v6.43.13 [long-term] is released!

Announcements
1

RouterOS version 6.43.13 has been released in public “long-term” channel!

Before an upgrade:

  1. Remember to make backup/export files before an upgrade and save them on another storage device;
  2. Make sure the device will not lose power during upgrade process;
  3. Device has enough free storage space for all RouterOS packages to be downloaded.

What’s new in 6.43.13 (2019-Mar-13 11:27):

*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using “ingress-filtering=yes” on bridge interface;
*) bridge - fixed system’s identity change when DHCP Snooping is enabled (introduced in v6.43);
*) capsman - always accept connections from loopback address;
*) certificate - force 3DES encryption for P12 certificate export;
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding’s network if RADIUS authentication was used;
*) ethernet - added “tx-rx-1024-max” counter to Ethernet stats;
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) fetch - improved file downloading to slow memory;
*) gps - increase precision for dd format;
*) gps - removed unnecessary leading “0” for dd format;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipv6 - do not allow setting “preferred-lifetime” longer than “valid-lifetime”;
*) kidcontrol - added “tur-fri”, “tur-mon”, “tur-sat”, “tur-sun”, “tur-thu”, “tur-tue”, “tur-wed” parameters;
*) kidcontrol - fixed validation checks for time intervals;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) lldp - fixed missing capabilities fields on some devices;
*) lte - do not show “session-uptime” if session is not up;
*) lte - improved SIM7600 initialization after reset;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed “dst-active” and “gmt-offset” being updated after synchronization with server;
*) ppp - fixed dynamic route creation towards VPN server when “add-default-route” is used;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) smb - added commenting option for SMB users (CLI only);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) supout - fixed “poe-out” output not showing all interfaces;
*) supout - fixed Profile output on single core devices;
*) winbox - added “conflict-detection” parameter in “IP/DHCP Server” menu;
*) winbox - added “coordinate-format” parameter in LTE interface settings;
*) winbox - added “use-local-address” parameter in “IP/Cloud” menu;
*) winbox - allow specifying interface lists in “CAPsMAN/Access List” menu;
*) winbox - fixed “IPv6/Firewall” “Connection limit” parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed “LCD” menu not shown on RB2011UiAS-2HnD;
*) winbox - moved “Too Long” statistics counter to Ethernet “Rx Stats” tab;
*) winbox - show “System/RouterBOARD/Mode Button” on devices that have such feature;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved connection stability for new model Apple devices;

To upgrade, click “Check for updates” at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this specific RouterOS release.

2

Is it safe to downgrade from 6.44?
Edit: Did it, appears to work fine.

3

I downgraded 1 x CCR 1016 12G, 3 x CRS 125s, 5 x RB951G and 2 x WaP60Gs to 6.42.12 no issues at all on downgrade, I’d assume 6.43.13 be the same…

No issues at all either with 6.42.12 to 6.43.13

Cheers!

4

New DDNS cloud server - it’s good :slight_smile: .

5

Unable to change default username for admin account (or any account), command line gives error “failure: user name can’t be changed” and winbox options are disabled.

/user set admin name=somethingelse password=mypass comment=“changed default account”
failure: user name can’t be changed

6

I guess you are logged inn with the user you try to change.
Create a new user, log inn with new user, then change admin user.

7

You can’t change username anymore, if you need different username create new, and delete old one.
This is feature, not a bug.

8

I disagree, it’s a bug. Proof: where is this in any changelog? (because I looked before posting, twice)

9

http://forum.mikrotik.com/t/cant-change-username-on-ros-6-43/123231/1


Make a new user, then re-login. There are big security changes in last versions, rename is no longer possible.

10

v6.43 changelog

*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
11

Hmmmm

It’s good that these steps have been taken to encrypt local user passwords the only issue is we had jinja2 scripts creating config that essentially renamed the local admin to a site/customer specific username for rollout.

Will have to play around and see what to do now . Probably create a new user account and delete/disable the old admin account ?


Thanks for the heads up @macgaiver

12

because reading an entire thread is too hard: http://forum.mikrotik.com/t/cant-change-username-on-ros-6-43/123231/1

13

Just read that thanks

Will have to radically alter that script of vecernik87 for the build environment.

14

That was just an example :slight_smile: but at least you can see it is possible and not that complicated :slight_smile:

15

Thx for the script mate.Helps a bunch.

16

I have a 450G and a 750Gr3 that have had this error since upgrading:

“backup,critical error creating backup file: could not read all configuration files”

It happens with both encrypted and unencrypted backups; both were upgraded from 6.42.12. My 951G that was upgraded from 6.43.12 does not have this issue. Is anyone else experiencing this?

17

Try to regenerate the ssh host keys:

/ ip ssh regenerate-host-key
18

Thanks, that fixed it!

19

Is everything okay there with winbox-router communication? When I open winbox session on previous RouterOS versions it takes like 1-2 seconds to establish session, now with 6.43.13 it happens instantly. It feels like there could be broken encryption or something. So I wonder if bug or feature.

20

Is “previous” version 6.43.12 or some other one?