Page 1 of 1

v6.40.8 [bugfix] is released!

Posted: Tue Apr 24, 2018 12:30 pm
by strods
RouterOS version 6.40.8 has been released in public "bugfix" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What''s new in 6.40.8 (2018-Apr-23 11:34):

!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) ipv6 - fixed IPv6 behaviour when bridge port leaves bridge;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) ssh - fixed SSH service becoming unavailable;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) winbox - show "Switch" menu on cAP ac devices;
*) wireless - improved compatibility with BCM chipset devices;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this concrete RouterOS release.

Re: v6.40.8 [bugfix] is released!

Posted: Tue Apr 24, 2018 5:38 pm
by skullzaflare
Related/unrelated?
Downgraded a customers router from 6.42.1 to 6.40.8, the bridge interface got deleted, resulting in no ports/dhcp on a bridge.

Re: v6.40.8 [bugfix] is released!

Posted: Tue Apr 24, 2018 5:43 pm
by Pea
skullzaflare: see viewtopic.php?f=21&t=128915
Please, note that downgrading to previous RouterOS versions (below 6.41) will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

Re: v6.40.8 [bugfix] is released!

Posted: Wed Apr 25, 2018 10:59 am
by BartoszP
M33 (mmips) as CAPSMAN, mix of mipsbe devices as CAPS.
Upgrade of M33 from 6.40.7 to 6.40.8 with no problems but CAPS have not connected to CAPSMAN.
They have not been upgraded automatically to "current" version as CAPSMAN configuration is set to.
After manual upgrade and restart they have connected imediatelly. All CAPS have access to Internet.

EDIT:
maybe it's not verion related problem of CAPSMAN configuration with mixed archs.

Re: v6.40.8 [bugfix] is released!

Posted: Wed Apr 25, 2018 6:43 pm
by Beone
Please release v6.40.9 including following fixes:

*) tile - improved system performance and stability ("/system routerboard upgrade" required);
*) capsman - improved CAPsMAN responsiveness with large amount of CAP interfaces (confirmed fix for our issue);

There are still to many changes with the new bridge implementation that we want to hold of going to v6.41+

Re: v6.40.8 [bugfix] is released!

Posted: Wed Apr 25, 2018 7:40 pm
by strods
Unfortunately we can not backport any fixes to older versions. In order to get these updates you will need to upgrade above 6.40.x. All the fixes which are backportable and are tested - are included in bugfix versions. You simply will need at some point upgrade to the new bridge implementation and learn how to use it.

Re: v6.40.8 [bugfix] is released!

Posted: Wed Apr 25, 2018 9:20 pm
by djdrastic
Thanks,will report any findings we find migrating from v6.40.7-8 though a couple of customers were unimpressed when we told them we'd have to sit and patch all the equipment again.
Have started testing for the inevitable new bridge implementation , but have found some things a bit hard to find.

Will probably take a bit of time to get accustomed to the "new" way of doing things.

Re: v6.40.8 [bugfix] is released!

Posted: Wed Apr 25, 2018 9:24 pm
by strods
You are always welcome to ask questions through support@mikrotik.com e-mail. If you find out something that seems to be a bug, then report it through the same e-mail. Same rules apply to any version and any other process besides bridge. If something is working on version X and is not working on version Y, then report such problem to us.

Re: v6.40.8 [bugfix] is released!

Posted: Fri Apr 27, 2018 1:29 am
by Beone
all v6.4x.y releases have 'broken' reachability information output for

/ip route get number=$interface value-name=gateway-status

OUTPUT up until v6.39.3 = consistent PPPoE-client & DHCP-client
dhcp-client "1.1.1.1 reachable via ether1"
pppoe-client "1.1.1.1 reachable via pppoe1"

OUTPUT starting v6.4x.y != consistent behavior
dhcp-client "1.1.1.1 reachable via ether1"
pppoe-client "pppoe1 reachable"

Changing the output as inconsistent results in broken scripts and maybe other broken things

[Ticket#2018042722000332]

Re: v6.40.8 [bugfix] is released!

Posted: Fri Apr 27, 2018 9:06 am
by macsrwe
[deleted]

Re: v6.40.8 [bugfix] is released!

Posted: Sun Apr 29, 2018 3:22 pm
by chechito
thanks a lot mikrotik for this

*) wireless - improved compatibility with BCM chipset devices;

improved too much wifi performance on all my clients

im very happy with this :D

Re: v6.40.8 [bugfix] is released!

Posted: Mon Apr 30, 2018 5:25 am
by mblfone
Hello,

I updated to v6.40.8 this morning. I was working in Winbox this evening and kept getting disconnected. I have updated to the newest Winbox release and am still getting disconnected. There is no log entry as to why.

This seems to be since my v6.40.8 upgrade.

Any thoughts?

Re: v6.40.8 [bugfix] is released!

Posted: Mon Apr 30, 2018 5:49 am
by chechito
Hello,

I updated to v6.40.8 this morning. I was working in Winbox this evening and kept getting disconnected. I have updated to the newest Winbox release and am still getting disconnected. There is no log entry as to why.

This seems to be since my v6.40.8 upgrade.

Any thoughts?
im still on winbox 3.11

Re: v6.40.8 [bugfix] is released!

Posted: Tue May 01, 2018 2:17 pm
by Ocean
If used in l2tp client "add-default-route=yes", then the routing table is not correctly created and VPN does not work (on ROS 39.3 everything ok).

Example:

ROS 6.40.8

l2tp client config:
[admin@Dom-3G-Router] >  /interface l2tp-client print 
Flags: X - disabled, R - running 
 0  R name="l2tp-vpn.site.local" max-mtu=1450 max-mru=1450 mrru=disabled connect-to=vpn.site.local user="derevna" password="fwefwe" profile=default-encryption 
      keepalive-timeout=10 use-ipsec=no ipsec-secret="" allow-fast-path=no add-default-route=yes default-route-distance=1 dial-on-demand=no allow=pap,chap,mschap1,mschap2 
Routing table:
[admin@Dom-3G-Router] > /ip route print detail 
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 0 ADS  dst-address=0.0.0.0/0 gateway=l2tp-vpn.site.local gateway-status=l2tp-vpn.site.local reachable distance=1 scope=30 target-scope=10 
 1  DS  dst-address=0.0.0.0/0 gateway=ppp-out1 gateway-status=ppp-out1 reachable distance=2 scope=30 target-scope=10 
...
 3 A S  dst-address=10.10.10.0/27 gateway=172.16.2.1 gateway-status=172.16.2.1 reachable via  l2tp-vpn.site.local distance=1 scope=30 target-scope=10 
...
 5 ADC  dst-address=10.112.112.173/32 pref-src=100.91.5.55 gateway=ppp-out1 gateway-status=ppp-out1 reachable distance=0 scope=10 
 6  DS  dst-address=92.45.172.192/32 gateway=92.45.172.192 gateway-status=92.45.172.192 unreachable distance=0 scope=30 target-scope=10 
...
10 ADC  dst-address=172.16.2.1/32 pref-src=172.16.2.2 gateway=l2tp-vpn.site.local gateway-status=l2tp-vpn.site.local reachable distance=0 scope=10 
...
Watch entry 6:
DS  dst-address=92.45.172.192/32 gateway=92.45.172.192 gateway-status=92.45.172.192 unreachable
Wrong gateway is specified! IP - 92.45.172.192 is remote public IP address VPN (connect-to).

On ROS 6.39.3 correct gateway is specified:
[admin@Dom-3G-Router] > /ip route print detail 
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 0 ADS  dst-address=0.0.0.0/0 gateway=172.16.2.1 gateway-status=172.16.2.1 reachable via  l2tp-vpn.site.local distance=1 scope=30 target-scope=10 
 1  DS  dst-address=0.0.0.0/0 gateway=10.112.112.196 gateway-status=10.112.112.196 reachable via  ppp-out1 distance=2 scope=30 target-scope=10 
...
 3 A S  dst-address=10.10.10.0/27 gateway=172.16.2.1 gateway-status=172.16.2.1 reachable via  l2tp-vpn.site.local distance=1 scope=30 target-scope=10 
...
 5 ADC  dst-address=10.112.112.196/32 pref-src=100.64.84.86 gateway=ppp-out1 gateway-status=ppp-out1 reachable distance=0 scope=10 
 6 ADS  dst-address=92.45.172.192/32 gateway=10.112.112.196 gateway-status=10.112.112.196 reachable via  ppp-out1 distance=0 scope=30 target-scope=10 
...
 9 ADC  dst-address=172.16.2.1/32 pref-src=172.16.2.2 gateway=l2tp-vpn.site.local gateway-status=l2tp-vpn.site.local reachable distance=0 scope=10 
...
Watch entry 6:
ADS  dst-address=92.45.172.192/32 gateway=10.112.112.196 gateway-status=10.112.112.196 reachable via  ppp-out1 distance=0 scope=30 target-scope=10
dst-address=92.45.172.192/32 is accessible via ppp-out1 connection!

Re: v6.40.8 [bugfix] is released!

Posted: Sat May 05, 2018 4:32 pm
by dickyhk
Hi, I have a problem on my wireless after update from 6.40.7 to 6.40.8 few days ago on my hAP ac device.
Sometimes all the wireless devices will be disconnected few seconds and then reconnect to the router and this problem happen quite frequently.
Sometimes it could happen few times per hour.
I see in the router log showing 00:00:00:00:00:00@wlan1: disconnected, unicast key exchange timeout and wlan1 00:00:00:00:00:00 was WDS master every time the disconnect happen.
Should I downgrade it to 6.40.7 or need some config changes?
Thank you.
20:48:07 wireless,info 00:00:00:00:00:00@wlan1: connected
20:48:12 wireless,info 00:00:00:00:00:00@wlan1: disconnected, unicast key exchange timeout
20:48:12 wireless,info wlan1 00:00:00:00:00:00 was WDS master
20:48:12 wireless,info Device A MAC address@wlan1: disconnected, disabling
20:48:12 wireless,info Device B MAC address@wlan3: disconnected, disabling
20:48:16 wireless,info Device B MAC address@wlan3: connected
20:48:19 wireless,info Device C MAC address@wlan1: connected
20:48:24 wireless,info 00:00:00:00:00:00@wlan1: connected
20:48:29 wireless,info 00:00:00:00:00:00@wlan1: disconnected, unicast key exchange timeout
20:48:29 wireless,info wlan1 00:00:00:00:00:00 was WDS master
20:48:29 wireless,info Device C MAC address@wlan1: disconnected, disabling
20:48:29 wireless,info Device B MAC address@wlan3: disconnected, disabling
20:48:31 wireless,info Device C MAC address@wlan1: connected
20:48:35 wireless,info 00:00:00:00:00:00@wlan1: connected
20:48:36 wireless,info Device D MAC address@wlan1: connected
20:48:40 wireless,info 00:00:00:00:00:00@wlan1: disconnected, unicast key exchange timeout
20:48:40 wireless,info wlan1 00:00:00:00:00:00 was WDS master
20:48:40 wireless,info Device D MAC address@wlan1: disconnected, disabling
20:48:40 wireless,info Device C MAC address@wlan1: disconnected, disabling
20:48:42 wireless,info Device C MAC address@wlan1: connected
20:48:44 wireless,info Device D MAC address@wlan1: connected
20:48:45 wireless,info Device B MAC address@wlan3: connected
20:48:54 wireless,info Device A MAC address@wlan1: connected

Re: v6.40.8 [bugfix] is released!

Posted: Fri May 11, 2018 8:08 am
by chubbs596
Hi Guys

I have upgraded on of my x86 edge bgp peering routers from 6.37.4 to 6.40.8,

I have noticed the the following issues on ipv6 bgp sessions that sessions with MD5 Keys do not establish a connection but the ipv4 sessions do.

I then upgraded the same router to 6.42.1 and the ipv6 bgp sessions with md5 keys work again.

has someone else seen these issues?

Re: v6.40.8 [bugfix] is released!

Posted: Fri May 11, 2018 10:46 am
by kos
If used in l2tp client "add-default-route=yes", then the routing table is not correctly created and VPN does not work (on ROS 39.3 everything ok).

Example:

ROS 6.40.8

l2tp client config:
[admin@Dom-3G-Router] >  /interface l2tp-client print 
Flags: X - disabled, R - running 
 0  R name="l2tp-vpn.site.local" max-mtu=1450 max-mru=1450 mrru=disabled connect-to=vpn.site.local user="derevna" password="fwefwe" profile=default-encryption 
      keepalive-timeout=10 use-ipsec=no ipsec-secret="" allow-fast-path=no add-default-route=yes default-route-distance=1 dial-on-demand=no allow=pap,chap,mschap1,mschap2 
Routing table:
[admin@Dom-3G-Router] > /ip route print detail 
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 0 ADS  dst-address=0.0.0.0/0 gateway=l2tp-vpn.site.local gateway-status=l2tp-vpn.site.local reachable distance=1 scope=30 target-scope=10 
 1  DS  dst-address=0.0.0.0/0 gateway=ppp-out1 gateway-status=ppp-out1 reachable distance=2 scope=30 target-scope=10 
...
 3 A S  dst-address=10.10.10.0/27 gateway=172.16.2.1 gateway-status=172.16.2.1 reachable via  l2tp-vpn.site.local distance=1 scope=30 target-scope=10 
...
 5 ADC  dst-address=10.112.112.173/32 pref-src=100.91.5.55 gateway=ppp-out1 gateway-status=ppp-out1 reachable distance=0 scope=10 
 6  DS  dst-address=92.45.172.192/32 gateway=92.45.172.192 gateway-status=92.45.172.192 unreachable distance=0 scope=30 target-scope=10 
...
10 ADC  dst-address=172.16.2.1/32 pref-src=172.16.2.2 gateway=l2tp-vpn.site.local gateway-status=l2tp-vpn.site.local reachable distance=0 scope=10 
...
Watch entry 6:
DS  dst-address=92.45.172.192/32 gateway=92.45.172.192 gateway-status=92.45.172.192 unreachable
Wrong gateway is specified! IP - 92.45.172.192 is remote public IP address VPN (connect-to).

On ROS 6.39.3 correct gateway is specified:
[admin@Dom-3G-Router] > /ip route print detail 
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 0 ADS  dst-address=0.0.0.0/0 gateway=172.16.2.1 gateway-status=172.16.2.1 reachable via  l2tp-vpn.site.local distance=1 scope=30 target-scope=10 
 1  DS  dst-address=0.0.0.0/0 gateway=10.112.112.196 gateway-status=10.112.112.196 reachable via  ppp-out1 distance=2 scope=30 target-scope=10 
...
 3 A S  dst-address=10.10.10.0/27 gateway=172.16.2.1 gateway-status=172.16.2.1 reachable via  l2tp-vpn.site.local distance=1 scope=30 target-scope=10 
...
 5 ADC  dst-address=10.112.112.196/32 pref-src=100.64.84.86 gateway=ppp-out1 gateway-status=ppp-out1 reachable distance=0 scope=10 
 6 ADS  dst-address=92.45.172.192/32 gateway=10.112.112.196 gateway-status=10.112.112.196 reachable via  ppp-out1 distance=0 scope=30 target-scope=10 
...
 9 ADC  dst-address=172.16.2.1/32 pref-src=172.16.2.2 gateway=l2tp-vpn.site.local gateway-status=l2tp-vpn.site.local reachable distance=0 scope=10 
...
Watch entry 6:
ADS  dst-address=92.45.172.192/32 gateway=10.112.112.196 gateway-status=10.112.112.196 reachable via  ppp-out1 distance=0 scope=30 target-scope=10
dst-address=92.45.172.192/32 is accessible via ppp-out1 connection!
I can confirm this issue, when using dongle for WAN connection. Tested with OVPN and ROS 6.40.7, 6.40.8, 6.42.1 and 6.43rc11. Working fine with ROS 6.39.3.

Re: v6.40.8 [bugfix] is released!

Posted: Fri May 11, 2018 3:38 pm
by andriys
Do you respond to requests from the forum or bugfix create a new bug ?
This is a user forum. Mikrotik staff responds on forum occasionally, but in general all (potential) bugs should be reported to support@ via email.

Re: v6.40.8 [bugfix] is released!

Posted: Sat May 26, 2018 12:27 pm
by Kerbia
edit:// nvm.

Re: v6.40.8 [bugfix] is released!

Posted: Wed Jun 06, 2018 6:46 pm
by gotsprings
Nevermind.

Romon in script and not schedule...

Scripts fire now.

Re: v6.40.8 [bugfix] is released!

Posted: Thu Jun 14, 2018 9:39 pm
by jarda
I have just updated rb750GR3 with dude package installed from 6.40.5 to 6.40.8 which resulted into bootloop without any beep.
Netinstalled 6.40.8 and imported rsc file generated by 6.40.5 before.
Only about 1/3 of the config was imported on the first run, so the rest needed to be copy-pasted into terminal window afterwards. It was not signalized anyhow.
After that, first minutes of run looks good...

So be prepaired when you decide to do the same!

edit: not so good... the ntp client looks to be not working and the environment of the scripts (variables) are not created/populated.

edit2: ntp client works finally... dont know why...

edit3: finally even the variables started to work. Good.

Why the router tries to connect to ip 224.0.0.22?

Re: v6.40.8 [bugfix] is released!

Posted: Fri Jun 15, 2018 2:31 pm
by andriys
Why the router tries to connect to ip 224.0.0.22?
This is a multicast address that has something to do with IGMPv3. May be related to IGMP proxy or UPnP.

Re: v6.40.8 [bugfix] is released!

Posted: Fri Jun 15, 2018 3:24 pm
by jarda
Maybe the multicast option was selected at that time in ntp client when I tried to convince it to work. At the moment these tryouts vanished. I do not use upnp at all nor igmp.


Re: v6.40.8 [bugfix] is released!

Posted: Sun Jun 17, 2018 2:53 am
by jondavy
I was with my cloud core router restarting every day saying kernel failure,
I decided to update to last version and it did not solve, I decided to buy another cloud core and it continues with the same problem says:

system,error,critical router was rebooted without proper shutdown, probably kernel failure
system,error,critical kernel failure in previous boot

Re: v6.40.8 [bugfix] is released!

Posted: Sun Jun 17, 2018 1:41 pm
by andriys
I decided to buy another cloud core and it continues with the same problem says:
Have you tried writing to support@ ? Just curious.

Re: v6.40.8 [bugfix] is released!

Posted: Thu Jun 21, 2018 1:42 pm
by cserf
I use The DUDE 6.40.8 client with wine. The server: 6.40.8 on RouterBOARD 750G r3
While changing the name of any my functions the client disconnects from the server with message: server likely crashed
and connects again
When I look into RouterBOARD 750G r3 log: Dude server started

Re: v6.40.8 [bugfix] is released!

Posted: Sun Jul 01, 2018 5:01 pm
by LeftyTs
Hi Guys

I have upgraded on of my x86 edge bgp peering routers from 6.37.4 to 6.40.8,

I have noticed the the following issues on ipv6 bgp sessions that sessions with MD5 Keys do not establish a connection but the ipv4 sessions do.

I then upgraded the same router to 6.42.1 and the ipv6 bgp sessions with md5 keys work again.

has someone else seen these issues?
I have seen BGP issues even without MD5 in IPv4. In fact the reason I stopped upgrading ROS was exactly that as BGP for me is a must. BGP routes sometimes would get updated but would expire after a couple of minutes and some other times would not. Latest current ROS versions seem to fix this issue. Bugfix versions had the same problem for me.

Re: v6.40.8 [bugfix] is released!

Posted: Mon Jul 02, 2018 9:17 pm
by vipnet
NETMAP not load SOURCE ADDRESS LIST
Image

Re: v6.40.8 [bugfix] is released!

Posted: Thu Jul 05, 2018 11:21 am
by Chupaka
NETMAP not load SOURCE ADDRESS LIST
Image
Huh? Everything looks good.

Re: v6.40.8 [bugfix] is released!

Posted: Wed Jul 25, 2018 8:38 pm
by xt22
There is probably a winbox (ROS?) bug in 3.11 and 3.16 with the new RB2011UiAS-2HnD r2 - LCD option is missing.

ROS 6.40.8, Winbox 3.11 & 3.16. RB2011UiAS-2HnD does have the option, the new RB2011UiAS-2HnD r2 does not.
LCD setting in terminal works, LCD itself too.

Image

Re: v6.40.8 [bugfix] is released!

Posted: Tue Aug 07, 2018 12:32 pm
by upower3
If 6.40.8 is safe in respect to latest rumors on miners https://www.bleepingcomputer.com/news/s ... k-routers/? I keep hear that bugfix is not safe, but I'm not ready to mass-upgrade and reconfigure my park of routers to current due to its new bridge implementation.

Please comment on this!

Re: v6.40.8 [bugfix] is released!

Posted: Tue Aug 07, 2018 12:37 pm
by msatter
If 6.40.8 is safe in respect to latest rumors on miners https://www.bleepingcomputer.com/news/s ... k-routers/? I keep hear that bugfix is not safe, but I'm not ready to mass-upgrade and reconfigure my park of routers to current due to its new bridge implementation.

Please comment on this!
No need to comment on it, it is already being discussed since last Friday in two other threads.

You can find the needed information in the blog.

https://blog.mikrotik.com/security/winb ... ility.html

Re: v6.40.8 [bugfix] is released!

Posted: Tue Aug 07, 2018 12:37 pm
by mrz
6.40.8 is safe.

Re: v6.40.8 [bugfix] is released!

Posted: Tue Aug 07, 2018 1:18 pm
by freemannnn
i am curious which and when next bugfix version with "new bridge implementation" will be.....6.42.x ?
"new bridge implementation" was a big change. so going from 6.40.8 to new bugfix (>6.41.x ) dont know if it will be "a walk in the park" for some users.

Re: v6.40.8 [bugfix] is released!

Posted: Tue Aug 07, 2018 1:33 pm
by upower3
i am curious which and when next bugfix version with "new bridge implementation" will be.....6.42.x ?
"new bridge implementation" was a big change. so going from 6.40.8 to new bugfix (>6.41.x ) dont know if it will be "a walk in the park" for some users.
I'm afraid MT won't care about that much, since they introduced that kind of change in rather minor version change (not on 7.0.0, but on next 6.x.x-current). So the best would be to leave 6.40.x be 'like old one' and keep develop 6.42+.

Nothing personal, still under impression from this "good" move as new killer-feature in next current release :)

Re: v6.40.8 [bugfix] is released!

Posted: Wed Aug 22, 2018 1:06 pm
by emils
New version 6.40.9 has been released in bugfix RouterOS channel:

viewtopic.php?f=21&t=138331