Community discussions

MikroTik App
 
User avatar
neandero
Member Candidate
Member Candidate
Posts: 243
Joined: Fri Jul 17, 2009 11:43 am
Location: Inside Mind

Re: v6.10 released

Mon Feb 24, 2014 12:10 am

winbox keep disconnecting...
 
dmka
just joined
Posts: 3
Joined: Mon Sep 16, 2013 10:09 pm

Re: v6.10 released

Mon Feb 24, 2014 3:57 am

Vlans over bonding interface are broken (no Rx packets) after upgrade from 6.7 to 6.10. Downgrading the RB951G-2HnD back to 6.7 resolved the issue. Please fix.
 
davestahr
just joined
Posts: 12
Joined: Wed May 04, 2011 3:33 pm

Re: v6.10 released

Mon Feb 24, 2014 3:06 pm

I upgraded an RB1200 (powerpc) from 5.24 to 6.10 yesterday afternoon. The queues were all automatically disabled. I enabled them, to find a big problem. The queues were all appended with an interface value that was making the first queue gobble up every single packet. So, I went through and took the interface out of each target. At that point, they were sitting there enabled, but not collecting any data or slowing anything down. I didn't have time to deal with them, so I disabled them all and hit the sack. This morning, I got up, started enabling the queues one by one, and found that they're now working just fine. Glad it's working, but wanted to share my experience in case anyone else saw something similar.
 
jsparrott
just joined
Posts: 6
Joined: Tue Nov 13, 2007 7:39 pm

Re: v6.10 released

Mon Feb 24, 2014 4:20 pm

Linktech PowerRouter 2200 (x86). Two Ethernet links - Eth2 internal OSPF network, Eth1 external BGP Peering. Running 6.10 10-11 percent packet loss between BGP Peers. Running 5.26 no packet loss. All CPU Cores (4) currently enabled.

Thoughts?
 
skibi82
newbie
Posts: 43
Joined: Fri Mar 22, 2013 7:09 pm

Re: v6.10 released

Mon Feb 24, 2014 5:01 pm

I noticed a serious error in the implementation of IPSEC
The situation as a picture.

In gets called when the unit Mikrotik 2 does not default gw
It is not properly routed traffic through the ipsec policy.
Create two ipsec policy:
1. Prio 9999 trafic from 192.168.1.1 to 192.168.1.0/24 is no encrypted.
2. Prio 5 traffic from 192.168.1.0/24 to 0.0.0.0 / 0 is in tunnel mode
witch esp through the end of 10.2.0.2 - 10.1.0.2

Tunnel compiles correctly but Mikrotik 2 does not direct traffic to it.
If is no set the default route in main table.

On conected computers to the network 192.168.1.0/24 i gets no route to host

as in the case of ping aa.bb.cc.dd src-address = 10.2.0.2

The workaround of problem is to create brg interface with fake 0/0 route
or the addition of any 0/0 by not existing gw.

The assumption Mikrotik 2 should not have a default route.
For Cisco devices, Fortinet, ZyXEL .. there is no such requirement.
You do not have the required permissions to view the files attached to this post.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.10 released

Mon Feb 24, 2014 5:03 pm

Ofcourse it will give error "no route to host" because router does not know how to route the packet.. routing decision happens before ipsec encapsulation. For more details see packet flow diagram.
http://wiki.mikrotik.com/wiki/Manual:Pa ... encryption
 
alexkhokhlov
just joined
Posts: 3
Joined: Mon Feb 24, 2014 6:22 pm

Re: v6.10 released

Mon Feb 24, 2014 6:32 pm

I've upgraded RG951-2HnD to 6.10 today morning. Now it keeps rebooting and beeping.
It goes like this:
1. Power on
2. All lan ports light on and then off
3. Lan 1 starts to flash (connected directly to notebook) and one beep is heard
4. lan 1 for about 10 seconds, but then stops. All man ports are off and not flashing.
5. Goto 2.

I can't install any other routeros version via Netinstall: I see a router, choose package, press install and nothing happens.

Hard reset does not work - everything goes into infinite reboot.

Please help me get the router out of this "brick" mode.
 
skibi82
newbie
Posts: 43
Joined: Fri Mar 22, 2013 7:09 pm

Re: v6.10 released

Mon Feb 24, 2014 8:38 pm

Route table is correct and is not the main table.

Anyhow it indicates a problem.
It is absurd to the implementation of the IPSEC tunnel mode

Why in this case served the ends of the tunnel on the left and right quickly and so the package is not addressed properly.

By the way, I do not know if I understand the diagram, but for me, the diagram shows that it should be able to ping the IP of the router, eg the inside of the IPSEC police as the input and determine the policy is directed to forward?

I beg for the correct diagram for the implementation of IPSEC
I am able to send a bottle of vodka a person who confirms the correctness of the current diagram:

http://wiki.mikrotik.com/images/thumb/3 ... ple_5c.png

Maybe vodke help him understand that the diagram is not correct.
 
User avatar
DogHead
Member Candidate
Member Candidate
Posts: 196
Joined: Thu Jan 03, 2008 9:36 pm
Location: Anywhere you want me to be

Re: v6.10 released

Mon Feb 24, 2014 11:00 pm

There are some very weird things going on in ROS 6.x pertaining to certificate management and VPN in general.

I have an RB433AH that has been running for years and is a gateway for an office. It was originally installed with a 4.x version of ROS and we have upgraded it every time a new release comes out all the way to 6.10. We use it for testing.

It has a CA certificate that was created on a Ubuntu server running OpenSSL/OpenVPN back in Oct 2012. The key for the CA cert is 1024. This same key is used by all of our routers for connectivity to a central VPN server that is used for remote bridge access. On the OVPN Client Dialog in Winbox it says that the link is using blowfish and SHA1. But it really is using AES 128. From terminal it shows unknown, unknown for both. And Winbox says that the CA cert is 2048, while terminal says nothing (key length not listed).

This RB433AH is authenticated and connected to the Ubuntu server using OpenVPN TAP. Everything works fine.

Then we have a new RB2011UiAS which is upgraded to 6.10. Same identical configuration for VPN. However it says blowfish and AES in both Winbox and terminal. And it reports the CA key length of 1024. So it says everything is correct. But it will not connect. In fact I don't even see it trying to connect with packet sniffer.

My question: At what point did certificates work properly? At what point did OpenVPN work properly? I want to move back to a working implementation. Scared to touch the working system at this point.
 
lubor
just joined
Posts: 6
Joined: Thu Sep 12, 2013 11:01 pm

Re: v6.10 released

Tue Feb 25, 2014 3:12 am

Vlans over bonding interface are broken (no Rx packets) after upgrade from 6.7 to 6.10. Downgrading the RB951G-2HnD back to 6.7 resolved the issue. Please fix.
I have same problem on CCR1036.
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v6.10 released

Tue Feb 25, 2014 7:56 am

[Ticket#2014022566000158]
new pppoe BUG introduced with the new pppoe package.

The NASPORT value reported in radius by MT is completely wrong.

In regular package it is the snmp index of the pppoe-client interface
Now it is completely not useful.

We need it to be reported correctly.

regards
Ros
 
User avatar
koshak83
just joined
Posts: 19
Joined: Wed Feb 05, 2014 4:33 pm
Location: Russian Federation, NWFD, Saint-Petersburg Federal City

Re: v6.10 released

Tue Feb 25, 2014 11:03 am

Two wi-fi clients connected to the router now, but I see no data on these connections in this window. RB 951G-2HnD, OS6.10, firmware 3.12
Image
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.10 released

Tue Feb 25, 2014 11:08 am

Two wi-fi clients connected to the router now, but I see no data on these connections in this window. RB 951G-2HnD, OS6.10, firmware 3.12
Image
Clear your browser cache, and if you use it, proxy cache too.
 
User avatar
koshak83
just joined
Posts: 19
Joined: Wed Feb 05, 2014 4:33 pm
Location: Russian Federation, NWFD, Saint-Petersburg Federal City

Re: v6.10 released

Tue Feb 25, 2014 11:25 am

Two wi-fi clients connected to the router now, but I see no data on these connections in this window. RB 951G-2HnD, OS6.10, firmware 3.12
Image
Clear your browser cache, and if you use it, proxy cache too.
After your decision, I see the data just a second, then again is lost. I think this is a problem of Firefox in Ubuntu Linux, in windows 7 & IE all work good. =\
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.10 released

Tue Feb 25, 2014 1:30 pm

(sorry for my bad english)

Hi,
I write here how to get the "kernel failure" on RouterOS 6.10 (happen also on 6.9 on the same way).
I talk about this problem at Italian's M.U.M. with MikroTik Staff.

I'm able to replicate this problem with RB1100AHx2 and M.U.M.'s RB951Ui-2HnD gift :) (really hardware does not matter, invert RB still do same problem)

On the RB1100AHx2 powered by PoE on ether13 (also is a PC connected for netinstall):
update bios with serial port to 3.10 and
after update re-enter the bios and reset all for default options
after reboot re-renter the bios and set "try-ethernet-once-then-nand" for boot.
reboot for netinstall

With NetInstall 6.10:
***NO*** Keep old configuration
select: routeros-powerpc-6.10.npk
and install

after first boot:
disable all packages except for:
routeros-powerpc
ppp
system

and reboot

paste this on RB1100AHx2 terminal
/interface pppoe-server server
add default-profile=default-encryption disabled=no interface=ether1 mrru=1600 service-name=service1
/ppp secret
add local-address=10.0.0.1 name=test password=test profile=default-encryption remote-address=10.0.0.2
/system identity
set name="Test Gateway"
Now the RB951Ui-2HnD powered by PoE on ether1 (also is a PC connected for netinstall):
Open the device with winbox and update bios to 3.12 and reboot,
On winbox select on system/routerboard/settings:
set boot-device=try-ethernet-once-then-nand
reboot for netinstall

With NetInstall 6.10:
***NO*** Keep old configuration
select: routeros-mipsbe-6.10.npk
and install

after first boot:
disable all packages except for:
routeros-powerpc
ppp
system

and reboot

(really the RouterOS version on the client does not matter...)

paste this on RB951Ui-2HnD terminal
/interface pppoe-client
add add-default-route=yes allow=pap,chap,mschap1,mschap2 default-route-distance=1 dial-on-demand=no disabled=no interface=ether2 keepalive-timeout=60 max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out1 password=test profile=default-encryption use-peer-dns=no user=test
/system identity
set name="Test CPE"

Now both RB working and all is ok, but after put a cable from ether1 of RB1100AHx2 and ether2 of RB951Ui-2HnD, after pppoe-client login on pppoe-server
the RB1100AHx2 continuosly reboot (or freeze after some random reboot) with kernel failure (I think on ppp-mppe process).

If you do not use "default-encription" profile on both routerboard, but only "default" profile (so pppoe not encripted) no kernel failure happen, also if you leave bandwidth test for hours.

I hope that I've explained everything well.

Thanks to all.
Last edited by rextended on Wed Feb 26, 2014 8:04 pm, edited 2 times in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.10 released

Tue Feb 25, 2014 2:02 pm

I forget:

On the RB1100AHx2 serial the output are: "PowerPC Book-E Watchdog Exception"
and RB reboot

On the log inside RB after reboot (without cable plugged) at random:
kernel failure
or
routerboard rebooted without proper shutdown

no autosupout.rif generated
Last edited by rextended on Wed Feb 26, 2014 8:04 pm, edited 1 time in total.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.10 released

Tue Feb 25, 2014 3:32 pm

Route table is correct and is not the main table.

Anyhow it indicates a problem.
It is absurd to the implementation of the IPSEC tunnel mode

Why in this case served the ends of the tunnel on the left and right quickly and so the package is not addressed properly.

By the way, I do not know if I understand the diagram, but for me, the diagram shows that it should be able to ping the IP of the router, eg the inside of the IPSEC police as the input and determine the policy is directed to forward?

I beg for the correct diagram for the implementation of IPSEC
I am able to send a bottle of vodka a person who confirms the correctness of the current diagram:

http://wiki.mikrotik.com/images/thumb/3 ... ple_5c.png

Maybe vodke help him understand that the diagram is not correct.

Please look at diagram again

in interface -> prerouting chain -> routing decision (here you need the route to actually forward)-> forward chain -> post routing -> ipsec policy -> ipsec encryption -> local-in process -> routing decision again (now for encrypted packet) -> output chain -> out interface.
 
jandafields
Forum Guru
Forum Guru
Posts: 1515
Joined: Mon Sep 19, 2005 6:12 pm

Re: v6.10 released

Tue Feb 25, 2014 11:38 pm

It looks like 6.11 beta so far doesn't fix any of these issues ... at least according to the changelog :(

What's new in 6.11rc1 (2014-Feb-24 10:54):

*) dhcp - added support for DHCP option 138 - list of CAPWAP IPv4 servers;
*) quickset - added Guest Network setup to Home AP mode;
*) console - no longer required to supply value of '/routing bgp instance vrf'
property 'instance' for 'add' command;

By the way, this was copied from a publically available mikrotik.com page, not the beta website.
 
PashaT
just joined
Posts: 19
Joined: Sat Feb 01, 2014 1:10 am
Location: Zhytomyr, Ukraine

Re: v6.10 released

Wed Feb 26, 2014 1:24 am

MT #1 and #2 - 951G-2HnD 6.10 + 3.12

Link speed/Duplex problems at least with 3 devices.

- Fiber media converter STELS (maybe IC+ 1xx) 100Mbps connected with 1m A-A (direct) cable to MT #1 ether2-master-local with default config.
- HP NC360T PCIe DP Gigabit Server Adapter (Intel) connected with 15m A-B (cross) cable to MT #2 ether2-master-local with default config.
- Realtek 8168 integrated PCIe GBE controller connected with 5m cable to MT #2 ether4-slave-local with default config.

MT #2 (Auto + FD) -> Intel (10 + H) - OK
MT #2 (Auto + FD) -> Intel (10 + FD) - MT status 10H with warning excessive or late collision, link duplex mismatch ?
MT #2 (Auto + H/FD) or (100 + H/FD) -> Intel (100 + H/FD) - MT status 100H, Intel connection status - Not available
MT #2 (Auto + FD) -> D-Link DES-1008 (Gigabit router) -> Intel (100 + H/FD) - OK

MT #2 (Auto + H/FD) -> RTL8168 (Auto) - OK
MT #2 (1000 + H/FD) -> RTL8168 (Auto) - MT status 1000FD, RTL connection status - Not available

MT #1 (Auto + FD) -> STELS (Auto) - FDX led on STELS is ON, SPD - ON (100Mbps Full Duplex)
MT #1 (100 + FD) -> STELS (Auto) - FDX led on STELS is OFF, SPD - ON (100Mbps Half)


And sometimes warnings "excessive or late collision, link duplex mismatch ?" with EN28J60 10Mbps H device.
Last edited by PashaT on Wed Feb 26, 2014 11:19 am, edited 1 time in total.
 
alexkhokhlov
just joined
Posts: 3
Joined: Mon Feb 24, 2014 6:22 pm

Re: v6.10 released

Wed Feb 26, 2014 9:10 am

I can't install any other routeros version via Netinstall: I see a router, choose package, press install and nothing happens.
I've finally managed to flash 6.10 via netinstall. It seems like it does not work right away after booting. It started to work after I plugged out the ethernet cable and put it back. About a minute or so also passed. So, if it does not work with you - wait a minute and try to re-plug the cable.

Also noticed that after my RB951 came back online it was on 3.09 routerboard firmware. I upgraded it to 3.12 afterwards that came with RouterOS 6.10.

Now everything seems to work again.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.10 released

Wed Feb 26, 2014 9:30 am

It looks like 6.11 beta so far doesn't fix any of these issues ... at least according to the changelog :(

What's new in 6.11rc1 (2014-Feb-24 10:54):

*) dhcp - added support for DHCP option 138 - list of CAPWAP IPv4 servers;
*) quickset - added Guest Network setup to Home AP mode;
*) console - no longer required to supply value of '/routing bgp instance vrf'
property 'instance' for 'add' command;

By the way, this was copied from a publically available mikrotik.com page, not the beta website.
where exactly ?
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2096
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v6.10 released

Wed Feb 26, 2014 9:58 am

MT #1 and #2 - 951G-2HnD 6.10 + 3.12

Link speed/Duplex problems at least with 3 devices.

- Fiber media converter STELS (maybe IC+ 1xx) 100Mbps connected with 1m A-A (direct) cable to MT #1 ether2-master-local with default config.
- HP NC360T PCIe DP Gigabit Server Adapter (Intel) connected with 15m A-B (cross) cable to MT #2 ether2-master-local with default config.
- Realtek 8168 integrated PCIe GBE controller connected with 5m cable to MT #2 ether4-slave-local with default config.

MT #2 (Auto + FD) -> Intel (10 + H) - OK
MT #2 (Auto + FD) -> Intel (10 + FD) - MT status 10H with warning excessive or late collision, link duplex mismatch ?
MT #2 (Auto + H/FD) or (100 + H/FD) -> Intel (100 + H/FD) - MT status 100H, Intel connection status - Not available
MT #2 (Auto + FD) -> D-Link DES-1008 (Gigabit router) -> Intel (100 + H/FD) - OK

MT #2 (Auto + H/FD) -> RTL8168 (Auto) - OK
MT #2 (1000 + H/FD) -> RTL8168 (Auto) - MT status 1000FD, RTL connection status - Not available

MT #1 (Auto + FD) -> STELS (Auto) - FDX led on STELS is ON
MT #1 (100 + FD) -> STELS (Auto) - FDX led on STELS is OFF


And sometimes warnings "excessive or late collision, link duplex mismatch ?" with EN28J60 10Mbps H device.
Mikrotik a lot of people including me have been reporting issues like the above recently. Are Mikrotik working actively working to resolve these issues?

How can we help you to fix this ?
 
facetwety
just joined
Posts: 7
Joined: Tue Feb 25, 2014 4:49 pm

bad blocks problem

Wed Feb 26, 2014 10:43 am

after upgrade to ros ver:6.10 bad blocks counter start raising Almost after every reboot by .1%

http://forum.mikrotik.com/viewtopic.php?t=82299
 
morf
Member Candidate
Member Candidate
Posts: 182
Joined: Tue Jun 21, 2011 5:31 pm
Location: Saint-Petersburg

Re: v6.10 released

Wed Feb 26, 2014 10:45 am

to normis:
Now the error occurred in the hotspot. Account in hotspot not authorize because address list were dynamic entry with the IP addresses. Not removed! Why?
It happened so that accounts can not be logged because remained dynamic IP addresses in the address list.
I had to manually delete the dynamic (d) address.
You do not have the required permissions to view the files attached to this post.
 
morf
Member Candidate
Member Candidate
Posts: 182
Joined: Tue Jun 21, 2011 5:31 pm
Location: Saint-Petersburg

Re: v6.10 released

Wed Feb 26, 2014 11:37 am

to normis:
Now the error occurred in the hotspot. Account in hotspot not authorize because address list were dynamic entry with the IP addresses. Not removed! Why?
It happened so that accounts can not be logged because remained dynamic IP addresses in the address list.
I had to manually delete the dynamic (d) address.
You do not have the required permissions to view the files attached to this post.
 
becs
MikroTik Support
MikroTik Support
Posts: 499
Joined: Thu Jul 07, 2011 8:26 am

Re: v6.10 released

Wed Feb 26, 2014 11:47 am

MT #1 and #2 - 951G-2HnD 6.10 + 3.12

Link speed/Duplex problems at least with 3 devices.

- Fiber media converter STELS (maybe IC+ 1xx) 100Mbps connected with 1m A-A (direct) cable to MT #1 ether2-master-local with default config.
- HP NC360T PCIe DP Gigabit Server Adapter (Intel) connected with 15m A-B (cross) cable to MT #2 ether2-master-local with default config.
- Realtek 8168 integrated PCIe GBE controller connected with 5m cable to MT #2 ether4-slave-local with default config.

MT #2 (Auto + FD) -> Intel (10 + H) - OK
MT #2 (Auto + FD) -> Intel (10 + FD) - MT status 10H with warning excessive or late collision, link duplex mismatch ?
MT #2 (Auto + H/FD) or (100 + H/FD) -> Intel (100 + H/FD) - MT status 100H, Intel connection status - Not available
MT #2 (Auto + FD) -> D-Link DES-1008 (Gigabit router) -> Intel (100 + H/FD) - OK

MT #2 (Auto + H/FD) -> RTL8168 (Auto) - OK
MT #2 (1000 + H/FD) -> RTL8168 (Auto) - MT status 1000FD, RTL connection status - Not available

MT #1 (Auto + FD) -> STELS (Auto) - FDX led on STELS is ON, SPD - ON (100Mbps Full Duplex)
MT #1 (100 + FD) -> STELS (Auto) - FDX led on STELS is OFF, SPD - ON (100Mbps Half)


And sometimes warnings "excessive or late collision, link duplex mismatch ?" with EN28J60 10Mbps H device.
In this case results mostly are as they should be.

Autonegotiation on the one end and forced speed on the other end makes duplex mismatch.
And autonegotiation is obligatory for 1000BASE-T gigabit Ethernet over twisted pair.
More info: en.wikipedia.org/wiki/Autonegotiation

Only this setup may be in question:
MT #2 (Auto + H/FD) or (100 + H/FD) -> Intel (100 + H/FD) - MT status 100H, Intel connection status - Not available
 
User avatar
webpagetech
newbie
Posts: 42
Joined: Fri Mar 01, 2013 8:42 pm
Location: TX, United States
Contact:

Re: v6.10 released

Wed Feb 26, 2014 3:58 pm

firewall filter dont check address lists, all rules drop connections with this features.
Works fine for me on v6.10 RB2011UAS-2HnD
 
User avatar
saaremaa
Member Candidate
Member Candidate
Posts: 162
Joined: Tue Feb 02, 2010 7:48 pm
Location: Baltijos šalių miestas

Re: v6.10 released

Wed Feb 26, 2014 6:38 pm

What's New in 6.11 rc1? No description available.
 
jandafields
Forum Guru
Forum Guru
Posts: 1515
Joined: Mon Sep 19, 2005 6:12 pm

Re: v6.10 released

Wed Feb 26, 2014 6:47 pm

What's New in 6.11 rc1? No description available.

Look at my post, about 10 posts up from here. You will see the changelog.
 
littlebill
Member Candidate
Member Candidate
Posts: 234
Joined: Sat Apr 30, 2011 3:11 am

Re: v6.10 released

Wed Feb 26, 2014 10:14 pm

any confirmations that 6.10 fixed all the sstp client issues with win 7 clients, that got broke in 6.8 and 6.9, how about pptp and winbox disconnects?


looking for confirmation. i dropped a production network big time on 6.8, going to cool off for a while
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.10 released

Wed Feb 26, 2014 10:26 pm

any confirmations that 6.10 fixed all the sstp client issues with win 7 clients, that got broke in 6.8 and 6.9, how about pptp and winbox disconnects?


looking for confirmation. i dropped a production network big time on 6.8, going to cool off for a while
The problem is in encryption.
Read my very very detailed and repeatable (with any hardware) post on page 3....

http://forum.mikrotik.com/viewtopic.php ... 64#p411334

Try to use SSTP without encryption on both end.
Just a try...
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2096
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v6.10 released

Wed Feb 26, 2014 11:04 pm

MT #1 and #2 - 951G-2HnD 6.10 + 3.12

Link speed/Duplex problems at least with 3 devices.

- Fiber media converter STELS (maybe IC+ 1xx) 100Mbps connected with 1m A-A (direct) cable to MT #1 ether2-master-local with default config.
- HP NC360T PCIe DP Gigabit Server Adapter (Intel) connected with 15m A-B (cross) cable to MT #2 ether2-master-local with default config.
- Realtek 8168 integrated PCIe GBE controller connected with 5m cable to MT #2 ether4-slave-local with default config.

MT #2 (Auto + FD) -> Intel (10 + H) - OK
MT #2 (Auto + FD) -> Intel (10 + FD) - MT status 10H with warning excessive or late collision, link duplex mismatch ?
MT #2 (Auto + H/FD) or (100 + H/FD) -> Intel (100 + H/FD) - MT status 100H, Intel connection status - Not available
MT #2 (Auto + FD) -> D-Link DES-1008 (Gigabit router) -> Intel (100 + H/FD) - OK

MT #2 (Auto + H/FD) -> RTL8168 (Auto) - OK
MT #2 (1000 + H/FD) -> RTL8168 (Auto) - MT status 1000FD, RTL connection status - Not available

MT #1 (Auto + FD) -> STELS (Auto) - FDX led on STELS is ON, SPD - ON (100Mbps Full Duplex)
MT #1 (100 + FD) -> STELS (Auto) - FDX led on STELS is OFF, SPD - ON (100Mbps Half)


And sometimes warnings "excessive or late collision, link duplex mismatch ?" with EN28J60 10Mbps H device.
In this case results mostly are as they should be.

Autonegotiation on the one end and forced speed on the other end makes duplex mismatch.
And autonegotiation is obligatory for 1000BASE-T gigabit Ethernet over twisted pair.
More info: en.wikipedia.org/wiki/Autonegotiation

Only this setup may be in question:
MT #2 (Auto + H/FD) or (100 + H/FD) -> Intel (100 + H/FD) - MT status 100H, Intel connection status - Not available
This is the configuration that we, and others seem to be having issues with.
 
daggerCVN
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Thu Jan 30, 2014 5:05 pm

Re: v6.10 released

Thu Feb 27, 2014 12:33 am

Deploying RB750GL's on multiple properties. No issues running 6.7 Next property and uploaded first RB750GL fresh out of the box with latest 6.10 and have multiple issues. Random reboots occurring. Applying DHCP Option 60/43 no longer works (devices are receiving DHCP IP assignment but not being passed the Option 43 TLV parameters). Putting a hold on all upgrades to 6.10 and reverting back to 6.7.

Cheers,
David
 
jandafields
Forum Guru
Forum Guru
Posts: 1515
Joined: Mon Sep 19, 2005 6:12 pm

Re: v6.10 released

Thu Feb 27, 2014 2:08 am

any confirmations that 6.10 fixed all the sstp client issues with win 7 clients, that got broke in 6.8 and 6.9, how about pptp and winbox disconnects?


looking for confirmation. i dropped a production network big time on 6.8, going to cool off for a while
The problem is in encryption.
Read my very very detailed and repeatable (with any hardware) post on page 3....

http://forum.mikrotik.com/viewtopic.php ... 64#p411334

Try to use SSTP without encryption on both end.
Just a try...
Yup, SSTP is still confirmed broken in certain scenarios by several people. It should work from mikrotik 6.10 to mikrotik 6.10, but other than that, it could be unstable or not connect at all.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.10 released

Thu Feb 27, 2014 9:32 am

- NTP (from NTP package) client struggles at best, and refuses to synchronize in other cases, to our Windows 7 NTP server after reboots
Try another NTP server, like one from "pool.ntp.org". We had some people in support with similar issues, and they all said that changing the server has fixed the issue.
 
skibi82
newbie
Posts: 43
Joined: Fri Mar 22, 2013 7:09 pm

Re: v6.10 released

Thu Feb 27, 2014 10:35 am

Route table is correct and is not the main table.

Anyhow it indicates a problem.
It is absurd to the implementation of the IPSEC tunnel mode

Why in this case served the ends of the tunnel on the left and right quickly and so the package is not addressed properly.

By the way, I do not know if I understand the diagram, but for me, the diagram shows that it should be able to ping the IP of the router, eg the inside of the IPSEC police as the input and determine the policy is directed to forward?

I beg for the correct diagram for the implementation of IPSEC
I am able to send a bottle of vodka a person who confirms the correctness of the current diagram:

http://wiki.mikrotik.com/images/thumb/3 ... ple_5c.png

Maybe vodke help him understand that the diagram is not correct.

Please look at diagram again

in interface -> prerouting chain -> routing decision (here you need the route to actually forward)-> forward chain -> post routing -> ipsec policy -> ipsec encryption -> local-in process -> routing decision again (now for encrypted packet) -> output chain -> out interface.

ip router has 192.168.xx.1/24 to int4
is a package that goes from the police 192.168.yy.0/24 -> 192.168.xx.1

and according to the diagram instructed to do so:

Input interface -> In Interface Bridge ->Prerouting -> Routing Decision -> Input -> Ipsec Policy -> IPSec Dectyption -> Forward
Fuck and hear he go to forward but the ip is in local IP shud be placed to routing Routing Decision
so the flow shuld be directed to local proces IN

So diaram sucks

Strangely does not filter traffic to the router on a forward only on the input
So please also look at the diagram
Regards
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.10 released

Thu Feb 27, 2014 11:06 am

and according to the diagram instructed to do so:

Input interface -> In Interface Bridge ->Prerouting -> Routing Decision -> Input -> Ipsec Policy -> IPSec Dectyption -> Forward
f**k and hear he go to forward but the ip is in local IP shud be placed to routing Routing Decision
so the flow shuld be directed to local proces IN
Wrong. In case you have correct configuration, the actual flow should look like this:

Input Interface -> Prerouting -> Routing Decision -> Forward -> Postrouting -> IPsec Policy -> IPsec Encryption -> Routing Decision -> Output -> IPsec Policy -> Output Interface.

They seem to have mixed up "IPsec Encryption" and "IPsec Decryption" on the Routing diagram on this page in the wiki. So, the diagram in its current state sucks indeed. :)
 
ste
Forum Guru
Forum Guru
Posts: 1924
Joined: Sun Feb 13, 2005 11:21 pm

Re: v6.10 released

Thu Feb 27, 2014 11:18 am

There is a bug with dhcp-server on vlan. After update from 5.25 to 6.10 some devolo dlan pro modems cant get their IPs. Had to downgrade.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.10 released

Thu Feb 27, 2014 12:35 pm

Please send us supout.rif file from problematic v6.10 installation and steps to repeat the issue. Let's get all these issues fixed. Thank you for all the help.
 
becs
MikroTik Support
MikroTik Support
Posts: 499
Joined: Thu Jul 07, 2011 8:26 am

Re: v6.10 released

Thu Feb 27, 2014 12:51 pm

There is a bug with dhcp-server on vlan. After update from 5.25 to 6.10 some devolo dlan pro modems cant get their IPs. Had to downgrade.
Is it on x86 machine? Please send supout.rif to MikroTik support.
 
morf
Member Candidate
Member Candidate
Posts: 182
Joined: Tue Jun 21, 2011 5:31 pm
Location: Saint-Petersburg

Re: v6.10 released

Thu Feb 27, 2014 1:51 pm

With this Ticket #2014021766000422 we solved the problem with Janis Megis. This tickets are nuances, read my latest post on support@mikrotik.com
Normis, please see this topic - http://forum.mikrotik.com/viewtopic.php?f=2&t=82321
Ticket #2014022666000192
 
ste
Forum Guru
Forum Guru
Posts: 1924
Joined: Sun Feb 13, 2005 11:21 pm

Re: v6.10 released

Thu Feb 27, 2014 2:20 pm

There is a bug with dhcp-server on vlan. After update from 5.25 to 6.10 some devolo dlan pro modems cant get their IPs. Had to downgrade.
Is it on x86 machine? Please send supout.rif to MikroTik support.
No. It's a RB411 in production. Cant play/debug at this site.
 
Malosa
just joined
Posts: 15
Joined: Thu Nov 15, 2012 4:32 pm

Re: v6.10 released

Thu Feb 27, 2014 3:11 pm

A whole forum with thousands of users with Mikrotik routers (different models) are having an issue with the 6.10 version with the IP TV from Movistar Spain (ADSLZone).

Image freezes and sometimes it isn't received.

Back to 6.9 and it perfectly works.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.10 released

Thu Feb 27, 2014 3:22 pm

A whole forum with thousands of users with Mikrotik routers (different models) are having an issue with the 6.10 version with the IP TV from Movistar Spain (ADSLZone).

Image freezes and sometimes it isn't received.

Back to 6.9 and it perfectly works.
which forum is that? more info please. email support
 
skibi82
newbie
Posts: 43
Joined: Fri Mar 22, 2013 7:09 pm

Re: v6.10 released

Thu Feb 27, 2014 3:50 pm

and according to the diagram instructed to do so:

Input interface -> In Interface Bridge ->Prerouting -> Routing Decision -> Input -> Ipsec Policy -> IPSec Dectyption -> Forward
f**k and hear he go to forward but the ip is in local IP shud be placed to routing Routing Decision
so the flow shuld be directed to local proces IN
Wrong. In case you have correct configuration, the actual flow should look like this:

Input Interface -> Prerouting -> Routing Decision -> Forward -> Postrouting -> IPsec Policy -> IPsec Encryption -> Routing Decision -> Output -> IPsec Policy -> Output Interface.

They seem to have mixed up "IPsec Encryption" and "IPsec Decryption" on the Routing diagram on this page in the wiki. So, the diagram in its current state sucks indeed. :)
In the decryption is bad scheme.
Well unless you are on a forward input filtering.
Take a look that speaks of packets addressed to the device and not forward to the network.
The device has its own IP address and the traffic going to the device is INPUT and not FORWARD

As for the fact that encryption is implemented in the routing decision for tunnel mode does not utter. As someone implemented scheme settlement needs in the bathroom style
1 Go to the bathroom
2 Remove the pants
3 Sit on the toilet seat
4 Just get on board
5 Clean ass
6 Pick up the board with a heap
7 Drain
I I see this same logic in my example.
 
josefranco
Frequent Visitor
Frequent Visitor
Posts: 95
Joined: Fri Mar 07, 2008 5:17 pm

Re: v6.10 released

Thu Feb 27, 2014 4:07 pm

[Ticket#2014022566000158]
new pppoe BUG introduced with the new pppoe package.

The NASPORT value reported in radius by MT is completely wrong.

In regular package it is the snmp index of the pppoe-client interface
Now it is completely not useful.

We need it to be reported correctly.

regards
Ros
This is really a BIG problem for us also.. we use the NASPORT value to make a lot of tests using snmp.
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.10 released

Thu Feb 27, 2014 4:11 pm

In the decryption is bad scheme.
Well unless you are on a forward input filtering.
Take a look that speaks of packets addressed to the device and not forward to the network.
The device has its own IP address and the traffic going to the device is INPUT and not FORWARD

As for the fact that encryption is implemented in the routing decision for tunnel mode does not utter.
I do not understand what you are talking about. In your initial post above you were talking about transit (i.e. FORWARD) packet not being forwarded to your IPsec tunnel. Encryption is NOT implemented in Routing Decision block. It's just that the Routing Decision takes place BEFORE IPsec Policy block. If you do not have a corresponding route in your routing table your packet will be dropped in Routing Decision before it even reaches IPsec policy block. It could be fake route or whatever. That's how it works in RouterOS (as well as in Linux, FreeBSD and possibly other places as well). Just take it for granted. The fact that Cisco works differently does NOT mean RouterOS is doing something wrong.
 
Malosa
just joined
Posts: 15
Joined: Thu Nov 15, 2012 4:32 pm

Re: v6.10 released

Thu Feb 27, 2014 4:37 pm

A whole forum with thousands of users with Mikrotik routers (different models) are having an issue with the 6.10 version with the IP TV from Movistar Spain (ADSLZone).

Image freezes and sometimes it isn't received.

Back to 6.9 and it perfectly works.
which forum is that? more info please. email support
This is the forum and the thread:

http://www.adslzone.net/postt311611.html

it has more than 600,000 views and hundreds, if not thousands, of users with Mikrotik.

I have an email support in progress (Vigor 130 modem issue), when it's solved I'll begin with the IP TV issue.

At the moment we are working well with 6.9, so this is not extremely urgent.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.10 released

Thu Feb 27, 2014 5:28 pm

In the decryption is bad scheme.
Well unless you are on a forward input filtering.
Take a look that speaks of packets addressed to the device and not forward to the network.
The device has its own IP address and the traffic going to the device is INPUT and not FORWARD

As for the fact that encryption is implemented in the routing decision for tunnel mode does not utter.
I do not understand what you are talking about.
Me neither.
Anyway, v6 packet flow is fixed and also ipsec example is added
http://wiki.mikrotik.com/wiki/Manual:Pa ... Decryption
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: v6.10 released

Thu Feb 27, 2014 11:26 pm

Hello Folks!

Static policy based routing marks does not work since RoS6.7, we now tried three times, also resetting the router, still same problem traffic does not pass through the MT router to ASA5510 from the mailserver.

It has been working for 5-6 years, and we never did change anything in the router the past 2 years, at RoS6.9 and RoS6.10 it simply does not work anymore.

Note! We do not use any ping or arp for checking gateways for these routing marks, routing marks are used to route traffic based on source ip and destionation port between two vlans, not for it should matter in this case but ASA5510 is not setup to anser ping by obvious reasons.

We have made supout file, MT responded not reproducable and asked for a test router to login, we ansered back need a date for such test, no responce back on that one so far.

Any suggestions, RoS6.11 maybe works better, 6.10 one does not ?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.10 released

Fri Feb 28, 2014 2:00 am

Please send us supout.rif file from problematic v6.10 installation and steps to repeat the issue. Let's get all these issues fixed. Thank you for all the help.
I have described the pppoe encryption bug exactly here:

http://forum.mikrotik.com/viewtopic.php ... 00#p411334

But not are in your list.

Please read that post.

Is all EXTREMELY detailed how to reproduce the tremendous bug.

Thanks
 
aTan
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Tue Nov 01, 2011 11:55 am

Re: v6.10 released

Fri Feb 28, 2014 10:15 am

OpenVPN disconnects every hour. OpenVPN doesn't release ip addresses from pool, there are many old connections in PPP Active connections. At least VPN part is since 6.8 very broken.
 
nka
newbie
Posts: 44
Joined: Tue Mar 22, 2011 7:48 pm
Location: Quebec, Canada

Re: v6.10 released

Fri Feb 28, 2014 3:17 pm

Just FYI, I updated the Package and Firmware on my RB2011UiAS without any problems (no reboot loop or whatever - someone was saying having problems, so I had some fear).
 
aTan
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Tue Nov 01, 2011 11:55 am

Re: v6.10 released

Fri Feb 28, 2014 4:53 pm

(Some?) Windows clients cannot connect to OpenVPN:
Fri Feb 28 15:09:40 2014 TCP connection established with x.x.x.x:1194
Fri Feb 28 15:09:40 2014 TCPv4_CLIENT link local: [undef]
Fri Feb 28 15:09:40 2014 TCPv4_CLIENT link remote: x.x.x.x:1194
Fri Feb 28 15:10:40 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Feb 28 15:10:40 2014 TLS Error: TLS handshake failed
Fri Feb 28 15:10:40 2014 Fatal TLS error (check_tls_errors_co), restarting
Fri Feb 28 15:10:40 2014 TCP/UDP: Closing socket
Fri Feb 28 15:10:40 2014 SIGUSR1[soft,tls-error] received, process restarting
After downgrade to 6.7 everything works fine.

UPDATE: CCR1016-12G
 
LennonNZ
just joined
Posts: 18
Joined: Wed Jun 06, 2012 1:09 am

Re: v6.10 released

Sat Mar 01, 2014 4:29 am

I found what route marking didn't work properly after upgrading to V6.10 until I upgraded the Firmware (3.12) as well
 
iwifiu
just joined
Posts: 3
Joined: Fri Jan 17, 2014 12:15 am

Re: v6.10 released

Sat Mar 01, 2014 6:04 am

Omnitik no issue
rb 951 better wifi
sext - works fine

Thank You
 
zdybilas
just joined
Posts: 4
Joined: Sun Oct 20, 2013 6:16 pm

Re: v6.10 released

Sun Mar 02, 2014 5:58 am

On my tablet accuweather is temporary unavailable. The same with few other apps. After flushing cache in ccr 6.10 everthing is ok for a while. Where is the problem?
I found that the problem occured when i'm behind tplink wr1043nd. It's possible that the problem is only local router? Why after flushing cache everything is ok? Only android tablets and smartphones are affected.
Last edited by zdybilas on Mon Mar 03, 2014 5:32 pm, edited 1 time in total.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.10 released

Mon Mar 03, 2014 9:47 am

Please send us supout.rif file from problematic v6.10 installation and steps to repeat the issue. Let's get all these issues fixed. Thank you for all the help.
I have described the pppoe encryption bug exactly here:

http://forum.mikrotik.com/viewtopic.php ... 00#p411334

But not are in your list.

Please read that post.

Is all EXTREMELY detailed how to reproduce the tremendous bug.

Thanks
please tell me your ticket number, I will check status of this issue. Did you also send supout.rif to support?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.10 released

Mon Mar 03, 2014 10:14 am

Please send us supout.rif file from problematic v6.10 installation and steps to repeat the issue. Let's get all these issues fixed. Thank you for all the help.
I have described the pppoe encryption bug exactly here:

http://forum.mikrotik.com/viewtopic.php ... 00#p411334

But not are in your list.

Please read that post.

Is all EXTREMELY detailed how to reproduce the tremendous bug.

Thanks
please tell me your ticket number, I will check status of this issue. Did you also send supout.rif to support?

Hi normis,

I have sended EMAIL at support@mikrotik.com 2014/02/14 16:24 (CET)
because the page https://www.mikrotik.com/client/?ecom=support do not accept supout.rif or autosupout.rif
I do not have any answer to my mail.

I have spoken with MT staff also at the M.U.M. :)

In the post
http://forum.mikrotik.com/viewtopic.php ... 00#p411334
I explain how to obtain again the kernel failure with ROS 6.9 or 6.10.
There is no need of supout.rif, it's extremely detailed the post in this case.

Thanks for the attention,

Best Regards.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.10 released

Mon Mar 03, 2014 10:31 am

I have sended EMAIL at support@mikrotik.com 2014/02/14 16:24 (CET)
This is the correct way to submit problems, you did everything correctly! When you send an email to support, you receive an auto response, with ticket number in subject. what is your ticket number?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.10 released

Mon Mar 03, 2014 6:20 pm

I have sended EMAIL at support@mikrotik.com 2014/02/14 16:24 (CET)
This is the correct way to submit problems, you did everything correctly! When you send an email to support, you receive an auto response, with ticket number in subject. what is your ticket number?
I re-submit the email and this is the ticket:

Ticket#2014030366000572
 
User avatar
DogHead
Member Candidate
Member Candidate
Posts: 196
Joined: Thu Jan 03, 2008 9:36 pm
Location: Anywhere you want me to be

Re: v6.10 released

Mon Mar 03, 2014 9:55 pm

We have tested and progressively went back through prior ROS versions until we found one where certificate management worked. You have to go back to 6.3. I think someone else mentioned this.

Any release after 6.3 certificate authority certs and keys cannot be properly imported, particularly from self signing in OpenSSL.

Funny thing is that if you install certs in 6.3 and then upgrade the certs remain functional.

I would guess that most of this issues with SSTP, OVPN, SSL etc are related to this issue. We did not notice until now because we were not installing new certificates, just upgrading systems with already installed certificates.
 
littlebill
Member Candidate
Member Candidate
Posts: 234
Joined: Sat Apr 30, 2011 3:11 am

Re: v6.10 released

Mon Mar 03, 2014 10:30 pm

We have tested and progressively went back through prior ROS versions until we found one where certificate management worked. You have to go back to 6.3. I think someone else mentioned this.

Any release after 6.3 certificate authority certs and keys cannot be properly imported, particularly from self signing in OpenSSL.

Funny thing is that if you install certs in 6.3 and then upgrade the certs remain functional.

I would guess that most of this issues with SSTP, OVPN, SSL etc are related to this issue. We did not notice until now because we were not installing new certificates, just upgrading systems with already installed certificates.

i started with 6.7 on a 2011. self signed. no issues with sstp both in a ptp, and with windows clients
 
napismizpravu
Member Candidate
Member Candidate
Posts: 135
Joined: Sat Apr 09, 2011 1:27 pm
Location: czech

info v6.11rc1 wireless error

Tue Mar 04, 2014 1:14 am

RB433UAH power 24V 2A

RouterOS 6.11rc1 error wireless (load high trafic p/s P2P)

2x error miniPCI card stop working /48hours

version 6.x - 6.10 the same configuration > OK , no error wireless
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.10 released

Tue Mar 04, 2014 11:56 am

i started with 6.7 on a 2011. self signed. no issues with sstp both in a ptp, and with windows clients
The certificates work, CAs don't get imported as CAs.

Another interesting bug affecting all 6.5+ releases (probably earlier also)...
Somehow the route marking stopped working suddenly on my CRS-125 (with 6.7 FW). Rebooted several times from software, tried to fix this, including upgrade to 6.10, downgrade down to 6.5 with no result.
More precisely the packets passed the marking mangle rules but they all went out on the default gateway, not the default one for marked packets.
Now after PULLING THE PLUG on the router and starting it up again, all worked normally with the original configuration.

IMHO this seems to me as a RAM region not wiped out properly on reboot/restart keeping a data corruption in place.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.10 released

Tue Mar 04, 2014 1:57 pm

i started with 6.7 on a 2011. self signed. no issues with sstp both in a ptp, and with windows clients
The certificates work, CAs don't get imported as CAs.
Be more specific what do you mean by "not imported as CA".
 
cmoegele
newbie
Posts: 35
Joined: Tue Nov 29, 2011 7:44 pm

Re: v6.10 released

Tue Mar 04, 2014 3:28 pm

With 6.10 the loadbalancer on my RB2011 does not work properly anymore ( during streaming or opening some websites connection stops / interrupts ) . The setting was configured with 6.3 and continously upgraded . Till 6.9 everything worked really smooth, but 6.10 seems to have some serious bugs,...
 
dlj87
just joined
Posts: 15
Joined: Wed Sep 26, 2012 8:52 am

Re: v6.10 released

Tue Mar 04, 2014 4:24 pm

Not(!) expression doesn't work in firewall -> filter rules -> add -> advanced -> content section (maybe in other sections too)on ROS 6.10
 
usx
newbie
Posts: 26
Joined: Sun Oct 27, 2013 7:30 pm

Re: v6.10 released

Wed Mar 05, 2014 12:11 am

Upgraded a RB2011UiAS-2HnD without any problems from 6.9 to 6.10.

Upgraded a RB450G with the following problem: upon reboot I had no internet access, I waited for about 2 minutes, tried to log in via web interface, which would not respond, so I rebooted again via serial console. After about a minute later everything was ok. The Log file got erased, but after the first reboot (when the upgrade got applied) over the second one until a web login no faults were recorded in the log. May have been a routing issue.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.10 released

Wed Mar 05, 2014 9:10 am

"Encryption negotiation rejected”
This is a SSTP configuration error, not a bug. Please check your config. I see several people with this config mistake. For the PPP profile that you use in SSTP, turn off encryption, this setting is only used for PPTP. If you have enabled encryption in the PPP profile and use it for SSTP, you will get this error.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.10 released

Thu Mar 06, 2014 12:07 am

i started with 6.7 on a 2011. self signed. no issues with sstp both in a ptp, and with windows clients
The certificates work, CAs don't get imported as CAs.
Be more specific what do you mean by "not imported as CA".
If I import a self signed certificate, it works.
But if I import the CA certificate (self issued, PEM, created with easyrsa, works in windows and linux), it is not recognized as root CA certificate (does not show a A besides the T). It is just treated as any other certificate.
If I remember correctly, in early ROS versions, one could set the ca property to yes in the console. This is not possible any more, being a read only property.
 
User avatar
DogHead
Member Candidate
Member Candidate
Posts: 196
Joined: Thu Jan 03, 2008 9:36 pm
Location: Anywhere you want me to be

Re: v6.10 released

Thu Mar 06, 2014 6:46 am

As Doc Marcus says, importing at CA does not work correctly. StartSSL CA certs seem to work. CACert CA does not. Self signed certs generated on Windows or Linux under easy-rsa from OpenVPN or from OpenSSL do not work. The certs are not recognized as CA certs, only normal certs and we have issues with negotiating connections under certificated services such as OpenVPN, SSTP etc.

As I posted earlier, certificates import appears to have stopped working with the implementation of 6.4. We did not notice, because upgrades of systems with already installed certs worked fine.

There must be some sort of incompatibilities between the encryption libraries in ROS and the versions of OpenSSL we and CACert are using.

BTW, there are no problems like this with OpenWRT.

This problem is really irritating. Wish that there was some regression testing of ROS before it gets released. It just seems that quality control is left to us users.
 
jwelebd
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Wed May 31, 2006 12:20 am
Location: Dhaka
Contact:

Re: v6.10 released

Thu Mar 06, 2014 7:00 am

May i use ROS 6.10 in RB750 ?
 
npero
Member
Member
Posts: 317
Joined: Tue Mar 01, 2005 1:59 pm
Location: Serbia

Re: v6.10 released

Thu Mar 06, 2014 8:16 am

May i use ROS 6.10 in RB750 ?
Yes I used it on RB750 basic configuration no problem. For now up time is 15 days.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.10 released

Thu Mar 06, 2014 10:57 am

Another bug: ( http://forum.mikrotik.com/viewtopic.php ... 4&p=413241 )

user-manager profile limitation can not be added via console if the default customer "admin" are renamed.

Adding a profile like "/tool user-manager profile limitation add name=Staff" (etc.) suppose that the owner is admin, the owner of the limitation are not declarable on console.

Thanks to user "beepee" for help me.
 
User avatar
greek
Member Candidate
Member Candidate
Posts: 117
Joined: Thu Nov 04, 2010 11:37 pm
Location: Russia, 78rus

Re: v6.10 released

Thu Mar 06, 2014 1:51 pm

Copper SFP-module OptiCin stopped working in v6.10 (but working good in v6.7), just not running in CRS125-24G-1S-2HnD
 
BBoy
just joined
Posts: 1
Joined: Thu Mar 06, 2014 3:23 pm

Re: v6.10 released

Thu Mar 06, 2014 3:55 pm

May i use ROS 6.10 in RB750 ?
Yes I used it on RB750 basic configuration no problem. For now up time is 15 days.
We use a RB750G at the office.
Generally speaking everything is well, but as in previous posts mentioned we have strange stability problems with VPN connections!

Both with OpenVPN and L2TP/IPSec connections sometimes totally stop working. (In case of OpenVPN there is TLS failed error in LOG which was mentioned by someone else already!) Regarding the L2TP/IPSec VPN connections after a while cannot be establish a connection at all!) To resolve these VPN issues only the reboot the right solution according to my experiences.

Temporary now I went back to RouterOS v6.7, it seems to be the above mentioned VPN issues are gone!

PS.: Just a stupid question, is there any archive where we can find previous RouterOS version for download?!
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.10 released

Thu Mar 06, 2014 4:37 pm

You can temporary get rid of this TLS error by setting reneg-sec 0 on ovpn server.
Problem will be fixed in next release.
 
User avatar
soulflyhigh
Member Candidate
Member Candidate
Posts: 179
Joined: Wed Sep 08, 2010 11:20 am

Re: v6.10 released

Thu Mar 06, 2014 6:16 pm

What's new in 6.11rc1 (2014-Mar-06 15:05):

*) wireless - add auto frequency feature;
What is auto frequency feature? As I can see on my test router it changes frequency but there is
no any explanation how this work exactly (it works too quickly for "complete scan and select the best channel" mode).
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.10 released

Thu Mar 06, 2014 8:02 pm

What's new in 6.11rc1 (2014-Mar-06 15:05):

*) ppp - default-encryption bug solved

http://forum.mikrotik.com/viewtopic.php ... 00#p411334



I just tested this build and the bug disappeared.

Where I can download officially beta / release candidate version without googling?

Thanks.
 
User avatar
soulflyhigh
Member Candidate
Member Candidate
Posts: 179
Joined: Wed Sep 08, 2010 11:20 am

Re: v6.10 released

Thu Mar 06, 2014 8:21 pm

Also, with new wireless package... there is 5GHz AC band in "New wireless channel" menu?
Does this mean that AC is finally supported?
You do not have the required permissions to view the files attached to this post.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2394
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.10 released

Thu Mar 06, 2014 9:36 pm

Nice :)
How to use - Wireless Fast Path for 802.11? It is in changelog for New “Wireless-FP” package
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: v6.10 released

Fri Mar 07, 2014 11:21 am

Nice :)
How to use - Wireless Fast Path for 802.11? It is in changelog for New “Wireless-FP” package
installing the new package automatically improves the wireless forwarding for Nv2 and 802.11.
Additionally you can enable the fast-path option by selecting in the queue interface to use hardware-only queue.
 
infused
Member
Member
Posts: 313
Joined: Fri Dec 28, 2012 2:33 pm

Re: v6.10 released

Fri Mar 07, 2014 1:21 pm

Good to see you delete my posts.

Pretty much confirms it all.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.10 released

Fri Mar 07, 2014 1:36 pm

Good to see you delete my posts.

Pretty much confirms it all.
such number of obscene words is clearly against the rules of this forum, I'm sorry but that's how it works: http://forum.mikrotik.com/faq.php

You are free to express your opinion without using such language.
 
aTan
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Tue Nov 01, 2011 11:55 am

Re: v6.10 released

Fri Mar 07, 2014 2:28 pm

You can temporary get rid of this TLS error by setting reneg-sec 0 on ovpn server.
Problem will be fixed in next release.
I can't find it in:
 /interface ovpn-server> server print
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.10 released

Fri Mar 07, 2014 3:23 pm

Not on our server, but on for example linux ovpn server.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.10 released

Fri Mar 07, 2014 4:13 pm

uldis / normis / mrz

the problem I have explained to you (uldis), at the Italian MUM, about kernel panic are solved now on 6.11rc1 2014/03/06

I tested yesterday this build and the bug disappeared.

Where I can download "officially" beta / release candidate version without use Google?

I would partecipate as tester.

Thanks.
 
ste
Forum Guru
Forum Guru
Posts: 1924
Joined: Sun Feb 13, 2005 11:21 pm

Re: v6.10 released

Fri Mar 07, 2014 5:37 pm

One Omnitik did not work wireless after upgrade. Disabling/Enabling the interface made it work again.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.10 released

Fri Mar 07, 2014 5:37 pm

Where I can download "officially" beta / release candidate version without use Google?

I would partecipate as tester.
write to support@mikrotik.com with your MikroTik.com account name - they will give you access to development releases
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.10 released

Fri Mar 07, 2014 5:50 pm

Where I can download "officially" beta / release candidate version without use Google?

I would partecipate as tester.
write to support --- mikrotik.com with your MikroTik.com account name - they will give you access to development releases
Very thanks!
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.10 released

Fri Mar 07, 2014 6:26 pm

Another bug that persists since 6.7 on CRS-125 and is still present on 6.10:
Incoming packets in the switch get output on all switch ports. Basically the switch behaves as a hub.
On 6.6 all is working as expected.
 
sashavl
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Mon Nov 01, 2010 8:19 pm
Contact:

Re: v6.10 released

Sat Mar 08, 2014 4:03 am

Where you see that? That's normal if ports are in master/slave relationship.
 
patrickmkt
Member Candidate
Member Candidate
Posts: 200
Joined: Sat Jul 28, 2012 5:21 pm

Re: v6.10 released

Sat Mar 08, 2014 6:55 am

"Encryption negotiation rejected”
This is a SSTP configuration error, not a bug. Please check your config. I see several people with this config mistake. For the PPP profile that you use in SSTP, turn off encryption, this setting is only used for PPTP. If you have enabled encryption in the PPP profile and use it for SSTP, you will get this error.

Could you elaborate more on that, I couldn't find anything about not setting encryption to 'required' for the sstp profile in the wiki.
If you set encryption to no for sstp, does that mean that the tunnel won't be encrypted?

If it's not a bug but a configuration error, then it's a major flaw in the ROS interface and OS to let use this setting for sstp.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.10 released

Sat Mar 08, 2014 12:16 pm

Where you see that? That's normal if ports are in master/slave relationship.
On wireshark in the local network.
And this is not normal. According to the OSI modell, a switch is a L2 device which forwards packets according to a MAC lookup table offering by definition per port collision domains (not applicable in UTP scenarios) and a single broadcast domain.
http://en.wikipedia.org/wiki/Network_switch
So multicast/broadcasts have to go to all interfaces, unicasts to their destination ports (I talk about ethernet MAC addresses, not IP stuff).
And this is why port mirroring was invented, to circumvent this restriction if needed.
A device sending all incoming traffic to all interfaces is called a HUB and is a L1 device.

It worked properly up to ROS 6.6.
 
estdata
Member Candidate
Member Candidate
Posts: 100
Joined: Mon Feb 20, 2012 9:05 pm
Contact:

Re: v6.10 released

Sun Mar 09, 2014 5:09 pm

I've updated the router version 6.10, and after that, it is a problem with the ethernet speed , a big loss
Before it was 6.9 and was ok
If anyone still has the speed and the problem then let me know
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.10 released

Mon Mar 10, 2014 8:40 am

"Encryption negotiation rejected”
This is a SSTP configuration error, not a bug. Please check your config. I see several people with this config mistake. For the PPP profile that you use in SSTP, turn off encryption, this setting is only used for PPTP. If you have enabled encryption in the PPP profile and use it for SSTP, you will get this error.

Could you elaborate more on that, I couldn't find anything about not setting encryption to 'required' for the sstp profile in the wiki.
If you set encryption to no for sstp, does that mean that the tunnel won't be encrypted?

If it's not a bug but a configuration error, then it's a major flaw in the ROS interface and OS to let use this setting for sstp.
No it doesn't mean that, the SSTP tunnel will be encrypted with it's own algorythm. The ppp setting is only for PPTP, and if you enable it, it will attempt to use this too, which is not made for SSTP and will result in the above error. We will clarify the manual and will re-label this checkbox.

As you know, PPP profiles are shared between a number of tunnel types. Not all options apply to all.
 
rayman1366
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Mon Feb 20, 2012 1:49 am

Re: v6.10 released

Mon Mar 10, 2014 1:36 pm

hello
still ip/route table in snmp (dude) problem not solved!
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.10 released

Mon Mar 10, 2014 1:39 pm

hello
still ip/route table in snmp (dude) problem not solved!
sorry but we are currently not working on Dude problems, maybe later in the year
 
MichaelBliss
just joined
Posts: 9
Joined: Mon Jul 14, 2008 11:33 am

Re: v6.10 released

Mon Mar 10, 2014 3:40 pm

Ive just upgraded to 6.10 on my RB750, now when I disable PPPOE interfaces i lose all connectivity to my router for a minute or so. I have multiple PPPOE ISP accounts and tend to disable and enable interfaces a lot.

Is there a different way that I should be doing this or is this a bug??
 
ffernandes
Member Candidate
Member Candidate
Posts: 148
Joined: Mon Jun 23, 2008 11:20 pm

Re: v6.10 released

Tue Mar 11, 2014 1:19 am

dunno if anyone else is having the same problem but...
upgraded an rb435g to the 6.11rc1 with the fp wireless driver and its getting
"system rebooted because of kernel failure"
"router was rebooted without proper shutdown!!

file attached!!!

now at 11/03/14 was my rb800 that crashed :X
same error as the 435g

i'm using the 10/03/14 13:36 release....
You do not have the required permissions to view the files attached to this post.
Last edited by ffernandes on Wed Mar 12, 2014 12:02 am, edited 1 time in total.
 
sasskass
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Wed Mar 15, 2006 4:39 pm

Re: v6.10 released

Tue Mar 11, 2014 5:30 am

hello
still ip/route table in snmp (dude) problem not solved!
sorry but we are currently not working on Dude problems, maybe later in the year
hello

does anyone working on igmp snooping feature - this year ,next year...?


Aleksander
 
User avatar
Masyanich
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Mon Jan 21, 2013 8:19 am
Location: Russian province
Contact:

Re: v6.10 released

Wed Mar 12, 2014 6:31 am

Image

Auto-negotiation is not working properly :(
problem arose after updating to 6.10
tile
 
kozik
just joined
Posts: 1
Joined: Wed Mar 05, 2014 10:11 pm

Re: v6.10 released

Wed Mar 12, 2014 10:23 am

There is a bug with dhcp-server on vlan. After update from 5.25 to 6.10 some devolo dlan pro modems cant get their IPs. Had to downgrade.
Same problem on x86 . Dhcp servers on Vlans not working correctly. Clients get Ip but after the lease expired cannot renew lease. Router shows "Server offering lease without success" After the reboot everything fine until next renew. Clear installation, no other configuration , no bridges . 3 vlans under the ethernet interface. The same issue on 6.0 and 6.10. On 5.26 everything works fine.
 
User avatar
Jetrider
newbie
Posts: 42
Joined: Tue May 12, 2009 11:31 am

Re: v6.10 released

Wed Mar 12, 2014 11:25 am

There is a bug with dhcp-server on vlan. After update from 5.25 to 6.10 some devolo dlan pro modems cant get their IPs. Had to downgrade.
Same problem on x86 . Dhcp servers on Vlans not working correctly. Clients get Ip but after the lease expired cannot renew lease. Router shows "Server offering lease without success" After the reboot everything fine until next renew. Clear installation, no other configuration , no bridges . 3 vlans under the ethernet interface. The same issue on 6.0 and 6.10. On 5.26 everything works fine.

I can second this. This is OLD bug. v6.5 is fine, versions above it are broken. Talked to support - no avail. ... Achilles glared at him and answered, "Fool, prate not to me about covenants. There can be no covenants between men and lions."
 
michaelcarey
newbie
Posts: 41
Joined: Thu May 11, 2006 8:03 am
Location: Port Lincoln, South Australia

Re: v6.10 released

Wed Mar 12, 2014 11:26 am

Since upgrading to v6.10, my CRS125-24G-1S seems to be acting more like a hub than a switch! My normally quiet home network has become VERY busy!

I had a quick search through this thread and couldn't find anyone with my symptom... sorry if I missed it.

Port 1 is connected to an ADSL router. Port 2 is local master and all other ports are switch chip slaves to Port 2.

Any IP traffic received on any port is sent to ALL other running ports. I'm not sure if this is a bug introduced with v6.10 or something else is screwy with my network.

Here I am transferring a file from one computer to another... while the transfer is occurring, everything else sloooows right down.

Image
 
becs
MikroTik Support
MikroTik Support
Posts: 499
Joined: Thu Jul 07, 2011 8:26 am

Re: v6.10 released

Wed Mar 12, 2014 11:52 am

michaelcarey,
Enter this command to fix it on CRS125:
/interface ethernet switch port set [find] learn-restricted-unknown-sa=yes
 
michaelcarey
newbie
Posts: 41
Joined: Thu May 11, 2006 8:03 am
Location: Port Lincoln, South Australia

Re: v6.10 released

Wed Mar 12, 2014 11:59 am

michaelcarey,
Enter this command to fix it on CRS125:
/interface ethernet switch port set [find] learn-restricted-unknown-sa=yes
Yay !!

Problem solved! Thank you so much!

Is this something that was introduced when I upgraded to v6.10? Will I need to worry about it again?

Michael.
 
User avatar
saaremaa
Member Candidate
Member Candidate
Posts: 162
Joined: Tue Feb 02, 2010 7:48 pm
Location: Baltijos šalių miestas

Re: v6.10 released

Thu Mar 13, 2014 9:03 am

build (2014-03-12 14:58:04)
*) fixed 100% cpu usage on CCRs;
You can get more information on bug fixes. Under what conditions does it arise?
 
DrDeft
just joined
Posts: 21
Joined: Sat Jun 30, 2012 2:16 pm

Re: v6.10 released

Thu Mar 13, 2014 3:15 pm

http://forum.mikrotik.com/viewtopic.php?f=1&t=79914

Hi
I have a customers who love your products, are subject to DDoS attacks (SYN flood), and it hurts that Mikrotik doesn't have "notrack" target, just SYN flood over his CCR will knock down CPU to 100%.
And if it had -j NOTRACK (or newer kernels: -j CT --notrack), it can be solved, he needed conntrack only for special case, and cannot turn it off completely.
Please consider adding this option, it should be very trivial to do, and will help a lot of people to solve their issues with conntrack overflow.
If possible take this matter seriously, because the only choice i have to show them how perfect are Mikrotik support, or to explain it is not, and to move them to alternative solution.
Thank you.
 
User avatar
Raf
Member Candidate
Member Candidate
Posts: 171
Joined: Thu May 07, 2009 4:26 pm
Location: Olesnica, Poland
Contact:

Re: v6.10 released

Thu Mar 13, 2014 3:36 pm

build (2014-03-12 14:58:04)
*) fixed 100% cpu usage on CCRs;
You can get more information on bug fixes. Under what conditions does it arise?
+1 to that.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.10 released

Thu Mar 13, 2014 3:46 pm

build (2014-03-12 14:58:04)
*) fixed 100% cpu usage on CCRs;
You can get more information on bug fixes. Under what conditions does it arise?
Bug fixing doesn't work like that. We can fix the source of the problem, but it will be very hard to list all situations where this bug was showing itself.
 
spire2z
Long time Member
Long time Member
Posts: 516
Joined: Mon Feb 14, 2005 2:48 am

Re: v6.10 released

Fri Mar 14, 2014 12:51 am

Obviously you can't be 100% sure with these things but on two routers within a few hours of upgrade suffered ethernet port flapping. Fixing the port speed from auto-negotiate seems to have solved it so far for a few days.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: v6.10 released

Fri Mar 14, 2014 2:17 pm

dunno if anyone else is having the same problem but...
upgraded an rb435g to the 6.11rc1 with the fp wireless driver and its getting
"system rebooted because of kernel failure"
"router was rebooted without proper shutdown!!

file attached!!!

now at 11/03/14 was my rb800 that crashed :X
same error as the 435g

i'm using the 10/03/14 13:36 release....
Please upgrade to newest test release of v6.11 and check agin if you still see the kernel panics. If yes, then send that new support output files to support@mikrotik.com
 
rpingar
Long time Member
Long time Member
Posts: 593
Joined: Fri May 28, 2004 2:46 pm
Location: Italy

Re: v6.10 released

Fri Mar 14, 2014 6:48 pm

may we have more explanation about this changelog about 6.11:
*) fixed 100% cpu usage on CCRs;

regards
Ros
 
patrick7
Member
Member
Posts: 341
Joined: Sat Jul 20, 2013 2:40 pm

Re: v6.10 released

Fri Mar 14, 2014 9:18 pm

Hi,

Does anybody here also have the problem that IPv6 addresses sometimes aren't working until disable and re-enable (new added address or after a reboot)? Had that on 4 MikroTiks (RB750GL, RB2011UAS-RM, RB2011UiAS-2HnD-IN, RB951G-2HnD) but unfortunately MikroTik cannot confirm this bug. Very annoying if after a reboot nothing is working.
I'm mostly using IPv6 addresses on bridges.

Edit: Not working means, sometimes I can ping the IPv6 from the local MikroTik cli. But if I try to reach another host in that subnet, traffic goes through the default gateway.

Regards & have a nice weekend,
Patrick
 
dlj87
just joined
Posts: 15
Joined: Wed Sep 26, 2012 8:52 am

Re: v6.10 released

Fri Mar 14, 2014 9:46 pm

Strange high ping fluctuations though OpenVPN tunnels between mikrotik routers (client-server) and mikrotik - centos 6 (client-server) appear in 6.10. This issue makes sip (voice) packets drop and clients are not able to hear each other for a second or two in the moment. Please do something...
Ответ от 192.168.192.10: число байт=32 время=5мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=5мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=5мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=244мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=241мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=242мс TTL=62
 
Shiro
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Sep 25, 2013 6:44 pm

Re: v6.10 released

Sun Mar 16, 2014 12:14 am

Hi,

I updated my RB493g from 6.11rc1 to 6.11 package from yesterday (14.03.).

I got the following issue, randomly ppp dies. I have to permanent pppoe dsl session, one permanent l2tp connection and two l2tp road warriors.

After login in with one of my l2tp roadwarriors, all ppp session crashed. I was able to reproduce this error two times. After that, ppp runs fine for around 2 hours.

The only way to fix that hanging ppp is to reboot, i see this message on the rb serial console.

Rebooting...
Stopping services...
failed to stop ppp: std failure: timeout (13)
could not move ram disk: Invalid argument
copying packages to flash...
Restarting system.

I found a autosupout.rif after reboot on the filesystem.
 
maarisl
just joined
Posts: 1
Joined: Sun Mar 16, 2014 10:52 pm

Re: v6.10 released

Sun Mar 16, 2014 11:07 pm

On v5.x I had queue on subnet 10.1.1.0/24 which limited 3M up and 5M down per each IP and total max rate for subnet to 5M/15M but on v6.10 work only total queue but per IP does not.
Example:
/queue simple add max-limit=5M/15M name=10 priority=3/3 queue=up3/down5 target=10.1.1.0/24 \
total-priority=3 total-queue=default
/queue type add kind=pcq name=up3 pcq-classifier=src-address pcq-dst-address6-mask=64 \
pcq-rate=3M pcq-src-address6-mask=64
/queue type add kind=pcq name=down5 pcq-classifier=dst-address pcq-dst-address6-mask=64 \
pcq-rate=5M pcq-src-address6-mask=64

Please advise what shoud be done different to have limit 3M/5M per each IP of subnet ?
 
elmer
newbie
Posts: 40
Joined: Mon Jun 18, 2012 4:02 pm

Re: v6.10 released

Mon Mar 17, 2014 12:16 am

RB951Ui-2HnD
First problem is poe firmware.
Second, installed dude 3.6, when i checked uninstall and reboot router dead.
Third - netinstall 6.10 won`t work, 5.26 unbricked router, but poe out don`t works...
After install 6.10 poe came to live, but firmware is still 0.0 :(

PS. LED`s on ports don`t work! ;)
You do not have the required permissions to view the files attached to this post.
 
Spaceath
just joined
Posts: 3
Joined: Sat Oct 27, 2012 3:20 pm

Re: v6.10 released

Mon Mar 17, 2014 1:09 am

Im having issues with ntp client.
2 rb433 and 2rb951 doesnt sync the clock time with ntp servers.
anyone else having this problem?
 
Ansy
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Mon Oct 17, 2011 1:32 pm
Location: Russia
Contact:

Re: v6.10 released

Mon Mar 17, 2014 10:00 am

elmer, I've got very same problem with my RB/750 upgrading it to v6.10.

How do your hardware "work" exactly?

My RB/750 turns all LEDs ON (despite of real state of Ethernet ports) and no reaction in WinBox, no traffic at all (after normal reboot) -- I've sniffed any packets with WireShark software.

If I reset device to defaults (short circuit contact hole with screwdriver or 1-2 sec RESET while powering on) hardware lights Ethernet LEDs right according to real port connections -- but no any Ethernet packets too.

Finally I've tried to netinstall some versions 5.xx and 6.xx in hope to reanimate the device. Pressing RESET button untill ACT LED goes off gives device to network (IP, bootp, visible to netinstall) and makes netinstall process possible... but loading any firmware doesn't repair my RB/750 after rebooting :(

[Ticket#2014031166000717] support says:
unfortunately no, this model does not support it [RS-232]. It may have serial port pads on
pcd, but they won't work without special software on router which we do not share
with public.
...
whole picture looks awflly like problem with nand flash on router, it could have
died of old age so to speek or just hardware failure of this specific chip. In
this case router hardware replacement will be required.
It's strange that two RB751U-2HnD devices have been upgraded to 6.10 successfully and work OK for now.

Please get us to know about progress with yours (and details, please).

P.S. My RB/750 worked not hard in good datacenter conditions for ~ 2 years. Sad :(
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.10 released

Mon Mar 17, 2014 10:28 am

Try this:
whit reset BUTTON pressed, (not the hole pin with screwdriver) plug the power, after 2 sec stop press the button.
Wait,
if the rb start, open winbox and update BIOS:
put BOTH this file in "files" folder
http://i.mt.lv/routerboard/files/ar7240_3.13.fwf
http://i.mt.lv/routerboard/files/ar7100_3.10.fwf
and launch

ros code

/system routerboard update
DO NOT REBOOT

After that prepare netistall 6.10 with 6.10 software
http://download2.mikrotik.com/routeros/ ... l-6.10.zip
http://download2.mikrotik.com/routeros/ ... e-6.10.npk
and launch this on console:

ros code

/system routerboard settings
set baud-rate=115200
set boot-delay=2s
set boot-device=try-ethernet-once-then-nand
set boot-protocol=bootp
set cpu-mode=regular
set enable-jumper-reset=yes
set enter-setup-on=delete-key
set force-backup-booter=no
set silent-boot=no
now reboot and use netinstall without keeping old configuration
 
Ansy
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Mon Oct 17, 2011 1:32 pm
Location: Russia
Contact:

Re: v6.10 released

Mon Mar 17, 2014 10:44 am

if the rb start, open winbox and update BIOS:
I'm glad to do it, but:
My RB/750 turns all LEDs ON (despite of real state of Ethernet ports) and no reaction in WinBox, no traffic at all (after normal reboot) -- I've sniffed any packets with WireShark software.

If I reset device to defaults (short circuit contact hole with screwdriver or 1-2 sec RESET while powering on) hardware lights Ethernet LEDs right according to real port connections -- but no any Ethernet packets too.
Simply I can not see device with WinBox (MAC or IP) at all. Only Netinstall sees it somehow.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.10 released

Mon Mar 17, 2014 11:00 am

Forget the hole with the screwdriver.

1) before power the rb, press reset button and leave pressed, insert power plug, and wait until devices are visible in netinstall (15~20sec) [assuming the pc is working], now release reset button.
2) If you can see correctly the device on netinstall 6.10, try to install the package 6.10.
3) If netinstall fail, repeat the steps 1-2 with netisntall 5.26 AND RouterOS 5.26.
4) When devices show "waiting reboot" on netisntall, fast remove the power,
5) before power the rb, press reset button and still with reset button pressed, insert power plug, and when any led display up, release reset button [load backup bios].
6) Wait if rb start and follow the previous instruction to upgrade the bios.
 
chm0d755
just joined
Posts: 9
Joined: Mon Dec 31, 2012 2:45 am

Re: v6.10 released

Mon Mar 17, 2014 11:22 am

Delete this post. I found my problem.
Last edited by chm0d755 on Tue Mar 18, 2014 10:44 am, edited 1 time in total.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.10 released

Mon Mar 17, 2014 1:09 pm

I have just netinstalled 6.10 on RB2011UAS-2HnD and upgraded FW from 3.10 to 3.12. I was not able to run config script downloaded from v.6.9. so I did it by copy-paste thru terminal.

Reason: The Netwatch is missing in Tools.

How to get Netwatch back? I need it.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.10 released

Mon Mar 17, 2014 1:12 pm

I have just netinstalled 6.10 on RB2011UAS-2HnD and upgraded FW from 3.10 to 3.12. I was not able to run config script downloaded from v.6.9. so I did it by copy-paste thru terminal.

Reason: The Netwatch is missing in Tools.

How to get Netwatch back? I need it.
I am a dumb. Advanced tools package is missing... sorry everyone for disturbing.
 
Ansy
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Mon Oct 17, 2011 1:32 pm
Location: Russia
Contact:

Re: v6.10 released

Mon Mar 17, 2014 1:39 pm

Forget the hole with the screwdriver.
1) before power the rb, press reset button and leave pressed, insert power plug, and wait until devices are visible in netinstall (15~20sec) [assuming the pc is working], now release reset button.
2) If you can see correctly the device on netinstall 6.10, try to install the package 6.10.
3) If netinstall fail, repeat the steps 1-2 with netisntall 5.26 AND RouterOS 5.26.
4) When devices show "waiting reboot" on netisntall, fast remove the power,
5) before power the rb, press reset button and still with reset button pressed, insert power plug, and when any led display up, release reset button [load backup bios].
6) Wait if rb start and follow the previous instruction to upgrade the bios.
rextended, made all your checklist exactly (thanks for trick #4) twice with netinstall6.10+routeros6.10 & netinstall5.26+routeros5.26, but thats' doesn't help to repair my device.

After all, I can not see its MAC with WinBox in default boot mode (RESET button shortly pressed while power on) and free reboot.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.10 released

Mon Mar 17, 2014 1:48 pm

Made one last try with [use SAME version of Netinstall and RouterOS!]
http://download.mikrotikindonesia.com/i ... l-5.11.zip
http://download.mikrotikindonesia.com/i ... e-5.11.npk

Yes, that version!...

I have the same problem, when I forget to upgrade BIOS [firmware] before upgrading some SXT to version 5.26 or 6.x
But after I successfully boot RB with old software [or backup BIOS] I can fix with the method described before.

If you reach to reboot properly the board, first do bios upgrade as I explain on previous post.
 
m3gaman
just joined
Posts: 19
Joined: Sun Jun 02, 2013 10:24 pm

Re: v6.10 released

Mon Mar 17, 2014 6:25 pm

Hi, I have a problem using option DHCPv6-PD to send ipv6 prefixes via pppoe, the option send the prefix and create the route, works well and hangs dhcp when pppoe conection drop.
If I disconect normaly them dhcpv6 release the prefix but when hangs suddenly it simply stay conected and dhcpv4 stop too, cant get new prefixes or release the one with pppoe. When that happens one core of my cpu goes 100% and only a reboot normalize it.
 
Majklik
newbie
Posts: 35
Joined: Fri Dec 23, 2011 10:20 pm

Re: v6.10 released

Mon Mar 17, 2014 10:55 pm

Does anybody here also have the problem that IPv6 addresses sometimes aren't working until disable and re-enable (new added address or after a reboot)? Had that on 4 MikroTiks (RB750GL, RB2011UAS-RM, RB2011UiAS-2HnD-IN, RB951G-2HnD) but unfortunately MikroTik cannot confirm this bug. Very annoying if after a reboot nothing is working.
I'm mostly using IPv6 addresses on bridges.

Edit: Not working means, sometimes I can ping the IPv6 from the local MikroTik cli. But if I try to reach another host in that subnet, traffic goes through the default gateway.
Yes, I have the same problem long time. Mostly on the bridge interface or on the VRRP interface. After rebooting the IPv6 do not works on the interface.
bridge - The bridge do not have a link local address after reboot sometimes. There is in the /ipv6 address listed correct link local address but interface is (unknown). After disable/enable bridge then is created new record with correct link local address and correct interface and IPv6 works. All bridges have admin MAC set.
VRRP - After rebooting the vrrp interface which starts as master sometimes do not operate with IPv6 (link local address is correctly assigned). After disable/enable or switch slave/master state IPv6 starts working.
These problems begin with ROS6.3 and ROS5.25 on RB1100AH/AHx2. Reported long time ago, never answered.

The bridge problem after resolving with disable/enable looks like this:
/ipv6 address print where address="fe80::ff:fe00:12/64"
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE               ADVERTISE
20 DL fe80::ff:fe00:12/64                                   (unknown)               no       
21 DL fe80::ff:fe00:12/64                                   bridge-wan              no       
 
Ansy
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Mon Oct 17, 2011 1:32 pm
Location: Russia
Contact:

Re: v6.10 released

Tue Mar 18, 2014 6:37 am

Made one last try with [use SAME version of Netinstall and RouterOS!]
http://download.mikrotikindonesia.com/i ... l-5.11.zip
http://download.mikrotikindonesia.com/i ... e-5.11.npk
Yes, that version!...
Done.
RB750_netinstall5.11_ros5.11_before.png
But after reboot (fast power off when "Waiting...", then power on with RESET button pressed till LEDs on, then power off/on reboot) I see no my device RB/750 in WinBox
WinBox5.11.png
So I can't do next part of firmware/bios upgrade procedure. All LEDs on, no any network activity/visibility :(
I have the same problem, when I forget to upgrade BIOS [firmware] before upgrading some SXT to version 5.26 or 6.x
But after I successfully boot RB with old software [or backup BIOS] I can fix with the method described before.
If you reach to reboot properly the board, first do bios upgrade as I explain on previous post.
I'm very glad if your receipt helps you or somebody else in same trouble... but not me, sorry.

For now I've got LEDs box for Christmas Tree and spare 12V Power Supply :?
You do not have the required permissions to view the files attached to this post.
 
patrick7
Member
Member
Posts: 341
Joined: Sat Jul 20, 2013 2:40 pm

Re: v6.10 released

Tue Mar 18, 2014 8:38 pm

Thanks @Majklik, opened a ticket again :-)
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: v6.10 released

Tue Mar 18, 2014 10:34 pm

Hello Folks!

Upgraded rb2011 and rb750 to RoS6.10 from RoS6.7, all l2tp links fails more or less, nothing in logs they simply stop working after some megabytes of data traversing them, average is 2-3 Mbyte, then dead.

This is VERY serious problem for our business, economic loss is result this time, many co-workers just sit doing nothing!!!

The same goes for routing marks, they are also ignored after upgrade.

Now trying to rollback.
 
Majklik
newbie
Posts: 35
Joined: Fri Dec 23, 2011 10:20 pm

Re: v6.10 released

Wed Mar 19, 2014 12:07 am

Hi, I have a problem using option DHCPv6-PD to send ipv6 prefixes via pppoe, the option send the prefix and create the route, works well and hangs dhcp when pppoe conection drop.
If I disconect normaly them dhcpv6 release the prefix but when hangs suddenly it simply stay conected and dhcpv4 stop too, cant get new prefixes or release the one with pppoe. When that happens one core of my cpu goes 100% and only a reboot normalize it.
Yes, I agree. I see this from ROS6.7 days (at least on the RB800). A profile show that a dhcp task consumes my CPU.
 
3bs
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Tue Aug 09, 2011 12:33 am
Location: Irkutsk, Russia

Re: v6.10 released

Wed Mar 19, 2014 7:00 am

v6.10 every hour disconnect openvpn.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.10 released

Wed Mar 19, 2014 10:03 pm

v6.10 every hour disconnect openvpn.
probably, it's already fixed in pre-release:
What's new in 6.11 (2014-Mar-18 11:14):

*) ovpn - fixed TLS renegotiation;
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.10 released

Wed Mar 19, 2014 10:38 pm

Actually are another bug, also present on 6.8, 6.9 and 6.10
and go worst on 6.11:

Winbox connection from pc directly connected on the gateway/pppoe server [really not matter where pc are connected]
to one CPE on IP obtained from pppoe with MRRU set,
is continually broken after receiving some data from CPE.

The problem regard exclusively Winbox service on RouterOS, bandwidth and other parameters working perfectly with very low latency.

On 6.7 is perfectly stable.

The problem is not present if one ip for wlan1 are used.
 
JanezFord
Member Candidate
Member Candidate
Posts: 269
Joined: Wed May 23, 2012 10:58 am

Re: v6.10 released

Thu Mar 20, 2014 9:54 am

I believe this issue is somehow v6.10 related .. I did not experience this kind of problems with older versions of routeros.

http://forum.mikrotik.com/viewtopic.php?f=3&t=83030

JF.
 
FlySt0nE
just joined
Posts: 4
Joined: Thu Oct 18, 2012 5:08 pm

Re: v6.10 released

Thu Mar 20, 2014 9:55 am

951 and 751, after upgrade on 6.10 don't work ntp client.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: v6.10 released

Thu Mar 20, 2014 11:04 am

951 and 751, after upgrade on 6.10 don't work ntp client.
NTP client works fine after upgrade. Please check if the NTP server IP isn't changed.
 
FlySt0nE
just joined
Posts: 4
Joined: Thu Oct 18, 2012 5:08 pm

Re: v6.10 released

Thu Mar 20, 2014 11:19 am

NTP client works fine after upgrade. Please check if the NTP server IP isn't changed.
IP of NTP server didn't changed, and after i found problem, i tried change IP to new. In 6.07 work fine.
We have 2 of 751 and 3 of 951, every have problem with NTP Client.
 
FlySt0nE
just joined
Posts: 4
Joined: Thu Oct 18, 2012 5:08 pm

Re: v6.10 released

Thu Mar 20, 2014 11:23 am

Im having issues with ntp client.
2 rb433 and 2rb951 doesnt sync the clock time with ntp servers.
anyone else having this problem?
Another user has the same problems like me.
 
Majklik
newbie
Posts: 35
Joined: Fri Dec 23, 2011 10:20 pm

Re: v6.10 released

Thu Mar 20, 2014 11:59 am

I believe this issue is somehow v6.10 related .. I did not experience this kind of problems with older versions of routeros.

http://forum.mikrotik.com/viewtopic.php?f=3&t=83030
This problem with full IPv4 route cache I see for whole ROS6 line. With the ROS 6.10 is only more fastelly cache filled.
951 and 751, after upgrade on 6.10 don't work ntp client.
On few RB912 I had this problem directly after upgrade too. But after second reboot SNTP client opetares OK.
 
skibi82
newbie
Posts: 43
Joined: Fri Mar 22, 2013 7:09 pm

Re: v6.10 released

Thu Mar 20, 2014 1:31 pm

Above version 6.7 I noticed a strange phenomenon.
Well, in the case when I have defined DSTNAT redirection inside the network.
And leaning forward Addres Lists After some time available services stop working.
It helps to reboot mikrotik and everything returns to normal.

It seems that this phenomenon is related to Ticket # 2014031066000782

My next observation is a problem with the DNS service
Submitted as Ticket # 2014031966000417

Well dns cache is not properly refresh, ignoring ttl times in the case of kiedi change the static dns entry on the aaaa bbbb is still visible in the cache address aaaa if it was used and can not do anything about it.
x1.png
Flusch d'ont help.
Wrong address is still in the cache given.
Computers using DNS cache get an incorrect address.

Temporary solution
before the change simply disable adrres.
Then change the content and turn it on.

How to hang an address in the cache. Please add it again under a name then disable and remove.

Please someone from the support looked at the problem.
Problems are critical to the sustainability of the action of ROS
You do not have the required permissions to view the files attached to this post.
 
FlySt0nE
just joined
Posts: 4
Joined: Thu Oct 18, 2012 5:08 pm

Re: v6.10 released

Thu Mar 20, 2014 6:58 pm

Just downgrade to 6.07 two of devices, ntp client working fine.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.10 released

Thu Mar 20, 2014 9:29 pm

Just downgrade to 6.07 two of devices, ntp client working fine.
Tomorrow exit 6.11
 
User avatar
armandfumal
Member Candidate
Member Candidate
Posts: 158
Joined: Wed Apr 25, 2012 5:50 pm
Location: Weiswampach,LUX
Contact:

Re: v6.10 released

Fri Mar 21, 2014 8:45 am

NTP client works fine after upgrade. Please check if the NTP server IP isn't changed.
IP of NTP server didn't changed, and after i found problem, i tried change IP to new. In 6.07 work fine.
We have 2 of 751 and 3 of 951, every have problem with NTP Client.
I'm using 6.10 on RB951, no NTP problem...

Who is online

Users browsing this forum: boocko, menyarito, Michiganbroadband and 81 guests