Community discussions

 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1406
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

v6.40 [current]

Wed Jul 26, 2017 1:24 pm

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

What's new in v6.40 (2017-Jul-21 08:45):

!) lte - added initial fastpath support (except SXT LTE and Sierra modems);
!) lte - added initial support for passthrough mode for lte modems that supports fastpath;
!) wireless - added Nv2 AP synchronization feature "nv2-modes" and "nv2-sync-secret" option;
*) bonding - fixed 802.3ad mode on RB1100AHx4;
*) btest - fixed crash when packet size has been changed during test;
*) capsman - added "current-registered-clients" and "current-authorized-clients" count for CAP interfaces;
*) capsman - fixed EAP identity reporting in "registration-table";
*) capsman - set minimal "caps-man-names" and "caps-man-certificate-common-names" length to 1 char;
*) certificate - added "crl-use" setting to disable CRL use (CLI only);
*) certificate - update and reload old certificate with new one if SKID matches;
*) chr - fixed MAC address assignment when hot plugging NIC on XenServer;
*) chr - maximal system disk size now limited to 16GB;
*) conntrack - fixed IPv6 connection tracking enable/disable;
*) console - fixed different command auto complete on <tab>;
*) crs212 - fixed Optech sfp-10G-tx module compatibility with SFP ports;
*) defconf - added IPv6 default firewall configuration (IPv6 package must be enabled on reset);
*) defconf - improved IPv4 default firewall configuration;
*) defconf - renamed 192.168.88.1 address static DNS entry from "router" to "router.lan";
*) dhcp - added "debug" logs on MAC address change;
*) dhcpv4-client - added "gateway-address" script parameter;
*) dhcpv4-server - fixed lease renew for DHCP clients that sends renewal with "ciaddr = 0.0.0.0";
*) dhcpv4-server - fixed server state on interface change in Winbox and Webfig;
*) discovery - fixed timeouts for LLDP neighbours;
*) dns - remove all dynamic cache RRs of same type when adding static entry;
*) dude - fixed server crash;
*) email - added support for multiple attachments;
*) ethernet - fixed occasional broken interface order after reset/first boot;
*) ethernet - fixed rare linking problem with forced 10Mbps full-duplex mode;
*) export - added "terse" option;
*) export - added default "init-delay" setting for "/routerboard settings" menu;
*) export - added router model and serial number to configuration export;
*) export - fixed "/interface list" verbose export;
*) export - fixed "/ipv6 route" compact export;
*) export - fixed MPLS "dynamic-label-range" export;
*) export - fixed SNMP "src-address" for compact export;
*) fastpath - improved performance when packets for slowpath are received;
*) fastpath - improved process of removing dynamic interfaces;
*) fasttrack - fixed fasttrack over interfaces with dynamic MAC address;
*) fetch - added "src-address" parameter for HTTP and HTTPS;
*) filesystem - improved error correcting process on tilera and RB1100AHx4 storage;
*) firewall - added "none-dynamic" and "none-static" options for "address-list-timeout" parameter;
*) firewall - fixed bridge "action=log" rules;
*) firewall - fixed cosmetic "inactive" flag when item was disabled;
*) firewall - fixed crash on fasttrack dummy rule manual change attempt;
*) firewall - removed unique address list name limit;
*) hAP ac lite - removed nonexistent "wlan-led";
*) hotspot - added "address-list" support in "walled-garden" IP section;
*) hotspot - require "dns-name" to contain "." symbol under Hotspot Server Profile configuration;
*) ike1 - added log error message if netmask was not provided by "mode-config" server;
*) ike1 - added support for "framed-pool" RADIUS attribute;
*) ike1 - create tunnel policy when no split net provided;
*) ike1 - fixed minor memory leak on peer configuration change;
*) ike1 - kill phase1 instead of rekey if "mode-config" is used;
*) ike1 - removed SAs on DPD;
*) ike1 - send phase1 delete;
*) ike1 - wait for cfg set reply before ph2 creation with xAuth;
*) ike2 - added RADIUS attributes "Framed-Pool", "Framed-Ip-Address", "Framed-Ip-Netmask";
*) ike2 - added pfkey kernel return checks;
*) ike2 - added support for "Mikrotik_Address_List" RADIUS attribute;
*) ike2 - added support for "mode-config" static address;
*) ike2 - by default use "/24" netmask for peer IP address in split net;
*) ike2 - fixed duplicate policy checking with "0.0.0.0/0" policies;
*) ike2 - prefer traffic selector with "mode-config" address;
*) ipsec - added "firewall=add-notrack" peer option (CLI only);
*) ipsec - added information in console XML for "mode-config" menu;
*) ipsec - added support for "key-id" peer identification type;
*) ipsec - allow to specify chain in "firewall" peer option;
*) ipsec - do not deduct "dst-address" from "sa-dst-address" for "/0" policies;
*) ipsec - enabled modp2048 DH group by default;
*) ipsec - fixed connections cleanup on policy or proposal modification;
*) ipsec - optimized logging under IPSec topic;
*) ipsec - removed policy priority;
*) l2tp - fixed handling of pre-authenticated L2TP sessions with CHAP authentication;
*) l2tp-server - added "one-session-per-host" option;
*) log - added "poe-out" topic;
*) log - improved "l2tp" logs;
*) log - optimized "wireless,info" topic logs;
*) log - work on false CPU/RAM overclocked alarms;
*) lte - added "accounting" logs for LTE connections;
*) lte - added additional driver support for DWR-910;
*) lte - added info command support for the Jaton LTE modem;
*) lte - added initial support for "NTT DoCoMo" modem;
*) lte - added support for Huawei E3531-6;
*) lte - added support for ZTE TE W120;
*) lte - fixed info command when it is executed at the same time as modem restarts/disconnects;
*) lte - improved SMS delivery report;
*) lte - improved reliability on SXT LTE;
*) metarouter - fixed display of bogus error message on startup;
*) mmips - added support for NVME disks;
*) ovpn - added support for "push-continuation";
*) ovpn - added support for topology subnet for IP mode;
*) ovpn - fixed duplicate default gateway presence when receiving extra routes;
*) ovpn - improved performance when receiving too many options;
*) packages - increased automatic download retry interval to 5 minutes if there is no free disk space;
*) ping - fixed ping getting stuck (after several thousands of ping attempts);
*) ppp - added initial support for ZTE K4203-Z and ME3630-E;
*) ppp - added output values for "info" command for finding the GSM base station's location ("LAC" and "IMSI");
*) ppp - fixed "user-command" output;
*) ppp - fixed non-standart PAP or CHAP packet handling;
*) ppp - improved MLPPP packet forwarding performance;
*) ppp - use interface name instead of IP as default route gateway;
*) proxy - fixed potential crash;
*) proxy - fixed rare program crash after closing client connection;
*) quickset - added "Band" setting to "CPE" and "PTP CPE" modes;
*) quickset - added special firewall exception rules for IPSec;
*) quickset - fixed incorrect VPN address value on arm and tilera;
*) quickset - simplified LTE status monitoring;
*) quickset - use active user name and permissions when applying changes;
*) rb1100ahx4 - fixed startup problems (requires additional reboot after upgrade);
*) rb3011 - fixed packet passthrough on switch2 while booting;
*) rb750gr3 - fixed USB power;
*) routerboard - added "caps-mode" option for "reset-configuration";
*) routerboard - added "caps-mode-script" for default-configuration print;
*) routing - allow to disable "all" interface entry in BFD;
*) safe-mode - fixed session handling when Safe Mode is used on multiple sessions at the same time;
*) sfp - fixed invalid temperature reporting when ambient temperature is less than 0;
*) sms - decode reports in readable format;
*) sniffer - do not skip L2 packets when "all" interface mode was used;
*) snmp - added "ifindex" on interface traps;
*) snmp - added CAPsMAN interface statistics;
*) snmp - added ability to set "src-address";
*) snmp - fixed "/system resource cpu print oid" menu;
*) snmp - fixed crash on interface table get;
*) snmp - fixed wireless interface walk table id ordering;
*) socks - fixed crash while processing many simultaneous sessions;
*) ssl - added Wildcard support for "left-most" DNS label (will allow to use signed Wildcard certificate on VPN servers);
*) supout - fixed IPv6 firewall section;
*) switch - fixed "loop-protect" on CRS SFP/SFP+ ports;
*) switch - fixed multicast forwarding on CRS326;
*) tile - fixed copying large amount of text over serial console;
*) tr069-client - fixed lost HTTP header on authorization;
*) trafficgen - added "lost-ratio" to statistics;
*) ups - show correct "line-voltage" value for usbhid UPS devices;
*) userman - added "/tool user-manager user clear-profiles" command;
*) userman - do not send disconnect request for user when "simultaneous session limit reached";
*) userman - lookup language files also in "/flash" directory;
*) vlan - do not delete existing VLAN interface on "failure: already have such vlan";
*) webfig - fixed wireless "scan-list" parameter not being saved after applying changes;
*) winbox - added "eap-identity" to CAPsMAN registration table;
*) winbox - added "no-dad" setting to IPv6 addresses;
*) winbox - added "reselect-channel" to CAPsMAN interfaces;
*) winbox - added "session-uptime" to LTE interface;
*) winbox - added TR069 support;
*) winbox - do not autoscale graphs outside known maximums;
*) winbox - fixed wireless interface "amsdu-threshold" max limit;
*) winbox - hide LCD menu on CRS112-8G-4S;
*) winbox - make IPSec policies table an order list;
*) winbox - moved LTE info fields to status tab;
*) winbox - show "/interface wireless cap print" warnings;
*) winbox - show "/system health" only on boards that have health monitoring;
*) winbox - show "D" flag under "/interface mesh port" menu;
*) wireless - NAK any methods except MS-CHAPv2 as inner method in PEAP;
*) wireless - added option to change "nv2-downlink-ratio" for nv2 protocol;
*) wireless - added option to set "fixed-downlink" mode for nv2 protocol;
*) wireless - allow VirutalAP on Level0 (24h demo) license;
*) wireless - always use "multicast-helper" when DHCP is being used;
*) wireless - do not skip >2462 channels if interface is WDS slave;
*) wireless - fixed 802.11u wireless request processing;
*) wireless - fixed EAP PEAP success processing;
*) wireless - fixed compatibility with "AR5212" wireless chips;
*) wireless - fixed rare crash on cap disable;
*) wireless - fixed registration table "signal-strength" reporting for chains when using nv2;
 
msatter
Forum Guru
Forum Guru
Posts: 1167
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.40 [current]

Wed Jul 26, 2017 1:40 pm

That is very long list and a lot was done in that time. Thanks.

There are two CLI only and will those be changeably in Winbox in foreseeable time?
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta / Winbox 3.19 / MikroTik APP 1.2.10
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
MartijnVdS
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Wed Aug 13, 2014 9:36 am

Re: v6.40 [current]

Wed Jul 26, 2017 2:39 pm

*) wireless - fixed 802.11u wireless request processing;
Is there any documentation about this feature? I can't find anything regarding 802.11u on the wiki.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8292
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.40 [current]

Wed Jul 26, 2017 3:17 pm

ros-flash-6.40.jpg
You do not have the required permissions to view the files attached to this post.
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
Winkee
just joined
Posts: 1
Joined: Wed Jan 09, 2013 10:47 am

Re: v6.40 [current]

Wed Jul 26, 2017 3:18 pm

*) defconf - improved IPv4 default firewall configuration;
Is it possible to post here new defconf? I want to check how is it different from 6.39. Thanks.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24062
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.40 [current]

Wed Jul 26, 2017 3:20 pm

ros-flash-6.40.jpg
Only applies to CHR and was just fixed in latest RC
No answer to your question? How to write posts
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8292
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.40 [current]

Wed Jul 26, 2017 3:50 pm

Is it possible to post here new defconf? I want to check how is it different from 6.39. Thanks.
can't "/sys default-configuration pr file=bla-bla" help?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
raymondr15
Member Candidate
Member Candidate
Posts: 118
Joined: Fri Sep 05, 2014 1:11 am
Location: East London, South Africa
Contact:

Re: v6.40 [current]

Wed Jul 26, 2017 4:41 pm

Hi,

I am sitting in my office at work and have just update my RB2011UiAS-RM remotely, after rebooting the router am not able to access my router from the WAN side, my internet service provider is a WISP so I logged into my CPE and tried to SSH my router, I am able to login to the router but as soon as I login, the router stops responding for a few minutes and then comes back, same thing keeps happening when trying to SSH to the router. Will have to check the router when I get home.

Folks, don't upgrade your router if it is on a remote location 8)
 
Njumaen
newbie
Posts: 36
Joined: Wed Feb 24, 2016 8:41 pm

Re: v6.40 [current]

Wed Jul 26, 2017 5:04 pm

[Ticket#2017071322001096] CRS326 - no DNLA accessible

Issue solved. Thanks!
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8292
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.40 [current]

Wed Jul 26, 2017 5:09 pm

raymondr15, so you upgraded the router to both 6.40 and 6.41? How?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 545
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v6.40 [current]

Wed Jul 26, 2017 5:17 pm

Probably there is a problem on dynamic address-list:

1) ok for dynamic address-list feeded by firewall rule (add src to address-list)
2) items istantly disappear if dynamic address-list are loaded from cli/script/winbox (I'm testing with 8days timeout)

(testing on a hEX with 6.40)
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 545
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v6.40 [current]

Wed Jul 26, 2017 5:57 pm

Reverting to bugfix, dynamic address-lists work as expected.
Anyone can confirm on different board ?
 
freemannnn
Long time Member
Long time Member
Posts: 655
Joined: Sun Oct 13, 2013 7:29 pm

Re: v6.40 [current]

Wed Jul 26, 2017 6:02 pm

what is the difference of these 2?

*) capsman - added "current-registered-clients" and "current-authorized-clients" count for CAP interfaces;

is it possible to move these specific columns in the beginning? (like excel) they are placed far right so you have to scroll all the time to see these information.
 
Sob
Forum Guru
Forum Guru
Posts: 4391
Joined: Mon Apr 20, 2009 9:11 pm

Re: v6.40 [current]

Wed Jul 26, 2017 6:25 pm

*) firewall - added "none-dynamic" and "none-static" options for "address-list-timeout" parameter;
Not WinBox-friendly, you can't enter "none-static" as timeout. And when set using CLI, it shows as "49710d 06:28:15" (can also be set like this, but obviously it's not very usable way to do it).
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
sx10
newbie
Posts: 28
Joined: Fri Jan 04, 2013 5:46 am
Location: Portland, OR USA

Re: v6.40 [current]

Wed Jul 26, 2017 7:19 pm

Is it possible to post here new defconf? I want to check how is it different from 6.39. Thanks.
can't "/sys default-configuration pr file=bla-bla" help?
No this doesn't show the actual configuration, just the script. I'm interested in seeing the new default firewall config, especially for ipv6, but I don't want to reset just to see it. Can someone post this?
 
irghost
Member Candidate
Member Candidate
Posts: 277
Joined: Sun Feb 21, 2016 1:49 pm

Re: v6.40 [current]

Wed Jul 26, 2017 7:47 pm

MRU problem
Image
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
Safic
just joined
Posts: 4
Joined: Sun Jun 19, 2016 10:26 am

Re: v6.40 [current]

Wed Jul 26, 2017 7:50 pm

Hi all!
Upgrade my CCR1009-7G-1C-1S+PC, wAP ac, RB433UAH. Works fine!
Thanks!
 
acidvenom
just joined
Posts: 8
Joined: Thu Aug 14, 2014 9:12 pm

Re: v6.40 [current]

Wed Jul 26, 2017 9:03 pm

cAP bricked 3 times in a row. Just DO NOT use "Download&Install".
Use file transfer option to upgrade.
 
User avatar
GaToMaLaCo
just joined
Posts: 8
Joined: Fri Jan 10, 2014 2:13 am

Re: v6.40 [current]

Wed Jul 26, 2017 10:13 pm

I just updated a RB2011UiAS-2HnD using "Download&Install" and it's working fine as usual.
 
madgrok
just joined
Posts: 2
Joined: Wed Jul 19, 2017 1:08 pm

Re: v6.40 [current]

Wed Jul 26, 2017 10:30 pm

No this doesn't show the actual configuration, just the script. I'm interested in seeing the new default firewall config, especially for ipv6, but I don't want to reset just to see it. Can someone post this?
/system default-configuration print file=def_conf_script.txt
https://pastebin.com/zEBX4Nnj
 
kresozg
just joined
Posts: 2
Joined: Wed Jul 26, 2017 10:43 pm

Re: v6.40 [current]

Wed Jul 26, 2017 10:49 pm

after upgrade to last stable 6.40 i got LCD display blinking on RB2011...
and it says starting services....

on other devices it seams to be fine only RB2011 are afected... because of that i have OSPF (routes coming up and down)...
after downgrade to 6.39.2 it is OK.... upgraded agin and it is not good...
 
User avatar
GaToMaLaCo
just joined
Posts: 8
Joined: Fri Jan 10, 2014 2:13 am

Re: v6.40 [current]

Wed Jul 26, 2017 10:53 pm

after upgrade to last stable 6.40 i got LCD display blinking on RB2011...
and it says starting services....

on other devices it seams to be fine only RB2011 are afected... because of that i have OSPF (routes coming up and down)...
after downgrade to 6.39.2 it is OK.... upgraded agin and it is not good...
Have you tried upgrading one of them but with a default config?
 
upower3
Member
Member
Posts: 377
Joined: Thu May 07, 2015 11:46 am

Re: v6.40 [current]

Wed Jul 26, 2017 10:56 pm

Huge list of changes, nice to see that. Will wait until most of it be backported to bugfix branch. So to say to be on the safe side :)

Anyway good job, and nice to see even ovpn got some updated. Like some anniversary release :)
 
kresozg
just joined
Posts: 2
Joined: Wed Jul 26, 2017 10:43 pm

Re: v6.40 [current]

Wed Jul 26, 2017 11:32 pm

the one closest to me is working as CAP... so nothing special there...
 
jo2jo
Forum Veteran
Forum Veteran
Posts: 958
Joined: Fri May 26, 2006 1:25 am

Re: v6.40 [current]

Thu Jul 27, 2017 1:13 am

I was SUPER happy and hopeful to see this:
*) defconf - improved IPv4 default firewall configuration;

but.... From the new Def_config.txt file:
/ip neighbor discovery set [find name="ether1"] discover=no
and
filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
MT you guys are still, by default blocking / disabling one of the best unique features of mikrotik + hurting the ability to deploy a large scale ENTIRELY MT infrastructure (ie MT hex POEs in closets providing mt detectable passive power over eth via a cat5 to users with MT devices) Such that the network admin / owner can simply ship a new RB (or the tenant can order one shipped directly to them) and simply plug in eth1 into the wall jack and the device gets power and data (and then the admin can do the config for the owner via L2 Mac-telnet) === this is all disabled by the default config! such that we must stock and pre-config MTs and ship to customers (or not even deploy all mt in this nice setup).

(i understand why you have these rules in def. config, but i disagree)
Maybe have a FW rule to limit only 1 or 2 L2 Mac-telnet New connections per 24h period (to combat Mac-telnet brute-forcing by default, but still allow an honest admin to get into a clients new devices to give them an inital config)

This way makes it super easy and convenient (and happy) for the end user (they just buy, and plug in- the admin does the rest for them, + they use POE so just 1 cable and 1 action and no config on their part).

i have a thread about exactly this request:
viewtopic.php?t=117450

thanks
:beep :beep :beep
 
ksteink
newbie
Posts: 36
Joined: Thu Mar 31, 2016 6:54 pm

Re: v6.40 [current]

Thu Jul 27, 2017 1:47 am

Upgraded an RB951Ui-2HnD and everything working fine such as:

- IPv6 (HE tunneling)
- OpenVPN (S2S and C2S)

Planning to upgrade an RB2011 later on this week.

Update: I did upgrade my RB2011-UiAS-2HnD with similar configuration as my RB951 and no issues at all.

Update #2: RB2011 led blinking issue as well like other persons are reporting
Last edited by ksteink on Fri Jul 28, 2017 5:43 am, edited 2 times in total.
 
irghost
Member Candidate
Member Candidate
Posts: 277
Joined: Sun Feb 21, 2016 1:49 pm

Re: v6.40 [current]

Thu Jul 27, 2017 8:17 am

RB2011UiAs 2hnd LCD blinking after boot
watch this video http://up.vbiran.ir/uploads/25117150113 ... _video.zip
but router works with no problem
Last edited by irghost on Thu Jul 27, 2017 8:36 am, edited 1 time in total.
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24062
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.40 [current]

Thu Jul 27, 2017 8:25 am

Huge list of changes, nice to see that. Will wait until most of it be backported to bugfix branch
That's not how the bugfix branch works. If this 6.40 would eventually be proven rock solid and stable, it would become the bugfix-only release itself. But that usually does not happen with the first release, usually it's 40.4 or something. We don't backport anything into the bugfix-only branch. This would make it potentially unstable.
No answer to your question? How to write posts
 
becs
MikroTik Support
MikroTik Support
Posts: 477
Joined: Thu Jul 07, 2011 8:26 am

Re: v6.40 [current]

Thu Jul 27, 2017 8:34 am

The RB2011 LCD blinking is fixed starting from RouterOS v6.41rc3.
What's new in 6.41rc3 (2017-Jul-26 09:32):
*) rb2011 - fixed possible LCD blinking along with Ethernet LED;
If you notice this problem in v6.40, disable/enable LCD to stop it:
/lcd set enabled=no
/lcd set enabled=yes
 
irghost
Member Candidate
Member Candidate
Posts: 277
Joined: Sun Feb 21, 2016 1:49 pm

Re: v6.40 [current]

Thu Jul 27, 2017 8:38 am

The RB2011 LCD blinking is fixed starting from RouterOS v6.41rc3.
What's new in 6.41rc3 (2017-Jul-26 09:32):
*) rb2011 - fixed possible LCD blinking along with Ethernet LED;
If you notice this problem in v6.40, disable/enable LCD to stop it:
/lcd set enabled=no
/lcd set enabled=yes
but problem comes up after reboot
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8292
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.40 [current]

Thu Jul 27, 2017 9:58 am

but problem comes up after reboot
do not reboot it :)
or use scheduler on startup to disable/enable the led
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1406
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40 [current]

Thu Jul 27, 2017 10:14 am

raymondr15 - Are you able to log into device long enough to generate supout file and download it? If you can, then please send it to support@mikrotik.com
Sob - We are not being able to reproduce such problem. If you select one of both options on drop down list, then you can see the same value on CLI. Please write to support@mikrotik.com and provide supout files from your router which has such problem
irghost - Please send supout file from this device to support@mikrotik.com
acidvenom - So you managed to upgrade with file transfer but did not manage to upgrade with "Download & Install"? Please describe more precisely what happened - Download and Install simply downloads packages and reboots device. Maybe you lost Internet access during an upgrade?
kresozg, irghost, bajodel - This issue will be fixed in 6.41rc releases
jo2jo - Default configuration must be acceptable for the biggest part of clients. If you are not satisfied with default configuration, then you can use different tools to replace it with another one
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5910
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.40 [current]

Thu Jul 27, 2017 10:31 am

MT you guys are still, by default blocking / disabling one of the best unique features of mikrotik + hurting the ability to deploy a large scale ENTIRELY MT infrastructure
Reinstall router with Netinstall and add your custom default configuration. Or use Flashfig for large scale deployments with custom configuration.
These features exist for years.

What you are suggesting is to compromise security.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5545
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.40 [current]

Thu Jul 27, 2017 10:44 am

I was SUPER happy and hopeful to see this:
*) defconf - improved IPv4 default firewall configuration;

but.... From the new Def_config.txt file:
/ip neighbor discovery set [find name="ether1"] discover=no
and
filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
MT you guys are still, by default blocking / disabling one of the best unique features of mikrotik + hurting the ability to deploy a large scale ENTIRELY MT infrastructure (ie MT hex POEs in closets providing mt detectable passive power over eth via a cat5 to users with MT devices) Such that the network admin / owner can simply ship a new RB (or the tenant can order one shipped directly to them) and simply plug in eth1 into the wall jack and the device gets power and data (and then the admin can do the config for the owner via L2 Mac-telnet) === this is all disabled by the default config! such that we must stock and pre-config MTs and ship to customers (or not even deploy all mt in this nice setup).

(i understand why you have these rules in def. config, but i disagree)
Well, I should say I am VERY HAPPY with this new configuration! Finally, the WAN side of the router by default is dropping all traffic. Countless times we have seen cases where people added a PPPoE WAN interface following some bad Youtube directions or without reading the manual, and by that unwanted addition of a new WAN interface put their router on internet for everyone to access. Abuse the DNS resolver for reflection attacks, open the admin interface to password guessing (with an empty default password!), etc.
Now, finally after many times asking for that, something has been done about it.
So please don't ask to open it up again for your personal project, it is not reasonable to request a device to be shipped with holes by default.
Maybe there could be some mechanism to load default config from a USB stick or using some app.
 
irghost
Member Candidate
Member Candidate
Posts: 277
Joined: Sun Feb 21, 2016 1:49 pm

Re: v6.40 [current]

Thu Jul 27, 2017 11:21 am

but problem comes up after reboot
do not reboot it :)
or use scheduler on startup to disable/enable the led
:D :D :D :D :D :D :D :D :D :D :D :D :D :D :D
the real solution
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
Pun1sh3r
just joined
Posts: 2
Joined: Thu Jul 27, 2017 11:19 am

Re: v6.40 [current]

Thu Jul 27, 2017 11:26 am

Hi
After installing 6.40 on RB960PGS, log looks like on screenshot
There is no cable, plugged in ether2, but error disappears only when someshing plugged in ether2. PoE works ok, linking on 1 Gbs.
PS Ports 3-5 are busy and ok, trouble is only with ether2.
Last edited by Pun1sh3r on Thu Jul 27, 2017 12:21 pm, edited 1 time in total.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1406
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40 [current]

Thu Jul 27, 2017 11:52 am

Pun1sh3r - That is due to "*) log - added "poe-out" topic;". Please send supout file to support@mikrotik.com. Generate file while nothing is connected to ether2 but you see such log messages.
 
Pun1sh3r
just joined
Posts: 2
Joined: Thu Jul 27, 2017 11:19 am

Re: v6.40 [current]

Thu Jul 27, 2017 12:46 pm

Pun1sh3r - That is due to "*) log - added "poe-out" topic;". Please send supout file to support@mikrotik.com. Generate file while nothing is connected to ether2 but you see such log messages.
Thx
I've downgraded to 6.38.7, trouble stays. I thing, that my 960PGS isn't working correctly, will test 6.40 on another one.
 
irghost
Member Candidate
Member Candidate
Posts: 277
Joined: Sun Feb 21, 2016 1:49 pm

Re: v6.40 [current]

Thu Jul 27, 2017 1:30 pm

MRU problem
Image
[amir@MikroTikFA-Amir] /interface> pppoe-client monitor "PPPoE - Livar"
          status: connected
          uptime: 2h51m15s
    active-links: 1
        encoding: 
    service-name: ShirazMobile.Com22
         ac-name: Livar-CCR
          ac-mac: 4C:5E:0C:63:AC:D1
             mtu: 1480
             mru: 65516
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
Sob
Forum Guru
Forum Guru
Posts: 4391
Joined: Mon Apr 20, 2009 9:11 pm

Re: v6.40 [current]

Thu Jul 27, 2017 2:41 pm

Sob - We are not being able to reproduce such problem. If you select one of both options on drop down list, then you can see the same value on CLI.
That's the thing, I don't have drop down list for address list timeout. But I examined it a little more and it's there, but only in filter. I previously tested with mangle and it still has old field for time (nat and raw too).
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 895
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: v6.40 [current]

Thu Jul 27, 2017 2:46 pm

Upgraded four CCR1036 from 6.37.3 / 3.33
Two of them did it just fine, two came up in an undefined condition.
/system packages showed routeros-tile as only package and it was disabled.
Check for updates stated 0.0 as installed version.
hit "enable", rebooted, router stuck in reboot loop right after "loading kernel".
Only netInstall helped - but the router didn't reboot after install. Power cycling did the trick.
The only major difference between the two results is that the bricked ones were peering a couple AS, the other two didn't have BGP enabled.

-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1406
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40 [current]

Thu Jul 27, 2017 3:07 pm

Sob - Thank you. We will fix this in upcoming releases. Indeed problem is in Mangle but not in the Filters.
 
Sob
Forum Guru
Forum Guru
Posts: 4391
Joined: Mon Apr 20, 2009 9:11 pm

Re: v6.40 [current]

Thu Jul 27, 2017 3:30 pm

Also in NAT and Raw, they too allow action=add-src-to-address-list (or dst) and still have only old field for timeout.

And while you're at it, timeout parameter in "/ip firewall address-list" could also use support for "none-dynamic" and "none-static". It would be better to have it official, since "none-dynamic" is already possible using the magic number:
[sob@TestCHR3] > ip firewall address-list add list=test-dynamic address=1.2.3.4 timeout=4294967295
[sob@TestCHR3] > ip firewall address-list print
Flags: X - disabled, D - dynamic
 #   LIST                   ADDRESS                                    CREATION-TIME        TIMEOUT
 0 D test-dynamic           1.2.3.4                                    jul/27/2017 14:24:02 0s
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
zervan
Member
Member
Posts: 324
Joined: Fri Aug 20, 2010 10:43 pm
Location: Slovakia
Contact:

Re: v6.40 [current]

Thu Jul 27, 2017 4:20 pm

*) userman - added "/tool user-manager user clear-profiles" command;
What does this mean? Where on wiki are these commands?
Dusan Zervan from Slovakia
MTCNA, MTCRE
 
User avatar
rtacheny
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Sat Sep 14, 2013 7:13 pm
Location: Braham, MN USA
Contact:

Re: v6.40 [current]

Thu Jul 27, 2017 5:48 pm

Not sure if version related, however we deployed x2 Metal 9s with 6.40 yesterday, both have rebooted multiple times randomly. They were to replace x2 411 XR9 sectors on a tower using AP sync to deal with interference between the two (old APs used 802.11 as NV2 would not work due to the interference).
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 979
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: v6.40 [current]

Thu Jul 27, 2017 8:14 pm

The v6.40 update sounds really good - especially the nv2 stuff.
I run many huge nv2 networks for hundreds of distant nv2 clients - and I am always looking for methods to improve the nv2 networks.

Would somebody please explain (or point me to information/documentation) on the new nv2 features in v6.40 ?
I want to fully understand the following features and what/how it functions and how it effects a nv2 network for download & upload customer bandwidths and total system throughput.

!) wireless - added Nv2 AP synchronization feature "nv2-modes" and "nv2-sync-secret" option;
*) wireless - added option to change "nv2-downlink-ratio" for nv2 protocol;
*) wireless - added option to set "fixed-downlink" mode for nv2 protocol;
*) wireless - fixed registration table "signal-strength" reporting for chains when using nv2;


So far - I am guessing at the following:

wireless - added Nv2 AP synchronization feature "nv2-modes" and "nv2-sync-secret" option - does this provide possible better system nv2 timing between the AP and the clients ?

*) wireless - added option to change "nv2-downlink-ratio" for nv2 protocol; - does allow changes in the nv2 AP/Clients to add a larger AP-to-Client send timing-window (assuming so, I guess that it may also shorten the Client-to-AP window). Which can favor more nv2 bandwidth up or down.

*) wireless - added option to set "fixed-downlink" mode for nv2 protocol; - no idea ???

Thank you for any information

North Idaho Tom Jones
Last edited by TomjNorthIdaho on Thu Jul 27, 2017 8:15 pm, edited 1 time in total.
 
User avatar
rahrouh
Trainer
Trainer
Posts: 29
Joined: Wed Apr 15, 2009 4:14 pm
Location: 550 Alden Road, Unit 210A
Contact:

Re: v6.40 [current]

Thu Jul 27, 2017 8:15 pm

*) ppp - added output values for "info" command for finding the GSM base station's location ("LAC" and "IMSI");
Is there any documents available for this?
hr@wirelessnetware.ca
647-204-0455
wirelessnetware.ca
MikroTik Certified Trainer
 
pe1chl
Forum Guru
Forum Guru
Posts: 5545
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.40 [current]

Thu Jul 27, 2017 9:18 pm

I run many huge nv2 networks for hundreds of distant nv2 clients - and I am always looking for methods to improve the nv2 networks.
You know what would be really helpful here? An implementation of airMAX in MikroTik, or NV2 in Ubiquiti equipment...
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2278
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.40 [current]

Thu Jul 27, 2017 9:32 pm

The v6.40 update sounds really good - especially the nv2 stuff.
Would somebody please explain (or point me to information/documentation) on the new nv2 features in v6.40 ?
https://wiki.mikrotik.com/index.php?tit ... ronization
LAN, FTTx, Wireless. ISP operator
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 979
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: v6.40 [current]

Fri Jul 28, 2017 4:37 am

Nv2-downlink-ratio

I have not tested this yet or seen it yet.

I read the default is 50

If I set it to 80 , does that mean the AP has an additional 30 percent longer time period to send to clients - and the receive timing window is now 30 present shorter ?

Here is where I am going with this (please let me know if I am correct):
On average, our customer upload speeds are only 20 percent of the purchased download speed.
Thus a customer 25 meg account is actually 25 meg max speed to the customer and 5 meg max speed from the customer.
Thus setting Nv2-downlink-ratio to something like 80 should actually give customers greater download bandwidth -and- I also achieve more efficient use of the TDMA time-slots.


EDIT:
Another question re the AP Nv2-downlink-ratio setting - with a setting of 80 (80 percent AP send & 20 percent AP receives), do the nv2 clients need to also be v6.40 also?
I have hundreds of clients I also need to think about when I upgrade the AP to v6.40

North Idaho Tom Jones

Who is online

Users browsing this forum: No registered users and 6 guests