Community discussions

MikroTik App
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 719
Joined: Thu Dec 11, 2014 8:53 am

v6.48.2 [stable] is released!

Tue Apr 13, 2021 4:01 pm

RouterOS version 6.48.2 has been released in public "stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.48.2 (2021-Apr-09 10:17):

*) bonding - improved system stability when disabling/enabling bonding ports;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - updated copyright notice;
*) crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) dhcp - fixed link state checking for DHCP client;
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) lora - added option to hide CRC error messages in monitor;
*) lora - improved downlink transmission;
*) ospf - fixed type-7 LSA translation to type-5;
*) ovpn - fixed route cache entry leak when establishing a new session;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) ptp - improved management service stability when receiving bogus packets;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb3011 - improved system stability when changing RouterBOARD settings (introduced in v6.48);
*) snmp - fixed SNMP trap agent address;
*) supout - fixed "topic" column presence in "Log" section;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tr069-client - improved management service stability when receiving bogus packets;
*) upgrade - fixed upgrade procedure on 16MB devices;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - fixed new interface addition;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.
 
User avatar
eworm
Forum Veteran
Forum Veteran
Posts: 792
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.48.2 [stable] is released!

Tue Apr 13, 2021 6:11 pm

Looks like RouterBOARD 962UiGS-5HacT2HnT (hAP ac) starts flapping ports...
Successfully updated about a dozen other devices without issues (so far, knocking wood).
 
Note
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Jun 03, 2016 12:39 pm

Re: v6.48.2 [stable] is released!

Tue Apr 13, 2021 7:21 pm

Looks like RouterBOARD 962UiGS-5HacT2HnT (hAP ac) starts flapping ports...
Successfully updated about a dozen other devices without issues (so far, knocking wood).
How can we test if ports r flapping?
 
johnson73
newbie
Posts: 28
Joined: Wed Feb 05, 2020 10:07 am
Location: Latvia

Re: v6.48.2 [stable] is released!

Tue Apr 13, 2021 8:55 pm

I finished my wAP 5Hac T2Hnd from version 6.48 to 6.48.2. No problems have been observed yet.
 
User avatar
doneware
Trainer
Trainer
Posts: 635
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: v6.48.2 [stable] is released!

Tue Apr 13, 2021 9:03 pm

*) ptp - improved management service stability when receiving bogus packets;

PTP as in precision time protocol, aka IEEE1588v2? is this available again?

i remember this was a crs317-only feature in 6.46beta55

*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);

but it was deactivated 6.46rc1

!) ptp - disabled support for IEEE 1588 Precision Clock Synchronization Protocol until further notice;
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Tue Apr 13, 2021 9:26 pm

Hmm, nothing about DoH memory leakage fix.
 
Cablenut9
Member Candidate
Member Candidate
Posts: 290
Joined: Fri Jan 08, 2021 5:30 am

Re: v6.48.2 [stable] is released!

Tue Apr 13, 2021 9:33 pm

Hmm, nothing about DoH memory leakage fix.
You don't need DoH.
 
User avatar
eworm
Forum Veteran
Forum Veteran
Posts: 792
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.48.2 [stable] is released!

Tue Apr 13, 2021 9:36 pm

Looks like RouterBOARD 962UiGS-5HacT2HnT (hAP ac) starts flapping ports...
Successfully updated about a dozen other devices without issues (so far, knocking wood).
Well, the device connectivity is stable after a power cycle... Holding thumbs.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Tue Apr 13, 2021 9:42 pm

You don't need DoH.
I do not need PTP uPnP OSPF PPoE +++.
But as long as a function is there, it should work.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2339
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.48.2 [stable] is released!

Tue Apr 13, 2021 9:49 pm

No 60Ghz changes? Please solve disconnecting client in P2MP
 
elbob2002
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 12:34 am

Upgraded an RB3011 to 6.48.2 and log started filling up with OSPF errors and no OSPF routes were being distributed.
Ignoring Link State Acknowledgment packet: wrong peer state
 state=2-Way

Other OSPF routers distributing routes on the same backbone include 3 CHRs and an RB750Gr3.

I wasn't planning to yet, but I upgraded the other devices to 6.48.2 and finally OSPF is working as it's supposed to again.

Just a heads up in case anyone else has as similar issue and suddenly finds themselves having to upgrade and reboot everything.
 
nexusds
newbie
Posts: 27
Joined: Fri Aug 16, 2019 6:51 am

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 7:30 am

Have upgraded the following and no issues so far

large numbers of;
HAPAC
450G
CRS112-8P-4S

Small numbers of;
CCR2004-1G-12S+2XS
CCR1072-1G-8S+
RB1100AH
RB 3011UiAS
CRS309-1G-8S+
CRS226-24G-2S+
CRS326-24S+2Q+
CRS354-48G-4S+2Q+ (these had previous port issues that haven't reoccurred since 6.48.1)
CRS328-24P-4S+
CHR (Hyper-V Hosted configs)

For those with issues, we update both Packages and RouterBoard Firmware to same version

Find memory usage is a bit less on some units
 
RedRoger
Posts: 0
Joined: Wed Feb 10, 2021 10:24 am

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 7:57 am

RB750Gr3
Menu System/health is still empty
You do not have the required permissions to view the files attached to this post.
 
mikr
Posts: 0
Joined: Fri Jun 05, 2020 12:25 pm

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 9:15 am

RB750Gr3
Menu System/health is still empty
Me too
 
Kindis
Member
Member
Posts: 375
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 9:23 am

Upgraded an RB3011 to 6.48.2 and log started filling up with OSPF errors and no OSPF routes were being distributed.
Ignoring Link State Acknowledgment packet: wrong peer state
 state=2-Way

Other OSPF routers distributing routes on the same backbone include 3 CHRs and an RB750Gr3.

I wasn't planning to yet, but I upgraded the other devices to 6.48.2 and finally OSPF is working as it's supposed to again.

Just a heads up in case anyone else has as similar issue and suddenly finds themselves having to upgrade and reboot everything.
Hmm interesting. I plan to upgrade my setups B side consisting of 3011. This means 50 % of the setup will be upgraded. Will do this today and report back and see if I also have issues with OSPF.
 
mikr
Posts: 0
Joined: Fri Jun 05, 2020 12:25 pm

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 9:28 am

RB750Gr3

After reboot router
Sometime my DHCP Server Lease lost all IP of dynamic address, static address still available, (Lease Time: 3d)

That issue in 6.48.1 and still in 6.48.2
 
mkx
Forum Guru
Forum Guru
Posts: 6021
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 9:36 am

Dynamic data (DHCP leases, adress lists, ...) doesn't survive reboot, only static data (written to non-volatile storage) does.

For DHCP lease list that's not a huge problem. When DHCP lease timer expires (or rather at half time), DHCP clients will try to renew leases and will request the same IP address. Which DHCP server generally grants (even if the lease was not in the dynamic lease list) unless there's a reason against it (e.g. another device acquired same IP address which generally doesn't happen due to address avaialbility checks which are performed by both DHCP client and DHCP server when acquiring new lease).
 
mikr
Posts: 0
Joined: Fri Jun 05, 2020 12:25 pm

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 10:06 am

Dynamic data (DHCP leases, adress lists, ...) doesn't survive reboot, only static data (written to non-volatile storage) does.

For DHCP lease list that's not a huge problem. When DHCP lease timer expires (or rather at half time), DHCP clients will try to renew leases and will request the same IP address. Which DHCP server generally grants (even if the lease was not in the dynamic lease list) unless there's a reason against it (e.g. another device acquired same IP address which generally doesn't happen due to address avaialbility checks which are performed by both DHCP client and DHCP server when acquiring new lease).
Thanks you for support!!
 
somu1795
just joined
Posts: 1
Joined: Wed Apr 14, 2021 10:26 am

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 10:31 am

I'm using the LHGG LTE6 device and after upgrading to 6.48.2 , I'm not able to access with winbox or web UI. I also tried ssh and telnet but no luck . Kindly help me out
 
eddieb
Member Candidate
Member Candidate
Posts: 224
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 11:06 am

Upgrading all my devices from 6.48.1 to 6.48.2 went smooth, no problems.
 
pe1chl
Forum Guru
Forum Guru
Posts: 7487
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 11:37 am

Dynamic data (DHCP leases, adress lists, ...) doesn't survive reboot, only static data (written to non-volatile storage) does.

For DHCP lease list that's not a huge problem. When DHCP lease timer expires (or rather at half time), DHCP clients will try to renew leases and will request the same IP address. Which DHCP server generally grants (even if the lease was not in the dynamic lease list) unless there's a reason against it (e.g. another device acquired same IP address which generally doesn't happen due to address avaialbility checks which are performed by both DHCP client and DHCP server when acquiring new lease).
In IP->DHCP server->DHCP config you can set when dynamic leases are written to non-volatile storage (disk).
This can be set to "immediately", "never", or you can enter some time delay like 01:00:00
Of course when it is set to "never" you will always lose your dynamic lease info on reboot, and when you write it, it can be kept after reboot, or maybe partially.
Note that setting it to "immediately" will give you all dynamic info even on unwanted reboots (crash, powerfail) but also it increases the wear on the flash memory.
I normally set this to 01:00:00 to not lose everything built up over a long time but not wear the flash with lots of unnecessary writes (especially on large wifi networks).
 
Kraken2k
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Wed Oct 01, 2014 1:50 pm
Location: Prague

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 11:42 am

Upgraded my RB4011 - after almost one day of usual operation, no issues encountered.
 
User avatar
amt
Long time Member
Long time Member
Posts: 527
Joined: Fri Jan 16, 2015 2:05 pm

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 11:52 am

after update fw of powerbox;
Untitled.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
ID
Posts: 0
Joined: Tue Dec 26, 2006 10:36 pm

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 12:56 pm

At least you can fix that problem which is solved at 6.49beta22
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
I didn't understan why fixes not taken from upstream (beta or whatever) version.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 12:59 pm

Mine 750G r3 do show System Health on RouterOS 6.48.2 using WinBox
.
System Healt.jpg

DoH turned on to test if there are still memory leakage.


After upgrade and reboot
* Average memory 28% -> 20% used
* Average cpu 8% -> 2%
But this may go up some after some time up.
You do not have the required permissions to view the files attached to this post.
 
safik
Posts: 0
Joined: Sun Jun 07, 2020 5:28 pm

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 3:47 pm

RB750Gr3 - CapsMan does not remember provision interface after reboot. Manual provision is required again. For version 6.48.1 it's ok.
 
patrickmkt
Member Candidate
Member Candidate
Posts: 178
Joined: Sat Jul 28, 2012 5:21 pm

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 4:00 pm

After successful update I attempted to do a backup and I now get:
"error creating backup file: could not read all configuration files"
 
Gooogast
just joined
Posts: 11
Joined: Sun Sep 20, 2020 5:57 pm

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 4:32 pm

CRS354
Not all updates from 6.49beta27 of Testing release tree went to 6.48.2 ?

Interested in
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
 
User avatar
prislonsky
just joined
Posts: 1
Joined: Tue Sep 18, 2018 1:05 pm
Location: Ukraine
Contact:

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 5:08 pm

After successful update I attempted to do a backup and I now get:
"error creating backup file: could not read all configuration files"
Execute the command:
ip ssh regenerate-host-key
and try again.
 
mkx
Forum Guru
Forum Guru
Posts: 6021
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 5:09 pm

Not all updates from 6.49beta27 of Testing release tree went to 6.48.2 ?

In ROS features are generally not back-ported. Only important fixes are. For new features and less important fixes you'll have to wait for 6.49 (release).
 
User avatar
storog
Posts: 0
Joined: Fri Dec 25, 2020 9:38 pm

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 5:32 pm

DoH turned on to test if there are still memory leakage.
How's it going with the doh? I'm also waiting for a leak fix to drag this function to the router.
 
cxcool
just joined
Posts: 4
Joined: Sun May 12, 2019 5:13 am

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 5:34 pm

kernel panic randomly on using x86 on Proxmox VE .

It happened in all version of 6.48 & 6.49 .
 
User avatar
eworm
Forum Veteran
Forum Veteran
Posts: 792
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 5:45 pm

After successful update I attempted to do a backup and I now get:
"error creating backup file: could not read all configuration files"
Chances are the ssh host keys are borked... Please try:
/ip ssh regenerate-host-key
/system reboot
Edit: Looks like prislonsky was faster... Anyway, should not be a big deal for Mikrotik to add a proper fix for this.
 
East2
Posts: 0
Joined: Wed Apr 14, 2021 6:50 pm

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 6:53 pm

kernel panic randomly on using x86 on Proxmox VE .

It happened in all version of 6.48 & 6.49 .
Check disable WatchDog, same problem have.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 8:26 pm

How's it going with the doh? I'm also waiting for a leak fix to drag this function to the router.
Does not look to good. It may be to short, but as seen below DoH enabled around 12:00 and sine then it has raised around 1%.
Will report back after some days.
Before I added DoH the memory was around 29/30% for month on RouterOS 6.48.0, after upgrade to 6.48.2 it was at round 2% for 2 hours before I turned on DoH.

.
doh_mem1.jpg
You do not have the required permissions to view the files attached to this post.
 
ErfanDL
Member
Member
Posts: 341
Joined: Thu Sep 29, 2016 9:13 am
Location: IRAN
Contact:

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 10:01 pm

How's it going with the doh? I'm also waiting for a leak fix to drag this function to the router.
Does not look to good. It may be to short, but as seen below DoH enabled around 12:00 and sine then it has raised around 1%.
Will report back after some days.
Before I added DoH the memory was around 29/30% for month on RouterOS 6.48.0, after upgrade to 6.48.2 it was at round 2% for 2 hours before I turned on DoH.

.
doh_mem1.jpg
whats this monitoring tool ?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 10:05 pm

Its the Splunk monitoring tool I have created for Mikrotik.

See more here: viewtopic.php?t=137338
 
Kindis
Member
Member
Posts: 375
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 11:12 pm

How's it going with the doh? I'm also waiting for a leak fix to drag this function to the router.
Does not look to good. It may be to short, but as seen below DoH enabled around 12:00 and sine then it has raised around 1%.
Will report back after some days.
Before I added DoH the memory was around 29/30% for month on RouterOS 6.48.0, after upgrade to 6.48.2 it was at round 2% for 2 hours before I turned on DoH.
So I did just go to DoH for all networks and now use my MY boxes for all DNS request with DoH as the method. Bought NextDNS so I thought it would be a good idea.
But I do not see the memory issue at all BUT I do not verify the certificate. I would like to but read that this is what is causing the memory issue so I do not do this.
Perhaps it does mean someone can be a man in the middle still but I'm happy so far.

So my point is that it is not the DoH feature but the certificate verification part of DoH that causes this issue!
Mem.JPG
Here is my monitoring that I started after implementing this. No issues if you ignore the downtime (of the monitoring server for patching etc)
NOTE: This is % of free memory not used!!!!
You do not have the required permissions to view the files attached to this post.
 
User avatar
prislonsky
just joined
Posts: 1
Joined: Tue Sep 18, 2018 1:05 pm
Location: Ukraine
Contact:

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 11:19 pm

Mine 750G r3 do show System Health on RouterOS 6.48.2 using WinBox
Model "RB750Gr3" displays status, but model "RouterBOARD 750G r3" does not
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 11:55 pm

But I do not see the memory issue at all BUT I do not verify the certificate. I would like to but read that this is what is causing the memory issue so I do not do this.
I have removed the verification of the certificate. Will have a look at log tomorrow.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Wed Apr 14, 2021 11:57 pm

Model "RB750Gr3" displays status, but model "RouterBOARD 750G r3" does not
Info from my router.
RouterBOARD 750G r3
So its not correct what you write, mine works.
 
User avatar
prislonsky
just joined
Posts: 1
Joined: Tue Sep 18, 2018 1:05 pm
Location: Ukraine
Contact:

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 12:37 am

Model "RB750Gr3" displays status, but model "RouterBOARD 750G r3" does not
Info from my router.
RouterBOARD 750G r3
So its not correct what you write, mine works.
Screenshot_2.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
Anastasia
newbie
Posts: 45
Joined: Wed Oct 28, 2015 7:12 pm

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 3:41 am

Hmm, nothing about DoH memory leakage fix.
you can write to support (support@mikrotik.com) and send them a file supout.rif?
maybe they can figure out where the problem is with the memory leak. If someone installed a new firmware and you have a memory leak, write to support.
 
mikr
Posts: 0
Joined: Fri Jun 05, 2020 12:25 pm

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 4:40 am

Model "RB750Gr3" displays status, but model "RouterBOARD 750G r3" does not
Info from my router.
RouterBOARD 750G r3
So its not correct what you write, mine works.
Screenshot_2.png
You can reboot router until system health work! It work with my router
 
jjmuriel
just joined
Posts: 3
Joined: Sat Mar 25, 2017 5:49 am
Location: Cali, Colombia
Contact:

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 5:18 am

The new update fix the RB3011's port flapping?
 
Elans
MikroTik Support
MikroTik Support
Posts: 107
Joined: Wed Apr 18, 2018 12:41 pm

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 7:30 am

after update fw of powerbox;
Untitled.jpg
Please write an e-mail to support@mikrotik.com or create a request via https://help.mikrotik.com/servicedesk and attach supout.rif file from this device.

RB750Gr3
Menu System/health is still empty
Thank you for the report!
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 7:53 am

Your RouterBoard has exactly the same name. One work, another not. As other writes, try some more reboots.
Mine has worked fine with all the version, so there may be a combination of factors that gives this problem
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 8:01 am

you can write to support (support@mikrotik.com) and send them a file supout.rif?
After removing Verify DoH Certificate, no more memory leakage.
Removed around 22:45 yesterday and log looks like this.
Email sent to support. SUP-47171
.
doh_mem2.jpg
You do not have the required permissions to view the files attached to this post.
Last edited by Jotne on Thu Apr 15, 2021 8:21 am, edited 1 time in total.
 
Kindis
Member
Member
Posts: 375
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 8:18 am

The new update fix the RB3011's port flapping?
No not this one but the previous one 6.48.1 fixed that issue if we are talking about issues that where added into 6.48 release.
 
User avatar
prislonsky
just joined
Posts: 1
Joined: Tue Sep 18, 2018 1:05 pm
Location: Ukraine
Contact:

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 9:15 am

Your RouterBoard has exactly the same name. One work, another not. As other writes, try some more reboots.
Mine has worked fine with all the version, so there may be a combination of factors that gives this problem
Yes, three consecutive reboots and health data were displayed. Thank you. This is very amazing. )
 
User avatar
onovy
just joined
Posts: 1
Joined: Tue Nov 26, 2019 12:43 am

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 9:18 am

*) console - require "write+ftp" permissions for exporting configuration to file;

is CVE-2021–27221, details here:
https://systemweakness.com/routeros-use ... e45d780dfe
 
DarkNate
Member
Member
Posts: 329
Joined: Fri Jun 26, 2020 4:37 pm

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 10:58 am

you can write to support (support@mikrotik.com) and send them a file supout.rif?
After removing Verify DoH Certificate, no more memory leakage.
Removed around 22:45 yesterday and log looks like this.
Email sent to support. SUP-47171
.
doh_mem2.jpg
I mean RouterOS is a routing OS, not a full-fledged DNS resolver solution. You could either offload that to a Pi or host it yourself on the cloud. DigitalOcean is dirt cheap in most countries with most ISPs being peered with them so you should get low latency in most cases anyway.

I'm currently handling DoH via dnscrypt-proxy and DNSSinkhole via Pi-Hole on a Pi. Though I'm planning to open up my DigitalOcean DNS resolver for replacing this. Sub 3ms latency for querying majority of the DNS queries on DigitalOcean in my country via DoH.
 
pe1chl
Forum Guru
Forum Guru
Posts: 7487
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 11:14 am

I mean RouterOS is a routing OS, not a full-fledged DNS resolver solution.
In cases like this we often see the disadvantage of the use of opensource software as a base but using home-built software on top of that.
Possibly combined with the urge to keep everything as compact as possible to fit everything in 16MB flash.

There are several full-fledged DNS resolver solutions already available in the opensource world, they could just have picked one of them and write a RouterOS-style configuration system for that.
Then we would also have DNSSEC handling, slave zones, etc etc.

But it looks like they wrote their own resolver, which worked fine when it was just a caching resolver, but then it was worked on for 2 different extensions:
- more capability for static records, forwarding to other servers for slave zones, etc
- addition of DoH

But apparently these two things were done by two different people and used two different designs and the whole thing became unstable.
DoH should have been added as an alternative backend (alternative to the static and dynamic resolvers that already were present), but instead it appears to be a bolt-on that replaces the entire resolver and causes all kinds of conflicts. It has a memory leak, has/had issues with the cache, does not work together with static forwarding records, etc.

The situation is comparable to OpenVPN. There is a reference implementation that is updated and does "what everyone wants", but instead we have to deal with the limitations of the clone that MikroTik wrote themselves. Even in v7.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 12:56 pm

I mean RouterOS is a routing OS, not a full-fledged DNS resolver solution. You could either offload that to a Pi or host it yourself on the cloud.
This you can say about nearly all the function. Should the be on the router or on another device?
Cloud
VPN
Hotspot
NTP serve
Dude
+++


As long as its on the router, it should work, so fix or remove,
 
User avatar
carl0s
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Thu Jun 25, 2009 7:18 pm

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 1:49 pm

No mention of this fixing the SIP / IP Neighbor problem from 6.48 ?

The issues can be frustrating, and 6.48 looks to have been abominable. I heard people refer to it as a bad release, but I only just read about each individual new problem. I have been fighing with SIP registration issues on a Gigaset handset, sigh. Just happened to coincide with me adding a second SIP account to the same provider. I thought it was a two-devices-NAT-to-the-same-VoIP-provider issue, but at least I now finally know what's up, after my customer the coffee shop got frustrated.

At least we get a proper changelog, for the stuff they know about anyway ;)
 
Paternot
Forum Veteran
Forum Veteran
Posts: 840
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 2:48 pm

Mine 750G r3 do show System Health on RouterOS 6.48.2 using WinBox
Model "RB750Gr3" displays status, but model "RouterBOARD 750G r3" does not
I have an 750G r3 (I think, your pictures where kinda the same for me), and the health status is working ok. The kink is: it only showed up after the firmware upgrade and reboot, and took about 30 or 40 seconds.
You do not have the required permissions to view the files attached to this post.
 
User avatar
nithinkumar2000
Member Candidate
Member Candidate
Posts: 121
Joined: Wed Sep 11, 2019 7:42 am
Location: Coimbatore
Contact:

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 8:20 pm

Thousands of Request from Years for IPv6 PD Accounting for Radius and Major ISP Using Mikrotik are waiting for One Feature.............

But Why should mikrotik care they dont care at all they just ignore everything and work for nothing................

Really Fed up
 
KrissXD
just joined
Posts: 1
Joined: Sat Oct 05, 2019 9:48 pm

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 8:58 pm

When can we expect SwOS 2.13 to be released?
 
irghost
Member Candidate
Member Candidate
Posts: 293
Joined: Sun Feb 21, 2016 1:49 pm

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 9:58 pm

I'm using the LHGG LTE6 device and after upgrading to 6.48.2 , I'm not able to access with winbox or web UI. I also tried ssh and telnet but no luck . Kindly help me out
Netinstall
 
User avatar
kehrlein
just joined
Posts: 18
Joined: Tue Jul 09, 2019 1:35 am
Location: Munich, Germany
Contact:

Re: v6.48.2 [stable] is released!

Thu Apr 15, 2021 11:08 pm

Updated several devices:
750GL, RB760iGS (HeX S), CRS326-24G-2S+, CRS112-8P-4S, CCR2004-1G-12S+2XS, CCR1009-7G-1C-1S+

Only one small issue occured until now:
Dynamic IPv6 Route (created via DHCPv6 Client) was broken. Disabling and re-enabling the DHCPv6 Client solved the problem.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Fri Apr 16, 2021 11:26 am

Can confirm that DoH only has memory leakage when verification of certificate is turned on.
Turn it off and memory usage stays flat.
.
doh_mem3.jpg
You do not have the required permissions to view the files attached to this post.
 
tenner
just joined
Posts: 3
Joined: Wed Jan 06, 2021 10:36 pm

Re: v6.48.2 [stable] is released!

Sat Apr 17, 2021 4:51 pm

I upgraded RB4011 several days ago and no issues, but my CRS112-8P-4S will not take the upgrade.

For CRS112-8P-4S, I have tried "download and install" and directly uploaded mipsbe package, but after reboot router still comes back up as 6.48.1 (the uploaded package disappears from file browser, so something does happen).

Any suggestions?
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 780
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v6.48.2 [stable] is released!

Sat Apr 17, 2021 5:28 pm

tenner, check the log
 
DarkNate
Member
Member
Posts: 329
Joined: Fri Jun 26, 2020 4:37 pm

Re: v6.48.2 [stable] is released!

Sat Apr 17, 2021 6:19 pm

I mean RouterOS is a routing OS, not a full-fledged DNS resolver solution. You could either offload that to a Pi or host it yourself on the cloud.
As long as its on the router, it should work, so fix or remove,
It's MikroTik...
 
mada3k
Member
Member
Posts: 388
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: v6.48.2 [stable] is released!

Sat Apr 17, 2021 8:18 pm

WebFig stopped working after update. Justs says "ERROR: Not Found" in red when trying to login. Strange...
 
didis81
just joined
Posts: 10
Joined: Mon Apr 06, 2015 1:29 am

Re: v6.48.2 [stable] is released!

Sat Apr 17, 2021 9:55 pm

I upgraded RB4011 several days ago and no issues, but my CRS112-8P-4S will not take the upgrade.

For CRS112-8P-4S, I have tried "download and install" and directly uploaded mipsbe package, but after reboot router still comes back up as 6.48.1 (the uploaded package disappears from file browser, so something does happen).

Any suggestions?
Maybe you have old setup on the folder files. Check and cleaned
 
mafiosa
Member Candidate
Member Candidate
Posts: 148
Joined: Fri Dec 09, 2016 8:10 pm

Re: v6.48.2 [stable] is released!

Sun Apr 18, 2021 1:41 pm

Facing issues with ospf. It keeps flapping.
 
m94646602
newbie
Posts: 44
Joined: Thu Oct 03, 2013 5:38 pm

Re: v6.48.2 [stable] is released!

Sun Apr 18, 2021 3:17 pm

viewtopic.php?f=2&t=116963&p=852470&hil ... ss#p852470

CAPsMAN still get DHCP offering lease without success !!!!
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2339
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.48.2 [stable] is released!

Sun Apr 18, 2021 10:00 pm

Is there fixed problem with MNDP protocol ?
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 171
Joined: Thu Nov 05, 2015 12:30 pm
Location: czech republic

Re: v6.48.2 [stable] is released!

Mon Apr 19, 2021 9:15 am

viewtopic.php?f=2&t=116963&p=852470&hil ... ss#p852470

CAPsMAN still get DHCP offering lease without success !!!!
checked on all of my CAPsMAN's and not a single one have such problem....
 
elbob2002
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: v6.48.2 [stable] is released!

Mon Apr 19, 2021 10:02 am

Facing issues with ospf. It keeps flapping.

Had the same. Either downgrade the router you updated to 6.48.2 to 6.48.1 or upgrade all the others to 6.48.2
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3933
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.48.2 [stable] is released!

Mon Apr 19, 2021 10:47 am

Please add on the next RouterOS the oid for psu1-voltage and psu2-voltage (like voltage .1.3.6.1.4.1.14988.1.1.3.8.0 on hEX PoE) for CRS318-16P-2S+, CRS112-8P-4S and other "two-psu" models, as these values are already visible on winbox but can not retrieved by SNMP.

"/sys healt print oid" on hEX PoE
.1.3.6.1.4.1.14988.1.1.3.8.0
iso.org.dod.internet.private.enterprises.mikrotik.mikrotikExperimentalModule.mtXRouterOs.mtxrHealth.mtxrHlVoltage.0

"/sys healt print oid" on the CRS318-16P-2S+ or CRS112-8P-4S
give nothing about voltage

.3.6.1.4.1.14988.1.1.3.100.1.3.7201 (iso.org.dod.internet.private.enterprises.mikrotik.mikrotikExperimentalModule.mtXRouterOs.mtxrHealth.100.1.3.7201)
.3.6.1.4.1.14988.1.1.3.100.1.3.7202 (iso.org.dod.internet.private.enterprises.mikrotik.mikrotikExperimentalModule.mtXRouterOs.mtxrHealth.100.1.3.7202)
are experimental an removed/renamed from future versions?

Thanks.
 
MTv
just joined
Posts: 6
Joined: Tue Oct 20, 2020 9:39 am
Location: RU
Contact:

Re: v6.48.2 [stable] is released!

Mon Apr 19, 2021 3:00 pm

Hey! On the device hEX (rb750gr3) there is a similar problem with the display of "system health" in winbox .. Also noticed that after the is rebooted, the information may appear or disappear. CF: 6.48.2.
Last edited by MTv on Mon Apr 19, 2021 4:58 pm, edited 1 time in total.
 
eddieb
Member Candidate
Member Candidate
Posts: 224
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: v6.48.2 [stable] is released!

Mon Apr 19, 2021 3:25 pm

On my rb750gr3 no problems with system health ... works fine in winbox
 
vitaly2016
newbie
Posts: 49
Joined: Wed Jan 20, 2016 9:26 am
Location: Ukraine

Re: v6.48.2 [stable] is released!

Mon Apr 19, 2021 4:33 pm

Please confirm that there is no port flapping issue with RB3011 after upgrade.
Have many Ethernet ports are used in your RB3011?
Have upgraded the following and no issues so far

RB 3011UiAS
For those with issues, we update both Packages and RouterBoard Firmware to same version

Find memory usage is a bit less on some units
 
mszru
newbie
Posts: 43
Joined: Wed Aug 10, 2016 10:42 am

Re: v6.48.2 [stable] is released!

Mon Apr 19, 2021 10:06 pm

Is there fixed problem with MNDP protocol ?
My Gigaset C610A IP successfully registered at 3 different SIP gateways after enabling MNDP in IP -> Neighbours.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2339
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.48.2 [stable] is released!

Mon Apr 19, 2021 10:09 pm

Is there fixed problem with MNDP protocol ?
My Gigaset C610A IP successfully registered at 3 different SIP gateways after enabling MNDP in IP -> Neighbours.
Thanks for info. But no info from Mikrotik in changelog
 
MrBZA
just joined
Posts: 4
Joined: Fri Jun 20, 2014 11:05 pm

Re: v6.48.2 [stable] is released!

Wed Apr 21, 2021 9:00 am

upgrade - improved "long-term" upgrade procedure on SMIPS devices
This appears to have solved the "not enough space for upgrade" on all 16mb SMIPS hAP lite devices I manage - thank you!
 
pe1chl
Forum Guru
Forum Guru
Posts: 7487
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.48.2 [stable] is released!

Wed Apr 21, 2021 12:31 pm

upgrade - improved "long-term" upgrade procedure on SMIPS devices
This appears to have solved the "not enough space for upgrade" on all 16mb SMIPS hAP lite devices I manage - thank you!
Probably it only means that "after you have installed 6.48.2 the procedure to upgrade to long-term version is improved".
You have to understand that on the SMIPS devices hAP mini and hAP lite the memory is very limited, both the RAM and the FLASH.
There are many midrange models with the same small amount of FLASH (16 MB) but then they have a lot of RAM (64-256 MB).
The new version is downloaded into RAM, then it is copied over to FLASH. There is enough space in RAM to do that.
But these two SMIPS models have only 32 MB RAM. So the method of using RAM for the temporary space for download cannot be used.
The solution is to reduce the size of the software, both the installed version and the new version. So in some cases it may happen that your only solution is to install a new version using netinstall, and then hope from then on the situation is rectified again.

Sometimes you can also fix it by reducing the number of installed packages. When you have the combined package installed, as standard when buying these devices :-( you can disable those packages that you do not need (e.g. MPLS, routing, hotspot) and then reboot, then upload the new 6.48.2 version of the individual packages that you need.
(system, wireless, advanced-tools, ppp, security)
Those take less space than the big combined package, and you may be successful in upgrading the device. The problem then will not come back for some time.

However, the best strategy is not to buy these SMIPS devices.
 
MrBZA
just joined
Posts: 4
Joined: Fri Jun 20, 2014 11:05 pm

Re: v6.48.2 [stable] is released!

Wed Apr 21, 2021 4:58 pm

Thank you for the explanation, the hardware is very limiting indeed!
I had used netinstall to force updates on some of the devices that I had physical access to, not possible for other devices that are far away.
Disabling packages from the combined package didn't seem to help with any of my devices.

The only other work-around was to install the individual packages required and not use the combined one. However, when trying to perform updates from The Dude, all those devices would display "some packages missing" (specific to the "wireless" package) and require manual updating.

Since 6.48.2, the combined package installed successfully on all my hAP lite's - will see when the next update needs to be installed!
 
pe1chl
Forum Guru
Forum Guru
Posts: 7487
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.48.2 [stable] is released!

Wed Apr 21, 2021 7:10 pm

Disabling packages from the combined package didn't seem to help with any of my devices.

The only other work-around was to install the individual packages required and not use the combined one.
That is right, disabling packages from the combined package is only the first step in my description, the next step is to upload individual packages from a higher version and reboot again. With luck (and depending on what you need) the individual packages will be small enough to fit, and then after the update you have even more free space as both your installed version and your next update will be smaller.
However I understand that again the combined package has been made smaller for SMIPS and it could be sufficient as well.

All I want to note is that these devices are on the tipping point of "not enough space" and it already has happened several times that issues occurred with normal updating because the size had expanded too much due to general development, and they had to fix that specificially for SMIPS devices with 16MB flash and 32MB RAM.
That is why I would recommend to avoid those devices, and go just one level up (MIPSBE devices or better).
 
r00t
Member
Member
Posts: 443
Joined: Tue Nov 28, 2017 2:14 am

Re: v6.48.2 [stable] is released!

Thu Apr 22, 2021 3:15 pm

One have to wonder... was it really worth it for Mikrotik to make SMIPS devices at all? It was probably attempt to push the cost even lower... but in the end it must have cost them a lot of time and effort. Hindsight is 20/20, but some of these cost cutting decisions (like 16MB flash chips) are and will be hurting MIkrotik for years...
 
pe1chl
Forum Guru
Forum Guru
Posts: 7487
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.48.2 [stable] is released!

Thu Apr 22, 2021 3:34 pm

For 16MB Flash there appear to be other reasons besides just saving money on Flash chips (larger than 16MB requires a different interface to the central processor which means that certain chips cannot be used or some other feature of the chip becomes unavailable due to pins used for the large Flash interface).
However for SMIPS devices the extra factor of very little RAM is added to the mix, so the update procedure for other 16MB Flash devices (via RAMDISK) cannot be used either.

Apparently there is a market for $20 WiFi routers and they do not want to miss out on it... on the other hand they don't mind missing out on the $200 WiFi CAP market with Wave2 or Wave3 MU-MIMO.
 
r00t
Member
Member
Posts: 443
Joined: Tue Nov 28, 2017 2:14 am

Re: v6.48.2 [stable] is released!

Thu Apr 22, 2021 6:38 pm

Apparently there is a market for $20 WiFi routers and they do not want to miss out on it... on the other hand they don't mind missing out on the $200 WiFi CAP market with Wave2 or Wave3 MU-MIMO.
There is market for cheap APs, but it's completely flooded by Chinese re-sellers and OEMs. Also it's quite unbelievable that you can get dual band AC router for $25, with 256MB of ram and 128MB of flash.... or Mikrotik box with SMIPS and limited single band radio. Profit margin in this price bracket must be almost zero. Only reason to buy Mikrotik device is for Winbox management and API compatibility.I think most of these Mikrotik SMIPS devices are bought by WISPs so they have cheapest possible AP for lowest tier service plans...
 
pe1chl
Forum Guru
Forum Guru
Posts: 7487
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.48.2 [stable] is released!

Thu Apr 22, 2021 7:54 pm

I think most of these Mikrotik SMIPS devices are bought by WISPs so they have cheapest possible AP for lowest tier service plans...
That could be, but I wonder how much money they save in the end when it turns out the devices are difficult/impossible to update and they have to send an engineer...
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Thu Apr 22, 2021 10:06 pm

Follow up on memory leakage on 6.48.2 using DoH (and all other RouterOS that supports DoH).
This is measured over 9 days with and without verify DoH turned on/off.
Graph shows percent memory used.
.
doh_mem4.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
eworm
Forum Veteran
Forum Veteran
Posts: 792
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.48.2 [stable] is released!

Thu Apr 22, 2021 10:24 pm

At the end the graph jumps down. Is that just disabling verification or a reboot? So would a scheduled disable and enable work around the issue?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Thu Apr 22, 2021 11:24 pm

I did disable certificate verification and it did go down by itself. No reboot.
At every color change, I did change settings.
 
Kindis
Member
Member
Posts: 375
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: v6.48.2 [stable] is released!

Fri Apr 23, 2021 9:30 am

At the end the graph jumps down. Is that just disabling verification or a reboot? So would a scheduled disable and enable work around the issue?
When I read stuff like this I get a little mad with myself. Why oooo why did I not think of this! I will implement this on the main resolver at once.
 
ofer
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Wed May 23, 2018 11:45 am

Re: v6.48.2 [stable] is released!

Fri Apr 23, 2021 10:53 am

Upgraded 3xHapAC units 6.48.1 > 6.48.2 - No issues so far

Thanks!
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Fri Apr 23, 2021 11:39 am

When I read stuff like this I get a little mad with myself. Why oooo why did I not think of this! I will implement this on the main resolver at once.
That will just be like pee in the pants to get worm. Short term solution. You do not know what other stuff may go wrong due to the memory leakage.
I do see a new 6.49 beta today, but no mention about DoH memory fix :(
viewtopic.php?p=854439#p854439
 
Kindis
Member
Member
Posts: 375
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: v6.48.2 [stable] is released!

Fri Apr 23, 2021 1:18 pm

When I read stuff like this I get a little mad with myself. Why oooo why did I not think of this! I will implement this on the main resolver at once.
That will just be like pee in the pants to get worm. Short term solution. You do not know what other stuff may go wrong due to the memory leakage.
I do see a new 6.49 beta today, but no mention about DoH memory fix :(
viewtopic.php?p=854439#p854439
Well I sort of agree. I would call it a workaround.
If you want total assurance that the response are not manipulated this is needed. So for that this is a great workaround.
If you can kickstart this from the monitoring solution it is even better.

Have you added a ticket to MT?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Fri Apr 23, 2021 1:42 pm

Yes:

SUP-47171
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3933
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.48.2 [stable] is released!

Fri Apr 23, 2021 4:50 pm

Someone please chech this bug if also on 6.48.2:
viewtopic.php?f=2&t=174719
 
eddieb
Member Candidate
Member Candidate
Posts: 224
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: v6.48.2 [stable] is released!

Fri Apr 23, 2021 5:03 pm

No, no problems here, on all my devices the security package is enabled
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3933
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.48.2 [stable] is released!

Fri Apr 23, 2021 6:12 pm

No, no problems here, on all my devices the security package is enabled
Thanks, but II think you have not understand the problem:
you have try to downgrade/upgrade 6.48.2 with "security" package ON PURPOSE disabled? (or in SMIPS not installed?)
Last edited by rextended on Fri Apr 23, 2021 6:13 pm, edited 1 time in total.
 
eddieb
Member Candidate
Member Candidate
Posts: 224
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: v6.48.2 [stable] is released!

Fri Apr 23, 2021 6:13 pm

No, no problems here, on all my devices the security package is enabled
Thanks, but II think you have not understand the problem:
you have try to downgrade/upgrade 6.48.2 with security ON PURPOSE disabled?
why should I ? Everything is running fine, no need to do such a thing.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3933
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.48.2 [stable] is released!

Fri Apr 23, 2021 6:15 pm

No, no problems here, on all my devices the security package is enabled
Thanks, but II think you have not understand the problem:
you have try to downgrade/upgrade 6.48.2 with security ON PURPOSE disabled?
why should I ? Everything is running fine, no need to do such a thing.

mah...

Your reply is like: Someone post a bug for ipsec, and another one reply "I have no problem, i do not use ipsec".
 
Xgemone
just joined
Posts: 1
Joined: Fri Apr 23, 2021 8:43 pm

Re: v6.48.2 [stable] is released!

Fri Apr 23, 2021 8:54 pm

Thank you!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3933
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.48.2 [stable] is released!

Fri Apr 23, 2021 8:58 pm

Thank you!
for who?, for what?

please
 
Dude2048
Member Candidate
Member Candidate
Posts: 140
Joined: Thu Sep 01, 2016 4:04 pm

Re: v6.48.2 [stable] is released!

Fri Apr 23, 2021 10:32 pm

Thank you!
for who?, for what?

please
Dude, stay on the subject of this forum, open a post of your own and stop cross posting.
 
epedersen
just joined
Posts: 5
Joined: Mon Feb 08, 2021 8:58 pm

Re: v6.48.2 [stable] is released!

Sat Apr 24, 2021 9:36 am

Hello,

I have a RBD53GR-5HacD2HnD router, in general everything is working normal after the upgrade but I noted that my script that automatically generate a daily backup stopped working, after doing some test trying to fix the script I found that prior to v6.48.2 my script only needed the following policies:
ftp, read, policy, sensitive, test
After the upgrade I also needed to add write to the policies.
Any idea?, the script below (please look at the policies needed in the comments):
# Policies needed:  ftp, read, policy, sensitive, test
# Policies NOT needed:  password, reboot, write, sniff, romon
:log info "Starting daily backup";
/system backup save name=backup_diario
:delay 00:00:02
/system package print file Router_Version.txt
:delay 00:00:02
/export file backup_diario
:delay 00:00:05
/tool e-mail send file=backup_diario.rsc,Router_Version.txt,backup_diario.backup to="MY-EMAIL" body="Backup diario adjunto." \
   subject="Backup diario: --> cliente:$[/system identity get name] --> fecha:$[/system clock get date] --> hora:$[/system clock get time]"
:log info "Daily backup script completed"
 
onnoossendrijver
Member
Member
Posts: 447
Joined: Mon Jul 14, 2008 11:10 am
Location: The Netherlands

Re: v6.48.2 [stable] is released!

Sat Apr 24, 2021 12:34 pm

After the upgrade I also needed to add write to the policies.
Any idea?
Did you read the changelog?
*) console - require "write+ftp" permissions for exporting configuration to file;
 
epedersen
just joined
Posts: 5
Joined: Mon Feb 08, 2021 8:58 pm

Re: v6.48.2 [stable] is released!

Sun Apr 25, 2021 10:13 am

After the upgrade I also needed to add write to the policies.
Any idea?
Did you read the changelog?
*) console - require "write+ftp" permissions for exporting configuration to file;
Not really, lesson learned for next time. Thanks for the help!
 
kelner
just joined
Posts: 8
Joined: Fri Sep 28, 2018 2:10 pm

Re: v6.48.2 [stable] is released!

Mon Apr 26, 2021 12:23 am

When exporting "/ip ipsec policy" the clause "sa-src-address=0.0.0.0" transforms to "sa-src-address=<current IP address>"

Probably it may lead to problems with reusing of saved config.
 
Kindis
Member
Member
Posts: 375
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: v6.48.2 [stable] is released!

Mon Apr 26, 2021 3:01 pm

Yes:

SUP-47171
That is great!
I did however activate DoH certificate verification on my 4011 (main resolver) and interestingly I do not have the same issue. So I have been running with this enabled a few days and I do not have the same trend your routers display. I followed the guide of NextDNS and it has been smooth so far.
/tool fetch url=https://curl.se/ca/cacert.pem
/certificate import file-name=cacert.pem
/ip dns set servers=
/ip dns static add name=dns.nextdns.io address=xx.xx.xx.xx type=A
/ip dns static add name=dns.nextdns.io address=xx.xx.xx.xx type=A
/ip dns static add name=dns.nextdns.io address=yyyy:yyyy:: type=AAAA
/ip dns static add name=dns.nextdns.io address=yyyy:yyyy:: type=AAAA
/ip dns set use-doh-server=“https://dns.nextdns.io/"config"” verify-doh-cert=yes
I wonder if this is different depending on DoH resolver you use and how you verify the cert.
You do not have the required permissions to view the files attached to this post.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Mon Apr 26, 2021 3:30 pm

Interesting, changed to next dns (downloaded cert and enabled verification)
New
https://45.90.28.0/dns-query
Old
https://1.1.1.1/dns-query

Will in some hour see if memory goes up.
 
Kindis
Member
Member
Posts: 375
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: v6.48.2 [stable] is released!

Mon Apr 26, 2021 4:00 pm

Interesting, changed to next dns (downloaded cert and enabled verification)
New
https://45.90.28.0/dns-query
Old
https://1.1.1.1/dns-query

Will in some hour see if memory goes up.
So here is a difference and now my perhaps poor skills of DoH will popup.
But if you use the IP in the HTTPS how can the cert be verified? I mean it should not work.
If I go to dns.nextdns.io I can see that the cert contains the following:
DNS Name=*.dns.nextdns.io
DNS Name=*.dns1.nextdns.io
DNS Name=*.dns2.nextdns.io
DNS Name=*.edge.nextdns.io
DNS Name=*.test.nextdns.io
DNS Name=dns.nextdns.io
DNS Name=dns1.nextdns.io
DNS Name=dns2.nextdns.io
DNS Name=nextdns.io
DNS Name=ns1.nextdns.io
DNS Name=ns2.nextdns.io
DNS Name=test.nextdns.io
So if you have the IP in the https config then the cert cannot be valid as that name is not part of the cert.
If that works now should that not mean that ROS only verifies that it trust the cert and not the name?
Or I need more coffee and do not understand how DoH works :-)
 
User avatar
eworm
Forum Veteran
Forum Veteran
Posts: 792
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.48.2 [stable] is released!

Mon Apr 26, 2021 4:42 pm

You are right, verification for 45.90.28.0 should fail...
Are you sure DoH is used at all in this case?

It does work for 1.1.1.1 as the ip address is listed in certificate's Subject Alternative Name.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3933
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.48.2 [stable] is released!

Mon Apr 26, 2021 5:26 pm

Anotehr separate Topic for DoH, not?
 
megdabud78
Posts: 0
Joined: Tue Apr 27, 2021 2:38 pm

Re: v6.48.2 [stable] is released!

Tue Apr 27, 2021 2:56 pm

Salve io ho un mikrotik haplite

ho un problema di configurazione per piacere aiutatemi

router internet 192.168.80.1 - 255.255.248.0 collegato su switch 1 -- > cavo dallo switch collegato sulla wan del router mikrotik
sulla lan 4 collego un pc con classe 192.168.90.15 - 255.255.248.0


imposto il router con le seguenti modalità
address acquisition come da foto mikrotik 1

server interno 192.168.90.6 - 255.255.248.0 collegato su switch 1 -- > cavo dallo switch collegato sulla wan del router mikrotik

faccio un ping su 192.168.90.15 dal server 192.168.90.6 e non vedo il pc e viceversa.
per piacere aiutatemi

il mio obbiettivo è che il server veda il pc 192.168.90.15 e vicerversa.

grazie mille per l'aiuto
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3933
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.48.2 [stable] is released!

Tue Apr 27, 2021 5:40 pm

Salve io ho un mikrotik haplite

ho un problema di configurazione per piacere aiutatemi

router internet 192.168.80.1 - 255.255.248.0 collegato su switch 1 -- > cavo dallo switch collegato sulla wan del router mikrotik
sulla lan 4 collego un pc con classe 192.168.90.15 - 255.255.248.0


imposto il router con le seguenti modalità
address acquisition come da foto mikrotik 1

server interno 192.168.90.6 - 255.255.248.0 collegato su switch 1 -- > cavo dallo switch collegato sulla wan del router mikrotik

faccio un ping su 192.168.90.15 dal server 192.168.90.6 e non vedo il pc e viceversa.
per piacere aiutatemi

il mio obbiettivo è che il server veda il pc 192.168.90.15 e vicerversa.

grazie mille per l'aiuto

Buonasera,
non per niente, ma non ti sei accorto che hai scritto in Italiano?
E questa discussione non è per l'aiuto nella configurazione ma per la segnalazine di bug e problemi nella versione in oggetto.
Sei pregato gentilmente di aprire un tuo topic e scrivere in Inglese.
Grazie.
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 171
Joined: Thu Nov 05, 2015 12:30 pm
Location: czech republic

Re: v6.48.2 [stable] is released!

Wed Apr 28, 2021 11:14 am

english please, this forum use whole world, it is little bit selfish to use just "your" language, if it will be done by everybody, forum become useless after some time...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3933
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.48.2 [stable] is released!

Wed Apr 28, 2021 11:35 am

english please, this forum use whole world, it is little bit selfish to use just "your" language, if it will be done by everybody, forum become useless after some time...


Buonasera,
non per niente, ma non ti sei accorto che hai scritto in Italiano?
E questa discussione non è per l'aiuto nella configurazione ma per la segnalazine di bug e problemi nella versione in oggetto.
Sei pregato gentilmente di aprire un tuo topic e scrivere in Inglese.
Grazie.

=>

Good evening,
[not for nothing], but didn't you notice that you wrote in Italian?
And this thread is not for configuration help but for reporting bugs and issues in the version indicated.
You are kindly requested to open your topic and write in English.
Thank you.
 
irghost
Member Candidate
Member Candidate
Posts: 293
Joined: Sun Feb 21, 2016 1:49 pm

Re: v6.48.2 [stable] is released!

Thu Apr 29, 2021 1:03 am

RB750Gr3 v6.48.2
System/Health does not show any info if the Router did not(Power Lost) shutdown properly
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Thu Apr 29, 2021 8:06 am

Try some extra reboot.
 
User avatar
danunjaya123
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Thu Oct 03, 2019 7:36 am
Location: India

Re: v6.48.2 [stable] is released!

Thu Apr 29, 2021 3:31 pm

My mikrotik is auto rebooting everyday after this update done.
 
levicki
just joined
Posts: 21
Joined: Mon Apr 30, 2018 12:22 pm
Location: Belgrade, Serbia
Contact:

Re: v6.48.2 [stable] is released!

Fri Apr 30, 2021 4:50 pm

I think I found a bug.

The imported certificate's Days Valid field is displaying wrong value -- it is showing 6090 days for a certificate which has 36524 days validity (100 years).

The reason for this seems to be the date handling in the OS caused by using 32-bit Unix time_t structure (a.k.a. the Year 2038 Problem) -- the Invalid After field for the certificate in question is showing Jan/01/2038 12:47:58 when it should be showing Apr/30/2121 12:47:58.

The easiest solution is to upgrade to Linux kernel 5.6 and glibc-2.32 or higher where 32-bit apps can use 64-bit time_t just by recompiling. Additional details about full userspace support for 64-bit time_t and other ways of handling this if you are using syscalls directly are available here.
 
pe1chl
Forum Guru
Forum Guru
Posts: 7487
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.48.2 [stable] is released!

Fri Apr 30, 2021 5:56 pm

They will probably fix that before 2038! Should be nothing to worry about, especially as it has been nicely truncated instead of doing some random wrap to a date that could be nearby or in the past...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3933
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.48.2 [stable] is released!

Fri Apr 30, 2021 6:05 pm

The easiest solution is to upgrade to Linux kernel 5.6 and glibc-2.32 or higher where 32-bit apps can use 64-bit time_t just by recompiling. Additional details about full userspace support for 64-bit time_t and other ways of handling this if you are using syscalls directly are available .
What's the problem, on 5 min can be done...


Exceptional...

Another one...
 
pe1chl
Forum Guru
Forum Guru
Posts: 7487
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.48.2 [stable] is released!

Fri Apr 30, 2021 6:34 pm

The easiest solution is to upgrade to Linux kernel 5.6 and glibc-2.32 or higher where 32-bit apps can use 64-bit time_t just by recompiling. Additional details about full userspace support for 64-bit time_t and other ways of handling this if you are using syscalls directly are available .
What's the problem, on 5 min can be done...
The problem is that they patched the kernel to death to include all kinds of MikroTik-unique features and now it is not possible to "simply upgrade the kernel".
A new kernel = a new major version, in this case RouerOS v7. And we are already waiting for (way) more than 5 years for it to be released so 5 minutes is "a bit too optimistic".
 
JanezFord
Member Candidate
Member Candidate
Posts: 268
Joined: Wed May 23, 2012 10:58 am

Re: v6.48.2 [stable] is released!

Mon May 03, 2021 1:49 pm

Upgraded one CRS125-24G-1S-RM switch from 6.47.4 to 6.48.2 today and sudenly OSPF stopped working on connected computers (linux quagga, ubuntu vm's). Booting back to 6.47.4 from backup partition on this switch resolved all issues instantly. OSPF on CRS125-24G-1S-RM is not configured at all. CRS125 role is a basic switch with a few vlans only, no routing or firewalling whatsoever. Main router is CCR1009-8G-1S-1S+ running 6.48.1.
I also had a similar issue with 6.48.1 on 1100AH4 on different network a few weeks ago. Could not get ospfd working on linux boxes at all, eventually gave up and wrote static routes for networks I needed to get to (ospfd worked fine on ipip and gre tunnels for some reason, just not on ethernet interfaces). Seems to me now like there is something broken with OSPF in 6.48.x at least on some of the mikrotik hardware.

JF.
 
sjoukes
just joined
Posts: 9
Joined: Wed Nov 01, 2017 5:44 pm

Re: v6.48.2 [stable] is released!

Thu May 06, 2021 12:05 pm

RB3011UiAS - Portflapping
We just had a case of portflapping with 6.48.2 on a RB3011.
There is no indication why it happend and its seems (not 100% sure) that the switch had trouble processing traffic before that since we received a message a few seconds before the port went down that a connection was lost with an onsite NVR.

There is only a few Mbit/s of traffic on those ports.
2021-05-06 - RB3011 Portflapping.PNG
You do not have the required permissions to view the files attached to this post.
 
Kazek
newbie
Posts: 35
Joined: Mon Feb 12, 2018 12:53 pm

Re: v6.48.2 [stable] is released!

Thu May 06, 2021 3:25 pm

Has anything changed in this release with handling of CapsMan?
I have a rule
add action=accept chain=input dst-port=5246,5247 protocol=udp
which since 6.48.2 has zero packets processed.
On 6.48.1 it was still working.

CapsMan still works BTW
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 780
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v6.48.2 [stable] is released!

Thu May 06, 2021 3:48 pm

RB3011UiAS - Portflapping
We just had a case of portflapping with 6.48.2 on a RB3011.

I reported a case of port flapping on rb3011 6.48.1 earlier and got response:

Please apply this command to prevent lockups between RB3011 switch chips and CPU:

/interface ethernet switch set switch1,switch2 cpu-flow-control=no

It should prevent port resetting due to long packet delays to the CPU.
 
nostromog
Member Candidate
Member Candidate
Posts: 223
Joined: Wed Jul 18, 2018 3:39 pm

Re: v6.48.2 [stable] is released!

Thu May 06, 2021 3:59 pm

The easiest solution is to upgrade to Linux kernel 5.6 and glibc-2.32 or higher where 32-bit apps can use 64-bit time_t just by recompiling. Additional details about full userspace support for 64-bit time_t and other ways of handling this if you are using syscalls directly are available .
What's the problem, on 5 min can be done...
The problem is that they patched the kernel to death to include all kinds of MikroTik-unique features and now it is not possible to "simply upgrade the kernel".
A new kernel = a new major version, in this case RouerOS v7. And we are already waiting for (way) more than 5 years for it to be released so 5 minutes is "a bit too optimistic".
Well, if they used the proper open source techniques, with some "vendor" trees (the long term support ones probably) and a number of branches with the different mikrotik device support or features, rebasing those changes to the next stable is not that much work. I agree that it is more than "5 minutes can be done", but it should be part of the workflow. Someone should keep rebasing onto the minor upgrades of 5.4, and have internal testing releases with the latest long term (5.10 now) to ensure that Mikrotik changes remain compatible with upstream and functional.

But I agree that the priority now should be to have a really stable RouterOS v7.
 
pe1chl
Forum Guru
Forum Guru
Posts: 7487
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.48.2 [stable] is released!

Thu May 06, 2021 4:08 pm

The issue is likely that they made many patches that are not "to support some hardware" but to introduce specific features.
What we see now in v7 is that things that were enabled by kernel patch do not yet work or came only in later betas (apparently someone migrated the patch).
And some of these features now introduce instability in the system (apparently assumptions in the original patch are no longer true in later kernel versions, and patch has to be reworked).

Of course it would have been best when originally applied patches were submitted and accepted in the kernel, but I can fully understand that after trying to jump through those hoops and still getting the patch rejected, the company policy changes to not submitting patches to upstream anymore!
I once tried to submit a very trivial patch via the maintainer of the subsystem and I also gave up after some cycles of "please change this, please submit that document" etc...
 
lvader
just joined
Posts: 3
Joined: Tue Mar 27, 2018 8:10 pm

Re: v6.48.2 [stable] is released!

Sat May 08, 2021 4:18 pm

webfig - show "Interfaces" menu by default after logging in;
for me this became broken recently on one of devices (hap ac), and not solved with 6.48.2: when logged in to webfig, it shows "quickset". Is there way to disable quickset alltogether?
 
Note
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Jun 03, 2016 12:39 pm

Re: v6.48.2 [stable] is released!

Thu May 13, 2021 1:06 pm

Port forwarding stop working. Downgrading to 6.47.8 all works fine.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Thu May 13, 2021 4:51 pm

Port forwarding stop working. Downgrading to 6.47.8 all works fine.
This has to be a config error at you site. It works fine.
Post you config.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3933
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.48.2 [stable] is released!

Thu May 13, 2021 6:08 pm

Port forwarding stop working. Downgrading to 6.47.8 all works fine.
This has to be a config error at you site. It works fine.
Post you config.
+1
 
Note
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Jun 03, 2016 12:39 pm

Re: v6.48.2 [stable] is released!

Thu May 13, 2021 7:02 pm

Port forwarding stop working. Downgrading to 6.47.8 all works fine.
This has to be a config error at you site. It works fine.
Post you config.


I run flawless years now with the same config............... and now works only the "hamachi desktop" rule when i set it to enable to that specific pc. The hamachi_Lapi which is the same for other pc and torrents do not work, when i enable it and disable the previous one. Counters show 0. On 6.47.9 i do not have that issue. I didnt change anything to my setup.....


/ip firewall nat
add action=masquerade chain=srcnat comment="Access modem" out-interface-list=WAN

add action=dst-nat chain=dstnat comment="Allow Torrent" dst-port=61132 in-interface-list=WAN protocol=tcp to-addresses=10.157.138.101 to-ports=61132
add action=dst-nat chain=dstnat dst-port=61132 in-interface-list=WAN protocol=udp to-addresses=10.157.138.101 to-ports=61132

add action=dst-nat chain=dstnat comment=Hamachi_Desktop disabled=yes dst-port=1320 in-interface-list=WAN protocol=tcp to-addresses=10.157.138.100 to-ports=1320
add action=dst-nat chain=dstnat disabled=yes dst-port=1320 in-interface-list=WAN protocol=udp to-addresses=10.157.138.100 to-ports=1320

add action=dst-nat chain=dstnat comment=Hamachi_Lapi dst-port=1320 in-interface-list=WAN protocol=tcp to-addresses=10.157.138.101 to-ports=1320
add action=dst-nat chain=dstnat dst-port=1320 in-interface-list=WAN protocol=udp to-addresses=10.157.138.101 to-ports=1320
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Thu May 13, 2021 7:22 pm

This is just part of the config and it looks ok. To see what the problem is we need the rest.
Post output of /export hide-sensitive and use code tags </>

If it was broken, you would have seen hundreds of post complaining about it's not working.

For Torrent, you can do a test using UPnP instead of manual configuration.

PS to-ports is not needed when its the same as dest-port
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 120
Joined: Wed Aug 09, 2017 1:15 pm

Re: v6.48.2 [stable] is released!

Fri May 14, 2021 12:37 am

and why do you use in-interface-list; do you have multiple wan connections? are the correct interfaces added to that list? Do you have mangle rules that make sure packets leave on the same interface they came in?
 
Note
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Jun 03, 2016 12:39 pm

Re: v6.48.2 [stable] is released!

Fri May 14, 2021 10:08 am

So here it is then................ and i saw in first posts someone else also who wrote that PF is not working, if im not wrong.













/interface bridge
add name=Bridge
add disabled=yes name=Bridge_Guest
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1598 name=WAN1
set [ find default-name=ether3 ] l2mtu=4064 mtu=4064 name=WAN2
set [ find default-name=ether2 ] l2mtu=4064 mtu=4064 name=ether2_LAN
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=sfp1 ] disabled=yes
/interface list
add name=LAN
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" \
mode=dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=Xoleritsa supplicant-identity=""
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=Guest supplicant-identity=""
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=\
Mikrotik supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n country=\
no_country_set default-forwarding=no disabled=no distance=indoors \
frequency-mode=manual-txpower installation=indoor keepalive-frames=\
disabled max-station-count=80 mode=ap-bridge multicast-buffering=\
disabled multicast-helper=disabled name=wlan1_Mikrotik \
nv2-downlink-ratio=80 security-profile=Mikrotik ssid=MikroTik \
tx-power=20 tx-power-mode=all-rates-fixed wireless-protocol=802.11 \
wps-mode=disabled
add keepalive-frames=disabled mac-address=CE:2D:E0:8F:68:AE \
master-interface=wlan1_Mikrotik max-station-count=40 \
multicast-buffering=disabled name=Guest security-profile=Guest ssid=\
Guest wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip pool
add name=DHCP_Local_pool ranges=10.157.138.100-10.157.138.200
add name=DHCP_Guest_pool ranges=10.10.20.200-10.10.20.220
/ip dhcp-server
add address-pool=DHCP_Local_pool disabled=no interface=Bridge lease-time=\
4w2d name=DHCP_Local
add address-pool=DHCP_Guest_pool interface=Bridge_Guest lease-time=1d \
name=DHCP_Guest
/ipv6 dhcp-server
add address-pool=ipv6-pool disabled=yes interface=Bridge name=server1
/ipv6 pool
add name=ipv6-pool-WAN1 prefix=2a02:85f:2e01:6400::/56 prefix-length=56
add name=pool1 prefix=2a02:85f::/56 prefix-length=64
/queue type
add kind=sfq name=sfq-default sfq-perturb=10
/queue simple
add bucket-size=0/0 disabled=yes max-limit=256k/6M name=Limit_Others \
queue=sfq-default/sfq-default target="10.157.138.103/32,10.157.138.104\
/32,10.157.138.105/32,10.157.138.106/32,10.157.138.107/32,10.157.138.1\
08/32,10.157.138.109/32,10.157.138.110/32,10.157.138.111/32,10.157.138\
.112/32,10.157.138.113/32,10.157.138.114/32,10.157.138.115/32,10.157.1\
38.116/32,10.157.138.117/32,10.157.138.118/32,10.157.138.119/32,10.157\
.138.120/32" total-queue=sfq-default
add bucket-size=0/0 disabled=yes max-limit=256k/5M name=Limit_HTPC queue=\
sfq-default/sfq-default target=10.157.138.102/32 total-queue=\
sfq-default
add bucket-size=0/0 disabled=yes max-limit=192k/6M name=Guest_Limit \
queue=sfq-default/sfq-default target=10.10.20.0/24 total-queue=\
sfq-default
add bucket-size=0/0 disabled=yes dst=WAN1 max-limit=512k/12M name=\
WAN1_Limit queue=sfq-default/sfq-default target=10.157.138.0/24 \
total-queue=sfq-default
add bucket-size=0/0 disabled=yes dst=WAN2 max-limit=512k/12M name=\
WAN2_Limit queue=sfq-default/sfq-default target=10.157.138.0/24 \
total-queue=sfq-default
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
set 0 memory-lines=50
set 1 disk-lines-per-file=100
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox\
,password,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=Bridge interface=wlan1_Mikrotik
add bridge=Bridge interface=ether2_LAN
add bridge=Bridge_Guest interface=Guest
/interface bridge settings
set use-ip-firewall=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set tcp-syncookies=yes
/ipv6 settings
set accept-router-advertisements=yes
/interface detect-internet
set detect-interface-list=WAN internet-interface-list=WAN \
wan-interface-list=WAN
/interface list member
add interface=Bridge list=LAN
add interface=WAN1 list=WAN
add interface=WAN2 list=WAN
add interface=Bridge_Guest list=LAN
/ip address
add address=10.157.138.1/24 interface=Bridge network=10.157.138.0
add address=192.168.0.2/24 interface=WAN1 network=192.168.0.0
add address=10.10.20.1/24 disabled=yes interface=Bridge_Guest network=\
10.10.20.0
add address=192.168.2.3/24 interface=WAN2 network=192.168.2.0
/ip dhcp-server config
set store-leases-disk=2h
/ip dhcp-server lease
add address=10.157.138.100 client-id=1:0:11:6b:c2:4:1 mac-address=\
00:11:6B:C2:04:01 server=DHCP_Local
add address=10.157.138.101 client-id=1:d0:37:45:6a:43:e2 mac-address=\
D0:37:45:6A:43:E2 server=DHCP_Local
add address=10.157.138.102 client-id=1:d0:37:45:e4:ef:26 mac-address=\
D0:37:45:E4:EF:26 server=DHCP_Local
/ip dhcp-server network
add address=10.10.20.0/24 dns-server=10.157.138.1 gateway=10.10.20.1
add address=10.157.138.0/24 dns-server=10.157.138.1 gateway=10.157.138.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d max-concurrent-queries=200 \
max-concurrent-tcp-sessions=50 servers=1.1.1.1,1.0.0.1 \
use-doh-server=https://cloudflare-dns.com/dns-query verify-doh-cert=\
yes
/ip dns static
add address=104.16.248.249 regexp=cloudflare-dns
add address=104.16.249.249 regexp=cloudflare-dns
/ip firewall address-list
add address=91.121.222.150 list=Zlo_Games
add address=51.68.50.232 list=Zlo_Games
add address=87.98.168.112 list=Zlo_Games
/ip firewall filter
add action=accept chain=input comment="Accept ICMP after RAW" protocol=\
icmp
add action=accept chain=input comment="Accept Input Established Related" \
connection-state=established,related
add action=drop chain=input comment="Drop Invalid connections" \
connection-state=invalid
add action=accept chain=input comment="Allow all input from LAN" \
in-interface-list=LAN
add action=drop chain=input comment="Drop everything else Input"
add action=accept chain=forward comment=\
"Accept forward Established Related" connection-state=\
established,related
add action=drop chain=forward comment="Drop Invalid connections" \
connection-state=invalid
add action=accept chain=forward comment="Allow all forward from LAN" \
in-interface-list=LAN
add action=drop chain=forward comment=\
"Drop everything else Forward____!DST_NAT" connection-nat-state=\
!dstnat
/ip firewall mangle
add action=mark-routing chain=prerouting comment=_______HTPC_to_WAN1 \
disabled=yes new-routing-mark=to_WAN2 passthrough=no port=443 \
protocol=tcp src-address=10.157.138.102
add action=mark-routing chain=prerouting comment=\
"_______HTTP-S_Routing mark" disabled=yes new-routing-mark=to_WAN1 \
passthrough=no port=80,443 protocol=tcp src-address=10.157.138.0/24
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
to_WAN1 passthrough=no port=80,443 protocol=udp src-address=\
10.157.138.0/24
add action=mark-routing chain=prerouting comment=_______Guests_to_WAN2 \
disabled=yes new-routing-mark=to_WAN2 passthrough=no src-address=\
10.10.20.0/24
add action=mark-routing chain=prerouting comment=_______Music_to_WAN2 \
new-routing-mark=to_WAN2 passthrough=no port=7062 protocol=tcp \
src-address=10.157.138.0/24
add action=mark-routing chain=prerouting comment=\
_______Remotes&Games_to_WAN1 new-routing-mark=to_WAN1 passthrough=no \
port=1320,17771,5000-5500,7985 protocol=udp src-address=\
10.157.138.0/24
add action=mark-routing chain=prerouting dst-port="" new-routing-mark=\
to_WAN1 passthrough=no port=1320,12975,32976,4899,5938,48377 \
protocol=tcp src-address=10.157.138.0/24
add action=mark-routing chain=prerouting comment=_______ZLO_to_WAN1 \
dst-address-list=Zlo_Games new-routing-mark=to_WAN1 passthrough=no \
src-address=10.157.138.100/31
add action=mark-routing chain=prerouting comment=\
"_______Torrents_to_WAN1 or WAN2" disabled=yes new-routing-mark=\
to_WAN2 passthrough=no port=8999-65535 protocol=tcp src-address=\
10.157.138.100/31
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=\
to_WAN2 passthrough=no port=8999-65535 protocol=udp src-address=\
10.157.138.100/31
add action=mark-connection chain=input comment=\
_______Load_Balance_Mark_IN-OUT in-interface=WAN1 \
new-connection-mark=WAN1_conn passthrough=no
add action=mark-connection chain=input in-interface=WAN2 \
new-connection-mark=WAN2_conn passthrough=no
add action=mark-routing chain=output connection-mark=WAN1_conn \
new-routing-mark=to_WAN1 passthrough=no
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2 passthrough=no
add action=accept chain=prerouting comment=\
_______Load_Balance_Accept_All_WANS dst-address=192.168.0.0/24 \
in-interface=Bridge
add action=accept chain=prerouting dst-address=192.168.2.0/24 \
in-interface=Bridge
add action=mark-connection chain=prerouting comment=\
"_______Load_Balance_Divider&Routing mark" dst-address-type=!local \
in-interface=Bridge new-connection-mark=WAN1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=Bridge new-connection-mark=WAN2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
in-interface=Bridge new-routing-mark=to_WAN1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
in-interface=Bridge new-routing-mark=to_WAN2 passthrough=no
add action=change-dscp chain=prerouting comment=_______DSCP_56_ICMP \
new-dscp=56 passthrough=no protocol=icmp
add action=change-dscp chain=postrouting comment=_______DSCP_56_ICMP \
new-dscp=56 passthrough=no protocol=icmp
add action=change-dscp chain=prerouting comment=\
_______DSCP_56_DNS-REMOTES-GAMES new-dscp=56 passthrough=no port=\
53,1320,17771,5000-5500,4899,5938,12975,32976,48377 protocol=udp
add action=change-dscp chain=postrouting comment=\
_______DSCP_56_DNS-REMOTES-GAMES new-dscp=56 passthrough=no port=\
53,1320,17771,5000-5500,4899,5938,12975,32976,48377 protocol=udp
add action=change-dscp chain=prerouting comment=\
_______DSCP_48_HTTP-S_SMALL connection-bytes=0-500000 new-dscp=48 \
passthrough=no port=80,443,8080,7062 protocol=tcp
add action=change-dscp chain=postrouting comment=\
_______DSCP_48_HTTP-S_SMALL connection-bytes=0-500000 new-dscp=48 \
passthrough=no port=80,443,8080,7062 protocol=tcp
add action=change-dscp chain=prerouting comment=\
_______DSCP_22_HTTP-S_LARGE new-dscp=22 passthrough=no port=\
80,443,8080 protocol=tcp
add action=change-dscp chain=postrouting comment=\
_______DSCP_22_HTTP-S_LARGE new-dscp=22 passthrough=no port=\
80,443,8080 protocol=tcp
add action=change-dscp chain=prerouting comment=_______DSCP_0_Torrents \
new-dscp=0 passthrough=no port=8999-65355 protocol=tcp
add action=change-dscp chain=postrouting comment=_______DSCP_0_Torrents \
new-dscp=0 passthrough=no port=8999-65355 protocol=tcp
add action=change-dscp chain=prerouting comment=_______DSCP_0_Torrents \
new-dscp=0 passthrough=no port=8999-65355 protocol=udp
add action=change-dscp chain=postrouting comment=_______DSCP_0_Torrents \
new-dscp=0 passthrough=no port=8999-65355 protocol=udp
add action=change-dscp chain=prerouting comment=\
"_______DSCP_12_All others" new-dscp=12 passthrough=no
add action=change-dscp chain=postrouting comment=\
"_______DSCP_12_All others" new-dscp=12 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="Access modem" \
out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Allow Torrent" dst-port=61132 \
in-interface-list=WAN protocol=tcp to-addresses=10.157.138.101 \
to-ports=61132
add action=dst-nat chain=dstnat dst-port=61132 in-interface-list=WAN \
protocol=udp to-addresses=10.157.138.101 to-ports=61132
add action=dst-nat chain=dstnat comment=Hamachi_Desktop disabled=yes \
dst-port=1320 in-interface-list=WAN protocol=tcp to-addresses=\
10.157.138.100 to-ports=1320
add action=dst-nat chain=dstnat disabled=yes dst-port=1320 \
in-interface-list=WAN protocol=udp to-addresses=10.157.138.100 \
to-ports=1320
add action=dst-nat chain=dstnat comment=Hamachi_Lapi dst-port=1320 \
in-interface-list=WAN protocol=tcp to-addresses=10.157.138.101 \
to-ports=1320
add action=dst-nat chain=dstnat dst-port=1320 in-interface-list=WAN \
protocol=udp to-addresses=10.157.138.101 to-ports=1320
/ip firewall raw
add action=drop chain=prerouting comment="______Blocked Ports TCP" \
log-prefix="Block TCP" port=\
0,20,21,22,23,67-69,161-162,135-139,444-445,1080,1900 protocol=tcp
add action=drop chain=prerouting comment="______Blocked Ports UDP" \
log-prefix="Block UDP" port=\
0,20,21,22,23,161-162,135-139,444-445,1080,1900 protocol=udp
add action=add-src-to-address-list address-list="Port Scanners" \
address-list-timeout=1d chain=prerouting comment=\
"______Add Port scanners to list" in-interface-list=!LAN protocol=tcp \
psd=21,3s,3,1 time=0s-1d,sun,mon,tue,wed,thu,fri,sat
add action=add-src-to-address-list address-list="Port Scanners" \
address-list-timeout=1d chain=prerouting comment=\
"______NMAP FIN Stealth scan" protocol=tcp tcp-flags=\
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="Port Scanners" \
address-list-timeout=1d chain=prerouting comment="______SYN/FIN scan" \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="Port Scanners" \
address-list-timeout=1d chain=prerouting comment="______SYN/RST scan" \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="Port Scanners" \
address-list-timeout=1d chain=prerouting comment=\
"______FIN/PSH/URG scan" protocol=tcp tcp-flags=\
fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="Port Scanners" \
address-list-timeout=1d chain=prerouting comment="______ALL/ALL scan" \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="Port Scanners" \
address-list-timeout=1d chain=prerouting comment=\
"______NMAP NULL scan" protocol=tcp psd=21,3s,3,1 tcp-flags=\
!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=prerouting comment=\
"______Drop Port scanners from list" src-address-list="Port Scanners"
add action=jump chain=prerouting comment=______ddos_Protection \
jump-target=block-ddos protocol=tcp tcp-flags=syn
add action=drop chain=prerouting dst-address-list=ddosed \
src-address-list=ddoser
add action=return chain=block-ddos dst-limit=\
50,50,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddosed \
address-list-timeout=1d chain=block-ddos
add action=add-src-to-address-list address-list=ddoser \
address-list-timeout=1d chain=block-ddos
add action=jump chain=prerouting comment="Jump to ICMP chain" \
jump-target=icmp4 protocol=icmp
add action=accept chain=icmp4 comment="echo reply" icmp-options=0:0 \
limit=5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="net unreachable" icmp-options=3:0 \
protocol=icmp
add action=accept chain=icmp4 comment="host unreachable" icmp-options=3:1 \
protocol=icmp
add action=accept chain=icmp4 comment="protocol unreachable" \
icmp-options=3:2 protocol=icmp
add action=accept chain=icmp4 comment="port unreachable" icmp-options=3:3 \
protocol=icmp
add action=accept chain=icmp4 comment="fragmentation needed" \
icmp-options=3:4 protocol=icmp
add action=accept chain=icmp4 comment=echo icmp-options=8:0 limit=\
5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="time exceeded " icmp-options=\
11:0-255 protocol=icmp
add action=drop chain=icmp4 comment="drop other icmp" protocol=icmp
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add distance=1 gateway=1.0.0.1 routing-mark=to_WAN2
add distance=2 gateway=1.1.1.1 routing-mark=to_WAN2
add distance=1 gateway=1.1.1.1 routing-mark=to_WAN1
add distance=2 gateway=1.0.0.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=1.1.1.1
add check-gateway=ping distance=2 gateway=1.0.0.1
add check-gateway=ping distance=1 dst-address=1.0.0.1/32 gateway=\
192.168.2.1 scope=10
add distance=3 dst-address=1.0.0.1/32 type=blackhole
add check-gateway=ping distance=1 dst-address=1.1.1.1/32 gateway=\
192.168.0.1 scope=10
add distance=3 dst-address=1.1.1.1/32 type=blackhole
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=10.157.138.0/24
set ssh disabled=yes
set api disabled=yes
set winbox address=10.157.138.0/24
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ipv6 address
add disabled=yes from-pool=ipv6-pool-WAN1 interface=Bridge
add address=::1 from-pool=pool1 interface=Bridge
/ipv6 dhcp-client
add add-default-route=yes disabled=yes interface=WAN1 pool-name=pool1 \
pool-prefix-length=56 request=prefix
/ipv6 firewall address-list
add address=fe80::/16 list=allowed
add address=ff02::/16 comment=multicast list=allowed
add address=2a02::/48 list=allowed
/ipv6 firewall filter
add action=accept chain=input comment="Allow established and related" \
connection-state=established,related
add action=accept chain=input comment="Accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="Accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"Accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp \
src-address=fe80::/16
add action=drop chain=input comment=DropLL_from_public in-interface-list=\
WAN src-address=fe80::/16
add action=accept chain=input comment="Allow allowed addresses" \
src-address-list=allowed
add action=drop chain=input comment="Drop everything else Input"
add action=accept chain=forward comment=established,related \
connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=\
invalid
add action=accept chain=forward comment="Accept icmpv6" \
in-interface-list=LAN protocol=icmpv6
add action=accept chain=forward comment="Allow LAN" in-interface-list=LAN \
src-address-list=allowed
add action=drop chain=forward comment="Drop everything else Forward" \
log-prefix=IPV6_drop
/ipv6 nd
set [ find default=yes ] managed-address-configuration=yes \
other-configuration=yes ra-interval=20s-1m
/ipv6 route
add distance=0 gateway=Bridge
add disabled=yes distance=1 gateway=WAN1
add disabled=yes distance=1 gateway=WAN2
/lcd
set enabled=no touch-screen=disabled
/lcd interface pages
set 0 interfaces=wlan1_Mikrotik
/system clock
set time-zone-name=Europe/Athens
/system identity
set name=Router
/system ntp client
set enabled=yes server-dns-names=time.cloudflare.com
/system routerboard settings
set auto-upgrade=yes
/system watchdog
set watchdog-timer=no
/tool bandwidth-server
set enabled=no
/tool e-mail
set address=smtp.gmail.com from=<ksigalas@gmail.com> port=587 start-tls=\
yes user=ksigalas@gmail.com
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 120
Joined: Wed Aug 09, 2017 1:15 pm

Re: v6.48.2 [stable] is released!

Fri May 14, 2021 11:14 am

/ip route
add distance=1 gateway=1.0.0.1 routing-mark=to_WAN2
add distance=2 gateway=1.1.1.1 routing-mark=to_WAN2
add distance=1 gateway=1.1.1.1 routing-mark=to_WAN1
add distance=2 gateway=1.0.0.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=1.1.1.1
add check-gateway=ping distance=2 gateway=1.0.0.1
your default routes are wrong, you are using cloudflare's dns servers as your next hop..
Why do you use these weird mtu sizes on ether2&3?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3933
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.48.2 [stable] is released!

Fri May 14, 2021 11:24 am

your default routes are wrong, you are using cloudflare's dns servers as your next hop..
Is like incomplete or erroneous implementation of this:
viewtopic.php?f=23&t=157048
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3933
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.48.2 [stable] is released!

Fri May 14, 2021 11:38 am

Why do you use these weird mtu sizes on ether2&3?
Because on CRS109-8G-1S-2HnD-IN mtu can be set to 4064 and the think is: bigger the MTU, bigger the speed...
 
pe1chl
Forum Guru
Forum Guru
Posts: 7487
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.48.2 [stable] is released!

Fri May 14, 2021 11:46 am

Because on CRS109-8G-1S-2HnD-IN mtu can be set to 4064 and the think is: bigger the MTU, bigger the speed...
That is actually correct, but of course it will only work when you can increase the MTU over the entire path between systems.
So in practice it is only useful to do this in a local network between servers (e.g. storage network), but it makes no sense to put that on an internet interface.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3933
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.48.2 [stable] is released!

Fri May 14, 2021 12:03 pm

Because on CRS109-8G-1S-2HnD-IN mtu can be set to 4064 and the think is: bigger the MTU, bigger the speed...
That is actually correct, but of course it will only work when you can increase the MTU over the entire path between systems.
So in practice it is only useful to do this in a local network between servers (e.g. storage network), but it makes no sense to put that on an internet interface.
It's what _in short_ I say ;)
Actual standards is 2000 max MTU + VLAN TAGS, original standard is 1500 + VLAN TAGS
 
Note
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Jun 03, 2016 12:39 pm

Re: v6.48.2 [stable] is released!

Fri May 14, 2021 12:14 pm

Before i write that i found the issue and it was not the mikrotik router, i would like to say that i have the crs109 behind 2 nated provider's modem dsl-routers on giga ports and thats why the high MTU. Now for the routing rules, they r the only ones that work and i have failover. The method that is described in that link u gave above from chupaka, is not working for me and i do not have either internet. I do not know why......

Feel free to advice me for the right one failover script, but have in mind that i need to have failover when dsl from the 2 modem routers is down and not only router is rebooting or wan is down, e.t.c.

2 modem-routers, nat, dmz, thats is my setup. No pppoe client on MT, no pppoe passthrough or bridge on dsl modem routers. I do not know what kind of setup u have in your countries, but here our providers in most cases they do not allow to have other third party routers and i work like as i describe.
 
pe1chl
Forum Guru
Forum Guru
Posts: 7487
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.48.2 [stable] is released!

Fri May 14, 2021 1:57 pm

It's what _in short_ I say ;)
Actual standards is 2000 max MTU + VLAN TAGS, original standard is 1500 + VLAN TAGS
Actually on Gigabit ethernet the "jumbo frame" standard is often supported and the max MTU is 9000.
That is to allow significantly larger frames and improve throughput, although as usual it was invented at a time when that was more of a problem and increased system performance has made it less necessary.
(and/or the proponents have concluded that it is impossible to achieve wide acceptance of a higher MTU)

MTU in the 1500-2000 range is something different, that is to allow some headroom for PPPoE (RFC4638), MPLS, multiple level VLAN tags, etc.
With that, the finally available MTU for the network traffic remains 1500. But for jumbo frame it is much higher.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Fri May 14, 2021 2:34 pm

This should be taken out of 6.48.2 thread and over to a new thread.
Nothing to do with 6.48.2 release.
 
AKAGHT
Posts: 0
Joined: Fri May 14, 2021 11:53 pm
Location: Romania
Contact:

Re: v6.48.2 [stable] is released!

Sat May 15, 2021 12:07 am

I can confirm Port Flapping ( once after upgrade to 6.48.2 from 6.48.1 ) on CCR 2004, about 2 hours after the upgrade.

I did a manual restart ( Unplugged the 2 cables from PSU ) and no problems, running stable for 7 days.

No port flapping on CCR 1009, 1016 Rev1, HAP AC2, CAP AC, CRS3XX SW.

All devices have SW upgrade and FW upgrade to 6.48.2.

IPSEC IKEV2 setups still not as compatible with other brands. The best compatibility is in 6.47.9.
 
TheRyuu
Posts: 0
Joined: Mon May 17, 2021 1:56 am

Re: v6.48.2 [stable] is released!

Mon May 17, 2021 2:15 am

Hmm, nothing about DoH memory leakage fix.
Little late to this party but I've been using DoH since it came out in 6.47 with Cloudflare and haven't seen any memory leakage. I'm on LTS currently but I've was on stable too for quite some time and don't think I've encountered it. Granted I didn't start looking until I saw it in this thread a week ago. How long does it normally take for the leak to cause stability issues? I've had uptimes of several weeks (time between releases basically) and no issue (I'm checking every week now but haven't noticed anything). Currently at 3 days uptime with 97MB of used memory. Fresh after reboot it's around 95-100MB.

Have an RB2011 (w/built in wifi) and a pretty basic config where I'm using DoH.
I'm not sure if there are different ways to set up DoH but all I did was add the cert, add cloudflare-dns.com as two static entries (pointing to 1.1.1.1 and 1.0.0.1) and put https://cloudflare-dns.com/dns-query in the DoH field with verify turned on.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2164
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.48.2 [stable] is released!

Mon May 17, 2021 8:04 am

Do you verify the certificate?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8542
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.48.2 [stable] is released!

Mon May 17, 2021 2:04 pm

Looks like yes:
with verify turned on.
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
TheRyuu
Posts: 0
Joined: Mon May 17, 2021 1:56 am

Re: v6.48.2 [stable] is released!

Mon May 17, 2021 11:30 pm

Do you verify the certificate?
Yes. Verify DoH Cert is checked on.
 
bbs2web
Member Candidate
Member Candidate
Posts: 218
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: v6.48.2 [stable] is released!

Wed May 19, 2021 2:49 am

Hi,

I appear to be experiencing a problem getting dot1x server to work with mac authentication fallback when the supplicant is supposed to timeout. Has anyone validated whether or not this works?

We're running Packet Fence 10.3 and have 802.1x wireless and wired authentication working but only wireless no-EAP works as the wired mode never appears to fall back to trying mac based authentication.

/interface dot1x server
  add accounting=yes auth-timeout=1m auth-types=dot1x,mac-auth disabled=no interface=ether4 interim-update=15m
  mac-auth-mode=mac-as-username radius-mac-format=XX:XX:XX:XX:XX:XX retrans-timeout=30s


Regards
David Herselman
 
EdPa
MikroTik Support
MikroTik Support
Posts: 98
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

Re: v6.48.2 [stable] is released!

Wed May 19, 2021 12:26 pm

Hi bbs2web, mac-auth dot1x fixes are available in testing version:
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);

We will include them in the next stable release as well.
 
bbs2web
Member Candidate
Member Candidate
Posts: 218
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: v6.48.2 [stable] is released!

Wed May 19, 2021 5:48 pm

Many thanks, great news!
Hi bbs2web, mac-auth dot1x fixes are available in testing version:
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);

We will include them in the next stable release as well.
 
bbs2web
Member Candidate
Member Candidate
Posts: 218
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: v6.48.2 [stable] is released!

Thu May 20, 2021 9:39 am

Hi EdPa,

Any plans on supporting RADIUS disconnect for dot1x, as it works for wireless? Also any plans to support CoA (change of authorisation)?

Hi bbs2web, mac-auth dot1x fixes are available in testing version:
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
 
Olsm2
Posts: 0
Joined: Thu Apr 29, 2021 3:36 pm

Re: v6.48.2 [stable] is released!

Fri May 21, 2021 3:36 pm

Upgraded an RB3011 to 6.48.2 and log started filling up with OSPF errors and no OSPF routes were being distributed.
Ignoring Link State Acknowledgment packet: wrong peer state
 state=2-Way

Other OSPF routers distributing routes on the same backbone include 3 CHRs and an RB750Gr3.

I wasn't planning to yet, but I upgraded the other devices to 6.48.2 and finally OSPF is working as it's supposed to again.

Just a heads up in case anyone else has as similar issue and suddenly finds themselves having to upgrade and reboot everything.
I have the same ospf error. Updating the devices to 6.48.2 no fixed it. I made a downgrade of 6.47.9 and it worked again.
 
mx5gr
just joined
Posts: 10
Joined: Thu Jun 22, 2017 6:02 pm

Re: v6.48.2 [stable] is released!

Fri May 21, 2021 4:49 pm

Hello to all!

I've been using 6.48.2 for a while now in my small home business network, based on a RB760iGS as a master router and CAPSMAN manager and two access points, one cAP AC (RBcAPGi-5acD2nD) and another one cAP Lite (RBcAPL-2nD), both as CAP Clients. All devices have their firmware upgraded as well to 6.48.2.

Although the wireless network load is very small (some kbps from 4 devices), the cAP AC memory is almost never under 87% (it varies from 78% to over 90%). Sometimes it even resets itself, probably due to lack of resources). At the same time, the much lighter cAP Lite with the same amount of wireless clients and traffic, never exceeds 40% memory utilization.

I use Local Forwarding in CAPSMAN and I have also deactivated all non-necessary software packages in both (same package config in both). When the wireless package is deactivated in the ARM AP (the cAP AC), memory consumption drops to 55%. I use one wireless network in each chain (2.4/5 GHz), i.e. total two available wireless networks.

This memory consumption was not observed under the previous firmware, 6.48.1. Most notably, it occurs in the ARM wireless device and not the MIPS one.

If anyone could point to any direction towards reducing this memory allocation under the ARM architecture or if he/she has experienced the same behavior from the AP, it would be much appreciated to know about.
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 719
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.48.2 [stable] is released!

Wed May 26, 2021 11:49 am

New version 6.48.3 has been released in stable RouterOS channel:

viewtopic.php?f=21&t=175537

Who is online

Users browsing this forum: No registered users and 13 guests