Community discussions

 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24206
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

v6.38.1 [current]

Mon Jan 16, 2017 5:33 pm

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

What's new in 6.38.1 (2017-Jan-13 05:51):

*) bridge - disallow manual removal of dynamic bridge ports;
*) bridge - fixed MAC address learning from switch master-port;
*) bridge - fixed access loss to device through bridge if master port had a loop (introduced in v6.38);
*) certificate - added year cap (invalid-after date will not exceed year 2039);
*) certificate - fixed fail on import from CAPs when both key and name already exist;
*) dhcpv6-client - fixed DHCPv6 rebind on startup;
*) dhcpv6-server - fixed server removal crash if static binding was present;
*) dns - fixed typo in regexp error message;
*) dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=21&t=116356);
*) fan - improved RPM monitor on CCR1009;
*) firewall - nat action "netmap" now requires to-addresses to be specified;
*) health - report fan speed for RB800 and RB1100 when 3-pin fan is being used;
*) ike1 - fixed ph1 rekey in setups with mode-cfg;
*) ike2 - allow empty selectors to reach policy handler;
*) ike2 - auto-negotiate split nets;
*) ike2 - default to tunnel mode in setups without policy;
*) ike2 - fixed error packet from initiator on responder reply;
*) ike2 - fixed initiator TS updating;
*) ike2 - fixed ph1 initial-contact rare desync;
*) ike2 - fixed policy setting for /0 selector with different address families;
*) ike2 - fixed split policy active flag;
*) ike2 - fixed traffic selector prefix calculation;
*) ike2 - fixed xauth add check;
*) ike2 - include identity in peer address info;
*) ike2 - log empty TS payload;
*) ike2 - minor logging update;
*) ike2 - show peer identity of connected peers;
*) ike2 - traffic selector improvements;
*) ike2 - update also local port when peer changes port;
*) ike2 - use first split net for empty TS;
*) ike2 - use standard retransmission timers for DPD;
*) ike2 - xauth like auth method with user support;
*) ipsec - added ability to kill particular remote-peer;
*) ipsec - fixed flush speed and SAs on startup;
*) ipsec - fixed peer port export;
*) ipsec - port is used only for initiators;
*) ipv6 - added warning about having interface MTU less than minimal IPv6 packet fragment (1280);
*) license - fixed demo license expiration after installation on x86;
*) log - improved firewall log messages when NAT has changed only connection ports;
*) logs - work on false CPU/RAM overclocked alarms;
*) mpls - fixed crash on active tunnel loss in MPLS TE setups;
*) ovpn - fixed address acquisition when ovpn-in interface becomes slave;
*) proxy - fixed "max-cache-object-size" export;
*) proxy - speed-up almost empty disk cache clean-up;
*) quickset - various small changes;
*) rb751u - fixed ethernet LEDs (broken since 6.38rc16);
*) ssh - fixed high memory consumption when transferring file over ssh tunnel;
*) webfig - show properly large BGP AS numbers;
*) winbox - added "make-static" to IPv6 DHCP server bindings;
*) winbox - added "prefix-pool" to DHCPv6 server binding;
*) winbox - added IPsec to radius services;
*) winbox - added upstream flag to IGMP proxy interfaces;
*) winbox - allow to specify "connection-bytes" & "connection-rate" for any protocol in “/ip firewall†rules;
*) winbox - allow to specify "sip-timeout" under ip firewall service-ports;
*) winbox - do not create empty rates.vht-basic/supported-mcs if not specified in CAPsMAN;
*) winbox - hide "nat-traversal" setting in IPsec peer if IKEv2 is selected;
*) winbox - show dynamic IPv6 pools properly;
*) winbox - show errors on IPv6 addresses;
*) winbox - specify metric for “/ip dns cache-used†setting;
*) wireless - show comment on "security-profile" if it is set;
No answer to your question? How to write posts
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1721
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.38.1 [current]

Mon Jan 16, 2017 5:38 pm

I have strange excitement about version that was build on the Friday 13th and with full moon (at least where i'm from).

Just upgraded my home network CRS226, RB750Gr2 and few WAP ac, so far so good. Tomorrow will play with test network @ work.
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
majestic
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Mon Dec 05, 2016 11:19 am

Re: v6.38.1 [current]

Mon Jan 16, 2017 6:03 pm

Awesome for releasing this release so soon. Will see if I can test it out later tonight on my RB750Gr3's and will report back once its done and tested. I really hope the 6.38 bugs are squashed :)
 
User avatar
brauser
Trainer
Trainer
Posts: 33
Joined: Sat Aug 21, 2010 6:36 am
Location: Brazil, SP, Valinhos
Contact:

Re: v6.38.1 [current]

Mon Jan 16, 2017 6:43 pm

I have strange excitement about version that was build on the Friday 13th and with full moon (at least where i'm from).

Just upgraded my home network CRS226, RB750Gr2 and few WAP ac, so far so good. Tomorrow will play with test network @ work.
hehehe, beware!!!
Routing the world
 
User avatar
ErfanDL
Member Candidate
Member Candidate
Posts: 275
Joined: Thu Sep 29, 2016 9:13 am
Location: IRAN
Contact:

Re: v6.38.1 [current]

Mon Jan 16, 2017 6:54 pm

Disable and Enable not worked in winbox
Please fix this issue

Sent from my C6833 using Tapatalk
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1407
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.38.1 [current]

Mon Jan 16, 2017 6:57 pm

Disable/enable issue is already fix in Winbox 3.9
 
majestic
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Mon Dec 05, 2016 11:19 am

Re: v6.38.1 [current]

Mon Jan 16, 2017 7:06 pm

Latest for Mac hasn't been done yet...

http://joshaven.com/resources/tools/winbox-for-mac/

Still stuck on 3.7.. wonder if joshaven hides out here somewhere, if so, would you be so kind and give us a 3.9 version when you get a few minutes. Thank you.

**Update**

I have just dropped joshaven a quick email to see if he can upgrade winbox for us macOS users to 3.9 as a temp fix until Mikrotik one day decides to give us a native version. Fingers crossed he is willing to do it.
Last edited by majestic on Mon Jan 16, 2017 7:16 pm, edited 1 time in total.
 
mikruser
Member
Member
Posts: 380
Joined: Wed Jan 16, 2013 6:28 pm

Re: v6.38.1 [current]

Mon Jan 16, 2017 7:10 pm

I really hope the 6.38 bugs are squashed :)
No, 6.38.1 also bugged, as 6.38 (ipsec tunnel dont work)
Only downgrade to 6.37.3 can help.
do not ask me why it is necessary.
 
JanezFord
Member Candidate
Member Candidate
Posts: 263
Joined: Wed May 23, 2012 10:58 am

Re: v6.38.1 [current]

Mon Jan 16, 2017 7:14 pm

Upgrade from 6.37.2 to 6.38.1 bricked rb751u-2hnd ... simple setup, pppoe+nat+wifi ...

Edit: Had to netinstall it ... it works OK now.
Last edited by JanezFord on Wed Jan 18, 2017 10:46 pm, edited 1 time in total.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1219
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.38.1 [current]

Mon Jan 16, 2017 7:16 pm

The PPPoE speed issue seems to be solved, at least for me.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
kevini
just joined
Posts: 3
Joined: Fri Jan 06, 2017 8:37 pm

Re: v6.38.1 [current]

Mon Jan 16, 2017 8:21 pm

The Bridge not using the FP with IPsec and EOIP is solved for me too. Speed is back :)
 
Kevo
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Wed Oct 12, 2011 1:38 am

Re: v6.38.1 [current]

Mon Jan 16, 2017 10:15 pm

Latest for Mac hasn't been done yet...

http://joshaven.com/resources/tools/winbox-for-mac/

Still stuck on 3.7..
Just upgrade from within winbox using the check for updates under tools. Works fine for me, although I am using my own wrapped version. It's pretty easy to do yourself if you want to learn. I use WineBottler with the separate Wine app as it keeps disk space usage down and Wine can be shared with other apps. Either way, with Winbox there's really no extra stuff you need, so it's easy to wrap.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8308
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.38.1 [current]

Mon Jan 16, 2017 10:23 pm

2017-Jan-13 05:51
05:51
O RLY? :shock:
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
darkmanlv
just joined
Posts: 24
Joined: Thu Mar 26, 2015 3:19 pm
Location: Riga, Latvia
Contact:

Re: v6.38.1 [current]

Mon Jan 16, 2017 10:26 pm

problem with speed is fixed on hap ac
 
lxp
just joined
Posts: 1
Joined: Mon Jan 16, 2017 10:20 pm

Re: v6.38.1 [current]

Mon Jan 16, 2017 10:41 pm

Unfortunately the bug with IPSec - "pre shared key xauth" introduced in 6.38 was not fixed in 6.38.1

When testing VPN with Android phone VPN type "IPSec Xauth PSK" (Nexus 5X Android version 7.1.1) RouterOS incorrectly recognizes XAUTH password length.
Jan/16/2017 21:23:42 ipsec,debug Configuration exchange type mode config REPLY
Jan/16/2017 21:23:42 ipsec,debug Short attribute XAUTH_TYPE = 0
Jan/16/2017 21:23:42 ipsec,debug Attribute XAUTH_USER_NAME len 6
Jan/16/2017 21:23:42 ipsec,debug Attribute XAUTH_USER_PASSWORD len 11
Jan/16/2017 21:23:42 ipsec,info Xauth login failed for user: ******
Password for above user attempt is in reality 10 characters long (both in "/ip ipsec user" and in Android phone).

IPSec peer config:
 /ip ipsec peer> print
Flags: X - disabled, D - dynamic, R - responder 
 0   R address=0.0.0.0/0 passive=yes auth-method=pre-shared-key-xauth secret="**********" generate-policy=port-override policy-template-group=RoadWarrior 
       exchange-mode=main mode-config=RW-cfg send-initial-contact=yes nat-traversal=yes proposal-check=obey hash-algorithm=sha1 enc-algorithm=aes-256 
       dh-group=modp1024 lifetime=1d dpd-interval=2m dpd-maximum-failures=5 
With the same config RouterOS version 6.37.3 succesfully established IPSec tunnel (Phase 1 and Phase 2).

Can anyone repeat the above problem?
 
liamalxd
just joined
Posts: 7
Joined: Sun Jul 10, 2016 1:51 pm

Re: v6.38.1 [current]

Tue Jan 17, 2017 1:16 am

This seems to have sorted the fan reporting issue on my 1009-8G-1S-1S+ that I reported after 6.37.3/6.38:

> system health print
fan-mode: auto
use-fan: main
active-fan: main
cpu-overtemp-check: yes
cpu-overtemp-threshold: 70C
cpu-overtemp-startup-delay: 1m
voltage: 24V
current: 829mA
temperature: 32C
cpu-temperature: 54C
power-consumption: 19.8W
psu1-state: ok
psu2-state: ok
fan1-speed: 4284RPM

Thanks guys!
 
User avatar
macsrwe
Long time Member
Long time Member
Posts: 647
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: v6.38.1 [current]

Tue Jan 17, 2017 4:50 am

Latest for Mac hasn't been done yet...

http://joshaven.com/resources/tools/winbox-for-mac/

Still stuck on 3.7..
Just upgrade from within winbox using the check for updates under tools. Works fine for me, although I am using my own wrapped version. It's pretty easy to do yourself if you want to learn. I use WineBottler with the separate Wine app as it keeps disk space usage down and Wine can be shared with other apps. Either way, with Winbox there's really no extra stuff you need, so it's easy to wrap.
Just did this -- it got me 3.8, but not 3.9 (am I misinterpreting announcement by strods, above?)
 
105547111
Member Candidate
Member Candidate
Posts: 131
Joined: Fri Jun 22, 2012 9:46 pm

Re: v6.38.1 [current]

Tue Jan 17, 2017 7:30 am

Its definitely winbox 3.9!
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24206
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.38.1 [current]

Tue Jan 17, 2017 9:04 am

Latest for Mac hasn't been done yet...

http://joshaven.com/resources/tools/winbox-for-mac/

Still stuck on 3.7.. wonder if joshaven hides out here somewhere, if so, would you be so kind and give us a 3.9 version when you get a few minutes. Thank you.

**Update**

I have just dropped joshaven a quick email to see if he can upgrade winbox for us macOS users to 3.9 as a temp fix until Mikrotik one day decides to give us a native version. Fingers crossed he is willing to do it.
Click "tools -> check for updates" and upgrade your Winbox Mac version! You do not have to wait for somebody to re-compile it.
screen 13.jpg
You do not have the required permissions to view the files attached to this post.
No answer to your question? How to write posts
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24206
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.38.1 [current]

Tue Jan 17, 2017 9:10 am

2017-Jan-13 05:51
05:51
O RLY? :shock:
GMT time ;)
No answer to your question? How to write posts
 
majestic
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Mon Dec 05, 2016 11:19 am

Re: v6.38.1 [current]

Tue Jan 17, 2017 9:23 am

Latest for Mac hasn't been done yet...

http://joshaven.com/resources/tools/winbox-for-mac/

Still stuck on 3.7.. wonder if joshaven hides out here somewhere, if so, would you be so kind and give us a 3.9 version when you get a few minutes. Thank you.

**Update**

I have just dropped joshaven a quick email to see if he can upgrade winbox for us macOS users to 3.9 as a temp fix until Mikrotik one day decides to give us a native version. Fingers crossed he is willing to do it.
Click "tools -> check for updates" and upgrade your Winbox Mac version! You do not have to wait for somebody to re-compile it.

screen 13.jpg
Omg I never knew that, thanks so much for pointing that out to me. How could I be so blind. Thanks again.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5934
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.38.1 [current]

Tue Jan 17, 2017 1:21 pm

Unfortunately the bug with IPSec - "pre shared key xauth" introduced in 6.38 was not fixed in 6.38.1

When testing VPN with Android phone VPN type "IPSec Xauth PSK" (Nexus 5X Android version 7.1.1) RouterOS incorrectly recognizes XAUTH password length.
Jan/16/2017 21:23:42 ipsec,debug Configuration exchange type mode config REPLY
Jan/16/2017 21:23:42 ipsec,debug Short attribute XAUTH_TYPE = 0
Jan/16/2017 21:23:42 ipsec,debug Attribute XAUTH_USER_NAME len 6
Jan/16/2017 21:23:42 ipsec,debug Attribute XAUTH_USER_PASSWORD len 11
Jan/16/2017 21:23:42 ipsec,info Xauth login failed for user: ******
Password for above user attempt is in reality 10 characters long (both in "/ip ipsec user" and in Android phone).

IPSec peer config:
 /ip ipsec peer> print
Flags: X - disabled, D - dynamic, R - responder 
 0   R address=0.0.0.0/0 passive=yes auth-method=pre-shared-key-xauth secret="**********" generate-policy=port-override policy-template-group=RoadWarrior 
       exchange-mode=main mode-config=RW-cfg send-initial-contact=yes nat-traversal=yes proposal-check=obey hash-algorithm=sha1 enc-algorithm=aes-256 
       dh-group=modp1024 lifetime=1d dpd-interval=2m dpd-maximum-failures=5 
With the same config RouterOS version 6.37.3 succesfully established IPSec tunnel (Phase 1 and Phase 2).

Can anyone repeat the above problem?
Thanks, will be fixed in next 39RC and 6.38.2
 
XaTTa6bl4
just joined
Posts: 13
Joined: Wed Dec 16, 2015 10:53 pm

Re: v6.38.1 [current]

Tue Jan 17, 2017 8:53 pm

What about DHCP server issues, affected in ROS > 6.38? Please, read this thread: http://forum.mikrotik.com/viewtopic.php?f=2&t=116963
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1721
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.38.1 [current]

Wed Jan 18, 2017 11:18 am

Migrated portion of Work network to v6.38.1, around 30 routers, wifi PtP and PtMP, Some GW and some switches. One device had to be netinstalled for some unknown reason (happens time to time), found 2 loops thanks to hardware STP feature. Is there or will be there a way to set STP roles to dynamic switch ports (like in bridge - edge/point-to-point/External FDB) ???

On HW STP, when upgrading don't panic if first device doesn't come back :), most likely you need to migrate whole L2 segment to v6.38.1
for new STP implementation to work, for devices to speak in the same language.
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
becs
MikroTik Support
MikroTik Support
Posts: 479
Joined: Thu Jul 07, 2011 8:26 am

Re: v6.38.1 [current]

Wed Jan 18, 2017 11:39 am

macgaiver,
We are looking forward to improve hardware STP/RSTP functionality and add configurable STP/RSTP related port options in future.
 
nwa
just joined
Posts: 23
Joined: Sun Aug 17, 2014 3:02 pm

Re: v6.38.1 [current]

Wed Jan 18, 2017 2:32 pm

sorry... mikrotik... iam very thankfull for all your work... but the last releases only peaces of s.... !!! they make me so much trouble !!!! capsman... wifi... dhcp...
im so pissed off !!!

please do something... bring back some stable releases in current....

with the config from 6.37.3 on 6.37.3 all work fine... with the same config on bugfix version 6.37.4 i have a lot of trouble too with capsman wifi like the current release....


grrrrrrrrrr
 
andriys
Forum Guru
Forum Guru
Posts: 1179
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.38.1 [current]

Wed Jan 18, 2017 3:50 pm

with the same config on bugfix version 6.37.4 i have a lot of trouble too with capsman wifi like the current release....
Can you be more specific, please?
 
lukaszkubat
just joined
Posts: 5
Joined: Mon Jan 16, 2017 11:34 am

Re: v6.38.1 [current]

Wed Jan 18, 2017 3:55 pm

HI - I made a topic out of this in General discussion - but I thought that i posted here as well (since it is a bug in 6.38.1)

This first happened in ROS 6.38. I have bonds to switches and servers (different vendors and different routerboards) 802.3ad (for throughtput). The bonds are always in bridges.

Untill last 6.37 all was working fine - but in 6.38 the slave ports of the bonds dinamically added to the same bridges the "master" bonds are in.
This STOPS the bonds from working. I am unable to communicate with devices connected to the switches or servers and switches connected to the bonds themselves.

In 6.38 I Was able to remove the dynamic member ports from the bridge - then everything started working again. And now - in 6.38.1 You blocked dynamic port removal - so i can't make the bonds work. I reverted to 6.38 - removed dynamic ports from the bridge and everything started working again.

Logically - i think this will always be a problem (the slave ports of a bond cannot take part in communication themselves only the master bond can - so the slaves cannot be a part of anything except the master bond).

Lukasz
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1219
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.38.1 [current]

Wed Jan 18, 2017 7:43 pm

@MT: Actually, what is the idea behind and the benefits of adding slave ports dynamically to the bridges?
We define a master port to handle it as a single port in any operations on the router, including in bridges.
If we need a specific port to be a separate instance in the bridge, we remove its slave status do it manually.
So again, why the the dynamic ports? It breaks everything about the master-slave port concept.
If this is needed for the new STP paradigm, do it for STP/RSTP only, without altering other functions...
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
LynxChaus
just joined
Posts: 24
Joined: Tue Jul 08, 2014 2:24 pm

Re: v6.38.1 [current]

Thu Jan 19, 2017 1:34 am

One device had to be netinstalled for some unknown reason (happens time to time)
Which device? One of our CRS is trashed flash.
 
becs
MikroTik Support
MikroTik Support
Posts: 479
Joined: Thu Jul 07, 2011 8:26 am

Re: v6.38.1 [current]

Thu Jan 19, 2017 9:29 am

@docmarius
The adding of slave ports dynamically to the bridges allows monitoring STP/RSTP port status. None of the forwarding between switched ports actually happens in the bridge.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1219
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.38.1 [current]

Thu Jan 19, 2017 9:45 am

The adding of slave ports dynamically to the bridges allows monitoring STP/RSTP port status. None of the forwarding between switched ports actually happens in the bridge.
So basically it is only eye candy and should not interfere with other functions.
Thank you for clarifying this.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
darzupan01
just joined
Posts: 1
Joined: Thu Jan 19, 2017 12:48 pm
Location: Slovenia

Re: v6.38.1 [current]

Thu Jan 19, 2017 1:10 pm

Hi

I have upgraded my CCR1009 to the version 6.38.1 and after the upgrade the router doesn't boot up. I did the upgrade through the Package List menu in RB OS.
The router keeps beeping and rebooting constantly.

best regards
 
LynxChaus
just joined
Posts: 24
Joined: Tue Jul 08, 2014 2:24 pm

Re: v6.38.1 [current]

Thu Jan 19, 2017 2:02 pm

The router keeps beeping and rebooting constantly.
Use netinstall to repair. After netinstall find router but BEFORE start installing - copy and save to safe place "Software ID" and "Key" values.
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.38.1 [current]

Thu Jan 19, 2017 4:23 pm

There is (still) an IPsec issue:

when I reconnect with initiator too fast the dynamic policy on responder is not purged, there is also a corrsponding SA left with no timeout values.
On responder side everything looks fine IPsec-wise but IPIP-Tunnel never comes online.
This situation can only be solved by either reconnectiong again from initiator side or by (now possible in 6.38.1) removing the peer entry on responder thus reinitiating phase1 and phase2.
 
User avatar
aditrodostress
just joined
Posts: 10
Joined: Fri May 20, 2016 7:46 am
Location: Jakarta

Re: v6.38.1 [current]

Thu Jan 19, 2017 6:42 pm

why in resource IRQ sometimes show "switch0-ether1-usb1" sometime blank not show anything ? since ROS 6.37 if i remember corectly
 
User avatar
plembo
just joined
Posts: 2
Joined: Fri Jan 20, 2017 12:10 am
Location: Raleigh, NC

Re: v6.38.1 [current]

Fri Jan 20, 2017 12:15 am

Updated flawlessly on our 951Ui-2HnD, used as an extra AP. No issues. Will do the main firewall/router tonight to avoid protests from the fam.
 
User avatar
Caribetech
just joined
Posts: 13
Joined: Fri Jan 20, 2017 3:04 am
Location: Colombia
Contact:

Re: v6.38.1 [current]

Fri Jan 20, 2017 3:08 am

Installs the new version 6.38.1 and my clients lost the internet immediately after the restart.
I had to download version and put a backup to work again

I have CCR1036-8G-2S+
Last version OS= 6.38
 
kristaps
Member Candidate
Member Candidate
Posts: 272
Joined: Mon Jan 27, 2014 1:37 pm

Re: v6.38.1 [current]

Fri Jan 20, 2017 10:10 am

@Caribetech could you send supout.rif or config, from that router? We will try to replicate your issue locally.
@aditrodostress witch RouterBoard your are using ?
 
andrei
newbie
Posts: 27
Joined: Wed Oct 29, 2014 9:53 am

Re: v6.38.1 [current]

Fri Jan 20, 2017 10:54 am

VLAN interfaces that have a bridge declared as a belonging interface don't work anymore. You need to declare a physical interface instead for it to work properly.
It worked ok in previous versions. At least in RB951G-2Hnd
 
ditonet
Forum Veteran
Forum Veteran
Posts: 839
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:

Re: v6.38.1 [current]

Fri Jan 20, 2017 2:58 pm

VLAN interfaces that have a bridge declared as a belonging interface don't work anymore. You need to declare a physical interface instead for it to work properly.
It worked ok in previous versions. At least in RB951G-2Hnd
Same problem with CCR1009-8G-1S-1S+, VLAN port belongs to bridge and doesn't work,
Downgrade to ver. 6.37.4 (Bugfix only) and problem solved.

Regards,

EDIT: Typo corrected
Last edited by ditonet on Fri Jan 20, 2017 4:00 pm, edited 2 times in total.
Grzegorz | MTCNA, MTCRE, MTCSE | konsultacje MikroTik Warszawa
It is a book about a Spanish guy called Manual. You should read it. - Dilbert
 
User avatar
aditrodostress
just joined
Posts: 10
Joined: Fri May 20, 2016 7:46 am
Location: Jakarta

Re: v6.38.1 [current]

Fri Jan 20, 2017 3:49 pm

@Caribetech could you send supout.rif or config, from that router? We will try to replicate your issue locally.
@aditrodostress witch RouterBoard your are using ?
found at RB750, RB450G, RB951Ui-2HnD but routerboard running ok without problem, just still confusing me why sometime appear sometimes dissapear

RB450G
Image
ether1 dissapear on item list

RB750
Image
sometimes IRQ not show any item

RB951Ui-2HnD
Image
switch0 dissapear on item list
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5934
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.38.1 [current]

Fri Jan 20, 2017 4:04 pm

There is a known problem that entries from IRQ table can disappear. Do not worry about it since everything seems to work properly even without entries showing up.
 
andrei
newbie
Posts: 27
Joined: Wed Oct 29, 2014 9:53 am

Re: v6.38.1 [current]

Fri Jan 20, 2017 9:40 pm

VLAN interfaces that have a bridge declared as a belonging interface don't work anymore. You need to declare a physical interface instead for it to work properly.
It worked ok in previous versions. At least in RB951G-2Hnd
Same problem with CCR1009-8G-1S-1S+, VLAN port belongs to bridge and doesn't work,
Downgrade to ver. 6.37.4 (Bugfix only) and problem solved.

Regards,

EDIT: Typo corrected
Thanks, I did that and it works now.
Still, this is a significant bug that causes loss of conectivity to routers that use something as simple as vlans.
It needs to be fixed very quickly. How can such a bug skip verifications?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2946
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: v6.38.1 [current]

Fri Jan 20, 2017 11:20 pm

Some problems....

WARNING: SECURITY FLAW!???
upgrading to 6.38.1 automatically enable tikapp on all groups, also restricted groups...

NTP package are installed on second reboot using /file methods (using netinstall no problem)

on CCR1009-8G-1S-1S+ ethernet port order are switch/inverted:
ether5
ether6
ether7
ether8
ether1
ether2
ether3
ether4
sfp-sfpplus1
sfp-sfp1

Thanks.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
MTeeker
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Tue Jun 14, 2011 2:42 pm
Location: Australia

Re: v6.38.1 [current]

Sat Jan 21, 2017 6:09 am

Perhaps, it may be seen as only a cosmetic hiccup, but the Slave flag also switches place as well.

Here is a picture: http://imgur.com/a/gB1nc
Image
 
User avatar
mjoksimovic
newbie
Posts: 45
Joined: Thu Jun 19, 2008 1:19 pm
Location: Serbia
Contact:

Re: v6.38.1 [current]

Sat Jan 21, 2017 10:54 am

Loss of packets on x86 based router and TP-Link 3269 cards. Downgrade to 6.37.3 solved problem.
"Your chances of success in any undertaking can always be measured by your belief in yourself". - Robert Collier
 
macak91
just joined
Posts: 11
Joined: Sat Jan 17, 2015 7:32 pm

Re: v6.38.1 [current]

Sat Jan 21, 2017 12:34 pm

Still having problems when on local bridge enabled rstp. After disabling rstp, everything works as it should. This was broken in release before this one.

Two Mikrotik routers connected to each other. When rstp is enabled, I can't ping the other Mikrotik.
 
lukaszkubat
just joined
Posts: 5
Joined: Mon Jan 16, 2017 11:34 am

Re: v6.38.1 [current]

Sat Jan 21, 2017 5:36 pm

HI - I made a topic out of this in General discussion - but I thought that i posted here as well (since it is a bug in 6.38.1)

This first happened in ROS 6.38. I have bonds to switches and servers (different vendors and different routerboards) 802.3ad (for throughtput). The bonds are always in bridges.

Untill last 6.37 all was working fine - but in 6.38 the slave ports of the bonds dinamically added to the same bridges the "master" bonds are in.
This STOPS the bonds from working. I am unable to communicate with devices connected to the switches or servers and switches connected to the bonds themselves.

In 6.38 I Was able to remove the dynamic member ports from the bridge - then everything started working again. And now - in 6.38.1 You blocked dynamic port removal - so i can't make the bonds work. I reverted to 6.38 - removed dynamic ports from the bridge and everything started working again.

Logically - i think this will always be a problem (the slave ports of a bond cannot take part in communication themselves only the master bond can - so the slaves cannot be a part of anything except the master bond).

Lukasz
Can anyone from @MT respond will this be fixed or is this a intended behavior and I have to stick to 6.37.x for ever?
 
se232
newbie
Posts: 28
Joined: Fri Sep 18, 2015 7:34 pm

Re: v6.38.1 [current]

Mon Jan 23, 2017 3:31 pm

I have troubles with my mAP (RBmAP2nD) after the installation of 6.38.1 (I am not quite sure if they were present with 6.38)
The router works somehow, reacts very slowly to the webfig page (i.e. firewall rules appear after 5-10 seconds) and finally stops being accessable from wifi after a couple of minutes. Especially when I try to add a virtual AP, the router gets inaccessable from wifi (SSIDs still visible, but passphrases arenot accepted any more)

Even a factory reset and very simple settings (only NAT-router for wifi clients for the internet) don't help.

Additional information: Internet access is via an LTE modem connected via USB, which worked fine at RouterOS 6.37.x and before (mode is one out of the compatible list)

Does somebody have a solution for the problem?
 
johnsilver
newbie
Posts: 32
Joined: Tue Aug 23, 2011 12:53 pm

Re: v6.38.1 [current]

Tue Jan 24, 2017 11:02 pm

RB951G-2HnD
Reboots every minute after upgrade to 6.38.1. High CPU usage for a short time leads to constant reboots.
 
User avatar
D1M0N
just joined
Posts: 13
Joined: Mon Aug 05, 2013 1:18 am
Location: Ukraine, Rivne
Contact:

Re: v6.38.1 [current]

Wed Jan 25, 2017 8:34 am

951G-2HnD
firmware 3.33
upgrade to 6.38.1 good
CPU load 1-4%, for "speedtest" - 14% max
RB951G-2HnD
 
johnsilver
newbie
Posts: 32
Joined: Tue Aug 23, 2011 12:53 pm

Re: v6.38.1 [current]

Wed Jan 25, 2017 9:32 am

When trying to recover faced another problem.

Problem description:
Ports order flip when restoring configuration from backup

Equipment used in test:
A. Mikrotik RB951G-2HnD firmware version 6.38.1
B. Mikrotik RB951Ui-2HnD firmware version 6.37.3

Steps to reproduce:
1. Backup configuration via Files (copy/paste in Winbox) on A
2. Copy backed up configuration via Files (copy/paste in Winbox) from A to B
3. Restore configuration via Files on B
4. Reboot B
5. Ports order flipped upside down (and wlan disabled)

For example, on A I have port 1 named ether1-master and port 5 named ether5-gateway. After restoring configuration on B port 1 named ether5-gateway and port 5 named ether1-master. Firewall rules and filters following invalid ports order.
 
andriys
Forum Guru
Forum Guru
Posts: 1179
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.38.1 [current]

Wed Jan 25, 2017 10:01 am

1. Backup configuration via Files (copy/paste in Winbox) on A
2. Copy backed up configuration via Files (copy/paste in Winbox) from A to B
3. Restore configuration via Files on B
Backups are not meant to move/copy configuration between different routers. Do not use it to move the configuration even between two routers of exactly the same model. It not only may lead to an undesirable effect like the one you've just described, but it also copies values which are meant to be different on different boards (for instance interface MAC addresses).

When you need to transfer the configuration from one router to another use /export instead.
 
johnsilver
newbie
Posts: 32
Joined: Tue Aug 23, 2011 12:53 pm

Re: v6.38.1 [current]

Wed Jan 25, 2017 11:25 am

When you need to transfer the configuration from one router to another use /export instead.
Appreciated for this information. I've moved disputable configuration which leads to rebooting to a different router (RB951Ui-2HnD) with 6.38.1 firmware. Will see.
 
ditonet
Forum Veteran
Forum Veteran
Posts: 839
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:

Re: v6.38.1 [current]

Wed Jan 25, 2017 2:34 pm

hAP ac, ROS 6.38.1, RouterBOOT 3.34:
Firewall/Address-List/Creation-Time shows GMT time, not time according to time-zone settings.
Can someone confirm this?

Regards,
Grzegorz | MTCNA, MTCRE, MTCSE | konsultacje MikroTik Warszawa
It is a book about a Spanish guy called Manual. You should read it. - Dilbert
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1407
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.38.1 [current]

Wed Jan 25, 2017 2:38 pm

ditonet - Yes, that is correct. We will try to fix this in next RouterOS release.
 
ditonet
Forum Veteran
Forum Veteran
Posts: 839
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:

Re: v6.38.1 [current]

Wed Jan 25, 2017 2:49 pm

ditonet - Yes, that is correct. We will try to fix this in next RouterOS release.
Thanks.

Regards,
Grzegorz | MTCNA, MTCRE, MTCSE | konsultacje MikroTik Warszawa
It is a book about a Spanish guy called Manual. You should read it. - Dilbert
 
darkmanlv
just joined
Posts: 24
Joined: Thu Mar 26, 2015 3:19 pm
Location: Riga, Latvia
Contact:

Re: v6.38.1 [current]

Fri Jan 27, 2017 12:32 pm

when will be fixed WIFI problem with old devices on Intel 2200BGN ? Still can`t connect to hAp Lite with old Toshiba laptop. Version prior 6.37 works perfect!
 
kiler129
Member Candidate
Member Candidate
Posts: 227
Joined: Tue Mar 31, 2015 4:32 pm
Contact:

Re: v6.38.1 [current]

Sat Jan 28, 2017 7:33 am

Well.... it's next beta.
It bricked my hAP ac on the bench - it had default config (I did an reset like 5 minutes before) with WiFi disabled. It just went into dead boot loop - only netinstall was working. I used update feature from Quick Set and the previous ROS loaded was 6.37.1.

I don't see (or I missed that) nothing about EoIP+IPSec bug fix forhttp://forum.mikrotik.com/viewtopic.php?f=2&t=116589&p=580377#p576524 but quickly testing it has been half-fixed - when local IP is changed it's also changed in IPSec policies.

p.s. Is there any way to safely upgrade large CAPsMAN network without great disturbance in services?
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.38.1 [current]

Sat Jan 28, 2017 4:48 pm

is there an update on the IPsec issue (see some posts above)?

every time responder size changes its IP adress and reconnect before the old dynamic policy is flushed, there is an invalid policy which prevent any communication.
 
andriys
Forum Guru
Forum Guru
Posts: 1179
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.38.1 [current]

Sat Jan 28, 2017 4:54 pm

every time responder size changes its IP adress and reconnect before the old dynamic policy is flushed, there is an invalid policy
Do you have DPD enabled?
 
dominicbatty
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Wed Jul 07, 2010 12:26 pm

Re: v6.38.1 [current]

Mon Jan 30, 2017 12:08 pm

Oh dear, it turned into one of those mornings. Upgraded device to 6.38.1 only to discover the problem with VLAN on a bridge interface not working, pushed onto 6.39rc20 where this all came right and must be fixed but now I'm finding a 4 port Ethernet switch trunk link between 2x CRS226-24G-2S+ devices will only work if only one of the 4 ports is enabled, the minute I enable port 2,3 or 4 the link goes down.

Is anyone else seeing similar problems?

Cheers, Dominic.
 
jfkmorales
just joined
Posts: 1
Joined: Tue Jan 31, 2017 7:10 am

Re: v6.38.1 [current]

Tue Jan 31, 2017 7:16 am

I have an hAP ac lite, after updating my ip system telephone stopped working.
I have Elastix distribution.
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.38.1 [current]

Tue Jan 31, 2017 7:44 am

every time responder size changes its IP adress and reconnect before the old dynamic policy is flushed, there is an invalid policy
Do you have DPD enabled?
yes, Interval 5 max. failures 3. but it does not do anything. the old policy ist still there after 15 seconds and even after several minutes and does not get removed at all.

devices used: ccr1009 as responder (with aes-ctr and sha256 to avoid reordering problem) and RB3011, RB751G, hAP ac lite, hEX, two RB951G as initiator
 
User avatar
pitron
just joined
Posts: 3
Joined: Wed Feb 01, 2017 9:49 pm
Location: Poland/Kamiensk

Re: v6.38.1 [current]

Wed Feb 01, 2017 10:01 pm

Hi all
I have problem with 6.38.1 wireless connection between 2 RB.
1 ap bridge, 2 station bridge. Both connected but no traffic.
6.37.3 works OK.
BTW now 1. 6.37.3 & 2. 6.38.1 also works OK ????
“Never be afraid to try something new. Remember, amateurs built the Ark, professionals built the Titanic”
 
ditonet
Forum Veteran
Forum Veteran
Posts: 839
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:

Re: v6.38.1 [current]

Wed Feb 01, 2017 10:54 pm

I have problem with 6.38.1 wireless connection between 2 RB.
1 ap bridge, 2 station bridge. Both connected but no traffic.
I saw similar problem, There is a traffic, but can't connect via winbox to RB with station-bridge mode set and no response to ping.
Unfortunately I haven't free time to deeply investigate this :( .

Regards,
Grzegorz | MTCNA, MTCRE, MTCSE | konsultacje MikroTik Warszawa
It is a book about a Spanish guy called Manual. You should read it. - Dilbert
 
bbs2web
Member Candidate
Member Candidate
Posts: 198
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: v6.38.1 [current]

Thu Feb 02, 2017 11:51 pm

Please would Mikrotik consider a global bridge setting to restore previous per VLAN (R)STP configuration. We got Netgear to update firmware on M4300 switches to pass through STP as-is and were finally able to implement redundant routers where two sets of bridges could provide VLAN bridging. eg vlan14-vlan10 bridged to vlan20-vlan99

The STP changes may conform to a 2014 standard but break service provider redundancy services which is a real problem...
 
moep
newbie
Posts: 48
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.38.1 [current]

Fri Feb 03, 2017 8:09 am

every time responder size changes its IP adress and reconnect before the old dynamic policy is flushed, there is an invalid policy
Do you have DPD enabled?
yes, Interval 5 max. failures 3. but it does not do anything. the old policy ist still there after 15 seconds and even after several minutes and does not get removed at all.

devices used: ccr1009 as responder (with aes-ctr and sha256 to avoid reordering problem) and RB3011, RB751G, hAP ac lite, hEX, two RB951G as initiator
I discovered that this:
ike1 - fixed ph1 rekey in setups with mode-cfg;
seems to be fixed for phase1.
but now the mode-cfg responder ip can get lost at phase2 rekey (not phase1 rekeay anymore).
it happend with quite a load on the interface, but not 100% load, cpu was almost idle at that time.
UPDATE:
when the problem occurs the dynamic allocated IP is lost on responder and therefore no traffic can flow. it seems to be possible to add a duplicated ip address on a dummy/loopback bridge to circumvent the problem for now, but this is clearly not intended behaviour
this does not solve the still present "invalid policy" problem
UPDATE2:
I opened a ticket for the "invalid policy" bug

please also fix this
thank you
Last edited by moep on Mon Feb 06, 2017 12:56 pm, edited 2 times in total.
 
User avatar
zervan
Member
Member
Posts: 324
Joined: Fri Aug 20, 2010 10:43 pm
Location: Slovakia
Contact:

Re: v6.38.1 [current]

Fri Feb 03, 2017 6:24 pm

Still having problems when on local bridge enabled rstp. After disabling rstp, everything works as it should. This was broken in release before this one.
Two Mikrotik routers connected to each other. When rstp is enabled, I can't ping the other Mikrotik.
Normally I am using just bugfix releases, but RSTP sounds very well, so I tried to upgrade one CRS112-8G-4S and enable RSTP. It is working on all ports except the ether6 - there is no forwarding nor learning, see the screenshot. Why? There is an old RB250GS 1.17 connected. It is not compatible? Newer RB260GS on ether8 is working fine.
Image
Dusan Zervan from Slovakia
MTCNA, MTCRE
 
expert
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Sun Dec 04, 2016 1:22 pm

Re: v6.38.1 [current]

Thu Feb 09, 2017 4:18 pm

Still having problems when on local bridge enabled rstp. After disabling rstp, everything works as it should. This was broken in release before this one.
Two Mikrotik routers connected to each other. When rstp is enabled, I can't ping the other Mikrotik.
I have the same problem, but I had short time to look using Wireshark what happens: bridge does not send Topology Change Notification BPDU, so both bridges think I'm root bridge and then disconnect the other bridge ("split brain")
 
User avatar
zervan
Member
Member
Posts: 324
Joined: Fri Aug 20, 2010 10:43 pm
Location: Slovakia
Contact:

Re: v6.38.1 [current]

Thu Feb 16, 2017 7:18 pm

I am not sure if it is related to this version, but I have problem with the LEDs. After reset they are all off. I use exported config to restore configuration (because I am teaching and students have various RB models) and there are these commands in export:
/system leds
set 0 interface=ether1-wan
set 1 interface=ether2-lan-master
set 2 interface=ether3-lan
set 3 interface=ether4-lan
set 4 interface=ether5-lan
The problem is that these commands are not working (error: no such item) and the only way to restore LEDs is manually set them using WinBox. Is the syntax in export wrong? Or is there a problem to set LED using commands? Tested on hAP and RB951Ui-2HnD.
Dusan Zervan from Slovakia
MTCNA, MTCRE
 
skyhawk
just joined
Posts: 20
Joined: Thu Jan 14, 2016 10:27 am

Re: v6.38.1 [current]

Sun Feb 19, 2017 10:14 pm

I have no idea if this is related to the VLAN/Bridge/(r)stp troubles being reported, but I just discovered a bunch of instances of something interesting on my network.

A bunch of my VLAN interfaces had set on "Loop Protect" Send Interval of 00:00:00 and Disable Time of 00:00:00. Defaults are 00:00:05 and 00:05:00. I had to fix these settings before Winbox would allow me to make other changes.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1407
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.38.1 [current]

Wed Feb 22, 2017 10:45 am

Who is online

Users browsing this forum: No registered users and 7 guests