Community discussions

MikroTik App
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

v6.40.4 [current]

Tue Oct 03, 2017 2:43 pm

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

What's new in 6.40.4 (2017-Oct-02 08:38):

*) address - show warning on IPv6 address when acquire from pool has failed;
*) arp - properly update dynamic ARP entries after interface related changes;
*) crs1xx/2xx - fixed 1 Gbps forced mode for several SFP modules;
*) crs317 - added L2MTU support;
*) crs3xx - improved packet processing in slowpath;
*) defconf - fixed RouterOS default configuration (introduced in v6.40.3);
*) dhcp - fixed downgrade from RouterOS v6.41 or higher;
*) dhcpv6 client - added IAID check in reply;
*) dhcpv6-client - fixed IA check on solicit when "rapid-commit" is enabled;
*) dhcpv6-client - ignore unknown IA;
*) dhcpv6-client - require pool name to be unique;
*) e-mail - auto complete file name on "file" parameter (introduced in v6.40);
*) export - fixed wireless "ssid" and "supplicant-identity" compact export;
*) hotspot - fixed missing "/ip hotspot server profile" if invalid "dns-name" was specified;
*) hotspot - improved user statistics collection process;
*) ike1 - remove PH1 and PH2 when "mode-config" exchange fails;
*) ipsec - kill PH1 on "mode-config" address failure;
*) ipv6 - fixed IPv6 address request from pool;
*) lte - fixed modem initialization after reboot;
*) ntp-client - properly start NTP client after reboot if manual server IP is not configured;
*) rb931-2nd - fixed startup problems (requires additional reboot after upgrade);
*) routerboard - fixed "/system routerboard upgrade" for CRS212-8G-4S;
*) sfp - fixed OPTON module DDM information readings;
*) sfp - fixed temperature readings for various SFP modules;
*) snmp - fixed "/caps-man registration-table" uptime values;
*) snmp - fixed "/system license" parameters for CHR;
*) tile - improved reliability on MPLS package processing;
*) userman - fixed unresponsive RADIUS server (introduced in v6.40.3);
*) vlan - do not allow VLAN MTU to be higher than L2MTU;
*) webfig - improved reliability of login process;
*) wireless - added "etsi1" regulatory domain information;
*) wireless - improved WPA2 key exchange reliability;
*) wireless - updated "norway" regulatory domain information;
 
ibm
Member
Member
Posts: 306
Joined: Mon May 12, 2014 5:16 pm

Re: v6.40.4 [current]

Tue Oct 03, 2017 3:16 pm

Has the "ospf - fixed OSPF v2 and v3 neighbor election" included in rc been added silently?
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40.4 [current]

Tue Oct 03, 2017 3:17 pm

All included fixes are mentioned in changelog. If fix is not mentioned, then it is not included.
 
ibm
Member
Member
Posts: 306
Joined: Mon May 12, 2014 5:16 pm

Re: v6.40.4 [current]

Tue Oct 03, 2017 3:57 pm

The support said me that was supposed to be added in this release. It's a huge problem that the OSFP has that bug.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2394
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.40.4 [current]

Tue Oct 03, 2017 4:13 pm

*) wireless - improved WPA2 key exchange reliability;

What specifically improved? Thanks
 
mistry7
Forum Guru
Forum Guru
Posts: 1480
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: v6.40.4 [current]

Tue Oct 03, 2017 4:55 pm

Please Tell us more about etsi1
 
User avatar
floeff
newbie
Posts: 42
Joined: Sat Jan 28, 2017 6:39 pm
Location: Germany
Contact:

Re: v6.40.4 [current]

Tue Oct 03, 2017 8:18 pm

Update worked like a charm on hEX, wap ac, CRS125, CCR1009, CRS226, RB951G and cap2n - thanks!
 
LynxChaus
newbie
Posts: 29
Joined: Tue Jul 08, 2014 2:24 pm

Re: v6.40.4 [current]

Tue Oct 03, 2017 11:55 pm

*) tile - improved reliability on MPLS package processing;
What this mean?
 
Saleh9416
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Wed Feb 03, 2016 6:21 am

Re: v6.40.4 [current]

Wed Oct 04, 2017 5:02 am

*) hotspot - improved user statistics collection process

Does that mean it will display the statistics in real time?
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: v6.40.4 [current]

Wed Oct 04, 2017 10:12 am

Please Tell us more about etsi1
Here is the info:
[admin@MikroTik] > interface wireless info country-info etsi1
ranges: 5270-5330/a,an20,an40,ac20,ac40,ac80,ac160(17dBm)/dfs
5490-5590/a,an20,an40,ac20,ac40,ac80,ac160(30dBm)/dfs,passive
5650-5730/a,an20,an40,ac20,ac40,ac80,ac160(30dBm)/dfs,passive
5735-5835/a,an20,an40,ac20,ac40,ac80,ac160(30dBm)/dfs,passive
2402-2482/b,g,gn20,gn40(20dBm)
2417-2457/g-turbo(20dBm)
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.40.4 [current]

Wed Oct 04, 2017 11:09 am

Has the "ospf - fixed OSPF v2 and v3 neighbor election" included in rc been added silently?
No, it is not in this version yet.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40.4 [current]

Wed Oct 04, 2017 11:40 am

Saleh9416 - No, this fix helps in rare cases when Hotspot service stops working properly due to incorrectly processed coherence between hosts and active users.
 
lotnybartek
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Wed Apr 16, 2014 3:22 pm

Re: v6.40.4 [current]

Wed Oct 04, 2017 11:54 am

Problem with SSTP. RB2011 here.

I have 22 clients connecting to various services from their homes using SSTP with cert. After upgrading to v6.40.4 I'm able to establish the connection, but for example - I can't RDP to Windows PCs. I can't ping any internal address from my IP pool.

After downgrade to 6.40.3 problem is resolved. Everything works as it should. I can see and connect to any PCs on my internal network.
 
Lakis
Forum Veteran
Forum Veteran
Posts: 703
Joined: Wed Sep 23, 2009 7:52 pm

Re: v6.40.4 [current]

Wed Oct 04, 2017 12:05 pm

Where is wireless security profile TAB in Winbox?
 
eddieb
Member
Member
Posts: 305
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: v6.40.4 [current]

Wed Oct 04, 2017 12:27 pm

CHR dude 6.40.3 -> 6.40.4

all SNMP interface traffic reads are gone, showing ?/?
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40.4 [current]

Wed Oct 04, 2017 1:25 pm

lotnybartek, eddieb - Send supout file from 6.40.4 which would be generated after problem has appeared to support@mikrotik.com and refer to this forum post;
Lakis - You did see this tab under "Wireless/Security Profiles" on 6.40.3 version and it disappeared on 6.40.4?
 
tolstii
Trainer
Trainer
Posts: 33
Joined: Mon Jun 11, 2007 10:16 am
Location: Russia
Contact:

Re: v6.40.4 [current]

Wed Oct 04, 2017 4:11 pm

what are you doing?

all modules works of PPP-emulation -> PPP-out interfaces stopped working!!!
in systems - ports - the usb interface disappeared !!!!
for example sierra wireless mc7304 and other vendors in ppp-emulalation

curent version - not trust !
Fix it !!
sorry for my English ;)
 
lotnybartek
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Wed Apr 16, 2014 3:22 pm

Re: v6.40.4 [current]

Wed Oct 04, 2017 8:59 pm

lotnybartek, eddieb - Send supout file from 6.40.4 which would be generated after problem has appeared to support@mikrotik.com and refer to this forum post;
Lakis - You did see this tab under "Wireless/Security Profiles" on 6.40.3 version and it disappeared on 6.40.4?
I updated to 6.40.4 one more time and now everything works fine. If smth wrong will happen - I'll send you the file.
 
R1CH
Forum Guru
Forum Guru
Posts: 1098
Joined: Sun Oct 01, 2006 11:44 pm

Re: v6.40.4 [current]

Wed Oct 04, 2017 9:02 pm

*) wireless - improved WPA2 key exchange reliability;

What specifically improved? Thanks
I'm also curious about the technical details of this change.
 
Lakis
Forum Veteran
Forum Veteran
Posts: 703
Joined: Wed Sep 23, 2009 7:52 pm

Re: v6.40.4 [current]

Thu Oct 05, 2017 11:09 am

lotnybartek, eddieb - Send supout file from 6.40.4 which would be generated after problem has appeared to support@mikrotik.com and refer to this forum post;
Lakis - You did see this tab under "Wireless/Security Profiles" on 6.40.3 version and it disappeared on 6.40.4?
I can see it in terminal
/interface wireless> print
..........security-profile=default
but not in winbox ->interface wlan1 it should be located under Wireless Protocol
not just on one device, problem appeared after 6.4x.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.40.4 [current]

Thu Oct 05, 2017 11:32 am

but not in winbox ->interface wlan1 it should be located under Wireless Protocol
not just on one device, problem appeared after 6.4x.
you mean, this one?
tik-wireless.jpg
hAP lite, works fine on 6.40.4
You do not have the required permissions to view the files attached to this post.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40.4 [current]

Thu Oct 05, 2017 12:19 pm

 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.40.4 [current]

Thu Oct 05, 2017 10:39 pm

What's new in 6.40.4 (2017-Oct-02 08:38):
:
*) wireless - improved WPA2 key exchange reliability;
;
I´m seeing more of "disconnected, max key exchange retries" messages than with 6.40.3
Currently I´m monitoring one specific client with an WPA2 enterprise SSID:
Image
No EAP identity is displayed at all, no traffic is going to him, no IP address is given to him by the DHCP server. The DHCP server log is empty. That client gets connected with mentioned "max key exchange timeout" message after (every) 30 to 40 seconds until it connects again. Strange. Let´s see what kind of tickets I will receive tomorrow...
 
Lakis
Forum Veteran
Forum Veteran
Posts: 703
Joined: Wed Sep 23, 2009 7:52 pm

Re: v6.40.4 [current]

Fri Oct 06, 2017 1:24 am

Yes I can see wiki "Security in Nv2 network", when nstreme or 802.11 is selected security profile appears as it should be.
But if Nv2 protocol ignores security-profile setting, how can I use RADIUS-MAC Authentication?
 
User avatar
mramos
Member Candidate
Member Candidate
Posts: 231
Joined: Sun Nov 23, 2008 1:05 am
Location: S. B do Campo - SP - Brazil

Re: v6.40.4 [current]

Fri Oct 06, 2017 5:48 am

Hi ...

Cosmetics ...

While cloning config from a 3011 to a 1100AX2, drag'n drop multiple .rsc files from 3011, the 1100 or reboot or close WinBox and don't complete the writing process.

Same files from a folder on a pc to 1100 works ok.

Regards;
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: v6.40.4 [current]

Fri Oct 06, 2017 9:27 am

What's new in 6.40.4 (2017-Oct-02 08:38):
:
*) wireless - improved WPA2 key exchange reliability;
;
I´m seeing more of "disconnected, max key exchange retries" messages than with 6.40.3
Currently I´m monitoring one specific client with an WPA2 enterprise SSID:
Image
No EAP identity is displayed at all, no traffic is going to him, no IP address is given to him by the DHCP server. The DHCP server log is empty. That client gets connected with mentioned "max key exchange timeout" message after (every) 30 to 40 seconds until it connects again. Strange. Let´s see what kind of tickets I will receive tomorrow...
Was there any other changes in the network besides you upgraded this router to v6.40.4?
 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.40.4 [current]

Fri Oct 06, 2017 1:51 pm

What's new in 6.40.4 (2017-Oct-02 08:38):
:
*) wireless - improved WPA2 key exchange reliability;
;
I´m seeing more of "disconnected, max key exchange retries" messages than with 6.40.3
Currently I´m monitoring one specific client with an WPA2 enterprise SSID:
Image
No EAP identity is displayed at all, no traffic is going to him, no IP address is given to him by the DHCP server. The DHCP server log is empty. That client gets connected with mentioned "max key exchange timeout" message after (every) 30 to 40 seconds until it connects again. Strange. Let´s see what kind of tickets I will receive tomorrow...
Was there any other changes in the network besides you upgraded this router to v6.40.4?
- Nothing has changed before the update to 6.40.4
- I watched that client yesterday: It disconnect after every 39,x seconds from the access point. Unfortunately today that client isn´t online.
- Today I cannot find any "disconnected, max key exchange retries" messages within the logging data at all.
 
benjamimgois
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Fri May 18, 2012 10:36 pm

Re: v6.40.4 [current]

Fri Oct 06, 2017 8:28 pm

No change at Dude ? I´m experiencing lots os data missing, graphics taking too long to load and freezing.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.40.4 [current]

Fri Oct 06, 2017 10:52 pm

Yes I can see wiki "Security in Nv2 network", when nstreme or 802.11 is selected security profile appears as it should be.
But if Nv2 protocol ignores security-profile setting, how can I use RADIUS-MAC Authentication?
Have you tried setting the AP's network type to "nv2 nstreme 802.11" to make sure the field appears?
 
Lakis
Forum Veteran
Forum Veteran
Posts: 703
Joined: Wed Sep 23, 2009 7:52 pm

Re: v6.40.4 [current]

Sat Oct 07, 2017 12:17 am

Yes I can see wiki "Security in Nv2 network", when nstreme or 802.11 is selected security profile appears as it should be.
But if Nv2 protocol ignores security-profile setting, how can I use RADIUS-MAC Authentication?
Have you tried setting the AP's network type to "nv2 nstreme 802.11" to make sure the field appears?
Yes field appears, when nv2 is selected again field disappear
Simple I set security profile via terminal
/interface wireless> set wlan1 security-profile=profile2
and it works.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.40.4 [current]

Sat Oct 07, 2017 4:30 am

Yes field appears, when nv2 is selected again field disappear
Simple I set security profile via terminal
/interface wireless> set wlan1 security-profile=profile2
and it works.
I think if you put it on nv2 nstreme 802.11 it will use nv2 because it is first on the list, then you can see the field in Winbox.

I imagine MikroTik assumes most people are not using MAC RADIUS auth and hides the security profile option if using only NV2.
 
subway
newbie
Posts: 34
Joined: Sat Oct 07, 2017 1:58 pm

Re: v6.40.4 [current]

Sat Oct 07, 2017 2:09 pm

After upgrading from a fairly old version (6.36.2) to 6.40.4, we are experiencing massive IPsec issues. After hours of error free operation, without any notice, some IPsec policies are suddenly not applied anymore. The interesting part is that the tunnels are up, and some policies are still working in this erroneous status, but some are do not. It happnes pretty regularly every 10-12 hours. In between, all is fine. Tried to flush all SAs, tried the "Kill connection" button on the remote peer tab, but none of them helped. The only way fixing this is to reboot the core router (CCR1072-1G-8S+). Happened 3 times within the last 2 days. Can someone suggest something? Before the software upgrade, IPsec was fine for months...

This happens between two mikrotik routers with the same (6.40.4) software version, as well as older versions on the remote ends.

On the IPsec - Policies tab the failing policies do not have an "Active" state, and the PH2 State is "no phase2". But for the same tunnel, some policies are still working and marked Active.

I enabled IPsec debugging and generated the support.rif file, plus printscreens of the log window with the IPsec debugging enabled.

Would be nice if someone can help us with this.
 
User avatar
bajodel
Long time Member
Long time Member
Posts: 551
Joined: Sun Nov 24, 2013 8:30 am
Location: Italy

Re: v6.40.4 [current]

Sat Oct 07, 2017 7:20 pm

After upgrading from a fairly old version (6.36.2) to 6.40.4, we are experiencing massive IPsec issues.[CUT]...
On the IPsec - Policies tab the failing policies do not have an "Active" state, and the PH2 State is "no phase2". But for the same tunnel, some policies are still working and marked Active.
I enabled IPsec debugging and generated the support.rif file, plus printscreens of the log window with the IPsec debugging enabled.
Send your support.rif and all informations (link to this post also) to support@mikrotik.com
 
subway
newbie
Posts: 34
Joined: Sat Oct 07, 2017 1:58 pm

Re: v6.40.4 [current]

Sat Oct 07, 2017 8:14 pm

Send your support.rif and all informations (link to this post also) to support@mikrotik.com
I did that already.

I also set up NTP for precise timing (previously there was no NTP configured), but that did not helped either.

The starnge thing is that it takes quite a few hours for this probem to present itself, and only some of the policies are start to fail, not all of them, and not the tunnel itself.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.40.4 [current]

Sun Oct 08, 2017 1:57 am

Time to time I do the silly things. This time I run automatic upgrade of rb750gr3 from 6.39.2 to 6.40.4. I should not do that. The router is in boot loop and does not go into netinstall pxe boot mode no matter how long I hold the reset button. It is just rebooting again and again.
 
joserudi
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Thu Nov 22, 2007 10:16 pm

Re: v6.40.4 [current]

Sun Oct 08, 2017 4:13 am

All its ok in tile.
Last edited by joserudi on Tue Oct 10, 2017 2:09 am, edited 1 time in total.
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v6.40.4 [current]

Mon Oct 09, 2017 5:25 am

I'm facing instability on the login process, of webfig. Usually I can login ok. Sometimes it says wrong password, even when I believe I have typed it correctly. At first I thought I was mistyping it, but it's too frequent to be the case. A second attempt will work.

Also, time and again I get problems with the webfig interface beeing unresponsive. Refreshing (F5) the page brings back the user/password fields.

ROS version is 6.40.4
Happens with Hex3 (750GR3), firmware 3.41, and Hap AC Lite (952Ui-5ac2nD), firmware 3.41.

I couldn't pinpoint the cause, looks random to me. Sometimes I get this straight from login, sometimes it doesn't happen, and everything in between.

Computer connect directly on Hex switch. Hap used as AP, connected directly on the Hex switch too. Using HTTP, firefox 52.4 and Opensuse 42.3
 
GARCIADOEGOGERMAN
newbie
Posts: 25
Joined: Fri Aug 18, 2017 2:05 pm

Re: v6.40.4 [current]

Mon Oct 09, 2017 3:40 pm

*) defconf - fixed RouterOS default configuration (introduced in v6.40.3);

Hello!!! Could you indicate the change that was made? Is it automatically applied or does it have to restart the mikrotik to factory values so that it takes the change ??? Regards!!!
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40.4 [current]

Mon Oct 09, 2017 5:51 pm

GARCIADOEGOGERMAN - fix will work only if you reset router configuration to default one. It does not in any way affect router configuration which is set on router.
 
lemos
just joined
Posts: 1
Joined: Mon Oct 09, 2017 7:39 pm

Re: v6.40.4 [current]

Mon Oct 09, 2017 7:45 pm

Hi, my name is Luiz, im having problems with OpenVPN, my netmask for the server is 30 but local address get /32 netmask and remote /30, i didnt change anything before update and was working correctly on 6.40.3, so.... i think this was introduced in this version again. Sorry for my bad english, im Brazilian, thanks for your attention.
 
yumor
just joined
Posts: 2
Joined: Tue Oct 10, 2017 1:08 pm

Re: v6.40.4 [current]

Tue Oct 10, 2017 1:17 pm

HI! What about old bug in string_compare function viewtopic.php?f=8&t=29660 ? Is it fixed in current release?
 
tangram
Member Candidate
Member Candidate
Posts: 132
Joined: Wed Nov 16, 2016 9:55 pm

Re: v6.40.4 [current]

Tue Oct 10, 2017 2:09 pm

After upgrade from 6.39.2 to 6.40.4 i get this in environment variables(in all of my routers):
/system script environment print
# NAME VALUE
0 lteDhcp 0

It doesn't seem to be harmful but could you shed some light over this ?
 
Fabrice
just joined
Posts: 1
Joined: Wed Oct 11, 2017 6:40 am

Re: v6.40.4 [current]

Wed Oct 11, 2017 6:58 am

Hello,
I have notice a trouble after upgrade to version 6.40.x (from 6.39.2).
I have a bonding interface with two eoip tunnel (eoip1 and eoip2). The eoip tunnels were created with différent mac address.
In version 6.40.x when I enable the bonding interface, eoip2 get the mac address of eoip1. (when I disable bonding interface, eoip2 get it's own mac address back).

So bonding1, eoip1 and eoip2 have the same mac address in version 6.40.x.

In the log I have "eoip2 transmit loop detected, downing interface for 60 seconds" and the bonding interface doesn't work anymore.

I have downgraded to version 6.39.2, and it's ok, the mac address of eoip2 stay the same.

Regards
 
User avatar
SirPrikol
newbie
Posts: 28
Joined: Wed Oct 11, 2017 12:36 pm

Re: v6.40.4 [current]

Wed Oct 11, 2017 12:48 pm

Hello.
In 6.40.4 just not work ipv6 normally.

All ping is fine, IPv6 sites work fine, but when i whant to test my connectivity on some sites (like ipv6-test.com) I have error.

Image
Image
Image

On 6.40.3 works fine.
 
User avatar
SirPrikol
newbie
Posts: 28
Joined: Wed Oct 11, 2017 12:36 pm

Re: v6.40.4 [current]

Wed Oct 11, 2017 2:32 pm

I think that the site does not work, because on other resources the check is normal. But there is another problem. I can not save static addresses in the dhcp server ipv6. They are reset after the link is broken. At the same time, they change on client devices. On previous versions, they were saved and worked normally. Now it is heard in an incomprehensible key.
Do not remember on what device to give the segment and distributes in order to the one who first connected.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.40.4 [current]

Wed Oct 11, 2017 2:41 pm

Time to time I do the silly things. This time I run automatic upgrade of rb750gr3 from 6.39.2 to 6.40.4. I should not do that. The router is in boot loop and does not go into netinstall pxe boot mode no matter how long I hold the reset button. It is just rebooting again and again.
I don't have time to bother with it further. Router was sent to RMA.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.40.4 [current]

Wed Oct 11, 2017 7:06 pm

Except the loss of the user name in one pptp server binding on tile (out of 10), everything went smooth on NetMetal, LHGs, hEX POE and Omnitik and others.
 
changeip
Forum Guru
Forum Guru
Posts: 3829
Joined: Fri May 28, 2004 5:22 pm

Re: v6.40.4 [current]

Thu Oct 12, 2017 3:00 am

Has the "ospf - fixed OSPF v2 and v3 neighbor election" included in rc been added silently?
No, it is not in this version yet.
Which version was this introduced? I have like 500 routers running ospf and don't want to run into it : )
 
revan
just joined
Posts: 7
Joined: Thu Oct 12, 2017 10:08 am

Re: v6.40.4 [current]

Thu Oct 12, 2017 10:13 am

Not found where to write about bugs, so I'll write here. The firmware 6.40.4 not running the script from the dhcp client.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.40.4 [current]

Thu Oct 12, 2017 12:08 pm

Not found where to write about bugs, so I'll write here. The firmware 6.40.4 not running the script from the dhcp client.
well, generally it works:
12:06:42 dhcp,info dhcp-client on vrrp-GW2 got IP address 10.52.56.98 
12:06:42 script,info Test DHCP Client Script 
12:06:51 dhcp,info dhcp-client on vrrp-GW2 lost IP address 10.52.56.98 - lease stopped locally 
12:06:51 script,info Test DHCP Client Script 

[admin@Chupaka-Home] > /ip dhcp-client export 
/ip dhcp-client
add interface=vrrp-GW2 script=":log info \"Test DHCP Client Script\""
So maybe some problem with your script
 
User avatar
MadEngineer
Member Candidate
Member Candidate
Posts: 141
Joined: Mon May 02, 2011 10:47 am
Location: New Zealand

Re: v6.40.4 [current]

Thu Oct 12, 2017 1:37 pm

Problem with SSTP. RB2011 here.

I have 22 clients connecting to various services from their homes using SSTP with cert. After upgrading to v6.40.4 I'm able to establish the connection, but for example - I can't RDP to Windows PCs. I can't ping any internal address from my IP pool.

After downgrade to 6.40.3 problem is resolved. Everything works as it should. I can see and connect to any PCs on my internal network.
are you using proxy-arp on your bridge?
 
revan
just joined
Posts: 7
Joined: Thu Oct 12, 2017 10:08 am

Re: v6.40.4 [current]

Thu Oct 12, 2017 8:56 pm

[admin@Chupaka-Home] > /ip dhcp-client export
/ip dhcp-client
add interface=vrrp-GW2 script=":log info \"Test DHCP Client Script\""
[/code]

So maybe some problem with your script
hmm. Yes, a single-line script works.
A script from several lines does not work. Do not tell me what's wrong?

/ip dhcp-client
add default-route-distance=15 dhcp-options=hostname,clientid disabled=no interface=WAN-ether10-netbynet script=":log info (\"dhcp script star\
ted.\")\
\n:if (\$bound = 1) do={ \
\n :log info (\"Update routing. Use gateway \" . \$gateway-address . \" for address \" . \$lease-address. \".\")\
\n :foreach i in [/ip route find where routing-mark=netbynet] do={/ip route remove \$i};\
\n\t:foreach i in [/ip route rule find where table=netbynet] do={/ip route rule remove \$i};\
\n\t/ip route add dst-address=0.0.0.0/0 gateway=\$gateway-address routing-mark=netbynet\
\n\t/ip route rule add src-address=\$lease-address dst-address=0.0.0.0/0 table=netbynet \
\n\t}\
\n:if (\$bound = 0) do={\
\n :log info (\"Address released. Clear routing.\")\
\n\t:foreach i in [/ip route find where routing-mark=netbynet] do={/ip route remove \$i};\
\n\t:foreach i in [/ip route rule find where table=netbynet] do={/ip route rule remove \$i};\
\n }\
\n:log info (\"dhcp script ended.\")" use-peer-dns=no
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.40.4 [current]

Fri Oct 13, 2017 8:15 am

there are many reasons I can see. for example, correct form of
:foreach i in [/blablabla]
is
:foreach i in=[/blablabla]
,
$gateway-address
should be
$"gateway-address"
, etc

so your script is just syntactically incorrect
 
revan
just joined
Posts: 7
Joined: Thu Oct 12, 2017 10:08 am

Re: v6.40.4 [current]

Fri Oct 13, 2017 9:45 am

there are many reasons I can see. for example, correct form of
:foreach i in [/blablabla]
is
:foreach i in=[/blablabla]
,
$gateway-address
should be
$"gateway-address"
, etc

so your script is just syntactically incorrect
Сertainly. Thank you!
 
User avatar
indjov
just joined
Posts: 20
Joined: Fri Jun 03, 2016 12:23 pm

Re: v6.40.4 [current]

Fri Oct 13, 2017 11:02 am

Hello,

Yesterday i decided to upgrade, but I noticed that the USB port remains inactive after reboot my 951G-2HnD, whether it's a bug or I'm doing something wrong.
I need to remove usb modem and put it back into the socket and detect it, but that was not a problem for the previous version.
I make my upgrade from /system/pageckage/check updates and downloaded and then rebooted.
 
vkraynov
just joined
Posts: 1
Joined: Sat Oct 14, 2017 9:27 am

Re: v6.40.4 [current]

Sat Oct 14, 2017 9:35 am

HI
telnet button in webfig not work.

tools - telnet
and
http://192.168.88.1/webfig/#IP:Neighbors.Neighbors.1
button "telnet" and "MAC Telnet"
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.40.4 [current]

Sat Oct 14, 2017 11:09 am

Can confirm that telnet does not work. Clicking telnet menu does not bring up anything.

Not working on the rc either. Tested 6.41rc38 and 6.41rc44
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2394
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.40.4 [current]

Sat Oct 14, 2017 3:15 pm

In 6.40.4 is not possible disable IP services. All services are enabled. Disable button don´t work (in winbox). In terminal works
https://imgur.com/a/ZtwaS
 
User avatar
skillful
Trainer
Trainer
Posts: 552
Joined: Wed Sep 06, 2006 1:42 pm
Location: Abuja, Nigeria
Contact:

Re: v6.40.4 [current]

Sat Oct 14, 2017 5:39 pm

It surely works in winbox.
You do not have the required permissions to view the files attached to this post.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2394
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.40.4 [current]

Sun Oct 15, 2017 8:41 pm

It surely works in winbox.
Maybe on your routerboard. On rb922 (and others) don´t work
 
User avatar
JohnTRIVOLTA
Member
Member
Posts: 343
Joined: Sun Dec 25, 2016 2:05 pm
Location: BG/Sofia

Re: v6.40.4 [current]

Sun Oct 15, 2017 9:06 pm

Problem with SSTP. RB2011 here.

I have 22 clients connecting to various services from their homes using SSTP with cert. After upgrading to v6.40.4 I'm able to establish the connection, but for example - I can't RDP to Windows PCs. I can't ping any internal address from my IP pool.

After downgrade to 6.40.3 problem is resolved. Everything works as it should. I can see and connect to any PCs on my internal network.
I have the same problem ! I have solved the problem - i don't downgrade, i rebuild and upload new certs on client boards , but this is if you have fewer customers :)
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40.4 [current]

Mon Oct 16, 2017 9:02 am

Version 6.40.4 release includes fixes in WPA2 protocol:
viewtopic.php?f=21&t=126695
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 248
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.40.4 [current]

Tue Oct 17, 2017 9:56 am

HI
telnet button in webfig not work.

tools - telnet
and
http://192.168.88.1/webfig/#IP:Neighbors.Neighbors.1
button "telnet" and "MAC Telnet"
Are you running MAC with HighSierra? If so you do no longer have telnet on the computer. Brew can reinstall it if you realy need it.
 
Nitroxide
just joined
Posts: 3
Joined: Tue Oct 17, 2017 11:47 am

Re: v6.40.4 [current]

Tue Oct 17, 2017 11:50 am

After deleting a panel all I get is a stack crash now and can't get back into the dude.

6.40.4 ACCESS VIOLATION at: 41515f

eip=41515f eflags=210202
edi=13a6f6c esi=1 ebp=99b044 esp=99b02c
eax=1 ebx=4288f20 ecx=0 edx=48d1980

log:
6d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab, 44de2c, 44e4ab, 44e52c, 46d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab]

unreliable backtrace:

modules:

stack: 0 4292567044

6.40.4 ACCESS VIOLATION at: 41515f

eip=41515f eflags=210202
edi=13f6f6c esi=1 ebp=99a9d4 esp=99a9bc
eax=1 ebx=4737c70 ecx=0 edx=47038b0

log:
6d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab, 44de2c, 44e4ab, 44e52c, 46d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab]

unreliable backtrace:

modules:

stack: 0 4292568692

6.40.4 ACCESS VIOLATION at: 41515f

eip=41515f eflags=210202
edi=13f6f6c esi=1 ebp=99a964 esp=99a94c
eax=1 ebx=48351e8 ecx=0 edx=475c978

log:
6d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab, 44de2c, 44e4ab, 44e52c, 46d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab]

unreliable backtrace:

modules:

stack: 0 4292568804

6.40.4 ACCESS VIOLATION at: 41515f

eip=41515f eflags=210202
edi=12b6f6c esi=1 ebp=99a964 esp=99a94c
eax=1 ebx=4844a98 ecx=0 edx=472cc68

log:
6d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab, 44de2c, 44e4ab, 44e52c, 46d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab]

unreliable backtrace:

modules:

stack: 0 4292568804

6.40.4 ACCESS VIOLATION at: 41515f

eip=41515f eflags=210202
edi=1426f6c esi=1 ebp=99a9d4 esp=99a9bc
eax=1 ebx=461cc68 ecx=0 edx=4713620

log:
6d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab, 44de2c, 44e4ab, 44e52c, 46d7b2, 62f070, 468908, 46b84b, 46bcc7, 46bd67, 44e4f7, 44de2c, 44e4ab, 44de2c, 44e4ab]

unreliable backtrace:

modules:

stack: 0 4292568692
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: v6.40.4 [current]

Tue Oct 17, 2017 8:06 pm

Why can't I see the PPPoE gateway as nexthop in IP - Routes - Nexthops anymore? Since 6.40.4. Upgraded from 6.39.2.
6.40 Current Channel:
*) ppp - use interface name instead of IP as default route gateway;

Because of this?
If yes, then why did you do this? Ideologically.
Last edited by Anumrak on Wed Oct 18, 2017 6:41 pm, edited 2 times in total.
 
myke1124
just joined
Posts: 24
Joined: Fri Mar 28, 2014 2:15 am

Re: v6.40.4 [current]

Wed Oct 18, 2017 12:59 am

Windows dude client 6.40.4 is being detected as a Trojan by windows defender.
Is this an undocumented feature or a bug?
I found a post talking about it.
viewtopic.php?t=126357
 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.40.4 [current]

Thu Oct 19, 2017 12:48 am

I just noticed that I have multiple WAP AC with 6.40.4 with CPU running constantly at 100%. Has someone already opened a ticket for this one?
 
kamillo
Member Candidate
Member Candidate
Posts: 162
Joined: Tue Jul 15, 2014 5:44 pm

Re: v6.40.4 [current]

Thu Oct 19, 2017 11:03 am

CPU load on my WAP AC is nearly 0%, also 6.40.4 version (managed by CAPSMAN)
 
donline
just joined
Posts: 5
Joined: Mon Aug 14, 2017 10:31 am

Re: v6.40.4 [current]

Thu Oct 19, 2017 11:35 am

The DHCP over wds/wifi bridge issue reported on 6.40.1 by many people still exists in 6.40.4.

viewtopic.php?f=21&t=124247#p611930
viewtopic.php?f=21&t=124247#p612163
viewtopic.php?f=21&t=124247&start=50#p613101
 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.40.4 [current]

Thu Oct 19, 2017 11:51 am

CPU load on my WAP AC is nearly 0%, also 6.40.4 version (managed by CAPSMAN)
Well only some are affected. They are running for 13 days.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: v6.40.4 [current]

Thu Oct 19, 2017 2:23 pm

Why there are so many bugs in current version? Is it always like that?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.40.4 [current]

Thu Oct 19, 2017 2:50 pm

I updated a router from 6.38.5 to 6.40.4 and after some time there is an issue with from_pool IPv6 addresses.
This router has a pool that is obtained from upstream using DHCPv6 PD (lease time is 2 hours).
There are two interfaces that obtain their address from this pool.
The addresses were both defined as address=::1/64 from-pool=poolname but after some time the
address on one of the interfaces changed to prefix::/64 (i.e. there is no :1 at the end of the address!)

I tried to reset it from the configuration and I looked in the /export but the ::1/64 appears nowhere. It looks
like it isn't stored and when the address is obtained again it gets the ::0 value.
This makes IPv6 IPsec fail because one of the endpoint addresses has vanished.
 
User avatar
Hotz1
Member
Member
Posts: 393
Joined: Tue Oct 09, 2007 6:55 am

Re: v6.40.4 [current]

Thu Oct 19, 2017 6:41 pm

Did the handling of default routes in OSPF change from 6.40.3 to 6.40.4?!

We upgraded everything from 6.40.3 last night. All routes are distributed as Type 1, and with the devices in question, all links have the same default cost (10). But for some reason, after upgrading to 6.40.4, some of our routers are choosing five-hop default routes, when they should be choosing the one-hop route they always used to use. When I look at the OSPF routes, the one-hop route and several indirect routes (to the same destination) all have the same cost. Shouldn't the longer routes reflect the accumulated cost of all the intervening hops? i.e., "Shortest Path First"?!

As a workaround, I had to manually increase the cost of several links, to "fool" the routers back into using the direct link they have been using all along. Not cool to get calls from subscribers with QoS problems because your network has started routing traffic stupidly.
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 248
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.40.4 [current]

Fri Oct 20, 2017 6:27 pm

Did the handling of default routes in OSPF change from 6.40.3 to 6.40.4?!

We upgraded everything from 6.40.3 last night. All routes are distributed as Type 1, and with the devices in question, all links have the same default cost (10). But for some reason, after upgrading to 6.40.4, some of our routers are choosing five-hop default routes, when they should be choosing the one-hop route they always used to use. When I look at the OSPF routes, the one-hop route and several indirect routes (to the same destination) all have the same cost. Shouldn't the longer routes reflect the accumulated cost of all the intervening hops? i.e., "Shortest Path First"?!

As a workaround, I had to manually increase the cost of several links, to "fool" the routers back into using the direct link they have been using all along. Not cool to get calls from subscribers with QoS problems because your network has started routing traffic stupidly.
For starters i'm against all imports type1 or what ever into ospf. But sometimes they are a must. Type-1's as far as I know should get default cost of process type-1 cost at ingress import router and then add all link costs on the way check the intermediate routers link costs and try figure out in witch state it does not add up. Then you have an eventual exact bug report or found your own error in the network.
 
pingueame
just joined
Posts: 1
Joined: Sat Oct 21, 2017 4:07 am

Re: v6.40.4 [current]

Sat Oct 21, 2017 4:29 am

hi, first post here

With v6.40.4, I 'm getting a "Request time out" error on Cloud, when I force update
[miusername@MikroTik] > /ip cloud force-update 
[miusername@MikroTik] > /ip cloud export 
# oct/20/2017 22:02:14 by RouterOS 6.40.4
# model = 951Ui-2HnD
/ip cloud
set ddns-enabled=yes
[miusername@MikroTik] > /ip cloud print  
    ddns-enabled: yes
     update-time: yes
  public-address: 1.2.3.4
        dns-name: ahostname.sn.mynetname.net
          status: Error: request timed out
         warning: DDNS server received request from IP 1.2.3.4 but your local IP was 192.168.0.3; DDNS service might not work.
I saw another guy with same problem on Facebook.

Funny thing is that seems to be working if I do test like pings or dns tests.
Anyone with problem or similar?
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: v6.40.4 [current]

Sat Oct 21, 2017 11:17 am

hi, first post here

With v6.40.4, I 'm getting a "Request time out" error on Cloud, when I force update
[miusername@MikroTik] > /ip cloud force-update 
[miusername@MikroTik] > /ip cloud export 
# oct/20/2017 22:02:14 by RouterOS 6.40.4
# model = 951Ui-2HnD
/ip cloud
set ddns-enabled=yes
[miusername@MikroTik] > /ip cloud print  
    ddns-enabled: yes
     update-time: yes
  public-address: 1.2.3.4
        dns-name: ahostname.sn.mynetname.net
          status: Error: request timed out
         warning: DDNS server received request from IP 1.2.3.4 but your local IP was 192.168.0.3; DDNS service might not work.
I saw another guy with same problem on Facebook.

Funny thing is that seems to be working if I do test like pings or dns tests.
Anyone with problem or similar?
Try to update one more time. I got request timed out first time by forced update, but then it's updated successfully.
 
exdes
just joined
Posts: 1
Joined: Sun Oct 22, 2017 1:32 am

Re: v6.40.4 [current]

Sun Oct 22, 2017 1:34 am

On my CCR1009-7G-1C-1S+ after the updates the problems started with the module Mikrotik S+85DLC03D. After a reboot the module is defined, but the traffic does not go. Have to click on Disable/Enable the module, after which the traffic starts to go.
 
RBPete
just joined
Posts: 1
Joined: Tue Oct 24, 2017 8:55 am

Re: v6.40.4 [current]

Tue Oct 24, 2017 9:06 am

Hello,

Yesterday i decided to upgrade, but I noticed that the USB port remains inactive after reboot my 951G-2HnD, whether it's a bug or I'm doing something wrong.
I need to remove usb modem and put it back into the socket and detect it, but that was not a problem for the previous version.
I make my upgrade from /system/pageckage/check updates and downloaded and then rebooted.
I'm also experiencing this problem on a RB912UAG-2HPnD with a Sierra MC7304.

> port print detail
Flags: I - inactive
0 I name="usb1" used-by="" device="" channels=6 baud-rate=9600 data-bits=8 parity=none stop-bits=1
flow-control=none

The below fixes the problem until the next reboot, so I'm running that as a startup script for now as a work around.

/system routerboard usb set type=USB-type-A
/system routerboard usb set type=mini-PCIe
 
ksteink
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Thu Mar 31, 2016 6:54 pm

Re: v6.40.4 [current]

Tue Oct 24, 2017 4:42 pm

I want to share a very special case that happened to me after I did the upgrade to 6.40.4. I cannot tell if the issues / bug(s) came just with this new version but I want to point out the different aspects that impacted me. My issue happened with the RB2011UiAS-2HnD-IN model.

In my scenario I have external WAPs and I have disabled my Radio as I use only my device for routing / Firewall. Let me point out some of the problems / bug that I run:

(1) When I entered the quick setup in Winbox it shows incorrectly the parameters:

- The router shows in Bridge mode, instead of Router mode.
- When I click on Router Mode, it inverts the LAN interfaces with the WAN interfaces.
- If I change the IP addresses, they do totally a different thing: The LAN IP address is moved to the Ether 1 (WAN interface). and the LAN interface becomes the SFP1 (that is not in use).
- Basically everything screws up.
- If I turn the wireless radio ON, and if I click on the Quick Setup again, the Router shows properly the configuration: Router instead of Bridge and the LAN and WAN interfaces.

Even with that, if I change something in the Quick Setup then my whole configuration gets screws up. Even downgrading the version or re-configuring the router I get the same weird behavior here.

My solution was just to load the default configuration but NOT mess at all with Quick Setup. I also with the 6.39.3 Quick Fix I get the same behavior here.

(2) The second problem are the Firewall rules that comes by default:

4 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN log=no log-prefix=""

I did disable this rule as I have an OVPN setup to access remotely my router and I couldn't connect to the router for management when I did have this rule but without noticing the Firewall on the RouterOS started to accept any connections on the WAN interface of the router (Open Internet!!!!!!!!), which for me is unacceptable. I did open my network to the internet without knowing.

Now I am working on special rule set to keep the WAN shut but allow the remote management through the VPN.

(3) My last problem is a very weird one, not sure why and I have no clue. Basically I have enabled IPv6 by using an 6to4 tunnel with Hurricane Electric (HE). When I did reconfigured my router from scratch I didn't enable IPv6 and I found this very weird problem: Basically on Android devices trying to either download or update an application from the Google Play Store, the download never starts (basically became trying and trying). If I switch to LTE it started to work without an issue.

Once I re-activated IPv6, the Android devices switches to the Play Store IPv6 connection and updates / downloads start working without an issue. I did remove and replace all my firewall rules on IPv4 to discard a Firewall rule problem but even with that (and even no rules) it never worked on IPv4, only IPv6. I did tried this on 6.39.3 and 6.40.4 versions.

For now I am good using IPv6 but I have no idea how to fix the problem. I am planning to configure another Mikrotik Router (different model) and swap the routers just to test that this is only my router model / code or something else.

I hope my comments helps and I hope other members can either benefit or trim in providing additional input here.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.40.4 [current]

Tue Oct 24, 2017 5:17 pm

Rule #1: use the quick setup only for initial setup of the router for a simple application.
After you have made additional detailed configuration, NEVER touch the quick setup again!
Don't get worried by the mode it shows, and never change anything (not even some simple thing like the identity)
and save it from the quick setup screen! It will destroy your config.
This is not new for this version.
IMHO quick setup should be disabled automatically after detailed config has been done or at least there should
be some option to disable it (not on quick setup screen of course) so disasters like you mention can be avoided.
 
ksteink
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Thu Mar 31, 2016 6:54 pm

Re: v6.40.4 [current]

Tue Oct 24, 2017 6:51 pm

Thanks for the advise on the Quick Setup. I learned it myself in the hard way by troubleshooting.

What is still a mystery for me is the issue with Google Play downloads over IPv4. Weird....
 
User avatar
ziegenberg
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Thu Mar 07, 2013 11:14 am
Location: Vienna
Contact:

Re: v6.40.4 [current]

Wed Oct 25, 2017 5:24 pm

Hi!

I want to share a very special case that happened to me after I did the upgrade to 6.40.4. I cannot tell if the issues / bug(s) came just with this new version but I want to point out the different aspects that impacted me. My issue happened with the RB2011UiAS-2HnD-IN model.
Number 1) has already been answered.

(2) The second problem are the Firewall rules that comes by default:

4 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN log=no log-prefix=""

I did disable this rule as I have an OVPN setup to access remotely my router and I couldn't connect to the router for management when I did have this rule but without noticing the Firewall on the RouterOS started to accept any connections on the WAN interface of the router (Open Internet!!!!!!!!), which for me is unacceptable. I did open my network to the internet without knowing.

Now I am working on special rule set to keep the WAN shut but allow the remote management through the VPN.
Using Quick Set erased your firewall config and replaced it with the default configuration. And as you disabled the firewall rule called "drop all not coming from LAN" what did you expect? You just did what it's says it will do. This rule shuts down the access from the outside world and you disabled it. Using an special rule before this one, allowing specific traffic is the way to go. So I do not see a bug or problem here.

For Number 3) I can't help you, because I do not use IPv6 (yet).

greetings, Daniel
 
ksteink
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Thu Mar 31, 2016 6:54 pm

Re: v6.40.4 [current]

Wed Oct 25, 2017 6:02 pm

Thanks for the "advise". This rule was never before on my base ruleset until I reset the whole configuration and I never had this issue to open these flows.

So pls don't tell me what to expect when a new rule shows up on my configuration after a reset.

I did try to share my experience for others to avoid the same issue.

I did modified the rule and now works as I needed to work (blocking everything except my connections over VPN).

Thanks for the advise.
 
fozjuliano
just joined
Posts: 3
Joined: Fri Oct 27, 2017 5:18 pm

Re: v6.40.4 [current]

Fri Oct 27, 2017 5:28 pm

I lost connection to mikrotik by API after updating at version 6.40.4.
Mikrotiks with previous versions (6.40.1) I have no problem. How can I solve it?
 
kamillo
Member Candidate
Member Candidate
Posts: 162
Joined: Tue Jul 15, 2014 5:44 pm

Re: v6.40.4 [current]

Fri Oct 27, 2017 6:06 pm

You can try to login to console and see what went wrong....
 
fozjuliano
just joined
Posts: 3
Joined: Fri Oct 27, 2017 5:18 pm

Re: v6.40.4 [current]

Fri Oct 27, 2017 6:37 pm

Connection attempt #1 to 10.11.12.100:8728... <<< [6] /login Connection attempt #2 to 10.11.12.100:8728... <<< [6] /login Connection attempt #3 to 10.11.12.100:8728... <<< [6] /login Connection attempt #4 to 10.11.12.100:8728... <<< [6] /login Connection attempt #5 to 10.11.12.100:8728... <<< [6] /login Error... Disconnected.
Attempted API connection to mikrotik. Not allowed /login
 
User avatar
indjov
just joined
Posts: 20
Joined: Fri Jun 03, 2016 12:23 pm

Re: v6.40.4 [current]

Sun Oct 29, 2017 10:48 am

NetWatch Interval bug?
Hello i notice that on my CRS109-8G-1S-2HnD (6.40.4 (stable)) have a problem with the interval time.
[admin@Fa1c0n] > /tool netwatch print
Flags: X - disabled 
 #   HOST                 TIMEOUT              INTERVAL             STATUS  SINCE               
 0   85.130.109.35        1s                   1m                   up      oct/29/2017 02:38:00
 1   93.123.65.33         10s                  1m                   up      oct/29/2017 11:42:22
 2   137.74.173.42        10s                  2m                   up      oct/29/2017 11:42:24
[admin@Fa1c0n] > 
11:42:22 system,info netwatch host modified by admin 
11:42:23 system,info netwatch host modified by admin 
11:42:39 script,info IRC UP SMS 
11:42:43 script,info OVH UP SMS 
How you can see it from the log that netwatch make check after 20 sec.
Any idea why and it`s that a bug
 
ArchiN
just joined
Posts: 1
Joined: Mon Oct 30, 2017 3:02 am

Re: v6.40.4 [current]

Mon Oct 30, 2017 3:06 am

what are you doing?

in systems - ports - the usb interface disappeared !!!!
for example sierra wireless mc7304 and other vendors in ppp-emulalation
Hello.

Did you fix this issue?
 
bratislav
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Mon May 05, 2014 10:36 am

Re: v6.40.4 [current]

Mon Oct 30, 2017 1:05 pm

It surely works in winbox.
Maybe on your routerboard. On rb922 (and others) don´t work
Interesting ... What versions of WinBox/Windows are you using?
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: v6.40.4 [current]

Wed Nov 01, 2017 9:27 pm

Unused routing marks remains in table in ip route rule. Let it be, that they will remove too, after removing the last route with this mark. I don't to reboot my router to clear this cache. Thank you.
 
intrepidsilence
just joined
Posts: 4
Joined: Thu Nov 02, 2017 8:56 pm

Re: v6.40.4 [current]

Thu Nov 02, 2017 9:18 pm

Hi everyone! I upgraded my hEX to 6.40.4 last night and found that about 75% of my saved static DHCP leases with comments (took hours) are gone! Also, my backup that I made just prior to the upgrade will not restore.

Also, a few weeks ago ether2 lost its assigned IP address on a reboot. I know for a fact all of the settings had been saved. Why would things be disappearing on me like this?

This is starting to get really frustrating...

Any ideas would be greatly appreciated. The hEX box is only a couple of months old.
 
wiltshra
newbie
Posts: 32
Joined: Mon Jul 23, 2012 5:51 am
Contact:

Re: v6.40.4 [current]

Fri Nov 03, 2017 7:16 am

RB912UAG-2HnD (with Sierra MC7304 cellular modem)

My cellular (PPP) interface works perfectly OK with ROSv6.37.1.

Upgraded to ROSv6.40.4 and the cellular (PPP) interface stops working, and I notice the usb1 port (/ports) is now showing up red and invalid status.

Roll back to ROSv6.37.1 – and the PPP cellular interface starts working again.

When I try to load my usual configuration script (with ROSv6.40.4) I see these errors (inserted)

######################################################
# 4G (PPP) Setup
/system routerboard usb
set type=mini-PCIe
/port firmware
set directory=firmware ignore-directip-modem=yes
:delay 15s
/interface ppp-client remove ppp-out1
no such item
:delay 1s
/interface ppp-client
add name=Cellular4G port=usb1 add-default-route=yes allow=pap,chap,mschap1,mschap2 \
apn=$APN4G data-channel=2 info-channel=2 dial-on-demand=no disabled=no
input does not match any value of port
/ip firewall nat
add chain=srcnat out-interface=Cellular4G action=masquerade


When I do a clean Netinstall (no configuration) with ROSv6.37.1:
• PPP interface has a disabled ppp-out1 (PPP Client)
• Port List, shows usb1 port to be available


When I do a clean Netinstall (no configuration) with ROSv6.40.4:
• PPP interface has nothing (blank)
• Port List, has nothing (blank)

Seems like MikroTik broke something here in relation to the RB912UAG-2HnD
 
rsobczak
just joined
Posts: 7
Joined: Mon Aug 28, 2017 9:00 pm

Re: v6.40.4 [current]

Fri Nov 03, 2017 9:22 pm

Hi team,
As I see - quality of new ROS is not so good... It looks that problem with OVPN is already solved in current version and client is able to connect to server, however it seems that now problem appeared with OSPF... When I had all routers with 6.38.7 - all was working correctly. When I upgraded one router to 6.40.4 then all worked correctly too, but when I upgraded second one then OVPN was working correctly while OSPF all time is throwing error:
Discarding Hello packet: mismatch in network mask
mine=255.255.255.255
remote=255.255.255.0
source=10.28.0.254
Of course rouers' configuration weren't changed. Could you check it and fix?

Regards,
Radek
 
darkprocess
Member Candidate
Member Candidate
Posts: 249
Joined: Fri Mar 20, 2015 1:16 pm

Re: v6.40.4 [current]

Fri Nov 03, 2017 11:12 pm

Check your open vpn server settings. In netmask put 32. I had the same issue and that fixed it with ospf
 
rsobczak
just joined
Posts: 7
Joined: Mon Aug 28, 2017 9:00 pm

Re: v6.40.4 [current]

Sat Nov 04, 2017 10:48 am

@darkprocess,
But till version 6.40.0 everythink was working correctly in OSPF. It doesn't work now. I din't check it in earlier versions because OpenVPN was affected (seems that aleady fixed), but all should works with current configuration. The strange thing is that all is working between ROS in version 6.38.7 and 6.40.4 while with the same configuration but two routers with ROS in version 6.40.4 it doesn't work :(
 
darkprocess
Member Candidate
Member Candidate
Posts: 249
Joined: Fri Mar 20, 2015 1:16 pm

Re: v6.40.4 [current]

Sat Nov 04, 2017 11:58 am

I had the same issue than you.
 
darkprocess
Member Candidate
Member Candidate
Posts: 249
Joined: Fri Mar 20, 2015 1:16 pm

Re: v6.40.4 [current]

Sat Nov 04, 2017 11:59 am

Now i have all my routers in 6.40.4 with ospf and ovpn working fine.
 
rsobczak
just joined
Posts: 7
Joined: Mon Aug 28, 2017 9:00 pm

Re: v6.40.4 [current]

Sat Nov 04, 2017 5:13 pm

But Mikrotik changed something in ROS, because till version I could setup OSPF with:
- network type: broadcast
- network x.x.x.x/24 backbone
But now I had to modify my configuration due to version over 6.40.0 as below:
- network type: point-to-point
- network x.x.x.x/32 backbone
And the question is - why it changed already? Wasn't previous way correct? In this way of working everyone have to test that in newer version of ROS all is working in the same way as for old version or something has been changed and reconfiguration whole environment is needed... Am I correct?...
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 248
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.40.4 [current]

Sun Nov 05, 2017 12:18 pm

But Mikrotik changed something in ROS, because till version I could setup OSPF with:
- network type: broadcast
- network x.x.x.x/24 backbone
But now I had to modify my configuration due to version over 6.40.0 as below:
- network type: point-to-point
- network x.x.x.x/32 backbone
And the question is - why it changed already? Wasn't previous way correct? In this way of working everyone have to test that in newer version of ROS all is working in the same way as for old version or something has been changed and reconfiguration whole environment is needed... Am I correct?...
How can we possibly answer that question if we don't have the information on your network setup?
Both statements is accurate in different situations. I have both in my network working as expected. If you need to hammer this out then setup a new threat in "Forwarding Protocol" section describing your problem with picture of net and we can discuss the specifics about that setup.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.40.4 [current]

Mon Nov 06, 2017 2:24 am

I think I found a TR069 bug.

If a DHCP hostname has a space (or possibly a special character) on the end (doesn't show up in winbox in the name, but shows up if I print the names via scripting), the MikroTik makes a malformed request to the TR069 ACS, if the Device.Host table is requested by the ACS, which contains those host names.

This crashes the ACS (GenieACS in this case).

If I delete the two DHCP leases on the MikroTik that are associated with devices with the space or special character at the end of the hostname, TR069 works perfectly.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26287
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.40.4 [current]

Mon Nov 06, 2017 9:43 am

I think I found a TR069 bug.

If a DHCP hostname has a space (or possibly a special character) on the end (doesn't show up in winbox in the name, but shows up if I print the names via scripting), the MikroTik makes a malformed request to the TR069 ACS, if the Device.Host table is requested by the ACS, which contains those host names.

This crashes the ACS (GenieACS in this case).

If I delete the two DHCP leases on the MikroTik that are associated with devices with the space or special character at the end of the hostname, TR069 works perfectly.
Can you make a support ticket?
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: v6.40.4 [current]

Mon Nov 06, 2017 11:30 am

Consult with your ACS provider if they are thinking of fixing the issue of special characters in hostnames, such as spaces. Also, it could be useful if you could sniff the exchange to see what exactly is sent to your ACS and send that to support.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.40.4 [current]

Mon Nov 06, 2017 11:39 pm

Can you make a support ticket?
Done.
Consult with your ACS provider if they are thinking of fixing the issue of special characters in hostnames, such as spaces. Also, it could be useful if you could sniff the exchange to see what exactly is sent to your ACS and send that to support.
I don't think it's an issue with the ACS. The XML is initially parsed by libxmljs (part of node.js) as soon as it arrives, and libxmljs fails to parse the reply from the MikroTik because it says it is invalid XML, causing GenieACS to crash since it relies on libxmljs. Perhaps it is an issue with some special character not being escaped or something. I would think it is more likely a bug in the XML that the MikroTik generates rather than the libxmljs module itself. I had encountered a bug like this before with special characters in the WPA2 key, where the MikroTik would generate a blank TR069 request to the ACS, causing a malfunction.

Spaces in the middle of hostnames appear to cause no issue, so I am not sure if the character at fault is a space or something else, it only happens with a few devices where such things appear at the end of the hostname. It might actually be a carriage return or a line feed or something, I might have to use a script to read the value of the character at fault.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.40.4 [current]

Tue Nov 07, 2017 11:00 am

Version 6.40.5 has been released:
viewtopic.php?f=21&t=127485

Who is online

Users browsing this forum: No registered users and 20 guests