v6.40.8 [bugfix] is released!

Announcements
1

RouterOS version 6.40.8 has been released in public “bugfix” channel!

Before an upgrade:

  1. Remember to make backup/export files before an upgrade and save them on another storage device;
  2. Make sure the device will not lose power during upgrade process;
  3. Device has enough free storage space for all RouterOS packages to be downloaded.

What’'s new in 6.40.8 (2018-Apr-23 11:34):
!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) ike2 - use “policy-template-group” parameter when picking proposal as initiator;
*) ipv6 - fixed IPv6 behaviour when bridge port leaves bridge;
*) routerboard - fixed “mode-button” support on hAP lite r2 devices;
*) ssh - fixed SSH service becoming unavailable;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) winbox - show “Switch” menu on cAP ac devices;
*) wireless - improved compatibility with BCM chipset devices;

To upgrade, click “Check for updates” at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this concrete RouterOS release.

v6.40.7 [bugfix] is released!
v6.40.9 [bugfix] is released!
2

Related/unrelated?
Downgraded a customers router from 6.42.1 to 6.40.8, the bridge interface got deleted, resulting in no ports/dhcp on a bridge.

3

skullzaflare: see http://forum.mikrotik.com/t/v6-41-current/114978/1
Please, note that downgrading to previous RouterOS versions (below 6.41) will not restore “master-port” configuration, so use backups to restore configuration on downgrade.

4

M33 (mmips) as CAPSMAN, mix of mipsbe devices as CAPS.
Upgrade of M33 from 6.40.7 to 6.40.8 with no problems but CAPS have not connected to CAPSMAN.
They have not been upgraded automatically to “current” version as CAPSMAN configuration is set to.
After manual upgrade and restart they have connected imediatelly. All CAPS have access to Internet.

EDIT:
maybe it’s not verion related problem of CAPSMAN configuration with mixed archs.

5

Please release v6.40.9 including following fixes:

*) tile - improved system performance and stability (“/system routerboard upgrade” required);
*) capsman - improved CAPsMAN responsiveness with large amount of CAP interfaces (confirmed fix for our issue);

There are still to many changes with the new bridge implementation that we want to hold of going to v6.41+

6

Unfortunately we can not backport any fixes to older versions. In order to get these updates you will need to upgrade above 6.40.x. All the fixes which are backportable and are tested - are included in bugfix versions. You simply will need at some point upgrade to the new bridge implementation and learn how to use it.

7

Thanks,will report any findings we find migrating from v6.40.7-8 though a couple of customers were unimpressed when we told them we’d have to sit and patch all the equipment again.
Have started testing for the inevitable new bridge implementation , but have found some things a bit hard to find.

Will probably take a bit of time to get accustomed to the “new” way of doing things.

8

You are always welcome to ask questions through support@mikrotik.com e-mail. If you find out something that seems to be a bug, then report it through the same e-mail. Same rules apply to any version and any other process besides bridge. If something is working on version X and is not working on version Y, then report such problem to us.

9

all v6.4x.y releases have ‘broken’ reachability information output for

/ip route get number=$interface value-name=gateway-status

OUTPUT up until v6.39.3 = consistent PPPoE-client & DHCP-client
dhcp-client “1.1.1.1 reachable via ether1”
pppoe-client “1.1.1.1 reachable via pppoe1”

OUTPUT starting v6.4x.y != consistent behavior
dhcp-client “1.1.1.1 reachable via ether1”
pppoe-client “pppoe1 reachable”

Changing the output as inconsistent results in broken scripts and maybe other broken things

[Ticket#2018042722000332]

10

[deleted]

11

thanks a lot mikrotik for this

*) wireless - improved compatibility with BCM chipset devices;

improved too much wifi performance on all my clients

im very happy with this :smiley:

12

Hello,

I updated to v6.40.8 this morning. I was working in Winbox this evening and kept getting disconnected. I have updated to the newest Winbox release and am still getting disconnected. There is no log entry as to why.

This seems to be since my v6.40.8 upgrade.

Any thoughts?

13

im still on winbox 3.11

14

If used in l2tp client “add-default-route=yes”, then the routing table is not correctly created and VPN does not work (on ROS 39.3 everything ok).

Example:

ROS 6.40.8

l2tp client config:

[admin@Dom-3G-Router] >  /interface l2tp-client print 
Flags: X - disabled, R - running 
 0  R name="l2tp-vpn.site.local" max-mtu=1450 max-mru=1450 mrru=disabled connect-to=vpn.site.local user="derevna" password="fwefwe" profile=default-encryption 
      keepalive-timeout=10 use-ipsec=no ipsec-secret="" allow-fast-path=no add-default-route=yes default-route-distance=1 dial-on-demand=no allow=pap,chap,mschap1,mschap2

Routing table:

[admin@Dom-3G-Router] > /ip route print detail 
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 0 ADS  dst-address=0.0.0.0/0 gateway=l2tp-vpn.site.local gateway-status=l2tp-vpn.site.local reachable distance=1 scope=30 target-scope=10 
 1  DS  dst-address=0.0.0.0/0 gateway=ppp-out1 gateway-status=ppp-out1 reachable distance=2 scope=30 target-scope=10 
...
 3 A S  dst-address=10.10.10.0/27 gateway=172.16.2.1 gateway-status=172.16.2.1 reachable via  l2tp-vpn.site.local distance=1 scope=30 target-scope=10 
...
 5 ADC  dst-address=10.112.112.173/32 pref-src=100.91.5.55 gateway=ppp-out1 gateway-status=ppp-out1 reachable distance=0 scope=10 
 6  DS  dst-address=92.45.172.192/32 gateway=92.45.172.192 gateway-status=92.45.172.192 unreachable distance=0 scope=30 target-scope=10 
...
10 ADC  dst-address=172.16.2.1/32 pref-src=172.16.2.2 gateway=l2tp-vpn.site.local gateway-status=l2tp-vpn.site.local reachable distance=0 scope=10 
...

Watch entry 6:

DS  dst-address=92.45.172.192/32 gateway=92.45.172.192 gateway-status=92.45.172.192 unreachable

Wrong gateway is specified! IP - 92.45.172.192 is remote public IP address VPN (connect-to).

On ROS 6.39.3 correct gateway is specified:

[admin@Dom-3G-Router] > /ip route print detail 
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 0 ADS  dst-address=0.0.0.0/0 gateway=172.16.2.1 gateway-status=172.16.2.1 reachable via  l2tp-vpn.site.local distance=1 scope=30 target-scope=10 
 1  DS  dst-address=0.0.0.0/0 gateway=10.112.112.196 gateway-status=10.112.112.196 reachable via  ppp-out1 distance=2 scope=30 target-scope=10 
...
 3 A S  dst-address=10.10.10.0/27 gateway=172.16.2.1 gateway-status=172.16.2.1 reachable via  l2tp-vpn.site.local distance=1 scope=30 target-scope=10 
...
 5 ADC  dst-address=10.112.112.196/32 pref-src=100.64.84.86 gateway=ppp-out1 gateway-status=ppp-out1 reachable distance=0 scope=10 
 6 ADS  dst-address=92.45.172.192/32 gateway=10.112.112.196 gateway-status=10.112.112.196 reachable via  ppp-out1 distance=0 scope=30 target-scope=10 
...
 9 ADC  dst-address=172.16.2.1/32 pref-src=172.16.2.2 gateway=l2tp-vpn.site.local gateway-status=l2tp-vpn.site.local reachable distance=0 scope=10 
...

Watch entry 6:

ADS  dst-address=92.45.172.192/32 gateway=10.112.112.196 gateway-status=10.112.112.196 reachable via  ppp-out1 distance=0 scope=30 target-scope=10

dst-address=92.45.172.192/32 is accessible via ppp-out1 connection!

15

Hi, I have a problem on my wireless after update from 6.40.7 to 6.40.8 few days ago on my hAP ac device.
Sometimes all the wireless devices will be disconnected few seconds and then reconnect to the router and this problem happen quite frequently.
Sometimes it could happen few times per hour.
I see in the router log showing 00:00:00:00:00:00@wlan1: disconnected, unicast key exchange timeout and wlan1 00:00:00:00:00:00 was WDS master every time the disconnect happen.
Should I downgrade it to 6.40.7 or need some config changes?
Thank you.

20:48:07 wireless,info 00:00:00:00:00:00@wlan1: connected
20:48:12 wireless,info 00:00:00:00:00:00@wlan1: disconnected, unicast key exchange timeout
20:48:12 wireless,info wlan1 00:00:00:00:00:00 was WDS master
20:48:12 wireless,info Device A MAC address@wlan1: disconnected, disabling
20:48:12 wireless,info Device B MAC address@wlan3: disconnected, disabling
20:48:16 wireless,info Device B MAC address@wlan3: connected
20:48:19 wireless,info Device C MAC address@wlan1: connected
20:48:24 wireless,info 00:00:00:00:00:00@wlan1: connected
20:48:29 wireless,info 00:00:00:00:00:00@wlan1: disconnected, unicast key exchange timeout
20:48:29 wireless,info wlan1 00:00:00:00:00:00 was WDS master
20:48:29 wireless,info Device C MAC address@wlan1: disconnected, disabling
20:48:29 wireless,info Device B MAC address@wlan3: disconnected, disabling
20:48:31 wireless,info Device C MAC address@wlan1: connected
20:48:35 wireless,info 00:00:00:00:00:00@wlan1: connected
20:48:36 wireless,info Device D MAC address@wlan1: connected
20:48:40 wireless,info 00:00:00:00:00:00@wlan1: disconnected, unicast key exchange timeout
20:48:40 wireless,info wlan1 00:00:00:00:00:00 was WDS master
20:48:40 wireless,info Device D MAC address@wlan1: disconnected, disabling
20:48:40 wireless,info Device C MAC address@wlan1: disconnected, disabling
20:48:42 wireless,info Device C MAC address@wlan1: connected
20:48:44 wireless,info Device D MAC address@wlan1: connected
20:48:45 wireless,info Device B MAC address@wlan3: connected
20:48:54 wireless,info Device A MAC address@wlan1: connected

16

Hi Guys

I have upgraded on of my x86 edge bgp peering routers from 6.37.4 to 6.40.8,

I have noticed the the following issues on ipv6 bgp sessions that sessions with MD5 Keys do not establish a connection but the ipv4 sessions do.

I then upgraded the same router to 6.42.1 and the ipv6 bgp sessions with md5 keys work again.

has someone else seen these issues?

17

I can confirm this issue, when using dongle for WAN connection. Tested with OVPN and ROS 6.40.7, 6.40.8, 6.42.1 and 6.43rc11. Working fine with ROS 6.39.3.

18

[quote=OlegTrufanov post_id=660924 time=1526025726 user_id=61485]
Do you respond to requests from the forum or bugfix create a new bug ?
[/quote]
This is a user forum. Mikrotik staff responds on forum occasionally, but in general all (potential) bugs should be reported to support@ via email.

19

edit:// nvm.

20

Nevermind.

Romon in script and not schedule…

Scripts fire now.