+1 What does it say? Do we have Loopback Interface Now? Cant seem to find either in winbox nor in cli.
Great release… And IPSec died for RW configuration
jan/03 00:43:12 ipsec,info respond new phase 1 (Identity Protection): x.x.x.x
2[500]<=>y.y.y.y[500]
jan/03 00:43:13 ipsec,info ISAKMP-SA established x.x.x.x[4500]-y.y.y.y[
4500] spi:zzzz
jan/03 00:43:13 ipsec,info acquired 192.168.23.250 address for y.y.y.y[4500]
jan/03 00:43:13 ipsec,info Xauth login succeeded for user: giomac
jan/03 00:43:14 ipsec,error y.y.y.y[ failed to pre-process ph2 packet.
jan/03 00:43:17 ipsec,error y.y.y.y[ peer sent packet for dead phase2
jan/03 00:43:20 ipsec,error y.y.y.y[ peer sent packet for dead phase2
jan/03 00:43:23 ipsec,error y.y.y.y[ peer sent packet for dead phase2
jan/03 00:43:26 ipsec,error y.y.y.y[ peer sent packet for dead phase2
jan/03 00:43:29 ipsec,error y.y.y.y[ peer sent packet for dead phase2
jan/03 00:43:32 ipsec,error y.y.y.y[ peer sent packet for dead phase2
jan/03 00:43:35 ipsec,error y.y.y.y[ peer sent packet for dead phase2
jan/03 00:43:38 ipsec,error y.y.y.y[ peer sent packet for dead phase2
jan/03 00:43:41 ipsec,error y.y.y.y[ peer sent packet for dead phase2
jan/03 00:43:44 ipsec,info purging ISAKMP-SA x.x.x.x[4500]<=>y.y.y.y[45
00] spi=jjjj.
jan/03 00:43:45 ipsec,info ISAKMP-SA deleted x.x.x.x[4500]-y.y.y.y[4500
] spi:wwww rekey:1
jan/03 00:43:45 ipsec,info releasing address 192.168.23.250
Yes I have. But I’m not using STP and bridges only for the WiFi interfaces. Or have I made a mistake with my thinking?
There is no Loopback interface added. If you need loopback interface simply create bridge and do not add any ports to it. (MTU of 1500 is for that empty bridge used as loopback).
Also, does this affects L2 connections with another vendors? What exactly changed so that VLAN on 6.38 is different from vlan 6.37 and older?
Bridges have STP enabled by default. Did you set “protocol: none” on your bridges? If not, they have STP.
On the CRS the bridges are disabled, on the RB3011 not of course. I have enabled RSTP on CRS for testing, but same problem.
This is well known to all of us this is why we are asking this question.
The release notes states that mtu values have changed for Loopback Interface. Hello WHAT LOOPBACK INTERFACE.
Probably the loopback interface (lo) internal to the Linux system that is beneath the RouterOS that you can see from the outside.
This by default has an MTU of 65536. Maybe this caused problems in some special case where traffic is sent via the loopback
for internal operations of the router and the first hop has a large MTU but later hops have smaller MTU.
I have the same problem on two different RouterBOARD 911 Lite5 after the upgrade. I didn’t do any overclocking on the devices. Apart from the message I didn’t noticed any problems - everything works fine.
jan/03/2017 11:08:24 system,info,critical memory overclocked
[admin@xxx] > /system routerboard print
;;; Warning: memory overclocked
...
Do not worry about these overclocked messages - they are still work on progress. If you have not overclocked device manually, then there is no need to worry about that.
We are still improving this feature.
It happens me too - on SXT lite5 with 64MB memory…
wtf?
fantastic news !!
put teapot on, unpacked pack of (vanilla)cookies and immediately start celebrating THAT !!
thanks for continued efforts to Improve your products/ROS, MT !!
happy new year, anyone !
I just upgraded my RB751U-2HnD, and after reboot all my LED stop functioning (no light).
Just upgraded five RB751U with different configurations to 6.38 . All booted up without issues.
@hgkeh can you please post your configuration that you used on RB751U, that we can try to replicate your issue.
# jan/03/2017 21:28:33 by RouterOS 6.38
# software id = 6QRW-GN7H
#
/interface bridge
add admin-mac=00:0C:42:E1:C1:A7 auto-mac=no mtu=1500 name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-full,100M-full,1000M-full name=\
ether1-gateway rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether2 ] advertise=10M-full,100M-full,1000M-full name=\
ether2-gateway rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether3 ] advertise=10M-full,100M-full,1000M-full name=\
ether3-master-local rx-flow-control=auto speed=1Gbps tx-flow-control=auto
set [ find default-name=ether4 ] advertise=10M-full,100M-full,1000M-full master-port=\
ether3-master-local name=ether4-slave-local rx-flow-control=auto speed=1Gbps \
tx-flow-control=auto
set [ find default-name=ether5 ] advertise=10M-full,100M-full,1000M-full master-port=\
ether3-master-local name=ether5-slave-local rx-flow-control=auto speed=1Gbps \
tx-flow-control=auto
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=ether3-master-local
/interface bridge settings
set use-ip-firewall=yes
/ip settings
set rp-filter=strict tcp-syncookies=yes
/ip address
add address=x.x.x.x/x comment="default configuration" interface=ether3-master-local \
network=x.x.x.x
add address=x.x.x.x/x interface=ether1-gateway network=x.x.x.x
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=\
ether2-gateway use-peer-dns=no use-peer-ntp=no
/ip dhcp-server
add address-pool=default-dhcp lease-time=1h name=dhcp1
/ip dhcp-server network
add address=x.x.x.x/x comment="default configuration" dns-server=x.x.x.x \
gateway=x.x.x.x
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=\
x.x.x.x,x.x.x.x
/ip dns static
add address=x.x.x.x name=router
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=yes protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established \
disabled=yes
add action=accept chain=input comment="default configuration" connection-state=related \
disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes in-interface=\
ether1-gateway
add action=accept chain=input comment=Management dst-address=192.168.88.1 in-interface=\
bridge-local
add action=drop chain=input comment="Drop ICMP to gateway (OA)" in-interface=\
ether1-gateway protocol=icmp
add action=drop chain=input comment="Drop ICMP to gateway (Time)" in-interface=\
ether2-gateway protocol=icmp
add action=accept chain=input comment="Allow Established and related connections" \
connection-state=established,related
add action=accept chain=input comment="IPTV multicast forwarding" disabled=yes protocol=\
igmp
add action=accept chain=forward disabled=yes protocol=udp
add action=fasttrack-connection chain=forward comment=Fasttrack connection-state=\
established,related
add action=accept chain=forward connection-state=established,related
add action=jump chain=forward comment="Make jumps to new chains" jump-target=tcp protocol=\
tcp
add action=jump chain=forward jump-target=udp protocol=udp
add action=jump chain=forward jump-target=icmp protocol=icmp
add action=drop chain=input comment="Drop Invalid connections" connection-state=invalid
add action=drop chain=input comment="Drop everything else"
add action=drop chain=forward comment="Block \"bogon\" IP addresses" src-address=0.0.0.0/8
add action=drop chain=forward dst-address=0.0.0.0/8
add action=drop chain=forward src-address=127.0.0.0/8
add action=drop chain=forward dst-address=127.0.0.0/8
add action=drop chain=forward src-address=224.0.0.0/3
add action=drop chain=forward dst-address=224.0.0.0/3
add action=drop chain=tcp comment="deny TFTP" dst-port=69 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=111 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=yes dst-port=135 \
protocol=tcp
add action=drop chain=tcp comment="deny NBT" disabled=yes dst-port=137-139 protocol=tcp
add action=drop chain=tcp comment="deny cifs" disabled=yes dst-port=445 protocol=tcp
add action=drop chain=tcp comment="deny NFS" dst-port=2049 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=12345-12346 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=20034 protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" dst-port=3133 protocol=tcp
add action=drop chain=tcp comment="deny DHCP" dst-port=67-68 protocol=tcp
add action=drop chain=udp comment="deny TFTP" dst-port=69 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=111 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=135 protocol=udp
add action=drop chain=udp comment="deny NBT" dst-port=137-139 protocol=udp
add action=drop chain=udp comment="deny NFS" dst-port=2049 protocol=udp
add action=drop chain=udp comment="deny BackOriffice" dst-port=3133 protocol=udp
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 protocol=tcp \
src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" dst-limit=\
1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h \
chain=output content="530 Login incorrect" protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp \
src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=\
input connection-state=new dst-port=22 protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 protocol=tcp \
src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
chain=input comment="Port scanners to list " protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
chain=input comment="NMAP FIN Stealth scan" protocol=tcp tcp-flags=\
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
chain=input comment="SYN/FIN scan" protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
chain=input comment="SYN/RST scan" protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
chain=input comment="FIN/PSH/URG scan" protocol=tcp tcp-flags=\
fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
chain=input comment="ALL/ALL scan" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
chain=input comment="NMAP NULL scan" protocol=tcp tcp-flags=\
!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" src-address-list=\
"port scanners"
add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=icmp
add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="host unreachable" icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment="host unreachable fragmentation required" \
icmp-options=3:4 protocol=icmp
add action=accept chain=icmp comment="allow source quench" icmp-options=4:0 protocol=icmp
add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment="deny all other types"
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=10.0.0.0/8 new-routing-mark=OA \
passthrough=no
add action=mark-routing chain=prerouting dst-address=172.16.0.0/12 new-routing-mark=OA \
passthrough=no
add action=mark-routing chain=prerouting dst-address=192.168.100.0/24 new-routing-mark=OA \
passthrough=no
add action=mark-routing chain=prerouting disabled=yes dst-address=x.x.x.x \
new-routing-mark=VPN passthrough=no
add action=mark-routing chain=prerouting disabled=yes dst-address=x.x.x.x \
new-routing-mark=OA passthrough=no
add action=mark-routing chain=prerouting disabled=yes dst-address=x.x.x.x \
new-routing-mark=Time passthrough=no
add action=mark-routing chain=prerouting content=x.x.x.x disabled=yes \
new-routing-mark=OA passthrough=no
add action=mark-routing chain=prerouting new-routing-mark=Time passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=\
ether1-gateway to-addresses=0.0.0.0
add action=masquerade chain=srcnat out-interface=ether2-gateway
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip pool
add name=default-dhcp next-pool=default-dhcp ranges=x.x.x.x/x
/ip route
add distance=1 gateway=x.x.x.x routing-mark=OA
add distance=1 gateway=ether2-gateway routing-mark=Time
/ip route rule
add dst-address=x.x.x.x/x table=main
add dst-address=x.x.x.x/x table=OA
add dst-address=x.x.x.x/x table=OA
add dst-address=1x.x.x.x/x table=OA
add routing-mark=OA table=OA
add routing-mark=Time table=Time
add routing-mark=VPN table=VPN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
/ip smb shares
set [ find default=yes ] disabled=yes
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 disabled=yes interface=ether2-gateway upstream=yes
add disabled=yes interface=bridge-local
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=x.x.x.x secondary-ntp=x.x.x.x
/system routerboard settings
set cpu-frequency=250MHz
/tool bandwidth-server
set enabled=no
/tool mac-server
add interface=ether2-gateway
add interface=ether3-master-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-gateway
add interface=ether3-master-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add
add interface=bridge-local
Just upgraded to 6.38 HAP AC Lite.
Monitoring with Dude utilizes memory to 100% killing winbox 3.7 connection during this period.
Any recommendations?
RE: Important note!!!
To avoid STP/RSTP compatibility issues with older RouterOS versions upgrade RouterOS on all routers in Layer2 networks with VLAN and STP/RSTP configurations.
I sure wish I would of known about this issue prior to upgrading a dozen Mikrotiks last month. Because of spanning-tree issues, I had the biggest/longest network outage since starting my ISP business over 10 years ago.
North Idaho Tom Jones
Last month? Full version with this feature was released only this year.
Did you upgrade your production network to Release Candidate version?? if yes, that outage is all on you, all on you.
Something seems wrong with PPPoE upload:
ROS 6.38:
ROS 6.36.4:
Ignore download speed since it shows some variations due to network load.
For upload 13Mbps was the best result, having some tests peaking at 2-3Mbps.
Both are done on my RB1100AHx2 with the same configuration, repeated several times on multiple dynamic IPs, with the same behavior.
Speedtest server is local to my ISP. Maximum speed is 1Gb/200Mb.
ROS 6.37.3 was working OK, too.