Community discussions

 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 453
Joined: Thu Dec 11, 2014 8:53 am

v6.46beta [testing] is released!

Thu Jul 04, 2019 3:45 pm

Version 6.46beta6 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.46beta6 (2019-Jul-04 11:53):

Changes in this release:

*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
 
User avatar
eworm
Member
Member
Posts: 334
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.46beta [testing] is released!

Thu Jul 04, 2019 5:06 pm

My IPSec issues persist. (Though there are no more crashes.) Sent a reply with support output file to Ticket#2019070222004609.
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
User avatar
petrb
Frequent Visitor
Frequent Visitor
Posts: 95
Joined: Thu Jan 26, 2017 4:17 pm

Re: v6.46beta [testing] is released!

Thu Jul 04, 2019 5:32 pm

DHCPv6 PD from radius works again. Thanks.
Did you read manual? .... What? .... Read the manual.
 
oooscar
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Sun Jan 05, 2014 12:56 pm
Location: Spain
Contact:

Re: v6.46beta [testing] is released!

Thu Jul 04, 2019 9:40 pm

Hi

What was the issue here?

hotspot - fixed non-local NAT redirection to port TCP/64873

Thanks
 
server8
Member
Member
Posts: 370
Joined: Fri Apr 22, 2011 1:27 pm

Re: v6.46beta [testing] is released!

Fri Jul 05, 2019 3:00 pm

CEPT has opened from 57 to 71 GHz, in the next ros release we can hope to have more channel or che radio chipset is ilimited up to 66?
Thank you
 
alexspils
Member Candidate
Member Candidate
Posts: 174
Joined: Thu Jun 05, 2008 8:57 pm

Re: v6.46beta [testing] is released!

Fri Jul 05, 2019 5:58 pm

any chance to continue developing dude ?
 
User avatar
doneware
Trainer
Trainer
Posts: 477
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: v6.46beta [testing] is released!

Sat Jul 06, 2019 12:19 am

CEPT has opened from 57 to 71 GHz
sadly CEPT =/= local regulator
#TR0359
 
kiler129
Member Candidate
Member Candidate
Posts: 216
Joined: Tue Mar 31, 2015 4:32 pm
Contact:

Re: v6.46beta [testing] is released!

Sat Jul 06, 2019 8:35 am

...and the 5Ghz wireless is still broken on RB4011 :mrgreen:
 
TimurA
Member Candidate
Member Candidate
Posts: 112
Joined: Sat Dec 15, 2018 6:13 am
Location: Tashkent
Contact:

Re: v6.46beta [testing] is released!

Sat Jul 06, 2019 8:41 am

...and the 5Ghz wireless is still broken on RB4011 :mrgreen:
:mrgreen: :lol:
Image
 
anuser
Member
Member
Posts: 351
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.46beta [testing] is released!

Sat Jul 06, 2019 9:30 am

Wishes for 6.46:
- WinBox => CAPsMAN: Reboot button for CAPs
- Will the new wireless driver package already be available?
 
5nik
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Thu Dec 08, 2011 3:15 am
Location: Czech Republic

Re: v6.46beta [testing] is released!

Sat Jul 06, 2019 10:49 pm

Wishes for 6.46:
- WinBox => CAPsMAN: Reboot button for CAPs
Yes, I agree. It is annoying in CAPsMAN network to manual restart every AP. APs are updated automatically from CAPsMAN, and all APs have firmware autoupdate=yes, but still required additional manual restart for firmware update.
Generally, I apologise for my weak english.
 
ivicask
Member Candidate
Member Candidate
Posts: 230
Joined: Tue Jul 07, 2015 2:40 pm
Location: Croatia, Zagreb

Re: v6.46beta [testing] is released!

Sun Jul 07, 2019 10:03 pm

Wishes for 6.46:
- WinBox => CAPsMAN: Reboot button for CAPs
Yes, I agree. It is annoying in CAPsMAN network to manual restart every AP. APs are updated automatically from CAPsMAN, and all APs have firmware autoupdate=yes, but still required additional manual restart for firmware update.
+1 for that
 
User avatar
doneware
Trainer
Trainer
Posts: 477
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: v6.46beta [testing] is released!

Mon Jul 08, 2019 3:14 pm

not strictly a [testing] topic, but the routerboot changelog looks kinda deserted:

https://wiki.mikrotik.com/wiki/RouterBOOT_changelog

now since 6.3-something the routerboot numbering is according to routerOS releases, its version keep on increasing, and we (or I) don't know what has been changed, etc.
since the routerboot upgrade process requires an additional reload, i'd like to know whether it is worth doing it, or we can safely wait until the unit is restarted by something/somebody else.
#TR0359
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1137
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.46beta [testing] is released!

Mon Jul 08, 2019 7:01 pm

I do agree that its not clear at all when to upgrade the routerboot. It should be listed at every new software if some are changed or not.
And the old paged should be updated or removed.

Other example:
https://wiki.mikrotik.com/wiki/Manual:Lua
It this page valid or not???
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8280
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.46beta [testing] is released!

Mon Jul 08, 2019 7:05 pm

https://wiki.mikrotik.com/wiki/Manual:Lua
It this page valid or not???
It is:
RouterOS v4 RC1 removes Lua support indefinetly
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1137
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.46beta [testing] is released!

Mon Jul 08, 2019 8:30 pm

Then there are no need to keep the site :)
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
User avatar
null31
Member Candidate
Member Candidate
Posts: 177
Joined: Fri Dec 23, 2016 6:07 pm
Location: Brazil

Re: v6.46beta [testing] is released!

Mon Jul 08, 2019 11:56 pm

not strictly a [testing] topic, but the routerboot changelog looks kinda deserted:
https://wiki.mikrotik.com/wiki/RouterBOOT_changelog
Image

They leaved clear that wiki's page will not be updated...
But would be great to know the changes for every RBoot version, even if they are bump version.
 
filzek
just joined
Posts: 5
Joined: Wed Jul 30, 2008 8:39 am

Re: v6.46beta [testing] is released!

Tue Jul 09, 2019 7:01 am

Hi Folks,

Has been a long time since I have post here, but I need a help now!

Does mikrotik already support Openvpn with tls? This is because we need to use NORDVPN here in brazil and its a hard time doing it, so, please could you guys solve this problem to enable us to start to sell thousand of devices here by using nordvpn to override some internet problems????

Please advise @edmunds and others.
 
User avatar
Polard55
just joined
Posts: 4
Joined: Tue Jul 09, 2019 9:00 am

Re: v6.46beta [testing] is released!

Tue Jul 09, 2019 9:20 am

"ipsec - improved stability for peer initialization (introduced in v6.45);" Thanks for this Fix
 
User avatar
dash
newbie
Posts: 37
Joined: Tue Apr 28, 2015 12:05 pm

Re: v6.46beta [testing] is released!

Tue Jul 09, 2019 12:49 pm

System -> AutoUpgrade not working since 6.45.x and later.

I have set up a 'upgrade package source' in our local network. Routers trying to access this source but always end up with 'system, error, critical login failure for user xyz'.
There is no issue with 6.44 and earlier

Anyone else can repro this issue?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8280
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.46beta [testing] is released!

Tue Jul 09, 2019 1:00 pm

What's the version of the source?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 453
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.46beta [testing] is released!

Tue Jul 09, 2019 1:11 pm

dash, it will be fixed in the next beta, however you will need to have the same version on server and client (either both pre-6.45 or both post-6.45).

filzek, you can connect to NordVPN servers using IKEv2.
 
msatter
Forum Guru
Forum Guru
Posts: 1116
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.46beta [testing] is released!

Tue Jul 09, 2019 1:50 pm

Hi Folks,

Has been a long time since I have post here, but I need a help now!

Does mikrotik already support Openvpn with tls? This is because we need to use NORDVPN here in brazil and its a hard time doing it, so, please could you guys solve this problem to enable us to start to sell thousand of devices here by using nordvpn to override some internet problems????

Please advise @edmunds and others.
https://wiki.mikrotik.com/wiki/IKEv2_EA ... d_RouterOS
Two RB760iGS (hEX S) in series. One does PPPoE/IKEv2 and the other does the rest of the tasks.
Running:
RouterOS 6.46Beta / Winbox 3.19 / MikroTik APP 1.2.8
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
User avatar
dash
newbie
Posts: 37
Joined: Tue Apr 28, 2015 12:05 pm

Re: v6.46beta [testing] is released!

Wed Jul 10, 2019 3:59 pm

What's the version of the source?
Source is 6.45.1, client that tries to update is 6.44.3.
Acording to Emils comment this seems to be a known issue and will be resolved in one of the next beta versions.
thx
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 453
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.46beta [testing] is released!

Thu Jul 11, 2019 1:15 pm

Version 6.46beta9 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.46beta9 (2019-Jul-11 09:04):

Changes in this release:

*) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) ipsec - added "connection-mark" parameter for mode-config initiator;
*) ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
*) ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec - show warning for policies with "unknown" peer;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) ppp - disable DTR send when using at-chat;
*) ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
*) ssh - fixed executed command output printing (introduced in v6.45);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
*) winbox - properly show timestamp in file "Creation Time" field;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
 
User avatar
skylark
MikroTik Support
MikroTik Support
Posts: 93
Joined: Wed Feb 10, 2016 3:55 pm

Re: v6.46beta [testing] is released!

Thu Jul 11, 2019 1:22 pm

  • !) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);

To get a new authentication working, you have to do the following steps:
1) Downgrade server to one of the previous versions below v6.45;
2) Configure user password once more to get the old authentication method working;
3) Update server to the v6.46beta9;
4) Then update all the hosts to the v6.46beta9;

"auto-upgrade" feature now is working with new style authentication.
 
User avatar
eworm
Member
Member
Posts: 334
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.46beta [testing] is released!

Thu Jul 11, 2019 2:17 pm

*) ipsec - added "connection-mark" parameter for mode-config initiator;
Great, thanks a lot for this! Much appreciated.

Is any of the other ipsec changes suppose to fix my issue from Ticket#2019070222004609?
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
msatter
Forum Guru
Forum Guru
Posts: 1116
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.46beta [testing] is released!

Thu Jul 11, 2019 3:07 pm

*) ipsec - added "connection-mark" parameter for mode-config initiator (CLI only);

Thanks and I am going to test is later. I was looking where is was hidden in Winbox and could just not find it. It is for now CLI only. :-)

ip - ipsec - mode-config
Two RB760iGS (hEX S) in series. One does PPPoE/IKEv2 and the other does the rest of the tasks.
Running:
RouterOS 6.46Beta / Winbox 3.19 / MikroTik APP 1.2.8
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
mducharme
Trainer
Trainer
Posts: 783
Joined: Tue Jul 19, 2016 6:45 pm

Re: v6.46beta [testing] is released!

Thu Jul 11, 2019 10:07 pm

3) Update server to the v6.45beta9;
4) Then update all the hosts to the v6.45beta9;
Don't you mean v6.46beta9?
 
User avatar
skylark
MikroTik Support
MikroTik Support
Posts: 93
Joined: Wed Feb 10, 2016 3:55 pm

Re: v6.46beta [testing] is released!

Fri Jul 12, 2019 7:54 am

3) Update server to the v6.45beta9;
4) Then update all the hosts to the v6.45beta9;
Don't you mean v6.46beta9?
Yes, I did the necessary corrections.
 
msatter
Forum Guru
Forum Guru
Posts: 1116
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.46beta [testing] is released!

Fri Jul 12, 2019 9:53 am

Update: problem tackled with help of mkx. In the previous Beta EAP for ikev2 was made available and I needed to split all over two routers. It needed changes in Hairpin, which broke the catching traffic better be served locally.

I have an problem I can't explain with dstnat to an local address on UDP. I catch DNS requests going out to external DNS servers and I am redirecting those to a local DNS server. I have the suspicion that since late in 6.45beta something changed that does not replace local answering with the caught external address IP on the way back from the router to the client.
When I use torch then the traffic is returned from the internal DNS server to the router.

!DNSservers contains the local DNS server IP.
chain=dstnat action=dst-nat to-addresses=192.168.0.4 protocol=udp src-address-list=!DNSservers dst-port=53,123 log=no log-prefix="DNS out catch"
When I run a dig
#>dig mikrotik.com @8.8.8.8
;; reply from unexpected source: 192.168.0.4#53, expected 8.8.8.8#53
;; reply from unexpected source: 192.168.0.4#53, expected 8.8.8.8#53
;; reply from unexpected source: 192.168.0.4#53, expected 8.8.8.8#53

; <<>> DiG 9.10.8 <<>> mikrotik.com @ 8.8.8.8
;; global options: +cmd
;; connection timed out; no servers could be reached
Update: Torching the Bridge I see the traffic directly being returned from the internal DNS to the client and so skipping the router.

MANY THANKS! To mkx for helping me solving this.
Last edited by msatter on Fri Jul 12, 2019 1:12 pm, edited 6 times in total.
Two RB760iGS (hEX S) in series. One does PPPoE/IKEv2 and the other does the rest of the tasks.
Running:
RouterOS 6.46Beta / Winbox 3.19 / MikroTik APP 1.2.8
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
mkx
Forum Guru
Forum Guru
Posts: 2468
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.46beta [testing] is released!

Fri Jul 12, 2019 11:15 am

Do you have proper hair-pin NAT implemented? The single dstnat rule you've shown only does things half-way:
  1. UDP packet with dst-address=8.8.8.8 arrives at router (src-address=192.168.0.x)
  2. router uses dstnat rule to replace dst-address to dst-address=192.168.0.4 ... src-address remains set to 192.168.0.x
  3. router delivers DNS query to the internal DNS server.
  4. DNS server prepares reply for sender, which is 192.168.0.x
  5. DNS server sends reply directly as the client is on the same IP subnet (dst-address=192.168.0.x src-address=192.168.0.4)
  6. as the reply bypasses router with it's NAT engine, client receives answer with src-address=192.168.0.4 (while expecting answer from 8.8.8.8 because that's where it sent the query)

For things to properly unroll for the reply, router would have to perform additional step between steps 2 and 3 ... changing src-address to its own.

All of my explanation above is void if you have matching src-nat rule in power
/ip firewall nat
add action=src-nat chain=srcnat src-address-list=!DNSservers dst-address=192.168.0.4 to-address=192.168.0.1 
# assuming that router's address in 192.168.0.0/24 subnet is this
BR,
Metod
 
dreamind
just joined
Posts: 5
Joined: Thu Apr 18, 2013 9:15 pm

Re: v6.46beta [testing] is released!

Fri Jul 12, 2019 11:45 am

- WinBox => CAPsMAN: Reboot button for CAPs
You can currently at least use the upgrade function to trigger a reboot of the CAPs, even when there is no new RouterOS:
/caps-man remote-cap
upgrade [find]
 
lrossouw
just joined
Posts: 6
Joined: Fri Feb 08, 2013 4:44 pm
Location: Cape Town, South Africa

Re: v6.46beta [testing] is released!

Sun Jul 14, 2019 10:59 pm

*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
Seems to have fixed the display of OSPF LSAs as well as printing them via terminal.
 
Xand
just joined
Posts: 5
Joined: Fri Mar 22, 2013 12:23 pm

Re: v6.46beta [testing] is released!

Sun Jul 14, 2019 11:16 pm

*) usb - general USB modem stability improvements;
I am tethering internet from Android 9 phone to ac^2 via USB.
After upgrade USB kept disconnecting within 5-20 mins. I had to re-connect the cable to be able to turn on USB tethering on the phone.
Rollback to 6.45.1 resolved the issue.
 
dogeaterperson
just joined
Posts: 1
Joined: Mon Jul 15, 2019 6:14 pm

Re: v6.46beta [testing] is released!

Mon Jul 15, 2019 6:16 pm

Hex upgraded to 6.46beta9. When USB modem plugged in, device continuously reboots itself. Removing USB modem resolves this issue.
 
User avatar
eworm
Member
Member
Posts: 334
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.46beta [testing] is released!

Tue Jul 16, 2019 12:53 pm

*) ipsec - added "connection-mark" parameter for mode-config initiator;
Great, thanks a lot for this! Much appreciated.
This works perfectly fine! Would like to see it in a stable release as soon as possible... But I guess I have to wait for 6.46 final?
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 453
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.46beta [testing] is released!

Tue Jul 16, 2019 1:04 pm

Thanks for the feedback. We will try to add it in the 6.45.2 as well. It will also be possible to specify both the src-address-list and connection-mark parameters to form a single NAT rule. If anyone is wondering, currently an example is published here.
 
User avatar
dash
newbie
Posts: 37
Joined: Tue Apr 28, 2015 12:05 pm

Re: v6.46beta [testing] is released!

Thu Jul 18, 2019 9:41 am

dash, it will be fixed in the next beta, however you will need to have the same version on server and client (either both pre-6.45 or both post-6.45).
confirming the fix in 6.46beta9. Thx for taking care
 
chubbs596
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Fri Dec 06, 2013 6:07 pm

Re: v6.46beta [testing] is released!

Thu Jul 18, 2019 1:38 pm

Hi Guys

I have now seen an issued with DHCP server, when using a relay and adding arp
/ip dhcp-server
add add-arp=yes address-pool=vlan_10 dhcp-option-set=phones disabled=no interface=10_br name=vlan10_voice relay=255.255.255.255 src-address=172.168.17.1

The wrong arp mac-address is added for the lease, it adds the mac of the relay that sends the dhcp request.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5891
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.46beta [testing] is released!

Thu Jul 18, 2019 1:46 pm

And why it is wrong? Nexthop is the relay so MAC should be fro the relay. By the way adding ARP in relay setups is useless, since clients are not in the same broadcast domain.
 
DummyPLUG
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Wed Jan 03, 2018 10:17 am

Re: v6.46beta [testing] is released!

Thu Jul 18, 2019 10:09 pm

not strictly a [testing] topic, but the routerboot changelog looks kinda deserted:
https://wiki.mikrotik.com/wiki/RouterBOOT_changelog
Image

They leaved clear that wiki's page will not be updated...
But would be great to know the changes for every RBoot version, even if they are bump version.
And I still don't understand why Rboot bump to the same version as firmware everytime, why not separate them
 
msatter
Forum Guru
Forum Guru
Posts: 1116
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.46beta [testing] is released!

Thu Jul 18, 2019 10:51 pm

Thanks for the feedback. We will try to add it in the 6.45.2 as well. It will also be possible to specify both the src-address-list and connection-mark parameters to form a single NAT rule. If anyone is wondering, currently an example is published here.
New question about IKEv2 and re-keying. Using PureVPN each DNS resolved server has an TTL time of 120 seconds. So every 120 seconds the connection get a new ike2 SA despite the other timeouts are much longer.

So bypassing this, I could use an IP fixed address instead of a domain name or use my own DNS server to change the short TTL of the resolved domain a longer one.

It would be nice if the TTL of the resolved domain could be ignored in the settings of IKEv2.
Two RB760iGS (hEX S) in series. One does PPPoE/IKEv2 and the other does the rest of the tasks.
Running:
RouterOS 6.46Beta / Winbox 3.19 / MikroTik APP 1.2.8
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
mkx
Forum Guru
Forum Guru
Posts: 2468
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.46beta [testing] is released!

Thu Jul 18, 2019 10:57 pm

It would be nice if the TTL of the resolved domain could be ignored in the settings of IKEv2.
TTL in DNS system is there with a reason. Every sane DNS admin will have loong TTLs when changes are not expected. So when TTL is short, it shouldn't be overriden, could be that IP address will really change in next TTL time frame ....
BR,
Metod
 
msatter
Forum Guru
Forum Guru
Posts: 1116
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.46beta [testing] is released!

Fri Jul 19, 2019 12:31 pm

I get every 120 seconds a new IP and rebuild of the IKEv2 connection. This is interupting traffic and makes browsing a waiting game for pages..if it even arrive.

I understand that they are using TTL this way to spread users over the servers. However it spoils it for me and I have now fixed the IP address and rekeying can now take place after the set time.
Two RB760iGS (hEX S) in series. One does PPPoE/IKEv2 and the other does the rest of the tasks.
Running:
RouterOS 6.46Beta / Winbox 3.19 / MikroTik APP 1.2.8
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
mkx
Forum Guru
Forum Guru
Posts: 2468
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.46beta [testing] is released!

Fri Jul 19, 2019 1:21 pm

I understand that they are using TTL this way to spread users over the servers.

Using short TTL for load-sharing is abuse of DNS TTL. This kind of load sharing should be done by adding multiple A records to same FQDM and let DNS round-robin mechanism to spread the load.

I understand that it's out of your control and I'd be frustrated as well. I'm just not sure if ignoring DNS TTL is the way to go (even if it would be non-default setting, there will be users getting bitten by this).
BR,
Metod

Who is online

Users browsing this forum: No registered users and 7 guests