v6.47beta [testing] is released!

bpwl · February 10, 2020, 10:49pm

@Znevna: I know it’s test track only. But once a developper sets for a solution (no antenna gain check needed anymore) , they may stick to that.

It’s a pain now to set the country, if you don’t fill in the antenna gain before entering APPLY.,
Set the gain via “terminal” to a low value, and then let somebody set the country via WinBox or Webfig.

Same with the choice for the SXTsq ac 5, to only allow “outdoor” frequencies. I want to use it indoor … but are limited to outdoor frequencies.
We know that the “outdoor” setting exists because it is more restrictive than “indoors”. (You are not allowed to disturb the ether outdoors.)

Extrems · February 10, 2020, 11:12pm

*) dns - use only servers received from IKEv2 server when present;

This might sound strange, but I need to not use the servers received.

SiB · February 11, 2020, 12:39am

@emils

Where are that inline bar graphs? I cannot found it. This will be a new feature?

Then please fix the LED display who give us info in WinBox about modem-signal-treshold=-93 who in only CLI give info that WinBox give fake information, CLI:

rooted · February 11, 2020, 2:52am

Shouldn’t that be “threshold”?

raffav · February 11, 2020, 7:23am

I had to netinstall my cap ac when I applied this version, lost completely access to it just user id and power led was on
After that caps and capsman don’t act normally
I woke up today my 2g were down
I had to reboot twice one i got a msg telling that regulatory domain mismatch in cap (since when in capsman mode its care about setting in wireless interface?)
After changing to match
Interface did not come up as manager although the 5 g was showing managed by capsman was not working.. I had to reboot for 2 time

Sent from my Moto Z3 Play using Tapatalk

msatter · February 11, 2020, 10:25am

Any chance that dynamic DNS servers in IKEv2 can be deactivated? I have a long list to which not should be connected (NordVPN). Putting a ICMP reject (output) on it helps a bit but rather I have them ignored if the user wants that. Like as it possible in L2TP/IPSEC.

Update:

GRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR

Updated my inner router also from 6.46beta68 to this beta and the DNS completely stopped working. It refuses to use my local DNS Server and only wants to use the dynamic DNS Servers. I can only block that by putting in filter the following rule:

add action=reject chain=output comment="Rejecting request made by the router itself, if not to the local DNS server" dst-address=!192.168.88.2 dst-port=53 log-prefix="DNS unreach" protocol=udp reject-with=icmp-admin-prohibited src-address=192.168.88.1

I had to revert to the previous beta to be able to post here.

*) dns - use only servers received from IKEv2 server when present;

Is this the cause that using NordVPN is not working anymore in this Beta if using a local DNS?

msatter · February 11, 2020, 2:38pm

It is no fun looking at and being forced to use that list of dynamic servers while not wanting to use them. I want to use my Pihole at 192.168.88.2

eworm · February 13, 2020, 2:42pm

*) dns - use only servers received from IKEv2 server when present;

IMHO that’s a bad change. I have an open wifi network for guests, client traffic is routed via IKEv2 provider. I do not necessarily trust this provider - I just want to hide my public IP address for unknown clients.
Traffic from known clients and router itself goes via ISP, the same should be true for DNS traffic.

I understand the idea for that change, but sending all DNS traffic to a VPN provider without the data itself does not improve the privacy or security situation. More the contrary.

Any chance to have a setting for IKEv2 peer (or mode-config or whatever…) named “use-dns” with three valid values: yes, no and exclusively?

kmrue · February 13, 2020, 4:09pm

The release notes on 6.47beta32 states
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;

However I can not confirm on that one. There seems to be absolutely no change in behaviour compared to the previous beta.

Tab General:
all fine (to my understanding, those are internal anyhow and not UPS-protocol dependant=
Alarm Setting: does not have any effect even if set to immediate

Tab Model:
Model: Fine and complete
Version: no information
Serial Number: Fine
Manufacture Date: Fine
Nominal Battery Voltage: No Information

Tab Status:
Transfer Case: no information
Run Time Left: FINE
Offline After: FINE
Battery Charge: FINE
Battery voltage: no information
Line Voltage: no information
Output Voltage: no information
Load: no information
Temperature: no information
Frequency: no information

ON Line Checkbox: Fine
On Battery Checkbox: no information
All other Checkboxes: not tested

Tests performed on a SMART UPS 1000 FW UPS 09.4 / ID=18
and with a Smart-UPS 1500 FW:COM 02.1 / UPS.05.I

both with same readings. AFAIR this new beta version - which was supposed to be IMPROVED - does not make any change at all to the previous beta.

Furthermore: UPS only gets identified upon boot (so somehow the syncing of the UPS to the RB does not seem to be easy)

Once more my offer @mikrotik that I am willing to test even intermediate versions of the UPS-npk

msatter · February 13, 2020, 4:12pm

I like to add to make to naming more clear like “Use Peer DNS” as it is used else where in ROS.

By exclusively do you mean that the dynamic DNS is resolving only for that link? Not going into the pool of Dynamic DNS servers under IP-DNS.

osc86 · February 13, 2020, 4:22pm

Please give us the option, to not use any dynamic servers at all, no matter what the source is.
I don’t want to use any kind of dynamic dns servers, for obvious reasons.
Who is using the dns servers the vpn/isp provides anyway..

msatter · February 13, 2020, 4:59pm

Using the dnsservers from the VPN providers is wished for and so you avoid leaking DNS data.

However if you have your own server you want to ‘leak’ to your own server. This is for advanced users and the default setting should be, using the dynamic servers.

ingus16 · February 16, 2020, 4:06pm

6.47 beta 32
dns - use only servers received from IKEv2 server when present;

With this “fix” no i am not able to use local pihole +dnscrypt server because ike ipsec receive their vpn dns servers and mikrotik use only ike dns servers even despite dstnat override rule

Xymox · February 16, 2020, 4:44pm

*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;

Hmmmmm… Im seeing a weird issue with 6.47

I have a LAG Bonded interface to my cable modem. 802.3ad . Yes the cable modem supports this. This works perfect on 6.46 It strangely fails on the beta. Im running DHCP-Client and NAT and using firewall rules that use rules based on a interface list item WAN which is the bonded interface.

Im not smart enough to troubleshoot what goes wrong, but, when I upgrade firmware on the CCR to 47 I loose connection to the outside world. I don’t see where its getting lost either. Im not smart enough to follow a packet thru the router to isolate where it gets lost.

DHCP-Client is talking to the cable modem and does get a IP.

I can regain the connection by removing the bonded interface and putting it back.

Because there was a change to bonding behavior in 6.47 I thought I should report this weird issue I am seeing. Should I send a support email ?

I have 6.46.3 and the beta on partitions and can swap around easily. So I copy 6.46.3 and save config to a partition, activate that partition, upgrade firmware on it to 6.47x, and it 100% fails every time. Swap back to 6.46.3 works fine. Swap back to 6.47x and remove/readd bonding interface and it works..

I might also be seeing the issue come back over time even after I get it working. I am monitoring that.

This fixes the issue after upgrade:

/interface bonding remove Modem1;
/interface bonding add name=Modem1 mode=802.3ad slaves=ether7,ether8 transmit-hash-policy=layer-3-and-4;
/ip dhcp-client set 0 interface=Modem1;
/interface list member add interface=Modem1 list=WAN;

Rudolfs · February 17, 2020, 11:01am

What’s new in 6.47beta32 (2020-Feb-10 11:45):

Why did you remove the “antenna gain” line in Winbox for wireless??? To fix the ETSI not imposing the minimum. ???

Well I knew ETSI regulatory domain forgot to check the minimal antenna gain. Countries did impose the minimal gain.

As setting TX power is difficult with the few left over options, the method explained in this forum several times is to increase the antenna gain, to reduce the transmit power.
“All rates fixed” is no good as the radio cannot follow for the higher MCS encodings. And “manual” and “card rates” is not allowed.
The only other oprion is not to set the country (“no_country_set”) and go fully manual." What an improvement! Forget regulations, you are on your own now!"

Why did you remove the “antenna gain” line in Winbox ??? To fix the ETSI not imposing the minimum.? It was the only practical way to reduce the TX power, not to heat up the radio, and always be legal

Hello,
This line was removed from Winbox GUI only for wireless devices with built-in antennas, due to the fact that changing this setting did not affect the performance in any way. Please note that RouterOS CLI shows all of the available options (not only the ones that can be used on the router). For example, if you type band= on router with 2 GHz wireless, you will be able to see also 5 GHz bands.

bpwl · February 17, 2020, 1:50pm

What’s new in 6.47beta32 (2020-Feb-10 11:45):

Why did you remove the “antenna gain” line in Winbox for wireless??? To fix the ETSI not imposing the minimum. ???

Well I knew ETSI regulatory domain forgot to check the minimal antenna gain. Countries did impose the minimal gain.

As setting TX power is difficult with the few left over options, the method explained in this forum several times is to increase the antenna gain, to reduce the transmit power.
“All rates fixed” is no good as the radio cannot follow for the higher MCS encodings. And “manual” and “card rates” is not allowed.
The only other oprion is not to set the country (“no_country_set”) and go fully manual." What an improvement! Forget regulations, you are on your own now!"

Why did you remove the “antenna gain” line in Winbox ??? To fix the ETSI not imposing the minimum.? It was the only practical way to reduce the TX power, not to heat up the radio, and always be legal

Hello,
This line was removed from Winbox GUI only for wireless devices with built-in antennas, due to the fact that changing this setting did not affect the performance in any way. Please note that RouterOS CLI shows all of the available options (not only the ones that can be used on the router). For example, if you type band= on router with 2 GHz wireless, you will be able to see also 5 GHz bands.

Can you please tell us then how to reduce the TX power, like all experts in Wifi give as advice, on those devices using the GUI. Most settings don’t work at all or you will cut off things that you didn’t want (e.g. all fixed). Changing the antenna gain was many times reported on this forum as the easiest , safest and the better method, to be some defined value below the legal and the device technical limits. I’m one of the persons that repeated this solution to others.
For other explicit methods you have to look up the data-sheets to know what the device limlits are.
Of course you can go to the CLI. You can always go to the CLI for non-trivial, special, expert and exceptional settings. And we are “blind” anyway , as the “current TX powers” is not filled in. Or should we use the CLI for that as well???

w32pamela · February 17, 2020, 3:17pm

*) quickset - use “station-wds” mode when connecting to AP with RouterOS flag;

Thank you for eliminating the automatic change to wireless mode = “station-wds” when an AP is identified as a routerboard device.

r00t · February 17, 2020, 3:49pm

Setting frequency mode to regulatory-domain should not prevent you from changing TX power down (using tx power mode card rates and tx power value), regulatory domain setting should only limit maximum tx power. This is on AR92xx radio, so others may vary…

WeWiNet · February 17, 2020, 5:13pm

Of course you can go to the CLI. You can always go to the CLI for non-trivial, special, expert and exceptional settings. > And we are “blind” anyway , as the “current TX powers” is not filled in. Or should we use the CLI for that as well???

Use this command to see actual TX Power of YOUR_WIFI_IF (i also can’t understand why this is not in Winbox shown!!!):

/interface wireless info allowed-channels YOUR_WIFI_IF

channels: 5500/20-Ceee/ac/DP(23dBm),5505/20-Ceee/ac/DP(23dBm),5510/20-Ceee/ac/DP(23dBm),
5515/20-Ceee/ac/DP(23dBm),5520/20-Ceee/ac/DP(23dBm),5525/20-Ceee/ac/DP(23dBm),
5530/20-Ceee/ac/DP(23dBm),5535/20-Ceee/ac/DP(23dBm),5540/20-Ceee/ac/DP(23dBm),
5545/20-Ceee/ac/DP(23dBm),5550/20-Ceee/ac/DP(23dBm),5555/20-Ceee/ac/DP(23dBm),
5560/20-Ceee/ac/DP(23dBm),5565/20-Ceee/ac/DP(23dBm),5570/20-Ceee/ac/DP(23dBm),
5575/20-Ceee/ac/DP(23dBm),5580/20-Ceee/ac/DP(23dBm),5585/20-Ceee/ac/DP(23dBm),
5590/20-Ceee/ac/DP(23dBm),5595/20-Ceee/ac/DP(23dBm),5600/20-Ceee/ac/DP(23dBm),
5605/20-Ceee/ac/DP(23dBm),5610/20-Ceee/ac/DP(23dBm),5615/20-Ceee/ac/DP(23dBm),
5620/20-Ceee/ac/DP(23dBm),5625/20-Ceee/ac/DP(23dBm),5630/20-Ceee/ac/DP(23dBm),
5635/20-Ceee/ac/DP(23dBm),5640/20-Ceee/ac/DP(23dBm)

bpwl · February 17, 2020, 7:32pm

Yep. Confusing for me … having the information what RouterOS actually is setting would help. (I understand this “ac” chip cannot be queried)
Just checked wAP ac with 6.46.3 (downgraded from 6.47 beta)

GAIN=3 / regulatory-domain= ETSI

[admin@MktwAPac] /interface wireless info> allowed-channels
interface: wlan2
channels: 5500/20-Ce/ac/DP(24dBm),5505/20-Ce/ac/DP(24dBm),5510/20-Ce/ac/DP(24dBm),5515/20-Ce/ac/DP(24dBm),5520/20-Ce/ac/DP(24dBm),5525/20-Ce/ac/DP(24dBm),
… …
5650/20-Ce/ac/DP(24dBm),5655/20-Ce/ac/DP(24dBm),5660/20-Ce/ac/DP(24dBm),5665/20-Ce/ac/DP(24dBm),5670/20-Ce/ac/DP(24dBm),5675/20-Ce/ac/DP(24dBm),
5680/20-Ce/ac/DP(24dBm)

Does it match ? There are 3 radios but “ac” shows total power. Seems OK.

[admin@MktwAPac] /interface wireless info> country-info etsi
ranges: 2402-2482/b,g,gn20,gn40(20dBm)
5170-5250/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(23dBm)/passive,indoor
5170-5330/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(20dBm)/dfs,passive,indoor
5250-5330/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(20dBm)/dfs,passive,indoor
5490-5710/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(27dBm)/dfs,passive
5190-5310/a-turbo(20dBm)/dfs
5180-5300/a-turbo(20dBm)/dfs
5520-5680/a-turbo(27dBm)/dfs,passive
5510-5670/a-turbo(27dBm)/dfs,passive
902-927/b,g,g-turbo,gn20,gn40(30dBm)

[admin@MktwAPac] /interface wireless info> hw-info
interface: wlan2
ranges: 4920-6100/5/a,an20,an40,ac20,ac40,ac80
tx-chains: 0,1,2
rx-chains: 0,1,2
extra-info: pciinfo:0x0, cid:0, gain:2

Now with TX power set on “all rates fixed” 10 dBm. No change in this list however. Did ROS set it, or did it ignore the user setting ?

[admin@MktwAPac] /interface wireless info> allowed-channels
interface: wlan2
channels: 5500/20-Ce/ac/DP(24dBm),5505/20-Ce/ac/DP(24dBm),5510/20-Ce/ac/DP(24dBm),5515/20-Ce/ac/DP(24dBm),5520/20-Ce/ac/DP(24dBm),5525/20-Ce/ac/DP(24dBm),
… …
5650/20-Ce/ac/DP(24dBm),5655/20-Ce/ac/DP(24dBm),5660/20-Ce/ac/DP(24dBm),5665/20-Ce/ac/DP(24dBm),5670/20-Ce/ac/DP(24dBm),5675/20-Ce/ac/DP(24dBm),
5680/20-Ce/ac/DP(24dBm)

Changing GAIN to 2 dBi , gives updated values for the channels. (even when “all rates fixed” is still at 10 dBm)

[admin@MktwAPac] /interface wireless info> allowed-channels
interface: wlan2
channels: 5500/20-Ce/ac/DP(25dBm),5505/20-Ce/ac/DP(25dBm),5510/20-Ce/ac/DP(25dBm),5515/20-Ce/ac/DP(25dBm),5520/20-Ce/ac/DP(25dBm),5525/20-Ce/ac/DP(25dBm),
… …
5650/20-Ce/ac/DP(25dBm),5655/20-Ce/ac/DP(25dBm),5660/20-Ce/ac/DP(25dBm),5665/20-Ce/ac/DP(25dBm),5670/20-Ce/ac/DP(25dBm),5675/20-Ce/ac/DP(25dBm),
5680/20-Ce/ac/DP(25dBm)

And then you have that other dimension: the encoding power limits of the device

5 GHz Transmit (dBm) Receive Sensitivity
6MBit/s 25 -96
54MBit/s 25 -81
MCS0 25 -96
MCS7 24 -77
MCS9 23 -72

So it seems to be a double limit set: channel power (by regulation) and rate power of the card, or a fixed value override of the rate power.
How are they applied? Just 2 separate checks?
Antenna gain is that only for the channel power, or also for the rate power ?