Community discussions

MUM Europe 2020
 
PtDragon
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Sun Apr 26, 2009 8:52 pm

Re: v6.39rc [release candidate] is released

Sun Feb 26, 2017 12:51 am

Version 6.39rc38 has been released.

Changes since previous version:
!) routeros - added support for new products and RouterOS features which will be announced at MUM EU (https://mum.mikrotik.com/2017/EU/info/EN);
Good call. We have a month to try it, but at least tell us where to search!
Yeah, it will be good to know WHAT we are having xD
CCR1036-12G-4S +6x100Mbit ^_^
 
alexjhart
Member Candidate
Member Candidate
Posts: 192
Joined: Thu Jan 20, 2011 8:03 pm

Re: v6.39rc [release candidate] is released

Sun Feb 26, 2017 2:01 am

Version 6.39rc38 has been released.

Changes since previous version:
!) routeros - added support for new products and RouterOS features which will be announced at MUM EU (https://mum.mikrotik.com/2017/EU/info/EN);
Good call. We have a month to try it, but at least tell us where to search!
Yeah, it will be good to know WHAT we are having xD
Nice plug to get people to attend MUM EU? :)
-----
Alex Hart

The Brothers WISP
 
korniza
newbie
Posts: 26
Joined: Fri Jan 06, 2012 4:05 pm

Re: v6.39rc [release candidate] is released

Sun Feb 26, 2017 7:36 am

This is an example about SNMP CAPsMAN registration table.

We run SNMPwalk to device. As a result we get different OIDs. For example:
iso.3.6.1.4.1.14988.1.1.1.5.1.12..587

In this case:
iso.3.6.1.4.1.14988.1.1.1.5.1.12 - CAPsMAN registration table specific entry;
xx.xx.xx.xx.xx.xx - MAC address in decimal system
587 - specific ID to avoid duplicates
I see now, so what you mean is the mac address is part of the OID, just in decimal form instead of hexadecimal.
for example, mac address 00:DB:9A:B0:E4:72 would be converted to 0.219.154.176.228.114 and it's stats would then be iso.3.6.1.4.1.14988.1.1.1.5.1.12.0.219.154.176.228.114.1
or, mac address DB:DB:DB:DB:DB:DB would become 219.219.219.219.219.219

While I can see this works, it does seem to be easier to have a Hex-String or String conversion automatically done for us in an additional OID. Since the code was there already and it makes things easier on folks, why not just leave it (put it back)?
I totally agree! we have to rebuild so many scripts, so many waste of time and many 3rd party software keep failing. Let them as it was!
 
athurdent
just joined
Posts: 24
Joined: Fri Sep 09, 2016 7:02 pm

Re: v6.39rc [release candidate] is released

Sun Feb 26, 2017 11:27 am

Version 6.39rc38 has been released.

Changes since previous version:
!) routeros - added support for new products and RouterOS features which will be announced at MUM EU (https://mum.mikrotik.com/2017/EU/info/EN);
*) capsman - fixed "/caps-man manager interface" compact export;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
This version (Edit: no necessarily this specific version, but rc4 is perfectly fine for example) completely broke DFS for me in Germany. My wAP AC resides on the top floor, sometimes no 5GHz clients connected. As soon as I come near it with a client (tested with iPhone 6s, multiple times) it logs something like pasted below. I'm pretty sure it interprets clients looking for WLAN APs as RADAR. Please fix this! It's the same for a hAP AC with the current stable version (v6.38.3).
Feb 26 10:06:12 mikrotik-wap-ac wireless,info wlan2: radar detected on 5580000
Feb 26 10:06:17 mikrotik-wap-ac wireless,debug wlan2: must select channel
Feb 26 10:06:17 mikrotik-wap-ac wireless,debug wlan2: radar reported on 5580000
Feb 26 10:06:17 mikrotik-wap-ac wireless,debug wlan2: radar reported on 5260000
Feb 26 10:06:17 mikrotik-wap-ac wireless,debug wlan2: radar reported on 5580000
Feb 26 10:06:17 mikrotik-wap-ac wireless,debug wlan2: selected channel 5500000
Feb 26 10:06:17 mikrotik-wap-ac wireless,debug wlan2: search for radars on 5500000
Feb 26 10:07:17 mikrotik-wap-ac wireless,debug wlan2: no radar detetected, start network
at 10:07 I was already back downstairs, going up again and leaving the phone there the following happens:
Feb 26 10:20:14 mikrotik-wap-ac wireless,info wlan2: radar detected on 5500000
Feb 26 10:20:19 mikrotik-wap-ac wireless,debug wlan2: must select channel
Feb 26 10:20:19 mikrotik-wap-ac wireless,debug wlan2: radar reported on 5580000
Feb 26 10:20:19 mikrotik-wap-ac wireless,debug wlan2: radar reported on 5260000
Feb 26 10:20:19 mikrotik-wap-ac wireless,debug wlan2: radar reported on 5500000
Feb 26 10:20:19 mikrotik-wap-ac wireless,debug wlan2: radar reported on 5580000
Feb 26 10:20:19 mikrotik-wap-ac wireless,debug wlan2: selected channel 5180000
after selecting a non-DFS channel I see my iPhone connecting to the AP in the logs.
 
mducharme
Trainer
Trainer
Posts: 877
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.39rc [release candidate] is released

Mon Feb 27, 2017 2:42 am

Now that TR-069 support is basically here and working, I would like to request a change to the RouterOS Main Package:

Could you please have the IPv6 package enabled by default instead of disabled? Or at least provide a means of enabling the package in NetInstall?

We want our TR-069 managed customer routers to have IPv6 enabled and configured when they receive them - the way things are set up currently, the customer router needs to be rebooted after they boot it up for the first time in order to enable IPv6 and apply the IPv6 config. Our defaults script applied by NetInstall can enable the IPv6 package but can't configure the settings until the router is rebooted because the package isn't active yet. This makes things much more awkward for us.

Thanks.
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6617
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: v6.39rc [release candidate] is released

Mon Feb 27, 2017 11:42 am

alexjhart, MAC-address is not present in /interface wireless registration-table print oid either, and it is calculated in the same way as for capsman table OIDs.
 
alexjhart
Member Candidate
Member Candidate
Posts: 192
Joined: Thu Jan 20, 2011 8:03 pm

Re: RE: Re: v6.39rc [release candidate] is released

Tue Feb 28, 2017 5:18 pm

alexjhart, MAC-address is not present in /interface wireless registration-table print oid either, and it is calculated in the same way as for capsman table OIDs.
It's there in the bridge table and i wouldn't mind it for the wireless registration table too, but I was focused on capsman here. Especially since it was there, then removed. Feel free to add it for the wireless registration table too. :)
-----
Alex Hart

The Brothers WISP
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24323
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Wed Mar 01, 2017 10:08 am

Update: The GenieACS developer says there is a bug in MikroTik's TR-069 client. Any SetParameterValues request that includes an ampersand in the value causes an empty reply to be sent to the ACS by the MikroTik. This in turn causes a problem in GenieACS which is not expecting an empty reply from the MikroTik and resends the request, causing a loop.
thanks for the report, the next RC will have fix for this
No answer to your question? How to write posts
 
mducharme
Trainer
Trainer
Posts: 877
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.39rc [release candidate] is released

Wed Mar 01, 2017 7:14 pm

Update: The GenieACS developer says there is a bug in MikroTik's TR-069 client. Any SetParameterValues request that includes an ampersand in the value causes an empty reply to be sent to the ACS by the MikroTik. This in turn causes a problem in GenieACS which is not expecting an empty reply from the MikroTik and resends the request, causing a loop.
thanks for the report, the next RC will have fix for this
Great!

And for the IPv6 package, any way of having that enabled by default in the main package with NetInstall? We need a solution for that - before it didn't matter so much, but now that you have TR-069, we need IPv6 turned on when the router first boots up after NetInstall.... Maybe you could just put up a second copy of each RouterOS main package which was the same except had IPv6 enabled by default, in a different folder on your web server, for those who needed it?

ex. regular package at https://download2.mikrotik.com/routeros ... 39rc38.npk and ipv6 default enabled package at https://download2.mikrotik.com/routeros ... 39rc38.npk

Thanks.
 
Sob
Forum Guru
Forum Guru
Posts: 4884
Joined: Mon Apr 20, 2009 9:11 pm

Re: v6.39rc [release candidate] is released

Wed Mar 01, 2017 7:30 pm

Or it could be simply made enabled by default for everyone. It's 2017 already, about time...
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
mducharme
Trainer
Trainer
Posts: 877
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.39rc [release candidate] is released

Wed Mar 01, 2017 7:55 pm

Or it could be simply made enabled by default for everyone. It's 2017 already, about time...
Yes, either/or.. However I suspect that they haven't been switching the main package to IPv6 enabled because then they would need a default IPv6 firewall config (at least a basic one to block all input except from the local bridge so that people on the WAN subnet can't login with webfig or winbox via IPv6), and existing devices would not have this in their factory default config scripts. However at least putting up this package as an alternative main package for people who use NetInstall and replace the default config script anyway - that should be safe, and it strikes me as something that they could do almost immediately.
 
User avatar
soonwai
Member Candidate
Member Candidate
Posts: 163
Joined: Mon Feb 06, 2012 10:50 pm
Location: Kuala Lumpur

Re: v6.39rc [release candidate] is released

Thu Mar 02, 2017 12:33 pm

RB2011UAS-2HnD on 6.39rc38
No scripts scheduled. Freshly rebooted. I have these environment variables. Any ideas what they are?
Image
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Thu Mar 02, 2017 1:14 pm

Version 6.39rc40 has been released.

Changes since previous version:
!) l2tp - added fastpath support when MRRU is enabled;
!) ppp - implemented internal algorithm for "change-mss", no mangle rules necessary;
!) pppoe - added fastpath support when MRRU and MLPPP are enabled;
*) hotspot - show Host table commentaries also in Active tab and vice versa;
*) ike2 - fixed responder subsequent new child creation when PFS is used;
*) ipsec - deducted policy SA src/dst address from src/dst address;
*) ipsec - fixed SA address check in policy lookup;
*) ipsec - updated tilera classifier for UDP encapsulated ESP;
*) snmp - added back MAC address OID in "/caps-man registration-table" (introduced in 6.39rc33);
*) tr069-client - added basic support for "/ip firewall filters";
*) tr069-client - added support for escaped entity references (& < > &apos; &quot);
*) tr069-client - close connection if CPE considers XML as invalid;
*) tr069-client - fixed special escape characters on XML data send;
*) tr069-client - general improvements on reducing storage space;
*) usb - added support for more CP210X devices;
*) wireless - do not allow equal MAC addresses between multiple Virtual APs when same master interface is used;
*) wireless - fixed rare crash on nv2 configurations;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
ulysses
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Fri Sep 25, 2015 1:26 pm

Re: v6.39rc [release candidate] is released

Thu Mar 02, 2017 1:26 pm

Hi,

I LOVE the new script property of DHCP client. But something very basic seems to be missing - in my case the DHCP server is _not_ the gateway. However I don't see the gateway-address or like variable available. Any chance this can be added soon?

BTW, although offtopic, is there a way to inspect :local variables in the current scope? like environment but for the current scope including the local variables?
 
psannz
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Mon Nov 09, 2015 3:52 pm
Location: Renningen, Germany

Re: v6.39rc [release candidate] is released

Thu Mar 02, 2017 1:46 pm

*) ipsec - updated tilera classifier for UDP encapsulated ESP;
Does this fix the IPSEC packet re-ordering problem?
viewtopic.php?f=1&t=112545
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8320
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.39rc [release candidate] is released

Thu Mar 02, 2017 1:48 pm

I LOVE the new script property of DHCP client. But something very basic seems to be missing - in my case the DHCP server is _not_ the gateway. However I don't see the gateway-address or like variable available. Any chance this can be added soon?
as a workaround:
:put [ /ip dhcp-server network get [ find $leaseActIP in address ] gateway ];
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
soonwai
Member Candidate
Member Candidate
Posts: 163
Joined: Mon Feb 06, 2012 10:50 pm
Location: Kuala Lumpur

Re: v6.39rc [release candidate] is released

Thu Mar 02, 2017 2:46 pm

RB2011UAS-2HnD updated to 6.39rc40.
PPPoE client connects. Local and remote address acquired but nothing works.
• RB2011 unable to ping 8.8.8.8
• "/system package update check-for-updates " unable to resolve dns.

Edit: Just noticed the default route to remote address is unreachable.

PPP profile's "Change TCP MSS" is and has always been Yes.
MTU & MRU not set (1480)
FastTrack is currently disabled.
Not sure how to diagnose.

Disabled PPPoE client. Changed to my backup link (routed through my neighbour) and everything is fine.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Thu Mar 02, 2017 4:16 pm

soonwai - This seems to be an issue which we managed to reproduce locally. If it is the same problem, then it will be fixed in next rc release.
 
User avatar
soonwai
Member Candidate
Member Candidate
Posts: 163
Joined: Mon Feb 06, 2012 10:50 pm
Location: Kuala Lumpur

Re: v6.39rc [release candidate] is released

Thu Mar 02, 2017 5:00 pm

soonwai - This seems to be an issue which we managed to reproduce locally. If it is the same problem, then it will be fixed in next rc release.
Awesome, thanks for the quick reply.
 
msatter
Forum Guru
Forum Guru
Posts: 1337
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.39rc [release candidate] is released

Thu Mar 02, 2017 8:20 pm

Same problem here of PPPoe working but no traffic shall pass. Torching the PPPoe connection makes it active till you stop torching it. :?
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta68 / Winbox 3.20 / MikroTik APP 1.3.7
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
alexjhart
Member Candidate
Member Candidate
Posts: 192
Joined: Thu Jan 20, 2011 8:03 pm

Re: v6.39rc [release candidate] is released

Thu Mar 02, 2017 9:05 pm

*) ipsec - updated tilera classifier for UDP encapsulated ESP;
Details?
-----
Alex Hart

The Brothers WISP
 
alexjhart
Member Candidate
Member Candidate
Posts: 192
Joined: Thu Jan 20, 2011 8:03 pm

Re: v6.39rc [release candidate] is released

Thu Mar 02, 2017 9:06 pm

*) snmp - added back MAC address OID in "/caps-man registration-table" (introduced in 6.39rc33);
Many thanks :)
-----
Alex Hart

The Brothers WISP
 
User avatar
macsrwe
Long time Member
Long time Member
Posts: 656
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: v6.39rc [release candidate] is released

Thu Mar 02, 2017 11:39 pm

Version 6.39rc40 has been released.
No dude client on the MikroTik website for this release, and auto-update attempt from older dude gives error: bad http response from cloud. Help!
 
msatter
Forum Guru
Forum Guru
Posts: 1337
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.39rc [release candidate] is released

Fri Mar 03, 2017 12:07 pm

soonwai - This seems to be an issue which we managed to reproduce locally. If it is the same problem, then it will be fixed in next rc release.
To which posting of Soonwai did you respond because I see the posting about the Variables and the one about PPPoE.

I have the same problem with PPPoE working but no traffic until I torch the connection and I have to keep torching. I am now back on the current release of RouterOS and can't go back to a working (lower) version of RC anymore.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta68 / Winbox 3.20 / MikroTik APP 1.3.7
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
bennyh
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Fri Mar 03, 2017 12:37 pm

Re: v6.39rc [release candidate] is released

Fri Mar 03, 2017 1:02 pm

I have too problem with PPPoE in RC40 with RB3011. When I ping the RB's address from pppoe client, there is no answer.
Torch trick is working, until it running I can ping the RB.
 
msatter
Forum Guru
Forum Guru
Posts: 1337
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.39rc [release candidate] is released

Fri Mar 03, 2017 1:23 pm

I did already downgrade so if you are still om RC40 check if the default route present in menu "IP" "Routes"?

line: DAS 0.0.0.0/0 xxx.xxx.xxx.xxx reachable pppoe-out 1
Last edited by msatter on Fri Mar 03, 2017 2:44 pm, edited 1 time in total.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta68 / Winbox 3.20 / MikroTik APP 1.3.7
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
citko
just joined
Posts: 3
Joined: Mon Jan 16, 2017 11:11 pm
Location: Germany

Re: v6.39rc [release candidate] is released

Fri Mar 03, 2017 1:50 pm

I have a problem with ipsec and xauth. If the xauth user name is longer than 30 characters, in the log you can see "Trimming Xauth user name". The Xauth login fail. If I cut the Xauth name to 30 characters or less, the Xauth login succeed. The original Xauth user name was "Luedenscheid_luedenscheid-aussenstellen".
With RouterOS 6.37.4 there is no problem.

11:15:58 ipsec,info respond new phase 1 (Identity Protection): 111.11.56.87[500]<=>99.231.204.198[500]
11:15:58 ipsec,info ISAKMP-SA established 111.11.56.87[4500]-99.231.204.198[4500] spi:6a36407b8d013957:e691c0e0be04100d
11:15:58 ipsec,error Trimming Xauth user name
11:15:58 ipsec,info No mode-cfg configured
11:15:58 ipsec,info XAuth login failed for user: Luedenscheid_luedenscheid-auss
11:16:02 ipsec,info respond new phase 1 (Identity Protection): 111.11.56.87[500]<=>99.231.204.198[500]
11:16:02 ipsec,info ISAKMP-SA established 111.11.56.87[4500]-99.231.204.198[4500] spi:436a58d94cf6c650:75a152295ad122d1
11:16:02 ipsec,info XAuth login succeeded for user: Luedenscheid_luedenscheid-a
11:21:18 system,info device added by admin
 
msatter
Forum Guru
Forum Guru
Posts: 1337
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.39rc [release candidate] is released

Fri Mar 03, 2017 2:38 pm

I have a problem with ipsec and xauth. If the xauth user name is longer than 30 characters, in the log you can see "Trimming Xauth user name". The Xauth login fail. If I cut the Xauth name to 30 characters or less, the Xauth login succeed. The original Xauth user name was "Luedenscheid_luedenscheid-aussenstellen".
With RouterOS 6.37.4 there is no problem.

11:15:58 ipsec,info respond new phase 1 (Identity Protection): 111.11.56.87[500]<=>99.231.204.198[500]
11:15:58 ipsec,info ISAKMP-SA established 111.11.56.87[4500]-99.231.204.198[4500] spi:6a36407b8d013957:e691c0e0be04100d
11:15:58 ipsec,error Trimming Xauth user name
11:15:58 ipsec,info No mode-cfg configured
11:15:58 ipsec,info XAuth login failed for user: Luedenscheid_luedenscheid-auss
11:16:02 ipsec,info respond new phase 1 (Identity Protection): 111.11.56.87[500]<=>99.231.204.198[500]
11:16:02 ipsec,info ISAKMP-SA established 111.11.56.87[4500]-99.231.204.198[4500] spi:436a58d94cf6c650:75a152295ad122d1
11:16:02 ipsec,info XAuth login succeeded for user: Luedenscheid_luedenscheid-a
11:21:18 system,info device added by admin
Here you can read about the lead up to this "trimming":

viewtopic.php?f=21&t=116354&p=576081&hi ... th#p576081
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta68 / Winbox 3.20 / MikroTik APP 1.3.7
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
citko
just joined
Posts: 3
Joined: Mon Jan 16, 2017 11:11 pm
Location: Germany

Re: v6.39rc [release candidate] is released

Fri Mar 03, 2017 2:54 pm

I have a problem with ipsec and xauth. If the xauth user name is longer than 30 characters, in the log you can see "Trimming Xauth user name". The Xauth login fail. If I cut the Xauth name to 30 characters or less, the Xauth login succeed. The original Xauth user name was "Luedenscheid_luedenscheid-aussenstellen".
With RouterOS 6.37.4 there is no problem.

11:15:58 ipsec,info respond new phase 1 (Identity Protection): 111.11.56.87[500]<=>99.231.204.198[500]
11:15:58 ipsec,info ISAKMP-SA established 111.11.56.87[4500]-99.231.204.198[4500] spi:6a36407b8d013957:e691c0e0be04100d
11:15:58 ipsec,error Trimming Xauth user name
11:15:58 ipsec,info No mode-cfg configured
11:15:58 ipsec,info XAuth login failed for user: Luedenscheid_luedenscheid-auss
11:16:02 ipsec,info respond new phase 1 (Identity Protection): 111.11.56.87[500]<=>99.231.204.198[500]
11:16:02 ipsec,info ISAKMP-SA established 111.11.56.87[4500]-99.231.204.198[4500] spi:436a58d94cf6c650:75a152295ad122d1
11:16:02 ipsec,info XAuth login succeeded for user: Luedenscheid_luedenscheid-a
11:21:18 system,info device added by admin
Here you can read about the lead up to this "trimming":

viewtopic.php?f=21&t=116354&p=576081&hi ... th#p576081
Thanks, but I have the problem with the Xauth user and not with the password!
 
User avatar
blajah
Member Candidate
Member Candidate
Posts: 224
Joined: Fri Jun 12, 2015 8:58 pm
Location: Belgrade, Serbia
Contact:

Re: v6.39rc [release candidate] is released

Fri Mar 03, 2017 3:15 pm

Confirming PPPoE went down on RC40. Cannot test torch trick atm.
I have bigger routing table.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Fri Mar 03, 2017 3:30 pm

Version 6.39rc41 has been released.

Changes since previous version:
!) pppoe - added fastpath support when MRRU and MLPPP are enabled;
*) tr069-client - added basic support for "/ip firewall filters";

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
User avatar
soonwai
Member Candidate
Member Candidate
Posts: 163
Joined: Mon Feb 06, 2012 10:50 pm
Location: Kuala Lumpur

Re: v6.39rc [release candidate] is released

Fri Mar 03, 2017 4:58 pm

Thanks strods, that was quick.

Just tested, 6.39rc41 fixes both the environment vars and pppoe-client problems.
 
User avatar
blajah
Member Candidate
Member Candidate
Posts: 224
Joined: Fri Jun 12, 2015 8:58 pm
Location: Belgrade, Serbia
Contact:

Re: v6.39rc [release candidate] is released

Fri Mar 03, 2017 7:17 pm

Tnx for quick fix. Confirming PPPoE is working as expected.
I have bigger routing table.
 
napismizpravu
Member Candidate
Member Candidate
Posts: 135
Joined: Sat Apr 09, 2011 1:27 pm
Location: czech

Re: v6.39rc [release candidate] is released

Fri Mar 03, 2017 7:37 pm

RB433UAH 6.39rc35 microSD, 2x USB Flash disk, (power 24V 2A)

one USB Flash disk lost (6.38.1. works)

6.39rc40 working
6.39rc41 no working

power off/on no test
 
User avatar
pietroscherer
Trainer
Trainer
Posts: 170
Joined: Thu Mar 05, 2015 3:05 pm
Location: RS, Brazil
Contact:

Re: v6.39rc [release candidate] is released

Fri Mar 03, 2017 9:16 pm

Somebody with performance problems on 6.39RC38? Neither updates it's possible to do :(
I think that netinstall is needed.

https://drive.google.com/file/d/0B1G8TB ... sp=sharing

* I'm using hap lite and system resources are ok. CPU at 2% and RAM at 50%.
Pietro Scherer
http://www.tchesolutions.com.br [ISPs Consulting and Training]
http://www.routermage.com [Backup and Automation System]
:D
 
ulysses
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Fri Sep 25, 2015 1:26 pm

Re: v6.39rc [release candidate] is released

Sat Mar 04, 2017 6:34 pm

I LOVE the new script property of DHCP client. But something very basic seems to be missing - in my case the DHCP server is _not_ the gateway. However I don't see the gateway-address or like variable available. Any chance this can be added soon?
as a workaround:
:put [ /ip dhcp-server network get [ find $leaseActIP in address ] gateway ];
Thanks! Can't yet try it; is the dhcp-server already configured by the time the script runs?
 
ulysses
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Fri Sep 25, 2015 1:26 pm

Re: v6.39rc [release candidate] is released

Sun Mar 05, 2017 11:41 am

:put [ /ip dhcp-server network get [ find $leaseActIP in address ] gateway ];
Thanks for the hint, Chupaka, used it to make the code that actually works for the usecase.
:local gatewayAddress [/ip dhcp-client get [find dhcp-server=$"server-address"] gateway]

@Mikrotik team
Paste is not working in the terminal window.
macOs , Chrome Version 56.0.2924.87 (64-bit)
 
expert
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Sun Dec 04, 2016 1:22 pm

Re: v6.39rc [release candidate] is released

Sun Mar 05, 2017 3:35 pm

Is the RSTP problem fixed? viewtopic.php?t=118320&f=13#p585480
 
User avatar
soonwai
Member Candidate
Member Candidate
Posts: 163
Joined: Mon Feb 06, 2012 10:50 pm
Location: Kuala Lumpur

Re: v6.39rc [release candidate] is released

Sun Mar 05, 2017 6:05 pm

RB2011UAS-2HnD-IN ROS v6.39rc41

Can't copy & paste in WebFig Terminal. Tested on Mac OS X 10.8.4, Chrome 49.0.2623.112 (64-bit) & Firefox 48.0.2.

Unable to login to WebFig using Safari on iPad 1 iOS 5.1.1. ERROR: Internal Server Error after clicking Login.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8320
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.39rc [release candidate] is released

Sun Mar 05, 2017 11:18 pm

:put [ /ip dhcp-server network get [ find $leaseActIP in address ] gateway ];
Thanks for the hint, Chupaka, used it to make the code that actually works for the usecase.
:local gatewayAddress [/ip dhcp-client get [find dhcp-server=$"server-address"] gateway]
Huh, my bad, I was thinking about dhcp-server when I was writing the answer. Glad you still found it useful :)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
citko
just joined
Posts: 3
Joined: Mon Jan 16, 2017 11:11 pm
Location: Germany

Re: v6.39rc [release candidate] is released

Mon Mar 06, 2017 11:14 am

In RouterOS 6.39rc41 we have still the problem with ipsec and xauth. If the xauth user name is longer than 30 characters, in the log you can see "Trimming Xauth user name". The Xauth login fail. If I cut the Xauth name to 30 characters or less, the Xauth login succeed. The original Xauth user name was "Luedenscheid_luedenscheid-aussenstellen".
With RouterOS 6.37.4 and before there is no problem.

11:15:58 ipsec,info respond new phase 1 (Identity Protection): 111.11.56.87[500]<=>99.231.204.198[500]
11:15:58 ipsec,info ISAKMP-SA established 111.11.56.87[4500]-99.231.204.198[4500] spi:6a36407b8d013957:e691c0e0be04100d
11:15:58 ipsec,error Trimming Xauth user name
11:15:58 ipsec,info No mode-cfg configured
11:15:58 ipsec,info XAuth login failed for user: Luedenscheid_luedenscheid-auss
11:16:02 ipsec,info respond new phase 1 (Identity Protection): 111.11.56.87[500]<=>99.231.204.198[500]
11:16:02 ipsec,info ISAKMP-SA established 111.11.56.87[4500]-99.231.204.198[4500] spi:436a58d94cf6c650:75a152295ad122d1
11:16:02 ipsec,info XAuth login succeeded for user: Luedenscheid_luedenscheid-a
11:21:18 system,info device added by admin
 
nescafe2002
Long time Member
Long time Member
Posts: 637
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v6.39rc [release candidate] is released

Mon Mar 06, 2017 11:19 am

"If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash."

Please report your issue to support, no need to repost here every N days. Support usually responds within a few business days.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Tue Mar 07, 2017 2:02 pm

Version 6.39rc45 has been released.

Changes since previous version:
!) firewall - discontinued support for p2p matcher (old rules will become invalid);
*) hotspot - fixed redirect to URL where escape characters are used (requires newly generated HTML files);
*) l2tp-client - fixed IPSec policy generation after reboot;
*) l2tp-client - require working IPSec encryption if "use-ipsec=yes";
*) l2tp-server - added "use-ipsec=required" option;
*) lcd - show fan2 speed only if it is available;
*) tr069-client - added basic support for "/ip firewall filters";
*) tr069-client - fixed "AddObjectResponse" “InstanceNumber†value;
*) tr069-client - set CHR license ID as ".SerialNumber" value to avoid "no serial number" error in ACS;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
athurdent
just joined
Posts: 24
Joined: Fri Sep 09, 2016 7:02 pm

Re: v6.39rc [release candidate] is released

Tue Mar 07, 2017 2:15 pm

Any news on the DFS issues? Haven't heard back from my ticket either...
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1720
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6.39rc [release candidate] is released

Tue Mar 07, 2017 2:22 pm

!) firewall - discontinued support for p2p matcher (old rules will become invalid);
What is the reason to drop it ?
Real admins use real keyboards.
 
raffav
Member Candidate
Member Candidate
Posts: 291
Joined: Wed Oct 24, 2012 4:40 am

Re: RE: Re: v6.39rc [release candidate] is released

Tue Mar 07, 2017 2:25 pm

!) firewall - discontinued support for p2p matcher (old rules will become invalid);
What is the reason to drop it ?
I think that is because it not so much efficient in this days any more

Enviado de meu XT1580 usando Tapatalk
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24323
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Tue Mar 07, 2017 2:28 pm

Three reasons:

1. None of the protocols in the p2p filter are used today. Limeware? Kazaa? Really ... ?
2. This matcher also caught non-p2p traffic and interrupted normal communcations
3. You can duplicate the functionality with l7 filters. In fact, p2p filter is the same as L7 filter, but L7 has more customisation
No answer to your question? How to write posts
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1720
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6.39rc [release candidate] is released

Tue Mar 07, 2017 4:31 pm

Thank you for explanation.
Real admins use real keyboards.
 
aboiles
newbie
Posts: 47
Joined: Sat Nov 07, 2015 6:52 pm

Re: v6.39rc [release candidate] is released

Tue Mar 07, 2017 6:27 pm

CHR v6.39rc45 update error, the interfaces are missing.
console error- info failed: std failure: timeout (13)
system reboots at 16% when trying to run supout.

restored from backup (6.39rc41) and retried the package update, same results.
 
rzirzi
Member
Member
Posts: 381
Joined: Mon Oct 09, 2006 2:33 pm

Re: v6.39rc [release candidate] is released

Tue Mar 07, 2017 7:40 pm

CHR v6.39rc45 update error, the interfaces are missing.
console error- info failed: std failure: timeout (13)
system reboots at 16% when trying to run supout.

restored from backup (6.39rc41) and retried the package update, same results.
RB493G - THE SAME - BRICKED! after update to 6.39rc45.
Its...... loading and ...reboots ... loading and ...reboots ... loading and ...reboots ... loading and ...reboots
Only Netinstall to 6.38.3 - helped.
So - version 6.39rc45 have a BIG BUG!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.39rc [release candidate] is released

Tue Mar 07, 2017 9:37 pm

Three reasons:

1. None of the protocols in the p2p filter are used today. Limeware? Kazaa? Really ... ?
2. This matcher also caught non-p2p traffic and interrupted normal communcations
3. You can duplicate the functionality with l7 filters. In fact, p2p filter is the same as L7 filter, but L7 has more customisation
;)

4. Most of the actual P2P protocol use https / ssl / tls = no readable packets
5. MikroTik staff do not waste time to identifyng all p2p protocol, but is better to think about 17GHz, 24GHz, 60GHz, 802.11ad, MU-MIMO 5GHz (802.11ac Wave 2), powerline (homeplug) etc. ;)
I'm Italian, not English. Sorry for my imperfect grammar.
 
poizzon
Member Candidate
Member Candidate
Posts: 113
Joined: Fri Jun 21, 2013 12:53 pm

Re: v6.39rc [release candidate] is released

Tue Mar 07, 2017 11:41 pm

v6.39rc45

CCR1009-8G-S-S+ - Bricked
951G-2HnD - Working



CHR v6.39rc45 update error, the interfaces are missing.
console error- info failed: std failure: timeout (13)
system reboots at 16% when trying to run supout.

restored from backup (6.39rc41) and retried the package update, same results.
RB493G - THE SAME - BRICKED! after update to 6.39rc45.
Its...... loading and ...reboots ... loading and ...reboots ... loading and ...reboots ... loading and ...reboots
Only Netinstall to 6.38.3 - helped.
So - version 6.39rc45 have a BIG BUG!
--
poi
 
soomanyquestions
newbie
Posts: 34
Joined: Sat Aug 20, 2016 6:35 pm

Re: v6.39rc [release candidate] is released

Wed Mar 08, 2017 8:00 am

Rb2011 and hap ac bricked also
 
gargola
newbie
Posts: 35
Joined: Tue Nov 20, 2012 12:05 am

Re: v6.39rc [release candidate] is released

Wed Mar 08, 2017 9:43 am

RB1100aHX2 BRICKED, man, this is a RC, not an alpha, can't even think how this happend.

Trying to downgrade to earlier version, unfortunately at this time i'm 250 miles away from the RB, so only can connect through layer2 (MAC) and i'm lossing the connection every X seconds and I can't upload de 11MB system file.
 
Sob
Forum Guru
Forum Guru
Posts: 4884
Joined: Mon Apr 20, 2009 9:11 pm

Re: v6.39rc [release candidate] is released

Wed Mar 08, 2017 11:12 am

The trouble is, MikroTik's naming is not exactly what many people expect. Personally I'd call their "RC" beta if I'd like to be nice, or alpha if I want to be safe.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
td32
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri Nov 18, 2016 5:55 am

Re: v6.39rc [release candidate] is released

Wed Mar 08, 2017 11:41 am

RB1100aHX2 BRICKED, man, this is a RC, not an alpha, can't even think how this happend.

Trying to downgrade to earlier version, unfortunately at this time i'm 250 miles away from the RB, so only can connect through layer2 (MAC) and i'm lossing the connection every X seconds and I can't upload de 11MB system file.
you are searching for troubles messing with RC while being 250 miles away...
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1720
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6.39rc [release candidate] is released

Wed Mar 08, 2017 12:46 pm

RB411, RB2011, RB962 - upgraded to RC45.
Real admins use real keyboards.
 
raffav
Member Candidate
Member Candidate
Posts: 291
Joined: Wed Oct 24, 2012 4:40 am

Re: v6.39rc [release candidate] is released

Wed Mar 08, 2017 1:02 pm

I have 433,433ah, Chr, crs125, base no 2, upgrade to. 45 ok.
But I get 450g that I lost access after updating,
I think is some configuration, that cause the crash and not related to hardware


Enviado de meu XT1580 usando Tapatalk
 
raffav
Member Candidate
Member Candidate
Posts: 291
Joined: Wed Oct 24, 2012 4:40 am

Re: RE: Re: v6.39rc [release candidate] is released

Wed Mar 08, 2017 1:06 pm

I have 433,433ah, Chr, crs125, base no 2, upgrade to. 45 ok.
But I get 450g that I lost access after updating,
I think is some configuration, that cause the crash and not related to hardware


Enviado de meu XT1580 usando Tapatalk
Just checked, I got a 450g updated normal to 45,so this crash is very specific.

Enviado de meu XT1580 usando Tapatalk
 
User avatar
soonwai
Member Candidate
Member Candidate
Posts: 163
Joined: Mon Feb 06, 2012 10:50 pm
Location: Kuala Lumpur

Re: RE: Re: v6.39rc [release candidate] is released

Wed Mar 08, 2017 1:46 pm

I have 433,433ah, Chr, crs125, base no 2, upgrade to. 45 ok.
But I get 450g that I lost access after updating,
I think is some configuration, that cause the crash and not related to hardware


Enviado de meu XT1580 usando Tapatalk
Just checked, I got a 450g updated normal to 45,so this crash is very specific.

Enviado de meu XT1580 usando Tapatalk
By any chance, did you have PCQ simple queues on the affected 450G?
 
raffav
Member Candidate
Member Candidate
Posts: 291
Joined: Wed Oct 24, 2012 4:40 am

Re: RE: Re: RE: Re: v6.39rc [release candidate] is released

Wed Mar 08, 2017 1:48 pm

I have 433,433ah, Chr, crs125, base no 2, upgrade to. 45 ok.
But I get 450g that I lost access after updating,
I think is some configuration, that cause the crash and not related to hardware


Enviado de meu XT1580 usando Tapatalk
Just checked, I got a 450g updated normal to 45,so this crash is very specific.

Enviado de meu XT1580 usando Tapatalk
By any chance, did you have PCQ simple queues on the affected 450G?
No,
I only use simple queue, default settings

One different from both 450
is that on crashed one I have ipv6 packages disabled, and working one it is enabled


Enviado de meu XT1580 usando Tapatalk
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Wed Mar 08, 2017 2:28 pm

Seems that we have managed to reproduce this crash which was introduced in last rc release. We will try to fix it as soon as possible and release new version with fix included.
 
raffav
Member Candidate
Member Candidate
Posts: 291
Joined: Wed Oct 24, 2012 4:40 am

Re: RE: Re: v6.39rc [release candidate] is released

Wed Mar 08, 2017 2:40 pm

Seems that we have managed to reproduce this crash which was introduced in last rc release. We will try to fix it as soon as possible and release new version with fix included.
Can you tell what is causing?


Enviado de meu XT1580 usando Tapatalk
 
gargola
newbie
Posts: 35
Joined: Tue Nov 20, 2012 12:05 am

Re: v6.39rc [release candidate] is released

Wed Mar 08, 2017 7:54 pm

The trouble is, MikroTik's naming is not exactly what many people expect. Personally I'd call their "RC" beta if I'd like to be nice, or alpha if I want to be safe.
Yeap, I'll prefer to name them like that.

RB1100aHX2 BRICKED, man, this is a RC, not an alpha, can't even think how this happend.

Trying to downgrade to earlier version, unfortunately at this time i'm 250 miles away from the RB, so only can connect through layer2 (MAC) and i'm lossing the connection every X seconds and I can't upload de 11MB system file.
you are searching for troubles messing with RC while being 250 miles away...
Lesson learned with Mikrotik.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1720
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6.39rc [release candidate] is released

Wed Mar 08, 2017 8:51 pm

"Lesson learned ...."
There are three branches: bugfix, current and RC (read it as beta/alpha/test version)
It should be obvious that production system should not go further than "current" despite the name of device manufacturer.
Real admins use real keyboards.
 
gargola
newbie
Posts: 35
Joined: Tue Nov 20, 2012 12:05 am

Re: v6.39rc [release candidate] is released

Wed Mar 08, 2017 8:58 pm

"Lesson lerned ...."
There are three branches: bugfix, current and RC (read it as beta/alpha/test version)
It should be obvious that production system should not go further than "current" despite the name of device manufacturer.
I was having issues with the DHCP offered lease without success, that is why I took the risk.

Fortunately, I just recovered the router with remote hands support. Connected directly I was able to upload the system file through the MAC address winbox connection, just downgrade and we are back in business.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Thu Mar 09, 2017 3:44 pm

Version 6.39rc49 has been released.

Changes since previous version:
!) www - fixed http server vulnerability;
*) capsman - improved CAP status querying;
*) defconf - fixed default configuration generation when wireless package is disabled;
*) ike2 - check child state before allowing rekey;
*) ike2 - send EAP identity as user-name RADIUS attribute;
*) lte - added LTE signal level reading for Cinterion modems;
*) queue - fixed reboot loop when queues were used (introduced in 6.39rc42);
*) rb3011 - added partitioning support;
*) tr069-client - added "Device.Hosts.Host.{i}." support;
*) userman - fixed rare crash when User Manager requested file does not exist on router;
*) wireless - fixed RBSXT5HacD2nr2 small channel support;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.39rc [release candidate] is released

Thu Mar 09, 2017 3:48 pm

!) www - fixed http server vulnerability;

please add more details!!!

version affected?

what type of vulnerability?

thanks.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24323
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Thu Mar 09, 2017 3:49 pm

!) www - fixed http server vulnerability;

please add more details!!!

version affected?

what type of vulnerability?

thanks.
Good morning! :)
viewtopic.php?f=21&t=119308
No answer to your question? How to write posts
 
roneyeduardo
just joined
Posts: 10
Joined: Tue Sep 12, 2006 12:36 am

Re: v6.39rc [release candidate] is released

Thu Mar 09, 2017 11:19 pm

!) pppoe - added fastpath support when MRRU and MLPPP are enabled;
Is it about the pppoe-server or just the client?

Thanks.
 
andriys
Forum Guru
Forum Guru
Posts: 1192
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.39rc [release candidate] is released

Thu Mar 09, 2017 11:48 pm

Is it about the pppoe-server or just the client?
I guess this is client only.
I don't remember fastpath support for PPPoE server ever being promised.
 
mducharme
Trainer
Trainer
Posts: 877
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.39rc [release candidate] is released

Fri Mar 10, 2017 4:04 am

A friendly bump on my request to have the IPv6 package enabled by default in the main RouterOS package. :)

We want to get purchasing and rolling out hundreds of MikroTik TR-069 routers to our customers but are holding off until we are able to do this.
 
MartijnVdS
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Wed Aug 13, 2014 9:36 am

Re: v6.39rc [release candidate] is released

Fri Mar 10, 2017 7:46 am

A friendly bump on my request to have the IPv6 package enabled by default in the main RouterOS package. :)

We want to get purchasing and rolling out hundreds of MikroTik TR-069 routers to our customers but are holding off until we are able to do this.
Try contacting support by email. They may know of a way to do this, or get you a custom package (especially if you're buying hundreds of CPEs).
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2949
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.39rc [release candidate] is released

Fri Mar 10, 2017 10:48 am

!) www - fixed http server vulnerability;

please add more details!!!

version affected?

what type of vulnerability?

thanks.
Good morning! :)
viewtopic.php?f=21&t=119308
I think too much to MUM :shock:
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24323
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Fri Mar 10, 2017 10:49 am

A friendly bump on my request to have the IPv6 package enabled by default in the main RouterOS package. :)

We want to get purchasing and rolling out hundreds of MikroTik TR-069 routers to our customers but are holding off until we are able to do this.
We also need a proper set of firewall rules, simply enabling ipv6 is not enough
No answer to your question? How to write posts
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Fri Mar 10, 2017 3:22 pm

Version 6.39rc51 has been released.

Changes since previous version:
!) tile - fixed IPsec hardware acceleration out-of-order packet problem, significantly improved performance;
*) tr069-client - fixed write for "Device.ManagementServer.URL";

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
onnoossendrijver
Member
Member
Posts: 418
Joined: Mon Jul 14, 2008 11:10 am
Location: The Netherlands

Re: v6.39rc [release candidate] is released

Fri Mar 10, 2017 6:26 pm

Version 6.39rc51 has been released.
!) tile - fixed IPsec hardware acceleration out-of-order packet problem, significantly improved performance;
Can you tell more about this?
Does this also improve IPsec on other multicore platforms like RB750GR3?
Linux/network engineer: ITIL, LPI1, CCNA R+S, CCNP R+S, JNCIA, JNCIS-SEC
 
alexjhart
Member Candidate
Member Candidate
Posts: 192
Joined: Thu Jan 20, 2011 8:03 pm

Re: v6.39rc [release candidate] is released

Fri Mar 10, 2017 6:31 pm

Version 6.39rc51 has been released.
!) tile - fixed IPsec hardware acceleration out-of-order packet problem, significantly improved performance;
Can you tell more about this?
Does this also improve IPsec on other multicore platforms like RB750GR3?
This is specifically for the CCR series (both problem and solution). More information here: viewtopic.php?f=1&t=112545
-----
Alex Hart

The Brothers WISP
 
strn
just joined
Posts: 10
Joined: Tue Jan 17, 2017 11:19 pm

Re: v6.39rc [release candidate] is released

Fri Mar 10, 2017 8:40 pm

Version 6.39rc51 has been released.

Changes since previous version:
!) tile - fixed IPsec hardware acceleration out-of-order packet problem, significantly improved performance;
*) tr069-client - fixed write for "Device.ManagementServer.URL";

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
Did anyone else experienced the issue that the complete NAT configuration was gone after rebooting into rc51?

I had to manually rebuild the whole NAT cfg :/


Gesendet von iPad mit Tapatalk
 
msatter
Forum Guru
Forum Guru
Posts: 1337
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.39rc [release candidate] is released

Sat Mar 11, 2017 12:11 am

Version 6.39rc51 has been released.

Changes since previous version:
!) tile - fixed IPsec hardware acceleration out-of-order packet problem, significantly improved performance;
*) tr069-client - fixed write for "Device.ManagementServer.URL";

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
Did anyone else experienced the issue that the complete NAT configuration was gone after rebooting into rc51?

I had to manually rebuild the whole NAT cfg :/
No problem over here with the NAT or any other rules.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta68 / Winbox 3.20 / MikroTik APP 1.3.7
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
Beone
Member Candidate
Member Candidate
Posts: 243
Joined: Fri Feb 11, 2011 1:11 pm

Re: v6.39rc [release candidate] is released

Sun Mar 12, 2017 11:46 am

CAPSMAN controller: CCR1009
Wifi CAPS: WAP AC + HAP AC

v6.36.4:
working fine, reference speed wireless: 250-260Mbit/s

v6.38.x :
- massive wireless issues with capsman (continous disconnects, slow speeds)
- RSTP causing forwarding issues (traffic not forwarding, DHCP not getting through)

v6.39rcXX-51:
- Wireless speed issue: speed only half (~ 140Mbit/s; half speed compared to v6.36.4; downgrading back to 6.36.4 results in higher speed)
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: v6.39rc [release candidate] is released

Mon Mar 13, 2017 11:15 am

is any chance for fix for recent linux breach ?
eg this one:
https://security-tracker.debian.org/tra ... -2017-2636
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1723
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.39rc [release candidate] is released

Mon Mar 13, 2017 11:22 am

is any chance for fix for recent linux breach ?
eg this one:
https://security-tracker.debian.org/tra ... -2017-2636
... in the Linux kernel through 4.10.1... 
RouterOS v6 uses v3.3.6 and don't have hdlc ...you are safe.
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
biatche
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Oct 13, 2015 6:50 am

Re: v6.39rc [release candidate] is released

Mon Mar 13, 2017 1:05 pm

6.38.x severe issues.

setup: gw = rb750gr3 <-> sw = crs125 <-> LAN & ap = wap ac / hap ac

Things have been operational in 6.37.1 750g3,crs125 and 1x wap ac. I have 3 vlans, 1 for management, 2 for lan. I bought another few wap ac and hap ac to add to the network.

First, I upgraded from 6.37.1 to 6.38.5. (some weird stuff happened upgrading CRS125.. more on this in another thread post later that led me to believe that the CRS had become faulty). Anwyay, found that the CRS lost connectivity to the hex although I wasn't yet aware it was a version issue. Hex couldn't mac ping CRS. It was intermittent, after several configuration resets on the CRS, I could get the hex to ping/mac ping the CRS. Thought I had stablized it after that. After solving that, I went on to plug in and out devices. Plugged in the HAP AC to the CRS resulted in the CRS losing connectivity to the hex. SPENT 8 HOURS straight thinking its my configuration issue since its a production environment. Finally, for some reason, I realized it could be a version issue and so I went on to downgrade all the mikrotik devices to the old working version -- 6.37.1. Voila, things seem to be stable again. Also, related or not, while i was on 6.38.5, HAP AC had difficult time (intermittent) picking up a dhcp client ip from the hex.. whether or not its due to the CRS being in between. After downgrading, it picked up the dhcp client ip pretty much immediately. WAP AC was fine though, had always picked up a dhcp address without any issues. So of course it also misled me from thinking theres a version issue.

Alright, I'm very furious. So much wasted time and no profit. What's going on here? is 6.37.x = stable ; 6.38 = beta while 6.39 = alpha? Does Mikrotik warrant their users for such trouble? ALSO Lost a lot of credibility by my client here. I still look forward to IKEv2 so staying on 6.37 is really no solution.

Edit: Do move this post to the 6.38.5 thread, my mistake for posting here.
Last edited by biatche on Mon Mar 13, 2017 1:53 pm, edited 4 times in total.
 
biatche
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Oct 13, 2015 6:50 am

Re: v6.39rc [release candidate] is released

Mon Mar 13, 2017 1:11 pm

CAPSMAN controller: CCR1009
Wifi CAPS: WAP AC + HAP AC

v6.36.4:
working fine, reference speed wireless: 250-260Mbit/s

v6.38.x :
- massive wireless issues with capsman (continous disconnects, slow speeds)
- RSTP causing forwarding issues (traffic not forwarding, DHCP not getting through)

v6.39rcXX-51:
- Wireless speed issue: speed only half (~ 140Mbit/s; half speed compared to v6.36.4; downgrading back to 6.36.4 results in higher speed)
I think the issues you mentioned may be related to what I mentioned in #260. Infuriating.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5977
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39rc [release candidate] is released

Mon Mar 13, 2017 2:28 pm

Are you sure this is not the issue related to (changes in) spanning tree?
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: v6.39rc [release candidate] is released

Mon Mar 13, 2017 3:43 pm

is any chance for fix for recent linux breach ?
eg this one:
https://security-tracker.debian.org/tra ... -2017-2636
... in the Linux kernel through 4.10.1... 
RouterOS v6 uses v3.3.6 and don't have hdlc ...you are safe.
well, since "3.2 and above(up to 4.11?)" listed as "vulnerable" unless "particular security fix" delivered - it IS VULNERABLE, i guess.

how do you Know(!) that ROS lack "drivers/tty/n_hdlc" in it ?
do you had ROS source-code access ?
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1723
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.39rc [release candidate] is released

Mon Mar 13, 2017 3:57 pm

well, since "3.2 and above(up to 4.11?)" listed as "vulnerable" unless "particular security fix" delivered - it IS VULNERABLE, i guess.

how do you Know(!) that ROS lack "drivers/tty/n_hdlc" in it ?
do you had ROS source-code access ?
have you seen HDLC protocol frames anywhere in RouterOS? I haven't...

Just lets take random piece of code from linux and then just assume that it is used in RouterOS and assume that it has the same vulnerability...
This is ridiculous.
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
JanezFord
Member Candidate
Member Candidate
Posts: 264
Joined: Wed May 23, 2012 10:58 am

Re: v6.39rc [release candidate] is released

Mon Mar 13, 2017 5:40 pm

6.38.x severe issues.

Alright, I'm very furious. So much wasted time and no profit. What's going on here? is 6.37.x = stable ; 6.38 = beta while 6.39 = alpha? Does Mikrotik warrant their users for such trouble? ALSO Lost a lot of credibility by my client here. I still look forward to IKEv2 so staying on 6.37 is really no solution.
I have had issues like you on several of the networks I manage and learned the hard way to disable rstp on every mikrotik bridge in the network if using 6.38.x or later version ... guess something is severely broken in bridge rstp. It just doesn't work as expected and makes other devices disappear from network. You will find many posts regarding this issue on the forum. It is not a solution, because rstp is there for a reason but only a workaround if you really need IKEv2.

JF.
 
biatche
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Oct 13, 2015 6:50 am

Re: v6.39rc [release candidate] is released

Mon Mar 13, 2017 6:03 pm

6.38.x severe issues.

Alright, I'm very furious. So much wasted time and no profit. What's going on here? is 6.37.x = stable ; 6.38 = beta while 6.39 = alpha? Does Mikrotik warrant their users for such trouble? ALSO Lost a lot of credibility by my client here. I still look forward to IKEv2 so staying on 6.37 is really no solution.
I have had issues like you on several of the networks I manage and learned the hard way to disable rstp on every mikrotik bridge in the network if using 6.38.x or later version ... guess something is severely broken in bridge rstp. It just doesn't work as expected and makes other devices disappear from network. You will find many posts regarding this issue on the forum. It is not a solution, because rstp is there for a reason but only a workaround if you really need IKEv2.

JF.
I do not follow how this can be let to happen in a "current" version. My setup is fairly simple and I'm no veteran. I had always had the impression that Mikrotik devices are utilized in corporate environments, schools, banks, etc. and this issue caused major outages. Worst of all I was oblivious to it, not realizing it could be a version issue due to a certain sequence of events. If it had been a simple "I upgraded, and issue started appearing" then I would have suspected its a version issue.

Anyway, as mentioned in post #260, I would like to share what made me think the CRS went faulty.

Initially, the setup was 1x Hex, 1x CRS, 1x WAP AC. Everything was working. I had decided to upgrade to the latest version before deploying more WAP AC and HAP AC. I had upgraded the Hex & WAP AC and they worked. From winbox on the HEx router, I used mac telnet to access the CRS. I tried to initiate the upgrade on the CRS by doing /system package update download which I did on WAP AC and it says "downloading now or something".. but this time it complained being unable to connect and then /system package update install which also complained the same thing. It was only then I realized I had forgotten to set the DNS on the switch. Here's the thing, RIGHT AFTER doing a /ip dns set address=8.8.8.8, i lost connectivity to the switch. WAP AC and clients connected to the switch were still pingable however. It was only a bit later I realized by "neighbors" that the version had been upgraded to 6.38.5. HEre's where I thought I did a bad flash. After resetting the device configuration several times, the device was pingable which also led me to believe that it had a borked flash. The point is: Why the heck did the upgrade happen when it complained that it can't locate the download server which is understoodable because there was no DNS set. Why did upgrade happen on its own after setting DNS? I even thought that bad flash happened because I keyed in the command twice (in similarity)
 
hedele
Member
Member
Posts: 338
Joined: Tue Feb 24, 2009 11:23 pm

Re: v6.39rc [release candidate] is released

Mon Mar 13, 2017 10:05 pm

I do not follow how this can be let to happen in a "current" version. My setup is fairly simple and I'm no veteran. I had always had the impression that Mikrotik devices are utilized in corporate environments, schools, banks, etc. and this issue caused major outages.
Well here's the thing. I'm guessing 90% of those corporate, school, bank, whatever networks are definitely _not_ running "current" or "rc" code. In fact, I believe most of them aren't even running "bugfix" code, but even more well-proven, older releases (even if Mikrotiks standard response to literally every single problem report ever is "try current version to see if it is fixed"). I know of several decently-sized ISP networks even that still run on ROS 5.x for that reason.

Once you learn that indeed "bugfix" is the absolute border of what you will want to run in any more-than-lab-sized production network without previous testing, it's really not too bad. I am running 6.37.5 without any trouble at all on a bunch of different (CHR, x86, mmips, mipsbe, tile) devices and generally never had trouble sticking to the "bugfix" tree. If you really really need a new feature or fix in a current or rc version, give that one a thorough lab test followed by a limited production rollout and another testing period before actually rolling it out everywhere. If you don't want or can't follow that procedure, you're better off waiting for the particular fix or feature to soak down into "bugfix" releases.

It's not an issue that's isolated to Mikrotik either. I dare you to go grab the most recent ED IOS versions that Cisco gives away for their kit and carelessly throw it onto your devices. I'm pretty sure _something_ will probably go wrong, somewhere - which is why you'd want to choose a MD branch that's had a couple rebuilds already. Which is what "bugfix" is, more or less.
Last edited by hedele on Mon Mar 13, 2017 11:03 pm, edited 1 time in total.
 
patrick7
Member Candidate
Member Candidate
Posts: 298
Joined: Sat Jul 20, 2013 2:40 pm

Re: v6.39rc [release candidate] is released

Mon Mar 13, 2017 10:46 pm

I hope banks etc run Cisco, Juniper, or something like this.
 
mducharme
Trainer
Trainer
Posts: 877
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.39rc [release candidate] is released

Tue Mar 14, 2017 2:39 am

6.38.x severe issues.

Alright, I'm very furious. So much wasted time and no profit. What's going on here? is 6.37.x = stable ; 6.38 = beta while 6.39 = alpha? Does Mikrotik warrant their users for such trouble? ALSO Lost a lot of credibility by my client here. I still look forward to IKEv2 so staying on 6.37 is really no solution.
I have had issues like you on several of the networks I manage and learned the hard way to disable rstp on every mikrotik bridge in the network if using 6.38.x or later version ... guess something is severely broken in bridge rstp. It just doesn't work as expected and makes other devices disappear from network. You will find many posts regarding this issue on the forum. It is not a solution, because rstp is there for a reason but only a workaround if you really need IKEv2.

JF.
I do not follow how this can be let to happen in a "current" version. My setup is fairly simple and I'm no veteran. I had always had the impression that Mikrotik devices are utilized in corporate environments, schools, banks, etc. and this issue caused major outages. Worst of all I was oblivious to it, not realizing it could be a version issue due to a certain sequence of events. If it had been a simple "I upgraded, and issue started appearing" then I would have suspected its a version issue.

Anyway, as mentioned in post #260, I would like to share what made me think the CRS went faulty.

Initially, the setup was 1x Hex, 1x CRS, 1x WAP AC. Everything was working. I had decided to upgrade to the latest version before deploying more WAP AC and HAP AC. I had upgraded the Hex & WAP AC and they worked. From winbox on the HEx router, I used mac telnet to access the CRS. I tried to initiate the upgrade on the CRS by doing /system package update download which I did on WAP AC and it says "downloading now or something".. but this time it complained being unable to connect and then /system package update install which also complained the same thing. It was only then I realized I had forgotten to set the DNS on the switch. Here's the thing, RIGHT AFTER doing a /ip dns set address=8.8.8.8, i lost connectivity to the switch. WAP AC and clients connected to the switch were still pingable however. It was only a bit later I realized by "neighbors" that the version had been upgraded to 6.38.5. HEre's where I thought I did a bad flash. After resetting the device configuration several times, the device was pingable which also led me to believe that it had a borked flash. The point is: Why the heck did the upgrade happen when it complained that it can't locate the download server which is understoodable because there was no DNS set. Why did upgrade happen on its own after setting DNS? I even thought that bad flash happened because I keyed in the command twice (in similarity)
Did you read the changelog before upgrading? The big warning they have? The issues you are having really sound like they are related to that change:
What's new in 6.38 (2016-Dec-30 11:33):

Important note!!!
RouterOS v6.38 contains STP/RSTP changes which makes bridges compatible with IEEE 802.1Q-2014 by sending and processing BPDU packets without VLAN tag.
To avoid STP/RSTP compatibility issues with older RouterOS versions, upgrade RouterOS to v6.38 on all routers in Layer2 networks with VLAN and STP/RSTP configurations.
The recommended procedure is to start by upgrading the remotest routers and gradually do it to the Root Bridge device.
If after upgrade you experience loss of connectivity, then disabling STP/RSTP on RouterOS bridge interface will restore connectivity so you can complete upgrade process on your network.
In other words, you needed to upgrade the spoke device first (probably the WAP), followed by the CRS and then the Hex, or disable STP first.
 
biatche
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Oct 13, 2015 6:50 am

Re: v6.39rc [release candidate] is released

Tue Mar 14, 2017 2:59 am

6.38.x severe issues.

Alright, I'm very furious. So much wasted time and no profit. What's going on here? is 6.37.x = stable ; 6.38 = beta while 6.39 = alpha? Does Mikrotik warrant their users for such trouble? ALSO Lost a lot of credibility by my client here. I still look forward to IKEv2 so staying on 6.37 is really no solution.
I have had issues like you on several of the networks I manage and learned the hard way to disable rstp on every mikrotik bridge in the network if using 6.38.x or later version ... guess something is severely broken in bridge rstp. It just doesn't work as expected and makes other devices disappear from network. You will find many posts regarding this issue on the forum. It is not a solution, because rstp is there for a reason but only a workaround if you really need IKEv2.

JF.
I do not follow how this can be let to happen in a "current" version. My setup is fairly simple and I'm no veteran. I had always had the impression that Mikrotik devices are utilized in corporate environments, schools, banks, etc. and this issue caused major outages. Worst of all I was oblivious to it, not realizing it could be a version issue due to a certain sequence of events. If it had been a simple "I upgraded, and issue started appearing" then I would have suspected its a version issue.

Anyway, as mentioned in post #260, I would like to share what made me think the CRS went faulty.

Initially, the setup was 1x Hex, 1x CRS, 1x WAP AC. Everything was working. I had decided to upgrade to the latest version before deploying more WAP AC and HAP AC. I had upgraded the Hex & WAP AC and they worked. From winbox on the HEx router, I used mac telnet to access the CRS. I tried to initiate the upgrade on the CRS by doing /system package update download which I did on WAP AC and it says "downloading now or something".. but this time it complained being unable to connect and then /system package update install which also complained the same thing. It was only then I realized I had forgotten to set the DNS on the switch. Here's the thing, RIGHT AFTER doing a /ip dns set address=8.8.8.8, i lost connectivity to the switch. WAP AC and clients connected to the switch were still pingable however. It was only a bit later I realized by "neighbors" that the version had been upgraded to 6.38.5. HEre's where I thought I did a bad flash. After resetting the device configuration several times, the device was pingable which also led me to believe that it had a borked flash. The point is: Why the heck did the upgrade happen when it complained that it can't locate the download server which is understoodable because there was no DNS set. Why did upgrade happen on its own after setting DNS? I even thought that bad flash happened because I keyed in the command twice (in similarity)
Did you read the changelog before upgrading? The big warning they have? The issues you are having really sound like they are related to that change:
What's new in 6.38 (2016-Dec-30 11:33):

Important note!!!
RouterOS v6.38 contains STP/RSTP changes which makes bridges compatible with IEEE 802.1Q-2014 by sending and processing BPDU packets without VLAN tag.
To avoid STP/RSTP compatibility issues with older RouterOS versions, upgrade RouterOS to v6.38 on all routers in Layer2 networks with VLAN and STP/RSTP configurations.
The recommended procedure is to start by upgrading the remotest routers and gradually do it to the Root Bridge device.
If after upgrade you experience loss of connectivity, then disabling STP/RSTP on RouterOS bridge interface will restore connectivity so you can complete upgrade process on your network.
In other words, you needed to upgrade the spoke device first (probably the WAP), followed by the CRS and then the Hex, or disable STP first.
Actually I've been looking/waiting for you on IRC for two days.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24323
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Tue Mar 14, 2017 8:28 am

is any chance for fix for recent linux breach ?
eg this one:
https://security-tracker.debian.org/tra ... -2017-2636
... in the Linux kernel through 4.10.1... 
RouterOS v6 uses v3.3.6 and don't have hdlc ...you are safe.
well, since "3.2 and above(up to 4.11?)" listed as "vulnerable" unless "particular security fix" delivered - it IS VULNERABLE, i guess.

how do you Know(!) that ROS lack "drivers/tty/n_hdlc" in it ?
do you had ROS source-code access ?
1) RouterOS is not affected
2) Even if it would be, RouterOS users have no ability to run their own programs. It couldn't be applicable anyway.
No answer to your question? How to write posts
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Wed Mar 15, 2017 4:37 pm

6.39rc54 has been released.

Changes since previous version;
*) ike1 - fixed ph2 ID logging;
*) ipsec - allow mixing aead algorithms in proposal;
*) ipsec - show hardware accelerated authenticated SAs;
*) lte - added initialization for Cinterion;
*) netinstall - fixed typos;
*) ppp-client - added support for Datacard 750UL, DWR-730 and K4607-Zr;
*) snmp - added optical table;
*) snmp - added fan-speed OIDs in "/system health print oid";
*) snmp - fixed rare crash;
*) snmp - improved getall filter;
*) tr069-client - added "Device.WiFi.NeighboringWiFiDiagnostic." support;
*) tr069-client - added Upload RPC "2 Vendor Log File" support;
*) tr069-client - fixed "Device.ManagementServer." value update;
*) tr069-client - fixed crash on =acs-url change special case;
*) userman - allow "name-for-user" to be empty and not unique;
*) wireless - fixed false positive DFS radar detection caused by iPhone 6s devices;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
alexjhart
Member Candidate
Member Candidate
Posts: 192
Joined: Thu Jan 20, 2011 8:03 pm

Re: v6.39rc [release candidate] is released

Wed Mar 15, 2017 10:43 pm

6.39rc54 has been released.
*) ipsec - show hardware accelerated authenticated SAs;
Where can this be found?
-----
Alex Hart

The Brothers WISP
 
Sob
Forum Guru
Forum Guru
Posts: 4884
Joined: Mon Apr 20, 2009 9:11 pm

Re: v6.39rc [release candidate] is released

Wed Mar 15, 2017 11:38 pm

I don't see anything in WinBox, but CLI has new flag "H - hw-authenc" in "/ip ipsec installed-sa print".
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
alexjhart
Member Candidate
Member Candidate
Posts: 192
Joined: Thu Jan 20, 2011 8:03 pm

Re: v6.39rc [release candidate] is released

Thu Mar 16, 2017 12:04 am

I don't see anything in WinBox, but CLI has new flag "H - hw-authenc" in "/ip ipsec installed-sa print".
Thanks. Not sure how I missed that when printing before. Guess I was looking for a yes/no value, not flag. Makes sense.
-----
Alex Hart

The Brothers WISP
 
IntrusDave
Forum Guru
Forum Guru
Posts: 1290
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: v6.39rc [release candidate] is released

Thu Mar 16, 2017 12:46 am

*) ipsec - show hardware accelerated authenticated SAs;
Is there any possibility that WinBox could highlight the algorithms that are hardware accelerated on each platform?
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
alexjhart
Member Candidate
Member Candidate
Posts: 192
Joined: Thu Jan 20, 2011 8:03 pm

Re: v6.39rc [release candidate] is released

Thu Mar 16, 2017 1:10 am

*) ipsec - show hardware accelerated authenticated SAs;
Is there any possibility that WinBox could highlight the algorithms that are hardware accelerated on each platform?
You mean putting this information into winbox? https://wiki.mikrotik.com/wiki/Manual:I ... encryption. Couldn't hurt. I could see it being useful to make that information more readily available in the data sheets/brochures on routerboard.com too.
-----
Alex Hart

The Brothers WISP
 
IntrusDave
Forum Guru
Forum Guru
Posts: 1290
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: v6.39rc [release candidate] is released

Thu Mar 16, 2017 1:13 am

*) ipsec - show hardware accelerated authenticated SAs;
Is there any possibility that WinBox could highlight the algorithms that are hardware accelerated on each platform?
You mean putting this information into winbox? https://wiki.mikrotik.com/wiki/Manual:I ... encryption. Couldn't hurt. I could see it being useful to make that information more readily available in the data sheets/brochures on routerboard.com too.
Yes, exactly.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
Beone
Member Candidate
Member Candidate
Posts: 243
Joined: Fri Feb 11, 2011 1:11 pm

Re: v6.39rc [release candidate] is released

Thu Mar 16, 2017 1:47 am

- Wireless + CAPSMAN: what about airtime fairness and bandsteering?
 
alexjhart
Member Candidate
Member Candidate
Posts: 192
Joined: Thu Jan 20, 2011 8:03 pm

Re: v6.39rc [release candidate] is released

Thu Mar 16, 2017 1:50 am

- Wireless + CAPSMAN: what about airtime fairness and bandsteering?
Probably best requested as new reply in viewtopic.php?f=1&t=45934 or topic in viewforum.php?f=1 (might already exist too)
-----
Alex Hart

The Brothers WISP
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1825
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: v6.39rc [release candidate] is released

Thu Mar 16, 2017 9:28 am

*) ipsec - show hardware accelerated authenticated SAs;
Is there any possibility that WinBox could highlight the algorithms that are hardware accelerated on each platform?
I have requested this a few times, and each time I get pointed at the Wiki..

I really wish they would do this, even if it was under "/system resources" and showed which algorithms are accelerated in hardware.. It's all there in dmesg so the dev's can easily obtain the information.
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Thu Mar 16, 2017 1:12 pm

Version 6.39rc55 has been released.
Changes since previous version:
!) bridge - fixed BPDU rx/tx when protocol-mode=none;
*) api - fixed double dynamic flags for "/ip firewall address-list print";
*) console - fixed DHCP/PPP add-default-route distance minimal value to 1;
*) console - fixed "/ip neighbor discovery" export;
*) console - fixed crash;
*) console - fixed incorrect ":put [/lcd get enabled]" value;
*) userman - automatically select all newly created users to generate vouchers;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
biatche
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Oct 13, 2015 6:50 am

Re: v6.39rc [release candidate] is released

Thu Mar 16, 2017 8:01 pm

before you release final version, which i do feel is drawing near..... please test vlans on CRS bridge + HAP AC.. all on the latest version.
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 545
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v6.39rc [release candidate] is released

Thu Mar 16, 2017 8:06 pm

!) bridge - fixed BPDU rx/tx when protocol-mode=none

can we have more information on this? thanks
 
athurdent
just joined
Posts: 24
Joined: Fri Sep 09, 2016 7:02 pm

Re: v6.39rc [release candidate] is released

Fri Mar 17, 2017 9:13 am

6.39rc54 has been released.
*) wireless - fixed false positive DFS radar detection caused by iPhone 6s devices;
This is not fixed, the problem still persists.
 
User avatar
vmiro
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Sun Jan 29, 2006 6:53 pm

Re: v6.39rc [release candidate] is released

Mon Mar 20, 2017 2:38 pm

!) bridge - fixed BPDU rx/tx when protocol-mode=none

can we have more information on this? thanks
I had a problem on one of my WAP ac where the wlan interfaces are not added to the bridge. Clients can connect but there is no communication with the router. And the protocol mode was set to none...
WAP ac have enabled cap and is getting the configuration from CAPsMAN. This is how the problem reflects on my configuration ;)

mIRO
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Mon Mar 20, 2017 4:08 pm

athurdent - Please write to support@mikrotik.com and send supout file from device with this version and after you have tested this fix
 
athurdent
just joined
Posts: 24
Joined: Fri Sep 09, 2016 7:02 pm

Re: v6.39rc [release candidate] is released

Mon Mar 20, 2017 6:51 pm

strods - I already have a ticket open, Uldis asked me for remote access last Friday. Have not heard back yet, but you should already be able to access my device.
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 249
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.39rc [release candidate] is released

Tue Mar 21, 2017 1:17 pm

!) bridge - fixed BPDU rx/tx when protocol-mode=none

Fixed as in now we do forward all bpdu's transparrently or now we eat all transparrently What is done exactly?
Need to know so we may plan for the changed behaviour.
 
anuser
Member
Member
Posts: 406
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.39rc [release candidate] is released

Wed Mar 22, 2017 3:09 pm

CAPSMAN controller: CCR1009
Wifi CAPS: WAP AC + HAP AC

v6.36.4:
working fine, reference speed wireless: 250-260Mbit/s

v6.38.x :
- massive wireless issues with capsman (continous disconnects, slow speeds)
- RSTP causing forwarding issues (traffic not forwarding, DHCP not getting through)

v6.39rcXX-51:
- Wireless speed issue: speed only half (~ 140Mbit/s; half speed compared to v6.36.4; downgrading back to 6.36.4 results in higher speed)
I´m in the same situation: throughput is rather low. I have CAPSMAN with WAP AC devices.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8320
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.39rc [release candidate] is released

Wed Mar 22, 2017 3:12 pm

In WebFig, it's possible to move (drag'n'drop) rules even if the list is sorted not by rule number. In WinBox it's not possible :)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3427
Joined: Mon May 31, 2004 2:55 pm

Re: v6.39rc [release candidate] is released

Wed Mar 22, 2017 6:04 pm

v6.39rcXX-51:
- Wireless speed issue: speed only half (~ 140Mbit/s; half speed compared to v6.36.4; downgrading back to 6.36.4 results in higher speed)
We need more info how to reproduce this problem. Step by step so we could try to reproduce this problem.
What wireless packages you used on the 6.36.4 and did you downgrade both CAPsMAN and CAP?
 
palhaland
just joined
Posts: 10
Joined: Mon Aug 15, 2016 9:05 pm

Re: v6.39rc [release candidate] is released

Fri Mar 24, 2017 9:27 am

I think I have found an issue with the RC.

Steps to reproduce:
1. On a RouterOS 6.38.x create a backup of the setup.
2. Upgrade to 6.39rcXX-xx
3. Reset the board.
4. Apply backup
5. After reboot RouterBoard has no configuration.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1720
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6.39rc [release candidate] is released

Fri Mar 24, 2017 11:22 am

Backup should be restored to same version of ROS as i have been made.
You should try /export your configuration if you want to restore it to the newer version of ROS
Real admins use real keyboards.
 
anuser
Member
Member
Posts: 406
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.39rc [release candidate] is released

Fri Mar 24, 2017 12:45 pm

v6.39rcXX-51:
- Wireless speed issue: speed only half (~ 140Mbit/s; half speed compared to v6.36.4; downgrading back to 6.36.4 results in higher speed)
We need more info how to reproduce this problem. Step by step so we could try to reproduce this problem.
What wireless packages you used on the 6.36.4 and did you downgrade both CAPsMAN and CAP?
So I tested with CAPSMAN => Configuration => Distance set to indoors AND CAPSMAN => Configuration => Rates empty setting.

distance between laptop and accesspoint: ~30cm

CAPSMAN Controller (x86) version is: 6.39rc55
- So I tested with an HAP AC with serial number: 673706EDxxxx, Windows 10 Pro with Intel 4965AGN
6.36.4(5GHz): ~5MB/s
6.37.5(5GHz): ~7MB/s
6.38.5(5GHz): ~50KB/s to 1,7MB/s . Throughput is going up and down. Mostly at KB/s speed
6.39rc55(5GHz): ~8MB/s.

- New test with an WAP AC with serial number: 69A505A1xxxx, Windows 10 Pro with Intel 4965AGN
6.38.1(5Ghz): ~7,2 MB/s
6.38.5(5GHz): ~7MB/s
6.39rc55(5GHz): ~5MB/s to ~7,5 MB/s

- New test with an WAP AC with serial number 711E06ECxxxx, Windows 10 Pro with Intel 4965AGN
6.35.4(5Ghz): 6,4MB/s
6.36.4(5Ghz): 6,5MB/s
6.38.5(5 GHz): 6,2 MB/s
6.39.rc55(5 Ghz): 4,4MB/s to 6,4MB/s
6.39.rc55(2.4Ghz): 2,4MB/s to 3 MB/s
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Fri Mar 24, 2017 12:50 pm

Version 6.39rc58 has been released.

Changes since previous version:

*) certificate - SCEP client now supports FQDN URL and port;
*) ethernet - added "voltage-too-low" status for single port power injector devices;
*) ethernet - fixed unnecessary power cycle of powered device when changing any poe-out related setting on single port power injector devices;
*) ethernet - reversed poe-priority on hEX PoE and OmniTIK 5 PoE to make "poe-priority" consistent to all other RouterOS priorities;
*) fetch - added "http-data" and "http-method" parameters to allow delete, get, post, put methods (content-type=application/x-www-form-urlencoded by default);
*) ike2 - fixed CTR mode;
*) ike2 - remove old SA after rekey;
*) ipsec - fixed SA authentication flag;
*) lte - added log entry for SMS delivery report;
*) ntp - restart NTP client when it is stuck in error state;
*) smb - fixed different memory leaks and crashes;
*) smb - fixed share path on devices with "/flash" directory;
*) userman - fixed rare web interface crash while using Users section;
*) wireless - fixed false positive DFS radar detection caused by iPhone 6s devices;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5977
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39rc [release candidate] is released

Fri Mar 24, 2017 4:58 pm

*) ethernet - reversed poe-priority on hEX PoE and OmniTIK 5 PoE to make "poe-priority" consistent to all other RouterOS priorities;
What does "all other RouterOS priorities" mean?
Note that packet priorities are inconsistent with queue priorities.
(when setting a packet priority e.g. "from DSCP high 3 bits", value 7 is higher priority than value 0, but when setting up a queue tree,
a lower priority value means higher priority for that entry)

And then we do not even consider that in 802.11p, the place where the packet priority is used, the priorities from low to high are like
this: 1 0 2 3 4 5 6 7 because 0 is the default priority leaving no room for a below-normal priority.
 
picacho99
newbie
Posts: 42
Joined: Mon Sep 08, 2014 7:16 pm

Re: v6.39rc [release candidate] is released

Sat Mar 25, 2017 9:15 pm

A RB3011 with a regular configruation when upgraded from v6.38.5 to v6.39.55 or v6.39.58 device becomes unusable: reboots again and again until it is recovered with reset and netinstall.
 
palhaland
just joined
Posts: 10
Joined: Mon Aug 15, 2016 9:05 pm

Re: v6.39rc [release candidate] is released

Sat Mar 25, 2017 10:05 pm

Backup should be restored to same version of ROS as i have been made.
You should try /export your configuration if you want to restore it to the newer version of ROS
Does this apply to upgrading from 6.38 as well? Currently it clears all configuration when upgrading as well
 
IntrusDave
Forum Guru
Forum Guru
Posts: 1290
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: v6.39rc [release candidate] is released

Sun Mar 26, 2017 8:02 pm

A RB3011 with a regular configruation when upgraded from v6.38.5 to v6.39.55 or v6.39.58 device becomes unusable: reboots again and again until it is recovered with reset and netinstall.
I has this same issue. I think it may be from the addition of the partition support.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
zcybercomputing
just joined
Posts: 17
Joined: Tue Feb 14, 2017 4:10 am

Re: v6.39rc [release candidate] is released

Mon Mar 27, 2017 3:18 am

A RB3011 with a regular configruation when upgraded from v6.38.5 to v6.39.55 or v6.39.58 device becomes unusable: reboots again and again until it is recovered with reset and netinstall.
I had this problem going from v6.38.4 to 6.38.5 on the RB3011 also. Unfortunantly the router is one of my main routers, and I didn't have a spare so I couldn't debug. I did have extra packages installed and was running dude.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5977
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39rc [release candidate] is released

Mon Mar 27, 2017 11:21 am

I had this problem going from v6.38.4 to 6.38.5 on the RB3011 also. Unfortunantly the router is one of my main routers, and I didn't have a spare so I couldn't debug.
In that scenario it is not wise to run RC software... I hope at least you make backups and/or exports and store them on another computer.
 
picacho99
newbie
Posts: 42
Joined: Mon Sep 08, 2014 7:16 pm

Re: v6.39rc [release candidate] is released

Mon Mar 27, 2017 1:14 pm

I had this problem going from v6.38.4 to 6.38.5 on the RB3011 also. Unfortunantly the router is one of my main routers, and I didn't have a spare so I couldn't debug.
In that scenario it is not wise to run RC software... I hope at least you make backups and/or exports and store them on another computer.
What is wrong with "zcybercomputing"?

One may decide to try RC software....Recover the device via netinstall and restore a backup requires no more than 10', and of course we, all, have backups and exports stored on another computer: in RB3011 partitions do not work...yes, it is suposed to work on v6.39.RC5X but no way to try it becuase leaves RB3011 unusable.

A RB3011 bought by the end of 2015, with historical debts (bridges, the announced desktop version with wireless, partitions, hardware encryption, ....)....from the "promissing" new ARM Mikrotik architecture that has never got additional devices launched.
 
zcybercomputing
just joined
Posts: 17
Joined: Tue Feb 14, 2017 4:10 am

Re: v6.39rc [release candidate] is released

Mon Mar 27, 2017 1:32 pm

I had this problem going from v6.38.4 to 6.38.5 on the RB3011 also. Unfortunantly the router is one of my main routers, and I didn't have a spare so I couldn't debug.
In that scenario it is not wise to run RC software... I hope at least you make backups and/or exports and store them on another computer.
I know this is the RC thread, but if you check the version numbers I cited, you may get my point that this particular error also has effected the current releases. A boot loop as a result of firmware upgrade in the current released version is extremely concerning. I hope this gets sorted before this version gets out of RC. I would run the stable release on this router, but I need the new dude features of v6.38.x

Since this event, I have begun frequent full export, backup, and file system downloads...

None of the features I am using has caused the problem to resurface, but I will not upgrade or reinstall the extra packages I wanted to play with until this appears to be resolved.
 
User avatar
jspool
Member
Member
Posts: 399
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: v6.39rc [release candidate] is released

Tue Mar 28, 2017 2:43 am

What's new in 6.39rc4 (2016-Dec-30 07:16):

!) ppp - completely rewritten internal fragmentation algorithm (when MRRU is used), optimized for multicore;
*) capsman - added CAP discovery interface list support;
*) ethernet - renamed "rx-lose" to "rx-loss" in ethernet statistics;
*) health - report fan speed for RB800 and RB1100 when 3-pin fan is being used;
*) led - show warning on print when "modem-signal-threshold" is not available;
*) lte - added error handling for remote AT execute;
*) wAP ac - improved 2.4GHz wireless performance;
*) wireless - added "station-roaming" setting (cli only);
*) wireless - show comment on "security-profile" if it is set (cli only);

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

Its so nice to be able to connect to Rest API's with the new post method!!! My Mikrotiks are now happily sending me SMS alerts via API. It does come back with "failure" in the terminal when I run the command however it actually does work fine. cURL reports success but Mikrotik does not show success but it does seem to work fine. Thanks for adding this feature. Look forward to it hitting the stable release.
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.39rc [release candidate] is released

Wed Mar 29, 2017 3:39 pm

Hello,

*) wireless - fixed false positive DFS radar detection caused by iPhone 6s devices;

this problem still persists with version 6.39rc58

please fix

it is also not necessarily related to iphone 6s devices but occurs randomly (could be that a 6s is walking by, but thats just guessing)

Thank you
 
athurdent
just joined
Posts: 24
Joined: Fri Sep 09, 2016 7:02 pm

Re: v6.39rc [release candidate] is released

Wed Mar 29, 2017 3:45 pm

Hello,

*) wireless - fixed false positive DFS radar detection caused by iPhone 6s devices;

this problem still persists with version 6.39rc58

please fix

it is also not necessarily related to iphone 6s devices but occurs randomly (could be that a 6s is walking by, but thats just guessing)

Thank you
This should get fixed in rc59, MikroTik had access to my hAP AC and after a few debug firmwares the problem was no longer reproducible with my 6s.
 
User avatar
dash
newbie
Posts: 37
Joined: Tue Apr 28, 2015 12:05 pm

Re: v6.39rc [release candidate] is released

Thu Mar 30, 2017 5:01 pm

I am facing issues with the 6.39rc58 on an RB952 (6.39rc58 port1) which is POE powered from an RB3011 (6.38.5, LAN port 10). After updating the RB952 with the rc58 frimware POE does not turn it on again. I had to use the standard 24v power supply to get it up and running before i was able to downgrade to the 6.38.5 package. In 6.38.5 POE works with no issue...
 
jondavy
Member Candidate
Member Candidate
Posts: 131
Joined: Tue May 12, 2009 11:14 pm
Location: Brasil

Re: v6.39rc [release candidate] is released

Sat Apr 01, 2017 12:13 am

when i set:

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes

is not catching VLAN QinQ traffic into firewall
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Mon Apr 03, 2017 3:17 pm

Verison 6.39rc60 has been released.

Changes since previous version;
*) dhcpv4-server - by default make server “authoritativeâ€;
*) ethernet - fixed "loop-protect" on "master-port";
*) ethernet - fixed rare switch chip hang (could cause port flapping);
*) ike2 - fixed ctr mode;
*) ipsec - enable aes-ni on i386 and x64 for cbc, ctr and gcm modes;
*) ipsec - renamed "hw-authenc" flag to "hw-aead";
*) log - do not show changes in packet if NAT has not been used;
*) tr069-client - fixed XML special character parsing;
*) tr069-client - hide "Device.PPP.Interface.{i}.Password" value;
*) tr069-client - make more Parameters deny active notifications;
*) wireless - fixed crash while running "spectral-scan";
*) wireless - fixed false positive DFS radar detection caused by iPhone 6s devices;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
dyke
just joined
Posts: 1
Joined: Mon Apr 03, 2017 4:43 pm

Re: v6.39rc [release candidate] is released

Mon Apr 03, 2017 4:54 pm

*) ethernet - fixed rare switch chip hang (could cause port flapping);
Does this fix is related to [Ticket#2017032822000978]?
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Tue Apr 04, 2017 5:34 pm

Version 6.39rc62 has been released.

Changes since previous version:
!) firewall - discontinued support for p2p matcher (old rules will become invalid);
*) capsman - added "extension-channel" XX and XXXX auto matching modes (CLI only);
*) capsman - added "keepalive-frames" setting (CLI only);
*) capsman - added "skip-dfs-channels" setting (CLI only);
*) capsman - added ability to specify multiple channels in frequency field (CLI only);
*) capsman - added DFS support;
*) capsman - added support for "background-scan" and channel "reselect-interval" (CLI only);
*) capsman - changed channel "width" name to "control-channel-width" and changed default values (CLI only);
*) fastpath - fixed rare crash on devices with dynamic interfaces;
*) smips - reduced RouterOS main package size;
*) tile - optimized hardware encryption;
*) tr069-client - added firewall NAT support using vendor Parameters;
*) tr069-client - added support for uploading/downloading factory script;
*) webfig - correctly specify routing filter prefix;
*) winbox - allow to specify "route-distance" in "dhcp-client" if "special-classless" mode is selected;
*) winbox - do not allow Packet Sniffer "memory-limit" lower than 10KiB;
*) winbox - fixed "Montly" typo to "Monthly" in Graphing menu;
*) winbox - hide health menu on RB450;
*) winbox - properly show "dhcp-server" warnings;
*) winbox - properly show IPSec "installed-sa" "enc-algorithm" when it is aes-gcm;
*) winbox - set default "dhcp-client" "default-route-distance" value to 1;
*) winbox - show PoE-OUT current, voltage and power only on devices which can report these values;
*) wireless - added PEAP authentication support for wireless station mode (CLI only);

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
paulct
Member
Member
Posts: 303
Joined: Fri Jul 12, 2013 5:38 pm

Re: v6.39rc [release candidate] is released

Tue Apr 04, 2017 5:38 pm

Version 6.39rc62 has been released.
*) wireless - added PEAP authentication support for wireless station mode;
Wow, finally ;) nice
 
pe1chl
Forum Guru
Forum Guru
Posts: 5977
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39rc [release candidate] is released

Tue Apr 04, 2017 6:03 pm

Version 6.39rc62 has been released.
*) wireless - added PEAP authentication support for wireless station mode;
Wow, finally ;) nice
Hooray!!! Finally we can phase out PSK!
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.39rc [release candidate] is released

Tue Apr 04, 2017 6:57 pm

still not fixed in 6.39rc62 :(
Hello,

*) wireless - fixed false positive DFS radar detection caused by iPhone 6s devices;

this problem still persists with version 6.39rc58

please fix

it is also not necessarily related to iphone 6s devices but occurs randomly (could be that a 6s is walking by, but thats just guessing)

Thank you
This should get fixed in rc59, MikroTik had access to my hAP AC and after a few debug firmwares the problem was no longer reproducible with my 6s.
 
Marino
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Sun Jun 14, 2015 7:26 pm

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 1:09 am

RB750GR3 doesn't boot. Crashes and reboot loop.
Version 6.39rc62 has been released.

Changes since previous version:
!) firewall - discontinued support for p2p matcher (old rules will become invalid);
*) capsman - added "extension-channel" XX and XXXX auto matching modes;
*) capsman - added "keepalive-frames" setting;
*) capsman - added "skip-dfs-channels" setting;
*) capsman - added ability to specify multiple channels in frequency field;
*) capsman - added DFS support;
*) capsman - added support for "background-scan" and channel "reselect-interval";
*) capsman - changed channel "width" name to "control-channel-width" and changed default values;
*) fastpath - fixed rare crash on devices with dynamic interfaces;
*) smips - reduced RouterOS main package size;
*) tile - optimized hardware encryption;
*) tr069-client - added firewall NAT support using vendor Parameters;
*) tr069-client - added support for uploading/downloading factory script;
*) webfig - correctly specify routing filter prefix;
*) winbox - allow to specify "route-distance" in "dhcp-client" if "special-classless" mode is selected;
*) winbox - do not allow Packet Sniffer "memory-limit" lower than 10KiB;
*) winbox - fixed "Montly" typo to "Monthly" in Graphing menu;
*) winbox - hide health menu on RB450;
*) winbox - properly show "dhcp-server" warnings;
*) winbox - properly show IPSec "installed-sa" "enc-algorithm" when it is aes-gcm;
*) winbox - set default "dhcp-client" "default-route-distance" value to 1;
*) winbox - show PoE-OUT current, voltage and power only on devices which can report these values;
*) wireless - added PEAP authentication support for wireless station mode;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
mducharme
Trainer
Trainer
Posts: 877
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 3:11 am

*) tr069-client - added support for uploading/downloading factory script;
Wow! That's excellent! How??
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1825
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 4:51 am

*) capsman - added ability to specify multiple channels in frequency field;
Hi Strods,

Can you give an example of how you would use this ?

Is this so that Auto-Channel will only select one of the frequencies listed ?
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
uldis
MikroTik Support
MikroTik Support
Posts: 3427
Joined: Mon May 31, 2004 2:55 pm

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 9:41 am

*) capsman - added ability to specify multiple channels in frequency field;
Is this so that Auto-Channel will only select one of the frequencies listed ?
Yes, it will choose one of the specified frequencies.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3427
Joined: Mon May 31, 2004 2:55 pm

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 9:43 am

still not fixed in 6.39rc62 :(
Hello,

*) wireless - fixed false positive DFS radar detection caused by iPhone 6s devices;

this problem still persists with version 6.39rc58

please fix

it is also not necessarily related to iphone 6s devices but occurs randomly (could be that a 6s is walking by, but thats just guessing)

Thank you
This should get fixed in rc59, MikroTik had access to my hAP AC and after a few debug firmwares the problem was no longer reproducible with my 6s.
Please tell us more info what causes the DFS this time? iPhone 6S or some other device? Maybe you could provide us with the remote access to the AP so we could monitor that?
 
MayestroPW
newbie
Posts: 48
Joined: Wed Oct 26, 2016 3:28 pm

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 1:25 pm

*) capsman - added support for "background-scan" and channel "reselect-interval";
How does background-scan works? In winbox I still can't run background scan on capsman interfaces.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3427
Joined: Mon May 31, 2004 2:55 pm

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 1:34 pm

*) capsman - added support for "background-scan" and channel "reselect-interval";
How does background-scan works? In winbox I still can't run background scan on capsman interfaces.
Winbox support for all the new CAPsMAN Features are not made yet. You need to use console.
As soon as the CAP starts to operate in a frequency you can run the background scan on it.
 
MayestroPW
newbie
Posts: 48
Joined: Wed Oct 26, 2016 3:28 pm

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 1:37 pm

When I start background scan on cap it tells me:
failure: background scan not supported in this state
I ran it from cap router, not from capsman router.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5977
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 4:25 pm

Version 6.39rc62 has been released.

Changes since previous version:
*) wireless - added PEAP authentication support for wireless station mode (CLI only);
Ok, CLI only was added later... I was checking via WebFig.
How is it done?

/interface wireless security-profiles
add name="peap" mode=dynamic-keys authentication-types=wpa2-eap eap-methods=peap

now I still have to config the "anonynous identity", "username" and "password".
Do I use the existing fields supplicant-identity mschapv2-username and mschapv2-password
for that? (meaning the only thing missing from Webfig is the eap-methods=peap in the pulldown?)
Or is there some other place to enter anonymous identity?
 
uldis
MikroTik Support
MikroTik Support
Posts: 3427
Joined: Mon May 31, 2004 2:55 pm

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 4:33 pm

When I start background scan on cap it tells me:
failure: background scan not supported in this state
I ran it from cap router, not from capsman router.
It will be only supported from the CAPsMAN side.
 
MayestroPW
newbie
Posts: 48
Joined: Wed Oct 26, 2016 3:28 pm

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 4:40 pm

When I start background scan on cap it tells me:
failure: background scan not supported in this state
I ran it from cap router, not from capsman router.
It will be only supported from the CAPsMAN side.
Then how to run that scan?

UPDATE:

Ok, I found scan option, but need to add some channels to list I think.
 
uldis
MikroTik Support
MikroTik Support
Posts: 3427
Joined: Mon May 31, 2004 2:55 pm

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 4:41 pm

When I start background scan on cap it tells me:
failure: background scan not supported in this state
I ran it from cap router, not from capsman router.
It will be only supported from the CAPsMAN side.
Then how to run that scan?
From the CAPsMAN:

[admin@CAPsMAN] /caps-man interface> scan cap1
Flags: A - active, P - privacy, R - routeros-network, N - nstreme, T - tdma, W - wds, B - bridge
ADDRESS SSID CHANNEL SIG NF SNR RADIO-NAME ROUTEROS-VERSION
A R B 00:0C:42:05:01:27 Demo2 5180/20/a -65 -103 38 demo2 6.39rc60
 
MayestroPW
newbie
Posts: 48
Joined: Wed Oct 26, 2016 3:28 pm

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 4:44 pm

Is there any possibility in future, that we could set other modes in cap settings than ap mode? I wish there was a station mode...
 
uldis
MikroTik Support
MikroTik Support
Posts: 3427
Joined: Mon May 31, 2004 2:55 pm

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 4:49 pm

Version 6.39rc62 has been released.

Changes since previous version:
*) wireless - added PEAP authentication support for wireless station mode (CLI only);
Ok, CLI only was added later... I was checking via WebFig.
How is it done?

/interface wireless security-profiles
add name="peap" mode=dynamic-keys authentication-types=wpa2-eap eap-methods=peap

now I still have to config the "anonynous identity", "username" and "password".
Do I use the existing fields supplicant-identity mschapv2-username and mschapv2-password
for that? (meaning the only thing missing from Webfig is the eap-methods=peap in the pulldown?)
Or is there some other place to enter anonymous identity?
Yes, you need to specify the mschapv2-username/password setting. Also I suggest to set the tls-mode=do-not-verify-certificate option.
Outer TLS identity is used from the supplicant-identity and inner TLS identity is used the mschapv2-username.
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 4:50 pm

still not fixed in 6.39rc62 :(
Hello,

*) wireless - fixed false positive DFS radar detection caused by iPhone 6s devices;

this problem still persists with version 6.39rc58

please fix

it is also not necessarily related to iphone 6s devices but occurs randomly (could be that a 6s is walking by, but thats just guessing)

Thank you
This should get fixed in rc59, MikroTik had access to my hAP AC and after a few debug firmwares the problem was no longer reproducible with my 6s.
Please tell us more info what causes the DFS this time? iPhone 6S or some other device? Maybe you could provide us with the remote access to the AP so we could monitor that?
First of all: I had the problems with version 6.39rc60 not rc62. I now upgraded to rc62 and will check again.
the problem occured mainly in the middle of the day when I am not there or in the middle of the night, so I have no clue which device it could have been. there is no iPhone 6s present. the problem first appeared upgrading from 6.38.3 to 6.38.5.

a side note: the throughput from 6.38.5 to 6.39rc62 is now much better. in 6.38.5 I could barely get 100Mbps http throuput at 866MBit/s Phy-Rate. Now I am able to get almost 200 Mbps. This is not as great as it was with pre 6.38.x but much better than with 6.38.x :)
 
uldis
MikroTik Support
MikroTik Support
Posts: 3427
Joined: Mon May 31, 2004 2:55 pm

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 4:55 pm

Is there any possibility in future, that we could set other modes in cap settings than ap mode? I wish there was a station mode...
Current CAPsMAN implementation doesn't support that and we do not plan to add that in near future.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5977
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39rc [release candidate] is released

Wed Apr 05, 2017 5:05 pm

Yes, you need to specify the mschapv2-username/password setting. Also I suggest to set the tls-certificate=do-not-verify-certificate option.
Outer TLS identity is used from the supplicant-identity and inner TLS identity is used the mschapv2-username.
Ok thanks, that is clear to me. I'll try to test it soon. Hopefully you can add the PEAP method to the dropdown list in WebFig soon.
(most config work is done via WebFig here, I never use WinBox and use CLI when required)
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.39rc [release candidate] is released

Thu Apr 06, 2017 4:03 pm

First of all: I had the problems with version 6.39rc60 not rc62. I now upgraded to rc62 and will check again.
the problem occured mainly in the middle of the day when I am not there or in the middle of the night, so I have no clue which device it could have been. there is no iPhone 6s present. the problem first appeared upgrading from 6.38.3 to 6.38.5.

a side note: the throughput from 6.38.5 to 6.39rc62 is now much better. in 6.38.5 I could barely get 100Mbps http throuput at 866MBit/s Phy-Rate. Now I am able to get almost 200 Mbps. This is not as great as it was with pre 6.38.x but much better than with 6.38.x :)
The problem is still present in 6.39rc62, it occured in the middle of the night (3:30)
 
uldis
MikroTik Support
MikroTik Support
Posts: 3427
Joined: Mon May 31, 2004 2:55 pm

Re: v6.39rc [release candidate] is released

Thu Apr 06, 2017 5:04 pm

First of all: I had the problems with version 6.39rc60 not rc62. I now upgraded to rc62 and will check again.
the problem occured mainly in the middle of the day when I am not there or in the middle of the night, so I have no clue which device it could have been. there is no iPhone 6s present. the problem first appeared upgrading from 6.38.3 to 6.38.5.

a side note: the throughput from 6.38.5 to 6.39rc62 is now much better. in 6.38.5 I could barely get 100Mbps http throuput at 866MBit/s Phy-Rate. Now I am able to get almost 200 Mbps. This is not as great as it was with pre 6.38.x but much better than with 6.38.x :)
The problem is still present in 6.39rc62, it occured in the middle of the night (3:30)
Then we would need remote access to install a debug package.
Please contact support@mikrotik.com
 
huntah
Member Candidate
Member Candidate
Posts: 267
Joined: Tue Sep 09, 2008 3:24 pm

Re: v6.39rc [release candidate] is released

Thu Apr 06, 2017 11:51 pm

Does the black list function in the discover info window of the dude client for windows work right in this build? In 6.38.3, and previous versions I don't see the . or ... buttons shown in the manual here.

http://wiki.mikrotik.com/wiki/Manual:Th ... _discovery

There is a related bug where dude discovers phantom devices on the broadcast and subnet IP addresses during discovery discussed here:
http://forum.mikrotik.com/viewtopic.php?f=8&t=118250
It seems this is not fixed even in 6.39rc62. How/where can we specify black list for discovery?
 
mducharme
Trainer
Trainer
Posts: 877
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.39rc [release candidate] is released

Fri Apr 07, 2017 9:55 pm

*) tr069-client - added support for uploading/downloading factory script;
I see info on this is now in the wiki, thanks. Can you confirm that this factory script also activates with the hardware reset button? Or only the software reset command? I am wondering if we still need to use netinstall to get a factory config that is reapplied even with the hardware reset button? The wiki did not make this clear.

Thanks!
 
picacho99
newbie
Posts: 42
Joined: Mon Sep 08, 2014 7:16 pm

Re: v6.39rc [release candidate] is released

Mon Apr 10, 2017 1:44 pm

For these experiencing problems installing 6.39rc on RB3011: in my case it only worked netinstall but using the version associated with the 6.39rc in the software dowloads section (it is named netinstall-6.39rcXX-tile.zip). Stable netinstall (currently named netinstall-6.38.5.zip) does not seems to work.

And yes...partitions appear to work, but I did not test a partition activated and installing a previuos RouterOS version...
 
huntah
Member Candidate
Member Candidate
Posts: 267
Joined: Tue Sep 09, 2008 3:24 pm

Re: v6.39rc [release candidate] is released

Mon Apr 10, 2017 8:15 pm

Does the black list function in the discover info window of the dude client for windows work right in this build? In 6.38.3, and previous versions I don't see the . or ... buttons shown in the manual here.

http://wiki.mikrotik.com/wiki/Manual:Th ... _discovery

There is a related bug where dude discovers phantom devices on the broadcast and subnet IP addresses during discovery discussed here:
http://forum.mikrotik.com/viewtopic.php?f=8&t=118250
It seems this is not fixed even in 6.39rc62. How/where can we specify black list for discovery?
It is fixed but It was changed and not documented in the Wiki.. The Address list is now linked to the IP Firewall Address-list.
Got this answer from support. So thanks again for support. This feature is very handy..
 
kissze
just joined
Posts: 2
Joined: Tue Apr 11, 2017 12:03 pm

Re: v6.39rc [release candidate] is released

Tue Apr 11, 2017 1:57 pm

Hi,
After the upgrade, my hEX PoE lite(RB750UPr2) is keep forgetting the configuration after every reboot.
This is a know problem?
Have anybody a workaround for this or i have to wait for a new rc release (im already downgraded, no problem)?

With kind regards,
Zoltan
 
Kindis
Member Candidate
Member Candidate
Posts: 252
Joined: Tue Nov 01, 2011 6:54 pm

Re: v6.39rc [release candidate] is released

Tue Apr 11, 2017 3:50 pm

Hi,
After the upgrade, my hEX PoE lite(RB750UPr2) is keep forgetting the configuration after every reboot.
This is a know problem?
Have anybody a workaround for this or i have to wait for a new rc release (im already downgraded, no problem)?
Don't know if this is related but I had a similar issue with my RB750Gr3 which turned out to be a storage problem. All changes only got committed to RAM and not to storage. A quick clean of old backups and my config is the same after a reboot.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Tue Apr 11, 2017 4:42 pm

Version 6.39rc68 has been released.

Changes since previous version:
*) capsman - added "extension-channel" XX and XXXX auto matching modes;
*) capsman - added "keepalive-frames" setting;
*) capsman - added "skip-dfs-channels" setting;
*) capsman - added ability to specify multiple channels in frequency field;
*) capsman - added support for "background-scan" (CLI only) and channel "reselect-interval";
*) capsman - changed channel "width" name to "control-channel-width" and changed default values;
*) ddns - improved "dns-update" authentication validation;
*) dhcpv4 - fixed string option parser;
*) ike2 - fixed disabled DPD;
*) ike2 - fixed last EAP auth payload type;
*) ike2 - improved logging;
*) ike2 - kill only child SAs which are not re-keyed by remote peer;
*) ipsec - disallow AH+ESP combined policies ;
*) ppp - fixed rare kernel failure when receiving IPv6 address on PPP interface;
*) tr069-client - made any Download RPC overwrite configuration except ".alter";
*) tr069-client - improved LTE monitoring process;
*) winbox - allowed to specify static-dns as list;
*) winbox - do not show "dpd-max-failures" on IKEv2;
*) winbox - fixed CAPsMAN channels frequency (allow to specify a list of them);
*) winbox - fixed IPSec "mode-config" DNS settings;
*) winbox - fixed issue when working IPSec policies were shown as invalid;
*) winbox - improved "/tool torch";
*) winbox - do not allow Packet Sniffer "memory-limit" and "file-limit" lower than 10KiB;
*) winbox - show "A" flag for IPSec policies;
*) winbox - show "H" flag for IPSec installed SAs;
*) wireless - added PEAP authentication support for wireless station mode;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
nicob
just joined
Posts: 3
Joined: Tue Apr 11, 2017 5:11 pm

Re: v6.39rc [release candidate] is released

Tue Apr 11, 2017 5:15 pm

I want to report an bootloop using rc68 on my tile. (CCR1009-8G-1S-1S+PC).
All interfaces shutdown after 10 seconds of starting services.

Currently I don't have a serial port on my laptop, so no console output for now :(
 
heaven
just joined
Posts: 13
Joined: Mon Aug 15, 2016 12:14 pm

Re: v6.39rc [release candidate] is released

Tue Apr 11, 2017 5:25 pm

My hap ac lite is bootloop too on rc68
 
bbs2web
Member Candidate
Member Candidate
Posts: 201
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: v6.39rc [release candidate] is released

Tue Apr 11, 2017 5:30 pm

Spanning Tree is broken since 6.38. We want to implement redundant bridges, to link together carrier VLANs to customer ports or VLANs. The previous STP implementation was essentially similar to PVSTP (per VLAN Spanning Tree Protocol) but the new implementation results in routers sending and processing STP BPDU packets on ports which aren't members of the bridge. The simplest way of demonstrating this is to configure bridges on two different VLANs, on different routers which share the VLAN carrying network.

We link two RB433GL routers together by interconnecting ether2, then setup VLAN 10 on one and VLAN 11 on the other. We then finally add the VLAN interfaces to separate bridges and would expect each bridge to be root independently but they don't:

Router 1:
/interface vlan
  add interface=ether2 name=vlan10 vlan-id=10
/interface bridge
  add name=bridge-vlan10
/interface bridge port
  add bridge=bridge-vlan10 interface=vlan10
Router 2:
/interface vlan
  add interface=ether2 name=vlan11 vlan-id=11
/interface bridge
  add name=bridge-vlan11
/interface bridge port
  add bridge=bridge-vlan11 interface=vlan11
Status on Router 1:
[admin@Router 1] > int bridge monitor bridge-vlan10
                  state: enabled
    current-mac-address: 00:0C:42:F5:8D:7D
            root-bridge: yes
         root-bridge-id: 0x8000.00:0C:42:F5:8D:7D
         root-path-cost: 0
              root-port: none
             port-count: 1
  designated-port-count: 1
Status on Router 2:
[admin@Router 2] > int bridge monitor bridge-vlan11
                  state: enabled
    current-mac-address: D4:CA:6D:78:4A:8A
            root-bridge: no
         root-bridge-id: 0x8000.00:0C:42:F5:8D:7D
         root-path-cost: 10
              root-port: vlan11
             port-count: 1
  designated-port-count: 0

This was validated on both 6.38.5 and 6.39rc68. When downgrading to 6.37.5 it works as it should:
Status on Router 1:
                  state: enabled
    current-mac-address: 00:0C:42:F5:8D:7D
            root-bridge: yes
         root-bridge-id: 0x8000.00:0C:42:F5:8D:7D
         root-path-cost: 0
              root-port: none
             port-count: 1
  designated-port-count: 1
Status on Router 2:
                  state: enabled
    current-mac-address: D4:CA:6D:78:4A:8A
            root-bridge: yes
         root-bridge-id: 0x8000.D4:CA:6D:78:4A:8A
         root-path-cost: 0
              root-port: none
             port-count: 1
  designated-port-count: 1
 
biatche
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Oct 13, 2015 6:50 am

Re: v6.39rc [release candidate] is released

Tue Apr 11, 2017 5:46 pm

Spanning Tree is broken since 6.38. We want to implement redundant bridges, to link together carrier VLANs to customer ports or VLANs. The previous STP implementation was essentially similar to PVSTP (per VLAN Spanning Tree Protocol) but the new implementation results in routers sending and processing STP BPDU packets on ports which aren't members of the bridge. The simplest way of demonstrating this is to configure bridges on two different VLANs, on different routers which share the VLAN carrying network.

We link two RB433GL routers together by interconnecting ether2, then setup VLAN 10 on one and VLAN 11 on the other. We then finally add the VLAN interfaces to separate bridges and would expect each bridge to be root independently but they don't:

Router 1:
/interface vlan
  add interface=ether2 name=vlan10 vlan-id=10
/interface bridge
  add name=bridge-vlan10
/interface bridge port
  add bridge=bridge-vlan10 interface=vlan10
Router 2:
/interface vlan
  add interface=ether2 name=vlan11 vlan-id=11
/interface bridge
  add name=bridge-vlan11
/interface bridge port
  add bridge=bridge-vlan11 interface=vlan11
Status on Router 1:
[admin@Router 1] > int bridge monitor bridge-vlan10
                  state: enabled
    current-mac-address: 00:0C:42:F5:8D:7D
            root-bridge: yes
         root-bridge-id: 0x8000.00:0C:42:F5:8D:7D
         root-path-cost: 0
              root-port: none
             port-count: 1
  designated-port-count: 1
Status on Router 2:
[admin@Router 2] > int bridge monitor bridge-vlan11
                  state: enabled
    current-mac-address: D4:CA:6D:78:4A:8A
            root-bridge: no
         root-bridge-id: 0x8000.00:0C:42:F5:8D:7D
         root-path-cost: 10
              root-port: vlan11
             port-count: 1
  designated-port-count: 0

This was validated on both 6.38.5 and 6.39rc68. When downgrading to 6.37.5 it works as it should:
Status on Router 1:
                  state: enabled
    current-mac-address: 00:0C:42:F5:8D:7D
            root-bridge: yes
         root-bridge-id: 0x8000.00:0C:42:F5:8D:7D
         root-path-cost: 0
              root-port: none
             port-count: 1
  designated-port-count: 1
Status on Router 2:
                  state: enabled
    current-mac-address: D4:CA:6D:78:4A:8A
            root-bridge: yes
         root-bridge-id: 0x8000.D4:CA:6D:78:4A:8A
         root-path-cost: 0
              root-port: none
             port-count: 1
  designated-port-count: 1
I don't know if its related, but i have a hex[gateway]-crs125[switch]-hap/wap ac[access points] setup and with 6.38 on all devices. i use pretty standard default bridges, vlans and the CRS125 loses connectivity whenever theres a 6.38 device attached. i presume that default vlans/bridges do have rtsp enabled. wasted many hours trying to figure out what's wrong. worst of all, mikrotik doesnt seem interested in testing this. we have not heard any response so far on anything related to this in the forums. reverted to 6.37 for the time being
Last edited by biatche on Tue Apr 11, 2017 5:51 pm, edited 2 times in total.
 
pista
just joined
Posts: 9
Joined: Thu Aug 04, 2016 12:46 pm

Re: v6.39rc [release candidate] is released

Tue Apr 11, 2017 5:46 pm

After upgrade there is bootloop on hAP ac. :( :( :(
How to repair it? :shock:
 
biatche
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Oct 13, 2015 6:50 am

Re: v6.39rc [release candidate] is released

Tue Apr 11, 2017 5:48 pm

seriously, rc should be renamed to alpha or testing. while current should be renamed to beta and bugfix to stable.
 
heaven
just joined
Posts: 13
Joined: Mon Aug 15, 2016 12:14 pm

Re: v6.39rc [release candidate] is released

Tue Apr 11, 2017 5:53 pm

I try to restore hap ac lite by netinstall but nothing.((((((( how to restore it?



After 40 minutes I already restore it:
but strange situation. If I press reset button and power on there is not install new firmware, when I power on it without reset the router is flashed. The backups is erased on file list(((((
Last edited by heaven on Tue Apr 11, 2017 6:40 pm, edited 1 time in total.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8320
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.39rc [release candidate] is released

Tue Apr 11, 2017 5:55 pm

On x86, rc68 says 'info failed: std failure: timeout (13)' after Login prompt and does not work :)

I pressed 'Enter', RouterOS rebooted, I logged in and typed 'ip ad pr'. Router hung.After some time - again 'info failed: std failure: timeout (13)'.

UPD: 'router rebooted because some critical program crashed'
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
sbeauchamp
newbie
Posts: 29
Joined: Fri Sep 16, 2016 3:27 pm

Re: v6.39rc [release candidate] is released

Tue Apr 11, 2017 7:14 pm

IPIP and GRE interfaces are no longer working. Upgrading to 6.39.rc68, automatically removed all my IPIP tunnels. If i try to add them back via web or CLI the router crashes and reboots. On the cli i can do /int ipip add name=TUN1 and hit enter, i get the prompt for remote address but after i type it in and hit enter it crashes.

This is on a CCR1009
 
napismizpravu
Member Candidate
Member Candidate
Posts: 135
Joined: Sat Apr 09, 2011 1:27 pm
Location: czech

Re: v6.39rc [release candidate] is released

Tue Apr 11, 2017 7:36 pm

RB433UAH
update 6.39rc62 > 6.39rc68 => netinstall (install 6.39rc62)
 
amokkatmt
newbie
Posts: 30
Joined: Mon Oct 24, 2011 3:31 pm

Re: v6.39rc [release candidate] is released

Tue Apr 11, 2017 7:37 pm

So, I did a downgrade on my 2011 and have logging to disk. Here we go:
17:31:34 system,info verified routeros-mipsbe-6.39rc68.npk 
17:31:34 system,info verified ntp-6.39rc68-mipsbe.npk 
17:31:34 system,info installed routeros-mipsbe-6.39rc68 
17:31:34 system,info installed ntp-6.39rc68 
17:31:34 system,info router rebooted 
17:32:05 snmp,warning timeout while waiting for program 20 
17:33:43 system,info router rebooted 
17:33:44 system,error,critical router rebooted because some critical program crashed 
17:34:13 snmp,warning timeout while waiting for program 20 
17:35:51 system,info router rebooted 
17:35:52 system,error,critical router rebooted because some critical program crashed 
17:36:22 snmp,warning timeout while waiting for program 20 
17:38:00 system,info router rebooted 
17:38:01 system,error,critical router rebooted because some critical program crashed 
17:38:31 snmp,warning timeout while waiting for program 20 
17:40:08 system,info router rebooted 
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Wed Apr 12, 2017 9:19 am

We re sorry for any inconvenience caused.

We have managed to reproduce this issue and it will be resolved in next rc public release.
 
User avatar
horza
just joined
Posts: 5
Joined: Sun Oct 19, 2014 3:30 pm

Re: v6.39rc [release candidate] is released

Wed Apr 12, 2017 11:59 am

6.39rc62 > 6.39rc68 caused my 2011UAS-2HnD and x86 to not boot. Starting services -> crash on both.
Both routers use a whole bunch of features, so not sure which one broke it :(
FWIW CHR upgraded just fine.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Wed Apr 12, 2017 12:51 pm

Version 6.39rc69 has been released.

Changes since previous version:
*) ike2 - allow multiple child SA traffic selectors on re-key;
*) ike2 - log RADIUS timeout message under error topic;
*) ipsec - do not loose "use-ipsec=yes" parameter after downgrade;
*) lte - added "session-uptime" in info command;
*) lte - reset interface stats on "link-down";
*) ppp - added "bridge-horizon" option under PPP/Profile;
*) snmp - increase “engineBoots” value on reboot;
*) tunnels - fixed reboot loop on configurations with IPIP and EoIP tunnels (introduced in 6.39rc68);
*) webfig - allow to select "default-encryption" profile on PPP tunnels;
*) webfig - show all available options under “Advanced Mode” for wireless interfaces;
*) webfig - fixed “last-link-up” & “last-link-down” time information;
*) winbox - do not start Traffic Generator automatically when opening "Quick Start";

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Wed Apr 12, 2017 1:23 pm

This release fixes crashes related to EoIP and IPIP tunnels which were introduced with previous release:
*) tunnels - fixed reboot loop on configurations with IPIP and EoIP tunnels (introduced in 6.39rc68);

We are sorry for any inconvenience caused.
 
pista
just joined
Posts: 9
Joined: Thu Aug 04, 2016 12:46 pm

Re: v6.39rc [release candidate] is released

Wed Apr 12, 2017 1:33 pm

This release fixes crashes related to EoIP and IPIP tunnels which were introduced with previous release:
*) tunnels - fixed reboot loop on configurations with IPIP and EoIP tunnels (introduced in 6.39rc68);

We are sorry for any inconvenience caused.
And fix reboot loop on hAPac ? Because I have no EoIP or IPIP tunnels.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Wed Apr 12, 2017 4:52 pm

pista - Please write to support@mikrotik.com and explain your problem. Provide old supout files or export files from older versions (if you have any) so we could try to reproduce your problem.
 
pista
just joined
Posts: 9
Joined: Thu Aug 04, 2016 12:46 pm

Re: v6.39rc [release candidate] is released

Wed Apr 12, 2017 5:04 pm

pista - Please write to support@mikrotik.com and explain your problem. Provide old supout files or export files from older versions (if you have any) so we could try to reproduce your problem.
I wrote to the support.
Below is answer from support.... :-(

I have only "autosupout.rif" what I find in the flash of router.

-----------------------------------------------------------------------------------------
Hello,
We are sorry for any inconvenience caused.
We have managed to reproduce such issue and will fix it in next 6.39rc public release.
If you can not access device, then you must Netinstall device to older RouterOS version.

Have a nice day!

Best regards,
Martins S.

--
MikroTik.com
--

04/11/2017 18:45 - wrote:

> Hello,
>
> after upgrade to 6.39rc68 on hAPac I have bootloop.
> How to repair it?
>
-----------------------------------------------------------------------------------------
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Wed Apr 12, 2017 5:31 pm

pista - Please send this autosupout file to support within the same conversation. I see that there were no files attached and it was assumed that this is the same issue with IPIP and EoIP.
 
jkarras
Member Candidate
Member Candidate
Posts: 224
Joined: Fri Sep 06, 2013 3:07 am
Location: Utah, USA

Re: v6.39rc [release candidate] is released

Thu Apr 13, 2017 4:19 am

Spanning Tree is broken since 6.38. We want to implement redundant bridges, to link together carrier VLANs to customer ports or VLANs. The previous STP implementation was essentially similar to PVSTP (per VLAN Spanning Tree Protocol) but the new implementation results in routers sending and processing STP BPDU packets on ports which aren't members of the bridge. The simplest way of demonstrating this is to configure bridges on two different VLANs, on different routers which share the VLAN carrying network.
At the top of the 6.38 changelog there is this answer to your issue:
Important note!!!
RouterOS v6.38 contains STP/RSTP changes which makes bridges compatible with IEEE 802.1Q-2014 by sending and processing BPDU packets without VLAN tag.
 
biatche
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Oct 13, 2015 6:50 am

Re: v6.39rc [release candidate] is released

Thu Apr 13, 2017 8:06 am

Spanning Tree is broken since 6.38. We want to implement redundant bridges, to link together carrier VLANs to customer ports or VLANs. The previous STP implementation was essentially similar to PVSTP (per VLAN Spanning Tree Protocol) but the new implementation results in routers sending and processing STP BPDU packets on ports which aren't members of the bridge. The simplest way of demonstrating this is to configure bridges on two different VLANs, on different routers which share the VLAN carrying network.
At the top of the 6.38 changelog there is this answer to your issue:
Important note!!!
RouterOS v6.38 contains STP/RSTP changes which makes bridges compatible with IEEE 802.1Q-2014 by sending and processing BPDU packets without VLAN tag.
and what's the answer?
 
jkarras
Member Candidate
Member Candidate
Posts: 224
Joined: Fri Sep 06, 2013 3:07 am
Location: Utah, USA

Re: v6.39rc [release candidate] is released

Thu Apr 13, 2017 8:35 am

Spanning Tree is broken since 6.38. We want to implement redundant bridges, to link together carrier VLANs to customer ports or VLANs. The previous STP implementation was essentially similar to PVSTP (per VLAN Spanning Tree Protocol) but the new implementation results in routers sending and processing STP BPDU packets on ports which aren't members of the bridge. The simplest way of demonstrating this is to configure bridges on two different VLANs, on different routers which share the VLAN carrying network.
At the top of the 6.38 changelog there is this answer to your issue:
Important note!!!
RouterOS v6.38 contains STP/RSTP changes which makes bridges compatible with IEEE 802.1Q-2014 by sending and processing BPDU packets without VLAN tag.
and what's the answer?
Since 6.38 BPDUs are sent and processed with out the VLAN tag.
 
biatche
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Oct 13, 2015 6:50 am

Re: v6.39rc [release candidate] is released

Thu Apr 13, 2017 12:49 pm

Spanning Tree is broken since 6.38. We want to implement redundant bridges, to link together carrier VLANs to customer ports or VLANs. The previous STP implementation was essentially similar to PVSTP (per VLAN Spanning Tree Protocol) but the new implementation results in routers sending and processing STP BPDU packets on ports which aren't members of the bridge. The simplest way of demonstrating this is to configure bridges on two different VLANs, on different routers which share the VLAN carrying network.
At the top of the 6.38 changelog there is this answer to your issue:
Important note!!!
RouterOS v6.38 contains STP/RSTP changes which makes bridges compatible with IEEE 802.1Q-2014 by sending and processing BPDU packets without VLAN tag.
and what's the answer?
Since 6.38 BPDUs are sent and processed with out the VLAN tag.
He said its broken, so what's the fix?
 
pe1chl
Forum Guru
Forum Guru
Posts: 5977
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39rc [release candidate] is released

Thu Apr 13, 2017 2:55 pm

Adapt all the equipment and settings in the network to be standards compliant.
That being said, it would have been friendlier when this change was configurable so a new version
could be installed with the old behaviour and a controlled migration of existing networks would be possible.
 
sbeauchamp
newbie
Posts: 29
Joined: Fri Sep 16, 2016 3:27 pm

Re: v6.39rc [release candidate] is released

Thu Apr 13, 2017 3:05 pm

I seem to be having IPSEC peers acting odd. I haven't noticed this until the last couple RC versions. Peers will show a whole bunch of installed SAs, although only one pair per peer with increment bytes.I have two CCRs(rc62 and rc69) connected back to a CHR (6.37.5), both are doing this. the CHR shows tons on installed SAs, while the CCRs don't show any SAs at all. Eventually, the IPSEC peers fail and no traffic will pass. I can flush SAs from the CHR it will reestablish. Anyone seeing this?

Ill email support as well.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Thu Apr 13, 2017 3:28 pm

Version 6.39rc72 has been released.

Changes since previous version:
*) discovery - fixed LLDP discovery, IPv6 address was not parsed correctly;
*) l2tp - added support for multiple L2TP tunnels (not to be confused with sessions) between same endpoints (required in some LNS configurations);
*) l2tp-server - added "caller-id-type" to forward calling station number to RADIUS on authentication;
*) l2tp-server - added "use-ipsec=required" option;
*) l2tp-server - fixed upgrade to keep "use-ipsec=yes" in L2TP server;
*) log - added missing "license limit exceeded" log entry;
*) ppp - added option to specify "interface-list" in PPP/Profile;
*) pppoe - added warning on PPPoE client/server, if it is configured on slave interface;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
bbs2web
Member Candidate
Member Candidate
Posts: 201
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: v6.39rc [release candidate] is released

Thu Apr 13, 2017 5:12 pm

I understand MikroTik removing VLAN tags from STP BPDU frames when people create VLANs on bridges, as in:
int vlan add name=vlanXXX interface=bridge vlan-id=XXX
The change they however smashed in place, in my humble opinion, shows no field testing nor consideration for existing customers who have built networks having become accustomed to how RouterOS's STP implementation worked up until 6.38. Their changes now make it impossible for service providers to redundantly bridge interfaces; the whole point of STP in the first place.

I generally understand things better with examples, perhaps the following helps others too:
  • You have a customer who's paying for a layer 2 service to two cities and wants each one handed off as a VLAN on their PNI (provider network interconnect). On 6.37.5 you could setup redundant VPLS tunnels to the two remote cities, on redundant routers, set each one to bridge the services to the customer's service delivery VLANs on the PNI and RSTP would automatically isolates the redundant uplink to prevent network topology loops. This is impossible since 6.38...
Their current implementation additionally simply assumes that it can transmit the STP BPDU frames on the VLAN's parent interface so it becomes immensely unpredictable:
  • - Bridging QinQ VLANs, Attach 'vlan10-vlan100' to a bridge and the STP frames are transmitted on vlan10. This is in direct contradiction to their change announcement where they indicated that STP wouldn't be tagged.
  • - Bridging other interfaces. RouterOS doesn't transmit STP BPDU directly on the carrier interface when you bridge a tunnel interface such as EoIP, VPLS, etc. By this I mean that RouterOS wouldn't sporadically send STP BPDU frames on ether1 because it's carrying an EoIP tunnel. A Virtual LAN interface is supposed to be isolated from other interfaces, why would MikroTik suddenly consider it normal to transmit STP BPDU frames outside of the bridge?

MikroTik should at the very least provide a method to retain their previous STP implementation, which worked well with Cisco's PVSTP (per VLAN STP). This quite simply transmitted STP BPDU frames on all bridge member ports. Yes, bridging vlan10 and then connecting the uplink port to a cheap D-Link or Netgear may cause the STP implementation on that switch to shut the port, but that's a problem with the switch or the user's implementation; not for MikroTik to have a knee jerk reaction and break something as fundamental as service provider bridging redundancy. PS: People with these switches should either simply disable STP on the uplink interface, change their topology, log a request to have switch firmware changed or get a PVSTP capable switch.

I furthermore don't see the point of having independent STP processes running for each bridge, if the STP BPDU frames are leaked to ports that aren't members of those bridges. Simply do what switch vendors have done and provide the option of how you want STP to operate (eg Netgear M4300 offers STP, RSTP, MSTP or PV(R)STP).


YOU CAN NOT CHANGE FEATURES WHICH FUNDAMENTALLY AFFECT HOW THAT PRODUCT FUNCTIONS..
Adapt all the equipment and settings in the network to be standards compliant.
That being said, it would have been friendlier when this change was configurable so a new version
could be installed with the old behaviour and a controlled migration of existing networks would be possible.
Last edited by bbs2web on Thu Apr 13, 2017 11:02 pm, edited 1 time in total.
 
w0lt
Member
Member
Posts: 486
Joined: Wed Apr 02, 2008 2:12 pm
Location: Minnesota USA

Re: v6.39rc [release candidate] is released

Thu Apr 13, 2017 5:58 pm

When I upgraded to ROS v6.39rc62, the following Firewall rule brought my outside access to a crawl:

/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related

Once I disabled it, the system began to work normally.
This is the same with the current release 6.39rc72.
I have submitted a supout file to tech support.

Thoughts?

-tp
MTCNA - 2011

" The Bitterness of Poor Quality Remains Long After the Sweetness of Low Price is Forgotten "

Image
 
pe1chl
Forum Guru
Forum Guru
Posts: 5977
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39rc [release candidate] is released

Thu Apr 13, 2017 6:52 pm

Thoughts?
Too little context to say anything meaningful!
When you don't want to post your full config here, you will have to take that up with support.
 
jkarras
Member Candidate
Member Candidate
Posts: 224
Joined: Fri Sep 06, 2013 3:07 am
Location: Utah, USA

Re: v6.39rc [release candidate] is released

Fri Apr 14, 2017 2:11 am

When I upgraded to ROS v6.39rc62, the following Firewall rule brought my outside access to a crawl:

/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related

Once I disabled it, the system began to work normally.
This is the same with the current release 6.39rc72.
I have submitted a supout file to tech support.

Thoughts?

-tp
I am seeing similar issues with slowness when moving past rc60. I'll try to remove the fasttrack-connection rule and see if it also resolves my issues. I suspect it will because I have a VRF which does not seem to be affected.
 
User avatar
kometchtech
Member Candidate
Member Candidate
Posts: 194
Joined: Sat Jun 15, 2013 4:25 am
Location: Japan
Contact:

Re: v6.39rc [release candidate] is released

Fri Apr 14, 2017 3:29 am

When I upgraded to ROS v6.39rc62, the following Firewall rule brought my outside access to a crawl:

/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related

Once I disabled it, the system began to work normally.
This is the same with the current release 6.39rc72.
I have submitted a supout file to tech support.

Thoughts?

-tp
I am also suffering from this symptom.
There is no problem if you do not use FastTrack, but I can not explain the symptoms when using FastTrack.
I also contact support, but I do not understand easily.
--
Routerboard Users Group JP
http://www.rb-ug.jp/
CCR1009-8G-1S-1S+, RB750Gr3, CRS226-24G-2S+, RB850Gx2, RB960PGS, CRS317-1G-16S+,
RB2011UAS, CRS125-24G-1S, RB962UiGS-5HacT2HnT, CRS212-1G-10S-1S+, RB3011UiAS
 
jkarras
Member Candidate
Member Candidate
Posts: 224
Joined: Fri Sep 06, 2013 3:07 am
Location: Utah, USA

Re: v6.39rc [release candidate] is released

Fri Apr 14, 2017 5:46 am

Confirmed disabling fasttrack rule fixes slow traffic that would have otherwise been tagged by the rule.
 
msatter
Forum Guru
Forum Guru
Posts: 1337
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.39rc [release candidate] is released

Sat Apr 15, 2017 5:18 pm

For long time I was very pleased to use IKE2 with my Adroid with StrongSwan as client. It is still working on 6.39v62 and I skipped 6.39v68 and used the 6.39v69 and gone was my IKE2 connection. I get the error "wrong EAP mode" and I poked a bit around and it seems to be the Peers tab and the certificate and remote certificate part. Nothing helped and changing setting StrongSwan did also not help. Updated to 6.39v72, despite no mention in the changelog on IKE2, to no avail.

So I downgraded to 6.39v62 and my IKE2 worked instantly to great pleasure to me!!

Does someone know how what to do so I don't being stuck on 6.39v62 forever because something changed in the later version of RouterOS and I don't have a clue how or what to change?
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta68 / Winbox 3.20 / MikroTik APP 1.3.7
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
msatter
Forum Guru
Forum Guru
Posts: 1337
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.39rc [release candidate] is released

Sun Apr 16, 2017 1:27 pm

Do I need to regenerate my certificate in a different way to be able to connect to the latest version of routeros through Ipsec IKE2?
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta68 / Winbox 3.20 / MikroTik APP 1.3.7
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
User avatar
korzh
just joined
Posts: 3
Joined: Sun Apr 16, 2017 5:53 pm

Re: v6.39rc [release candidate] is released

Sun Apr 16, 2017 6:05 pm

For long time I was very pleased to use IKE2 with my Adroid with StrongSwan as client. It is still working on 6.39v62 and I skipped 6.39v68 and used the 6.39v69 and gone was my IKE2 connection. I get the error "wrong EAP mode" and I poked a bit around and it seems to be the Peers tab and the certificate and remote certificate part. Nothing helped and changing setting StrongSwan did also not help. Updated to 6.39v72, despite no mention in the changelog on IKE2, to no avail.
Seems to got same issue on my RB951Ui-2HnD. Updated from 6.39rc62 to 6.39rc72, now IKEv2 functionality is lost.
Got following lines in log:
17:49:32 ipsec,debug ---->: KA tree dump: <Router Wan IP>[4500]-><Client IP>[15892] (in_use=2) 
17:49:32 ipsec ---->: processing payloads: NOTIFY 
17:49:32 ipsec ---->:   notify: INITIAL_CONTACT 
17:49:32 ipsec ---->:   notify: ESP_TFC_PADDING_NOT_SUPPORTED 
17:49:32 ipsec ---->:   notify: NON_FIRST_FRAGMENTS_ALSO 
17:49:32 ipsec ---->: peer wants tunnel mode 
17:49:32 ipsec ---->: processing payload: CONFIG 
17:49:32 ipsec ---->:   attribute: internal IPv4 address 
17:49:32 ipsec ---->:   attribute: internal IPv4 netmask 
17:49:32 ipsec ---->:   attribute: internal IPv4 DNS 
17:49:32 ipsec ---->:   attribute: internal IPv4 DNS 
17:49:32 ipsec ---->:   attribute: internal IPv4 NBNS 
17:49:32 ipsec ---->:   attribute: internal IPv4 NBNS 
17:49:32 ipsec ---->:   attribute: application version 
17:49:32 ipsec,error can't acquire address for <Client IP>, <Client cert details>: std failure: unknown id (4) 
17:49:32 ipsec,error ---->: can't acquire address for <Client IP>, <Client cert details>: std failure: unknown id (4) 
17:49:32 ipsec ---->: my ID (DER): <Router cert details> 
17:49:32 ipsec,error wrong EAP mode 
17:49:32 ipsec,error ---->: wrong EAP mode 
17:49:32 ipsec ---->: adding payload: NOTIFY 
17:49:32 ipsec ---->:   notify: INTERNAL_ADDRESS_FAILURE 
Client device is BlackBery z30, using "Generic IKEv2" VPN mode, connecting via mobile network.
 
msatter
Forum Guru
Forum Guru
Posts: 1337
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.39rc [release candidate] is released

Sun Apr 16, 2017 9:27 pm

It seems that the client IP is the problem. Normally it is pulled from the pool but it seems that this address is also needed to be stated in the certificate.
17:49:32 ipsec,error can't acquire address for <Client IP>, <Client cert details>: std failure: unknown id (4)
17:49:32 ipsec,error ---->: can't acquire address for <Client IP>, <Client cert details>: std failure: unknown id (4)
If you're still running the v72 maybe you can put the IP someware in strongswan to if that differs.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta68 / Winbox 3.20 / MikroTik APP 1.3.7
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
User avatar
korzh
just joined
Posts: 3
Joined: Sun Apr 16, 2017 5:53 pm

Re: v6.39rc [release candidate] is released

Sun Apr 16, 2017 11:03 pm

It seems that the client IP is the problem. Normally it is pulled from the pool but it seems that this address is also needed to be stated in the certificate.
It's near to impossible to state IP address in certificate for road warrior in advance, since we don't know what IP will be assigned to device by mobile network (or it can be behind NAT on some public hotspot). Also setting auth method to PSK results to same error:
ipsec,error can't acquire address for <Client IP>, <Client IP>: std failure: unknown id (4)
Anyway I think that I found what was wrong.
After update following peer setting were modified (don't know why, possible bacause some new parameters were added to IPSec):
Passive was set to "no" and mode-config was set to "request-only", which is default IPSec mode config without address pool configured.

So, I found two ways to solve issue:
1. just define address pool, prefix length etc. in "request-only" mode config.
2. set peer "passive" parameter to "yes", define new mode config and set it in peer parameters. (This way seems to be more correct than first).

After all changes done I see that mobile device connects to RB with no problems.

Seems that that was my fault - I just was need to inspect all IPSec settings, but I was a bit confused with "wrong eap mode" line in log.
 
tagocha
just joined
Posts: 10
Joined: Sun Apr 16, 2017 10:00 pm

Re: v6.39rc [release candidate] is released

Sun Apr 16, 2017 11:47 pm

thanks for valuable information
 
User avatar
korzh
just joined
Posts: 3
Joined: Sun Apr 16, 2017 5:53 pm

Re: v6.39rc [release candidate] is released

Mon Apr 17, 2017 2:12 am

Seems that that was my fault - I just was need to inspect all IPSec settings, but I was a bit confused with "wrong eap mode" line in log.
Oops. Seems that not only my fault.
Played a bit with PFS Group settings in proposal, changing value from "none" to any other value and got "wrong EAP mode" in log. Most interesting that error message persists even if PFS was reverted back to "none".
So, now I have exactly same configuration (on same OS version) which previously allowed to connect mobile device, but no connection can be established in fact.
Rebooting both router and client device results to nothing.
Looks like some kind of "floating" bug.

UPD: changing PFS settings randomly (from subset supported by client device) and trying to connect results in successful connection in one of about 10 cases, no matter what PFS is selected.
 
stucki
just joined
Posts: 19
Joined: Sun Apr 16, 2017 3:57 pm

Re: v6.39rc [release candidate] is released

Mon Apr 17, 2017 5:12 pm

I can confirm the upgrade problem on the CHR.

stable to rc

Image
 
msatter
Forum Guru
Forum Guru
Posts: 1337
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.39rc [release candidate] is released

Tue Apr 18, 2017 3:47 pm

So, I found two ways to solve issue:
1. just define address pool, prefix length etc. in "request-only" mode config.
2. set peer "passive" parameter to "yes", define new mode config and set it in peer parameters. (This way seems to be more correct than first).

After all changes done I see that mobile device connects to RB with no problems.

Seems that that was my fault - I just was need to inspect all IPSec settings, but I was a bit confused with "wrong eap mode" line in log.
I checked this an my configuration already was already set that way. I remember during fiddling with the settings I could connect however like you experienced that could be just luck and not repeatable.

Going back again to v62 and hope that the Wiki will be updated to explain how to setup a working Road Warrior again.

Update: the "wrong EAP mode" will be fixed in the next RC according to Mikrotik Support. See posting below.
Last edited by msatter on Tue Apr 18, 2017 4:04 pm, edited 2 times in total.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta68 / Winbox 3.20 / MikroTik APP 1.3.7
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
User avatar
emils
MikroTik Support
MikroTik Support
Posts: 522
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.39rc [release candidate] is released

Tue Apr 18, 2017 3:56 pm

Issue with wrong EAP mode will be fixed in the next release candidate version.
 
AlexLite
just joined
Posts: 20
Joined: Wed Feb 17, 2016 10:16 am

Re: v6.39rc [release candidate] is released

Wed Apr 19, 2017 8:26 am

My wap ac on rc72 seems to reset to default configuration on every reboot.
Anybody ran into this?
 
User avatar
ErfanDL
Member Candidate
Member Candidate
Posts: 289
Joined: Thu Sep 29, 2016 9:13 am
Location: IRAN
Contact:

Re: v6.39rc [release candidate] is released

Wed Apr 19, 2017 9:30 am

What's going on? Mikrotik stopped updating? Update stopped on rc72 :|

Sent from my C6833 using Tapatalk
 
pe1chl
Forum Guru
Forum Guru
Posts: 5977
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39rc [release candidate] is released

Wed Apr 19, 2017 11:15 am

What's going on? Mikrotik stopped updating? Update stopped on rc72 :|
Come on! rc72 was released last week!
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24323
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.39rc [release candidate] is released

Wed Apr 19, 2017 11:19 am

We had easter holiday from thursday to monday included. RC73 is in internal testing now ;)
No answer to your question? How to write posts
 
ganewbie
newbie
Posts: 36
Joined: Fri Feb 24, 2012 4:46 pm

Re: v6.39rc [release candidate] is released

Wed Apr 19, 2017 3:19 pm

Version 6.39rc72 has been released.
Changes since previous version:
*) l2tp - added support for multiple L2TP tunnels (not to be confused with sessions) between same endpoints (required in some LNS configurations);
*) l2tp-server - added "caller-id-type" to forward calling station number to RADIUS on authentication;
.
Could you please shed some light on the changes?
I assume the first one concerning having multiple domains coming from one LAC (could be Junipur or Cisco) to the Mikrotik when it works as LNS, correct?
An example of my question is:
clientx@example1.com
clienty@example2.com

Thanks for the great product,
 
pe1chl
Forum Guru
Forum Guru
Posts: 5977
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39rc [release candidate] is released

Wed Apr 19, 2017 3:26 pm

Is there a chance to get the rpfilter matcher assuming it is not yet available?
viewtopic.php?f=2&t=120863
 
mducharme
Trainer
Trainer
Posts: 877
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.39rc [release candidate] is released

Fri Apr 21, 2017 7:21 am

I am having an EoIP Tunnel IPv6 MTU issue recently that must have started in one of the 6.39rc's.

I have a friend who runs an ISP also using MikroTik and he provides me with IPv6 through an IPv4 EoIP tunnel since my home ISP doesn't offer IPv6 yet. At some point (I'm not sure when), my IPv6 stopped passing larger packets, I can only ping IPv6 with packet size 1458 (1459 fails). I allow ICMPv6 globally so PMTUD should be working. His side is working fine (running 6.38.5), so it must be an RC issue. I was tied up with other issues so I only noticed this recently - not sure when the problem started. I was at rc49 with this issue and upgraded to rc72 and it is still happening.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1825
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: v6.39rc [release candidate] is released

Fri Apr 21, 2017 7:43 am

Is there a chance to get the rpfilter matcher assuming it is not yet available?
viewtopic.php?f=2&t=120863
+1

I would like to see this too. I heard murmurings that Mikrotik were planning on adding per-interface RP filter settings.. Any offical update ?
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
Chrisnetika
just joined
Posts: 1
Joined: Sat Oct 31, 2015 10:41 am

Re: v6.39rc [release candidate] is released

Fri Apr 21, 2017 10:22 am

When I upgraded to ROS v6.39rc62, the following Firewall rule brought my outside access to a crawl:

/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related

Once I disabled it, the system began to work normally.
This is the same with the current release 6.39rc72.
I have submitted a supout file to tech support.

Thoughts?

-tp
I am also suffering from this symptom.
There is no problem if you do not use FastTrack, but I can not explain the symptoms when using FastTrack.
I also contact support, but I do not understand easily.
Having same issue on RB953GS-5HnT,
disabling fastpath or it's firewall rule fixes it
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6617
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: v6.39rc [release candidate] is released

Fri Apr 21, 2017 12:24 pm

6.39rc76 has been released.
viewtopic.php?f=1&t=120946

Who is online

Users browsing this forum: Baidu [Spider] and 12 guests