Community discussions

 
dgrififth
just joined
Posts: 7
Joined: Sat Oct 15, 2016 10:35 am

Re: v6.44beta [testing] is released!

Thu Nov 01, 2018 3:49 am

I would not know a legitimate reason why proxy-arp would work and normal arp would not, when the client is correctly configured.
Hence why I suspect it's a bug in ROS. :-P

They're remote clients running a full screen app on winCE, so it's difficult to debug. Disturbing the port in any way (eg unplug/re-plug, disable/enable in ROS) fixes the issue temporarily, other brands of switches don't present this problem to the device, etc, etc. It's the combo of Mikrotik Hex switch + this device that has the issue. Anyway, I've left a few units on proxy-arp and a few units running 6.42.9, so will observe for a while.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4868
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.44beta [testing] is released!

Thu Nov 01, 2018 10:30 am

While the device cannot communicate (I presume to an outside network, not internal to the LAN subnet), is it still possible to ping the device from the router (i.e. from within the same subnet)?
And is it possible to ping the device from outside and wake-up the stalled connection?
 
User avatar
eworm
Member Candidate
Member Candidate
Posts: 184
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.44beta [testing] is released!

Fri Nov 02, 2018 10:20 am

Nice catch. It is because of the new IKEv2 feature which works with DHCP. I will update the changelog.
Will devices be able to handle that on its own? Or more important... Will CAPsMAN handle this for connected devices?
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 278
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Fri Nov 02, 2018 12:21 pm

Will devices be able to handle that on its own? Or more important... Will CAPsMAN handle this for connected devices?

We will see if we can remove the dependency, but most likely users with standalone packages will have to handle the upgrade process by themselves.
 
User avatar
hknet
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Sun Jul 17, 2016 6:05 pm
Location: Vienna, Austria
Contact:

Re: v6.44beta [testing] is released!

Fri Nov 02, 2018 9:29 pm

Hi
regarding the issue:

bridge - fixed packet forwarding when changing MSTI VLAN mappings

could someone from MT please elaborate?
we have been quite unsuccessfull integrating crs317 devices in our network using MSTP
the RSTP from other devices arriving on vlans is simply not being replicated to other memberports of the same VLAN (untagged/tagged).

please advise
hk
 
dgrififth
just joined
Posts: 7
Joined: Sat Oct 15, 2016 10:35 am

Re: v6.44beta [testing] is released!

Sat Nov 03, 2018 11:13 pm

While the device cannot communicate (I presume to an outside network, not internal to the LAN subnet), is it still possible to ping the device from the router (i.e. from within the same subnet)?
And is it possible to ping the device from outside and wake-up the stalled connection?
Nope. Link to the device from the switch is reported as being up by both the device and the switch, but it's completely unpingable. Device can't connect to a server on the same subnet, server or any other IP on the subnet can't ping the device. ARP pings fail as well. Packet sniffing shows ping packets making it to the port that the device is connected to (according to ROS when I packet sniff on the port, anyway), but nothing from the device, not even normal idle packets (arps, windows networking packets,etc). Zero bytes / packets come from the port when the fault is present.

It's very mysterious.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4868
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.44beta [testing] is released!

Sat Nov 03, 2018 11:32 pm

It is a bit contradictory. When you say you see outgoing pings to the device, that is only possible when the device has answered ARP requests (so the router knows the device MAC address, if not you would see ARP requests to the device), but then you say that ARP pings fail.
When turning on proxy-arp fixes it it suggests that ARP is involved and maybe the device does not get answers on its ARP requests (to the router), but when changing something in the router fixes that, you would think that ARP requests *are* in fact sent by the device, but not answered by the router when not in proxy-arp mode.
That could happen e.g. when the requested address in the ARP does not match the address of the router, and this the ARP request is ignored, while it is answered in proxy-arp mode.
But in this case you still should see incoming ARP requests from the device whenever it does not answer pings.
(sometimes devices do not send them "in response to" the incoming packet that requires a reply, but send them at some fixed rate when the first one had not been answered)

I think you need to trace a bit longer to know for sure that really nothing comes in from the device, and especially look for malformed ARP requests.
 
DezsiIstvan
just joined
Posts: 3
Joined: Sat Nov 24, 2012 8:20 pm

Re: v6.44beta [testing] is released!

Sun Nov 04, 2018 9:26 pm

I test radsec (RFC 6614) radius connection.
It's works (connecting over SSL encrypted tcp connection to radius server)

I got the following request on our freeradius server
(1) Received Access-Request Id 23 from y.y.y.y:40627 to 0.0.0.0:2083 length 146
(1) Service-Type = Login-User
(1) User-Name = "username"
(1) MS-CHAP-Challenge = 0x...3e
(1) MS-CHAP2-Response = 0x...bc
(1) Calling-Station-Id = "x.x.x.x"
(1) NAS-Identifier = "AP-name"
(1) NAS-IP-Address = y.y.y.y

I have some problems,questions and future requests:

- for all authentication services (SSH/Winbox/HTTPS/API-SSL/...) we need Clear-Text password not MS-CHAP / MS-CHAP2 because on radius server passwords are hashed
THIS IS VERY IMPORTANT
radsec with mschap is useless

- for us be useful if we differentiate mikrotik auth service in "Service-Type" for example
for ssh put in Service-Type = ssh (like linux machines)
with this we can decide on radius server which user have access via which service
for example "john have access only via winbox, bob via ssh,winbox,https

- mikrotik radsec client how authenticate the server ?

Future requests I need to email to support ?
 
User avatar
artz
MikroTik Support
MikroTik Support
Posts: 88
Joined: Tue Oct 17, 2017 5:51 pm
Location: Riga
Contact:

Re: v6.44beta [testing] is released!

Mon Nov 05, 2018 10:07 am

Hi
regarding the issue:

bridge - fixed packet forwarding when changing MSTI VLAN mappings

could someone from MT please elaborate?
we have been quite unsuccessfull integrating crs317 devices in our network using MSTP
the RSTP from other devices arriving on vlans is simply not being replicated to other memberports of the same VLAN (untagged/tagged).

please advise
hk
The bug affected all devices. Traffic stopped forwarding when you started to change MSTI VLAN mappings, but you could easily fix it by disabling it and re-enabling it.
MSTP is compatible with RSTP, this means that BPDUs should not be replicated anywhere, each device sends out its own BPDU.
It sounds a lot more like you have misconfigured device:
https://wiki.mikrotik.com/wiki/Manual:L ... _interface
 
mducharme
Trainer
Trainer
Posts: 662
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.44beta [testing] is released!

Tue Nov 06, 2018 6:04 pm

I see some complaining about MS-CHAPv2 support in Winbox. We like the MS-CHAPv2 support for Winbox because it allows us to no longer have to store the passwords unencrypted on the authentication server, so I hope it is retained in some way. We do not wish to go back to regular CHAP in our case.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1794
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: v6.44beta [testing] is released!

Wed Nov 07, 2018 1:00 am

I see some complaining about MS-CHAPv2 support in Winbox. We like the MS-CHAPv2 support for Winbox because it allows us to no longer have to store the passwords unencrypted on the authentication server, so I hope it is retained in some way. We do not wish to go back to regular CHAP in our case.
Agreed

Security first!
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
User avatar
mozerd
Member Candidate
Member Candidate
Posts: 135
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v6.44beta [testing] is released!

Wed Nov 07, 2018 1:45 pm

I see some complaining about MS-CHAPv2 support in Winbox. We like the MS-CHAPv2 support for Winbox because it allows us to no longer have to store the passwords unencrypted on the authentication server, so I hope it is retained in some way. We do not wish to go back to regular CHAP in our case.
Agreed

Security first!
ABSOLUTELY, security first.
 
DezsiIstvan
just joined
Posts: 3
Joined: Sat Nov 24, 2012 8:20 pm

Re: v6.44beta [testing] is released!

Wed Nov 07, 2018 2:39 pm

I see some complaining about MS-CHAPv2 support in Winbox. We like the MS-CHAPv2 support for Winbox because it allows us to no longer have to store the passwords unencrypted on the authentication server, so I hope it is retained in some way. We do not wish to go back to regular CHAP in our case.
MS-CHAPv2 need clear-text / decryptable password or MD4 hash of password on radius server side
this mean that in radius server we need to store clear text or decryptable password in database (very insecure, MD4 is also very insecure)
Storing clear-text or reversible password is not allowed. We store only a SHA512 hash of salt+password.
To authenticate a password we need it in clear-text to compute the hash and compare with stored hash

Using MS-CHAP(v2) in a TLS tunnel (radsec) is a nonsense because TLS is a safe encrypted transfer protocol and can be used to transfer password in clear-text like every webpage (https).
So:
1) radsec uses TLS like HTTPS and safe for clear-text password transfer.
2) clear-text password transfer is needed to authenticate against hashed password, stored on radius server

radsec + mschap mean double encrypt the password in tranzit with a secure (radsec) and an unsecure (ms chap v2) algorithm with the price of insecure password store on radius server
radsec + clear-text password mean encrypt the password in tranzit with a secure (radsec) algorithm and on password server passwords can be stored with any algorithm for example with the seucre SHA512

because security is first, is important to send the password in clear-text format to radius server over a secure TLS encrypted (radsec) way

this method is used by every https webpage (clear-text password over TLS)
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8142
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Wed Nov 07, 2018 4:32 pm

Clear-text password over any channel is a source of MitM. In MS-CHAPv2 client has to prove he knows the password and also the server has to prove he knows the same password (two-way authentication)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 246
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.44beta [testing] is released!

Thu Nov 08, 2018 4:17 am

All hash options is useless, Static passwords is insecure. I use OTP (One time Password) can't hash anything because there is nothing to hash on. Please reimplement PAP so I may once again be secure.
 
anuser
Member Candidate
Member Candidate
Posts: 278
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.44beta [testing] is released!

Wed Nov 14, 2018 10:24 am

Version 6.44beta9 has been released.
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
I cannot find that setting...
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8142
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Wed Nov 14, 2018 11:30 am

I cannot find that setting...
You do not have the required permissions to view the files attached to this post.
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2173
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.44beta [testing] is released!

Fri Nov 16, 2018 12:53 pm

No new beta?
LAN, FTTx, Wireless. ISP operator
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8142
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Fri Nov 16, 2018 1:25 pm

No new beta?
Bettar beta? =)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
Jotne
Forum Veteran
Forum Veteran
Posts: 707
Joined: Sat Dec 24, 2016 11:17 am

Re: v6.44beta [testing] is released!

Fri Nov 16, 2018 4:23 pm

They are working with the new 7.xx, so be patient.
.
Use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8142
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Fri Nov 16, 2018 4:48 pm

This topic is not the place where we're joking about v7 :)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
paulct
Member Candidate
Member Candidate
Posts: 263
Joined: Fri Jul 12, 2013 5:38 pm

Re: v6.44beta [testing] is released!

Fri Nov 16, 2018 4:59 pm

 
psannz
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Mon Nov 09, 2015 3:52 pm
Location: Renningen, Germany

Re: v6.44beta [testing] is released!

Fri Nov 16, 2018 5:09 pm

 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8142
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Fri Nov 16, 2018 6:48 pm

Try again :)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
server8
Member
Member
Posts: 312
Joined: Fri Apr 22, 2011 1:27 pm

Re: v6.44beta [testing] is released!

Sat Nov 17, 2018 6:38 pm

4 chains without mu-mimo it's a joke?
I cannot find that setting...
 
mistry7
Forum Veteran
Forum Veteran
Posts: 961
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: v6.44beta [testing] is released!

Sun Nov 18, 2018 2:29 pm

4 chains without mu-mimo it's a joke?
I cannot find that setting...
No, that is a feature!
 
mkx
Forum Guru
Forum Guru
Posts: 1021
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.44beta [testing] is released!

Sun Nov 18, 2018 2:45 pm

4 chains without mu-mimo it's a joke?
I cannot find that setting...
No, that is a feature!
mimo 4x4 using 2 TX and 2 RX chains works much better than mimo 2x2 using same hardware.
BR,
Metod
 
Paternot
Member
Member
Posts: 444
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v6.44beta [testing] is released!

Sun Nov 18, 2018 3:27 pm

 
mistry7
Forum Veteran
Forum Veteran
Posts: 961
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: v6.44beta [testing] is released!

Sun Nov 18, 2018 9:50 pm

4 chains without mu-mimo it's a joke?
I cannot find that setting...
No, that is a feature!
mimo 4x4 using 2 TX and 2 RX chains works much better than mimo 2x2 using same hardware.
You Are not really benefiting without mumimo, and Status today ROS doesn’t support MU-Mimo or Wave2 or something else new..
Mikrotik Wireless is outdated!
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1794
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: v6.44beta [testing] is released!

Mon Nov 19, 2018 5:40 am

http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
Punkley
just joined
Posts: 1
Joined: Fri Sep 01, 2017 9:24 am

Re: v6.44beta [testing] is released!

Mon Nov 19, 2018 9:27 am

using a w60G and beta28 im not getting any information on the interface page eg

Frequency 64800
Remote MAC
Signal
MCS
PHY Rate
RSSI
TX Sector
TX Sector Info
RX Sector
Distance

All blank, and the quickset page is showing 0 for signal and MCS

Kingsley
 
tiftok
newbie
Posts: 35
Joined: Thu Apr 07, 2016 1:40 pm

Re: v6.44beta [testing] is released!

Sat Nov 24, 2018 12:55 pm

GREET MY PROBLEM SOLVE
l2tp server ISAKMP-SA deleted problem if dhcp enable solve in 6.44beta28
Khaled mulsi ->>> I love mikrotik :D --TIFTOK--
 
Stril
Member Candidate
Member Candidate
Posts: 100
Joined: Fri Nov 12, 2010 7:18 pm

Re: v6.44beta [testing] is released!

Sun Nov 25, 2018 1:07 am

using a w60G and beta28 im not getting any information on the interface page eg

Frequency 64800
Remote MAC
Signal
MCS
PHY Rate
RSSI
TX Sector
TX Sector Info
RX Sector
Distance

All blank, and the quickset page is showing 0 for signal and MCS

Kingsley
I can confirm this on LHG60
 
rzirzi
Member
Member
Posts: 357
Joined: Mon Oct 09, 2006 2:33 pm

Re: v6.44beta [testing] is released!

Mon Nov 26, 2018 10:54 pm

Have MikroTik stopped working at new version of RouterOS ? :(
 
raffav
Member Candidate
Member Candidate
Posts: 249
Joined: Wed Oct 24, 2012 4:40 am

Re: v6.44beta [testing] is released!

Mon Nov 26, 2018 11:07 pm

Have MikroTik stopped working at new version of RouterOS ? :(
I think maybe but just maybe they are ready for the 7v beta :)
would be a very nice Christmas present
 
server8
Member
Member
Posts: 312
Joined: Fri Apr 22, 2011 1:27 pm

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 9:39 am

We are bad boys so no new ROS from Santa Claus this year :-)
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 278
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 9:57 am

New beta build will be released later today. Had to polish some new features before releasing the version.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2173
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 1:37 pm

New beta build will be released later today. Had to polish some new features before releasing the version.
Please no new 6.44beta...
We wait for V7
LAN, FTTx, Wireless. ISP operator
 
msatter
Forum Veteran
Forum Veteran
Posts: 965
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 1:40 pm

We are now all sitting on the edge of our seats.
RB760iGS (hEX S) with the SFP being cooled.
Running:
RouterOS 6.44Beta40 / Winbox 3.18 / MikroTik APP 1.0.13
Cooling a SFP module: viewtopic.php?f=3&t=132258&p=671105#p671105
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 278
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 3:23 pm

Version 6.44beta39 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.44beta39 (2018-Nov-27 12:14):

Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
*) btest - added multithreading support for both UDP and TCP tests;
*) bridge - properly disable dynamic CAP interfaces;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - properly flush old CRLs when changing store location;
*) certificate - added support for multiple "Subject Alt. Names" (CLI only);
*) chr - correctly initialize grant table version 1;
*) cloud - added "ddns-update-interval" parameter (CLI only);
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter) (CLI only);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) kidcontrol - properly detect time zone changes;
*) log - properly handle long echo messages;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for more ZTE MF90 modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - increased reported "rsrq" precision (CLI only);
*) profiler - classify kernel crypto processing as "encrypting";
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - report last seen IP address in RADIUS accounting messages;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
 
muetzekoeln
newbie
Posts: 25
Joined: Fri Jun 29, 2018 2:34 pm

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 3:51 pm

"/tool speed-test"
No iperf?? :?
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1688
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 4:11 pm

Average Joe will not know how to use iperf. I think target audience for this feature is defferent from iperf users :)
But it is fun anyway:
[admin@1072_bonding_test_1] > /tool speed-test 192.168.1.2 test-duration=60
                  ;;; results can be limited by cpu, note that traffic generation/termination performance might not be 
                      representative of forwarding performance
              status: done
      time-remaining: 0s
    ping-min-avg-max: 111us / 123us / 2.14ms
  jitter-min-avg-max: 0s / 10us / 2.01ms
                loss: 0% (0/1200)
        tcp-download: 11.6Gbps local-cpu-load:83%
          tcp-upload: 12.1Gbps local-cpu-load:89% remote-cpu-load:84%
        udp-download: 24.3Gbps local-cpu-load:5% remote-cpu-load:79%
          udp-upload: 23.1Gbps local-cpu-load:87% remote-cpu-load:20%
Why there are no tcp-download "remote-cpu-load"?
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
msatter
Forum Veteran
Forum Veteran
Posts: 965
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 4:12 pm

I have my DNS cache being flooded with I think IP coming from the Addresslists.

Screen content of DNS Cache
N IP:xxx.xxx.xxx.xxx type: unknown Data: 0.0.0.0 TTL: 24H

Update: After a reboot it worked again as expected. I think the firmware had to be updated too and that update was already standing ready for the next reboot...which was executed during that reboot.

Thanks for the update of IPSEC and MMIPS and the throughput on my L2TP/IPSEC are really great!
Last edited by msatter on Tue Nov 27, 2018 6:27 pm, edited 3 times in total.
RB760iGS (hEX S) with the SFP being cooled.
Running:
RouterOS 6.44Beta40 / Winbox 3.18 / MikroTik APP 1.0.13
Cooling a SFP module: viewtopic.php?f=3&t=132258&p=671105#p671105
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 278
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 4:17 pm

Why there are no tcp-download "remote-cpu-load"?
Current implementation allow only include this data into test connection, but waiting for it impacts results, we need to implement data collection as separate connection to get this working, it is in our to-do list.
 
anuser
Member Candidate
Member Candidate
Posts: 278
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 4:20 pm

*) wireless - improved system stability for all ARM devices with wireless;
I ask myself what issues my cAP ac devices have? Can you please give some more information about it?
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 278
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 4:31 pm

I ask myself what issues my cAP ac devices have? Can you please give some more information about it?
The router could have rebooted due to kernel failure in some rare occasions.
 
msatter
Forum Veteran
Forum Veteran
Posts: 965
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 4:49 pm

I have L2PT/IPSEC connections that are "dail on demand" and those are displayed in IPSEC-Peers as entries that are unreachable. This is true, however after the connection is up they are still seen as unreachable (colour red).
RB760iGS (hEX S) with the SFP being cooled.
Running:
RouterOS 6.44Beta40 / Winbox 3.18 / MikroTik APP 1.0.13
Cooling a SFP module: viewtopic.php?f=3&t=132258&p=671105#p671105
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8142
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 4:55 pm

*) chr - correctly initialize grant table version 1;
Huh?.. (O_o)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 278
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 4:59 pm

I have L2PT/IPSEC connections that are "dail on demand" and those are displayed in IPSEC-Peers as entries that are unreachable. This is true, however after the connection is up they are still seen as unreachable (colour red).
Can you post some screenshots of your peer menu?
 
flyfinlander
just joined
Posts: 3
Joined: Tue Nov 27, 2018 4:47 pm

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 5:01 pm

Hi,

What is the idea of that I can't use IKE2 with "pre shared key xauth" ?
When I try to set it up I get the message in attached picture.
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: AndyGs and 7 guests