Community discussions

 
User avatar
emils
MikroTik Support
MikroTik Support
Topic Author
Posts: 463
Joined: Thu Dec 11, 2014 8:53 am

v6.43.12 [stable] is released!

Mon Feb 11, 2019 2:49 pm

RouterOS version 6.43.12 has been released in public "stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.43.12 (2019-Feb-08 11:46):

MAJOR CHANGES IN v6.43.12:
----------------------
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
----------------------

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this concrete RouterOS release.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5557
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.43.12 [stable] is released!

Mon Feb 11, 2019 6:11 pm

*) winbox - improvements in connection handling to router with open winbox service;
Yet another security hole, I presume?
How severe is it?
 
HarryK
just joined
Posts: 5
Joined: Sat Apr 21, 2018 1:16 pm

Re: v6.43.12 [stable] is released!

Mon Feb 11, 2019 7:19 pm

Still 100% CPU-load on one of the cores in my RB3011. The router is working, but still this indicate something is wrong. Anyone else with the same problem? Any suggestions on how to fix?
 
minelli
newbie
Posts: 41
Joined: Tue Feb 26, 2008 2:36 am

Re: v6.43.12 [stable] is released!

Mon Feb 11, 2019 7:21 pm

There is a bug in this version as it does not show the routes received from the IPv6 sessions.
New_terminal:
/ip route print detail where received-from=Peer_X
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

If the search is done by the prefix received from the session, example 2x0x:fec::/32, the search returns the routes correctly.
New_Terminal:
/ipv6 route print detail where dst-address in 2x0x:fec::/32
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
0 ADb dst-address=2x0x:fec::/32 gateway=2x0x:fec::3e gateway-status=2x0x:fec::3e reachable via VLan_X distance=20 scope=40
target-scope=10 bgp-as-path="2xxxxx" bgp-local-pref=250 bgp-med=0 bgp-origin=igp received-from=Peer_X
 
nescafe2002
Long time Member
Long time Member
Posts: 615
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v6.43.12 [stable] is released!

Mon Feb 11, 2019 7:34 pm

Still 100% CPU-load on one of the cores in my RB3011. The router is working, but still this indicate something is wrong. Anyone else with the same problem? Any suggestions on how to fix?

Yes, send supout.rif to support@mikrotik.com.
 
R1CH
Forum Veteran
Forum Veteran
Posts: 879
Joined: Sun Oct 01, 2006 11:44 pm

Re: v6.43.12 [stable] is released!

Mon Feb 11, 2019 8:21 pm

*) winbox - improvements in connection handling to router with open winbox service;
Yet another security hole, I presume?
How severe is it?
Sounds like you can DoS the service with half-closed connections or something.
 
Kindis
Member Candidate
Member Candidate
Posts: 245
Joined: Tue Nov 01, 2011 6:54 pm

Re: v6.43.12 [stable] is released!

Mon Feb 11, 2019 9:23 pm

Updated two 3011, one 4011, one 493G, two CHR and two wAP AC and all went fine.
Updated from 6.43.11
 
Redmor
Member Candidate
Member Candidate
Posts: 248
Joined: Wed May 31, 2017 7:40 pm
Location: Italy

Re: v6.43.12 [stable] is released!

Mon Feb 11, 2019 10:42 pm

Just one improvement? Can't you add some Easter egg when releasing this kind of stable?
ImageImage
 
bbs2web
Member Candidate
Member Candidate
Posts: 197
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: v6.43.12 [stable] is released!

Mon Feb 11, 2019 11:00 pm

There is a bug in this version as it does not show the routes received from the IPv6 sessions.
New_terminal:
/ip route print detail where received-from=Peer_X

You're expecting IPv6 routes to be shown when querying IPv4 routes...

Only upgraded a single router to 6.43.12 which has IPv6 BGP, receives only default gateway and working as expected:
[user@router] > ipv6 route print detail where received-from="xxx - Primary - IPv6"              
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable 
 0 ADb  dst-address=::/0 gateway=fe80::4e5e:cff:fe02:79fe%vlan10 
        gateway-status=fe80::4e5e:cff:fe02:79fe%vlan10 reachable distance=20 scope=40 
        target-scope=10 bgp-as-path="112233" bgp-local-pref=100 bgp-origin=igp 
        bgp-communities=112233:1010 received-from=xxx - Primary - IPv6
 
minelli
newbie
Posts: 41
Joined: Tue Feb 26, 2008 2:36 am

Re: v6.43.12 [stable] is released!

Mon Feb 11, 2019 11:32 pm

There is a bug in this version as it does not show the routes received from the IPv6 sessions.
New_terminal:
/ip route print detail where received-from=Peer_X

You're expecting IPv6 routes to be shown when querying IPv4 routes...

Only upgraded a single router to 6.43.12 which has IPv6 BGP, receives only default gateway and working as expected:
[user@router] > ipv6 route print detail where received-from="xxx - Primary - IPv6"              
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable 
 0 ADb  dst-address=::/0 gateway=fe80::4e5e:cff:fe02:79fe%vlan10 
        gateway-status=fe80::4e5e:cff:fe02:79fe%vlan10 reachable distance=20 scope=40 
        target-scope=10 bgp-as-path="112233" bgp-local-pref=100 bgp-origin=igp 
        bgp-communities=112233:1010 received-from=xxx - Primary - IPv6
I'm sorry for my failure and lack of attention.
And thank you for pointing me out after 48 hours of work.
 
User avatar
inteq
Member Candidate
Member Candidate
Posts: 101
Joined: Wed Feb 25, 2015 8:15 pm

Re: v6.43.12 [stable] is released!

Tue Feb 12, 2019 7:52 am

After updating from .11 to .12, one RB1100AHx4 (the only one on PPPoE) would not connect via PPPoE at all. Kept looping Initializing, connecting, terminating, disconnected for more than 5 minutes.
One more reboot and it connected instantly.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2279
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.43.12 [stable] is released!

Tue Feb 12, 2019 11:35 am

deleted
LAN, FTTx, Wireless. ISP operator
 
bizzy
just joined
Posts: 2
Joined: Wed Feb 06, 2019 2:01 pm

Re: v6.43.12 [stable] is released!

Tue Feb 12, 2019 12:51 pm

On v6.43.12 stiil has issue with Samba access. Back to long-term 6.42.12 - access restored...

About this issue wrote in last topic v6.43.11
viewtopic.php?f=21&t=144949&p=713564#p713564
 
pe1chl
Forum Guru
Forum Guru
Posts: 5557
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.43.12 [stable] is released!

Tue Feb 12, 2019 1:13 pm

After updating from .11 to .12, one RB1100AHx4 (the only one on PPPoE) would not connect via PPPoE at all. Kept looping Initializing, connecting, terminating, disconnected for more than 5 minutes.
One more reboot and it connected instantly.
There is a generic issue in some environments where a PPPoE connection will not re-establish when the previous one is not closed correctly and/or the new connection is made too soon.
You can experience this on any reboot even without an update. Or on a connection loss between te router and PPPoE server.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1406
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.43.12 [stable] is released!

Wed Feb 13, 2019 7:40 am

bizzy - Fixes for SMB will be included in next release;
inteq , pe1chl - If only-one option is enabled on PPP/Profile or you allow only single session on RADIUS (If you use RADIUS), then client can not establish new session while keepalive is keeping old session open. Reduce keepalive in order to speed up re-connect or allow more simultaneous sessions for single user. If this is not your case, then please provide supout file to support@mikrotik.com and make sure that file is generated while problem is actual on your router.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5557
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.43.12 [stable] is released!

Wed Feb 13, 2019 10:52 am

inteq , pe1chl - If only-one option is enabled on PPP/Profile or you allow only single session on RADIUS (If you use RADIUS), then client can not establish new session while keepalive is keeping old session open.
I have such an issue vs. my ISP but I am not controlling the other end. I require a fix at the client side...
The problem is occurring with VDSL. Inside the VDSL and ISP network there is some "PPPoE helper" that forwards my outgoing PPPoE session to the BRAS at the ISP, adding some info (like line#).
Unfortunately it is buggy. It keeps state. When the path is somehow interrupted (e.g. due to some reboot inside the VDSL ethernet network OR due to reboot of the MikroTik in an uncontrolled way) the PPPoE client in the MikroTik sees the session is down and starts to re-establish it by sending PADI.
The PPPoE helper sees this traffic as an indication that the session is still allive and does not forward the PADI to the BRAS (a bug IMHO but unlikely to be fixed).
Because the MikroTik PPPoE client is trying at constant interval (well, after some tries it logs a failure but then it immediately starts a new cycle) this is a fatal condition that does not recover.
There are two conditions to reset the PPPoE helper:
1. to re-establish the VDSL line sync (apparently the loss-of-sync immediately resets the helper)
2. to wait a couple of minutes.

So what is required to cleanly recover from this: a dead time between PPPoE sessions even when the setting is not dial-on-demand.
I now cobbled this together using scripting but it would be more convenient when there was a settings field that does this, especially because there is no easy way to say "schedule this job to run once at 3 minutes from now". I worked around that by having a repeating scheduled job that I disable/enable, but of course it can happen that the first try occurs too soon and it has to wait another cycle.
 
mkx
Forum Guru
Forum Guru
Posts: 2590
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.43.12 [stable] is released!

Wed Feb 13, 2019 12:13 pm

Because the MikroTik PPPoE client is trying at constant interval (well, after some tries it logs a failure but then it immediately starts a new cycle) this is a fatal condition that does not recover.
There are two conditions to reset the PPPoE helper:
1. to re-establish the VDSL line sync (apparently the loss-of-sync immediately resets the helper)
2. to wait a couple of minutes.

So what is required to cleanly recover from this: a dead time between PPPoE sessions even when the setting is not dial-on-demand.

+1

I've encountered a similar problem: after I performed some reconfiguration of the WAN interface (which came online just fine), pppoe-client was unsuccessfully trying to re-establish connection. The cure was to disable and re-enable pppoe-out interface[*] (without any intentional delay between the two operations, so net delay was a few seconds).

[*] this is, unfortunately, not possible to perform if one is not physically present in LAN perimeter as WAN connectivity does not exist at this moment.
BR,
Metod
 
owsugde
just joined
Posts: 20
Joined: Thu Oct 06, 2016 5:01 pm

Re: v6.43.12 [stable] is released!

Wed Feb 13, 2019 4:00 pm

My biggest problem with MT wireless right now is the sensitivity of DFS detection. Even in relatively clear environments, I get far too many DFS changes each day. In urban settings with close device proximities and generally full spectrum, it just becomes ridiculous, with devices continually "detecting" something on all the channels. In such areas, the 5590-5650 MHz slice has to be disabled outright because the (multiple) 10 minute scans just kill off reliability entirely. And even so, any careful frequency planning goes right out the window.

These "detections" are almost guaranteed to be false positives. I'm quite certain of this because UBNT devices operating in the same areas get precisely zero detections all day. There are no weather radars nearby (100km radius). Other radar installations I'm aware of should also be far enough away.

I know DFS is a touchy subject and there's not really the way of implementation that satisfies (or at least balances) all the requirements, as these are hard tradeoffs. It's just that I am more or less forced to use Superchannel right now to get anything resembling reliability for my clients. I would really like to see some tweaks or larger overhauls in this regard. Who knows, maybe false positives can be reduced by say 80%, while >97% of actual radar pulses are still caught?
 
pe1chl
Forum Guru
Forum Guru
Posts: 5557
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.43.12 [stable] is released!

Wed Feb 13, 2019 4:11 pm

My biggest problem with MT wireless right now is the sensitivity of DFS detection. Even in relatively clear environments,
These "detections" are almost guaranteed to be false positives. I'm quite certain of this because UBNT devices operating in the same areas get precisely zero detections all day.
It appears that UBNT is fighting the same problem (how to detect RADAR and not detect other pulses).
The before-latest UBNT firmware introduces the same problem as MikroTik has had for years....
There was a newer release lately but I have not yet deployed it to see if it has been fixed.
 
makstex
newbie
Posts: 46
Joined: Fri Mar 27, 2009 6:31 am

Re: v6.43.12 [stable] is released!

Thu Feb 14, 2019 9:20 am

The script in the PPP profile is not executed!

Code: Select all

ping interface=$interface address=8.8.8.8 interval=00:00:05
 
User avatar
eworm
Member
Member
Posts: 358
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.43.12 [stable] is released!

Thu Feb 14, 2019 4:56 pm

The script in the PPP profile is not executed!

Code: Select all

ping interface=$interface address=8.8.8.8 interval=00:00:05
That's not version specific. Anyway... Use:
ping interface=[ / interface get $interface name ] address=8.8.8.8 interval=00:00:05
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts
 
makstex
newbie
Posts: 46
Joined: Fri Mar 27, 2009 6:31 am

Re: v6.43.12 [stable] is released!

Thu Feb 14, 2019 10:45 pm

The script in the PPP profile is not executed!

Code: Select all

ping interface=$interface address=8.8.8.8 interval=00:00:05
That's not version specific. Anyway... Use:
ping interface=[ / interface get $interface name ] address=8.8.8.8 interval=00:00:05
after reboot - working. x86.
 
owsugde
just joined
Posts: 20
Joined: Thu Oct 06, 2016 5:01 pm

Re: v6.43.12 [stable] is released!

Fri Feb 15, 2019 10:50 am

It appears that UBNT is fighting the same problem (how to detect RADAR and not detect other pulses).
The before-latest UBNT firmware introduces the same problem as MikroTik has had for years....
I had read that too. With the latest firmwares, my DFS detects went from zero to zero :D . Even if it actually got worse, which it might, I think the problem is still at least an order of magnitude worse with MT devices regarding rate of false positives.

My setups are almost entirely mixed-vendor. I do have the direct comparison that way.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5557
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.43.12 [stable] is released!

Fri Feb 15, 2019 12:34 pm

I had read that too. With the latest firmwares, my DFS detects went from zero to zero :D . Even if it actually got worse, which it might, I think the problem is still at least an order of magnitude worse with MT devices regarding rate of false positives.

My setups are almost entirely mixed-vendor. I do have the direct comparison that way.
We have several installations with both makes of AP and with those 6.1.8 and 8.5.8 releases in some locations the AP completely failed (only hunting for RADAR free channels which it never found), on others it was sort of okay but switched every couple of hours (which did not happen before the change) and others are unaffected. We rolled back to 6.1.7 and 8.5.7
With MikroTik it was always like that. We are now running 6.43.7 on the MikroTik APs.

Those installations are 40-220m above ground level and use sector antennas.
 
tesme33
newbie
Posts: 45
Joined: Mon May 26, 2014 10:25 pm

Re: v6.43.12 [stable] is released!

Sat Feb 16, 2019 8:54 am

Still 100% CPU-load on one of the cores in my RB3011. The router is working, but still this indicate something is wrong. Anyone else with the same problem? Any suggestions on how to fix?
Hi
can confirm the same on my side.

CCR-1009-PC : 6.43.4 --> 6.43.12 (OS and bootloader) : No issues
RB3011: 6.42.4 --> 6.43.12 (OS and bootloader): 1 CPU @ 100%
RB2011: 6.41.2 --> 6.43.12 (OS and bootloader): No issues
RB 750Gr3/hEX 6.43.1 --> 6.43.12 (OS and bootloader): No issues
RB941-ND2/hAP lite 6.43.7 --> 6.43.12 (OS and botloader): dowloading but not installing. 7,0 MB free (before reboot around 400K free), after deleting really everything and 7.8mb free it worked.



Yours
Last edited by tesme33 on Sat Feb 16, 2019 10:48 am, edited 3 times in total.
 
eddieb
Member Candidate
Member Candidate
Posts: 129
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: v6.43.12 [stable] is released!

Sat Feb 16, 2019 9:41 am

Upgraded from 6.43.11 -> 6.43.12
using dude to push the packages on

CCR1009-8G-1S (2x ipsec/l2tp site-to-site, dhcpd)
CRS125-24G-1S
RB1100
RB962UiGS-5HacT2HnT (10pc)
RB951
RB750GL
RB2011UAS-RM
CHR running dude (CHR running in VirtualBox on OSX)

without any issues
Running 6.45.3 (stable) on :
CCR1009-8G-1S (2x ipsec/l2tp site-to-site, ipsec/l2tp roadwarrior, dhcpd, dns), CRS125-24G-1S, RB1100, RB962UiGS-5HacT2HnT (10pc), RB931-2nD, RB951, RB750GL ,RB2011UAS-RM, CHR running dude (CHR running in VirtualBox on OSX)
 
HarryK
just joined
Posts: 5
Joined: Sat Apr 21, 2018 1:16 pm

Re: v6.43.12 [stable] is released!

Sat Feb 16, 2019 2:53 pm

Still 100% CPU-load on one of the cores in my RB3011. The router is working, but still this indicate something is wrong. Anyone else with the same problem? Any suggestions on how to fix?
Solved the problem by uninstalling The Dude, deleting all related files and reinstalling again.
 
nuengdunk
just joined
Posts: 1
Joined: Mon Feb 18, 2019 6:06 am

Re: v6.43.12 [stable] is released!

Mon Feb 18, 2019 6:18 am

my dude can't work the dude client said connection time out
Image
FYI
RouterOS 6.43.12
Routerboard 6.43.12
Dude Server 6.43.12
Dude Client 6.43.12
 
HarryK
just joined
Posts: 5
Joined: Sat Apr 21, 2018 1:16 pm

Re: v6.43.12 [stable] is released!

Mon Feb 18, 2019 10:13 am

Right-click and "Run as Administrator" should resolve this.
my dude can't work the dude client said connection time out
Image
FYI
RouterOS 6.43.12
Routerboard 6.43.12
Dude Server 6.43.12
Dude Client 6.43.12
 
lbandi77
just joined
Posts: 4
Joined: Mon Feb 18, 2019 11:25 am

Re: v6.43.12 [stable] is released!

Mon Feb 18, 2019 11:37 am

Hello,

I've got IPSec problem after upgrading to v6.43.12. I use RB1100 devices, with IPSec vpn. The ipsec peers are configured in the IP->IPSec->Peers menu. The peer profile is sha512/aes256/modp8192 in both side, and the auth method is rsa signature. After upgrading to 6.43.12 in the log I see the following lines: x.x.x.x failed to get valid proposal, no suitable proposal found.

The configuration not changed, only the software were upgraded.

Andras
 
Pénzi
just joined
Posts: 2
Joined: Wed May 09, 2018 5:52 pm
Location: Hungary

Re: v6.43.12 [stable] is released!

Mon Feb 18, 2019 12:14 pm

Hello,

I've got IPSec problem after upgrading to v6.43.12. I use RB1100 devices, with IPSec vpn. The ipsec peers are configured in the IP->IPSec->Peers menu. The peer profile is sha512/aes256/modp8192 in both side, and the auth method is rsa signature. After upgrading to 6.43.12 in the log I see the following lines: x.x.x.x failed to get valid proposal, no suitable proposal found.

The configuration not changed, only the software were upgraded.

Andras
Try flush installed SA-s
 
Kindis
Member Candidate
Member Candidate
Posts: 245
Joined: Tue Nov 01, 2011 6:54 pm

Re: v6.43.12 [stable] is released!

Mon Feb 18, 2019 1:45 pm

Hello,

I've got IPSec problem after upgrading to v6.43.12. I use RB1100 devices, with IPSec vpn. The ipsec peers are configured in the IP->IPSec->Peers menu. The peer profile is sha512/aes256/modp8192 in both side, and the auth method is rsa signature. After upgrading to 6.43.12 in the log I see the following lines: x.x.x.x failed to get valid proposal, no suitable proposal found.

The configuration not changed, only the software were upgraded.

Andras
I had a similar issue with my GRE tunneln + IPSec but also related to restart. The issue was that the router rebooted faster then the timeout value and then I got the same issues in the log. As said above Flush SA works fine but I also now disable the GRE interfaces before upgrade or reboot and have lowered the timeout value.
 
lbandi77
just joined
Posts: 4
Joined: Mon Feb 18, 2019 11:25 am

Re: v6.43.12 [stable] is released!

Mon Feb 18, 2019 2:17 pm

Hello,

I've got IPSec problem after upgrading to v6.43.12. I use RB1100 devices, with IPSec vpn. The ipsec peers are configured in the IP->IPSec->Peers menu. The peer profile is sha512/aes256/modp8192 in both side, and the auth method is rsa signature. After upgrading to 6.43.12 in the log I see the following lines: x.x.x.x failed to get valid proposal, no suitable proposal found.

The configuration not changed, only the software were upgraded.

Andras
Try flush installed SA-s
I tried, it was the first step when I detected the problem....
 
lbandi77
just joined
Posts: 4
Joined: Mon Feb 18, 2019 11:25 am

Re: v6.43.12 [stable] is released!

Mon Feb 18, 2019 2:20 pm

Hello,

I've got IPSec problem after upgrading to v6.43.12. I use RB1100 devices, with IPSec vpn. The ipsec peers are configured in the IP->IPSec->Peers menu. The peer profile is sha512/aes256/modp8192 in both side, and the auth method is rsa signature. After upgrading to 6.43.12 in the log I see the following lines: x.x.x.x failed to get valid proposal, no suitable proposal found.

The configuration not changed, only the software were upgraded.

Andras
I had a similar issue with my GRE tunneln + IPSec but also related to restart. The issue was that the router rebooted faster then the timeout value and then I got the same issues in the log. As said above Flush SA works fine but I also now disable the GRE interfaces before upgrade or reboot and have lowered the timeout value.
Now I'm using gre+IPSec and it's working, but I not need gre, I want to use simple IPSec connection, and it's not working. I tried with 6.43.8 and working well, but in the version 6.43.12 no proposal found.
 
Kindis
Member Candidate
Member Candidate
Posts: 245
Joined: Tue Nov 01, 2011 6:54 pm

Re: v6.43.12 [stable] is released!

Mon Feb 18, 2019 3:04 pm

Hello,

I've got IPSec problem after upgrading to v6.43.12. I use RB1100 devices, with IPSec vpn. The ipsec peers are configured in the IP->IPSec->Peers menu. The peer profile is sha512/aes256/modp8192 in both side, and the auth method is rsa signature. After upgrading to 6.43.12 in the log I see the following lines: x.x.x.x failed to get valid proposal, no suitable proposal found.

The configuration not changed, only the software were upgraded.

Andras
Try flush installed SA-s
I tried, it was the first step when I detected the problem....
My guess is you need to flush SA on the remote endpoint. All connections that I connect to via GRE tunnel I can also connect to via SSH without the GRe tunnel so I can troubleshoot and in this case Flush SA.
 
lbandi77
just joined
Posts: 4
Joined: Mon Feb 18, 2019 11:25 am

Re: v6.43.12 [stable] is released!

Mon Feb 18, 2019 5:21 pm

Hello,

I've got IPSec problem after upgrading to v6.43.12. I use RB1100 devices, with IPSec vpn. The ipsec peers are configured in the IP->IPSec->Peers menu. The peer profile is sha512/aes256/modp8192 in both side, and the auth method is rsa signature. After upgrading to 6.43.12 in the log I see the following lines: x.x.x.x failed to get valid proposal, no suitable proposal found.

The configuration not changed, only the software were upgraded.

Andras
Try flush installed SA-s
I tried, it was the first step when I detected the problem....
My guess is you need to flush SA on the remote endpoint. All connections that I connect to via GRE tunnel I can also connect to via SSH without the GRe tunnel so I can troubleshoot and in this case Flush SA.
I flushed both endpoints....
 
User avatar
Hotz1
Member
Member
Posts: 382
Joined: Tue Oct 09, 2007 6:55 am

Re: v6.43.12 [stable] is released!

Wed Feb 20, 2019 6:44 pm

Still having the same OSPF problem that we first encountered in 6.43.8:

When WDS drops and reestablishes, OSPF updates on the local machine, but doesn't seem to propagate to any of its neighbors on other interfaces. Manually disabling and re-enabling the OSPF network, or manually disabling and enabling the wireless interface, immediately fixes the problem.

Update: Changing the OSPF network type of the interface in question to "point-to-point" doesn't makes any difference.
Last edited by Hotz1 on Wed Feb 20, 2019 10:36 pm, edited 1 time in total.
Principal, Engineering
Cape Ann Communications, Inc.
Gloucester, MA, USA
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8292
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.43.12 [stable] is released!

Wed Feb 20, 2019 7:25 pm

Please write to support@mikrotik.com
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
Hotz1
Member
Member
Posts: 382
Joined: Tue Oct 09, 2007 6:55 am

Re: v6.43.12 [stable] is released!

Wed Feb 20, 2019 10:34 pm

Please write to support@mikrotik.com
I have. Apparently it isn't easily reproduced. I had hoped that they would have fixed the problem since 6.43.8, but we just upgraded both ends of the link to 6.43.12, and the problem is still there. We have dozens of such links in our network, and this is the only one we have found to have this problem with OSPF.
Principal, Engineering
Cape Ann Communications, Inc.
Gloucester, MA, USA
 
r00t
Member Candidate
Member Candidate
Posts: 159
Joined: Tue Nov 28, 2017 2:14 am

Re: v6.43.12 [stable] is released!

Thu Feb 21, 2019 11:07 pm

*) winbox - improvements in connection handling to router with open winbox service;
Nice, so this actually IS quite serious security hole that have been silently patched. Proper changelog should have been something like:
*) winbox - fixed vulnerability allowing access to devices behind router with open winbox port

See viewtopic.php?f=2&t=145600 and https://medium.com/tenable-techblog/mik ... d46398bf24 for details.
We have security blog and all what we get is.... silence,nothing,<crickets sound>
Last blog post is from 9th Oct, 2018.
Lovely security transparency, right here.
 
R1CH
Forum Veteran
Forum Veteran
Posts: 879
Joined: Sun Oct 01, 2006 11:44 pm

Re: v6.43.12 [stable] is released!

Fri Feb 22, 2019 1:27 am

My CCR1009-7G-1C-1S+ just watchdog timer rebooted after installing this update a few days ago. In over a year of operation never had that happen.
Feb/21/2019 14:46:44 system,error,critical router was rebooted without proper shutdown by watchdog timer
 
User avatar
iFelix
just joined
Posts: 2
Joined: Sun Feb 24, 2019 12:22 am
Location: Russia,Moscow

Re: v6.43.12 [stable] is released!

Sun Feb 24, 2019 12:54 am

It haps approx. every 2 days - restore func of LTE interface only by System/Reboot.
You do not have the required permissions to view the files attached to this post.
...Ambition without knowledge is like a boat in the middle of the desert..
 
User avatar
iFelix
just joined
Posts: 2
Joined: Sun Feb 24, 2019 12:22 am
Location: Russia,Moscow

Re: v6.43.12 [stable] is released!

Sun Feb 24, 2019 1:21 am

With that firmware Wap 60G - Stopped often reconnect entire bridge.It's very nice but Hex S doesn't allow use only - Poe Auto ON(Force Poe Mode - works Fine):says like RB cant do that.
...Ambition without knowledge is like a boat in the middle of the desert..
 
sawireless
just joined
Posts: 11
Joined: Sun Nov 05, 2006 1:48 pm
Contact:

Re: v6.43.12 [stable] is released!

Mon Feb 25, 2019 7:56 am

HI guys

Also having problems with the new Firmware, after uploading the new firmware to our router board CRS326-24G-2S+, the unit is rebooting +- every 4Hours in the process the unit freezes that we cant get into it with Winbox, we have to go to the site and reboot it manual to get it to work.
 
iw2ngg
just joined
Posts: 1
Joined: Mon Dec 10, 2018 2:41 pm

Re: v6.43.12 [stable] is released!

Mon Feb 25, 2019 10:32 am

Hi!

Device: hAP ac^2

With v6.43.12 had randomly reboots. One reboot every 6/8 hrs, sometimes reporting the following error after startup:
"router was rebooted without proper shutdown, probably kernel failure"

Then... I downgraded to the latest long-term v6.42.12 mantaining the same configuration.

In this moment the system uptime is 2d:13h...
Thanks

---------
P.S. No issues with my RB2011 and my mAP lite
 
User avatar
osc86
newbie
Posts: 46
Joined: Wed Aug 09, 2017 1:15 pm

Re: v6.43.12 [stable] is released!

Mon Feb 25, 2019 4:30 pm

I noticed a memory leak when bridge is set to frame-types=admit-only-vlan-tagged. Winbox and cli are unable to display interfaces / vlan / firewall rules etc after a few hours. A supout file takes like forever to generate and is corrupt when done.
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 3761
Joined: Mon Dec 04, 2017 9:19 pm

Re: v6.43.12 [stable] is released!

Mon Feb 25, 2019 5:00 pm

I noticed a memory leak when bridge is set to frame-types=admit-only-vlan-tagged.
What is the device model affected?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
osc86
newbie
Posts: 46
Joined: Wed Aug 09, 2017 1:15 pm

Re: v6.43.12 [stable] is released!

Mon Feb 25, 2019 5:57 pm

I noticed a memory leak when bridge is set to frame-types=admit-only-vlan-tagged.
What is the device model affected?
CCR1009-7G-1C-1S+
 
dimabar
newbie
Posts: 31
Joined: Fri Sep 03, 2010 7:43 am

Re: v6.43.12 [stable] is released!

Tue Feb 26, 2019 11:27 am

I noticed a memory leak when bridge is set to frame-types=admit-only-vlan-tagged.
What is the device model affected?
CCR1009-7G-1C-1S+
Do you have any news on this problem? Any solutions from support?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8292
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.43.12 [stable] is released!

Tue Feb 26, 2019 3:02 pm

v6.44 [stable] is released: viewtopic.php?f=21&t=145793
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.

Who is online

Users browsing this forum: No registered users and 5 guests