v6.49.1 [stable] is released!

Announcements
1

RouterOS version 6.49.1 has been released in public "stable" channel!

Before an upgrade:

  1. Remember to make backup/export files before an upgrade and save them on another storage device;
  2. Make sure the device will not lose power during upgrade process;
  3. Device has enough free storage space for all RouterOS packages to be downloaded.

**What's new in 6.49.1 (2021-Nov-17 10:06):

MAJOR CHANGES IN v6.49.1:

!) device-mode - added feature locking mechanism;
----------------------

Changes in this release:**

*) certificate - improved stability when sending bogus SCEP message;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) health - improved temperature reporting;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) leds - fixed LTE LED default mapping for LHGG;
*) lte - improved RSSI reporting on R11e-LTE6;
*) routerboot - enabling "protected-routerboot" feature requires a press of a button;
*) snmp - fixed IPsec-SA byte and packet counter reporting;
*) sstp - fixed client stuck in "nonce matching" state;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) traffic-flow - added systematic count-based packet sampling support;
*) upgrade - added new "upgrade" channel for upgrades between major versions;
*) winbox - added "Modbus" menu support;
*) wireless - added U-NII-2 support for US and Canada country profiles for cAP ac XL and QRT 5 ac;
*) wireless - fixed frequency range information on IPQ4019;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.

CCR1072 firewall connection tracking max-entries: 1048576
v6.49 [stable] is released!
hap ac3 can't reset
2

*) dhcpv6-server - fixed DUID generation with timestamp;

Thanks MT. I´ll test it.

3

What is this? !) device-mode - added feature locking mechanism;

I see you have “enterprise” and “home” as device modes, what is the difference?

4

dhcpv6-server - fixed DUID generation with timestamp;

Is there a way to trigger this without reinstalling the router, or generally to reset the DUID?

Edit: Sorry, I missed that it is just for the server. Question remains: Can the client DUID be reset without reinstalling the router?

5

[admin@M-6_49_1] > /system device-mode print
mode: enterprise

6

!) device-mode - added feature locking mechanism
*) traffic-flow - added systematic count-based packet sampling support

further explanations please

7

The manual for device-mode can be found here: https://help.mikrotik.com/docs/pages/viewpage.action?spaceKey=ROS&title=Device-mode

8

routerboot - enabling “protected-routerboot” feature requires a press of a button;

i cant find the option “enable protected routerboot” in “system - routerboard - settings” like it used to be. where is it?

9

you need to press “a button”!11!!

10

which button in rb2011? and which button in hap ac2?
and what if i am the admin and i want to enable protected routerboot to my routers remotely? not possible anymore?

11

MT_6.49.1.JPG

12

Yes, that is the goal of this change. protected routerboot is abused by criminals asking ransom money to unlock compromised routers, so it requires physical presence to enable protected routerboot from now on…

13

As it is shown in the documentaion and menu,

update: please activate by turning power off or [b]pressing reset or mode button[/b]
14

[deleted]

15

As a test, I tried to upgrade my hAP ac2 that now has just 5 separate packages 6.49 installed (advanced-tools,dhcp,security,system,wireless) to the manually uploaded bundle package for 6.49.1 and it fails with “not enough space for upgrade”.
It looks like upgrading from separate packages to bundle package does not work on 16MB flash devices, I did the same on a RB2011 and a RB4011 without problem.

Earlier I tried to upgrade the hAP ac2 to v7.1rc6 encountering the same issue, which apparently is not a v6-to-v7 issue but just a “separate packages to bundle package on 16MB flash devices” issue. (SUP-66267)

16

Will MIPSBE devices continue to randomly die on routerboot upgrade with this release?
Have CCR long boot issues been fixed?

17

It is now only in cli mode, no more in winbox. Probably another attempt to avoid remote tampering, this was also already done in v7.1rc6.

18

But the message about the need to press the button is not displayed in the console. Only displayed in the winbox. Not logical

19

When the protected-routerboot=enabled setting is done and then a print is done to display the current setting, it shows the message about the button in red.
This is in fact the same as in winbox, the message is shown in the “current status” of that menu.

20

Can you please share that support issue with me? My address is mail@username.de… Thanks!