v6.42.7 [current] is released!

Announcements
1

RouterOS version 6.42.7 has been released in public "current" channel!

Before an upgrade:

  1. Remember to make backup/export files before an upgrade and save them on another storage device;
  2. Make sure the device will not lose power during upgrade process;
  3. Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.42.7 (2018-Aug-17 09:48):

**MAJOR CHANGES IN v6.42.7:

!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
----------------------**

*) bridge - improved bridge port state changing process;
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding without VLAN filtering (introduced in 6.42.6);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) ppp - fixed interface enabling after a while if none of them where active;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - updated "united-states" regulatory domain information;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this concrete RouterOS release.

If you router has a storage issue (not enough space due to RouterOS, not by other files stored on the device), use package from this link:
https://www.mikrotik.com/download/share/fix_space.npk

  • upload package to your router;
  • run /system reboot

Other affected installations will be fixed automatically, if there is enough space left for an upgrade by this fix:
"package - free up used storage space consumed by old RouterOS upgrades"

v6.42.6 [current]
2

*) ipsec - fixed “sa-src-address” deduction from “src-address” in tunnel mode;

Can you please share what was the issue and what is the fixed behaviour?
I am using alot of IPSec in 6.42.6 and having no issues, I’m just wondering what has changed before I alter a working environment
Thanks for the great work

3

When adding (or importing) a new IPsec policy it automatically used src-address to calculate sa-src-address if it was not specified in tunnel mode, which is not correct. E.g.

/ip ipsec policy add dst-address=192.168.1.0/24 sa-dst-address=10.155.107.5 sa-src-address=0.0.0.0 src-address=10.155.107.6 tunnel=yes

Created:

 1     src-address=10.155.107.6/32 src-port=any dst-address=192.168.1.0/24 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=10.155.107.6 sa-dst-address=10.155.107.5 proposal=default ph2-count=0
4

Seems that new workaround option:

*) wireless - added option to disable PMKID for WPA2;

Does not prevent users to connect and so far everything works well for us …

5

Hi Emils,
Thanks for the responce, Am I correct in saying the corrected behaviour is that if the sa-src-address=0.0.0.0 is used, It will now take the ip address of the outbound interface(Interface with the route to the ipsec peer/sa-dst-address)
Thanks
Mark

6

Yes, that is correct.

7

upgraded RB751-2HnD and RB2011UiAS-2HnD no dramas. I’ll be interested in removing the PMKID and see what happens.

edit: removed PMKID and still here so who needs PMKID anyway?

8

Upgraded 5 x wAP AC, no issues so far.

9

Upgraded two 3011, one 493G, two CHR and two wAP AC. No issues what so ever. Also disabled PMKID for WPA2 and have no issues so far.

10

Hi updated a CRS328-24p-4S+ (Arm) from v6.42.6 → v6.42.7 and all the weird problems are gone for us so far.

We can disable interfaces again without other interface being effected aswell and trunk interfaces toward other switches keep working after the update and reboot.

Thansk for fixing this!

Fusionyx

11

What is the Capsman-part of this?

EDIT: Sorry, just had to relaoad the config to see it!


Joe

12

upgraded almost 300MK devices today and so far without problem

already done on types :
crs 328 poe
crs 317
crs 125
crs 226
ccr 1009
ccr 1016
ccr 1032
metal 52SHPacn
metal 2SHPn
rb 2011
rb 3011
mAP lite

In late night I must also done upgrade on main-rt CCR1072, I supposing no problem also :slight_smile:

13

Does this really fix multipoint Wireless Wire disconnects? I’m reluctant to try as rc56 still had issues.

14

@MonkeyDan

*) wireless - added option to disable PMKID for WPA2;
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - fixed packet processing after removing wireless interface from CAP settings; 
*) wireless - updated "united-states" regulatory domain information;

This wireless problem has been fixed. If your problem is listed there, it should be ok

15

*) wireless - added option to disable PMKID for WPA2;

Even in CAPsMAN! \o/

Great Job!

Ralf.

16

Wow, you are brave :slight_smile:

17

or stupid.. :smiley:

no, really, I have lack of bad experiences… :smiley:

18

That’s for WiFi. WiGig changes are under w60, which yes, they said they were fixed, but I’ve seen plenty of current and rc releases where that wasn’t the case.
I decided to gave 6.42.7 a go on a 2 station multipoint setup, and while the links flapped for 10 minutes, they’ve been stable ever since. Hopefully it stays this way for a very long time :smiley:

19

Upgraded without problems ..

CRS125
CHR + Dude
RB750
RB951
RB962 (9x)
RB1100
RB2011 (2 IPSEC tunnels)

20

Just wanted to comment the same… upgrading 300 devices on the day of release, wow!
He deserves the prize for most valuable beta tester!