Community discussions

MUM Europe 2020
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Posts: 285
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

Re: v6.15 released

Mon Jun 23, 2014 6:05 am

Alrighty, detailed explanation and supouts are with MT :) Ticket#2014062366000154
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1220
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.15 released

Mon Jun 23, 2014 7:58 am

Have those of you with fp package not working all disabled the ipv6 package as written in the release notes?
Also I found out that bridgeing the wifi interface using stp with interface bridging enabled will not work (since 6.12 it seems).
Switching the bridge to use rstp made it work.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Posts: 285
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

Re: v6.15 released

Mon Jun 23, 2014 8:14 am

Ho hum. IPv6 is enabled on all the routers i've upgraded to 6.15 & have Wireless-FP enabled on.

Only the one crashes. I may have to set up a lab test - testing on a live site is a bit of a pain :)
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1220
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.15 released

Mon Jun 23, 2014 8:23 am

The ipv6 interaction should affect only CAP/CAPSman in fp-wireless. But who knows...
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Mon Jun 23, 2014 10:31 am

I forget to specify, on all my upgraded device I use auto tdma and rstp on bridge
I'm Italian, not English. Sorry for my imperfect grammar.
 
nxl
just joined
Posts: 20
Joined: Thu Jul 25, 2013 10:24 am

Re: v6.15 released

Mon Jun 23, 2014 11:07 am

I upgraded about 12 links, 5 of them crashed on one side or the other multiple times within 48 hours.
1 affected link between SXTs, 40 Mhz (kernel failures only on the station-bridge side, so maybe TDMA Auto isn't relevant here?)
1 link between SXT r2
1 link between rb433s, 20 Mhz channel
2 link between rb433 and a 433AH, 40 Mhz channel

ipv6 disabled on all of my equipments.
TDMA Period Size was Auto, now set to 2 ms, but I kept only 2 affected links on 6.15, we'll see.

It is clear to me that with so many problems there wasn't enough testing before releasing the newsletter to customers. :(
 
User avatar
Belyivulk
Member Candidate
Member Candidate
Posts: 285
Joined: Mon Mar 06, 2006 10:53 pm
Location: Whangarei, New Zealand
Contact:

Re: v6.15 released

Mon Jun 23, 2014 11:32 am

Well you should fire supouts to Mikrotik so they can fix it quickly :)
 
nxl
just joined
Posts: 20
Joined: Thu Jul 25, 2013 10:24 am

Re: v6.15 released

Mon Jun 23, 2014 1:39 pm

Already did that :).
Except this issue, I was very pleased with the update.
Is it just me or they seem to also have fixed the problem when nv2 packets passing through gigabit and then fastethernet were heavily slowed down?
 
dominicbatty
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Wed Jul 07, 2010 12:26 pm

Re: v6.15 released

Mon Jun 23, 2014 9:43 pm

Hi everyone, just a quick heads up with some issues I have been having on 6.15. I am not sure it is specifically 6.15 related but it is down to some configuration changes I have made whilst on 6.15.

We have always used a single IP per interface but have recently started using a single WAN IP and an additional block that is passed between our public facing interfaces as lines failover to each other so our public IP block is always accessible.

Our configuration is such that the lower IP assigned to the interface is the WAN address and the higher IP being the address block on which we wish to receive traffic.

111.111.111.111/32 - WAN
222.222.222.222/32 - Additional Block

If a windows PC makes either an SSTP or PPTP connection to the router ...
Connections to either interface work fine and are both very stable and route traffic.

If a Mikrotik router is used as the client for any of the following; L2TP/SSTP/PPTP
Connections to the 111.111.111.111/32 - links are all stable and work as expected
Connections to the 222.222.222.222/32 - all the interfaces come up but are highly unstable and do not route any traffic.

I'm going to log this via support. I don't believe this is in relation to a previous known issue reported where the WAN interface used to reply to incoming connections is the wrong address. In my case all returning traffic to the client does appear to originate from the correct address.
 
User avatar
resnik
newbie
Posts: 27
Joined: Wed Mar 31, 2010 5:25 pm
Location: Europe

Re: v6.15 released

Mon Jun 23, 2014 10:36 pm

One bug I found with new Cloud feature, even if you untick "Enable", your router will still be accessible from that reported DNS.
 
dominicbatty
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Wed Jul 07, 2010 12:26 pm

Re: v6.15 released

Mon Jun 23, 2014 10:39 pm

Won't that only be until the DNS entry expires?
 
User avatar
resnik
newbie
Posts: 27
Joined: Wed Mar 31, 2010 5:25 pm
Location: Europe

Re: v6.15 released

Mon Jun 23, 2014 10:50 pm

Won't that only be until the DNS entry expires?
unless I missed something, more then 48h passed.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Mon Jun 23, 2014 10:51 pm

Actually the association are permanent.
Is changed only when IP change, and there is no way to remove the DNS entry
and timeout not exist.
I'm Italian, not English. Sorry for my imperfect grammar.
 
dominicbatty
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Wed Jul 07, 2010 12:26 pm

Re: v6.15 released

Mon Jun 23, 2014 10:56 pm

it would be better if within RouterOS you could control the DNS enablement and also the TTL directly on a per device basis.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Mon Jun 23, 2014 10:57 pm

it would be better if within RouterOS you could control the DNS enablement and also the TTL directly on a per device basis.
right
I'm Italian, not English. Sorry for my imperfect grammar.
 
Michel
just joined
Posts: 21
Joined: Mon Aug 16, 2010 12:50 pm

Re: v6.15 released

Tue Jun 24, 2014 8:54 am

Hello,

can you please fix the timestamps for the User Manager please ? I am on timezone GMT+2 and the logs for the Sessions and User Sessions are missing +2 hours.

user-manager-6.15-mipsbe.npk

Kind Regards
 
Michel
just joined
Posts: 21
Joined: Mon Aug 16, 2010 12:50 pm

Re: v6.15 released

Tue Jun 24, 2014 11:31 am

My path to make Routing Marks work.

6.14 -- work
6.14 to 6.15 -- NOT work
6.15 to 6.13 -- NOT work
6.13 to 6.14 -- NOT work
6.14 to 6.7 -- work
6.7 to 6.14 -- work

So weird :?
I just noticed that my Multi WAN Routing Marks no longer working.

I update from 6.14 to 6.15 and now back to 6.14 but still not working.


RB493AH
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Tue Jun 24, 2014 12:25 pm

Hello,

can you please fix the timestamps for the User Manager please ? I am on timezone GMT+2 and the logs for the Sessions and User Sessions are missing +2 hours.

user-manager-6.15-mipsbe.npk

Kind Regards
It's not a bug, it's your config.

You must configure time-zone in user-manager.

Paste this on your user-manager:
/tool user-manager customer
set [find] time-zone=+02:00
I'm Italian, not English. Sorry for my imperfect grammar.
 
Michel
just joined
Posts: 21
Joined: Mon Aug 16, 2010 12:50 pm

Re: v6.15 released

Tue Jun 24, 2014 1:24 pm

Thank you, that fixed the time problem.

http://wiki.mikrotik.com/wiki/User_Mana ... nd_credits

I saw this hint for the Customers section but this field does not exist for the Users, so I did not think more about it and thought the time comes from the Router setting :(
 
cybernetcy
just joined
Posts: 15
Joined: Tue Jun 24, 2014 12:29 pm

Re: v6.15 released

Tue Jun 24, 2014 1:56 pm

i upgrade rb2011LS from 6.13 to 6.15 and its start to lock everytime. when i downgrade the to 6.13 again its start to work normaly.
 
2400baud
newbie
Posts: 28
Joined: Tue Nov 15, 2011 1:04 am

Re: v6.15 released

Tue Jun 24, 2014 3:18 pm

What's new in 6.15 (2014-Jun-12 12:25):

*) fixed upgrade from v5 - on first boot all the optional packages were disabled;
*) fixed problem where sntp server could not be specified in winbox & webfig;
*) metarouter - make openwrt work on ppc metarouter again;
Are these the only 3 fixes, or is this changelog just the highlights?

I'm seeing problems with DLNA on a PS3 after upgrading from 6.14 to 6.15, both with wireless and wireless-fp.
 
rafaeltdk
just joined
Posts: 17
Joined: Fri Feb 15, 2013 3:52 pm

Re: v6.15 released

Tue Jun 24, 2014 4:52 pm

need help support MK, because AS does not work with 6 digits? version 5.26 and 6.14
You do not have the required permissions to view the files attached to this post.
 
User avatar
donjames
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Fri Mar 14, 2008 7:07 pm
Location: Henderson, Texas
Contact:

Re: v6.15 released

Wed Jun 25, 2014 12:40 am

My USGlobalSat Bu-353 receiver quit working when I upgraded my RB751 to RouterOS 6.15. Is there a fix for this?

I found the solution. Here is the script that I was using:
# name initializegps
/system gps set enabled=no
:delay 15;
/port set 0 baud-rate=4800 parity=odd
:delay 15;
/port set 0 baud-rate=4800 parity=odd
/system gps set enabled=yes  set-system-time=no

Here is the script that works:
# name initializegps
/system gps set enabled=no
:delay 15;
/port set 0 baud-rate=4800 parity=odd
:delay 15;
/port set 0 baud-rate=4800 parity=odd
/system gps set enabled=yes port=usb set-system-time=no

I hope that this helps.

Thanks,

donjames
Last edited by donjames on Fri Jun 27, 2014 6:39 pm, edited 1 time in total.
 
ATROX
newbie
Posts: 45
Joined: Mon Oct 14, 2013 2:10 pm

Re: v6.15 released

Wed Jun 25, 2014 8:47 am

BUG was found. IPsec works not stable
There are several tunnels IPsec. Regardless of time and without changing any settings tunnels stop working.
In the settings you can see that the key exchange in one direction occurs, but the traffic flow is not (IP->IPsec->Installed SAs->some key->Current Bytes=0).
After several reboots tunnel restored. After spending some time again stops working.
Fix please!
Remote office work impossible. Business idle incur losses

RouterOS - v6.15/6.14
HW - CCR1036-12G-4S, RB2011UiAS, RB951G-2HnD, RB2011UiAS-2HnD
 
jarda
Forum Guru
Forum Guru
Posts: 7604
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.15 released

Wed Jun 25, 2014 8:49 am

I saw the same between 6.13 and 6.15.
 
ATROX
newbie
Posts: 45
Joined: Mon Oct 14, 2013 2:10 pm

Re: v6.15 released

Wed Jun 25, 2014 8:57 am

I saw the same between 6.13 and 6.15.
I updated every 6.15.
6.15 between the same problem.
 
xootraoox
just joined
Posts: 17
Joined: Fri Jan 31, 2014 5:24 am

Re: v6.15 released

Wed Jun 25, 2014 10:10 am

Brief description of 6.15:
- Fail
- Fail
- Fail

6.13 the CPU load is high but aceptable, but on 6.15 any action eat (in many cases all) CPU (at least mipsbe), and "Reboot without propper shutdown" logs is habitual... Crash, Crash, Crash, Crash.
 
dominicbatty
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Wed Jul 07, 2010 12:26 pm

Re: v6.15 released

Wed Jun 25, 2014 12:15 pm

you should log that query with Mikrotik support, with that amount of incredible detail I'm sure you'll get an answer in no time ... ;-)
 
onnoossendrijver
Member
Member
Posts: 418
Joined: Mon Jul 14, 2008 11:10 am
Location: The Netherlands

Re: v6.15 released

Wed Jun 25, 2014 12:18 pm

:P
We have absolutely no problems with 6.15 on our 'neighbor-network' with 8 Mikrotik's.
Running OSPF, OSPFv3, DHCP, VPLS/LDP, Queues, VLANs, NAT, DHCP, NV2, 80211 wireless, etcetera..
Linux/network engineer: ITIL, LPI1, CCNA R+S, CCNP R+S, JNCIA, JNCIS-SEC
 
Neilson
Member Candidate
Member Candidate
Posts: 174
Joined: Tue Nov 06, 2012 10:42 pm
Location: Auckland, New Zealand

Re: v6.15 released

Wed Jun 25, 2014 1:04 pm

need help support MK, because AS does not work with 6 digits? version 5.26 and 6.14
I understand that per RFC1997 that the community field is a 32 bit field, at the time with two byte AS numbers it was commonly used as 16 bits for the AS (before the colon) and 16 bits after for the community string.

In the case here if you want to use communities with larger AS numbers you may need to use 23456:XXX style for your community string. As the first number doesn't actually have to be an AS number you can of course put anything you want but 23456 is used in 2 byte only AS systems to refer to 4 byte AS's

There is an RFC for extended community attributes however that is different.

Regards
Alexander
 
rafaeltdk
just joined
Posts: 17
Joined: Fri Feb 15, 2013 3:52 pm

Re: v6.15 released

Wed Jun 25, 2014 2:14 pm

ok need to use the prefix 262605 how do I? tanks.
 
rafaeltdk
just joined
Posts: 17
Joined: Fri Feb 15, 2013 3:52 pm

Re: v6.15 released

Wed Jun 25, 2014 2:15 pm

ok need to use the prefix 262605 how do I? tanks.




I understand that per RFC1997 that the community field is a 32 bit field, at the time with two byte AS numbers it was commonly used as 16 bits for the AS (before the colon) and 16 bits after for the community string.

In the case here if you want to use communities with larger AS numbers you may need to use 23456:XXX style for your community string. As the first number doesn't actually have to be an AS number you can of course put anything you want but 23456 is used in 2 byte only AS systems to refer to 4 byte AS's

There is an RFC for extended community attributes however that is different.

Regards
Alexander
 
wispwest
Member
Member
Posts: 477
Joined: Tue May 19, 2009 3:48 am

Re: v6.15 released

Wed Jun 25, 2014 8:40 pm

I liked the "Auto" NV2 timing with the new Wireless-FP package, latency hit 1ms sometimes! However, I got packet loss about every 100 or so pings, so had to revert back... :(
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 511
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.15 released

Wed Jun 25, 2014 9:21 pm

I liked the "Auto" NV2 timing with the new Wireless-FP package, latency hit 1ms sometimes! However, I got packet loss about every 100 or so pings, so had to revert back... :(
I just did a 10000 packets test. 0 packets lost. This is on a link with good signal and 100% ccq. I have some links which show minor packet loss on smokeping, but those links are not with good conditions so I think I had these losses before.
 
mxmxmxmxmx
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Mon Aug 25, 2008 1:27 am

Re: v6.15 released

Thu Jun 26, 2014 12:07 am

connecting Nokia e52 to RB with 6.15 & wireless FP = kernel panic.
Standard wireless package works fine!

RB433 + R52H with WPA/WPA2 TKIP
 
Neilson
Member Candidate
Member Candidate
Posts: 174
Joined: Tue Nov 06, 2012 10:42 pm
Location: Auckland, New Zealand

Re: v6.15 released

Thu Jun 26, 2014 7:44 am

ok need to use the prefix 262605 how do I? tanks.
Use 23456,

or one of the private prefixes,

or use another number

you could also try appending L to the end of the number, but I have not found any mikrotik documentation that says they support this signalling of 4-Byte AS Numbers.

Mikrotik may come back and change this or tell me I am wrong.

Also if you explain your use case then that could assist us in understanding other ways to do it.

Regards
Alexander
 
nmaton
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Fri Feb 18, 2011 12:31 am

Re: v6.15 released

Thu Jun 26, 2014 12:38 pm

I found the following bug again in 6.15.

My vrrp routers are both set as master!!
The error is get is = " vrrp received packet with bad checksum"

This is with vrrp version 3 on ipv4.

I changed the vrrp version to 2 with simple authentication and then it does function.

This is a bug that has been in mikrotik for a very long time. Could you please check this.
Nicolas Maton
nicolasmaton@gmail.com

CCNA/ CCDA
MTCNA / MTCTCE

Available for Mikrotik Consulting
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 511
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.15 released

Thu Jun 26, 2014 2:22 pm

Trying to switch back to regular wireless package after using wireless-fp and having set auto on TDMA period size results in 100% cpu usage and wireless cards not working.
If you select a value for tdma period size before switching this problem is avoided.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Thu Jun 26, 2014 3:27 pm

THIS BUG ALREADY SIGNALED ON 6.12 STILL PRESENT AND NOT SOLVED:

Primary BUG: Webfig created script or schedule do not have ftp, winbox, api rights and are impossible to set that rights on Webfig

Secondary BUG: Winbox do not have the possibility to change ftp, winbox, api rights on script or schedule

VERSION AFFECTED: ALL VERSION OF ROUTEROS. Included last 6.16rc9

When one script are created on Winbox or on CLI, the default right applied are:
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api

But when the script are created by webfig, the only right can be applied are:
reboot,read,write,policy,test,password,sniff,sensitive
MISSING ftp,winbox,api

Without ftp right some command like "/export file=filename;" are not doable on script / schedule created with WebFig.

Walkthrought: obviously using the CLI you can set the missing rights.

Is clear what is the problem, without any other investigation.
I'm Italian, not English. Sorry for my imperfect grammar.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3427
Joined: Mon May 31, 2004 2:55 pm

Re: v6.15 released

Thu Jun 26, 2014 4:59 pm

My USGlobalSat Bu-353 receiver quit working when I upgraded my RB751 to RouterOS 6.15. Is there a fix for this?

Thanks,

donjames
In which version the GPS receiver was working?
From which version you upgraded to v6.15?
 
rafaeltdk
just joined
Posts: 17
Joined: Fri Feb 15, 2013 3:52 pm

Re: v6.15 released

Fri Jun 27, 2014 1:55 am

Normis pls help
need to send these communitys BGP to not advertise my carrier prefixes to some peer as follows

Follow the BGP communitys that can be used:

 

Blocks announce AS International: 1

National ad blocks AS: 2

Customers ad blocks GVT AS: 3

Blocks announce Peering AS 4

Blocks ad PTT AS: 6

 

Where, AS, should be your AS, example: 1234:1

ok need to use the prefix 262605 how do I? tanks.
Use 23456,

or one of the private prefixes,

or use another number

you could also try appending L to the end of the number, but I have not found any mikrotik documentation that says they support this signalling of 4-Byte AS Numbers.

Mikrotik may come back and change this or tell me I am wrong.

Also if you explain your use case then that could assist us in understanding other ways to do it.

Regards
Alexander
 
log
Member Candidate
Member Candidate
Posts: 105
Joined: Fri May 28, 2010 11:37 am

Re: v6.15 released

Fri Jun 27, 2014 10:25 am

Its something weird with rogue dhcp alert. I have ros 6.7 at 2011iL, my dhcp server is connected to ether1, dhcp alerts are enable at ether2 to 10 and everything is ok. After upgrade to 6.15 all ports (ether2-10) see my dhcp server from port 1. So i downgrade to 6.7 and everything is working normally.
 
mxmxmxmxmx
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Mon Aug 25, 2008 1:27 am

Re: v6.15 released

Sat Jun 28, 2014 1:28 am

Two different RB711 reboots because of kernel failure.
It happens after updating from ROS 6.13 with regular wireless package to 6.15 with wireless-FP package.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Sat Jun 28, 2014 2:27 am

Two different RB711 reboots because of kernel failure.
It happens after updating from ROS 6.13 with regular wireless package to 6.15 with wireless-FP package.
Please write EXACTLY how you have upgraded the two board, without omit anything,
previous package presents, previous packages active, etc.
I'm Italian, not English. Sorry for my imperfect grammar.
 
jcem
Member Candidate
Member Candidate
Posts: 137
Joined: Sun May 24, 2009 4:41 pm
Location: Grebbestad, Sweden

Re: v6.15 released

Sat Jun 28, 2014 3:06 am

Hi!

Confirmed bug by MT in wireless-fp package if you have any legacy wireless card(non N-wireless capability)
installed on the RB

I'm now testing 6.16rc10 if they fixed it.

6.16rc10 seam to have a new SNMP bug thou...

RGDS
 
sentient
just joined
Posts: 1
Joined: Tue Aug 07, 2012 5:52 pm

Re: v6.15 released

Sat Jun 28, 2014 3:02 pm

Mikrotik should stop releasing this beta versions because they're unstable. I don't know what happened after 5.26, but every version was filled with some bugs.
 
steen
Member
Member
Posts: 469
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: v6.15 released

Sat Jun 28, 2014 11:52 pm

Hello Folks!

I guess we are lucky then, we successfully upgraded all our infrastructure devices (thats say many of each: SXT, SEXTANT, SEXTANT G, RB411, RB, RB433, RB600, RB333, RB750, RB2011UAS_2HnD, CRS and CCR1016).

We did not upgrade routers using policy based routing with routing marks (broke after 6.7) and vpn routers using l2tp (also broke after 6.7) and one Rb411 which is on 5.20 because if upgraded ethernet device stops working by some strange reason.
 
User avatar
Belgarion186
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Jan 23, 2014 3:33 am

Re: v6.15 released

Sun Jun 29, 2014 3:17 am

We did not upgrade routers using policy based routing with routing marks (broke after 6.7) and vpn routers using l2tp (also broke after 6.7) and one Rb411 which is on 5.20 because if upgraded ethernet device stops working by some strange reason.
Routing marks worked without any issue for me for every ROS 6.xx release, even the latest 6.15. I'm using CCR1009 and RB2011UiAS for policy based routing.

What I always do is to disable all VPN connections, upgrade ROS, reboot and then enable VPN connections again. Worked all the time.
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 511
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.15 released

Sun Jun 29, 2014 10:28 pm

Hi!

Confirmed bug by MT in wireless-fp package if you have any legacy wireless card(non N-wireless capability)
installed on the RB

I'm now testing 6.16rc10 if they fixed it.

6.16rc10 seam to have a new SNMP bug thou...

RGDS
What problems do you have in this scenario ? RB with legacy card. I have a few boards with legacy cards which reboot themself with 'kernel failure' message in log. Also just a few minutes a go one of these boards first rebooted a few times and then just crashed completely and needed a power cycle.
I'm hoping this is fixed in v6.16 and that it will come out soon.
 
littlebill
Member Candidate
Member Candidate
Posts: 231
Joined: Sat Apr 30, 2011 3:11 am

Re: v6.15 released

Mon Jun 30, 2014 2:52 am

did sstp for win7 clients ever get fixed? or disconnects on pptp when logged into winbox? this all broke after 6.7? anyone not seeing these issues anymore?
 
amb
just joined
Posts: 2
Joined: Mon Jun 30, 2014 8:32 am

Re: v6.15 released

Mon Jun 30, 2014 8:37 am

Hello,

I'm having an issue using a 3g modem as a failover solution.
It seems that every 30 minutes(give or take a few seconds) the connection is terminated.
After that it reconnects and works for another 30 minutes.

What could be causing this?
ROS: 6.15

RB951G-2HnD
 
amb
just joined
Posts: 2
Joined: Mon Jun 30, 2014 8:32 am

Re: v6.15 released

Mon Jun 30, 2014 11:01 am

Ok, so it seems the ppp server was disconnecting the client every 30 minutes if the connection was idle.
As the 3g modem was being used as a failover solution, no traffic went through while the main communication
channel was up.
So I 'fixed' it by adding a netwatch action to ping an ip every minute(although it could be less often).
So far I got 1h+ uptime and seems to have fixed my problem.
 
rayman1366
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Mon Feb 20, 2012 1:49 am

Re: v6.15 released

Mon Jun 30, 2014 12:58 pm

afther upgarde from 5.25 to 6.15 on sxt5hnd, now i cannot access router, need netinstall,,but sxt is on rig.. :(
 
Shiro
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Sep 25, 2013 6:44 pm

Re: v6.15 released

Mon Jun 30, 2014 2:20 pm

did sstp for win7 clients ever get fixed? or disconnects on pptp when logged into winbox? this all broke after 6.7? anyone not seeing these issues anymore?
SSTP is broken for me. I use it on x86, RB493G and CCR-1009, get disconnect on larger amount of traffic/bandwith. CCR as VPN Concentrator? no way.
 
User avatar
slarner
newbie
Posts: 30
Joined: Wed Jul 18, 2007 10:54 am
Location: UK
Contact:

Re: v6.15 released

Mon Jun 30, 2014 3:11 pm

We are having problems with the routing engine crashing on CC61036-12G-4S

We loose all routes and BGP peers. You reboot the router and it all comes back and works fine for a couple of days.

We are running 6.7 on our other datacentre CC61036-12G-4S and never had an issues with the routing engine crashing with 26 BGP peers connected.

Stewart
http://www.countybroadband.net
-----------------------------------------------
Provider of wireless broadband in Essex and Suffolk UK
 
rayman1366
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Mon Feb 20, 2012 1:49 am

Re: v6.15 released

Mon Jun 30, 2014 3:19 pm

afther upgarde from 5.25 to 6.15 on sxt5hnd, now i cannot access router, need netinstall,,but sxt is on rig.. :(
afther hw reset i see 6.15.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3427
Joined: Mon May 31, 2004 2:55 pm

Re: v6.15 released

Mon Jun 30, 2014 3:20 pm

Hi!
I'm now testing 6.16rc10 if they fixed it.

6.16rc10 seam to have a new SNMP bug thou...
RGDS
Please tell us more abut SNMP bug that is introduced in v6.16rc10
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Mon Jun 30, 2014 4:04 pm

The only bug I find on 6.16rc10 about SNMP if is SNMP are enabled AFTER the boot, you must REBOOT the device for make it effectively enabled.

secondary "bug" already present on 6.14 and 6.15 versions.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 511
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.15 released

Mon Jun 30, 2014 4:17 pm

I've noticed this thing with snmp in v6.15, I enabled it and it was not working, but then I went and changed the community from public to something else and it worked, no reboot needed.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Mon Jun 30, 2014 4:24 pm

I've noticed this thing with snmp in v6.15, I enabled it and it was not working, but then I went and changed the community from public to something else and it worked, no reboot needed.
True.
I'm Italian, not English. Sorry for my imperfect grammar.
 
coylh
Member Candidate
Member Candidate
Posts: 160
Joined: Tue Jul 12, 2011 12:11 am

Re: v6.15 released

Mon Jun 30, 2014 5:32 pm

I installed 6.15 (dhcp, ntp, routing, security, system) on my first 1016 (CCR1016-12S-1S+). I notice the cores are much more "active". If I was graphing the cpu usage, it would be very spiky. On 1036's (6.11), the cores are usually idle. Not sure if this is a problem yet, but it looks odd for the system to be so busy when it's not getting any traffic.
You do not have the required permissions to view the files attached to this post.
 
DLNoah
Member Candidate
Member Candidate
Posts: 144
Joined: Fri Nov 12, 2010 5:33 pm

Re: v6.15 released

Mon Jun 30, 2014 7:28 pm

We are having problems with the routing engine crashing on CC61036-12G-4S

We loose all routes and BGP peers. You reboot the router and it all comes back and works fine for a couple of days.

We are running 6.7 on our other datacentre CC61036-12G-4S and never had an issues with the routing engine crashing with 26 BGP peers connected.

Stewart
In our case, we had about a dozen CCR1036-12G-4S units on 6.5 that were becoming completely non-responsive via MAC Telnet or IP until rebooted. The failures were occurring every 10-14 days of uptime. We upgraded to v6.13 and haven't had any incidents in 18 days.

YMMV.
 
jcem
Member Candidate
Member Candidate
Posts: 137
Joined: Sun May 24, 2009 4:41 pm
Location: Grebbestad, Sweden

Re: v6.15 released

Tue Jul 01, 2014 12:25 am

Hi!
I'm now testing 6.16rc10 if they fixed it.

6.16rc10 seam to have a new SNMP bug thou...
RGDS
Please tell us more abut SNMP bug that is introduced in v6.16rc10

Hi!

Seams to be working after 24hr -- CPU, Voltage etc did not get any data to DUDE - Maybe DUDE needed some time??

RGDS
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Tue Jul 01, 2014 12:28 am

Hi!
I'm now testing 6.16rc10 if they fixed it.

6.16rc10 seam to have a new SNMP bug thou...
RGDS
Please tell us more abut SNMP bug that is introduced in v6.16rc10

Hi!

Seams to be working after 24hr -- CPU, Voltage etc did not get any data to DUDE - Maybe DUDE needed some time??

RGDS
paste your SNMP verbose config here.
/snmp export verbose
I'm Italian, not English. Sorry for my imperfect grammar.
 
janel
just joined
Posts: 11
Joined: Wed Mar 12, 2014 10:41 pm

Re: v6.15 released

Tue Jul 01, 2014 3:24 am

CPU load in 6.15 vs 6.11 on a CRS125-24G-1S
mk-cpuload.png
/system resource pr     
                   uptime: 18m53s
                  version: 6.15
               build-time: Jun/12/2014 12:25:29
              free-memory: 107.9MiB
             total-memory: 128.0MiB
                      cpu: MIPS 74Kc V4.12
                cpu-count: 1
            cpu-frequency: 600MHz
                 cpu-load: 11%
           free-hdd-space: 109.6MiB
          total-hdd-space: 128.0MiB
  write-sect-since-reboot: 114
         write-sect-total: 67294
               bad-blocks: 0.1%
        architecture-name: mipsbe
               board-name: CRS125-24G-1S
                 platform: MikroTik
/tool profile 
NAME                    CPU        USAGE
firewall-mgmt           all           0%
spi                     all           3%
ethernet                all           1%
console                 all         0.5%
ssh                     all           0%
networking              all           4%
management              all         0.5%
idle                    all          87%
profiling               all         0.5%
unclassified            all         3.5%
You do not have the required permissions to view the files attached to this post.
 
User avatar
erebusodora
Frequent Visitor
Frequent Visitor
Posts: 74
Joined: Mon Jan 23, 2012 3:46 pm
Location: Bulgaria

Re: v6.15 released

Tue Jul 01, 2014 8:20 am

When upgrade from 5.26 to 6.15 (RB 433) some CPE not connect to hiden SSID. When SSID is visible all is connect. MAC adress of not connected CPE's is 00:1D:0F:E4:B6:F7 (tp-link 5210G), 64:70:02:B3:11:A1 (tp-link 5210G), 10:FE:ED:85:2D:0F (tp-link 5210G) . All CPE is on client mode with MAC connect to AP (RB433).
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: v6.15 released

Tue Jul 01, 2014 10:02 am

The only bug I find on 6.16rc10 about SNMP if is SNMP are enabled AFTER the boot, you must REBOOT the device for make it effectively enabled.

secondary "bug" already present on 6.14 and 6.15 versions.
is this on MIPS or some other arch?
 
User avatar
erebusodora
Frequent Visitor
Frequent Visitor
Posts: 74
Joined: Mon Jan 23, 2012 3:46 pm
Location: Bulgaria

Re: v6.15 released

Tue Jul 01, 2014 10:51 am

Bug on RB 2011UiAS with dynamic DNS rows. There was only 2 static DNS. The rows are too many. Example on picture.
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Tue Jul 01, 2014 11:18 am

The only bug I find on 6.16rc10 about SNMP if is SNMP are enabled AFTER the boot, you must REBOOT the device for make it effectively enabled.

secondary "bug" already present on 6.14 and 6.15 versions.
is this on MIPS or some other arch?
Thanks for reply, I have check this problem only on mipsbe devices:

netinstall 6.15 without keep previous config with inetalled routeros-mipsbe-6.15.npk and inside with last (3.13 and 3.10) bios
configured from scratch without import any script or backup

"Tower" 1:
3 Metal 5SHPn (3 Access Point) wireless-fp active
1 411AH + R52Hn (1 PTP) wireless-fp active
1 493G (only as Switch) all wireless package disabled

"Tower" 2:
2 Metal 5SHPn (2 Access Point) wireless-fp active
1 Metal 5SHPn (1 PTP) wireless-fp active
1 750UP (switch / PoE) all wireless package disabled

All devices, after configured SNMP must be rebooted for SNMP to work, other things works flawlessly.
Last edited by rextended on Tue Jul 01, 2014 11:46 am, edited 3 times in total.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: v6.15 released

Tue Jul 01, 2014 11:39 am

pNrrPyGnuht if you are receiving several DNS server addresses, they will be displayed in your '/ip dns' configuration as dynamic, also, you can, for example, configure dhcp client to not to set up dynamic entries if you do not what them to be set.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Tue Jul 01, 2014 11:44 am

Bug on RB 2011UiAS with dynamic DNS rows. There was only 2 static DNS. The rows are too many. Example on picture.
Is not a bug.
Paste this on your device:
/ip dhcp-client set [find] use-peer-dns=no
/interface pppoe-client set [find] use-peer-dns=no
/interface ppp-client set [find] use-peer-dns=no
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
erebusodora
Frequent Visitor
Frequent Visitor
Posts: 74
Joined: Mon Jan 23, 2012 3:46 pm
Location: Bulgaria

Re: v6.15 released

Tue Jul 01, 2014 1:18 pm

Bug on RB 2011UiAS with dynamic DNS rows. There was only 2 static DNS. The rows are too many. Example on picture.
Is not a bug.
Paste this on your device:
/ip dhcp-client set [find] use-peer-dns=no
/interface pppoe-client set [find] use-peer-dns=no
/interface ppp-client set [find] use-peer-dns=no
I must use peer DNS. But this bug on RB 2011UiAS repeat the same DNS on every rows that write "Dynamic Servers".
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: v6.15 released

Tue Jul 01, 2014 1:25 pm


Thanks for reply, I have check this problem only on mipsbe devices:

netinstall 6.15 without keep previous config with netinstalled routeros-mipsbe-6.15.npk

All devices, after configured SNMP must be rebooted for SNMP to work, other things works flawlessly.
we are working on the issue.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Tue Jul 01, 2014 1:33 pm

And again, is not a bug, check how many peer DNS your provider send to you.

Why I'm sure is not a bug?

Because I'm using 4 2011UiAS all with 6.15 (really one with 6.16rc10...) with dynamic dns, one with dhcp client, one with pppoe-client connected to mikrotik pppoe-server, one with pppoe-client by ADSL (the screenshot)
the 4th are at my home and I use ppp on 3G as backup.

And this bug never happen to me...
Last edited by rextended on Tue Jul 01, 2014 1:39 pm, edited 2 times in total.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Tue Jul 01, 2014 1:37 pm


Thanks for reply, I have check this problem only on mipsbe devices:

netinstall 6.15 without keep previous config with netinstalled routeros-mipsbe-6.15.npk

All devices, after configured SNMP must be rebooted for SNMP to work, other things works flawlessly.
we are working on the issue.
Other detail: i have configured SNMP simpy paste this on new terminal, without using winbox GUI:
/snmp
set enabled=yes trap-community=public trap-target=0.0.0.0 trap-version=2
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
erebusodora
Frequent Visitor
Frequent Visitor
Posts: 74
Joined: Mon Jan 23, 2012 3:46 pm
Location: Bulgaria

Re: v6.15 released

Tue Jul 01, 2014 2:34 pm

And again, is not a bug, check how many peer DNS your provider send to you.

Why I'm sure is not a bug?

Because I'm using 4 2011UiAS all with 6.15 (really one with 6.16rc10...) with dynamic dns, one with dhcp client, one with pppoe-client connected to mikrotik pppoe-server, one with pppoe-client by ADSL (the screenshot)
the 4th are at my home and I use ppp on 3G as backup.

And this bug never happen to me...
You do not have the required permissions to view the files attached to this post.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: v6.15 released

Tue Jul 01, 2014 2:42 pm

do packet capture, maybe your auto-configuration sends you all these servers (with duplicates)
 
DMK
just joined
Posts: 11
Joined: Wed Jan 23, 2013 7:05 pm

Re: v6.15 released

Tue Jul 01, 2014 5:14 pm

Hi,

running /interface wireless spectral-history wlan1 or /interface wireless spectral-scan wlan1 on RB2011UAS-2HnD-IN 6.15 drops wireless connection and router stops broadcasting SSID until disabling and enabling wlan1 in winbox via ethernet connection.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Tue Jul 01, 2014 5:26 pm

Hi,

running /interface wireless spectral-history wlan1 or /interface wireless spectral-scan wlan1 on RB2011UAS-2HnD-IN 6.15 drops wireless connection and router stops broadcasting SSID until disabling and enabling wlan1 in winbox via ethernet connection.
It's the normal behaviour, any scan of any type and tx stop completly.
I'm Italian, not English. Sorry for my imperfect grammar.
 
littlebill
Member Candidate
Member Candidate
Posts: 231
Joined: Sat Apr 30, 2011 3:11 am

Re: v6.15 released

Wed Jul 02, 2014 12:36 am

did sstp for win7 clients ever get fixed? or disconnects on pptp when logged into winbox? this all broke after 6.7? anyone not seeing these issues anymore?
SSTP is broken for me. I use it on x86, RB493G and CCR-1009, get disconnect on larger amount of traffic/bandwith. CCR as VPN Concentrator? no way.

wonderful, support any comments on this?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Wed Jul 02, 2014 12:48 am

I have lost the hope after 6.7.
The rewriting of MPPE and making "ppp" multicore broken all feature I use on my 4 RB1100AHx2 pppoe-servers.

Already signaled to support from 6.10 and never get the solution,
every official new version I try, every version I'm forced to netinstall again the 6.7...

I use 6.15 on all my network infrastructure, no problem.

"ppp" new package are the problem...
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Thu Jul 03, 2014 4:29 pm

yes!, Yes!, YES!

Is like someone on next RouterOS 6.16rc11 like my ideas...
*) time - on routerboards, current time is saved in configuration on reboot
and on clock adjustment, and is used to set initial time after reboot;
http://forum.mikrotik.com/viewtopic.php ... 20#p434049
Last edited by rextended on Thu Jul 03, 2014 9:40 pm, edited 1 time in total.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 511
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.15 released

Thu Jul 03, 2014 4:46 pm

This time change sounds very good.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Thu Jul 03, 2014 4:49 pm

YEEEESSSS!!!
BUG FIXED: http://forum.mikrotik.com/viewtopic.php ... 88#p416454
STILL EXIST ON 6.15
http://forum.mikrotik.com/viewtopic.php ... 88#p416454
BUG SIGNALED FROM 6.10 AND STILL NOT FIXED???

Opened another ticket for that: [Ticket#2014041566000226] 6.12 UNFIXED BUG: user-manager profile limitation
I wait again the fix on 6.16... I'm waiting the fix from 6.10...
SOLVED ON NEXT 6.16rc11

--->> MISSING THIS FIX ON CHANGELOG <<---
Last edited by rextended on Thu Jul 03, 2014 9:40 pm, edited 1 time in total.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Thu Jul 03, 2014 4:53 pm

This bug on 6.16rc11 still present:

webfig can not create full working scripts:

http://forum.mikrotik.com/viewtopic.php ... 50#p433572
Last edited by rextended on Thu Jul 03, 2014 9:40 pm, edited 1 time in total.
I'm Italian, not English. Sorry for my imperfect grammar.
 
wolfeyes
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Sun Apr 17, 2011 11:37 am

Re: v6.15 released

Thu Jul 03, 2014 6:13 pm

yes!, Yes!, YES!

Is like someone on next RouterOS 6.16rc10 like my ideas...
*) time - on routerboards, current time is saved in configuration on reboot
and on clock adjustment, and is used to set initial time after reboot;
http://forum.mikrotik.com/viewtopic.php ... 20#p434049

Very very helpful for scripting.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Thu Jul 03, 2014 9:42 pm

on 6.16rc11 I reboot the board 2011i2hpnd and the system not reboot, required netinstall for restore the system

I try again with 6.16rc12 ....
I'm Italian, not English. Sorry for my imperfect grammar.
 
Lupin
Member Candidate
Member Candidate
Posts: 265
Joined: Mon Feb 16, 2009 10:22 pm
Location: Italy

Re: v6.15 released

Thu Jul 03, 2014 10:37 pm

The "wireless-fp" package seems stable.
When will you default include it as primary, in the standard update package?

I want to upgrade all my network without enable every station manually
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Thu Jul 03, 2014 10:39 pm

When I reboot using system/reboot my working 2011UiAS-2HnD netinstalled (netinstall 6.15) with 6.16rc11 it go to one loop with etherboot...

This problem for me is fixed with netinstalled (netinstall 6.15) 6.16rc12, never hang whenn rebooted.

"Timekeeping" work perfecly...
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Thu Jul 03, 2014 10:40 pm

The "wireless-fp" package seems stable.
When will you default include it as primary, in the standard update package?

I want to upgrade all my network without enable every station manually
Abbi pazienza... lo puoi attivare (se hai già una versione con wireless-fp) quindi lanciare l'update senza riavviare.
Ci ho già aggiornato più della metà della rete, in questo modo, senza problemi.
Quello che promettono è vero: ha significativamente meno latenza sia in NV2 che in nstreme...
Non ho incontrato un minimo problema nell'update, tutte le macchine hanno seguito (nel corso del tempo) questa scaletta:
6.7->6.10->6.14+fp->6.15+fp

Posso chiederti, per curiosità, da quale zona d'Italia?

********

Sorry for the Italian.
I'm Italian, not English. Sorry for my imperfect grammar.
 
Lupin
Member Candidate
Member Candidate
Posts: 265
Joined: Mon Feb 16, 2009 10:22 pm
Location: Italy

Re: v6.15 released

Fri Jul 04, 2014 12:54 am

Preferisco attendere l'inglobamento del package, conoscendo Mikrotik ho il timore che quando aggiornerai da una versione con il package aggiuntivo ad una più recente senza package si impianterà tutto :D

Zona Nord-est

Ciao
 
changeip
Forum Guru
Forum Guru
Posts: 3804
Joined: Fri May 28, 2004 5:22 pm

Re: v6.15 released

Fri Jul 04, 2014 3:05 am

Who else is having ospf problems? Many times all routes do not make it into the routing table, only into LSA. Is this the routing engine crashing? A reboot or three will finally make it work. I finally grabbed a supout and will put together a ticket if I can.
Colo and Wholesale Bandwidth Available! Sales at SanDiegoBroadband dot com
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1825
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: v6.15 released

Fri Jul 04, 2014 4:19 am

Who else is having ospf problems? Many times all routes do not make it into the routing table, only into LSA. Is this the routing engine crashing? A reboot or three will finally make it work. I finally grabbed a supout and will put together a ticket if I can.
We experienced this behavior from 6.0 through 6.5 where it was fixed for us. Have you tried rolling back a few releases to identify where it was introduced ?
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
tweetyspn
just joined
Posts: 14
Joined: Wed Jul 13, 2011 10:48 pm

Re: v6.15 released

Fri Jul 04, 2014 3:36 pm

When I reboot using system/reboot my working 2011UiAS-2HnD netinstalled (netinstall 6.15) with 6.16rc11 it go to one loop with etherboot...

This problem for me is fixed with netinstalled (netinstall 6.15) 6.16rc12, never hang whenn rebooted.

"Timekeeping" work perfecly...
Rextended, if I got it correctly, you rebooted the 2011UiAS using system->reboot and it needed netinstall afterwards? Not even a power unplug/plug?

I had a strange issue lately with a RB1100AHx2 which sometimes requires a power unplug/plug after a scheduled reboot with a script (/system reboot). I wonder if there is an issue somewhere..
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 545
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v6.15 released

Fri Jul 04, 2014 4:31 pm

on 6.16rc11 I reboot the board 2011i2hpnd and the system not reboot, required netinstall for restore the system

I try again with 6.16rc12 ....
I've had some issues with 6.16rc11 on partitioned systems: stable system on part0 and test env on part1, boot my part1 (active), upgrade to 6.16rc11, reboot ..board start with part0 and part1 in unusable even if I try to activate it again. Problem seen on two board (CRS and 2011).
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Fri Jul 04, 2014 5:28 pm

When I reboot using system/reboot my working 2011UiAS-2HnD netinstalled (netinstall 6.15) with 6.16rc11 it go to one loop with etherboot...

This problem for me is fixed with netinstalled (netinstall 6.15) 6.16rc12, never hang whenn rebooted.

"Timekeeping" work perfecly...
Rextended, if I got it correctly, you rebooted the 2011UiAS using system->reboot and it needed netinstall afterwards? Not even a power unplug/plug?

I had a strange issue lately with a RB1100AHx2 which sometimes requires a power unplug/plug after a scheduled reboot with a script (/system reboot). I wonder if there is an issue somewhere..
I have 4 RB1100AHx2 and I use it as pppoe-server, EVERY SINGLE DEVICE ON MY PRODUCTION NETWORK, EVERY 28 DAYS @04:00 AM AUTOMATICALLY REBOOT. Never haved one single problem with 5.26/6.7/6.10/6.14+wireless-fp/6.15+wireless-fp
I never haved one problem on autoreboot or reboot manually.

About 2011 obviously I omit unplug the power or not, because there are not significant powering off removing the power do not do any problems.
Still require netinstall to work again if rebooted by system/reboot, but is introduced on r11 and is already fixed on r12.
I'm Italian, not English. Sorry for my imperfect grammar.
 
Neilson
Member Candidate
Member Candidate
Posts: 174
Joined: Tue Nov 06, 2012 10:42 pm
Location: Auckland, New Zealand

Re: v6.15 released

Sun Jul 06, 2014 2:28 am

ok need to use the prefix 262605 how do I? tanks.
Use 23456,

or one of the private prefixes,

or use another number

you could also try appending L to the end of the number, but I have not found any mikrotik documentation that says they support this signalling of 4-Byte AS Numbers.

Mikrotik may come back and change this or tell me I am wrong.

Also if you explain your use case then that could assist us in understanding other ways to do it.

Regards
Alexander

@rafaeltdk

I have to apologise that I missed this from the manual:

http://wiki.mikrotik.com/wiki/Manual:Ro ... ng_filters

append-route-targets (AsIP|AsNum;) Append value to route target EXTENDED_COMMUNITIES path attribute

This would allow you to use extended communities.

Regards
Alexander
 
wispwest
Member
Member
Posts: 477
Joined: Tue May 19, 2009 3:48 am

Re: v6.15 released

Sun Jul 06, 2014 7:10 am

Keep getting reboots from "Kernal Failure" on rb912's... dang!
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 511
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.15 released

Sun Jul 06, 2014 7:52 am

Keep getting reboots from "Kernal Failure" on rb912's... dang!
I have some boards with these reboots. Upgraded few of them with v6.16rc11 and the problem seems fixed. No reboots for a few days now.
 
prawira
Trainer
Trainer
Posts: 281
Joined: Fri Feb 10, 2006 5:11 am

Re: v6.15 released

Sun Jul 06, 2014 11:21 am

I just upgrade my CRS from 6.12 to 6.15

and seems i got time issue on log
6.15 time.jpg
the /system clock show and the top bar show the correct date and time BUT the log file show the time 7 hours before.

this problem never introduced on the previous version

it is a but, isn't it ?

Paul
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Sun Jul 06, 2014 2:24 pm

I just upgrade my CRS from 6.12 to 6.15

and seems i got time issue on log
6.15 time.jpg
the /system clock show and the top bar show the correct date and time BUT the log file show the time 7 hours before.

this problem never introduced on the previous version

it is a but, isn't it ?

Paul
simply change timezone and apply previous back (not with undo).
I'm Italian, not English. Sorry for my imperfect grammar.
 
yozz
just joined
Posts: 15
Joined: Fri Jan 31, 2014 11:51 pm

Re: v6.15 released

Mon Jul 07, 2014 2:02 am

PLEASE!!!!!!!!!!!!!!!!!!!!
ADD IPSEC INTERFACES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


PLEASE!!!!!!!!!!!!!!!!!!!!
ADD IPSEC INTERFACES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


PLEASE!!!!!!!!!!!!!!!!!!!!
ADD IPSEC INTERFACES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24325
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.15 released

Mon Jul 07, 2014 9:21 am

PLEASE!!!!!!!!!!!!!!!!!!!!
ADD IPSEC INTERFACES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
IPsec is supported. Or please clarify what you mean?
No answer to your question? How to write posts
 
andriys
Forum Guru
Forum Guru
Posts: 1192
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.15 released

Mon Jul 07, 2014 9:25 am

PLEASE!!!!!!!!!!!!!!!!!!!!
ADD IPSEC INTERFACES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
What do you need them for? Virtual interfaces coupled with classic (policy-based) IPsec seem to be rather confusing (since you generally can not pass arbitrary traffic through them, but only what's covered by the policy). What am I missing?
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1825
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: v6.15 released

Mon Jul 07, 2014 10:48 am

PLEASE!!!!!!!!!!!!!!!!!!!!
ADD IPSEC INTERFACES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
IPsec is supported. Or please clarify what you mean?
He is meaning IPSEC Virtual Tunnel Interfaces.

The feature I have been asking for since 2009 ;)

Mikrotik do not seem to take this request seriously... :cry:
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24325
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.15 released

Mon Jul 07, 2014 11:01 am

Sorry, not my field. Such things please also email support.
No answer to your question? How to write posts
 
i4jordan
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Mon Sep 02, 2013 1:42 am

Re: v6.15 released

Mon Jul 07, 2014 1:03 pm

With IPsec Virtual Interface most people mean an virtual interface like the IPIP or GRE interface.
But then with standard IPsec security.

SonicWall has a very nice implementation of this kind of interface. Keep in mind SonicWall has a propriety implementation.

I do understand we can make this with IPIP+ipsec and GRE+ipsec. But the performance of those constructions is very bad.

I would recommend Mikrotik to investigate the SonicWall implementation of the ipsec tunnel interface.
Some reading:
http://www.sonicwall.com/downloads/Soni ... Module.pdf
http://www.sonicwall.com/us/en/support/ ... &match=and
 
andriys
Forum Guru
Forum Guru
Posts: 1192
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.15 released

Mon Jul 07, 2014 1:24 pm

I do understand we can make this with IPIP+ipsec and GRE+ipsec. But the performance of those constructions is very bad.
Then the right thing to ask Mikrotik engineers for is to improve the performance of these standards-compliant combinations, rather then inventing something proprietary or trying to mimic some other vendor's proprietary solutions.
 
i4jordan
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Mon Sep 02, 2013 1:42 am

Re: v6.15 released

Mon Jul 07, 2014 2:53 pm

@andriys

Yes I agree with you that the engineers should fix/improve the speed on the IPIP+ipsec and/or GRE+ipsec implementations.

But besides the throughput speed, a IPsec tunnel is less complicated to configure than IPsec (peer/profile/policy) + IPIP/GRE tunnel (tunnel+subnet).
At least in the SonicWall NSA series it is less than 2 minutes work.
I just like the SonicWall ipsec tunnel interface speed and simplicity to configure. But MKT is much more flexible in all other things you want to do with router/firewall's.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5950
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.15 released

Mon Jul 07, 2014 3:15 pm

By looking at sonicwall links, where is the benefit of VTI in such configuration? You still need to set policies for that interface meaning additional configuration.

on mikrotik:
gre over ipsec would be true interface usable for routing firewall etc.
ipsec with subnet policies - the same as sonic wall provided example except that you do not need to configure virtual interface.
 
i4jordan
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Mon Sep 02, 2013 1:42 am

Re: v6.15 released

Mon Jul 07, 2014 3:45 pm

@MRZ

On a SonicWall you only provide ipsec settings in the VTI settings dialogs.
And yes those are in fact peer/proposal/policy info.
But you do not need to make a separate GRE tunnel with the same end-point peer IP addresses.

Also in the SW implementation you do not need IP adresses (subnet) for the VTI tunnels to get routing working. You just route to a VTI interface in stead of a gateway address.
It gets some more complicated on a SW if you are in the need of OSPF kind of dynamic routing. This would be easier on a MKT router.

So on a SW it very simple to implement static routed secured tunnels.

But the main thing is there are blazing fast on SW. Even with a Quad 550Mhz Mips64 Octeon Processor in the NSA3500 series I do get fantastic results on AES-256 secured VTI tunnels.

If I compare this with GRE+ipsec tunnels on a CCR1036 (36 core 1,2Ghz) I do get very very poor performance with MKT.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5950
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.15 released

Mon Jul 07, 2014 3:52 pm

Then it is just a configuration issue. What if you have something like (use-ipsec) in gre configuration and no additional ipsec config is required?

How much did you get with gre over ipsec on CCR?
 
mt-guy
just joined
Posts: 8
Joined: Mon May 26, 2008 4:41 pm

Re: v6.15 released

Mon Jul 07, 2014 8:37 pm

IPSEC groups are not working. When assigning a group to a policy nothing happens, not even an error. In winbox the group is not even visible under policies. Has this ever worked in earlier versions?

IPSEC still stops working randomly, a user that was able to connect a couple of days ago, can no longer connect using L2TP/IPSEC. Sometimes it helps Flushing SA:s. I experienced this myself today. I was connected on Friday for a short while without any problems, but today I was unable to connect, I tried several times, but when flushing the SA:s I was able to connect.
 
andriys
Forum Guru
Forum Guru
Posts: 1192
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.15 released

Mon Jul 07, 2014 10:19 pm

IPSEC groups are not working. When assigning a group to a policy nothing happens, not even an error. In winbox the group is not even visible under policies. Has this ever worked in earlier versions?
Groups are to be used with policy templates, not policies.
Works fine for me at least in 6.7, though there's no GUI support for these IPsec features in 6.7.
 
mt-guy
just joined
Posts: 8
Joined: Mon May 26, 2008 4:41 pm

Re: v6.15 released

Mon Jul 07, 2014 11:52 pm

IPSEC groups are not working. When assigning a group to a policy nothing happens, not even an error. In winbox the group is not even visible under policies. Has this ever worked in earlier versions?
Groups are to be used with policy templates, not policies.
Works fine for me at least in 6.7, though there's no GUI support for these IPsec features in 6.7.
Thank's that works perfectly. :oops: :-D

Now it's only the connection problem left.
 
jarda
Forum Guru
Forum Guru
Posts: 7604
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.15 released

Tue Jul 08, 2014 12:08 am


IPSEC still stops working randomly, a user that was able to connect a couple of days ago, can no longer connect using L2TP/IPSEC. Sometimes it helps Flushing SA:s. I experienced this myself today. I was connected on Friday for a short while without any problems, but today I was unable to connect, I tried several times, but when flushing the SA:s I was able to connect.
I have script that flushes sa's on both sides of the link when the connection breaks. It helps normally.
 
jarda
Forum Guru
Forum Guru
Posts: 7604
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.15 released

Tue Jul 08, 2014 12:11 am

What if you have something like (use-ipsec) in gre configuration and no additional ipsec config is required?
Can be interesting. Especially when used for eoip also. And for other types of tunnels if suitable.
 
staslabs
newbie
Posts: 38
Joined: Mon Feb 27, 2006 9:38 pm
Contact:

Re: v6.15 released

Tue Jul 08, 2014 12:55 am

6.15 + CCR1036-12G-4S

Radius not work well

downgrade for 6.7 -> is OK
You do not have the required permissions to view the files attached to this post.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1825
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: v6.15 released

Tue Jul 08, 2014 12:58 am

By looking at sonicwall links, where is the benefit of VTI in such configuration? You still need to set policies for that interface meaning additional configuration.

on mikrotik:
gre over ipsec would be true interface usable for routing firewall etc.
ipsec with subnet policies - the same as sonic wall provided example except that you do not need to configure virtual interface.
OK, so VTI is a fairly common feature. The implementations on Cisco, Juniper ScreenOS and JunOS, Fortinet, SonicWall, Sophos UTM(Astaro), Vyatta and Palo Alto Networks are all compatible with each other.

Contrary to what the above poster has said, the SonicWall implementation is not proprietary to them, and will indeed work with the other vendors listed above.

What are the benefits over IPSEC+GRE or IPSEC+EoIP ?

- VTI is standard, and works across multiple vendors
- Lower overheads
- Lower IP fragmentation
- Simpler configuration! e.g. No need for Proxy-ID's, Just route the traffic down the VTI
- NHTB feature allows for easy mesh style IPSEC deployments
- More flexible. You can create firewall policies based on the VTI interface, and know anything to/from this interface has been encrypted

see http://forum.mikrotik.com/viewtopic.php?f=2&t=65734 for more information.

I am more than happy to do a live demo of these features with Mikrotik, showing ease of configuration, advantages and inter-vendor inter-op. We have literally thousands of tunnels running using IPSEC VTI.

If RouterOS had this feature back when we first asked for it, it would have resulted in the sale of thousands of Mikrotik devices... Instead, Fortinet and Cisco have profited.
Last edited by nz_monkey on Tue Jul 08, 2014 10:48 am, edited 2 times in total.
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
jarda
Forum Guru
Forum Guru
Posts: 7604
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.15 released

Tue Jul 08, 2014 7:40 am

Agree. VTI would be definitely good feature.
 
i4jordan
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Mon Sep 02, 2013 1:42 am

Re: v6.15 released

Tue Jul 08, 2014 10:04 am

@nz_monkey

Thank you for making this VTI feature more clear for everyone. I was not aware that VTI implementation in the SonicWall is a standard supported by other brands.

I hope Mikrotik takes some time to improve IPsec performance and features because the main thing we do is making VPN networks for intercompany netwerk trafic.
And with the fast ISP connections in the Netherlands it would be very nice to have very fast VPN tunnels.
 
ste
Forum Guru
Forum Guru
Posts: 1815
Joined: Sun Feb 13, 2005 11:21 pm

Re: v6.15 released

Tue Jul 08, 2014 10:38 am

We are in progress updating all of our RBs to 6.15. We've a mix of nearly every routerboard.
RB1xx will not be upgraded due to their weak resources. The rest works fine. Single problem
so far was a RB450G which needed a manual powercycle to start up again.
 
andriys
Forum Guru
Forum Guru
Posts: 1192
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.15 released

Tue Jul 08, 2014 11:06 am

- VTI is standard, and works across multiple vendors
Can you point me to an RFC or similar document, please? I assume some doc should exist, if the feature is standard, as you say. I'd like to learn how it works on the protocol level.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1825
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: v6.15 released

Tue Jul 08, 2014 12:20 pm

- VTI is standard, and works across multiple vendors
Can you point me to an RFC or similar document, please? I assume some doc should exist, if the feature is standard, as you say. I'd like to learn how it works on the protocol level.
http://www.isi.edu/div7/presentation_fi ... outing.pdf Very old document, but has a great outline on how VTI works at a protocol level. See Page 33...

http://www.cisco.com/c/en/us/td/docs/io ... _tunnl.pdf Cisco docs on VTI

http://www.spinics.net/lists/netdev/msg200670.html Linux implementation of VTI

http://www.juniper.net/techpubs/en_US/j ... uring.html Juniper example between JunOS (Juniper) and ScreenOS (Netscreen) using different implementations of VTI at each end.

http://tools.ietf.org/html/draft-ietf-ipsec-dhcp-12 Providing client IP's using DHCP over VTI's
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
mt-guy
just joined
Posts: 8
Joined: Mon May 26, 2008 4:41 pm

Re: v6.15 released

Tue Jul 08, 2014 12:52 pm

As I don't get any replies any more from Mikrotik on Ticket#2014061166000542, I can share an experience with those of you who have IPSEC problems. When upgrading from earlier versions, like 5.26 to 6.15, you will get: generate-policy=port-override instead of generate-policy=yes. Nothing strange with this, as this should be the most compatible setting according to Mikrotik. The problem is that it no longer works reliably. If you connect to a router running 6.15 that has generate-policy=port-override with an L2TP/IPSEC client like Windows XP, it will work. If you then disconnect and reconnect the client it will be unable to establish the IPSEC transport connection (reproducible every time for a client I have tested behind NAT) . The only way to reconnect is by flushing the SAs.

Workaround: use the setting generate-policy=port-strict. This will stop what can appear as random connection problems, and it will let the clients reconnect immediately after disconnecting without flushing the SAs.
 
djdrastic
Member
Member
Posts: 305
Joined: Wed Aug 01, 2012 2:14 pm

Re: v6.15 released

Tue Jul 08, 2014 1:05 pm

Agreed regarding the VTI . I have some extremely reliable mtk boxes that I might possibly have to junk now as we've moved away from a nix based quagga server to a fortinet and I absolutely need VTI.
 
dominicbatty
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Wed Jul 07, 2010 12:26 pm

Re: v6.15 released

Tue Jul 08, 2014 2:57 pm

Has anyone tested the reported long term routing-mark issue in any of the v6.16 rc versions yet and is it perhaps fixed?

The reason I ask is that we have routing marks that route our VOIP(SIP) traffic up another line via a mangle rule and a route with a routing mark set to pick these up and send it down that line. Our lines are extremely stable but today the VOIP provider line went down and the router re-routed traffic onto the primary route using a script that disables the route with the routing mark hence it gets collected by the default route, even though it has been marked. When the line came back up and the script re-enabled the route with the routing mark, the route refused to collect the traffic that had been marked for it and nothing I did could get it to pick up the traffic again.

I was lucky, because our VOIP provider provides some really detailed SIP traces on a per call basis so I could see that they were getting traffic arriving via our primary route even though our router was back to exactly the same original configuration as it had been before I disabled and re-enabled the route.

A reboot of the router immediately brought everything back up. It therefore looks like I have a replicable example but I don't want to bust a gut trying to set this up and log it with support if it's maybe already fixed.

Thanks, Dominic.

EDIT - time was tight today whilst the business was open but I should be able to provide some more details this evening.
EDIT2 - are the people having problems with routing marks only seeing this with UDP traffic by any chance?
EDIT3 - after some testing this evening, this problem does not look like a routing mark issue as the routing marks are being applied correctly but does look like a NAT session connection issue where it is not getting dropped.
Last edited by dominicbatty on Wed Jul 09, 2014 10:58 am, edited 1 time in total.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5950
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.15 released

Tue Jul 08, 2014 3:58 pm

As I don't get any replies any more from Mikrotik on Ticket#2014061166000542, I can share an experience with those of you who have IPSEC problems. When upgrading from earlier versions, like 5.26 to 6.15, you will get: generate-policy=port-override instead of generate-policy=yes. Nothing strange with this, as this should be the most compatible setting according to Mikrotik. The problem is that it no longer works reliably. If you connect to a router running 6.15 that has generate-policy=port-override with an L2TP/IPSEC client like Windows XP, it will work. If you then disconnect and reconnect the client it will be unable to establish the IPSEC transport connection (reproducible every time for a client I have tested behind NAT) . The only way to reconnect is by flushing the SAs.

Workaround: use the setting generate-policy=port-strict. This will stop what can appear as random connection problems, and it will let the clients reconnect immediately after disconnecting without flushing the SAs.
Thanks, we will look if there are any differences between strict and override that could affect your mentioned problem.
 
hedele
Member
Member
Posts: 338
Joined: Tue Feb 24, 2009 11:23 pm

Re: v6.15 released

Tue Jul 08, 2014 6:17 pm

Agreed regarding the VTI . I have some extremely reliable mtk boxes that I might possibly have to junk now as we've moved away from a nix based quagga server to a fortinet and I absolutely need VTI.
How so? Fortinet VTIs interoperate perfectly with standard IPSec Site to Site implementations like Mikrotik or Cisco ASA.
You just need to understand that the Fortinet VTI itself is equivalent to Phase 1 (IPSec Peer configuration), and the Policies you can bind on the VTI are equivalent to Phase 2 (IPSec Policy configuration). You don't have an interface on your Mikrotik box, but most configuration can be adapted to work this way.
 
djdrastic
Member
Member
Posts: 305
Joined: Wed Aug 01, 2012 2:14 pm

Re: v6.15 released

Tue Jul 08, 2014 10:16 pm


How so? Fortinet VTIs interoperate perfectly with standard IPSec Site to Site implementations like Mikrotik or Cisco ASA.
You just need to understand that the Fortinet VTI itself is equivalent to Phase 1 (IPSec Peer configuration), and the Policies you can bind on the VTI are equivalent to Phase 2 (IPSec Policy configuration). You don't have an interface on your Mikrotik box, but most configuration can be adapted to work this way.

True I guess I can hack something together (ugh) on the Fortinet to get the OSPF working on the ends.Just a pain in the ass compared to how easy it is on other vendors equipment.
 
ste
Forum Guru
Forum Guru
Posts: 1815
Joined: Sun Feb 13, 2005 11:21 pm

Re: v6.15 released

Thu Jul 10, 2014 12:50 pm

Ripped a 411ah to dead upgrading it to 6.15.
Draws power, makes ethernet link but does nothing more.
Wireless is dead and does not send a packet to the ethernet.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Thu Jul 10, 2014 1:24 pm

Exact and detailed method used for upgrade the board?
I'm Italian, not English. Sorry for my imperfect grammar.
 
ste
Forum Guru
Forum Guru
Posts: 1815
Joined: Sun Feb 13, 2005 11:21 pm

Re: v6.15 released

Thu Jul 10, 2014 2:00 pm

Exact and detailed method used for upgrade the board?
Copy whole package with winbox, reboot by scheduler at night.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5950
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.15 released

Thu Jul 10, 2014 2:03 pm

Has anyone tested the reported long term routing-mark issue in any of the v6.16 rc versions yet and is it perhaps fixed?
....
What you described is not really a bug.

NAT sees only the first packet of the connection. When you reroute packets of already established connection NAT has no way of knowing that. You have to clear open connections so that connection tracking reestablish connection and only then NAT will use correct addresses.
 
dominicbatty
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Wed Jul 07, 2010 12:26 pm

Re: v6.15 released

Thu Jul 10, 2014 6:43 pm

thanks for the update, the problem I have is knowing which ones to clear but I've plumped for the whole lot which seems to be working ok.
 
sgxluk
just joined
Posts: 6
Joined: Thu Jul 10, 2014 6:26 pm

Re: v6.15 released

Thu Jul 10, 2014 11:54 pm

SFP port flapping bug still persists, please fix it & release an update ASAP
 
User avatar
dgnevans
Member
Member
Posts: 463
Joined: Fri Mar 08, 2013 11:24 am
Location: Zimbabwe
Contact:

Re: v6.15 released

Sat Jul 12, 2014 10:58 pm

I have had an interesting issue appear since i updated my routers to version 6.15 devices and user shares that are on other side of router are not accessible unless I ping the ip of the device. ie I have a router seperating my backbone where my dns servers and storage are located and my lan where my desktop users are located. Desktop users cannot access the network store or dns unless they are pinging the server. this was not happening before version 6.15 any suggestions.
 
User avatar
paoloaga
Member Candidate
Member Candidate
Posts: 222
Joined: Tue Mar 08, 2011 2:52 am
Location: Vaprio d'Agogna (NO) - Italy
Contact:

Re: v6.15 released

Wed Jul 16, 2014 3:56 pm

How is this possible?

(read the cpu frequency reported by the two commands, on the same routerboard)

[admin@MikroTik] > /system resource print
uptime: 1h49m56s
version: 6.15
build-time: Jun/12/2014 12:25:29
free-memory: 8.4MiB
total-memory: 32.0MiB
cpu: MIPS 24Kc V7.4
cpu-count: 1
cpu-frequency: 300MHz
cpu-load: 1%
free-hdd-space: 50.1MiB
total-hdd-space: 63.8MiB
write-sect-since-reboot: 28602
write-sect-total: 206729
bad-blocks: 0.3%
architecture-name: mipsbe
board-name: RB951-2n
platform: MikroTik
[admin@MikroTik] > /system routerboard settings print
boot-device: nand-if-fail-then-ethernet
cpu-frequency: 360MHz
boot-protocol: bootp
force-backup-booter: no
silent-boot: no



This behaviour makes my monitoring software going crazy...
 
athlonxp78
just joined
Posts: 13
Joined: Wed Feb 10, 2010 4:17 am

Re: v6.15 released

Wed Jul 16, 2014 8:25 pm

How is this possible?

(read the cpu frequency reported by the two commands, on the same routerboard)

[admin@MikroTik] > /system resource print
uptime: 1h49m56s
version: 6.15
build-time: Jun/12/2014 12:25:29
free-memory: 8.4MiB
total-memory: 32.0MiB
cpu: MIPS 24Kc V7.4
cpu-count: 1
cpu-frequency: 300MHz
cpu-load: 1%
free-hdd-space: 50.1MiB
total-hdd-space: 63.8MiB
write-sect-since-reboot: 28602
write-sect-total: 206729
bad-blocks: 0.3%
architecture-name: mipsbe
board-name: RB951-2n
platform: MikroTik
[admin@MikroTik] > /system routerboard settings print
boot-device: nand-if-fail-then-ethernet
cpu-frequency: 360MHz
boot-protocol: bootp
force-backup-booter: no
silent-boot: no



This behaviour makes my monitoring software going crazy...
Exactly the same here, RB2011LS upgraded to v6.15, down to 6.10 and the mismatch persist:

sys re pr
uptime: 21h53m31s
version: 6.10
build-time: Feb/12/2014 13:46:18
free-memory: 30.3MiB
total-memory: 64.0MiB
cpu: MIPS 74Kc V4.12
cpu-count: 1
cpu-frequency: 600MHz
cpu-load: 36%
free-hdd-space: 101.9MiB
total-hdd-space: 128.0MiB
write-sect-since-reboot: 32647
write-sect-total: 504475
bad-blocks: 0%
architecture-name: mipsbe
board-name: RB2011LS
platform: MikroTik

/system routerboard settings print
boot-device: nand-if-fail-then-ethernet
cpu-frequency: 500MHz
boot-protocol: bootp
silent-boot: no

We sufer some random "kernel panic" + "out of memory"
Supout.rif sended to staff.

EDIT: This only happen in RB2011 series, in the others MK upgraded to v6.15 everything is working fine.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Wed Jul 16, 2014 9:06 pm

How is this possible?

(read the cpu frequency reported by the two commands, on the same routerboard)

[admin@MikroTik] > /system resource print
uptime: 1h49m56s
version: 6.15
build-time: Jun/12/2014 12:25:29
free-memory: 8.4MiB
total-memory: 32.0MiB
cpu: MIPS 24Kc V7.4
cpu-count: 1
cpu-frequency: 300MHz
cpu-load: 1%
free-hdd-space: 50.1MiB
total-hdd-space: 63.8MiB
write-sect-since-reboot: 28602
write-sect-total: 206729
bad-blocks: 0.3%
architecture-name: mipsbe
board-name: RB951-2n
platform: MikroTik
[admin@MikroTik] > /system routerboard settings print
boot-device: nand-if-fail-then-ethernet
cpu-frequency: 360MHz
boot-protocol: bootp
force-backup-booter: no
silent-boot: no



This behaviour makes my monitoring software going crazy...
paste this:
/system routerboard settings set cpu-frequency=400MHz
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Wed Jul 16, 2014 9:07 pm

How is this possible?

(read the cpu frequency reported by the two commands, on the same routerboard)

[admin@MikroTik] > /system resource print
uptime: 1h49m56s
version: 6.15
build-time: Jun/12/2014 12:25:29
free-memory: 8.4MiB
total-memory: 32.0MiB
cpu: MIPS 24Kc V7.4
cpu-count: 1
cpu-frequency: 300MHz
cpu-load: 1%
free-hdd-space: 50.1MiB
total-hdd-space: 63.8MiB
write-sect-since-reboot: 28602
write-sect-total: 206729
bad-blocks: 0.3%
architecture-name: mipsbe
board-name: RB951-2n
platform: MikroTik
[admin@MikroTik] > /system routerboard settings print
boot-device: nand-if-fail-then-ethernet
cpu-frequency: 360MHz
boot-protocol: bootp
force-backup-booter: no
silent-boot: no



This behaviour makes my monitoring software going crazy...
Exactly the same here, RB2011LS upgraded to v6.15, down to 6.10 and the mismatch persist:

sys re pr
uptime: 21h53m31s
version: 6.10
build-time: Feb/12/2014 13:46:18
free-memory: 30.3MiB
total-memory: 64.0MiB
cpu: MIPS 74Kc V4.12
cpu-count: 1
cpu-frequency: 600MHz
cpu-load: 36%
free-hdd-space: 101.9MiB
total-hdd-space: 128.0MiB
write-sect-since-reboot: 32647
write-sect-total: 504475
bad-blocks: 0%
architecture-name: mipsbe
board-name: RB2011LS
platform: MikroTik

/system routerboard settings print
boot-device: nand-if-fail-then-ethernet
cpu-frequency: 500MHz
boot-protocol: bootp
silent-boot: no

We sufer some random "kernel panic" + "out of memory"
Supout.rif sended to staff.

EDIT: This only happen in RB2011 series, in the others MK upgraded to v6.15 everything is working fine.
paste this:
/system routerboard settings set cpu-frequency=600MHz
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
paoloaga
Member Candidate
Member Candidate
Posts: 222
Joined: Tue Mar 08, 2011 2:52 am
Location: Vaprio d'Agogna (NO) - Italy
Contact:

Re: v6.15 released

Wed Jul 16, 2014 11:30 pm

/system routerboard settings set cpu-frequency=400MHz
It's the first thing I did (obviously), but it didn't work.

The correct frequency for that RB is 360MHz (despite some can run at 400). My software recognize which one of the two version is using /system resource print. It sees 300MHz so it believes it's the 400MHz version wrongly clocked at 300, tries to set it at 400, resets the router and loops (the 360MHz version would run at 260MHz if the setting is wrong).
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 714
Joined: Tue Aug 25, 2009 12:01 am

Re: v6.15 released

Thu Jul 17, 2014 3:59 am

By looking at sonicwall links, where is the benefit of VTI in such configuration? You still need to set policies for that interface meaning additional configuration.

on mikrotik:
gre over ipsec would be true interface usable for routing firewall etc.
ipsec with subnet policies - the same as sonic wall provided example except that you do not need to configure virtual interface.
Being able to "zone" the interface and classify traffic going over it separately from the parent interface. Cisco, juniper, Palo Alto all support this and it hinders compatibility by not providing this functionality.

Also, it should benefit milrotik because it's not doubly encapsulated like ipsec/gre.
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 545
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v6.15 released

Thu Jul 17, 2014 8:50 am

.. on my lab RB2011 the (supposed) 6.16 final update (from 6.15) + firmware update (3.16->3.17) ..have needed a manual reboot. Display showed 'rebooting' but was stuck; pay attention if you have remote similar device/conditions..
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Thu Jul 17, 2014 9:22 am

.. on my lab RB2011 the (supposed) 6.16 final update (from 6.15) + firmware update (3.16->3.17) ..have needed a manual reboot. Display showed 'rebooting' but was stuck; pay attention if you have remote similar device/conditions..
The file you download from the beta area is not the final version.
If you not trust me save the file somewhere and compare with the final public version when available.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Thu Jul 17, 2014 9:23 am

PLEASE FIX THIS BUG BEFORE LAST 6.16 COME OUT...

THIS BUG ALREADY SIGNALED ON 6.12 STILL PRESENT AND NOT SOLVED:

Primary BUG: Webfig created script or schedule do not have ftp, winbox, api rights and are impossible to set that rights on Webfig

Secondary BUG: Winbox do not have the possibility to change ftp, winbox, api rights on script or schedule

VERSION AFFECTED: ALL VERSION OF ROUTEROS. Included last pre-release 6.16

When one script are created on Winbox or on CLI, the default right applied are:
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api

But when the script are created by webfig, the only right can be applied are:
reboot,read,write,policy,test,password,sniff,sensitive
MISSING ftp,winbox,api

Without ftp right some command like "/export file=filename;" are not doable on script / schedule created with WebFig.

Walkthrought: obviously using the CLI you can set the missing rights.

Is clear what is the problem, without any other investigation.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 545
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v6.15 released

Thu Jul 17, 2014 10:43 am

The file you download from the beta area is not the final version.
If you not trust me save the file somewhere and compare with the final public version when available.
I hope so @rextended :D, otherwise many mt guys will have to jump in their cars.. :lol:
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24325
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.15 released

Thu Jul 17, 2014 11:25 am

Todays build of 6.16 has fixed the issue bajodel had above
No answer to your question? How to write posts
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 545
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v6.15 released

Thu Jul 17, 2014 2:44 pm

Todays build of 6.16 has fixed the issue bajodel had above
well done! 8)
 
Quindor
Member
Member
Posts: 347
Joined: Tue Aug 14, 2012 2:57 am
Location: Noord-Brabant, The Netherlands
Contact:

Re: v6.15 released

Thu Jul 17, 2014 7:16 pm

PLEASE FIX THIS BUG BEFORE LAST 6.16 COME OUT...

THIS BUG ALREADY SIGNALED ON 6.12 STILL PRESENT AND NOT SOLVED:

Primary BUG: Webfig created script or schedule do not have ftp, winbox, api rights and are impossible to set that rights on Webfig

Secondary BUG: Winbox do not have the possibility to change ftp, winbox, api rights on script or schedule

VERSION AFFECTED: ALL VERSION OF ROUTEROS. Included last pre-release 6.16

When one script are created on Winbox or on CLI, the default right applied are:
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api

But when the script are created by webfig, the only right can be applied are:
reboot,read,write,policy,test,password,sniff,sensitive
MISSING ftp,winbox,api

Without ftp right some command like "/export file=filename;" are not doable on script / schedule created with WebFig.

Walkthrought: obviously using the CLI you can set the missing rights.

Is clear what is the problem, without any other investigation.
How did support respond to your questions about this? Where they able to verify and test with you?
http://www.campzone.nl World's Largest Outdoor LANParty, http://intermit.tech Intermittend Technology blog, My blog about the ESP8266, IP Camera's and other tech related subjects!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.15 released

Thu Jul 17, 2014 7:32 pm

How did support respond to your questions about this? Where they able to verify and test with you?
How I can respond to your question? Is like you are unable to verify yourself the problem.
I'm Italian, not English. Sorry for my imperfect grammar.
 
Quindor
Member
Member
Posts: 347
Joined: Tue Aug 14, 2012 2:57 am
Location: Noord-Brabant, The Netherlands
Contact:

Re: v6.15 released

Sat Jul 19, 2014 12:25 am

How did support respond to your questions about this? Where they able to verify and test with you?
How I can respond to your question? Is like you are unable to verify yourself the problem.
Not really, I don't use it myself. But you keep spamming the forums about it, so I wondered what support said about it. Are they able to verify it?
http://www.campzone.nl World's Largest Outdoor LANParty, http://intermit.tech Intermittend Technology blog, My blog about the ESP8266, IP Camera's and other tech related subjects!
 
ahmednama
just joined
Posts: 2
Joined: Fri Sep 12, 2014 10:13 am

Re: v6.15 released

Fri Sep 12, 2014 11:08 pm

Could we perhaps have BETA stamped on this firmware again?

This is not the typical behavior or development path of "stable" firmware. At ALL.

Seriously, 15 revisions later, and we are not making any serious progress. One step forward, another step sideways and backwards.

I'm sick of being a beta tester, there is no reason to have STABLE marked on this firmware.
Please clarify what makes you say this? In this thread, no serious problems have been reported that are specific to v6.15.
Routing-mark issue has been seen on very few customers for a long time now, it is not specific to this release, and does not affect significant amount of customers. We do need remote access to these machines to fix it.

Who is online

Users browsing this forum: No registered users and 85 guests