Page 1 of 1

Re: v6.29 released

Posted: Tue Jun 02, 2015 2:24 pm
by strods
dynek - Seems like you will need to open new ticket. I did test with all of these windows opened on Winbox but still did not manage to reproduce problem.

Re: v6.29 released

Posted: Tue Jun 02, 2015 3:08 pm
by jebz
The firmware server isn't working http://www.mikrotik.com/download. It's taking hours for the small files and failing.

Re: v6.29 released

Posted: Tue Jun 02, 2015 3:11 pm
by upower3
As of 6.29.1, SNTP client "suddenly" started to work. have upgraded my devices and so far the flight is OK :)

Re: v6.29 released

Posted: Tue Jun 02, 2015 3:12 pm
by dynek
dynek - Seems like you will need to open new ticket. I did test with all of these windows opened on Winbox but still did not manage to reproduce problem.
I can't register cause the captcha is not being displayed. Is it the right URL ?
http://bugs.mikrotik-routeros.com/signup_page.php

Re: v6.29 released

Posted: Tue Jun 02, 2015 3:16 pm
by normis
No, this site is not related to mikrotik in any way. Email support@mikrotik.com to submit bugs.

Re: v6.29 released

Posted: Tue Jun 02, 2015 3:49 pm
by mars
Do you really need all four architectures immediately? Do you really upgrade MIPS-LE and PPC devices also? It is actually one file per architecture, and unless you are some sort of collector, you usually need only one.[/quote]

and your point is ?

Re: v6.29 released

Posted: Tue Jun 02, 2015 3:53 pm
by normis
and your point is ?
Click on each download link. There is no more torrent.

Re: v6.29 released

Posted: Tue Jun 02, 2015 4:21 pm
by Chupaka
*) trafflow: add natted addrs/ports to ipv4 flow info;
Please tell us more about that. Which fields are used? What netflow collector understands them?
What format and for what collector are the NAT events anyway, do they correspond to any standard or a generally used format? (I guess that the format of ipt_netflow will be compatible, but I want to be sure).
template fields added are postNATSourceIPv4Address, postNATDestinationIPv4Address, postNAPTSourceTransportPort and postNAPTDestinationTransportPort - they should be recognized by any NetFlow v9 collector

Re: v6.29 released

Posted: Tue Jun 02, 2015 4:33 pm
by astraliens
for sector writes problem, seems to be fixed, but maybe there are a bit more writes than in 6.27 or older
winbox was opened for ~48 hours during this period
[admin@rb2011] > /system resource print 
	uptime: 5d1h22m46s
	version: 6.29
	build-time: May/27/2015 11:19:36
	write-sect-since-reboot: 3422
	board-name: RB2011UiAS-2HnD

Re: v6.29 released

Posted: Tue Jun 02, 2015 5:34 pm
by mervincm
6.29 broke my CRS226-24-2s+ access via winbox, it simply couldn't connect. fortunately I could still connect via web. 6.29.1 was applied via web and after that Winbox worked fine.

Re: v6.29 released

Posted: Tue Jun 02, 2015 5:51 pm
by mervincm
Personally I don't 'need it now'.
I am not affected by the bugs resolved in 6.29.1 anyway.

What I am saying is that for whatever reason everyone has, the .torrent files are really useful. More useful than downloading 20 files manually from the download page.
Do you really need all four architectures immediately? Do you really upgrade MIPS-LE and PPC devices also? It is actually one file per architecture, and unless you are some sort of collector, you usually need only one.

I don't understand this thinking. Folks that would want this are likely some of your biggest customers. Why not just make it available? It surely can't be that much work for your biggest customers.

Re: v6.29 released

Posted: Tue Jun 02, 2015 9:27 pm
by pinchia
Is it possible to confirm if L2TP VPN works with v6.29?
I did a fresh install, and it doesn't work with quick setup.

Re: v6.29 released

Posted: Wed Jun 03, 2015 12:07 am
by dynek
dynek - Seems like you will need to open new ticket. I did test with all of these windows opened on Winbox but still did not manage to reproduce problem.
Yeah I used Winbox3RC10 closed everything and checked from command line (ssh) and sector writes is still going higher.

I sent a mail to the support. Thanks!

Re: v6.29 released

Posted: Wed Jun 03, 2015 7:44 am
by jarda
According to previous topics many clients did respond that sector writes issue was solved for them (when Firewall menu was opened in Winbox). We also did see that fix is working in out lab. If you still notice sector writes counter rising without apparent reason, then please write to. Tell us what do you do at the moment when it is happening. For example, if it is happening while Winbox is opened, then name what kind of windows are you using while it is happening.
I already described the mechanism above (see http://forum.mikrotik.com/viewtopic.php ... ve#p484196).

I have to add that I am not logging to internal flash at all but to usb flashdisks and to remote syslog.

Used windows are resources, interface list, firewall, route list, profiler, wireless tables and log. Used Winbox3rc10.

[Ticket#2015060366000163] created.

Re: v6.29 released

Posted: Wed Jun 03, 2015 8:58 am
by dynek
Which can probably be linked to mine : #2015060266000843

Re: v6.29 released

Posted: Wed Jun 03, 2015 11:12 am
by dada
Excessive flash writings are not solved.

Tried on Omnitik for the first time, freshly updated from 6.28 to 6.29 via direct update. Opening the rule in firewall (just double click, no change, no save) adds two writes to the flash each time.

Sometimes just opening makes "filter rule moved by user" in the log.

What the hell? Having only one fake rule to check what it does when I open it, and it does these things??? Even when the rule is disabled! Of course the only one rule cannot be moved anywhere!

How difficult could be to correct these errors?
I tested it on RB411AH with 6.29.1 and I see 4 sector writes after just opening an existing firewall rule (a new empty accept rule in forward chain). A new line appears in Log each time I open the rule (double click on the rule) with this text:
filter rule moved by admin

Which obviously is not true. There was only one firewall rule ...

Re: v6.29 released

Posted: Wed Jun 03, 2015 11:47 am
by jebz
As a matter of fact Mikrotik staff may have accidentally acknowledged this by suggesting to export the config, netinstall and then import the config back - all because the NTP client wouldn't work after an upgrade(!) :shock:

I don't see any other official explanation for the tons of bug (or not) reports on each new version.
Take every thread for each new version (especially after v6.x). It will be 6-10pages of which most posts will be about reporting bugs or problems after the upgrade and how downgrading back to whatever previous version, resolves it.

The pattern is quite clear I am afraid.
I recently exported from a major v6 ROS to another but after reviewing the terminal found a number of command syntax's had changed on importation of the export. One of the changes was - set time-zone-autodetect=no time-zone-name=Australia/Brisbane which caused the timezone not to be applied. I can't recall the other 2. If this type of thing is happening between versions stability of configurations will be effected.

Re: v6.29 released

Posted: Wed Jun 03, 2015 12:28 pm
by dynek
Can someone confirm if downgrading is just a matter of putting previous version files in place and reboot the device just like an upgrade ?

Thank you !

Re: v6.29 released

Posted: Wed Jun 03, 2015 12:30 pm
by normis
Can someone confirm if downgrading is just a matter of putting previous version files in place and reboot the device just like an upgrade ?

Thank you !
no, you must upload older files, and run command "/system package downgrade".

Re: v6.29 released

Posted: Wed Jun 03, 2015 1:47 pm
by ATROX
Dear MikroTik Support.
After upgrading to v6.29.1 IPsec automatically not UP. Only after Kill Connections.
Fix please!
In v6.28 the same situation.
In v6.27 - good, IPsec auto UP.

Re: v6.29 released

Posted: Thu Jun 04, 2015 11:18 am
by angboontiong
What's the different of the V6.29.1 with this?

Re: v6.29 released

Posted: Thu Jun 04, 2015 11:29 am
by normis
What's the different of the V6.29.1 with this?
.1 adresses an issue with CRS where you could not connect to them

Re: v6.29 released

Posted: Thu Jun 04, 2015 1:50 pm
by jarda
According to previous topics many clients did respond that sector writes issue was solved for them (when Firewall menu was opened in Winbox). We also did see that fix is working in out lab. If you still notice sector writes counter rising without apparent reason, then please write to. Tell us what do you do at the moment when it is happening. For example, if it is happening while Winbox is opened, then name what kind of windows are you using while it is happening.
I already described the mechanism above (see http://forum.mikrotik.com/viewtopic.php ... ve#p484196).

I have to add that I am not logging to internal flash at all but to usb flashdisks and to remote syslog.

Used windows are resources, interface list, firewall, route list, profiler, wireless tables and log. Used Winbox3rc10.

[Ticket#2015060366000163] created.
Confirmed by Mikrotik to be bug, hopefully it will be corrected in some subsequent winbox.

Before that they tried to convince me that I should blame my too much sensitive quality mouse that moves a bit with the firewall rule during the double click. But taking such thing as rule order change is surely winbox/ros bug, not problem of my mouse.

Hope it will be corrected soon.

Re: v6.29 released

Posted: Thu Jun 04, 2015 2:55 pm
by andersonlich
Hi all
Does anybody having problem using IP Hotspot after upgrading to 6.29.1 from 6.27 ?
My clients are obtain dhcp, but after requesting http traffic(before login), the client doesn't appear at /ip hotspot host and it seems the packet is not forwarded normally and caused my client is not redirected to my external login page.

Thank you

Anderson

Re: v6.29 released

Posted: Thu Jun 04, 2015 5:04 pm
by uldis
DHCP server is on the same box as Hotspot?
What happens when you try to open the IP address of the hotspot in the browser?
Hi all
Does anybody having problem using IP Hotspot after upgrading to 6.29.1 from 6.27 ?
My clients are obtain dhcp, but after requesting http traffic(before login), the client doesn't appear at /ip hotspot host and it seems the packet is not forwarded normally and caused my client is not redirected to my external login page.

Thank you

Anderson

Re: v6.29 released

Posted: Thu Jun 04, 2015 6:30 pm
by rextended
The 6.29(.1) is VERY VERY VERY bad for me,

On all 921UAGS-5SHPacD (and other 9xx models) I have,
I lost completly or partially the auto-negotiation on ehter1 and sfp1.
Not mind if are fresh netinstalled or upgraded.
I'm forced to set manually 1000 or 100 full-duplex (I'm using ONLY the original mikrotik provided gigabit poe).
Also if both connected devices are the same model, the problem still exist.

Also S-RJ01 stop working as expected on all 9xx capable devices, for the same reason.

On both my CCR1036-12G-4S, with all the S-85DLC05D plugged, lost auto-negotiation and if are forced 1Gb are very slow...

Restoring the 6.28 solve any problem on all devices, I also try the .1, but the problem still exist

[no problem on 4xx, 2010, 1x00, metal, groove or 7xx models]

Test case:
netinstall two 921UAGS-5SHPacD with 6.29.1,
put on both one S-RJ01,
after put two ip address on the devices,
try bandwidth test between the two devices.
feel free to try any ethernet cable you have....
sometime is working, sometime you got "R" but do not pass more than 1 or 2 packet for second, sometime the two device can't estabilish ethernet link between the two S-RJ01 or the two ether1

Re: v6.29 released

Posted: Sat Jun 06, 2015 2:11 am
by warn1ng
Hi, doing a PTP with SXTs running v6.29, wireless-fp package and using nstreme wireless protocol, wireless link seems to work good, but when the SXT running on "station bridge" gets power cycle, cant connect back, only way to make it works is if i unclick "Hidde SSID" on the "bridge" SXT

Sorry the broken english

Bests

Re: v6.29 released

Posted: Sat Jun 06, 2015 10:46 am
by struart
Hello
I upgraded my RB433 from 3.30 to 4.17>5.26>6.29
All went fine.
But i noticed one problem.

ETHER1 is making traffic (around 15mbs) all the time even if device connected to it is not making any traffic at all.
When i disable it its OK then i enable and its OK until i try to ping something on that interface than again 15mbs of fake traffic and CPU goes to 90%

Posted: Sat Jun 06, 2015 11:32 am
by jarda
And what is the traffic?

Re: v6.29 released

Posted: Sat Jun 06, 2015 11:35 am
by dzikis
Hello
I upgraded my RB433 from 3.30 to 4.17>5.26>6.29
All went fine.
But i noticed one problem.

ETHER1 is making traffic (around 15mbs) all the time even if device connected to it is not making any traffic at all.
When i disable it its OK then i enable and its OK until i try to ping something on that interface than again 15mbs of fake traffic and CPU goes to 90%
Hello
I had problem with 6.29 strange traffic on few interfaces oround 5mbps and loosing pppoe connection with clients . Whan i downgrade to 6.28 problem do do not comeback.

Re: v6.29 released

Posted: Sat Jun 06, 2015 11:54 am
by struart
Exacly same situation here but downgrade didnt help ;(
And what is the traffic?
Emmm nothing :) its classic router tplink connected to that ether1 but noone is using it at that moment but still there is 15/5 mbs usage.

TORCH shows 0 traffic at all.

During this CPU goes to 80-90% and disconnect all pppoe clients on wlan2.

If i disable that ether1 then rb is working great but then one guy is w/o internet :)

RouterOS 6.29.1 ssh proxy intermittent failures - update Support Ticket #2015060666000274

Posted: Sat Jun 06, 2015 7:34 pm
by benesm1
Hello,
we are using two CCR1036-12G-4S as our edge routers. We are using ssh proxying to access servers behind those routers. Please see excerpt from ssh config:

Host *
ForwardAgent yes

Host CCR-gateway
Port xx
User ssh-proxy
#CCR1
Hostname 1.2.3.4
#CCR2
#Hostname 1.2.3.5

Host aries
User root
ProxyCommand ssh -W aries.internal:22 CCR-gateway

Host imon
User root
ProxyCommand ssh -W imon.internal:22 CCR-gateway

Host scorpio
ProxyCommand ssh -W scorpio.internal:22 CCR-gateway
User root

Since upgrade to ROS 6.29.1 the ssh login to servers behind the CCR hang indefinitely in most cases (for example "ssh aries"). When I specify the "-v" option, the login goes fine in most cases, but sometimes hangs
at "debug1: SSH2_MSG_KEXINIT sent". In case of successful login, the aes128-ctr cipher is selected. When I disable the aes-ctr ciphers, then I can login as usual, but only to some of our servers.

Support Ticket #2015060666000274

I can connect to all servers with following ciphers enabled:
Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes192-cbc,aes128-cbc,aes256-cbc,blowfish-cbc,3des-cbc

Re: v6.29 released

Posted: Sat Jun 06, 2015 9:13 pm
by bardelot
Hi

I'm wondering if the described issue below has been resolved in RouterOS version 6.29.
I have seen the issue has been raised by a few other posters as well, however I did not see any reply acknowledging it.

As I understand the current processing of IPSec encrypted traffic, the traffic passes the firewall input chain, is then decrypted and the decrypted traffic is then again handled by the firewall e.g. the forward chain.
When the firewall processes the decrypted traffic it will be shown as coming from the original interface the encrypted IPSec traffic has been received on. As such there it is not possible to determine if the decrypted traffic is coming from an IPSec tunnel.

Up until RouterOS 6.27 it was possible to overcome this shortcoming by marking incoming IPSec packets using the firewalls mangle functionality. The packet mark would remain on the decrypted traffic (e.g. also on the forward chain) and could therefore be used in the firewall for filtering purposes.

Since RouterOS 6.28 the packet marks do not exist on the decrypted traffic anymore. Has this been changed / fixed in RouterOS 6.29?

Thanks

Re: v6.29 released

Posted: Sun Jun 07, 2015 11:52 am
by TheRealJLH
this update appears to have broken NetFlow it is no longer sending ingress and egress flow data for the same interface. only appears to be exporting Egress flows. per interface.

Re: v6.29 released

Posted: Mon Jun 08, 2015 10:46 am
by tomaskir
@normis
I have managed to reproduce a very rare and annoying bug [Ticket#201503206600075]

It will go away if I reboot the device.
Could someone from support please look at this so I can give you guys SSH access?
I cant keep the device in this state for long, since it needs to be used.

Re: v6.29 released

Posted: Mon Jun 08, 2015 12:24 pm
by paulsa
this update appears to have broken NetFlow it is no longer sending ingress and egress flow data for the same interface. only appears to be exporting Egress flows. per interface.
+1 also experiencing this on our ccr1036. Upgraded from 6.22 to 6.29, only tx bandwidth flow being sent from an interface. Had to enable traffic flow on our edge router which is still sitting on 6.22.

Please fix!

Re: v6.29 released

Posted: Mon Jun 08, 2015 8:09 pm
by rextended
RouterOS 6.28 or 6.29 or 6.29.1
RouterBOOT 3.22

All clean installation with Netinstall without import .backup or keeping previous config.

RB912UAG-2HPnD (BaseBox 2) + R11e-5HacD = kernel panic or kernel failure when the first device connect to wifi.
RB912UAG-5HPnD (BaseBox 5) + R11e-5HacD = kernel panic or kernel failure when the first device connect to wifi.

Device reboot without depleting memory or go to 100% CPU

RB922UAGS-5HPacD (MMCX RouterBoard) + R11e-5HacD = no problem
RB922UAGS-5HPacD (-NM ???) (NetMetal 5) + R11e-5HacD = no problem

Re: v6.29 released

Posted: Tue Jun 09, 2015 10:29 am
by TomosRider
Loosing of static dhcp leases is still present. I can solve it with netinstall, but question is, why it isn't solved with newer releases....

Re: v6.29 released

Posted: Tue Jun 09, 2015 10:55 am
by Petzl
I have a lot of omnitiks that stopped working , or getting un responsive 6.29 RC13

i have romon enabled
will upgrade some to 2.29.1

Posted: Tue Jun 09, 2015 11:48 am
by jarda
Why you use rc version in production?

Re: v6.29 released

Posted: Tue Jun 09, 2015 11:52 am
by Karvanoppa
Hi,
I think this is a bug or something can't say cleary.

Problem is when change SIM card for RB922 or RB912 with RouterOS v6.29.1.

Have 2 SIM card with different ISP. Another have PIN code other not have PIN code. When first card witch have PIN code everything works wine, but when i change card to no PIN code one and remove that PIN code area in RouterOS then it can't connect. I need to make FULL reset for router and configure all things again without touch that PIN code area and then SIM works.

Any fix for this?

Re: v6.29 released

Posted: Tue Jun 09, 2015 11:54 am
by tomaskir
Hi,
I think this is a bug or something can't say cleary.

Problem is when change SIM card for RB922 or RB912 with RouterOS v6.29.1.

Have 2 SIM card with different ISP. Another have PIN code other not have PIN code. When first card witch have PIN code everything works wine, but when i change card to no PIN code one and remove that PIN code area in RouterOS then it can't connect. I need to make FULL reset for router and configure all things again without touch that PIN code area and then SIM works.

Any fix for this?
Report this to support@mikrotik.com

They should probably look at this one.

Re: v6.29 released

Posted: Tue Jun 09, 2015 3:32 pm
by Karvanoppa
Ok, thanks. I send mail.

Re: v6.29 released

Posted: Wed Jun 10, 2015 12:01 am
by 0ldman
Installed 6.29.1 on my RB750UP that runs my office. Watchdog timer reboot the router every 5 minutes. Downgraded back to 6.20 and bricked the router.

Trying to recover now.

Edit: Now that I'm not in a pinch, RB750UP, 6.20, NTP and DNS, couple of GRE links, tried 6.29.1, seemed okay, enabled Fasttrack, worked beautifully, CPU was like 16% while I was pushing it. Love it.

Then it reboot.

Then it reboot again.

Figured okay, not quite ready for prime time, at least not in my exact configuration, uploaded 6.20 and the NTP package, system package downgrade, reboot.

Nada.

Netinstall got the unit back up and going.

Re: v6.29 released

Posted: Wed Jun 10, 2015 12:35 am
by TomosRider
Try with 6.27, i found it stable as unicorn population in Scotland. Just kidding, its good release.

Re: v6.29 released

Posted: Wed Jun 10, 2015 9:21 am
by sasskass
Serious bug with ethernet on SXT G-5HPacD and v6.29.1 - messed up a lot of time and cpe-s.
In bridged mode, cannot access the device from ethernet side. After ~a day of working eth starts blinking 1 per second, reboot does not help.
Downgrading to the 6.28 solved the problem

Re: v6.29 released

Posted: Wed Jun 10, 2015 10:16 am
by Ansy
Installed 6.29.1 on my RB750UP that runs my office. Watchdog timer reboot the router every 5 minutes.
...
Edit: Now that I'm not in a pinch, RB750UP, 6.20, NTP and DNS, couple of GRE links, tried 6.29.1, seemed okay, enabled Fasttrack, worked beautifully, CPU was like 16% while I was pushing it. Love it.

Then it reboot.

Then it reboot again.
...
Very very close to my case :(
[Ticket#2015060366000­431] [Ticket#2015053066000­266] [Ticket#201505296600­0­214]
MT wiped out my post here, IMHO because they emailed me these crashes may be due to NAND memory errors and told me to NetInstall, but I can't to get to device' site now -- preparing spare one.

I used 6.27 for the long time, RB750UP configured as Bridge with Firewall and Simple Queues mostly, POwEring 3 another radiobridges.

Using 6.29 (yes, reboots 4-5 times!), then 6.30rc7 it worked, but after 4-5 minutes began to overload CPU by management process, loose many lists content (Winbox & console), but still managing traffic! I switched off writing to disk some logs (error, critical), for now uptime is 5d11h (CPU 100%, almost no controls, just /system).

Every try to get supout.rif overloaded & then rebooted device by watchdog (no ping?) with no result file. But rebooting device emailed me autosupout.rif successfully (send to MT support). It'd loosed Bridge - Settings - Use IP Firewall & Allow Fast Path checks in after reboot.
RB750UP_bridge_6.30rc7 freezing.png
IMHO it's not NAND issue...not only NAND may be.
It can be some (rare case) bridging firewall, fast path & management issue, because MT actively working on it last versions.

Re: v6.29 released

Posted: Wed Jun 10, 2015 8:44 pm
by rextended
Serious bug with ethernet on SXT G-5HPacD and v6.29.1 - messed up a lot of time and cpe-s.
In bridged mode, cannot access the device from ethernet side. After ~a day of working eth starts blinking 1 per second, reboot does not help.
Downgrading to the 6.28 solved the problem
Have you read my post???

http://forum.mikrotik.com/viewtopic.php ... 00#p485204

Re: v6.29 released

Posted: Thu Jun 11, 2015 6:08 pm
by sanitycheck
I assume the FREAK SSL vulnerability fixed in 6.29 affected OpenVPN and SSTP since they are both tied to certificates and the Mikrotik certificate functions. But does FREAK affect IPSEC with PSK, meaning where a certificate is not used? Is SSH affected by FREAK when a certificate is used (or not)?

I have some routers on 6.7 that I would rather not upgrade.

Re: v6.29 released

Posted: Fri Jun 12, 2015 1:50 am
by Chupaka
FREAK affects SSL/TLS, so SSTP and HTTPS are possibly affected, not OVPN or IPSec

Re: v6.29 released - No more inline comments?

Posted: Fri Jun 12, 2015 2:31 am
by bney
Installed 6.29.1 on a router today and the inline comments selection is no longer there in the right hand drop down.
Whats up with that. Having the comments on a seperate line is confusing and annoying to look at.
Why would Mikrotik remove that?

Re: v6.29 released

Posted: Fri Jun 12, 2015 4:19 am
by Adav
Hi

CCR1009-8G-1S-1S+PC

From internet for old version (not PC model):
Image

From my device:
Image

Voltage - invalid (0.0 if power supply 12V, 12.8 if power supply 24V)
Current and power - not present.

Is it problem with "health" for 6.29 version or for PC model?

Re: v6.29 released

Posted: Fri Jun 12, 2015 5:15 pm
by oukidouki
this update appears to have broken NetFlow it is no longer sending ingress and egress flow data for the same interface. only appears to be exporting Egress flows. per interface.
I noticed same bug on my RB 433. Anybody else?

Re: v6.29 released

Posted: Sat Jun 13, 2015 11:13 am
by khizer911
Does following SNMP traps supported ?

Router reboot
Memory CPU usage

Re: v6.29 released

Posted: Sat Jun 13, 2015 1:13 pm
by sil200
this update appears to have broken NetFlow it is no longer sending ingress and egress flow data for the same interface. only appears to be exporting Egress flows. per interface.
I noticed same bug on my RB 433. Anybody else?

Hello! Yes, i have similar bug with 6.29.1. Traffic flow does not work correctly.

Re: v6.29 released

Posted: Sun Jun 14, 2015 7:35 pm
by Marino
Hi,

since 6.29 (and 6.29.1) OpenVPN seems broken :

If I connect to openvpn from the internet the connection succeeds. But no network traffic is possible (ping, http,dns ...). In the WebUI i can see the connection is alive but no packets are going through.

If I connect to openvpn from inside (intranet) the connection is established and everything (ping, http, dns, ...) is working.

Any ideas about this ?

Meitonga
Hi, same issue here. Version 6.27 works perfect. Version 6.29.1 fails to route traffic through the tunnel other than its own openvpn subnet. I can ping the openvpn interface on the Routerboard though, so the tunnel is up.

Re: v6.29 released

Posted: Mon Jun 15, 2015 10:45 am
by TheRealJLH
this update appears to have broken NetFlow it is no longer sending ingress and egress flow data for the same interface. only appears to be exporting Egress flows. per interface.
I noticed same bug on my RB 433. Anybody else?

Hello! Yes, i have similar bug with 6.29.1. Traffic flow does not work correctly.

Guys I resolved this issue by downgrading to the 6.28 release on my CCR1036 hopefully they will fix the bug in the next release.

Re: v6.29 released

Posted: Mon Jun 15, 2015 10:34 pm
by khatab
As a matter of fact Mikrotik staff may have accidentally acknowledged this by suggesting to export the config, netinstall and then import the config back - all because the NTP client wouldn't work after an upgrade(!) :shock:

I don't see any other official explanation for the tons of bug (or not) reports on each new version.
Take every thread for each new version (especially after v6.x). It will be 6-10pages of which most posts will be about reporting bugs or problems after the upgrade and how downgrading back to whatever previous version, resolves it.

The pattern is quite clear I am afraid.
I recently exported from a major v6 ROS to another but after reviewing the terminal found a number of command syntax's had changed on importation of the export. One of the changes was - set time-zone-autodetect=no time-zone-name=Australia/Brisbane which caused the timezone not to be applied. I can't recall the other 2. If this type of thing is happening between versions stability of configurations will be effected.
Dear Sir, Hi, I am also facing the same problem, NTP client is not responding, and the time is not correct, I got more than 10 mikrotiks, ALL of them got that problem, the version are 6.28, 6.29, even 6.30 (19), any one else got the same problem?

Re: v6.29 released

Posted: Tue Jun 16, 2015 2:04 am
by bloemkool73
Hi Guru's

coming from 6.28, then went to 6.29.1 and right now on 6.30rc19.
The 6.28 config worked on my rb2011 with antenna's.
DHCP for Apple devices (OSX & iOS) seem broken somehow. I tested via WLAN and cable, both same result.
A Windows install via virtualbox on my Mac get's a DHCP lease. And my Mac itself does not get any.
I see android devices connecting to the network and their lease is renewed after some time. So that is good also.
The iOS devices get a lease ( OFFER and ACK ) and after a few seconds I see a REQUEST and a DECLINE.

I have got two networks separated by VLAN. Made bridges inside those VLAN's. Ports and WLAN's are connected to the bridges.
Both networks have their own DHCP server. Both DHCP servers are authoritative. They cannot see each other
One DHCP server gives the Apple devices a lease, so no problem here.
The other network gets declines like this:
received decline with id 0 from 0.0.0.0
So weirdness is going on here ..

I tried playing with ARP on the bridge and toggled the ARP option in the DHCP server, but I can't get it to work anymore.
Further I'd like to go back to 6.28, but cannot find it... Where can I find it?

Re: v6.29 released

Posted: Tue Jun 16, 2015 6:31 pm
by Abdock
I tried to activate the RoMon feature but just after activating my router rebooted, this made me go back and disable as i did not want to cause issues with network. anybody else tried to use Romon on live or test network ?

Re: v6.29 released

Posted: Wed Jun 17, 2015 12:45 pm
by khizer911
Please provide RSA support for ssh. It currently supports DSA. We are not able to ssh mikrotik routers from Cisco routers or Cisco routers from Mikrotik routers because both routers support different alogos for ssh!

v6.29 released

Posted: Wed Jun 17, 2015 1:19 pm
by freemannnn
Winbox working folder should be the same folder winbox.exe exist so it could be portable. I login to customer routers from different pc and places and i have to make every time new viw files the way i want. Why should it be in windows user folder? In the same folder all ini and viw files !

Sorry wrong post here. Admis delete it please

Re: v6.29 released

Posted: Fri Jun 19, 2015 2:07 am
by mcdebugger
I lost connection to 3 of 21 RB750s that I've upgraded and also they can't ping anyrhing via ether1 interface (which is connected to our distribution net).
I needed to get my bicycle and go on the night to ride across the town.
Connected via our wi-fi hotspots that plugged to "LAN" or access side of Mikrotik.
First device was fixed by just rebooting.
On the second board I had to downgrade to 6.28. I then tried to upgrade to 6.29.1 once again and it was the same problem: no ping from the board itself via ether1, no ping/forwarding from LAN to distribution (no nat or filtering is used on these boards). But I can see packets from other routers (OSPF, multicast and maybe even some other) and from router itself in the tool sniffer. Downgraded one more time and now it's working at least with 6.28.
I didn't fixed the third board yet because I can't connect to our network on the third location now.
What is special is that almost all of the boards have the same configuration (except for IP addresses) and most of devices updated correctly where some of them have these problems.

Re: v6.29 released

Posted: Sat Jun 20, 2015 11:03 pm
by makros
Hi everyone! We had had ver 6.6 working well. But it hadn't been able to make template to generate certificate request for the openvpn server.
So we had decided upgrade routeros. What's now:
/system resource print                 
version: 6.29.1
architecture-name: powerpc
board-name: RB1100AHx2
We noticed some minor issues after this upgrade.
1. Certificate request was made and generated but the easyrsa3 (fedora 20) couldn't sign it. It made us generate the request by another device (CCR, routeros 6.19), sign by easyrsa3 and import it.
2. OpenVPN tap (L2) tunnel is raised (its client is FreeBSD 8.3) but the tcpdump shows some unwelcome traffic (about 1Mbit per sec) from the server (Mikrotik) to the client (FreeBSD host). The undesired traffic are packets between LAN hosts of the router behind NAT and WAN hosts. This problem doesn't present in another device (CCR, routeros 6.19): we see only expected packets.
3. When I try to add INPUT rules to control traffic by connection-state option
chain=input disabled=yes action=drop connection-state=invalid log=no log-prefix=""
chain=input disabled=yes action=accept connection-state=related log=no log-prefix=""
chain=input disabled=yes action=accept connection-state=established log=no log-prefix=""
the web interface doesn't show the option "connection-state" installed. I can choose it and save, but when I reopen the rule - it's blank again. I can see only in console that the option is set. You can see the rules are turned off and I don't know if it works or not because I'm afraid to lose control.
So we've cowardly decided downgrade one to routeros 6.19

Re: v6.29 released

Posted: Mon Jun 22, 2015 3:00 pm
by Kraken2k
As I understand the current processing of IPSec encrypted traffic, the traffic passes the firewall input chain, is then decrypted and the decrypted traffic is then again handled by the firewall e.g. the forward chain.
When the firewall processes the decrypted traffic it will be shown as coming from the original interface the encrypted IPSec traffic has been received on. As such there it is not possible to determine if the decrypted traffic is coming from an IPSec tunnel.

Up until RouterOS 6.27 it was possible to overcome this shortcoming by marking incoming IPSec packets using the firewalls mangle functionality. The packet mark would remain on the decrypted traffic (e.g. also on the forward chain) and could therefore be used in the firewall for filtering purposes.

Since RouterOS 6.28 the packet marks do not exist on the decrypted traffic anymore. Has this been changed / fixed in RouterOS 6.29?
Thanks
Same problem here (two independent RB1100AHx2).

After upgrade from 6.24 to 6.29.1, ipsec packet mark in mangle-prerouting chain does not work, or it's not catched by filter-forward chain.

Re: v6.29 released

Posted: Mon Jun 22, 2015 4:31 pm
by Chupaka
After upgrade from 6.24 to 6.29.1, ipsec packet mark in mangle-prerouting chain does not work, or it's not catched by filter-forward chain.
seems like it won't be possible anymore, but another solution is coming:
What's new in 6.30rc19 (2015-Jun-12 11:45):
*) firewall - added ipsec-policy matcher to check wheather packet was/will be ipsec processed or not;
p.s. Normis, sed s/wheather/whether/ :)

Re: v6.29 released

Posted: Mon Jun 22, 2015 5:34 pm
by Kraken2k
Upgraded two RB1100AHx2 (powerpc) from 6.24 to 6.29.1 and since then I have problem with Simple Queues respectively... half of it:

Simple example from wiki - limit LAN traffic (identified by IP address range) to WAN (identified by interface eth11 to ISP; there is src-nat to public IP address on VRRP interface assigned to eth11). Upload queue works as expected, but download one does not... with the same configuration as before upgrade.
simple_queue.png
I've upgraded also few other 2011UAS-2HnD (mipsbe) boxes in the same way, but all of them works normally as expected, but it might be also configuration related...

Just a guess... VRRP problem?

Re: v6.29 released

Posted: Mon Jun 22, 2015 5:35 pm
by mrz
Yes, all marks are cleared after ipsec decapsulation/encapusaltion. You can still use priiority and DSCP however.
v6.30 will have new policy matcher as well as ipsec policy based method. Examples will be added in the wiki after version release.

Re: v6.29 released

Posted: Mon Jun 22, 2015 9:59 pm
by jondavy
why CCR series do not show Bad Blocks?
/system resource print

Re: v6.29 released

Posted: Tue Jun 23, 2015 3:44 pm
by cREoz
On mAP ETH1 and ETH2 leds is always OFF after router is rebooted with connected cables.
/system resource print 
                   uptime: 2h50m33s
                  version: 6.29.1
               build-time: Jun/01/2015 13:30:35
              free-memory: 42.1MiB
             total-memory: 64.0MiB
                      cpu: MIPS 24Kc V7.4
                cpu-count: 1
            cpu-frequency: 400MHz
                 cpu-load: 5%
           free-hdd-space: 4084.0KiB
          total-hdd-space: 16.0MiB
  write-sect-since-reboot: 707
         write-sect-total: 119714
               bad-blocks: 0%
        architecture-name: mipsbe
               board-name: mAP
                 platform: MikroTik

Re: v6.29 released

Posted: Tue Jun 23, 2015 4:06 pm
by BartoszP
mAP has mismatched LED's assigments: http://forum.mikrotik.com/viewtopic.php ... 60#p481260
Goto System/LEDs and set them properly as you wish/need.

Re: v6.29 released

Posted: Tue Jun 23, 2015 4:20 pm
by grandow
Hi Guys

I'see a new bug in v6.29 in a groove dettect an disk space 175% free look imagems:
Image

Re: v6.29 released

Posted: Tue Jun 23, 2015 9:40 pm
by kez
Sorry, I know this is not the 6.30rc topic, but there is no one official.
There is a problem with the scheduler on v6.30rc22.
When you choose "startup" as start time it doensn't run at startup.
It works after downgrade to 6.29.1.
Tested on mipsbe plataform.
And thanks for the VLAN Fastpath support on v6.30rc!

Re: v6.29 released

Posted: Wed Jun 24, 2015 1:25 pm
by Marino
Since version 6.29, OpenVPN clients don't use the default gateway on the remote network anymore. You need to add ip routes manually on the clients. Has it something to do with this change?

*) ovpn server - use subnet topology in ip mode if netmask is provided (makes android & ios
clients work);

Re: v6.29 released

Posted: Thu Jun 25, 2015 2:39 pm
by Chupaka
Sorry, I know this is not the 6.30rc topic, but there is no one official.
because it's not a release :)
There is a problem with the scheduler on v6.30rc22.
please write to support@mikrotik.com

Re: v6.29 released

Posted: Fri Jun 26, 2015 7:08 am
by prawira
dear all,

we just notify that we can not do zoom-in and zoom-out on the smartphone for the user manager on version 6.x.
while we still be able to do the same thing on version 5.x

Paul

Re: v6.29 released

Posted: Fri Jun 26, 2015 4:19 pm
by kez
Sorry, I know this is not the 6.30rc topic, but there is no one official.
because it's not a release :)
There is a problem with the scheduler on v6.30rc22.
please write to support@mikrotik.com
Some RCs have their owns topics.
Thanks, but I think just post here it's enough. It's a pretty easy bug to test. Normis and others Mikrotik developers are always here, so...

Re: v6.29 released

Posted: Sat Jun 27, 2015 7:01 am
by coylh
Just tried 6.25 to 6.29.1 upgrade (via system packages download) on CCR-1036-12G-4S, and it started crashing a couple times per minute. I was able to see some output on the console:
resetting_chip.png
The only error is on the console is "Resetting chip and restarting." In the system log there is "System rebooted because of kernel failure".

:(

Re: v6.29 released

Posted: Mon Jun 29, 2015 2:25 am
by infused
I know this is 6.29, but does 6.28 have any significant issues? Mainly around queues, gre tunnels? I need to upgrade a few tiks from 6.15 that I have issues on. 6.29.1 has a few issues i'd like to avoid.

Re: v6.29 released

Posted: Mon Jun 29, 2015 11:58 pm
by TomosRider
@Infused
I roll 6.28 release on 90% of our company routers and its by far most stable version, but to be honest, i didnt had problems with 6.27 either.

Re: v6.29 released

Posted: Tue Jun 30, 2015 2:12 am
by infused
Thanks for that.

Re: v6.29 released

Posted: Tue Jun 30, 2015 4:49 pm
by xcom
@Infused
I roll 6.28 release on 90% of our company routers and its by far most stable version, but to be honest, i didnt had problems with 6.27 either.
Where can I download 6.28?

Thanks!

Re: v6.29 released

Posted: Tue Jun 30, 2015 10:45 pm
by coylh
I also still encounter the problem where routerboard devices still don't connect to Cisco switches reliably after a reboot. Each time I upgrade my network I get one or two routers that forget they have a lan connection. The interface is enabled, but not "running". Disabling and re-enabling the interface (or physically unplugging and re-plugging) gets the interface to work again. With the 6.29.1 upgrade I've seen this on a 450G and 2011UiAS.

Re: v6.29 released

Posted: Wed Jul 01, 2015 1:51 am
by jebz

Where can I download 6.28?

Thanks!
Copy the old URL and adjust it like -
http://download2.mikrotik.com/routeros/ ... e-6.28.npk

Re: v6.29 released

Posted: Wed Jul 01, 2015 3:47 am
by jondavy
CCR1009-8G-1S-1S + with packages v6.29.1 crash after several hours
on average througtput 100MiB Running
ospf+vlan+PPPoE-Server+simple queues

Re: v6.29 released

Posted: Wed Jul 01, 2015 4:12 pm
by jondavy
CCR1009-8G-1S-1S + with packages v6.29.1 crash after several hours
on average througtput 100MiB Running
ospf+vlan+PPPoE-Server+simple queues
in fact specifically happened the day before yesterday and yesterday 21:00
second comments of many colleagues who were also affected this is the 'Leap Second'
https://www.facebook.com/groups/2210247 ... 144362036/

is there any way to fix it to no longer crashes?
as this is a botch, only restarting the power source

Re: v6.29 released

Posted: Thu Jul 02, 2015 3:22 pm
by ste
Upgrading a CCR to 6.29.1 killed our MPLS. Some internal routes are not reachable by some routers 2 Hops away. Disabling LDP solved it. downgrading the CCR to 6.15 solved the problem.
Routes were installed in LDP Forwarding Database but does not seem to work.

Upgrading Firmware needed a Hard Power Down/UP.

Got a lot of calls today ...


Edit: Problematic routes were /32.

Re: v6.29 released

Posted: Thu Jul 02, 2015 9:19 pm
by xcom

Where can I download 6.28?

Thanks!
Copy the old URL and adjust it like -
http://download2.mikrotik.com/routeros/ ... e-6.28.npk
Thanks!

Re: v6.29 released

Posted: Fri Jul 03, 2015 3:23 am
by WirelessRudy
Last days we installed several v6.29.1 ROS on v.6.27 running units. We found 5% of the units, special ones with PoE out ports, stopped passing traffic over their ethernet ports.
We have 'hardware queues' on all ports and they are also set to manually set 100Mbps rates. (But on one unit we still had 'auto' and it also happened the same here...)

Ethernet ports on both ends show they are connected but traffic only flows one way, towards the PoE out port. Opposite direction no traffic. Neighbour doesn't see adjacent unit anymore and even if the mac address or IP is know, the other end of the cable became completely unreachable.
It happened most of the times half a day or more after the upgrade. Not inmediately. Units kept working fine for hours....

Only a real power cycle brought the units back working normally..... (So, no supouts. Unit had to be powercycled and after that the supout has no more meaning....)

It happened to one of my main gateways so I was not happy! Hope it doesn't happen again.....

Re: v6.29 released

Posted: Sun Jul 05, 2015 10:26 am
by Farhadgh
I can't make any of arp static due to "Couldn't add new ARP, Already have such ARP!" error.
It would be awesome if there was a command for that too. making static is only possible on gui (I know with some scripts it is possible. I mean something like "/ip arp set x static=yes")

Re: v6.29 released

Posted: Sun Jul 05, 2015 5:48 pm
by Chupaka
I can't make any of arp static due to "Couldn't add new ARP, Already have such ARP!" error.
It would be awesome if there was a command for that too. making static is only possible on gui (I know with some scripts it is possible. I mean something like "/ip arp set x static=yes")
checked with 6.29 - no problem when adding ARP entry if dynamic entry for this IP already exists

please give an example of what you do, what you expect and what exactly happens

Re: v6.29 released

Posted: Sun Jul 05, 2015 8:17 pm
by Farhadgh
Hello Chupaka. I tested that again and it was working fine (after an unexpected shutdown). at that situation, I solved this by copying everything field by field (even copying dhcp arps in disabled=yes mode was making error with DX flags) and then removing every dynamic arp and enabling disable arps in one line. I hope this don't happen again. It hurts! :D

Re: v6.29 released

Posted: Wed Jul 08, 2015 2:05 pm
by Kraken2k
Upgraded two RB1100AHx2 (powerpc) from 6.24 to 6.29.1 and since then I have problem with Simple Queues respectively... half of it:

Simple example from wiki - limit LAN traffic (identified by IP address range) to WAN (identified by interface eth11 to ISP; there is src-nat to public IP address on VRRP interface assigned to eth11). Upload queue works as expected, but download one does not... with the same configuration as before upgrade.
simple_queue.png
I've upgraded also few other 2011UAS-2HnD (mipsbe) boxes in the same way, but all of them works normally as expected, but it might be also configuration related...

Just a guess... VRRP problem?
After series of tests, I found the source of this issue: it's just the fact, that if you set physical interface (ether11 in my case) as Target for simple queue and there are VRRP interfaces on this physical interface, then the traffic that goes through those VRRP interfaces are not included in this simple queue (even if this VRRP interfaces "sit" on the ether11 port). More precisely, outgoing traffic is handled, incoming not (as you can see on screenshots). There is src-nat (firewall - NAT) rule to handle the address translation from LAN to WAN - is it possible that it affects this situation?

Not sure if it's bug or feature (and may be this configuration cannot work anymore or I handled this in a wrong way...).

When single VRRP interface is a Target for simple queue, it works as expected. But how to handle the traffic going in/out through multiple virtual interfaces? The goal is to have simple pcq traffic shaping across all virtual interfaces up to the ISP bandwidth limit (for all LAN sources accessing the WAN through multiple virtual interfaces).

Re: v6.29 released

Posted: Sun Feb 07, 2016 11:17 pm
by frederico
As a matter of fact Mikrotik staff may have accidentally acknowledged this by suggesting to export the config, netinstall and then import the config back - all because the NTP client wouldn't work after an upgrade(!) :shock:

I don't see any other official explanation for the tons of bug (or not) reports on each new version.
Take every thread for each new version (especially after v6.x). It will be 6-10pages of which most posts will be about reporting bugs or problems after the upgrade and how downgrading back to whatever previous version, resolves it.

The pattern is quite clear I am afraid.
I recently exported from a major v6 ROS to another but after reviewing the terminal found a number of command syntax's had changed on importation of the export. One of the changes was - set time-zone-autodetect=no time-zone-name=Australia/Brisbane which caused the timezone not to be applied. I can't recall the other 2. If this type of thing is happening between versions stability of configurations will be effected.
Dear Sir, Hi, I am also facing the same problem, NTP client is not responding, and the time is not correct, I got more than 10 mikrotiks, ALL of them got that problem, the version are 6.28, 6.29, even 6.30 (19), any one else got the same problem?
I'm also having the same issues, Time is not being updated via NTP, I set the NTP server IP address.
The second bug is that when I issue the command to change the time-zone it hangs in there and does nothing, I have to press ctrl+C to cancel.
Looks like a bug to me.