2827
В данном канале будут размещаться публикации, заметки и решения на оборудовании Mikrotik. Welcome!
Что нового в RouterOS 7.9.2 (2023-May-30 16:49):
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - improved SFP interface handling for RB4011 device;
Наметилась 7.10. Из 87 записей ченджлога всего 30 фиксов, прогресс 😁
https://telegra.ph/v710beta5-testing-is-released-05-10
Также обновился винбокс.What's new in v3.38:
*) fixed connecting to wireless network from QuickSet when there was no password specified;
*) fixed date and time value representation in the User Manager;
*) fixed skin file reading;
А вот и следующий релиз-кандидат. Ченджлог скромный.What's new in 7.9rc2 (2023-Apr-05 13:56):
Changes in this release:
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
(Уже не)Новости от Mikrotik:
1) cAP ax, чтобы вайфай был ещё вайфаистее
2) RB5009UPr+S+OUT. Теперь вы можете отапливать не только дом, но и улицу :)
3) CCR2004-16G-2S+ получил новую ревизию. Теперь некуда подключать 3G-мопед для отказоустойчивости продакшна.
4) Новые девайсы идут с запароленным админом. Пароль пишется прямо на девайсе. На некторых девайсах его ещё надо умудриться найти. В планах сделать пароль везде одинаковый, но пока он разный
5) И всякие полезные видео на официальном канале на Ютубе.
duced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Что нового в RouterOS 7.8 (2023-Feb-24 11:03):
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO com
Что нового в RouterOS 7.8rc1 (2023-Feb-08 20:03):
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) console - added "as-string" parameter to the ":execute" command;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) vxlan - added "max-fdb-size" parameter;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
Коллеги, если у кого-то вдруг совсем недавно отвалился DoH OpenDNS:
они сменили издателя сертификатов DigiCertGlobalRootCA → IdenTrust Commercial Root CA 1
Решение: импорт всех корневых (Mozilla CCADB)
{/tool fetch "https://ccadb-public.secure.force.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites" output=file check-certificate=no dst-path=/Common-CA-DB-IncludedRoots.pem
/certificate import file-name=Common-CA-DB-IncludedRoots.pem name=CCADBRoots passphrase=""
}
Вышла RouterOS 7.8beta2 с поддержкой ROSE-storage
Пакет ROSE — RouterOS Enterprise добавляет в RouterOS дополнительные функции корпоративного центра обработки данных — для поддержки мониторинга дисков, улучшенного форматирования, RAID, iSCSI, NVMe over TCP, NFS и улучшенного SMB.
Функциональность в настоящее время поддерживается для платформ arm, arm64, x86 и TILEgx.
!!! Версия не рекомендуется для устройств CRS3xx/disk
add type=nfs iscsi-address=192.168.1.1/disk
disk set sata1 self-encryption-password=securepassword
https://help.mikrotik.com/docs/display/ROS/ROSE-storage
What's new in 7.7 (2023-Jan-12 09:35):
…
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
What's new in 7.7 (2023-Jan-12 09:35):
…
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed simple authentication checksum calculation;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FN990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - fixed R11e-LTE6 port mapping;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) supout - added missing IPv6 firewall sections;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed BGP advertisement PCAP saver;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved Let's Encrypt logging and error recovery;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) console - updated copyright notice;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed incorrect TTL=0 reporting for cached entries;
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation;
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
Друзья! С Новым годом вас всех! Пусть ваши продакшны вас не подводят!
Читать полностью…
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
🔥️️️CVE-2023-32154 (IPv6)
What's new in 7.9.1 (2023-May-19 15:11):
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
Подъехал долгожданный апдейт бюджетной лошадки RB2011 → L009
https://mikrotik.com/product/l009uigs_2haxd_in
https://mikrotik.com/product/l009uigs_rm
Приплыл релиз 7.9
130 строк ченджлога, из них 47 фиксов. Подробнее здесь.
Кроме того, на горизонте замаячила 7.9, причём, миновав стадии беты, сразу как релиз-кандидат. Ченджлог внушительный.
Самое интересное:
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) webfig - added inline comments;
*) zerotier - upgraded to version 1.10.3;
Друзья, расписание тренингов на весну:
Март
• Москва 13-19 марта (MTCNA, MTCSWE)
• Владивосток 13-23 марта (MTCNA, MTCSE, MTCWE Extended)
• Нижний Новгород 22-29 марта (MTCNA, MTCRE)
Апрель
• Москва 12-15 апреля (MTCNA)
• Хабаровск 12-22 апреля (MTCNA, MTCSE, MTCWE)
• Саратов 17-23 апреля (MTCNA, MTCRE)
Май
• Новосибирск 17-27 мая (MTCNA, MTCRE, MTCTCE)
• Москва 17-27 мая (MTCNA, MTCRE, MTCSE)
👉🏻 Все подробности и регистрация на сайте: mt-courses.ru →
Для тех, кто ещё у нас не был: на тренингах вы получите не только расширенную теорию (относительно официальной программы), но и отработаете навыки на реальном железе. И всё это в дружеской ламповой атмосфере.
Кстати, несколько месяцев назад мы не только вернули оплату картами, но и добавили возможность оплаты в рассрочку без переплаты.
Приходите, будет интересно!
mand timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (intro
Выкатили новый фикс-релиз
What's new in 7.8rc2 (2023-Feb-14 11:50):Changes in this release:
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) conntrack - improved system stability when PPTP helper is used;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - fixed config-less modem support (introduced in 7.8rc1);
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) ovpn-server - fixed HW encryption capability detection on ARM64 devices (introduced in 7.8rc1);
*) sfp - fixed certain optical module initialization (introduced in 7.8beta2);
DoH OpenDNS update:# Import Mozilla CCADB Roots
:do {
:do {/tool fetch "https://ccadb-public.secure.force.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites" output=file check-certificate=no dst-path=/Common-CA-DB-IncludedRoots.pem} \
while=([/file print count-only where name="Common-CA-DB-IncludedRoots.pem"]=0);
:do {/certificate import file-name=Common-CA-DB-IncludedRoots.pem name=CCADBRoots passphrase=""} \
if=([/certificate print count-only where name="Common-CA-DB-IncludedRoots.pem"]=0);
}
@tarikin
Засветился hap ax lite:
- Model L41G-2axD
- 2.4ax gen6 wireless (non-5ghz)
- dual-chain 4.3 dBi antenna
- 4x gigabit Ethernet ports
- 256mb ram
- ARM cpu 1ghz
- RouterOS 7
~60 USD
WiFi wave2 capsman замаячил (7.7 CLI only)
https://help.mikrotik.com/docs/display/ROS/WifiWave2#WifiWave2-WifiWave2CAPsMAN
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) timezone - updated timezone information from "tzdata2022g" release;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved IKE payload processing;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
…
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Что нового в RouterOS 7.7beta3 (2022-Oct-26 11:31):
Changes in this release: