Mikrotik

hello, I have a same setup for (at least) 3 years now: Mikrotik hAP ac lite Android Mi A2 and then I enable USB tethering on the phone. For some reason now on phone USB tethering is disabled (grayed out).

Additional notes and what I tried:

• USB cable is good, if I connect to PC “tethering” is enabled
• during previous working time and now I lend MT to I friend and he updated it to v7
• before that I also made a backup of my setup
• FWs I tried (nothing works)
  • v6
  • v7
  • v7 beta
• On phone a see that last update was in 2021 and there is no other updates
• also phone was completely restarted/formated

Any ideas what else I could try or how can I debug

I have just ordered a CCR2004-1G-2XS-PCIe to be used as the firewall of a single server (and its IPMI) that's going to end up in a data center for colocation. I would appreciate a sanity check and perhaps some hints as I haven't had any prior experience with mikrotik and, of course, no experience at all with such a wild thing as a computer in a computer over pcie.

My plan is to manage the router over ssh over the internet with certificates and then open the api / web-configurator / perhaps windows-thinyg only on localhost. Moreover, I was planning to use it as an ssh proxy for managing the server as well as accessing the server IPMI.

I intend to use the pcie-connection for the communication between the server and the router and just connect the IPMI and either physical port.

I have a (hopefully compatible) RJ45 1.25 G transceiver. Since the transceiver is a potential point of failure and loosing IPMI is worse than loosing the only online connection, I guess it makes more sense to connect to the data center via the RJ45-port and the server IPMI via the transceiver. (The data center connection is gigabit copper.) Makes sense? Or is there something about the RJ45-port that should be considered?

I plan to manually forward ports to the server as needed. I do not intend to use the router as some sort of reverse proxy, the server will deal with that.

Moreover, I want to do a site2site wireguard vpn-connection to my homelab to also enable me to manage the router and server without the ssh-jump.

Are there any obstacles I am overlooking or is this plan sound? Is there something more to consider or does anyone have any further suggestions or a better idea?

Release 7.14 2024-02-29

What's new in 7.14 (2024-Feb-29 09:10):

!) rose-storage - moved SMB service to the RouterOS bundle;
!) smb - removed legacy SMB service (replaced with newer and faster ROSE SMB service, compatible with SMB 2.1, SMB 3.0 and SMB 3.1.1);
*) 6to4 - make "ipsec-secret" sensitive parameter;
*) api - improved REST API stability when processing invalid requests;
*) api - properly return SNMP OIDs when requested;
*) arm - improved system stability when using microSD on RB1100Dx4;
*) arp - added ARP status;
*) bgp - allow to leak routes between local VRFs;
*) bridge - added MLAG support for MSTP bridges;
*) bridge - avoid per-VLAN host flushing on HW offloaded bridge;
*) bridge - fixed auto "path-cost" for bonding interfaces (introduced in v7.13);
*) bridge - fixed MLAG connection after peer-link flap (introduced in v7.13);
*) bridge - fixed packet forwarding after changing HW offloaded bridge interface settings in certain cases (introduced in v7.13);
*) bridge - improved bridge VLAN configuration validation;
*) bridge - improved configuration speed on large VLAN setups;
*) bridge - improved protocol-mode MSTP functionality;
*) bridge - improved protocol-mode STP and RSTP functionality;
*) bridge - make "point-to-point=yes" default value for non-wireless bridge ports;
*) bridge - removed "mst-config-digest" from MSTI menu;
*) bridge - try to set wireless bridge ports as edge ports automatically;
*) bth - added simple "Back To Home Users" manager under IP/Cloud menu;
*) calea - improved system stability when adding bridge rule without "calea" package installed;
*) certificate - improved certificate validation performance;
*) console - added ":tolf" and ":tocrlf" commands for converting line break to/from LF or CRLF;
*) console - added "show-at-cli-login" option to display a note before telnet login;
*) console - added missing "where" clause for "/ipv6/firewall/filter" table print command;
*) console - do not accept negative or too large values for ":delay" command;
*) console - do not allow to use out-of-range values for time type fields;
*) console - fix configuration export when user does not have a "sniff" policy;
*) console - fixed delayed output from ":grep" command in certain cases;
*) console - fixed incorrect behavior of ":onerror" command in certain cases;
*) console - hint on reset command help that ".rsc file" is required for "run-after-reset" parameter;
*) console - improved editor functionality in full screen mode;
*) console - improved stability when using autocomplete with "export";
*) console - increased maximum file content length that can be managed through command line to 60 KB;
*) console - updated copyright notice;
*) container - improved VETH interface management responsiveness and reliability;
*) container - restrict "/container/shell" menu for users without "write" permissions;
*) defconf - added log about configuration reset due to pressed reset button;
*) defconf - fixed Audience scanning-for-wps-ap timeout;
*) defconf - fixed configuration script on KNOT devices if "ppp-out" interface is removed;
*) defconf - fixed firewall rule for IPv6 UDP traceroute;
*) defconf - fixed wifi configuration if interface MAC address is changed;
*) defconf - improved wifi interface detection after upgrade;
*) defconf - increased LTE interface wait time;
*) defconf - updated health settings on configuration revert;
*) defconf - use "fq_codel" queue as default interface queue for wired ports on LTE devices;
*) dhcpv6-client - install dynamic IPv6 blackhole routes in corresponding routing-table;
*) dhcpv6-client - updated error logging when multiple prefixes received on renew;
*) disk - added exFAT and NTFS mount/read/write support;
*) disk - added global disk "settings" menu;
*) disk - fixed changing settings on some GPT formatted disks;
*) disk - properly unmount disk when it is disconnected;
*) dns - do not add new entries to cache if "cache-size" is reached;
*) dns - fixed domain name lookup resolving for internal services;
*) ethernet - fixed issue with default interface names for CRS310-8G+2S+ in rare cases;
*) ethernet - improved cable-test reliability for hAP ax3 PoE out port;
*) ethernet - resolved minor memory leak while processing packets;
*) fetch - added "head" option for "http-method";
*) fetch - added "patch" option for "http-method";
*) fetch - allow specifying link-local address in FTP mode;
*) fetch - allow to use certificate and check-certificate parameters only in HTTPS mode;
*) fetch - do not require "content-length" for HTTP (introduced in v7.13);
*) fetch - fixed DNS resolving when domain has only AAAA entries (introduced in v7.13);
*) fetch - fixed fetch execution when unexpected data is received in HTTP payload;
*) fetch - fixed fetch when using "src-path" with HTTP/HTTPS modes (introduced in v7.13);
*) fetch - fixed fetch when using "src-path" with SFTP mode (introduced in v7.13);
*) fetch - fixed incorrect "src-path" error message when "upload=yes";
*) fetch - fixed IPv4 address logging (introduced in v7.13);
*) fetch - improved fetch stability in SFTP mode;
*) fetch - improved file download stability with HTTP/HTTPS modes;
*) fetch - less verbose logging;
*) fetch - print all "Set-Cookies" headers in response;
*) fetch - treat any 2xx HTTP return code as success (introduced in v7.13);
*) filesystem - improved filesystem integrity for several RB3011 units with automatic firmware upgrade;
*) firewall - added "creation-time" parameter for IPv6 address list entries;
*) firewall - fixed underlying CAPsMAN tunnel reusing packet marks of encapsulated packets;
*) firewall - fixed underlying VXLAN/EoIP tunnel reusing packet marks of encapsulated packets;
*) firewall - increased default "udp-timeout" value from 10s to 30s;
*) health - added limited manual control over fans for CCR1016r2, CCR1036r2 devices;
*) health - changed default "fan-min-speed-percent" from 0% to 12%;
*) health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
*) health - show voltage when powering KNOT R through Micro-USB;
*) health - updated health properties for CCR1016r2, CCR1036r2 devices;
*) iot - added bluetooth whitelist wildcard asterisk support;
*) iot - added LoRa CUPs protocol support;
*) iot - fixed modbus partial frame reception issue;
*) iot - improved LoRa LNS;
*) iot - improved modbus Tx/Rx switching behaviour;
*) iot - improvements to GPIO behavior on boot;
*) iot - improvements to LoRa CUPS;
*) iot - removed bluetooth whitelist maximum entry limit of 8;
*) ipv6 - made "valid" and "lifetime" parameters dynamic for SLAAC IPv6 addresses;
*) isis - show passive interface active levels;
*) l3hw - fixed IPv6 host offloading in certain cases;
*) l3hw - fixed neighbor offloading after link flap;
*) l3hw - preserve offloading for VLANs when bridge ports are down;
*) leds - added "dark-mode" functionality for hAP ax3 and Chateau ax series devices;
*) leds - do not show LTE connection state/mode using RGB power LED from configless LTE modems;
*) leds - fixed "type=on" LED behaviour after reboot;
*) leds - fixed default LTE LED configuration for wAPR-2nD;
*) leds - fixed modem LED indication for SXT LTE 3-7;
*) leds - fixed wireless type of LED triggers for routers using WiFi package;
*) lte - added "at-chat" support for Sierra Wireless EM9293 5G modem;
*) lte - added AT channel support for Quectel EM120K-GL modem;
*) lte - added redial timer when the MBIM modem fails to register or does not receive APN activation notification;
*) lte - don't duplicate primary band in 5G SA mode for chateau 5G;
*) lte - fixed "use-peer-dns" setting for EC200A modem;
*) lte - fixed an issue for EC200A modem that IPv6 address could be added as IPv4 address;
*) lte - fixed APN authentication for FG621-EA modem;
*) lte - fixed MBIM interface enabling for Quectel EC25 modem (introduced in v7.13);
*) lte - fixed Simcom modem support in 0x9000; 0x9002, 0x9002; 0x901a and 0x901b USB compositions;
*) lte - fixed Simcom modem support in 0x9001 USB composition;
*) lte - fixed support for config-less modem detection (introduced in v7.13);
*) lte - fixed USB mode switch and initialization race condition for configless USB modems;
*) lte - improved FG621-EA modem firmware upgrade;
*) lte - improved modem recovery after failed IPv4 configuration;
*) lte - improved support for "ACER" and "MSFT" branded EM12-G modems;
*) lte - optimized "at-chat" response reading;
*) lte - refactored AT command control for AT modems;
*) modem - fixed SMS removal (introduced in v7.13);
*) modem - improved stability when performing modem FOTA upgrade;
*) mpls - fixed VPN fragmentation when forwarding IP traffic;
*) netinstall-cli - check package and device architecture before formatting;
*) ovpn - added support for pushing routes;
*) ovpn - improved "push-routes" option handling when large amount of routes is specified;
*) ovpn - improved key-renegotiation process;
*) ovpn - improved OVPN configuration file import process;
*) ovpn - improved system stability when using HW encryption on ARM64 devices (introduced in v7.13);
*) ovpn - limit the maximum length for "push-routes" up to 1400 characters;
*) package - added "size" property;
*) package - reduced "wireless" package size for ARM, ARM64, MIPSBE, MMIPS devices;
*) package - reduced package size for SMIPS;
*) poe-out - driver optimization for AF/AT controlled boards;
*) poe-out - fixed "power-cycle" for CRS354-48P-4S+2Q+ device (introduced in v7.13);
*) poe-out - improved 802.3at classification and measurement accuracy;
*) poe-out - improved cable test for hAP ac3 and hAP ax3 devices;
*) poe-out - improved PoE out reliability on routers with a single PoE out interface;
*) port - fixed support for USB/serial adapters (introduced in v7.13);
*) port - removed bogus serial port on RB750Gr3, RB760iGS and RBM11G devices;
*) ppp - added support for "WISPr-Session-Terminate-Time" RADIUS attribute;
*) ppp - log an error when IPv6 DHCP pool is exhausted;
*) ptp - added "aes67" and "smpte" profiles;
*) ptp - added configurable "domain" and "priority2" parameters;
*) ptp - added support for Management message forwarding in BC;
*) ptp - fixed "default" and "g8275.1" profiles go into "slave" instead of "uncalibrated" state;
*) ptp - fixed default values for "802.1as" profile;
*) ptp - fixed flags in Announce message;
*) ptp - fixed potential error in packet exchange;
*) ptp - make clock go into grandmaster state if slave port goes down;
*) qos-hw - fixed "tx-queue7-packet" counter;
*) route - fixed gateways of locally imported vpnv4 routes;
*) route - improved route print "count-only" process speed;
*) route - improved stability on route table lookup;
*) route-filter - added option to set "isis-ext-metric";
*) route-filter - fixed AS path matchers when input and output chains are used;
*) routerboard - added "reset-button" support for RBwAPR-2nD device;
*) sfp - added support for modules requiring single byte I2C read transactions;
*) sfp - fixed corrupted Tx traffic at 10Gbps rate on CCR2004-16G-2S+ in rare cases;
*) sfp - fixed corrupted Tx traffic at 10Gbps rate on RB4011 in rare cases;
*) sfp - improve high-power SFP module initialization;
*) sfp - improved combo-sfp handling for CRS328-4C-20S-4S+;
*) sfp - improved link establishment for RB4011 devices;
*) smb - added option to specify SMB service mode as "auto";
*) sms - fixed SMS inbox for FG621-EA modem (introduced in v7.13);
*) sms - fixed SMS sending from WinBox and WebFig (introduced in v7.13);
*) sms - improved system stability when working with SMS;
*) sms - increased SMS read timeout;
*) snmp - added "bgpLocalAs" and "bgpIdentifier" OID reporting;
*) snmp - fixed "bgpPeerFsmEstablishedTime" OID reporting;
*) snmp - hide "MikroTik" in LLDP MIB when branding with hide SNMP option is used;
*) snmp - updated timeout log;
*) ssh - improved SSH performance on ARM, MIPS, MMIPS, SMIPS and TILE devices;
*) ssh - refactored SSH service internal processes;
*) sstp - added support for "aes256-gcm-sha384" encryption;
*) sstp - improved system stability for PPC devices;
*) supout - added PTP section;
*) switch - fixed Ethernet disable/enable for CRS310-8G+2S+ devices;
*) switch - fixed reserved multicast receive on Atheros-8327, QCA8337 switches for R/STP bridge;
*) switch - improved 100G interface stability for 98DX4310 and 98DX8525 switches;
*) switch - minimise potential packet overflows on CRS354;
*) system - changed build time format according to ISO standard;
*) system - expose "lo" and "vrf" interfaces;
*) system - fixed "cpu-frequency" for CRS3xx ARM devices;
*) system - improved memory allocation for ARM64 devices;
*) system - improved RAM allocation for L009UiGS-RM;
*) system - improved system stability when processing packets in FastPath (introduced in v7.13);
*) system - properly assign destination port for HTTP/S connections initiated by the router (introduced in v7.13);
*) system - properly close HTTP/S connections initiated by the router;
*) system - provide more precise "total-memory" value for ARM devices;
*) system - provide more precise "total-memory" value under "System/Resources" menu for L009 and hAP ax lite routers;
*) tftp - improved invalid request processing;
*) timezone - updated timezone information from "tzdata2023d" release;
*) tr069 - don't duplicate cellular info in "X_MIKROTIK_5G" nodes when connected in NR SA mode;
*) tr069 - fixed bandwidth test;
*) tr069-client - show 5G signal info in X_MIKROTIK_5G nodes only for 5G NSA bands;
*) traffic-flow - use 64bit counters for v9 and IPFIX flows;
*) traffic-generator - improved system stability when receiving bogus traffic;
*) usb - show "Supermicro CDC" adapter as Ethernet interface;
*) vlan - fixed non-running VLAN interface after failed MTU change;
*) vrf - prevent VRF interface name collision with interface lists;
*) vxlan - fixed underlying tunnel reusing routing marks of encapsulated packets;
*) webfig - fixed routing table filter under "IP/Routes" menu;
*) webfig - fixed setting the user's password;
*) webfig - fixed showing WireGuard peers;
*) webfig - improved stability when adding new entries under "IP/Routes" menu;
*) wifi - added "station-pseudobridge" interface mode;
*) wifi - fixed issue with setting country profile (introduced in v7.13.1);
*) wifi - improved handling of CAP connections in dual CAPsMAN scenario;
*) wifi - increased value for SAE retransmit period to 3s to improve WPA3 compatibility with IoT client devices;
*) wifi - use "Latvia" as the default value for "country" property;
*) wifi - use correct CAP identity for interface name provisioning after it has been changed by remote-cap/set-identity;
*) wifi-qcom - enable display of regulatory information on L11,L22 devices;
*) wifi-qcom - fixed new connections, when maximum supported number of MAC addresses behind connected station-bridges is reached;
*) wifi-qcom - improve system stability for L11, L22 devices;
*) wifi-qcom - improved memory allocating process;
*) wifi-qcom - improved regulatory compliance for L11, L22 devices;
*) wifi-qcom - improved system stability when using FastPath (introduced in v7.13);
*) winbox - added "accept-protocol-version" parameter to the L2TP server settings;
*) winbox - added "mode-button" and "switch" menus for L41G-2axD&FG621-EA;
*) winbox - added "Name" parameter under "Tools/Netwatch" menu;
*) winbox - added "page-refresh" setting to the Graphing settings;
*) winbox - added "Port Cost Mode" setting under "Bridge" menu;
*) winbox - added "VRF" parameter under "Tools/Ping" menu;
*) winbox - added "x25519" argument for "DH Group" parameter under "IP/IPsec/Profiles" menu;
*) winbox - added missing "Protocol" arguments under "IPv6/Firewall" menu;
*) winbox - added missing monitoring properties under "WireGuard/Peers" menu;
*) winbox - added Preboot Etherboot settings to the System/RouterBOARD/Settings menu;
*) winbox - do not show USB settings for CRS devices that does not need it;
*) winbox - fixed "Bridge Cost" range under "Interfaces/VPLS" menu;
*) winbox - fixed "Password" button under "Quick Set" menu;
*) winbox - improved connection speed and reliability;
*) winbox - improved route table automatic refresh process for static routes;
*) winbox - improved status values under "System/PTP" menu;
*) winbox - improved system stability with large packets;
*) winbox - include "te-tunnel" parameter in VPLS interface monitor;
*) winbox - properly validate "passthrough-subnet-size" in the LTE APN settings;
*) winbox - remove "Root Bridge ID" property under "Bridge/MSTIs" menu;
*) winbox - removed "sfp all" option from combo port settings;
*) winbox - renamed "Wireless Table" menu to "Wifi";
*) winbox - show "routing-table" column under IP/Route menu by default;
*) winbox - show all columns under "Routing/PIM SM/Static RP" menu by default;
*) wireguard - do not allow to use multiple WireGuard interfaces on the same "listen-port";
*) wireguard - optimised and improved WireGuard service logging;
*) x86 - fixed VLAN tagged packet transmit for igb (introduced in v7.12);

Notice - Starting from RouterOS version 7.13, significant changes have been made to the RouterOS wireless packages. This is done due to a new product development which will require more disk space for hardware drivers so we had to split it in order to maintain old products alongside the new ones. More wireless packages are yet to come.

1. When upgrading by using "check-for-updates", all versions earlier than 7.12 will display 7.12 as the latest available version. Upgrade from v7.12 to v7.13 or later versions must be done through 7.12 in order to convert wireless packages automatically. Fresh installation with Netinstall or manual package installation works in the same manner as always.

2. Drivers for older wireless and 60GHz interfaces, as well as the wireless management system CAPsMAN, are now part of a separate "wireless" package instead of being a part of the bundle package. This package can be uninstalled if not needed.

3. The existing "wifiwave2" package has been divided into distinct packages: "wifi-qcom" and "wifi-qcom-ac", and the necessary utilities for WiFi management are now included in the RouterOS bundle. RouterOS and "wifi-qcom-ac" packages alongside each other now fit into 16MB flash memory.

What's new in 7.13.5 (2024-Feb-16 19:35):

*) bridge - fixed MLAG connection after peer-link flap (introduced in v7.13);
*) bridge - fixed packet forwarding after changing HW offloaded bridge interface settings in certain cases (introduced in v7.13);
*) dns - do not close connection with DoH server after query execution (introduced in v7.13.3);
*) leds - fixed modem signal strength for RBSXTR&R11e-LTE (introduced in v7.13);
*) sms - increased SMS read timeout;
*) wifi-qcom - improved memory allocating process;
*) wifi-qcom - improved regulatory compliance for L11, L22 devices;
*) wifi-qcom - improved system stability for L11, L22 devices;

2024-02-07

Notice - Starting from RouterOS version 7.13, significant changes have been made to the RouterOS wireless packages. This is done due to a new product development which will require more disk space for hardware drivers so we had to split it in order to maintain old products alongside the new ones. More wireless packages are yet to come.

1. When upgrading by using "check-for-updates", all versions earlier than 7.12 will display 7.12 as the latest available version. Upgrade from v7.12 to v7.13 or later versions must be done through 7.12 in order to convert wireless packages automatically. Fresh installation with Netinstall or manual package installation works in the same manner as always.

2. Drivers for older wireless and 60GHz interfaces, as well as the wireless management system CAPsMAN, are now part of a separate "wireless" package instead of being a part of the bundle package. This package can be uninstalled if not needed.

3. The existing "wifiwave2" package has been divided into distinct packages: "wifi-qcom" and "wifi-qcom-ac", and the necessary utilities for WiFi management are now included in the RouterOS bundle. RouterOS and "wifi-qcom-ac" packages alongside each other now fit into 16MB flash memory.

What's new in 7.13.4 (2024-Feb-07 11:59):

*) bridge - avoid per-VLAN host flushing on HW offloaded bridge (introduced in v7.13);
*) defconf - fixed firewall rule for IPv6 UDP traceroute;
*) leds - fixed modem LED indication for SXT LTE 3-7 (introduced in v7.13);
*) lte - fixed Simcom modem support in 0x9000; 0x9002, 0x9002; 0x901a and 0x901b USB compositions (introduced in v7.13);
*) ovpn - improved system stability when using HW encryption on ARM64 devices (introduced in v7.13);
*) route-filter - fixed AS path matchers when input and output chains are used;

I noticed that occasionally the Bridge Port doesn't show up under Webfig > IP > DHCP Server > Leases. If I ping the IP from either the router or from a device on the same network, it repopulates the Bridge Port.

For 192.168.88.248, it looks something like this:

Then when I ping it, it'll correctly show ether5. Why is the behavior like this? Is there something that I can change (a timeout maybe?) so it always populates this column?

Release 7.13.3 2024-01-25

Notice - Starting from RouterOS version 7.13, significant changes have been made to the RouterOS wireless packages. This is done due to a new product development which will require more disk space for hardware drivers so we had to split it in order to maintain old products alongside the new ones. More wireless packages are yet to come.

1. When upgrading by using "check-for-updates", all versions earlier than 7.12 will display 7.12 as the latest available version. Upgrade from v7.12 to v7.13 or later versions must be done through 7.12 in order to convert wireless packages automatically. Fresh installation with Netinstall or manual package installation works in the same manner as always.

2. Drivers for older wireless and 60GHz interfaces, as well as the wireless management system CAPsMAN, are now part of a separate "wireless" package instead of being a part of the bundle package. This package can be uninstalled if not needed.

3. The existing "wifiwave2" package has been divided into distinct packages: "wifi-qcom" and "wifi-qcom-ac", and the necessary utilities for WiFi management are now included in the RouterOS bundle. RouterOS and "wifi-qcom-ac" packages alongside each other now fit into 16MB flash memory.

What's new in 7.13.3 (2024-Jan-24 15:16):

*) dns - fixed DNS service crash when DoH used (introduced in v7.13.1);
*) fetch - fixed fetch when using "src-path" with SFTP mode (introduced in v7.13);
*) fetch - less verbose logging (introduced in v7.13);
*) health - show voltage when powering KNOT R through Micro-USB;
*) lte - fixed Simcom modem support in 0x9001 USB composition;
*) lte - improved SIM PIN unlock event handling for MBIM FG621-EA;
*) poe-out - fixed "power-cycle" for CRS354-48P-4S+2Q+ device (introduced in v7.13);
*) poe-out - improved PoE out reliability on routers with a single PoE out interface;
*) sms - fixed SMS inbox for FG621-EA modem (introduced in v7.13);
*) sms - fixed SMS sending from WinBox and WebFig (introduced in v7.13);
*) sms - improved system stability when working with SMS (introduced in v7.13);
*) system - properly close HTTP/S connections initiated by the router;
*) tftp - improved invalid request processing;
*) wifi-qcom - improved system stability when using FastPath (introduced in v7.13);

Notice - Starting from RouterOS version 7.13, significant changes have been made to the RouterOS wireless packages. This is done due to a new product development which will require more disk space for hardware drivers so we had to split it in order to maintain old products alongside the new ones. More wireless packages are yet to come.

1. When upgrading by using "check-for-updates", all versions earlier than 7.12 will display 7.12 as the latest available version. Upgrade from v7.12 to v7.13 or later versions must be done through 7.12 in order to convert wireless packages automatically. Fresh installation with Netinstall or manual package installation works in the same manner as always.

2. Drivers for older wireless and 60GHz interfaces, as well as the wireless management system CAPsMAN, are now part of a separate "wireless" package instead of being a part of the bundle package. This package can be uninstalled if not needed.

3. The existing "wifiwave2" package has been divided into distinct packages: "wifi-qcom" and "wifi-qcom-ac", and the necessary utilities for WiFi management are now included in the RouterOS bundle. RouterOS and "wifi-qcom-ac" packages alongside each other now fit into 16MB flash memory.

What's new in 7.13.1 (2024-Jan-05 15:51):

*) bridge - fixed auto "path-cost" for bonding interfaces (introduced in v7.13);
*) console - updated copyright notice;
*) dns - fixed domain name lookup resolving for internal services;
*) fetch - do not require "content-length" for HTTP (introduced in v7.13);
*) fetch - fixed DNS resolving when domain has only AAAA entries (introduced in v7.13);
*) fetch - fixed fetch when using "src-path" with HTTP/HTTPS modes (introduced in v7.13);
*) fetch - fixed IPv4 address logging (introduced in v7.13);
*) fetch - improved file download stability with HTTP/HTTPS modes;
*) leds - do not show LTE connection state/mode using RGB power LED from configless LTE modems (introduced in v7.13);
*) leds - fixed wireless type of LED triggers for routers using WiFi package (introduced in v7.13);
*) lte - fixed support for config-less modem detection (introduced in v7.13);
*) lte - fixed USB mode switch and initialization race condition for configless USB modems;
*) modem - fixed SMS removal (introduced in v7.13);
*) port - fixed support for USB/serial adapters (introduced in v7.13);
*) switch - improved 100G interface stability for 98DX4310 and 98DX8525 switches;
*) switch - minimise potential packet overflows on CRS354;
*) system - improved system stability when processing packets in FastPath (introduced in v7.13);
*) timezone - updated timezone information from "tzdata2023d" release;
*) tr069 - fixed bandwidth test;
*) wifi - use "Latvia" as default value for "country" property;
*) winbox - renamed "Wireless Table" menu to "Wifi";

My home network is firewalled and reasonably secure (all permanent devices and IOT devices have MAC addresses tracked and registered) but I’d like to improve it even more:

• Home devices (servers, printers, laptops, etc) with registered MAC addresses which can’t be accessed from my registered IOT devices or from unregistered guest devices.

• QOS rules for all guest devices.

Using a HEX to run the network with unifi AP hardware.

Release 7.13 2023-12-15

Notice - Starting from RouterOS version 7.13, significant changes have been made to the RouterOS wireless packages. This is done due to a new product developemnt which will require more disk space for hardware drivers so we had to split it in order to maintain old products alongside the new ones. More wireless packages are yet to come.

1. When upgrading by using "check-for-updates", all versions earlier than 7.12 will display 7.12 as the latest available version. Upgrade from v7.12 to v7.13 or later versions must be done through 7.12 in order to convert wireless packages automatically. Fresh installation with Netinstall or manual package installation works in the same manner as always.

2. Drivers for older wireless and 60GHz interfaces, as well as the wireless management system CAPsMAN, are now part of a separate "wireless" package instead of being a part of the bundle package. This package can be uninstalled if not needed.

3. The existing "wifiwave2" package has been divided into distinct packages: "wifi-qcom" and "wifi-qcom-ac", and the necessary utilities for WiFi management are now included in the RouterOS bundle. RouterOS and "wifi-qcom-ac" packages alongside each other now fit into 16MB flash memory.

What's new in 7.13 (2023-Dec-14 09:24):

!) package - convert "wireless" and "wifi" packages automatically, if upgrading from v7.12;
!) wifi - split existing "wifiwave2" package into separate packages "wifi-qcom", "wifi-qcom-ac", and include required utilities for WiFi management into bundle;
!) wireless - separate "wireless" package from bundle and build as a standalone package;
*) bridge - added automatic "path-cost" values depending on interface rate;
*) bridge - added bridge interface property "port-cost-mode" with "short" and "long" arguments;
*) bridge - fixed bogus VLAN entries from wifi when vlan-filtering is not enabled;
*) bridge - improved HW offload enable;
*) bridge - improved host flush when removing VLAN on HW offloaded bridge;
*) bth - added "VPN Prefer Relay Code" option;
*) bth - improved automatic firewall rule generation process;
*) certificate - add support for multiple DNS names for Let's Encrypt;
*) certificate - added HTTP redirect support for CRL download;
*) certificate - added support for certificates with key size 16384;
*) certificate - fixed CRL updating;
*) certificate - fixed certificate auto renewal via SCEP when certificate contains "subject-alt-name";
*) certificate - improved CRL signature verification and download error messages;
*) certificate - improved initial certificate creation using SCEP;
*) certificate - use error topic for CRL update failures;
*) cloud - improved re-connect speed after network related connection errors;
*) console - added ":grep" command;
*) console - added ":onerror" command;
*) console - added ":serialize" and ":deserialize" commands for converting values to/from JSON;
*) console - added "interface" name when printing "interface/pppoe-server" entries;
*) console - added "read" command under "file" menu;
*) console - added "where" functionality for "export" command;
*) console - added flags to "print" command with "value-list";
*) console - added interface helper for "gateway" property under "ip/route" menu;
*) console - added unset option for "ssid-regex" and "allow-signal-out-of-range" properties under "interface/wifi/access-list" menu;
*) console - clear console history when resetting configuration;
*) console - disallow setting existing "name" under "system/script" and "system/scheduler" menus;
*) console - fixed "export" boolean arguments when saving output to file using API;
*) console - fixed "interface/ethernet/switch/port-isolation" export;
*) console - fixed "on-event" argument highlighting under "system/scheduler" menu;
*) console - fixed graphic distortions in WinBox;
*) console - fixed issue where API incorrectly asks for missing arguments;
*) console - fixed printing to file using API;
*) console - ignore negative values for ":delay" command;
*) console - improved flag printing in certain menus;
*) console - improved stability when running "tool/ping" from API;
*) console - removed "route-cache" setting from "ip/settings" menu;
*) console - replace reserved characters in file and script names with underscores;
*) console - resolve "wifiwave2" directory to "wifi";
*) console - show "l2vpn-link" address family under "routing/route" menu;
*) console - use more compact login screen for empty branding;
*) defconf - expire password when reverting configuration;
*) defconf - fixed bogus wifi password on certain Audience devices;
*) defconf - fixed configuration for Audience with "wifi-qcom-ac" package;
*) defconf - fixed wireless band and channel-width selection (introduced in v7.12);
*) defconf - hide default configuration for users without "sensitive" policy;
*) defconf - improved wifi interface detection after upgrade;
*) defconf - updated configuration with new "wifi" directory;
*) defconf - use "WISP Bridge" default configuration mode for RBGrooveGA-52HPacn device;
*) defconf - use "fan-min-speed-percent=25" for CRS354-48P-4S+2Q+ device;
*) defconf - use device factory preset credentials when using CAPs mode;
*) defconf - use one SSID and enable FT when using "wifi" packages;
*) disk - fixed hang on reboot when network file systems mounted;
*) ethernet - improved packet CPU core classifier for Alpine CPUs for non IPv4/IPv6 traffic;
*) ethernet - improved system stability for L009 and hAP ax lite devices;
*) fetch - added "http-auth-scheme" parameter, allows to select HTTP basic or digest authentication;
*) fetch - added "http-content-encoding" setting;
*) fetch - added raw logging;
*) fetch - allow to receive HTTP response headers;
*) fetch - require "ftp" user policy;
*) firewall - added "nat-pmp" support;
*) firewall - added new IPv6 filter arguments "icmp-err-src-routing-header" and "icmp-headers-too-long" for "reject-with" setting;
*) firewall - do not mark all IPv6 GRE packets as invalid;
*) firewall - fixed IPv6 address-list timeout;
*) firewall - fixed altered address-list when upgrading from RouterOS v6;
*) firewall - fixed connections being tracked when tracking is disabled;
*) firewall - removed "prohibited" and "unreachable" IPv4 address-type arguments;
*) ftp - improved upload and download speeds;
*) health - dynamically add and remove invalid sensors (e.g. sfp-temperature);
*) hotspot - fixed incorrect host moving to VLAN 0 when receiving packets through bridge;
*) ike2 - fixed ike2 double reply;
*) iot - fixed incorrect LoRa ACK packet handling during downlink messaging (introduced in v7.12);
*) ipv6 - do not send out IPv6 RA deprecate message for re-used prefix;
*) isis - added IS-IS protocol support (CLI only);
*) l3hw - fixed routing for IPsec encapsulated packets;
*) leds - fixed LED indication in multi-APN setup for Chateau;
*) leds - improved LED indication during modem registration state for Chateau;
*) log - added "fetch" topic;
*) lora - added CUPs protocol support;
*) lora - fixed issue with lost LoRa configuration when rebooting the device;
*) lte - added RNDIS support for neoway N75-EA modem;
*) lte - added support for FOTA firmware upgrade from custom URL for R11eL-FG621-EA;
*) lte - disabled IMS service for Chateau 5G on A1 HR network;
*) lte - fixed rare cases where Chateau 5G in passthrough mode may stop forwarding packets;
*) lte - improved SIM slot status change notification handling for MBIM modems;
*) lte - replaced "passthrough-subnet-selection" with "passthrough-subnet-size" setting (CLI only);
*) lte - show each CA band in a new line;
*) mipsbe - improved system stability when removing USB devices;
*) mmips - properly mount and unmount USB devices;
*) modem - added option to read SMS using MBIM interface;
*) mpls - added "te-tunnel" property for VPLS monitor (CLI only);
*) mpls - fixed IPv6 RSVP-TE;
*) mpls - improved logging;
*) netinstall-cli - added more details to help messages;
*) ospf - fixed LSA Type3 advertisement for OSPFv2;
*) ospf - fixed missing OSPF interface on L2TP interface reconnect;
*) ospf - fixed missing opaque bit in opaque LSA;
*) ovpn - improved memory allocation during key-renegotiation;
*) ovpn - removed "ping-timer-rem" option from client config file;
*) package - added warning log about missing "wireless" or "wifi" package;
*) pimsm - improved elected BSR change;
*) poe-out - improved firmware upgrade stability for AF/AT controlled boards;
*) ppc - fixed RouterOS bootup (introduced in v7.12);
*) ppp - added remote-ipv6-prefix to IPv6 firewall address-list if "address-list" property is provided;
*) ppp - allow at-chat and info commands in "waiting for packets" state for modems with shared data/info channel;
*) ppp - improved IPv6 link-local address uniqueness;
*) pppoe-server - fixed connection count limit per license level;
*) profiler - improved "disk" and "supout.rif" classifiers;
*) qos-hw - added initial congestion avoidance support for 98DX224S, 98DX226S, and 98DX3236 switch chips (CLI only);
*) qsfp - added support for QSFP-to-SFP adapters;
*) qsfp - fixed supported rates for breakout cables (introduced in v7.12);
*) quickset - show DDNS name as VPN address for devices with new style serial number;
*) route-filter - improved performance;
*) sfp - added "1G-baseT" link mode for modules that supports "2.5G-baseT" mode;
*) sfp - allow 2.5G rates only in forced link mode;
*) sfp - fixed link establishment with S+DA0001 DAC cables;
*) sfp - ignore irrelevant extended compliance code for SFP modules;
*) sfp - improved SFP interface handling for 98DX224S, 98DX226S, 98DX3236, 98DX8208, and 98DX8216 switch chips;
*) sfp - improved link establishment for SFP copper modules;
*) sfp - improved link establishment with certain modules for hEX S device;
*) sfp - show 10M and 100M supported rates for RJ45 copper modules;
*) ssh - added cipher and hash function acceleration for ARM64 and x86 architectures;
*) ssh - fix error that caused large chunks of text not being pasted in their entirety into console;
*) supout - added VXLAN FDB section;
*) supout - added multiple WiFi sections;
*) switch - fixed service VLAN tagged IP multicast packets for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - added "rtrace" debugging tool (CLI only);
*) system - improved incoming and outgoing TCP connection performance;
*) system - improved internal process communication performance;
*) traffic-generator - improved system stability when modifying interfaces;
*) usb - added support for RTL8152 USB ethernet on ARM, ARM64 and x86;
*) vpls - improved performance when decapsulating data;
*) vrf - fixed ICMP reply lookup;
*) webfig - allow to display comments in multiline or compact modes;
*) webfig - make table headers always visible;
*) webfig - use local storage for user preferences;
*) wifi - added "flat-snoop" tool for surveying WiFi APs and stations (CLI only);
*) wifi - added "radio-mac" variable for "name-format" provisioning setting;
*) wifi - added "remove" command in "capsman/remote-cap" menu;
*) wifi - after radar detections, avoid selection of channels not permitted by the user;
*) wifi - changed CAPsMAN generated certificate common name;
*) wifi - create first interface without number when using "name-format" provisioning setting;
*) wifi - enable protected interworking ANQP responses;
*) wifi - fixed EAP authentication failures when the Session-Timout RADIUS attribute is defined;
*) wifi - fixed occasional failures to start on 20/40mhz-eC channels for 2.4GHz 802.11ax interfaces;
*) wifi - fixed overridden datapath settings on CAP when unsetting from CAPsMAN;
*) wifi - improved CAPsMAN stability during provisioning;
*) wifi - make slave APs use datapath bridge settings inherited from master by default;
*) wifi - removed "openflow-switch" setting;
*) wifi-qcom - added fast-path for received packets;
*) winbox - added "Hw. Offload" property under "IP/Firewall/Filter" menu;
*) winbox - added "Ping" button under "IP/DHCP Server/Leases" menu;
*) winbox - added "Tx bps" and "Rx bps" monitor values under "WiFi/Registration" menu;
*) winbox - added "none" argument for "Preshared Key" under "WireGuard/Peers" menu;
*) winbox - added icon to entries under "WiFi/Access List" menu;
*) winbox - added missing "qos-classifier" argument for "Hw. Caps" under "WiFi/Radios" menu;
*) winbox - added missing arguments for "MAC Format" under "Wireless/Security Profiles/RADIUS" menu;
*) winbox - allow opening entries under "WiFi/Registration" menu;
*) winbox - fixed default "Name Format" property under "WiFi/Provisioning" menu;
*) winbox - fixed minor typo under "Routing/BFD" menu;
*) winbox - improved connection speed;
*) winbox - updated "wireless" and "wifi" menus;
*) wireless - fixed "wlan1" default name for RBSXTsqG-5acD and RBLDFG-5acD;
*) wireless - fixed snooper information gathering from re-assocation requests;
*) wireless - keep configuration after manual package removal;

Annoyingly, the RB5009 doesn't have a voltage regulator on its PoE-out ports. So it outputs ~48V, but other Mikrotik devices that support PoE-in only support ranges like 20-34V.

There is a solution! And I wanted to share it with you guys as my first post :)

48V-to-24V in-line convertor: https://www.aliexpress.com/w/wholesale-poe-Converter-48V-to-24V.html

This will convert the output from the RB5009 to 24V. Tested with PoE-out on RB5009UPr+S+ and PoE-in on CSS106-5G-1S.

The RB5009 is a fantastic device.

Just wondering if this is normal... or is there something I need to be looking at here? These Rx pauses are the result of roughly 48 hours worth of traffic. The device pictured is the CRS317-1G-16S+, and the switch on the other end is a CRS326-24G-2S+. I'm using brand new FS tranceivers and an fs om4 lc to lc fiber patch. I've swapped the tranceivers for 10gtek ones (also brand new), and it didn't make a difference.

When I look at the CSR326-24G, I see very similar numbers except in the tx pauses column... which I think makes sense. I'm just not sure if there is something I should do? Or, could someone help explain what might be causing it? I'm new to 10gb networking and mikrotik as a whole, so I'm just trying to dial things in.

Hasn't been posted yet, so here it is:

What's new in 7.12.1 (2023-Nov-17 13:38):

• defconf - fixed bogus wifi password on certain Audience devices;
• ipv6 - do not send out IPv6 RA deprecate message for re-used prefix;
• ospf - fixed LSA Type3 advertisement for OSPFv2;
• ppc - fixed RouterOS bootup (introduced in v7.12);
• qsfp - fixed supported rates for breakout cables;
• winbox - added missing arguments for "MAC Format" under "Wireless/Security Profiles/RADIUS" menu;

I bought a mAP lite to hook up to my POE security camera (that's DC powered) so I didn't have to run ethernet cable in my attic. I'm configuring the mAP lite with it plugged into my laptop, but I did try it directly connected to my router. I've searched and searched, and I think I've gotten close to how to set it up, but I still need help.

In the web portal I choose the CEP option, join the wifi network, switch to bridge mode, then apply the static IP settings and hit apply. Every time, it changes back to router mode and everything on my network joins the 192.168.88.0/24 network, even though my Mikrotik RB5009UPr+S+in (the POE home lab one) is already set up and running.

I am still using my old TP-link router as an AP until I get around to installing my cAP ax, so I know I need to use the psuedo station option for now.

Any help on getting this set up would be great.

This a colllection of videos that explores a variety of topics around creating scripts for the Mikrotik platform. It includes step-by-step lessions and tutorials showing you how to create your own MikroTik scripts.

The videos presented provide a hands-on, learn-by-example approach rather than being formal-training style presentations. They dip in to various scripting topics as we meet them using real-world scripting examples.

Up until version 6.49.8 (July 20, 2023), MikroTik RouterOS Long-term was vulnerable to CVE-2023-30799. Remote and authenticated attackers can use the vulnerability to get a root shell on the router.

• certificate - allow to import certificate with DNS name constraint
• certificate - require CRL presence when using "crl-use=yes" setting;
• conntrack - fixed "active-ipv4" property;
• console - added ":convert" command;
• dhcp-server - fixed setting "bootp-lease-time=lease-time";
• ike2 - log "reply ignored" as non-debug log message;
• modem - added initial support for BG77 modem DFOTA firmware update;
• modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
• ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
• ovpn - improved key renegotiation process;
• ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
• routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
• ssh - fixed private key import (introduced in v7.9);
• user - added "sensitive" policy requirement for SSH key and certificate export;
• webfig - fixed gray-out italic font for entries after enable

MikroTik RouterOS comes with a default firewall configuration designed to provide basic network security. As a new user, comprehending these default firewall rules is essential to evaluate the initial level of protection for your network. In this technical guide, we will break down the default firewall rules and teach you how to interpret them to ensure your network's security is optimized.

Accessing the Firewall Configuration

To access the firewall configuration in MikroTik RouterOS, follow these steps:

Step 1: Log in to the MikroTik RouterOS Web Interface or connect via the Terminal (SSH or Telnet).

Step 2: Access the firewall settings by entering the following command in the terminal:

Interpreting Default Firewall Rules

By executing the above command, you will see a list of rules with columns representing essential parameters. Here's how to interpret the default firewall rules:

Column Headers:

• CHAIN: Specifies the traffic direction the rule applies to (input, forward, or output).
• SRC-ADDRESS: Defines the source IP address or IP range the rule affects.
• DST-ADDRESS: Indicates the destination IP address or IP range the rule applies to.
• PROTOCOL: Specifies the protocol (e.g., TCP, UDP) or all for any protocol.
• ACTION: Determines what action the rule takes (accept, drop, reject, etc.).
• COMMENT: Provides a description or comment for the rule (optional).

Default Input Chain Rule

The default rule in the input chain ensures the router itself is protected. It allows established connections (marked as "ESTABLISHED") to be accepted, so responses to outgoing traffic are allowed. It also permits related connections (marked as "RELATED"), enabling protocols like FTP to function correctly. Finally, the rule drops all incoming traffic with an invalid state.

Example Default Input Chain Rule:

0   ;;; defconf: drop all not coming from LAN
    chain=input action=drop in-interface=!yourLANinterface connection-state=new

Default Forward Chain Rule

The default rule in the forward chain controls traffic traversing between different networks. It accepts established and related connections (similar to the input chain) while blocking any new connections from external sources to the router.

Example Default Forward Chain Rule:

0   ;;; defconf: drop all from WAN not DSTNATed
    chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=!yourWANinterface

Default Output Chain Rule

The default rule in the output chain allows all outgoing traffic from the router to external destinations.

Example Default Output Chain Rule:

0   ;;; defconf: accept all from LAN
    chain=output action=accept out-interface=!yourLANinterface

Enhancing Firewall Rules

To enhance your network security, consider adding custom rules. For example, you can create rules to block specific incoming traffic, allow access to specific services, or implement Layer 7 protocol filtering.

Understanding the default firewall rules in MikroTik RouterOS is crucial to assess the initial level of network security. By interpreting the rules provided in the default configuration, you can evaluate and enhance your network's protection as per your specific requirements. Take advantage of custom firewall rules, connection tracking, and Layer 7 protocol filtering to strengthen your network's defenses and ensure a secure and robust network environment.

Is it now possible to deploy containers in mipsbe arch?

While RouterOS is pretty complete, sometimes a few handy scripts can be useful to configure certain things on your firewall / router. The linked repository holds a number of scripts to manage RouterOS devices or extend their functionality.

Find and remove access list duplicates
Upload backup to Mikrotik cloud
Send backup via e-mail
Save configuration to fallback partition
Upload backup to server
Download packages for CAP upgrade from CAPsMAN
Run rolling CAP upgrades from CAPsMAN
Renew locally issued certificates
Renew certificates and notify on expiration
Notify about health state
Notify on LTE firmware upgrade
Notify on RouterOS update
Collect MAC addresses in wireless access list
Use wireless network with daily psk
Comment DHCP leases with info from access list
Create DNS records for DHCP leases
Automatically upgrade firmware and reboot
Download, import and update firewall address-lists
Wait for global functions und modules
Send GPS position to server
Use WPA2 network with hotspot credentials
Create DNS records for IPSec peers
Update configuration on IPv6 prefix change
Manage IP addresses with bridge status
Run other scripts on DHCP lease
Manage LEDs dark mode
Forward log messages via notification
Mode button with multiple presses
Manage DNS and DoH servers from netwatch
Notify on host up and down
Visualize OSPF state via LEDs
Manage system update
Run scripts on ppp connection
Act on received SMS
Forward received SMS
Play Super Mario theme
Chat with your router and send commands via Telegram bot
Install LTE firmware upgrade
Update GRE configuration with dynamic addresses
Update tunnelbroker configuration

The scripts come highly recommended

What's new in 7.11beta5 (2023-Jul-17 10:07):

Changes in this release:

*) bridge - added warning when VLAN interface list contains ports that are not bridged; *) bth - added "Back To Home" VPN service for 802.11ax devices with wifiwave2 package; *) console - fixed incorrect date when printing "value-list" with multiple entries; *) console - improved stability when using fullscreen editor; *) container - added IPv6 support for VETH interface; *) container - adjust the ownership of volume mounts that fall outside the container's UID range; *) hotspot - allow number as a first symbol in the Hotspot server DNS name; *) lora - added uplink message filtering option using NetID or JoinEUI; *) qos-hw - keep VLAN priority in packets that are sent from CPU; *) resource - fixed erroneous CPU usage values; *) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9) *) webfig - fixed "Connect To" configuration changes for L2TP client; *) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect; *) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2); *) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);

Other changes since v7.10:

*) api - disallow executing commands without required parameters; *) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only); *) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only); *) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads; *) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement; *) bridge - added more STP-related logging; *) bridge - fixed MSTP BPDU aging; *) bridge - fixed MSTP synchronization after link down; *) bridge - prevent bridging the VLAN interface created on the same bridge; *) certificate - fixed PEM import; *) certificate - restored RSA with SHA512 support; *) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z); *) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2); *) console - fixed minor typos; *) console - fixed missing "parent" for script jobs (introduced in v7.9); *) console - fixed missing return value for ping command in certain cases; *) console - fixed printing interval when resizing terminal; *) console - improved flag printing in certain menus; *) console - improved stability and responsiveness; *) console - improved timeout for certain commands and menus; *) console - improved VPLS "cisco-id" argument validation; *) container - added option to use overlayfs layers; *) container - fixed duplicate image name; *) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8); *) dns - improved system stability when processing static DNS entries with specified address-list; *) ethernet - improved interface stability for CRS312 device; *) fetch - improved timeout detection; *) firewall - added warning when PCC divider argument is smaller than remainder; *) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets; *) graphing - added paging support; *) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices; *) health - fixed configuration export for "/system/health/settings" menu; *) ike2 - improved system stability when closing phase1; *) ike2 - improved system stability when making configuration changes on active setup; *) ipsec - improved IKE2 rekey process; *) ipsec - properly check ph2 approval validity when using IKE1 exchange mode; *) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties; *) l3hw - fixed /32 and /128 route offloading after nexthop change; *) l3hw - fixed incorrect source MAC usage for offloaded bonding interface; *) l3hw - improved system responsiveness during partial offloading; *) l3hw - improved system stability during IPv6 route offloading; *) l3hw - improved system stability; *) led - fixed manually configured user LED for RB2011; *) leds - blink red system-led when LTE is not connected to the network on D53 devices; *) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices; *) lora - added new EUI field; *) lora - moved LoRa service to IoT package; *) lora - properly apply configuration changes when multiple LoRa cards are used; *) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards; *) lte - added "at-chat" support for Dell DW5821e-eSIM modem; *) lte - added extended support for Neoway N75 modem; *) lte - fixed Dell DW5221E "at-chat" support; *) lte - fixed NR SINR reporting for Chateau 5G; *) lte - fixed Telit LE910C4 "at-chat" support; *) lte - improved initial interface startup time for SXT LTE 3-7; *) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host; *) mpls - improved MPLS TCP performance; *) mqtt - added more MQTT publish configuration options; *) mqtt - added new MQTT subscribe feature; *) netwatch - added "src-address" property; *) netwatch - changed "thr-tcp-conn-time" argument to time interval; *) ovpn - fixed OVPN server peer-id negotiation; *) ovpn - fixed session-timeout when using UDP mode; *) ovpn - properly close OVPN session on the server when client gets disconnected; *) package - treat disabled packages as enabled during upgrade; *) poe - fixed missing PoE configuration section under specific conditions; *) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive; *) profile - added "container" process classifier; *) profile - properly classify "console" related processes; *) quickset - correctly apply configuration when using "DHCP Server Range" property; *) rose-storage - added "scsi-scan" command (CLI only); *) rose-storage - added disk stats for ramdisks; *) rose-storage - fixed RAID 0 creation; *) rose-storage - limit striped RAID element size to smallest disk size; *) route - added comment for BFD configuration (CLI only); *) route - convert BFD timers from milliseconds to microseconds after upgrade; *) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required); *) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required); *) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required); *) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches; *) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches; *) ssh - fixed user RSA private key import; *) switch - fixed "reset-counters" for "switch-cpu"; *) system - disallow setting a non-existing CPU core number for system IRQ; *) system - increased maximum supported CPU core count to 512 on CHR and x86; *) system - reduced RAM usage for SMIPS devices; *) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices; *) webfig - added option to enable wide view in item list; *) webfig - use router time zone for date and time; *) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only); *) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k); *) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only); *) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only); *) wifiwave2 - enabled PMK caching with EAP authentication types; *) wifiwave2 - fixed "reg-info" information for several countries; *) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases; *) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man"; *) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9); *) wifiwave2 - improved stability when changing interface settings; *) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames; *) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log); *) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia"; *) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association; *) winbox - added missing status values for Ethernet and Cable Test; *) winbox - added warning about non-running probe due to "startup-delay"; *) winbox - fixed "Storm Rate" property under "Switch/Port" menu; *) winbox - fixed BGP affinity display; *) winbox - fixed default "Ingress Filtering" value under "Bridge" menu; *) winbox - improved supout.rif progress display; *) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu; *) wireguard - fixed peer connection using DNS name on IP change; *) wireless - ignore EAPOL Logoff frames; *) x86 - updated e1000 driver;

For those of you who have invested in a MikroTik router, have you also incorporated MikroTik wireless devices into your network setup? What has been your experience with MikroTik wireless products? Are they a good choice in terms of performance, range, and reliability? Or would you advise to look for other vendors?

What made you choose MikroTik over other networking vendors for your home network setup? Was it performance, affordability, ease of use, or specific features that stood out to you?

I have a 1 Gbps fiber connection and want to maximize its performance, including IPv6 routing. Considering that IPv6 routing is not accelerated on the MikroTik RB750Gr3, should I still expect it to handle the load effectively, or would it be more suitable to explore other router options?