Вышла новая версия RouterOS 7.9 stable

MikroTik RouterOS 7.9

Изменения:

• bgp - improved BGP VPN selection;
• bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
• bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
• certificate - fixed bogus log messages;
• chr - fixed public SSH key pulling when running on AWS;
• console - added "/task" submenu (CLI only);
• console - added option to create new files using "/file add" command (CLI only);
• console - improved stability when doing "/console inspect" in certain menus;
• console - improved stability when editing long strings;
• console - improved system stability;
• console - removed bogus "reset" command from "/system resource usb" menu;
• console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
• console - replaced "fingerprint" with "skid" in "/certificate print";
• console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
• container - fixed invoking "container shell" more than once;
• container - improved "container pull" to support OCI manifest format;
• defconf - added CAPs mode script for wifiwave2 devices;
• detnet - fixed interface state detection after reboot;
• dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
• dhcpv4-server - release lease if "check-status" reveals no conflict;
• disk - improved system stability when removing USB while formatting;
• ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
• filesystem - fixed partition "copy-to" function;
• firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
• health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
• health - fixed bogus value reporting for CRS510 device;
• ike2 - fixed minor logging typo;
• ipsec - added error log message when peer ID does not match certificate;
• ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
• ipsec - refactor X.509 implementation;
• ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
• ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
• l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
• leds - disable LEDs after "/system shutdown";
• lte - capped maximum lifetime of SLAAC address to 1 hour;
• lte - fixed CA band clearing on RAT mode change;
• lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
• lte - fixed LTE interface not showing up when resetting RouterOS configuration;
• lte - fixed passthrough mode when used together with another APN for Chateau 5G;
• lte - fixed R11-LTE-US in LTE passthrough mode;
• lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
• lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
• lte - fixed second modem halt on dual R11e-LTE6 setup;
• lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
• mpls- fixed LDP "preferred-afi" parameter;
• netinstall-cli - improved device reinstall on failed attempt;
• netwatch - added "startup-delay" setting (CLI only);
• netwatch - improved ICMP status evaluation when no reply was present;
• netwatch - limit "start-delay" range;
• ospf - fixed processing of fragmented LSAs;
• ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
• ovpn - improved system stability for Tile devices;
• quickset - fixed displaying of "SINR" when value is 0;
• rose-storage - added option to nvme-discover with hostname (CLI only);
• rose-storage - fixed crash on nvme-tcp disable;
• rose-storage - fixed rsync transfer permissions;
• rose-storage - various stability fixes;
• route - fixed "dynamic-id" for VRF tables;
• route - improved system stability when making routing decision;
• route - show SLAAC routes under the "/routing route" menu;
• route-filter - improved stability when matching blackhole routes;
• routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
• sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
• sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
• sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
• sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
• sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
• sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
• sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
• sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
• snmp - fixed SNMPv3 "Reportable" flag behavior;
• snmp - improved outputting of routes;
• socks - added VRF support;
• ssh - added Ed25519 host key support;
• ssh - added support for Ed25519 key export and import in PKCS8 format;
• ssh - do not allow SHA1 usage with strong crypto enabled;
• ssh - improved service responsiveness when changing SSH service settings;
• ssh - improved SSH key import process;
• storage - mount RAM drive for devices with 32MB flash;
• supout - added DHCP server network section;
• switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
• switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
• switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
• timezone - updated timezone information from "tzdata2023c" release;
• vrrp - added "self" value for "group-master" setting;
• vxlan - added forwarding table;
• vxlan - fixed packet drops when host moves between remote VTEPs;
• webfig - added inline comments;
• webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
• webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
• webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
• webfig - various stability fixes;
• wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
• wifiwave2 - added ability to configure antenna gain;
• wifiwave2 - added ability to configure beacon interval and DTIM period;
• wifiwave2 - added information on additional interface capabilities to radio parameters;
• wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
• wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
• wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
• wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
• wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
• wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
• wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
• wifiwave2 - improved general interface stability;
• wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
• wifiwave2 - improved WPS connection speed;
• wifiwave2 - increased maximum value for "channel.frequency" to 7300;
• wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
• winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
• winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
• winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
• winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
• winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
• winbox - added "Username" and "Password" properties under "Container/Config" menu;
• winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
• winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
• winbox - changed route flag name from "invalid" to "inactive";
• winbox - fixed "TLS" property under "Tools/Email" menu;
• winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
• winbox - fixed changing slot name under "System/Disk" menu;
• winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
• winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
• winbox - fixed minor typo in "WifiWave2/Radios" menu;
• winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
• winbox - improved Ethernet advertise, speed and duplex settings;
• winbox - only show permitted countries for wifiwave2 interfaces;
• winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
• www - allow unsecure HTTP access to REST API;
• x86 - fixed changing software-id (introduced in v7.7);
• zerotier - upgraded to version 1.10.3.