v6.11 released

Fri Mar 21, 2014 10:29 am

If you are already running a RouterOS 6 install, Simply click “Check for updates” in QuickSet, Webfig or Winbox packages menu.

What's new in 6.11 (2014-Mar-20 09:16):

*) ipsec - fix aes-cbc hardware acceleration on CCR with key sizes 192 and 256;
*) wireless - add auto frequency feature;
*) ovpn - fixed TLS renegotiation;
*) ovpn - make bridge mode work with big packets (do not leave extraneous padding);
*) ovpn - fixed require-client-certifcate;
*) ppp - revert RADIUS NAS-Port behaviour, report tunnel interface id;
*) ppp - mppe encryption together with mrru locked the router;
*) dhcp - added support for DHCP option 138 - list of CAPWAP IPv4 servers;
*) quickset - added Guest Network setup to Home AP mode;
*) console - no longer required to supply value of '/routing bgp instance vrf'
property 'instance' for 'add' command;
*) ethernet - added option to enable rx/tx flow control
(will be disabled by default);
*) ethernet - added ability to specify advertised modes for copper ports;
*) fixed 100% cpu usage on CCRs;
*) ssl - not finding CRL in local store for any certificate in trust chain will cause connection to fail;
*) lte - support for Huawei ME609 and ME909u-521;

Available separately, is a new Wireless-FP package, which includes the new CAPsMAN feature. This is a beta package, so use only in controlled test networks. The package will replace your default Wireless package upon installation, which means it will also add wireless functionality changes and improvements, not only CAPsMAN. More information about the Wireless Controller (CAPsMAN) is here: http://wiki.mikrotik.com/wiki/Manual:CAPsMAN

isai · Fri Mar 21, 2014 10:48 am

What about following regarding SMB issues....???

Mail a little while ago :

[Mikrotik Support]
Hello,

Thank you very much for the report.
Problem will be fixed in the next RouterOS version.

Regards,
Sergejs

02/28/2014 16:22

Fri Mar 21, 2014 10:49 am

What about following regarding SMB issues....???

Mail a little while ago :

[Mikrotik Support]
Hello,

Thank you very much for the report.
Problem will be fixed in the next RouterOS version.

Regards,
Sergejs

02/28/2014 16:22

have you checked it?

CyberTod · Fri Mar 21, 2014 10:54 am

This was present in v6.10 as well. I don't remember now if it was fixed after a few reboots.

mikrotik-log.jpg

JanezFord · Fri Mar 21, 2014 11:22 am

[/quote]
This is external IP of router. Before upgrade everything worked without this rule. I added this rule yesterday.[/quote]

I just tried my RB951G-2HnD and SNTP works fine ... as it did on 6.10 ... it must be something with your configs.

JF

Jetrider · Fri Mar 21, 2014 11:33 am

Have anyone tried DHCP server on VLAN yet ? Any comments ?

twingman · Fri Mar 21, 2014 11:35 am

What about PPP links and MRRU value? V 6.8 and later were affected, router still reboots.

In changelog there is info that the problem should be resolved, but has someone tested it? Please write there

RB 1100AHx2

Thank you

Lupin · Fri Mar 21, 2014 11:39 am

This is a beta package, so use only in controlled test networks. The package will replace your default Wireless package upon installation, which means it will also add wireless functionality changes and improvements, not only CAPsMAN.

What are the improvements?
Improved also NV2 protocol?

NathanA · Fri Mar 21, 2014 11:48 am

What about PPP links and MRRU value? V 6.8 and later were affected, router still reboots.

In changelog there is info that the problem should be resolved, but has someone tested it?

It solved the problem for me on x86. I tested 6.11 and no more lockups when using MPPE + MRRU.

RB 1100AHx2

Never tested it on RB1000-series. Why don't you give it a shot on a spare/non-production board?

-- Nathan

ManyX · Fri Mar 21, 2014 11:57 am

wireless - add auto frequency feature; -

Please send me more information about this feature

Regards.

ropeba · Fri Mar 21, 2014 11:58 am

What's with bug described in topic "6.x is useless" which has disappeared from forum and only Miktotik knows why. Prolem is also described in Ticket#2014022266000216

And this bug also persist from 6.x:
http://forum.mikrotik.com/viewtopic.php ... mp#p388997

mietus · Fri Mar 21, 2014 12:02 pm

MT:
"This new package has also other wireless improvments apart from CAPsMAN,
for example Wireless Fast Path for 802.11, and others."

A bit more details about it?

dousin · Fri Mar 21, 2014 12:11 pm

What about the bug in SSTP (Mikrotik server, connecting from windows 7/8 client)? It simply stopped working in 6.8 and higher. I am still using 6.7.
http://forum.mikrotik.com/viewtopic.php?f=1&t=81644
Is the issue still there, or can somebody claim, it works again?
Thx

Fri Mar 21, 2014 12:19 pm

wireless - add auto frequency feature; -

Please send me more information about this feature

Regards.

It will do scan, and choose the least occupied frequency automatically. This happens only once, when you apply this setting, reboot, or disable/enable interface. Similar to DFS, but with no radar-detect.

leoktv · Fri Mar 21, 2014 12:32 pm

HI
How is it with frequency-mode settings in CapsMan or is the settings on the radio the one doing this?

zervan · Fri Mar 21, 2014 1:04 pm

I've set Flow Control to auto on all my routers. Can I see if it is turned on? Wiki says something about autonegotiation - how can I see the result?

Lupin · Fri Mar 21, 2014 1:25 pm

This is a beta package, so use only in controlled test networks. The package will replace your default Wireless package upon installation, which means it will also add wireless functionality changes and improvements, not only CAPsMAN.
What are the improvements?
Improved also NV2 protocol?

We tried Wireless Package and 6.11 and see very good improvements on Upload throughput (CPE to Access Point with NV2 protocol)
A client with, before 9Mbps now reach 25-30Mbps

What syntax 1S/2S stand for?

whatIs.png

Unfortunately I still see high latency when the line is not in use.
And the other problem, that persists, is that a cell with a client who have 25Mbps of bandwidth and another that makes 7Mbps, if launched simultaneously both go to 7Mbps.
The cpe with problems degrade much all other customers

usx · Fri Mar 21, 2014 1:43 pm

RB450G and 2011UiAS-2HnD upgraded without any problems.

RB450 had to be rebooted again a couple of minutes later, since the cpu was averaging at about 45%, but after the reboot it went down to the usual <7% average.

Fri Mar 21, 2014 2:01 pm

What syntax 1S/2S stand for?

Spatial Streams:
http://en.wikipedia.org/wiki/IEEE_802.1 ... Data_rates

NathanA · Fri Mar 21, 2014 2:03 pm

It will do scan, and choose the least occupied frequency automatically. This happens only once, when you apply this setting, reboot, or disable/enable interface. Similar to DFS, but with no radar-detect.

So what is the difference between this and 'dfs-mode=no-radar-detect' ?

-- Nathan

Kadafi · Fri Mar 21, 2014 2:15 pm

Still no COA in PPP...
Even new ppp package.

Fri Mar 21, 2014 2:31 pm

It will do scan, and choose the least occupied frequency automatically. This happens only once, when you apply this setting, reboot, or disable/enable interface. Similar to DFS, but with no radar-detect.
So what is the difference between this and 'dfs-mode=no-radar-detect' ?

-- Nathan

easier to find

Fri Mar 21, 2014 2:31 pm

Still no COA in PPP...
Even new ppp package.

Yes.

skibi82 · Fri Mar 21, 2014 2:59 pm

Know when you will be added possibility to configure the SRC IP for:
OVPN Client L2TP Client, Client SSTP, PPTP Client

I have another question whether there is a possibility in the future to add posibility to define on ppp connection
parameter to the name of routing table.

netwpl · Fri Mar 21, 2014 3:54 pm

hi!

the new CAPMAN feature is nice! everything is working so far.
are there any plans for supporting hotspot-ssid's, without authentification over it ?

the problem is, that the capman wireless ssid's always needs a password when connecting...

or are there other ways to combine mikrotik hotspot-system with the capman functionallity ?

BR

leoktv · Fri Mar 21, 2014 3:59 pm

hi!

the new CAPMAN feature is nice! everything is working so far.
are there any plans for supporting hotspot-ssid's, without authentification over it ?

the problem is, that the capman wireless ssid's always needs a password when connecting...

or are there other ways to combine mikrotik hotspot-system with the capman functionallity ?

BR

Hi
Add a slave config then you are going to get a a VAP in the aps. add it to a bridge inside the Capsmanager router with the hotspot on it then you don't need a encrypted network for it.

visalink · Fri Mar 21, 2014 4:28 pm

This is a beta package, so use only in controlled test networks. The package will replace your default Wireless package upon installation, which means it will also add wireless functionality changes and improvements, not only CAPsMAN.
What are the improvements?
Improved also NV2 protocol?
Unfortunately I still see high latency when the line is not in use.
And the other problem, that persists, is that a cell with a client who have 25Mbps of bandwidth and another that makes 7Mbps, if launched simultaneously both go to 7Mbps.
The cpe with problems degrade much all other customers

+1

netwpl · Fri Mar 21, 2014 4:37 pm

hi!

the new CAPMAN feature is nice! everything is working so far.
are there any plans for supporting hotspot-ssid's, without authentification over it ?

the problem is, that the capman wireless ssid's always needs a password when connecting...

or are there other ways to combine mikrotik hotspot-system with the capman functionallity ?

BR
Hi
Add a slave config then you are going to get a a VAP in the aps. add it to a bridge inside the Capsmanager router with the hotspot on it then you don't need a encrypted network for it.

sometimes life could be that simple!

thanks a lot for your help. works like a charm!

BR

finalcutroot · Fri Mar 21, 2014 6:02 pm

Thanks for your great efforts

isai · Fri Mar 21, 2014 6:23 pm

What about following regarding SMB issues....???

Mail a little while ago :

[Mikrotik Support]
Hello,

Thank you very much for the report.
Problem will be fixed in the next RouterOS version.

Regards,
Sergejs

02/28/2014 16:22
have you checked it?

Yup....same thing still..

rmmccann · Fri Mar 21, 2014 6:46 pm

Can someone confirm if SSTP is fixed or still broken?

morph027 · Fri Mar 21, 2014 7:03 pm

Tried CAPsMAN with auto generated certificates, but the CAP won't send any request for signing (config looks exactly like in the wiki article). However, creating certificates on my own works perfectly. Just tried a simple configuration, but I already love it.

Gesendet von meinem GT-I9100 mit Tapatalk

honzam · Fri Mar 21, 2014 7:03 pm

Normis. I have problem after upgrade SXT Lite5 to 6.11.
Previous version was pre-release 6.11 from 13.Mar with wireless-fp package active. After upgrade to final 6.11 (combined package) is SXT in booting loop.
Mac telnet not work. Ping dont work.
Reset works but nothing changed after reset - still booting loop.
Netinstall dont work - write sending offer --> instaling. But no process. No install

How to bring SXT to life? Thanks

morph027 · Fri Mar 21, 2014 7:05 pm

Auto signing from CAP to CAPsMAN did not work. No request sent. Using my own certificates, everything works fine.

Gesendet von meinem GT-I9100 mit Tapatalk

voxframe · Fri Mar 21, 2014 7:46 pm

Can anyone else please confirm SSTP working or still broken???

ditonet · Fri Mar 21, 2014 7:46 pm

Log shows events with GMT time, not according to timezone.
Tested on RB433AH and RB951-2n with latest RouterOS and RouterBOOT.

Regards,

npero · Fri Mar 21, 2014 7:54 pm

Some problem but no rule some RB working some not, 433AH working, 433GL no, one Groove is ok other not.

Solution:
Winbox
1. Open clock
2. Select time zone manual click apply
3. Select back your time zone click apply
4. Click OK (must click ok )

Log time is now ok.

Log shows events with GMT time, not according to timezone.
Tested on RB433AH and RB951-2n with latest RouterOS and RouterBOOT.

Regards,

blazej44800 · Fri Mar 21, 2014 8:01 pm

Good morning, after upgrade I see this - the select box is not full width in WinBox. It's normal or bug? I didn't see this in earlier versions.

screenshot-ros.png

Beeski · Fri Mar 21, 2014 8:09 pm

Have anyone tried DHCP server on VLAN yet ? Any comments ?

+1

ffernandes · Fri Mar 21, 2014 8:14 pm

Normis. I have problem after upgrade SXT Lite5 to 6.11.
Previous version was pre-release 6.11 from 13.Mar with wireless-fp package active. After upgrade to final 6.11 (combined package) is SXT in booting loop.
Mac telnet not work. Ping dont work.
Reset works but nothing changed after reset - still booting loop.
Netinstall dont work - write sending offer --> instaling. But no process. No install
How to bring SXT to life? Thanks

had something today with that..
use the reset bottom to force it to go for netinstall..... after its easy..
remove old set...
ad new version and install it

spent this afternoon with 1 rb433 and a 912-5hnd...

Majklik · Fri Mar 21, 2014 8:20 pm

Can anyone else please confirm SSTP working or still broken???

Which bug?

Unable connect from Windows client - it works with 6.11. I use this SSTP setup:

/ppp profile
add change-tcp-mss=no incoming-filter=rw-in/fwd name=sstp-rw only-one=yes use-compression=no use-encryption=no use-mpls=no use-vj-compression=no
/interface sstp-server server
set authentication=chap,mschap2 certificate=MDPSKRBx  default-profile=sstp-rw enabled=yes force-aes=yes keepalive-timeout=30

A bug that SSTP server do not drop connection if client do not reply (is ignored keepalive-timeout=30) is still there if is used PAP or CHAP authorization and configured the server certificate (is not used certificate=none).

ditonet · Fri Mar 21, 2014 8:22 pm

Some problem but no rule some RB working some not, 433AH working, 433GL no, one Groove is ok other not.

Solution:
Winbox
1. Open clock
2. Select time zone manual click apply
3. Select back your time zone click apply
4. Click OK (must click ok )

Log time is now ok.

Log shows events with GMT time, not according to timezone.
Tested on RB433AH and RB951-2n with latest RouterOS and RouterBOOT.

Regards,

npero, thanks, your solution works.
But it's workaround for bug

Regards,

rextended · Fri Mar 21, 2014 8:57 pm

Ticket#2014031766000331
6.10 BUG: user-manager profile limitation can not add profile limitation on command line when default admin customer are renamed, because missing "owner=" parameter.

This bug is still present on last official 6.11.

the error are replicable:
install with netinstall 6.11 whit NO keep old configuration
routeros-mipsbe-6.11.npk
user-manager-6.11-mipsbe.npk
on a RB750UP with bios 3.13 [hardware no matter...]

on

/tool user-manager profile limitation add name=test2

missing the possibility to set

owner=notadmin

parameter
it suppose everytime the owner are "admin" only.

I paste the terminal output:

[admin@MikroTik] > /tool user-manager profile limitation
[admin@MikroTik] /tool user-manager profile limitation> print
# NAME OWNER
[admin@MikroTik] /tool user-manager profile limitation> add name=test
[admin@MikroTik] /tool user-manager profile limitation> print
# NAME OWNER
0 test admin
[admin@MikroTik] /tool user-manager profile limitation> /tool user-manager customer
[admin@MikroTik] /tool user-manager customer> print
Flags: X - disabled
0 login="admin" password="" backup-allowed=yes time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no paypal-secure-response=no paypal-accept-pending=no
[admin@MikroTik] /tool user-manager customer> set 0 login=notadmin
[admin@MikroTik] /tool user-manager customer> print
Flags: X - disabled
0 login="notadmin" password="" backup-allowed=yes time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no paypal-secure-response=no paypal-accept-pending=no
[admin@MikroTik] /tool user-manager customer> /tool user-manager profile limitation
[admin@MikroTik] /tool user-manager profile limitation> print
# NAME OWNER
0 test notadmin
[admin@MikroTik] /tool user-manager profile limitation> add name=test2
failure: customer does not exist
[admin@MikroTik] /tool user-manager profile limitation>
[admin@MikroTik] /tool user-manager profile limitation>add name=test2 (!!!TAB key pressed!!!)
address-list comment copy-from download-limit group-name ip-pool rate-limit-... transfer-limit upload-limit uptime-limit
[admin@MikroTik] /tool user-manager profile limitation> add name=test2 owner=notadmin
expected end of command (line 1 column 16)
[admin@MikroTik] /tool user-manager profile limitation>

rextended · Fri Mar 21, 2014 8:58 pm

This bug are worst on last official 6.11:

http://forum.mikrotik.com/viewtopic.php ... 00#p415948

winbox on IP of CPE obtained by PPPoE not work correctly

Actually are another bug, also present on 6.8, 6.9 and 6.10
and go worst on 6.11:

Winbox connection from pc directly connected on the gateway/pppoe server [really not matter where pc are connected]
to one CPE on IP obtained from pppoe with MRRU set,
is continually broken after receiving some data from CPE.

The problem regard exclusively Winbox service on RouterOS, bandwidth and other parameters working perfectly with very low latency.

On 6.7 is perfectly stable.

The problem is not present if one ip for wlan1 are used.

I hope is not necessary write all single passages, there is sufficent informations to understand how obtain the problem.

madpixel · Fri Mar 21, 2014 9:29 pm

There is a bug in netflow on 6.11:
In netflow data from pppoe interfaces input interface has index of output interface and output interface has index of input interface, all other netflow data from such interfaces seems to be correct.

On ethernet interfaces all netflow data is correct.

payday · Fri Mar 21, 2014 9:40 pm

wireless - add auto frequency feature; -
It will do scan, and choose the least occupied frequency automatically. This happens only once, when you apply this setting, reboot, or disable/enable interface. Similar to DFS, but with no radar-detect.

Is this option available in CAPsMAN? I cannot find it in settings.

morph027 · Fri Mar 21, 2014 10:19 pm

Tested the new CAPsMAN feature. Works so far. Autorequesting certificates did not work (same config as described in wiki article), using own self signed, all is perfect. Will play around with this next week!

Fri Mar 21, 2014 10:43 pm

NTP don't work on RouterOs 6.11.
Several ntp servers tried to no avail.
After a few hours, after reboot
see attachement

ejansson · Fri Mar 21, 2014 10:52 pm

Where is the setting for the auto frequency selection? can't seem to find it anywhere

Chupaka · Fri Mar 21, 2014 11:01 pm

NTP Client works for me on x86 (synchronizes in a few seconds), but it just says 'stopped' in WinBox (although enabled) and 'status: reached' in Terminal

blazej44800 · Fri Mar 21, 2014 11:02 pm

NTP don't work on RouterOs 6.11.
Several ntp servers tried to no avail.
After a few hours, after reboot
see attachement

For me, on RB2011-UAS-2HnD works normal.

Where is the setting for the auto frequency selection? can't seem to find it anywhere

It's last option in Frequency selectbox (auto).

huntah · Sat Mar 22, 2014 12:16 am

DHCP on VLAN seems to be working at least for me on RB751-2HND

Sat Mar 22, 2014 12:21 am

NTP on omnitik don't work sorry but it is true

NTP Client works for me on x86 (synchronizes in a few seconds), but it just says 'stopped' in WinBox (although enabled) and 'status: reached' in Terminal

Zavi · Sat Mar 22, 2014 12:41 am

Upgraded RB2011-UiAS. The "starting services" screen stays longer than usual and in log i found one more reboot with kernel failure. Then about minute aftrer start ethernet interfaces were "restarted". Built-in NTP client works, auto-frequency works. Quickset shows WISP AP page, i believe that before it was HOME AP, but i don't use it.

One problem i had was that from virtual interface was lost "static interface" setting, after reassign it works.

pitr · Sat Mar 22, 2014 2:02 am

My openvpn connections broke again like 2 releases ago. RB951's

jkarras · Sat Mar 22, 2014 3:27 am

Where is the setting for the auto frequency selection? can't seem to find it anywhere

Choose auto under the frequency selection. Its at the bottom of the list.

Iliasla · Sat Mar 22, 2014 9:35 am

Changed the design of the panels in Winbox, and not for the better. Became scary and very uncomfortable.

Return back, please, as it was in versions for 6.10 inclusive.

With greetings from participants forum.ixbt.com

zervan · Sat Mar 22, 2014 9:58 am

Changed the design of the panels in Winbox, and not for the better. Became scary and very uncomfortable. Return back, please, as it was in versions for 6.10 inclusive.

I don't have anything changed in design. Did you try to run Winbox from another computer?

EDIT: Oh, sorry, I was wrong. I thought that new design is related to new empty firewall rule which is the same. But you are right - it is changed when I fill anything.

neophyte · Sat Mar 22, 2014 10:07 am

Clauu · Sat Mar 22, 2014 10:34 am

Hi there, i'm currently running 6.5, the update package comes with the latest firmware also? Or it must be installed manually, my router has 3.10 and as i see on the router page the latest is 3.12..?

noyo · Sat Mar 22, 2014 11:03 am

47.png

Sander · Sat Mar 22, 2014 12:05 pm

Routing Mark problem returns on my RB2011L. Downgrade to 6.7 solved the problem.

morph027 · Sat Mar 22, 2014 1:55 pm

Does CAPsMAN only load on hardware that has a wireless card? I am able to see it on my upgraded RB951-2n but not on my RB750GL. I was hoping to test it by controlling the 951-2n with the 750GL.

Nope, i'm testing on one of our RB2011iL-RM atm and works fine.

challado · Sat Mar 22, 2014 1:57 pm

Bug on this new interface.
Bridge filters with in/out interface simply "disappear" from winbox but still appears on console.

yozz · Sat Mar 22, 2014 2:19 pm

What's new in 6.11 (2014-Mar-20 09:16):

*) ipsec - fix aes-cbc hardware acceleration on CCR with key sizes 192 and 256;
*) wireless - add auto frequency feature;
*) ovpn - fixed TLS renegotiation;
*) ovpn - make bridge mode work with big packets (do not leave extraneous padding);
*) ovpn - fixed require-client-certifcate;
*) ppp - revert RADIUS NAS-Port behaviour, report tunnel interface id;
*) ppp - mppe encryption together with mrru locked the router;
*) dhcp - added support for DHCP option 138 - list of CAPWAP IPv4 servers;
*) quickset - added Guest Network setup to Home AP mode;
*) console - no longer required to supply value of '/routing bgp instance vrf'
property 'instance' for 'add' command;
*) ethernet - added option to enable rx/tx flow control
(will be disabled by default);
*) ethernet - added ability to specify advertised modes for copper ports;
*) fixed 100% cpu usage on CCRs;
*) ssl - not finding CRL in local store for any certificate in trust chain will cause connection to fail;
*) lte - support for Huawei ME609 and ME909u-521;

after update. openvpn is down. CERTIFICAT autorization and md5 + blownfish128
i was removed and create new connection but session not started.

in lasted version all was worked (6.10)

now log is - session tedminated by peer(server)!!!

please recover openvpn service!!!!!!

yozz · Sat Mar 22, 2014 2:31 pm

hello! after update in my routers openvpn will not worked!

timk · Sat Mar 22, 2014 2:47 pm

Hi,

Do you know if the IP route cache filling bug (Ticket#2014031066000031) was resolved in this release?

Cheers

nicklowe · Sat Mar 22, 2014 3:58 pm

A SSTP tunnel that I have between two Mikrotik routers broke after the upgrade to 6.11.
It is configured so that the client verifies the server certificate and the server verifies the client certificate.

The certificate and server certificate derive from the same root. The root is one that I generated.

I suspect that it is this that has caused the issue somehow:

*) ssl - not finding CRL in local store for any certificate in trust chain will cause connection to fail.

If there is no CRL defined on a certificate in the trust chain, does this still cause connections to fail? If so, I assume this would be a new bug.

(Having disabled certificate validation at both ends, the tunnel is established successfully.)

Sat Mar 22, 2014 4:09 pm

All devices of following types upgraded ok:
RB2011, RB750, GrooveA 2Hn, Omnitik, SXT Lite5.

Some of them were upgraded to RouterBoot 3.13.

Changelog is missing: http://wiki.mikrotik.com/wiki/RouterBOOT_changelog ! What has changed?

milhorini · Sat Mar 22, 2014 4:48 pm

Bug in bridge with v6.11

after I upgrade my ccr 1036 and 1016, my bridge interface disappeared. And queues don't working...

only downgrade to v6.10 to solve..

pictures below

shuttle · Sat Mar 22, 2014 5:07 pm

Firmware 3.12 show as latest for RB2011UiAS-RM. Is this correct? some sources claim to use 3.13 on routerboards, generally.

stmx38 · Sat Mar 22, 2014 6:15 pm

My openvpn connections broke again like 2 releases ago. RB951's

ROS 6.11 - RB-951G-2HnD - OVPN Server
ROS 6.11 - RB-951G-2HnD - OVPN Client

All working fine as it was in 6.10, 6,9.

stroebs · Sat Mar 22, 2014 10:07 pm

Hi,

Do you know if the IP route cache filling bug (Ticket#2014031066000031) was resolved in this release?

Cheers

This is perhaps the same issue I'm having.

Everything on later 3 (IP) stops responding after a while, can still MAC Winbox but that's about it.

Devices this is happening on in my personal experience:
CCR1016-12G
RB 433UAH
RB SXT 5nD r2

dlj87 · Sat Mar 22, 2014 10:30 pm

OpenVPN server doesn't work. TLS failed appears in the log. Downgrade to 6.10

miszak · Sun Mar 23, 2014 12:58 am

In version 6.11 I can't see a greater amount of ports entered in the firewall rule. I have to scroll through them

Trisc · Sun Mar 23, 2014 10:09 am

Mangle rules no longer working in 6.11 - routing marks have no effect. Downgraded back to 6.10 and everything works again.

+1 with the quality control comment!

milhorini · Sun Mar 23, 2014 10:16 am

serious BUG in v6.11....

my tecnical suport upgrade two ccr (1 ccr 1016 and 1 1036) both with v6.10 and last routerboot...

after upgrade the problems below appeared.

my 1016 ccr don't return.. just return after netinstall procedure.. BIG problem....
ok after two routeboard with v6.11
bridge interfaces dissapear
filter bridge interfaces dissapear
just show me 1 hotspot nat filter rule... regular had more than 5....
simple queue don't working... don't had bandwidth control in my network....

solution... downgrade to v6.10 and save my weekend...

this just show that routerOs don't have TDD... in 2014 oHHHHHH.....

sorry my bad english...

Norman29 · Sun Mar 23, 2014 12:57 pm

Can not change the ip adress of the local network in quick settings??
The ip adress has changed form the original one to 192.168.2.250??
Edit2: fixed the above, my fault, wrong config.

And what is WISP AP??

mk.jpg

Edit:
Some wireless settings where changed without touching them, like Channel Width...
In Interfaces, settings for masterport where changed...

fronczek · Sun Mar 23, 2014 2:28 pm

Can you please revert width of text fields in WinBox????

visalink · Sun Mar 23, 2014 5:09 pm

Bug on this new interface.
Bridge filters with in/out interface simply "disappear" from winbox but still appears on console.

Also have this problem.
Mikrotik always surprising with their releases ...

blazej44800 · Sun Mar 23, 2014 6:22 pm

Routing Mark problem returns on my RB2011L. Downgrade to 6.7 solved the problem.

I had also problems. CPU was 100% after changing Routing tables. I downgraded to 6.10 and it's ok.

jcem · Sun Mar 23, 2014 10:41 pm

Hi!

If you have high or 100% CPU, try closing some or all windows inside Winbox

or start a fresh session(don't Load previous session)

Works for me. Maybe some old info is stored in the "Previous Session profile....

RGDS
Jörgen

killersoft · Sun Mar 23, 2014 11:09 pm

NTP Client has stopped working on both of my RB Metal 2SHPn's after upgrading from 6.10 to 6.11.
It just displays the word 'reached' in Winbox, and that's all it does.

Majklik · Mon Mar 24, 2014 12:03 am

A SSTP tunnel that I have between two Mikrotik routers broke after the upgrade to 6.11.
It is configured so that the client verifies the server certificate and the server verifies the client certificate.

The certificate and server certificate derive from the same root. The root is one that I generated.

I suspect that it is this that has caused the issue somehow:

*) ssl - not finding CRL in local store for any certificate in trust chain will cause connection to fail.

If there is no CRL defined on a certificate in the trust chain, does this still cause connections to fail? If so, I assume this would be a new bug.

(Having disabled certificate validation at both ends, the tunnel is established successfully.)

Yes, it looks like this with ROS6.11. At moment, when is enabled certificate verification then must be used a CRL list. If CA certificate do not have specified URL for the CRL distribution (thus CRL is not downloaded and stored in the router) then check fail.

zervan · Mon Mar 24, 2014 12:14 am

Careful while upgrading there are ton of bugs - possible u have to do master reset

It is not so bad - I've upgrade all of my 16 various routers and everything works so far.

What Ive want to ask is, there are new futures on ether Auto Negotiation TAB
Tx/Rx Row Control
and Advertise
since I cant find nothing on wiki what exactly those options do?

It is on wiki (Flow Control, not Row), see http://wiki.mikrotik.com/wiki/Manual:In ... Properties

Lakis · Mon Mar 24, 2014 1:59 am

Careful while upgrading there are ton of bugs - possible u have to do master reset
It is not so bad - I've upgrade all of my 16 various routers and everything works so far.

What Ive want to ask is, there are new futures on ether Auto Negotiation TAB
Tx/Rx Row Control
and Advertise
since I cant find nothing on wiki what exactly those options do?
It is on wiki (Flow Control, not Row), see http://wiki.mikrotik.com/wiki/Manual:In ... Properties

yea dude u almost got me

row.png

patrickmkt · Mon Mar 24, 2014 3:11 am

I upgraded a rb2011uas-2HnD from 6.9 to 6.11 and now I can't connect my windows OVPN client to the ROS OVPN server anymore.

The log show: disconnected <TLS failed>

I've checked that the CA and intermediate CA have both a LT status, while the rb2011 cert has a KT status.

If I uncheck the 'require client certificate' in the OVPN server parameters the connection works, but that would defeat the purpose of having a cert authentication in the first place.

kadosc · Mon Mar 24, 2014 4:09 am

In my RB1100AHx2 with 500 pppoe connections, i´ve seen 2 times a big drop in the troughput in clients interface, after i reboot, everything back to normal.. some hours after when i changed a ARP entry, the same occours, reboot again.. back to normal.. i will downgrade to 6.7..

Sander · Mon Mar 24, 2014 4:26 am

SSTP connects 6.11 and 5.26 failed with "tls shutdown". Downgrade to 6.7 solved problem.

274.png

Ulypka · Mon Mar 24, 2014 6:09 am

Routing Mark problem returns on my RB2011L. Downgrade to 6.7 solved the problem.

+1
any route mark unreachable

leoktv · Mon Mar 24, 2014 8:47 am

Routing Mark problem returns on my RB2011L. Downgrade to 6.7 solved the problem.
+1
any route mark unreachable

Hi
All my routingmarks are working ok. Make a supout.rif file and send to support@mikrotik.com so they are able to find your problem.

adyb76 · Mon Mar 24, 2014 10:57 am

Upgraded CCR1036 which is used solely for QoS and reverted to 6.10 this morning.

Routerboard locked up several times, had to MAC telnet onto device to issue reboot command.

Mon Mar 24, 2014 11:00 am

Upgraded CCR1036 which is used solely for QoS and reverted to 6.10 this morning.

Routerboard locked up several times, had to MAC telnet onto device to issue reboot command.

In such situations it's best to make supout.rif file, and email support, before downgrading. Otherwise we can't fix such problem, if you are the only one that had it.

patrick7 · Mon Mar 24, 2014 12:31 pm

At the upgrade from 6.4 to 6.11 some ipsec settings were resetted (eg. Peer AES/SHA -> 3DES/MD5). Someone else?

plankanater · Mon Mar 24, 2014 1:24 pm

Bug on this new interface.
Bridge filters with in/out interface simply "disappear" from winbox but still appears on console.

+1

Mon Mar 24, 2014 2:59 pm

In my RB1100AHx2 with 500 pppoe connections, i´ve seen 2 times a big drop in the troughput in clients interface, after i reboot, everything back to normal.. some hours after when i changed a ARP entry, the same occours, reboot again.. back to normal.. i will downgrade to 6.7..

Please email support with your supout.rif file, we would like to find the cause of this issue.

visalink · Mon Mar 24, 2014 3:24 pm

Can you please revert width of text fields in WinBox????
+1

+1

Normis , this is a modification or a bug?

visalink · Mon Mar 24, 2014 3:25 pm

Bug on this new interface.
Bridge filters with in/out interface simply "disappear" from winbox but still appears on console.

+1

+1

Normis, supout.rif is necessary to know this?

voxframe · Mon Mar 24, 2014 6:42 pm

Normis,

Is the winbox text box a bug or on purpose? It is HORRIBLE!

Please revert this back to the previous behavior. I don't see any logic in this change (If it is not a bug)

Seriously, what's happening with the quality control at MT? This is crazy the bugs people are finding. Most are accurate and are able to be reproduced, so they are legitimate. This should not be happening.

elgrandiegote · Mon Mar 24, 2014 7:38 pm

is very frustrating as a new version to try absolutely anything goes, very unprofessional!!!

DmitriiP · Mon Mar 24, 2014 10:40 pm

Why 99% of users just simple complain without simpliest help to developers?

1) make all config backup
2) update
3) if have some problems
- make supout.rif
- reset router
- restore config
- if (fail restore/or same problem) -> make second supout.rif
4) revert for working 5.xx 6.xx and restore config
5) Send supout.rif's to support@mikrotik.com and wait .......

This is more efficient then don't like/worse/disappointed/+1

TonyJr · Tue Mar 25, 2014 12:17 am

Why 99% of users just simple complain without simpliest help to developers?

1) make all config backup
2) update
3) if have some problems
- make supout.rif
- reset router
- restore config
- if (fail restore/or same problem) -> make second supout.rif
4) revert for working 5.xx 6.xx and restore config
5) Send supout.rif's to support@mikrotik.com and wait .......

This is more efficient then don't like/worse/disappointed/+1

I agree, it is getting like children in a playground now.

The correct procedure for dealing with problems and errors is repeated over and over again.

The forum is not for official support from MikroTik staff. It is supposed to be a nice community based forum.

Sent from my BlackBerry 9900 using Tapatalk

DmitriiP · Tue Mar 25, 2014 4:02 am

I don't like to be betatester too for released products.
In last two years i don't meet (software/game/system for pc/mac/phones/mediaplayers/control systems/routers/..) update at all that didn't break anything working before
Every time first impression "wow they fix this", second "f..k for what they break that?"

But this is how it is and Impression's don't help for resolving problems.....

m3gaman · Tue Mar 25, 2014 6:11 am

There's a post from user "ropebih" showing his dificulties on ccr with ipv6 where dhcp server gone( http://forum.mikrotik.com/viewtopic.php?f=2&t=83215 ), the problem happens here too(dell server). It occurs when whe use DHCPv6-PD pool option in pppoe profile. The pppoe conects them send the ipv6 pool and if the pppoe conection drop the dhcp-server gone and only solutiuon is to reboot the router.

exxtreme · Tue Mar 25, 2014 7:50 am

what is auto feature in this version?

Dadon · Tue Mar 25, 2014 8:22 am

Bug on this new interface.
Bridge filters with in/out interface simply "disappear" from winbox but still appears on console.

+1
+1

Normis, supout.rif is necessary to know this?

+1

Dadon · Tue Mar 25, 2014 8:34 am

In my RB1100AHx2 with 500 pppoe connections, i´ve seen 2 times a big drop in the troughput in clients interface, after i reboot, everything back to normal.. some hours after when i changed a ARP entry, the same occours, reboot again.. back to normal.. i will downgrade to 6.7..

+1 No add static ARP entry

Raf · Tue Mar 25, 2014 9:02 am

Why 99% of users just simple complain without simpliest help to developers?

1) make all config backup
2) update
3) if have some problems
- make supout.rif
- reset router
- restore config
- if (fail restore/or same problem) -> make second supout.rif
4) revert for working 5.xx 6.xx and restore config
5) Send supout.rif's to support@mikrotik.com and wait .......

This is more efficient then don't like/worse/disappointed/+1

Bug tracking system is needed. 'nuff saif. E-mail with tickets is rather... old solution. Other users can't see my problem(s) and if they have it also, they could leave their observations on bug track. Atlassian Jira or something different and many problems could be gone.

ok2slc · Tue Mar 25, 2014 9:10 am

I upgraded a rb2011uas-2HnD from 6.9 to 6.11 and now I can't connect my windows OVPN client to the ROS OVPN server anymore.

The log show: disconnected <TLS failed>

I've checked that the CA and intermediate CA have both a LT status, while the rb2011 cert has a KT status.

If I uncheck the 'require client certificate' in the OVPN server parameters the connection works, but that would defeat the purpose of having a cert authentication in the first place.
Same problem here!

+1

rextended · Tue Mar 25, 2014 10:43 am

Ticket#2014031766000331
6.10 BUG: user-manager profile limitation can not add profile limitation on command line when default admin customer are renamed, because missing "owner=" parameter.

This bug is still present on last official 6.11.

the error are replicable:
install with netinstall 6.11 whit NO keep old configuration
routeros-mipsbe-6.11.npk
user-manager-6.11-mipsbe.npk
on a RB750UP with bios 3.13 [hardware no matter...]

on
Code: Select all
/tool user-manager profile limitation add name=test2
missing the possibility to set
Code: Select all
owner=notadmin
parameter
it suppose everytime the owner are "admin" only.

I paste the terminal output:
[admin@MikroTik] > /tool user-manager profile limitation
[admin@MikroTik] /tool user-manager profile limitation> print
# NAME OWNER
[admin@MikroTik] /tool user-manager profile limitation> add name=test
[admin@MikroTik] /tool user-manager profile limitation> print
# NAME OWNER
0 test admin
[admin@MikroTik] /tool user-manager profile limitation> /tool user-manager customer
[admin@MikroTik] /tool user-manager customer> print
Flags: X - disabled
0 login="admin" password="" backup-allowed=yes time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no paypal-secure-response=no paypal-accept-pending=no
[admin@MikroTik] /tool user-manager customer> set 0 login=notadmin
[admin@MikroTik] /tool user-manager customer> print
Flags: X - disabled
0 login="notadmin" password="" backup-allowed=yes time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no paypal-secure-response=no paypal-accept-pending=no
[admin@MikroTik] /tool user-manager customer> /tool user-manager profile limitation
[admin@MikroTik] /tool user-manager profile limitation> print
# NAME OWNER
0 test notadmin
[admin@MikroTik] /tool user-manager profile limitation> add name=test2
failure: customer does not exist
[admin@MikroTik] /tool user-manager profile limitation>
[admin@MikroTik] /tool user-manager profile limitation>add name=test2 (!!!TAB key pressed!!!)
address-list comment copy-from download-limit group-name ip-pool rate-limit-... transfer-limit upload-limit uptime-limit
[admin@MikroTik] /tool user-manager profile limitation> add name=test2 owner=notadmin
expected end of command (line 1 column 16)
[admin@MikroTik] /tool user-manager profile limitation>

Still present on x86 6.12 2014/03/24 08:25:43

rextended · Tue Mar 25, 2014 10:44 am

Good morning, after upgrade I see this - the select box is not full width in WinBox. It's normal or bug? I didn't see this in earlier versions.

screenshot-ros.png

Still present on x86 6.12 2014/03/24 08:25:43

soosp · Tue Mar 25, 2014 11:46 am

OpenVPN server doesn't work. TLS failed appears in the log. Downgrade to 6.10

+1

karina · Tue Mar 25, 2014 1:11 pm

I must admit it is difficult to know which Comments are actual Bugs confirmed by Mikrotik and which are not. Assuming users are reporting these things to Mikrotik in the proper way and not just posting here. Mikrotik have never posted an official Bug list. This feature would not only help us but stop a lot of negative posting which must be really be gut wrenching for the developers who work extremely hard and deserve a bit more credit for producing the worlds greatest routing OS. I will post a feature request for this. the more users that do the same the more chance Mikrotik will consider the idea

drank · Tue Mar 25, 2014 1:57 pm

Why 99% of users just simple complain without simpliest help to developers?

1) make all config backup
2) update
3) if have some problems
- make supout.rif
- reset router
- restore config
- if (fail restore/or same problem) -> make second supout.rif
4) revert for working 5.xx 6.xx and restore config
5) Send supout.rif's to support@mikrotik.com and wait .......

This is more efficient then don't like/worse/disappointed/+1

Great tip, thanks. But how is this preventing us from stumbling on regression bugs, which are the most often mentioned ones here? Too many of them. Which means MikroTik do not do any QA whatsoever and rely on the end-users to do the testing. I'm a SOHO user so it's fine with me but there are many who use MT in production and its not their duty to do MT's job.

IMHO MT have some issues in the software department, maybe lack of resources. It still puzzles me though why they do not deploy an issue tracking system.

Great thread though - it helped me not update to 6.11

Best regards

Tue Mar 25, 2014 2:08 pm

I must admit it is difficult to know which Comments are actual Bugs confirmed by Mikrotik and which are not. Assuming users are reporting these things to Mikrotik in the proper way and not just posting here. Mikrotik have never posted an official Bug list. This feature would not only help us but stop a lot of negative posting which must be really be gut wrenching for the developers who work extremely hard and deserve a bit more credit for producing the worlds greatest routing OS. I will post a feature request for this. the more users that do the same the more chance Mikrotik will consider the idea

Unfortunately 90% of issues posted here, are never reported to support, even if we ask for more info. Many issues are config problems and some issues are very specific to the config user has made in their device.

rextended · Tue Mar 25, 2014 2:25 pm

I must admit it is difficult to know which Comments are actual Bugs confirmed by Mikrotik and which are not. Assuming users are reporting these things to Mikrotik in the proper way and not just posting here. Mikrotik have never posted an official Bug list. This feature would not only help us but stop a lot of negative posting which must be really be gut wrenching for the developers who work extremely hard and deserve a bit more credit for producing the worlds greatest routing OS. I will post a feature request for this. the more users that do the same the more chance Mikrotik will consider the idea
Unfortunately 90% of issues posted here, are never reported to support, even if we ask for more info. Many issues are config problems and some issues are very specific to the config user has made in their device.

Ticket#2014031766000331
6.10 BUG: user-manager profile limitation can not add profile limitation on command line when default admin customer are renamed, because missing "owner=" parameter.

Still present on x86, mpls, ppc [not try other] 6.12 2014/03/24 08:25:43 two verson later.

Anyone open winbox / ip / firewall on 6.11 can see misaligned active fields:
On 6.11 or 6.12 open Winbox 2.2.18 (download from mikrotik.com or from http://$routerboardip/ is the same)
Go to IP, Firewall, NAT,
Click on "+",
On General tab, click on any field,
The field are now aligned on the right and the space available is small.
Still present on x86,mipsle,ppc [not try other] 6.12 2014/03/24 08:25:43

I must try on new 6.12: "The winbox service over pppoe from 6.8 are unstable, worst from 6.10 and 6.11".
I'm not sure if is solved on x86 6.12 2014/03/24 08:25:43 two verson later.

Tue Mar 25, 2014 2:29 pm

6.11 another version to skip?
Seem to yes. And i think it will be good - skip all versions with a new PPP package and new features up to 6.18 at least. If You do not want be beta tester of Muikrotik, of course. We will have stable version in about a year with this style of development

What problems do you have in v6.11?

Tue Mar 25, 2014 2:31 pm

E-mail with tickets is rather... old solution. Other users can't see my problem(s) and if they have it also, they could leave their observations on bug track. Atlassian Jira or something different and many problems could be gone.

This has been discussed. Most of the reports are not bugs. Bug tracker would quickly fill up with false reports and config problems, and cause panic among other users.

Tue Mar 25, 2014 2:32 pm

What about the bug in SSTP (Mikrotik server, connecting from windows 7/8 client)? It simply stopped working in 6.8 and higher. I am still using 6.7.
http://forum.mikrotik.com/viewtopic.php?f=1&t=81644
Is the issue still there, or can somebody claim, it works again?
Thx

SSTP problems were fixed in v6.9, it works fine in v6.11 also.

rextended · Tue Mar 25, 2014 2:34 pm

# TAG # lastcheck

Seem to yes. And i think it will be good - skip all versions with a new PPP package and new features up to 6.18 at least. If You do not want be beta tester of Muikrotik, of course. We will have stable version in about a year with this style of development
What problems do you have in v6.11?

some_bug_togheter.PNG

Some of the problems, with ticket already opened from 6.10:
http://forum.mikrotik.com/viewtopic.php ... 00#p417209

Tue Mar 25, 2014 2:41 pm

NTP package has not been changed (zero commits) for the last year at least. Please check if your NTP server is responding, or try a different NTP server.
Winbox field width is a bug, and is confirmed, don't worry, it will not remain like this.

Everyone please stick to topic. Unrelated complaints should be posted in a different topic or emailed to MikroTik.

visalink · Tue Mar 25, 2014 2:41 pm

E-mail with tickets is rather... old solution. Other users can't see my problem(s) and if they have it also, they could leave their observations on bug track. Atlassian Jira or something different and many problems could be gone.
This has been discussed. Most of the reports are not bugs. Bug tracker would quickly fill up with false reports and config problems, and cause panic among other users.

Normis, and these are bugs?

rextended · Tue Mar 25, 2014 2:42 pm

... cause panic among other users ...

Cause more panic seeing old bug (with ticket) not solved, and continuosly discovering new, with new version.

You staff never think about:
6. odd = stable, fixed all bug already discovered, and no single one new features. code untouched, only for fix bug.
6. even = for relasing and testing new features?

Tue Mar 25, 2014 2:43 pm

MikroTik do not do any QA whatsoever and rely on the

This version was running on several hundred volunteer networks for more than a week, before we released it. The bugs that are found here only are apparent in very specific situations, and don't apply to everybody.

rextended · Tue Mar 25, 2014 2:48 pm

... NTP package has not been changed (zero commits) for the last year at least. Please check if your NTP server is responding, or try a different NTP server. ...

Exactly, you have right, there is no problem in NTP packages, if you not put ntp client on CPE can obtain IP trough pppoe-client, tested on 6.8.....6.12

But if the ntp client are configured on CPE can obtain IP trough pppoe-client, sometime ntp-client stop working, are worst from 6.11

rextended · Tue Mar 25, 2014 2:51 pm

MikroTik do not do any QA whatsoever and rely on the
This version was running on several hundred volunteer networks for more than a week, before we released it. The bugs that are found here only are apparent in very specific situations, and don't apply to everybody.

How is possible this 6.8~6.10 bug (fixed from 6.11rc1 v4):
*) ppp - mppe encryption together with mrru locked the router;
Never happen with testers, how many specific situations is?

But do not worry, from some weeks I am inside the group of volunteer....

rextended · Tue Mar 25, 2014 2:54 pm

For Normis only:

Es ceru, ka ne apvainot, neprot angļu valodu, mans negribēja būt pretrunas.

Es atvainojos, tikai gadījumā, ja es aizvainojis tevi.

Paldies vēlreiz.

drank · Tue Mar 25, 2014 3:00 pm

This version was running on several hundred volunteer networks for more than a week, before we released it. The bugs that are found here only are apparent in very specific situations, and don't apply to everybody.

There is a difference between running a software and testing the software. Testing implies focus on finding bugs and regressions in ALL subsystems. Running only slightly touches some of the subsystems. Your answer proves the point that MT is lacking in the QA dep. I hope this does not get deleted as well

Best regards

Tue Mar 25, 2014 3:03 pm

This version was running on several hundred volunteer networks for more than a week, before we released it. The bugs that are found here only are apparent in very specific situations, and don't apply to everybody.
There is a difference between running a software and testing the software. Testing implies focus on finding bugs and regressions in ALL subsystems. Running only slightly touches some of the subsystems. Your answer proves the point that MT is lacking in the QA dep. I hope this does not get deleted as well

Best regards

I can assure you, all kinds of testing is done prior to release. You are still missing the point. Most of the posts here are not bugs.

Drank, do you have any issues in v6.11? Have you already emailed MikroTik support?

rextended · Tue Mar 25, 2014 3:04 pm

This version was running on several hundred volunteer networks for more than a week, before we released it. The bugs that are found here only are apparent in very specific situations, and don't apply to everybody.
There is a difference between running a software and testing the software. Testing implies focus on finding bugs and regressions in ALL subsystems. Running only slightly touches some of the subsystems. Your answer proves the point that MT is lacking in the QA dep. I hope this does not get deleted as well

Best regards

PLEASE, now we must stop complain.
Expend your time, instead, to case study on bug, and how exactly duplicate the problem.
AND WHEN YOU CAN DUPLICATE THE BUG, SEND THE PROCEDURE BY E-MAIL to support@mikrotik.com

drank · Tue Mar 25, 2014 3:14 pm

Drank, do you have any issues in v6.11? Have you already emailed MikroTik support?

No, since I have not yet upgraded to 6.11. But OK, I will, so that I do not speak without facts. I can always revert to 6.10, right?

Thanks and best regards

rextended · Tue Mar 25, 2014 3:16 pm

I have just rebooted my CPE with 6.12alpha at my home, for test winbox/pppoe-client bug posted before in this thread, for see if are solved.

Too much time the users have problem with (for example) 6.5 but never install 6.11 WITH CLEAN INSTALLATION AND CLEAN RECONFIGURATION for see if the problem are solved or not.

rextended · Tue Mar 25, 2014 3:22 pm

the problem is still present on 6.12 "alpha"
winbox on pc directly connected on ethernet on gateway
inside the gateway are a pppoe-server mppe encrypted with mrru 1614
remote cpe (over various other machine) are taking ip address from pppoe-client

the winbox link from pc to cpe freeze after some kb of traffic inbound from cpe to pc.

Must revert to 6.7 for make disappear this bug.

Tue Mar 25, 2014 3:23 pm

the problem is still present on 6.12 "alpha"
winbox on pc directly connected on ethernet on gateway
inside the gateway are a pppoe-server mppe encrypted with mrru 1614
remote cpe (over various other machine) are taking ip address from pppoe-client

the winbox link from pc to cpe freeze after some kb of traffic inbound from cpe to pc.

Must revert to 6.7 to disappear this bug.

Tell me your Support ticket number, I will check if there is any progress with your report

rextended · Tue Mar 25, 2014 3:28 pm

the problem is still present on 6.12 "alpha"
winbox on pc directly connected on ethernet on gateway
inside the gateway are a pppoe-server mppe encrypted with mrru 1614
remote cpe (over various other machine) are taking ip address from pppoe-client

the winbox link from pc to cpe freeze after some kb of traffic inbound from cpe to pc.

Must revert to 6.7 to disappear this bug.

Tell me your Support ticket number, I will check if there is any progress with your report

(I hope your read my previous message for you)

I like to be extreme precise with bug report,
please see:
http://forum.mikrotik.com/viewtopic.php ... 00#p411334 (I miss the ticket number in the post, but are solved on 6.11)
and
http://forum.mikrotik.com/viewtopic.php ... 00#p417160 (not solved from 6.6)
for example.

I must write the exact procedure of how duplicate the problem, before send to support.

The email sended to support have exact the same detail as in the posts.

Thanks for your attention.

patrickmkt · Tue Mar 25, 2014 3:34 pm

Unfortunately 90% of issues posted here, are never reported to support, even if we ask for more info. Many issues are config problems and some issues are very specific to the config user has made in their device.

Normis, how can you do a supout of a router but omitting private information like password and keys? Not that I don't trust you, but it will go against our security policy. And I can't afford to have a spare unit of each single router to create a second config without sensitive info just to do a test for you and send a supout.

Tue Mar 25, 2014 3:35 pm

Unfortunately 90% of issues posted here, are never reported to support, even if we ask for more info. Many issues are config problems and some issues are very specific to the config user has made in their device.
Normis, how can you do a supout of a router but omitting private information like password and keys? Not that I don't trust you, but it will go against our security policy. And I can't afford to have a spare unit of each single router to create a second config without sensitive info just to do a test for you and send a supout.

passwords and keys are not included in these files. you can already check what the file contains if you log into your mikrotik.com account, and use the "supout.rif viewer" tool.

rextended · Tue Mar 25, 2014 3:39 pm

the problem is still present on 6.12 "alpha"
winbox on pc directly connected on ethernet on gateway
inside the gateway are a pppoe-server mppe encrypted with mrru 1614
remote cpe (over various other machine) are taking ip address from pppoe-client

the winbox link from pc to cpe freeze after some kb of traffic inbound from cpe to pc.

Must revert to 6.7 for make disappear this bug.

Disable encryption over pppoe-client (with no MRRU, MRRU=1600 or MRRU=1614 not matter) solve the problem.

Also the NTP work again as expected disabling pppoe-client encription.

I tink the problem are on new mppe encryption packages maded from 6.8,

in same way obstruct "output" chain from packet generated by router services...

[process ppp-mppe on tool / profile go to 50% CPU without any traffic...
like to be connected with this bug already solved:
*) ppp - mppe encryption together with mrru locked the router;]

Insider · Tue Mar 25, 2014 4:54 pm

RB 2011 UAS under 6.11 after some period CPU 100load, then it exits some services.. Hard to reboot remotely.. take long time.. Solution downgrade back to 6.9

rextended · Tue Mar 25, 2014 5:25 pm

[Ticket#2014032566001217]
BUG 6.12: Replicable kernel crash when try to discover why winbox not working well from 6.8 over IP obtained from pppoe-client

Hi,

when I try to replicate this problem:

"Winbox connection freeze after some kb received over mppe encrypted connection"
RouterOS version affected: all from 6.8, 6.9, 6.10, 6.11, 6.12 (2014/03/24)
From 6.10 the problem go worst.

I get continuosly kernel failure and routerboard reboot with this configuration:

For this example I use one RB1100AHx2 and one RB951G-2HnD,
netinstalled with ***NO*** Keep old configuration and routeros-powerpc-6.12.npk / routeros-mipsbe-6.12.npk
both have last 3.10 / 3.12 bios.

The connection maded with ethernet cable are:

PC -> PoE - > ether13 RB1100AHx2
RB1100AHx2 ether2 -> RB951G-2HnD ether2
power jack -> RB951G-2HnD

The PoE and the ethernet cable do not matter, also tried to change.

RB1100AHx2 and RB951G-2HnD:
after netinstall
disable all packages except for:
routeros-powerpc / routeros-mipsbe
ppp
system
and reboot

paste this on RB1100AHx2 terminal

ros code

/interface eoip
add keepalive=10 local-address=192.168.3.1 mac-address=02:AE:6D:55:61:E2 name=eoip-tunnel1 remote-address=192.168.3.2 tunnel-id=666
/interface bridge settings
set use-ip-firewall=yes
/interface pppoe-server server
add authentication=mschap2 default-profile=default-encryption disabled=no interface=eoip-tunnel1 mrru=1614 service-name=service1
/ip address
add address=192.168.2.1/24 interface=ether13 network=192.168.2.0
add address=192.168.3.1/24 interface=ether2 network=192.168.3.0
/ip firewall connection tracking
set enabled=yes
/ppp secret
add local-address=10.0.0.1 name=test password=test profile=default-encryption remote-address=10.0.0.2
/system identity
set name="Test Gateway"

paste this on RB951G-2HnD terminal

ros code

/interface eoip
add keepalive=10 local-address=192.168.3.2 mac-address=02:08:2C:28:55:D6 name=eoip-tunnel1 remote-address=192.168.3.1 tunnel-id=666
/interface pppoe-client
add ac-name="" add-default-route=yes allow=mschap2 default-route-distance=1 dial-on-demand=no disabled=no interface=eoip-tunnel1 keepalive-timeout=60 max-mru=1480 max-mtu=1480 mrru=1614 name=pppoe-out1 password=test profile=default-encryption \
    service-name="" use-peer-dns=yes user=test
/interface bridge settings
set use-ip-firewall=yes
/ip address
add address=192.168.3.2/24 interface=ether2 network=192.168.3.0
/ip firewall connection tracking
set enabled=yes
/system identity
set name="Test CPE"

When you open with winbox 10.0.0.2 [after 1 hour, or 1 minutes are equal]
the RB1100AHx2 continuosly reboot / freeze without creating any autosupout.rif,
but with kernel failure on log and on terminal on serial port:

[admin@Test Gateway] /file> Oops: Exception in kernel mode, sig: 5 [#1]
SMP NR_CPUS=2 RB1120
NIP: 8021a730 LR: 8021a46c CTR: 00000000
REGS: dffefd30 TRAP: 0700   Not tainted  (3.3.5-smp)
MSR: 00029000 <CE,EE,ME>  CR: 42000028  XER: 20000000
TASK = 8036d3c0[0] 'swapper/0' THREAD: 80380000 CPU: 0
GPR00: 8021a46c dffefde0 8036d3c0 fffffff2 de6f58aa 00000001 de6f4e50 dc870cd2
GPR08: 120ff29a 0000001d 00000000 8021a400 42000022 00000001 dd9fc300 00000012
GPR16: 00000003 00000000 e1811a40 000005e2 de6dd414 e1811a2c e18119c8 e18119ec
GPR24: 00000012 e1811828 de6dd484 0000003b 000000fd dd9fc300 dd9fc300 de6dd3c0
NIP [8021a730] __pskb_pull_tail+0x330/0x340
LR [8021a46c] __pskb_pull_tail+0x6c/0x340
Call Trace:
[dffefde0] [8021a46c] __pskb_pull_tail+0x6c/0x340 (unreliable)
[dffefe00] [e180df30] ppp_register_channel+0xb20/0x1b4c [ppp_generic@0xe180c000]
[dffefe30] [e180f8d4] ppp_output_wakeup+0x978/0xa20 [ppp_generic@0xe180c000]
[dffefe90] [e180fb30] ppp_input+0xf0/0x12a4 [ppp_generic@0xe180c000]
[dffefeb0] [e18494d0] 0xe18494d0 [pppoe@0xe1849000]
[dffefed0] [80221f9c] __netif_receive_skb+0x220/0x400
[dffeff30] [802224a0] process_backlog+0xac/0x178
[dffeff60] [80223870] net_rx_action+0xc0/0x170
[dffeffa0] [80031a14] __do_softirq+0xf4/0x178
[dffefff0] [8000c054] call_do_softirq+0x14/0x24
[80381e80] [80003f5c] do_softirq+0x98/0xc4
[80381ea0] [80031d84] irq_exit+0xa0/0xd4
[80381eb0] [80003c44] do_IRQ+0x94/0x190
[80381ee0] [8000d71c] ret_from_except+0x0/0x18
--- Exception: 501 at cpu_idle+0x8c/0xe0
    LR = cpu_idle+0x8c/0xe0
[80381fc0] [8034076c] start_kernel+0x2d4/0x2e8
[80381ff0] [800003f8] skpinv+0x2e4/0x320
Instruction dump:
7fdcf378 3b400000 4bffffa0 7fc3f378 7c84f850 4bfffced 2f830000 409eff9c
7f43d378 4bffe9c9 38600000 4bffff00 <0fe00000> 38c00001 7cc903a6 4bfffd90
---[ end trace 72421d3cf3d534d4 ]---

Kernel panic - not syncing: Fatal exception in interrupt

panicSaver: dumping panic to flash
flash: erase 10
flash: prg 10
flash: prg err 0
Rebooting in 1 seconds..
------------[ cut here ]------------
Kernel BUG at 800a3a70 [verbose debug info unavailable]
Oops: Exception in kernel mode, sig: 5 [#2]
SMP NR_CPUS=2 RB1120
NIP: 800a3a70 LR: 800113ec CTR: 00000000
REGS: dffefa60 TRAP: 0700   Tainted: G      D       (3.3.5-smp)
MSR: 00021000 <CE,ME>  CR: 22000024  XER: 20000000
TASK = 8036d3c0[0] 'swapper/0' THREAD: 80380000 CPU: 0
GPR00: 800113ec dffefb10 8036d3c0 00001000 00000001 00000001 e1000000 edffc000
GPR08: 000000d0 80017554 00000300 fffffffd 22000024 00000001 dd9fc300 00000012
GPR16: 00000003 00000000 e1811a40 000005e2 de6dd414 e1811a2c e18119c8 e18119ec
GPR24: 80017554 80380000 e1000000 edffc000 000000d0 00000001 00000001 80017554
NIP [800a3a70] __get_vm_area_node.isra.31+0x34/0x180
LR [800113ec] __ioremap_caller+0x170/0x1a4
Call Trace:
[dffefb10] [e137c43c] flash_fixed_cmd+0x140/0x204 [flash@0xe137b000] (unreliable
)
[dffefb40] [800113ec] __ioremap_caller+0x170/0x1a4
[dffefb70] [80017554] rb1120_restart+0x68/0xa4
[dffefb90] [8000b35c] machine_restart+0x48/0x60
[dffefbb0] [802ad3b0] panic+0x198/0x1e8
[dffefc00] [800096b4] die+0x244/0x284
[dffefc30] [8000984c] _exception+0x100/0x114
[dffefd20] [8000d6d0] ret_from_except_full+0x0/0x4c
--- Exception: 700 at __pskb_pull_tail+0x330/0x340
    LR = __pskb_pull_tail+0x6c/0x340
[dffefe00] [e180df30] ppp_register_channel+0xb20/0x1b4c [ppp_generic@0xe180c000]
[dffefe30] [e180f8d4] ppp_output_wakeup+0x978/0xa20 [ppp_generic@0xe180c000]
[dffefe90] [e180fb30] ppp_input+0xf0/0x12a4 [ppp_generic@0xe180c000]
[dffefeb0] [e18494d0] 0xe18494d0 [pppoe@0xe1849000]
[dffefed0] [80221f9c] __netif_receive_skb+0x220/0x400
[dffeff30] [802224a0] process_backlog+0xac/0x178
[dffeff60] [80223870] net_rx_action+0xc0/0x170
[dffeffa0] [80031a14] __do_softirq+0xf4/0x178
[dffefff0] [8000c054] call_do_softirq+0x14/0x24
[80381e80] [80003f5c] do_softirq+0x98/0xc4
[80381ea0] [80031d84] irq_exit+0xa0/0xd4
[80381eb0] [80003c44] do_IRQ+0x94/0x190
[80381ee0] [8000d71c] ret_from_except+0x0/0x18
--- Exception: 501 at cpu_idle+0x8c/0xe0
    LR = cpu_idle+0x8c/0xe0
[80381fc0] [8034076c] start_kernel+0x2d4/0x2e8
[80381ff0] [800003f8] skpinv+0x2e4/0x320
Instruction dump:
9421ffd0 bf010010 542a0024 90010034 7c9d2378 7cbe2b78 7cda3378 814a000c
7cfb3b78 7d1c4378 7d384b78 554a016e <0f0a0000> 70a90001 41820018 7c690034
---[ end trace 72421d3cf3d534d5 ]---

I hope that I've explained everything well and sufficently detailed all.

Thanks to all.

lancang76 · Tue Mar 25, 2014 5:46 pm

http://forum.mikrotik.com/posting.php?mode=smilies&f=1#

Normis, Your upgrade version 6.11 Truly BIG PROBLEM with Hotspot Features

nOw back to 6.10

Please check it my support it
Tq

rextended · Tue Mar 25, 2014 6:09 pm

http://forum.mikrotik.com/posting.php?mode=smilies&f=1#

Normis, Your upgrade version 6.11 Truly BIG PROBLEM with Hotspot Features

nOw back to 6.10

Please check it my support it
Tq

YOU MUST WRITE AND SEND AUTOSUPOUT TO support@mikrotik.com

rextended · Tue Mar 25, 2014 6:15 pm

http://forum.mikrotik.com/posting.php?mode=smilies&f=1#

Normis, Your upgrade version 6.11 Truly BIG PROBLEM with Hotspot Features

nOw back to 6.10

Please check it my support it
Tq

YOU MUST WRITE AND SEND AUTOSUPOUT TO support@mikrotik.com

and also write (to support) what problem you have encountered, not limited to "nOw back to 6.10".

vadimbn · Tue Mar 25, 2014 6:33 pm

Seem to yes. And i think it will be good - skip all versions with a new PPP package and new features up to 6.18 at least. If You do not want be beta tester of Muikrotik, of course. We will have stable version in about a year with this style of development
What problems do you have in v6.11?

For example - [Ticket#2014021466000802] - Permanent disconnections from Winbox via tunnels and non stable tunnels. This problem is actual for all versions newer than 6.7. My beautiful RB1100AHx2 works in far datacenter and i already afraid to install updates of ROS. I tried to update up to 6.9 and 6.10 - but every time was forced to downgrade to 6.7.

I repeat - you made beautiful and wonderful routers with good architecture, i can do more and more configurations with it. But these small and numerous bugs spoils everything.

tom211 · Tue Mar 25, 2014 6:45 pm

Hey, thanks for deleting my post!

This just shows me that my decision is right.

SSTP problems were fixed in v6.9, it works fine in v6.11 also.

Just for the records to stick to the topic: SSTP is broken again, no connection from 6.11/6.10 (client) to 6.11 (server); just getting "internal error (6)"

lancang76 · Tue Mar 25, 2014 6:46 pm

oh 'thank you, I'll send it to support,
my problem 'after some time hotspot menu is gone, and as a direct connection without dhcp and login page.

see log

You can be the same problem as me

tq

Clauu · Tue Mar 25, 2014 10:06 pm

Please take a look to this http://forum.mikrotik.com/viewtopic.php ... 50#p417350

rextended · Tue Mar 25, 2014 10:12 pm

Please take a look to this http://forum.mikrotik.com/viewtopic.php ... 50#p417350

Do not bring back 2009 post, when the solution are already written inside.
Have you read the whole thread?

To get support for the card, you have to write e-mail to support, where you should send supout.rif file, where 6.11 version is installed and card is plugged in. Support e-mail is support@mikrotik.com

(original reply message adapted from 2009 to 2014)

ddejager · Wed Mar 26, 2014 12:07 am

I upgraded my RB2011UAS-2HnD from 6.0 to 6.11. All works ok, though I also see the Winbox formatting problem that everyone else reports.

I do observe one strange thing: I have some Ethernet switch ports that are slaves to other masters. In all cases after upgrading traffic is being shown on the slave ports rather than the master ports (unless there is active Ethernet activity on the master port). Is this a change? I thought that previously no traffic was reported on the slave ports. Can I be sure that even though traffic is being reported on the slave ports that LAN traffic between two switch ports is not going through the router's CPU?

rextended · Wed Mar 26, 2014 12:16 am

I upgraded my RB2011UAS-2HnD from 6.0 to 6.11. All works ok, though I also see the Winbox formatting problem that everyone else reports.

I do observe one strange thing: I have some Ethernet switch ports that are slaves to other masters. In all cases after upgrading traffic is being shown on the slave ports rather than the master ports (unless there is active Ethernet activity on the master port). Is this a change? I thought that previously no traffic was reported on the slave ports. Can I be sure that even though traffic is being reported on the slave ports that LAN traffic between two switch ports is not going through the router's CPU?

Is a new feature from 6.5 to report the traffic,

*) ethernet interface stats that are behind switch chip
show real hw stats instead of just the traffic that goes through cpu;

remember to update also the firmware!!!

jkarras · Wed Mar 26, 2014 6:13 am

E-mail with tickets is rather... old solution. Other users can't see my problem(s) and if they have it also, they could leave their observations on bug track. Atlassian Jira or something different and many problems could be gone.
This has been discussed. Most of the reports are not bugs. Bug tracker would quickly fill up with false reports and config problems, and cause panic among other users.

Normis other tech companies I have dealt with professionally have bug tracking systems that are open to anyone (Cisco to name one). The bugs are not submitted by end users but by the development teams or other authorized individuals at the company. They are then referenced by tech support when looking for issues. Not all bugs are immediately publicly viewable. Once a bug has been fully confirmed and understood by the dev team the bug is opened up to the public. The bug record contains workaround instructions if available, version numbers affected, and versions that the bug is fixed in. I don't know that anyone is expecting user submitted bugs in a bug tracker like say an opensource project does. Typically those systems are also doubling as a issue tracker.

Folks just want straight forward answers about bugs that do exist so they can be worked around in their environment. When the limitations of the device or the software version that is being deployed are known it gives a lot more confidence in deploying it. If there are a lot of unknown issues or stigma attached to a version its hard to want to deploy it. A publicly viewable bug tracker is as much about managing expectations and rumors as it is about reducing support calls. It also builds trust in the company and their products.

npero · Wed Mar 26, 2014 8:35 am

Anyone can confirm this bug:
1. Not very important, upgrade to 6.11 Groove, SxLite, RB711, lost default LED indication for wireless signal strength. On RB411 try to add new LED, LED appears as unknown closing, open again new led windows in WinBox help to back to normal.

2. Before last couple version have problem with OpenVPN in bridge configuration, no problem with connection. Network is bridged connect to OpenVPN also bridge configuration have access to all device in bridge network but can't access device where is OpenVPN server, other device in network is accessible. But connect to other device in network can connect to MT where is OpenVPN server check bridge and OpenVPN client is in the bridge. This is on x86 tested again on RB433GL also 6.11 some thing happens.

Any one see this problem.

Of course send supout to support waiting answer.

honzam · Wed Mar 26, 2014 8:57 am

Normis other tech companies I have dealt with professionally have bug tracking systems that are open to anyone (Cisco to name one). The bugs are not submitted by end users but by the development teams or other authorized individuals at the company. They are then referenced by tech support when looking for issues. Not all bugs are immediately publicly viewable. Once a bug has been fully confirmed and understood by the dev team the bug is opened up to the public. The bug record contains workaround instructions if available, version numbers affected, and versions that the bug is fixed in. I don't know that anyone is expecting user submitted bugs in a bug tracker like say an opensource project does. Typically those systems are also doubling as a issue tracker.

Folks just want straight forward answers about bugs that do exist so they can be worked around in their environment. When the limitations of the device or the software version that is being deployed are known it gives a lot more confidence in deploying it. If there are a lot of unknown issues or stigma attached to a version its hard to want to deploy it. A publicly viewable bug tracker is as much about managing expectations and rumors as it is about reducing support calls. It also builds trust in the company and their products.

+1

cbrown · Wed Mar 26, 2014 12:34 pm

Normis other tech companies I have dealt with professionally have bug tracking systems that are open to anyone (Cisco to name one). The bugs are not submitted by end users but by the development teams or other authorized individuals at the company. They are then referenced by tech support when looking for issues. Not all bugs are immediately publicly viewable. Once a bug has been fully confirmed and understood by the dev team the bug is opened up to the public. The bug record contains workaround instructions if available, version numbers affected, and versions that the bug is fixed in. I don't know that anyone is expecting user submitted bugs in a bug tracker like say an opensource project does. Typically those systems are also doubling as a issue tracker.

Folks just want straight forward answers about bugs that do exist so they can be worked around in their environment. When the limitations of the device or the software version that is being deployed are known it gives a lot more confidence in deploying it. If there are a lot of unknown issues or stigma attached to a version its hard to want to deploy it. A publicly viewable bug tracker is as much about managing expectations and rumors as it is about reducing support calls. It also builds trust in the company and their products.
+1

+1

Wed Mar 26, 2014 12:35 pm

Thank you all for the input!

Kadafi · Wed Mar 26, 2014 1:37 pm

Still no COA in PPP...
Even new ppp package.
Yes.

All of our hardware support COA, but not RouterOS. No new features, only bugs with new versions.
Wny not use accel-ppp? In-kernel supported out of the box, just binary daemon needed.

rextended · Wed Mar 26, 2014 2:30 pm

Anyone can confirm this bug:
1. Not very important, upgrade to 6.11 Groove, SxLite, RB711, lost default LED indication for wireless signal strength. On RB411 try to add new LED, LED appears as unknown closing, open again new led windows in WinBox help to back to normal.

2. Before last couple version have problem with OpenVPN in bridge configuration, no problem with connection. Network is bridged connect to OpenVPN also bridge configuration have access to all device in bridge network but can't access device where is OpenVPN server, other device in network is accessible. But connect to other device in network can connect to MT where is OpenVPN server check bridge and OpenVPN client is in the bridge. This is on x86 tested again on RB433GL also 6.11 some thing happens.

Any one see this problem.

Of course send supout to support waiting answer.

1) I confirm the bug, I must write how to replicate the problem and send to support@mikrotik.com

2) I not test this problem.

McTedson · Wed Mar 26, 2014 2:34 pm

Anyone can confirm this bug:
2. Before last couple version have problem with OpenVPN in bridge configuration, no problem with connection. Network is bridged connect to OpenVPN also bridge configuration have access to all device in bridge network but can't access device where is OpenVPN server, other device in network is accessible. But connect to other device in network can connect to MT where is OpenVPN server check bridge and OpenVPN client is in the bridge. This is on x86 tested again on RB433GL also 6.11 some thing happens.

Any one see this problem.

Of course send supout to support waiting answer.

+1
I am stuck with 6.7 where this works ok, just because.
Example

OVPN client (192.168.1.231) ---> OVPN Server (192.168.1.1) - bridge ------> lan 192.168.1.0/24

client can ping anyone in lan, lan can ping client, client cannot ping 192.168.1.1 .
As such , i cannot use 192.168.1.1 to route to other subnets that the 192.168.1.1 server knows about since it's not reachable.
In 6.7 it works ok.

psajdak · Wed Mar 26, 2014 4:23 pm

Hello i have this problem:

mt.JPG

this is not fixed?

What's new in 6.11 (2014-Mar-20 09:16):

*) ipsec - fix aes-cbc hardware acceleration on CCR with key sizes 192 and 256;
*) wireless - add auto frequency feature;
*) ovpn - fixed TLS renegotiation;
*) ovpn - make bridge mode work with big packets (do not leave extraneous padding);
*) ovpn - fixed require-client-certifcate;
*) ppp - revert RADIUS NAS-Port behaviour, report tunnel interface id;
*) ppp - mppe encryption together with mrru locked the router;
*) dhcp - added support for DHCP option 138 - list of CAPWAP IPv4 servers;
*) quickset - added Guest Network setup to Home AP mode;
*) console - no longer required to supply value of '/routing bgp instance vrf'
property 'instance' for 'add' command;
*) ethernet - added option to enable rx/tx flow control
(will be disabled by default);
*) ethernet - added ability to specify advertised modes for copper ports;
*) fixed 100% cpu usage on CCRs;
*) ssl - not finding CRL in local store for any certificate in trust chain will cause connection to fail;
*) lte - support for Huawei ME609 and ME909u-521;

In 6.10 openvpn dont work good, 6.11 work very good but only one day, now i have this error.

Wed Mar 26, 2014 8:00 pm

Ntp hangs on reached

lyma · Thu Mar 27, 2014 12:54 am

E-mail with tickets is rather... old solution. Other users can't see my problem(s) and if they have it also, they could leave their observations on bug track. Atlassian Jira or something different and many problems could be gone.
This has been discussed. Most of the reports are not bugs. Bug tracker would quickly fill up with false reports and config problems, and cause panic among other users.
Normis other tech companies I have dealt with professionally have bug tracking systems that are open to anyone (Cisco to name one). The bugs are not submitted by end users but by the development teams or other authorized individuals at the company. They are then referenced by tech support when looking for issues. Not all bugs are immediately publicly viewable. Once a bug has been fully confirmed and understood by the dev team the bug is opened up to the public. The bug record contains workaround instructions if available, version numbers affected, and versions that the bug is fixed in. I don't know that anyone is expecting user submitted bugs in a bug tracker like say an opensource project does. Typically those systems are also doubling as a issue tracker.

Folks just want straight forward answers about bugs that do exist so they can be worked around in their environment. When the limitations of the device or the software version that is being deployed are known it gives a lot more confidence in deploying it. If there are a lot of unknown issues or stigma attached to a version its hard to want to deploy it. A publicly viewable bug tracker is as much about managing expectations and rumors as it is about reducing support calls. It also builds trust in the company and their products.

+1

Maggiore81 · Thu Mar 27, 2014 12:14 pm

Upgraded RB951-2n from 6.10 to 6.11
Bridge network and wlan1 interface disappears.
reboot and it works normal. after a few minutes it disappears.

argeorge · Thu Mar 27, 2014 1:16 pm

Good morning, after upgrade I see this - the select box is not full width in WinBox. It's normal or bug? I didn't see this in earlier versions.

screenshot-ros.png

Same here

mpreissner · Thu Mar 27, 2014 1:19 pm

I'm seeing an interesting issue with VLAN 1 since my upgrade to ROS 6.11. I have an RB751GL. I've passed VLAN 1 down to the switch chip, and have it trunked out ether2, and set up on ether4 as an access port. Ether2 goes to an RB260GS, and ether4 to my wireless AP. Since upgrading to 6.11, I can only ping either the RB260GS or my WAP, but never both. It seems to depend on which device was the most recent to go live on the network. If I reboot my WAP, then I can ping it, but I can no longer ping the 260GS. If I reboot the 260, then I can ping the 260, but I lose my WAP. If I reboot the 751, sometimes I'll get the 260, and sometimes I'll get the WAP, but never both. I'm considering downgrading to 6.10, as everything worked on that release, but I'd rather be on the latest version.

Has anyone else noticed this behavior?

paoloaga · Thu Mar 27, 2014 1:52 pm

I also think that a bug tracking tool is useful, not only for users who can save time knowing that a bug exist, but also for Mikrotik staff: if someone opens a bug which is not-really-a-bug, other users can leave a feedback helping both the first user and saving time to Mikrotik developers.

Moreover I don't think that customers would be scared, at least not more than reading the official forum. Every complex software has bugs.

voxframe · Thu Mar 27, 2014 2:47 pm

+1

Agreed.
Something needs to change. The current bug submission/tracking system is slow and does not have the ability for other users to see what is considered an active real bug, or user error.

I have no way to know if I am seeing a real bug until I submit a ticket, and wait... and wait... This is not acceptable in a live environment.
If there's a bug tracker, I can at least quickly check and see if anyone else has the same symptoms, and then I know if this could be a real bug, or I know if I need to check my settings.

Problem 2)
Normis, a lot of people don't bother to check their settings. You know this obviously. But the problem is, I have never seen MT release such bad firmware in the past. There are a LOT of unacceptable bugs in 6.x. Please STOP any development on future additions and concentrate on the bugs and more quality testing before releasing. Bugs are understandable, and unavoidable, but the quantity and severity of the ones being released lately are ridiculous. To make matters worse, because there is no official bug tracking system, users don't know if it's their fault or a global bug... But because of the reputation of 6.x, it's become pretty normal for clients to think it's a bug.

To make matters even worse, your changelog does not mention modules that were touched. Or they do not give proper explanations of the original bugs/fixes. There needs to be more information listed. Generic items like "Fixed PPPoE client timeout" doesn't mean anything useful. What was this bug? What caused it? Is there a workaround? These are all things that can be solved by a proper bug tracking system.

I love MT, and I can understand how hard it is for the developers to keep up with everything, but normis, you guys are supposed to be a professional company, and everything I have seen in the past few months looks very unprofessional. You have serious "carrier" grade equipment, it's time to start behaving like a "carrier" grade company as well.

bennyng · Thu Mar 27, 2014 3:44 pm

If you are already running a RouterOS 6 install, Simply click “Check for updates” in QuickSet, Webfig or Winbox packages menu.

What's new in 6.11 (2014-Mar-20 09:16):

*) ipsec - fix aes-cbc hardware acceleration on CCR with key sizes 192 and 256;
*) wireless - add auto frequency feature;
*) ovpn - fixed TLS renegotiation;
*) ovpn - make bridge mode work with big packets (do not leave extraneous padding);
*) ovpn - fixed require-client-certifcate;
*) ppp - revert RADIUS NAS-Port behaviour, report tunnel interface id;
*) ppp - mppe encryption together with mrru locked the router;
*) dhcp - added support for DHCP option 138 - list of CAPWAP IPv4 servers;
*) quickset - added Guest Network setup to Home AP mode;
*) console - no longer required to supply value of '/routing bgp instance vrf'
property 'instance' for 'add' command;
*) ethernet - added option to enable rx/tx flow control
(will be disabled by default);
*) ethernet - added ability to specify advertised modes for copper ports;
*) fixed 100% cpu usage on CCRs;
*) ssl - not finding CRL in local store for any certificate in trust chain will cause connection to fail;
*) lte - support for Huawei ME609 and ME909u-521;
Available separately, is a new Wireless-FP package, which includes the new CAPsMAN feature. This is a beta package, so use only in controlled test networks. The package will replace your default Wireless package upon installation, which means it will also add wireless functionality changes and improvements, not only CAPsMAN. More information about the Wireless Controller (CAPsMAN) is here: http://wiki.mikrotik.com/wiki/Manual:CAPsMAN

Can you share more about " fixed 100% cpu usage on CCRs", what had been fixed, and what is the problem that related?

voxframe · Thu Mar 27, 2014 4:33 pm

I have never seen MT release such bad firmware in the past. There are a LOT of unacceptable bugs in 6
Can you please name a few ?

I don't remember exactly what versions, but all experienced in 6.x

1) Firmware bug on CRS that turns it into a hub.
2) Current winbox text box layout.
3) winbox - fixed problem where all previous session opened windows were read only;
4) Port flapping on CCR
5) MORE port flapping on CCR
6) ipsec, I don't even know where to start with this mess
7) ppp bridging mess

I'm not going to waste my time with an argument. Simply put, there needs to be a lot better quality control before releasing firmware. I know to expect small bugs when upgrading to latest versions. But not complete bullshit where I need to net-install or reset-export-reload etc. Or major bugs like above that completely break the functionality of modules (There have been more than what I listed, but I'm not wasting time doing it)

Simple message - You guys need to improve your bug ticket handling, and spend more time testing before allowing firmware to be released. Perhaps a "pre-release" and "stable" branch with proper known issues being listed? This was different when you were "a small company" building small boards. Now you call yourselves "enterprise" and "carrier"... It's time to behave like it!

nicklowe · Thu Mar 27, 2014 7:21 pm

A SSTP tunnel that I have between two Mikrotik routers broke after the upgrade to 6.11.
It is configured so that the client verifies the server certificate and the server verifies the client certificate.

The certificate and server certificate derive from the same root. The root is one that I generated.

I suspect that it is this that has caused the issue somehow:

*) ssl - not finding CRL in local store for any certificate in trust chain will cause connection to fail.

If there is no CRL defined on a certificate in the trust chain, does this still cause connections to fail? If so, I assume this would be a new bug.

(Having disabled certificate validation at both ends, the tunnel is established successfully.)

Just a quick update on this...

The issue that I experienced has been confirmed by support as a bug and will be fixed in 6.12. (It, however, may or may not be related to CRL handling. I was not given specifics about what the nature of the regression was, just that it has been identified and will be resolved.)

Cheers,

Nick

visalink · Thu Mar 27, 2014 7:26 pm

Simple message - You guys need to improve your bug ticket handling, and spend more time testing before allowing firmware to be released. Perhaps a "pre-release" and "stable" branch with proper known issues being listed? This was different when you were "a small company" building small boards. Now you call yourselves "enterprise" and "carrier"... It's time to behave like it!

voxframe
You are absolutely right.

Athan · Thu Mar 27, 2014 7:37 pm

Simple message - You guys need to improve your bug ticket handling, and spend more time testing before allowing firmware to be released. Perhaps a "pre-release" and "stable" branch with proper known issues being listed? This was different when you were "a small company" building small boards. Now you call yourselves "enterprise" and "carrier"... It's time to behave like it!

Well said!

steen · Thu Mar 27, 2014 8:16 pm

Hello Folks!

I face issues since RoS6.7 and could not upgrade anything in production since.

I have made supout for the routing marks some while back, but can not play with production server so doing another test in production is out of question for weeks from now.

This parts still does not work:
* Routing mark does not work.
* L2TP passes only a few kilobytes before it stops working, opening a new sessions makes it work one more time. WinBox hangs when opening over L2TP tunnels.
* CRS is still leaking using the switch for vlan.
* Suddenly ethernet ports stop working/pass at random, traffic and sometimes start work again or router need to be rebooted.
* Then a long run bug, some devices ethernet port (RB411) does not work after upgrating from 5.X to 6.X, so customers is stuck to 5.20

I think it is nesesary to pause upgrades for the months ahead till Mikrotik engineers have sorted out all problems.

drank · Thu Mar 27, 2014 8:19 pm

Can you please name a few ?

Normis, if this is a bickering then this does not do you any good. If not then again, why ask? You must know all your bugs and not ask you customers to provide the list.

It is obvious that you try to deny the existence of some bugs. It is also obvious that your customers are sure that there are bugs. Deploying a bug tracking system, with access to customers, will clear all this confusion. Continuing to deny that there are indeed bugs will not convince anybody here.

Think about it in this way - even if you're right and these are not bugs then MT failed to pass the message to the customers (obviously). This calls for some corrective actions from MT to fix the things. How do you intend to fix all this growing confusion and dissatisfaction with the quality of the releases and the QA process? Nobody says you're doing everything wrong. But that does not mean you're guaranteed you're doing it right. Sometimes it is better to admit, correct and continue.

Wish you all the best and thank you for trying to improve.

elgrandiegote · Thu Mar 27, 2014 8:55 pm

Can you please name a few ?
Normis, if this is a bickering then this does not do you any good. If not then again, why ask? You must know all your bugs and not ask you customers to provide the list.

It is obvious that you try to deny the existence of some bugs. It is also obvious that your customers are sure that there are bugs. Deploying a bug tracking system, with access to customers, will clear all this confusion. Continuing to deny that there are indeed bugs will not convince anybody here.

Think about it in this way - even if you're right and these are not bugs then MT failed to pass the message to the customers (obviously). This calls for some corrective actions from MT to fix the things. How do you intend to fix all this growing confusion and dissatisfaction with the quality of the releases and the QA process? Nobody says you're doing everything wrong. But that does not mean you're guaranteed you're doing it right. Sometimes it is better to admit, correct and continue.

Wish you all the best and thank you for trying to improve.

+1

myke1124 · Fri Mar 28, 2014 2:42 am

/interface wireless set 0 frequency=auto channel-width=20/40mhz-ht-below

interface wireless monitor 0                 
                 status: running-ap
                   band: 2ghz-n
              frequency: 2412MHz
      wireless-protocol: 802.11

This puts the ht below and computers have issues connecting.

Can we get channel-width=20/40mhz-ht-auto?

synnest · Fri Mar 28, 2014 2:07 pm

Hotspot login page not working, clients get error opening page. Downgrading to 6.10 solved the problem.

fitless · Fri Mar 28, 2014 2:08 pm

Upgraded RB951-2n from 6.10 to 6.11
Bridge network and wlan1 interface disappears.
reboot and it works normal. after a few minutes it disappears.

I think I have similar problem! After half or few days router became not accessible from network and only hard reboot can help. How to view LOG at that moment I don't know... but after reboot I see string like "unexpected reboot" in the LOG.

Somebody tell me where to download v6.10 for downgrading?

myke1124 · Fri Mar 28, 2014 3:54 pm

Upgraded RB951-2n from 6.10 to 6.11
Bridge network and wlan1 interface disappears.
reboot and it works normal. after a few minutes it disappears.
I think I have similar problem! After half or few days router became not accessible from network and only hard reboot can help. How to view LOG at that moment I don't know... but after reboot I see string like "unexpected reboot" in the LOG.

Somebody tell me where to download v6.10 for downgrading?

If you look at the download link to the current version, it provides a clue to the older versions.

http://download2.mikrotik.com/routeros/6.11/routeros-mipsbe-6.11.npk

Change both of the current version numbers in the link to the version number you want.

drank · Fri Mar 28, 2014 4:19 pm

Here it is: http://download2.mikrotik.com/routeros/ ... e-6.10.zip

Best regards

Kencomp · Fri Mar 28, 2014 4:49 pm

Hi Guys,

Love the fact you're now listing known bugs in the changes file. Maybe however you could list the bugs that you're going to introduce in the next version so that we have some indication in advance what's not going to work anymore!!!!!

V6.11 is SERIOUSLY damaged. It randomly loses EOIP tunnels, then replaces the port entry in the bridge with a PPPoE Client. Bridges and ports are also randomly forgotten. On Bridge Filters the input/output ports are lost if you press COPY and a whole hosts of issues that didn't exist in previous versions.

CONGRATULATIONS, you should patent this version, it's the first OS to successfully simulate Senile Dementia!!!!!

PS Have sent the supout file to support

paoloaga · Fri Mar 28, 2014 7:40 pm

I am writing a lot of software to automate various tasks, and I am getting crazy with lots of regexps to parse the "print terse" outputs.

Is it possible to implement a "print json" ?

for example:

> /system package print json
[{\"id\":\"0\",\"enable\":\"true\",\"name\":\"routing\",\"version\":\"6.1\",\"build-time\":\"jun/12/2013 11:50:54\",\"scheduled\":\"\"},
{\"id\":\"1\",\"enable\":\"true\",\"name\":\"dhcp\",\"version\":\"6.1\",\"build-time\":\"jun/12/2013 11:50:54\",\"scheduled\":\"\"},
{\"id\":\"2\",\"enable\":\"true\",\"name\":\"multicast\",\"version\":\"6.1\",\"build-time\":\"jun/12/2013 11:50:54\",\"scheduled\":\"\"},
{\"id\":\"3\",\"enable\":\"true\",\"name\":\"ipv6\",\"version\":\"6.1\",\"build-time\":\"jun/12/2013 11:50:54\",\"scheduled\":\"\"},
{\"id\":\"4\",\"enable\":\"true\",\"name\":\"security\",\"version\":\"6.1\",\"build-time\":\"jun/12/2013 11:50:54\",\"scheduled\":\"\"},
{\"id\":\"5\",\"enable\":\"true\",\"name\":\"advanced-tools\",\"version\":\"6.1\",\"build-time\":\"jun/12/2013 11:50:54\",\"scheduled\":\"\"},
{\"id\":\"6\",\"enable\":\"true\",\"name\":\"ntp\",\"version\":\"6.1\",\"build-time\":\"jun/12/2013 11:50:54\",\"scheduled\":\"\"},
{\"id\":\"7\",\"enable\":\"true\",\"name\":\"ppp\",\"version\":\"6.1\",\"build-time\":\"jun/12/2013 11:50:54\",\"scheduled\":\"\"},
{\"id\":\"8\",\"enable\":\"true\",\"name\":\"system\",\"version\":\"6.1\",\"build-time\":\"jun/12/2013 11:50:54\",\"scheduled\":\"\"}]

JSON is a widely used encoding and would take a lot of pain away when developing tools.

Fri Mar 28, 2014 8:48 pm

I am writing a lot of software to automate various tasks, and I am getting crazy with lots of regexps to parse the "print terse" outputs.

Is it possible to implement a "print json" ?

There's the API protocol you know.

paoloaga · Fri Mar 28, 2014 10:26 pm

[/quote]There's the API protocol you know.[/quote]

Yes, but AFAIK it does not use a secure protocol like SSH. Does it?

rextended · Fri Mar 28, 2014 11:49 pm

Added support for API over TLS (SSL) from 6.1:
see on IP / Services / api-ssl

BeepDog · Sat Mar 29, 2014 4:20 am

Posting here, so that others can know about it.

I just read through the entire thread, and I'm not certain if others are having the same problem I am. I have an RB800, and it's started crashing and rebooting for me at random times. Once while I was in the webUI, wondering why the CPU graph was spiking. The WebUI crawled to a halt, and I heard the watchdog beep as it rebooted the thing.

I've already made a supout.rif and sent it in, but I saw something else about autosupout.rif. I have one of those on my router as well, should I also email that in? The support page for Mikrotik.com doesn't indicate as such, and so I don't want to send in unneccessary things.

Otherwise, to add to the bugs for 6.x

, the MetaRouter no longer works

If the reboots keep happening, I may have to downgrade to 6.10, but I'd rather help get whatever is wrong fixed first.

Thanks for posting guys, and thanks MikroTik for responding when you can.

staslabs · Sat Mar 29, 2014 11:40 am

6.11 on CCR-1036 is not stable - lock and freeze twice, after working for an hour after the upgrade. Went back to version 6.7 - its works stable

colebert · Sat Mar 29, 2014 12:45 pm

Another downvote for the new "dropbox" interface. It's bad.

I downgraded to get back the old look.

sdugoten · Sat Mar 29, 2014 1:41 pm

Does anyone able to use the routing mark + the "Content" field working correctly ?

As soon as I add anything inside the field "Content", the connection will timeout . For example, if I type in "facebook" in the Content field, it supposed to mark the route if I go to http://www.facebook.com . And then eventually route to a VPN connection. However, the connection would time out as soon as I go to http://www.facebook.com.

However, if I take out the "Content" field and make it to mark the route unconditionally, when I go to http://www.facebook.com, it will route to the VPN correctly.

Therefore, it seems adding a condition will break the routing mark.

tomaskir · Sat Mar 29, 2014 1:47 pm

Does anyone able to use the routing mark + the "Content" field working correctly ?

As soon as I add anything inside the field "Content", the connection will timeout . For example, if I type in "facebook" in the Content field, it supposed to mark the route if I go to http://www.facebook.com . And then eventually route to a VPN connection. However, the connection would time out as soon as I go to http://www.facebook.com.

However, if I take out the "Content" field and make it to mark the route unconditionally, when I go to http://www.facebook.com, it will route to the VPN correctly.

Therefore, it seems adding a condition will break the routing mark.

Going to HTTP facebook will automatically redirect you to HTTPS facebook.

Since its HTTPS, the router cant read the packet content (its encrypted), and therefore will NOT find "facebook" in the content, and not route the connection over the VPN.

sdugoten · Sat Mar 29, 2014 1:54 pm

Does anyone able to use the routing mark + the "Content" field working correctly ?

As soon as I add anything inside the field "Content", the connection will timeout . For example, if I type in "facebook" in the Content field, it supposed to mark the route if I go to http://www.facebook.com . And then eventually route to a VPN connection. However, the connection would time out as soon as I go to http://www.facebook.com.

However, if I take out the "Content" field and make it to mark the route unconditionally, when I go to http://www.facebook.com, it will route to the VPN correctly.

Therefore, it seems adding a condition will break the routing mark.
Going to HTTP facebook will automatically redirect you to HTTPS facebook.

Since its HTTPS, the router cant read the packet content (its encrypted), and therefore will NOT find "facebook" in the content, and not route the connection over the VPN.

It doesn't matter what value you set in Content, it will time out. You can try to set "whatismyipaddress" to Content, and then try to go to whatismyipaddress.com. It will timeout.

hero12 · Sat Mar 29, 2014 2:34 pm

Hello,
I have found another problem with 6.11. In winbox' s bridge filter, the added interfaces disappeare after a few seconds. But there are available after editing the rules.

Clauu · Sat Mar 29, 2014 5:10 pm

On the last ros 6.11 suddenly my lan bridge went out, it's just disappeared..

wth
LE. Seems like this is happening when you select a bridge in the pptp profile, a random bridge will get deleted..

wrobli · Sat Mar 29, 2014 8:05 pm

RB750, sxt, omnitik and 2011 upgraded without any problems.

paoloaga · Sat Mar 29, 2014 9:06 pm

Added support for API over TLS (SSL) from 6.1:
see on IP / Services / api-ssl

I am trying accessing this using Ruby and OpenSSL. All connection methods fail, except for SSLv2 which just hangs and doesn't allow me to proceed. Should this be considered a bug?

Has someone been able to connect to the SSL API using Ruby?

hero12 · Sun Mar 30, 2014 1:08 am

And now i want do connect to my CCR and my password was reset to default :/ - reboot and all ok ????

argeorge · Sun Mar 30, 2014 2:17 am

For those had issues with routing marks,
i ve seen the issue after upgrading from 6.7 to 6.9,i guess the same happened with 6.10 and 6.11

I was not able to reproduce and show to mikrotik,
Although a possible fix(not 100% if that fixed the issue) is to downgrade to 5.26 and upgrade back to latest version

Regarding eoip and bridge interfaces disappearing as somebody said above, it happened on 6.10,
i was able to fix it with same solution(downgrade to 5.26 and upgrade to latest)

hope it helps...

sdugoten · Sun Mar 30, 2014 9:52 am

For those had issues with routing marks,
i ve seen the issue after upgrading from 6.7 to 6.9,i guess the same happened with 6.10 and 6.11

I was not able to reproduce and show to mikrotik,
Although a possible fix(not 100% if that fixed the issue) is to downgrade to 5.26 and upgrade back to latest version

Regarding eoip and bridge interfaces disappearing as somebody said above, it happened on 6.10,
i was able to fix it with same solution(downgrade to 5.26 and upgrade to latest)

hope it helps...

I think the "Content" field is pretty reliable to reproduce even at v6.7 (the only known version work with routing mark). I just make a quick record here http://youtu.be/I5hLiX1sic8
As you can see in the video

1. At the beginning I have a working VPN to Japan, which you can see the IP from whatismyip.com

2. As soon as I add a value "whatismyip" in the Content field, you first notice the connection will timeout for at least 30 seconds before you can do anything.

3. After that "always broken 30 second timeout", The connection can go anywhere else except URL with string "whatismyip", which suppose any URL with string "whatismyip" should route to the Japan VPN, but instead it just timeout.

4. Take out the "Content" field will render the connection timeout for another 30 seconds before you can do anything.

5. After that "always broken 30 second timeout", Everything back to normal, I can access whatismyip.com with my Japan VPN just fine again.

So, basically, even if you have a working VPN setup with a working routing mark, as soon as you add *anything* in the Content field, the connection will timeout consistently when your URL consist of the value of the Content field. And the "always broken 30 second timeout" is another unknown why it is doing it.

babel · Sun Mar 30, 2014 1:47 pm

Hi!
I have a problems after upgrade on v6.11 on my RB751U-2HnD (firmware: v3.13):

Device just freeze every 3-4 hours - it`s very bad for my work. I do power of and on. Later i set IP adress in "watchdog" tab, and device reboot automaticaly and works fine 3-4 hours and history repeat.
I aways updgrade new version in this device when new release at soon, and i never not have problem. Whats wrong?

...But another my device RB751U-2HnD, and more different models works fine, but hes is works with a most simple configuration

Of cause? I don`t imagine my work without MikroTik! Perfectly product line!

Sorry for my Eng..

Thanks!

rainmaker · Sun Mar 30, 2014 4:00 pm

Dear Friends
It will also be helpful to add thing that actually works
as per the changelog.
Thanks
l don't think mikrotik is totally bad. Even though they can do better.
Keep up the good work.

Please the whole world production is full of Bugs.
Cars ,Medicine and even Jets.
My 2 pesewas

patrick7 · Sun Mar 30, 2014 8:14 pm

What do you mean with "dropbox interface"?