RouterOS 7.18 [stable] is released

RouterOS 7.18 [stable] is released



What's new in 7.18 (2025-Feb-24 10:47):


*) 60ghz - improved system stability;

*) bgp - fixed certain affinity options not working properly;

*) bgp - improved system stability when printing BGP advertisements;

*) bgp - make NO_ADVERTISE, NO_EXPORT, NO_PEER communities work;

*) bond - added transmit hash policies for encapsulated traffic;

*) bridge - added MLAG heartbeat property;

*) bridge - avoid duplicate VLAN entries with dynamic wifi VLANs;

*) bridge - do not reset MLAG peer port on heartbeat timeout (log warning instead);

*) bridge - fixed endless MAC update loop (introduced in v7.17);

*) bridge - fixed missing S flag on interface configuration changes;

*) bridge - improved stability when using MLAG with MSTP (introduced in v7.17);

*) bridge - improvements to MLAG host table updates;

*) bridge - process more DHCP message types (decline, NAK, inform);

*) bridge - removed controller-bridge (CB) and port-extender (PE) support;

*) bridge - show VXLAN remote-ip in host table;

*) btest - allow limiting access to server by IP address;

*) certificate - fixed localized text conversion to UTF-8 on certificate creation;

*) chr - fixed limited upgrades for expired instances;

*) chr/x86 - added network driver for Huawei SP570/580 NIC;

*) chr/x86 - fixed error message on bootup;

*) chr/x86 - fixed GRE issues with ice network driver;

*) chr/x86 - Realtek r8169 updated driver;

*) cloud - added "Back To Home Files" feature;

*) cloud,bth - use in-interface matcher for masquerade rule;

*) console - added dsv.remap to :serialize command to unpack array of maps from print as-value;

*) console - added file-name parameter to :serialize;

*) console - allow ISO timezone format in :totime command;

*) console - allow tab as dsv delimiter;

*) console - allow to toggle script error logging with "/console settings log-script-errors";

*) console - do not autocomplete arguments when match is both exact and ambiguous;

*) console - do not show numbering in print follow;

*) console - fixed "get" and "proplist" for certain settings;

*) console - fixed issue where ping command displays two lines at the same time;

*) console - fixed issue with disappearing global variable;

*) console - implement scriptable safe-mode commands and safe-mode handler;

*) console - improved hints;

*) console - log errors within scripts to the system log;

*) console - make non-pseudo terminals work with imports;

*) console - put !empty sentence when API query returns nothing;

*) console - renamed "back-to-home-users" to "back-to-home-user";

*) container - add default registry-url=https://lscr.io;

*) container - allow HTTP redirects when accessing container registry;

*) container - allow specifying registry using remote-image property;

*) container - improved image arch choice;

*) container - use parent directory of container root-dir for unpack by default, so that container layer files are downloaded directly on target disk;

*) defconf - added IPv6 FastTrack configuration;

*) device-mode - do not allow changing CPU frequency if "routerboard" is not allowed by device mode (introduced in v7.17);

*) device-mode - fixed feature and mode update via power-reset on PPC devices;

*) dhcpv4-client - allow selecting to which routing tables add default route;

*) dhcpv4-client - fixed default option export output;

*) dhcpv4-server - fixed "active-mac-address" update when client has changed MAC address;

*) dhcpv4-server - fixed framed-route removal;

*) dhcpv4-server - fixed lease assigning when server address is not bind to server interface (introduced in v7.17);

*) dhcpv6-client - added "validate-server-duid" option;

*) dhcpv6-client - allow specifying custom DUID;

*) dhcpv6-client - do not run script on prefix renewal;

*) dhcpv6-relay - added option to create routes for bindings passing through relay;

*) dhcpv6-server - respond to client in case of RADIUS reject;

*) discovery - advertise IPv6 capabilities based on "Disable IPv6" global setting;

*) discovery - improved stability during configuration changes;

*) discovery - report actual PSE power-pair with LLDP;

*) discovery - use power-via-mdi-short LLDP TLV only on pse-type1 802.3af;

*) disk - add disk trim command (/disk format-drive diskx file-system=trim);

*) disk - allow to add swap space without container package;

*) disk - allow to set only type=raid devices as raid-master;

*) disk - cleanup raid members mountpoint, improve default name of file base block-device;

*) disk - do not allow adding device in raid when major settings mismatch in superblock and config;

*) disk - do not allow configuring empty slot as raid member;

*) disk - fix detecting disks on virtual machines;

*) disk - fixed removing device from raid while resyncing;

*) disk - fixed setting up dependent devices when file-based block-device becomes available;

*) disk - fixed showing free space on tmpfs (introduced in v7.17);

*) disk - improved stability;

*) disk - improved system stability when SMB interface list is used (introduced in v7.17);

*) disk - mount multi-device btrfs filesystems more reliably at startup;

*) disk - set non-empty fs label when formatting by default;

*) dns - do not show warning messages for DNS static entries when they are not needed;

*) ethernet - fixed issue with default-names for RB4011, RB1100Dx4, RB800 devices;

*) ethernet - fixed link-down on startup for ARM64 devices (introduced in v7.16);

*) ethernet - improved link speed reporting on 2.5G-baseT and 10Gbase-T ports;

*) fetch - added "http-max-redirect-count" parameter, allows to follow redirects;

*) fetch - do not require "content-length" or "transfer-encoding" for HTTP;

*) file - added "recursive" and "relative" parameters to "/file/print" for use in conjunction with "path" parameter;

*) file - allow printing specific directories via path parameter;

*) file - improved handling of filesystems with many files;

*) firewall - allow in-interface/in-bridge-port/in-bridge matching in postrouting chains;

*) firewall - fixed incorrectly inverted hotspot value configuration;

*) firewall - increased maximum connection tracking entry count based on device total RAM size;

*) hotspot - fixed an issue where extra "flash/" is added to html-directory for devices with flash folders (introduced in v7.17);

*) igmp-proxy - fixed multicast routing after upstream interface flaps (introduced in v7.17);

*) iot - added new "iot-bt-extra" package for ARM, ARM64 which enables use of USB Bluetooth adapters (LE 4.0+);

*) iot - improvements to LoRa logging and stability;

*) iot - limited MQTT payload size to 32 KB;

*) ip - added support for /31 address;

*) ippool - added pool usage statistics;

*) ipsec - added hardware acceleration support for hEX refresh;

*) ipsec - fixed chacha20 poly1305 proposal;

*) ipsec - fixed installed SAs update process when SAs are removed;

*) ipv6 - added ability to disable dynamic IPv6 LL address generation on non-VPN interfaces;

*) ipv6 - added FastTrack support;

*) ipv6 - added routing FastPath support (enabled by default);

*) ipv6 - added support for neighbor removal and static entries;

*) ipv6 - fixed configuration loss due to conflicting settings after upgrade (introduced in v7.17);

*) l2tp - added IPv6 FastPath support;

*) l3hw - added initial HW offloading for VXLAN on compatible switches;

*) l3hw - added neigh-dump-retries property;

*) l3hw - fixed /32 (IPv6 /128) route offloading when using interface as gateway;

*) l3hw - fixed partial route offloading for 98DX224S, 98DX226S, 98DX3236 switches;

*) l3hw - respect interface specifier (%) when matching a gateway;

*) log - added CEF format support for remote logging;

*) log - added option to select TCP or UDP for remote logging;

*) lte - added at-chat support for EC21EU;

*) lte - added basic support for Quectel RG255C-GL modem in "at+qcfg="usbnet",0" USB composition;

*) lte - added confirmation-code parameter for eSIM provisioning;

*) lte - added initial eSIM management support;

*) lte - fixed cases where the MBIM dialer could get stuck;

*) lte - fixed Huawei ME909s-120 support;

*) lte - fixed interface recovery in mixed multiapn setup for MBIM modems;

*) lte - fixed missing 5G info for "/interface lte print" command;

*) lte - fixed missing IPv6 prefix advertisement on renamed LTE interfaces;

*) lte - fixed prolonged reboots on Chateau 5G ax;

*) lte - fixed SIM slot initialization with multi-APN setups;

*) lte - improved automatic link recovery and modem redial functions;

*) lte - improved initialization for external USB modems;

*) lte - lte monitor, show CQI when modem reports it as 0 - undetectable, no RX/down-link resource block assigned to modem by provider;

*) lte - R11eL-EC200A-EU fixed online firmware upgrade and added support for firmware update from local file;

*) lte - R11eL-EC200A-EU improved failed connection handling and recovery;

*) lte - reduce modem initialization time for R11e-LTE-US;

*) lte - reduced SIM slot switchover time for modems with AT control channel (except R11e-LTE);

*) lte - removed nonexistent CQI reading for EC200A-EU modem;

*) net - added initial support for automatic multicast tunneling (AMT) interface;

*) netinstall - try to re-create socket if link status changes;

*) netinstall-cli - fixed DHCP magic cookie;

*) ospf - fixed DN bit not being set;

*) ospfv3 - fixed ignored metric for intra-area routes;

*) ovpn - added requirement for server name when exporting configuration;

*) ovpn - disable hardware accelerator for GCM on Alpine CPUs (introduced in v7.17);

*) ovpn-client - added 1000 character limit for password;

*) pimsm - fixed incorrect neighbor entry when using lo interface;

*) poe-out - added "power-pair" info to poe-out monitor (CLI only);

*) poe-out - added console hints;

*) poe-out - added new modes "forced-on-a" and "forced-on-bt" (CLI only);

*) poe-out - upgraded firmware for 802.3at/bt PSE controlled boards (the update will cause brief power interruption to PoE-out interfaces);

*) port - improved handling of USB device plug/unplug events;

*) ppc - fixed HW encryption (introduced in v7.17);

*) ppp - add support for configuration of upload/download queue types in profile;

*) ppp - added support for random UDP source ports;

*) ppp - fixed setting loss when adding new ppp-client interface for BG77 modem from CLI;

*) ppp - properly cleanup failed inactive sessions on pppoe-server;

*) ptp - do not send packets on STP blocked ports;

*) ptp - improved system stability;

*) qos-hw - fixed global buffer limits for 98CX8410 switch;

*) queue - improved system stability when many simple queues are added (introduced in v7.17);

*) queue - improved system stability;

*) queue - prevent CAKE bandwidth config from potentially causing lost connectivity to a device;

*) resolver - fixed static FQDN resolving (introduced in v7.17);

*) rip - fixed visibility of added key-chains in interface-template;

*) rose-storage - add btrfs filesystem add-device/remove-device/replace-device/replace-cancel commands to add/remove/replace disks to/from a live filesystem;

*) rose-storage - add btrfs filesystem balance-start/cancel commands;

*) rose-storage - add btrfs filesystem scrub-start, scrub-cancel commands (CLI only);

*) rose-storage - add btrfs transfers, supports send/receive into/from file for transferring subvolumes across btrfs filesystems;

*) rose-storage - add support to add/remove btrfs subvolumes/snapshots;

*) rose-storage - added support for advanced btrfs features: multi-disk support, subvolumes, snapshots, subvolume send/receive, data/metadata profiles, compression, etc;

*) rose-storage - allow to separately mount any btrfs subvolumes;

*) rose-storage - fixes for btrfs server;

*) rose-storage - update rsync to 3.4.1;

*) rose-storage,ssh - support btrfs send/receive over ssh;

*) route - added /ip/route/check tool;

*) route - added subnet length validation on route add;

*) route - do not use disabled addresses when selecting routing id;

*) route - fixed busy loops (route lockups);

*) route - fixed incorrect H flag usage;

*) route - improved stability when polling static routes via SNMP;

*) route - properly resolve imported BGP VPN routes;

*) routerboot - disable packet switching during etherboot for hEX refresh ("/system routerboard upgrade" required);

*) routerboot - improved stability for IPQ8072 ("/system routerboard upgrade" required);

*) routing-filter - improved stability when using large address lists (>5000);

*) routing-filter - improved usage of quotes in filter rules;

*) sfp - fixed missing "1G-baseX" supported rate for NetMetal ac2 and hEX S devices;

*) sfp - improved linking with certain QSFP modules on CRS354 devices;

*) sfp - improved system stability with some GPON modules for CCR2004 and CCR2116 devices;

*) sfp,qsfp - improved initialization and linking;

*) smb - fixed connection issues with clients using older SMB versions (introduced in v7.17);

*) smb - fixes for SMB server;

*) smb - improved system stability;

*) snmp - added "mtxrAlarmSocketStatus" OID to MIKROTIK-MIB;

*) snmp - added disk serial number through description field;

*) snmp - sort disk list and assign correct disk types;

*) ssh - improved channel resumption after rekey and eof handling;

*) supout - added IPv6 settings section;

*) supout - added per CPU load information;

*) switch - allow entering IPv6 netmask for switch rules (CLI only);

*) switch - fixed dynamic switch rules created by dot1x server (introduced in v7.17);

*) switch - fixed issues with inactive hardware-offloaded bond ports;

*) switch - improved egress-rate on QSFP28 ports;

*) switch - improved system stability for CRS304 switch;

*) switch - improvements to certain switch operations (port disable, shaper and switch initialization);

*) system - added option to list and install available packages (after using "check-for-updates");

*) system - do not allow to install multiple wireless driver packages at the same time;

*) system - do not cause unnecessary sector writes on check-for-updates;

*) system - enable "ipv6" package on RouterOS v6 downgrade if IPv6 is enabled;

*) system - fixed a potential memory leak that occurred when resetting states after an error;

*) system - force time to be at least at package build time minus 1d;

*) system - improved HTTPS speed;

*) system - improved stability on busy systems;

*) system,arm - automatically increase boot part size on upgrade or netinstall (fixed upgrade failed due to a lack of space on kernel disk/partition);

*) tile - improved system stability;

*) traceroute - added "too many hops" error when max-hops are reached;

*) traceroute - limit max-hops maximum value to 255;

*) user - improved authentication procedure when RADIUS is not used;

*) vxlan - added disable option for VTEPs;

*) vxlan - added IPv6 FastPath support;

*) vxlan - added option to dynamically bridge interface and port settings (hw, pvid);

*) vxlan - added TTL property;

*) vxlan - changed default port to 4789;

*) vxlan - fixed unset for "group" and "interface" properties;

*) vxlan - replaced the "inherit" with "auto" option for dont-fragment property (new default);

*) webfig - added confirmation when quitting in Safe Mode;

*) webfig - do not reload form when failed to create new object;

*) webfig - fixed "TCP Flags" property when inverted flags are set in console;

*) webfig - fixed datetime setting under certain menus;

*) webfig - fixed displaying passwords;

*) webfig - fixed Switch/Ports menu not showing correctly;

*) webfig - hide certificate information in IP Services menu when not applicable;

*) webfig - remember expand/fold state;

*) wifi - added max-clients parameter;

*) wifi - avoid excessive re-transmission of SA Query action frames;

*) wifi - fix issue which made it possible for multiple concurrent WPA3 authentications to interfere with each other;

*) wifi - implement steering parameters to delay probe responses to clients in the 2.4GHz band;

*) wifi - log a warning when a client requests power save mode during association as this may prevent successful connection establishment;

*) wifi - re-word the "can't find PMKSA" log message to "no cached PMK";

*) wifi - try to authenticate client as non-FT client if it provides incomplete set of FT parameters;

*) wifi-qcom - fix reporting of radio minimum antenna gain for hAP ax^2;

*) wifi-qcom - prevent AP from transmitting broadcast data unencrypted during authentication of first client;

*) winbox - added "Copy to Provisioning" button under "WiFi/Radios" menu;

*) winbox - added "Last Logged In/Out" and "Times Matched" properties under "WiFi/Access List" menu;

*) winbox - added "Reset Alert" button under "IP/DHCP Server/Alerts" menu;

*) winbox - added L3HW Advanced and Monitor;

*) winbox - added missing options under "System/Disk" menu;

*) winbox - added TCP settings under "Tools/Traffic Generator/Packet Templates" menu;

*) winbox - do not show 0 Tx/Rx rate under "WiFi/Registration" menu when values are not known;

*) winbox - do not show LTE "Antenna Scan" button on devices that do not support it;

*) winbox - fixed locked input fields when creating new certificate template;

*) winbox - show LTE "CA Band" field only when CA info is available;

*) winbox - show warning messages for static DNS entries;

*) x86 - fixed "unsupported speed" warning;

Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org