Community discussions

 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 505
Joined: Thu Dec 11, 2014 8:53 am

v6.42.7 [current] is released!

Mon Aug 20, 2018 9:54 am

RouterOS version 6.42.7 has been released in public "current" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.42.7 (2018-Aug-17 09:48):

MAJOR CHANGES IN v6.42.7:
----------------------
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
----------------------


*) bridge - improved bridge port state changing process;
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding without VLAN filtering (introduced in 6.42.6);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) ppp - fixed interface enabling after a while if none of them where active;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - updated "united-states" regulatory domain information;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this concrete RouterOS release.

If you router has a storage issue (not enough space due to RouterOS, not by other files stored on the device), use package from this link:
https://www.mikrotik.com/download/share/fix_space.npk
- upload package to your router;
- run /system reboot

Other affected installations will be fixed automatically, if there is enough space left for an upgrade by this fix:
"package - free up used storage space consumed by old RouterOS upgrades"
 
markmcn
Frequent Visitor
Frequent Visitor
Posts: 78
Joined: Wed Mar 03, 2010 2:15 am

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 11:15 am

*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
Can you please share what was the issue and what is the fixed behaviour?
I am using alot of IPSec in 6.42.6 and having no issues, I'm just wondering what has changed before I alter a working environment
Thanks for the great work
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 505
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 11:41 am

When adding (or importing) a new IPsec policy it automatically used src-address to calculate sa-src-address if it was not specified in tunnel mode, which is not correct. E.g.
/ip ipsec policy add dst-address=192.168.1.0/24 sa-dst-address=10.155.107.5 sa-src-address=0.0.0.0 src-address=10.155.107.6 tunnel=yes


Created:
 1     src-address=10.155.107.6/32 src-port=any dst-address=192.168.1.0/24 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=10.155.107.6 sa-dst-address=10.155.107.5 proposal=default ph2-count=0
 
bratislav
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Mon May 05, 2014 10:36 am

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 12:21 pm

Seems that new workaround option:
*) wireless - added option to disable PMKID for WPA2;
Does not prevent users to connect and so far everything works well for us ...
 
markmcn
Frequent Visitor
Frequent Visitor
Posts: 78
Joined: Wed Mar 03, 2010 2:15 am

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 12:32 pm

Hi Emils,
Thanks for the responce, Am I correct in saying the corrected behaviour is that if the sa-src-address=0.0.0.0 is used, It will now take the ip address of the outbound interface(Interface with the route to the ipsec peer/sa-dst-address)
Thanks
Mark
When adding (or importing) a new IPsec policy it automatically used src-address to calculate sa-src-address if it was not specified in tunnel mode, which is not correct. E.g.
/ip ipsec policy add dst-address=192.168.1.0/24 sa-dst-address=10.155.107.5 sa-src-address=0.0.0.0 src-address=10.155.107.6 tunnel=yes


Created:
 1     src-address=10.155.107.6/32 src-port=any dst-address=192.168.1.0/24 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=10.155.107.6 sa-dst-address=10.155.107.5 proposal=default ph2-count=0
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 505
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 1:35 pm

Yes, that is correct.
 
UpRunTech
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Fri Jul 27, 2012 12:11 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 1:54 pm

upgraded RB751-2HnD and RB2011UiAS-2HnD no dramas. I'll be interested in removing the PMKID and see what happens.

edit: removed PMKID and still here so who needs PMKID anyway?
Last edited by UpRunTech on Mon Aug 20, 2018 2:29 pm, edited 3 times in total.
 
R1CH
Forum Veteran
Forum Veteran
Posts: 904
Joined: Sun Oct 01, 2006 11:44 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 1:57 pm

Upgraded 5 x wAP AC, no issues so far.
 
Kindis
Member Candidate
Member Candidate
Posts: 251
Joined: Tue Nov 01, 2011 6:54 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 2:07 pm

Upgraded two 3011, one 493G, two CHR and two wAP AC. No issues what so ever. Also disabled PMKID for WPA2 and have no issues so far.
 
Fusionyx
just joined
Posts: 7
Joined: Thu Sep 21, 2017 10:53 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 2:32 pm

Hi updated a CRS328-24p-4S+ (Arm) from v6.42.6 -> v6.42.7 and all the weird problems are gone for us so far.

We can disable interfaces again without other interface being effected aswell and trunk interfaces toward other switches keep working after the update and reboot.

Thansk for fixing this!

Fusionyx
 
notToNew
Member Candidate
Member Candidate
Posts: 148
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 2:42 pm

*) wireless - added option to disable PMKID for WPA2;
What is the Capsman-part of this?

EDIT: Sorry, just had to relaoad the config to see it!


Joe
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 102
Joined: Thu Nov 05, 2015 12:30 pm
Location: czech republic

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 3:14 pm

upgraded almost 300MK devices today and so far without problem

already done on types :
crs 328 poe
crs 317
crs 125
crs 226
ccr 1009
ccr 1016
ccr 1032
metal 52SHPacn
metal 2SHPn
rb 2011
rb 3011
mAP lite

In late night I must also done upgrade on main-rt CCR1072, I supposing no problem also :-)
 
MonkeyDan
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Fri Dec 29, 2017 8:41 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 4:58 pm

Does this really fix multipoint Wireless Wire disconnects? I’m reluctant to try as rc56 still had issues.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1310
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 6:11 pm

@MonkeyDan
*) wireless - added option to disable PMKID for WPA2;
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - fixed packet processing after removing wireless interface from CAP settings; 
*) wireless - updated "united-states" regulatory domain information;
This wireless problem has been fixed. If your problem is listed there, it should be ok
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
Njumaen
newbie
Posts: 37
Joined: Wed Feb 24, 2016 8:41 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 7:52 pm

*) wireless - added option to disable PMKID for WPA2;
Even in CAPsMAN! \o/

Great Job!

Ralf.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1435
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 8:11 pm

upgraded almost 300MK devices today and so far without problem
...

Wow, you are brave :-)
MTCNA, MTCTCE, MTCRE & MTCINE
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 102
Joined: Thu Nov 05, 2015 12:30 pm
Location: czech republic

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 8:43 pm

upgraded almost 300MK devices today and so far without problem
...

Wow, you are brave :-)
or stupid.. :D

no, really, I have lack of bad experiences... :D
 
MonkeyDan
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Fri Dec 29, 2017 8:41 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 8:50 pm

That's for WiFi. WiGig changes are under w60, which yes, they said they were fixed, but I've seen plenty of current and rc releases where that wasn't the case.
I decided to gave 6.42.7 a go on a 2 station multipoint setup, and while the links flapped for 10 minutes, they've been stable ever since. Hopefully it stays this way for a very long time :-D
@MonkeyDan
*) wireless - added option to disable PMKID for WPA2;
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - fixed packet processing after removing wireless interface from CAP settings; 
*) wireless - updated "united-states" regulatory domain information;
This wireless problem has been fixed. If your problem is listed there, it should be ok
 
eddieb
Member Candidate
Member Candidate
Posts: 141
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 9:07 pm

Upgraded without problems ..

CRS125
CHR + Dude
RB750
RB951
RB962 (9x)
RB1100
RB2011 (2 IPSEC tunnels)
Running 6.45.7 (stable) on :
CCR1009-8G-1S (2x ipsec/l2tp site-to-site, ipsec/l2tp roadwarrior, dhcpd, dns), CRS125-24G-1S, RB1100, RB962UiGS-5HacT2HnT (10pc), RB931-2nD, RB951, RB750GL ,RB2011UAS-RM, CHR running dude (CHR running in VirtualBox on OSX)
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 9:32 pm

upgraded almost 300MK devices today and so far without problem
...
Wow, you are brave :-)
Just wanted to comment the same.... upgrading 300 devices on the day of release, wow!
He deserves the prize for most valuable beta tester!
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 9:35 pm

upgraded almost 300MK devices today and so far without problem
...
Wow, you are brave :-)
or stupid.. :D

no, really, I have lack of bad experiences... :D
I once painted myself in the corner by upgrading 2 CCR1009 routers before noticing that further upgrades were impossible due to reduced diskspace, and now I am a little more careful because it took a lot of convincing on the forum before a fix package was released that would solve the problem without doing netinstall... and even that I installed too quickly on one of them. (getting rescued only by the fallback to second partition)
 
dadoremix
Member Candidate
Member Candidate
Posts: 118
Joined: Sat May 14, 2011 11:31 am

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 10:54 pm

upgraded almost 300MK devices today and so far without problem

already done on types :
crs 328 poe
crs 317
crs 125
crs 226
ccr 1009
ccr 1016
ccr 1032
metal 52SHPacn
metal 2SHPn
rb 2011
rb 3011
mAP lite

In late night I must also done upgrade on main-rt CCR1072, I supposing no problem also :-)
How did you upgrade 300 devices?
Script / tool? Or manual 1 by 1 ?
 
mkx
Forum Guru
Forum Guru
Posts: 3185
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.42.7 [current] is released!

Mon Aug 20, 2018 11:15 pm

How did you upgrade 300 devices?
Script / tool? Or manual 1 by 1 ?
I'm guessing Dude and/or CapsMan.
BR,
Metod
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1717
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 8:37 am

Could we expect 6.40.9 ?
Real admins use real keyboards.
 
bjornr
just joined
Posts: 23
Joined: Thu Apr 16, 2015 11:00 am

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 8:43 am

After upgrading to 6.42.7, my CRS328-24P-4S+ logs increased CPU temperature from SNMP readouts. The attached graph shows a significant change in CPU temperature after upgrading (at around 23:00). The switch's CPU load (also from SNMP) has not increased.

Were there any changes to the SNMP output for this unit, not mentioned in the changelog? It could look like the temperature of the board was previously listed as CPU temperature.

CRS328-24P-4S+-after-upgrade.png
You do not have the required permissions to view the files attached to this post.
 
John39
just joined
Posts: 21
Joined: Mon Aug 08, 2016 11:17 pm

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 11:14 am

After the update, cloud stopped working for me. Ip address is updated in cloud, and if ping is done, the answer comes from the old address. If you install RC, the problem immediately goes away. I had to switch to the script.
You do not have the required permissions to view the files attached to this post.
Last edited by John39 on Tue Aug 21, 2018 11:41 am, edited 1 time in total.
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 102
Joined: Thu Nov 05, 2015 12:30 pm
Location: czech republic

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 11:27 am


How did you upgrade 300 devices?
Script / tool? Or manual 1 by 1 ?
Hi, I have linux (ubuntu server) with bash script ( which I made myself ) to upgrade all of it.
 
ofer
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Wed May 23, 2018 11:45 am

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 11:31 am

Upgraded 3 x HAP AC, no issues so far.
Update: I disabled PMKID on the units, no issues as well.

Thanks!
Last edited by ofer on Wed Aug 22, 2018 2:23 pm, edited 2 times in total.
 
John39
just joined
Posts: 21
Joined: Mon Aug 08, 2016 11:17 pm

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 11:40 am

Forgot to specify the model hap ac2.
The time between updating the cloud and checking ping was about 1 hour.
 
markmcn
Frequent Visitor
Frequent Visitor
Posts: 78
Joined: Wed Mar 03, 2010 2:15 am

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 12:03 pm

I upgraded a RB1100 AH4 last night, It mostly went ok,
The only issue was on reboot none of the ipsec tunnel came back, when I checked IPSec packets weren't even leaving as claimed to be trying to establish!! A second reboot and all the tunnels came up.
The take away being if you depend on IPSec to access the device maybe have a backup plan in this case
 
Njumaen
newbie
Posts: 37
Joined: Wed Feb 24, 2016 8:41 pm

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 12:37 pm

*) crs3xx - fixed tagged packet forwarding without VLAN filtering (introduced in 6.42.6);
This really drove me crazy on my CRS328-24P-4S+ :? Thanks for fixing!
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1435
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 1:41 pm

After upgrading to 6.42.7, my CRS328-24P-4S+ logs increased CPU temperature from SNMP readouts. The attached graph shows a significant change in CPU temperature after upgrading (at around 23:00). The switch's CPU load (also from SNMP) has not increased.

Were there any changes to the SNMP output for this unit, not mentioned in the changelog? It could look like the temperature of the board was previously listed as CPU temperature.


CRS328-24P-4S+-after-upgrade.png

CRS326-24G-2S+ also seems to be running high temp's, cant say what it was before as it is a new installation done last night, has 6.42.7 installed last night
This is in an air conditioned server room
CRS326-24G-2S+ Temp.JPG
You do not have the required permissions to view the files attached to this post.
MTCNA, MTCTCE, MTCRE & MTCINE
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 102
Joined: Thu Nov 05, 2015 12:30 pm
Location: czech republic

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 2:50 pm

I will take a look on this too.

edit : no change imho
 
Paternot
Long time Member
Long time Member
Posts: 607
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 5:01 pm

Upgraded one RB750Gr3 and three hAP ac lite. All working: IPsec and OpenVpn (server, RB750Gr3), BGP (small table, internal), PPPoE and wireless (802.11ac/n).
 
bjornr
just joined
Posts: 23
Joined: Thu Apr 16, 2015 11:00 am

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 5:29 pm

After upgrading to 6.42.7, my CRS328-24P-4S+ logs increased CPU temperature from SNMP readouts. [...]

Tried downgrading to 6.42.6, and CPU temperature is shown as 8-10 degrees lower than with 6.42.7 - both in System -> Health and with SNMP.


6.42.7 before downgrade:
6.42.7.before.png

Downgraded to 6.42.6:
6.42.6.png

Back to 6.42.7 after upgrading again:
6.42.7.after.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 229
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 7:27 pm

Why did 2 fans appear in the last print?
I apologize my grammatical errors, my english not so good, I am not a native speaker.
Wiki is maintained in English. I use Google translator. 8)
 
bjornr
just joined
Posts: 23
Joined: Thu Apr 16, 2015 11:00 am

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 7:55 pm

Why did 2 fans appear in the last print?
For some reason, fan speed is only shown in "System Health" when the fans are running. So during the last screenshot the fans were running, but in the other two the fans were off.

A curious side effect of this is that (at least with Linux and Wine) the "System Health" window will grow bigger when the two fan speeds are shown, and go back to a smaller window when the fans don't run - so the window will not only change size multiple times, but also change its position in Winbox. After some time, I will usually find the "System Health" window in the upper left corner of Winbox :-)
 
anav
Forum Guru
Forum Guru
Posts: 3120
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: v6.42.7 [current] is released!

Tue Aug 21, 2018 9:56 pm

upgraded almost 300MK devices today and so far without problem
...

Wow, you are brave :-)
The irony!!
I just want to point that you have now truly earned your nick as CZFAN. ;-)
(seeing as rushlife is from CZech land).
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1435
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 12:09 am

Anav, welcome back, been a while since I last saw a post from you.

FYI, my nick name is based on a well known product from Czech Republic
MTCNA, MTCTCE, MTCRE & MTCINE
 
upnort
newbie
Posts: 47
Joined: Wed Aug 15, 2018 2:03 am

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 6:36 am

Hi, I have linux (ubuntu server) with bash script ( which I made myself ) to upgrade all of it.
Linux user here. Please, please share the script! :D
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 102
Joined: Thu Nov 05, 2015 12:30 pm
Location: czech republic

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 9:17 am

enjoy
You do not have the required permissions to view the files attached to this post.
 
Kraken2k
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Wed Oct 01, 2014 1:50 pm
Location: Prague

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 11:16 am

Upgraded RB2011, no issues so far.
FYI, my nick name is based on a well known product from Czech Republic
Yeah... your avatar is pretty self-explaining.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1310
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 2:37 pm

Found a smal bug that should be fixed.

In GUI name "Tools" is used.
In CLI it is used "tool"

Using same name helps to navigate when using both interface CLI and GUI

Other strange thing.
In GUI Bridge has its own main menu.
In CLI its under Interface/Bridge
Why these differences?`
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 2:49 pm

There are some GUI differences for ease of use. It is not v6.42.7 specific.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 2:51 pm

Is there any indication of the attack surface of "vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159"?
What kind of installations would be directly at risk and require quick updates?
(e.g. admin service ports open on internet, certain types of VPN service open on internet, any configuration with internet connection, etc)
 
k3dt
newbie
Posts: 29
Joined: Tue Jul 17, 2007 3:37 pm
Location: Czech Republic

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 2:53 pm

Can you provide some more informations about fixed vulnerabilities? eg. how critical are? thanks
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1310
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 3:29 pm

There are some GUI differences for ease of use. It is not v6.42.7 specific.
Posted in wrong thread, should be in the Winbox thread.
PS it does not make it simpler to not have equal name and stricture.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
soomanyquestions
newbie
Posts: 34
Joined: Sat Aug 20, 2016 6:35 pm

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 4:39 pm

Is there any indication of the attack surface of "vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159"?
What kind of installations would be directly at risk and require quick updates?
(e.g. admin service ports open on internet, certain types of VPN service open on internet, any configuration with internet connection, etc)
This would be really nice to know!
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 505
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 4:44 pm

We will publish official blog post soon with more detailed information about the fixed vulnerabilities.
 
R1CH
Forum Veteran
Forum Veteran
Posts: 904
Joined: Sun Oct 01, 2006 11:44 pm

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 6:39 pm

Were these security fixes stealthily added to the v6.42.7 patch notes? I don't recall seeing them there before and I didn't update since it didn't look like a necessary update. It's very bad that details aren't available even though the fixed version is published. It doesn't take much effort to compare the 6.42.6 vs 6.42.7 binaries and figure out where the exploits were and start attacking them. Hopefully this is just a fix of long standing security bugs like lack of certificate validation in numerous places.
 
CsXen
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Wed Sep 10, 2014 8:31 pm
Location: Budapest - Hungary

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 6:42 pm

Upgraded RB951Ui, no issues so far.

Best regards: CsXen
 
R1CH
Forum Veteran
Forum Veteran
Posts: 904
Joined: Sun Oct 01, 2006 11:44 pm

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 6:49 pm

I can confirm that the security fixes were added to the notes after the 6.42.7 thread was already posted! Why was this?

Image
 
upnort
newbie
Posts: 47
Joined: Wed Aug 15, 2018 2:03 am

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 7:27 pm

@rushlife: Thank you for the scripts!
 
anav
Forum Guru
Forum Guru
Posts: 3120
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 7:30 pm

Anav, welcome back, been a while since I last saw a post from you.

FYI, my nick name is based on a well known product from Czech Republic
Well after realizing I was more dangerous then helpful I decided to lay low for awhile.
Now I will post if I have some certainty and quality of input (thus crickets chirping from me) or have a healthy dose of humour/sarcasm to inject.
I must say I am screaming through so many TV series these days its all a blur. (Right now its the "Shooter" and "Justified")
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1743
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 8:45 pm

!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;


6.42.6 is vulnerable to this?
 
rahuljj
just joined
Posts: 7
Joined: Thu Mar 05, 2015 6:19 pm

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 9:26 pm

Upgraded RB3011. Ipsec tunnels broken
RB750Gr3,. Ipsec tunnels broken ,

Reverted back to 42.6 , all ipsec tunnels back working well ,
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 9:55 pm

Upgraded RB3011. Ipsec tunnels broken
RB750Gr3,. Ipsec tunnels broken ,
Updated seveal routers, amongst them some RB750Gr3, no such problem noticed.
 
sindy
Forum Guru
Forum Guru
Posts: 3959
Joined: Mon Dec 04, 2017 9:19 pm

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 10:08 pm

Exchange mode and policy type (tunnel/transport) may both make a difference.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
bmann
just joined
Posts: 8
Joined: Sat Jan 05, 2013 2:10 pm

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 11:01 pm

@R1CH: Yes, it was not here. Probably they needed to wait for 6.40.9 to ne released too. The the information was added to both.
I do not see problem to release more information later. Maybe it is about to give people some time to upgrade before releasing details.

@chechito: Are you serious with your question ????
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.42.7 [current] is released!

Wed Aug 22, 2018 11:21 pm

I do not see problem to release more information later. Maybe it is about to give people some time to upgrade before releasing details.
Well, the problem I have is that I now need to update many routers because they may be vulnerable and taken over tomorrow, and then
when further details emerge it may be that we are not using the vulnerable feature or have the proper firewalling.
So I would have appreaciated some summary of attack surface as I requested above. It would save me a night of overtime.
 
bmann
just joined
Posts: 8
Joined: Sat Jan 05, 2013 2:10 pm

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 12:27 am

Right, it is legitimate request. In my case this does not impact me, but with bigger amount of devices it is problematic and risky.
If it is serious then better to say 'upgrade', details will follow later or release the details immediately.
 
bjornr
just joined
Posts: 23
Joined: Thu Apr 16, 2015 11:00 am

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 9:08 am

 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 9:14 am

ARGHH!!! THAT IS WHAT I MEAN:
"issues in RouterOS web server. The issues only affect authenticated users"

They should have put that in the #@%$^^$@# release notes!! A frantic night of updating all for NOTHING.
 
picom
just joined
Posts: 7
Joined: Mon Nov 15, 2010 11:47 am

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 9:47 am

If someone wants a script (looking for vulnerable versions) and makes auto updates, I invite you to email.

Here is shown how it works: https://www.youtube.com/channel/UCOIjoi ... IgPlPgFYUQ
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 10:51 am

Well you guys did want a security blog and more awareness. Now you complain that the issues are not serious enough :D We will try to find a balance.
No answer to your question? How to write posts
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1721
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 11:03 am

I can confirm that the security fixes were added to the notes after the 6.42.7 thread was already posted! Why was this?
Think logically,
1) release versions in all channels with the fixes
2) wait for initial customer feedback to be double sure that version doesn't contain unexpected surprizes and is stable, in case quick fix release needed
3) release information about security issues

i personally don't see anything wrong there.
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 11:09 am

I can confirm that the security fixes were added to the notes after the 6.42.7 thread was already posted! Why was this?
No, this is because CVE entries were only made after the fixes were released.
Tenable allows vendors to fix issues and release the fixed versions, before they advertise discovered issues.
We could not add non-existing CVE numbers into the changelog.
No answer to your question? How to write posts
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 505
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 11:11 am

Upgraded RB3011. Ipsec tunnels broken
RB750Gr3,. Ipsec tunnels broken ,

Reverted back to 42.6 , all ipsec tunnels back working well ,
Please send the supout.rif file from 6.42.7 to support@mikrotik.com
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 11:13 am

Well you guys did want a security blog and more awareness. Now you complain that the issues are not serious enough :D We will try to find a balance.
I hope you understand that when you post a new version AND update the bugfix version at the same time, mentioning 4 security issues that have no description, the users get a bit nervous and assume that an update is urgently required.
I asked for the attack surface, you could have replied "issues in the webserver exploitable by authenticated users" and I would have known that it is not urgent for me to update, and I could have waited until more details became known.
But as the issue was completely unknown and it could well have been in ISAKMP, SSTP, PPP or whatever, I decided to work overtime to update everything.

So indeed it would be welcome when it was a little more clear what is going on.
 
petern
just joined
Posts: 23
Joined: Wed Dec 13, 2017 5:58 pm

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 11:16 am

Well you guys did want a security blog and more awareness. Now you complain that the issues are not serious enough :D We will try to find a balance.
The issue is you need to provide a little more information please. Adding the CVSS score would be useful, along with information about mitigations (firewall rules!) that, in this case, are most likely already in place.

Listing CVEs without any other information leads to speculation about a possible remote vulnerability leading to compromised devices, and therefore excess panic as admins update without knowing what they're updating.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 11:18 am

Tenable allows vendors to fix issues and release the fixed versions, before they advertise discovered issues.
We could not add non-existing CVE numbers into the changelog.
I think the normally preferred procedure is to create CVE numbers and keep them nondescript until fixes are released.
And as the CVE entries are currently in that state, and were created in December 2017, I would assume this is how it went.
It looks like a lack of communication from Tenable, they should have told you what CVE numbers they had created for the issue.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 11:30 am

Yes, we only got them yesterday. I assume they have reserved a huge block of blank CVE numbers, because these issues were not discovered in december, but more recently.
No answer to your question? How to write posts
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Posts: 908
Joined: Tue Oct 11, 2005 4:53 pm

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 12:07 pm

I can confirm that the security fixes were added to the notes after the 6.42.7 thread was already posted! Why was this?

Image
This is bad. I check for updates every day on this forum. The day this release was posted, I read the full changelog and there was nothing of concern to update all my routers immediately.

AFTER the fact they edit the release notes to include a security fix. And then they complain that users don't read the changelogs or update their routers.

This is absurd! I don't care when they found out about it. Which doesn't make sense. Normis claims they only found about it yesterday, but had already released a patch on Augusth the 17th?
They should have made it crystal clear that there is a security patch on this release or release a new .8 version just to mention this security fix (even if it was already on .7).

I DID my due diligence and checked the changelog the same day it got released. What am I supposed to do now? Check everyday if they EDIT the damn changelogs?
If I didn't - by accident - check this thread today, I wouldn't have known that there's a security fix.

Once again, Mikrotik cannot handle simple stuff the way the rest of the industry handles it.
And it shows once again that each update may contain more changes than what the changelog says.
I say this because they always categorically refuse that there are more changes than what the changelog says. Which is obviously NOT true.

On the one hand, it's good that there's a lot of attention on Mikrotik security (we get real fixes and not useless features). But on the other hand, Mikrotik cannot seem to handle the spotlight. Not one bit.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 12:09 pm

What are you talking about? I did say no such thing. The fix was released August 20, only the Blog entry and CVE entries were not yet populated with detailed information. That is all.
No answer to your question? How to write posts
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Posts: 908
Joined: Tue Oct 11, 2005 4:53 pm

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 12:11 pm

August 20?

So 6.42.7 does NOT contain a fix? Because the build time is Aug/17/2018 09:48:44.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 12:13 pm

Build time is not the same as release time.
I don't understand your point. Also, I suggest you read the blog post. There is barely one person here who could be affected by these specific "issues".
No answer to your question? How to write posts
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Posts: 908
Joined: Tue Oct 11, 2005 4:53 pm

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 12:16 pm

Sigh.... I give up.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 12:42 pm

The company that discovered the issue HAD NOT PUBLISHED IT at that point, so there is no difference if you update yesterday or tomorrow. Nobody knows about the issue and can't exploit it, it is very specific. They ask that we do not mention it in our release notes until they publish it themselves.

Actually in the RC release chain, it was fixed a few weeks ago already, but we were not allowed to disclose this information. This is common practice in these situations.
No answer to your question? How to write posts
 
mkx
Forum Guru
Forum Guru
Posts: 3185
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 2:53 pm

I believe @normis when he's saying Tenable denied Mikrotik to advertise details (including CVE numbers). However I have hard time to believe Mikrotik could not vaguely mention the fixes.

Right now, change log contains line
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
but I believe initially could contain a line like this:
!) security - fixed vulnerabilities in WebFig service where already authenticated user could cause service to crash
More details are not needed, but most administrators would be able to assess if they need to upgrade their devices or not.

Personally, these vulnerabilities affect half of my devices ... and until word about fixed vulnerabilities came around, I upgraded 3/4 of my devices, but not all affected. Sigh.
BR,
Metod
 
lymas
just joined
Posts: 1
Joined: Wed Aug 22, 2018 9:04 pm

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 5:27 pm

Hi Normis,

Thank you for all information.
Just one more question:

In the blog says "CVE-2018-1159: www memory corruption, if connections are initiated and not properly cleaned up then a heap corruption occurs in www."

In this CVE decription it does not say anything about being authenticated.
Do I have to be authenticated to exploit failure CVE-2018-1159?

Regards,

Lyma
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1721
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 5:53 pm

This must be the best version in years, as this topic only complains are about changelogs one entry....

Back on topic - solid version most of network spokes upgraded, core routers will be on the weekend.
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
mszru
just joined
Posts: 19
Joined: Wed Aug 10, 2016 10:42 am

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 6:25 pm

This version fixed the weird problem with Xiaomi Redmi 3S phones that could not get IPs from DHCP server running on hEX.

Thank you, MikroTik team!
 
rvilanov
just joined
Posts: 6
Joined: Mon Apr 22, 2013 4:38 pm

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 6:51 pm

Dhcp error still persists as offering lease withour success on CCR1009. After many errors the dhcp stops to answer for a while.
 
R1CH
Forum Veteran
Forum Veteran
Posts: 904
Joined: Sun Oct 01, 2006 11:44 pm

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 8:05 pm

Bricked a wAP AC by installing this from 6.36 / 6.37 (wasn't paying close attention to the old version). Rebooted and ethernet is constantly cycling link / no-link, no netinstall, no backup loader. RMA time it seems.

Be careful if upgrading from older versions!
 
User avatar
lenciso
just joined
Posts: 9
Joined: Wed Aug 03, 2016 3:46 pm
Location: PERÚ

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 10:33 pm

Hi,

I got this after of update

Webserver Crashed
Telnet service crashed.
You do not have the required permissions to view the files attached to this post.
Luiz Enciso
 
complex1
newbie
Posts: 35
Joined: Wed Jan 04, 2017 9:55 pm

Re: v6.42.7 [current] is released!

Thu Aug 23, 2018 11:44 pm

Just upgraded my RB2011 from 6.40.8 [bugfix] to 6.42.7 [current] and encounter no issues at all.
Keep up the good work guys.
Kind regards,
Frank.
 
Kerbia
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 4:20 am

Webserver Crashed
Telnet service crashed.
I confirm this.
 
Raumaster
newbie
Posts: 31
Joined: Fri Sep 28, 2012 2:18 am

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 6:51 am

Dhcp error still persists as offering lease withour success on CCR1009. After many errors the dhcp stops to answer for a while.
In our network we have one RB 3011 that works as a Load Balance and in this routerboard we have one DHCP server on one interface and it stoped working as well after applying 6.42.7. It was installed on top of 6.40.8. Downgraded it to 6.40.8 and then updated it to 6.40.9 and everything is working fine again.
 
knizamm
just joined
Posts: 2
Joined: Fri Dec 22, 2017 6:27 am

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 7:16 am

Webserver Crashed
Telnet service crashed.
I confirm this.
I can confirm this also.
 
notToNew
Member Candidate
Member Candidate
Posts: 148
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 8:46 am

In our network we have one RB 3011 that works as a Load Balance and in this routerboard we have one DHCP server on one interface and it stoped working as well after applying 6.42.7. It was installed on top of 6.40.8. Downgraded it to 6.40.8 and then updated it to 6.40.9 and everything is working fine again.
Same here.... Ntp Server stopped aswell. Stayinger at 6.40.9 dir awhile
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
nescafe2002
Long time Member
Long time Member
Posts: 624
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 10:00 am

@lenciso, Kerbia, knizamm, notToNew:

Please follow the steps mentioned in the change log to let MikroTik fix this issue asap:

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device
 
mkx
Forum Guru
Forum Guru
Posts: 3185
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 10:15 am

Please follow the steps mentioned in the change log to let MikroTik fix this issue asap:
I've seen crashed www service on my ARM-based device as well. Already sent supout.rif to support a few days ago. I'm waiting for any response (other thant automated response text). During crash, that service consumes 100% of CPU which is not a huge problem on my hAP ac2 with 4 CPU cores.

I'm not sure if www service crashes also on MIPSBE devices as it seems to happen only when service is in use and I've yet to use WebFig on MIPSBE devices. I'll try to avoid that as 100% CPU usage on single-core device could cause all other functions (such as routing) performance drop to nothing.
BR,
Metod
 
User avatar
hknet
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Sun Jul 17, 2016 6:05 pm
Location: Vienna, Austria
Contact:

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 10:23 am

Well you guys did want a security blog and more awareness. Now you complain that the issues are not serious enough :D We will try to find a balance.
I hope you understand that when you post a new version AND update the bugfix version at the same time, mentioning 4 security issues that have no description, the users get a bit nervous and assume that an update is urgently required.
I asked for the attack surface, you could have replied "issues in the webserver exploitable by authenticated users" and I would have known that it is not urgent for me to update, and I could have waited until more details became known.
But as the issue was completely unknown and it could well have been in ISAKMP, SSTP, PPP or whatever, I decided to work overtime to update everything.

So indeed it would be welcome when it was a little more clear what is going on.
I stand with pe1chl
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 648
Joined: Fri Nov 10, 2017 8:19 am

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 11:15 am

Well you guys did want a security blog and more awareness. Now you complain that the issues are not serious enough :D We will try to find a balance.
Normis, don't let them annoy you. This is great progress! And I really love that we finally got CVE numbers!
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 102
Joined: Thu Nov 05, 2015 12:30 pm
Location: czech republic

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 1:32 pm

@rushlife: Thank you for the scripts!
noproblemo :-)
 
diode
newbie
Posts: 32
Joined: Sun Sep 13, 2009 8:40 pm

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 4:36 pm

lhg 60 have a fixed rssi now, its not changing anymore. that's ok for already mounted aligned links, but it will make mounting new links more complicated. its obviously only measured once shortly after connecting.

the fluktuations are 6.42.6, the line is 6.42.7. the single movement was a reconnect. link ist 1514 m distance, but same thing with shorter links
Unbenannt.PNG
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 9:15 pm

It looks like the default routerboot boot mode has changed from "nand if fail then ethernet" to "try-ethernet-once-then-nand".
This wasn't mentioned in the release note. However, I think it is a good idea, I already set difficult-to-access devices that way.
Advantage: you can netinstall a device by powercycling it while connected to a computer with running netinstall, without having to fiddle with the button.
(which can be very tricky when the device is mounted on a tower)
 
td32
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri Nov 18, 2016 5:55 am

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 9:51 pm

It looks like the default routerboot boot mode has changed from "nand if fail then ethernet" to "try-ethernet-once-then-nand".
This wasn't mentioned in the release note. However, I think it is a good idea, I already set difficult-to-access devices that way.
Advantage: you can netinstall a device by powercycling it while connected to a computer with running netinstall, without having to fiddle with the button.
(which can be very tricky when the device is mounted on a tower)
Finally, thats good to know
 
nidhish
just joined
Posts: 1
Joined: Tue Dec 12, 2017 5:50 am

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 10:19 pm

I am trying to reset a 532a router board back to factory so I can access it. They recomended using netinstall so I am. However every time I try I am getting an error. bind tftp general failed: Only one usage of each socket address ( protocol/network address/port) is normally permitted (10048). Please advise what I can do to resolve this error
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 10:31 pm

1. please don't put questions not related to a specific release into the release topic
2. make sure you use a simple computer without lots of other programs on it, and make sure you are administrator.
 
mahmoud3dmax
just joined
Posts: 4
Joined: Sun Apr 08, 2018 5:22 am

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 10:41 pm

how fix this please help me !
You do not have the required permissions to view the files attached to this post.
 
mahmoud3dmax
just joined
Posts: 4
Joined: Sun Apr 08, 2018 5:22 am

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 10:46 pm

RouterOS version 6.42.7 has been released in public "current" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.42.7 (2018-Aug-17 09:48):

MAJOR CHANGES IN v6.42.7:
----------------------
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
----------------------


*) bridge - improved bridge port state changing process;
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding without VLAN filtering (introduced in 6.42.6);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) ppp - fixed interface enabling after a while if none of them where active;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - updated "united-states" regulatory domain information;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this concrete RouterOS release.

If you router has a storage issue (not enough space due to RouterOS, not by other files stored on the device), use package from this link:
https://www.mikrotik.com/download/share/fix_space.npk
- upload package to your router;
- run /system reboot

Other affected installations will be fixed automatically, if there is enough space left for an upgrade by this fix:
"package - free up used storage space consumed by old RouterOS upgrades"
how fix this please help me !
 
User avatar
razavim
Trainer
Trainer
Posts: 99
Joined: Sun Sep 27, 2015 1:43 pm
Location: Turkey
Contact:

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 11:36 pm

Just upgraded my 2011 and Hap AC Lite and (X86) all were so far so good.
MikroTik Trainer
Drone Developer
Artificial Intelligence(Deep Neural Network)
 
Pea
Member Candidate
Member Candidate
Posts: 191
Joined: Fri Jul 17, 2015 11:07 pm
Location: Czech

Re: v6.42.7 [current] is released!

Fri Aug 24, 2018 11:38 pm

how fix this please help me !
1. Please don't put questions not related to a specific release into the release topic
2. You are killing your router by Sector Writes, maybe logging on disc? Check your config, stop it! :)
3. You can try netinstall, helped me to recover bad blocks, just give it a try
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Posts: 908
Joined: Tue Oct 11, 2005 4:53 pm

Re: v6.42.7 [current] is released!

Sat Aug 25, 2018 1:59 pm

I noticed that interface "last link up/down times" are in the future.
interface up-down wrong time.png
You do not have the required permissions to view the files attached to this post.
 
modrus
just joined
Posts: 5
Joined: Sat Aug 25, 2018 2:33 pm

Re: v6.42.7 [current] is released!

Sat Aug 25, 2018 2:41 pm

Hello,

I have a big problem for me. I wanted to update RouterOS to v 6.42.7 but without success. Now I have disable Wireless module and my AP's are broken because my CAPsMAN is off.
If I want to enable a Wireless module nothing will hapend after restart :(

Can you help me?

Thank's
Update.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
xvo
Long time Member
Long time Member
Posts: 592
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: v6.42.7 [current] is released!

Sat Aug 25, 2018 2:57 pm

Hello,

I have a big problem for me. I wanted to update RouterOS to v 6.42.7 but without success. Now I have disable Wireless module and my AP's are broken because my CAPsMAN is off.
If I want to enable a Wireless module nothing will hapend after restart :(

Can you help me?

Thank's

Update.png
That's the reason:
*) package - do not allow to install out of bundle package if it already exists within bundle;
Try removing the duplicate package.
 
modrus
just joined
Posts: 5
Joined: Sat Aug 25, 2018 2:33 pm

Re: v6.42.7 [current] is released!

Sat Aug 25, 2018 3:09 pm

Yes, I tried it as first. But after restart is still Wireless package on it :(
 
User avatar
xvo
Long time Member
Long time Member
Posts: 592
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: v6.42.7 [current] is released!

Sat Aug 25, 2018 3:38 pm

Yes, I tried it as first. But after restart is still Wireless package on it :(
Looks like netinstall is the only solution:
viewtopic.php?f=1&t=133352&p=655190
 
CsXen
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Wed Sep 10, 2014 8:31 pm
Location: Budapest - Hungary

Re: v6.42.7 [current] is released!

Sat Aug 25, 2018 6:11 pm

I am trying to reset a 532a router board back to factory so I can access it. They recomended using netinstall so I am. However every time I try I am getting an error. bind tftp general failed: Please advise what I can do to resolve this error
Try it with a very old netinstall, which has been released before EOL declared on MIPSLE branch, about at version 5.26.

Best regards: CsXen

(sorry for offtopic)
 
modrus
just joined
Posts: 5
Joined: Sat Aug 25, 2018 2:33 pm

Re: v6.42.7 [current] is released!

Sat Aug 25, 2018 11:03 pm

Yes, I tried it as first. But after restart is still Wireless package on it :(
Looks like netinstall is the only solution:
viewtopic.php?f=1&t=133352&p=655190
Thank you @xvo. I used Netinstall and now is my RB1100AH ready :)
 
djerodrigues
just joined
Posts: 2
Joined: Wed Jan 10, 2018 1:27 am

Re: v6.42.7 [current] is released!

Sun Aug 26, 2018 4:46 am

Hello!

Upgraded my "wAP LTE kit" (RBwAPR-2nD&R11e-LTE) from v6.42.6, and the LTE stopped working!
The interface is up, and the "Status" information seems to be ok like before, however no traffic nor acquiring external IP address.
Downgraded to v6.42.6 and everything is working fine again!

Best Regards
 
User avatar
lenciso
just joined
Posts: 9
Joined: Wed Aug 03, 2016 3:46 pm
Location: PERÚ

Re: v6.42.7 [current] is released!

Sun Aug 26, 2018 5:34 am

I just updated another router mikrotik RB3011 to version 6.42.7 and at the moment of login with an account that uses a template with webfig the web service drops and the CPU rises

https://www.youtube.com/watch?v=CXJ-n0YrHhs

I sent the file supout.rif a few days ago with the same problem in an RB1100 router
Luiz Enciso
 
Zavi
newbie
Posts: 28
Joined: Thu Jul 05, 2012 1:02 pm
Location: Czech Republic

Re: v6.42.7 [current] is released!

Sun Aug 26, 2018 11:53 am

I noticed that interface "last link up/down times" are in the future.
I have the same problem, noticed on 6.42.6 version. Seems to be only Winbox problem, in console and WebFig it's correct.
linktime.png
You do not have the required permissions to view the files attached to this post.
RB751G-2HnD & RB2011UiAS-2HnD-IN at home
 
Kerbia
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Wed Nov 16, 2016 3:03 pm

Re: v6.42.7 [current] is released!

Mon Aug 27, 2018 4:31 am

I have port flapping issues on hap ac². Anyone else?
 
giannici
just joined
Posts: 8
Joined: Thu May 11, 2017 4:17 pm

Re: v6.42.7 [current] is released!

Mon Aug 27, 2018 12:06 pm

Webserver Crashed
Telnet service crashed.
I confirm this.
I can confirm this also.

Webserver crashed to us too!
 
manbot
just joined
Posts: 23
Joined: Sun Mar 23, 2014 1:28 am
Location: Minsk, Belarus
Contact:

Re: v6.42.7 [current] is released!

Mon Aug 27, 2018 12:30 pm

I have completely out of Internet connectivity (lte1 status running, but greyed) on wAP LTE kit.
The same issue is on 6.43rc64

Downgrading to 6.40.9 is solution for this.
 
nostromog
Member Candidate
Member Candidate
Posts: 161
Joined: Wed Jul 18, 2018 3:39 pm

Re: v6.42.7 [current] is released!

Mon Aug 27, 2018 2:24 pm

I upgraded during the weekend 1 hap ac (from 6.42.6) and 1 751G-2HnD (from 6.42.5 firmware 6.42.4, as I had forgotten one reboot). No problem in any of both.

In both I changed to "disable-pmkid=yes". No problem with wifi has been reported (and I warned the people in advance).
 
uldis
MikroTik Support
MikroTik Support
Posts: 3425
Joined: Mon May 31, 2004 2:55 pm

Re: v6.42.7 [current] is released!

Mon Aug 27, 2018 4:38 pm

We have found out that sometimes the R11e-LTE modems fail to get an IP address in 3G mode using RouterOS v6.42.7 - we will fix this problem in the next RC and then push that change to the Current release.
 
xicu
just joined
Posts: 20
Joined: Thu Oct 18, 2012 12:29 am

Re: v6.42.7 [current] is released!

Mon Aug 27, 2018 5:51 pm

We have found out that sometimes the R11e-LTE modems fail to get an IP address in 3G mode using RouterOS v6.42.7 - we will fix this problem in the next RC and then push that change to the Current release.
Thanks Uldis I wait because we find the same problem when I've upgraded from 6.42.3 to 6.42.7,
 
User avatar
eworm
Member
Member
Posts: 403
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.42.7 [current] is released!

Mon Aug 27, 2018 5:54 pm

We have found out that sometimes the R11e-LTE modems fail to get an IP address in 3G mode using RouterOS v6.42.7 - we will fix this problem in the next RC and then push that change to the Current release.
Thanks Uldis I wait because we find the same problem when I've upgraded from 6.42.3 to 6.42.7,
That's great news! It happens seldom, but I saw this myself several times. As I had no clue how to reproduce I did not yet mail the support.
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
mahmoud3dmax
just joined
Posts: 4
Joined: Sun Apr 08, 2018 5:22 am

Re: v6.42.7 [current] is released!

Mon Aug 27, 2018 10:46 pm

how fix this please help me !
You do not have the required permissions to view the files attached to this post.
 
Pea
Member Candidate
Member Candidate
Posts: 191
Joined: Fri Jul 17, 2015 11:07 pm
Location: Czech

Re: v6.42.7 [current] is released!

Tue Aug 28, 2018 1:38 am

Just start reading!
[time=1535139686 user_id=118648]
how fix this please help me !
1. Please don't put questions not related to a specific release into the release topic, make new topic!
2. You are killing your router by Sector Writes, maybe logging on disc? Check your config, stop it! :)
 
texmeshtexas
newbie
Posts: 36
Joined: Sat Oct 11, 2008 11:17 pm

Re: v6.42.7 [current] is released!

Tue Aug 28, 2018 10:03 pm

6.42.7 BGP problem

we have 6.42.7 updated this morning.
I'm noticing that our BGP blackhole peer with our upstream is not sending withdrawal from the network list like it used to.

anyone else have issues with this?
 
105547111
Member Candidate
Member Candidate
Posts: 132
Joined: Fri Jun 22, 2012 9:46 pm

Re: v6.42.7 [current] is released!

Wed Aug 29, 2018 12:58 am

We have found out that sometimes the R11e-LTE modems fail to get an IP address in 3G mode using RouterOS v6.42.7 - we will fix this problem in the next RC and then push that change to the Current release.
I found same issue on ccr1016-12G, very intermittent..
 
105547111
Member Candidate
Member Candidate
Posts: 132
Joined: Fri Jun 22, 2012 9:46 pm

Re: v6.42.7 [current] is released!

Wed Aug 29, 2018 1:02 am

6.42.7 BGP problem

we have 6.42.7 updated this morning.
I'm noticing that our BGP blackhole peer with our upstream is not sending withdrawal from the network list like it used to.

anyone else have issues with this?
Not for me .My BGP blackholes in both ipv4 and ipv6 are sending out withdrawals and ends are receiving withdrawals.
 
dg1kwa
just joined
Posts: 11
Joined: Tue Aug 17, 2010 12:32 pm
Location: Monheim

Re: v6.42.7 [current] is released!

Wed Aug 29, 2018 3:44 pm

RB3011 upgrade and IPSEC brocken :(
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 505
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.42.7 [current] is released!

Wed Aug 29, 2018 3:49 pm

We are aware of a specific IPsec issue caused by the new improved policy handling in 6.42.7. A fix is already available in the latest release candidate version and will be included in the next current version as well. Very sorry for inconvenience.
 
dg1kwa
just joined
Posts: 11
Joined: Tue Aug 17, 2010 12:32 pm
Location: Monheim

Re: v6.42.7 [current] is released!

Wed Aug 29, 2018 4:04 pm

We are aware of a specific IPsec issue caused by the new improved policy handling in 6.42.7. A fix is already available in the latest release candidate version and will be included in the next current version as well. Very sorry for inconvenience.
Thank you for information, but I not understand why this not tested before a release published!?
 
sindy
Forum Guru
Forum Guru
Posts: 3959
Joined: Mon Dec 04, 2017 9:19 pm

Re: v6.42.7 [current] is released!

Wed Aug 29, 2018 4:29 pm

I'd assume that the reason is that it only happens in a specific scenario which has not been encountered during the tests.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
cthil
just joined
Posts: 13
Joined: Sun Jan 10, 2016 7:29 pm

Re: v6.42.7 [current] is released!

Wed Aug 29, 2018 5:36 pm

HTTP interface (with SSL) is also broken on RB3011. After rebooting, the interface dies again after a few minutes. Sometimes it causes high CPU load.
 
kayu
just joined
Posts: 3
Joined: Thu Aug 30, 2018 6:35 am

Re: v6.42.7 [current] is released!

Thu Aug 30, 2018 6:48 am

Upgrade v6.40.x to v6.42.7 and can't login into system (via ssh, winbox). But CHR work done. Why unmanaged?
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1717
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6.42.7 [current] is released!

Thu Aug 30, 2018 9:06 am

Have you tried to use WinBox with MAC connection?
Real admins use real keyboards.
 
kayu
just joined
Posts: 3
Joined: Thu Aug 30, 2018 6:35 am

Re: v6.42.7 [current] is released!

Thu Aug 30, 2018 9:45 am

Have you tried to use WinBox with MAC connection?
Yes, get ERROR: wrong username or password.
 
notToNew
Member Candidate
Member Candidate
Posts: 148
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.42.7 [current] is released!

Thu Aug 30, 2018 10:05 am

Just type in again the password, don't use the saves password.
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
kayu
just joined
Posts: 3
Joined: Thu Aug 30, 2018 6:35 am

Re: v6.42.7 [current] is released!

Thu Aug 30, 2018 10:09 am

Just type in again the password, don't use the saves password.
No saves password, only type.
 
ssbaksa
newbie
Posts: 30
Joined: Tue Oct 20, 2015 10:38 am

Re: v6.42.7 [current] is released!

Fri Aug 31, 2018 9:06 am

Upgrade v6.40.x to v6.42.7 and can't login into system (via ssh, winbox). But CHR work done. Why unmanaged?
Just curious. Which version of Winbox do you use?
I have used older version with new firmware once and something like that happened to me.
SSH is always disabled on my routers so I didn't even try that.

Br
Sasa
 
ivan98
just joined
Posts: 1
Joined: Tue Sep 04, 2018 4:54 am

Re: v6.42.7 [current] is released!

Tue Sep 04, 2018 5:11 am

I've a home setup with CCR1009 router, CRS125-24G switch and access points HAP AC 962UiGS & RB951G. Running CAPsMAN with controller at the CCR.

All devices on 6.42 firmware until I upgrade them to 6.42.7, at around 4pm 02 Sep. No other config change were made.

From my grafana graph, you can clearly see the transition before and after 4pm 02 Sep - my Apple devices' RX/TX rates seems capped around 300Mbps, while my sole Xiaomi phone seems not affected at below 500Mbps.
mikrotik1.png
You do not have the required permissions to view the files attached to this post.
 
XeviMB
just joined
Posts: 3
Joined: Tue Sep 04, 2018 12:10 pm

Re: v6.42.7 [current] is released!

Tue Sep 04, 2018 12:41 pm

Hello,

The same thing happens to Kayu. Since I upgraded to v6.42.7 I can not access the routers, it indicates an incorrect username or password ...

I think the problem is for the admin user ... in some routers I only had this user configured and now I can not enter

Mikrotik any solution?

Thanks in advance
 
zyzelis
Member Candidate
Member Candidate
Posts: 212
Joined: Sun Apr 08, 2012 9:25 pm

Re: v6.42.7 [current] is released!

Tue Sep 04, 2018 1:08 pm

Hello,

The same thing happens to Kayu. Since I upgraded to v6.42.7 I can not access the routers, it indicates an incorrect username or password ...

I think the problem is for the admin user ... in some routers I only had this user configured and now I can not enter

Mikrotik any solution?

Thanks in advance
Upgrade your winbox to latest
 
XeviMB
just joined
Posts: 3
Joined: Tue Sep 04, 2018 12:10 pm

Re: v6.42.7 [current] is released!

Tue Sep 04, 2018 4:13 pm

I have updated the wimbox to the latest version and it still fails

Thanks
 
MDE
just joined
Posts: 3
Joined: Mon Jun 20, 2016 8:38 am

Re: v6.42.7 [current] is released!

Tue Sep 04, 2018 5:19 pm

I have updated the wimbox to the latest version and it still fails

Thanks
Have you cleared the cache?

Sent from my VTR-L29 using Tapatalk

 
sindy
Forum Guru
Forum Guru
Posts: 3959
Joined: Mon Dec 04, 2017 9:19 pm

Re: v6.42.7 [current] is released!

Tue Sep 04, 2018 5:37 pm

He's got problems even to log in using ssh so it doesn't seem to be a Winbox-related issue.

@kayu, @XeviMB, it takes time for the ssh to generate a new key on the very first login attempt, and maybe a new one is generated after upgrade, so if you have tried to log in using ssh only once, try again now after some time has elapsed. But it is just a wild guess.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
jenechka
newbie
Posts: 27
Joined: Sat Oct 29, 2016 4:30 pm
Location: Russian Federation, Siberia

Re: v6.42.7 [current] is released!

Wed Sep 05, 2018 5:59 am

Hi, everybody
the firmware itself was updated to 6.42.7
the services included api and DNS registered 8.8.8.8 instead of provider ...
I got busted? or someone had a similar
 
XeviMB
just joined
Posts: 3
Joined: Tue Sep 04, 2018 12:10 pm

Re: v6.42.7 [current] is released!

Wed Sep 05, 2018 5:26 pm

He's got problems even to log in using ssh so it doesn't seem to be a Winbox-related issue.

@kayu, @XeviMB, it takes time for the ssh to generate a new key on the very first login attempt, and maybe a new one is generated after upgrade, so if you have tried to log in using ssh only once, try again now after some time has elapsed. But it is just a wild guess.

I can not enter by ssh...

It only happens to me in those routers that I have updated to v 6.42.7 and only have the admin user created

Mikrotik??
 
Swordforthelord
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Thu Jul 08, 2010 10:18 pm

Re: v6.42.7 [current] is released!

Fri Sep 07, 2018 5:19 pm

I have port flapping issues on hap ac². Anyone else?
I have an RB750Gr3 in the field running 6.42.7 and ports 1 and 3 keep going up and down.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1310
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: v6.42.7 [current] is released!

Fri Sep 07, 2018 11:32 pm

Did you have problem with other version than 6.42.7
Can you try a clean install and see if port goes up/down?
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
rjj
just joined
Posts: 7
Joined: Sat Sep 08, 2018 12:13 am

Re: v6.42.7 [current] is released!

Sat Sep 08, 2018 12:50 am

Hi guys,

I´ve tried remote upgrade into controlled environment (via package menu) on Ccr1009-8g-1s-1s+ from V6.28 to V6.42.7 and lost connectivity so something went bad.
The screen upgrade showed image dowloaded and it was rebooting after that nothing more and I can´t reconnect over VPN.
I´ll going to check on-site. Please any ideas?

Tks
RJJ
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.42.7 [current] is released!

Sat Sep 08, 2018 12:52 am

I´ve tried remote upgrade into controlled environment (via package menu) on Ccr1009-8g-1s-1s+ from V6.28 to V6.42.7 and lost connectivity so something went bad.
The screen upgrade showed image dowloaded and it was rebooting after that something more.
I´ll going to check on-site. Please any ideas?
You have made a too-big version upgrade, you should have installed some intermediate versions.
 
rjj
just joined
Posts: 7
Joined: Sat Sep 08, 2018 12:13 am

Re: v6.42.7 [current] is released!

Sat Sep 08, 2018 1:01 am

I´ve tried remote upgrade into controlled environment (via package menu) on Ccr1009-8g-1s-1s+ from V6.28 to V6.42.7 and lost connectivity so something went bad.
The screen upgrade showed image dowloaded and it was rebooting after that something more.
I´ll going to check on-site. Please any ideas?
You have made a too-big version upgrade, you should have installed some intermediate versions.
Thank you for your fast replay! I´ve checked RN and the community and see nothing related minimum version that is because I proceed. The best I found is here below.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

The system should reboot back to previous version? Also, what I can do there --> Reboot? Reinstall version? Reset the entire box?
What should be the GOLD steps in order to recovery as fast we can and upgrade this in safe mode?
Should I upgrade the mother-board too? Before or after de system upgrade?
RJJ
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.42.7 [current] is released!

Sat Sep 08, 2018 1:35 am

By now the only thing you likely can do is netinstall and reconfigure.
You COULD have repartitioned the device into 2 partitions and copy the old version so you could revert back
But that is too late now.
 
rjj
just joined
Posts: 7
Joined: Sat Sep 08, 2018 12:13 am

Re: v6.42.7 [current] is released!

Sat Sep 08, 2018 2:19 am

By now the only thing you likely can do is netinstall and reconfigure.
You COULD have repartitioned the device into 2 partitions and copy the old version so you could revert back
But that is too late now.
Tks for your support here!
To be honest here I´m frustrated due I never saw a software upgrade crash the entire system it doesn´t make any sense nowadays.
Also, netinstall as unique option who requests a entire new deploymment...it´s frustrating... Of course I´m going to use config backups but it should never damage and crash the ENTIRE system like this.
I was looking for some other paths before appeal for something radical. Netconfig is limitted due it´s mandatory Windows PC and we use only Macbooks so another issue here.
I would recommend someone update ASAP the RN/upgrade notes informing minimumm supported versions upgrades.
Please, do you know what´s the minimum supported version in order to go to v6.42.7?
Also please who knows about mother-board upgrade X system upgrade? Any docs?
Thanks for your attention I really appreciate!
RJJ
 
ac6529
just joined
Posts: 4
Joined: Sun Apr 30, 2017 9:22 am

Re: v6.42.7 [current] is released!

Sat Sep 08, 2018 1:17 pm

Netconfig is limitted due it´s mandatory Windows PC and we use only Macbooks so another issue here.
If it's any help, I have succeeded doing a couple of netinstalls using Windows running in a virtual machine on a Mac.
So basically you could take a trial of VMware, install W10 in it as a trial, recover your router and then get rid of the hypervisor and windows without spending a dime.
 
rjj
just joined
Posts: 7
Joined: Sat Sep 08, 2018 12:13 am

Re: v6.42.7 [current] is released!

Sat Sep 08, 2018 2:18 pm

Netconfig is limitted due it´s mandatory Windows PC and we use only Macbooks so another issue here.
If it's any help, I have succeeded doing a couple of netinstalls using Windows running in a virtual machine on a Mac.
So basically you could take a trial of VMware, install W10 in it as a trial, recover your router and then get rid of the hypervisor and windows without spending a dime.
Yes, make sense thank you for your contribution. The vendor should take care about this and create easily paths to do things. In this case I need to install Virtual environment + install entire OS just to be compliance to a limited netconfig..it doesn´t make any sense nowadays. Someone from the vendor (engineeer and product managers) must be reviewing that.
All of this is because there is a poor docs/new releases infos missing minimum or tested software version upgrade and also there is SPOF during upgrading process where the entire systems CRASH. Many others vendors roll-back automatically to previous version and at least give a console warning message please upgrade to x before that. It´s basic!
Anyway, thanks for your hint here!
RJJ
 
pe1chl
Forum Guru
Forum Guru
Posts: 5923
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.42.7 [current] is released!

Sat Sep 08, 2018 5:46 pm

Many others vendors roll-back automatically to previous version and at least give a console warning message please upgrade to x before that. It´s basic!
As I already wrote, you could have had that! But on MikroTik it is a user-decision to yield half of the fash capacity to have version rollback.
See this: https://wiki.mikrotik.com/wiki/Manual:Partitions

In short: click on partition, select repartition, set number of partitions to 2.
The router will reboot and now instead of 128MB you will have 64MB of flash.
Go back to partition, select a partition and then "copy to", select the other partition.
Now you do your upgrade. When the router fails to boot, it will try boot from the other partition and you are back
in your old version, which you can copy again to try something else.

Apparently most users do not know that, and it is becoming less interesting as all new low-end routers do not have enough flash space to do this.
However, for your CCR it still was and is an option. I use it on the two CCRs I manage and it already has saved me.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1310
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: v6.42.7 [current] is released!

Sun Sep 09, 2018 8:14 am

@rjj

If you does not like it the way MikroTik do it, you can always go for another vendor like Cisco.
But it would be at a much higher cost.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
rjj
just joined
Posts: 7
Joined: Sat Sep 08, 2018 12:13 am

Re: v6.42.7 [current] is released!

Sun Sep 09, 2018 1:51 pm

Many others vendors roll-back automatically to previous version and at least give a console warning message please upgrade to x before that. It´s basic!
As I already wrote, you could have had that! But on MikroTik it is a user-decision to yield half of the fash capacity to have version rollback.
See this: https://wiki.mikrotik.com/wiki/Manual:Partitions

In short: click on partition, select repartition, set number of partitions to 2.
The router will reboot and now instead of 128MB you will have 64MB of flash.
Go back to partition, select a partition and then "copy to", select the other partition.
Now you do your upgrade. When the router fails to boot, it will try boot from the other partition and you are back
in your old version, which you can copy again to try something else.

Apparently most users do not know that, and it is becoming less interesting as all new low-end routers do not have enough flash space to do this.
However, for your CCR it still was and is an option. I use it on the two CCRs I manage and it already has saved me.
Thanks for the tip and the link. It was crystal clear on your previous post even it's manually and limited to specific systems so I'm going to start and use when it's possible. From my point of view I highly recommend the vendor implement for all systems by default in order to avoid upgrades issues, downtimes, field hours and the most import eliminate the SPoF. It never should be a user decision in my opinion. Nowadays even 8 ports basic switchs support 2 images (primary-secondary) automatically managed. I really appreciate your time and tips! Tomorrow I'll be on-site fixing the issue.
Last edited by rjj on Sun Sep 09, 2018 2:25 pm, edited 2 times in total.
RJJ
 
rjj
just joined
Posts: 7
Joined: Sat Sep 08, 2018 12:13 am

Re: v6.42.7 [current] is released!

Sun Sep 09, 2018 1:58 pm

@rjj

If you does not like it the way MikroTik do it, you can always go for another vendor like Cisco.
But it would be at a much higher cost.
I know my options so you don't need waste time to tell the obvious.
This is a serious reflection about troubleshooting, architecture and documentations.
RJJ
 
K1w1user
newbie
Posts: 31
Joined: Thu Mar 21, 2013 12:28 am

Re: v6.42.7 [current] is released! ssh and winbox issue

Mon Sep 10, 2018 8:49 am

I just upgraded a new RB3011 from 6.40 to 6.42.7 and now find I can no longer ssh or winbox over a pptp link.

Confirmed by testing, then upgrading a second RB2011 from an older 6.3x to 6.42.7.

Torch shows inbound traffic but no outbound response.

Is this a new "security" measure?

Mark.
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 505
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.42.7 [current] is released!

Mon Sep 10, 2018 9:53 am

New version 6.43 has been released in current RouterOS channel:

viewtopic.php?f=21&t=138995

Who is online

Users browsing this forum: No registered users and 15 guests