Community discussions

 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 431
Joined: Thu Dec 11, 2014 8:53 am

v6.45beta [testing] is released!

Tue Mar 05, 2019 11:55 am

Version 6.45beta6 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.45beta6 (2019-Mar-05 08:51):

Changes in this release:

*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) certificate - force 3DES encryption for P12 certificate export;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - fixed dual stack queue addition;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) gps - increase precision for dd format;
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menus;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
 
anav
Forum Guru
Forum Guru
Posts: 2708
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: v6.45beta [testing] is released!

Tue Mar 05, 2019 1:24 pm

*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;

How did this bug manifest itself?? Been using this setup for a while and didnt notice any issues, on the other hand I dont really monitor that closely.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
nimbo78
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Tue Jan 14, 2014 9:09 pm

Re: v6.45beta [testing] is released!

Tue Mar 05, 2019 2:33 pm

is there any chance to add some internal variables to dhcp-server alert script? like in dhcp-client script.
need to send alerts with mac and ip to messengers and some APIs..
 
anuser
Member
Member
Posts: 337
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.45beta [testing] is released!

Tue Mar 05, 2019 2:39 pm

Will a new wireless driver package for 802.11ac be released in 6.45 or is it planned for a later RouterOS version?
 
paulct
Member Candidate
Member Candidate
Posts: 279
Joined: Fri Jul 12, 2013 5:38 pm

Re: v6.45beta [testing] is released!

Tue Mar 05, 2019 3:42 pm

*) ethernet - added support for 25Gbps and 40Gbps rates

Cough, MUM, new hardware?
Those new switches? And hopefully some new powerful routers.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8251
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.45beta [testing] is released!

Tue Mar 05, 2019 5:05 pm

a new wireless driver package for 802.11ac
What package?..
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2265
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.45beta [testing] is released!

Tue Mar 05, 2019 5:38 pm

Will a new wireless driver package for 802.11ac be released in 6.45 or is it planned for a later RouterOS version?
Do you have any specific information about something to happen?
LAN, FTTx, Wireless. ISP operator
 
mistry7
Forum Guru
Forum Guru
Posts: 1217
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: v6.45beta [testing] is released!

Tue Mar 05, 2019 5:43 pm

Will a new wireless driver package for 802.11ac be released in 6.45 or is it planned for a later RouterOS version?
Do you have any specific information about something to happen?
Normis told that in an another thread, but he did not say it will happen this year
 
TimurA
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Sat Dec 15, 2018 6:13 am
Location: Tashkent
Contact:

Re: v6.45beta [testing] is released!

Tue Mar 05, 2019 5:48 pm

a new wireless driver package for 802.11ac
What package?..
Maybe waiting MU-MIMO?
Image
 
jrpaz
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Wed Jun 05, 2013 5:54 am

Re: v6.45beta [testing] is released!

Tue Mar 05, 2019 5:54 pm

The new package is in ROS v7 along with every other fix needed.
 
User avatar
paoloaga
Member Candidate
Member Candidate
Posts: 219
Joined: Tue Mar 08, 2011 2:52 am
Location: Vaprio d'Agogna (NO) - Italy
Contact:

Re: v6.45beta [testing] is released!

Tue Mar 05, 2019 6:00 pm

The new package is in ROS v7 along with every other fix needed.

😅
 
User avatar
osc86
newbie
Posts: 38
Joined: Wed Aug 09, 2017 1:15 pm

Re: v6.45beta [testing] is released!

Tue Mar 05, 2019 6:38 pm

*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;

How did this bug manifest itself?? Been using this setup for a while and didnt notice any issues, on the other hand I dont really monitor that closely.
I reported this problem to mt support.
It occured on my CCR1009 when vlan-filtering was enabled and frame-types set to admit-only-vlan-tagged.
In 24h it filled up the 2GB RAM ending in a kernel panic / reboot
6.45beta6 seems to have fixed this issue.
CCR1009-7G-1C-1S+ ROS6.45beta62
 
anuser
Member
Member
Posts: 337
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.45beta [testing] is released!

Tue Mar 05, 2019 9:43 pm

Will a new wireless driver package for 802.11ac be released in 6.45 or is it planned for a later RouterOS version?
Do you have any specific information about something to happen?
Normis told that in an another thread, but he did not say it will happen this year
Found it:
viewtopic.php?f=1&t=145047&p=713806&hil ... er#p713800 :
You are right, that MikroTik made wireless driver doesn't have Wave2 support, so new chipset benefits are not there. We are working on a new driver.
For testing purposes a second wireless package would be great.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2265
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.45beta [testing] is released!

Tue Mar 05, 2019 11:27 pm

I hope to hear new information on MUM
LAN, FTTx, Wireless. ISP operator
 
buset1974
newbie
Posts: 43
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v6.45beta [testing] is released!

Wed Mar 06, 2019 2:41 am

Waiting fix for BGP Withdraw on multihoming PE-CE, mt said must rewrite bgp module, so do it ASAP it's a very important matter.
this issue not exist on other brand router and it's use more than 10 years software.
A lot of mikrotik device running mpls now and a lot of them on production.

thx
Last edited by buset1974 on Wed Mar 06, 2019 4:00 am, edited 1 time in total.
 
lelmus
just joined
Posts: 18
Joined: Wed Oct 17, 2012 5:50 am

Re: v6.45beta [testing] is released!

Wed Mar 06, 2019 3:56 am

6.45beta6 kills SPF+ port in RB4011iGS+5HacQ2HnD-IN.

I'm using the Maxxwave MW-SX+MM-US in the SFP+ port of the RB4011iGS+5HacQ2HnD-IN. With 6.45beta6 the SFP tab under interface its all empty and SFP+ is not functional. Tried a different Maxxwave MW-SX+MM-US and same issue.

Downgraded to 6.44 (Stable) and SFP tab under interface is filled up correctly and Maxxwave MW-SX+MM-US is normally functioning.


Also, 6.45beta6 in CCR1016-12S-1S+ with Maxxwave MW-SX+MM-US in the SFP+ port works fine.
 
ste
Forum Guru
Forum Guru
Posts: 1775
Joined: Sun Feb 13, 2005 11:21 pm

Re: v6.45beta [testing] is released!

Wed Mar 06, 2019 8:13 am

Will a new wireless driver package for 802.11ac be released in 6.45 or is it planned for a later RouterOS version?
Do you have any specific information about something to happen?
There are .ax Chipsets available for a while now. I guess all WISP vendors do at least some testing in Lab now. So they have to touch wireless package to make them work.
 
mistry7
Forum Guru
Forum Guru
Posts: 1217
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: v6.45beta [testing] is released!

Wed Mar 06, 2019 9:25 am

Don´t cry for next new Hardware, we had to wait over 12 Month for new Arm Chipsets to get running in most cases, most here had buyed 802.11n Hardware until there is no working 802.11ac available from Mikrotik, Wave2 is completely unsupported (most available devices from MT has Wave 2 Chipset).

So don´t cry for something new, cry for something working.
 
ste
Forum Guru
Forum Guru
Posts: 1775
Joined: Sun Feb 13, 2005 11:21 pm

Re: v6.45beta [testing] is released!

Wed Mar 06, 2019 10:32 am

Don´t cry for next new Hardware, we had to wait over 12 Month for new Arm Chipsets to get running in most cases, most here had buyed 802.11n Hardware until there is no working 802.11ac available from Mikrotik, Wave2 is completely unsupported (most available devices from MT has Wave 2 Chipset).

So don´t cry for something new, cry for something working.

You probably wont see MT to tweak Wifi-HW to an extend where it will be realy good for WISP usage (HW-accelerated TDMA, GPS-Sync ...). With .ac you are more or less limited to what the chipvendor does to get higher performance (plain 802.11 mode with rts/cts). So the only senseful option at the moment is to shop where this tweaking has bin done (anyone still did not manage to realize this?).

With 802.11ax the chipsetvendors have to put a lot of stuff into the chipset which helps WISPs. There is Scheduling, there is OFDMA. MT do not have to implement it. It is just there and it is vendor neutral. This is the way to go as fast as possible.

You try to ride a dead horse ...
 
mistry7
Forum Guru
Forum Guru
Posts: 1217
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: v6.45beta [testing] is released!

Wed Mar 06, 2019 10:59 am



With 802.11ax the chipsetvendors have to put a lot of stuff into the chipset which helps WISPs. There is Scheduling, there is OFDMA. MT do not have to implement it. It is just there and it is vendor neutral. This is the way to go as fast as possible.

You try to ride a dead horse ...
And this features will not work without working driver, and since MT write there own Drivers this features need to implement.
With own Drivers there is nothing out of Box from the chipset.
 
isacalmeida
just joined
Posts: 7
Joined: Wed Oct 03, 2018 2:58 pm

Re: v6.45beta [testing] is released!

Wed Mar 06, 2019 6:53 pm

Hello,

Fix: ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;

This fix came in version 6.44, but it fixes the bug only for a PPPoE connection with an L2TP tunnel over it. Is it possible to include in this version the adjustment of this bug so that there is no problem of a PPTP tunnel over a PPPoE tunnel?

Thanks
 
lvader
just joined
Posts: 2
Joined: Tue Mar 27, 2018 8:10 pm

Re: v6.45beta [testing] is released!

Wed Mar 06, 2019 7:35 pm

*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
would be great to get this fix also to stable 6.44. Very annoying.
 
bdallen
just joined
Posts: 8
Joined: Fri Nov 07, 2014 12:28 pm
Location: Brisbane, Straya

Re: v6.45beta [testing] is released!

Thu Mar 07, 2019 1:16 pm

I see this in 6.44

*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;

Can 6.45 chain have the following?

*) snmp - added BGP4 OIDs
 
User avatar
rdelacruz
newbie
Posts: 29
Joined: Thu Jul 14, 2016 8:12 pm

Re: v6.45beta [testing] is released!

Thu Mar 07, 2019 5:08 pm

Image

It would be best if Mikrotik can send these accounting data to the RADIUS when using DHCP+RADIUS authentication.
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 431
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.45beta [testing] is released!

Mon Mar 11, 2019 10:39 am

Version 6.45beta11 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.45beta11 (2019-Mar-08 13:24):

Changes in this release:

*) bridge - fixed log message when hardware offloading is being enabled;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - allow identities with empty XAuth login and password if RADIUS is enabled (introduced in v6.44);
*) lte - fixed LTE interface band setting on RBSXTLTE3-7 (introduced in v6.44);
*) lte - improved "info" command query;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sms - allow specifying multiple "allowed-number" values;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1694
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6.45beta [testing] is released!

Mon Mar 11, 2019 11:02 am

*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
Emils

I'm interested how did it happen? What someone had been messing for with e-mail part of ROS?
Real admins use real keyboards.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8251
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.45beta [testing] is released!

Mon Mar 11, 2019 11:42 am

"All changes are listed in Changelog" (c) :)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 431
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.45beta [testing] is released!

Mon Mar 11, 2019 12:24 pm

Somehow we have lost these change log entries in 6.44beta50 release. I will add them to 6.44 change log. Sorry for the error.

*) e-mail - added support for multiple transactions on single connection;
*) log - accumulate multiple e-mail messages before sending;
 
buset1974
newbie
Posts: 43
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v6.45beta [testing] is released!

Mon Mar 11, 2019 5:32 pm

today i'am experiencing problem with nat on 6.44,i think it has related with new conntrack @ ccr1009
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter)

sorry if i miss judge the problem, i degrade to 6.43.12 everything went normal.

thx
 
buset1974
newbie
Posts: 43
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v6.45beta [testing] is released!

Mon Mar 11, 2019 6:10 pm

Somehow we have lost these change log entries in 6.44beta50 release. I will add them to 6.44 change log. Sorry for the error.

*) e-mail - added support for multiple transactions on single connection;
*) log - accumulate multiple e-mail messages before sending;
Hi emils, when this bgp problem will be fix ?
[Ticket#2018112922000575]

thx
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5838
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.45beta [testing] is released!

Tue Mar 12, 2019 5:36 pm

@buset1974 not in v6
 
mducharme
Trainer
Trainer
Posts: 737
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.45beta [testing] is released!

Wed Mar 13, 2019 9:21 am

*) dhcpv6-server - added RADIUS accounting support;
This is excellent news - does this also work with DHCPv6 servers over PPP (ex. PPPoE)?
 
rutujajadhav
just joined
Posts: 1
Joined: Tue Mar 05, 2019 11:55 am

Re: v6.45beta [testing] is released!

Wed Mar 13, 2019 11:42 am

is there any opportunity to add some interior factors to DHCP-server ready content? like in DHCP-customer content.

need to send alarms with Macintosh and up to errand people and some APIs.
Last edited by rutujajadhav on Thu Mar 14, 2019 8:03 am, edited 1 time in total.
 
nimbo78
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Tue Jan 14, 2014 9:09 pm

Re: v6.45beta [testing] is released!

Wed Mar 13, 2019 11:47 am

*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
plz more info about this. syntax? format? etc
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5838
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.45beta [testing] is released!

Wed Mar 13, 2019 3:54 pm

check/ip dhcp-server vendor-class-id menu
 
bbs2web
Member Candidate
Member Candidate
Posts: 192
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: v6.45beta [testing] is released!

Wed Mar 13, 2019 8:58 pm

Would be really useful to have if then logic within DHCP.

The following snippet servers no file to Snom VoIP phone, x64 EFI PXE executable to UEFI PXE devices and normal PXE binary to compatibility devices.

From ISC DHCP subnet declaration:
if substring(binary-to-ascii(16, 8, ":", hardware), 0, 9) = "1:0:4:13:" {
# 1: prefix = Ethernet, SNOM phone MAC address prefix (00:04:13)
    filename "";
} elsif option unknown-93 = 00:07 {
#pxe-system-type or arch
    filename "pxe/efi/bootx64.efi";
} else {
    filename "pxe/pxelinux.0";
}
 
nimbo78
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Tue Jan 14, 2014 9:09 pm

Re: v6.45beta [testing] is released!

Wed Mar 13, 2019 10:03 pm

Would be really useful to have if then logic within DHCP.

The following snippet servers no file to Snom VoIP phone, x64 EFI PXE executable to UEFI PXE devices and normal PXE binary to compatibility devices.

From ISC DHCP subnet declaration:
if substring(binary-to-ascii(16, 8, ":", hardware), 0, 9) = "1:0:4:13:" {
# 1: prefix = Ethernet, SNOM phone MAC address prefix (00:04:13)
    filename "";
} elsif option unknown-93 = 00:07 {
#pxe-system-type or arch
    filename "pxe/efi/bootx64.efi";
} else {
    filename "pxe/pxelinux.0";
}
+++
 
User avatar
kmansoft
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Tue Jan 22, 2019 5:00 pm

Re: v6.45beta [testing] is released!

Thu Mar 14, 2019 2:43 pm

After seeing this

> *) certificate - added support for ECC (Elliptic Curve Cryptography);

in beta changelog, I'm trying to use an ECDSA certificate for IPSec authentication.

Doesn't seem to work:

- Key generation:

openssl ecparam -genkey -name secp384r1

- Certificate generation:

Same as before with RSA keys

- Server config - strongSwan, certificate auth

Loads its private EC key just fine

- Client config - another client also strongSwan to same server

Loads its private EC key just fine, is able to connect to the server

- Client config - Mikrotik AC2

I was able to import the certificates and an EC key (for the client's certificate), the cert gets marked as "KT" (T for trusted). So far so good.

And then trying to establish the connection:

The IKEv2 is negotiated.

At SA creation time apparently the Mikrotik AC2 can't authenticate, and it doesn't send an auth error back to the server (because I see the server keep retrying).

This keeps appearing in the logs:

> can't get private key

So it looks like "system / certificates" is able to match a certificate with its EC key (when both are imported, the cert is marked with "T" for "trusted").

But IPSec is not able to.

-----

Will this be fixed please so that EC certificates can be used for IPSec auth?

And one more thing - it seems that right now EC key support does not include ed25519. Could this be added please?
Last edited by kmansoft on Thu Mar 14, 2019 2:59 pm, edited 2 times in total.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5838
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.45beta [testing] is released!

Thu Mar 14, 2019 2:54 pm

EC certificates can be used only for www services. Ipsec does not support them.
 
User avatar
kmansoft
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Tue Jan 22, 2019 5:00 pm

Re: v6.45beta [testing] is released!

Thu Mar 14, 2019 3:08 pm

EC certificates can be used only for www services. Ipsec does not support them.
OK, any plans to make use for IPSec possible? And for ed25519 curve?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5838
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.45beta [testing] is released!

Thu Mar 14, 2019 4:59 pm

IKE2 rfc states the use of RSA.
What would be the client devices that support EC? Why exactly you need this?
 
Note
newbie
Posts: 49
Joined: Fri Jun 03, 2016 12:39 pm

Re: v6.45beta [testing] is released!

Fri Mar 15, 2019 8:58 am


*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
That is supposed that was fixed on 6.44 stable............
 
bommi
just joined
Posts: 24
Joined: Fri Jan 24, 2014 9:13 am
Location: Germany
Contact:

Re: v6.45beta [testing] is released!

Fri Mar 15, 2019 2:41 pm

IKE2 rfc states the use of RSA.
What would be the client devices that support EC? Why exactly you need this?
EC key exchanges are much faster than RSA, because the keysize is much smaller.
My usecase are mobile devices on bad mobile connections.
 
ppptran
just joined
Posts: 5
Joined: Sun Dec 30, 2018 9:18 am

Re: v6.45beta [testing] is released!

Sun Mar 17, 2019 7:37 am


*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
This .

If there's a fix for SFP with 100M fiber link would be greatly appreacited
 
idlemind
Forum Guru
Forum Guru
Posts: 1097
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: v6.45beta [testing] is released!

Mon Mar 18, 2019 5:39 am

IKE2 rfc states the use of RSA.
What would be the client devices that support EC? Why exactly you need this?

RFC 4754

https://tools.ietf.org/html/rfc4754

Not finalized but per usual MikroTik is behind almost all other vendors in supporting valid technology.

Of course we still can't ping IPv6 only hosts by name in the CLI, or provide clients with IPv6 addresses over DHCPv6.
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 431
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.45beta [testing] is released!

Mon Mar 18, 2019 1:29 pm

Version 6.45beta16 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.45beta16 (2019-Mar-18 07:49):

Changes in this release:

*) dhcpv4-server - improved stability when performing "check-status" command;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) lte - use default APN name "internet" when not provided;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) switch - properly reapply settings after switch chip reset;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
 
Farseer
just joined
Posts: 15
Joined: Sat Feb 09, 2019 11:25 pm

Re: v6.45beta [testing] is released!

Mon Mar 18, 2019 2:15 pm

For this patch, could you allow sa-dst-address and sa-src-address in IPSec to accept DDNS names? It's great and all to create scripts and to put it on a scheduler to resolve the ip's and update those fields, but can't it just accept the ddns name/cloud host name instead?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5838
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.45beta [testing] is released!

Mon Mar 18, 2019 2:28 pm

In what scenario? If it's road warrior (typical when src is unknown or when src has dynamic IP) then policies should be already auto generated.
 
Farseer
just joined
Posts: 15
Joined: Sat Feb 09, 2019 11:25 pm

Re: v6.45beta [testing] is released!

Mon Mar 18, 2019 3:18 pm

In what scenario? If it's road warrior (typical when src is unknown or when src has dynamic IP) then policies should be already auto generated.
In the scenario where an ISP doesn't provide a static IP to it's client, instead using Dynamic IP or PPPoE with a dynamic IP. In such cases, a DDNS hostname is always needed to achieve VPN/Online Cameras/RDP. But when it comes to doing an IPSec VPN setup with a Mikrotik router, the hostnames can't be used as you can't enter them into sa-dst-address, thereby forcing you to go make a script and putting that script on a scheduler.

Edit: Non-road warrior basically.
 
Zoolander06
just joined
Posts: 15
Joined: Thu Jan 03, 2019 5:26 pm

Re: v6.45beta [testing] is released!

Mon Mar 18, 2019 6:06 pm


*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
Hi,

Is there a documentation somewhere about this new feature ?

Joris

Who is online

Users browsing this forum: No registered users and 2 guests