Про истёкший корневой сертификат Let’s Encrypt 30.09.2021 на доходчивом русском языке.
Имеет косвенное отношение к RouterOS, но полезно обратить внимание и вникнуть всем сетевикам:

https://habr.com/ru/post/580092/

Здравствуйте, дорогие подписчики! Тут несколько (не)новостей.
1) Громко падал фейсбук. При падении больно ударился и лежал 6 часов. Его даже болгарками пилили. Подробнее в посте у Эшера: https://t.me/usher2/2159
2) Long-term ветка прошивок обновилась до версии 6.48.5. Теперь 48-ю версию можно и в прод. Ченджлог тут.
3) Обновилась и stable-ветка. Версия 6.49. Ченджлог на 130+ строк. Есть и вкусности, которые завезли из RouterOS 7: можно заставить пользователя сменить пароль,а так же многое другое. В прод пока явно не надо (если только вы не любитель острых ощущений 😊)

What's new in RouterOS 7.1rc5 (2021-Oct-25 20:15):

!) container - package is getting updated and will be made available in future, if interested in container feature please use 7.1rc4;
*) arm64 - fixed "total-sector-writes" resetting on each startup;
*) bgp - fixed IBGP nexthop selection;
*) bgp - fixed binding to IPv6 "link-local" address;
*) bgp - fixed missing default "local-pref" on selection;
*) bgp - fixed stability when appending extended communities;
*) bgp - improved stability and other minor fixes;
*) bonding - added warning when using 802.3ad mode without MII link monitoring;
*) bridge - added HW offload support for vlan-filtering on MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) bridge - fixed incorrect "hw=no" setting after reboot in rare cases;
*) bridge - improved MLAG stability;
*) capsman - do not include "access-list" passphrases in the output of export command by default;
*) certificate - added ability to choose the digest algorithm when generating a certificate;
*) chr - fixed FastPath support for VMXNET3 drivers;
*) dhcpv4 - fixed backslash prefix for packet logging;
*) dhcpv6-client - show correct DUID in print;
*) dhcpv6-server - fixed "address-pool" default value;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) dns - fixed memory leak caused by large DNS replies;
*) gps - fixed built-in GPS functionality for LtAP;
*) health - fixed health value reporting on RB5009;
*) ipsec - enabled hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed hardware acceleration support for CHR;
*) l3hw - fixed MTU on receive;
*) l3hw - fixed source MAC address usage for routed packets;
*) leds - adjust "system-led" color based on cellular connection technology on Chateau devices;
*) leds - fixed LED configuration on RB4011;
*) ltap - improved PCIe card support;
*) lte - added "at-chat" support in MBIM mode for Simcom modems in USB composition mode 9003;
*) lte - improved APN re-connection on non LTE networks;
*) lte - improved modem signal monitoring on Chateau 5G;
*) lte - moved notifications about incorrect responses from modem to 'lte' topic;
*) lte - properly show antenna selection on Chateau devices;
*) lte - request modem to restart registration process if timeout detected;
*) ospf - accept LA prefixes from intra-area router's LSA to the routing table;
*) mpls - added ICMP handler (send ICMP ttl exceed on MPLS ttl expiry);
*) ospf - allow to set IPv6 networks for "interface-template";
*) ospf - disable areas with no interface configuration;
*) ospf - do not allow to set "ptp-unnumbered" on IPv6 interfaces;
*) ospf - do not set empty filter chains when upgrading from v6;
*) ospf - improved stability and other minor fixes;
*) ospf - show interface's hello, re-transmit and dead intervals;
*) package - uninstall "container" package when downgrading to v6;
*) pppoe - fixed DHCPv6 PD;
*) quickset - added 5G signal quality information;
*) quickset - made "Password..." button work in Basic AP mode;
*) route - improved stability and other minor fixes;
*) route-filters - fixed "<=" and ">=";
*) route-filters - fixed "ext-community" problems;
*) route-filters - fixed "num range" matchers;
*) route-filters - fixed "route origin" matcher;
*) route-filters - improved completion;
*) route-filters - improved stability and other minor fixes;
*) rpki - added "rpki-query" command;
*) rpki - other minor fixes;
*) snmp - fixed IPsec-SA stats counter reporting;
*) snmp - fixed bulk get/walk with large neighbor version strings;
*) ssl - added support for additional GCM_SHA384 ciphers;
*) ssl - fixed x509 chain validation;
*) switch - fixed bogus statistics after RTL8367 switch reset;
*) system - improved DHCP and HotSpot service stability when shutting down;
*) system - improved system stability when downgrading to v6 with external disks attached;
*) tr069-client - improved compatibility for 5G;
*) traffic-flow - added systematic count-based packet sampling support;
*) user-manager - fixed "rate-limit-priority" parameter;
*) user-manager - fixed PEAP server authentication for Windows clients;
*) vrf - allow to assign interfaces directly alon

g with interface lists;
*) vxlan - added default L2MTU value for improved connectivity in bridged setups;
*) vxlan - improved speed on MIPSBE devices;
*) wifiwave2 - fixed configuration profile renaming;
*) wifiwave2 - moved RADIUS accounting parameters to a separate configuration profile;
*) winbox - added "netmap" action to IPv6 NAT rules;
*) winbox - added IPv6 support for "Network" parameter under "Routing/OSFP/Interface Templates" menu;
*) winbox - added missing IPv6 mangle actions - "mark-routing", "sniff-tzsp", "sniff-pc", "snpt" and "dnpt";
*) winbox - added option to upgrade LTE firmware;
*) winbox - changed extension channel symbol to lower case for WifiWave2;
*) winbox - do not allow to set "memory-lines" parameter out of bounds under "System/Logging/Action" menu;
*) winbox - fixed "routing-mark" and "routing-table" selection in IPv4 and IPv6 firewall and route rules;
*) winbox - fixed private SSH key import;
*) winbox - made "0" the default value for GPS "init-channel" parameter;
*) winbox - made SSID field collapsible for WifiWave2;
*) winbox - moved "RPKI" tab from "Routing/BGP" to "Routing/RPKI" menu;
*) winbox - moved "Tables" tab from "IP/Route" to "Routing" menu;
*) winbox - moved all interface stats columns to the right;
*) winbox - properly load all backups stored in Cloud;
*) winbox - properly show "value" parameter for FWD type entries;
*) winbox - renamed "Backlight" to "OK" under "LCD/Backlight" menu;
*) winbox - renamed "Dst. Address" to "Route Dst." under "IP/Firewall/Mangle" menu;
*) winbox - replaced "routing-table" with VRF in traceroute;
*) winbox - show "External Antenna" parameter on all Chateau devices;
*) winbox - updated WifiWave2 interface fields and tabs;
*) wireguard - do not consider WireGuard interface as ethernet;
*) wireguard - improved system stability when sending WireGuard packets over EoIP;
*) wireless - adjusted antenna gain on Chateau devices;
*) wireless - improved system stability when changing L2MTU for wireless interfaces;
*) wireless - improved system stability when limiting link throughput via "ap-tx-limit" and "client-tx-limit" parameters;
*) wireless - improved system stability when using nv2 protocol on ipq4019 interfaces;

Что новенького в RouterOS 7.1rc6 (2021-Nov-04 18:20):

*) bgp - fixed connection establishment if peer is in VRF;
*) bgp - fixed interface addition to "link-local" nexthops;
*) capsman - fixed CAP upgrade process when upgrading from RouterOS v6;
*) certificate - improved stability when sending bogus SCEP message;
*) certificate - resolveed issue with public key generation when digest algorithm is unspecified and processing certificate signing requests;
*) l3hw - fixed HW offloading for connected bridge routes;
*) l3hw - fixed source MAC address usage for routed packets for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) lte - added AT chat support for Telit LN960;
*) lte - do not allow to run "scan" and "cell-monitor" commands if SIM is not present;
*) lte - fixed modem port initialization on KNOT;
*) ospf - properly set instance after upgrade from RouterOS v6;
*) route-filters - added "suppress-hw-offload" parameter;
*) route-filters - fixed "as-path" regexp matcher;
*) ssh - made SSH work in VRF's;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) tile - improved system stability when sending EoIP packet over interface that is being disabled;
*) wifiwave2 - fixed assignment of channel profiles to interfaces;
*) wifiwave2 - fixed interface list matching in "access-list";

Внимание, это бродкаст.
Нужна помощь.

У нашего замечательного коллеги Андрея Парамонова (он же boolochka, он же "Шапочки из фольги") сгорел дом.
Вместе с документами, имуществом и деньгами.

Это было единственное жильё ради которого они продали квартиру и переехали всей семьёй буквально месяц назад.
А теперь это горстка пепла и семья с тремя детьми осталась без ничего.

Это... Пиздец.
Я не представляю как такое можно вывозить в одиночку.
Реквизиты для помощи Андрею ниже:

5336 6903 1358 5335 Сбер
5368 2902 3077 1083 ВТБ
5486 7420 5067 9637 Альфа
4476 2461 6196 7233 Райффайзен

Вышла RouterOS 6.49.1

What's new in 6.49.1 (2021-Nov-17 10:06):

MAJOR CHANGES IN v6.49.1:
----------------------
!) device-mode - added feature locking mechanism;
----------------------

Changes in this release:

*) certificate - improved stability when sending bogus SCEP message;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) health - improved temperature reporting;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) leds - fixed LTE LED default mapping for LHGG;
*) lte - improved RSSI reporting on R11e-LTE6;
*) routerboot - enabling "protected-routerboot" feature requires a press of a button;
*) snmp - fixed IPsec-SA byte and packet counter reporting;
*) sstp - fixed client stuck in "nonce matching" state;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) traffic-flow - added systematic count-based packet sampling support;
*) upgrade - added new "upgrade" channel for upgrades between major versions;
*) winbox - added "Modbus" menu support;
*) wireless - added U-NII-2 support for US and Canada country profiles for cAP ac XL and QRT 5 ac;
*) wireless - fixed frequency range information on IPQ4019;

Кто там хотел RouterOS 7 stable?
8 ноября 2021 залита, но не опубликована заводская stable версия 7.0.9.
В продакшн пока еще рано, но для дома / соседей / родителей я думаю уже можно пробовать.
Репортить найденные баги на support@mikrotik.com или через https://help.mikrotik.com/servicedesk/servicedesk

Под все платформы со ссылками на все пакеты тут:
https://www.tarikin.vn/unpublished-routeros-7-0-9-factory-stable-download/

Встречайте нового CCR2116 зверя:
— 16 ядер по 2ггц @ arm64
— 16 gb ram
— 12 x 1gb Ethernet
— 4 x SFP+ 10gbe
— 30 секунд на загрузку BGP full view
— M.2 Слот
— 2 блока питания

https://youtu.be/TVZG7TvUxXY

Вышла RouterOS 7.1rc7. Гоу в прод! 😁

What's new in 7.1rc7 (2021-Nov-25 16:35):

!) device-mode - added feature locking mechanism;
*) arp - limit total ARP table size based on installed RAM size;
*) bgp - fixed "nexthop-choice" selection;
*) bgp - fixed peer handling on point-to-point addresses;
*) bgp - ignore empty filter names on upgrade;
*) bgp - implemented BGP VPN configuration upgrade and other configuration upgrade fixes;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) health - improved temperature reporting;
*) ipsec - fixed hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed software fallback mode for AES-192 on IPQ4018/IPQ4019;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) lte - added "cell-monitor" support for Chateau 5G;
*) lte - improved LTE setting reporting to supout file;
*) ospf - fixed MD5 authentication with large packets;
*) ospf - fixed OSPFv3 interface configuration;
*) ospf - improved DB exchange speeds;
*) ospf - improved stability with large LS update packets;
*) route - fixed "Route Target" byte order;
*) route - fixed unreachable routed networks on VRFs;
*) route - fixed route rule upgrade;
*) route - fixed situation when routes with unequal distances got treated as ECMP routes;
*) route - improvements on VRF isolation;
*) route-filters - added "as-path" regexp testing tool;
*) route-filters - added "as-path-slow-legacy" to support old style "as-path" filtering;
*) route-filters - fixed "as-path" bracket parsing and 4byte ASN usage;
*) routerboard - fixed "mode-button" functionality on devices that have such feature;
*) upgrade - improved major version upgrade process on hAP ac2 and cAP ac;
*) wifiwave2 - fixed enforcement of access list rules which only checks client signal strength for new connections;
*) wifiwave2 - removed non-functioning VLAN configuration parameters from access list;

Ну что, дорогие читатели и почитатели, релиз-то всё ближе! RouterOS 7.1 появилась в testing-ветке, теперь подтверждаются догадки, что 6.50 не будет. Энтузиасты, расчехляйте обновляторы и багрепортеры, сделайте этот мир эту ОСь лучше!
           

What's new in 7.1 (2021-Dec-01 16:07):

MAJOR CHANGES
----------------------
!) updated Linux Kernel based on version 5.6.3;
!) completely new NTP client and server implementation;
!) completely new User Manager implementation;
!) merged individual packages, only bundle and a few extra packages remain;
!) new Command Line Interface (CLI) style (RouterOS v6 commands are still supported);
!) support for Let's Encrypt certificate generation;
!) support for REST API;
!) support for UEFI boot mode on x86;
----------------------

NETWORKING
----------------------
!) CHR FastPath support for "vmxnet3" and "virtio-net" drivers;
!) support for "Cake" and "FQ_Codel" type queues;
!) support for IPv6 NAT;
!) support for Layer 3 hardware acceleration on all CRS3xx devices;
!) support for MBIM driver with basic functionality support for all modems with MBIM mode;
!) support for MLAG on CRS3xx devices;
!) support for VRRP grouping and connection tracking data synchronization between nodes;
!) support for Virtual eXtensible Local Area Network (VXLAN);
----------------------

ROUTING
----------------------
!) completely new BGP implementation with performance improvements;
!) completely new IPv6 stack;
!) completely new MPLS implementation with interface lists, multipath and LDPv6 support;
!) completely new OSPF implementation with performance improvements;
!) completely new routing filtering with script-like rule syntax, RPKI support and large and extended community filtering;
!) support for IPv6 ECMP and VRF (including VRF-lite);
!) support for IPv6 recursive routing and policy routing;
----------------------

VPN
----------------------
!) support for L2TPv3;
!) support for OpenVPN UDP transport protocol;
!) support for WireGuard;
!) support for ZeroTier on ARM and ARM64 devices;
----------------------

WIRELESS
----------------------
!) completely new alternative wireless package "wifiwave2" with 802.11ac Wave2, WPA3 and 802.11w management frame protection support (requires ARM CPU and 256MB RAM);
----------------------

Дождались снегопада ©
RouterOS 7.1 теперь в stable. Где-то вздрогнули несколько продакшнов.

А тем временем как-то незаслуженно незамеченным осталось обновление ветки Long-term. Теперь там 6.48.6.

What's new in 6.48.6 (2021-Dec-03 12:15):

MAJOR CHANGES IN v6.48.6:
----------------------
!) device-mode - added feature locking mechanism;
----------------------

*) certificate - improved stability when sending bogus SCEP message;
*) quickset - use 5GHz interface's country for "Home AP Dual" configuration;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) upgrade - added new "upgrade" channel for upgrades between major versions;
*) winbox - do not allow to add/remove W60G interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for cAP ac XL and QRT 5 ac;

Кучно пошло! Вот и 6.49.2 подвезли. Ченджлог удивительно лаконичен.

What's new in 6.49.2 (2021-Dec-03 14:53):
*) device-mode - improved flagged router configuration detection;

RouterOS 7 официально вышел

https://youtu.be/xRGBbXJc1xA

Добрый вечер, дорогие друзья. RouterOS 7 потихоньку принимает вид полноценной операционной системы. Сегодня завезли два апдейта: stable 7.1.1 и testing 7.2rc1. Обновляться даже с 7.1 советуют в чатике с осторожностью. Проверяйте после обновления, на месте ли фаервол, а то может ждать неприятный сюрприз. Ченджлог 7.1.1 текстом, 7.2rc1 — по ссылке

What's new in 7.1.1 (2021-Dec-21 13:53):

*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) dhcpv4-server - allow adding comments;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed bonding source MAC address;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) ntp - print log change time with time-zone applied;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - improved overall stability;
*) ospf - improves stability when handling looped back OSPF packets;
*) upgrade - improved 404 error handling when checking for new versions;
*) webfig - fixed user policy lookup for skin designer;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;