Community discussions

MikroTik App
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

v6.38.5 [current]

Wed Mar 08, 2017 2:36 pm

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

What's new in 6.38.5 (2017-Mar-09 11:32):
!) www - fixed http server vulnerability;

What's new in 6.38.4 (2017-Mar-08 09:26):
*) chr - fixed problem when transmit speed was reduced by interface queues;
*) dhcpv6-server - require "address-pool" to be specified;
*) export - do not show "read-only" IRQ entries;
*) filesystem - implemented procedures to verify and restore internal file structure integrity upon upgrading;
*) firewall - do not allow to set "time" parameter to 0s for "limit" option;
*) hotspot - fixed redirect to URL where escape characters are used (requires newly generated HTML files);
*) hotspot - show Host table commentaries also in Active tab and vice versa;
*) ike1 - fixed "xauth" Radius login;
*) ike2 - also kill IKEv2 connections on proposal change;
*) ike2 - always limit empty remote selector;
*) ike2 - fixed proposal change crash;
*) ike2 - fixed responder subsequent new child creation when PFS is used;
*) ike2 - fixed responder TS updating on wild match;
*) ipsec - deducted policy SA src/dst address from src/dst address;
*) ipsec - do not require "sa-dst-address" if "action=none" or "action=discard";
*) ipsec - fixed SA address check in policy lookup;
*) ipsec - hide SA address for transport policies;
*) ipsec - keep policy in kernel even with bad proposal;
*) ipsec - kill ph2 on policy removal;
*) ipsec - updated/fixed Radius attributes;
*) irq - properly detect all IRQ entries;
*) l2tp-client - fixed IPSec policy generation after reboot;
*) l2tp-client - require working IPSec encryption if "use-ipsec=yes";
*) lcd - show fan2 speed only if it is available;
*) profile - classify ethernet driver activity properly in ARM architecture;
*) snmp - added SSID to CAPsMAN registration table;
*) snmp - fixed "/tool snmp-get" crash on session timeout;
*) snmp - fixed CAPsMAN registration table OID print;
*) snmp - fixed situation when SNMP could not read "/system health" values after reboot;
*) userman - allow access to User Manager users page only through "/user" URL;
*) userman - show warning when no users are selected for CSV file generation;
*) winbox - do not hide "power-cycle-after" option;
*) winbox - hide advertise tab in Hotspot user profile configuration if "transparent-proxy" is not enabled;
*) winbox - make "power-cycle-interval" not to depend on "power-cycle-ping-enabled" in PoE settings;
*) winbox - properly show BGP communities in routing filters table filter;
*) wireless - fixed scan tool stuck in background;
*) wireless - improved compatibility with Intel 2200BG wireless card;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
User avatar
tomraider
just joined
Posts: 2
Joined: Fri Mar 03, 2017 12:15 pm

Re: v6.38.4 [current]

Wed Mar 08, 2017 3:39 pm

my problem is not solved !!!
in webfig scan-list is not possible to modify:
in winbox .. yes !!!

see images here:
with winbox: http://ge.tt/1Ld0sAj2
with webfig: http://ge.tt/4b2UsAj2
http://ge.tt/5vtRsAj2

in version 6.36: webfig: http://ge.tt/952esAj2
Last edited by tomraider on Wed Mar 08, 2017 3:54 pm, edited 1 time in total.
 
MartijnVdS
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Wed Aug 13, 2014 9:36 am

Re: v6.38.4 [current]

Wed Mar 08, 2017 3:47 pm

*) filesystem - implemented procedures to verify and restore internal file structure integrity upon upgrading;
Would this fix address issues like I've seen on upgrade to 6.38.3?

I've had several devices get stuck in a strange mode after upgrading to 6.38.3, where ssh didn't work, "webfig" showed "RouterOS v" (no version number) and the upgrade seemed to be in some half-failed state. In this state, System/Packages showed only the newly downloaded version, but in a "disabled" or "uninstalled" state.

Rebooting from a second partition with a slightly older RouterOS version on it and then upgrading again would make the devices work.
 
irghost
Member
Member
Posts: 300
Joined: Sun Feb 21, 2016 1:49 pm

Re: v6.38.4 [current]

Wed Mar 08, 2017 4:13 pm

*) dhcpv6-server - require "address-pool" to be specified;
what? DHCPv6 in mikrotik? Or DHCPv6-PD??
 
csi
newbie
Posts: 31
Joined: Wed Mar 02, 2016 10:05 am

Re: v6.38.4 [current]

Wed Mar 08, 2017 4:42 pm

Hi,

till 6.38.3 it was possible to get a list if connected clients from CapsMan registration table via SNMP. With 6.38.4 the list is not longer available:
snmpwalk -v2c -c public 192.168.88.1 1.3.6.1.4.1.14988.1.1.1.5.1.1
iso.3.6.1.4.1.14988.1.1.1.5.1.1 = No Such Instance currently exists at this OID
Is this an issue or will the list no longer available. I prefer the first option of course, because I need the list ;-)


Many thanks in advanced.
Last edited by csi on Wed Mar 08, 2017 6:17 pm, edited 1 time in total.
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: v6.38.4 [current]

Wed Mar 08, 2017 5:31 pm

I strongly believe this update was released now in response to the CIA Vault 7 / Wikileaks leak that became known yesterday.

I expect we may have a further update from Mikrotik has more info about the tools used when Wikileaks makes them available for analysis but kudos to them for the fast turnaround on getting something pushed out to address this.
 
iancaling
just joined
Posts: 2
Joined: Wed Mar 08, 2017 1:41 am

Re: v6.38.4 [current]

Wed Mar 08, 2017 6:35 pm

I strongly believe this update was released now in response to the CIA Vault 7 / Wikileaks leak that became known yesterday.

I expect we may have a further update from Mikrotik has more info about the tools used when Wikileaks makes them available for analysis but kudos to them for the fast turnaround on getting something pushed out to address this.
Can we please get confirmation on this? I'd like to get our equipment updated as soon as possible, or at least have a way to mitigate the CIA's exploit before it gets publicly released. People are speculating that disabling the HTTP server (port 80) will fix it, but I'd like to have an official annoucement.
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: v6.38.4 [current]

Wed Mar 08, 2017 6:39 pm

viewtopic.php?f=21&t=119308&p=587512#p587512
We will continue to strengthen RouterOS services and have already released RouterOS version 6.38.4 which removes any malicious files in devices that have been compromised
There's more info in the official post basically reiterating the same thing - ensure publicly available interfaces are locked down, as more information becomes available MikroTik will post an update.
 
lexell
just joined
Posts: 10
Joined: Thu Jan 05, 2017 9:02 pm

Re: v6.38.4 [current]

Thu Mar 09, 2017 1:40 am

IPsec Xauth PSK NAT-T roadwarrior config (the Android-compatible one) still seems to be broken (since v6.38), phase 2 fails. Also tried on 6.38.3, 6.38.4 and 6.39rc45, same results.
Reverting to v6.37.4 (or 6.37.3 or older) removes the problem. No changes are done to the configuration.
mar/09 00:15:55 ipsec,info respond new phase 1 (Identity Protection): y.y.y.y[500]<=>x.x.x.x[29243] 
mar/09 00:15:55 ipsec,info ISAKMP-SA established y.y.y.y[4500]-x.x.x.x[24396] spi:c8dc4a12a919f674:041afe17fc36e624 
mar/09 00:15:55 ipsec,info XAuth login succeeded for user: ipsecuser
mar/09 00:15:55 ipsec,info acquired y.y.z.z address for x.x.x.x[24396] 
mar/09 00:15:56 ipsec,error x.x.x.x failed to pre-process ph2 packet. 
mar/09 00:15:59 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:16:02 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:16:05 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:16:08 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:16:11 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:16:14 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:16:17 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:16:20 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:16:23 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:18:20 ipsec,info purging ISAKMP-SA y.y.y.y[4500]<=>x.x.x.x[24396] spi=c8dc4a12a919f674:041afe17fc36e624:fefba073. 
mar/09 00:18:21 ipsec,info ISAKMP-SA deleted y.y.y.y[4500]-x.x.x.x[24396] spi:c8dc4a12a919f674:041afe17fc36e624 rekey:1 
The same issue was already reported by GioMac in the v6.38 thread (I haven't noticed any reply or acknowledgement):
viewtopic.php?t=116354#p575566

Does v6.38+ need some configuration changes for this type of IPsec setup or is this a bug?
 
athurdent
newbie
Posts: 25
Joined: Fri Sep 09, 2016 7:02 pm

Re: v6.38.4 [current]

Thu Mar 09, 2017 11:42 am

DFS is still broken in Germany.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.38.4 [current]

Thu Mar 09, 2017 12:26 pm

IPsec Xauth PSK NAT-T roadwarrior config (the Android-compatible one) still seems to be broken (since v6.38), phase 2 fails. Also tried on 6.38.3, 6.38.4 and 6.39rc45, same results.
Reverting to v6.37.4 (or 6.37.3 or older) removes the problem. No changes are done to the configuration.
mar/09 00:15:55 ipsec,info respond new phase 1 (Identity Protection): y.y.y.y[500]<=>x.x.x.x[29243] 
mar/09 00:15:55 ipsec,info ISAKMP-SA established y.y.y.y[4500]-x.x.x.x[24396] spi:c8dc4a12a919f674:041afe17fc36e624 
mar/09 00:15:55 ipsec,info XAuth login succeeded for user: ipsecuser
mar/09 00:15:55 ipsec,info acquired y.y.z.z address for x.x.x.x[24396] 
mar/09 00:15:56 ipsec,error x.x.x.x failed to pre-process ph2 packet. 
mar/09 00:15:59 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:16:02 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:16:05 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:16:08 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:16:11 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:16:14 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:16:17 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:16:20 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:16:23 ipsec,error x.x.x.x peer sent packet for dead phase2 
mar/09 00:18:20 ipsec,info purging ISAKMP-SA y.y.y.y[4500]<=>x.x.x.x[24396] spi=c8dc4a12a919f674:041afe17fc36e624:fefba073. 
mar/09 00:18:21 ipsec,info ISAKMP-SA deleted y.y.y.y[4500]-x.x.x.x[24396] spi:c8dc4a12a919f674:041afe17fc36e624 rekey:1 
The same issue was already reported by GioMac in the v6.38 thread (I haven't noticed any reply or acknowledgement):
viewtopic.php?t=116354#p575566

Does v6.38+ need some configuration changes for this type of IPsec setup or is this a bug?

Enable ipsec debug logs, generate supout file and send it to support. If you encounter a bug contact directly support, forum is not the right way to report bugs.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26293
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.38.5 [current]

Thu Mar 09, 2017 2:39 pm

Original Topic updated :
What's new in 6.38.5 (2017-Mar-09 11:32):
!) www - fixed http server vulnerability;
 
andrei
newbie
Posts: 27
Joined: Wed Oct 29, 2014 9:53 am

Re: v6.38.5 [current]

Thu Mar 09, 2017 2:49 pm

RSTP on bridges still blocking traffic.
Two RB951g connected with VLANs declared on bridges. Traffic doesn't pass while RSTP is enabled.
If it is disabled everything is fine. Going back to 6.37.4 bugfix fixes the issue. So, what is the problem?
Can anyone clear this issue? This started with 6.38. I know changes have been made regarding RSTP in 6.38
but the routers used all have the same ROS version.
 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.38.5 [current]

Thu Mar 09, 2017 10:11 pm

So, I upgraded to 6.38.5. CAPSMAN log gives me this:
Image
 
sid5632
Long time Member
Long time Member
Posts: 552
Joined: Fri Feb 17, 2017 6:05 pm

Re: v6.38.5 [current]

Fri Mar 10, 2017 9:25 am

I've updated four 951 routers with 6.38.5. Three of these had no problems, but the fourth went to a CPU load averaging 85% for no obvious (to me) reason.
It was like this from restart after upgrade until I discovered it 6 hours later. Rebooting it again fixed the problem.
 
Mazutti
newbie
Posts: 27
Joined: Sat Jun 21, 2014 4:12 am

Re: v6.38.5 [current]

Fri Mar 10, 2017 9:34 am

Upgraded hEX-Gr3, RB2011UiAS-2HnD, couple of hAP lites, couple of hAP AC lites, mAP-2n, RB951G, couple of mAP lites and a wAP. So far no problems.

On hEX I've experienced something strange, but not only in this version, and sometimes PPPoE client would come up "dead" after upgrade, and I have to disable it for a while and re-enable for it to work. Next time will generate supout and send to support. Anyone seen this on this device?
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: v6.38.5 [current]

Fri Mar 10, 2017 10:24 am

Edit: Scratch that.
Last edited by Wyz4k on Sun Mar 12, 2017 10:16 am, edited 1 time in total.
 
virtman
newbie
Posts: 31
Joined: Mon Dec 12, 2016 11:31 am

Re: v6.38.5 [current]

Fri Mar 10, 2017 1:40 pm

Hi,

WARNING: Don't upgrade to this version (v.6.38.5) if you use CHRs !!!!!!

All my licensed instances after the upgrade when boot:
Loading system with initrd


XZ-compressed data is corrupt

 -- System halted_
I check with a fresh install of CHR in free mode... and after the upgrade... the same message.
DON'T UPGARDE!!!!

I hope the Mikrotik team first checks the CHR upgrades! This isn't professional
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.38.5 [current]

Fri Mar 10, 2017 1:44 pm

virtman - We test also CHR before release. This is something specific in your case. Please write to support@mikrotik.com and describe problem and CHR.
 
virtman
newbie
Posts: 31
Joined: Mon Dec 12, 2016 11:31 am

Re: v6.38.5 [current]

Fri Mar 10, 2017 1:57 pm

virtman - We test also CHR before release. This is something specific in your case. Please write to support@mikrotik.com and describe problem and CHR.
I think so, however this is common problem, not specific to my case: check it... install a fresh 6.38.3 CHR in ESXi 6.5... then update to 6.38.5... boom!
Are you sure that this isn't a common problem?
 
poisons
just joined
Posts: 17
Joined: Wed Sep 18, 2013 3:50 pm

Re: v6.38.5 [current]

Fri Mar 10, 2017 6:11 pm

Strange situation. Today i try to update my CCR1009-8G-1S. Some info
 
 system resource print           
             uptime: 17m2s
            version: 6.38.5 (stable)

 system routerboard print 
                ;;; Current RouterBOOT does not support this feature
       routerboard: yes
             model: CCR1009-8G-1S
     serial-number: 
     firmware-type: tilegx
  factory-firmware: 3.22
  current-firmware: 3.33
  upgrade-firmware: 3.33 
and i trying enable secure boot, but i get error
18:09:17 echo: system,info,critical Current RouterBOOT does not support this feature
My colleague stay on older version ROS 6.37.3 and he can enable protected boot. Bugs in new firmware or i do something wrong?
 
Wolfgang
just joined
Posts: 15
Joined: Thu Jan 28, 2016 12:33 pm

Re: v6.38.5 [current]

Fri Mar 10, 2017 6:20 pm

RSTP on bridges still blocking traffic.
Two RB951g connected with VLANs declared on bridges. Traffic doesn't pass while RSTP is enabled.
If it is disabled everything is fine. Going back to 6.37.4 bugfix fixes the issue. So, what is the problem?
Can anyone clear this issue? This started with 6.38. I know changes have been made regarding RSTP in 6.38
but the routers used all have the same ROS version.
Hi,

I have the same problem with one of my RB1100AHx2 and VLANs. Started after the upgrade to 6.38.5. No problem on other routers with similar configuration
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.38.5 [current]

Fri Mar 10, 2017 6:50 pm

i trying enable secure boot, but i get error
Your device is too old (i.e. it was manufactured before the protected RouterBOOT feature was introduced). If you absolutely need this feature, you will have to update the backup RouterBOOT, which is dangerous (may irrecoverably brick your device if anything goes wrong). You can find more info and the links to a special update packages here.
 
poisons
just joined
Posts: 17
Joined: Wed Sep 18, 2013 3:50 pm

Re: v6.38.5 [current]

Fri Mar 10, 2017 7:36 pm

Your device is too old (i.e. it was manufactured before the protected RouterBOOT feature was introduced). If you absolutely need this feature, you will have to update the backup RouterBOOT, which is dangerous (may irrecoverably brick your device if anything goes wrong). You can find more info and the links to a special update packages here.
Before i do something i usually read carefully instruction)))
So, what i do
1) Upgrade ROS to current version
2) Download http://www.mikrotik.com/download/share/ ... 3_tile.dpk and drag'n'drop to file section this file to my routerboard
3) reboot my RB by command /system reboot
4) In logs i don't see any errors, file disappear from file section in winbox.

Forgot to write - it did not help me ((
 
mikezsin
just joined
Posts: 3
Joined: Sat Mar 11, 2017 1:29 pm

Re: v6.38.5 [current]

Sat Mar 11, 2017 2:10 pm

*) ipsec - deducted policy SA src/dst address from src/dst address;

and ipsec stops work, cause peer tries to connect from bridge's ip. (instead of 0.0.0.0)
 
mpadmin
just joined
Posts: 20
Joined: Sun May 22, 2016 3:48 pm

Re: v6.38.5 [current]

Sat Mar 11, 2017 11:39 pm

I have no problem with most of my devices, but have port flapping with one specific configuration.

In this configuration I use 3 devices - two 951Ui-2nD and one 750 r2. The 750 r2 is powered by PoE from one of the 951Ui-2nD. The 750 r2 uses 3 ports as master/slave, one port for ISP, two to the two 951Ui-2nD.

All three devices act as independent routers, the 951Ui-2nD have two master/slave ports connected to 750 r2 and IPTV box. I use this because of the two IPTV boxes connected to the 951Ui-2nD that must go to the ISP directly.

This configuration works fine, but after update to 6.38.5 devices starts to do port flapping with ports that connects devices (not the ISP or IPTV port). I reboot them several times but it starts again and again – I see this in log in 750 r2. The STP settings is set to none on all devices.
But then I see something very strange – when I logon with Winbox to the 951Ui-2nD port flapping stops! When I logout – it starts again…

I have no time to do better research and downgraded devices to 6.38 and now there are no port flapping.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.38.5 [current]

Sun Mar 12, 2017 7:33 am

Switch rstp off. Or upgrade all routers to the same Ros version.
 
mpadmin
just joined
Posts: 20
Joined: Sun May 22, 2016 3:48 pm

Re: v6.38.5 [current]

Sun Mar 12, 2017 1:22 pm

Switch rstp off. Or upgrade all routers to the same Ros version.
Thank you for this, but as I say RSTP is off on all devices and I upgrade all devices to the lastest version.
 
Atnevon
just joined
Posts: 16
Joined: Sun Jun 18, 2006 7:06 pm
Contact:

Re: v6.38.5 [current]

Mon Mar 13, 2017 12:06 am

For some reason when we upgraded from 6.38.3 to 6.38.5 on our CCR, it seems to have blanked the config of The Dude completely. All of our network maps and devices are gone.

Starting over isn't going to be the end of the world, but it would be a lot easier if we don't have to. If anyone has any good suggestions, I'm all ears.
 
miharoot
just joined
Posts: 22
Joined: Sun May 19, 2013 3:59 pm

Re: v6.38.5 [current]

Mon Mar 13, 2017 3:27 pm

I am updated 2011UAS-2HnD from version 6.34.6 with wireless-cm2 package to 6.38.5.
And i have a problem - old android 2.3.6 phone Lenovo can't connect through wifi, connect\disconnect in one second,
but in 6.34.6 it works good.
When I try to new connect with WDS i see in log:
wireless,info wlan1: WPS virtual button pushed
wireless,debug wlan1: 00:12:FE:AF:35:59 attempts to associate
wireless,info wlan1: WPS association from 00:12:FE:AF:35:59
wireless,debug wlan1: 00:12:FE:AF:35:59 not in local ACL, by default accept
wireless,info 00:12:FE:AF:35:59@wlan1: connected
wireless,info wlan1: WPS of 00:12:FE:AF:35:59 started, associated
wireless,debug wlan1: 00:12:FE:AF:35:59 attempts to associate
wireless,info 00:12:FE:AF:35:59@wlan1: reassociating
wireless,info wlan1: WPS of 00:12:FE:AF:35:59 interrupted
wireless,info 00:12:FE:AF:35:59@wlan1: disconnected, ok
wireless,info wlan1: WPS association from 00:12:FE:AF:35:59
wireless,debug wlan1: 00:12:FE:AF:35:59 not in local ACL, by default accept
wireless,info 00:12:FE:AF:35:59@wlan1: connected
wireless,info wlan1: WPS of 00:12:FE:AF:35:59 started, associated
wireless,debug wlan1: 00:12:FE:AF:35:59 attempts to associate
wireless,info 00:12:FE:AF:35:59@wlan1: reassociating
wireless,info wlan1: WPS of 00:12:FE:AF:35:59 interrupted
wireless,info 00:12:FE:AF:35:59@wlan1: disconnected, ok
wireless,info wlan1: WPS association from 00:12:FE:AF:35:59
wireless,debug wlan1: 00:12:FE:AF:35:59 not in local ACL, by default accept
wireless,info 00:12:FE:AF:35:59@wlan1: connected
wireless,info wlan1: WPS of 00:12:FE:AF:35:59 started, associated
wireless,debug wlan1: 00:12:FE:AF:35:59 attempts to associate
wireless,info 00:12:FE:AF:35:59@wlan1: reassociating
wireless,info wlan1: WPS of 00:12:FE:AF:35:59 interrupted
wireless,info 00:12:FE:AF:35:59@wlan1: disconnected, ok
At the same time android 4.4.4 phone connect well.

I am fed and downgraded to 6.34.6
 
User avatar
Deantwo
Member
Member
Posts: 331
Joined: Tue Sep 30, 2014 4:07 pm

Re: v6.38.5 [current]

Tue Mar 14, 2017 9:50 am

Shouldn't these log messages be part of debug topic?
12:59:22 ipsec receive Information. 
12:59:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE 
12:59:22 ipsec sendto Information notify. 
12:59:22 ipsec sendto Information notify. 
12:59:22 ipsec receive Information. 
12:59:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK 
12:59:42 ipsec receive Information. 
12:59:42 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE 
12:59:42 ipsec sendto Information notify. 
12:59:42 ipsec sendto Information notify. 
12:59:42 ipsec receive Information. 
12:59:42 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK 
13:00:02 ipsec receive Information. 
13:00:02 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE 
13:00:02 ipsec sendto Information notify. 
13:00:02 ipsec sendto Information notify. 
13:00:02 ipsec receive Information. 
13:00:02 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK 
13:00:22 ipsec receive Information. 
13:00:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE 
13:00:22 ipsec sendto Information notify. 
13:00:22 ipsec sendto Information notify. 
13:00:22 ipsec receive Information. 
13:00:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK 
13:00:42 ipsec receive Information. 
13:00:42 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE 
13:00:42 ipsec sendto Information notify. 
13:00:42 ipsec sendto Information notify. 
13:00:42 ipsec receive Information. 
13:00:42 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK 
13:01:02 ipsec receive Information. 
13:01:02 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE 
13:01:02 ipsec sendto Information notify. 
13:01:02 ipsec sendto Information notify. 
13:01:02 ipsec receive Information. 
13:01:02 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK 
13:01:22 ipsec receive Information. 
13:01:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE 
13:01:22 ipsec sendto Information notify. 
13:01:22 ipsec sendto Information notify. 
13:01:22 ipsec receive Information. 
13:01:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK 
13:01:42 ipsec receive Information. 
13:01:42 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE 
13:01:42 ipsec sendto Information notify. 
13:01:42 ipsec sendto Information notify. 
13:01:42 ipsec receive Information. 
13:01:42 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK 
13:02:02 ipsec receive Information. 
13:02:02 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE 
13:02:02 ipsec sendto Information notify. 
13:02:02 ipsec sendto Information notify. 
13:02:02 ipsec receive Information. 
13:02:02 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK 
13:02:22 ipsec receive Information. 
13:02:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE 
13:02:22 ipsec sendto Information notify. 
13:02:22 ipsec sendto Information notify. 
13:02:22 ipsec receive Information. 
13:02:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK 
13:02:42 ipsec receive Information. 
13:02:42 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE 
13:02:42 ipsec sendto Information notify. 
13:02:42 ipsec sendto Information notify. 
13:02:42 ipsec receive Information. 
13:02:42 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK 
13:03:02 ipsec receive Information. 
13:03:02 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE 
13:03:02 ipsec sendto Information notify. 
13:03:02 ipsec sendto Information notify. 
13:03:03 ipsec receive Information. 
13:03:03 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK 
13:03:22 ipsec receive Information. 
13:03:22 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE 
13:03:22 ipsec sendto Information notify. 
13:03:23 ipsec sendto Information notify. 
13:03:23 ipsec receive Information. 
13:03:23 ipsec xxx.xxx.xxx.xxx notify: R_U_THERE_ACK 
Last edited by Deantwo on Mon Apr 24, 2017 2:05 pm, edited 1 time in total.
 
dgcapel
just joined
Posts: 9
Joined: Tue Jan 26, 2016 6:03 pm
Location: Murcia, Spain
Contact:

Re: v6.38.5 [current]

Tue Mar 14, 2017 10:59 am

I detected a poor WiFi speed with CAPsMAN with this configuration: CCR1009 + 2x hAP AC + iPhone 6S Client. Speed : 20 Mbps (unstable). All devices with 6.38.5.
Return to the bug fix release (6.37.5) and the problem fix it. Speed: 60 Mbps (stable)
 
Mazutti
newbie
Posts: 27
Joined: Sat Jun 21, 2014 4:12 am

Re: v6.38.5 [current]

Wed Mar 15, 2017 6:00 am

Anyone else seeing NTP Client / Server problems? Can´t get my Mikrotiks to sync with public or mikrotik server, happening appearently since I upgraded to 6.38.5.

Anyway, happening on mmips, smips and mipsbe.
 
kamillo
Member Candidate
Member Candidate
Posts: 162
Joined: Tue Jul 15, 2014 5:44 pm

Re: v6.38.5 [current]

Wed Mar 15, 2017 11:43 am

I have NTP package installed on CRS125 and it is working OK:
          enabled: yes
             mode: unicast
      primary-ntp: 91.189.91.157
    secondary-ntp: 91.189.89.198
  dynamic-servers:
           status: synchronized
 
Mazutti
newbie
Posts: 27
Joined: Sat Jun 21, 2014 4:12 am

Re: v6.38.5 [current]

Wed Mar 15, 2017 5:13 pm

Thanks for checking it out. Turns out that my primary server wasn't working, and for some reason it would not use the secondary.

Sorry for the false alarm.
 
Note
Frequent Visitor
Frequent Visitor
Posts: 78
Joined: Fri Jun 03, 2016 12:39 pm

Re: v6.38.5 [current]

Tue Mar 21, 2017 10:34 am

So, I upgraded to 6.38.5. CAPSMAN log gives me this:
Image
same issue here, log is full of that but under wlan1. RB951G
 
resetsa
just joined
Posts: 17
Joined: Mon Apr 18, 2011 8:19 am

Re: v6.38.5 [current]

Sat Mar 25, 2017 12:46 pm

After update from 6.37 broken ipsec throw nat, when mikrotik a client (no phase 2).
In 6.39rc also have this problem.
 
User avatar
HarBenly
newbie
Posts: 37
Joined: Wed Dec 07, 2016 1:04 pm
Location: London, United Kingdom

Re: v6.38.5 [current]

Tue Mar 28, 2017 11:29 am

I am running v6.38.5! Thanks for sharing this.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2394
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.38.5 [current]

Thu Mar 30, 2017 7:28 pm

 
kevintitus81
newbie
Posts: 33
Joined: Tue Mar 22, 2016 11:23 pm
Location: Austin,Tx
Contact:

Re: v6.38.5 [current]

Fri Mar 31, 2017 5:22 pm

^^^ I saw that last night and figured I would come and share...just to help raise some awareness to the issue.

https://www.exploit-db.com/exploits/41752/

Latest DOS exploit for 6.38.5, looks like it only effects the winbox port 8291. So if you can drop outside input traffic to that port maybe will prevent an attack.

Regards,
Kevin Titus
MTCNA /Sophos
kevintitus81@gmail.com
 
105547111
Member Candidate
Member Candidate
Posts: 135
Joined: Fri Jun 22, 2012 9:46 pm

Re: v6.38.5 [current]

Fri Mar 31, 2017 7:45 pm

The RC's stuck on 6.39rc58 for 3 days now smells of 6.39 final soon.

BUT I bet with MUM on no updates to next week to this 6.38.5 floor :(



Sad....
 
j_shirazi
Trainer
Trainer
Posts: 15
Joined: Wed Sep 21, 2005 7:46 pm

Re: v6.38.5 [current]

Sun Apr 02, 2017 5:57 pm

virtman - We test also CHR before release. This is something specific in your case. Please write to support@mikrotik.com and describe problem and CHR.
Hi,

I agree with virtman, it is a common problem and happened to me on ESXi 6.0 too, but it works fine on VMware Workstation.
Please test it not only on workstation version of VMware but also ESXi.

Regards
j_shirazi
You do not have the required permissions to view the files attached to this post.
 
xtsoler
just joined
Posts: 5
Joined: Sat Jun 21, 2014 7:25 pm

Re: v6.38.5 [current]

Sun Apr 02, 2017 10:29 pm

After upgrading to 6.38.5 I'm having issues with capsman. The capsman manager also has a local wifi interface which registers as cap client. When enabled, any wifi clients that connect to that wifi cannot properly use the network. I can't even log into winbox. The problem appeared after the upgrade. Anyone else getting similar issues?

**I downgraded to 6.37.5 (RB433AH) and the problem went away. Please note that my second caps client is still on 6.38.5 (RB951-2n) and no issues occur.
 
STEPHANVS
just joined
Posts: 8
Joined: Wed Mar 29, 2017 12:16 pm

Re: v6.38.5 [current]

Mon Apr 03, 2017 11:40 am

I don't know where and what was introduced/changed, but Skype calls fail with this version. On 6.29.1 it works.
 
felted67
just joined
Posts: 17
Joined: Sat Mar 16, 2013 5:24 pm

Re: v6.38.5 [current]

Mon Apr 03, 2017 3:31 pm

Hi everyone,

anybody here who has problems with CAPsMAN in v6.38.5 ?

When adding new interfaces in CAPsMAN, there is a "zero"-mac entry.
Or perhaps I am some kind of faulty in configuring ?
When adding a new Caps-Interface the MAC (not the radio-MAC) was
added correctly (not only "0"s) in the past.

Thanks & Greetz from Germany.....

Detlef
 
User avatar
HarBenly
newbie
Posts: 37
Joined: Wed Dec 07, 2016 1:04 pm
Location: London, United Kingdom

Re: v6.38.5 [current]

Wed Apr 05, 2017 2:45 pm

Can the user manager of Mikrotik needs manual update or it can be done automatically?
 
Note
Frequent Visitor
Frequent Visitor
Posts: 78
Joined: Fri Jun 03, 2016 12:39 pm

Re: v6.38.5 [current]

Fri Apr 07, 2017 10:54 am

I have some simple queues.

Im facing an issue when im trying to change in "total" tab the total queue type from everything else to default small. Then in total statistic tab, all counters stuck to last state there were and do not respond until i change again the total queue type to something else (default, red, e.t.c). I cant even reset. Nothing work. All counters stuck to the last values before change. In statistics tab everything still work. It only happens in "total statistic tab". Im facing that issue also in another RB with latest bugfix firm on. i do not know if im doing something wrong......
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.38.5 [current]

Fri Apr 07, 2017 2:31 pm

https://wiki.mikrotik.com/wiki/Manual:Q ... ple_Queues
One configuration item in /queue simple' can create from 0 to 3 separate queues - one queue in global-in, one queue in global-out and one queue in global-total. If all properties of a queue have default values (no set limits, queue type is default), and queue has no children, then it is not actually created. This way, for example, creation of global-total queues can be avoided if only upload/download limitation is used.
So if all parameters on this tab are default ones (default-small and no max-limit), 'Total' queue is actually not being installed. No queue - no statistics.
 
Note
Frequent Visitor
Frequent Visitor
Posts: 78
Joined: Fri Jun 03, 2016 12:39 pm

Re: v6.38.5 [current]

Sat Apr 08, 2017 12:22 pm

but i have limits in queues. I shape via PCQ
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.38.5 [current]

Sun Apr 09, 2017 10:22 pm

but i have limits in queues. I shape via PCQ
are those limits in 'total' part, or 'download/upload' only? for the latter, two queues (up and down) are being created, third queue (total) is not
 
johnm
newbie
Posts: 30
Joined: Thu Feb 19, 2009 9:40 pm

Re: v6.38.5 [current]

Mon Apr 10, 2017 10:57 pm

Hi
I have 2 problems whit new soft.
1. I update my CCR1009-8g-1s to last ver and now i have problem whit log in from Winbox. MT work about 23h and now i no log in, restart fix this problem to next about 23h and problem go back. I have install in this router Dude server maybe this is broble?\
When Winbox no work no work too The dude client.
I can log in router via ssh - this connections is ok

ooo now testing and whet disable dude server winbox go back:)


2. No work NTP server and client. I try telnet to 123 port but no response.
 
lazystone
just joined
Posts: 1
Joined: Mon Mar 27, 2017 1:15 pm

Re: v6.38.5 [current]

Wed Apr 12, 2017 7:50 pm

5GHZ does not work for me - "detecting RADAR".
The same on v6.38.3.

v6.38.1 seems to work though.

P.S. Country: Sweden
 
MartijnVdS
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Wed Aug 13, 2014 9:36 am

Re: v6.38.5 [current]

Thu Apr 13, 2017 10:16 am

5GHZ does not work for me - "detecting RADAR".
The same on v6.38.3.

v6.38.1 seems to work though.

P.S. Country: Sweden
Radar detection is required on some frequencies. Some require just a minute of scanning, others 10 minutes. If no radar is found the AP will go into "running - AP" mode.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: v6.38.5 [current]

Fri Apr 14, 2017 6:20 pm

Your device is too old (i.e. it was manufactured before the protected RouterBOOT feature was introduced). If you absolutely need this feature, you will have to update the backup RouterBOOT, which is dangerous (may irrecoverably brick your device if anything goes wrong). You can find more info and the links to a special update packages here.
Before i do something i usually read carefully instruction)))
So, what i do
1) Upgrade ROS to current version
2) Download http://www.mikrotik.com/download/share/ ... 3_tile.dpk and drag'n'drop to file section this file to my routerboard
3) reboot my RB by command /system reboot
4) In logs i don't see any errors, file disappear from file section in winbox.

Forgot to write - it did not help me ((
viewtopic.php?f=2&t=94303&p=580437&hili ... ot#p580430
 
vainkop
just joined
Posts: 6
Joined: Thu Apr 13, 2017 6:16 pm

Re: v6.38.5 [current]

Sun Apr 16, 2017 5:47 pm

After upgrade from 6.37.5 to 6.38.5 l2tp ipsec stopped working for all clients with "failed to pre-process ph2 packet".
pptp keeps working fine.
Downgraded to 6.37.5 :(

Problem solved / update:
Solution google translate from here: http://bozza.ru/art-247.html

The default policy glitch on the mikrotik

With absolutely correct settings for the L2TP / IPSec connection on the client (for example, Windows 7) and on the server (Mikrotik), you can not establish a VPN connection. In this case, the message "failed to pre-process ph2 packet" goes to the Mikrotik log, and the error on the Windows 7 client is 789: the L2TP connection attempt failed because of an error that occurred at the security level ... This problem can occur on Firmware up to the last stable at the current time (6.30).

Solution: delete the default group in the IP - IPSec - Groups menu, create a new one and specify it in IP - IPSec - Peers in the Policy Template Group field.

According to Hopy, another solution to the problem with groups may be the execution of this command after re-creating the group:
ip ipsec peer set 0 policy-template-group =*FFFFFFFF
Perhaps this is a legacy from the old configurations, there is no exact answer, but nevertheless, this is an option. By the way, it is possible for this reason (and similar) that you should still perform a complete reset of the device before the initial setup. But this is not a requirement, that's for sure.
 
tawhwat
just joined
Posts: 15
Joined: Fri Oct 28, 2016 5:45 pm

Re: v6.38.5 [current]

Tue Apr 18, 2017 5:12 am

I just found two problems in the Webfig interface:
(1) All date information in the time related field is wrong dramatically, e.g. the up time of an interface may show
Last Link Down Time		Aug/24/2019 15:48:17
Last Link Up Time		Aug/24/2019 15:57:16
while the current time is:
Time 10:06:17
Date	 Apr/18/2017
Affected Model: hEX (MMIPS)

2. The drill down configuration page for each entry under "/interface bridge filter" is gone, When I click an entry, only a blank page is displayed. The only workaround is to use the CLI.
Affected Model: hEX (MMIPS), x86

Hope they can be fixed in next release
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.38.5 [current]

Tue Apr 18, 2017 11:06 am

tawhwat - First issue is already resolved in 6.39rc version. Second issue is now reported and will be fixed as soon as possible.
 
ditonet
Forum Veteran
Forum Veteran
Posts: 835
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:

Re: v6.38.5 [current]

Tue Apr 18, 2017 12:24 pm

Address list entry creation time bug ( described here: viewtopic.php?f=21&t=116951&p=579862#p579862) still exists.
It is also not fixed in 6.39rc72.

Regards,
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.38.5 [current]

Tue Apr 18, 2017 1:36 pm

ditonet - Yes, it is not fixed yet. When it will be fixed, then that will be mentioned in changelog.
 
ditonet
Forum Veteran
Forum Veteran
Posts: 835
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:

Re: v6.38.5 [current]

Tue Apr 18, 2017 1:42 pm

OK, thanks.

Regards,
 
User avatar
k.untner
just joined
Posts: 7
Joined: Sat Feb 18, 2006 9:42 pm
Location: vienna /austria / europe
Contact:

Re: v6.38.5 [current]

Mon Apr 24, 2017 10:57 pm

Anyone seen that Vulnerability? :
http://www.cvedetails.com/cve/CVE-2017-7285/

My RB751G-2HnD gave up on last Saturday. No Packets out from any Port anymore - It ran RouterOS v6.38.5 MIPsBE. Only Netinstall helped, to get it working again ...
Should i downgrade to 6.37.5 to get safe at the moment?
regards, Klemens
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.38.5 [current]

Tue Apr 25, 2017 12:06 am

 
danielcomcom
just joined
Posts: 4
Joined: Fri Mar 17, 2017 11:03 pm
Location: B.C., Canada
Contact:

Re: v6.38.5 [current]

Tue Apr 25, 2017 11:03 am

Anyone else having an issue with dropped packets lasting for about 30 seconds every few hours?
Both sides of the Mikrotik can ping it while this is happening, just not passing through the mikrotik. Just configured as a simple bridge. Emailed support several times never got a response yet.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26293
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.38.5 [current]

Tue Apr 25, 2017 2:19 pm

Anyone seen that Vulnerability? :
http://www.cvedetails.com/cve/CVE-2017-7285/

My RB751G-2HnD gave up on last Saturday. No Packets out from any Port anymore - It ran RouterOS v6.38.5 MIPsBE. Only Netinstall helped, to get it working again ...
Should i downgrade to 6.37.5 to get safe at the moment?
regards, Klemens
It is not a vulnerability. It is the given devices inability to handle the traffic that your ISP can provide. I suggest to choose a better router for your high speed line. There is no specific version or hardware here. All internet connected devices "suffer" from this. It is simple exhaustion of resources when too much traffic is sent to a public port. Even version 6.34 or older has always acted in the same way. Your issues is most likely unrelated.
 
felted67
just joined
Posts: 17
Joined: Sat Mar 16, 2013 5:24 pm

Re: v6.38.5 [current]

Tue Apr 25, 2017 9:11 pm

Hi everyone,

perhaps an offtopic question here:

Has the connection tracking time value influence on the "NAT - keep alive"-value ?
Or is there a special switch to set the "NAT - keep alive"-value ?

I am suffering some problems with the "old" problem VoIP/SIP on natted udp connections.

How long last the NAT-translation entries ?
Is there a hardcoded value or is it controlable ?

Thanks & Greetz from Germany

Cheers.......Detlef
 
kuzma2000
just joined
Posts: 16
Joined: Wed Nov 20, 2013 11:57 am
Location: Kiev, Ukraine

Re: v6.38.5 [current]

Thu Apr 27, 2017 1:12 am

Hi
I have a problem witch email notifications in version 6.38.5.

I specify the server address, login and password in Notification.
But Dude does not use these settings.
Here is the log from the mail server:
"SMTPD" 2456 92655 "2017-04-27 00: 00: 07.656" "172.x.x.x" "SENT: 220 mail.test.kiev.ua ESMTP"
"SMTPD" 2456 92655 "2017-04-27 00: 00: 07.662" "172.x.x.x" "RECEIVED: EHLO admin"
"SMTPD" 2456 92655 "2017-04-27 00: 00: 07.662" "172.x.x.x" "SENT: 250-mail.test.kiev.ua [nl] 250-SIZE 20480000 [nl] 250-AUTH LOGIN [Nl] 250 HELP "
After that, the connection is exceeded.
I think, that Dude use only default settings by SMTP connections.

Is this a bug in version 6.38.5?
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.38.5 [current]

Fri Apr 28, 2017 3:55 pm

Version 6.39 has been released in current channel:
viewtopic.php?f=21&t=121196

Who is online

Users browsing this forum: cyrq, EgidijusL, eworm, ips, normis, wispmikrotik and 23 guests