Page 1 of 1

v6.10 released

Posted: Fri Feb 14, 2014 2:20 pm
by normis
Simply click “Check for updates” in QuickSet, Webfig or Winbox packages menu.
What's new in 6.10 (2014-Feb-12 13:46):

**KNOWN ISSUE: IPsec AES-CBC 256 Bit encryption algorithm doesn't work in some cases. Use 128 bit AES, or hold on for v6.11**

*) fix autosupout.rif generation after kernel panic;
*) ovpn - make it work again;
*) ovpn client - remove cipher=any & auth=any options,
protocol does not support them;
*) pptp - fixed where Windows & MacOS clients were disconnecting all the time;
*) sstp - make it work with Windows client with AES encryption;
*) ipv6 pool - fix dynamic prefix disappearing which may influence large
VPNs with IPv6;
*) ssh client - fix key agreement when sometimes wrong DH algorithm was selected;
*) bgp - multipath eBGP now does not propagate BGP nexthop unless
forced in configuration;
*) removed 10/100 half duplex from autonegotiation advertisement on CCR;

Re: v6.10 released

Posted: Fri Feb 14, 2014 4:15 pm
by isai
Just downloaded the new v6.10 and when booting from cd to install on pc I get the FATA ERROR: no harddrives found message???
Pls help

Re: v6.10 released

Posted: Fri Feb 14, 2014 4:33 pm
by nik247
Upgraded my RB2011 from 6.9 to 6.10 and get boot loop .... no comments...
It worked with all versions 6.X.... before 6.10...

Re: v6.10 released

Posted: Fri Feb 14, 2014 4:47 pm
by honzam
What version of rb2011?

I tried rb411 and sxt lite5. All works fine

Re: v6.10 released

Posted: Fri Feb 14, 2014 4:56 pm
by uldis
Just downloaded the new v6.10 and when booting from cd to install on pc I get the FATA ERROR: no harddrives found message???
Pls help
Check your BIOS settings for HDD, try to change the SATA settings to compatibility mode or legacy mode.
What kind of motherboard and chipset are you using?

Re: v6.10 released

Posted: Fri Feb 14, 2014 4:59 pm
by sergejs
nik247, What RouterBOARD is it? Does it have serial port to check console output? What firmware is installed on it?

Re: v6.10 released

Posted: Fri Feb 14, 2014 5:03 pm
by asaleh75
Just upgraded my CCR1016-12G. Looking good, till now no problem.

Re: v6.10 released

Posted: Fri Feb 14, 2014 5:07 pm
by isai
Just downloaded the new v6.10 and when booting from cd to install on pc I get the FATA ERROR: no harddrives found message???
Pls help
Check your BIOS settings for HDD, try to change the SATA settings to compatibility mode or legacy mode.
What kind of motherboard and chipset are you using?
It is a Asus p8b75-m le motherboard , and SATA 500GB hdd on sata port 1.
The bios sata config is set to IDE legacy

Regards

Re: v6.10 released

Posted: Fri Feb 14, 2014 5:30 pm
by honzam
What about port isolation on CRS? Is this fixed??

http://forum.mikrotik.com/viewtopic.php ... rs#p408039

Re: v6.10 released

Posted: Fri Feb 14, 2014 5:38 pm
by mspeed
Are production impacting / critical crashes:

2014020766000441
2014020766000021
2014020766000101
2014010866000816

Fixed?

Re: v6.10 released

Posted: Fri Feb 14, 2014 5:49 pm
by nik247
nik247, What RouterBOARD is it? Does it have serial port to check console output? What firmware is installed on it?
RB2011UAS-RM. (with LCD)
I updated last firmware in 6.9 - 3.10
Normal full starting (seen on LCD) working about 5-10 sec - reboot... again start ... reboot ... loop
I don't have converter micro-USB now and connect to console...

Re: v6.10 released

Posted: Fri Feb 14, 2014 6:16 pm
by WirelessRudy
ahum, version 6.10 now already.... they must be speeding up their new release in front of a new season of mum's....

I actually noticed a small, only irritation causing, error in the latest 6.xx versions... I was hoping it would go away itself in newer releases but no... (well, I didn't test 6.10 yet)

Anyway; when you open a telnet session and you type the login the first time but you make a typo, in the old days a backspace and re-type was enough to correct the typo. But since some versions the moment you try to use backspace button, it just creates extra symbols and you basically have to close the telnet window to open it again new....

So if MT guys are reading this, please correct this irritating behaviour in the next version. I think I skip 6.10 now (just rolling out 6.9) and wait to see this correction in 6.11 or .12 made....

Re: v6.10 released

Posted: Fri Feb 14, 2014 6:37 pm
by sergejs
WirelessRudy, as far as I know this console behaviour is present in all RouterOS version.
CTRL+Backspace erases wrong symbol at login/password prompt.

nik247 Please use RJ45 to Ethernet console cable and get console output from your router. Post your output here or better send to support@mikrotik.com

Re: v6.10 released

Posted: Fri Feb 14, 2014 7:25 pm
by nik247
.
nik247 Please use RJ45 to Ethernet console cable and get console output from your router. Post your output here or better send to support@mikrotik.com
Ok.
But intresting moment: today I installed last DUDE version (beta) to this RB2011 and not rebooted it yet.
Only add 2 devices with ping.
First reboot with DUDE was upgrade to 6.10.
Found here intresting info - http://forum.mikrotik.com/viewtopic.php?f=8&t=80252.
I have the same problem.

Re: v6.10 released

Posted: Fri Feb 14, 2014 7:58 pm
by CyberTod
Noticed on v6.9 and this is still present is v6.10 as well - Times in log are always in +0 gmt offset even though I have set up another time zone. When going in system->clock it shows correct time, in my case 19:57 at the moment (gmt offset +02:00), but in log it shows 17:57

Re: v6.10 released

Posted: Fri Feb 14, 2014 8:04 pm
by WirelessRudy
WirelessRudy, as far as I know this console behaviour is present in all RouterOS version.
CTRL+Backspace erases wrong symbol at login/password prompt.
Well, not true imho. It started about half a year ago. Don't know what version I actually was using then, probalby 6.3 or 6.4 (that was a disaster version anyway). Never had that before, I am sure. I use quit a long admin login with 12 caracter passw. So typo's are relatively easy made, special when your under stress and things go wrong.... So it hits me again and again, something I am sure not was happening earlier versions......

Anyway, the cntrl+backspace option was not know by me, so thanks....

Re: v6.10 released

Posted: Fri Feb 14, 2014 8:14 pm
by patrickmkt
SSTP still broken as described in v6.9

Can not connect from a RB1100AH v6.10 client to a RB2011 v6.7 server. "Encryption negotiation rejected"

It was working perfectly from a v6.7 to v6.7

Re: v6.10 released

Posted: Fri Feb 14, 2014 8:23 pm
by mandrade
On a 1100AHx2 many kernel panics one after other.. :( , downgraded to 6.7 and problem solved, autosupout.rif and autosupout.old sent to support...

Re: v6.10 released

Posted: Fri Feb 14, 2014 8:51 pm
by docmarius
Now my sstp connections with 6.7 clients don't work, Nice.
Reverted to 6.7...

Mikrotik, you should really hire some test engineers. Maybe start reading about Lint, QAC, Rational Test Realtime, automated functional regression testing...

Re: v6.10 released

Posted: Fri Feb 14, 2014 9:06 pm
by payday
There is one, very important improvement in changelog: KNOWN ISSUE! :) That's great!
Will it be updated with new known bugs?

Re: v6.10 released

Posted: Fri Feb 14, 2014 9:07 pm
by ditonet
Noticed on v6.9 and this is still present is v6.10 as well - Times in log are always in +0 gmt offset even though I have set up another time zone. When going in system->clock it shows correct time, in my case 19:57 at the moment (gmt offset +02:00), but in log it shows 17:57
Very interested, for me same problem exists on CCR1016 and 433AH.
Finally the best: Two upgraded (to 6.10) 951-2n, one shows GMT time in log, second shows correct (according to timezone) time in log :shock:
Same RouterBOOT 3.10 on both.


Regards,

Re: v6.10 released

Posted: Fri Feb 14, 2014 9:17 pm
by mspeed
WirelessRudy, as far as I know this console behaviour is present in all RouterOS version.
CTRL+Backspace erases wrong symbol at login/password prompt.
Well, not true imho. It started about half a year ago. Don't know what version I actually was using then, probalby 6.3 or 6.4 (that was a disaster version anyway). Never had that before, I am sure. I use quit a long admin login with 12 caracter passw. So typo's are relatively easy made, special when your under stress and things go wrong.... So it hits me again and again, something I am sure not was happening earlier versions......

Anyway, the cntrl+backspace option was not know by me, so thanks....
This is usually a setting in your client (make backspace = ctrl+backspace) perhaps you changed it or upgraded and it reverted or set to something else? Anyway, you should be able to update the preference and the headache will go away. :-)

Re: v6.10 released

Posted: Fri Feb 14, 2014 9:40 pm
by vovannovig
The problem is not solved by CCR Openvpn tPA - Ethernet
No Openvpn TAP interface for PPPoE Servai and Bridge
Ticket#2014021166000406

Re: v6.10 released

Posted: Fri Feb 14, 2014 9:56 pm
by miszak
I upgrade my RB493G by "check for update" and after restart disappeared wirreles package, I had to install it from the zip. IPSec between 6.10 and 5.24 work OK witch AES 256 cbc.

Re: v6.10 released

Posted: Fri Feb 14, 2014 10:39 pm
by DLNoah
What about port isolation on CRS? Is this fixed??

http://forum.mikrotik.com/viewtopic.php ... rs#p408039
I posted in your linked thread as well, but the non-destructive way to fix the CRS hub-style behavior was posted by MT Support on the v6.9 thread. See: http://forum.mikrotik.com/viewtopic.php ... 76#p409276 and http://forum.mikrotik.com/viewtopic.php ... 00#p407466

Re: v6.10 released

Posted: Fri Feb 14, 2014 11:17 pm
by madpixel
I upgarded CCR1016 to 6.10 and noticed that interface indexes in netflow became very strange
in_if 393216 out_if 917504
In 6.9 the same interfaces had indexes
in_if 6 out_if 14
I use netflow accounting rules based on interface indexes, so correct indexes in netflow are very important for me -
was forced to downgrade to 6.9

Re: v6.10 released

Posted: Sat Feb 15, 2014 12:33 am
by WirelessRudy
WirelessRudy, as far as I know this console behaviour is present in all RouterOS version.
CTRL+Backspace erases wrong symbol at login/password prompt.
Well, not true imho. It started about half a year ago. Don't know what version I actually was using then, probalby 6.3 or 6.4 (that was a disaster version anyway). Never had that before, I am sure. I use quit a long admin login with 12 caracter passw. So typo's are relatively easy made, special when your under stress and things go wrong.... So it hits me again and again, something I am sure not was happening earlier versions......

Anyway, the cntrl+backspace option was not know by me, so thanks....
This is usually a setting in your client (make backspace = ctrl+backspace) perhaps you changed it or upgraded and it reverted or set to something else? Anyway, you should be able to update the preference and the headache will go away. :-)
Client? What client? You mean winbox client in windows? I regurlarly work on at least 5 different PC's and 3 different laptops. They all changed setting overnight..' Don't think so.
And than again, even if I could change something like you mention, what would that differ? The backspace funcionality just doesn't work. It creates extra caracters, so the login gets corrupted and thus the telnet client is not loggin in; wrong credencials....

Re: v6.10 released

Posted: Sat Feb 15, 2014 1:39 am
by steen
What about port isolation on CRS? Is this fixed??

http://forum.mikrotik.com/viewtopic.php ... rs#p408039
I posted in your linked thread as well, but the non-destructive way to fix the CRS hub-style behavior was posted by MT Support on the v6.9 thread. See: http://forum.mikrotik.com/viewtopic.php ... 76#p409276 and http://forum.mikrotik.com/viewtopic.php ... 00#p407466
As far we can seeCRS is still leaking exactly like before, we can not se any difference at all.
Can someone please assist, showing what commands to enter in the CRS to stop it leaking and work as a normal switch with trunk and vlans plus access ports ?

Re: v6.10 released

Posted: Sat Feb 15, 2014 2:07 am
by Cougar281
RB951-2n - VPNs are still broken. Wireless remains to be seen.

With Wireless in B/G/N mode, forget it. Couldn't hold a connection. in B/G, it SEEMS reasonably stable.

With regards to the VPNS - if ROS considers a 'sa-src-address' of 0.0.0.0 to be invalid, how do you propose to use a MikroTik router as a dynamic endpoint? I've just deployed five of them in that mode to have them tag up with our ASA5510 to take the VPN load off our IP Phones, and in 6.7, they work perfectly with a 'sa-src-address' of 0.0.0.0.

Re: v6.10 released

Posted: Sat Feb 15, 2014 3:30 am
by paoloaga
With both 6.9 and 6.10, pppoe-client connections self-terminate every ~5 minutes. I am sticking on 6.1 for my production routers.

Re: v6.10 released

Posted: Sat Feb 15, 2014 4:31 am
by pcunite
I wonder about these issues. I think it's related to people editing via the GUI. Whenever I do that I seem to trash the config somehow. I have to delete everything and enter via the command line (copy and paste my settings).

This might explain how users are having issues when MikroTik is not.

Re: v6.10 released

Posted: Sat Feb 15, 2014 4:55 am
by pcunite
One has to wonder about the size of MikroTik as an organization and where they want to take their product ... Perspective: I have spent ~50k usd on MikroTik gear in the last 12 months.
I have a systems programming background. While not privy to anything MikroTik is doing behind the scenes, my short time with their products (love them) and their bugs (very inconsistent, regressions) makes me think that most of the bugs are coming from the parsing engine they've written.

The hardware is great and the Linux base is great. It's this custom layer on top that fails to apply or reload any settings made against it. I have more success when I delete all my settings and apply them (with changes) in one swoop via pasting into the terminal.

Therefore, from my point of view, the RouterOS parsing engine is not properly turning settings into objects, applying changes to this virtual object, and then reapplying and reloading the state of the machine. Said another way: RouterOS is not properly parsing/serializing settings from the command line or GUI and reloading the internal state when applying them.

All the fixes for the real issue seem to be one-time adjustments for special cases people report. This creates nasty side effect issues that will never end.

Re: v6.10 released

Posted: Sat Feb 15, 2014 5:02 am
by mspeed
One has to wonder about the size of MikroTik as an organization and where they want to take their product ... Perspective: I have spent ~50k usd on Mikrotik gear in the last 12 months.
I have a systems programming background. While not privy to anything MikroTik is doing behind the scenes, my short time with their products (love them) and their bugs (very inconsistent, regressions) makes me think that most of the bugs are coming from the parsing engine they've written.

The hardware is great and the Linux base is great. It's this custom layer on top that fails to apply or reload any settings made against it. I have more success when I delete all my settings and apply them (with changes) in one swoop via pasting into the terminal.
It could be, in our case we aren't changing configs often -- we're using core functionality. Configs we do change we do with rcs and those are basically limited to prefix list rebuilds based on IRR etc, used by bgp.

I agree there is a lot of potential, but I suspect Mikrotik is trying to please too many with too little staff / qa, and basic or "core" functionality (e.g. routing as mentioned) in a production environment should be a key area of focus-- that's the backbone that all the other features require. Perhaps Mikrotik doesn't have enough real world experience with this type of traffic and its challenges.

It's a real shame :(

Re: v6.10 released

Posted: Sat Feb 15, 2014 11:07 am
by humppa
The same problem as 6.9 with OVPN on RB951G-2HnD.
Tunnel goes down every hour with message "TLS failed" in Log.
Version 6.7 works without any problem.

Re: v6.10 released

Posted: Sat Feb 15, 2014 2:19 pm
by sdv
There is no fix for Ticket#2014021266000146 in 6.10, problem still present.
http://forum.mikrotik.com/viewtopic.php ... 14#p407914

Re: v6.10 released

Posted: Sat Feb 15, 2014 2:29 pm
by gnuttisch
I guess that a majority of the mikrotik users are irritated on all of the bugs, new one and old ones that comes whit all of the releases.

I wonder how they dare to show up on the mums?

//gnuttisch

Re: v6.10 released

Posted: Sat Feb 15, 2014 2:33 pm
by samsung172
Something has happend to SNMP.

I have a snmp polling of Connected pppoe trough a java app. After upgrading to 6.10, i got some bad answer from polling. not able to update pgsql. Pgsql just give a lot of errors back when trying to update mac addres etc of Clients. Downgraded to 6.9 again, and its all ok.

IT seems like i got a wrong/another data format from SNMP than pre6.10 give ( never had this problem since 2.9.32)

Re: v6.10 released

Posted: Sat Feb 15, 2014 3:59 pm
by spire2z
I wonder about these issues. I think it's related to people editing via the GUI. Whenever I do that I seem to trash the config somehow. I have to delete everything and enter via the command line (copy and paste my settings).

This might explain how users are having issues when MikroTik is not.
I actually think there is something in this.

Recently on rb450g and rb600 I have noticed weird things like for example I upgraded a 450g from 5.20 to 6.7 and the performance became really poor. I couldn't see any cpu being high or any real reason for the poor performance so I downgraded it back to 5.20 but the problem remained.

I then reset it and reconfigured it using the export and pasting the config into command line and back with exact same settings and performance problem was resolved.

Re: v6.10 released

Posted: Sat Feb 15, 2014 5:05 pm
by ehoonf
These Upgrades are a total mess!

Lost vvrp setup. ospf not working. routerboard power off ...

When restoring from backup I have vvrp settings in webfig and cli, but not in winbox - vvrp not working.

Still no working vvrp after deleting all settings and entered new settings.

I reset to factory defaults and try a new step by step setup.

Re: v6.10 released

Posted: Sat Feb 15, 2014 10:07 pm
by slech
humppa
The same problem as 6.9 with OVPN on RB951G-2HnD.
Tunnel goes down every hour with message "TLS failed" in Log.
Version 6.7 works without any problem.
OVPN Server: RB951G-2HnD-ROS 6.10
2 OVPN Clients: RB951G-2HnD-ROS 6.9
Tunnels Up-time: 1d 01:35:17(AES-256-CBC/SHA1)

Re: v6.10 released

Posted: Sat Feb 15, 2014 11:05 pm
by keraia
I upgraded two RB435G's from 6.9 to 6.10. They connected fine but no packets were forwarded.
They worked well (except from the issues with the graphs) with all versions 6.X before 6.10.
Downgraded back to 6.9 and they worked again.

Re: v6.10 released

Posted: Sat Feb 15, 2014 11:13 pm
by miszak
The same problem as 6.9 with OVPN on RB951G-2HnD.
Tunnel goes down every hour with message "TLS failed" in Log.
Version 6.7 works without any problem.
I use in config file (*.ovpn), opcion reneg-sec [time] , default is 3600 sec, I have "reneg-sec 14400".

Re: v6.10 released

Posted: Sun Feb 16, 2014 4:49 am
by TonyJr
Now my sstp connections with 6.7 clients don't work, Nice.
Reverted to 6.7...

Mikrotik, you should really hire some test engineers. Maybe start reading about Lint, QAC, Rational Test Realtime, automated functional regression testing...

Email support, please. They know what they are doing. Very hard work behind the scenes.

Tony

Re: v6.10 released

Posted: Sun Feb 16, 2014 10:53 am
by isai
Just downloaded the new v6.10 and when booting from cd to install on pc I get the FATA ERROR: no harddrives found message???
Pls help
Check your BIOS settings for HDD, try to change the SATA settings to compatibility mode or legacy mode.
What kind of motherboard and chipset are you using?
It is a Asus p8b75-m le motherboard , and SATA 500GB hdd on sata port 1.
The bios sata config is set to IDE legacy

Regards
Nice admins....just ignoring my reply???

Re: v6.10 released

Posted: Sun Feb 16, 2014 11:37 am
by normis

Nice admins....just ignoring my reply???
Please read the note on the top of this forum:
Notice: For support from Mikrotik staff, write to support@mikrotik.com - Mikrotik does not generally offer support on the forum, this is a user forum

Re: v6.10 released

Posted: Sun Feb 16, 2014 5:19 pm
by morf

Re: v6.10 released

Posted: Sun Feb 16, 2014 10:49 pm
by DjM
"Encryption negotiation rejected" on SSTP server (6.10) when SSTP client (6.7) was trying to connect. After rolling back to 6.7 everything is working fine.

Is there any fix/solution for this issue, please?

Thank you

Re: v6.10 released

Posted: Mon Feb 17, 2014 1:38 am
by nicklowe
"Encryption negotiation rejected" on SSTP server (6.10) when SSTP client (6.7) was trying to connect. After rolling back to 6.7 everything is working fine.

Is there any fix/solution for this issue, please?

Thank you
Is there a reason the client cannot be updated? I have SSTP working site-to-site with 6.10 on both ends.

You could validate what is going on with Wireshark to see why the TLS negotiation fails by looking at the handshake.

I suspect you will end up having to update both ends.

Re: v6.10 released

Posted: Mon Feb 17, 2014 3:35 am
by jandafields
"Encryption negotiation rejected" on SSTP server (6.10) when SSTP client (6.7) was trying to connect. After rolling back to 6.7 everything is working fine.

Is there any fix/solution for this issue, please?

Thank you
Is there a reason the client cannot be updated? I have SSTP working site-to-site with 6.10 on both ends.

You could validate what is going on with Wireshark to see why the TLS negotiation fails by looking at the handshake.

I suspect you will end up having to update both ends.
SAME PROBLEM HERE.

Is there a reason the client can't be updated??? That is a very bad response. That is basically saying that "our products are not necessarily compatible with each other". Instead of updating one at a time, you have to update them all at a time... and hope for the best.

The REAL question is: Is there a reason that Mikrotik SSTP can't be compatible with itself????

Re: v6.10 released

Posted: Mon Feb 17, 2014 1:36 pm
by DjM
Is there a reason the client cannot be updated? I have SSTP working site-to-site with 6.10 on both ends.

You could validate what is going on with Wireshark to see why the TLS negotiation fails by looking at the handshake.

I suspect you will end up having to update both ends.
Hello nicklowe,

yes, in complex networks is sometimes hard to get all routers updated because of non-announced non-compatible versions. In case of official announcement that there is incompatibility, there will be a plan scheduled for upgrading.

Re: v6.10 released

Posted: Mon Feb 17, 2014 2:15 pm
by sergejs
Thank you very much for your reports about 6.10, they are very helpful for us.
Please use this thread for posting actual issues with 6.10 version.
For other issues and problems, contact support@mikrotik.com or use an appropriate forum thread.

Re: v6.10 released

Posted: Mon Feb 17, 2014 6:29 pm
by morf
Thank you very much for your reports about 6.10, they are very helpful for us.
Please use this thread for posting actual issues with 6.10 version.
For other issues and problems, contact support@mikrotik.com or use an appropriate forum thread.
EN
And thank you for his work.
Sergey, please pay attention to this issue - http://forum.mikrotik.com/viewtopic.php ... 95#p409734
Ticket #2014021766000422
The fact that the traffic on my CCR1036 increased to 700-800 Mbps, and the packet loss began noticeable. I gave a detailed description of the scheme of testing.
At the same RB800 performance testing UDP packets of 64 bytes is much higher than the CCR

RU
И Вам спасибо за работу.
Сергей, пожалуйста, обратите внимание на эту проблему - http://forum.mikrotik.com/viewtopic.php ... 95#p409734
Ticket#2014021766000422
Дело в том, что трафик на моем CCR1036 вырос до 700-800 Мбит и начались заметные потери пакетов. Я сделал подробное описание со схемой тестирования.
У того же RB800 производительность при тестировании пакетами UDP 64-500 байта гораздо выше, чем у CCR.

Re: v6.10 released

Posted: Mon Feb 17, 2014 7:03 pm
by nka
Where can I register to know when there's a new update? Any newsletter or something? Is my router can do a check and day and notify me?

Re: v6.10 released

Posted: Mon Feb 17, 2014 7:04 pm
by acrsofter
ovpn in bridge still not working
please fix it

Re: v6.10 released

Posted: Mon Feb 17, 2014 7:21 pm
by avantwireless
Re: Register for new update:

http://www.mikrotik.com/download go to bottom of page...

Re: v6.10 released

Posted: Mon Feb 17, 2014 7:24 pm
by nka
Thanks!

Re: v6.10 released

Posted: Mon Feb 17, 2014 11:27 pm
by dominicbatty
upgraded RB2011UiAS-RM to 6.10 - looking ok with the exception of all L2TP/IPSEC tunnels that won't come up.

Re: v6.10 released

Posted: Tue Feb 18, 2014 2:28 am
by dousin
SSTP still not working (same issue as 6.9) connecting from a windows 8.1 x64 client to Routerboard R493G (error 734 - the ppp link control protocol was terminated). Windows client is behind CGNAT, Mikrotik behind NAT.
Have to revert to 6.7

Re: v6.10 released

Posted: Tue Feb 18, 2014 10:24 am
by becs
"Encryption negotiation rejected" on SSTP server (6.10) when SSTP client (6.7) was trying to connect. After rolling back to 6.7 everything is working fine.

Is there any fix/solution for this issue, please?

Thank you
I can confirm that upgrading also SSTP client to v6.10 fixes this issue.

Re: v6.10 released

Posted: Tue Feb 18, 2014 10:42 am
by JanezFord
upgraded RB2011UiAS-RM to 6.10 - looking ok with the exception of all L2TP/IPSEC tunnels that won't come up.
There are documented issues with AES256 on v6.10 ... try AES128 instead and see if it works ...

JF

Re: v6.10 released

Posted: Tue Feb 18, 2014 1:19 pm
by demonster
RB2011UiAS + APC SmartUPS 1500 USB + package usb6.10.pkg
After upgrading 6.9-6.10 router reboot in loop. When disconnect USB router works, when connect UPS - rebooting.

Re: v6.10 released

Posted: Tue Feb 18, 2014 1:29 pm
by xcracker
firewall filter dont check address lists, all rules drop connections with this features.

Re: v6.10 released

Posted: Tue Feb 18, 2014 3:07 pm
by Neovr
v6.10 SSTP tunels work very unstable, go back to 6.7...
many tunels connect\disconnect every 1-10min, but any tunels uptime is few days ...
on v6.7 same tunel work more stable...
Platform - RB1000 powerpc

and i have problem before update:
any routers then fist boot before update 6.6>6.9(6.10) have unactive routing with any routing mark, routing mark set in firewall manle rules
i fixed this with 2 way =>
1) Reboot router manualy
2) recreate all manle rules with action = routing mark (i have this test: do recreating mangle rule, when i create new route i don't see any routing marks exapmles in list, list is blank...)

Re: v6.10 released

Posted: Tue Feb 18, 2014 3:18 pm
by w32pamela
With Groove 52HPn's the "Country" and "Bandwidth" settings do not function on the WebFig Quick Set page. Changes can only be made from the Wireless interface or by CLI.

Re: v6.10 released

Posted: Tue Feb 18, 2014 3:50 pm
by heislerb
v6.10 SSTP tunels work very unstable, go back to 6.7...
many tunels connect\disconnect every 1-10min, but any tunels uptime is few days ...
on v6.7 same tunel work more stable...
Platform - RB1000 powerpc


2) recreate all manle rules with action = routing mark (i have this test: do recreating mangle rule, when i create new route i don't see any routing marks exapmles in list, list is blank...)
Check to ensure your routing package is enabled.

Re: v6.10 released

Posted: Tue Feb 18, 2014 7:06 pm
by Robox
EN
At me RB951G-2HnD os v.6.7
In adjustments 3, 4 and 5 ports, the second port is specified as a master port.
If to start utility Torch on second to port and on the general bridge, Torch - works, and on 3, 4 and 5, Torch - does not work.
As soon as, I, clean a master port, and I do bridge through inset Bridge then Torch - works for 3, 4 and 5 ports.
Muster please on version 6.10

RU
У меня RB951G-2HnD os v.6.7
в настройках 3, 4 и 5 портов, второй порт указан как мастер порт.
Если запустить утилиту Torch, то на втором порту и на общем bridge, Torch - работает, а на 3, 4 и 5, Torch - не работает.
Как только, я, убирают мастер порт, и делаю bridge через вкладку Bridge, тогда Torch - работает для 3, 4 и 5 порта.
Проверьте пожалуйста на версии 6.10

Re: v6.10 released

Posted: Tue Feb 18, 2014 9:17 pm
by jandafields
v6.10 SSTP tunels work very unstable, go back to 6.7...
many tunels connect\disconnect every 1-10min, but any tunels uptime is few days ...
on v6.7 same tunel work more stable...
Platform - RB1000 powerpc


2) recreate all manle rules with action = routing mark (i have this test: do recreating mangle rule, when i create new route i don't see any routing marks exapmles in list, list is blank...)
Check to ensure your routing package is enabled.

No, routing package has nothing to do with this! routing package is for rip,bgp,ospf,bfd,etc. It is not for SSTP!

Re: v6.10 released

Posted: Tue Feb 18, 2014 9:19 pm
by jandafields
"Encryption negotiation rejected" on SSTP server (6.10) when SSTP client (6.7) was trying to connect. After rolling back to 6.7 everything is working fine.

Is there any fix/solution for this issue, please?

Thank you
I can confirm that upgrading also SSTP client to v6.10 fixes this issue.
That isn't a very good "fix". So, this means that everytime a new version comes out, there is a possibility that it will break compatibility between versions?!? That is completely unacceptable.

Re: v6.10 released

Posted: Wed Feb 19, 2014 12:56 am
by dragomir
I have CCR1036
vlan over ovpn (ethernet) not working
please fix it

Re: v6.10 released

Posted: Wed Feb 19, 2014 8:36 am
by docmarius
Hmmm, censoring critic responses on the forum. Congratulations Mikrotik!
Another great example of management.

A public apology for your failures would be more appropriate. You now, some pay you money for the products...

Re: v6.10 released

Posted: Wed Feb 19, 2014 9:01 am
by Raf
You now, some pay you money for the products...
Some? So… the others steal them? I thought we all pay for the products :)

Re: v6.10 released

Posted: Wed Feb 19, 2014 10:37 am
by Maggiore81
Upgraded 1100AHx2 with 6.9 to 6.10, lost VRRP configurations.

Re: v6.10 released

Posted: Wed Feb 19, 2014 10:59 am
by JanezFord
RB2011UiAS + APC SmartUPS 1500 USB + package usb6.10.pkg
After upgrading 6.9-6.10 router reboot in loop. When disconnect USB router works, when connect UPS - rebooting.
Works fine for me on RB751G-2HnD with APC SmartUPS 750 connected on USB port .... also no problems with APC SmartUPS 700 connected via serial port on RB450G (APC Smart cable), both routers upgraded from v6.9.

JF

Re: v6.10 released

Posted: Wed Feb 19, 2014 10:59 am
by normis
Sergejs already wrote above, to please use this topic for v6.10 issues, so we can easily follow what fixes are needed. docmarius you are posting general complaints, not specific issues in v6.10, please post general complaints in a new topic, or even better - write to MikroTik.

it would be very nice if we could stick to topic in this thread, so we can easily fix all issues and quickly release a fixed update.

Thank you all!

Re: v6.10 released

Posted: Wed Feb 19, 2014 11:04 am
by Insspb
The same problem as 6.9 with OVPN on RB951G-2HnD.
Tunnel goes down every hour with message "TLS failed" in Log.
Version 6.7 works without any problem.
I can confirm this problem. See it on two RB951G-2HnD.
Here is log screenshot of one of them.
MikrotikTLS.jpg
Version 6.7 works without any problem.

Re: v6.10 released

Posted: Wed Feb 19, 2014 11:26 am
by samsung172
Metal' grove 2SHPn 2.4ghz is supposed to have fixed a Wireless bug. I upgraded a grove 3 days ago, and it seems like wlan Interface just stop to work randomly. A reebot will fix issue. I have tried 2 groves, and same problem to both. CPE are Connected and all seems ok. After some time, they dissaper, and wlan seems to have no signal at all. I dont find anny other 2,4 Devices during scan. After a boot, all is ok, for some time, and same happening again

Re: v6.10 released

Posted: Wed Feb 19, 2014 11:28 am
by samsung172
CCR Connection to Cisco stil makes CCR hanging/booting, if Interface is 100mb/s. Dont seems like the announced 100mb/s half have not solved all problems to 100mb/s and cisco Connections.

Re: v6.10 released

Posted: Wed Feb 19, 2014 11:54 am
by markom
My suggestion is to make new firmware release for CCR products.
Example: If mikrotik publish 6.15 for all other products and 6.13 for ccr series.

when mikrotik announce 6.15 for CCR (all possible bugs and problems solved) for rest of mikrotik products will be 6.18..

differences between 6.15 CCR and 6.18 (all other) is not recommended to put on CCR.

After CCR products is published this is not any more usage for SOHO environments. We can not allowed us to have some concentrator or some serious link down for unknown time because mikrotik make some mistakes in new release.

CCR is not for home use or in some offices where some simple tp-link can finish the job.

Re: v6.10 released

Posted: Wed Feb 19, 2014 6:30 pm
by olegsher
Good afternoon.
I have problem with igmp-proxy with v6.xx versions.
Seems that proxy freezes during operation after 3-5 hours. Clients send igmp requests but igmp-proxy ignore it.
mfc list empty.
If I delete upstream and downstream interfaces and recreate it again then proxy works again ... for 3-5 hours.
I tried with 6.8, 6.10.
I want to downgrade to 5.xx version because I didn't have problem with igmp-proxy before 6.xx.
Is it normal?
P.S. I use ppc version of RouterOS.

Re: v6.10 released

Posted: Wed Feb 19, 2014 6:44 pm
by dominicbatty
My RB2011UiAS-RM keeps locking up and stops routing any traffic or being available to connect to. Only solution is a reboot and it comes back up ok.

I have auto supout turned on but I am not getting that so it must think it is working ok ..

Does anyone have any suggestions as to what I can do to log this with some information with Mikrotik as at the moment "it just stops working" is not really going to return any realistic solution?

Thanks, Dominic.

Re: v6.10 released

Posted: Wed Feb 19, 2014 8:01 pm
by Disassembler
I can confirm the instability of SSTP, but I have also noticed a memory leak connected to SSTP servers.

I have 2 RB2011UiAS working as SSTP servers. One of them has ~80 SSTP clients, the other one has about 10 clients.
On fresh start, I can see that there is about 100 MB of free memory on both of them.
The one with ~80 tunnels has now 1 day uptime and free memory dropped to 41 MB.
The other one with ~10 tunnels has 3 days uptime and free memory is now at 17 MB.

The SSTP clients are on ROS 6.10 as well, yet about 10% of them are constantly dropping on both servers with no apparent reason.
Server side says, that connection was terminated by peer, but client side reports connection timeout.

Other RB2011UiAS which are NOT doing SSTP servers do not exhibit this behavior.

Re: v6.10 released

Posted: Wed Feb 19, 2014 10:07 pm
by planetcaravan
I'm using RB2011L as router for pppoe-client, vpn, hotspot, sstp-client. Now is running 6.10 and all is working fine. I've updated from 6.9.

Re: v6.10 released

Posted: Thu Feb 20, 2014 6:08 am
by nje431
I've sent a detailed bug report to tech support, but here is a brief description of what I've found.

The NTP client struggles at best, and refuses to synchronize in other cases, to our Windows 7 NTP server after reboots. Routers with 5.26 and 6.1 don't have this issue, but any upgraded to 6.9 or 6.10 do. Syncing to an NIST server is consistently successful, as well as using another MikroTik router as a NTP unicast server (that's all I've tried). And once it syncs to another server, you can switch the IP to the Windows 7 server and it will usually sync back up. Until you reboot. Then it's hit and miss again.

Cheers.

Re: v6.10 released

Posted: Thu Feb 20, 2014 10:19 am
by coombes69
I have not updated any of our production routers but did update my home RB450G to 6.10 and my bt infinity PPPOE internet connection went from 90Mbps Down and 20Mbps up with ping latency of around 18ms to 0.15Mbps down and up with pings of over 300ms.

Restoring to 6.7 has resolved the issue.

The router also hung to the point where the only way i could access it was to reboot it.

Re: v6.10 released

Posted: Thu Feb 20, 2014 11:49 am
by Chupaka
EN
At me RB951G-2HnD os v.6.7
In adjustments 3, 4 and 5 ports, the second port is specified as a master port.
If to start utility Torch on second to port and on the general bridge, Torch - works, and on 3, 4 and 5, Torch - does not work.
As soon as, I, clean a master port, and I do bridge through inset Bridge then Torch - works for 3, 4 and 5 ports.
Muster please on version 6.10

RU
У меня RB951G-2HnD os v.6.7
в настройках 3, 4 и 5 портов, второй порт указан как мастер порт.
Если запустить утилиту Torch, то на втором порту и на общем bridge, Torch - работает, а на 3, 4 и 5, Torch - не работает.
Как только, я, убирают мастер порт, и делаю bridge через вкладку Bridge, тогда Torch - работает для 3, 4 и 5 порта.
Проверьте пожалуйста на версии 6.10
it's as it should be. setting 'master-port' makes hardware switch, and Torch is software part. for CPU, there's one 'port' - the master one.

Re: v6.10 released

Posted: Fri Feb 21, 2014 9:58 am
by falestiny
can someone confirm if SSH or TELNET works find with this new release?! I'm trying to access my mikrotik remotely throw SSH or TELNET but it does not work.

NOTE: it works from local network but not from out side, i do not have forward rules or filter rules.

Re: v6.10 released

Posted: Fri Feb 21, 2014 10:37 am
by Veria
Hi,
Sorry for my bad English.
I have problem on v6.10 CCR1016-12G
When I disabling a vlan interface, the router go down for 30 sec and when come back the vlan still active!

Re: v6.10 released

Posted: Fri Feb 21, 2014 10:42 am
by uldis
Hi,
Sorry for my bad English.
I have problem on v6.10 CCR1016-12G
When I disabling a vlan interface, the router go down for 30 sec and when come back the vlan still active!
Does it reboot with kernel panic or you just loose the connectivity to the router for 30 seconds?

Re: v6.10 released

Posted: Fri Feb 21, 2014 10:56 am
by Veria
Does it reboot with kernel panic or you just loose the connectivity to the router for 30 seconds?
I dont what happening exactly.
The log attached.

Re: v6.10 released

Posted: Fri Feb 21, 2014 11:07 am
by uldis
Does it reboot with kernel panic or you just loose the connectivity to the router for 30 seconds?
I dont what happening exactly.
The log attached.
Please make a support output file and send it to the support@mikrotik.com

Re: v6.10 released

Posted: Fri Feb 21, 2014 11:43 am
by slech
can someone confirm if SSH or TELNET works find with this new release?! I'm trying to access my mikrotik remotely throw SSH or TELNET but it does not work.

NOTE: it works from local network but not from out side, i do not have forward rules or filter rules.
It working for me:
[admin@ros-6.10(RB951G-2HnD)] > user active print
Flags: R - radius
 #   WHEN                 NAME               ADDRESS                                              VIA
 0   feb/21/2014 11:37:06 admin              192.168.1.11                                        winbox
 1   feb/21/2014 11:38:41 admin              XX.XX.XX.XX                                          ssh

Re: v6.10 released

Posted: Fri Feb 21, 2014 12:02 pm
by falestiny
can someone confirm if SSH or TELNET works find with this new release?! I'm trying to access my mikrotik remotely throw SSH or TELNET but it does not work.

NOTE: it works from local network but not from out side, i do not have forward rules or filter rules.
It working for me:
[admin@ros-6.10(RB951G-2HnD)] > user active print
Flags: R - radius
 #   WHEN                 NAME               ADDRESS                                              VIA
 0   feb/21/2014 11:37:06 admin              192.168.1.11                                        winbox
 1   feb/21/2014 11:38:41 admin              XX.XX.XX.XX                                          ssh
did you try it externally? i means connecting to mikrotik from internet and not from local network.

Re: v6.10 released

Posted: Fri Feb 21, 2014 2:52 pm
by slech
falestiny
XX.XX.XX.XX - it's connection from external network(via Internet): Work --> Home.

Re: v6.10 released

Posted: Fri Feb 21, 2014 10:16 pm
by webpagetech
just upgraded 2011UAS-2HnD to 6.10.

Confirmed that mangle routing marks are working now. I had a problem with mangle rules not sending traffic to the proper routing table via "action=mark routing" in 6.9. Working now in 6.10 :).

Re: v6.10 released

Posted: Sat Feb 22, 2014 5:29 am
by Sander
just upgraded 2011UAS-2HnD to 6.10.

Confirmed that mangle routing marks are working now. I had a problem with mangle rules not sending traffic to the proper routing table via "action=mark routing" in 6.9. Working now in 6.10 :).
Upgraded my RB2011L to 6.10. Routing mark works. Doesn't see it in 6.10 change log.

Re: v6.10 released

Posted: Sat Feb 22, 2014 10:00 am
by steen
Hello Folks!

After upgrading from RoS6.7 to RoS6.10 Routing Mark does not work anymore after at least 5 years continusly working!
Supout is generated and sent in to MT support.

Setup is fairly simple:
Routing marks is set on mail traffic coming from one Mailserver ip source address using mangle rule.
Mailserver --> MT Router -mangle-route on routing mark-> ASA5510 --> Internet
Default gateway in MT Router is another firewall not ASA5510.

From mailserver smtp traffic got timeout and emails queues up.
Rollback to RoS6.7 solved the problem.

Re: v6.10 released

Posted: Sun Feb 23, 2014 11:09 am
by shinobi
Hello Folks!

After upgrading from RoS6.7 to RoS6.10 Routing Mark does not work anymore after at least 5 years continusly working!
Supout is generated and sent in to MT support.

Setup is fairly simple:
Routing marks is set on mail traffic coming from one Mailserver ip source address using mangle rule.
Mailserver --> MT Router -mangle-route on routing mark-> ASA5510 --> Internet
Default gateway in MT Router is another firewall not ASA5510.

From mailserver smtp traffic got timeout and emails queues up.
Rollback to RoS6.7 solved the problem.
there is a chance that your main routing has gone. you can check it in winbox, in any routing mark or routing table dropdown boxes. if so, go to system -> package and hit downgrade. system will reboot and without downgrade your routing will be fixed.

Re: v6.10 released

Posted: Sun Feb 23, 2014 11:56 am
by steen
Hello Folks!

After upgrading from RoS6.7 to RoS6.10 Routing Mark does not work anymore after at least 5 years continusly working!
Supout is generated and sent in to MT support.

Setup is fairly simple:
Routing marks is set on mail traffic coming from one Mailserver ip source address using mangle rule.
Mailserver --> MT Router -mangle-route on routing mark-> ASA5510 --> Internet
Default gateway in MT Router is another firewall not ASA5510.

From mailserver smtp traffic got timeout and emails queues up.
Rollback to RoS6.7 solved the problem.
there is a chance that your main routing has gone. you can check it in winbox, in any routing mark or routing table dropdown boxes. if so, go to system -> package and hit downgrade. system will reboot and without downgrade your routing will be fixed.
Okey, nothing was missing as far I could see.
So downgrade without downgrade solves the problem, sounds wierd ?
Anyhow testing in production is out of question till next service window in a week.

Re: v6.10 released

Posted: Sun Feb 23, 2014 7:44 pm
by JackANSI
Since upgrading to 6.10 at work we are seeing 12kbps VPN throughput (both directions) on a 20Mbps-up/100Mbps-down connection. What gives? Why does every upgrade to ROS seem worse than the last?

I read the change log and it said this was fixed so I figured upgrading would be safe. (yes this is mikrotik, I should know better).

Re: v6.10 released

Posted: Sun Feb 23, 2014 11:44 pm
by dominicbatty
I had routing mark problems in 6.9 and 6.10 but on checking routes some of the "check gateway" fields were not set and setting these to "ping" appears to have solved the problem.

Re: v6.10 released

Posted: Mon Feb 24, 2014 12:10 am
by neandero
winbox keep disconnecting...

Re: v6.10 released

Posted: Mon Feb 24, 2014 3:57 am
by dmka
Vlans over bonding interface are broken (no Rx packets) after upgrade from 6.7 to 6.10. Downgrading the RB951G-2HnD back to 6.7 resolved the issue. Please fix.

Re: v6.10 released

Posted: Mon Feb 24, 2014 3:06 pm
by davestahr
I upgraded an RB1200 (powerpc) from 5.24 to 6.10 yesterday afternoon. The queues were all automatically disabled. I enabled them, to find a big problem. The queues were all appended with an interface value that was making the first queue gobble up every single packet. So, I went through and took the interface out of each target. At that point, they were sitting there enabled, but not collecting any data or slowing anything down. I didn't have time to deal with them, so I disabled them all and hit the sack. This morning, I got up, started enabling the queues one by one, and found that they're now working just fine. Glad it's working, but wanted to share my experience in case anyone else saw something similar.

Re: v6.10 released

Posted: Mon Feb 24, 2014 4:20 pm
by jsparrott
Linktech PowerRouter 2200 (x86). Two Ethernet links - Eth2 internal OSPF network, Eth1 external BGP Peering. Running 6.10 10-11 percent packet loss between BGP Peers. Running 5.26 no packet loss. All CPU Cores (4) currently enabled.

Thoughts?

Re: v6.10 released

Posted: Mon Feb 24, 2014 5:01 pm
by skibi82
I noticed a serious error in the implementation of IPSEC
The situation as a picture.

In gets called when the unit Mikrotik 2 does not default gw
It is not properly routed traffic through the ipsec policy.
Create two ipsec policy:
1. Prio 9999 trafic from 192.168.1.1 to 192.168.1.0/24 is no encrypted.
2. Prio 5 traffic from 192.168.1.0/24 to 0.0.0.0 / 0 is in tunnel mode
witch esp through the end of 10.2.0.2 - 10.1.0.2

Tunnel compiles correctly but Mikrotik 2 does not direct traffic to it.
If is no set the default route in main table.

On conected computers to the network 192.168.1.0/24 i gets no route to host

as in the case of ping aa.bb.cc.dd src-address = 10.2.0.2

The workaround of problem is to create brg interface with fake 0/0 route
or the addition of any 0/0 by not existing gw.

The assumption Mikrotik 2 should not have a default route.
For Cisco devices, Fortinet, ZyXEL .. there is no such requirement.

Re: v6.10 released

Posted: Mon Feb 24, 2014 5:03 pm
by mrz
Ofcourse it will give error "no route to host" because router does not know how to route the packet.. routing decision happens before ipsec encapsulation. For more details see packet flow diagram.
http://wiki.mikrotik.com/wiki/Manual:Pa ... encryption

Re: v6.10 released

Posted: Mon Feb 24, 2014 6:32 pm
by alexkhokhlov
I've upgraded RG951-2HnD to 6.10 today morning. Now it keeps rebooting and beeping.
It goes like this:
1. Power on
2. All lan ports light on and then off
3. Lan 1 starts to flash (connected directly to notebook) and one beep is heard
4. lan 1 for about 10 seconds, but then stops. All man ports are off and not flashing.
5. Goto 2.

I can't install any other routeros version via Netinstall: I see a router, choose package, press install and nothing happens.

Hard reset does not work - everything goes into infinite reboot.

Please help me get the router out of this "brick" mode.

Re: v6.10 released

Posted: Mon Feb 24, 2014 8:38 pm
by skibi82
Route table is correct and is not the main table.

Anyhow it indicates a problem.
It is absurd to the implementation of the IPSEC tunnel mode

Why in this case served the ends of the tunnel on the left and right quickly and so the package is not addressed properly.

By the way, I do not know if I understand the diagram, but for me, the diagram shows that it should be able to ping the IP of the router, eg the inside of the IPSEC police as the input and determine the policy is directed to forward?

I beg for the correct diagram for the implementation of IPSEC
I am able to send a bottle of vodka a person who confirms the correctness of the current diagram:

http://wiki.mikrotik.com/images/thumb/3 ... ple_5c.png

Maybe vodke help him understand that the diagram is not correct.

Re: v6.10 released

Posted: Mon Feb 24, 2014 11:00 pm
by DogHead
There are some very weird things going on in ROS 6.x pertaining to certificate management and VPN in general.

I have an RB433AH that has been running for years and is a gateway for an office. It was originally installed with a 4.x version of ROS and we have upgraded it every time a new release comes out all the way to 6.10. We use it for testing.

It has a CA certificate that was created on a Ubuntu server running OpenSSL/OpenVPN back in Oct 2012. The key for the CA cert is 1024. This same key is used by all of our routers for connectivity to a central VPN server that is used for remote bridge access. On the OVPN Client Dialog in Winbox it says that the link is using blowfish and SHA1. But it really is using AES 128. From terminal it shows unknown, unknown for both. And Winbox says that the CA cert is 2048, while terminal says nothing (key length not listed).

This RB433AH is authenticated and connected to the Ubuntu server using OpenVPN TAP. Everything works fine.

Then we have a new RB2011UiAS which is upgraded to 6.10. Same identical configuration for VPN. However it says blowfish and AES in both Winbox and terminal. And it reports the CA key length of 1024. So it says everything is correct. But it will not connect. In fact I don't even see it trying to connect with packet sniffer.

My question: At what point did certificates work properly? At what point did OpenVPN work properly? I want to move back to a working implementation. Scared to touch the working system at this point.

Re: v6.10 released

Posted: Tue Feb 25, 2014 3:12 am
by lubor
Vlans over bonding interface are broken (no Rx packets) after upgrade from 6.7 to 6.10. Downgrading the RB951G-2HnD back to 6.7 resolved the issue. Please fix.
I have same problem on CCR1036.

Re: v6.10 released

Posted: Tue Feb 25, 2014 7:56 am
by rpingar
[Ticket#2014022566000158]
new pppoe BUG introduced with the new pppoe package.

The NASPORT value reported in radius by MT is completely wrong.

In regular package it is the snmp index of the pppoe-client interface
Now it is completely not useful.

We need it to be reported correctly.

regards
Ros

Re: v6.10 released

Posted: Tue Feb 25, 2014 11:03 am
by koshak83
Two wi-fi clients connected to the router now, but I see no data on these connections in this window. RB 951G-2HnD, OS6.10, firmware 3.12
Image

Re: v6.10 released

Posted: Tue Feb 25, 2014 11:08 am
by normis
Two wi-fi clients connected to the router now, but I see no data on these connections in this window. RB 951G-2HnD, OS6.10, firmware 3.12
Image
Clear your browser cache, and if you use it, proxy cache too.

Re: v6.10 released

Posted: Tue Feb 25, 2014 11:25 am
by koshak83
Two wi-fi clients connected to the router now, but I see no data on these connections in this window. RB 951G-2HnD, OS6.10, firmware 3.12
Image
Clear your browser cache, and if you use it, proxy cache too.
After your decision, I see the data just a second, then again is lost. I think this is a problem of Firefox in Ubuntu Linux, in windows 7 & IE all work good. =\

Re: v6.10 released

Posted: Tue Feb 25, 2014 1:30 pm
by rextended
(sorry for my bad english)

Hi,
I write here how to get the "kernel failure" on RouterOS 6.10 (happen also on 6.9 on the same way).
I talk about this problem at Italian's M.U.M. with MikroTik Staff.

I'm able to replicate this problem with RB1100AHx2 and M.U.M.'s RB951Ui-2HnD gift :) (really hardware does not matter, invert RB still do same problem)

On the RB1100AHx2 powered by PoE on ether13 (also is a PC connected for netinstall):
update bios with serial port to 3.10 and
after update re-enter the bios and reset all for default options
after reboot re-renter the bios and set "try-ethernet-once-then-nand" for boot.
reboot for netinstall

With NetInstall 6.10:
***NO*** Keep old configuration
select: routeros-powerpc-6.10.npk
and install

after first boot:
disable all packages except for:
routeros-powerpc
ppp
system

and reboot

paste this on RB1100AHx2 terminal
/interface pppoe-server server
add default-profile=default-encryption disabled=no interface=ether1 mrru=1600 service-name=service1
/ppp secret
add local-address=10.0.0.1 name=test password=test profile=default-encryption remote-address=10.0.0.2
/system identity
set name="Test Gateway"
Now the RB951Ui-2HnD powered by PoE on ether1 (also is a PC connected for netinstall):
Open the device with winbox and update bios to 3.12 and reboot,
On winbox select on system/routerboard/settings:
set boot-device=try-ethernet-once-then-nand
reboot for netinstall

With NetInstall 6.10:
***NO*** Keep old configuration
select: routeros-mipsbe-6.10.npk
and install

after first boot:
disable all packages except for:
routeros-powerpc
ppp
system

and reboot

(really the RouterOS version on the client does not matter...)

paste this on RB951Ui-2HnD terminal
/interface pppoe-client
add add-default-route=yes allow=pap,chap,mschap1,mschap2 default-route-distance=1 dial-on-demand=no disabled=no interface=ether2 keepalive-timeout=60 max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out1 password=test profile=default-encryption use-peer-dns=no user=test
/system identity
set name="Test CPE"

Now both RB working and all is ok, but after put a cable from ether1 of RB1100AHx2 and ether2 of RB951Ui-2HnD, after pppoe-client login on pppoe-server
the RB1100AHx2 continuosly reboot (or freeze after some random reboot) with kernel failure (I think on ppp-mppe process).

If you do not use "default-encription" profile on both routerboard, but only "default" profile (so pppoe not encripted) no kernel failure happen, also if you leave bandwidth test for hours.

I hope that I've explained everything well.

Thanks to all.

Re: v6.10 released

Posted: Tue Feb 25, 2014 2:02 pm
by rextended
I forget:

On the RB1100AHx2 serial the output are: "PowerPC Book-E Watchdog Exception"
and RB reboot

On the log inside RB after reboot (without cable plugged) at random:
kernel failure
or
routerboard rebooted without proper shutdown

no autosupout.rif generated

Re: v6.10 released

Posted: Tue Feb 25, 2014 3:32 pm
by mrz
Route table is correct and is not the main table.

Anyhow it indicates a problem.
It is absurd to the implementation of the IPSEC tunnel mode

Why in this case served the ends of the tunnel on the left and right quickly and so the package is not addressed properly.

By the way, I do not know if I understand the diagram, but for me, the diagram shows that it should be able to ping the IP of the router, eg the inside of the IPSEC police as the input and determine the policy is directed to forward?

I beg for the correct diagram for the implementation of IPSEC
I am able to send a bottle of vodka a person who confirms the correctness of the current diagram:

http://wiki.mikrotik.com/images/thumb/3 ... ple_5c.png

Maybe vodke help him understand that the diagram is not correct.

Please look at diagram again

in interface -> prerouting chain -> routing decision (here you need the route to actually forward)-> forward chain -> post routing -> ipsec policy -> ipsec encryption -> local-in process -> routing decision again (now for encrypted packet) -> output chain -> out interface.

Re: v6.10 released

Posted: Tue Feb 25, 2014 11:38 pm
by jandafields
It looks like 6.11 beta so far doesn't fix any of these issues ... at least according to the changelog :(

What's new in 6.11rc1 (2014-Feb-24 10:54):

*) dhcp - added support for DHCP option 138 - list of CAPWAP IPv4 servers;
*) quickset - added Guest Network setup to Home AP mode;
*) console - no longer required to supply value of '/routing bgp instance vrf'
property 'instance' for 'add' command;

By the way, this was copied from a publically available mikrotik.com page, not the beta website.

Re: v6.10 released

Posted: Wed Feb 26, 2014 1:24 am
by PashaT
MT #1 and #2 - 951G-2HnD 6.10 + 3.12

Link speed/Duplex problems at least with 3 devices.

- Fiber media converter STELS (maybe IC+ 1xx) 100Mbps connected with 1m A-A (direct) cable to MT #1 ether2-master-local with default config.
- HP NC360T PCIe DP Gigabit Server Adapter (Intel) connected with 15m A-B (cross) cable to MT #2 ether2-master-local with default config.
- Realtek 8168 integrated PCIe GBE controller connected with 5m cable to MT #2 ether4-slave-local with default config.

MT #2 (Auto + FD) -> Intel (10 + H) - OK
MT #2 (Auto + FD) -> Intel (10 + FD) - MT status 10H with warning excessive or late collision, link duplex mismatch ?
MT #2 (Auto + H/FD) or (100 + H/FD) -> Intel (100 + H/FD) - MT status 100H, Intel connection status - Not available
MT #2 (Auto + FD) -> D-Link DES-1008 (Gigabit router) -> Intel (100 + H/FD) - OK

MT #2 (Auto + H/FD) -> RTL8168 (Auto) - OK
MT #2 (1000 + H/FD) -> RTL8168 (Auto) - MT status 1000FD, RTL connection status - Not available

MT #1 (Auto + FD) -> STELS (Auto) - FDX led on STELS is ON, SPD - ON (100Mbps Full Duplex)
MT #1 (100 + FD) -> STELS (Auto) - FDX led on STELS is OFF, SPD - ON (100Mbps Half)


And sometimes warnings "excessive or late collision, link duplex mismatch ?" with EN28J60 10Mbps H device.

Re: v6.10 released

Posted: Wed Feb 26, 2014 9:10 am
by alexkhokhlov
I can't install any other routeros version via Netinstall: I see a router, choose package, press install and nothing happens.
I've finally managed to flash 6.10 via netinstall. It seems like it does not work right away after booting. It started to work after I plugged out the ethernet cable and put it back. About a minute or so also passed. So, if it does not work with you - wait a minute and try to re-plug the cable.

Also noticed that after my RB951 came back online it was on 3.09 routerboard firmware. I upgraded it to 3.12 afterwards that came with RouterOS 6.10.

Now everything seems to work again.

Re: v6.10 released

Posted: Wed Feb 26, 2014 9:30 am
by normis
It looks like 6.11 beta so far doesn't fix any of these issues ... at least according to the changelog :(

What's new in 6.11rc1 (2014-Feb-24 10:54):

*) dhcp - added support for DHCP option 138 - list of CAPWAP IPv4 servers;
*) quickset - added Guest Network setup to Home AP mode;
*) console - no longer required to supply value of '/routing bgp instance vrf'
property 'instance' for 'add' command;

By the way, this was copied from a publically available mikrotik.com page, not the beta website.
where exactly ?

Re: v6.10 released

Posted: Wed Feb 26, 2014 9:58 am
by nz_monkey
MT #1 and #2 - 951G-2HnD 6.10 + 3.12

Link speed/Duplex problems at least with 3 devices.

- Fiber media converter STELS (maybe IC+ 1xx) 100Mbps connected with 1m A-A (direct) cable to MT #1 ether2-master-local with default config.
- HP NC360T PCIe DP Gigabit Server Adapter (Intel) connected with 15m A-B (cross) cable to MT #2 ether2-master-local with default config.
- Realtek 8168 integrated PCIe GBE controller connected with 5m cable to MT #2 ether4-slave-local with default config.

MT #2 (Auto + FD) -> Intel (10 + H) - OK
MT #2 (Auto + FD) -> Intel (10 + FD) - MT status 10H with warning excessive or late collision, link duplex mismatch ?
MT #2 (Auto + H/FD) or (100 + H/FD) -> Intel (100 + H/FD) - MT status 100H, Intel connection status - Not available
MT #2 (Auto + FD) -> D-Link DES-1008 (Gigabit router) -> Intel (100 + H/FD) - OK

MT #2 (Auto + H/FD) -> RTL8168 (Auto) - OK
MT #2 (1000 + H/FD) -> RTL8168 (Auto) - MT status 1000FD, RTL connection status - Not available

MT #1 (Auto + FD) -> STELS (Auto) - FDX led on STELS is ON
MT #1 (100 + FD) -> STELS (Auto) - FDX led on STELS is OFF


And sometimes warnings "excessive or late collision, link duplex mismatch ?" with EN28J60 10Mbps H device.
Mikrotik a lot of people including me have been reporting issues like the above recently. Are Mikrotik working actively working to resolve these issues?

How can we help you to fix this ?

bad blocks problem

Posted: Wed Feb 26, 2014 10:43 am
by facetwety
after upgrade to ros ver:6.10 bad blocks counter start raising Almost after every reboot by .1%

http://forum.mikrotik.com/viewtopic.php?t=82299

Re: v6.10 released

Posted: Wed Feb 26, 2014 10:45 am
by morf
to normis:
Now the error occurred in the hotspot. Account in hotspot not authorize because address list were dynamic entry with the IP addresses. Not removed! Why?
It happened so that accounts can not be logged because remained dynamic IP addresses in the address list.
I had to manually delete the dynamic (d) address.

Re: v6.10 released

Posted: Wed Feb 26, 2014 11:37 am
by morf
to normis:
Now the error occurred in the hotspot. Account in hotspot not authorize because address list were dynamic entry with the IP addresses. Not removed! Why?
It happened so that accounts can not be logged because remained dynamic IP addresses in the address list.
I had to manually delete the dynamic (d) address.

Re: v6.10 released

Posted: Wed Feb 26, 2014 11:47 am
by becs
MT #1 and #2 - 951G-2HnD 6.10 + 3.12

Link speed/Duplex problems at least with 3 devices.

- Fiber media converter STELS (maybe IC+ 1xx) 100Mbps connected with 1m A-A (direct) cable to MT #1 ether2-master-local with default config.
- HP NC360T PCIe DP Gigabit Server Adapter (Intel) connected with 15m A-B (cross) cable to MT #2 ether2-master-local with default config.
- Realtek 8168 integrated PCIe GBE controller connected with 5m cable to MT #2 ether4-slave-local with default config.

MT #2 (Auto + FD) -> Intel (10 + H) - OK
MT #2 (Auto + FD) -> Intel (10 + FD) - MT status 10H with warning excessive or late collision, link duplex mismatch ?
MT #2 (Auto + H/FD) or (100 + H/FD) -> Intel (100 + H/FD) - MT status 100H, Intel connection status - Not available
MT #2 (Auto + FD) -> D-Link DES-1008 (Gigabit router) -> Intel (100 + H/FD) - OK

MT #2 (Auto + H/FD) -> RTL8168 (Auto) - OK
MT #2 (1000 + H/FD) -> RTL8168 (Auto) - MT status 1000FD, RTL connection status - Not available

MT #1 (Auto + FD) -> STELS (Auto) - FDX led on STELS is ON, SPD - ON (100Mbps Full Duplex)
MT #1 (100 + FD) -> STELS (Auto) - FDX led on STELS is OFF, SPD - ON (100Mbps Half)


And sometimes warnings "excessive or late collision, link duplex mismatch ?" with EN28J60 10Mbps H device.
In this case results mostly are as they should be.

Autonegotiation on the one end and forced speed on the other end makes duplex mismatch.
And autonegotiation is obligatory for 1000BASE-T gigabit Ethernet over twisted pair.
More info: en.wikipedia.org/wiki/Autonegotiation

Only this setup may be in question:
MT #2 (Auto + H/FD) or (100 + H/FD) -> Intel (100 + H/FD) - MT status 100H, Intel connection status - Not available

Re: v6.10 released

Posted: Wed Feb 26, 2014 3:58 pm
by webpagetech
firewall filter dont check address lists, all rules drop connections with this features.
Works fine for me on v6.10 RB2011UAS-2HnD

Re: v6.10 released

Posted: Wed Feb 26, 2014 6:38 pm
by saaremaa
What's New in 6.11 rc1? No description available.

Re: v6.10 released

Posted: Wed Feb 26, 2014 6:47 pm
by jandafields
What's New in 6.11 rc1? No description available.

Look at my post, about 10 posts up from here. You will see the changelog.

Re: v6.10 released

Posted: Wed Feb 26, 2014 10:14 pm
by littlebill
any confirmations that 6.10 fixed all the sstp client issues with win 7 clients, that got broke in 6.8 and 6.9, how about pptp and winbox disconnects?


looking for confirmation. i dropped a production network big time on 6.8, going to cool off for a while

Re: v6.10 released

Posted: Wed Feb 26, 2014 10:26 pm
by rextended
any confirmations that 6.10 fixed all the sstp client issues with win 7 clients, that got broke in 6.8 and 6.9, how about pptp and winbox disconnects?


looking for confirmation. i dropped a production network big time on 6.8, going to cool off for a while
The problem is in encryption.
Read my very very detailed and repeatable (with any hardware) post on page 3....

http://forum.mikrotik.com/viewtopic.php ... 64#p411334

Try to use SSTP without encryption on both end.
Just a try...

Re: v6.10 released

Posted: Wed Feb 26, 2014 11:04 pm
by nz_monkey
MT #1 and #2 - 951G-2HnD 6.10 + 3.12

Link speed/Duplex problems at least with 3 devices.

- Fiber media converter STELS (maybe IC+ 1xx) 100Mbps connected with 1m A-A (direct) cable to MT #1 ether2-master-local with default config.
- HP NC360T PCIe DP Gigabit Server Adapter (Intel) connected with 15m A-B (cross) cable to MT #2 ether2-master-local with default config.
- Realtek 8168 integrated PCIe GBE controller connected with 5m cable to MT #2 ether4-slave-local with default config.

MT #2 (Auto + FD) -> Intel (10 + H) - OK
MT #2 (Auto + FD) -> Intel (10 + FD) - MT status 10H with warning excessive or late collision, link duplex mismatch ?
MT #2 (Auto + H/FD) or (100 + H/FD) -> Intel (100 + H/FD) - MT status 100H, Intel connection status - Not available
MT #2 (Auto + FD) -> D-Link DES-1008 (Gigabit router) -> Intel (100 + H/FD) - OK

MT #2 (Auto + H/FD) -> RTL8168 (Auto) - OK
MT #2 (1000 + H/FD) -> RTL8168 (Auto) - MT status 1000FD, RTL connection status - Not available

MT #1 (Auto + FD) -> STELS (Auto) - FDX led on STELS is ON, SPD - ON (100Mbps Full Duplex)
MT #1 (100 + FD) -> STELS (Auto) - FDX led on STELS is OFF, SPD - ON (100Mbps Half)


And sometimes warnings "excessive or late collision, link duplex mismatch ?" with EN28J60 10Mbps H device.
In this case results mostly are as they should be.

Autonegotiation on the one end and forced speed on the other end makes duplex mismatch.
And autonegotiation is obligatory for 1000BASE-T gigabit Ethernet over twisted pair.
More info: en.wikipedia.org/wiki/Autonegotiation

Only this setup may be in question:
MT #2 (Auto + H/FD) or (100 + H/FD) -> Intel (100 + H/FD) - MT status 100H, Intel connection status - Not available
This is the configuration that we, and others seem to be having issues with.

Re: v6.10 released

Posted: Thu Feb 27, 2014 12:33 am
by daggerCVN
Deploying RB750GL's on multiple properties. No issues running 6.7 Next property and uploaded first RB750GL fresh out of the box with latest 6.10 and have multiple issues. Random reboots occurring. Applying DHCP Option 60/43 no longer works (devices are receiving DHCP IP assignment but not being passed the Option 43 TLV parameters). Putting a hold on all upgrades to 6.10 and reverting back to 6.7.

Cheers,
David

Re: v6.10 released

Posted: Thu Feb 27, 2014 2:08 am
by jandafields
any confirmations that 6.10 fixed all the sstp client issues with win 7 clients, that got broke in 6.8 and 6.9, how about pptp and winbox disconnects?


looking for confirmation. i dropped a production network big time on 6.8, going to cool off for a while
The problem is in encryption.
Read my very very detailed and repeatable (with any hardware) post on page 3....

http://forum.mikrotik.com/viewtopic.php ... 64#p411334

Try to use SSTP without encryption on both end.
Just a try...
Yup, SSTP is still confirmed broken in certain scenarios by several people. It should work from mikrotik 6.10 to mikrotik 6.10, but other than that, it could be unstable or not connect at all.

Re: v6.10 released

Posted: Thu Feb 27, 2014 9:32 am
by normis
- NTP (from NTP package) client struggles at best, and refuses to synchronize in other cases, to our Windows 7 NTP server after reboots
Try another NTP server, like one from "pool.ntp.org". We had some people in support with similar issues, and they all said that changing the server has fixed the issue.

Re: v6.10 released

Posted: Thu Feb 27, 2014 10:35 am
by skibi82
Route table is correct and is not the main table.

Anyhow it indicates a problem.
It is absurd to the implementation of the IPSEC tunnel mode

Why in this case served the ends of the tunnel on the left and right quickly and so the package is not addressed properly.

By the way, I do not know if I understand the diagram, but for me, the diagram shows that it should be able to ping the IP of the router, eg the inside of the IPSEC police as the input and determine the policy is directed to forward?

I beg for the correct diagram for the implementation of IPSEC
I am able to send a bottle of vodka a person who confirms the correctness of the current diagram:

http://wiki.mikrotik.com/images/thumb/3 ... ple_5c.png

Maybe vodke help him understand that the diagram is not correct.

Please look at diagram again

in interface -> prerouting chain -> routing decision (here you need the route to actually forward)-> forward chain -> post routing -> ipsec policy -> ipsec encryption -> local-in process -> routing decision again (now for encrypted packet) -> output chain -> out interface.

ip router has 192.168.xx.1/24 to int4
is a package that goes from the police 192.168.yy.0/24 -> 192.168.xx.1

and according to the diagram instructed to do so:

Input interface -> In Interface Bridge ->Prerouting -> Routing Decision -> Input -> Ipsec Policy -> IPSec Dectyption -> Forward
Fuck and hear he go to forward but the ip is in local IP shud be placed to routing Routing Decision
so the flow shuld be directed to local proces IN

So diaram sucks

Strangely does not filter traffic to the router on a forward only on the input
So please also look at the diagram
Regards

Re: v6.10 released

Posted: Thu Feb 27, 2014 11:06 am
by andriys
and according to the diagram instructed to do so:

Input interface -> In Interface Bridge ->Prerouting -> Routing Decision -> Input -> Ipsec Policy -> IPSec Dectyption -> Forward
f**k and hear he go to forward but the ip is in local IP shud be placed to routing Routing Decision
so the flow shuld be directed to local proces IN
Wrong. In case you have correct configuration, the actual flow should look like this:

Input Interface -> Prerouting -> Routing Decision -> Forward -> Postrouting -> IPsec Policy -> IPsec Encryption -> Routing Decision -> Output -> IPsec Policy -> Output Interface.

They seem to have mixed up "IPsec Encryption" and "IPsec Decryption" on the Routing diagram on this page in the wiki. So, the diagram in its current state sucks indeed. :)

Re: v6.10 released

Posted: Thu Feb 27, 2014 11:18 am
by ste
There is a bug with dhcp-server on vlan. After update from 5.25 to 6.10 some devolo dlan pro modems cant get their IPs. Had to downgrade.

Re: v6.10 released

Posted: Thu Feb 27, 2014 12:35 pm
by normis
Please send us supout.rif file from problematic v6.10 installation and steps to repeat the issue. Let's get all these issues fixed. Thank you for all the help.

Re: v6.10 released

Posted: Thu Feb 27, 2014 12:51 pm
by becs
There is a bug with dhcp-server on vlan. After update from 5.25 to 6.10 some devolo dlan pro modems cant get their IPs. Had to downgrade.
Is it on x86 machine? Please send supout.rif to MikroTik support.

Re: v6.10 released

Posted: Thu Feb 27, 2014 1:51 pm
by morf
With this Ticket #2014021766000422 we solved the problem with Janis Megis. This tickets are nuances, read my latest post on support@mikrotik.com
Normis, please see this topic - http://forum.mikrotik.com/viewtopic.php?f=2&t=82321
Ticket #2014022666000192

Re: v6.10 released

Posted: Thu Feb 27, 2014 2:20 pm
by ste
There is a bug with dhcp-server on vlan. After update from 5.25 to 6.10 some devolo dlan pro modems cant get their IPs. Had to downgrade.
Is it on x86 machine? Please send supout.rif to MikroTik support.
No. It's a RB411 in production. Cant play/debug at this site.

Re: v6.10 released

Posted: Thu Feb 27, 2014 3:11 pm
by Malosa
A whole forum with thousands of users with Mikrotik routers (different models) are having an issue with the 6.10 version with the IP TV from Movistar Spain (ADSLZone).

Image freezes and sometimes it isn't received.

Back to 6.9 and it perfectly works.

Re: v6.10 released

Posted: Thu Feb 27, 2014 3:22 pm
by normis
A whole forum with thousands of users with Mikrotik routers (different models) are having an issue with the 6.10 version with the IP TV from Movistar Spain (ADSLZone).

Image freezes and sometimes it isn't received.

Back to 6.9 and it perfectly works.
which forum is that? more info please. email support

Re: v6.10 released

Posted: Thu Feb 27, 2014 3:50 pm
by skibi82
and according to the diagram instructed to do so:

Input interface -> In Interface Bridge ->Prerouting -> Routing Decision -> Input -> Ipsec Policy -> IPSec Dectyption -> Forward
f**k and hear he go to forward but the ip is in local IP shud be placed to routing Routing Decision
so the flow shuld be directed to local proces IN
Wrong. In case you have correct configuration, the actual flow should look like this:

Input Interface -> Prerouting -> Routing Decision -> Forward -> Postrouting -> IPsec Policy -> IPsec Encryption -> Routing Decision -> Output -> IPsec Policy -> Output Interface.

They seem to have mixed up "IPsec Encryption" and "IPsec Decryption" on the Routing diagram on this page in the wiki. So, the diagram in its current state sucks indeed. :)
In the decryption is bad scheme.
Well unless you are on a forward input filtering.
Take a look that speaks of packets addressed to the device and not forward to the network.
The device has its own IP address and the traffic going to the device is INPUT and not FORWARD

As for the fact that encryption is implemented in the routing decision for tunnel mode does not utter. As someone implemented scheme settlement needs in the bathroom style
1 Go to the bathroom
2 Remove the pants
3 Sit on the toilet seat
4 Just get on board
5 Clean ass
6 Pick up the board with a heap
7 Drain
I I see this same logic in my example.

Re: v6.10 released

Posted: Thu Feb 27, 2014 4:07 pm
by josefranco
[Ticket#2014022566000158]
new pppoe BUG introduced with the new pppoe package.

The NASPORT value reported in radius by MT is completely wrong.

In regular package it is the snmp index of the pppoe-client interface
Now it is completely not useful.

We need it to be reported correctly.

regards
Ros
This is really a BIG problem for us also.. we use the NASPORT value to make a lot of tests using snmp.

Re: v6.10 released

Posted: Thu Feb 27, 2014 4:11 pm
by andriys
In the decryption is bad scheme.
Well unless you are on a forward input filtering.
Take a look that speaks of packets addressed to the device and not forward to the network.
The device has its own IP address and the traffic going to the device is INPUT and not FORWARD

As for the fact that encryption is implemented in the routing decision for tunnel mode does not utter.
I do not understand what you are talking about. In your initial post above you were talking about transit (i.e. FORWARD) packet not being forwarded to your IPsec tunnel. Encryption is NOT implemented in Routing Decision block. It's just that the Routing Decision takes place BEFORE IPsec Policy block. If you do not have a corresponding route in your routing table your packet will be dropped in Routing Decision before it even reaches IPsec policy block. It could be fake route or whatever. That's how it works in RouterOS (as well as in Linux, FreeBSD and possibly other places as well). Just take it for granted. The fact that Cisco works differently does NOT mean RouterOS is doing something wrong.

Re: v6.10 released

Posted: Thu Feb 27, 2014 4:37 pm
by Malosa
A whole forum with thousands of users with Mikrotik routers (different models) are having an issue with the 6.10 version with the IP TV from Movistar Spain (ADSLZone).

Image freezes and sometimes it isn't received.

Back to 6.9 and it perfectly works.
which forum is that? more info please. email support
This is the forum and the thread:

http://www.adslzone.net/postt311611.html

it has more than 600,000 views and hundreds, if not thousands, of users with Mikrotik.

I have an email support in progress (Vigor 130 modem issue), when it's solved I'll begin with the IP TV issue.

At the moment we are working well with 6.9, so this is not extremely urgent.

Re: v6.10 released

Posted: Thu Feb 27, 2014 5:28 pm
by mrz
In the decryption is bad scheme.
Well unless you are on a forward input filtering.
Take a look that speaks of packets addressed to the device and not forward to the network.
The device has its own IP address and the traffic going to the device is INPUT and not FORWARD

As for the fact that encryption is implemented in the routing decision for tunnel mode does not utter.
I do not understand what you are talking about.
Me neither.
Anyway, v6 packet flow is fixed and also ipsec example is added
http://wiki.mikrotik.com/wiki/Manual:Pa ... Decryption

Re: v6.10 released

Posted: Thu Feb 27, 2014 11:26 pm
by steen
Hello Folks!

Static policy based routing marks does not work since RoS6.7, we now tried three times, also resetting the router, still same problem traffic does not pass through the MT router to ASA5510 from the mailserver.

It has been working for 5-6 years, and we never did change anything in the router the past 2 years, at RoS6.9 and RoS6.10 it simply does not work anymore.

Note! We do not use any ping or arp for checking gateways for these routing marks, routing marks are used to route traffic based on source ip and destionation port between two vlans, not for it should matter in this case but ASA5510 is not setup to anser ping by obvious reasons.

We have made supout file, MT responded not reproducable and asked for a test router to login, we ansered back need a date for such test, no responce back on that one so far.

Any suggestions, RoS6.11 maybe works better, 6.10 one does not ?

Re: v6.10 released

Posted: Fri Feb 28, 2014 2:00 am
by rextended
Please send us supout.rif file from problematic v6.10 installation and steps to repeat the issue. Let's get all these issues fixed. Thank you for all the help.
I have described the pppoe encryption bug exactly here:

http://forum.mikrotik.com/viewtopic.php ... 00#p411334

But not are in your list.

Please read that post.

Is all EXTREMELY detailed how to reproduce the tremendous bug.

Thanks

Re: v6.10 released

Posted: Fri Feb 28, 2014 10:15 am
by aTan
OpenVPN disconnects every hour. OpenVPN doesn't release ip addresses from pool, there are many old connections in PPP Active connections. At least VPN part is since 6.8 very broken.

Re: v6.10 released

Posted: Fri Feb 28, 2014 3:17 pm
by nka
Just FYI, I updated the Package and Firmware on my RB2011UiAS without any problems (no reboot loop or whatever - someone was saying having problems, so I had some fear).

Re: v6.10 released

Posted: Fri Feb 28, 2014 4:53 pm
by aTan
(Some?) Windows clients cannot connect to OpenVPN:
Fri Feb 28 15:09:40 2014 TCP connection established with x.x.x.x:1194
Fri Feb 28 15:09:40 2014 TCPv4_CLIENT link local: [undef]
Fri Feb 28 15:09:40 2014 TCPv4_CLIENT link remote: x.x.x.x:1194
Fri Feb 28 15:10:40 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Feb 28 15:10:40 2014 TLS Error: TLS handshake failed
Fri Feb 28 15:10:40 2014 Fatal TLS error (check_tls_errors_co), restarting
Fri Feb 28 15:10:40 2014 TCP/UDP: Closing socket
Fri Feb 28 15:10:40 2014 SIGUSR1[soft,tls-error] received, process restarting
After downgrade to 6.7 everything works fine.

UPDATE: CCR1016-12G

Re: v6.10 released

Posted: Sat Mar 01, 2014 4:29 am
by LennonNZ
I found what route marking didn't work properly after upgrading to V6.10 until I upgraded the Firmware (3.12) as well

Re: v6.10 released

Posted: Sat Mar 01, 2014 6:04 am
by iwifiu
Omnitik no issue
rb 951 better wifi
sext - works fine

Thank You

Re: v6.10 released

Posted: Sun Mar 02, 2014 5:58 am
by zdybilas
On my tablet accuweather is temporary unavailable. The same with few other apps. After flushing cache in ccr 6.10 everthing is ok for a while. Where is the problem?
I found that the problem occured when i'm behind tplink wr1043nd. It's possible that the problem is only local router? Why after flushing cache everything is ok? Only android tablets and smartphones are affected.

Re: v6.10 released

Posted: Mon Mar 03, 2014 9:47 am
by normis
Please send us supout.rif file from problematic v6.10 installation and steps to repeat the issue. Let's get all these issues fixed. Thank you for all the help.
I have described the pppoe encryption bug exactly here:

http://forum.mikrotik.com/viewtopic.php ... 00#p411334

But not are in your list.

Please read that post.

Is all EXTREMELY detailed how to reproduce the tremendous bug.

Thanks
please tell me your ticket number, I will check status of this issue. Did you also send supout.rif to support?

Re: v6.10 released

Posted: Mon Mar 03, 2014 10:14 am
by rextended
Please send us supout.rif file from problematic v6.10 installation and steps to repeat the issue. Let's get all these issues fixed. Thank you for all the help.
I have described the pppoe encryption bug exactly here:

http://forum.mikrotik.com/viewtopic.php ... 00#p411334

But not are in your list.

Please read that post.

Is all EXTREMELY detailed how to reproduce the tremendous bug.

Thanks
please tell me your ticket number, I will check status of this issue. Did you also send supout.rif to support?

Hi normis,

I have sended EMAIL at support@mikrotik.com 2014/02/14 16:24 (CET)
because the page https://www.mikrotik.com/client/?ecom=support do not accept supout.rif or autosupout.rif
I do not have any answer to my mail.

I have spoken with MT staff also at the M.U.M. :)

In the post
http://forum.mikrotik.com/viewtopic.php ... 00#p411334
I explain how to obtain again the kernel failure with ROS 6.9 or 6.10.
There is no need of supout.rif, it's extremely detailed the post in this case.

Thanks for the attention,

Best Regards.

Re: v6.10 released

Posted: Mon Mar 03, 2014 10:31 am
by normis
I have sended EMAIL at support@mikrotik.com 2014/02/14 16:24 (CET)
This is the correct way to submit problems, you did everything correctly! When you send an email to support, you receive an auto response, with ticket number in subject. what is your ticket number?

Re: v6.10 released

Posted: Mon Mar 03, 2014 6:20 pm
by rextended
I have sended EMAIL at support@mikrotik.com 2014/02/14 16:24 (CET)
This is the correct way to submit problems, you did everything correctly! When you send an email to support, you receive an auto response, with ticket number in subject. what is your ticket number?
I re-submit the email and this is the ticket:

Ticket#2014030366000572

Re: v6.10 released

Posted: Mon Mar 03, 2014 9:55 pm
by DogHead
We have tested and progressively went back through prior ROS versions until we found one where certificate management worked. You have to go back to 6.3. I think someone else mentioned this.

Any release after 6.3 certificate authority certs and keys cannot be properly imported, particularly from self signing in OpenSSL.

Funny thing is that if you install certs in 6.3 and then upgrade the certs remain functional.

I would guess that most of this issues with SSTP, OVPN, SSL etc are related to this issue. We did not notice until now because we were not installing new certificates, just upgrading systems with already installed certificates.

Re: v6.10 released

Posted: Mon Mar 03, 2014 10:30 pm
by littlebill
We have tested and progressively went back through prior ROS versions until we found one where certificate management worked. You have to go back to 6.3. I think someone else mentioned this.

Any release after 6.3 certificate authority certs and keys cannot be properly imported, particularly from self signing in OpenSSL.

Funny thing is that if you install certs in 6.3 and then upgrade the certs remain functional.

I would guess that most of this issues with SSTP, OVPN, SSL etc are related to this issue. We did not notice until now because we were not installing new certificates, just upgrading systems with already installed certificates.

i started with 6.7 on a 2011. self signed. no issues with sstp both in a ptp, and with windows clients

info v6.11rc1 wireless error

Posted: Tue Mar 04, 2014 1:14 am
by napismizpravu
RB433UAH power 24V 2A

RouterOS 6.11rc1 error wireless (load high trafic p/s P2P)

2x error miniPCI card stop working /48hours

version 6.x - 6.10 the same configuration > OK , no error wireless

Re: v6.10 released

Posted: Tue Mar 04, 2014 11:56 am
by docmarius
i started with 6.7 on a 2011. self signed. no issues with sstp both in a ptp, and with windows clients
The certificates work, CAs don't get imported as CAs.

Another interesting bug affecting all 6.5+ releases (probably earlier also)...
Somehow the route marking stopped working suddenly on my CRS-125 (with 6.7 FW). Rebooted several times from software, tried to fix this, including upgrade to 6.10, downgrade down to 6.5 with no result.
More precisely the packets passed the marking mangle rules but they all went out on the default gateway, not the default one for marked packets.
Now after PULLING THE PLUG on the router and starting it up again, all worked normally with the original configuration.

IMHO this seems to me as a RAM region not wiped out properly on reboot/restart keeping a data corruption in place.

Re: v6.10 released

Posted: Tue Mar 04, 2014 1:57 pm
by mrz
i started with 6.7 on a 2011. self signed. no issues with sstp both in a ptp, and with windows clients
The certificates work, CAs don't get imported as CAs.
Be more specific what do you mean by "not imported as CA".

Re: v6.10 released

Posted: Tue Mar 04, 2014 3:28 pm
by cmoegele
With 6.10 the loadbalancer on my RB2011 does not work properly anymore ( during streaming or opening some websites connection stops / interrupts ) . The setting was configured with 6.3 and continously upgraded . Till 6.9 everything worked really smooth, but 6.10 seems to have some serious bugs,...

Re: v6.10 released

Posted: Tue Mar 04, 2014 4:24 pm
by dlj87
Not(!) expression doesn't work in firewall -> filter rules -> add -> advanced -> content section (maybe in other sections too)on ROS 6.10

Re: v6.10 released

Posted: Wed Mar 05, 2014 12:11 am
by usx
Upgraded a RB2011UiAS-2HnD without any problems from 6.9 to 6.10.

Upgraded a RB450G with the following problem: upon reboot I had no internet access, I waited for about 2 minutes, tried to log in via web interface, which would not respond, so I rebooted again via serial console. After about a minute later everything was ok. The Log file got erased, but after the first reboot (when the upgrade got applied) over the second one until a web login no faults were recorded in the log. May have been a routing issue.

Re: v6.10 released

Posted: Wed Mar 05, 2014 9:10 am
by normis
"Encryption negotiation rejected”
This is a SSTP configuration error, not a bug. Please check your config. I see several people with this config mistake. For the PPP profile that you use in SSTP, turn off encryption, this setting is only used for PPTP. If you have enabled encryption in the PPP profile and use it for SSTP, you will get this error.

Re: v6.10 released

Posted: Thu Mar 06, 2014 12:07 am
by docmarius
i started with 6.7 on a 2011. self signed. no issues with sstp both in a ptp, and with windows clients
The certificates work, CAs don't get imported as CAs.
Be more specific what do you mean by "not imported as CA".
If I import a self signed certificate, it works.
But if I import the CA certificate (self issued, PEM, created with easyrsa, works in windows and linux), it is not recognized as root CA certificate (does not show a A besides the T). It is just treated as any other certificate.
If I remember correctly, in early ROS versions, one could set the ca property to yes in the console. This is not possible any more, being a read only property.

Re: v6.10 released

Posted: Thu Mar 06, 2014 6:46 am
by DogHead
As Doc Marcus says, importing at CA does not work correctly. StartSSL CA certs seem to work. CACert CA does not. Self signed certs generated on Windows or Linux under easy-rsa from OpenVPN or from OpenSSL do not work. The certs are not recognized as CA certs, only normal certs and we have issues with negotiating connections under certificated services such as OpenVPN, SSTP etc.

As I posted earlier, certificates import appears to have stopped working with the implementation of 6.4. We did not notice, because upgrades of systems with already installed certs worked fine.

There must be some sort of incompatibilities between the encryption libraries in ROS and the versions of OpenSSL we and CACert are using.

BTW, there are no problems like this with OpenWRT.

This problem is really irritating. Wish that there was some regression testing of ROS before it gets released. It just seems that quality control is left to us users.

Re: v6.10 released

Posted: Thu Mar 06, 2014 7:00 am
by jwelebd
May i use ROS 6.10 in RB750 ?

Re: v6.10 released

Posted: Thu Mar 06, 2014 8:16 am
by npero
May i use ROS 6.10 in RB750 ?
Yes I used it on RB750 basic configuration no problem. For now up time is 15 days.

Re: v6.10 released

Posted: Thu Mar 06, 2014 10:57 am
by rextended
Another bug: ( http://forum.mikrotik.com/viewtopic.php ... 4&p=413241 )

user-manager profile limitation can not be added via console if the default customer "admin" are renamed.

Adding a profile like "/tool user-manager profile limitation add name=Staff" (etc.) suppose that the owner is admin, the owner of the limitation are not declarable on console.

Thanks to user "beepee" for help me.

Re: v6.10 released

Posted: Thu Mar 06, 2014 1:51 pm
by greek
Copper SFP-module OptiCin stopped working in v6.10 (but working good in v6.7), just not running in CRS125-24G-1S-2HnD

Re: v6.10 released

Posted: Thu Mar 06, 2014 3:55 pm
by BBoy
May i use ROS 6.10 in RB750 ?
Yes I used it on RB750 basic configuration no problem. For now up time is 15 days.
We use a RB750G at the office.
Generally speaking everything is well, but as in previous posts mentioned we have strange stability problems with VPN connections!

Both with OpenVPN and L2TP/IPSec connections sometimes totally stop working. (In case of OpenVPN there is TLS failed error in LOG which was mentioned by someone else already!) Regarding the L2TP/IPSec VPN connections after a while cannot be establish a connection at all!) To resolve these VPN issues only the reboot the right solution according to my experiences.

Temporary now I went back to RouterOS v6.7, it seems to be the above mentioned VPN issues are gone!

PS.: Just a stupid question, is there any archive where we can find previous RouterOS version for download?!

Re: v6.10 released

Posted: Thu Mar 06, 2014 4:37 pm
by mrz
You can temporary get rid of this TLS error by setting reneg-sec 0 on ovpn server.
Problem will be fixed in next release.

Re: v6.10 released

Posted: Thu Mar 06, 2014 6:16 pm
by soulflyhigh
What's new in 6.11rc1 (2014-Mar-06 15:05):

*) wireless - add auto frequency feature;
What is auto frequency feature? As I can see on my test router it changes frequency but there is
no any explanation how this work exactly (it works too quickly for "complete scan and select the best channel" mode).

Re: v6.10 released

Posted: Thu Mar 06, 2014 8:02 pm
by rextended
What's new in 6.11rc1 (2014-Mar-06 15:05):

*) ppp - default-encryption bug solved

http://forum.mikrotik.com/viewtopic.php ... 00#p411334



I just tested this build and the bug disappeared.

Where I can download officially beta / release candidate version without googling?

Thanks.

Re: v6.10 released

Posted: Thu Mar 06, 2014 8:21 pm
by soulflyhigh
Also, with new wireless package... there is 5GHz AC band in "New wireless channel" menu?
Does this mean that AC is finally supported?

Re: v6.10 released

Posted: Thu Mar 06, 2014 9:36 pm
by honzam
Nice :)
How to use - Wireless Fast Path for 802.11? It is in changelog for New “Wireless-FP” package

Re: v6.10 released

Posted: Fri Mar 07, 2014 11:21 am
by uldis
Nice :)
How to use - Wireless Fast Path for 802.11? It is in changelog for New “Wireless-FP” package
installing the new package automatically improves the wireless forwarding for Nv2 and 802.11.
Additionally you can enable the fast-path option by selecting in the queue interface to use hardware-only queue.

Re: v6.10 released

Posted: Fri Mar 07, 2014 1:21 pm
by infused
Good to see you delete my posts.

Pretty much confirms it all.

Re: v6.10 released

Posted: Fri Mar 07, 2014 1:36 pm
by normis
Good to see you delete my posts.

Pretty much confirms it all.
such number of obscene words is clearly against the rules of this forum, I'm sorry but that's how it works: http://forum.mikrotik.com/faq.php

You are free to express your opinion without using such language.

Re: v6.10 released

Posted: Fri Mar 07, 2014 2:28 pm
by aTan
You can temporary get rid of this TLS error by setting reneg-sec 0 on ovpn server.
Problem will be fixed in next release.
I can't find it in:
 /interface ovpn-server> server print

Re: v6.10 released

Posted: Fri Mar 07, 2014 3:23 pm
by mrz
Not on our server, but on for example linux ovpn server.

Re: v6.10 released

Posted: Fri Mar 07, 2014 4:13 pm
by rextended
uldis / normis / mrz

the problem I have explained to you (uldis), at the Italian MUM, about kernel panic are solved now on 6.11rc1 2014/03/06

I tested yesterday this build and the bug disappeared.

Where I can download "officially" beta / release candidate version without use Google?

I would partecipate as tester.

Thanks.

Re: v6.10 released

Posted: Fri Mar 07, 2014 5:37 pm
by ste
One Omnitik did not work wireless after upgrade. Disabling/Enabling the interface made it work again.

Re: v6.10 released

Posted: Fri Mar 07, 2014 5:37 pm
by Chupaka
Where I can download "officially" beta / release candidate version without use Google?

I would partecipate as tester.
write to support@mikrotik.com with your MikroTik.com account name - they will give you access to development releases

Re: v6.10 released

Posted: Fri Mar 07, 2014 5:50 pm
by rextended
Where I can download "officially" beta / release candidate version without use Google?

I would partecipate as tester.
write to support --- mikrotik.com with your MikroTik.com account name - they will give you access to development releases
Very thanks!

Re: v6.10 released

Posted: Fri Mar 07, 2014 6:26 pm
by docmarius
Another bug that persists since 6.7 on CRS-125 and is still present on 6.10:
Incoming packets in the switch get output on all switch ports. Basically the switch behaves as a hub.
On 6.6 all is working as expected.

Re: v6.10 released

Posted: Sat Mar 08, 2014 4:03 am
by sashavl
Where you see that? That's normal if ports are in master/slave relationship.

Re: v6.10 released

Posted: Sat Mar 08, 2014 6:55 am
by patrickmkt
"Encryption negotiation rejected”
This is a SSTP configuration error, not a bug. Please check your config. I see several people with this config mistake. For the PPP profile that you use in SSTP, turn off encryption, this setting is only used for PPTP. If you have enabled encryption in the PPP profile and use it for SSTP, you will get this error.

Could you elaborate more on that, I couldn't find anything about not setting encryption to 'required' for the sstp profile in the wiki.
If you set encryption to no for sstp, does that mean that the tunnel won't be encrypted?

If it's not a bug but a configuration error, then it's a major flaw in the ROS interface and OS to let use this setting for sstp.

Re: v6.10 released

Posted: Sat Mar 08, 2014 12:16 pm
by docmarius
Where you see that? That's normal if ports are in master/slave relationship.
On wireshark in the local network.
And this is not normal. According to the OSI modell, a switch is a L2 device which forwards packets according to a MAC lookup table offering by definition per port collision domains (not applicable in UTP scenarios) and a single broadcast domain.
http://en.wikipedia.org/wiki/Network_switch
So multicast/broadcasts have to go to all interfaces, unicasts to their destination ports (I talk about ethernet MAC addresses, not IP stuff).
And this is why port mirroring was invented, to circumvent this restriction if needed.
A device sending all incoming traffic to all interfaces is called a HUB and is a L1 device.

It worked properly up to ROS 6.6.

Re: v6.10 released

Posted: Sun Mar 09, 2014 5:09 pm
by estdata
I've updated the router version 6.10, and after that, it is a problem with the ethernet speed , a big loss
Before it was 6.9 and was ok
If anyone still has the speed and the problem then let me know

Re: v6.10 released

Posted: Mon Mar 10, 2014 8:40 am
by normis
"Encryption negotiation rejected”
This is a SSTP configuration error, not a bug. Please check your config. I see several people with this config mistake. For the PPP profile that you use in SSTP, turn off encryption, this setting is only used for PPTP. If you have enabled encryption in the PPP profile and use it for SSTP, you will get this error.

Could you elaborate more on that, I couldn't find anything about not setting encryption to 'required' for the sstp profile in the wiki.
If you set encryption to no for sstp, does that mean that the tunnel won't be encrypted?

If it's not a bug but a configuration error, then it's a major flaw in the ROS interface and OS to let use this setting for sstp.
No it doesn't mean that, the SSTP tunnel will be encrypted with it's own algorythm. The ppp setting is only for PPTP, and if you enable it, it will attempt to use this too, which is not made for SSTP and will result in the above error. We will clarify the manual and will re-label this checkbox.

As you know, PPP profiles are shared between a number of tunnel types. Not all options apply to all.

Re: v6.10 released

Posted: Mon Mar 10, 2014 1:36 pm
by rayman1366
hello
still ip/route table in snmp (dude) problem not solved!

Re: v6.10 released

Posted: Mon Mar 10, 2014 1:39 pm
by normis
hello
still ip/route table in snmp (dude) problem not solved!
sorry but we are currently not working on Dude problems, maybe later in the year

Re: v6.10 released

Posted: Mon Mar 10, 2014 3:40 pm
by MichaelBliss
Ive just upgraded to 6.10 on my RB750, now when I disable PPPOE interfaces i lose all connectivity to my router for a minute or so. I have multiple PPPOE ISP accounts and tend to disable and enable interfaces a lot.

Is there a different way that I should be doing this or is this a bug??

Re: v6.10 released

Posted: Tue Mar 11, 2014 1:19 am
by ffernandes
dunno if anyone else is having the same problem but...
upgraded an rb435g to the 6.11rc1 with the fp wireless driver and its getting
"system rebooted because of kernel failure"
"router was rebooted without proper shutdown!!

file attached!!!

now at 11/03/14 was my rb800 that crashed :X
same error as the 435g

i'm using the 10/03/14 13:36 release....

Re: v6.10 released

Posted: Tue Mar 11, 2014 5:30 am
by sasskass
hello
still ip/route table in snmp (dude) problem not solved!
sorry but we are currently not working on Dude problems, maybe later in the year
hello

does anyone working on igmp snooping feature - this year ,next year...?


Aleksander

Re: v6.10 released

Posted: Wed Mar 12, 2014 6:31 am
by Masyanich
Image

Auto-negotiation is not working properly :(
problem arose after updating to 6.10
tile

Re: v6.10 released

Posted: Wed Mar 12, 2014 10:23 am
by kozik
There is a bug with dhcp-server on vlan. After update from 5.25 to 6.10 some devolo dlan pro modems cant get their IPs. Had to downgrade.
Same problem on x86 . Dhcp servers on Vlans not working correctly. Clients get Ip but after the lease expired cannot renew lease. Router shows "Server offering lease without success" After the reboot everything fine until next renew. Clear installation, no other configuration , no bridges . 3 vlans under the ethernet interface. The same issue on 6.0 and 6.10. On 5.26 everything works fine.

Re: v6.10 released

Posted: Wed Mar 12, 2014 11:25 am
by Jetrider
There is a bug with dhcp-server on vlan. After update from 5.25 to 6.10 some devolo dlan pro modems cant get their IPs. Had to downgrade.
Same problem on x86 . Dhcp servers on Vlans not working correctly. Clients get Ip but after the lease expired cannot renew lease. Router shows "Server offering lease without success" After the reboot everything fine until next renew. Clear installation, no other configuration , no bridges . 3 vlans under the ethernet interface. The same issue on 6.0 and 6.10. On 5.26 everything works fine.

I can second this. This is OLD bug. v6.5 is fine, versions above it are broken. Talked to support - no avail. ... Achilles glared at him and answered, "Fool, prate not to me about covenants. There can be no covenants between men and lions."

Re: v6.10 released

Posted: Wed Mar 12, 2014 11:26 am
by michaelcarey
Since upgrading to v6.10, my CRS125-24G-1S seems to be acting more like a hub than a switch! My normally quiet home network has become VERY busy!

I had a quick search through this thread and couldn't find anyone with my symptom... sorry if I missed it.

Port 1 is connected to an ADSL router. Port 2 is local master and all other ports are switch chip slaves to Port 2.

Any IP traffic received on any port is sent to ALL other running ports. I'm not sure if this is a bug introduced with v6.10 or something else is screwy with my network.

Here I am transferring a file from one computer to another... while the transfer is occurring, everything else sloooows right down.

Image

Re: v6.10 released

Posted: Wed Mar 12, 2014 11:52 am
by becs
michaelcarey,
Enter this command to fix it on CRS125:
/interface ethernet switch port set [find] learn-restricted-unknown-sa=yes

Re: v6.10 released

Posted: Wed Mar 12, 2014 11:59 am
by michaelcarey
michaelcarey,
Enter this command to fix it on CRS125:
/interface ethernet switch port set [find] learn-restricted-unknown-sa=yes
Yay !!

Problem solved! Thank you so much!

Is this something that was introduced when I upgraded to v6.10? Will I need to worry about it again?

Michael.

Re: v6.10 released

Posted: Thu Mar 13, 2014 9:03 am
by saaremaa
build (2014-03-12 14:58:04)
*) fixed 100% cpu usage on CCRs;
You can get more information on bug fixes. Under what conditions does it arise?

Re: v6.10 released

Posted: Thu Mar 13, 2014 3:15 pm
by DrDeft
http://forum.mikrotik.com/viewtopic.php?f=1&t=79914

Hi
I have a customers who love your products, are subject to DDoS attacks (SYN flood), and it hurts that Mikrotik doesn't have "notrack" target, just SYN flood over his CCR will knock down CPU to 100%.
And if it had -j NOTRACK (or newer kernels: -j CT --notrack), it can be solved, he needed conntrack only for special case, and cannot turn it off completely.
Please consider adding this option, it should be very trivial to do, and will help a lot of people to solve their issues with conntrack overflow.
If possible take this matter seriously, because the only choice i have to show them how perfect are Mikrotik support, or to explain it is not, and to move them to alternative solution.
Thank you.

Re: v6.10 released

Posted: Thu Mar 13, 2014 3:36 pm
by Raf
build (2014-03-12 14:58:04)
*) fixed 100% cpu usage on CCRs;
You can get more information on bug fixes. Under what conditions does it arise?
+1 to that.

Re: v6.10 released

Posted: Thu Mar 13, 2014 3:46 pm
by normis
build (2014-03-12 14:58:04)
*) fixed 100% cpu usage on CCRs;
You can get more information on bug fixes. Under what conditions does it arise?
Bug fixing doesn't work like that. We can fix the source of the problem, but it will be very hard to list all situations where this bug was showing itself.

Re: v6.10 released

Posted: Fri Mar 14, 2014 12:51 am
by spire2z
Obviously you can't be 100% sure with these things but on two routers within a few hours of upgrade suffered ethernet port flapping. Fixing the port speed from auto-negotiate seems to have solved it so far for a few days.

Re: v6.10 released

Posted: Fri Mar 14, 2014 2:17 pm
by uldis
dunno if anyone else is having the same problem but...
upgraded an rb435g to the 6.11rc1 with the fp wireless driver and its getting
"system rebooted because of kernel failure"
"router was rebooted without proper shutdown!!

file attached!!!

now at 11/03/14 was my rb800 that crashed :X
same error as the 435g

i'm using the 10/03/14 13:36 release....
Please upgrade to newest test release of v6.11 and check agin if you still see the kernel panics. If yes, then send that new support output files to support@mikrotik.com

Re: v6.10 released

Posted: Fri Mar 14, 2014 6:48 pm
by rpingar
may we have more explanation about this changelog about 6.11:
*) fixed 100% cpu usage on CCRs;

regards
Ros

Re: v6.10 released

Posted: Fri Mar 14, 2014 9:18 pm
by patrick7
Hi,

Does anybody here also have the problem that IPv6 addresses sometimes aren't working until disable and re-enable (new added address or after a reboot)? Had that on 4 MikroTiks (RB750GL, RB2011UAS-RM, RB2011UiAS-2HnD-IN, RB951G-2HnD) but unfortunately MikroTik cannot confirm this bug. Very annoying if after a reboot nothing is working.
I'm mostly using IPv6 addresses on bridges.

Edit: Not working means, sometimes I can ping the IPv6 from the local MikroTik cli. But if I try to reach another host in that subnet, traffic goes through the default gateway.

Regards & have a nice weekend,
Patrick

Re: v6.10 released

Posted: Fri Mar 14, 2014 9:46 pm
by dlj87
Strange high ping fluctuations though OpenVPN tunnels between mikrotik routers (client-server) and mikrotik - centos 6 (client-server) appear in 6.10. This issue makes sip (voice) packets drop and clients are not able to hear each other for a second or two in the moment. Please do something...
Ответ от 192.168.192.10: число байт=32 время=5мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=5мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=5мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=244мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=241мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=4мс TTL=62
Ответ от 192.168.192.10: число байт=32 время=242мс TTL=62

Re: v6.10 released

Posted: Sun Mar 16, 2014 12:14 am
by Shiro
Hi,

I updated my RB493g from 6.11rc1 to 6.11 package from yesterday (14.03.).

I got the following issue, randomly ppp dies. I have to permanent pppoe dsl session, one permanent l2tp connection and two l2tp road warriors.

After login in with one of my l2tp roadwarriors, all ppp session crashed. I was able to reproduce this error two times. After that, ppp runs fine for around 2 hours.

The only way to fix that hanging ppp is to reboot, i see this message on the rb serial console.

Rebooting...
Stopping services...
failed to stop ppp: std failure: timeout (13)
could not move ram disk: Invalid argument
copying packages to flash...
Restarting system.

I found a autosupout.rif after reboot on the filesystem.

Re: v6.10 released

Posted: Sun Mar 16, 2014 11:07 pm
by maarisl
On v5.x I had queue on subnet 10.1.1.0/24 which limited 3M up and 5M down per each IP and total max rate for subnet to 5M/15M but on v6.10 work only total queue but per IP does not.
Example:
/queue simple add max-limit=5M/15M name=10 priority=3/3 queue=up3/down5 target=10.1.1.0/24 \
total-priority=3 total-queue=default
/queue type add kind=pcq name=up3 pcq-classifier=src-address pcq-dst-address6-mask=64 \
pcq-rate=3M pcq-src-address6-mask=64
/queue type add kind=pcq name=down5 pcq-classifier=dst-address pcq-dst-address6-mask=64 \
pcq-rate=5M pcq-src-address6-mask=64

Please advise what shoud be done different to have limit 3M/5M per each IP of subnet ?

Re: v6.10 released

Posted: Mon Mar 17, 2014 12:16 am
by elmer
RB951Ui-2HnD
First problem is poe firmware.
Second, installed dude 3.6, when i checked uninstall and reboot router dead.
Third - netinstall 6.10 won`t work, 5.26 unbricked router, but poe out don`t works...
After install 6.10 poe came to live, but firmware is still 0.0 :(

PS. LED`s on ports don`t work! ;)

Re: v6.10 released

Posted: Mon Mar 17, 2014 1:09 am
by Spaceath
Im having issues with ntp client.
2 rb433 and 2rb951 doesnt sync the clock time with ntp servers.
anyone else having this problem?

Re: v6.10 released

Posted: Mon Mar 17, 2014 10:00 am
by Ansy
elmer, I've got very same problem with my RB/750 upgrading it to v6.10.

How do your hardware "work" exactly?

My RB/750 turns all LEDs ON (despite of real state of Ethernet ports) and no reaction in WinBox, no traffic at all (after normal reboot) -- I've sniffed any packets with WireShark software.

If I reset device to defaults (short circuit contact hole with screwdriver or 1-2 sec RESET while powering on) hardware lights Ethernet LEDs right according to real port connections -- but no any Ethernet packets too.

Finally I've tried to netinstall some versions 5.xx and 6.xx in hope to reanimate the device. Pressing RESET button untill ACT LED goes off gives device to network (IP, bootp, visible to netinstall) and makes netinstall process possible... but loading any firmware doesn't repair my RB/750 after rebooting :(

[Ticket#2014031166000717] support says:
unfortunately no, this model does not support it [RS-232]. It may have serial port pads on
pcd, but they won't work without special software on router which we do not share
with public.
...
whole picture looks awflly like problem with nand flash on router, it could have
died of old age so to speek or just hardware failure of this specific chip. In
this case router hardware replacement will be required.
It's strange that two RB751U-2HnD devices have been upgraded to 6.10 successfully and work OK for now.

Please get us to know about progress with yours (and details, please).

P.S. My RB/750 worked not hard in good datacenter conditions for ~ 2 years. Sad :(

Re: v6.10 released

Posted: Mon Mar 17, 2014 10:28 am
by rextended
Try this:
whit reset BUTTON pressed, (not the hole pin with screwdriver) plug the power, after 2 sec stop press the button.
Wait,
if the rb start, open winbox and update BIOS:
put BOTH this file in "files" folder
http://i.mt.lv/routerboard/files/ar7240_3.13.fwf
http://i.mt.lv/routerboard/files/ar7100_3.10.fwf
and launch

ros code

/system routerboard update
DO NOT REBOOT

After that prepare netistall 6.10 with 6.10 software
http://download2.mikrotik.com/routeros/ ... l-6.10.zip
http://download2.mikrotik.com/routeros/ ... e-6.10.npk
and launch this on console:

ros code

/system routerboard settings
set baud-rate=115200
set boot-delay=2s
set boot-device=try-ethernet-once-then-nand
set boot-protocol=bootp
set cpu-mode=regular
set enable-jumper-reset=yes
set enter-setup-on=delete-key
set force-backup-booter=no
set silent-boot=no
now reboot and use netinstall without keeping old configuration

Re: v6.10 released

Posted: Mon Mar 17, 2014 10:44 am
by Ansy
if the rb start, open winbox and update BIOS:
I'm glad to do it, but:
My RB/750 turns all LEDs ON (despite of real state of Ethernet ports) and no reaction in WinBox, no traffic at all (after normal reboot) -- I've sniffed any packets with WireShark software.

If I reset device to defaults (short circuit contact hole with screwdriver or 1-2 sec RESET while powering on) hardware lights Ethernet LEDs right according to real port connections -- but no any Ethernet packets too.
Simply I can not see device with WinBox (MAC or IP) at all. Only Netinstall sees it somehow.

Re: v6.10 released

Posted: Mon Mar 17, 2014 11:00 am
by rextended
Forget the hole with the screwdriver.

1) before power the rb, press reset button and leave pressed, insert power plug, and wait until devices are visible in netinstall (15~20sec) [assuming the pc is working], now release reset button.
2) If you can see correctly the device on netinstall 6.10, try to install the package 6.10.
3) If netinstall fail, repeat the steps 1-2 with netisntall 5.26 AND RouterOS 5.26.
4) When devices show "waiting reboot" on netisntall, fast remove the power,
5) before power the rb, press reset button and still with reset button pressed, insert power plug, and when any led display up, release reset button [load backup bios].
6) Wait if rb start and follow the previous instruction to upgrade the bios.

Re: v6.10 released

Posted: Mon Mar 17, 2014 11:22 am
by chm0d755
Delete this post. I found my problem.

Re: v6.10 released

Posted: Mon Mar 17, 2014 1:09 pm
by jarda
I have just netinstalled 6.10 on RB2011UAS-2HnD and upgraded FW from 3.10 to 3.12. I was not able to run config script downloaded from v.6.9. so I did it by copy-paste thru terminal.

Reason: The Netwatch is missing in Tools.

How to get Netwatch back? I need it.

Re: v6.10 released

Posted: Mon Mar 17, 2014 1:12 pm
by jarda
I have just netinstalled 6.10 on RB2011UAS-2HnD and upgraded FW from 3.10 to 3.12. I was not able to run config script downloaded from v.6.9. so I did it by copy-paste thru terminal.

Reason: The Netwatch is missing in Tools.

How to get Netwatch back? I need it.
I am a dumb. Advanced tools package is missing... sorry everyone for disturbing.

Re: v6.10 released

Posted: Mon Mar 17, 2014 1:39 pm
by Ansy
Forget the hole with the screwdriver.
1) before power the rb, press reset button and leave pressed, insert power plug, and wait until devices are visible in netinstall (15~20sec) [assuming the pc is working], now release reset button.
2) If you can see correctly the device on netinstall 6.10, try to install the package 6.10.
3) If netinstall fail, repeat the steps 1-2 with netisntall 5.26 AND RouterOS 5.26.
4) When devices show "waiting reboot" on netisntall, fast remove the power,
5) before power the rb, press reset button and still with reset button pressed, insert power plug, and when any led display up, release reset button [load backup bios].
6) Wait if rb start and follow the previous instruction to upgrade the bios.
rextended, made all your checklist exactly (thanks for trick #4) twice with netinstall6.10+routeros6.10 & netinstall5.26+routeros5.26, but thats' doesn't help to repair my device.

After all, I can not see its MAC with WinBox in default boot mode (RESET button shortly pressed while power on) and free reboot.

Re: v6.10 released

Posted: Mon Mar 17, 2014 1:48 pm
by rextended
Made one last try with [use SAME version of Netinstall and RouterOS!]
http://download.mikrotikindonesia.com/i ... l-5.11.zip
http://download.mikrotikindonesia.com/i ... e-5.11.npk

Yes, that version!...

I have the same problem, when I forget to upgrade BIOS [firmware] before upgrading some SXT to version 5.26 or 6.x
But after I successfully boot RB with old software [or backup BIOS] I can fix with the method described before.

If you reach to reboot properly the board, first do bios upgrade as I explain on previous post.

Re: v6.10 released

Posted: Mon Mar 17, 2014 6:25 pm
by m3gaman
Hi, I have a problem using option DHCPv6-PD to send ipv6 prefixes via pppoe, the option send the prefix and create the route, works well and hangs dhcp when pppoe conection drop.
If I disconect normaly them dhcpv6 release the prefix but when hangs suddenly it simply stay conected and dhcpv4 stop too, cant get new prefixes or release the one with pppoe. When that happens one core of my cpu goes 100% and only a reboot normalize it.

Re: v6.10 released

Posted: Mon Mar 17, 2014 10:55 pm
by Majklik
Does anybody here also have the problem that IPv6 addresses sometimes aren't working until disable and re-enable (new added address or after a reboot)? Had that on 4 MikroTiks (RB750GL, RB2011UAS-RM, RB2011UiAS-2HnD-IN, RB951G-2HnD) but unfortunately MikroTik cannot confirm this bug. Very annoying if after a reboot nothing is working.
I'm mostly using IPv6 addresses on bridges.

Edit: Not working means, sometimes I can ping the IPv6 from the local MikroTik cli. But if I try to reach another host in that subnet, traffic goes through the default gateway.
Yes, I have the same problem long time. Mostly on the bridge interface or on the VRRP interface. After rebooting the IPv6 do not works on the interface.
bridge - The bridge do not have a link local address after reboot sometimes. There is in the /ipv6 address listed correct link local address but interface is (unknown). After disable/enable bridge then is created new record with correct link local address and correct interface and IPv6 works. All bridges have admin MAC set.
VRRP - After rebooting the vrrp interface which starts as master sometimes do not operate with IPv6 (link local address is correctly assigned). After disable/enable or switch slave/master state IPv6 starts working.
These problems begin with ROS6.3 and ROS5.25 on RB1100AH/AHx2. Reported long time ago, never answered.

The bridge problem after resolving with disable/enable looks like this:
/ipv6 address print where address="fe80::ff:fe00:12/64"
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE               ADVERTISE
20 DL fe80::ff:fe00:12/64                                   (unknown)               no       
21 DL fe80::ff:fe00:12/64                                   bridge-wan              no       

Re: v6.10 released

Posted: Tue Mar 18, 2014 6:37 am
by Ansy
Made one last try with [use SAME version of Netinstall and RouterOS!]
http://download.mikrotikindonesia.com/i ... l-5.11.zip
http://download.mikrotikindonesia.com/i ... e-5.11.npk
Yes, that version!...
Done.
RB750_netinstall5.11_ros5.11_before.png
But after reboot (fast power off when "Waiting...", then power on with RESET button pressed till LEDs on, then power off/on reboot) I see no my device RB/750 in WinBox
WinBox5.11.png
So I can't do next part of firmware/bios upgrade procedure. All LEDs on, no any network activity/visibility :(
I have the same problem, when I forget to upgrade BIOS [firmware] before upgrading some SXT to version 5.26 or 6.x
But after I successfully boot RB with old software [or backup BIOS] I can fix with the method described before.
If you reach to reboot properly the board, first do bios upgrade as I explain on previous post.
I'm very glad if your receipt helps you or somebody else in same trouble... but not me, sorry.

For now I've got LEDs box for Christmas Tree and spare 12V Power Supply :?

Re: v6.10 released

Posted: Tue Mar 18, 2014 8:38 pm
by patrick7
Thanks @Majklik, opened a ticket again :-)

Re: v6.10 released

Posted: Tue Mar 18, 2014 10:34 pm
by steen
Hello Folks!

Upgraded rb2011 and rb750 to RoS6.10 from RoS6.7, all l2tp links fails more or less, nothing in logs they simply stop working after some megabytes of data traversing them, average is 2-3 Mbyte, then dead.

This is VERY serious problem for our business, economic loss is result this time, many co-workers just sit doing nothing!!!

The same goes for routing marks, they are also ignored after upgrade.

Now trying to rollback.

Re: v6.10 released

Posted: Wed Mar 19, 2014 12:07 am
by Majklik
Hi, I have a problem using option DHCPv6-PD to send ipv6 prefixes via pppoe, the option send the prefix and create the route, works well and hangs dhcp when pppoe conection drop.
If I disconect normaly them dhcpv6 release the prefix but when hangs suddenly it simply stay conected and dhcpv4 stop too, cant get new prefixes or release the one with pppoe. When that happens one core of my cpu goes 100% and only a reboot normalize it.
Yes, I agree. I see this from ROS6.7 days (at least on the RB800). A profile show that a dhcp task consumes my CPU.

Re: v6.10 released

Posted: Wed Mar 19, 2014 7:00 am
by 3bs
v6.10 every hour disconnect openvpn.

Re: v6.10 released

Posted: Wed Mar 19, 2014 10:03 pm
by Chupaka
v6.10 every hour disconnect openvpn.
probably, it's already fixed in pre-release:
What's new in 6.11 (2014-Mar-18 11:14):

*) ovpn - fixed TLS renegotiation;

Re: v6.10 released

Posted: Wed Mar 19, 2014 10:38 pm
by rextended
Actually are another bug, also present on 6.8, 6.9 and 6.10
and go worst on 6.11:

Winbox connection from pc directly connected on the gateway/pppoe server [really not matter where pc are connected]
to one CPE on IP obtained from pppoe with MRRU set,
is continually broken after receiving some data from CPE.

The problem regard exclusively Winbox service on RouterOS, bandwidth and other parameters working perfectly with very low latency.

On 6.7 is perfectly stable.

The problem is not present if one ip for wlan1 are used.

Re: v6.10 released

Posted: Thu Mar 20, 2014 9:54 am
by JanezFord
I believe this issue is somehow v6.10 related .. I did not experience this kind of problems with older versions of routeros.

http://forum.mikrotik.com/viewtopic.php?f=3&t=83030

JF.

Re: v6.10 released

Posted: Thu Mar 20, 2014 9:55 am
by FlySt0nE
951 and 751, after upgrade on 6.10 don't work ntp client.

Re: v6.10 released

Posted: Thu Mar 20, 2014 11:04 am
by uldis
951 and 751, after upgrade on 6.10 don't work ntp client.
NTP client works fine after upgrade. Please check if the NTP server IP isn't changed.

Re: v6.10 released

Posted: Thu Mar 20, 2014 11:19 am
by FlySt0nE
NTP client works fine after upgrade. Please check if the NTP server IP isn't changed.
IP of NTP server didn't changed, and after i found problem, i tried change IP to new. In 6.07 work fine.
We have 2 of 751 and 3 of 951, every have problem with NTP Client.

Re: v6.10 released

Posted: Thu Mar 20, 2014 11:23 am
by FlySt0nE
Im having issues with ntp client.
2 rb433 and 2rb951 doesnt sync the clock time with ntp servers.
anyone else having this problem?
Another user has the same problems like me.

Re: v6.10 released

Posted: Thu Mar 20, 2014 11:59 am
by Majklik
I believe this issue is somehow v6.10 related .. I did not experience this kind of problems with older versions of routeros.

http://forum.mikrotik.com/viewtopic.php?f=3&t=83030
This problem with full IPv4 route cache I see for whole ROS6 line. With the ROS 6.10 is only more fastelly cache filled.
951 and 751, after upgrade on 6.10 don't work ntp client.
On few RB912 I had this problem directly after upgrade too. But after second reboot SNTP client opetares OK.

Re: v6.10 released

Posted: Thu Mar 20, 2014 1:31 pm
by skibi82
Above version 6.7 I noticed a strange phenomenon.
Well, in the case when I have defined DSTNAT redirection inside the network.
And leaning forward Addres Lists After some time available services stop working.
It helps to reboot mikrotik and everything returns to normal.

It seems that this phenomenon is related to Ticket # 2014031066000782

My next observation is a problem with the DNS service
Submitted as Ticket # 2014031966000417

Well dns cache is not properly refresh, ignoring ttl times in the case of kiedi change the static dns entry on the aaaa bbbb is still visible in the cache address aaaa if it was used and can not do anything about it.
x1.png
Flusch d'ont help.
Wrong address is still in the cache given.
Computers using DNS cache get an incorrect address.

Temporary solution
before the change simply disable adrres.
Then change the content and turn it on.

How to hang an address in the cache. Please add it again under a name then disable and remove.

Please someone from the support looked at the problem.
Problems are critical to the sustainability of the action of ROS

Re: v6.10 released

Posted: Thu Mar 20, 2014 6:58 pm
by FlySt0nE
Just downgrade to 6.07 two of devices, ntp client working fine.

Re: v6.10 released

Posted: Thu Mar 20, 2014 9:29 pm
by rextended
Just downgrade to 6.07 two of devices, ntp client working fine.
Tomorrow exit 6.11

Re: v6.10 released

Posted: Fri Mar 21, 2014 8:45 am
by armandfumal
NTP client works fine after upgrade. Please check if the NTP server IP isn't changed.
IP of NTP server didn't changed, and after i found problem, i tried change IP to new. In 6.07 work fine.
We have 2 of 751 and 3 of 951, every have problem with NTP Client.
I'm using 6.10 on RB951, no NTP problem...