Излязла е нова версия на RouterOS v7.14

[News]

7.14 changelog:

!) rose-storage - moved SMB service to the RouterOS bundle;
!) smb - removed legacy SMB service (replaced with newer and faster ROSE SMB service, compatible with SMB 2.1, SMB 3.0 and SMB 3.1.1);
*) 6to4 - make "ipsec-secret" sensitive parameter;
*) api - improved REST API stability when processing invalid requests;
*) api - properly return SNMP OIDs when requested;
*) arm - improved system stability when using microSD on RB1100Dx4;
*) arp - added ARP status;
*) bgp - allow to leak routes between local VRFs;
*) bridge - added MLAG support for MSTP bridges;
*) bridge - avoid per-VLAN host flushing on HW offloaded bridge;
*) bridge - fixed auto "path-cost" for bonding interfaces (introduced in v7.13);
*) bridge - fixed MLAG connection after peer-link flap (introduced in v7.13);
*) bridge - fixed packet forwarding after changing HW offloaded bridge interface settings in certain cases (introduced in v7.13);
*) bridge - improved bridge VLAN configuration validation;
*) bridge - improved configuration speed on large VLAN setups;
*) bridge - improved protocol-mode MSTP functionality;
*) bridge - improved protocol-mode STP and RSTP functionality;
*) bridge - make "point-to-point=yes" default value for non-wireless bridge ports;
*) bridge - removed "mst-config-digest" from MSTI menu;
*) bridge - try to set wireless bridge ports as edge ports automatically;
*) bth - added simple "Back To Home Users" manager under IP/Cloud menu;
*) calea - improved system stability when adding bridge rule without "calea" package installed;
*) certificate - improved certificate validation performance;
*) console - added ":tolf" and ":tocrlf" commands for converting line break to/from LF or CRLF;
*) console - added "show-at-cli-login" option to display a note before telnet login;
*) console - added missing "where" clause for "/ipv6/firewall/filter" table print command;
*) console - do not accept negative or too large values for ":delay" command;
*) console - do not allow to use out-of-range values for time type fields;
*) console - fix configuration export when user does not have a "sniff" policy;
*) console - fixed delayed output from ":grep" command in certain cases;
*) console - fixed incorrect behavior of ":onerror" command in certain cases;
*) console - hint on reset command help that ".rsc file" is required for "run-after-reset" parameter;
*) console - improved editor functionality in full screen mode;
*) console - improved stability when using autocomplete with "export";
*) console - increased maximum file content length that can be managed through command line to 60 KB;
*) console - updated copyright notice;
*) container - improved VETH interface management responsiveness and reliability;
*) container - restrict "/container/shell" menu for users without "write" permissions;
*) defconf - added log about configuration reset due to pressed reset button;
*) defconf - fixed Audience scanning-for-wps-ap timeout;
*) defconf - fixed configuration script on KNOT devices if "ppp-out" interface is removed;
*) defconf - fixed firewall rule for IPv6 UDP traceroute;
*) defconf - fixed wifi configuration if interface MAC address is changed;
*) defconf - improved wifi interface detection after upgrade;
*) defconf - increased LTE interface wait time;
*) defconf - updated health settings on configuration revert;
*) defconf - use "fq_codel" queue as default interface queue for wired ports on LTE devices;
*) dhcpv6-client - install dynamic IPv6 blackhole routes in corresponding routing-table;
*) dhcpv6-client - updated error logging when multiple prefixes received on renew;
*) disk - added exFAT and NTFS mount/read/write support;
*) disk - added global disk "settings" menu;
*) disk - fixed changing settings on some GPT formatted disks;
*) disk - properly unmount disk when it is disconnected;
*) dns - do not add new entries to cache if "cache-size" is reached;
*) dns - fixed domain name lookup resolving for internal services;
*) ethernet - fixed issue with default interface names for CRS310-8G+2S+ in rare cases;
*) ethernet - improved cable-test reliability for hAP ax3 PoE out port;
*) ethernet - resolved minor memory leak while processing packets;
*) fetch - added "head" option for "http-method";
*) fetch - added "patch" option for "http-method";
*) fetch - allow specifying link-local address in FTP mode;
*) fetch - allow to use certificate and check-certificate parameters only in HTTPS mode;
*) fetch - do not require "content-length" for HTTP (introduced in v7.13);
*) fetch - fixed DNS resolving when domain has only AAAA entries (introduced in v7.13);
*) fetch - fixed fetch execution when unexpected data is received in HTTP payload;
*) fetch - fixed fetch when using "src-path" with HTTP/HTTPS modes (introduced in v7.13);
*) fetch - fixed fetch when using "src-path" with SFTP mode (introduced in v7.13);
*) fetch - fixed incorrect "src-path" error message when "upload=yes";
*) fetch - fixed IPv4 address logging (introduced in v7.13);
*) fetch - improved fetch stability in SFTP mode;
*) fetch - improved file download stability with HTTP/HTTPS modes;
*) fetch - less verbose logging;
*) fetch - print all "Set-Cookies" headers in response;
*) fetch - treat any 2xx HTTP return code as success (introduced in v7.13);
*) filesystem - improved filesystem integrity for several RB3011 units with automatic firmware upgrade;
*) firewall - added "creation-time" parameter for IPv6 address list entries;
*) firewall - fixed underlying CAPsMAN tunnel reusing packet marks of encapsulated packets;
*) firewall - fixed underlying VXLAN/EoIP tunnel reusing packet marks of encapsulated packets;
*) firewall - increased default "udp-timeout" value from 10s to 30s;
*) health - added limited manual control over fans for CCR1016r2, CCR1036r2 devices;
*) health - changed default "fan-min-speed-percent" from 0% to 12%;
*) health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
*) health - show voltage when powering KNOT R through Micro-USB;
*) health - updated health properties for CCR1016r2, CCR1036r2 devices;
*) iot - added bluetooth whitelist wildcard asterisk support;
*) iot - added LoRa CUPs protocol support;
*) iot - fixed modbus partial frame reception issue;
*) iot - improved LoRa LNS;
*) iot - improved modbus Tx/Rx switching behaviour;
*) iot - improvements to GPIO behavior on boot;
*) iot - improvements to LoRa CUPS;
*) iot - removed bluetooth whitelist maximum entry limit of 8;
*) ipv6 - made "valid" and "lifetime" parameters dynamic for SLAAC IPv6 addresses;
*) isis - show passive interface active levels;
*) l3hw - fixed IPv6 host offloading in certain cases;
*) l3hw - fixed neighbor offloading after link flap;
*) l3hw - preserve offloading for VLANs when bridge ports are down;
*) leds - added "dark-mode" functionality for hAP ax3 and Chateau ax series devices;
*) leds - do not show LTE connection state/mode using RGB power LED from configless LTE modems;
*) leds - fixed "type=on" LED behaviour after reboot;
*) leds - fixed default LTE LED configuration for wAPR-2nD;
*) leds - fixed modem LED indication for SXT LTE 3-7;
*) leds - fixed wireless type of LED triggers for routers using WiFi package;
*) lte - added "at-chat" support for Sierra Wireless EM9293 5G modem;
*) lte - added AT channel support for Quectel EM120K-GL modem;
*) lte - added redial timer when the MBIM modem fails to register or does not receive APN activation notification;
*) lte - don't duplicate primary band in 5G SA mode for chateau 5G;
*) lte - fixed "use-peer-dns" setting for EC200A modem;
*) lte - fixed an issue for EC200A modem that IPv6 address could be added as IPv4 address;
*) lte - fixed APN authentication for FG621-EA modem;
*) lte - fixed MBIM interface enabling for Quectel EC25 modem (introduced in v7.13);
*) lte - fixed Simcom modem support in 0x9000; 0x9002, 0x9002; 0x901a and 0x901b USB compositions;
*) lte - fixed Simcom modem support in 0x9001 USB composition;
*) lte - fixed support for config-less modem detection (introduced in v7.13);
*) lte - fixed USB mode switch and initialization race condition for configless USB modems;
*) lte - improved FG621-EA modem firmware upgrade;
*) lte - improved modem recovery after failed IPv4 configuration;
*) lte - improved support for "ACER" and "MSFT" branded EM12-G modems;
*) lte - optimized "at-chat" response reading;
*) lte - refactored AT command control for AT modems;
*) modem - fixed SMS removal (introduced in v7.13);
*) modem - improved stability when performing modem FOTA upgrade;
*) mpls - fixed VPN fragmentation when forwarding IP traffic;
*) netinstall-cli - check package and device architecture before formatting;
*) ovpn - added support for pushing routes;
*) ovpn - improved "push-routes" option handling when large amount of routes is specified;
*) ovpn - improved key-renegotiation process;
*) ovpn - improved OVPN configuration file import process;
*) ovpn - improved system stability when using HW encryption on ARM64 devices (introduced in v7.13);
*) ovpn - limit the maximum length for "push-routes" up to 1400 characters;
*) package - added "size" property;
*) package - reduced "wireless" package size for ARM, ARM64, MIPSBE, MMIPS devices;
*) package - reduced package size for SMIPS;
*) poe-out - driver optimization for AF/AT controlled boards;
*) poe-out - fixed "power-cycle" for CRS354-48P-4S+2Q+ device (introduced in v7.13);
*) poe-out - improved 802.3at classification and measurement accuracy;
*) poe-out - improved cable test for hAP ac3 and hAP ax3 devices;
*) poe-out - improved PoE out reliability on routers with a single PoE out interface;
*) port - fixed support for USB/serial adapters (introduced in v7.13);
*) port - removed bogus serial port on RB750Gr3, RB760iGS and RBM11G devices;
*) ppp - added support for "WISPr-Session-Terminate-Time" RADIUS attribute;
*) ppp - log an error when IPv6 DHCP pool is exhausted;
*) ptp - added "aes67" and "smpte" profiles;
*) ptp - added configurable "domain" and "priority2" parameters;
*) ptp - added support for Management message forwarding in BC;
*) ptp - fixed "default" and "g8275.1" profiles go into "slave" instead of "uncalibrated" state;
*) ptp - fixed default values for "802.1as" profile;
*) ptp - fixed flags in Announce message;
*) ptp - fixed potential error in packet exchange;
*) ptp - make clock go into grandmaster state if slave port goes down;
*) qos-hw - fixed "tx-queue7-packet" counter;
*) route - fixed gateways of locally imported vpnv4 routes;
*) route - improved route print "count-only" process speed;
*) route - improved stability on route table lookup;
*) route-filter - added option to set "isis-ext-metric";
*) route-filter - fixed AS path matchers when input and output chains are used;
*) routerboard - added "reset-button" support for RBwAPR-2nD device;
*) sfp - added support for modules requiring single byte I2C read transactions;
*) sfp - fixed corrupted Tx traffic at 10Gbps rate on CCR2004-16G-2S+ in rare cases;
*) sfp - fixed corrupted Tx traffic at 10Gbps rate on RB4011 in rare cases;
*) sfp - improve high-power SFP module initialization;
*) sfp - improved combo-sfp handling for CRS328-4C-20S-4S+;
*) sfp - improved link establishment for RB4011 devices;
*) smb - added option to specify SMB service mode as "auto";
*) sms - fixed SMS inbox for FG621-EA modem (introduced in v7.13);
*) sms - fixed SMS sending from WinBox and WebFig (introduced in v7.13);
*) sms - improved system stability when working with SMS;
*) sms - increased SMS read timeout;
*) snmp - added "bgpLocalAs" and "bgpIdentifier" OID reporting;
*) snmp - fixed "bgpPeerFsmEstablishedTime" OID reporting;
*) snmp - hide "MikroTik" in LLDP MIB when branding with hide SNMP option is used;
*) snmp - updated timeout log;
*) ssh - improved SSH performance on ARM, MIPS, MMIPS, SMIPS and TILE devices;
*) ssh - refactored SSH service internal processes;
*) sstp - added support for "aes256-gcm-sha384" encryption;
*) sstp - improved system stability for PPC devices;
*) supout - added PTP section;
*) switch - fixed Ethernet disable/enable for CRS310-8G+2S+ devices;
*) switch - fixed reserved multicast receive on Atheros-8327, QCA8337 switches for R/STP bridge;
*) switch - improved 100G interface stability for 98DX4310 and 98DX8525 switches;
*) switch - minimise potential packet overflows on CRS354;
*) system - changed build time format according to ISO standard;
*) system - expose "lo" and "vrf" interfaces;
*) system - fixed "cpu-frequency" for CRS3xx ARM devices;
*) system - improved memory allocation for ARM64 devices;
*) system - improved RAM allocation for L009UiGS-RM;
*) system - improved system stability when processing packets in FastPath (introduced in v7.13);
*) system - properly assign destination port for HTTP/S connections initiated by the router (introduced in v7.13);
*) system - properly close HTTP/S connections initiated by the router;
*) system - provide more precise "total-memory" value for ARM devices;
*) system - provide more precise "total-memory" value under "System/Resources" menu for L009 and hAP ax lite routers;
*) tftp - improved invalid request processing;
*) timezone - updated timezone information from "tzdata2023d" release;
*) tr069 - don't duplicate cellular info in "X_MIKROTIK_5G" nodes when connected in NR SA mode;
*) tr069 - fixed bandwidth test;
*) tr069-client - show 5G signal info in X_MIKROTIK_5G nodes only for 5G NSA bands;
*) traffic-flow - use 64bit counters for v9 and IPFIX flows;
*) traffic-generator - improved system stability when receiving bogus traffic;
*) usb - show "Supermicro CDC" adapter as Ethernet interface;
*) vlan - fixed non-running VLAN interface after failed MTU change;
*) vrf - prevent VRF interface name collision with interface lists;
*) vxlan - fixed underlying tunnel reusing routing marks of encapsulated packets;
*) webfig - fixed routing table filter under "IP/Routes" menu;
*) webfig - fixed setting the user's password;
*) webfig - fixed showing WireGuard peers;
*) webfig - improved stability when adding new entries under "IP/Routes" menu;
*) wifi - added "station-pseudobridge" interface mode;
*) wifi - fixed issue with setting country profile (introduced in v7.13.1);
*) wifi - improved handling of CAP connections in dual CAPsMAN scenario;
*) wifi - increased value for SAE retransmit period to 3s to improve WPA3 compatibility with IoT client devices;
*) wifi - use "Latvia" as the default value for "country" property;
*) wifi - use correct CAP identity for interface name provisioning after it has been changed by remote-cap/set-identity;
*) wifi-qcom - enable display of regulatory information on L11,L22 devices;
*) wifi-qcom - fixed new connections, when maximum supported number of MAC addresses behind connected station-bridges is reached;
*) wifi-qcom - improve system stability for L11, L22 devices;
*) wifi-qcom - improved memory allocating process;
*) wifi-qcom - improved regulatory compliance for L11, L22 devices;
*) wifi-qcom - improved system stability when using FastPath (introduced in v7.13);
*) winbox - added "accept-protocol-version" parameter to the L2TP server settings;
*) winbox - added "mode-button" and "switch" menus for L41G-2axD&FG621-EA;
*) winbox - added "Name" parameter under "Tools/Netwatch" menu;
*) winbox - added "page-refresh" setting to the Graphing settings;
*) winbox - added "Port Cost Mode" setting under "Bridge" menu;
*) winbox - added "VRF" parameter under "Tools/Ping" menu;
*) winbox - added "x25519" argument for "DH Group" parameter under "IP/IPsec/Profiles" menu;
*) winbox - added missing "Protocol" arguments under "IPv6/Firewall" menu;
*) winbox - added missing monitoring properties under "WireGuard/Peers" menu;
*) winbox - added Preboot Etherboot settings to the System/RouterBOARD/Settings menu;
*) winbox - do not show USB settings for CRS devices that does not need it;
*) winbox - fixed "Bridge Cost" range under "Interfaces/VPLS" menu;
*) winbox - fixed "Password" button under "Quick Set" menu;
*) winbox - improved connection speed and reliability;
*) winbox - improved route table automatic refresh process for static routes;
*) winbox - improved status values under "System/PTP" menu;
*) winbox - improved system stability with large packets;
*) winbox - include "te-tunnel" parameter in VPLS interface monitor;
*) winbox - properly validate "passthrough-subnet-size" in the LTE APN settings;
*) winbox - remove "Root Bridge ID" property under "Bridge/MSTIs" menu;
*) winbox - removed "sfp all" option from combo port settings;
*) winbox - renamed "Wireless Table" menu to "Wifi";
*) winbox - show "routing-table" column under IP/Route menu by default;
*) winbox - show all columns under "Routing/PIM SM/Static RP" menu by default;
*) wireguard - do not allow to use multiple WireGuard interfaces on the same "listen-port";
*) wireguard - optimised and improved WireGuard service logging;
*) x86 - fixed VLAN tagged packet transmit for igb (introduced in v7.12);

Свали от тук

[ianiovski]

Някой има ли проблеми с новото SMB, защото имам сложена карта памет в RB750Gr3 и след ъпдейта вече не работят нещата ? Не ми намира по никакъв начин споделената директория. 

[NetworkPro]

smb - removed legacy SMB service (replaced with newer and faster ROSE SMB service, compatible with SMB 2.1, SMB 3.0 and SMB 3.1.1);

 

вероятно трябва да се пренаконфи сървъра и клиента трябва да поддържа тези версии на SMB какъв е клиента ?

[ianiovski]

Ами деактивирах, активирах на ново, направих нов шер на директорията, за друго не се сещам какво мога да направя. Иначе го пробвам от компютъра ми с Windows 11.

[JohnTRIVOLTA]

Мисля, че това дава яснота "ROSE - package adds additional enterprise data center functionality to RouterOS - for supporting disk monitoring, improved formatting, RAIDs, rsync, iSCSI ,NVMe over TCP, NFS and improved SMB. This functionality currently is supported on arm, arm64, x86 and tile platforms."

Според мен, за другите платформи трябва да се седи с по-старa версия на ROS, където работи стария сървис!

[dobatavision]

Вече има и Push routes към OVPN клиента. 

[ianiovski]

То и старият не работеше както трябва, само през WireGuard не можеше да се ограничи да се достъпва, трябва да му дадеш на All интрерфейс, за да работи през него. 

[111111]

Закачането през WiFI към TP-Link меш глупостите вече е стабилно след тоз ъпдейт.

Преди варираше сега си седи на макс

[hgd]

Преди 3 часа, ianiovski написа:

Ами деактивирах, активирах на ново, направих нов шер на директорията, за друго не се сещам какво мога да направя. Иначе го пробвам от компютъра ми с Windows 11.

!) rose-storage - moved SMB service to the RouterOS bundle;

 

Дръпна ли си Extra packages и от него взе ли си пакета за твоя микротик?

[JohnTRIVOLTA]

преди 12 минути, hgd написа:

!) rose-storage - moved SMB service to the RouterOS bundle;

 

Дръпна ли си Extra packages и от него взе ли си пакета за твоя микротик?

Неговия борд е hEX gr3 . MMIPS не се поддържа и респективно няма такъв пакет!

[ianiovski]

И какво излиза,че с новия ъпдейт не мога да  ползвам SMB 

[JohnTRIVOLTA]

преди 10 минути, ianiovski написа:

И какво излиза,че с новия ъпдейт не мога да  ползвам SMB 

Сякаш да, все едно остава само за тези, които са с Rose Storage. В потвърждение, ми изчезна и на мен SD картата на един RBM33G, но пък tile, x86 и ARM64 си работят!

[111111]

А при свързване изписва ли:
Network error 1208
което е грешка в автентификацията на SMB

друго което забелязвам е че буха празни места в името, от "hAP ac lite" шера е същото само че с главни букви и не е достъпно

The server name cannot be resolved.

Error: The object was not found.

Server name: HAP AC LITE

Guidance:
The client cannot resolve the server address in DNS or WINS. 
This issue often manifests immediately after joining a computer to the domain, 
when the client's DNS registration may not yet have propagated to all DNS servers. 
You should also expect this event at system startup on a DNS server 
(such as a domain controller) that points to itself for the primary DNS. 
You should validate the DNS client settings on this computer using IPCONFIG /ALL and NSLOOKUP.

по ИП си иска име и парола но пак нищо

The server does not support multichannel.

Server name: \192.168.1.248

Guidance:
The client attempted to use SMB Multichannel, 
but an administrator has disabled multichannel support on the server. 
This may also be a non-Microsoft file server that does not support multichannel 
or has multichannel disabled. 
You can enable SMB Multichannel on the server using this Windows PowerShell cmdlet: 
Set-SmbServerConfiguration -EnableMultiChannel:$true. 
This event does not apply to the multichannel settings of SMB client, 
which are controlled by the 
Set-SmbClientConfiguration Windows PowerShell cmdlet. 
Enabling or disabling client multichannel support does not affect server multichannel support.

С разрешено име и парола

The signing validation failed.

Error:STATUS_SUCCESS

Server name: \192.168.1.248
Session ID:0x1
Tree ID:0x0
Message ID:0x3
Command: Session setup

Guidance:
This error indicates that SMB messages are being modified in transit across the network from the server to the client. 
This may be due to the session ending on the server, a problem with the network, a problem with a third-party SMB server, 
or a "man-in-the-middle" compromise attempt.

PacketFragment:0

без име и парола

The AllowInsecureGuestAuth registry value is not configured with default settings.

Default Registry Value:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"AllowInsecureGuestAuth"=dword:0
Configured Registry Value:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"AllowInsecureGuestAuth"=dword:1

Guidance:
This event indicates that an administrator has enabled insecure guest logons. 
An insecure guest logon occurs when a server logs the user on as an unauthenticated guest, 
typically in response to an authentication failure. 
Guest logons do not support standard security features such as signing and encryption. 
As a result, allowing guest logons makes the client vulnerable to man-in-the-middle attacks that can expose sensitive data on the network. 
Windows disables insecure guest logons by default. 
Microsoft does not recommend enabling insecure guest logons

 

Има още нещо за напасване но за сега не го схващам.

[ianiovski]

Накрая май ще си купя един NAS...... и проблема ще се реши. 

[NetworkPro]

Не знам как да ти помогна понеже не съм тествал новия сторидж пакет все още.

 

На твое място бих ползвал готин NAS визуално който рънва x86 unRAID но и Synology не е гадно.

 

И като дойде гаджето на гости и показваш таз гъзария и викаш виж кво имам и всички онемяват.

 

Тва е живота.