Community discussions

 
nkourtzis
Member Candidate
Member Candidate
Posts: 202
Joined: Tue Dec 11, 2012 12:56 am
Location: Greece

Re: v6.43rc [release candidate] is released!

Tue Jul 24, 2018 3:45 pm

*) wireless - improved Nv2 reliability on ARM devices;

The first point-to-point tests with nv2 on arm are not satisfactory. We will perform more tests
Just a question without intention of doubting what you say: why use NV2 on PtP?
Passionate about networks
Enthusiastic about Mikrotik
MTCNA | MTCRE | MTCINE

No trees were killed to send this message,
but a large number of electrons were terribly inconvenienced.
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 249
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.43rc [release candidate] is released!

Tue Jul 24, 2018 4:07 pm

And even worse the chap packet that you send out doest not contain any password (you are sending empty radius request even before asking the user of a password. Clean upp your code and enable PAP/CHAP/MSCHAP as option NOW!

I'm trying this RC in a CRS328-4C-20S-4S+RM

After downgrading to Current 6.42.6 Radius pap (one time passwords) and rename admin works like a charm again.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8291
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.43rc [release candidate] is released!

Tue Jul 24, 2018 4:26 pm

Ok so now I test the RC45 Build. My setup scripts fail can't rename user admin anymore? WHY?
yeah, that's funny :)
[admin@internal] > user set admin name=adminn
failure: user name can't be changed
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1702
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6.43rc [release candidate] is released!

Tue Jul 24, 2018 5:13 pm

Changing name of logged in user is not good idea. What if you are logged as different user?
Real admins use real keyboards.
 
SergeyMorozov
just joined
Posts: 17
Joined: Sun Apr 22, 2018 9:27 pm

Re: v6.43rc [release candidate] is released!

Tue Jul 24, 2018 5:26 pm

Changing name of logged in user is not good idea. What if you are logged as different user?
[sergey@router.home] > /user set admin name adminn
failure: user name can't be changed
 
User avatar
osc86
newbie
Posts: 46
Joined: Wed Aug 09, 2017 1:15 pm

Re: v6.43rc [release candidate] is released!

Tue Jul 24, 2018 5:46 pm

even more important, the memory leak is still not fixed
 
hzdrus
newbie
Posts: 36
Joined: Mon May 14, 2012 3:58 pm

Re: v6.43rc [release candidate] is released!

Tue Jul 24, 2018 6:17 pm

Drop of RADIUS PAP support for ssh logins is a big problem for us too.

We're using a one-time password implementation which is impossible to integrate with MS-CHAPv2 - the security appliance only stores the hash of the PIN (fixed part of the password) and because of this cannot support MS-CHAPv2 since it would require to store PIN as clear-text. 6.43rc is forcing us to drop the OTP, actually decreasing security of the network.

Please allow us to make decisions on how to secure our network ourselves and make a setting allowing to select PAP for "login" service authentication. In any case RADIUS requests can always be sent via encrypted tunnels, while MS-CHAPv2 security strength has been watered down to level of a long obsolete single DES56 - one can find online services that will crack it in a day.
 
joserudi
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Thu Nov 22, 2007 10:16 pm

Re: v6.43rc [release candidate] is released!

Wed Jul 25, 2018 12:12 pm

*) wireless - improved Nv2 reliability on ARM devices;

The first point-to-point tests with nv2 on arm are not satisfactory. We will perform more tests
Just a question without intention of doubting what you say: why use NV2 on PtP?
I always use nv2 with mikrotik. There are some noise in my city.
 
ivanfm
newbie
Posts: 46
Joined: Sun May 20, 2012 5:07 pm

Re: v6.43rc [release candidate] is released!

Wed Jul 25, 2018 1:49 pm

Drop of RADIUS PAP support for ssh logins is a big problem for us too.

We're using a one-time password implementation which is impossible to integrate with MS-CHAPv2 - the security appliance only stores the hash of the PIN (fixed part of the password) and because of this cannot support MS-CHAPv2 since it would require to store PIN as clear-text. 6.43rc is forcing us to drop the OTP, actually decreasing security of the network.

Please allow us to make decisions on how to secure our network ourselves and make a setting allowing to select PAP for "login" service authentication. In any case RADIUS requests can always be sent via encrypted tunnels, while MS-CHAPv2 security strength has been watered down to level of a long obsolete single DES56 - one can find online services that will crack it in a day.
I agree.
If the internal system works with hash passwords ok, but If the router manager has a secure radius and want to use this kind of system should be permitted.
The SSH passwords are plain text in the encrypted tunnel and PAP still can be used.
 
alfregil
just joined
Posts: 11
Joined: Fri Aug 05, 2016 7:53 pm

Re: v6.43rc [release candidate] is released!

Fri Jul 27, 2018 6:34 pm

Hi, need some help to configure a paypal payment option with hotspot and usermanager. Just found this and update it to the RC version, but still need help on this.
 
User avatar
ziegenberg
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Thu Mar 07, 2013 11:14 am
Location: Vienna
Contact:

Re: v6.43rc [release candidate] is released!

Mon Jul 30, 2018 5:14 pm

Hi, need some help to configure a paypal payment option with hotspot and usermanager. Just found this and update it to the RC version, but still need help on this.
This is definitely the wrong thread for your request. There are separate threads and parts of the forum for those kind of questions. This thread is solely for issues with this particular release version and it's update.
 
TestCRS
just joined
Posts: 13
Joined: Mon Jan 22, 2018 4:49 pm

Re: v6.43rc [release candidate] is released!

Tue Jul 31, 2018 4:03 pm

>What's new in 6.43rc45 (2018-Jul-17 08:30):
>Changes in this release :
>sfp - fixed default advertised link speeds;

please say: what exactly was corrected
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1406
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.43rc [release candidate] is released!

Thu Aug 02, 2018 11:51 am

Version 6.43rc51 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------


Other changes in this release:

*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - improved bridge port state changing process;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) certificate - do not allow to perform "undo" on certificate changes;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) health - fixed voltage measurements for RB493G devices;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added additional D-Link PIDs;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ospf - improved link-local LSA flooding;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) tile - added DES and 3DES hardware acceleration support;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5545
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.43rc [release candidate] is released!

Thu Aug 02, 2018 12:21 pm

Version 6.43rc51 has been released.

*) ike1 - zero out reserved bytes in NAT-OA payload;
Thank you, I will test it soon and report.
 
Netstumble
just joined
Posts: 24
Joined: Tue Aug 05, 2014 9:11 am

Re: v6.43rc [release candidate] is released!

Thu Aug 02, 2018 12:33 pm

*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
Please clarify:
Ex:
I run 6.40.8
System routerboard print:
routerboard: yes
model: RouterBOARD 3011UiAS
serial-number: 689A05572F46
firmware-type: ipq8060
factory-firmware: 3.27
current-firmware: 3.41
upgrade-firmware: 3.41
Will the fix be included only in later production runs?
I was under the assumption that the factory-firmware identifies the firmware ver# the device initially shipped with,
and it can't be somehow upgraded.
Or we are talking about bakup routerboot code... (in which case I still think it is not user-upgradeable?).
Nothing relevant on the wiki.
Thanks.
 
paulct
Member Candidate
Member Candidate
Posts: 286
Joined: Fri Jul 12, 2013 5:38 pm

Re: v6.43rc [release candidate] is released!

Thu Aug 02, 2018 12:35 pm

*) bridge - added per-port based "tag-stacking" feature

Can this also be explained. Similar to selective q-in-q?
 
vspider
just joined
Posts: 2
Joined: Fri Aug 05, 2016 3:55 pm

Re: v6.43rc [release candidate] is released!

Thu Aug 02, 2018 3:02 pm

I have LtAP mini International Kit and have LTE some stability issues. Is it worth upgrading to 6.43rc51 version as it claims fix for my case
*) usb - fixed modem initialisation on LtAP mini;
Is it stable enough for LtAP device at least?
 
User avatar
grusu
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Tue Aug 13, 2013 7:35 am
Location: Bucharest, Romania

Re: v6.43rc [release candidate] is released!

Fri Aug 03, 2018 10:46 am

Hi,

Something is wrong with the Hash Algorithms in Peer Proposal setting in v6.43.51:
Peer Proposal mismatch.PNG
If I have to set the SHA1 algorithm, in WinBox I have to set md5.
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5545
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.43rc [release candidate] is released!

Fri Aug 03, 2018 5:42 pm

Version 6.43rc51 has been released.

*) ike1 - zero out reserved bytes in NAT-OA payload;
Thank you, I will test it soon and report.
Unfortunately it is the same - report sent to support.
Any others who try to do IPsec from a Draytek router behind NAT?
 
MonkeyDan
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Fri Dec 29, 2017 8:41 pm

Re: v6.43rc [release candidate] is released!

Fri Aug 03, 2018 10:33 pm

rc51 seems better on point-to-point Wireless Wires (fixed dropping issues in 6.42.6)
But we're still seeing a lot of disconnects with multipoint.
 
janos66
just joined
Posts: 2
Joined: Sat Aug 04, 2018 12:07 pm

Re: v6.43rc [release candidate] is released!

Sat Aug 04, 2018 1:17 pm

Will the fix be included only in later production runs?
I was under the assumption that the factory-firmware identifies the firmware ver# the device initially shipped with,
and it can't be somehow upgraded.
Or we are talking about bakup routerboot code... (in which case I still think it is not user-upgradeable?).
Nothing relevant on the wiki.
I think factory routerboard firmware = backup bootloader.
It's normally not allowed but seems possible to upgrade the factory version: https://wiki.mikrotik.com/wiki/Manual:R ... D_settings
The backup RouterBOOT version can not be older than v3.24 version. A special package is provided to upgrade the backup RouterBOOT (DANGEROUS). Newer devices will have this new backup loader already installed at the factory. Download the package for:
I usually assumed the factory/backup version to be completely irrelevant unless you force it by a RESET button sequence (or possibly some other means).
I still think this is the case here. The new feature will probably be available when using the normal boot loader (of a high enough version) but be absent when using the backup bootloader (either manually forced or may be automatically triggered if the "main" one is too corrupted to do anything).

I never tried but thought the secondary (factory) version can be upgraded too, either via Netinstall or even just by using the "force backup booter" and initiating an upgrade from ROS. But I never felt the need, so never tried... I just tried to latter (force backup and upgrade from ROS) but it's not that easy. I wonder if Netinstall could do it.

Edit:
Oh! And I think even though we now have a matching ROS and bootloader version (even for every incremental, let alone RC version), that firmware still has some internal version number (probably still somewhere around 3.4x for ROS 6.4x). So this change only complicates this question (it's probably possible to have basically the same factory backup and "main" booloader on a device even though the visible version number is seemingly much higher on the normally-upgradeable "main" firmware).

I think they just rebuild the source code of the bootloader for every ROS release, so it has a matching version number but this no longer indicates they made any change to the source. But this seems to be impractical because now we don't know when the code actually changes.
 
Netstumble
just joined
Posts: 24
Joined: Tue Aug 05, 2014 9:11 am

Re: v6.43rc [release candidate] is released!

Sat Aug 04, 2018 8:58 pm

Will the fix be included only in later production runs?
I was under the assumption that the factory-firmware identifies the firmware ver# the device initially shipped with,
and it can't be somehow upgraded.
Or we are talking about bakup routerboot code... (in which case I still think it is not user-upgradeable?).
Nothing relevant on the wiki.
I think factory routerboard firmware = backup bootloader.
It's normally not allowed but seems possible to upgrade the factory version: https://wiki.mikrotik.com/wiki/Manual:R ... D_settings
The backup RouterBOOT version can not be older than v3.24 version. A special package is provided to upgrade the backup RouterBOOT (DANGEROUS). Newer devices will have this new backup loader already installed at the factory. Download the package for:
I usually assumed the factory/backup version to be completely irrelevant unless you force it by a RESET button sequence (or possibly some other means).
I still think this is the case here. The new feature will probably be available when using the normal boot loader (of a high enough version) but be absent when using the backup bootloader (either manually forced or may be automatically triggered if the "main" one is too corrupted to do anything).

I never tried but thought the secondary (factory) version can be upgraded too, either via Netinstall or even just by using the "force backup booter" and initiating an upgrade from ROS. But I never felt the need, so never tried... I just tried to latter (force backup and upgrade from ROS) but it's not that easy. I wonder if Netinstall could do it.

Edit:
Oh! And I think even though we now have a matching ROS and bootloader version (even for every incremental, let alone RC version), that firmware still has some internal version number (probably still somewhere around 3.4x for ROS 6.4x). So this change only complicates this question (it's probably possible to have basically the same factory backup and "main" booloader on a device even though the visible version number is seemingly much higher on the normally-upgradeable "main" firmware).

I think they just rebuild the source code of the bootloader for every ROS release, so it has a matching version number but this no longer indicates they made any change to the source. But this seems to be impractical because now we don't know when the code actually changes.
All valid considerations.
I suppose they do refer to the secondary bootloader,
in witch case they should provide a "special" package for the users who would want to upgrade the backup loader.
Still, I would like a clarification from mikrotik.
 
janos66
just joined
Posts: 2
Joined: Sat Aug 04, 2018 12:07 pm

Re: v6.43rc [release candidate] is released!

Sat Aug 04, 2018 11:08 pm

in witch case they should provide a "special" package for the users who would want to upgrade the backup loader.
In my opinion the best solution would be to always auto-upgrade the main bootloader along every ROS upgrade (without the need to issue manual reboot twice) and allow the user to manually upgrade the backup bootloader once the new ROS successfully booted with an upgraded main bootloader (which is a fair enough confirmation that the device is stable enough with the new bootloader to use ROS for bootloader changes, thus it's probably possible to downgrade if some small error occurs later on).
 
laca77
just joined
Posts: 10
Joined: Wed Jun 03, 2015 11:35 am

Re: v6.43rc [release candidate] is released!

Sat Aug 04, 2018 11:40 pm

Hi

I ran into a strange problem.
I had to reinstall the system with Netinstall to the latest rc51 version.

My device is a CRS109-8G-1S-2HnD which is a DHCP client on the SFP copper port (ISP is UPC). I try to run a speedtest.net from my desktop PC .

After everything was ready, i tried to run a speedtest, The speed was 80Mbps with 90% of cpu load. The idle load was 17%.
Ok, i installed back to the 6.42.6. The speed was 400Mbps with 50% of cpu load. Idle load is 4%.
Nice. So i did some screenshot from the tools/profile.
The last step was back to 6.43rc51 to reproduce the problem. But now everything is looks nice, on this RC i can get the 400Mbps with the same load as it was on the 6.42.6...

I don't know what happened, i didn't changed the config.... but now looks like everything is ok...

Just write this post as a note, may be helps to somebody.
 
schadom
Member Candidate
Member Candidate
Posts: 139
Joined: Sun Jun 25, 2017 2:47 am
Location: Austria

Re: v6.43rc [release candidate] is released!

Sun Aug 05, 2018 4:44 pm

*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
"sfp-connector-type" is still falsely displayed as "LC" for S-RJ01 modules in Winbox and CLI
 
jondavy
Member Candidate
Member Candidate
Posts: 124
Joined: Tue May 12, 2009 11:14 pm
Location: Brasil

Re: v6.43rc [release candidate] is released!

Mon Aug 06, 2018 12:08 am

in queues tree in parent does not appear to select queue of hotspot users like <hotspot-john>
 
chubbs596
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Fri Dec 06, 2013 6:07 pm

Re: v6.43rc [release candidate] is released!

Mon Aug 06, 2018 10:23 am

*) bridge - added per-port based "tag-stacking" feature

Can this also be explained. Similar to selective q-in-q?
Would also like this explained
 
petern
just joined
Posts: 22
Joined: Wed Dec 13, 2017 5:58 pm

Re: v6.43rc [release candidate] is released!

Mon Aug 06, 2018 11:56 am

Hi, I'm also using PAP with radius for authentication to support 2FA logins. Using only chap is not helpful. Is feedback here taken on board or is there a more official way to get this heard?
 
User avatar
artz
MikroTik Support
MikroTik Support
Posts: 88
Joined: Tue Oct 17, 2017 5:51 pm
Location: Riga
Contact:

Re: v6.43rc [release candidate] is released!

Mon Aug 06, 2018 2:05 pm

*) bridge - added per-port based "tag-stacking" feature

Can this also be explained. Similar to selective q-in-q?
Wiki has been updated with an example:
https://wiki.mikrotik.com/wiki/Manual:I ... g_stacking

Selective QinQ is not possible yet, only port based QinQ or CVID stacking is possible now.
 
nicoguido
just joined
Posts: 5
Joined: Tue Jul 24, 2018 11:27 pm

Re: v6.43rc [release candidate] is released!

Mon Aug 06, 2018 4:46 pm

Hi,

Here is a problem with CRS317 and rc51.

My configuration :
some clients <---> CRS326 <===== Trunk1(only tagged VLANs) =====> CRS317 <===== Trunk2 (only tagged VLANS) ====> CRS328 <---> some clients

Installation with version 6.42.6 for the three devices : no problem.

Upgrade on version 6.43rc51 for the three devices :
everything is working like version 6.42.6, except the fact that CRS317 is unreachable for remote management via CRS326/CRS328 :
- no access to the web pages
- no access with winbox + it doesn't appear in 'neighbors'
CSR317 is still manageable through a direct connection to one of its ports.

1st Test : I decide to change CRS317 with and old TP-link switch with the same VLAN/Trunk configuration. The TP-Link switch is available for remote management via CRS326/CRS328.
2nd Test : I rebuild CRS317 with a netsintall of version 6.43rc51 and a fresh configuration. Same behaviour, the CRS317 is unreachable for remote management via CRS326/CRS328.

Are you aware of this king of problem with the RC version ?
If I find the time, I'll do a last test by reinstalling version 6.42.6 on the CRS317 only.
 
msatter
Forum Guru
Forum Guru
Posts: 1166
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.43rc [release candidate] is released!

Wed Aug 08, 2018 2:45 pm

Found the problem and it was that I changed to an other DNS server that did not Round Robin by default.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta / Winbox 3.19 / MikroTik APP 1.2.10
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
User avatar
emils
MikroTik Support
MikroTik Support
Posts: 460
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.43rc [release candidate] is released!

Tue Aug 14, 2018 1:33 pm

Version 6.43rc56 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------


Other changes in this release:

!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
*) bridge - added support for BPDU Guard (CLI only);
*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only);
*) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only);
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - added "dont-require-permissions" parameter for scripts;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ippool - improved used address error message;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ppp - fixed interface enabling after a while if none of them where active;
*) ppp - improved modem mode switching;
*) snmp - added "temp-exception" trap;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute (CLI only);
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) ups - improved UPS serial parsing stability;
*) w60g - general stability and performance improvements;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "default-route-distance" parameter for "IPv6/DHCP-client" menu;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2 (CLI only);
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - updated "united-states" regulatory domain information;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.
 
raffav
Member Candidate
Member Candidate
Posts: 278
Joined: Wed Oct 24, 2012 4:40 am

Re: v6.43rc [release candidate] is released!

Tue Aug 14, 2018 1:46 pm

Nice..
Good work
I get very happy when there are a lot of changes logs, even if I don't use 80% of this improvement , I get happy for whose does.
Can't wait to this became stable release.

Sent from my XT1580 using Tapatalk

 
User avatar
indjov
just joined
Posts: 20
Joined: Fri Jun 03, 2016 12:23 pm

Re: v6.43rc [release candidate] is released!

Tue Aug 14, 2018 1:52 pm

sorry now works.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1810
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: v6.43rc [release candidate] is released!

Tue Aug 14, 2018 3:38 pm

*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only);
*) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only);
Could we please get some examples of how to use these features on the Wiki ?

I cannot see any of the options I would expect, e.g. being able to set the contents of the Option-82 injection string with variables for the first feature, or being able to specify the valid DHCP server for the second.
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1717
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.43rc [release candidate] is released!

Tue Aug 14, 2018 4:09 pm

*) wireless - added option to disable PMKID for WPA2 (CLI only);
All my everyday devices still connects just fine.
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
User avatar
artz
MikroTik Support
MikroTik Support
Posts: 88
Joined: Tue Oct 17, 2017 5:51 pm
Location: Riga
Contact:

Re: v6.43rc [release candidate] is released!

Tue Aug 14, 2018 5:59 pm

*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only);
*) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only);
Could we please get some examples of how to use these features on the Wiki ?

I cannot see any of the options I would expect, e.g. being able to set the contents of the Option-82 injection string with variables for the first feature, or being able to specify the valid DHCP server for the second.
Did you specify which ports are trusted ports under /interface bridge port?
 
MonkeyDan
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Fri Dec 29, 2017 8:41 pm

Re: v6.43rc [release candidate] is released!

Tue Aug 14, 2018 7:29 pm

Still seeing multipoint Wireless Wire disconnects with 6.43rc56. I don't think the RC branch has been stable on these since rc17 :(
6.42.3 continues to be my recommended version.
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 985
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: v6.43rc [release candidate] is released!

Tue Aug 14, 2018 10:57 pm

*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only);
*) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only);
Could we please get some examples of how to use these features on the Wiki ?

I cannot see any of the options I would expect, e.g. being able to set the contents of the Option-82 injection string with variables for the first feature, or being able to specify the valid DHCP server for the second.
I second that!
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
Florian
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Sun Mar 13, 2016 9:45 am
Location: France

Re: v6.43rc [release candidate] is released!

Wed Aug 15, 2018 11:08 am

Hello,

Funny thing after Version 6.43rc56 , my DHCPv6 client is showing in red in winbox, even though everything is working, and my ipv6 connectivity is ok. Still after after re-creating it from scratch... Not a big deal, but...
ipv6.JPG
You do not have the required permissions to view the files attached to this post.
- Sorry for my english -
 
pe1chl
Forum Guru
Forum Guru
Posts: 5545
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.43rc [release candidate] is released!

Wed Aug 15, 2018 11:57 am

*) ike1 - zero out reserved bytes in NAT-OA payload;
I tested it again with Draytek router behind NAT and now it works OK!
Thanks!
 
IntrusDave
Forum Guru
Forum Guru
Posts: 1282
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: v6.43rc [release candidate] is released!

Thu Aug 16, 2018 12:31 am

*) console - added "dont-require-permissions" parameter for scripts;
How does this one work? Any specific commands that it works with?
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
ath
just joined
Posts: 7
Joined: Thu May 12, 2016 4:17 am
Location: Melbourne, VIC

Re: v6.43rc [release candidate] is released!

Thu Aug 16, 2018 4:16 am

I notice that in 6.43rc34 the /interface bridge vlan untagged= configuration no longer strips all the C-tags from a packet with multiple C-tags. Instead it only strips the top C-tag.
Will this be the case in the production version?
If so, would it be possible to reinstate the former behaviour as an option?
 
diablothebest
newbie
Posts: 27
Joined: Fri May 20, 2016 11:07 pm

Re: v6.43rc [release candidate] is released!

Thu Aug 16, 2018 7:02 am

*) bridge - added support for BPDU Guard (CLI only);
Where I can change this settings via CLI?
 
User avatar
artz
MikroTik Support
MikroTik Support
Posts: 88
Joined: Tue Oct 17, 2017 5:51 pm
Location: Riga
Contact:

Re: v6.43rc [release candidate] is released!

Thu Aug 16, 2018 10:39 am

IntrusDave - you can find more information about this option here:
https://wiki.mikrotik.com/wiki/Manual:S ... repository
https://wiki.mikrotik.com/wiki/Manual:T ... Properties

diablothebest - this can be done under /interface bridge port
https://wiki.mikrotik.com/wiki/Manual:I ... t_Settings

ath - can you please port an example and configuration when this was working?
 
User avatar
boldsuck
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Sun Sep 01, 2013 1:07 am
Location: Germany

Re: v6.43rc [release candidate] is released!

Fri Aug 17, 2018 11:00 pm

Funny thing after Version 6.43rc56 , my DHCPv6 client is showing in red in winbox, even though everything is working, and my ipv6 connectivity is ok. Still after after re-creating it from scratch... Not a big deal, but...

Same in Webfig and Terminal. DHCPv6 client Flag = I - invalid.
IPv6 connection works without problems. :wink:

[admin@migo] /ipv6 route> check
status: ok
interface: pppoe-out1
nexthop: ::

[admin@migo] /ipv6 route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
#      DST-ADDRESS               GATEWAY                  DISTANCE
0 ADS	 ::/0			pppoe-out1			1
1 DS	 ::/0			fe80::90:1a00:2a3:47c...	1
2 ADSU	 2001:4dd2:8986::/48					1
3 ADC	 2001:4dd2:8986::/64    bridge-local			0

[admin@migo] /ipv6 dhcp-client> print
Flags: D - dynamic, X - disabled, I - invalid
#    INTERFACE	STATUS          REQUEST         PREFIX            ADDRESS
0  I	pppoe-out1       bound              prefix             2001:4dd2:8986::/48, 22h28m17s
╰_╯ Ciao Marco!
 
adamgardner2
just joined
Posts: 9
Joined: Fri Aug 03, 2018 5:04 am

Re: v6.43rc [release candidate] is released!

Sat Aug 18, 2018 1:32 am

So, I spun up a brand new CHR in AWS and updated it to 6.43rc56, to play around with it. One of my main goals was to update the ruby 'mtik' gem to use the new login method, so that when the 6.43 is eventually released for real, I can continue to use it.

Oddly, though, the old login method still seemed to work on 6.43rc56. Is it intended that both methods are available at the moment? While that certainly provides a better transitional user experience, it does seem to imply that the unhashed password is still being stored (at least insofar as I understand the challenge-response login process).

Can anyone clarify this?
Last edited by adamgardner2 on Tue Aug 21, 2018 2:01 am, edited 1 time in total.
 
soomanyquestions
newbie
Posts: 34
Joined: Sat Aug 20, 2016 6:35 pm

Re: v6.43rc [release candidate] is released!

Sat Aug 18, 2018 9:19 pm

Just posting a datapoint that the disable-pmkid=yes option works flawlessly with android, iphone, ipad, 2x windows 10 laptop, a macbook pro and a LG smart tv.
 
mlenhart
Frequent Visitor
Frequent Visitor
Posts: 83
Joined: Mon Oct 30, 2017 11:30 pm

Re: v6.43rc [release candidate] is released!

Mon Aug 20, 2018 11:53 pm

Version 6.43rc56 has been released.

*) w60g - stop doing distance measurements after first successful measurement;
I have to report, that distance measurement does not work correctly. On AP side it reports 706.54m while on client side just 374.28m (374.28 is the correct distance)
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Tue Feb 20, 2018 12:31 am

Re: v6.43rc [release candidate] is released!

Wed Aug 22, 2018 5:02 pm

hi guys, it seems to me that it is still not possible to change the date format in dd / mm / yyyy. It would be very useful as I also work with userman reports.
Does anyone have a solution?
thank you
Valerio

Who is online

Users browsing this forum: No registered users and 7 guests