Community discussions

 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

v6.38 [current] is released!

Mon Jan 02, 2017 2:41 pm

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

Important note!!!
RouterOS v6.38 contains STP/RSTP changes which makes bridges compatible with IEEE 802.1Q-2014 by sending and processing BPDU packets without VLAN tag.
To avoid STP/RSTP compatibility issues with older RouterOS versions, upgrade RouterOS to v6.38 on all routers in Layer2 networks with VLAN and STP/RSTP configurations.
The recommended procedure is to start by upgrading the remotest routers and gradually do it to the Root Bridge device.
If after upgrade you experience loss of connectivity, then disabling STP/RSTP on RouterOS bridge interface will restore connectivity so you can complete upgrade process on your network.

!) ipsec - added IKEv1 xauth user authentication with RADIUS "/ip ipsec user settings set xauth-use-radius=yes";
!) ipsec - added IKEv2 support;
!) ipsec - added IKEv2 EAP RADIUS passthrough authentication for responder;
!) ipsec - added support for unique policy generation;
!) ipsec - removed IKEv1 ah+esp support;
!) snmp - added basic get and walk functionality "/tool snmp-[get|walk]";
!) switch - added hardware STP functionality for CRS devices and small Atheros switch chips (http://wiki.mikrotik.com/wiki/Manual:CR ... e_Protocol);
!) tr069-client - initial implementation (as separate package) (cli only);
!) winbox - Winbox 3.7 is the minimum version that can connect to RouterOS;
*) arp - added "local-proxy-arp" feature;
*) bonding - added "forced-mac-address" option;
*) bonding - fixed "tx-drop" on VLAN over bonding on x86;
*) bridge - fixed rare crash on bridge port removal;
*) bridge - fixed VLAN BPDU rx and tx when connected to non-RouterOS device with STP functionality;
*) bridge - require admin-mac to be specified if auto-mac is disabled;
*) bridge - show bridge port name in port monitor;
*) capsman - added "group-key-update" parameter;
*) capsman - added possibility to change arp, mtu, l2mtu values in datapath configuration;
*) capsman - fixed CAP upgrade when separate wireless package is used (introduced in 6.37);
*) capsman - use correct source address in reply to unicast discovery requests;
*) ccr - added AHCI driver for Samsung XP941 128GB AHCI M.2;
*) certificates - added support for PKCS#12 export;
*) certificates - allow import multiple certs with the same key;
*) certificates - fixed crash when crl is removed while it is being fetched;
*) certificates - fixed trust chain update on local certificate revocation in programs using ssl;
*) certificates - if no name provided create certificate name automatically from certificate fields;
*) console - fixed multi argument value unset;
*) crs - added comment ability in more switch menus;
*) crs - fixed rare kernel failure on switch reset (for example, reboot);
*) dhcp - fixed DNS server assignment to client if dynamic server exists and is from another IP family;
*) dhcp - fixed issue when dhcp-client was still possible on interfaces with "slave" flag and using slave interface MAC address;
*) dhcp - show dhcp server as invalid and log an error when interface becomes a slave;
*) dhcp-server - fixed when wizard was unable to create pool >dhcp_pool99;
*) discovery - added LLDP support;
*) discovery - removed 6to4 tunnels from "/ip neighbor discovery menu";
*) dns - added "max-concurrent-queries" and "max-concurrent-tcp-sessions" settings;
*) dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=8&t=112599);
*) ethernet - added "k" and "M" unit support to Ethernet Bandwidth setting;
*) ethernet - fixed "tx-fcs-error" on SFP+ interfaces when loop-protect is enabled;
*) export - do not show interface comment in "/ip neighbor discovery" menu;
*) export - updated default values to clean up export compact;
*) fastpath - fixed rare crash;
*) fastpath - fixed x86 bridge fast-path status shown as active even if it is manually disabled;
*) file - fixed file manager crash when file transfer gets cancelled;
*) firewall - added "creation-time" to address list entries;
*) firewall - added sctp/dccp/udp-lite support for "src-port", "dst-port", "port" and "to-ports" firewall options;
*) firewall - do not defragment packets which are marked with "notrack" in raw firewall;
*) firewall - fixed "time" option by recognizing weekday properly (introduced in v6.37.2);
*) firewall - fixed dynamic raw rule behaviour;
*) firewall - fixed rule activation if "time" option is used and no other active rules are present;
*) firewall - increased max size of connection tracking table to 1048576;
*) firewall - new faster "connection-limit" option implementation;
*) firewall - significantly improved large firewall rule set import performance;
*) graphing - fixed queue graphs showing up in web interface if aggregate name size >57840 symbols;
*) health - show power consumption on devices which has voltage and current monitor;
*) hotspot - fixed nat rule port setting in "hs-unauth-to" chain by changing it from "dst-port" to "src-port" on Walled Garden ip "return" rules;
*) interface - changed loopback interface mtu to 1500;
*) interface - do not treat multiple zeros as single zero on name comparison;
*) interface - show link stats in "/interface print stats-detail" output;
*) ipsec - added ability to specify static IP address at "send-dns" option;
*) ipsec - added ph2 accounting for each policy "/ip ipsec policy ph2-count";
*) ipsec - allow to specify explicit split dns address;
*) ipsec - changed logging topic from error to debug when empty pfkey messages are received;
*) ipsec - do not auto-negotiate more SAs than needed;
*) ipsec - ensure generated policy refers to valid proposal;
*) ipsec - fixed camellia crypto algorithm module loading;
*) ipsec - fixed IPv6 remote prefix;
*) ipsec - fixed kernel failure on tile with sha256 when hardware encryption is not being used;
*) ipsec - fixed peer configuration my-id IPv4 address endianness;
*) ipsec - fixed ph2 auto-negotiation by checking policies in correct order;
*) ipsec - load ipv6 related modules only when ipv6 package is enabled;
*) ipsec - make generated policies always as unique;
*) ipsec - non passive peers will also establish SAs from policy without waiting for the first packet;
*) ipsec - optimized logging under ipsec topic;
*) ipsec - show active flag when policy has active SA;
*) ipsec - show SA "enc-key-size";
*) ipsec - split "mode-config" and "send-dns" arguments;
*) ipv6 - added "no-dad" setting to ipv6 addresses;
*) ipv6 - fixed "accept-router-advertisements" behaviour;
*) ipv6 - moved empty IPv6 pool error message to error topic;
*) lcd - improved performance, causes less cpu load;
*) led - fixed dark mode for cAP 2nD (http://wiki.mikrotik.com/wiki/Manual:Sy ... ds_Setting);
*) log - fixed "System rebooted because of kernel failure" message to show after 1st crash reboot;
*) lte - added support for more Vodafone K4201-Z, Novatel USB620L, PANTECH UML295 and ZTE MF90 modems;
*) lte - allow to execute concurrent info commands;
*) lte - fixed dwm-222, Pantech UML296 support;
*) lte - fixed init delay after power reset;
*) lte - increased delay when setting sms send mode;
*) lte - return info data when all the fields are populated;
*) metarouter - fixed startup process (introduced in 6.37.2);
*) mmips - fixed traffic accounting in "/interface" menu;
*) ospf - fixed route crash caused by memory corruption when there are multiple active interfaces;
*) ppp - fixed packet size calculation when MRRU is set (was 2 bytes bigger than MTU allows);
*) ppp - significantly improved shutdown speed on servers with many active tunnels;
*) ppp - significantly improved tunnel termination process on servers with many active tunnels;
*) profile - added "bfd" and "remote-access" processes;
*) profile - added ability to monitor cpu usage per core;
*) profile - make profile work on mmips devices;
*) profile - properly classify "wireless" processes;
*) queue - fixed "time" option by recognizing weekday properly (introduced in v6.37.2);
*) radius - added IPSec service (cli only);
*) rb750Gr3 - fixed ipsec with 3des+md5 to work on this board;
*) rb850Gx2 - fixed pcb temperature monitor if temperature was above 60C;
*) resolver - ignore cache entries if specific server is used;
*) routerboot - show log message if router CPU/RAM is overclocked;
*) script - increment run count value when script is executed from snmp;
*) snmp - always report bonding speed as speed from first bonding slave;
*) snmp - fixed rare crash when incorrectly formatted packet was received;
*) snmp - provide sinr in lte table;
*) ssh - added routing-table setting (cli only);
*) ssh - fixed lost "/ip ssh" settings on upgrade from version older than 5.15;
*) system - reboot device on critical program crash;
*) tile - fixed kernel failure when when IPv6 ICMP packet is sent through PPP interface;
*) time - updated time zones;
*) traceroute - fixed memory leak;
*) traffic-flow - fixed flow sequence counter and length;
*) trafficgen - fixed compact export when "header-stack" includes tcp;
*) trafficgen - fixed crash when IPv6 traffic is processed;
*) trafficgen - fixed potential crash when very big frame is generated;
*) trafficgen - improved fastpath support;
*) tunnel - fixed transmit packets occasionally not going through fastpath;
*) tunnel - properly export keepalive value;
*) usb - fixed kernel failure when Nexus 6P device is removed;
*) users - added minimal required permission set for full user group;
*) users - added TikApp policy;
*) vlan - allow to add multiple VLANs which name starts with same number and has same length;
*) vrrp - do not show unrelated log warning messages about version mismatch;
*) watchdog - do not send supout file if "auto-send-supout" is disabled;
*) webfig - added extra protection against XSS exploits;
*) webfig - show ipv6 addresses correctly;
*) webfig - show properly interface last-link-up/down times;
*) winbox - added "Complete" flag to arp table;
*) winbox - added "untracked" option to firewall "connection-state" setting;
*) winbox - added Dude icon to Dude menu;
*) winbox - allow to enable/disable traffic flow targets;
*) winbox - allow to run profile from "/system resources" menu;
*) winbox - allow to specify interface for leds with "interface-speed" trigger;
*) winbox - do not allow to set "loop-protect-send-interval" to 0s;
*) winbox - do not show hotspot user profile incoming and outgoing filters and marks as set if there is no value specified;
*) winbox - fixed crash when legacy Winbox version was used;
*) winbox - fixed default values for interface "loop-protect-disable-time" and "loop-protect-send-interval";
*) winbox - fixed missing "IPv6/Settings" menu;
*) winbox - fixed typo in "propagate-ttl" setting;
*) winbox - make cert signing include provided ca-crl-host;
*) winbox - moved ipsec peer "exchange-mode" to General tab;
*) winbox - properly show VHT basic and supported rates in CAPsMAN;
*) winbox - removed spare values from loop-protect menu;
*) winbox - show all related HT tab settings in 2GHz-g/n mode;
*) winbox - show primary and secondary ntp addresses as 0.0.0.0 if none are set;
*) winbox - show proper ipv6 connection timeout;
*) wireless - added API command to report country-list (/interface/wireless/info/country-list);
*) wireless - added CRL checking for eap-tls;
*) wireless - fixed action frame handling for WDS nodes;
*) wireless - fixed custom channel extension-channel appearance in console;
*) wireless - fixed full "spectral-history" header print on AP modes;
*) wireless - fixed rare kernel failure when connecting to nv2 access point with legacy rate select;
*) wireless - fixed upgrade from older wireless packages when AP interface had empty SSID;
*) wireless - take in account channel width when returning supported channels;
*) wireless - use VLAN ID 0 in RADIUS message to disable VLAN tagging;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
User avatar
G2Dolphin
Member Candidate
Member Candidate
Posts: 157
Joined: Sun May 17, 2015 6:03 pm
Location: Moscow, Russia

Re: v6.38 [current] is released!

Mon Jan 02, 2017 2:53 pm

Never seen that big changelog yet. :)

Thank you, and a have a happy New Year!
Home: RB3011UiAS-IN (2011 case+3011-RM), hAP ac, mAP2n/mAP2nD, GrooveA-52HPn, hEX (r3), hAP lite, RB951G-2HnD
Work: RB2011UiAS-RM / UiAS-2HnD-IN, RB951G-2HnD, hEX (r3), CRS125-24G-1S-2HnD-IN, CCR1009-8G-1S-1S+
 
irghost
Member Candidate
Member Candidate
Posts: 281
Joined: Sun Feb 21, 2016 1:49 pm

Re: v6.38 [current] is released!

Mon Jan 02, 2017 4:01 pm

*) radius - added IPSec service (cli only);
please at it in Winbox
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
patrick7
Member Candidate
Member Candidate
Posts: 298
Joined: Sat Jul 20, 2013 2:40 pm

Re: v6.38 [current] is released!

Mon Jan 02, 2017 4:15 pm

*) snmp - always report bonding speed as speed from first bonding slave;
Why? Bondings with 2x1Gbps are now shown as 1Gbps which is not true.
Except from the STP problems which I already reported by E-Mail - good work! :-)

Happy new year.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.38 [current] is released!

Mon Jan 02, 2017 4:33 pm

patrick7 - Bonding in past reported 2Gbps always. It did not matter if bonding had 2,3,4,5, etc. slave interfaces. Now it will simply report single link speed:
*) snmp - always report bonding speed as speed from first bonding slave;
 
chg123
just joined
Posts: 8
Joined: Mon May 11, 2015 1:24 pm

Re: v6.38 [current] is released!

Mon Jan 02, 2017 4:34 pm

Strange Bug:
After upgrading my CCR1009-8G-1S-1S+ from 6.37.3 to 6.38 the exported config mixed up the interface IDs:

/interface ethernet
set [ find default-name=ether5 ] l2mtu=1520 name=ether1-kbd
set [ find default-name=ether6 ] l2mtu=1520 name=ether2
set [ find default-name=ether7 ] l2mtu=1520 name=ether3
set [ find default-name=ether8 ] l2mtu=1520 name=ether4-inl
set [ find default-name=ether1 ] name=ether5-wan-lacp1-1
set [ find default-name=ether2 ] name=ether6-wan-lacp1-2
set [ find default-name=ether3 ] name=ether7-wan
set [ find default-name=ether4 ] name=ether8-wan

This was definitely NOT the actively running config since i did not rename the interfaces that crappy ;)

Just to make sure that the export was wrong tried to load this config into the zeroed device but it failed.

after a manual correction to:

/interface ethernet
set [ find default-name=ether1 ] l2mtu=1520 name=ether1-kbd
set [ find default-name=ether2 ] l2mtu=1520
set [ find default-name=ether3 ] l2mtu=1520
set [ find default-name=ether4 ] l2mtu=1520 name=ether4-inl
set [ find default-name=ether5 ] name=ether5-wan-lacp1-1
set [ find default-name=ether6 ] name=ether6-wan-lacp1-2
set [ find default-name=ether7 ] name=ether7-wan
set [ find default-name=ether8 ] name=ether8-wan

everything worked fine.

Is there any explanation for this effect?

Cheers,

Christoph
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.38 [current] is released!

Mon Jan 02, 2017 4:55 pm

*) arp - added "local-proxy-arp" feature;
*) bonding - added "forced-mac-address" option;
Any chance to get some documentation for those features?
*) traffic-flow - fixed flow sequence counter and length;
What was wrong with it?
*) winbox - allow to run profile from "/system resources" menu;
Can't see anything in Resources...
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.38 [current] is released!

Mon Jan 02, 2017 4:57 pm

After upgrading my CCR1009-8G-1S-1S+ from 6.37.3 to 6.38 the exported config mixed up the interface IDs:

/interface ethernet
set [ find default-name=ether5 ] l2mtu=1520 name=ether1-kbd
set [ find default-name=ether6 ] l2mtu=1520 name=ether2
set [ find default-name=ether7 ] l2mtu=1520 name=ether3
set [ find default-name=ether8 ] l2mtu=1520 name=ether4-inl
set [ find default-name=ether1 ] name=ether5-wan-lacp1-1
set [ find default-name=ether2 ] name=ether6-wan-lacp1-2
set [ find default-name=ether3 ] name=ether7-wan
set [ find default-name=ether4 ] name=ether8-wan

This was definitely NOT the actively running config since i did not rename the interfaces that crappy ;)

Just to make sure that the export was wrong tried to load this config into the zeroed device but it failed.
At least it was because ether6 cannot be renamed to ether2: ether2 already exists and will be renamed later :) So sorting in Export should be not by name, but by default-name
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
Campano
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Mon Apr 17, 2006 2:35 am
Location: Ñuñoa - Chile
Contact:

Re: v6.38 [current] is released!

Mon Jan 02, 2017 5:27 pm

Nice work, now try! and check all is working :D
 
Siona
Frequent Visitor
Frequent Visitor
Posts: 83
Joined: Thu Jan 29, 2015 11:56 am

Re: RE: v6.38 [current] is released!

Mon Jan 02, 2017 6:37 pm



!) ipsec - added support for unique policy generation;



*) ipsec - added ability to specify static IP address at "send-dns" option;
*) ipsec - added ph2 accounting for each policy "/ip ipsec policy ph2-count";
*) ipsec - allow to specify explicit split dns address;
*) ipsec - changed logging topic from error to debug when empty pfkey messages are received;
*) ipsec - do not auto-negotiate more SAs than needed;
*) ipsec - ensure generated policy refers to valid proposal;
*) ipsec - fixed camellia crypto algorithm module loading;
*) ipsec - fixed IPv6 remote prefix;
*) ipsec - fixed kernel failure on tile with sha256 when hardware encryption is not being used;
*) ipsec - fixed peer configuration my-id IPv4 address endianness;
*) ipsec - fixed ph2 auto-negotiation by checking policies in correct order;
*) ipsec - load ipv6 related modules only when ipv6 package is enabled;
*) ipsec - make generated policies always as unique;
*) ipsec - non passive peers will also establish SAs from policy without waiting for the first packet;
*) ipsec - optimized logging under ipsec topic;
*) ipsec - show active flag when policy has active SA;
*) ipsec - show SA "enc-key-size";
*) ipsec - split "mode-config" and "send-dns" arguments;

.
Is it working out of box? Or need I configure this?
Especially unique policy.
 
borisk
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Mon Jul 04, 2016 10:02 pm
Location: Nizhniy Tagil, Russia

Re: v6.38 [current] is released!

Mon Jan 02, 2017 6:56 pm

Hello!

Sorry, what mean
*) interface - changed loopback interface mtu to 1500;
? There is special loopback interface now? Can't find it.

Regards,
Boris
 
User avatar
pietroscherer
Trainer
Trainer
Posts: 170
Joined: Thu Mar 05, 2015 3:05 pm
Location: RS, Brazil
Contact:

Re: v6.38 [current] is released!

Mon Jan 02, 2017 7:02 pm

*) routerboot - show log message if router CPU/RAM is overclocked;

It's possible to have a info message, when the router's CPU/RAM is out of factory/default value?
Pietro Scherer
http://www.tchesolutions.com.br [ISPs Consulting and Training]
http://www.routermage.com [Backup and Automation System]
:D
 
DuduZZZ
just joined
Posts: 6
Joined: Tue Aug 23, 2016 11:31 am
Location: Hungary

Re: v6.38 [current] is released!

Mon Jan 02, 2017 7:16 pm

Hello,

After upgrade in the log appear: system, info, critical - memory overclocked. All device which is contain 128 MB memory.

Image

Devices affected in my network:
1x RB2011UiAS
2x CRS109-8G-1S-2HnD
2x CRS125-24G-1S

Devices not affected in my network:
2x RB3011UiAS

Thanks & Regards,
David
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 249
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.38 [current] is released!

Mon Jan 02, 2017 7:36 pm

patrick7 - Bonding in past reported 2Gbps always. It did not matter if bonding had 2,3,4,5, etc. slave interfaces. Now it will simply report single link speed:
*) snmp - always report bonding speed as speed from first bonding slave;
For LACP that is Totally Wrong. In protocol less bonding this may be acceptable Something I never Use.
A bond with LACP have prerequisites that states that all members should be same link speed.
The snmp value for speed on a bond interface with LACP should be speed from first link (all is same) times number of link that have an active partner and is currently Aggregating and Hashing. This is how we can monitor if a fault is bound to happen.
 
cheeze
Member Candidate
Member Candidate
Posts: 146
Joined: Tue Jul 31, 2012 7:44 am

Re: v6.38 [current] is released!

Mon Jan 02, 2017 7:46 pm

patrick7 - Bonding in past reported 2Gbps always. It did not matter if bonding had 2,3,4,5, etc. slave interfaces. Now it will simply report single link speed:
*) snmp - always report bonding speed as speed from first bonding slave;
For LACP that is Totally Wrong. In protocol less bonding this may be acceptable Something I never Use.
A bond with LACP have prerequisites that states that all members should be same link speed.
The snmp value for speed on a bond interface with LACP should be speed from first link (all is same) times number of link that have an active partner and is currently Aggregating and Hashing. This is how we can monitor if a fault is bound to happen.
Correct me if I'm incorrect here but, I don't believe LACP bundles are something that RouterOS does. They haven't implemented that to my knowledge. It's been asked (a lot) and now maybe since they are not focusing on the current routing stack they might do it...

edit:

I was wrong, Mikrotik does support LACP/802.3ad

I'm sorry :(
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: The Dude, v6.38 [current] release.

Mon Jan 02, 2017 8:15 pm

First of all happy new year and nice work on overall ipsec improvements.

But the password length is still capped to 31 characters, which creates incompatibility to previous versions with long xauth passwords
i wrote this here:
http://forum.mikrotik.com/viewtopic.php ... 86#p573186

please try to fix it :)
 
JanezFord
Member Candidate
Member Candidate
Posts: 263
Joined: Wed May 23, 2012 10:58 am

Re: v6.38 [current] is released!

Mon Jan 02, 2017 10:11 pm

Upgraded many devices without problems except two of rb912uag-2hnd with r11e-5nhd which never came back online - same config - cap client. Remote poe off/on did not help. Be carefull if you have rb912 devices.

JF.

Edit: Also missing one of rb951g-2hnd devices. Will not upgrade rest until sure of 6.38 stability.
Edit2: rb951g-2hnd came back online ... still missing both 912s ... poe reboot not helping.
Last edited by JanezFord on Mon Jan 02, 2017 10:27 pm, edited 1 time in total.
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 249
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.38 [current] is released!

Mon Jan 02, 2017 10:18 pm

edit:

I was wrong, Mikrotik does support LACP/802.3ad

I'm sorry :(
;-) Right. I would not be a customer if they had not supported LACP. On the plus side is that they even have minimum link property for channel up state. I bought the 1036 before 1072 was out and I only use the two sfp+ ports LACP bundled to our redundant Core. Now with 1072 We have even more ports. Waiting eagerly for qsfp+ and qsfp28 Products from MT but that will be the day. Not so interesting before everything is multicore anyway.
 
csi
newbie
Posts: 31
Joined: Wed Mar 02, 2016 10:05 am

Re: v6.38 [current] is released!

Mon Jan 02, 2017 10:30 pm

Happy new year first!

After upgrading some of my boxes, I get an issue with a CRS109-8G-1S-2HnD. I use some tagged VLANs between a RB3011 and the CRS box. When I upgrade the CRS box, the interfaces are not useable and the CRS box is not reachable. When I take a downgrade to 6.37.3 the device is back. I have tested twice and also with an fresh upload of the firmware to the box. Normally I use the CAPsMan to upgrade my devices.

Please let me know, if you need some more information.


Cheers
csi
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Mon Jan 02, 2017 10:43 pm

I use some tagged VLANs between a RB3011 and the CRS box. When I upgrade the CRS box, the interfaces are not useable and the CRS box is not reachable.
Did you read the release notes?
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 249
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.38 [current] is released!

Mon Jan 02, 2017 10:45 pm

Hello!

Sorry, what mean
*) interface - changed loopback interface mtu to 1500;
? There is special loopback interface now? Can't find it.

Regards,
Boris

+1 What does it say? Do we have Loopback Interface Now? Cant seem to find either in winbox nor in cli.
 
User avatar
GioMac
just joined
Posts: 3
Joined: Sun Dec 27, 2015 7:02 am
Location: Tbilisi, Georgia
Contact:

Re: v6.38 [current] is released!

Mon Jan 02, 2017 11:00 pm

Great release... And IPSec died for RW configuration
jan/03 00:43:12 ipsec,info respond new phase 1 (Identity Protection): x.x.x.x
2[500]<=>y.y.y.y[500] 
jan/03 00:43:13 ipsec,info ISAKMP-SA established x.x.x.x[4500]-y.y.y.y[
4500] spi:zzzz
jan/03 00:43:13 ipsec,info acquired 192.168.23.250 address for y.y.y.y[4500] 
jan/03 00:43:13 ipsec,info Xauth login succeeded for user: giomac 
jan/03 00:43:14 ipsec,error y.y.y.y[ failed to pre-process ph2 packet. 
jan/03 00:43:17 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:20 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:23 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:26 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:29 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:32 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:35 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:38 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:41 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:44 ipsec,info purging ISAKMP-SA x.x.x.x[4500]<=>y.y.y.y[45
00] spi=jjjj. 
jan/03 00:43:45 ipsec,info ISAKMP-SA deleted x.x.x.x[4500]-y.y.y.y[4500
] spi:wwww rekey:1 
jan/03 00:43:45 ipsec,info releasing address 192.168.23.250 
 
csi
newbie
Posts: 31
Joined: Wed Mar 02, 2016 10:05 am

Re: v6.38 [current] is released!

Mon Jan 02, 2017 11:07 pm

I use some tagged VLANs between a RB3011 and the CRS box. When I upgrade the CRS box, the interfaces are not useable and the CRS box is not reachable.
Did you read the release notes?
Yes I have. But I'm not using STP and bridges only for the WiFi interfaces. Or have I made a mistake with my thinking?
 
locodog
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Sun Apr 12, 2015 4:00 am

Re: v6.38 [current] is released!

Mon Jan 02, 2017 11:14 pm

Hello!

Sorry, what mean
*) interface - changed loopback interface mtu to 1500;
? There is special loopback interface now? Can't find it.

Regards,
Boris

+1 What does it say? Do we have Loopback Interface Now? Cant seem to find either in winbox nor in cli.


There is no Loopback interface added. If you need loopback interface simply create bridge and do not add any ports to it. (MTU of 1500 is for that empty bridge used as loopback).
 
locodog
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Sun Apr 12, 2015 4:00 am

Re: v6.38 [current] is released!

Mon Jan 02, 2017 11:16 pm

I use some tagged VLANs between a RB3011 and the CRS box. When I upgrade the CRS box, the interfaces are not useable and the CRS box is not reachable.
Did you read the release notes?

Also, does this affects L2 connections with another vendors? What exactly changed so that VLAN on 6.38 is different from vlan 6.37 and older?
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 12:05 am

I use some tagged VLANs between a RB3011 and the CRS box. When I upgrade the CRS box, the interfaces are not useable and the CRS box is not reachable.
Did you read the release notes?
Yes I have. But I'm not using STP and bridges only for the WiFi interfaces. Or have I made a mistake with my thinking?
Bridges have STP enabled by default. Did you set "protocol: none" on your bridges? If not, they have STP.
 
csi
newbie
Posts: 31
Joined: Wed Mar 02, 2016 10:05 am

Re: v6.38 [current] is released!

Tue Jan 03, 2017 2:20 am

I use some tagged VLANs between a RB3011 and the CRS box. When I upgrade the CRS box, the interfaces are not useable and the CRS box is not reachable.
Did you read the release notes?
Yes I have. But I'm not using STP and bridges only for the WiFi interfaces. Or have I made a mistake with my thinking?
Bridges have STP enabled by default. Did you set "protocol: none" on your bridges? If not, they have STP.
On the CRS the bridges are disabled, on the RB3011 not of course. I have enabled RSTP on CRS for testing, but same problem.
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 249
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.38 [current] is released!

Tue Jan 03, 2017 11:36 am

*) interface - changed loopback interface mtu to 1500;
There is no Loopback interface added. If you need loopback interface simply create bridge and do not add any ports to it. (MTU of 1500 is for that empty bridge used as loopback).
This is well known to all of us this is why we are asking this question.
The release notes states that mtu values have changed for Loopback Interface. Hello WHAT LOOPBACK INTERFACE.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 11:42 am

Probably the loopback interface (lo) internal to the Linux system that is beneath the RouterOS that you can see from the outside.
This by default has an MTU of 65536. Maybe this caused problems in some special case where traffic is sent via the loopback
for internal operations of the router and the first hop has a large MTU but later hops have smaller MTU.
 
User avatar
Plnt
just joined
Posts: 6
Joined: Thu Jul 16, 2015 2:27 pm
Contact:

Re: v6.38 [current] is released!

Tue Jan 03, 2017 12:22 pm

Hello,

After upgrade in the log appear: system, info, critical - memory overclocked. All device which is contain 128 MB memory.

Image

Devices affected in my network:
1x RB2011UiAS
2x CRS109-8G-1S-2HnD
2x CRS125-24G-1S

Devices not affected in my network:
2x RB3011UiAS

Thanks & Regards,
David
I have the same problem on two different RouterBOARD 911 Lite5 after the upgrade. I didn't do any overclocking on the devices. Apart from the message I didn't noticed any problems - everything works fine.
jan/03/2017 11:08:24 system,info,critical memory overclocked
[admin@xxx] > /system routerboard print 
                ;;; Warning: memory overclocked
...
Last edited by Plnt on Tue Jan 03, 2017 12:24 pm, edited 1 time in total.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.38 [current] is released!

Tue Jan 03, 2017 12:23 pm

Do not worry about these overclocked messages - they are still work on progress. If you have not overclocked device manually, then there is no need to worry about that.
We are still improving this feature.
 
alfonzz
just joined
Posts: 16
Joined: Wed Oct 15, 2014 12:16 pm
Location: CZ

Re: v6.38 [current] is released!

Tue Jan 03, 2017 12:41 pm

Hello,
After upgrade in the log appear: system, info, critical - memory overclocked. All device which is contain 128 MB memory.
Image
It happens me too - on SXT lite5 with 64MB memory...
wtf?
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 1:31 pm

fantastic news !!
*put teapot on, unpacked pack of (vanilla)cookies and immediately start celebrating THAT !!*
thanks for continued efforts to Improve your products/ROS, MT !!
happy new year, anyone !
 
hgkeh
just joined
Posts: 2
Joined: Wed Mar 07, 2012 5:54 am

Re: v6.38 [current] is released!

Tue Jan 03, 2017 2:08 pm

I just upgraded my RB751U-2HnD, and after reboot all my LED stop functioning (no light).
 
kristaps
Member Candidate
Member Candidate
Posts: 272
Joined: Mon Jan 27, 2014 1:37 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 3:17 pm

Just upgraded five RB751U with different configurations to 6.38 . All booted up without issues.

@hgkeh can you please post your configuration that you used on RB751U, that we can try to replicate your issue.
 
hgkeh
just joined
Posts: 2
Joined: Wed Mar 07, 2012 5:54 am

Re: v6.38 [current] is released!

Tue Jan 03, 2017 3:35 pm

# jan/03/2017 21:28:33 by RouterOS 6.38
# software id = 6QRW-GN7H
#
/interface bridge
add admin-mac=00:0C:42:E1:C1:A7 auto-mac=no mtu=1500 name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-full,100M-full,1000M-full name=\
    ether1-gateway rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether2 ] advertise=10M-full,100M-full,1000M-full name=\
    ether2-gateway rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether3 ] advertise=10M-full,100M-full,1000M-full name=\
    ether3-master-local rx-flow-control=auto speed=1Gbps tx-flow-control=auto
set [ find default-name=ether4 ] advertise=10M-full,100M-full,1000M-full master-port=\
    ether3-master-local name=ether4-slave-local rx-flow-control=auto speed=1Gbps \
    tx-flow-control=auto
set [ find default-name=ether5 ] advertise=10M-full,100M-full,1000M-full master-port=\
    ether3-master-local name=ether5-slave-local rx-flow-control=auto speed=1Gbps \
    tx-flow-control=auto
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=ether3-master-local
/interface bridge settings
set use-ip-firewall=yes
/ip settings
set rp-filter=strict tcp-syncookies=yes
/ip address
add address=x.x.x.x/x comment="default configuration" interface=ether3-master-local \
    network=x.x.x.x
add address=x.x.x.x/x interface=ether1-gateway network=x.x.x.x
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=\
    ether2-gateway use-peer-dns=no use-peer-ntp=no
/ip dhcp-server
add address-pool=default-dhcp lease-time=1h name=dhcp1
/ip dhcp-server network
add address=x.x.x.x/x comment="default configuration" dns-server=x.x.x.x \
    gateway=x.x.x.x
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=\
    x.x.x.x,x.x.x.x
/ip dns static
add address=x.x.x.x name=router
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=yes protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established \
    disabled=yes
add action=accept chain=input comment="default configuration" connection-state=related \
    disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes in-interface=\
    ether1-gateway
add action=accept chain=input comment=Management dst-address=192.168.88.1 in-interface=\
    bridge-local
add action=drop chain=input comment="Drop ICMP to gateway (OA)" in-interface=\
    ether1-gateway protocol=icmp
add action=drop chain=input comment="Drop ICMP to gateway (Time)" in-interface=\
    ether2-gateway protocol=icmp
add action=accept chain=input comment="Allow Established and related connections" \
    connection-state=established,related
add action=accept chain=input comment="IPTV multicast forwarding" disabled=yes protocol=\
    igmp
add action=accept chain=forward disabled=yes protocol=udp
add action=fasttrack-connection chain=forward comment=Fasttrack connection-state=\
    established,related
add action=accept chain=forward connection-state=established,related
add action=jump chain=forward comment="Make jumps to new chains" jump-target=tcp protocol=\
    tcp
add action=jump chain=forward jump-target=udp protocol=udp
add action=jump chain=forward jump-target=icmp protocol=icmp
add action=drop chain=input comment="Drop Invalid connections" connection-state=invalid
add action=drop chain=input comment="Drop everything else"
add action=drop chain=forward comment="Block \"bogon\" IP addresses" src-address=0.0.0.0/8
add action=drop chain=forward dst-address=0.0.0.0/8
add action=drop chain=forward src-address=127.0.0.0/8
add action=drop chain=forward dst-address=127.0.0.0/8
add action=drop chain=forward src-address=224.0.0.0/3
add action=drop chain=forward dst-address=224.0.0.0/3
add action=drop chain=tcp comment="deny TFTP" dst-port=69 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=111 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=yes dst-port=135 \
    protocol=tcp
add action=drop chain=tcp comment="deny NBT" disabled=yes dst-port=137-139 protocol=tcp
add action=drop chain=tcp comment="deny cifs" disabled=yes dst-port=445 protocol=tcp
add action=drop chain=tcp comment="deny NFS" dst-port=2049 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=12345-12346 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=20034 protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" dst-port=3133 protocol=tcp
add action=drop chain=tcp comment="deny DHCP" dst-port=67-68 protocol=tcp
add action=drop chain=udp comment="deny TFTP" dst-port=69 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=111 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=135 protocol=udp
add action=drop chain=udp comment="deny NBT" dst-port=137-139 protocol=udp
add action=drop chain=udp comment="deny NFS" dst-port=2049 protocol=udp
add action=drop chain=udp comment="deny BackOriffice" dst-port=3133 protocol=udp
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 protocol=tcp \
    src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" dst-limit=\
    1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h \
    chain=output content="530 Login incorrect" protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp \
    src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=\
    input connection-state=new dst-port=22 protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 protocol=tcp \
    src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
    chain=input comment="Port scanners to list " protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
    chain=input comment="NMAP FIN Stealth scan" protocol=tcp tcp-flags=\
    fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
    chain=input comment="SYN/FIN scan" protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
    chain=input comment="SYN/RST scan" protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
    chain=input comment="FIN/PSH/URG scan" protocol=tcp tcp-flags=\
    fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
    chain=input comment="ALL/ALL scan" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
    chain=input comment="NMAP NULL scan" protocol=tcp tcp-flags=\
    !fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" src-address-list=\
    "port scanners"
add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=icmp
add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="host unreachable" icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment="host unreachable fragmentation required" \
    icmp-options=3:4 protocol=icmp
add action=accept chain=icmp comment="allow source quench" icmp-options=4:0 protocol=icmp
add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment="deny all other types"
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=10.0.0.0/8 new-routing-mark=OA \
    passthrough=no
add action=mark-routing chain=prerouting dst-address=172.16.0.0/12 new-routing-mark=OA \
    passthrough=no
add action=mark-routing chain=prerouting dst-address=192.168.100.0/24 new-routing-mark=OA \
    passthrough=no
add action=mark-routing chain=prerouting disabled=yes dst-address=x.x.x.x \
    new-routing-mark=VPN passthrough=no
add action=mark-routing chain=prerouting disabled=yes dst-address=x.x.x.x \
    new-routing-mark=OA passthrough=no
add action=mark-routing chain=prerouting disabled=yes dst-address=x.x.x.x \
    new-routing-mark=Time passthrough=no
add action=mark-routing chain=prerouting content=x.x.x.x disabled=yes \
    new-routing-mark=OA passthrough=no
add action=mark-routing chain=prerouting new-routing-mark=Time passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=\
    ether1-gateway to-addresses=0.0.0.0
add action=masquerade chain=srcnat out-interface=ether2-gateway
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip pool
add name=default-dhcp next-pool=default-dhcp ranges=x.x.x.x/x
/ip route
add distance=1 gateway=x.x.x.x routing-mark=OA
add distance=1 gateway=ether2-gateway routing-mark=Time
/ip route rule
add dst-address=x.x.x.x/x table=main
add dst-address=x.x.x.x/x table=OA
add dst-address=x.x.x.x/x table=OA
add dst-address=1x.x.x.x/x table=OA
add routing-mark=OA table=OA
add routing-mark=Time table=Time
add routing-mark=VPN table=VPN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
/ip smb shares
set [ find default=yes ] disabled=yes
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 disabled=yes interface=ether2-gateway upstream=yes
add disabled=yes interface=bridge-local
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=x.x.x.x secondary-ntp=x.x.x.x
/system routerboard settings
set cpu-frequency=250MHz
/tool bandwidth-server
set enabled=no
/tool mac-server
add interface=ether2-gateway
add interface=ether3-master-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-gateway
add interface=ether3-master-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add
add interface=bridge-local
 
User avatar
nastitek
just joined
Posts: 7
Joined: Wed Jan 27, 2016 2:36 am
Location: PHILIPPINES

Re: v6.38 [current] is released!

Tue Jan 03, 2017 3:59 pm

Just upgraded to 6.38 HAP AC Lite.

Monitoring with Dude utilizes memory to 100% killing winbox 3.7 connection during this period.

Any recommendations?
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 998
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: v6.38 [current] is released!

Tue Jan 03, 2017 4:12 pm

RE: Important note!!!
To avoid STP/RSTP compatibility issues with older RouterOS versions upgrade RouterOS on all routers in Layer2 networks with VLAN and STP/RSTP configurations.


I sure wish I would of known about this issue prior to upgrading a dozen Mikrotiks last month. Because of spanning-tree issues, I had the biggest/longest network outage since starting my ISP business over 10 years ago.

North Idaho Tom Jones
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1721
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.38 [current] is released!

Tue Jan 03, 2017 5:04 pm

RE: Important note!!!
To avoid STP/RSTP compatibility issues with older RouterOS versions upgrade RouterOS on all routers in Layer2 networks with VLAN and STP/RSTP configurations.


I sure wish I would of known about this issue prior to upgrading a dozen Mikrotiks last month. Because of spanning-tree issues, I had the biggest/longest network outage since starting my ISP business over 10 years ago.

North Idaho Tom Jones
Last month? Full version with this feature was released only this year.
Did you upgrade your production network to Release Candidate version?? if yes, that outage is all on you, all on you.
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1219
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.38 [current] is released!

Tue Jan 03, 2017 6:01 pm

Something seems wrong with PPPoE upload:
ROS 6.38:
Image
ROS 6.36.4:
Image

Ignore download speed since it shows some variations due to network load.
For upload 13Mbps was the best result, having some tests peaking at 2-3Mbps.
Both are done on my RB1100AHx2 with the same configuration, repeated several times on multiple dynamic IPs, with the same behavior.
Speedtest server is local to my ISP. Maximum speed is 1Gb/200Mb.
ROS 6.37.3 was working OK, too.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
com2com
just joined
Posts: 2
Joined: Wed Jun 11, 2014 6:24 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 6:59 pm

Software 6.38 cpu usage for fasttrack connections very high. For example ( 951g-2hnd at 750mhz) bandwidth 300 Mbps 6.37.3 cpu usage 30-40, 6.38 cpu usage 80-85.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 7:54 pm

Something seems wrong with PPPoE upload:
Hmm on my RB2011 with my 50/24 VDSL it appears to be all normal, I achieve the expected upload rate.
(a bit below 24 Mbps)
 
User avatar
hknet
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Sun Jul 17, 2016 6:05 pm
Location: Vienna, Austria
Contact:

Re: The Dude, v6.38 [current] release.

Tue Jan 03, 2017 9:30 pm

any details on the obviously also new RouterBoard Firmware v.3.36?
 
User avatar
w32pamela
Member Candidate
Member Candidate
Posts: 125
Joined: Fri Jul 12, 2013 4:22 pm

Re: The Dude, v6.38 [current] release.

Tue Jan 03, 2017 10:10 pm

It is not possible in v6.38 to make a connection from a device configured as a CPE to an encrypted AP when using the Webfig Quick Set page. The link appears to broken between the Quick Set entries and the Security Profile.
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 10:12 pm

First of all happy new year and nice work on overall ipsec improvements.

But the password length is still capped to 31 characters, which creates incompatibility to previous versions with long xauth passwords
i wrote this here:
http://forum.mikrotik.com/viewtopic.php ... 86#p573186

please try to fix it :)
 
nje431
newbie
Posts: 41
Joined: Tue Sep 10, 2013 5:17 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 10:50 pm

Can you elaborate on the RSTP incompatibility? We've been using 6.30/6.34/6.36 for some time now between different devices without a problem, including inter-operating with another vendor (A few HP/Aruba 48 port switches). Does this change affect the inter-operability with other vendors?

Thanks.
 
Njumaen
newbie
Posts: 36
Joined: Wed Feb 24, 2016 8:41 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 10:54 pm

I had the following strange (???) behaviour:

RB3011 (6.36.4 bugfix) is connected to CRS125 (6.38 current).

Unless I set the STP protocol mode to "none" on the RB3011 local bridge they lose connection when I upgrade the RB3011 to 6.38

Is this intended? Why? What's the point I am missing?

Happy New Year to all,

Ralf.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 11:03 pm

Is this intended? Why? What's the point I am missing?
You forgot to read the release notes!!

Important note!!!
To avoid STP/RSTP compatibility issues with older RouterOS versions upgrade RouterOS on all routers in Layer2 networks with VLAN and STP/RSTP configurations.
 
sup5
Member
Member
Posts: 322
Joined: Sat Jul 10, 2010 12:37 am

Re: v6.38 [current] is released!

Tue Jan 03, 2017 11:41 pm

Today I found a severe bug with 6.38:
It will not (or at least incompletely) learn MAC-Addresses on a bridge connected to the master-port of a switch.

This totally might explain these issues.
 
nacer
just joined
Posts: 13
Joined: Mon Sep 27, 2010 9:08 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 11:43 pm

I had situation with 6.38 on my CRS
I have CRS-1009 router and CRS-125-24G switch. Both of them was ROS 6.37. I upgraded both to 6.38.
I am using Port based VLAN tagging described in http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN / example #1 on my CRS-125-24
After 6.38 and all IP traffic stopped on my switch. When I disabled Vlan taggings IP traffic started on my management LAN.

I downgraded to 6.37 and Vlan problem disappeared.

İs this the problem you mentioned "To avoid STP/RSTP compatibility issues with older RouterOS versions upgrade RouterOS on all routers in Layer2 networks with VLAN and STP/RSTP configurations."

Thank you.
 
User avatar
Cascuda
newbie
Posts: 30
Joined: Mon Jan 02, 2017 4:34 pm
Location: Spain
Contact:

Re: v6.38 [current] is released!

Tue Jan 03, 2017 11:57 pm

Hello,

After upgrade in the log appear: system, info, critical - memory overclocked. All device which is contain 128 MB memory.

Image

Devices affected in my network:
1x RB2011UiAS
2x CRS109-8G-1S-2HnD
2x CRS125-24G-1S

Devices not affected in my network:
2x RB3011UiAS

Thanks & Regards,
David
I've update the "RB2011UiAS" router from 6.37.2 to 6.38 and have same mistake when open the terminal of winbox. Any solution?
I return to a version safe 6.36.4 "Bugfix only"...
 
Njumaen
newbie
Posts: 36
Joined: Wed Feb 24, 2016 8:41 pm

Re: v6.38 [current] is released!

Wed Jan 04, 2017 12:16 am

Is this intended? Why? What's the point I am missing?
You forgot to read the release notes!!

Important note!!!
To avoid STP/RSTP compatibility issues with older RouterOS versions upgrade RouterOS on all routers in Layer2 networks with VLAN and STP/RSTP configurations.
Sure I did not forgot this!

The issues came *with* upgrading the RB3011. No upgrade - no issue... Still confused...
 
rgbiernat
just joined
Posts: 3
Joined: Mon Jan 10, 2011 6:54 pm

Re: v6.38 [current] is released!

Wed Jan 04, 2017 8:57 am

Just upgraded my shiny new HEX (RB750GR3) from v6.37.3 to latest stable v6.38. Unfortunately it did not come back. Instead it keeps beeping every 10sec.
I am not using any fancy stuff just natting between an telco edge router and my internal network. A reset did not work. Will try a Netinstall in a few minutes.
 
DuduZZZ
just joined
Posts: 6
Joined: Tue Aug 23, 2016 11:31 am
Location: Hungary

Re: v6.38 [current] is released!

Wed Jan 04, 2017 9:21 am

Hello,

After upgrade in the log appear: system, info, critical - memory overclocked. All device which is contain 128 MB memory.

Image

Devices affected in my network:
1x RB2011UiAS
2x CRS109-8G-1S-2HnD
2x CRS125-24G-1S

Devices not affected in my network:
2x RB3011UiAS

Thanks & Regards,
David
I've update the "RB2011UiAS" router from 6.37.2 to 6.38 and have same mistake when open the terminal of winbox. Any solution?
I return to a version safe 6.36.4 "Bugfix only"...
strods from MikroTik Support wrote:

Tue Jan 03, 2017 11:23 am
Do not worry about these overclocked messages - they are still work on progress. If you have not overclocked device manually, then there is no need to worry about that.
We are still improving this feature.
 
User avatar
Cascuda
newbie
Posts: 30
Joined: Mon Jan 02, 2017 4:34 pm
Location: Spain
Contact:

Re: v6.38 [current] is released!

Wed Jan 04, 2017 9:36 am

strods from MikroTik Support wrote:

Tue Jan 03, 2017 11:23 am
Do not worry about these overclocked messages - they are still work on progress. If you have not overclocked device manually, then there is no need to worry about that.
We are still improving this feature.
Thanks DuduZZZ, I read the comment of Mikrotik Support but I prefere usage a version safe where don't show any error.
 
becs
MikroTik Support
MikroTik Support
Posts: 479
Joined: Thu Jul 07, 2011 8:26 am

Re: v6.38 [current] is released!

Wed Jan 04, 2017 10:00 am

Can you elaborate on the RSTP incompatibility? We've been using 6.30/6.34/6.36 for some time now between different devices without a problem, including inter-operating with another vendor (A few HP/Aruba 48 port switches). Does this change affect the inter-operability with other vendors?

Thanks.
Previously RSTP in RouterOS bridges worked more like a per-VLAN RSTP and caused troubles with standard RSTP with VLANs.
Since most enterprise level switches understand RPVST, likely, there were not any compatibility problems with older RouterOS versions.
 
becs
MikroTik Support
MikroTik Support
Posts: 479
Joined: Thu Jul 07, 2011 8:26 am

Re: v6.38 [current] is released!

Wed Jan 04, 2017 10:21 am

Njumaen - please generate supout files on your RB3011 and CRS125 and send them to support@mikrotik.com

nacer - please generate supout files on your CCR1009 and CRS125 send and them to support@mikrotik.com
 
Njumaen
newbie
Posts: 36
Joined: Wed Feb 24, 2016 8:41 pm

Re: v6.38 [current] is released!

Wed Jan 04, 2017 10:33 am

And there is another issue

RB3011 (my router) on 6.38 download max. 3.25 Mbps
installed 3.63.4 results in max. 110 Mbps as to be explected
tripple checked - same result.
no queues
upload max both approx 8Mbps..

So for my part I'll stick on the bugfix only on the RB3011...

Image
Image

Update 1: digging deeper...

Usually my Mac is connected to the CRS125 that is connected to the RB3011 by a bonding Interface.

Connecting the Mac to the RB3011 and performing the same test this is what I get

Image

Perfect!!! Cannot expect a better download!

Update 2: deeper...

Pinging RB3011 from Mac connected to CRS125
Disabled the bonding interface
Conncection lost... as expected
Connected both by a single cable...
Connection. One ping.. Connection lost! Red October??? "only ONE ping!!!"
Ahhh... Port on CRS125 has a flapping "learning" at bridge port status
Setting STP protocol mode of bridge to "none"
Connection! Lots of pings...
Speedof.me is nearly perfect!!! I 118 MBps down.. I skip the picture...
(Remember: RB3011 on 6.36.4 - CRS125 on 6.38)

Update 3: nothing gonna stop me now...

Upgrade RB3011 to 6.38
STP protocol mode of bridge is already set to "none"
no ping problem
Speedof.me is horrible again! Max 2.8MBps down :( I skip the picture.


works for me:

RB3011 on 6.36.4
CRS125 on 6.38
STP protocol mode of both bridges set to "none"

@Mikrotik - it is so awesome how easily one can switch the routeros releases! \o/
Last edited by Njumaen on Wed Jan 04, 2017 12:10 pm, edited 3 times in total.
 
csi
newbie
Posts: 31
Joined: Wed Mar 02, 2016 10:05 am

Re: v6.38 [current] is released!

Wed Jan 04, 2017 11:32 am

I had situation with 6.38 on my CRS
I have CRS-1009 router and CRS-125-24G switch. Both of them was ROS 6.37. I upgraded both to 6.38.
I am using Port based VLAN tagging described in http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN / example #1 on my CRS-125-24
After 6.38 and all IP traffic stopped on my switch. When I disabled Vlan taggings IP traffic started on my management LAN.

I downgraded to 6.37 and Vlan problem disappeared.

İs this the problem you mentioned "To avoid STP/RSTP compatibility issues with older RouterOS versions upgrade RouterOS on all routers in Layer2 networks with VLAN and STP/RSTP configurations."

Thank you.

I had the same issue, tagged VLANs between CRS and Routerboard. I have configured the CRS as described in the Wiki, but it does not work with 6.38. What I have done is to build a bridge on the RB and put the ether-interface which is connected to the CRS in that bridge. At the end there is one bridge with one interface. Or if you have more connections to CRS devices you should implement different bridges per ether interfaces. Then the connections in the VLANs works as expected. Second a build also a one bridge for one interface on the CRS and then it works as described within the wiki.

Build the bridge per tagged VLAN does not work in this case. It need to be the ether interfaces on both sites. Hopefully that helps you.


Cheers
csi
 
majestic
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Mon Dec 05, 2016 11:19 am

Re: v6.38 [current] is released!

Wed Jan 04, 2017 11:38 am

Just upgraded my shiny new HEX (RB750GR3) from v6.37.3 to latest stable v6.38. Unfortunately it did not come back. Instead it keeps beeping every 10sec.
I am not using any fancy stuff just natting between an telco edge router and my internal network. A reset did not work. Will try a Netinstall in a few minutes.
Hi there,

I also have several of these routers (RB750Gr3's) and as much as I really would love to upgrade to this version, I am a little worried of potentially bricking them thus leaving me without connectivity. Could you please let me know if the netinstall managed to rescue your device or not and also has anyone else with this same version suffered the same problem or is this just one rare occasion?

Really would appreciate you or others to confirm if there is a serious problem with this upgrade on RB750Gr3.

Thanks in advance.
 
onnoossendrijver
Member
Member
Posts: 418
Joined: Mon Jul 14, 2008 11:10 am
Location: The Netherlands

Re: v6.38 [current] is released!

Wed Jan 04, 2017 12:25 pm

Really would appreciate you or others to confirm if there is a serious problem with this upgrade on RB750Gr3.

Thanks in advance.
I experienced no problems when upgrading my RB750Gr3 from version 6.37.3 to version 6.38
Linux/network engineer: ITIL, LPI1, CCNA R+S, CCNP R+S, JNCIA, JNCIS-SEC
 
vitaliyy
just joined
Posts: 2
Joined: Wed Jan 04, 2017 12:20 pm

Re: v6.38 [current] is released!

Wed Jan 04, 2017 12:28 pm

Updating to 6.38 fastrack is broken, maximum download and upload speed is 150 Mbits, after downgraded to 6.37.3 all ok, speed about 800-850 Mbits
 
majestic
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Mon Dec 05, 2016 11:19 am

Re: v6.38 [current] is released!

Wed Jan 04, 2017 12:39 pm

Really would appreciate you or others to confirm if there is a serious problem with this upgrade on RB750Gr3.

Thanks in advance.
I experienced no problems when upgrading my RB750Gr3 from version 6.37.3 to version 6.38
Thanks very much for letting me know.
 
Note
newbie
Posts: 49
Joined: Fri Jun 03, 2016 12:39 pm

Re: v6.38 [current] is released!

Wed Jan 04, 2017 1:57 pm

i get in logs a critical system error "memory overclocked"
 
majestic
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Mon Dec 05, 2016 11:19 am

Re: v6.38 [current] is released!

Wed Jan 04, 2017 2:00 pm

i get in logs a critical system error "memory overclocked"
Mikrotik has confirmed to ignore it if you haven't manually overlocked it. Its a feature they are improving on.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3425
Joined: Mon May 31, 2004 2:55 pm

Re: v6.38 [current] is released!

Wed Jan 04, 2017 2:39 pm

Updating to 6.38 fastrack is broken, maximum download and upload speed is 150 Mbits, after downgraded to 6.37.3 all ok, speed about 800-850 Mbits
What device you are testing the fasttrack?
Please report to support@mikotik.com with a support output file attached.
 
Boter
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Sat Sep 08, 2012 9:55 pm
Contact:

Re: v6.38 [current] is released!

Wed Jan 04, 2017 2:41 pm

For now everything runs smoothly and as expected. I still dont use it for wifi p2p or p2mp links, because of wifi "problems", on other devices as I said - works great
 
Mazutti
newbie
Posts: 27
Joined: Sat Jun 21, 2014 4:12 am

Re: v6.38 [current] is released!

Wed Jan 04, 2017 3:01 pm

Just upgraded my shiny new HEX (RB750GR3) from v6.37.3 to latest stable v6.38. Unfortunately it did not come back. Instead it keeps beeping every 10sec.
I am not using any fancy stuff just natting between an telco edge router and my internal network. A reset did not work. Will try a Netinstall in a few minutes.
Hi there,

I also have several of these routers (RB750Gr3's) and as much as I really would love to upgrade to this version, I am a little worried of potentially bricking them thus leaving me without connectivity. Could you please let me know if the netinstall managed to rescue your device or not and also has anyone else with this same version suffered the same problem or is this just one rare occasion?

Really would appreciate you or others to confirm if there is a serious problem with this upgrade on RB750Gr3.

Thanks in advance.
Had no problems upgrading my RB750Gr3 to 6.38, only difference from the described, is that I upgraded from 6.38rc52.
 
majestic
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Mon Dec 05, 2016 11:19 am

Re: v6.38 [current] is released!

Wed Jan 04, 2017 3:03 pm

Just upgraded my shiny new HEX (RB750GR3) from v6.37.3 to latest stable v6.38. Unfortunately it did not come back. Instead it keeps beeping every 10sec.
I am not using any fancy stuff just natting between an telco edge router and my internal network. A reset did not work. Will try a Netinstall in a few minutes.
Hi there,

I also have several of these routers (RB750Gr3's) and as much as I really would love to upgrade to this version, I am a little worried of potentially bricking them thus leaving me without connectivity. Could you please let me know if the netinstall managed to rescue your device or not and also has anyone else with this same version suffered the same problem or is this just one rare occasion?

Really would appreciate you or others to confirm if there is a serious problem with this upgrade on RB750Gr3.

Thanks in advance.
Had no problems upgrading my RB750Gr3 to 6.38, only difference from the described, is that I upgraded from 6.38rc52.
Awesome, thank you for the confirmation and as soon as I get home, I will update mine.

Thanks again everyone who's put my mind at ease.
 
nje431
newbie
Posts: 41
Joined: Tue Sep 10, 2013 5:17 pm

Re: v6.38 [current] is released!

Wed Jan 04, 2017 3:26 pm

Can you elaborate on the RSTP incompatibility? We've been using 6.30/6.34/6.36 for some time now between different devices without a problem, including inter-operating with another vendor (A few HP/Aruba 48 port switches). Does this change affect the inter-operability with other vendors?
Q
Thanks.
Previously RSTP in RouterOS bridges worked more like a per-VLAN RSTP and caused troubles with standard RSTP with VLANs.
Since most enterprise level switches understand RPVST, likely, there were not any compatibility problems with older RouterOS versions.
Thanks for the explanation. Currently we use straight up RSTP, but I can see a day coming when we could benefit from using MSTP. Any plans to add that option?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.38 [current] is released!

Wed Jan 04, 2017 3:30 pm

First of all happy new year and nice work on overall ipsec improvements.

But the password length is still capped to 31 characters, which creates incompatibility to previous versions with long xauth passwords
i wrote this here:
http://forum.mikrotik.com/viewtopic.php ... 86#p573186

please try to fix it :)
It is fixed, I have no problems using 33character passwords and longer. Contact support with supout file if you still cannot use longer passwords.
 
vitaliyy
just joined
Posts: 2
Joined: Wed Jan 04, 2017 12:20 pm

Re: v6.38 [current] is released!

Wed Jan 04, 2017 3:34 pm

Updating to 6.38 fastrack is broken, maximum download and upload speed is 150 Mbits, after downgraded to 6.37.3 all ok, speed about 800-850 Mbits
What device you are testing the fasttrack?
Please report to support@mikotik.com with a support output file attached.
model: RouterBOARD 962UiGS-5HacT2HnT
support output file contains pre-shared key in clear text format I will not send it
v 6.7.3
ImageImage
CPU load 85-90%
and after update
v 6.8
ImageImage
and CPU load 100%
 
uldis
MikroTik Support
MikroTik Support
Posts: 3425
Joined: Mon May 31, 2004 2:55 pm

Re: v6.38 [current] is released!

Wed Jan 04, 2017 3:37 pm

vitaliyy, please provide the export file to support@mikrotik.com from both versions (you can replace the pre-shared keys in those files).
At least on my spare hAP AC router I got 500/700Mbps (download/upload), I hit ISP bandwidth limit.
 
majestic
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Mon Dec 05, 2016 11:19 am

Re: v6.38 [current] is released!

Wed Jan 04, 2017 7:48 pm

Hi Guys,

I have just received another RB750Gr3 in the post today and I decided to update the firmware and rOS as the first things I do before configuring it. After doing the upgrade(s) I started to adjust the packages which are installed by default as there are a few which isn't so useful to me like wireless and hotspot as it doesn't have wireless in this model.

I then just found that there is a very small graphical bug with the icon that is used for disabled packages.

I am enclosing a screenshot below which shows the disabled missing graphic.

https://www.dropbox.com/s/8xhlamew8y1yi ... 0.png?dl=0

If you look at my existing router (same one but previous rOS version, you will see its much neater graphic.

https://www.dropbox.com/s/u107oxfziubmd ... 4.png?dl=0

Im sure its just an oversight that the main image seems to have a bad graphic.

HTH
 
User avatar
ErfanDL
Member Candidate
Member Candidate
Posts: 280
Joined: Thu Sep 29, 2016 9:13 am
Location: IRAN
Contact:

Re: v6.38 [current] is released!

Wed Jan 04, 2017 8:29 pm

I upgrade my hap lite to 6.38 and upgrade firmware to 3.36 whats chanelog in new firmware version 3.36 for hap lite?

Sent from my C6833 using Tapatalk
 
dadoremix
Member Candidate
Member Candidate
Posts: 118
Joined: Sat May 14, 2011 11:31 am

Re: v6.38 [current] is released!

Wed Jan 04, 2017 9:26 pm

Every update new problems
When was 5.x no problems with updates
6.1x was last stable, future realese fix on fix
I have also hex r3 with vlan bridge and problems
5ghz sxt ap lvl4 update to 6,38 and die
Maybe config conflict?
But he is in bridge and no other config
Bad bad and bad


Sent from my iPhone using Tapatalk Pro
 
storp
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Tue Nov 24, 2015 2:53 pm

Re: v6.38 [current] is released!

Wed Jan 04, 2017 11:52 pm

After updating RB2011 I got issues with flapping sfp-port. All worked fine before on 6.37.3 and now I reverted back to bugfix only and all is fine again.
 
LexaKnyazev
just joined
Posts: 2
Joined: Fri Dec 19, 2014 4:53 pm

Re: v6.38 [current] is released!

Thu Jan 05, 2017 12:13 am

ROS: v6.38
RB: CRS125-24G-1S-2HnD and 2011UiAS (both 3.33)

WebFig doesn't allow to set "Profile" property for L2TP-Client or PPTP-Client interfaces. WinBox (3.7) works as expected.

Steps to reproduce:
  1. Open WebFig
  2. Interfaces -> Add New -> PPTP Client
  3. Fill in "Connect To" and "User" fields
  4. Select "default-encryption" in "Profile"
  5. Click "Apply"
  6. Profile switches to "default".
 
Abdock
Member Candidate
Member Candidate
Posts: 252
Joined: Sun Sep 25, 2005 10:50 pm

Re: The Dude, v6.38 [current] release.

Thu Jan 05, 2017 7:20 am

Most of our 1100Ax2 are freezing and have to be power cycled.
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.38 [current] is released!

Thu Jan 05, 2017 3:22 pm

It was not fixed for my situation, when the main site was 6.38 and the clients were still 6.37.3.
It was "fixed" by upgrading every router to 6.38 which was not planned this day.
This still means that IPsec with xAuth and a password longer than 31 Chars is treated differently in ROS 6.37.3 than in 6.38 which leads to problems when "old" clients try to connect.
First of all happy new year and nice work on overall ipsec improvements.

But the password length is still capped to 31 characters, which creates incompatibility to previous versions with long xauth passwords
i wrote this here:
http://forum.mikrotik.com/viewtopic.php ... 86#p573186

please try to fix it :)
It is fixed, I have no problems using 33character passwords and longer. Contact support with supout file if you still cannot use longer passwords.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.38 [current] is released!

Thu Jan 05, 2017 3:34 pm

Thanks, we will look into this problem
 
R1CH
Forum Veteran
Forum Veteran
Posts: 904
Joined: Sun Oct 01, 2006 11:44 pm

Re: v6.38 [current] is released!

Thu Jan 05, 2017 3:54 pm

Updating to 6.38 fastrack is broken, maximum download and upload speed is 150 Mbits, after downgraded to 6.37.3 all ok, speed about 800-850 Mbits
Fasttrack is working fine for me on a RB951G-2HnD in a simple home NAT setup. Maybe something else in your config is causing it.
 
zinkpad
just joined
Posts: 16
Joined: Fri Jun 26, 2015 11:24 pm

Re: v6.38 [current] is released!

Thu Jan 05, 2017 6:13 pm

Hi all,

I updated my RB951G-2HnD to 6.38 version and I have an issue with my laptop (ThinkPad T420s), it's connects fine to my WLAN but it's disconnected after 5min. aprox.

Watching the log I can see a lot of entries like this:

Jan/05/2017 16:20:40 xx:xx:xx:xx:xx:xx@wlan1: connected
Jan/05/2017 16:20:55 xx:xx:xx:xx:xx:xx@wlan1: reassociating
Jan/05/2017 16:20:55 xx:xx:xx:xx:xx:xx@wlan1: disconnected, ok
Jan/05/2017 16:20:55 xx:xx:xx:xx:xx:xx@wlan1: connected
Jan/05/2017 16:21:05 xx:xx:xx:xx:xx:xx@wlan1: reassociating
Jan/05/2017 16:21:05 xx:xx:xx:xx:xx:xx@wlan1: disconnected, ok
Jan/05/2017 16:21:05 xx:xx:xx:xx:xx:xx@wlan1: connected
....

I rebooted the router and the issue it's not gone, finally I downgraded it to 6.37.3 and it's working fine again.

(the laptop has been in the same place all the time).

Regards.
Software developer
GitHub profile: https://github.com/zinkpad
 
AlexN
Frequent Visitor
Frequent Visitor
Posts: 82
Joined: Thu Feb 18, 2010 11:02 am

Re: v6.38 [current] is released!

Thu Jan 05, 2017 10:07 pm

Changes with RSTP is a complete disaster!!! IMHO such changes are not the subject for release branch! RPVST was great approach with high level of flexibility. Now if we just update all our routers in L2 segment it won't work at all (fortunately tested on the table) and I'm talking about network that comes across few cities not a few offices!

And tell me what should I do with this situation now?

Upgrade to future versions is not possible without almost complete redo of L2 logic of whole network. With RPVST it was also possible to assign different bridges as root for vlans that have same parent interface and yes you may need it in some situations. Now this doesn't work.

Please, revert this changes back!!! Put it to some beta ROS version first, give it good tests with feedbacks and provide same functionality with minimum reconfiguration required. Otherwise it turns for us into hell, really. Especially if similar "surprises" will come in future releases in the branch that considered as production branch.
 
MartijnVdS
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Wed Aug 13, 2014 9:36 am

Re: v6.38 [current] is released!

Thu Jan 05, 2017 10:53 pm

Put it to some beta ROS version first, give it good tests with feedbacks and provide same functionality with minimum reconfiguration required.
It's been in an RC version for months. It's now in the "current" release channel. If you need the old functionality, there's the "bugfix only" channel.
 
killersoft
Member Candidate
Member Candidate
Posts: 135
Joined: Mon Apr 11, 2011 2:34 pm
Location: Victoria, Australia
Contact:

Re: v6.38 [current] is released!

Fri Jan 06, 2017 12:49 am

Installed 6.38 to a 50+ device mix of MT routers/crs devices(~50%) and AP's(~50%) from v6.37.1.

Had 3x devices die from a 6.37.1 ->6.38 upgrade ( 1xRBwAP2nD & 2xRB912UAG-2HPnD), had to net-install to fix.

*** Had ALL 5x RB2011UiAS 2x CRS125-24G-1S give a WARNING in the log about OVERCLOCKED RAM at boot.

I am in process of rolling back all 50+ MT devices to 6.37.3..
MIT, BIT, ITIL, CERT IV Electronics.
 
Mazutti
newbie
Posts: 27
Joined: Sat Jun 21, 2014 4:12 am

Re: v6.38 [current] is released!

Fri Jan 06, 2017 4:01 am

On RB750Gr3, where I have two PPPoE links to ISP, if I disable the secondary one, I can´t reenable it (tried through winbox, winbox "new terminal" and ssh).

Log shows the initializing/connecting messages, but nothing else, and the interface won´t go up / get ip address. Log shows this entries just once every time I put the PPPoE client down/up.

Anyway, can´t reboot or put the main PPPoE client down now, but I will do ASAP and report back.
 
cheeze
Member Candidate
Member Candidate
Posts: 146
Joined: Tue Jul 31, 2012 7:44 am

Re: v6.38 [current] is released!

Fri Jan 06, 2017 4:44 am

To all who have upgraded to 6.38 I just wanted to give some info on what I have found.

I have found that I needed to rediscover all of my devices for 6.38 as I lost all SNMP graphing/oids that were CPU, temperatures, and voltages. However it was quickly fixed with a full rediscovery of the device.

I just wanted to give everyone a heads up that have upgraded.
 
User avatar
zipvault
Member Candidate
Member Candidate
Posts: 144
Joined: Fri Dec 23, 2016 8:15 am

Re: v6.38 [current] is released!

Fri Jan 06, 2017 4:49 am

ZipVault
 
Miracle
Member Candidate
Member Candidate
Posts: 106
Joined: Fri Sep 11, 2015 9:04 am

Re: v6.38 [current] is released!

Fri Jan 06, 2017 6:01 am

Changes with RSTP is a complete disaster!!! IMHO such changes are not the subject for release branch! RPVST was great approach with high level of flexibility. Now if we just update all our routers in L2 segment it won't work at all (fortunately tested on the table) and I'm talking about network that comes across few cities not a few offices!

And tell me what should I do with this situation now?

Upgrade to future versions is not possible without almost complete redo of L2 logic of whole network. With RPVST it was also possible to assign different bridges as root for vlans that have same parent interface and yes you may need it in some situations. Now this doesn't work.

Please, revert this changes back!!! Put it to some beta ROS version first, give it good tests with feedbacks and provide same functionality with minimum reconfiguration required. Otherwise it turns for us into hell, really. Especially if similar "surprises" will come in future releases in the branch that considered as production branch.
I got a nightmare after upgrade ccr1009 & crs125 to 6.38.
All vlan via switchip error.
They should be test carefully more before release this to stable version
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.38 [current] is released!

Fri Jan 06, 2017 7:59 am

I found several other bugs:

RB2011 with NTP-Package is losing the correct time while displaying "synchronized" after a while, it does not matter if I enter another routerboard or official NTP-Servers. (Standard System-SNTP not tested, as I need the NTP-Server portion)

IPsec xAuth with Mode Config (ROS as Client): sometimes after a SA-Rekey the devices are losing their IP-Adresses and are not getting them back until ich do a manual peer "kill connections" which is obviously not the way to go. Until is do this, they have no IP-Address on the Interface making the tunnel anymore and display an invalid policy while at the same time having another identical dynamic policy which is not working because of the missing IP-Address.
 
kiler129
Member Candidate
Member Candidate
Posts: 228
Joined: Tue Mar 31, 2015 4:32 pm
Contact:

Re: v6.38 [current] is released!

Fri Jan 06, 2017 9:14 am

What's the upgrade scenario for CAPsMAN controller and devices?

Currently CAP<->Controller communication is done on VLAN, so if I go and upgrade controller I will loose communication with CAPs. If I upgrade CAP it will no longer connect to controller.
Am I missing something?
 
DuduZZZ
just joined
Posts: 6
Joined: Tue Aug 23, 2016 11:31 am
Location: Hungary

Re: v6.38 [current] is released!

Fri Jan 06, 2017 10:27 am

Installed 6.38 to a 50+ device mix of MT routers/crs devices(~50%) and AP's(~50%) from v6.37.1.
Had 3x devices die from a 6.37.1 ->6.38 upgrade ( 1xRBwAP2nD & 2xRB912UAG-2HPnD), had to net-install to fix.
*** Had ALL 5x RB2011UiAS 2x CRS125-24G-1S give a WARNING in the log about OVERCLOCKED RAM at boot.
I am in process of rolling back all 50+ MT devices to 6.37.3..
strods from MikroTik Support wrote:

Tue Jan 03, 2017 11:23 am
Do not worry about these overclocked messages - they are still work on progress. If you have not overclocked device manually, then there is no need to worry about that.
We are still improving this feature.

Please read the topic above.

73/dx
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Fri Jan 06, 2017 10:38 am

RB2011 with NTP-Package is losing the correct time while displaying "synchronized" after a while, it does not matter if I enter another routerboard or official NTP-Servers. (Standard System-SNTP not tested, as I need the NTP-Server portion)
On my 2011 it works OK. Primary NTP server on the LAN, secondary on the internet.
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.38 [current] is released!

Fri Jan 06, 2017 10:40 am

are you using the separate NTP Package or integrated SNTP-Client?
RB2011 with NTP-Package is losing the correct time while displaying "synchronized" after a while, it does not matter if I enter another routerboard or official NTP-Servers. (Standard System-SNTP not tested, as I need the NTP-Server portion)
On my 2011 it works OK. Primary NTP server on the LAN, secondary on the internet.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Fri Jan 06, 2017 11:04 am

The NTP package of course, that is what you are talking about.
From my own local server I have also added the router as a reference and I see this:
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
x127.127.8.0     .DCFa.           0 l   73   64  356    0.000   -1.904 2049498
+127.127.28.0    .GPS.            0 l    8   16  377    0.000   13.589   0.187
*127.127.28.1    .PPS.            0 l    7   16  377    0.000   -0.002   0.002
 192.168.1.1     192.168.1.3      2 u   34   64  377    0.213   -1.042   0.033

So it is synchronized.
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.38 [current] is released!

Fri Jan 06, 2017 11:19 am

thats odd that it is working in your environment
but it was already odd that the 2011 was the only device in the network with this problem.

a periodic "restart" of ntp (disable+delay+enable) solves the problem at the moment for about 5 minutes as the clock deviates again
devices that are using this ntp-server are still getting bad packets with "server-not-synchronized"
 
zcache
just joined
Posts: 3
Joined: Mon Dec 29, 2014 5:20 am

Re: v6.38 [current] is released!

Fri Jan 06, 2017 12:05 pm

Hi all,
After upgrade to 6.38, I feel my routerbox temperature too high than before. As I often check before upgraded the temperature about 50-51 but now it is 60-62, anybody have same with me?
My box is: RB850Gx2, already downgrade cpu speed to 400MHz but not effective.
 
User avatar
willianwrm
just joined
Posts: 5
Joined: Mon Jun 06, 2016 8:54 pm
Location: -21.2330138,-44.9962488
Contact:

Re: v6.38 [current] is released!

Fri Jan 06, 2017 12:30 pm

Today I found a severe bug with 6.38:
It will not (or at least incompletely) learn MAC-Addresses on a bridge connected to the master-port of a switch.
I did notice this bug too: because of not learning MAC-Addresses on the bridge all packets are being broadcasted! My VPN is getting all the ether-master packets.

In the bridge there is only one MAC learned from ether2, but there are a lot of MAC in ARP Table:
Image

The good news are:
What's new in 6.39rc7 (2017-Jan-05 12:24):
*) bridge - fixed MAC address learning from switch master-port;
 
MartijnVdS
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Wed Aug 13, 2014 9:36 am

Re: v6.38 [current] is released!

Fri Jan 06, 2017 2:19 pm

Hi all,
After upgrade to 6.38, I feel my routerbox temperature too high than before. As I often check before upgraded the temperature about 50-51 but now it is 60-62, anybody have same with me?
My box is: RB850Gx2, already downgrade cpu speed to 400MHz but not effective.
From the changelog:

*) rb850Gx2 - fixed pcb temperature monitor if temperature was above 60C;
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Fri Jan 06, 2017 3:08 pm

a periodic "restart" of ntp (disable+delay+enable) solves the problem at the moment for about 5 minutes as the clock deviates again
devices that are using this ntp-server are still getting bad packets with "server-not-synchronized"
Maybe your clock crystal is too far off to keep synchronized.
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.38 [current] is released!

Fri Jan 06, 2017 3:21 pm

i did another reboot of the device
now the time stays correct and the other router syncs with this NTP server
i hope it stays that way :)
a periodic "restart" of ntp (disable+delay+enable) solves the problem at the moment for about 5 minutes as the clock deviates again
devices that are using this ntp-server are still getting bad packets with "server-not-synchronized"
Maybe your clock crystal is too far off to keep synchronized.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Fri Jan 06, 2017 4:35 pm

unfortunately the MikroTik NTP does not implement the management interface so it is difficult to see what is going on inside.
(of course, if it would be implemented, it would require subnet permission settings like in the SNMP service, or else it
would be abused for DDOS)
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.38 [current] is released!

Fri Jan 06, 2017 4:46 pm


IPsec xAuth with Mode Config (ROS as Client): sometimes after a SA-Rekey the devices are losing their IP-Adresses and are not getting them back until ich do a manual peer "kill connections" which is obviously not the way to go. Until is do this, they have no IP-Address on the Interface making the tunnel anymore and display an invalid policy while at the same time having another identical dynamic policy which is not working because of the missing IP-Address.
Thanks problem confirmed, will try to fix in next v6.39rc version
 
kujo
Member Candidate
Member Candidate
Posts: 158
Joined: Sat Jun 18, 2016 10:17 am
Location: Ukraine

v6.38 [current] is released!

Fri Jan 06, 2017 6:32 pm

Who then tested the limit of connections? it seems that the filter rule is not working with him! CHR 6.38
/ip firewall filter add connection-state=new chain=forward connection-nat-state=dst-nat dst-port=443 connection-limit=100,32 
Sorry! Work well!! Need add not! To connection-limit

Sent from my iPhone using Tapatalk
Last edited by kujo on Fri Jan 06, 2017 6:32 pm, edited 1 time in total.
 
sup5
Member
Member
Posts: 322
Joined: Sat Jul 10, 2010 12:37 am

Re: v6.38 [current] is released!

Fri Jan 06, 2017 8:05 pm

Important note!!!
To avoid STP/RSTP compatibility issues with older RouterOS versions upgrade RouterOS on all routers in Layer2 networks with VLAN and STP/RSTP configurations.
Is there a detailed description how (PV)(R)STP was handled prior ROS 6.38 versus it is being handled with ROS 6.38?

There should be a global setting to restore the old behaviour.
There are large networks which don't use the switch-chip-feature at all and cannot be upgraded at once.
 
kevini
just joined
Posts: 3
Joined: Fri Jan 06, 2017 8:37 pm

Re: v6.38 [current] is released!

Fri Jan 06, 2017 9:25 pm

I have the same issue with the Fasttrack on 6.38. With 6.37.3 I had my full 250mbit internet speed without any issues. With 6.38 it dropped to 30Mbit the packets are going through the FP but not at the rates expected.

I have 2 x Hex Gr2's and I use EOIP with IPsec between them. This cannot use the FP but with 6.38 this seems to make all the packets slow. When I disable the EOIP tunnel the speed comes back immediately.

I upgraded to 6.39rc and it works fine again with the EOIP tunnel. So it is either fixed or not merged from 6.38 yet.

Any suggestions? I'm going to upgrade to GR3's in the future to have everything on the FP but since my Comcast upload limits the speed for now it was not needed.
 
mariuslazar
just joined
Posts: 7
Joined: Wed Oct 12, 2016 4:06 pm

Re: v6.38 [current] is released!

Fri Jan 06, 2017 9:55 pm

Software 6.38 cpu usage for fasttrack connections very high. For example ( 951g-2hnd at 750mhz) bandwidth 300 Mbps 6.37.3 cpu usage 30-40, 6.38 cpu usage 80-85.
My 951G dropped from 305 Mb/s with ~50% CPU (6.37.3) to 210 Mb/s with 100% CPU (6.38). I had to downgrade to keep the speed up.

If I check the profiler I can see the "networking" is taking ~30%. On 6.37.3 it was about 1% on full speed.
 
AlexN
Frequent Visitor
Frequent Visitor
Posts: 82
Joined: Thu Feb 18, 2010 11:02 am

Re: v6.38 [current] is released!

Sat Jan 07, 2017 12:19 am

There should be a global setting to restore the old behaviour.
There are large networks which don't use the switch-chip-feature at all and cannot be upgraded at once.
Totally agree. MikroTik team, please, implement this feature. This would be really helpful.
 
kubisek78
just joined
Posts: 1
Joined: Sat Jan 07, 2017 9:53 am

Re: v6.38 [current] is released!

Sat Jan 07, 2017 10:12 am

Another:

I have RB450G (router1/ovpn server) and 2011UAS (router2/client1) and RB751G (router3/client2). LAN networks of all routers are bridged over OVPN at the server side (and client1+client2 are bridged over EoIP beacause they are in same WAN).
I have found (after upgrading to 6.38 on all RBs) when any client is connected to the OVPN server, the download speed at the router1/server drops to approx 1Mbps (normally DSL 20/2).
When all ovpn clients are disconnected, the spped goes back to 20/2.
I also have found when any of the ovpn clients is connected, there is a lot of upload traffic through DSL pppoe interface. When I "cut" all clients, traffic dissapear and download speed rise to 20 Mb.

Reverting back to 6.37.3 - works perfectly.
 
ryan0803
just joined
Posts: 2
Joined: Sat Jan 07, 2017 12:11 pm
Contact:

Re: v6.38 [current] is released!

Sat Jan 07, 2017 12:48 pm

I had situation with 6.38 on my CRS
I have CRS-1009 router and CRS-125-24G switch. Both of them was ROS 6.37. I upgraded both to 6.38.
I am using Port based VLAN tagging described in http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN / example #1 on my CRS-125-24
After 6.38 and all IP traffic stopped on my switch. When I disabled Vlan taggings IP traffic started on my management LAN.

I downgraded to 6.37 and Vlan problem disappeared.

İs this the problem you mentioned "To avoid STP/RSTP compatibility issues with older RouterOS versions upgrade RouterOS on all routers in Layer2 networks with VLAN and STP/RSTP configurations."

Thank you.

i have the same problem

i downgrade to 6.37.1 all problem just vanish
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Sat Jan 07, 2017 12:56 pm

Please can 6.37.x be made the bugfix release?
There has to be a convenient way to update routers to this version that proves to be quite stable,
and avoid the current problems with 6.38 without having to go back to 6.36.4
 
darkprocess
Member Candidate
Member Candidate
Posts: 253
Joined: Fri Mar 20, 2015 1:16 pm

Re: v6.38 [current] is released!

Sat Jan 07, 2017 3:40 pm

There is some performance issues on 6.38
On my RB3011
ROS 6.37.3
Download 900Mb/s
Upload 200Mb/s
CPU 14% during speedtest

ROS 6.37.3
Download 260Mb/s
Upload 200Mb/s
CPU 67% during speedtest

I'm back to 6.37.3
 
heviejob
Member Candidate
Member Candidate
Posts: 168
Joined: Mon Nov 30, 2009 4:54 pm

Re: v6.38 [current] is released!

Sat Jan 07, 2017 8:48 pm

I had the same issue between rb750GL and rb850Gx2. After update to 6.83 on both PPPoE connections over VLANS stopped working. I fiddled for about an hour trying to get the VLANs to work and had to roll back to restore service. I think the changelog needs to be more detailed when such far-reaching changes are done.
 
GuntherDW
just joined
Posts: 1
Joined: Sun Jan 08, 2017 7:04 am
Location: Belgium

Re: v6.38 [current] is released!

Sun Jan 08, 2017 7:13 am

I have the same issue with the Fasttrack on 6.38. With 6.37.3 I had my full 250mbit internet speed without any issues. With 6.38 it dropped to 30Mbit the packets are going through the FP but not at the rates expected.

Any suggestions? I'm going to upgrade to GR3's in the future to have everything on the FP but since my Comcast upload limits the speed for now it was not needed.
I have a RB750Gr3, almost new, received it around xmas. Updated from 6.37.3, got the 100/20 from my VDSL2 connection over PPPoE, with FP for around ~2-10% CPU usage.
It still says it's going over FP, but takes up to 40%.

This was a minute after I closed Torch to check for bandwith usage.
I did the same test 5 minutes after that and the CPU usage went back down to its previous 2-10%.
The wiki does state that "Torch/packet sniffer/.." type stuff will break the FP stuff, but it seems a bit more delayed now?

Long story short at first I was afraid that I was suffering from the same issue, but it turned out alright.
This is on a somewhat simple NAT home setup though. Modem into the RB to the internal network. Haven't really done anything with VLAN's or VPN's yet.
 
qiet72
just joined
Posts: 24
Joined: Thu Oct 09, 2014 10:23 am

Re: v6.38 [current] is released!

Sun Jan 08, 2017 2:32 pm

Same problem here, except downgrading to 6.37.3 also makes the vlan problem disappear. This was tested on a hAP ac. Other MikroTik and X86 devices do not seem to have this problem though.
The STP/RSTP compatibility issue does not seem to affect me though as I have 6.37.3 on hAP ac, 6.38 on X86 PC and hAP lite (smips) all connected to the same layer 2 network.

Qiet72
I had situation with 6.38 on my CRS
I have CRS-1009 router and CRS-125-24G switch. Both of them was ROS 6.37. I upgraded both to 6.38.
I am using Port based VLAN tagging described in http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN / example #1 on my CRS-125-24
After 6.38 and all IP traffic stopped on my switch. When I disabled Vlan taggings IP traffic started on my management LAN.

I downgraded to 6.37 and Vlan problem disappeared.

İs this the problem you mentioned "To avoid STP/RSTP compatibility issues with older RouterOS versions upgrade RouterOS on all routers in Layer2 networks with VLAN and STP/RSTP configurations."

Thank you.
 
liamalxd
just joined
Posts: 7
Joined: Sun Jul 10, 2016 1:51 pm

Re: v6.38 [current] is released!

Sun Jan 08, 2017 4:39 pm

I think this started in 6.37.3, but it's still broken in 6.38. On my CCR 1009-8G-1S-1S+ the fan speed is not reported correctly in fan1-speed in /system health:

> system health print
fan-mode: auto
use-fan: main
active-fan: main
cpu-overtemp-check: yes
cpu-overtemp-threshold: 70C
cpu-overtemp-startup-delay: 1m
voltage: 24V
current: 825mA
temperature: 31C
cpu-temperature: 55C
power-consumption: 19.9W
psu1-state: ok
psu2-state: ok
fan1-speed: 0RPM

This used to report correctly and seems to start working if you set the use-fan to auxiliary and then back to main again, but breaks again upon a reboot.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Sun Jan 08, 2017 8:11 pm

The fan speed is reported as zero when it is below some threshold (but still running).
When it spins up due to higher outside temp it is displayed. Probably a bug, yes.
 
colinardo
just joined
Posts: 8
Joined: Sun Jan 08, 2017 9:02 pm

Re: v6.38 [current] is released!

Sun Jan 08, 2017 9:13 pm

Hi.
I discovered the following problem with the current 6.38 Release on a RB951G-2HnD with the auto certificate feature of CAPsMan:
If you request certificate with a CAP on the same device as the CAPsMAN, the device is unable to issue the private key for the certificate. The certificate for CAP is created ('I' can be seen in certificate list) but without private key ('K' is missing in certificate list), thus it cannot be used by CAP. Also if you manually create the certificate on the router itself with private key, it's not accepted, log says certificate is not valid anymore, but it actually is ... really weird!

Version 6.37.3 in contrast is working fine.

Best regards
@colinardo
 
manulu
just joined
Posts: 6
Joined: Wed Mar 23, 2016 5:16 pm

Re: v6.38 [current] is released!

Mon Jan 09, 2017 5:23 am

I have a problem once i've upgrade to
dude-install-6.38.exe
dude-6.38.npk
RB2011UiAS-2HnD
Windows 7 32

the error
no dude package
 
emikrotik
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Jun 19, 2015 9:30 am

Re: v6.38 [current] is released!

Mon Jan 09, 2017 8:30 am

Strange Bug:
After upgrading my CCR1009-8G-1S-1S+ from 6.37.3 to 6.38 the exported config mixed up the interface IDs:

/interface ethernet
set [ find default-name=ether5 ] l2mtu=1520 name=ether1-kbd
set [ find default-name=ether6 ] l2mtu=1520 name=ether2
set [ find default-name=ether7 ] l2mtu=1520 name=ether3
set [ find default-name=ether8 ] l2mtu=1520 name=ether4-inl
set [ find default-name=ether1 ] name=ether5-wan-lacp1-1
set [ find default-name=ether2 ] name=ether6-wan-lacp1-2
set [ find default-name=ether3 ] name=ether7-wan
set [ find default-name=ether4 ] name=ether8-wan

This was definitely NOT the actively running config since i did not rename the interfaces that crappy ;)

Just to make sure that the export was wrong tried to load this config into the zeroed device but it failed.

after a manual correction to:

/interface ethernet
set [ find default-name=ether1 ] l2mtu=1520 name=ether1-kbd
set [ find default-name=ether2 ] l2mtu=1520
set [ find default-name=ether3 ] l2mtu=1520
set [ find default-name=ether4 ] l2mtu=1520 name=ether4-inl
set [ find default-name=ether5 ] name=ether5-wan-lacp1-1
set [ find default-name=ether6 ] name=ether6-wan-lacp1-2
set [ find default-name=ether7 ] name=ether7-wan
set [ find default-name=ether8 ] name=ether8-wan

everything worked fine.

Is there any explanation for this effect?

Cheers,

Christoph

Have also experienced this issue 3 times on 2 routers.
 
LIV2
newbie
Posts: 31
Joined: Sat Jan 23, 2016 7:42 am

Re: v6.38 [current] is released!

Mon Jan 09, 2017 9:23 am

On both my CRS125 and my mAP 2n installing 6.38 results in a unit that won't boot, for both I had to revert to an earlier version using netboot. is this a known issue?
 
uldis
MikroTik Support
MikroTik Support
Posts: 3425
Joined: Mon May 31, 2004 2:55 pm

Re: v6.38 [current] is released!

Mon Jan 09, 2017 9:33 am

Hi.
I discovered the following problem with the current 6.38 Release on a RB951G-2HnD with the auto certificate feature of CAPsMan:
If you request certificate with a CAP on the same device as the CAPsMAN, the device is unable to issue the private key for the certificate. The certificate for CAP is created ('I' can be seen in certificate list) but without private key ('K' is missing in certificate list), thus it cannot be used by CAP. Also if you manually create the certificate on the router itself with private key, it's not accepted, log says certificate is not valid anymore, but it actually is ... really weird!

Version 6.37.3 in contrast is working fine.

Best regards
@colinardo
Thank you for the report, we will try to fix this problem in the v6.39.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3425
Joined: Mon May 31, 2004 2:55 pm

Re: v6.38 [current] is released!

Mon Jan 09, 2017 9:38 am

There is some performance issues on 6.38
On my RB3011
ROS 6.37.3
Download 900Mb/s
Upload 200Mb/s
CPU 14% during speedtest

ROS 6.37.3
Download 260Mb/s
Upload 200Mb/s
CPU 67% during speedtest

I'm back to 6.37.3
Please report to support@mikrotik.com with a support output file so we could check the configuration and try to reproduce your problem.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3425
Joined: Mon May 31, 2004 2:55 pm

Re: v6.38 [current] is released!

Mon Jan 09, 2017 9:40 am

Software 6.38 cpu usage for fasttrack connections very high. For example ( 951g-2hnd at 750mhz) bandwidth 300 Mbps 6.37.3 cpu usage 30-40, 6.38 cpu usage 80-85.
My 951G dropped from 305 Mb/s with ~50% CPU (6.37.3) to 210 Mb/s with 100% CPU (6.38). I had to downgrade to keep the speed up.

If I check the profiler I can see the "networking" is taking ~30%. On 6.37.3 it was about 1% on full speed.
Please report to support@mikrotik.com with a support output file so we could check the configuration and try to reproduce your problem.
 
kevini
just joined
Posts: 3
Joined: Fri Jan 06, 2017 8:37 pm

Re: v6.38 [current] is released!

Tue Jan 10, 2017 12:30 am

I submitted my info, I had the standard network diagram etc request which I don't have time to provide. Hopefully with all the people reporting the performance issues they resolve it soon.
 
zcache
just joined
Posts: 3
Joined: Mon Dec 29, 2014 5:20 am

Re: v6.38 [current] is released!

Tue Jan 10, 2017 2:30 am

Hi all,
After upgrade to 6.38, I feel my routerbox temperature too high than before. As I often check before upgraded the temperature about 50-51 but now it is 60-62, anybody have same with me?
My box is: RB850Gx2, already downgrade cpu speed to 400MHz but not effective.
From the changelog:

*) rb850Gx2 - fixed pcb temperature monitor if temperature was above 60C;
Yes, but I wonder why the temperature rise up too high, 10 degree from previous version. Although the box working same function.
[admin@MikroTik] > system health print 
          voltage: 12V
      temperature: 49C
  cpu-temperature: 60C
[admin@MikroTik] > 
 
kiler129
Member Candidate
Member Candidate
Posts: 228
Joined: Tue Mar 31, 2015 4:32 pm
Contact:

Re: v6.38 [current] is released!

Tue Jan 10, 2017 3:13 am

Yes, but I wonder why the temperature rise up too high, 10 degree from previous version. Although the box working same function.
From the change log I would assume your board temperature was like 60*C, but ROS was showing lower one (which was fixed in 6.38).
 
zcache
just joined
Posts: 3
Joined: Mon Dec 29, 2014 5:20 am

Re: v6.38 [current] is released!

Tue Jan 10, 2017 5:14 am

Yes, but I wonder why the temperature rise up too high, 10 degree from previous version. Although the box working same function.
From the change log I would assume your board temperature was like 60*C, but ROS was showing lower one (which was fixed in 6.38).
Ohh!! I got it, that it mean the box has kidding me so long time... haha :lol: :lol:
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.38 [current] is released!

Tue Jan 10, 2017 8:01 am

I might have found some other IPsec related bugs:
1. sometimes the new "PH states" are not correct, traffic is flowing but there is "no PH2" or "ready to send" which often only reverts after phase1 rekey or new phase2
2. if the initiator is reconnecting too fast e.g. after PPPoE 24 hour reconnect and the old SAs are not flushed on responder, the initiator thinks he is connected and has SAs but the responder has an invalid policy and no traffic can flow.
EDIT
If a peer reconnects after PPoE 24h disconnect within DPD timeout and with a another IP address than before, there will be the situation described in 2.,
I tested this by setting delay before attempting to reconnect to a value greater than the DPD timeout which "solved" the problem. Bit this is clearly not the expected behaviour.
UPDATE
even my workaround did not solve the problem
UPDATE2:
now again a second reboot after the upgrade seems to solve this problem for now (testet with a script doing disable+enable)

as usual, please fix :)
thank you in advance
Last edited by moep on Tue Jan 10, 2017 4:49 pm, edited 3 times in total.
 
User avatar
Psiho
just joined
Posts: 9
Joined: Tue Apr 19, 2016 2:25 am
Location: SPB, Russia

Re: v6.38 [current] is released!

Tue Jan 10, 2017 10:43 am

Hello! DHCP server in 6.38 and higher version include bug with synthetic NIC (Hyper-V) on my RB-951G. When virtual NIC trying to get offer from dhcp following message in log is appear:

- dhcp,warning,info,debug dhcp1 offering lease Virtual_NIC_IP for Virtual_NIC_MAC without success

As result i lost connect to Hyper-V HOST also. 6.39RC9 - same problem. Return to 6.37 and all become OK again.
 
majestic
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Mon Dec 05, 2016 11:19 am

Re: v6.38 [current] is released!

Tue Jan 10, 2017 12:03 pm

Please can 6.37.x be made the bugfix release?
There has to be a convenient way to update routers to this version that proves to be quite stable,
and avoid the current problems with 6.38 without having to go back to 6.36.4
Agree. It would be nice if after every new release that a new repo say called old current/stable or something was created and used to store the previous version as it's very frustrating to have to use net install to switch back to the exact version we were running before.

Also net install has to be done onsite which is not very convenient. If it was more easier to return back to our old version rather then bugfix branch, I'm sure more people would be helping to try and debug issues.
 
notToNew
Member Candidate
Member Candidate
Posts: 148
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.38 [current] is released!

Tue Jan 10, 2017 12:22 pm

Please can 6.37.x be made the bugfix release?
There has to be a convenient way to update routers to this version that proves to be quite stable,
and avoid the current problems with 6.38 without having to go back to 6.36.4
No, please NOT!!! 6.36.4 is the only version which works with some older WIFI-Devices, like INTEL 2200.
This version should be supported until the new wireless-package is fixed.
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Tue Jan 10, 2017 1:13 pm

Please can 6.37.x be made the bugfix release?
There has to be a convenient way to update routers to this version that proves to be quite stable,
and avoid the current problems with 6.38 without having to go back to 6.36.4
Agree. It would be nice if after every new release that a new repo say called old current/stable or something was created and used to store the previous version
I have suggested that in the 6.39rc thread already but I suspect it cannot be done in an existing release (e.g. by serving a different file from the update server)
so for the current release the marking of 6.37 as bugfix release is probably the only way.
Some people apparently require 6.36.4 but they can just stay at their existing install or use netinstall on new devices.
The currently most occuring situation is "updated to 6.38 then want to go back until new issues are fixed" and for that making 6.37.3 the bugfix release, if only
temporarily, would be easiest.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3425
Joined: Mon May 31, 2004 2:55 pm

Re: v6.38 [current] is released!

Tue Jan 10, 2017 1:23 pm

Hello! DHCP server in 6.38 and higher version include bug with synthetic NIC (Hyper-V) on my RB-951G. When virtual NIC trying to get offer from dhcp following message in log is appear:

- dhcp,warning,info,debug dhcp1 offering lease Virtual_NIC_IP for Virtual_NIC_MAC without success

As result i lost connect to Hyper-V HOST also. 6.39RC9 - same problem. Return to 6.37 and all become OK again.
We need more detailed report - provide us export file or support output file so we could try to reproduce this problem.
 
User avatar
Psiho
just joined
Posts: 9
Joined: Tue Apr 19, 2016 2:25 am
Location: SPB, Russia

Re: v6.38 [current] is released!

Tue Jan 10, 2017 2:07 pm

Hello! DHCP server in 6.38 and higher version include bug with synthetic NIC (Hyper-V) on my RB-951G. When virtual NIC trying to get offer from dhcp following message in log is appear:

- dhcp,warning,info,debug dhcp1 offering lease Virtual_NIC_IP for Virtual_NIC_MAC without success

As result i lost connect to Hyper-V HOST also. 6.39RC9 - same problem. Return to 6.37 and all become OK again.
We need more detailed report - provide us export file or support output file so we could try to reproduce this problem.
To reproduce this problem you just need to try obtain IP by guest OS's NIC (Hyper-V) from DHCP server in 6.38 and higher version ROS. As for me - i must again do upgrade-downgrade cycle on Router in production. This may take a while - 1 day at least. What will take a less time?
 
DuduZZZ
just joined
Posts: 6
Joined: Tue Aug 23, 2016 11:31 am
Location: Hungary

Re: v6.38 [current] is released!

Tue Jan 10, 2017 2:28 pm

Hello! DHCP server in 6.38 and higher version include bug with synthetic NIC (Hyper-V) on my RB-951G. When virtual NIC trying to get offer from dhcp following message in log is appear:

- dhcp,warning,info,debug dhcp1 offering lease Virtual_NIC_IP for Virtual_NIC_MAC without success

As result i lost connect to Hyper-V HOST also. 6.39RC9 - same problem. Return to 6.37 and all become OK again.
We need more detailed report - provide us export file or support output file so we could try to reproduce this problem.
To reproduce this problem you just need to try obtain IP by guest OS's NIC (Hyper-V) from DHCP server in 6.38 and higher version ROS. As for me - i must again do upgrade-downgrade cycle on Router in production. This may take a while - 1 day at least. What will take a less time?
I think you don't understand. Uldis request a supout.rif file. More information: http://www.mikrotik.com/support
 
User avatar
Psiho
just joined
Posts: 9
Joined: Tue Apr 19, 2016 2:25 am
Location: SPB, Russia

Re: v6.38 [current] is released!

Tue Jan 10, 2017 2:40 pm

Ok, will try to do this tonight
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: v6.38 [current] is released!

Tue Jan 10, 2017 3:26 pm

your hyper-v client is a dhcp-client receiving the address from the DHCP server? Or vice versa - server that gives out addresses to mipsbe (or various) devices?
 
User avatar
Psiho
just joined
Posts: 9
Joined: Tue Apr 19, 2016 2:25 am
Location: SPB, Russia

Re: v6.38 [current] is released!

Tue Jan 10, 2017 4:06 pm

your hyper-v client is a dhcp-client receiving the address from the DHCP server?
Yes. Mikrotik - DHCP server. Guest OS on HOST and HOST himself - clients

In addition - when described error is occurred, the affected clients remaining in "offering" state in DHCP server - Leases table with cycled 30s timeout. Seems like synthethic NIC dont answer on offer from DHCP, while real ones work as usual. In ROS 6.37 all work fine with both NIC.
 
gilester
just joined
Posts: 3
Joined: Sat Feb 01, 2014 1:07 pm

Re: v6.38 [current] is released!

Tue Jan 10, 2017 4:34 pm

your hyper-v client is a dhcp-client receiving the address from the DHCP server?
Yes. Mikrotik - DHCP server. Guest OS on HOST and HOST himself - clients

In addition - when described error is occurred, the affected clients remaining in "offering" state in DHCP server - Leases table with cycled 30s timeout. Seems like synthethic NIC dont answer on offer from DHCP, while real ones work as usual. In ROS 6.37 all work fine with both NIC.
We have observed exactly this with a UniFi UAP-LR and a Soekris Engineering Net4801 board. We have reverted to 6.37.3 to restore correct DHCP behaviour.

Thanks
Giles.
 
darkmanlv
newbie
Posts: 26
Joined: Thu Mar 26, 2015 3:19 pm
Location: Riga, Latvia
Contact:

Re: v6.38 [current] is released!

Wed Jan 11, 2017 2:42 am

fastpath problem on 6.38 with hap ac, download speed dropped to 200 mbps from 500-800 mbps, cpu load is 100%

Image
Image

on 6.37.3 all ok

Image
Image
Last edited by darkmanlv on Wed Jan 11, 2017 2:48 am, edited 1 time in total.
 
darkmanlv
newbie
Posts: 26
Joined: Thu Mar 26, 2015 3:19 pm
Location: Riga, Latvia
Contact:

Re: v6.38 [current] is released!

Wed Jan 11, 2017 2:48 am

No, please NOT!!! 6.36.4 is the only version which works with some older WIFI-Devices, like INTEL 2200.
This version should be supported until the new wireless-package is fixed.
i have the same problem with hap lite, old toshiba notebook with intel 2200bg doesn`t work if upgrade to 6.37.xx or 6.38, works perfectly on 6.36.4
 
IanEKB
just joined
Posts: 2
Joined: Wed Jan 11, 2017 8:31 am

Re: v6.38 [current] is released!

Wed Jan 11, 2017 9:01 am

Good day!
Error with updating status (reachable) in static routes. System displays "unreachable" for static route, but it is reachable.
Traffic did not go through a second ISP because of this. Changing Distance values did not help.

Fix: change checking gateway type to ARP from PING (WinBox displays reachable now). I turn option back to ping, but status reachable was saved.
Reload whether the status if ISP gateway is not available and will be available again? I not tested it.

Info: SFP-interface (SFP module: WDM SFP-G-03SC-B).

I do not know whether there was a problem in early versions.

P.S.: I am sorry for bad english.
 
notToNew
Member Candidate
Member Candidate
Posts: 148
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.38 [current] is released!

Wed Jan 11, 2017 9:31 am

No, please NOT!!! 6.36.4 is the only version which works with some older WIFI-Devices, like INTEL 2200.
This version should be supported until the new wireless-package is fixed.
i have the same problem with hap lite, old toshiba notebook with intel 2200bg doesn`t work if upgrade to 6.37.xx or 6.38, works perfectly on 6.36.4
I have >60 IP-Cams, which only work on 6.36.4. I hope no one asks me to replace them all just because of this ;-)
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
majestic
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Mon Dec 05, 2016 11:19 am

Re: v6.38 [current] is released!

Wed Jan 11, 2017 9:54 am

Please can 6.37.x be made the bugfix release?
There has to be a convenient way to update routers to this version that proves to be quite stable,
and avoid the current problems with 6.38 without having to go back to 6.36.4
No, please NOT!!! 6.36.4 is the only version which works with some older WIFI-Devices, like INTEL 2200.
This version should be supported until the new wireless-package is fixed.
Adding an extra repo wouldn't effect anything, wouldn't touch the existing versions available, it only would give users an alternative to install, I.e old stable.
 
notToNew
Member Candidate
Member Candidate
Posts: 148
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.38 [current] is released!

Wed Jan 11, 2017 10:05 am

Adding an extra repo wouldn't effect anything, wouldn't touch the existing versions available, it only would give users an alternative to install, I.e old stable.
I agree! But the quoted question was not to add an extra version, it was about to replace the current bugfix-version. I support adding a new one!!
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
majestic
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Mon Dec 05, 2016 11:19 am

Re: v6.38 [current] is released!

Wed Jan 11, 2017 10:07 am

Adding an extra repo wouldn't effect anything, wouldn't touch the existing versions available, it only would give users an alternative to install, I.e old stable.
I agree! But the quoted question was not to add an extra version, it was about to replace the current bugfix-version. I support adding a new one!!
My bad, wasn't intended. Should proof read what I type more :) sorry about that.
 
MoDest
just joined
Posts: 2
Joined: Fri Feb 27, 2015 5:19 pm
Location: Saint Petersburg, RU

Re: v6.38 [current] is released!

Wed Jan 11, 2017 10:26 am

It's good idea to add "creation time" column to firewall address list. I hope you do it and for firewall filters and NAT. With this will be easier to find outdated rules in big firewalls with many rules.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.38 [current] is released!

Wed Jan 11, 2017 10:32 am

You could use the note feature for that. Enter reason why each rule is made.
No answer to your question? How to write posts
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Wed Jan 11, 2017 10:42 am

You could use the note feature for that. Enter reason why each rule is made.
In some cases it could be nice to have a "countdown timer" with a rule like with address list members,
to temporarily open some thing without risk to forget to remove it later, but I do not consider it important
enough to make it into a feature request. The comment feature already is a very nice advantage of
RouterOS over competing products and even operating systems.
 
JuanRamiro
just joined
Posts: 7
Joined: Fri Nov 15, 2013 4:24 pm

Re: v6.38 [current] is released!

Wed Jan 11, 2017 10:51 am

After upgrading to 6.38, my pppoe connection to WAN speed test makes cpu go to 100%. FastTrack counters seem OK --> FastTrack seems to be configured properly.
Because of the cpu, the router no longer gets 300 mbps at 45% of CPU. Now I get up to 200 mbps at 100%.
 
notToNew
Member Candidate
Member Candidate
Posts: 148
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.38 [current] is released!

Wed Jan 11, 2017 10:57 am

You could use the note feature for that. Enter reason why each rule is made.
In some cases it could be nice to have a "countdown timer" with a rule like with address list members,
to temporarily open some thing without risk to forget to remove it later, but I do not consider it important
enough to make it into a feature request. The comment feature already is a very nice advantage of
RouterOS over competing products and even operating systems.
my whish is to get an "time"-object which I can add to any firewall-rules. The tiime-object should have an beginning and an end-datetime.
If added, the rule is only enabled within this time! This has several advantages: 1. Having the "countdown timer" you mentioned 2. Allowing me to enable several
"mainenance"-rules(with several vlans i have over 50 of them) by just extending the end-datetime of this "timeobject" named "Maintenance-AllowExternalAccess "....
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Wed Jan 11, 2017 11:24 am

my whish is to get an "time"-object which I can add to any firewall-rules. The tiime-object should have an beginning and an end-datetime.
Well that is already available, but it appears that it allows only cyclic definitions and no date fields. That can probably be fixed rather easily.
 
notToNew
Member Candidate
Member Candidate
Posts: 148
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.38 [current] is released!

Wed Jan 11, 2017 11:36 am

Well that is already available, but it appears that it allows only cyclic definitions and no date fields. That can probably be fixed rather easily.
Somehow... it should be available as an own "object", just like the adress-list. If so, I can add several named "time-objects" and add them to te corresponding rules.
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Wed Jan 11, 2017 11:43 am

That functionality is not available in netfilter I think, so it would have to be implemented entirely in the management layer.
(you maintain some time object but in reality it is modified in all rules that refer to it)
That is probably more work to implement. The "time" match has this functionality:
   time
       This matches if the packet arrival time/date is within a  given  range.
       All  options  are optional, but are ANDed when specified. All times are
       interpreted as UTC by default.

       --datestart YYYY[-MM[-DD[Thh[:mm[:ss]]]]]

       --datestop YYYY[-MM[-DD[Thh[:mm[:ss]]]]]
              Only match during the given time, which must be in ISO 8601  "T"
              notation.   The  possible  time  range is 1970-01-01T00:00:00 to
              2038-01-19T04:17:07.

              If --datestart or --datestop are not specified, it will  default
              to 1970-01-01 and 2038-01-19, respectively.

       --timestart hh:mm[:ss]

       --timestop hh:mm[:ss]
              Only  match during the given daytime. The possible time range is
              00:00:00 to 23:59:59. Leading zeroes are allowed (e.g.  "06:03")
              and correctly interpreted as base-10.

       [!] --monthdays day[,day...]
              Only match on the given days of the month. Possible values are 1
              to 31. Note that specifying 31  will  of  course  not  match  on
              months  which  do  not have a 31st day; the same goes for 28- or
              29-day February.

       [!] --weekdays day[,day...]
              Only match on the given weekdays. Possible values are Mon,  Tue,
              Wed,  Thu,  Fri,  Sat, Sun, or values from 1 to 7, respectively.
              You may also use two-character variants (Mo, Tu, etc.).

       --contiguous
              When --timestop is smaller than --timestart value, match this as
              a single time period instead distinct intervals.  See EXAMPLES.

       --kerneltz
              Use  the  kernel  timezone instead of UTC to determine whether a
              packet meets the time regulations.
As you can see, datestart and datestop fields could easily be added to give oneshot temporary rules
in addition to the daily/weekly rules that already are available.
 
notToNew
Member Candidate
Member Candidate
Posts: 148
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.38 [current] is released!

Wed Jan 11, 2017 3:04 pm

That functionality is not available in netfilter I think, so it would have to be implemented entirely in the management layer.
I know this from shorewall, It is really a nice feature and a nice addition to Mikrotik and I'd appreciate also this smaller solution.
My suggestion from above is just the more "global" version of this.
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
cristanboj
just joined
Posts: 1
Joined: Mon May 23, 2016 9:14 am

Re: v6.38 [current] is released!

Wed Jan 11, 2017 3:45 pm

hi guys,

does anyone of you encountered problems in PCC after upgrading their Mikrotik OS?

PCC currently is not working anymore after upgrading . please help.
 
easyspot
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Thu Jun 07, 2012 7:09 pm

Re: v6.38 [current] is released!

Wed Jan 11, 2017 4:09 pm

GrooveA-52HPn:
Wifi working but scan, freq usage, align, snooper not working. Downgrade to 6.32.4 all working.
Solved: need to press start lol
Last edited by easyspot on Wed Jan 11, 2017 4:23 pm, edited 1 time in total.
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1721
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.38 [current] is released!

Wed Jan 11, 2017 6:32 pm

hi guys,

does anyone of you encountered problems in PCC after upgrading their Mikrotik OS?

PCC currently is not working anymore after upgrading . please help.
Just a guess - did you enable fasttrack?
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
driven
just joined
Posts: 5
Joined: Tue Nov 29, 2016 10:03 pm

Re: v6.38 [current] is released!

Thu Jan 12, 2017 12:27 am

After upgrading to 6.38, my pppoe connection to WAN speed test makes cpu go to 100%. FastTrack counters seem OK --> FastTrack seems to be configured properly.
Because of the cpu, the router no longer gets 300 mbps at 45% of CPU. Now I get up to 200 mbps at 100%.
Confirm - at 6.38 (and possibly earlier, updated from 6.37) fasttrack is broken, dynamic rules are in "passtrough", as well as on devices that do not support this feature. Downgrade to 6.37 recovers it.
Last edited by driven on Thu Jan 12, 2017 12:18 pm, edited 1 time in total.
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.38 [current] is released!

Thu Jan 12, 2017 7:44 am

I might have found some other IPsec related bugs:
1. sometimes the new "PH states" are not correct, traffic is flowing but there is "no PH2" or "ready to send" which often only reverts after phase1 rekey or new phase2
2. if the initiator is reconnecting too fast e.g. after PPPoE 24 hour reconnect and the old SAs are not flushed on responder, the initiator thinks he is connected and has SAs but the responder has an invalid policy and no traffic can flow.
EDIT
If a peer reconnects after PPoE 24h disconnect within DPD timeout and with a another IP address than before, there will be the situation described in 2.,
I tested this by setting delay before attempting to reconnect to a value greater than the DPD timeout which "solved" the problem. Bit this is clearly not the expected behaviour.
UPDATE
even my workaround did not solve the problem
UPDATE2:
now again a second reboot after the upgrade seems to solve this problem for now (testet with a script doing disable+enable)
UPDATE3
second reboot does not solve this for long. after two days the problem is back. responder shows invalid dynamic policy while initiator thinks that he is connected.

as usual, please fix :)
thank you in advance
UPDATE4
it seems that a double reconnect with a delay makes it possible to "solve" it.
on first (re)connect the bad invalid policy is created on responder and not automatically flushed in time. on second (re)connect the bad policy is removed and a new valid one is created allowing traffic to flow.
 
sbeauchamp
newbie
Posts: 29
Joined: Fri Sep 16, 2016 3:27 pm

Re: v6.38 [current] is released!

Thu Jan 12, 2017 3:32 pm

does this fix the out of order packets on the CCR models when using the encryption hardware acceleration?
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Thu Jan 12, 2017 4:14 pm

does this fix the out of order packets on the CCR models when using the encryption hardware acceleration?
No.
 
zennik
just joined
Posts: 13
Joined: Thu Jan 26, 2012 2:13 pm

Re: v6.38 [current] is released!

Fri Jan 13, 2017 1:17 am

I've noticed with all of my HAP and 2011 Routers I tested on the bench, 6.38 gets really pissy with IPsec after it's running for a few hours. With each one, after about 2-3 hours it just stops passing IPSec traffic, and I can't go into IP/IPSec in Winbox or CLI, and I can't do a config export unless I disable the security package and reboot.
Winbox just gives me no info on those tabs, and in CLI as soon as I go to do a 'print' under any category in IPsec, it just hangs.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Fri Jan 13, 2017 10:30 am

[quote="zennik"][/quote]
Not here. Post your config and/or send a supout.rif file to support.
 
berny
just joined
Posts: 1
Joined: Fri Jan 13, 2017 11:11 pm

Re: v6.38 [current] is released!

Fri Jan 13, 2017 11:32 pm

Not sure if bug...

I upgraded to 6.38, I already reset the config to default

When I download or run speed test, the speed (tx/rx) appears also on wlan1 interface, but my pc is connected only via ethernet5

Image
 
User avatar
JohnTRIVOLTA
Member Candidate
Member Candidate
Posts: 207
Joined: Sun Dec 25, 2016 2:05 pm
Location: BG/Sofia

Re: v6.38 [current] is released!

Fri Jan 13, 2017 11:55 pm

I upgraded hEX/v3 - mmips/ to 6.38, firmware to 3.35 . This release broke my speed to 250Mbit/s max for tcp or udp per direction/rx or tx/, both speed 130-150 per direction, whats happenеd ?Only now the load of cpu have equal threads load 20-30%, previously only one thread work on 100% load but speed up 1300Mbit/s!
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.38 [current] is released!

Mon Jan 16, 2017 5:33 pm

No answer to your question? How to write posts

Who is online

Users browsing this forum: No registered users and 18 guests