Community discussions

 
ivanfm
newbie
Posts: 37
Joined: Sun May 20, 2012 5:07 pm

Re: v6.43.4 [stable] is released!

Mon Oct 29, 2018 7:32 pm

Hi
Europe/Volgograd time zone is incorrect. should be GMT Offset +04:00 from October 28
It's not MiktoTik problem. All websites I can found show GMT +03:00 for Volgograd today, even Google.

If +04:00 is true, it needs to be fixed in TimeZone Database, not in applications.
This Volgograd change was published in tzdata on 2018-10-18, probably will have a long time to be updated in the servers.

https://github.com/eggert/tz/blob/ddc67 ... 2/NEWS#L50

The brazilian change was published in tzdata on 2018-01-12 and mikrotik and google maps does not use it yet.
 
Vesic
just joined
Posts: 2
Joined: Wed Sep 14, 2016 1:26 pm
Location: Russia. Volgograd

Re: v6.43.4 [stable] is released!

Tue Oct 30, 2018 7:24 am

Hi
Europe/Volgograd time zone is incorrect. should be GMT Offset +04:00 from October 28
It's not MiktoTik problem. All websites I can found show GMT +03:00 for Volgograd today, even Google.

If +04:00 is true, it needs to be fixed in TimeZone Database, not in applications.
https://www.timeserver.ru/cities/ru/volgograd
https://blogs.technet.microsoft.com/dst ... st-russia/

i
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8117
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.43.4 [stable] is released!

Tue Oct 30, 2018 8:42 am

Anyway, 6.43.4 was released even before this was updated in TZ database :) Politicians appeared to be slower than tech guys.

Write to support@mikrotik.com and ask them to update TZ info. Maybe in next version :)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
notToNew
Member Candidate
Member Candidate
Posts: 133
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.43.4 [stable] is released!

Wed Oct 31, 2018 7:43 am

Sometimes after reboot, my Ltap Mini looses password and let me login without any.

Rebooting again often fixes the problem.
For security considerations this is extremely... Any ideas?
Have not seen this on any other MT router, and have several 100 in the field.
--------------------------------------------------------------------------------------------
CCR1036-12G-4S, several 952Ui-5ac2nD, ...
 
Ulypka
newbie
Posts: 43
Joined: Wed Jan 09, 2013 8:26 am

Re: v6.43.4 [stable] is released!

Fri Nov 02, 2018 8:42 am

what about Ticket#2018101022007579?
My ccr still crashing to get fragmented packet of EOIP
 
ieleja
just joined
Posts: 7
Joined: Thu Mar 29, 2012 10:22 pm

Re: v6.43.4 [stable] is released!

Fri Nov 02, 2018 8:43 am

hAP ac ( 962UiGS-5HacT2HnT), upgraded at Oct/17 with 6.43.4 build [Oct/17/2018 06:37:48]

after that get 8 reboots up today, that at boot leaves in LOG:
router was rebooted without proper shutdown by watchdog timer

there are no configuration changes, high loads
current firmware 6.43
 
npero
Member
Member
Posts: 314
Joined: Tue Mar 01, 2005 1:59 pm
Location: Serbia

Re: v6.43.4 [stable] is released!

Fri Nov 02, 2018 8:57 am

Some problem but with 960GSP just regular restart by watchdog every 4 days in old version 6.42.xx have uptime 100day and more, support give me generic answer netinstall to last version and if happens again send again supout.rif.
Also have PowerBox Pro for now only one watchdog restart after update to 6.43.

It is easy to do netinstall for router in your room but in the tower, for now I look this as a new feature automatically router restart nice :) or automatic cache cleaner nice new feature.
 
User avatar
Chaosphere64
just joined
Posts: 18
Joined: Wed Aug 10, 2016 10:19 pm

Re: v6.43.4 [stable] is released!

Fri Nov 02, 2018 9:43 am

hAP ac ( 962UiGS-5HacT2HnT), upgraded at Oct/17 with 6.43.4 build [Oct/17/2018 06:37:48]

after that get 8 reboots up today, that at boot leaves in LOG:
router was rebooted without proper shutdown by watchdog timer

there are no configuration changes, high loads
current firmware 6.43
+1
Exactly the same problem (3x hAP ac + 1 hEX PoE)
 
GreatForcez
just joined
Posts: 6
Joined: Mon Oct 16, 2017 2:49 pm

Re: v6.43.4 [stable] is released!

Fri Nov 02, 2018 5:28 pm

I bought two brand new hEX routers, both came with RouterOS 6.40.4. Upgraded from System -> Packages with default configuration still in place. After the upgrade, I could not log back in (it said "wrong username or password"), also WinBox neighbour discovery was not working. But internet traffic was working fine, so I know the router booted and was running succesfully, but I could not access it. Reboot did not help, had to manually reset the device using the reset button. After resetting, I was able to log back in again and the router was succesfully updated. Confirmed this issue with two brand new hEX routers, serial numbers show "..../806/r3" so revision 3???

Also upgraded two CCR1036, no problems.
 
usmany
Member Candidate
Member Candidate
Posts: 141
Joined: Sun Dec 20, 2009 3:20 pm
Location: Nigeria
Contact:

Re: v6.43.4 [stable] is released!

Tue Nov 06, 2018 11:42 pm

HI All,
I tried to upgrade my box, see result i got on attached file.

Need way out from this mess please
You do not have the required permissions to view the files attached to this post.
When the world turn back on you, you turn your back on the world...
 
User avatar
NetworkPro
Forum Guru
Forum Guru
Posts: 1367
Joined: Mon Jan 05, 2009 6:23 pm
Location: Worldwide
Contact:

Re: v6.43.4 [stable] is released!

Wed Nov 07, 2018 8:52 am

@usmany this should solve it for you

backup your config with a backup file, as well as export to text format

upgrade to the latest beta with only the packages you are using and you want to keep

system
security
advanced-tools
wireless
dhcp
ppp

upload only these npks

if everything goes fine, then switch back to stable if you need, or keep the beta until the next stable is released
wiki.mikrotik.com/wiki/NetworkPro_on_Quality_of_Service
 
eXS
newbie
Posts: 37
Joined: Fri Apr 14, 2017 4:01 am

Re: v6.43.4 [stable] is released!

Fri Nov 09, 2018 6:29 am

After upgrade & logging in for the first time the "Check for Updates" dialog was blank & giving an "error could not connect out of streams resources" at the bottom, this error remained despite trying "Check for updates" - by near accident i noticed if i changed the "Channel" drop down list the error went away and changed back to the normal "System is already up to date" when changed back to "current".

google -> "out of streams resources"
Last edited by eXS on Sat Nov 17, 2018 8:45 am, edited 1 time in total.
 
Aytishnikcom
just joined
Posts: 6
Joined: Wed Jan 29, 2014 10:14 pm

Re: v6.43.4 [stable] is released!

Sat Nov 10, 2018 12:59 pm

RB 3011 does not work SNTP Client, netinstall did not help.
If you disable the SNTP Client then Cloud update time works

translate.google
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8117
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.43.4 [stable] is released!

Sat Nov 10, 2018 1:23 pm

does not work
what does that mean?

can you ping NTP server? don't you block NTP packets in Firewall Filter?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
Aytishnikcom
just joined
Posts: 6
Joined: Wed Jan 29, 2014 10:14 pm

Re: v6.43.4 [stable] is released!

Sat Nov 10, 2018 1:47 pm

RB 3011 When you do reset configuration, and you select the default configuration, the SNTP Client also does not work anyway.
SNTP Client works well on rb2011, RB1100AHx4, 951G-2HnD, D52G-5HacD2HnD-TC
translate.google
ping Image https://prnt.sc/lgnog5
# nov/10/2018 14:29:33 by RouterOS 6.43.4
# software id = a98y-5s1n
#
# model = RouterBOARD 3011UiAS

/ip firewall filter
add action=accept chain=input comment="ACCEPT WinBox after knock" dst-port=\
    8291 in-interface-list=WAN protocol=tcp src-address-list=KNOCK-SUCCESS
add action=jump chain=input comment="Check port knock  (__1__)" icmp-options=\
    8:0-255 jump-target=knock packet-size=!0-99 protocol=icmp
add action=return chain=knock comment="KNOCK FAILURE return  (__2__)" \
    src-address-list=KNOCK-FAILURE
add action=add-src-to-address-list address-list=KNOCK-SUCCESS \
    address-list-timeout=1h chain=knock comment=\
    "KNOCK 3rd - success 10  (__3__)" packet-size=10 src-address-list=\
    KNOCK2
add action=return chain=knock comment="KNOCK 3rd - success return  (__4__)" \
    src-address-list=KNOCK-SUCCESS
add action=add-src-to-address-list address-list=KNOCK-FAILURE \
    address-list-timeout=1m chain=knock comment=\
    "KNOCK 3rd - failure  (__5__)" src-address-list=KNOCK2
add action=return chain=knock comment="KNOCK 3rd - failure return  (__6__)" \
    src-address-list=KNOCK-FAILURE
add action=add-src-to-address-list address-list=KNOCK2 address-list-timeout=\
    1m chain=knock comment="KNOCK 2nd - success 7  (__7__)" packet-size=7 \
    src-address-list=KNOCK1
add action=return chain=knock comment="KNOCK 2nd - success return  (__8__)" \
    src-address-list=KNOCK2
add action=add-src-to-address-list address-list=KNOCK-FAILURE \
    address-list-timeout=1m chain=knock comment=\
    "KNOCK 2nd - failure  (__9__)" src-address-list=KNOCK1
add action=return chain=knock comment="KNOCK 2nd - failure return  (__10__)" \
    src-address-list=KNOCK-FAILURE
add action=add-src-to-address-list address-list=KNOCK1 address-list-timeout=\
    1m chain=knock comment="KNOCK 1st - success 10  (__11__)" packet-size=\
    10
add action=return chain=knock comment="KNOCK 1st - success return  (__12__)" \
    src-address-list=KNOCK1
add action=add-src-to-address-list address-list=KNOCK-FAILURE \
    address-list-timeout=1m chain=knock comment=\
    "KNOCK 1st - failure  (__13__)"
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=2w chain=input comment=\
    "scanners-1  Port scanners to list" protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=2w chain=input comment=\
    "scanners-2  NMAP FIN Stealth scan" protocol=tcp tcp-flags=\
    fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=2w chain=input comment="scanners-3  SYN/FIN scan" \
    protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=2w chain=input comment="scanners-4  SYN/RST scan" \
    protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=2w chain=input comment=\
    "scanners-5  FIN/PSH/URG scan" protocol=tcp tcp-flags=\
    fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=2w chain=input comment="scanners-6  ALL/ALL scan" \
    protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=port_scanners \
    address-list-timeout=2w chain=input comment="scanners-7  NMAP NULL scan" \
    protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="scanners-8  dropping port scanners" \
    src-address-list=port_scanners
add action=drop chain=forward comment="scanners-9  dropping port scanners" \
    src-address-list=port_scanners
add action=drop chain=input comment="Brute Forcers_winbox_black_list - 1" \
    dst-port=8291 in-interface-list=WAN protocol=tcp src-address-list=\
    black_list
add action=add-src-to-address-list address-list=black_list \
    address-list-timeout=8h chain=input comment=\
    "Brute Forcers_add_black_list - 2" connection-state=new dst-port=8291 \
    in-interface-list=WAN protocol=tcp src-address-list=Winbox_Ssh_stage3
add action=add-src-to-address-list address-list=Winbox_Ssh_stage3 \
    address-list-timeout=1m chain=input comment=\
    "Brute Forcers_Ssh_stage3  -  3" connection-state=new dst-port=8291 \
    in-interface-list=WAN protocol=tcp src-address-list=Winbox_Ssh_stage2
add action=add-src-to-address-list address-list=Winbox_Ssh_stage2 \
    address-list-timeout=1m chain=input comment=\
    "Brute Forcers_Ssh_stage2  -  4" connection-state=new dst-port=8291 \
    in-interface-list=WAN protocol=tcp src-address-list=Winbox_Ssh_stage1
add action=add-src-to-address-list address-list=Winbox_Ssh_stage1 \
    address-list-timeout=1m chain=input comment=\
    "Brute Forcers_Ssh_stage1  -  5" connection-state=new dst-port=8291 \
    in-interface-list=WAN protocol=tcp
add action=drop chain=input comment="Drop DNS" dst-port=53 in-interface-list=\
    WAN protocol=udp
add action=drop chain=input comment="Drop DNS" dst-port=53 in-interface-list=\
    WAN protocol=tcp
add action=drop chain=input comment="Block hole Windows - 1" dst-port=\
    135,137-139,445,593,4444 protocol=tcp
add action=drop chain=forward comment="Block hole Windows - 2" dst-port=\
    135,137-139,445,593,4444 protocol=tcp
add action=drop chain=input comment="Block hole Windows - 3" dst-port=\
    135,137-139 protocol=udp
add action=drop chain=forward comment="Block hole Windows - 4" dst-port=\
    135,137-139 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
    protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=accept chain=forward comment=torrent dst-port=50000 \
    in-interface-list=WAN protocol=tcp
add action=accept chain=forward comment="torrent UDP" dst-port=50000 \
    in-interface-list=WAN protocol=udp
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN

does not work
what does that mean?

can you ping NTP server? don't you block NTP packets in Firewall Filter?
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 242
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.43.4 [stable] is released!

Tue Nov 13, 2018 9:38 am

6.43.4 is Stable branch and includes *) bridge - do not learn untagged frames when filtering only tagged packets;
When do we recon that this patch will be available in "Long Term" branch?
 
eXS
newbie
Posts: 37
Joined: Fri Apr 14, 2017 4:01 am

Re: v6.43.4 [stable] is released!

Sat Nov 17, 2018 8:21 am

Today the firewall connections list on one of my 1100x2's in winbox would keep going blank, progressively remaining/becoming more blank the longer the window was left open, despite 300-400 (fluctuating) "items" (bottom of connections window) - for a moment i thought it was because the list was actually clearing out, but checking in the terminal shows a list each time while the winbox connections window shows nothing. closing & re-opening the firewall window reliably brings back the list.

Also, albeit only twice/rarely, i've gotten a login authentication error logged, at the same time as i'm logging in, using stored credentials, it's as if i'm connecting too fast after launching winbox or something, that or resources being tied up is causing a glitch when i'm launching/connecting quickly, i'm not sure.

things feel kind of buggy lately, but i don't know if it's this-version specific as i'm doing things that i wasn't before. i couldn't afford a 2nd re-boot after the last upgrade (above post) which i've had to do in the past for other misc/buggy reasons on other devices after reset or upgrade.
 
venthyl
just joined
Posts: 20
Joined: Thu Nov 03, 2011 3:12 pm

Re: v6.43.4 [stable] is released!

Sun Nov 18, 2018 10:44 pm

LHG 60, 6.43.4 after uograde

ap died after 3th frequency change

no ping response, no link with second device

Who is online

Users browsing this forum: nescafe2002, p3969458 and 10 guests