Software-update: RouterOS 7.7
MikroTik heeft versie 7.7 van RouterOS uitgebracht. RouterOS is een besturingssysteem dat zich richt op het uitvoeren van routertaken. Denk daarbij natuurlijk aan het routeren van netwerkverkeer, maar ook aan bandbreedtemanagement, een firewall, het aansturen van draadloze accesspoints, een hotspotgateway en een vpn-server. Het kan zowel op de hardware van MikroTik als op x86- of virtuele machines zijn werk doen. Voor het gebruik is een licentie nodig, die bij de aankoop van MikroTik-hardware is inbegrepen. De changelog voor deze uitgave kan hieronder worden gevonden.
bgp - added comment functionality for BGP VPN (CLI only)bgp - do not reflect route back to senderbgp - fixed BGP advertisement PCAP saverbgp - fixed connection establishment using link-local addressesbgp - improved BGP advertisement printingbgp - improved BGP session load distribution across multiple CPU coresbgp - properly set "bgp-ext-communities" from "communities" listbluetooth - added unique advertise message filteringbonding - properly detect VPLS interface state changesbranding - fixed identity setting from branding packagebridge - added support for static MDB entriesbridge - disallow port-controller while the bridge has MSTP enabledbridge - fixed "edge=yes" setting for MSTPbridge - fixed MSTP compatibility with STPbridge - fixed R/M/STP bridge identifier on protocol-mode changebridge - fixed RSTP BCP with bridged PPP interfacesbridge - fixed STP blocking state on port-controllerbridge - fixed host moving with fast-pathbridge - fixed incorrect root port blocking for MSTPbridge - fixed master port conversionbridge - fixed mst-override port priority for MSTPbridge - fixed port priority for STP and RSTPbridge - improved port-controller system stabilitybridge - improved system stability when using MSTP and many VLAN mappingsbridge - removed "age" monitoring property from the host tablecertificate - improved Let's Encrypt logging and error recoverycertificate - improved certificate management, signing and storing processesconntrack - improved system stability when PPTP helper is usedconntrack - improved system stability when processing SCTP connections on TILEconsole - updated copyright noticecontainer - fixed access to "/dev/stderr" from containerscontainer - fixed handling of groups and usernames from Dockerfilecontainer - fixed tar extractingcontainer - made "ram" and "tmp" directories use tmpfscrs1xx/2xx - fixed "new-customer-pcp" setting for ACL rulesdhcpv6-client - handle receiving of invalid T1 and T2 timesdiscovery - added "discovered-by" parameter to indicate which protocol discovered the neighbordiscovery - added "mode" parameter for discovery configurationdiscovery - fixed neighbor discovery on Mesh interfacesdiscovery - report IPv6 LL address if global address does not existdisk - added support for manual RAM file system (TMPFS) creation (CLI only)disk - improved external storage file system mounting, formatting and namingdns - do not query upstream DNS servers for matched regex recordsdns - fixed changing of "forward-to" parameter for FWD entriesdns - fixed handling of CNAME entry pointing to another FWD entrydns - fixed handling of FWD entries where "forward-to" is a hostnamedns - fixed incorrect TTL=0 reporting for cached entriesdns - improved resolved static entry addition to address listdns - improved service stability when CNAME points to a FWD entrydns - query upstream DNS servers for other record types even if static entry existsdns - require "write" policy for DNS cache flushingdns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chainsfilesystem - fixed repartition on devices with containersfirewall - added "set-priority" option for IPv6 mangle firewallfirewall - made "dynamic" parameter settable for IPv4 address listshotspot - added "install-hotspot-queue" parameter to control dynamic queue creationhotspot - fixed maximum allowed connections limitationhotspot - fixed minor memory leak after each successful login from WEBhotspot - improved limitation of maximum allowed connectionshotspot - improved system stability when clients migrate between bridge ports or VLANsike1 - disallow "remote-id" setting for identityike1 - fixed XAuth responder trying to recreate phase 1ike1 - improved expired IPsec-SA processingike2 - added support for ChaChaPoly1305 encryptionike2 - added support for DH Group 31 (EC25519) (CLI only)ike2 - fixed rekey notify creationike2 - improved certificate payload parsinginterface - do not allow adding invalid "veth" interfacesinterface - improved system stability when handling large packets on CCR2216interface - show RTL8153 CDC Modem Device as ethernetipsec - added "current-address" parameter for peers with DNS addressipsec - added hardware acceleration support for IPQ-6010ipsec - added support for AVX optimized SHA accelerationipsec - improved "H" (hw-aead) flag presence for accelerated SA'sipsec - improved IKE payload processingipsec - improved configuration of IPsec proposal auth-algorithmsipsec - removed Blowfish and Camellia encryption algorithms for IKEipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabledipv6 - do not use invalid/disabled global addresses for IPv6 NDl2tp - added VRF support for L2TP Ether interfacesl3hw - fixed host offloading in a case of MAC address changel3hw - fixed offloaded NAT for CRS309 switchl3hw - improved system stability when disabling or enabling L3HW offloadingleds - fixed default LED configuration on netFiber 9leds - fixed turning off LEDs after system shutdownlte - added AT channel support for Telit FN990lte - added CA information in 5G modelte - fixed error handling on opening AT control channellte - fixed new MTU value validationlte - improved stability when LTE passthrough is enabled on Chateau 5Glte - properly show leading zeros in MCC and MNC stringslte - show band number in "ca-band" in NSA mode on Chateau 5Glte - use RSRP value reported by MBIM signal for MBIM type modemsmacsec - fixed packet duplication on Ethernet interfacemacsec - fixed packet transmission using traffic-generatormacsec - fixed packet validationmodem - added USB tethering support for Google Pixel 7 devicesmpls - added VPLS LDP information in remote/local-mappingsmpls - fixed assigning of explicit null label for IPv6netinstall - added "-i " parameter for Netinstall (CLI Linux)netinstall - fixed Netinstall procedure on RouterBOOT versions from 3.27 to 6.41netinstall - improved automatic netbooting interface selectionnetwatch - added support for "https-get" type (CLI only)netwatch - fixed reporting of VRF name in logging messagesnetwatch - improved "interval" and "packet-interval" coexistence for ICMP typentp - log error message when server is unreachableospf - fixed MD5 checksum calculationospf - fixed simple authentication and checksums for NBMA and PTMP linksospf - fixed simple authentication checksum calculationospf - fixed virtual-link address selection for PTP linksovpn - added "CBC" postfix to AES cipher namesovpn - added "route-nopull" option for client sideovpn - added hardware acceleration support for IPQ-6010ovpn - added support for IPv6 tunnelingovpn - fixed "Called-Station-Id" usage in RADIUS requestspackage - fixed missing menus when both "lora" and "wifiwave2" packages are installedping - fixed ARP pingport - added serial port support for Telit FN990 modemport - do not show unusable USB port on hAP ax^2port - fixed R11e-LTE6 port mappingppp - changed default lease time of dynamic DHCPv6 server to 1 dayppp - do not inherit routing mark for encapsulated packetsppp - fixed displaying of "info" command for PPP clientppp - improved authentication method negotiationpppoe - improved service stability when establishing PPPoE sessionsquickset - fixed addition of bridge filter rules in bridged modequickset - fixed interface list member table on configuration changesquickset - update DNS server IP address when changing router's IP addressrb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto"sfp - added 2.5G SFP module support for RB5009sfp - allow usage of "10G Base-LR" mode for XS+31LC10D modulesnmp - added support for "lldpRemLocalPortNum" OID'ssnmp - improved stability when receiving bogus packetsssh - added support for Ed25519 key exchangessh - do not allow SHA1 usage with strong crypto enabledssh - fixed handling of non standard size RSA keyssupout - added MSTI and mst-override monitor for bridge MSTPsupout - added missing IPv6 firewall sectionsswitch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switchesswitch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3)switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switchesswitch - fixed egress mirror for 98DX4310 and 98DX8525 switchesswitch - hide invalid settings for 98DX3255 and 98DX8525 switch chipsswitch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switchesswitch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switchesswitch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switchesswitch - improved 10Gbps Ethernet interface stability for 98DX8212 switchswitch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6)switch - increased the maximum value of "rate" for ACL rulesswos - fixed "allow-from-ports" settingswos - fixed SwOS configuration changes from RouterOSswos - improved default SwOS backup file namesystem - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILEsystem - improved hand
Source: Tweakers.net