Community discussions

MikroTik App
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

v6.38.7 [bugfix] is released!

Wed Jun 21, 2017 11:07 am

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

What's new in 6.38.7 (2017-Jun-20 10:55):

!) bridge - fixed BPDU rx/tx when "protocol-mode=none"
!) bridge - reverted bridge BPDU processing back to pre-v6.38 behaviour (v6.40 will have another separate VLAN-aware bridge implementation);
*) 6to4 - fixed wrong IPv6 "link-local" address generation;
*) arp - fixed "make-static";
*) bonding - do not add bonding interface if "could not set MTU" error is received;
*) console - fixed "/ip neighbor discovery" export;
*) console - fixed unexpected console crash when using variables as functions;
*) console - instead of true/false report yes/no as LCD enabled state;
*) defconf - discard default configuration startup query with configuration change from Webfig;
*) defconf - discard default configuration startup query with RouterOS upgrade;
*) defconf - fixed default configuration generation when wireless package is disabled;
*) defconf - fixed Groove 52 ac band settings;
*) dns - made loading thousands of static entries faster;
*) ethernet - fixed "loop-protect" on "master-port";
*) ethernet - fixed rare switch chip hang (could cause port flapping);
*) fetch - fixed download issue over HTTPS;
*) firewall - do not allow to set "rate" value to 0 for "limit" parameter;
*) firewall - fixed "address-list" entry "creation-time" adjustment to timezone;
*) firewall - fixed "address-list" entry changing from IP to DNS and vice versa;
*) firewall - fixed cosmetic "invalid" flag when item was disabled;
*) ike1 - fixed crash on xauth message;
*) ike2 - allow multiple child SA traffic selectors on re-key;
*) ike2 - fixed last EAP authentication payload type;
*) ike2 - fixed policy release during SA negotiation;
*) ike2 - fixed RSA authentication without EAP;
*) ike2 - fixed situation when traffic selector prefix was parsed incorrectly;
*) ipsec - do not deduct policy src/dst address for tunnel policies;
*) ipsec - fixed generated policy priority;
*) ipsec - fixed peer "my-id" address reset;
*) ipv6 - fixed address becoming invalid when interface was removed from bridge/mesh;
*) led - fixed turning off LED when interface is lost;
*) log - added missing "license limit exceeded" log entry;
*) log - work on false CPU/RAM overclocked alarms;
*) netinstall - fixed typos in Netinstall status messages;
*) ntp - restart NTP client when it is stuck in error state;
*) ppp - fixed IPv6 address receiving on PPP interface;
*) pppoe - added warning on PPPoE client/server, if it is configured on slave interface;
*) pppoe-server - fixed "one-session-per-host" issue where 2 simultaneous sessions were possible from the same host;
*) queue - fixed queuing when at least one child queue has "default-small" and other/s is/are different (introduced in 6.35);
*) quickset - fixed LTE "signal-strength" graphs;
*) smb - fixed share path on devices with "/flash" directory;
*) sniffer - fixed VLAN tags when sniffing all interfaces;
*) snmp - added fan-speed OIDs in "/system health print oid";
*) snmp - fixed limited walk;
*) switch - fixed disabling of MAC learning on CRS1xx/CRS2xx;
*) tile - fixed EoIP keepalive when tunnel is made over VLAN interface;
*) traffic-flow - fixed IPFIX IPv6 data reporting;
*) upnp - fixed firewall NAT rule update when external IP address changes;
*) userman - allow "name-for-user" to be empty and not unique;
*) userman - fixed rare GUI crash when User Manager files are not accessible;
*) webfig - allow to enter frequency ranges in wireless "scan-list"
*) webfig - allow to select "default-encryption" profile on PPP tunnels;
*) webfig - correctly specify routing filter prefix;
*) webfig - do not allow to reorder items if table is sorted by some column;
*) webfig - fixed "last-link-up" & "last-link-down" time information;
*) webfig - fixed Bridge Filter properties display when there are more than one Filter available;
*) webfig - show all available options under "Advanced Mode" for wireless interfaces;
*) winbox - added "Flush" button under "unicast-fdb" menu;
*) winbox - added "memory-scroll", "filter-cpu", "filter-ipv6-address", "filter-operation-between-entries" Sniffer parameters;
*) winbox - added "protected-routerboard" parameters under RouterBOARD settings menu;
*) winbox - allow shorten bytes to k,M,G in firewall "connection-bytes" and "connection-rates";
*) winbox - do not allow Packet Sniffer "memory-limit" and "file-limit" lower than 10KiB;
*) winbox - do not allow to open multiple same sub-menus at the same time;
*) winbox - do not show "dpd-max-failures" on IKEv2;
*) winbox - do not start Traffic Generator automatically when opening "Quick Start";
*) winbox - fixed "Montly" typo to "Monthly" in Graphing menu;
*) winbox - fixed firewall port selection with Winbox v2;
*) winbox - fixed IPSec "mode-config" DNS settings;
*) winbox - fixed issue when working IPSec policies were shown as invalid;
*) winbox - fixed switch ACL Policer statistics;
*) winbox - fixed typo in BGP advertisements menu Aggragator->Aggregator;
*) winbox - hide "wps-mode" & "security-profile" in wireless nv2 mode;
*) winbox - properly show "dhcp-server" warnings;
*) winbox - removed spare values from "loop-protect" setting for EoIPv6 tunnels;
*) winbox - removed unnecessary "/system health" menu on "hAP ac lite" and "RB450"
*) winbox - show "A" flag for IPSec policies;
*) wireless - reduced load on CPU for high speed wireless links;.
 
User avatar
vadimbn
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Sun Aug 25, 2013 6:41 pm
Location: Russia, Berdsk
Contact:

Re: v6.38.7 [bugfix] is released!

Thu Jun 22, 2017 9:56 am

Thanks for this release, but can you add in current bugfix also this -
!) tile - fixed IPSec hardware acceleration out-of-order packet problem, significantly improved performance;
?
 
normalcy
newbie
Posts: 42
Joined: Tue Jan 03, 2012 6:35 am
Location: Brisbane, Australia

Re: v6.38.7 [bugfix] is released!

Fri Jun 23, 2017 4:44 am

Thanks for this release, but can you add in current bugfix also this -
!) tile - fixed IPSec hardware acceleration out-of-order packet problem, significantly improved performance;
?
I too cannot wait to see this make it to bugfix level of stability.
 
estdata
Member Candidate
Member Candidate
Posts: 100
Joined: Mon Feb 20, 2012 9:05 pm
Contact:

Re: v6.38.7 [bugfix] is released!

Sat Jun 24, 2017 5:39 pm

Did anyone tested the multicast package? Which version is the most stable that does not lag?
 
estdata
Member Candidate
Member Candidate
Posts: 100
Joined: Mon Feb 20, 2012 9:05 pm
Contact:

Re: v6.38.7 [bugfix] is released!

Sun Jun 25, 2017 2:27 pm

Did anyone tested the multicast package? Which version is the most stable that does not lag?
Can't help me, everybody ?
 
AndreasHe
just joined
Posts: 3
Joined: Sun Jan 24, 2016 2:28 pm

Re: v6.38.7 [bugfix] is released!

Mon Jun 26, 2017 3:02 am

With CCR1016-12G and RB951G-2HnD no issues upgrading from last bugfix release.

As firmware for CCR1016-12G changed from 3.33 to 3.39, are there any release notes ?
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6694
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: v6.38.7 [bugfix] is released!

Wed Jun 28, 2017 11:46 am

Discussion about channel differences bugfix/current/rc is moved here,
viewtopic.php?f=2&t=123032&p=604581#p604581
 
User avatar
craigmitchell
just joined
Posts: 14
Joined: Sat Aug 18, 2012 6:30 pm

Re: v6.38.7 [bugfix] is released!

Wed Jun 28, 2017 1:41 pm

Great to see a change log for the RouterOS versions :)

Any chance the RouterBoot changelog wiki page could also be updated? Latest version is "What's new in 3.33" but I assume we've gone past that now. At least we have a few hap ac lite units reporting "Firmware: 3.36" and that's from the bugfix branch.

https://wiki.mikrotik.com/wiki/RouterBOOT_changelog
 
diasem
just joined
Posts: 5
Joined: Tue Dec 08, 2015 4:15 am

Re: v6.38.7 [bugfix] is released!

Fri Jun 30, 2017 5:08 am

in CCR1016-12G 6.38.7 im tried to import file:

/interface ethernet
set [ find default-name=ether1 ] name=ether1-Cruzeiro
set [ find default-name=ether2 ] name=ether2-SERVIDOR
set [ find default-name=ether3 ] name=ether3-Microondas
set [ find default-name=ether4 ] name=ether4-Pontilhao
set [ find default-name=ether5 ] name=ether5-Ap-Omnitik
set [ find default-name=ether6 ] name=ether6-Ptp-praca-bilia
set [ find default-name=ether7 ] name=ether7-ADM-Microondas
set [ find default-name=ether8 ] name=ether8-Sjudas
set [ find default-name=ether9 ] name=ether9-LINKBAKSerra
set [ find default-name=ether10 ] name=ether10-CENTRO
set [ find default-name=ether11 ] name="ether11-CASA MARQUINHOS"
set [ find default-name=ether12 ] name="ether12-CASA MARQUINHOS"

but i got this:
/interface ethernet
set [ find default-name=ether9 ] name="ether1-BAK SERRA"
set [ find default-name=ether10 ] name=ether2-CENTRO
set [ find default-name=ether11 ] name="ether3-CASA MARQUINHOS"
set [ find default-name=ether12 ] name="ether4-CASA MARQUINHOS"
set [ find default-name=ether1 ] name=ether5-CRUZEIRO
set [ find default-name=ether2 ] name=ether6-SERVIDOR
set [ find default-name=ether3 ] name=ether7-Microondas
set [ find default-name=ether4 ] name=ether8-PONTILHAO
set [ find default-name=ether5 ] name=ether9-OMINITIK
set [ find default-name=ether6 ] name="ether10-PRACA BIBLIA"
set [ find default-name=ether7 ] name="ether11-ADM MICROONDAS"
set [ find default-name=ether8 ] name="ether12-SAO JUDAS"

if you need full file tell me.
 
rssreader
just joined
Posts: 6
Joined: Mon Jul 03, 2017 3:57 pm

Re: v6.38.7 [bugfix] is released!

Mon Jul 03, 2017 4:11 pm

BUG on RB751U-2HnD with latest firmware (auto-upgraded before auto-upgrade RouterOS - without problem).
After auto-upgrade RouterOS 6.38.7 (Bugfix only) - 100% CPU and can't connect via Winbox/Web interface/SSH/Telnet - nothing.
The Internet passes through, the web interface works but can not log in - please HELP!
I do'nt want to reset to the factory settings and re-configure it all - It's annoying...
 
bratislav
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Mon May 05, 2014 10:36 am

Re: v6.38.7 [bugfix] is released!

Wed Jul 05, 2017 10:47 am

100% CPU and can't connect
How do you know that CPU is at 100% if you cant connect? And if you can somehow see this could you also check what is hogging CPU?
Anyways it may be some DOS attack issue, my advice would be, if you have one spare port, to disconnect router from the network and plug only your PC (to that spare port and by using MAC connection) to check if you can connect, start profile tool and reconnect the interfaces one by one and monitor what is happening ...
 
tree
just joined
Posts: 3
Joined: Sat Apr 29, 2017 2:44 pm

Re: v6.38.7 [bugfix] is released!

Wed Jul 05, 2017 5:43 pm

For the record, Mikrotiks are probably affected by various OpenVPN DOS vulnerabilities identified recently.
(See 4 CVE-2017-7xxx in this list.)

Long shot that this is the case for rssreader, but it would be nice if these are addressed.
 
User avatar
dgnevans
Member
Member
Posts: 469
Joined: Fri Mar 08, 2013 11:24 am
Location: Zimbabwe
Contact:

Re: v6.38.7 [bugfix] is released!

Sat Jul 08, 2017 10:38 pm

I upgraded my ccr 1009-8G-1S-1S+ to the new bugfix. all works well expect the dude for some reason since upgrade the database appears mal-formed. dude,critical db failure: database disk image is malformed
I have tried to backup database and restore. does the same thing. I would prefer not to recreate the DB has anyone got a solution.
Thanks
 
rssreader
just joined
Posts: 6
Joined: Mon Jul 03, 2017 3:57 pm

Re: v6.38.7 [bugfix] is released!

Mon Jul 10, 2017 10:47 am

100% CPU and can't connect
How do you know that CPU is at 100% if you cant connect? And if you can somehow see this could you also check what is hogging CPU?
Anyways it may be some DOS attack issue, my advice would be, if you have one spare port, to disconnect router from the network and plug only your PC (to that spare port and by using MAC connection) to check if you can connect, start profile tool and reconnect the interfaces one by one and monitor what is happening ...
100% CPU I see on graph ("graphs/cpu/" on web-interface). I don't know what is hogging CPU - maybe approximately 50 simple scheduled tasks (calling external URL - as CRON-tasks)... ?
100% CPU load is still with and without internet connection on WAN port. I do not know what do with it...
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26293
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.38.7 [bugfix] is released!

Mon Jul 10, 2017 10:52 am

For the record, Mikrotiks are probably affected by various OpenVPN DOS vulnerabilities identified recently.
(See 4 CVE-2017-7xxx in this list.)

Long shot that this is the case for rssreader, but it would be nice if these are addressed.
RouterOS is not affected because we don't use that code. We have our own implementation.
 
R1CH
Forum Guru
Forum Guru
Posts: 1098
Joined: Sun Oct 01, 2006 11:44 pm

Re: v6.38.7 [bugfix] is released!

Mon Jul 10, 2017 2:29 pm

Why exactly do you have your own implementation? Has it been reviewed by a cryptographer and gone through a code audit like the reference client? When will it get feature parity like UDP support?

I really dislike the NIH syndrome going on with Mikrotik.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26293
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.38.7 [bugfix] is released!

Mon Jul 10, 2017 2:47 pm

We have always had our own code for most stuff in RouterOS. RouterOS exists for 20 years now. This is not news.
 
R1CH
Forum Guru
Forum Guru
Posts: 1098
Joined: Sun Oct 01, 2006 11:44 pm

Re: v6.38.7 [bugfix] is released!

Mon Jul 10, 2017 4:53 pm

I understand you want to try and keep things proprietary for license reasons, but it's kind of silly to rewrite the entire program. Why can't you use the official releases so we get audited code, UDP support, etc? It's less work for you to to drop in a new binary every release than keep your code up to date with latest OpenVPN changes and features (as evidenced by continued missing UDP support after all these years). And your GPL obligations only require you to release OpenVPN sources.
 
gdo
just joined
Posts: 8
Joined: Wed Jul 26, 2017 12:30 am

Re: v6.38.7 [bugfix] is released!

Wed Jul 26, 2017 1:06 am

good think
 
stucki
just joined
Posts: 19
Joined: Sun Apr 16, 2017 3:57 pm

Re: v6.38.7 [bugfix] is released!

Wed Aug 02, 2017 12:12 pm

r1ch: a small, supportable product is only possible, when there are no dependencies. stop arguing, mikrotik will not change this. I am glad, that we as customers have small firmware packages.
 
xt22
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Tue Jul 14, 2015 1:16 pm

Re: v6.38.7 [bugfix] is released!

Fri Aug 04, 2017 1:30 pm

Hello,

in 6.38.7, my pcie LTE Huawei ME909u-521 stopped working. I get public ip from the LTE interface, dynamic route gets created with providers gateway,
but I can ping neither it, nor google at 8.8.8.8.

6.36.4, 6.38.5, 6.39.1 are all ok (on the same RB). Tested on two RB912UAG-2HPnD, latest fw. Another one disappeared after remote update to 6.38.7 and
most probably it will be the same problem.
 
hashbang
Member Candidate
Member Candidate
Posts: 200
Joined: Sat Jul 26, 2014 6:38 pm

Re: v6.38.7 [bugfix] is released!

Mon Aug 21, 2017 5:43 pm

just installed this version on x86 pppoe-server showing red in color where as server is running ok. people can authenticate surf. Seems like cosmetic bug
 
simvirus
just joined
Posts: 24
Joined: Tue Sep 22, 2009 10:47 am

Re: v6.38.7 [bugfix] is released!

Fri Sep 01, 2017 3:52 pm

Hello
I've upgraded from bugfix version 6.37.5 to the last bugfix 6.38.7 and the IPsec tunnel does not work anymore.
I've tested this issue with 5/6 setup in different infrastructure, with multiple IPsec client (Apple, Windows, etc...)

I've opened a new thread for this issue:
viewtopic.php?f=2&t=125165

Regards
Sim

----

Update: SOLVED! :D
 
estebanuy
just joined
Posts: 3
Joined: Tue Oct 03, 2017 6:16 pm

Re: v6.38.7 [bugfix] is released!

Mon Oct 09, 2017 3:07 pm

i have an issue with the ipsec, routerOS 6.37.5:

these are the configurations:


/ip ipsec policy
add action=none dst-address=10.10.0.0/24 level=use sa-dst-address=10.200.80.89 sa-src-address=10.181.9.97 \
src-address=0.0.0.0/0 tunnel=yes
add dst-address=192.168.200.0/24 proposal=lose-256 sa-dst-address=10.200.80.90 sa-src-address=0.0.0.0 \
src-address=10.10.0.0/24 tunnel=yes
add dst-address=0.0.0.0/0 sa-dst-address=10.200.80.89 sa-src-address=10.181.9.97 src-address=10.10.0.0/24 \
tunnel=yes

/ip ipsec peer
add address=10.200.80.89/32 auth-method=rsa-signature certificate=subag_10_10.cer_0 dpd-interval=5s \
exchange-mode=aggressive remote-certificate=none
add address=10.200.80.90/32 auth-method=rsa-signature certificate=subag_10_10.cer_0 dh-group=modp1536 \
dpd-interval=5s enc-algorithm=aes-256 remote-certificate=none


/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des lifetime=2h pfs-group=none
add enc-algorithms=aes-256-cbc lifetime=2h name=lose-256 pfs-group=none


when i try to update from 6.37.5 to 6.38.7 the ipsec doesn't work and change a few parameters.
I tested various configurations but when restart the router this erase it (in version OS 6.38.7)

thanks in advance if you can help me.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.38.7 [bugfix] is released!

Mon Oct 16, 2017 8:59 am

Version 6.39.3 has been released in bugfix channel:
viewtopic.php?f=21&t=126694

Who is online

Users browsing this forum: akakua, BillyVan, grusu, ips, Knapek, wispmikrotik and 31 guests