Community discussions

 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 507
Joined: Thu Dec 11, 2014 8:53 am

v6.43.4 [stable] is released!

Thu Oct 18, 2018 10:40 am

RouterOS version 6.43.4 has been released in public "stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.43.4 (2018-Oct-17 06:37):

Changes in this release:

*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - properly read "eeprom" data after different module inserted in disabled interface;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) dhcpv6-server - fixed dynamic binding addition on solicit when IA_PD does not contain prefix (introduced in v6.43);
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) ntp - fixed possible NTP server stuck in "started" state;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - general stability and performance improvements;
*) w60g - improved stability for short distance links;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";

What's new in 6.43.3 (2018-Oct-05 13:12):

(factory only release)

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this concrete RouterOS release.
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Posts: 908
Joined: Tue Oct 11, 2005 4:53 pm

Re: v6.43.4 [stable] is released!

Thu Oct 18, 2018 12:52 pm

*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
Thanks for including this fix.
It works ok now :)
 
User avatar
nichky
Long time Member
Long time Member
Posts: 531
Joined: Tue Jun 23, 2015 2:35 pm

Re: v6.43.4 [stable] is released!

Thu Oct 18, 2018 1:14 pm

*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
Thanks for including this fix.
It works ok now :)
i pointed on same things
Nikola Suminoski
MikroTik Consultan
MTCRE l MTCWE

!) Safe Mode is your friend;
 
mediana
just joined
Posts: 10
Joined: Tue Feb 04, 2014 9:03 am

Re: v6.43.4 [stable] is released!

Thu Oct 18, 2018 2:09 pm

x86 upgrade will take a little bit longer and show following script error in log file, while Mikrotik devices not:
DefConf Gen: Unable to find ethernet interfaces (timeout 30sec)
 
mikruser
Member
Member
Posts: 385
Joined: Wed Jan 16, 2013 6:28 pm

Re: v6.43.4 [stable] is released!

Thu Oct 18, 2018 4:22 pm

This IPsec bug still not fixed viewtopic.php?f=2&t=136445
do not ask me why it is necessary.
 
andriys
Forum Guru
Forum Guru
Posts: 1187
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.43.4 [stable] is released!

Thu Oct 18, 2018 4:25 pm

This IPsec bug still not fixed viewtopic.php?f=2&t=136445

What is the purpose of writing this in all version-specific topics? This is clearly not a regression since the previous version, so please stop.

Have you written to support, by the way? In case you have, did they acknowledge this as a bug (likely specific to your configuration) and not a configuration problem?
 
mikruser
Member
Member
Posts: 385
Joined: Wed Jan 16, 2013 6:28 pm

Re: v6.43.4 [stable] is released!

Thu Oct 18, 2018 4:42 pm

This is not a configuration issue (this configuration worked fine for 7 years)
problem occurs after upgrade to 6.42.x or 6.43.x
do not ask me why it is necessary.
 
User avatar
pcunite
Forum Veteran
Forum Veteran
Posts: 945
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: v6.43.4 [stable] is released!

Thu Oct 18, 2018 4:48 pm

*) led - added "dark-mode" functionality

Sunglasses not needed anymore?
 
eddieb
Member Candidate
Member Candidate
Posts: 141
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: v6.43.4 [stable] is released!

Thu Oct 18, 2018 5:06 pm

Upgraded thru DUDE without any issues

CCR1009-8G-1S (running multiple l2tp/ipsec tunnels)
RB1100
RB750GL
CRS125-24G-1S
RB962UiGS-5HacT2HnT (10x)
CHR running DUDE
Running 6.45.7 (stable) on :
CCR1009-8G-1S (2x ipsec/l2tp site-to-site, ipsec/l2tp roadwarrior, dhcpd, dns), CRS125-24G-1S, RB1100, RB962UiGS-5HacT2HnT (10pc), RB931-2nD, RB951, RB750GL ,RB2011UAS-RM, CHR running dude (CHR running in VirtualBox on OSX)
 
eduardofora
just joined
Posts: 1
Joined: Thu Oct 18, 2018 11:01 pm

Re: v6.43.4 [stable] is released!

Thu Oct 18, 2018 11:09 pm

upgrade 6.43.2 to 6.43.4 delete DHCP-Client configurated
 
matuss
just joined
Posts: 24
Joined: Sun Jul 01, 2018 2:03 pm

Re: v6.43.4 [stable] is released!

Thu Oct 18, 2018 11:14 pm

updated Hex S from 6.43.2 and cAP ac from 6.43 including firmware and everything seems to be working.
 
User avatar
Davis
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Mon Aug 01, 2011 12:27 pm
Location: Latvia, Riga
Contact:

Re: v6.43.4 [stable] is released!

Fri Oct 19, 2018 12:59 am

When updating from 6.43.2 to 6.43.4 one of my hAP ac2 logged this message (similar to message in this post after update to 6.43.4):
oct/19 00:10:46 script,warning DefConf gen: Unable to find wireless interface(s)

However all the configuration seems to be intact and this message is NOT logged on subsequent reboots.
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 648
Joined: Fri Nov 10, 2017 8:19 am

Re: v6.43.4 [stable] is released!

Fri Oct 19, 2018 1:54 am

When updating from 6.43.2 to 6.43.4 one of my hAP ac2 logged this message (similar to message in this post after update to 6.43.4):
oct/19 00:10:46 script,warning DefConf gen: Unable to find wireless interface(s)

However all the configuration seems to be intact and this message is NOT logged on subsequent reboots.
I noticed same when updating RBD52G (hAP ac^2) from 6.42.3 to 6.42.5. Issue was reported to support in Ticket#2018062922002154. According to them, "The issue is caused by Graphing and Virtual Wireless interfaces which causes an interface loading delay when the router is booting up."
In my case, it was also originally fine - no consequences. But after few restart my hAP lost wlan interfaces - it was not disabled, it simply did not appear at all. I found that if I delete graphing interface rules, wlan interfaces instantly appear.
 
notToNew
Member Candidate
Member Candidate
Posts: 148
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.43.4 [stable] is released!

Fri Oct 19, 2018 3:47 am

My RB912R-2nD-kit refuses to upgrade. After downloading and rebooting, 6.43.2 ist still my OS.
Nothing in the logs.
I'm currently not at the same location to do a netinstall...
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
mducharme
Trainer
Trainer
Posts: 875
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.43.4 [stable] is released!

Fri Oct 19, 2018 4:01 am

*) dhcpv6-server - fixed dynamic binding addition on solicit when IA_PD does not contain prefix (introduced in v6.43);
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
Are you sure this is fixed? I just upgraded and am still having the same problem, at least with L2TP server. The binding is not being created.
 
ofer
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Wed May 23, 2018 11:45 am

Re: v6.43.4 [stable] is released!

Fri Oct 19, 2018 11:01 am

I updated my 3xHAP AC units everything seems fine but a couple of iPhone XS units that still have issues
There seems to be a DNS query rate limit so after a while the phones are not sending queries anymore(Apple fault?)
I'm open to ideas about this issue

Thanks!
 
nightcom
newbie
Posts: 37
Joined: Wed Aug 30, 2017 12:47 am
Location: NL

Re: v6.43.4 [stable] is released!

Fri Oct 19, 2018 11:50 am

RB3011, RB750Gr3 and CRS326-24G-2S upgraded without problems
RB3011UiAS-RM / RB2011UiAS-in / RB750Gr3 + Dude / CRS326-24G-2S+RM
 
anuser
Member
Member
Posts: 406
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.43.4 [stable] is released!

Fri Oct 19, 2018 12:21 pm

In 6.44beta17(?) there was a bugfix mentioned for 802.11ac. Any reason that this one didn't make it into 6.43.4 release?
 
HarryK
just joined
Posts: 5
Joined: Sat Apr 21, 2018 1:16 pm

Re: v6.43.4 [stable] is released!

Sat Oct 20, 2018 4:40 pm

Same issue with my RB3011, refuse to upgrade.
My RB912R-2nD-kit refuses to upgrade. After downloading and rebooting, 6.43.2 ist still my OS.
Nothing in the logs.
I'm currently not at the same location to do a netinstall...
 
complex1
newbie
Posts: 36
Joined: Wed Jan 04, 2017 9:55 pm

Re: v6.43.4 [stable] is released!

Sat Oct 20, 2018 6:38 pm

RB2011 upgraded without problems, no issues so far.
Kind regards,
Frank.
 
User avatar
IS0FFD
just joined
Posts: 12
Joined: Thu Dec 29, 2016 10:30 pm
Location: Sassari - Sardinia Island ITA

Re: v6.43.4 [stable] is released!

Sat Oct 20, 2018 8:20 pm

*) led - added "dark-mode" functionality

Sunglasses not needed anymore?
in my LDF I can not find the function....
 
User avatar
grusu
Member Candidate
Member Candidate
Posts: 100
Joined: Tue Aug 13, 2013 7:35 am
Location: Bucharest, Romania

Re: v6.43.4 [stable] is released!

Sun Oct 21, 2018 12:56 pm

*) led - added "dark-mode" functionality

Sunglasses not needed anymore?
in my LDF I can not find the function....
Is not dark-mode function - is a functionality.
On some devices, you can close the LEDs using the command:
all-leds-off
Read here:
https://wiki.mikrotik.com/wiki/Manual:S ... ds_Setting

And here:
viewtopic.php?t=132379#p650277
 
User avatar
IS0FFD
just joined
Posts: 12
Joined: Thu Dec 29, 2016 10:30 pm
Location: Sassari - Sardinia Island ITA

Re: v6.43.4 [stable] is released!

Sun Oct 21, 2018 1:00 pm

*) led - added "dark-mode" functionality

Sunglasses not needed anymore?
in my LDF I can not find the function....
Is not dark-mode function - is a functionality.
On some devices, you can close the LEDs using the command:
all-leds-off
Read here:
https://wiki.mikrotik.com/wiki/Manual:S ... ds_Setting

And here:
viewtopic.php?t=132379#p650277
tnx!
 
tetecko
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Sun Jun 11, 2006 7:44 pm

Re: v6.43.4 [stable] is released!

Sun Oct 21, 2018 8:33 pm

After upgrade, my Metal G-52SHPacn starts rebooting
Screenshot 2018-10-21 at 19.28.14.png
You do not have the required permissions to view the files attached to this post.
 
DummyPLUG
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Wed Jan 03, 2018 10:17 am

Re: v6.43.4 [stable] is released!

Mon Oct 22, 2018 6:19 am

CCR1009, memory usage higher then normal and keep increasing slowly when compare to 6.42.7, I am talking about 100MB+ different, as I had schedule reboot so dunno if it just higher memory usage or leak.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1409
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.43.4 [stable] is released!

Mon Oct 22, 2018 7:21 am

mducharme - Can you provide more details about the problem that you have? Preferably over e-mail to support@mikrotik.com? Provide supout file from your DHCPv6 server and more details about the problem - which client was trying to connect and did not receive a prefix, was the exact same configuration working just fine on v6.42.x?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.43.4 [stable] is released!

Mon Oct 22, 2018 9:28 am

x86 upgrade will take a little bit longer and show following script error in log file, while Mikrotik devices not:
DefConf Gen: Unable to find ethernet interfaces
Error may appear if default script generator is unable to find Ethernet interfaces within 30seconds after boot. On x86 you shouldn't worry about failure at all, since generated default configuration is the same as fallback config (192.168.88.1 on ether1)
 
User avatar
nichky
Long time Member
Long time Member
Posts: 531
Joined: Tue Jun 23, 2015 2:35 pm

Re: v6.43.4 [stable] is released!

Mon Oct 22, 2018 10:43 am

At the moment i don't have router who supported *) led - added "dark-mode. Just im wondering how does it look like

*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
Nikola Suminoski
MikroTik Consultan
MTCRE l MTCWE

!) Safe Mode is your friend;
 
schadom
Member Candidate
Member Candidate
Posts: 139
Joined: Sun Jun 25, 2017 2:47 am
Location: Austria

Re: v6.43.4 [stable] is released!

Mon Oct 22, 2018 4:02 pm

CCR1009, memory usage higher then normal and keep increasing slowly when compare to 6.42.7, I am talking about 100MB+ different, as I had schedule reboot so dunno if it just higher memory usage or leak.

Upgraded our CCR1009s to 6.43.4 yesterday and no issues so far. In our case memory consumption even seems to be much better than before.
Running multiple BGP IXP peering sessions, route filters, vlans, bridges, ip firewall as well as receiving two BGP full feeds for IPv4 and v6.
 
DummyPLUG
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Wed Jan 03, 2018 10:17 am

Re: v6.43.4 [stable] is released!

Tue Oct 23, 2018 7:05 am

CCR1009, memory usage higher then normal and keep increasing slowly when compare to 6.42.7, I am talking about 100MB+ different, as I had schedule reboot so dunno if it just higher memory usage or leak.

Upgraded our CCR1009s to 6.43.4 yesterday and no issues so far. In our case memory consumption even seems to be much better than before.
Running multiple BGP IXP peering sessions, route filters, vlans, bridges, ip firewall as well as receiving two BGP full feeds for IPv4 and v6.
Thanks for your feedback, I will try reset it first.
 
Miracle
Member Candidate
Member Candidate
Posts: 106
Joined: Fri Sep 11, 2015 9:04 am

Re: v6.43.4 [stable] is released!

Tue Oct 23, 2018 12:17 pm

When I set comment for PPTP client, it reconnect !
New feature ?

Mac Address leaked from VLAN to main interface (CCR1009, Hex r3), I have 2 bridge same mac, it cause packet loop due leaked.
 
andriys
Forum Guru
Forum Guru
Posts: 1187
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.43.4 [stable] is released!

Tue Oct 23, 2018 12:25 pm

When I set comment for PPTP client, it reconnect !
New feature ?
It has always been like that. Changing comment on any interface brings that interface down and then back up.

PS. The next time you post to a release topic please make sure you are reporting a problems that is specific to (was introduced in) this specific release. Thanks.
 
anuser
Member
Member
Posts: 406
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.43.4 [stable] is released!

Tue Oct 23, 2018 1:02 pm

I'm running 2x CCR1036 as CAPSMAN controller in active passive setup. With 6.43.4 today all Accesspoints fein active controller changed to passive with messages ~":ffff 10.30.17.3 faules to Connect, timeout" for all access points.

I have two monitoring server within my Network, which ping the CCR1036 one tine each second. They didn't Show any loss from the CCR1036.

Is there any known problem?
 
Miracle
Member Candidate
Member Candidate
Posts: 106
Joined: Fri Sep 11, 2015 9:04 am

Re: v6.43.4 [stable] is released!

Tue Oct 23, 2018 5:02 pm

When I set comment for PPTP client, it reconnect !
New feature ?
It has always been like that. Changing comment on any interface brings that interface down and then back up.

PS. The next time you post to a release topic please make sure you are reporting a problems that is specific to (was introduced in) this specific release. Thanks.
Sorry, I don't know it down when I change comment until this update.
But leak Mac address is serious now because "Loop protect" disable main Interface
 
abrandecky
just joined
Posts: 2
Joined: Wed Jan 04, 2012 9:52 pm

Re: v6.43.4 [stable] is released!

Tue Oct 23, 2018 11:13 pm

I have noticed in Ip-firewall-mangle strange display of Bytes values.
I have e.g. mark connection and it shows 7999154942.6 GiB
In version e.g. 6.30 it was OK.

Please fix it in future version.

Thank you
 
User avatar
hknet
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Sun Jul 17, 2016 6:05 pm
Location: Vienna, Austria
Contact:

Re: v6.43.4 [stable] is released!

Wed Oct 24, 2018 3:29 am

Hi
upgraded CCR1072 - works fine.
but: snmp, warning arises with "timeout while waiting for program 79"
which is not ideal.

regards,
hk
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.43.4 [stable] is released!

Wed Oct 24, 2018 11:54 pm

Mac Address leaked from VLAN to main interface (CCR1009, Hex r3), I have 2 bridge same mac, it cause packet loop due leaked.
What do you mean? As far as I remember, VLAN has always had the same MAC address as its parent Ethernet interface.

And, as always, you can freely change MAC address of bridge interface via "Admin MAC Address" property.
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
mducharme
Trainer
Trainer
Posts: 875
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.43.4 [stable] is released!

Thu Oct 25, 2018 2:45 am

mducharme - Can you provide more details about the problem that you have? Preferably over e-mail to support@mikrotik.com? Provide supout file from your DHCPv6 server and more details about the problem - which client was trying to connect and did not receive a prefix, was the exact same configuration working just fine on v6.42.x?
Nevermind - I was mistaken. When troubleshooting the issue with earlier 6.43.x versions I changed the client DHCPv6 interface b/c I wanted to see if the client could get a prefix from the server if not on a PPP interface type (to see if the problem only affected PPP tunnels), and forgot that I had changed the client setting.
 
Miracle
Member Candidate
Member Candidate
Posts: 106
Joined: Fri Sep 11, 2015 9:04 am

Re: v6.43.4 [stable] is released!

Thu Oct 25, 2018 5:38 am

Mac Address leaked from VLAN to main interface (CCR1009, Hex r3), I have 2 bridge same mac, it cause packet loop due leaked.
What do you mean? As far as I remember, VLAN has always had the same MAC address as its parent Ethernet interface.

And, as always, you can freely change MAC address of bridge interface via "Admin MAC Address" property.
I mean all of mac address of vlan leak.
Bridge - Hosts table increase 2- 3 times after update and I see all mac address of vlan as main interface
 
dougunder
newbie
Posts: 40
Joined: Tue May 01, 2018 10:53 pm

Re: v6.43.4 [stable] is released!

Thu Oct 25, 2018 7:14 pm

Be very careful!

Upgraded a number of devices from 6.42.3 with no problems.

Today I attempted upgrade of a HAP AC running 6.40rc6 in the field and it started boot looping.
Customer was complaining about issues so I assumed it was a bad device and swapped it out.

Just attempted upgrade of a 6.42rc6 HAP AC and getting the same behavior (I think, no physical access ATM).

Tread carefully folks.

Further more:

I tried to recreate the issue on the bench by net-installing a device to the affected version.
Worked just fine. I've got a funny feeling this is an extension of the space bug terribly affecting 16G devices.
Only now it doesn't fail to install and log "no space" it tries to install and boot loops.
 
tuxtlequino
newbie
Posts: 32
Joined: Tue Feb 16, 2016 12:46 am

Re: v6.43.4 [stable] is released!

Fri Oct 26, 2018 12:32 am

The Queues are not working right. I have a ccr1009 as my main router. This is the queue I have
/queue simple add burst-limit=768k/0 burst-threshold=128k/0 burst-time=2s/0s max-limit=512k/2M name=Simple target=VLAN21,VLAN22,VLAN23,VLAN24
And I noticed that it wasn't doing anything. The strange thing is that once I had torch running in a particular interface, the queue works as intended. Tried restarting router. Tried a series of experiments (same queue, but on a single VLAN) and obtained the same result. Any ideas? How do I submit a bug?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.43.4 [stable] is released!

Fri Oct 26, 2018 12:52 am

So, it was working in previous versions and was broken in 6.43.4, right?

But by your description, it looks like you're using FastTrack. According to the docs, it skips Queues.
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
tuxtlequino
newbie
Posts: 32
Joined: Tue Feb 16, 2016 12:46 am

Re: v6.43.4 [stable] is released!

Fri Oct 26, 2018 1:08 am

So, it was working in previous versions and was broken in 6.43.4, right?

But by your description, it looks like you're using FastTrack. According to the docs, it skips Queues.
Thank you. I moved some rules and didn't noticed that my FastTrack rule ended up above and it was FastTracking this traffic before it got to the forward rules.

Now it kind of makes sense that the Queues worked when torching since it was going through all of my traffic instead of FastTracking.
 
User avatar
NetworkPro
Forum Guru
Forum Guru
Posts: 1369
Joined: Mon Jan 05, 2009 6:23 pm
Location: Worldwide
Contact:

Re: v6.43.4 [stable] is released!

Sat Oct 27, 2018 1:33 pm

pref-src in alternative routing table, in combination with output mangle routing do not set the correct output IP
wiki.mikrotik.com/wiki/NetworkPro_on_Quality_of_Service
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.43.4 [stable] is released!

Sat Oct 27, 2018 5:00 pm

pref-src in alternative routing table, in combination with output mangle routing do not set the correct output IP
I believe it's because src-ip is selected in 'main' routing table, and mangle output is after routing decision (where src-ip is being selected) but before routing adjustment (where you can select new routing table but it's too late for changing src-ip).

And I don't believe it's regression in 6.43.4...
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
NetworkPro
Forum Guru
Forum Guru
Posts: 1369
Joined: Mon Jan 05, 2009 6:23 pm
Location: Worldwide
Contact:

Re: v6.43.4 [stable] is released!

Sat Oct 27, 2018 5:43 pm

yes, I remember, however this breaks the pref-src functionality, so I report it as a (design) bug. I think pref-src should actually adjust the outgoing IP in this scenario as well.
wiki.mikrotik.com/wiki/NetworkPro_on_Quality_of_Service
 
sindy
Forum Guru
Forum Guru
Posts: 4008
Joined: Mon Dec 04, 2017 9:19 pm

Re: v6.43.4 [stable] is released!

Sat Oct 27, 2018 5:55 pm

The issue is not the information itself but the choice of topic, or rather report channel, for it.

The "vX.X is released" topics are here to report issues specific to that release. As no topics or sub-forum for feature requests has been open, I believe support@mikrotik.com is the right channel to ask for them.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
Kraken2k
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Wed Oct 01, 2014 1:50 pm
Location: Prague

Re: v6.43.4 [stable] is released!

Mon Oct 29, 2018 11:25 am

RB2011 upgraded without problems, no issues so far.
Same here
 
Vesic
just joined
Posts: 2
Joined: Wed Sep 14, 2016 1:26 pm
Location: Russia. Volgograd

Re: v6.43.4 [stable] is released!

Mon Oct 29, 2018 2:57 pm

Hi
Europe/Volgograd time zone is incorrect. should be GMT Offset +04:00 from October 28
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.43.4 [stable] is released!

Mon Oct 29, 2018 6:55 pm

Hi
Europe/Volgograd time zone is incorrect. should be GMT Offset +04:00 from October 28
It's not MiktoTik problem. All websites I can found show GMT +03:00 for Volgograd today, even Google.

If +04:00 is true, it needs to be fixed in TimeZone Database, not in applications.
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
ivanfm
newbie
Posts: 47
Joined: Sun May 20, 2012 5:07 pm

Re: v6.43.4 [stable] is released!

Mon Oct 29, 2018 7:32 pm

Hi
Europe/Volgograd time zone is incorrect. should be GMT Offset +04:00 from October 28
It's not MiktoTik problem. All websites I can found show GMT +03:00 for Volgograd today, even Google.

If +04:00 is true, it needs to be fixed in TimeZone Database, not in applications.
This Volgograd change was published in tzdata on 2018-10-18, probably will have a long time to be updated in the servers.

https://github.com/eggert/tz/blob/ddc67 ... 2/NEWS#L50

The brazilian change was published in tzdata on 2018-01-12 and mikrotik and google maps does not use it yet.
 
Vesic
just joined
Posts: 2
Joined: Wed Sep 14, 2016 1:26 pm
Location: Russia. Volgograd

Re: v6.43.4 [stable] is released!

Tue Oct 30, 2018 7:24 am

Hi
Europe/Volgograd time zone is incorrect. should be GMT Offset +04:00 from October 28
It's not MiktoTik problem. All websites I can found show GMT +03:00 for Volgograd today, even Google.

If +04:00 is true, it needs to be fixed in TimeZone Database, not in applications.
https://www.timeserver.ru/cities/ru/volgograd
https://blogs.technet.microsoft.com/dst ... st-russia/

i
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.43.4 [stable] is released!

Tue Oct 30, 2018 8:42 am

Anyway, 6.43.4 was released even before this was updated in TZ database :) Politicians appeared to be slower than tech guys.

Write to support@mikrotik.com and ask them to update TZ info. Maybe in next version :)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
notToNew
Member Candidate
Member Candidate
Posts: 148
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.43.4 [stable] is released!

Wed Oct 31, 2018 7:43 am

Sometimes after reboot, my Ltap Mini looses password and let me login without any.

Rebooting again often fixes the problem.
For security considerations this is extremely... Any ideas?
Have not seen this on any other MT router, and have several 100 in the field.
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
Ulypka
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Wed Jan 09, 2013 8:26 am

Re: v6.43.4 [stable] is released!

Fri Nov 02, 2018 8:42 am

what about Ticket#2018101022007579?
My ccr still crashing to get fragmented packet of EOIP
 
ieleja
just joined
Posts: 8
Joined: Thu Mar 29, 2012 10:22 pm

Re: v6.43.4 [stable] is released!

Fri Nov 02, 2018 8:43 am

hAP ac ( 962UiGS-5HacT2HnT), upgraded at Oct/17 with 6.43.4 build [Oct/17/2018 06:37:48]

after that get 8 reboots up today, that at boot leaves in LOG:
router was rebooted without proper shutdown by watchdog timer

there are no configuration changes, high loads
current firmware 6.43
 
npero
Member
Member
Posts: 316
Joined: Tue Mar 01, 2005 1:59 pm
Location: Serbia

Re: v6.43.4 [stable] is released!

Fri Nov 02, 2018 8:57 am

Some problem but with 960GSP just regular restart by watchdog every 4 days in old version 6.42.xx have uptime 100day and more, support give me generic answer netinstall to last version and if happens again send again supout.rif.
Also have PowerBox Pro for now only one watchdog restart after update to 6.43.

It is easy to do netinstall for router in your room but in the tower, for now I look this as a new feature automatically router restart nice :) or automatic cache cleaner nice new feature.
 
User avatar
Chaosphere64
newbie
Posts: 30
Joined: Wed Aug 10, 2016 10:19 pm

Re: v6.43.4 [stable] is released!

Fri Nov 02, 2018 9:43 am

hAP ac ( 962UiGS-5HacT2HnT), upgraded at Oct/17 with 6.43.4 build [Oct/17/2018 06:37:48]

after that get 8 reboots up today, that at boot leaves in LOG:
router was rebooted without proper shutdown by watchdog timer

there are no configuration changes, high loads
current firmware 6.43
+1
Exactly the same problem (3x hAP ac + 1 hEX PoE)
 
GreatForcez
just joined
Posts: 11
Joined: Mon Oct 16, 2017 2:49 pm

Re: v6.43.4 [stable] is released!

Fri Nov 02, 2018 5:28 pm

I bought two brand new hEX routers, both came with RouterOS 6.40.4. Upgraded from System -> Packages with default configuration still in place. After the upgrade, I could not log back in (it said "wrong username or password"), also WinBox neighbour discovery was not working. But internet traffic was working fine, so I know the router booted and was running succesfully, but I could not access it. Reboot did not help, had to manually reset the device using the reset button. After resetting, I was able to log back in again and the router was succesfully updated. Confirmed this issue with two brand new hEX routers, serial numbers show "..../806/r3" so revision 3???

Also upgraded two CCR1036, no problems.
 
usmany
Member Candidate
Member Candidate
Posts: 141
Joined: Sun Dec 20, 2009 3:20 pm
Location: Nigeria
Contact:

Re: v6.43.4 [stable] is released!

Tue Nov 06, 2018 11:42 pm

HI All,
I tried to upgrade my box, see result i got on attached file.

Need way out from this mess please
You do not have the required permissions to view the files attached to this post.
When the world turn back on you, you turn your back on the world...
 
User avatar
NetworkPro
Forum Guru
Forum Guru
Posts: 1369
Joined: Mon Jan 05, 2009 6:23 pm
Location: Worldwide
Contact:

Re: v6.43.4 [stable] is released!

Wed Nov 07, 2018 8:52 am

@usmany this should solve it for you

backup your config with a backup file, as well as export to text format

upgrade to the latest beta with only the packages you are using and you want to keep

system
security
advanced-tools
wireless
dhcp
ppp

upload only these npks

if everything goes fine, then switch back to stable if you need, or keep the beta until the next stable is released
wiki.mikrotik.com/wiki/NetworkPro_on_Quality_of_Service
 
eXS
newbie
Posts: 43
Joined: Fri Apr 14, 2017 4:01 am

Re: v6.43.4 [stable] is released!

Fri Nov 09, 2018 6:29 am

After upgrade & logging in for the first time the "Check for Updates" dialog was blank & giving an "error could not connect out of streams resources" at the bottom, this error remained despite trying "Check for updates" - by near accident i noticed if i changed the "Channel" drop down list the error went away and changed back to the normal "System is already up to date" when changed back to "current".

google -> "out of streams resources"
Last edited by eXS on Sat Nov 17, 2018 8:45 am, edited 1 time in total.
 
Aytishnikcom
just joined
Posts: 6
Joined: Wed Jan 29, 2014 10:14 pm

Re: v6.43.4 [stable] is released!

Sat Nov 10, 2018 12:59 pm

RB 3011 does not work SNTP Client, netinstall did not help.
If you disable the SNTP Client then Cloud update time works

translate.google
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.43.4 [stable] is released!

Sat Nov 10, 2018 1:23 pm

does not work
what does that mean?

can you ping NTP server? don't you block NTP packets in Firewall Filter?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
Aytishnikcom
just joined
Posts: 6
Joined: Wed Jan 29, 2014 10:14 pm

Re: v6.43.4 [stable] is released!

Sat Nov 10, 2018 1:47 pm

RB 3011 When you do reset configuration, and you select the default configuration, the SNTP Client also does not work anyway.
SNTP Client works well on rb2011, RB1100AHx4, 951G-2HnD, D52G-5HacD2HnD-TC
translate.google
ping Image https://prnt.sc/lgnog5
# nov/10/2018 14:29:33 by RouterOS 6.43.4
# software id = a98y-5s1n
#
# model = RouterBOARD 3011UiAS

/ip firewall filter
add action=accept chain=input comment="ACCEPT WinBox after knock" dst-port=\
    8291 in-interface-list=WAN protocol=tcp src-address-list=KNOCK-SUCCESS
add action=jump chain=input comment="Check port knock  (__1__)" icmp-options=\
    8:0-255 jump-target=knock packet-size=!0-99 protocol=icmp
add action=return chain=knock comment="KNOCK FAILURE return  (__2__)" \
    src-address-list=KNOCK-FAILURE
add action=add-src-to-address-list address-list=KNOCK-SUCCESS \
    address-list-timeout=1h chain=knock comment=\
    "KNOCK 3rd - success 10  (__3__)" packet-size=10 src-address-list=\
    KNOCK2
add action=return chain=knock comment="KNOCK 3rd - success return  (__4__)" \
    src-address-list=KNOCK-SUCCESS
add action=add-src-to-address-list address-list=KNOCK-FAILURE \
    address-list-timeout=1m chain=knock comment=\
    "KNOCK 3rd - failure  (__5__)" src-address-list=KNOCK2
add action=return chain=knock comment="KNOCK 3rd - failure return  (__6__)" \
    src-address-list=KNOCK-FAILURE
add action=add-src-to-address-list address-list=KNOCK2 address-list-timeout=\
    1m chain=knock comment="KNOCK 2nd - success 7  (__7__)" packet-size=7 \
    src-address-list=KNOCK1
add action=return chain=knock comment="KNOCK 2nd - success return  (__8__)" \
    src-address-list=KNOCK2
add action=add-src-to-address-list address-list=KNOCK-FAILURE \
    address-list-timeout=1m chain=knock comment=\
    "KNOCK 2nd - failure  (__9__)" src-address-list=KNOCK1
add action=return chain=knock comment="KNOCK 2nd - failure return  (__10__)" \
    src-address-list=KNOCK-FAILURE
add action=add-src-to-address-list address-list=KNOCK1 address-list-timeout=\
    1m chain=knock comment="KNOCK 1st - success 10  (__11__)" packet-size=\
    10
add action=return chain=knock comment="KNOCK 1st - success return  (__12__)" \
    src-address-list=KNOCK1
add action=add-src-to-address-list address-list=KNOCK-FAILURE \
    address-list-timeout=1m chain=knock comment=\
    "KNOCK 1st - failure  (__13__)"
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=2w chain=input comment=\
    "scanners-1  Port scanners to list" protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=2w chain=input comment=\
    "scanners-2  NMAP FIN Stealth scan" protocol=tcp tcp-flags=\
    fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=2w chain=input comment="scanners-3  SYN/FIN scan" \
    protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=2w chain=input comment="scanners-4  SYN/RST scan" \
    protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=2w chain=input comment=\
    "scanners-5  FIN/PSH/URG scan" protocol=tcp tcp-flags=\
    fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=2w chain=input comment="scanners-6  ALL/ALL scan" \
    protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=2w chain=input comment="scanners-7  NMAP NULL scan" \
    protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="scanners-8  dropping port scanners" \
    src-address-list=port_scanners
add action=drop chain=forward comment="scanners-9  dropping port scanners" \
    src-address-list=port_scanners
add action=drop chain=input comment="Brute Forcers_winbox_black_list - 1" \
    dst-port=8291 in-interface-list=WAN protocol=tcp src-address-list=\
    black_list
add action=add-src-to-address-list address-list=black_list \
    address-list-timeout=8h chain=input comment=\
    "Brute Forcers_add_black_list - 2" connection-state=new dst-port=8291 \
    in-interface-list=WAN protocol=tcp src-address-list=Winbox_Ssh_stage3
add action=add-src-to-address-list address-list=Winbox_Ssh_stage3 \
    address-list-timeout=1m chain=input comment=\
    "Brute Forcers_Ssh_stage3  -  3" connection-state=new dst-port=8291 \
    in-interface-list=WAN protocol=tcp src-address-list=Winbox_Ssh_stage2
add action=add-src-to-address-list address-list=Winbox_Ssh_stage2 \
    address-list-timeout=1m chain=input comment=\
    "Brute Forcers_Ssh_stage2  -  4" connection-state=new dst-port=8291 \
    in-interface-list=WAN protocol=tcp src-address-list=Winbox_Ssh_stage1
add action=add-src-to-address-list address-list=Winbox_Ssh_stage1 \
    address-list-timeout=1m chain=input comment=\
    "Brute Forcers_Ssh_stage1  -  5" connection-state=new dst-port=8291 \
    in-interface-list=WAN protocol=tcp
add action=drop chain=input comment="Drop DNS" dst-port=53 in-interface-list=\
    WAN protocol=udp
add action=drop chain=input comment="Drop DNS" dst-port=53 in-interface-list=\
    WAN protocol=tcp
add action=drop chain=input comment="Block hole Windows - 1" dst-port=\
    135,137-139,445,593,4444 protocol=tcp
add action=drop chain=forward comment="Block hole Windows - 2" dst-port=\
    135,137-139,445,593,4444 protocol=tcp
add action=drop chain=input comment="Block hole Windows - 3" dst-port=\
    135,137-139 protocol=udp
add action=drop chain=forward comment="Block hole Windows - 4" dst-port=\
    135,137-139 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
    protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=accept chain=forward comment=torrent dst-port=50000 \
    in-interface-list=WAN protocol=tcp
add action=accept chain=forward comment="torrent UDP" dst-port=50000 \
    in-interface-list=WAN protocol=udp
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN

does not work
what does that mean?

can you ping NTP server? don't you block NTP packets in Firewall Filter?
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 249
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.43.4 [stable] is released!

Tue Nov 13, 2018 9:38 am

6.43.4 is Stable branch and includes *) bridge - do not learn untagged frames when filtering only tagged packets;
When do we recon that this patch will be available in "Long Term" branch?
 
eXS
newbie
Posts: 43
Joined: Fri Apr 14, 2017 4:01 am

Re: v6.43.4 [stable] is released!

Sat Nov 17, 2018 8:21 am

Today the firewall connections list on one of my 1100x2's in winbox would keep going blank, progressively remaining/becoming more blank the longer the window was left open, despite 300-400 (fluctuating) "items" (bottom of connections window) - for a moment i thought it was because the list was actually clearing out, but checking in the terminal shows a list each time while the winbox connections window shows nothing. closing & re-opening the firewall window reliably brings back the list.

Also, albeit only twice/rarely, i've gotten a login authentication error logged, at the same time as i'm logging in, using stored credentials, it's as if i'm connecting too fast after launching winbox or something, that or resources being tied up is causing a glitch when i'm launching/connecting quickly, i'm not sure.

things feel kind of buggy lately, but i don't know if it's this-version specific as i'm doing things that i wasn't before. i couldn't afford a 2nd re-boot after the last upgrade (above post) which i've had to do in the past for other misc/buggy reasons on other devices after reset or upgrade.
 
venthyl
just joined
Posts: 23
Joined: Thu Nov 03, 2011 3:12 pm

Re: v6.43.4 [stable] is released!

Sun Nov 18, 2018 10:44 pm

LHG 60, 6.43.4 after uograde

ap died after 3th frequency change

no ping response, no link with second device
 
schadom
Member Candidate
Member Candidate
Posts: 139
Joined: Sun Jun 25, 2017 2:47 am
Location: Austria

Re: v6.43.4 [stable] is released!

Fri Nov 23, 2018 7:33 pm

BGP route filtering seems broken starting with v6.43.x. Eample below.

IXP Peering:
> routing bgp peer print detail where name=AS_SOMEPEER
Flags: X - disabled, E - established 
 0 E name="AS_SOMEPEER" instance=default remote-address=x.x.x.x remote-as=12345 tcp-md5-key="xxx" 
     nexthop-choice=default multihop=no route-reflect=no hold-time=3m ttl=default max-prefix-limit=10 
     in-filter=ixp-peer-in out-filter=ixp-ixp-peer-out address-families=ip default-originate=never remove-private-as=no 
     as-override=no passive=no use-bfd=no 

In-Filter:
> routing filter print where chain=ixp-peer-in
Flags: X - disabled 
 0   ;;; ---- IXP Peer In ----
     chain=ixp-peer-in prefix-length=16-24 address-family=ip invert-match=no action=accept set-bgp-local-pref=300 
     set-bgp-prepend-path="" 
     
 1   chain=ixp-peer-in address-family="" invert-match=no action=reject set-bgp-prepend-path=""

IP Route:
> ip route print detail where received-from=AS_SOMEPEER
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0 ADb  dst-address=x.x.x.x/19 gateway=x.x.x.x gateway-status=x.x.x.x reachable via  sfp-sfpplus1 distance=20 
        scope=40 target-scope=10 bgp-as-path="12345" bgp-local-pref=300 bgp-med=0 bgp-origin=igp received-from=AS_SOMEPEER 

 1 ADb  dst-address=x.x.x.x/32 gateway=x.x.x.x gateway-status=x.x.x.x reachable via  sfp-sfpplus1 distance=20 
        scope=40 target-scope=10 bgp-as-path="12345" bgp-origin=igp received-from=AS_SOMEPEER 

 2 ADb  dst-address=x.x.x.x/32 gateway=x.x.x.x gateway-status=x.x.x.x reachable via  sfp-sfpplus1 distance=20 
        scope=40 target-scope=10 bgp-as-path="12345" bgp-origin=igp received-from=AS_SOMEPEER 

 3 ADb  dst-address=x.x.x/22 gateway=x.x.x.x gateway-status=x.x.x.x reachable via  sfp-sfpplus1 distance=20 
        scope=40 target-scope=10 bgp-as-path="12345" bgp-local-pref=300 bgp-origin=igp received-from=AS_SOMEPEER 

Why are the /32 routes installed and active? Seems like the prefix-length=16-24 filter attribute is handled incorrectly.
Already contacted MT support two days ago, no reply yet.

Thanks
 
mducharme
Trainer
Trainer
Posts: 875
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.43.4 [stable] is released!

Fri Nov 23, 2018 9:00 pm

Why are the /32 routes installed and active? Seems like the prefix-length=16-24 filter attribute is handled incorrectly.
Already contacted MT support two days ago, no reply yet.
I think the address-family="" in your reject rule is probably causing it to not match anything.
 
schadom
Member Candidate
Member Candidate
Posts: 139
Joined: Sun Jun 25, 2017 2:47 am
Location: Austria

Re: v6.43.4 [stable] is released!

Fri Nov 23, 2018 9:09 pm

I think the address-family="" in your reject rule is probably causing it to not match anything.
Already tried that, no difference. From my perspective a reject rule without any attributes (inculding address-family) should always reject everything.
 
mducharme
Trainer
Trainer
Posts: 875
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.43.4 [stable] is released!

Fri Nov 23, 2018 9:13 pm

Already tried that, no difference. From my perspective a reject rule without any attributes (inculding address-family) should always reject everything.
address-family="" on the reject rule would only reject routes where address-family = NULL, which should never be true.

If you want it to reject any address family you need !address-family instead of address-famiy=""
 
schadom
Member Candidate
Member Candidate
Posts: 139
Joined: Sun Jun 25, 2017 2:47 am
Location: Austria

Re: v6.43.4 [stable] is released!

Fri Nov 23, 2018 9:15 pm

Already tried that, no difference. From my perspective a reject rule without any attributes (inculding address-family) should always reject everything.
address-family="" on the reject rule would only reject routes where address-family = NULL, which should never be true.

If you want it to reject any address family you need !address-family instead of address-famiy=""

You are right, thank you very much! This is quite irritating and could possibly be improved in future ROS/Winbox releases, as address-family=NULL should never occur. After collapsing the address-family options in Winbox, the reject rule works as expected:

asdf.png

Additionally invert-match=no (default) and set-bgp-prepend-path="" (default) are also added for every newly created rule by default, eg.:

> add chain=test action=reject
> print where chain=test      
Flags: X - disabled 
 0   chain=test invert-match=no action=reject set-bgp-prepend-path="" 

The current approach just bloats the /routing filter print output with unnecessary information.
What speaks against hiding attributes if they have default values?
You do not have the required permissions to view the files attached to this post.
 
mducharme
Trainer
Trainer
Posts: 875
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.43.4 [stable] is released!

Sat Nov 24, 2018 7:58 am

Additionally invert-match=no (default) and set-bgp-prepend-path="" (default) are also added for every newly created rule by default
When I create a new routing filter rule on my home router (running 6.43.4) it does not have those added for every newly created rule by default. I'm not sure how you are getting those on newly created rules by default, unless you are creating them by copying existing rules.

The thing about address-family="" vs. !address-family is well documented when it comes to working with the MikroTik firewall since the routing filters and the firewall are designed similarly. This behavior can catch people by surprise the first time, but once you know to look for it (collapsing the options in your screenshot above), the behavior is entirely consistent throughout the firewall and routing filter interface. Although I agree that it would be nice if the result was made more clear than it is, there are more important issues to be fixed.
 
User avatar
tevolo
Member Candidate
Member Candidate
Posts: 114
Joined: Sun Mar 29, 2009 8:39 pm

Re: v6.43.4 [stable] is released!

Thu Nov 29, 2018 6:51 pm

We have experienced many issues with 6.43.4 and losing the DHCP server functionality. We recently upgraded 20 CCRs from 6.38/6.38.1 and on 4 of the routers, DHCP server doesn't work. Eventually the router slows down too and cannot make a Supout.rif file. The DHCP server is shown in the config file, but it doesn't work and if you attempt to add a new dhcp server on the Bridge, it doesn't work. Reboot attempts do not resolve anything. We even tried to fix with onsite netinstalls which do not repair the DHCP server problems.
Only fix was to downgrade 6.42.7 and DHCP server comes back.
Been having way too many problems with RouterOS and updates lately. Really hoping for some stability very soon as reputation is going sour for us and Mikrotik.
Snap 2018-11-29 at 09.42.26.png
You do not have the required permissions to view the files attached to this post.
 
Grvuser
just joined
Posts: 1
Joined: Sat Dec 01, 2018 2:28 am

Re: v6.43.4 [stable] is released!

Sat Dec 01, 2018 2:41 am

Just Updated to this SW release, and I am unable to connect to Groove. It keeps giving me a invalid username and password. Tried resetting a couple of times, but it doesn't seem to reset at all. It connects to the setup network right away. Any help would be appreciated to connect back to Groove.
 
cdemers
Member Candidate
Member Candidate
Posts: 184
Joined: Sun Feb 26, 2006 3:32 pm
Location: Canada
Contact:

Re: v6.43.4 [stable] is released!

Sat Dec 01, 2018 3:10 pm

Have you tried using the latest winbox?


Sent from my SM-A520W using Tapatalk

 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 648
Joined: Fri Nov 10, 2017 8:19 am

Re: v6.43.4 [stable] is released!

Mon Dec 03, 2018 3:03 am

Just Updated to this SW release, and I am unable to connect to Groove. It keeps giving me a invalid username and password. Tried resetting a couple of times, but it doesn't seem to reset at all. It connects to the setup network right away. Any help would be appreciated to connect back to Groove.
@Grvuser: Which version did you upgrade from? There has been several changes recently which affects the way how winbox communicate and it is recommended to use newest winbox (currently 3.18) to avoid issues when logging in. Invalid username/password is one of typical issues which happens on older Winbox versions under some circumstances.

We have experienced many issues with 6.43.4 and losing the DHCP server functionality.
@tevolo: How many dhcp-servers do you have on each router and how many users per one dhcp-server? If you have any update about this issue, please share it. What are other "many issues"? Is there anything else except dhcp-server issues?
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 507
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.43.4 [stable] is released!

Mon Dec 03, 2018 2:20 pm

New version 6.43.7 has been released in stable RouterOS channel:

viewtopic.php?f=21&t=142316

Who is online

Users browsing this forum: No registered users and 5 guests