To upgrade, click “Check for updates” in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download
What’s new in 6.29 (2015-May-27 11:19):
*) ssh server - use custom generated DH primes when possible;
*) ipsec - allow to specify custom IP address for my_id parameter;
*) ovpn server - use subnet topology in ip mode if netmask is provided (makes android & ios
clients work);
*) console - allow ‘-’ characters in unknown command argument names;
*) snmp - fix rare bug when some OIDs where skipped;
*) ssh - added aes-ctr cipher support;
*) mesh - fixed kernel crash;
*) ipv4 fasttrack fastpath - accelerates connection tracking and nat for marked
connections (more than 5x performance improvement compared to regular slow
path conntrack/nat) - currently limited to TCP/UDP only;
*) added ~fasttrack-connection~ firewall action in filter/mangle tables for marking
connections as fasttrack;
*) added fastpath support for bridge interfaces - packets received and transmitted
on bridge interface can go fastpath (previously only bridge forwarded packets
could go fastpath);
*) packets now can go half-fastpath - if input interface supports fastpath and
packet gets forwarded in fastpath but output interface does not support fastpath
or has interface queue other than only-hw-queue packet gets converted
to slow path only at the dst interface transmit time;
*) trafflow: add natted addrs/ports to ipv4 flow info;
*) tilegx: enable autoneg for sfp ports in netinstall;
*) health - fix voltage on some RB4xx;
*) romon - fix 100% CPU usage;
*) romon - moved under tools menu in console;
*) email - store hostname for consistency;
*) vrrp - do not reset interface when no interesting config changes;
*) fixed async. ppp server;
*) sstp - fixed router lockup.
*) queue tree: some queues would stop working after some configuration changes;
*) fixed CRS226 10G ports could lose link (introduced in 6.28);
*) fixed FREAK vulnerability in SSL & TLS;
*) firewall - fixed sector writes rising starting since 6.28;
*) improved support for new hEX lite;
Could you be so kind and describe more elaborately what was the common problem for each fix.
It could save a lot of time if I know that, for eg…(it is example)
"fixed async. ppp server
ppp connections dropped after 10 minutes
bad addresses assigned to connection
etc., etc.."
Referring to Ticket # 2015042066000634, the problem persists.
My Radius is configured to allow one connection per customer.
I do not believe that is the Radius, because what happens is as follows:
My Radius only authorizes the connection.
The IPS POOL is in Mikrotik
Customer initiates PPPoE dial;
Mikrotik queries Radius;
Radius authorizes the client;
Mikrotik authenticates the client.
THE PROBLEM:
Randomly some authenticate clients, but do not sail;
Active PPP connections in the address field, appears in the IP that the client received;
PPP interface, the same client, the Remote Address field is empty;
PPP interface, this same customer is om the only status with D (dinamic) but nowhere with R (Running);
In IP Address, the same client is in red, with the status D (Dynamic) and I (Invalid);
Interfaces, the same customer is with Status D (Dynamic) and without the R (Running) and also not as a slave of the physical interface;
IP Route, is not created proper route (/ 32) to the client. RESULT: The PPPoE session is established, the client receives IP, but the RouterOS for some reason creates totally bugged connection. CUSTOMER IS NO CONNECTION.
After some time, the RouterOS “adjusts” the connection, creates the route and the customer browsing normally.
If fasttrack is enabled, TCP connections over GRE over IPsec are not possible (ICMP works). If I limit fasttrack rule to in-interface=all-ethernet and out-interface=all-ethernet, connection is possible again. Bug?
750UP 6.29 with MPLS/VPLS once traffic starts to pass the unit reboots, with VPLS disabled the unit no longer reboots. Has anyone seen this or have a solution?
