Community discussions

MikroTik App
 
Sander
newbie
Posts: 30
Joined: Sat Aug 18, 2012 5:50 am
Location: Shanghai

Re: v6.15 released

Mon Jun 16, 2014 6:38 am

My path to make Routing Marks work.

6.14 -- work
6.14 to 6.15 -- NOT work
6.15 to 6.13 -- NOT work
6.13 to 6.14 -- NOT work
6.14 to 6.7 -- work
6.7 to 6.14 -- work

So weird :?
 
User avatar
Aveyer
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Thu Jun 24, 2010 11:17 pm

Re: v6.15 released

Mon Jun 16, 2014 8:00 am

I've no issues with routing marks here on 6.15 on RB750GL.
I upgraded from 6.12 to 6.15
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.15 released

Mon Jun 16, 2014 8:10 am

In my case routing marks start working after an additional reboot after upgrade 6.13->6.15.
This is of course a problem if that routing mark is needed to remotely reach the router and you can not request that reboot.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: v6.15 released

Mon Jun 16, 2014 11:18 am

With CAPSMAN all links with degradated performance about 20%. Disable - all goes normal.
please tell us more information on this problem. How are you measuring that and on what wireless links it happens?
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 510
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.15 released

Mon Jun 16, 2014 11:29 am

I noticed that with wireless-fp package enabled for NV2 the field TDMA Period size can be empty. But if it is empty what does this mean ? Is it the minimal value or is it automatic. Do you advise leaving it empty or leaving the older configuration with set value ?
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.15 released

Mon Jun 16, 2014 12:11 pm

Anybody with non-working routing marks, please give us remote access. Email support@mikrotik.com
 
angboontiong
Forum Guru
Forum Guru
Posts: 1136
Joined: Fri Jan 16, 2009 9:59 am

Re: v6.15 released

Mon Jun 16, 2014 12:40 pm

how is the CAPsMAN load balance setup in local forwarding mode ???
 
banneduser
just joined
Posts: 3
Joined: Tue Jun 10, 2014 4:31 pm

Re: v6.15 released

Mon Jun 16, 2014 1:57 pm

[/quote]

Netinstall is the only solution, in any case, you will have to drive to that location and do the Netinstall.[/quote]

Nice, 200km+ in one direction. It's a great bonus to a super upgrade. I've always wanted to do that.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: v6.15 released

Mon Jun 16, 2014 2:01 pm

I noticed that with wireless-fp package enabled for NV2 the field TDMA Period size can be empty. But if it is empty what does this mean ? Is it the minimal value or is it automatic. Do you advise leaving it empty or leaving the older configuration with set value ?
If you leave it empty the settings is auto. This is a new feature. You can try to check if it is working better compared with the static value.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Mon Jun 16, 2014 2:32 pm


>>>Netinstall is the only solution, in any case, you will have to drive to that location and do the Netinstall.

Nice, 200km+ in one direction. It's a great bonus to a super upgrade. I've always wanted to do that.
Why you complain about that? Only one fool upgade/update one device 200Km away without be on place with another device ready to replace...
And the device do not matter, can be also one competitor device or the most perfect on the world...
 
angboontiong
Forum Guru
Forum Guru
Posts: 1136
Joined: Fri Jan 16, 2009 9:59 am

Re: v6.15 released

Mon Jun 16, 2014 5:54 pm

I noticed that with wireless-fp package enabled for NV2 the field TDMA Period size can be empty. But if it is empty what does this mean ? Is it the minimal value or is it automatic. Do you advise leaving it empty or leaving the older configuration with set value ?
If you leave it empty the settings is auto. This is a new feature. You can try to check if it is working better compared with the static value.
Uldis,
you mean the nv2 is supported now?

and, what abut is the CAPs lost connection with CAPsMAN, will the CAPs still working?
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: v6.15 released

Mon Jun 16, 2014 5:59 pm

I noticed that with wireless-fp package enabled for NV2 the field TDMA Period size can be empty. But if it is empty what does this mean ? Is it the minimal value or is it automatic. Do you advise leaving it empty or leaving the older configuration with set value ?
If you leave it empty the settings is auto. This is a new feature. You can try to check if it is working better compared with the static value.
Uldis,
you mean the nv2 is supported now?

and, what abut is the CAPs lost connection with CAPsMAN, will the CAPs still working?
that is for the tdma-period-size setting with regular wireless interface when you are using the wireless-fp package.
Nv2 protocol isn't made for the CAPsMAN.

About the second feature - we are looking if we could make with the current implementation of the CAPsMAN protocol.
 
voxframe
Member Candidate
Member Candidate
Posts: 126
Joined: Thu Dec 16, 2010 2:51 pm

Re: v6.15 released

Mon Jun 16, 2014 9:38 pm

Could we perhaps have BETA stamped on this firmware again?

This is not the typical behavior or development path of "stable" firmware. At ALL.

Seriously, 15 revisions later, and we are not making any serious progress. One step forward, another step sideways and backwards.

I'm sick of being a beta tester, there is no reason to have STABLE marked on this firmware.
 
KillerOPS
Member Candidate
Member Candidate
Posts: 150
Joined: Sat Oct 31, 2009 9:27 pm

Re: v6.15 released

Mon Jun 16, 2014 9:46 pm

Possible bug in 6.14 - simple queues high cpu load.
rb1000 1333Mhz, one interface to border router, one interface to core router, and third interface used as management (low traffic). Ospf and ~550 simple queues.
Bandwidth 150-200mbit download, 50-100 upload.
week 20, 21, 22 - version 6.13 or lower.
week 23 - version 6.14
now upgraded to 6.15 and everything seems normal (cpu load back to 50-60-70%).
I thought you might find this useful.
You do not have the required permissions to view the files attached to this post.
 
wil
just joined
Posts: 10
Joined: Wed Jun 04, 2014 4:42 pm

Re: v6.15 released

Mon Jun 16, 2014 10:51 pm

I used in the ppp profile the incoming-filter options for handling the traffic from the inbound l2tp/ipsec connections. In 6.13 i had the problem that the dynamic firewall rule in the "ppp" chain would be marked as invalid. Any change in the "ip firewall filter" menu would fix the problem by removing the invalid flag. Even deactivating/activating any filter rule would do the trick.
Now with 6.15 this problem is resolved. I did not had time to test with 6.14, but I assume it might already be fixed there because they don't appear to be many changes in the current release.
Did anyone else experience the same issue? The only change that sounds a bit like the described issue is this one from 6.14:
*) pptp,l2tp,pppoe - fixed problem where some of the static bindings
become dynamic interfaces;
So was this fixed or should I keep an eye on this and I just got lucky with the current release?

PS: router model is 2011UAS-2HnD
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.15 released

Tue Jun 17, 2014 9:33 am

Could we perhaps have BETA stamped on this firmware again?

This is not the typical behavior or development path of "stable" firmware. At ALL.

Seriously, 15 revisions later, and we are not making any serious progress. One step forward, another step sideways and backwards.

I'm sick of being a beta tester, there is no reason to have STABLE marked on this firmware.
Please clarify what makes you say this? In this thread, no serious problems have been reported that are specific to v6.15.
Routing-mark issue has been seen on very few customers for a long time now, it is not specific to this release, and does not affect significant amount of customers. We do need remote access to these machines to fix it.
 
nkourtzis
Member Candidate
Member Candidate
Posts: 218
Joined: Tue Dec 11, 2012 12:56 am
Location: Greece

Re: v6.15 released

Tue Jun 17, 2014 11:09 am

I noticed that with wireless-fp package enabled for NV2 the field TDMA Period size can be empty. But if it is empty what does this mean ? Is it the minimal value or is it automatic. Do you advise leaving it empty or leaving the older configuration with set value ?
If you leave it empty the settings is auto. This is a new feature. You can try to check if it is working better compared with the static value.
I tried it. I suspect that in my case (a PtMP outdoor network with 5 clients at distances up to 2.5 km), it chooses an interval of 1ms, at the time that I've seen the best performance (a 1.4x increase in upload speeds) with an interval of 2ms.

Could you also make it possible to decrease the cell radius below 10 km? As I see it, 10 km is more towards the upper distance limit of PtMP networks.
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 510
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.15 released

Tue Jun 17, 2014 11:36 am

I tried it. I suspect that in my case (a PtMP outdoor network with 5 clients at distances up to 2.5 km), it chooses an interval of 1ms, at the time that I've seen the best performance (a 1.4x increase in upload speeds) with an interval of 2ms.

Could you also make it possible to decrease the cell radius below 10 km? As I see it, 10 km is more towards the upper distance limit of PtMP networks.
Maybe also a good idea to show the current period size in the registration info. The idea of allowing smaller cell radius is also good.
I am mostly doing PtP links and slowly moving away from nstreme for 1 reason only - stability of the link (i still prefer nstreme on high ccq links without disconnects). With the new auto option for tdma period size I get lower latency which is now almost as low as nstreme, but still not as low. The download speeds are very good, there is an increase, i can not give a percentage. The upload speeds are better on some links, but on some noisier links the auto option results in more unstable upload speed.
 
mietus
Member Candidate
Member Candidate
Posts: 122
Joined: Mon Jan 30, 2006 11:14 pm
Location: Poland

Re: v6.15 released

Tue Jun 17, 2014 12:18 pm

AT LAST logs for PPPoE clients activity are complete :)

11:14:32 pppoe,info PPPoE connection established from xx:xx:xx:xx:6E:D0
11:14:33 pppoe,ppp,error <055e>: user xxxxx authentication failed
11:15:37 pppoe,info PPPoE connection established from xx:xx:xx:xx:6E:D0
11:15:38 pppoe,ppp,error <055f>: user xxxxx authentication failed
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Tue Jun 17, 2014 2:01 pm

AT LAST logs for PPPoE clients activity are complete :)

11:14:32 pppoe,info PPPoE connection established from xx:xx:xx:xx:6E:D0
11:14:33 pppoe,ppp,error <055e>: user xxxxx authentication failed
11:15:37 pppoe,info PPPoE connection established from xx:xx:xx:xx:6E:D0
11:15:38 pppoe,ppp,error <055f>: user xxxxx authentication failed
Sorry, I do not understand what you try to say...

Can you explain, please?
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: v6.15 released

Tue Jun 17, 2014 2:18 pm

Could we perhaps have BETA stamped on this firmware again?

This is not the typical behavior or development path of "stable" firmware. At ALL.

Seriously, 15 revisions later, and we are not making any serious progress. One step forward, another step sideways and backwards.

I'm sick of being a beta tester, there is no reason to have STABLE marked on this firmware.
Please clarify what makes you say this? In this thread, no serious problems have been reported that are specific to v6.15.
Routing-mark issue has been seen on very few customers for a long time now, it is not specific to this release, and does not affect significant amount of customers. We do need remote access to these machines to fix it.
Routing marks were broken since RoS6.7 together with lt2p, we can grant access if we could agree a date and time, because we can not have production stopped for much more than 30-40 minutes in any routers.
 
User avatar
paoloaga
Member Candidate
Member Candidate
Posts: 227
Joined: Tue Mar 08, 2011 2:52 am
Location: Lugano - Switzerland
Contact:

Re: v6.15 released

Tue Jun 17, 2014 2:47 pm

With ROS6.15 I still see that some of our PPPoE customers/users are negotiating MPPE protocol despite it's disabled in the profile (eating up unnecessary resources). Should I open a ticket for this?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.15 released

Tue Jun 17, 2014 2:48 pm

Routing marks were broken since RoS6.7 together with lt2p, we can grant access if we could agree a date and time, because we can not have production stopped for much more than 30-40 minutes in any routers.
Send a backup file with enabled admin user to support and specify on which routerboard we can restore this backup.
 
ghi000
newbie
Posts: 30
Joined: Thu Jun 06, 2013 6:05 pm
Location: București, România
Contact:

Re: v6.15 released

Tue Jun 17, 2014 4:33 pm

v6.15 PPC platform can not negotiate IPSEC with MIPS devices, even if MIPS are v5.xx or v6.xx. Basically, v6 is still useless for 1100AHx2 if you need IPSec. ALmost same problem i had with CCR. Thank goodness i didn't bought it.
 
Arnold2222
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Thu Jan 24, 2013 7:48 pm

Re: v6.15 released

Tue Jun 17, 2014 8:49 pm

It seems that something changed regarding route marks and route handling in 6.14 (and 6.15) - at least on my RB1100AHx2.

- Routes using routing marks show as inactive (and don't work)
- All RIP routes appear as inactive (and don't work)

Reverting to 6.13 fixes all the issues.

For me that happen always since 6.9 - solution second reboot after upgrade then all routes are working fine. Idk from what it depend.
 
Basdno
Member Candidate
Member Candidate
Posts: 119
Joined: Wed Feb 17, 2010 10:11 pm

Re: v6.15 released

Tue Jun 17, 2014 9:05 pm

In my case routing marks start working after an additional reboot after upgrade 6.13->6.15.
This is of course a problem if that routing mark is needed to remotely reach the router and you can not request that reboot.

Maybe using "Watchdog" could help you to obtain an extra reboot for you?!
 
mt-guy
just joined
Posts: 8
Joined: Mon May 26, 2008 4:41 pm

Re: v6.15 released

Tue Jun 17, 2014 9:43 pm

v6.15 PPC platform can not negotiate IPSEC with MIPS devices, even if MIPS are v5.xx or v6.xx. Basically, v6 is still useless for 1100AHx2 if you need IPSec. ALmost same problem i had with CCR. Thank goodness i didn't bought it.
We also have problems with IPSEC-tunnels. The tunnels are not rekeying when the soft limit in phase2 is reached so the SPI:s will reach the hard limit. We have the problem on RB1100AHx2 and RB951Ui-2HnD and on 6.12 and 6.15, but not on 5.26.
 
visalink
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Thu Oct 03, 2013 1:42 am

Re: v6.15 released

Wed Jun 18, 2014 4:19 am

I noticed that with wireless-fp package enabled for NV2 the field TDMA Period size can be empty. But if it is empty what does this mean ? Is it the minimal value or is it automatic. Do you advise leaving it empty or leaving the older configuration with set value ?
If you leave it empty the settings is auto. This is a new feature. You can try to check if it is working better compared with the static value.
In automatic mode the link is disconnecting after used by a period.
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 510
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.15 released

Wed Jun 18, 2014 9:07 am

In automatic mode the link is disconnecting after used by a period.
I don't have disconnects when using auto.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Wed Jun 18, 2014 2:10 pm

INCOMPLETE FEATURE: IS IMPOSSIBLE TO READ BY SCRIPT OR BY WINBOX OR BY WEBFIG OR BY TELNET THE "AREA" WLAN FIELD
(I not try by API, API-SSL and SSH)

interface / wireless / wlan / advanced / area

Is possible to set this value (and match on connect-list area-prefix) but is impossible to read it by scan, snooper, log wireless debug, or by registraton table.
 
whoknew
Member Candidate
Member Candidate
Posts: 153
Joined: Wed Oct 13, 2010 8:51 pm

Re: v6.15 released

Wed Jun 18, 2014 4:28 pm

I can no longer setup an NTP client as unicast, did this feature get removed or moved to another area I am not seeing?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Wed Jun 18, 2014 4:48 pm

I can no longer setup an NTP client as unicast, did this feature get removed or moved to another area I am not seeing?
About what version you are talking?

This topic is about 6.15
 
visalink
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Thu Oct 03, 2013 1:42 am

Re: v6.15 released

Wed Jun 18, 2014 5:33 pm

In automatic mode the link is disconnecting after used by a period.
I don't have disconnects when using auto.
Sorry I expressed myself wrong.
Do not fall wireless connection. does not pass data for a short period.
 
dbodeenisudm
just joined
Posts: 23
Joined: Tue Jun 28, 2011 10:05 pm

Re: v6.15 released

Wed Jun 18, 2014 5:36 pm

pptp and l2tp tunnels broke for winboxing into mikrotik at 6.10 and is still broken. if you create pptp or l2tp tunnel and then winbox into mikrotik through the tunnel if fails right away or disconnects. We have been having to create eoip tunnels to get around it. please fix.
 
hedele
Member
Member
Posts: 338
Joined: Tue Feb 24, 2009 11:23 pm

Re: v6.15 released

Wed Jun 18, 2014 6:40 pm

I can confirm that issue - connecting to a Router with winbox through any kind of directly connected ppp interface (pppoe, pptp, l2tp) causes the winbox session to randomly disconnect. Tested on 6.13, 6.14 and 6.15. I'm not sure if using MPPE makes any difference, but I think not.
Last edited by hedele on Wed Jun 18, 2014 6:48 pm, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Wed Jun 18, 2014 6:44 pm

pptp and l2tp tunnels broke for winboxing into mikrotik at 6.10 and is still broken. if you create pptp or l2tp tunnel and then winbox into mikrotik through the tunnel if fails right away or disconnects. We have been having to create eoip tunnels to get around it. please fix.
I already have signaled that problem, also for pppoe connection, but from 6.14 now is working again...
 
heviejob
Member Candidate
Member Candidate
Posts: 171
Joined: Mon Nov 30, 2009 4:54 pm

Re: v6.15 released

Wed Jun 18, 2014 8:23 pm

RB1200 was going to 100% CPU as a result of a process "networking" and rebooting due to kernel crashing.
I rolled back to 6.12 and I can now breath.
 
User avatar
payday
Member Candidate
Member Candidate
Posts: 233
Joined: Thu Aug 16, 2012 11:05 pm

Re: v6.15 released

Thu Jun 19, 2014 12:51 am

I can no longer setup an NTP client as unicast, did this feature get removed or moved to another area I am not seeing?
Here:
What's new in 6.14 (2014-Jun-06 15:34):
*) sntp - 'mode' now is a read-only property, it is set to broadcast if no
server ip address is specified;
+
What's new in 6.15 (2014-Jun-09 15:26):
*) fixed problem where sntp server could not be specified in winbox & webfig;
Last edited by payday on Thu Jun 19, 2014 3:01 pm, edited 1 time in total.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.15 released

Thu Jun 19, 2014 7:58 am

I can no longer setup an NTP client as unicast, did this feature get removed or moved to another area I am not seeing?
Here:
What's new in 6.14 (2014-Jun-06 15:34):
*) sntp - 'mode' now is a read-only property, it is set to broadcast if no
server ip address is specified;
And setting of the unicast server IP was fixed in 6.15...
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2394
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.15 released

Thu Jun 19, 2014 9:14 am

In 6.15 is bug with wireless-fp package. When is this wireless-fp package uninstalled
http://forum.mikrotik.com/download/file ... w&id=17337

then after reboot is wireless package disabled
http://forum.mikrotik.com/download/file ... w&id=17338

Not possible enabling wireless package. Only solution - downgrade and then enable wireless
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Thu Jun 19, 2014 11:14 am

I not understand why some users are fixed to uninstall unused packages...
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2394
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.15 released

Thu Jun 19, 2014 11:38 am

I not understand why some users are fixed to uninstall unused packages...
This is only test on table. But when you make it on remote wireless client, then is client disconnect because package wireless is disabled
I think, it would be usefull warning in 6.15 changelog (something like "known issues"). This bug is known from 6.14
I don´t like UBNT, but they have a better changelog
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Thu Jun 19, 2014 11:46 am

You do not catch the point of my reply:

WHY make it on remote wireless client???

If you not use, simply leave it disabled OR update RouterOS only with package you want leave active.

I do not understand why install something for uninstall it, without simply leave it disabled if are included on main update packages...
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2394
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.15 released

Thu Jun 19, 2014 12:30 pm

I use enabled/disabled.
But a lot of people use uninstall/install :) I don´t know why. Maybe on older RB with small memory
 
Neilson
Member Candidate
Member Candidate
Posts: 174
Joined: Tue Nov 06, 2012 10:42 pm
Location: Auckland, New Zealand

Re: v6.15 released

Thu Jun 19, 2014 1:06 pm

With NV2 is there any chance to get a change made by Mikrotik to not only turn the Cell Radius down below 10Km but also to have the NV2 protocol not leave slots for new stations to join the network when in Bridge mode rather than AP mode.

I am yet to deploy the new Wireless-FP package live on customer circuits however we have been hitting against the walls of the latency introduced even on single PtP links.

If they have already done this in Wireless-FP I apologise however I didn't see it mentioned in any changelog.

Regards
Alexander
 
server8
Long time Member
Long time Member
Posts: 592
Joined: Fri Apr 22, 2011 1:27 pm

Re: v6.15 released

Thu Jun 19, 2014 6:17 pm

I tried to use AUTO in the tdma period size with 2 PtP link

- first case works perfectly
- second case the client disconnets the wireless and I lost connection on ethernet on the main AP and I need to redo the login, setting tdma period size to 2, it works.

Giuseppe
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: v6.15 released

Thu Jun 19, 2014 6:59 pm

I tried to use AUTO in the tdma period size with 2 PtP link

- first case works perfectly
- second case the client disconnets the wireless and I lost connection on ethernet on the main AP and I need to redo the login, setting tdma period size to 2, it works.

Giuseppe
on the second case, maybe you could make support output file when it happens and send it to support@mikrotik.com?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Thu Jun 19, 2014 8:37 pm

...to have the NV2 protocol not leave slots for new stations to join the network when in Bridge mode rather than AP mode...
Use the field "max station count", it exist from RouterOS "1"...
 
User avatar
dibatech
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Tue Apr 04, 2006 10:14 am

tdma-period auto

Thu Jun 19, 2014 8:42 pm

Also set tdma-period to auto via console.
61 Km link with nv2 and wds-birdge.

Lost connection with board (RB911G-5HPnD). I am still able to access site via redundant link though.
Board non responsive. Driving out to go and power cycle.
Board is no longer visible under /ip neighbors. Ethernet connected to affected router still reports a link.

What fun...

Update:
On site and unit is constantly rebooting....
Will attempt reset...

Remote side:
17:54:43 wireless,info D4:CA:6D:62:XX:XX@wlan1: failed to connect, on 5260000, synchronization timeout
17:55:34 wireless,info D4:CA:6D:62:XX:XX@wlan1: failed to connect, on 5260000, synchronization timeout
17:56:25 wireless,info D4:CA:6D:62:XX:CC@wlan1: failed to connect, on 5260000, medium-access timeout
17:57:16 wireless,info D4:CA:6D:62:XX:XX@wlan1: failed to connect, on 5260000, synchronization timeout
 
Neilson
Member Candidate
Member Candidate
Posts: 174
Joined: Tue Nov 06, 2012 10:42 pm
Location: Auckland, New Zealand

Re: v6.15 released

Fri Jun 20, 2014 9:50 am

...to have the NV2 protocol not leave slots for new stations to join the network when in Bridge mode rather than AP mode...
Use the field "max station count", it exist from RouterOS "1"...

Thank you for this.

Does this actually stop the NV2 protocol from providing slots for new station attachment?
 
server8
Long time Member
Long time Member
Posts: 592
Joined: Fri Apr 22, 2011 1:27 pm

Re: tdma-period auto

Fri Jun 20, 2014 9:53 am

Also set tdma-period to auto via console.
61 Km link with nv2 and wds-birdge.

Lost connection with board (RB911G-5HPnD). I am still able to access site via redundant link though.
Board non responsive. Driving out to go and power cycle.
Board is no longer visible under /ip neighbors. Ethernet connected to affected router still reports a link.

What fun...

Update:
On site and unit is constantly rebooting....
Will attempt reset...
Try to disconnet the client, put it in scan mode, you should able to have access to the routerboard
 
server8
Long time Member
Long time Member
Posts: 592
Joined: Fri Apr 22, 2011 1:27 pm

Re: v6.15 released

Fri Jun 20, 2014 10:04 am

I tried to use AUTO in the tdma period size with 2 PtP link

- first case works perfectly
- second case the client disconnets the wireless and I lost connection on ethernet on the main AP and I need to redo the login, setting tdma period size to 2, it works.

Giuseppe
on the second case, maybe you could make support output file when it happens and send it to support@mikrotik.com?
[Ticket#2014062066000221]

Issue: when I put tdma_period_size to auto client disconnetcs and I lost connection to the AP, to be able to have a durable access to AP I need to put the client in scan mode. The issue seems to be every time the client associates the connection to the AP via ethernet drops.
 
dominicbatty
Member Candidate
Member Candidate
Posts: 100
Joined: Wed Jul 07, 2010 12:26 pm

PPTP/L2TP/SSTP client problems between Mikrotik devices

Fri Jun 20, 2014 10:37 am

Is anyone seeing PPP issues between routerboard devices in 6.15.

I have an RB2011UAS-2HnD (6.15 firmware 3.16) (client) connecting to a RB2011UiAS (6.15 firmware 3.16) (server)

Making connections from the client router to the server router. PPTP clients - will not connect at all. SSTP and L2TP clients do connect but are dropped soon after due to "no response from peer" and while they are up they will not transmit any traffic.

However, the server router will accept other SSTP/PPTP/L2TP connections from non-Mikrotik devices and works fine with them, both in terms of stability and traffic. The client router can also make PPTP connections to non-Mikrotik PPTP servers and that also seems to work fine as well.

There just seems to be an issue between the Mikrotik devices?

**EDIT - this is not as first thought, see new post 23rd June 2014 in this topic.
Last edited by dominicbatty on Mon Jun 23, 2014 9:09 pm, edited 1 time in total.
 
leonset
Member Candidate
Member Candidate
Posts: 256
Joined: Wed Apr 01, 2009 9:09 pm

Re: v6.15 released

Fri Jun 20, 2014 2:51 pm

The nv2-tdma-period-size is recalculated at some time interval or by any kind of trigger?

Where can I check which period is currently being calculated by the "auto" function?
I noticed that with wireless-fp package enabled for NV2 the field TDMA Period size can be empty. But if it is empty what does this mean ? Is it the minimal value or is it automatic. Do you advise leaving it empty or leaving the older configuration with set value ?
If you leave it empty the settings is auto. This is a new feature. You can try to check if it is working better compared with the static value.
 
leonset
Member Candidate
Member Candidate
Posts: 256
Joined: Wed Apr 01, 2009 9:09 pm

Re: v6.15 released

Fri Jun 20, 2014 3:12 pm

Tested this too and this workaround worked for me with 433AH and 7115Hd: set wireless to enable and wireless-fp to disable, then reboot.

In fact, this sounds logical to me, because it's a user choice to enable/disable wireless package, whichever flavour it is. Mikrotik has no way to know if you want to disable "wireless-fp" to fully disable wireless interface or if you want to disable "wireless-fp" to enable "wireless" package...

In 6.15 is bug with wireless-fp package. When is this wireless-fp package uninstalled
http://forum.mikrotik.com/download/file ... w&id=17337

then after reboot is wireless package disabled
http://forum.mikrotik.com/download/file ... w&id=17338

Not possible enabling wireless package. Only solution - downgrade and then enable wireless
 
User avatar
koshak83
just joined
Posts: 19
Joined: Wed Feb 05, 2014 4:33 pm
Location: Russian Federation, NWFD, Saint-Petersburg Federal City

Re: v6.15 released

Fri Jun 20, 2014 8:51 pm

Hi! Were is SNTP server type broadcast/unicast selector? Now only broadcast. =/
Image
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Fri Jun 20, 2014 9:01 pm

Hi! Were is SNTP server type broadcast/unicast selector? Now only broadcast. =/
Image
it's automatic, simply put ntp servers.
 
User avatar
koshak83
just joined
Posts: 19
Joined: Wed Feb 05, 2014 4:33 pm
Location: Russian Federation, NWFD, Saint-Petersburg Federal City

Re: v6.15 released

Fri Jun 20, 2014 9:03 pm

I don't understand: before in 6.13 & 6.14 I could choose unicast and get frome entered gateway address local date and time... Now I can't enter anything. =(
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2394
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.15 released

Fri Jun 20, 2014 11:21 pm

Tested this too and this workaround worked for me with 433AH and 7115Hd: set wireless to enable and wireless-fp to disable, then reboot.
In fact, this sounds logical to me, because it's a user choice to enable/disable wireless package, whichever flavour it is. Mikrotik has no way to know if you want to disable "wireless-fp" to fully disable wireless interface or if you want to disable "wireless-fp" to enable "wireless" package...
In 6.15 is bug with wireless-fp package.
See this: http://forum.mikrotik.com/viewtopic.php ... 50#p432232
I'm talking about problem when is uninstalled wireless-fp. Then is not possible disable wireless-fp and enable wireless
 
wispwest
Member
Member
Posts: 479
Joined: Tue May 19, 2009 3:48 am

Re: v6.15 released

Fri Jun 20, 2014 11:28 pm

I'm not seeing this "NV2 Latency Improvement" at all. And when I go to the NV2 tab, you can't leave it empty, and when I put 0 in for TDMA size, it turns red as invalid. Latency on my 300/300 rate link with no traffic, is 4-7ms solid. Almost seems worse. Help???
 
dominicbatty
Member Candidate
Member Candidate
Posts: 100
Joined: Wed Jul 07, 2010 12:26 pm

Re: v6.15 released

Fri Jun 20, 2014 11:39 pm

For anyone with sntp client issues take a look at the release notice for the version.
 
User avatar
koshak83
just joined
Posts: 19
Joined: Wed Feb 05, 2014 4:33 pm
Location: Russian Federation, NWFD, Saint-Petersburg Federal City

Re: v6.15 released

Sat Jun 21, 2014 12:23 am

I was lucky that I did backup presets with 6.13
For anyone with sntp client issues take a look at the release notice for the version.
v6.15 ...fixed problem where sntp server could not be specified in winbox & webfig...
It's not fixed!!!
That is "wireless-ap" disabled packege? If i delete it, my wifi is down and router go to CPE. Only reinstall help back system to work.
And one more: when "multicast" packeg be in rOS by default?! A lot of people looking IPTV!!!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Sat Jun 21, 2014 12:41 am

I'm not seeing this "NV2 Latency Improvement" at all. And when I go to the NV2 tab, you can't leave it empty, and when I put 0 in for TDMA size, it turns red as invalid. Latency on my 300/300 rate link with no traffic, is 4-7ms solid. Almost seems worse. Help???
the arrow at the end of field....
 
wispwest
Member
Member
Posts: 479
Joined: Tue May 19, 2009 3:48 am

Re: v6.15 released

Sat Jun 21, 2014 12:54 am

Arrow at end of field???
You do not have the required permissions to view the files attached to this post.
 
User avatar
MoviNET08
just joined
Posts: 3
Joined: Sat Jul 07, 2012 6:26 am
Location: Buenos Aires-Argentina-

Re: v6.15 released

Sat Jun 21, 2014 1:50 am

Arrow at end of field???
You must install the wireless-fp package to have that functionality.

http://download2.mikrotik.com/routeros/ ... mipsbe.npk
 
User avatar
MoviNET08
just joined
Posts: 3
Joined: Sat Jul 07, 2012 6:26 am
Location: Buenos Aires-Argentina-

Re: v6.15 released

Sat Jun 21, 2014 1:56 am

Arrow at end of field???
You must install the wireless-fp package to have that functionality.

http://download2.mikrotik.com/routeros/ ... mipsbe.npk
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Sat Jun 21, 2014 2:22 am

have you activated wireless-fp package?
 
athlonxp78
just joined
Posts: 13
Joined: Wed Feb 10, 2010 4:17 am

Re: v6.15 released

Sat Jun 21, 2014 3:34 am

Kernel rebooted because of kernel failure

I´ll send supout.rif and autosupout.rif
You do not have the required permissions to view the files attached to this post.
 
wispwest
Member
Member
Posts: 479
Joined: Tue May 19, 2009 3:48 am

Re: v6.15 released

Sat Jun 21, 2014 4:35 am

have you activated wireless-fp package?

Got it. Latency is a nice 2ms now, but throughput tests were 230mb UDP and now don't peak above 1890 with 170-180 average. Guess there's always a trade off.
 
wrobli
just joined
Posts: 16
Joined: Fri Mar 21, 2014 8:39 pm

Re: v6.15 released

Sat Jun 21, 2014 7:56 am

I have problem with 3 rb532 when reboot rb is hang, don't boot up. Any solution?
Last edited by wrobli on Sat Jun 21, 2014 10:13 am, edited 1 time in total.
 
antareja
just joined
Posts: 5
Joined: Sun Oct 03, 2010 6:44 am

Re: v6.15 released

Sat Jun 21, 2014 9:17 am

Hi,

Looks like v6.15 has broke L2TP (without IPSEC) connection. I folow this guide. And I have to use SRCNAT between LAN. I cannot do routing only.

Any one has similar symptoms?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Sat Jun 21, 2014 11:03 am

I have problem with 3 rb532 when reboot rb is hang, don't boot up. Any solution?
use netinstall 6.15
 
wrobli
just joined
Posts: 16
Joined: Fri Mar 21, 2014 8:39 pm

Re: v6.15 released

Sat Jun 21, 2014 11:27 am

When power off rb start. bug in 6.15?
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.15 released

Sat Jun 21, 2014 12:02 pm

Hi,

Looks like v6.15 has broke L2TP (without IPSEC) connection. I folow this guide. And I have to use SRCNAT between LAN. I cannot do routing only.

Any one has similar symptoms?
Have you traced your network traffic on LANs and check for traffic passing or not (e.g. using wireshark or similar) ? Maybe the devices there don't accept traffic form networks outside their IP/netmask (and src-nat actually fixes this issue).
Src-nat is applied in the post-routing chain, so all traffic is already "on the outgoing interface" as a figure of speech.
 
yozz
just joined
Posts: 15
Joined: Fri Jan 31, 2014 11:51 pm

Re: v6.15 released

Sat Jun 21, 2014 12:22 pm

we have a big problems!!!
now i have 100Mb uplink. when i test a speednet test - i have a 20 Mb\s MAX from NAT. on RB2011 it is NOT GOOD!!!!!!!!!!! IT VERY BAD!!!!!!!!!!!!
ALL RULES in FIREWALL - OFF.

Image
and when a want to change a settings on port i have a problem:
Image
after 10M all values not working.
i was chaged queues...also not work....

i have a system:

Image
speed test and log from = /tool profile....
   Use command at the base level
[admin@socit-mikrotik] > tool profile 
NAME                    CPU        USAGE
ovpn                    all           0%
pptp                    all           0%
firewall-mgmt           all           0%
wireless                all        12.5%
ethernet                all           4%
console                 all           2%
ssh                     all           0%
dns                     all           0%
firewall                all        17.5%
networking              all           8%
winbox                  all           0%
logging                 all           0%
management              all         3.5%
routing                 all           0%
idle                    all        36.5%
profiling               all         0.5%
queuing                 all         7.5%
telnet                  all           0%
bridging                all           3%
unclassified            all           5%
-- [Q quit|D dump|C-z pause]
HOW I CAN FIX IT?????????????????????????????????????????????????????????????
Last edited by yozz on Sat Jun 21, 2014 12:40 pm, edited 1 time in total.
 
yozz
just joined
Posts: 15
Joined: Fri Jan 31, 2014 11:51 pm

Re: v6.15 released

Sat Jun 21, 2014 12:35 pm

STILL EXIST ON 6.15
http://forum.mikrotik.com/viewtopic.php ... 88#p416454
BUG SIGNALED FROM 6.10 AND STILL NOT FIXED???

Opened another ticket for that: [Ticket#2014041566000226] 6.12 UNFIXED BUG: user-manager profile limitation
I wait again the fix on 6.16... I'm waiting the fix from 6.10...
=)) when i read forum always i found ) you messages.... )))))) hello people!
 
yozz
just joined
Posts: 15
Joined: Fri Jan 31, 2014 11:51 pm

Re: v6.15 released

Sat Jun 21, 2014 12:37 pm

When power off rb start. bug in 6.15?
netwatch ints not bug!!! use watchDOG...or maby need start netwatch services after fullboot rooter???
 
Sander
newbie
Posts: 30
Joined: Sat Aug 18, 2012 5:50 am
Location: Shanghai

Re: v6.15 released

Sat Jun 21, 2014 12:43 pm

IPv6 BGP bug
063.png
BGP added a wrong route to route table. OSPF is correct. BGP peer with IPv4 address.
You do not have the required permissions to view the files attached to this post.
 
blingblouw
Member
Member
Posts: 345
Joined: Wed Aug 25, 2010 9:43 am

Re: v6.15 released

Sat Jun 21, 2014 3:23 pm

I'm having an issues with 6.15.

One of my wireless clients on a PtMP link is not working.

The client is up on the registration table but traffic to the client just stops. If I ping it, there is no response, then I remove the client from the registration table and it re-associates then traffic starts to flow again. Is it possible to fix this?

edit:

Using nv2 and latest wireless-fp package
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Sat Jun 21, 2014 5:15 pm

I'm having an issues with 6.15.

One of my wireless clients on a PtMP link is not working.

The client is up on the registration table but traffic to the client just stops. If I ping it, there is no response, then I remove the client from the registration table and it re-associates then traffic starts to flow again. Is it possible to fix this?

edit:

Using nv2 and latest wireless-fp package
On both ends?
 
blingblouw
Member
Member
Posts: 345
Joined: Wed Aug 25, 2010 9:43 am

Re: v6.15 released

Sat Jun 21, 2014 5:30 pm

I'm having an issues with 6.15.

One of my wireless clients on a PtMP link is not working.

The client is up on the registration table but traffic to the client just stops. If I ping it, there is no response, then I remove the client from the registration table and it re-associates then traffic starts to flow again. Is it possible to fix this?

edit:

Using nv2 and latest wireless-fp package
On both ends?

Yes, i get "host unreachable" but the client is sitting there in the registration table
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: v6.15 released

Sat Jun 21, 2014 5:36 pm

Hello Folks!

Upgraded many devices in our wireless infrastructure from RoS6.13 -> RoS6.15 on RB411, RB433, RB600, CCR1016 no problems so far all looks like before.

I did not change from wireless to wireless-fp package, we do not have any problems with wireless package in any way.
So that will wait till wireless-fp become mainstream wireless in future, or if someone at support strongly suggest us to change it.


Still we can not upgrade our L2TP vpn routers nor can we upgrade any of our routers using policy based routing since routing marks are broken and we are fully turned down by business to experiment more with them. So here we are stuck to RoS6.7.
They say it has to be dealt with in lab and root cause must be found and corrected before any upgrade can come up to the decition board again.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Sat Jun 21, 2014 6:13 pm

we have a big problems!!!
now i have 100Mb uplink. when i test a speednet test - i have a 20 Mb\s MAX from NAT. on RB2011 it is NOT GOOD!!!!!!!!!!! IT VERY BAD!!!!!!!!!!!!
ALL RULES in FIREWALL - OFF.

Image
and when a want to change a settings on port i have a problem:
[...]
after 10M all values not working.
i was chaged queues...also not work....
Have you call the speedtest hosting (SET 000) for ask how much bandwidth must be usable for make speed test?

Think if 10 users on the world want test on same server 100Mbps for each one...

The speed test over other isp are for dumb home users.
Call first the company involved on speed test for ask how much bandwidth they leave for speed testing...
 
blingblouw
Member
Member
Posts: 345
Joined: Wed Aug 25, 2010 9:43 am

Re: v6.15 released

Sat Jun 21, 2014 7:17 pm

I assume the problem I have is with the advanced settings being gone from winbox?

This is only one the sector, clients have all the correct settings (ROS6.15 wireless-fp enabled). I tried enabling normall wireless package and the same thing happens. Reset the wireless config but its still gone
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Sat Jun 21, 2014 7:31 pm

The advance settings show only related option to modulation and mode choiced on wireless menu....
 
wrobli
just joined
Posts: 16
Joined: Fri Mar 21, 2014 8:39 pm

Re: v6.15 released

Sat Jun 21, 2014 7:36 pm

When power off rb start. bug in 6.15?
netwatch ints not bug!!! use watchDOG...or maby need start netwatch services after fullboot rooter???
Hi.
I loged winbox to rb system reboot and rb not start i must power off and rb start normality. When hang eth off no connection.
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: v6.15 released

Sat Jun 21, 2014 11:53 pm

Hello Folks!

Did a series of tests with CRS today, sfp seems to be broken from RoS6.13 and up, immediate after installing RoS6.14 led goes out and sfp becomes unavailable. But not on all our CRS:es only about every second = 50% of them.

Rollback to RoS6.13 and system routerboard firmware 3.13 makes it work again.
 
yozz
just joined
Posts: 15
Joined: Fri Jan 31, 2014 11:51 pm

Re: v6.15 released

Sun Jun 22, 2014 6:11 am


Have you call the speedtest hosting (SET 000) for ask how much bandwidth must be usable for make speed test?

Think if 10 users on the world want test on same server 100Mbps for each one...

The speed test over other isp are for dumb home users.
Call first the company involved on speed test for ask how much bandwidth they leave for speed testing...

people! of corse ! i was first tested my speed... it is = 70 Mb\ sec.
somthing wrong.. or cpu 600 mhz is MAX speed for NAT is 20 MB\sec.
????

what is wrong? what is yor tests by NAT??
 
Sander
newbie
Posts: 30
Joined: Sat Aug 18, 2012 5:50 am
Location: Shanghai

Re: v6.15 released

Sun Jun 22, 2014 7:22 am

Problem of OSPFv3

Adjacency will not be established between two SSTP ends if two routers generate the same link-local address on interfaces. even through address is on unrelated interface. This example is fe80::14.
064.png
The workaround is to delete link-local address if it is on unrelated interface.

Suggest RouterOS to generate a more sophisticated link-local address. Or link-local address can be assigned by user.
You do not have the required permissions to view the files attached to this post.
 
User avatar
koshak83
just joined
Posts: 19
Joined: Wed Feb 05, 2014 4:33 pm
Location: Russian Federation, NWFD, Saint-Petersburg Federal City

Re: v6.15 released

Sun Jun 22, 2014 8:42 am


Have you call the speedtest hosting (SET 000) for ask how much bandwidth must be usable for make speed test?

Think if 10 users on the world want test on same server 100Mbps for each one...

The speed test over other isp are for dumb home users.
Call first the company involved on speed test for ask how much bandwidth they leave for speed testing...

people! of corse ! i was first tested my speed... it is = 70 Mb\ sec.
somthing wrong.. or cpu 600 mhz is MAX speed for NAT is 20 MB\sec.
????

what is wrong? what is yor tests by NAT??
Hmmm...
NAT + 64 rules, 100Mbit/s tariff rate. (Price 700 RUB month; 20,32 USD or 14.93 EUR)
I watched live speed in webfig at this time, it is the same as on the speedtest result +/- 2 Mbit/s.
CPU load 26-32% on 600 MHz.
What I doing wrong?! =)
Image
 
Rudios
Forum Veteran
Forum Veteran
Posts: 972
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: v6.15 released

Sun Jun 22, 2014 3:42 pm


Have you call the speedtest hosting (SET 000) for ask how much bandwidth must be usable for make speed test?

Think if 10 users on the world want test on same server 100Mbps for each one...

The speed test over other isp are for dumb home users.
Call first the company involved on speed test for ask how much bandwidth they leave for speed testing...

people! of corse ! i was first tested my speed... it is = 70 Mb\ sec.
somthing wrong.. or cpu 600 mhz is MAX speed for NAT is 20 MB\sec.
????

what is wrong? what is yor tests by NAT??
Hmmm...
NAT + 64 rules, 100Mbit/s tariff rate. (Price 700 RUB month; 20,32 USD or 14.93 EUR)
I watched live speed in webfig at this time, it is the same as on the speedtest result +/- 2 Mbit/s.
CPU load 26-32% on 600 MHz.
What I doing wrong?! =)
Image
What's your complaint?
You are almost at the max of your contract. Do you really want to see 100.0 Mbit up and down?
 
ibm
Member
Member
Posts: 306
Joined: Mon May 12, 2014 5:16 pm

Re: v6.15 released

Sun Jun 22, 2014 4:56 pm

I think there is a bug in my CCR1009 with ROS 6.15, I prefix that I've bought it now so I test only with 6.12 and 6.15 but the problem persists.
The situation is this:
-ether1 with subnet 192.168.88.1/24
-ether2 with subnet 10.1.0.1/24
If a connect 2PC or router on the 2 different subnet I can't access the other subnet and I can't also ping.
The conf is very simply and with my rb951 work good with all versione of ros inclused 6.15.

/ip address
add address=192.168.88.1/24 interface=ether1 network=192.168.88.0
add address=10.1.0.1/24 interface=ether2 network=10.1.0.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=ether5
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether5 src-address=\
192.168.88.0/24
 
User avatar
vcheche
just joined
Posts: 3
Joined: Mon Jul 16, 2012 8:10 pm

Re: v6.15 released

Sun Jun 22, 2014 5:19 pm

6.15/14 "bricked" my RB951G-2HnD. Several times.
I upgraded from 6.13 via Winbox Check & Upgrade.
After 1st reboot all ok.
Second reboot and all others router will either hang and not boot (left it for ~40 minutes), or boot after several retries but yield the "Invalid index: missing file" upon winbox connection. Also Webfig would not log in.
SSH worked, but noticed huge lag, CPU 100%, completely unusable.

Reinstalled via Netinstall, wiped config, first boot ok. Then all other reboots, same behavior as above.
Also, soft-reset configuration and reboot yields same behavior.

Downgraded to 6.14, same problems.
Downgraded back to 6.13, all ok until now, as far as I see.
I considered the bad NAND scenario...but now it doesn't seem like it.

Issue not encountered on RB751G-2HnD (upgrade from 6.3) and RB2011UAS-RM (upgrade from 6.6).
Last 2 are just being prepped to go live, so no problem here. :-)
The one with issues is my home router, so it gave me a few headaches. :-(

However, on all 3 routers 6.15 was lagish, even without the 100% CPU issue. Interfaces took forever to come up after reboot (~30-60 sec AFTER the boot finished buzzer signal) and so on. Not a very good first impression so far.

For stability and consistency I will look into rolling back to a version <=6.13 (6.7 is still a winner).
 
Shiro
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Sep 25, 2013 6:44 pm

Re: v6.15 released

Sun Jun 22, 2014 6:31 pm

Hi,

i have some trouble running my CCR1009 as SSTP client. On the server side, i have a Softether VPN Server, the connection is successfull and i can run stuff like iperf and ssh without any issues or disconnects, but if a use http or try some transfer with scp, the connection instant drops and reconnects from the Microtik side. This repeats until i stop the transfer.

Using Windows or Linux as SSTP Client with the same Server works fine.

Is SSTP broken in 6.15? i never used SSTP before on Microtik.
 
User avatar
koshak83
just joined
Posts: 19
Joined: Wed Feb 05, 2014 4:33 pm
Location: Russian Federation, NWFD, Saint-Petersburg Federal City

Re: v6.15 released

Sun Jun 22, 2014 11:04 pm

What's your complaint?
You are almost at the max of your contract. Do you really want to see 100.0 Mbit up and down?
What makes you think that I'm complaining? If i want see 100+ Mbit/s i connect to GPON from Rostelecom ISP. :-? I just showed that in fact everything works fine with NAT and 64 firewall rules to man, ho say "...something wrong.. or cpu 600 mhz is MAX speed for NAT is 20 MB\sec..." :D
Last edited by koshak83 on Sun Jun 22, 2014 11:13 pm, edited 1 time in total.
 
yozz
just joined
Posts: 15
Joined: Fri Jan 31, 2014 11:51 pm

Re: v6.15 released

Sun Jun 22, 2014 11:07 pm

What I doing wrong?! =)
Image
there is my settings......... maby anybody can say anithing? )

# jun/22/2014 23:52:50 by RouterOS 6.15
# software id = XRPPPPPPPPPPPPPPPPPHHH
#
/certificate
add common-name=xxxx country=RU days-valid=3650 key-usage=\
    digital-signature,key-encipherment,tls-server locality=SPB name=cert_1 \
    organization=xxxx state=LO subject-alt-name=email:xxxx@gmail.com \
    trusted=yes unit=xxxx
add common-name=xxxx country=RU days-valid=3650 locality=SPB name=cert_2 \
    organization=xxxx state=LO subject-alt-name=email:xxxx@gmail.com \
    trusted=yes unit=xxxx
/interface bridge
add l2mtu=1594 name=bridge-free-wifi
add admin-mac=4C:5E:0C:2XXXXXX auto-mac=no l2mtu=1594 name=bridge-local-lan
add l2mtu=1594 name=marina-net
/interface ethernet
set [ find default-name=ether1 ] comment=\
    "##########################      wan          #######################" \
    name=ether1-gateway
set [ find default-name=ether2 ] comment=\
    "---------------------     FREE BSD ---------------------" name=\
    ether2-freebsd
set [ find default-name=ether5 ] comment=\
    ------------------------cisco------------------------ name=ether5-cisco
set [ find default-name=ether6 ] comment="=================================   \
    \_ ATS   ==================================" name=ether6-ATS
set [ find default-name=ether7 ] comment="phone siemens" name=ether7-phone
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] comment="GUEST WIFI" name=ether9-guest-wifi
set [ find default-name=ether10 ] disabled=yes name=ether10-slave-local
set [ find default-name=sfp1 ] disabled=yes
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
    band=2ghz-b/g/n disabled=no distance=indoors frequency=2452 \
    hw-protection-mode=rts-cts l2mtu=2290 mode=ap-bridge multicast-helper=\
    full periodic-calibration=enabled ssid=Mikros tx-power=18 tx-power-mode=\
    all-rates-fixed
/ip neighbor discovery
set ether1-gateway comment=\
    "##########################      wan          #######################" \
    discover=no
set ether2-freebsd comment=\
    "---------------------     FREE BSD ---------------------" discover=no
set ether3 discover=no
set ether4 discover=no
set ether5-cisco comment=\
    ------------------------cisco------------------------
set ether6-ATS comment="=================================     ATS   ==========\
    ========================" discover=no
set ether7-phone comment="phone siemens" discover=no
set ether8 discover=no
set ether9-guest-wifi comment="GUEST WIFI" discover=no
set ether10-slave-local discover=no
set sfp1 discover=no
set bridge-free-wifi discover=no
set marina-net discover=no
/interface vlan
add comment="local lan" interface=ether5-cisco l2mtu=1594 name=vlan1 vlan-id=\
    44
add interface=ether5-cisco l2mtu=1594 name=vlan2-xxxx-net-server vlan-id=\
    2001
add interface=ether5-cisco l2mtu=1594 name=vlan3-2002-local-net vlan-id=2002
/ip neighbor discovery
set vlan1 comment="local lan" discover=no
set vlan2-xxxx-net-server discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed name=none supplicant-identity=""
/interface wireless
add disabled=no l2mtu=2290 mac-address=4EFFFFFF master-interface=\
    wlan1 name=wlan2 security-profile=none ssid=free-gorodok-net \
    wds-cost-range=0 wds-default-cost=0
/ip neighbor discovery
set wlan2 discover=no
/ip firewall layer7-protocol
add name=vk regexp=\
    "^.*(get|GET).+(vk.com|odnoklassniki.com|facebook.com|twitter.com).*\$"
/ip hotspot profile
add hotspot-address=192.168.11.1 login-by=http-chap,trial name=hsprof1 \
    trial-uptime=1h/27m
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des,aes-128-cbc pfs-group=none
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
add name=l2tp-pool ranges=192.168.254.2-192.168.254.62
add name=dhcp-ovpn ranges=5.5.5.10-5.5.5.100
add name=xxxx-net ranges=10.10.10.20-10.10.10.230
add name=hs-pool-16 ranges=192.168.11.12-192.168.11.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local-lan name=default
add address-pool=hs-pool-16 disabled=no interface=bridge-free-wifi name=\
    hotspot-free-wifi
add address-pool=dhcp-ovpn interface=vlan1 name=vpn-dhcp
add address-pool=xxxx-net disabled=no interface=marina-net name=\
    xxxx-net-serv-control
/ip hotspot
add address-pool=hs-pool-16 disabled=no interface=bridge-free-wifi name=\
    hotspot1 profile=hsprof1
/ip hotspot user profile
set [ find default=yes ] address-pool=hs-pool-16 idle-timeout=none \
    keepalive-timeout=2m mac-cookie-timeout=3d rate-limit=600k/1M \
    shared-users=unlimited
/port
set 0 name=serial0
set 1 baud-rate=9600 data-bits=8 flow-control=none name=usb2 parity=none \
    stop-bits=1
/ppp profile
add change-tcp-mss=yes local-address=192.168.254.1 name=l2tp remote-address=\
    l2tp-pool
add dns-server=8.8.8.8 local-address=5.5.5.1 name=ovpn-server remote-address=\
    dhcp-ovpn use-encryption=required
/queue type
add kind=pcq name=Inet-Download pcq-classifier=dst-address \
    pcq-dst-address6-mask=64 pcq-limit=300 pcq-rate=100M \
    pcq-src-address6-mask=64 pcq-total-limit=20000
add kind=pcq name=Inet-Upload pcq-classifier=src-address,dst-address \
    pcq-dst-address6-mask=64 pcq-limit=100 pcq-rate=100M \
    pcq-src-address6-mask=64 pcq-total-limit=70000
/queue tree
add name=DOWNLOAD parent=global queue=Inet-Download
add name=UPLOAD parent=global queue=Inet-Upload
add limit-at=2M max-limit=99M name=innnnn packet-mark=in-to-home-lan parent=\
    DOWNLOAD queue=Inet-Download
add limit-at=2M max-limit=99M name=uppppp packet-mark=out-home-lan parent=\
    UPLOAD queue=Inet-Upload
add limit-at=1M max-limit=5M name=radio packet-mark=radio parent=UPLOAD \
    priority=7 queue=Inet-Upload
add limit-at=1M max-limit=70M name=openvpn-in packet-mark=openvpn-in parent=\
    DOWNLOAD priority=6 queue=Inet-Download
add limit-at=1M max-limit=70M name=openvpn-out packet-mark=openvpn-out \
    parent=UPLOAD priority=6 queue=Inet-Upload
add limit-at=1M max-limit=10M name=torrentsin packet-mark=\
    torrentsin,torrentsinudp parent=DOWNLOAD priority=6 queue=Inet-Download
add limit-at=850k max-limit=5M name=rdp-prioritet packet-mark=rdp-traffic \
    parent=DOWNLOAD priority=7 queue=Inet-Download
add limit-at=10M max-limit=70M name=http-traffic packet-mark=http-traffic \
    parent=DOWNLOAD priority=2 queue=Inet-Download
/interface bridge port
add bridge=bridge-local-lan interface=ether2-freebsd
add bridge=bridge-local-lan disabled=yes interface=ether3
add bridge=bridge-local-lan disabled=yes interface=ether4
add bridge=bridge-local-lan interface=ether5-cisco
add bridge=bridge-local-lan interface=ether6-ATS
add bridge=bridge-local-lan disabled=yes interface=sfp1
add bridge=bridge-local-lan interface=wlan1
add bridge=bridge-free-wifi interface=ether9-guest-wifi
add bridge=bridge-local-lan disabled=yes interface=ether10-slave-local
add bridge=bridge-local-lan disabled=yes interface=ether8
add bridge=bridge-free-wifi interface=vlan1
add bridge=bridge-local-lan interface=ether7-phone
add bridge=marina-net interface=vlan2-xxxx-net-server
add bridge=bridge-local-lan interface=vlan3-2002-local-net
add bridge=bridge-free-wifi interface=wlan2
/interface l2tp-server server
set authentication=mschap2 default-profile=l2tp keepalive-timeout=15 max-mru=\
    1418 max-mtu=1418
/interface ovpn-server server
set auth=md5 certificate=cert_1 cipher=blowfish128,aes128,aes192,aes256 \
    default-profile=ovpn-server enabled=yes require-client-certificate=yes
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.1.1/24 interface=bridge-local-lan network=192.168.1.0
add address=10.10.10.11/24 interface=marina-net network=10.10.10.0
add address=192.168.11.1/24 comment="hotspot network" interface=\
    bridge-free-wifi network=192.168.11.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
    no interface=ether1-gateway
/ip dhcp-server lease
add address=10.10.10.10 client-id=1:0:ssssmac-address=\
    00:1B:1dd:30:C7 server=xxxx-net-serv-control
add address=192.168.1.135 client-id=1:f4:bsssssssc mac-address=\
    ddd01:08:BC server=default
/ip dhcp-server network
add address=5.5.5.0/24 gateway=5.5.5.1
add address=10.10.10.0/24 dns-server=10.10.10.11 gateway=10.10.10.11 \
    ntp-server=10.10.10.11
add address=192.168.1.0/24 comment="default configuration" dns-server=\
    192.168.1.1,8.8.8.8,10.0.0.50 gateway=192.168.1.1 netmask=24 ntp-server=\
    192.168.1.1
add address=192.168.11.0/24 comment="hotspot network" dns-server=192.168.11.1 \
    gateway=192.168.11.1
/ip dns
set allow-remote-requests=yes servers=192.168.11.1,7ccccc
/ip dns static
add address=192.168.1.1 name=z.lan
add address=192.168.88.1 name=tref.lan
add address=192.168.1.101 name=free.lan
add address=192.168.1.111 name=cisco.lan
add address=172.26.1.25 name=ds.lan
add address=172.26.1.1 name=m1.lan
add address=172.26.1.2 name=m2.lan
/ip firewall filter
add action=drop chain=forward dst-port=445 protocol=tcp src-address-list=\
    Worm-Infected-p445
add action=drop chain=forward dst-port=445 protocol=tcp src-address-list=\
    Worm-Infected-p445
add action=drop chain=virus comment="Blaster Worm" disabled=yes dst-port=\
    135-139 protocol=tcp
add action=drop chain=virus comment="Messenger Worm" disabled=yes dst-port=\
    135-139 protocol=udp
add action=drop chain=virus comment="Blaster Worm" dst-port=445 protocol=tcp
add action=drop chain=virus comment="Blaster Worm" dst-port=445 protocol=udp
add action=drop chain=virus comment=________ dst-port=593 protocol=tcp
add action=drop chain=virus comment=________ dst-port=1024-1030 protocol=tcp
add action=drop chain=virus comment=MyDoom dst-port=1080 protocol=tcp
add action=drop chain=virus comment=________ dst-port=1214 protocol=tcp
add action=drop chain=virus comment="ndm requester" dst-port=1363 protocol=\
    tcp
add action=drop chain=virus comment="ndm server" dst-port=1364 protocol=tcp
add action=drop chain=virus comment="screen cast" dst-port=1368 protocol=tcp
add action=drop chain=forward disabled=yes layer7-protocol=vk
add action=drop chain=virus comment=hromgrafx dst-port=1373 protocol=tcp
add action=drop chain=virus comment=cichlid dst-port=1377 protocol=tcp
add action=drop chain=virus comment=Worm dst-port=1433-1434 protocol=tcp
add action=drop chain=virus comment="Bagle Virus" dst-port=2745 protocol=tcp
add action=drop chain=virus comment=Dumaru.Y dst-port=2283 protocol=tcp
add action=drop chain=virus comment=Beagle dst-port=2535 protocol=tcp
add action=drop chain=virus comment=Beagle.C-K dst-port=2745 protocol=tcp
add action=drop chain=virus comment=MyDoom dst-port=3127-3128 protocol=tcp
add action=drop chain=virus comment="Backdoor OptixPro" dst-port=3410 \
    protocol=tcp
add action=drop chain=virus comment=Worm dst-port=4444 protocol=tcp
add action=drop chain=virus comment=Worm dst-port=4444 protocol=udp
add action=drop chain=virus comment=Sasser dst-port=5554 protocol=tcp
add action=drop chain=virus comment=Beagle.B dst-port=8866 protocol=tcp
add action=drop chain=virus comment=Dabber.A-B dst-port=9898 protocol=tcp
add action=drop chain=virus comment=Dumaru.Y dst-port=10000 protocol=tcp
add action=drop chain=virus comment=MyDoom.B dst-port=10080 protocol=tcp
add action=drop chain=virus comment=NetBus dst-port=12345 protocol=tcp
add action=drop chain=virus comment=Kuang2 dst-port=17300 protocol=tcp
add action=drop chain=virus comment=SubSeven dst-port=27374 protocol=tcp
add action=drop chain=virus comment="PhatBot, Agobot, Gaobot" dst-port=65506 \
    protocol=tcp
add action=jump chain=forward comment="jump to the virus chain" jump-target=\
    virus src-address=!192.168.1.101
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="Port scanners to list " \
    protocol=tcp psd=21,3s,3,1 src-address=!192.168.1.0/24
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
    protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \
    tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \
    tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\
    tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp \
    tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \
    tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="ping port scanners" src-address=\
    !192.168.1.0/24 src-address-list="port scanners"
add action=drop chain=input comment="ftp brute forcers" dst-port=21 protocol=\
    tcp src-address-list=ftp_blacklist
add chain=output content="530 Login incorrect" dst-limit=\
    1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=3h chain=output content="530 Login incorrect" \
    protocol=tcp
add action=drop chain=input comment="ssh brute forcers" disabled=yes \
    dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new disabled=yes \
    dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=10m chain=input connection-state=new disabled=yes \
    dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=10m chain=input connection-state=new disabled=yes \
    dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new disabled=yes \
    dst-port=22 protocol=tcp
add action=drop chain=forward comment="ssh brute downstream" disabled=yes \
    dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=drop chain=input dst-port=53 in-interface=ether1-gateway protocol=\
    udp
add action=drop chain=input dst-port=53 in-interface=ether1-gateway protocol=\
    udp src-mac-address=00:1E:58:D8:1A:21
add action=drop chain=input dst-port=53 in-interface=ether1-gateway protocol=\
    tcp
add action=drop chain=input comment=\
    "TO BLOCK PROXY ACCESS PORT 8080 / ATTACK on WAN INTERFACE" dst-port=8080 \
    in-interface=ether1-gateway protocol=tcp
add chain=input comment="L2TP VPN Server UDP 4500 (Nat-Traversal)" protocol=\
    udp src-port=4500
add chain=input comment="L2TP VPN Server UDP " protocol=udp src-port=1701
add chain=input comment="Allow IKE" dst-port=500 protocol=udp
add chain=input comment="Allow IPSec-esp" protocol=ipsec-esp
add chain=input comment="Allow UDP" protocol=udp
add chain=input dst-port=1194 protocol=tcp
add chain=output dst-port=1194 protocol=tcp
add chain=input dst-port=1194 protocol=udp
add chain=output dst-port=1194 protocol=udp
add chain=input protocol=ipsec-esp
add chain=input protocol=ipsec-ah
add chain=input disabled=yes dst-port=1194 protocol=tcp
add chain=output disabled=yes dst-port=1194 protocol=tcp
add chain=input disabled=yes dst-port=1194 protocol=udp
add chain=input comment="ipsec upd 500" dst-port=500 protocol=udp
add chain=output comment="ipsec upd 500" dst-port=500 protocol=udp
add chain=input comment="all    upd" protocol=udp
add action=drop chain=input disabled=yes dst-port=53 in-interface=\
    ether1-gateway protocol=tcp
add action=drop chain=input disabled=yes dst-port=53 in-interface=\
    ether1-gateway protocol=udp
add chain=input dst-port=1701 protocol=tcp
add chain=input comment=l2p dst-port=1701 protocol=udp
add chain=input dst-port=1194 protocol=udp
add chain=output dst-port=1701 protocol=tcp
add chain=input comment="VPN PPTP SERVER" dst-port=1723 protocol=tcp
add chain=input protocol=gre
add chain=input comment="default configuration" protocol=icmp
add chain=input dst-port=1194 protocol=tcp
add chain=input comment="default configuration" connection-state=related
add chain=input comment="default configuration" connection-state=established
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-gateway
add chain=forward comment="default configuration" connection-state=\
    established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
/ip firewall mangle
add action=mark-packet chain=output new-packet-mark=openvpn-out \
    out-interface=ether1-gateway protocol=tcp src-port=1194
add action=mark-packet chain=input dst-port=1194 in-interface=ether1-gateway \
    new-packet-mark=openvpn-in protocol=tcp
add action=mark-connection chain=forward in-interface=ether1-gateway \
    new-connection-mark=Incoming_Packets out-interface=bridge-local-lan
add action=mark-connection chain=forward in-interface=bridge-local-lan \
    new-connection-mark=Outgoing_Packets out-interface=ether1-gateway
add action=mark-packet chain=forward connection-mark=Incoming_Packets \
    dst-address=192.168.1.0/24 new-packet-mark=in-to-home-lan
add action=mark-packet chain=forward connection-mark=Outgoing_Packets \
    new-packet-mark=out-home-lan src-address=192.168.1.0/24
add action=mark-packet chain=forward connection-mark=Outgoing_Packets \
    new-packet-mark=radio protocol=tcp src-address=192.168.1.101 src-port=\
    8000
add action=mark-packet chain=forward connection-bytes=0-2000000 \
    connection-mark=Incoming_Packets new-packet-mark=http-traffic \
    passthrough=no protocol=tcp src-port=80
add action=mark-packet chain=prerouting new-packet-mark=rdp-traffic protocol=\
    tcp src-port=3389
add action=add-src-to-address-list address-list=Worm-Infected-p445 \
    address-list-timeout=1h chain=prerouting connection-state=new dst-port=\
    445 limit=5,10 protocol=tcp
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=netmap chain=dstnat dst-port=8000 in-interface=ether1-gateway \
    protocol=tcp to-addresses=192.168.1.101
add action=netmap chain=dstnat dst-port=60017 in-interface=ether1-gateway \
    protocol=tcp to-addresses=192.168.1.16
add action=netmap chain=dstnat dst-port=51413 in-interface=ether1-gateway \
    protocol=udp to-addresses=192.168.1.101
add action=redirect chain=dstnat disabled=yes dst-port=80 protocol=tcp \
    to-ports=8080
add action=netmap chain=dstnat dst-port=51413 in-interface=ether1-gateway \
    protocol=tcp to-addresses=192.168.1.101
add action=netmap chain=dstnat dst-port=4444 in-interface=ether1-gateway \
    protocol=tcp to-addresses=192.168.1.202
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    src-address=192.168.11.0/24
/ip hotspot ip-binding
add address=192.168.11.11 mac-address=44NNNN server=hotspot1
/ip hotspot user
add name=admin
/ip ipsec peer
add disabled=yes
add address=MMMMMMMM/32 dh-group=modp1536 disabled=yes enc-algorithm=\
    3des exchange-mode=main-l2tp my-id-user-fqdn=mikrotik-xxxx policy-group=\
    default
/ip ipsec policy
add disabled=yes dst-address=MMMMM/32 sa-dst-address=MMMMMM0.243 \
    sa-src-address=xxx.xx.xx.130 src-address=10.38.192.131/32 tunnel=yes
add action=none disabled=yes dst-address=10.253.98.1/32 sa-dst-address=\
    0.0.0.0 sa-src-address=0.0.0.0 src-address=192.168.1.1/32
/ip proxy
set cache-on-disk=yes
/ip route
add distance=1 dst-address=10.0.0.0/24 gateway=192.168.1.3
add distance=1 dst-address=72.16.4.0/24 gateway=5.5.5.10
add distance=1 dst-address=172.20.0.0/28 gateway=5.5.5.10
add distance=1 dst-address=172.26.1.0/24 gateway=5.5.5.11
add distance=1 dst-address=172.30.0.0/24 gateway=5.5.5.10
add distance=1 dst-address=192.168.88.0/24 gateway=5.5.5.10
/ip route rule
add action=unreachable dst-address=192.168.5.0/28 src-address=192.168.1.0/24
add action=unreachable dst-address=192.168.1.0/24 src-address=172.26.2.0/24
add action=unreachable dst-address=192.168.1.0/24 src-address=192.168.5.0/24
add action=unreachable disabled=yes dst-address=192.168.1.0/24 src-address=\
    192.168.11.0/24
add action=unreachable dst-address=10.0.0.0/24 src-address=192.168.11.0/24
add action=unreachable dst-address=172.20.0.0/28 src-address=192.168.11.0/24
add action=unreachable dst-address=72.16.4.0/24 src-address=192.168.11.0/24
add action=unreachable dst-address=172.26.1.0/24 src-address=192.168.11.0/24
add action=unreachable dst-address=172.30.0.0/24 src-address=192.168.11.0/24
add action=unreachable dst-address=192.168.88.0/24 src-address=\
    192.168.11.0/24
/ip service
set telnet address=192.168.1.0/24 disabled=yes
set ftp disabled=yes
set www address=192.168.1.0/24,192.168.88.0/24
set ssh address=192.168.1.0/24
set api address=192.168.1.0/24
set winbox address=192.168.1.0/24,172.26.1.0/24,192.168.88.0/24
set api-ssl address=192.168.1.0/24
/ip traffic-flow
set active-flow-timeout=1m enabled=yes
/ip traffic-flow target
add address=192.168.1.15:1234 version=5
add address=192.168.1.13:1234 version=5
add address=192.168.1.18:1234 version=5
add address=192.168.1.16:1234 version=5
add address=192.168.5.4:1234 version=5
add address=10.10.10.10:1235 version=5
/ip upnp interfaces
add interface=ether1-gateway type=external
add interface=bridge-local-lan type=internal
/lcd
set default-screen=stats-all
/lcd interface
set sfp1 disabled=yes interface=sfp1
set ether1-gateway interface=ether1-gateway
set ether2-freebsd interface=ether2-freebsd
set ether3 disabled=yes interface=ether3
set ether4 disabled=yes interface=ether4
set ether5-cisco disabled=yes interface=ether5-cisco
set ether6-ATS interface=ether6-ATS
set ether7-phone interface=ether7-phone
set ether8 disabled=yes interface=ether8
set ether9-guest-wifi disabled=yes interface=ether9-guest-wifi
set ether10-slave-local disabled=yes interface=ether10-slave-local
set wlan1 interface=wlan1
/ppp secret
add disabled=yes local-address=192.168.1.1 name=XXXXX profile=\
    default-encryption remote-address=192.168.1.201 routes=192.168.1.1
add disabled=yes local-address=xxx.xx.xx.130 name=vpn remote-address=\
    XXXXXXXXXX4
add disabled=yes name=client1 profile=l2tp service=l2tp
add disabled=yes name=XXXXX profile=l2tp service=l2tp
add name=19ph profile=ovpn-server remote-address=5.5.5.10 service=ovpn
add name=marina-baza profile=ovpn-server remote-address=5.5.5.11 service=ovpn
add local-address=192.168.1.1 name=esf profile=default-encryption \
    remote-address=192.168.1.3 service=pptp
add disabled=yes local-address=5.5.5.20 name=marina-baza-net profile=\
    ovpn-server remote-address=5.5.5.21 service=ovpn
/routing bgp network
add network=192.168.88.0/24 synchronize=no
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=xxxx-mikrotik
/system logging
add topics=e-mail
/system ntp client
set enabled=yes primary-ntp=89.109.251.21 secondary-ntp=89.109.251.24
/system ntp server
set broadcast=yes enabled=yes multicast=yes
/system scheduler
add interval=1d name=backup on-event="/system script run backup_to_email" \
    policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    start-date=may/31/2014 start-time=00:20:00
add interval=10m name=flushDNS on-event="/system script run flushcache" \
    policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    start-date=jun/17/2014 start-time=02:11:52
/system script
add name=backup_to_email policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    source="{\r\
    \n:log info \"Starting Backup Script...\";\r\
    \n:local sysname [/system identity get name];\r\
    \n:local sysver [/system package get system version];\r\
    \n:log info \"Flushing DNS cache...\";\r\
    \n/ip dns cache flush;\r\
    \n:delay 2;\r\
    \n:log info \"Deleting last Backups...\";\r\
    \n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name]\
    \_\\\r\
    \n\"\$sysname-backup-\"]]!=\"nil\") do={/file remove \$i}};\r\
    \n:delay 2;\r\
    \n:local smtpserv [:resolve \"cccrocc.ru\"];\r\
    \n:local Eaccount \"aaa@aaaaa.ru\";\r\
    \n:local pass \"aaaaaaa\";\r\
    \n:local backupfile (\"\$sysname-backup-\" . \\\r\
    \n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
    \nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".backup\
    \");\r\
    \n:log info \"Creating new Full Backup file...\";\r\
    \n/system backup save name=\$backupfile;\r\
    \n:delay 2;\r\
    \n:log info \"Sending Full Backup file via E-mail...\";\r\
    \n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \
    \\\r\
    \nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$backupfile\
    \_\\\r\
    \nsubject=(\"\$sysname Full Backup (\" . [/system clock get date] . \")\")\
    \_\\\r\
    \nbody=(\"\$sysname full Backup file see in attachment.\\nRouterOS version\
    : \\\r\
    \n\$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \" . \
    \\\r\
    \n[/system clock get date]);\r\
    \n:delay 5;\r\
    \n:local exportfile (\"\$sysname-backup-\" . \\\r\
    \n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
    \nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".rsc\");\
    \r\
    \n:log info \"Creating new Setup Script file...\";\r\
    \n/export verbose file=\$exportfile;\r\
    \n:delay 2;\r\
    \n:log info \"Sending Setup Script file via E-mail...\";\r\
    \n/tool e-mail send from=\"<\$Eaccount>\" to=\$Eaccount server=\$smtpserv \
    \\\r\
    \nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$exportfile\
    \_\\\r\
    \nsubject=(\"\$sysname Setup Script Backup (\" . [/system clock get date] \
    . \\\r\
    \n\")\") body=(\"\$sysname Setup Script file see in attachment.\\nRouterOS\
    \_\\\r\
    \nversion: \$sysver\\nTime and Date stamp: \" . [/system clock get time] .\
    \_\" \\\r\
    \n\" . [/system clock get date]);\r\
    \n:delay 5;\r\
    \n:log info \"All System Backups emailed successfully.\\nBackuping complet\
    ed.\";\r\
    \n}"
add name=flushcache policy=ftp,reboot,read,write,policy,test,winbox,password \
    source="/ip dns cache flush"
add name=tor-dc-NIGHT policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    source="/queue tree set [find name=torrents] limit-at=2M max-limit=20M;\r\
    \n/queue tree set [find name=mlnet] limit-at=2M max-limit=10M;"
add name=tor-dc-DAY policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    source="/queue tree set [find name=torrents] limit-at=200k max-limit=1M;\r\
    \n/queue tree set [find name=mlnet] limit-at=200k max-limit=1k;"
/system watchdog
set automatic-supout=no no-ping-delay=20m watchdog-timer=no
/tool e-mail
set last-status=succeeded
/tool graphing interface
add
/tool graphing resource
add
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-freebsd
add interface=ether3
add interface=ether4
add interface=ether5-cisco
add interface=ether6-ATS
add interface=ether7-phone
add interface=ether8
add interface=ether9-guest-wifi
add interface=sfp1
add interface=wlan1
add interface=bridge-local-lan
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-freebsd
add interface=ether3
add interface=ether4
add interface=ether5-cisco
add interface=ether6-ATS
add interface=ether7-phone
add interface=ether8
add interface=ether9-guest-wifi
add interface=sfp1
add interface=wlan1
add interface=bridge-local-lan
/tool netwatch
add down-script="/interface pptp-server remove <pptp-esf>" host=10.0.0.65 \
    interval=10m
/tool sms
set port=usb2
 
nxl
just joined
Posts: 20
Joined: Thu Jul 25, 2013 10:24 am

Re: v6.15 released

Sun Jun 22, 2014 11:31 pm

The newsletter is here! Many new features!

- System rebooted because of kernel failure
- System rebooted because of kernel failure
- System rebooted because of kernel failure
- System rebooted because of kernel failure
- System rebooted because of kernel failure
- System rebooted because of kernel failure

Warning to everybody who uses 6.15: DO NOT activate wireless-fp package unless you want you routers to random reboot 10 times a day!
And no, you cannot switch between wireless packages once you activate wireless-fp, you have to downgrade.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Mon Jun 23, 2014 1:16 am

The newsletter is here! Many new features!

- System rebooted because of kernel failure
- System rebooted because of kernel failure
- System rebooted because of kernel failure
- System rebooted because of kernel failure
- System rebooted because of kernel failure
- System rebooted because of kernel failure

Warning to everybody who uses 6.15: DO NOT activate wireless-fp package unless you want you routers to random reboot 10 times a day!
And no, you cannot switch between wireless packages once you activate wireless-fp, you have to downgrade.
This is YOUR problem, do not generalize.

I have upgraded more than 40 devices, all on production, no one have rebooted because kernel failure.
All with wireless-fp package active

Type of board upgraded from 6.14 to 6.15 inside also upgraded the bios [firmware] version.

x86,
RB411AH (with one or more mixed or not R52Hn and R52n-M)
RB433AH (with one or more mixed or not R52Hn and R52n-M)
RB1200
RB1100
RB1100AH
RB450G
RB532 (with one Ubiquity XR5, the oldest and the only mipsle device on my network)
2011UiAS-2HnD
SXT 5HPnD
RB711-5Hn-MMCX
RB Metal 2SHPn
RB Metal 5SHPn
RB493AH
RB493G
RB SXT 5HPnD
RB SXT 5nD r2
RB911G-5HPnD (new Sextant G)
RB750UP
RB750GL
RB OmniTIK U-5HnD
RB951G-2HnD

What hardware you use?
What method have used for installation?
You not provide one single detail.
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Posts: 286
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

Re: v6.15 released

Mon Jun 23, 2014 4:37 am

I can confirm that an issue exists with the wireless-fp package when you set the TDMA Period Size to Auto. We have a 433AH rebooting at the moment (which was previously stable under 6.15 without TDMA Period Size = Auto.

We're still trying to get access to the router to get further information for Mikrotik support.

That said, we have other places in the network which run Wireless-FP with TDMA size = Auto - RB433GL's so it may be upgrade or configuration related.

Once we figure it / something out we'll update this post
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Posts: 286
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

Re: v6.15 released

Mon Jun 23, 2014 5:34 am

Okay - we had to system-reset the board in order to regain access to it with the FastPath package enabled. System reset with no defaults; only the one radio configured (extremely basic config on the wireless) - stable until we enable TDMA = Auto.

This is an RB433AH with R52nM. 5Ghz 10mhz wide channel; no WDS and NV2. Again, stable right up until we change TDMA = Auto.

Will submit supouts to Mikrotik and hopefully they can see something (perhaps its the small channel width?)
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Posts: 286
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

Re: v6.15 released

Mon Jun 23, 2014 6:05 am

Alrighty, detailed explanation and supouts are with MT :) Ticket#2014062366000154
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.15 released

Mon Jun 23, 2014 7:58 am

Have those of you with fp package not working all disabled the ipv6 package as written in the release notes?
Also I found out that bridgeing the wifi interface using stp with interface bridging enabled will not work (since 6.12 it seems).
Switching the bridge to use rstp made it work.
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Posts: 286
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

Re: v6.15 released

Mon Jun 23, 2014 8:14 am

Ho hum. IPv6 is enabled on all the routers i've upgraded to 6.15 & have Wireless-FP enabled on.

Only the one crashes. I may have to set up a lab test - testing on a live site is a bit of a pain :)
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.15 released

Mon Jun 23, 2014 8:23 am

The ipv6 interaction should affect only CAP/CAPSman in fp-wireless. But who knows...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Mon Jun 23, 2014 10:31 am

I forget to specify, on all my upgraded device I use auto tdma and rstp on bridge
 
nxl
just joined
Posts: 20
Joined: Thu Jul 25, 2013 10:24 am

Re: v6.15 released

Mon Jun 23, 2014 11:07 am

I upgraded about 12 links, 5 of them crashed on one side or the other multiple times within 48 hours.
1 affected link between SXTs, 40 Mhz (kernel failures only on the station-bridge side, so maybe TDMA Auto isn't relevant here?)
1 link between SXT r2
1 link between rb433s, 20 Mhz channel
2 link between rb433 and a 433AH, 40 Mhz channel

ipv6 disabled on all of my equipments.
TDMA Period Size was Auto, now set to 2 ms, but I kept only 2 affected links on 6.15, we'll see.

It is clear to me that with so many problems there wasn't enough testing before releasing the newsletter to customers. :(
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Posts: 286
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

Re: v6.15 released

Mon Jun 23, 2014 11:32 am

Well you should fire supouts to Mikrotik so they can fix it quickly :)
 
nxl
just joined
Posts: 20
Joined: Thu Jul 25, 2013 10:24 am

Re: v6.15 released

Mon Jun 23, 2014 1:39 pm

Already did that :).
Except this issue, I was very pleased with the update.
Is it just me or they seem to also have fixed the problem when nv2 packets passing through gigabit and then fastethernet were heavily slowed down?
 
dominicbatty
Member Candidate
Member Candidate
Posts: 100
Joined: Wed Jul 07, 2010 12:26 pm

Re: v6.15 released

Mon Jun 23, 2014 9:43 pm

Hi everyone, just a quick heads up with some issues I have been having on 6.15. I am not sure it is specifically 6.15 related but it is down to some configuration changes I have made whilst on 6.15.

We have always used a single IP per interface but have recently started using a single WAN IP and an additional block that is passed between our public facing interfaces as lines failover to each other so our public IP block is always accessible.

Our configuration is such that the lower IP assigned to the interface is the WAN address and the higher IP being the address block on which we wish to receive traffic.

111.111.111.111/32 - WAN
222.222.222.222/32 - Additional Block

If a windows PC makes either an SSTP or PPTP connection to the router ...
Connections to either interface work fine and are both very stable and route traffic.

If a Mikrotik router is used as the client for any of the following; L2TP/SSTP/PPTP
Connections to the 111.111.111.111/32 - links are all stable and work as expected
Connections to the 222.222.222.222/32 - all the interfaces come up but are highly unstable and do not route any traffic.

I'm going to log this via support. I don't believe this is in relation to a previous known issue reported where the WAN interface used to reply to incoming connections is the wrong address. In my case all returning traffic to the client does appear to originate from the correct address.
 
User avatar
resnik
newbie
Posts: 27
Joined: Wed Mar 31, 2010 5:25 pm
Location: Europe

Re: v6.15 released

Mon Jun 23, 2014 10:36 pm

One bug I found with new Cloud feature, even if you untick "Enable", your router will still be accessible from that reported DNS.
 
dominicbatty
Member Candidate
Member Candidate
Posts: 100
Joined: Wed Jul 07, 2010 12:26 pm

Re: v6.15 released

Mon Jun 23, 2014 10:39 pm

Won't that only be until the DNS entry expires?
 
User avatar
resnik
newbie
Posts: 27
Joined: Wed Mar 31, 2010 5:25 pm
Location: Europe

Re: v6.15 released

Mon Jun 23, 2014 10:50 pm

Won't that only be until the DNS entry expires?
unless I missed something, more then 48h passed.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Mon Jun 23, 2014 10:51 pm

Actually the association are permanent.
Is changed only when IP change, and there is no way to remove the DNS entry
and timeout not exist.
 
dominicbatty
Member Candidate
Member Candidate
Posts: 100
Joined: Wed Jul 07, 2010 12:26 pm

Re: v6.15 released

Mon Jun 23, 2014 10:56 pm

it would be better if within RouterOS you could control the DNS enablement and also the TTL directly on a per device basis.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Mon Jun 23, 2014 10:57 pm

it would be better if within RouterOS you could control the DNS enablement and also the TTL directly on a per device basis.
right
 
Michel
just joined
Posts: 23
Joined: Mon Aug 16, 2010 12:50 pm

Re: v6.15 released

Tue Jun 24, 2014 8:54 am

Hello,

can you please fix the timestamps for the User Manager please ? I am on timezone GMT+2 and the logs for the Sessions and User Sessions are missing +2 hours.

user-manager-6.15-mipsbe.npk

Kind Regards
 
Michel
just joined
Posts: 23
Joined: Mon Aug 16, 2010 12:50 pm

Re: v6.15 released

Tue Jun 24, 2014 11:31 am

My path to make Routing Marks work.

6.14 -- work
6.14 to 6.15 -- NOT work
6.15 to 6.13 -- NOT work
6.13 to 6.14 -- NOT work
6.14 to 6.7 -- work
6.7 to 6.14 -- work

So weird :?
I just noticed that my Multi WAN Routing Marks no longer working.

I update from 6.14 to 6.15 and now back to 6.14 but still not working.


RB493AH
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Tue Jun 24, 2014 12:25 pm

Hello,

can you please fix the timestamps for the User Manager please ? I am on timezone GMT+2 and the logs for the Sessions and User Sessions are missing +2 hours.

user-manager-6.15-mipsbe.npk

Kind Regards
It's not a bug, it's your config.

You must configure time-zone in user-manager.

Paste this on your user-manager:
/tool user-manager customer
set [find] time-zone=+02:00
 
Michel
just joined
Posts: 23
Joined: Mon Aug 16, 2010 12:50 pm

Re: v6.15 released

Tue Jun 24, 2014 1:24 pm

Thank you, that fixed the time problem.

http://wiki.mikrotik.com/wiki/User_Mana ... nd_credits

I saw this hint for the Customers section but this field does not exist for the Users, so I did not think more about it and thought the time comes from the Router setting :(
 
cybernetcy
just joined
Posts: 15
Joined: Tue Jun 24, 2014 12:29 pm

Re: v6.15 released

Tue Jun 24, 2014 1:56 pm

i upgrade rb2011LS from 6.13 to 6.15 and its start to lock everytime. when i downgrade the to 6.13 again its start to work normaly.
 
2400baud
newbie
Posts: 29
Joined: Tue Nov 15, 2011 1:04 am

Re: v6.15 released

Tue Jun 24, 2014 3:18 pm

What's new in 6.15 (2014-Jun-12 12:25):

*) fixed upgrade from v5 - on first boot all the optional packages were disabled;
*) fixed problem where sntp server could not be specified in winbox & webfig;
*) metarouter - make openwrt work on ppc metarouter again;
Are these the only 3 fixes, or is this changelog just the highlights?

I'm seeing problems with DLNA on a PS3 after upgrading from 6.14 to 6.15, both with wireless and wireless-fp.
 
rafaeltdk
just joined
Posts: 17
Joined: Fri Feb 15, 2013 3:52 pm

Re: v6.15 released

Tue Jun 24, 2014 4:52 pm

need help support MK, because AS does not work with 6 digits? version 5.26 and 6.14
You do not have the required permissions to view the files attached to this post.
 
User avatar
donjames
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Fri Mar 14, 2008 7:07 pm
Location: Henderson, Texas
Contact:

Re: v6.15 released

Wed Jun 25, 2014 12:40 am

My USGlobalSat Bu-353 receiver quit working when I upgraded my RB751 to RouterOS 6.15. Is there a fix for this?

I found the solution. Here is the script that I was using:
# name initializegps
/system gps set enabled=no
:delay 15;
/port set 0 baud-rate=4800 parity=odd
:delay 15;
/port set 0 baud-rate=4800 parity=odd
/system gps set enabled=yes  set-system-time=no

Here is the script that works:
# name initializegps
/system gps set enabled=no
:delay 15;
/port set 0 baud-rate=4800 parity=odd
:delay 15;
/port set 0 baud-rate=4800 parity=odd
/system gps set enabled=yes port=usb set-system-time=no

I hope that this helps.

Thanks,

donjames
Last edited by donjames on Fri Jun 27, 2014 6:39 pm, edited 1 time in total.
 
ATROX
newbie
Posts: 45
Joined: Mon Oct 14, 2013 2:10 pm

Re: v6.15 released

Wed Jun 25, 2014 8:47 am

BUG was found. IPsec works not stable
There are several tunnels IPsec. Regardless of time and without changing any settings tunnels stop working.
In the settings you can see that the key exchange in one direction occurs, but the traffic flow is not (IP->IPsec->Installed SAs->some key->Current Bytes=0).
After several reboots tunnel restored. After spending some time again stops working.
Fix please!
Remote office work impossible. Business idle incur losses

RouterOS - v6.15/6.14
HW - CCR1036-12G-4S, RB2011UiAS, RB951G-2HnD, RB2011UiAS-2HnD
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.15 released

Wed Jun 25, 2014 8:49 am

I saw the same between 6.13 and 6.15.
 
ATROX
newbie
Posts: 45
Joined: Mon Oct 14, 2013 2:10 pm

Re: v6.15 released

Wed Jun 25, 2014 8:57 am

I saw the same between 6.13 and 6.15.
I updated every 6.15.
6.15 between the same problem.
 
xootraoox
just joined
Posts: 19
Joined: Fri Jan 31, 2014 5:24 am

Re: v6.15 released

Wed Jun 25, 2014 10:10 am

Brief description of 6.15:
- Fail
- Fail
- Fail

6.13 the CPU load is high but aceptable, but on 6.15 any action eat (in many cases all) CPU (at least mipsbe), and "Reboot without propper shutdown" logs is habitual... Crash, Crash, Crash, Crash.
 
dominicbatty
Member Candidate
Member Candidate
Posts: 100
Joined: Wed Jul 07, 2010 12:26 pm

Re: v6.15 released

Wed Jun 25, 2014 12:15 pm

you should log that query with Mikrotik support, with that amount of incredible detail I'm sure you'll get an answer in no time ... ;-)
 
onnoossendrijver
Member
Member
Posts: 486
Joined: Mon Jul 14, 2008 11:10 am
Location: The Netherlands

Re: v6.15 released

Wed Jun 25, 2014 12:18 pm

:P
We have absolutely no problems with 6.15 on our 'neighbor-network' with 8 Mikrotik's.
Running OSPF, OSPFv3, DHCP, VPLS/LDP, Queues, VLANs, NAT, DHCP, NV2, 80211 wireless, etcetera..
 
Neilson
Member Candidate
Member Candidate
Posts: 174
Joined: Tue Nov 06, 2012 10:42 pm
Location: Auckland, New Zealand

Re: v6.15 released

Wed Jun 25, 2014 1:04 pm

need help support MK, because AS does not work with 6 digits? version 5.26 and 6.14
I understand that per RFC1997 that the community field is a 32 bit field, at the time with two byte AS numbers it was commonly used as 16 bits for the AS (before the colon) and 16 bits after for the community string.

In the case here if you want to use communities with larger AS numbers you may need to use 23456:XXX style for your community string. As the first number doesn't actually have to be an AS number you can of course put anything you want but 23456 is used in 2 byte only AS systems to refer to 4 byte AS's

There is an RFC for extended community attributes however that is different.

Regards
Alexander
 
rafaeltdk
just joined
Posts: 17
Joined: Fri Feb 15, 2013 3:52 pm

Re: v6.15 released

Wed Jun 25, 2014 2:14 pm

ok need to use the prefix 262605 how do I? tanks.
 
rafaeltdk
just joined
Posts: 17
Joined: Fri Feb 15, 2013 3:52 pm

Re: v6.15 released

Wed Jun 25, 2014 2:15 pm

ok need to use the prefix 262605 how do I? tanks.




I understand that per RFC1997 that the community field is a 32 bit field, at the time with two byte AS numbers it was commonly used as 16 bits for the AS (before the colon) and 16 bits after for the community string.

In the case here if you want to use communities with larger AS numbers you may need to use 23456:XXX style for your community string. As the first number doesn't actually have to be an AS number you can of course put anything you want but 23456 is used in 2 byte only AS systems to refer to 4 byte AS's

There is an RFC for extended community attributes however that is different.

Regards
Alexander
 
wispwest
Member
Member
Posts: 479
Joined: Tue May 19, 2009 3:48 am

Re: v6.15 released

Wed Jun 25, 2014 8:40 pm

I liked the "Auto" NV2 timing with the new Wireless-FP package, latency hit 1ms sometimes! However, I got packet loss about every 100 or so pings, so had to revert back... :(
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 510
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.15 released

Wed Jun 25, 2014 9:21 pm

I liked the "Auto" NV2 timing with the new Wireless-FP package, latency hit 1ms sometimes! However, I got packet loss about every 100 or so pings, so had to revert back... :(
I just did a 10000 packets test. 0 packets lost. This is on a link with good signal and 100% ccq. I have some links which show minor packet loss on smokeping, but those links are not with good conditions so I think I had these losses before.
 
mxmxmxmxmx
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Mon Aug 25, 2008 1:27 am

Re: v6.15 released

Thu Jun 26, 2014 12:07 am

connecting Nokia e52 to RB with 6.15 & wireless FP = kernel panic.
Standard wireless package works fine!

RB433 + R52H with WPA/WPA2 TKIP
 
Neilson
Member Candidate
Member Candidate
Posts: 174
Joined: Tue Nov 06, 2012 10:42 pm
Location: Auckland, New Zealand

Re: v6.15 released

Thu Jun 26, 2014 7:44 am

ok need to use the prefix 262605 how do I? tanks.
Use 23456,

or one of the private prefixes,

or use another number

you could also try appending L to the end of the number, but I have not found any mikrotik documentation that says they support this signalling of 4-Byte AS Numbers.

Mikrotik may come back and change this or tell me I am wrong.

Also if you explain your use case then that could assist us in understanding other ways to do it.

Regards
Alexander
 
nmaton
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Fri Feb 18, 2011 12:31 am

Re: v6.15 released

Thu Jun 26, 2014 12:38 pm

I found the following bug again in 6.15.

My vrrp routers are both set as master!!
The error is get is = " vrrp received packet with bad checksum"

This is with vrrp version 3 on ipv4.

I changed the vrrp version to 2 with simple authentication and then it does function.

This is a bug that has been in mikrotik for a very long time. Could you please check this.
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 510
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.15 released

Thu Jun 26, 2014 2:22 pm

Trying to switch back to regular wireless package after using wireless-fp and having set auto on TDMA period size results in 100% cpu usage and wireless cards not working.
If you select a value for tdma period size before switching this problem is avoided.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Thu Jun 26, 2014 3:27 pm

THIS BUG ALREADY SIGNALED ON 6.12 STILL PRESENT AND NOT SOLVED:

Primary BUG: Webfig created script or schedule do not have ftp, winbox, api rights and are impossible to set that rights on Webfig

Secondary BUG: Winbox do not have the possibility to change ftp, winbox, api rights on script or schedule

VERSION AFFECTED: ALL VERSION OF ROUTEROS. Included last 6.16rc9

When one script are created on Winbox or on CLI, the default right applied are:
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api

But when the script are created by webfig, the only right can be applied are:
reboot,read,write,policy,test,password,sniff,sensitive
MISSING ftp,winbox,api

Without ftp right some command like "/export file=filename;" are not doable on script / schedule created with WebFig.

Walkthrought: obviously using the CLI you can set the missing rights.

Is clear what is the problem, without any other investigation.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: v6.15 released

Thu Jun 26, 2014 4:59 pm

My USGlobalSat Bu-353 receiver quit working when I upgraded my RB751 to RouterOS 6.15. Is there a fix for this?

Thanks,

donjames
In which version the GPS receiver was working?
From which version you upgraded to v6.15?
 
rafaeltdk
just joined
Posts: 17
Joined: Fri Feb 15, 2013 3:52 pm

Re: v6.15 released

Fri Jun 27, 2014 1:55 am

Normis pls help
need to send these communitys BGP to not advertise my carrier prefixes to some peer as follows

Follow the BGP communitys that can be used:

 

Blocks announce AS International: 1

National ad blocks AS: 2

Customers ad blocks GVT AS: 3

Blocks announce Peering AS 4

Blocks ad PTT AS: 6

 

Where, AS, should be your AS, example: 1234:1

ok need to use the prefix 262605 how do I? tanks.
Use 23456,

or one of the private prefixes,

or use another number

you could also try appending L to the end of the number, but I have not found any mikrotik documentation that says they support this signalling of 4-Byte AS Numbers.

Mikrotik may come back and change this or tell me I am wrong.

Also if you explain your use case then that could assist us in understanding other ways to do it.

Regards
Alexander
 
log
Member Candidate
Member Candidate
Posts: 105
Joined: Fri May 28, 2010 11:37 am

Re: v6.15 released

Fri Jun 27, 2014 10:25 am

Its something weird with rogue dhcp alert. I have ros 6.7 at 2011iL, my dhcp server is connected to ether1, dhcp alerts are enable at ether2 to 10 and everything is ok. After upgrade to 6.15 all ports (ether2-10) see my dhcp server from port 1. So i downgrade to 6.7 and everything is working normally.
 
mxmxmxmxmx
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Mon Aug 25, 2008 1:27 am

Re: v6.15 released

Sat Jun 28, 2014 1:28 am

Two different RB711 reboots because of kernel failure.
It happens after updating from ROS 6.13 with regular wireless package to 6.15 with wireless-FP package.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Sat Jun 28, 2014 2:27 am

Two different RB711 reboots because of kernel failure.
It happens after updating from ROS 6.13 with regular wireless package to 6.15 with wireless-FP package.
Please write EXACTLY how you have upgraded the two board, without omit anything,
previous package presents, previous packages active, etc.
 
jcem
Member Candidate
Member Candidate
Posts: 137
Joined: Sun May 24, 2009 4:41 pm
Location: Grebbestad, Sweden

Re: v6.15 released

Sat Jun 28, 2014 3:06 am

Hi!

Confirmed bug by MT in wireless-fp package if you have any legacy wireless card(non N-wireless capability)
installed on the RB

I'm now testing 6.16rc10 if they fixed it.

6.16rc10 seam to have a new SNMP bug thou...

RGDS
 
sentient
just joined
Posts: 1
Joined: Tue Aug 07, 2012 5:52 pm

Re: v6.15 released

Sat Jun 28, 2014 3:02 pm

Mikrotik should stop releasing this beta versions because they're unstable. I don't know what happened after 5.26, but every version was filled with some bugs.
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: v6.15 released

Sat Jun 28, 2014 11:52 pm

Hello Folks!

I guess we are lucky then, we successfully upgraded all our infrastructure devices (thats say many of each: SXT, SEXTANT, SEXTANT G, RB411, RB, RB433, RB600, RB333, RB750, RB2011UAS_2HnD, CRS and CCR1016).

We did not upgrade routers using policy based routing with routing marks (broke after 6.7) and vpn routers using l2tp (also broke after 6.7) and one Rb411 which is on 5.20 because if upgraded ethernet device stops working by some strange reason.
 
User avatar
Belgarion186
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Jan 23, 2014 3:33 am

Re: v6.15 released

Sun Jun 29, 2014 3:17 am

We did not upgrade routers using policy based routing with routing marks (broke after 6.7) and vpn routers using l2tp (also broke after 6.7) and one Rb411 which is on 5.20 because if upgraded ethernet device stops working by some strange reason.
Routing marks worked without any issue for me for every ROS 6.xx release, even the latest 6.15. I'm using CCR1009 and RB2011UiAS for policy based routing.

What I always do is to disable all VPN connections, upgrade ROS, reboot and then enable VPN connections again. Worked all the time.
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 510
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.15 released

Sun Jun 29, 2014 10:28 pm

Hi!

Confirmed bug by MT in wireless-fp package if you have any legacy wireless card(non N-wireless capability)
installed on the RB

I'm now testing 6.16rc10 if they fixed it.

6.16rc10 seam to have a new SNMP bug thou...

RGDS
What problems do you have in this scenario ? RB with legacy card. I have a few boards with legacy cards which reboot themself with 'kernel failure' message in log. Also just a few minutes a go one of these boards first rebooted a few times and then just crashed completely and needed a power cycle.
I'm hoping this is fixed in v6.16 and that it will come out soon.
 
littlebill
Member Candidate
Member Candidate
Posts: 234
Joined: Sat Apr 30, 2011 3:11 am

Re: v6.15 released

Mon Jun 30, 2014 2:52 am

did sstp for win7 clients ever get fixed? or disconnects on pptp when logged into winbox? this all broke after 6.7? anyone not seeing these issues anymore?
 
amb
just joined
Posts: 2
Joined: Mon Jun 30, 2014 8:32 am

Re: v6.15 released

Mon Jun 30, 2014 8:37 am

Hello,

I'm having an issue using a 3g modem as a failover solution.
It seems that every 30 minutes(give or take a few seconds) the connection is terminated.
After that it reconnects and works for another 30 minutes.

What could be causing this?
ROS: 6.15

RB951G-2HnD
 
amb
just joined
Posts: 2
Joined: Mon Jun 30, 2014 8:32 am

Re: v6.15 released

Mon Jun 30, 2014 11:01 am

Ok, so it seems the ppp server was disconnecting the client every 30 minutes if the connection was idle.
As the 3g modem was being used as a failover solution, no traffic went through while the main communication
channel was up.
So I 'fixed' it by adding a netwatch action to ping an ip every minute(although it could be less often).
So far I got 1h+ uptime and seems to have fixed my problem.
 
rayman1366
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Mon Feb 20, 2012 1:49 am

Re: v6.15 released

Mon Jun 30, 2014 12:58 pm

afther upgarde from 5.25 to 6.15 on sxt5hnd, now i cannot access router, need netinstall,,but sxt is on rig.. :(
 
Shiro
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Sep 25, 2013 6:44 pm

Re: v6.15 released

Mon Jun 30, 2014 2:20 pm

did sstp for win7 clients ever get fixed? or disconnects on pptp when logged into winbox? this all broke after 6.7? anyone not seeing these issues anymore?
SSTP is broken for me. I use it on x86, RB493G and CCR-1009, get disconnect on larger amount of traffic/bandwith. CCR as VPN Concentrator? no way.
 
User avatar
slarner
newbie
Posts: 31
Joined: Wed Jul 18, 2007 10:54 am
Location: UK
Contact:

Re: v6.15 released

Mon Jun 30, 2014 3:11 pm

We are having problems with the routing engine crashing on CC61036-12G-4S

We loose all routes and BGP peers. You reboot the router and it all comes back and works fine for a couple of days.

We are running 6.7 on our other datacentre CC61036-12G-4S and never had an issues with the routing engine crashing with 26 BGP peers connected.

Stewart
 
rayman1366
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Mon Feb 20, 2012 1:49 am

Re: v6.15 released

Mon Jun 30, 2014 3:19 pm

afther upgarde from 5.25 to 6.15 on sxt5hnd, now i cannot access router, need netinstall,,but sxt is on rig.. :(
afther hw reset i see 6.15.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: v6.15 released

Mon Jun 30, 2014 3:20 pm

Hi!
I'm now testing 6.16rc10 if they fixed it.

6.16rc10 seam to have a new SNMP bug thou...
RGDS
Please tell us more abut SNMP bug that is introduced in v6.16rc10
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Mon Jun 30, 2014 4:04 pm

The only bug I find on 6.16rc10 about SNMP if is SNMP are enabled AFTER the boot, you must REBOOT the device for make it effectively enabled.

secondary "bug" already present on 6.14 and 6.15 versions.
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 510
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.15 released

Mon Jun 30, 2014 4:17 pm

I've noticed this thing with snmp in v6.15, I enabled it and it was not working, but then I went and changed the community from public to something else and it worked, no reboot needed.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Mon Jun 30, 2014 4:24 pm

I've noticed this thing with snmp in v6.15, I enabled it and it was not working, but then I went and changed the community from public to something else and it worked, no reboot needed.
True.
 
coylh
Member Candidate
Member Candidate
Posts: 159
Joined: Tue Jul 12, 2011 12:11 am

Re: v6.15 released

Mon Jun 30, 2014 5:32 pm

I installed 6.15 (dhcp, ntp, routing, security, system) on my first 1016 (CCR1016-12S-1S+). I notice the cores are much more "active". If I was graphing the cpu usage, it would be very spiky. On 1036's (6.11), the cores are usually idle. Not sure if this is a problem yet, but it looks odd for the system to be so busy when it's not getting any traffic.
You do not have the required permissions to view the files attached to this post.
 
DLNoah
Member Candidate
Member Candidate
Posts: 144
Joined: Fri Nov 12, 2010 5:33 pm

Re: v6.15 released

Mon Jun 30, 2014 7:28 pm

We are having problems with the routing engine crashing on CC61036-12G-4S

We loose all routes and BGP peers. You reboot the router and it all comes back and works fine for a couple of days.

We are running 6.7 on our other datacentre CC61036-12G-4S and never had an issues with the routing engine crashing with 26 BGP peers connected.

Stewart
In our case, we had about a dozen CCR1036-12G-4S units on 6.5 that were becoming completely non-responsive via MAC Telnet or IP until rebooted. The failures were occurring every 10-14 days of uptime. We upgraded to v6.13 and haven't had any incidents in 18 days.

YMMV.
 
jcem
Member Candidate
Member Candidate
Posts: 137
Joined: Sun May 24, 2009 4:41 pm
Location: Grebbestad, Sweden

Re: v6.15 released

Tue Jul 01, 2014 12:25 am

Hi!
I'm now testing 6.16rc10 if they fixed it.

6.16rc10 seam to have a new SNMP bug thou...
RGDS
Please tell us more abut SNMP bug that is introduced in v6.16rc10

Hi!

Seams to be working after 24hr -- CPU, Voltage etc did not get any data to DUDE - Maybe DUDE needed some time??

RGDS
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Tue Jul 01, 2014 12:28 am

Hi!
I'm now testing 6.16rc10 if they fixed it.

6.16rc10 seam to have a new SNMP bug thou...
RGDS
Please tell us more abut SNMP bug that is introduced in v6.16rc10

Hi!

Seams to be working after 24hr -- CPU, Voltage etc did not get any data to DUDE - Maybe DUDE needed some time??

RGDS
paste your SNMP verbose config here.
/snmp export verbose
 
janel
just joined
Posts: 11
Joined: Wed Mar 12, 2014 10:41 pm

Re: v6.15 released

Tue Jul 01, 2014 3:24 am

CPU load in 6.15 vs 6.11 on a CRS125-24G-1S
mk-cpuload.png
/system resource pr     
                   uptime: 18m53s
                  version: 6.15
               build-time: Jun/12/2014 12:25:29
              free-memory: 107.9MiB
             total-memory: 128.0MiB
                      cpu: MIPS 74Kc V4.12
                cpu-count: 1
            cpu-frequency: 600MHz
                 cpu-load: 11%
           free-hdd-space: 109.6MiB
          total-hdd-space: 128.0MiB
  write-sect-since-reboot: 114
         write-sect-total: 67294
               bad-blocks: 0.1%
        architecture-name: mipsbe
               board-name: CRS125-24G-1S
                 platform: MikroTik
/tool profile 
NAME                    CPU        USAGE
firewall-mgmt           all           0%
spi                     all           3%
ethernet                all           1%
console                 all         0.5%
ssh                     all           0%
networking              all           4%
management              all         0.5%
idle                    all          87%
profiling               all         0.5%
unclassified            all         3.5%
You do not have the required permissions to view the files attached to this post.
 
User avatar
erebusodora
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Mon Jan 23, 2012 3:46 pm
Location: Bulgaria

Re: v6.15 released

Tue Jul 01, 2014 8:20 am

When upgrade from 5.26 to 6.15 (RB 433) some CPE not connect to hiden SSID. When SSID is visible all is connect. MAC adress of not connected CPE's is 00:1D:0F:E4:B6:F7 (tp-link 5210G), 64:70:02:B3:11:A1 (tp-link 5210G), 10:FE:ED:85:2D:0F (tp-link 5210G) . All CPE is on client mode with MAC connect to AP (RB433).
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: v6.15 released

Tue Jul 01, 2014 10:02 am

The only bug I find on 6.16rc10 about SNMP if is SNMP are enabled AFTER the boot, you must REBOOT the device for make it effectively enabled.

secondary "bug" already present on 6.14 and 6.15 versions.
is this on MIPS or some other arch?
 
User avatar
erebusodora
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Mon Jan 23, 2012 3:46 pm
Location: Bulgaria

Re: v6.15 released

Tue Jul 01, 2014 10:51 am

Bug on RB 2011UiAS with dynamic DNS rows. There was only 2 static DNS. The rows are too many. Example on picture.
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Tue Jul 01, 2014 11:18 am

The only bug I find on 6.16rc10 about SNMP if is SNMP are enabled AFTER the boot, you must REBOOT the device for make it effectively enabled.

secondary "bug" already present on 6.14 and 6.15 versions.
is this on MIPS or some other arch?
Thanks for reply, I have check this problem only on mipsbe devices:

netinstall 6.15 without keep previous config with inetalled routeros-mipsbe-6.15.npk and inside with last (3.13 and 3.10) bios
configured from scratch without import any script or backup

"Tower" 1:
3 Metal 5SHPn (3 Access Point) wireless-fp active
1 411AH + R52Hn (1 PTP) wireless-fp active
1 493G (only as Switch) all wireless package disabled

"Tower" 2:
2 Metal 5SHPn (2 Access Point) wireless-fp active
1 Metal 5SHPn (1 PTP) wireless-fp active
1 750UP (switch / PoE) all wireless package disabled

All devices, after configured SNMP must be rebooted for SNMP to work, other things works flawlessly.
Last edited by rextended on Tue Jul 01, 2014 11:46 am, edited 3 times in total.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: v6.15 released

Tue Jul 01, 2014 11:39 am

pNrrPyGnuht if you are receiving several DNS server addresses, they will be displayed in your '/ip dns' configuration as dynamic, also, you can, for example, configure dhcp client to not to set up dynamic entries if you do not what them to be set.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Tue Jul 01, 2014 11:44 am

Bug on RB 2011UiAS with dynamic DNS rows. There was only 2 static DNS. The rows are too many. Example on picture.
Is not a bug.
Paste this on your device:
/ip dhcp-client set [find] use-peer-dns=no
/interface pppoe-client set [find] use-peer-dns=no
/interface ppp-client set [find] use-peer-dns=no
 
User avatar
erebusodora
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Mon Jan 23, 2012 3:46 pm
Location: Bulgaria

Re: v6.15 released

Tue Jul 01, 2014 1:18 pm

Bug on RB 2011UiAS with dynamic DNS rows. There was only 2 static DNS. The rows are too many. Example on picture.
Is not a bug.
Paste this on your device:
/ip dhcp-client set [find] use-peer-dns=no
/interface pppoe-client set [find] use-peer-dns=no
/interface ppp-client set [find] use-peer-dns=no
I must use peer DNS. But this bug on RB 2011UiAS repeat the same DNS on every rows that write "Dynamic Servers".
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: v6.15 released

Tue Jul 01, 2014 1:25 pm


Thanks for reply, I have check this problem only on mipsbe devices:

netinstall 6.15 without keep previous config with netinstalled routeros-mipsbe-6.15.npk

All devices, after configured SNMP must be rebooted for SNMP to work, other things works flawlessly.
we are working on the issue.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Tue Jul 01, 2014 1:33 pm

And again, is not a bug, check how many peer DNS your provider send to you.

Why I'm sure is not a bug?

Because I'm using 4 2011UiAS all with 6.15 (really one with 6.16rc10...) with dynamic dns, one with dhcp client, one with pppoe-client connected to mikrotik pppoe-server, one with pppoe-client by ADSL (the screenshot)
the 4th are at my home and I use ppp on 3G as backup.

And this bug never happen to me...
Last edited by rextended on Tue Jul 01, 2014 1:39 pm, edited 2 times in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Tue Jul 01, 2014 1:37 pm


Thanks for reply, I have check this problem only on mipsbe devices:

netinstall 6.15 without keep previous config with netinstalled routeros-mipsbe-6.15.npk

All devices, after configured SNMP must be rebooted for SNMP to work, other things works flawlessly.
we are working on the issue.
Other detail: i have configured SNMP simpy paste this on new terminal, without using winbox GUI:
/snmp
set enabled=yes trap-community=public trap-target=0.0.0.0 trap-version=2
 
User avatar
erebusodora
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Mon Jan 23, 2012 3:46 pm
Location: Bulgaria

Re: v6.15 released

Tue Jul 01, 2014 2:34 pm

And again, is not a bug, check how many peer DNS your provider send to you.

Why I'm sure is not a bug?

Because I'm using 4 2011UiAS all with 6.15 (really one with 6.16rc10...) with dynamic dns, one with dhcp client, one with pppoe-client connected to mikrotik pppoe-server, one with pppoe-client by ADSL (the screenshot)
the 4th are at my home and I use ppp on 3G as backup.

And this bug never happen to me...
You do not have the required permissions to view the files attached to this post.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: v6.15 released

Tue Jul 01, 2014 2:42 pm

do packet capture, maybe your auto-configuration sends you all these servers (with duplicates)
 
DMK
just joined
Posts: 11
Joined: Wed Jan 23, 2013 7:05 pm

Re: v6.15 released

Tue Jul 01, 2014 5:14 pm

Hi,

running /interface wireless spectral-history wlan1 or /interface wireless spectral-scan wlan1 on RB2011UAS-2HnD-IN 6.15 drops wireless connection and router stops broadcasting SSID until disabling and enabling wlan1 in winbox via ethernet connection.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Tue Jul 01, 2014 5:26 pm

Hi,

running /interface wireless spectral-history wlan1 or /interface wireless spectral-scan wlan1 on RB2011UAS-2HnD-IN 6.15 drops wireless connection and router stops broadcasting SSID until disabling and enabling wlan1 in winbox via ethernet connection.
It's the normal behaviour, any scan of any type and tx stop completly.
 
littlebill
Member Candidate
Member Candidate
Posts: 234
Joined: Sat Apr 30, 2011 3:11 am

Re: v6.15 released

Wed Jul 02, 2014 12:36 am

did sstp for win7 clients ever get fixed? or disconnects on pptp when logged into winbox? this all broke after 6.7? anyone not seeing these issues anymore?
SSTP is broken for me. I use it on x86, RB493G and CCR-1009, get disconnect on larger amount of traffic/bandwith. CCR as VPN Concentrator? no way.

wonderful, support any comments on this?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Wed Jul 02, 2014 12:48 am

I have lost the hope after 6.7.
The rewriting of MPPE and making "ppp" multicore broken all feature I use on my 4 RB1100AHx2 pppoe-servers.

Already signaled to support from 6.10 and never get the solution,
every official new version I try, every version I'm forced to netinstall again the 6.7...

I use 6.15 on all my network infrastructure, no problem.

"ppp" new package are the problem...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Thu Jul 03, 2014 4:29 pm

yes!, Yes!, YES!

Is like someone on next RouterOS 6.16rc11 like my ideas...
*) time - on routerboards, current time is saved in configuration on reboot
and on clock adjustment, and is used to set initial time after reboot;
http://forum.mikrotik.com/viewtopic.php ... 20#p434049
Last edited by rextended on Thu Jul 03, 2014 9:40 pm, edited 1 time in total.
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 510
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.15 released

Thu Jul 03, 2014 4:46 pm

This time change sounds very good.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Thu Jul 03, 2014 4:49 pm

YEEEESSSS!!!
BUG FIXED: http://forum.mikrotik.com/viewtopic.php ... 88#p416454
STILL EXIST ON 6.15
http://forum.mikrotik.com/viewtopic.php ... 88#p416454
BUG SIGNALED FROM 6.10 AND STILL NOT FIXED???

Opened another ticket for that: [Ticket#2014041566000226] 6.12 UNFIXED BUG: user-manager profile limitation
I wait again the fix on 6.16... I'm waiting the fix from 6.10...
SOLVED ON NEXT 6.16rc11

--->> MISSING THIS FIX ON CHANGELOG <<---
Last edited by rextended on Thu Jul 03, 2014 9:40 pm, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Thu Jul 03, 2014 4:53 pm

This bug on 6.16rc11 still present:

webfig can not create full working scripts:

http://forum.mikrotik.com/viewtopic.php ... 50#p433572
Last edited by rextended on Thu Jul 03, 2014 9:40 pm, edited 1 time in total.
 
wolfeyes
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Sun Apr 17, 2011 11:37 am

Re: v6.15 released

Thu Jul 03, 2014 6:13 pm

yes!, Yes!, YES!

Is like someone on next RouterOS 6.16rc10 like my ideas...
*) time - on routerboards, current time is saved in configuration on reboot
and on clock adjustment, and is used to set initial time after reboot;
http://forum.mikrotik.com/viewtopic.php ... 20#p434049

Very very helpful for scripting.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Thu Jul 03, 2014 9:42 pm

on 6.16rc11 I reboot the board 2011i2hpnd and the system not reboot, required netinstall for restore the system

I try again with 6.16rc12 ....
 
Lupin
Member Candidate
Member Candidate
Posts: 267
Joined: Mon Feb 16, 2009 10:22 pm
Location: Italy

Re: v6.15 released

Thu Jul 03, 2014 10:37 pm

The "wireless-fp" package seems stable.
When will you default include it as primary, in the standard update package?

I want to upgrade all my network without enable every station manually
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Thu Jul 03, 2014 10:39 pm

When I reboot using system/reboot my working 2011UiAS-2HnD netinstalled (netinstall 6.15) with 6.16rc11 it go to one loop with etherboot...

This problem for me is fixed with netinstalled (netinstall 6.15) 6.16rc12, never hang whenn rebooted.

"Timekeeping" work perfecly...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Thu Jul 03, 2014 10:40 pm

The "wireless-fp" package seems stable.
When will you default include it as primary, in the standard update package?

I want to upgrade all my network without enable every station manually
Abbi pazienza... lo puoi attivare (se hai già una versione con wireless-fp) quindi lanciare l'update senza riavviare.
Ci ho già aggiornato più della metà della rete, in questo modo, senza problemi.
Quello che promettono è vero: ha significativamente meno latenza sia in NV2 che in nstreme...
Non ho incontrato un minimo problema nell'update, tutte le macchine hanno seguito (nel corso del tempo) questa scaletta:
6.7->6.10->6.14+fp->6.15+fp

Posso chiederti, per curiosità, da quale zona d'Italia?

********

Sorry for the Italian.
 
Lupin
Member Candidate
Member Candidate
Posts: 267
Joined: Mon Feb 16, 2009 10:22 pm
Location: Italy

Re: v6.15 released

Fri Jul 04, 2014 12:54 am

Preferisco attendere l'inglobamento del package, conoscendo Mikrotik ho il timore che quando aggiornerai da una versione con il package aggiuntivo ad una più recente senza package si impianterà tutto :D

Zona Nord-est

Ciao
 
changeip
Forum Guru
Forum Guru
Posts: 3830
Joined: Fri May 28, 2004 5:22 pm

Re: v6.15 released

Fri Jul 04, 2014 3:05 am

Who else is having ospf problems? Many times all routes do not make it into the routing table, only into LSA. Is this the routing engine crashing? A reboot or three will finally make it work. I finally grabbed a supout and will put together a ticket if I can.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2096
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v6.15 released

Fri Jul 04, 2014 4:19 am

Who else is having ospf problems? Many times all routes do not make it into the routing table, only into LSA. Is this the routing engine crashing? A reboot or three will finally make it work. I finally grabbed a supout and will put together a ticket if I can.
We experienced this behavior from 6.0 through 6.5 where it was fixed for us. Have you tried rolling back a few releases to identify where it was introduced ?
 
tweetyspn
just joined
Posts: 14
Joined: Wed Jul 13, 2011 10:48 pm

Re: v6.15 released

Fri Jul 04, 2014 3:36 pm

When I reboot using system/reboot my working 2011UiAS-2HnD netinstalled (netinstall 6.15) with 6.16rc11 it go to one loop with etherboot...

This problem for me is fixed with netinstalled (netinstall 6.15) 6.16rc12, never hang whenn rebooted.

"Timekeeping" work perfecly...
Rextended, if I got it correctly, you rebooted the 2011UiAS using system->reboot and it needed netinstall afterwards? Not even a power unplug/plug?

I had a strange issue lately with a RB1100AHx2 which sometimes requires a power unplug/plug after a scheduled reboot with a script (/system reboot). I wonder if there is an issue somewhere..
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 551
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v6.15 released

Fri Jul 04, 2014 4:31 pm

on 6.16rc11 I reboot the board 2011i2hpnd and the system not reboot, required netinstall for restore the system

I try again with 6.16rc12 ....
I've had some issues with 6.16rc11 on partitioned systems: stable system on part0 and test env on part1, boot my part1 (active), upgrade to 6.16rc11, reboot ..board start with part0 and part1 in unusable even if I try to activate it again. Problem seen on two board (CRS and 2011).
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Fri Jul 04, 2014 5:28 pm

When I reboot using system/reboot my working 2011UiAS-2HnD netinstalled (netinstall 6.15) with 6.16rc11 it go to one loop with etherboot...

This problem for me is fixed with netinstalled (netinstall 6.15) 6.16rc12, never hang whenn rebooted.

"Timekeeping" work perfecly...
Rextended, if I got it correctly, you rebooted the 2011UiAS using system->reboot and it needed netinstall afterwards? Not even a power unplug/plug?

I had a strange issue lately with a RB1100AHx2 which sometimes requires a power unplug/plug after a scheduled reboot with a script (/system reboot). I wonder if there is an issue somewhere..
I have 4 RB1100AHx2 and I use it as pppoe-server, EVERY SINGLE DEVICE ON MY PRODUCTION NETWORK, EVERY 28 DAYS @04:00 AM AUTOMATICALLY REBOOT. Never haved one single problem with 5.26/6.7/6.10/6.14+wireless-fp/6.15+wireless-fp
I never haved one problem on autoreboot or reboot manually.

About 2011 obviously I omit unplug the power or not, because there are not significant powering off removing the power do not do any problems.
Still require netinstall to work again if rebooted by system/reboot, but is introduced on r11 and is already fixed on r12.
 
Neilson
Member Candidate
Member Candidate
Posts: 174
Joined: Tue Nov 06, 2012 10:42 pm
Location: Auckland, New Zealand

Re: v6.15 released

Sun Jul 06, 2014 2:28 am

ok need to use the prefix 262605 how do I? tanks.
Use 23456,

or one of the private prefixes,

or use another number

you could also try appending L to the end of the number, but I have not found any mikrotik documentation that says they support this signalling of 4-Byte AS Numbers.

Mikrotik may come back and change this or tell me I am wrong.

Also if you explain your use case then that could assist us in understanding other ways to do it.

Regards
Alexander

@rafaeltdk

I have to apologise that I missed this from the manual:

http://wiki.mikrotik.com/wiki/Manual:Ro ... ng_filters

append-route-targets (AsIP|AsNum;) Append value to route target EXTENDED_COMMUNITIES path attribute

This would allow you to use extended communities.

Regards
Alexander
 
wispwest
Member
Member
Posts: 479
Joined: Tue May 19, 2009 3:48 am

Re: v6.15 released

Sun Jul 06, 2014 7:10 am

Keep getting reboots from "Kernal Failure" on rb912's... dang!
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 510
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.15 released

Sun Jul 06, 2014 7:52 am

Keep getting reboots from "Kernal Failure" on rb912's... dang!
I have some boards with these reboots. Upgraded few of them with v6.16rc11 and the problem seems fixed. No reboots for a few days now.
 
prawira
Trainer
Trainer
Posts: 357
Joined: Fri Feb 10, 2006 5:11 am

Re: v6.15 released

Sun Jul 06, 2014 11:21 am

I just upgrade my CRS from 6.12 to 6.15

and seems i got time issue on log
6.15 time.jpg
the /system clock show and the top bar show the correct date and time BUT the log file show the time 7 hours before.

this problem never introduced on the previous version

it is a but, isn't it ?

Paul
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Sun Jul 06, 2014 2:24 pm

I just upgrade my CRS from 6.12 to 6.15

and seems i got time issue on log
6.15 time.jpg
the /system clock show and the top bar show the correct date and time BUT the log file show the time 7 hours before.

this problem never introduced on the previous version

it is a but, isn't it ?

Paul
simply change timezone and apply previous back (not with undo).
 
yozz
just joined
Posts: 15
Joined: Fri Jan 31, 2014 11:51 pm

Re: v6.15 released

Mon Jul 07, 2014 2:02 am

PLEASE!!!!!!!!!!!!!!!!!!!!
ADD IPSEC INTERFACES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


PLEASE!!!!!!!!!!!!!!!!!!!!
ADD IPSEC INTERFACES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


PLEASE!!!!!!!!!!!!!!!!!!!!
ADD IPSEC INTERFACES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.15 released

Mon Jul 07, 2014 9:21 am

PLEASE!!!!!!!!!!!!!!!!!!!!
ADD IPSEC INTERFACES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
IPsec is supported. Or please clarify what you mean?
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.15 released

Mon Jul 07, 2014 9:25 am

PLEASE!!!!!!!!!!!!!!!!!!!!
ADD IPSEC INTERFACES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
What do you need them for? Virtual interfaces coupled with classic (policy-based) IPsec seem to be rather confusing (since you generally can not pass arbitrary traffic through them, but only what's covered by the policy). What am I missing?
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2096
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v6.15 released

Mon Jul 07, 2014 10:48 am

PLEASE!!!!!!!!!!!!!!!!!!!!
ADD IPSEC INTERFACES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
IPsec is supported. Or please clarify what you mean?
He is meaning IPSEC Virtual Tunnel Interfaces.

The feature I have been asking for since 2009 ;)

Mikrotik do not seem to take this request seriously... :cry:
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.15 released

Mon Jul 07, 2014 11:01 am

Sorry, not my field. Such things please also email support.
 
i4jordan
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Mon Sep 02, 2013 1:42 am

Re: v6.15 released

Mon Jul 07, 2014 1:03 pm

With IPsec Virtual Interface most people mean an virtual interface like the IPIP or GRE interface.
But then with standard IPsec security.

SonicWall has a very nice implementation of this kind of interface. Keep in mind SonicWall has a propriety implementation.

I do understand we can make this with IPIP+ipsec and GRE+ipsec. But the performance of those constructions is very bad.

I would recommend Mikrotik to investigate the SonicWall implementation of the ipsec tunnel interface.
Some reading:
http://www.sonicwall.com/downloads/Soni ... Module.pdf
http://www.sonicwall.com/us/en/support/ ... &match=and
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.15 released

Mon Jul 07, 2014 1:24 pm

I do understand we can make this with IPIP+ipsec and GRE+ipsec. But the performance of those constructions is very bad.
Then the right thing to ask Mikrotik engineers for is to improve the performance of these standards-compliant combinations, rather then inventing something proprietary or trying to mimic some other vendor's proprietary solutions.
 
i4jordan
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Mon Sep 02, 2013 1:42 am

Re: v6.15 released

Mon Jul 07, 2014 2:53 pm

@andriys

Yes I agree with you that the engineers should fix/improve the speed on the IPIP+ipsec and/or GRE+ipsec implementations.

But besides the throughput speed, a IPsec tunnel is less complicated to configure than IPsec (peer/profile/policy) + IPIP/GRE tunnel (tunnel+subnet).
At least in the SonicWall NSA series it is less than 2 minutes work.
I just like the SonicWall ipsec tunnel interface speed and simplicity to configure. But MKT is much more flexible in all other things you want to do with router/firewall's.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.15 released

Mon Jul 07, 2014 3:15 pm

By looking at sonicwall links, where is the benefit of VTI in such configuration? You still need to set policies for that interface meaning additional configuration.

on mikrotik:
gre over ipsec would be true interface usable for routing firewall etc.
ipsec with subnet policies - the same as sonic wall provided example except that you do not need to configure virtual interface.
 
i4jordan
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Mon Sep 02, 2013 1:42 am

Re: v6.15 released

Mon Jul 07, 2014 3:45 pm

@MRZ

On a SonicWall you only provide ipsec settings in the VTI settings dialogs.
And yes those are in fact peer/proposal/policy info.
But you do not need to make a separate GRE tunnel with the same end-point peer IP addresses.

Also in the SW implementation you do not need IP adresses (subnet) for the VTI tunnels to get routing working. You just route to a VTI interface in stead of a gateway address.
It gets some more complicated on a SW if you are in the need of OSPF kind of dynamic routing. This would be easier on a MKT router.

So on a SW it very simple to implement static routed secured tunnels.

But the main thing is there are blazing fast on SW. Even with a Quad 550Mhz Mips64 Octeon Processor in the NSA3500 series I do get fantastic results on AES-256 secured VTI tunnels.

If I compare this with GRE+ipsec tunnels on a CCR1036 (36 core 1,2Ghz) I do get very very poor performance with MKT.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.15 released

Mon Jul 07, 2014 3:52 pm

Then it is just a configuration issue. What if you have something like (use-ipsec) in gre configuration and no additional ipsec config is required?

How much did you get with gre over ipsec on CCR?
 
mt-guy
just joined
Posts: 8
Joined: Mon May 26, 2008 4:41 pm

Re: v6.15 released

Mon Jul 07, 2014 8:37 pm

IPSEC groups are not working. When assigning a group to a policy nothing happens, not even an error. In winbox the group is not even visible under policies. Has this ever worked in earlier versions?

IPSEC still stops working randomly, a user that was able to connect a couple of days ago, can no longer connect using L2TP/IPSEC. Sometimes it helps Flushing SA:s. I experienced this myself today. I was connected on Friday for a short while without any problems, but today I was unable to connect, I tried several times, but when flushing the SA:s I was able to connect.
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.15 released

Mon Jul 07, 2014 10:19 pm

IPSEC groups are not working. When assigning a group to a policy nothing happens, not even an error. In winbox the group is not even visible under policies. Has this ever worked in earlier versions?
Groups are to be used with policy templates, not policies.
Works fine for me at least in 6.7, though there's no GUI support for these IPsec features in 6.7.
 
mt-guy
just joined
Posts: 8
Joined: Mon May 26, 2008 4:41 pm

Re: v6.15 released

Mon Jul 07, 2014 11:52 pm

IPSEC groups are not working. When assigning a group to a policy nothing happens, not even an error. In winbox the group is not even visible under policies. Has this ever worked in earlier versions?
Groups are to be used with policy templates, not policies.
Works fine for me at least in 6.7, though there's no GUI support for these IPsec features in 6.7.
Thank's that works perfectly. :oops: :-D

Now it's only the connection problem left.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.15 released

Tue Jul 08, 2014 12:08 am


IPSEC still stops working randomly, a user that was able to connect a couple of days ago, can no longer connect using L2TP/IPSEC. Sometimes it helps Flushing SA:s. I experienced this myself today. I was connected on Friday for a short while without any problems, but today I was unable to connect, I tried several times, but when flushing the SA:s I was able to connect.
I have script that flushes sa's on both sides of the link when the connection breaks. It helps normally.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.15 released

Tue Jul 08, 2014 12:11 am

What if you have something like (use-ipsec) in gre configuration and no additional ipsec config is required?
Can be interesting. Especially when used for eoip also. And for other types of tunnels if suitable.
 
staslabs
newbie
Posts: 38
Joined: Mon Feb 27, 2006 9:38 pm
Contact:

Re: v6.15 released

Tue Jul 08, 2014 12:55 am

6.15 + CCR1036-12G-4S

Radius not work well

downgrade for 6.7 -> is OK
You do not have the required permissions to view the files attached to this post.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2096
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v6.15 released

Tue Jul 08, 2014 12:58 am

By looking at sonicwall links, where is the benefit of VTI in such configuration? You still need to set policies for that interface meaning additional configuration.

on mikrotik:
gre over ipsec would be true interface usable for routing firewall etc.
ipsec with subnet policies - the same as sonic wall provided example except that you do not need to configure virtual interface.
OK, so VTI is a fairly common feature. The implementations on Cisco, Juniper ScreenOS and JunOS, Fortinet, SonicWall, Sophos UTM(Astaro), Vyatta and Palo Alto Networks are all compatible with each other.

Contrary to what the above poster has said, the SonicWall implementation is not proprietary to them, and will indeed work with the other vendors listed above.

What are the benefits over IPSEC+GRE or IPSEC+EoIP ?

- VTI is standard, and works across multiple vendors
- Lower overheads
- Lower IP fragmentation
- Simpler configuration! e.g. No need for Proxy-ID's, Just route the traffic down the VTI
- NHTB feature allows for easy mesh style IPSEC deployments
- More flexible. You can create firewall policies based on the VTI interface, and know anything to/from this interface has been encrypted

see http://forum.mikrotik.com/viewtopic.php?f=2&t=65734 for more information.

I am more than happy to do a live demo of these features with Mikrotik, showing ease of configuration, advantages and inter-vendor inter-op. We have literally thousands of tunnels running using IPSEC VTI.

If RouterOS had this feature back when we first asked for it, it would have resulted in the sale of thousands of Mikrotik devices... Instead, Fortinet and Cisco have profited.
Last edited by nz_monkey on Tue Jul 08, 2014 10:48 am, edited 2 times in total.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.15 released

Tue Jul 08, 2014 7:40 am

Agree. VTI would be definitely good feature.
 
i4jordan
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Mon Sep 02, 2013 1:42 am

Re: v6.15 released

Tue Jul 08, 2014 10:04 am

@nz_monkey

Thank you for making this VTI feature more clear for everyone. I was not aware that VTI implementation in the SonicWall is a standard supported by other brands.

I hope Mikrotik takes some time to improve IPsec performance and features because the main thing we do is making VPN networks for intercompany netwerk trafic.
And with the fast ISP connections in the Netherlands it would be very nice to have very fast VPN tunnels.
 
ste
Forum Guru
Forum Guru
Posts: 1924
Joined: Sun Feb 13, 2005 11:21 pm

Re: v6.15 released

Tue Jul 08, 2014 10:38 am

We are in progress updating all of our RBs to 6.15. We've a mix of nearly every routerboard.
RB1xx will not be upgraded due to their weak resources. The rest works fine. Single problem
so far was a RB450G which needed a manual powercycle to start up again.
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.15 released

Tue Jul 08, 2014 11:06 am

- VTI is standard, and works across multiple vendors
Can you point me to an RFC or similar document, please? I assume some doc should exist, if the feature is standard, as you say. I'd like to learn how it works on the protocol level.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2096
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v6.15 released

Tue Jul 08, 2014 12:20 pm

- VTI is standard, and works across multiple vendors
Can you point me to an RFC or similar document, please? I assume some doc should exist, if the feature is standard, as you say. I'd like to learn how it works on the protocol level.
http://www.isi.edu/div7/presentation_fi ... outing.pdf Very old document, but has a great outline on how VTI works at a protocol level. See Page 33...

http://www.cisco.com/c/en/us/td/docs/io ... _tunnl.pdf Cisco docs on VTI

http://www.spinics.net/lists/netdev/msg200670.html Linux implementation of VTI

http://www.juniper.net/techpubs/en_US/j ... uring.html Juniper example between JunOS (Juniper) and ScreenOS (Netscreen) using different implementations of VTI at each end.

http://tools.ietf.org/html/draft-ietf-ipsec-dhcp-12 Providing client IP's using DHCP over VTI's
 
mt-guy
just joined
Posts: 8
Joined: Mon May 26, 2008 4:41 pm

Re: v6.15 released

Tue Jul 08, 2014 12:52 pm

As I don't get any replies any more from Mikrotik on Ticket#2014061166000542, I can share an experience with those of you who have IPSEC problems. When upgrading from earlier versions, like 5.26 to 6.15, you will get: generate-policy=port-override instead of generate-policy=yes. Nothing strange with this, as this should be the most compatible setting according to Mikrotik. The problem is that it no longer works reliably. If you connect to a router running 6.15 that has generate-policy=port-override with an L2TP/IPSEC client like Windows XP, it will work. If you then disconnect and reconnect the client it will be unable to establish the IPSEC transport connection (reproducible every time for a client I have tested behind NAT) . The only way to reconnect is by flushing the SAs.

Workaround: use the setting generate-policy=port-strict. This will stop what can appear as random connection problems, and it will let the clients reconnect immediately after disconnecting without flushing the SAs.
 
djdrastic
Member
Member
Posts: 367
Joined: Wed Aug 01, 2012 2:14 pm

Re: v6.15 released

Tue Jul 08, 2014 1:05 pm

Agreed regarding the VTI . I have some extremely reliable mtk boxes that I might possibly have to junk now as we've moved away from a nix based quagga server to a fortinet and I absolutely need VTI.
 
dominicbatty
Member Candidate
Member Candidate
Posts: 100
Joined: Wed Jul 07, 2010 12:26 pm

Re: v6.15 released

Tue Jul 08, 2014 2:57 pm

Has anyone tested the reported long term routing-mark issue in any of the v6.16 rc versions yet and is it perhaps fixed?

The reason I ask is that we have routing marks that route our VOIP(SIP) traffic up another line via a mangle rule and a route with a routing mark set to pick these up and send it down that line. Our lines are extremely stable but today the VOIP provider line went down and the router re-routed traffic onto the primary route using a script that disables the route with the routing mark hence it gets collected by the default route, even though it has been marked. When the line came back up and the script re-enabled the route with the routing mark, the route refused to collect the traffic that had been marked for it and nothing I did could get it to pick up the traffic again.

I was lucky, because our VOIP provider provides some really detailed SIP traces on a per call basis so I could see that they were getting traffic arriving via our primary route even though our router was back to exactly the same original configuration as it had been before I disabled and re-enabled the route.

A reboot of the router immediately brought everything back up. It therefore looks like I have a replicable example but I don't want to bust a gut trying to set this up and log it with support if it's maybe already fixed.

Thanks, Dominic.

EDIT - time was tight today whilst the business was open but I should be able to provide some more details this evening.
EDIT2 - are the people having problems with routing marks only seeing this with UDP traffic by any chance?
EDIT3 - after some testing this evening, this problem does not look like a routing mark issue as the routing marks are being applied correctly but does look like a NAT session connection issue where it is not getting dropped.
Last edited by dominicbatty on Wed Jul 09, 2014 10:58 am, edited 1 time in total.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.15 released

Tue Jul 08, 2014 3:58 pm

As I don't get any replies any more from Mikrotik on Ticket#2014061166000542, I can share an experience with those of you who have IPSEC problems. When upgrading from earlier versions, like 5.26 to 6.15, you will get: generate-policy=port-override instead of generate-policy=yes. Nothing strange with this, as this should be the most compatible setting according to Mikrotik. The problem is that it no longer works reliably. If you connect to a router running 6.15 that has generate-policy=port-override with an L2TP/IPSEC client like Windows XP, it will work. If you then disconnect and reconnect the client it will be unable to establish the IPSEC transport connection (reproducible every time for a client I have tested behind NAT) . The only way to reconnect is by flushing the SAs.

Workaround: use the setting generate-policy=port-strict. This will stop what can appear as random connection problems, and it will let the clients reconnect immediately after disconnecting without flushing the SAs.
Thanks, we will look if there are any differences between strict and override that could affect your mentioned problem.
 
hedele
Member
Member
Posts: 338
Joined: Tue Feb 24, 2009 11:23 pm

Re: v6.15 released

Tue Jul 08, 2014 6:17 pm

Agreed regarding the VTI . I have some extremely reliable mtk boxes that I might possibly have to junk now as we've moved away from a nix based quagga server to a fortinet and I absolutely need VTI.
How so? Fortinet VTIs interoperate perfectly with standard IPSec Site to Site implementations like Mikrotik or Cisco ASA.
You just need to understand that the Fortinet VTI itself is equivalent to Phase 1 (IPSec Peer configuration), and the Policies you can bind on the VTI are equivalent to Phase 2 (IPSec Policy configuration). You don't have an interface on your Mikrotik box, but most configuration can be adapted to work this way.
 
djdrastic
Member
Member
Posts: 367
Joined: Wed Aug 01, 2012 2:14 pm

Re: v6.15 released

Tue Jul 08, 2014 10:16 pm


How so? Fortinet VTIs interoperate perfectly with standard IPSec Site to Site implementations like Mikrotik or Cisco ASA.
You just need to understand that the Fortinet VTI itself is equivalent to Phase 1 (IPSec Peer configuration), and the Policies you can bind on the VTI are equivalent to Phase 2 (IPSec Policy configuration). You don't have an interface on your Mikrotik box, but most configuration can be adapted to work this way.

True I guess I can hack something together (ugh) on the Fortinet to get the OSPF working on the ends.Just a pain in the ass compared to how easy it is on other vendors equipment.
 
ste
Forum Guru
Forum Guru
Posts: 1924
Joined: Sun Feb 13, 2005 11:21 pm

Re: v6.15 released

Thu Jul 10, 2014 12:50 pm

Ripped a 411ah to dead upgrading it to 6.15.
Draws power, makes ethernet link but does nothing more.
Wireless is dead and does not send a packet to the ethernet.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Thu Jul 10, 2014 1:24 pm

Exact and detailed method used for upgrade the board?
 
ste
Forum Guru
Forum Guru
Posts: 1924
Joined: Sun Feb 13, 2005 11:21 pm

Re: v6.15 released

Thu Jul 10, 2014 2:00 pm

Exact and detailed method used for upgrade the board?
Copy whole package with winbox, reboot by scheduler at night.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.15 released

Thu Jul 10, 2014 2:03 pm

Has anyone tested the reported long term routing-mark issue in any of the v6.16 rc versions yet and is it perhaps fixed?
....
What you described is not really a bug.

NAT sees only the first packet of the connection. When you reroute packets of already established connection NAT has no way of knowing that. You have to clear open connections so that connection tracking reestablish connection and only then NAT will use correct addresses.
 
dominicbatty
Member Candidate
Member Candidate
Posts: 100
Joined: Wed Jul 07, 2010 12:26 pm

Re: v6.15 released

Thu Jul 10, 2014 6:43 pm

thanks for the update, the problem I have is knowing which ones to clear but I've plumped for the whole lot which seems to be working ok.
 
sgxluk
just joined
Posts: 6
Joined: Thu Jul 10, 2014 6:26 pm

Re: v6.15 released

Thu Jul 10, 2014 11:54 pm

SFP port flapping bug still persists, please fix it & release an update ASAP
 
User avatar
dgnevans
Member
Member
Posts: 469
Joined: Fri Mar 08, 2013 11:24 am
Location: Zimbabwe
Contact:

Re: v6.15 released

Sat Jul 12, 2014 10:58 pm

I have had an interesting issue appear since i updated my routers to version 6.15 devices and user shares that are on other side of router are not accessible unless I ping the ip of the device. ie I have a router seperating my backbone where my dns servers and storage are located and my lan where my desktop users are located. Desktop users cannot access the network store or dns unless they are pinging the server. this was not happening before version 6.15 any suggestions.
 
User avatar
paoloaga
Member Candidate
Member Candidate
Posts: 227
Joined: Tue Mar 08, 2011 2:52 am
Location: Lugano - Switzerland
Contact:

Re: v6.15 released

Wed Jul 16, 2014 3:56 pm

How is this possible?

(read the cpu frequency reported by the two commands, on the same routerboard)

[admin@MikroTik] > /system resource print
uptime: 1h49m56s
version: 6.15
build-time: Jun/12/2014 12:25:29
free-memory: 8.4MiB
total-memory: 32.0MiB
cpu: MIPS 24Kc V7.4
cpu-count: 1
cpu-frequency: 300MHz
cpu-load: 1%
free-hdd-space: 50.1MiB
total-hdd-space: 63.8MiB
write-sect-since-reboot: 28602
write-sect-total: 206729
bad-blocks: 0.3%
architecture-name: mipsbe
board-name: RB951-2n
platform: MikroTik
[admin@MikroTik] > /system routerboard settings print
boot-device: nand-if-fail-then-ethernet
cpu-frequency: 360MHz
boot-protocol: bootp
force-backup-booter: no
silent-boot: no



This behaviour makes my monitoring software going crazy...
 
athlonxp78
just joined
Posts: 13
Joined: Wed Feb 10, 2010 4:17 am

Re: v6.15 released

Wed Jul 16, 2014 8:25 pm

How is this possible?

(read the cpu frequency reported by the two commands, on the same routerboard)

[admin@MikroTik] > /system resource print
uptime: 1h49m56s
version: 6.15
build-time: Jun/12/2014 12:25:29
free-memory: 8.4MiB
total-memory: 32.0MiB
cpu: MIPS 24Kc V7.4
cpu-count: 1
cpu-frequency: 300MHz
cpu-load: 1%
free-hdd-space: 50.1MiB
total-hdd-space: 63.8MiB
write-sect-since-reboot: 28602
write-sect-total: 206729
bad-blocks: 0.3%
architecture-name: mipsbe
board-name: RB951-2n
platform: MikroTik
[admin@MikroTik] > /system routerboard settings print
boot-device: nand-if-fail-then-ethernet
cpu-frequency: 360MHz
boot-protocol: bootp
force-backup-booter: no
silent-boot: no



This behaviour makes my monitoring software going crazy...
Exactly the same here, RB2011LS upgraded to v6.15, down to 6.10 and the mismatch persist:

sys re pr
uptime: 21h53m31s
version: 6.10
build-time: Feb/12/2014 13:46:18
free-memory: 30.3MiB
total-memory: 64.0MiB
cpu: MIPS 74Kc V4.12
cpu-count: 1
cpu-frequency: 600MHz
cpu-load: 36%
free-hdd-space: 101.9MiB
total-hdd-space: 128.0MiB
write-sect-since-reboot: 32647
write-sect-total: 504475
bad-blocks: 0%
architecture-name: mipsbe
board-name: RB2011LS
platform: MikroTik

/system routerboard settings print
boot-device: nand-if-fail-then-ethernet
cpu-frequency: 500MHz
boot-protocol: bootp
silent-boot: no

We sufer some random "kernel panic" + "out of memory"
Supout.rif sended to staff.

EDIT: This only happen in RB2011 series, in the others MK upgraded to v6.15 everything is working fine.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Wed Jul 16, 2014 9:06 pm

How is this possible?

(read the cpu frequency reported by the two commands, on the same routerboard)

[admin@MikroTik] > /system resource print
uptime: 1h49m56s
version: 6.15
build-time: Jun/12/2014 12:25:29
free-memory: 8.4MiB
total-memory: 32.0MiB
cpu: MIPS 24Kc V7.4
cpu-count: 1
cpu-frequency: 300MHz
cpu-load: 1%
free-hdd-space: 50.1MiB
total-hdd-space: 63.8MiB
write-sect-since-reboot: 28602
write-sect-total: 206729
bad-blocks: 0.3%
architecture-name: mipsbe
board-name: RB951-2n
platform: MikroTik
[admin@MikroTik] > /system routerboard settings print
boot-device: nand-if-fail-then-ethernet
cpu-frequency: 360MHz
boot-protocol: bootp
force-backup-booter: no
silent-boot: no



This behaviour makes my monitoring software going crazy...
paste this:
/system routerboard settings set cpu-frequency=400MHz
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Wed Jul 16, 2014 9:07 pm

How is this possible?

(read the cpu frequency reported by the two commands, on the same routerboard)

[admin@MikroTik] > /system resource print
uptime: 1h49m56s
version: 6.15
build-time: Jun/12/2014 12:25:29
free-memory: 8.4MiB
total-memory: 32.0MiB
cpu: MIPS 24Kc V7.4
cpu-count: 1
cpu-frequency: 300MHz
cpu-load: 1%
free-hdd-space: 50.1MiB
total-hdd-space: 63.8MiB
write-sect-since-reboot: 28602
write-sect-total: 206729
bad-blocks: 0.3%
architecture-name: mipsbe
board-name: RB951-2n
platform: MikroTik
[admin@MikroTik] > /system routerboard settings print
boot-device: nand-if-fail-then-ethernet
cpu-frequency: 360MHz
boot-protocol: bootp
force-backup-booter: no
silent-boot: no



This behaviour makes my monitoring software going crazy...
Exactly the same here, RB2011LS upgraded to v6.15, down to 6.10 and the mismatch persist:

sys re pr
uptime: 21h53m31s
version: 6.10
build-time: Feb/12/2014 13:46:18
free-memory: 30.3MiB
total-memory: 64.0MiB
cpu: MIPS 74Kc V4.12
cpu-count: 1
cpu-frequency: 600MHz
cpu-load: 36%
free-hdd-space: 101.9MiB
total-hdd-space: 128.0MiB
write-sect-since-reboot: 32647
write-sect-total: 504475
bad-blocks: 0%
architecture-name: mipsbe
board-name: RB2011LS
platform: MikroTik

/system routerboard settings print
boot-device: nand-if-fail-then-ethernet
cpu-frequency: 500MHz
boot-protocol: bootp
silent-boot: no

We sufer some random "kernel panic" + "out of memory"
Supout.rif sended to staff.

EDIT: This only happen in RB2011 series, in the others MK upgraded to v6.15 everything is working fine.
paste this:
/system routerboard settings set cpu-frequency=600MHz
 
User avatar
paoloaga
Member Candidate
Member Candidate
Posts: 227
Joined: Tue Mar 08, 2011 2:52 am
Location: Lugano - Switzerland
Contact:

Re: v6.15 released

Wed Jul 16, 2014 11:30 pm

/system routerboard settings set cpu-frequency=400MHz
It's the first thing I did (obviously), but it didn't work.

The correct frequency for that RB is 360MHz (despite some can run at 400). My software recognize which one of the two version is using /system resource print. It sees 300MHz so it believes it's the 400MHz version wrongly clocked at 300, tries to set it at 400, resets the router and loops (the 360MHz version would run at 260MHz if the setting is wrong).
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: v6.15 released

Thu Jul 17, 2014 3:59 am

By looking at sonicwall links, where is the benefit of VTI in such configuration? You still need to set policies for that interface meaning additional configuration.

on mikrotik:
gre over ipsec would be true interface usable for routing firewall etc.
ipsec with subnet policies - the same as sonic wall provided example except that you do not need to configure virtual interface.
Being able to "zone" the interface and classify traffic going over it separately from the parent interface. Cisco, juniper, Palo Alto all support this and it hinders compatibility by not providing this functionality.

Also, it should benefit milrotik because it's not doubly encapsulated like ipsec/gre.
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 551
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v6.15 released

Thu Jul 17, 2014 8:50 am

.. on my lab RB2011 the (supposed) 6.16 final update (from 6.15) + firmware update (3.16->3.17) ..have needed a manual reboot. Display showed 'rebooting' but was stuck; pay attention if you have remote similar device/conditions..
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Thu Jul 17, 2014 9:22 am

.. on my lab RB2011 the (supposed) 6.16 final update (from 6.15) + firmware update (3.16->3.17) ..have needed a manual reboot. Display showed 'rebooting' but was stuck; pay attention if you have remote similar device/conditions..
The file you download from the beta area is not the final version.
If you not trust me save the file somewhere and compare with the final public version when available.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Thu Jul 17, 2014 9:23 am

PLEASE FIX THIS BUG BEFORE LAST 6.16 COME OUT...

THIS BUG ALREADY SIGNALED ON 6.12 STILL PRESENT AND NOT SOLVED:

Primary BUG: Webfig created script or schedule do not have ftp, winbox, api rights and are impossible to set that rights on Webfig

Secondary BUG: Winbox do not have the possibility to change ftp, winbox, api rights on script or schedule

VERSION AFFECTED: ALL VERSION OF ROUTEROS. Included last pre-release 6.16

When one script are created on Winbox or on CLI, the default right applied are:
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api

But when the script are created by webfig, the only right can be applied are:
reboot,read,write,policy,test,password,sniff,sensitive
MISSING ftp,winbox,api

Without ftp right some command like "/export file=filename;" are not doable on script / schedule created with WebFig.

Walkthrought: obviously using the CLI you can set the missing rights.

Is clear what is the problem, without any other investigation.
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 551
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v6.15 released

Thu Jul 17, 2014 10:43 am

The file you download from the beta area is not the final version.
If you not trust me save the file somewhere and compare with the final public version when available.
I hope so @rextended :D, otherwise many mt guys will have to jump in their cars.. :lol:
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.15 released

Thu Jul 17, 2014 11:25 am

Todays build of 6.16 has fixed the issue bajodel had above
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 551
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v6.15 released

Thu Jul 17, 2014 2:44 pm

Todays build of 6.16 has fixed the issue bajodel had above
well done! 8)
 
Quindor
Member
Member
Posts: 347
Joined: Tue Aug 14, 2012 2:57 am
Location: Noord-Brabant, The Netherlands
Contact:

Re: v6.15 released

Thu Jul 17, 2014 7:16 pm

PLEASE FIX THIS BUG BEFORE LAST 6.16 COME OUT...

THIS BUG ALREADY SIGNALED ON 6.12 STILL PRESENT AND NOT SOLVED:

Primary BUG: Webfig created script or schedule do not have ftp, winbox, api rights and are impossible to set that rights on Webfig

Secondary BUG: Winbox do not have the possibility to change ftp, winbox, api rights on script or schedule

VERSION AFFECTED: ALL VERSION OF ROUTEROS. Included last pre-release 6.16

When one script are created on Winbox or on CLI, the default right applied are:
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api

But when the script are created by webfig, the only right can be applied are:
reboot,read,write,policy,test,password,sniff,sensitive
MISSING ftp,winbox,api

Without ftp right some command like "/export file=filename;" are not doable on script / schedule created with WebFig.

Walkthrought: obviously using the CLI you can set the missing rights.

Is clear what is the problem, without any other investigation.
How did support respond to your questions about this? Where they able to verify and test with you?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.15 released

Thu Jul 17, 2014 7:32 pm

How did support respond to your questions about this? Where they able to verify and test with you?
How I can respond to your question? Is like you are unable to verify yourself the problem.
 
Quindor
Member
Member
Posts: 347
Joined: Tue Aug 14, 2012 2:57 am
Location: Noord-Brabant, The Netherlands
Contact:

Re: v6.15 released

Sat Jul 19, 2014 12:25 am

How did support respond to your questions about this? Where they able to verify and test with you?
How I can respond to your question? Is like you are unable to verify yourself the problem.
Not really, I don't use it myself. But you keep spamming the forums about it, so I wondered what support said about it. Are they able to verify it?
 
ahmednama
just joined
Posts: 2
Joined: Fri Sep 12, 2014 10:13 am

Re: v6.15 released

Fri Sep 12, 2014 11:08 pm

Could we perhaps have BETA stamped on this firmware again?

This is not the typical behavior or development path of "stable" firmware. At ALL.

Seriously, 15 revisions later, and we are not making any serious progress. One step forward, another step sideways and backwards.

I'm sick of being a beta tester, there is no reason to have STABLE marked on this firmware.
Please clarify what makes you say this? In this thread, no serious problems have been reported that are specific to v6.15.
Routing-mark issue has been seen on very few customers for a long time now, it is not specific to this release, and does not affect significant amount of customers. We do need remote access to these machines to fix it.

Who is online

Users browsing this forum: f008600, GoogleOther [Bot] and 55 guests