@moep please contact support and attach supout files from rc version and supout file from downgraded router where ipsec is crashing.
Password size was limited, in next RC this limitation will be removed.
Version 6.38rc51 has been released.
Changes since previous version:
!) switch - added hardware STP functionality for CRS devices and small Atheros switch chips (http://wiki.mikrotik.com/wiki/Manual:CRS_examples#Spanning_Tree_Protocol);
*) bridge - fixed VLAN BPDU rx and tx when connected to non-RouterOS device with STP functionality;
*) capsman - fixed CAP upgrade when separate wireless package is used (introduced in 6.37);
*) console - fixed multi argument value unset;
*) dhcp - fixed DNS server assignment to client if dynamic server exists and is from another IP family;
*) dude - (changes discussed here: http://forum.mikrotik.com/t/the-dude-v6-38rc-test-builds/101859/1);
*) hotspot - fixed nat rule port setting in hs-unauth-to chain by changing it from dst-port to src-port on Walled Garden ip return rules;
*) ipsec - do not auto-negotiate more SAs than needed;
*) ipsec - make generated policies always as unique;
*) ipsec - show active flag when policy has active SA;
*) ipsec - various additional work on IKEv1/IKEv2 support;
*) ipv6 - moved empty IPv6 pool error message to error topic;
*) radius - added IPSec service to console;
*) snmp - always report bonding speed as speed from first bonding slave;
*) wireless - fixed action frame handling for WDS nodes;
*) wireless - fixed full “spectral-history” header print on AP modes;
If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
Those RCs just keep coming and coming 
This is going to be the biggest release ever.
I hope to be one of the best releases … Bug free and stable Christmas gift,for all Mikrotik fans.
Seems that IKE polishing is taking some hard time and effort, to my memory this is first time RC have reached 50+ EVER!!!
Note: hardware RSTP is finally working as expected, thanks!
This is going to be one of the biggest RouterOS releases.
Thanks to Mikrotik support and developers for all the hard work they are putting in.
Can anyone confirm that STP only works with master/slave port and no additional “/interface ethernet switch vlan” config?
Version 6.38rc52 has been released.
Changes since previous version:
*) bonding - fixed “tx-drop” on VLAN over bonding on x86;
*) bonding - fixed kernel failure when bonding slave interface receives BPDU (introduced in 6.38rc51);
*) dude - (changes discussed here: http://forum.mikrotik.com/t/the-dude-v6-38rc-test-builds/101859/1);
*) ethernet - fixed “tx-fcs-error” on SFP+ interfaces when loop-protect is enabled ;
*) ipsec - fixed kernel failure on tile with sha256 when hardware encryption is not being used;
*) ipsec - fixed ph2 auto-negotiation by checking policies in correct order;
*) ipsec - various additional work on IKEv1/IKEv2 support;
*) ipv6 - fixed “accept-router-advertisements” behaviour;
If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
Just sent one report. I tried upgrading from rc48 to rc52 on a point to point link using two SXT-ac units. The wlan interface associated correctly to the AP but it stopped moving packets.
Downgrading the station SXT-AC to rc48 made it work again.
Just tried RB2011 upgrade from 6.37.2 to 6.38.rc52. Router did not returned after upgrade.
After visual inspection is clear that system is in boot loop (on startup are lighting up 3 port leds and after 3s everything goes down). At the boot the LCD display shows, that system is loading kernel, then it stops and after 1s it try again…
Support guys what you can advice? netinst? or i can get some info whats happening via serial console?
At the log console MT6.38rc52:
“package channel changed by admin” - wtat’s that?!
I have never seen that log before. I hav NO wireless package at this RB493G.
So - what does mean that log info? It’s “system,info” category message.
you changed channel in “/system package update set channel=” or in winbox choose different item in dropdown
I found a strange behavior with 6.38rc52 vs. 6.38rc48.
Here the architecture:
Additional info:
- EdgeSwitch has STP disabled
- hEX POE has its ports in bridge mode acting as a managed POE switch
- hAP is also bridged and runs a NTP Server with GPS, with its wireless interface disabled
- RB922 has 2 wireless interfaces, using VLANs and BGP with the RB1100
Now there is a strange behavior when trying to access the components from a machine connected to the Edgeswitch.
- The moment I upgrade the RB922 to 6.38rc52, the access to the hEX POE and the connected camera will fail.
- If I reset the RB260GSP, the hEX and the camera will come on line for some 30 sec and then be inaccessible again.
- The system behaved correctly when both 922 and hAP used 6.38rc48 (hEX and RB1100 had 6.37.3)
- The RB922 behaves correctly in both instances
- Downgrading the RB622 to 6.37.3 brings normal behavior back
Hi Marius,
Do you have STP enabled on any of the bridges inside MikroTik routers?
It appears that there is new functionality in this area. I read that STP is now supported on switch chips with
the trick (?) of providing it from a connected bridge. I often set the STP protocol to “none” on bridges in cases
where there is no danger of loops, did you try that?
Thank you Rob for the suggestion.
I disabled STP on the hEX POE and on the hAP and it seems to work now.
But I still did not expect this to happen…
It is not correct but maybe it can be explained from the new functions in 38rc.
Did you also try to enable STP everywhere?
When there is no bridge in the RB260 it could be required to add one.
(I did not really investigate the “STP for switch provided by bridge” function yet)
In non working conditions, all routers had RTSP enabled on the connected bridges, including on VLAN bridges.
Just the Edgeswitch has STP/RTSP disabled, because I did not get it to work on VLANs with it enabled.
Can someone tell how is CPU usage with site 2 site VPN connection using IKEv2?
Ike is phase1 protocol so in terms of forward speed over the tunnel ike2 does not differ from ikev1.
Anybody had a look at the latest v6.38rc changelogs? Seriously guys, what’s up? 165 changes since v6.37.3? 
Never ever has a changelog been so huge. That’s going to be the biggest release for MikroTik ever. Looking forward to it, can’t await v6.38 showing up in channel bugfix only. 