- Xiaomi 15 - kicsi telefon nagy energiával
- Samsung Galaxy A54 - türelemjáték
- Keretmentesít a Galaxy S25 FE
- Motorola Edge 50 Fusion - jó fogás
- Samsung Galaxy S25 Ultra - titán keret, acélos teljesítmény
- Eltűnhet a Dinamikus Sziget
- Google Pixel topik
- Milyen okostelefont vegyek?
- Redmi Note 13 Pro 5G - nem százas, kétszázas!
- iPhone topik
-
Mobilarena
Mikrotik routerekkel foglalkozó téma. Mikrotik router típusok, hardverek, router beállítások, programozás (scriptek írása), frissítés, és minden Mikrotik routerrel kapcsolatos beszélgetés helye.
Új hozzászólás Aktív témák
-
-
7.8 changelog:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;Download the new 'RouterOS 7.8' version here: https://mikrotik.com/download
-
#18805
Lenry
félisten
Kicsirics77
#18802
válasz
Kicsirics77
#18802
üzenetére
más eszköz se látja?
-
nagy összegbe azért ne fogadj erre...
amikor nekem bedöglött az RB1100, az összes BGA-snak írtam, akit csak felleltem a neten, nagyrésze válaszolni se méltóztatott, a maradék meg nem vállalta. azóta is itt van a polcomon
-
mivel nincs a a Tik a DMZ-ben igy blokkolja az osszes portforward rule-t?
ha egyébként állítottál be port forwardot a Sagemcom eszközön, akkor nem kell a DMZ, de én azt szoktam, hogy vagy berakom a Mikrotiket a DMZ-be, vagy forwardolom az összes portot és majd a Mikrotik tűzfala szépen szűri, amit kell
-
elég egyszerű kideríteni.
ha az IP - Cloud menüpontban kiírt external IP nem egyezik azzal, ami mondjuk a whatismyip.com ír, akkor NAT-olva vagy.egyébként nem lehet, hogy csak a Mikrotiket kellene DMZ-be tenni a szolgáltatói eszközön?
-
#18751
Lenry
félisten
Cirbolya_sen
#18750
válasz
Cirbolya_sen
#18750
üzenetére
a tűzfalban valószínűleg van egy csomó olyan szabály, ahol a dst.address a régi IP címetek, első lépésként ezeket kellene átírni az újra
-
válasz
ekkold
#18467
üzenetére
Mitől volt a kernel falióra?
ennyit látok
egyébként szerintem szoftveres a probléma. két WAN van, Digi (PPPoE) és Telekom (fix IP). a Telekom egy ideje nem akar jól működni, van kapcsolat, de nincs névfeloldás, csak ha az adott eszközön kézzel felveszek egy DNS-t. ha csak a router címét kapja meg DNS gyanánt, akkor nem működik.
most kipróbáltam, hogy a DHCP konfigban a 8.8.8.8-at is kiosztom DNS-ként, úgy jó volt, de akkor kezdődött a probléma. újraindulgatott, a Digi PPPoE nem tudott kapcsolódni, haldoklott az egész. végül letiltottam a Telekomos vonalat és azóta nincs baja.
csak fogalmam nincs, hogy mi az a félrekonfig, ami így meg tud fojtani egy routert.volt, hogy volt előtte egy másik eszköz (egy hEX), ami intézte a Telekomos kapcsolódást, és bár dupla NAT-tal de működött a kapcsolat. amikor visszaszerveztem ezt a feladatot a CCR-nek, akkor meg elkezdett faliórázni.
-
többedik kernel failure után úgy érzem ideje tartalék routert keresni a CCR1009 helyett.
KKV központi routere, VPN (L2TP, de egyre inkább WG), CAPsMAN, DHCP szerver, dual WAN (mindkettő gigabit), tűzfal szerepekre.RB4011-el szemezek helyette. jó választás lehet?
-
hosszútávú memory leak helyzetjelentés: úgy látom megoldódott.
itt látszik, hogy a 7.5-re (majd 7.6-ra) frissítés előtt folyamatosan indokolatlanul emelkedett a memóriahasználat, azóta viszont kb egy szinten stagnál.
ha csak az elmúlt 3 hónapot nézem, akkor még jobban látszik.
cserébe most egy kernel falióra miatt újraindult, és eléggé zavar, hogy vajon mi történhetett. a logokat folyamatosan küldöm egy syslog szervernek, de ott nem látszik semmi
-
WireGuard problémám akadt.
két Mikrotik router közti WG kapcsolat. 2 és fél órája még hibátlanul ment, azóta nem kapcsolódnak egymáshoz.
mindkét routerre futnak be más, aktív WG kapcsolatok, tehát mindkettő elérhető.
L2TP-t simán be tudom kapcsolni közöttük.
a WG viszont nem hajlandó megnyikkanni.
a logban annyi látszik, hogy "handshake for peer did not complete after 5 seconds" -
két WAN kapcsolatunk közül ha a másodlagosat szeretném használni, akkor az adott eszköz IP címét felveszem egy címlistára - ahogy ebben a leírásban van.
ez tök jól működött egy jó darabig, aztán most egyszercsak nem.
minden faja, de nincs névfeloldás. kap IP címet az eszköz, a DNS a Mikrotik (amiben pedig a 8.8.8.8 van megadva), mégse működik. ha az adott eszközön kézzel felveszek egy DNS szervert, akkor hibátlanul működik minden.mi a fene lehet a baja?
-
7.6 changelog:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT;
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support; -
#18205
Lenry
félisten
E.Kaufmann
#18204
válasz
E.Kaufmann
#18204
üzenetére
ne is haragudj, de már hogyapicsábane akarnék Mikrotikes pólót?
-
Ha a Mikrotik ezután nem létesít pppoe kapcsolatot, akkor az ONT-nek kell, ezt viszont csak a Telekom tudja átállítani (bridge módba is ők rakták)
A telefonos ügyfélszolgálat tud segíteniA DMZ csak annyi, hogy az abban lévő eszköz felé menő forgalomba nem nyúl bele az ONT, tulajdonképp egy kivétel a tűzfalszabályok alól.
-
-
válasz
jerry311
#18010
üzenetére
külön kiemelik a manuálban, hogy erősen ajánlott külső tárhelyet használni
-
válasz
amargo
#18009
üzenetére
nálam valami nem akar jó lenni a pi-hole-lal
elsőre összeraktam, gond nélkül ment, de aztán rájöttem, hogy a 172.17.0.0/16 nem lesz jó, mert a szerveremen a Docker ugyanezen tartományban dolgozik és így a szervernek nincs DNS.
úgyhogy átraktam 172.20.0.0/16-ra a Mikrotik-féle Dockert, de onnantól egyszerűen nem lehetett elérni a konténert (még a Mikrotik termináljából se tudtam pingelni), aztán amikor töröltem az egészet a francba, és nulláról újrakezdtem, akkor már megyegetett, de rohadt nehézkesen működött a webfelület (ami az első próbálkozásnál rendben volt), meg fagyott is, cserébe névfeloldást nem nagyon csinált, így egyelőre ráhagytam...pedig jó lenne beüzemelni, mert nálam most is van pi-hole, egy rPi-n fut, amit így akkor itt ki tudnék váltani, máshol meg tudnék neki más feladatot adni.
-
most nézem, hogy dobott egy kernel faliórát, ami viszont nem akkora örömbódottá
ez valójában hajnal 2 körül történt -
-
routerOS 7.5 changelog:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated);
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "cpu-temperature" to "switch-temperature" on CRS312-4C+8XG, CRS326-24S+2Q+, CRS354-48P-4S+2Q+, CRS354-48G-4S+2Q+, CRS504-4XQ-IN, CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;Download the new 'RouterOS 7.5' version here: https://mikrotik.com/download
-
válasz
ratkaics
#17980
üzenetére
Mikrotik Wireless Wire
vagy ugyanez tányér alakban
Wireless Wire Dish -
időről időre nem tudnak visszacsatlakozni az L2TP klienseim (másik Mikrotik eszközök)
respond new phase 1 (Identity Protection): 192.168.93.3[500]<=>81.183.xxx.xxx[500]
phase1 negotiation failed due to time up 192.168.93.3[500]<=>81.183.xxx.xxx[500] 5e896dc9bee40a55:769d3dee660baa12ilyenkor az a megoldás, hogy az adott IP-t dropolom 10-15 percig, amíg minden biztosan timeoutol, aztán feloldom a tiltást és azonnal kapcsolódik.
lehetne erre valami automatizmust kreálni?
vagy kisakkozni, hogy amúgy mi a kehe ilyenkor...
a másik oldalon ez látszik:l2tp-k94: initializing...
l2tp-k94: connecting...
initiate new phase 1 (Identity Protection): 192.168.1.2[500]<=>81.183.yyy.yyy[500]
l2tp-k94: terminating... - session closed
l2tp-k94: disconnected
ISAKMP-SA deleted 192.168.1.2[500]-81.183.yyy.yyy[500] spi:0054f156ee742aa2:0000000000000000 rekey:1ahol 81.183.yyy.yyy én vagyok.
a tippem, hogy valahol elcsúszik időben a dolog, és mondjuk nálam már timeoutol és új kapcsolatot kezdeményez a router, amikor a távoli oldal még az előző próbánál tart vagy ilyesmi... -
routerOS 7.4
Important note!!!
- Container package is not available in v7.4. Development and testing continues in "testing" channel.
Changes in this release:
*) api - fixed comma encoding within URL when using the ".proplist" argument;
*) bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
*) capsman - require a unique name for configuration and configuration pre-sets;
*) certificate - fixed new CRL updating;
*) chr - fixed booting with added additional SCSI disk;
*) cloud - print critical log message when system clock gets synchronized;
*) console - added ":retry" command;
*) console - fixed situation when print output was not consistent;
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) dhcp-relay - fixed DHCPv6 relay forward and reply creation (introduced in v7.1.3);
*) dhcp-server - change "vendor-class-id" matcher to generic option matcher;
*) dhcpv4-server - disallowed overriding message type option;
*) dhcpv4-server - log message when user option updates existing option;
*) dhcpv4-server - placed option 53 as the first one in the packet;
*) dns - convert the domain name to lowercase before matching regex;
*) dot1x - fixed "undo" command for server instances;
*) e-mail - added VRF support;
*) filesystem - fixed repartition on RB5009 series devices;
*) firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
*) firewall - added support for IPv6/Firewall/NAT action=src-nat rules;
*) firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
*) firewall - fixed IPv6/Firewall/RAW functionality;
*) firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
*) firewall - properly handle interface matcher when VRF interface is specified;
*) health - fixed requesting data from sensor when issuing "get" command;
*) health - fixed voltage reporting on some RBmAP-2nD devices;
*) hotspot - fixed ARP resolution for clients when address pool is specified on the server;
*) hotspot - fixed Walled Garden entries with action=deny;
*) ipv6 - fixed system stability when adding/removing IPv6 address;
*) l2tp - improved stability when establishing l2tp-ether connection (introduced in v7.3);
*) ldp - correctly handle AFI selection for usage on dual-stack peers;
*) leds - fixed GPS LED configuration on LtAP LTE kit;
*) leds - fixed LTE signal strength LED configuration on LHGG LTE kit;
*) leds - fixed LTE signal strength LED configuration on LtAP LTE kit;
*) lte - added AT chat support for Dell dw5821e modem;
*) lte - fixed LTE interface running state after modem reconnection;
*) lte - fixed Telit AT interface numbering;
*) lte - improved LTE interface detection for LtAP-2HnD devices;
*) lte - keep MBIM working even if AT channel fails to respond in the initialization stage;
*) lte - request connect with the same IP type as in LTE attach status for MBIM;
*) lte - show current value for "antenna" parameter when auto antenna selection fails;
*) lte - validate LTE attached IP type in MBIM mode;
*) mmips - improved USB device detection after system bootup;
*) mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
*) mpls - improved stability with enabled loop-detect;
*) mqtt - fixed log flooding with disconnect messages;
*) mqtt - fixed socket error handling;
*) netwatch - added support for more advanced probing;
*) ntp - added VRF support for client and server;
*) ntp - fixed manycast server support;
*) ntp - improved "debug" log level logging;
*) ovpn - added "AUTH_FAILED" control message sending;
*) ovpn - fixed "called-station-id" RADIUS attribute value for OVPN server;
*) ovpn - use selected cipher by default when the server does not provide "cipher" option;
*) pimsm - improved system stability when changing configuration;
*) poe - hide "poe-voltage" parameter on devices that do not support it;
*) ppp - do not fail connection when trying to add existing IP address to address list;
*) ppp - log warning message when remote IP address can not be added;
*) ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
*) quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
*) radius - added VRF support for RADIUS client;
*) route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu);
*) route - expose all valid routes to route select filter from BGP;
*) route - expose all valid routes to route select filter from OSPF and RIP;
*) route - fixed false route type detection as blackhole;
*) route - fixed log messages when changing routing configuration;
*) route - made export run faster on tables with a large number of dynamic routes;
*) route - provide more detailed information about prefixes when using "discourse" tool;
*) route-filter - fixed route select filter rules;
*) routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
*) routing-filter - added origin matcher to match for example routes of a specific OSPF instance;
*) routing-filter - fixed regexp community matcher;
*) routing-filter - made "do-jump" work in select rules;
*) rpki - fix potential memory leak;
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
*) ssh - fixed host key generation (introduced in v7.3);
*) ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
*) switch - fixed multicast flooding when HW offloaded bridge port gets disabled;
*) system - added "shutdown" parameter for reset-configuration (CLI only);
*) system - fixed configuration reset with "run-after-reset" with file stored on ramdisk;
*) upgrade - ignore same version packages during upgrade procedure;
*) upgrade - improved RouterOS upgrade stability with attached USB modem on MIPSBE, SMIPS and MMIPS devices;
*) vpls - improved system stability with enabled connection tracking;
*) vxlan - allow to specify MAC address manually;
*) w60g - fixed interface "reset-configuration" on Cube 60 devices;
*) w60g - improved interface initialization after being inactive for a while;
*) w60g - improved system stability when using mismatched L2MTU between station and AP;
*) webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
*) webfig - updated link to the WinBox executable;
*) webfig - updated link to the documentation;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
*) wifiwave2 - improved WPA3 support stability;
*) winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
*) winbox - added "name" parameter under "Routing/BGP/Session" menu;
*) winbox - added "to-address" and "to-ports" parameters under "IPv6/Firewall/NAT" menu;
*) winbox - added support for "veth" interface types;
*) winbox - fixed "inactive" flag naming under "MPLS/Local Mapping" menu;
*) winbox - fixed IP/Route and IPv6/Route OSPF type value;
*) winbox - fixed filename dropdown value filtering;
*) winbox - fixed minor typo under "Interface" stats;
*) winbox - fixed units for "reachable-time" parameter under "IPv6/ND" menu;
*) winbox - removed "TLS Host" parameter from "IP/Firewall/NAT" menu;
*) winbox - removed duplicate signal strength column under "Wireless/Registration Table" menu;
*) winbox - removed unused "Apply Changes" button from BGP sessions menu;
*) wireguard - fixed system stability when adding/removing WireGuard interface;
*) wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
*) x86 - fixed Broadcom NIC support;
*) x86 - fixed keep old configuration functionality during x86 setup installation;
*) x86 - improved log warning message on failed downgrade attempt;
*) x86 - removed "hdd-model" information from installation screen;
Download the new 'RouterOS 7.4' version here: https://mikrotik.com/download -
7.4beta5 changelog:
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86;egyebek mellett...
-
válasz
amargo
#17460
üzenetére
nálam Zabbixba van bekötve, de hülye vagyok, hogy ezt eddig nem jutott eszembe nézni
az elmúlt 1 év... a beszakadások jelölik az (általában frissítések miatti) újraindításokat. január 15-én frissítettem ezt a router rOS7-re, látszik is, hogy onnantól indult el felfelé a memóriahasználat, előtte viszonylag stabilan 30-40% között volt.
most a 7.2 megjelenése óta nem frissítettem. hétvégén majd frissítek 7.3-ra, aztán pár hét múlva szóljon rám valaki, hogy nézzek rá erre a grafikonra. -
megjelent a stabil 7.3
7.3 changelog:
*) bgp - added "name" parameter for connections;
*) bgp - added initial support for prefix limit;
*) bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
*) bgp - fixed "l2vpn" distribution;
*) bgp - improved stability when editing BGP template;
*) bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
*) bgp - remove unused commands and parameters;
*) bluetooth - improved long-term service stability;
*) bonding - added "lacp-user-key" setting;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) bridge - added more details for loop detection warning;
*) bridge - do not set VLAN on inactive port with a "set" command;
*) bridge - fixed TCP, UDP port parsing for loop detect warning;
*) bridge - fixed packet marking for IP/IPv6 firewall;
*) bridge - ignore VLAN tagged BPDU;
*) capsman - fixed bridge disabling when using L2 connection;
*) capsman - fixed loss of manager configuration when "package-path" is set to external disk;
*) capsman - improved traffic processing over CAP communication tunnels:
*) ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - improved interface link stability on CCR2004-16G-2S+PC;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) chr - fixed Cloud DDNS update after license renewal;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) console - fixed "terminal inkey" command;
*) crs1xx/2xx - improved system stability during switch reset;
*) defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed conflicting or declined lease detection when IP pool differs from server's configuration;
*) dhcpv4-server - fixed minor logging typo;
*) dot1x - fixed RADIUS State attribute when client is reauthenticated;
*) dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
*) dot1x - improved server stability when using re-authentication;
*) export - fixed value ID exporting that does not refer to any name;
*) fetch - fixed SFTP upload;
*) fetch - improved full disk detection;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved UBIFS stability and data integrity after downgrade to RouterOS v6 and upgrade to RouterOS v7;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - added GPS package support for Chateau devices;
*) gps - fixed minor value unit typo;
*) ipsec - fixed IPsec IRQ initialization on startup on TILE;
*) ipsec - fixed printing of active peer statistics;
*) ipv6 - added "ra-preference" parameter support for RA;
*) ipv6 - fixed dynamic non link-local addresses displaying;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l2tp - added VRF support for L2TP client;
*) l3hw - greatly improved route offloading speed;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) l3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
*) l3hw - offload only main routing table;
*) l3hw - optimized offloading when dealing with large volume of directly connected hosts;
*) l3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lhgg - improved system stability (introduced in v7.2);
*) lora - do not allow setting non-existing forwarding server;
*) lora - fixed bogus TOO_EARLY errors;
*) lora - removed TX lookup table;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - allow only MCC/NMC format in "operator" parameter;
*) lte - clear SIM values when modem in "stopped" state;
*) lte - disabled extended signal info query for Telit LN940 module;
*) lte - disabled wait for LTE auto attach;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed LTE firwmare upgrade on RBLtAP-2HnD with R11e-LTE6;
*) lte - fixed Sierra MC7455 modem initialization;
*) lte - hide slave interfaces from export;
*) lte - improved LTE interface initialization process on LtAP-2HnD;
*) lte - improved stability when configuring multiple APN's at the same time in MBIM mode;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS MTU and path MTU selection;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) mpls - improved LDP AF selection process and behavior;
*) mpls - made LDP bindings work on PPP interfaces;
*) ntp - do not allow setting port number in "server" parameter;
*) ntp - fixed "use-local-clock" behavior when enabling server;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - ignore instance route when originate-default=if-installed is enabled;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
*) ovpn - fixed hardware offloading support on CHR;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - improved server stability under continous overload;
*) ovpn - improved service stability when outbound packets are blocked by firewall in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ovpn - moved authentication failure messages to "info" logging level;
*) ovpn - reply with the same IP address that the connection was established to;
*) ping - fixed socket allocation after VRF change;
*) port - do not loose "parity" setting;
*) ppp - added support for VRF;
*) ppp - added warning when using prefix length other than /64 for router advertisement;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed active sessions sometimes getting stuck;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) profile - added "wireguard" process classificator;
*) profile - added "zerotier" process classificator;
*) qsfp - reset module only when all ports are disabled;
*) queue - allow to set higher limits than 4G;
*) queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
*) queue - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) resource - fixed CPU type display under system resources for ARM and ARM64;
*) romon - fixed VLAN tagged packet processing;
*) route - fixed "nexthop" table printing;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed IPv6 /127 route nexthop resolution;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) routerboard - fixed USB bus numbering on LtAP and M33G;
*) routerboot - added extra shortcut information on how to boot into etherboot;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) sfp - added 2.5Gbps rate for SFP+ and QSFP+ interfaces on 98DXxxxx and 98PX1012 switches (requires disabled auto-negotiation);
*) sfp - hide empty monitor values in console;
*) sfp - improved Q/SFP interface initialization and stability for 98DXxxxx and 98PX1012 switches;
*) sfp - improved QSFP/SFP interface initialization for 98DXxxxx switches;
*) smb - fixed SMB2 file list reporting;
*) snmp - added VRF support (CLI only);
*) snmp - added VRF support;
*) snmp - fixed reported disk size when multiple external disks are attached;
*) snmp - hide Vendor ID in DHCP MIB when branding is present;
*) snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
*) ssh - added AES-GCM cipher support;
*) ssh - fail non-interactive client after first invalid password;
*) ssh - fixed corrupt host key automatic regeneration;
*) ssh - fixed private key usage after downgrade;
*) ssh - removed DSA public key authentication support;
*) supout - added IGMP-Proxy section;
*) supout - added NTP servers section;
*) supout - added PIMSM section;
*) supout - added RIP section;
*) supout - added WireGuard section;
*) supout - added simplified IPv4 and IPv6 routing table prints;
*) switch - added option to match source and destination IP addresses in ARP packets for RB5009 (requires mac-protocol=arp setting);
*) switch - fixed missing stats from traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed IP service initialization in VRF after system startup;
*) system - fixed Kernel timer consistency;
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) torch - properly capture all related IPv6 traffic;
*) tr069-client - fixed RPC download of "1 Vendor Configuration File" with branding package;
*) tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
*) upnp - improved stability when processing incomplete HTTP header;
*) user-manager - added "Acct-Interim-Interval" to predefined attribute list;
*) user-manager - improved stability when received EAP attribute with non-existing state attribute;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) vpls - fixed TE transport path usage after startup;
*) vrrp - fixed learning of bridged local MAC addreses;
*) w60g - improved stability on Cube 60Pro ac and CubeSA 60Pro ac;
*) webfig - properly show all routing table content;
*) wifiwave2 - fixed VLAN tag handling;
*) wifiwave2 - general stability and throughput improvements;
*) winbox - added "Comment" parameter for BGP templates and connections;
*) winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
*) winbox - added "ra-preference" parameter under "IPv6/ND" menu;
*) winbox - added SKID and AKID parameters under "Certificate" menu;
*) winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
*) winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
*) winbox - added missing "Scan List" parameter for W60G interfaces;
*) winbox - added missing BGP session commands;
*) winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
*) winbox - added warning message for LTE upgrade process;
*) winbox - do not auto start Wireless Sniffer when opened;
*) winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
*) winbox - fixed "IP/Cloud" window refreshing after changes are detected;
*) winbox - fixed "Type" values under "IP/Route" menu;
*) winbox - fixed graph drawing in QuickSet;
*) winbox - fixed hex type values under "User Manager" menu;
*) winbox - fixed minor typo in reboot confirmation prompt;
*) winbox - fixed typo in ZeroTier instance title;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - made "MPLS Interface" table sortable under "MPLS" menu;
*) winbox - made 56 the default ping size;
*) winbox - made wireless access list entries sortable when using the wifiwave2 package;
*) winbox - minimal required version is v3.33;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IP/Firewall" menu;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IPv6/Firewall" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - properly load band values under "LTE" menu;
*) winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show PVID column by default under "Bridge" menu;
*) winbox - show correct file system type under "System/Disks" menu;
*) winbox - take into account timezone for timed values under "User Manager" menu;
*) wireless - fixed "wmm-support=required" checking;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) x86 - added support for Solarflare SFC1920 NIC;
*) x86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);
*) x86 - improved support for Intel E810 NIC;
*) zerotier - added support for Controller configuration;Download the new 'RouterOS 7.3' version here: https://mikrotik.com/download
-
#17294
Lenry
félisten
silver-pda
#17293
válasz
silver-pda
#17293
üzenetére
A memory leak úgy tűnik hogy a capsmannel van összefüggésben, ha wifiwave2-t tervezel használni, akkor a capsman eleve ki van lőve
-
válasz
ratkaics
#17255
üzenetére
szerintem egyetlen Mikrotik eszköz sincs, ami sínre rögzíthető, de azért pörgesd végig a katalógust
-
#17206
Lenry
félisten
E.Kaufmann
#17205
válasz
E.Kaufmann
#17205
üzenetére
7.2.2 changelog:
*) bgp - added initial support for prefix limit;
*) bgp - improved stability when editing BGP template;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) crs3xx - fixed storm rate on 1Gbps interfaces for CRS354 devices;
*) defconf - suggest user to set up new password;
*) dhcpv4-server - fixed minor logging typo;
*) fetch - improved full disk detection;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed minor value unit typo;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - disabled wait for LTE auto attach;
*) lte - hide slave interfaces from export;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS MTU and path MTU selection;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ping - fixed socket allocation after VRF change;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed active sessions sometimes getting stuck;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) queues - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) supout - added RIP section;
*) system - fixed IP service initialization in VRF after system startup;
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) torch - properly capture all related IPv6 traffic;
*) upnp - improved stability when processing incomplete HTTP header;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) vrf - fixed VRF leaking;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - show PVID column by default under "Bridge" menu;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) ww2 - fixed VLAN tag handling;
*) x86 - improved support for i40e driver;
*) x86 - improved support for Intel E810 NIC; -
#17150
Lenry
félisten
Marcelldzso
#17147
válasz
Marcelldzso
#17147
üzenetére
-
7.2.1 changelog:
*) filesystem - improved long-term filesystem stability and data integrity;ez vajon mi lehet?
-
-
válasz
yodee_
#16909
üzenetére
pedig érdemes.
a 13.x.x.x nem helyi hálózati IP címtartomány és ezek szabványok, nem ajánlások és nem véletlenül lettek létrehozva.
ha egy webszolgáltatás, szerver ezen a címen működik azt te most egyáltalán nem tudod elérni.amúgy meg nem akkora truváj.
tűzfalszabályokat, az Addressest, a DHCP-t és a Route-okat kell átírni és kb meg is vagy.ha nagyon biztosra akarsz menni akkor exportálod az egész konfigot, egy másolatban átírogatod az IP-ket és visszatöltöd.
-
WG - egy interface, több port.
szerver oldal/interface wireguard
add listen-port=16720 mtu=1420 name=wireguard-s19/interface wireguard peers
add allowed-address=10.17.1.2/32 comment=client1 endpoint-address=xxxxxxxxxxx.sn.mynetname.net endpoint-port=16720 interface=wireguard-s19 persistent-keepalive=30s public-key=\
"YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"
add allowed-address=10.17.1.3/32 comment=client2 endpoint-address=12.34.56.78 endpoint-port=16723 interface=wireguard-s19 persistent-keepalive=30s public-key=\
"wwwwwwwwwwwwwwwwwwwwwwwwww"
add allowed-address=10.17.1.4/32 comment=client3 endpoint-address=zzzzzzzzzzzzz.sn.mynetname.net endpoint-port=11095 interface=wireguard-s19 persistent-keepalive=30s public-key=\
"vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv"/ip/route
add disabled=no dst-address=192.168.100.0/24 gateway=10.17.1.4 scope=10kliens (10.17.1.4)
/interface wireguard
add listen-port=11095 mtu=1420 name=wireguard-carto
/interface wireguard peers
add endpoint-address=12.34.56.79 endpoint-port=16720 interface=wireguard-carto persistent-keepalive=30s public-key=\
"aaaaaaaaaaaaaaaaaaaaaaaaaaaa"
/ip/route
add disabled=no distance=1 dst-address=192.168.1.0/24 gateway=10.17.1.1 pref-src=0.0.0.0 routing-table=main scope=30 \
suppress-hw-offload=no target-scope=10és mégsem tudom elérni a szerver oldaláról csak a routereket, az alattuk lévő hálózatot nem, azoknál ugyanez megvan visszafelé.
egész addig működött, míg csak egy peer volt, de akkor az allowed address 192.168.0.0/16 és 10.0.0.0/8 volt, így minden irányba működött minden. -
7.1.5-re frissítés óta semilyen L2TP nem tud csatlakozni, látszik a próbálkozás, aztán elhal.
7.1.3-ra frissítéskor is ez volt, de akkor újraindítottam a routert és ez megoldotta, most viszont jó lenne downtime nélkül megoldani. -
válasz
yodee_
#16858
üzenetére
ha dyndns-re kapcsolódsz, akkor pl egy IP váltás okozhat problémát, mert a WG nem követi azt le
Új hozzászólás Aktív témák
Hirdetés
- Ryzen 9 7900X /// Bontatlan // Üzletből, számlával és Garanciával!
- Ryzen 9 7900 /// Bontatlan // Üzletből, számlával és Garanciával!
- Ryzen 7 5700X3D /// Bontatlan // Üzletből, számlával és Garanciával!
- Ryzen 7 8700G /// Bontatlan // Üzletből, számlával és Garanciával!
- Ryzen 5 9600X /// Bontatlan // Üzletből, számlával és Garanciával!
- ÁRGARANCIA!Épített KomPhone i5 12400F 16/32/64GB RAM RTX 4060 8GB GAMER PC termékbeszámítással
- Azonnali készpénzes INTEL CPU AMD VGA számítógép felvásárlás személyesen / postával korrekt áron
- Üzleti Fujitsu Lifebook u7510 15,6" FHD IPS 2021/08. havi gyártás
- Csere-Beszámítás! Számítógép PC Játékra! Intel I7 6700/ RX 580 8GB / 32GB DDR4 / 500GB SSD
- Eladnád a telefonod? KÉSZPÉNZES OKOSTELEFON FELVÁSÁRLÁS azonnali fizetéssel!
Állásajánlatok
Cég: Promenade Publishing House Kft.
Város: Budapest
Cég: CAMERA-PRO Hungary Kft
Város: Budapest