Community discussions

MikroTik App
 
bourneagainsh
just joined
Posts: 21
Joined: Thu May 21, 2020 7:41 pm

Re: v6.47 [stable] is released!

Fri Jun 26, 2020 11:00 am

*) port - removed serial console port on hEX S;

- How can I re-enable the "serial console" manually on hEX S, if it has been disabled in 6.47 please?
- Why has it been disabled in 6.47 on the hEX S?
 
User avatar
ErfanDL
Member
Member
Posts: 328
Joined: Thu Sep 29, 2016 9:13 am
Location: IRAN
Contact:

Re: v6.47 [stable] is released!

Fri Jun 26, 2020 12:29 pm

CRS326-24G-2S+ after upgrade to 6.47 only available 10% of HDD space !
Capture.PNG
Capture1.PNG
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6660
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Fri Jun 26, 2020 12:44 pm

CRS326-24G-2S+ after upgrade to 6.47 only available 10% of HDD space !
And before upgrade?
These numbers are not so bad for a 16MB device with additional package(s) installed, right?
 
DarkNate
just joined
Posts: 24
Joined: Fri Jun 26, 2020 4:37 pm

Re: v6.47 [stable] is released!

Fri Jun 26, 2020 4:42 pm

We need more people to contribute to this Cloudflare thread I created about DoH issues:
https://community.cloudflare.com/t/clou ... e/184158/6
 
r00t
Member
Member
Posts: 323
Joined: Tue Nov 28, 2017 2:14 am

Re: v6.47 [stable] is released!

Fri Jun 26, 2020 4:43 pm

*) port - removed serial console port on hEX S;

- How can I re-enable the "serial console" manually on hEX S, if it has been disabled in 6.47 please?
- Why has it been disabled in 6.47 on the hEX S?
+1... there is NO GOOD REASON to do this.
Same for all other boards with UART pins on board, this port should be available and console spawn on it by default.
 
balexiev
just joined
Posts: 3
Joined: Thu May 21, 2020 12:22 am

Re: Antenna Gain issue

Fri Jun 26, 2020 4:55 pm

Antenna gain should not be changed, especially for devices with built-in antennas. What were you trying to achieve anyway?
If your signal is too weak, fix position or alignment. Playing with antenna gain is not the right way and can be illegal.
Hi, tested on hAP ac lite RB952Ui-5ac2nD.
What are we trying to achieve - make basic wireless configuration.
1. Frequency Mode -> regulatory-domain. (If apply is pressed after this step, it is accepted.)
2. Country -> select country (in my case Bulgaria).
2020-06-26_16-44-55_winbox64.png
3. Press Apply -> error returned: "minimal antenna-gain for this country is 2 (6)".
2020-06-26_16-45-01_winbox64.png
(Workaround)
It is worth to note that the CLI shows and allows the setting of the antenna-gain parameter (value-name).
/interface wireless> print advanced
Example:
2 name="wlan5" mtu=1500 l2mtu=1600 mac-address=C4:AD:34:xx:xx:xx arp=enabled disable-running-check=no interface-type=Atheros AR9888
radio-name="C4AD3XXXXXX" mode=ap-bridge ssid="5GHz" area="" frequency-mode=regulatory-domain country=no_country_set
installation=any antenna-gain=0 frequency=5180 band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX secondary-channel=""
scan-list=default wireless-protocol=802.11 rate-set=default …….

The default value is 0: antenna-gain=0.

After changing the value through CLI to 2, the above settings are accepted.
The default value for antenna-gain is 0 for both 2.4 and 5 GHz.

Apart from the issues with working with Tx power, I would suggest that If the country is supposed to be set through WinBox (GUI), then an internal software check should be made and the corresponding antenna-gain value for the respective country be set automatically, so the country change is accepted. If the value is the same for all :), then it should be easier.
You do not have the required permissions to view the files attached to this post.
 
Pea
Member Candidate
Member Candidate
Posts: 209
Joined: Fri Jul 17, 2015 11:07 pm
Location: Czech

Re: v6.47 [stable] is released!

Fri Jun 26, 2020 5:02 pm

We need more people to contribute to this Cloudflare thread I created about DoH issues:
https://community.cloudflare.com/t/clou ... e/184158/6
It is probably only your ISP or setup issue, we are using DoH Cloudflare without problems.
Please check your setup, this should work normally, as mentioned before several times:
/tool fetch url=https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
/certificate import file-name=DigiCertGlobalRootCA.crt.pem passphrase=""
/ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes servers=""
 
DarkNate
just joined
Posts: 24
Joined: Fri Jun 26, 2020 4:37 pm

Re: v6.47 [stable] is released!

Fri Jun 26, 2020 5:12 pm

We need more people to contribute to this Cloudflare thread I created about DoH issues:
https://community.cloudflare.com/t/clou ... e/184158/6
It is probably only your ISP or setup issue, we are using DoH Cloudflare without problems.
Please check your setup, this should work normally, as mentioned before several times:
/tool fetch url=https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
/certificate import file-name=DigiCertGlobalRootCA.crt.pem passphrase=""
/ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes servers=""
Yes, I followed those exact same instructions and still have issues with DoH on MikroTik. I don't think it's ISP since reachability isn't a problem as stated in that Cloudflare thread.

Maybe it's my IPv6 config? Please take a look: viewtopic.php?f=13&t=162930
 
kd2pm2
newbie
Posts: 40
Joined: Wed Nov 14, 2012 7:14 am
Location: New Jersey, USA

Re: v6.47 [stable] is released!

Sat Jun 27, 2020 4:25 am

Definitely not an ISP issue. 1.1.1.1 works great but when I go to use it for DOH my 2011 throws errors out at me usually the (6) and the (13)'s. Once in a while the 4011 will error but not as bad as the 2011 will. And a reboot will usually take care of it for a while then it comes back eventually

This one of those, it either works or it doesnt. If it doesnt, you know right away when you look at your logs. But mine will run for days and then start throwing stuff out at me. Once I turn off the DOH, all is well.

Now I have only tested with Cloudflare, I cant attest to how the other DNS providers fair.
Ed in NJ-USA
RB2011 / RB4011 / RB260GS / RB750
 
User avatar
Kamaz
newbie
Posts: 35
Joined: Sun Apr 30, 2017 9:35 am

Re: v6.47 [stable] is released!

Sat Jun 27, 2020 10:15 pm

Hi,
I'm facing with such errors
DNS warning DoH max concurrent queries reached, ignoring query
and
DNS error DoH server connection error: Network is unreachable
mikro.png
Mikrotik ac2, ROS 6.47
Once per day or two, router drops down L2TP connection because it can't resolve L2TP server's name.

Any ideas how to resolve my issue besides turning DOH off?
You do not have the required permissions to view the files attached to this post.
 
tommyo
just joined
Posts: 1
Joined: Sun Jun 28, 2020 2:14 pm

Re: v6.47 [stable] is released!

Sun Jun 28, 2020 2:39 pm

Upgraded my my home root switch CRS326-24G-2S+ from 6.46.6 to 6.47. This router has 2 x 10 GbE S+RJ10 connected to 2 x CSS326-24G-2S+RM (SwOS 2.11) also with 10 GbE S+RJ10 GBICs. Everything has been stable so far. After upgrading to 6.47 stable all hell broke loose. The link to 1 of the CSS326-24G-2S+RM suddenly starts to go down permantly. Only way to recover was to pull out the ethernet cable or reboot the switch. This event was happening several times a day, and made my home network unusable. Had do degrade the firmware to 6.45.9 (long-term) and everything was stable again. The last stable version was 6.46.6.

I think the problem is that the this CRS326-24G-2S+ switch could not recover after a short link down. I have to admit that the distance between these two switches are on the fringe how far you can have a 10 Gb connection, but this hasn't been an issue before because the these switches recovered quite well. The other connection was stable with 6.47 but that link was only on 5 Gb because the distance is to far for a 10 Gb connection.

Is this a known issue with firmware 6.47 with Mikrotik S+RJ10 GBIC is unstable and can't recover well? If this issue isn't addressed I have to live forever with 6.46.6 or 6.45.9 (long-term).

Also upgraded my RB3011 internet router to 6.47 stable, but hasn't had any issues with that router, but this router of course has no S+RJ10 GBIC.
 
biomesh
Member Candidate
Member Candidate
Posts: 140
Joined: Fri Feb 10, 2012 8:25 pm

Re: v6.47 [stable] is released!

Sun Jun 28, 2020 3:13 pm

For those having issues flushing the dns cache, from my experience, this is due to a winbox bug IMO.

If I have a large cache (a few mb) then through winbox the cache will never clear.

If I run a /ip dns cache flush, it works. I also tested with disabling remote requests, flush cache, and enabling remote requests via a script.

It's worth a try for those having this issue.

EDIT:

It seems it only worked yesterday. Perhaps there are connections to the dns server stopping it from purging the cache consistently.
Last edited by biomesh on Mon Jun 29, 2020 4:28 pm, edited 1 time in total.
 
alephis
just joined
Posts: 2
Joined: Mon May 07, 2018 7:44 am

Re: v6.47 [stable] is released!

Mon Jun 29, 2020 9:58 am

Also SMB is not available from Windows PC (7 and 10)

Installing SMB 1.0 also does not help.

By some reason Kyocera MFP can successfully scan documents to SMB share located on Mikrotik.

Checked on hEX S and RB1100AHx4 DE
 
User avatar
kmansoft
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Tue Jan 22, 2019 5:00 pm

Re: v6.47 [stable] is released!

Mon Jun 29, 2020 10:19 pm

hi this first post i made, i am trying using this new feature DoH DNS using Adguard DNS, seem everything work fine, but it seem using full DNS cache, i even tried to increasing the cache to 10000 KiB, it full in no time, i tried too flush the cache but it seem cache used still not decreasing, does this normal behavior for DoH DNS?reso.JPGdns static.JPGcache.JPGsert.JPG
Same or similar issue with hAP AC^2 - using Google's DoH (not sure if it's DoH related, just to mention for completeness).

Reported "cache used" was a bit high, e.g. 1200 - 1500 K for 500-600 entries, and kept growing over time.

Once it reached 2048K (the default limit) - the router started flushing the cache, but this did not reset "cache used". Because of this, the router started flushing the cache every few seconds few seconds, again and again.

Flushing the cache manually (in web ui or Android app) is the same - "cache used" does not reset.

This effectively disabled DNS caching.

PS - ticket SUP-20427 - with supout.rif attached.
Last edited by kmansoft on Mon Jun 29, 2020 10:24 pm, edited 1 time in total.
 
User avatar
kmansoft
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Tue Jan 22, 2019 5:00 pm

Re: v6.47 [stable] is released!

Mon Jun 29, 2020 10:22 pm

For those having issues flushing the dns cache, from my experience, this is due to a winbox bug IMO.

[ ... ]

If I run a /ip dns cache flush, it works.
Not for me (hAP AC^2, 6.47). Same as flushing the cache in web UI or Android app - the cache does get cleared, but the "Cache Used" value is not reset.

Consequently, the router keeps flushing the cache over and over again, making the cache useless.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6660
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Tue Jun 30, 2020 1:29 pm

GRE is still handled incorrectly in connection tracking. No GRE "connection" ever appears in the firewall->connections tab.
An explicit match with protcol GRE is required before any drop rule for state "invalid".
 
owsugde
newbie
Posts: 25
Joined: Thu Oct 06, 2016 5:01 pm

Re: v6.47 [stable] is released!

Tue Jun 30, 2020 5:25 pm

LOST ALL BRIDGES AND PORTS

on update from 6.46.6 to 6.47. It's a CCR1009-7G-1C-1S+ (Tile 9 Core).

Luckily I have another Internet uplink in that network, so I can reconfigure remotely. Will revert to 6.46.6 to check if settings are still there.

Edit: In addition to bridges and bridge ports, Capsman settings (including manager) was gone as well. However:

Reverting and then doing another reboot brings everything back.

So, if you want to upgrade, do a full config export before and only do it if you have time for reconfig and another remote access.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6660
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Wed Jul 01, 2020 12:13 pm

Why is the router connecting every hour to upgrade.mikrotik.com and fetching the LATEST.6 file?
No reply to this one, anyone else experiencing this? Why would the router (with all settings disabled in /ip cloud) regularly connect to the upgrade server?
Is there an auto-update mechanism? Or some desire to keep a statistic of versions in use over the world?

Try this:
/ip firewall address-list
add address=upgrade.mikrotik.com list=upgrade

/ip firewall filter
add action=accept chain=output comment="Upgrade server" dst-address-list=\
    upgrade dst-port=80 log=yes log-prefix=upgrade protocol=tcp
To see if you are affected as well...
(it will log attempts by the router to connect the upgrade server. you can add it to the forward chain as well when you have internal MikroTik devices)
 
faxxe
just joined
Posts: 22
Joined: Wed Dec 12, 2018 1:46 pm

Re: v6.47 [stable] is released!

Wed Jul 01, 2020 5:13 pm

So, if you want to upgrade, do a full config export before and only do it if you have time for reconfig and another remote access.
Did the update to 6.47 on the same router 28 days ago and had no problem.
My CCR1009-7G-1C-1S+ is still up without any fault (current uptime 28d 23:34:00)

-faxxe
 
pe1chl
Forum Guru
Forum Guru
Posts: 6660
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Wed Jul 01, 2020 6:01 pm

I did not have any issue updating two very differently configured CCR1009 either! It must be something particular to his config. I use many bridges as well.
Remember on the CCR1009 you can always use partitions to be able to go back to previous config. Many users do not know about it, it seems.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6660
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Wed Jul 01, 2020 10:05 pm

The port numbers returned in SNMP OID .1.3.6.1.2.1.17.4.3.1.2 are not correct anymore.
When doing an snmpwalk of that OID you should get a number of values for each MAC address in the bridge/switch table and each value should be an INTEGER with the interface number.
This used to work OK, but now the number returned is garbage.
 
sindy
Forum Guru
Forum Guru
Posts: 5343
Joined: Mon Dec 04, 2017 9:19 pm

Re: v6.47 [stable] is released!

Wed Jul 01, 2020 10:34 pm

@erchegov and company, I was curious about your L2TP/IPsec issue here, so I've configured a network of four CHRs the following way:
  • CHR-47 is a L2TP/IPsec server running ROS 6.47, with several WAN IPs in the same subnet
  • CHR-3 is a "client router" whose WAN is connected to CHR-47's WAN and does a src-nat for out-interface-list=WAN
  • CHR-1 and CHR-2 run and L2TP/IPsec client interface each, connecting each to another WAN IP of the CHR-47's, connected as LAN hosts of the CHR-3
I believe this is a copy of your configuration - two clients connecting from behind the same "public" IP to the same server, but each to another public IP of the server.

CHR-1, CHR-2, CHR-3 all run 6.45.9.

The result is no fault found. Both clients connect, get their IP addresses, and are pingable through the tunnels. Both the IPsec security associations carrying the L2TP sessions have the same dst-address (the WAN IP of CHR-3), but they are distinguishable from one another by the server side IP addresses. Can someone of the affected gentlemen spawn a dedicated topic for this issue, post the export of their working server-side configuration there, and post a link to that new topic here in order to offload the current topic from this rather specialized discussion?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 602
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.47 [stable] is released!

Thu Jul 02, 2020 10:46 am

@sindy they are having issues with plain L2TP without IPsec encryption. I can confirm there is an issue but I am still struggling to reproduce the issue in a controlled environment even with all the debug information and configurations provided to me.
 
kermu
just joined
Posts: 6
Joined: Fri Nov 26, 2010 11:59 pm

Re: v6.47 [stable] is released!

Sat Jul 04, 2020 5:20 pm

/tool profile cpu=all
show 100% cpu usage on all cores in x86 vm on proxmox 5.4-3
Upgrade was done at 16:00.
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: No registered users and 12 guests