Community discussions

MUM Europe 2020
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 559
Joined: Thu Dec 11, 2014 8:53 am

v6.46.2 [stable] is released!

Thu Jan 16, 2020 2:54 pm

RouterOS version 6.46.2 has been released in public "stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.46.2 (2020-Jan-14 07:17):

*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - prevent "flash" directory from being removed (introduced in v6.46);
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) defconf - fixed "caps-mode" not initialized properly after resetting;
*) defconf - fixed default configuration loading on RBwAPG-60adkit (introduced in v6.46);
*) lora - fixed packet sending when using "antenna-gain" higher than 5dB;
*) lte - fixed "cell-monitor" on R11e-LTE in 3G mode;
*) lte - fixed "earfcn" reporting on R11e-LTE6 in UMTS and GSM modes;
*) lte - report only valid info parameters on R11e-LTE6;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) security - fixed vulnerability for routers with default password (limited to Wireless Wire), admin could login on startup with empty password before default configuration script was fully loaded;
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) system - fixed "check-installation" on PowerPC devices (introduced in v6.46);
*) traffic-generator - improved memory handling on CHR;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - fixed "skins" saving to "flash" directory if it exists (introduced in v6.46);
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - fixed "Default Route Distance" default value when creating new LTE APN;
*) winbox - removed duplicate "join-eui" and "dev-eui" parameters under "Lora/Traffic";

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.
 
User avatar
SiB
Member
Member
Posts: 443
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: v6.46.2 [stable] is released!

Thu Jan 16, 2020 3:44 pm

Previous: v6.46.1 [stable] is released!
viewtopic.php?f=21&t=154848
MTCNA + MTCRE + MTCINE | ~600 users at ~150 RouterBoards in EMEA | Telegram: @SiB_PL
WinBox Tip: F6 works as ALT+TAB | Gliffy.com - free network schematic | prnt.sc - free ScreenShot software
I will be at MUMEUROPE Prague on 26-27 march 2020
 
Kindis
Member Candidate
Member Candidate
Posts: 264
Joined: Tue Nov 01, 2011 6:54 pm

Re: v6.46.2 [stable] is released!

Thu Jan 16, 2020 4:02 pm

*) security - fixed vulnerability for routers with default password (limited to Wireless Wire), admin could login on startup with empty password before default configuration script was fully loaded;
Don't forget to update the Security blog. During writing this the blog has not been updated.
 
leonardogyn
just joined
Posts: 7
Joined: Wed Dec 04, 2019 4:47 pm

Re: v6.46.2 [stable] is released!

Thu Jan 16, 2020 4:09 pm

skins seems to be finally working again on RB750Gr3 devices. It was faulty on 6.46 and 6.64.1. Tested now and everything seems fine.
 
LeftyTs
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Nov 03, 2016 2:39 am
Location: Athens, Greece
Contact:

Re: v6.46.2 [stable] is released!

Thu Jan 16, 2020 10:15 pm

[admin@switch] > sy pa up do
            channel: stable
  installed-version: 6.46.1
     latest-version: 6.46.2
             status: Downloaded, please reboot router to upgrade it

[admin@switch] > file print
 # NAME                                           TYPE                                                SIZE CREATION-TIME
 0 skins                                          directory                                                jan/01/1970 02:00:09
Nothing seems to download in quite a few MT devices
 
User avatar
macsrwe
Forum Veteran
Forum Veteran
Posts: 756
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: v6.46.2 [stable] is released!

Thu Jan 16, 2020 10:45 pm

Have not yet fixed bug introduced in 6.46 that broke /system upgrade refresh ?
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 559
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.46.2 [stable] is released!

Fri Jan 17, 2020 8:58 am

LeftyTs, the downloaded files are no longer visible in /files section when using Package Updater. You can still reboot the device and it will upgrade. Or use /sys pac upd cancel to free the storage.
 
sindy
Forum Guru
Forum Guru
Posts: 4220
Joined: Mon Dec 04, 2017 9:19 pm

Re: v6.46.2 [stable] is released!

Fri Jan 17, 2020 11:41 am

the downloaded files are no longer visible in /files section when using Package Updater
Is MikroTīkls transforming into MikroĀbols or what is the motivation of introducing hidden files?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1579
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: v6.46.2 [stable] is released!

Fri Jan 17, 2020 12:17 pm

LeftyTs, the downloaded files are no longer visible in /files section when using Package Updater. You can still reboot the device and it will upgrade. Or use /sys pac upd cancel to free the storage.

Is this mentioned in the change details? Documented in Wiki?
MTCNA, MTCTCE, MTCRE & MTCINE
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 559
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.46.2 [stable] is released!

Fri Jan 17, 2020 12:33 pm

Yes, it was under 6.46. Although not particularly mentioning that files are now hidden. There were a few improvements in package updater.

*) upgrade - improved auto package updating using "check-for-updates";

System files have always been hidden / not accessible for a user in RouterOS. Packages are now following the same principle.
 
nmt1900
newbie
Posts: 38
Joined: Wed Feb 01, 2017 12:36 am

Re: v6.46.2 [stable] is released!

Fri Jan 17, 2020 4:00 pm

System files have always been hidden / not accessible for a user in RouterOS. Packages are now following the same principle.
About this... does manual upgrade/downgrade (uploading files + reboot) work as before?
 
nexusds
just joined
Posts: 6
Joined: Fri Aug 16, 2019 6:51 am

Re: v6.46.2 [stable] is released!

Fri Jan 17, 2020 7:11 pm

anyone else notice Tile units CPU temperature go much higher after this update?

NVM - was a coincidence with a maintenance on environments
Last edited by nexusds on Fri Jan 17, 2020 10:36 pm, edited 1 time in total.
 
notToNew
Member Candidate
Member Candidate
Posts: 156
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.46.2 [stable] is released!

Fri Jan 17, 2020 7:50 pm

ignore
Last edited by notToNew on Fri Jan 17, 2020 7:52 pm, edited 2 times in total.
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
notToNew
Member Candidate
Member Candidate
Posts: 156
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.46.2 [stable] is released!

Fri Jan 17, 2020 7:51 pm

Ignore
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
eddieb
Member Candidate
Member Candidate
Posts: 153
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: v6.46.2 [stable] is released!

Sat Jan 18, 2020 10:30 am

updating to 6.46.2 went smooth ... from 6.46.1 to 6.46.2 done thru the dude ;-)
No problems so far
Running 6.46.2 (stable) on :
CCR1009-8G-1S (2x ipsec/l2tp site-to-site, ipsec/l2tp roadwarrior, dhcpd, dns), CRS125-24G-1S, RB1100, RB962UiGS-5HacT2HnT (10pc), RB931-2nD, RB951, RB750GL ,RB2011UAS-RM, CHR running dude (CHR running in VirtualBox on OSX)
 
User avatar
nichky
Long time Member
Long time Member
Posts: 546
Joined: Tue Jun 23, 2015 2:35 pm

Re: v6.46.2 [stable] is released!

Sat Jan 18, 2020 12:49 pm

Yes, it was under 6.46. Although not particularly mentioning that files are now hidden. There were a few improvements in package updater.



Maybe you need to give us more description regarding your changing. if you didn't give us more info about downloaded files,from here can we get that?


*) upgrade - improved auto package updating using "check-for-updates";

System files have always been hidden / not accessible for a user in RouterOS. Packages are now following the same principle.
Nikola Suminoski
MikroTik Consultan
MTCRE l MTCWE

!) Safe Mode is your friend;
 
pe1chl
Forum Guru
Forum Guru
Posts: 6227
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.46.2 [stable] is released!

Sat Jan 18, 2020 1:33 pm

System files have always been hidden / not accessible for a user in RouterOS. Packages are now following the same principle.
That is just plain silly!
Now when I check for new version and click Download, or after uploading files using FTP, I cannot even check if the files were loaded completely before doing a reboot!
Please undo this change, it serves no useful purpose and has many disadvantages.
 
r00t
Member Candidate
Member Candidate
Posts: 278
Joined: Tue Nov 28, 2017 2:14 am

Re: v6.46.2 [stable] is released!

Sat Jan 18, 2020 5:56 pm

System files have always been hidden / not accessible for a user in RouterOS. Packages are now following the same principle.
This is very bad idea! It's extremely important to check that all required packages were downloaded correctly before update. Missing packages may result in completely inaccessible router.
Packages are not some sensitive "system files", you can download them from Mikrotik website and they are digitally signed. I don't see any security reason to do this, they are protected enough already.
 
ktcomgrup
just joined
Posts: 13
Joined: Sat Nov 07, 2009 9:07 pm

Re: v6.46.2 [stable] is released!

Sun Jan 19, 2020 12:51 am

Since 6.45.5 pop up login page for hotspot is not working anymore. 6.44.6 long term working.
Mikrotik please solve this bug.
Look at the posts below:

viewtopic.php?f=2&t=154193&p=770642#p770642
viewtopic.php?t=152528
viewtopic.php?f=2&t=151531&p=770637#p770637
viewtopic.php?f=2&t=152449&p=770638#p770638
viewtopic.php?t=150842
 
User avatar
macsrwe
Forum Veteran
Forum Veteran
Posts: 756
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: v6.46.2 [stable] is released!

Sun Jan 19, 2020 1:01 am

System files have always been hidden / not accessible for a user in RouterOS. Packages are now following the same principle.
That is just plain silly!
Now when I check for new version and click Download, or after uploading files using FTP, I cannot even check if the files were loaded completely before doing a reboot!
Please undo this change, it serves no useful purpose and has many disadvantages.

Agreed. Our network runs a complicated script to automatically upgrade units only to releases that have passed our testing and been made available on an internal server. The script takes pains to ensure that all files have been downloaded completely before automatically rebooting. Now it appears that you have introduced an unadvertised change that will cause the script to fail. (Ironically, this is a second order effect, because at the same time you also broke /system upgrade entirely so that they cannot even begin to execute.) This change has no obvious benefit to users, while actively impeding them (both scripts and humans) from ensuring that an upgrade Is complete and correct before installation reboot.

Please revert this change.
 
anav
Forum Guru
Forum Guru
Posts: 3209
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: v6.46.2 [stable] is released!

Sun Jan 19, 2020 6:24 pm

Upgraded RB450Gx4 and two CapACs with no issues thus far.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
rudykern
just joined
Posts: 11
Joined: Sat Feb 16, 2013 5:24 pm

Re: v6.46.2 [stable] is released!

Sun Jan 19, 2020 7:52 pm

Although the skins now work, the landing page remains broken. Still reverts back to generic MikroTik login page removing our custom landing page
 
XaTTa6bl4
just joined
Posts: 17
Joined: Wed Dec 16, 2015 10:53 pm

Re: v6.46.2 [stable] is released!

Sun Jan 19, 2020 11:09 pm

System files have always been hidden / not accessible for a user in RouterOS. Packages are now following the same principle.
That is just plain silly!
Now when I check for new version and click Download, or after uploading files using FTP, I cannot even check if the files were loaded completely before doing a reboot!
Please undo this change, it serves no useful purpose and has many disadvantages.

Agreed. Our network runs a complicated script to automatically upgrade units only to releases that have passed our testing and been made available on an internal server. The script takes pains to ensure that all files have been downloaded completely before automatically rebooting. Now it appears that you have introduced an unadvertised change that will cause the script to fail. (Ironically, this is a second order effect, because at the same time you also broke /system upgrade entirely so that they cannot even begin to execute.) This change has no obvious benefit to users, while actively impeding them (both scripts and humans) from ensuring that an upgrade Is complete and correct before installation reboot.

Please revert this change.
+++ I totally agree with pe1chl, macsrwe and r00t. Please revert it back!
 
schadom
Member Candidate
Member Candidate
Posts: 148
Joined: Sun Jun 25, 2017 2:47 am
Location: Austria

Re: v6.46.2 [stable] is released!

Mon Jan 20, 2020 3:30 am

Looks like something has been changed with the SNMP MIKROTIK-MIB / IF-MIBs too. Starting with v6.46.x, combo interfaces are not visible within Observium monitoring anymore. Could you please update http://download2.mikrotik.com/Mikrotik.mib?
mikrotikExperimentalModule MODULE-IDENTITY
  LAST-UPDATED "201807310000Z"
  REVISION "201807310000Z"
Thanks
 
User avatar
karlisi
Member Candidate
Member Candidate
Posts: 282
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: v6.46.2 [stable] is released!

Mon Jan 20, 2020 11:15 am

System files have always been hidden / not accessible for a user in RouterOS. Packages are now following the same principle.
Please undo this change, it serves no useful purpose and has many disadvantages.
Please revert this change.
+++ I totally agree with pe1chl, macsrwe and r00t. Please revert it back!
Agree. Please revert it back.
---
Karlis
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24418
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.46.2 [stable] is released!

Mon Jan 20, 2020 11:33 am

Can anyone post reasonable reason why it's important?
Verification that file is downloaded is plain strange. If you don't trust the auto-upgrade mechanism, use Fetch, or use other more reliable ways.
No answer to your question? How to write posts
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Posts: 925
Joined: Tue Oct 11, 2005 4:53 pm

Re: v6.46.2 [stable] is released!

Mon Jan 20, 2020 11:57 am

System files have always been hidden / not accessible for a user in RouterOS. Packages are now following the same principle.
That is just plain silly!
Now when I check for new version and click Download, or after uploading files using FTP, I cannot even check if the files were loaded completely before doing a reboot!
Please undo this change, it serves no useful purpose and has many disadvantages.
+1
 
User avatar
Cha0s
Forum Veteran
Forum Veteran
Posts: 925
Joined: Tue Oct 11, 2005 4:53 pm

Re: v6.46.2 [stable] is released!

Mon Jan 20, 2020 11:59 am

or use other more reliable ways.
Or just revert it back to how it was...
 
pe1chl
Forum Guru
Forum Guru
Posts: 6227
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.46.2 [stable] is released!

Mon Jan 20, 2020 12:08 pm

Can anyone post reasonable reason why it's important?
Verification that file is downloaded is plain strange. If you don't trust the auto-upgrade mechanism, use Fetch, or use other more reliable ways.
For one, it is not a good thing that there can be files in the user visible Files area that are hidden. You wrote before that system files always were hidden, but they do not exist in that same directory, don't they? The location of the system files is different from the user files area.
I have never observed before that a file uploaded to the Files area was not visible after that. What other extensions have always been hidden?

I do not always use auto-upgrade or fetch. Sometimes I just get the files from the mikrotik.com download section, collecting the main package and some optional packages, then I FTP the whole thing to the router and reboot. This is in fact the only way to add one or more optional packages. Of course after doing the FTP I first list the Files section to see if it all went well. Our network sometimes can be slow and unreliable, and the transfer may fail. That now does not work anymore, I checked, so I cannot check if all files were transferred.

Also, I do not like the idea that there may be packages in the Files area that are invisible and that will magically get installed the next time I do a reboot.
Maybe some hacker is able to upload them and they will be unnoticed until the next reboot. I know it should be impossible to have rogue packages, but this whole thing was started when that turned out not to be completely true, right?

Finally, I do not understand the purpose of this particular change. Please explain in detail how hiding the package files from the directory listing is having any effect at all on security.
 
LeftyTs
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Nov 03, 2016 2:39 am
Location: Athens, Greece
Contact:

Re: v6.46.2 [stable] is released!

Mon Jan 20, 2020 1:18 pm

System files have always been hidden / not accessible for a user in RouterOS. Packages are now following the same principle.
Please undo this change, it serves no useful purpose and has many disadvantages.
Please revert this change.
+++ I totally agree with pe1chl, macsrwe and r00t. Please revert it back!
Agree. Please revert it back.
++++++++++
 
msatter
Forum Guru
Forum Guru
Posts: 1379
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.46.2 [stable] is released!

Mon Jan 20, 2020 1:33 pm

I noticed also that the upgrade files are not shown any more. It is strange that they are hidden from the user now, the files are not secret and can be also downloaded manually in other ways.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46.x / Winbox 3.21 / MikroTik APP 1.3.10
Android device owners, use https://github.com/M66B/NetGuard/releases (no root required)
 
nje431
newbie
Posts: 42
Joined: Tue Sep 10, 2013 5:17 pm

Re: v6.46.2 [stable] is released!

Mon Jan 20, 2020 2:58 pm

Can anyone post reasonable reason why it's important?
Verification that file is downloaded is plain strange. If you don't trust the auto-upgrade mechanism, use Fetch, or use other more reliable ways.
I'll turn the question around, could you provide a good reason why they should to be hidden? I'm not seeing it. One of the things I like about Mikrotik, is the control it gives me. This just obscures that control.
 
User avatar
macsrwe
Forum Veteran
Forum Veteran
Posts: 756
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: v6.46.2 [stable] is released!

Mon Jan 20, 2020 3:07 pm

Can anyone post reasonable reason why it's important?
Verification that file is downloaded is plain strange. If you don't trust the auto-upgrade mechanism, use Fetch, or use other more reliable ways.
Certainly.

1) Auto-upgrade mechanism can fail if path between router and the file repository is broken due to another router upgrading itself a short period prior and rebooting, or for any other reason path has temporary problems. If all packages did not load completely, a reboot is inadvisable. Our scripts check this and do not reboot if the downloads were not successful. Note that standard MikroTik auto-upgrade mechanism does NOT do this; on a broken connection, it will download whatever portion was successful and then reboot anyway. (At least this is the state it was in when we decided we needed to write our own scripts, I have not followed what if anything is fixed since.)

2) Consider MikroTik's own change of several releases ago, when suddenly security module was newly dependent on dhcp module. Routers on our network other than CPEs never needed dhcp previously, now it had to be added. Auto-upgrade feature was useless in this case, upgrades had to be done by hand, which means knowing which packages were already loaded on the router and which still needed to be loaded. If the packages had been gratuitously hidden, this undertaking would have been unnecessarily made several times harder, like working in a darkroom.

3) If actual upgrade at reboot fails (due to missing packages or whatever), how does the admin know what packages are leftover in Files, and how does he remove them if Files is going to pretend to him that they don't exist?

Now it is your turn, to explain what possible security is enhanced by hiding files we put on the router ourselves, that have never been hidden before. I feel this is a grave mistake.
 
User avatar
karlisi
Member Candidate
Member Candidate
Posts: 282
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: v6.46.2 [stable] is released!

Mon Jan 20, 2020 4:12 pm

Can anyone post reasonable reason why it's important?
Because such changes (non-cosmetic, without clear reason) are introduced without warning. BTW there is unmet side effect. Usually after ROS upgrade I uploaded additional packages to CAPsMAN for another platforms, to remote upgrade CAPs, storing them in file root. Till now these packages survived reboots, now they are gone. Sure, will store them in subfolders (should I mention the "easy" way to create folders in RouterOS?). And, I am sure, no word in changelog about this "improvement" when stable will turn in long-term :?
---
Karlis
 
User avatar
karlisi
Member Candidate
Member Candidate
Posts: 282
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: v6.46.2 [stable] is released!

Mon Jan 20, 2020 4:16 pm

3) If actual upgrade at reboot fails (due to missing packages or whatever), how does the admin know what packages are leftover in Files, and how does he remove them if Files is going to pretend to him that they don't exist?
There will be no leftovers, on reboot they delete all npk files in file root. Only these in subfolders will be intact.
---
Karlis
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1070
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: v6.46.2 [stable] is released!

Mon Jan 20, 2020 5:32 pm

Can anyone post reasonable reason why it's important? Verification that file is downloaded is plain strange.

It breaks the user experience "feedback" expected in the GUI. If I drag'n drop a file into the Files menu, I expect to see something present after the upload progress bar.
 
r00t
Member Candidate
Member Candidate
Posts: 278
Joined: Tue Nov 28, 2017 2:14 am

Re: v6.46.2 [stable] is released!

Mon Jan 20, 2020 6:22 pm

Can anyone post reasonable reason why it's important?
Verification that file is downloaded is plain strange. If you don't trust the auto-upgrade mechanism, use Fetch, or use other more reliable ways.
On any device where reliability is important, auto-update can't be trusted. It will happily download incomplete packages, leave some missing and then just update system. If your access depends on some package that doesn't get installed for some reason, like wireless, you are screwed. If it's just an CPE or SOHO router, you have to annoy the customer and you have to invest your time to fix it. But it could be far worse if it's antenna somewhere up on tower where you can't just go and hold the reset button. You may need permit to do so, or special equipment or just have to wait for better weather.
Years ago we still had backup solution: Almost every routerboard came with serial console port, it was possible to use it to run netinstall remotely by changing boot device. Used to connect different site routers together so one can recover the other over serial, if things go wrong. But not anymore! You completely phased out console access (even if device does have TTL UART pins, there is no bootloader or spawn console you can access... stupid!) and there is no replacement. USB? Useless if ROS doesn't boot correctly! Your competition starting with U at least have POE with remote reset button that mostly works. But for Mikrotik, if you want to access netinstall, YOU HAVE TO physically hold the button on the device. There is no way around this, unless the flash is so broken it will not even try to load ROS kernel. So when updating any Mikrotik device that is hardly accessible, usual process is to upload NPKs to it, then download them back and compare checksums to make sure all files are there before device reboot.
Making NPK files invisible is completely stupid even just from GUI perspective: User wants to see the file on router when uploaded. This is the only confirmation he gets that file was uploaded correctly. Without this, it's easy to assume something went wrong and to try uploading NPKs over and over again, possibly filling disk or causing total mess (different NPKs present, bundled vs. unbundled packages, multiple versions...).
Worst thing is you then really don't know what will happen on router reboot. Are there any invisible packages waiting for install? If there are multiple admins working on same devices, it's easy for one to upload packages and forget to reboot the device. Then the other guy will upload different set of packages later, maybe different ROS version that was released and you get total mess you can't even see.
By not seeing the NPK files that will be updated and run on router reboot, you have lost control over your router. You don't know what files auto-update actually downloaded and what will happen on next reboot. If there ever is some exploit in NPK handling or auto-update in general, this will result in total carnage... and this stupid "npk hiding feature" only brings it closer.
 
nolat23
just joined
Posts: 2
Joined: Thu Jan 02, 2020 8:47 pm

Re: v6.46.2 [stable] is released!

Mon Jan 20, 2020 9:05 pm

I also use scripts to configure my routers for the first time before they are sent out into the field.
This includes updating RouterOS and the routerboard firmware.
In my opinion anything that obscures the state of the device from a script
(mikrotik script or something like expect) is a step in the wrong direction.

Having the power to do this kind of automation at the price point mikrotik provides is
a big reason why we use mikrotik hardware in the first place. RouterOS is extremely flexible
and has a lot of different ways to approach a problem like automation. but if every minor release
introduces road blocks to that it has the effect of discouraging doing the automation in the first place
and it also reduces confidence in upgrading to a new release on the "stable" branch.

I haven't dug into the API yet as the command line gives me a lot of power on its own but I get the
feeling that MikroTik loves in house closed source tools for management. I think a more open source friendly
approach for management tools would also make RouterOS more popular in the long run.

I really like mac-telnet for example, but I can't use an open source implementation of it because the auth mechanism changed
a while back. Instead I have to log into another mikrotik and use mac-telnet from inside of it to get things done.
That's a workable solution but it still feels like having to jump through hoops.

I'm just pointing out where I think there could be some extra polish. RouterOS looks pretty good to me so far
I just think with polish it could be attractive to an even wider market than it has now.
 
Paternot
Long time Member
Long time Member
Posts: 614
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v6.46.2 [stable] is released!

Mon Jan 20, 2020 10:20 pm

Can anyone post reasonable reason why it's important?
Verification that file is downloaded is plain strange. If you don't trust the auto-upgrade mechanism, use Fetch, or use other more reliable ways.
Imagine that I sent the wrong upgrade package, and want to remove it. How? I can't boot the router - it will install it!

Nevermind the usability nightmare: we no longer can visually verify that we sent the right one, and that isn't corrupted.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1424
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.46.2 [stable] is released!

Tue Jan 21, 2020 9:38 am

RouterOS packages are downloaded to a separate directory and then used for upgrade/downgrade purposes on reboot. This is done in order to avoid situations when you have some old .npk packages on your router from other RouterOS versions and/or architectures.

If you do make some kind of package checks on your router, then we recommend that you use a fetch tool instead.

With these commands you can get the latest version and use it within a fetch tool script afterward:

/system package update check-for-updates
:local v [/system package update get latest-version ]
 
ofer
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Wed May 23, 2018 11:45 am

Re: v6.46.2 [stable] is released!

Tue Jan 21, 2020 9:43 am

Updated 3xHap AC from 6.46.1 -> 6.46.2 - Seems to be without issues
Updated 3xHap AC Lite from 6.46.1 -> 6.46.2 - Caps master/slaves are functioning there were no issues with update

Thanks!
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5965
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.46.2 [stable] is released!

Tue Jan 21, 2020 9:52 am

Sometimes I just get the files from the mikrotik.com download section, collecting the main package and some optional packages, then I FTP the whole thing to the router and reboot. This is in fact the only way to add one or more optional packages. Of course after doing the FTP I first list the Files section to see if it all went well. Our network sometimes can be slow and unreliable, and the transfer may fail. That now does not work anymore, I checked, so I cannot check if all files were transferred.
:?:

File uploaded by FTP is visible in files section
[admin@3p_DUT_Audience] /file> print 
 # NAME                    TYPE                         SIZE CREATION-TIME       
..
18 routeros-7.0beta4-ar... package                   11.3MiB jan/21/2020 09:48:50
..
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24418
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.46.2 [stable] is released!

Tue Jan 21, 2020 9:52 am

"looking" at the file in an FTP client does not in any way prove that file was correctly tranferred. It's a useless step.
Please see suggested solution by @strods above.
No answer to your question? How to write posts
 
User avatar
eworm
Member
Member
Posts: 470
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.46.2 [stable] is released!

Tue Jan 21, 2020 10:34 am

In the past I suffered a missing wireless package on wAP LTE after update due to bad LTE connection at least twice.
Thus I created the script packages-update. It requires global functions, so follow the installation instructions first. Intermittently this script has some extra functionality, like doing backup before reboot (extra scripts from repository required) or schedule reboot at night.
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
pe1chl
Forum Guru
Forum Guru
Posts: 6227
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.46.2 [stable] is released!

Tue Jan 21, 2020 11:47 am

Sometimes I just get the files from the mikrotik.com download section, collecting the main package and some optional packages, then I FTP the whole thing to the router and reboot. This is in fact the only way to add one or more optional packages. Of course after doing the FTP I first list the Files section to see if it all went well. Our network sometimes can be slow and unreliable, and the transfer may fail. That now does not work anymore, I checked, so I cannot check if all files were transferred.
:?:

File uploaded by FTP is visible in files section
[admin@3p_DUT_Audience] /file> print 
 # NAME                    TYPE                         SIZE CREATION-TIME       
..
18 routeros-7.0beta4-ar... package                   11.3MiB jan/21/2020 09:48:50
..
Ok I checked that by taking a test router which was updated to 6.46.2 and switching it to "testing" channel and then checking for new version. Then I clicked Download and nothing was visible, then I switched back to "stable" channel but I realized that there now was nothing I can do to avoid installation of this testing version on the next reboot!
Fortunately it was one of those newfangled devices with only 16MB flash, so I simply powercycled it. Had it been a classic model I guess there was nothing I can do to get rid of this timebomb.
(powercycling it would do nothing, and a reboot command would install the testing version)

Now I understand that the files are not really "hidden" but they simply are downloaded somewhere else.
Is the router automatically cleaning up that location before a new download is done? So when I decide not to reboot after the Download, will it clean up before the next Download is done or will there be two new versions in the directory then?
And how is this working? Is the router first checking the secret download location, and when nothing is there still checking the user-visible location where FTP stores the files?
Why was there not simply a new folder in the user-visible location (like "update") where the router downloads updates when made by the package command and which it could clean the same way?
Then at least we can observe what is going on...
 
User avatar
eworm
Member
Member
Posts: 470
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.46.2 [stable] is released!

Tue Jan 21, 2020 11:53 am

Ok I checked that by taking a test router which was updated to 6.46.2 and switching it to "testing" channel and then checking for new version. Then I clicked Download and nothing was visible, then I switched back to "stable" channel but I realized that there now was nothing I can do to avoid installation of this testing version on the next reboot!
emils wrote that
/sys pac upd cancel
frees the storage. Possibly the same happens when channel is switched?
Would make sense at least.
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
renatr
just joined
Posts: 1
Joined: Tue Jan 21, 2020 1:01 pm

Re: v6.46.2 [stable] is released!

Tue Jan 21, 2020 1:05 pm

detect one problem of all mikrotik device, after update:

"DCHP lease time" parameter arbitrarily changed its value 10 min ( 10:00)

its NORMAL?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8341
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.46.2 [stable] is released!

Tue Jan 21, 2020 1:53 pm

detect one problem of all mikrotik device, after update:

"DCHP lease time" parameter arbitrarily changed its value 10 min ( 10:00)

its NORMAL?
What it was before the upgrade? 10 minutes is default value.
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6227
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.46.2 [stable] is released!

Tue Jan 21, 2020 1:55 pm

detect one problem of all mikrotik device, after update:

"DCHP lease time" parameter arbitrarily changed its value 10 min ( 10:00)

its NORMAL?
Maybe you had it set lower than that? This often causes problems.
In our routers it was set to 7d or 14d and it has remained the same.
 
R1st0
just joined
Posts: 7
Joined: Wed Feb 14, 2018 10:08 am

Re: v6.46.2 [stable] is released!

Tue Jan 21, 2020 3:40 pm

SNMP related problem with CRS328-4C-20S-4S+ and combo ports. If combo ports´ copper port is used SNMP shows notPresent(6) although copper port is physically up and traffic flows.

/interface ethernet> monitor combo3
name: combo3
status: link-ok
auto-negotiation: done
rate: 100Mbps
full-duplex: yes
tx-flow-control: no
rx-flow-control: no
advertising: 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
link-partner-advertising: 10M-half,10M-full,100M-half,100M-full
combo-state: copper
sfp-module-present: no
------------------------------------------------------------------------------------------------
IF-MIB::ifDescr.23 = STRING: combo3
IF-MIB::ifOperStatus.23 = INTEGER: notPresent(6)

When I plug SFP in combo3 and use the copper port, then correct port status is reported. Correct status is also reported when only combo´s SFP port is used.
 
User avatar
omidkosari
Trainer
Trainer
Posts: 628
Joined: Fri Sep 01, 2006 4:18 pm
Location: Iran , Karaj
Contact:

Re: v6.46.2 [stable] is released!

Tue Jan 21, 2020 7:29 pm

Can anyone confirm that PPPOE SERVER on CCR with more than 2000 active sessions works fine on this version ?
Any feedback appreciated.
MTCNA , MTCRE, MTCWE, Mikrotik Certified Trainer
 
schadom
Member Candidate
Member Candidate
Posts: 148
Joined: Sun Jun 25, 2017 2:47 am
Location: Austria

Re: v6.46.2 [stable] is released!

Wed Jan 22, 2020 12:25 am

SNMP related problem with CRS328-4C-20S-4S+ and combo ports. If combo ports´ copper port is used SNMP shows notPresent(6) although copper port is physically up and traffic flows.
...
When I plug SFP in combo3 and use the copper port, then correct port status is reported. Correct status is also reported when only combo´s SFP port is used.

I can confirm this issue on a CCR1009-7G-1C-1S+ running on v6.46.2.
We already wondered why all combo's using the copper port all of a sudden disappeared in Observium monitoring.

Output from /interface ethernet monitor combo1:
/interface ethernet monitor combo1 
                        ;;; # Transit Provider A
                      name: combo1
                    status: link-ok
          auto-negotiation: done
                      rate: 1Gbps
               full-duplex: yes
           tx-flow-control: no
           rx-flow-control: no
               advertising: 10M-full,100M-full,1000M-full
  link-partner-advertising: 10M-full,100M-full,1000M-full
               combo-state: copper
        sfp-module-present: no
Output from snmpwalk:
iso.3.6.1.2.1.2.2.1.2.2 = STRING: "combo1"
iso.3.6.1.2.1.2.2.1.8.2 = INTEGER: 6 <--- ifOperStatus:notPresent(6) , but should be up(1) 
 
User avatar
macsrwe
Forum Veteran
Forum Veteran
Posts: 756
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: v6.46.2 [stable] is released!

Wed Jan 22, 2020 3:49 am

Ok I checked that by taking a test router which was updated to 6.46.2 and switching it to "testing" channel and then checking for new version. Then I clicked Download and nothing was visible, then I switched back to "stable" channel but I realized that there now was nothing I can do to avoid installation of this testing version on the next reboot!
emils wrote that
/sys pac upd cancel
frees the storage. Possibly the same happens when channel is switched?
Would make sense at least.

Whatever. This is needless and (so far) unjustified complication.

MikroTik has been asked point blank to justify this change by citing any advantage at all, and they have completely avoided answering the question. Certainly they cannot justify it on the basis of user demand, because I have seen no one demand it.

For years, MikroTik has continued to argue from the position that updating your network from their repositories without taking the time to perform your own testing is perfectly safe, despite history to the contrary... to the point of incrementally breaking every update alternative in RouterOS other than /system package update, which does exactly this.

(If you take the time to test a release anyway, odds are great that it will have been superseded at the central repository by the time your testing is done).

It is already hard enough to administer routers safely when they are not intentionally hiding basic information from you. This change is an armed booby trap for router admins.
 
EdPa
MikroTik Support
MikroTik Support
Posts: 51
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

Re: v6.46.2 [stable] is released!

Wed Jan 22, 2020 8:50 am

Thanks @schadom, @R1st0.
We will try to fix SNMP reporting for combo interfaces in the next RouterOS version.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6227
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.46.2 [stable] is released!

Wed Jan 22, 2020 12:08 pm

MikroTik has been asked point blank to justify this change by citing any advantage at all, and they have completely avoided answering the question. Certainly they cannot justify it on the basis of user demand, because I have seen no one demand it.
On the other hand there has been demand for a feature to automatically update RouterOS in case of vulnerabilities, preferably enabled by default and using a separate channel that only updates when there is a real reason to do so, not just track the "stable" release. Of course the sysop can disable it when he does not like this and wants to take the responsability to update, but at least all the careless users that never update their router will remain safe.

However, that has still not been implemented, even after many incidents that required immediate update to remain safe and many many routers that have not been updated for years.

The strange thing is that routers can sometimes (not always) be found to regularly connect the upgrade server, even when all IP cloud features are turned off.
They then only retrieve the "latest version" file. When I first observed that, my suspicion was that this was some secret feature that would force an update when the version info contains some special string that says "hey it is critical that you install this update!". But I have never seen that actually happen.
It would be great when that actually worked on out-of-the-box routers, especially those for the home user (the ones that also get a complete default config with NAT and Firewall).
 
User avatar
mozerd
Member
Member
Posts: 308
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v6.46.2 [stable] is released!

Wed Jan 22, 2020 4:05 pm

Problem with SFTP server and WinSCP

I use WinSCP to move files from my CCR1009 to my Network Server. According to WinSCP Developer RouterOS has a issue in it's SFTP server
The SFTP server returns an error
But when WinSCP queries the server for a target of those links, the server returns an error.
I believe it's a server-side problem.
This started to happen with all RouterOS versions from 6.45 to current stable releases.

Please check the link above for the discussion and logs
 
Bomber67
Member
Member
Posts: 318
Joined: Wed Nov 08, 2006 10:36 am

Re: v6.46.2 [stable] is released!

Wed Jan 22, 2020 6:56 pm

Can anyone post reasonable reason why it's important?
Verification that file is downloaded is plain strange. If you don't trust the auto-upgrade mechanism, use Fetch, or use other more reliable ways.
I'll turn the question around, could you provide a good reason why they should to be hidden? I'm not seeing it. One of the things I like about Mikrotik, is the control it gives me. This just obscures that control.
Exactly!
I cannot see one single reason why the files should be hidden.
We are not office secretaries, we are techs, and we want to see what we are actually doing!
At more or less regular intervals I am doing a wholesale upgrade of several hundred units using netwatch and scripting.
Then I am winboxing one of the routers and watch /file to see that the package actually is downloaded before rebooting the devices using another script.
This is not about trusting the upgrade mechanism, nobody know better than network techs that there are so many things that might go wrong..
Will I now have to resort to guessing instead of actually seeing the files????

Normis: Please admit that this was a very, very bad idea, and reverse it!
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8341
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.46.2 [stable] is released!

Wed Jan 22, 2020 8:31 pm

We are not office secretaries, we are techs, and we want to see what we are actually doing!
Going this way, you'll soon start asking to remove Quick Set from default package :D
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
Bomber67
Member
Member
Posts: 318
Joined: Wed Nov 08, 2006 10:36 am

Re: v6.46.2 [stable] is released!

Wed Jan 22, 2020 8:34 pm

We are not office secretaries, we are techs, and we want to see what we are actually doing!
Going this way, you'll soon start asking to remove Quick Set from default package :D
Quickset doesn't bother me at all, what bothers me is not being able to see what I need to see :?
 
twelch24
just joined
Posts: 6
Joined: Wed Apr 25, 2018 9:35 pm

Re: v6.46.2 [stable] is released!

Wed Jan 22, 2020 11:02 pm

I for one hate the idea of not being able to verify an upload to the device. Even cisco allows package verification on the device. Mikrotik should too.
 
User avatar
macsrwe
Forum Veteran
Forum Veteran
Posts: 756
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: v6.46.2 [stable] is released!

Wed Jan 22, 2020 11:11 pm

We are not office secretaries, we are techs, and we want to see what we are actually doing!
Going this way, you'll soon start asking to remove Quick Set from default package :D

Offering an additional low-information utility is a vastly different issue from offering only a low-information utility.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6227
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.46.2 [stable] is released!

Thu Jan 23, 2020 12:18 am

We are not office secretaries, we are techs, and we want to see what we are actually doing!
Going this way, you'll soon start asking to remove Quick Set from default package :D
I have asked that before (or at least some option to make it read-only) but it is obvious that requests made on the forum are a low priority for MikroTik.
We can have 1000 requests for something (like full IPv5 or a working OpenVPN or Wireguard) and then we get things like Kid Control and Detect Internet.
 
r00t
Member Candidate
Member Candidate
Posts: 278
Joined: Tue Nov 28, 2017 2:14 am

Re: v6.46.2 [stable] is released!

Thu Jan 23, 2020 12:21 am

Hopefully this package nonsense will be reverted and forgotten...

But what bothers me is that Mikrotik is spending time to develop this feature instead of fixing some usability problems and other stuff that everyone hates for years.
For example, why there is no "create directory" command and button in winbox? You have to use a hack to create directory... total joke.
And talking about quickset, why quickset can have graph for signal level of selected client and even that fancy inline graph of signal strength in client list... but not regular registrations table. No signal graph when viewing associated client details - that's where it should be in a first place! But no, you have to use quickset for that, where you are one button click away from ruining your AP configuration. And you can't use graphing for signal levels either, have to use external SNMP tool to do that...
And you could go on and on with workarounds you have to use to get things done with ROS.
It's clear that Mikrotik doesn't have enough developers and everything moves at a snail's pace... but then they spend time on feature like this, that no one wants and makes device management much worse... this just doesn't make any sense.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1424
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.46.2 [stable] is released!

Thu Jan 23, 2020 9:03 am

Why packages are downloaded in a different directory? - If there are other .npk files under the "Files" menu, then upgrade will fail
What to do, if I want to cancel upgrade? - Use "/system package update cancel" feature
What to do if I want to verify packages after download? - First of all, how do you verify? Nobody has answered this question so far. Also, RouterOS on reboot firstly checks if packages are correct and if not, then they are not installed and you get a "broken package" error.
What to do if I do not like a new method? - Use fetch tool instead
 
Bomber67
Member
Member
Posts: 318
Joined: Wed Nov 08, 2006 10:36 am

Re: v6.46.2 [stable] is released!

Thu Jan 23, 2020 9:13 am

Why packages are downloaded in a different directory? - If there are other .npk files under the "Files" menu, then upgrade will fail
What to do, if I want to cancel upgrade? - Use "/system package update cancel" feature
What to do if I want to verify packages after download? - First of all, how do you verify? Nobody has answered this question so far. Also, RouterOS on reboot firstly checks if packages are correct and if not, then they are not installed and you get a "broken package" error.
What to do if I do not like a new method? - Use fetch tool instead
Strods,
Thank you for your explanation.
I am confident that the update mechanisms in RouterOS work, that is not the case.
Regarding verification of packages after download, this is of course about actually seeing the file in /file. That is not the same as doing a hash check or something, but that is not what this is about

As you probably understand, the reason you get reactions to this change is that it hides information from us, without any benefit!
A change should and must be preceeded by a reason. If you could simply provide one single advantage of hiding the files, we could understand, but so far you have not.
I think your comment about using fetch is not fair. fetch is a different tool, this is about Upgrade.

So I hereby encourage you to inform us:
What is the advantage of hiding files and thus reducing the ability to actually see and monitor what is going on?
If you bite the bullet and reverse it, you will not be shot, instead you will be hugged!
 
User avatar
macsrwe
Forum Veteran
Forum Veteran
Posts: 756
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: v6.46.2 [stable] is released!

Thu Jan 23, 2020 9:42 am

What to do, if I want to cancel upgrade? - Use "/system package update cancel" feature

What to do if I do not realize there is an upgrade present that needs to be cancelled, because I can't see it, and therefore fail to cancel it?

Um...

What to do if I do not like a new method? - Use fetch tool instead

Unlike /system auto-update, which does the hard work of determining whether update packages occur anywhere on another host, and what packages they are, it is extremely impractical to script the same behavior using limited MikroTik fetch command repertoire because one cannot list all contents of a remote file system.

What to do if I already invested much time and testing in hardened scripts that use original method, /system auto-update?
  1. This became broken in 6.46. Does MikroTik intend to fix it, or are they just going to leave it broken?
  2. If the answer is that it will be fixed, will /system auto-update also be changed to put packages into an invisible directory, or will it operate as before? (If it operates as before, I am appeased — I still think invisible files is an awful idea, but it won't affect me because I will avoid using them.)
 
User avatar
karlisi
Member Candidate
Member Candidate
Posts: 282
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: v6.46.2 [stable] is released!

Thu Jan 23, 2020 10:07 am

Regarding verification of packages after download, this is of course about actually seeing the file in /file. That is not the same as doing a hash check or something, but that is not what this is about
IMHO half of complaints would be eliminated, if there would be text in File window status bar, like "RouterOS package 6.45.8 downloaded, please reboot to install" or smth. like that, and button 'Delete packages' in the same window.
---
Karlis
 
User avatar
karlisi
Member Candidate
Member Candidate
Posts: 282
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: v6.46.2 [stable] is released!

Thu Jan 23, 2020 10:09 am

What to do, if I want to cancel upgrade? - Use "/system package update cancel" feature
What to do if I do not realize there is an upgrade present that needs to be cancelled, because I can't see it, and therefore fail to cancel it?
Use
/system package update print
to check, this is what they say.
---
Karlis
 
pe1chl
Forum Guru
Forum Guru
Posts: 6227
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.46.2 [stable] is released!

Thu Jan 23, 2020 11:44 am

What to do if I want to verify packages after download? - First of all, how do you verify? Nobody has answered this question so far. Also, RouterOS on reboot firstly checks if packages are correct and if not, then they are not installed and you get a "broken package" error.
Does RouterOS now first verify that a complete set of update packages is available (matching the currently installed set of packages, and all of them correct) before it begins applying them one by one?
My impression (from mishaps) is that before it just began installing packages until it encountered a broken one and then left the system in an unstable or not-working state. Is that no longer true?

I can fully understand that you have no downloading issues in a labtest. But you should understand that sometimes people have routers at hard-to-access locations, behind unreliable internet connections that might fail just because of the sudden peak of download activity, e.g. this sometimes happens when using a 3G USB stick in a location with little coverage.
Or the connection temporarily fails because too many routers/links in the same network are being updated at the same time. One device is rebooting while another is still downloading.

Don't blindly assume that when you encounter a single correct package that also means that all packages have been downloaded correctly, so don't begin an upgrade before you have confirmed that.
 
r00t
Member Candidate
Member Candidate
Posts: 278
Joined: Tue Nov 28, 2017 2:14 am

Re: v6.46.2 [stable] is released!

Thu Jan 23, 2020 3:23 pm

What to do, if I want to cancel upgrade? - Use "/system package update cancel" feature
State of pending update with list of packages that will be updated on next reboot has to be clearly visible. Both in winbox and console, maybe even as a warning on user login. Because most admins will just check files, see no NPK files and conclude no updating will happen on reboot.
What to do if I want to verify packages after download? - First of all, how do you verify? Nobody has answered this question so far. Also, RouterOS on reboot firstly checks if
packages are correct and if not, then they are not installed and you get a "broken package" error.
There are two issues that may happen during auto-update:
1) auto-update fails to download some of the packages, but the remaining files are fine. In this case on reboot you may get system package that installs OK but other required packages will be missing, for example there will be no wireless package that failed download and so CPE will be inaccessible and will have to be netinstalled, wasting your time.
2) package files are corrupted, in this case entire update should fail, but from past experience, even when system package fails, some other packages still got installed and messed up the system.

Back to the "First of all, how do you verify? Nobody has answered this question so far." question:
Simply download NPK files from router to PC and compare file checksums. That's the only way to be sure what router downloaded is not corrupted.
I do the same even when uploading package files manually using winbox or fetch, always download them back and compare with originals.
Unless you are really bandwidth limited, this is the only way to be sure...
 
pe1chl
Forum Guru
Forum Guru
Posts: 6227
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.46.2 [stable] is released!

Thu Jan 23, 2020 3:50 pm

Simply download NPK files from router to PC and compare file checksums. That's the only way to be sure what router downloaded is not corrupted.
It would be nice when there was an option in the dir listing to "show md5 sums" for the files listed. But now that this is not available, I merely look(ed) at file sizes.
In a typical issue with download errors, a problem in downloading clearly shows up because filesizes are some nice multiple of 4096 and this is easily spotted and then they can be compared with actual sizes on another dirlisting.
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1070
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: v6.46.2 [stable] is released!

Thu Jan 23, 2020 4:16 pm

Pride comes before a fall. Companies much larger than MikroTik have had to learn this valuable lesson. One more time ... please hire a Product Manager who understands your users.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6227
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.46.2 [stable] is released!

Thu Jan 23, 2020 4:56 pm

Pride comes before a fall. Companies much larger than MikroTik have had to learn this valuable lesson. One more time ... please hire a Product Manager who understands your users.
"Our" problem is that the subset of users who gather here on the forum is only a small subset of users to which MikroTik sell equipment.
Of course they are the tech savvy users who get MikroTik to get things done the cannot get done on equipment from other manufacturers in the same market segment by salesprice, and for which they do not want to spend 4 times at much at another company (which then wants even more money to receive firmware updates and access to a supportdesk).

But likely they sell 10 times more equipment via sales channels that reach customers without any such wishes, or with wishes that are satisfied by features like Kid Control and Detect Internet, and by products like Audience.
So we can ask for update transparency or IPv6 support as much as we want, we will be at the bottom of the list compared to users who ask for "products that perform a function out of the box".
(still I don't understand why something like "automatically update vulnerable products" is not covered by this)
Last edited by pe1chl on Thu Jan 23, 2020 5:37 pm, edited 1 time in total.
 
twelch24
just joined
Posts: 6
Joined: Wed Apr 25, 2018 9:35 pm

Re: v6.46.2 [stable] is released!

Thu Jan 23, 2020 5:05 pm

Why packages are downloaded in a different directory? - If there are other .npk files under the "Files" menu, then upgrade will fail
What to do if I want to verify packages after download? - First of all, how do you verify? Nobody has answered this question so far. Also, RouterOS on reboot firstly checks if packages are correct and if not, then they are not installed and you get a "broken package" error.
Cisco offers the verify command. I think mikrotik should at very least have an equivalent checksum of the downloaded package. Even with that though, I want to see the file 100% of the time.
 
fritzme
just joined
Posts: 4
Joined: Thu Oct 31, 2019 6:10 pm

Re: v6.46.2 [stable] is released!

Thu Jan 23, 2020 8:49 pm

Did someone noticed any wireless performance drops after upgrading to 6.46.2 ?
... for both 2.4 Ghz and 5 Ghz....
 
schadom
Member Candidate
Member Candidate
Posts: 148
Joined: Sun Jun 25, 2017 2:47 am
Location: Austria

Re: v6.46.2 [stable] is released!

Thu Jan 23, 2020 8:51 pm

Pride comes before a fall. Companies much larger than MikroTik have had to learn this valuable lesson. One more time ... please hire a Product Manager who understands your users.

Yes, but please also some software QA guys that write automated tests to make at least some of the "fixed xxx introduced in version yyy" go away. While around 30-50 bugs are fixed with every new major release, at least 10 new bugs are introduced that did not exist in the previous version. To me as an outstanding software engineer it seems like the codebase of ROS is too difficult to maintain nowadays or simply a lack of dev's/resources @MT (or both)... search.php?keywords=%22introduced+in%22 ... mit=Search

And please finally retire the Tile architecture. It's a dead horse. There are much better architectures out there noawadays.
 
User avatar
Davis
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Mon Aug 01, 2011 12:27 pm
Location: Latvia, Riga
Contact:

Re: v6.46.2 [stable] is released!

Fri Jan 24, 2020 1:37 am

I completely agree that hiding the downloaded package files has no notable advantages (the only "advantage" is making routers a tiny bit more foolproof at a cost for more advanced users).
Most important problem I see with hidden update files is security.
Only 3 months ago serious flaws in update mechanism and package verification were disclosed: https://medium.com/tenable-techblog/rou ... e0b07c0b21
Removing the ability to access downloaded packages before installation (i.e. download NPK files from the router via SCP/FTP and check their hashes) does NOT sound like a good idea (nor a good PR!) - expecially in the context of recently disclosed vulnerabilities.

Also I see that there are many users relying of the files being visible (including some who have automated scripts). Also this choice makes users to question reasons why MikroTik has made this decision ("situations when you have some old .npk packages on your router from other RouterOS versions and/or architectures" can be avoided in much better way by printing a red alert banner whenever .npk files are present and "/system package download" is invoked; the red alert banner is already present in other places, e.g. in "/system routerboard" when CPU has non-default frequency).

Even better (but more complicated to implement) solution would be adding the red alert banner for all "/system package" commands in "situations when you have some old .npk packages on your router from other RouterOS versions and/or architectures".
This would also help in situations when the user manually uploads incorrect files to the router, reboots and wonders why it hasn't upgraded (a situation that is not handled by current solution).

P.S. All the "verification is a useless step", "we know better" answers are really ābols-style and it's sad to see that MikroTik has started going in this direction (a direction that is not very appreciated by IT people who might be a very notable share of current MikroTik users/customers).
 
Bomber67
Member
Member
Posts: 318
Joined: Wed Nov 08, 2006 10:36 am

Re: v6.46.2 [stable] is released!

Fri Jan 24, 2020 7:49 am


"Our" problem is that the subset of users who gather here on the forum is only a small subset of users to which MikroTik sell equipment.
Of course they are the tech savvy users who get MikroTik to get things done the cannot get done on equipment from other manufacturers in the same market segment by salesprice, and for which they do not want to spend 4 times at much at another company (which then wants even more money to receive firmware updates and access to a supportdesk).

But likely they sell 10 times more equipment via sales channels that reach customers without any such wishes, or with wishes that are satisfied by features like Kid Control and Detect Internet, and by products like Audience.
So we can ask for update transparency or IPv6 support as much as we want, we will be at the bottom of the list compared to users who ask for "products that perform a function out of the box".
(still I don't understand why something like "automatically update vulnerable products" is not covered by this)
You are probably right in your analysis about "our" share of the customer base.
But this all boils down to the question: "Is there any good reason for hiding the files?"
And the answer is definitely "no", at least MT has not come up with one single reason yet, apart from "the system files are hidden an now the upgrade files follow that path too" which sounds like a politician's answer...
The customers you mention who only use Kid control and Quickset via the web interface probably haven't heard of .NPK files, they don't care, and they will not be offended by seeing the files...
But the "tech savvy" among us still need visibility and control that hiding things will remove...
 
mbovenka
newbie
Posts: 46
Joined: Mon Oct 14, 2019 10:14 am

Re: v6.46.2 [stable] is released!

Fri Jan 24, 2020 12:11 pm

And please finally retire the Tile architecture. It's a dead horse. There are much better architectures out there noawadays.

Although I agree Tile is a dead end, that's more because Tilera went away and the current owner of the IP (Mellanox) isn't really interested in developing it further. The basic idea of lots and lots of lowish-powered cores to handle very parallelizable workloads like IP forwarding isn't bad at all, I think. It's just that the 'fewer but more powerful cores'-crowd has caught up. Don't forget, the TILE-Gx72 in the CCR1072 is 40nm tech from 2012. But we are getting back to the 'many cores' concept Tilera pioneered; look at AMD Threadripper, which is up to 64 cores now. I wonder what RouterOS could do with a 3990X pushing it? It won't be cheap, though; that CPU alone costs more than a CCR1072...
 
pe1chl
Forum Guru
Forum Guru
Posts: 6227
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.46.2 [stable] is released!

Fri Jan 24, 2020 12:33 pm

And please finally retire the Tile architecture. It's a dead horse. There are much better architectures out there noawadays.
While there probably should be no new products (other than maybe some enhance model e.g. a dual PSU option for an existing device, like there was most recent) I surely hope that the Tile architecture will be supported in RouterOS for some time to come, so we don't have to retire the CCR1009s that work so well.
(I have no experience with the larger models)
 
Kumaran
just joined
Posts: 2
Joined: Fri Jan 24, 2020 12:32 pm

Re: v6.46.2 [stable] is released!

Fri Jan 24, 2020 12:39 pm

Thanks for information
Kumaran
 
User avatar
karlisi
Member Candidate
Member Candidate
Posts: 282
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: v6.46.2 [stable] is released!

Fri Jan 24, 2020 1:59 pm

P.S. All the "verification is a useless step", "we know better" answers are really ābols-style and it's sad to see that MikroTik has started going in this direction (a direction that is not very appreciated by IT people who might be a very notable share of current MikroTik users/customers).
This is not only Apple-style, the same we see in MS products, and some others. IMHO, Mikrotik should decide if they will go home user or IT pros direction (or both, separating the product lines also in software). As for now it seems like (at least in software) Mikrotik wants to go for SOHO as potentially larger market, not eliminating IT pros. In result no one gets what he needs.
---
Karlis
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24418
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: v6.46.2 [stable] is released!

Fri Jan 24, 2020 2:03 pm

Have you not read the above answers to your questions? Since I see repetition of the same flawed arguments.

1. looking at files is not verification
2. RouterOS does internal verification that is much better than looking with your eyes
3. if you want to do some advanced checksum operations, you still have Fetch tool available

all of this was offered above
No answer to your question? How to write posts
 
rua
just joined
Posts: 14
Joined: Fri Aug 01, 2014 8:53 pm
Location: copenhagen, DK

Re: v6.46.2 [stable] is released!

Fri Jan 24, 2020 2:16 pm

Have you not read the above answers to your questions? Since I see repetition of the same flawed arguments.

1. looking at files is not verification
2. RouterOS does internal verification that is much better than looking with your eyes
3. if you want to do some advanced checksum operations, you still have Fetch tool available

all of this was offered above
+++++++
MTCNA, MTCRE
Copenhagen, Denmark
Consulting, building and managing networks.
 
Bomber67
Member
Member
Posts: 318
Joined: Wed Nov 08, 2006 10:36 am

Re: v6.46.2 [stable] is released!

Fri Jan 24, 2020 3:35 pm

Have you not read the above answers to your questions? Since I see repetition of the same flawed arguments.

1. looking at files is not verification
2. RouterOS does internal verification that is much better than looking with your eyes
3. if you want to do some advanced checksum operations, you still have Fetch tool available

all of this was offered above
Normis,

Can you please tell us:
What is the reason for hiding the files?
 
notToNew
Member Candidate
Member Candidate
Posts: 156
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.46.2 [stable] is released!

Fri Jan 24, 2020 3:47 pm

[
Normis,

Can you please tell us:
What is the reason for hiding the files?
Because you dont need it. You dont need access to Kernel, you dont need access to Filesystem. I hope mikrotik will never Listen to guys like you. This will Not improve the OS.
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
pe1chl
Forum Guru
Forum Guru
Posts: 6227
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.46.2 [stable] is released!

Fri Jan 24, 2020 5:17 pm

[
Normis,

Can you please tell us:
What is the reason for hiding the files?
Because you dont need it. You dont need access to Kernel, you dont need access to Filesystem. I hope mikrotik will never Listen to guys like you. This will Not improve the OS.
Note that update packages up/downloaded to the router are not system files, are not kernel files, or anyway other special files.

Most of the confusion has arisen from the fact that initially it was suspected that the files are now hidden (because of .npk extension), but still were loaded to the same location.
Later it turned out that the truth is that now the internal updater downloads the files to a DIFFERENT location, and of course this is not visible because no other files than the publicly visible Files section are visible.
This makes it a bit more reasonable, but still I think the system should offer the option to see what is in that download area, e.g. you click on a button and it shows a list of packages that has been downloaded, which version that is, and if the checksums are OK.
With that addition it would be fine, preferably when done in such a way that the result (version and status) can also be queried in a custom automatic upgrade script, so you can decide if it is safe to issue the reboot command or not.
Last edited by pe1chl on Fri Jan 24, 2020 9:53 pm, edited 1 time in total.
 
hatred
just joined
Posts: 13
Joined: Tue Sep 01, 2015 10:23 pm
Location: Belarus, Minsk

Re: v6.46.2 [stable] is released!

Fri Jan 24, 2020 9:47 pm

Today I've updated my hAP ac^2 from 6.44.6 to 6.46.2 (including firmware) and after a couple of hours, I've got a sudden router reboot.
Honestly, I can't remember such reboots at all (though I try to avoid beta versions).
My router has a pretty basic setup (default firewall + 2xWAN PCC balancing). Log says "router was rebooted without proper shutdown". What should I suspect & do?
 
scampbell
Trainer
Trainer
Posts: 461
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ
Contact:

Re: v6.46.2 [stable] is released!

Fri Jan 24, 2020 11:13 pm

[
Normis,

Can you please tell us:
What is the reason for hiding the files?
Because you dont need it. You dont need access to Kernel, you dont need access to Filesystem. I hope mikrotik will never Listen to guys like you. This will Not improve the OS.
Note that update packages up/downloaded to the router are not system files, are not kernel files, or anyway other special files.

Most of the confusion has arisen from the fact that initially it was suspected that the files are now hidden (because of .npk extension), but still were loaded to the same location.
Later it turned out that the truth is that now the internal updater downloads the files to a DIFFERENT location, and of course this is not visible because no other files than the publicly visible Files section are visible.
This makes it a bit more reasonable, but still I think the system should offer the option to see what is in that download area, e.g. you click on a button and it shows a list of packages that has been downloaded, which version that is, and if the checksums are OK.
With that addition it would be fine, preferably when done in such a way that the result (version and status) can also be queried in a custom automatic upgrade script, so you can decide if it is safe to issue the reboot command or not.
+1

I agree when you do /system reboot there should be a warning saying "Update files exist - are you sure ? Yes/No/Display/Clear
MTCNA, MTCWE, MTCRE, MTCTCE, MTCSE, MTCINE, Trainer
___________________
Mikrotik Distributor - New Zealand
http://www.campbell.co.nz
 
scampbell
Trainer
Trainer
Posts: 461
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ
Contact:

Re: v6.46.2 [stable] is released!

Fri Jan 24, 2020 11:22 pm

Thanks @schadom, @R1st0.
We will try to fix SNMP reporting for combo interfaces in the next RouterOS version.
Any chance we could PLEASE get the PSU1 and PSU2 OID for the CRS112-8P-4S. They are visible in Winbox and /system health but no OID - only temperature :-(

viewtopic.php?t=132601

Image
You do not have the required permissions to view the files attached to this post.
MTCNA, MTCWE, MTCRE, MTCTCE, MTCSE, MTCINE, Trainer
___________________
Mikrotik Distributor - New Zealand
http://www.campbell.co.nz
 
archerious
newbie
Posts: 35
Joined: Sun Aug 26, 2018 7:50 am

Re: v6.46.2 [stable] is released!

Sat Jan 25, 2020 7:50 am

I ran into an odd bug.

I updated using packages then after reboot I upgraded routerboard then restart.

However when the Mikrotik came back up, for some reason it had disabled/unchecked the "Add ARP for Leases" setting in dhcp server.

As a result I couldn't figure out why everything wasn't working, then I noticed that setting. Enabled/checked it again, then kicked off any devices except my WAN (ether1) from ARP and that resolved it.

Nearly 1 hr though of no internet just from updating. Super stressful after work.

Please see if you are able replicate.

EDIT: I was able to ping 8.8.8.8 from the RB4011, but it wasn't able to ping my CRS309 using 10.1.1.2 ipv4 like normal it would timeout. Same situation with the CRS309. All NAT settings are correct same with firewall. All I did was enable the "Add ARP for Leases" and kick off all ARP devices that weren't working anyway, then they reconnected fine. Super strange.
RB4011 Former: ER4
CSS326, CRS309, CRS112-PoE Former: Ubiquiti XG-16 & Edgeswitch 10X
AT&T Fiber 1000/1000
https://i.imgur.com/vByw6dK.png
https://www.speedtest.net/result/8975293431.png
 
mkx
Forum Guru
Forum Guru
Posts: 3745
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.46.2 [stable] is released!

Sat Jan 25, 2020 1:40 pm

However when the Mikrotik came back up, for some reason it had disabled/unchecked the "Add ARP for Leases" setting in dhcp server.
It's unchecked/disabled on my 6.45.7 hAP ac2 and I'm pretty sure this is default setting. So either you had it disabled prior to upgrade as well and enabling option does not affect your problem (clearing ARP cache probably did it) ... or you actually had it enabled previously for some good reason and you actually found a bug in upgrade procedure.
BR,
Metod
 
User avatar
omidkosari
Trainer
Trainer
Posts: 628
Joined: Fri Sep 01, 2006 4:18 pm
Location: Iran , Karaj
Contact:

Re: v6.46.2 [stable] is released!

Sat Jan 25, 2020 2:03 pm

The MEMORY LEAK bug is still exists in this version.
cpu-ram-usage.png
The problem solves only by manual reboot or auto reboot by watchdog. As you can see in attached image, the memory grows until router crashes and reboot.
Several tickets opened and closed . The last one is #[SUP-6142]

In following image which shows weekly memory usage,the only way is schedule reboot every 2 days as a workaround to prevent memory leak router crash. Even sometimes the crash happens between 2 days and manual reboot is the only way.
memory-usage-weekly.PNG
You do not have the required permissions to view the files attached to this post.
MTCNA , MTCRE, MTCWE, Mikrotik Certified Trainer
 
pe1chl
Forum Guru
Forum Guru
Posts: 6227
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.46.2 [stable] is released!

Sat Jan 25, 2020 2:13 pm

I checked several routers and I do not see a memory leak. There is some increase in use roughly during the first day of uptime (like shown in your graphs) and then it stabilizes.
In one router that does a lot of NAT there is memory usage varying by time, it increases during peak hours but falls back to normal after that.

Maybe you have some problem with DoS or other resource exhaustion specific to your network, e.g. due to attackers or "people having fun".
 
User avatar
omidkosari
Trainer
Trainer
Posts: 628
Joined: Fri Sep 01, 2006 4:18 pm
Location: Iran , Karaj
Contact:

Re: v6.46.2 [stable] is released!

Sat Jan 25, 2020 2:24 pm

I checked several routers and I do not see a memory leak. There is some increase in use roughly during the first day of uptime (like shown in your graphs) and then it stabilizes.
In one router that does a lot of NAT there is memory usage varying by time, it increases during peak hours but falls back to normal after that.

Maybe you have some problem with DoS or other resource exhaustion specific to your network, e.g. due to attackers or "people having fun".
Thanks for reply.
Connection tracking is disabled on these routers. Also this problem appears on pppoe server routers. Do you have routers with more than 2000 active pppoe sessions ?
Also this problem appears on several places with different type of users. Can you explain "people having fun" with some scenarios which may create such problems?

memory-leak-weekly.PNG
Maybe weekly memory usage of another router with less than 600 pppoe session creates better understanding. The router memory usage grows until reboot. What kind of DOS,attack can create such memory leak? The ram usage 10 Minutes after startup is about 470MB and after 5 Days more than 1370MB
You do not have the required permissions to view the files attached to this post.
MTCNA , MTCRE, MTCWE, Mikrotik Certified Trainer
 
pe1chl
Forum Guru
Forum Guru
Posts: 6227
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.46.2 [stable] is released!

Sat Jan 25, 2020 6:21 pm

I have no routers that terminate PPPoE sessions for users, but you did not mention that in your posting.
My routers perform different standard "routing" functions and have GRE/IPsec and L2TP/IPsec VPNs, and I do not see that problem.
So it could be something specific to PPPoE. "people having fun" could be people who setup thousands and thousands of sessions (in your case) or connections (in my case).
Of course each one takes some memory, but it should be freed later when the connection ends.
There also have been such issues with ARP and IPv6 ND, which can be the result of people scanning the network.
It is always a good idea to examine logging, try some traces etc to see what repeated action causes this memory usage increase.
 
User avatar
SiB
Member
Member
Posts: 443
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: v6.46.2 [stable] is released!

Sat Jan 25, 2020 11:18 pm

SUP-6680
CCR1009 upgrade from 6.42.2 to 6.46.2
All IPSec tunnels are works with strange notification in Policies about Peer's column as "unknown" or in CLI as "peer not set".
Each policies in WinBox give me info this is a Peer12 - the same peer in each of policies ?!
I see that WinBox blue colour means a) WinBox display first Peer to every entry and/or b) this is user change.
Y36Lq98PeV.png
ma66WiiV1e.png
All my Peer and Profiles change names to just peerX/Profile_X and now I must do some comparison to select a proper entry!

And now I wonder to wait for fix in next ROS...?
Do downgrade but to what version?
Rename Peer/Profiles names and set all Policies with proper Peer again?

As always, stable channel is that ~"STABLE" then when you ask if MikroTik do any of test in his ROS or we are a test rabbit :). I know the answer - all together :).
You do not have the required permissions to view the files attached to this post.
MTCNA + MTCRE + MTCINE | ~600 users at ~150 RouterBoards in EMEA | Telegram: @SiB_PL
WinBox Tip: F6 works as ALT+TAB | Gliffy.com - free network schematic | prnt.sc - free ScreenShot software
I will be at MUMEUROPE Prague on 26-27 march 2020
 
sindy
Forum Guru
Forum Guru
Posts: 4220
Joined: Mon Dec 04, 2017 9:19 pm

Re: v6.46.2 [stable] is released!

Sat Jan 25, 2020 11:44 pm

Policies have become bound to peers at least since 6.45 if not 6.44. That's nothing to claim as a bug, it is an intended change.

Normally you can use a script to assign peers to policies based on policy's sa-dst-address being the same as peer's address; if you use more complex setups, you have to take also sa-src-address and local-address into account. Until you do that, the policies continue to work the old way.

In 6.42, I peers didn't have names yet, only comments. So I don't get your remark regarding having peer1 to peerXY - if you had comments on peers, they stayed, and if you didn't, what's the actual damage suffered?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6227
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.46.2 [stable] is released!

Sun Jan 26, 2020 11:37 am

CCR1009 upgrade from 6.42.2 to 6.46.2
All IPSec tunnels are works with strange notification in Policies about Peer's column as "unknown" or in CLI as "peer not set".
It is not advisable to make that big upgrade step when you have IPsec configured. As already written, IPsec has been changed quite a lot between those versions.
When you make such big steps it is advisable to read the intermediate releasenotes and when you note such a change inbetween, to upgrade to that intermediate version first.
In some cases, when multiple changes have been made, a large upgrade could miss some details when converting your config.
It would have been better to upgrade to 6.44.6 (long-term version) first!

In this case everything still works so it is not required to downgrade, and not advisable either when you have no backup of your old configuration.
You can manually change the names like peer12 to whatever you like, but be advised that this will reset/restart all your IPsec connections, so do do not do this when logged in via such a link and especially not with "safe mode" active.
 
User avatar
SiB
Member
Member
Posts: 443
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: v6.46.2 [stable] is released!

Sun Jan 26, 2020 4:24 pm

sindy
Policies have become bound to peers at least since 6.45 if not 6.44. That's nothing to claim as a bug, it is an intended change.
I have objection to upgrade process, not to a new way of configuration. I not import config from old to latest version.
When ROS do upgrade process then he "convert" configuration to new one. But as we can see he cannot properly assign peer's now and show me a "unknown" data and "peer not set" in Policies.
I assign the proper Peer to proper Policy and do rename off all necessary stuff.

After that I see that Peer not have the SA-Local-Address who was in Policies\Action before and not exist in a new Peer configuration. I must fix that by hand. This is not moved by ROS upgrade process.
One IPSec tunnel give me "policy no found" because before "1.2.3.4" works and now I must set "1.2.3.4/30" to fix this.or now the mask are valided of remote site.
MTCNA + MTCRE + MTCINE | ~600 users at ~150 RouterBoards in EMEA | Telegram: @SiB_PL
WinBox Tip: F6 works as ALT+TAB | Gliffy.com - free network schematic | prnt.sc - free ScreenShot software
I will be at MUMEUROPE Prague on 26-27 march 2020
 
User avatar
Davis
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Mon Aug 01, 2011 12:27 pm
Location: Latvia, Riga
Contact:

Re: v6.46.2 [stable] is released!

Sun Jan 26, 2020 10:10 pm

Have you not read the above answers to your questions? Since I see repetition of the same flawed arguments.

1. looking at files is not verification
2. RouterOS does internal verification that is much better than looking with your eyes
3. if you want to do some advanced checksum operations, you still have Fetch tool available

all of this was offered above
Can you please include some information on how the dependencies of packages are processed during update (which packages depend on which packages - what is the dependency graph? can different installed packages have different versions? what will happen if updates for only some installed packages are uploaded to router? what will happen if update of a package is uploaded, but updates for its dependencies are not uploaded? etc.) in the wiki page (or the new documentation system)?
https://wiki.mikrotik.com/wiki/Manual:System/Packages
 
hatred
just joined
Posts: 13
Joined: Tue Sep 01, 2015 10:23 pm
Location: Belarus, Minsk

Re: v6.46.2 [stable] is released!

Sun Jan 26, 2020 11:08 pm

Today I've updated my hAP ac^2 from 6.44.6 to 6.46.2 (including firmware) and after a couple of hours, I've got a sudden router reboot.
Honestly, I can't remember such reboots at all (though I try to avoid beta versions).
My router has a pretty basic setup (default firewall + 2xWAN PCC balancing). Log says "router was rebooted without proper shutdown". What should I suspect & do?
My router just suddenly rebooted again.
EDIT: Supout [SUP-6711] has sent to support mail.
Last edited by hatred on Sun Jan 26, 2020 11:30 pm, edited 2 times in total.
 
User avatar
macsrwe
Forum Veteran
Forum Veteran
Posts: 756
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: v6.46.2 [stable] is released!

Sun Jan 26, 2020 11:19 pm

In my experience, "rebooted without proper shut down" usually indicates a power down, not a panic.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6227
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.46.2 [stable] is released!

Sun Jan 26, 2020 11:24 pm

Have you not read the above answers to your questions? Since I see repetition of the same flawed arguments.

1. looking at files is not verification
2. RouterOS does internal verification that is much better than looking with your eyes
3. if you want to do some advanced checksum operations, you still have Fetch tool available

all of this was offered above
You have not answered the questions in post #69 viewtopic.php?p=771370#p771370 :
Does RouterOS now verify that the set of downloaded packages is complete and all packages are correct before it starts installing new packages?
So it can now no longer happen that an install of multiple packages stops halfway because a bad package is encountered, or is not complete because not all packages for the upgrade are present?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5965
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.46.2 [stable] is released!

Mon Jan 27, 2020 2:34 pm

Auto upgrader will not try to install if at least one package is missing or not finished downloading.
 
twelch24
just joined
Posts: 6
Joined: Wed Apr 25, 2018 9:35 pm

Re: v6.46.2 [stable] is released!

Mon Jan 27, 2020 4:53 pm

Auto upgrader will not try to install if at least one package is missing or not finished downloading.
This still leaves us rebooting multiple times if something fails. It's not acceptable to us. We need to know when it reboots it will be upgraded. For us, not having a verify command/some way to checksum before the reboot is a deal breaker.
 
User avatar
eworm
Member
Member
Posts: 470
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.46.2 [stable] is released!

Mon Jan 27, 2020 5:12 pm

Auto upgrader will not try to install if at least one package is missing or not finished downloading.
I think there are special conditions where this is (or was?) not true. As said earlier... My LTE router managed to update with missing wireless package at least twice.
Sadly I can not give exact version... I think last time was about February 2019, since then I use a script and fetch (see above for link).
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
gcsuri
newbie
Posts: 25
Joined: Wed Sep 03, 2008 10:20 am

Re: v6.46.2 [stable] is released!

Tue Jan 28, 2020 7:23 am

Hi,

I upgraded a HAP lite 6.38 to 6.46.2 and I can't login with winbox (3.20) anymore. I can login with mac-telnet and telnet but winbox tells me bad username/password. I downgraded to 6.44.6 it works again.

best regards, Gabor
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1316
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: v6.46.2 [stable] is released!

Tue Jan 28, 2020 7:56 am

Removed
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
dg1kwa
just joined
Posts: 13
Joined: Tue Aug 17, 2010 12:32 pm
Location: Monheim

Re: v6.46.2 [stable] is released!

Wed Jan 29, 2020 11:04 am

Hi there,
IGMP snooping continues to be very unstable.
After a while the MDB table is always empty.

Routers are 3x RB2011 and 1x CRS106.

Thanks and best regards
Andreas
 
User avatar
macsrwe
Forum Veteran
Forum Veteran
Posts: 756
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: v6.46.2 [stable] is released!

Wed Jan 29, 2020 9:31 pm

But this all boils down to the question: "Is there any good reason for hiding the files?"
And the answer is definitely "no", at least MT has not come up with one single reason yet, apart from "the system files are hidden an now the upgrade files follow that path too" which sounds like a politician's answer...

Repeated refusal to even acknowledge this question leads me to suspect that answer is somewhere in here. It just smells right.
 
EdPa
MikroTik Support
MikroTik Support
Posts: 51
Joined: Fri Sep 15, 2017 10:05 am
Location: Riga
Contact:

Re: v6.46.2 [stable] is released!

Thu Jan 30, 2020 11:40 am

@dg1kwa - please keep this forum topic strictly related to this particular RouterOS release.
MDB entries do timeout after a while if no membership reports are received, see "membership-interval" property. Make sure you have some device that acts as an IGMP querier. Otherwise, create a new forum thread or report to the support portal.
 
dg1kwa
just joined
Posts: 13
Joined: Tue Aug 17, 2010 12:32 pm
Location: Monheim

Re: v6.46.2 [stable] is released!

Thu Jan 30, 2020 12:10 pm

@dg1kwa - please keep this forum topic strictly related to this particular RouterOS release.
MDB entries do timeout after a while if no membership reports are received, see "membership-interval" property. Make sure you have some device that acts as an IGMP querier. Otherwise, create a new forum thread or report to the support portal.
with this release very strong :(

I know that this have a timeout, but when I start my IPTV never any entry come back. Table is complete empthy on all routers!

An IPTV not work.

Then I switch off igmp snoppling and switch on again. After this all work fine until the mdb table ist empthy again.
 
telepro
Frequent Visitor
Frequent Visitor
Posts: 64
Joined: Sun Apr 03, 2011 7:50 pm

Re: v6.46.2 [stable] is released!

Thu Jan 30, 2020 2:51 pm

Has anyone successfully loaded a metarouter image with v6.46.2?

We use a script to configure our 951G routers every time we upgrade from one ROS to a later version. This same script runs on all of the 951 UNITS.
After upgrading to 6.64.2, the portion of the script that loads the metarouter image no longer is successful.
The error message in the log is as follows:
script error; import failed; archive goes out of root directory. /FasSat/
script error action timed out - try again, if error continues contact MikroTik support and send a supout file (13)

The metarouter loading script is initiated with a short script file:
# This command resets the entire configuration and loads a new configuration
/system reset-configuration keep-users=no no-defaults=yes skip-backup=yes run-after-reset=ImportConfig.rsc

The ImportConfig.rsc script executed on restart is as follows:
# This RunAfterReset script file loads a new configuration after a reset-configuration
/import file=[/file get value-name=name [find name~"FasSatRouterConfig*"]]

The portion of the FasSatRouterConfig*.rsc file that fails is as follows:

:log info ("----- Config metarouter import-image")
# First need to import the image, but unable to set name, enable, disk-size,
# or memory-size in the import-image statement
# If import-image is executed following the add, the import-image will create a 2nd metarouter
/metarouter import-image file-name=$MetarouterImage
:log info ("----- Config metarouter")
# Since there is only one metarouter [0], set its properties
#:delay 2
/metarouter print
/metarouter set 0 name=fsmr disabled=no disk-size=unlimited memory-size=24MiB

Trying again (per the error log message) and running this same sequence (/system reset….) fails repeatedly and outputs the same messages to the logger.

This same metarouter image file has loaded and run successfully on all revisions of ROS from 6.5 through 6.45.6
 
mszru
just joined
Posts: 23
Joined: Wed Aug 10, 2016 10:42 am

Re: v6.46.2 [stable] is released!

Thu Jan 30, 2020 6:39 pm

After the upgrade (both ROS and Firmware) from 6.46 to 6.46.2 write-sect-total has been reset on my hAP ac2.
[altmsizo@hAPac2] > /system resource print
                   uptime: 3d23h33m50s
                  version: 6.46.2 (stable)
               build-time: Jan/14/2020 07:17:12
         factory-software: 6.43.10
              free-memory: 71.0MiB
             total-memory: 128.0MiB
                      cpu: ARMv7
                cpu-count: 4
            cpu-frequency: 716MHz
                 cpu-load: 1%
           free-hdd-space: 2132.0KiB
          total-hdd-space: 15.3MiB
  write-sect-since-reboot: 968
         write-sect-total: 968
               bad-blocks: 0%
        architecture-name: arm
               board-name: hAP ac^2
                 platform: MikroTik
 
nmt1900
newbie
Posts: 38
Joined: Wed Feb 01, 2017 12:36 am

Re: v6.46.2 [stable] is released!

Fri Jan 31, 2020 12:39 am

But this all boils down to the question: "Is there any good reason for hiding the files?"
And the answer is definitely "no", at least MT has not come up with one single reason yet, apart from "the system files are hidden an now the upgrade files follow that path too" which sounds like a politician's answer...

Repeated refusal to even acknowledge this question leads me to suspect that answer is somewhere in here. It just smells right.
About that downgrading thing - there's usually a reason why other manufacturers may sometimes limit downgradeability. The fact, that you just can upload npk file of any older version and simply press downgrade button to have all blanked passwords in result is everything but normal - even if warning is issued everywhere in changelogs...

The right way to handle this "dongrading clears user credentials" problem should be to block downgrades to versions earlier than 6.43. If anyone wants still to go back to older version then it should only be doable by netinstall. Then everything would be set up from a scratch anyway and there would not be any user passwords to be cleared out.
 
goranjov
just joined
Posts: 1
Joined: Wed Mar 07, 2018 9:23 pm

Re: v6.46.2 [stable] is released!

Sat Feb 01, 2020 12:14 pm

It lloks that after latest update that /ip neighbor dicovery is enabled on wan port
i have flood on udp 5678 from Mikrotik devices all around the world
one of them is 159.148.147.229
route: 159.148.147.0/24
org: ORG-MA140-RIPE
descr: MIKROTIKLS
origin: AS51894
mnt-by: AS2588-MNT
created: 2010-11-29T08:32:40Z
last-modified: 2019-07-08T12:13:46Z
source: RIPE
b/r goran
 
pe1chl
Forum Guru
Forum Guru
Posts: 6227
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.46.2 [stable] is released!

Sat Feb 01, 2020 12:29 pm

It lloks that after latest update that /ip neighbor dicovery is enabled on wan port
i have flood on udp 5678 from Mikrotik devices all around the world
one of them is 159.148.147.229
route: 159.148.147.0/24
org: ORG-MA140-RIPE
descr: MIKROTIKLS
origin: AS51894
mnt-by: AS2588-MNT
created: 2010-11-29T08:32:40Z
last-modified: 2019-07-08T12:13:46Z
source: RIPE
b/r goran
It appears to be some form of "phone home". It could be the "new IPcloud" thing, I normally always disable that but there are some routers not under my control in the network that could have it enabled.
I see a router sending UDP from port 5678 to port 30000 on 159.148.147.229, and getting a reply (from port 30000 back to port 5678), which it then rejects with "port unreachable".
That could be due to a firewall at that router, I don't know. I'll probably ask the owner of that router what the config is.
 
Abdock
Member Candidate
Member Candidate
Posts: 255
Joined: Sun Sep 25, 2005 10:50 pm

Re: v6.46.2 [stable] is released!

Sun Feb 02, 2020 6:48 pm

We have noticed ARM RB1100x4, get stuck and would not respond to SNMP or telnet, the router will be running but not reachable unit restarted.

This happened from 6.46
 
hendre123
just joined
Posts: 2
Joined: Thu Jan 09, 2020 7:23 am

Re: v6.46.2 [stable] is released!

Mon Feb 03, 2020 10:26 pm

I hope this is the correct place for the post.
Is there a problem with the auto upgrade via different source on version 6.46.1?
I added a package source, which is a different mikrotik to manage what OS I want to be installed onto my routerboards.
All my tests work with previous versions of routerOS, but as soon as I hit 6.46.1, it would seem to stop working.
I loaded 4.46.2 on my "package source router", but the mikrotik doing the auto upgrade does not see the package.
I downgraded to the stable version and did a check again for new version and then it sees the version 4.46.2 and does the upgrade.
It would seem version 4.46.1 just does not see the 4.46.2.
This is for upgrading from different source and not directly from mikrotik site.
Any suggestions or different testing you would recommend?
I wanted to implement my auto upgrade scripts this week and now before my deployment I did a quick final test with the newest routerOS and just does not work.
Now I'm scared to do the deployment on 100's of mikrotiks as newest version is not working.(upgrading in my scenario).
 
User avatar
macsrwe
Forum Veteran
Forum Veteran
Posts: 756
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: v6.46.2 [stable] is released!

Tue Feb 04, 2020 12:05 pm

Is there a problem with the auto upgrade via different source on version 6.46.1?
I added a package source, which is a different mikrotik to manage what OS I want to be installed onto my routerboards.
All my tests work with previous versions of routerOS, but as soon as I hit 6.46.1, it would seem to stop working.
I loaded 4.46.2 on my "package source router", but the mikrotik doing the auto upgrade does not see the package.

I wanted to implement my auto upgrade scripts this week and now before my deployment I did a quick final test with the newest routerOS and just does not work.
Now I'm scared to do the deployment on 100's of mikrotiks as newest version is not working.(upgrading in my scenario).

Known reported problem. See Post #3 in this thread. I am awaiting word from MikroTik as well, so far, nothing.
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 559
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.46.2 [stable] is released!

Thu Feb 06, 2020 6:08 pm

New version 6.46.3 has been released in stable RouterOS channel:

viewtopic.php?f=21&t=157154

Who is online

Users browsing this forum: Bing [Bot], dyke and 22 guests