Page 1 of 1

v6.12 released

Posted: Tue Apr 15, 2014 3:12 pm
by normis
What's new in 6.12
*) l2tp - fixed ~no buffer space available~ problem;
*) ipsec - support IPv4 over IPv6 and vice versa;
*) pppoe - report correctly number of active links;
*) updated timezone information;
*) many fixes for CRS managed switch functionality -
particularly improved VLAN support, port isolation, defaults;
*) added trunk support for CRS switches;
*) added policing support for CRS switches;
*) www - added support for HTTP byte ranges;
*) lte - provide signal strength using snmp and make 'info once' work in console;
Simply click “Check for updates” in QuickSet, Webfig or Winbox packages menu. If you run v5 or older, download the newest NPK package from our webpage, upload to your router, and reboot: http://www.mikrotik.com/download

Re: v6.12 released

Posted: Tue Apr 15, 2014 3:17 pm
by rextended
Ticket#2014031766000331
6.10 BUG: user-manager profile limitation can not add profile limitation on command line when default admin customer are renamed, because missing "owner=" parameter.

This bug is still present on last official 6.11.
Still exist on 6.12rc1 2014-04-02
I try the other 2 bug I have discovered later
Still exist on 6.12rc1 (2014-Apr-07 09:04):
STILL EXIST ON 6.12
http://forum.mikrotik.com/viewtopic.php ... 88#p416454

BUG SIGNALED FROM 6.10 AND STILL NOT FIXED??? :evil:

Opened another ticket for that: [Ticket#2014041566000226] 6.12 UNFIXED BUG: user-manager profile limitation


:( OK, I UNDERSTAND,
is more important to fix CRS than this "limited" option....

I wait the fix on 6.13.... :?

Re: v6.12 released

Posted: Tue Apr 15, 2014 3:38 pm
by Chupaka
*) updated timezone information;
-3 is still +3:
[admin@TestPlace] > /system clock print 
            time: 15:37:53
            date: apr/15/2014
  time-zone-name: Etc/GMT-3
      gmt-offset: +03:00
this exists even in v5

Re: v6.12 released

Posted: Tue Apr 15, 2014 3:45 pm
by kcybulski
So far good

Upgraded on RB2011UAS and RB2011L no problems so far.
Packet marks work on RB2011UAS.

Krzysiek

Re: v6.12 released

Posted: Tue Apr 15, 2014 3:54 pm
by CyberTod
RouterOS upgraded fine from v6.11 to v6.12 on a RB951Ui-2HnD, but upgrading the routerboard firmware from 3.12 to 3.14 caused a series of reboot loops before it settled and started working.
Anyone else seeing this ? Because that was my router at home, so no harm done, but I plan to upgrade a few Metal 2SHPn on towers to see if a problem on them is fixed .

P.S. Hmm actually forget the part about the Metal's. i just upgraded 1, but their firmware stays at 3.13.

Re: v6.12 released

Posted: Tue Apr 15, 2014 3:57 pm
by normis
Chupaka, why don't you just use your city? That one works always

ros code

[admin@auto] /system clock> set time-zone-name=Europe/Minsk
[admin@auto] /system clock> print
            time: 15:56:32
            date: apr/15/2014
  time-zone-name: Europe/Minsk
      gmt-offset: +03:00

Re: v6.12 released

Posted: Tue Apr 15, 2014 4:02 pm
by pcunite
*) www - added support for HTTP byte ranges;
That sounds interesting. Can someone give me a link to the doc's on that?

Re: v6.12 released

Posted: Tue Apr 15, 2014 4:05 pm
by rextended
THIS KERNEL BUG ARE NOT SOLVED ON 6.12 (final)!!!

http://forum.mikrotik.com/viewtopic.php ... 00#p417272

Re: v6.12 released

Posted: Tue Apr 15, 2014 4:06 pm
by normis
*) www - added support for HTTP byte ranges;
That sounds interesting. Can someone give me a link to the doc's on that?
http://www.cyberciti.biz/cloud-computin ... line-test/

Re: v6.12 released

Posted: Tue Apr 15, 2014 4:07 pm
by andriys
*) www - added support for HTTP byte ranges;
That sounds interesting. Can someone give me a link to the doc's on that?
RFC2616 section 14.35.1 (see here). :)

Re: v6.12 released

Posted: Tue Apr 15, 2014 4:10 pm
by Chupaka
Sorry, had missed this before. Did you submit a ticket? I wonder how we missed this.
sure, Ticket#2011111666000887. Maris said, "problem will be fixed in one of the next versions". I'm waiting that version for 2,5 years already :D

UPD: I also mentioned this problem in Ticket#2013121166000256
Chupaka, why don't you just use your city? That one works always
I know, but there were recent changes in Belarus timezone, and TZ info was not actual in RouterOS until the december, 2013 :)

Re: v6.12 released

Posted: Tue Apr 15, 2014 4:21 pm
by rextended
This version has just come out, and for now there are three old ticket still unresolved:

Ticket#2014031766000331 (2014-03-17) Missing parameters on CLI
Ticket#2014032566001217 (2014-03-25) KERNEL CRASH / PANIC

Re: v6.12 released

Posted: Tue Apr 15, 2014 4:22 pm
by doneware
l2tp - fixed ~no buffer space available~ problem;
no buffer problem still seems to persist in 6.12.
but this time it's not related to l2tp. i have a box with GRE over IPSec tunnels
(~80 tunnels) and run BGP over them.
just had to restart the device 4 hours ago because of "no buffer space avail".

Re: v6.12 released

Posted: Tue Apr 15, 2014 4:27 pm
by andriys
just had to restart the device 4 hours ago because of "no buffer space avail".
Hm... 6.12 was officially announced less then 4 hours ago...

Re: v6.12 released

Posted: Tue Apr 15, 2014 4:37 pm
by normis
l2tp - fixed ~no buffer space available~ problem;
no buffer problem still seems to persist in 6.12.
but this time it's not related to l2tp. i have a box with GRE over IPSec tunnels
(~80 tunnels) and run BGP over them.
just had to restart the device 4 hours ago because of "no buffer space avail".
If you have it running for more than 4 hours, it could mean you are not running the version that was just released now. Upgrade to the one on the webpage please.

Re: v6.12 released

Posted: Tue Apr 15, 2014 4:55 pm
by normis
rextended, please do NOT re-post all the fixed issues here. Post only NOT fixed issues if you find any. Thanks!

Re: v6.12 released

Posted: Tue Apr 15, 2014 5:01 pm
by doneware
just had to restart the device 4 hours ago because of "no buffer space avail".
Hm... 6.12 was officially announced less then 4 hours ago...
it was the 6.12 from 11th april. Normis posted the url to it in one of the other threads. checked the changelog,
and as it stated the buffer space issue to be fixed, i gave it a try. now i am running the official image
(build date: Apr/14/2014 09:27:45)

Re: v6.12 released

Posted: Tue Apr 15, 2014 5:14 pm
by efaden
When can we expect more complete documentation with examples for the CRS?

Re: v6.12 released

Posted: Tue Apr 15, 2014 5:23 pm
by dtoffo
What about CAPsMAN (wireless-fp package): is it still beta or production-stable?

Re: v6.12 released

Posted: Tue Apr 15, 2014 5:58 pm
by DiabolixZA
*) lte - provide signal strength using snmp and make 'info once' work in console;
SNMP for LTE signal strength, but yet we see nothing for CCQ..

Re: v6.12 released

Posted: Tue Apr 15, 2014 6:55 pm
by adyb76
RB450, RB2011UiAS-2HnD, RB1100AHX2, CCR1036-12G-4S all updated ok

Running PPPoE, OSPF, MPLS and TE

Ade

Re: v6.12 released

Posted: Tue Apr 15, 2014 7:39 pm
by rextended
rextended, please do NOT re-post all the fixed issues here. Post only NOT fixed issues if you find any. Thanks!
Sorry, I have posted that for prevent question like "Are fixed this problem....?" not written on change log.

Re: v6.12 released

Posted: Tue Apr 15, 2014 9:35 pm
by macgaiver
I can give a nickname to this version "CRS Evolution version" it is good that these changes got out as soon as possible, now at least we can start using CRS properly.
I'm sure there will be other version with other fixes soon enough. And if MT fixes your bug you usually can get a RC version to verify that bug is solved.

Now i have lots of new toys in "Switch" menu :)

Re: v6.12 released

Posted: Tue Apr 15, 2014 10:07 pm
by JanezFord
Winbox checkboxes and textboxes are back to pre v6.11 style .... good work! I see new switch menu design in winbox on crs125.

upgraded crs125, 450g, 711ua-2hnd, 751u-2hnd, 751g-2hnd, 951g-2hnd, 951ui-2hnd, 2011uas-rm, 2011uas-2hnd-in 912u-2hnd and rb800 to 6.12 + firware where applicable without any issues. All running fine (ipsec, ospf, l2tp)

JF.

Re: v6.12 released

Posted: Tue Apr 15, 2014 11:00 pm
by dlj87
OpenVPN server doesn't work! The same TLS failed error in log as it was in 6.11. Downgrade to 6.10

Re: v6.12 released

Posted: Tue Apr 15, 2014 11:38 pm
by plankanater
Still loosing interfaces in /Interface Bridge Filters. It will take the interface in the rule then after about 3 seconds after hitting apply it will minimize the interface field on the general page. If I reopen the field it is still, but re-minimizes as soon as OK, or Apply is hit. So the ability to mark packets by interface in a bridge seems to be lost.

Re: v6.12 released

Posted: Wed Apr 16, 2014 12:07 am
by Jetrider
Anyone tried DHCP server on VLAN with this ? Is all fine now ?

Re: v6.12 released

Posted: Wed Apr 16, 2014 12:12 am
by rextended
Anyone tried DHCP server on VLAN with this ? Is all fine now ?
Try yourself and post the result.

Re: v6.12 released

Posted: Wed Apr 16, 2014 2:07 am
by lorsungcu
6.12 completely broke my ipsec/l2tp tunnels. Not sure what the problem is at this point, but i'll be moving back to 6.11 until i figure it out..

Re: v6.12 released

Posted: Wed Apr 16, 2014 2:09 am
by efaden
6.12 completely broke my ipsec/l2tp tunnels. Not sure what the problem is at this point, but i'll be moving back to 6.11 until i figure it out..
Interesting. Mine are working just fine.

Re: v6.12 released

Posted: Wed Apr 16, 2014 5:41 am
by nz_monkey
6.12 completely broke my ipsec/l2tp tunnels. Not sure what the problem is at this point, but i'll be moving back to 6.11 until i figure it out..
Interesting. Mine are working just fine.
For the first time since about 6.5 upgrading DID NOT break my IPSEC tunnels :) Thanks Mikrotik.

Re: v6.12 released

Posted: Wed Apr 16, 2014 5:56 am
by evharten
6.12 broke my CRS's, had to go into serial console to reset configuration and build the config as new, system just hangs after updating.

Another CRS hangs even after the reset-configuration, im trying to reproduce it so i can get an supout (if that works at least, since the switch disables ALL ports when it hangs).

Addenum:
Trunk feature does not work properly, trunk stops forwarding packages after some time (802.11ad LACP), after removing and recreating the trunk it works for a while, and then stops working again.

Re: v6.12 released

Posted: Wed Apr 16, 2014 7:33 am
by chimaster
Upgrade to 6.12 FW 3.13 no worries on CCR1016-12G. Had major L2TP issues with 6.11 rolled back to 6.6 and have now updated to 6.12 to test L2TP Buffer space issue is resolved.

Five Hours in. So far so good... Fingers crossed for a full recovery from two weeks of absolute instability.

Re: v6.12 released

Posted: Wed Apr 16, 2014 8:19 am
by Aveyer
Upgraded from 5.26 to 6.12 on RB750GL and RB450G, so far so good.

Re: v6.12 released

Posted: Wed Apr 16, 2014 8:20 am
by npero
Ticket#2014032466000827 not fixed, it is not working in last couple version, also other user on forum confirm bug.
When it will be fixed ?

Re: v6.12 released

Posted: Wed Apr 16, 2014 9:19 am
by Jetrider
Try yourself and post the result.

Sorry, unable to comply. Every version since 6.5 has been a huge disappointment so far resulting major outages. Cannot risk that production environment device. To be honest this "try yourself and post result" attitude got me thinking, that maybe I should fix it myself, too. Or simply not use DHCP maybe ? :D

Re: v6.12 released

Posted: Wed Apr 16, 2014 9:23 am
by tedkuban
IPSEC was totally broken after upgrade from 6.11 and from 5.26. Comments in the changelog on need of changes in a config are absent.

Re: v6.12 released

Posted: Wed Apr 16, 2014 9:38 am
by evharten
Try yourself and post the result.

Sorry, unable to comply. Every version since 6.5 has been a huge disappointment so far resulting major outages. Cannot risk that production environment device. To be honest this "try yourself and post result" attitude got me thinking, that maybe I should fix it myself, too. Or simply not use DHCP maybe ? :D
This is the community forums, IF you have bugs that you want fixed you should email support, if something breaks during/after an upgrade you can email support for support (or the company that have sold you the unit).

Here people will say try it, and post results, as that is what we all do ;)
Community is willing to help you, but if you did not try it first yourself, there is nothing we can help, as we do not know your situation nor configuration.
And new features, or bugfixes are fixed (maybe not but thats something WE as community test).

ps. this is not to flame at you! we are merely trying to help you.

Re: v6.12 released

Posted: Wed Apr 16, 2014 11:01 am
by infused
CRS test unit on 6.12 runs sweet as.

Re: v6.12 released

Posted: Wed Apr 16, 2014 11:04 am
by evharten
CRS test unit on 6.12 runs sweet as.
You did not have to reset the configuration ?

Re: v6.12 released

Posted: Wed Apr 16, 2014 11:16 am
by evharten
Trunk failure ticket #2014041666000341

Includes the supout.rif at the time of failure.
after disabling one of the interfaces in the trunk it starts working again, seems that the trunk option is not yet 802.11ad compliant.

Re: v6.12 released

Posted: Wed Apr 16, 2014 11:58 am
by bootc
6.12 broke my CRS's, had to go into serial console to reset configuration and build the config as new, system just hangs after updating.

Another CRS hangs even after the reset-configuration, im trying to reproduce it so i can get an supout (if that works at least, since the switch disables ALL ports when it hangs).
I was running a 6.12rc and it was working fine. Upgraded to 6.12 release and it hung on reboot, and comes up with all ports disabled. I can login at the serial console but commands like
/interface print
just hang. Reset-configuration works (eventually) but putting my config back breaks it after a reboot.

I too am working on a reproducible config that breaks the CCR. I hope to be able to post something soon.

Re: v6.12 released

Posted: Wed Apr 16, 2014 12:05 pm
by firefly

Re: v6.12 released

Posted: Wed Apr 16, 2014 12:25 pm
by bootc
6.12 broke my CRS's, had to go into serial console to reset configuration and build the config as new, system just hangs after updating.

Another CRS hangs even after the reset-configuration, im trying to reproduce it so i can get an supout (if that works at least, since the switch disables ALL ports when it hangs).
I too am working on a reproducible config that breaks the CCR. I hope to be able to post something soon.
The following configuration sets up the CRS for a fall, but still works at this point after a reboot:
/interface ethernet
set [ find default-name=ether2 ] master-port=ether1
set [ find default-name=ether3 ] master-port=ether1
set [ find default-name=ether4 ] master-port=ether1
set [ find default-name=ether5 ] master-port=ether1
set [ find default-name=ether6 ] master-port=ether1
set [ find default-name=ether7 ] master-port=ether1
set [ find default-name=ether8 ] master-port=ether1
set [ find default-name=ether9 ] master-port=ether1
set [ find default-name=ether10 ] master-port=ether1
set [ find default-name=ether11 ] master-port=ether1
set [ find default-name=ether12 ] master-port=ether1
set [ find default-name=ether13 ] master-port=ether1
set [ find default-name=ether14 ] master-port=ether1
set [ find default-name=ether15 ] master-port=ether1
set [ find default-name=ether16 ] master-port=ether1
set [ find default-name=ether17 ] master-port=ether1
set [ find default-name=ether18 ] master-port=ether1
set [ find default-name=ether19 ] master-port=ether1
set [ find default-name=ether20 ] master-port=ether1
set [ find default-name=ether21 ] master-port=ether1
set [ find default-name=ether22 ] master-port=ether1
set [ find default-name=ether23 ] master-port=ether1
set [ find default-name=ether24 ] master-port=ether1
set [ find default-name=sfp1 ] master-port=ether1
/interface vlan
add interface=ether1 vlan-id=1
add interface=ether1 vlan-id=1000
/interface ethernet switch
set forward-unknown-vlan=no
/interface ethernet switch vlan
add ports=ether1,ether2,switch1-cpu vlan-id=1
add ports=ether23,ether24 vlan-id=1000
Adding the following will appear to "work" after it's been added (it doesn't due to the lack of matching egress config, but would work if that was added too), but causes the switch to fail at reboot:
/interface ethernet switch ingress-vlan-translation
add new-customer-vid=1 ports=ether1,ether2
add new-customer-vid=1000 ports=ether23,ether24

Re: v6.12 released

Posted: Wed Apr 16, 2014 12:52 pm
by killersoft
NTP Client seems to still have an issue(as of 6.11, v6.10 had no issues) on MT Metals 2SHPn's(WILL NOT SET System clock time).
My RB951G(v5.26) on the same subnet with the same NTP config has no issue with setting the system time.
Think it might be Supout.rif time... !

Re: v6.12 released

Posted: Wed Apr 16, 2014 1:19 pm
by normis
NTP Client seems to still have an issue(as of 6.11, v6.10 had no issues) on MT Metals 2SHPn's(WILL NOT SET System clock time).
My RB951G(v5.26) on the same subnet with the same NTP config has no issue with setting the system time.
Think it might be Supout.rif time... !
did you try another server ?

Re: v6.12 released

Posted: Wed Apr 16, 2014 1:23 pm
by infused
CRS test unit on 6.12 runs sweet as.
You did not have to reset the configuration ?
I hardly had any config. The config I had worked fine though.

Re: v6.12 released

Posted: Wed Apr 16, 2014 1:44 pm
by bawolek
what about with link aggregation (802.3ad) doing on switch-chip ..
i'm waiting for that on CRS ...

Re: v6.12 released

Posted: Wed Apr 16, 2014 2:03 pm
by Fatum

Re: v6.12 released

Posted: Wed Apr 16, 2014 2:37 pm
by hengst
BUG ?

dhcp request via radius.

wont send anything to radius server when "Called ID" is used. ( nothing in log )

without anything in the "Called ID" , radius request is sent to radius server and all ok.

typo somwhere ? caller id / called id ? just my 2 cents

Re: v6.12 released

Posted: Wed Apr 16, 2014 3:26 pm
by Krisken
Is the DHCP server problem for vlans fixed?

Re: v6.12 released

Posted: Wed Apr 16, 2014 3:30 pm
by Zorro
all RB2011's and 951's so far so good.
not tested 450g, 433 and AP's yet, but kinda enthusiastically about.
found its both boots and works faster(and marginal but very welcome and handy latency drop) and also L2 filtering on copper start working again(cool !! no need to use v5.xx in such cases anymore).
i guess that's was new routerboard firmware impact.
also thanks for fixing fields in firewall management, back ).
previous versions (both 6.10 and 6.11)was looped into panic-reboot/netinstall after upgrade on some of rb2011 bodies. some right after reboot, some - after firmware update. 6.12 is okay on ALL, cool(no downtime is cool, isn't ? :)

p.s.
any chance to get CoDel in future releases ? :)

Re: v6.12 released

Posted: Wed Apr 16, 2014 3:49 pm
by pateutz
Hi all,

after upgrade from 6.11 to 6.12 the IPSEC tunnels not working any more. I have downgraded back to 6.11 and now i am able to make connections to my IPSEC VPN tunnels.
I have defined the the configuration of the IPSEC VPN tunnels since version 5. So since then i have never change anything in the configuration.

Best Regards,

Daniel

Re: v6.12 released

Posted: Wed Apr 16, 2014 3:52 pm
by paoloaga
6.12 broke my CRS's, had to go into serial console to reset configuration and build the config as new, system just hangs after updating.
Another CRS hangs even after the reset-configuration, im trying to reproduce it so i can get an supout (if that works at least, since the switch disables ALL ports when it hangs).
I was running a 6.12rc and it was working fine. Upgraded to 6.12 release and it hung on reboot, and comes up with all ports disabled. I can login at the serial console but commands like
/interface print
just hang. Reset-configuration works (eventually) but putting my config back breaks it after a reboot.

I too am working on a reproducible config that breaks the CCR. I hope to be able to post something soon.
I am experiencing the very same problem. The switch seems to run fine with the default config, but as soon as I add some vlan features (ingress vlan translation and egress vlan translation) works for a few minutes and then hangs. It also keeps hanging at the boot, responds to the console but it doesn't execute "/print interface ethernet".

I'm working to generate a supout.rif.

Edit: it doesn't execute "/interface ethernet print" -- apologize for the typo.

Re: v6.12 released

Posted: Wed Apr 16, 2014 4:18 pm
by fposavec
6.12 broke my CRS's, had to go into serial console to reset configuration and build the config as new, system just hangs after updating.
Another CRS hangs even after the reset-configuration, im trying to reproduce it so i can get an supout (if that works at least, since the switch disables ALL ports when it hangs).
I was running a 6.12rc and it was working fine. Upgraded to 6.12 release and it hung on reboot, and comes up with all ports disabled. I can login at the serial console but commands like
/interface print
just hang. Reset-configuration works (eventually) but putting my config back breaks it after a reboot.

I too am working on a reproducible config that breaks the CCR. I hope to be able to post something soon.
I am experiencing the very same problem. The switch seems to run fine with the default config, but as soon as I add some vlan features (ingress vlan translation and egress vlan translation) works for a few minutes and then hangs. It also keeps hanging at the boot, responds to the console but it doesn't execute "/print interface ethernet".

I'm working to generate a supout.rif.
I already send support.rif to support, waiting to anwser...

Re: v6.12 released

Posted: Wed Apr 16, 2014 4:22 pm
by Chupaka
Anyone tried DHCP server on VLAN with this ? Is all fine now ?
Is the DHCP server problem for vlans fixed?
what was the problem? I have a CCR with DHCP Servers on VLANs, it worked fine on v6.7 and it works now on v6.12

Re: v6.12 released

Posted: Wed Apr 16, 2014 7:15 pm
by huntah
DHCP on VLAN was also working on 6.11.. I am using it right now without problems. I reported that back in 6.11 released topic..

Re: v6.12 released

Posted: Wed Apr 16, 2014 7:35 pm
by Clauu
Good job devs team now with the latest update the usb power is much more stable :) I have almost 1 day uptime of a usb 3g modem where on <=6.11 it was a nightmare no more than 2hours of uptime

Re: v6.12 released

Posted: Wed Apr 16, 2014 8:55 pm
by Test471
What's new in CAPsMAN 6.12?

Re: v6.12 released

Posted: Wed Apr 16, 2014 9:15 pm
by bawolek

:) thanks I don't read wiki with crs option :)

Re: v6.12 released

Posted: Wed Apr 16, 2014 9:57 pm
by ners
CRS on 6.12, ip addresses on physical interfaces ("native VLAN") stopped working:

ros code

/ip address
add address=172.16.16.8/24 interface=ether24 network=172.16.16.0
/interface ethernet
set [ find default-name=sfp1 ] master-port=ether24
set [ find default-name=ether1 ] master-port=ether24
set [ find default-name=ether2 ] master-port=ether24
set [ find default-name=ether3 ] master-port=ether24
set [ find default-name=ether4 ] master-port=ether24
set [ find default-name=ether5 ] master-port=ether24
set [ find default-name=ether6 ] master-port=ether24
set [ find default-name=ether7 ] master-port=ether24
set [ find default-name=ether8 ] master-port=ether24
set [ find default-name=ether9 ] master-port=ether24
set [ find default-name=ether10 ] master-port=ether24
set [ find default-name=ether11 ] master-port=ether24
set [ find default-name=ether12 ] master-port=ether24
set [ find default-name=ether13 ] master-port=ether24
set [ find default-name=ether14 ] master-port=ether24
set [ find default-name=ether15 ] master-port=ether24
set [ find default-name=ether16 ] master-port=ether24
set [ find default-name=ether17 ] master-port=ether24
set [ find default-name=ether18 ] master-port=ether24
set [ find default-name=ether19 ] master-port=ether24
set [ find default-name=ether20 ] master-port=ether24
set [ find default-name=ether21 ] master-port=ether24
set [ find default-name=ether22 ] master-port=ether24
set [ find default-name=ether23 ] master-port=ether24

/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,\
    ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24" \
    forward-unknown-vlan=no
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether24 vlan-id=59
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=59 ports=ether1 sa-learning=yes
/interface ethernet switch vlan
add ports=ether1,ether24 vlan-id=59
172.16.16.8 cannot be pinged from other hosts in the network.

Re: v6.12 released

Posted: Wed Apr 16, 2014 10:21 pm
by h17
Anyone tried DHCP server on VLAN with this ? Is all fine now ?
Is the DHCP server problem for vlans fixed?
what was the problem? I have a CCR with DHCP Servers on VLANs, it worked fine on v6.7 and it works now on v6.12
Same here. I've been using DHCP Servers on VLANs at home since version 3.x, through almost every one
till now (6.11, didn't upgrade to 6.12 yet - I'm on vacation). I've never spotted any single problem with this.
Tested on 433AH, 435GUAH, 450G, 1100AHx2 and CCR1036-12G-4S.

P.S.
This is my first post here. Hello everyone. :)

CCR1016-12G vlan issue.

Posted: Wed Apr 16, 2014 11:12 pm
by dibatech
CCR1016-12G
Strange vlan issue.
Added vlan 1286 on ether12 via winbox.
Close winbox, reopen, vlan now missing.
Under vlans tab in interfaces setup, there is a ppp-XXXX dynamic user listed??
Seems like the vlan interface name / index however mikrotik does it gets corrupted.

Resetted board to defaults, restored config from rsc export. Same result.
Downgraded to 6.7 and all seems well again.

Could not create supout.rif, as this unit was in production at the time and clients was going crazy.
Will try and recreate again and log ticket.

Re: v6.12 released

Posted: Thu Apr 17, 2014 1:19 am
by Aveyer
I'm using DHCP on vlans on RB750GL and RB450G, no issues at all.

Re: v6.12 released

Posted: Thu Apr 17, 2014 3:22 am
by ddt
Old VLAN code working on 6.11:
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=701 ports=ether2 sa-learning=yes
/interface ethernet switch egress-vlan-translation
add customer-vid=701 new-customer-vid=0 ports=ether2
This correctly exports on a CRS still running 6.11.

New export code of the above if put into 6.12:
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=701 ports=ether2 sa-learning=yes
/interface ethernet switch egress-vlan-translation
add customer-vid=701 new-customer-vid="(unknown)" ports=ether2
If more than one entry is in the egress field with "(unknown)" the router will freeze on bootup during the "Starting services" display output on the LCD.

Re: v6.12 released

Posted: Thu Apr 17, 2014 6:42 am
by littlebill
is pptp and winbox fixed? how about sstp and windows clients? did anyone confirm this working? its been broken a while

Re: v6.12 released

Posted: Thu Apr 17, 2014 7:22 am
by Aveyer
On one of my RB450G', opening the OSPF menu causes winbox to crash everytime. This doesn't happen on all the rest that I upgraded however, which are in production.
This router wasn't in production, it was connected directly to laptop.

I had to reset to defaults and reconfigure, then no more crashing.

Re: v6.12 released

Posted: Thu Apr 17, 2014 8:10 am
by mboy
New export code of the above if put into 6.12:
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=701 ports=ether2 sa-learning=yes
/interface ethernet switch egress-vlan-translation
add customer-vid=701 new-customer-vid="(unknown)" ports=ether2
If more than one entry is in the egress field with "(unknown)" the router will freeze on bootup during the "Starting services" display output on the LCD.
I have the same problem, what can be done?

Re: v6.12 released

Posted: Thu Apr 17, 2014 8:42 am
by ners
Old VLAN code working on 6.11:
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=701 ports=ether2 sa-learning=yes
/interface ethernet switch egress-vlan-translation
add customer-vid=701 new-customer-vid=0 ports=ether2
This correctly exports on a CRS still running 6.11.

New export code of the above if put into 6.12:
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=701 ports=ether2 sa-learning=yes
/interface ethernet switch egress-vlan-translation
add customer-vid=701 new-customer-vid="(unknown)" ports=ether2
If more than one entry is in the egress field with "(unknown)" the router will freeze on bootup during the "Starting services" display output on the LCD.
Just delete the following section altogether:

ros code

/interface ethernet switch egress-vlan-translation
add customer-vid=701 new-customer-vid="(unknown)" ports=ether2
I found out setting egress-vlan-translation is not needed to make the port "access" anymore. Just "ingress-vlan-translation" is all that needs to be set.

Re: v6.12 released

Posted: Thu Apr 17, 2014 8:49 am
by cdiedrich
after upgrade from 6.11 to 6.12 the IPSEC tunnels not working any more. I have downgraded back to 6.11 and now i am able to make connections to my IPSEC VPN tunnels.
I have defined the the configuration of the IPSEC VPN tunnels since version 5. So since then i have never change anything in the configuration.
Cannot confirm this.
We have some (three) 2011UiAS managing about 25 IPSEC site2site tunnels (talking to Cisco ASA, Cisco 3005 and RB2011s) and after upgrade to 6.12 they're running perfectly.
It even seems that IKE handshake is gotten faster.

Re: v6.12 released

Posted: Thu Apr 17, 2014 9:31 am
by Clauu
Good job devs team now with the latest update the usb power is much more stable :) I have almost 1 day uptime of a usb 3g modem where on <=6.11 it was a nightmare no more than 2hours of uptime
Ok so unfortunately happened again :( now it will last for ~ 1day and after that reset occurs again..

Re: v6.12 released

Posted: Thu Apr 17, 2014 12:41 pm
by iossol
:(
RB2011UAS stops responding some hours after upgrade from 6.11 to 6.12.
The System is used as a l2tp/ipsec dialin Router with Radius.

The System is placed in a Colocation Center, I'm actually waiting for some Info or a powercycle from the Centers Support Staff.

The Router was pretty stable up to RouterOS 6.7, after that it becomes a nightmare.

Re: v6.12 released

Posted: Thu Apr 17, 2014 12:54 pm
by cdiedrich
Just a cosmetic one:

Bridge filters show up incompletely in Winbox.
Creating/editing rules works perfectly. But in the list view the Interface columns are empty.
When reopening a rule in Winbox the appropriate sections come up collapsed but when opening them, the interfaces are there.
Everything shows up correctly in console/telnet/ssh/winbox console.

Re: v6.12 released

Posted: Thu Apr 17, 2014 1:27 pm
by remojames
I had problem with Kernel panic and after upgrade firmware to 3.13 everything is ok now

Re: v6.12 released

Posted: Thu Apr 17, 2014 2:53 pm
by gotsprings
Yup...

On vacation and clicked on Download and Upgrade 6.12 for my Home CRS.
It's off line now.

Guess I will get to try to fix this on Friday when I get home. Please put up a warning. AS it seems a few others have seen the same thing with CRS.

Re: v6.12 released

Posted: Thu Apr 17, 2014 2:55 pm
by pcunite
I had to reset to defaults and reconfigure, then no more crashing.
That is the secret to fixing many user level issues. The parsing engine is really to blame for most troubles.

Re: v6.12 released

Posted: Thu Apr 17, 2014 3:31 pm
by iossol
:(
RB2011UAS stops responding some hours after upgrade from 6.11 to 6.12.
The System is used as a l2tp/ipsec dialin Router with Radius.

The System is placed in a Colocation Center, I'm actually waiting for some Info or a powercycle from the Centers Support Staff.

The Router was pretty stable up to RouterOS 6.7, after that it becomes a nightmare.
Just a short update:
Touchpanel was responsive, but no packets on any ethernet port. Looks like the switch stops working.
After powercycle, normal access was possible.
Config reset is not possible, since the RB2011 is in an external Colocation Center which is 3 hours away from my office.
For now a backup 2011 with RouterOS 6.7 is in production and the other one has to wait for 6.13 or for my next visit.

Re: v6.12 released

Posted: Thu Apr 17, 2014 3:40 pm
by Aveyer
I had to reset to defaults and reconfigure, then no more crashing.
That is the secret to fixing many user level issues. The parsing engine is really to blame for most troubles.
It's strange, there was no problem with the other 3 in production that were upgraded, just the one on my desk which was preconfigured for deployment to another site.

So it's like OSPF messed up on this one because OSPF didn't get to connect to the network.

Re: v6.12 released

Posted: Thu Apr 17, 2014 3:47 pm
by brainy
Anyone tried DHCP server on VLAN with this ? Is all fine now ?
Is the DHCP server problem for vlans fixed?
what was the problem? I have a CCR with DHCP Servers on VLANs, it worked fine on v6.7 and it works now on v6.12
The problem was with dhcp server on vlan interface(s) on bonding-interface(s) giving wrong netmasks.

Re: v6.12 released

Posted: Thu Apr 17, 2014 5:30 pm
by Zorro
about winbox crashing - try import really messy/complex stuff into any part of config and it crash.
probably parser was slightly memory-limited to do some things.
for example importing updated pgl.yoyo.org adslist to blackhole advertisers or lists of red-flagged(botnet pandemic or persistently ran offensive payloads)segments of internet - can, due to lenght.

Re: v6.12 released

Posted: Thu Apr 17, 2014 5:48 pm
by jondavy
all pppoe and vpls interfaces are disappeared , but still working,
was using version 6.11 CCR-1-1612G, now updated to version 6.12, and how it has all ok

Re: v6.12 released

Posted: Thu Apr 17, 2014 9:14 pm
by kotsius
SSTP problems still persist:

We have SSTP server-client interconnections between 6 MT routers, all of which share *exactly* the same settings. After upgrading them to v6.12, some pairs would connect without problems, others however would disconnect after roughly one minute, mostly returning a "negotiation timeout" on the server side. There was no obvious pattern, some pairings would work, others simply wouldn't. PPP profile encryption is set to "no", but "yes" failed just as well. Changing keepalive timeouts on both sides had no visible effect, nor had disabling certificate verification.

We are now back to v6.6, having already tried most in between versions...

Re: v6.12 released

Posted: Fri Apr 18, 2014 12:14 am
by ndbjorne
SSTP problems still persist:

We have SSTP server-client interconnections between 6 MT routers, all of which share *exactly* the same settings. After upgrading them to v6.12, some pairs would connect without problems, others however would disconnect after roughly one minute, mostly returning a "negotiation timeout" on the server side. There was no obvious pattern, some pairings would work, others simply wouldn't. PPP profile encryption is set to "no", but "yes" failed just as well. Changing keepalive timeouts on both sides had no visible effect, nor had disabling certificate verification.

We are now back to v6.6, having already tried most in between versions...
6 MT routerboards connect to SSTP server, after upgrading them all to 6.12 connections continuosly reset after 2m.
...
22:45:09 sstp,ppp,info sstp-out1: connected 
22:47:08 sstp,ppp,info sstp-out1: terminating... - conn timeout 
22:47:08 sstp,ppp,info sstp-out1: disconnected 
22:47:08 sstp,ppp,info sstp-out1: initializing... 
22:47:08 sstp,ppp,info sstp-out1: connecting... 
22:47:09 sstp,ppp,info sstp-out1: authenticated 
22:47:10 sstp,ppp,info sstp-out1: connected 
22:49:09 sstp,ppp,info sstp-out1: terminating... - conn timeout 
22:49:09 sstp,ppp,info sstp-out1: disconnected 
22:49:09 sstp,ppp,info sstp-out1: initializing... 
22:49:09 sstp,ppp,info sstp-out1: connecting... 
22:49:10 sstp,ppp,info sstp-out1: authenticated 
22:49:11 sstp,ppp,info sstp-out1: connected
...
Downgraded server back to 6.11: tunnels now seem stable.

Bye

Re: v6.12 released

Posted: Fri Apr 18, 2014 12:29 am
by stefan803
Hi,

I can see the same here for 3 sstp links, always a reconnect after 2 minutes saying "terminating... - conn timeout" in the logs of the client.

A link from Windows to the router using sstp seems not to be reset after 2 minutes.

Re: v6.12 released

Posted: Fri Apr 18, 2014 8:18 am
by humppa
RB951G-2HnD
Too many records in Log:

XX:XX:XX:XX:XX:XX@wlan1: disconnected, group key exchange timeout
wlan1: data from unknown device XX:XX:XX:XX:XX:XX, sent deauth

where XX:XX:XX:XX:XX:XX exactly my device.

Re: v6.12 released

Posted: Fri Apr 18, 2014 9:09 am
by dtoffo
OpenVPN server doesn't work! The same TLS failed error in log as it was in 6.11. Downgrade to 6.10
for me a 6.9 with ovpn server functioning, upgraded to 6.10 or 6.11 had TLS error, upgraded to 6.12 (with no configuration changes) works ok

d.

Re: v6.12 released

Posted: Fri Apr 18, 2014 9:12 am
by dtoffo
What about CAPsMAN (wireless-fp package): is it still beta or production-stable?
What's new in CAPsMAN 6.12?
Anyone from Mikrotik support can give just a word about CAPsMAN ?

d.

Re: v6.12 released

Posted: Fri Apr 18, 2014 12:14 pm
by rextended
What about CAPsMAN (wireless-fp package): is it still beta or production-stable?
Read:
Wireless test package which includes the new CAPsMAN feature (Controlled AP system manager).
Anyone from Mikrotik support can give just a word about CAPsMAN ?
Search:

Re: v6.12 released

Posted: Fri Apr 18, 2014 5:49 pm
by tmorrison88
There is still a bug in RouterOS 6.12 that was introduced in RouterOS 6.11 regarding bridge filter rules. I've found if you create bridge filter rules specifying an interface, the interface shown will go into hidden/minimized state in Winbox. The interface is still there and bridge filter is working but there is this hidden effect that is happening.

Create the bridge filter rule with bridge/interface specified. Double click on that same rule you had just created. There is a drop down arrow (menu field collapse/expand arrow) specifying the interface it will show as minimized, vs having that drop down arrow always maximized showing you what is applied on that rule.

Re: v6.12 released

Posted: Fri Apr 18, 2014 7:27 pm
by ncd

I was running a 6.12rc and it was working fine. Upgraded to 6.12 release and it hung on reboot, and comes up with all ports disabled. I can login at the serial console but commands like
/interface print
just hang. Reset-configuration works (eventually) but putting my config back breaks it after a reboot.

I too am working on a reproducible config that breaks the CCR. I hope to be able to post something soon.
I am experiencing the very same problem. The switch seems to run fine with the default config, but as soon as I add some vlan features (ingress vlan translation and egress vlan translation) works for a few minutes and then hangs. It also keeps hanging at the boot, responds to the console but it doesn't execute "/print interface ethernet".

I'm working to generate a supout.rif.
I already send support.rif to support, waiting to anwser...
I've tried this a few times today with 6.12 and it's not just print in the interface section that will cause it to lock up, exporting config also causes the device to hard lock up.

Should add I started with a clean configuration and then applied the config bit by bit, the entire config was accepted without error but lockups occurred when printing out to confirm it had been interpreted.

Re: v6.12 released

Posted: Fri Apr 18, 2014 8:14 pm
by rpingar
There is still a bug in RouterOS 6.12 that was introduced in RouterOS 6.11 regarding bridge filter rules. I've found if you create bridge filter rules specifying an interface, the interface shown will go into hidden/minimized state in Winbox. The interface is still there and bridge filter is working but there is this hidden effect that is happening.

Create the bridge filter rule with bridge/interface specified. Double click on that same rule you had just created. There is a drop down arrow (menu field collapse/expand arrow) specifying the interface it will show as minimized, vs having that drop down arrow always maximized showing you what is applied on that rule.
+1

regards
Ros

Re: v6.12 released

Posted: Fri Apr 18, 2014 9:14 pm
by elmer
RouterOS 6.x don`t have "/interface ethernet poe" command?
My RB from MUM Italy still looks like that ;)

Re: v6.12 released

Posted: Fri Apr 18, 2014 10:53 pm
by rextended
RouterOS 6.x don`t have "/interface ethernet poe" command?
My RB from MUM Italy still looks like that ;)
Elmer, devi andate in interface / ethernet / ether10 / PoE

ros code

[admin@MATRIX] /system package> print
Flags: X - disabled 
 #   NAME                     VERSION                    SCHEDULED              
 0   routeros-mipsbe          6.12                                              
 1   system                   6.12                                              
 2 X ipv6                     6.12                                              
 3   wireless                 6.12                                              
 4   hotspot                  6.12                                              
 5   dhcp                     6.12                                              
 6 X mpls                     6.12                                              
 7 X routing                  6.12                                              
 8   ppp                      6.12                                              
 9   security                 6.12                                              
10   advanced-tools           6.12                                              
11   user-manager             6.12                                              
12   ntp                      6.12
[admin@MATRIX] /system routerboard> print
       routerboard: yes
             model: RB951Ui-2HnD
     serial-number: [...]
  current-firmware: 3.14
  upgrade-firmware: 3.14
[admin@MATRIX] /interface ethernet poe> print
            ;;; PPPoE client
          name: ether5
       poe-out: auto-on
  poe-priority: 10

Re: v6.12 released

Posted: Sat Apr 19, 2014 1:44 am
by tkgit
how about "random missing interface"
2014040766000072

Re: v6.12 released

Posted: Sat Apr 19, 2014 9:40 pm
by janel
I've tried this a few times today with 6.12 and it's not just print in the interface section that will cause it to lock up, exporting config also causes the device to hard lock up.
Should add I started with a clean configuration and then applied the config bit by bit, the entire config was accepted without error but lockups occurred when printing out to confirm it had been interpreted.
Same thing here, after upgrade the router is stuck at "Starting services" on the LCD and all the ports are disabled. Reset configuration, reboot, paste the whole config (I have tried to remove /interface ethernet switch egress-vlan-translation - the same) and everything works until the next reboot.

Downgraded to 6.11 which is at least stable if not secure. :(
That's on the CRS125-24G-1S.

Upgraded just fine on 951G-2HnD, 751G-2HnD and 951Ui-2HnD.

Re: v6.12 released

Posted: Sat Apr 19, 2014 10:41 pm
by armandfumal
DHCP on VLAN was also working on 6.11.. I am using it right now without problems. I reported that back in 6.11 released topic..
same for me DHCP on vlan is working for me...

Re: v6.12 released

Posted: Sun Apr 20, 2014 12:54 am
by rpingar
Ticket#2014041966000282

pppoe client present into the list of eoip interface, and some new eoip interface disappear.
Seems a problem of mismatch interface id. Very weird bahavior.

regards
Ros

Re: v6.12 released

Posted: Sun Apr 20, 2014 4:37 am
by Dadon
There is still a bug in RouterOS 6.12 that was introduced in RouterOS 6.11 regarding bridge filter rules. I've found if you create bridge filter rules specifying an interface, the interface shown will go into hidden/minimized state in Winbox. The interface is still there and bridge filter is working but there is this hidden effect that is happening.

Create the bridge filter rule with bridge/interface specified. Double click on that same rule you had just created. There is a drop down arrow (menu field collapse/expand arrow) specifying the interface it will show as minimized, vs having that drop down arrow always maximized showing you what is applied on that rule.
+1

regards
Ros
+1

Re: v6.12 released

Posted: Sun Apr 20, 2014 4:41 am
by telepro
SSTP problems still persist:

We have SSTP server-client interconnections between 6 MT routers, all of which share *exactly* the same settings. After upgrading them to v6.12, some pairs would connect without problems, others however would disconnect after roughly one minute, mostly returning a "negotiation timeout" on the server side. There was no obvious pattern, some pairings would work, others simply wouldn't. PPP profile encryption is set to "no", but "yes" failed just as well. Changing keepalive timeouts on both sides had no visible effect, nor had disabling certificate verification.

We are now back to v6.6, having already tried most in between versions...
Also experiencing same problem. In our environment: 50+ identical 951G, each acting as SSTP clients, and single 1100AHx2 as SSTP server. Have submitted a Ticket#2014031866000446 ago with Supout files from both client and server sides, logs from both clients and servers, and wireshark recordings. Some connections work for extended periods of time. Others will loop with ~ 2 minute connection, disconnect, the reconnect for ~ 2 minutes...

Have not found stable configuration with 6.5 or later.

Re: v6.12 released

Posted: Sun Apr 20, 2014 11:32 am
by infused
Any issues with CCR reported on 6.12?

Re: v6.12 released

Posted: Sun Apr 20, 2014 11:43 am
by rpingar
Any issues with CCR reported on 6.12?
Ticket#2014041966000282

pppoe client present into the list of eoip interface, and some new eoip interface disappear.
Seems a problem of mismatch interface id. Very weird bahavior.

regards
Ros

Re: v6.12 released

Posted: Sun Apr 20, 2014 12:36 pm
by skibi82
Super LACP has been added ond CRS and when it will be implemented protocol support xSTP [STP / RSTP / MSTP / ....]?

Of course, talking about the hardware switch

Re: v6.12 released

Posted: Sun Apr 20, 2014 3:17 pm
by omidkosari
CRS port leaking bug does not fixed :(

Re: v6.12 released

Posted: Sun Apr 20, 2014 9:32 pm
by staslabs
In 6.12 ver. is not stable work NSTREME from new wireless+capsman package.

After downgrade to 6.9 links work fine again.

Re: v6.12 released

Posted: Mon Apr 21, 2014 6:18 am
by evharten
When copy'ing an file from an NAS, the cpu peaks to 100% and stays there, why ? i do not use any firewall or other rules just basic switching.
It completely slows all traffic.

Supout.rif in Ticket#2014042166000116

EDIT: 100% usage is also present without traffic at all.

Re: v6.12 released

Posted: Mon Apr 21, 2014 10:41 am
by MadEngineer
/log print shows current time (time of log in) as 07:xx:xx

/system clock shows time of 19:xx:xx

Timezone (pacific/auckland), GMT Offset (+12), SNTP Client and dates on newly created files are all correct. Checked with another Mikrotik device on an earlier release and it shows the log times as being correct. Anyone else got this?

Re: v6.12 released

Posted: Mon Apr 21, 2014 1:50 pm
by elmer
RouterOS 6.x don`t have "/interface ethernet poe" command?
My RB from MUM Italy still looks like that ;)
Elmer, devi andate in interface / ethernet / ether10 / PoE

ros code

[admin@MATRIX] /system package> print
Flags: X - disabled 
 #   NAME                     VERSION                    SCHEDULED              
 0   routeros-mipsbe          6.12                                              
 1   system                   6.12                                              
 2 X ipv6                     6.12                                              
 3   wireless                 6.12                                              
 4   hotspot                  6.12                                              
 5   dhcp                     6.12                                              
 6 X mpls                     6.12                                              
 7 X routing                  6.12                                              
 8   ppp                      6.12                                              
 9   security                 6.12                                              
10   advanced-tools           6.12                                              
11   user-manager             6.12                                              
12   ntp                      6.12
[admin@MATRIX] /system routerboard> print
       routerboard: yes
             model: RB951Ui-2HnD
     serial-number: [...]
  current-firmware: 3.14
  upgrade-firmware: 3.14
[admin@MATRIX] /interface ethernet poe> print
            ;;; PPPoE client
          name: ether5
       poe-out: auto-on
  poe-priority: 10
How about poe firmware upgrade, still showing 0.0 version...

Re: v6.12 released

Posted: Mon Apr 21, 2014 5:36 pm
by mtmx80
RB2011UAS issues after upgrade to v6.12:

- Dynamic routing protocols registered routes wrongly after first start. A simple reboot resolves this issue.
- Ports are flapping. There is a very short outage every few minutes. SNMP monitoring agents on servers sends tons of alerts. There is no RX/TX errors, but there are packet lost even on LAN. :?
- Inconsistent / bad auto negotiation. Router side see 1Gbps or 10Mbps Half, server runs on 100Mbps FD. After disabling/enabling ports change advertised rates, then restore to default (select all) it looks normally on both side. - (1Gbps FD)

Re: v6.12 released

Posted: Mon Apr 21, 2014 6:45 pm
by rextended
How about poe firmware upgrade, still showing 0.0 version...
From 6.7 PoE firmware is bundled on RouterOS, you not need more to update PoE firmware....


BUT


PoE firmware can be upgraded only on RB750UP and on OmniTIK UPA-5HnD (both max 1A for each port, but 2A max total, all port monitorable)
RB2011 "i" variants and RB951Ui-2HnD have only simple PoE out (500mA max not monitorable).

Re: v6.12 released

Posted: Mon Apr 21, 2014 9:39 pm
by BanjoJay
I have notice some problems with PPPoE. It seems to be terminating the link alot. I just got my CCR and have only try using 6.12 so far. Is there a downgrade version that works better? Right now unless I can get the link stable I am going to have to pull it out of my network. My old netgear router works fine so it does not seem to be on my ISP side of things. Any help would be great!
I have include my config so far. I do not have any firewall rules yet since I am just now trying to bring it up.

/interface bridge
add admin-mac=D4:CA:6D:FA:72:E1 auto-mac=no l2mtu=1588 name=bridge-local

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=\
20/40mhz-ht-above disabled=no distance=indoors hide-ssid=yes l2mtu=2290 \
mode=ap-bridge ssid=**** wireless-protocol=802.11

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys wpa-pre-shared-key=****** wpa2-pre-shared-key=*****

/ip pool
add name=dhcp ranges=192.168.88.50-192.168.88.254

/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local lease-time=10m name= default

/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 \
default-route-distance=1 dial-on-demand=no disabled=no interface=\
ether1-gateway keepalive-timeout=60 max-mru=1480 max-mtu=1480 mrru=\
disabled name=pppoe-out1 password=******* profile=default service-name="" \
use-peer-dns=yes user=******

/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes

/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
ether2-master-local network=192.168.88.0

/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=192.168.88.1

/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=pppoe-out1

Re: v6.12 released

Posted: Mon Apr 21, 2014 10:01 pm
by pitr
For me the PPTP server broke in 6.12. Nothing in the logging after "TCP connection".
Downgraded to 6.10, since it's the last version where both PPTP and OpenVPN work.

Re: v6.12 released

Posted: Tue Apr 22, 2014 7:31 am
by estdata
Please, do the time, I upgrading 6.12, 6.10 in addition before was it and then forget about it, the community began believing it. so mince IPTV. thing igmp proxy. And no longer can also ssh port forwarding does not work, do the thing when the redirect to the local ip address, if you want from the outside in

Re: v6.12 released

Posted: Tue Apr 22, 2014 8:22 am
by bysard
Still using version 5.26. I think I will skip RoS 6 all together, because this is ridicilous. Normis, you need another list of bugs, should we name a few?

Re: v6.12 released

Posted: Tue Apr 22, 2014 12:20 pm
by Chupaka
Normis, you need another list of bugs, should we name a few?
sure! don't keep silence!

Re: v6.12 released

Posted: Tue Apr 22, 2014 12:22 pm
by normis
Please make sure you open a new ticket in support@mikrotik.com for each issue, this will guarantee that we check them out and fix them as well. Forum is for user discussions, and things can get lost here (no issue tracking)

Re: v6.12 released

Posted: Tue Apr 22, 2014 12:28 pm
by jarda
Why mikrotik cannot keep official buglist on their webpage with report date and expected solution version? Also the improvement list and expected delivery version would be good. It should be centalized so everyone could know what is going on so we can plan our own actions.

Re: v6.12 released

Posted: Tue Apr 22, 2014 12:31 pm
by normis
Why mikrotik cannot keep official buglist on their webpage with report date and expected solution version? Also the improvement list and expected delivery version would be good. It should be centalized so everyone could know what is going on so we can plan our own actions.
Somebody needs to verify these reports first.

Re: v6.12 released

Posted: Tue Apr 22, 2014 12:38 pm
by jarda
Of course. Therefore it should be only in your hands. But actualized for us to let us know.

Re: v6.12 released

Posted: Tue Apr 22, 2014 12:39 pm
by normis
Of course. Therefore it should be only in your hands. But actualized for us to let us know.
We are thinking of some solution for this, it has been requested before.

Re: v6.12 released

Posted: Tue Apr 22, 2014 12:57 pm
by npero
Normis what about Ticket#2014032466000827 almost one month pass no answer.

Re: v6.12 released

Posted: Tue Apr 22, 2014 1:01 pm
by Zito
RB2011UAS issues after upgrade to v6.12:
- Ports are flapping. There is a very short outage every few minutes. SNMP monitoring agents on servers sends tons of alerts. There is no RX/TX errors, but there are packet lost even on LAN.
100mbit ports flaps when CPU get 100% load, try to disable some unused features. I disable l7-filter from my firewall rules and ports are stable.

Re: v6.12 released

Posted: Tue Apr 22, 2014 1:21 pm
by wiyat
Hi
Mikrotik professional

I dont know if you have this problem or not but I post here with the objetive that you test on your network and if you have the same problem please report with Mikrotik.

Situation:
The btest to PPPoE Client Interface from some CCR with Firmware different I get less MB

Re: v6.12 released

Posted: Tue Apr 22, 2014 1:48 pm
by vihai
Ticket#2014042266000516

I've just upgraded a VPN concentrator to 6.12 and discovered that the intermediate certificate is not being sent anymore.

Previously (6.11) the root certificate was also incorrectly sent, but ignored by the clients, now neither is sent, thus breaking client connections.


Here is the s_client output for 6.11:

vihai@seviolab:~$ openssl s_client -connect vpn1dev.sevio.it:443
CONNECTED(00000003)
depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/description=O52Gm9gv4K7FoF9c/C=IT/ST=Monza Brianza/L=Seveso/O=Utility Line Italia S.R.L./CN=*.sevio.it/emailAddress=hostmaster@sevio.it
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA
 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
 2 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
---

Here is the s_client output for 6.12:
vihai@seviolab:~$ openssl s_client -connect vpn1dev.sevio.it:443
CONNECTED(00000003)
depth=0 description = O52Gm9gv4K7FoF9c, C = IT, ST = Monza Brianza, L = Seveso, O = Utility Line Italia S.R.L., CN = *.sevio.it, emailAddress = hostmaster@sevio.it
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 description = O52Gm9gv4K7FoF9c, C = IT, ST = Monza Brianza, L = Seveso, O = Utility Line Italia S.R.L., CN = *.sevio.it, emailAddress = hostmaster@sevio.it
verify error:num=27:certificate not trusted
verify return:1
depth=0 description = O52Gm9gv4K7FoF9c, C = IT, ST = Monza Brianza, L = Seveso, O = Utility Line Italia S.R.L., CN = *.sevio.it, emailAddress = hostmaster@sevio.it
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/description=O52Gm9gv4K7FoF9c/C=IT/ST=Monza Brianza/L=Seveso/O=Utility Line Italia S.R.L./CN=*.sevio.it/emailAddress=hostmaster@sevio.it
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA
---

Re: v6.12 released

Posted: Tue Apr 22, 2014 1:50 pm
by vihai
Ticket#2014042266000552

I have a very basic configuration involving VRFs:
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
    interface=ether1
/ip route
add distance=1 gateway=192.168.1.1 scope=10
/ip route vrf
add interfaces=ether2 routing-mark=VRF
The interface with DHCP client receives an address in the 192.168.1.0/24 network which is perfectly legal.

If, however, it gets such an address major issues arise:

Packets that whould be going to the default route (in the main table) are dropped as if the default is missing.

[admin@BACO] > ping 8.8.8.8
HOST                             SIZE TTL TIME  STATUS
                                                no route to host
                                                no route to host
    sent=2 received=0 packet-loss=100%

[admin@BACO] > /ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADC  192.168.1.0/24     192.168.1.1     ether2                    0
 1 ADC  192.168.1.0/24     192.168.1.143   ether1                    0
Adding an explicit /32 to 8.8.8.8 does not help.

Re: v6.12 released

Posted: Tue Apr 22, 2014 2:12 pm
by vihai
Also... minor issue not worth opening a ticket.... downgrading from 6.12 to 6.11 removes server certificate from OpenVPN server

Re: v6.12 released

Posted: Tue Apr 22, 2014 2:27 pm
by vihai
Also.... 6.12, removing an intermediate/CA certificate has no effect, it is still sent to the client until reboot.

Re: v6.12 released

Posted: Tue Apr 22, 2014 3:00 pm
by iqt
What happened to /certificate sign-ca ... in 6.12?

Re: v6.12 released

Posted: Tue Apr 22, 2014 7:22 pm
by samsung172
Ticket#2014042266000552

I have a very basic configuration involving VRFs:
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
    interface=ether1
/ip route
add distance=1 gateway=192.168.1.1 scope=10
/ip route vrf
add interfaces=ether2 routing-mark=VRF
The interface with DHCP client receives an address in the 192.168.1.0/24 network which is perfectly legal.

If, however, it gets such an address major issues arise:

Packets that whould be going to the default route (in the main table) are dropped as if the default is missing.

[admin@BACO] > ping 8.8.8.8
HOST                             SIZE TTL TIME  STATUS
                                                no route to host
                                                no route to host
    sent=2 received=0 packet-loss=100%

[admin@BACO] > /ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADC  192.168.1.0/24     192.168.1.1     ether2                    0
 1 ADC  192.168.1.0/24     192.168.1.143   ether1                    0
Adding an explicit /32 to 8.8.8.8 does not help.

add a dst=0.0.0.0/0 to Your route add? :)

You are missing default GW, and cannot Reach anyting else than Your 192 net.

Re: v6.12 released

Posted: Tue Apr 22, 2014 7:28 pm
by vihai
Ticket#2014042266000981

I setup a SSTP client connecting to a server with a properly signed wildcard certificate (CN=*.sevio.it).

The server is correctly sending the certificates chain.

The client is configured to use the server's hostname vpn1dev.sevio.it.


The client connects, the server's certificate is verified successfully, however the connection is dropped and the log reads:



18:17:37 sstp,info vpn3: initializing...
18:17:37 sstp,info vpn3: connecting...
18:17:38 sstp,info vpn3: terminating... - server's IP address does not match certificate
18:17:38 sstp,info vpn3: disconnected

Re: v6.12 released

Posted: Tue Apr 22, 2014 8:01 pm
by vihai
add a dst=0.0.0.0/0 to Your route add? :)

You are missing default GW, and cannot Reach anyting else than Your 192 net.
No, I'm not missing it, I forgot to re-enable the DHCP client default route after trying to add a static default route. The issue remains.
[admin@BACO] > /ip route print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0  DC  192.168.1.0/24     192.168.1.1     ether2                  255
 1 ADS  0.0.0.0/0                          192.168.1.1               0
 2 ADC  192.168.1.0/24     192.168.1.143   ether1                    0

[admin@BACO] > ping 8.8.8.8   
HOST                                     SIZE TTL TIME  STATUS                 
                                                        no route to host       
                                                        no route to host     

Re: v6.12 released

Posted: Tue Apr 22, 2014 10:16 pm
by samsung172
add a dst=0.0.0.0/0 to Your route add? :)

You are missing default GW, and cannot Reach anyting else than Your 192 net.
No, I'm not missing it, I forgot to re-enable the DHCP client default route after trying to add a static default route. The issue remains.
[admin@BACO] > /ip route print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0  DC  192.168.1.0/24     192.168.1.1     ether2                  255
 1 ADS  0.0.0.0/0                          192.168.1.1               0
 2 ADC  192.168.1.0/24     192.168.1.143   ether1                    0

[admin@BACO] > ping 8.8.8.8   
HOST                                     SIZE TTL TIME  STATUS                 
                                                        no route to host       
                                                        no route to host     
does yor default Routing table or Your vrf tabel have the Gateway?

Re: v6.12 released

Posted: Tue Apr 22, 2014 10:24 pm
by congo
On my home router (RB951G) v6.12 is crashing every few days, since installed.
I cannot recommend to use it in production.

Re: v6.12 released

Posted: Wed Apr 23, 2014 12:03 am
by stefan803
SSTP problems still persist:

We have SSTP server-client interconnections between 6 MT routers, all of which share *exactly* the same settings. After upgrading them to v6.12, some pairs would connect without problems, others however would disconnect after roughly one minute, mostly returning a "negotiation timeout" on the server side. [...]
Just noticed two things:
a) For me with 6.12 it started to drop sstp-connections every 2 minutes... then at some point it stopped this and worked... whyever
b) now I noticed when setting the "keepalive-timeout" on the client to same value the connection starts reconnecting every "keepalive-timeout" x 2, so setting the keepalive timeout to 10 for example it starts to reconnect every 20 seconds

Re: v6.12 released

Posted: Wed Apr 23, 2014 12:10 am
by vihai
does yor default Routing table or Your vrf tabel have the Gateway?
The defaul route is installed in the main table by the DHCP client. A static route does the same, however.

The VRF is pretty empty, just an interface with a single static IP address.


BTW, if I disable the interface in the VRF and release the DHCP acquired address it, sometimes, start working. If I boot with the interface in the VRF altready disable and enable it afterwise it works.

It's clearly a bug.

Re: v6.12 released

Posted: Wed Apr 23, 2014 12:29 am
by jondavy
I scheduled a script I /system reboot at dawn to uninstall a package that is not used "wireless" in the morning just gone all pppoe-outs, vpls and bridges and all interfaces again be named as factories ether1 ... ether13 was using version 6.12 on a RB1100AH​​, then went back to version 5.26 that this seemingly more stable...

Re: v6.12 released

Posted: Wed Apr 23, 2014 12:58 am
by tkgit
I scheduled a script I /system reboot at dawn to uninstall a package that is not used "wireless" in the morning just gone all pppoe-outs, vpls and bridges and all interfaces again be named as factories ether1 ... ether13 was using version 6.12 on a RB1100AH​​, then went back to version 5.26 that this seemingly more stable...
do you use IGMP proxy or PIM?

Re: v6.12 released

Posted: Wed Apr 23, 2014 1:07 am
by thedoc
b) now I noticed when setting the "keepalive-timeout" on the client to same value the connection starts reconnecting every "keepalive-timeout" x 2, so setting the keepalive timeout to 10 for example it starts to reconnect every 20 seconds
Same problem here with one connection. 3 x the timeout of the client side disconnect the sstp tunnel.
Strange thing is that many (40 pcs) SSTP tunnels keep on running perfect at same system
Server is 6.12
Clients are always 5.x version and never 6.x

Re: v6.12 released

Posted: Wed Apr 23, 2014 2:34 am
by jondavy
I scheduled a script I /system reboot at dawn to uninstall a package that is not used "wireless" in the morning just gone all pppoe-outs, vpls and bridges and all interfaces again be named as factories ether1 ... ether13 was using version 6.12 on a RB1100AH​​, then went back to version 5.26 that this seemingly more stable...
do you use IGMP proxy or PIM?
no, not yet used pim igmp proxy or, more future we intend to use, had a similar problem with our main router a CCR, which also disappeared all pppoe clients and vpls interfaces.

Re: v6.12 released

Posted: Wed Apr 23, 2014 10:16 am
by samsung172
does yor default Routing table or Your vrf tabel have the Gateway?
The defaul route is installed in the main table by the DHCP client. A static route does the same, however.

The VRF is pretty empty, just an interface with a single static IP address.


BTW, if I disable the interface in the VRF and release the DHCP acquired address it, sometimes, start working. If I boot with the interface in the VRF altready disable and enable it afterwise it works.

It's clearly a bug.
Well. i still cant tell the problem. unless you force the vrf to "leak" to main table- it should not work trough Your default Gateway. - It should be total separate and just Reach it own routes.

Re: v6.12 released

Posted: Wed Apr 23, 2014 11:29 am
by fievel
I can confirm that the issue with openvpn server with option "Require client certificate" not working anymore (bug found in 6.11) (http://forum.mikrotik.com/viewtopic.php?f=2&t=83203) is fixed in version 6.12 BUT you have to delete and re-import your certificates.

Re: v6.12 released

Posted: Thu Apr 24, 2014 8:47 am
by NathanA
In 6.12 ver. is not stable work NSTREME from new wireless+capsman package.

After downgrade to 6.9 links work fine again.
Why did you downgrade? In 6.12, the wireless-fp/CAPsMAN package is completely optional. In fact, it's not even the default. Even if you install it, you can always go back to the old wireless package without downgrading the whole OS.

-- Nathan

Re: v6.12 released

Posted: Thu Apr 24, 2014 10:12 am
by uldis
Any issues with CCR reported on 6.12?
Ticket#2014041966000282

pppoe client present into the list of eoip interface, and some new eoip interface disappear.
Seems a problem of mismatch interface id. Very weird bahavior.

regards
Ros
This problem should be fixed in RotuterOS v6.13. You can get links to the development version from the Mikrotik account server.

Re: v6.12 released

Posted: Thu Apr 24, 2014 10:22 am
by uldis
In 6.12 ver. is not stable work NSTREME from new wireless+capsman package.

After downgrade to 6.9 links work fine again.
This problem is fixed in the newer RouterOS test builds RouterOS v6.13rc7 - you can get it from the development section in your Mikrotik Account server.

Re: v6.12 released

Posted: Thu Apr 24, 2014 1:38 pm
by McTedson
Running some IPIP/IPSEC tunnels between some sites with RIP over them.
Routing tables show up ok on each router/site, but no traffic goes over the tunnels...
Funny thing is the routers do show up on IP/Neighbours, so MDP seems to be working between therm, but nothing else works.
Downgrading to 6.11 gets it working again.

Re: v6.12 released

Posted: Thu Apr 24, 2014 4:59 pm
by afink
OSPFv3 for IPv6 still heavily broken and totally unusable if you have two or more ethernet between two routers. [Ticket#2013121266000031]

Re: v6.12 released

Posted: Thu Apr 24, 2014 5:12 pm
by Clauu
rb2011 with latest 6.12, since yesterday i have high cpu usage, looked into tools-profile and 'dns' is eating 50% cpu.. wth is this?
From where i can restart/reset that service since i don't want to reboot the whole router just for that..?

Re: v6.12 released

Posted: Thu Apr 24, 2014 5:19 pm
by jarda
Probably publicly opened dns service under attack. Search the forum first.

Re: v6.12 released

Posted: Thu Apr 24, 2014 5:38 pm
by w0lt
On my home router (RB951G) v6.12 is crashing every few days, since installed.
I cannot recommend to use it in production.
I've found, at times, I needed to netinstall an upgrade after it appears unstable but not all devices.
Can't explain why, but it seemed to help.

With that in mind, I've been running v6.12 on a several RB2011's, RB951's, RB1100AHx2, without any major issues and no crashes.
I've also upgraded all the boot firmware to each devices current version.

Not sure if I should cross my fingers or not. 8)

-tp

Re: v6.12 released

Posted: Thu Apr 24, 2014 7:59 pm
by sash555
There is still a bug in RouterOS 6.12 that was introduced in RouterOS 6.11 regarding bridge filter rules. I've found if you create bridge filter rules specifying an interface, the interface shown will go into hidden/minimized state in Winbox. The interface is still there and bridge filter is working but there is this hidden effect that is happening.

Create the bridge filter rule with bridge/interface specified. Double click on that same rule you had just created. There is a drop down arrow (menu field collapse/expand arrow) specifying the interface it will show as minimized, vs having that drop down arrow always maximized showing you what is applied on that rule.
+1

Re: v6.12 released

Posted: Fri Apr 25, 2014 3:30 am
by visalink
There is still a bug in RouterOS 6.12 that was introduced in RouterOS 6.11 regarding bridge filter rules. I've found if you create bridge filter rules specifying an interface, the interface shown will go into hidden/minimized state in Winbox. The interface is still there and bridge filter is working but there is this hidden effect that is happening.

Create the bridge filter rule with bridge/interface specified. Double click on that same rule you had just created. There is a drop down arrow (menu field collapse/expand arrow) specifying the interface it will show as minimized, vs having that drop down arrow always maximized showing you what is applied on that rule.
+1
What Mikrotik said about it:

Hello,

thank you for writing to us. We will resolve this issue in future releases of
RouterOS. As this is only graphical bug it is of low priority.

Regards,
Janis Krumins

Ticket#2014032766000581

Re: v6.12 released

Posted: Fri Apr 25, 2014 6:46 am
by infused
RB2011UAS issues after upgrade to v6.12:

- Dynamic routing protocols registered routes wrongly after first start. A simple reboot resolves this issue.
- Ports are flapping. There is a very short outage every few minutes. SNMP monitoring agents on servers sends tons of alerts. There is no RX/TX errors, but there are packet lost even on LAN. :?
- Inconsistent / bad auto negotiation. Router side see 1Gbps or 10Mbps Half, server runs on 100Mbps FD. After disabling/enabling ports change advertised rates, then restore to default (select all) it looks normally on both side. - (1Gbps FD)
I run this router too.

I don't see port flapping.
Also, I had auto negotiation issues as well. I replaced my network cables with better ones and they seem to negotiate now at 1gbps on all links.

Re: v6.12 released

Posted: Fri Apr 25, 2014 5:42 pm
by kez
Hello guys,
can I use fast-path on VLANs on my mips based RBs with 6.12?
I guess there is no VLAN fast-path handler available(yet, I hope...).
Cheers

Re: v6.12 released

Posted: Fri Apr 25, 2014 9:04 pm
by mtandrew
we lost complete vrrp config with 6.12 upgrade, it's simply gone.
also one router didn't boot at all, investigating.

so far crapiest upgrade ever.

Re: v6.12 released

Posted: Fri Apr 25, 2014 9:43 pm
by rextended
Primary BUG: Webfig created script or schedule do not have ftp, winbox, api rights and are impossible to set that rights on Webfig

Secondary BUG: Winbox do not have the possibility to change ftp, winbox, api rights on script or schedule

VERSION AFFECTED: ALL VERSION OF ROUTEROS. Included last 6.13rc7

When one script are created on Winbox or on CLI, the default right applied are:
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api

But when the script are created by webfig, the only right can be applied are:
reboot,read,write,policy,test,password,sniff,sensitive
MISSING ftp,winbox,api

Without ftp right some command like "/export file=filename;" are not doable on script / schedule created with WebFig.

Walkthrought: obviously using the CLI you can set the missing rights.

When I have time I open a Ticket for this.
But is clear what is the problem, without any other investigation.

Issue Updating My GROOVE

Posted: Sat Apr 26, 2014 6:49 am
by thanga005
Hi Guys,
I have been using mikrotik products for the last 6 months, since the day i started working in ISP.
It was really great to work with mikrotik RouterOS, From the first day i learned to update the version and firmware and so,
But just yesterday i bought 2 Groove 52HPn for a PtP Link, i made the connection between them as usually and they were working fine, the problem is it has license level 3 and shows upgradable to V7.x, it came with the version 5.25ROS and in download page it shows only 5.26version and it gut upgraded to 5.26, but i cannot upgrade to 6.x, i tried dragging the lastest packages and also netinstall too but no use,

any idea why it shows only 5.26 as latest version?

and any solution to update to ver 6x?

Thank you,

Re: v6.12 released

Posted: Sat Apr 26, 2014 7:13 am
by acung
BUG: Enable ipv6 on rb751u-2hnd, reboot, then suddenly wlan interface disabled and all wireless configuration reset to default itself.

Re: v6.12 released

Posted: Sat Apr 26, 2014 12:39 pm
by rextended
BUG: Enable ipv6 on rb751u-2hnd, reboot, then suddenly wlan interface disabled and all wireless configuration reset to default itself.
You must be more specific.
RouterOS version? BIOS? How to replicate?

You reach to replicate the problem?

If you can not replicate problem, do not expect any fix.

Re: v6.12 released

Posted: Sun Apr 27, 2014 3:21 am
by tkgit
BUG: Enable ipv6 on rb751u-2hnd, reboot, then suddenly wlan interface disabled and all wireless configuration reset to default itself.
do you use tunnel broker?
same case with me, process suddenly rise to 100%, then some interface (usually bridge,mesh,vlan) missing, disable IPv6 package solve this problem

Re: v6.12 released

Posted: Mon Apr 28, 2014 6:36 am
by acung
BUG: Enable ipv6 on rb751u-2hnd, reboot, then suddenly wlan interface disabled and all wireless configuration reset to default itself.
do you use tunnel broker?
same case with me, process suddenly rise to 100%, then some interface (usually bridge,mesh,vlan) missing, disable IPv6 package solve this problem
Not doing anything yet, just enable ipv6 package then reboot, then wlan interface disable by itself and the config reset to default.
Solve it by enable the wlan interface and reconfigure it.

Re: v6.12 released

Posted: Mon Apr 28, 2014 10:18 am
by normis
Primary BUG: Webfig created script or schedule do not have ftp, winbox, api rights and are impossible to set that rights on Webfig.
Thanks, missing checkboxes noted.

Re: v6.12 released

Posted: Mon Apr 28, 2014 6:13 pm
by MarcusW
When using the binary backup format; why is the MAC-addresses of the interfaces saved and used when restoring?!? (They are not changed from the default ones in the MT were the backup was taken.)

This was not the case with 5.x versions... which I think was the right behavior.

Re: v6.12 released

Posted: Mon Apr 28, 2014 6:16 pm
by mrz
Mac addresses were always saved in backups, with v5.x, too.

Re: v6.12 released

Posted: Mon Apr 28, 2014 6:27 pm
by MarcusW
Mac addresses were always saved in backups, with v5.x, too.
Well, yes they are saved but they where NOT restored in 5.x. Why has this changed?

Re: v6.12 released

Posted: Mon Apr 28, 2014 6:30 pm
by mrz
Were saved and restored always.

Re: Issue Updating My GROOVE

Posted: Mon Apr 28, 2014 7:18 pm
by Chupaka
i cannot upgrade to 6.x, i tried dragging the lastest packages and also netinstall too but no use,

any idea why it shows only 5.26 as latest version?

and any solution to update to ver 6x?
the reason is in Log after reboot

5.26 is the latest in version checking because you have to upgrade to v6 manually

Re: v6.12 released

Posted: Tue Apr 29, 2014 2:34 am
by lunchboxrts
CRS125-24G-1S

Massive port flapping on CRS125 on latest 6.12 and 6.13rc7. Email sent with supout to support.
jan/02/1970 00:00:15 interface,info ether2 link up (speed 100M, full duplex)
jan/02/1970 00:00:16 interface,info ether1 link up (speed 10M, half duplex)
jan/02/1970 00:00:19 interface,info ether2 link down
jan/02/1970 00:00:20 interface,info ether1 link down
jan/02/1970 00:00:24 interface,info ether2 link up (speed 100M, full duplex)
jan/02/1970 00:00:25 interface,info ether1 link up (speed 10M, half duplex)
jan/02/1970 00:00:29 interface,info ether4 link up (speed 1G, full duplex)
jan/02/1970 00:00:33 interface,info ether8 link up (speed 100M, full duplex)
jan/02/1970 00:00:34 interface,info ether4 link down
jan/02/1970 00:00:37 interface,info ether4 link up (speed 1G, full duplex)
jan/02/1970 00:00:38 interface,info ether4 link down
jan/02/1970 00:00:41 interface,info ether4 link up (speed 1G, full duplex)
jan/02/1970 00:00:44 interface,info ether4 link down
jan/02/1970 00:00:45 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:00:45 interface,info ether8 link down
jan/02/1970 00:00:46 interface,info ether8 link up (speed 100M, full duplex)
jan/02/1970 00:00:47 interface,info ether4 link up (speed 1G, full duplex)
jan/02/1970 00:00:47 interface,info ether8 link down
jan/02/1970 00:00:49 interface,info ether8 link up (speed 100M, full duplex)
jan/02/1970 00:00:52 interface,info ether10 link up (speed 1G, full duplex)
jan/02/1970 00:00:53 interface,info ether10 link down
jan/02/1970 00:00:56 interface,info ether10 link up (speed 1G, full duplex)
jan/02/1970 00:00:57 interface,info ether10 link down
jan/02/1970 00:00:57 interface,info ether12 link up (speed 100M, full duplex)
jan/02/1970 00:00:59 interface,info ether4 link down
jan/02/1970 00:00:59 interface,info ether5 link down
jan/02/1970 00:01:00 interface,info ether10 link up (speed 1G, full duplex)
jan/02/1970 00:01:01 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:01:01 interface,info ether10 link down
jan/02/1970 00:01:02 interface,info ether4 link up (speed 1G, full duplex)
jan/02/1970 00:01:03 interface,info ether5 link down
jan/02/1970 00:01:04 interface,info ether10 link up (speed 1G, full duplex)
jan/02/1970 00:01:07 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:01:10 interface,info ether5 link down
jan/02/1970 00:01:13 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:01:46 interface,info ether5 link down
jan/02/1970 00:01:49 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:01:59 interface,info ether5 link down
jan/02/1970 00:02:02 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:02:03 interface,info ether5 link down
jan/02/1970 00:02:06 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:02:26 interface,info ether5 link down
jan/02/1970 00:02:28 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:02:34 interface,info ether5 link down
jan/02/1970 00:02:39 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:02:40 interface,info ether5 link down
jan/02/1970 00:02:43 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:02:44 interface,info ether5 link down
jan/02/1970 00:02:50 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:06:05 interface,info ether5 link down
jan/02/1970 00:06:08 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:10:45 interface,info ether5 link down
jan/02/1970 00:10:48 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:17:34 interface,info ether5 link down
jan/02/1970 00:17:37 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:19:35 interface,info ether10 link down
jan/02/1970 00:19:37 interface,info ether10 link up (speed 1G, full duplex)
jan/02/1970 00:19:45 interface,info ether10 link down
jan/02/1970 00:19:47 interface,info ether10 link up (speed 1G, full duplex)

Re: v6.12 released

Posted: Tue Apr 29, 2014 10:16 am
by MarcusW
Were saved and restored always.
Listen to me! They where NOT saved and restored always.

I have now taken a backup on an empty router with default MAC. Restoring this backup on a router with version 5.21 does nothing with the MAC-addresses in that router. Restoring this backup on a router with version 6.12 does change the MAC-addresses to the ones in the backup.

My question now is, once again; Why has this changed? Shouldn't the MAC:s be transfered ONLY when they where changed in the router were the backup was created?

Re: v6.12 released

Posted: Tue Apr 29, 2014 10:48 am
by normis
Sorry marcus, apparently those routers are different in some way, because I also can verify that they are saved and restored in v5 also.

This is one of the reasons to use "export" file instead of backup

Re: v6.12 released

Posted: Tue Apr 29, 2014 11:05 am
by MarcusW
Sorry marcus, apparently those routers are different in some way, because I also can verify that they are saved and restored in v5 also.

This is one of the reasons to use "export" file instead of backup

Okay, but the tests I have done is on the same router, going back and forth with the versions and restore configuration from the same backup and for me I always get the MAC:s when using 6.12 and never with 5.21. We have also produced a lot of routers with 5.21 this way...

We don't use export because we haven't, amoung other things, found a way to also include users in the export file.. (In production it's also better it they don't need to go into the console...) We will try the export function again and then add users and so on to that file.

Re: v6.12 released

Posted: Tue Apr 29, 2014 3:57 pm
by chrone
BUG: Tx and Rx Flow Control settings always get reset on reboot on RB450 ROS v6.12 with firmware v3.10.

I tested on 2 RB450s to enable the Tx and Rx Flow Control in Interface > Ethernet with no luck sticking the setting on reboot. :)

Re: v6.12 released

Posted: Tue Apr 29, 2014 4:30 pm
by acung
CRS125-24G-1S

Massive port flapping on CRS125 on latest 6.12 and 6.13rc7. Email sent with supout to support.
jan/02/1970 00:00:15 interface,info ether2 link up (speed 100M, full duplex)
jan/02/1970 00:00:16 interface,info ether1 link up (speed 10M, half duplex)
jan/02/1970 00:00:19 interface,info ether2 link down
jan/02/1970 00:00:20 interface,info ether1 link down
jan/02/1970 00:00:24 interface,info ether2 link up (speed 100M, full duplex)
jan/02/1970 00:00:25 interface,info ether1 link up (speed 10M, half duplex)
jan/02/1970 00:00:29 interface,info ether4 link up (speed 1G, full duplex)
jan/02/1970 00:00:33 interface,info ether8 link up (speed 100M, full duplex)
jan/02/1970 00:00:34 interface,info ether4 link down
jan/02/1970 00:00:37 interface,info ether4 link up (speed 1G, full duplex)
jan/02/1970 00:00:38 interface,info ether4 link down
jan/02/1970 00:00:41 interface,info ether4 link up (speed 1G, full duplex)
jan/02/1970 00:00:44 interface,info ether4 link down
jan/02/1970 00:00:45 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:00:45 interface,info ether8 link down
jan/02/1970 00:00:46 interface,info ether8 link up (speed 100M, full duplex)
jan/02/1970 00:00:47 interface,info ether4 link up (speed 1G, full duplex)
jan/02/1970 00:00:47 interface,info ether8 link down
jan/02/1970 00:00:49 interface,info ether8 link up (speed 100M, full duplex)
jan/02/1970 00:00:52 interface,info ether10 link up (speed 1G, full duplex)
jan/02/1970 00:00:53 interface,info ether10 link down
jan/02/1970 00:00:56 interface,info ether10 link up (speed 1G, full duplex)
jan/02/1970 00:00:57 interface,info ether10 link down
jan/02/1970 00:00:57 interface,info ether12 link up (speed 100M, full duplex)
jan/02/1970 00:00:59 interface,info ether4 link down
jan/02/1970 00:00:59 interface,info ether5 link down
jan/02/1970 00:01:00 interface,info ether10 link up (speed 1G, full duplex)
jan/02/1970 00:01:01 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:01:01 interface,info ether10 link down
jan/02/1970 00:01:02 interface,info ether4 link up (speed 1G, full duplex)
jan/02/1970 00:01:03 interface,info ether5 link down
jan/02/1970 00:01:04 interface,info ether10 link up (speed 1G, full duplex)
jan/02/1970 00:01:07 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:01:10 interface,info ether5 link down
jan/02/1970 00:01:13 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:01:46 interface,info ether5 link down
jan/02/1970 00:01:49 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:01:59 interface,info ether5 link down
jan/02/1970 00:02:02 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:02:03 interface,info ether5 link down
jan/02/1970 00:02:06 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:02:26 interface,info ether5 link down
jan/02/1970 00:02:28 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:02:34 interface,info ether5 link down
jan/02/1970 00:02:39 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:02:40 interface,info ether5 link down
jan/02/1970 00:02:43 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:02:44 interface,info ether5 link down
jan/02/1970 00:02:50 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:06:05 interface,info ether5 link down
jan/02/1970 00:06:08 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:10:45 interface,info ether5 link down
jan/02/1970 00:10:48 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:17:34 interface,info ether5 link down
jan/02/1970 00:17:37 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:19:35 interface,info ether10 link down
jan/02/1970 00:19:37 interface,info ether10 link up (speed 1G, full duplex)
jan/02/1970 00:19:45 interface,info ether10 link down
jan/02/1970 00:19:47 interface,info ether10 link up (speed 1G, full duplex)
Just checked our two CRS125-24G-1S, with ros 6.12, have the same issue

Re: v6.12 released

Posted: Tue Apr 29, 2014 8:58 pm
by xrayd
Hello,
this VLAN Bug known?

Re: v6.12 released

Posted: Wed Apr 30, 2014 6:36 am
by domainlider
I'm not found in 6.12 /certificate sign-ca . How do I get sign-ca ?

Re: v6.12 released

Posted: Wed Apr 30, 2014 6:40 am
by domainlider
Im not found /certificate sign-ca . How do I get sign-ca ?

Re: v6.12 released

Posted: Wed Apr 30, 2014 8:33 am
by armandfumal
PROBLEM REPORT

Hi all,

we are facing to CPU usage problem, all core are used to 50% at the same time every 10 sec.

We found that is DUDE using snmp query that causing that. stopping DUDE to use SNMP resolve the problem but I can't monitor cpu (graphing in dude) without SNMP.
And in profiling the cpu usage is under unclassified.
RouterOS 6.12
CCR1036

On 1100Ahx2 with same config and 6.12, no cpu issue. this behavior is on CCR plateform.

Thanks

Armand

Re: v6.12 released

Posted: Wed Apr 30, 2014 10:47 am
by domainlider
Hello,
this VLAN Bug known?
I encountered a similar problem. I'm helped :
1. Backup configuration
2. Reset to defaults
3. Restore configuration

Re: v6.12 released

Posted: Wed Apr 30, 2014 11:52 am
by xrayd
Hello,
this VLAN Bug known?
I encountered a similar problem. I'm helped :
1. Backup configuration
2. Reset to defaults
3. Restore configuration

You use mikrotik x86?

Re: v6.12 released

Posted: Wed Apr 30, 2014 12:24 pm
by domainlider
Hello,
this VLAN Bug known?
I encountered a similar problem. I'm helped :
1. Backup configuration
2. Reset to defaults
3. Restore configuration

You use mikrotik x86?
I'm use 1100AHx2 . After upgrade (fw 2.6 => 3.10, os 6.10 => 6.12) i'm detect several problems
1. Several ip adress link <unknown> interface
2. One ipip tunnel down after connect pptp client to router
3. /int ipip shows one pptp client - Bug?

After full reset configuration and restore - router worked!

Re: v6.12 released

Posted: Wed Apr 30, 2014 7:17 pm
by estdata
I recently went to 6.12 apart and I started to mess with the router, and the lag, both in the internet and iptv. I went back to 6.10, and say that I am happy with that. No longer going anywhere no loudspeaker upgrade

Re: v6.12 released

Posted: Wed Apr 30, 2014 9:01 pm
by OrCAD
I've bug with eoip interface disappear with some pppoe registrations. Is impossible to add new eoip tunnel with pppoe server on it.

When release 6.13 ?
or where I can download RC?

thans in advance.
IM

Re: v6.12 released

Posted: Thu May 01, 2014 12:14 am
by rpingar
I've bug with eoip interface disappear with some pppoe registrations. Is impossible to add new eoip tunnel with pppoe server on it.

When release 6.13 ?
or where I can download RC?

thans in advance.
IM

I reported the exact same bug on ticket: #2014041966000282
Seems it is related to some internal interfaces index bug.

They told me to be fixed in v6.13

regards
Ros

Re: v6.12 released

Posted: Thu May 01, 2014 1:21 am
by xrayd
Hello,
this VLAN Bug known?
I encountered a similar problem. I'm helped :
1. Backup configuration
2. Reset to defaults
3. Restore configuration


You use mikrotik x86?

I'm use 1100AHx2 . After upgrade (fw 2.6 => 3.10, os 6.10 => 6.12) i'm detect several problems
1. Several ip adress link <unknown> interface
2. One ipip tunnel down after connect pptp client to router
3. /int ipip shows one pptp client - Bug?

After full reset configuration and restore - router worked!
can someone confirm this bug on x86 ??

Re: CCR1016-12G vlan issue.

Posted: Thu May 01, 2014 12:14 pm
by robertik
Hi,

I have the same issue - I have created vlan on 6.12 and after some time it was missing.
Reported to support ticket number: 2014050166000161
CCR1016-12G
Strange vlan issue.
Added vlan 1286 on ether12 via winbox.
Close winbox, reopen, vlan now missing.
Under vlans tab in interfaces setup, there is a ppp-XXXX dynamic user listed??
Seems like the vlan interface name / index however mikrotik does it gets corrupted.

Resetted board to defaults, restored config from rsc export. Same result.
Downgraded to 6.7 and all seems well again.

Could not create supout.rif, as this unit was in production at the time and clients was going crazy.
Will try and recreate again and log ticket.

Re: v6.12 released

Posted: Fri May 02, 2014 5:05 am
by tkgit
can mikrotik engineer change linux kernel in ROS v6 to other longterm version or stable version?

Re: v6.12 released

Posted: Fri May 02, 2014 8:13 am
by TechKiwi
As a reference I have had issues with 6.12 and using the SSTP VPN.

After upgrading clients can connect but it will not pass VPN traffic (No changes to the configuration at all).

I have since rolled back to 6.10 and it is working again perfectly.

If anyone wants me to send logs feel free to send a message.

Re: v6.12 released

Posted: Fri May 02, 2014 8:51 am
by DjM
As a reference I have had issues with 6.12 and using the SSTP VPN.

After upgrading clients can connect but it will not pass VPN traffic (No changes to the configuration at all).

I have since rolled back to 6.10 and it is working again perfectly.

If anyone wants me to send logs feel free to send a message.
Make support file from VPN server and 2 clients and send it to support@mikrotik.com . I had similar issues with SSTP VPN so I also have to rollback to older version.

Re: v6.12 released

Posted: Fri May 02, 2014 3:01 pm
by kellogs
do you guys have packet loss issues on 6.12?

Re: v6.12 released

Posted: Fri May 02, 2014 3:10 pm
by iqt
I'm not found in 6.12 /certificate sign-ca . How do I get sign-ca ?
I had the same question and got no answer. http://forum.mikrotik.com/viewtopic.php ... 00#p422356

I guess you have to open a ticket.

Meanwhile use openssh to generate a self-signed CA or go back to ROS 6.11

Re: v6.12 released

Posted: Fri May 02, 2014 3:20 pm
by mrz
Please read description of "sign" command
http://wiki.mikrotik.com/wiki/Manual:Sy ... neral_Menu

Re: v6.12 released

Posted: Fri May 02, 2014 4:12 pm
by iqt
Please read description of "sign" command
http://wiki.mikrotik.com/wiki/Manual:Sy ... neral_Menu
Thank you for updating the documentation.
CA certificates are created if key-usage=key-cert-sign set in the template.
If this is the new procedure, may I ask to adapt Winbox for new certificates please:
a) "Sign CA": Button is no longer needed
b) "Sign": CA-field should be optional (to create self-signed CA)

Re: v6.12 released

Posted: Sat May 03, 2014 6:10 pm
by theprism
It looks like wireless "tx-power-mode=card-rates" is not supported anymore... however, the command still exists.
Does anyone know why?

P.S. Not sure if it's from v6.12 or before, since I upgraded from v6.0...

Re: v6.12 released

Posted: Sun May 04, 2014 11:41 am
by skibi82
Question I need to put on windows 8.1 ROS.
Unfortunately can not see network interfaces with Hyper-V.
Is ROS in general 6.x adapters work with Hyper-V?

Re: v6.12 released

Posted: Sun May 04, 2014 9:40 pm
by marizo
Yesterday I upgraded my home AP RB411AH to ROS 6.12 (from 5.26) and now script is broken.
I'm new in MT so I don't know - it's 6.12 or script fault. It sends me IP adress of Ethernet interface.
global ipadd;
:global ipaddext;
:local thisip [/ip address get [find interface=ether1] address];
/tool fetch url="http://myip.dnsomatic.com/" mode=http dst-path=mypublicip.txt
:local ipext [file get mypublicip.txt contents ]
put $ipaddext
:if ($ipadd != $thisip || $ipaddext != $ipext) do={
/tool e-mail send to=xxx@yyy.lv subject="$[/system identity get name] $[/system clock get time] $[/system clock get date] IP change"  body="New local IP $thisip New public IP $ipext" tls=yes;
   set ipadd $thisip;
   set ipaddext $ipext;
}
So far i understand - script can't fetch url or make mypublicip.txt.

Update:
Made some search in Google and repaired script:
:global oldlocalIP;
:global oldglobalIP;

:local localIP  [/ip address get [find interface="ether1"] address];
:local strDate [/system clock get date]
:local strTime [/system clock get time]
:local strSystemName [/system identity get name]

/tool fetch url="http://myip.dnsomatic.com/" mode=http dst-path=mypublicip.txt
:local globalIP [file get mypublicip.txt contents ]


:if ($localIP != $oldlocalIP || $globalIP != $oldglobalIP) do={
   /tool e-mail send to=xxx@yyy.lv subject="$strSystemName IP adreses maina $strDate $strTime" body="New ext IP: $globalIP New local IP: $localIP"
   set oldlocalIP $localIP;
   set oldglobalIP $globalIP;
}

Re: v6.12 released

Posted: Mon May 05, 2014 1:25 pm
by saaremaa
can someone confirm this bug on x86 ??
this error we see on the bridge and vlan interfaces authorization PPPoE. RB 1000Ah2 6.13rc9 Apr/29/2014 08:02:26
and when SXT (sextant) is connected via a base station wds RB433L 6.12 Apr/14/2014 09:27:45 wds breaks vlan interface.

Re: v6.12 released

Posted: Mon May 05, 2014 10:09 pm
by odge
Hi,

I can see the same here for 3 sstp links, always a reconnect after 2 minutes saying "terminating... - conn timeout" in the logs of the client.

A link from Windows to the router using sstp seems not to be reset after 2 minutes.

SSTP driving me crazy... why is it so unreliable. We have have x86 concentrator sitting in a datacenter, and about 50 sites connecting back to it, for sending netflow data, and for weeks some sstp clients work, then one day when they reconnect, they timeout after 2 minutes over and over again... and some other site starts working again normally.

Re: v6.12 released

Posted: Tue May 06, 2014 10:01 am
by leonset
Question I need to put on windows 8.1 ROS.
Unfortunately can not see network interfaces with Hyper-V.
Is ROS in general 6.x adapters work with Hyper-V?
AFAIK, ROS is not and will not be supported under Hyper-V. You may have better luck with Virtualbox or VMWare, but I have no personal experience with any of them wiht ROS.

Re: v6.12 released

Posted: Tue May 06, 2014 10:03 am
by bysard
Hi,

PPTP also seems somehow bugged. I have upgraded 3x RB751U-2hnd from 5.26 to 6.12 in a lab enviroment. All three routers connect to the main x86 VMware virtualized RoS 5.26 router via PPTP VPN. I can also ping the routers from VPN endpoint without any lost packets. The connection seems up, but RIP doesn't exchange routes. If I try to connect via winbox to a VPN IP of the affected routers, I get DC in 5 seconds and nothing but router name loads. I have no problem accessing routers via LAN, but ove PPTP VPN I cannot. Everything was working without a problem with 5.26. Before I had winbox for 6.12 on RB751 DLL's loaded into memory I couldn't even get connected as the connection always hung at 189,2 KB received. When I connected through LAN I got the DLL, can manage router but as soon as I try to connect via VPN IP I get DC.

Re: v6.12 released

Posted: Tue May 06, 2014 11:45 am
by wolfeyes
CRS125-24G-1S

Massive port flapping on CRS125 on latest 6.12 and 6.13rc7. Email sent with supout to support.
jan/02/1970 00:00:15 interface,info ether2 link up (speed 100M, full duplex)
jan/02/1970 00:00:16 interface,info ether1 link up (speed 10M, half duplex)
jan/02/1970 00:00:19 interface,info ether2 link down
jan/02/1970 00:00:20 interface,info ether1 link down
jan/02/1970 00:00:24 interface,info ether2 link up (speed 100M, full duplex)
jan/02/1970 00:00:25 interface,info ether1 link up (speed 10M, half duplex)
jan/02/1970 00:00:29 interface,info ether4 link up (speed 1G, full duplex)
jan/02/1970 00:00:33 interface,info ether8 link up (speed 100M, full duplex)
jan/02/1970 00:00:34 interface,info ether4 link down
jan/02/1970 00:00:37 interface,info ether4 link up (speed 1G, full duplex)
jan/02/1970 00:00:38 interface,info ether4 link down
jan/02/1970 00:00:41 interface,info ether4 link up (speed 1G, full duplex)
jan/02/1970 00:00:44 interface,info ether4 link down
jan/02/1970 00:00:45 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:00:45 interface,info ether8 link down
jan/02/1970 00:00:46 interface,info ether8 link up (speed 100M, full duplex)
jan/02/1970 00:00:47 interface,info ether4 link up (speed 1G, full duplex)
jan/02/1970 00:00:47 interface,info ether8 link down
jan/02/1970 00:00:49 interface,info ether8 link up (speed 100M, full duplex)
jan/02/1970 00:00:52 interface,info ether10 link up (speed 1G, full duplex)
jan/02/1970 00:00:53 interface,info ether10 link down
jan/02/1970 00:00:56 interface,info ether10 link up (speed 1G, full duplex)
jan/02/1970 00:00:57 interface,info ether10 link down
jan/02/1970 00:00:57 interface,info ether12 link up (speed 100M, full duplex)
jan/02/1970 00:00:59 interface,info ether4 link down
jan/02/1970 00:00:59 interface,info ether5 link down
jan/02/1970 00:01:00 interface,info ether10 link up (speed 1G, full duplex)
jan/02/1970 00:01:01 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:01:01 interface,info ether10 link down
jan/02/1970 00:01:02 interface,info ether4 link up (speed 1G, full duplex)
jan/02/1970 00:01:03 interface,info ether5 link down
jan/02/1970 00:01:04 interface,info ether10 link up (speed 1G, full duplex)
jan/02/1970 00:01:07 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:01:10 interface,info ether5 link down
jan/02/1970 00:01:13 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:01:46 interface,info ether5 link down
jan/02/1970 00:01:49 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:01:59 interface,info ether5 link down
jan/02/1970 00:02:02 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:02:03 interface,info ether5 link down
jan/02/1970 00:02:06 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:02:26 interface,info ether5 link down
jan/02/1970 00:02:28 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:02:34 interface,info ether5 link down
jan/02/1970 00:02:39 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:02:40 interface,info ether5 link down
jan/02/1970 00:02:43 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:02:44 interface,info ether5 link down
jan/02/1970 00:02:50 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:06:05 interface,info ether5 link down
jan/02/1970 00:06:08 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:10:45 interface,info ether5 link down
jan/02/1970 00:10:48 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:17:34 interface,info ether5 link down
jan/02/1970 00:17:37 interface,info ether5 link up (speed 1G, full duplex)
jan/02/1970 00:19:35 interface,info ether10 link down
jan/02/1970 00:19:37 interface,info ether10 link up (speed 1G, full duplex)
jan/02/1970 00:19:45 interface,info ether10 link down
jan/02/1970 00:19:47 interface,info ether10 link up (speed 1G, full duplex)
Just checked our two CRS125-24G-1S, with ros 6.12, have the same issue

Same problem stands also for me and for the very same device.

Re: v6.12 released

Posted: Wed May 07, 2014 2:27 am
by AlexS
Did an upgrade of 2 ccr1036 to 6.12 from 6.10

went well, i had held of because of other reports.

All seems well.

I have lost my netflow info... strange still works on my x86 VM's not on my on ccr....

Re: v6.12 released

Posted: Wed May 07, 2014 12:28 pm
by acung
CRS125-24G-1S




Same problem stands also for me and for the very same device.
Mikrotik support told me to ground the switch, did that and the port still flapping.

Re: v6.12 released

Posted: Wed May 07, 2014 12:44 pm
by Neilson
Did an upgrade of 2 ccr1036 to 6.12 from 6.10

went well, i had held of because of other reports.

All seems well.

I have lost my netflow info... strange still works on my x86 VM's not on my on ccr....
Have you tried going into netflow and disabling the netflow then click ok.

Then go back in and turn it back on and see if you get your netflow data back.

I found my Netflow data playing up but it has seemed to come back after I tried this.

Regards
Alexander

Re: v6.12 released

Posted: Wed May 07, 2014 5:19 pm
by Muqatil
It looks like wireless "tx-power-mode=card-rates" is not supported anymore... however, the command still exists.
Does anyone know why?

P.S. Not sure if it's from v6.12 or before, since I upgraded from v6.0...
Same here.. isn't Card Rates better than All rates Fixed mode? i don't think it was intended to be disabled..

Re: v6.12 released

Posted: Wed May 07, 2014 6:39 pm
by poli5681
It looks like wireless "tx-power-mode=card-rates" is not supported anymore... however, the command still exists.
Does anyone know why?

P.S. Not sure if it's from v6.12 or before, since I upgraded from v6.0...
Same here.. isn't Card Rates better than All rates Fixed mode? i don't think it was intended to be disabled..
As far as i know card-rates does not work with some newer models. I guess it´s a hardware limitation.
I remember it was mentioned to use "antenna gain" setting or "all rates fixed" (which is of course dangerous) instead.

Re: v6.12 released

Posted: Wed May 07, 2014 6:55 pm
by telepro
Hi,

I can see the same here for 3 sstp links, always a reconnect after 2 minutes saying "terminating... - conn timeout" in the logs of the client.

A link from Windows to the router using sstp seems not to be reset after 2 minutes.



SSTP driving me crazy... why is it so unreliable. We have have x86 concentrator sitting in a datacenter, and about 50 sites connecting back to it, for sending netflow data, and for weeks some sstp clients work, then one day when they reconnect, they timeout after 2 minutes over and over again... and some other site starts working again normally.

We are experiencing same problem with Mikrotik routers at both Client (951G) and Server (1100AHx2) ends. Same scenario: working for period of time, starts dropping connection every two minutes for random time (8 minutes to several days), then recovers and stays connected. Have submitted support request Ticket#2014031866000446 to support@mikrotik.com with documentation. Feel free to add your documentation to this ticket - perhaps it will provide the necessary information to help solve the problem (or at a minimum, generate a response)

Re: v6.12 released

Posted: Thu May 08, 2014 12:05 am
by AlexS
Did an upgrade of 2 ccr1036 to 6.12 from 6.10

went well, i had held of because of other reports.

All seems well.

I have lost my netflow info... strange still works on my x86 VM's not on my on ccr....
Have you tried going into netflow and disabling the netflow then click ok.

Then go back in and turn it back on and see if you get your netflow data back.

I found my Netflow data playing up but it has seemed to come back after I tried this.

Regards
Alexander
Im a cli guy but yes

turned off
remove target
added target
turned on.

strangely I get some netflow, but only when I pushing 200Mbps + and it doesn't corrospond to the traffic :(



EDIT

/ip traffic-flow> monitor
finished-flows: 11005366
active-flows: 2979
unmanaged-packets: 0
unmanaged-bytes: 0

yet on nfsen I see no flow for the last 6 hours and I see no packets leaving the ccr for this ...

Re: v6.12 released

Posted: Thu May 08, 2014 8:58 am
by Antares
Strange bug on CCR1036-12G-4S with ROS 6.12:
After 8 new vlan added, some vlan disappeared after a short time. IPv4 addresses and other features on these vlan show as "unknown" interface.
I try to add them again but getting error "this interface already exist".

Anyone else got similar problems?

Re: v6.12 released

Posted: Thu May 08, 2014 1:52 pm
by angine
ROS 6.12 RB2011. no buffer space available... Network doesn't work. After reboot everything ok. I tried to update the firmware but does not help.

Re: v6.12 released

Posted: Thu May 08, 2014 2:00 pm
by AlexS
Strange bug on CCR1036-12G-4S with ROS 6.12:
After 8 new vlan added, some vlan disappeared after a short time. IPv4 addresses and other features on these vlan show as "unknown" interface.
I try to add them again but getting error "this interface already exist".

Anyone else got similar problems?
that happened on my upgrade but to my vlans' but when i re entered and I got the error, they magically re appeared and all has been fine since.

Re: v6.12 released

Posted: Sat May 10, 2014 11:19 pm
by Kindis
Question I need to put on windows 8.1 ROS.
Unfortunately can not see network interfaces with Hyper-V.
Is ROS in general 6.x adapters work with Hyper-V?

Use emulated network cards. That should work. Synthetic devices needs support from kernel which is not part of ROS kernel.





Sent from my RM-937_eu_euro1_935 using Tapatalk

Re: v6.12 released

Posted: Sun May 11, 2014 7:47 pm
by steen
Hello Folks!

I have severe problems with CRS and v6.12.
Configuration is "Port Based VLAN" per the examples from here: http://wiki.mikrotik.com/wiki/Manual:CRS_examples

The router was configured with one difference, master port is ether1 (recommendation from my distributor).

When the router is restarted, all ethernet switchports is "lost", the do not come on-line again.
If you try to do interface ethernet print, the device is stuck direktly and has to be unplugged and plugged in again.

We have another CRS not used for vlan, it is a pure switch, that one has no problems at all what we can see.

So it must be related to some bug or error in examples causing the.

Anybody out there who ever got CRS switch chip and vlans working ?

Re: v6.12 released

Posted: Sun May 11, 2014 11:07 pm
by QCTIK
MEGA BUG with crs-125

i've tried the vlan example (dated 17 april 2014)with port vlan using a group of switched port. Everything is fine until you put a tag on a port that desn't belong to the initial selected port in the group


the switch doesnt' boot it get stuck to starting services......

i replicated with two units.....

very urgent and pissing bug.....

Re: v6.12 released

Posted: Sun May 11, 2014 11:53 pm
by janel
same problem here, steen. Downgrade to the previous version worked for me.

Re: v6.12 released

Posted: Mon May 12, 2014 8:38 am
by becs
Hello,
You can get an access to new RouterOS version which contains fixes for CRS VLAN tagging problem (v6.12) by writing to MikroTik support.

Re: v6.12 released

Posted: Mon May 12, 2014 11:09 am
by Antares
Hi all!
I can`t configure vlans on CRS with ROS 6.12.
I try to use ROS 6.13rc14, tagged vlans routed by switch correct, tag/untag not correct. I configure tag/untag by CPU (like on RB2011 or other routers), it works for me.

Tagged vlans routing:
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1,ether4 vlan-id=21
add tagged-ports=ether1,ether5 vlan-id=22
Tag/untag vlan by create bridge from vlan and ethernet port:
/interface bridge
add l2mtu=1584 name=bridge1
/interface bridge port
add bridge=bridge1 interface=vlan23
add bridge=bridge1 interface=ether9

Re: v6.12 released

Posted: Mon May 12, 2014 11:24 am
by wolfeyes

Mikrotik support told me to ground the switch, did that and the port still flapping.

After rolling back to v6.11 port flapping has been completely disappeared. Device in my case was grounded by the beginning of the installation. After all these days since last downgrade switch works smoothly and it is quite quite obvious that incident is clearly related to sw release.

@Mikrotik staff. We all saw how quick you responded for the vlan tagging issue. Why don't you also focus on the port flapping issue given the feedback you received on the reported incident? :?:

Re: v6.12 released

Posted: Tue May 13, 2014 8:40 am
by bysard
Very stable, production ready release.... again.

Re: v6.12 released

Posted: Tue May 13, 2014 9:19 am
by TrollMan
I too have the portflapp on my ccr1036 after 6.12. I only use 4 ports where two are connected with spf and two wiith copper. The flapping is on all ports, more or less the same second they all flapp, about once every hour or two.

I had to disable one of the copper ports (connected to a Netgear 105e) and the LCD. Since then I have had no flapping.

Re: v6.12 released

Posted: Tue May 13, 2014 10:28 am
by inframe
Hello! My question is, how soon is support for UDP for OpenVPN? :-? .. I need it for VOIP

Re: v6.12 released

Posted: Tue May 13, 2014 11:11 am
by onnoossendrijver
As Mikrotik has said many times there will be no UDP support for OpenVPN.
There are lots of alternatives for OpenVPN.
And if you desperately need OpenVPN with UDP you can install OpenWRT in metarouter or just use a second physical router for OpenVPN. These things are VERY cheap and power efficient.

Re: v6.12 released

Posted: Tue May 13, 2014 1:10 pm
by lelo
Hi Guys

About problem with DHCP server on VLAN interface, see my posts here:
http://forum.mikrotik.com/viewtopic.php ... 11#p425811

Re: v6.12 released

Posted: Wed May 14, 2014 1:31 pm
by McTedson
ROS 6.12 RB2011. no buffer space available... Network doesn't work. After reboot everything ok. I tried to update the firmware but does not help.
Same problem here as well after uptime of 4 weeks....

RIP erratic between 5.26 and 6.12

Posted: Wed May 14, 2014 3:20 pm
by dibatech
Hi guys.
Can confirm that RIP seems to be behaving erratic when propagating connected routes between version 5.26 and 6.12.

I would like to tender my resignation to the Mikrotik Beta testing program. V6 Sucks. Period.
Please do me a favor and PM me when version 6 is useable.

Re: RIP erratic between 5.26 and 6.12

Posted: Wed May 14, 2014 3:41 pm
by bysard
Hi guys.
Can confirm that RIP seems to be behaving erratic when propagating connected routes between version 5.26 and 6.12.

I would like to tender my resignation to the Mikrotik Beta testing program. V6 Sucks. Period.
Please do me a favor and PM me when version 6 is useable.
Don't you like the new icons in Winbox? :)

Re: v6.12 released

Posted: Wed May 14, 2014 5:27 pm
by jarda
Please do me a favor and PM me when version 6 is useable.
PM functionality is disabled here...

Re: v6.12 released

Posted: Wed May 14, 2014 8:43 pm
by Goasler
Hello,

mipsbe v6.12 works fine on RB2011U-2HnD-in

Thanks, bye.

Re: v6.12 released

Posted: Wed May 14, 2014 11:05 pm
by ners
ROS 6.12 RB2011. no buffer space available... Network doesn't work. After reboot everything ok. I tried to update the firmware but does not help.
Same problem here as well after uptime of 4 weeks....
Same here, seems to be tied to L2TP/IPSec since I started experiencing this when I set up L2TP/IPSec access and started using it. Happened to me on 6.10 and 6.12.

Re: v6.12 released

Posted: Thu May 15, 2014 12:03 am
by rextended
BEFORE EXIT 6.13 PLEASE FIX THIS BUG (present also on the last 6.13rc23):

BUG: THE PACKAGE CAN NOT BE DISABLED OR UNINSTALLED AFTER FIRST INSTALL WITH NETINSTALL.



EDIT: FIXED!!!

Re: v6.12 released

Posted: Thu May 15, 2014 5:34 am
by madpixel
Same thing
Cannot disable package on 6.13
On CCR1016 with 6.13rc23 I tried to disable ipv6 package.
Before reboot it is scheduled to disable, but after reboot it is enabled.

Re: v6.12 released

Posted: Thu May 15, 2014 9:23 am
by ners
RB2011UAS + ROS 6.12 + Firmware 3.14
09:51:01 l2tp,info first L2TP UDP packet received from xxx.xxx.xxx.xxx
09:51:01 l2tp,ppp,info,account coaxial logged in, 172.16.12.186
09:51:02 l2tp,ppp,info <l2tp-coaxial>: authenticated
09:51:02 l2tp,ppp,info <l2tp-coaxial>: connected
10:16:41 l2tp,ppp,info <l2tp-coaxial>: terminating... - disconnected
10:16:41 l2tp,ppp,info,account coaxial logged out, 1540 2978822 33503749 30339 31998
10:16:41 l2tp,ppp,info <l2tp-coaxial>: disconnected
10:18:16 system,info,account user xxx logged in via local

[xxx@rt-office.xxxxxxxx.net] > /ping 8.8.8.8
HOST SIZE TTL TIME STATUS
132 (No buffer space available)
132 (No buffer space available)
sent=2 received=0 packet-loss=100%

[xxx@rt-office.xxxxxxxx.net] > /sys reboot
Reboot, yes? [y/N]:
y
system will reboot shortly
This is maddening. L2TP+IPSec is very unreliable. The router has a high chance to stop forwarding traffic when someone is connected via L2TP+IPSec. When you try to ping something from the router, it returns "No buffer space available"

The only way to recover it seems to me is to log in via serial and reboot the router.

Re: v6.12 released

Posted: Thu May 15, 2014 11:24 am
by McTedson
ROS 6.12 RB2011. no buffer space available... Network doesn't work. After reboot everything ok. I tried to update the firmware but does not help.
Same problem here as well after uptime of 4 weeks....
Same here, seems to be tied to L2TP/IPSec since I started experiencing this when I set up L2TP/IPSec access and started using it. Happened to me on 6.10 and 6.12.
I am also using IPSEC on the routers which experienced the issue. I did not have logging enabled to disk, but now I do. Waiting for a lock up to see what the logfile says. IF it says ....

Re: v6.12 released

Posted: Thu May 15, 2014 8:15 pm
by rextended
BEFORE EXIT 6.13 PLEASE FIX THIS BUG (present also on the last 6.13rc23):

BUG: THE PACKAGE CAN NOT BE DISABLED OR UNINSTALLED AFTER FIRST INSTALL WITH NETINSTALL.



EDIT: FIXED!!!

FIXED ON 6.13 (2014-05-15 18:36:58)!!! (but you must use netinstall to upgrade from 6.13rc23 to 6.13)

Re: v6.12 released

Posted: Thu May 15, 2014 9:22 pm
by lotnybartek
How can I get 6.13?

Re: v6.12 released

Posted: Thu May 15, 2014 9:39 pm
by morf
Where i can see changelog in v6.13 ?

Re: v6.12 released

Posted: Thu May 15, 2014 11:45 pm
by Shiro
What's new in 6.13 (2014-May-15 16:03)::
*) console - comments are now accepted where new command can start, that is,
    where '/' or ':' characters can be used to start new command, e.g.
	/interface { # comment until the end of the line
	    print
	}
*) backup - backups by default are encrypted now (with user password).
   To use backup on older versions, you should disable encryption with dont-encrypt
   flag when creating it;
*) files with '.sensitive.' in the filename require 'sensitive'
    permission to manipulate;
*) lcd - reduce CPU usage when displaying static screens;
*) l2tp - fixed occasional server lockup;
*) pptp - fixed memory leak;
*) sstp - fixed crashes;
Issues so far on CCR-1009. Switch menu still missing from Winbox, its available on cli.
Upgrading from 6.13rc* to 6.13 failed, instant CCR crash, had to Netinstall to get it installed.

Re: v6.12 released

Posted: Fri May 16, 2014 8:29 am
by lotnybartek
Hmm, what about fixing L2TP/IPSec cache not flushing? I HOPE this is fixed in 6.13.

WHERE Can I download 6.13?

Re: v6.12 released

Posted: Fri May 16, 2014 9:48 am
by rextended
Wait, is coming out, or subscribe to mikrotik site and write to support@mikrotik.com to be inserted in beta test program.

Re: v6.12 released

Posted: Fri May 16, 2014 9:49 am
by rextended
What's new in 6.13 (2014-May-15 16:03)::
*) console - comments are now accepted where new command can start, that is,
    where '/' or ':' characters can be used to start new command, e.g.
	/interface { # comment until the end of the line
	    print
	}
*) backup - backups by default are encrypted now (with user password).
   To use backup on older versions, you should disable encryption with dont-encrypt
   flag when creating it;
*) files with '.sensitive.' in the filename require 'sensitive'
    permission to manipulate;
*) lcd - reduce CPU usage when displaying static screens;
*) l2tp - fixed occasional server lockup;
*) pptp - fixed memory leak;
*) sstp - fixed crashes;
Issues so far on CCR-1009. Switch menu still missing from Winbox, its available on cli.
Upgrading from 6.13rc* to 6.13 failed, instant CCR crash, had to Netinstall to get it installed.
You can use netinstall 6.12 for install 6.13 or other any versions from 4.16 to 6.13

Re: v6.12 released

Posted: Fri May 16, 2014 11:10 am
by sergejs
Thank you very much for all reports.
v6.13 is released.