Muschelpuster
I *cannot* confirm that ... everything working just fine here with v7.10 as openvpn-client on several (about 30) boxes of different models. And overal, ovpn-client seems pretty stable now, after the v7.8 nightmare has ended.
I can't confirm this. After upgrading no OpenVPN is coming up on my RouterBoard. All clients are Mikrotik RouterBoards with different V6 FW. This issue occurs also with 6.49.8.

Niels

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 11:19 am
by volkirik
Dear Mikrotik Team;

Please fix OPENVPN, its time for 7.11 beta1

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 12:31 pm
by rextended
Regarding the OVPN issue with "Problem accepting server-pushed peer-id: parse/range issue"! We have managed to reproduce the problem and are working on a fix for it.

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 12:55 pm
by Rox169
Dear Mikrotik Team;

Please fix WiFi issue, its time for 7.11 beta :)

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 1:01 pm
by wuhoatu
Just updateed my Hex S to ROS 7.10 stable and it seems that Check Gateway = ping/arp/bfd does not working any more. I means case in IP / Route, Check Gateway = ping/arp/bfd will result Check Gateway Ok unchecked and all connections will be routing through main only.

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 1:36 pm
by Jotne
7.11 beta are for new functions.
7.10.1 are for fixing problems with 7.10 like Wifi/openVPN etc.
I am looking forward for 7.10.10 Long Term release. :)

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 1:46 pm
by rextended
The first long-term? 7.23.5 @ September....

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 1:57 pm
by ToTheFull
@Guntis thanks for the Alpha will test!

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 2:06 pm
by wispmikrotik
viewtopic.php?t=196170
We have introduced several improvements regarding the AX stability. It is still a work in progress, but in order to gather more feedback as soon as possible, here is a link to the latest alpha version that contains these fixes. The fixes are mainly targeted at the issue discussed in this thread - the inability of WifiWave2 interfaces to authenticate the clients.

Please treat it with caution. If you experience any wireless-related issues with this alpha build, then let us know at support@mikrotik.com
https://box.mikrotik.com/d/e700b4d034174bce8a22/

In a few hours, we will test this version. Thank you @Guntis.

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 2:19 pm
by rextended
Well...

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 2:37 pm
by DarkNate
Well...
I don't know why MikroTik calls it “stable”, when it's really beta, and why they call it beta when it's really alpha.

I'm a big MikroTik user, but I'm losing faith in their software quality and Q/A.

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 2:43 pm
by bluecrow76
Mikrotik support provided me with the same ROS routeros-7.11alpha126 firmware to try about an hour ago.

While I didn't have any physical hardware I could easily test the alpha firmware on, I spun up a test CHR instance with 7.10 and verified that the OpenVPN Server bug was present on a CHR instance. I then upgraded the test instance to ROS 7.11alpha126. I can confirm that after the upgrade I can once again connect to the Mikrotik OpenVPN server (TCP) once again using OpenVPN Connect client version 3.3.7 (2979) (latest).

Looking forward to that fix being incorporated into the "stable" firmware. 👍

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 3:40 pm
by Smokeshow
A couple issues

1) CCR2004-16F-2S+PC, "export" fails for me. Seemingly related to the bridge config. Other areas export successfully.
[admin@MikroTik] /interface/bridge> export
# 2023-06-20 06:33:15 by RouterOS 7.10
# software id = 1839-P0T5
#
# model = CCR2004-16G-2S+
# serial number = HDD085GSQZX
/interface bridge
add ingress-filtering=no name=bridge priority=0 vlan-filtering=yes
[admin@MikroTik] /routing> export
# 2023-06-20 06:38:09 by RouterOS 7.10
# software id = 1839-P0T5
#
# model = CCR2004-16G-2S+
# serial number = HDD085GSQZX
/routing id
add disabled=no id=x.x.x.x name=x.x.x.x select-dynamic-id="" select-from-vrf=main
/routing ospf instance
add disabled=no name=ospf-instance-1 originate-default=never redistribute="" router-id=x.x.x.x routing-table=main
/routing ospf area
add disabled=no instance=ospf-instance-1 name=ospf-area-1
/routing ospf interface-template
add area=ospf-area-1 auth=md5 auth-id=1 auth-key=comm2000 disabled=no interfaces=sfp1.vlan2001
add area=ospf-area-1 disabled=no interfaces=bridge,vlan5,vlan15,vlan30 passive
2) Most likely related to above. In winbox or webfig, the Bridge -> Hosts is blank.

3)I cannot pass tagged VLAN traffic across a bridge (bridge is configured as all 16 ether, and SFP+2) unless I add the "bridge" interface as a tagged member of the particular VLAN. I would post my config, but I cannot export.
This works, but if I remove "bridge" from tagged, it will not pass, at the very least from SFP+ to ether ports.
Screenshot 2023-06-20 064323.png

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 4:09 pm
by kcarhc
Dear Mikrotik Team;

Please fix DNS issue, its time for 7.10.1

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 4:14 pm
by Frederick88
updated hAP ax3 to 7.10 stable.

WiFI seems a lot better. No "authentication" related errors, and no 5GHz radio malfunctions yet.

I also noticed that my laptop picks up the SSID from the hAP instantly now, whereas <7.10 the SSID took a lot longer to show compared to other wifi APs in the area...

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 5:16 pm
by JJT211
Put into production on CCR2116-12G-4S+ with 3 full BGP tables (2 IPv4 only, 1 IPv6 only)
No, I haven't gone crazy, I have multiple RouterBOARDs in HA on the same link...
Ive seen you post this several times that you have 2 RB's in HA. One with v6 and the other on the latest v7. Just curious, how are you doing this? VRRP?

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 5:44 pm
by rextended
Yes, and they do nothing else, so that if there is a microbreak, the customers lines do not fall. (the uptime is now 4d 22:42:48)

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 6:47 pm
by raphaps
Openvpn is working again on version 7.11alpha126 provided by support. Android clients are now able to connect. Test performed on an RB4011.

7.11alpha126

Posted: Tue Jun 20, 2023 7:52 pm
by volkirik
get 7.11alpha (development) for testing

https://box.mikrotik.com/d/c1ce5f170ea1467db0d2/

contact support for feedback

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 9:45 pm
by Jotne
If you read some post up in the thread, there is a download link. Post by wispmikrotik

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 11:06 pm
by Joe1vm
*) container - fixed "container pull" to support OCI manifest format
Thank you. It works well now.

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 11:29 pm
by holvoetn
If you read some post up in the thread, there is a download link. Post by wispmikrotik
Only arm and arm64 in that link (probably because those are the wifiwave2 capable platforms).

Re: v7.10 [stable] is released!

Posted: Tue Jun 20, 2023 11:45 pm
by clambert
*) mpls - added FastPath support;
Has anyone tried this functionality? Counters associated with fast-path in /mpls/settings/ are kept at zero:

[admin@LSR] > mpls/settings/print 
     dynamic-label-range: 16-1048575
           propagate-ttl: yes
         allow-fast-path: yes
  mpls-fast-path-packets: 0
    mpls-fast-path-bytes: 0

Re: v7.10 [stable] is released!

Posted: Wed Jun 21, 2023 4:19 am
by jeremyb
1) remove any public and private keys
2) downgrad to 7.8
3) import both public and private keys , ssh client is OK
4) upgrade to 7.10
5) ssh client OK

but If remove all key and re-import in 7.10, ssh client broken.

In 7.10. letsencrypt broken again? my duckdns.org dynamic domain name only has a AAAA ipv6 address .
I confirm this is still happening in v7.10
It may even work one time and then not work the next.

Re: v7.10 [stable] is released!

Posted: Wed Jun 21, 2023 1:35 pm
by nclmrc
LLDP-MED (Voice VLAN) on NON POE Port doesn't work from 7.8

viewtopic.php?p=987143#p987143

Re: v7.10 [stable] is released!

Posted: Wed Jun 21, 2023 3:14 pm
by Paternot
--- EDITED TYPO --

Problem with Wireguard. hEX upgraged from 7.9.1 to 7.10 stable.

With 7.9.1 it worked perfectly, with several clients - some of them I used my same private key. Others I used a different one. All of them have different public keys. VPN traffic is IPv6 only and the peers are IPv4 only.

First problem: wireguard connection is established, but no traffic pass between hosts.
Solution: add "::/0" to the list of "allowed-address". I already had "allowed-address=fd00::/8,fe80::/10" declared (these hosts only use private IPv6 networks, hence the "fd00::/8" part). After this, the router can ping the peer and my BGP peerings are up again. But not much else.

Second problem, after solving the first one:
A client on one network can't ping even the interface of the other peer. Yes, it worked before. Yes, I downgraded to 7.9.1 and everything is back to normal.

So, back to 7.9.1 and waiting on 7.10.1

Re: v7.10 [stable] is released!

Posted: Wed Jun 21, 2023 4:30 pm
by kcarhc
Anyone who has upgraded to 7.10 and encounters DNS crashes,
can try using the following code to disable the dns-to-address-list configuration first:
/ip dns static set [find where address-list!=""] address-list=""
It is known that version 7.10, due to the addition of endpoint-independent-nat, involves major changes to the firewall.
This causes the dns-to-address-list interaction feature to induce DNS crashes.

Re: v7.10 [stable] is released!

Posted: Wed Jun 21, 2023 7:55 pm
by ntsecrets
Why is a stable version released with a half-hearted implementation of the change in time format?
I think it is a good change in principle, but it seems controversial for scripting (discussion elsewhere) and now we have a mix of formats all over the place.
Would it not be better to make the complete change, or roll back when it cannot be completed, at the point of stable release?
Also they know that are a problem on dates show on webfig, and I just found that it depends of your browser timezone.
I am seeing this too, the dates shown in webfig are one day behind the real date which was totally confusing. Checked via the console and the date and time are correct there. Version 7.10 on 2 different devices.

Re: v7.10 [stable] is released!

Posted: Wed Jun 21, 2023 8:06 pm
by eworm
I do not think this is expected... Can we have the year in logs, please? (Time only for the current day is ok, but just part of the date is a no-go.)
[admin@jupiter] > /log/print
[...]
 06-20 09:04:34 ssh,info publickey accepted for user: admin
[...]
By the way... Why do the lines start with a space?

Re: v7.10 [stable] is released!

Posted: Wed Jun 21, 2023 8:46 pm
by kiaunel
After the upgrade to v7.10 (stable). The ovpn client will no longer emerge into the the ip/address table. Also there will be a missing entry in the routing table, i.e. there is no gateway. Due to this, the router is no longer able to exchange ip packets between the network and the ovpn client.
same here
I can confirm this , if the clients are added to a bridge , from profile , there is no ip entry or route to them. When they are not included in the bridge you can reach them .
But still have some problems with connects/disconnects like every version after 7.7

Re: v7.10 [stable] is released!

Posted: Thu Jun 22, 2023 2:46 am
by kcarhc
please check SUP-119969
[RouterOS 7.10]kernel failure in previous boot
kernel failure in previous boot.jpg

Re: v7.10 [stable] is released!

Posted: Thu Jun 22, 2023 3:12 am
by jaxed7


My friend, I'm curious as to why you're opposed to OVPN and actively seeking its removal from RouterOS. However, a simple poll would reveal that a significant number of RouterOS users rely on OVPN. Why, you ask? It's because in areas and countries with high levels of restriction, OVPN is often the last and only solution that works. Additionally, it's highly compatible with a wide range of operating systems and devices, making it a versatile choice for many users.
Hi Jax, thanks for taking the time to make a thoughtful reply. I didnt know that was the case ( last hope for VPN in some areas ) and if so, then agree the ongoing lack of focus to fix the issues is more than annoying, its disrespectful.
I thought ovpn was something cooked up by those using non ipsec routers and using merlin and other after market hack firmwares to emulate VPN. With the advent of wireguard I saw no purpose for a hack job VPN. Wireguard is also cross platform. Are you saying that OVPN is possible where Wireguard is not? I would have thought zerotier a much better solution for such difficult situations?

In any case, I will no longer mention OVPN in a negative light, and come on Mikrotik FIX IT ALREADY!! Then add zerotrust cloudflare tunnel!!
Hello Anav, I haven't had much experience with Wireguard as it is often blocked by certain ISPs, areas, or countries in the networks I work with. However, there may be some advanced settings that can be adjusted to make it work. Regarding Zerotier, I have heard a lot about it but have not yet had the opportunity to explore it. I am hopeful that MikroTik will add it to their offerings, as more options are always better. With their packages, the possibilities are endless. If the MikroTik team cannot keep up with demand, perhaps it is time to consider going semi or completely open source and allowing the community to build what they need.

It is worth noting that heavy DPI and filtering on Cloudflare IPs have made their services less useful.

By the way, I would be happy to grant you access to these types of networks and environments. With your expertise, we may be able to find a solution together.

Re: v7.10 [stable] is released!

Posted: Thu Jun 22, 2023 6:57 am
by kenyloveg
previous (7.9.x) ikev2 site to site is not working on 7.10 (upgraded from 7.9.x)
already reported through support, still no feedback

Re: v7.10 [stable] is released!

Posted: Thu Jun 22, 2023 7:59 am
by Jotne
I do not think this is expected... Can we have the year in logs, please? (Time only for the current day is ok, but just part of the date is a no-go.)
[admin@jupiter] > /log/print
[...]
 06-20 09:04:34 ssh,info publickey accepted for user: admin
[...]
By the way... Why do the lines start with a space?
There is a simple solution to this. Why not use the 21 !!!!! year old standard for time format?
https://www.rfc-editor.org/rfc/rfc3339

Re: v7.10 [stable] is released!

Posted: Thu Jun 22, 2023 8:11 am
by Larsa
IMO the whole date-gate disaster should be fixed once and for all.

Re: v7.10 [stable] is released!

Posted: Thu Jun 22, 2023 10:13 am
by eworm
I think with "time format according to ISO standard" they refer to ISO 8601, which is fine.

However the year should not be stripped. I guess that is not intended and possibly a left-over from old code.

Re: v7.10 [stable] is released!

Posted: Thu Jun 22, 2023 10:15 am
by rextended
By the way... Why do the lines start with a space?
(because month/day are xxx/xx on previous format, etc.)

Re: v7.10 [stable] is released!

Posted: Thu Jun 22, 2023 10:18 am
by rextended
However the year should not be stripped.
IMO the whole date-gate disaster should be fixed once and for all.

The problem on the crap format of the date on the log, 4 different formats depending on the date and time of the machine...
We have been asking them for years that the format of the date in the logs must be only one yyyy-MM-dd hh:mm:ss, regardless current date and time........

Re: v7.10 [stable] is released!

Posted: Thu Jun 22, 2023 10:55 am
by cyayon
Anyone who has upgraded to 7.10 and encounters DNS crashes,
can try using the following code to disable the dns-to-address-list configuration first:
/ip dns static set [find where address-list!=""] address-list=""
It is known that version 7.10, due to the addition of endpoint-independent-nat, involves major changes to the firewall.
This causes the dns-to-address-list interaction feature to induce DNS crashes.
Hi,

what are "major changes to the firewall" please ?

Re: v7.10 [stable] is released!

Posted: Thu Jun 22, 2023 11:02 am
by mrz
There are no major changes in firewall.

Re: v7.10 [stable] is released!

Posted: Thu Jun 22, 2023 12:15 pm
by cyayon
There are no major changes in firewall.
Thanks.
Do you plan to release a 7.10.1 to resolve DNS static issues ?

Re: v7.10 [stable] is released!

Posted: Thu Jun 22, 2023 12:46 pm
by nmt1900
Finally decided to bite the bullet and upgrade 7.9.2 -> 7.10. PPPoE WAN and IKE2 VPN work as before and CPU usage on old CRS112 switch seems to have gone down a little bit (Dude shows the change 11% -> 8-9%).

DynDNS seems to work OK. As I have OpenVPN deployed only on v6 then I can not tell anything about that on this one...

Re: v7.10 [stable] is released!

Posted: Thu Jun 22, 2023 1:20 pm
by strods
Anyone who has upgraded to 7.10 and encounters DNS crashes,
can try using the following code to disable the dns-to-address-list configuration first:
/ip dns static set [find where address-list!=""] address-list=""
It is known that version 7.10, due to the addition of endpoint-independent-nat, involves major changes to the firewall.
This causes the dns-to-address-list interaction feature to induce DNS crashes.
This DNS issue has nothing to do with the firewall. The issue is caused by static entries with the address-list option enabled. The issue is reproduced and will be resolved as soon as possible.

Re: v7.10 [stable] is released!

Posted: Thu Jun 22, 2023 3:54 pm
by badmonkey
*) wireguard - fixed IPv6 traffic processing with multiple peers;
Doesn't seem like it.

The issue remains if the allowed-address set on the router is an ipv6 /64.
It works but only if that peer is the most recently enabled.
If another peer is enabled, the 1st will stop working on ipv6.
If the allowed-address is a /128 however the bug does seem to disappear. I can disabled/re-enable other peers no problem.

Re: v7.10 [stable] is released!

Posted: Thu Jun 22, 2023 4:01 pm
by eworm
The issue remains if the allowed-address set on the router is an ipv6 /64.
These networks do not overlap, no? If they do the behavior is expected.

Re: v7.10 [stable] is released!

Posted: Thu Jun 22, 2023 4:03 pm
by noradtux
*) wireguard - fixed IPv6 traffic processing with multiple peers;
Doesn't seem like it.

The issue remains if the allowed-address set on the router is an ipv6 /64.
It works but only if that peer is the most recently enabled.
If another peer is enabled, the 1st will stop working on ipv6.
If the allowed-address is a /128 however the bug does seem to disappear. I can disabled/re-enable other peers no problem.
Wait, do the allowed-address ranges of your peers overlap or are they even identical? If so, I would be surprised if it where supported.

Re: v7.10 [stable] is released!

Posted: Fri Jun 23, 2023 4:14 am
by pcunite
ROS 7.10 seems that Check Gateway = ping/arp/bfd does not work any more. In IP / Route, Check Gateway = ping/arp/bfd will result in Check Gateway Ok. Unchecked and all connections will be routing through main only.

I don't know when, but this seems to have been introduced a couple of versions back. It appeared to work with ROS v7.7. I'm having similar trouble trying to implement MultiWAN on anything newer.

Update:
The issue was not with v7.10 and not a bug. Just a change in behavior with how RoS v7 works.

Re: v7.10 [stable] is released!

Posted: Fri Jun 23, 2023 2:01 pm
by dinosgb
new modem FW release for the Chateau 5G after the 7.10 upgrade!
Dear Support, can you pls post a summary of the improvements in the new modem FW release?
thank you

Re: v7.10 [stable] is released!

Posted: Fri Jun 23, 2023 2:59 pm
by radekpv
cAP ax lost wifi interface after upgrade to version 7.10 - tested on 2 pieces.
On the first cap ax - reset to default, netinstall , system routerboard upgrade ... - not helped

A new cap ax out of the box, turned on, updated from original version 7.7 to 7.10 arm64 - package routeros-7.10-arm64.npk:
[admin@MikroTik] > system/routerboard/print
routerboard: yes
board-name: cAP ax
model: cAPGi-5HaxD2HaxD
serial-number: HE6.......
firmware-type: ipq6000
factory-firmware: 7.7
current-firmware: 7.7
upgrade-firmware: 7.10

[admin@MikroTik] > log/print
00:04:02 system,info installed system-7.10
00:04:02 system,info router rebooted
00:04:13 interface,info ether2 link up (speed 1G, full duplex)
00:04:15 system,info,account user admin logged in from 70:85:C2:94:68:8A via winbox
00:04:44 script,warning DefConf gen: Unable to find wireless interface(s)
00:04:44 system,error,critical error while running customized default configuration script: interrupted
00:04:44 system,error,critical
00:13:57 system,info,account user admin logged in via local
00:14:10 smb,info created new share: pub

[admin@MikroTik]

Re: v7.10 [stable] is released!

Posted: Fri Jun 23, 2023 3:15 pm
by holvoetn
Netinstall is not a typical upgrade process.
Most likely you forgot wifiwave2 package during netinstall.
Using normal upgrade, it would have been upgraded together with main package.

On AX devices: no wifiwave2 package = no wifi.
Add the package manually or netinstall again including wifiwave2 package.

PS personal advice: move to 7.11 beta. A lot of AX wifi issues are solved there.
Or back down to 7.8, it was a lot better there too.

Re: v7.10 [stable] is released!

Posted: Fri Jun 23, 2023 3:24 pm
by radekpv
maybe i wrote not clearly:
First piece upgraded from 7.7 to 7.10 - lost wifi.
downgraded to 7.8 - lost wifi
netinstall to 7.10 - lost wifi

Second piece - just taken out of the box, moved routeros-7.10-arm64.npk package to files, system - reboot.
after reboot - lost wifi

I'm afraid to test the third piece :-(

Re: v7.10 [stable] is released!

Posted: Fri Jun 23, 2023 3:27 pm
by rextended
*** post out of order ***

Re: v7.10 [stable] is released!

Posted: Fri Jun 23, 2023 3:28 pm
by holvoetn
And where and when did you add wifiwave2 package because you used a manual approach ?

I've handled 11 cAP AX devices just 3 weeks ago.
All worked out of the box on 7.8. On 3 I had a problem after upgrade requiring netinstall (login problems) but even that went flawless.
But I always use the upgrade process via winbox which also handles the wifiwave2 package.
For netinstall I made sure to INCLUDE the wifiwave2 package. It does not come out of thin air on itself on the device.

Re: v7.10 [stable] is released!

Posted: Fri Jun 23, 2023 3:30 pm
by rextended
maybe i wrote not clearly:
But for sure you do not read.

If you do the upgrade or update by hand, you must also install the wifiwave2 package

Re: v7.10 [stable] is released!

Posted: Fri Jun 23, 2023 3:30 pm
by Amm0
Second piece - just taken out of the box, moved routeros-7.10-arm64.npk package to files, system - reboot.
after reboot - lost wifi
Well, it probably shouldn't do that. But...you might want to try manually adding the wifiwave2 package from https://download.mikrotik.com/routeros/ ... 1beta2.zip – that will have wifiwave2.npk that you can copy to Files on router and reboot – see if that at least fixes it.

Re: v7.10 [stable] is released!

Posted: Fri Jun 23, 2023 3:31 pm
by holvoetn
Well, it probably shouldn't do that. But...you might want to try manually adding the wifiwave2 package from https://download.mikrotik.com/routeros/ ... 1beta2.zip – that will have wifiwave2.npk that you can copy to Files on router and reboot.
Be careful with version mismatches ...

BTW the correct approach there should have been:
Second piece - just taken out of the box, moved routeros-7.10-arm64.npk AND wifiwave2-7.10-arm64 package to files, system - reboot.
after reboot - wifi !

Re: v7.10 [stable] is released!

Posted: Fri Jun 23, 2023 3:43 pm
by radekpv
My bad - after installing wifiwave2-7.10-arm64.npk both wifi are visible
Thank you for your help!

Re: v7.10 [stable] is released!

Posted: Fri Jun 23, 2023 3:48 pm
by Amm0
I guess I thought this release notes was about this very case, perhaps not.
*) upgrade - do not run manual upgrade if some packages are missing;

Re: v7.10 [stable] is released!

Posted: Fri Jun 23, 2023 5:13 pm
by holvoetn
That's a very correct observation.

Re: v7.10 [stable] is released!

Posted: Fri Jun 23, 2023 5:34 pm
by Pea
I guess I thought this release notes was about this very case, perhaps not.
*) upgrade - do not run manual upgrade if some packages are missing;

this was implemented from 7.10, not before

Re: v7.10 [stable] is released!

Posted: Fri Jun 23, 2023 5:45 pm
by holvoetn
Right as well !
With 7.7 as starting point, there was no safety guard for this omission.

Which makes me wonder then why the 11 devices I have received, all had 7.8 out of the box ?
cAP AX was released 3 months ago. 7.8 was released feb 27th ??
So why 7.7 on devices radekpv got ?
Not that it matters, it just makes me wonder ...

Re: v7.10 [stable] is released!

Posted: Fri Jun 23, 2023 6:25 pm
by Amm0
I guess I thought this release notes was about this very case, perhaps not.
this was implemented from 7.10, not before
Well...that's fair enough.

Hopefully one day the extra-packages will be checkbox/CLI to just add them, without some external download + [verison-matched] file copy or netinstall/etc – avoiding the issue entirely... Lot of useful functionality in extra-packages – but they require more steps to use than it should.

Re: v7.10 [stable] is released!

Posted: Sat Jun 24, 2023 6:20 pm
by KatsuroKurosaki
So far so good on my end but I would like to point out something, because our tools rely on mikotik's API a lot. The changelog states the following:

*) console - changed time format according to ISO standard;
*) webfix - changed time format according to ISO standard;

But I guess you forgot to add this one as well:

*) api - changed time format according to ISO standard;

All the time/date parsers started complaining since this update, so... code update and mass upgrade, lol

Re: v7.10 [stable] is released!

Posted: Sat Jun 24, 2023 9:36 pm
by pe1chl
As I already wrote, the time format change was only half done. Not good that it made it into a release version that way.

Re: v7.10 [stable] is released!

Posted: Sat Jun 24, 2023 10:30 pm
by Larsa
Yeah, just a half cooked date-gate so to speak…

Re: v7.10 [stable] is released!

Posted: Mon Jun 26, 2023 10:53 pm
by DarkNate
UDP port forwarding (manual dst-nat/netmap or UPnP or new EIM-NAT) is completely broken on ROSv7.10.

I downgraded to ROSv7.9.2 and it worked fine again.

viewtopic.php?t=165060#p1009730

Re: v7.10 [stable] is released!

Posted: Tue Jun 27, 2023 7:57 am
by Jotne
What does link has to do with your problem? Please post config.

Re: v7.10 [stable] is released!

Posted: Tue Jun 27, 2023 5:30 pm
by EdPa
What's new in 7.10.1 (2023-Jun-27 12:03):

*) ovpn - fixed OVPN server peer-id negotiation;
*) webfig - use router time zone for date and time;

Re: v7.10 [stable] is released!

Posted: Tue Jun 27, 2023 10:24 pm
by macak
Hi.

I updated to 7.10.1. and revert to 7.9.1 (again). OVPN connects but on Android device looks like no route to hosts behind VPN (routers are pulled from Mikrotik).
Probably at the weekend i will spend more time on testing it.

My configuration is lite bit complicated, so maybe it's case only conncteed to me.

There is:
1. OpenVPN both for remote users and routers.
2. VLANs for IOT, Users, 'DC' and few more,
3. IPTV (Orange).
4. CAPSMAN WiFiWave2 (+CAPS AX running on beta - without issues till now)..
5. Failover between two provides.

Note - I'm use only IPv4 at this moment.

Re: v7.10.1 [stable] is released!

Posted: Wed Jun 28, 2023 8:11 am
by Jotne
Please rename header on this thread to v7.10.1 [stable] is released! or do as you normally do, post a new thread for a new release.

Re: v7.10 [stable] is released!

Posted: Wed Jun 28, 2023 8:16 am
by Rox169
Why?? This is still stable 7.10. Do you want for every small update new thread? That is nonsence

Re: v7.10.1 [stable] is released!

Posted: Wed Jun 28, 2023 9:04 am
by pitron
Please rename header on this thread to v7.10.1 [stable] is released! or do as you normally do, post a new thread for a new release.
OVPN fixed ???

Re: v7.10 [stable] is released!

Posted: Wed Jun 28, 2023 10:47 am
by Jotne
@pitron how should I now (since you quoted my thread)
All are written in the change logs. And I see an OVPN fix there.
Why?? This is still stable 7.10. Do you want for every small update new thread? That is nonsence
All previous stable has its own thread.
Just look here: viewforum.php?f=21
There are threads for
7.9.2
7.9.1
7.9
6.49.6
7.4.1
+++

So this thread does not follow previous behavior.
Beta and RC has been in same thread.

Re: v7.10 [stable] is released!

Posted: Wed Jun 28, 2023 12:05 pm
by Ramas
Hello,
i found Mikrotik's OS strange behavior with certificates.
Mirotik requests every hour Certificate Revocation List (CRL).
Crl's have expiration date and i think, that Mikrotik OS must renew crl only when it expire or when router reboots.
Router OS version: 7.10
From IIS Log:
#Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: 2023-06-28 06:57:10
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken
2023-06-28 06:57:10 10.1.1.200 GET /*******CA.crl - 80 - *.*.*.* Mikrotik/7.x+Fetch 200 0 0 93
#Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: 2023-06-28 07:57:10
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken
2023-06-28 07:57:10 10.1.1.200 GET /*******CA.crl - 80 - *.*.*.* Mikrotik/7.x+Fetch 200 0 0 140
#Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: 2023-06-28 08:57:11
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken
2023-06-28 08:57:11 10.1.1.200 GET /*******CA.crl - 80 - *.*.*.* Mikrotik/7.x+Fetch 200 0 0 124

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jun 28, 2023 12:18 pm
by mrz
Then what is the point of using CRL at all if you want to know revoked certificates only after certificate validity expires?

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jun 28, 2023 12:31 pm
by erlinden
A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their actual or assigned expiration date.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jun 28, 2023 12:34 pm
by Ramas
Crl's have own expiration date, and it renews at expiration's end. There is no benefit from querying same crl every hour.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jun 28, 2023 12:37 pm
by erlinden
Now I understand your reply. The CRL's are created on a timely base and there is no benefit of requesting an update while their TTL is not reached.
However, I'm not sure if this timely base is standardized? Might be that Mikrotik updates regularly updates to make sure that no CLR update is missed. Without taking into account when the list is expired.
O.K. maybe i'm wrong, but what means and for what reason there are "Next update" field in crl?
Just updated my reply...hope it makes more sense.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jun 28, 2023 12:44 pm
by Ramas
O.K. maybe i'm wrong, but what means and for what reason there are "Next update" field in crl?

Re: v7.10.1 [stable] is released!

Posted: Wed Jun 28, 2023 1:49 pm
by volkirik
OVPN fixed ???
Nope. Anything going out to OVPN interface is marked "invalid" by ROS' firewall. Even if they are properly routed and NAT'ed.

RX counters show all zeros. Somehow TX queue is also FULL

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jun 28, 2023 2:06 pm
by volkirik
I suggest MT Team to get IPVanish account for testing OVPN and try to get it working with their latest ROS. They can also write tutorial on their Wiki.

I hope they can add OPENVPN Scramble support, too. Better implement it, ASAP.

Re: v7.10 [stable] is released!

Posted: Thu Jun 29, 2023 2:25 am
by DarkNate
What does link has to do with your problem? Please post config.
On ROSv7.10, neither method works. Downgraded to ROSv7.9.2 and method 2 works fine.
#Method 1#
add action=endpoint-independent-nat chain=srcnat out-interface-list=WAN protocol=udp randomise-ports=no src-address=192.168.0.0/24 to-addresses=1.1.1.1
add action=endpoint-independent-nat chain=dstnat dst-address=1.1.1.1 in-interface-list=WAN protocol=udp randomise-ports=no to-addresses=192.168.0.0/24
add action=netmap chain=srcnat ipsec-policy=out,none out-interface-list=WAN src-address=192.168.0.0/24 to-addresses=1.1.1.1

#Method 2#
add action=netmap chain=dstnat in-interface-list=WAN protocol=udp dst-port=1024-65535 dst-address=1.1.1.1 to-addresses=192.168.0.2
add action=netmap chain=srcnat ipsec-policy=out,none out-interface-list=WAN src-address=192.168.0.0/24 to-addresses=1.1.1.1

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Thu Jun 29, 2023 7:39 am
by Joe1vm
Pending random issue with ...... can't find PMKSA.... Then the interface does not accept the device. Reboot of the CAP or disabling and re-enabling of WIFI on the device help.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Thu Jun 29, 2023 8:51 am
by buddie02
Since 7.10 ipsec IKEv2 with ECDSA certificates are broken.

6.49.7 ECDSA <-> 7.9 ECDSA is worked
6.49.7 ECDSA <-> 7.10 and 7.10.1 ECDSA does not worked - errors "digital signature verification failed" at 7.10 and "authentication failed" at 6.49.2
6.49.7 ECDSA <-> 7.10 and 7.10.1 RSA does not worked
6.49.7 RSA <-> 7.10 and 7.10.1 RSA is worked
6.49.7 RSA <-> 7.10 and 7.10.1 ECDSA is worked.

All CA certificates is installed on both sides, peers certificates consists only "tls client" and "tls server" in key usage section, RSA 2048 bits, ECDSA P521 curve.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Thu Jun 29, 2023 9:25 am
by cyayon
Hi,

Does the 7.10.1 contain fix for DNS issue ?
If not, do you plan to release a 7.10.2 or should we waiting for 7.11 ?

Thanks.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Thu Jun 29, 2023 12:59 pm
by Ocean
After updating to 7.10.1 from 7.10, OpenVPN stopped working.
Connection is established, but there is no traffic through tunnel.
After downgraded to 7.10 and everything was OK.

/interface ovpn-client
add certificate=client_test.crt_0 cipher=aes256-cbc connect-to=xxx.xxx.xxx.xxx mac-address=02:4F:B6:A7:4B:B8 max-mtu=1400 name=ovpn-out1-far \
    port=12333 profile=openvpn-test.net protocol=udp user=test


Re: v7.10 and 7.10.1 [stable] is released!

Posted: Thu Jun 29, 2023 1:10 pm
by DanielT
+1 for the issue reported by Ocean. After updating to 7.10.1 from 7.10 OVPN has stopped working, Connection initially established but no traffic through tunnel, and then connection gets dropped due to inactivity timeout (ping restart)

UPDATE: Just checked and am getting the same OVPN issue in release 7.11beta2

Revert to 7.10 and it works again

Re: v7.10 [stable] is released!

Posted: Thu Jun 29, 2023 6:38 pm
by VolleyTom
RB4011 after update lost ovpn.
Connecting
Established
Disconndcted

<user> detect UNKNOWN
I am not sure how was before
Any ideas?
I have the same OVPN-Issue, with 7.10 and 7.10.1.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Fri Jun 30, 2023 10:45 am
by madgrok
+1
hAP ac^3
OpenVPN (UDP)
over ~ 6000 push route

7.7 - worked stably
7.8 - 7.10 - Disconect after ~60-120 minutes.
7.10.1 - warning - received OVPN option length exceeds limit

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Fri Jun 30, 2023 6:46 pm
by parham
I think we have isuee with Letsencript the multi dns has problem:

progress: [error] could not resolve '01.abc.xyz,'02.abc.xyz,'03.abc.xyz'

Can't resolve the dns when is multiple with single the is no issue

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Fri Jun 30, 2023 11:22 pm
by massinia
+1
hAP ac^3
OpenVPN (UDP)
over ~ 6000 push route
WTF isn't that a bit too much for the hap ac 3 hardware?

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Sat Jul 01, 2023 11:18 am
by madgrok
+1
hAP ac^3
OpenVPN (UDP)
over ~ 6000 push route
WTF isn't that a bit too much for the hap ac 3 hardware?

Everything worked fine until version 7.8. Since version 7.8 OpenVPN reconnects after 60-120 minutes.

7.8
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Sat Jul 01, 2023 10:42 pm
by infabo
Are there any known issues regarding DHCP and mikrotik CPE (wireless bridge) in this version? I have 2 mikrotik devices in CPE mode and the clients connected to them on Ethernet do not receive an IP address anymore. And log on the AP is flooded with messages like "defconf offering lease 192.168.0.2 for 00:1D:EC:06:13:15 without success"

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Sat Jul 01, 2023 11:25 pm
by rua
@nfabo

are yours dhcp subnet 192.168.0.x/nn?

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Sun Jul 02, 2023 12:52 am
by infabo
Yes it is

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Sun Jul 02, 2023 4:01 am
by indnti
+1 for the issue reported by Ocean. After updating to 7.10.1 from 7.10 OVPN has stopped working, Connection initially established but no traffic through tunnel, and then connection gets dropped due to inactivity timeout (ping restart)

UPDATE: Just checked and am getting the same OVPN issue in release 7.11beta2

Revert to 7.10 and it works again
Same here. Have to create an up and down script in the ovpn profile to set a route to the connection
:local ip [/ppp active get [find name=$user] address]
:local id [/ppp active get [find name=$user] name]
:local gt [/interface/ovpn-server get [find user=$id] name];

/ip/route/add disabled=no distance=1 dst-address=$ip gateway=$gt  routing-table=main scope=10 suppress-hw-offload=no target-scope=10 comment="$gt";
/ip/route/remove [find comment="<ovpn-$user>"];

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Sun Jul 02, 2023 3:52 pm
by infabo
Are there any known issues regarding DHCP and mikrotik CPE (wireless bridge) in this version? I have 2 mikrotik devices in CPE mode and the clients connected to them on Ethernet do not receive an IP address anymore. And log on the AP is flooded with messages like "defconf offering lease 192.168.0.2 for 00:1D:EC:06:13:15 without success"
sry, figured it out. queue tree on bridge introduced the error. did not expect this traffic would leave the bridge...

Re: v7.10 [stable] is released!

Posted: Mon Jul 03, 2023 10:28 am
by evince
Since this Update my OpenVPN Windows Clients are unable to connect. Mikrotik to Mikrotik with OpenVPN is working. Anyone else see this Problem?
Working fine for me

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Mon Jul 03, 2023 10:40 am
by SaS
No traffic through OpenVPN since upgrading from 7.9.2 to 7.10.1 on CCR2004 :-(
(connection is established but no traffic)

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Tue Jul 04, 2023 7:12 pm
by ksuuk
cAP AC

7.8 > 7.10.1 netinstall, keep configuration = no access to the device, lan/wlan are down.
7.8 > 7.10.1 netinstall, apply configuration, can’t save skin, default.json is always 0 kb. After rotaterboard upgrade device does not boot = only blue led is active. And why now all settings pages areas instead "all information in page", containing just one small box in the middle of the page, where I must open/close sections and where I must scroll right, scroll down/up?

Why instead of fixing broken/adding new functionality developers did change the web UI, so that that is’t almost unusable?

Re: v7.10 [stable] is released!

Posted: Tue Jul 04, 2023 10:25 pm
by zdiv
terminals only understand characters,

We’ve had F1 on ANSI X3.64 compatible terminals at least since the VT220, released in 1983. If you’re using a terminal emulator that can’t send F1, get a better terminal emulator; they’re plentiful.
Yes , and it sends escape sequence, not key.
Problem is that F1 is almost universally used as an HELP key for terminal application itself (and have to be disabled)!
Having previous behavior (from V6) was much better and worked from everything immediately.
Beside that, "?" is thing we are used to (Mikrotik, Cisco, juniper, etc... ) and really did not need change...

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Tue Jul 04, 2023 10:44 pm
by pe1chl
I think the reason it was changed is that a couple of other keys were VERY counter-intuitive, like Ctrl-V for "hotlock mode toggle", and ? was interfering with cases where the user actually wanted to enter a question mark.
So someone decided to revamp the key mappings.

Re: v7.10 [stable] is released!

Posted: Wed Jul 05, 2023 5:53 am
by tangent
F1 is almost universally used as an HELP key for terminal application itself

I checked four Windows terminal emulators before giving up on finding one that does that. Neither Microsoft's own Windows Terminal, nor Cygwin's MinTTY, nor SecureCRT, nor VSCode's built-in terminal do that. The latter warns you the first time that other parts of the UI might want F1 for their own purposes, but it then offers to take you to the setting to make it send F1 to the terminal as an ANSI escape code instead, if that is your preference.

I consider these the top three free Windows terminal programs, plus the top commercial one.

What is this universal you speak of, then?

Re: v7.10 [stable] is released!

Posted: Wed Jul 05, 2023 7:32 pm
by zdiv
What is this universal you speak of, then?
For example mate terminal, previous gnome terminal as I remember...
but that is not a point, and no need to defend anything.
Decision has been made for whatever reason, so we have to get rid of old habits and get new ones...

Re: v7.10 [stable] is released!

Posted: Wed Jul 05, 2023 10:49 pm
by tangent
For example mate terminal, previous gnome terminal as I remember...

I assumed "Windows" in my prior answer because that's the only platform where I'd expect terminal behavior to be so broken. Every Unix, BSD, macOS, and Linux terminal should handle F1 as RouterOS 7 now expects it to for the very reason I gave above: ANSI X3.64 nailed the basics down in the 1970s, and we got multiple real implementations of ANSI-compatible terminal function key handling by the mid 1980s.

I don't have a Mate VM laying around to test for this brokenness. The closest I have is an old Ubuntu 18.04 LTS VM, which runs Gnome Terminal 3.28.2. It doesn't pull up the program's help on F1, it sends it through to the running application.

To test this, I installed Midnight Commander, which does have an internal "help on F1" feature, and pressing F1 through Gnome Terminal did pull up the MC help, not the Gnome help, indicating that the terminal didn't eat F1 as you claim Mate's does.

Either fix your terminal program or get a better terminal.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jul 05, 2023 10:52 pm
by Tellus
So since i updated to the 7.10.1 software my RB5009UPr+S+IN router has decided to simply stop working on WAN and not link up at all regardless of any change of config to the ETH1 or SFP1, a full reset is the only thing that helps. After a full reset it works flawlessly for a while and then with no warning or error it simply drops WAN ETH link and stops working until I again do a full reset, again regardless if i use SFP or ETH1.

With bare minimum settings change from pure stock settings it still happens. This did not happen in previous software, ever.
Some kind of bug in 7.10.1?

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Thu Jul 06, 2023 9:41 am
by bbs2web
OSPF MD5 problem, if I disable authentication it reaches full adjacency.

RouterOS 6.49.8 configuration that worked previously:
/routing ospf area
add area-id=0.0.0.10 name=site3
/routing ospf instance
set [ find default=yes ] router-id=100.127.255.10 use-dn=no
/routing ospf area range
add area=site3 range=192.168.10.0/24
/routing ospf interface
add authentication=md5 authentication-key=secret dead-interval=10s hello-interval=1s interface=vpn network-type=point-to-point
add interface=vlan1 passive=yes
add interface=vlan666 passive=yes
add interface=vlan667 passive=yes
/routing ospf network
add area=backbone network=100.127.252.36/30
add area=site3 network=100.127.255.10/32
add area=site3 network=192.168.10.0/24
Router OS 7.10.1 configuration which does not work:
/routing ospf instance
add disabled=no in-filter-chain=ospf-in name=ospf_v2 router-id=100.127.255.10 use-dn=no
/routing ospf area
add disabled=no instance=ospf_v2 name=backbone_v2
add area-id=0.0.0.10 disabled=no instance=ospf_v2 name=site3_v2
/routing ospf area range
add area=site3_v2 disabled=no prefix=192.168.10.0/24
/routing ospf interface-template
add area=backbone_v2 auth=md5 auth-id=1 auth-key=secret cost=10 dead-interval=10s disabled=no hello-interval=1s \
    networks=100.127.252.36/30 type=ptp
add area=site3_v2 disabled=no networks=100.127.255.10/32,192.168.10.224/28,192.168.10.240/28 passive

It immediately starts working when I remove 'auth' from the point-to-point interface template (and disable it on the upstream).

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Thu Jul 06, 2023 5:28 pm
by wuhoatu
Hex S after upgrade to ROS 7.10.1, Check Gateway with arp, bfd or ping does not work and it result mark-routing in mangle not working unless I set Check Gateway = none
Image
<link removed>

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Fri Jul 07, 2023 11:25 am
by pe1chl
You cannot have "check gateway" on a PPPoE link. And it makes no sense anyway, as the PPPoE protcol is performing that action by itself, and the interface will go down when the link fails, taking all routes configured like that with it.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Fri Jul 07, 2023 12:49 pm
by wuhoatu
You cannot have "check gateway" on a PPPoE link. And it makes no sense anyway, as the PPPoE protcol is performing that action by itself, and the interface will go down when the link fails, taking all routes configured like that with it.
It can check gateway on PPPoE link and other connection such as wireguard interface with v7.8 but it does not work after my Hex S upgraded to v7.10, not only on PPPoE but also any other link.
By the way, v7.10 x86 can check gateway normally.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Fri Jul 07, 2023 3:17 pm
by pe1chl
Maybe before it appeared to work, but just by accident.
I suggest you just stop using it. It makes no sense.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Fri Jul 07, 2023 9:49 pm
by floeff
Updated from 7.9.1 to 7.10.1.

Worked well on
7x RBwAPG-5HacT2HnD (wap ac first gen)
1x CRS112-8P-4S
1x CRS226-24G-2S+
1x CRS328-24P-4S+
1x RBwAPG-5HacD2HnD (wap ac second gen)

Did NOT work on
2x RBwAPG-5HacD2HnD (wap ac second gen)

Did not have much time for debug, but device was not visible in RoMON, also powercycling did not help. Netinstall with keep config did not work either, netinstall without keep config did work in the end. It seems as if the device booted to a certain stage and at some point the NIC LEDs were not doing anything anymore. Connected via ether1, with PoE injector.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Sat Jul 08, 2023 7:54 am
by bbs2web
OSPF MD5 problem, if I disable authentication it reaches full adjacency.
OSPF was down the following morning, had to also change point-to-point to broadcast, to get it to form adjacency again (yes, this required the other end to also be reconfigured to broadcast as well).

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Sun Jul 09, 2023 4:15 am
by AdHocCZ1
INFO ONLY:

1/ There were some EXE files re-signed due to the certificate expiration, so expect they are now not binary same, even the version is unchanged.

2/ The file <dude-install-7.10.1.exe> now has wrong sha256 stated on the download page
(it is the sha256 of the old file - with the wrong digi cert).

OLD ver <dude-install-7.10.1.exe> SHA256: a22cd6b3d7ccc6568a19b54fbaf33f4fb228b328d7a9e346c18a269a1e60d0f3
NEW ver <dude-install-7.10.1.exe> SHA256: d3cdb9d7cfdede737ad7f8fcd00cac54e116e503662177c17d624fc8e5636f66
---
Original posts & thread: viewtopic.php?t=197632#p1012065
(Thanks to rextended)

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Sun Jul 09, 2023 7:48 pm
by rextended
A file signed in the past, with a certificate that was valid at the time, but has now expired, does not mean that the file is corrupted or that the signature is forged...

Obviously the different signature added to the file alters the SHA...

You are creating Alerts for nothing...

Instead for the new 7.10.1 version they realized late that they signed with an already expired (but still valid) certificate and they re-signed the files with new certificate.

Obviously not to make a fool of themselves, do not have wrote it...

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Mon Jul 10, 2023 9:10 am
by AdHocCZ1
The wrong (not updated) SHA256 published on the download page should be updated so it would reflect the current file, not the old one.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Mon Jul 10, 2023 12:20 pm
by kcarhc
After upgrading RB5009UPr+S+ to RouterOS 7.10 and 7.10.1, the following issues occur:

Power supply problems with the 2.5G PoE port
Random negotiation of 100M speed with the 2.5G PoE port
AP unable to obtain DHCP, along with other related issues with the 2.5G PoE port
When connected to ether1(2.5G PoE port), the device is U6-Enterprise. Downgrading to version 7.9 resolves the problems.
The following is a relevant excerpt from the changelog for version 7.10, which I believe is the cause of the issue:
*) poe - fixed bogus "poe-in-voltage" values when using DC jack for RB5009.

Re: v7.10 [stable] is released!

Posted: Mon Jul 10, 2023 1:54 pm
by rchovan
Upgraded both my RB4011 and HAP AX3 using as AP.

RB4011 (Wifi) - stable on 7.9 and 7.10 via LAN and Wifi.

HAP AX3 i upgraded from 7.8 because 7.9 was very unstable with constant Wifi disconnections, random restarts so had to downgrade to 7.8. But even on 7.10 i'm still having the same issue. Downgrading to 7.8 its stable. I have connected Hap Ax3's Ether1 port to ether10 POE port of RB4011 so made my ether1 port of hap ax3 as LAN. DHCP on bridge(ether1, wifi2g, wifi5g). Wifi works for some 30mins then none of my devices are getting connected Mac, iPhone, Homepod, PS5, TV etc until i reboot the ax3.

Is anyone else having the same problem?
Yes, read the forum... many people reported this bug. It is in 7.9 and 7.10. You should downgrade to 7.8
Hi could you please send me links to thread where it is discussed. ?I have same issue but with Iphone + Android and Windows 10 too.
Thanks.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Mon Jul 10, 2023 3:57 pm
by Rox169
Now you can upgrade to 7.11 beta4 there is fix for the WiFi issue

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Mon Jul 10, 2023 4:54 pm
by spippan
Now you can upgrade to 7.11 beta4 there is fix for the WiFi issue
do you mean:
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Mon Jul 10, 2023 6:06 pm
by Rox169
Yes, this should fix WiFi issues

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Mon Jul 10, 2023 8:45 pm
by DrMythnick
Hello everybody,

I have 3x RBwAPG:

RBwAPG-5HacD2HnD
RBwAPGR-5HacD2HnD

that got bricked and stuck in a boot loop.

1x RBwAPG-5HacT2HnD still works after update to 7.10.1.

Do you guys know about this bug on ARM RBwAPG devices ?

regards,
Vlad

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Mon Jul 10, 2023 10:12 pm
by pe1chl
Maybe the flash was almost full at the time you upgraded them?

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Tue Jul 11, 2023 12:37 am
by DmitryAVET
build 7.10 and 7.10.1 is no stable... is BUGGED release.

On RB760iGS pppoe-client and interfaces crash every 5-15 minutes.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Tue Jul 11, 2023 9:42 am
by Jotne
build 7.10 and 7.10.1 is no stable... is BUGGED release.
Can you give me a list of software that you have that do not have any bug?
For me 7.10 and 7.10.1 works fine.
I guess that MTs goal is to make a bug free stable software as possible.
Look at Cisco, there you pay for upgrade, and its still not bug free. Here its free for you to use.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Tue Jul 11, 2023 11:27 am
by kcarhc
After upgrading RB5009UPr+S+ to version 7.10.1, the 2.5G PoE port started flickering again.
Random occurrences of "link up" and "link down" are observed.
The 2.5G port is connected to a UBNT U6-Enterprise.
7.10.1_ETH-1-LAN_2.5G_U6-Enterprise.png
7.10.1_ETH-1-LAN_PoE.png
7.10.1_ETH-1-LAN_Status.png

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Tue Jul 11, 2023 4:07 pm
by vito420
After upgrading to 7.10.1 from 7.8 same issue as in 7.10 occurs. OpenVPN is connected but no data is going through.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Tue Jul 11, 2023 5:12 pm
by Whitehawk29FR
There is a change in wireguard ? Now the VPN doesn't mount itself if no traffic inside ?

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jul 12, 2023 2:02 am
by DmitryAVET
Can you give me a list of software that you have that do not have any bug?
For me 7.10 and 7.10.1 works fine.
I guess that MTs goal is to make a bug free stable software as possible.
Look at Cisco, there you pay for upgrade, and its still not bug free. Here its free for you to use.
You read previos comments other customers? You answer to get +1 message counter?

This is "stable" release and they have critical issues. You have testing releases and RC releases - go and do anything. But in stable releases... with no fixes in few days.

I use v7 at least 1 year, but after this fail i downgraded to v6 and will not use v7 next month or year.

Earlier i buy not cheap CCR2116 and can NOT use this device in production, because 2116 only v7 and have some specific bugs with OSPF.

If you use routeros just for home or small office - good luck, you can use v7.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jul 12, 2023 12:07 pm
by pe1chl
This is "stable" release and they have critical issues. You have testing releases and RC releases - go and do anything. But in stable releases... with no fixes in few days.
Again, and I have written this already so many times here, "stable" does not mean "the software is stable, it has no bugs, it will not crash" but rather it means "we are not tinkering with it all the time, no new release every week, at some point we make a .1 release which fixes the most apparent bugs".

So you should not think a "stable" release has no critical issues. Especially because what one person labels "critical" is completely unimportant for others. I don't use OSPF at all, so any issues in OSPF are completely ignored by me. But I use BGP and BFD, and it is *very* important for me that they work ok. While you probably don't care.
So don't think that what you label "critical" is in fact critical for the user community as a whole.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jul 12, 2023 12:52 pm
by holvoetn
Windows 11 is considered stable too ... pfff ...

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jul 12, 2023 1:40 pm
by rextended
Windows 11 is considered stable

Image

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jul 12, 2023 2:25 pm
by kcarhc
Today, the RB5009UPr+S+ running RouterOS version 7.10.1 experienced an unprecedented drop in speed on the ether1 port, reducing it to 10Mbps.
The device connected to ether1 remains the U6-Enterprise.
Each time this problem occurs, the only solution is to restart, but after a while, the issue randomly reappears again.
RB5009UPr+S+_7.10_ETH-1-LAN_10Mbps.jpg

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jul 12, 2023 2:29 pm
by holvoetn
Surely you already checked the cables ?
Since on my RB5009's, one of them is humming sweetly on 2.5Gb (trunk to AX3), the other 1Gb.
No drops whatsoever that I can see in the logs.

Your link down counter is also something to watch. Not normal.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jul 12, 2023 2:36 pm
by pe1chl
The device connected to ether1 remains the U6-Enterprise.
Have you considered asking the manufacturer of that device? What firmware version are you using on it? When looking at the forum, quite some of its users are in total despair about the firmware quality, so maybe it has some part of the blame.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jul 12, 2023 5:48 pm
by bajodel
There is ver 7.10.2 out on the web site ;-)

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jul 12, 2023 6:30 pm
by pe1chl
There is ver 7.10.2 out on the web site ;-)
Yes, it promises to fix the WiFi problem. So hopefully it does that, for those affected by it (I am not).

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jul 12, 2023 7:02 pm
by G3NSVRV
What's new in 7.10.1 (2023-Jun-27 12:03):

*) ovpn - fixed OVPN server peer-id negotiation;
*) webfig - use router time zone for date and time;
Who approved this change?
It broke my openvpn server
11:54:44 AM - Ack successfully written to LINK for packetId 5
11:54:44 AM - Reasserting flag cleared
11:54:44 AM - Tunnel interface is now UP
11:54:44 AM - Trigger shutdown (error: Error Domain=TunnelKitOpenVPN Code=302 "(null)")
11:54:44 AM - Session did stop with error: Error Domain=TunnelKitOpenVPN Code=302 "(null)"
11:54:44 AM - Failed LINK read: Error Domain=NSPOSIXErrorDomain Code=57 "Socket is not connected"
11:54:44 AM - Socket state is cancelled (endpoint: <masked> -> in progress)
11:54:44 AM - Cleaning up...
11:54:44 AM - Tunnel did stop (error: Error Domain=TunnelKitOpenVPN Code=302 "(null)")
11:54:44 AM - Dispose tunnel in 1000 milliseconds...
11:54:45 AM - Flushing log...
11:54:46 AM - Cleaning up...

Re: v7.10, 7.10.1 and 7.10.2 [stable] is released!

Posted: Wed Jul 12, 2023 8:23 pm
by Jotne
What's new in 7.10.2 (2023-Jul-12 12:45):

*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);

Re: v7.10, 7.10.1 and 7.10.2 [stable] is released!

Posted: Wed Jul 12, 2023 10:54 pm
by deanMK
What's new in 7.10.2 (2023-Jul-12 12:45):

*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
From where is this changelog? i cant find it nowhere what is changes into that version.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jul 12, 2023 10:56 pm
by holvoetn
https://mikrotik.com/download/changelogs

Top of the page since 7.10.2 is now latest version for stable for ROS7.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Wed Jul 12, 2023 11:11 pm
by deanMK
https://mikrotik.com/download/changelogs

Top of the page since 7.10.2 is now latest version for stable for ROS7.
Just tested 7.10.2 stable and works good for me. Also noticed that into this build Wifi Led on hAP AX3 now shows activity (led blinks when traffic is made via some of wifi interfaces).

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Thu Jul 13, 2023 2:24 am
by DarkNate
So 7.10 introduced BFD but broke OpenVPN, 7.10.1/2 fixed OpenVPN but broke BFD.

Amazing “stability” for production, MikroTik team, just amazing.

So now I'm stuck between choosing BFD over OpenVPN in the network.

Re: v7.10 and 7.10.1 [stable] is released!

Posted: Thu Jul 13, 2023 8:28 am
by bbs2web
I've been disappointed by the WiFi coverage of 4 new hAP ax^3 routers but enjoying CAPsMAN and WiFiwave2. I needed to turn off LTE on my phone to have it stay connected to the poor signal on the WiFi, in certain parts of the house (including bedroom), but I could stream and use everything perfectly.

I had set the country as South Africa and noticed that the radio transmit strength was only 16 dbi. When I looked up the regulatory limits I noticed that Taiwan allow channels 1-13 just like ZA but that they allow up to 1W (1000mW) whereas ZA is apparently part of the ITU European community and limits transmit power to 100mW. When I subsequently changed the country for the both the 2.4 and 5 GHz profiles to reference Taiwan the transmit power is now 27 dbi and range is slightly better than the old hAP ac units that I used previously.

My home is on a small agricultural holding, changing this in an apartment block would most probably create WiFi smog but there is no sign of my WiFi even half way to the road entrance gate so I doubt I'm causing any kind of interference for my neighbours.

Re: v7.10, 7.10.1 and more [stable] are released!

Posted: Thu Jul 13, 2023 9:07 am
by EdPa
What's new in 7.10.2 (2023-Jul-12 12:45):

*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);

Re: v7.10, 7.10.1 and more [stable] are released!

Posted: Thu Jul 13, 2023 9:21 am
by Rox169
wow...this is cool update...we can say 7.10.2 is almost long term release :) I did not know what wifi "stable" ROS to use and now I can use 7.10.2 and 7.11beta4 and I do not know which version to use now :) After few months I can finally use stable version :) Thank you

Re: v7.10, 7.10.1 and more [stable] are released!

Posted: Thu Jul 13, 2023 1:55 pm
by Jotne
What's new in 7.10.2 (2023-Jul-12 12:45):


Please edit post header to reflect new version :)

Re: v7.10, 7.10.1 and more [stable] are released!

Posted: Thu Jul 13, 2023 2:52 pm
by rextended
at this point is better write only the last as title "v7.10.2 [stable] are released!"...

Re: v7.10, 7.10.1 and more [stable] are released!

Posted: Thu Jul 13, 2023 3:00 pm
by Jotne
Or what they normal do. One thread for each stable/long term version. Why this has change now, I do not know.