That is the way it works, dummy rules, are based on fasttrack-connection flag in connection tracking. if you remove the rule, there are still fasttracked packets from flaged connections.The dummy rules (in firewall filter and in firewall mangle) are not dynamically removed when fasttracking rule is removed: [Ticket#2015072766000161]
Update to that, it now seems to have completed the download.Torrent download of 6.30.2 seems stuck on 335 / 356MB, 93.09 %
Direct downloads seem fine though.
fix what? "I have some error, I won't tell you anything about it, but please fix it - aren't you a telepathists?"so please fix this.
Technical thats an downgradeI am update hap lite from _6.31rc6 to 6.30.2 and the script which one is worked fine in 6.31rc6 not work anymore!
I am using SSTP, but I also have one temporary PPTP and no issues here - nor 6.30.2 neither the previous:pptp server is still broken in 6.30.2
ppp,error,critical 16: Encryption got out of sync - disabling
Is it a MTU related issue?
/ppp profile
add change-tcp-mss=no dns-server=192.168.254.1 local-address=192.168.254.1 name=sstp-server only-one=no remote-address=pool-VPN use-compression=no use-encryption=no use-mpls=no
add change-tcp-mss=no dns-server=192.168.254.1 local-address=192.168.254.1 name=pptp-server only-one=no remote-address=pool-VPN use-compression=no use-encryption=yes use-mpls=no
add name=only-one only-one=yes
/interface pptp-server server
set authentication=mschap2 default-profile=pptp-server
hi guys i have problem with lollipop phone they connect to the server but without internet and they don't open sign in page for hotspot pleaz help my clintes start to be mad
forgive my english it's not that good
if i upgrade to v6.30.2 bugfix release could be the problem go away ?
and how to upgrade
Maybe the URL is the problem -Update to that, it now seems to have completed the download.Torrent download of 6.30.2 seems stuck on 335 / 356MB, 93.09 %
Direct downloads seem fine though.
Guess there weren't enough seeders -
If Mikrotik doesn't do the initial seeding in the first place then no matter how many people try to download, or if the link is publicly published, it will never complete.Maybe the URL is the problem -Update to that, it now seems to have completed the download.Torrent download of 6.30.2 seems stuck on 335 / 356MB, 93.09 %
Direct downloads seem fine though.
Guess there weren't enough seeders -
http://www.mikrotik.com/download/router ... .2.torrent
More seeders will join if the URL is published.
Android I think uses a bit different link for captive portal checking: "http://connectivitycheck.android.com/generate_204" at least the one I have.This might be something I've come across recently which is more an Android 5.x thing. The device will try to load http://clients3.google.com/generate_204, and if it can't, figures its in a walled garden and decides it won't connect to the wifi automatically...
https://www.chromium.org/chromium-os/ch ... -detection
hi guys i have problem with lollipop phone they connect to the server but without internet and they don't open sign in page for hotspot pleaz help my clintes start to be mad
forgive my english it's not that good
if i upgrade to v6.30.2 bugfix release could be the problem go away ?
and how to upgrade
thanx but it did not work any more ideas ???Android I think uses a bit different link for captive portal checking: "http://connectivitycheck.android.com/generate_204" at least the one I have.This might be something I've come across recently which is more an Android 5.x thing. The device will try to load http://clients3.google.com/generate_204, and if it can't, figures its in a walled garden and decides it won't connect to the wifi automatically...
https://www.chromium.org/chromium-os/ch ... -detection
hi guys i have problem with lollipop phone they connect to the server but without internet and they don't open sign in page for hotspot pleaz help my clintes start to be mad
forgive my english it's not that good
if i upgrade to v6.30.2 bugfix release could be the problem go away ?
and how to upgrade
/ip hotspot walled-garden
add dst-host=connectivitycheck.android.com method=GET path=/generate_204
Anyhow at moment with android v5.0.2 I haven't had problems with hotspot login check. Also android that Samsung provides on their phones does not seem to disconnect when captive portal auto-detect login ain't used.
the zoom is working fine on webfig but not on user-manager.*) user-manager - fixed zoom for user-manager homepage when mobile devices used
you must use it like this:I know, but had previously been so used up, so relatively simple, sometimes there are several scripts to be called to the same. It is not after 6.29.1 can not be so used.Like I said, you are not using it correctly.
1) your start time is "startup". this is not correct
2) remove "Execute" from scheduler, you don't need it
This is how you need to set it up:
:execute "script-name"
What problem?after upgrade to 6.30.2 ipsec problem has not been fixed!!
its very critical issue!
in version 6.29 parameter 'username' not used. Used parameter 'name' . So we must to rewrite all scripts to change 'name' to 'username'What's new in 6.30.2 (2015-Jul-22 11:17):
*) user-manager - fixed username was not shown in /tool user-manager user
yes, name was always only an alias for username, which was the normal field to use. We removed the alias, leaving only username, because it is more clear.in version 6.29 parameter 'username' not used. Used parameter 'name' . So we must to rewrite all scripts to change 'name' to 'username'What's new in 6.30.2 (2015-Jul-22 11:17):
*) user-manager - fixed username was not shown in /tool user-manager user
Update:I noticed that sometimes logs get messed up.
I don't know on which version this started, but in general the log window keeps doing stuff when nothing is happening (it seems that it refreshes itself at random times messing up the entries shown to the user).
The last 3 entries are repeated twice. I am not sure if Mikrotik has invented Time travel just yet?
I think most of us are using very comfortable update from WinBox (System -> Packages). But this time it is really enabling wireless package on all RouterBoards, also if the do not have any wireless interface.Don't use combined package and install individually selected packages only. Then you will not be surprised by this.
I am talking about automatic update (System -> Packages -> Check For Updates) - not about uploading any packages manually. System is updating installed packages only. But here in 6.30.2 (and maybe also previous) is a bug enabling wireless-fp when it was disabled before.You can use that "comfort" udate feature further, even if you install manually selected packages only instead the combined package. It is your choice, of course...
The main package (I think it is mandatory, isn't it?) + some extra packages (not all), see screenshot from one of the routers.And you were updating combined package or single packages installation?
I can not tell why it's being enable by default, but I can explain to you why it may be useful to enable it on devices without any wireless hardware at all. It is because even if you don't have any wireless hardware installed on the device itself, you can still use CAPsMAN (i.e. Controlled Access Point system Manager) on this device to centrally manage your other access point devices, if any. Feel free to disable the package if you don't need CAPsMAN.I have two questions, why did wireless-fp become enabled ?
The wireless-cm2 package implements CAPsMAN v2, as opposed to CAPsMAN v1 that wireless-fp implements.What is wireless-cm2, is that something I generally needed in my access points and wireless clients, does that trumph out wireless-fp ?
I can not tell why it's being enable by default, but I can explain to you why it may be useful to enable it on devices without any wireless hardware at all. It is because even if you don't have any wireless hardware installed on the device itself, you can still use CAPsMAN (i.e. Controlled Access Point system Manager) on this device to centrally manage your other access point devices, if any. Feel free to disable the package if you don't need CAPsMAN.I have two questions, why did wireless-fp become enabled ?
The wireless-cm2 package implements CAPsMAN v2, as opposed to CAPsMAN v1 that wireless-fp implements.What is wireless-cm2, is that something I generally needed in my access points and wireless clients, does that trumph out wireless-fp ?
Same here, downgraded to 6.29.1 same problem (on RB2011UiAS). Looks like a broadcast storm. Could you please open torch on bridge or on any of the ports in bridge? The traffic disappears on my router. Is it same with yours?Traffic on the bridge
It shows the same in all entries
After update my Mirkotik HAP light to 6.30.2 ping low: 21000After upgrade:Finally! Yes!
This is how things should progress!
In 6.30 (or 6.29) added additional info into netflow packet. If your billing use "poor" netflow packet parsing - you get error.traffic flow - not fixed in 6.30.2. Our company uses billing that takes into account the traffic protocol NetFlow. After the upgrade to 6.27 to 6.30.2 missing incoming traffic . Please fix it.
Then, from where the outbound traffic and pirng that are considered normal?In 6.30 (or 6.29) added additional info into netflow packet. If your billing use "poor" netflow packet parsing - you get error.traffic flow - not fixed in 6.30.2. Our company uses billing that takes into account the traffic protocol NetFlow. After the upgrade to 6.27 to 6.30.2 missing incoming traffic . Please fix it.
Confirmed, it happens to me too, tested on 6.24 through 6.30.2.Another bug:
Selecting multiple routing filters and trying to move them up or down, will only move one random rule of those selected instead of all of them.
At least 6.30 and 6.30.1 ROS have bug in netflow - wrong interface number.Then, from where the outbound traffic and pirng that are considered normal?In 6.30 (or 6.29) added additional info into netflow packet. If your billing use "poor" netflow packet parsing - you get error.traffic flow - not fixed in 6.30.2. Our company uses billing that takes into account the traffic protocol NetFlow. After the upgrade to 6.27 to 6.30.2 missing incoming traffic . Please fix it.
I'm sure, then i update to 6.31 RC12 , ping stay normal and then i'm downgrade to 6.27 ping cool.How about traceroute? You sure this from the hAP?
I just got the same problem today with two CCRs.Just upgraded 2 RB2011 from 6.29 to 6.30.2.
Both RBs have identical configuration (active/standby setup).
The standby RB2011 got upgraded ok, no issues so far.
The active RB2011 never came back online after the upgrade.
add action=mark-connection chain=prerouting
connection-bytes=500000-0 connection-rate=200k-100M new-connection-mark=HTTP_BIG protocol=tcp
You might try the "netinstall" approach.any suggestions are welcome.
thanks a lot! that did the trick. during upgrade process i noticed some repartitioning/reformating of the internal memory which all the other upgrade methods did not do.You might try the "netinstall" approach.any suggestions are welcome.
Dear MikroTik Support,
ip route pref-src is not working correctly since version 6.30 and later (6.29 and previous version is working fine )
Downgrade to Version 6.29. everything is working correctly.
support.rif and details was submitted by Ticket#2015071966000051 a week ago, but only auto reply from system.
Please follow up, i believe it is small bug and easy to be fixed.
Thank you !
I wonder if you managed to make a supout.rif before downgrading. There are so many of us complaining about bug here, and so little actually supplying Mikrotik engineers with enough information to reproduce and fix those bugs...I downgraded from 6.30.2 back to 6.25
+1I wonder if you managed to make a supout.rif before downgrading. There are so many of us complaining about bug here, and so little actually supplying Mikrotik engineers with enough information to reproduce and fix those bugs...I downgraded from 6.30.2 back to 6.25
Not by my own hands - I have just two "autosupout.rif" files (one about 8 hours before the issue and one after downgrade - about 14 hour after the issue), not sure if those will be any good to MikroTik support. If yes, no problem to provide them (everything is for the first time).+1I wonder if you managed to make a supout.rif before downgrading. There are so many of us complaining about bug here, and so little actually supplying Mikrotik engineers with enough information to reproduce and fix those bugs...I downgraded from 6.30.2 back to 6.25
This is a very important point. IF you can do a BEFORE and AFTER support file where possible. This can greatly aid engineers at Mikrotik and hopefully get to fix quicker.
If you see a problem and still have any kind of management access to your router- try making supout.rif immediately before reboot/downgrade/configuration reset/whatever. It may become an invaluable source of information, and you can always just delete it later if it proves to be unnecessary in the end.When it's the best time to generate the supout file anyway?
How can i disable 60+ firewall rules from terminal?
With "fasttrack dummy rule" I can't perform disable [find] because i can't disable dynamic rule.
disable [find dynamic=no]
Hi NormisWhat's new in 6.30.2 (2015-Jul-22 11:17):
*) pptp & l2tp - fixed problem where android client could not connect if
both dns names were not provided (was broken since v6.30);
*) lcd - fix crash (and 100% cpu usage) when interface gets removed from "stats-all" screen
*) tool fetch - fix incomplete ftp download
*) ipsec - fixed crash in when gcm encryption was used
*) certificate manager - fixed memory leak
*) traffic flow - fixed dynamic input/output interface reporting
*) user-manager - fixed username was not shown in /tool user-manager user
*) user-manager - fixed zoom for user-manager homepage when mobile devices used
*) winbox - restrict reversed ranges in dst-port under firewall
*) snmp - fix system scripts table
known issue:
*) Dynamic DNS servers can disappear when "allow-remote-requests" are not enabled
nah cool, found this bug tooWhat's new in 6.30.2 (2015-Jul-22 11:17):
*) pptp & l2tp - fixed problem where android client could not connect if
both dns names were not provided (was broken since v6.30);
Yesterday I got the same error on a L2TP/IPsec client. The compression is disabled in ppp profile.Disable all compression in the ppp profile.I just upgraded our company's CCR1036-8G from 6.3 to 6.30.2 and then upgraded the Firmware from 3.10 to 3.27.
Since upgrading our PPTP VPN connections are dropping randomly with an error "CCP lost compression got our of sync: disabling compression" then the next message is "terminating... - Encryption got out of sync"
Is there anything I can do to resolve this?
I see this was resolved in v6.30 release notes but we never had this error when we were on v6.3.
The compression is useless, and actually hurts performance. (feel free to read up on it to verify)
/ppp profile
set *FFFFFFFE idle-timeout=55s use-compression=no use-encryption=required
Traffic Flow worked until 6.29. It has been broken since. We are very anxious to see this remedied -- it's an important billing tool for us. Thanks.did it work in previous version?Tools - Traffic Monitor isn't working.
I have the exact same issue on 6.30.2 running on x86.Is this a new feature in 6.30.2?
/ip firewall connection remove [find]
action timed out - try again, if error continues contact MikroTik support and send a supout file (13)
chain=prerouting action=mark-connection new-connection-mark=web-video passthrough=yes protocol=tcp dst-port=80,443,8000,8080 connection-bytes=500000-0 connection-rate=60k-12M log=no log-prefix=""
/interface wireless channels
add band=5ghz-a/n frequency=5180 list=superchannel2 name=5180 width=20
add band=5ghz-a/n frequency=5190 list=superchannel2 name=5190 width=20
add band=5ghz-a/n frequency=5200 list=superchannel2 name=5200 width=20
add band=5ghz-a/n frequency=5210 list=superchannel2 name=5210 width=20
add band=5ghz-a/n frequency=5220 list=superchannel2 name=5220 width=20
add band=5ghz-a/n frequency=5230 list=superchannel2 name=5230 width=20
add band=5ghz-a/n frequency=5240 list=superchannel2 name=5240 width=20
add band=5ghz-a/n frequency=5250 list=superchannel2 name=5250 width=20
add band=5ghz-a/n frequency=5260 list=superchannel2 name=5260 width=20
add band=5ghz-a/n frequency=5270 list=superchannel2 name=5270 width=20
add band=5ghz-a/n frequency=5280 list=superchannel2 name=5280 width=20
add band=5ghz-a/n frequency=5290 list=superchannel2 name=5290 width=20
add band=5ghz-a/n frequency=5300 list=superchannel2 name=5300 width=20
add band=5ghz-a/n frequency=5310 list=superchannel2 name=5310 width=20
add band=5ghz-a/n frequency=5320 list=superchannel2 name=5320 width=20
add band=5ghz-a/n frequency=5330 list=superchannel2 name=5330 width=20
add band=5ghz-a/n frequency=5340 list=superchannel2 name=5340 width=20
add band=5ghz-a/n frequency=5350 list=superchannel2 name=5350 width=20
add band=5ghz-a/n frequency=5360 list=superchannel2 name=5360 width=20
add band=5ghz-a/n frequency=5370 list=superchannel2 name=5370 width=20
add band=5ghz-a/n frequency=5530 list=superchannel2 name=5530 width=20
add band=5ghz-a/n frequency=5540 list=superchannel2 name=5540 width=20
add band=5ghz-a/n frequency=5550 list=superchannel2 name=5550 width=20
add band=5ghz-a/n frequency=5560 list=superchannel2 name=5560 width=20
add band=5ghz-a/n frequency=5570 list=superchannel2 name=5570 width=20
add band=5ghz-a/n frequency=5580 list=superchannel2 name=5580 width=20
add band=5ghz-a/n frequency=5590 list=superchannel2 name=5590 width=20
add band=5ghz-a/n frequency=5600 list=superchannel2 name=5600 width=20
add band=5ghz-a/n frequency=5610 list=superchannel2 name=5610 width=20
add band=5ghz-a/n frequency=5620 list=superchannel2 name=5620 width=20
add band=5ghz-a/n frequency=5630 list=superchannel2 name=5630 width=20
add band=5ghz-a/n frequency=5640 list=superchannel2 name=5640 width=20
add band=5ghz-a/n frequency=5650 list=superchannel2 name=5650 width=20
add band=5ghz-a/n frequency=5660 list=superchannel2 name=5660 width=20
add band=5ghz-a/n frequency=5670 list=superchannel2 name=5670 width=20
add band=5ghz-a/n frequency=5680 list=superchannel2 name=5680 width=20
add band=5ghz-a/n frequency=5690 list=superchannel2 name=5690 width=20
add band=5ghz-a/n frequency=5700 list=superchannel2 name=5700 width=20
add band=5ghz-a/n frequency=5710 list=superchannel2 name=5710 width=20
add band=5ghz-a/n frequency=5720 list=superchannel2 name=5720 width=20
add band=5ghz-a/n frequency=5730 list=superchannel2 name=5730 width=20
add band=5ghz-a/n frequency=5740 list=superchannel2 name=5740 width=20
add band=5ghz-a/n frequency=5750 list=superchannel2 name=5750 width=20
add band=5ghz-a/n frequency=5760 list=superchannel2 name=5760 width=20
add band=5ghz-a/n frequency=5770 list=superchannel2 name=5770 width=20
add band=5ghz-a/n frequency=5780 list=superchannel2 name=5780 width=20
add band=5ghz-a/n frequency=5790 list=superchannel2 name=5790 width=20
add band=5ghz-a/n frequency=5800 list=superchannel2 name=5800 width=20
add band=5ghz-a/n frequency=5810 list=superchannel2 name=5810 width=20
add band=5ghz-a/n frequency=5820 list=superchannel2 name=5820 width=20
add band=5ghz-a/n frequency=5830 list=superchannel2 name=5830 width=20
add band=5ghz-a/n frequency=5840 list=superchannel2 name=5840 width=20
add band=5ghz-a/n frequency=5850 list=superchannel2 name=5850 width=20
add band=5ghz-a/n frequency=5860 list=superchannel2 name=5860 width=20
add band=5ghz-a/n frequency=5870 list=superchannel2 name=5870 width=20
y
So downgrade did not help - it happened again. When the cache size exceeded the maximum sice, router stopped to respond. We are now running on the 6.30.2 and the cache is growing again: 83% and still growing so I bet there will be another crash soon (we have a lot of traffic through IPsec tunnels nowdays).I had problems since upgrade from 6.25 to newest version (at last incident it was 6.30.2) on RB1100AHx2 - after few days, the router stopped to respond - still running, reacts to cable connect/disconnect but no response on ethernet ports.
Yesterday I was able to connect to connect using serial port and found everything running as expected, but just no response to network traffic. When attempted to ping local addresses or even 127.0.0.1 I got the error message "No buffer space available" - later I found that an issue with the same symptoms existed in the past and was already fixed (route cache overflow).
Interesting thing is, that we have two RB1100AHx2 routers with the same config (just few different IP addresses), but the second one is just backup with a little traffic and deactivated IPsec tunnels - that one works without any issue so far.
I downgraded from 6.30.2 back to 6.25 which (according to the old thread about this issue) was claimed to fix this issue. We'll see in about 4 days.
Hi, yes - I sent an e-mail with and got the ticket number #2015081766000633Kraken2k did you get a ticket number as a response? Normally you would just email support@mikrotik.com, the form is just a shortcut to the same. Sent it from your email and see if you get a ticket number.