Software-update: RouterOS 7.10

MikroTik heeft kort geleden versie 7.10 van RouterOS uitgebracht. RouterOS is een besturingssysteem dat zich richt op het uitvoeren van routertaken. Denk daarbij natuurlijk aan het routeren van netwerkverkeer, maar ook aan bandbreedtemanagement, een firewall, het aansturen van draadloze accesspoints, een hotspotgateway en een vpn-server. Het kan zowel op de hardware van MikroTik als op x86- of virtuele machines zijn werk doen. Voor het gebruik is een licentie nodig, die bij de aankoop van MikroTik-hardware is inbegrepen. De changelog voor deze uitgave kan hieronder worden gevonden.

What's new in 7.10:

• ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154)
• route - added BFD
• bgp - allow to filter BGP sessions by AFI
• bgp - changed default VPNv4 import distance to iBGP value (200)
• bgp - do not check route distinguisher on import
• bgp - fixed "as-override" and rename to "output.as-override"
• bgp - fixed "remove-private-as" and rename to "output.remove-private.as"
• bgp - show address family in advertisements
• bgp - show approximate received prefix count by the session
• branding - fixed custom logo (introduced in v7.8 )
• bridge - fixed HW offloaded STP state on port disable
• bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8 )
• bridge - fixed incorrect host moving between ports with enabled FastPath
• certificate - fixed displaying of certificate serial number
• certificate - improved error reporting for Let's Encrypt certificate
• certificate - restore available "key-usage" property options
• conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only)
• console - added timeout error for configuration export
• console - changed time format according to ISO standard
• console - disable output when using "as-value" parameter
• console - fixed ":terminal inkey" input when resizing terminal
• console - fixed "print without-paging" output in some cases
• console - hide past commands with sensitive arguments
• console - improved stability when using command completion
• container - fixed "container pull" to support OCI manifest format
• container - fixed crash due to missing system directories
• container - improved default internal environment values
• defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files
• defconf - fixed default configuration for RBSXTLTE3-7
• dhcp-server - fixed accounting on RADIUS interim update
• dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs
• doh - less verbose logging
• firewall - added "endpoint-independent-nat" support
• firewall - added "nth" option for IPv6 firewall
• gps - expose GPS port for Quectel RM520N-GL
• ike2 - improved child SA delete request processing
• iot - added option to send Modbus function code commands directly from RouterOS (CLI only)
• ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite)
• ipsec - refactor public key authentication
• ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations
• ipv6 - fixed IPv6 address removal
• l3hw - added "autorestart" option to L3HW settings
• l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only)
• l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start
• l3hw - added monitoring options for L3HW utilization (CLI only)
• l3hw - fixed /32 route deletion
• l3hw - fixed IPv6 ECMP route offloading
• l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes
• l3hw - fixed route table offloading during large volume of route updates
• l3hw - improved host and nexthop offloading
• l3hw - improved offloading of IPv6 hosts after L3HW driver restart
• l3hw - improved performance of partial offloading
• l3hw - improved route offloading after gateway change
• l3hw - improved system stability for partial routing table offload
• leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs
• lora - improved gateway card detection and upgrade logic
• lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards)
• lte - added serving cell query for MBIM modems with necessary MBIM extension
• lte - disable DHCP request filtering (UDP port 67) for Chateau 5G
• lte - fixed APN authentication for R11e-LTE6 modem
• lte - fixed Google Pixel 7 tethering support
• lte - improved MBIM modem firmware reported error handling when settings RAT modes
• lte - improved modem firmware upgrade stability for MBIM modems
• lte - improved stability for Chateau 5G LTE modem firmware upgrade
• lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support
• lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems
• mpls - added FastPath support
• netwatch - added warning about non-running probe due to "startup-delay" (CLI only)
• ovpn - added initial support for V2 data transfer protocol
• ovpn - improved system stability
• poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009
• pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag
• qos-hw - added QoS marking support for 98DXxxxx switches (CLI only)
• qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion
• rose-storage - added support for multiple smb users and smb shares
• route - improved system stability when removing multicast forwarding entries
• routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required)
• routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required)
• routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required)
• scheduler - fixed incorrectly started scheduler during reboot or shutdown
• sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices
• sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch
• sfp - fixed combo-sfp linking at 1G rate for CRS312 switch
• sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches
• sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices
• sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches
• sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices
• sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices
• sfp - report EEPROM data even if "auto-init-failed" has occurred
• smb - improved SMB v1 operation
• sniffer - fixed large .pcap file limit
• snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property
• snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1)
• snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB
• ssh - added inline key "passphrase" property
• ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9)
• switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only)
• switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches
• system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices
• system - reduced RAM usage for SMIPS devices
• tile - fixed support for microSD card
• tr069 - added 5G SCC "SNR" parameter for modems that report it
• upgrade - do not run manual upgrade if some packages are missing
• ups - fixed updating of "battery-voltage" property
• vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive
• vrrp - added warning if the VRRP group is misconfigured
• vrrp - added warning if VRRP or its interface does not have an IP address
• vrrp - do not start connection synchronization if the global connection tracking is inactive
• vrrp - fixed issue where disabled VRRP interface is affecting group
• vrrp - fixed VRRP interface state on physical cable disconnection
• vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking"
• vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master
• vrrp - send VRRP announcements only by "group-authority"
• w60g - improved interface stability for PTMP setups
• webfig - added high-resolution favicon
• webfig - allow limitless upper bounds for number range
• webfig - allow to set "0" second time for fields with default values
• webfig - changed time format according to ISO standard
• webfig - display date and time in local time zone
• webfig - fixed missing "WifiWave2" menu
• webfig - fixed missing property names in "WifiWave2" menu
• webfig - redesigned item configuration display
• webfig - redesigned top menu bar
• webfig - removed "Tools/Telnet" menu
• webfig - removed auto-login with default credentials (admin without a password)
• wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag
• wifiwave2 - do not show placeholder transmit power values on interface startup
• wifiwave2 - fixed CAP connection when provisioning "manager=capsman"
• wifiwave2 - fixed CAP interface name when using "name-format"
• wifiwave2 - fixed connectivity issues wheen access-list is used
• wifiwave2 - fixed DFS channel availability warning (introduced in v7.9)
• wifiwave2 - fixed dynamic interface adding to bridge on CAP device
• wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected
• wifiwave2 - fixed incorrect limits on number of interfaces in station mode
• wifiwave2 - fixed interface name change when restoring backup
• wifiwave2 - fixed key handshake timeout with re-associating clients
• wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices
• wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8 )
• wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices
• wifiwave2 - improve protections against DoS attacks on WPA3-PSK
• wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client
• wifiwave2 - improved system stability when trying to exceed virtual AP limit
• wifiwave2 - less verbose logging when WPA3-PSK clients are connecting
• wifiwave2 - other system stability improvements
• wifiwave2 - restore interface running state when connection to CAPsMAN is lost
• winbox - added "MPLS/Settings" menu
• winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu
• winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu
• wireguard - fixed IPv6 traffic processing with multiple peers
• wireguard - retry "endpoint-address" DNS query on failed resolve
• x86 - ice driver update to v1.11.14
• zerotier - make "identity" setting sensitive