6.3 Released

slech · Fri Sep 06, 2013 12:10 pm

Rivera

sstp - supported only in windows.

SSTP: sstp-client for linux not working properly?

Rivera · Fri Sep 06, 2013 12:12 pm

If you so strong against OpenVPN, please provide me with protocol that will be:
1) Secure. Not PPTP
2) Cross-platform. Not SSTP. Btw yours SSTP implementation can connect only to Win and mikrotik based VPN servers, not to SoftEther)
3) Portable, by portable i mean it can be used on both 3G/4G networks. VPNs that was stable on 3G connection was PPTP (but unsecure) and OpenVPN.
4) Easy to configure. Not IPSec/L2TP, because installing strong/openswan and writing all configs... doh.
We have mixed environment (both win/lin/mac) in our office network, same for my home network.

ayufan · Fri Sep 06, 2013 12:39 pm

4) Easy to configure. Not IPSec/L2TP, because installing strong/openswan and writing all configs... doh.

IPSec/L2TP is fairly easy to configure. You have built-in (or easily installable) support for all the platforms (ex. Windows Phone). We have users using: OSX, Windows 7 and 8, Ubuntu/Mint, Android and iOS. All of them can use graphical tools to connect to VPN server.

Kamil

Rivera · Fri Sep 06, 2013 12:45 pm

> Ubuntu/Mint
NM in ubuntu lacks L2TP/IPsec support.

Fri Sep 06, 2013 2:11 pm

If you so strong against OpenVPN, please provide me with protocol that will be:

Plain policy-based IPsec. With all the recently added features to support road-warrior configurations this is now my #1 choice to be used with Mikrotik.

Mikrotik still lacks some very-nice-to-have features like Split-DNS support (I only need server-side (i.e. mode-cfg) Split-DNS support, and it should be extremely easy to implement) and RADIUS integration, though. But what we have at the moment is already usable.

theprism · Fri Sep 06, 2013 2:29 pm

Yes, but IPSEC was not working well in 6.1 and 6.2. Were all issues with it fixed in 6.3?
Is it working?

Thanks,

T.P.

Fri Sep 06, 2013 2:29 pm

The problem with both WinBox and WebFig misreporting the IPsec SA expiration time is not fixed yet in 6.3. The reported value is a) incorrect and b) counts up (but should count down). Everything is fine on console, the "/ip ipsec installed-sa print" command reports correct value.

Original report is here: http://forum.mikrotik.com/viewtopic.php ... 50#p381561

Fri Sep 06, 2013 2:29 pm

Yes, but IPSEC was not working well in 6.1 and 6.2. Were all issues with it fixed in 6.3?
Is it working?

Thanks,

T.P.

IPsec is working in v6.1 and v6.2, what did you mean by this?

Fri Sep 06, 2013 2:33 pm

Yes, but IPSEC was not working well in 6.1 and 6.2. Were all issues with it fixed in 6.3?
Is it working?

It was working just fine for me in 6.2, and works fine in 6.3 now. The only problem is that SA expiration time is misreported in WinBox and WebFig (see 2 posts above), but that is definitely not a show-stopper.

Fri Sep 06, 2013 2:34 pm

The problem with both WinBox and WebFig misreporting the IPsec SA expiration time is not fixed yet in 6.3. The reported value is a) incorrect and b) counts up (but should count down). Everything is fine on console, the "/ip ipsec installed-sa print" command reports correct value.

Original report is here: http://forum.mikrotik.com/viewtopic.php ... 50#p381561

This will be fixed in v6.4

elgrandiegote · Fri Sep 06, 2013 2:59 pm

*) pptp, l2tp, sstp - allow to specify server via dns name;
Please add OpenVPN to that list. Seriously, that's just unfair for users.
pptp - insecure.
sstp - supported only in windows.
l2tp - requires ipsec+l2tp combo, hard to configure by user.

+1

npero · Fri Sep 06, 2013 3:04 pm

*) pptp, l2tp, sstp - allow to specify server via dns name;
Please add OpenVPN to that list. Seriously, that's just unfair for users.
pptp - insecure.
sstp - supported only in windows.
l2tp - requires ipsec+l2tp combo, hard to configure by user.
+1

+1

ayufan · Fri Sep 06, 2013 3:47 pm

> Ubuntu/Mint
NM in ubuntu lacks L2TP/IPsec support.

https://launchpad.net/~seriy-pr/+archiv ... nager-l2tp

Fri Sep 06, 2013 3:52 pm

manager: command /tool user-manager user create-and-activate-profile not work with argument "user",and work only with argument "numbers". For example in script:
Code: Select all
 
   $addRequest = new Request('/tool user-manager user create-and-activate-profile');
    $addRequest->setArgument('customer','gsm');
//-->    $addRequest->setArgument('user',$from);
    $addRequest->setArgument('numbers',$userId);
    $addRequest->setArgument('profile',$profile);
    $client->sendSync($addRequest);

Has it also been renamed from terminal (I haven't upgraded just yet myself...)? If so, the API behavior is to be expected, and the rename itself - typical, kind'a (sadly). But look at it from the bright side - the rename to "numbers" suggests that you can now target multiple users, whereas you could previously target just one user.

If terminal still shows it as "<user>" - yeah, that's a ROS bug all right.

richardtrip · Fri Sep 06, 2013 4:06 pm

l2tp - hard to configure by user.
You mean OpenVPN is easier to configure by user? Personally, I strongly disagree.

For sure it is easier to import one config file on android/ios/Windows/Mac. But we all know the problems with the mikrotik implementation (no udp/lzo).

Sent from my A500 using Tapatalk 4

ddejager · Fri Sep 06, 2013 4:53 pm

After upgrading from 6.0 to 6.2 all my INPUT firewall rules disappeared. Is this fixed in 6.3?

Also after upgrading from 6.0 to 6.2 clicking on quickset caused winbox to close immediately. Is this fixed in 6.3?

My hardware is RB2011UAS-2HnD.

roneyeduardo · Sat Sep 07, 2013 12:33 am

*) ppp, hotspot - added ability to specify where to insert rate limiting queue,
it's parent and type;

Can we do that via Radius attributes? How?

theprism · Sat Sep 07, 2013 4:43 am

IPsec is working in v6.1 and v6.2, what did you mean by this?

In v6.1 the following IPSEC problem existed:
Windows 7 <- L2TP/IPSEC -> Mikrotik 6.1 stopped working.
L2TP was passing OK but when reached IPSEC portion it compains in logs about payload and triming.

Was this fixed?

Thanks,
the_prism

Sandor1k · Sat Sep 07, 2013 4:14 pm

I have a problem with the creation of backups. When you click backup of the entire disk space scores.

TerAnYu · Sun Sep 08, 2013 1:52 pm

igmp-proxy, the image breaks down at the incoming stream over 10Mbps.
PIM is not possible to use it to check.

MrYan · Sun Sep 08, 2013 4:08 pm

After upgrading from 6.0 to 6.2 all my INPUT firewall rules disappeared. Is this fixed in 6.3?

I had this also (from 6.1 to 6.2). When I upgraded to 6.3 the rules remained in place.

Matt.

infused · Mon Sep 09, 2013 12:58 am

Finally upgraded my core CCR from RC13 to 6.3. Runs much smoother. Cpu seems to be better too.

I don't run BGP or IPSec, but use most other features.

Mikrotik: Is there a layout of what services/features use what cpus?

infused · Mon Sep 09, 2013 1:05 am

Actually winbox bug in 6.3 on ccr.

Use safe mode and turn it off. I go to exit winbox and it says im in safe mode, if I quit, changes will be undone.

pcunite · Mon Sep 09, 2013 1:25 am

Mikrotik: Is there a layout of what services/features use what cpus?

Tools / Profile

infused · Mon Sep 09, 2013 1:44 am

Mikrotik: Is there a layout of what services/features use what cpus?
Tools / Profile

Doesn't show you what cpus each service is working across though.

theprism · Mon Sep 09, 2013 5:27 am

IPsec is working in v6.1 and v6.2, what did you mean by this?
In v6.1 the following IPSEC problem existed:
Windows 7 <- L2TP/IPSEC -> Mikrotik 6.1 stopped working.
L2TP was passing OK but when reached IPSEC portion it compains in logs about payload and triming.

Was this fixed?

Thanks,
the_prism

Normis, can you confirm that this was fixed and Windows 7 <- L2TP/IPSEC -> Mikrotik 6.1 works fine?

Thanks,

T.P.

Mon Sep 09, 2013 9:06 am

IPsec is working in v6.1 and v6.2, what did you mean by this?
In v6.1 the following IPSEC problem existed:
Windows 7 <- L2TP/IPSEC -> Mikrotik 6.1 stopped working.
L2TP was passing OK but when reached IPSEC portion it compains in logs about payload and triming.

Was this fixed?

Thanks,
the_prism
Normis, can you confirm that this was fixed and Windows 7 <- L2TP/IPSEC -> Mikrotik 6.1 works fine?

Thanks,

T.P.

Please tell me your Mikrotik Support ticket number, and I will check status.

Supportkavos · Mon Sep 09, 2013 10:58 pm

After upgrade to 6.3 cannot connect with openvpn to 6.2. Tls error. Mtk to mtk.

guilhermeramires · Tue Sep 10, 2013 4:21 pm

You need to set SRC-ADDRESS if you want to reach the same result.

I found a problem with the new traceroute tool. My backbone provider uses an MPLS network with private addresses and this means I can't 'see' the network from another router other than the border router. The new 'mtr' behaviour is stopping the tracing after 3 lost hops.

Thanks in advance!

Carlos Strauch

guilhermeramires · Tue Sep 10, 2013 4:26 pm

ARP=reply-only is not working on CCRs.

X86, MIPSBE and PPC is working fine.

elmer · Tue Sep 10, 2013 11:36 pm

Please test scheduler for me

IMO don`t work with new 6.3 rOS...

/file remove email
/system backup save name=email
/tool e-mail send server=173.194.70.16 port=587 user=me@gmail.com password=mypass start-tls=yes to=me@gmail.com from=Router subject=Backup body="copy config router" file=email.backup

theprism · Wed Sep 11, 2013 6:47 am

Normis, can you confirm that this was fixed and Windows 7 <- L2TP/IPSEC -> Mikrotik 6.1 works fine?

Thanks,

T.P.
Please tell me your Mikrotik Support ticket number, and I will check status.

I don't have any ticket number.
I mentioned about this here http://forum.mikrotik.com/viewtopic.php ... 50#p373740 and here http://forum.mikrotik.com/viewtopic.php ... 50#p373772

Wed Sep 11, 2013 9:34 am

Normis, can you confirm that this was fixed and Windows 7 <- L2TP/IPSEC -> Mikrotik 6.1 works fine?

Thanks,

T.P.
Please tell me your Mikrotik Support ticket number, and I will check status.
I don't have any ticket number.
I mentioned about this here http://forum.mikrotik.com/viewtopic.php ... 50#p373740 and here http://forum.mikrotik.com/viewtopic.php ... 50#p373772

This is a community forum. Community members can't and don't fix bugs. If you wish a problem to be addressed, you Must contact support. Posting here doesn't guarantee that a member of MikroTik support will read the post.

sisal · Wed Sep 11, 2013 12:50 pm

Broken multiple Paste comands in v6.3 CCR (in v6.2 all works fine)
...
Paste in terminal and get the error.

[admin@Mikrotik] > /interface vlan add arp=reply-only interface=ether3 name=TEST vlan-id=3000 
[admin@Mikrotik] > /ip address add address=10.250.255.1/24 interface=TEST
[admin@Mikrotik] > /ip pool add name=pool_TEST ranges=10.250.255.2-10.250.255.254
[admin@Mikrotik] > /ip dhcp-server add add-arp=yes address-pool=pool_TEST disabled=no interface=TEST lease-time=1h name=DHCP_TEST
input does not match any value of interface

...

Hi.
I upgrade 951G-2HnD to 6.3.
Function "Reset Configuration" is broken.
Default configuration not apply after reboot.

In 6.2 it work.

These problems are related.

None of my scripts work anymore, it's almost as if MikroTik invented asynchronous command execution where the second command is executed before the result from the first one is commited.
The default configuration script of RB2011L after a router reset drops out at the following commands:

      /interface {
              set ether6 name=ether6-master-local;
              set ether7 name=ether7-slave-local;
              set ether8 name=ether8-slave-local;
              set ether9 name=ether9-slave-local;
              set ether10 name=ether10-slave-local;
      }
      /interface ethernet {
              set ether7-slave-local master-port=ether6-master-local;
              set ether8-slave-local master-port=ether6-master-local;
              set ether9-slave-local master-port=ether6-master-local;
              set ether10-slave-local master-port=ether6-master-local;
      }
input does not match any value of master-port

The /interface set ether 6 name=ether6-master-local seems to not be commited when /interface ethernet set ether7-slave-local master-port=ether6-master-local is executed. When I repeat the same command, everything works.

After a config reset I have to use MAC Telnet to access my RB2011L devices. This is too unreliable for me, I'm definitely staying with 5.25 for now.

Wed Sep 11, 2013 12:55 pm

This problem will be fixed in v6.4

Lakis · Wed Sep 11, 2013 1:08 pm

Finally upgraded my core CCR from RC13 to 6.3. Runs much smoother. Cpu seems to be better too.

I don't run BGP or IPSec, but use most other features.

Mikrotik: Is there a layout of what services/features use what cpus?

There are still menu bugs but I confirm this in performance 6.3 run much much better

telepro · Wed Sep 11, 2013 1:56 pm

The option to execute a script fails after the following reset-configuration command has been executed and the routerboard has restarted if the file x.rsc is greater than or equal to 64kB.
Files .LE. about 63.5kB execute successfully.

/system reset-configuration keep-users=yes no-defaults=yes skip-backup=yes run-after-reset=x.rsc

Can this be fixed in 6.4 along with the scripting issues documented above?

thanks in advance.

theprism · Wed Sep 11, 2013 2:15 pm

I don't have any ticket number.
I mentioned about this here http://forum.mikrotik.com/viewtopic.php ... 50#p373740 and here http://forum.mikrotik.com/viewtopic.php ... 50#p373772
This is a community forum. Community members can't and don't fix bugs. If you wish a problem to be addressed, you Must contact support. Posting here doesn't guarantee that a member of MikroTik support will read the post.

Well, this is a bug that wasn't present in previous versions. It appeared starting with v6.1 and since I never got any answers if it was fixed or no in v6.2, and now v6.3, I keep asking. No time to upgrade and test and revert back if the problem persists.
So, actually it's something that appeared after Mikrotik gurus "fixed" something that was working and my report is like anything else reported on these forums after any new version is released. If you don't want to look into it, it's your choice but I won't spend my time in opening tickets on something that works fine in previous versions. If you don't want to improve your product that you broke with an upgrade - you'll be the ones who will lose the most. There're plenty of other products on the market.

Regards,

T.P.

ekkas · Wed Sep 11, 2013 2:50 pm

None of my scripts work anymore, it's almost as if MikroTik invented asynchronous command execution where the second command is executed before the result from the first one is commited.

I've noticed something similar in API. (not sure if issue was on 5.25 as I never used so many commands on ROS5)
If I send to many API commands directly after the other, over same API connection, some commands are just dropped. E.g. making groups of 8 simple queues, with a parent, if I pump them to fast, then sometimes up to 3 of some of the group's 8 would be 'lost'/not there.(it is as-if I post teh parent and then some children, but children get created before parent exist yet, failing. If I put in a 40ms delay between 'parent' and all 'children' commands, it runs reliably, but painfully slow for a few thousand entries.

Regards
Ekkas

Wed Sep 11, 2013 3:08 pm

None of my scripts work anymore, it's almost as if MikroTik invented asynchronous command execution where the second command is executed before the result from the first one is commited.
I've noticed something similar in API. (not sure if issue was on 5.25 as I never used so many commands on ROS5)
If I send to many API commands directly after the other, over same API connection, some commands are just dropped. E.g. making groups of 8 simple queues, with a parent, if I pump them to fast, then sometimes up to 3 of some of the group's 8 would be 'lost'/not there. If I put in a 40ms delay between commands, it runs reliably, but painfully slow for a few thousand entries.

Regards
Ekkas

Have you tried to simply get the response from one "add" command before doing the next?

RouterOS commits the changes only after it has generated a !done response, which it doesn't do if your app doesn't request it. When you just spam the router with many requests, and only get the responses afterwards, you eventually exhaust either its or your app's buffer (depending on the client...). So doing multiple send/receive cycles as opposed to send,send,send,(x1000 send),receive cycles should eliminate the problem, while also making your app faster, since it won't need the 40ms delay.

Then again, this may make the app slower due to the multiple remote calls... so I guess if you simply "fragment" your receives - make it send,send,send,receive, then again send,send,send,receive, etc. you might get best results.

ekkas · Wed Sep 11, 2013 3:29 pm

Then again, this may make the app slower due to the multiple remote calls... so I guess if you simply "fragment" your receives - make it send,send,send,receive, then again send,send,send,receive, etc. you might get best results.

I actually wait for !done after each command. I must also say it's my first multi-core router, don't know if that could be related but it's not a big issue. I am updating my app to be more intelligent in what to update, so less updates with proper pauses will be workable. Sometimes it will run thousands without problem, so it's not like it a consistent issue, but I cannot take a chance so I'll rather run slower and know all scripts are applied correctly.
Thanks for the response.

Wed Sep 11, 2013 3:37 pm

This API problem is related to previously mentioned console bug. So will be fixed in v6.4

peterdoo · Wed Sep 11, 2013 7:05 pm

After the upgrade of 750G from 6.2 to 6.3 it blocked completelly after 3 days. It had to be unplugged. After that restart the L2TP/IPSec connections stopped working again after few minutes. As I can only access it via VPN, I could not check more.

Made supout.rif and then downgraded it to 6.2. It is up for 2 days now. Is supout.rif of any interest to Mikrotik support although it has been generated after the two restarts?

armandfumal · Wed Sep 11, 2013 7:42 pm

any devnote of the 6.4 somewhere ?

rpingar · Wed Sep 11, 2013 8:25 pm

any update un VRRP interface problem described into the [Ticket#2013090666000521]
After some days the backup vrrp goes crazy flapping between master and backup.

Only reboot fix the issue.

Regards
Ros

Diamont · Wed Sep 11, 2013 11:56 pm

*) pptp, l2tp, sstp - allow to specify server via dns name;

This is very very important small feature for my region - lets say goodbye to some significant scripting

Just for Beeline.All other (i.e. NORMAL) ISPs use PPPoE or IPoE.

Who is online