Community discussions

MUM Europe 2020
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

v6.16/v6.17

Fri Jul 18, 2014 11:34 am

What's new in 6.16 (2014-Jul-17 13:12):

*) 802.11ac support added in wireless-fp package;
*) winbox - fixed random disconnection over encrypted tunnels;
*) l2tp, pptp, pppoe - fixed possible packet corruption when encryption was enabled;
*) ovpn - fixed ethernet mode;
*) certificates - use SHA256 for fingerprinting;
*) ipsec - fix AH proposal and problem when sometimes policy was not generated;
*) snmp - support AES encryption (rfc3826);
*) l2tp server: added option to enable IPsec automatically;
*) poe-out: added power-cycle-ping and power-cycle-interval settings;
*) gps - increased retry duration to 30 seconds;
*) time - on routerboards, current time is saved in configuration on reboot
and on clock adjustment, and is used to set initial time after reboot;
*) sntp - disabling/enabling client was causing dynamic-servers to be ignored
(bug introduced in 6.14);
*) CCR - fixed rare file system corruption when none
of configuration could be changed or some of it disappeared;
*) ipsec - allow multiple encryption algorithms per peer;
*) email - support tls only connections;
*) smb - fixed usb share issues after reboot
*) snmp - fix v3 protocol time window checks;
*) updated timezone information;
*) quickset - added VPN settings for HomeAP mode;
*) latency improvements on CCR devices;

What's new in 6.17 (2014-Jul-18 15:14):

*) CCR1009 - fixed crash;

If you already run some RouterOS v6.x version, simply click “Check for updates” in QuickSet, Webfig or Winbox packages menu.

Others: http://www.mikrotik.com/download

WARNING: Seems that currently the v6.16 causes issue in the first 4 ports of CCR1009. No other devices are affected. Fixed version is being released
No answer to your question? How to write posts
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1122
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: v6.16

Fri Jul 18, 2014 11:39 am

Exciting news, keep up the good work.

Off to do some testing on the new version now.
Unimus - configuration management, automation and backup solution
Mass Config Push, network-wide RouterOS upgrades, and more!
 
fitless
just joined
Posts: 2
Joined: Fri Mar 28, 2014 2:01 pm
Location: RU\Moscow

Re: v6.16

Fri Jul 18, 2014 12:38 pm

Hi,

Where I could find the information about new firmware (like what's new) 3.18 for RB450G which came with the latest OS 6.16 ?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8321
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.16

Fri Jul 18, 2014 12:59 pm

*) l2tp, pptp, pppoe - fixed possible packet corruption when encryption was enabled;
huh, is that to fix those annoying errors?..
jul/15/2014 22:46:10 ppp,error,critical 25585: Encryption got out of sync - disabling
jul/16/2014 13:56:11 ppp,error,critical 45075: Encryption got out of sync - disabling
*) latency improvements on CCR devices;
any details?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1825
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: v6.16

Fri Jul 18, 2014 1:07 pm

Wow what a release. Great work Mikrotik.

Can you provide more info on the CCR latency improvements?

E.g. is it across all functions, or forwarding or ppp ?
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
ropeba
Member Candidate
Member Candidate
Posts: 220
Joined: Sat Jul 29, 2006 4:13 pm

Re: v6.16

Fri Jul 18, 2014 1:29 pm

IGMP proxy is still broken!
 
prague
just joined
Posts: 22
Joined: Tue Sep 25, 2012 10:37 am

Re: v6.16

Fri Jul 18, 2014 1:47 pm

Winbox disconnection problem still goes on. Like 6.15 version which i login with read account.
 
stavincki1
just joined
Posts: 12
Joined: Thu Jan 09, 2014 1:06 pm

Re: v6.16

Fri Jul 18, 2014 2:32 pm

IGMP proxy is still broken!
I can confirm that. Igmp proxy stops to forward multicast traffic after upstream interface goes down/up. RB2011, ROS 6.16. Upstream inteface on RB2011 is on port 1...
 
mangust
Member Candidate
Member Candidate
Posts: 224
Joined: Thu Jun 14, 2007 11:14 am

Re: v6.16

Fri Jul 18, 2014 3:01 pm

Shoould i use wireless or wirless-fp package on RB2011UiAS-2Hnd?
Once I enable wireless-fp and reboot wireless goes to disable state.
Is that OK ?
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16

Fri Jul 18, 2014 3:03 pm

Shoould i use wireless or wirless-fp package on RB2011UiAS-2Hnd?
Once I enable wireless-fp and reboot wireless goes to disable state.
Is that OK ?
yes, wireless-fp replaces the regular package, this is why regular gets disabled
No answer to your question? How to write posts
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16

Fri Jul 18, 2014 4:02 pm

THIS BUG ALREADY SIGNALED ON 6.12 STILL PRESENT AND NOT SOLVED:

Primary BUG: Webfig created script or schedule do not have ftp, winbox, api rights and are impossible to set that rights on Webfig

Secondary BUG: Winbox do not have the possibility to change ftp, winbox, api rights on script or schedule

VERSION AFFECTED: ALL VERSION OF ROUTEROS where webfig are present.

When one script are created on Winbox or on CLI, the default right applied are:
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api

But when the script are created by webfig, the only right can be applied are:
reboot,read,write,policy,test,password,sniff,sensitive
MISSING ftp,winbox,api

Without ftp right some command like "/export file=filename;" are not doable on script / schedule created with WebFig.

Walkthrought: obviously using the CLI you can set the missing rights.

Is clear what is the problem, without any other investigation.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16

Fri Jul 18, 2014 4:03 pm

[quote="rextended"][/quote]

Clarify why is this important? It is not a bug, but lack of feature due to security. Why would you need these permissions in the GUI editor ?
No answer to your question? How to write posts
 
User avatar
paoloaga
Member Candidate
Member Candidate
Posts: 222
Joined: Tue Mar 08, 2011 2:52 am
Location: Vaprio d'Agogna (NO) - Italy
Contact:

Re: v6.16

Fri Jul 18, 2014 4:07 pm

are they switched? did you send an traffic, or just connect the cable to somewhere (where)?
It happens on ports 5 and 7, routed ports, with a straight configuration: one ip address and ospf configured (so yes, the router makes some traffic when the cable is connected). On the other side there is a CCR1016-12G.
BTW: I tried to upgrade also the CCR1016-12G (connected on the other end of the cable). This one works correctly (the 1016), but the ports on the 1009 keep flapping. I already tried to reset and re-apply configuration, I tried net-install and I tried it on another 1009, the results are the same. Need to revert back to 6.15.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16

Fri Jul 18, 2014 4:22 pm

Clarify why is this important?
It is not a bug, but lack of feature due to security.
Why would you need these permissions in the GUI editor?
Simply because on same user used to access webfig, by winbox, you can be able to create script with full right.
Winbox correctly assign ftp,winbox,api right to a new maded script/scheduler.
Webfig (on the same security level) can not.

On second istance, if one script has ftp,winbox,api right, is impossible to remove them from winbox or webfig.

Is obvious all can be do by CLI, but I'm not the only user complaining about missing interface for set/unset that rights.

Without assign ftp right, is impossible to create script on webfig can do automatic backup / export by mail, read file contents, check file existance, restore backup, import script etc.etc.etc.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
ojsa
Member Candidate
Member Candidate
Posts: 181
Joined: Tue Jan 27, 2009 8:53 pm
Location: Norway

Re: v6.16/v6.17

Fri Jul 18, 2014 4:42 pm

Nice feature with this "fast vpn" setup. Is it possible to enable fast and easy from either command prompt or winbox regardless of quickset?
Network professional - Certified MTCNA, MTCWE MTCTCE, MTCRE, MTCUME and MTCINE. - Wiki Profile
 
User avatar
ojsa
Member Candidate
Member Candidate
Posts: 181
Joined: Tue Jan 27, 2009 8:53 pm
Location: Norway

Re: v6.16/v6.17

Fri Jul 18, 2014 4:44 pm

Changing profiles in quickset you get a warning that you could loose connectivity, no matter what i answer it just pops back to my original quickset profile.

Running Chromes and windows 7.
Network professional - Certified MTCNA, MTCWE MTCTCE, MTCRE, MTCUME and MTCINE. - Wiki Profile
 
opalit
Member Candidate
Member Candidate
Posts: 211
Joined: Wed Aug 24, 2011 10:15 pm

Re: v6.16/v6.17

Fri Jul 18, 2014 4:46 pm

Where is 6.17, not on downloads page, also can not find VPN wizard in 6.16 as claimed in newsletter
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3089
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: v6.16/v6.17

Fri Jul 18, 2014 4:59 pm

Wow, after all my excitement abt the newsletter this puts me right back on earth.... ample hours after release of 6.16 it already has to be replaced by 6.17........ :( :( Lucky I just did upgrade may CCR to 6.15 so didn't immediately plan to go for .16... saved by the bell I guess....

A new employee just upgrades 30 SXT's fm 6.15 into 6.16. Lets see what happens with these.... I halted all upgrades for now.....
Show your appreciation of this post by giving me Karma! Thanks.

Rudy R. Puister

WISP operator based on MT routerboard & ROS.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2298
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.16/v6.17

Fri Jul 18, 2014 5:05 pm

What´s new in routerboot 3.18 ?

I know --> support for new AC products.
But another changes?
Please update old changelog on wiki - http://wiki.mikrotik.com/wiki/RouterBOOT_changelog
LAN, FTTx, Wireless. ISP operator
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Fri Jul 18, 2014 5:38 pm

We just published v6.17, which includes CCR1009 fix for port issues that caused crash. No other changes included, thanks everybody for quick reports that allowed us to immediately release a fix!
No answer to your question? How to write posts
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Fri Jul 18, 2014 5:39 pm

Where is 6.17, not on downloads page, also can not find VPN wizard in 6.16 as claimed in newsletter
HomeVPN is only in HomeAP mode of the Quickset.
No answer to your question? How to write posts
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Fri Jul 18, 2014 5:40 pm

Nice feature with this "fast vpn" setup. Is it possible to enable fast and easy from either command prompt or winbox regardless of quickset?
Yes, we have added "Use IPsec" option to L2TP server, so basically you will be able to do the same. IPsec will now become simple, and your tunnels — much more secure.
No answer to your question? How to write posts
 
Shiro
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Sep 25, 2013 6:44 pm

Re: v6.16/v6.17

Fri Jul 18, 2014 6:02 pm

Nice feature with this "fast vpn" setup. Is it possible to enable fast and easy from either command prompt or winbox regardless of quickset?
Yes, we have added "Use IPsec" option to L2TP server, so basically you will be able to do the same. IPsec will now become simple, and your tunnels — much more secure.
I use this for enabling L2TP+IPSEC and it works. If IPSEC fails for some reason, it still connects the l2tp tunnel, so you running an unencrypted VPN and maybe didnt't notice it. Other implementation for example Softether, deny L2TP connection if IPSEC fails, so you notice that something is wrong.

Is this possible to implement in RouterOS?
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Fri Jul 18, 2014 6:04 pm

If IPSEC fails for some reason, it still connects the l2tp tunnel, so you running an unencrypted VPN and maybe didnt't notice it.
thanks for suggestion, we will think of something
No answer to your question? How to write posts
 
gustavohp
just joined
Posts: 2
Joined: Fri Jul 18, 2014 7:00 pm

Re: v6.16/v6.17

Fri Jul 18, 2014 7:06 pm

In version 6.15 of RouterOS PPPoE takes too long to reconnect, about 4 minutes. In version 6.12 are just a few seconds. This has not been fixed?

Sorry for my english.
 
User avatar
paoloaga
Member Candidate
Member Candidate
Posts: 222
Joined: Tue Mar 08, 2011 2:52 am
Location: Vaprio d'Agogna (NO) - Italy
Contact:

Re: v6.16/v6.17

Fri Jul 18, 2014 7:13 pm

We just published v6.17, which includes CCR1009 fix for port issues that caused crash. No other changes included, thanks everybody for quick reports that allowed us to immediately release a fix!
I can confirm that the issue with CCR1009 routers is fixed on 6.17.
 
User avatar
kometchtech
Member Candidate
Member Candidate
Posts: 194
Joined: Sat Jun 15, 2013 4:25 am
Location: Japan
Contact:

Re: v6.16/v6.17

Fri Jul 18, 2014 7:16 pm

Problem that occurred in RouterOS 6.16 have confirmed that you have solved by 6.17.
Thank you for quick response.
--
Routerboard Users Group JP
http://www.rb-ug.jp/
CCR1009-8G-1S-1S+, RB750Gr3, CRS226-24G-2S+, RB850Gx2, RB960PGS, CRS317-1G-16S+,
RB2011UAS, CRS125-24G-1S, RB962UiGS-5HacT2HnT, CRS212-1G-10S-1S+, RB3011UiAS
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Fri Jul 18, 2014 7:58 pm

I have installed 6.17 on 1/4 of my production network (except pppoe still on 6.7, I must test on lab first if the problem inserted on 6.8+ are solved...)
No one single problem when updating RouterOS from 6.15 to 6.17 and various model bios to 3.17/3.18
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
kometchtech
Member Candidate
Member Candidate
Posts: 194
Joined: Sat Jun 15, 2013 4:25 am
Location: Japan
Contact:

Re: v6.16/v6.17

Fri Jul 18, 2014 8:02 pm

What´s new in routerboot 3.18 ?

I know --> support for new AC products.
But another changes?
Please update old changelog on wiki - http://wiki.mikrotik.com/wiki/RouterBOOT_changelog
Release Notes RouterBOOT Do not update?
I want to know what's changed for the time being.
--
Routerboard Users Group JP
http://www.rb-ug.jp/
CCR1009-8G-1S-1S+, RB750Gr3, CRS226-24G-2S+, RB850Gx2, RB960PGS, CRS317-1G-16S+,
RB2011UAS, CRS125-24G-1S, RB962UiGS-5HacT2HnT, CRS212-1G-10S-1S+, RB3011UiAS
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Fri Jul 18, 2014 8:42 pm

What´s new in routerboot 3.18 ?

I know --> support for new AC products.
But another changes?
Please update old changelog on wiki - http://wiki.mikrotik.com/wiki/RouterBOOT_changelog
Release Notes RouterBOOT Do not update?
I want to know what's changed for the time being.
It fixes the problem when router could not come back after upgrade from v5 to v6
No answer to your question? How to write posts
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Fri Jul 18, 2014 8:47 pm

Obviously, must be manual dowloaded and installed on 5.x devices,

If anyone wait to install 6.x to upgrade bios to one version that not block the device fom 5.x to 6.x upgrade...

:lol:
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
rmmccann
Member Candidate
Member Candidate
Posts: 182
Joined: Tue Sep 25, 2012 11:15 pm
Location: USA

Re: v6.16/v6.17

Fri Jul 18, 2014 9:01 pm

I've been sticking with 6.7 because of issues with SSTP and Windows clients - can anyone confirm if these problems are fixed? I know that both reliability and performance issues were noted by other users with SSTP + Windows.
A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. --Douglas Adams
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Fri Jul 18, 2014 9:09 pm

I've been sticking with 6.7 because of issues with SSTP and Windows clients - can anyone confirm if these problems are fixed? I know that both reliability and performance issues were noted by other users with SSTP + Windows.
Have you made a support ticket with support@mikrotik.com?
No answer to your question? How to write posts
 
honnnza
just joined
Posts: 12
Joined: Mon Dec 03, 2012 10:11 am

Re: v6.16/v6.17

Fri Jul 18, 2014 9:11 pm

Hello,
Just FYI:

Maybe there is problem with installing update directly from winbox (system > packages > check for updates) = Err: File not found

Thank you
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Fri Jul 18, 2014 9:13 pm

Hello,
Just FYI:

Maybe there is problem with installing update directly from winbox (system > packages > check for updates) = Err: File not found

Thank you
This means Changelog was not readable, the version will install just fine. You probably clicked the button when I was updating the Changelog. Try again, it should work.
No answer to your question? How to write posts
 
peper
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Tue Sep 11, 2012 8:45 pm

Re: v6.16/v6.17

Fri Jul 18, 2014 9:52 pm

This means Changelog was not readable, the version will install just fine. You probably clicked the button when I was updating the Changelog. Try again, it should work.
There's still problem with updating from Winbox.
Tested it on CRS125-24G-1S-2HnD and 2011UiAS - both report ERROR: file not found, when trying to Check for updates.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Fri Jul 18, 2014 10:25 pm

This means Changelog was not readable, the version will install just fine. You probably clicked the button when I was updating the Changelog. Try again, it should work.
There's still problem with updating from Winbox.
Tested it on CRS125-24G-1S-2HnD and 2011UiAS - both report ERROR: file not found, when trying to Check for updates.
Should be fixed now
No answer to your question? How to write posts
 
thasser
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Mon Sep 23, 2013 8:28 pm

Re: v6.16/v6.17

Fri Jul 18, 2014 10:30 pm

Does MT have any NV2 equivalent of 802.11AC in the works. For security purposes we like using NV2 as opposed to the more common 802.11.

Thanks and keep up the awesome work! Gig-e wi-fi here we come!
 
Shiro
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Sep 25, 2013 6:44 pm

Re: v6.16/v6.17

Sat Jul 19, 2014 12:50 am

I've been sticking with 6.7 because of issues with SSTP and Windows clients - can anyone confirm if these problems are fixed? I know that both reliability and performance issues were noted by other users with SSTP + Windows.
This issue is still there, i switched everything to l2tp+ipsec because of this issue.
 
jmay
Member
Member
Posts: 326
Joined: Tue Jun 23, 2009 8:26 pm

Re: v6.16/v6.17

Sat Jul 19, 2014 1:13 am

Where are the instructions for 802.11ac? I installed this on some rb711's and some rb911gs and I dont see an option for it. Do these boards not support this?
 
dominicbatty
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Wed Jul 07, 2010 12:26 pm

Re: v6.16/v6.17

Sat Jul 19, 2014 1:26 am

Our sstp vpn is extremely stable on 6.15, cannot comment on performance as application that runs over it uses only minimal bandwidth.

It looks like 802.11ac support is hardware related and is supported by 6.16 OS.
 
coylh
Member Candidate
Member Candidate
Posts: 160
Joined: Tue Jul 12, 2011 12:11 am

Re: v6.16/v6.17

Sat Jul 19, 2014 2:20 am

I'm getting an error, when upgrading via Dude. I also tried this on a device without wireless interfaces (RB450G).
upgrade failed.PNG
You do not have the required permissions to view the files attached to this post.
 
coylh
Member Candidate
Member Candidate
Posts: 160
Joined: Tue Jul 12, 2011 12:11 am

Re: v6.16/v6.17

Sat Jul 19, 2014 2:59 am

I really like the date/time recording feature!
time in log.PNG
You do not have the required permissions to view the files attached to this post.
 
ste
Forum Guru
Forum Guru
Posts: 1816
Joined: Sun Feb 13, 2005 11:21 pm

Re: v6.16/v6.17

Sat Jul 19, 2014 7:25 am

Where are the instructions for 802.11ac? I installed this on some rb711's and some rb911gs and I dont see an option for it. Do these boards not support this?
You are kidding?
 
prague
just joined
Posts: 22
Joined: Tue Sep 25, 2012 10:37 am

Re: v6.16

Sat Jul 19, 2014 11:52 am

Winbox disconnection problem still goes on. Like 6.15 version which i login with read account.
Is there anyone who experienced this situation?
 
welan
newbie
Posts: 37
Joined: Thu Jul 10, 2008 12:06 am
Location: Italy
Contact:

Re: v6.16/v6.17

Sat Jul 19, 2014 11:57 am

I have problem with OSPF on CCR, the default route was not announced correctly, it appears, the disapperars.
Downgraded to 6.15 but I got an error:

Script error: action timed out - try again, if error continues contact Mikrotik support and send a supout file (13)

Help, I'm in production!
 
fronczek
just joined
Posts: 20
Joined: Sun Jun 03, 2012 1:14 am
Location: Katowice, Poland
Contact:

Re: v6.16/v6.17

Sat Jul 19, 2014 12:31 pm

Hmmm... anyone the same problem? :)
RB493G / mipsbe

Image
Last edited by fronczek on Sat Jul 19, 2014 12:41 pm, edited 1 time in total.
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2411
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: v6.16

Sat Jul 19, 2014 12:38 pm

THIS BUG ALREADY SIGNALED ON 6.12 STILL PRESENT AND NOT SOLVED:

Primary BUG: Webfig created script or schedule do not have ftp, winbox, api rights and are impossible to set that rights on Webfig

Secondary BUG: Winbox do not have the possibility to change ftp, winbox, api rights on script or schedule

VERSION AFFECTED: ALL VERSION OF ROUTEROS where webfig are present.

When one script are created on Winbox or on CLI, the default right applied are:
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api

But when the script are created by webfig, the only right can be applied are:
reboot,read,write,policy,test,password,sniff,sensitive
MISSING ftp,winbox,api

Without ftp right some command like "/export file=filename;" are not doable on script / schedule created with WebFig.

Walkthrought: obviously using the CLI you can set the missing rights.

Is clear what is the problem, without any other investigation.
Clarify why is this important? It is not a bug, but lack of feature due to security. Why would you need these permissions in the GUI editor ?
If not for anything else, at the very least for consistency's sake. Is that not enough of a reason?
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
Basdno
Member Candidate
Member Candidate
Posts: 118
Joined: Wed Feb 17, 2010 10:11 pm

Re: v6.16/v6.17

Sat Jul 19, 2014 2:36 pm

Where are the instructions for 802.11ac? I installed this on some rb711's and some rb911gs and I dont see an option for it. Do these boards not support this?
You are kidding?


What he means is that you still need 802.11ac HARDWARE before you can use ac. Meaning depending on your equipment you need to replace radiocards, or entire box(SoHo) with new 802.11ac capable equipment.

The Mikrotik equipment that currently supports 802.11ac you can find here:

http://routerboard.com/RBSXTG-5HPacD
http://routerboard.com/RBSXTG-5HPacD-SA
http://routerboard.com/RB911G-5HPacD-NB

You can also find more information about this in the latest Mikrotik newsletter found in this thread:
http://forum.mikrotik.com/viewtopic.php ... =0#p437215
 
Shiro
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Sep 25, 2013 6:44 pm

Re: v6.16/v6.17

Sat Jul 19, 2014 2:46 pm

Our sstp vpn is extremely stable on 6.15...
Are you using SSTP between RouterOS or do you have Windows/other Clients/Servers?

I tested SSTP with my CCR1009 (6.15 - 6.17), RouterOS x86 (6.15 - 6.17), Softether in different configurations, RouterOS fails as Server and Client, no issues with idle connections, sometimes small amount of traffic is ok, but using Winbox or put some load on the VPN, i get in instant disconnects and reconnects every 2-3 seconds.
 
rdhw
just joined
Posts: 17
Joined: Wed Jun 01, 2011 12:31 am

Re: v6.16/v6.17

Sat Jul 19, 2014 2:48 pm

A positive report:

With this version, the rate of Rx Errors/Drops on an encrypted PPTP link is substantially reduced.
Previously, the error rate could exceed 10% of packets. Now it is less than 0.5%.

Thank you!
 
shed
just joined
Posts: 23
Joined: Thu Mar 13, 2014 7:20 am
Location: Korea, Republic of
Contact:

Re: v6.16/v6.17

Sat Jul 19, 2014 3:44 pm

What is this?
You do not have the required permissions to view the files attached to this post.
 
Shiro
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Sep 25, 2013 6:44 pm

Re: v6.16/v6.17

Sat Jul 19, 2014 4:40 pm

On my CCR1009 i still having repeating activation messages. Is this a normal behaviour or maybe a nand issue? if i put that stor on an sd-card, the same happend.

15:35:45 store,debug web-proxy1: disk setup finished successfully
15:35:45 store,debug user-manager1: disk setup finished successfully
15:35:46 store,debug activating store for web-proxy1
15:35:46 store,debug web-proxy1: activation finished successfully
 
kevork
just joined
Posts: 3
Joined: Sun Apr 16, 2006 5:17 am

Re: v6.16/v6.17

Sat Jul 19, 2014 5:39 pm

Hello,

I upgraded a CCR1036 from 6.2 to to 6.17 just last night.
Now the router does not keep the password anymore.
After a short time you set up the new password, it gets defaulted (blank).
 
User avatar
Maggiore81
Member Candidate
Member Candidate
Posts: 223
Joined: Sun Apr 15, 2012 12:10 pm
Location: Italy
Contact:

Re: v6.16/v6.17

Sat Jul 19, 2014 5:57 pm

I have upgraded a lot of RB from 6.14 to 6.16 and then 6.17

4 RB2011 died after a couple of hours of operation. (nand damaged, needed netinstall)
1 RB750GL died on reboot after upgrade (no lights at all, dead)


everything upgraded, first ros then bootloader
Dott. Elia Spadoni
---
Network Administrator,
MTCNA, MTCRE, MTCTCE, MTCINE, MTCWE
Spadhausen Internet Provider
Ravenna, ITALY
http://www.spadhausen.com
 
User avatar
jspool
Member
Member
Posts: 399
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: v6.16/v6.17

Sat Jul 19, 2014 6:51 pm

I upgraded one of my core routers (x86 type) to 6.17 yesterday and this morning I had no routes to anything plugged into that router. Evidently OSPF was not redistributing static & connected. Once I rebooted it was working. However I did revert back to 6.15 as that I have had no issues with that version for my applications. Now for the biggest irritation, When I downgraded if deleted everything and I mean everything in IPsec. I have no peers, profiles nothing. So use caution if you downgrade and you are using IPsec.
 
Shiro
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Sep 25, 2013 6:44 pm

Re: v6.16/v6.17

Sat Jul 19, 2014 7:02 pm

I upgraded one of my core routers (x86 type) to 6.17 yesterday and this morning I had no routes to anything plugged into that router. Evidently OSPF was not redistributing static & connected. Once I rebooted it was working. However I did revert back to 6.15 as that I have had no issues with that version for my applications. Now for the biggest irritation, When I downgraded if deleted everything and I mean everything in IPsec. I have no peers, profiles nothing. So use caution if you downgrade and you are using IPsec.
Its better to always backup the current configuration and download it in case the update fails and a downgrade or reinstallation in needed.
 
User avatar
jspool
Member
Member
Posts: 399
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: v6.16/v6.17

Sat Jul 19, 2014 7:22 pm

Interestingly after the downgrade from 6.17 to 6.15 all defaults in ip/ipsec are gone and you cannot add anything to IPsec. Profile shows IPsec using 5% cpu but it must be stuck in a loop or something as nothing is happening.
script error: action timed out - try again, if error continues contact MikroTik support and send a supout file (13)

After upgrading back to 6.17 all of the IPsec peers, Policies Groups & Mode configs are back. So whatever they have done in 6.17 with regards to IPsec will render IPsec unusable on a downgrade. uninstalling the security package and reinstalling did nothing.
Last edited by jspool on Sat Jul 19, 2014 7:59 pm, edited 3 times in total.
 
User avatar
jspool
Member
Member
Posts: 399
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: v6.16/v6.17

Sat Jul 19, 2014 7:27 pm

I upgraded one of my core routers (x86 type) to 6.17 yesterday and this morning I had no routes to anything plugged into that router. Evidently OSPF was not redistributing static & connected. Once I rebooted it was working. However I did revert back to 6.15 as that I have had no issues with that version for my applications. Now for the biggest irritation, When I downgraded if deleted everything and I mean everything in IPsec. I have no peers, profiles nothing. So use caution if you downgrade and you are using IPsec.
Its better to always backup the current configuration and download it in case the update fails and a downgrade or reinstallation in needed.
The routers I upgraded are used for testing various things out. This post was made to enlighten other Mikrotik users or support staff about possible issues or bugs regarding 6.17 and in no way am I whining about blindly upgrading and then experiencing issues doing so. With over 1000 Mikrotik routers in the field I can assure you we upgrade any critical routers prior to upgrading.
 
rafaeltdk
just joined
Posts: 17
Joined: Fri Feb 15, 2013 3:52 pm

Re: v6.16/v6.17

Sun Jul 20, 2014 12:35 am

Hello, I upgraded one CCR1036 6.2 to 6.17 for just last night. Now, the router does not keep the password anymore. After a short period of time to set the new password, it is in default (blank).

same problem, solve this urgent
 
nje431
newbie
Posts: 41
Joined: Tue Sep 10, 2013 5:17 pm

Re: v6.16/v6.17

Sun Jul 20, 2014 12:45 am

Unless I'm missing something, I'm not impressed with the new Winbox. The old version will remember my session settings, column widths, use of Inline comments, etc. The new beta version does not. In fact if you use the new version, the next time you log in with the old version, all those settings are gone. I tried it on 2 different PCs and get the same results.

While on the subject of inline comments, there should be a way to default to using them. I like to comment most settings, and when every line is commented, Inline is much easier to read. That way when someone else follows behind me, they know what all the settings are doing. And it doesn't hurt to remind myself 6 months from now either :lol:

Cheers.
 
AlexS
Member Candidate
Member Candidate
Posts: 259
Joined: Thu Oct 10, 2013 7:21 am

Re: v6.16/v6.17

Sun Jul 20, 2014 2:18 am

I upgraded one of my core routers (x86 type) to 6.17 yesterday and this morning I had no routes to anything plugged into that router. Evidently OSPF was not redistributing static & connected. Once I rebooted it was working. However I did revert back to 6.15 as that I have had no issues with that version for my applications. Now for the biggest irritation, When I downgraded if deleted everything and I mean everything in IPsec. I have no peers, profiles nothing. So use caution if you downgrade and you are using IPsec.
Its better to always backup the current configuration and download it in case the update fails and a downgrade or reinstallation in needed.
The routers I upgraded are used for testing various things out. This post was made to enlighten other Mikrotik users or support staff about possible issues or bugs regarding 6.17 and in no way am I whining about blindly upgrading and then experiencing issues doing so. With over 1000 Mikrotik routers in the field I can assure you we upgrade any critical routers prior to upgrading.

Interestingly I just organised an upgrade to 6.15 ....

But I have all my phy routers with partitions .. 4.
1) current
2) last working
3) test
4) fall back

I like the setup easy to manage..
 
steen
Member
Member
Posts: 469
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: v6.16/v6.17

Sun Jul 20, 2014 3:12 am

Hello Folks!

I have problem with DHCP.... it was working before.
DHCP server ---> Device Cisco Switch <<<--- trunk with some vlans --->>> CRS125 --->>> Linux PC, WIndows PC, Appliances.

The DHCP server sit in vlan 200 and is hooked up to one access port, it has been working for 10 years.
Devices connected to Cisco swith access ports is all working.
Devices connected to CRS acts strange, Windows PC all working normally.
Linux PC does not get any IP addresses.
Appliances does not get any IP addresses.

We have tried all ports and changed cables etc. only WIndows PC work nothing else.

It was working before, now suddenly it stopped working.

Anyone seeing this ?
 
cyberblob
just joined
Posts: 1
Joined: Sun Jul 20, 2014 7:50 am

Re: v6.16/v6.17

Sun Jul 20, 2014 8:59 am

Minor bugs with 6.17
  • ■ "Quick Set" does not update "/ip dns static" with correct ip address and "/ip dhcp-server network" is not updated with correct "dns-server" address.
Older Winbox keeps disconnecting
Winbox beta2 crashes alot
 
sdugoten
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: v6.16/v6.17

Sun Jul 20, 2014 12:08 pm

Testing once again on routing marks on v6.17 on x86 (upgrading from v6.7). Part of the routing marks still doesn't work.

Basically, I follow exactly like the official page here http://wiki.mikrotik.com/wiki/Policy_Base_Routing

The content is set to "whatismyipaddress"

Image

And then route to a Japan VPN

Image


Then, I launch a Chrome browser and go to URL http://whatismyipaddress.com/

The log does indicate it is trying to go out thru the VPN

Image

But the brower return nothing back.

Image


On the bright side, if not using the "Content" field, all other IP based criteria on routing marks works.

(eg. routing based on IP address works, like the example below)

Image
 
andriys
Forum Guru
Forum Guru
Posts: 1192
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.16/v6.17

Sun Jul 20, 2014 12:25 pm

To sdugoten:

The content you're matching against is a part of a URL you're connecting to, and thus is included in only a single packet withing the whole connection. You need to mark a connection with your content-matching rule first, then mark routing based on the connection mark you assigned previously.
 
miszak
just joined
Posts: 11
Joined: Mon Oct 21, 2013 8:57 pm

Re: v6.16/v6.17

Sun Jul 20, 2014 1:53 pm

After upgrade RB493G to 6.17 version, the IPSec tunnel crashed. In IPSec Proposal I've new default proposal, but this proposal is wrong.
My IPSec Tunnel can't connect. I try disable or remove his.

[admin@Mikrotik] /ip ipsec policy> print
Flags: T - template, X - disabled, D - dynamic, I - inactive
0 T group=IPv4 src-address=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=all proposal=default template=yes

1 T group=IPv4 src-address=192.168.1077.0/24 dst-address=192.168.108.0/24 protocol=all proposal=user1 template=yes
[admin@Mikrotik] /ip ipsec policy> enable 0
failure: Proposal disabled!
echo: ipsec,warning,critical Policy install failed: proposal disabled: ipsec proposal default
[admin@Mikrotik] /ip ipsec policy> disable 0
failure: Proposal disabled!
echo: ipsec,warning,critical Policy install failed: proposal disabled: ipsec proposal default
[admin@Mikrotik] /ip ipsec policy>remove 0
failure: cannot remove default template!

in log i see
error1.JPG
In Winbox can't change too. I don't need other tunnel
error.JPG
You do not have the required permissions to view the files attached to this post.
 
miszak
just joined
Posts: 11
Joined: Mon Oct 21, 2013 8:57 pm

Re: v6.16/v6.17

Sun Jul 20, 2014 2:15 pm

And the second error in IPSec.
After clicking the "Template" and the use of the group, I can not opt ​​out of this feature.
templete.JPG
You do not have the required permissions to view the files attached to this post.
 
sdugoten
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: v6.16/v6.17

Sun Jul 20, 2014 2:41 pm

To sdugoten:

The content you're matching against is a part of a URL you're connecting to, and thus is included in only a single packet withing the whole connection. You need to mark a connection with your content-matching rule first, then mark routing based on the connection mark you assigned previously.
To: Andriys

I am just following the official document here. http://wiki.mikrotik.com/wiki/Policy_Base_Routing . According to the official document, there is only 1 rule needed.
 
andriys
Forum Guru
Forum Guru
Posts: 1192
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.16/v6.17

Sun Jul 20, 2014 3:19 pm

I am just following the official document here. http://wiki.mikrotik.com/wiki/Policy_Base_Routing.
As far as I understand, only the articles listed here can be considered an official Mikrotik documentation. The rest of the wiki is, generally, user-driven. Anyone can get a write-enabled account by writing to support@. The document you're referring to is not written by a Mikrotik employee, but rather someone who claims to be a Mikrotik certified trainer/consultant (see document history here).

Anyways, I think the article you're referring to is wrong. Connection marking is mandatory in your case.
 
sdugoten
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: v6.16/v6.17

Sun Jul 20, 2014 4:39 pm

I am just following the official document here. http://wiki.mikrotik.com/wiki/Policy_Base_Routing.
As far as I understand, only the articles listed here can be considered an official Mikrotik documentation. The rest of the wiki is, generally, user-driven. Anyone can get a write-enabled account by writing to support@. The document you're referring to is not written by a Mikrotik employee, but rather someone who claims to be a Mikrotik certified trainer/consultant (see document history here).

Anyways, I think the article you're referring to is wrong. Connection marking is mandatory in your case.
Hmm...it seems only the people within the administrator group can grant people edit right on the wiki. So, I would assume people who get the access grant by the administrator would write something that is at least "correct" and cross check by Mikrotik support in order to put it on wiki. If not, why the administrator granting the access in the first place if those information is wrong on a "mikrotik.com" domain. If the information is not meant to be cross checked by Mikrotik, then they would have open the account creation for everyone else without Administrator granting access.

Image


Mikrotik, could you please clarity whether if the Routing marks by "Content" field is correct or not on the Wiki? Because search on the forum, most of the routing marks questions usually direct people to that wiki page for reference.



_
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8321
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.16/v6.17

Sun Jul 20, 2014 8:28 pm

sdugoten, using packet contents is not possible in your situation. data begin to flow via TCP connection only when it is already established, after three-way handshake. at that point, you cannot re-NAT connection to some other address
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
dominicbatty
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Wed Jul 07, 2010 12:26 pm

Re: v6.16/v6.17

Sun Jul 20, 2014 11:57 pm

Our sstp is from windows clients to an RB2011. I'll throw some data through it this week and let you know how it stands up.
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 511
Joined: Wed Jan 25, 2012 10:23 am

Re: v6.16/v6.17

Mon Jul 21, 2014 9:36 am

Scenario :
Upgrade router os from v6.7 to v6.17 -> Upgrade firmware and enable wireless-fp -> reboot

Problem :
SNMP shows only a few mib's with snmpwalk and is not showing interface statistics or other important data

Solution :
1 more reboot and it goes to normal
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Mon Jul 21, 2014 9:47 am

Hello, I upgraded one CCR1036 6.2 to 6.17 for just last night. Now, the router does not keep the password anymore. After a short period of time to set the new password, it is in default (blank).

same problem, solve this urgent
Please use Netinstall to reinstall RouterOS, this should fix it.
No answer to your question? How to write posts
 
User avatar
a.devecerski
just joined
Posts: 22
Joined: Tue Jan 24, 2006 11:23 pm

Re: v6.16/v6.17

Mon Jul 21, 2014 12:57 pm

The same thing shed reported little earlier (http://forum.mikrotik.com//viewtopic.ph ... ff#p437480) occuring on different HW.

Any ideas why?
MT.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Mon Jul 21, 2014 12:59 pm

The same thing shed reported little earlier (http://forum.mikrotik.com//viewtopic.ph ... ff#p437480) occuring on different HW.

Any ideas why?
MT.jpg
Please clarify, what is wrong in your image?
No answer to your question? How to write posts
 
ste
Forum Guru
Forum Guru
Posts: 1816
Joined: Sun Feb 13, 2005 11:21 pm

Re: v6.16/v6.17

Mon Jul 21, 2014 1:03 pm

[quote="Basdno]
What he means is that you still need 802.11ac HARDWARE before you can use ac. Meaning depending on your equipment you need to replace radiocards, or entire box(SoHo) with new 802.11ac capable equipment.
[/quote]

As .ac cards are mPCI-E in most cases a replacement of the radio card is not possible.
Only some newer Routerboards have mPCI-E Slots.
 
mikruser
Member
Member
Posts: 393
Joined: Wed Jan 16, 2013 6:28 pm

Re: v6.16/v6.17

Mon Jul 21, 2014 1:18 pm

RB751U-2HnD
After upgrade to 6.16 my SNMP Traffic sensors don't work anymore (No Such Name (SNMP error # 2))
do not ask me why it is necessary.
 
User avatar
a.devecerski
just joined
Posts: 22
Joined: Tue Jan 24, 2006 11:23 pm

Re: v6.16/v6.17

Mon Jul 21, 2014 1:43 pm

The same thing shed reported little earlier (http://forum.mikrotik.com//viewtopic.ph ... 7d#p437480) occuring on different HW.

Any ideas why?
MT.jpg
Please clarify, what is wrong in your image?
Multiple "ipsec,warning,critical" "phase 1 negotiation failed due to time up." log entries.
Haven't been there this morning before upgrade to v6.17 (fmw 3.18).
 
voxframe
Member Candidate
Member Candidate
Posts: 126
Joined: Thu Dec 16, 2010 2:51 pm

Re: v6.16/v6.17

Mon Jul 21, 2014 3:48 pm

Can people with OSPF issues please send in support files?

We use OSPF and now with 2 reports of the same symptoms, I'm not touching the new version.

Also normis, netinstall is not an option for the majority of our units, how do we fix the problem with passwords going blank? Will this be solved on the next revision?
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Mon Jul 21, 2014 3:50 pm

Can people with OSPF issues please send in support files?

We use OSPF and now with 2 reports of the same symptoms, I'm not touching the new version.

Also normis, netinstall is not an option for the majority of our units, how do we fix the problem with passwords going blank? Will this be solved on the next revision?
this is already solved in 6.16 without reinstall. my suggestion was for this person specifically, as it seems he has some sort of other issue
No answer to your question? How to write posts
 
voxframe
Member Candidate
Member Candidate
Posts: 126
Joined: Thu Dec 16, 2010 2:51 pm

Re: v6.16/v6.17

Mon Jul 21, 2014 5:52 pm

Thank you normis.

I wanted to comment that in the IPSEC winbox window for adding a peer. There is a large empty space that makes the window difficult to see in 6.17. It's easy enough to produce just by trying to add a peer.
 
ffernandes
Member Candidate
Member Candidate
Posts: 146
Joined: Mon Jun 23, 2008 11:20 pm

Re: v6.16/v6.17

Mon Jul 21, 2014 7:25 pm

6.16 to 6.17 went bad in a rb435g :(
had to netinstall it..... all is good now :X
 
whobbs
just joined
Posts: 4
Joined: Tue Mar 25, 2014 7:17 pm

Re: v6.16/v6.17

Tue Jul 22, 2014 12:31 am

Upgraded from 6.4 to 6.17 and Winbox and Webfig (http and https on nonstandard ports) both hang on connect. Logs say I have logged in successfully. I can SSH fine.

[admin@master] > /system routerboard print
routerboard: yes
model: CCR1016-12G
serial-number: 42D502D13F33
current-firmware: 3.09
upgrade-firmware: 3.18
You do not have the required permissions to view the files attached to this post.
 
_saik0
Member Candidate
Member Candidate
Posts: 127
Joined: Sun Aug 26, 2007 11:18 pm

Re: v6.16/v6.17

Tue Jul 22, 2014 1:31 am

Did an upgrade from 6.15->6.17 with 3.18 fw.

IPSec behavior is again like on 6.14, SAs don't get updated properly and only SA flush helps.
L2TP/IPSEC/OSPF VPNs in question.

Also SNMP, not getting interface traffic info anymore.

MT, it's like children playing with the code... 6.x is terrible from what I experienced.
Stop adding features, pushing new HW and what not - start fixing things!
 
rwaters
just joined
Posts: 19
Joined: Sat Jan 28, 2012 5:56 pm
Location: USA

Re: v6.16/v6.17

Tue Jul 22, 2014 4:02 am

Next version we get HT80-* txpower available and vht-mcs in winbox/webfig?
 
0ldman
Forum Guru
Forum Guru
Posts: 1446
Joined: Thu Jul 27, 2006 5:01 am

Re: v6.16/v6.17

Tue Jul 22, 2014 9:19 am

I had an AP fail that I replaced with my RB433 test unit running 6.17. I connected it, restored the backup of the AP, didn't quite behave as intended so I downgraded to 5.26.

Most of the packages failed to load during the downgrade, all that loaded was wireless, security and system, but the strangest part is that it loaded the previous configuration from when the test unit was my home wireless access point.

I reinstalled 5.26 and loaded the config again and all is well.
 
napismizpravu
Member Candidate
Member Candidate
Posts: 135
Joined: Sat Apr 09, 2011 1:27 pm
Location: czech

Re: v6.16/v6.17

Tue Jul 22, 2014 10:45 am

RB433UAH
works 6.16/6.17 proxy cache? (6.18rc1 no works Cache On Disk)
6.18rc1 does not load some CSS styles, problems even for you or is it a fault with my ISP?
no works samba
 
5nik
Frequent Visitor
Frequent Visitor
Posts: 78
Joined: Thu Dec 08, 2011 3:15 am
Location: Czech Republic

Re: v6.16/v6.17

Tue Jul 22, 2014 11:52 am

Update RB951G-2HnD 6.15->6.16 OK, upgrade firmware to 3.18 OK, after 6.16->6.17 no response, no working. After netinstall 6.17 working OK.
Update RB751-2HnD 6.15->6.17 OK, upgrade firmware to 3.18 OK.
Generally, I apologise for my weak english.
 
voxframe
Member Candidate
Member Candidate
Posts: 126
Joined: Thu Dec 16, 2010 2:51 pm

Re: v6.16/v6.17

Tue Jul 22, 2014 3:31 pm

I'm seeing weird things with L2TP/IPSEC as well.

I don't have time to troubleshoot as this is in production.
All we know is working config after upgrade, does not work. Flush and flush and flush and suddenly it works, then stops working.

Revert.

No problems.

Sorry I don't have more to go by, but I can't waste time.
 
sniggle
just joined
Posts: 14
Joined: Tue Sep 20, 2011 4:17 am

Re: v6.16/v6.17

Wed Jul 23, 2014 12:16 am

Upgraded from 6.4 to 6.17 and Winbox and Webfig (http and https on nonstandard ports) both hang on connect. Logs say I have logged in successfully. I can SSH fine.

[admin@master] > /system routerboard print
routerboard: yes
model: CCR1016-12G
serial-number: 42D502D13F33
current-firmware: 3.09
upgrade-firmware: 3.18
A while back I had a similar issue, turned out that clearing the browser cache fixed it. Guessing it had cached some older javascript that was invoking the login API in a deprecated fashion.
 
IntrusDave
Forum Guru
Forum Guru
Posts: 1290
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: v6.16/v6.17

Wed Jul 23, 2014 12:55 am

My log is flooded with "negotiation failed due to time up" and my IPSec site-to-site VPN's are unstable now.
Anything that I can do to help this?
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
User avatar
jspool
Member
Member
Posts: 399
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: v6.16/v6.17

Wed Jul 23, 2014 7:32 am

Anyone noticing copy and paste issues with the new winbox? And why in the hell is not there a choice between the stable winbox and the beta in the download area?
 
User avatar
jspool
Member
Member
Posts: 399
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: v6.16/v6.17

Wed Jul 23, 2014 7:36 am

My log is flooded with "negotiation failed due to time up" and my IPSec site-to-site VPN's are unstable now.
Anything that I can do to help this?
yeah don't upgrade. I too am in this boat and downgrading is a real pain in the a$$ with 6.17 as IPsec wont downgrade right below 6.17 and you have to do a dance to get things back to normal. Think of it like this: Mikrotik lives on the bleeding edge. version 5 is considered the stable 6.4 is beta and 6.5+ is alpha ;)
 
bawolek
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Thu Mar 29, 2007 3:33 pm
Location: Poland/Wroclaw

Re: v6.16/v6.17

Wed Jul 23, 2014 9:39 am

anyone has a problem like this? ---> http://forum.mikrotik.com/viewtopic.php?f=1&t=87315
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Wed Jul 23, 2014 9:40 am

Anyone noticing copy and paste issues with the new winbox? And why in the hell is not there a choice between the stable winbox and the beta in the download area?
regular Winbox is included in RouterOS. open IP address in your browser, and click on "WInbox"
No answer to your question? How to write posts
 
User avatar
jspool
Member
Member
Posts: 399
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: v6.16/v6.17

Wed Jul 23, 2014 9:53 am

Anyone noticing copy and paste issues with the new winbox? And why in the hell is not there a choice between the stable winbox and the beta in the download area?
regular Winbox is included in RouterOS. open IP address in your browser, and click on "WInbox"
Thanks Normis.
The IPsec policy priority field is buggy as you are probably aware. The old winbox works fine, the new winbox has the -1 error in the IPsec policy priority. Took me some time to determine it was not the RouterOS version as I kept going back version and it was still there. once I used the old winbox it was normal, if I open the new one its -1 again and red.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Wed Jul 23, 2014 10:05 am

Yes, this bug has been also submitted for fixing. It is still Beta 2 after all, some bugs are there.
No answer to your question? How to write posts
 
visalink
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Thu Oct 03, 2013 1:42 am

Re: v6.16/v6.17

Wed Jul 23, 2014 4:37 pm

My log is flooded with "negotiation failed due to time up" and my IPSec site-to-site VPN's are unstable now.
Anything that I can do to help this?
yeah don't upgrade. I too am in this boat and downgrading is a real pain in the a$$ with 6.17 as IPsec wont downgrade right below 6.17 and you have to do a dance to get things back to normal. Think of it like this: Mikrotik lives on the bleeding edge. version 5 is considered the stable 6.4 is beta and 6.5+ is alpha ;)
+1
Do not update, can make things worse.
 
Shkrid
just joined
Posts: 17
Joined: Wed Mar 13, 2013 11:06 am

Re: v6.16/v6.17

Thu Jul 24, 2014 10:42 am

Normis, what is it in logs? This is new feature of broadcast/multicast storm detection?
You do not have the required permissions to view the files attached to this post.
 
3bs
newbie
Posts: 48
Joined: Tue Aug 09, 2011 12:33 am
Location: Irkutsk, Russia

Re: v6.16/v6.17

Thu Jul 24, 2014 12:20 pm

Cool, on some routers disapeared configuration after update. Firmwares more and more worse from version to version.
WBR, 3bs =)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Thu Jul 24, 2014 2:12 pm

Actually I'm updated 3/4 of my network (and I still go on).
The first updated devices, just re-updated when 6.17 come out, still online and perfectly working.

--->>> I DO NOT USE IPsec <<<---
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Thu Jul 24, 2014 2:13 pm

We already made some IPsec fixes in v6.18rc3 which is available for testing upon request.
No answer to your question? How to write posts
 
napismizpravu
Member Candidate
Member Candidate
Posts: 135
Joined: Sat Apr 09, 2011 1:27 pm
Location: czech

6.18rc3 proxy cache contents not displayed

Thu Jul 24, 2014 4:52 pm

RB433UAH 6.18rc3 > proxy (USBx) Cache Contents no view (not displayed) info WinBox, command line
>ip proxy cache-contents print
 
IntrusDave
Forum Guru
Forum Guru
Posts: 1290
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: v6.16/v6.17

Thu Jul 24, 2014 6:08 pm

We already made some IPsec fixes in v6.18rc3 which is available for testing upon request.
I'm requesting. :)
I have only updated my test box (CCR1016) and it is very unstable. I use a lot of IPSec.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
kgninfos
Member
Member
Posts: 387
Joined: Thu Jun 21, 2012 7:34 pm
Location: Earth
Contact:

Re: v6.16/v6.17

Thu Jul 24, 2014 7:50 pm

see the signal i am getting in V1.7 :shock: how can i read the bars????
 
User avatar
ismets
just joined
Posts: 15
Joined: Wed Jun 07, 2006 4:24 pm

Re: v6.16/v6.17

Thu Jul 24, 2014 8:27 pm

Hi
I have 2 ccr1036-12g-4s.
I update one 6.15 to 6.17 and routerboard 3.13 to 3.18.
200Mhz cpu setting fan speed is 6000 RPM

old 6.15 Cpu 800Mhz fan speed 5000 RPM
We have a bug?

Image
 
skibi82
newbie
Posts: 42
Joined: Fri Mar 22, 2013 7:09 pm

Re: v6.16/v6.17

Thu Jul 24, 2014 8:41 pm

After switching BaseBox 2 to silent mode in routerboard on the latest firmware and ROS 6.17
Router asleep forever.

If i press reset all LED lights for ever :P

The router is not dead - it is impossible run Netinstall as well as anything else

Good job off support

P. S.
Thank God RMA work.
 
tldrmyh
just joined
Posts: 1
Joined: Thu Jul 24, 2014 7:34 pm

Re: v6.16/v6.17

Thu Jul 24, 2014 11:31 pm

RB2011UiAS-2HnD-IN, new one, ROS 6.2.

1st login => update to 6.17 => reboot
2nd login => change country in Wi-Fi area of quickset => device is inaccessible
power off/on => device is inaccessible.

I'll try to reset to defaults later, just curious if it's a normal operation and I just have to leave country setting as it is?
 
TikUser
newbie
Posts: 48
Joined: Thu Jul 04, 2013 2:40 pm
Location: EU

Re: v6.16/v6.17

Fri Jul 25, 2014 12:59 am

I upgraded one Omnitik from ROSv6.12, firmware 3.10, to ROSv6.17, firmware 3.17, wireless-fp enabled. I'm noticing port flapping. Omnitik is through ether1 connected to RB493G, which has ROSv5.26, firmware 3.07.
Auto Negotiation is enabled. Tx/RX Flow Control is off. In Advertise (10M half, 10M full, 100M half, 100M full,...) everything is checked. These are the default Mikrotik settings. In the RB493G these settings are also untouched (default). Interfaces are not bridged or switched.

Are there some problems in the communication between these ROS versions?
14:06:18 interface,info ether1 link down 
14:06:20 interface,info ether1 link up (speed 100M, full duplex) 
14:08:40 interface,info ether1 link down 
14:08:41 interface,info ether1 link up (speed 100M, full duplex) 
14:08:44 interface,info ether1 link down 
14:08:48 interface,info ether1 link up (speed 100M, full duplex) 
14:09:17 interface,info ether1 link down 
14:09:18 interface,info ether1 link up (speed 100M, full duplex) 
16:09:54 interface,info ether1 link down 
16:10:00 interface,info ether1 link up (speed 100M, full duplex) 
16:10:24 interface,info ether1 link down 
16:10:25 interface,info ether1 link up (speed 100M, full duplex) 
16:10:26 interface,info ether1 link down 
16:10:31 interface,info ether1 link up (speed 100M, full duplex) 
16:23:37 interface,info ether1 link down 
16:23:42 interface,info ether1 link up (speed 100M, full duplex) 
20:46:39 interface,info ether1 link down 
20:46:40 interface,info ether1 link up (speed 100M, full duplex) 
20:47:29 interface,info ether1 link down 
20:47:30 interface,info ether1 link up (speed 100M, full duplex) 
20:48:15 interface,info ether1 link down 
20:48:17 interface,info ether1 link up (speed 100M, full duplex) 
20:51:28 interface,info ether1 link down 
20:51:30 interface,info ether1 link up (speed 100M, full duplex) 
20:57:31 interface,info ether1 link down 
20:57:33 interface,info ether1 link up (speed 100M, full duplex) 
21:09:17 interface,info ether1 link down 
21:09:19 interface,info ether1 link up (speed 100M, full duplex) 
21:09:29 interface,info ether1 link down 
21:09:31 interface,info ether1 link up (speed 100M, full duplex) 
22:17:12 interface,info ether1 link down 
22:17:13 interface,info ether1 link up (speed 100M, full duplex) 
 
Thalid
newbie
Posts: 38
Joined: Sun Mar 31, 2013 11:33 pm

Re: v6.16/v6.17

Fri Jul 25, 2014 1:13 am

I upgraded one Omnitik from ROSv6.12, firmware 3.10, to ROSv6.17, firmware 3.17, wireless-fp enabled. I'm noticing port flapping. Omnitik is through ether1 connected to RB493G, which has ROSv5.26, firmware 3.07.
Auto Negotiation is enabled. Tx/RX Flow Control is off. In Advertise (10M half, 10M full, 100M half, 100M full,...) everything is checked. These are the default Mikrotik settings.

Are there some problems in the communication between these ROS versions?
tryd whitout auto negotiation?
 
avantwireless
Member Candidate
Member Candidate
Posts: 137
Joined: Mon Nov 07, 2005 3:04 am

Re: v6.16/v6.17

Fri Jul 25, 2014 3:57 am

I'm seeing the port flapping on a QRT and turning off auto-negotiation does not fix it. This is showing up on more devices with later versions of ROS... Time for this to get fixed!!!
 
kgninfos
Member
Member
Posts: 387
Joined: Thu Jun 21, 2012 7:34 pm
Location: Earth
Contact:

Re: v6.16/v6.17

Fri Jul 25, 2014 4:40 am

can anyone check the the ting bellow
i had 2 SXT5 dual chan i upgraded it to 6.17 then the wireless-fp but not enabled it
first one is on bridge mode second in client
as soon as i upgraded the wireless link disconnected

the log at client flooded with message "Failed join recently to SSID No network that satisfies connect list"(Had the entry in connectlist but was disabled)
at the bridge there was no log at showing any wireless error (Seemed the client was not trying to connect)
when i removed the connectlist entry in client the link was up

i guess it's checking the connect list even when it's disabled
 
mt-guy
just joined
Posts: 8
Joined: Mon May 26, 2008 4:41 pm

Re: v6.16/v6.17

Fri Jul 25, 2014 9:29 am

We already made some IPsec fixes in v6.18rc3 which is available for testing upon request.
I am interested, since we have major issues with reproducible issues and what seems to be random issues with IPsec.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Fri Jul 25, 2014 9:33 am

We already made some IPsec fixes in v6.18rc3 which is available for testing upon request.
I am interested, since we have major issues with reproducible issues and what seems to be random issues with IPsec.
We have now added it to the regular download page:
http://www.mikrotik.com/download
No answer to your question? How to write posts
 
kivimart
newbie
Posts: 40
Joined: Thu Oct 10, 2013 3:06 pm

Re: v6.16/v6.17

Fri Jul 25, 2014 9:58 am

We already made some IPsec fixes in v6.18rc3 which is available for testing upon request.
I am interested, since we have major issues with reproducible issues and what seems to be random issues with IPsec.
We have now added it to the regular download page:
http://www.mikrotik.com/download
the link routeros-mipsbe-6.18rc.npk point to file routeros-x86-6.18rc.npk
 
Basdno
Member Candidate
Member Candidate
Posts: 118
Joined: Wed Feb 17, 2010 10:11 pm

Re: v6.16/v6.17

Fri Jul 25, 2014 2:48 pm

see the signal i am getting in V1.7 :shock: how can i read the bars????


Hi,

What do you mean? What signal and bars do you mean, and v1.7 of what? Do you mean RouterOS 6.17?

Please be a little more specific when posting so its easier for your fellow forum-users to help you!
 
Somikov
just joined
Posts: 5
Joined: Fri Jul 25, 2014 5:39 pm

Re: v6.16/v6.17

Fri Jul 25, 2014 6:35 pm

New feature?
Watchdog timer is disabled, but the router still reboots on watchdog timer.
And it does not wait for 10 minutes, and may restart in 30 seconds.
------------------------
[admin@AI5926CX] /system routerboard> print
       routerboard: yes
             model: 411U
     serial-number: 28DB012DC0E8
  current-firmware: 3.18
  upgrade-firmware: 3.18
[admin@AI5926CX] > /system watchdog print
     watch-address: 8.8.8.8
    watchdog-timer: no
     no-ping-delay: 10m
  automatic-supout: yes
  auto-send-supout: no
[admin@AI5926CX] > /system clock print
            time: 18:22:01
            date: jul/25/2014
  time-zone-name: Europe/Kiev
      gmt-offset: +03:00
      dst-active: yes
[admin@AI5926CX] > /log print follow  where topics~"watchdog" or topics~"ppp"
18:22:50 async,ppp,info ppp-outIT: terminating... - hungup
18:22:50 async,ppp,info ppp-outIT: disconnected
18:23:00 async,ppp,info ppp-outIT: initializing...
18:23:00 async,ppp,info ppp-outIT: reseting link...
18:23:00 async,ppp,info ppp-outIT: reseting link... - could not acquire serial port
18:23:00 async,ppp,info ppp-outIT: disconnected
18:23:10 async,ppp,info ppp-outIT: initializing...
18:23:10 async,ppp,info ppp-outIT: reseting link...
18:23:10 async,ppp,info ppp-outIT: reseting link... - could not acquire serial port
18:23:10 async,ppp,info ppp-outIT: disconnected
18:23:20 async,ppp,info ppp-outIT: initializing...
18:23:20 async,ppp,info ppp-outIT: reseting link...
18:23:20 async,ppp,info ppp-outIT: reseting link... - could not acquire serial port
18:23:20 async,ppp,info ppp-outIT: disconnected
18:23:30 async,ppp,info ppp-outIT: initializing...
18:23:30 async,ppp,info ppp-outIT: reseting link...
18:23:30 async,ppp,info ppp-outIT: reseting link... - could not acquire serial port
18:23:30 async,ppp,info ppp-outIT: disconnected
18:23:40 async,ppp,info ppp-outIT: initializing...
18:23:40 async,ppp,info ppp-outIT: reseting link...
18:23:40 async,ppp,info ppp-outIT: reseting link... - could not acquire serial port
18:23:40 async,ppp,info ppp-outIT: disconnected
18:23:46 watchdog,error,critical watchdog cannot ping address 8.8.8.8, rebooting
18:23:50 async,ppp,info ppp-outIT: initializing...
18:23:50 async,ppp,info ppp-outIT: reseting link...
18:23:50 async,ppp,info ppp-outIT: reseting link... - could not acquire serial port
18:23:50 async,ppp,info ppp-outIT: disconnected
-- Ctrl-C to quit. Space prints separator. New entries will appear at bottom.
echo: watchdog,error,critical watchdog cannot ping address 8.8.8.8, rebooting

Last edited by Somikov on Tue Jul 29, 2014 12:04 pm, edited 1 time in total.
 
wrobli
just joined
Posts: 16
Joined: Fri Mar 21, 2014 8:39 pm

Re: v6.16/v6.17

Fri Jul 25, 2014 9:43 pm

We upgrade 70% our network so far all working.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Fri Jul 25, 2014 9:44 pm

NEW PARAMETER REQUEST ON ALREADY EXISTENT FUNCTIONS:

Sometime we (yes, we, not only I) need to run some command on CLI interface by pasting it inside from clipboard,
or running script from CLI.

Everyone know: if you run one script on CLI if contain upgrade, rebuild, reboot, reset, etc. ask confirmation.

Please consider to add parameter "skip-confirmation=yes" to the all command ask for confirmation like:
/system routerboard upgrade skip-confirmation=yes;
/tool user-manager database clear skip-confirmation=yes;
/tool user-manager database clear-log skip-confirmation=yes;
/tool user-manager database rebuild skip-confirmation=yes;
/system reboot skip-confirmation=yes;
/system reset-configuration run-after-reset=myfile.rsc skip-confirmation=yes;
/ip proxy reset-html skip-confirmation=yes;
Probably I miss some other examples.

AND ADD FOR THIS ONE CONFIRMATION IN CLI OR WINBOX:
/interface wireless reset-configuration;
I hope I'm not the only ask for this.

EDIT: added more examples.
Last edited by rextended on Sun Jul 27, 2014 12:33 am, edited 3 times in total.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8321
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.16/v6.17

Fri Jul 25, 2014 9:57 pm

in scripts, it works fine without confirmation. in Terminal, I don't think it's hard to press 'y' in the end of script - probably sometime it will save someone from loosing their config =) anyway, 'reset' or 'reboot' is always the last command in script :)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Sat Jul 26, 2014 8:55 am

>>>I don't think it's hard to press 'y' in the end of script
It's like you do not have read correctly the post (english or not).
If you paste something from clipboard, the "y" sometime is unexpected and broken the rest of the pasted commands.

>>>probably sometime it will save someone from loosing their config =)
If are saved scripts, are supposed to work right, if you run by script or sceduler, if are bad, still be dangerous for lost config.

>>>anyway, 'reset' or 'reboot' is always the last command in script
Absolutely wrong. OR right just for your scripts.
One simple example: on my maintenance script at the boot, if new bios version are available are updated and system rebooted before script go further, at reboot script continue (because are scheduled at the boot and the bios is already updated).
I'm Italian, not English. Sorry for my imperfect grammar.
 
BRCnet
just joined
Posts: 3
Joined: Mon Jul 22, 2013 12:13 pm

Re: v6.16/v6.17

Sat Jul 26, 2014 10:33 am

Three RB912 upgraded to 6.17 and I had a few days and well, but I did a massive upgrade has been a disaster.
Especially the RB2011 have been killed, even after trying to update after some running to 6.18rc5

No this can happen as the truth, I have major teams stand right now. Now I'm afraid they can take those keeping 6.17 as many have fallen even without restart.

Any solution?
 
bornwired
just joined
Posts: 10
Joined: Sat May 03, 2014 10:15 am

Re: v6.16/v6.17

Sat Jul 26, 2014 7:08 pm

Anyone having this issue with RB2011 after the upgrade?

Help appreciated, thanks.

http://forum.mikrotik.com/viewtopic.php?f=7&t=87402
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8321
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.16/v6.17

Sun Jul 27, 2014 12:02 am

If you paste something from clipboard, the "y" sometime is unexpected and broken the rest of the pasted commands.

<...>

One simple example: on my maintenance script at the boot, if new bios version are available are updated and system rebooted before script go further, at reboot script continue (because are scheduled at the boot and the bios is already updated).
please make an example where 'reboot' command is pasted from clipboard (not executed from script, where it asks nothing) and is not the last command :) that's what I mean
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Sun Jul 27, 2014 12:39 am

I do not want reply because if i do that I show my script, and I do not want disclose it to any.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2411
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: v6.16/v6.17

Sun Jul 27, 2014 12:47 am

I do not want reply because if i do that I show my script, and I do not want disclose it to any.
Then just describe basically what is that script of yours supposed to do (no specifics or actual code), and why would you (realistically) want to not have the reset be the last thing in there.
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Sun Jul 27, 2014 12:58 am

I do not want reply because if i do that I show my script, and I do not want disclose it to any.
Then just describe basically what is that script of yours supposed to do (no specifics or actual code), and why would you (realistically) want to not have the reset be the last thing in there.
*** Check what version of initialization script used to first time program the CPE and accordingly what version are found, reset configuration with running new .rsc script OR if are more recent version simply change some value on configuration. If the bios on RouterOS are more recent than the bios onboard, first of all upgrade and then reboot, after reboot continue the script (run again) ***

Already writed (And chupaka ask for reboot, not for reset):
One simple example: on my maintenance script at the boot, if new bios version are available are updated and system rebooted before script go further, at reboot script continue (because are scheduled at the boot and the bios is already updated).
I think the Chupaka questions derail the sense of the request.
What importance have where is placed reboot/reset on the "pasted from the clipboard" / "invoked saved script"???

http://forum.mikrotik.com/viewtopic.php ... 43#p438805

I ask only if possible to remove ALL confirmation messages upon provided parameter,
and ADD THE WARNING MESSAGE WHERE IS MISSING like on reset-configuration on wireless.

Forget REBOOT.
Last edited by rextended on Sun Jul 27, 2014 1:07 am, edited 1 time in total.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Sun Jul 27, 2014 1:07 am

If you read this, first read again my just previous post. I have modified some things...
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2411
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: v6.16/v6.17

Sun Jul 27, 2014 2:14 am

Reboot, reset... whatever...

You can easily wrap your copy&paste script into a scheduler even that is 1s away, and the first thing it does is to remove itself. That way, you're executing everything, and not even leaving a trail. This includes reboots, and I'm pretty sure it would work for a reset as well.

e.g.
/system scheduler add name="SETTER" interval=1s on-event={
/system scheduler remove "SETTER"

/system reboot

}
or more generally
/system scheduler add name="SETTER" interval=1s on-event={
/system scheduler remove "SETTER"

#Your script here

}
Technically, there's also the "execute" command, which doesn't involve adding a self removing item, but it requires the script as a string, meaning it's less convenient for the most part.
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
ibm
Member
Member
Posts: 301
Joined: Mon May 12, 2014 5:16 pm

Re: v6.16/v6.17

Sun Jul 27, 2014 9:28 am

What's happened to the stats?
I'm sure that it isn't a ddos because the 600Mhz CPU last night was always at 5% and the WANs hadn't traffic.
You do not have the required permissions to view the files attached to this post.
Last edited by ibm on Sun Jul 27, 2014 11:19 am, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Sun Jul 27, 2014 11:09 am

Reboot, reset... whatever...

You can easily wrap your copy&paste script into a scheduler even that is 1s away, and the first thing it does is to remove itself. That way, you're executing everything, and not even leaving a trail. This includes reboots, and I'm pretty sure it would work for a reset as well.

e.g.
/system scheduler add name="SETTER" interval=1s on-event={
/system scheduler remove "SETTER"

/system reboot

}
or more generally
/system scheduler add name="SETTER" interval=1s on-event={
/system scheduler remove "SETTER"

#Your script here

}
Technically, there's also the "execute" command, which doesn't involve adding a self removing item, but it requires the script as a string, meaning it's less convenient for the most part.
Why must be find everytime one walktrought instead obtaining one simpe solution from mikrotik?

Another example is "toip" for convert one "1.2.3.4/32" as string toip not work, and toipprefix not exist,
must be used again another fantasious method instead to have toip working as expected:
http://forum.mikrotik.com/viewtopic.php ... 85#p438947

Do not tink I can not make script without this fix, but sometime is frustrating when some instruction missing or not work as expected.

The language used for Scripting are mikrotik proprietary and I'm not expecting anything more what I can do, but I ask just for fix ALREADY existent functions, not add new, like decimal numbers or read more than 4096 characters on file.
I'm Italian, not English. Sorry for my imperfect grammar.
 
gemhero
just joined
Posts: 3
Joined: Sun Jul 27, 2014 12:26 pm

Re: v6.16/v6.17

Sun Jul 27, 2014 12:56 pm

While upgrading from v6.15 to v6.17.
IP / DHCP Server - Leases list is all gone .. (Leases list is removed)

RB2011UAS / RB2011UiAS / RB750GL / RB450G was all the same problem

For me it is a serious problem.

Monday tomorrow, we hope not only no problems at suppliers.
You do not have the required permissions to view the files attached to this post.
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2411
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: v6.16/v6.17

Sun Jul 27, 2014 1:42 pm

Another example is "toip" for convert one "1.2.3.4/32" as string toip not work, and toipprefix not exist,
must be used again another fantasious method instead to have toip working as expected:
http://forum.mikrotik.com/viewtopic.php ... 85#p438947

The language used for Scripting are mikrotik proprietary and I'm not expecting anything more what I can do, but I ask just for fix ALREADY existent functions, not add new, like decimal numbers or read more than 4096 characters on file.
It really depends on how easy and generic the supposed workaround is, and ideally, that should dictate the priority of feature additions and fixes.

In the case of skip-confirmation, the workaround for that is easy (three lines that don't disturb the rest of your flow) and generic (you can apply it to any script containing stuff that would otherwise require prompts).

In the case of toip-prefix, the workaround is not as easy and generic (because of ":parse"... any script with that starts to turn into a complex "hack"; BTW, I had sent a feature request for that to support before your post, and got a "sure... eventually..." kind of reply), and in the case of decimal numbers and 4096+ characters, it's downright impossible.

So personally, my preferred order (in terms of what I think MikroTik should focus their efforts on) would be the reverse of your propositions - 4096+ first, decimals second, toip-prefix third, and skip-confirmation forth.
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Sun Jul 27, 2014 5:31 pm

I like your order, is similar to mine, but on the hope first are made "easy" things...
I'm Italian, not English. Sorry for my imperfect grammar.
 
IPTel
just joined
Posts: 8
Joined: Fri Jun 13, 2014 9:35 am

Re: v6.16/v6.17

Sun Jul 27, 2014 5:36 pm

After upgrading from 6.15 to 6.17 disk memory using inreased
on router 1 (750) from ~2 500 to ~5 000 sectors/day
on router 2 (750G) from ~3000 to ~7 400 sectors/day
on router 3 (750G) from ~2 000 to ~4 000 sectors/day

without changing of configuration, of course
Last edited by IPTel on Mon Jul 28, 2014 9:58 am, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Mon Jul 28, 2014 8:19 am

You keep on this type of statistic?

Is like you do not read the change log, or better, you do not understand the change log.

Read again and you find why.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Mon Jul 28, 2014 8:21 am

While upgrading from v6.15 to v6.17.
IP / DHCP Server - Leases list is all gone .. (Leases list is removed)

RB2011UAS / RB2011UiAS / RB750GL / RB450G was all the same problem

For me it is a serious problem.

Monday tomorrow, we hope not only no problems at suppliers.
Are present static leases or only dynamic?

Simply put back from backup. Yu have backup, right?
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
nick3dos
Member Candidate
Member Candidate
Posts: 189
Joined: Fri Apr 29, 2011 11:03 pm
Location: Greece

Re: v6.16/v6.17

Mon Jul 28, 2014 9:30 am

After updating CCR1009-8G-1S from 6.13 to 6.17 from time to time, administration users are all reset to default 'admin' user with no password.
I had to make a script to check when the users are deleted and create them back.
I can see Nothing to log !!!
 
IPTel
just joined
Posts: 8
Joined: Fri Jun 13, 2014 9:35 am

Re: v6.16/v6.17

Mon Jul 28, 2014 9:56 am

You keep on this type of statistic?

Is like you do not read the change log, or better, you do not understand the change log.

Read again and you find why.
I read again and once more. And I can't find why. :)
May be, can you specify the reason?
 
SaLMoN
just joined
Posts: 9
Joined: Wed Nov 23, 2011 6:43 pm

Re: v6.16/v6.17

Mon Jul 28, 2014 10:44 am

While upgrading from v6.15 to v6.17.
IP / DHCP Server - Leases list is all gone .. (Leases list is removed)

RB2011UAS / RB2011UiAS / RB750GL / RB450G was all the same problem
Have the same problem on 435G. Additionally, the list disappeared after accidental power failure. And when I try to make a backup:
error creating backup file: could not read all configuration files
 
gemhero
just joined
Posts: 3
Joined: Sun Jul 27, 2014 12:26 pm

Re: v6.16/v6.17

Mon Jul 28, 2014 12:07 pm

While upgrading from v6.15 to v6.17.
IP / DHCP Server - Leases list is all gone .. (Leases list is removed)

RB2011UAS / RB2011UiAS / RB750GL / RB450G was all the same problem

For me it is a serious problem.

Monday tomorrow, we hope not only no problems at suppliers.
Are present static leases or only dynamic?

Simply put back from backup. Yu have backup, right?
Only a dynamic leases.
Because many mobile users.
I did not use the automatic upgrade.
"All Packages" using the updated.
Until now, there was no such problem.
So there is no backup.

Important thing.

Future possible problems that can occur when updating?
Or in the way I can fix this problem if there is a way of setting?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8321
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.16/v6.17

Mon Jul 28, 2014 12:16 pm

Technically, there's also the "execute" command
perfect!
execute "/system reboot"
does not ask for confirmation! so, to skip confirmation, one should replace '$command' with 'execute "$command"' :)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Mon Jul 28, 2014 5:46 pm

You keep on this type of statistic?

Is like you do not read the change log, or better, you do not understand the change log.

Read again and you find why.
I read again and once more. And I can't find why. :)
May be, can you specify the reason?
Saving time each 10 min (?) on board
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Mon Jul 28, 2014 5:48 pm

Technically, there's also the "execute" command
perfect!
execute "/system reboot"
does not ask for confirmation! so, to skip confirmation, one should replace '$command' with 'execute "$command"' :)
Thanks for the info!

But is another walktrought...
I'm Italian, not English. Sorry for my imperfect grammar.
 
TikUser
newbie
Posts: 48
Joined: Thu Jul 04, 2013 2:40 pm
Location: EU

Re: v6.16/v6.17

Mon Jul 28, 2014 11:35 pm

Have the same problem on 435G. Additionally, the list disappeared after accidental power failure. And when I try to make a backup:
error creating backup file: could not read all configuration files
Apply (restore) previous backup over the existing configuration, then try to make a new backup.
Or reset the configuration first, and then apply previous backup.
That worked in my case.
 
SaLMoN
just joined
Posts: 9
Joined: Wed Nov 23, 2011 6:43 pm

Re: v6.16/v6.17

Tue Jul 29, 2014 8:34 am

Apply (restore) previous backup over the existing configuration, then try to make a new backup.
Or reset the configuration first, and then apply previous backup.
That worked in my case.
I went back to v. 6.15 on this device. In addition to downgrade ROS I had to downgrade RouterBoard firmware too, because the problem persists. I'll wait for a better version.
 
User avatar
sumanbarman
just joined
Posts: 18
Joined: Tue Jul 08, 2014 4:26 pm
Location: Chittagong,Bangladesh

Re: v6.16/v6.17

Tue Jul 29, 2014 10:38 am

Dear Normis,
Nice to hear released v 6.16/6.17
But still now transparent web proxy doesn't work in both 6.15 & 6.17
here is my router configuration:

/ip firewall nat
add chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80
add chain=srcnat action=masquerade src-address=192.168.2.0/24 out-interface=WIMAX

/ip firewall mangle
add action=mark-packet chain=output comment="CACHE HIT" disabled=no dscp=4 new-packet-mark=cache-hits passthrough=no

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="Unlimited Speed for CACHE"
packet-mark=cache-hits parent=global priority=8 queue=default

/ip proxy> print
enabled: yes
src-address: ::
port: 8080
anonymous: no
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-administrator: webmaster
max-cache-size: unlimited
max-cache-object-size: 40960KiB
cache-on-disk: yes
max-client-connections: 1000
max-server-connections: 1000
max-fresh-time: 3d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: usb1
Suman Barman
System Admin
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8321
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.16/v6.17

Tue Jul 29, 2014 12:36 pm

But still now transparent web proxy doesn't work in both 6.15 & 6.17
what exactly doesn't work? what do you check, what do you expect to see and what results do you actually see?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Tue Jul 29, 2014 12:37 pm

New feature?
Watchdog timer is disabled, but the router still reboots on watchdog timer.
Watchdog address is not the same as Watchdog timer. What you see is a reboot because of kernel crash. This is also done by watchdog, and can't be disabled.
No answer to your question? How to write posts
 
pchott
newbie
Posts: 39
Joined: Tue Apr 29, 2014 11:15 am
Location: Holzkirchen, Germany

Re: v6.16/v6.17

Tue Jul 29, 2014 12:46 pm

But still now transparent web proxy doesn't work in both 6.15 & 6.17
what exactly doesn't work? what do you check, what do you expect to see and what results do you actually see?
In version 6.15 I was not able to configure transparent web-proxy to show this login page: http://www.samplecomponents.com/scripts ... ll?hittite
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8321
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.16/v6.17

Tue Jul 29, 2014 1:03 pm

In version 6.15 I was not able to configure transparent web-proxy to show this login page: http://www.samplecomponents.com/scripts ... ll?hittite
what were your steps to do that? we're not telepathists. what do you mean saying 'to show this page'? all pages were opening normally, and that only page didn't work?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Tue Jul 29, 2014 1:09 pm

you are using transparent proxy to show login page? can this even work? you should be using hotspot with external login page redirect
No answer to your question? How to write posts
 
IPTel
just joined
Posts: 8
Joined: Fri Jun 13, 2014 9:35 am

Re: v6.16/v6.17

Tue Jul 29, 2014 2:01 pm

You keep on this type of statistic?

Is like you do not read the change log, or better, you do not understand the change log.

Read again and you find why.
I read again and once more. And I can't find why. :)
May be, can you specify the reason?
Saving time each 10 min (?) on board
24 hours. On all devices. Always.
 
Somikov
just joined
Posts: 5
Joined: Fri Jul 25, 2014 5:39 pm

Re: v6.16/v6.17

Tue Jul 29, 2014 2:15 pm

New feature?
Watchdog timer is disabled, but the router still reboots on watchdog timer.
And it does not wait for 10 minutes, and may restart in 30 seconds.
So what? It is a bug or a feature?
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Tue Jul 29, 2014 2:26 pm

New feature?
Watchdog timer is disabled, but the router still reboots on watchdog timer.
And it does not wait for 10 minutes, and may restart in 30 seconds.
So what? It is a bug or a feature?
I already answered a few posts above
No answer to your question? How to write posts
 
pchott
newbie
Posts: 39
Joined: Tue Apr 29, 2014 11:15 am
Location: Holzkirchen, Germany

Re: v6.16/v6.17

Tue Jul 29, 2014 3:39 pm

In version 6.15 I was not able to configure transparent web-proxy to show this login page: http://www.samplecomponents.com/scripts ... ll?hittite
what were your steps to do that? we're not telepathists. what do you mean saying 'to show this page'? all pages were opening normally, and that only page didn't work?

I had been running transparent web-proxy for week and users did not report any other problems than on this page. I was trying to diagnose but without luck, why is only happen on this page. Maybe some other but was not hit in test time.

config
/ip proxy
set cache-administrator=it@test.com cache-on-disk=yes enabled=\
    yes max-cache-size=none max-fresh-time=1w
/ip proxy access
add action=deny comment="block telnet & spam e-mail relaying" disabled=yes \
    dst-port=23-25
add action=deny comment=\
    "allow CONNECT only to SSL ports 443 [https] and 563 [snews]" dst-port=\
    !443,563 method=CONNECT
I'll do some tests at weekend, maybe I can give more info then
 
User avatar
sumanbarman
just joined
Posts: 18
Joined: Tue Jul 08, 2014 4:26 pm
Location: Chittagong,Bangladesh

Re: v6.16/v6.17

Tue Jul 29, 2014 4:14 pm

But still now transparent web proxy doesn't work in both 6.15 & 6.17
what exactly doesn't work? what do you check, what do you expect to see and what results do you actually see?

I see that /queue tree is not working in 6.15 & 6.17
it does not touch the any traffic ...... ?
here is my /queue tree configuration

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="Unlimited Speed for CACHE"
packet-mark=cache-hits parent=global priority=8 queue=default
Suman Barman
System Admin
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8321
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.16/v6.17

Tue Jul 29, 2014 4:19 pm

and what about your Mangle rule? does it count packets?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
sumanbarman
just joined
Posts: 18
Joined: Tue Jul 08, 2014 4:26 pm
Location: Chittagong,Bangladesh

Re: v6.16/v6.17

Tue Jul 29, 2014 4:24 pm

and what about your Mangle rule? does it count packets?
It's not count any packet.
here is my mangle rule :

/ip firewall mangle
add action=mark-packet chain=output comment="CACHE HIT" disabled=no dscp=4 new-packet-mark=cache-hits passthrough=no
Suman Barman
System Admin
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8321
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.16/v6.17

Tue Jul 29, 2014 4:29 pm

then that queue should not work ;)

was that mangle rule working in v6.15?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
sumanbarman
just joined
Posts: 18
Joined: Tue Jul 08, 2014 4:26 pm
Location: Chittagong,Bangladesh

Re: v6.16/v6.17

Tue Jul 29, 2014 4:31 pm

Same strange problem with also 6.15
Suman Barman
System Admin
 
User avatar
sumanbarman
just joined
Posts: 18
Joined: Tue Jul 08, 2014 4:26 pm
Location: Chittagong,Bangladesh

Re: v6.16/v6.17

Tue Jul 29, 2014 4:36 pm

here is my router full configuration:
[admin@MikroTik] > export
# jul/29/2014 19:32:54 by RouterOS 6.17
# software id = XXXX-XXXX
#
/interface ethernet
set [ find default-name=ether2 ] name=LAN
set [ find default-name=ether3 ] name=WIMAX
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk,wpa-eap,wpa2-eap \
management-protection=allowed mode=dynamic-keys name=profile1 \
supplicant-identity="" wpa-pre-shared-key=0085642200 wpa2-pre-shared-key=\
0085642200
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=2 band=2ghz-b/g/n disabled=no \
frequency=auto l2mtu=2290 mode=ap-bridge name=WLAN nv2-preshared-key=\
0085642200 nv2-security=enabled security-profile=profile1 ssid=01670397585
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/queue simple
add burst-limit=1M/1M burst-threshold=1M/1M burst-time=5s/5s limit-at=512k/512k \
max-limit=512k/512k name="Desktop pc 01" priority=1/1 target=\
192.168.2.10/32
add burst-limit=512k/512k burst-threshold=512k/512k burst-time=5s/5s limit-at=\
512k/512k max-limit=512k/512k name="Desktop pc 02" target=192.168.0.10/32
add burst-limit=1M/1M burst-threshold=1M/1M burst-time=5s/5s limit-at=512k/512k \
max-limit=512k/512k name="SYMPHONY W68" target=192.168.0.20/32
add burst-limit=512k/512k burst-threshold=512k/512k burst-time=5s/5s limit-at=\
512k/512k max-limit=512k/512k name=Guest target=192.168.0.30/32
add burst-limit=1M/1M burst-threshold=1M/1M burst-time=5s/5s limit-at=512k/512k \
max-limit=512k/512k name="Walton GH+" target=192.168.0.40/32
/queue tree
add name="Unlimited Speed for CACHE" packet-mark=cache-hits parent=global \
queue=default
/ip address
add address=192.168.1.10/24 interface=WIMAX network=192.168.1.0
add address=192.168.2.1/24 interface=LAN network=192.168.2.0
add address=192.168.0.1/24 interface=WLAN network=192.168.0.0
/ip arp
add address=192.168.0.20 interface=WLAN mac-address=8C:C5:E1:54:41:CF
add address=192.168.2.10 interface=LAN mac-address=00:30:67:ED:20:74
add address=192.168.0.10 interface=WLAN mac-address=74:D0:2B:CE:F0:9F
/ip dns
set allow-remote-requests=yes cache-size=25000KiB max-udp-packet-size=512 \
servers=8.8.8.8,8.8.4.4,208.67.222.222,208.67.220.220
/ip firewall address-list
add address=0.0.0.0/8 list=BOGONS
add address=10.0.0.0/8 list=BOGONS
add address=100.64.0.0/10 list=BOGONS
add address=127.0.0.0/8 list=BOGONS
add address=169.254.0.0/16 list=BOGONS
add address=172.16.0.0/12 list=BOGONS
add address=192.0.0.0/24 list=BOGONS
add address=192.0.2.0/24 list=BOGONS
add address=192.168.0.0/16 list=BOGONS
add address=198.18.0.0/15 list=BOGONS
add address=198.51.100.0/24 list=BOGONS
add address=203.0.113.0/24 list=BOGONS
add address=224.0.0.0/3 list=BOGONS
/ip firewall filter
add chain=input comment="Accept established connections" connection-state=\
established
add chain=input comment="Accept related connections" connection-state=related
add action=drop chain=input comment="Drop invalid connections" \
connection-state=invalid
add chain=input comment=UDP protocol=udp
add chain=input comment="Allow limited pings" limit=50/5s,2 protocol=icmp
add action=drop chain=input comment="Drop excess pings" protocol=icmp
add chain=input comment="SSH for secure shell" dst-port=22 protocol=tcp
add chain=input comment=winbox dst-port=8291 protocol=tcp
add chain=forward comment="allow established connections" connection-state=\
established
add chain=forward comment="allow related connections" connection-state=related
add action=drop chain=forward comment="drop invalid connections" \
connection-state=invalid
add action=jump chain=forward comment="jump to the virus chain" jump-target=\
virus
add action=tarpit chain=input connection-limit=3,32 protocol=tcp \
src-address-list=blocked-addr
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=135-139 \
protocol=tcp
add action=drop chain=virus comment="Drop Messenger Worm" dst-port=135-139 \
protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=445 protocol=\
tcp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=445 protocol=\
udp
add action=drop chain=virus comment=________ dst-port=593 protocol=tcp
add action=drop chain=virus comment=________ dst-port=1024-1030 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" dst-port=1080 protocol=tcp
add action=drop chain=virus comment=________ dst-port=1214 protocol=tcp
add action=drop chain=virus comment="ndm requester" dst-port=1363 protocol=tcp
add action=drop chain=virus comment="ndm server" dst-port=1364 protocol=tcp
add action=drop chain=virus comment="screen cast" dst-port=1368 protocol=tcp
add action=drop chain=virus comment=hromgrafx dst-port=1373 protocol=tcp
add action=drop chain=virus comment=cichlid dst-port=1377 protocol=tcp
add action=drop chain=virus comment=Worm dst-port=1433-1434 protocol=tcp
add action=drop chain=virus comment="Bagle Virus" dst-port=2745 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" dst-port=2283 protocol=tcp
add action=drop chain=virus comment="Drop Beagle" dst-port=2535 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" dst-port=2745 protocol=\
tcp
add action=drop chain=virus comment="Drop MyDoom" dst-port=3127-3128 protocol=\
tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" dst-port=3410 \
protocol=tcp
add action=drop chain=virus comment=Worm dst-port=4444 protocol=tcp
add action=drop chain=virus comment=Worm dst-port=4444 protocol=udp
add action=drop chain=virus comment="Drop Sasser" dst-port=5554 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" dst-port=8866 protocol=tcp
add action=drop chain=virus comment="Drop Dabber.A-B" dst-port=9898 protocol=\
tcp
add action=drop chain=virus comment="Drop Dumaru.Y" dst-port=10000 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom.B" dst-port=10080 protocol=tcp
add action=drop chain=virus comment="Drop NetBus" dst-port=12345 protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" dst-port=17300 protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" dst-port=27374 protocol=tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" dst-port=\
65506 protocol=tcp
add chain=forward comment="Allow HTTP" dst-port=80 protocol=tcp
add chain=forward comment="Allow SMTP" dst-port=25 protocol=tcp
add chain=forward comment="allow TCP" protocol=tcp
add chain=forward comment="allow ping" protocol=icmp
add chain=forward comment="allow udp" protocol=udp
add action=drop chain=forward comment="drop everything else"
/ip firewall mangle
add action=change-dscp chain=output comment="HIT TRAFFIC FROM PROXY" disabled=\
yes new-dscp=4
add action=mark-packet chain=output comment="CACHE HIT" dscp=4 new-packet-mark=\
cache-hits passthrough=no
/ip firewall nat
add action=redirect chain=dstnat dst-port=80 protocol=tcp to-ports=8080
add action=masquerade chain=srcnat out-interface=WIMAX src-address=\
192.168.2.0/24
add action=masquerade chain=srcnat out-interface=WIMAX src-address=\
192.168.0.0/24
/ip ipsec policy
add template=yes
/ip proxy
set cache-on-disk=yes enabled=yes max-client-connections=1000 \
max-server-connections=1000 parent-proxy=0.0.0.0
/ip proxy access
add action=deny comment="block telnet & spam e-mail relaying" dst-port=23-25
add action=deny comment=\
"allow CONNECT only to SSL ports 443 [https] and 563 [snews]" dst-port=\
!443,563 method=CONNECT
add comment="Enable Http Connection" dst-port=80
/ip proxy cache
add action=deny disabled=yes dst-host=":cgi-bin \\\?"
add action=deny disabled=yes dst-host=":cgi-bin \\\\\\\?"
/ip route
add distance=1 gateway=192.168.1.1
/ip upnp
set allow-disable-external-interface=no
/system clock
set time-zone-name=Asia/Dhaka
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set WLAN disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set LAN disabled=yes display-time=5s
set WIMAX disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
/system leds
set 0 interface=WLAN
/system ntp client
set enabled=yes primary-ntp=211.233.40.78 secondary-ntp=218.189.210.3
/system upgrade upgrade-package-source
add address=192.168.2.1 user=admin
/tool graphing interface
add interface=LAN
add interface=WIMAX
add interface=WLAN
/tool graphing queue
add simple-queue="Desktop pc 01"
add simple-queue="Desktop pc 02"
add simple-queue="SYMPHONY W68"
/tool graphing resource
add
Suman Barman
System Admin
 
Somikov
just joined
Posts: 5
Joined: Fri Jul 25, 2014 5:39 pm

Re: v6.16/v6.17

Tue Jul 29, 2014 4:37 pm

I already answered a few posts above
I read your answer, but later than the written message.
Router reboots because that no response from the server 8.8.8.8.
In one of the five routers installed in intercity buses, stable, every few days, reset settings R52 Wi-Fi adapter on RB411U.
I doubt that the problem in ROS 6.17.
How to diagnose the problem?
Last edited by Somikov on Tue Jul 29, 2014 4:57 pm, edited 1 time in total.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8321
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.16/v6.17

Tue Jul 29, 2014 4:43 pm

ping watchdog is enabled by setting an IP address. remove IP address - ping watchdog will be disabled. watchdog-timer is about hardware watchdog
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
joegoldman
Long time Member
Long time Member
Posts: 510
Joined: Mon May 27, 2013 2:05 am

Re: v6.16/v6.17

Tue Jul 29, 2014 5:09 pm

Not sure if this is a bug in older versions - only just noticed today with a custom setup - RB 951-2n running ROS 6.17, when a pppoe-client interface is part of a VRF, the default route learned from the ppp connection is not added to the VRF but to the main routing table.
 
Somikov
just joined
Posts: 5
Joined: Fri Jul 25, 2014 5:39 pm

Re: v6.16/v6.17

Tue Jul 29, 2014 5:16 pm

ping watchdog is enabled by setting an IP address. remove IP address - ping watchdog will be disabled. watchdog-timer is about hardware watchdog
With this, I understood everything. Thank you.
Very often, the router does not have time to restore 3g connection, because the router is rebooted ping timeout.
This happens because that timer counts time from the last attempt.
And so, reboot the router ping timeout can occur 30 seconds after disconnection.
Correct if I'm wrong.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8321
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.16/v6.17

Tue Jul 29, 2014 5:25 pm

probably. I asked for tunable parameters of ping watchdog a few years ago, but still nothing :)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3089
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: v6.16/v6.17

Wed Jul 30, 2014 12:52 pm

Cool, on some routers disapeared configuration after update. Firmwares more and more worse from version to version.
I've now updated some 150 units. Most from 6.15 to 6.17, some from 6.13 or even 6.10. Out of these 150 some 5-7 lost their config.

One particular groove had 6.15 running. It had some (other) issue. Corrected it, unit was up and running. Client had internet. Decided to do a upgrade to 6.17.
After the reboot the unit came up, was present in the AP registration table but I had no access. Not by IP nor mac (winbox). Even the ping didn't got a reply. But is was connected! Client had no internet. Asked him to do a power reset. Antenna is now on my desk. No more access. Have it now on my desk. No access. Reset doesn't bring it back. Guess I have to do a ether-net install. :( See if that works.

Other example; Installed newly configure groove with 5.17. Worked fine at my house. Brought to client, installed it and worked fine... for an hour or so. Since than all connectivity lost. Technician went back. No more access. He brought brandnew SXT-Lite with him. That was configured and tested fine in my house for use at other new client. Installed it, worked for some hours... disconnected and not able to reach anymore. Technician has to go back to replace....

Two other Groove's were updated from 5.15 to 5.17 and ceased to work within 12 hours.....

I don't know what is causing this. We have no difficult config. Just wireless station mode with freq. set in scan list and NV2 and 'connect to' list in use. Fixed IP on clients side (ethernet) with dhcp-server and wlan is dhcp-client and firewall has masquerade nat with some simple rules to protect intruders. Some dns and ntp setting and that's it. No tunnels or complicate routing.

It is impossible to make supout.rif because the units become completely in-accessible. This really is something MT has to look at.
Show your appreciation of this post by giving me Karma! Thanks.

Rudy R. Puister

WISP operator based on MT routerboard & ROS.
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3089
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: v6.16/v6.17

Wed Jul 30, 2014 1:01 pm

In addition to my last post; IN 6.15 we had some units loosing their config. They were reset. But still able to reach by a mac winbox session. So we could than ren-instate the backup config and it solved the problem.
I've in 6.17 had 2 units that just lost part of their config. No more access to the AP and we found that the wlan interface disappeared in the several instances were it is used ('connect to' list, dhcp-client). Also the dhcp-server had no more interface assigned (should be ether1).
In this case we could mac-winbox in and set the interfaces right on the different settings and the unit worked again...

We didn't make supout.rifs here because these were production units on clients that already complained and the technician's time is already stretched...

This whole 'losing config' or worse started with the introduction of the new wireless package. I am not saying that that is the cause, but it happened at the same time we started to use it...... (so basically 6.15 and higher...)
Show your appreciation of this post by giving me Karma! Thanks.

Rudy R. Puister

WISP operator based on MT routerboard & ROS.
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3089
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: v6.16/v6.17

Wed Jul 30, 2014 2:07 pm

Just tried to netinstall some of the units that ceased to work after upgrade to 6.17. Impossible. Although the network adapter in the laptop tells me it is connected, and the led light of the ethernet also shows their is connection, winbox or the netinstall program are not able to talk to the units...
I'll guess it's going to be the RMA process....... :(

I've now 5 or 6 units after some 100 upgrades... 5% failure rate. Very poor..... I am not happy!
I'll stop further upgrade until we have new, better ros. Probably 6.22 or so...... :?
Show your appreciation of this post by giving me Karma! Thanks.

Rudy R. Puister

WISP operator based on MT routerboard & ROS.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Wed Jul 30, 2014 2:15 pm

We have found some issue in mips-be that could fix your issue, Rudy. Please wait until tomorrow until we have something to test.
No answer to your question? How to write posts
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3089
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: v6.16/v6.17

Wed Jul 30, 2014 2:31 pm

We have found some issue in mips-be that could fix your issue, Rudy. Please wait until tomorrow until we have something to test.
Well, let's see. But for the 'dead' units it will be too late. They have to be send back I'm afraid. There is no way I can login to these. Winbox nor Telnet 'sees' the units anymore. (I'm referring 2 grooves now. They both worked and only passed away after the remote upgrade fm 6.15 toward 6.17).
I still have to test 2 SXT's I believe, they are on their way to me..
Show your appreciation of this post by giving me Karma! Thanks.

Rudy R. Puister

WISP operator based on MT routerboard & ROS.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24338
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.16/v6.17

Wed Jul 30, 2014 2:44 pm

We have found some issue in mips-be that could fix your issue, Rudy. Please wait until tomorrow until we have something to test.
Well, let's see. But for the 'dead' units it will be too late. They have to be send back I'm afraid. There is no way I can login to these. Winbox nor Telnet 'sees' the units anymore. (I'm referring 2 grooves now. They both worked and only passed away after the remote upgrade fm 6.15 toward 6.17).
I still have to test 2 SXT's I believe, they are on their way to me..
Netinstall should be able to revive them. If not, maybe you have some other issue with them
No answer to your question? How to write posts
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Wed Jul 30, 2014 3:26 pm

I still upgrade all my devices with last 3.17/3.18 BIOS and RouterOS 6.17,
I'm doing that from the day is out,
NO ONE SINGLE PROBLEM,
I'm a WISP and I have updated/upgraded almost 400 mipsbe devices and 10 ppc (RB1xxx) without any problem.

I have near all models on production environment, from RB411 to QRT-5,
the only devices I do not have are mipsle and tilera models.
I'm Italian, not English. Sorry for my imperfect grammar.
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3089
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: v6.16/v6.17

Wed Jul 30, 2014 5:00 pm

We have found some issue in mips-be that could fix your issue, Rudy. Please wait until tomorrow until we have something to test.
Well, let's see. But for the 'dead' units it will be too late. They have to be send back I'm afraid. There is no way I can login to these. Winbox nor Telnet 'sees' the units anymore. (I'm referring 2 grooves now. They both worked and only passed away after the remote upgrade fm 6.15 toward 6.17).
I still have to test 2 SXT's I believe, they are on their way to me..
Netinstall should be able to revive them. If not, maybe you have some other issue with them
Both the 2 Groove's I had the issue were actually running fine and delivering internet to the client.
One groove went completely dead after the upgrade, the other was still connecting to the AP and even getting an IP fm the dhcp-server. But I couldn't reach it and the client had no internet he said. So I asked him to do a power cycle and since that it is dead.

Both are on my desk now, when I try to netinstall (or whatever kind of bootup; normal or with pressed reset button to get it reset) it just beeps, leds come on and go off when button is released (for reset) or after a while (so netinstall should hand out IP to the unit).
In all cases, the unit doesn't come up with its second series of beeps, to tell me the bootup is finished.
And in both cases, winbox won't see the unit and netinstall doesn't show anything neither.... so I really wouldn't know what to do more to these apart from sending them back to supplier....
Show your appreciation of this post by giving me Karma! Thanks.

Rudy R. Puister

WISP operator based on MT routerboard & ROS.
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3089
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: v6.16/v6.17

Wed Jul 30, 2014 5:05 pm

I still upgrade all my devices with last 3.17/3.18 BIOS and RouterOS 6.17,
I'm doing that from the day is out,
NO ONE SINGLE PROBLEM,
I'm a WISP and I have updated/upgraded almost 400 mipsbe devices and 10 ppc (RB1xxx) without any problem.

I have near all models on production environment, from RB411 to QRT-5,
the only devices I do not have are mipsle and tilera models.
hmm, strange. But yeah, I also started it when it came out. It is only the last days we find some units are giving the problems. Doesn't mean the problem wasn't there before. It just didn't surface yet. I am not monitoring all clients. Some units might not be seen because they are down but I only react when the client calls. Many client switch their stuff off so If I can see or not see the CPE is not always a proof it is down.

Could you share us with a sample CPE setup? So I can see what differences you might have compared with my relative simple setups. (masquerade secrete/private items).
It could be it has something to do with power issues. We already saw before (6.13, 6.15) that some units lost their configs due a short lived power cut. But they were always recoverable locally.
These ones now are really not accessible anymore.....
Show your appreciation of this post by giving me Karma! Thanks.

Rudy R. Puister

WISP operator based on MT routerboard & ROS.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Wed Jul 30, 2014 10:23 pm

The CPE setup is very easy and simple.

wlan1 connected on AP by wpa2 aes-ccm and nv2 security active 5ghz-a/n wireless protocol "any" nstreme active
mode "station", no WDS used.

[this settings are for let the AP choice the protocol mode]

pppoe-client are linked on wlan1 (no ip on wlan1)
MRRU are set to 1614 and MPPE encryption are enabled (not required)
use peer dns are active
change mtu are active (on server side)
on ether1 are one fixed ip with classic DHCP Server network
UPnP active
SNTP active
DNS active (with firewall rule drop request incoming from internet)
normal masquerade.
script for reboot the cpe each 28 days @ 04:00 AM
script each 5 min for activate all ethernet and all wireless interface disabled (for errors....)
all the service stopped, except for winbox and http
firewal sip, ftp and pptp helper active, the others not.
Firewall mangle for mark all connection and packet from client network to internet.
The traffic incoming from internet is not marked.

Queue tree for limit all traffic on out from how many bandwidth client buy. (no burst, pure symmetric bandwidth)
sub queue for prioritizing voip and reserve 64k for each number client own.

ALL THE WIRELESS AND OTHER FIELDS PARAMETERS ARE THE RouterOS DEFAULT.

Nothing particular.

************************

On some of my old post I publish one method to add one script to restore wireless basic config to resetted wlan (how not matter).
Search, and if you have some luck is one anchr of salvation on some cases...
I'm Italian, not English. Sorry for my imperfect grammar.
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3089
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: v6.16/v6.17

Thu Jul 31, 2014 1:56 am

Well, if you call that simple, what do I have? It's even more simple...

wlan1 connected to AP by nv2 and security active only 5ghz-only-n and wireless protocol "nv2" active.
mode "station", no WDS used, freq. set in scan list, default data rates, client mode ANP,
AP with both mac and SSID in separate rules in 'connect to' list. All rest is default.

[In my experience this give the fastest reconnection and most stable connection for clients to AP. CPE's, even in 40+ CPE-AP network reconnect that fast in case of forced disconnect client hardly notices. This setting implemented in the time NV2 was not matured and airmax systems made my links go bananas. These settings were the only way of controlling my network.]

dhcp-client on wlan1
No specific MRRU setting, no MPPE encryption
dns setting set manually
no mtu change nowhere
ether1 fixed IP with classic DHCP Server network
UPnP not active (only at request)
SNTP client set with clock setting
SNMP enabled with some basic info. No further use. (In prep for some future usage.)
DNS active and remote access enabled (old remains in script, its not used. Client request direct to OpenDNS) (Since a year catch all dns requests in border router to dns cache system, that again asks OpenDNS and some others.)

normal masquerade
some standard dst-nat to reach client's wifi router or voip box. (It they have.)
only some script for address>dns name translation for use in mangle (In prep. for some future usage.)
scheduler set to run these daily.
all services enabled exept default disable www.ssl. (Firewall rules only allow outgoing traffic from client network and incoming only for winbox or telnet coming from our internal network. We have one big network. Address translation to public takes place in border router.)
Some mangle rules, not in use. (wrongly made. No time to correct these)
No queues. (Most firewalling, mangle and queueing is done in border router. Queues that could use the mangle marks are not in place. Need correction but thats how it is.)
All rest default.

So basically even more simple than yours.... I don't see any reason why any of these settings would make 'only some' units go down in an upgrade (+firmware upgrade) process.

I still bet on some power issue. I still have to get my SXT back that died on me. Maybe tomorrow late more news.....
Show your appreciation of this post by giving me Karma! Thanks.

Rudy R. Puister

WISP operator based on MT routerboard & ROS.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Thu Jul 31, 2014 9:39 am

When you update/upgrade the board, can you add watchdog?
I'm Italian, not English. Sorry for my imperfect grammar.
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3089
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: v6.16/v6.17

Thu Jul 31, 2014 2:47 pm

When you update/upgrade the board, can you add watchdog?
Yes, I can. Or; yes I have. Watchdog is enabled but without IP for test.
That's what I am thinking of to set, a IP that can be tested and if not reachable (due malfunction of the wireless or the radio link, but than again it also works if the AP is malfunctioning. This last is not so desirable because all CPE of a AP-network start to reboot...)
Now the issue is that watchdog is either not in action because the radio still can ping the AP (Because after all, it DOES get IP from AP/dhcp-server. It is just not able to reach by any telnet or winbox session, not from both ends), or the unit is just dead and therefore it also doesn't perform.
The idea would be a reboot might bring it back to life, and the supout.rif produced would be able to use for troubleshooting.
But the mail sending of the supout.rif is not working or the units in total just is inaccessible.

The only I can think of is to set watchdog with a ping to AP, I can then deny troubled unit access to AP so it disconnects and after the wait period the watchdog will produce supout.rif and store it. We only have to hope unit comes back alive afterwards..

But first I need to set 600 units with watchdog ping and an 'pingable' IP in the AP, and than hope (or not) that when I have same issue again evolving, at least that unit might able to produce a supout.rif..... Well, next year maybe. I just don't have the time to do that now, tomorrow or next week.....
Show your appreciation of this post by giving me Karma! Thanks.

Rudy R. Puister

WISP operator based on MT routerboard & ROS.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Thu Jul 31, 2014 3:52 pm

>>>...It is just not able to reach by any telnet or winbox session...<<<

And by MAC telnet on winbox -> AP -> ip/neighbors list?
I'm Italian, not English. Sorry for my imperfect grammar.
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3089
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: v6.16/v6.17

Thu Jul 31, 2014 4:44 pm

>>>...It is just not able to reach by any telnet or winbox session...<<<

And by MAC telnet on winbox -> AP -> ip/neighbors list?
I tried from AP side; mac-ping... no reply, ping.... no reply, mac telnet... disconnected, telnet ... no reply,
Then we tried with laptop from ethernet end. (By technician that doesn't know as much as me...) But winbox doesn't even 'see' it. We tried to contact it to its default ethernet IP address (after setting laptop to manual IP in same network) but no reply neither.
Laptop was also not getting IP address from CPE dhcp-server on the lan.
But symbols and lights on devices do notice the connection.

Later on my desk tried all the same from the ethernet end, no way.... just no response whatsoever, even not after 20 mins. (sometimes we have troubled units that only come up after long, long time..)

I didn't try via neighbor list from AP's end when unit was still 'visible' in the reg list but not responding. Since a power cycle mostly helps with 'stalled' radios, the standard is to do a power cycle first. Usually it solves the issue, but now it just stayed completely inaccessible. Off course it was too late than for the neighbor method.
Show your appreciation of this post by giving me Karma! Thanks.

Rudy R. Puister

WISP operator based on MT routerboard & ROS.
 
ste
Forum Guru
Forum Guru
Posts: 1816
Joined: Sun Feb 13, 2005 11:21 pm

Re: v6.16/v6.17

Thu Jul 31, 2014 5:21 pm

>>>...It is just not able to reach by any telnet or winbox session...<<<

And by MAC telnet on winbox -> AP -> ip/neighbors list?
I tried from AP side; mac-ping... no reply, ping.... no reply, mac telnet... disconnected, telnet ... no reply,
Then we tried with laptop from ethernet end. (By technician that doesn't know as much as me...) But winbox doesn't even 'see' it. We tried to contact it to its default ethernet IP address (after setting laptop to manual IP in same network) but no reply neither.
Laptop was also not getting IP address from CPE dhcp-server on the lan.
But symbols and lights on devices do notice the connection.

Later on my desk tried all the same from the ethernet end, no way.... just no response whatsoever, even not after 20 mins. (sometimes we have troubled units that only come up after long, long time..)

I didn't try via neighbor list from AP's end when unit was still 'visible' in the reg list but not responding. Since a power cycle mostly helps with 'stalled' radios, the standard is to do a power cycle first. Usually it solves the issue, but now it just stayed completely inaccessible. Off course it was too late than for the neighbor method.
We have lost 2 devices out of 50 after upgrading to 6.15. Then we stopped upgrading to 6.15. May be this problem persist for a while now. The devices are completely inaccessible. They have ethernet link but no neighbor discovery packets arive and mac-telnet do not work either. Not sure it was 6.15 or the firmware. One Omnitik and one RB411AH.
 
peydude
just joined
Posts: 7
Joined: Thu Mar 18, 2010 1:27 am

Re: v6.16/v6.17

Fri Aug 01, 2014 2:57 am

Changing profiles in quickset you get a warning that you could loose connectivity, no matter what i answer it just pops back to my original quickset profile.

Running Chromes and windows 7.
I have confirmed this on Safari and FireFox after I upgraded two SXT-AC units. Has this been confirmed as a bug?
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3089
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: v6.16/v6.17

Fri Aug 01, 2014 3:16 am

If a pre 6.14 or a 6.15 unit without installed wireless-fp package is updated to 6.17 via the winbox ; "system / packages / Check For Updates / Download & Upgrade" process, is now indeed the new wireless package installed?

I thought so, but since I now see that the Wireless CAPsMAN is still a separate package on the download site I got now the feeling you just update the old 'legacy' wireless package?

Is there anyone that can confirm which wireless package is now actually installed. (If it the new wireless-fp that gets installed it also means you cannot opt for having it NOT installed but the original instead?)

Could it be that some of the 'config lost' issue we see has to do with the fact the wireless package is new?
Show your appreciation of this post by giving me Karma! Thanks.

Rudy R. Puister

WISP operator based on MT routerboard & ROS.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2950
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.16/v6.17

Fri Aug 01, 2014 10:38 am

>>>If a pre 6.14 or a 6.15 unit without installed wireless-fp package is updated to 6.17 via the winbox ; "system / packages / Check For Updates / Download & Upgrade" process, is now indeed the new wireless package installed?

Yes is installed, BUT is inactive [if previously are not activated]

>>>Is there anyone that can confirm which wireless package is now actually installed.

Both, but is active only what you have active before update.

>>>(If it the new wireless-fp that gets installed it also means you cannot opt for having it NOT installed but the original instead?)

This not have any importance, if the "-fp" package are disabled, are disabled.

>>>Could it be that some of the 'config lost' issue we see has to do with the fact the wireless package is new?
I do more 5.25/5.26/6.7 to 6.17 (till today ~500 unit) no one single problem.
I'm Italian, not English. Sorry for my imperfect grammar.

Who is online

Users browsing this forum: No registered users and 86 guests