Already had a similar problem where the web interface didn't respond anymore after upgrading from 6.40.x to 6.44...

Now in 6.44.1 I added another ipsec peer...and after changing the policy the system just froze....
No more webfig interface, no answers from pings to 192.168.88.1, no services detected with nmap...

Only my laptop gets every time the IP address 192.168.88.254 as before...

Restarted several times....all it does is giving out an ip address...that's it....

Is the RB750Gr-3 rather new and therefore known to certain bugs where it might freeze totally?

So only resetting to defaults during power on did bring it back...

Seems it is wise to make configuration backups all the time with this device!
From my few days experience it doesn't seems to be very reliable...

Just restored my vpn site2site configuration...and added a new one with psk/xauth...

As soon I add a new policy to it...the webfig and all other services stop responding...
So again reset the configuration and restore the backup...

Or much better...return this buggy device/routeros device and stick with ipfire...

You can also try Long-term branch of RouterOS. MikroTik calls 6.44.1 Stable, but history shows us that it may not be exactly how other people understand the meaning of "stable". Especially when it's new (only .1) and they made a lot of IPSec changes in 6.44.

Before you do, check if there's autosupout from crashed system. Sending it to MikroTik support can help to fix the problem.

Most likely your ipsec config prevented IP communication to reach "local in" https://wiki.mikrotik.com/wiki/Manual:Packet_Flow . That can easily happen if you misconfigure your ipsec.

I believe you should still be able to reach your device using mac-winbox or mac-telnet (unless you disabled them)

Yes, or that (sorry MikroTik for my first choice of explanation; on the other hand, it is true that "stable" RouterOS breaks things more often than one would expect and "long-term" is safer choice).

How would one explain that DHCPD still gave out leases though all other service on LAN side were not reachable?
That would not fit the "ipsec config prevented IP communication to reach local in" as it got the dhcp requests...
Or just layer-3 wasn't responding anymore...

I just picked the RB750Gr-3 first as it was a cheap alternative with GB ports to see if RouterOS would do what I want..
especially site2site ipsec and as a road warrior client to another country and ipsec to my office...

And it was the cheapest model which doesn't has an Atheros SoC, as we had bad experience with the manufacturer...
for example the hardware watchdog bug in CPU during specific SPI memory reads.

Don't feel much confident at the moment as Mikrotik also uses OpenWRT as 8devices does for their
broken Atheros MIPS SoCs (o;


Currently run a longer test to see if site2site ipsec goes down again as yesterday...after that I downgrade to "long-term".
Think I've seen some spare document about it how to downgrade....

AFAIK, DHCP server uses raw sockets, so it doesn't care about (mis)configurations on higher levels. So it looks like it actually confirms the miscofiguration theory.

RouterOS is not based on OpenWRT, they both use Linux kernel, but that's it.

And switching to long-term branch is not regular downgrade, you can simply select desired branch in "Check for updates" dialog.

Ah okay...will do the downgrade from GUI then..so far vpn is still up

For the misconfiguration....are there certain cases gui can't warn about a misconfiguration?
Maybe I just post in another subforum what I want to achieve..basically migrate a racoon vpn configuration from macos.


Hmm...read yesterday on the openwrt wiki pages that it is running openwrt...
well I will attach a cable and see what it ouputs during boot (o;

The RB750Gr-3 is just for testing.....main goal is to use the RB4011 without wifi to replace the APU2D4 running ipfire
so I can use the APU device then for asterisk/cacti/amazon voice service.

You can run openwrt on some routerboard models ... and that's all about how mikrotik relates to openwrt.

If it works now, I'd keep the stable branch for now. You can switch to long-term later, when 6.44 (or later) gets there.

It may feel unusual or dangerous at first, but it's one great feature of RouterOS - it allows you to do anything you want. Great freedom, but also great responsibity. Use Safe Mode it you're not sure about the changes you're making. Enable it before doing anything dangerous and it will revert the change if it cuts off your session.

You won't see much when booting, there's only some generic "starting..." messages, no details.

Well I definitively hope that Mikrotik doesn't use OpenWRT at all

Okay..downgraded now to long-term...and rerunning vpn test again....only had to enter psk again...
Interesting that long-term warns about using psk and not cert....stable doesn't do that.

Maybe I replace the ipfire box over night to see if all is running tomorrow...
but then I would need a second RB750Gr-3 for testing ipsec xauth to office on the second cable modem (o;

You can run openwrt on some routerboard models ... and that's all about how mikrotik relates to openwrt.