Community discussions

Search found 43 matches

by osc86
Thu Jul 11, 2019 6:00 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 409
Views: 53153

Re: v6.45.1 [stable] is released!

Unlike TCP, GRE is completely stateless, there's no way the router knows if an incoming GRE packet is new, related, established or something else. On both endpoints of the tunnel you need to have these firewall rules set up. Output chain's default action is accept, so you only have to do it for inpu...
by osc86
Thu Jul 11, 2019 3:49 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 409
Views: 53153

Re: v6.45.1 [stable] is released!

@baks this is why the drop invalid rule is placed AFTER the accept established,related,untracked rule. 1 ;;; defconf: accept established,related,untracked chain=input action=accept connection-state=established,related,untracked log=no log-prefix="" 2 ;;; defconf: drop invalid chain=input action=drop...
by osc86
Tue Jul 09, 2019 8:20 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 60
Views: 8527

Re: v6.44.5 [long-term] is released!

File from 159.148.147.204 is corrupted.
https://159.148.172.226/routeros/6.44.5 ... 6.44.5.zip seems ok.
by osc86
Fri Jul 05, 2019 5:39 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 409
Views: 53153

Re: v6.45.1 [stable] is released!

Any updates regarding the SNMPv3 PrivAuth <-> Dude Issue?
For sure there's something wrong, I set up a new dude server and this "bad packet" error happens on all my devices running 6.45.1, LibreNMS works fine, though.
by osc86
Mon Jul 01, 2019 7:03 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 409
Views: 53153

Re: v6.45.1 [stable] is released!

My configurations use all types of tunnels.

GRE, IPIP, EoIP. All of them, over IPsec without any problems on my end.
same here, no issues.
by osc86
Fri Jun 14, 2019 2:42 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 66043

Re: v6.45beta [testing] is released!

Will it ever be possible to filter ipsec logs by peer? Debugging is pretty much impossible if you have a ton of tunnels active.
by osc86
Sat May 25, 2019 12:25 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 66043

Re: v6.45beta [testing] is released!

I can also confirm snmpv3 does not work in 6.45rc50 with Observium or snmpwalk.
@slackR Did you already open a ticket at Mikrotik Support?
by osc86
Wed May 22, 2019 1:42 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 66043

Re: v6.45beta [testing] is released!

for some reason, my device isn't responding to SNMPv3 queries anymore, since I upgraded to beta50. I'm using LibreNMS for monitoring my devices, also tried manually with snmpwalk -> no response. EDIT: [admin@CORE] /snmp community> pr d Flags: * - default 0 * name="librenms" addresses=::/0 security=p...
by osc86
Fri May 10, 2019 5:58 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 66043

Re: v6.45beta [testing] is released!

osc86, I can not reproduce the issue. Can you please send a supout.rif file to support@mikrotik.com?
Done. [Ticket#2019051022005463]
by osc86
Thu May 09, 2019 5:54 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 66043

Re: v6.45beta [testing] is released!

After upgrading from beta31 to beta34-42, all IKEv2 PSK ipsec tunnels don't come up, getting Authentication failed in the logs (yes, psk is the same on both sides, hasn't been changed). Downgrading to beta31 again resolves the issue. 16:50:20 ipsec notify: AUTHENTICATION_FAILED 16:50:20 ipsec,error ...
by osc86
Fri Apr 19, 2019 3:56 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 66043

Re: v6.45beta [testing] is released!

After ugrading from beta31 to beta34, none of the ipsec tunnels work. Reverted back to b31.
by osc86
Wed Apr 17, 2019 12:52 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 66043

Re: v6.45beta [testing] is released!

After I had big problems with ipsec in 6.44.1/hAP ac I remained using 44.1 for a while. Thinking that beta31 had already those issues fixed, I tried to upgrade with the following IPsec configuration: /ip ipsec peer add exchange-mode=ike2 name=router passive=yes /ip ipsec policy group add name=RoadW...
by osc86
Tue Apr 16, 2019 11:08 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 66043

Re: v6.45beta [testing] is released!

So this means wired 802.1x is now supported I guess. Any idea how we can configure this through CLI ? Also is there a planned GUI support version of it coming soon ? Before anyone asks. Configuration options for dot1x are not yet enabled in this release. Coming in next beta, most likely next week.
by osc86
Sat Apr 13, 2019 6:34 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 66043

Re: v6.45beta [testing] is released!

I have an CHR install which capsman is running. On 6.45beta27 I noticed that when I try to see on winbox the "Configurations" tab under Capsman settings or "CAP Interface", winbox close/crash without any error on Log window. I also updated to latest beta (6.45beta31) and sitll issue persist. My win...
by osc86
Sat Apr 13, 2019 10:47 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 66043

Re: v6.45beta [testing] is released!

I hope they'll add an option to remove single SAs in the future.
by osc86
Fri Apr 12, 2019 2:39 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 66043

Re: v6.45beta [testing] is released!

----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
----------------------
Amazing news! Thanks!
by osc86
Fri Apr 05, 2019 12:27 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 66043

Re: v6.45beta [testing] is released!

igmp-snooping is killing ipv6 connectivity, by not forwarding neighbor solicitation messages.
FF02:1:XXXX:XXXX isn't listed in MDB table, so no NS messages are exchanged between hosts.
This happens at least since beta22.
by osc86
Sun Mar 31, 2019 12:37 am
Forum: Announcements
Topic: v6.44.1 [stable] is released!
Replies: 86
Views: 16985

Re: v6.44.1 [stable] is released!

so why are we sitting with &^%%$& 16MB of NANDs
I agree, this is ridiculous
by osc86
Sun Mar 31, 2019 12:10 am
Forum: Announcements
Topic: v6.44.1 [stable] is released!
Replies: 86
Views: 16985

Re: v6.44.1 [stable] is released!

uninstall tr069 package, remove everything from /files, upgrade only routeros, after suiccessful upgrade install tr069 again
by osc86
Fri Mar 15, 2019 4:05 pm
Forum: Announcements
Topic: v6.44.1 [stable] is released!
Replies: 86
Views: 16985

Re: v6.44.1 [stable] is released!

Tested Version on CCR1036-12G-4S - ROMON is not showing up in a discovery - ROMON appears to have been broken or some part of it. - CCR1036 is not showing up in ROMON list anymore after 44.1 installed. Anybody else seeing this.... or not! ? Updated a CCR1009, 2xCHR, 951Ui-2HnD, 750G r3, 2x 941-2nD ...
by osc86
Wed Mar 06, 2019 7:22 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 32275

Re: v6.44 [stable] is released!

BUG – v.6.44 on ARM boxes RB3011 is losing IPSEC configuration After upgrade of ARM boxes (RB3011) to latest stable version 6.44, IPSEC is not working. Winbox GUI /ip ipsec section in is empty and no new config parameters can be added; In console /ip ipsec export gives just info that all subsection...
by osc86
Tue Mar 05, 2019 6:38 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 66043

Re: v6.45beta [testing] is released!

*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface; How did this bug manifest itself?? Been using this setup for a while and didnt notice any issues, on the other hand I dont really monitor that closely. I reported this problem to mt support. It occured on...
by osc86
Thu Feb 28, 2019 12:02 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 32275

Re: v6.44 [stable] is released!

Another "bug" from version to version, form stable to stable release

"Future" time on GRE tunnels in (up\down) status field
May be someone know how it resolve?
Thanks!
Check System / Clock

All tunnel interfaces show the correct date and time on my devices.
by osc86
Tue Feb 26, 2019 3:26 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 32275

Re: v6.44 [stable] is released!

updated a CCR1009 from 6.43.12 to 6.44 -> Lost connectivity on all eoip (ipsec) interfaces. Update: so it seems that this update broke ipsec completely on my device. The router locks up every time I try to access any menus under ip / ipsec. I only have about 5 tunnels configured with very basic sett...
by osc86
Mon Feb 25, 2019 5:57 pm
Forum: Announcements
Topic: v6.43.12 [stable] is released!
Replies: 49
Views: 11237

Re: v6.43.12 [stable] is released!

I noticed a memory leak when bridge is set to frame-types=admit-only-vlan-tagged.
What is the device model affected?
CCR1009-7G-1C-1S+
by osc86
Mon Feb 25, 2019 4:30 pm
Forum: Announcements
Topic: v6.43.12 [stable] is released!
Replies: 49
Views: 11237

Re: v6.43.12 [stable] is released!

I noticed a memory leak when bridge is set to frame-types=admit-only-vlan-tagged. Winbox and cli are unable to display interfaces / vlan / firewall rules etc after a few hours. A supout file takes like forever to generate and is corrupt when done.
by osc86
Thu Dec 20, 2018 11:06 pm
Forum: General
Topic: Tapatalk SQL error
Replies: 2
Views: 388

Re: Tapatalk SQL error

are they still working on a fix?
IMG_0658.jpg
by osc86
Wed Dec 19, 2018 10:47 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 78965

Re: v6.44beta [testing] is released!

Most likely a supout.rif file is already generating in the backgound. Is there an autosupout.rif file in the Files menu? No, there are no files at all in the files menu. I had rebooted and tried again. It is still trying to generate the supout 5 hours later. If I go to the command line and type "/i...
by osc86
Wed Dec 12, 2018 11:43 pm
Forum: General
Topic: IPSec from OSX isn't working [SOLVED]
Replies: 2
Views: 819

Re: IPSec from OSX isn't working [SOLVED]

thanks FransUrbo!
This also fixed the problem with iOS devices.
by osc86
Tue Dec 04, 2018 10:40 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 78965

Re: v6.44beta [testing] is released!

I still see SAs are not removed when they expire. Why isn't it possible to remove single SAs?
by osc86
Fri Sep 14, 2018 12:09 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 26763

Re: v6.43 [current] is released!

After updating CCR1009 to 6.43 there is a problem with port stability! Has anyone else encountered such a problem?
I doubt this is a software issue. Seems only one port is affected.
I don't have such a problem on my CCR1009.
by osc86
Wed Sep 12, 2018 3:31 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 26763

Re: v6.43 [current] is released!

We have a huge memory leak on the new 6.43 code running on our CRS317's. Some devices seem to be more affected than others, but within 10hrs the device reboots due to low memory. I encountered the same problem on a CCR while it was still rc. MT Support was unable to reproduce / fix it. Only a netin...
by osc86
Wed Sep 12, 2018 10:25 am
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 26763

Re: v6.43 [current] is released!

The comment column is missing in ipsec peer menu in winbox, and my id is shown twice
by osc86
Fri Aug 24, 2018 8:07 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 107805

Re: v6.43rc [release candidate] is released!

osc86, we are aware of the issue. It will be fixed until 6.43 is released in current release channel.
Something must have been changed with ipsec processing in rc64. No traffic is passing through the tunnels.
I moved back to 56, where everything works fine.
by osc86
Fri Aug 24, 2018 4:04 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 107805

Re: v6.43rc [release candidate] is released!

I lost all ipsec connections after updating to rc64 because of a bug in peer profiles.

Image
by osc86
Tue Jul 24, 2018 5:46 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 107805

Re: v6.43rc [release candidate] is released!

even more important, the memory leak is still not fixed
by osc86
Sun Jul 22, 2018 1:04 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 107805

Re: v6.43rc [release candidate] is released!

Yesterday I set up an ipsec connection between 2 devices, one running 6.42.6 the other 6.43rc44. All IKE related settings were the same on both devices, but I wasn't able to establish a connection, unless I changed the hash algorithm to sha256 on the one running 6.42.6 and sha1 on the other. When I ...
by osc86
Sat Jul 21, 2018 1:39 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 107805

Re: v6.43rc [release candidate] is released!

anyone noticing a memory leak that ends with a kernel panic? this is on a CCR1009-7G-1C-1S+ running v6.43rc44

Image
by osc86
Sat Feb 17, 2018 2:36 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 92443

Re: v6.42rc [release candidate] is released!

CPU hog issue is still not fixed in rc28
(Ticket#2018010522007579)

Image
by osc86
Thu Dec 28, 2017 10:08 pm
Forum: General
Topic: Help with IKEv2/IPsec client configuration
Replies: 29
Views: 9160

Re: Help with IKEv2/IPsec client configuration

any updates on this, did you get it working?
by osc86
Tue Dec 26, 2017 5:36 am
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 74109

Re: v6.41 [current]

Adding or removing vlans in MSTI makes my 1009 unreachable on all interfaces, have to power cycle to regain access.. 100% reproducible
by osc86
Sun Dec 24, 2017 4:14 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 74109

Re: v6.41 [current]

How to correctly add virtual interfaces like eoip tunnels to the bridge? I tried 2 ways to get this working, without any luck. 1. When I add the tunnel interface as port to the bridge and create vlans on the bridge, the interface never comes up because of constant STP Learning/Discarding. I didn't f...
by osc86
Wed Aug 09, 2017 1:47 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 119863

Re: v6.41rc [release candidate] is released! New bridge implementation!

*) ipsec - allow to specify remote peer address as DNS name (CLI only);
does this mean ipsec tunnels can be established between 2 sites with dynamic ip addresses, so I can get rid of the additional L2TP Tunnel?