Mikrotik/RouterOS

Автор Dmytro, 15 Жовтень 2020, 14:29:44

Попередня тема - Наступна тема

Edd.Dragon

Цитата: aNGeL від 02 Листопад 2020, 12:10:58
А - автоматизация
автоматизация - это когда сервер управляет всем гамузом в доме
а локально-умные розетки и чайники - это так, баловство

Edd.Dragon

правда у Т1000 умный дом не взлетит
он сервер отключать будет  :D

finalplayer

Цитата: aNGeL від 02 Листопад 2020, 12:10:58
А - автоматизация
Альо. Я про сами умные розетки, что продолжат работать. Это был юмор.

Edd.Dragon

Цитата: finalplayer від 02 Листопад 2020, 12:20:34
Альо. Я про сами умные розетки, что продолжат работать. Это был юмор.
не просто работать, но еще и без толку общаться по вайфаю!

aNGeL

Цитата: Edd.Dragon від 02 Листопад 2020, 12:21:52
не просто работать, но еще и без толку общаться по вайфаю!
у меня не по ви-фи

Цитата: Edd.Dragon від 02 Листопад 2020, 12:19:40автоматизация - это когда сервер управляет всем гамузом в доме
у меня стоит хаб что управляет другими устройствами без моего вмешательства, шо не так?
[CCCР]: ИС-7, ИС-4, Об. 277, Об.705А, СТ-II, Об. 268, Об. 268\4, Об. 261, Об. 140, Т-62А, Об. 430У, К-91
[Германия]: Maus, Е100, G.W. E 100 [США]: T110E5 [Франция]: AMX M4 mle. 54, AMX 50B [Британия]: Super Conqueror

Edd.Dragon

Цитата: aNGeL від 02 Листопад 2020, 12:27:39
у меня не по ви-фи
у меня стоит хаб что управляет другими устройствами без моего вмешательства, шо не так?
ну так а т1000 как быть? ему ж и хаб выключать придется

Mantikor

Простіше все що треба в домі виключати вивести на один чи кілька автоматів, і виходячи з дому просто рубильники клацати.
Якщо вже дуже треба.

finalplayer

Цитата: aNGeL від 02 Листопад 2020, 12:27:39шо не так?
не так то, что ты доказываешь что-то своё о чём ни кто не спрашивал

T1000

проще выдернуть бп из розетки! Что я и делаю-) :)
AMD FX 8350, 16GB 1600 goodram,gigabyte  ga-970а - DS3P, ATI RX5500 XT(7nm) 8 Gb, 1tb hdd Toshiba, chieftec proton 650вт.

OzzyZig

Цитата: T1000 від 02 Листопад 2020, 22:05:24
проще выдернуть бп из розетки! Что я и делаю-) :)
тогда чего мозг всем парил?


T1000

Так это мне мозг париили -)))
AMD FX 8350, 16GB 1600 goodram,gigabyte  ga-970а - DS3P, ATI RX5500 XT(7nm) 8 Gb, 1tb hdd Toshiba, chieftec proton 650вт.

Dmytro

Немного параноики.

У меня от провайдера внешний айпи, какой доступ в настройки Микрота мне лучше оставить если у меня фаерволл на нем настроен по дефолту?
Сейчас только ssh и ftp без ограничений по айпи и Winbox из адресов внутренней подсети. Может ssh убрать?
Сегодня звезды встали таким образом, что ты можешь гонять интересы. Однако, есть риск что на бесптичье и твоя жопа - соловей.

Mantikor

#62
Там десь має бути опція Services (здається), там де всякі http,ssh,winbox тощо.
Там краще для всіх в доступах прописати твою внутрішню підмережу, щоб доступу ззовні не було, тільки з середини.
Майже всі злами мікротіків відбуваються через те, що якийсь сервіс доступний з інтернету.

aNGeL

Цитата: Dmytro від 10 Березень 2021, 10:16:19
Немного параноики.

У меня от провайдера внешний айпи, какой доступ в настройки Микрота мне лучше оставить если у меня фаерволл на нем настроен по дефолту?
Сейчас только ssh и ftp без ограничений по айпи и Winbox из адресов внутренней подсети. Может ssh убрать?
Наружу лучше не открывать ничего, или если хочешь открыть - вешай на нестандартный порт
[CCCР]: ИС-7, ИС-4, Об. 277, Об.705А, СТ-II, Об. 268, Об. 268\4, Об. 261, Об. 140, Т-62А, Об. 430У, К-91
[Германия]: Maus, Е100, G.W. E 100 [США]: T110E5 [Франция]: AMX M4 mle. 54, AMX 50B [Британия]: Super Conqueror

Dmytro

Короче убрал все кроме Винбокса из внутренней подсети, оно мне все равно не нужно.
Сегодня звезды встали таким образом, что ты можешь гонять интересы. Однако, есть риск что на бесптичье и твоя жопа - соловей.

Dmytro

Сегодня звезды встали таким образом, что ты можешь гонять интересы. Однако, есть риск что на бесптичье и твоя жопа - соловей.

Dmytro

Обновился до RouterOS 7.1.1. Полет нормальный.
Сегодня звезды встали таким образом, что ты можешь гонять интересы. Однако, есть риск что на бесптичье и твоя жопа - соловей.

graved1gger

посижу пока на 6.49 пока 7 в стейбл не переведут
this gravedigga is completely broken. all we want is an old version of that toxic angry guy who hates everything and everyone © link. А вот я не уверен,  что старая версия будет доступна.

Mantikor


aNGeL

Цитата: Mantikor від 17 Січень 2022, 23:45:25
Так давно вже перевели. 7.1 та 7.1.1 стейбл
https://mikrotik.com/download/changelogs/stable-release-tree
Знайомі що оновились кажуть що ще трохи сирувата. Але wireguard працює
[CCCР]: ИС-7, ИС-4, Об. 277, Об.705А, СТ-II, Об. 268, Об. 268\4, Об. 261, Об. 140, Т-62А, Об. 430У, К-91
[Германия]: Maus, Е100, G.W. E 100 [США]: T110E5 [Франция]: AMX M4 mle. 54, AMX 50B [Британия]: Super Conqueror

Mantikor

Цитата: aNGeL від 18 Січень 2022, 10:12:11
Знайомі що оновились кажуть що ще трохи сирувата. Але wireguard працює
Залежно який функціонал потрібен. Я свою точку доступу оновив минулого місяця, проблем в роботі не побачив.

aNGeL

Цитата: Mantikor від 18 Січень 2022, 10:42:46
Залежно який функціонал потрібен. Я свою точку доступу оновив минулого місяця, проблем в роботі не побачив.
я чекаю наступного релізу щоб оновіті домашній
[CCCР]: ИС-7, ИС-4, Об. 277, Об.705А, СТ-II, Об. 268, Об. 268\4, Об. 261, Об. 140, Т-62А, Об. 430У, К-91
[Германия]: Maus, Е100, G.W. E 100 [США]: T110E5 [Франция]: AMX M4 mle. 54, AMX 50B [Британия]: Super Conqueror

graved1gger

Цитата: Mantikor від 17 Січень 2022, 23:45:25
Так давно вже перевели. 7.1 та 7.1.1 стейбл
https://mikrotik.com/download/changelogs/stable-release-tree
через винбокс говорит, что 7.1 и 7.1.1 в дев ветке
this gravedigga is completely broken. all we want is an old version of that toxic angry guy who hates everything and everyone © link. А вот я не уверен,  что старая версия будет доступна.

Mantikor

Цитата: graved1gger від 18 Січень 2022, 13:44:57
через винбокс говорит, что 7.1 и 7.1.1 в дев ветке
В мене 7 версія була в Update гілці, як і мало бути.

aNGeL

Цитата: Mantikor від 18 Січень 2022, 16:01:16
В мене 7 версія була в Update гілці, як і мало бути.
В мене теж там вже 7.1.1
[CCCР]: ИС-7, ИС-4, Об. 277, Об.705А, СТ-II, Об. 268, Об. 268\4, Об. 261, Об. 140, Т-62А, Об. 430У, К-91
[Германия]: Maus, Е100, G.W. E 100 [США]: T110E5 [Франция]: AMX M4 mle. 54, AMX 50B [Британия]: Super Conqueror

Dmytro

Цитата: graved1gger від 18 Січень 2022, 13:44:57
через винбокс говорит, что 7.1 и 7.1.1 в дев ветке
То ты просто куколд. Твой удел юзать только девелопскую версию, как и женщин впрочем.
Сегодня звезды встали таким образом, что ты можешь гонять интересы. Однако, есть риск что на бесптичье и твоя жопа - соловей.

aNGeL

RouterOS 7.8 [Stable]

!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
[CCCР]: ИС-7, ИС-4, Об. 277, Об.705А, СТ-II, Об. 268, Об. 268\4, Об. 261, Об. 140, Т-62А, Об. 430У, К-91
[Германия]: Maus, Е100, G.W. E 100 [США]: T110E5 [Франция]: AMX M4 mle. 54, AMX 50B [Британия]: Super Conqueror

aNGeL

RouterOS 7.9 [Stable]

*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) defconf - added CAPs mode script for wifiwave2 devices;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) ovpn - improved system stability for Tile devices;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - improved WPS connection speed;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
[CCCР]: ИС-7, ИС-4, Об. 277, Об.705А, СТ-II, Об. 268, Об. 268\4, Об. 261, Об. 140, Т-62А, Об. 430У, К-91
[Германия]: Maus, Е100, G.W. E 100 [США]: T110E5 [Франция]: AMX M4 mle. 54, AMX 50B [Британия]: Super Conqueror

Dmytro

Сегодня звезды встали таким образом, что ты можешь гонять интересы. Однако, есть риск что на бесптичье и твоя жопа - соловей.

Dmytro

Сегодня звезды встали таким образом, что ты можешь гонять интересы. Однако, есть риск что на бесптичье и твоя жопа - соловей.