What's new in 7.20beta6 (2025-Jul-14 14:01):

*) bgp - execute community based decisions before output filter (fixes problem with no-export);
*) bgp - show correctly IPv4 route with IPv6 nexthop in BGP advertisements and route print;
*) bgp-vpn - always prefer local VPN route during selection;
*) bgp-vpn - take into account instance configuration when selecting vpnvX routes (introduced in v7.20beta2);
*) capsman - filter non-installed packages on upgrade (introduced in v7.18);
*) dhcp-client - added option to control broadcast flag for DHCP Discover and Request packets, except when renewing the lease;
*) esim - added option to activate eSIM profile after provisioning;
*) esim - added option to specify activation code for eSIM provisioning;
*) esim - make profile management messages more consistent;
*) evpn - send PMSI attribute;
*) ipv6 - fixed policy routing;
*) leds - fixed issues after changing "dark-mode" configuration (introduced in v7.19);
*) modem - fixed missing SIM/eSIM slot selection on ATL 5G R16 (introduced in v7.20beta2);
*) net - ensure packet sockets from containers do not disable RouterOS fastpath/fasttrack;
*) port - added support for Silicon Labs USB serial adapters (vendor id=0x10C4);
*) ptp - allow priority1 value of 0 (improves stability when receiving announce messages with priority1 set to 0);
*) route - prefer link-local nexthop when both global and local are present;
*) route - show correct route type for ISIS routes;
*) routing-filter - added gw-ll parameter;
*) ssh - fixed non-interactive console command response truncation;
*) supout - removed File section (due to high memory usage and long processing time);

Other changes since v7.19:

*) arm - improved system stability when processing encrypted traffic;
*) arm64 - increased maximum number of CPU cores to 128;
*) bfd - fixed socket leak (additional fixes);
*) bgp - added brief, unnumbered output for advertisements list;
*) bgp - added initial EVPN support;
*) bgp - added NLRI filter for more precise accept/discard of ipv4/6 prefixes;
*) bgp - automatically create output.network blackhole routes;
*) bgp - decode and log notifications;
*) bgp - do not show router-id error when instance is not active (introduced in v7.20beta2);
*) bgp - fixed origin cleanup for mpls-vpn (introduced in v7.20beta2);
*) bgp - fixed warning when instance is not active (introduced in v7.20beta2);
*) bgp - fixed withdraw when input.accept-nlri is non-existent;
*) bgp - introduced BGP instance configuration (note, downgrading to earlier versions without instance support may cause config issues);
*) bgp - migrate correctly router-id and ASN to instance (introduced in v7.20beta2);
*) bgp - print aigp attribute in advertisements;
*) bgp - refresh WinBox when BGP session is created/deleted;
*) bgp - support for Advertising IPv4 Network Layer Reachability Information (NLRI) with an IPv6 Next Hop;
*) bridge - added dynamic tagged entry named "switch-cpu" in scenarios where the same VLAN spans multiple switch chips or is used on both HW and SW ports (additional fixes);
*) bridge - added verbose STP debug logging (rx/tx BPDU, edge-port and port-role transitions, FDB flush);
*) bridge - allow IPv6 FastPath when dhcp-snooping is enabled;
*) bridge - disable/enable HW offload on bonding slave disable/enable (fixes potential MAC learning issue);
*) bridge - fixed port-id when adding a new port in non-primary MLAG;
*) bridge - refactored host learning logic in MLAG setups in order to make it more robust and predictable;
*) btest - properly close unsuccessful TCP test sockets;
*) bth - added extra file-share functionality for use with apps;
*) bth - improved tunnel name in client config export;
*) bth,file - added direct file sharing from the WinBox Files menu;
*) certificate - added "Amazon Root CA 1" to built-in root certificate authorities store;
*) certificate - improved stability after failed import;
*) chr - added Chelsio VF driver for PCIID 5803;
*) cloud - fixed restoring "BTH Files" service after a prolonged network outage;
*) cloud - reduced "BTH Files" ping interval dynamically upon failure;
*) console - added non-interactive (scriptable) serial-terminal support;
*) console - added prompt to /disk/format command;
*) console - added use-tz option to :timestamp command;
*) console - fixed :convert to=num on MIPSBE;
*) console - fixed /file/find not recursive by default (introduced in v7.20beta2);
*) console - fixed /file/read command (introduced in v7.20beta2);
*) console - improved stability and visuals for /interface/wireless/snooper/snoop;
*) console - improved visuals for brief print when displaying large tables;
*) console - improved visuals for hexadecimal strings;
*) console - improved visuals for hiding sensitive commands;
*) console - include flags by default when printing to value;
*) console - prioritize directory specific parameters and hide rarely used ones in print autocomplete (additional fixes);
*) console - replace TAB characters with spaces when editing scripts and added tab-width user configuration in /console/settings;
*) console - unified string representation of ID values;
*) console - updated hints for some /file/print parameters;
*) console - validate filenames upon addition (if enabled in /console/settings);
*) container - added "device" option to pass a device from /system/hardware menu to a container;
*) container - added /container/log menu, keep 100 messages per container;
*) container - added default print brief mode;
*) container - added initial support for container in container setups;
*) container - added option to execute commands inside a container using "/container/shell cmd= user=";
*) container - added per-container memory limiting and monitoring;
*) container - added repull command;
*) container - added SCTP support;
*) container - added support for cpuset, cpu, memory, pids cgroups;
*) container - allow picking passthrough devices by descriptive name;
*) container - allow read-only mounts;
*) container - allow to mount individual files, not just directories;
*) container - allow to specify multiple envlists;
*) container - allow to use multiple veths in a container, change the in container interface name to same as in RouterOS;
*) container - can use KVM (x86 and arm64) in container QEMU for faster virtualization;
*) container - display any error prominently in WinBox;
*) container - do not allow multiple containers with same root directory;
*) container - enable check-certificate by default for new remote imports;
*) container - fixed containers that use inotify interface;
*) container - fixed environment variables not being passed to "/container/shell" properly;
*) container - fixed QEMU VM to host bridge;
*) container - improved compatibility when running containers with custom "cmd" and "entrypoint" commands;
*) container - improved error and log messages;
*) container - prevent user from setting "root-dir=/" for a container;
*) container - show a more descriptive error when tar extraction fails, particularly "No space left on device";
*) container - show config.json to user;
*) container - show explicit stopped flag for container;
*) container - stability improvements (additional fixes);
*) container - support for direct access to hardware devices;
*) container - terminate containers on shutdown, allow them to clean up properly;
*) dhcp - show error only after interface status is synced with the system (instead of erroneously displaying it immediately);
*) dhcp-client - show warning if DHCP client is configured on dot1x server port;
*) dhcp-server - do not show "I" flag when server is disabled;
*) dhcp-server - improved logging when dual-stack is enabled but fails to acquire client MAC from DUID;
*) dhcpv4-client - allow specifying DSCP of outgoing packets;
*) dhcpv4-client - allow specifying vlan-priority of outgoing packets (for VLAN interfaces only);
*) dhcpv4-client - show "custom-hostname-suffix" and "custom-source-mac-address" properties if set;
*) dhcpv4-server - added "add dns" step to setup wizard;
*) dhcpv4-server - added "lease-agent-circuit-id" and "lease-agent-remote-id" variables to the lease script;
*) dhcpv4-server - added "ntp-none" parameter;
*) dhcpv4-server - changed the default value of address-pool to "static-only" in the option matcher, removed "none" option;
*) dhcpv4/v6-client - properly resume client service after underlying interface status changes;
*) dhcpv4/v6-server - added CoA support;
*) dhcpv6-client - added "accept-prefix-without-address" allowing client to accept prefix when address is not available although requested;
*) dhcpv6-client - update the routing table and address list on manual client configuration changes;
*) dhcpv6-server - added "ignore-ia-na-bindings" setting that allows server to ignore address requests and work just with prefixes;
*) dhcpv6-server - do not trim real client DUID when assigning it to the binding;
*) discovery - disable discovery on loopback, LTE, ppp-out interfaces;
*) discovery - improved LLDP Power via MDI TLV with 802.3bt specific field support;
*) discovery - report router as "CAPsMAN" on MNDP under "running" parameter;
*) disk - allow to format multiple disks at once;
*) disk - allow to remove Btrfs device by ID;
*) disk - better manage disks disappearing from RAID;
*) disk - cleanup mountpoint when setting mount-filesystem=no;
*) disk - disallow adding SMB share or user with empty name;
*) disk - do Btrfs remove-device asynchronously;
*) disk - fixed RAID component size to match the value in the superblock;
*) disk - offer to blink only PCI slots in console;
*) disk - rename raid-role=unspecified to spare;
*) disk - reset RAID role of old disk after spare assumes a new role;
*) disk - show error when file based block-device uses a mountpoint to be unmounted;
*) disk - show total/free inode counts for fs's that support it;
*) dlna - recognize flac extension;
*) dns - fixed memory leak when static CNAME record was matched;
*) ethernet - improved ethernet stability when handling invalid packets on Alpine CPUs;
*) ethernet - improved performance for hEX Refresh and hEX S (2025);
*) evpn - fixed auto ID setting (introduced in v7.20beta2);
*) evpn - fixed enable/disable handling (introduced in v7.20beta2);
*) evpn - fixed instance handling (introduced in v7.20beta2);
*) evpn - fixed MACIP address decode (introduced in v7.20beta2);
*) evpn - fixed missing RD (introduced in v7.20beta2);
*) evpn - fixed route print query by EVPN AFI (introduced in v7.20beta2);
*) fetch - display file sizes between 1-1023 bytes as 1KiB (instead of 0KiB);
*) fetch - include RouterOS version in the "User-Agent" field;
*) file - fixed console completion not showing all files (introduced in v7.20beta2);
*) file - fixed duplicate in WinBox Files menu when sharing a file in a folder (introduced in v7.20beta2);
*) file - improved file handling performance in WinBox v4;
*) filesystem - improved calculation of free space on NAND flash (fixes potential "disk is too small" issue);
*) firewall - added connection tracking "total-ip4-entries" and "total-ip6-entries" counters;
*) firewall - allow "dst-limit" matcher to work properly above value 10000;
*) firewall - improved IPv6 connection tracking lookup responsiveness;
*) firewall - improved system stability when processing connections on multicore systems;
*) firewall - reorganized firewall connection tracking table values and make them persistent between IPv4 and IPv6;
*) flashfig - bind to local address (fixes issue when multiple interfaces are enabled);
*) hotspot - allow only "http:" and "https:" schemas in dst field;
*) iot - added an option to increase the amount of LoRa's traffic entries displayed;
*) iot - adjusted default LoRa antenna gain values for specific devices;
*) iot - iot-bt-extra package stability improvement and additional dongle support;
*) iot - LoRa netid filters now can be configured as a "range";
*) iot - LoRa stability improvement (additional fixes);
*) iot - LR8G/9G firmware update (additional fixes);
*) iot - removed lora-package, LoRa functionality was moved into iot-package;
*) iot - removed non-existent GPIO pin functionality;
*) ip - added socksify feature and new NAT action "socksify";
*) ip-service - fixed "print count-only interval" when dynamic entries are added (introduced in v7.19);
*) ip-service - fixed setting services by name (introduced in v7.19);
*) ip-service - show service name "nfs" for port 2049;
*) ipsec - fixed degraded IPsec performance for IPQ-6010 (introduced in v7.17);
*) ipsec - fixed responder on key exchange compute failure (introduced in v7.19);
*) ipsec - move raw RSA keys to /ip/ipsec/key/rsa;
*) ipv6 - added support for IPv6 ND proxying of individual addresses;
*) ipv6 - do not allow removal of dynamic address on lo interface;
*) ipv6 - fixed "auto-link-local" feature on WireGuard interface;
*) ipv6 - make pref-src work and settable for static routes;
*) isis - added passive parameter for interface templates;
*) l2tp-ether - fixed interface creation/removal process;
*) log - added command to clear memory action entries;
*) log - improved the "transmit loop detected" warning log;
*) log - output PoE-Out LLDP negotiation to poe,info topic;
*) lte - added "done" status for modem firmware-upgrade version check;
*) lte - added "remove-sent-sms-after-send" option to automatically delete sent SMS messages;
*) lte - added log entry if eSIM has no profiles on read;
*) lte - added modem-init string response to system log;
*) lte - added show-capabilities eSIM presence detection for MBIM modems;
*) lte - added support for R11e-LTE6 v039 firmware release;
*) lte - allow only one IPv6 APN for AT modems;
*) lte - AT modems, fixed typos in commands sent to modem when APN with authentication is used (AT+CGAUTH; AT$QCPDPP);
*) lte - display ICCID regardless of SIM PIN entry status;
*) lte - do not dial further if modem detects eSIM without profiles;
*) lte - do not reconfigure modem if deactive eSIM profile is deleted;
*) lte - exempt eSIM provision from global CRL certificate settings;
*) lte - exit LTE scan if modem reconfigured;
*) lte - fallback to RA for global IPv6 if unattained via AT channel (resets on config change);
*) lte - fixed eSIM management function for mmips and mipsbe architecture CPUs;
*) lte - fixed eSIM provisioning for servers that do not send content-length in the HTTP response;
*) lte - fixed inappropriate LTE interface inactive flag shown during modem initialization;
*) lte - fixed modem recovery for unexpected modem reboot for Chateau 5G and Chateau 5G R16;
*) lte - fixed progress message for R11e-LTE modem firmware-upgrade;
*) lte - fixed rare case where AT dialer could stop;
*) lte - improved EC200A-EU firmware-upgrade stability;
*) lte - improved SMS sending stability over MBIM protocol;
*) lte - R11e-LTE and R11e-LTE6, fixed possible crash on device unexpected removal or during RouterOS shutdown;
*) lte - refresh eSIM profile list after successful provision;
*) lte - renamed "uicc" to "iccid" in LTE monitor and eSIM profile print;
*) lte - show ip-type in /interface/lte/apn/print;
*) lte - use modem-supplied IPv6 address over EUI-64 when available;
*) macvlan - allow creating macvlan interfaces on all interfaces with a MAC address;
*) mpls - improved stability when handling VPLS packets;
*) net - fixed possible slave flag issues after user configuration changes;
*) net - improved system stability when processing TCP/UDP connections;
*) net - prevent removal of lo interface via WinBox;
*) netinstall - added after-install controls (reboot after installation, shutdown after installation, none);
*) netinstall - alert on unreadable configuration scripts;
*) netinstall - detect inactive install interface;
*) netinstall - fixed install for PPC devices;
*) netinstall - fixed mutually exclusive checkbox behavior;
*) netinstall - show router and package architecture;
*) netinstall - warn user if not enough space on device;
*) netinstall-cli - added MAC filter option "--mac";
*) netinstall-cli - added multiple install option "-m";
*) netinstall-cli - improved client device architecture detection;
*) netwatch - added "early-success-detection" and "early-failure-detection" properties for ICMP probe;
*) netwatch - fixed date and time for stats;
*) ovpn - added support for sha384 hmac;
*) ovpn - improved tunnel setup speeds in configurations with large ammount of active OVPN clients;
*) partitions - fixed failure to repartition correctly from 32MB partition size;
*) partitions - hide partition menu on unsupported boards (without NAND);
*) partitions - limit minimal partition size to 60MB;
*) poe-out - upgraded firmware for 802.3at/bt controlled boards (the update will cause brief power interruption to PoE-out interfaces);
*) port - added IPv6 support for "remote-access" tool;
*) port - improved port status handling at unexpected device removal;
*) ppp - added "dhcpv6-use-radius" PPP profile feature that enables "use-radius" option on dynamically created DHCPv6 servers;
*) ppp - added "remote-ipv6-prefix-reuse" PPP profile feature that allows to advertise same prefix on multiple VPN clients at the same time;
*) ppp - added DHCPv6 assigned prefix to address list when configured and received from RADIUS;
*) ppp - added dhcpv6-lease-time profile configuration property;
*) ppp - do not send initial echo request if keepalive-timeout=disabled;
*) ppp - improved system stability when closing connections;
*) pppoe-server - added accept-untagged=yes/no option to accept untagged traffic in combination with pppoe-over-vlan-rage property;
*) ptp - added PTP support for RDS2216 device;
*) qos-hw - added mirror-buffers property and monitoring values;
*) radius - fixed issue with Session-Timeout attribute functionality;
*) radius - fixed RADIUS client section becoming unresponsive when RadSec is configured, but server is not responding;
*) radius - fixed wrong RadSec port number in logs;
*) radius - properly verify certificate when RadSec is used;
*) romon - changed default "disabled=yes" to "disabled=no" under /tool/romon/port;
*) romon - improved error message;
*) route - added missing and remove unnecessary parameters from /ipv6/route menu;
*) route - afi naming consistency in logs;
*) route - attempt to clean up stuck routes in the routing table;
*) route - do not allow to modify dynamic routes;
*) route - fixed destination ordering for SNMP;
*) route - fixed issue when route table is installed to kernel without fib setting;
*) route - fixed SNMP probing of IPv6 routes;
*) route - improved stability;
*) route - make routing table print faster with hw-offload, gateway and blackhole queries;
*) route - removed fib-reinstall;
*) route - update router ID when disabled address is removed;
*) routerboot - fixed boot MAC for CRS212 switch ("/system routerboard upgrade" required);
*) routing-filter - added filter-wizard (filter generator with v6-like syntax);
*) routing-filter - added sync command;
*) routing-filter - make "chain" and "list" parameters required when adding new item;
*) sfp - added sfp-power-class and sfp-max-power monitor values for QSFP (additional fixes);
*) sfp - fixed low power mode pins on CRS326-4C+20G+2Q+ for optical QSFP modules;
*) sfp - fixed qsfp28 breakout disable;
*) sfp - improved initialization and linking for sfp28 on CRS518;
*) sfp - improved system stability with some GPON modules for CCR2004 and CCR2116 devices;
*) smips - reduced package size, removed hotspot feature and provide it as a separate package;
*) sniffer - added CPU number and fast-path status in per-packet comment;
*) sniffer - save packets in pcapng format, it now includes interface name the packet was sniffed on, packet direction and nanosecond timestamp resolution;
*) snmp - added SNMP OIDs for firewall connection tracking "total-entries", "total-ip4-entries" and "total-ip6-entries";
*) ssh - improved stability on busy server;
*) ssh - show user public key fingerprint under /user/ssh-keys;
*) ssh/sftp - fixed session disconnects during file transfer;
*) supout - added certificate settings section;
*) supout - added IPv6 NAT section;
*) switch - fixed ACL rules when ports are not specified (fixes dynamic rules for RoMON);
*) switch - fixed ACL rules with "redirect-to-cpu" (introduced in v7.20beta2);
*) switch - fixed advertise and speed settings for ether1 on RB5009 (introduced in v7.20beta2);
*) switch - fixed bonding issues after switch reset (introduced in v7.18);
*) switch - fixed egress-rate on QSFP ports;
*) switch - fixed port blocking by MSTP for 88E6393X, 88E6191X and 88E6190 switches;
*) switch - fixed port blocking with spanning tree on EN7523 switch (introduced in v7.19);
*) switch - hide cpu-flow-control on irrelevant devices;
*) switch - improved bond MAC flush for 88E6393X, 88E6191X and 88E6190 switches;
*) switch - improved hash calculation for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98CX8410 switches (affects load balancing for bonds, ECMP routes, and VXLAN source port);
*) switch - improved ingress-rate limit precision for 88E6393X, 88E6191X and 88E6190 switches;
*) switch - reset all Ethernet counters on reset-counters command on QoS Port menu;
*) switch - rework ethernet counters (add tx-drop-queueX-byte/packet, tx-drop-byte/packet, tx-queueX-byte to /in/eth and updated GUI);
*) swos - changed firmware file location (URL) for software update checks;
*) system - added support for OpenFlow 1.3 (new package "openflow" available);
*) system - do not automatically retry in case /system/package/update download fails;
*) system - fixed bb-upgrade failure on RB5009;
*) system - fixed certain notifications (e.g. kid-control activity, connection tracking table) (introduced in v7.17);
*) system - improved system configuration journaling procedure;
*) system - improved system stability when processing large amount of traffic;
*) system - improved system stability when using FastTrack;
*) system - merge /system/resource/usb and /system/resource/pci into /system/resource/hardware and create a device tree;
*) system - reduced RouterOS ARM package size;
*) usb - improved system stability after unplugging USB device for RB5009;
*) user - change /user/active/request-logout to /user/active/remove;
*) veth - added dhcp=yes/no property to be able to easily run a container in LAN, runs a special dynamic dhcp-client on interface and sets acquired address/gateway/dns to in-container interface;
*) veth - added mac-address property;
*) veth - make veth interface MAC address stable in both RouterOS and container (container-side MAC incremented by +1 from RouterOS-side interface);
*) vrrp - added "connection-tracking-port" and "connection-tracking-mode" settings for "sync-connection-tracking" (additional fixes);
*) vrrp - added proxy-arp support;
*) vrrp - fixed sync-connection-tracking issue when parent interface is disabled/enabled; 
*) vrrp - improved responsiveness when router has many IP addresses depending on VRRP state;
*) vrrp - make MTU property read-only;
*) vxlan - added checksum and learning properties;
*) vxlan - improve stability when learning enabled interface used with EVPN (introduced in v7.20beta2);
*) webfig - added token authentication (no password prompt on reload or new window, logout button will log out all related sessions, removing a user will disconnect from active sessions);
*) webfig - allow network map scrolling in Dude;
*) webfig - basic mobile keyboard support for terminal;
*) webfig - do not show Keepalive if not set in GRE Tunnel form;
*) webfig - filter out unusable Bands and Channels for wifi interfaces;
*) webfig - fixed an issue where dynamic dropdown lists were hidden despite having values;
*) webfig - fixed hiding New button with skins;
*) webfig - fixed issue where legacy WebFig login page was used;
*) webfig - fixed skin limits for radio buttons;
*) webfig - fixed Target field duplicate when disabling simple queue;
*) webfig - improved screen reader support for wifi fields in Quickset;
*) webfig - improved stability when displaying read-only scripts;
*) webfig - make columns a bit wider in tables;
*) webfig - make the Close buttons actual buttons, not links;
*) webfig - mask certain fields where values match default value;
*) webfig - more space to branding logo;
*) webfig - redesign logical "not" operator selector;
*) webfig - remove duplicate flag labels in QuickSet tables;
*) webfig - show system note on login;
*) webfig - use lexicographical sort in dropdown lists;
*) wifi - added tr069 support for wifi interfaces;
*) wifi - avoid picking 5GHz channels by default which are unlikely to be supported by clients, can be overridden with channel.deprioritize-unii-3-4;
*) wifi - increased wifi scan list;
*) wifi - restart CAPsMAN only on significant configuration changes;
*) wifi-qcom - accept VLAN-tagged packets from clients with vlan-id;
*) wifi-qcom - fixed beacon loss issues and improved stability for IPQ-6018;
*) wifi-qcom - improved regulatory compliance;
*) winbox - added "Digest Algorithm" under "System/Certificates" menu (additional fixes);
*) winbox - added "Note" field in LTE Firmware Upgrade;
*) winbox - added "Reselect Time" for wifi;
*) winbox - added Address List Extra Time under "IP/DNS" menu;
*) winbox - added EAP identity under "WiFi/Registration" menu;
*) winbox - added Heartbeat under "Bridge/MLAG" menu;
*) winbox - added Installation under "WiFi" menu;
*) winbox - added missing Comments under "User Manager" menus;
*) winbox - added missing properties to "Container" menu and improved field ordering;
*) winbox - added missing WPA2 PSK SHA2 option under "WiFi/Security" menu;
*) winbox - added MPLS Mangle;
*) winbox - added option to create new entries under "System/Users/SSH Keys" menu;
*) winbox - allow to specify CAPsMAN Address as IPv6 LL;
*) winbox - bump minimal WinBox version to 3.42;
*) winbox - correctly unset Locked CAPsMAN field;
*) winbox - differentiate PPP Profile Rx/Tx Queue settings;
*) winbox - display errors from the "Files/Sync" menu;
*) winbox - fixed "Last Topology Change" for bridge port monitor;
*) winbox - fixed container RAM parameter type;
*) winbox - fixed crash when opening entry in switch rule menu (introduced in v7.20beta2);
*) winbox - fixed missing warning under "Routing/BGP/Instances" menu;
*) winbox - fixed Record Type field under "Tools/Netwatch" menu;
*) winbox - improved byte type field representation;
*) winbox - make IPv6 Immediate Gateway read-only;
*) winbox - make log message field as multiline;
*) winbox - move CAPsMAN settings button from Remote CAP to WiFi table;
*) winbox - removed duplicate mounts option;
*) winbox - rename Ping Timeout field to Interval;
*) winbox - rename SMS Type field to Modem Type;
*) winbox - rework LTE firmware upgrade buttons into one window;
*) winbox - show "Switch" related menus only on boards that support such features;
*) winbox - show/hide corresponding fields when switching RADIUS client mode between RadSec and UDP;
*) winbox - use same WireGuard default values as in console;
*) wireless - changed CLI snooper column name "freq" to "channel";