Community discussions

 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1407
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

v6.40 [current]

Wed Jul 26, 2017 1:24 pm

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

What's new in v6.40 (2017-Jul-21 08:45):

!) lte - added initial fastpath support (except SXT LTE and Sierra modems);
!) lte - added initial support for passthrough mode for lte modems that supports fastpath;
!) wireless - added Nv2 AP synchronization feature "nv2-modes" and "nv2-sync-secret" option;
*) bonding - fixed 802.3ad mode on RB1100AHx4;
*) btest - fixed crash when packet size has been changed during test;
*) capsman - added "current-registered-clients" and "current-authorized-clients" count for CAP interfaces;
*) capsman - fixed EAP identity reporting in "registration-table";
*) capsman - set minimal "caps-man-names" and "caps-man-certificate-common-names" length to 1 char;
*) certificate - added "crl-use" setting to disable CRL use (CLI only);
*) certificate - update and reload old certificate with new one if SKID matches;
*) chr - fixed MAC address assignment when hot plugging NIC on XenServer;
*) chr - maximal system disk size now limited to 16GB;
*) conntrack - fixed IPv6 connection tracking enable/disable;
*) console - fixed different command auto complete on <tab>;
*) crs212 - fixed Optech sfp-10G-tx module compatibility with SFP ports;
*) defconf - added IPv6 default firewall configuration (IPv6 package must be enabled on reset);
*) defconf - improved IPv4 default firewall configuration;
*) defconf - renamed 192.168.88.1 address static DNS entry from "router" to "router.lan";
*) dhcp - added "debug" logs on MAC address change;
*) dhcpv4-client - added "gateway-address" script parameter;
*) dhcpv4-server - fixed lease renew for DHCP clients that sends renewal with "ciaddr = 0.0.0.0";
*) dhcpv4-server - fixed server state on interface change in Winbox and Webfig;
*) discovery - fixed timeouts for LLDP neighbours;
*) dns - remove all dynamic cache RRs of same type when adding static entry;
*) dude - fixed server crash;
*) email - added support for multiple attachments;
*) ethernet - fixed occasional broken interface order after reset/first boot;
*) ethernet - fixed rare linking problem with forced 10Mbps full-duplex mode;
*) export - added "terse" option;
*) export - added default "init-delay" setting for "/routerboard settings" menu;
*) export - added router model and serial number to configuration export;
*) export - fixed "/interface list" verbose export;
*) export - fixed "/ipv6 route" compact export;
*) export - fixed MPLS "dynamic-label-range" export;
*) export - fixed SNMP "src-address" for compact export;
*) fastpath - improved performance when packets for slowpath are received;
*) fastpath - improved process of removing dynamic interfaces;
*) fasttrack - fixed fasttrack over interfaces with dynamic MAC address;
*) fetch - added "src-address" parameter for HTTP and HTTPS;
*) filesystem - improved error correcting process on tilera and RB1100AHx4 storage;
*) firewall - added "none-dynamic" and "none-static" options for "address-list-timeout" parameter;
*) firewall - fixed bridge "action=log" rules;
*) firewall - fixed cosmetic "inactive" flag when item was disabled;
*) firewall - fixed crash on fasttrack dummy rule manual change attempt;
*) firewall - removed unique address list name limit;
*) hAP ac lite - removed nonexistent "wlan-led";
*) hotspot - added "address-list" support in "walled-garden" IP section;
*) hotspot - require "dns-name" to contain "." symbol under Hotspot Server Profile configuration;
*) ike1 - added log error message if netmask was not provided by "mode-config" server;
*) ike1 - added support for "framed-pool" RADIUS attribute;
*) ike1 - create tunnel policy when no split net provided;
*) ike1 - fixed minor memory leak on peer configuration change;
*) ike1 - kill phase1 instead of rekey if "mode-config" is used;
*) ike1 - removed SAs on DPD;
*) ike1 - send phase1 delete;
*) ike1 - wait for cfg set reply before ph2 creation with xAuth;
*) ike2 - added RADIUS attributes "Framed-Pool", "Framed-Ip-Address", "Framed-Ip-Netmask";
*) ike2 - added pfkey kernel return checks;
*) ike2 - added support for "Mikrotik_Address_List" RADIUS attribute;
*) ike2 - added support for "mode-config" static address;
*) ike2 - by default use "/24" netmask for peer IP address in split net;
*) ike2 - fixed duplicate policy checking with "0.0.0.0/0" policies;
*) ike2 - prefer traffic selector with "mode-config" address;
*) ipsec - added "firewall=add-notrack" peer option (CLI only);
*) ipsec - added information in console XML for "mode-config" menu;
*) ipsec - added support for "key-id" peer identification type;
*) ipsec - allow to specify chain in "firewall" peer option;
*) ipsec - do not deduct "dst-address" from "sa-dst-address" for "/0" policies;
*) ipsec - enabled modp2048 DH group by default;
*) ipsec - fixed connections cleanup on policy or proposal modification;
*) ipsec - optimized logging under IPSec topic;
*) ipsec - removed policy priority;
*) l2tp - fixed handling of pre-authenticated L2TP sessions with CHAP authentication;
*) l2tp-server - added "one-session-per-host" option;
*) log - added "poe-out" topic;
*) log - improved "l2tp" logs;
*) log - optimized "wireless,info" topic logs;
*) log - work on false CPU/RAM overclocked alarms;
*) lte - added "accounting" logs for LTE connections;
*) lte - added additional driver support for DWR-910;
*) lte - added info command support for the Jaton LTE modem;
*) lte - added initial support for "NTT DoCoMo" modem;
*) lte - added support for Huawei E3531-6;
*) lte - added support for ZTE TE W120;
*) lte - fixed info command when it is executed at the same time as modem restarts/disconnects;
*) lte - improved SMS delivery report;
*) lte - improved reliability on SXT LTE;
*) metarouter - fixed display of bogus error message on startup;
*) mmips - added support for NVME disks;
*) ovpn - added support for "push-continuation";
*) ovpn - added support for topology subnet for IP mode;
*) ovpn - fixed duplicate default gateway presence when receiving extra routes;
*) ovpn - improved performance when receiving too many options;
*) packages - increased automatic download retry interval to 5 minutes if there is no free disk space;
*) ping - fixed ping getting stuck (after several thousands of ping attempts);
*) ppp - added initial support for ZTE K4203-Z and ME3630-E;
*) ppp - added output values for "info" command for finding the GSM base station's location ("LAC" and "IMSI");
*) ppp - fixed "user-command" output;
*) ppp - fixed non-standart PAP or CHAP packet handling;
*) ppp - improved MLPPP packet forwarding performance;
*) ppp - use interface name instead of IP as default route gateway;
*) proxy - fixed potential crash;
*) proxy - fixed rare program crash after closing client connection;
*) quickset - added "Band" setting to "CPE" and "PTP CPE" modes;
*) quickset - added special firewall exception rules for IPSec;
*) quickset - fixed incorrect VPN address value on arm and tilera;
*) quickset - simplified LTE status monitoring;
*) quickset - use active user name and permissions when applying changes;
*) rb1100ahx4 - fixed startup problems (requires additional reboot after upgrade);
*) rb3011 - fixed packet passthrough on switch2 while booting;
*) rb750gr3 - fixed USB power;
*) routerboard - added "caps-mode" option for "reset-configuration";
*) routerboard - added "caps-mode-script" for default-configuration print;
*) routing - allow to disable "all" interface entry in BFD;
*) safe-mode - fixed session handling when Safe Mode is used on multiple sessions at the same time;
*) sfp - fixed invalid temperature reporting when ambient temperature is less than 0;
*) sms - decode reports in readable format;
*) sniffer - do not skip L2 packets when "all" interface mode was used;
*) snmp - added "ifindex" on interface traps;
*) snmp - added CAPsMAN interface statistics;
*) snmp - added ability to set "src-address";
*) snmp - fixed "/system resource cpu print oid" menu;
*) snmp - fixed crash on interface table get;
*) snmp - fixed wireless interface walk table id ordering;
*) socks - fixed crash while processing many simultaneous sessions;
*) ssl - added Wildcard support for "left-most" DNS label (will allow to use signed Wildcard certificate on VPN servers);
*) supout - fixed IPv6 firewall section;
*) switch - fixed "loop-protect" on CRS SFP/SFP+ ports;
*) switch - fixed multicast forwarding on CRS326;
*) tile - fixed copying large amount of text over serial console;
*) tr069-client - fixed lost HTTP header on authorization;
*) trafficgen - added "lost-ratio" to statistics;
*) ups - show correct "line-voltage" value for usbhid UPS devices;
*) userman - added "/tool user-manager user clear-profiles" command;
*) userman - do not send disconnect request for user when "simultaneous session limit reached";
*) userman - lookup language files also in "/flash" directory;
*) vlan - do not delete existing VLAN interface on "failure: already have such vlan";
*) webfig - fixed wireless "scan-list" parameter not being saved after applying changes;
*) winbox - added "eap-identity" to CAPsMAN registration table;
*) winbox - added "no-dad" setting to IPv6 addresses;
*) winbox - added "reselect-channel" to CAPsMAN interfaces;
*) winbox - added "session-uptime" to LTE interface;
*) winbox - added TR069 support;
*) winbox - do not autoscale graphs outside known maximums;
*) winbox - fixed wireless interface "amsdu-threshold" max limit;
*) winbox - hide LCD menu on CRS112-8G-4S;
*) winbox - make IPSec policies table an order list;
*) winbox - moved LTE info fields to status tab;
*) winbox - show "/interface wireless cap print" warnings;
*) winbox - show "/system health" only on boards that have health monitoring;
*) winbox - show "D" flag under "/interface mesh port" menu;
*) wireless - NAK any methods except MS-CHAPv2 as inner method in PEAP;
*) wireless - added option to change "nv2-downlink-ratio" for nv2 protocol;
*) wireless - added option to set "fixed-downlink" mode for nv2 protocol;
*) wireless - allow VirutalAP on Level0 (24h demo) license;
*) wireless - always use "multicast-helper" when DHCP is being used;
*) wireless - do not skip >2462 channels if interface is WDS slave;
*) wireless - fixed 802.11u wireless request processing;
*) wireless - fixed EAP PEAP success processing;
*) wireless - fixed compatibility with "AR5212" wireless chips;
*) wireless - fixed rare crash on cap disable;
*) wireless - fixed registration table "signal-strength" reporting for chains when using nv2;
 
msatter
Forum Guru
Forum Guru
Posts: 1232
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.40 [current]

Wed Jul 26, 2017 1:40 pm

That is very long list and a lot was done in that time. Thanks.

There are two CLI only and will those be changeably in Winbox in foreseeable time?
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta / Winbox 3.20 / MikroTik APP 1.3.4
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
MartijnVdS
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Wed Aug 13, 2014 9:36 am

Re: v6.40 [current]

Wed Jul 26, 2017 2:39 pm

*) wireless - fixed 802.11u wireless request processing;
Is there any documentation about this feature? I can't find anything regarding 802.11u on the wiki.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8308
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.40 [current]

Wed Jul 26, 2017 3:17 pm

ros-flash-6.40.jpg
You do not have the required permissions to view the files attached to this post.
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
Winkee
just joined
Posts: 1
Joined: Wed Jan 09, 2013 10:47 am

Re: v6.40 [current]

Wed Jul 26, 2017 3:18 pm

*) defconf - improved IPv4 default firewall configuration;
Is it possible to post here new defconf? I want to check how is it different from 6.39. Thanks.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24205
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.40 [current]

Wed Jul 26, 2017 3:20 pm

ros-flash-6.40.jpg
Only applies to CHR and was just fixed in latest RC
No answer to your question? How to write posts
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8308
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.40 [current]

Wed Jul 26, 2017 3:50 pm

Is it possible to post here new defconf? I want to check how is it different from 6.39. Thanks.
can't "/sys default-configuration pr file=bla-bla" help?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
raymondr15
Member Candidate
Member Candidate
Posts: 118
Joined: Fri Sep 05, 2014 1:11 am
Location: East London, South Africa
Contact:

Re: v6.40 [current]

Wed Jul 26, 2017 4:41 pm

Hi,

I am sitting in my office at work and have just update my RB2011UiAS-RM remotely, after rebooting the router am not able to access my router from the WAN side, my internet service provider is a WISP so I logged into my CPE and tried to SSH my router, I am able to login to the router but as soon as I login, the router stops responding for a few minutes and then comes back, same thing keeps happening when trying to SSH to the router. Will have to check the router when I get home.

Folks, don't upgrade your router if it is on a remote location 8)
 
Njumaen
newbie
Posts: 36
Joined: Wed Feb 24, 2016 8:41 pm

Re: v6.40 [current]

Wed Jul 26, 2017 5:04 pm

[Ticket#2017071322001096] CRS326 - no DNLA accessible

Issue solved. Thanks!
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8308
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.40 [current]

Wed Jul 26, 2017 5:09 pm

raymondr15, so you upgraded the router to both 6.40 and 6.41? How?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 545
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v6.40 [current]

Wed Jul 26, 2017 5:17 pm

Probably there is a problem on dynamic address-list:

1) ok for dynamic address-list feeded by firewall rule (add src to address-list)
2) items istantly disappear if dynamic address-list are loaded from cli/script/winbox (I'm testing with 8days timeout)

(testing on a hEX with 6.40)
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 545
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v6.40 [current]

Wed Jul 26, 2017 5:57 pm

Reverting to bugfix, dynamic address-lists work as expected.
Anyone can confirm on different board ?
 
freemannnn
Long time Member
Long time Member
Posts: 666
Joined: Sun Oct 13, 2013 7:29 pm

Re: v6.40 [current]

Wed Jul 26, 2017 6:02 pm

what is the difference of these 2?

*) capsman - added "current-registered-clients" and "current-authorized-clients" count for CAP interfaces;

is it possible to move these specific columns in the beginning? (like excel) they are placed far right so you have to scroll all the time to see these information.
 
Sob
Forum Guru
Forum Guru
Posts: 4655
Joined: Mon Apr 20, 2009 9:11 pm

Re: v6.40 [current]

Wed Jul 26, 2017 6:25 pm

*) firewall - added "none-dynamic" and "none-static" options for "address-list-timeout" parameter;
Not WinBox-friendly, you can't enter "none-static" as timeout. And when set using CLI, it shows as "49710d 06:28:15" (can also be set like this, but obviously it's not very usable way to do it).
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
sx10
newbie
Posts: 28
Joined: Fri Jan 04, 2013 5:46 am
Location: Portland, OR USA

Re: v6.40 [current]

Wed Jul 26, 2017 7:19 pm

Is it possible to post here new defconf? I want to check how is it different from 6.39. Thanks.
can't "/sys default-configuration pr file=bla-bla" help?
No this doesn't show the actual configuration, just the script. I'm interested in seeing the new default firewall config, especially for ipv6, but I don't want to reset just to see it. Can someone post this?
 
irghost
Member Candidate
Member Candidate
Posts: 281
Joined: Sun Feb 21, 2016 1:49 pm

Re: v6.40 [current]

Wed Jul 26, 2017 7:47 pm

MRU problem
Image
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
Safic
just joined
Posts: 4
Joined: Sun Jun 19, 2016 10:26 am

Re: v6.40 [current]

Wed Jul 26, 2017 7:50 pm

Hi all!
Upgrade my CCR1009-7G-1C-1S+PC, wAP ac, RB433UAH. Works fine!
Thanks!
 
acidvenom
just joined
Posts: 8
Joined: Thu Aug 14, 2014 9:12 pm

Re: v6.40 [current]

Wed Jul 26, 2017 9:03 pm

cAP bricked 3 times in a row. Just DO NOT use "Download&Install".
Use file transfer option to upgrade.
 
User avatar
GaToMaLaCo
just joined
Posts: 8
Joined: Fri Jan 10, 2014 2:13 am

Re: v6.40 [current]

Wed Jul 26, 2017 10:13 pm

I just updated a RB2011UiAS-2HnD using "Download&Install" and it's working fine as usual.
 
madgrok
just joined
Posts: 2
Joined: Wed Jul 19, 2017 1:08 pm

Re: v6.40 [current]

Wed Jul 26, 2017 10:30 pm

No this doesn't show the actual configuration, just the script. I'm interested in seeing the new default firewall config, especially for ipv6, but I don't want to reset just to see it. Can someone post this?
/system default-configuration print file=def_conf_script.txt
https://pastebin.com/zEBX4Nnj
 
kresozg
just joined
Posts: 2
Joined: Wed Jul 26, 2017 10:43 pm

Re: v6.40 [current]

Wed Jul 26, 2017 10:49 pm

after upgrade to last stable 6.40 i got LCD display blinking on RB2011...
and it says starting services....

on other devices it seams to be fine only RB2011 are afected... because of that i have OSPF (routes coming up and down)...
after downgrade to 6.39.2 it is OK.... upgraded agin and it is not good...
 
User avatar
GaToMaLaCo
just joined
Posts: 8
Joined: Fri Jan 10, 2014 2:13 am

Re: v6.40 [current]

Wed Jul 26, 2017 10:53 pm

after upgrade to last stable 6.40 i got LCD display blinking on RB2011...
and it says starting services....

on other devices it seams to be fine only RB2011 are afected... because of that i have OSPF (routes coming up and down)...
after downgrade to 6.39.2 it is OK.... upgraded agin and it is not good...
Have you tried upgrading one of them but with a default config?
 
upower3
Member
Member
Posts: 384
Joined: Thu May 07, 2015 11:46 am

Re: v6.40 [current]

Wed Jul 26, 2017 10:56 pm

Huge list of changes, nice to see that. Will wait until most of it be backported to bugfix branch. So to say to be on the safe side :)

Anyway good job, and nice to see even ovpn got some updated. Like some anniversary release :)
 
kresozg
just joined
Posts: 2
Joined: Wed Jul 26, 2017 10:43 pm

Re: v6.40 [current]

Wed Jul 26, 2017 11:32 pm

the one closest to me is working as CAP... so nothing special there...
 
jo2jo
Forum Veteran
Forum Veteran
Posts: 958
Joined: Fri May 26, 2006 1:25 am

Re: v6.40 [current]

Thu Jul 27, 2017 1:13 am

I was SUPER happy and hopeful to see this:
*) defconf - improved IPv4 default firewall configuration;

but.... From the new Def_config.txt file:
/ip neighbor discovery set [find name="ether1"] discover=no
and
filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
MT you guys are still, by default blocking / disabling one of the best unique features of mikrotik + hurting the ability to deploy a large scale ENTIRELY MT infrastructure (ie MT hex POEs in closets providing mt detectable passive power over eth via a cat5 to users with MT devices) Such that the network admin / owner can simply ship a new RB (or the tenant can order one shipped directly to them) and simply plug in eth1 into the wall jack and the device gets power and data (and then the admin can do the config for the owner via L2 Mac-telnet) === this is all disabled by the default config! such that we must stock and pre-config MTs and ship to customers (or not even deploy all mt in this nice setup).

(i understand why you have these rules in def. config, but i disagree)
Maybe have a FW rule to limit only 1 or 2 L2 Mac-telnet New connections per 24h period (to combat Mac-telnet brute-forcing by default, but still allow an honest admin to get into a clients new devices to give them an inital config)

This way makes it super easy and convenient (and happy) for the end user (they just buy, and plug in- the admin does the rest for them, + they use POE so just 1 cable and 1 action and no config on their part).

i have a thread about exactly this request:
viewtopic.php?t=117450

thanks
:beep :beep :beep
 
ksteink
newbie
Posts: 38
Joined: Thu Mar 31, 2016 6:54 pm

Re: v6.40 [current]

Thu Jul 27, 2017 1:47 am

Upgraded an RB951Ui-2HnD and everything working fine such as:

- IPv6 (HE tunneling)
- OpenVPN (S2S and C2S)

Planning to upgrade an RB2011 later on this week.

Update: I did upgrade my RB2011-UiAS-2HnD with similar configuration as my RB951 and no issues at all.

Update #2: RB2011 led blinking issue as well like other persons are reporting
Last edited by ksteink on Fri Jul 28, 2017 5:43 am, edited 2 times in total.
 
irghost
Member Candidate
Member Candidate
Posts: 281
Joined: Sun Feb 21, 2016 1:49 pm

Re: v6.40 [current]

Thu Jul 27, 2017 8:17 am

RB2011UiAs 2hnd LCD blinking after boot
watch this video http://up.vbiran.ir/uploads/25117150113 ... _video.zip
but router works with no problem
Last edited by irghost on Thu Jul 27, 2017 8:36 am, edited 1 time in total.
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24205
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.40 [current]

Thu Jul 27, 2017 8:25 am

Huge list of changes, nice to see that. Will wait until most of it be backported to bugfix branch
That's not how the bugfix branch works. If this 6.40 would eventually be proven rock solid and stable, it would become the bugfix-only release itself. But that usually does not happen with the first release, usually it's 40.4 or something. We don't backport anything into the bugfix-only branch. This would make it potentially unstable.
No answer to your question? How to write posts
 
becs
MikroTik Support
MikroTik Support
Posts: 479
Joined: Thu Jul 07, 2011 8:26 am

Re: v6.40 [current]

Thu Jul 27, 2017 8:34 am

The RB2011 LCD blinking is fixed starting from RouterOS v6.41rc3.
What's new in 6.41rc3 (2017-Jul-26 09:32):
*) rb2011 - fixed possible LCD blinking along with Ethernet LED;
If you notice this problem in v6.40, disable/enable LCD to stop it:
/lcd set enabled=no
/lcd set enabled=yes
 
irghost
Member Candidate
Member Candidate
Posts: 281
Joined: Sun Feb 21, 2016 1:49 pm

Re: v6.40 [current]

Thu Jul 27, 2017 8:38 am

The RB2011 LCD blinking is fixed starting from RouterOS v6.41rc3.
What's new in 6.41rc3 (2017-Jul-26 09:32):
*) rb2011 - fixed possible LCD blinking along with Ethernet LED;
If you notice this problem in v6.40, disable/enable LCD to stop it:
/lcd set enabled=no
/lcd set enabled=yes
but problem comes up after reboot
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8308
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.40 [current]

Thu Jul 27, 2017 9:58 am

but problem comes up after reboot
do not reboot it :)
or use scheduler on startup to disable/enable the led
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1407
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40 [current]

Thu Jul 27, 2017 10:14 am

raymondr15 - Are you able to log into device long enough to generate supout file and download it? If you can, then please send it to support@mikrotik.com
Sob - We are not being able to reproduce such problem. If you select one of both options on drop down list, then you can see the same value on CLI. Please write to support@mikrotik.com and provide supout files from your router which has such problem
irghost - Please send supout file from this device to support@mikrotik.com
acidvenom - So you managed to upgrade with file transfer but did not manage to upgrade with "Download & Install"? Please describe more precisely what happened - Download and Install simply downloads packages and reboots device. Maybe you lost Internet access during an upgrade?
kresozg, irghost, bajodel - This issue will be fixed in 6.41rc releases
jo2jo - Default configuration must be acceptable for the biggest part of clients. If you are not satisfied with default configuration, then you can use different tools to replace it with another one
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5934
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.40 [current]

Thu Jul 27, 2017 10:31 am

MT you guys are still, by default blocking / disabling one of the best unique features of mikrotik + hurting the ability to deploy a large scale ENTIRELY MT infrastructure
Reinstall router with Netinstall and add your custom default configuration. Or use Flashfig for large scale deployments with custom configuration.
These features exist for years.

What you are suggesting is to compromise security.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5816
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.40 [current]

Thu Jul 27, 2017 10:44 am

I was SUPER happy and hopeful to see this:
*) defconf - improved IPv4 default firewall configuration;

but.... From the new Def_config.txt file:
/ip neighbor discovery set [find name="ether1"] discover=no
and
filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
MT you guys are still, by default blocking / disabling one of the best unique features of mikrotik + hurting the ability to deploy a large scale ENTIRELY MT infrastructure (ie MT hex POEs in closets providing mt detectable passive power over eth via a cat5 to users with MT devices) Such that the network admin / owner can simply ship a new RB (or the tenant can order one shipped directly to them) and simply plug in eth1 into the wall jack and the device gets power and data (and then the admin can do the config for the owner via L2 Mac-telnet) === this is all disabled by the default config! such that we must stock and pre-config MTs and ship to customers (or not even deploy all mt in this nice setup).

(i understand why you have these rules in def. config, but i disagree)
Well, I should say I am VERY HAPPY with this new configuration! Finally, the WAN side of the router by default is dropping all traffic. Countless times we have seen cases where people added a PPPoE WAN interface following some bad Youtube directions or without reading the manual, and by that unwanted addition of a new WAN interface put their router on internet for everyone to access. Abuse the DNS resolver for reflection attacks, open the admin interface to password guessing (with an empty default password!), etc.
Now, finally after many times asking for that, something has been done about it.
So please don't ask to open it up again for your personal project, it is not reasonable to request a device to be shipped with holes by default.
Maybe there could be some mechanism to load default config from a USB stick or using some app.
 
irghost
Member Candidate
Member Candidate
Posts: 281
Joined: Sun Feb 21, 2016 1:49 pm

Re: v6.40 [current]

Thu Jul 27, 2017 11:21 am

but problem comes up after reboot
do not reboot it :)
or use scheduler on startup to disable/enable the led
:D :D :D :D :D :D :D :D :D :D :D :D :D :D :D
the real solution
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
Pun1sh3r
just joined
Posts: 2
Joined: Thu Jul 27, 2017 11:19 am

Re: v6.40 [current]

Thu Jul 27, 2017 11:26 am

Hi
After installing 6.40 on RB960PGS, log looks like on screenshot
There is no cable, plugged in ether2, but error disappears only when someshing plugged in ether2. PoE works ok, linking on 1 Gbs.
PS Ports 3-5 are busy and ok, trouble is only with ether2.
Last edited by Pun1sh3r on Thu Jul 27, 2017 12:21 pm, edited 1 time in total.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1407
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40 [current]

Thu Jul 27, 2017 11:52 am

Pun1sh3r - That is due to "*) log - added "poe-out" topic;". Please send supout file to support@mikrotik.com. Generate file while nothing is connected to ether2 but you see such log messages.
 
Pun1sh3r
just joined
Posts: 2
Joined: Thu Jul 27, 2017 11:19 am

Re: v6.40 [current]

Thu Jul 27, 2017 12:46 pm

Pun1sh3r - That is due to "*) log - added "poe-out" topic;". Please send supout file to support@mikrotik.com. Generate file while nothing is connected to ether2 but you see such log messages.
Thx
I've downgraded to 6.38.7, trouble stays. I thing, that my 960PGS isn't working correctly, will test 6.40 on another one.
 
irghost
Member Candidate
Member Candidate
Posts: 281
Joined: Sun Feb 21, 2016 1:49 pm

Re: v6.40 [current]

Thu Jul 27, 2017 1:30 pm

MRU problem
Image
[amir@MikroTikFA-Amir] /interface> pppoe-client monitor "PPPoE - Livar"
          status: connected
          uptime: 2h51m15s
    active-links: 1
        encoding: 
    service-name: ShirazMobile.Com22
         ac-name: Livar-CCR
          ac-mac: 4C:5E:0C:63:AC:D1
             mtu: 1480
             mru: 65516
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
Sob
Forum Guru
Forum Guru
Posts: 4655
Joined: Mon Apr 20, 2009 9:11 pm

Re: v6.40 [current]

Thu Jul 27, 2017 2:41 pm

Sob - We are not being able to reproduce such problem. If you select one of both options on drop down list, then you can see the same value on CLI.
That's the thing, I don't have drop down list for address list timeout. But I examined it a little more and it's there, but only in filter. I previously tested with mangle and it still has old field for time (nat and raw too).
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 905
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: v6.40 [current]

Thu Jul 27, 2017 2:46 pm

Upgraded four CCR1036 from 6.37.3 / 3.33
Two of them did it just fine, two came up in an undefined condition.
/system packages showed routeros-tile as only package and it was disabled.
Check for updates stated 0.0 as installed version.
hit "enable", rebooted, router stuck in reboot loop right after "loading kernel".
Only netInstall helped - but the router didn't reboot after install. Power cycling did the trick.
The only major difference between the two results is that the bricked ones were peering a couple AS, the other two didn't have BGP enabled.

-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1407
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40 [current]

Thu Jul 27, 2017 3:07 pm

Sob - Thank you. We will fix this in upcoming releases. Indeed problem is in Mangle but not in the Filters.
 
Sob
Forum Guru
Forum Guru
Posts: 4655
Joined: Mon Apr 20, 2009 9:11 pm

Re: v6.40 [current]

Thu Jul 27, 2017 3:30 pm

Also in NAT and Raw, they too allow action=add-src-to-address-list (or dst) and still have only old field for timeout.

And while you're at it, timeout parameter in "/ip firewall address-list" could also use support for "none-dynamic" and "none-static". It would be better to have it official, since "none-dynamic" is already possible using the magic number:
[sob@TestCHR3] > ip firewall address-list add list=test-dynamic address=1.2.3.4 timeout=4294967295
[sob@TestCHR3] > ip firewall address-list print
Flags: X - disabled, D - dynamic
 #   LIST                   ADDRESS                                    CREATION-TIME        TIMEOUT
 0 D test-dynamic           1.2.3.4                                    jul/27/2017 14:24:02 0s
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
zervan
Member
Member
Posts: 324
Joined: Fri Aug 20, 2010 10:43 pm
Location: Slovakia
Contact:

Re: v6.40 [current]

Thu Jul 27, 2017 4:20 pm

*) userman - added "/tool user-manager user clear-profiles" command;
What does this mean? Where on wiki are these commands?
Dusan Zervan from Slovakia
MTCNA, MTCRE
 
User avatar
rtacheny
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Sat Sep 14, 2013 7:13 pm
Location: Braham, MN USA
Contact:

Re: v6.40 [current]

Thu Jul 27, 2017 5:48 pm

Not sure if version related, however we deployed x2 Metal 9s with 6.40 yesterday, both have rebooted multiple times randomly. They were to replace x2 411 XR9 sectors on a tower using AP sync to deal with interference between the two (old APs used 802.11 as NV2 would not work due to the interference).
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 990
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: v6.40 [current]

Thu Jul 27, 2017 8:14 pm

The v6.40 update sounds really good - especially the nv2 stuff.
I run many huge nv2 networks for hundreds of distant nv2 clients - and I am always looking for methods to improve the nv2 networks.

Would somebody please explain (or point me to information/documentation) on the new nv2 features in v6.40 ?
I want to fully understand the following features and what/how it functions and how it effects a nv2 network for download & upload customer bandwidths and total system throughput.

!) wireless - added Nv2 AP synchronization feature "nv2-modes" and "nv2-sync-secret" option;
*) wireless - added option to change "nv2-downlink-ratio" for nv2 protocol;
*) wireless - added option to set "fixed-downlink" mode for nv2 protocol;
*) wireless - fixed registration table "signal-strength" reporting for chains when using nv2;


So far - I am guessing at the following:

wireless - added Nv2 AP synchronization feature "nv2-modes" and "nv2-sync-secret" option - does this provide possible better system nv2 timing between the AP and the clients ?

*) wireless - added option to change "nv2-downlink-ratio" for nv2 protocol; - does allow changes in the nv2 AP/Clients to add a larger AP-to-Client send timing-window (assuming so, I guess that it may also shorten the Client-to-AP window). Which can favor more nv2 bandwidth up or down.

*) wireless - added option to set "fixed-downlink" mode for nv2 protocol; - no idea ???

Thank you for any information

North Idaho Tom Jones
Last edited by TomjNorthIdaho on Thu Jul 27, 2017 8:15 pm, edited 1 time in total.
 
User avatar
rahrouh
Trainer
Trainer
Posts: 29
Joined: Wed Apr 15, 2009 4:14 pm
Location: 550 Alden Road, Unit 210A
Contact:

Re: v6.40 [current]

Thu Jul 27, 2017 8:15 pm

*) ppp - added output values for "info" command for finding the GSM base station's location ("LAC" and "IMSI");
Is there any documents available for this?
hr@wirelessnetware.ca
647-204-0455
wirelessnetware.ca
MikroTik Certified Trainer
 
pe1chl
Forum Guru
Forum Guru
Posts: 5816
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.40 [current]

Thu Jul 27, 2017 9:18 pm

I run many huge nv2 networks for hundreds of distant nv2 clients - and I am always looking for methods to improve the nv2 networks.
You know what would be really helpful here? An implementation of airMAX in MikroTik, or NV2 in Ubiquiti equipment...
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2287
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.40 [current]

Thu Jul 27, 2017 9:32 pm

The v6.40 update sounds really good - especially the nv2 stuff.
Would somebody please explain (or point me to information/documentation) on the new nv2 features in v6.40 ?
https://wiki.mikrotik.com/index.php?tit ... ronization
LAN, FTTx, Wireless. ISP operator
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 990
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: v6.40 [current]

Fri Jul 28, 2017 4:37 am

Nv2-downlink-ratio

I have not tested this yet or seen it yet.

I read the default is 50

If I set it to 80 , does that mean the AP has an additional 30 percent longer time period to send to clients - and the receive timing window is now 30 present shorter ?

Here is where I am going with this (please let me know if I am correct):
On average, our customer upload speeds are only 20 percent of the purchased download speed.
Thus a customer 25 meg account is actually 25 meg max speed to the customer and 5 meg max speed from the customer.
Thus setting Nv2-downlink-ratio to something like 80 should actually give customers greater download bandwidth -and- I also achieve more efficient use of the TDMA time-slots.


EDIT:
Another question re the AP Nv2-downlink-ratio setting - with a setting of 80 (80 percent AP send & 20 percent AP receives), do the nv2 clients need to also be v6.40 also?
I have hundreds of clients I also need to think about when I upgrade the AP to v6.40

North Idaho Tom Jones
 
MartinT
newbie
Posts: 26
Joined: Wed Jul 22, 2009 1:28 am
Location: CZ

Re: v6.40 [current]

Fri Jul 28, 2017 12:12 pm

*) wireless - fixed 802.11u wireless request processing;
Until now, I din not register "802.11u" in Changelogs. What exactly was "fixed" ? Could packets related to 802.11u from foreign stations do some problem on Mikrotik AP ?
MartinT
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1032
Joined: Fri Jul 28, 2017 2:53 pm

Re: v6.40 [current]

Fri Jul 28, 2017 2:55 pm

Torch doesnt work with pppoe interface. Need to be fixed I suppose.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1407
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40 [current]

Fri Jul 28, 2017 3:02 pm

Anumrak - Problem will be fixed in upcoming 6.41rc releases.
 
Shaeto
just joined
Posts: 10
Joined: Sat Sep 27, 2014 11:36 pm

Re: v6.40 [current]

Fri Jul 28, 2017 7:48 pm

huawei lte modem me909s-120 in 6.40 stops data transfer every 10-20 mins, it is active, no warning logs but wan is down

the same modem worked fine on <= 6.39.2
 
onlineuser
Member Candidate
Member Candidate
Posts: 213
Joined: Thu Aug 06, 2015 12:10 pm

Re: v6.40 [current]

Fri Jul 28, 2017 8:03 pm

OVPN default route behaviour:

Take a look to this post - why did you change the default route behaviour?
viewtopic.php?f=13&t=124005&p=610512#p610512
Last edited by onlineuser on Fri Jul 28, 2017 9:39 pm, edited 2 times in total.
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 990
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: v6.40 [current] Nv2-downlink-ratio

Fri Jul 28, 2017 9:11 pm

Re: Nv2-downlink-ratio

Whooo Ahhhh !!!
Wow !!!!!
Great !!!!


I just tested Nv2-downlink-ratio (in v6.40) on one of my nv2 APs. I did NOT upgrade any clients. (Only the AP was nv2 running v6.40)
I then performed some btests

#1 with the default Nv2-downlink-ratio = 50
btest UDP both --- I get about 100 meg down to the client and 100 meg up from the client (symmetric up & down results during wireless saturation). This was the same result prior to upgrading the nv2 AP to v6.40

#2 with the default Nv2-downlink-ratio = 80 (this favors more bandwidth sent to clients at the cost of client slower uploads --- during AP wireless saturation)
btest UDP both --- I get about 180 meg down to the client and 27 meg up from the client (non symmetric up & down results during wireless saturation).


#3 with the default Nv2-downlink-ratio = 20 (this favors more bandwidth from to clients at the cost of client slower downloads --- during AP wireless saturation)
btest UDP both --- I get about 27 meg down to the client and 180 meg up from the client (non symmetric up & down results during wireless saturation).

#4 with the default Nv2-downlink-ratio = anything from 80-to-20 (((This test is performed when the AP is NOT wireless saturated)))
all speed tests results are normal bandwidth as previously experienced prior to v6.40 upgrade ((( When the AP in NOT wireless saturated )))

My conclusions:
A - Most normal NV2 APs to clients using the Internet average about-near-around 80 percent of all wireless traffic is from AP to clients.
In this scenario, setting the v6.40 AP Nv2-downlink-ratio setting to 80 can result in a whopping 80 percent more wireless bandwidth to customers during peak wireless saturation periods.
During peak-usage-periods when the nv2 AP is wireless saturated, you can sustain greater bandwidth from the AP to customers (+ 80 percent faster) at the expense of customer upload speeds (80 percent slower) during during peak-usage-periods when the nv2 AP is wireless saturated.


B - When the nv2 AP is not wireless saturated during lite-low wireless usage periods, the Nv2-downlink-ratio setting will not deliver any noticeable differences in wireless bandwidth to or from nv2 wireless customers.

C - I am guessing on this one --- Saturated WDS/PTP links should also benefit using the Nv2-downlink-ratio on v6.40 nv2 links.
If the nv2 WDS/PTP AP is sending more traffic than receiving, then set the nv2 AP Nv2-downlink-ratio to 80 (to improve peak saturation bandwidth)
If the nv2 WDS/PTP AP is receiving more traffic than receiving, then set the nv2 AP Nv2-downlink-ratio to 20 (to improve peak saturation bandwidth)

D - Although ROS prior to v6.40 did not have a Nv2-downlink-ratio setting available - it behaves as if a Nv2-downlink-ratio is set to 50

E - If you want to maintain a symmetric wireless bandwidth for up & down during nv2 AP wireless saturation periods, then set the Nv2-downlink-ratio to 50


Summary:
This new Nv2-downlink-ratio setting in v6.40 is a super wonderful feature than should be able to much better handle nv2 AP wireless peak saturation bandwidths. This setting gives control to the Mikrotik admin to flavor/prefer/enhance/increase the wireless nv2 AP traffic during wireless saturation periods by allowing the Mikrotik admin to prefer up or down bandwidth when his nv2 APs are saturated during peak periods of the day.

Thank you Mikrotik

Note: I am also going to double-post this post into the wireless section of these forums. There may be many Mikrotik admins that do not follow this side of Mikrotik anouncements re this v6.40 topic

North Idaho Tom Jones

again - Thank you Mikrotik
 
2jarek
Member Candidate
Member Candidate
Posts: 114
Joined: Thu May 17, 2007 3:28 pm
Location: Poland

Re: v6.40 [current]

Sat Jul 29, 2017 10:03 am

@TomjNorthIdaho
Uplink/Downlink ratio support doesn't work. Test many times in p2p & p2mp scenario 0 extra download ratio for clients only limit upload too 20%. 0 extra download speed for clients NV2 MT 6.40 vs 6.38.5 no matter dynamic or fixed ratio.
 
karwos
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Thu Apr 02, 2015 7:28 pm
Location: Poland

Re: v6.40 [current]

Sat Jul 29, 2017 1:59 pm

@TomjNorthIdaho
Uplink/Downlink ratio support doesn't work. Test many times in p2p & p2mp scenario 0 extra download ratio for clients only limit upload too 20%. 0 extra download speed for clients NV2 MT 6.40 vs 6.38.5 no matter dynamic or fixed ratio.
Yeah, it will limit UP speed to 20%, because it will give 8 (dl) : 2 (ul) slots in overall .
You cant have speed gain with this update, but if one customer would use 30MB up, others use 30MB up,
after this update this guy will be capped at 12MB UP
So others will have DL gain during saturation

I have tested and it works exactly as designed - 8:2 split ratio, so in my example saturated DL for 63mbits, got ~12-13mbits UL
Once stopped saturating DL, UL have begun to rose immediatly

this is how it works
 
dasvos
newbie
Posts: 29
Joined: Sat Mar 14, 2015 7:10 pm

Re: v6.40 [current]

Sat Jul 29, 2017 11:14 pm

The LCD screen on my 2011UiAS-RM seems to be stuck on "starting services" on boot. Only way to get it off is to enable the LCD and then Disable it again. Started happening on the first 6.40RC release that implemented the new bridges.
Last edited by dasvos on Sat Jul 29, 2017 11:14 pm, edited 1 time in total.
 
faljse
just joined
Posts: 1
Joined: Sun Jul 30, 2017 7:57 am

Re: v6.40 [current]

Sun Jul 30, 2017 8:02 am

huawei lte modem me909s-120 in 6.40 stops data transfer every 10-20 mins, it is active, no warning logs but wan is down
the same modem worked fine on <= 6.39.2
Same behavior with an huawei e3372h usb stick
Downgraded to 6.38.7, which works fine.
 
dadoremix
Member Candidate
Member Candidate
Posts: 116
Joined: Sat May 14, 2011 11:31 am

Re: v6.40 [current]

Sun Jul 30, 2017 10:11 am

Anyone can confirm... ip>>cloud not working on 6.40
Blank
Only you can force update date/time


Sent from my iPhone using Tapatalk Pro
 
Shadeofspirit
Member Candidate
Member Candidate
Posts: 204
Joined: Fri May 27, 2016 12:15 am
Location: Minsk
Contact:

Re: v6.40 [current]

Sun Jul 30, 2017 10:19 am

Anyone can confirm... ip>>cloud not working on 6.40
Blank
Only you can force update date/time


Sent from my iPhone using Tapatalk Pro
yes, i have problems with ip-cloud on three rb3011 with ROS 6.40
MTCNA, MTCWE
 
MartinT
newbie
Posts: 26
Joined: Wed Jul 22, 2009 1:28 am
Location: CZ

Re: v6.40 [current]

Mon Jul 31, 2017 9:56 am

*) wireless - fixed 802.11u wireless request processing;
Until now, I din not register "802.11u" in Changelogs. What exactly was "fixed" ? Could packets related to 802.11u from foreign stations do some problem on Mikrotik AP ?

Note: already asked this on 28/7/2017 12:12, but did not see it here (searching found my post .. any problem with phpBB ??)
MartinT
 
xavierbt
newbie
Posts: 40
Joined: Thu Jan 22, 2015 11:55 am

Re: v6.40 [current]

Mon Jul 31, 2017 10:36 am

Since update to version 6.40 backup scripts are failing with this message


Error sending e-mail <ROUTER1 - jul/31/2017 Mikrotik Config Backup>: error handling file

Any clue why this was working and after update begins to fail ?

thanks
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1407
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40 [current]

Mon Jul 31, 2017 10:50 am

xavierbt - Fixed in 6.41rc already:
viewtopic.php?f=21&t=123936
 
PeterFreeman
just joined
Posts: 15
Joined: Tue Aug 02, 2011 10:26 pm
Location: United Kingdom
Contact:

Re: v6.40 [current]

Mon Jul 31, 2017 3:05 pm

Hi All,

I have found an issue with the LED signal indicator on the "SXT LTE" post upgrade to 6.40, it is still broken unchanged in 6.41rc4 also.
The signal meter "led" no longer shows signal-strength, only the bottom led light becomes active to show a connection, no meter lights thereafter.

Image

I have been trying to get a simple installers "webfig" working, to which 6.40 has a better functioning status page than previous releases, but here we also have a problem.
The "main" page signal indicators show full bars and do not reflect that actual signal received at all.
SINR is showing correctly but RSRP and RSSI are reflecting cur: 65431 dB avg: 65433 dB max: 65436 dB and the graph is fully filled.
I think the issue here is scale and perhaps the graph not reflecting the correct information from the lte1 interface.

Image

I have checked the "LED" type=modem-signal interfaces=lte1 and all settings appear to be correct, I can't see anything else more suitable than the setting it is already set on.
modem-signal-treshold=-91
LEDs led1 led2 led3 led4 led5

The Interface lte1 status page does however give correct readings through winbox.
RSSI: -76 dBm
RSRP: -104 dBm
RSRQ: -10 dB
SINR: 15 dB

Image
Last edited by PeterFreeman on Mon Jul 31, 2017 3:14 pm, edited 1 time in total.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8308
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.40 [current]

Mon Jul 31, 2017 3:12 pm

The "main" page signal indicators show full bars and do not reflect that actual signal received at all.
SINR is showing correctly but RSRP and RSSI are reflecting cur: 65431 dB avg: 65433 dB max: 65436 dB and the graph is fully filled.
I think the issue here is scale and perhaps the graph not reflecting the correct information from the lte1 interface.
I think, the issue is usage of unsigned integers: 65434 unsigned dword is -102 signed dword.
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5816
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.40 [current]

Mon Jul 31, 2017 3:41 pm

I think, the issue is usage of unsigned integers: 65434 unsigned dword is -102 signed dword.
Treatment of signed/unsigned is sort of a recurring issue in Webfig.... there have been similar bugs in earlier versions in other functions.
 
ryancccc
just joined
Posts: 6
Joined: Wed Jun 07, 2017 10:33 pm

Re: v6.40 [current]

Mon Jul 31, 2017 6:06 pm

Our UPS information doesn't display correctly in 6.40 anymore.
 
yaroslaw
just joined
Posts: 1
Joined: Mon Jul 31, 2017 6:09 pm

Re: v6.40 [current]

Mon Jul 31, 2017 6:11 pm

Seems like OpenVPN client "add default route" checkbox is broken.
With no checkbox selected after the connection it adds default gateway with distance 1.
 
dasvos
newbie
Posts: 29
Joined: Sat Mar 14, 2015 7:10 pm

Re: v6.40 [current]

Mon Jul 31, 2017 8:35 pm

Have an issue on my 2011, the LCD screen stays on after a reboot showing "Starting services". Only way to get it off is by enabling and disabling the LCD screen. Started happening on the first RC that implemented the new bridges.

Sent from my HUAWEI VNS-L31 using Tapatalk
 
fraggel
just joined
Posts: 1
Joined: Wed Apr 21, 2010 8:15 pm

Re: v6.40 [current]

Mon Jul 31, 2017 9:13 pm

Hi,

not sure if this is related to the change on the dyamic FW part, but when i do via CLI on 6.40 x86 version (tryed on 3 boxes) and on ARM (rb3011)

/ip firewall address-list add list=DynBlock timeout=15549579s comment="TEST" address=1.1.1.1

the record stays fine in the list, but if i do

/ip firewall address-list add list=DynBlock timeout=15249579s comment="TEST" address=1.1.1.1
(same for timeout=15349579s or timeout=15449579s, but not for timeout=15549579s)

the entry removes itself from the list after a second or 2.

on 6.40 running on Tile (CCR1009) i do not see this problem that the entry disappears.

I´m doing something wrong ?
 
105547111
Member Candidate
Member Candidate
Posts: 131
Joined: Fri Jun 22, 2012 9:46 pm

Re: v6.40 [current]

Tue Aug 01, 2017 2:32 am

I'm seeing in the Firewall / Address List, if I create a dynamic entry with a timeout, it reaches 00:00:00 but never gets removed.

So this is definitely a bug. I'm awaiting for some script generated ones to timeout so I'll confirm if its just ipv4 manually added, or script added and if its IPv6 as well..
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1407
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40 [current]

Tue Aug 01, 2017 9:15 am

As stated already before in this topic - address list timeout is already fixed in 6.41rc version and fix will be included in next current version too:
viewtopic.php?f=21&t=123936
 
rzirzi
Member
Member
Posts: 378
Joined: Mon Oct 09, 2006 2:33 pm

Re: v6.40 [current]

Tue Aug 01, 2017 11:53 am

Torch doesnt work with pppoe interface. Need to be fixed I suppose.
I can confirm that! Torch does not work with PPPoE interfaces :( MikroTik - please fix it.
 
rz3dvp
just joined
Posts: 1
Joined: Tue Aug 01, 2017 12:22 pm

Re: v6.40 [current]

Tue Aug 01, 2017 12:31 pm

Fantastic update!
I'm lost 3 router devices after install it - hAP ac + hEX + CCR1009 all this device go to recycling boot and don't load anymore ... :_(
Be careful, don't upgrate your ROS device on remoutly location!
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1407
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40 [current]

Tue Aug 01, 2017 2:25 pm

Torch, address-lists and LCD blinking are already fixed in 6.41rc version. That has been stated also in previous posts within this topic.
viewtopic.php?f=21&t=123931#p610197
viewtopic.php?f=21&t=123931#p610211
viewtopic.php?f=21&t=123931&start=50#p610456
viewtopic.php?f=21&t=123931&start=50#p610971

Also other issues has been already resolved:
viewtopic.php?f=21&t=123936

I would suggest that you check next version release-candidate topic before you test some issue in more depth and report here since it might be already fixed.
 
antonsb
MikroTik Support
MikroTik Support
Posts: 195
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: v6.40 [current]

Tue Aug 01, 2017 3:21 pm

huawei lte modem me909s-120 in 6.40 stops data transfer every 10-20 mins, it is active, no warning logs but wan is down
the same modem worked fine on <= 6.39.2
Same behavior with an huawei e3372h usb stick
Downgraded to 6.38.7, which works fine.
Hello,
Should be fixed in 640RC6
 
wawinfo
just joined
Posts: 11
Joined: Sun Apr 03, 2016 4:26 pm

Re: v6.40 [current]

Tue Aug 01, 2017 5:48 pm

Hi.
You mentioned that: " lte - added additional driver support for DWR-910"
Is this mean that it support USB 4G Modem D-LINK DWR-910?
How to set it up?
I have such modem and when I connect it to hAP lite ac, it just show "Mobile Connect" in USB resource !!
What can I do for make it work? this modem use RNDIS in windows to work.
Please help me Normis!!
 
User avatar
Hotz1
Member
Member
Posts: 391
Joined: Tue Oct 09, 2007 6:55 am

Re: v6.40 [current]

Tue Aug 01, 2017 7:16 pm

MT you guys are still, by default blocking / disabling one of the best unique features of mikrotik + hurting the ability to deploy a large scale ENTIRELY MT infrastructure
Reinstall router with Netinstall and add your custom default configuration. Or use Flashfig for large scale deployments with custom configuration.
It wasn't obvious to me until I stumbled upon it for myself, and I'm not sure this response makes it clear either, so let me try to spell it out.

When you 'netinstall' and specify your own config, that config becomes the new default. If the subscriber defaults the config, it returns to whatever config was provided during netinstall.

So if you want a defaulted RB to leave WAN discovery on, or to tunnel in to your network for configuration, just netinstall with that rsc, and that's what you'll get whenever you default the device.
Principal, Engineering
Cape Ann Communications, Inc.
Gloucester, MA, USA
 
antonsb
MikroTik Support
MikroTik Support
Posts: 195
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: v6.40 [current]

Wed Aug 02, 2017 10:50 am

Hi.
You mentioned that: " lte - added additional driver support for DWR-910"
Is this mean that it support USB 4G Modem D-LINK DWR-910?
How to set it up?
I have such modem and when I connect it to hAP lite ac, it just show "Mobile Connect" in USB resource !!
What can I do for make it work? this modem use RNDIS in windows to work.
Please help me Normis!!
Hello, only initial support was added to test if this modem could be used, unfortunately this modem did not respond on this particular setup.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5816
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.40 [current]

Wed Aug 02, 2017 12:08 pm

MT you guys are still, by default blocking / disabling one of the best unique features of mikrotik + hurting the ability to deploy a large scale ENTIRELY MT infrastructure
Reinstall router with Netinstall and add your custom default configuration. Or use Flashfig for large scale deployments with custom configuration.
It wasn't obvious to me until I stumbled upon it for myself, and I'm not sure this response makes it clear either, so let me try to spell it out.

When you 'netinstall' and specify your own config, that config becomes the new default. If the subscriber defaults the config, it returns to whatever config was provided during netinstall.
It appears his view is (see other topics) that MikroTik should ship routers that are open for outside access by default, so he can have any supplier ship MikroTik routers directly to his customers and then he can login to those routers and configure them. While that could be nice for his business case, it is of course disastrous in the general case. It would also quickly result in alarming messages on security forums "MikroTik ships routers that are open to management access from internet!", which would have negative impact on reputation.
He will have to re-think his business and find other ways to do it.

That being said, it could be interesting for MikroTik to provide some facilities for loading routers with custom configurations in a less-technical way.
It cannot be required from end users to fire up netinstall and load a config file provided by their ISP.
However, it could be a possibility to have a USB memory stick with a configuration file on it (with some predefined name) which the router would install when it is first booted with this stick in place. Some simple procedure would determine if the config is loaded or not, e.g. only after a full reset (although the procedure for that is already much too complicated to have an end user perform it for each new installation). Of course you would not want the router to re-install the same config when the stick is left inplace or later is put back, except after a full reset. Maybe some version number can be put in the config file and the router would only load files with a higher version than it has loaded before.

Then, he could ship USB sticks to his customers or have them download the file and put on an USB stick, insert it into the router and it would configure itself.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8308
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.40 [current]

Wed Aug 02, 2017 2:12 pm

Some simple procedure would determine if the config is loaded or not, e.g. only after a full reset (although the procedure for that is already much too complicated to have an end user perform it for each new installation). Of course you would not want the router to re-install the same config when the stick is left inplace or later is put back, except after a full reset. Maybe some version number can be put in the config file and the router would only load files with a higher version than it has loaded before.

Then, he could ship USB sticks to his customers or have them download the file and put on an USB stick, insert it into the router and it would configure itself.
good idea, by the way. insert USB stick, turn the router off, press 'Reset' button, turn the router on, wait for LEDs, router is configured :)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24205
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.40 [current]

Wed Aug 02, 2017 2:33 pm

Wouldn't this be a huge security risk? Anybody with a flash drive can reconfigure your router :)
No answer to your question? How to write posts
 
linux25
just joined
Posts: 5
Joined: Sat Apr 29, 2017 4:09 pm

Re: v6.40 [current]

Wed Aug 02, 2017 2:38 pm

After upgrade ethernet link down and up în 1 day 168 times. What is wrong?
 
pe1chl
Forum Guru
Forum Guru
Posts: 5816
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.40 [current]

Wed Aug 02, 2017 2:40 pm

Wouldn't this be a huge security risk? Anybody with a flash drive can reconfigure your router :)
Well, I mentioned there should be some procedure. Like "it only works on first boot after full reset".
Maybe it should only work while the password is still blank (routers in that state can be reconfigured anyway).
Anybody with physical access to your router could probably do bad things to it anyway.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8308
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.40 [current]

Wed Aug 02, 2017 3:04 pm

Wouldn't this be a huge security risk? Anybody with a flash drive can reconfigure your router :)
does it sound like 'anybody with a laptop and 8P8C patchcord can reconfigure your router'? :)

there can be something like '/system routerboard settings set protected-usb-setup=enabled'
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
Fluke
just joined
Posts: 2
Joined: Wed Aug 02, 2017 1:46 pm

Re: v6.40 [current]

Wed Aug 02, 2017 6:04 pm

Hello,

I have problems with IPv6 on my hAP ac since 6.40. ISP gives me static /126 subnet for WAN side + routed /64 for LAN.
The traffic does not pass through default route even though it is set and accessible. Downgrading to 6.39.2 works.

> ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
# ADDRESS FROM-POOL INTERFACE ADVERTISE
0 G 2a01:xxx:xxx::e/126 ISP no

> ipv6 route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
# DST-ADDRESS GATEWAY DISTANCE
0 A S ::/0 2a01:xxx:xxx::d 1
1 ADC 2a01:xxx:xxx::c/126 ISP 0

> ping 2a01:xxx:xxx::d
SEQ HOST SIZE TTL TIME STATUS
0 2a01:xxx:xxx::d 56 255 1ms echo reply
sent=1 received=1 packet-loss=0% min-rtt=1ms avg-rtt=1ms max-rtt=1ms

> ping 2a00:1450:400d:807::200e
SEQ HOST SIZE TTL TIME STATUS
0 127 (Network is down)
1 127 (Network is down)
2 127 (Network is down)
sent=3 received=0 packet-loss=100%

> tool traceroute 2a00:1450:400d:807::200e
# ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV
1 100% 1 timeout
2 100% 1 timeout
 
netflow
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Sat Oct 01, 2016 3:53 pm

Re: v6.40 [current]

Wed Aug 02, 2017 8:47 pm

huawei lte modem me909s-120 in 6.40 stops data transfer every 10-20 mins, it is active, no warning logs but wan is down

the same modem worked fine on <= 6.39.2
Issue on my side with me909s-120 already after approx. 20 sec. Noticed port USB1 @ 9600 bauds appeared.
Downgraded to the thrustworthy 6.39.2.
 
swtth
just joined
Posts: 10
Joined: Tue Feb 02, 2016 10:50 pm

Re: v6.40 [current]

Wed Aug 02, 2017 9:13 pm

After upgrade to 6.40, hotspot -> Server Profiles lost configuration and get to factory defaults.
 
nuffrespect
newbie
Posts: 38
Joined: Wed Jun 14, 2017 5:21 pm

Re: v6.40 [current]

Wed Aug 02, 2017 11:02 pm

Hi!
Torch doesn't work on GRE tunnel after update
Bug we have at CCR1009-7G, hex r3, CCR1009-8G

Although, everything looks good on the physical interface - torch seems works.
 
davidalain
just joined
Posts: 5
Joined: Thu Aug 03, 2017 3:24 am

Re: v6.40 [current]

Thu Aug 03, 2017 4:15 am

Hi,

I think there is a BUG on 6.40 version.

I'm running a PPPoE server and managing my clients with UserManager on a RB450G.
I was running version 6.39.2 with no troubles and when I did the upgrade to 6.40 some users failed to authenticate via PPPoE.

In UserManager Log the following message appears repeatly:
"simultaneous session limit reached for user <xxxxx>"

And in Winbox Log the following messages appears repeatly:
"PPPoE connection established from MACADDRESS"
"user xxxxx authentication failed"

It only works on 6.40 if I change the field Shared users to Unlimited at User menu of UserManager page.
But that users shall not use more than one connection at a time.

I did a downgrade via System->Packages->Downgrade in Winbox and the system is running OK for while with version 6.37.5.

Did anyone had these troubles?
 
User avatar
linkwave
Trainer
Trainer
Posts: 53
Joined: Fri May 25, 2007 9:13 pm
Location: Grosseto, Italy
Contact:

Re: v6.40 [current]

Thu Aug 03, 2017 10:20 am

there can be something like '/system routerboard settings set protected-usb-setup=enabled'
+1 :D
MTCNEL
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24205
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.40 [current]

Thu Aug 03, 2017 10:23 am

Wouldn't this be a huge security risk? Anybody with a flash drive can reconfigure your router :)
does it sound like 'anybody with a laptop and 8P8C patchcord can reconfigure your router'? :)

there can be something like '/system routerboard settings set protected-usb-setup=enabled'
Maybe I'm missing something, but can't you just use TR-069 to configure your customers, why bother with physical drives?
No answer to your question? How to write posts
 
pe1chl
Forum Guru
Forum Guru
Posts: 5816
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.40 [current]

Thu Aug 03, 2017 10:41 am

Maybe I'm missing something, but can't you just use TR-069 to configure your customers, why bother with physical drives?
Sure, but TR-069 is not enabled by default either, isn't it?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24205
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.40 [current]

Thu Aug 03, 2017 10:46 am

Before shipping to customers, use Flashfig to set whatever defaults you want. Takes some 2 seconds + unboxing.
No answer to your question? How to write posts
 
pe1chl
Forum Guru
Forum Guru
Posts: 5816
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.40 [current]

Thu Aug 03, 2017 10:53 am

Before shipping to customers, use Flashfig to set whatever defaults you want. Takes some 2 seconds + unboxing.
The topic starter (see another thread) wants to have boxes shipped by a regular supplier, direct to his customers, and have them connect
these to his network so he can configure them remotely. Apparently he has an L2 network as he requested to open MAC service access
on the internet port (MAC-telnet, MAC-winbox, RoMON or whatever). Of course this could be a leak in the default environment, that is why
I suggested a mechanism where the customer can do an initial configuration action without requiring too complicated (for a customer)
actions like connecting it to a system running netinstall. Loading the initial config from USB key (only on first boot, maybe better to do it
on any boot until any manual configuration has been done because customers might fire up the box before reading or understanding that
the USB key has to be plugged in) was my proposal. TR-069 could be another one but then it should be enabled during those first boots,
on a standard unit as shipped by the suppliers.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24205
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.40 [current]

Thu Aug 03, 2017 11:11 am

I understand that everyone wants everything be simplified, but you can't expect to do nothing and just watch the money flow :)
You will have to open the box and run Flashfig in any case.
No answer to your question? How to write posts
 
pe1chl
Forum Guru
Forum Guru
Posts: 5816
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.40 [current]

Thu Aug 03, 2017 11:23 am

I understand that everyone wants everything be simplified, but you can't expect to do nothing and just watch the money flow :)
You will have to open the box and run Flashfig in any case.
Well, my ISP uses AVM Fritz!box routers and they do have some of this functionality. There is a quickset wizard with a list of provider names,
you select the provider from that list and it gets the correct PPPoE configuration and the TR-069 service so they can push firmware upgrades etc.

It still requires the customer to connect to the router and do that initial setup, so there still is a service to have someone come by and
do that for them (and also connect it to the line or fiber, set a password on their WiFi, etc) but most people will be able to do it themselves.
The routers are shipped in factory mint condition, unopened. The provider list is in the generic release software, it is not specialized for them.
 
msatter
Forum Guru
Forum Guru
Posts: 1232
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.40 [current]

Thu Aug 03, 2017 11:38 am

I understand that everyone wants everything be simplified, but you can't expect to do nothing and just watch the money flow :)
You will have to open the box and run Flashfig in any case.
Well, my ISP uses AVM Fritz!box routers and they do have some of this functionality. There is a quickset wizard with a list of provider names,
you select the provider from that list and it gets the correct PPPoE configuration and the TR-069 service so they can push firmware upgrades etc.

It still requires the customer to connect to the router and do that initial setup, so there still is a service to have someone come by and
do that for them (and also connect it to the line or fiber, set a password on their WiFi, etc) but most people will be able to do it themselves.
The routers are shipped in factory mint condition, unopened. The provider list is in the generic release software, it is not specialized for them.
Hi pe1chl, is it possible that you past the text without the line breaks. That will make you texts a lot more readable.

Having profiles in the shipped router can supply Mikrotik with extra income but then it is maybe cheaper to have the firm that sends the router to the customer to config it.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta / Winbox 3.20 / MikroTik APP 1.3.4
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1407
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40 [current]

Thu Aug 03, 2017 4:26 pm

New 6.41rc version has been released with fixed for some problems from 6.40:
viewtopic.php?f=21&t=123936#p611427
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1407
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40 [current]

Thu Aug 03, 2017 4:28 pm

New 6.41rc version has been released:
viewtopic.php?f=21&t=123936#p611427
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1407
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40 [current]

Fri Aug 04, 2017 1:03 pm

Version 6.40.1 has been released:
viewtopic.php?f=21&p=611567#p611567

Who is online

Users browsing this forum: No registered users and 15 guests