Community discussions

  • 1
  • 3
  • 4
  • 5
  • 6
  • 7
  • 9
 
User avatar
jetzcezt
just joined
Posts: 1
Joined: Wed Jul 03, 2019 12:10 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 12:20 pm

Hello good People :) ,

if you are using PEAR2_Net_RouterOS-1.0.0b6 API by Vasil Rangelov (boenrobot), replace code on Client.php for 7 rows, start at line 292 until line 298, to be :
$request->setArgument('password',$password);
just that one line for make it usable again.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1406
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 12:48 pm

Winbox 3.19 has been released:

viewtopic.php?f=21&p=737780#p737780
 
andriys
Forum Guru
Forum Guru
Posts: 1111
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 12:51 pm

@andriys. Sorry but I don't saw the official strods post answering a lot of posts of this threads with the info about GRE.
It was in a (rather long) post here.
And then a followup here.
 
joserudi
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Thu Nov 22, 2007 10:16 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 12:56 pm

After upgrading to 6.45.1 PPPOE Profile bandwidth defaults are not creating simple queues. Radius auth is working but if the radius server does not send Mikrotik-Rate for a user ( meaning use the profiles default settings ) it does not. Only users with a defined Mikrotik-Rate get simple queues created... IE for higher bandwidth packages..
I have the same problem, PPPOE and HOTSPOT Profile defaults bandwith are not creating simple rules. Only its possible acroos radius-rate
 
User avatar
glee
just joined
Posts: 5
Joined: Fri Aug 18, 2017 5:44 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 1:13 pm

Is there any ETA for long-term release which will fix vulnerabilities?
 
sindy
Forum Guru
Forum Guru
Posts: 3758
Joined: Mon Dec 04, 2017 9:19 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 1:39 pm

@andriys. Sorry but I don't saw the official strods post answering a lot of posts of this threads with the info about GRE.

I said temporary fix because I have some RB450G with 6.45.1 running perfectly against a RB850Gx2 with 6.45.1 without any new firewall rule about GRE. That's why I though it's a temporary fix.
For these GRE (and EoIP, it's the same story as EoIP is an application using GRE) tunnels which work in 6.45.1 without modification, something at both ends must be sending initial connection requests to the tunnel (TCP SYN, DNS queries, whatever), so each end creates an established connection in its local firewall on its own. It may also be caused by keepalives configured on GRE itself if there is no spontaneous traffic. Tunnel ends where keepalive is disabled and all local side devices are just listening servers will not establish the GRE tunnel without the rule in chain input of ip firewall filter (if they are tunnel endponi devices themselves); for transit PPTP, and maybe also for locally terminated PPTP, the PPTP helper must be enabled in ip firewall service-port.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
notToNew
Member Candidate
Member Candidate
Posts: 146
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 1:43 pm

Is there any ETA for long-term release which will fix vulnerabilities?
You didnt read the thread, did you?
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
User avatar
glee
just joined
Posts: 5
Joined: Fri Aug 18, 2017 5:44 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 2:08 pm

Is there any ETA for long-term release which will fix vulnerabilities?
You didnt read the thread, did you?
I did, so far there has been only "as soon as possible". It's been 6 days!
I don't get it why it is taking so long.. Fixes for CVE-2018-14847 were released for all channels at same day.
Last edited by glee on Wed Jul 03, 2019 2:41 pm, edited 1 time in total.
 
User avatar
Lifz
newbie
Posts: 35
Joined: Tue Feb 26, 2013 1:05 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 2:14 pm

Is there any ETA for long-term release which will fix vulnerabilities?
You didnt read the thread, did you?
I did, so far there has been only "as soon as possible". It's been 3 days!
I don't get it why it is taking so long.. Fixes for CVE-2018-14847 were released for all channels at same day.
Long term: When a Stable release has been out for a while and seems to be stable enough, it gets promoted into the Long Term branch, replacing an older release, which is then moved to Archive. This consecutively adds new features.
 
jamesw
newbie
Posts: 25
Joined: Tue Jul 04, 2017 2:52 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 2:23 pm

We are also facing the same issue with Hotspot / RADIUS authentication broken because the Password that is send to RADIUS is garbage/corrupt.

This is affecting 1000+ customers to a big issue.

Case raised; ticket #2019070322005393

Thanks for any help.

James
 
pe1chl
Forum Guru
Forum Guru
Posts: 5545
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 2:31 pm

Is there any ETA for long-term release which will fix vulnerabilities?
You can fix the vulnerabilities using a firewall rule...
 
LeftyTs
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Thu Nov 03, 2016 2:39 am
Location: Athens, Greece
Contact:

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 2:32 pm

In a CRS326, RoS complains about collisions in a half duplex interface. I have had problems before with this interface as it needed to be reset every few days [Ticket#2018122022004844]. I have even set the specific Ethernet interface to "full-duplex=no speed=10Mbps" and those warning messages should not exist as it is normal for collisions to occur in half duplex interfaces.

12:40:19 interface,warning ether16 excessive or late collision, link duplex mismatch?

In any case, there seems to be improvement from previous versions as the Gigabit interfaces have not stopped from working yet when I was testing the beta version.
 
User avatar
glee
just joined
Posts: 5
Joined: Fri Aug 18, 2017 5:44 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 2:36 pm

Is there any ETA for long-term release which will fix vulnerabilities?
You didnt read the thread, did you?
I did, so far there has been only "as soon as possible". It's been 6 days!
I don't get it why it is taking so long.. Fixes for CVE-2018-14847 were released for all channels at same day.
Long term: When a Stable release has been out for a while and seems to be stable enough, it gets promoted into the Long Term branch, replacing an older release, which is then moved to Archive. This consecutively adds new features.
I would argue that releasing software that includes security fixes should be also released to all channels at same day since this will leave devices who are running on long-term channel exploitable. There wasn't even "Testing" channel release, so they really rushed it out only for Stable channel... why? I guess cause of the security fixes.. why not handle long-term same way?

Anywho I upgraded our lab two days ago to 6.45.1. These are my notes:

These models have been running OK.
  • CCR1016-12S-1S+
  • CRS317-1G-16S+
  • CRS226-24G-2S+
  • RB M33G with R11e-LTE and R11e-4G
  • wAP 60GHz
  • SXTsq 5GHz
  • RB3011UiAS
  • RB4011iGS+
  • hAP AC
  • cAP AC
Features tested with this release in lab.
  • Streaming Packet Sniffer
  • LTE
  • L2TP over IPsec
  • EoIP over IPSec
  • SSTP
  • IPSec
  • OSPF
  • VRRP
  • Bonding
  • Mangle
  • Queues
  • Wireless
  • CAPsMAN
  • SNMPv3
 
pe1chl
Forum Guru
Forum Guru
Posts: 5545
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 3:23 pm

I would argue that releasing software that includes security fixes should be also released to all channels at same day since this will leave devices who are running on long-term channel exploitable.
The portion of devices running the latest long-term version and being actively managed by someone/some team who would install a security update in the current long-term channel immediately once it becomes available is likely very, very, very small.

Especially as there is no automatic update mechanism (with its associated security fix channel) in RouterOS, most devices are not regularly updated and many run versions that are very old and have really critical vulnerabilities (compared to this one).
People that elect to run the long-term version also usually are quite conservative in updating it.

Furthermore, you can fix this one with a firewall rule. I have done so early on, and it has not yet revealed attempts to exploit it.
Of course that does not mean it will never happen.
 
User avatar
glee
just joined
Posts: 5
Joined: Fri Aug 18, 2017 5:44 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 3:29 pm

I would argue that releasing software that includes security fixes should be also released to all channels at same day since this will leave devices who are running on long-term channel exploitable.
The portion of devices running the latest long-term version and being actively managed by someone/some team who would install a security update in the current long-term channel immediately once it becomes available is likely very, very, very small.

Especially as there is no automatic update mechanism (with its associated security fix channel) in RouterOS, most devices are not regularly updated and many run versions that are very old and have really critical vulnerabilities (compared to this one).
People that elect to run the long-term version also usually are quite conservative in updating it.

Furthermore, you can fix this one with a firewall rule. I have done so early on, and it has not yet revealed attempts to exploit it.
Of course that does not mean it will never happen.
We are running long-term for customers and we are automatically updating the devices via Ansible with three phases (1day; 5days; 10days delay). Few of our partners are doing the same.
Yes I know we can fix this with firewall rule, we just finished testing our Ansible playbooks for phase1 clients - ~300 devices OK. Going to deploy it to phase2 and phase3 rings now.
 
seregaelcin
just joined
Posts: 3
Joined: Wed Jul 03, 2019 3:23 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 3:34 pm

After update 6.44.3->6.45.1 pptp-client doesn't work - connecting.... disconnecting....connecting.... disconnecting....
After downgrade 6.45.1->6.44.3 it works
 
Ulypka
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Wed Jan 09, 2013 8:26 am

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 3:36 pm

2018101022007579 still present

2019.07.03-10:17:52.91@10: 2300: recalculate OSPFv2 routes
2019.07.03-10:17:53.73@10: repairDelete: done, deleted 0
2019.07.03-10:17:53.74@10: repairAdd: done, added 4060
2019.07.03-10:17:54.90@10: 2302: recalculate OSPFv2 routes
2019.07.03-10:25:41.17@3:
2019.07.03-10:25:41.17@3:
2019.07.03-10:25:41.17@3: /nova/bin/route
2019.07.03-10:25:41.17@3: --- signal=12 --------------------------------------------
2019.07.03-10:25:41.17@3:
2019.07.03-10:25:41.17@3: r00=0x000000007fbef774 r01=0x000000007fbef77c r02=0x000000007fbef77c
2019.07.03-10:25:41.17@3: r03=0x000000007fbef848 r04=0x00000000002aeca8 r05=0x00000000003b9940
2019.07.03-10:25:41.17@3: r06=0x0000000000000000 r07=0x0000000000000000 r08=0x0000000000000000
2019.07.03-10:25:41.17@3: r09=0x0000000000000000 r10=0x00000000003b9958 r11=0x00000000003b995c
2019.07.03-10:25:41.17@3: r12=0x000000000057f5f0 r13=0x0000000000000000 r14=0x000000000057f5e8
2019.07.03-10:25:41.17@3: r15=0x0000000000000001 r16=0x0000000000000001 r17=0x00000000002aedcc
2019.07.03-10:25:41.17@3: r18=0x0000000000000001 r19=0x0000000000000000 r20=0x00000000005979e8
2019.07.03-10:25:41.17@3: r21=0x00000000ffffffff r22=0x0000000008ff0003 r23=0x00000000005979d8
2019.07.03-10:25:41.17@3: r24=0x000000007fbef728 r25=0x000000007fbef728 r26=0x00000000000197a0
2019.07.03-10:25:41.17@3: r27=0x0000000000250128 r28=0x0000000077d5b5f0 r29=0x0000000000000100
2019.07.03-10:25:41.17@3: r30=0x000000007fbef780 r31=0x000000007fbef77c r32=0x000000007fbef774
2019.07.03-10:25:41.17@3: r33=0x000000007fbef83c r34=0x000000007fbef848 r35=0x00000000003b9950
2019.07.03-10:25:41.17@3: r36=0x000000007fbef844 r37=0x00000000003b9954 r38=0x00000000002aeca8
2019.07.03-10:25:41.17@3: r39=0x00000000003b9940 r40=0x00000000003c60d8 r41=0x00000000000000fe
2019.07.03-10:25:41.17@3: r42=0x00000000003b9958 r43=0x00000000ac1a1005 r44=0x0000000000000001
2019.07.03-10:25:41.17@3: r45=0x0000000000028948 r46=0x00000000000288c8 r47=0x0000000000000086
2019.07.03-10:25:41.17@3: r48=0x0000000077ae1444 r49=0x00000000000653e0 r50=0x0000000077e5cd70
2019.07.03-10:25:41.17@3: r51=0x0000000077ec2040 r52=0x000000007fbefd90 tp=0x0000000077f22fa0
2019.07.03-10:25:41.17@3: sp=0x000000007fbef760 lr=0x00000000001726b0 pc=0x0000000077d5b618
2019.07.03-10:25:41.17@3: ics=0x0000000000000000 faultnum=0x000000000000001d
2019.07.03-10:25:41.17@3:
2019.07.03-10:25:41.17@3: maps:
2019.07.03-10:25:41.17@3: 00010000-00250000 r-xp 00000000 00:0f 659 /nova/bin/route
2019.07.03-10:25:41.17@3: 77af0000-77b20000 r-xp 00000000 00:0f 468 /lib/libgcc_s.so.1
2019.07.03-10:25:41.17@3: 77b30000-77d30000 r-xp 00000000 00:0f 465 /lib/libc-2.17.so
2019.07.03-10:25:41.17@3: 77d50000-77d70000 r-xp 00000000 00:0f 448 /lib/libuc++.so
2019.07.03-10:25:41.17@3: 77d80000-77da0000 r-xp 00000000 00:0f 451 /lib/libucrypto.so
2019.07.03-10:25:41.17@3: 77db0000-77dc0000 r-xp 00000000 00:0f 453 /lib/libufiber.so
2019.07.03-10:25:41.17@3: 77dd0000-77de0000 r-xp 00000000 00:0f 467 /lib/libdl-2.17.so
2019.07.03-10:25:41.17@3: 77e00000-77e10000 r-xp 00000000 00:0f 454 /lib/libubox.so
2019.07.03-10:25:41.17@3: 77e20000-77ec0000 r-xp 00000000 00:0f 450 /lib/libumsg.so
2019.07.03-10:25:41.17@3: 77ed0000-77f10000 r-xp 00000000 00:0f 462 /lib/ld-2.17.so
2019.07.03-10:25:41.17@3:
2019.07.03-10:25:41.17@3: stack: 0x7fbf0000 - 0x7fbef760
2019.07.03-10:25:41.17@3: 98 26 17 00 00 00 00 00 20 f8 be 7f 00 00 00 00 44 14 ae 77 58 99 3b 00 58 99 3b 00 80 f7 be 7f
2019.07.03-10:25:41.17@3: 00 00 00 00 00 00 00 00 01 00 00 00 05 10 1a ac 05 10 1a ac 00 00 00 00 cc f8 be 7f 00 00 00 00
2019.07.03-10:25:41.17@3:
2019.07.03-10:25:41.17@3: backtrace: 0x77e53ce0 0x77b08e28 0x77d5b618 0x001726b0 0x00172fd0 0x77e5cee0 0x77e56968 0x77e5b3b8 0x77db8170 0x77e59fd0 0x77e51b10 0x77e51be0 0x77e5eda8 0x0001dca0 0x77b4aa40 0x000215a8
2019.07.03-10:25:41.17@3: extra 0x7fbef96c
2019.07.03-10:25:41.17@3: virtual void nv::Looper::dispatchMessage(nv::message&)
2019.07.03-10:25:41.17@3: Handler: 0x00000081
2019.07.03-10:25:41.17@3: true--- nv::message --------
2019.07.03-10:25:41.17@3: bool [local::1002]=true
2019.07.03-10:25:41.17@3: bool [SYS_REPLYEXP]=true
2019.07.03-10:25:41.17@3: u32 [SYS_POLICY]=-16385 0xffffbfff 255.191.255.255
2019.07.03-10:25:41.17@3: u32 [STD_FILTER]=5 0x5 5.0.0.0
2019.07.03-10:25:41.17@3: u32 [SYS_TYPE]=TYPE_REQUEST
2019.07.03-10:25:41.17@3: u32 [STD_GETALLID]=6162984 0x5e0a28 40.10.94.0
2019.07.03-10:25:41.17@3: u32 [SYS_REQID]=556 0x22c 44.2.0.0
2019.07.03-10:25:41.17@3: u32 [SYS_CMD]=CMD_GETALL
2019.07.03-10:25:41.17@3: message [STD_GETALL_COOKIE]...
2019.07.03-10:25:41.17@3: true --- nv::message --------
2019.07.03-10:25:41.17@3: u32 [3]=-1407578107 0xac1a1005 5.16.26.172
2019.07.03-10:25:41.17@3: u32 [STD_ID]=1 0x1 1.0.0.0
2019.07.03-10:25:41.17@3: u32 [1]=1 0x1 1.0.0.0
2019.07.03-10:25:41.17@3: u32 [2]=-1407578107 0xac1a1005 5.16.26.172
2019.07.03-10:25:41.17@3: u32 [14]=2824504 0x2b1938 56.25.43.0
2019.07.03-10:25:41.17@3: u32[0x00000000] [SYS_TO]=
2019.07.03-10:25:41.17@3: u32[0x00000002] [SYS_FROM]=0x00000030, 0x000000
 
seregaelcin
just joined
Posts: 3
Joined: Wed Jul 03, 2019 3:23 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 5:05 pm

After update 6.44.3->6.45.1 pptp-client doesn't work - connecting.... disconnecting....connecting.... disconnecting....
After downgrade 6.45.1->6.44.3 it works
i created gre input firewall rule and replaced over fasstrack. pptp-client connected. Solved
 
User avatar
Panbambaryla
just joined
Posts: 4
Joined: Sat Jun 08, 2019 12:12 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 5:20 pm

After update 6.44.3->6.45.1 pptp-client doesn't work - connecting.... disconnecting....connecting.... disconnecting....
After downgrade 6.45.1->6.44.3 it works
i created gre input firewall rule and replaced over fasstrack. pptp-client connected. Solved
No need to...
Just enable ip firewall service ports pptp NAT helper... It's been mentioned so many timees in here...
Best, Bam
 
maxsaf
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Tue Mar 06, 2018 8:47 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 5:33 pm

The Dude - RouterOS checkmark doesn't work anymore. Error "invalid user name or password (6), next attempt at Jul/04 14:25:10"
 
User avatar
gepelbaum
just joined
Posts: 6
Joined: Sat Mar 18, 2017 8:58 am
Location: AR
Contact:

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 6:04 pm

My update report:
Dear, after updating the 6.44.3 version 6.45.1 experience that the name field of the ipsec tunnels was removed, this occurred in all devices where I had ipsec configured and in some had several tunnels configured.
For the rest, I did not see any problem although this if I present productivity problems in the clients.
regards
 
nmt1900
newbie
Posts: 26
Joined: Wed Feb 01, 2017 12:36 am

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 6:30 pm

It looks like SNMP access from Dude works OK with SNMPv1 or SNMPv2c. Maybe something with SNMPv3 authentication or encryption is wrong in Dude?
It looks like Dude has problems with SNMP access.

snmpwalk to other Mikrotik device causes this to appear in log of target device
10:22:24 snmp,debug unsupported v3 security level 
10:22:24 snmp,debug v3 err: 0 unsupported security
10:22:24 snmp,debug bad packet

and snmpwalk times out. We have LibreNMS set up for monitoring and it works fine as it did before.SNMP is set up as v3 private access.

Dude is updated to 6.45.1. It is hard to say whether Dude is the problem or RouterOS on the device itself...
I have that same problem
 
mserge
just joined
Posts: 8
Joined: Tue May 28, 2019 8:51 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 6:40 pm

Winbox 3.19 has been released:

viewtopic.php?f=21&p=737780#p737780
I tried it but i still get same error "Wrong user or password", any ideas?
 
theplanet
just joined
Posts: 4
Joined: Sun Jul 06, 2014 8:27 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 6:41 pm

There is a major problem with Hotspot + Radius + Mac Authentication... i have dmasoftlab radius and after the upgrade no client connected automatically... before the upgrade all working... and now no mac auth... I've found the problem, is is http pap , has to be disabled.
 
nostromog
Member Candidate
Member Candidate
Posts: 143
Joined: Wed Jul 18, 2018 3:39 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 7:43 pm

I upgraded 2 mAP Lite without a single issue, and another old 750GL. Same

On the other side, the hAP ac that could not be upgraded/downgraded to 6.44.* or 6.45beta* because it had the 100% looping CPU on ipsec is stil behaving the same.

It hangs in some initial script that tries to modify ipsec policies depending on dynamic local ip, it hangs on "/ export" or "/ip ipsec <whatever>". I can't generate a supout because it hangs :(

Again, downgrading to long-term works, and it recovers a very simple and working, ipsec configuration:
/ip ipsec export hide-sensitive 
# jul/03/2019 18:35:52 by RouterOS 6.43.16
# software id = <edited>
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = <edited>
/ip ipsec mode-config
add address-pool=vpn2 name=RW-cfg split-include=192.168.87.0/24,192.168.90.0/24,192.168.91.0/24
/ip ipsec policy group
add name=RoadWarrior
/ip ipsec peer
add auth-method=pre-shared-key-xauth generate-policy=port-strict mode-config=RW-cfg passive=yes policy-template-group=RoadWarrior
/ip ipsec policy
add dst-address=192.168.91.0/24 group=RoadWarrior src-address=192.168.87.0/24 template=yes
add dst-address=192.168.91.0/24 group=RoadWarrior src-address=192.168.90.0/24 template=yes
add dst-address=192.168.91.0/24 group=RoadWarrior src-address=192.168.91.0/24 template=yes
add disabled=yes dst-address=192.168.91.0/24 group=RoadWarrior src-address=0.0.0.0/0 template=yes
/ip ipsec user
add name=user2
add name=user
add name=user3
Deleting the ipsec configuration and upgrading loops the same. I'll keep it in long-term until either a stable version works or a long-term version works "past" the problem, or I can make netinstall work, which I have not been able for the moment...

There is another, remote office machine, that I'm scared to upgrade because I'm afraid that the issue will happen again and I can't easily recover the machine. It is quite critical and far away.

Is any of the other people that was experiencing with me this 100% CPU loop in ipsec in 6.44-6.45 been able to recover? How?
 
sindy
Forum Guru
Forum Guru
Posts: 3758
Joined: Mon Dec 04, 2017 9:19 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 8:43 pm

It hangs in some initial script that tries to modify ipsec policies depending on dynamic local ip, it hangs on "/ export" or "/ip ipsec <whatever>". I can't generate a supout because it hangs :(
Have you tried to reset the machine to defaults before or better after upgrade to 6.45.1 and then manually create the IPsec configuration from the export rather than letting the upgrade script do that? This clearly cannot be used on the production machine but it should at least confirm that the IPsec part is the trigger, so you could be able to remove the IPsec configuration on the production machine before the upgrade if you can provide some other means to access it remotely (ssh, https) and recreate the IPsec part after the upgrade.

Other than that, a support.rif of the state before upgrade should be enough for support to simulate the same process at their end.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
owsugde
just joined
Posts: 20
Joined: Thu Oct 06, 2016 5:01 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 9:52 pm

All I can say is be very careful with this update. I have rolled it out on some remote devices, and now, one isn't having ethernet connectivity at all (at the least) and the other isn't coming back up over OVPN.

Can't say more about what has caused this in particular, yet. Probably will have to be on premises tomorrow because of this, more on it then...
 
DotTest37
newbie
Posts: 49
Joined: Sun Oct 06, 2013 10:01 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 10:33 pm

What does exactly mean:
!) user - removed insecure password storage;
?
 
pe1chl
Forum Guru
Forum Guru
Posts: 5545
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 10:37 pm

What does exactly mean:
!) user - removed insecure password storage;
?
It is already written in the head of the release notes!
In older RouterOS versions before 6.43 the passwords were stored in plaintext.
In the 6.43 version they were changed to hashes but the plaintext version remained so you could downgrade and still have your passwords.
Now the plaintext versions are deleted, so when you downgrade from 6.45.1 to a 6.42 or older version you lose all your passwords.
 
dlausch
just joined
Posts: 11
Joined: Thu Jan 05, 2017 1:43 pm
Location: Uelzen, Germany

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 10:54 pm

i have found the failure.
connecting with the android app over vpn (i am not at home) is fine.
connecting with winbox from my windows laptop over vpn is fone too.

only winbox running with wine on my macbook shows this failure
and after deleting the cache in winbox it connects again on my macbook
I've got a similar issue...

I'm unable to connect my Router / APs etc by IOS app, no matter if VPN or WLAN.
The logs say: "system,error,critical login failure for user david from 10.200.5.13 via tikapp"

Via Winbox, SSH or Web no problems.
So I had to turn of the network for my Kids by ssh, not by app...

Greetz
David
Security is just a appearance....
 
CharlyBrown
just joined
Posts: 6
Joined: Tue Jul 17, 2018 7:12 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 11:08 pm

Hi Guys, I recently updated 2 of my routers, one of them has Dude installed, and when I try to login through API, I receive the same error.
The las version installed on my routers are 6.44, and the API login style is the one indicated on the wiki.
Other strange thing, when I try to use AUTO UPGRADE option from other routers I receive the same error. (wrong password). The configured server with update packages are the router with DUDE, with 6.51 version.-
I try to reset de admin password, api password and nothing happened.
When I try to connect through API and AUTO UPGRADE option between routers with 6.44 version, everything works fine.
If need more information about those tests please tell me.
me to, but i have problem on api, i can connect with winbox, but i can't login with API ( wrong password ). why?
Do you use new login style in API?
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
 
DotTest37
newbie
Posts: 49
Joined: Sun Oct 06, 2013 10:01 pm

Re: v6.45.1 [stable] is released!

Wed Jul 03, 2019 11:12 pm

What does exactly mean:
!) user - removed insecure password storage;
?
It is already written in the head of the release notes!
In older RouterOS versions before 6.43 the passwords were stored in plaintext.
In the 6.43 version they were changed to hashes but the plaintext version remained so you could downgrade and still have your passwords.
Now the plaintext versions are deleted, so when you downgrade from 6.45.1 to a 6.42 or older version you lose all your passwords.
Which passwords?
The one used to log in on Router OS?
The ones for PPP accounts?
Anything else?
Which ones?
Are we talking also the password visibility when you do EXPORT on the CLI? (you see all passwords there)
 
salah
just joined
Posts: 7
Joined: Sun Jan 10, 2016 12:09 am

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 1:51 am

can anyone help me to enable this future (dot1x) on my LAN network

I have a tp-link access point with WPA/WPA2 enterprise authentication.
 
faraujo88
just joined
Posts: 12
Joined: Fri Feb 15, 2019 2:28 am

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 2:31 am

Hi Guys

I am having problem to update my device,

it complete and reboot , but when i go to check the currentversion, is still 6.42 and not 6.45

Please Help
Can U send log? did u check correct architecture?
 
faraujo88
just joined
Posts: 12
Joined: Fri Feb 15, 2019 2:28 am

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 2:32 am

What does exactly mean:
!) user - removed insecure password storage;
?
It is already written in the head of the release notes!
In older RouterOS versions before 6.43 the passwords were stored in plaintext.
In the 6.43 version they were changed to hashes but the plaintext version remained so you could downgrade and still have your passwords.
Now the plaintext versions are deleted, so when you downgrade from 6.45.1 to a 6.42 or older version you lose all your passwords.
Which passwords?
The one used to log in on Router OS?
The ones for PPP accounts?
Anything else?
Which ones?
Are we talking also the password visibility when you do EXPORT on the CLI? (you see all passwords there)
I guess it refears to Management users.
 
User avatar
winet
Member Candidate
Member Candidate
Posts: 272
Joined: Fri Mar 16, 2007 4:49 pm
Location: Indonesia

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 5:59 am

i think, v6.45.1 still have security hole. this happened last night. it's v6.45.1, and had already created new user credential on it, removed the old one. and somehow, the router made a vpn interface with the old deleted user login.
You do not have the required permissions to view the files attached to this post.
Last edited by winet on Thu Jul 04, 2019 6:21 am, edited 1 time in total.
 
xtrans
just joined
Posts: 8
Joined: Fri Feb 15, 2019 3:44 pm

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 6:19 am

This version is not automatically show captive portal on hotspot
I downgrade to 6.44.3 and fix.
 
User avatar
winet
Member Candidate
Member Candidate
Posts: 272
Joined: Fri Mar 16, 2007 4:49 pm
Location: Indonesia

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 6:35 am

ah got it, there is something on the system scheduler
You do not have the required permissions to view the files attached to this post.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1406
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 7:05 am

joserudi - Please send supout file to support@mikrotik.com. Generate file while the problem is present and name at least single user which does not get rate-limit;
LeftyTs, Ulypka, gepelbaum, nostromog, CharlyBrown, xtrans - Please send supout file to support@mikrotik.com. Generate file while the problem is present;
mserge - Make sure that you use Winbox 3.19. If the problem persists, then generate a new supout file on your router after failed Winbox login attempt and send it to support@mikrotik.com;
owsugde - Is it possible that you are using a certificate verification feature which was introduced in this release? "ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066)"
dlausch - Sound like you have the same problem as we did with Winbox. Also new iOS MikroTik mobile application update will be released very soon;

Everyone - Everyone who is experiencing RADIUS related problems with authentication since v6.45, we will soon release 6.46beta version with potential fix for the problem;
Everyone - Long-term version will be released as soon as possible. There is no ETA since everyone will want version as stable as possible. We can not simply name date and time when the version will be released. It depends on test results.
 
xtrans
just joined
Posts: 8
Joined: Fri Feb 15, 2019 3:44 pm

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 7:32 am

Requesting for /ip hotspot active Session time left to be editable.
 
bubniakz
just joined
Posts: 1
Joined: Thu Jul 04, 2019 7:47 am

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 7:49 am

we use CRM, ISPadmin, which communicates with MKT by API, but when updating to 6.45.1
API doesnt work, because new API authentification is not implement in our CRM. It says
"killing PID 25009, API number exceeds the limit", but when downgrade to 6.44.3, which
worked with CRM prior and should have compatibility with old API authentification, it
doesnt work anymore and still have API error.

Log in MKT: "login failure via API"

thanks for help
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 8:30 am

joserudi - Please send supout file to support@mikrotik.com. Generate file while the problem is present and name at least single user which does not get rate-limit;
LeftyTs, Ulypka, gepelbaum, nostromog, CharlyBrown, xtrans - Please send supout file to support@mikrotik.com. Generate file while the problem is present;
mserge - Make sure that you use Winbox 3.19. If the problem persists, then generate a new supout file on your router after failed Winbox login attempt and send it to support@mikrotik.com;
owsugde - Is it possible that you are using a certificate verification feature which was introduced in this release? "ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066)"
dlausch - Sound like you have the same problem as we did with Winbox. Also new iOS MikroTik mobile application update will be released very soon;

Everyone - Everyone who is experiencing RADIUS related problems with authentication since v6.45, we will soon release 6.46beta version with potential fix for the problem;
Everyone - Long-term version will be released as soon as possible. There is no ETA since everyone will want version as stable as possible. We can not simply name date and time when the version will be released. It depends on test results.
CCR1036-8G-2S+ , having random reboot by watchdog after upgrade to 6.45.1.
I have sent the supout file

thx
 
tesme33
newbie
Posts: 45
Joined: Mon May 26, 2014 10:25 pm

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 8:42 am

Hi
im attaching the config. There is nothing fancy in. But once the package is downloaded only 60KiB are left on the flash.
And this is just not enough. Now i need to figure out how to upgrade ind. packages step by step. Never did this before.

In between i was upgrading a CCR1009. Works. But also no fancy config. Just routing,dhcp and firewall.


Hi
upgraded crs326 and one hap lite without issues : 6.43.3 --> 6.45.1
one hap lite wont upgrade. I suspect space problem, but there are no files on the system.

It's the oroblem with free memory. Devices with small flash (less than 64MB) download upgrade packages to RAM ... and for that some 12MB RAM should be free. Free RAM on your hAP lite is quite low ... do you have some large address list?
You do not have the required permissions to view the files attached to this post.
 
User avatar
arsalansiddiqui
just joined
Posts: 12
Joined: Mon Aug 14, 2017 1:03 pm
Location: Karachi, Pakistan
Contact:

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 8:56 am

Hi, i have upgraded my two RB750 to v6.45.1 and they are not let me access through api, and my 6.43.8, 6.44.3 is connecting to api normally, i'm using default port and i'm accessing in php.
Before upgrading i can connect both tiks with api.
Thanks
 
User avatar
kanitelka
just joined
Posts: 2
Joined: Wed Oct 03, 2018 11:21 am
Location: Moscow, Russia

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 9:14 am

After update 6.44.3->6.45.1 pptp-client doesn't work - connecting.... disconnecting....connecting.... disconnecting....
After downgrade 6.45.1->6.44.3 it works
i created gre input firewall rule and replaced over fasstrack. pptp-client connected. Solved
The problem is only with PPTP?
 
reiniss2
MikroTik Support
MikroTik Support
Posts: 47
Joined: Wed Jan 02, 2019 12:14 pm

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 9:15 am

Hi, i have upgraded my two RB750 to v6.45.1 and they are not let me access through api, and my 6.43.8, 6.44.3 is connecting to api normally, i'm using default port and i'm accessing in php.
Before upgrading i can connect both tiks with api.
Thanks
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8292
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 10:35 am

but when downgrade to 6.44.3, which
worked with CRM prior and should have compatibility with old API authentification, it
doesnt work anymore and still have API error.

Log in MKT: "login failure via API"

thanks for help
When you upgraded to 6.45, plaintext passwords were removed. That's why you cannot use old login method on that router. You may try to recreate/reset password for API user on 6.44
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
mangust479
just joined
Posts: 4
Joined: Sun Jan 28, 2018 11:44 pm

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 11:08 am

I updated 37 routers of different models, at all the error is observed: one core of CPU is loaded for 100% by process of routing, OSPF falls off when you come into the OSPF settings that there in general there is nothing. There is information when it is able to be corrected? I wrote to support already.
 
User avatar
le1
just joined
Posts: 7
Joined: Sat Sep 15, 2018 8:56 pm
Location: Georgia, Tbilisi
Contact:

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 11:32 am

Hello, I have problem with radius server authentication :(
hotspot,info,debug {MAC Address} (192.168.88.18): login failed: RADIUS server is not responding
hotspot,info,debug {MAC Address} (192.168.88.18): trying to log in by http-pap
 
User avatar
arsalansiddiqui
just joined
Posts: 12
Joined: Mon Aug 14, 2017 1:03 pm
Location: Karachi, Pakistan
Contact:

Re: v6.45.1 [stable] is released!

Thu Jul 04, 2019 12:34 pm

Hi, i have upgraded my two RB750 to v6.45.1 and they are not let me access through api, and my 6.43.8, 6.44.3 is connecting to api normally, i'm using default port and i'm accessing in php.
Before upgrading i can connect both tiks with api.
Thanks
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
i did not understand it, what changes should i do to login ?
$API->connect($ip_address, $api_username, $api_password, $port );
  • 1
  • 3
  • 4
  • 5
  • 6
  • 7
  • 9

Who is online

Users browsing this forum: No registered users and 10 guests