Community discussions

MikroTik App
 
dadaniel
Member Candidate
Member Candidate
Posts: 220
Joined: Fri May 14, 2010 11:51 pm

Re: v6.39.2 [current]

Tue Jun 13, 2017 9:54 am

The device is seen in netinstall, when press the install button it last 12 seconds and then go back ready with no actual install.
Close netinstall, open it again and press install a second time. This time it will work.
 
User avatar
gyropilot
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Sat Sep 10, 2016 10:49 pm
Location: SE Arizona USA

Re: v6.39.2 [current]

Tue Jun 13, 2017 8:20 pm

Updated the following devices from ROS v6.39.1 to v6.39.2 with no difficulties noted:

hAP ac Lite
Metal 52 ac
 
zcybercomputing
just joined
Posts: 17
Joined: Tue Feb 14, 2017 4:10 am

Re: v6.39.2 [current]

Tue Jun 13, 2017 9:07 pm

Updated RB-3011, RB750, and RB2011 from 6.38.5 to 6.39.2 without incident.
 
User avatar
zilf
just joined
Posts: 7
Joined: Fri Jul 22, 2016 4:06 pm
Location: Ukraine

Re: v6.39.2 [current]

Tue Jun 13, 2017 9:59 pm

RB 850Gx2

6.39.2 - PPTP with mtu 1400 does not work, with mtu 1380 working
6.39 - PPTP with mtu 1400 working, with mtu 1380 working.
 
jmartins
just joined
Posts: 3
Joined: Fri Jul 22, 2016 1:22 am

Re: v6.39.2 [current]

Tue Jun 13, 2017 11:03 pm

I have a snmp bug with RB750GL and firmware v6.39.2 and routerboard firmware 3.33

snmpget -c public -v 1 192.168.11.189 .1.3.6.1.4.1.14988.1.1.3.10.0
Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: SNMPv2-SMI::enterprises.14988.1.1.3.10.0
 
solelunauno
Member Candidate
Member Candidate
Posts: 119
Joined: Mon Jul 16, 2012 7:00 pm
Location: Roseto Capo Spulico CS Italy
Contact:

Re: v6.39.2 [current]

Wed Jun 14, 2017 11:30 am

I Use RB750UP for its poe out and monitor functions.
If you give this instruction:
/interface ethernet poe monitor [find name=ether5] once do={:put $"poe-out-current"}
with 6.37.5 it shows the correct value of the variable "poe-out-current";
with 6.39.2 it shows the value of "poe-out-voltage";
and all those variables are so shifted: "poe-out-current shows" the voltage, "poe-out-power" shows the current, and so on.
 
ropbo
just joined
Posts: 7
Joined: Mon Oct 31, 2011 4:24 am

Re: v6.39.2 [current]

Wed Jun 14, 2017 10:44 pm

I can't edit any NAT rule via webfig (tried different browsers on MAC and PC). Seems like a bug. I can edit everything else on any other window. Just under firewall->NAT that I can't. I click on any NAT rule and nothing happens. I can create new rules but not edit existing ones.

-> firewall -> NAT

RB3011UiAS
6.39.2 (stable)
arm

It happened in two different units. Upgraded via system->packages
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39.2 [current]

Wed Jun 14, 2017 11:00 pm

I can't edit any NAT rule via webfig (tried different browsers on MAC and PC). Seems like a bug.
Works OK for me (both CCR1009 and RB3011)
Try to clear the browser cache...
 
ropbo
just joined
Posts: 7
Joined: Mon Oct 31, 2011 4:24 am

Re: v6.39.2 [current]

Wed Jun 14, 2017 11:11 pm

I can't edit any NAT rule via webfig (tried different browsers on MAC and PC). Seems like a bug.
Works OK for me (both CCR1009 and RB3011)
Try to clear the browser cache...
Tried that, same thing, can't edit it. My co-worker on a Linux box can't edit it either. Really strange problem, I think it's happened after the upgrade. There're about 38 items in the NAT page. The other Mikrotik unit that is also showing this problem also has a large number of NAT rules (RB1100AHx2, powerpc, 6.39.1 (stable))

I just upgraded another unit (750GL, mipsbe) that only has 14 NAT rules. This one worked.

Puzzling.


UPDATE: I just added about 30 NAT rules to the 750GL and it didn't cause the problem. So I can edit NAT rules on the mipsbe but not on the powerpc nor the arm units.
 
LukasL
just joined
Posts: 6
Joined: Thu Nov 19, 2015 2:01 pm

Re: v6.39.2 [current]

Thu Jun 15, 2017 10:28 pm

Is "*) capsman - fixed EAP identity reporting in “registration-table”;" ported to the 6.39.x version? can't see it in the chnagelog. Just running CAPSMAN 6.40RC for this (no other problems}
 
jBrain
just joined
Posts: 3
Joined: Fri Jun 16, 2017 4:34 pm

Re: v6.39.2 [current]

Fri Jun 16, 2017 5:02 pm

Update to 6.39.2 from 6.39, the web interface is now gone. The underlying configuration seems to be in tact, but I'm no longer able to access the admin web interface, from chrome the connection fails with a time out. The download and update were performed using the web interface, no other changes have been made. I've tried rebooting from the LCD panel, as well as accessing any sort of useful information from the available LCD info screens but was not able to find anything relative to the admin web interface.

All suggestions welcome.

UPDATE: At first it was only the web interface and local IPs I was not able to connect with, then outside hosts such as GMail intermittently until a final collapse of all WIRED ethernet connections to 3 different machines. I noticed I was able to still access internal and external addresses using a device on the wireless ethernet, as well as the admin webfig. All the settings seemed to be in order so I rebooted, the wired connections partially returned in that I can access external hosts from devices plugged into Eth1 - Eth5, but nothing internal on the wireless ethernet which includes the admin web access for some reason

UPDATE 2: I was able to restore the backup of 6.39 and things seem to be back to normal. I'll give this another try sometime but this upgrade was problematic for a seemingly simple no-dhcp bridge configuration with ~12 hosts split between wired/wireless. 6.39 seems rock solid though.
 
mzahor
just joined
Posts: 2
Joined: Thu Apr 18, 2013 5:45 am

Re: v6.39.2 [current]

Sat Jun 17, 2017 8:27 am

I have the same problem on a CRS109-8G-1S-2HnD after upgrading to 6.39.2. Tried chrome firefox and IE

I can't edit any NAT rule via webfig (tried different browsers on MAC and PC). Seems like a bug. I can edit everything else on any other window. Just under firewall->NAT that I can't. I click on any NAT rule and nothing happens. I can create new rules but not edit existing ones.

-> firewall -> NAT

RB3011UiAS
6.39.2 (stable)
arm

It happened in two different units. Upgraded via system->packages
 
Kevo
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Wed Oct 12, 2011 1:38 am

Re: v6.39.2 [current]

Sat Jun 17, 2017 3:51 pm

The new style webfig terminal seems buggy. It doesn't seem to work the first time I click the button. I have to click out to webfig and click back to terminal.

Also, on Safari, the terminal size flashes back and forth like it's opening up too big to fill the window, which triggers the scrollbars, which triggers the sizing code to shrink, which triggers the scrollbars to go away, and that repeats over and over again. If I play around with the window size enough, I can eventually make it stop flashing, but it's very annoying. On Chrome you can sort of see the same thing happening while resizing the window, but it is fine once you stop resizing.
 
driven
just joined
Posts: 5
Joined: Tue Nov 29, 2016 10:03 pm

Re: v6.39.2 [current]

Sat Jun 17, 2017 10:05 pm

When using the built-in DNS, the server cache fills in unfinished (ip 0.0.0.0) queries with the type "unknown" (empirically found out that this is PTR) and non-zero TTL, which leads to overflow of the cache and service inoperability. The problem is not only on the latest firmware.Image
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39.2 [current]

Sat Jun 17, 2017 10:14 pm

somebody has set the .lan default search suffix. remove that!
 
driven
just joined
Posts: 5
Joined: Tue Nov 29, 2016 10:03 pm

Re: v6.39.2 [current]

Sun Jun 18, 2017 1:49 am

Sorry, the screenshot is not the one. In this video on time 0:34 the list of empty PTRs is visible.
 
aviper
Member Candidate
Member Candidate
Posts: 196
Joined: Thu Sep 15, 2005 5:48 pm

Re: v6.39.2 [current]

Sun Jun 18, 2017 10:40 am

I have a question with respect the release numbering:

Why 6.37.x is Bugfix and 6.39.x is current.
Where are the 6.38.x releases? I think all the 6.38.x must be Bugfix if my logic is right.
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.39.2 [current]

Sun Jun 18, 2017 5:13 pm

Where are the 6.38.x releases? I think all the 6.38.x must be Bugfix if my logic is right.
The bugfix channel is supposed to only offer the most stable releases, ideally without any known regressions. A new release in the current channel does not (and should never) automatically promote the previous current to bugfix. In my opinion the 6.38.x release series was somewhat buggy, so I'm happy Mikrotik have not promoted it to bugfix.

PS. You can still find 6.38 releases in the download archive, if you need to for whatever reason.
 
mpho1010
just joined
Posts: 2
Joined: Mon Jun 19, 2017 4:14 pm

Re: v6.39.2 [current]

Mon Jun 19, 2017 4:49 pm

Hi

Can you please give me the DDNS script for NO-IP. Am currently on Version 6.39.2

Regards
Mpho
 
fbianchi
just joined
Posts: 2
Joined: Mon Jun 19, 2017 4:54 pm

Re: v6.39.2 [current]

Mon Jun 19, 2017 4:59 pm

Hi,

I'm trying to install the dude for the first time in a RB3011 with 6.39.2. I uploaded the arm package with the same version, but I get the following error in the log:

Can not install dude-6.39.2: system 6.39.2 is not installed, but is required

And I have that version installed!!!

Any ideas?

Thanks!!!
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 551
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v6.39.2 [current]

Mon Jun 19, 2017 7:56 pm

..
Can not install dude-6.39.2: system 6.39.2 is not installed, but is required
Any ideas?
Probably wrong arch, try this:
https://download2.mikrotik.com/routeros ... .2-arm.npk
 
HeadCraft
just joined
Posts: 16
Joined: Tue Mar 05, 2013 11:11 am

Re: v6.39.2 [current]

Thu Jun 22, 2017 12:26 am

Upgraded to 6.39.2. IPSec tunnel stopped working.
I saw that if my clients who have dynamic external ip with IPIP tunnel configured with ipsec passphrase cannot initialize phase1 with send error.
It is because of dynamic entry in ipsec policies and peers not changing to new one. As example:
after this command:
/interface ipip set [ find ipsec-secret=1234 local-address=1.1.1.1 remote-address=2.2.2.2 ] local-address=3.3.3.3
entry in /ip ipsec policies stays src-address=1.1.1.1 not 3.3.3.3 even if I disable\enable ipip interface.
 
RN3QTB
newbie
Posts: 31
Joined: Mon Oct 03, 2016 9:43 am
Location: Russia

Re: v6.39.2 [current]

Thu Jun 22, 2017 10:01 am

HELP!!!! HELP!!!! HELP!!!!
SXT r2 5nD
v6.39.2
Yesterday went to the spot, saw that there was an upgrade to version v6.39.2, pressed "update and restart".The firmware is loaded, point and rebooted... now it won't turn on!!! The point itself is working, but it is not detected by Winbox.Tried to restart - nothing helps. What to do???
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39.2 [current]

Thu Jun 22, 2017 11:12 am

Upgraded to 6.39.2. IPSec tunnel stopped working.
I saw that if my clients who have dynamic external ip with IPIP tunnel configured with ipsec passphrase cannot initialize phase1 with send error.
It is because of dynamic entry in ipsec policies and peers not changing to new one.
You have some scripting to change the tunnel endpoint address in that case? And also at the server side?
I would think it is better to use e.g. L2TP/IPsec or some other "roadwarrior oriented" VPN solution in such cases, as you don't need to configure the
dynamic address of the client anywhere.
 
RN3QTB
newbie
Posts: 31
Joined: Mon Oct 03, 2016 9:43 am
Location: Russia

Re: v6.39.2 [current]

Fri Jun 23, 2017 9:19 am

HELP!!!! HELP!!!! HELP!!!!
SXT r2 5nD
v6.39.2
Yesterday went to the spot, saw that there was an upgrade to version v6.39.2, pressed "update and restart".The firmware is loaded, point and rebooted... now it won't turn on!!! The point itself is working, but it is not detected by Winbox.Tried to restart - nothing helps. What to do???
Hello! The problem is solved! Found online program Nelinstall. Is the bootloader firmware in the access point. Connect it to the laptop directly, then rebooted while pressing the "reset" button. Point booted and appeared in the program. I downloaded from the site of the original firmware version 5.26 (Legacy) uploaded it to the spot, "MIRACLE!!!" Point rebooted and worked!!! I think now .to upgrade or not to v6.39.2 or not worth it )))
 
wowooshkah
just joined
Posts: 1
Joined: Mon Jun 26, 2017 12:32 am

Re: v6.39.2 [current]

Mon Jun 26, 2017 12:42 am

After upgrading to v6.39.2 i can't edit any NAT rule in webfig (hAP AC lite)
Very unpleasant bug
(via WinBox work fine)
 
User avatar
KitMikro
newbie
Posts: 43
Joined: Thu Apr 30, 2015 11:52 am

Re: v6.39.2 [current]

Mon Jun 26, 2017 1:40 pm

Hi Sorry if this has been posted already, but don't have time to read whole thread...

After update the speed on my RB750gr3 is incorrect. I can't change it back to any other setting.

viewtopic.php?t=116969
 
jBrain
just joined
Posts: 3
Joined: Fri Jun 16, 2017 4:34 pm

Re: v6.39.2 [current]

Wed Jun 28, 2017 5:46 pm

An interesting problem that might be critical to some in more public environments: It's not possible to logout of webfig. In that clicking the logout icon directs you to the log-in page, but simply going to the root address allows full access to webfig. In fact it seems you don't even have to authenticate the first time, there seems to be no session checking going on at all. (with or without SSL) I'm able to access and interact with the webfig front-end on any device in the local subnet.

This is from a config reset that fixed the SSL certificate problem I encountered on update. (had to reset config and regen certificates)

update: this was something I had overlooked before, and expected behavior when using the default admin user without setting the password.
Last edited by jBrain on Wed Jun 28, 2017 9:30 pm, edited 1 time in total.
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.39.2 [current]

Wed Jun 28, 2017 8:17 pm

In fact it seems you don't even have to authenticate the first time, there seems to be no session checking going on at all.
WebFig auto-logins you by default until you change the default admin password or disable or rename the default admin user. This is a documented behavior.
 
jBrain
just joined
Posts: 3
Joined: Fri Jun 16, 2017 4:34 pm

Re: v6.39.2 [current]

Wed Jun 28, 2017 9:28 pm

In fact it seems you don't even have to authenticate the first time, there seems to be no session checking going on at all.
WebFig auto-logins you by default until you change the default admin password or disable or rename the default admin user. This is a documented behavior.
Thank you! I was actually reading through the manual and discovered my error, and was coming back here to correct it. I suppose I had never noticed before as I had only set the password once for each unit (4 here on site). This is great, thanks again!
 
Kraken2k
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Wed Oct 01, 2014 1:50 pm
Location: Prague

Re: v6.39.2 [current]

Thu Jun 29, 2017 12:05 pm

Upgraded RB1100AHx2 from 6.37.5 to 6.39.2 and encountered problems with IPsec tunnels: I have site2site tunnels (other side are also mostly RB2011UAS-2HnD with RoS 6.39.2, that were upgraded from the same version at the same moment). I made no config changes and tunnels worked for a really long time before, but since upgrade I got messages in log:
ipsec, error memory failed to pre-process ph2 packet.
ipsec, error memory peer sent packet for dead phase2
ipsec, error memory peer sent packet for dead phase2
the tunnels are usually down just or a moment and then they are re-established. Strange is, that this messages are only in RB1100AHx2 router log, not other other side. The settings are same on both sides, some just tunnels have NAT-T, some not, but this occur for both cases.

Any ideas what could be wrong?
 
schadom
Member Candidate
Member Candidate
Posts: 156
Joined: Sun Jun 25, 2017 2:47 am

Re: v6.39.2 [current]

Fri Jun 30, 2017 12:14 am

Currently in 6.39.2 BGP sessions are reconnecting when adding/changing the comment of a session.
This makes no sense to me. Maybe this behaviour could be removed in an upcoming release?

Thanks
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: v6.39.2 [current]

Fri Jun 30, 2017 9:37 pm

Upgraded my RB-750Gr3 from ver. 6.39.1 to 6.39.2 this morning and so far no problems. I'll do the RB-750r2 sometime overnight.
 
Kindis
Member
Member
Posts: 434
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: v6.39.2 [current]

Sat Jul 01, 2017 10:28 am

Finely a working fasttrack. I have been having strange issues with internal web pages not loading correct, slow speed during some scenarios. MT support cracked the issue yesterday. I have several bonded interfaces and after added forced mac on all those interfaces and a reboot, now all my issues are gone :-) Resolved for both 3011 and 750Gr3.
 
avdvyver01
newbie
Posts: 38
Joined: Mon Jul 03, 2017 2:51 pm

Re: v6.39.2 [current]

Mon Jul 03, 2017 3:17 pm

Hi,

I am using a Mikrotik virtual appliance in Amazon Web Services running v6.39.2. I terminate a AWS VPC VPN (from another AWS region) on this Mikrotik. The AWS VPN consist out of 2 IPSec tunnels (for redundant purposes) and there is a know issue where one of the tunnel policies on the Mikrotik is always marked as invalid. I was hoping that the policy priority fix in the v6.39.2 release would fix this issue but it still seems to be there (perhaps I misunderstood the details of the fix). Does anyone know of a way to get around this problem? Is there a possibility to script something that will mark the invalid policy (priority 0) as valid if the primary tunnels (policy priority 1) fails and reverses the process when the primary is back up? Of has anyone another way to automatically deal with this?

Thanks!
 
l0pes
just joined
Posts: 2
Joined: Sat Oct 09, 2010 4:59 pm

Re: v6.39.2 [current]

Mon Jul 03, 2017 4:33 pm

Hello Folks,

I upgraded a CCR1009-7G-1C-1S+ from 6.37.4 via System > Packages and after trying to create a VLAN with the same name and different ID of another VLAN by mistake. RouterOS show me a message: "Couldn't change Interface <vlan-name> - already have interface with such name (6)" but remove the older VLAN interface.

Regards,

--
Rafael Lopes
 
upower3
Member
Member
Posts: 425
Joined: Thu May 07, 2015 11:46 am

Re: v6.39.2 [current]

Wed Jul 05, 2017 12:39 am

Quite impressive with this silly thing, but as I do on freshly installed CCR1009-7G-1C-1S+ with ROS 6.39.2 (stable) and fw 3.33:
[admin@Mikrotik] > /system resource cpu print oid 
 0 load=.1.3.6.1.2.1.25.3.3.1.2.0 
 1 load=.1.3.6.1.2.1.25.3.3.1.2.1 
 2 load=.1.3.6.1.2.1.25.3.3.1.2.2 
 3 load=.1.3.6.1.2.1.25.3.3.1.2.3 
 4 load=.1.3.6.1.2.1.25.3.3.1.2.4 
 5 load=.1.3.6.1.2.1.25.3.3.1.2.5 
 6 load=.1.3.6.1.2.1.25.3.3.1.2.6 
 7 load=.1.3.6.1.2.1.25.3.3.1.2.7 
 8 load=.1.3.6.1.2.1.25.3.3.1.2.8 
and that's looking fine, but as I do snmpwalk on it, I see different OIDs:
# snmpwalk -v2c -c public 192.168.88.1 .1.3.6.1.2.1.25.3.3.1.2
iso.3.6.1.2.1.25.3.3.1.2.1 = INTEGER: 0
iso.3.6.1.2.1.25.3.3.1.2.2 = INTEGER: 0
iso.3.6.1.2.1.25.3.3.1.2.3 = INTEGER: 0
iso.3.6.1.2.1.25.3.3.1.2.4 = INTEGER: 0
iso.3.6.1.2.1.25.3.3.1.2.5 = INTEGER: 1
iso.3.6.1.2.1.25.3.3.1.2.6 = INTEGER: 5
iso.3.6.1.2.1.25.3.3.1.2.7 = INTEGER: 0
iso.3.6.1.2.1.25.3.3.1.2.8 = INTEGER: 0
iso.3.6.1.2.1.25.3.3.1.2.9 = INTEGER: 0
Note, the ROS says the OIDs starts with 0 (e.g. all cores are 0..8), while snmpwalk display OIDs that started with 1, and goes 1..9.

Is this for a purpose?
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39.2 [current]

Wed Jul 05, 2017 4:13 pm

l0pes, upower3 - Both these problems are reproduced and will be fixed in upcoming RouterOS releases.
 
upower3
Member
Member
Posts: 425
Joined: Thu May 07, 2015 11:46 am

Re: v6.39.2 [current]

Wed Jul 05, 2017 4:16 pm

l0pes, upower3 - Both these problems are reproduced and will be fixed in upcoming RouterOS releases.
Thank you for this confirmation. I know guys ypu do your best to fix problems, and your work is really appreciated by all the users around.

But, please correct me if I'm wrong, the CPU OIDs will be changes again after the fix? :(
Are there any UID I can steady use to monitor 1 or 5 minute CPU load per each core?
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39.2 [current]

Wed Jul 05, 2017 5:00 pm

upower3 - We will check where it is wrong and fix it in next releases. Most likely (but not promised) OIDs will start with .1 not .0 - OID print should be adjusted. At the moment you can only calculate average load by yourself. You can only read CPU usage per CPU core.
 
laca77
just joined
Posts: 14
Joined: Wed Jun 03, 2015 11:35 am

Re: v6.39.2 [current]

Thu Jul 06, 2017 12:59 pm

Hi

On my 2 Hap AC Lite with CAPS if i modify anything in the CAPS part (fix the channel or TX power or whatever) after that applied it the next connected wifi client doesn't get IP from DHCP server that is on the CAPS manager too. I had to disable and enable again the DHCP row in the ip/dhcp-server menu and it works again. Until the next change when i had to disable-enable the DHCP server again.
Sorry but now i dont' have access to the APs so i am not able to do any debug or logs or configs. It is a very simple CAPS config with 1 SSID on 2.4G and 1 SSID on 5G. The wifis cap devices birdged to the local bridge where are all ports.. so nothing secpial.
I just would like to sign this problem to the communitiy.

Laca
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.39.2 [current]

Fri Jul 07, 2017 7:55 pm

Can anybody else confirm - we are noticing a serious problem with EoIP and Packet Sniffer / Torch. If we run a packet capture or torch, all EoIP traffic stops. When we stop the capture or torch, EoIP traffic works again. This appears to be a bug?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39.2 [current]

Fri Jul 07, 2017 8:20 pm

Can anybody else confirm - we are noticing a serious problem with EoIP and Packet Sniffer / Torch. If we run a packet capture or torch, all EoIP traffic stops. When we stop the capture or torch, EoIP traffic works again. This appears to be a bug?
This could be the result of Fasttrack rules that are not correct (although usually the observed behaviour is reverse: it starts to work when you run packet sniffer or torch).
 
upower3
Member
Member
Posts: 425
Joined: Thu May 07, 2015 11:46 am

Re: v6.39.2 [current]

Fri Jul 07, 2017 8:30 pm

This could be the result of Fasttrack rules that are not correct (although usually the observed behaviour is reverse: it starts to work when you run packet sniffer or torch).
By the way, is there any approach how to reset fasttrack state? i suspect I can see how it keep process traffic with old rules even when there are some changes or new rules added?
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.39.2 [current]

Fri Jul 07, 2017 9:18 pm

Can anybody else confirm - we are noticing a serious problem with EoIP and Packet Sniffer / Torch. If we run a packet capture or torch, all EoIP traffic stops. When we stop the capture or torch, EoIP traffic works again. This appears to be a bug?
This could be the result of Fasttrack rules that are not correct (although usually the observed behaviour is reverse: it starts to work when you run packet sniffer or torch).
We don't have FastTrack rules - we are an ISP and fasttrack has no benefit for us. We have sites with up to a hundred customers on EoIP tunnel and they all go down if someone runs a torch or sniffer.
 
hairfarmer
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Thu Jan 31, 2008 1:11 am

Re: v6.39.2 [current]

Sat Jul 08, 2017 1:24 am

Updated a CRS125-24G-1S to 6.39.2.

Ethernet ports which have POE APs attached [RBcAP2n units] are now going up/down continuously on only 4 ports (total APs attached to the CRS=8).

I'm at a point where I'm not sure if I need to replace the cabling since direct attaching the APs will fix the issue.

At the same time I'm not sure we had an issue before the update.
Forcing the port to 100Mbit and turning off Autodection does nothing.

I'm at a loss, anyone have a similar issue?
 
upower3
Member
Member
Posts: 425
Joined: Thu May 07, 2015 11:46 am

Re: v6.39.2 [current]

Sat Jul 08, 2017 7:25 pm

Looks like it worth to switch to bugfix branch and proceed with it.

Please, backport IPSec packets order fix for CCRs to bugfix!
 
hairfarmer
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Thu Jan 31, 2008 1:11 am

Re: v6.39.2 [current]

Sat Jul 08, 2017 9:04 pm

Looks like it worth to switch to bugfix branch and proceed with it.
Not sure if this was directed towards me but I did and the current bug-fix didn't do the trick.
 
Njumaen
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Wed Feb 24, 2016 8:41 pm
Location: Bielefeld, Germany
Contact:

Re: v6.39.2 [current]

Sat Jul 08, 2017 11:22 pm

Hi!

On hAPac (RB926UiGS-5HacT2HnT) it'n not possible to disable all LEDs. :-(

Winbox System/LEDs/Settings ->immediate

results in

"Couldn't change LED Settings - This feature is not supported on this board (6)"

Ralf.
 
upower3
Member
Member
Posts: 425
Joined: Thu May 07, 2015 11:46 am

Re: v6.39.2 [current]

Sat Jul 08, 2017 11:25 pm

On hAPac (RB926UiGS-5HacT2HnT) it'n not possible to disable all LEDs. :-(

Winbox System/LEDs/Settings ->immediate results in

"Couldn't change LED Settings - This feature is not supported on this board (6)"
Frankly, I keep seeing this on every ROS version so far for every small device (951, 941, 926 etc), so looks like they should just hide this option for these devices. Not a big deal, anyway, not breaking anything.
I feel your pain :) but hope MT guys will fix more serious things first.
 
Njumaen
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Wed Feb 24, 2016 8:41 pm
Location: Bielefeld, Germany
Contact:

Re: v6.39.2 [current]

Sat Jul 08, 2017 11:35 pm

I feel your pain :) but hope MT guys will fix more serious things first.
Sure. No big issue... ;)
 
Test471
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Wed Aug 08, 2012 11:39 am

Re: v6.39.2 [current]

Sun Jul 09, 2017 12:48 pm

Hello

I just upgraded my hap ac via webfig to this version and it is dead since then. There is no beep and by looking at LEDs it looks like it keeps restarting after 10 seconds. I've tried to do restart by holding the button but the only thing that happens is that SFP LED starts blinking and nothing... it restarts again and so on. Any suggestions?
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.39.2 [current]

Sun Jul 09, 2017 1:02 pm

Any suggestions?
Reinstall RouterOS via Netinstall.
 
Test471
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Wed Aug 08, 2012 11:39 am

Re: v6.39.2 [current]

Sun Jul 09, 2017 1:27 pm

I've tried that but, as I said, holding down reset button does nothing except flashing SFP led a few times and then reset again.

My computer says "cable unplugged" all the time. I've tried with connecting it to eth1. Any other suggestion?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39.2 [current]

Sun Jul 09, 2017 1:43 pm

I've tried that but, as I said, holding down reset button does nothing except flashing SFP led a few times and then reset again.
You must carefully read the instructions on how long to press the button.
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.39.2 [current]

Sun Jul 09, 2017 1:44 pm

I've tried that but, as I said, holding down reset button does nothing
You said you tried to reset your device, not using Netinstall. Anyways, when some device does not boot, your set of options is rather limited:
  • If the device has serial console, plug the cable and see what's wrong. You are using hAP ac, so, obviously, this options is not available to you.
  • Try to reset. You said you tried that, didn't work.
  • Try using a backup bootloader.
  • Reinstall OS via Netinstall.
  • RMA.
  • Go buy another device.
Check this wiki page out to learn what backup bootloader is, and how reset button works (hint- it does different things depending on when it is pressed and how long it is being hold).
 
Test471
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Wed Aug 08, 2012 11:39 am

Re: v6.39.2 [current]

Sun Jul 09, 2017 1:52 pm

I've tried that but, as I said, holding down reset button does nothing except flashing SFP led a few times and then reset again.
You must carefully read the instructions on how long to press the button.
I did. I've tried to hold it until SFP starts flashing fast (this is the only LED that shows something actullay is happening). Nothing.

Tried to hold it until it stops flashing - nothing.

Tried to hold it until it starts flashing again slowly - nothing.
[*] Go buy another device.[/list]
Well, thank you very much for that but, since it is clear that this is not my fault, I am not going to throw 100 eur in the garbage. I just clicked "Upgrade" button and nothing else.
Check this wiki page out to learn what backup bootloader is, and how reset button works (hint- it does different things depending on when it is pressed and how long it is being hold).
Well, I did actually read everything I could find before coming here. Reset button does not help in any way.
 
NikNikols
just joined
Posts: 1
Joined: Fri Jul 07, 2017 9:24 am

Re: v6.39.2 [current]

Sun Jul 09, 2017 10:14 pm

Same here/

After upgrading to the current RouterOS (6.39.2) and rebooting my new hAP ac lite tower won't boot.

Reset buttont doesn't work in any way. I've used all the variants. Looks like the device starts then after 10 seconds reboots and so on
 
Kraken2k
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Wed Oct 01, 2014 1:50 pm
Location: Prague

Re: v6.39.2 [current]

Tue Jul 11, 2017 11:16 am

[*] Go buy another device.[/list]
Well, thank you very much for that but, since it is clear that this is not my fault, I am not going to throw 100 eur in the garbage. I just clicked "Upgrade" button and nothing else.
Meaning: you should try steps above before buying a replacement. Nothing else.
 
User avatar
Deantwo
Member
Member
Posts: 331
Joined: Tue Sep 30, 2014 4:07 pm

Re: v6.39.2 [current]

Thu Jul 13, 2017 4:16 pm

IPsec is still creating a lot of what looks like debug log messages.
I have had this logging for a long time, but with the newer versions of RouterOS it is now useless.
/system logging action
add memory-lines=100 name=ipsec target=memory
/system logging
add action=ipsec topics=ipsec,!debug
Now I just get this:
15:11:37 ipsec <IP A> notify: R_U_THERE_ACK 
15:11:37 ipsec sendto Information notify. 
15:11:37 ipsec receive Information. 
15:11:37 ipsec <IP B> notify: R_U_THERE_ACK 
15:11:38 ipsec receive Information. 
15:11:38 ipsec <IP C> notify: R_U_THERE 
15:11:38 ipsec sendto Information notify. 
15:11:38 ipsec sendto Information notify. 
15:11:38 ipsec receive Information. 
15:11:38 ipsec <IP C> notify: R_U_THERE 
15:11:38 ipsec sendto Information notify. 
15:11:38 ipsec receive Information. 
15:11:38 ipsec <IP C> notify: R_U_THERE_ACK 
15:11:39 ipsec sendto Information notify. 
15:11:39 ipsec receive Information. 
15:11:39 ipsec <IP C> notify: R_U_THERE_ACK 
15:11:57 ipsec receive Information. 
15:11:57 ipsec <IP A> notify: R_U_THERE 
15:11:57 ipsec sendto Information notify. 
15:11:57 ipsec sendto Information notify. 
15:11:57 ipsec sendto Information notify. 
15:11:57 ipsec receive Information. 
15:11:57 ipsec <IP A> notify: R_U_THERE_ACK 
15:11:57 ipsec receive Information. 
15:11:57 ipsec <IP B> notify: R_U_THERE_ACK 
15:11:58 ipsec receive Information. 
15:11:58 ipsec <IP C> notify: R_U_THERE 
15:11:58 ipsec sendto Information notify. 
15:11:58 ipsec receive Information. 
15:11:58 ipsec <IP C> notify: R_U_THERE 
15:11:58 ipsec sendto Information notify. 
15:11:58 ipsec sendto Information notify. 
15:11:58 ipsec receive Information. 
15:11:58 ipsec <IP C> notify: R_U_THERE_ACK 
15:11:59 ipsec sendto Information notify. 
15:11:59 ipsec receive Information. 
15:11:59 ipsec <IP C> notify: R_U_THERE_ACK 
15:12:17 ipsec receive Information. 
15:12:17 ipsec <IP A> notify: R_U_THERE 
15:12:17 ipsec sendto Information notify. 
15:12:17 ipsec sendto Information notify. 
15:12:17 ipsec sendto Information notify. 
15:12:17 ipsec receive Information. 
15:12:17 ipsec <IP B> notify: R_U_THERE_ACK 
15:12:17 ipsec receive Information. 
15:12:17 ipsec <IP A> notify: R_U_THERE_ACK 
15:12:18 ipsec receive Information. 
15:12:18 ipsec <IP C> notify: R_U_THERE 
15:12:18 ipsec sendto Information notify. 
15:12:18 ipsec sendto Information notify. 
15:12:18 ipsec receive Information. 
15:12:18 ipsec <IP C> notify: R_U_THERE 
15:12:18 ipsec sendto Information notify. 
15:12:18 ipsec receive Information. 
15:12:18 ipsec <IP C> notify: R_U_THERE_ACK 
15:12:19 ipsec sendto Information notify. 
15:12:19 ipsec receive Information. 
15:12:19 ipsec <IP C> notify: R_U_THERE_ACK 
15:12:37 ipsec receive Information. 
15:12:37 ipsec <IP A> notify: R_U_THERE 
15:12:37 ipsec sendto Information notify. 
15:12:37 ipsec sendto Information notify. 
15:12:37 ipsec sendto Information notify. 
15:12:37 ipsec receive Information. 
15:12:37 ipsec <IP B> notify: R_U_THERE_ACK 
15:12:37 ipsec receive Information. 
15:12:37 ipsec <IP A> notify: R_U_THERE_ACK 
15:12:38 ipsec receive Information. 
15:12:38 ipsec <IP C> notify: R_U_THERE 
15:12:38 ipsec sendto Information notify. 
15:12:38 ipsec sendto Information notify. 
15:12:38 ipsec receive Information. 
15:12:38 ipsec <IP C> notify: R_U_THERE 
15:12:38 ipsec sendto Information notify. 
15:12:38 ipsec receive Information. 
15:12:38 ipsec <IP C> notify: R_U_THERE_ACK 
15:12:39 ipsec sendto Information notify. 
15:12:39 ipsec receive Information. 
15:12:39 ipsec <IP C> notify: R_U_THERE_ACK 
15:12:57 ipsec receive Information. 
15:12:57 ipsec <IP A> notify: R_U_THERE 
15:12:57 ipsec sendto Information notify. 
15:12:57 ipsec sendto Information notify. 
15:12:57 ipsec sendto Information notify. 
15:12:57 ipsec receive Information. 
15:12:57 ipsec <IP B> notify: R_U_THERE_ACK 
15:12:57 ipsec receive Information. 
15:12:57 ipsec <IP A> notify: R_U_THERE_ACK 
15:12:58 ipsec receive Information. 
15:12:58 ipsec <IP C> notify: R_U_THERE 
15:12:58 ipsec sendto Information notify. 
15:12:58 ipsec sendto Information notify. 
15:12:58 ipsec receive Information. 
15:12:58 ipsec <IP C> notify: R_U_THERE 
15:12:58 ipsec sendto Information notify. 
15:12:58 ipsec receive Information. 
15:12:58 ipsec <IP C> notify: R_U_THERE_ACK 
15:12:59 ipsec sendto Information notify. 
15:12:59 ipsec receive Information. 
15:12:59 ipsec <IP C> notify: R_U_THERE_ACK
All those logs only have the "ipsec" topic, so there is no way to filter them out. Can you pretty please add the "debug" topic to those otherwise useless logs?
Since monitoring the "ipsec,!debug" logs is a nice way to see if an IPsec tunnel is unstable. You can compare the differences between v6.35 and v6.39.2.

And this is a router that has just 3 IPsec tunnels. Imagine what would happen if I upgraded my core router that has around 1000 IPsec tunnels running.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39.2 [current]

Thu Jul 13, 2017 5:18 pm

Probably they have some other tag as with the default config of logging only info/error/warning/critical these do not show up and other ipsec items do.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.39.2 [current]

Thu Jul 13, 2017 5:30 pm

Not really sure where is the problem, if you do not want to see ispec logs, then remove/disable this entry
add action=ipsec topics=ipsec,!debug
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.39.2 [current]

Thu Jul 13, 2017 5:55 pm

Not really sure where is the problem, if you do not want to see ispec logs, then remove/disable this entry
add action=ipsec topics=ipsec,!debug
Well I can understand that he wants to have ipsec logs in a separate logging action. I also sometimes make separate
logging actions for certain debug purposes. Apparently there are a lot of ipsec messages that are captured by "ipsec"
and have no "debug" but also no "info", "error", "warning" or "critical" tag (or they would show up in the default log).
Maybe they are in the "notice" level? Try adding "!notice".
 
User avatar
Deantwo
Member
Member
Posts: 331
Joined: Tue Sep 30, 2014 4:07 pm

Re: v6.39.2 [current]

Thu Jul 13, 2017 8:26 pm

Not really sure where is the problem, if you do not want to see ispec logs, then remove/disable this entry
add action=ipsec topics=ipsec,!debug
That would leave the logging action unused.

IPsec logging messages used to have the topic "info,ipsec", which meant they would show up in the info log. I had changed the info logging to exclude the "ipsec" topic and then had the logging rule I mentioned above log to a separate logging action memory.

But since those new logs don't have any other topic than "ipsec" they are just flood the logging action. Hence my question as to why those new logs don't have the debug topic.
Maybe they are in the "notice" level? Try adding "!notice".
I would be surprised if they have a topic that isn't listed in the log, but sure I will try it out tomorrow.

I actually forget what happens if I change the topic of my logging rule to "ipsec,info". Will it include both "ipsec" and "info" logs? Or will it only include logs that have both topics?

Example of the logs that I want being indistinguishable from the "R_U_THERE_ACK" logs.
14:59:20 ipsec sendto Information notify. 
14:59:20 ipsec receive Information. 
14:59:20 ipsec <IP A> notify: R_U_THERE_ACK 
14:59:39 ipsec receive Information. 
14:59:39 ipsec <IP A> notify: R_U_THERE 
14:59:39 ipsec sendto Information notify. 
14:59:40 ipsec sendto Information notify. 
14:59:40 ipsec receive Information. 
14:59:40 ipsec <IP A> notify: R_U_THERE_ACK 
14:59:59 ipsec receive Information. 
14:59:59 ipsec <IP A> notify: R_U_THERE 
14:59:59 ipsec sendto Information notify. 
15:00:00 ipsec sendto Information notify. 
15:00:00 ipsec receive Information. 
15:00:00 ipsec <IP A> notify: R_U_THERE_ACK 
15:00:20 ipsec sendto Information notify. 
15:00:21 ipsec <IP A> DPD: remote (ISAKMP-SA <IP B>[500]<=><IP A>[500] spi=4ab151a42b54a0c4:9a01fa76c1e10987) seems to be dead. 
15:00:21 ipsec purged IPsec-SA spi=0x9805042 
15:00:21 ipsec purged IPsec-SA spi=0xd7a4b4 
15:00:21 ipsec purged IPsec-SA spi=0xe9fbe69 
15:00:21 ipsec purged IPsec-SA spi=0x73063ec 
15:00:21 ipsec purged ISAKMP-SA <IP B>[500]<=><IP A>[500] spi=4ab151a42b54a0c4:9a01fa76c1e10987. 
15:00:27 ipsec sent phase1 packet <IP B>[500]<=><IP A>[500] b3f71d77b6b5680e:0000000000000000 
15:00:27 ipsec received Vendor ID: CISCO-UNITY 
15:00:27 ipsec received Vendor ID: DPD 
15:00:28 ipsec sent phase1 packet <IP B>[500]<=><IP A>[500] b3f71d77b6b5680e:0ee9cf89d80c8924 
15:00:28 ipsec sent phase1 packet <IP B>[500]<=><IP A>[500] b3f71d77b6b5680e:0ee9cf89d80c8924 
15:00:28 ipsec ph2 possible after ph1 creation 
15:00:28 ipsec initiate new phase 2 negotiation: <IP B>[500]<=><IP A>[500] 
15:00:28 ipsec sent phase2 packet <IP B>[500]<=><IP A>[500] b3f71d77b6b5680e:0ee9cf89d80c8924:bdb16d2f 
15:00:28 ipsec IPsec-SA established: ESP/Tunnel <IP A>[500]-><IP B>[500] spi=0x4a17936 
15:00:28 ipsec IPsec-SA established: ESP/Tunnel <IP B>[500]-><IP A>[500] spi=0x8d8c73c 
15:00:28 ipsec ph2 possible after ph1 creation 
15:00:28 ipsec initiate new phase 2 negotiation: <IP B>[500]<=><IP A>[500] 
15:00:28 ipsec sent phase2 packet <IP B>[500]<=><IP A>[500] b3f71d77b6b5680e:0ee9cf89d80c8924:8a4f2dc1 
15:00:28 ipsec IPsec-SA established: ESP/Tunnel <IP A>[500]-><IP B>[500] spi=0xe3f85b5 
15:00:28 ipsec IPsec-SA established: ESP/Tunnel <IP B>[500]-><IP A>[500] spi=0x975fad7 
15:00:48 ipsec receive Information. 
15:00:48 ipsec <IP A> notify: R_U_THERE 
15:00:48 ipsec sendto Information notify. 
15:00:48 ipsec sendto Information notify. 
15:00:48 ipsec receive Information. 
15:00:48 ipsec <IP A> notify: R_U_THERE_ACK 
15:01:08 ipsec sendto Information notify. 
15:01:08 ipsec receive Information. 
15:01:08 ipsec <IP A> notify: R_U_THERE 
15:01:08 ipsec sendto Information notify. 
15:01:08 ipsec receive Information. 
15:01:08 ipsec <IP A> notify: R_U_THERE_ACK
Last edited by Deantwo on Fri Jul 14, 2017 4:04 pm, edited 1 time in total.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.39.2 [current]

Fri Jul 14, 2017 12:10 pm

Problem already solved in v6.40rc now DPD logs have ipsec,debug topics.
 
User avatar
ziegenberg
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Thu Mar 07, 2013 11:14 am
Location: Vienna
Contact:

Re: v6.39.2 [current]

Fri Jul 14, 2017 2:42 pm

Problem already solved in v6.40rc now DPD logs have ipsec,debug topics.
That's awesome to read. Thank you very much, 'tik! Looking forward to v6.40 coming out of RC!

greetings, Daniel
 
User avatar
Deantwo
Member
Member
Posts: 331
Joined: Tue Sep 30, 2014 4:07 pm

Re: v6.39.2 [current]

Fri Jul 14, 2017 4:06 pm

Problem already solved in v6.40rc now DPD logs have ipsec,debug topics.
Ah awesome, thank you. I guess I haven't tried the newest version of the release candidates.

I didn't even know those logs were from the DPD, but with the snippit I just got I can see that it is.
 
tangram
Member Candidate
Member Candidate
Posts: 132
Joined: Wed Nov 16, 2016 9:55 pm

Re: v6.39.2 [current]

Tue Jul 18, 2017 12:50 pm

Hi,

I upgraded from 6.37.3 to 6.39.2 and I have some problems. I'm load balancing 2 ISPs, before update I could ping both wan ips, after update only the primary works. If i disconnect ISP1 then ISP2 replies to ping. Connections from LAN->WAN balance over both ISPs and traceroute,ping work ok from LAN->WAN. Only problem is that I can't connect to Mikrotik over ISP2, no ping, nothing while ISP1 is active.

/ip firewall mangle
add action=accept chain=prerouting comment="Bypass for DVR forward" dst-port=\
56565 in-interface=ISP1-PPPoE protocol=tcp
add action=accept chain=prerouting comment=\
"Connected Network Accept - Main RT" dst-address-list=Connected \
src-address-list=Connected
add action=mark-connection chain=input comment=M-ISP1-ROS connection-mark=\
no-mark in-interface=ISP1-PPPoE new-connection-mark=ISP1_ROS passthrough=\
yes
add action=mark-connection chain=input comment=M-ISP2-ROS connection-mark=\
no-mark in-interface=ether2-ISP2 new-connection-mark=ISP2_ROS \
passthrough=yes
add action=mark-routing chain=output comment=A-ISP1-RT connection-mark=\
M-ISP1-ROS new-routing-mark=ISP1_Route passthrough=yes
add action=mark-routing chain=output comment=A-ISP2-RT connection-mark=\
M-ISP2-ROS new-routing-mark=ISP2_Route passthrough=yes
add action=mark-connection chain=forward comment=M-ISP1-LAN connection-mark=\
no-mark in-interface=ISP1-PPPoE new-connection-mark=ISP1_LAN passthrough=\
yes
add action=mark-connection chain=forward comment=M-ISP2-LAN connection-mark=\
no-mark in-interface=ether2-ISP2 new-connection-mark=ISP2_LAN \
passthrough=yes
add action=mark-routing chain=prerouting comment=A-ISP1-LAN connection-mark=\
ISP1_LAN new-routing-mark=ISP1_Route passthrough=yes
add action=mark-routing chain=prerouting comment=A-ISP2-LAN connection-mark=\
ISP2_LAN new-routing-mark=ISP2_Route passthrough=yes
add action=mark-connection chain=prerouting comment=M-LAN-WAN \
connection-mark=no-mark dst-address-list=!inside new-connection-mark=\
LAN_WAN passthrough=yes src-address-list=LAN
add action=mark-routing chain=prerouting comment=SplitISP1 connection-mark=\
LAN_WAN new-routing-mark=ISP1_Route passthrough=yes \
per-connection-classifier=dst-address:2/1 src-address-list=LAN
add action=mark-routing chain=prerouting comment=SplitISP2 connection-mark=\
LAN_WAN new-routing-mark=ISP2_Route passthrough=yes \
per-connection-classifier=dst-address:2/0 src-address-list=LAN
add action=mark-connection chain=prerouting comment=M-BIND-ISP1 \
connection-mark=LAN_WAN new-connection-mark=Bind_ISP1 passthrough=yes \
routing-mark=ISP1_Route
add action=mark-connection chain=prerouting comment=M-BIND-ISP2 \
connection-mark=LAN_WAN new-connection-mark=Bind_ISP2 passthrough=yes \
routing-mark=ISP2_Route
add action=mark-routing chain=prerouting comment=A-BIND-ISP1 connection-mark=\
Bind_ISP1 new-routing-mark=ISP1_Route passthrough=yes src-address-list=\
LAN
add action=mark-routing chain=prerouting comment=A-BIND-ISP2 connection-mark=\
Bind_ISP2 new-routing-mark=ISP2_Route passthrough=yes src-address-list=\
LAN


And routing is as follows. Gateway for ISP2 is ip address, for ISP1 the interface since it's pppoe. Nothing changed, just different firmware.

# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S ;;; ISP1-Default-Route
0.0.0.0/0 ISP1-PPPoE 1
1 A S ;;; ISP2-Default-Route
0.0.0.0/0 *********** 1
2 A S ;;; Main-Default-Route-ISP1
0.0.0.0/0 ISP1-PPPoE 1
3 S ;;; Main-Default-Route-ISP2
0.0.0.0/0 109.102.21.1 2
4 ADC 10.0.0.1/32 ************* ISP1-PPPoE 0
13 ADC 109.102.21.0/26 ************* ether2-ISP2 0
 
tangram
Member Candidate
Member Candidate
Posts: 132
Joined: Wed Nov 16, 2016 9:55 pm

Re: v6.39.2 [current]

Wed Jul 19, 2017 10:38 am

I've managed to replicate this issue. The way load balancing was configured in 6.37 doesn't work in 6.39.2.
Using https://mum.mikrotik.com/presentations/US12/steve.pdf leads to the same issue. How can I fix this so both WANs are accessible.

If I change the distance for default route of ISP1 from 1 to >2 while ISP2 metric stays 2, both WANs reply. It seems that i'm not allowed to use ISP1 as primary :lol:
 
upower3
Member
Member
Posts: 425
Joined: Thu May 07, 2015 11:46 am

Re: v6.39.2 [current]

Wed Jul 19, 2017 5:34 pm

The way load balancing was configured in 6.37 doesn't work in 6.39.2.
Using https://mum.mikrotik.com/presentations/US12/steve.pdf leads to the same issue.
Good link, thank you, but the news is not that nice, if the routing behavior changed between bugfix and current branches. Will wait for comments!
 
tangram
Member Candidate
Member Candidate
Posts: 132
Joined: Wed Nov 16, 2016 9:55 pm

Re: v6.39.2 [current]

Thu Jul 20, 2017 7:24 am

I've found the issue:

add action=mark-routing chain=output comment=A-ISP1-RT connection-mark=\
M-ISP1-ROS
new-routing-mark=ISP1_Route passthrough=yes
add action=mark-routing chain=output comment=A-ISP2-RT connection-mark=\
M-ISP2-ROS
new-routing-mark=ISP2_Route passthrough=yes

Connection mark should be ISP1_ROS and ISP2_ROS. I've fixed it. The problem is that I've had about 200 devices updated and after update the comment from the mangle rule was set as connection-mark :

add action=mark-connection chain=input comment=M-ISP1-ROS connection-mark=\
no-mark in-interface=ISP1-PPPoE new-connection-mark=ISP1_ROS passthrough=\
yes
 
andreadg88
just joined
Posts: 5
Joined: Mon May 22, 2017 1:50 pm

Re: v6.39.2 [current]

Thu Jul 20, 2017 4:45 pm

Hi,
we are experiencing a lot of unit crash when we manage/add multiple vlan together.
We have 2 units and use them PPPoE server for the xDSL accesses that use q-in-q vlans and every vlan of C-TAG is bridged with the vlan on S-TAG.

Have anyone experienced same issue?
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1623
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.39.2 [current]

Wed Jul 26, 2017 1:24 pm

Version 6.40 has been released:
viewtopic.php?f=21&t=123931

Who is online

Users browsing this forum: firsak and 16 guests