Оновлення MikroTik RouterOS 7.13

Виробник MikroTik оновив операційну систему RouterOS до версії 7.13.

Починаючи з версії RouterOS 7.13, до пакетів бездротового зв'язку було внесено значні зміни.

1. Контролер CAPsMAN тепер дозволяє налаштувати в єдину мережу обладнання стандартів N, AC та AX.

На старих пристроях стандарту B/G/N/AC в системі для сумісності будуть присутні два контролери CAPsMAN:

• Меню "Wireless - CAPsMAN" — старий CAPsMAN для налаштування пристроїв B/G/N/AC.
• Меню "WiFi" — новий CAPsMAN для налаштування AC Wave 2 та AX пристроїв.

2. Wi-Fi пакет "wifiwave2" поділений на два окремі пакети:

• Пакет "wifi-qcom-ac" - для обладнання з підтримкою AC Wave 2 стандарту.
• Пакет "wifi-qcom" - для обладнання з підтримкою AX стандарту.

Це зроблено через те, що нове програмне забезпечення потребує більше місця на flash пам'яті для розміщення драйверів обладнання. RouterOS та пакет "wifi-qcom-ac" разом поміщаються на 16 МБ флеш-пам'яті.

3. Драйвери для старих пристроїв з бездротовими інтерфейсами B/G/N/AC та інтерфейсів 60 ГГц, а також старий контролер CAPsMAN тепер є частиною окремого пакета "wireless". Цей пакет можна видалити, якщо він не потрібен.

4. Під час оновлення за допомогою "check-for-updates" для всіх версій до 7.12, буде показано 7.12 як останню доступну версію. Оновлення з v7.12 до v7.13 або пізніших версій має відбуватися через 7.12, щоб автоматично конвертувати пакети бездротового зв'язку. Прошивання RouterOS за допомогою Netinstall або ручне встановлення пакетів працює так само, як і завжди.

УВАГА! Не поспішайте встановлювати RouterOS 7.13 в продакшен через можливі баги. Протестуйте спочатку роботу на невеликих інсталяціях, в яких можна буде швидко повернутись до 7.12. Перед оновленням зробіть повний бекап та збережіть його на ПК.

У версії 7.13 зроблені наступні покращення та виправлення (15 грудня 2023 р.):

• ! package - convert "wireless" and "wifi" packages automatically, if upgrading from v7.12;
• ! wifi - split existing "wifiwave2" package into separate packages "wifi-qcom", "wifi-qcom-ac", and include required utilities for WiFi management into bundle;
• ! wireless - separate "wireless" package from bundle and build as a standalone package;
• bridge - added automatic "path-cost" values depending on interface rate;
• bridge - added bridge interface property "port-cost-mode" with "short" and "long" arguments;
• bridge - fixed bogus VLAN entries from wifi when vlan-filtering is not enabled;
• bridge - improved HW offload enable;
• bridge - improved host flush when removing VLAN on HW offloaded bridge;
• bth - added "VPN Prefer Relay Code" option;
• bth - improved automatic firewall rule generation process;
• certificate - add support for multiple DNS names for Let's Encrypt;
• certificate - added HTTP redirect support for CRL download;
• certificate - added support for certificates with key size 16384;
• certificate - fixed CRL updating;
• certificate - fixed certificate auto renewal via SCEP when certificate contains "subject-alt-name";
• certificate - improved CRL signature verification and download error messages;
• certificate - improved initial certificate creation using SCEP;
• certificate - use error topic for CRL update failures;
• cloud - improved re-connect speed after network related connection errors;
• console - added ":grep" command;
• console - added ":onerror" command;
• console - added ":serialize" and ":deserialize" commands for converting values to/from JSON;
• console - added "interface" name when printing "interface/pppoe-server" entries;
• console - added "read" command under "file" menu;
• console - added "where" functionality for "export" command;
• console - added flags to "print" command with "value-list";
• console - added interface helper for "gateway" property under "ip/route" menu;
• console - added unset option for "ssid-regex" and "allow-signal-out-of-range" properties under "interface/wifi/access-list" menu;
• console - clear console history when resetting configuration;
• console - disallow setting existing "name" under "system/script" and "system/scheduler" menus;
• console - fixed "export" boolean arguments when saving output to file using API;
• console - fixed "interface/ethernet/switch/port-isolation" export;
• console - fixed "on-event" argument highlighting under "system/scheduler" menu;
• console - fixed graphic distortions in WinBox;
• console - fixed issue where API incorrectly asks for missing arguments;
• console - fixed printing to file using API;
• console - ignore negative values for ":delay" command;
• console - improved flag printing in certain menus;
• console - improved stability when running "tool/ping" from API;
• console - removed "route-cache" setting from "ip/settings" menu;
• console - replace reserved characters in file and script names with underscores;
• console - resolve "wifiwave2" directory to "wifi";
• console - show "l2vpn-link" address family under "routing/route" menu;
• console - use more compact login screen for empty branding;
• defconf - expire password when reverting configuration;
• defconf - fixed bogus wifi password on certain Audience devices;
• defconf - fixed configuration for Audience with "wifi-qcom-ac" package;
• defconf - fixed wireless band and channel-width selection (introduced in v7.12);
• defconf - hide default configuration for users without "sensitive" policy;
• defconf - improved wifi interface detection after upgrade;
• defconf - updated configuration with new "wifi" directory;
• defconf - use "WISP Bridge" default configuration mode for RBGrooveGA-52HPacn device;
• defconf - use "fan-min-speed-percent=25" for CRS354-48P-4S+2Q+ device;
• defconf - use device factory preset credentials when using CAPs mode;
• defconf - use one SSID and enable FT when using "wifi" packages;
• disk - fixed hang on reboot when network file systems mounted;
• ethernet - improved packet CPU core classifier for Alpine CPUs for non IPv4/IPv6 traffic;
• ethernet - improved system stability for L009 and hAP ax lite devices;
• fetch - added "http-auth-scheme" parameter, allows to select HTTP basic or digest authentication;
• fetch - added "http-content-encoding" setting;
• fetch - added raw logging;
• fetch - allow to receive HTTP response headers;
• fetch - require "ftp" user policy;
• firewall - added "nat-pmp" support;
• firewall - added new IPv6 filter arguments "icmp-err-src-routing-header" and "icmp-headers-too-long" for "reject-with" setting;
• firewall - do not mark all IPv6 GRE packets as invalid;
• firewall - fixed IPv6 address-list timeout;
• firewall - fixed altered address-list when upgrading from RouterOS v6;
• firewall - fixed connections being tracked when tracking is disabled;
• firewall - removed "prohibited" and "unreachable" IPv4 address-type arguments;
• ftp - improved upload and download speeds;
• health - dynamically add and remove invalid sensors (e.g. sfp-temperature);
• hotspot - fixed incorrect host moving to VLAN 0 when receiving packets through bridge;
• ike2 - fixed ike2 double reply;
• iot - fixed incorrect LoRa ACK packet handling during downlink messaging (introduced in v7.12);
• ipv6 - do not send out IPv6 RA deprecate message for re-used prefix;
• isis - added IS-IS protocol support (CLI only);
• l3hw - fixed routing for IPsec encapsulated packets;
• leds - fixed LED indication in multi-APN setup for Chateau;
• leds - improved LED indication during modem registration state for Chateau;
• log - added "fetch" topic;
• lora - added CUPs protocol support;
• lora - fixed issue with lost LoRa configuration when rebooting the device;
• lte - added RNDIS support for neoway N75-EA modem;
• lte - added support for FOTA firmware upgrade from custom URL for R11eL-FG621-EA;
• lte - disabled IMS service for Chateau 5G on A1 HR network;
• lte - fixed rare cases where Chateau 5G in passthrough mode may stop forwarding packets;
• lte - improved SIM slot status change notification handling for MBIM modems;
• lte - replaced "passthrough-subnet-selection" with "passthrough-subnet-size" setting (CLI only);
• lte - show each CA band in a new line;
• mipsbe - improved system stability when removing USB devices;
• mmips - properly mount and unmount USB devices;
• modem - added option to read SMS using MBIM interface;
• mpls - added "te-tunnel" property for VPLS monitor (CLI only);
• mpls - fixed IPv6 RSVP-TE;
• mpls - improved logging;
• netinstall-cli - added more details to help messages;
• ospf - fixed LSA Type3 advertisement for OSPFv2;
• ospf - fixed missing OSPF interface on L2TP interface reconnect;
• ospf - fixed missing opaque bit in opaque LSA;
• ovpn - improved memory allocation during key-renegotiation;
• ovpn - removed "ping-timer-rem" option from client config file;
• package - added warning log about missing "wireless" or "wifi" package;
• pimsm - improved elected BSR change;
• poe-out - improved firmware upgrade stability for AF/AT controlled boards;
• ppc - fixed RouterOS bootup (introduced in v7.12);
• ppp - added remote-ipv6-prefix to IPv6 firewall address-list if "address-list" property is provided;
• ppp - allow at-chat and info commands in "waiting for packets" state for modems with shared data/info channel;
• ppp - improved IPv6 link-local address uniqueness;
• pppoe-server - fixed connection count limit per license level;
• profiler - improved "disk" and "supout.rif" classifiers;
• qos-hw - added initial congestion avoidance support for 98DX224S, 98DX226S, and 98DX3236 switch chips (CLI only);
• qsfp - added support for QSFP-to-SFP adapters;
• qsfp - fixed supported rates for breakout cables (introduced in v7.12);
• quickset - show DDNS name as VPN address for devices with new style serial number;
• route-filter - improved performance;
• sfp - added "1G-baseT" link mode for modules that supports "2.5G-baseT" mode;
• sfp - allow 2.5G rates only in forced link mode;
• sfp - fixed link establishment with S+DA0001 DAC cables;
• sfp - ignore irrelevant extended compliance code for SFP modules;
• sfp - improved SFP interface handling for 98DX224S, 98DX226S, 98DX3236, 98DX8208, and 98DX8216 switch chips;
• sfp - improved link establishment for SFP copper modules;
• sfp - improved link establishment with certain modules for hEX S device;
• sfp - show 10M and 100M supported rates for RJ45 copper modules;
• ssh - added cipher and hash function acceleration for ARM64 and x86 architectures;
• ssh - fix error that caused large chunks of text not being pasted in their entirety into console;
• supout - added VXLAN FDB section;
• supout - added multiple WiFi sections;
• switch - fixed service VLAN tagged IP multicast packets for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
• system - added "rtrace" debugging tool (CLI only);
• system - improved incoming and outgoing TCP connection performance;
• system - improved internal process communication performance;
• traffic-generator - improved system stability when modifying interfaces;
• usb - added support for RTL8152 USB ethernet on ARM, ARM64 and x86;
• vpls - improved performance when decapsulating data;
• vrf - fixed ICMP reply lookup;
• webfig - allow to display comments in multiline or compact modes;
• webfig - make table headers always visible;
• webfig - use local storage for user preferences;
• wifi - added "flat-snoop" tool for surveying WiFi APs and stations (CLI only);
• wifi - added "radio-mac" variable for "name-format" provisioning setting;
• wifi - added "remove" command in "capsman/remote-cap" menu;
• wifi - after radar detections, avoid selection of channels not permitted by the user;
• wifi - changed CAPsMAN generated certificate common name;
• wifi - create first interface without number when using "name-format" provisioning setting;
• wifi - enable protected interworking ANQP responses;
• wifi - fixed EAP authentication failures when the Session-Timout RADIUS attribute is defined;
• wifi - fixed occasional failures to start on 20/40mhz-eC channels for 2.4GHz 802.11ax interfaces;
• wifi - fixed overridden datapath settings on CAP when unsetting from CAPsMAN;
• wifi - improved CAPsMAN stability during provisioning;
• wifi - make slave APs use datapath bridge settings inherited from master by default;
• wifi - removed "openflow-switch" setting;
• wifi-qcom - added fast-path for received packets;
• winbox - added "Hw. Offload" property under "IP/Firewall/Filter" menu;
• winbox - added "Ping" button under "IP/DHCP Server/Leases" menu;
• winbox - added "Tx bps" and "Rx bps" monitor values under "WiFi/Registration" menu;
• winbox - added "none" argument for "Preshared Key" under "WireGuard/Peers" menu;
• winbox - added icon to entries under "WiFi/Access List" menu;
• winbox - added missing "qos-classifier" argument for "Hw. Caps" under "WiFi/Radios" menu;
• winbox - added missing arguments for "MAC Format" under "Wireless/Security Profiles/RADIUS" menu;
• winbox - allow opening entries under "WiFi/Registration" menu;
• winbox - fixed default "Name Format" property under "WiFi/Provisioning" menu;
• winbox - fixed minor typo under "Routing/BFD" menu;
• winbox - improved connection speed;
• winbox - updated "wireless" and "wifi" menus;
• wireless - fixed "wlan1" default name for RBSXTsqG-5acD and RBLDFG-5acD;
• wireless - fixed snooper information gathering from re-assocation requests;
• wireless - keep configuration after manual package removal.