Might be a Google thing.Hello.
After upgrading to 7.3 sending emails through google fails. Any advice?
BR.
But this morning it worked perfectly, it was when updating all my computers from 7.2.1 to 7.3, sending emails (through google) from different accounts and different routers stopped working.Might be a Google thing.Hello.
After upgrading to 7.3 sending emails through google fails. Any advice?
BR.
I seem too recall an announcement from Google you can not use simple authentication anymore as of end of May.
Needs to be an app password (or something like that, can't verify right now)
Works fine for me, gmail in a web browser, Apple Mail on OSX workstations, and Mail on an iPhone. I use Google Workspace, fwiw. CCR2004 on the edge, 7.3 with 7.3 firmware.But this morning it worked perfectly, it was when updating all my computers from 7.2.1 to 7.3, sending emails (through google) from different accounts and different routers stopped working.
Might be a Google thing.
I seem too recall an announcement from Google you can not use simple authentication anymore as of end of May.
Needs to be an app password (or something like that, can't verify right now)
BR.
I am referring to sending emails through the routeros application /tool->emailsWorks fine for me, gmail in a web browser, Apple Mail on OSX workstations, and Mail on an iPhone. I use Google Workspace, fwiw. CCR2004 on the edge, 7.3 with 7.3 firmware.
But this morning it worked perfectly, it was when updating all my computers from 7.2.1 to 7.3, sending emails (through google) from different accounts and different routers stopped working.
BR.
That is a feature that has been hanging by a thread for quite some time. Basically it could stop working at any moment.I am referring to sending emails through the routeros application /tool->emails
Thanks for confirming my memory is still ok ;)You are right, the problem is with Google.
Since May 30 they have reinforced the security of the accounts and now it is necessary to activate the two-step verification and then create "application passwords" on the Google website with 16 characters.
I have tried it and it has worked.
BR.
But still you are not safe. Microsoft has done that before, and now they plan (in october, I think) to end support of those "application passwords" as well.You are right, the problem is with Google.
Since May 30 they have reinforced the security of the accounts and now it is necessary to activate the two-step verification and then create "application passwords" on the Google website with 16 characters.
You have remote routers on auto-upgrade and get them updated at the same day of a new 7.x release?In both routerswas configured and routerboard firmware version was v7.2.3Code: Select all/system routerboard settings set auto-upgrade=yes
That setting does not actually auto-upgrade RouterOS...You have remote routers on auto-upgrade and get them updated at the same day of a new 7.x release?
You seem to be more the YOLO type of admin ¯\_(ツ)_/¯
Firmware version should always match RouterOS version, too many “admins” run on firmware version 3.1 and ROS v7 and complain about problems.You have remote routers on auto-upgrade and get them updated at the same day of a new 7.x release?In both routerswas configured and routerboard firmware version was v7.2.3Code: Select all/system routerboard settings set auto-upgrade=yes
You seem to be more the YOLO type of admin ¯\_(ツ)_/¯
That setting does not actually auto-upgrade RouterOS...
But indeed I have removed it on all my routers some time ago, after reading about mishaps with firmware upgrade. Now I only upgrade it when there are indications that it is required.
Why? Do you have a change list for all the firmware version so you know what has been updated, and you can see that its needed?Firmware version should always match RouterOS version, too many “admins” run on firmware version 3.1 and ROS v7 and complain about problems.
Ask MT, they encourage the version should match as best practice. Either way, does it make sense to have firmware version 3.1 but ROS 7.3?Why? Do you have a change list for all the firmware version so you know what has been updated, and you can see that its needed?Firmware version should always match RouterOS version, too many “admins” run on firmware version 3.1 and ROS v7 and complain about problems.
I'm just another customer of MikroTik. This flaw of RouterOS + firmware separation is for MikroTik to fix their xxx. The advice is set auto-upgrade=yes when upgrading ROS and then reboot twice, go figure.I do agree in that, but it would be better that firmware and RouterOS was just one thing, if it was to always upgrade both.
Are you not aware of how auto-upgrade=yes works? It IS sequential by design from Tik. First you update ROS, then it injects the firmware into memory, then you reboot and then only the firmware gets flashed.@DarkeNate
The 2 parts that make up the solution for Tik gear is:
1… The functional software that drives the capability
2… The Firmware [drivers] that enables the functional software to exploit the capability
So When upgrading it’s MANDATORY to always do both parts sequentially otherwise the capability will fail.
Not sure what rude language – But the difference isn't clear with Tik as others pointed out. I've never bricked motherboards when flashing UEFI in 15+ years, but come to Tik land and all hell breaks loose.(@DarkNate don't use that rude language)
RouterBOOT / BIOS and RouterOS / the System is like a BIOS on motherboard and Windows (Linux, UNIX, etc.)
This difference has always existed and it is perfectly normal.
The point is simple: Poor Q/A from Tik as always… Arrogant too.When I upgrade one RB, first I extract the .fwf of the appropriate chipset from .npk file inside etc folder.
Next I put both .fwf and .npk inside root folder, upgrade with system routerbard, then reboot.
Done, only one single passage.
The point is: why RouterOS do not do it directly when auto-upgrade is yes, instead wait the reboot, for reboot again later...
BIOS / UEFI are not the same underlying code/logic on motherboards. It's not just a marketing term brought up by Microsoft.Oooooohhhh call it BIOS, call it RouterBOOT, call it EFI or UEFI, still a Basic Input/Output System than load, after some initializations, the Operative System...
Also SSD and other devices have inside own "BIOS" / firmware, etc.
The irony is that Google forces a somewhat low security password - it is 16 characters, but all lower case - no upper case, no numbers, no punctuation.Since May 30 they have reinforced the security of the accounts and now it is necessary to activate the two-step verification and then create "application passwords" on the Google website with 16 characters.
Google forces a somewhat low security password - it is 16 characters, but all lower case - no upper case, no numbers, no punctuation.
Ask MT, they encourage the version should match as best practice. Either way, does it make sense to have firmware version 3.1 but ROS 7.3?
MT telles that there are no (rarely any) changes, so no need to upgrade to save time while upgrading.It very very rarely contains fixes for already released products and that is why we do not believe that it is worth forcing this upgrade and making a ROS upgrade much, much slower (if the bootloader would be upgraded at the same time).
The problem is that it does not work at all in scenarios where the stored password is leaked. E.g. someone puts it in their RouterOS config and posts a /export show-sensitive somewhere by mistake, or there is some bug in some device (can be anything, not just a MikroTik router) that allows reading this stored password.Google forces a somewhat low security password - it is 16 characters, but all lower case - no upper case, no numbers, no punctuation.
That’s plenty even for a massively parallel offline attack scenario.
Indeed one should never have some scripted daily auto-upgrade tied to the "stable" channel! it was again demonstrated that a new version that had 2 release candidates in "testing" is suddenly promoted to "stable" with known issues and even some last-minute changes. That is just not a good thing to do, a "stable" version should have been a release candidate at least for some time to get reports like this, and then it should just be promoted with no changes whatsoever. When there are changes, first make a new release candidate.That setting does not actually auto-upgrade RouterOS...
But indeed I have removed it on all my routers some time ago, after reading about mishaps with firmware upgrade. Now I only upgrade it when there are indications that it is required.
Yeah, everything related to ”auto-upgrade” and similar scripts should be abandoned immediately until Mikrotik sorts out the release management.
It's actually pretty hard to understand why MT even try to promote this functionallity due to the current sitation (I was thinking about the YT stuff)
In the days when firwmare had version numbers like 3.1 the firmware had separate version numbers that were incremented when a change was made. After updating RouterOS and going to the System Routerboard menu you would SEE if there was a firmware newer than the one on the routerboard and you updated it.Ask MT, they encourage the version should match as best practice. Either way, does it make sense to have firmware version 3.1 but ROS 7.3?
Why? Do you have a change list for all the firmware version so you know what has been updated, and you can see that its needed?
You're expecting too much from CrapTik experts. They can't even ensure long-term is “long-term” as others pointed out in this thread and other discussions for the last 5 years.In the days when firwmare had version numbers like 3.1 the firmware had separate version numbers that were incremented when a change was made. After updating RouterOS and going to the System Routerboard menu you would SEE if there was a firmware newer than the one on the routerboard and you updated it.
Ask MT, they encourage the version should match as best practice. Either way, does it make sense to have firmware version 3.1 but ROS 7.3?
But at some point, the firmware version was made the same as the RouterOS version and now you get an update every time, even when nothing was changed (other than the firmware version number).
That has not made the situation clearer. Now you need to do an extra upgrade and reboot every time, and the system does not support automation of that.
E.g.:
- when you set the automatic upgrade in /system routerboard, and it has performed the update, reboot immediately
- or: perform the firmware upgrade as part of the routeros upgrade, which is in fact done by the running versionjust before the reboot, so the firmware upgrade could be part of that and the reboot required as part of the routeros upgrade also activates the new firmware
Exactly why I have several gmail accounts for only that purpose (or for one-time registrations) next to my regular one ... already for a decade (at least).The question is, how to solve that. One way would be not to use mail for such things. Or at least do not use your main account, use a throwaway account only for this purpose.
As far as I have tested, this authentication using APP password has limited use. You can not logg inn to an gmail account with it (using web), so you can not change anything.The problem is that it does not work at all in scenarios where the stored password is leaked. E.g. someone puts it in their RouterOS config and posts a /export show-sensitive somewhere by mistake, or there is some bug in some device (can be anything, not just a MikroTik router) that allows reading this stored password.
There are (IMHO perfect legitimate) reasons for APP passwords:As far as I have tested, this authentication using APP password has limited use. You can not logg inn to an gmail account with it (using web), so you can not change anything.
The problem is that it does not work at all in scenarios where the stored password is leaked.That’s plenty even for a massively parallel offline attack scenario.
That is what 2nd factor authentication solves
not to use mail for such things
True. I only wanted to mention it because it apparently motivates other serviceproviders to drop this form of authentication as well. It still works for gmail and it serves a purpose, but don't be surprised when you receive the announcement that its days are numbered.
The problem is that it does not work at all in scenarios where the stored password is leaked.
A password may be leaked no matter how many characters it has, or how wide the range of characters it uses. The post I was responding to implied that the all-lowercase 16-character limit was a problem, but raising those limits don't alter your objection.
How can you not test the RB3011 SFP bug before releasing this into "stable"?There are no changes since rc2.
Is there something you need in v7 that means you have to upgrade? If no rush I would wait for a real long-term build in v7 that support good upgrading from 6 to 7.How can you not test the RB3011 SFP bug before releasing this into "stable"?There are no changes since rc2.
Very fun downgrading routers at remote sites today!
How can I go from 6.x to 7.2.x? If I set channel=upgrade it will chose 7.3 as of now.
Should I just manually upload 7.2.x NPK and reboot to get to 7.2.x?
Has anyone tested RB3011 and SFP with 7.4 beta?
This sounds so stupid. Its not "much better" for me. It broke everything.OlofL, 7.3 in general is much better than 7.2.x except this one issue with SFP on RB3011.
Yes, that seems to be how it works. But usually between the last rc and the final release there are a couple of "last minute fixes" as well... at least it seems.So basically you make 7.3 release candidate.
Wait a few days and see how much forum is spammed.
If less than 5 new angry topics - move that exact release into "stable" channel.
You probably at one time have switched to separate packages instead of the combined package. That causes this problem. It is best to netinstall.Trying to upgrade a cAPac from 6.49.6 to 7.3.1 and getting a "not enough space for upgrade" error (as well as warnings that 7.3.1 dhcp and wireless packages are broken).
Make a backup of anything on .backup and .rsc formatTrying to upgrade a cAPac from 6.49.6 to 7.3.1 and getting a "not enough space for upgrade" error (as well as warnings that 7.3.1 dhcp and wireless packages are broken). Try to upgrade to 7,3 and I still get the "not enough space for upgrade" error, but at least there are no complaints about broken packages.
I've tried resetting it and uninstalling unwanted packages, but to no avail. Is the only way to upgrade this to netinstall it?
That worked perfectly. Thank you.Make a backup of anything on .backup and .rsc format
<SNIP>