What's new in 7.17beta2 (2024-Sep-27 10:07): !) device-mode - after upgrade, mode "advanced" is set by default and traffic-gen, changing active partitions, bootloader and downgrade features will be disabled; !) webfig - redesigned HTML, styling and functionality; *) 6to4 - fixed issue where 6to4 relay would not forward traffic unless destination address is set; *) adlist - improved system stability; *) adlist - improved logging; *) adlist - optimized import on system with low disk space; *) api - fixed REST API serialization of binary data; *) arm64/x86 - added missing PCI id for mlx4 driver; *) bridge - add HW offload support for active-backup bonds on 98DXxxxx, 88E6393X, 88E6191X and88E6190 switches; *) bridge - added interface-list support for VLANs; *) bridge - disallow duplicate static VLAN entries; *) bridge - disallow multicast MAC address as admin-mac; *) bridge - enable faster HW offloading when detect-internet is disabled; *) bridge - fixed incorrect HW offloaded port state in certain cases on MSTI add; *) bridge - fixed missing slave flag on port in certain cases; *) bridge - fixed port monitor with interface-lists; *) bridge - fixed port move command; *) bridge - fixed setting bridge MTU to L2MTU value; *) bridge - fixed unstable MLAG when host moved between bonds too quickly; *) bridge - ignore disabled interfaces when calculating bridge L2MTU; *) bridge - improved stability; *) bridge - removed support for master port config conversion (used before version 6.41); *) bth - improved stability on system time change; *) chr/arm64 - fixed kernel crypto use without crypto extensions for RPi CM4; *) cloud - changed ddns-enabled setting from "no" to "auto" (service is enabled when BTH is enabled); *) cloud - improved DDNS and VPN state stability; *) console - added :range command; *) console - added group-by property for print command; *) console - added lf/crlf options to :convert transform; *) console - added password property to "/system/ssh-exec" command; *) console - added to/from=num option for :convert command; *) console - allow clearing history for a specific user; *) console - allow setting width to supout.rif output; *) console - clear history when removing user; *) console - disallow autocomplete hints for user without read policy; *) console - fixed endless loop when closing input prompt; *) console - force print paging when output does not fit terminal width; *) console - improved printing output in some menus; *) console - improved scripting system stability; *) console - print warning in CLI after enabling protected bootloader; *) console - removed "chain" names from print parameter list and show all print parameters in "/ipv6/firewall/filter" directory; *) container - allow import from .tar.gz file; *) crypto - improve crypto speeds; *) device-mode - added "basic" mode and renamed "enterprise" to "advanced"; *) device-mode - added bootloader, downgrade and partitions features; *) device-mode - allow feature and mode update on x86 via power button and reboot/shutdown from AWS; *) device-mode - fixed feature and mode update on ARM64 Hetzner; *) device-mode - fixed feature and mode update via power-reset on MIPSBE devices; *) dhcpv4-client - correctly handle adding/setting emtpy dhcp-options; *) dhcpv4-client - respect Renewal-Time (58) and Rebinding-Time (59) options; *) dhcpv4-server - do not remove options set config when DHCP network is changed; *) dhcpv4/v6-server - added address-list parameter to which address will be added if the lease is bound; *) dhcpv6-client - added prefix-address-list parameter; *) dhcpv6-client/server - added support for DHCPv6 reconfigure messages; *) dhcpv6-server - include all existing prefixes (with lifetime 0) in renew reply and new prefix if RADIUS returns different prefix; *) discovery - added support for LLDP DCBX; *) discovery - use LLDP description field to populate platform, version and board-name; *) disk - allow to configure global and per disk mountpoint template - [slot],[model],[serial],[fw-version],[fs-label],[fs-uuid],[fs] variables supported; *) disk - improved system stability; *) disk - read/show exfat filesystem label; *) disk - remove 32 character slot name limit; *) disk - show detailed mountpoint users when unable to unmount; *) disk,nvme - show nvme namespaces if configured more than one on a nvme drive; *) dns - added option to create named DNS servers that can be used as forward-to servers (CLI only); *) dns - DoH whitelist support for adlist using static FWD entries; *) dns - whitelist support for adlist using static FWD entries; *) ethernet - improved interface stability for RB4011 devices; *) fetch - fixed certificate check when provided hostname is IP address; *) fetch - fixed large file (over 4GB) fetch in HTTP/HTTPS mode; *) file - correctly identify mounted disks; *) file - improved handling of changes to the file system; *) file - support files over 4GB size; *) file - update file size before trying to request content; *) firewall - added none-dynamic and none-static arguments for IPv6 address-list-timout settings; *) firewall - added warning log for TCP SYN flood; *) firewall - fixed "dst-limit" and "limit" mathers when using zero value for burst argument; *) firewall - removed default mangle passthrough=yes configuration from export; *) graphing - fixed graphing rule removal; *) graphing - fixed queue graph storing on disk; *) health - added cpu-overtemp-check on ARM, ARM64 devices (CLI only); *) health - hide settings in CLI if there is nothing to show; *) health - removed board-temperature on RB5009UPr+S+IN device; *) igmp-proxy - refactored IGMP querier; *) ike2 - improved performance by balancing multicore CPU usage for key exchange calculation also for initiator; *) iot - added an option to print out LoRa traffic in CLI (not GUI-only option anymore); *) iot - added new LoRa traffic FCnt packet counter parameter; *) iot - bluetooth peripheral device menu now displays correct iBeacon major/minor values; *) iot - fixed incorrect LoRa joineui filter export behavior; *) iot - improvements to LoRa device's stats tab; *) iot - removed crc-disabled and crc-error options from the LoRa forwarding; *) iot - removed LoRa pause traffic option/setting; *) iot - removed some LoRa radio related parameters (e.g. RSSI-OFF and Tx-enabled) that were not meant to be changed; *) ipv6 - added IPv6 settings related to stale IPv6 neighbor cleanup; *) isis - do not disable fast-path when isis is enabled on an interface; *) isis - fixed console flags; *) isis - fixed invalid L2 LSP type; *) isis - make it work when MTU is larger than 1500; *) isis - update interface MAC address on change (caused neighbor to stuck in init state); *) kid-control - use time format according to ISO standard; *) leds - fixed issue where interface LEDs might not properly disable in some cases; *) log - added basic validation for "disk-file-name" property; *) log - use time format according to ISO standard; *) lte - added option to check/install modem firmware from early-access/testing channel (CLI only); *) lte - added provider specific firmware update (FOTA) for Cosmote GR networks on Chateau 5G; *) lte - fixed long "PLMN search in progress" for SXT 3-7; *) lte - fixed signal info reporting for FG621-EA modem in UMTS network; *) lte - improved modem FW upgrade for Chateau 5G; *) lte - improvements to modem "firmware-upgrade" command; *) lte - modem firmware update (FOTA), added support to install provider specific version; *) lte - removed trailing "F" symbol from uicc; *) mac-telnet - use ASCII DEL as erase/backspace char instead of BS (fixes mac-telnet backspace for WinBox4); *) macvlan - improved error when trying to create new interface on already busy parent interface; *) macvlan - updated driver; *) mpls - added fast-path support for VPLS; *) mpls - added MPLS mangle support; *) mpls - added support for "ICMP Fragmentation needed"; *) mpls - do no drop LDP peering session on PW deactivation; *) mpls - do not reconnect VPLS on name or comment changes; *) netinstall - save and restore device-mode configuration on format; *) netinstall-cli - added "-o" option to install devices only once per netinstall run; *) netinstall-cli - fixed x86 detection; *) ospf - fixed memory corruption; *) ovpn - added VRF support to OVPN server (server menu now supports multiple entries and previous server configuration is automatically imported); *) ovpn - improved system stability; *) poe-out - upgraded firmware for PSE (BT) controlled boards (the update will cause brief power interruption to PoE-out interfaces); *) ppp - added support for bridge-port-pvid configuration via ppp profile; *) ppp - set APN/PDN type "IPv4/v6" according assigned PPP profile protocol setting; *) pppoe - added support for PPPoE server over 802.1Q VLANs; *) profiler - classify ppp processing; *) profiler - improved process classification; *) profiler - renamed radv process to radvd; *) ptp - added dynamic switch ACL rules in order to trap PTP packets to CPU instead of forwarding; *) ptp - added option to configure L2 transport with forwardable and non-forwardable MAC destination; *) ptp - display warning when none of the PTP ports has a link; *) ptp - restrict configuring g8275 profile with IPv4 transport; *) qos-hw - allow to disable/enable profiles, disabled or removed profile gets replaced with the default; *) qos-hw - enabling PFC on port also requires setting egress-rate-queueN; *) qos-hw - fixed export when changing default Tx Manager; *) qos-hw - fixed incorrect port byte-use counter; *) qos-hw - improved PFC behavior; *) qos-hw - improved WRED and ECN behavior; *) qos-hw - rename pfcN-pause and pfcN-resume to pfcN-pause-threshold and pfcN-resume-threshold; *) qos-hw - switch-cpu port trust settings are forced to "keep"; *) queue - improved system stability when too many simple queues are added; *) quickset - added "LTE AP" quickset profile with one wifi interface; *) romon - send uptime in discovery (CLI only); *) rose-storage - allow to set iscsi-iqn only when type=iscsi and allow nvme-tcp-name only when type=nvme-tcp; *) rose-storage - do not allow to format exported disks; *) rose-storage - enable autocomplete for local-path property in "/file/sync" menu; *) rose-storage - enable more threads for faster RAID sync; *) rose-storage - ensure unique nvme-tcp-names for nvme-tcp clients; *) rose-storage - improved error messages; *) rose-storage - improved system stability; *) rose-storage,raid - improved stability of degraded arrays on startup; *) rose-storage,raid - store superblock in 1.2 format, show raid super block info when detected to help with reassembling arrays; *) route - improved stability; *) routerboot - fixed boot MAC for MIPSBE CRS3xx and CRS5xx switches ("/system routerboard upgrade" required); *) rsync - fixed when used over ssh and spaces in directory names; *) sfp - fixed linking with 1Gbps optical modules with "combo-mode=sfp" configuration for CRS312 device; *) sfp - improved initialization for certain SFP modules on CRS309 and CRS317 devices; *) sfp - improved initialization and linking for some SFP modules; *) sfp - improved power control configuration for QSFP optical modules according to the EEPROM field; *) sfp - improved SFP auto-negotiation for L22, L23 devices; *) smb - stability improvements for client/server; *) socks - fixed comment property for access configuration; *) ssl/tls - improved performance; *) sstp - added pfs=required option to allow only ECDHE during TLS handshake; *) supout - print non BGP and OSFP routes if route list is too large; *) supout - reduce minimal RAM required for export to be included; *) supout - use separate LTE section; *) switch - added "all" argument for "new-dst-ports" switch rule property for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices; *) switch - added IPv6 flow label matching in switch rules for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices; *) switch - allow bond interfaces in switch rules for CRS3xx, CRS5xx, CCR2116 and CCR2216 devices; *) switch - allow matching network bitmask for IPv4 and IPv6 dst/src-address properties in switch rule; *) switch - disallow switch-cpu in "ports" and "new-dst-ports" rule properties for CRS3xx, CRS5xx, CCR2116, CCR2216 and RB5009 devices; *) switch - fixed L2MTU for 25Gbps ports; *) switch - fixed RSPAN error message when using mirror-target=cpu; *) switch - fixed rule disable in certain cases for 98DX224S, 98DX226S, and 98DX3236 switch chips; *) switch - fixed wrong MAC learning when port learning is disabled for 88E6393X, 88E6191X and 88E6190 switch chips; *) switch - force "mac-protocol" when matching IPv4 or IPv6 specific properties; *) switch - improved CPU performance for CRS328-24P-4S+ switch; *) switch - make switch rule "ports" property not required and unsettable (allows matching packets on all switch ports); *) switch - updated dynamic switch rules when using HW bridge with IGMP snooping (224.0.0.0/24 and ff02::/16 destination addresses are forwarded and copied to CPU); *) system - make ICMP error source address selection configurable (icmp-errors-use-inbound-interface-address parameter in ip settings); *) system - make TCP timestamp handling configurable (tcp-timestamps parameter in ip settings); *) upnp - rename service description file from gateway_description.xml back to gateway.xml; *) user-manager - improved stability; *) vrf - fixed packet handling with enabled queues; *) webfig - added search option for settings; *) webfig - fixed uploading files with Windows style newlines; *) webfig - hide inherited wifi password; *) webfig - improved keyboard navigation; *) webfig - reduce flickering when table is sorted by column with duplicate values; *) webfig - Skin Designer moved to centralized page; *) webfig - status page is deprecated, old status page config will work, but can't be updated or created; *) webfig - support unicode strings; *) wifi - added a debug log entry when switching channel; *) wifi - added ability to set security.owe-transition-interface to "auto"; *) wifi - added access-list stats (CLI only); *) wifi - added configuration.installation property to limit use of indoor-only channels; *) wifi - added debug log messages on station authentication mismatch; *) wifi - added last-activity property in registration table; *) wifi - added multi-passphrase (PPSK) support (CLI only); *) wifi - added option to reset MAC address (CLI only); *) wifi - added station-roaming support; *) wifi - allow IPv6 LL address in caps-man-addresses; *) wifi - disabled 802.11h on 2.4GHz station; *) wifi - fixed failure to resume operation after DFS non-occupancy period has elapsed; *) wifi - fixed the "no available channels" message still being displayed after a setting change has made some channels available; *) wifi - indicate radios' ability to perform a channel switch in their "hw-caps" attribute; *) wifi - indicate which channels are subject to DFS, or are indoor-only in output of "monitor" command; *) wifi - re-word the "SA Query timeout" log message to "not responding"; *) wifi - show authentication type and wireless standard used by each client in registration table; *) wifi - show regulatory limits on maximum bandwidth in output of radio/reg-info command; *) wifi - when operating in station mode, log more information when AP switches to an unsupported channel; *) wifi-qcom - added Superchannel country profile; *) wifi-qcom-ac - allow use of channel 144 under "Japan" regulatory domain; *) winbox - added "Scan" and "Test Disks" features under "System/Disks" menu; *) winbox - added MAC address support for "Group" property under "Bridge/MDB" menu; *) winbox - added missing properties under "IP/Neighbors" menu; *) winbox - fixed duplicate timezone names; *) winbox - fixed typo in "System/Reset Configuration" menu; *) winbox - minimal required version is v3.41; *) wireguard - do not initiate handshake when peer is configured as responder; *) wireless - added option to reset MAC address (CLI only); *) wireless - added vlan-id to registration-table; *) wireless - allow to set Canada2 country profile when locked with US lock package for CubeG device; *) wireless - fixed antenna gain for SXT5ac device; *) wireless - preserve configured country while using setup-repeater, added "country" argument (CLI only); *) zerotier - added debug logging; *) zerotier - do not show default settings in export; *) zerotier - upgraded to version 1.14.0;