Software-update: RouterOS 7.18

MikroTik heeft versie 7.18 van RouterOS uitgebracht, een besturingssysteem dat zich richt op het uitvoeren van routertaken. Denk daarbij natuurlijk aan het routeren van netwerkverkeer, maar ook aan bandbreedtemanagement, een firewall, het aansturen van draadlozeaccesspoints, een hotspotgateway en een vpn-server. Het kan zowel op de hardware van MikroTik als op x86- of virtuele machines zijn werk doen. Voor het gebruik is een licentie nodig, die bij de aankoop van MikroTik-hardware is inbegrepen. De changelog voor deze uitgave kan hieronder worden gevonden.

What's new in 7.18:

• 60ghz - improved system stability
• bgp - fixed certain affinity options not working properly
• bgp - improved system stability when printing BGP advertisements
• bgp - make NO_ADVERTISE, NO_EXPORT, NO_PEER communities work
• bond - added transmit hash policies for encapsulated traffic
• bridge - added MLAG heartbeat property;
• bridge - avoid duplicate VLAN entries with dynamic wifi VLANs
• bridge - do not reset MLAG peer port on heartbeat timeout (log warning instead)
• bridge - fixed endless MAC update loop (introduced in v7.17)
• bridge - fixed missing S flag on interface configuration changes
• bridge - improved stability when using MLAG with MSTP (introduced in v7.17)
• bridge - improvements to MLAG host table updates
• bridge - process more DHCP message types (decline, NAK, inform)
• bridge - removed controller-bridge (CB) and port-extender (PE) support
• bridge - show VXLAN remote-ip in host table
• btest - allow limiting access to server by IP address
• certificate - fixed localized text conversion to UTF-8 on certificate creation
• chr - fixed limited upgrades for expired instances
• chr/x86 - added network driver for Huawei SP570/580 NIC
• chr/x86 - fixed error message on bootup
• chr/x86 - fixed GRE issues with ice network driver
• chr/x86 - Realtek r8169 updated driver
• cloud - added "Back To Home Files" feature
• cloud,bth - use in-interface matcher for masquerade rule
• console - added dsv.remap to :serialize command to unpack array of maps from print as-value
• console - added file-name parameter to :serialize
• console - allow ISO timezone format in :totime command
• console - allow tab as dsv delimiter
• console - allow to toggle script error logging with "/console settings log-script-errors"
• console - do not autocomplete arguments when match is both exact and ambiguous
• console - do not show numbering in print follow
• console - fixed "get" and "proplist" for certain settings
• console - fixed issue where ping command displays two lines at the same time
• console - fixed issue with disappearing global variable
• console - implement scriptable safe-mode commands and safe-mode handler
• console - improved hints
• console - log errors within scripts to the system log
• console - make non-pseudo terminals work with imports;
• console - put !empty sentence when API query returns nothing
• console - renamed "back-to-home-users" to "back-to-home-user"
• container - add default registry-url=https://lscr.io
• container - allow HTTP redirects when accessing container registry
• container - allow specifying registry using remote-image property
• container - improved image arch choice
• container - use parent directory of container root-dir for unpack by default, so that container layer files are downloaded directly on target disk
• defconf - added IPv6 FastTrack configuration
• device-mode - do not allow changing CPU frequency if "routerboard" is not allowed by device mode (introduced in v7.17)
• device-mode - fixed feature and mode update via power-reset on PPC devices
• dhcpv4-client - allow selecting to which routing tables add default route
• dhcpv4-client - fixed default option export output
• dhcpv4-server - fixed "active-mac-address" update when client has changed MAC address
• dhcpv4-server - fixed framed-route removal
• dhcpv4-server - fixed lease assigning when server address is not bind to server interface (introduced in v7.17)
• dhcpv6-client - added "validate-server-duid" option
• dhcpv6-client - allow specifying custom DUID;
• dhcpv6-client - do not run script on prefix renewal
• dhcpv6-relay - added option to create routes for bindings passing through relay
• dhcpv6-server - respond to client in case of RADIUS reject
• discovery - advertise IPv6 capabilities based on "Disable IPv6" global setting
• discovery - improved stability during configuration changes
• discovery - report actual PSE power-pair with LLDP
• discovery - use power-via-mdi-short LLDP TLV only on pse-type1 802.3af
• disk - add disk trim command (/disk format-drive diskx file-system=trim)
• disk - allow to add swap space without container package
• disk - allow to set only type=raid devices as raid-master
• disk - cleanup raid members mountpoint, improve default name of file base block-device
• disk - do not allow adding device in raid when major settings mismatch in superblock and config
• disk - do not allow configuring empty slot as raid member
• disk - fix detecting disks on virtual machines
• disk - fixed removing device from raid while resyncing
• disk - fixed setting up dependent devices when file-based block-device becomes available
• disk - fixed showing free space on tmpfs (introduced in v7.17)
• disk - improved stability
• disk - improved system stability when SMB interface list is used (introduced in v7.17)
• disk - mount multi-device btrfs filesystems more reliably at startup
• disk - set non-empty fs label when formatting by default
• dns - do not show warning messages for DNS static entries when they are not needed
• ethernet - fixed issue with default-names for RB4011, RB1100Dx4, RB800 devices
• ethernet - fixed link-down on startup for ARM64 devices (introduced in v7.16)
• ethernet - improved link speed reporting on 2.5G-baseT and 10Gbase-T ports
• fetch - added "http-max-redirect-count" parameter, allows to follow redirects
• fetch - do not require "content-length" or "transfer-encoding" for HTTP
• file - added "recursive" and "relative" parameters to "/file/print" for use in conjunction with "path" parameter;
• file - allow printing specific directories via path parameter
• file - improved handling of filesystems with many files
• firewall - allow in-interface/in-bridge-port/in-bridge matching in postrouting chains
• firewall - fixed incorrectly inverted hotspot value configuration
• firewall - increased maximum connection tracking entry count based on device total RAM size
• hotspot - fixed an issue where extra "flash/" is added to html-directory for devices with flash folders (introduced in v7.17)
• igmp-proxy - fixed multicast routing after upstream interface flaps (introduced in v7.17)
• iot - added new "iot-bt-extra" package for ARM, ARM64 which enables use of USB Bluetooth adapters (LE 4.0+)
• iot - improvements to LoRa logging and stability
• iot - limited MQTT payload size to 32 KB
• ip - added support for /31 address
• ippool - added pool usage statistics
• ipsec - added hardware acceleration support for hEX refresh
• ipsec - fixed chacha20 poly1305 proposal;
• ipsec - fixed installed SAs update process when SAs are removed
• ipv6 - added ability to disable dynamic IPv6 LL address generation on non-VPN interfaces
• ipv6 - added FastTrack support
• ipv6 - added routing FastPath support (enabled by default)
• ipv6 - added support for neighbor removal and static entries;
• ipv6 - fixed configuration loss due to conflicting settings after upgrade (introduced in v7.17)
• l2tp - added IPv6 FastPath support
• l3hw - added initial HW offloading for VXLAN on compatible switches
• l3hw - added neigh-dump-retries property
• l3hw - fixed /32 (IPv6 /128) route offloading when using interface as gateway
• l3hw - fixed partial route offloading for 98DX224S, 98DX226S, 98DX3236 switches
• l3hw - respect interface specifier (%) when matching a gateway
• log - added CEF format support for remote logging
• log - added option to select TCP or UDP for remote logging
• lte - added at-chat support for EC21EU
• lte - added basic support for Quectel RG255C-GL modem in "at+qcfg="usbnet",0" USB composition
• lte - added confirmation-code parameter for eSIM provisioning
• lte - added initial eSIM management support
• lte - fixed cases where the MBIM dialer could get stuck
• lte - fixed Huawei ME909s-120 support
• lte - fixed interface recovery in mixed multiapn setup for MBIM modems
• lte - fixed missing 5G info for "/interface lte print" command
• lte - fixed missing IPv6 prefix advertisement on renamed LTE interfaces
• lte - fixed prolonged reboots on Chateau 5G ax
• lte - fixed SIM slot initialization with multi-APN setups
• lte - improved automatic link recovery and modem redial functions
• lte - improved initialization for external USB modems
• lte - lte monitor, show CQI when modem reports it as 0 - undetectable, no RX/down-link resource block assigned to modem by provider
• lte - R11eL-EC200A-EU fixed online firmware upgrade and added support for firmware update from local file
• lte - R11eL-EC200A-EU improved failed connection handling and recovery
• lte - reduce modem initialization time for R11e-LTE-US
• lte - reduced SIM slot switchover time for modems with AT control channel (except R11e-LTE)
• lte - removed nonexistent CQI reading for EC200A-EU modem
• net - added initial support for automatic multicast tunneling (AMT) interface
• netinstall - try to re-create socket if link status changes
• netinstall-cli - fixed DHCP magic cookie
• ospf - fixed DN bit not being set
• ospfv3 - fixed ignored metric for intra-area routes
• ovpn - added requirement for server name when exporting configuration
• ovpn - disable hardware accelerator for GCM on Alpine CPUs (introduced in v7.17)
• ovpn-client - added 1000 character limit for password
• pimsm - fixed incorrect neighbor entry when using lo interface
• poe-out - added "power-pair" info to poe-out monitor (CLI only)
• poe-out - added console hints
• poe-out - added new modes "forced-on-a" and "forced-on-bt" (CLI only)
• poe-out - upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces)
• port - improved handling of USB device plug/unplug events
• ppc - fixed HW encryption (introduced in v7.17)
• ppp - add support for configuration of upload/download queue types in profile
• ppp - added support for random UDP source ports
• ppp - fixed setting loss when adding new ppp-client interface for BG77 modem from CLI
• ppp - properly cleanup failed inactive sessions on pppoe-server
• ptp - do not send packets on STP blocked ports
• ptp - improved system stability
• qos-hw - fixed global buffer limits for 98CX8410 switch
• queue - improved system stability when many simple queues are added (introduced in v7.17)
• queue - improved system stability
• queue - prevent CAKE bandwidth config from potentially causing lost connectivity to a device
• resolver - fixed static FQDN resolving (introduced in v7.17)
• rip - fixed visibility of added key-chains in interface-template
• rose-storage - add btrfs filesystem add-device/remove-device/replace-device/replace-cancel commands to add/remove/replace disks to/from a live filesystem
• rose-storage - add btrfs filesystem balance-start/cancel commands
• rose-storage - add btrfs filesystem scrub-start, scrub-cancel commands (CLI only)
• rose-storage - add btrfs transfers, supports send/receive into/from file for transferring subvolumes across btrfs filesystems
• rose-storage - add support to add/remove btrfs subvolumes/snapshots
• rose-storage - added support for advanced btrfs features: multi-disk support, subvolumes, snapshots, subvolume send/receive, data/metadata profiles, compression, etc
• rose-storage - allow to separately mount any btrfs subvolumes
• rose-storage - fixes for btrfs server
• rose-storage - update rsync to 3.4.1
• rose-storage,ssh - support btrfs send/receive over ssh
• route - added /ip/route/check tool
• route - added subnet length validation on route add
• route - do not use disabled addresses when selecting routing id
• route - fixed busy loops (route lockups)
• route - fixed incorrect H flag usage
• route - improved stability when polling static routes via SNMP
• route - properly resolve imported BGP VPN routes
• routerboot - disable packet switching during etherboot for hEX refresh ("/system routerboard upgrade" required)
• routerboot - improved stability for IPQ8072 ("/system routerboard upgrade" required)
• routing-filter - improved stability when using large address lists (>5000)
• routing-filter - improved usage of quotes in filter rules
• sfp - fixed missing "1G-baseX" supported rate for NetMetal ac2 and hEX S devices
• sfp - improved linking with certain QSFP modules on CRS354 devices
• sfp - improved system stability with some GPON modules for CCR2004 and CCR2116 devices
• sfp,qsfp - improved initialization and linking
• smb - fixed connection issues with clients using older SMB versions (introduced in v7.17)
• smb - fixes for SMB server
• smb - improved system stability
• snmp - added "mtxrAlarmSocketStatus" OID to MIKROTIK-MIB
• snmp - added disk serial number through description field;
• snmp - sort disk list and assign correct disk types
• ssh - improved channel resumption after rekey and eof handling
• supout - added IPv6 settings section
• supout - added per CPU load information
• switch - allow entering IPv6 netmask for switch rules (CLI only)
• switch - fixed dynamic switch rules created by dot1x server (introduced in v7.17)
• switch - fixed issues with inactive hardware-offloaded bond ports
• switch - improved egress-rate on QSFP28 ports
• switch - improved system stability for CRS304 switch
• switch - improvements to certain switch operations (port disable, shaper and switch initialization);
• system - added option to list and install available packages (after using "check-for-updates")
• system - do not allow to install multiple wireless driver packages at the same time
• system - do not cause unnecessary sector writes on check-for-updates
• system - enable "ipv6" package on RouterOS v6 downgrade if IPv6 is enabled;
• system - fixed a potential memory leak that occurred when resetting states after an error
• system - force time to be at least at package build time minus 1d
• system - improved HTTPS speed
• system - improved stability on busy systems
• system,arm - automatically increase boot part size on upgrade or netinstall (fixed upgrade failed due to a lack of space on kernel disk/partition);
• tile - improved system stability
• traceroute - added "too many hops" error when max-hops are reached
• traceroute - limit max-hops maximum value to 255
• user - improved authentication procedure when RADIUS is not used
• vxlan - added disable option for VTEPs
• vxlan - added IPv6 FastPath support
• vxlan - added option to dynamically bridge interface and port settings (hw, pvid)
• vxlan - added TTL property
• vxlan - changed default port to 4789
• vxlan - fixed unset for "group" and "interface" properties
• vxlan - replaced the "inherit" with "auto" option for dont-fragment property (new default)
• webfig - added confirmation when quitting in Safe Mode
• webfig - do not reload form when failed to create new object
• webfig - fixed "TCP Flags" property when inverted flags are set in console
• webfig - fixed datetime setting under certain menus
• webfig - fixed displaying passwords
• webfig - fixed Switch/Ports menu not showing correctly
• webfig - hide certificate information in IP Services menu when not applicable
• webfig - remember expand/fold state
• wifi - added max-clients parameter
• wifi - avoid excessive re-transmission of SA Query action frames
• wifi - fix issue which made it possible for multiple concurrent WPA3 authentications to interfere with each other
• wifi - implement steering parameters to delay probe responses to clients in the 2.4GHz band
• wifi - log a warning when a client requests power save mode during association as this may prevent successful connection establishment
• wifi - re-word the "can't find PMKSA" log message to "no cached PMK"
• wifi - try to authenticate client as non-FT client if it provides incomplete set of FT parameters
• wifi-qcom - fix reporting of radio minimum antenna gain for hAP ax^2
• wifi-qcom - prevent AP from transmitting broadcast data unencrypted during authentication of first client
• winbox - added "Copy to Provisioning" button under "WiFi/Radios" menu
• winbox - added "Last Logged In/Out" and "Times Matched" properties under "WiFi/Access List" menu
• winbox - added "Reset Alert" button under "IP/DHCP Server/Alerts" menu
• winbox - added L3HW Advanced and Monitor
• winbox - added missing options under "System/Disk" menu
• winbox - added TCP settings under "Tools/Traffic Generator/Packet Templates" menu
• winbox - do not show 0 Tx/Rx rate under "WiFi/Registration" menu when values are not known
• winbox - do not show LTE "Antenna Scan" button on devices that do not support it
• winbox - fixed locked input fields when creating new certificate template
• winbox - show LTE "CA Band" field only when CA info is available
• winbox - show warning messages for static DNS entries
• x86 - fixed "unsupported speed" warning