I upgraded my 4011 from routeros 6.49 to 7.12 using the system/packages check for updates button and no longer can login using the routers ip address with winbox. It just times out at “Connecting to…”. I can still login via mac address. Nothing else changed, except the upgrade and I could not log back in afterwards.
The winbox service is enabled, no ip restrictions on it, my user account is still there. I’ve upgraded to 7.20.1 and the issue persists. I have download the latest ver 3.43 winbox and that didn’t help either. I’ve upgraded the firmware version as well to 7.12 and then 7.20.1. In my firewall, my first four rules are an accepts for packets input/forward from my home lan (this router is not directly connected to the internet). Everything else seems to be working as per before the upgrade and the PC I’m trying to connect from has a static ip, so it’s not DHCP related.
Anyone have any ideas why the routeros upgrade might have caused connecting via ip from winbox to fail
It means that something has gone wrong with the IP firewall. The “login via MAC” bypasses that.
So you can look in the firewall to see what is wrong or missing. To make it easier (and considering you are not connected to the internet) you can temporarily insert an input rule without any conditions and action “accept” and move it to the top of the list, so you can login via IP again.
Due to some changes between v6 and v7 (e.g. the names of the WiFi interfaces are reversed) it is better anyway to reset the configuration to defaults and re-configure the router, when that is not too much work.
Best is to netinstall the newest version (install both “routeros” and “wireless” package) and start with a default configuration or blank configuration, do not keep previous configuration.
Error occured posting the config here. Limit 32000 characters and the config is 56Kb. I’ve migrated this config over 15 years from a 750G to a 2011 to the 4011 now.
One thing I did notice this morning while trying again to see if I can figure out the issue, is I cannot ping the router from my pc. Destination unreachable even though the router is the pc’s default gateway and internet etc works through it as a gateway currently for the pc. A tracert to an internet address does work though.
I tried an input accept rule, input right at the top of my firewall list, no conditions, problem did not go away. I also disabled all drop rules in the firewall, that didn’t help either.
I’ve also tried connecting from my laptop and same problem, with an IP given from the router via DHCP, and ping from the laptop to the router also fails.
So since you suggested the firewall section, I decided to go looking then again. I disabled all firewall rules, no luck. But I thought, hmm, I saw “main” in the routing table had been added, as a changed by the ros upgrade, for all routes that did not have routing marks and it made me wonder. So I decided to disable all the connection/packet/routing markers in the firewall mangle tab and that solved the problem.
So that tells me the issue lies somehow with the marks and change made by the upgrade. Now I don’t actually need the connection/packet/routing marks anymore since I got a new internet link which is much faster than old link I had where the marks were helpful for queues and changes to the queues in scheduler after hours for instance, so I’m just going to leave all the marks disabled for now. I’ll look and see if I can figure out what the actual problem is now out of interest, but effectively the problem is solved.
For prevent in future other problems, because happen for sure™,
do complete /export show-sensitive (for yourself, not for the forum),
I suggest you to use netinstall for put last 7.20.1 with proper wifi package,
and then reconfig like the export only the used part of the actual config, discarding all the old bulls~~t.