Page 1 of 1

v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 11:48 am
by emils
RouterOS version 6.48.3 has been released in public "stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.48.3 (2021-May-25 06:09):

MAJOR CHANGES IN v6.48.3:
----------------------
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
----------------------


*) branding - added option to upload custom files (newly generated branding package required);
*) console - do not clear environment values if any global variable is set;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ipsec - fixed SA address parameter exporting;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) package - added new "iot" package with Bluetooth (KNOT only) and MQTT publisher support;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) ssh - return proper error code from executed command;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) winbox - fixed health reporting on RB960, hEX and hEX S devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improved iOS compatibility with HotSpot 2.0 networks;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 12:13 pm
by normis

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 12:19 pm
by eworm
Looks like advanced-tools package for arm is broken...

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 12:25 pm
by xvo
Are you planning to add the ability to subscribe and not only publish?

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 12:38 pm
by prislonsky
*) winbox - show "System/Health" only on boards that have health monitoring;

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 1:21 pm
by Hominidae
very nice!...are there any plans for enabling a MQTT action type for logging events?

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 1:24 pm
by RafGan
Looks like advanced-tools package for arm is broken...
same here
installation of advanced-tools-6.48.3 failed: broken package

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 1:29 pm
by eddieb
Upgrading all my devices from 6.48.2 to 6.48.3 went smooth, no problems.

Running 6.48.3 (stable) on :
CCR1009-8G-1S (2x ipsec/l2tp site-to-site, ipsec/l2tp roadwarrior, dhcpd, dns), CRS125-24G-1S, RB1100, RB962UiGS-5HacT2HnT (10pc), RB931-2nD, RB951, RB750GL ,RB2011UAS-RM, PWR-LINE-AP, RBwAPGR-5HacD2HnD, RB750Gr3 running dude

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 1:36 pm
by rumahnetmks
Upgrading 6.48.3 :

Hap AC3 = work fine
RB4011iGS+5HacQ2HnD-IN = installation of advanced-tools-6.48.3 failed: broken package

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 2:08 pm
by carl0s
upgraded my mAP2n, hAP lite, hEX 750gr3, capAC, and mANTBox 2 12s (RB911G) no problem. Nice to see some wifi attention :)

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 2:19 pm
by Smoerrebroed
RB4011iGS+5HacQ2HnD-IN = installation of advanced-tools-6.48.3 failed: broken package
I cannot confirm. Looks pretty good on my end.

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 2:30 pm
by osc86
confirmed, advanced-tools from extras package for arm is broken.
It is not recognized as a valid npk.
2021-05-26 13_27_16-admin@172.17.198.150 (MT-ZOO-MASTER) - WinBox (64bit) v6.47.9 on Cube 60G ac (ar.png

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 2:38 pm
by pendie
broken package

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 2:48 pm
by OstJoker
Hap AC2:
installation of advanced-tools-6.48.3 failed: broken package

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 2:54 pm
by emils
Advanced-tools package for ARM should be fixed now. Please try upgrading again.

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 2:58 pm
by eworm
Advanced-tools package for ARM should be fixed now. Please try upgrading again.
Looks a lot better now. Thanks!

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 3:01 pm
by eworm
Oh, please fix all_packages-arm-6.48.3.zip with the new file. Thanks!

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 3:03 pm
by Kindis
Also also please please please update the blog you have with new details about Security
or
Shut it down as you clearly are not using it they way you presented it.

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 3:06 pm
by normis
Kindis, what is missing from the blog? All serious security issues are in there.
We will add Frag, but in my opinion, it is not serious at all.

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 3:09 pm
by emils
Oh, please fix all_packages-arm-6.48.3.zip with the new file. Thanks!
Should be fixed by now as well.

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 3:10 pm
by rextended
Kindis, what is missing from the blog? All serious security issues are in there.
We will add Frag, but in my opinion, it is not serious at all.
It's like discovering that your front door can be opened in a few minutes with the right lockpick,
or it's like putting a security door in the main entrance and leaving a "simple" glass door in the back ...

Is NOT MikroTik problem...

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 3:13 pm
by jimmer
RB4011iGS+5HacQ2HnD-IN = installation of advanced-tools-6.48.3 failed: broken package
I cannot confirm. Looks pretty good on my end.
I have also confirmed doing an upgrade on both my hAPac2's from 6.47.9 to 6.48.3 that advanced tools in the standard package is installed ok on both units and the same advanced tools on 6.48.3 on my RB3011-UiAS-RM is installed ok, no errors.

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 3:47 pm
by colinardo
Upgrade with RB4011iGS+RM, RB951G-2HnD and RBwAPG-5HacD2HnD (wAP AC) from 6.47.8 to 6.48.3 went without issues so far. Thanks for the update.

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 4:00 pm
by Kindis
Kindis, what is missing from the blog? All serious security issues are in there.
We will add Frag, but in my opinion, it is not serious at all.
Well it is up to you but I follow many vendors and I do not really care if the risk is low to high but I would like an update to see if a security update has been deployed.
I do not care if it was caused by 3rd party library or your own code.
I thought the idea behind the blog was to create a easy channel to follow when you release something that fixes a security issue, regardless of type.
Frag is as you correctly state not that serious but you also fix implementation issues that shows more potential but as stated before I do not care. All I want is a easy channel where security fixes are announced regardless of type or origin within your product.
For example a quick post about Frag and upcoming patches would have been great and frankly caused less worry or confusion that happens here on the forum.

So what do I want. Well I want what all other vendors provide me with, a channel where I can update myself on security related fixes or issues.
If that is not what the blog is for please update me with what your intent is with it? Only announce some stuff?

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 4:04 pm
by Kindis
Kindis, what is missing from the blog? All serious security issues are in there.
We will add Frag, but in my opinion, it is not serious at all.
It's like discovering that your front door can be opened in a few minutes with the right lockpick,
or it's like putting a security door in the main entrance and leaving a "simple" glass door in the back ...

Is NOT MikroTik problem...
So here is the thing. I do not care where the problem comes from I care when it affects me. In this case the vulnerabilities are both design errors but also implementation with is on MT not design.
And MT releases patches for it and I think the blog should reflex this.
I'm I saying that this is a big issue? Not at all but without transparency and information I cannot make any type of risk analysis.
Every, and I mean every, other vendor I work with provide this info, a clean channel for security updates, to make my job easier.
Why are you so afraid of information and openness of this issue? Do you think talking about it makes it worse?

And last! If this was not a MT issue why do they need to release patches?

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 4:18 pm
by rextended
I'm not good at explaining, English is not my mother language.

What I wanted to explain is that these so-called vulnerabilities are nonsense in comparison to other past and actual problems.
(Non-RouterOS related)

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 4:51 pm
by Kindis
I'm not good at explaining, English is not my mother language.

What I wanted to explain is that these so-called vulnerabilities are nonsense in comparison to other past and actual problems.
(Non-RouterOS related)
Here we are in full agreement. The issues are not that bad at all, especially the design issues. Have not heard how exploits of implementations issue are progressing but those are more serious but still low in risk.
I just what the blog about security update when something regarding security happens :-)

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 5:01 pm
by rumahnetmks
Advanced-tools package for ARM should be fixed now. Please try upgrading again.
Ok works now. Thx.

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 5:47 pm
by mikrotik1220
RB912 r3 w LTE

Upgrade from default 6.45.9 to 6.48.3, change SIM slot: LTE gone.

Reset to default config -> change SIM slot: gone LTE

Dwongrade to 6.48.2: fine again!

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 8:03 pm
by Guscht
Updated our production CCR1072s and CCR1036s
Further my private homelab with: RB2011, mAP lite, hexS, CRS326, hAP mini

No problems so far!

Re: v6.48.3 [stable] is released!

Posted: Wed May 26, 2021 10:57 pm
by OndrejHolas
Upgraded from 6.48.2 to 6.48.3 on all boxes with wireless interfaces, both ROS and then firmware.

After firmware upgrade and successfull reboot, the first hAP ac lite (RB952Ui-5ac2nD) suddenly froze (during /export) and rebooted by watchdog:

21:32:53 system,error,critical router was rebooted without proper shutdown by watchdog timer

It never did this before. Will check the logs for a few days and open a support case if it appears again.

The second RB952 went smoothly, as well as cAP ac and Audience.

Re: v6.48.3 [stable] is released!

Posted: Thu May 27, 2021 2:40 am
by sterod
Anyone else experiencing constant L2TP VPN disconnections with this new version?

Re: v6.48.3 [stable] is released!

Posted: Thu May 27, 2021 9:39 am
by mikrotik1220
RB912 r3 w LTE

Upgrade from default 6.45.9 to 6.48.3, change SIM slot: LTE gone.

Reset to default config -> change SIM slot: gone LTE

Dwongrade to 6.48.2: fine again!
SEEMS HAVING BEEN A DOA RB912!
Having used an other, all worked fine.

Sorry 4 the troubles, and greetings from windy Vienna,

roland

Re: v6.48.3 [stable] is released!

Posted: Thu May 27, 2021 9:41 am
by normis
Kindis, blog will be updated when all versions with fixes are released, Long-Term is still not out. We usually put things in the blog, when they can affect RouterOS users, not when there is some generic thing that does not affect RouterOS.

Re: v6.48.3 [stable] is released!

Posted: Thu May 27, 2021 9:54 am
by shed909
This totally bricked my cAP AC. Not even Netinstall can save it!

Re: v6.48.3 [stable] is released!

Posted: Thu May 27, 2021 1:01 pm
by meensb
This totally bricked my cAP AC. Not even Netinstall can save it!
My CAP AC got bricked as well. Situation: CRS328-24P-4S+ with a few CAPs connected and one CAP ac. Upgraded and reboot the CRS328 to 48.3 --> OK. After reboot CAPs came alive, however CAP ac kept missing. What I see in the CR328 log: CAP ac eth port interface goes up, connect 1GBps, and after exactly 40 seconds interface down, and it starts over again and again. On the CAP ac , power on led and user led are on, eth1 blinking, no wifi activity at all (LEDs are off, no wireless network advertised). Tried to reset the CAP ac, first in CAPSMAN mode (power off, power on and immediately push reset for 10 sec (hold while blinking, release when solid green led), and because nothing changed also to default settings (immediately after power on hold reset button, release when blinking). Nothing happens! The CAP ac keeps showing same behaviour, no wireless activity at all. Please advice on next steps.
Best regards, Bernard

Re: v6.48.3 [stable] is released!

Posted: Thu May 27, 2021 1:30 pm
by emils
What version were you running before? Do you have your configuration backup by any chance? Can you describe the configuration? You will have to try to reinstall the device using Netinstall utility to bring it back. Try installing an older version instead of 6.48.3.

Re: v6.48.3 [stable] is released!

Posted: Thu May 27, 2021 1:50 pm
by meensb
What version were you running before? Do you have your configuration backup by any chance? Can you describe the configuration? You will have to try to reinstall the device using Netinstall utility to bring it back. Try installing an older version instead of 6.48.3.
It was running on 6.48 (february release), just like the switch . The CAP ac was running in CAPSMAN mode, so I don't have a config for the CAP ac. It is directly connected to the switch. I'm gonna try netinstall

Re: v6.48.3 [stable] is released!

Posted: Thu May 27, 2021 2:02 pm
by Guntis
meensb could you please check your CAPsMAN logs if cAP ac joined it after the upgrade to 6.48.3?
If anyone else has experienced an issue with cAP ac not booting after the update to 6.48.3 please write to support.
https://mikrotik.com/support

Re: v6.48.3 [stable] is released!

Posted: Thu May 27, 2021 2:05 pm
by eworm
meensb could you please check your CAPsMAN logs if cAP ac joined it after the upgrade to 6.48.3?
If anyone else has experienced an issue with cAP ac not booting after the update to 6.48.3 please write to support.
https://mikrotik.com/support
You are referencing RBcAPGi-5acD2nD here? I am running tree of these (with different age) and all did upgrade to 6.48.3 without issues.

Re: v6.48.3 [stable] is released!

Posted: Thu May 27, 2021 2:42 pm
by Kindis
meensb could you please check your CAPsMAN logs if cAP ac joined it after the upgrade to 6.48.3?
If anyone else has experienced an issue with cAP ac not booting after the update to 6.48.3 please write to support.
https://mikrotik.com/support
You are referencing RBcAPGi-5acD2nD here? I am running tree of these (with different age) and all did upgrade to 6.48.3 without issues.
Same here. I have 4 of these and they all upgraded without issues and 2 of them where upgraded when this was released and they all are stable so far.
Should add that all devices are also restarted for firmware update as well.

EDIT: Should mention that during upgrade they where not in CAPS mode. Before upgrade I remove the CAPS config to assure that no clients use them during all reboots or if they have issues so I have not updated a cAP AC with running CAPS mode on!

Re: v6.48.3 [stable] is released!

Posted: Thu May 27, 2021 2:56 pm
by meensb
What version were you running before? Do you have your configuration backup by any chance? Can you describe the configuration? You will have to try to reinstall the device using Netinstall utility to bring it back. Try installing an older version instead of 6.48.3.
It was running on 6.48 (february release), just like the switch . The CAP ac was running in CAPSMAN mode, so I don't have a config for the CAP ac. It is directly connected to the switch. I'm gonna try netinstall
After a few tries I was able to flash routeros-arm-6.48.3 onto the cap ac using netinstall. It now works as expected! Thanks!

Re: v6.48.3 [stable] is released!

Posted: Thu May 27, 2021 3:00 pm
by biomesh
My 6 cap ac devices updated without issue. Most are capsman managed. There is a mix of Poe injectors and Poe powered by rb260gsp.

Re: v6.48.3 [stable] is released!

Posted: Thu May 27, 2021 3:02 pm
by osc86
I also updated an RBcAPGi-5acD2nD r2 from 6.48(.0) to 6.48.3 without issues. It is also running in CapsMan Mode.

Re: v6.48.3 [stable] is released!

Posted: Thu May 27, 2021 3:13 pm
by meensb
meensb could you please check your CAPsMAN logs if cAP ac joined it after the upgrade to 6.48.3?
If anyone else has experienced an issue with cAP ac not booting after the update to 6.48.3 please write to support.
https://mikrotik.com/support
I don't have the log available anymore as I rebooted the cr s328 switch several times but I'm sure it was missing in the logs. Unlike the CAPs , the CAP AC didn't generate a [xxxxx] joined, provides radio(s):[yyyyyyy] statement in the log.
As mentioned, I was able to get the cap ac back to life using netinstall.

Best regards,

bernard

IKEv2 "bug" remains for me ... (since v6.48)

Posted: Thu May 27, 2021 7:30 pm
by pribeiro
Thank you for the updates/fixes.

Since v6.48 all the releases seem to have some incompatibility/bug in IKEv2 with Windows10 that causes all connections to fail after about 7h40 after establishing.
Yesterday updated to v6.48.3 to see if the problem remained and unfortunately, YES! (going back to v6.47.9 again)

Happening with two different users each in his own location/home network/PC.

On access/authentication EAP/RADIUS the server returns "Session-Timeout = 36000" that should grant 10h of session ...

Reverting to v6.47.9 the problem is solved.

Running ROS/CHR

I have detailed IPSEC debug covering all the connection time that I can privately share if needed.

regards.

Re: v6.48.3 [stable] is released!

Posted: Fri May 28, 2021 1:21 am
by osc86
I have a CubeG-5ac60ad, since the upgrade to 6.48.2 (which bricked the firmware or config, so I had to netinstall it), it randomly reboots every few hours, sometimes after 48h+.
I don't think it's a hardware fault, it's running fine using Long-Term and 6.48.1. In the logs I sometimes see rebooted by watchdog timer, and sometimes there's just nothing that would explain the reboot. I also looked at the connected switch if there's something wrong with the poe, but nothing, only port up/down messages.
I sent this report to support, providing supout files and config exports, but I only got the standard reply, netinstall again...etc.. - nothing that really helps, or that I already tried.
IMO there's something wrong with the last two stable releases, at least on this type of device. I've disabled the watchdog timer for now, maybe there will be some more verbose output in the logs.
What's also interesting is this kernel failure message when you upgrade RouterBoot.
Is there anyone in here also using this device and can confirm that 6.48.2/3 doesn't cause issues like this?
CleanShot 2021-05-28 at 00.05.14.png

Re: v6.48.3 [stable] is released!

Posted: Fri May 28, 2021 2:26 am
by nichky
From where can i see this?

*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) branding - added option to upload custom files (newly generated branding package required);

Re: v6.48.3 [stable] is released!

Posted: Fri May 28, 2021 7:54 am
by czolo
...these so-called vulnerabilities are nonsense in comparison to other past and actual problems.
(Non-RouterOS related)
The issues are not that bad at all, especially the design issues. Have not heard how exploits of implementations issue are progressing ...
Fine, but I'm wondering...
What will happened if your network will be poisend with an ARP? If you are using STP, what will happened with some additional election frames that will come from a wireless to the LAN? What about some magic packets, when someone will try to use WoL? Generalny I'm thinking about all the L2 simple attacks.

Re: v6.48.3 [stable] is released!

Posted: Fri May 28, 2021 1:12 pm
by rioven
minor problem ipv6 nd reachable time (this also happen in previous version)

Re: v6.48.3 [stable] is released!

Posted: Fri May 28, 2021 1:16 pm
by mkx
minor problem ipv6 nd reachable time (this also happen in previous version)

Seems to me that it's (esthetic) problem of winbox ... on my 6.47.9 default setting is "unspecified" and if I try to set it to "30ms", I get
[admin@router] /ipv6 nd> set 0 reachable-time=30ms 
Warning: value of value was rounded down to 0s

You can try to set it via command line and see if you can actually set it to milliseconds and if yes, what does winbox then display.

Re: v6.48.3 [stable] is released!

Posted: Fri May 28, 2021 2:30 pm
by rioven
minor problem ipv6 nd reachable time (this also happen in previous version)

Seems to me that it's (esthetic) problem of winbox ... on my 6.47.9 default setting is "unspecified" and if I try to set it to "30ms", I get
[admin@router] /ipv6 nd> set 0 reachable-time=30ms 
Warning: value of value was rounded down to 0s

You can try to set it via command line and see if you can actually set it to milliseconds and if yes, what does winbox then display.
Yup can confirm its cosmetics error at winbox and web interface

Re: v6.48.3 [stable] is released!

Posted: Sat May 29, 2021 2:37 am
by comet48
I'm not good at explaining, English is not my mother language.
(Non-RouterOS related)
You must work in the documentation department:)

Re: v6.48.3 [stable] is released!

Posted: Sat May 29, 2021 12:06 pm
by pe1chl
I am not able to login to webfig on Firefox. Anyone else with the same problem?
Works fine here!

Re: v6.48.3 [stable] is released!

Posted: Sat May 29, 2021 12:09 pm
by pe1chl
minor problem ipv6 nd reachable time (this also happen in previous version)

Seems to me that it's (esthetic) problem of winbox ... on my 6.47.9 default setting is "unspecified" and if I try to set it to "30ms", I get
[admin@router] /ipv6 nd> set 0 reachable-time=30ms 
Warning: value of value was rounded down to 0s

You can try to set it via command line and see if you can actually set it to milliseconds and if yes, what does winbox then display.
30ms for RA lifetime?????? That does not seem sane.
Note that the normal value is 30m that does not mean 30ms but 30 minutes.
Now you can set a lower value e.g. when you expect regular prefix changes and want the changeover to be a little more smooth (lacking correct support to withdraw an announcement in RouterOS).
So maybe you want to set it to 30 or 60 seconds.
But 30ms really seems to be over the top for this value.

Re: v6.48.3 [stable] is released!

Posted: Sat May 29, 2021 5:44 pm
by mkx
But 30ms really seems to be over the top for this value.

Screenshot in post #51 above shows winbox UI displaying "ms" as unit for that field. Nobody said we really wanted to have such a short setting, it was just part of debugging process ... CLI error mesage implies that setting resolution is much worse (could be it's seconds). Which is still high precision.

Re: v6.48.3 [stable] is released!

Posted: Sat May 29, 2021 5:46 pm
by kehrlein
Updated several devices without any issues:
750GL, RB760iGS (HeX S), CRS326-24G-2S+, CRS112-8P-4S, CCR2004-1G-12S+2XS, CCR1009-7G-1C-1S+

Re: v6.48.3 [stable] is released!

Posted: Sat May 29, 2021 8:39 pm
by pe1chl
Screenshot in post #51 above shows winbox UI displaying "ms" as unit for that field.
I confused reachable time and lifetime... still, a unit of seconds seems to be reasonable for this time.
When it is set to its default (unspecified), the winbox UI displays s (seconds) as the unit. Apparently that is adjusted when a ms value is entered from commandline.

Re: v6.48.3 [stable] is released!

Posted: Sun May 30, 2021 1:15 pm
by dadoremix
update from 6.45.9 to 6.48.3 HEX r3 dude ..
dude is not working any more .. working 5-10 min .. then lost connection to devices what is watching dude
WTF mikrotik ? when lost connection to devices, i also cant login with winbox to hex r3
only telnet and .. reboot, or disable dude, then hex r3 become stable and i can login with winbox


right now i try to format and setup again dude..

Re: v6.48.3 [stable] is released!

Posted: Sun May 30, 2021 1:38 pm
by jimmer
Not so much a stability issue per se, but I have had issues with CAPsMAN and hAPac2's maintaining stable connections with drop outs happening every ~10 to 15mins, this has been a problem for the last few releases.

Winding RouterOS back to 6.46.8 (the last version I had that was known good) has associations lasting days instead of minutes at a time. ive tried 7.1beta4, 5 and 6 ive tried the last 4 versions of the stable tree 6.47.6 was the last known good without association issues.

Have others had the problem? I have two hAPac2 units configured with CAPsMAN and found the problem on both, resolving it with 6.46.8 on the hAPac2's, the main CAPsMAN / gateway software version doesnt seem to affect it, currently running 6.48.3 on (originally a an RB750Gr3 now a RB3011-UiAS-RM) even running 7.1beta6 with the hAPac2's on 6.46.8 ran perfectly stable for the CAPs.

Anyone else seen similar issues?

Re: v6.48.3 [stable] is released!

Posted: Sun May 30, 2021 3:08 pm
by biomesh
Not so much a stability issue per se, but I have had issues with CAPsMAN and hAPac2's maintaining stable connections with drop outs happening every ~10 to 15mins, this has been a problem for the last few releases.

Anyone else seen similar issues?
I have not - I would suggest creating a new thread and posting your cap and capsman configs along with a brief network layout so this can be looked at by others.

Re: v6.48.3 [stable] is released!

Posted: Mon May 31, 2021 12:54 pm
by jimmer
Not so much a stability issue per se, but I have had issues with CAPsMAN and hAPac2's maintaining stable connections with drop outs happening every ~10 to 15mins, this has been a problem for the last few releases.

Anyone else seen similar issues?
I have not - I would suggest creating a new thread and posting your cap and capsman configs along with a brief network layout so this can be looked at by others.
As soon as I get a chance to i'll pull configs from the hAPac2's (theyre essentially the same bar hostname and IP address) and post my CAPsMAN config. At the moment everythings working fine with the 6.46.8 on the hAPac2's. I might pull supout's from them running both the current stable and the older long term release and see if thats of any help to the Mikrotik community.

Cheers,
Jim.

Re: v6.48.3 [stable] is released!

Posted: Thu Jun 03, 2021 1:21 pm
by pribeiro
I am not able to login to webfig on Firefox. Anyone else with the same problem?
Yes, for some reason FFox becomes picky with some specific devices and doesn't log in anymore. With Chrome or FFox "Private Window" no problems.
I can login with FFox in other same model devices.
The problem isn't specific to v6.48, I've had it since some releases ago (I checked it now on a CHR v6.47.9).
I suspect some CSS/JS caching issue. I've made some cache cleanup (FFox "forget about this site") but the problem remains.

The error I get is "ERROR: Not Found", below the password form.

The "ERROR: Not Found" seems to be have origin in a request of "/webfig/roteros-0e458d7a16f7.jg" don't know what it does ... (doesn't seem to be the root cause of the problem, only a consequence)

Re: v6.48.3 [stable] is released!

Posted: Thu Jun 03, 2021 6:44 pm
by mx5gr
Hello to all,

I had posted this viewtopic.php?f=21&t=174403#p858443 regarding excessive resource consumption using firmware 6.48.2 and the ARM architecture (specifically cAP AC when using CAPSMAN).

Unfortunately, the same behavior is still observed with 6.48.3.. as a result, I get the following messages regularly:

system,error,critical router was rebooted without proper shutdown, probably kernel failure
system,error,critical kernel failure in previous boot
system,error,critical out of memory condition was detected
system,error,critical router was rebooted without proper shutdown, probably kernel failure
system,error,critical kernel failure in previous boot
system,error,critical out of memory condition was detected

A brief except of the configuration follows:
# jun/03/2021 18:28:53 by RouterOS 6.48.3
#
# model = RBcAPGi-5acD2nD
/interface ethernet switch port
set 0 default-vlan-id=1 vlan-mode=secure
set 2 default-vlan-id=0 vlan-mode=secure
/interface list
add name=local-eth-secure
/interface wireless
# managed by CAPsMAN
# channel: 2452/20/gn(15dBm), SSID: test, local forwarding
set [ find default-name=wlan1 ] ampdu-priorities=0,1,2,3,4,5,6,7 \
    antenna-gain=5 band=2ghz-onlyn bridge-mode=disabled country=greece \
    disabled=no frequency=2452 mode=ap-bridge radio-name=test-ap-1 \
    rate-set=configured scan-list=2412-2484 security-profile=test-iot \
    ssid=test-iot station-roaming=enabled supported-rates-a/g=\
    6Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=1Mbps vlan-id=15 vlan-mode=\
    use-tag wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
# managed by CAPsMAN
# SSID: test-guest, local forwarding
add disabled=no mac-address=XX:XX:XX:XX:XX:XX master-interface=wlan1 name=\
    wlan2 security-profile=test-guest ssid=test-guest vlan-id=14 \
    vlan-mode=use-tag wps-mode=disabled
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac/P(23dBm), SSID: test5, local forwarding
set [ find default-name=wlan2 ] ampdu-priorities=0,1,2,3,4,5,6,7 \
    antenna-gain=0 band=5ghz-n/ac bridge-mode=disabled channel-width=\
    20/40/80mhz-Ceee country=no_country_set disabled=no installation=indoor \
    mode=ap-bridge name=wlan2-5 radio-name=test-ap-1 scan-list=5200-5900 \
    security-profile=test ssid=test5 station-roaming=enabled \
    tx-power-mode=all-rates-fixed vlan-mode=use-tag wireless-protocol=802.11 \
    wmm-support=enabled wps-mode=disabled
# managed by CAPsMAN
# SSID: test-iot, local forwarding
add default-forwarding=no disabled=no mac-address=XX:XX:XX:XX:XX:XX \
    master-interface=wlan1 name=wlan3 security-profile=test-iot ssid=\
    test-iot vlan-id=15 vlan-mode=use-tag wps-mode=disabled
add mac-address=XX:XX:XX:XX:XX:XX master-interface=wlan1 name=wlan4 \
    security-profile=test-iot ssid=test-iot1 vlan-id=15 vlan-mode=\
    use-tag wps-mode=disabled
add mac-address=XX:XX:XX:XX:XX:XX master-interface=wlan1 name=wlan5 \
    security-profile=test-iot ssid=test-iot1 vlan-id=15 wps-mode=\
    disabled
/interface wireless nstreme
# managed by CAPsMAN
# channel: 2452/20/gn(15dBm), SSID: test, local forwarding
set wlan1 enable-polling=no
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac/P(23dBm), SSID: test5, local forwarding
set wlan2-5 enable-polling=no
/interface ethernet switch vlan
add independent-learning=no ports=ether1,switch1-cpu switch=switch1 vlan-id=1
add independent-learning=no ports=ether1,switch1-cpu switch=switch1 vlan-id=\
    14
add independent-learning=no ports=ether1,switch1-cpu switch=switch1 vlan-id=\
    15
add independent-learning=no ports=ether1,switch1-cpu switch=switch1
/interface list member
add interface=ether2 list=local-eth-secure
add interface=vlan1 list=local-eth-secure
/interface wireless cap
# 
set caps-man-addresses=192.168.0.1 certificate=request enabled=yes \
    interfaces=wlan1,wlan2-5 lock-to-caps-man=yes static-virtual=yes
/ip address
add address=192.168.0.6/24 interface=vlan1 network=192.168.0.0
/ip dns
set servers=192.168.0.1
/ip firewall address-list
add address=192.168.0.0/24 list=test
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
    established,related
add action=accept chain=forward connection-state=established,related
/ip firewall mangle
add action=set-priority chain=postrouting comment="Set priority for WMM" \
    new-priority=from-dscp-high-3-bits passthrough=yes
/ip route
add distance=1 gateway=192.168.0.1
add disabled=yes distance=1 dst-address=192.168.49.0/32 gateway=vlan14
add disabled=yes distance=1 dst-address=192.168.50.0/24 gateway=vlan15
I just opened a ticket with Mikrotik support... anyone with the same issue?

Re: v6.48.3 [stable] is released!

Posted: Thu Jun 03, 2021 7:02 pm
by pe1chl
I am not able to login to webfig on Firefox. Anyone else with the same problem?
Yes, for some reason FFox becomes picky with some specific devices and doesn't log in anymore. With Chrome or FFox "Private Window" no problems.
I can login with FFox in other same model devices.
The problem isn't specific to v6.48, I've had it since some releases ago (I checked it now on a CHR v6.47.9).
I suspect some CSS/JS caching issue. I've made some cache cleanup (FFox "forget about this site") but the problem remains.
It could also be caused by the recent changes to Firefox "to prevent unwanted tracking" etc. I have also seen discussions about people no longer being able to use their bank website recently, and it may well be that some websites are misdetected and stuff is blocked that really should not be.
Try what happens on another computer, preferably with an older Firefox version (e.g. ESR version).
When that fixes it, consider reporting the bug to Firefox maintainers.

Re: v6.48.3 [stable] is released!

Posted: Thu Jun 03, 2021 10:41 pm
by Paternot
It could also be caused by the recent changes to Firefox "to prevent unwanted tracking" etc. I have also seen discussions about people no longer being able to use their bank website recently, and it may well be that some websites are misdetected and stuff is blocked that really should not be.
Try what happens on another computer, preferably with an older Firefox version (e.g. ESR version).
When that fixes it, consider reporting the bug to Firefox maintainers.
I'm using Firefox 78.10.0esr (with AdBlock), and didn't see any problems. You may well be right about it.

Re: v6.48.3 [stable] is released!

Posted: Mon Jun 07, 2021 4:02 pm
by jaxx
Hi all !

Being an MQTT enthusiast, I naturally jumped on the wagon to give the 'iot' package a try.
This opens up a can of possibilities and I love it.

I might have been hitting a bug:
I have an LTE6 that will end up being used to live stream video in a moving vehicle.
Since it has an embedded GPS, i switched my 5 second schedule that pushed GPS data over HTTP to a 2 second interval script pushing to an MQTT topic.
Works nice.

But, once in a while, it hit an inifinite loop of "peer disconnected/couldn't write packet"
jaxx_10_33_64_1__jLtAP-LTE6__-_WinBox__64bit__v6_48_3_on_LtAP_LTE6_kit__mmips_.png
And this seemed to occupy a full cpu core to manage (and usually goes with losing the winbox session quite easily as well)
Profiling shows managment and unclassified going haywire
management                2        29.5%
unclassified              2        65.5%
I didn't see any connection attempts (target is a routeros VM with a dnat to a mosquitto server)
If I disabled/re-enabled the schedule for a handful of seconds, it all got back to a settled state and I get the messages flowing in as expected.
(both supout's are available on my account if needed)

The (mildly obfuscated) configuration is as follows:
/iot mqtt brokers
add address=91.109.xx.yy client-id=jLtAP-LTE6 name=xxy.yzz.org password=XXyyZZxx username=rosXXyZ

And, as it might interest someone, the ugly scheduled script:
(kudos to somewhere else on the forum for the gps bits)
:global trackerisrunning
:global trackerfailcount

:if ([:typeof $trackerisrunning]="nothing") do={
  :set trackerisrunning false
}
:if ([:typeof $trackerfailcount]="nothing") do={
  :set trackerfailcount 0
}

# might not be running after all \o/
:if ($trackerfailcount>10) do={
  :log info "tracker failed too much to be honest with me, restarting it"
  :set trackerisrunning false
}

if ($trackerisrunning = false) do={
 :set $trackerisrunning true
 :global gpsts
 :global gpslat
 :global gpslon
 :global gpsalt
 :global gpsspd
 :global gpsbdst
 :global gpsbtru
 :global gpsbmag
 :global gpsval
 :global gpssats
 :global gpsqual
 :global gpshdop
 /system gps monitor once do={
  :set $gpsts   $("date-and-time")
  :set $gpslat  $("latitude")
  :set $gpslon  $("longitude")
  :set $gpsalt  [:pick $("altitude") 0 [:find $("altitude") "m"]]
  :set $gpsspd  [:pick $("speed") 0 [:find $("speed") " "]]
  :set $gpsbdst [:pick $("destination-bearing") 0 [:find $("destination-bearing") " "]]
  :set $gpsbtru [:pick $("true-bearing") 0 [:find $("true-bearing") " "]]
  :set $gpsbmag [:pick $("magnetic-bearing") 0 [:find $("magnetic-bearing") " "]]
  :set $gpsval  $("valid")
  :set $gpssats $("satellites")
  :set $gpsqual $("fix-quality")
  :set $gpshdop $("horizontal-dilution")
 }
 :if ($gpsval = true) do={
  :global gpsmqttdata
  :set gpsmqttdata ("{\"ts\":\"" . $gpsts . " GMT\", \"lat\":" . $gpslat . ", \"lon\":" . $gpslon . ", \"alt\":" . $gpsalt . ", \"spd\":" . $gpsspd . ", \"bdst\":\"" . $gpsbdst . "\", \"btru\":\"" . $gpsbtru . "\", \"bmag\":" . $gpsbmag . ", \"sats\":" . $gpssats . ", \"qual\":" . $gpsqual . ", \"hdop\":" . $gpshdop . "}")
  /iot mqtt publish broker=xxy.yzz.org topic=lte6track message=$gpsmqttdata
 # :log info "lte6track via mqtt sent: $gpsmqttdata"
 } else={
  :global gpsmqttdata
  :set gpsmqttdata ("{\"ts\":\"" . $gpsts . " GMT\", \"msg\":\"nofix\"}")
  /iot mqtt publish broker=xxy.yzz.org topic=lte6track message=$gpsmqttdata
 # :log info "lte6track via mqtt not sent, no GPS fix"
 }
 :set trackerisrunning false
 :set trackerfailcount 0
} else={
 :log info "lte6track already running"
 :set trackerfailcount ($trackerfailcount+1)
}
I didn't have the locking mechanism initially (if trackerisrunning etc...) so I suppose it was running too aggressively for the broker client to get it's head above the water, but it shouldn't have been affected this hard imho
I've had numerous interface/route changes without it having a hickup though.
It has not occured since with the locking workaround.

But I imagine it would be worth looking into it.


EDIT: well, the locking mechanism didn't work out in the end, happened again gotta see next time if /mqtt publish returns and status I could use in the script
EDIT2: happens also on a local mosquitto directly available within the LAN network, easily triggered if I restart the daemon 'peer disconnected...' until I stop hammering it, then it reconnects and lives happy
JaXX./.

Re: v6.48.3 [stable] is released!

Posted: Tue Jun 08, 2021 12:13 am
by woro
Just came to this thread because I notice strange disconnects of my wifi devices.
Have others had the problem? I have two hAPac2 units configured with CAPsMAN and found the problem on both, resolving it with 6.46.8 on the hAPac2's, the main CAPsMAN / gateway software version doesnt seem to affect it, currently running 6.48.3 on (originally a an RB750Gr3 now a RB3011-UiAS-RM) even running 7.1beta6 with the hAPac2's on 6.46.8 ran perfectly stable for the CAPs.

Anyone else seen similar issues?
Yes, I observe something like this. Only a small CAPsMAN network with 3 APs and two of them being hAPac2. To me it feels I only have that issue since 6.48.3 really but not absolutely sure. I also changed something else recently and I have difficulties to find out what's happening. The devices are losing connections and get them back sometimes only after a noticable interruption.
Do you have an idea how to debug if that is the same issue?

Re: v6.48.3 [stable] is released!

Posted: Tue Jun 08, 2021 10:01 am
by Dude2048
And that make three of us. Still looking for a cause

Re: v6.48.3 [stable] is released!

Posted: Tue Jun 08, 2021 12:41 pm
by mx5gr
That makes four of us as I have described in an earlier post within this thread, probably since the cAP AC shares the same architecture & CPU with hAP ac2 ... By the way, the Mikrotik support ticket I have opened is SUP-51317

Re: v6.48.3 [stable] is released!

Posted: Tue Jun 08, 2021 1:01 pm
by Ullinator
Hi,

updating from 6.48.2 to 6.48.3 on several devices (see screenshot) without any problems. (6.48.0 was very buggy, even with Bonding devices...)
The 4x CAP-ac and the one WAP-ac are connected and managed by CAPsMAN on the RB4011iGS device.
All are running smooth without any memory leaks or something else strange.
From my side: Good job, MikroTik!! :-)
hc_899.jpg

Re: v6.48.3 [stable] is released!

Posted: Wed Jun 09, 2021 10:26 am
by makstex
DoH causes memory leak!
I also checked versions 6.47.9, 6.47.10 - the same thing.
Checked for rb2011 and rb951G.
I tried to change the cache and TTL parameters - it does not help.
/ip dns
set allow-remote-requests=yes cache-max-ttl=5m cache-size=8192KiB max-udp-packet-size=2048 use-doh-server=https://dns.google/dns-query verify-doh-cert=yes
/ip dns static
add address=8.8.8.8 name=dns.google
add address=8.8.4.4 name=dns.google

Re: v6.48.3 [stable] is released!

Posted: Wed Jun 09, 2021 11:07 am
by rextended
...
verify-doh-cert=no
you trust dns.google, not?

Please, you can explain why you use DoH? Thanks.

Re: v6.48.3 [stable] is released!

Posted: Wed Jun 09, 2021 11:08 am
by Jotne
DoH causes memory leak!
See this post.
viewtopic.php?f=2&t=174836

Re: v6.48.3 [stable] is released!

Posted: Wed Jun 09, 2021 12:38 pm
by makstex
verify-doh-cert=no

you trust dns.google, not?
Yes, I brought the config above.
Please, you can explain why you use DoH? Thanks.
I live in Russia, the provider sticks its nose where it is not necessary.
Thx.
DoH causes memory leak!
See this post.
viewtopic.php?f=2&t=174836
Thx. But it is not clear to me how memory leaks should depend on the DNS used.

Re: v6.48.3 [stable] is released!

Posted: Wed Jun 09, 2021 12:43 pm
by rextended
>>>Yes, I brought the config above.

sorry, I'm explain better, have you try verify-doh-cert=no?

Re: v6.48.3 [stable] is released!

Posted: Wed Jun 09, 2021 12:45 pm
by rextended
I live in Russia, the provider sticks its nose where it is not necessary.
Ok, but probably you gain attention when you try to circumvent this, than leave the things as-is...

If I working for K-_ the first thing I do are search for users than try to circumvent this.... guaranteed!

Re: v6.48.3 [stable] is released!

Posted: Wed Jun 09, 2021 1:13 pm
by makstex
Disabled certificate checking for now.

[offtopic]
>>>Yes, I brought the config above.

sorry, I'm explain better, have you try verify-doh-cert=no?
No, I haven't tried it, but I would like to use all the available functionality, including control.
I live in Russia, the provider sticks its nose where it is not necessary.
Ok, but propably you gain attention when you try to circumvent this, than leave the things as-is...

If I work for K-_ the first thing I search are users than try to circumvent this.... guaranted!
Yes, in general, no, this is normal https, I just want to protect against spoofing.
You shouldn't think that smart people work in this department. They are trying to shift everything to providers.
[/offtopic]

Re: v6.48.3 [stable] is released!

Posted: Wed Jun 09, 2021 1:17 pm
by rextended
You shouldn't think that smart people work in this department. They are trying to shift everything to providers.
It's like here on Italy...

Re: v6.48.3 [stable] is released!

Posted: Thu Jun 10, 2021 1:09 pm
by RohanAJoshi
getting reboots on ccr 2004

Re: v6.48.3 [stable] is released!

Posted: Thu Jun 10, 2021 6:21 pm
by jbl42
Updated several RB4011 with complicated configs without issues so far.
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up
Finally. After many months of having to use scripts to disable/wait 2seconds/enable SFP port to work around link establishment/MTU issues this is very welcome.
With 6.48.3 SFP link comes up after (re)boot without link negotiation issues and MTU hassles.

PS
Although officially not supported, one of the RB4011s even works flawless with a 0.5m fs.com passive DAC in its SFP.

Re: v6.48.3 [stable] is released!

Posted: Fri Jun 11, 2021 8:18 am
by makstex
---skip---
I have RB2011 (the one with wifi) and I don't have this issue. I think I posted in the last stable thread as well. I'm at 13 days uptime and still sitting around 97mb of used memory according to winbox (it's right around that after reboot). I have mind set up with Cloudflare using DoH with verify on. My config is pretty basic. Basically just defaults with small tweaks to the firewall (just disabling rules to make it even more restrictive) and wifi settings. Also have strict RP filtering enabled. The only other difference is I'm using the extra NTP package not the built in SNTP.
So far I solved the problem like this: verify-doh-cert = no
Like you, I have minimal differences from the default settings and the NTP package is also additionally installed.
It is clear that various solutions to the problem are possible, but this problem should not exist by definition! Or at least there should be a means to keep track of not only the CPU, but also the memory.

Re: v6.48.3 [stable] is released!

Posted: Fri Jun 11, 2021 10:31 am
by woro
That makes four of us as I have described in an earlier post within this thread, probably since the cAP AC shares the same architecture & CPU with hAP ac2 ... By the way, the Mikrotik support ticket I have opened is SUP-51317
Still suffering here. Meanwhile I have some indications what happens but still not why.
Currently it also seems it just affects one of my two hAP ac2. That one loses connection to CAPsMAN (RB2011) quite often as I can see from the log.
"CAP sent max keepalives without response" -> disconnects, selects, trying to connect, fail to connect a a few times before finally joining again

I just have no explanation to why that could happen. I just know it started quite recently (therefore might be version specific) and that the physical connection between that hAP and CAPsMAN is more or less the most important wire (let's call it the "backbone" in the house) because it bundles almost all traffic. In addition the machine I'm working on all day is connected with a cable to that hAP and I do not see any connectivity issues from there.
Fun fact, the other CAP also runs via cable through the failing one to reach CAPsMAN and seems stable.
Still puzzled.

Re: v6.48.3 [stable] is released!

Posted: Fri Jun 11, 2021 12:52 pm
by Dude2048
Reverted back to 6.47.9. Problems are solved.

Re: v6.48.3 [stable] is released!

Posted: Fri Jun 11, 2021 3:28 pm
by mx5gr
That makes four of us as I have described in an earlier post within this thread, probably since the cAP AC shares the same architecture & CPU with hAP ac2 ... By the way, the Mikrotik support ticket I have opened is SUP-51317
Still suffering here. Meanwhile I have some indications what happens but still not why.
Currently it also seems it just affects one of my two hAP ac2. That one loses connection to CAPsMAN (RB2011) quite often as I can see from the log.
"CAP sent max keepalives without response" -> disconnects, selects, trying to connect, fail to connect a a few times before finally joining again

I just have no explanation to why that could happen. I just know it started quite recently (therefore might be version specific) and that the physical connection between that hAP and CAPsMAN is more or less the most important wire (let's call it the "backbone" in the house) because it bundles almost all traffic. In addition the machine I'm working on all day is connected with a cable to that hAP and I do not see any connectivity issues from there.
Fun fact, the other CAP also runs via cable through the failing one to reach CAPsMAN and seems stable.
Still puzzled.
Exactly the same as in my case, which I described in a post earlier! The ARM unit (cAP AC) keeps on disconnecting from CAPSMAN whereas the MIPS one (cAP Lite) is, by far, stable!

Re: v6.48.3 [stable] is released!

Posted: Fri Jun 11, 2021 3:40 pm
by woro
Exactly the same as in my case, which I described in a post earlier! The ARM unit (cAP AC) keeps on disconnecting from CAPSMAN whereas the MIPS one (cAP Lite) is, by far, stable!
Just read your earlier posts and you mentioned massive resource consumption (which I cannot see directly; maybe it only happens quickly shortly before it dies) and unexpected reboots. I do not see those. All what I can find in the CAP logs is that it runs into timeouts, closes the connection, tries to reconnect which typically fails a few times before it eventually works again.
But still it's probably similar enough. Others seem to have downgraded to 6.47.latest. I might try the same and hope that everything works with CAPsMAN still on 6.48.3

Re: v6.48.3 [stable] is released!

Posted: Fri Jun 11, 2021 5:09 pm
by mx5gr
Exactly the same as in my case, which I described in a post earlier! The ARM unit (cAP AC) keeps on disconnecting from CAPSMAN whereas the MIPS one (cAP Lite) is, by far, stable!
Just read your earlier posts and you mentioned massive resource consumption (which I cannot see directly; maybe it only happens quickly shortly before it dies) and unexpected reboots. I do not see those. All what I can find in the CAP logs is that it runs into timeouts, closes the connection, tries to reconnect which typically fails a few times before it eventually works again.
But still it's probably similar enough. Others seem to have downgraded to 6.47.latest. I might try the same and hope that everything works with CAPsMAN still on 6.48.3
I assume that the memory consumption observed is directly linked with the continuous (every 15-20 minutes or so) disconnections with the CAPSMAN manager. This in turns generates some kind of memory links in the ARM unit, which grinds it to a halt with kernel panic messages. I might be wrong but it is a direct relation, CAPSMAN disconnections with increasing memory consumption (CPU stays low)... OR, some kind of bug/memory leak causes the CAPSMAN disconnections.. if I wanted to bet, I'd bet on the first assumption (CAPSMAN disconnections -> memory leak -> autoreboot of device)...

Re: v6.48.3 [stable] is released!

Posted: Tue Jun 15, 2021 3:02 pm
by albercik
Hi All!
I've upgraded my LHG LTE6 (and SXT LTE kit v2, but it doesn't have this issue) from ROS 6.48.2 to 6.48.3 and I can see that there's some problem with a LTE connection. After reboot/startup - everything works fine, it connects to my network, registers and the link is up. Great. But, after few minutes (usually around 10) - the modem looses registration (like the sim card would be kicked out by the carrier). After that - it stays unregistered and doesn't even try to re-register (state 0).

Here's my log snippet:
12:53:11 dhcp,info Internet assigned 10.65.193.219 to D4:CA:6D:55:11:09 
12:53:26 system,info,account user admin logged out from 10.0.13.101 via telnet 
13:01:02 system,info,account user admin logged out from 10.0.13.101 via winbox 
13:04:06 lte,async,event lte1: +CPAS: 2 
13:04:07 lte,async,event lte1: +CIREPI: 0 
13:04:07 lte,async,event lte1: *COPN:0,Orange 
13:04:07 lte,async,event lte1: *COPN:1,Orange 
13:04:07 lte,async,event lte1: +ZNITZ: 2021,06,15,13,04,07,32,0 
13:04:07 lte,async,event lte1: +NITZ: 1,+8,21/06/15,11:04:07 
13:04:07 lte,async,event lte1: +CIREPI: 1 
13:04:07 lte,async,event lte1: +CPAS: 0 
13:04:08 lte,async,event lte1: *COPN:0,Orange 
13:04:08 lte,async,event lte1: *COPN:1,Orange 
13:04:08 lte,async,event lte1: +ZNITZ: 2021,06,15,13,04,08,32,0 
13:04:08 lte,async,event lte1: +NITZ: 1,+8,21/06/15,11:04:08 
13:14:45 lte,async,event lte1: +CPAS: 2 
13:14:46 lte,async,event lte1: +CIREPI: 0 
13:14:46 lte,async,event lte1: *COPN:0,Orange 
13:14:46 lte,async,event lte1: *COPN:1,Orange 
13:14:46 lte,async,event lte1: +ZNITZ: 2021,06,15,13,14,46,32,0 
13:14:46 lte,async,event lte1: +NITZ: 1,+8,21/06/15,11:14:46 
13:14:46 lte,async,event lte1: +CIREPI: 1 
13:14:46 lte,async,event lte1: +CPAS: 0 
13:14:47 lte,async,event lte1: *COPN:0,Orange 
13:14:47 lte,async,event lte1: *COPN:1,Orange 
13:14:47 lte,async,event lte1: +ZNITZ: 2021,06,15,13,14,48,32,0 
13:14:47 lte,async,event lte1: +NITZ: 1,+8,21/06/15,11:14:48 
13:15:25 lte,async,event lte1: *COPN:0,Orange 
13:15:25 lte,async,event lte1: *COPN:1,Orange 
13:15:25 lte,async,event lte1: +ZNITZ: 2021,06,15,13,15,25,32,0 
13:15:25 lte,async,event lte1: +NITZ: 1,+8,21/06/15,11:15:25 
13:15:26 lte,async,event lte1: *COPN:0,Orange 
13:15:26 lte,async,event lte1: *COPN:1,Orange 
13:15:26 lte,async,event lte1: +ZNITZ: 2021,06,15,13,15,26,32,0 
13:15:26 lte,async,event lte1: +NITZ: 1,+8,21/06/15,11:15:26 
13:25:05 lte,async,event lte1: +CPAS: 2 
13:25:06 lte,async,event lte1: *COPN:0,Orange 
13:25:06 lte,async,event lte1: *COPN:1,Orange 
13:25:06 lte,async,event lte1: +ZNITZ: 2021,06,15,13,25,06,32,0 
13:25:06 lte,async,event lte1: +NITZ: 1,+8,21/06/15,11:25:06 
13:25:06 lte,async,event lte1: +CIREPI: 1 
13:25:06 lte,async,event lte1: +CPAS: 0 
13:25:30 lte,async,event lte1: *COPN:0,Orange 
13:25:30 lte,async,event lte1: *COPN:1,Orange 
13:25:30 lte,async,event lte1: +ZNITZ: 2021,06,15,13,25,30,32,0 
13:25:30 lte,async,event lte1: +NITZ: 1,+8,21/06/15,11:25:30 
13:27:03 lte,async,event lte1: +CPAS: 2 
13:27:04 lte,async,event lte1: +CIREPI: 0 
13:27:11 lte,info lte1: not registred, state: 0 
13:27:11 lte,info lte1: not registred, state: 0 
13:28:11 lte,error failed to register on network 
13:28:11 lte,error failed to register on network 
13:28:11 lte,account lte1 session: 2101s 69592135/25829482 bytes 66827/52948 packets 
13:28:11 lte,async lte1: sent AT+CFUN=4 
13:28:11 interface,info lte1 link down 
13:28:11 dhcp,info dhcp deassigned 10.65.193.219 from D4:CA:6D:55:11:09 
13:28:11 lte,async,event lte1: +CGEV: ME DETACH 
13:28:11 lte,async,event lte1: +CGEV: NW PDN DEACT 5 
13:28:11 lte,async,event lte1: +CPAS: 5 
13:28:11 lte,async lte1: rcvd OK 
13:28:11 lte,async lte1: sent AT+EEMOPT=1 
13:28:11 lte,async,event lte1: *RADIOPOWER: 0 
13:28:11 lte,async lte1: rcvd OK 
13:28:11 lte,async lte1: sent AT*MRD_SN? 
13:28:11 lte,async lte1: rcvd *MRD_SN:AE39039ECE8F 
13:28:11 lte,async lte1: sent AT+CPIN? 
13:28:11 lte,async lte1: rcvd +CPIN: READY 
13:28:15 lte,async lte1: sent AT+CPMS="SM","SM","SM" 
13:28:15 lte,async lte1: rcvd +CPMS: 10,25,10,25,10,25 
13:28:15 lte,async lte1: sent AT+CFUN? 
13:28:15 lte,async lte1: rcvd +CFUN: 4 
13:28:15 lte,async lte1: sent AT*ICCID? 
13:28:15 lte,async lte1: rcvd *ICCID: 8948032152116734560 
13:28:15 lte,async lte1: sent AT+CNUM 
13:28:15 lte,async lte1: rcvd  
13:28:15 lte,async lte1: sent AT+CIMI 
13:28:15 lte,async lte1: rcvd 260032111673456 
13:28:15 lte,async lte1: sent AT+CPIN? 
13:28:16 lte,async lte1: rcvd +CPIN: READY 
13:28:16 lte,async lte1: sent AT*BAND? 
13:28:16 lte,async lte1: rcvd *BAND: 5, 78, 147, 480, 50923735, 0, 2, 2, 0 
13:28:16 lte,async lte1: sent AT*BAND=5,78,147,480,50923735,0,2,0 
13:28:16 lte,async lte1: rcvd OK 
13:28:16 lte,async lte1: sent AT*lteband=3,7,1,20,12,17,2,25,26,5,8,38,41,40,39 
13:28:16 lte,async lte1: rcvd OK 
13:28:17 lte,async lte1: sent AT+ZGDCONT=5,"IP","internet",0 
13:28:17 lte,async lte1: rcvd OK 
13:28:17 lte,async lte1: sent AT+ZGPCOAUTH=5,"","",0 
13:28:17 lte,async lte1: rcvd OK 
13:28:17 lte,async lte1: sent AT+COPS=0 
13:28:17 lte,async lte1: rcvd OK 
13:28:17 lte,async lte1: sent AT+COPS=3,0 
13:28:17 lte,async lte1: rcvd OK 
13:28:17 lte,async lte1: sent AT+CFUN=1 
13:28:17 lte,async,event lte1: +CPAS: 2 
13:28:17 lte,async lte1: rcvd OK 
13:28:17 lte,debug lte1: config ok 
13:28:17 lte,async,event lte1: *RADIOPOWER: 1 
I've checked my modem's firmware and it was 025 so I've upgraded firmware to 027 (newest available), but it doesn't seem to resolve the issue.

This is the LTE interface configuration:
[admin@LHG] > /interface lte print    
Flags: X - disabled, R - running 
 0  R name="lte1" mtu=1500 mac-address=AC:50:43:1A:EE:FD pin="****" 
      apn-profiles=Internet allow-roaming=no network-mode=lte
The apn is as simple as it can be: internet, no auth, ipv4 only.

I'll try to revert soft back to 6.48.2 and we'll se if it has resolved the issue.

Re: v6.48.3 [stable] is released!

Posted: Tue Jun 15, 2021 9:13 pm
by Dude2048
is, under system -> packages, the wireless package enabled?

Re: v6.48.3 [stable] is released!

Posted: Wed Jun 16, 2021 10:56 am
by rextended
...

outpot of
/sys pack pri detail without-paging
on termial, please?

Re: v6.48.3 [stable] is released!

Posted: Wed Jun 16, 2021 11:10 am
by pe1chl
It is weird. First time have seen a WiFi router/bridge which is not updating the wireless section and is putting it as an extra.
Remember that the same RouterOS is also used on other router models that do not have wireless, you can choose to not install it.
However I think it is not the reason of your problems. I have updated RB951G-2HnD to 6.48.3 without problem, wireless also works.
Probably something became corrupted during the update. Try to do a netinstall to install everything fresh.
(first do a /export and a /system backup of your configuration if you value to keep them)

Re: v6.48.3 [stable] is released!

Posted: Thu Jun 17, 2021 6:50 pm
by Ferrograph
DHCP "without success" issue with wireless clients still exists. Although see the thread below for more detail, its not really a DHCP issue is 5G radio issue.

viewtopic.php?f=2&t=116963

Re: v6.48.3 [stable] is released!

Posted: Fri Jun 18, 2021 12:01 pm
by WeWiNet
I see a some issues with scripts that are launched by scheduler. Log is showing "not enough permissions".
If I run the script alone from within winbox, it works (not using the scheduler).

Any idea what the issue could be?

This always worked on older stable releases...

Re: v6.48.3 [stable] is released!

Posted: Fri Jun 18, 2021 12:54 pm
by onnoossendrijver
I see a some issues with scripts that are launched by scheduler. Log is showing "not enough permissions".
Maybe:
*) console - require "write+ftp" permissions for exporting configuration to file;

Re: v6.48.3 [stable] is released!

Posted: Fri Jun 18, 2021 1:09 pm
by WeWiNet
I see a some issues with scripts that are launched by scheduler. Log is showing "not enough permissions".
Maybe:
*) console - require "write+ftp" permissions for exporting configuration to file;
Yes, I checked that. All my scripts have already ( by default anyhow) all permissions, including write and ftp.

Re: v6.48.3 [stable] is released!

Posted: Sat Jun 19, 2021 3:14 pm
by Kindis
I had a strange issue tonight. All DNS resolving stopped. The log said Doh time issues and if I removed Doh did not solve the issue. The DNS cache was empty and I could not resolve anything. Only after a restart did things start to work again. Funny thing is that every unit had the same issue at the same time. 6 routers with the same issue. They all had the same uptime due to power tests.
Will keep an eye on this but it looked like to me that the DNS resolver stopped working. Should say I saw the same issue on 6.47.10 so something is up.

Re: v6.48.3 [stable] is released!

Posted: Sat Jun 19, 2021 3:44 pm
by pe1chl
I had a strange issue tonight. All DNS resolving stopped.
I would say the programmer assigned to the DNS resolver is not the best.
Better avoid new features such as DOH when you want reliability, but even then there still are memory leaks.

Re: v6.48.3 [stable] is released!

Posted: Sat Jun 19, 2021 8:43 pm
by Kindis
It has been rock solid and only started with newest build. Solved by adding external resolution to clients as well.

Re: v6.48.3 [stable] is released!

Posted: Mon Jun 21, 2021 10:10 pm
by honzam
Silently removed 66960 Mhz channel support. Why?
No info in the changelog just nothing :-(

Re: v6.48.3 [stable] is released!

Posted: Tue Jun 22, 2021 9:32 am
by Kindis
Silently removed 66960 Mhz channel support. Why?
No info in the changelog just nothing :-(
Have a look at this: viewtopic.php?f=7&t=176086

Re: v6.48.3 [stable] is released!

Posted: Tue Jun 22, 2021 10:36 pm
by honzam
I read that. But if I remove something in the new firmware, I should inform about it in the changelog

Re: v6.48.3 [stable] is released!

Posted: Wed Jun 23, 2021 9:19 am
by Sarel0092
hello, can anyone tell me how to enable discovery on only one interface in the new version if all interfaces are static?
Create an interface list and add the interface you want to enable discovery on to the list. Then select the interface list under neighbor discovery.
/interface list add name=example-list
/interface list member add list=example-list interface=ether5
/ip neighbor discovery-settings set discover-interface-list=example-list

Re: v6.48.3 [stable] is released!

Posted: Tue Jul 20, 2021 7:22 pm
by kaspi4

Re: v6.48.3 [stable] is released!

Posted: Tue Jul 20, 2021 7:38 pm
by eworm
Well, this is about an authenticated remote user.
So if there are no untrusted authenticated remote users on your routers this should not be a big deal.

That being said... No idea why the vulnerability was not fixed within a year after confirmation.

Re: v6.48.3 [stable] is released!

Posted: Tue Jul 20, 2021 7:41 pm
by rextended
Is a "an authenticated remote user" problem, do not give remote acces to everyone...

Re: v6.48.3 [stable] is released!

Posted: Tue Jul 20, 2021 7:41 pm
by rextended
@eworm you are an authenticated remote user? :P

Re: v6.48.3 [stable] is released!

Posted: Tue Jul 20, 2021 7:47 pm
by eworm
@eworm you are an authenticated remote user? :P
Sure, on my own routers. But I tend to not hack myself.

Re: v6.48.3 [stable] is released!

Posted: Tue Jul 20, 2021 7:58 pm
by rextended
Seriously, It's a joke :P

Re: v6.48.3 [stable] is released!

Posted: Tue Jul 20, 2021 8:06 pm
by kaspi4
Virus on VPN client...just fast guess...wifi client..etc.

Re: v6.48.3 [stable] is released!

Posted: Tue Jul 20, 2021 8:09 pm
by rextended
...

Re: v6.48.3 [stable] is released!

Posted: Tue Aug 17, 2021 4:47 am
by jimmer
RB3011 is still exhibiting flapping issues on 6.48.3, I put my initial information in the following post:

viewtopic.php?f=3&p=702239&t=128762&sid ... ec#p873018

Problem seems to have started around 60 days of uptime and then reoccurring nightly during a scheduled nightly snapshot of backup transfers where it'll flap between 6 and 8 times - all devices on both switch chips are negotiated at 1Gbit so there is no 100/1000 mixes, similar flapping counts seen on all ports on switch 1, no flapping events on switch 2 (but there is only one link on that port which is the link to the internet fibre box - negotiated at 1000, full duplex)

Edit: after reviewing interface up/downs it would appear some occurrence can be over 20 within the hour, others only 6 during full speed file transfers. as stated in other posts the network hardware that theyre connected to is different on adjacent ports but showing similar and in some cases identical link drop counts.

Re: v6.48.3 [stable] is released!

Posted: Mon Aug 23, 2021 5:25 pm
by emils
New version 6.48.4 has been released in stable RouterOS channel:

viewtopic.php?f=21&t=177811