Software Update: RouterOS 7.5

MikroTik has released version 7.5 of RouterOS. RouterOS is an operating system that focuses on running router tasks. Consider, of course, the routing of network traffic, but also bandwidth management, a firewall, the control of wireless access points, a hotspot gateway and a VPN server. It can be done on the hardware of MikroTik when running on x86 or virtual machines. For use is a license required, which is included with the purchase of MikroTik hardware. The changelog for this release can be found below.

What’s new in 7.5:

• bgp – fixed remote refuse capability options, max prefix limit errors and administrative stop
• bgp – improved stability when “default-originate” is configured
• bridge – fixed “new-priority” value validation for NAT rules
• capsman – added randomized range option for “reselect-interval” parameter (CLI only)
• certificate – fixed handling of empty AKID by SCEP client
• console – fixed automatic command completion with keypress
• container – added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated)
• defconf – fixed loading of default configuration on RB4011 with WifiWave2 package enabled
• dhcpv4-server – fixed removal of dynamic leases when server is removed
• dhcpv6-client – moved invalid lifetime logging message from “debug” to “error” topic
• dhcpv6-client – use /128 prefix for IA_NA addresses
• dhcpv6 relay – fixed relay forwarding (introduced in v7.1.5)
• dhcpv6 server – improved stability when acquiring binding
• dns – added “address-list” parameter for static DNS entries (CLI only)
• dns – added “match-subdomain” option for static entries (CLI only)
• firewall – added support for RTSP helper
• health – fixed “temperature” and “power-consumption” readings on RB1100x4
• health – improved voltage reading on CRS112-8P-4S
• health – renamed “cpu-temperature” to “switch-temperature” on CRS312-4C+8XG, CRS326-24S+2Q+, CRS354-48P-4S+2Q+, CRS354-48G-4S+2Q+, CRS504-4XQ-IN, CRS518 -16XS-2XQ
• hostpot – fixed Walled Garden functionality for HTTPS sites
• hotspot – automatically reject all HTTPS requests passing through HotSpot server for unauthorized users
• hotspot – improved stability when receiving bogus packets
• hotspot – limit maximum allowed connections based on free RAM resources
• hotspot – removed “https-redirect” option
• ike2 – allow sending certificate chain as initiator
• interface – fixed default interface naming on RB1100x2
• l3hw – fixed HW offloaded NAT
• leds – fixed default LED configuration for RBwsAP-5Hac2nD
• leds – fixed wireless LED functionality on LHGG
• lora – do not ignore negative sign for spoofed GPS coordinates
• lte – added at-chat and NMEA port support for Simcom modems, USB composition (device id – 0x9003)
• lte – added at-chat support for Simcom modems, USB composition (device id – 0x9005)
• lte – added “SIM not inserted” and “SIM failure” messages to “status” and “monitor” commands for AT modems
• lte – changed cell ID info display to short format for 3G connections
• lte – disallow empty APN name only for default entry
• lte – fixed AT channel for Sierra Wireless modems with device ID 0x9091
• lte – fixed LTE interface presence for Telit LN940
• lte – fixed UDP performance on MMIPS devices
• lte – improved antenna scan for Chateau devices with switchable antennas
• lte – improved configuration export when multiple LTE interfaces are present
• lte – modem dialer, do not reset dialing sequence if modem reply with error to user set init-string
• netinstall – fixed Netinstall procedure for ARM devices
• netwatch – automatically start migrated probes from previous RouterOS versions
• netwatch – changed ICMP default packet loss fail threshold to 85%
• ntp – fixed NTP server when “use-local-clock” is used
• ospf – fixed handling of external forwarding address
• ospf – improved stability when interface is being disabled during database exchange
• ovpn – fixed encryption key renewal process which caused periodic session disconnects
• ovpn – improved system stability when hardware acceleration is used on ARM64 devices
• ovpn – moved disconnected user logging message from “debug” to “info” topic
• ping – improved service stability
• port – added support for D-Link DWM-222 in serial/PPP mode (device id – 0xac01/0x7e3d)
• port – added support for Huawei/ZTE K5006z in serial/PPP mode (device id – 0x1017/0x1018)
• ppp – improved service stability under high load
• ppp – use /32 as default netmask if not specified for “routes” parameter
• ptp – improved system stability on CRS devices
• quickset – removed PPTP and SSTP server addition for “VPN” checkbox
• rb5009 – fixed ether1 status reporting after system reboot
• route-filter – fixed “delete bgp-communities” command
• routerboard – added “reset-button” script feature for TILE devices
• sfp – fixed “eeprom” reading on single SFP port ARM devices
• sfp – fixed QSFP+ and QSFP28 interface disable when using breakout cable
• sfp – fixed unresponsive “sfp1” interface after disabling “ether1” on NetMetal devices
• sfp – improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+
• sfp – improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518
• snmp – fixed usage of VRF after system startup
• socks – fixed “dst-port” usage when checking access list
• ssh – added AES support for PEM decryption
• ssh – fixed importing of public keys
• ssh – fixed minor typo issue when importing public key
• sstp – fixed client stuck in “nonce matching” state
• switch – fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3)
• switch – removed limit for number of hardware-offloaded bonding interfaces
• swos – enabled SwitchOS support for CRS310-1G-5S-4S+
• swos – fixed SwOS upgrade procedure on CRS305-1G-4S+
• traceroute – added “do-not-fragment” parameter support (CLI only)
• traceroute – increased packet size limit to 65535
• vrrp – added “sync-connection-tracking” compatibility with preemption-mode
• vrrp – fixed high CPU usage when “sync-connection-tracking=yes” and the backup router goes offline
• vrrp – fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup
• vrrp – fixed initial connection tracking synchronization, a backup router now always receives all existing connections
• vrrp – improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with “sync-connection-tracking=yes”
• webfig – allow to specify NTP server as domain name
• webfig – fixed displaying of grahs in status pages
• webfig – fixed floating point field’s negative value in -0.*** format
• wifiwave2 – added “sae-pwe” parameter with hash-to-element mechanism for SAE PWE derivation
• wifiwave2 – added support for 802.11k
• wifiwave2 – disable wireless interface after wireless configuration reset
• wifiwave2 – fixed display of AKM in scan results
• wifiwave2 – fixed duplicated AKM in RSN message
• wifiwave2 – fixed group key update for client devices which connect via fast BSS transition
• wifiwave2 – fixed incorrect AKM usage for FT-WPA3-EAP-192
• wifiwave2 – fixed reassociation response sending for fast transition over DS
• wifiwave2 – fixed setting of “ft-nas-identifier” parameter
• wifiwave2 – fixed usage of Canada country setting on US locked devices
• wifiwave2 – improved default channel width selection for interfaces in station mode
• winbox – do not show previously attached LTE interfaces while establishing LTE connection
• winbox – enabled all filters by default under “Tools/Torch” menu
• winbox – fixed “Enable”, “Disable” and “Comment” functions for L2TP-ether type interfaces
• winbox – fixed “Next Run” parameter displaying under “System/Scheduler” menu
• winbox – fixed “Type” and “Value” field displaying under “System/Health” sub-menus
• winbox – show warning messages for BGP connection entries
• wireless – fixed interface initialization on x86 devices
• x86 – allow downgrading to RouterOS v6 only if it was previously installed
• x86 – fixed advertising of 2500M and 5000M link speeds on ixgbe driver