Page 1 of 1

Re: v6.39.1 [current]

Posted: Wed May 10, 2017 2:48 pm
by Ansy
What's new in 6.39.1 (2017-Apr-27 10:06):
*) dns - made loading thousands of static entries faster;
Wonder how many that "thousands of static entries" can I load (faster or not) into DNS server?
dnsmasq manage about 50K eating 30MB RAM on x86... works well... wont the same in MT.
Tested on hEX (RB750Gr3) -- 4020 items only. No one more, any DNS cache settings, 150+MB RAM free.
Sad.

Re: v6.39.1 [current]

Posted: Wed May 10, 2017 2:49 pm
by strods
Ansy - This fix has nothing to do with RAM.
*) dns - made loading thousands of static entries faster;

Entries are loaded into memory after reboot much faster.

If you want to make cache bigger, then you have to change "cache-size" on DNS server configuration.

Re: v6.39.1 [current]

Posted: Wed May 10, 2017 6:53 pm
by owsugde
Not sure if this has been fixed yet in RC, but anyway, I need to report a (somewhat) critical bug with 6.39(.1):

My Netmetal 5 (921UAGS-5SHPacT, the three chainer without PCIe) isn't able to use two transmit antennas anymore (say, chain 1 and 2, and not 0). All three is ok, only one is ok. With two, however, the AP seems to be running when I check in Netmetal using Winbox, but the counterpart (an SXT SA5 ac) doesn't pick up anything. When I have it scan for the AP, nothing comes up. If I go back to one or three transmit chains without changing anything else at all, the SXT can log in just fine immediately. I use an NV2-only setting with all rx antennas active, which worked just fine until and including 6.38.5.

To me, it seems to be something wrong with a driver somewhere, in either the Netmetal or the SXT (probably Netmetal). Because, wireless signal tab as well as registration details on both ends give me weirdly "empty" figures for the by-chain rx strengths:

Image

Before, and even now on 6.93.1 with other devices (e.g., wAP ac), I get figures for each of the NxM receive antennas.

Re: v6.39.1 [current]

Posted: Thu May 11, 2017 9:23 am
by zm0m
951G-2HnD
Starting from v6.39, when connecting to a device from WinBox version 2 (Winbox v2.2.16),
a problem is detected in NAT Firewall rules: dstnat is inactive with Src.Port; Dst.Port; AnyPort,
accordingly, if you change these rules, the values in these fields are lost. This causes the device to malfunction.
In Winbox 3, everything works correctly.

Re: v6.39.1 [current]

Posted: Thu May 11, 2017 10:02 am
by andriys
Starting from v6.39, when connecting to a device from WinBox version 2 (Winbox v2.2.16),
a problem is detected...
Isn't it something to be expected?
Check this out:
What's new in 6.39 (2017-Apr-27 10:06):
...
!) winbox - minimal required version is v3.11;
...

Re: v6.39.1 [current]

Posted: Thu May 11, 2017 11:25 am
by zm0m
andriys

Thanks for the info. I use some versions of Winbox, it happened historically, and now it does not work very well with the new 6.39.

Re: v6.39.1 [current]

Posted: Thu May 11, 2017 12:07 pm
by pe1chl
Why do you use winbox when you don't want to or cannot upgrade it? use Webfig instead.

Re: v6.39.1 [current]

Posted: Thu May 11, 2017 1:27 pm
by zm0m
pe1chl

I have a some workstation with Win2k it has for develop and debug purposes. So on it i use winbox v2. IMHO, Webfig is not very comfortable for me.

Re: v6.39.1 [current]

Posted: Thu May 11, 2017 1:56 pm
by pe1chl
pe1chl

I have a some workstation with Win2k it has for develop and debug purposes. So on it i use winbox v2. IMHO, Webfig is not very comfortable for me.
Do you really think that MikroTik should spend development and debug effort, effort that cannot then be spent on other tasks, for supporting your ancient computer and special request?
Man, Windows 2000 has been out of support for ages. Even the TWO releases after that, XP and Vista, are out of support.

Re: v6.39.1 [current]

Posted: Thu May 11, 2017 3:05 pm
by zm0m
pe1chl

I know about this, and I have no claims to Mikrotik developers. I shared this information for others. I am a developer and I need this oldest OS for my tests.

Re: v6.39.1 [current]

Posted: Thu May 11, 2017 3:21 pm
by Ansy
What's new in 6.39.1 (2017-Apr-27 10:06):
*) dns - made loading thousands of static entries faster;
Wonder how many that "thousands of static entries" can I load (faster or not) into DNS server?
dnsmasq manage about 50K eating 30MB RAM on x86... works well... wont the same in MT.
Tested on hEX (RB750Gr3) -- 4020 items only. No one more, any DNS cache settings, 150+MB RAM free.
Sad.
Sorry, some records failed to add because of more than 63 chars length (I've specially tested this limit).
For now I've managed to add 20K static DNS records (regexps!) and gonna test it in work.
THANX, MT!

Re: v6.39.1 [current]

Posted: Thu May 11, 2017 3:53 pm
by pe1chl
Sorry, some records failed to add because of more than 63 chars length (I've specially tested this limit).
A DNS name cannot be longer than 255 chars in total and no more than 63 chars in each "label" (part between dots).
That is described in the standard, so when you expected to use longer labels the error is on your side.

Re: v6.39.1 [current]

Posted: Thu May 11, 2017 8:46 pm
by alexcherry
Have several routers (CCRs) with 6.39 and 6.39.1, accounting enabled, working with freeradius 3, framedipaddress is sent correctly. Have you inspected a packet capture?
Are you talking about Stop accounting packet ? I'm telling that Framed-IP is OK in Accounting-start, regular accounting and access packets. It's broken only in accounting-stop packet.
How to generate accounting stop packet - close the existing PPPoE session and Mikrotik will send this packet to Radius.

I'm quite sure in this, we use Framed-IP in our software for session identification and now our clients who upgraded RouterOS are facing the issue.

Re: v6.39.1 [current]

Posted: Fri May 12, 2017 5:09 am
by DaveBrowning
Has anyone seen trouble with DHCP after upgrading to 6.39 or 6.39.1? I upgraded a 951Ui-2HnD router to 6.39 at a customer on Tuesday morning because I was onsite to add new equipment and thought I'd try the upgrade (yeah, silly idea I know) and now our Debian Linux server isn't accepting DHCP offers from it (the Linux box hasn't been touched and no software has been upgraded on it). The Linux box syslog reports that no DHCP offers were received, the router log says the offer wasn't accepted. Windows 7 doesn't seem to have a problem and gets a lease without problem. I've tried 6.39.1 and that doesn't seem to have fixed it.
I'm having this issue. driving me bonkers! Support advised downgrade to bugfix version however I'm sure a downgrade would go horribly wrong given I also have 30 odd CAPS connecting to the problem router for CAPsMAN.. Eagerly awaiting a later version with a fix.

Re: v6.39.1 [current]

Posted: Fri May 12, 2017 8:53 am
by Ansy
Sorry, some records failed to add because of more than 63 chars length (I've specially tested this limit).
A DNS name cannot be longer than 255 chars in total and no more than 63 chars in each "label" (part between dots).
That is described in the standard, so when you expected to use longer labels the error is on your side.
All domain names are real ones (russian gov. block list), but IMHO that limits are for name field, not for REGEXP field in MT ROS DNS static records. & yes, I've tested dot delimited regexps each shorter than 63 chars too, without success. Any case, I need more static records than huge their lengths.

P.S. Top length record, for example, 214 chars (lightly changed, of course ;)
legalrc.biz.magazin-v-doverennyx-account-legpills.prinimayet-zakazy-pishite-v-kontakty.kuritelnyye-smesi-miksy-marki-sol-dzhiv-jwh-skorost-zakladki.reagenty-kuritelniye-smesi-geroin-efedrin-metadon-lsd-mdma-jwh.biz

Re: v6.39.1 [current]

Posted: Fri May 12, 2017 10:10 am
by strods
gavinsaxby - Please write to support@mikrotik.com and send supout file which would be generated on DHCP server while you can not receive address from it.
DaveBrowning - Please provide ticket number of that ticket within which support has advised you to downgrade to bugfix version. We will look into it.

Before you generate supout file please:
1) Run this command - "/system logging add topics=dhcp,debug";
2) After that reproduce problem and only then generate supout file.

Re: v6.39.1 [current]

Posted: Fri May 12, 2017 4:10 pm
by pukkita
Have several routers (CCRs) with 6.39 and 6.39.1, accounting enabled, working with freeradius 3, framedipaddress is sent correctly. Have you inspected a packet capture?
Are you talking about Stop accounting packet ? I'm telling that Framed-IP is OK in Accounting-start, regular accounting and access packets. It's broken only in accounting-stop packet.
How to generate accounting stop packet - close the existing PPPoE session and Mikrotik will send this packet to Radius.

I'm quite sure in this, we use Framed-IP in our software for session identification and now our clients who upgraded RouterOS are facing the issue.
I was referring to the stop records in radacct (guess you use a SQL backend).

Had the chance to setup debugging and you're right, definitely Framed-IP-Address = 10.0.0.0 on the stop accounting packets... didn't notice this as radacct stop record correctly reflects the Framed-IP-Address of the user and I don't use the values directly from the packets but from the SQL backend.

I think it will be better to write directly to support along with a supout etc.

Re: v6.39.1 [current]

Posted: Sat May 13, 2017 3:53 pm
by peo
Serial port forwarding don’t work on mmips architecture. The same configuration works on mipsbe device.

Re: v6.39.1 [current]

Posted: Sun May 14, 2017 12:53 am
by gyropilot
Updated the following devices today to ROS v6.39.1 with no difficulties:

hAP ac Lite
Metal 52 ac

Re: v6.39.1 [current]

Posted: Sun May 14, 2017 10:36 am
by Hakeel
Anyone experience any issues with with P2P filters after this upgrade? i had configured torrent filters but after the upgrade am now told p2p filters is obsolete i match with layer7. how do i go about fixing this problem?

Re: v6.39.1 [current]

Posted: Sun May 14, 2017 11:27 am
by gramels
still having DFS problems with hAP ac on 6.39.1
on 6.38.5 everything was fine.
every day there is radar detected and the AP switches channels until it gets to a non DFS channel (5180).
it makes no difference if I change antenna gain or the "start channel" to another one (usally 5500 ist default, tested with 5580, 5640).
the problem only seems to occur, if the device is triple chain 5GHz.
this problem seems to also be present on netmetal 5.
one connected device is sufficient to trigger the DFS problem.
same here, I upgraded to 6.39.1 yesterday but do not get stable connection on DFS channels (using CAPSMAN), downgraded the APs to 6.38.5 and it is fine again. CAPSMAN still on 6.39.1

Re: v6.39.1 [current]

Posted: Sun May 14, 2017 11:46 am
by msatter
Anyone experience any issues with with P2P filters after this upgrade? i had configured torrent filters but after the upgrade am now told p2p filters is obsolete i match with layer7. how do i go about fixing this problem?
Follow the postings: viewtopic.php?p=596706#p596706

Re: v6.39.1 [current]

Posted: Mon May 15, 2017 12:29 pm
by SiB
Upgrade 3x CCR1016-12G and my tunnels base on IPSec are down... from v6.4 or v6.20 to current.
ARPings works but I haven't L3 communication.

logs:
ipsec, debug ... Expecting IP address type in main mode when using preshared key for authorization (see RFC 2409 section 5.4), but User_FQDN ...
ipsec, error ... phase1 negotiation failed due to time up ...

IPSec Peer - I open one tunel and ONLY PRESS APPLY and get error like "failure: address ID must be used in main mode, use my-id=auto!"

WorkARound or maybe a sollution is to change into "My ID Type: auto" because all my peers use old default value "user fqdn" without any fqdn inserted - current have got problem with old default value.

@Mikrotik:
1) Why I have tree column with ~"My ID"
2) I cannot use a loop to change this option for all entry :( .
Any find is with my-id, not my-id-type and the user-fqdn: is strange. e.g. "put [/ip ipsec peer find where my-id=user-fqdn:]" and others
Maybe sollution shouldbe: /ip ipsec peer set my-id=auto [find ] ;

http://prntscr.com/f7zd73
Image

Re: v6.39.1 [current]

Posted: Mon May 15, 2017 5:40 pm
by complex1
Just updated my RB2011UiAS from v6.38.5 to v6.39.1 and everything is OK so far.

Re: v6.39.1 [current]

Posted: Mon May 15, 2017 6:30 pm
by Thomeless
I also having problem with DFS on AP in this version. One of my AP still detecting for radar and never switch back to normal mode. I don't have this issue on clients. AP si RB411.
Which country and frequency did you set it to? Some frequencies require a very long radar search (10 minutes)
Czech Republic and frequency 5600 I think...

Re: v6.39.1 [current]

Posted: Tue May 16, 2017 11:01 am
by Deantwo
Upgrade 3x CCR1016-12G and my tunnels base on IPSec are down...
I also upgraded a CCR1016-12G to RouterOS v6.39.1, and the IPsec tunnel stopped working.
From what I could see in the Installed SAs, it was not receiving anything even though the other end was transmitting.
Upgrading the router in the other end yielded the same result, it stopped receiving.

I ended up downgrading again, not sure what was going and I haven't had the time to test it.

Re: v6.39.1 [current]

Posted: Tue May 16, 2017 11:55 am
by pe1chl
it must be specific to your configuration as I have also upgraded a CCR to 6.39.1 and the IPsec tunnels work fine.
maybe some error in the firewall config.

Re: v6.39.1 [current]

Posted: Tue May 16, 2017 7:52 pm
by marcin21
damn!, upgraded few RB2011, CRS125 and 3011 to from ros36.4 to ros39.1,
rb3011 is functional but unable to login due to "invalid password" error.
Is there eny solution to such problem or do I have to go there and do factory reset?

Re: v6.39.1 [current]

Posted: Wed May 17, 2017 10:10 am
by Bossman
Some people here are complaining about serious issues with 3011 after upgrade.
However I haven't seen any reaction of MK confirming or rejecting that. So I'm asking whether is it safe to upgrade 3011 and wish to hear clear answer.
Our routers are set to auto Update.

We have ONE 3011.5 ports in use. All routing is OSPF. No Firewall rules. NO Queues.

After 8 days, things seem to be fine.

Re: v6.39.1 [current]

Posted: Wed May 17, 2017 6:49 pm
by miketk
removed

Re: v6.39.1 [current]

Posted: Wed May 17, 2017 6:51 pm
by miketk
Have several routers (CCRs) with 6.39 and 6.39.1, accounting enabled, working with freeradius 3, framedipaddress is sent correctly. Have you inspected a packet capture?
Are you talking about Stop accounting packet ? I'm telling that Framed-IP is OK in Accounting-start, regular accounting and access packets. It's broken only in accounting-stop packet.
How to generate accounting stop packet - close the existing PPPoE session and Mikrotik will send this packet to Radius.
I'm quite sure in this, we use Framed-IP in our software for session identification and now our clients who upgraded RouterOS are facing the issue.
I can confirm the issue with 3011 and radius accounting Stop on 6.39.1,
have to use mix of data for session ID because mikrotik acct-session-id is not unique and sometimes have collision.

Re: v6.39.1 [current]

Posted: Thu May 18, 2017 10:47 am
by techmngr
Hi Everyone.

It's my first time posting in this forum and just a little over 3 months using Mikrotik routers, having worked in mostly Cisco network environments. Just would like to ask what the most stable RouterOS there is for a Mikrotik1036? If it helps, I'll be running BGP on the router.

I have so much questions about Mikrotik, would this be the best forum for Mikrotik? :-)

Thanks in advance.
Hi,

Im using version 6.38.5 on CCR1036-12G-4S and using bgp without any problem.
Hi Sir..

Thanks for the response..I'll try using it then..appreciate it.

Re: v6.39.1 [current]

Posted: Sat May 20, 2017 12:45 pm
by kraks
Hi,
I have problem send trap at 2 IP address.
Trap is sending only 1 IP address

RB1000 FW 6.39.1

Settings

Image
Image

when i change sequence then the problem is same

Image
Image

Is it possible fix it ?

Re: v6.39.1 [current]

Posted: Mon May 22, 2017 1:34 am
by Ishtiaque
I do not blindly hurry with updates. I read the forum. When I know why to do the update, I firstly test in the lab. And yes, I needed to use a serial cable and netinstall few times in the history in the lab. But never in the field so far.
I also use backup partitions to be able easily revert the routers back when necessary so I am very unhappy of those new routers with 16MB of flash that are not able to carry two partitions.
Dear
Which is the best version for CCR-1016-12G ...

Please ?

Thanks In advance .

Re: v6.39.1 [current]

Posted: Mon May 22, 2017 6:46 am
by jarda
The one you are running now if you do not suffer by any problem or do not need any of new features.

Re: v6.39.1 [current]

Posted: Mon May 22, 2017 2:04 pm
by andreadg88
Hi,
i've upgraded my pair of CCR1072 that i use as PPPoE Server and i've the same issue of alexcherry about radius accounting stop packet.
The Framed-IP-Address value that RouterOS send to Freeradius was totally incorrect.
The Framed-IP-Address value for the Interim-Update of same connected user works fine.


INTERIM-UPDATE
May/22/2017 12:30:16 radius,debug,packet sending Accounting-Request with id 86 to 185.129.91.248:1646
May/22/2017 12:30:16 radius,debug,packet Signature = 0x66b016e8ba441d18c7ed03c01a7d14e5
May/22/2017 12:30:16 radius,debug,packet Service-Type = 2
May/22/2017 12:30:16 radius,debug,packet Framed-Protocol = 1
May/22/2017 12:30:16 radius,debug,packet NAS-Port = 15765320
May/22/2017 12:30:16 radius,debug,packet NAS-Port-Type = 15
May/22/2017 12:30:16 radius,debug,packet
User-Name = "209_mi_voce@optimabs"
May/22/2017 12:30:16 radius,debug,packet Calling-Station-Id = "C8:0E:14:46:6D:37"
May/22/2017 12:30:16 radius,debug,packet Called-Station-Id = "Optima4014"
May/22/2017 12:30:16 radius,debug,packet NAS-Port-Id = "bridgeVlan4014"
May/22/2017 12:30:16 radius,debug,packet MS-CHAP-Domain = "optimabs"
May/22/2017 12:30:16 radius,debug,packet Acct-Session-Id = "81908eef"
May/22/2017 12:30:16 radius,debug,packet
Framed-IP-Address = 10.101.7.52
May/22/2017 12:30:16 radius,debug,packet Acct-Authentic = 1
May/22/2017 12:30:16 radius,debug,packet Event-Timestamp = 1495449016
May/22/2017 12:30:16 radius,debug,packet Acct-Session-Time = 780
May/22/2017 12:30:16 radius,debug,packet Idle-Timeout = 3600
May/22/2017 12:30:16 radius,debug,packet Session-Timeout = 0
May/22/2017 12:30:16 radius,debug,packet MT-Address-List = "ngavoce"
May/22/2017 12:30:16 radius,debug,packet Acct-Input-Octets = 54
May/22/2017 12:30:16 radius,debug,packet Acct-Input-Gigawords = 0
May/22/2017 12:30:16 radius,debug,packet Acct-Input-Packets = 3
May/22/2017 12:30:16 radius,debug,packet Acct-Output-Octets = 46
May/22/2017 12:30:16 radius,debug,packet Acct-Output-Gigawords = 0
May/22/2017 12:30:16 radius,debug,packet Acct-Output-Packets = 4
May/22/2017 12:30:16 radius,debug,packet Acct-Status-Type = 3
May/22/2017 12:30:16 radius,debug,packet NAS-Identifier = "PPPoE-2"
May/22/2017 12:30:16 radius,debug,packet Acct-Delay-Time = 0
May/22/2017 12:30:16 radius,debug,packet MT-Realm = 0x6f7074696d616273
May/22/2017 12:30:16 radius,debug,packet NAS-IP-Address = 185.129.88.5




RELEASE
May/22/2017 12:30:29 radius,debug,packet sending Accounting-Request with id 98 to 185.129.91.248:1646
May/22/2017 12:30:29 radius,debug,packet Signature = 0xcd439aab48a306e004dc6280de6f2fc8
May/22/2017 12:30:29 radius,debug,packet Service-Type = 2
May/22/2017 12:30:29 radius,debug,packet Framed-Protocol = 1
May/22/2017 12:30:29 radius,debug,packet NAS-Port = 15765320
May/22/2017 12:30:29 radius,debug,packet NAS-Port-Type = 15
May/22/2017 12:30:29 radius,debug,packet
User-Name = "209_mi_voce@optimabs"
May/22/2017 12:30:29 radius,debug,packet Calling-Station-Id = "C8:0E:14:46:6D:37"
May/22/2017 12:30:29 radius,debug,packet Called-Station-Id = "Optima4014"
May/22/2017 12:30:29 radius,debug,packet NAS-Port-Id = "bridgeVlan4014"
May/22/2017 12:30:29 radius,debug,packet MS-CHAP-Domain = "optimabs"
May/22/2017 12:30:29 radius,debug,packet Acct-Session-Id = "81908eef"
May/22/2017 12:30:29 radius,debug,packet
Framed-IP-Address = 10.0.0.0
May/22/2017 12:30:29 radius,debug,packet Acct-Authentic = 1
May/22/2017 12:30:29 radius,debug,packet Event-Timestamp = 1495449029
May/22/2017 12:30:29 radius,debug,packet Acct-Session-Time = 794
May/22/2017 12:30:29 radius,debug,packet Idle-Timeout = 3600
May/22/2017 12:30:29 radius,debug,packet Session-Timeout = 0
May/22/2017 12:30:29 radius,debug,packet MT-Address-List = "ngavoce"
May/22/2017 12:30:29 radius,debug,packet Acct-Input-Octets = 54
May/22/2017 12:30:29 radius,debug,packet Acct-Input-Gigawords = 0
May/22/2017 12:30:29 radius,debug,packet Acct-Input-Packets = 3
May/22/2017 12:30:29 radius,debug,packet Acct-Output-Octets = 46
May/22/2017 12:30:29 radius,debug,packet Acct-Output-Gigawords = 0
May/22/2017 12:30:29 radius,debug,packet Acct-Output-Packets = 4
May/22/2017 12:30:29 radius,debug,packet Acct-Status-Type = 2
May/22/2017 12:30:29 radius,debug,packet Acct-Terminate-Cause = 10
May/22/2017 12:30:29 radius,debug,packet NAS-Identifier = "PPPoE-2"
May/22/2017 12:30:29 radius,debug,packet Acct-Delay-Time = 0
May/22/2017 12:30:29 radius,debug,packet MT-Realm = 0x6f7074696d616273
May/22/2017 12:30:29 radius,debug,packet NAS-IP-Address = 185.129.88.5



FreeRadius LOG
Mon May 22 12:32:11 2017 : Info: Released IP 10.0.0.0 (did Optima4014 cli C8:0E:14:46:6D:37 user 209_mi_voce@optimabs)
Mon May 22 12:32:11 2017 : Auth: Login OK: [209_mi_voce@optimabs] (from client MIKROTIK PPPoE-2 port 15765441 cli C8:0E:14:46:6D:37)
Mon May 22 12:32:11 2017 : Info: Allocated IP: 10.101.5.119 from voce_nga   (did Optima4014 cli C8:0E:14:46:6D:37 port 15765441 user 209_mi_voce@optimabs)


I cannot downgrade to previous version because i create a service disruption...please fix it....

Re: v6.39.1 [current]

Posted: Tue May 23, 2017 12:29 am
by Ishtiaque
The one you are running now if you do not suffer by any problem or do not need any of new features.
Dear ,
Yes problem in current version , please just suggest me which is the best version.
and which version you are working with ..... Please Don't mind .

Re: v6.39.1 [current]

Posted: Tue May 23, 2017 1:05 pm
by andriys
please just suggest me which is the best version.
and which version you are working with
When in doubt, just stick to the latest version in the bugfix update channel, which is 6.37.5 as of now.

Re: v6.39.1 [current]

Posted: Tue May 23, 2017 2:50 pm
by jarda
I am mostly running at 6.39.1 now. Just few remote devices where I was not brave enough to upgrade are running with older versions.

Re: v6.39.1 [current]

Posted: Tue May 23, 2017 6:11 pm
by anuser
i am seeing a lot of rejected, forbidden by access list, and group key timeout, sending station leaving
anybody else?
I am seeing to many "group key timeouts" aswell with CAPSMAN forwarding (mainly on 2.4Ghz.)

Re: v6.39.1 [current]

Posted: Tue May 23, 2017 8:34 pm
by nilodgarry
hi guy i need a help please i want to add dude-6.39.1.npk on my mikrotik os but it doesn't work after multiple try.
my os is at the last version 6.39.1 but the dude is refuse to instal on package contents.

Re: v6.39.1 [current]

Posted: Tue May 23, 2017 10:27 pm
by jarda
Don't duplicate the posts.
viewtopic.php?p=599572#p599572

Re: v6.39.1 [current]

Posted: Tue May 23, 2017 11:27 pm
by acidvenom
My cAP bricked too. Was upgrading from 6.39 to 6.39.1. Just to let you know.

Re: v6.39.1 [current]

Posted: Wed May 24, 2017 11:49 am
by amt
I upgrade 6.39.1 many device like 3011,OmniTiK,CCR1036,CCR1072,SXT,LHG... and there is no any problem....

Re: v6.39.1 [current]

Posted: Thu May 25, 2017 12:36 am
by andreadg88
Hey,
have you any news regarding the issue that i have described below?
It's very difficult to work in this bugged scenario


Regards
Andrea

Hi,
i've upgraded my pair of CCR1072 that i use as PPPoE Server and i've the same issue of alexcherry about radius accounting stop packet.
The Framed-IP-Address value that RouterOS send to Freeradius was totally incorrect.
The Framed-IP-Address value for the Interim-Update of same connected user works fine.


INTERIM-UPDATE
May/22/2017 12:30:16 radius,debug,packet sending Accounting-Request with id 86 to 185.129.91.248:1646
May/22/2017 12:30:16 radius,debug,packet Signature = 0x66b016e8ba441d18c7ed03c01a7d14e5
May/22/2017 12:30:16 radius,debug,packet Service-Type = 2
May/22/2017 12:30:16 radius,debug,packet Framed-Protocol = 1
May/22/2017 12:30:16 radius,debug,packet NAS-Port = 15765320
May/22/2017 12:30:16 radius,debug,packet NAS-Port-Type = 15
May/22/2017 12:30:16 radius,debug,packet
User-Name = "209_mi_voce@optimabs"
May/22/2017 12:30:16 radius,debug,packet Calling-Station-Id = "C8:0E:14:46:6D:37"
May/22/2017 12:30:16 radius,debug,packet Called-Station-Id = "Optima4014"
May/22/2017 12:30:16 radius,debug,packet NAS-Port-Id = "bridgeVlan4014"
May/22/2017 12:30:16 radius,debug,packet MS-CHAP-Domain = "optimabs"
May/22/2017 12:30:16 radius,debug,packet Acct-Session-Id = "81908eef"
May/22/2017 12:30:16 radius,debug,packet
Framed-IP-Address = 10.101.7.52
May/22/2017 12:30:16 radius,debug,packet Acct-Authentic = 1
May/22/2017 12:30:16 radius,debug,packet Event-Timestamp = 1495449016
May/22/2017 12:30:16 radius,debug,packet Acct-Session-Time = 780
May/22/2017 12:30:16 radius,debug,packet Idle-Timeout = 3600
May/22/2017 12:30:16 radius,debug,packet Session-Timeout = 0
May/22/2017 12:30:16 radius,debug,packet MT-Address-List = "ngavoce"
May/22/2017 12:30:16 radius,debug,packet Acct-Input-Octets = 54
May/22/2017 12:30:16 radius,debug,packet Acct-Input-Gigawords = 0
May/22/2017 12:30:16 radius,debug,packet Acct-Input-Packets = 3
May/22/2017 12:30:16 radius,debug,packet Acct-Output-Octets = 46
May/22/2017 12:30:16 radius,debug,packet Acct-Output-Gigawords = 0
May/22/2017 12:30:16 radius,debug,packet Acct-Output-Packets = 4
May/22/2017 12:30:16 radius,debug,packet Acct-Status-Type = 3
May/22/2017 12:30:16 radius,debug,packet NAS-Identifier = "PPPoE-2"
May/22/2017 12:30:16 radius,debug,packet Acct-Delay-Time = 0
May/22/2017 12:30:16 radius,debug,packet MT-Realm = 0x6f7074696d616273
May/22/2017 12:30:16 radius,debug,packet NAS-IP-Address = 185.129.88.5




RELEASE
May/22/2017 12:30:29 radius,debug,packet sending Accounting-Request with id 98 to 185.129.91.248:1646
May/22/2017 12:30:29 radius,debug,packet Signature = 0xcd439aab48a306e004dc6280de6f2fc8
May/22/2017 12:30:29 radius,debug,packet Service-Type = 2
May/22/2017 12:30:29 radius,debug,packet Framed-Protocol = 1
May/22/2017 12:30:29 radius,debug,packet NAS-Port = 15765320
May/22/2017 12:30:29 radius,debug,packet NAS-Port-Type = 15
May/22/2017 12:30:29 radius,debug,packet
User-Name = "209_mi_voce@optimabs"
May/22/2017 12:30:29 radius,debug,packet Calling-Station-Id = "C8:0E:14:46:6D:37"
May/22/2017 12:30:29 radius,debug,packet Called-Station-Id = "Optima4014"
May/22/2017 12:30:29 radius,debug,packet NAS-Port-Id = "bridgeVlan4014"
May/22/2017 12:30:29 radius,debug,packet MS-CHAP-Domain = "optimabs"
May/22/2017 12:30:29 radius,debug,packet Acct-Session-Id = "81908eef"
May/22/2017 12:30:29 radius,debug,packet
Framed-IP-Address = 10.0.0.0
May/22/2017 12:30:29 radius,debug,packet Acct-Authentic = 1
May/22/2017 12:30:29 radius,debug,packet Event-Timestamp = 1495449029
May/22/2017 12:30:29 radius,debug,packet Acct-Session-Time = 794
May/22/2017 12:30:29 radius,debug,packet Idle-Timeout = 3600
May/22/2017 12:30:29 radius,debug,packet Session-Timeout = 0
May/22/2017 12:30:29 radius,debug,packet MT-Address-List = "ngavoce"
May/22/2017 12:30:29 radius,debug,packet Acct-Input-Octets = 54
May/22/2017 12:30:29 radius,debug,packet Acct-Input-Gigawords = 0
May/22/2017 12:30:29 radius,debug,packet Acct-Input-Packets = 3
May/22/2017 12:30:29 radius,debug,packet Acct-Output-Octets = 46
May/22/2017 12:30:29 radius,debug,packet Acct-Output-Gigawords = 0
May/22/2017 12:30:29 radius,debug,packet Acct-Output-Packets = 4
May/22/2017 12:30:29 radius,debug,packet Acct-Status-Type = 2
May/22/2017 12:30:29 radius,debug,packet Acct-Terminate-Cause = 10
May/22/2017 12:30:29 radius,debug,packet NAS-Identifier = "PPPoE-2"
May/22/2017 12:30:29 radius,debug,packet Acct-Delay-Time = 0
May/22/2017 12:30:29 radius,debug,packet MT-Realm = 0x6f7074696d616273
May/22/2017 12:30:29 radius,debug,packet NAS-IP-Address = 185.129.88.5



FreeRadius LOG
Mon May 22 12:32:11 2017 : Info: Released IP 10.0.0.0 (did Optima4014 cli C8:0E:14:46:6D:37 user 209_mi_voce@optimabs)
Mon May 22 12:32:11 2017 : Auth: Login OK: [209_mi_voce@optimabs] (from client MIKROTIK PPPoE-2 port 15765441 cli C8:0E:14:46:6D:37)
Mon May 22 12:32:11 2017 : Info: Allocated IP: 10.101.5.119 from voce_nga   (did Optima4014 cli C8:0E:14:46:6D:37 port 15765441 user 209_mi_voce@optimabs)


I cannot downgrade to previous version because i create a service disruption...please fix it....

Re: v6.39.1 [current]

Posted: Thu May 25, 2017 7:24 am
by Ishtiaque
please just suggest me which is the best version.
and which version you are working with
When in doubt, just stick to the latest version in the bugfix update channel, which is 6.37.5 as of now.
Thank you so Much Dear .
Nicely Answered.

Re: v6.39.1 [current]

Posted: Thu May 25, 2017 7:29 am
by Ishtiaque
I am mostly running at 6.39.1 now. Just few remote devices where I was not brave enough to upgrade are running with older versions.
Thank you Dear For your Answer .
It is Helpful for me and cleared many Hesitation .

Re: v6.39.1 [current]

Posted: Thu May 25, 2017 6:06 pm
by Yakko
We use mikrotiks for are customers and seem to be having issues on PS4 at the moment
I seem to be having an issue on PS4's with the dns.
The error code that pops up is
Cannot connect to playstation network. Dns error (NW-31253-4).
They suggest many things all of which i have tried. Just for reference though the the web browser on the ps4 works just fine.
port forwards
dns switched to google or open dns
updating ps4
static the ip
upnp... nothing works
I'm left at possibly the latest update to 3.39.1
"dns - made loading thousands of static entries faster;"
May be breaking something and preventing connection to it.
I'm kind of at a loss I even attempted to call Mikrotik experts from LinkTechs to review settings and find out what the problem is.

Re: v6.39.1 [current]

Posted: Thu May 25, 2017 7:05 pm
by pe1chl
Disable external access to the DNS and setup a dst-nat from 192.168.88.1:53 to 8.8.8.8:53 and see if that solves the issue.

Re: v6.39.1 [current]

Posted: Fri May 26, 2017 11:28 am
by strods
Radius accounting messages and other fixes are available in 6.40rc version:
viewtopic.php?f=21&t=121198

Re: v6.39.1 [current]

Posted: Fri May 26, 2017 12:46 pm
by MarkoB
We use mikrotiks for are customers and seem to be having issues on PS4 at the moment
I seem to be having an issue on PS4's with the dns.
The error code that pops up is
Cannot connect to playstation network. Dns error (NW-31253-4).
They suggest many things all of which i have tried. Just for reference though the the web browser on the ps4 works just fine.
port forwards
dns switched to google or open dns
updating ps4
static the ip
upnp... nothing works
I'm left at possibly the latest update to 3.39.1
"dns - made loading thousands of static entries faster;"
May be breaking something and preventing connection to it.
I'm kind of at a loss I even attempted to call Mikrotik experts from LinkTechs to review settings and find out what the problem is.
PS4 does not support EDNS
change Max UDP Packet Size in DNS options from 4096 to 512

Re: v6.39.1 [current]

Posted: Mon May 29, 2017 11:59 pm
by voytec
Updated CCR1009-7G-1C-1S+ from v6.38.5 to v6.39.1 - everything OK.

Re: v6.39.1 [current]

Posted: Tue May 30, 2017 4:03 am
by ploquets
I'm still trying to figure it out this changelog from 6.39
!) ppp - implemented internal algorithm for "change-mss", no mangle rules necessary;

viewtopic.php?t=122019

Please help

Re: v6.39.1 [current]

Posted: Wed May 31, 2017 11:58 pm
by jmay
Anyone seeing problems with ping timeouts? Every MT I have is losing about 5% of pings. I can even ping a MT from a computer with a direct cable plugged into it and lose packets.

Re: v6.39.1 [current]

Posted: Fri Jun 02, 2017 5:25 pm
by idlemind
I just bought a pair of cap lite's and I un-boxed them but found the default configuration to be buggy at best.

They came with 6.37.4 and the default configuration came with the standard 192.168.88.1 on a bridge interface and a default SSID broadcasted. Sadly no DHCP server or pool are setup so you can't configure the device without setting a static IP on your device and then connect to either Ethernet or wireless. Not the worst but it did prevent me from using the TikApp to try and configure these little units. In summary, the default configuration for these units in 6.37.4 provides a very poor customer experience and doesn't match the documentation provided with the product.

After some mucking around with them I got them online and updated them to 6.39.1 to see if their were improvements in the default configuration. There definitely was but still not enough to get the unit setup in a fashion suggested by the documentation, connect to the SSID and type http://192.168.88.1 into the browser.

The difference comes down to a DHCP client being placed on the bridge interface. A WLAN is still configured and broadcast that you won't be able to connect to unless you have plugged the device into an Ethernet segment running one. Arguably better but still doesn't match the documentation.

Suggestion

Either adapt the products documentation to match the configuration supplied in 6.39.1 or alter the default configuration. The alteration would simply be to make it function as the documentation says it would. Plug it into power, connect to the default SSID and use the TikApp, WebFig, WinBox or SSH to configure the device at 192.168.88.1.

To play devils advocate, a device like the cap lite is probably not going to be used like a typical router so I could see some proponents of the cap lite's default behavior in 6.39.1. You could match the MAC to an IP and login into it after plugging it into a network device. For some and especially in larger deployments I could see the benefit of this. It definitely matches other products in the access point market. If that's the case and the intention from MikroTik it should be noted in the documentation of the product and displayed prominently on the devices information page. An example could be bold print indicating this device has received an update to how it is configured.

Reference

6.37.4 Default Configuration
  script: :global ssid;
          #| WISP Bridge:
          #|  * wireless and LAN interfaces are bridged;
          #|  * IP address 192.168.88.1/24 is set on bridge
          #| wlan1 Configuration:
          #|     mode:          ap-bridge;
          #|     band:          2ghz-b/g/n;
          #|     ht-chains:     0,1;
          #|     ht-extension:  20/40mhz-Ce;
          #| LAN Configuration:


          :log info Starting_defconf_script_;
          :global action;
          #-------------------------------------------------------------------------------
          # Apply configuration.
          # these commands are executed after installation or configuration reset
          #-------------------------------------------------------------------------------
          :if ($action = "apply") do={
          # wait for interfaces
          :local count 0;
          :while ([/interface ethernet find] = "") do={
          :if ($count = 30) do={
          :log warning "DefConf: Unable to find ethernet interfaces";
          /quit;
          }
          :delay 1s; :set count ($count +1);
          };

            :local count 0;
            :while ([/interface wireless print count-only] < 1) do={
              :set count ($count +1);
              :if ($count = 30) do={
                :log warning "DefConf: Unable to find wireless interface(s)";
                /ip address add address=192.168.88.1/24 interface=ether1 comment="defconf";
                /quit
              }
              :delay 1s;
            };
            /interface wireless {
              set wlan1 mode=ap-bridge band=2ghz-b/g/n tx-chains=0,1 rx-chains=0,1 \
                disabled=no wireless-protocol=802.11 distance=indoors
              :local wlanMac  [/interface wireless get wlan1 mac-address];
              :set ssid "MikroTik-$[:pick $wlanMac 9 11]$[:pick $wlanMac 12 14]$[:pick $wlanMac 15 17]"
              set wlan1 ssid=$ssid
              set wlan1 frequency=auto
              set wlan1 channel-width=20/40mhz-Ce ;
            }
           /interface bridge
             add name=bridge disabled=no auto-mac=yes protocol-mode=rstp comment=defconf;
           :local bMACIsSet 0;
           :foreach k in=[/interface find where !(slave=yes  || name~"bridge")] do={
             :log info "k: $k"
             :local tmpPortName [/interface get $k name];
             :log info "port: $tmpPortName"
             :if ($bMACIsSet = 0) do={
               :if ([/interface get $k type] = "ether") do={
                 /interface bridge set "bridge" auto-mac=no admin-mac=[/interface ethernet get $tmpPortName mac-address];
                 :set bMACIsSet 1;
               }
             }
             /interface bridge port
               add bridge=bridge interface=$tmpPortName comment=defconf;
           }
            /ip address add address=192.168.88.1/24 interface=bridge comment="defconf";
          }
          #-------------------------------------------------------------------------------
          # Revert configuration.
          # these commands are executed if user requests to remove default configuration
          #-------------------------------------------------------------------------------
          :if ($action = "revert") do={
          # remove wan port protection
           /ip firewall filter remove [find comment~"defconf"]
           /ip firewall nat remove [find comment~"defconf"]
           /tool mac-server remove [find interface!=all]
           /tool mac-server set [find] disabled=no
           /tool mac-server mac-winbox remove [find interface!=all]
           /tool mac-server mac-winbox set [find] disabled=no
           /ip neighbor discovery set [find ] discover=yes
             :local o [/ip dhcp-server network find comment="defconf"]
             :if ([:len $o] != 0) do={ /ip dhcp-server network remove $o }
             :local o [/ip dhcp-server find name="defconf" !disabled]
             :if ([:len $o] != 0) do={ /ip dhcp-server remove $o }
             /ip pool {
               :local o [find name="default-dhcp" ranges=192.168.88.10-192.168.88.254]
               :if ([:len $o] != 0) do={ remove $o }
             }
             :local o [/ip dhcp-client find comment="defconf"]
             :if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
           /ip dns {
             set allow-remote-requests=no
             :local o [static find name=router address=192.168.88.1]
             :if ([:len $o] != 0) do={ static remove $o }
           }
           /ip address {
             :local o [find comment="defconf"]
             :if ([:len $o] != 0) do={ remove $o }
           }
           :foreach iface in=[/interface ethernet find] do={
             /interface ethernet set $iface name=[get $iface default-name]
           }
           /interface bridge port remove [find comment="defconf"]
           /interface bridge remove [find comment="defconf"]
           /interface wireless reset-configuration wlan1
          }
          :log info Defconf_script_finished;
6.39.1 Default Configuration
  script: :global ssid;
          #| WISP Bridge:
          #|  * wireless and LAN interfaces are bridged;

          #| wlan1 Configuration:
          #|     mode:          ap-bridge;
          #|     band:          2ghz-b/g/n;
          #|     ht-chains:     0,1;
          #|     ht-extension:  20/40mhz-Ce;
          #| LAN Configuration:
          #|     DHCP Client: enabled on LAN port;

          :log info Starting_defconf_script_;
          :global action;
          #-------------------------------------------------------------------------------
          # Apply configuration.
          # these commands are executed after installation or configuration reset
          #-------------------------------------------------------------------------------
          :if ($action = "apply") do={
          # wait for interfaces
          :local count 0;
          :while ([/interface ethernet find] = "") do={
          :if ($count = 30) do={
          :log warning "DefConf: Unable to find ethernet interfaces";
          /quit;
          }
          :delay 1s; :set count ($count +1);
          };

            :local count 0;
            :while ([/interface wireless print count-only] < 1) do={
              :set count ($count +1);
              :if ($count = 30) do={
                :log warning "DefConf: Unable to find wireless interface(s)";
                /ip address add address=192.168.88.1/24 interface=ether1 comment="defconf";
                /quit
              }
              :delay 1s;
            };
            /interface wireless {
              set wlan1 mode=ap-bridge band=2ghz-b/g/n tx-chains=0,1 rx-chains=0,1 \
                disabled=no wireless-protocol=802.11 distance=indoors
              :local wlanMac  [/interface wireless get wlan1 mac-address];
              :set ssid "MikroTik-$[:pick $wlanMac 9 11]$[:pick $wlanMac 12 14]$[:pick $wlanMac 15 17]"
              set wlan1 ssid=$ssid
              set wlan1 frequency=auto
              set wlan1 channel-width=20/40mhz-Ce ;
            }
           /interface bridge
             add name=bridge disabled=no auto-mac=yes protocol-mode=rstp comment=defconf;
           :local bMACIsSet 0;
           :foreach k in=[/interface find where !(slave=yes  || name~"bridge")] do={
             :log info "k: $k"
             :local tmpPortName [/interface get $k name];
             :log info "port: $tmpPortName"
             :if ($bMACIsSet = 0) do={
               :if ([/interface get $k type] = "ether") do={
                 /interface bridge set "bridge" auto-mac=no admin-mac=[/interface ethernet get $tmpPortName mac-address];
                 :set bMACIsSet 1;
               }
             }
             /interface bridge port
               add bridge=bridge interface=$tmpPortName comment=defconf;
           }
            /ip dhcp-client add interface=bridge disabled=no comment="defconf";
          }
          #-------------------------------------------------------------------------------
          # Revert configuration.
          # these commands are executed if user requests to remove default configuration
          #-------------------------------------------------------------------------------
          :if ($action = "revert") do={
          # remove wan port protection
           /ip firewall filter remove [find comment~"defconf"]
           /ip firewall nat remove [find comment~"defconf"]
           /tool mac-server remove [find interface!=all]
           /tool mac-server set [find] disabled=no
           /tool mac-server mac-winbox remove [find interface!=all]
           /tool mac-server mac-winbox set [find] disabled=no
           /ip neighbor discovery set [find ] discover=yes
             :local o [/ip dhcp-server network find comment="defconf"]
             :if ([:len $o] != 0) do={ /ip dhcp-server network remove $o }
             :local o [/ip dhcp-server find name="defconf" !disabled]
             :if ([:len $o] != 0) do={ /ip dhcp-server remove $o }
             /ip pool {
               :local o [find name="default-dhcp" ranges=192.168.88.10-192.168.88.254]
               :if ([:len $o] != 0) do={ remove $o }
             }
             :local o [/ip dhcp-client find comment="defconf"]
             :if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
           /ip dns {
             set allow-remote-requests=no
             :local o [static find name=router address=192.168.88.1]
             :if ([:len $o] != 0) do={ static remove $o }
           }
           /ip address {
             :local o [find comment="defconf"]
             :if ([:len $o] != 0) do={ remove $o }
           }
           :foreach iface in=[/interface ethernet find] do={
             /interface ethernet set $iface name=[get $iface default-name]
           }
           /interface bridge port remove [find comment="defconf"]
           /interface bridge remove [find comment="defconf"]
           /interface wireless reset-configuration wlan1
          }
          :log info Defconf_script_finished;

Re: v6.39.1 [current]

Posted: Sat Jun 03, 2017 7:42 pm
by jarda
You do not need to care about the out of the box config. Just plug the wire, connect with winbox by mac, wipe out the config and enjoy clear device prepaired for whatever configuration you can imagine.

Re: v6.39.1 [current]

Posted: Mon Jun 05, 2017 11:12 am
by HeadCraft
Upgraded from 6.38.5 to 6.39.1
Wireless clients (Honeywell Dolphin 6000) can't connect to wi-fi, while all other devices can (included dolphin 6500, notebooks, smartphones, etc)
I have CAPsMAN configured on mikrotik 1100AHx2 and CAP clients on mikrotik hAP ac lite and RB912UAG-2HPnD.
Log on CAPsMAN writes:
...disconnected, extensive data loss
...disconnected, 4-way handshake timeout
...connected
...disconnected, extensive data loss
...connected
...disconnected, received deauth: class 3 frame received (7)
...disconnected, registered to other interface
and so on.

It seems like wireless clients can't even authenticate on wi-fi. Downgraded to 6.38.5 on CAP clients, while CAPsMAN is still 6.39.1, and all start working again.

Re: v6.39.1 [current]

Posted: Mon Jun 05, 2017 11:22 am
by mariro
Upgrade RB 1100 AH and RB 1100 AHX4 to version 6.39, 10 % loss packet on the any ports in RB. When dowgrade on system version 6.38, los packet is correct.

Re: v6.39.1 [current]

Posted: Tue Jun 06, 2017 2:05 pm
by strods
Version 6.39.2 has been released:
viewtopic.php?f=21&t=122322