Community discussions

MikroTik App
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: v5rc6 released

Tue Dec 28, 2010 4:52 pm

We have reproduced the problem with SSTP. We are looking for the fix.
 
sobrado
newbie
Posts: 25
Joined: Sun Dec 26, 2010 3:56 pm

Re: v5rc6 released

Tue Dec 28, 2010 5:02 pm

I've downgraded from v5rc6 to v4.16 and now I get this error when ssh-ing into the system: " Protocol major versions differ: 2 vs. 1 "/ I also noticed that when the system first boots after the downgrade, it only generates an RSA key. After a clean v4.16 install, everything works fine.
ROS 4.16 supports both protocol 1 and protocol 2. Its ssh daemon is based on an ancient OpenSSH release (2.3.0); ROS 5.0rc6 supports protocol 2 only so it seems based on, at least, OpenSSH 5.4. In fact, we decided disabling legacy protocol 1 by default on march's release after a transition period of ten years. Support for protocol 1 has not been removed from OpenSSH's source code, only disabled by default in the configuration files.

Protocol 1 supports RSA keys only, protocol 2 added support for DSA keys.

Edit: see http://www.openssh.org/txt/release-5.4
 
sobrado
newbie
Posts: 25
Joined: Sun Dec 26, 2010 3:56 pm

Re: v5rc6 released

Tue Dec 28, 2010 6:15 pm

I don't know if it's a bug or I need to configure something, but when I try to execute a script over ssh that is ~850 lines long in v5rc6, I get the message "Write failed: broken pipe". The script is with customer firewall and queue rules. The same script had no problem on v4.13 and if I shorten it to just a few customers (3 out of all 70) it works fine. (didn't try to see how many would work)
Any ideeas?
"Write failed: Broken pipe" means that packet_write_poll() cannot write some of the output on a socket because there is no process to read the data on the other side. I would suggest (1) trying another sftp client, and (2) to make sure this is not a ROS-specific problem transferring a file to a BSD or Linux system running OpenSSH 5.4 up to 5.6 (as you noted, this problem does not happen with SSH service on 4.13).

Edit: obviously (2) should be done using the sftp client that is unable to transfer the file to 5.0rc6.
 
tudorik
just joined
Posts: 4
Joined: Fri Dec 24, 2010 10:46 pm

Re: v5rc6 released

Tue Dec 28, 2010 9:41 pm

I'm using OpenSSH v5.6p1 on Gentoo (latest available) and just running commands over ssh to an x86 RouterOS box (about 800 at once...).
I think it's the v5 ssh implementation (as there are no problems in v4) and it will be fixed in rc7 according to this (very prompt :) ) answer:
Hello,

OK, we will increase the maximum length.

Regards,
Normunds
 
Beccara
Long time Member
Long time Member
Posts: 606
Joined: Fri Apr 08, 2005 3:13 am

Re: v5rc6 released

Wed Dec 29, 2010 4:59 am

SSTP is still new and really does nothing new compared with L2TP and PPTP etc.

Wow. You might wanna watch what you say when comparing L2TP/PPTP to an actual secure VPN solution..
My post was about work arounds, SSTP offers nothing other than being simple, if you need secure stable VPN right now work around it, 5.0 is not for production deployment!
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: v5rc6 released

Wed Dec 29, 2010 5:31 pm

SSTP is still new and really does nothing new compared with L2TP and PPTP etc.

Wow. You might wanna watch what you say when comparing L2TP/PPTP to an actual secure VPN solution..
My post was about work arounds, SSTP offers nothing other than being simple, if you need secure stable VPN right now work around it, 5.0 is not for production deployment!

Cant. OpenVPN is for crap (The MT config anyways) in larger VPNs.

FWIW, 5.0rc5 has been serving me pretty well w/ 150+ SSTP connections. I just cant run SSTP on my RB1000 or the memory leak problem is too great. Have to use 2x RB450gs behind the RB1000 to slow the memory leak enough to keep em running. Client-side, 5.0rc5 (For my needs at least) is flawless except for the ssh hangup.

I think MTs biggest problem is lack of focus. They dont focus on one thing, finish it, and move on to the next. They finish something 90%, then start new projects and end up with 12 things at 92% completion all the while, people are trying to use said features.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v5rc6 released

Thu Dec 30, 2010 7:40 am

SSH stuff is fixed in rc7, try it please
 
JustinTx
just joined
Posts: 13
Joined: Tue Jun 15, 2010 11:53 am

Re: v5rc6 released

Thu Dec 30, 2010 9:44 am

Save your efforts. The User Manager RC5 and RC6 is not working at all. Don't you read the posts here?
I just noticed a post about that a little before mine, so it's likely I was in the middle of my post and started on something when that got posted.

Who is online

Users browsing this forum: Amazon [Bot], vladimirb and 68 guests