La Fibre
Datacenter et équipements réseaux => Routeurs => 
MikroTik RouterOS => Discussion démarrée par: Gnubyte le 25 juillet 2022 à 21:56:53
-
Cela commence à faire un moment que les changelogs sont si longs qu'ils ne tiennent pas en 20000 caractères, donc, rendez vous sur le post du dernier changelog (https://lafibre.info/mikrotik/le-fil-des-mises-a-jour-mikrotik/msg1096649/#msg1096649), merci @zoc
What's new in 7.18 (2025-Feb-24 10:47):
-60ghz:improved system stability;
-bgp:fixed certain affinity options not working properly;
-bgp:improved system stability when printing BGP advertisements;
-bgp:make NO_ADVERTISE, NO_EXPORT, NO_PEER communities work;
-bond:added transmit hash policies for encapsulated traffic;
-bridge:added MLAG heartbeat property;
-bridge:avoid duplicate VLAN entries with dynamic wifi VLANs;
-bridge:do not reset MLAG peer port on heartbeat timeout (log warning instead);
-bridge:fixed endless MAC update loop (introduced in v7.17);
-bridge:fixed missing S flag on interface configuration changes;
-bridge:improved stability when using MLAG with MSTP (introduced in v7.17);
-bridge:improvements to MLAG host table updates;
-bridge:process more DHCP message types (decline, NAK, inform);
-bridge:removed controller-bridge (CB) and port-extender (PE) support;
-bridge:show VXLAN remote-ip in host table;
-btest:allow limiting access to server by IP address;
-certificate:fixed localized text conversion to UTF-8 on certificate creation;
-chr:fixed limited upgrades for expired instances;
-chr/x86:added network driver for Huawei SP570/580 NIC;
-chr/x86:fixed error message on bootup;
-chr/x86:fixed GRE issues with ice network driver;
-chr/x86:Realtek r8169 updated driver;
-cloud:added "Back To Home Files" feature;
-cloud,bth:use in-interface matcher for masquerade rule;
-console:added dsv.remap to :serialize command to unpack array of maps from print as-value;
-console:added file-name parameter to :serialize;
-console:allow ISO timezone format in :totime command;
-console:allow tab as dsv delimiter;
-console:allow to toggle script error logging with "/console settings log-script-errors";
-console:do not autocomplete arguments when match is both exact and ambiguous;
-console:do not show numbering in print follow;
-console:fixed "get" and "proplist" for certain settings;
-console:fixed issue where ping command displays two lines at the same time;
-console:fixed issue with disappearing global variable;
-console:implement scriptable safe-mode commands and safe-mode handler;
-console:improved hints;
-console:log errors within scripts to the system log;
-console:make non-pseudo terminals work with imports;
-console:put !empty sentence when API query returns nothing;
-console:renamed "back-to-home-users" to "back-to-home-user";
-container:add default registry-url=https://lscr.io;
-container:allow HTTP redirects when accessing container registry;
-container:allow specifying registry using remote-image property;
-container:improved image arch choice;
-container:use parent directory of container root-dir for unpack by default, so that container layer files are downloaded directly on target disk;
-defconf:added IPv6 FastTrack configuration;
-device-mode:do not allow changing CPU frequency if "routerboard" is not allowed by device mode (introduced in v7.17);
-device-mode:fixed feature and mode update via power-reset on PPC devices;
-dhcpv4-client:allow selecting to which routing tables add default route;
-dhcpv4-client:fixed default option export output;
-dhcpv4-server:fixed "active-mac-address" update when client has changed MAC address;
-dhcpv4-server:fixed framed-route removal;
-dhcpv4-server:fixed lease assigning when server address is not bind to server interface (introduced in v7.17);
-dhcpv6-client:added "validate-server-duid" option;
-dhcpv6-client:allow specifying custom DUID;
-dhcpv6-client:do not run script on prefix renewal;
-dhcpv6-relay:added option to create routes for bindings passing through relay;
-dhcpv6-server:respond to client in case of RADIUS reject;
-discovery:advertise IPv6 capabilities based on "Disable IPv6" global setting;
-discovery:improved stability during configuration changes;
-discovery:report actual PSE power-pair with LLDP;
-discovery:use power-via-mdi-short LLDP TLV only on pse-type1 802.3af;
-disk:add disk trim command (/disk format-drive diskx file-system=trim);
-disk:allow to add swap space without container package;
-disk:allow to set only type=raid devices as raid-master;
-disk:cleanup raid members mountpoint, improve default name of file base block-device;
-disk:do not allow adding device in raid when major settings mismatch in superblock and config;
-disk:do not allow configuring empty slot as raid member;
-disk:fix detecting disks on virtual machines;
-disk:fixed removing device from raid while resyncing;
-disk:fixed setting up dependent devices when file-based block-device becomes available;
-disk:fixed showing free space on tmpfs (introduced in v7.17);
-disk:improved stability;
-disk:improved system stability when SMB interface list is used (introduced in v7.17);
-disk:mount multi-device btrfs filesystems more reliably at startup;
-disk:set non-empty fs label when formatting by default;
-dns:do not show warning messages for DNS static entries when they are not needed;
-ethernet:fixed issue with default-names for RB4011, RB1100Dx4, RB800 devices;
-ethernet:fixed link-down on startup for ARM64 devices (introduced in v7.16);
-ethernet:improved link speed reporting on 2.5G-baseT and 10Gbase-T ports;
-fetch:added "http-max-redirect-count" parameter, allows to follow redirects;
-fetch:do not require "content-length" or "transfer-encoding" for HTTP;
-file:added "recursive" and "relative" parameters to "/file/print" for use in conjunction with "path" parameter;
-file:allow printing specific directories via path parameter;
-file:improved handling of filesystems with many files;
-firewall:allow in-interface/in-bridge-port/in-bridge matching in postrouting chains;
-firewall:fixed incorrectly inverted hotspot value configuration;
-firewall:increased maximum connection tracking entry count based on device total RAM size;
-hotspot:fixed an issue where extra "flash/" is added to html-directory for devices with flash folders (introduced in v7.17);
-igmp-proxy:fixed multicast routing after upstream interface flaps (introduced in v7.17);
-iot:added new "iot-bt-extra" package for ARM, ARM64 which enables use of USB Bluetooth adapters (LE 4.0+);
-iot:improvements to LoRa logging and stability;
-iot:limited MQTT payload size to 32 KB;
-ip:added support for /31 address;
-ippool:added pool usage statistics;
-ipsec:added hardware acceleration support for hEX refresh;
-ipsec:fixed chacha20 poly1305 proposal;
-ipsec:fixed installed SAs update process when SAs are removed;
-ipv6:added ability to disable dynamic IPv6 LL address generation on non-VPN interfaces;
-ipv6:added FastTrack support;
-ipv6:added routing FastPath support (enabled by default);
-ipv6:added support for neighbor removal and static entries;
-ipv6:fixed configuration loss due to conflicting settings after upgrade (introduced in v7.17);
-l2tp:added IPv6 FastPath support;
-l3hw:added initial HW offloading for VXLAN on compatible switches;
-l3hw:added neigh-dump-retries property;
-l3hw:fixed /32 (IPv6 /128) route offloading when using interface as gateway;
-l3hw:fixed partial route offloading for 98DX224S, 98DX226S, 98DX3236 switches;
-l3hw:respect interface specifier (%) when matching a gateway;
-log:added CEF format support for remote logging;
-log:added option to select TCP or UDP for remote logging;
-lte:added at-chat support for EC21EU;
-lte:added basic support for Quectel RG255C-GL modem in "at+qcfg="usbnet",0" USB composition;
-lte:added confirmation-code parameter for eSIM provisioning;
-lte:added initial eSIM management support;
-lte:fixed cases where the MBIM dialer could get stuck;
-lte:fixed Huawei ME909s-120 support;
-lte:fixed interface recovery in mixed multiapn setup for MBIM modems;
-lte:fixed missing 5G info for "/interface lte print" command;
-lte:fixed missing IPv6 prefix advertisement on renamed LTE interfaces;
-lte:fixed prolonged reboots on Chateau 5G ax;
-lte:fixed SIM slot initialization with multi-APN setups;
-lte:improved automatic link recovery and modem redial functions;
-lte:improved initialization for external USB modems;
-lte:lte monitor, show CQI when modem reports it as 0:undetectable, no RX/down-link resource block assigned to modem by provider;
-lte:R11eL-EC200A-EU fixed online firmware upgrade and added support for firmware update from local file;
-lte:R11eL-EC200A-EU improved failed connection handling and recovery;
-lte:reduce modem initialization time for R11e-LTE-US;
-lte:reduced SIM slot switchover time for modems with AT control channel (except R11e-LTE);
-lte:removed nonexistent CQI reading for EC200A-EU modem;
-net:added initial support for automatic multicast tunneling (AMT) interface;
-netinstall:try to re-create socket if link status changes;
-netinstall-cli:fixed DHCP magic cookie;
-ospf:fixed DN bit not being set;
-ospfv3:fixed ignored metric for intra-area routes;
-ovpn:added requirement for server name when exporting configuration;
-ovpn:disable hardware accelerator for GCM on Alpine CPUs (introduced in v7.17);
-ovpn-client:added 1000 character limit for password;
-pimsm:fixed incorrect neighbor entry when using lo interface;
-poe-out:added "power-pair" info to poe-out monitor (CLI only);
-poe-out:added console hints;
-poe-out:added new modes "forced-on-a" and "forced-on-bt" (CLI only);
-poe-out:upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
-port:improved handling of USB device plug/unplug events;
-ppc:fixed HW encryption (introduced in v7.17);
-ppp:add support for configuration of upload/download queue types in profile;
-ppp:added support for random UDP source ports;
-ppp:fixed setting loss when adding new ppp-client interface for BG77 modem from CLI;
-ppp:properly cleanup failed inactive sessions on pppoe-server;
-ptp:do not send packets on STP blocked ports;
-ptp:improved system stability;
-qos-hw:fixed global buffer limits for 98CX8410 switch;
-queue:improved system stability when many simple queues are added (introduced in v7.17);
-queue:improved system stability;
-queue:prevent CAKE bandwidth config from potentially causing lost connectivity to a device;
-resolver:fixed static FQDN resolving (introduced in v7.17);
-rip:fixed visibility of added key-chains in interface-template;
-rose-storage:add btrfs filesystem add-device/remove-device/replace-device/replace-cancel commands to add/remove/replace disks to/from a live filesystem;
-rose-storage:add btrfs filesystem balance-start/cancel commands;
-rose-storage:add btrfs filesystem scrub-start, scrub-cancel commands (CLI only);
-rose-storage:add btrfs transfers, supports send/receive into/from file for transferring subvolumes across btrfs filesystems;
-rose-storage:add support to add/remove btrfs subvolumes/snapshots;
-rose-storage:added support for advanced btrfs features: multi-disk support, subvolumes, snapshots, subvolume send/receive, data/metadata profiles, compression, etc;
-rose-storage:allow to separately mount any btrfs subvolumes;
-rose-storage:fixes for btrfs server;
-rose-storage:update rsync to 3.4.1;
-rose-storage,ssh:support btrfs send/receive over ssh;
-route:added /ip/route/check tool;
-route:added subnet length validation on route add;
-route:do not use disabled addresses when selecting routing id;
-route:fixed busy loops (route lockups);
-route:fixed incorrect H flag usage;
-route:improved stability when polling static routes via SNMP;
-route:properly resolve imported BGP VPN routes;
-routerboot:disable packet switching during etherboot for hEX refresh ("/system routerboard upgrade" required);
-routerboot:improved stability for IPQ8072 ("/system routerboard upgrade" required);
-routing-filter:improved stability when using large address lists (>5000);
-routing-filter:improved usage of quotes in filter rules;
-sfp:fixed missing "1G-baseX" supported rate for NetMetal ac2 and hEX S devices;
-sfp:improved linking with certain QSFP modules on CRS354 devices;
-sfp:improved system stability with some GPON modules for CCR2004 and CCR2116 devices;
-sfp,qsfp:improved initialization and linking;
-smb:fixed connection issues with clients using older SMB versions (introduced in v7.17);
-smb:fixes for SMB server;
-smb:improved system stability;
-snmp:added "mtxrAlarmSocketStatus" OID to MIKROTIK-MIB;
-snmp:added disk serial number through description field;
-snmp:sort disk list and assign correct disk types;
-ssh:improved channel resumption after rekey and eof handling;
-supout:added IPv6 settings section;
-supout:added per CPU load information;
-switch:allow entering IPv6 netmask for switch rules (CLI only);
-switch:fixed dynamic switch rules created by dot1x server (introduced in v7.17);
-switch:fixed issues with inactive hardware-offloaded bond ports;
-switch:improved egress-rate on QSFP28 ports;
-switch:improved system stability for CRS304 switch;
-switch:improvements to certain switch operations (port disable, shaper and switch initialization);
-system:added option to list and install available packages (after using "check-for-updates");
-system:do not allow to install multiple wireless driver packages at the same time;
-system:do not cause unnecessary sector writes on check-for-updates;
-system:enable "ipv6" package on RouterOS v6 downgrade if IPv6 is enabled;
-system:fixed a potential memory leak that occurred when resetting states after an error;
-system:force time to be at least at package build time minus 1d;
-system:improved HTTPS speed;
-system:improved stability on busy systems;
-system,arm:automatically increase boot part size on upgrade or netinstall (fixed upgrade failed due to a lack of space on kernel disk/partition);
-tile:improved system stability;
-traceroute:added "too many hops" error when max-hops are reached;
-traceroute:limit max-hops maximum value to 255;
-user:improved authentication procedure when RADIUS is not used;
-vxlan:added disable option for VTEPs;
-vxlan:added IPv6 FastPath support;
-vxlan:added option to dynamically bridge interface and port settings (hw, pvid);
-vxlan:added TTL property;
-vxlan:changed default port to 4789;
-vxlan:fixed unset for "group" and "interface" properties;
-vxlan:replaced the "inherit" with "auto" option for dont-fragment property (new default);
-webfig:added confirmation when quitting in Safe Mode;
-webfig:do not reload form when failed to create new object;
-webfig:fixed "TCP Flags" property when inverted flags are set in console;
-webfig:fixed datetime setting under certain menus;
-webfig:fixed displaying passwords;
-webfig:fixed Switch/Ports menu not showing correctly;
-webfig:hide certificate information in IP Services menu when not applicable;
-webfig:remember expand/fold state;
-wifi:added max-clients parameter;
-wifi:avoid excessive re-transmission of SA Query action frames;
-wifi:fix issue which made it possible for multiple concurrent WPA3 authentications to interfere with each other;
-wifi:implement steering parameters to delay probe responses to clients in the 2.4GHz band;
-wifi:log a warning when a client requests power save mode during association as this may prevent successful connection establishment;
-wifi:re-word the "can't find PMKSA" log message to "no cached PMK";
-wifi:try to authenticate client as non-FT client if it provides incomplete set of FT parameters;
-wifi-qcom:fix reporting of radio minimum antenna gain for hAP ax^2;
-wifi-qcom:prevent AP from transmitting broadcast data unencrypted during authentication of first client;
-winbox:added "Copy to Provisioning" button under "WiFi/Radios" menu;
-winbox:added "Last Logged In/Out" and "Times Matched" properties under "WiFi/Access List" menu;
-winbox:added "Reset Alert" button under "IP/DHCP Server/Alerts" menu;
-winbox:added L3HW Advanced and Monitor;
-winbox:added missing options under "System/Disk" menu;
-winbox:added TCP settings under "Tools/Traffic Generator/Packet Templates" menu;
-winbox:do not show 0 Tx/Rx rate under "WiFi/Registration" menu when values are not known;
-winbox:do not show LTE "Antenna Scan" button on devices that do not support it;
-winbox:fixed locked input fields when creating new certificate template;
-winbox:show LTE "CA Band" field only when CA info is available;
-winbox:show warning messages for static DNS entries;
-x86:fixed "unsupported speed" warning;
What's new in 7.18.1 (2025-Feb-28 13:31):
-bridge:improved stability in case of configuration error (introduced in v7.15);
-bridge:show warning instead of causing error when using multicast MAC as admin-mac (introduced in v7.17);
-cloud:fixed issues when BTH is toggled fast between enable/disable;
-cloud:improved "BTH Files" web page design;
-console:fixed issue with files when using scripts (introduced in v7.18);
-console:improved file add/remove process stability;
-dhcpv6-relay:clear saved routes on DHCP release;
-dhcpv6-relay:show client address;
-disk:add "sector-size" property in print detail;
-disk:improved stability when formatting crypted partitions;
-l3hw:remove VLAN tag before VXLAN encapsulation (fixes pvid behavior for bridged VXLAN);
-lte:fixed modem recovery after firmware upgrade for R11e-LTE modem;
-lte:fixed Router Advertisement processing issue for AT modems when an APN with "ip-type=ipv6" was configured;
-ovpn:disable hardware accelerator for GCM on MMIPS CPUs (introduced in v7.18);
-poe-out:fixed health showing 0V voltage when using PoE-in for RB960;
-poe-out:upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
-route:show BGP session name instead of cache-id;
-switch:improved stability when enabling IGMP snooping with VXLAN (introduced in v7.18);
-system:improved internal "flash/" prefix handling for different file path related settings;
-winbox:fixed missing SMB client on non-ROSE devices;
What's new in 7.18.2 (2025-Mar-11 13:59):
-console:fixed issue with file-name completion (introduced in v7.18);
-container:fixed repository name handling to prevent redirect issues when basic authentication is used;
-lte:additional fixes for eSIM management support;
-lte:AT modems, improved redialing when modem lost connectivity without notifying host about APN status change;
-netinstall:fixed socket reset (introduced in v7.18);
-queue:fixed system failure when CAKE kind queue was configured but queue type definition does not exist anymore (introduced in v7.18);
-wifi:improved stability for wifi interfaces;
-winbox:improve graphing efficiency when communicating with WinBox;
-
Top ça, il faudrait par contre préciser que pour un environnement de prod, plusieurs formateurs mikrotik ne conseille pas de passer en V7 pour l'instant, car pour eux l'os n'est pas assez mur, et de rester en V6 stable pour le moment :) ?
-
Ce n'est pas pour ça qu'ils ont raison de le dire.
-
Ce n'est pas pour ça qu'ils ont raison de le dire.
J’entends, d’où le "?"
Je n'ai qu'une V7 en dans un lab sur la 30ene de Mikrotik en prod que l'ont gère basée sur ses mêmes conseils.
Effectivement, quelque changement significatif qui sont un peu chiant, mais pas ou peu de problème en v7 pour le moment, âpres j'ai tendance à faire confiance aux formateurs qui de surcroit font passer les certifications MTCNA & Compagnie.
Âpres je ne doute pas que des milliers de Mikrotik sont en V7 et beaucoup sont fournis avec la dernière V de base...
-
Perso je pense que les gens qui passent les certifs sont ceux le plus à même de ne pas vouloir prendre de risques et donc pas forcément les plus au fait des nouveautés ;)
RouterOS 7 a été laborieux jusqu'a la version 7.2 en gros, depuis ça marche parfaitement, c'est nettement plus stable qu'un routeros6 dans tous les usages un peu poussés, merci le Kernel plus moderne.
-
Perso je pense que les gens qui passent les certifs sont ceux le plus à même de ne pas vouloir prendre de risques et donc pas forcément les plus au fait des nouveautés ;)
RouterOS 7 a été laborieux jusqu'a la version 7.2 en gros, depuis ça marche parfaitement, c'est nettement plus stable qu'un routeros6 dans tous les usages un peu poussés, merci le Kernel plus moderne.
Qui passe ou font passer les certif's ? ???
les certifications on vocation à être renouvelé par l'apprenant et donc en théorie de suivre les nouveautés (au-delà du business modèle qui peut être critiquable bien entendu)
Et prendre des risques ne veut pas forcément dire qu'il ne faut pas essayer de le contrôler. 8)
Sans le prendre personnellement ont n’utilise pas de CCR, et nos applications sont effectivement simples :) donc je n'ai probablement pas le même feedback.
-
Ben justement sur un usage CPE, c’est encore pire, ros7 est tout à fait sec.
C’est plus sur les modules de routage dynamiques qu’il y’a encore eu un peu d’essuyage de plâtres récemment
-
Pour l'instant en 7.4, pas eu besoin de faire quoi que ce soit depuis la 7.3 sur le routeur (CCR2004-16G-2S+), sur le commutateur hébergeur d'ONT (CRS305) ni sur l'AP wifi (hAP ac²). Après pour les 3, ça se reste que de l'usage basique...
-
Ben justement sur un usage CPE, c’est encore pire, ros7 est tout à fait sec.
C’est plus sur les modules de routage dynamiques qu’il y’a encore eu un peu d’essuyage de plâtres récemment
faudra le rentrer dans notre roadmap d’évolution alors ;D
-
Un nouveau firmware stable est dans la place. v7.4.1
-
Nouveau firmware Stable 7.5, dans le bon fil, enfin.
Et, oui, la redite est pertinente.
La version 7.5 de RouterOS est publiée dans le canal "v7 stable" !
Avant une mise à niveau :
1) N'oubliez pas de sauvegarder/exporter les fichiers avant une mise à niveau et de les enregistrer sur un autre périphérique de stockage ;
2) Assurez-vous que l'appareil ne perdra pas de puissance pendant le processus de mise à niveau ;
3) L'appareil dispose de suffisamment d'espace de stockage libre pour tous les packages RouterOS à télécharger.
Quoi de neuf dans 7.5 (2022-Aug-30 12:25):
*) bgp - options de capacité de refus à distance fixes, erreurs de limite de préfixe max et arrêt administratif ;
*) bgp - stabilité améliorée lorsque "default-originate" est configuré ;
*) pont - validation de la valeur "nouvelle priorité" fixe pour les règles NAT ;
*) capsman - ajout d'une option de plage aléatoire pour le paramètre "reselect-interval" (CLI uniquement) ;
*) certificat - gestion fixe des AKID vides par le client SCEP ;
*) console - achèvement automatique de la commande fixe avec pression sur une touche ;
*) conteneur - ajout de la prise en charge de l'exécution de conteneurs Docker (TM) sur ARM, ARM64 et x86 (les conteneurs créés avant la v7.4 doivent être recréés) ;
*) defconf - chargement fixe de la configuration par défaut sur RB4011 avec le package WifiWave2 activé ;
*) dhcpv4-server - suppression fixe des baux dynamiques lorsque le serveur est supprimé ;
*) dhcpv6-client - message de journalisation à vie invalide déplacé du sujet "debug" vers "error" ;
*) dhcpv6-client - utilise le préfixe /128 pour les adresses IA_NA ;
*) dhcpv6-relay - transfert de relais fixe (introduit dans v7.1.5);
*) dhcpv6-server - stabilité améliorée lors de l'acquisition de la liaison ;
*) dns - paramètre "liste d'adresses" ajouté pour les entrées DNS statiques (CLI uniquement) ;
*) dns - ajout de l'option "match-subdomain" pour les entrées statiques (CLI uniquement) ;
*) pare-feu - prise en charge supplémentaire de l'assistant RTSP ;
*) health - lectures fixes de "température" et de "consommation électrique" sur RB1100x4 ;
*) health - lecture de tension améliorée sur CRS112-8P-4S ;
*) health - renommé "cpu-temperature" en "switch-temperature" sur CRS312-4C+8XG, CRS326-24S+2Q+, CRS354-48P-4S+2Q+, CRS354-48G-4S+2Q+, CRS504-4XQ-IN , CRS518-16XS-2XQ ;
*) hostpot - fonctionnalité Walled Garden fixe pour les sites HTTPS ;
*) hotspot - rejette automatiquement toutes les requêtes HTTPS passant par le serveur HotSpot pour les utilisateurs non autorisés ;
*) point d'accès - stabilité améliorée lors de la réception de faux paquets ;
*) hotspot - limite les connexions maximales autorisées en fonction des ressources RAM libres ;
*) point d'accès - option "https-redirect" supprimée ;
*) ike2 - autorise l'envoi de la chaîne de certificats en tant qu'initiateur ;
*) interface - nommage d'interface par défaut fixe sur RB1100x2 ;
*) l3hw - NAT offload HW corrigé ;
*) leds - configuration LED par défaut fixe pour RBwsAP-5Hac2nD ;
*) leds - fonctionnalité LED sans fil fixe sur LHGG ;
*) lora - n'ignorez pas le signe négatif pour les coordonnées GPS falsifiées ;
*) lte - ajout de la prise en charge du port at-chat et NMEA pour les modems Simcom, composition USB (identifiant de l'appareil - 0x9003);
*) lte - prise en charge at-chat ajoutée pour les modems Simcom, composition USB (identifiant de l'appareil - 0x9005);
*) lte - ajout des messages "SIM non inséré" et "Échec de la carte SIM" aux commandes "status" et "monitor" pour les modems AT ;
*) lte - modification de l'affichage des informations d'identification de cellule au format court pour les connexions 3G ;
*) lte - interdire les noms APN vides uniquement pour l'entrée par défaut ;
*) lte - canal AT fixe pour les modems Sierra Wireless avec ID d'appareil 0x9091 ;
*) lte - présence d'interface LTE fixe pour Telit LN940 ;
*) lte - performances UDP fixes sur les appareils MMIPS ;
*) lte - balayage d'antenne amélioré pour les appareils Chateau avec antennes commutables ;
*) lte - exportation de configuration améliorée lorsque plusieurs interfaces LTE sont présentes ;
*) lte - numéroteur de modem, ne réinitialise pas la séquence de numérotation si le modem répond avec une erreur à la chaîne d'initialisation définie par l'utilisateur ;
*) netinstall - procédure Netinstall fixe pour les appareils ARM ;
*) netwatch - démarre automatiquement les sondes migrées à partir des versions précédentes de RouterOS ;
*) netwatch - modification du seuil d'échec de perte de paquets ICMP par défaut à 85 % ;
*) ntp - serveur NTP fixe lorsque "use-local-clock" est utilisé ;
*) ospf - gestion fixe de l'adresse de transfert externe ;
*) ospf - amélioration de la stabilité lorsque l'interface est désactivée pendant l'échange de base de données ;
*) ovpn - processus de renouvellement de clé de chiffrement fixe qui provoquait des déconnexions de session périodiques ;
*) ovpn - amélioration de la stabilité du système lorsque l'accélération matérielle est utilisée sur les appareils ARM64 ;
*) ovpn - déplacement du message de journalisation de l'utilisateur déconnecté de la rubrique "debug" vers la rubrique "info" ;
*) ping - amélioration de la stabilité du service ;
*) port - prise en charge supplémentaire du D-Link DWM-222 en mode série/PPP (identifiant de l'appareil - 0xac01/0x7e3d) ;
*) port - prise en charge supplémentaire pour Huawei/ZTE K5006z en mode série/PPP (identifiant de l'appareil - 0x1017/0x1018) ;
*) ppp - amélioration de la stabilité du service sous forte charge ;
*) ppp - utilise /32 comme masque de réseau par défaut s'il n'est pas spécifié pour le paramètre "routes" ;
*) ptp - amélioration de la stabilité du système sur les appareils CRS ;
*) quickset - suppression de l'ajout de serveur PPTP et SSTP pour la case à cocher "VPN" ;
*) rb5009 - rapport d'état fixe ether1 après le redémarrage du système ;
*) route-filter - commande fixe "delete bgp-communities" ;
*) routerboard - fonctionnalité de script "bouton de réinitialisation" ajoutée pour les périphériques TILE ;
*) sfp - lecture "eeprom" fixe sur les appareils ARM à port SFP unique ;
*) sfp - interface fixe QSFP+ et QSFP28 désactivée lors de l'utilisation d'un câble épanoui ;
*) sfp - interface fixe "sfp1" qui ne répond pas après la désactivation de "ether1" sur les appareils NetMetal ;
*) sfp - gestion améliorée de l'initialisation des ports SFP combo sur CRS312-4C+8XG, CRS328-4C-20S-4S+ ;
*) sfp - stabilité améliorée lors de l'utilisation de modules optiques 2.5G dans CCR2116, CCR2216 et CRS518 ;
*) snmp - utilisation fixe de VRF après le démarrage du système ;
*) chaussettes - correction de l'utilisation du "port dst" lors de la vérification de la liste d'accès ;
*) ssh - ajout du support AES pour le décryptage PEM ;
*) ssh - importation fixe de clés publiques ;
*) ssh - correction d'un problème de faute de frappe mineur lors de l'importation de la clé publique ;
*) sstp - client fixe bloqué dans l'état "nonce matching" ;
*) commutateur - règles ACL fixes pour les commutateurs 98DXxxxx avec plus de 28 ports (introduits dans la v7.3);
*) commutateur - limite supprimée pour le nombre d'interfaces de liaison déchargées par le matériel ;
*) swos - prise en charge SwitchOS activée pour CRS310-1G-5S-4S+ ;
*) swos - procédure de mise à niveau fixe de SwOS sur CRS305-1G-4S+ ;
*) traceroute - ajout de la prise en charge du paramètre "ne pas fragmenter" (CLI uniquement) ;
*) traceroute - limite de taille de paquet augmentée à 65535 ;
*) vrrp - ajout de la compatibilité "sync-connection-tracking" avec le mode préemption ;
*) vrrp - utilisation élevée du processeur fixe lorsque "sync-connection-tracking=yes" et le routeur de sauvegarde se déconnecte ;
*) vrrp - correction de l'apprentissage de l'adresse MAC du pont déchargé du matériel lors du passage du maître VRRP à la sauvegarde ;
*) vrrp - synchronisation de suivi de connexion initiale fixe, un routeur de secours reçoit désormais toujours toutes les connexions existantes ;
*) vrrp - protocole de synchronisation de suivi de connexion amélioré (CTSYNC), le nouveau protocole est incompatible avec les versions précédentes de RouterOS avec "sync-connection-tracking=yes" ;
*) webfig - permet de spécifier le serveur NTP comme nom de domaine ;
*) webfig - affichage fixe des graphiques dans les pages d'état ;
*) webfig - valeur négative fixe du champ à virgule flottante au format -0.*** ;
*) wifiwave2 - paramètre "sae-pwe" ajouté avec mécanisme de hachage à élément pour la dérivation SAE PWE ;
*) wifiwave2 - prise en charge supplémentaire de 802.11k ;
*) wifiwave2 - désactiver l'interface sans fil après la réinitialisation de la configuration sans fil ;
*) wifiwave2 - affichage fixe d'AKM dans les résultats d'analyse ;
*) wifiwave2 - AKM dupliqué fixe dans le message RSN ;
*) wifiwave2 - mise à jour de clé de groupe fixe pour les appareils clients qui se connectent via une transition rapide BSS ;
*) wifiwave2 - correction de l'utilisation incorrecte d'AKM pour FT-WPA3-EAP-192 ;
*) wifiwave2 - envoi de réponse de réassociation fixe pour une transition rapide sur DS ;
*) wifiwave2 - réglage fixe du paramètre "ft-nas-identifier" ;
*) wifiwave2 - utilisation fixe du paramètre de pays du Canada sur les appareils verrouillés aux États-Unis ;
*) wifiwave2 - sélection améliorée de la largeur de canal par défaut pour les interfaces en mode station ;
*) winbox - n'affiche pas les interfaces LTE précédemment connectées lors de l'établissement de la connexion LTE ;
*) winbox - activé tous les filtres par défaut sous le menu "Outils/Torche" ;
*) winbox - fonctions fixes "Activer", "Désactiver" et "Commentaire" pour les interfaces de type L2TP-ether ;
*) winbox - correction du paramètre "Next Run" affiché dans le menu "System/Scheduler" ;
*) winbox - correction des champs "Type" et "Valeur" affichés sous le sous-menu "Système/Santé" ;
*) winbox - affiche les messages d'avertissement pour les entrées de connexion BGP ;
*) sans fil - initialisation de l'interface fixe sur les appareils x86 ;
*) x86 - autorise la rétrogradation vers RouterOS v6 uniquement s'il a déjà été installé ;
*) x86 - publicité fixe des vitesses de liaison 2500M et 5000M sur le pilote ixgbe ;
-
La version 7.6rc1 de RouterOS a été publiée sur le canal "test v7" !
La prochaine version stable v7.6 approche, en RC1 pour l'heure.
Voyez les dernières nouveautés. (https://lafibre.info/mikrotik/le-fil-des-mises-a-jour-mikrotik-routeros-instable-pour-les-temeraires-eclaires/)
Pas encore de notifications de patch du bug des fonctions health avec nos modules ONU SFP fs.com
-
7.6 sortie 8)
Peut-être la ligne "sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches" change-t-elle quelque chose pour les ONU FS.com ?
What's new in 7.6 (2022-Oct-17 13:55):
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT;
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
-
La version 7.7 de RouterOS est publiée dans le canal "v7 stable" !
Avant une mise à niveau :
1) N'oubliez pas de sauvegarder/exporter les fichiers avant une mise à niveau et de les enregistrer sur un autre périphérique de stockage ;
2) Assurez-vous que l'appareil ne perdra pas de puissance pendant le processus de mise à niveau ;
3) L'appareil dispose de suffisamment d'espace de stockage libre pour tous les packages RouterOS à télécharger.
Quoi de neuf dans 7.7 (2023-Jan-12 09:35):
*) bgp - fonctionnalité de commentaire ajoutée pour BGP VPN (CLI uniquement);
*) bgp - ne reflète pas la route vers l'expéditeur ;
*) bgp - économiseur PCAP de publicité BGP fixe ;
*) bgp - établissement d'une connexion fixe à l'aide d'adresses lien-local ;
*) bgp - amélioration de l'impression de publicités BGP ;
*) bgp - distribution de charge de session BGP améliorée sur plusieurs cœurs de processeur ;
*) bgp - définissez correctement "bgp-ext-communities" dans la liste des "communautés" ;
*) Bluetooth - ajout d'un filtrage unique des messages publicitaires ;
*) liaison - détecte correctement les changements d'état de l'interface VPLS ;
*) branding - paramètre d'identité fixe du package de branding ;
*) pont - prise en charge supplémentaire des entrées MDB statiques ;
*) pont - interdire le contrôleur de port lorsque MSTP est activé sur le pont ;
*) pont - paramètre "edge=yes" fixe pour MSTP ;
*) pont - compatibilité MSTP fixe avec STP ;
*) pont - identifiant de pont R/M/STP fixe lors du changement de mode de protocole ;
*) pont - BCP RSTP fixe avec interfaces PPP pontées ;
*) pont - état de blocage STP fixe sur le contrôleur de port ;
*) pont - hôte fixe se déplaçant avec un chemin rapide ;
*) pont - correction du blocage incorrect du port racine pour MSTP ;
*) pont - conversion de port maître fixe ;
*) bridge - priorité de port mst-override fixe pour MSTP ;
*) pont - priorité de port fixe pour STP et RSTP ;
*) pont - amélioration de la stabilité du système de contrôleur de port ;
*) pont - amélioration de la stabilité du système lors de l'utilisation de MSTP et de nombreux mappages VLAN ;
*) pont - suppression de la propriété de surveillance "age" de la table des hôtes ;
*) certificat - amélioration de la journalisation Let's Encrypt et de la récupération des erreurs ;
*) certificat - amélioration des processus de gestion, de signature et de stockage des certificats ;
*) conntrack - amélioration de la stabilité du système lorsque l'assistant PPTP est utilisé ;
*) conntrack - amélioration de la stabilité du système lors du traitement des connexions SCTP sur TILE ;
*) console - avis de copyright mis à jour ;
*) conteneur - accès fixe à "/dev/stderr" depuis les conteneurs ;
*) conteneur - gestion fixe des groupes et des noms d'utilisateur de Dockerfile ;
*) conteneur - extraction de goudron fixe ;
*) conteneur - les répertoires "ram" et "tmp" utilisent tmpfs ;
*) crs1xx/2xx - paramètre "nouveau-client-pcp" fixe pour les règles ACL ;
*) dhcpv6-client - gère la réception des heures T1 et T2 invalides ;
*) découverte - ajout du paramètre "découvert par" pour indiquer quel protocole a découvert le voisin ;
*) découverte - paramètre "mode" ajouté pour la configuration de la découverte ;
*) découverte - signale l'adresse IPv6 LL si l'adresse globale n'existe pas ;
*) disque - prise en charge supplémentaire de la création manuelle du système de fichiers RAM (TMPFS) (CLI uniquement) ;
*) disque - amélioration du montage, du formatage et de la dénomination du système de fichiers de stockage externe ;
*) dns - n'interroge pas les serveurs DNS en amont pour les enregistrements de regex correspondants ;
*) dns - modification fixe du paramètre "forward-to" pour les entrées FWD ;
*) dns - gestion fixe de l'entrée CNAME pointant vers une autre entrée FWD ;
*) dns - gestion fixe des entrées FWD où "forward-to" est un nom d'hôte ;
*) dns - correction des rapports TTL=0 incorrects pour les entrées mises en cache ;
*) dns - amélioration de l'ajout d'une entrée statique résolue à la liste d'adresses ;
*) dns - amélioration de la stabilité du service lorsque CNAME pointe vers une entrée FWD ;
*) dns - interroge les serveurs DNS en amont pour d'autres types d'enregistrements même si une entrée statique existe ;
*) dns - nécessite une politique "d'écriture" pour le vidage du cache DNS ;
*) dns - répond avec le TTL le plus bas pour les requêtes internes contenant des chaînes A, AAAA, CNAME ;
*) système de fichiers - répartition fixe sur les appareils avec conteneurs ;
*) pare-feu - option "set-priority" ajoutée pour le pare-feu mangle IPv6 ;
*) pare-feu - rendu paramétrable "dynamiquement" pour les listes d'adresses IPv4 ;
*) hotspot - paramètre "install-hotspot-queue" ajouté pour contrôler la création de file d'attente dynamique ;
*) point d'accès - limitation fixe maximale des connexions autorisées ;
*) point d'accès - fuite de mémoire mineure corrigée après chaque connexion réussie à partir du WEB ;
*) point d'accès - amélioration de la limitation des connexions maximales autorisées ;
*) hotspot - amélioration de la stabilité du système lorsque les clients migrent entre les ports de pont ou les VLAN ;
*) ike1 - interdire le paramètre "remote-id" pour l'identité ;
*) ike1 - répondeur XAuth fixe essayant de recréer la phase 1 ;
*) ike1 - amélioration du traitement IPsec-SA expiré ;
*) ike2 - ajout de la prise en charge du cryptage ChaChaPoly1305 ;
*) ike2 - ajout de la prise en charge du groupe DH 31 (EC25519) (CLI uniquement) ;
*) ike2 - création de notification de reclé fixe ;
*) ike2 - analyse améliorée de la charge utile du certificat ;
*) interface - n'autorise pas l'ajout d'interfaces "veth" invalides ;
*) interface - amélioration de la stabilité du système lors de la gestion de gros paquets sur CCR2216 ;
*) interface - affiche le modem RTL8153 CDC comme Ethernet ;
*) ipsec - paramètre "current-address" ajouté pour les pairs avec adresse DNS ;
*) ipsec - ajout de la prise en charge de l'accélération matérielle pour IPQ-6010 ;
*) ipsec - prise en charge supplémentaire de l'accélération SHA optimisée AVX ;
*) ipsec - amélioration de la présence du drapeau "H" (hw-aead) pour les SA accélérées ;
*) ipsec - amélioration du traitement de la charge utile IKE ;
*) ipsec - configuration améliorée des algorithmes d'authentification de proposition IPsec ;
*) ipsec - suppression des algorithmes de chiffrement Blowfish et Camellia pour IKE ;
*) ipv6 - ne génère pas d'adresses LL pour les interfaces VPN lorsque IPv6 est désactivé ;
*) ipv6 - n'utilisez pas d'adresses globales invalides/désactivées pour IPv6 ND ;
*) l2tp - prise en charge VRF ajoutée pour les interfaces Ether L2TP ;
*) l3hw - correction du déchargement de l'hôte en cas de changement d'adresse MAC ;
*) l3hw - NAT déchargé fixe pour le commutateur CRS309 ;
*) l3hw - amélioration de la stabilité du système lors de la désactivation ou de l'activation du déchargement L3HW ;
*) leds - configuration LED par défaut fixe sur netFiber 9 ;
*) LED - correction de l'extinction des LED après l'arrêt du système ;
*) lte - ajout de la prise en charge du canal AT pour Telit FN990 ;
*) lte - informations CA ajoutées en mode 5G ;
*) lte - correction de la gestion des erreurs lors de l'ouverture du canal de contrôle AT ;
*) lte - correction de la nouvelle validation de la valeur MTU ;
*) lte - amélioration de la stabilité lorsque le passthrough LTE est activé sur Chateau 5G ;
*) lte - affiche correctement les zéros non significatifs dans les chaînes MCC et MNC ;
*) lte - afficher le numéro de bande dans "ca-band" en mode NSA sur Chateau 5G ;
*) lte - utilise la valeur RSRP signalée par le signal MBIM pour les modems de type MBIM ;
*) macsec - duplication de paquets fixe sur l'interface Ethernet ;
*) macsec - transmission de paquets fixes utilisant un générateur de trafic ;
*) macsec - validation de paquet fixe ;
*) modem - ajout de la prise en charge du partage de connexion USB pour les appareils Google Pixel 7 ;
*) mpls - ajout d'informations VPLS LDP dans les mappages distants/locaux ;
*) mpls - attribution fixe d'une étiquette nulle explicite pour IPv6 ;
*) netinstall - paramètre "-i" ajouté pour Netinstall (CLI Linux);
*) netinstall - procédure Netinstall fixe sur les versions RouterBOOT de 3.27 à 6.41 ;
*) netinstall - amélioration de la sélection automatique de l'interface de démarrage réseau ;
*) netwatch - ajout de la prise en charge du type "https-get" (CLI uniquement) ;
*) netwatch - rapport fixe du nom VRF dans les messages de journalisation ;
*) netwatch - amélioration de la coexistence "d'intervalle" et "d'intervalle de paquet" pour le type ICMP ;
*) ntp - message d'erreur de journal lorsque le serveur est inaccessible ;
*) ospf - calcul de la somme de contrôle MD5 fixe ;
*) ospf - authentification simple fixe et sommes de contrôle pour les liens NBMA et PTMP ;
*) ospf - calcul de la somme de contrôle d'authentification simple fixe ;
*) ospf - sélection d'adresse de liaison virtuelle fixe pour les liaisons PTP ;
*) ovpn - ajout du suffixe "CBC" aux noms de chiffrement AES ;
*) ovpn - option "route-nopull" ajoutée pour le côté client ;
*) ovpn - ajout de la prise en charge de l'accélération matérielle pour IPQ-6010 ;
*) ovpn - ajout de la prise en charge de la tunnellisation IPv6 ;
*) ovpn - utilisation fixe de "Called-Station-Id" dans les requêtes RADIUS ;
*) package - correction des menus manquants lorsque les packages "lora" et "wifiwave2" sont installés ;
*) ping - ping ARP fixe ;
*) port - ajout de la prise en charge du port série pour le modem Telit FN990 ;
*) port - mappage de port R11e-LTE6 fixe ;
*) ppp - modification de la durée de bail par défaut du serveur dynamique DHCPv6 à 1 jour ;
*) ppp - n'hérite pas de la marque de routage pour les paquets encapsulés ;
*) ppp - correction de l'affichage de la commande "info" pour le client PPP ;
*) ppp - amélioration de la négociation de la méthode d'authentification ;
*) pppoe - amélioration de la stabilité du service lors de l'établissement de sessions PPPoE ;
*) quickset - ajout fixe de règles de filtrage de pont en mode ponté ;
*) quickset - tableau des membres de la liste d'interface fixe sur les changements de configuration ;
*) quickset - mettre à jour l'adresse IP du serveur DNS lors de la modification de l'adresse IP du routeur ;
*) rb4011 - signalement fixe de la fréquence actuelle du processeur et modification de la fréquence par défaut en "auto" ;
*) sfp - ajout de la prise en charge du module SFP 2.5G pour RB5009 ;
*) sfp - autorise l'utilisation du mode "10G Base-LR" pour le module XS+31LC10D ;
*) snmp - ajout de la prise en charge des OID "lldpRemLocalPortNum" ;
*) snmp - amélioration de la stabilité lors de la réception de faux paquets ;
*) ssh - ajout de la prise en charge de l'échange de clés Ed25519 ;
*) ssh - n'autorise pas l'utilisation de SHA1 avec le chiffrement fort activé ;
*) ssh - gestion fixe des clés RSA de taille non standard ;
*) supout - ajout du moniteur MSTI et mst-override pour le pont MSTP ;
*) supout - ajout de sections de pare-feu IPv6 manquantes ;
*) commutateur - évite la corruption des paquets dans certaines configurations pour les commutateurs 98DX3257, 98DX3255, 98DX4310, 98DX8525 et 98PX1012 ;
*) commutateur - moniteur Ethernet fixe lors de la désactivation de la négociation automatique pour les interfaces 10G pour le commutateur 98DX8212 (introduit dans v7.7beta3);
*) commutateur - correction de la désactivation de SFP Tx lors de la modification des paramètres de négociation automatique pour les commutateurs 98DXxxxx et 98PX1012 ;
*) interrupteur - miroir de sortie fixe pour les interrupteurs 98DX4310 et 98DX8525 ;
*) switch - masque les paramètres non valides pour les puces de commutation 98DX3255 et 98DX8525 ;
*) commutateur - amélioration de la stabilité de l'interface 10G, 25G et 40G pour les commutateurs 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 ;
*) commutateur - amélioration de la stabilité de l'interface 10G, 25G et 40G pour les commutateurs 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 ;
*) commutateur - amélioration de la stabilité de l'interface 10G, 25G, 40G et 100G pour les commutateurs 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 ;
*) commutateur - amélioration de la stabilité de l'interface Ethernet 10 Gbit/s pour le commutateur 98DX8212 ;
*) switch - amélioration de la stabilité de l'interface 25G pour les switchs 98PX1012, 98DX4310 et 98DX8525 (introduit dans la v7.6) ;
*) switch - augmentation de la valeur maximale de "rate" pour les règles ACL ;
*) swos - réglage fixe "allow-from-ports" ;
*) swos - correction des changements de configuration SwOS de RouterOS ;
*) swos - nom de fichier de sauvegarde SwOS par défaut amélioré ;
*) système - autorise jusqu'à 4 Go d'allocation de RAM par processus sur x86, ARM64 et TILE ;
*) système - amélioration de la gestion des politiques utilisateur ;
*) fuseau horaire - informations de fuseau horaire mises à jour à partir de la version "tzdata2022g" ;
*) tr069-client - modèle de données mis à jour vers la version 2.15 ;
*) traffic-flow - envoi fixe de l'intervalle d'échantillonnage ;
*) tunnels - prise en charge VRF ajoutée pour les tunnels EoIP, IPIP et GRE ;
*) vpls - expose les journaux de débogage liés à VPLS à la rubrique de journalisation "vpls" ;
*) vrrp - utilise toujours le MTU de l'interface esclave ;
*) vrrp - amélioration de la stabilité de l'interface lors des changements de configuration ;
*) vxlan - ajout de la prise en charge du paramètre "local-address" ;
*) vxlan - prise en charge VRF ajoutée ;
*) w60g - amélioration de la stabilité du système pour les appareils Cube Pro ;
*) webfig - assurez-vous que la page de connexion s'affiche après chaque déconnexion ;
*) webfig - accès fixe à WebFig lorsque le menu "Interface" est désactivé par skin ;
*) webfig - affichage fixe des routes VRF ;
*) webfig - validation d'entrée fixe pour le paramètre "VPLS ID" ;
*) webfig - réglage fixe du paramètre "DHCP Option Set" ;
*) webfig - capacités de mise en cache WEB améliorées ;
*) webfig - détecte correctement l'emplacement actuel des boutons de navigation ;
*) webfig - affiche correctement le nombre limité d'options disponibles ;
*) wifiwave2 - ajout des paramètres "datapath" pour configurer le transfert de données pour une interface (CLI uniquement) ;
*) wifiwave2 - ajout du paramètre "ft-preserve-vlanid" pour contrôler s'il faut changer l'ID VLAN après FT ;
*) wifiwave2 - menu "approvisionnement" ajouté pour attribuer automatiquement les configurations d'interface aux radios (CLI uniquement);
*) wifiwave2 - ajout de commandes de désactivation/activation aux sous-menus du profil de configuration (CLI uniquement) ;
*) wifiwave2 - ajout d'informations sur le débit par station dans la table d'enregistrement ;
*) wifiwave2 - ajout de la prise en charge CAPsMAN initiale (uniquement compatible avec les interfaces wifiwave2) (CLI uniquement) ;
*) wifiwave2 - ajout de la prise en charge de l'interfonctionnement/Hotspot 2.0 (CLI uniquement) ;
*) wifiwave2 - ajout de messages de journal plus informatifs sur les modifications du profil de configuration ;
*) wifiwave2 - option ajoutée pour définir l'ID vlan par client dans la liste d'accès (uniquement pris en charge sur les interfaces 802.11ax) (CLI uniquement) ;
*) wifiwave2 - ne permet pas à un appareil client d'être connecté à plus d'une interface à la fois ;
*) wifiwave2 - correspondance de provisionnement "radio-mac" fixe ;
*) wifiwave2 - prise de contact fixe à 4 voies avec TKIP ;
*) wifiwave2 - meilleure conformité avec les informations de domaine réglementaires ;
*) wifiwave2 - amélioration de la stabilité générale du système ;
*) wifiwave2 - amélioration de la stabilité du système lorsque plusieurs points d'accès virtuels sont configurés ;
*) wifiwave2 - signale correctement l'interface sur laquelle le trafic est reçu lorsque plusieurs interfaces de station sont utilisées simultanément ;
*) wifiwave2 - packages publiés pour MMIPS, PPC, TILE et x86 ;
*) wifiwave2 - suppression de la limite maximale pour l'intervalle de mise à jour de la clé de groupe et modification de la valeur par défaut à 1 jour ;
*) winbox - ajout du préfixe "Active" pour les champs "Circuit ID" et "Cookie Length" actuels pour les interfaces L2TP-Ether ;
*) winbox - ajout du bouton "Make Static" au menu "IP/DHCP Server/Leases" ;
*) winbox - paramètre "bus" ajouté pour la commande "USB Power Reset" sur Chateau ax ;
*) winbox - ajout du paramètre "force" manquant pour les nouvelles entrées "IP/DHCP Server/Options" ;
*) winbox - ajout de la colonne "vlan-id" manquante sous le tableau "IP/Hotspot/Hosts" ;
*) winbox - n'affiche pas les paramètres d'état liés à LACP pour les autres types de liaison ;
*) winbox - valeur MTU par défaut fixe pour les interfaces CAP ;
*) winbox - amélioration de la gestion des messages volumineux du protocole WinBox ;
*) winbox - augmentation du nombre maximum de sessions en lecture seule Winbox 5->25 ;
*) winbox - enregistre correctement le menu "Interfaces/Detect Internet/Detect Internet State" dans le fichier de session ;
*) winbox - suppression du faux onglet VRF du menu "Interface" ;
*) winbox - afficher le menu "Switch" sur l'axe Chateau 5G ;
*) winbox - affiche le menu "Switch" sur NetFiber 9 ;
*) winbox - affiche "Système/Santé/Paramètres" uniquement sur les cartes qui ont des valeurs configurables ;
*) winbox - affiche "System/RouterBOARD/Mode Button" sur les appareils qui ont une telle fonctionnalité ;
*) winbox - affiche le menu "USB Power Reset" sur le Chateau 5G ax ;
*) winbox - affiche un commentaire dynamique dans la table d'enregistrement WifiWave2 ;
*) sans fil - contrôle des paramètres liés à "nstreme" fixe dans les skins ;
*) sans fil - réglage fixe du paramètre d'interfonctionnement des domaines si realms-raw n'est pas défini ;
*) x86 - prise en charge ajoutée des cartes réseau SUN 10G ;
*) x86 - prise en charge améliorée du pilote igc ;
-
*) sfp - ajout de la prise en charge du module SFP 2.5G pour RB5009 ;
*) sfp - autorise l'utilisation du mode "10G Base-LR" pour le module XS+31LC10D ;
*) commutateur - évite la corruption des paquets dans certaines configurations pour les commutateurs 98DX3257, 98DX3255, 98DX4310, 98DX8525 et 98PX1012 ;
*) commutateur - moniteur Ethernet fixe lors de la désactivation de la négociation automatique pour les interfaces 10G pour le commutateur 98DX8212 (introduit dans v7.7beta3);
*) commutateur - correction de la désactivation de SFP Tx lors de la modification des paramètres de négociation automatique pour les commutateurs 98DXxxxx et 98PX1012 ;
*) interrupteur - miroir de sortie fixe pour les interrupteurs 98DX4310 et 98DX8525 ;
*) switch - masque les paramètres non valides pour les puces de commutation 98DX3255 et 98DX8525 ;
*) commutateur - amélioration de la stabilité de l'interface 10G, 25G et 40G pour les commutateurs 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 ;
*) commutateur - amélioration de la stabilité de l'interface 10G, 25G et 40G pour les commutateurs 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 ;
*) commutateur - amélioration de la stabilité de l'interface 10G, 25G, 40G et 100G pour les commutateurs 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 ;
*) commutateur - amélioration de la stabilité de l'interface Ethernet 10 Gbit/s pour le commutateur 98DX8212 ;
Quelques nouveautés attendues chez les utlisateurs de CCR2004 et RB5009
-
La version 7.8 de RouterOS a été publiée dans le canal "v7 stable" !
Avant une mise à niveau :
1) N'oubliez pas de sauvegarder/exporter les fichiers avant une mise à niveau et de les enregistrer sur un autre périphérique de stockage ;
2) Assurez-vous que l'appareil ne perdra pas de puissance pendant le processus de mise à niveau ;
3) L'appareil dispose de suffisamment d'espace de stockage libre pour tous les packages RouterOS à télécharger.
Quoi de neuf dans 7.8 (2023-Feb-24 11:03) :
!) stockage - ajout d'un nouveau support de package "rose-storage" pour la gestion étendue des disques et la fonctionnalité de surveillance (ARM, ARM64, Tile et x86) (CLI uniquement) ;
*) bgp - réglage fixe du paramètre "default-prepend" ;
*) pont - correction de l'ajout de MSTI désactivé ;
*) pont - flux de paquets DHCP fixe lors de l'utilisation de la surveillance DHCP, du déchargement matériel et de "use-ip-firewall" ;
*) pont - correction d'une éventuelle corruption de paquets DHCP lors de l'utilisation de la surveillance DHCP ;
*) pont - faute de frappe d'avertissement PVID fixe ;
*) pont - logique de déchargement HW améliorée ;
*) certificat - exportation fixe d'un certificat lorsque la dernière ligne du certificat fait exactement 64 octets ;
*) certificat - importation de certificat PBES2 fixe ;
*) certificat - amélioration des processus de gestion, de signature et de stockage des certificats ;
*) certificat - amélioration du processus d'importation de plusieurs certificats ;
*) conntrack - amélioration de la stabilité du système lors du changement d'état de suivi de connexion ;
*) conntrack - amélioration de la stabilité du système lorsque l'assistant PPTP est utilisé ;
*) console - ajout du paramètre "as-string" à la commande ":execute" ;
*) conteneur - option d'authentification ajoutée pour le registre (CLI uniquement) ;
*) conteneur - propriété du fichier ".type" fixe ;
*) conteneur - propriété du fichier fixe après la mise à niveau du système pour les conteneurs s'exécutant sur le disque interne ;
*) conteneur - correction du démarrage automatique de plusieurs conteneurs au démarrage ;
*) dhcpv4-client - envoie des demandes de monodiffusion DHCPv4 au relais DHCPv4, au lieu du serveur lorsqu'il est utilisé ;
*) disque - limite la taille maximale de TMPFS ;
*) dns - ajout de paramètres configurables de limitation des requêtes simultanées DoH ;
*) dns - ne met pas en cache les résultats de la commande ":resolve" avec un serveur spécifique ;
*) dns - correction de la lecture de CNAME à partir du cache ;
*) dns - messages de journalisation limités "Requêtes simultanées maximales DoH atteintes" à une fois par minute ;
*) dns - répond par "NOERROR" aux requêtes DNS pour les noms de domaine statiques lorsque l'enregistrement de type approprié n'est pas configuré ou trouvé sur le serveur en amont ;
*) pare-feu - cible de priorité de pont fixe ;
*) pare-feu - cible prioritaire DSCP fixe pour IPv6 Mangle ;
*) pare-feu - calcul d'adresse maximale de plage netmap fixe pour NAT IPv6 ;
*) graphique - correction du masquage des files d'attente cibles lorsque "allow-target" est désactivé ;
*) représentation graphique - tri fixe des graphiques d'interface et de file d'attente ;
*) représentation graphique - gère correctement les graphiques d'interface désactivés et à liaison statique ;
*) graphing - suppression de la commande "move" pour les règles graphiques ;
*) santé - lectures fixes de "température" et de "consommation électrique" pour RB1100AHx4 ;
*) hotspot - réglage fixe du paramètre "adresse" pour la liaison IP ;
*) point d'accès - restaurer le délai d'attente des cookies au redémarrage ;
*) ike2 - ajout de la prise en charge de "address", "key-id" et "dn" pour la correspondance d'ID à distance (CLI uniquement) ;
*) ike2 - vidage SA actif fixe sur le répondeur après une tentative de connexion homologue infructueuse ;
*) ipsec - prise en charge ajoutée de la prise en charge de l'attribut RADIUS "Framed-Route" ;
*) ipsec - ne correspondent pas aux requêtes IKE entrantes par des pairs de noms DNS non résolus ;
*) ipsec - pair matcher fixe pour la connexion entrante avec un DNS non résolu ;
*) ipv6 - ajout de la configuration de l'option "pref64" pour RA ;
*) ipv6 - gestion améliorée des changements d'état d'adresse IPv6 "annoncer" ;
*) ipv6 - plage de valeurs du paramètre "hop-limit" limitée à 255 ;
*) ipv6 - rendu conforme à la norme RFC8106 sur la durée de vie du DNS distribué ;
*) l3hw - vérification de l'adresse MAC de destination ajoutée pour les connexions FastTrack déchargées ;
*) led - lecture du signal fixe pour le dispositif KNOT ;
*) leds - nécessitent toujours de définir le nom de l'interface lors de la définition de l'indication "modem-signal" ;
*) lte - ajout du support AT pour Telit LE910C4 en mode MBIM ;
*) lte - utilisation du paramètre APN fixe lors de la tentative de connexion initiale pour les modems Quectel et Neoway basés sur AT ;
*) lte - sélection d'antenne automatique fixe sur Chateau LTE12/LTE18 ;
*) lte - numérotation fixe pour le module Fibocom L850-GL ;
*) lte - affichage fixe du "numéro d'abonné" ;
*) lte - correction d'une fuite de mémoire possible lors de l'utilisation du mode passthrough sur Chateau 5G ;
*) lte - amélioration de la correspondance des ports AT pour les modems SIMCom, Huawei, WeLink, Cinterion, BandLuxe et Sierra ;
*) lte - amélioration de la vitesse de détection du modem dans le slot mini-PCIe inférieur sur LtAP ;
*) lte - stabilité améliorée pour R11e-LTE6, ignorer la réinitialisation de la connexion lors de la première expiration de la commande EEMGINFO ;
*) lte - LtAP a amélioré la détection du modem dans le slot mini-PCie inférieur ("/mise à niveau de la carte de routage du système" requise) ;
*) lte - analyse USSD même si l'encodage n'est pas pris en charge ;
*) mpls - gestion fixe de plus de 9 VRF ;
*) mpls - correction de la création du socket d'écoute LDP avant que l'adresse IPv6 ne soit prête à être utilisée ;
*) mpls - stabilité améliorée lors du redémarrage du routeur voisin ;
*) ospf - paramètre "ospf-type" fixe pour les routes OSPFv3 ;
*) ospf - authentification simple fixe pour OSPFv3 ;
*) ovpn - ajout de la prise en charge du cryptage AES-GCM et multicœur ;
*) ovpn - amélioration de la stabilité du serveur ;
*) ovpn - amélioration de la journalisation des erreurs liées à TLS ;
*) pimsm - amélioration de la stabilité du système ;
*) poe - ajout de la prise en charge de la gestion de l'alimentation LLDP pour 802.3at PSE ;
*) poe - éteignez correctement l'alimentation lorsque le lien n'est pas détecté sur hAP ax2 et hAP ax3 ;
*) port - numéro de canal fixe du modem sur KNOT ;
*) pppoe - analyse fixe du client PPPoE montrant un seul serveur ;
*) ressource - affiche les statistiques relatives au système de fichiers sur CCR2004 ;
*) route - présence de route par défaut IPv6 fixe lorsqu'elle est reçue de RA ;
*) route - correction de l'impression du paramètre "count-only" de la table de routage ;
*) route - affiche les propriétés hoplimit et MTU sous le menu "/routing route" pour les routes SLAAC ;
*) routerboot - stockage au format fixe pour le périphérique RBM33G ("/mise à niveau de la carte de routage du système" requise) ;
*) routerboot - routerboot protégé fixe pour le périphérique RBM33G ("/mise à niveau de la carte de routage du système" requise);
*) sfp - détection de faux lien fixe avec S+RJ10 sur RB5009 ;
*) sfp - lecture fixe de l'EEPROM SFP sur les périphériques à port SFP unique ;
*) sfp - compatibilité SFP des modules optiques améliorés sur les appareils CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ ;
*) sms - rapport amélioré des erreurs d'envoi de SMS ;
*) sms - enregistre la réponse USSD lorsque USSD est envoyé via MBIM ;
*) renifleur - ajout de paramètres de filtrage supplémentaires ;
*) snmp - ne pas afficher l'identité dans LLDP lorsque la marque est utilisée avec des données SNMP masquées ;
*) snmp - gestion fixe des routes désactivées ;
*) snmp - rapport fixe du compteur du nombre total de routes ;
*) ssh - adresse "localhost" codée en dur pour les demandes de transfert ;
*) ssh - amélioration de la stabilité du système lors du traitement d'une connexion SSH non cryptée ;
*) sstp - établissement de session TLS fixe lorsque "connect-to" est le nom DNS ;
*) commutateur - sélection de débit SFP fixe pour les appareils CRS354 ;
*) commutateur - amélioration de la stabilité de l'interface 10G, 25G, 40G et 100G pour les commutateurs 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 ;
*) switch - amélioration de la stabilité du système pour les puces de commutation 98DXxxxx ;
*) swos - suppression du menu "/system swos" pour les commutateurs de la série CRS5xx ;
*) Torch - autorise le paramètre "sans pagination" pour Torch ;
*) générateur de trafic - augmentation du nombre de flux maximum autorisé ;
*) mise à niveau - affiche un message d'erreur lorsque la licence interdit la mise à niveau ;
*) usb - modification du comportement de détection automatique de l'USB par défaut sur l'USB externe, lorsqu'aucun périphérique USB interne n'est détecté ;
*) vxlan - paramètre "dont-fragment" ajouté qui permet de gérer la fragmentation ;
*) vxlan - paramètre "max-fdb-size" ajouté ;
*) vxlan - ajout de la prise en charge de FastPath ;
*) webfig - permet de définir des valeurs numériques dans les champs d'intervalle de temps ;
*) webfig - accès fixe à WebFig lorsque le menu "Interface" est désactivé par skin ;
*) webfig - édition fixe des paramètres multi-champs avec case à cocher "non" ;
*) webfig - gestion fixe des fichiers skin vides ;
*) webfig - amélioration de la réactivité de la navigation ;
*) webfig - amélioration de l'analyse des fichiers skin ;
*) webfig - fonctionnement amélioré du terminal ;
*) webfig - échappez correctement tous les caractères URI réservés ;
*) webfig - WebFig mis à jour et pages Web graphiques en HTML5 ;
*) wifiwave2 - outil de renifleur sans fil ajouté pour capturer les transmissions sans fil (CLI uniquement);
*) wifiwave2 - ajuste la surveillance des interfaces de la station pour signaler quand une interface est autorisée, pas seulement connectée ;
*) wifiwave2 - activé des canaux supplémentaires dans les bandes UNII-3 et UNII-4 pour l'Europe et les États-Unis sur hAP ax^2, hAP ax^3 et Chateau ax ;
*) wifiwave2 - compatibilité fixe avec les appareils tiers lors de l'utilisation de l'authentification hachage-élément SAE avec les groupes DH 20 et 21 ;
*) wifiwave2 - authentification SAE fixe pour les interfaces en mode station lors de la tentative de connexion à des points d'accès nécessitant un jeton anti-colmatage (introduit dans RouterOS 7.4);
*) wifiwave2 - implémente les procédures de requête SA de protection de gestion 802.11w ;
*) wifiwave2 - améliore les protections contre les attaques par déni de service sur WPA3 ;
*) winbox - bouton "Connecter" ajouté dans le menu "WifiWave2/Scan" ;
*) winbox - ajout des boutons "Désactiver/Activer" sous le menu "WifiWave2" ;
*) winbox - ajout du paramètre "Match Subdomain" sous le menu "IP/DNS/Static" ;
*) winbox - ajout du bouton "Provision" sous le menu "WifiWave2" ;
*) winbox - ajout de la case à cocher "Démarrer au démarrage" dans le menu "Conteneur" ;
*) winbox - ajout des colonnes "Tx Rate" et "Rx Rate" sous le menu "WifiWave2/Registration" ;
*) winbox - ajout de propriétés manquantes lors de la définition de "Utiliser le serveur DoH" ;
*) winbox - ajout des paramètres liés à WifiWave2 manquants dans le menu "WifiWave2" ;
*) winbox - ajout du paramètre Type "https-get" dans le menu "Outils/Netwatch" ;
*) winbox - permet de sélectionner un pont pour les entrées statiques dans le menu "Pont/MDB" ;
*) winbox - affichage fixe de la valeur "Default Prepend" sous le menu "Routing/BGP/Sessions" ;
*) winbox - affichage fixe des valeurs "Tx/Rx CCQ" sous le menu "Wireless/Registration" ;
*) winbox - affichage fixe des drapeaux sous le menu "Système/Console" ;
*) winbox - affichage fixe de plusieurs drapeaux de caractères ;
*) winbox - utilisation fixe des adresses de la famille IPv6 sous le menu "IP/Proxy Web/Accès" ;
*) winbox - masquer "TTL"
*) winbox - masquez les propriétés inutiles pour les interfaces virtuelles sous le menu "WifiWave2" ;
*) winbox - amélioration de l'indice de survol de la souris pour la politique "locale" sous le menu "Système/Utilisateurs/Groupes" ;
*) winbox - renommez la propriété de surveillance "Multicast Router" en "Is Multicast Router" dans le menu "Bridge" ;
*) winbox - affiche la colonne "Gateway" par défaut sous le menu "IPv6/Routes" ;
*) x86 - prise en charge supplémentaire de TP-Link TG-3468 ;
*) x86 - prise en charge SR-IOV fixe pour les cartes réseau de la série Intel X710 ;
*) x86 - prise en charge améliorée du module SFP Intel série 500 10G ;
*) x86 - stabilité améliorée pour les cartes réseau de la série Intel X550 avec SR-IOV ;
*) zerotier - itinéraires fixes après changement VRF ;
-
Un peu d'eau à coulé sous les ponts, et je saute quelques versions qui passent la trappe.
Quoi de neuf dans 7.10.2 (2023-Jul-12 12:45):
*) wifiwave2 - l'interface fixe se bloque sur les cartes basées sur IPQ6010 (introduit dans la v7.9);
Quoi de neuf dans 7.10.1 (2023-Jun-27 12:03) :
*) ovpn - négociation d'identifiant de pair de serveur OVPN fixe ;
*) webfig - utilise le fuseau horaire du routeur pour la date et l'heure ;
Quoi de neuf dans 7.10 (2023-Jun-15 08:17) :
!) ipv6 - traitement fixe du serveur DNS par les services IPv6/ND (CVE-2023-32154) ;
!) route - BFD ajouté ;
*) bgp - permet de filtrer les sessions BGP par AFI ;
*) bgp - modification de la distance d'importation VPNv4 par défaut en valeur iBGP (200) ;
*) bgp - ne vérifie pas la distinction de route lors de l'importation ;
*) bgp - correction de "as-override" et renommage en "output.as-override" ;
*) bgp - correction de "remove-private-as" et renommage en "output.remove-private.as" ;
*) bgp - afficher la famille d'adresses dans les publicités ;
*) bgp - affiche le nombre approximatif de préfixes reçus par la session ;
*) branding - logo personnalisé fixe (introduit dans la v7.8 );
*) pont - état STP déchargé du matériel fixe sur la désactivation du port ;
*) pont - déchargement matériel fixe pour le pont filtré par vlan sur les appareils avec plusieurs commutateurs (introduit dans v7. 8 );
*) pont - hôte incorrect fixe se déplaçant entre les ports avec FastPath activé ;
*) certificat - affichage fixe du numéro de série du certificat ;
*) certificat - rapport d'erreurs amélioré pour le certificat Let's Encrypt ;
*) certificat - restaurer les options de propriété "key-usage" disponibles ;
*) conntrack - ajout des champs en lecture seule "active-ipv4" et "active-ipv6" à "/ip/firewall/connection/tracking" (CLI uniquement) ;
*) console - ajout d'une erreur de délai d'attente pour l'exportation de la configuration ;
*) console - format d'heure modifié selon la norme ISO ;
*) console - désactiver la sortie lors de l'utilisation du paramètre "as-value" ;
*) console - correction de l'entrée ":terminal inkey" lors du redimensionnement du terminal ;
*) console - correction de la sortie "impression sans pagination" dans certains cas ;
*) console - masque les commandes passées avec des arguments sensibles ;
*) console - amélioration de la stabilité lors de l'utilisation de la complétion de commande ;
*) conteneur - "extraction de conteneur" fixe pour prendre en charge le format de manifeste OCI ;
*) conteneur - plantage fixe dû à des répertoires système manquants ;
*) conteneur - amélioration des valeurs d'environnement interne par défaut ;
*) defconf - permet d'utiliser les informations d'identification prédéfinies en usine du périphérique dans les fichiers de configuration Flashfig et Netinstall ;
*) defconf - configuration par défaut fixe pour RBSXTLTE3-7 ;
*) dhcp-server - comptabilisation fixe sur la mise à jour intermédiaire RADIUS ;
*) dhcpv4-server - nom ajouté pour l'option "IPv6-Only Preferred" (108) dans les journaux de débogage ;
*) doh - journalisation moins détaillée ;
*) pare-feu - ajout du support "endpoint-independent-nat" ;
*) pare-feu - option "nth" ajoutée pour le pare-feu IPv6 ;
*) gps - exposer le port GPS pour Quectel RM520N-GL ;
*) ike2 - amélioration du traitement des demandes de suppression de SA enfant ;
*) iot - option ajoutée pour envoyer des commandes de code de fonction Modbus directement à partir de RouterOS (CLI uniquement) ;
*) ipsec - ajout de la prise en charge de l'accélération matérielle pour IPQ-5010 (hAP ax lite) ;
*) ipsec - refactoriser l'authentification par clé publique ;
*) ipsec - suppression des valeurs "ec2n185" et "ec2n155" des configurations de proposition ;
*) ipv6 - suppression d'adresse IPv6 fixe ;
*) l3hw - option "redémarrage automatique" ajoutée aux paramètres L3HW ;
*) l3hw - ajout d'options de configuration avancées pour affiner le déchargement L3HW (les paramètres l3hw sont effacés après la mise à niveau ou la rétrogradation) (CLI uniquement) ;
*) l3hw - message d'erreur ajouté et réinitialisation "l3-hw-offloading=no" si le pilote L3HW ne démarre pas ;
*) l3hw - options de surveillance ajoutées pour l'utilisation de L3HW (CLI uniquement) ;
*) l3hw - suppression de route fixe /32 ;
*) l3hw - déchargement de route IPv6 ECMP fixe ;
*) l3hw - correction du déchargement des routes /32 IPv4 et /128 IPv6 ;
*) l3hw - déchargement fixe de la table de routage lors d'un grand nombre de mises à jour de routes ;
*) l3hw - amélioration du déchargement de l'hôte et du prochain saut ;
*) l3hw - amélioration du déchargement des hôtes IPv6 après le redémarrage du pilote L3HW ;
*) l3hw - amélioration des performances du déchargement partiel ;
*) l3hw - déchargement de route amélioré après un changement de passerelle ;
*) l3hw - amélioration de la stabilité du système pour le déchargement partiel de la table de routage ;
*) LED - indication fixe du mode RAT du modem sur hAP ac^3 LED du bouton de mode LTE6 WPS ;
*) lora - amélioration de la détection de la carte passerelle et de la logique de mise à niveau ;
*) lora - version du firmware mise à jour pour la passerelle LoRaWAN (pour les cartes R11e-LoRa8, R11e-LoRa9);
*) lte - requête de cellule de desserte ajoutée pour les modems MBIM avec l'extension MBIM nécessaire ;
*) lte - désactive le filtrage des requêtes DHCP (port UDP 67) pour Chateau 5G ;
*) lte - authentification APN fixe pour modem R11e-LTE6 ;
*) lte - prise en charge fixe du partage de connexion Google Pixel 7;
*) lte - le micrologiciel du modem MBIM amélioré a signalé la gestion des erreurs lors de la configuration des modes RAT ;
*) lte - amélioration de la stabilité de la mise à niveau du micrologiciel du modem pour les modems MBIM ;
*) lte - stabilité améliorée pour la mise à niveau du micrologiciel du modem Chateau 5G LTE ;
*) lte - réduction du temps de basculement entre les emplacements SIM pour les modems MBIM avec prise en charge de la réinitialisation UUIC ;
*) lte - arrêter "cell-monitor" lors du changement de configuration de l'interface LTE pour les modems MBIM ;
*) mpls - ajout de la prise en charge de FastPath ;
*) netwatch - ajout d'un avertissement concernant la sonde non en cours d'exécution en raison d'un "retard de démarrage" (CLI uniquement) ;
*) ovpn - ajout de la prise en charge initiale du protocole de transfert de données V2 ;
*) ovpn - amélioration de la stabilité du système ;
*) poe - correction des fausses valeurs "poe-in-voltage" lors de l'utilisation de la prise CC pour RB5009 ;
*) pppoe - analyse fixe du client PPPoE lorsque le serveur envoie des messages PADO sans balise Service-Name ;
*) qos-hw - ajout de la prise en charge du marquage QoS pour les commutateurs 98DXxxxx (CLI uniquement) ;
*) qos-hw - champ "priorité" VLAN renommé en "pcp" pour éviter toute confusion ;
*) rose-storage - ajout de la prise en charge de plusieurs utilisateurs smb et partages smb ;
*) route - amélioration de la stabilité du système lors de la suppression des entrées de transfert multidiffusion ;
*) routerboard - test de mémoire fixe sur CCR2116-12G-4S+ ("/system routerboard upgrade" requis);
*) routerboard - amélioration de la stabilité de RouterBOOT pour les processeurs Alpine ("/mise à niveau de la carte de routage du système" requise);
*) routerboot - augmentation de la valeur maximale de "preboot-etherboot" à 30 secondes ("/system routerboard upgrade" requis);
*) planificateur - planificateur mal démarré fixe lors du redémarrage ou de l'arrêt ;
*) sfp - valeur de surveillance de "taux" fixe pour l'interface SFP sur les appareils de la série L009UiGS ;
*) sfp - moniteur de liaison combo-éther fixe pour le commutateur CRS328-4C-20S-4S+ ;
*) sfp - liaison combo-sfp fixe au débit 1G pour le commutateur CRS312 ;
*) sfp - amélioration de la stabilité de l'interface 10G pour les commutateurs basés sur 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 ;
*) sfp - compatibilité améliorée du module avec les mauvaises données EEPROM pour les appareils RB4011, RB5009, CCR2xxx, CRS312 et CRS518 ;
*) sfp - amélioration de la stabilité de l'interface Q/SFP pour les commutateurs 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 ;
*) sfp - amélioration de la gestion de l'interface SFP pour les appareils RB4011, RB5009, CCR2xxx et CRS518 ;
*) sfp - amélioration de la stabilité du système avec certains modules SFP pour les appareils CCR2216 et CRS518 ;
*) sfp - signale les données EEPROM même si "auto-init-failed" s'est produit ;
*) smb - fonctionnement amélioré de SMB v1 ;
*) renifleur - fixe la limite des fichiers volumineux .pcap ;
*) snmp - ajout du paramètre "engine-id-suffix" et affichage du "engine-id" réel en tant que propriété en lecture seule ;
*) snmp - ajout de la table d'homologues BGP prenant en charge IPv4 uniquement (1.3.6.1.2.1.15.3.1) ;
*) snmp - ajout du nouvel OID "mtxrInterfaceStatsTxRx1024ToMax" à MIKROTIK-MIB ;
*) ssh - ajout de la propriété "mot de passe" de la clé en ligne ;
*) ssh - connexion client RouterOS SSH fixe lors de l'utilisation d'une clé (introduit dans la v7.9);
*) switch - ajout d'options de configuration "storm-rate" plus précises pour les switchs 98DXxxxx (CLI uniquement) ;
Commutateurs 98DX3255 ;
*) système - amélioration des rapports de surveillance dans le journal après le redémarrage de plusieurs appareils ARM et ARM64 ;
*) système - utilisation réduite de la RAM pour les appareils SMIPS ;
*) mosaïque - prise en charge fixe de la carte microSD ;
*) tr069 - ajout du paramètre 5G SCC "SNR" pour les modems qui le signalent ;
*) upgrade - n'exécute pas la mise à niveau manuelle si certains packages sont manquants ;
*) ups - mise à jour fixe de la propriété "batterie-tension" ;
*) vrrp - ajout d'un avertissement si "sync-connection-tracking=yes" alors que le suivi de connexion global est inactif ;
*) vrrp - ajout d'un avertissement si le groupe VRRP est mal configuré ;
*) vrrp - ajout d'un avertissement si VRRP ou son interface n'a pas d'adresse IP ;
*) vrrp - ne démarre pas la synchronisation de la connexion si le suivi global de la connexion est inactif ;
*) vrrp - problème résolu où l'interface VRRP désactivée affecte le groupe ;
*) vrrp - état de l'interface VRRP fixe lors de la déconnexion du câble physique ;
*) vrrp - amélioration de la stabilité du système lors du changement de "group-authority" ou "sync-connection-tracking" ;
*) vrrp - renommé "group-master" en "group-authority" pour éviter toute confusion avec le maître VRRP ;
*) vrrp - envoyer des annonces VRRP uniquement par
*) w60g - amélioration de la stabilité de l'interface pour les configurations PTMP ;
*) webfig - favicon haute résolution ajouté ;
*) webfig - autorise des limites supérieures illimitées pour la plage de numéros ;
*) webfig - permet de définir "0" seconde fois pour les champs avec des valeurs par défaut ;
*) webfig - format d'heure modifié selon la norme ISO ;
*) webfig - affiche la date et l'heure dans le fuseau horaire local ;
*) webfig - menu "WifiWave2" manquant fixe ;
*) webfig - correction des noms de propriété manquants dans le menu "WifiWave2" ;
*) webfig - affichage de la configuration des éléments repensé ;
*) webfig - barre de menu supérieure repensée ;
*) webfig - menu "Outils/Telnet" supprimé ;
*) webfig - suppression de la connexion automatique avec les informations d'identification par défaut (administrateur sans mot de passe) ;
*) wifiwave2 - évite de transmettre des octets supplémentaires à la fin du paquet après avoir supprimé une balise VLAN ;
*) wifiwave2 - ne pas afficher les valeurs de puissance de transmission de l'espace réservé au démarrage de l'interface ;
*) wifiwave2 - connexion CAP fixe lors du provisionnement "manager=capsman" ;
*) wifiwave2 - nom d'interface CAP fixe lors de l'utilisation de "name-format" ;
*) wifiwave2 - problèmes de connectivité fixes lors de l'utilisation de la liste d'accès ;
*) wifiwave2 - avertissement de disponibilité du canal DFS fixe (introduit dans la v7.9);
*) wifiwave2 - interface dynamique fixe ajoutée au pont sur le périphérique CAP ;
*) wifiwave2 - impossibilité fixe de désactiver CAPsMAN lorsqu'il y a des clients authentifiés RADIUS connectés ;
*) wifiwave2 - correction de limites incorrectes sur le nombre d'interfaces en mode station ;
*) wifiwave2 - changement de nom d'interface fixe lors de la restauration de la sauvegarde ;
*) wifiwave2 - délai d'attente de prise de contact de clé fixe avec réassociation des clients ;
*) wifiwave2 - compatibilité d'authentification OWE fixe avec les appareils clients 802.11ax ;
*) wifiwave2 - compatibilité d'authentification OWE fixe avec les appareils clients tiers (introduit dans la v7.8 );
*) wifiwave2 - problèmes de débit sans fil résolus après les événements d'itinérance du client 802.11r sur les appareils 802.11ac ;
*) wifiwave2 - améliore les protections contre les attaques DoS sur WPA3-PSK ;
*) wifiwave2 - amélioration de la journalisation lorsqu'une interface est incapable d'attribuer une balise VLAN au client ;
*) wifiwave2 - amélioration de la stabilité du système lors de la tentative de dépassement de la limite de points d'accès virtuels ;
*) wifiwave2 - journalisation moins détaillée lorsque les clients WPA3-PSK se connectent ;
*) wifiwave2 - autres améliorations de la stabilité du système ;
*) wifiwave2 - restaurer l'état de fonctionnement de l'interface lorsque la connexion à CAPsMAN est perdue ;
*) winbox - menu "MPLS/Paramètres" ajouté ;
*) winbox - ajout de l'onglet de configuration "Queues" lors de la création de nouvelles entrées dans le menu "IPv6/DHCP-Server" ;
*) winbox - renommez la propriété "URL" en "Données d'action" sous le menu "IP/Proxy Web/Accès" ;
*) wireguard - traitement du trafic IPv6 fixe avec plusieurs pairs ;
*) wireguard - réessayez la requête DNS "endpoint-address" en cas d'échec de la résolution ;
*) x86 - mise à jour du pilote de glace vers v1.11.14 ;
*) zerotier - rendre le paramètre "identité" sensible ;
La version 7.11 de RouterOS a été publiée dans le canal "v7 stable" !
Avant une mise à niveau :
1) N'oubliez pas de sauvegarder/exporter les fichiers avant une mise à niveau et de les enregistrer sur un autre périphérique de stockage ;
2) Assurez-vous que l'appareil ne perdra pas de puissance pendant le processus de mise à niveau ;
3) L'appareil dispose de suffisamment d'espace de stockage libre pour tous les packages RouterOS à télécharger.
-
Quoi de neuf dans la version 7.11.2 (31 août 2023 16h55) :
*) DHCP - paramètres du serveur DHCP fixes « faisant autorité » et « seuil de délai » (introduits dans la v7.11.1) ;
Quoi de neuf dans la version 7.11.1 (30 août 2023 13:41) :
*) pont - transfert rapide fixe avec filtrage VLAN déchargé du matériel (introduit dans la v7.
*) pont - correction de la désactivation de l'entrée VLAN non balisée ;
*) pont - stabilité du filtrage VLAN fixe avec les ports déchargés matériels et non matériels (introduit dans la v7.10) ;
*) pont - stabilité améliorée du système ;
*) pont - stabilité améliorée du pont de filtrage VLAN avec CAPsMAN (introduit dans la v7.11) ;
*) console - stabilité et réactivité améliorées ;
*) DHCP - Correction des délais de réponse liés au serveur DHCP et aux relais ;
*) ipsec - politique IPSec corrigée lors de l'utilisation de modp3072 ;
*) lte - condition de concurrence critique au démarrage lorsque la carte SIM est dans l'emplacement "up" pour LtAP mini ;
Quoi de neuf dans 7.11 (2023-Aug-15 09:33):
*) api - interdire l'exécution de commandes sans paramètres requis ;
*) bfd - valeur "actual-tx-interval" fixe et "remote-min-tx" ajouté (CLI uniquement) ;
*) bfd - amélioration de la stabilité du système ;
*) bluetooth - commande "decode-ad" ajoutée pour décoder les charges utiles Bluetooth brutes (CLI uniquement);
*) bluetooth - section "Périphériques" ajoutée qui affiche le TLM et l'UID d'Eddystone décodés, Charges utiles Bluetooth iBeacon et MikroTik ;
*) bluetooth - ajout d'un nouveau type de structure AD "service-data" pour la publicité Bluetooth ;
*) pont - ajout de plus de journalisation liée à STP ;
*) pont - ajout d'un avertissement lorsque la liste des interfaces VLAN contient des ports qui ne sont pas pontés ;
*) pont - apprentissage MAC fixe sur le port "switch-cpu" avec FastPath activé ;
*) pont - vieillissement BPDU MSTP fixe ;
*) pont - synchronisation MSTP fixe après une liaison interrompue ;
*) pont - empêche le pontage de l'interface VLAN créée sur le même pont ;
*) certificat - permet d'importer un certificat avec une contrainte de nom DNS ;
*) certificat - importation PEM fixe ;
*) certificat - lien CRL fixe du magasin de confiance s'il est généré sur une version plus ancienne (introduit dans la v7.7);
*) certificat - amélioration de la gestion des nouvelles tentatives de téléchargement CRL ;
*) certificat - suppression de la demande de propriété "passphrase" lors de l'importation ;
*) certificat - nécessite la présence d'une CRL lors de l'utilisation du paramètre "crl-use=yes" ;
*) certificat - RSA restauré avec prise en charge de SHA512 ;
*) conntrack - propriété "active-ipv4" fixe ;
*) console - ajout de la commande ":convert" ;
*) console - valeur par défaut ajoutée pour la commande "rndstr" (16 caractères de 0-9a-zA-Z) ;
*) console - date incorrecte fixe lors de l'impression d'une "liste de valeurs" avec plusieurs entrées ;
*) console - fautes de frappe mineures corrigées ;
*) console - correction du "parent" manquant pour les travaux de script (introduit dans la v7.9) ;
*) console - correction de la valeur de retour manquante pour la commande ping dans certains cas ;
*) console - intervalle d'impression fixe lors du redimensionnement du terminal ;
*) console - amélioration de l'impression des drapeaux dans certains menus ;
*) console - stabilité et réactivité améliorées ;
*) console - amélioration de la stabilité lors de l'annulation des actions de la console ;
*) console - amélioration de la stabilité lors de l'utilisation de l'éditeur plein écran ;
*) console - délai d'attente amélioré pour certaines commandes et menus ;
*) console - amélioration de la validation de l'argument VPLS "cisco-id" ;
*) conteneur - ajout du support IPv6 pour l'interface VETH ;
*) conteneur - option ajoutée pour utiliser les calques overlayfs ;
*) conteneur - ajustez la propriété des montages de volume qui se situent en dehors de la plage d'UID du conteneur ;
*) conteneur - nom d'image en double fixe ;
*) conteneur - adresse IP fixe dans le fichier hôte du conteneur ;
*) defconf - ne change pas le mot de passe administrateur en cas de réinitialisation avec "keep-users=yes" ;
*) dhcp-server - paramètre fixe "bootp-lease-time=lease-time" ;
*) découverte - "lldp-med-net-policy-vlan" corrigé (introduit dans la v7.8 );
*) dns - amélioration de la stabilité du système lors du traitement des entrées DNS statiques avec une liste d'adresses spécifiée ;
*) Ethernet - vitesses de liaison semi-duplex forcées fixes de 10/100 Mbps sur le périphérique CRS312 ;
*) Ethernet - stabilité d'interface améliorée pour le périphérique CRS312 ;
*) récupération - détection améliorée du délai d'attente ;
*) pare-feu - ajout d'un avertissement lorsque l'argument du diviseur PCC est inférieur au reste ;
*) pare-feu - mangle fixe "mark-connection" avec la règle "passthrough=yes" pour les paquets TCP RST ;
*) pare-feu - amélioration de la stabilité du système lors de l'utilisation de "endpoint-independent-nat" ;
*) graphique - prise en charge de la pagination ajoutée ;
*) santé - ajout d'un contrôle plus progressif des ventilateurs pour les appareils CRS3xx, CRS5xx, CCR2xxx ;
*) santé - exportation de la configuration fixe pour le menu "/system/health/settings" ;
*) hotspot - autoriser le numéro comme premier symbole dans le nom DNS du serveur Hotspot ;
*) ike1 - Phase 1 fixe lors de l'utilisation du mode d'échange agressif (introduit dans la v7.10) ;
*) ike2 - amélioration du processus de réponse de ressaisie SA ;
*) ike2 - amélioration de la stabilité du système lors de la fermeture de phase1 ;
*) ike2 - amélioration de la stabilité du système lors des modifications de configuration sur la configuration active ;
*) ike2 - journal "réponse ignorée" en tant que message de journal non débogué ;
*) ipsec - exportation de clé publique fixe (introduite dans la v7.10) ;
*) ipsec - authentification de signature fixe à l'aide du certificat secp521r1 (introduit dans la v7.10) ;
*) ipsec - processus de renouvellement de clés IKE2 amélioré ;
*) ipsec - vérifie correctement la validité de l'approbation ph2 lors de l'utilisation du mode d'échange IKE1 ;
*) l3hw - modification des valeurs minimales prises en charge pour les propriétés "neigh-discovery-interval" et "neigh-keepalive-interval" ;
*) l3hw - correction du déchargement des routes /32 et /128 après le changement de prochain saut ;
*) l3hw - correction de l'utilisation incorrecte de la source MAC pour l'interface de liaison déchargée ;
*) l3hw - amélioration de la réactivité du système lors d'un déchargement partiel ;
*) l3hw - amélioration de la stabilité du système lors du déchargement de la route IPv6 ;
*) l3hw - amélioration de la stabilité du système ;
*) led - LED utilisateur fixe configurée manuellement pour RB2011 ;
*) voyants - clignotent en rouge lorsque le système LTE n'est pas connecté au réseau sur les appareils D53 ;
*) leds - couleur fixe du système pour RAT "GSM EGPRS" sur les appareils D53 ;
*) lora - ajout d'un nouveau champ EUI ;
*) lora - option de filtrage des messages de liaison montante ajoutée à l'aide de NetID ou JoinEUI ;
*) lora - service LoRa déplacé vers le package IoT ;
*) lora - appliquez correctement les modifications de configuration lorsque plusieurs cartes LoRa sont utilisées ;
*) lora - micrologiciel LoRa mis à jour pour les cartes R11e-LR8, R11e-LR9 et R11e-LR2 ;
*) lte - ajout de la prise en charge "at-chat" pour le modem Dell DW5821e-eSIM ;
*) lte - ajout de la prise en charge "at-chat" pour le modem Dell DW5829 ;
*) lte - ajout du support "at-chat" pour le modem Fibocom L850-GL ;
*) lte - ajout du support "at-chat" pour le modem SIMCom 8202G ;
*) lte - ajout d'informations "bande" à la commande "monitor" pour les modems MBIM qui prennent en charge les rapports d'informations sur les cellules de service via MBIM ;
*) lte - ajout de la prise en charge étendue du modem Neoway N75 ;
*) lte - prise en charge fixe du Dell DW5221E "at-chat" ;
*) lte - correction du passage "down" de l'emplacement SIM mini LtAP par défaut à "up" après une mise à niveau (introduit dans v7.10beta1);
*) lte - rapports NR SINR fixes pour Chateau 5G ;
*) lte - sélection fixe du mode R11e-LTE, R11e-LTE6 legacy 2G/3G RAT ;
*) lte - prise en charge fixe de Telit LE910C4 "at-chat" ;
*) lte - amélioration du temps de démarrage initial de l'interface pour SXT LTE 3-7 ;
*) lte - amélioration de la stabilité du système lors du changement d'état "radio" pour les modems MBIM ;
*) lte - n'écoute que les paquets DHCP pour l'interface de passage LTE en mode automatique lors de la recherche de l'hôte ;
*) modem - ajout de la prise en charge initiale de la mise à jour du micrologiciel DFOTA du modem BG77 ;
*) modem - modification du portmap Quectel EC25 pour exposer DM (port diag), canal DM = 0, canal GPS = 1 ;
*) modem - correction du dernier symbole manquant de l'expéditeur dans la boîte de réception SMS si l'expéditeur est une chaîne alphabétique ;
*) mpls - amélioration des performances MPLS TCP ;
*) mqtt - ajout d'options de configuration de publication MQTT supplémentaires ;
*) mqtt - ajout d'une nouvelle fonctionnalité d'abonnement MQTT ;
*) netwatch - propriété "src-address" ajoutée ;
*) netwatch - changement de l'argument "thr-tcp-conn-time" en intervalle de temps ;
*) ovpn - n'essayez pas d'utiliser le paramètre "pont" de PPP/Profile, si le serveur OVPN est utilisé en mode IP (introduit dans v7.10) ;
*) ovpn - négociation fixe d'identifiant de pair de serveur OVPN ;
*) ovpn - délai d'attente de session fixe lors de l'utilisation du mode UDP ;
*) ovpn - processus de renégociation de clé amélioré ;
*) ovpn - inclut les paramètres "connect-retry 1" et "reneg-sec" dans le fichier d'exportation de configuration OVPN ;
*) ovpn - ferme correctement la session OVPN sur le serveur lorsque le client est déconnecté ;
*) package - traite les packages désactivés comme activés lors de la mise à niveau ;
*) poe - correction de la section de configuration PoE manquante dans des conditions spécifiques ;
*) poe-out - annonce LLDP power-mdi-long même si aucune allocation de puissance n'a été demandée (introduit dans v7.7);
*) pppoe - client PPPoE fixe essayant d'établir une connexion lorsque l'interface parent est inactive ;
*) profil - classificateur de processus "conteneur" ajouté ;
*) profil - classer correctement les processus liés à la "console" ;
*) qos-hw - conserve la priorité VLAN dans les paquets envoyés depuis le CPU ;
*) quickset - applique correctement la configuration lors de l'utilisation de la propriété "Plage de serveurs DHCP" ;
*) ressource - correction des valeurs d'utilisation du processeur erronées ;
*) rose-storage - ajout de la commande "scsi-scan" (CLI uniquement) ;
*) rose-storage - ajout de statistiques de disque pour les disques virtuels ;
*) rose-storage - création RAID 0 fixe ;
*) rose-storage - limite la taille des éléments RAID par bandes à la plus petite taille de disque ;
*) route - commentaire ajouté pour la configuration BFD (CLI uniquement) ;
*) route - convertit les temporisateurs BFD de millisecondes en microsecondes après la mise à niveau ;
*) routerboard - paramètre "gpio-function" fixe sur RBM33G ("/system routerboard upgrade" requis);
*) routerboard - amélioration de la stabilité de RouterBOOT pour les processeurs Alpine ("/mise à niveau de la carte de routage du système" requise);
*) routerboard - suppression du port série inutile pour les appareils netPower16P et hAP ax lite ("/mise à niveau du routeur du système" requise);
*) routerboot - augmentation du délai d'attente du bootp etherboot à 40 secondes sur les périphériques MIPSBE et MMIPS ("/mise à niveau de la carte de routage du système" requise);
*) sfp - lectures de température SFP optiques incorrectes corrigées (introduites dans la v7.10);
*) sfp - stabilité d'interface améliorée pour les commutateurs basés sur 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 ;
*) sfp - amélioration de la gestion de l'interface optique QSFP pour 98DX8332, 98DX3257, 98DX4310,
*) sfp - amélioration de la stabilité de l'interface Q/SFP pour les commutateurs 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 ;
*) sfp - réduit la charge CPU grâce à la gestion de l'interface SFP pour les appareils CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 (introduit dans la v7.9) *) sms -
temps d'attente accru pour le démarrage du modem ;
*) ssh - exportation de la clé publique de l'hôte fixe (introduite dans la v7.9) ;
*) ssh - importation de clé privée fixe (introduite dans la v7.9) ;
*) ssh - accord de clé SSH fixe côté client lorsque ed25519 est utilisé dans les paramètres du serveur ;
*) ssh - importation de clé privée RSA utilisateur fixe ;
*) switch - "reset-counters" fixe pour "switch-cpu" ;
*) commutateur - traitement de paquets BPDU fixe sur MT7621, MT7531 avec filtrage vlan déchargé HW ;
*) commutateur - transfert de paquets multidiffusion amélioré sur MT7621 ;
*) système - interdire la définition d'un numéro de cœur de processeur inexistant pour l'IRQ du système ;
*) système - augmentation du nombre maximal de cœurs de processeur pris en charge à 512 sur CHR et x86 ;
*) système - utilisation réduite de la RAM pour les appareils SMIPS ;
*) tftp - amélioration de la correspondance des noms de fichiers ;
*) utilisateur - exigence de politique "sensible" ajoutée pour l'exportation de clés et de certificats SSH ;
*) w60g - stabilité améliorée pour les appareils Cube 60Pro ac et CubeSA 60Pro ac ;
*) webfig - option ajoutée pour activer la vue large dans la liste des éléments ;
*) webfig - correction des modifications de configuration "Se connecter à" pour le client L2TP ;
*) webfig - police italique grisée fixe pour les entrées après activation ;
*) webfig - utilise le fuseau horaire du routeur pour la date et l'heure ;
*) wifiwave2 - ajout de paramètres de "direction" et d'un menu pour configurer et surveiller les groupes de voisins AP (CLI uniquement) ;
*) wifiwave2 - ajout de plus d'informations sur les candidats itinérants aux demandes de gestion de transition BSS (802.11v) et aux réponses de rapport de voisin (802.11k);
*) wifiwave2 - option ajoutée pour filtrer les trames capturées par la commande sniffer (CLI uniquement) ;
*) wifiwave2 - ajoute automatiquement des interfaces wifi au pont VLAN approprié lorsque des clients sans fil avec de nouveaux identifiants VLAN se connectent ;
*) wifiwave2 - modification du comportement par défaut pour la gestion des adresses MAC client en double, ajout de paramètres pour le modifier (CLI uniquement) ;
*) wifiwave2 - mise en cache PMK activée avec les types d'authentification EAP ;
*) wifiwave2 - informations "reg-info" fixes pour plusieurs pays ;
*) wifiwave2 - taux fixe "security.sae-max-failure" ne limitant pas correctement les authentifications dans certains cas ;
*) wifiwave2 - correction du nom commun CAPsMAN lors de la désactivation de "lock-to-caps-man" ;
*) wifiwave2 - l'interface fixe se bloque sur les cartes basées sur IPQ6010 (introduit dans la v7.9) ;
*) wifiwave2 - stabilité améliorée lors de la modification des paramètres d'interface ;
*) wifiwave2 - stabilité améliorée lors de la réception de trames d'authentification WPA3-PSK malformées ;
*) wifiwave2 - rendre le journal des informations moins détaillé pendant l'itinérance du client (certaines informations déplacées vers le sans fil, journal de débogage);
*) wifiwave2 - renommer l'argument pays "reg-info" de "Macédoine" en "Macédoine du Nord" ;
*) wifiwave2 - utilisez le code d'état correct lors du rejet de la réassociation WPA3-PSK ;
*) winbox - ajout de valeurs d'état manquantes pour Ethernet et test de câble ;
*) winbox - ajout d'un avertissement concernant la sonde non en cours d'exécution en raison d'un "retard de démarrage" ;
*) winbox - propriété "Storm Rate" fixe dans le menu "Switch/Port" ;
*) winbox - affichage fixe de l'affinité BGP ;
*) winbox - valeur fixe par défaut "Ingress Filtering" sous le menu "Bridge" ;
*) winbox - supout amélioré. affichage de la progression du rif ;
*) winbox - renommez la propriété "Group Master" en "Group Authority" dans le menu "Interface/VRRP" ;
*) wireguard - connexion homologue fixe utilisant le nom DNS lors du changement d'adresse IP ;
*) wireguard - utilisation fixe de l'"adresse autorisée" IPv6 ;
*) sans fil - ignorer les trames de déconnexion EAPOL ;
*) x86 - pilote e1000 mis à jour ;
-
What's new in 7.12 :
!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) health - removed "temperature" health entry from boards, where it was the same as "sfp-temperature";
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) api - fixed fetching objects with warning option from REST API;
*) bfd - fixed sessions when setting VRF;
*) bfd - improved system stability;
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed "input.filter-chain" argument selection in VPN configuration;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - fixed typos and missing spaces in log messages;
*) bgp - implemented IGP metric sending in BGP messages;
*) bgp - improved logging;
*) bgp - increase "hold-time" limit to 65000;
*) bluetooth - added basic support for connecting to BLE peripheral devices;
*) bluetooth - use "g" units when decoding MikroTik beacon acceleration on peripheral devices menu;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - allow to remove issued certificates when CRL is not used;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - fixed certificate auto renewal via SCEP;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - iavf updated driver to 4.9.1 version;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - added "transform" property for ":convert" command;
*) console - display "End-User License Agreement" prompt after configuration reset;
*) console - export required properties with default values;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved multi-argument property parsing into array;
*) console - improved randomness for ":rndstr" and ":rndnum" commands;
*) console - improved stability and responsiveness;
*) console - improved stability when editing long scripts;
*) console - improved stability when using "special-login";
*) console - improved system stability through RoMON session;
*) console - improved system stability when using autocomplete;
*) console - improved system stability;
*) console - restrict permissions to "read,write,reboot,ftp,romon,test" for scripts executed by DHCP, Hotspot, PPP and Traffic-Monitor services;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) email - rename "address" property to "server";
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) flash - show more accurate "total-hdd-space" resource property;
*) gps - expose GPS port for Quectel EM12-G (vendor-id="0x2c7c", device-id="0x0512");
*) ike1 - fixed invalid key length on phase1 negotiation;
*) ike1 - log an error when non-RSA keys are being used;
*) ike2 - improved rekey collision handling;
*) interface - added "macvlan" interface support;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) ipsec - fixed Diffie-Hellman public value encoding size;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipsec - fixed minor typo in logs;
*) ipsec - reduce disk writes when started without active configuration;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) l3hw - fixed IPv6 route suppression;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - prioritize local IP addresses over the respective /32 and /128 routes;
*) led - fixed "interface-status" configuration for virtual interfaces;
*) led - fixed 5G modem mobile network category LED colours;
*) leds - added "dark-mode" functionality for RBwAPG-5HacD2HnD;
*) leds - added "wireless-status" and "wireless-signal-strength" configuration types for wifiwave2 interfaces;
*) log - improved logging for user actions;
*) lora - added LNS protocol support;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - changed R11e-LTE ARP behavior to NoArp;
*) lte - fixed 5G data-class reporting for Chateau 5G;
*) lte - fixed APN authentification in multi APN setup for R11e-LTE6;
*) lte - fixed FG621-EA possible timeouts during firmware upgrade;
*) lte - fixed IPv6 prefix for MBIM modems in multi-apn setup when IPv6 APN used as not first APN;
*) lte - fixed RSSI for FG621-EA modem to show the correct value;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed Sierra modem initialization;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) lte - fixed sub-interface auto-removal in multiple APN setups;
*) lte - show correct data class when connected to 5G SA network;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) mpls - improved FastPath next-hop selection hash algorithm;
*) mqtt - added on-message feature for subscribed topics;
*) mqtt - added parallel-scripts-limit parameter to set maximum allowed number of scripts executed at the same time;
*) mqtt - added wildcard topic subscription support;
*) netinstall - added option to discard branding package;
*) netinstall - display package filename in GUI Description column if package description is not specified;
*) netinstall-cli - added empty configuration option "-e";
*) netinstall-cli - added option to discard branding package;
*) netinstall-cli - allow ".rsc" script filenames;
*) netinstall-cli - prioritise interface option over address option;
*) netinstall-cli - updated configuration option description;
*) netwatch - decreased "thr-tcp-conn-time" maximum limit to 30 seconds;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ospf - fixed OSPFv3 authentication header length calculation;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) ovpn - improved system stability;
*) pimsm - fixed BSR update process;
*) pimsm - fixed UIB update process;
*) pimsm - improved system stability;
*) poe-out - driver optimization for AF/AT controlled boards;
*) poe-out - fixed rare CRS328 poe-out menu and poe-out port config loss after reboot;
*) poe-out - improved "auto" mode for devices with single PoE-out port;
*) poe-out - removed "auto" mode support for L009 devices;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) qsfp - added 50Gbps rate support for QSFP28 interfaces;
*) qsfp - fixed incorrect QSFP temperature readings in negative temperature;
*) qsfp - improved auto link detection for AOC cables;
*) qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - added "single-process" configuration setting, enabled by default on devices with 64MB or less RAM memory;
*) route - added "suppress-hw-offload" setting for IPv6 routes;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) route - reverse community "delete" and "filter" command behavior;
*) routerboard - added "reset-button" support for RB800, RB1100 and RB1100AHx2 devices;
*) routerboard - fixed "reset-button" support for wAP ac and wAP R ac devices;
*) sfp - added 5Gbps rate for SFP+ interface on 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) sfp - fixed occasional bad EEPROM data reading for L009 devices;
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) sfp - improved system stability with certain modules for 98DX224S, 98DX226S, 98DX3236, 98DX8216 and 98DX8208 switch chips;
*) snmp - changed "mtxrGaugeValue" type to integer;
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) ssh - improved connection stability when pasting large chunks of text into console;
*) supout - added interface list members section;
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) switch - improved resource allocation for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) system - fixed process multithreading (introduced in v7.9);
*) system - improved system stability during booting for L009 devices;
*) system - improved system stability when MD5 checksums are used;
*) tftp - fixed empty file name matching;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) traffic-generator - fixed traffic-generator on CHR and x86;
*) usb - added support for RTL8153 USB ethernet on ARM, ARM64 and x86;
*) vrf - limit maximum VRFs to 1024;
*) vxlan - improved system stability for Tile devices;
*) webfig - fixed "Days" property configuration change under "IP/Firewall" menu;
*) webfig - fixed timezone for interface "Last Link Down/Up Time";
*) webfig - improved Webfig performance and responsiveness;
*) webfig - try to re-establish connection after disconnect;
*) wifiwave2 - added an alternative QoS priority assignment mechanism based on IP DSCP;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - added station-bridge interface mode;
*) wifiwave2 - correctly add interface to specified "datapath.interface-list";
*) wifiwave2 - do not show default "l2mtu" on compact export;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) wifiwave2 - fixed PTK renewal for interfaces in station mode;
*) wifiwave2 - fixed re-connection failures for 802.11ax interfaces in station mode;
*) wifiwave2 - fixed sniffer command not receiving any QoS null function frames when using 802.11ax radios;
*) wifiwave2 - fixed untagged VLAN 1 entry when using "vlan-id" setting together with vlan-filtering bridge;
*) wifiwave2 - fixed warning on CAP devices when radar detected;
*) wifiwave2 - implemented an option to transmit IP multicast packets as unicasts;
*) wifiwave2 - improved compliance with regulatory requirements;
*) wifiwave2 - limit L2MTU to 1560 until a fix is available for a bug causing interfaces to fail transmitting larger frames than that;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) wifiwave2 - log more information regarding authentication failures;
*) wifiwave2 - make 4-way handshake procedure more robust when acting as supplicant (client);
*) wifiwave2 - use CAPsMAN's "datapath.vlan-id" on CAP for bridge port "pvid";
*) winbox - added "Addresses" property under "Routing/BFD/Configuration" menu;
*) winbox - added "BUS" property for USB Power Reset button for LtAP-2HnD and CCR1072;
*) winbox - added "Comment" under "Routing/BFD/Configuration" menu;
*) winbox - added "g" flag under "IPv6/Routes" menu;
*) winbox - added "Host Key Type" setting under "IP/SSH" menu;
*) winbox - added "Key Owner" setting under "System/User/SSH Keys" and "System/User/SSH Private Keys" menus;
*) winbox - added "Name Format" property under "WifiWave2/Provisioning" menu;
*) winbox - added "Remote Min Tx" parameter under "Routing/BFD/Session" menu;
*) winbox - added "Startup Delay" setting under "Tools/Netwatch" menu;
*) winbox - added "USB" button under "System/RouterBOARD" menu for LtAP-2HnD;
*) winbox - added "Use BFD" setting under "Routing/RIP/Interface-Template" menu;
*) winbox - added Enable/Disable button under "Routing/RIP/Static Neighbors" menu;
*) winbox - added missing properties under "WifiWave2" menu;
*) winbox - added MQTT subscription menu;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) winbox - allow to specify server as DNS name under "Tools/Email" menu;
*) winbox - changed "MBR Partition Table" checkbox to unchecked by default under "System/Disks/Format-Drive" menu;
*) winbox - do not show "F" flag for disabled entries under "IP/Routes" menu;
*) winbox - fixed "Address" property under "WifiWave2/Remote-CAP" menu;
*) winbox - fixed "Do" property under "Routing/Filters/Select Rule" menu;
*) winbox - fixed "Group Key Update" maximum value under "WifiWave2/Security" menu;
*) winbox - fixed "Range" property under "Routing/Filters/Num Set" menu;
*) winbox - fixed "Switch" menu for CCR2004-16G-2S+;
*) winbox - fixed entry numbering and ordering under "WifiWave2/Provisioning" menu;
*) winbox - fixed minor typos;
*) winbox - improved support for certain properties under "WifiWave2/Interworking Profiles" menu;
*) winbox - rename "DSCP" setting to "DSCP (+ECN)" under "Tools/Traffic-Generator/Packet-Templates" menu;
*) winbox - rename "Name" setting to "List" under "IP,IPv6/Firewall/Address-List" menu;
*) winbox - rename "Password" button to "Change Now" under "System/Password" menu;
*) winbox - show "unknown" value for "FS" property under "System/Disks" menu if the data is not available;
*) wireguard - added "auto" and "none" parameter for "private-key" and "presharde-key" parameters;
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireguard - allow to specify client settings under peer menu which will be included in configuration file and QR code;
*) wireguard - request public or private key to be specified in order to create peer;
*) wireless - added more "radius-mac-format" options (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) www - fixed allowed address setting for REST API users;
*) www - fixed fragmented POST data for SCEP service;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
*) x86 - i40e updated driver to 2.23.17 version;
*) x86 - igb updated driver to 5.14.16 version;
*) x86 - igbvf updated driver from in-tree Linux kernel;
*) x86 - igc updated driver to 5.10.194 version;
*) x86 - ixgbe updated driver to 5.19.6 version;
*) x86 - Realtek r8169 updated driver;
*) x86 - updated latest available pci.ids;
-
What's new in 7.12 :
*) www - fixed allowed address setting for REST API users;
Cette version corrige une vulnérabilité au niveau de l’interface REST, qui permet de lancer des commandes même si ce ne pas permis au niveau du service (e.g. allowed-from).
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41570 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41570)
Dans tous les cas, c’est mieux de ne pas exposer les ports administration du router sur Internet.
-
Cette version corrige une vulnérabilité au niveau de l’interface REST, qui permet de lancer des commandes même si ce ne pas permis au niveau du service (e.g. allowed-from).
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41570 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41570)
Dans tous les cas, c’est mieux de ne pas exposer les ports administration du router sur Internet.
Mais quelle intention barbare...
-
Mais quelle intention barbare...
Oui, quelle idée bizarre tout de même :D
-
What's new in 7.12.1 (2023-Nov-17 13:38):
*) defconf - fixed bogus wifi password on certain Audience devices;
*) ipv6 - do not send out IPv6 RA deprecate message for re-used prefix;
*) ospf - fixed LSA Type3 advertisement for OSPFv2;
*) ppc - fixed RouterOS bootup (introduced in v7.12);
*) qsfp - fixed supported rates for breakout cables;
*) winbox - added missing arguments for "MAC Format" under "Wireless/Security Profiles/RADIUS" menu;
-
Bonjour à tous,
Nouveau propriété d'un mikrotik hex S que j'ai mis avec la dernière version, j'aimerai avoir votre avis concernant la gestion des VLAN.
Vaut-il mieux faire une gestion avec le bridge donc côté cpu ou plutôt sur le switch côté hardware ce qui est maintenant possible sur la version 7x?
Merci d'avance,
Très bonne journée à tous,
Damien T.
-
Par le switch, évidemment ;)
-
What's new in 7.13 (2023-Dec-14 09:24):
!) package - convert "wireless" and "wifi" packages automatically, if upgrading from v7.12;
!) wifi - split existing "wifiwave2" package into separate packages "wifi-qcom", "wifi-qcom-ac", and include required utilities for WiFi management into bundle;
!) wireless - separate "wireless" package from bundle and build as a standalone package;
*) bridge - added automatic "path-cost" values depending on interface rate;
*) bridge - added bridge interface property "port-cost-mode" with "short" and "long" arguments;
*) bridge - fixed bogus VLAN entries from wifi when vlan-filtering is not enabled;
*) bridge - improved HW offload enable;
*) bridge - improved host flush when removing VLAN on HW offloaded bridge;
*) bth - added "VPN Prefer Relay Code" option;
*) bth - improved automatic firewall rule generation process;
*) certificate - add support for multiple DNS names for Let's Encrypt;
*) certificate - added HTTP redirect support for CRL download;
*) certificate - added support for certificates with key size 16384;
*) certificate - fixed CRL updating;
*) certificate - fixed certificate auto renewal via SCEP when certificate contains "subject-alt-name";
*) certificate - improved CRL signature verification and download error messages;
*) certificate - improved initial certificate creation using SCEP;
*) certificate - use error topic for CRL update failures;
*) cloud - improved re-connect speed after network related connection errors;
*) console - added ":grep" command;
*) console - added ":onerror" command;
*) console - added ":serialize" and ":deserialize" commands for converting values to/from JSON; 8)
*) console - added "interface" name when printing "interface/pppoe-server" entries;
*) console - added "read" command under "file" menu;
*) console - added "where" functionality for "export" command;
*) console - added flags to "print" command with "value-list";
*) console - added interface helper for "gateway" property under "ip/route" menu;
*) console - added unset option for "ssid-regex" and "allow-signal-out-of-range" properties under "interface/wifi/access-list" menu;
*) console - clear console history when resetting configuration;
*) console - disallow setting existing "name" under "system/script" and "system/scheduler" menus;
*) console - fixed "export" boolean arguments when saving output to file using API;
*) console - fixed "interface/ethernet/switch/port-isolation" export;
*) console - fixed "on-event" argument highlighting under "system/scheduler" menu;
*) console - fixed graphic distortions in WinBox;
*) console - fixed issue where API incorrectly asks for missing arguments;
*) console - fixed printing to file using API;
*) console - ignore negative values for ":delay" command;
*) console - improved flag printing in certain menus;
*) console - improved stability when running "tool/ping" from API;
*) console - removed "route-cache" setting from "ip/settings" menu;
*) console - replace reserved characters in file and script names with underscores;
*) console - resolve "wifiwave2" directory to "wifi";
*) console - show "l2vpn-link" address family under "routing/route" menu;
*) console - use more compact login screen for empty branding;
*) defconf - expire password when reverting configuration;
*) defconf - fixed bogus wifi password on certain Audience devices;
*) defconf - fixed configuration for Audience with "wifi-qcom-ac" package;
*) defconf - fixed wireless band and channel-width selection (introduced in v7.12);
*) defconf - hide default configuration for users without "sensitive" policy;
*) defconf - improved wifi interface detection after upgrade;
*) defconf - updated configuration with new "wifi" directory;
*) defconf - use "WISP Bridge" default configuration mode for RBGrooveGA-52HPacn device;
*) defconf - use "fan-min-speed-percent=25" for CRS354-48P-4S+2Q+ device;
*) defconf - use device factory preset credentials when using CAPs mode;
*) defconf - use one SSID and enable FT when using "wifi" packages;
*) disk - fixed hang on reboot when network file systems mounted;
*) ethernet - improved packet CPU core classifier for Alpine CPUs for non IPv4/IPv6 traffic;
*) ethernet - improved system stability for L009 and hAP ax lite devices;
*) fetch - added "http-auth-scheme" parameter, allows to select HTTP basic or digest authentication;
*) fetch - added "http-content-encoding" setting;
*) fetch - added raw logging;
*) fetch - allow to receive HTTP response headers;
*) fetch - require "ftp" user policy;
*) firewall - added "nat-pmp" support;
*) firewall - added new IPv6 filter arguments "icmp-err-src-routing-header" and "icmp-headers-too-long" for "reject-with" setting;
*) firewall - do not mark all IPv6 GRE packets as invalid;
*) firewall - fixed IPv6 address-list timeout;
*) firewall - fixed altered address-list when upgrading from RouterOS v6;
*) firewall - fixed connections being tracked when tracking is disabled;
*) firewall - removed "prohibited" and "unreachable" IPv4 address-type arguments;
*) ftp - improved upload and download speeds;
*) health - dynamically add and remove invalid sensors (e.g. sfp-temperature);
*) hotspot - fixed incorrect host moving to VLAN 0 when receiving packets through bridge;
*) ike2 - fixed ike2 double reply;
*) iot - fixed incorrect LoRa ACK packet handling during downlink messaging (introduced in v7.12);
*) ipv6 - do not send out IPv6 RA deprecate message for re-used prefix;
*) isis - added IS-IS protocol support (CLI only);
*) l3hw - fixed routing for IPsec encapsulated packets;
*) leds - fixed LED indication in multi-APN setup for Chateau;
*) leds - improved LED indication during modem registration state for Chateau;
*) log - added "fetch" topic;
*) lora - added CUPs protocol support;
*) lora - fixed issue with lost LoRa configuration when rebooting the device;
*) lte - added RNDIS support for neoway N75-EA modem;
*) lte - added support for FOTA firmware upgrade from custom URL for R11eL-FG621-EA;
*) lte - disabled IMS service for Chateau 5G on A1 HR network;
*) lte - fixed rare cases where Chateau 5G in passthrough mode may stop forwarding packets;
*) lte - improved SIM slot status change notification handling for MBIM modems;
*) lte - replaced "passthrough-subnet-selection" with "passthrough-subnet-size" setting (CLI only);
*) lte - show each CA band in a new line;
*) mipsbe - improved system stability when removing USB devices;
*) mmips - properly mount and unmount USB devices;
*) modem - added option to read SMS using MBIM interface;
*) mpls - added "te-tunnel" property for VPLS monitor (CLI only);
*) mpls - fixed IPv6 RSVP-TE;
*) mpls - improved logging;
*) netinstall-cli - added more details to help messages;
*) ospf - fixed LSA Type3 advertisement for OSPFv2;
*) ospf - fixed missing OSPF interface on L2TP interface reconnect;
*) ospf - fixed missing opaque bit in opaque LSA;
*) ovpn - improved memory allocation during key-renegotiation;
*) ovpn - removed "ping-timer-rem" option from client config file;
*) package - added warning log about missing "wireless" or "wifi" package;
*) pimsm - improved elected BSR change;
*) poe-out - improved firmware upgrade stability for AF/AT controlled boards;
*) ppc - fixed RouterOS bootup (introduced in v7.12);
*) ppp - added remote-ipv6-prefix to IPv6 firewall address-list if "address-list" property is provided;
*) ppp - allow at-chat and info commands in "waiting for packets" state for modems with shared data/info channel;
*) ppp - improved IPv6 link-local address uniqueness;
*) pppoe-server - fixed connection count limit per license level;
*) profiler - improved "disk" and "supout.rif" classifiers;
*) qos-hw - added initial congestion avoidance support for 98DX224S, 98DX226S, and 98DX3236 switch chips (CLI only);
*) qsfp - added support for QSFP-to-SFP adapters;
*) qsfp - fixed supported rates for breakout cables (introduced in v7.12);
*) quickset - show DDNS name as VPN address for devices with new style serial number;
*) route-filter - improved performance;
*) sfp - added "1G-baseT" link mode for modules that supports "2.5G-baseT" mode;
*) sfp - allow 2.5G rates only in forced link mode;
*) sfp - fixed link establishment with S+DA0001 DAC cables;
*) sfp - ignore irrelevant extended compliance code for SFP modules;
*) sfp - improved SFP interface handling for 98DX224S, 98DX226S, 98DX3236, 98DX8208, and 98DX8216 switch chips;
*) sfp - improved link establishment for SFP copper modules;
*) sfp - improved link establishment with certain modules for hEX S device;
*) sfp - show 10M and 100M supported rates for RJ45 copper modules;
*) ssh - added cipher and hash function acceleration for ARM64 and x86 architectures;
*) ssh - fix error that caused large chunks of text not being pasted in their entirety into console;
*) supout - added VXLAN FDB section;
*) supout - added multiple WiFi sections;
*) switch - fixed service VLAN tagged IP multicast packets for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - added "rtrace" debugging tool (CLI only);
*) system - improved incoming and outgoing TCP connection performance;
*) system - improved internal process communication performance;
*) traffic-generator - improved system stability when modifying interfaces;
*) usb - added support for RTL8152 USB ethernet on ARM, ARM64 and x86;
*) vpls - improved performance when decapsulating data;
*) vrf - fixed ICMP reply lookup;
*) webfig - allow to display comments in multiline or compact modes;
*) webfig - make table headers always visible;
*) webfig - use local storage for user preferences;
*) wifi - added "flat-snoop" tool for surveying WiFi APs and stations (CLI only);
*) wifi - added "radio-mac" variable for "name-format" provisioning setting;
*) wifi - added "remove" command in "capsman/remote-cap" menu;
*) wifi - after radar detections, avoid selection of channels not permitted by the user;
*) wifi - changed CAPsMAN generated certificate common name;
*) wifi - create first interface without number when using "name-format" provisioning setting;
*) wifi - enable protected interworking ANQP responses;
*) wifi - fixed EAP authentication failures when the Session-Timout RADIUS attribute is defined;
*) wifi - fixed occasional failures to start on 20/40mhz-eC channels for 2.4GHz 802.11ax interfaces;
*) wifi - fixed overridden datapath settings on CAP when unsetting from CAPsMAN;
*) wifi - improved CAPsMAN stability during provisioning;
*) wifi - make slave APs use datapath bridge settings inherited from master by default;
*) wifi - removed "openflow-switch" setting;
*) wifi-qcom - added fast-path for received packets;
*) winbox - added "Hw. Offload" property under "IP/Firewall/Filter" menu;
*) winbox - added "Ping" button under "IP/DHCP Server/Leases" menu;
*) winbox - added "Tx bps" and "Rx bps" monitor values under "WiFi/Registration" menu;
*) winbox - added "none" argument for "Preshared Key" under "WireGuard/Peers" menu;
*) winbox - added icon to entries under "WiFi/Access List" menu;
*) winbox - added missing "qos-classifier" argument for "Hw. Caps" under "WiFi/Radios" menu;
*) winbox - added missing arguments for "MAC Format" under "Wireless/Security Profiles/RADIUS" menu;
*) winbox - allow opening entries under "WiFi/Registration" menu;
*) winbox - fixed default "Name Format" property under "WiFi/Provisioning" menu;
*) winbox - fixed minor typo under "Routing/BFD" menu;
*) winbox - improved connection speed;
*) winbox - updated "wireless" and "wifi" menus;
*) wireless - fixed "wlan1" default name for RBSXTsqG-5acD and RBLDFG-5acD;
*) wireless - fixed snooper information gathering from re-assocation requests;
*) wireless - keep configuration after manual package removal;
-
Merci @zoc, heureux de te croiser ici :D
-
On continue :)
What's new in 7.13.1 (2024-Jan-05 15:51):
*) bridge - fixed auto "path-cost" for bonding interfaces (introduced in v7.13);
*) console - updated copyright notice;
*) dns - fixed domain name lookup resolving for internal services;
*) fetch - do not require "content-length" for HTTP (introduced in v7.13);
*) fetch - fixed DNS resolving when domain has only AAAA entries (introduced in v7.13);
*) fetch - fixed fetch when using "src-path" with HTTP/HTTPS modes (introduced in v7.13);
*) fetch - fixed IPv4 address logging (introduced in v7.13);
*) fetch - improved file download stability with HTTP/HTTPS modes;
*) leds - do not show LTE connection state/mode using RGB power LED from configless LTE modems (introduced in v7.13);
*) leds - fixed wireless type of LED triggers for routers using WiFi package (introduced in v7.13);
*) lte - fixed support for config-less modem detection (introduced in v7.13);
*) lte - fixed USB mode switch and initialization race condition for configless USB modems;
*) modem - fixed SMS removal (introduced in v7.13);
*) port - fixed support for USB/serial adapters (introduced in v7.13);
*) switch - improved 100G interface stability for 98DX4310 and 98DX8525 switches;
*) switch - minimise potential packet overflows on CRS354;
*) system - improved system stability when processing packets in FastPath (introduced in v7.13);
*) timezone - updated timezone information from "tzdata2023d" release;
*) tr069 - fixed bandwidth test;
*) wifi - use "Latvia" as default value for "country" property;
*) winbox - renamed "Wireless Table" menu to "Wifi";
-
What's new in 7.13.2 (2024-Jan-12 11:51):
*) leds - fixed default LTE LED configuration for wAPR-2nD;
*) lte - fixed cases where FG621-EA modem could be missing signal information in "lte monitor" (introduced in v7.13);
*) routerboard - added "reset-button" support for RBwAPR-2nD device;
*) sfp - improved combo-sfp handling for CRS328-4C-20S-4S+;
*) sfp - improved link establishment for RB4011 devices;
*) vlan - fixed non-running VLAN interface after failed MTU change;
*) wifi - fixed issue with setting country profile (introduced in v7.13.1);
-
Nouveautés de la version 7.13.3 (2024-Jan-24 15:16) :
*) dns - correction d'un crash du service DNS lorsque DoH est utilisé (introduit dans la v7.13.1) ;
*) fetch - correction du fetch lors de l'utilisation de "src-path" en mode SFTP (introduit dans la v7.13) ;
*) fetch - logging moins verbeux (introduit dans la v7.13) ;
*) health - affichage de la tension lors de l'alimentation de KNOT R par Micro-USB ;
*) lte - correction de la prise en charge du modem Simcom dans la composition USB 0x9001 ;
*) lte - amélioration de la gestion de l'événement de déverrouillage du PIN SIM pour MBIM FG621-EA ;
*) poe-out - correction du "power-cycle" pour le dispositif CRS354-48P-4S+2Q+ (introduit dans la v7.13) ;
*) poe-out - amélioration de la fiabilité de la sortie PoE sur les routeurs avec une seule interface PoE out ;
*) sms - correction de la boîte de réception SMS pour le modem FG621-EA (introduit dans la version 7.13) ;
*) sms - correction de l'envoi de SMS depuis WinBox et WebFig (introduit dans la v7.13) ;
*) sms - amélioration de la stabilité du système lors de l'utilisation de SMS (introduit dans la v7.13) ;
*) système - fermeture correcte des connexions HTTP/S initiées par le routeur ;
*) tftp - amélioration du traitement des requêtes invalides ;
*) wifi-qcom - amélioration de la stabilité du système lors de l'utilisation de FastPath (introduit dans la version 7.13) ;
Traduit avec DeepL.com (version gratuite)
-
Page 1 mise à jour.
On ne peut que se féliciter de l'énergie déployée par Mikrotik pour faire progresser RouterOS.
Merci encore @zoc de suivre aussi assidûment.
-
Page 1 mise à jour.
On ne peut que se féliciter de l'énergie déployée par Mikrotik pour faire progresser RouterOS.
Merci encore @zoc de suivre aussi assidûment.
Ouaip enfin là plus de la moitié des "bugs" que corrige la v7.13.3, ce sont des bugs que Mikrotik a lui-même créé. Donc les félicitations...
Ils gagneraient à mettre des process de validation et des tests de non-régression, parce que là, ça fait vraiment pas sérieux.
-
Ouaip enfin là plus de la moitié des "bugs" que corrige la v7.13.3, ce sont des bugs que Mikrotik a lui-même créé. Donc les félicitations...
Ils gagneraient à mettre des process de validation et des tests de non-régression, parce que là, ça fait vraiment pas sérieux.
Tu utilises quel équipement Mikrotik ? Tu es impacté ?
-
Nouveautés de la version 7.13.4 (2024-Feb-07 11:59) :
*) bridge - éviter le vidage d'hôte par VLAN sur un pont déchargé HW (introduit dans la v7.13) ;
*) defconf - correction d'une règle de pare-feu pour IPv6 UDP traceroute ;
*) leds - correction de l'indication LED du modem pour SXT LTE 3-7 (introduit dans la version 7.13) ;
*) lte - correction de la prise en charge du modem Simcom dans les compositions USB 0x9000 ; 0x9002, 0x9002 ; 0x901a et 0x901b (introduit dans la v7.13) ;
*) ovpn - amélioration du système pour les compositions USB 0x9000 ; 0x9002 ; 0x901a et 0x901b ;
*) ovpn - amélioration de la stabilité du système lors de l'utilisation du cryptage HW sur les périphériques ARM64 (introduit dans la v7.13) ;
*) route-filter - correction de la correspondance des chemins AS lorsque des chaînes d'entrée et de sortie sont utilisées ;
Traduit avec DeepL.com (version gratuite)
-
Nouveautés de la version 7.13.5 (2024-Feb-16 19:35) :
*) bridge - correction de la connexion MLAG après l'interruption du peer-link (introduit dans la version 7.13) ;
*) bridge - correction de la transmission de paquets après avoir changé les paramètres de l'interface HW offloaded bridge dans certains cas (introduit dans la version 7.13) ;
*) dns - ne pas fermer la connexion avec le serveur DoH après l'exécution de la requête (introduit dans la version 7.13.3) ;
*) leds - force du signal modem fixe pour RBSXTR&R11e-LTE (introduit dans la v7.13) ;
*) sms - augmentation du délai de lecture des SMS ;
*) wifi-qcom - amélioration du processus d'allocation de mémoire ;
*) wifi-qcom - amélioration de la conformité réglementaire pour les appareils L11, L22 ;
*) wifi-qcom - amélioration de la stabilité du système pour les appareils L11, L22 ;
-
Le 1er post pèse 19994 caractères, pour une limite de base à 20.000, si une nouvelle mise à jour intervient, je ne pourrai pas l'ajouter ;D
-
Demande une 7.14 pour la prochaine ! :D
-
La 7.14 est en release candidate 2, donc ça ne devrait plus tarder.
-
7.14 disponible :D
What's new in 7.14 (2024-Feb-29 09:10):
!) rose-storage - moved SMB service to the RouterOS bundle;
!) smb - removed legacy SMB service (replaced with newer and faster ROSE SMB service, compatible with SMB 2.1, SMB 3.0 and SMB 3.1.1);
*) 6to4 - make "ipsec-secret" sensitive parameter;
*) api - improved REST API stability when processing invalid requests;
*) api - properly return SNMP OIDs when requested;
*) arm - improved system stability when using microSD on RB1100Dx4;
*) arp - added ARP status;
*) bgp - allow to leak routes between local VRFs;
*) bridge - added MLAG support for MSTP bridges;
*) bridge - avoid per-VLAN host flushing on HW offloaded bridge;
*) bridge - fixed auto "path-cost" for bonding interfaces (introduced in v7.13);
*) bridge - fixed MLAG connection after peer-link flap (introduced in v7.13);
*) bridge - fixed packet forwarding after changing HW offloaded bridge interface settings in certain cases (introduced in v7.13);
*) bridge - improved bridge VLAN configuration validation;
*) bridge - improved configuration speed on large VLAN setups;
*) bridge - improved protocol-mode MSTP functionality;
*) bridge - improved protocol-mode STP and RSTP functionality;
*) bridge - make "point-to-point=yes" default value for non-wireless bridge ports;
*) bridge - removed "mst-config-digest" from MSTI menu;
*) bridge - try to set wireless bridge ports as edge ports automatically;
*) bth - added simple "Back To Home Users" manager under IP/Cloud menu;
*) calea - improved system stability when adding bridge rule without "calea" package installed;
*) certificate - improved certificate validation performance;
*) console - added ":tolf" and ":tocrlf" commands for converting line break to/from LF or CRLF;
*) console - added "show-at-cli-login" option to display a note before telnet login;
*) console - added missing "where" clause for "/ipv6/firewall/filter" table print command;
*) console - do not accept negative or too large values for ":delay" command;
*) console - do not allow to use out-of-range values for time type fields;
*) console - fix configuration export when user does not have a "sniff" policy;
*) console - fixed delayed output from ":grep" command in certain cases;
*) console - fixed incorrect behavior of ":onerror" command in certain cases;
*) console - hint on reset command help that ".rsc file" is required for "run-after-reset" parameter;
*) console - improved editor functionality in full screen mode;
*) console - improved stability when using autocomplete with "export";
*) console - increased maximum file content length that can be managed through command line to 60 KB;
*) console - updated copyright notice;
*) container - improved VETH interface management responsiveness and reliability;
*) container - restrict "/container/shell" menu for users without "write" permissions;
*) defconf - added log about configuration reset due to pressed reset button;
*) defconf - fixed Audience scanning-for-wps-ap timeout;
*) defconf - fixed configuration script on KNOT devices if "ppp-out" interface is removed;
*) defconf - fixed firewall rule for IPv6 UDP traceroute;
*) defconf - fixed wifi configuration if interface MAC address is changed;
*) defconf - improved wifi interface detection after upgrade;
*) defconf - increased LTE interface wait time;
*) defconf - updated health settings on configuration revert;
*) defconf - use "fq_codel" queue as default interface queue for wired ports on LTE devices;
*) dhcpv6-client - install dynamic IPv6 blackhole routes in corresponding routing-table;
*) dhcpv6-client - updated error logging when multiple prefixes received on renew;
*) disk - added exFAT and NTFS mount/read/write support;
*) disk - added global disk "settings" menu;
*) disk - fixed changing settings on some GPT formatted disks;
*) disk - properly unmount disk when it is disconnected;
*) dns - do not add new entries to cache if "cache-size" is reached;
*) dns - fixed domain name lookup resolving for internal services;
*) ethernet - fixed issue with default interface names for CRS310-8G+2S+ in rare cases;
*) ethernet - improved cable-test reliability for hAP ax3 PoE out port;
*) ethernet - resolved minor memory leak while processing packets;
*) fetch - added "head" option for "http-method";
*) fetch - added "patch" option for "http-method";
*) fetch - allow specifying link-local address in FTP mode;
*) fetch - allow to use certificate and check-certificate parameters only in HTTPS mode;
*) fetch - do not require "content-length" for HTTP (introduced in v7.13);
*) fetch - fixed DNS resolving when domain has only AAAA entries (introduced in v7.13);
*) fetch - fixed fetch execution when unexpected data is received in HTTP payload;
*) fetch - fixed fetch when using "src-path" with HTTP/HTTPS modes (introduced in v7.13);
*) fetch - fixed fetch when using "src-path" with SFTP mode (introduced in v7.13);
*) fetch - fixed incorrect "src-path" error message when "upload=yes";
*) fetch - fixed IPv4 address logging (introduced in v7.13);
*) fetch - improved fetch stability in SFTP mode;
*) fetch - improved file download stability with HTTP/HTTPS modes;
*) fetch - less verbose logging;
*) fetch - print all "Set-Cookies" headers in response;
*) fetch - treat any 2xx HTTP return code as success (introduced in v7.13);
*) filesystem - improved filesystem integrity for several RB3011 units with automatic firmware upgrade;
*) firewall - added "creation-time" parameter for IPv6 address list entries;
*) firewall - fixed underlying CAPsMAN tunnel reusing packet marks of encapsulated packets;
*) firewall - fixed underlying VXLAN/EoIP tunnel reusing packet marks of encapsulated packets;
*) firewall - increased default "udp-timeout" value from 10s to 30s;
*) health - added limited manual control over fans for CCR1016r2, CCR1036r2 devices;
*) health - changed default "fan-min-speed-percent" from 0% to 12%;
*) health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
*) health - show voltage when powering KNOT R through Micro-USB;
*) health - updated health properties for CCR1016r2, CCR1036r2 devices;
*) iot - added bluetooth whitelist wildcard asterisk support;
*) iot - added LoRa CUPs protocol support;
*) iot - fixed modbus partial frame reception issue;
*) iot - improved LoRa LNS;
*) iot - improved modbus Tx/Rx switching behaviour;
*) iot - improvements to GPIO behavior on boot;
*) iot - improvements to LoRa CUPS;
*) iot - removed bluetooth whitelist maximum entry limit of 8;
*) ipv6 - made "valid" and "lifetime" parameters dynamic for SLAAC IPv6 addresses;
*) isis - show passive interface active levels;
*) l3hw - fixed IPv6 host offloading in certain cases;
*) l3hw - fixed neighbor offloading after link flap;
*) l3hw - preserve offloading for VLANs when bridge ports are down;
*) leds - added "dark-mode" functionality for hAP ax3 and Chateau ax series devices;
*) leds - do not show LTE connection state/mode using RGB power LED from configless LTE modems;
*) leds - fixed "type=on" LED behaviour after reboot;
*) leds - fixed default LTE LED configuration for wAPR-2nD;
*) leds - fixed modem LED indication for SXT LTE 3-7;
*) leds - fixed wireless type of LED triggers for routers using WiFi package;
*) lte - added "at-chat" support for Sierra Wireless EM9293 5G modem;
*) lte - added AT channel support for Quectel EM120K-GL modem;
*) lte - added redial timer when the MBIM modem fails to register or does not receive APN activation notification;
*) lte - don't duplicate primary band in 5G SA mode for chateau 5G;
*) lte - fixed "use-peer-dns" setting for EC200A modem;
*) lte - fixed an issue for EC200A modem that IPv6 address could be added as IPv4 address;
*) lte - fixed APN authentication for FG621-EA modem;
*) lte - fixed MBIM interface enabling for Quectel EC25 modem (introduced in v7.13);
*) lte - fixed Simcom modem support in 0x9000; 0x9002, 0x9002; 0x901a and 0x901b USB compositions;
*) lte - fixed Simcom modem support in 0x9001 USB composition;
*) lte - fixed support for config-less modem detection (introduced in v7.13);
*) lte - fixed USB mode switch and initialization race condition for configless USB modems;
*) lte - improved FG621-EA modem firmware upgrade;
*) lte - improved modem recovery after failed IPv4 configuration;
*) lte - improved support for "ACER" and "MSFT" branded EM12-G modems;
*) lte - optimized "at-chat" response reading;
*) lte - refactored AT command control for AT modems;
*) modem - fixed SMS removal (introduced in v7.13);
*) modem - improved stability when performing modem FOTA upgrade;
*) mpls - fixed VPN fragmentation when forwarding IP traffic;
*) netinstall-cli - check package and device architecture before formatting;
*) ovpn - added support for pushing routes;
*) ovpn - improved "push-routes" option handling when large amount of routes is specified;
*) ovpn - improved key-renegotiation process;
*) ovpn - improved OVPN configuration file import process;
*) ovpn - improved system stability when using HW encryption on ARM64 devices (introduced in v7.13);
*) ovpn - limit the maximum length for "push-routes" up to 1400 characters;
*) package - added "size" property;
*) package - reduced "wireless" package size for ARM, ARM64, MIPSBE, MMIPS devices;
*) package - reduced package size for SMIPS;
*) poe-out - driver optimization for AF/AT controlled boards;
*) poe-out - fixed "power-cycle" for CRS354-48P-4S+2Q+ device (introduced in v7.13);
*) poe-out - improved 802.3at classification and measurement accuracy;
*) poe-out - improved cable test for hAP ac3 and hAP ax3 devices;
*) poe-out - improved PoE out reliability on routers with a single PoE out interface;
*) port - fixed support for USB/serial adapters (introduced in v7.13);
*) port - removed bogus serial port on RB750Gr3, RB760iGS and RBM11G devices;
*) ppp - added support for "WISPr-Session-Terminate-Time" RADIUS attribute;
*) ppp - log an error when IPv6 DHCP pool is exhausted;
*) ptp - added "aes67" and "smpte" profiles;
*) ptp - added configurable "domain" and "priority2" parameters;
*) ptp - added support for Management message forwarding in BC;
*) ptp - fixed "default" and "g8275.1" profiles go into "slave" instead of "uncalibrated" state;
*) ptp - fixed default values for "802.1as" profile;
*) ptp - fixed flags in Announce message;
*) ptp - fixed potential error in packet exchange;
*) ptp - make clock go into grandmaster state if slave port goes down;
*) qos-hw - fixed "tx-queue7-packet" counter;
*) route - fixed gateways of locally imported vpnv4 routes;
*) route - improved route print "count-only" process speed;
*) route - improved stability on route table lookup;
*) route-filter - added option to set "isis-ext-metric";
*) route-filter - fixed AS path matchers when input and output chains are used;
*) routerboard - added "reset-button" support for RBwAPR-2nD device;
*) sfp - added support for modules requiring single byte I2C read transactions;
*) sfp - fixed corrupted Tx traffic at 10Gbps rate on CCR2004-16G-2S+ in rare cases;
*) sfp - fixed corrupted Tx traffic at 10Gbps rate on RB4011 in rare cases;
*) sfp - improve high-power SFP module initialization;
*) sfp - improved combo-sfp handling for CRS328-4C-20S-4S+;
*) sfp - improved link establishment for RB4011 devices;
*) smb - added option to specify SMB service mode as "auto";
*) sms - fixed SMS inbox for FG621-EA modem (introduced in v7.13);
*) sms - fixed SMS sending from WinBox and WebFig (introduced in v7.13);
*) sms - improved system stability when working with SMS;
*) sms - increased SMS read timeout;
*) snmp - added "bgpLocalAs" and "bgpIdentifier" OID reporting;
*) snmp - fixed "bgpPeerFsmEstablishedTime" OID reporting;
*) snmp - hide "MikroTik" in LLDP MIB when branding with hide SNMP option is used;
*) snmp - updated timeout log;
*) ssh - improved SSH performance on ARM, MIPS, MMIPS, SMIPS and TILE devices;
*) ssh - refactored SSH service internal processes;
*) sstp - added support for "aes256-gcm-sha384" encryption;
*) sstp - improved system stability for PPC devices;
*) supout - added PTP section;
*) switch - fixed Ethernet disable/enable for CRS310-8G+2S+ devices;
*) switch - fixed reserved multicast receive on Atheros-8327, QCA8337 switches for R/STP bridge;
*) switch - improved 100G interface stability for 98DX4310 and 98DX8525 switches;
*) switch - minimise potential packet overflows on CRS354;
*) system - changed build time format according to ISO standard;
*) system - expose "lo" and "vrf" interfaces;
*) system - fixed "cpu-frequency" for CRS3xx ARM devices;
*) system - improved memory allocation for ARM64 devices;
*) system - improved RAM allocation for L009UiGS-RM;
*) system - improved system stability when processing packets in FastPath (introduced in v7.13);
*) system - properly assign destination port for HTTP/S connections initiated by the router (introduced in v7.13);
*) system - properly close HTTP/S connections initiated by the router;
*) system - provide more precise "total-memory" value for ARM devices;
*) system - provide more precise "total-memory" value under "System/Resources" menu for L009 and hAP ax lite routers;
*) tftp - improved invalid request processing;
*) timezone - updated timezone information from "tzdata2023d" release;
*) tr069 - don't duplicate cellular info in "X_MIKROTIK_5G" nodes when connected in NR SA mode;
*) tr069 - fixed bandwidth test;
*) tr069-client - show 5G signal info in X_MIKROTIK_5G nodes only for 5G NSA bands;
*) traffic-flow - use 64bit counters for v9 and IPFIX flows;
*) traffic-generator - improved system stability when receiving bogus traffic;
*) usb - show "Supermicro CDC" adapter as Ethernet interface;
*) vlan - fixed non-running VLAN interface after failed MTU change;
*) vrf - prevent VRF interface name collision with interface lists;
*) vxlan - fixed underlying tunnel reusing routing marks of encapsulated packets;
*) webfig - fixed routing table filter under "IP/Routes" menu;
*) webfig - fixed setting the user's password;
*) webfig - fixed showing WireGuard peers;
*) webfig - improved stability when adding new entries under "IP/Routes" menu;
*) wifi - added "station-pseudobridge" interface mode;
*) wifi - fixed issue with setting country profile (introduced in v7.13.1);
*) wifi - improved handling of CAP connections in dual CAPsMAN scenario;
*) wifi - increased value for SAE retransmit period to 3s to improve WPA3 compatibility with IoT client devices;
*) wifi - use "Latvia" as the default value for "country" property;
*) wifi - use correct CAP identity for interface name provisioning after it has been changed by remote-cap/set-identity;
*) wifi-qcom - enable display of regulatory information on L11,L22 devices;
*) wifi-qcom - fixed new connections, when maximum supported number of MAC addresses behind connected station-bridges is reached;
*) wifi-qcom - improve system stability for L11, L22 devices;
*) wifi-qcom - improved memory allocating process;
*) wifi-qcom - improved regulatory compliance for L11, L22 devices;
*) wifi-qcom - improved system stability when using FastPath (introduced in v7.13);
*) winbox - added "accept-protocol-version" parameter to the L2TP server settings;
*) winbox - added "mode-button" and "switch" menus for L41G-2axD&FG621-EA;
*) winbox - added "Name" parameter under "Tools/Netwatch" menu;
*) winbox - added "page-refresh" setting to the Graphing settings;
*) winbox - added "Port Cost Mode" setting under "Bridge" menu;
*) winbox - added "VRF" parameter under "Tools/Ping" menu;
*) winbox - added "x25519" argument for "DH Group" parameter under "IP/IPsec/Profiles" menu;
*) winbox - added missing "Protocol" arguments under "IPv6/Firewall" menu;
*) winbox - added missing monitoring properties under "WireGuard/Peers" menu;
*) winbox - added Preboot Etherboot settings to the System/RouterBOARD/Settings menu;
*) winbox - do not show USB settings for CRS devices that does not need it;
*) winbox - fixed "Bridge Cost" range under "Interfaces/VPLS" menu;
*) winbox - fixed "Password" button under "Quick Set" menu;
*) winbox - improved connection speed and reliability;
*) winbox - improved route table automatic refresh process for static routes;
*) winbox - improved status values under "System/PTP" menu;
*) winbox - improved system stability with large packets;
*) winbox - include "te-tunnel" parameter in VPLS interface monitor;
*) winbox - properly validate "passthrough-subnet-size" in the LTE APN settings;
*) winbox - remove "Root Bridge ID" property under "Bridge/MSTIs" menu;
*) winbox - removed "sfp all" option from combo port settings;
*) winbox - renamed "Wireless Table" menu to "Wifi";
*) winbox - show "routing-table" column under IP/Route menu by default;
*) winbox - show all columns under "Routing/PIM SM/Static RP" menu by default;
*) wireguard - do not allow to use multiple WireGuard interfaces on the same "listen-port";
*) wireguard - optimised and improved WireGuard service logging;
*) x86 - fixed VLAN tagged packet transmit for igb (introduced in v7.12);
-
Merci tous de suivre.
Change log en VO pour la v7.14, car il pèse plus de 20000 caractères en français.
-
Nouveautés de la version 7.14.1 (2024-Mar-08 14:50) :
*) bgp-vpn - utilisation de l'interface VRF comme passerelle pour les routes connectées fuitées ;
*) chr - correction de l'absence d'ethernet dans Xen et Vultr (introduit dans la v7.14) ;
*) chr - correction de faux messages imprimés lors du démarrage du système (introduit dans la v7.14) ;
*) console - correction de l'implémentation do/while ne fonctionnant pas avec les variables (introduit dans la v7.14) ;
*) ethernet - correction des noms par défaut pour le périphérique CRS310-8G+2S+ (introduit dans la version 7.14) ;
*) lte - correction du modem R11e-LTE-US dial-up ;
*) sfp - amélioration de la stabilité du système pour CR2004-1G-2XS-PCIe (introduit dans la v7.14) ;
*) vrf - correction des interfaces VRF déplacées vers la table principale après le redémarrage (introduit dans la v7.14) ;
*) wireguard - ne pas essayer de se connecter à un pair sans adresse de fin spécifiée ;
Traduit avec DeepL.com (version gratuite)
-
Nouveautés de la version 7.14.2 (2024-Mar-27 09:48) :
*) defconf - ne pas surcharger le temps de location du serveur DHCP par défaut ;
*) defconf - fixe la largeur du canal 5ghz-ax pour les appareils L11, L22 ;
*) ethernet - désactivation de l'interface pour CRS326-4C+20G+2Q ;
*) ethernet - amélioration de la fonctionnalité de rétrogradation de la vitesse du port pour CRS326-4C+20G+2Q ; *) leds - correction des LEDs pour CRS326-4C+20G+2Q ;
*) leds - correction des LEDs pour le dispositif L22 ;
*) lte - correction du problème de mise à jour du firmware non trouvé pour Chateau LTE12 (introduit dans la v7.14.1) ;
*) ssh - nécessite la politique d'utilisateur "policy" lors de l'ajout d'une clé publique ;
*) timezone - mise à jour des informations sur les fuseaux horaires à partir de la version "tzdata2024a" ;
*) traffic-flow - amélioration de la stabilité du système ;
*) vrf - correction des interfaces VRF déplacées vers la table principale après le redémarrage (introduit dans la version 7.14) ;
*) wifi-qcom - ajout du paramètre configuration.distance pour permettre le fonctionnement sur des distances de plusieurs kilomètres (CLI uniquement) ;
Traduit avec DeepL.com (version gratuite)
-
Je ne suis pas sûr que Deepl.com traduise correctement, et à mon avis il vaut mieux la version originale en anglais :
*) defconf - do not override default DHCP server lease time;
*) defconf - fixed 5ghz-ax channel width for L11, L22 devices;
*) ethernet - fixed interface disable for CRS326-4C+20G+2Q;
*) ethernet - improved port speed downshift functionality for CRS326-4C+20G+2Q;
*) leds - fixed LEDs for L22 device;
*) lte - fixed firmware upgrade not found issue for Chateau LTE12 (introduced in v7.14.1);
*) ssh - require "policy" user policy when adding public key;
*) timezone - updated timezone information from "tzdata2024a" release;
*) traffic-flow - improved system stability;
*) vrf - fixed VRF interfaces being moved to main table after reboot (introduced in v7.14);
*) wifi-qcom - added configuration.distance setting to enable operation over multi-kilometer distances (CLI only);
https://mikrotik.com/download/changelogs
-
Merci @Zoc
Exceptionnellement, je ne peux pas mettre à jour le post N°1 car le contenu dépasse la capacité max des contributions.
-
Avec un peu de retard (et en anglais car finalement plus lisible).
What's new in 7.14.3 (2024-Apr-17 15:47):
*) bgp - correctly synchronize input.accept-nlri address list;
*) bridge - use default "edge=auto" for dynamically bridged interfaces (PPP, VPLS, WDS);
*) disk - improved system stability;
*) fetch - fixed slow throughput due to "raw" logging which occurred even when not listening to the topic (introduced in v7.13);
*) queue - improved system stability (introduced in v7.6);
*) wifi-qcom - added configuration.distance setting to enable operation over multi-kilometer distances (CLI only);
-
Cette version 7.14.3 règle les problèmes avec les queues CAKE et FQ CoDEL
-
7.15 dispo depuis ce jour
-
Le changelog...
What's new in 7.15 (2024-May-29 15:44):
!) system - added support for AMPERE (R) and ARM64 CHR installations (new ARM64 CHR image available);
!) system - added support for AMPERE (R) hardware (new ARM64 ISO file, new ARM64 extra-nics.npk package);
*) bgp - added initial vpnv6 support;
*) bgp - correctly synchronize input.accept-nlri address list;
*) bgp - fixed prefix count when BGP sessions run with multiple AFIs;
*) bgp - fixed selecting local.default-address from wrong VRF;
*) bgp - use IPv6 as default address-family for IPv6 sessions;
*) bgp-vpn - use VRF interface as gateway for leaked connected routes;
*) branding - added option to hide default configuration prompt;
*) branding - added option to hide or replace default caps-mode-script;
*) bridge - added error message if MLAG peer-port is configured with "mlag-id";
*) bridge - added MLAG peer-port events to logs;
*) bridge - added MVRP support;
*) bridge - do not allow multiple bonds with same "mlag-id";
*) bridge - improved protocol-mode STP, RSTP and MSTP stability;
*) bridge - rename monitor property "path-cost" to "actual-path-cost";
*) bridge - reworked dynamic VLAN creation;
*) bridge - use default "edge=auto" for dynamically bridged interfaces (PPP, VPLS, WDS);
*) certificate - added support for different ACME servers for ssl-certificate (CLI only);
*) certificate - added support for importing pbes2 encrypted private keys with aes128;
*) certificate - added trusted parameter for certificate import;
*) certificate - allow replacing certificate with internal import;
*) certificate - delete certificate related files automatically from storage after import;
*) certificate - improved RSA key signature processing speed;
*) chr - allow to "generate-new-id" only while CHR is running on level "free" license;
*) chr - fixed bogus messages printed out while booting up the system (introduced in v7.14);
*) chr - fixed Xen and Vultr missing ethernet (introduced in v7.14);
*) console - added "byte-array" option to ":convert" command;
*) console - added "proplist" parameter to interactive commands;
*) console - added "rows" property for sniffer quick mode;
*) console - added "sanitize-names" property under "/console/settings" menu (option for replacing reserved characters with underscores for files, disabled by default);
*) console - added "type" parameter to ":resolve" command;
*) console - added "use-script-permissions" option when running scripts from CLI;
*) console - added hotkey "F8" to print entire multiline input;
*) console - added link from "/iot/lora" to "/lora";
*) console - added log for script execution failures;
*) console - added multi-line print in "/file" menu;
*) console - added option to get "about" value (dynamically created text field by RouterOS services like CAPsMAN);
*) console - added option to read and change file line endings in full-screen editor;
*) console - added warning log for modified filenames due to reserved characters;
*) console - covert spaces, CR, LF in ":convert to=url" command;
*) console - do not convert string to array in ":deserialize" command;
*) console - fixed ":onerror" behavior when "do" block is missing;
*) console - fixed "export where" functionality in certain menus;
*) console - fixed console prompt when entering hot lock mode with "F7";
*) console - fixed DHCP server "authoritative=no" configuration export;
*) console - fixed do/while implementation not working with variables (introduced in v7.14);
*) console - fixed filtering by "dhcp" flag in "/ip/arp" menu;
*) console - fixed multiple typos in help;
*) console - improved stability;
*) console - optimized configuration export to prevent startup of processes without any configuration;
*) console - remove unnecessary serial ports for Alpine CPUs;
*) console - show system note before serial login if enabled;
*) console - use user permissions when running scripts from WinBox and WebFig;
*) container - do not allow negative number for "ram-high" setting;
*) defconf - do not override default DHCP server lease time;
*) defconf - fixed 5ghz-ax channel width for L11, L22 devices;
*) defconf - fixed unknown topics in log messages;
*) defconf - minor configuration script updates;
*) dhcpv4-relay - added VRF support;
*) discovery - added LLDP MAC/PHY Configuration/Status TLV support;
*) discovery - added LLDP Maximum Frame Size TLV support;
*) discovery - added LLDP Port Description TLV support;
*) discovery - advertise only physical interface name for LLDP PortID TLV;
*) discovery - always send LLDP MED Power TLV if MED was received;
*) discovery - fixed high CPU utilization when "tx-only" mode is set;
*) discovery - optimized LLDP information update;
*) disk - added option to auto configure media sharing;
*) disk - added support for formatting exfat file-system;
*) disk - improved support for file systems with non-ascii characters in file names;
*) disk - improved support for formatting ext4 file-system;
*) disk - improved system stability when adding partition with no parent;
*) disk - improved system stability;
*) disk - the "scan" command will now detect and include USB drives that were previously ejected;
*) dns - added support for "adlist";
*) dns - added VRF support;
*) dns - improved system stability when caching entries;
*) eap - improved eap-peap, eap-mschap2 client authentication (dot1x/wireless/ipsec);
*) ethernet - fixed default names for CRS310-8G+2S+ device (introduced in v7.14);
*) ethernet - fixed interface disable for CRS326-4C+20G+2Q;
*) ethernet - fixed management port disable/enable on CCR2004-1G-12S+2XS, CCR2004-1G-2XS-PCIe, CCR2216, CCR2116 devices;
*) ethernet - improved port speed downshift functionality for CRS326-4C+20G+2Q;
*) fetch - added "idle-timeout" parameter;
*) fetch - changed topic "info" to "error" for permission denied logs;
*) fetch - fixed slow throughput due to "raw" logging which occurred even when not listening to the topic (introduced in v7.13);
*) file - allow adding and renaming files and directories;
*) file - avoid refreshing whole file system during file modification;
*) file - improved external storage detection;
*) health - added "cpu-temperature" for IPQ50xx devices;
*) health - added log for fan state changes on CRS3xx, CRS5xx, CCR2xxx, CCR1016r2, CCR1036r2 devices;
*) health - fixed fan behavior for CRS310-1G-5S-4S+ (introduced in v7.14);
*) health - fixed rogue voltage on CRS510-8XS-2XQ-IN;
*) install - cdrom and hdd install images contain additional packages that can be interactively selected;
*) ipv6 - properly initialize default ND "interface=all" entry;
*) leds - fixed LEDs for L22 device;
*) lora - removed LoRa WinBox and console functionality duplication (moved to IoT package since v7.11);
*) lte - added "at-chat" support for DELL T99W175 (PID: 0x05c6 VID: 0x90d5);
*) lte - added support for concatenated AT commands in "modem-init" string;
*) lte - added support to set "modem-init" string for "dialer-less" modems;
*) lte - apply the same configuration for Microsoft branded EM12-G modem (Surface Mobile Broadband) as for Quectel EM12-G;
*) lte - do not show persistent interfaces for multi-apn slave interfaces;
*) lte - dropped support for R11e-LTE-US FOTA firmware update;
*) lte - fixed R11e-LTE-US modem dial-up;
*) lte - fixed situation where link is not restored after Quectel MBIM modem firmware update;
*) lte - improved FG621-EA modem APN authentication;
*) lte - make interface persistent (unused interface configs can be removed, allow to export and examine current configuration without the device present);
*) lte - removed 2 APN restriction for RG520F-EU modem;
*) lte - use the correct network interface for multi-interface LTE modems;
*) media - added support for DLNA;
*) metarouter - removed support;
*) modem - send APN authentication for BG77 modem also if ppp-client interface created manually;
*) netinstall - improved stability;
*) netinstall-cli - fixed incorrect server address assignment (introduced in v7.14);
*) ovpn - fixed import ovpn config when remote port is missing;
*) ovpn - fixed minor typo in error message;
*) poe-out - added LLDP power management support for devices with single PoE-out port;
*) poe-out - fixed powering devices if input voltage is lower than 12V for hEX PoE (introduced in v7.9);
*) poe-out - improved firmware upgrade stability for AF/AT controlled boards;
*) poe-out - moved "PoE LLDP" property from "/interface/ethernet/poe" to "/ip/neighbor/discovery-settings" and enable it by default;
*) ppp - added "enable-ipv6-accounting" option under PPP AAA menu (CLI only);
*) ppp - added log when disconnecting a client due to "WISPr-Session-Terminate-Time" RADIUS attribute;
*) ppp - allow underscores in domain names;
*) ppp - enabled monitoring of registration state, RSRP, RSRQ, SINR, PCI, CellID for BG77 modem;
*) ppp - fixed "Framed-IPv6-Pool" usage when received from RADIUS;
*) ppp - fixed "on-down" script running even when tunnel was not up;
*) profiler - added "neighbor-discovery" task;
*) ptp - added PTP support for CCR2116 device;
*) qos-hw - added "offline" tx-manager (CLI only);
*) qos-hw - added "profile" and "map" support for CPU port;
*) qos-hw - added congestion avoidance support for 98DX8xxx, 98DX4xxx, 98DX325x switch chips (CLI only);
*) qos-hw - added ECN marking support for compatible switches;
*) qos-hw - added per-queue traffic shapers (CLI only);
*) qos-hw - added Priority Flow Control for compatible switches (CLI only);
*) qos-hw - added support for QoS profile assignment via ACL rules;
*) qos-hw - added WRED support for compatible switches;
*) qos-hw - fixed port "print stats/usage" when using "from" property;
*) qos-hw - replaced buffer with bytes in QoS monitor;
*) queue - improved system stability (introduced in v7.6);
*) quickset - only show LTE mode for devices without other wireless interfaces;
*) radius - added "require-message-auth" option that requires "Message-Authenticator" in received Access-Accept/Challenge/Reject messages;
*) radius - include "Message-Authenticator" in any RADIUS communication messages besides accounting for all services;
*) route - do not allow routes with empty "dst-address";
*) route - do not redistribute loopback address as connected route;
*) route - fixed bgp-vpn prefix import with the same route distinguisher (RD);
*) route - improved system stability;
*) route - rework of route attributes;
*) route - show route-distinguisher (RD) in route print;
*) route-filter - allow setting different AFI gateways;
*) route-filter - fixed ext community list matcher;
*) sfp - added "100M-baseFX" link mode support for compatible devices;
*) sfp - added "sfp-ignore-rx-los" setting;
*) sfp - fixed "sfp-tx-fault" state indication for CRS510;
*) sfp - fixed link establishment with 100Mbps optical modules (requires "/interface ethernet reset" or adding "100M-baseFX" modes for advertise or speed properties);
*) sfp - fixed missing Tx traffic at 10Gbps rate on CCR2004-16G-2S+ in rare cases;
*) sfp - ignore SFP RX LOS signal for modules with bad EEPROM;
*) sfp - improved "sfp-tx-power" value monitoring in certain cases;
*) sfp - improved auto-negotiation linking for some MikroTik cables and modules;
*) sfp - improved system stability for CR2004-1G-2XS-PCIe (introduced in v7.14);
*) sfp - improved system stability with some GPON modules for CCR2004 and CCR2116 devices;
*) smb - added logs for share connection requests;
*) smb - do not allow setting empty "comment" or "domain" properties;
*) sms - added option to select SMS storage;
*) sms - added SMS PDU to SMS inbox "print detail";
*) sms - added workaround for modems which do not notify regarding new SMS arrival (missing URC);
*) sms - improved SMS handling;
*) sms - removed SMS for SMIPS;
*) sms - use "gsm" logging topic for serial modem SMS logs;
*) snmp - added missing PoE-out status codes to MIKROTIK-MIB;
*) snmp - added new "mtxrOpticalVendorSerial" OID to MIKROTIK-MIB;
*) socks - attempt to parse domain name as IP before resolving;
*) ssh - added support for user Ed25519 private keys;
*) ssh - export host Ed25519 public key;
*) ssh - fixed bogus output;
*) ssh - fixed permissions to run ".auto.rsc" scripts;
*) ssh - require "policy" user policy when adding public key;
*) sstp - added SNI support;
*) sstp - disconnect clients when server is disabled;
*) storage - improved configuration storing process on first system boot after configuration reset;
*) switch - added support for multiple ingress and egress port mirroring on 98DXxxxx switches;
*) switch - added support for RSPAN mirroring on 98DXxxxx switches;
*) switch - fixed L3HW and QoS monitor during switch reset;
*) system - added resource values (Product name, File name and File version) for Windows executable files;
*) system - general work on optimizing the size of RouterOS packages;
*) system - show "cpu-frequency" for Alpine CPUs;
*) system - skip configuration upgrade from RouterOS v6 on configuration reset;
*) system - updated office address in RouterOS license;
*) system - updated online manual links from "wiki" to the help documentation;
*) timezone - updated timezone information from "tzdata2024a" release;
*) traffic-flow - detect IPv4 source address if not set;
*) traffic-flow - improved system stability;
*) userman - added "require-message-auth" option that requires "Message-Authenticator" in received Access-Request messages;
*) userman - include "Message-Authenticator" in any RADIUS communication messages besides accounting for all services;
*) vlan - added MVRP (applicant) configuration option;
*) vlan - ensure that VLAN MTU remains unchanged when adjustments are made to the parent interface MTU, only modifications to the L2MTU might impact VLAN MTU;
*) vlan - fixed MTU reset on bridge after reboot;
*) vlan - limit "vlan-id" range from 1-4095 to 1-4094;
*) vrf - fixed VRF interfaces being moved to main table after reboot (introduced in v7.14);
*) webfig - allow pasting with ctrl+v into terminal;
*) webfig - fixed column preferences for ordered tables;
*) webfig - show inherited properties for wifi interfaces;
*) wifi - added "reselect-interval" support;
*) wifi - changed interface default to "disabled=yes";
*) wifi - do not report disabled state for CAPsMAN managed interface;
*) wifi - fixed configuration export for "disabled" property;
*) wifi - improve channel selection after radar detection events;
*) wifi - improve regulatory compliance for L11, L22 devices;
*) wifi - improved interface initialization reliability on DFS channels;
*) wifi - improved stability of DFS check in the 5GHz-A band;
*) wifi - improved system stability when provisioning CAPs in certain cases;
*) wifi - rename "available-channels" parameter to "channel-priorities" and include desirability rating for each channel;
*) wifi - report current CAPsMAN address and identity on CAP;
*) wifi - show inherited properties with "print" command (replaces "actual-configuration") and added "print config" for showing only configured values;
*) wifi-qcom - added configuration.distance setting to enable operation over multi-kilometer distances;
*) wifi-qcom - updated driver;
*) winbox - added "Download" and "Flush" buttons under "System/Certificates/CRL" menu;
*) winbox - added "Flat Snoop" button under "WiFi" menu;
*) winbox - added "FT Preserve VLAN ID" setting under "WiFi/Configuration/FT" menu;
*) winbox - added "Request logout" button under "System/Users/Active Users" menu;
*) winbox - added "Trusted" checkbox under "System/Certificates/Import" menu;
*) winbox - added drop down menu for "User" property when importing SSH key under "System/User/SSH Keys" and "System/User/SSH Private Keys" menus;
*) winbox - added invalid flag under "IP/DHCP Relay" menu;
*) winbox - added key type and key length column for user SSH keys;
*) winbox - added missing SFP monitoring properties under "Interface/SFP" menu;
*) winbox - added passphrase option for SSH host key export;
*) winbox - added passphrase option for SSH host key import;
*) winbox - allow specifying size and rtmpfs size with M, G units under "System/Disks" menu;
*) winbox - allow to specify "M" or "G" postfix for download, upload or total limits under "User Manager/Limitations" menu;
*) winbox - do not show "Host Key Size" when using ed25519 key under "IP/SSH" menu;
*) winbox - fixed the issue where the skin file fails to appear in the user group menu after creation;
*) winbox - renamed "Channel" column to "Current Channel" under "Wifi" menu;
*) winbox - show "Valid Servers" and "Unknown Servers" column by default under "IP/DHCP Server/Alerts" menu;
*) winbox - show inherited properties for wifi interfaces;
*) winbox - show SIM settings for SXTR device under "Interfaces/LTE/Modem" menu;
*) winbox - updated icons for certain menus;
*) winbox - use correct values for "Jump Target" property under "IPv6/Firewall/Filter Rules" menu;
*) wireguard - added option to mark peer as responder only;
*) wireguard - added peer "name" field and display it in logs;
*) wireguard - do not attempt to connect to peer without specified endpoint-address;
*) wireguard - fixed "auto" argument usage for "private-key" and "preshared-key" settings;
*) wireguard - fixed performance issues showing QR code;
*) wireless - perform shorter channel availability check for 5600-5650MHz if regulatory domain permits it;
*) x86 - fixed ixgbe Tx hang by disabling TSO;
*) x86 - fixed VLAN tagged packet transmit for ice driver;
*) x86 - ice driver update to v1.13.7;
*) x86 - improved stability for RTL8125 driver;
*) x86 - ixgbe driver update to 5.19.9;
*) x86/chr - improved panic saving (increased minimal RAM requirements to 256MB);
-
Les releases en .0 sont conseillées ?
Perso au taf, sur du Palo par exemple, j'évite car c'est jamais très stable...
-
Comme je le dis autre part, perso les releases .0 je passe mon chemin, à chaque fois il y a un truc qui est cassé avant d'être réparé dans la .1...
... Surtout là vu l'énorme liste des changements depuis la 7.14.
-
En tant que modeste initiateur de cette section du forum, et auteur de ce fil, j'ai osé l'installer, attentif à cerner le périmètre de l'insoupçonnable, vaillant face au danger, résilient envers la panne, actif sinon sportif, et, qui sait, spectateur de l'histoire avec la substantifique satisfaction de savoir en être, quand le chaos s'invite dans le manoir... (1)
8)
Note 1: Toute référence avec la colonne mensuelle "Chaos Manor (https://chaosmanorreviews.com/) " du défunt et regretté Jerry Pournelle (https://www.jerrypournelle.com/) dans Byte Magazine (2), est totalement assumée.
Note 2 de la note 1: Byte Magazine est un défunt magazine mensuel (https://fr.wikipedia.org/wiki/Byte_(magazine)) né avec l'informatique personnelle, vraiment au dessus du lot, tué par le groupe de magazines qui l'a racheté à ses fondateurs parce qu'il faisait de l'ombre à d'autres de ses publications, laissant 200000 abonnés de part le monde sur le carreau (dont votre serviteur) en 1998. Vous pouvez retrouver l'intégralité des numéros sur l'Internet Archive (https://archive.org/details/BYTE-MAGAZINE-COMPLETE). Bonne lecture. Je décline toute responsabilité si cette exposition violente à la culture tue l'été d'une paire d'entre vous qui auront eu l'audace de me lire jusqu'ici :D.
-
Quoi de neuf dans la version 7.15.1 (07-juin-2024 15:49) :
*) bgp - correction des sessions BGP manquant vpnv6 afi ;
*) bgp - correction du chemin d'accès corrompu lors de la réception d'une mise à jour avec un attribut AS_PATH vide (introduit dans la v7.15) ;
*) BGP - Correction de VPNV6 Safi ;
*) santé - température de carte fixe pour le périphérique KNOT (introduit dans la v7.15) ;
*) santé - correction de la santé manquante pour le périphérique CRS112-8G-4S (introduit dans la v7.15) ;
*) installation - correction de l'installation du cdrom ARM64 (introduite dans la v7.15) ;
*) lte - cas résolus où l'interface LTE mettait beaucoup de temps à être prête après le démarrage pour Chateau 5G et Chateau 5G R16 (introduit dans la v7.15) ;
*) lte - cas corrigés où le modem pouvait être géré par plusieurs instances de numérotation ;
*) modem - correction de la récupération du lien PPP qui ne répondait pas lorsque la bande passante TX dépassait la capacité du lien ;
*) poe-out - correction de l'échec de la mise à niveau silencieuse du micrologiciel sur le périphérique CRS112-8P-4S (introduit dans la version 7.15) ;
*) ppp - nom par défaut de la file d'attente dynamique fixe (introduit dans la v7.15) ;
*) route - fuite de mémoire corrigée (introduite dans la v7.15) ;
*) route - correction de certains paramètres d'itinéraire manquants lors de l'impression (introduit dans la v7.15) ;
*) wifi - rapport fixe sur la force du signal pendant l'association (introduit dans la v7.15) ;
*) wifi - gestion améliorée du WPA3 PMKSA lorsque des listes d'accès avec des phrases secrètes personnalisées sont utilisées ;
*) winbox - correction d'un problème avec le fichier skin apparaissant comme inconnu dans le menu du groupe d'utilisateurs (introduit dans la v7.15) ;
*) winbox - correction d'une note système manquante lors de la connexion (introduite dans la v7.15) ;
-
(https://pix.milkywan.fr/QI7YA9Ua.png)
(soupir)
-
Bah , la .1 après la .0 quoi. Normal :-D . On n'installe jamais une .0 sur de la prod sensible, c'est connu
-
La nouvelle version (v 7.15.1) permet de changer la COS et le DSCP avec un switch chip de façon plus simple. Ci-dessous un exemple de configuration.
Source : https://help.mikrotik.com/docs/pages/viewpage.action?pageId=189497483 (https://help.mikrotik.com/docs/pages/viewpage.action?pageId=189497483)
/interface ethernet switch
set 0 qos-hw-offloading=yes
/interface ethernet switch qos profile
add dscp=48 name=orange-requirements pcp=6
/interface ethernet switch rule
add comment="Orange arp - CoS to 6" mac-protocol=arp new-qos-profile=orange-requirements ports=Router switch=switch1 vlan-id=832
add comment="Orange DHCPv4 - CoS to 6" dst-port=67 mac-protocol=ip new-qos-profile=orange-requirements ports=Router protocol=udp switch=switch1 vlan-id=832
add comment="Orange DHCPv6 - CoS to 6" dst-port=547 mac-protocol=ipv6 new-qos-profile=orange-requirements ports=Router protocol=udp switch=switch1 vlan-id=832
-
La nouvelle version (v 7.15.1) permet de changer la COS et le DSCP avec un switch chip de façon plus simple. Ci-dessous un exemple de configuration.
Source : https://help.mikrotik.com/docs/pages/viewpage.action?pageId=189497483 (https://help.mikrotik.com/docs/pages/viewpage.action?pageId=189497483)
/interface ethernet switch
set 0 qos-hw-offloading=yes
/interface ethernet switch qos profile
add dscp=48 name=orange-requirements pcp=6
/interface ethernet switch rule
add comment="Orange arp - CoS to 6" mac-protocol=arp new-qos-profile=orange-requirements ports=Router switch=switch1 vlan-id=832
add comment="Orange DHCPv4 - CoS to 6" dst-port=67 mac-protocol=ip new-qos-profile=orange-requirements ports=Router protocol=udp switch=switch1 vlan-id=832
add comment="Orange DHCPv6 - CoS to 6" dst-port=547 mac-protocol=ipv6 new-qos-profile=orange-requirements ports=Router protocol=udp switch=switch1 vlan-id=832
This document defines Quality of Service (QoS) usage in RouterOS based on Marvell Prestera DX switch chips (CRS3xx, CRS5xx series switches, and CCR2116, CCR2216 routers).
J'essaie demain.
-
What's new in 7.15.2 (2024-Jun-26 14:42):
*) bth - improved system stability;
*) defconf - configure the default-route property for PPP clients only on devices with a built-in modem;
*) modem - fixed modem firmware upgrade for Chateau 5G and Chateau 5G R16 (introduced in v7.15);
*) route - fixed incorrectly handled route distinguisher and route targets (introduced in v7.15);
*) ssh - fixed SSH cryptographic accelerator selection (introduced in v7.14);
*) switch - fixed limited Tx traffic on Ethernet ports for CRS354 devices (introduced in v7.15);
*) system - fixed an issue where routing configuration was missing after performing a reset, adding a new configuration and then upgrading (introduced in v7.15);
*) winbox/webfig - fixed skins (introduced in v7.15);
-
J'essaie demain.
Salut,
Ca donne quoi du coup ?
-
Salut,
Ca donne quoi du coup ?
Ah, mais que voilà une question pertinente ! Je remets donc cette affaire dans son contexte, à savoir l’avènement éventuel, tout au moins annoncé, d’une nouvelle approche logique d’application de la COS à 6 sur certaines architectures matérielles, dont celle dont je dispose justement. Ma foi, si la question peut me sembler embarrassante, je dois cependant bien l’avouer, cette question semble m'avoir quelque peu échappé. Je me trouve confronté à ce dilemme cornélien, cette tâche, que je m’étais assigné, que je m’étais confié avec foi, avec joie, avec opiniâteté, mais qui, tel un spectre insaisissable, s'est évaporée dans les limbes de ma mémoire.
Il est vrai que l'intention y était. Pour un peu, c'était beau. Quelle belle volonté farouche de mener à bien cet essai. Si d’aventure j’avais été encore marié, j’en aurais indubitablement touché deux mots à ma brune, preuve s'il en est de ma détermination initiale. "Tiens, j'essaierais volontiers le truc dont j’ai entendu parler, là", aurais-je déclaré avec enthousiasme. Hélas, trois fois hélas, le temps, ce tyran implacable, en a décidé autrement.
Les jours ont filé, tels des grains de sable dans un sablier capricieux, emportant avec eux cette noble résolution. Me voilà maintenant dans cette situation pour le moins embarrassante, où le compte rendu tant attendu se fait cruellement désirer. Que dire ? Que faire ? Le temps, ce précieux allié devenu soudain mon plus farouche adversaire, m'a joué un tour pendable.
J'aurais tant aimé pouvoir discourir avec éloquence sur les résultats de cette expérience, partager mes observations avisées, peut-être même émettre quelques hypothèses audacieuses. Mais hélas, le néant le plus total règne là où auraient dû fleurir les fruits de mon labeur. La page blanche me nargue, tel un miroir reflétant l'absence criante de mes efforts.
Que de regrets, que de remords ! Me voilà à présent à chercher dans les tréfonds de mon esprit une excuse valable, un motif légitimant mon silence… Mais en vain. L'épuisement physique du surmenage nécessaire à l’accomplissement de ma mission, que d’aucun qualifieraient d’apostolique, ma mission de médecin régulateur au centre 15, cette fatigue physique, juste et noble, recouvre toute l'opprobre que mérite mon silence coupable.
Ainsi va ma vie. Parfois, malgré toute ma bonne volonté, les aléas du quotidien et les caprices de mon métier me jouent des tours. Mais je ne dois pas me laisser abattre ! Peut-être est-ce là l'occasion de méditer sur l'importance de la gestion du temps et de la priorisation de mes tâches. Qui sait, cette mésaventure pourrait-elle être le point de départ d'une nouvelle approche, plus organisée et plus efficace ?
La prochaine fois, je me prévois des vacances…
-
ChatGPT sors de ce corps :)
-
Alors moi je l’ai fait, et que dire à part que ça marche bien 😆
-
Salut Zoc,
Merci. Quelle est la dernière version de ta config stp ?
-
/interface ethernet switch set 0 qos-hw-offloading=yes
/interface ethernet switch qos profile add dscp=48 name=orange-ftth pcp=6 traffic-class=6
/interface ethernet switch qos profile add name=orange-tv pcp=5 traffic-class=5
/interface ethernet switch rule add comment="Orange ARP - CoS to 6" mac-protocol=arp new-qos-profile=orange-ftth ports=sfp4.downstream switch=switch1 vlan-id=832
/interface ethernet switch rule add comment="Orange ICMPv6 and Multicast - Cos to 6" dst-address6=fe00::/7 mac-protocol=ipv6 new-qos-profile=orange-ftth ports=sfp4.downstream protocol=icmpv6 switch=switch1 vlan-id=832
/interface ethernet switch rule add comment="Orange DHCPv4 - CoS to 6" dst-port=67 mac-protocol=ip new-qos-profile=orange-ftth ports=sfp4.downstream protocol=udp src-port=68 switch=switch1 vlan-id=832
/interface ethernet switch rule add comment="Orange DHCPv6 - CoS to 6" dst-port=547 mac-protocol=ipv6 new-qos-profile=orange-ftth ports=sfp4.downstream protocol=udp src-port=546 switch=switch1 vlan-id=832
/interface ethernet switch rule add comment="Orange TVIP - Set CoS to 5" mac-protocol=ip new-qos-profile=orange-tv ports=sfp4.downstream switch=switch1 vlan-id=840
Rappel: C'est sur un CRS305, spf4.downstream c'est le port SFP+ qui connecte le switch à mon CCR2004.
Franchement le support amélioré de la QoS est bienvenu chez Mikrotik. Je m'en sers aussi pour prioriser les heartbeats de mon cluster proxmox et de mon cluster ceph sur mon CRS326 (oui, je fais du ceph sur un réseau 1 Gbps, c'est pas vraiment recommandé en terme de perfs mais suffisant pour mon usage).
-
Merci bcp.
-
ChatGPT sors de ce corps :)
Hahaha. Je n'en ai pas vraiment besoin, mais en l'occurrence, c'est du Anthropic Claude 3.5 Sonnet édité. J'ai posé un prompt de 3 lignes sur mon silence oublieux, et ça m'a grossièrement sorti ça.
J'utilise Claude 3.5 sonnet pour extraire des informations précises de tonnes d'informations pharmacologiques dans le cadre de la régulation, via perplexity.ai .
-
Gnubyte le poète mikrotien démasqué.
J’ai pas encore essayé Claude, mais bcp disent qu’il est pas mal, voir meilleur que chatgpt.
-
Salut à tous,
Vous avez jouer un peu avec le L3HW sur vos routeurs / firewall ?
Sur mon CCR2116 (vers 7.13.5, firewall/nat et routeur front), le L3HW est désactivé au niveau switch mais activé au niveau des ports (switch->ports).
Est-ce une erreur de config de ma part ?
De même, j'ai vu qu'il existe du L3HW ipv6 (switch>switch>L3 HW settings>IPv6 HW), cette option est actuellement désactivée.
Certaines de mes routes (notamment les default routes ipv6/ipv4), ne contiennent pas le H indiquant qu'elles ne sont pas hardward-offloaded.
De ce que j'ai compris, c'est normal de ne pas avoir de L3HW sur un firewall (et NAT). Mais il me semble que des progrès ont été fait de ce coté.
Par contre, je ne voudrais surtout pas que mes règles firewall / NAT soient bypassed si j'active le L3HW...
Merci pour vos lumières.
-
je ne voudrais surtout pas que mes règles firewall / NAT soient bypassed si j'active le L3HW...
Bah si, elles le sont. Le principe du routage L3 offloadé c'est que les paquets ne sortent pas du chip du switch, et donc ne vont clairement pas jusqu'au CPU. Du coup pas de firewall ni de queues...
Bref ça a un intérêt sur un routeur en coeur de réseau (sur lequel on ne filtre généralement rien) pas sur un routeur de bordure qui doit faire du NAT et du firewall.
-
Salut Zoc,
Merci, c’est très clair.
-
What's new in 7.15.3 (2024-Jul-24 13:36):
*) lte - fixed possible crash when enabling/disabling config-less modem interface;
*) lte - fixed R11e-LTE no traffic flow when modem with older firmware version is used;
*) routerboard - improved Etherboot stability for CRS320-8P-8B-4S+ device ("/system routerboard upgrade" required);
*) ssh - fixed unsupported user SSH public key import (introduced in v7.15);
-
What's new in 7.16 (2024-Sep-20 16:00):
*) 6to4 - fixed 6to4 tunnel LL address generation after system reboot;
*) 6to4 - improved system stability when using 6to4 tunnel without specified remote-address;
*) 6to4 - limit keepalive timeout maximum value;
*) address - added "S" flag for addresses that belong to a slave interface;
*) arm64 - fixed "disable-running-check" for ARM64 UEFI;
*) arm64 - increased reserved storage space for bootloader;
*) arm64/x86 - added rtl8111/8168/8411 firmware;
*) arp - fixed possible issue with invalid entries;
*) bgp - fixed BGP sessions missing vpnv6 afi;
*) bgp - fixed cluster-list and originator-id;
*) bgp - fixed corrupted as-path when received update with empty AS_PATH attribute (introduced in v7.15);
*) bgp - fixed minor logging typo;
*) bgp - fixed vpnv6 safi;
*) bgp - small logging improvements;
*) bridge - added dynamic tagged entry when VLAN interface is created on vlan-filtering bridge;
*) bridge - added forward-reserved-addresses property which controls forwarding of MAC 01:80:C2:00:00:0x range (separated from "protocol-mode=none" functionality, disabled by default after upgrade);
*) bridge - added L2 MDB support for IGMP snooping;
*) bridge - added max-learned-entries property for bridge;
*) bridge - added message about who created a dynamic VLAN entry;
*) bridge - added MVRP support for VLANs assigned to bridge;
*) bridge - do not allow duplicate ports;
*) bridge - fixed BPDU address when using "ether-type=0x88a8" configuration;
*) bridge - fixed MVRP leave;
*) bridge - fixed port "point-to-point" status after first link change;
*) bridge - fixed typo in filter and NAT error message;
*) bridge - improved system stability when removing MLAG configuration;
*) bridge - show invalid flag for ports that fails to be added to bridge (e.g. maximum port limit of 1024 is reached);
*) bth - improved stability on system time change;
*) certificate - added no-key-export parameter for import;
*) certificate - added support for cloud-dns challenge validation for sn.mynetname.net (CLI only);
*) certificate - automatically parse uppercase symbols to lowercase when registering domain on Let's Encrypt;
*) certificate - improved DNS challenge error reporting for Let's Encrypt;
*) certificate - improved RSA key signature processing speed;
*) certificate - show validity beyond year 2038;
*) chr - added support for licensing over IPv6 network;
*) chr - fixed incorrect disk size for ARM64;
*) console - added "about" filters for "find" and "print where" commands;
*) console - added "verbose=progress" mode for import status updates, and verbose output only on failures;
*) console - added additional byte-array option to :convert command;
*) console - added dry-run parameter to simulate import of files and find syntax errors without making configuration changes (verbose only);
*) console - added limits for dst-start and dst-end clock properties;
*) console - added lock screen via :lock command;
*) console - added uppercase and lowercase transform modes to :convert command;
*) console - disallow ping command with empty address;
*) console - display hint when requesting specific argument syntax;
*) console - do not show default boot-os setting in export;
*) console - fixed an issue where certain MAC address can be interpreted as time value;
*) console - fixed negative values for gmt-offset clock property;
*) console - fixed output of ping command in certain cases;
*) console - fixed typo in firewall error message;
*) console - improved :serialize and :deserialize commands and added support for DSV (delimiter separated values) format;
*) console - improved large import file handling, error detection and stability;
*) console - improved stability when pasting a large input;
*) console - improved stability when removing script;
*) console - increased default width for bitrate type of columns;
*) console - removed follow-strict parameter;
*) console - show rest-api name for active user connections;
*) container - clear VETH address on container exit and mark interface as running only when VETH is in use;
*) defconf - configure the default-route property for PPP clients only on devices with a built-in modem;
*) detnet - properly detect "Internet" status when multiple detnet instances preset in network;
*) dhcp - added comment property for matchers, options and option sets;
*) dhcp - improved DHCP IPv4 and IPv6 client/relay/server underlying interface state change handling;
*) dhcp - improved insert-queue-before, parent-queue and allow-dual-stack-queue behavior;
*) dhcpv4-client - execute script on DNS server or gateway address change;
*) dhcpv4-server - added "class-id" parameter for DHCP server leases;
*) dhcpv4-server - added matcher ability to match substring;
*) dhcpv4-server - added name for "User-Class" option (77), "Authentication" option (90), "SIP-Servers-DHCP-Option" option (120) and "Unassigned" option (163-174) in debug logs;
*) dhcpv4-server - fixed setting and getting "next-server" property;
*) dhcpv4-server - increased lease offer timeout to 120 seconds;
*) dhcpv4-server - remove corresponding dynamic leases if their address-pool gets removed;
*) dhcpv4-server - show active-server and host-name in print active command;
*) dhcpv6-client - do not add default gateway twice when both prefix and address is acquired;
*) dhcpv6-client - fixed T1, T2, valid-lifetime and preferred-lifetime compliance with RFC8415 by using value 0;
*) dhcpv6-client - pause client and remove dynamically installed objects while it becomes invalid;
*) dhcpv6-client - release client on failed renew attempt;
*) dhcpv6-client - update gateway address for default route on renew;
*) dhcpv6-server - improved system stability;
*) discovery - added discover-interval setting;
*) discovery - added LLDP Port VLAN ID, Port And Protocol VLAN ID, VLAN Name TLVs support;
*) discovery - added LLDP-MED timeout;
*) discovery - changed default discover-interval setting from 60s to 30s;
*) discovery - set unknown bit for any unspecified link type in MAC/PHY TLV;
*) disk - added "wipe-quick" file-system option to format-drive command (CLI only);
*) disk - added log message when disks get added or removed;
*) disk - added simple test command to test device and filesystem speeds (CLI only);
*) disk - improved system stability;
*) disk - remove dummy "slot1" entries on CHR;
*) dns - added support for DoH with adlist;
*) dns - added support for DoH with static FWD entries;
*) dns - added support for mDNS proxy;
*) dns - improved imported adlist parsing;
*) dns - refactored adlist service internal processes and improved logging;
*) dns - refactored DNS service internal processes;
*) dns - show static entry type "A" field in console;
*) dude - fixed map element RouterOS package upgrade functionality;
*) ethernet - fixed port speed downshift functionality for CRS354 devices;
*) ethernet - improved system stability for Alpine CPUs when dealing with unexpected non-UDP/TCP packet transmit;
*) fetch - handle HTTP 401 status correctly;
*) fetch - improved logging;
*) file - renamed "creation-time" to "last-modified";
*) filesystem - improved boot speed after device is rebooted without proper shutdown;
*) filesystem - refactored internal processes to minimize sector writes;
*) firewall - added message when interface belonging to VRF is added in filter rules;
*) firewall - fixed an issue with unsetting src-address-type;
*) firewall - fixed IPv6 "nth" matcher showing up twice in help;
*) firewall - fixed issue that prevents restoring src-address-list and dst-addres-list properties using undo command;
*) firewall - removed unnecessary TLS host matcher from NAT tables;
*) health - fixed board-temperature for KNOT device (introduced in v7.15);
*) health - fixed bogus CPU temperature spikes for CCR2216 device;
*) health - fixed missing health for CRS112-8G-4S device (introduced in v7.15);
*) health - improved voltage measurements for RB912UAG-6HPnD and RB912UAG-5HPnD devices;
*) health - removed unnecessary health settings for RB921 and RB922 devices;
*) health - upgraded fan controller firmware to latest version;
*) hotspot - properly escape all reserved URI characters;
*) ike1 - removed unsupported NAT-D drafts with invalid payload numbers;
*) ike2 - improved performance by balancing multicore CPU usage for key exchange calculation;
*) install - allow to save old configuration during cdrom install;
*) install - fixed ARM64 cdrom install (introduced in v7.15);
*) iot - added an option to delete default LoRa servers and a button to recover them if needed;
*) iot - added an option to log LoRa filtered packets;
*) iot - added LoRa NetID and JoinEUI filtering for LNS and CUPS connections;
*) iot - added LoRa option to filter out proprietary packets;
*) iot - fixed incorrect LoRa filter export behavior;
*) iot - fixed LoRa inability to set SSL for LoRa servers via command line;
*) iot - fixed LoRa inability to use variables for GPS-spoofing setting;
*) ip - added max-sessions property for services;
*) ip/ipv6 - added multipath hash policy settings;
*) ipip6 - make IPv6 LL address random;
*) ipsec - changed default dpd-interval from 2 minutes to 8 seconds and dpd-maximum-failures from 5 to 4;
*) ipsec - improved installed SA statistics update;
*) ipv6 - added "d" deprecated flag for expired IPv6 SLAAC addresses;
*) ipv6 - allow to properly disable address when it is generated from pool;
*) ipv6 - allow to properly move IPv6 address from slave interface to a bridge interface;
*) ipv6 - do not allow adding address with invalid prefix when using pool;
*) ipv6 - do not allow to manually delete LL address;
*) ipv6 - fixed "no-dad" functionality;
*) ipv6 - fixed dynamic duplicate address showing when static address is already configured;
*) ipv6 - fixed pool allocated addresses missing after reboot;
*) ipv6 - fixed SLAAC address dynamic appearance;
*) ipv6 - improved handling of IPv6 address information;
*) ipv6 - improved LL address generation process;
*) ipv6 - properly initialize default ND "interface=all" entry;
*) ipv6 - respect APN settings for "add-default-route" and "use-peer-dns" also when "accept-router-advertisements=yes";
*) ipv6 - warn user that reboot is required in order to properly apply accept-router-advertisements changes;
*) isis - fixed filter-chain and filter-select settings;
*) isis - install IPv6 link-local gateways correctly;
*) l2tp - improved system stability;
*) l3hw - added per-VLAN packet and byte counters to compatible switches;
*) l3hw - disable L3HW on bonding modes that do not support it;
*) log - added basic validation for "disk-file-name" property;
*) lte - added "sms-protocol" setting in "/interface lte" menu (CLI only);
*) lte - fixed "at-chat" for DELL T99W175 (PID: 0x05c6 VID: 0x90d5);
*) lte - fixed cases where LTE interface would take long time to become ready after bootup for Chateau 5G and Chateau 5G R16 (introduced in v7.15);
*) lte - fixed cases where modem could be handled by multiple dialer instances;
*) lte - fixed modem firmware upgrade for Chateau 5G and Chateau 5G R16 (introduced in v7.15);
*) lte - fixed possible crash when enabling/disabling config-less modem interface;
*) lte - fixed R11e-LTE no traffic flow when modem with older firmware version is used;
*) lte - fixed support for Fibocom modem fm150-na;
*) lte - improved modem AT/modem port open;
*) lte - improvements to "/interface/lte/show-capabilities" command;
*) media - improved file indexing for DLNA;
*) modem - added authentication functionality to EC200A;
*) modem - fixed PPP link recovery when port unexpectedly removed and returned due to modem firmware crash;
*) modem - fixed unresponsive PPP link recovery when TX bandwidth was exceeding link capacity;
*) modem - improved support for KNOT BG77 modem firmware update;
*) mqtt - broker password is no longer exported unless "show-sensitive" flag is used;
*) netinstall-cli - added check for device and package architectures match;
*) netinstall-cli - added support for multiple device install;
*) netinstall-cli - allow mixed package architectures;
*) netwatch - added DNS probe;
*) netwatch - added ttl and accept-icmp-time-exceeded properties for ICMP probe;
*) netwatch - use time format according to ISO standard;
*) ospf - improved system stability during LSA monitoring;
*) ovpn - improved system stability;
*) pimsm - improved system stability;
*) poe-out - fixed low-voltage detection while PD is connected for KNOT device;
*) poe-out - fixed silent firmware upgrade fail on CRS112-8P-4S device (introduced in v7.15);
*) poe-out - upgraded firmware for SAMD20 PSE (AF/AT) controlled boards (the update will cause brief power interruption to PoE-out interfaces);
*) port - added IPv6 support for the "remote-access" feature;
*) ppp - added SIM hot-plug enable command to default init-string for KNOT and CME gateway;
*) ppp - added support for IPv6-only domain names to l2tp-client, ovpn-client and sstp-client;
*) ppp - automatically generate IPv6 firewall rules when filter-id is specified;
*) ppp - fixed dynamic queue default name (introduced in v7.15);
*) ppp - fixed PPP info parser showing error for BG77 modem running on KNOT AUX AT/modem port;
*) profiler - classify wifi processing as "wireless";
*) ptp - added PTP support for CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ, CRS518-16XS-2XQ, CRS504-4XQ, CRS510-8XS-2XQ devices;
*) qos-hw - added H and I flags to queues;
*) qos-hw - added new monitoring properties for ports and global QoS stats;
*) qos-hw - added queue-buffers property to tx-manager;
*) qos-hw - allow port print stats, usage and pfc while QoS is disabled;
... a suivre ...
-
... suite ...
*) qos-hw - allow to set queue-buffers in bytes, percent or auto;
*) qos-hw - enabling ECN forces WRED (unless share is disabled);
*) qos-hw - fixed egress-rate limit validation;
*) qos-hw - fixed global buffer limits for 98DX8212 and 98DX8332 switches;
*) qos-hw - fixed WRED thresholds;
*) qos-hw - improved behavior when changing ports tx-manger;
*) qos-hw - limit WRED to queues with enabled shared buffers;
*) queue - improved system stability;
*) quickset - removed Basic AP mode;
*) rose-storage - fixed "/file sysnc status" parameter to be read-only;
*) rose-storage - moved "/rsync-daemon" to "/file rsync-daemon;
*) rose-storage - renamed sync "remote-addr" property to "remote-address";
*) route - added ability to redistribute isis routes;
*) route - fixed incorrectly handled route distinguisher and route targets (introduced in v7.15);
*) route - fixed memory leak (introduced in v7.15);
*) route - fixed some missing route parameters when printing (introduced in v7.15);
*) route - improved route attribute handling (may increase memory usage);
*) route - improved routing table update performance;
*) route - improved stability when getting entries from large routing tables;
*) route - place static route in the correct VRF when vrf-interface parameter is used;
*) route - rename route type from is-is to isis;
*) routerboard - improved Etherboot stability for CRS320-8P-8B-4S+ device ("/system routerboard upgrade" required);
*) routerboard - improved Etherboot stability for IPQ-40xx devices ("/system routerboard upgrade" required);
*) routerboot - improved boot process ("/system routerboard upgrade" required);
*) rpki - fixed preference sorting;
*) sfp - fixed calculated link length based on EEPROM in certain cases;
*) sfp - fixed missing traffic after reboot with S-RJ01 module running at 10/100 Mbps rate on CCR2004-16G-2S+ device;
*) sfp - fixed SFP28 interface with fec74 mode on CCR2004-1G-2XS-PCIe device;
*) sfp - fixed SFP28 jumbo frame processing on CCR2004-1G-2XS-PCIe device;
*) sms - added polling setting so that RouterOS itself checks SMS instead of relying on URC messages;
*) snmp - added support for KNOT BG77 modem cellular signal info;
*) snmp - fixed LAST-UPDATED format in MIKROTIK-MIB;
*) ssh - fixed SSH cryptographic accelerator selection for GCM cipher (introduced in v7.14);
*) ssh - fixed unsupported user SSH public key import (introduced in v7.15);
*) ssh - improved system stability when SSH tries to bind to non-existing interface;
*) supout - added detnet section;
*) supout - added monitor command for all wifi interfaces;
*) supout - added netwatch section;
*) supout - added user SSH keys section;
*) supout - increased console output width;
*) supout - limit address-list and connection tracking entries to 999 in supout.rif;
*) supout - rename "store" section to "disk";
*) switch - fixed an issue where half-duplex links could occupy Tx resources for 98DX8xxx, 98DX4xxx, 98DX325x switch chips;
*) switch - fixed an issue with Ethernet port group hang for CRS354 devices;
*) switch - fixed Ethernet interface counter 32bit overflow for CRS354 devices;
*) switch - fixed limited Tx traffic on Ethernet ports for CRS354 devices (introduced in v7.15);
*) switch - improved switch reset;
*) switch - improved system stability on CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) system - added "clock" logging topic for time change related messages;
*) system - added critical log message when not enough space to store new configuration;
*) system - added log message if device failed to reboot gracefully;
*) system - added more details to user initiated reboot (reset, upgrade, downgrade);
*) system - added support for upgrade over IPv6 network;
*) system - do not cancel package upgrade if another architecture packages found on the router;
*) system - do not download packages scheduled for uninstall;
*) system - do not start IPsec and certificate processes when not necessary;
*) system - fixed "free disk space" error message on system upgrade/downgrade;
*) system - fixed an issue where routing configuration was missing after performing a reset, adding a new configuration and then upgrading (introduced in v7.15);
*) system - fixed empty logs after reboot in certain cases;
*) system - improved internal system services messaging;
*) system - improved performance for TCP input;
*) system - improved reporting of total memory size;
*) system - improved system stability for CCR2004-1G-2XS-PCIe device;
*) system - improved system stability for RBSXTsq5nD and RBLDF-5nD;
*) system - improved system stability;
*) system - improved watchdog and kernel panic reporting;
*) system - reduced RAM usage for ARM64 devices;
*) system - set flash-boot mode as "boot-device" after system reset initiated by reset button ("/system routerboard upgrade" required);
*) system - set flash-boot mode as "boot-device" after system reset initiated from software;
*) traceroute - do not stop traceroute after 5 consecutive unreachable hops;
*) tunnel - allow specifying IPv6 LL address as "remote-address" for EoIPv6, GRE6 and IPIP6 tunnels;
*) user - added inactivity timeout for non-GUI sessions;
*) user-manager - updated logo;
*) vxlan - added comment support to VTEPs;
*) vxlan - prevent creating multiple VTEPs with same IP/port combination;
*) webfig - allow to enter time that exceeds 23:59:59;
*) webfig - correctly display default value for number type;
*) webfig - enabled hotlock mode for terminal;
*) webfig - fixed an issue where wrong menu title was shown;
*) webfig - fixed issue with incorrectly applying optional fields;
*) webfig - fixed sorting by datetime;
*) webfig - use "any" argument by default for Torch "Port" property;
*) wifi - added "slave-name-format";
*) wifi - added interface provisioning logs;
*) wifi - adjusted virtual interface naming when provisioning local radios;
*) wifi - do not allow frequency-scan on virtual interfaces;
*) wifi - do not unset radio-mac and master-interface properties on reset;
*) wifi - enable creating virtual wifi interfaces using "copy-from" setting;
*) wifi - fixed packet receive when having multiple station interfaces;
*) wifi - fixed signal strength reporting during association (introduced in v7.15);
*) wifi - fixed typo in log message;
*) wifi - improve regulatory compliance for Chateau ax devices;
*) wifi - improved interface stability when receiving invalid FT authentication frames;
*) wifi - improved system stability after interface hang;
*) wifi - improved WPA3 PMKSA handling when access-lists with custom passphrases are used;
*) wifi - make sniffer tool return an error when attempting to sniff with a radio which does not support it;
*) wifi - send channel switch announcements to clients when switching channels at requested re-select intervals;
*) wifi - use name-format also for local interfaces when provisioning;
*) wifi-qcom - add spectral-scan and spectral-history tools (CLI only);
*) wifi-qcom-ac - count dropped packets to "tx-drop" instead of "tx-error";
*) wifi-qcom-ac - improved memory allocating process;
*) winbox - added "Import Router ID" parameter under "Routing/BGP/VPN" menu;
*) winbox - added "Switch/QoS" menu for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices;
*) winbox - added "Trace" column under "System/History" menu;
*) winbox - added configuration settings for ROSE;
*) winbox - added extra "File System" under "Format Drive" button;
*) winbox - added missing "Default Name" property for interfaces;
*) winbox - do not show "Last Logged In" and "Expire Password" when creating new system user;
*) winbox - fixed "Authority" property under "System/Certificates/Requests" menu;
*) winbox - fixed duplicated "MVRP Attributes" table;
*) winbox - fixed false invalid flag under "System/Ports/Remote Access" menu;
*) winbox - fixed issue with skin file appearing as unknown in user group menu (introduced in v7.15);
*) winbox - fixed signal bar "excellent" tooltip;
*) winbox - fixed Switch menu for RB1100AHx4 device;
*) winbox - improved QR code display;
*) winbox - moved DHCPv6 Server "Allow Dual Stack Queue" property from General to Queues tab;
*) winbox - moved Switch menu tabs to individual menus;
*) winbox - properly display available address-pools for DHCPv6 server configuration;
*) winbox - removed deprecated x86/CHR specific settings under "System/Resources" menu;
*) winbox - removed spare argument for "PFS Group" property under "IP/IPsec/Proposals" menu;
*) winbox - renamed configurable wifi property "Tx Power" to "Max Tx Power";
*) winbox - separated different Watchdog settings into logical tabs;
*) winbox - use CAP serial number with "Set Identity" button under "WiFi/Remote CAP" menu;
*) winbox - use correct default value for "Partition Offset" property;
*) winbox/webfig - fixed skins (introduced in v7.15);
*) wireless - allow unsetting signal-range and ssid-regext properties for capsman access-list;
*) wireless - fixed dynamic VLAN assignments for vlan-filtering bridge in certain cases;
*) wireless - limit antenna-gain property to 100;
*) www - log out inactive REST API users;
*) x86 - added missing PCI ids for bnx2x driver;
*) x86 - added RTL8156 driver support;
*) x86 - fixed missing serial ports with MCS9900;
-
La version ROS 7.16 a un problème avec la commande /resolve. Elle va faire la résolution DNS dans le cache sans envoyer une requête au serveur DNS, ce qui est problématique pour utiliser la commande pour monitorer un serveur DNS.
Ticket ouvert auprès de Mikrotik et reconnu comme bug, ce sera réglé dans une prochaine version.
-
Bonjour,
Quelqu'un utilise les regex DNS sur leur Mikrotik ?
J'ai testé sur mon RB5009 mais c'est vraiment bogué
-
What's new in 7.16.1 (2024-Oct-10 17:03):
*) defconf - changed wireless installation from "indoor" to "any";
*) defconf - disable 5GHz secondary channel on RB4011;
*) dns - do not look up local cache when executing ":resolve" command with specified "server" parameter (introduced in v7.16);
*) sfp - improved initialization for certain SFP modules on CRS309 and CRS317 devices ("/system routerboard upgrade" required);
-
What's new in 7.16.2 (2024-Nov-26 14:09):
*) certificate - do not download CRL if there is not enough free RAM;
*) certificate - fixed handling of capsman-cap certificates (introduced in v7.16);
*) dhcpv4-server/relay - added additional error messages for DHCP servers and relays;
*) dns - fixed lookup order for static DNS entries (introduced in v7.16.1);
*) ethernet - improved linking after reboot for hAP ax lite devices ("/system routerboard upgrade" required);
*) gps - changed default GPS antenna setting for LtAP mini with internal LTE/GPS combo antenna;
*) leds - fixed bogus argument for "leds" property (introduced in v7.16);
*) leds - fixed PoE-in LEDs for CRS318-1Fi-15Fr-2S device;
*) modem - KNOT BG77 modem, improved handling of modem unexpected restarts;
*) route - fixed possible issue with inactive routes after reboot (introduced in v7.16);
*) routerboot - improved stability for IPQ8072 and IPQ6010 when flash-boot is used ("/system routerboard upgrade" required);
-
*) dns - fixed lookup order for static DNS entries (introduced in v7.16.1);
Ah c'était donc bien un bug...
-
RouterOS 7.17 disponible.
Changelog trop long pour être posté ici. :D
-
What's new in 7.17 (2025-Jan-16 10:19):
!) device-mode - after upgrade, mode "enterprise" is renamed to "advanced" and traffic-gen, partition (command "repartition"), routerboard and install-any-version features will be disabled;
!) webfig - redesigned HTML, styling and functionality;
*) 6to4 - fixed issue where 6to4 relay would not forward traffic unless destination address is set;
*) adlist - improved logging;
*) adlist - improved system stability;
*) adlist - optimized import on system with low disk space;
*) api - fixed REST API serialization of binary data;
*) arm64 - fixed for bare-metal servers to be able to access more than 2GB RAM;
*) arm64 - show CPU frequency on bare-metal installations;
*) arm64/x86 - added missing PCI id for mlx4 driver;
*) bonding - hide mlag-id property on non-compatible devices;
*) bridge - add HW offload support for active-backup bonds on 98DXxxxx, 88E6393X, 88E6191X and88E6190 switches;
*) bridge - added interface-list support for VLANs;
*) bridge - added message for inactive port reason;
*) bridge - added priority setting to manually elect primary MLAG peer;
*) bridge - correctly display PPP interfaces in VLAN menu;
*) bridge - disallow duplicate static VLAN entries;
*) bridge - disallow multicast MAC address as admin-mac;
*) bridge - enable faster HW offloading when detect-internet is disabled;
*) bridge - fixed first host table response for SNMP;
*) bridge - fixed incorrect HW offloaded port state in certain cases on MSTI add;
*) bridge - fixed missing slave flag on port in certain cases;
*) bridge - fixed MVRP registrar and applicant port options;
*) bridge - fixed port monitor with interface-lists;
*) bridge - fixed port move command;
*) bridge - fixed setting bridge MTU to L2MTU value;
*) bridge - fixed VLAN overlap check;
*) bridge - ignore disabled interfaces when calculating bridge L2MTU;
*) bridge - improved port handling;
*) bridge - improved stability;
*) bridge - prioritize MAC selection from Ethernet interfaces when using auto-mac feature;
*) bridge - re-synchronize MLAG system-id when bridge MAC changes;
*) bridge - removed support for master port config conversion (used before version 6.41);
*) bridge - update dynamic MSTI priority value when changing configuration;
*) bth - improved stability on system time change;
*) certificate - do not download CRL if there is not enough free RAM;
*) certificate - do not show not relevant values for certificate template (CLI only);
*) certificate - fixed handling of capsman-cap certificates (introduced in v7.16);
*) certificate - removed unstructured address field support;
*) chr - added Chelsio VF driver for PCIID 5803;
*) chr/arm64 - fixed kernel crypto use without crypto extensions for RPi CM4;
*) cloud - changed ddns-enabled setting from "no" to "auto" (service is enabled when BTH is enabled);
*) cloud - improved DDNS and VPN state stability;
*) console - added :range command;
*) console - added group-by property for print command;
*) console - added json.no-string-conversion to :serialize;
*) console - added lf/crlf options to :convert transform;
*) console - added more argument definitions for mac-protocol property;
*) console - added password property to "/system/ssh-exec" command;
*) console - added to/from=num option for :convert command;
*) console - allow clearing history for a specific user;
*) console - allow setting width to supout.rif output;
*) console - clear history when removing user;
*) console - disallow autocomplete hints for user without read policy;
*) console - execute :return command without error;
*) console - fixed endless loop when closing input prompt;
*) console - fixed missing arguments in wifi menu in certain cases;
*) console - force print paging when output does not fit terminal width;
*) console - improved printing output in some menus;
*) console - improved scripting system stability;
*) console - increased w60g scan-list size to 6;
*) console - print warning in CLI after enabling protected bootloader;
*) console - removed "chain" names from print parameter list and show all print parameters in "/ipv6/firewall/filter" directory;
*) console - show system-id in export for CHR;
*) console - updated copyright notice;
*) container - allow import from .tar.gz file;
*) container - do not log start, end events unless logging is enabled;
*) container - fixed user and group ID range;
*) container - improved "start-on-boot" stability;
*) container - improved container shell;
*) crypto - improve crypto speeds;
*) crypto - use hardware accelerator for GCM cipher in TLS connection on Alpine CPUs;
*) defconf - changed wireless installation from "indoor" to "any";
*) defconf - disable 5GHz secondary channel on RB4011;
*) defconf - do not add default password for CAP mode configuration on older Audience devices without a password;
*) defconf - fixed new port name recognition;
*) detnet - remove dynamic DHCP client creation;
*) device-mode - added "allowed-versions" list which are allowed to be installed without "install-any-version" mode enabled;
*) device-mode - added "basic" mode;
*) device-mode - added routerboard, install-any-version and partitions features;
*) device-mode - allow feature and mode update on x86 via power button and reboot/shutdown from AWS;
*) device-mode - fixed feature and mode update on ARM64 Hetzner;
*) device-mode - fixed feature and mode update via power-reset on MIPSBE devices;
*) device-mode - limit "/tool/ping-speed" and "/tool/flood-ping" under "traffic-gen" feature;
*) device-mode - limit device-mode update maximum allowed attempt count which can be reset only with reboot or button press;
*) device-mode - provide more precise device-mode update action printout;
*) device-mode - show all features and active restrictions with "print" command;
*) dhcp-relay - added "local-address-as-src-ip" property;
*) dhcp-server - use interface ID for NAS-Port and added interface name to NAS-Port-ID attribute in RADIUS requests;
*) dhcp-server - use single RADIUS accounting session for IPv4 and IPv6 when dual stack is used;
*) dhcpv4-client - correctly handle adding/setting emtpy dhcp-options;
*) dhcpv4-client - fixed crash when releasing disabled DHCP client;
*) dhcpv4-client - respect Renewal-Time (58) and Rebinding-Time (59) options;
*) dhcpv4-server - do not remove options set config when DHCP network is changed;
*) dhcpv4-server - properly detect DHCP server address when underlying interface has multiple IP addresses configured;
*) dhcpv4-server/relay - added additional error messages for DHCP servers and relays;
*) dhcpv4/v6-server - added address-list parameter to which address will be added if the lease is bound;
*) dhcpv6-client - added prefix-address-list parameter;
*) dhcpv6-client - improved system stability when DHCPv6 client is enabled on non-existing interface;
*) dhcpv6-client - log message when response with invalid transaction-id received;
*) dhcpv6-client/server - added support for DHCPv6 reconfigure messages;
*) dhcpv6-server - added IPv6 address delegation support;
*) dhcpv6-server - do not require "prefix-pool" to be specified;
*) dhcpv6-server - fixed DHCPv6 server "address-pool" property showing in command line as "unknown" when real value is "static-only";
*) dhcpv6-server - improved system stability when removing actively used DHCPv6 server;
*) dhcpv6-server - include all existing prefixes (with lifetime 0) in renew reply and new prefix if RADIUS returns different prefix;
*) dhcpv6-server - properly display "static-pool" value in server print output for "prefix-pool" argument;
*) discovery - added support for LLDP DCBX;
*) discovery - use LLDP description field to populate platform, version and board-name;
*) disk - added "type=file" for file-based block devices, useful for using file as a swap, or when having file-based filesystem images (CLI only);
*) disk - added btrfs filesystems list (CLI only);
*) disk - added mount-read-only and mount-filesystem options to allow read-only mounts and prevent mounting device at all (CLI only);
*) disk - added sshfs client to "/disk" menu (CLI only);
*) disk - added support for SWAP, currently allowed on any block device with "set x swap=yes" when container package is installed (CLI only);
*) disk - allow to configure global and per disk mountpoint template - [slot],[model],[serial],[fw-version],[fs-label],[fs-uuid],[fs] variables supported;
*) disk - auto mount iso and squashfs images;
*) disk - fixed managing and cleaning up mount points;
*) disk - fixed raid role auto selection for up to 64 drives;
*) disk - improve slot naming and improvements for visualizing complex hardware topology;
*) disk - improve test to report zero byte iops;
*) disk - improved system stability;
*) disk - read/show exfat filesystem label;
*) disk - recognize virtual sd* interfaces;
*) disk - remove 32 character slot name limit;
*) disk - save raid superblock and raid bitmap superblock on member devices in 1.2 format/location;
*) disk - show detailed mountpoint users when unable to unmount;
*) disk - show usage as percentage (CLI only);
*) disk - try all NFS versions (4.2,4.1,4.0,3,2) when mounting NFS in that order;
*) disk,nvme - show nvme namespaces if configured more than one on a nvme drive;
*) dns - added option to create named DNS servers that can be used as forward-to servers;
*) dns - do not look up local cache when executing ":resolve" command with specified "server" parameter (introduced in v7.16);
*) dns - DoH whitelist support for adlist using static FWD entries;
*) dns - refactored DNS service internal processes;
*) dns - whitelist support for adlist using static FWD entries;
*) ethernet - improved interface stability for RB4011 devices;
*) ethernet - improved linking after reboot for hAP ax lite devices ("/system routerboard upgrade" required);
*) ethernet - improved stability after reboot for Chateau PRO ax;
*) ethernet - improved system stability for CCR2004-1G-2XS-PCIe device;
*) ethernet - log warning only about excessive broadcast (do not include multicast) and reduced log count;
*) fetch - fixed certificate check when provided hostname is IP address;
*) fetch - fixed large file (over 4GB) fetch in HTTP/HTTPS mode;
*) file - correctly identify mounted disks;
*) file - do not needlessly scan large filesystems, could prevent unmounting;
*) file - improved handling of changes to the file system;
*) file - improved service stability when accessing files list from other system services;
*) file - support files over 4GB size;
*) file - update file size before trying to request content;
*) firewall - added none-dynamic and none-static arguments for IPv6 address-list-timout settings;
*) firewall - added support for random external port allocation;
*) firewall - added warning log for TCP SYN flood;
*) firewall - fixed "dst-limit" and "limit" mathers when using zero value for burst argument;
*) firewall - improved matching from deeply nested interface-lists;
*) firewall - removed default mangle passthrough=yes configuration from export;
*) ftp - added VRF support;
*) gps - changed default GPS antenna setting for LtAP mini with internal LTE/GPS combo antenna;
*) graphing - fixed graphing rule removal;
*) graphing - fixed queue graph storing on disk;
*) health - added cpu-overtemp-check on ARM, ARM64 devices (CLI only);
*) health - changed PSU state from "no-ac" to "no-input";
*) health - hide settings in CLI if there is nothing to show;
*) health - removed board-temperature on RB5009UPr+S+IN device;
*) igmp-proxy - refactored IGMP querier;
*) ike2 - improved performance by balancing multicore CPU usage for key exchange calculation also for initiator;
*) iot - added additional debug for LoRa logging;
*) iot - added an option to print out LoRa traffic in CLI (not GUI-only option anymore);
*) iot - added new LoRa traffic FCnt packet counter parameter;
*) iot - added support for USB Bluetooth dongles (LE 4.0+) which enables Bluetooth functionality;
*) iot - bluetooth peripheral device menu now displays correct iBeacon major/minor values;
*) iot - fixed duplicate LoRa payloads in the traffic tab;
*) iot - fixed incorrect LoRa joineui filter export behavior;
*) iot - fixed LoRa behavior, where join eui or dev eui could be incorrectly converted during forwarding;
*) iot - improved system stability for LoRa;
*) iot - improvements to LoRa device's stats tab;
*) iot - LoRa LNS improvement;
*) iot - LoRa traffic tab RSSI now shows proper values for ARM architecture;
*) iot - modbus rework which improves Tx Rx switching behavior;
*) iot - mqtt improvement to support large payloads and gracefully discard payloads above size limit;
*) iot - removed crc-disabled and crc-error options from the LoRa forwarding;
*) iot - removed LoRa pause traffic option/setting;
*) iot - removed some LoRa radio related parameters (e.g. RSSI-OFF and Tx-enabled) that were not meant to be changed;
*) ippool - removed maximum "63 bit" prefix length limitation;
*) ipsec - ike2 improved process for policies;
*) ipv6 - added comment property to "/ipv6/nd/prefix" menu;
*) ipv6 - added IPv6 settings related to stale IPv6 neighbor cleanup;
*) ipv6 - added support for manual link-local address configuration;
*) isis - do not disable fast-path when isis is enabled on an interface;
*) isis - fixed console flags;
*) isis - fixed invalid L2 LSP type;
*) isis - make it work when MTU is larger than 1500;
*) isis - update interface MAC address on change (caused neighbor to stuck in init state);
*) kid-control - use time format according to ISO standard;
*) l3hw - improved system stability;
*) l3hw - rate limit error logging;
*) leds - fixed issue where interface LEDs might not properly disable in some cases;
*) log - added basic validation for "disk-file-name" property;
*) log - added hostname support to remote logging action;
*) log - added regex parameter for log filtering in rules;
*) log - fixed e-mail logging (introduced in v7.16);
*) log - use time format according to ISO standard;
*) lte - added option to check/install modem firmware from early-access/testing channel (CLI only);
*) lte - added provider specific firmware update (FOTA) for Cosmote GR networks on Chateau 5G;
*) lte - disabled ims service for Chateau 5G on operator "3 AT" network (PLMN ID 23205);
*) lte - drop operator selection support for R11e-4G modem as it is unreliable;
*) lte - fixed "default-name" property in export when multiple LTE interfaces are used;
*) lte - fixed "lte monitor" signal reporting for RG520F-EU modem when connected to 5G SA network;
*) lte - fixed "operator" setting for EC200A-EU modem;
*) lte - fixed long "PLMN search in progress" for SXT 3-7;
*) lte - fixed LTE band setting for SXT LTE 3-7;
*) lte - fixed roaming barring (allow-roaming=no) for EC200A-EU modem;
*) lte - fixed signal info reporting for FG621-EA modem in UMTS network;
*) lte - fixed SMS sender parsing;
*) lte - improved modem FW upgrade for Chateau 5G;
*) lte - improved R11eL-EC200A-EU modem firmware upgrade procedure;
*) lte - improved recovery after unexpected modem reboot for Chateau's 5G and 5G R16 series devices;
*) lte - improvements to modem "firmware-upgrade" command;
*) lte - MBIM increased assignable APN profile count up to 8 then modem firmware allows it;
*) lte - modem firmware update (FOTA), added support to install provider specific version;
*) lte - removed trailing "F" symbol from uicc;
*) lte - set "sms-read=no" and "sms-protocol=auto" as default values;
*) lte - set IPv6 address reporting format in modem init for AT modems and MBIM modems with AT channel;
*) mac-server - allow MAC-Telnet access through any bridged port when bridge interface is allowed;
*) mac-telnet - use ASCII DEL as erase/backspace char instead of BS (fixes mac-telnet backspace for WinBox4);
*) macvlan - improved error when trying to create new interface on already busy parent interface;
*) macvlan - updated driver;
*) modem - KNOT BG77 modem, improved handling of modem unexpected restarts;
*) mpls - added fast-path support for VPLS;
*) mpls - added MPLS mangle support;
*) mpls - added support for "ICMP Fragmentation needed";
*) mpls - do no drop LDP peering session on PW deactivation;
*) mpls - do not reconnect VPLS on name or comment changes;
*) netinstall - removed unused "Get key" button;
*) netinstall - save and restore device-mode configuration on format;
*) netinstall-cli - added "-o" option to install devices only once per netinstall run;
*) netinstall-cli - fixed x86 detection;
*) netwatch - added "ignore-initial-up" and "ignore-initial-down" properties;
*) netwatch - fixed multiple variables;
*) netwatch - fixed probe toggle when adding a comment;
*) ospf - fixed memory corruption;
*) ospf - improved stability on configuration update;
*) ovpn - added VRF support to OVPN server (server menu now supports multiple entries and previous server configuration is automatically imported);
*) ovpn - improved system stability;
*) ovpn-client - added tls-crypt, tls-crypt-v2 support;
*) ovpn-server - added "user-auth-method" property and allow mschap2 for RADIUS authentication;
*) pimsm - improved system stability after interface disable;
*) poe-out - added low-voltage-too-low status;
*) poe-out - improved PoE-out configuration handling when doing reset-configuration command;
*) poe-out - upgraded firmware for CRS354-48P-4S+2Q+ device (the update will cause brief power interruption to PoE-out interfaces);
*) poe-out - upgraded firmware for PSE (BT) controlled boards (the update will cause brief power interruption to PoE-out interfaces);
*) port - display a warning when using invalid log-file with the "remote-access" feature;
*) port - more detailed print command output, include in "USED-BY" property channel number(s);
*) ppp - add routes in matching VRF;
*) ppp - added support for bridge-port-pvid configuration via ppp profile;
*) ppp - added support for bridge-port-trusted configuration via ppp profile;
*) ppp - do not print local/remote pool related errors in log when configuration does not require pool usage;
*) ppp - fixed typos in log message;
*) ppp - reuse link-local IPv6 address for static bindings when possible;
*) ppp - set APN/PDN type "IPv4/v6" according assigned PPP profile protocol setting;
*) pppoe - added support for PPPoE server over 802.1Q VLANs;
*) profiler - classify ppp processing;
*) profiler - improved process classification;
*) profiler - renamed radv process to radvd;
*) ptp - added dynamic switch ACL rules in order to trap PTP packets to CPU instead of forwarding;
*) ptp - added option to configure L2 transport with forwardable and non-forwardable MAC destination;
*) ptp - added PTP support for CRS320-8P-8B-4S+ and CRS326-4C+20G+2Q+ devices;
*) ptp - display warning when none of the PTP ports has a link;
*) ptp - fixed DSCP values for IPv4 packets;
*) ptp - fixed packet receive with enabled igmp-snooping;
*) ptp - fixed packet tx/rx when enabling PTP on 1/2.5/100Gbps links for 98CX8410, 98DX8525, 98DX4310 switches (introduced in v7.16);
*) ptp - fixed synchronization on QSFP28 interfaces;
*) ptp - make PTP process more stable and deterministic when applying configuration;
*) ptp - restrict configuring g8275 profile with IPv4 transport;
-
La suite...
*) qos-hw - allow to disable/enable profiles, disabled or removed profile gets replaced with the default;
*) qos-hw - enabling PFC on port also requires setting egress-rate-queueN;
*) qos-hw - fixed export when changing default Tx Manager;
*) qos-hw - fixed incorrect port byte-use counter;
*) qos-hw - improved PFC behavior;
*) qos-hw - improved system stability when enabling QoS;
*) qos-hw - improved WRED and ECN behavior;
*) qos-hw - rename pfcN-pause and pfcN-resume to pfcN-pause-threshold and pfcN-resume-threshold;
*) qos-hw - reworked PCP and DSCP mapping (now supports single, multiple and range values, previous configuration with minimal value mapping is converted to a single value);
*) qos-hw - switch-cpu port trust settings are forced to "keep";
*) queue - improved system stability when too many simple queues are added;
*) quickset - added "LTE AP" quickset profile with one wifi interface;
*) rip - improved stability when changing metric;
*) romon - added dynamic switch rules on devices supporting it when enabling the service;
*) romon - added interface-list support;
*) romon - send uptime in discovery;
*) rose-storage - allow to set iscsi-iqn only when type=iscsi and allow nvme-tcp-name only when type=nvme-tcp;
*) rose-storage - do not allow to format exported disks;
*) rose-storage - enable autocomplete for local-path property in "/file/sync" menu;
*) rose-storage - enable more threads for faster RAID sync;
*) rose-storage - ensure unique nvme-tcp-names for nvme-tcp clients;
*) rose-storage - improved error messages;
*) rose-storage - improved system stability;
*) rose-storage,raid - improved stability of degraded arrays on startup;
*) rose-storage,raid - store superblock in 1.2 format, show raid super block info when detected to help with reassembling arrays;
*) route - fixed discourse attribute print;
*) route - fixed minor typo in failure message;
*) route - fixed possible issue with inactive routes after reboot (introduced in v7.16);
*) route - improved stability;
*) route - improved stability with static route configuration;
*) route - increased interface name length limit in log messages;
*) route - removed possibility for IPv6 routes to specify interface in the dst-address;
*) routerboot - fixed boot MAC for devices with Alpine CPU ("/system routerboard upgrade" required);
*) routerboot - fixed boot MAC for MIPSBE CRS3xx and CRS5xx switches ("/system routerboard upgrade" required);
*) routerboot - improved stability for IPQ8072 and IPQ6010 when flash-boot is used ("/system routerboard upgrade" required);
*) routing-filter - fixed subtract and add for numerical values (+x, -x);
*) rsync - fixed when used over ssh and spaces in directory names;
*) sfp - fixed 1Gbps supported rate for RB960 and RB962 devices;
*) sfp - fixed linking with 1Gbps optical modules with "combo-mode=sfp" configuration for CRS312 device;
*) sfp - improved initialization and linking for some SFP modules;
*) sfp - improved initialization for certain SFP modules on CRS309 and CRS317 devices ("/system routerboard upgrade" required);
*) sfp - improved power control configuration for QSFP optical modules according to the EEPROM field;
*) sfp - improved SFP auto-negotiation for L22, L23 devices;
*) sfp - improved SFP28, QSFP28 interface stability using DAC cable for CRS520 switch;
*) smb - stability improvements for client/server;
*) snmp - added wifi fields to MIKROTIK-MIB;
*) socks - fixed comment property for access configuration;
*) ssh - added option to configure SSH ciphers (replaced allow-none-crypto parameter);
*) ssh - do not regenerate host key after update from RouterOS version older than 7.9;
*) ssh - improved logging;
*) ssh - improved speed;
*) ssh - prefer GCM ciphers for arm64 and x86 devices when ciphers=auto;
*) ssl/tls - improved performance;
*) sstp - added pfs=required option to allow only ECDHE during TLS handshake;
*) storage - preserve permissions,owners,attributes when syncing under "/file/sync";
*) storage,rsync - fixed to work with clients passing "-a" option;
*) supout - added BGP advertisements section;
*) supout - added device-mode section;
*) supout - do not create autosupout.rif for second time after system reboot;
*) supout - print non BGP and OSFP routes if route list is too large;
*) supout - reduce minimal RAM required for export to be included;
*) supout - use separate LTE section;
*) switch - added "all" argument for "new-dst-ports" switch rule property for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices;
*) switch - added IPv6 flow label matching in switch rules for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices;
*) switch - allow bond interfaces in switch rules for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices;
*) switch - allow matching network bitmask for IPv4 and IPv6 dst/src-address properties in switch rule;
*) switch - disallow switch-cpu in "ports" and "new-dst-ports" rule properties for CRS3xx, CRS5xx, CCR2116, CCR2216 and RB5009 devices;
*) switch - fixed a potential issue with packet corruption caused by incorrect switch initialization on CRS3xx/5xx devices;
*) switch - fixed L2MTU for 25Gbps ports;
*) switch - fixed RSPAN error message when using mirror-target=cpu;
*) switch - fixed rule disable in certain cases for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) switch - fixed storm-rate accuracy on 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) switch - force "mac-protocol" when matching IPv4 or IPv6 specific properties;
*) switch - improved CPU performance for CRS328-24P-4S+ switch;
*) switch - improved system stability for RB5009 and CCR2004-16G-2S+ devices;
*) switch - make switch rule "ports" property not required and unsettable (allows matching packets on all switch ports);
*) switch - updated dynamic switch rules when using HW bridge with IGMP snooping (224.0.0.0/24 and ff02::/16 destination addresses are forwarded and copied to CPU);
*) system - improved IPv6 maximum routing table size based on total memory;
*) system - make ICMP error source address selection configurable (icmp-errors-use-inbound-interface-address parameter in ip settings);
*) system - make TCP timestamp handling configurable (tcp-timestamps parameter in ip settings);
*) system - moved "/system/upgrade" to "/system/package/local-update";
*) tftp - improved stability;
*) upnp - rename service description file from gateway_description.xml back to gateway.xml;
*) user-manager - improved stability;
*) vpls - added support for bridge-pvid configuration;
*) vrf - fixed packet handling with enabled queues;
*) vxlan - fixed issue causing to loose IPv6 VTEP address setting;
*) webfig - added search option for settings;
*) webfig - allow download from file details;
*) webfig - allow style.css and script.js in branding packages;
*) webfig - fixed uploading files with Windows style newlines;
*) webfig - hide inherited wifi password;
*) webfig - improved keyboard navigation;
*) webfig - improved screen reader support;
*) webfig - improved system stability when used over many simultaneous sessions;
*) webfig - redirect "/help/license.html" to "/license.txt" for backwards compatibility;
*) webfig - reduce flickering when table is sorted by column with duplicate values;
*) webfig - Skin Designer moved to centralized page;
*) webfig - status page is deprecated, old status page config will work, but can't be updated or created;
*) webfig - support unicode strings;
*) wifi - add information to each interface, showing which CAPsMAN manages it or which CAP hosts it when applicable;
*) wifi - added a debug log entry when switching channel;
*) wifi - added ability to set security.owe-transition-interface to "auto";
*) wifi - added access-list stats (CLI only);
*) wifi - added configuration.installation property to limit use of indoor-only channels;
*) wifi - added debug log messages on station authentication mismatch;
*) wifi - added extra info to CAPsMAN about message;
*) wifi - added last-activity property in registration table;
*) wifi - added multi-passphrase (PPSK) support (CLI only);
*) wifi - added option to reset MAC address (CLI only);
*) wifi - added station-roaming support;
*) wifi - allow IPv6 LL address in caps-man-addresses;
*) wifi - disabled 802.11h on 2.4GHz station;
*) wifi - fixed "disabled" property in certain cases;
*) wifi - fixed failure to resume operation after DFS non-occupancy period has elapsed;
*) wifi - fixed failure with "auto" peer update on the OWE interface;
*) wifi - fixed occasional failure to bring up management frame protection and channel switch capabilities;
*) wifi - fixed the "no available channels" message still being displayed after a setting change has made some channels available;
*) wifi - improved FT roaming with WPA3 for some Apple devices;
*) wifi - indicate radios' ability to perform a channel switch in their "hw-caps" attribute;
*) wifi - indicate which channels are subject to DFS, or are indoor-only in output of "monitor" command;
*) wifi - re-word the "SA Query timeout" log message to "not responding";
*) wifi - show authentication type and wireless standard used by each client in registration table;
*) wifi - show regulatory limits on maximum bandwidth in output of radio/reg-info command;
*) wifi - when operating in station mode, log more information when AP switches to an unsupported channel;
*) wifi-qcom - added Superchannel country profile;
*) wifi-qcom - updated regulatory info for Ukraine, Australia and United States;
*) wifi-qcom-ac - allow use of channel 144 under "Japan" regulatory domain;
*) wifi-qcom-ac - fix possible conflict between radio and USB initialization on hAP ac2;
*) wifi-qcom-ac - improved CPU load balancing and system stability;
*) winbox - added "Copy to Access List" option under "WiFi/Registration" menu;
*) winbox - added "Max Entries" and "Total Entries" properties under "IP/Firewall/Connections/Tracking" menu;
*) winbox - added "Scan" and "Test Disks" features under "System/Disks" menu;
*) winbox - added Enable/Disable buttons under "Tools/Graphing" menus;
*) winbox - added MAC address support for "Group" property under "Bridge/MDB" menu;
*) winbox - added missing "bus" option for compatible devices under "System/RouterBOARD/USB Power Reset" menu;
*) winbox - added missing properties under "IP/Neighbors" menu;
*) winbox - allow to edit Ethernet MAC address;
*) winbox - clear "Value" field when unset under "IP/DNS/Static" menu;
*) winbox - fixed duplicate timezone names;
*) winbox - fixed typo in "System/Reset Configuration" menu;
*) winbox - hide LCD menu for devices without display;
*) winbox - hide LTE "External Antenna" menu for devices without switchable antenna option;
*) winbox - improved stability;
*) winbox - minimal required version is v3.41;
*) winbox - refresh values under "Bridge/VLANs/MVRP Attributes" menu;
*) winbox - renamed and moved "System/Auto Upgrade" to "System/Packages" menu;
*) winbox - renamed wrong invalid interface flag to inactive;
*) winbox - show "FEC" property on status tab for interfaces that use it;
*) winbox - show MLAG settings for CRS326-4C+20G+2Q+ device;
*) winbox - updated properties and behavior under "Switch/QoS" menu;
*) wireguard - do not initiate handshake when peer is configured as responder;
*) wireless - added option to reset MAC address (CLI only);
*) wireless - added vlan-id to registration-table;
*) wireless - allow to set Canada2 country profile when locked with US lock package for CubeG device;
*) wireless - enable all chains by default for RB911 and RB922 series devices;
*) wireless - fixed antenna gain for SXT5ac device;
*) wireless - preserve configured country while using setup-repeater, added "country" argument (CLI only);
*) x86 - Realtek r8169 updated driver;
*) zerotier - added debug logging;
*) zerotier - do not show default settings in export;
*) zerotier - upgraded to version 1.14.0;
-
Ça c'est du changelog ! Belle release :)
-
Attention toutefois avec cette version qui réintroduit un bug corrigé en 7.15 et qui pose de problème avec les CRS305 et le GPON-ONU-34-20 BI de chez FS.com
Voir : https://lafibre.info/remplacer-livebox/onu-fs-com-tx-power-a-40db/msg1097158/#msg1097158
-
A noter que vous avez un flux RSS à votre disposition. Ca évite de faire doublon
https://download.mikrotik.com/routeros/latest-stable-and-long-term.rss
-
7.18 (2025-Feb-24 10:47)
*) 60ghz - improved system stability;
*) bgp - fixed certain affinity options not working properly;
*) bgp - improved system stability when printing BGP advertisements;
*) bgp - make NO_ADVERTISE, NO_EXPORT, NO_PEER communities work;
*) bond - added transmit hash policies for encapsulated traffic;
*) bridge - added MLAG heartbeat property;
*) bridge - avoid duplicate VLAN entries with dynamic wifi VLANs;
*) bridge - do not reset MLAG peer port on heartbeat timeout (log warning instead);
*) bridge - fixed endless MAC update loop (introduced in v7.17);
*) bridge - fixed missing S flag on interface configuration changes;
*) bridge - improved stability when using MLAG with MSTP (introduced in v7.17);
*) bridge - improvements to MLAG host table updates;
*) bridge - process more DHCP message types (decline, NAK, inform);
*) bridge - removed controller-bridge (CB) and port-extender (PE) support;
*) bridge - show VXLAN remote-ip in host table;
*) btest - allow limiting access to server by IP address;
*) certificate - fixed localized text conversion to UTF-8 on certificate creation;
*) chr - fixed limited upgrades for expired instances;
*) chr/x86 - added network driver for Huawei SP570/580 NIC;
*) chr/x86 - fixed error message on bootup;
*) chr/x86 - fixed GRE issues with ice network driver;
*) chr/x86 - Realtek r8169 updated driver;
*) cloud - added "Back To Home Files" feature;
*) cloud,bth - use in-interface matcher for masquerade rule;
*) console - added dsv.remap to :serialize command to unpack array of maps from print as-value;
*) console - added file-name parameter to :serialize;
*) console - allow ISO timezone format in :totime command;
*) console - allow tab as dsv delimiter;
*) console - allow to toggle script error logging with "/console settings log-script-errors";
*) console - do not autocomplete arguments when match is both exact and ambiguous;
*) console - do not show numbering in print follow;
*) console - fixed "get" and "proplist" for certain settings;
*) console - fixed issue where ping command displays two lines at the same time;
*) console - fixed issue with disappearing global variable;
*) console - implement scriptable safe-mode commands and safe-mode handler;
*) console - improved hints;
*) console - log errors within scripts to the system log;
*) console - make non-pseudo terminals work with imports;
*) console - put !empty sentence when API query returns nothing;
*) console - renamed "back-to-home-users" to "back-to-home-user";
*) container - add default registry-url=https://lscr.io;
*) container - allow HTTP redirects when accessing container registry;
*) container - allow specifying registry using remote-image property;
*) container - improved image arch choice;
*) container - use parent directory of container root-dir for unpack by default, so that container layer files are downloaded directly on target disk;
*) defconf - added IPv6 FastTrack configuration;
*) device-mode - do not allow changing CPU frequency if "routerboard" is not allowed by device mode (introduced in v7.17);
*) device-mode - fixed feature and mode update via power-reset on PPC devices;
*) dhcpv4-client - allow selecting to which routing tables add default route;
*) dhcpv4-client - fixed default option export output;
*) dhcpv4-server - fixed "active-mac-address" update when client has changed MAC address;
*) dhcpv4-server - fixed framed-route removal;
*) dhcpv4-server - fixed lease assigning when server address is not bind to server interface (introduced in v7.17);
*) dhcpv6-client - added "validate-server-duid" option;
*) dhcpv6-client - allow specifying custom DUID;
*) dhcpv6-client - do not run script on prefix renewal;
*) dhcpv6-relay - added option to create routes for bindings passing through relay;
*) dhcpv6-server - respond to client in case of RADIUS reject;
*) discovery - advertise IPv6 capabilities based on "Disable IPv6" global setting;
*) discovery - improved stability during configuration changes;
*) discovery - report actual PSE power-pair with LLDP;
*) discovery - use power-via-mdi-short LLDP TLV only on pse-type1 802.3af;
*) disk - add disk trim command (/disk format-drive diskx file-system=trim);
*) disk - allow to add swap space without container package;
*) disk - allow to set only type=raid devices as raid-master;
*) disk - cleanup raid members mountpoint, improve default name of file base block-device;
*) disk - do not allow adding device in raid when major settings mismatch in superblock and config;
*) disk - do not allow configuring empty slot as raid member;
*) disk - fix detecting disks on virtual machines;
*) disk - fixed removing device from raid while resyncing;
*) disk - fixed setting up dependent devices when file-based block-device becomes available;
*) disk - fixed showing free space on tmpfs (introduced in v7.17);
*) disk - improved stability;
*) disk - improved system stability when SMB interface list is used (introduced in v7.17);
*) disk - mount multi-device btrfs filesystems more reliably at startup;
*) disk - set non-empty fs label when formatting by default;
*) dns - do not show warning messages for DNS static entries when they are not needed;
*) ethernet - fixed issue with default-names for RB4011, RB1100Dx4, RB800 devices;
*) ethernet - fixed link-down on startup for ARM64 devices (introduced in v7.16);
*) ethernet - improved link speed reporting on 2.5G-baseT and 10Gbase-T ports;
*) fetch - added "http-max-redirect-count" parameter, allows to follow redirects;
*) fetch - do not require "content-length" or "transfer-encoding" for HTTP;
*) file - added "recursive" and "relative" parameters to "/file/print" for use in conjunction with "path" parameter;
*) file - allow printing specific directories via path parameter;
*) file - improved handling of filesystems with many files;
*) firewall - allow in-interface/in-bridge-port/in-bridge matching in postrouting chains;
*) firewall - fixed incorrectly inverted hotspot value configuration;
*) firewall - increased maximum connection tracking entry count based on device total RAM size;
*) hotspot - fixed an issue where extra "flash/" is added to html-directory for devices with flash folders (introduced in v7.17);
*) igmp-proxy - fixed multicast routing after upstream interface flaps (introduced in v7.17);
*) iot - added new "iot-bt-extra" package for ARM, ARM64 which enables use of USB Bluetooth adapters (LE 4.0+);
*) iot - improvements to LoRa logging and stability;
*) iot - limited MQTT payload size to 32 KB;
*) ip - added support for /31 address;
*) ippool - added pool usage statistics;
*) ipsec - added hardware acceleration support for hEX refresh;
*) ipsec - fixed chacha20 poly1305 proposal;
*) ipsec - fixed installed SAs update process when SAs are removed;
*) ipv6 - added ability to disable dynamic IPv6 LL address generation on non-VPN interfaces;
*) ipv6 - added FastTrack support;
*) ipv6 - added routing FastPath support (enabled by default);
*) ipv6 - added support for neighbor removal and static entries;
*) ipv6 - fixed configuration loss due to conflicting settings after upgrade (introduced in v7.17);
*) l2tp - added IPv6 FastPath support;
*) l3hw - added initial HW offloading for VXLAN on compatible switches;
*) l3hw - added neigh-dump-retries property;
*) l3hw - fixed /32 (IPv6 /128) route offloading when using interface as gateway;
*) l3hw - fixed partial route offloading for 98DX224S, 98DX226S, 98DX3236 switches;
*) l3hw - respect interface specifier (%) when matching a gateway;
*) log - added CEF format support for remote logging;
*) log - added option to select TCP or UDP for remote logging;
*) lte - added at-chat support for EC21EU;
*) lte - added basic support for Quectel RG255C-GL modem in "at+qcfg="usbnet",0" USB composition;
*) lte - added confirmation-code parameter for eSIM provisioning;
*) lte - added initial eSIM management support;
*) lte - fixed cases where the MBIM dialer could get stuck;
*) lte - fixed Huawei ME909s-120 support;
*) lte - fixed interface recovery in mixed multiapn setup for MBIM modems;
*) lte - fixed missing 5G info for "/interface lte print" command;
*) lte - fixed missing IPv6 prefix advertisement on renamed LTE interfaces;
*) lte - fixed prolonged reboots on Chateau 5G ax;
*) lte - fixed SIM slot initialization with multi-APN setups;
*) lte - improved automatic link recovery and modem redial functions;
*) lte - improved initialization for external USB modems;
*) lte - lte monitor, show CQI when modem reports it as 0 - undetectable, no RX/down-link resource block assigned to modem by provider;
*) lte - R11eL-EC200A-EU fixed online firmware upgrade and added support for firmware update from local file;
*) lte - R11eL-EC200A-EU improved failed connection handling and recovery;
*) lte - reduce modem initialization time for R11e-LTE-US;
*) lte - reduced SIM slot switchover time for modems with AT control channel (except R11e-LTE);
*) lte - removed nonexistent CQI reading for EC200A-EU modem;
*) net - added initial support for automatic multicast tunneling (AMT) interface;
*) netinstall - try to re-create socket if link status changes;
*) netinstall-cli - fixed DHCP magic cookie;
*) ospf - fixed DN bit not being set;
*) ospfv3 - fixed ignored metric for intra-area routes;
*) ovpn - added requirement for server name when exporting configuration;
*) ovpn - disable hardware accelerator for GCM on Alpine CPUs (introduced in v7.17);
*) ovpn-client - added 1000 character limit for password;
*) pimsm - fixed incorrect neighbor entry when using lo interface;
*) poe-out - added "power-pair" info to poe-out monitor (CLI only);
*) poe-out - added console hints;
*) poe-out - added new modes "forced-on-a" and "forced-on-bt" (CLI only);
*) poe-out - upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
*) port - improved handling of USB device plug/unplug events;
*) ppc - fixed HW encryption (introduced in v7.17);
*) ppp - add support for configuration of upload/download queue types in profile;
*) ppp - added support for random UDP source ports;
*) ppp - fixed setting loss when adding new ppp-client interface for BG77 modem from CLI;
*) ppp - properly cleanup failed inactive sessions on pppoe-server;
*) ptp - do not send packets on STP blocked ports;
*) ptp - improved system stability;
*) qos-hw - fixed global buffer limits for 98CX8410 switch;
*) queue - improved system stability when many simple queues are added (introduced in v7.17);
*) queue - improved system stability;
*) queue - prevent CAKE bandwidth config from potentially causing lost connectivity to a device;
*) resolver - fixed static FQDN resolving (introduced in v7.17);
*) rip - fixed visibility of added key-chains in interface-template;
*) rose-storage - add btrfs filesystem add-device/remove-device/replace-device/replace-cancel commands to add/remove/replace disks to/from a live filesystem;
*) rose-storage - add btrfs filesystem balance-start/cancel commands;
*) rose-storage - add btrfs filesystem scrub-start, scrub-cancel commands (CLI only);
*) rose-storage - add btrfs transfers, supports send/receive into/from file for transferring subvolumes across btrfs filesystems;
*) rose-storage - add support to add/remove btrfs subvolumes/snapshots;
*) rose-storage - added support for advanced btrfs features: multi-disk support, subvolumes, snapshots, subvolume send/receive, data/metadata profiles, compression, etc;
*) rose-storage - allow to separately mount any btrfs subvolumes;
*) rose-storage - fixes for btrfs server;
*) rose-storage - update rsync to 3.4.1;
*) rose-storage,ssh - support btrfs send/receive over ssh;
*) route - added /ip/route/check tool;
*) route - added subnet length validation on route add;
*) route - do not use disabled addresses when selecting routing id;
*) route - fixed busy loops (route lockups);
*) route - fixed incorrect H flag usage;
*) route - improved stability when polling static routes via SNMP;
*) route - properly resolve imported BGP VPN routes;
*) routerboot - disable packet switching during etherboot for hEX refresh ("/system routerboard upgrade" required);
*) routerboot - improved stability for IPQ8072 ("/system routerboard upgrade" required);
*) routing-filter - improved stability when using large address lists (>5000);
*) routing-filter - improved usage of quotes in filter rules;
*) sfp - fixed missing "1G-baseX" supported rate for NetMetal ac2 and hEX S devices;
*) sfp - improved linking with certain QSFP modules on CRS354 devices;
*) sfp - improved system stability with some GPON modules for CCR2004 and CCR2116 devices;
*) sfp,qsfp - improved initialization and linking;
*) smb - fixed connection issues with clients using older SMB versions (introduced in v7.17);
*) smb - fixes for SMB server;
*) smb - improved system stability;
*) snmp - added "mtxrAlarmSocketStatus" OID to MIKROTIK-MIB;
*) snmp - added disk serial number through description field;
*) snmp - sort disk list and assign correct disk types;
*) ssh - improved channel resumption after rekey and eof handling;
*) supout - added IPv6 settings section;
*) supout - added per CPU load information;
*) switch - allow entering IPv6 netmask for switch rules (CLI only);
*) switch - fixed dynamic switch rules created by dot1x server (introduced in v7.17);
*) switch - fixed issues with inactive hardware-offloaded bond ports;
*) switch - improved egress-rate on QSFP28 ports;
*) switch - improved system stability for CRS304 switch;
*) switch - improvements to certain switch operations (port disable, shaper and switch initialization);
*) system - added option to list and install available packages (after using "check-for-updates");
*) system - do not allow to install multiple wireless driver packages at the same time;
*) system - do not cause unnecessary sector writes on check-for-updates;
*) system - enable "ipv6" package on RouterOS v6 downgrade if IPv6 is enabled;
*) system - fixed a potential memory leak that occurred when resetting states after an error;
*) system - force time to be at least at package build time minus 1d;
*) system - improved HTTPS speed;
*) system - improved stability on busy systems;
*) system,arm - automatically increase boot part size on upgrade or netinstall (fixed upgrade failed due to a lack of space on kernel disk/partition);
*) tile - improved system stability;
*) traceroute - added "too many hops" error when max-hops are reached;
*) traceroute - limit max-hops maximum value to 255;
*) user - improved authentication procedure when RADIUS is not used;
*) vxlan - added disable option for VTEPs;
*) vxlan - added IPv6 FastPath support;
*) vxlan - added option to dynamically bridge interface and port settings (hw, pvid);
*) vxlan - added TTL property;
*) vxlan - changed default port to 4789;
*) vxlan - fixed unset for "group" and "interface" properties;
*) vxlan - replaced the "inherit" with "auto" option for dont-fragment property (new default);
*) webfig - added confirmation when quitting in Safe Mode;
*) webfig - do not reload form when failed to create new object;
*) webfig - fixed "TCP Flags" property when inverted flags are set in console;
*) webfig - fixed datetime setting under certain menus;
*) webfig - fixed displaying passwords;
*) webfig - fixed Switch/Ports menu not showing correctly;
*) webfig - hide certificate information in IP Services menu when not applicable;
*) webfig - remember expand/fold state;
*) wifi - added max-clients parameter;
*) wifi - avoid excessive re-transmission of SA Query action frames;
*) wifi - fix issue which made it possible for multiple concurrent WPA3 authentications to interfere with each other;
*) wifi - implement steering parameters to delay probe responses to clients in the 2.4GHz band;
*) wifi - log a warning when a client requests power save mode during association as this may prevent successful connection establishment;
*) wifi - re-word the "can't find PMKSA" log message to "no cached PMK";
*) wifi - try to authenticate client as non-FT client if it provides incomplete set of FT parameters;
*) wifi-qcom - fix reporting of radio minimum antenna gain for hAP ax^2;
*) wifi-qcom - prevent AP from transmitting broadcast data unencrypted during authentication of first client;
*) winbox - added "Copy to Provisioning" button under "WiFi/Radios" menu;
*) winbox - added "Last Logged In/Out" and "Times Matched" properties under "WiFi/Access List" menu;
*) winbox - added "Reset Alert" button under "IP/DHCP Server/Alerts" menu;
*) winbox - added L3HW Advanced and Monitor;
*) winbox - added missing options under "System/Disk" menu;
*) winbox - added TCP settings under "Tools/Traffic Generator/Packet Templates" menu;
*) winbox - do not show 0 Tx/Rx rate under "WiFi/Registration" menu when values are not known;
*) winbox - do not show LTE "Antenna Scan" button on devices that do not support it;
*) winbox - fixed locked input fields when creating new certificate template;
*) winbox - show LTE "CA Band" field only when CA info is available;
*) winbox - show warning messages for static DNS entries;
*) x86 - fixed "unsupported speed" warning;
-
What's new in 7.18.1 (2025-Feb-28 13:31):
*) bridge - improved stability in case of configuration error (introduced in v7.15);
*) bridge - show warning instead of causing error when using multicast MAC as admin-mac (introduced in v7.17);
*) cloud - fixed issues when BTH is toggled fast between enable/disable;
*) cloud - improved "BTH Files" web page design;
*) console - fixed issue with files when using scripts (introduced in v7.18);
*) console - improved file add/remove process stability;
*) dhcpv6-relay - clear saved routes on DHCP release;
*) dhcpv6-relay - show client address;
*) disk - add "sector-size" property in print detail;
*) disk - improved stability when formatting crypted partitions;
*) l3hw - remove VLAN tag before VXLAN encapsulation (fixes pvid behavior for bridged VXLAN);
*) lte - fixed modem recovery after firmware upgrade for R11e-LTE modem;
*) lte - fixed Router Advertisement processing issue for AT modems when an APN with "ip-type=ipv6" was configured;
*) ovpn - disable hardware accelerator for GCM on MMIPS CPUs (introduced in v7.18);
*) poe-out - fixed health showing 0V voltage when using PoE-in for RB960;
*) poe-out - upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
*) route - show BGP session name instead of cache-id;
*) switch - improved stability when enabling IGMP snooping with VXLAN (introduced in v7.18);
*) system - improved internal "flash/" prefix handling for different file path related settings;
*) winbox - fixed missing SMB client on non-ROSE devices;
-
Merci @zoc, rien ne t'échappe. :D
-
What's new in 7.18.2 (2025-Mar-11 13:59):
*) console - fixed issue with file-name completion (introduced in v7.18);
*) container - fixed repository name handling to prevent redirect issues when basic authentication is used;
*) lte - additional fixes for eSIM management support;
*) lte - AT modems, improved redialing when modem lost connectivity without notifying host about APN status change;
*) netinstall - fixed socket reset (introduced in v7.18);
*) queue - fixed system failure when CAKE kind queue was configured but queue type definition does not exist anymore (introduced in v7.18);
*) wifi - improved stability for wifi interfaces;
*) winbox - improve graphing efficiency when communicating with WinBox;
-
What's new in 7.19 (2025-May-22 10:53):
*) arm64 - fixed possible transmit queue timeout on CCR2216, CCR2116, RDS2216;
*) arp - added warning, when "Published" ARP entry used on an interface with "reply-only" ARP mode enabled;
*) bgp - added input.filter-community;
*) bgp - fixed excessive CPU usage;
*) bgp - fixed input.accept-community;
*) bgp - fixed memory leak on receiving notify and closing session;
*) bgp - improved performance on BGP input;
*) bonding - added setting for LACP active/passive modes;
*) bridge - added new STP monitoring fields for bridge and ports (Tx/Rx BPDU, Tx/Rx TC, forward/discard transitions, last topology change, message-age, max-age, remaining-hops, bridge-id);
*) bridge - fixed bridge port hang when using invalid port IDs;
*) bridge - fixed dhcp-snooping in QinQ setups;
*) bridge - fixed issue when local MACs were removed unnecessarily;
*) bridge - fixed minor memory leak on link down;
*) bridge - fixed multicast packet flow on hardware offloaded bridge which acts as "multicast-router";
*) bridge - improved default bridge and port layout on console and GUI;
*) bridge - improved stability in case of configuration error (introduced in v7.15);
*) bridge - moved "TCHANGE" logs from bridge,stp to bridge,stp,debug;
*) bridge - offload VXLAN only if another HW offloaded port exists in the bridge;
*) bridge - properly flush bridge hosts when bonding is used as bridge port and loses hw-offloading status;
*) bridge - rename "ports" to "interface" under MDB table for configuration consistency with other menus;
*) bridge - renamed STP monitor fields (port-number to port-id, designated-port-number to designated-port-id, designated-bridge to designated-bridge-id);
*) bridge - show designated-* monitor field for all port roles;
*) bridge - show warning instead of causing error when using multicast MAC as admin-mac (introduced in v7.17);
*) bth - properly specify "in-interface" when adding dynamic firewall NAT rule;
*) capsman - fixed "undo" command for cap interfaces;
*) certificate - added built-in root certificate authorities store;
*) certificate - do not include CA identity in SCEP POST requests;
*) certificate - fixed cloud-dns challenge validation for sn.mynetname.net (CLI only);
*) certificate - improve error message when trying to use certificate;
*) certificate - optimize trust store;
*) cloud - fixed issues when BTH is toggled fast between enable/disable;
*) cloud - improved "BTH Files" web page design;
*) conntrack - improved stability on busy systems;
*) console - added on-error to "for" and "foreach" loops;
*) console - added proplist to monitor command;
*) console - disallow incomplete double-quoted arguments (allows multiline string pasting);
*) console - do not treat return values as errors in scripts run from scheduler;
*) console - enabled verbose error logging for non-scripted/non-verbose imports;
*) console - fixed issue with file-name completion (introduced in v7.18);
*) console - fixed issue with files when using scripts (introduced in v7.18);
*) console - fixed misaligned multiline in brief print mode;
*) console - improve time value handling;
*) console - improved file add/remove process stability;
*) console - print large number argument values in proper format in export output;
*) console - set "/system/note show-at-login=yes" the default value after configuration reset;
*) console - validate script arguments (do, on-error, etc.) and reject invalid values;
*) container - allow changing container name;
*) container - fixed repository name handling to prevent redirect issues when basic authentication is used;
*) container - try to derive a user readable container name from remote image or file;
*) defconf - added DHCP Client on RDS2216 MGMT interface;
*) defconf - increased PPP interface wait time;
*) device-mode - added new "rose" mode where "container" feature is enabled by default;
*) dhcpv4 - improved outgoing packet logging;
*) dhcpv4-client/server - added support for DHCPv4 reconfigure messages;
*) dhcpv4-server - "Relay-Agent-Information" (82) option moved at the end of option list in response packets;
*) dhcpv4-server - accept packets with htype 6;
*) dhcpv4/v6-client - added check-gateway parameter;
*) dhcpv4/v6-client - fixed default route when DHCP client interface is in VRF;
*) dhcpv6-client - allow selecting to which routing tables add default route;
*) dhcpv6-relay - clear saved routes on DHCP release;
*) dhcpv6-relay - show client address;
*) dhcpv6-server - allow unsetting prefix-pool for static bindings and show warning if prefix is not in selected prefix-pool;
*) dhcpv6-server - change bound status to waiting on binding disable;
*) dhcpv6-server - change static binding bound status to waiting on server disable;
*) dhcpv6-server - fix when expired static binding is declined with false "binding belongs to another server" reason;
*) dhcpv6-server - improved stability when disabled server have static bindings;
*) dhcpv6-server - improved stability when disabling server with active bindings;
*) disk - add "sector-size" property in print detail;
*) disk - add reset-counters to /disk btrfs filesystem;
*) disk - renamed "eject-drive" command to "eject" (CLI only);
*) disk - renamed "format-drive" command to "format" (CLI only);
*) dlna - improved folder indexing behavior;
*) dns - improved DNS server service stability;
*) dot1x - fixed dynamic switch ACL rules on boards with a lot of ports (e.g. CRS520);
*) ethernet - improved Ethernet and PoE port mapping to ensure a consistent and reliable interface order;
*) fetch - fixed false successful messages in FTP mode;
*) file - added show-hidden parameter to /file/print, allowing referencing and deleting hidden files;
*) file - fixed missing files from The Dude (introduced in v7.18);
*) file - improved responsiveness on slow filesystems;
*) firewall - always show "passthrough" when exporting mangle table;
*) firewall - detect VRF addresses as local;
*) firewall - fixed IP/Settings "ipv4-fasttrack-active" status showing as inactive when it is active;
*) health - hide settings in CLI if there is nothing to show;
*) health - improved performance on devices with simple voltage sensors;
*) hotspot - improvements to memory usage;
*) igmp-proxy - do not try to send leave message for multicast groups that the device itself has joined on the upstream interface (cosmetic fix for proxy error logs);
*) ike2 - improved initial key exchange process on slow or unreliable connections;
*) iot - improvement to LoRa dev-addr-validation behavior;
*) iot - improvement to LoRa join eui/net id filtering behavior;
*) iot - improvement to LoRa stability and functionality;
*) iot - improvement to LoRa whitelist/blacklist support;
*) iot - iot-bt-extra package stability improvement;
*) ip-service - show all TCP/UDP connections on the system;
*) ip-service - show all TCP/UDP ports on system, including ports in containers;
*) ip-service - show error message when service enable fails;
*) ippool6 - properly free IPv6 pool used prefix when it is not used any more;
*) ipsec - fixed system failure on MMIPS devices when using IPsec services;
*) ipsec - lower standalone cipher, hash priority when using ctr aead;
*) ipv6 - avoid watchdog reboot due to link-local IPv6 address reconfiguration on thousand of interfaces at once;
*) ipv6 - fixed EUI-64 false error message on address update when "from-pool" option is used;
*) isis - properly validate 3-way hello handshake;
*) l2tp-ether - improved stability when trying to connect to disabled L2TP server with IPsec;
*) l3hw - remove VLAN tag before VXLAN encapsulation (fixes pvid behavior for bridged VXLAN);
*) log - added additional CEF fields from firewall and login logs;
*) log - fixed remote logging after reboot when hostname is forwarded to a DNS server;
*) log - populate in/out fields in firewall CEF logs with correct data;
*) lte - added UICC parameter in LTE monitor for R11e-4G modem;
*) lte - additional fixes for eSIM management support;
*) lte - AT modems, improved redialing when modem lost connectivity without notifying host about APN status change;
*) lte - automatically enable roaming for known roaming only SIM/eSIM profiles;
*) lte - Chateau 5G R16 fix DHCP relay packet forwarding using LTE interface;
*) lte - deactivate current eSIM profile before activating new profile;
*) lte - fixed default APN for configless modems;
*) lte - fixed EC200A-EU APN authentication;
*) lte - fixed initialization for Neoway N75 modem;
*) lte - fixed initialization for R11e-LTE6 modem;
*) lte - fixed LTE passthrough activation issue when IPv6 APN is used;
*) lte - fixed LTE status update or possible crash when modem is unexpectedly removed from system;
*) lte - fixed MBIM modem recovery after modem unexpected restart;
*) lte - fixed modem recovery after firmware upgrade for R11e-LTE modem;
*) lte - fixed possible crash or missing IPv6 address on first APN activation when IPv6 capable APN is used;
*) lte - fixed Router Advertisement processing issue for AT modems when an APN with "ip-type=ipv6" was configured;
*) lte - improved dialer for EC200A-EU modem;
*) lte - improved R11e-LTE6 link recovery delay time after unexpected modem registration status changes;
*) lte - initial support for user settable modem redial timer;
*) lte - initialize Quectel modems as soon as they are ready after unexpected restart;
*) lte - reset internal link-recovery-timer on sim slot change;
*) lte - set apn profile name the same as apn if no name specified when creating the profile;
*) lte - show correct value for 5G SA "current-cellid";
*) net - remove support for automatic multicast tunneling (AMT) interface (introduced in v7.18);
*) netinstall - improved network socket re-opening when NIC status changes while running the server;
*) netinstall - provide warning if memory on installed router is full after installation;
*) netinstall - show warning when network configuration on PC might not be appropriate for installation;
*) netinstall-cli - check for other running Netinstall servers on startup;
*) netinstall-cli - clear old configuration before user script using "-s";
*) netinstall-cli - fixed issue with applying the branding package;
*) ospf - fixed "mismatch" typo in logs;
*) ospf - make auth-key parameter sensitive;
*) ovpn - properly match GCM hardware acceleration capabilities (introduced in v7.17);
*) ovpn-server - do not reset active connections when changing comment or name;
*) ovpn-server - fixed server start-up after a reboot;
*) ovpn-server - properly show "username" in log when authentication fails;
*) pimsm - fixed issue where own query caused querier detection;
*) poe-out - upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
*) port - added support for Huawei E3372-325 variant (vendor-id="0x3566" device-id="0x2001");
*) port - added USB mode switch support for "huawei-alt-mode";
*) port - fixed KNOT BG77 modem port lost after RouterOS upgrade from previous versions;
*) port - improvements to KNOT BG77 modem port channel handling;
*) ppc - fixed VLAN TCP packet transmit on PPC devices;
*) profiler - improved process classification;
*) ptp - added "ptp" logging topic;
*) ptp - allow multiple instances;
*) ptp - fixed PTP on 2.5G links;
*) ptp - fixed PTP on QSFP ports for CRS326, CRS510, CRS520, CCR2216 devices;
*) queue - fixed system failure when CAKE kind queue was configured but queue type definition does not exist anymore (introduced in v7.18);
*) queue - speed-up queue addition/removal process;
*) quickset - improved system stability;
*) rose-storage - added Btrfs disk balance command (CLI only);
*) rose-storage - added degraded Btrfs mount option (CLI only);
*) rose-storage - fixed mounting Btrfs subvolumes using macOS SMB client;
*) rose-storage - fixes for Btrfs;
*) rose-storage - improved system stability when removing NVMe disks;
*) rose-storage - rename default RAID device name from "raid" to "raid-array";
*) rose-storage - show Btrfs balance and scrub errors if any;
*) route - added options to set dynamic-in and connected-in chains in /routing/settings;
*) route - fixed stuck output when calling prints from multiple routing menus;
*) route - fixed route rule "min-prefix" unset;
*) route - improve stability on BGP reconnect;
*) route - make AFI naming consistent;
*) route - show "routing-table" by default on console print output;
*) route - show BGP session name instead of cache-id;
*) route-filter - fixed the "blackhole" option setting process;
*) route-filter - improved performance;
*) sfp - added sfp-encoding data output from EEPROM;
*) sfp - improved QSFP link stability for CRS354 devices;
*) sniffer - add max-packet-size (2k-64k) setting to be able to sniffer more than 2k data per packet;
*) snmp - fixed v2 getnext noSuchName error when OID with requested key does not exist;
*) ssh - fixed authorization with SSH key when multiple user SSH public keys are imported;
*) ssl/tls - respond with more precise alert error messages;
*) ssl/tls - send certificate authority in Certificate message even if it is not trusted;
*) switch - do not count rx-too-long multiple times on 100Gbps QSFP28;
*) switch - fixed egress mirroring for packets coming from external CPU port (e.g. CRS520, CCR2216, CCR2116);
*) switch - fixed switch name for hEX Refresh;
*) switch - flush CPU port FDB entries on switch disable;
*) switch - improve rate limit accuracy for MT7531, MT7621, EN7562CT;
*) switch - improved boot stability on devices with Alpine CPU and switch chip;
*) switch - improved stability when enabling IGMP snooping with VXLAN (introduced in v7.18);
*) switch - properly match IPv6 packets with empty ACL rule on CRS3xx, CRS5xx, CCR2004, CCR2116, CCR2216, RDS devices;
*) system - fixed "/system reboot" when the system disk is completely full;
*) system - improved internal "flash/" prefix handling for different file path related settings;
*) system - improved system stability when sending TCP data from the router;
*) system – added new "switch-marvell" and "wifi-mediatek" packages to support upcoming products;
*) timezone - updated timezone information from "tzdata2025b" release;
*) torch - improved data reporting;
*) upgrade - improved free disk space calculation;
*) upgrade - improved upgrade procedure reliability;
*) vrrp - fixed detection of connection tracking after reboot (introduced in v7.17);
*) vxlan -improved system stability when using IPv6 VTEP;
*) webfig - allow table column resize over side toolbar;
*) webfig - don't reorder rows when selecting header cells with Alt+click;
*) webfig - show IPv6 firewall connections;
*) webfig - show missing data in "IP/DNS/Cache" records;
*) wifi - add channel.reselect-time parameter which allows to perform channel re-selection at given time of day (CLI only);
*) wifi - add information on CAP uptime and connection uptime in "Remote CAP" list;
*) wifi - added "eap-identity" to registration table;
*) wifi - added SSID to logs;
*) wifi - display error when trying to run snooper on interface which does not support wireless packet capture (sniffer);
*) wifi - fix authentication of clients which omit some RSN information at association;
*) wifi - fix incorrect info about current channel for station interfaces after AP has switched channel (introduced in v7.17);
*) wifi - fix possible snooper crash when parsing frames with malformed headers;
*) wifi - fixed 5GHz chain enumeration on Chateau PRO ax;
*) wifi - implement WPA2 PSK authentication with key derivation using SHA256 (CLI only);
*) wifi - improve parsing of captured frames which have nested flags in radiotap header;
*) wifi - improved stability for wifi interfaces;
*) wifi - improved stability when doing SNMP query;
*) wifi - improved wifi connection stability when used as a station for "b" mode access point;
*) wifi - re-word log entries about disconnections which are likely caused by peer using a wrong passphrase;
*) wifi - use at least TLS 1.2 for securing connection between CAPsMAN manager and CAPs;
*) wifi-qcom - fix inability of interfaces in station mode to connect if they do not support full bandwidth of AP;
*) wifi-qcom - fix OWE authentication for 802.11ac interfaces in station mode;
*) winbox - added "MAC Telnet" under "Wifi/Registration" menu;
*) winbox - added "Multi Passphrase Group" for wifi;
*) winbox - added "Reset MAC address" for legacy wireless and wifi;
*) winbox - added comment fields for WiFi "Multi Passphrase Group" menu;
*) winbox - added comment under "User Manager/Routers" menu;
*) winbox - added country to wireless setup-repeater;
*) winbox - added missing "Switch" menu for RDS;
*) winbox - added missing file systems for disk formatting;
*) winbox - added missing parameters for BTRFS related action functions;
*) winbox - added mount-point parameter under "Disk/Settings" menu;
*) winbox - added netmask support for switch rule Src/Dst IPv6 Address settings;
*) winbox - allow opening BTRFS menu entries;
*) winbox - changed default wireless wds-cost-range values;
*) winbox - do not show not relevant values for certificate template;
*) winbox - fixed "Multi Passphrase Group" setting for wifi;
*) winbox - fixed "registry-url" field under "Containers" configuration menu;
*) winbox - fixed missing SMB client on non-ROSE devices;
*) winbox - fixed several statistics counters not being read only;
*) winbox - fixed switch menu for Chateau 5G;
*) winbox - fixed time interval type fields precision under "Disks" menu;
*) winbox - hide container File/Remote Image fields only when instance added;
*) winbox - improve graphing efficiency when communicating with WinBox;
*) winbox - make BTRFS "Parent" and "Send Parent" options optional;
*) winbox - properly show/hide OSPF, RIP and BGP tabs for IPv6 routes;
*) winbox - renamed "raid-member" to "raid member" flag for consistency;
*) winbox - show eSIM profiles under eSIM menu without manual refresh;
*) wireguard - add wg-import config-string parameter to import config directly from terminal;
*) wireguard - update peer info on "get" command;
*) wireless - added "eap-identity" to registration table;
*) wireless - implement handling of RADIUS disconnect messages by CAPsMAN;
*) wireless - suggest all legitimate frequencies for interfaces with 20/40mhz-XX channel width in GUI;
*) x86 - added support for Emulex NIC;
*) x86 - i40e updated driver to 2.27.8 version;
*) x86 - remove unnecessary console output on shutdown;
-
What's new in 7.19.1 (2025-May-23 17:27):
*) certificate – fixed support for certificates imported or added in RouterOS v7.4 or earlier (introduced in v7.19);
*) console - improved stability when a running script is removed;
*) container - stability improvements;
*) disk - fixed RAID component size to match the value in the superblock;
*) disk - improved handling of RAID spare disks;
*) disk - improved stability when using RAID;
*) ethernet - fixed flow-control for RB5009;
*) iot - fixed incorrectly shown LoRa payload RSSI values;
*) poe-out - fixed PoE-out reset when inserting specific SFP modules on RB5009;
*) poe-out - upgraded firmware for 802.3at PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);
*) routing-filter - use zero as default as-path length (allows matching empty as path);
*) sfp - correctly classify 100Mbps modules as "100M-baseFX";