Вышла новая версия RouterOS 7.9 stable
MikroTik RouterOS 7.9
Изменения:
- bgp - improved BGP VPN selection;
- bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
- bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
- certificate - fixed bogus log messages;
- chr - fixed public SSH key pulling when running on AWS;
- console - added "/task" submenu (CLI only);
- console - added option to create new files using "/file add" command (CLI only);
- console - improved stability when doing "/console inspect" in certain menus;
- console - improved stability when editing long strings;
- console - improved system stability;
- console - removed bogus "reset" command from "/system resource usb" menu;
- console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
- console - replaced "fingerprint" with "skid" in "/certificate print";
- console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
- container - fixed invoking "container shell" more than once;
- container - improved "container pull" to support OCI manifest format;
- defconf - added CAPs mode script for wifiwave2 devices;
- detnet - fixed interface state detection after reboot;
- dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
- dhcpv4-server - release lease if "check-status" reveals no conflict;
- disk - improved system stability when removing USB while formatting;
- ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
- filesystem - fixed partition "copy-to" function;
- firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
- health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
- health - fixed bogus value reporting for CRS510 device;
- ike2 - fixed minor logging typo;
- ipsec - added error log message when peer ID does not match certificate;
- ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
- ipsec - refactor X.509 implementation;
- ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
- ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
- l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
- leds - disable LEDs after "/system shutdown";
- lte - capped maximum lifetime of SLAAC address to 1 hour;
- lte - fixed CA band clearing on RAT mode change;
- lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
- lte - fixed LTE interface not showing up when resetting RouterOS configuration;
- lte - fixed passthrough mode when used together with another APN for Chateau 5G;
- lte - fixed R11-LTE-US in LTE passthrough mode;
- lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
- lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
- lte - fixed second modem halt on dual R11e-LTE6 setup;
- lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
- mpls- fixed LDP "preferred-afi" parameter;
- netinstall-cli - improved device reinstall on failed attempt;
- netwatch - added "startup-delay" setting (CLI only);
- netwatch - improved ICMP status evaluation when no reply was present;
- netwatch - limit "start-delay" range;
- ospf - fixed processing of fragmented LSAs;
- ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
- ovpn - improved system stability for Tile devices;
- quickset - fixed displaying of "SINR" when value is 0;
- rose-storage - added option to nvme-discover with hostname (CLI only);
- rose-storage - fixed crash on nvme-tcp disable;
- rose-storage - fixed rsync transfer permissions;
- rose-storage - various stability fixes;
- route - fixed "dynamic-id" for VRF tables;
- route - improved system stability when making routing decision;
- route - show SLAAC routes under the "/routing route" menu;
- route-filter - improved stability when matching blackhole routes;
- routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
- sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
- sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
- sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
- sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
- sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
- sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
- sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
- sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
- snmp - fixed SNMPv3 "Reportable" flag behavior;
- snmp - improved outputting of routes;
- socks - added VRF support;
- ssh - added Ed25519 host key support;
- ssh - added support for Ed25519 key export and import in PKCS8 format;
- ssh - do not allow SHA1 usage with strong crypto enabled;
- ssh - improved service responsiveness when changing SSH service settings;
- ssh - improved SSH key import process;
- storage - mount RAM drive for devices with 32MB flash;
- supout - added DHCP server network section;
- switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
- switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
- switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
- timezone - updated timezone information from "tzdata2023c" release;
- vrrp - added "self" value for "group-master" setting;
- vxlan - added forwarding table;
- vxlan - fixed packet drops when host moves between remote VTEPs;
- webfig - added inline comments;
- webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
- webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
- webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
- webfig - various stability fixes;
- wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
- wifiwave2 - added ability to configure antenna gain;
- wifiwave2 - added ability to configure beacon interval and DTIM period;
- wifiwave2 - added information on additional interface capabilities to radio parameters;
- wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
- wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
- wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
- wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
- wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
- wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
- wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
- wifiwave2 - improved general interface stability;
- wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
- wifiwave2 - improved WPS connection speed;
- wifiwave2 - increased maximum value for "channel.frequency" to 7300;
- wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
- winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
- winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
- winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
- winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
- winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
- winbox - added "Username" and "Password" properties under "Container/Config" menu;
- winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
- winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
- winbox - changed route flag name from "invalid" to "inactive";
- winbox - fixed "TLS" property under "Tools/Email" menu;
- winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
- winbox - fixed changing slot name under "System/Disk" menu;
- winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
- winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
- winbox - fixed minor typo in "WifiWave2/Radios" menu;
- winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
- winbox - improved Ethernet advertise, speed and duplex settings;
- winbox - only show permitted countries for wifiwave2 interfaces;
- winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
- www - allow unsecure HTTP access to REST API;
- x86 - fixed changing software-id (introduced in v7.7);
- zerotier - upgraded to version 1.10.3.