Community discussions

 
User avatar
MadEngineer
Member Candidate
Member Candidate
Posts: 133
Joined: Mon May 02, 2011 10:47 am
Location: New Zealand

Re: v6.40.4 [current]

Thu Oct 12, 2017 1:37 pm

Problem with SSTP. RB2011 here.

I have 22 clients connecting to various services from their homes using SSTP with cert. After upgrading to v6.40.4 I'm able to establish the connection, but for example - I can't RDP to Windows PCs. I can't ping any internal address from my IP pool.

After downgrade to 6.40.3 problem is resolved. Everything works as it should. I can see and connect to any PCs on my internal network.
are you using proxy-arp on your bridge?
MTCNA
 
revan
just joined
Posts: 3
Joined: Thu Oct 12, 2017 10:08 am

Re: v6.40.4 [current]

Thu Oct 12, 2017 8:56 pm

[admin@Chupaka-Home] > /ip dhcp-client export
/ip dhcp-client
add interface=vrrp-GW2 script=":log info \"Test DHCP Client Script\""
[/code]

So maybe some problem with your script
hmm. Yes, a single-line script works.
A script from several lines does not work. Do not tell me what's wrong?

/ip dhcp-client
add default-route-distance=15 dhcp-options=hostname,clientid disabled=no interface=WAN-ether10-netbynet script=":log info (\"dhcp script star\
ted.\")\
\n:if (\$bound = 1) do={ \
\n :log info (\"Update routing. Use gateway \" . \$gateway-address . \" for address \" . \$lease-address. \".\")\
\n :foreach i in [/ip route find where routing-mark=netbynet] do={/ip route remove \$i};\
\n\t:foreach i in [/ip route rule find where table=netbynet] do={/ip route rule remove \$i};\
\n\t/ip route add dst-address=0.0.0.0/0 gateway=\$gateway-address routing-mark=netbynet\
\n\t/ip route rule add src-address=\$lease-address dst-address=0.0.0.0/0 table=netbynet \
\n\t}\
\n:if (\$bound = 0) do={\
\n :log info (\"Address released. Clear routing.\")\
\n\t:foreach i in [/ip route find where routing-mark=netbynet] do={/ip route remove \$i};\
\n\t:foreach i in [/ip route rule find where table=netbynet] do={/ip route rule remove \$i};\
\n }\
\n:log info (\"dhcp script ended.\")" use-peer-dns=no
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 7850
Joined: Mon Jun 19, 2006 11:15 pm
Location: velcom, Minsk, Belarus
Contact:

Re: v6.40.4 [current]

Fri Oct 13, 2017 8:15 am

there are many reasons I can see. for example, correct form of
:foreach i in [/blablabla]
is
:foreach i in=[/blablabla]
,
$gateway-address
should be
$"gateway-address"
, etc

so your script is just syntactically incorrect
Russian-speaking forum: http://forum.mikrotik.by. Welcome :)

For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.
 
revan
just joined
Posts: 3
Joined: Thu Oct 12, 2017 10:08 am

Re: v6.40.4 [current]

Fri Oct 13, 2017 9:45 am

there are many reasons I can see. for example, correct form of
:foreach i in [/blablabla]
is
:foreach i in=[/blablabla]
,
$gateway-address
should be
$"gateway-address"
, etc

so your script is just syntactically incorrect
Сertainly. Thank you!
 
User avatar
indjov
just joined
Posts: 9
Joined: Fri Jun 03, 2016 12:23 pm

Re: v6.40.4 [current]

Fri Oct 13, 2017 11:02 am

Hello,

Yesterday i decided to upgrade, but I noticed that the USB port remains inactive after reboot my 951G-2HnD, whether it's a bug or I'm doing something wrong.
I need to remove usb modem and put it back into the socket and detect it, but that was not a problem for the previous version.
I make my upgrade from /system/pageckage/check updates and downloaded and then rebooted.
 
vkraynov
just joined
Posts: 1
Joined: Sat Oct 14, 2017 9:27 am

Re: v6.40.4 [current]

Sat Oct 14, 2017 9:35 am

HI
telnet button in webfig not work.

tools - telnet
and
http://192.168.88.1/webfig/#IP:Neighbors.Neighbors.1
button "telnet" and "MAC Telnet"
 
User avatar
Jotne
Member Candidate
Member Candidate
Posts: 195
Joined: Sat Dec 24, 2016 11:17 am

Re: v6.40.4 [current]

Sat Oct 14, 2017 11:09 am

Can confirm that telnet does not work. Clicking telnet menu does not bring up anything.

Not working on the rc either. Tested 6.41rc38 and 6.41rc44
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2029
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.40.4 [current]

Sat Oct 14, 2017 3:15 pm

In 6.40.4 is not possible disable IP services. All services are enabled. Disable button don´t work (in winbox). In terminal works
https://imgur.com/a/ZtwaS
LAN, FTTx, Wireless. ISP operator based on ROS.
 
User avatar
skillful
Trainer
Trainer
Posts: 555
Joined: Wed Sep 06, 2006 1:42 pm
Location: Abuja, Nigeria
Contact:

Re: v6.40.4 [current]

Sat Oct 14, 2017 5:39 pm

It surely works in winbox.
You do not have the required permissions to view the files attached to this post.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2029
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.40.4 [current]

Sun Oct 15, 2017 8:41 pm

It surely works in winbox.
Maybe on your routerboard. On rb922 (and others) don´t work
LAN, FTTx, Wireless. ISP operator based on ROS.
 
JohnTRIVOLTA
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Sun Dec 25, 2016 2:05 pm
Location: BG/Sofia

Re: v6.40.4 [current]

Sun Oct 15, 2017 9:06 pm

Problem with SSTP. RB2011 here.

I have 22 clients connecting to various services from their homes using SSTP with cert. After upgrading to v6.40.4 I'm able to establish the connection, but for example - I can't RDP to Windows PCs. I can't ping any internal address from my IP pool.

After downgrade to 6.40.3 problem is resolved. Everything works as it should. I can see and connect to any PCs on my internal network.
I have the same problem ! I have solved the problem - i don't downgrade, i rebuild and upload new certs on client boards , but this is if you have fewer customers :)
 
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1131
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40.4 [current]

Mon Oct 16, 2017 9:02 am

Version 6.40.4 release includes fixes in WPA2 protocol:
viewtopic.php?f=21&t=126695
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 199
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.40.4 [current]

Tue Oct 17, 2017 9:56 am

HI
telnet button in webfig not work.

tools - telnet
and
http://192.168.88.1/webfig/#IP:Neighbors.Neighbors.1
button "telnet" and "MAC Telnet"
Are you running MAC with HighSierra? If so you do no longer have telnet on the computer. Brew can reinstall it if you realy need it.
 
Nitroxide
just joined
Posts: 3
Joined: Tue Oct 17, 2017 11:47 am

Re: v6.40.4 [current]

Tue Oct 17, 2017 11:50 am

After deleting a panel all I get is a stack crash now and can't get back into the dude.

6.40.4 ACCESS VIOLATION at: 41515f

eip=41515f eflags=210202
edi=13a6f6c esi=1 ebp=99b044 esp=99b02c
eax=1 ebx=4288f20 ecx=0 edx=48d1980

log:
6d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab, 44de2c, 44e4ab, 44e52c, 46d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab]

unreliable backtrace:

modules:

stack: 0 4292567044

6.40.4 ACCESS VIOLATION at: 41515f

eip=41515f eflags=210202
edi=13f6f6c esi=1 ebp=99a9d4 esp=99a9bc
eax=1 ebx=4737c70 ecx=0 edx=47038b0

log:
6d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab, 44de2c, 44e4ab, 44e52c, 46d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab]

unreliable backtrace:

modules:

stack: 0 4292568692

6.40.4 ACCESS VIOLATION at: 41515f

eip=41515f eflags=210202
edi=13f6f6c esi=1 ebp=99a964 esp=99a94c
eax=1 ebx=48351e8 ecx=0 edx=475c978

log:
6d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab, 44de2c, 44e4ab, 44e52c, 46d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab]

unreliable backtrace:

modules:

stack: 0 4292568804

6.40.4 ACCESS VIOLATION at: 41515f

eip=41515f eflags=210202
edi=12b6f6c esi=1 ebp=99a964 esp=99a94c
eax=1 ebx=4844a98 ecx=0 edx=472cc68

log:
6d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab, 44de2c, 44e4ab, 44e52c, 46d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab]

unreliable backtrace:

modules:

stack: 0 4292568804

6.40.4 ACCESS VIOLATION at: 41515f

eip=41515f eflags=210202
edi=1426f6c esi=1 ebp=99a9d4 esp=99a9bc
eax=1 ebx=461cc68 ecx=0 edx=4713620

log:
6d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab, 44de2c, 44e4ab, 44e52c, 46d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab]

unreliable backtrace:

modules:

stack: 0 4292568692
 
User avatar
Anumrak
Member
Member
Posts: 353
Joined: Fri Jul 28, 2017 2:53 pm

Re: v6.40.4 [current]

Tue Oct 17, 2017 8:06 pm

Why can't I see the PPPoE gateway as nexthop in IP - Routes - Nexthops anymore? Since 6.40.4. Upgraded from 6.39.2.
6.40 Current Channel:
*) ppp - use interface name instead of IP as default route gateway;

Because of this?
If yes, then why did you do this? Ideologically.
Last edited by Anumrak on Wed Oct 18, 2017 6:41 pm, edited 2 times in total.
 
myke1124
just joined
Posts: 16
Joined: Fri Mar 28, 2014 2:15 am

Re: v6.40.4 [current]

Wed Oct 18, 2017 12:59 am

Windows dude client 6.40.4 is being detected as a Trojan by windows defender.
Is this an undocumented feature or a bug?
I found a post talking about it.
viewtopic.php?t=126357
 
anuser
Member Candidate
Member Candidate
Posts: 199
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.40.4 [current]

Thu Oct 19, 2017 12:48 am

I just noticed that I have multiple WAP AC with 6.40.4 with CPU running constantly at 100%. Has someone already opened a ticket for this one?
 
kamillo
Member Candidate
Member Candidate
Posts: 133
Joined: Tue Jul 15, 2014 5:44 pm

Re: v6.40.4 [current]

Thu Oct 19, 2017 11:03 am

CPU load on my WAP AC is nearly 0%, also 6.40.4 version (managed by CAPSMAN)
 
donline
just joined
Posts: 2
Joined: Mon Aug 14, 2017 10:31 am

Re: v6.40.4 [current]

Thu Oct 19, 2017 11:35 am

The DHCP over wds/wifi bridge issue reported on 6.40.1 by many people still exists in 6.40.4.

viewtopic.php?f=21&t=124247#p611930
viewtopic.php?f=21&t=124247#p612163
viewtopic.php?f=21&t=124247&start=50#p613101
 
anuser
Member Candidate
Member Candidate
Posts: 199
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.40.4 [current]

Thu Oct 19, 2017 11:51 am

CPU load on my WAP AC is nearly 0%, also 6.40.4 version (managed by CAPSMAN)
Well only some are affected. They are running for 13 days.
 
User avatar
Anumrak
Member
Member
Posts: 353
Joined: Fri Jul 28, 2017 2:53 pm

Re: v6.40.4 [current]

Thu Oct 19, 2017 2:23 pm

Why there are so many bugs in current version? Is it always like that?
 
pe1chl
Forum Guru
Forum Guru
Posts: 3764
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.40.4 [current]

Thu Oct 19, 2017 2:50 pm

I updated a router from 6.38.5 to 6.40.4 and after some time there is an issue with from_pool IPv6 addresses.
This router has a pool that is obtained from upstream using DHCPv6 PD (lease time is 2 hours).
There are two interfaces that obtain their address from this pool.
The addresses were both defined as address=::1/64 from-pool=poolname but after some time the
address on one of the interfaces changed to prefix::/64 (i.e. there is no :1 at the end of the address!)

I tried to reset it from the configuration and I looked in the /export but the ::1/64 appears nowhere. It looks
like it isn't stored and when the address is obtained again it gets the ::0 value.
This makes IPv6 IPsec fail because one of the endpoint addresses has vanished.
 
User avatar
Hotz1
Member
Member
Posts: 361
Joined: Tue Oct 09, 2007 6:55 am

Re: v6.40.4 [current]

Thu Oct 19, 2017 6:41 pm

Did the handling of default routes in OSPF change from 6.40.3 to 6.40.4?!

We upgraded everything from 6.40.3 last night. All routes are distributed as Type 1, and with the devices in question, all links have the same default cost (10). But for some reason, after upgrading to 6.40.4, some of our routers are choosing five-hop default routes, when they should be choosing the one-hop route they always used to use. When I look at the OSPF routes, the one-hop route and several indirect routes (to the same destination) all have the same cost. Shouldn't the longer routes reflect the accumulated cost of all the intervening hops? i.e., "Shortest Path First"?!

As a workaround, I had to manually increase the cost of several links, to "fool" the routers back into using the direct link they have been using all along. Not cool to get calls from subscribers with QoS problems because your network has started routing traffic stupidly.
Principal, Engineering
Cape Ann Communications, Inc.
Gloucester, MA, USA
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 199
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.40.4 [current]

Fri Oct 20, 2017 6:27 pm

Did the handling of default routes in OSPF change from 6.40.3 to 6.40.4?!

We upgraded everything from 6.40.3 last night. All routes are distributed as Type 1, and with the devices in question, all links have the same default cost (10). But for some reason, after upgrading to 6.40.4, some of our routers are choosing five-hop default routes, when they should be choosing the one-hop route they always used to use. When I look at the OSPF routes, the one-hop route and several indirect routes (to the same destination) all have the same cost. Shouldn't the longer routes reflect the accumulated cost of all the intervening hops? i.e., "Shortest Path First"?!

As a workaround, I had to manually increase the cost of several links, to "fool" the routers back into using the direct link they have been using all along. Not cool to get calls from subscribers with QoS problems because your network has started routing traffic stupidly.
For starters i'm against all imports type1 or what ever into ospf. But sometimes they are a must. Type-1's as far as I know should get default cost of process type-1 cost at ingress import router and then add all link costs on the way check the intermediate routers link costs and try figure out in witch state it does not add up. Then you have an eventual exact bug report or found your own error in the network.
 
pingueame
just joined
Posts: 1
Joined: Sat Oct 21, 2017 4:07 am

Re: v6.40.4 [current]

Sat Oct 21, 2017 4:29 am

hi, first post here

With v6.40.4, I 'm getting a "Request time out" error on Cloud, when I force update
[miusername@MikroTik] > /ip cloud force-update 
[miusername@MikroTik] > /ip cloud export 
# oct/20/2017 22:02:14 by RouterOS 6.40.4
# model = 951Ui-2HnD
/ip cloud
set ddns-enabled=yes
[miusername@MikroTik] > /ip cloud print  
    ddns-enabled: yes
     update-time: yes
  public-address: 1.2.3.4
        dns-name: ahostname.sn.mynetname.net
          status: Error: request timed out
         warning: DDNS server received request from IP 1.2.3.4 but your local IP was 192.168.0.3; DDNS service might not work.
I saw another guy with same problem on Facebook.

Funny thing is that seems to be working if I do test like pings or dns tests.
Anyone with problem or similar?
 
User avatar
Anumrak
Member
Member
Posts: 353
Joined: Fri Jul 28, 2017 2:53 pm

Re: v6.40.4 [current]

Sat Oct 21, 2017 11:17 am

hi, first post here

With v6.40.4, I 'm getting a "Request time out" error on Cloud, when I force update
[miusername@MikroTik] > /ip cloud force-update 
[miusername@MikroTik] > /ip cloud export 
# oct/20/2017 22:02:14 by RouterOS 6.40.4
# model = 951Ui-2HnD
/ip cloud
set ddns-enabled=yes
[miusername@MikroTik] > /ip cloud print  
    ddns-enabled: yes
     update-time: yes
  public-address: 1.2.3.4
        dns-name: ahostname.sn.mynetname.net
          status: Error: request timed out
         warning: DDNS server received request from IP 1.2.3.4 but your local IP was 192.168.0.3; DDNS service might not work.
I saw another guy with same problem on Facebook.

Funny thing is that seems to be working if I do test like pings or dns tests.
Anyone with problem or similar?
Try to update one more time. I got request timed out first time by forced update, but then it's updated successfully.
 
exdes
just joined
Posts: 1
Joined: Sun Oct 22, 2017 1:32 am

Re: v6.40.4 [current]

Sun Oct 22, 2017 1:34 am

On my CCR1009-7G-1C-1S+ after the updates the problems started with the module Mikrotik S+85DLC03D. After a reboot the module is defined, but the traffic does not go. Have to click on Disable/Enable the module, after which the traffic starts to go.
 
RBPete
just joined
Posts: 1
Joined: Tue Oct 24, 2017 8:55 am

Re: v6.40.4 [current]

Tue Oct 24, 2017 9:06 am

Hello,

Yesterday i decided to upgrade, but I noticed that the USB port remains inactive after reboot my 951G-2HnD, whether it's a bug or I'm doing something wrong.
I need to remove usb modem and put it back into the socket and detect it, but that was not a problem for the previous version.
I make my upgrade from /system/pageckage/check updates and downloaded and then rebooted.
I'm also experiencing this problem on a RB912UAG-2HPnD with a Sierra MC7304.

> port print detail
Flags: I - inactive
0 I name="usb1" used-by="" device="" channels=6 baud-rate=9600 data-bits=8 parity=none stop-bits=1
flow-control=none

The below fixes the problem until the next reboot, so I'm running that as a startup script for now as a work around.

/system routerboard usb set type=USB-type-A
/system routerboard usb set type=mini-PCIe
 
ksteink
just joined
Posts: 13
Joined: Thu Mar 31, 2016 6:54 pm

Re: v6.40.4 [current]

Tue Oct 24, 2017 4:42 pm

I want to share a very special case that happened to me after I did the upgrade to 6.40.4. I cannot tell if the issues / bug(s) came just with this new version but I want to point out the different aspects that impacted me. My issue happened with the RB2011UiAS-2HnD-IN model.

In my scenario I have external WAPs and I have disabled my Radio as I use only my device for routing / Firewall. Let me point out some of the problems / bug that I run:

(1) When I entered the quick setup in Winbox it shows incorrectly the parameters:

- The router shows in Bridge mode, instead of Router mode.
- When I click on Router Mode, it inverts the LAN interfaces with the WAN interfaces.
- If I change the IP addresses, they do totally a different thing: The LAN IP address is moved to the Ether 1 (WAN interface). and the LAN interface becomes the SFP1 (that is not in use).
- Basically everything screws up.
- If I turn the wireless radio ON, and if I click on the Quick Setup again, the Router shows properly the configuration: Router instead of Bridge and the LAN and WAN interfaces.

Even with that, if I change something in the Quick Setup then my whole configuration gets screws up. Even downgrading the version or re-configuring the router I get the same weird behavior here.

My solution was just to load the default configuration but NOT mess at all with Quick Setup. I also with the 6.39.3 Quick Fix I get the same behavior here.

(2) The second problem are the Firewall rules that comes by default:

4 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN log=no log-prefix=""

I did disable this rule as I have an OVPN setup to access remotely my router and I couldn't connect to the router for management when I did have this rule but without noticing the Firewall on the RouterOS started to accept any connections on the WAN interface of the router (Open Internet!!!!!!!!), which for me is unacceptable. I did open my network to the internet without knowing.

Now I am working on special rule set to keep the WAN shut but allow the remote management through the VPN.

(3) My last problem is a very weird one, not sure why and I have no clue. Basically I have enabled IPv6 by using an 6to4 tunnel with Hurricane Electric (HE). When I did reconfigured my router from scratch I didn't enable IPv6 and I found this very weird problem: Basically on Android devices trying to either download or update an application from the Google Play Store, the download never starts (basically became trying and trying). If I switch to LTE it started to work without an issue.

Once I re-activated IPv6, the Android devices switches to the Play Store IPv6 connection and updates / downloads start working without an issue. I did remove and replace all my firewall rules on IPv4 to discard a Firewall rule problem but even with that (and even no rules) it never worked on IPv4, only IPv6. I did tried this on 6.39.3 and 6.40.4 versions.

For now I am good using IPv6 but I have no idea how to fix the problem. I am planning to configure another Mikrotik Router (different model) and swap the routers just to test that this is only my router model / code or something else.

I hope my comments helps and I hope other members can either benefit or trim in providing additional input here.
 
pe1chl
Forum Guru
Forum Guru
Posts: 3764
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.40.4 [current]

Tue Oct 24, 2017 5:17 pm

Rule #1: use the quick setup only for initial setup of the router for a simple application.
After you have made additional detailed configuration, NEVER touch the quick setup again!
Don't get worried by the mode it shows, and never change anything (not even some simple thing like the identity)
and save it from the quick setup screen! It will destroy your config.
This is not new for this version.
IMHO quick setup should be disabled automatically after detailed config has been done or at least there should
be some option to disable it (not on quick setup screen of course) so disasters like you mention can be avoided.
 
ksteink
just joined
Posts: 13
Joined: Thu Mar 31, 2016 6:54 pm

Re: v6.40.4 [current]

Tue Oct 24, 2017 6:51 pm

Thanks for the advise on the Quick Setup. I learned it myself in the hard way by troubleshooting.

What is still a mystery for me is the issue with Google Play downloads over IPv4. Weird....
 
User avatar
ziegenberg
newbie
Posts: 37
Joined: Thu Mar 07, 2013 11:14 am
Location: Vienna
Contact:

Re: v6.40.4 [current]

Wed Oct 25, 2017 5:24 pm

Hi!

I want to share a very special case that happened to me after I did the upgrade to 6.40.4. I cannot tell if the issues / bug(s) came just with this new version but I want to point out the different aspects that impacted me. My issue happened with the RB2011UiAS-2HnD-IN model.
Number 1) has already been answered.

(2) The second problem are the Firewall rules that comes by default:

4 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN log=no log-prefix=""

I did disable this rule as I have an OVPN setup to access remotely my router and I couldn't connect to the router for management when I did have this rule but without noticing the Firewall on the RouterOS started to accept any connections on the WAN interface of the router (Open Internet!!!!!!!!), which for me is unacceptable. I did open my network to the internet without knowing.

Now I am working on special rule set to keep the WAN shut but allow the remote management through the VPN.
Using Quick Set erased your firewall config and replaced it with the default configuration. And as you disabled the firewall rule called "drop all not coming from LAN" what did you expect? You just did what it's says it will do. This rule shuts down the access from the outside world and you disabled it. Using an special rule before this one, allowing specific traffic is the way to go. So I do not see a bug or problem here.

For Number 3) I can't help you, because I do not use IPv6 (yet).

greetings, Daniel
 
ksteink
just joined
Posts: 13
Joined: Thu Mar 31, 2016 6:54 pm

Re: v6.40.4 [current]

Wed Oct 25, 2017 6:02 pm

Thanks for the "advise". This rule was never before on my base ruleset until I reset the whole configuration and I never had this issue to open these flows.

So pls don't tell me what to expect when a new rule shows up on my configuration after a reset.

I did try to share my experience for others to avoid the same issue.

I did modified the rule and now works as I needed to work (blocking everything except my connections over VPN).

Thanks for the advise.
 
fozjuliano
just joined
Posts: 2
Joined: Fri Oct 27, 2017 5:18 pm

Re: v6.40.4 [current]

Fri Oct 27, 2017 5:28 pm

I lost connection to mikrotik by API after updating at version 6.40.4.
Mikrotiks with previous versions (6.40.1) I have no problem. How can I solve it?
 
kamillo
Member Candidate
Member Candidate
Posts: 133
Joined: Tue Jul 15, 2014 5:44 pm

Re: v6.40.4 [current]

Fri Oct 27, 2017 6:06 pm

You can try to login to console and see what went wrong....
 
fozjuliano
just joined
Posts: 2
Joined: Fri Oct 27, 2017 5:18 pm

Re: v6.40.4 [current]

Fri Oct 27, 2017 6:37 pm

Connection attempt #1 to 10.11.12.100:8728... <<< [6] /login Connection attempt #2 to 10.11.12.100:8728... <<< [6] /login Connection attempt #3 to 10.11.12.100:8728... <<< [6] /login Connection attempt #4 to 10.11.12.100:8728... <<< [6] /login Connection attempt #5 to 10.11.12.100:8728... <<< [6] /login Error... Disconnected.
Attempted API connection to mikrotik. Not allowed /login
 
User avatar
indjov
just joined
Posts: 9
Joined: Fri Jun 03, 2016 12:23 pm

Re: v6.40.4 [current]

Sun Oct 29, 2017 10:48 am

NetWatch Interval bug?
Hello i notice that on my CRS109-8G-1S-2HnD (6.40.4 (stable)) have a problem with the interval time.
[admin@Fa1c0n] > /tool netwatch print
Flags: X - disabled 
 #   HOST                 TIMEOUT              INTERVAL             STATUS  SINCE               
 0   85.130.109.35        1s                   1m                   up      oct/29/2017 02:38:00
 1   93.123.65.33         10s                  1m                   up      oct/29/2017 11:42:22
 2   137.74.173.42        10s                  2m                   up      oct/29/2017 11:42:24
[admin@Fa1c0n] > 
11:42:22 system,info netwatch host modified by admin 
11:42:23 system,info netwatch host modified by admin 
11:42:39 script,info IRC UP SMS 
11:42:43 script,info OVH UP SMS 
How you can see it from the log that netwatch make check after 20 sec.
Any idea why and it`s that a bug
 
ArchiN
just joined
Posts: 1
Joined: Mon Oct 30, 2017 3:02 am

Re: v6.40.4 [current]

Mon Oct 30, 2017 3:06 am

what are you doing?

in systems - ports - the usb interface disappeared !!!!
for example sierra wireless mc7304 and other vendors in ppp-emulalation
Hello.

Did you fix this issue?
 
bratislav
newbie
Posts: 43
Joined: Mon May 05, 2014 10:36 am

Re: v6.40.4 [current]

Mon Oct 30, 2017 1:05 pm

It surely works in winbox.
Maybe on your routerboard. On rb922 (and others) don´t work
Interesting ... What versions of WinBox/Windows are you using?
 
User avatar
Anumrak
Member
Member
Posts: 353
Joined: Fri Jul 28, 2017 2:53 pm

Re: v6.40.4 [current]

Wed Nov 01, 2017 9:27 pm

Unused routing marks remains in table in ip route rule. Let it be, that they will remove too, after removing the last route with this mark. I don't to reboot my router to clear this cache. Thank you.
 
intrepidsilence
just joined
Posts: 1
Joined: Thu Nov 02, 2017 8:56 pm

Re: v6.40.4 [current]

Thu Nov 02, 2017 9:18 pm

Hi everyone! I upgraded my hEX to 6.40.4 last night and found that about 75% of my saved static DHCP leases with comments (took hours) are gone! Also, my backup that I made just prior to the upgrade will not restore.

Also, a few weeks ago ether2 lost its assigned IP address on a reboot. I know for a fact all of the settings had been saved. Why would things be disappearing on me like this?

This is starting to get really frustrating...

Any ideas would be greatly appreciated. The hEX box is only a couple of months old.
 
wiltshra
newbie
Posts: 31
Joined: Mon Jul 23, 2012 5:51 am
Contact:

Re: v6.40.4 [current]

Fri Nov 03, 2017 7:16 am

RB912UAG-2HnD (with Sierra MC7304 cellular modem)

My cellular (PPP) interface works perfectly OK with ROSv6.37.1.

Upgraded to ROSv6.40.4 and the cellular (PPP) interface stops working, and I notice the usb1 port (/ports) is now showing up red and invalid status.

Roll back to ROSv6.37.1 – and the PPP cellular interface starts working again.

When I try to load my usual configuration script (with ROSv6.40.4) I see these errors (inserted)

######################################################
# 4G (PPP) Setup
/system routerboard usb
set type=mini-PCIe
/port firmware
set directory=firmware ignore-directip-modem=yes
:delay 15s
/interface ppp-client remove ppp-out1
no such item
:delay 1s
/interface ppp-client
add name=Cellular4G port=usb1 add-default-route=yes allow=pap,chap,mschap1,mschap2 \
apn=$APN4G data-channel=2 info-channel=2 dial-on-demand=no disabled=no
input does not match any value of port
/ip firewall nat
add chain=srcnat out-interface=Cellular4G action=masquerade


When I do a clean Netinstall (no configuration) with ROSv6.37.1:
• PPP interface has a disabled ppp-out1 (PPP Client)
• Port List, shows usb1 port to be available


When I do a clean Netinstall (no configuration) with ROSv6.40.4:
• PPP interface has nothing (blank)
• Port List, has nothing (blank)

Seems like MikroTik broke something here in relation to the RB912UAG-2HnD
 
rsobczak
just joined
Posts: 7
Joined: Mon Aug 28, 2017 9:00 pm

Re: v6.40.4 [current]

Fri Nov 03, 2017 9:22 pm

Hi team,
As I see - quality of new ROS is not so good... It looks that problem with OVPN is already solved in current version and client is able to connect to server, however it seems that now problem appeared with OSPF... When I had all routers with 6.38.7 - all was working correctly. When I upgraded one router to 6.40.4 then all worked correctly too, but when I upgraded second one then OVPN was working correctly while OSPF all time is throwing error:
Discarding Hello packet: mismatch in network mask
mine=255.255.255.255
remote=255.255.255.0
source=10.28.0.254
Of course rouers' configuration weren't changed. Could you check it and fix?

Regards,
Radek
 
darkprocess
Member Candidate
Member Candidate
Posts: 249
Joined: Fri Mar 20, 2015 1:16 pm

Re: v6.40.4 [current]

Fri Nov 03, 2017 11:12 pm

Check your open vpn server settings. In netmask put 32. I had the same issue and that fixed it with ospf
 
rsobczak
just joined
Posts: 7
Joined: Mon Aug 28, 2017 9:00 pm

Re: v6.40.4 [current]

Sat Nov 04, 2017 10:48 am

@darkprocess,
But till version 6.40.0 everythink was working correctly in OSPF. It doesn't work now. I din't check it in earlier versions because OpenVPN was affected (seems that aleady fixed), but all should works with current configuration. The strange thing is that all is working between ROS in version 6.38.7 and 6.40.4 while with the same configuration but two routers with ROS in version 6.40.4 it doesn't work :(
 
darkprocess
Member Candidate
Member Candidate
Posts: 249
Joined: Fri Mar 20, 2015 1:16 pm

Re: v6.40.4 [current]

Sat Nov 04, 2017 11:58 am

I had the same issue than you.
 
darkprocess
Member Candidate
Member Candidate
Posts: 249
Joined: Fri Mar 20, 2015 1:16 pm

Re: v6.40.4 [current]

Sat Nov 04, 2017 11:59 am

Now i have all my routers in 6.40.4 with ospf and ovpn working fine.
 
rsobczak
just joined
Posts: 7
Joined: Mon Aug 28, 2017 9:00 pm

Re: v6.40.4 [current]

Sat Nov 04, 2017 5:13 pm

But Mikrotik changed something in ROS, because till version I could setup OSPF with:
- network type: broadcast
- network x.x.x.x/24 backbone
But now I had to modify my configuration due to version over 6.40.0 as below:
- network type: point-to-point
- network x.x.x.x/32 backbone
And the question is - why it changed already? Wasn't previous way correct? In this way of working everyone have to test that in newer version of ROS all is working in the same way as for old version or something has been changed and reconfiguration whole environment is needed... Am I correct?...
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 199
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.40.4 [current]

Sun Nov 05, 2017 12:18 pm

But Mikrotik changed something in ROS, because till version I could setup OSPF with:
- network type: broadcast
- network x.x.x.x/24 backbone
But now I had to modify my configuration due to version over 6.40.0 as below:
- network type: point-to-point
- network x.x.x.x/32 backbone
And the question is - why it changed already? Wasn't previous way correct? In this way of working everyone have to test that in newer version of ROS all is working in the same way as for old version or something has been changed and reconfiguration whole environment is needed... Am I correct?...
How can we possibly answer that question if we don't have the information on your network setup?
Both statements is accurate in different situations. I have both in my network working as expected. If you need to hammer this out then setup a new threat in "Forwarding Protocol" section describing your problem with picture of net and we can discuss the specifics about that setup.
 
mducharme
Trainer
Trainer
Posts: 371
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.40.4 [current]

Mon Nov 06, 2017 2:24 am

I think I found a TR069 bug.

If a DHCP hostname has a space (or possibly a special character) on the end (doesn't show up in winbox in the name, but shows up if I print the names via scripting), the MikroTik makes a malformed request to the TR069 ACS, if the Device.Host table is requested by the ACS, which contains those host names.

This crashes the ACS (GenieACS in this case).

If I delete the two DHCP leases on the MikroTik that are associated with devices with the space or special character at the end of the hostname, TR069 works perfectly.

Who is online

Users browsing this forum: psannz and 1 guest