v6.0beta2 released!

Fri Apr 20, 2012 3:00 pm

Quote:
What's new in 6.0beta2 (2012-Apr-19 16:33):

*) "/ip address set" and "/ipv6 address set" commands did not work properly; (2012-apr-16 14:26):
*) fix eoipv6 tunnels, tunnel-ids in packets were shuffled;
*) fix dynamic simple queues;
*) fix /ipv6 firewall connection-state matcher, was crashing router;
*) fix traffic generator, was crashing router when generating traffic on bonding interface;
*) fix wds interfaces;
*) downgrading to v5 was losing wireless interface configuration;
*) fix queue byte and rate statistics;
*) fix ethernet port order on all boards;

http://www.mikrotik.com/download.html

v6.0 includes many changes, we suggest it for testing environment until you are confident that it works with necessary configuration.
Please, submit all reports to support@mikrotik.com (include suppout.rif file).

Chupaka · Fri Apr 20, 2012 4:58 pm

please update http://www.mikrotik.com/download/CHANGELOG_6 =)

Chupaka · Fri Apr 20, 2012 5:05 pm

*) fix queue byte and rate statistics;

for me, it's not fixed

avg-rate is still ~8 times lower than actual rate

Clipboard01.gif

queue is yellow, means avg-rate is > 10 Mbps

maybe, it's now in kilobytes, not kilobits?..

alexspils · Fri Apr 20, 2012 6:20 pm

something wrong with queues, when i create a queue tree it shows as invalid, delete it and create absolutrly same queue and it is not invalid....

TKITFrank · Fri Apr 20, 2012 7:56 pm

Fund a GUI Bug... See picture...

rainmaker · Fri Apr 20, 2012 11:19 pm

I used to have the Queue tree working in 5.14 but when l upgrade to 6.0beta2 it all became inactive
and i now only have global.
Can someone show me how this is done in 6.0
Thanks

/queue tree
add name=hotspot-exempt-up parent=global-in packet-mark=exempt-up queue=exempt max-limit=1G
add name=hotspot-exempt-down parent=global-out packet-mark=exempt-down queue=exempt max-limit=1G

pateutz · Fri Apr 20, 2012 11:48 pm

Hi all,

did you have the behavior when do you have connected an PC with wireless interface as Intel 5300 AGN for example?

Mikrotik_v6.0_beta2.jpg

Best Regards,

Daniel

Chupaka · Sat Apr 21, 2012 3:57 am

Can someone show me how this is done in 6.0
Thanks

/queue tree
add name=hotspot-exempt-up parent=global-in packet-mark=exempt-up queue=exempt max-limit=1G
add name=hotspot-exempt-down parent=global-out packet-mark=exempt-down queue=exempt max-limit=1G

just replace 'global-in' and 'global-out' with 'global'

pateutz, so what's wrong?..

pateutz · Sat Apr 21, 2012 9:08 am

Hi Chupaka,

i am one meter to the router why i'am limited to 54Mbs when the connection is N ?

Best Regards,

Daniel

otgooneo · Sat Apr 21, 2012 9:25 am

Thanks MT for beta2. I`ll try it today. Hope beta2 has less bug.

paoloaga · Sat Apr 21, 2012 10:47 am

I am experiencing sub-optimal performances. IPv6 runs better than IPv4 (40Mbit/s with IPv6, 20Mbit/s with IPv4 on a single TCP connection over a 120Mbit/s link). Tested on RB750G and RB1100AH, RB1100 and RB1100AHX2. I noticed Rx drops on bridge interfaces and on gigabit ethernet interfaces.

Chupaka · Sat Apr 21, 2012 2:13 pm

Hi Chupaka,

i am one meter to the router why i'am limited to 54Mbs when the connection is N ?

Best Regards,

Daniel

can't it be due to extremely high signal (-52)? try to decrease Tx power of AP, normal value of signal strength is -80..-60

also, is there a traffic on the interface?

natzakaria · Sun Apr 22, 2012 6:05 am

I am a total noob.
How do you decrease the power of the AP? And what is a good value?
I have connected an ASUS N16 as another AP and can get double the internet speed connection accessing through that but accessing internet using the MT router AP I get terrible speed.
Please advise

TKITFrank · Sun Apr 22, 2012 11:55 am

One more GUI bug...
Seems to be more than just the extreme numbers. Many standard rules does not have anything...
MikroTik do you want a supout? or is this enough?
System is RB800 v6b2 with 2 Radios and the system clocked to 1200Mhz.

edit: IPv4 is not affected... from what I can see.

TKITFrank · Sun Apr 22, 2012 12:03 pm

IPv6 Firewall seems to be missing its functions... I did a firewall test against http://ipv6.chappell-family.com/ipv6tcptest/ and my normal stealth just went refused and they found port 135 as open. And my computer responded to ping.

otgooneo · Mon Apr 23, 2012 4:32 am

Our X86 platform with ROSv5 has huge problem with high latency and slow packet transfers when active PPPoE clients reach over 800. We found that reason of issue is simple queue rules. Therefor we have tryied ROSv6beta2 on this platform.

Our peak hour load is 1200 queue simple rules, 1200 pppoe active sessions, 200mbps download / 70mbps upload on WAN1, 100Mbps download / 50Mbps upload on WAN2.

Testing result:
1. CPU usage was very good. When ROSv5 CPU usage is 30%-40%. When ROSv6 CPU usage is 15-25%.
2. Latency is better than ROSv5. But I`m not sure. Because we could not tested it when active clients reach to max.
3. Very big issue that router reboots suddenly, when active clients reach over 800. But I`m not sure. Because there is no error log, just rebooted suddenly few times. I know exactly that issue depending on router load. Load can be queue simple rules, pppoe sessions and total traffic load.

Already sent e-mail to support.

Mon Apr 23, 2012 8:49 am

Chupaka, thank you for the report about the changelog. It has been fixed.
We are researching the rates problem, hopefully they will be fixed at the next version.

TKITFrank, thank you for the both reports!
About IPv6, what do you mean that firewall missing its functions?
Which of the rule does not work?

pateutz, contact support with the attached support output file.

alexspils · Mon Apr 23, 2012 9:53 am

after upgrade my test rb532a from b1 to b2 from wireless security profiles disapears created early profile.

Mon Apr 23, 2012 10:20 am

Our X86 platform with ROSv5 has huge problem with high latency and slow packet transfers when active PPPoE clients reach over 800. We found that reason of issue is simple queue rules. Therefor we have tryied ROSv6beta2 on this platform.

Our peak hour load is 1200 queue simple rules, 1200 pppoe active sessions, 200mbps download / 70mbps upload on WAN1, 100Mbps download / 50Mbps upload on WAN2.

Testing result:
1. CPU usage was very good. When ROSv5 CPU usage is 30%-40%. When ROSv6 CPU usage is 15-25%.
2. Latency is better than ROSv5. But I`m not sure. Because we could not tested it when active clients reach to max.
3. Very big issue that router reboots suddenly, when active clients reach over 800. But I`m not sure. Because there is no error log, just rebooted suddenly few times. I know exactly that issue depending on router load. Load can be queue simple rules, pppoe sessions and total traffic load.

Already sent e-mail to support.

Your supout.rif file indicates you are running v5.0rc11 !

If you want stable operation, you should run stable version, such as v5.15.

1. why are you running such old and unstable version?
2. please send correct supout.rif file from v6beta2, not from v5

Mon Apr 23, 2012 11:07 am

alexspils, more information is required about your problem.
I have created new security-profile at 6.0beta1 RB532, upgraded RouterBOARD to 6.0beta2 version and security profile is saved.

otgooneo · Mon Apr 23, 2012 11:40 am

Really? ohh I`m sorry. It`s really bad, supout.rif was replaced by 5.0rc11. I do not have no more v6 supout.rif. Too bad.
About older version, when ROSv5.0rc11, latency is lower than ROSv5.2-ROSv5.14.

Mon Apr 23, 2012 11:42 am

Really? ohh I`m sorry. It`s really bad, supout.rif was replaced by 5.0rc11. I do not have no more v6 supout.rif. Too bad.
About older version, when ROSv5.0rc11, latency is lower than ROSv5.2-ROSv5.14.

possibly due to incorrect latency reporting. I suggest to stay away from v5rc and beta versions

otgooneo · Mon Apr 23, 2012 11:47 am

Ok. We will upgrade to v5.15 on 25th April and will post here.

TKITFrank · Mon Apr 23, 2012 6:13 pm

TKITFrank, thank you for the both reports!
About IPv6, what do you mean that firewall missing its functions?
Which of the rule does not work?

Have a look at Ticket#2012042366000607 I have a support out file now. If that will help beside the firewall rules.
Let me know if I should send it also.
Anyhow If my memory is correct the first rule of the series that got "hits" was #56 and if it was working well it would not be the first

I can also include some new thing that I have seen... The support file creation process seems to malfunction. I have been able to create one but all the other seems to lock up. On my system when it works it takes about 15-20sec. But I waited for about 1-3min the other times but still nothing. No file created...
This seems to be gone today. :S

So my guess is that is only happens shortly after a reboot.

At the same time I was unable to log on to the system using SSH. I got the login prompt but then after I gave it the username and password it stalled. It showed the MikroTik logo but no prompt...

Also if I had the files listed in winbox my CF card went missing in the file list. Reboot helped.

TKITFrank · Mon Apr 23, 2012 8:01 pm

One more GUI bug.
When I use the PPTP client connection interface in the system I get a 4096MB increase on the statistics...
The Peak you can see made the TX bytes go from 4096MB to the 8.0GB

v6b2_gui_bug_3.JPG

This is after i did a disable and enable again.

v6b2_gui_bug_3_1.JPG

TKITFrank · Tue Apr 24, 2012 7:34 am

Positive Feedback
1) The HTTP proxy seems a lot faster in v6b2 then in V5.14
2) Wireless speeds have increased. Did a test yesterday (only UDP from my computer to the router) and I got 70-80Mbit. Before I had a maximum of 50-60Mbit. This was on the 2.4Ghz band.
Good Work!

Some wishes... and I know you have a lot to do but wishing is always possible

1) Support for SHA2 256-512 bit in IPSEC.
2) IPv6 DHCP client adress delegation. Just like IPv4

Happy Hacking!

Tue Apr 24, 2012 8:13 am

TKITFrank, thank you for the ticket number. We will see what is wrong with IPv6 firewall.
About tx/rx rates reporting, we will try to fix all of them in the next beta version.

TKITFrank · Wed Apr 25, 2012 7:47 pm

Hi Sergejs,

Suffered a kernel panic, see Ticket#2012042566000631

Some things I noticed after this...
1) After that the system would not let me enter New Terminal in winbox. It will show me the Mikrotik logo but I will not get to the CLI.
2) After this kernel panic my CPU went from 1200Mhz to 799Mhz
3) The GUI bug with the HDD and PPTP Client was gone and the numbers correct. Related to CPU freq?
4) Current firmware was empty?

I changed the freq to 1200Mhz and rebooted the unit.

Revisited the numbers above.
1) Was back to normal.
2) Accepted my settings and was 1200Mhz
3) HDD bug was gone (one time incident perhaps), PPTP Client bug was back

4) Went back to normal and showed 2.39

martini · Wed Apr 25, 2012 10:31 pm

what version of driver for intel nics use in v6 ?? Does it support vlan offload ?
is it possible to use the functional of ETHTOOL to disable or enable GSO, TSO, LRO , checksum tcp and udp ??

Thu Apr 26, 2012 8:21 am

TKITFrank,

thank you for the report and support output file. We are looking into your problem.

martini

Does it support vlan offload?

Isn't it specific feature of the specific NICs?

is it possible to use the functional of ETHTOOL to disable or enable GSO, TSO, LRO , checksum tcp and udp ??

Such options are not available for disable/enable.

ttaiw · Thu Apr 26, 2012 6:41 pm

cannot login to userman via browser it show message

Your session has been reset due to inactivity.

I was try in IE, Firefox and Chorme browser same message.

martini · Thu Apr 26, 2012 11:34 pm

2 sergejs - yes, its specific option of ethernet card, but it wont work with mikrotik )) very very long time )
Tested on same hardware and same traffic throu 10 vlans - on ubuntu cpu load 5-10%? on mikrotik 50-60% and irq interrupt near 100% of cpu ) (intel 82576 chip and core-i5 cpu, each core mapped to queue)

and again - what version of driver for intel nics use in v6 ??

otgooneo · Fri Apr 27, 2012 4:21 am

Ok. We will upgrade to v5.15 on 25th April and will post here.

I`ve upgraded to 5.15. Now the latency is much better than 5.0rc11. But still some loss occurs and slow network. Hope v6 will solve all this problems soon.

Fri Apr 27, 2012 9:24 am

ttaiw, yes, you are correct. The same problem is present at 6.0beta1 and 6.0beta2. User Manager will be fixed in the next beta version.

martini, RouterOS uses drivers included to kernel 2.6.38.2.

TKITFrank · Fri Apr 27, 2012 1:59 pm

Bridge in pptp-profiles does not seem to work or I am doing to wrong. I have added it but it will still look like the out interface is the pptp-connection. Not the bridge interface.

[xxxxxx@xxxx.xxxxx.org] > ppp profile print
1 name="PPTP-VPN" local-address=192.168.255.254 remote-address=dhcp_pool3 remote-ipv6-prefix-pool=(unknown) bridge=bridge1 use-ipv6=yes use-mpls=default use-compression=default use-vj-compression=default use-encryption=required only-one=yes change-tcp-mss=yes dns-server=192.168.255.254

[xxxxxx@xxxx.xxxxx.org] > ppp secret print detail
Flags: X - disabled
0 name="vpn-frank" service=pptp caller-id="" password="xxxx" profile=PPTP-VPN routes="" limit-bytes-in=0 limit-bytes-out=0

martini · Fri Apr 27, 2012 2:07 pm

sergejs - please - use the latest driver from intel !!! It add to ROS performance and low cpu load. And don't forget turn off LRO, GSO and TSO !! (or make possibilities to use functional of ETHTOOL)

Chupaka · Fri Apr 27, 2012 5:12 pm

Bridge in pptp-profiles does not seem to work or I am doing to wrong. I have added it but it will still look like the out interface is the pptp-connection. Not the bridge interface.

I saw this in v5 - probably, both sides should support BCP and negotiate it...

TKITFrank · Fri Apr 27, 2012 5:15 pm

Bridge in pptp-profiles does not seem to work or I am doing to wrong. I have added it but it will still look like the out interface is the pptp-connection. Not the bridge interface.
I saw this in v5 - probably, both sides should support BCP and negotiate it...

So this feature is ROS to ROS only? Or similar? Not PC to ROS?

pateutz · Sat Apr 28, 2012 11:20 am

Hi ,

i am back with more information:

Mikrotik_v6.0_beta2.2.jpg

So i this situation you tell me that this is normal behavior ?

Best Regards,

Daniel

Mon Apr 30, 2012 9:01 am

TKITFrank, that is the way how BCP should work. BCP should be configured on both sides, protocol does not work, when configured on one side only.

pateutz, thank you for the attached screenshots, however few words about your problem are required.

TKITFrank · Mon Apr 30, 2012 10:06 am

TKITFrank, that is the way how BCP should work. BCP should be configured on both sides, protocol does not work, when configured on one side only.

Thanks for the clarification. This will be off topic but can I have a PPTP interface in a bridge without BCP?
OpenVPN seems to be the only interface I can add in my bridge?

hajde · Mon Apr 30, 2012 10:10 pm

It seems that this version is very stable for x86-based routers.

With the upgrades to the new version, the only problem occurred with the static queues, where instead of target address entered 0.0.0.0/0, and I had to use a mac-telnet to added the correct address.

Already four days working with a much better ping.

I have a good feeling for this version.

AnimetaldeatH · Tue May 01, 2012 11:59 am

Hello guys forum!

I have a question ...
In the list of queue basically have two rules, one that limits a customer to an X speed in a certain time, and another that limits the same user at another X speed but in a different time.
For example:

/queue simple
add burst-limit=150k/600k burst-threshold=150k/600k burst-time=10s/10s disabled=no limit-at=0/0 max-limit=100k/400k name=bete packet-marks="" parent=none \
    priority=8/8 queue=default-small/default-small target=192.168.100.31/32 time=7h-23h59m59s,sun,mon,tue,wed,thu,fri,sat
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s disabled=no limit-at=0/0 max-limit=150k/800k name="bete(madrugada)" packet-marks="" parent=none \
    priority=8/8 queue=default-small/default-small target=192.168.100.31/32 time=0s-6h59m59s,sun,mon,tue,wed,thu,fri,sat

Until version 5.15 worked perfectly, but when I upgraded to version 6.0 beta2 the second rule in the example above does not work and is said to be invalid.

TKITFrank · Wed May 02, 2012 2:45 pm

BUG?
OpenVPN

When I try to connect to my OpenVPN server it will not work. I can connect but the interface will drop.
This is the log from the client, The server will not show anything even with debug.

Wed May 02 13:37:14 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Wed May 02 13:37:14 2012 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Wed May 02 13:37:14 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed May 02 13:37:14 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed May 02 13:37:14 2012 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed May 02 13:37:14 2012 Socket Buffers: R=[8192->8192] S=[64512->64512]
Wed May 02 13:37:14 2012 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Wed May 02 13:37:14 2012 Local Options hash (VER=V4): 'b60e7885'
Wed May 02 13:37:14 2012 Expected Remote Options hash (VER=V4): 'fbeb66e6'
Wed May 02 13:37:14 2012 Attempting to establish TCP connection with xxx.xxx.xxx.xxx:1194
Wed May 02 13:37:14 2012 TCP connection established with xxx.xxx.xxx.xxx:1194
Wed May 02 13:37:14 2012 TCPv4_CLIENT link local: [undef]
Wed May 02 13:37:14 2012 TCPv4_CLIENT link remote: xxx.xxx.xxx.xxx:1194
Wed May 02 13:37:14 2012 TLS: Initial packet from xxx.xxx.xxx.xxx:1194, sid=9f6878f5 2f389738
Wed May 02 13:37:15 2012 VERIFY OK: depth=1, /C=SE/ST=xxx/L=xxx/O=OpenVPN/OU=VPN/CN=xxx/name=xxx/emailAddress=mail@host.domain
Wed May 02 13:37:15 2012 VERIFY OK: depth=0, /C=SE/ST=xxx/L=xxx/O=OpenVPN/OU=VPN/CN=yyy.yyy.org/name=yyy/emailAddress=mail@host.domain
Wed May 02 13:37:15 2012 Connection reset, restarting [0]
Wed May 02 13:37:15 2012 TCP/UDP: Closing socket
Wed May 02 13:37:15 2012 SIGUSR1[soft,connection-reset] received, process restarting
Wed May 02 13:37:15 2012 Restart pause, 5 second(s)

 /ppp profile> print 
 3   name="open-vpn" remote-address=dhcp_pool3 remote-ipv6-prefix-pool=(unknown) bridge=bridge1 use-ipv6=default use-mpls=default use-compression=default use-vj-compression=default use-encryption=default only-one=default change-tcp-mss=default 

/ppp secret> print
 0   name="vpn-xxx" service=ovpn caller-id="" password="xxxxxx" profile=open-vpn routes="" limit-bytes-in=0 limit-bytes-out=0 

/interface ovpn-server> print
 #     NAME                                USER                MTU CLIENT-ADDRESS                                UPTIME   ENCODING                               
 0    ;;; Home-Open-VPN
       ovpn-in1                            vpn-xxx   

/interface ovpn-server server> print 
                     enabled: yes
                        port: 1194
                        mode: ethernet
                     netmask: 24
                 mac-address: FE:CF:A2:C6:C2:76
                     max-mtu: 1500
           keepalive-timeout: disabled
             default-profile: open-vpn
                 certificate: cert1
  require-client-certificate: no
                        auth: sha1
                      cipher: aes256

This is the serverlog
13:26:14 ovpn,debug <xxx.xxx.xxx.xxx>: disconnected <peer disconnected>

And now to the funny part.... That is that it will disconnect my static PPTP client and make the dynamic PPTP address as invalid. Making the automatic restart av the PPTP client malfunction. With the following error.
13:26:14 ovpn,debug <xxx.xxx.xxx.xxx>: disconnected <peer disconnected>
13:26:15 pptp,ppp,error could not add address: already have such address (6)

Only clearing the dynamic address in /ip address will help.

ropebih · Fri May 04, 2012 4:12 pm

Just to inform that IGMP Proxy is not working at all since the v6.0beta1. I just installed v6.0beta2 but IGMP Proxy is still broken.
B.R.

mxmxmxmxmx · Sat May 05, 2012 2:22 am

for me, it's not fixed avg-rate is still ~8 times lower than actual rate
queue is yellow, means avg-rate is > 10 Mbps maybe, it's now in kilobytes, not kilobits?..

I've got the same problem, Queue is cutting transfer to the line, but avg-rate is as ^^. colors OK.

zhay · Tue May 08, 2012 9:01 am

bug.. huge cpu usage when using l7

otgooneo · Tue May 08, 2012 5:40 pm

bug.. huge cpu usage when using l7

What is your firewall rule regarding L7? Which port, protocols applied on that L7? By the way, where did you find this L7?

stmx38 · Tue May 08, 2012 6:16 pm

ROS 6.2 RB751U-2HnD
1. Copy certs to RB
2. Import certs
3. Make a backup
4. Make a reset
5. Restore from backup
6.

certificate print

QR

In ROS 5.15 all is ok, after backup certificate is already decrypted.

KR

Bug ?

leoelan · Fri Jun 01, 2012 2:14 pm

installed ROS v6.0beta2 on server HP Proliant DL380 G-8 not support network device HP Ethernet 10Gb 2-port 530FLR-SFP+ Adapter (Broadcom BCM57810S chipset) and more intel integration of devices.

Sanity · Mon Jun 11, 2012 4:14 pm

Tried to install on Hyper-V - does not even go to the installer from ISO image. Starts, hangs when it says "Ready" but nothing more happens. 3 steps backward from v5 - on a kernel that SHOULD support Hyper-V (though I suspect that is a lot more the old ISOLINUX version - I suspect taht the new kernel is not even booting at this stage).

winet · Wed Aug 08, 2012 10:38 am

will i by upgrading to v6 beta solve my driver problem?
as posted on thread below:
http://forum.mikrotik.com/viewtopic.php?f=2&t=56919

also, is it gonna safe to downgrade to v5 later?

Zorro · Tue Apr 12, 2016 12:56 am

will i by upgrading to v6 beta solve my driver problem?
as posted on thread below:
http://forum.mikrotik.com/viewtopic.php?f=2&t=56919

also, is it gonna safe to downgrade to v5 later?

yes, no.
if you think newer kernel had attansic NIC driver within(which i can't say about. ask Linux kernel forums/gooru) - its may help.
yes its safer (for hardware and config and ROS itself) to downgrade, but if upgrade to ROS6.xx resolve problem(by newer driver in newer kernel), downgrade similarly - return it problem.
so downgrading make sense Only if you plan to switch to NIC, supported by ROS 5.xx.
but again i think in both cases make sense to change NIC to something different. even cheaper realtek, or atheros -branded NIC or intel(among supported(by ROS) models from them) - would work Way better. just saying.
good luck, anyway.

IntrusDave · Tue Apr 12, 2016 5:28 am

Do you realize that the post you responded to was 4 years old?

Who is online