Known issues and bugs - a list

tomaskir · Tue Nov 12, 2013 4:49 pm

Hey guys,

Since there is currently no official known issues list / bug tracker, lets start one here on the forums.

First, a few disclaimers:
1) This is not an official list, and is not in any way affiliated with MikroTik
2) Only bugs that are still present in current version will be kept here.
3) This is a user forum, and MikroTik is not required to view/acknowledge anything that is written in here.
4) If you report a bug here, please also report it to support@mikrotik.com
5) This is not a "doesnt work for me" list, but a list of reproducable bugs.

How to get a bug added to the list:
See this post for instructions and a template:
http://forum.mikrotik.com/viewtopic.php ... 16#p395374

Here is the current list:
1) MTU error in a PPPoE session on a bonding interface
- http://forum.mikrotik.com/viewtopic.php ... 75#p395375
2) SMS receiving stops working and cant be re-enabled
- http://forum.mikrotik.com/viewtopic.php ... 77#p395377
3) Unable to initialize a system variable via SMS
- http://forum.mikrotik.com/viewtopic.php ... 50#p406340
4) Router looks in the main routing table and not in a VRF for ICMP TTL exceeded (type 11)
- http://forum.mikrotik.com/viewtopic.php ... 00#p414018
5) Queue type default-small not exported with export compact
- http://forum.mikrotik.com/viewtopic.php ... 49#p417649
6) "RouterOS Default Configuration" windows shows when it should not
- http://forum.mikrotik.com/viewtopic.php ... 56#p422756
7) Can't list or delete files with overly long filenames
- http://forum.mikrotik.com/viewtopic.php ... 73#p424572
Winbox doesn't unlock files after uploading a whole folder
- http://forum.mikrotik.com/viewtopic.php ... 58#p426189

This list is current for v6.17 release.

Hopefully, more people can contribute.

tomaskir · Tue Nov 12, 2013 4:50 pm

How to get a bug added to the list:
1) Post in a separate post
2) Post the exact symptoms, and an exact steps required to reproduce and test the bug
3) Make sure you are testing with the newest version
4) Please post the ticket number from Mikrotik Support under which the bug is submitted.
5) If support has acknowledged the bug, you can update your post with details / info if it will be fixed.

Here is a template you can use to structure you bug report posts:

----- ----- -----
Issue:
[Insert a short name/description for the issue here]

Description:
[Insert a more detailed description here]

Versions affected:
[If more versions than the current version are affected, include them here]

How to reproduce:
[Provide step-by-step instructions on how to reliably reproduce the issue]

Notes:
[Provide any notes or additions you would like]

Support TicketID:
[Ticket ID from support@mikrotik.com]
----- ----- -----

tomaskir · Tue Nov 12, 2013 4:51 pm

Issue:
MTU error in a PPPoE session on a bonding interface

Description:
It is impossible to run full 1500 byte frames inside of a PPPoE session if the PPPoE session built on top of a bonding interface.
If you send a 1500 MTU frame over the PPPoE session, it is dropped, and this therefore creates MTU issues in this scenario.

Versions affected:
6.x, not tested on 5.x

How to reproduce:
Lets consider the following topology:
3 RouterBoards: AC, swch and client:

L2 connections:
   AC           swch       client
 ehter4 ------ ether4
 ehter5 ------ ether5
               ether3------ether5

AC:

ros code

/interface bridge
add name="br - pppoe"
/interface ethernet
set [ find default-name=ether4 ] name="ether4 - to swch"
set [ find default-name=ether5 ] name="ether5 - to swch"
/interface bonding
add lacp-rate=1sec mode=802.3ad name="lacp1 - ether4, ether5" slaves="ether4 - to swch,ether5 - to swch"
/ip pool
add name=PPPoE ranges=10.4.0.0/24
/ppp profile
add local-address=1.1.1.1 name=pppoe remote-address=PPPoE
/interface bridge port
add bridge="br - pppoe" horizon=1 interface=ether3
add bridge="br - pppoe" interface="lacp1 - ether4, ether5"
/interface pppoe-server server
add default-profile=pppoe disabled=no interface="br - pppoe" max-mru=1500 max-mtu=1500
/ppp secret
add name=123 password=123 profile=pppoe
/system identity
set name=AC

swch:

ros code

/interface bridge
add name="br - switch"
/interface ethernet
set [ find default-name=ether3 ] name="ether3 - to client"
set [ find default-name=ether4 ] name="ether4 - to AC"
set [ find default-name=ether5 ] name="ether5 - to AC"
/interface bonding
add lacp-rate=1sec mode=802.3ad name="lacp1 - ether4, ether5" slaves="ether4 - to AC,ether5 - to AC"
/interface bridge port
add bridge="br - switch" interface="ether3 - to client"
add bridge="br - switch" interface="lacp1 - ether4, ether5"
/system identity
set name=swch

client:

ros code

/interface pppoe-client
add add-default-route=yes disabled=no interface=ether5 max-mru=1500 max-mtu=1500 name=pppoe-out1 password=123 user=123
/system identity
set name=client

Now lets ping the AC inside of the pppoe session from the client:

As you can see, we cant run full 1500 byte frames inside of the PPPoE session, even tho everything is configured properly.

Notes:
This problem occurs because a binding interface does not report its L2MTU, therefor RouterOS assumes that L2MTU = MTU for the bonding interface, which causes a problem, since the PPPoE session adds 8 bytes as the PPPoE header.

Support TicketID:
Ticket#2013080766000343

tomaskir · Tue Nov 12, 2013 4:59 pm

Issue:
SMS receiving stops working and cant be re-enabled

Description:
After 30 minutes, SMS receiving stops working by itself.
It is impossible to re-enable it unless you reboot the router.

Versions affected:
6.11 -> 6.4, not tested rest

How to reproduce:

ros code

/tool sms
set keep-max-sms=20 port=usb1 receive-enabled=yes secret=password

Wait more then 30 minutes and send a SMS to the device.
Log will show:

ros code

15:23:16 gsm,error unable to load unread sms: timeout

Trying to re-enable sms receiving by receive-enabled=yes you get a timeout error"

ros code

/tool sms set receive-enabled=yes
action timed out - try again, if error continues contact MikroTik support and send a supout file (13)

Notes:
Tested with Huawei e220 and e1752
More info also in http://forum.mikrotik.com/viewtopic.php?f=2&t=78593

Support TicketID:
Ticket#2014031466000686

tomaskir · Tue Nov 12, 2013 5:10 pm

Issue:
"/system leds" is not exported correctly

Versions affected:
6.6 and 6.5, not tested rest

How to reproduce:

Default config:

ros code

/system leds> exp
# jan/02/1970 00:01:07 by RouterOS 6.6
# software id = 7IXG-ZI8H
#
/system leds
set 0 interface=wlan1
set 1 interface=ether1

ros code

/system leds> exp ver
# jan/02/1970 00:01:08 by RouterOS 6.6
# software id = 7IXG-ZI8H
#
/system leds
set 0 disabled=no interface=wlan1 leds=led1,led2,led3,led4,led5 type=wireless-signal-strength
set 1 disabled=no interface=ether1 leds=user-led type=interface-activity

Apply a little change:

ros code

/system leds
:foreach i in=[find] do= { set $i led="" }

Wrong export output:

ros code

/system leds> exp
# jan/02/1970 00:03:11 by RouterOS 6.6
# software id = 7IXG-ZI8H
#
/system leds
set 0 interface=wlan1
set 1 interface=ether1

ros code

/system leds> exp ver
# jan/02/1970 00:03:24 by RouterOS 6.6
# software id = 7IXG-ZI8H
#
/system leds
set 0 disabled=no interface=wlan1 leds="" type=wireless-signal-strength
set 1 disabled=no interface=ether1 leds="" type=interface-activity

Notes:
As you can see leds=““ is not present in the compact export output.

Support TicketID:
Ticket#2013110566000681

honzam · Tue Nov 12, 2013 6:11 pm

Hey guys,
Since there is currently no official known issues list / bug tracker, lets start one here on the forums.

Thanks for this list. I hope that will not soon deleted

tomaskir · Tue Nov 12, 2013 6:15 pm

Thanks for this list. I hope that will not soon deleted

I will be adding more.

If MikroTik chooses to delete this topic, its their choice.
I would be unhappy, but its their forum

skot · Sat Nov 16, 2013 9:02 am

There's another bug list here: http://bugs.mikrotik-routeros.com/view_all_bug_page.php. I don't know how active it is though...

mistry7 · Sun Nov 17, 2013 1:58 am

I ca. Confirm the MTU Issue over L2TP and EOIP
http://forum.mikrotik.com/viewtopic.php?f=2&t=78880

Mistry7

payday · Sun Nov 17, 2013 2:51 am

There's another bug list here: http://bugs.mikrotik-routeros.com/view_all_bug_page.php. I don't know how active it is though...

This is great idea but at the moment account cannot be created there. Captcha is not working.

tomaskir · Sun Nov 17, 2013 4:28 pm

There's another bug list here: http://bugs.mikrotik-routeros.com/view_all_bug_page.php. I don't know how active it is though...
This is great idea but at the moment account cannot be created there. Captcha is not working.

No offense to the maintaners of that list, but it seems to be kinda abandoned.
There are issues there that are still about 5.x, and only a handful have confirmed/resolved status.

Also, finding a list in the official forums is much easier imo.
I will be rechecking all of the issues here with each new ROS release.

mistry7 · Tue Nov 19, 2013 10:27 am

Mikrotik Support did you read these thread?

Tue Nov 19, 2013 12:29 pm

Mikrotik Support did you read these thread?

MikroTik support is located at support@mikrotik.com, just like it says on top of this page. It would be much better and efficient, to submit bugs to mikrotik support, not post them on various (and multiple) online webpages.

honzam · Tue Nov 19, 2013 7:01 pm

As tomaskir wrote. All bugs on this site have their own Support TicketID
This means that bugs were reported ......

tomaskir · Tue Nov 19, 2013 7:19 pm

Can we please not argue in here? It seems the topic is headed in that direction, and that is not what I want.

We are all here because we like MikroTik, use it, and care about it.

The point of this topic is not to point out flaws and bugs, but to put together a list so people know about existing verified issues/problems, and dont bash their heads agains walls. Every software has bugs and flaws.
I am hoping more people can contribute, and submit issues here in a nicely formatted, reproducable manner, so we all know if something doesnt work and is here in this topic, its a reproducable, support-reported issue.

Mikrotik Support did you read these thread?

Please read disclaimer 3.

MikroTik support is located at support@mikrotik.com, just like it says on top of this page. It would be much better and efficient, to submit bugs to mikrotik support, not post them on various (and multiple) online webpages.

All of the bugs/issues which I personally listed in this topic are reported to support.
One of the points I was hoping to accomplist with this topic is that people submit their bugs to support more and see in what format they could do it to be more helpful.

As tomaskir wrote. All bugs on this site have their own Support TicketID
This means that bugs were reported ......

Even if they are reported, bugs still take a while to fix, MikroTik doesnt have 10 developers they can just throw right away at any issue that arises, we have to understand that. Im not saying there arent issues, or that there arent issues that should have been fixed a long time ago, there certainly are.
And while it is frustrating, being passive-aggressive to a MikroTik staff on forums is not going to help anything

pcunite · Tue Nov 19, 2013 7:41 pm

We need a bugzilla web interface to view and edit.

skot · Tue Nov 19, 2013 7:51 pm

I like your idea behind this post and also agree with pcunite that we need a good way to track and organize the bugs. A forum post gets bloated and tedious quickly imo.

We need something 1) easy to use and 2) easy to find, especially for people new to the forum.

Even something as simple a having a new forum category called Bugs would be helpful. And since you can report a bug directly to MikroTik support when submitting a post, that functionality is already built in.

mistry7 · Tue Nov 19, 2013 11:57 pm

Bugzilla or Other Bug reporting System is good idear
Better then Mail support@mikrotik.com it is like Playing lotto
To get an answer! When i get One After 2-4 weeks to Tell Support,
I send answer but Never got a Feed back, thats Bad!

And it is Not efficient for Support to get the Same Bug 20 Times,
And Not controlable for coustomers if this Bug is reported allready!

Mistry7

K1w1user · Wed Nov 20, 2013 3:13 am

New Bug

May specific to the RB2011UiAS-RM.

I haven't seen this previously on the RB2011UAS-RM with ROS 6.1.

Encountered with the "as shipped" ROS 6.1

serial console login goes missing after removing default configuration.

I have 10 being updated and configured, and 50% so far have dropped the serial console.

Power up.
via serial port, (r)emove configuration.
add a config and reboot
no serial port login prompt.

Reset Configuration via LCD doesn't fix it.

Fix:
via Winbox, System Console add serial0.

Sander · Wed Nov 20, 2013 4:55 am

Issue:
Source IP of web proxy can't be configured in WinBox and WebFig. Configure it in terminal is Ok.

Description:
Configure source IP address of web proxy in Web Fig will simply not show. Configure it in WinBox will course inconsistency display of WinBox and Terminal, and it does not become effective. Will be lost after close WinBox.

Versions affected:
6.5, 6.6

How to reproduce:

251.png

Notes:
None

Support TicketID:
Submit this post as a bug report to MikroTik Technical Support

Wed Nov 20, 2013 9:23 am

This has been explained before. Why Bugzilla interface will not work.

1. Somebody reports a "bug". Something is not working
2. Everyone thinks this is a bug, and starts to worry, to downgrade, to switch to other hardware
3. Support finds that "bug" was actually caused by typo mistake in firewall rule.
4. Bug is closed as "Invalid" but damage in #2 can't be undone

In support emails, 90% of bugs are not bugs, but mistakes. Imagine what will happen, if they will all be listed publicly as "bugs".

tomaskir · Wed Nov 20, 2013 11:58 am

Normis, a question:
Does "Submit this post as a bug report to MikroTik Technical Support" here in the forums work? Is sending a ticket directly to support preferable?

Wed Nov 20, 2013 12:01 pm

Normis, a question:
Does "Submit this post as a bug report to MikroTik Technical Support" here in the forums work? Is sending a ticket directly to support preferable?

It works, but it is preferred that you include a supout.rif file and full description, because we only receive this one post, not whole thread.

dadaniel · Wed Nov 20, 2013 12:04 pm

In support emails, 90% of bugs are not bugs, but mistakes.

Your e-mail-support is very good, but getting an answer takes way to long. I do not have the time to wait 1 week for each reply of the same case number. Sorry...

tomaskir · Wed Nov 20, 2013 12:08 pm

Issue:
Source IP of web proxy can't be configured in WinBox and WebFig. Configure it in terminal is Ok.

Tested on a few devices here on my end as well, confirmed. Added to the list, thanks!

New Bug
May specific to the RB2011UiAS-RM.
I haven't seen this previously on the RB2011UAS-RM with ROS 6.1.

Please remember to use the format outlined in the 2nd post if you want a bug added. Also, please remember to use newest ROS, which is 6.6.
Also, please remember, the bugs/issues in here have to be reliably reproducable.

pcunite · Wed Nov 20, 2013 3:13 pm

This has been explained before. Why Bugzilla interface will not work.

... SKIP ...

In support emails, 90% of bugs are not bugs, but mistakes. Imagine what will happen, if they will all be listed publicly as "bugs".

Normis,
I respectfully disagree with the conclusion of what Bugzilla will do for MikroTik. If you're truly getting 90% configuration mistakes then you have just identified a big problem: communication.

Us techies are here to help your brand for free and I can tell you that they are asking for the simplest of things. I wish there was a place I could send them, a link for the same questions over and over. Bugzilla, at least for me, would show them proof there is not bug.

The perception I'm getting from others about your brand is that, it is buggy. Bugzilla is not your problem. Small thinking will be the death of you guys. Think big!

Wed Nov 20, 2013 3:21 pm

RouterOS is very complex, there are huge configurations that can be made. Sometimes finding this configuration mistake takes days. There will be no "one place" to send them to, as every case is unique. RouterOS is not something like "Firefox", where all solutions are "click here, not here". It is very rare that two people will have same problem and same solution.

pcunite · Wed Nov 20, 2013 3:41 pm

Normis,
You know more about MikroTik than I do, so I won't argue your points. However, understand that I'm personally responsible for people purchasing seven different MikroTik products in the last months and I did not make a dime on that.

Give us something to help your brand. Make videos of the most common questions. If it was not for Greg Sowell's outdated videos on YouTube I would be lost. The MUM videos are way too hard to hear or understand. This is not an insult but those people are not gifted teachers, they are techies.

MikroTik can do better. We are on your side. Open up some more ... nothing bad will come of that.

tomaskir · Wed Nov 20, 2013 4:11 pm

On the issue of bugzilla, or a similar public web-interface, I am also against it. It would get bloated to death with millions of posts that are not bugs, but problems in configs, people not understanding how something works, etc. Also, you have to realize that implementing something as bugzilla into their system, MikroTik is opening more potential security holes into their systems, has another system for maintanance, etc. You have to look at it from MikroTiks point of view as well, it would be a lot of work, testing, verification and QA needed to implement it, for potentionally small benefits.

I do agree that there really should be an official bug/issue tracker, but that has been discussed on the forums forever... so lets not go into that. If/when MikroTik chooses to make one, it will happen, untill then we can only hope.

I would really like if wiki was more often updated tho. Also, in some sections, its bloated with not-needed material, while in others, it lacks details. But again, MikroTik is what it is in that regard, its the same as with ROS change-logs, people have been asking for more detailed change-logs forever now.

To pcunite:
Send those people to wiki. I often find that people just refuse to read, when most of MikroTik is actually fairly well described and documented on the wiki.

Since official "manual" content on the wiki can not be edited by users, maybe a system where edits can be offered, considered and then approved by official MikroTik staff would help. You know, wiki's are kinda made for that.

Wed Nov 20, 2013 4:15 pm

Wiki is open for registration by request. I will gladly offer you editing rights to our Wiki. Public registration was closed because of spam, and people promoting their services. If you only wish to correct the occasional mistake in our content, you are welcome to contact us for an account

voxframe · Wed Nov 20, 2013 4:19 pm

Normis,

I agree that an open public bug system is a bad idea.

HOWEVER, what I wish Mikrotik would do is have some form of public list of EXACTLY what known bugs are currently in the firmware, what kind of fixes are being applied, and what is the ETA of each one.

There needs to be a single, up-to-date reference for people to check so they may become aware of what are the known issues.

If someone sends you a support file, and you find a bug, POST IT!
If you're working on a bug that you found, and it's scheduled to be in update XX, POST IT!

There needs to be more clear communications from the development team regarding issues/bugs/problems/fixes/ETAs/etc.

Currently they are a mess of spread out topics on a forum, they are nearly impossible to search without wasting a lot of time.

The forum is NOT a good method for dealing with this, unless it is a locked topic that is sticky to the top of each page (And it actually gets updated on a regular basis! Every morning for example)

Wed Nov 20, 2013 4:23 pm

I agree with Voxframe. We currently post very widespread issues on the Download page in a "Note", but this is not always the case. We will try to improve in this area. We would like to avoid scaring people from upgrading, if the known bug is specific only to some configurations, it's one of the reasons we haven't made such list yet.

tomaskir · Wed Nov 20, 2013 4:28 pm

Wiki is open for registration by request. I will gladly offer you editing rights to our Wiki. Public registration was closed because of spam, and people promoting their services. If you only wish to correct the occasional mistake in our content, you are welcome to contact us for an account

Are you talking about actually editing the topics uder Manual? http://wiki.mikrotik.com/wiki/Manual:TOC

I have a wiki account from the days of old, and I have written a few wiki articles. However, currently on the wiki there is only editing, there is no way to offer and edit that can be discussed and then approved by you (MikroTik).

I would be happy to offer some edits and changes from my perspective. I would happily spend time going through the wiki, looking for for things that can be clarified, potential errors, etc.
But I do not want to touch the official documentation without my changes first being reviewed and approved by MikroTik staff, and afaik, that functionality is not on the wiki.

EDIT: Also thank you for joining us and actually discussing these things with us Normis.

pcunite · Wed Nov 20, 2013 4:50 pm

I'm really scared to edit the wiki because I need my writings to be verified. For example my VoIP QoS article has not been verified by experts. It's almost like we need a separate area for document writers and testers to share their experiences and get feedback from experts at MikroTik. Keep out the newbs in this area. MikroTik is not going to scare me personally away from their products because I'm made aware of bugs. I already know about your bugs!

Here is what MikroTik needs to work hard on and get us all on board with.

1. Why are we scared to update? Fear of the unknown is one reason.
2. Who is the public product evangelist for MikroTik that makes me look good when I refer people to you?
3. Who is responsible for making beautifully done videos (and wiki articles) that answer the top 20 questions?

I’m not an Apple fan boy (I use Android) but they control the software and the hardware and that makes for a great experience. MikroTik needs to control the platform for the education and support of their users. By platform I mean a great website where I can help others, where MikroTik helps me. Why is VoIP optimization sold by a third party individual for $200 when MikroTik knows how to do this better than anyone? I can make money and so can MikroTik if we open up the communication better.

honzam · Wed Nov 20, 2013 5:14 pm

This has been explained before. Why Bugzilla interface will not work.

1. Somebody reports a "bug". Something is not working
2. Everyone thinks this is a bug, and starts to worry, to downgrade, to switch to other hardware
3. Support finds that "bug" was actually caused by typo mistake in firewall rule.
4. Bug is closed as "Invalid" but damage in #2 can't be undone

In support emails, 90% of bugs are not bugs, but mistakes. Imagine what will happen, if they will all be listed publicly as "bugs".

You have true. If bugzila not suitable, suggest a way to inform the (forum) Mikrotik users.
For example: Official topic on forum -> you want to edit it as needed.

For example, in the current version 6.6 is a bug when using the VLAN on Bridge. But how does it know? Read Topic 6.6 and browse and search all sides who reported what ...

alexspils · Wed Nov 20, 2013 5:59 pm

Issue:
DHCP Not work with intel i350-t4
Versions affected:
6.6->6.2,5.26 ok
How to reproduce:
Enable dhcp server on any of 4 eth ports of card,add lease for test pc or config dynamic pool and try to receive ip.

Sander · Thu Nov 21, 2013 6:30 am

Issue:
DNS cache does not update for static DNS name change

Description:
DNS cache will add new record instead of update when you change a static DNS name.

Versions affected:
6.6

How to reproduce:
Add a static DNS record with name "test.local" and address "192.168.8.1", then change name to "test1.local". You will see a new record "test1.local" added to cache, and "test.local" is still there.

252.png

Notes:
I can't find any way to delete "test.local" in DNS cache, except router reboot.

Support TicketID:
None, not report to MikroTik Technical Support

tomaskir · Fri Nov 22, 2013 12:36 pm

Issue:
DNS cache does not update for static DNS name change

Verified and added to the list.

PLEASE submit this to support@mikrotik.com and update your post with a support ticket ID.
Just copy your post from here to the email, it should be enough.

Fri Nov 22, 2013 12:54 pm

Issue:
DNS cache does not update for static DNS name change
Verified and added to the list.

PLEASE submit this to support@mikrotik.com and update your post with a support ticket ID.
Just copy your post from here to the email, it should be enough.

I checked this several times, and can't get it to repeat. Please submit to support with detailed steps how to repeat.

tomaskir · Fri Nov 22, 2013 1:03 pm

I checked this several times, and can't get it to repeat. Please submit to support with detailed steps how to repeat.

Here is a ticket with exact steps: Ticket#2013112266000451

Any more info on all the discussion about the wiki? I think that was actually a fairly fruitful and useful debate

doush · Fri Nov 22, 2013 2:51 pm

Normis;

Just make a known issues thread for each version. That is very simple.
Let us know what is buggy.

tomaskir · Mon Nov 25, 2013 11:25 am

Issue:
PPTP/SSTP - could not add bridge port - BCP not working

Description:
BCP for SSTP and PPTP does not work, if a client with a bridge configured attemts to connect, he can not. Errors in logs stay "could not add bridge port"

Versions affected:
6.7, 6.6

How to reproduce:
Connect 2 RBs on ether 5.

Apply config for AC:

ros code

/interface pptp-server
add name=pptp-in1 user=pptp
/interface sstp-server
add name=sstp-in1 user=pptp
/interface bridge
add name=br_ppp
/ppp profile
add bridge=br_ppp local-address=2.2.2.1 name=pptp remote-address=2.2.2.2
/interface bridge port
add bridge=br_ppp interface=ether3
/interface pptp-server server
set default-profile=pptp enabled=yes keepalive-timeout=5
/interface sstp-server server
set default-profile=pptp enabled=yes keepalive-timeout=5 max-mru=1450 max-mtu=1450
/ip address
add address=1.1.1.1/24 interface=ether5 network=1.1.1.0
/ppp secret
add name=pptp password=pptp profile=pptp
/system identity
set name=SSTP_AC

Apply configs for client:

ros code

/interface bridge
add name=br_ppp
/ppp profile
add bridge=br_ppp name=pptp
/interface sstp-client
add connect-to=1.1.1.1 keepalive-timeout=5 name=sstp-out1 password=pptp profile=pptp user=pptp verify-server-address-from-certificate=no
/interface pptp-client
add connect-to=1.1.1.1 keepalive-timeout=5 name=pptp-out1 password=pptp profile=pptp user=pptp
/interface bridge port
add bridge=br_ppp interface=ether3
/ip address
add address=1.1.1.2/24 interface=ether5 network=1.1.1.0
/system identity
set name=SSTP_Client

PPTP and SSTP can not connect. Errors in log regarding "could not add bridge port"

Notes:
If you disable the static binding on the AC, sometimes the client connects, and sometimes the same error occurs in the logs on the client.

Support TicketID:
Ticket#2013112566000268

tomaskir · Mon Dec 02, 2013 12:37 pm

Issue:
L2TP Server bug - replies from wrong IP address

Description:
When a router has multiple IP addresses on an interface, an L2TP server always uses the lowest IP address as the source address of L2TP packets, which makes the L2TP connection impossible to establish.

Versions affected:
6.14-6.0, 5.x

How to reproduce:
Connect 2 RB's on ether5. Apply configs:

L2TP AC:

ros code

/interface l2tp-server server
set enabled=yes
/ip address
add address=10.0.0.1/24 interface=ether5 network=10.0.0.0
add address=1.1.1.1/32 interface=ether5 network=1.1.1.1
/ip firewall mangle
add action=log chain=input port=1701 protocol=udp
add action=log chain=output port=1701 protocol=udp
/ppp secret
add name=123 password=123
/system identity
set name=AC

L2TP client:

ros code

/interface l2tp-client
add connect-to=1.1.1.1 name=l2tp-out1 password=123 user=123
/ip address
add address=10.0.0.2/24 interface=ether5 network=10.0.0.0
/ip route
add distance=1 gateway=10.0.0.1
/system identity
set name=Client

L2TP will not establish. Looking at the logs will show that the L2TP server replies with a wrong IP address:

Notes:
This is really annoying, especially if you have a public IP which the clients use to connect to the L2TP server on a loopback.
The lowest IP address of the incoming interface will still be used, instead of the public IP on the loopback, making the L2TP AC not work.

You can use NAT as a workaround.

ros code

/ip firewall nat
add action=dst-nat chain=dstnat comment="Fix for an L2TP src-address bug" dst-address="Address you want your L2TP client to connect to" \
 dst-port=1701 protocol=udp to-addresses="src-address that L2TP sends wrong packets with"

Support TicketID:
Ticket#2013020866000414

tomaskir · Mon Dec 02, 2013 4:02 pm

All issues re-tested on v6.7 release. The list is now current for v6.7
2 out of 7 bugs on the list at the release of v6.7 were fixed.

The following issues from the list have been fixed in 6.7:

1) "/system leds" is not exported correctly
- http://forum.mikrotik.com/viewtopic.php ... 82#p395382
2) DNS cache does not update for static DNS name change
- http://forum.mikrotik.com/viewtopic.php ... 57#p396750

janisk · Mon Dec 02, 2013 4:45 pm

regarding this: http://forum.mikrotik.com/viewtopic.php ... 77#p395377
check if your 3g usb module is not hanging. In our testing we did not see any issues.

tomaskir · Mon Dec 02, 2013 4:57 pm

regarding this: http://forum.mikrotik.com/viewtopic.php ... 77#p395377
check if your 3g usb module is not hanging. In our testing we did not see any issues.

It could be specific to only the 2 USB modems I tested, however even if the modems are rebooted with usb-power-reset, the issue continues. (however, after a routerboard reboot, they work)
Also, a few other people in the forum reported problems.
A bit more info can be found here: http://forum.mikrotik.com/viewtopic.php?f=2&t=78593 (and my last post in that topic) or in the support ticket mentioned in the post in this topic.

Thu Dec 05, 2013 8:27 am

Known Issue in v6.7

Duplicate address-list entries (same list name and same address or address range) are causing a crash. Avoid making 2 identical entries, or write to support for v6.8rc1 pre-release version with the fix.

Thanks for your support, and keep sending emails to support if you find any problems.

vipe · Thu Dec 05, 2013 10:08 am

http://forum.mikrotik.com/viewtopic.php?f=9&t=58934

honzam · Thu Dec 05, 2013 10:48 am

Thanks for info Normis!!

tomaskir · Thu Dec 05, 2013 11:33 am

Thank you for telling us Normis!

Added to the list.

Wed Dec 11, 2013 1:46 pm

Issue:
Only a single IPsec VPN client (road warrior) can connect from behind the same NAT.

Description:
Only a single IPsec client can connect to a given RouterOS based VPN concentrator from behind the same NAT device. Even though RouterOS has 'nat-traversal' option in '/ip ipsec peer' configuration, all this option does is it allows using ESP over UDP encapsulation mode. It seems that either IPsec policy processor does not take the client's UDP port number into account, or dynamic policy generator does not put client's UDP port number into the policy it generates, and thus RouterOS can not distinguish between two remote IPsec peers that are behind the same NAT device.

This type of configuration is standardized, is known to work on devices of different vendors, and is thus expected to be supported by the RouterOS as well.

Versions affected:
Tested with 6.6 and 6.7.

Support TicketID:
Ticket#2013120266000273.
Support replied on Dec 10, 2013 that "This setup is not possible with Road Warrior configuration, the router is unable to distinguish clients behind the same NAT."

tomaskir · Wed Dec 11, 2013 3:31 pm

Issue:
Only a single IPsec VPN client (road warrior) can connect from behind the same NAT.

Sadly, this is not a bug, but rather a missing feature. Its hard to classify it as a bug, since its missing functionality, rather then something that should work, but doesnt.
You could even set generate-policy=port-strict or create a policy yourself with level=unique and it would still not work with multiple peers behind a single NAT.

MikroTik knows this doesnt work, hopefully the feature will be added.

Wed Dec 11, 2013 3:39 pm

Sadly, this is not a bug, but rather a missing feature.

Anyhow, people should know that IPsec NAT-T support is incomplete (or even broken) on RouterOS. To my knowledge, it has not been documented/mentioned anywhere till now. And for me it also means there's currently not a single viable mobile VPN option available on RouterOS, despite all the new and exciting IPsec features introduced in RouterOS v6. Sad.

tomaskir · Wed Dec 11, 2013 3:43 pm

Sadly, this is not a bug, but rather a missing feature.
Anyhow, people should know that IPsec NAT-T support is incomplete (or even broken) on RouterOS. To my knowledge, it has not been documented/mentioned anywhere till now. And for me it also means there's currently not a single viable mobile VPN option available on RouterOS, despite all the new and exciting IPsec features introduced in RouterOS v6. Sad.

I agree its a pain that its not working. As soon as we have a client that has multiple IPSec clients at the same location, we deploy a router and build a S2S tunnel, thats how we get over this particular problem.

Normis (or any other MikroTik staff), if you are reading this, should this be added into the list of known issues and considered a known issue?
Or is this a missing feature that should be requested in the feature request topic?

Wed Dec 11, 2013 3:51 pm

As soon as we have a client that has multiple IPSec clients at the same location, we deploy a router and build a S2S tunnel, thats how we get over this particular problem.

I need this feature mostly for our employees who travel a lot and often need to access our office network during their business trips. If several travelers are staying in the same hotel at the same time, chances are they are behind the same NAT, and that's a huge problem. And, unfortunately, S2S is not a solution in this case at all.

tomaskir · Wed Dec 11, 2013 3:53 pm

As soon as we have a client that has multiple IPSec clients at the same location, we deploy a router and build a S2S tunnel, thats how we get over this particular problem.
I need this feature mostly for our employees who travel a lot and often need to access our office network during their business trips. If several travelers are staying in the same hotel at the same time, chances are they are behind the same NAT, and that's a huge problem. And, unfortunately, S2S is not a solution in this case at all.

Maybe allow usage of SSTP as a second option?
Of course, that is only viable if you OSs support SSTP.

Wed Dec 11, 2013 3:56 pm

Maybe allow usage of SSTP as a second option?
Of course, that is only viable if you OSs support SSTP.

Well, I have ASA5505 which handles similar scenarios just fine at the moment. Being able to use Mikrotik for similar tasks is very desirable, but does not seem to be possible, unfortunately.

winet · Thu Dec 12, 2013 3:13 am

Known Issue in v6.7

Duplicate address-list entries (same list name and same address or address range) are causing a crash. Avoid making 2 identical entries, or write to support for v6.8rc1 pre-release version with the fix.

Thanks for your support, and keep sending emails to support if you find any problems.

dynamic address-list or static address-list? it would be terrible for me to upgrade to v6.7 if the bug also meant for dynamic address-list, because i have port knock filter rules, which keeps re-adding dynamic address-list to keep alive an open connection.

Chupaka · Fri Dec 13, 2013 3:21 pm

dynamic address-list or static address-list? it would be terrible for me to upgrade to v6.7 if the bug also meant for dynamic address-list, because i have port knock filter rules, which keeps re-adding dynamic address-list to keep alive an open connection.

firewall rules are not affected, as far as I saw

stmx38 · Fri Dec 13, 2013 5:56 pm

Issue:
As patrickmkt mentioned, certificate can't be renamed via Winbox.

Description:
Certificat can't be renamed via Winbox. Now this can be done only via terminal:

certificate set numbers=0 name=certname

Versions affected:
Tested with 6.6, 6.7, 6.8 rc1(09.12.2013)

Support TicketID:
Ticket#2013120266000693

tomaskir · Mon Dec 16, 2013 4:06 pm

Issue:
As patrickmkt mentioned, certificate can't be renamed via Winbox.

EDIT: Verified, cant change the name in Winbox, only in Console.

Added to the list.

Zod · Wed Jan 01, 2014 9:31 pm

How about the RB1100AH(x2) packet loss problem with queue/queuetree ?

http://forum.mikrotik.com/viewtopic.php ... ss#p398033
http://forum.mikrotik.com/viewtopic.php ... ss#p361783
http://forum.mikrotik.com/viewtopic.php ... ss#p349739

tomaskir · Thu Jan 02, 2014 11:18 am

How about the RB1100AH(x2) packet loss problem with queue/queuetree ?

http://forum.mikrotik.com/viewtopic.php ... ss#p398033
http://forum.mikrotik.com/viewtopic.php ... ss#p361783
http://forum.mikrotik.com/viewtopic.php ... ss#p349739

If you can please post the issue in the format outlined in the 2nd post, with steps on how to reliably replicate, that would be great.

Me and others can test and verify, and I will be glad to add it to the list.

Rudios · Wed Jan 08, 2014 11:58 am

Issue:
DHCP over BCP

Description:
When BCP is used to tunnel over the internet between two devices and one of the devices is DHCP server, clients on the other side of the tunnel won't get IP address

Versions affected:
6.x

How to reproduce:
Connect two RB's

PPTP-server config

ros code

/interface pptp-server
add name=pptp-in-test user=test
/interface bridge
add l2mtu=1598 name=bridge1 protocol-mode=rstp
/ip pool
add name=pool ranges=192.168.88.101-192.168.88.150
/ip dhcp-server
add address-pool=pool disabled=no interface=bridge1 name=dhcp
/ppp profile
add bridge=bridge1 change-tcp-mss=yes name=ppp_bridging use-encryption=yes
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/interface pptp-server server
set default-profile=ppp_bridging enabled=yes max-mru=1460 max-mtu=1460 mrru=1600
/ip address
add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 to-addresses=0.0.0.0
/ppp secret
add name=test password=test service=pptp

PPTP-client config

ros code

/interface bridge
add l2mtu=1598 name=bridge1 protocol-mode=rstp
/ppp profile
add bridge=bridge1 change-tcp-mss=yes name=ppp_bridging use-encryption=yes
/interface pptp-client
add add-default-route=no allow=pap,chap,mschap1,mschap2 connect-to=\
    172.17.39.131 dial-on-demand=no disabled=no keepalive-timeout=60 max-mru=\
    1450 max-mtu=1450 mrru=1600 name=pptp-out-test password=test profile=\
    ppp_bridging user=test
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/ip address
add address=192.168.88.2/24 interface=bridge1 network=192.168.88.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 to-addresses=0.0.0.0

Notes:
MikroTik admitted this to be a bug and will be solved in a later version.
Their comment

Thanks, problem repeated.

Problem are specific to setups when DHCP-server is on the same bridge where pptp
is bridged.

we will fix that in one of the next versions.

Meanwhile you can ether place DHCP server on other device in the network, or use
EoIP over PPTP and bridge EOIP tunnel.

Support TicketID:
Ticket#2013120266000175

tomaskir · Wed Jan 08, 2014 12:23 pm

Issue:
DHCP over BCP

Excellent bug report, thank you!

Added to the list.

mrscylla · Mon Jan 27, 2014 11:40 pm

Issue:
Web-proxy redirect-to

Description:
The colon symbol disappears from URL of redirect-to field.

Versions affected:
6.7

How to reproduce:

ros code

/ip proxy access add dst-port=80 dst-host=mail.mycompany.ru path="" action=deny redirect-to="https://mail.mycompany.ru/owa"

Notes:
Resulting URL becomes https//mail.mycompany.ru/owa

Support TicketID:
[Ticket#2014012766000763]

Tue Jan 28, 2014 2:09 pm

2) SMS receiving stops working and cant be re-enabled
- http://forum.mikrotik.com/viewtopic.php ... 77#p395377

Author of this report is not responding to our emails, and we can't repeat it.

3) Source IP of web proxy can't be configured in WinBox and WebFig.
- http://forum.mikrotik.com/viewtopic.php ... 73#p396502

Should be fixed

4) PPTP/SSTP - could not add bridge port - BCP not working
- http://forum.mikrotik.com/viewtopic.php ... 95#p397295

fixed

5) L2TP Server bug - replies from wrong IP address
- http://forum.mikrotik.com/viewtopic.php ... 19#p398319

new ppp package invalidates this

6) Duplicate address-list entries (same list name and same address or address range) are causing a crash.
- http://forum.mikrotik.com/viewtopic.php ... 81#p398855

fixed

7) Certificates can't be renamed via Winbox.
- http://forum.mikrotik.com/viewtopic.php ... 16#p400112

fixed

alexspils · Wed Jan 29, 2014 2:47 pm

is it known bugs?
1. x86.when moving vlan from ethernet interface which is in bonging to bonding interface router freazes? - It can be repeated on any x86 box with defaut config.Cant generate supout file because router freezes.
How to repeat:
/interface vlan add name=vlan1 vlan-id=1 interface=eth1
/interface vlan add name=vlan2 vlan-id=2 interface=eth1
.....
/interface bonding
add arp=enabled arp-interval=100ms arp-ip-targets="" disabled=no down-delay=\
0ms lacp-rate=1sec link-monitoring=mii-type2 mii-interval=100ms mode=\
802.3ad mtu=1500 name=bond1 primary=none slaves=eth1,eth2 \
transmit-hash-policy=layer-3-and-4 up-delay=0m
/interface vlan set vlan1 interface=bond1
after this command router freezes.

2. x86.after some time all subnets(in /ip address on interfaces - (in our case - vlans or bridges) gets status invalid. reboot solves problem.supout file sent, no answer from support.

3. x86+Intel i350 t4+6.x ethernet card dhcp not working-all users are with state offered.With wireshark we dont see any answer from dhcp server,with 5.x with same config all works.Answer from mikrotik:supout file sent.We will fix it sometime, use 5.x for now Ticket#2013082866000867

DjM · Thu Jan 30, 2014 2:05 pm

Issue:
Unable to initialite a system variable via SMS

Description:
It is not possible to initialite or change a system variable via SMS as it is described on:
http://wiki.mikrotik.com/wiki/Manual:Tools/Sms#Syntax
Bug is confirmed also by MikroTik, forum thread:
http://forum.mikrotik.com/viewtopic.php?f=9&t=58934

Versions affected:
4.x, 5.x, 6.x (including 6.9)

How to reproduce:
Send SMS in described format with any variable:
http://wiki.mikrotik.com/wiki/Manual:Tools/Sms#Syntax
System variable is not set or changed, so described feature is not working.

Notes:
There is no ETA from MikroTik support team to fix this issue.

Support TicketID:
Ticket#2012083066000462
Ticket#2013010766000731

frankc · Fri Jan 31, 2014 2:45 am

another one in 6.7

add a static entry for

test.domain.com to any ip...

next add
test.domain.com to another ip

then try to remove first one...
you cant
you need to remove all, reput first one, disable, remove, and then add new one.. else it's like a ghost entry that will round robin with the new one ( flush cached and then still saw it as a Static

tomaskir · Fri Jan 31, 2014 2:51 pm

I will update all the current issues and add the issues posted here as soon as 6.9 comes out.

Since 6.8 was pulled, I assume 6.9 will be released soon.

Thanks for all the bug fixes Normis!

lordzar · Fri Jan 31, 2014 5:18 pm

There is an issue where routeros can not talk to sshd servers that have challenge/response turned on.

tomaskir · Mon Feb 03, 2014 6:31 pm

All issues re-tested on v6.9 release. The list is now current for v6.9
4 out of 8 bugs on the list at the release of v6.9 were fixed.

The following issues from the list have been fixed in 6.9:

1) Source IP of web proxy can't be configured in WinBox and WebFig.
- http://forum.mikrotik.com/viewtopic.php ... 73#p396502
2) Duplicate address-list entries (same list name and same address or address range) are causing a crash.
- http://forum.mikrotik.com/viewtopic.php ... 81#p398855
3) Certificates can't be renamed via Winbox.
- http://forum.mikrotik.com/viewtopic.php ... 16#p400112
4) PPTP/SSTP - could not add bridge port - BCP not working
- http://forum.mikrotik.com/viewtopic.php ... 95#p397295

tomaskir · Mon Feb 03, 2014 7:25 pm

This is a repost of an issue submitted by Rudios: http://forum.mikrotik.com/viewtopic.php ... 31#p402927
Reposted here with an easier to recreate configuration, to make re-testing with newer versions easier.

Issue:
DHCP over BCP does not work

Description:
When BCP is used to tunnel over the internet between two devices and one of the devices is DHCP server, clients on the other side of the tunnel won't get and IP address from the DHCP server.

Versions affected:
6.x

How to reproduce:
Connect three RB's in the following topology:

L2 connections:
 server        client      device
 ehter5 ------ ether5
               ether4------ether4

PPTP-server config:

ros code

/interface bridge
add name=bridge1 protocol-mode=rstp
/interface bridge port
add bridge=bridge1 interface=ether4
/ip address
add address=192.168.88.1/24 interface=bridge1
add address=10.0.0.1/24 interface=ether5
/ip pool
add name=DHCP_pool ranges=192.168.88.101-192.168.88.150
/ip dhcp-server
add address-pool=DHCP_pool disabled=no interface=bridge1 name=dhcp
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1
/ppp profile
add bridge=bridge1 name=ppp_bridging
/interface pptp-server server
set default-profile=ppp_bridging enabled=yes max-mru=1400 max-mtu=1400
/ppp secret
add name=test password=test service=pptp
/interface pptp-server
add name=pptp-in-test user=test

PPTP-client config:

ros code

/interface bridge
add name=bridge1 protocol-mode=rstp
/interface bridge port
add bridge=bridge1 interface=ether4
/ip address
add address=192.168.88.2/24 interface=bridge1
add address=10.0.0.2/24 interface=ether5
/ppp profile
add bridge=bridge1 name=ppp_bridging
/interface pptp-client
add connect-to=10.0.0.1 disabled=no keepalive-timeout=10 max-mru=1400 max-mtu=1400 \
 name=pptp-out-test password=test profile=ppp_bridging user=test

DHCP client config:

ros code

/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether4

Notes:
MikroTik confirmed this to be a bug that will be solved in a later version.

Thanks, problem repeated.

Problem are specific to setups when DHCP-server is on the same bridge where pptp
is bridged.

we will fix that in one of the next versions.

Meanwhile you can ether place DHCP server on other device in the network, or use
EoIP over PPTP and bridge EOIP tunnel.

Support TicketID:
Ticket#2013120266000175
Ticket#2014020466000625

tomaskir · Tue Feb 04, 2014 2:34 pm

Issue:
Web-proxy redirect-to

I tested this on 6.9 and it seems to work, can you please provide more detail how to reproduce on 6.9?

Issue:
Unable to initialite a system variable via SMS

Added to the list, thanks!

2) SMS receiving stops working and cant be re-enabled
- http://forum.mikrotik.com/viewtopic.php ... 77#p395377
Author of this report is not responding to our emails, and we can't repeat it.

The support response got lost in all my emails, sorry, my fault

Will update the ticket asap with the requested info on 6.9

5) L2TP Server bug - replies from wrong IP address
- http://forum.mikrotik.com/viewtopic.php ... 19#p398319
new ppp package invalidates this

This issue is still present in 6.9 with the new ppp package, and can reliably be reproduced with the steps in the linked post.

Other than that, thanks for all the fixes!

Tue Feb 04, 2014 2:36 pm

4) DHCP over BCP does not work
- http://forum.mikrotik.com/viewtopic.php ... 46#p407146

This was fixed in v6.8 as well. if anyone can repeat it, email support with full access, description and supout.rif file

tomaskir · Tue Feb 04, 2014 2:38 pm

4) DHCP over BCP does not work
- http://forum.mikrotik.com/viewtopic.php ... 46#p407146
This was fixed in v6.8 as well. if anyone can repeat it, email support with full access, description and supout.rif file

I will email support asap, can reproduce it with the steps in this post:
http://forum.mikrotik.com/viewtopic.php ... 50#p407146

Edit: sent with [Ticket#2014020466000625]

Mon Feb 17, 2014 4:14 am

Issue:
Export of BGP VRF configuration does not include the "instance" or "out-filter" entries.

Description:
When exporting the BGP VRF configuration with a "/routing bgp instance vrf export" the output does not include the relevant instance, or any out-filter that is configured. This prevents the user from being able to successfully import the configuration in to another router.

Versions affected:
Confirmed on 6.5 -> 6.10

How to reproduce:
Configure a BGP VRF with an out-filter then:

ros code

/routing bgp instance vrf export

The resulting output will not include the instance or out-filter

Notes:
This looks like RouterOS's configuration database is out of sync between Winbox/CLI and the actual underlying processes.
I worked with Mikrotik support and can confirm the "instance" problem is fixed in RouterOS 6.11 and the out-filter problem was not a problem, just confusion on our part.

Support TicketID:
Ticket#2014021766000093

tomaskir · Wed Feb 19, 2014 11:53 am

Issue:
Export of BGP VRF configuration does not include the "instance" or "out-filter" entries.

Thanks for the report! Added to the list.

Wed Feb 19, 2014 2:13 pm

Issue:
During upgrade of RouterOS IPSEC peers become disabled

Description:
As above.

Versions affected:
Confirmed on 6.9 -> 6.11rc1

How to reproduce:
Upgrade from any release to 6.9, 6.10 or 6.11rc1 check your IPSEC peers after the upgrade and you will notice they are red

You can simply enable them and they will start working again.
We have confirmed this on a handful of mipsbe RouterBoards.

Notes:
This one made me laugh, it was just lucky I still allowed management access outside of the tunnel so I could re-enable the peers

Support TicketID:
Ticket# Not yet.

tomaskir · Fri Feb 21, 2014 10:29 am

Issue:
During upgrade of RouterOS IPSEC peers become disabled

Confirmed as well, and added to the list. This one could cause trouble even for me if I upgraded our IPSec AC.

Could you pls create a support ticket and update the post with it when you have the time

Thanks!

eldorin · Fri Feb 21, 2014 2:48 pm

Have a Powerrouter 2200 upgraded from 5.24 to 6.10. Has a single peered interface with AT&T and a full ipv4 routing table with 475596 prefixes plus a full ipv6 routing table with 16374 prefixes.

The gig interface with AT&T is rate limited to only 250Mbit so it's not running much traffic. Averaging about 150Mbit on the unit for now.

Once upgraded to 6.10, I see about a 10% packetloss on the ptp interface to AT&T. Everything seems to be working fine on all other interfaces except the interface peered to the Internet backbone. Rolled back to 5.24 and everything works fine.

lordzar · Sat Feb 22, 2014 1:36 pm

Let's try this again... (Someone deleted my previous post)

I agree with everyone on "we're sick and tired of all the bugs".

They really need to hire someone who is experienced in software QA testing. It is beyond ridiculous now. Mikrotik seems to introduce just as many new bugs as the ones they fix in each release.

STOP introducing new hardware and start fixing ROS? You put out things like the cloud router and cloud switch, which should be awesome boxes, yet they are pretty much junk, since there is no good software to run on them.

And while we're on the subject, who makes a decision like, stop making the rb1100ah, which is totally capable of running metarouters, and not offering a replacement. I've even had an email from them lying about the ability of the x2 being able to run them.

I reported an issue in 6.7 about not being able to use ssh on a router to connect to a server that has challenge response turned on, and was told that it would be fixed "in the next release". Well, it's still not fixed in 6.10.

All I'm asking is please PLEASE stabilize the software and stop making new hardware. Find a experienced software QA person. Develop some good test plans and stop releasing buggy software, like the whole 6.8, 6.9, 6.10 fiasco.

I've been using mikrotik for over 10 years and have around 100 devices in the field, and yet I find myself on the verge of replacing them with some other vendors product.

elmer · Mon Feb 24, 2014 9:20 pm

RB951Ui from MUM - RouterOS 6.5, connected to internet and then...
/system package update upgrade
router rebooted, all is ok but PoE firmware = 0.0

Checked in the day of MUM on two routers, same effect...

Tue Feb 25, 2014 11:54 am

RB951Ui from MUM - RouterOS 6.5, connected to internet and then...
/system package update upgrade
router rebooted, all is ok but PoE firmware = 0.0
Checked in the day of MUM on two routers, same effect...

what is the output of these two commands?

/interface ethernet poe settings print
/interface ethernet poe settings upgrade

Bergante · Tue Feb 25, 2014 12:57 pm

Perfectly stable wireless link between two Omnitiks works perfectly with RoterOS <= 6.6.
The link is table, with CCR > 90 % most of the day.

After upgrading to 6.7, it begins to develop problems. Several days after the last reboot, packet loss appears. A reboot of just the one configured as an AP solves it. I tried again with the subsequent releases (6,8, 6,10) with the same results.

The problem seems to affect just the one in AP mode, it's the only one I have downgraded again to 6.6.

The network is, I admit, a bit convoluted (I am running MPLS and trying BGP-VPLS with several virtual networks) but the MPLS network has a total of three nodes and none of the others have shown any problems.

The wireless configuration of the AP one is:

[admin@OmniTik-despa] /interface wireless> export hide-sensitive 
# feb/25/2014 11:55:10 by RouterOS 6.6
# software id = 9SFF-0RWS
#
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
    required mode=dynamic-keys name=MAIN supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] allow-sharedkey=yes band=5ghz-onlyn \
    basic-rates-a/g="" bridge-mode=disabled channel-width=20/40mhz-ht-below \
    disabled=no frequency=5680 frequency-mode=superchannel \
    ht-ampdu-priorities=0,1 ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3 ht-rxchains=\
    0,1 ht-supported-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-10,mcs-11,mcs-12,mcs-13 \
    ht-txchains=0,1 hw-retries=4 l2mtu=2290 max-station-count=2 mode=\
    ap-bridge mtu=1540 nv2-cell-radius=10 nv2-security=enabled \
    periodic-calibration=enabled preamble-mode=short rate-set=configured \
    security-profile=MAIN ssid=TRUNK supported-rates-a/g="" tdma-period-size=\
    3 tx-power=23 tx-power-mode=card-rates wireless-protocol=nv2 wmm-support=\
    enabled
/interface wireless access-list
add interface=wlan1 mac-address=00:0C:42:X:Y:Z

[admin@OmniTik-despa] /interface wireless>

and, just for the record, the client:

[admin@OmniTik-casa] /interface wireless> export hide-sensitive 
# feb/25/2014 11:56:44 by RouterOS 6.10
# software id = PAXV-BRR1
#
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk management-protection=required mode=\
    dynamic-keys name=MAIN supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n bridge-mode=disabled \
    channel-width=20/40mhz-ht-below disabled=no frequency-mode=superchannel \
    ht-ampdu-priorities=0,1 ht-guard-interval=long hw-retries=1 l2mtu=2290 \
    mtu=1540 noise-floor-threshold=-105 nv2-cell-radius=10 nv2-security=\
    enabled periodic-calibration=enabled preamble-mode=short scan-list=\
    5580,5680,5660,5700,5540,5180,5200,5220 security-profile=MAIN ssid=TRUNK \
    tx-power=23 tx-power-mode=card-rates wireless-protocol=nv2 wmm-support=\
    enabled

The link is just crossing a street, nothing fancy, and both units are behind windows, not perfect line of sight. But with 6.6 on the "AP" it works rock solid.

tomaskir · Wed Feb 26, 2014 1:00 pm

All issues retested on v6.10.

No fixes or changes compared to v6.9, since v6.10 was just a quick fix released a few days after v6.9.

Leto · Wed Feb 26, 2014 2:18 pm

Please fix this bug:
http://forum.mikrotik.com/viewtopic.php?f=14&t=79519

Decription:
IPv6 over PPPoE stops working after PPPoE connection disconnect.

To fix you have to disable/enable ipv6 address and then release/renew dhcpv6 client.

Here is video of problem (not made by me)
http://www.youtube.com/watch?v=6Mo1HN4y ... e=youtu.be

Issue is same as in video, but with 6.10 it changed so that additional step is required (releasing/renewing dhcpv6)

Versions affected: 6.x

tomaskir · Wed Feb 26, 2014 2:37 pm

Please fix this bug:
http://forum.mikrotik.com/viewtopic.php?f=14&t=79519

Decription:
IPv6 over PPPoE stops working after PPPoE connection disconnect.

To fix you have to disable/enable ipv6 address and then release/renew dhcpv6 client.

Here is video of problem (not made by me)
http://www.youtube.com/watch?v=6Mo1HN4y ... e=youtu.be

Issue is same as in video, but with 6.10 it changed so that additional step is required (releasing/renewing dhcpv6)

Versions affected: 6.x

I will try to simulate this problem and create a proper reliable step-by-step process on how to reproduce it.

If i succeed, I will create a support ticket and post it here as a known issue.

Leto · Wed Feb 26, 2014 2:57 pm

Thank you!

Here's the config I am using (it's in Slovenian), if it's any help:

http://go6.si/2013/12/mikrotik-usmerjev ... eko-pppoe/

http://translate.google.com/translate?s ... o-pppoe%2F

facetwety · Thu Feb 27, 2014 12:50 pm

Issue:
bad blocks problem

Description:
I've got a anew rb 433ah with ros ver:6.5 And everything was just fine
but after upgrade to ros ver:6.10 bad blocks counter start raising almost every reboot by .1% and now its 2.3%
so i downgrade the ros version to 6.4 and the bad blocks counter is now stable at 2.3% and not raise up.

Versions affected:
ver:6.10

How to reproduce:
updating router board to lateset ros ver 6.10 and bad block counter start raise by .1% Almost every reboot or power shutdown

Notes:
nand model st
ram model zentel

Support TicketID:
Ticket#2014022766000038]

http://forum.mikrotik.com/viewtopic.php?t=82299

tomaskir · Thu Feb 27, 2014 12:55 pm

Issue:
bad blocks problem

I tested on a RB750 and a RB951-2n, but it does not happen for me, I dont have a 433ah I can test on.

Do you have a different 433ah you can test on to make sure its not just that one board that presents the problem?

Thu Feb 27, 2014 12:56 pm

You can actually see in your picture, that you have v6.4, so why do you write that this only happens in v6.10?

tomaskir · Thu Feb 27, 2014 12:59 pm

You can actually see in your picture, that you have v6.4, so why do you write that this only happens in v6.10?

He did say he had to downgrade to 6.4.

So he upgraded to 6.10, bad blocks started increasing.
He downgraded to 6.4, bad blocks dont increase anymore.
He is now at 6.4, with 2,3% bad blocks still left.

Atleast thats how I understand his problem

facetwety · Thu Feb 27, 2014 1:07 pm

You can actually see in your picture, that you have v6.4, so why do you write that this only happens in v6.10?

upgraded to 6.10, bad blocks started increasing.
downgraded to 6.4, bad blocks dont increase anymore.
now at 6.4, with 2,3% bad blocks still left.

trying to reinstall with net install with no luck still 2.3%

tomaskir

tomaskir · Thu Feb 27, 2014 1:21 pm

trying to reinstall with net install with no luck still 2.3%

Could you please check on another 433ah as I mentioned in here http://forum.mikrotik.com/viewtopic.php ... 50#p411879?

Thanks!

facetwety · Thu Feb 27, 2014 1:34 pm

Could you please check on another 433ah as I mentioned in here http://forum.mikrotik.com/viewtopic.php ... 50#p411879?

Thanks!

Unfortunately I do not have any other 433ah rb

may be this problem happen to 433ah with st nand only !!!!!!!!

HeadCraft · Thu Feb 27, 2014 3:05 pm

Issue:
Wrong behaivor of SNMP TRAP generator

Description:
In SNMP configuration options there is parameter which means "List of interfaces that traps are going to be sent out"

ros code

/snmp set trap-interfaces=ether1

But it does no effect when sending trap to a subnet, that belongs to another interface. The packet is generated with source address of that "another" interface.

Versions affected:
Tested on 5.6, 5.25, 6.7, 6.10

How to reproduce:

Lets say we have two routers connected with vpn tunnel (10.0.0.0/30) and each of them has local subnet (192.168.0.0/24 on R1, 192.168.1.0/24 on R2) and server connected to router2 which catches traps.

       10.0.0.1            10.0.0.2
  Router1 --------(vpn)------------Router2
  (ether1)                        (ether1)
      |                              |
      |                              |
      |                              |
192.168.0.1                     192.168.1.1

Configuration on Router1

ros code

/ip address add interface=vpn address=10.0.0.1/30
/ip address add interface=ether1 address=192.168.0.1/24
/ip route add gateway=10.0.0.2
/snmp set enabled=yes trap-community=public trap-generators=interfaces,start-trap \
trap-interfaces=ether1 trap-target=192.168.1.2

Configuration on Router2

ros code

/ip address add interface=vpn address=10.0.0.2/30
/ip address add interface=ether1 address=192.168.1.1/24
/ip route add gateway=10.0.0.1
/ip firewall filter add chain=forward comment="Block traffic generated in VPN subnet for security reason" \
in-interface=vpn out-interface=ether1 src-address=10.0.0.0/30 action=drop

So when trap will be generated, server will not recieve it. It will be blocked by firewall because it has source ip address 10.0.0.1, but we need 192.168.0.1.

Notes:

Here is a lack of parameter like "/snmp set trap-source-address=".
We can see how it is made in remote syslog config

ros code

/system logging action
set 3 bsd-syslog=no name=remote remote=192.168.1.2 remote-port=514 src-address=\
    192.168.0.1 syslog-facility=daemon syslog-severity=auto target=remote

Support TicketID:

Ticket#2014022766000752

IlCarletto · Fri Feb 28, 2014 11:25 am

request:
write a domain name for a remote syslog server, like this (attach)

Rudios · Thu Mar 06, 2014 8:35 am

4) DHCP over BCP does not work
- http://forum.mikrotik.com/viewtopic.php ... 46#p407146
This was fixed in v6.8 as well. if anyone can repeat it, email support with full access, description and supout.rif file
I will email support asap, can reproduce it with the steps in this post:
http://forum.mikrotik.com/viewtopic.php ... 50#p407146

Edit: sent with [Ticket#2014020466000625]

I have tested it with both versions 6.9 and 6.10 but the problem is still there!!!

Poki · Thu Mar 06, 2014 10:46 am

Hello Mikrotik community.

I guess it's my turn to report a bug.

Issue:
Router always looks in the main table when it has to send ICMP TTL exceeded in transit (type 11)

Description:
As you know, when a packet pass through a router, the TTL is decreased by 1, and when it reaches 0, the router should send ICMP type 11 (TTL exceeded in transit) back to the sender.

However, if that happens to be in a VRF (incoming and outgoing interfaces belong to a specific routing-mark), the router would not look into the corresponding table to send back the ICMP type 11 packet.

It seems that the router is always looking in the main table, no matter what.

Versions affected:
6.10, 6.6, (I guess 6.x)

How to reproduce:

Physical setup:
PC <--> RB <--> PC

Config of the RB:

ros code

/ip address
add address=10.0.0.1/30 interface=ether2 network=10.0.0.0
add address=10.2.0.1/30 interface=ether4 network=10.2.0.0
/ip route vrf
add interfaces=ether2,ether4 routing-mark=vrf1

When a PC with IP address 10.0.0.2 run a traceroute towards 10.2.0.2, the router (first hop) just won't show up.

C:\Users\Poki>tracert -d 10.2.0.2

Tracing route to 10.2.0.2 over a maximum of 30 hops

1 * * * Request timed out.
2 2 ms 1 ms 2 ms 10.2.0.2

Trace complete.

When I disable the VRF, everything is OK.

Notes:
It seems that the router looks only in the main table.

When I use VRF and if I just insert a static route for 10.0.0.0/30 on the ether2 interface in the main table, the router starts to send back the TTL exceeded packets.

The problem is not present on RouterOS 5.26.

Support TicketID:
2014030666000236 - no reply from them yet.

tomaskir · Thu Mar 06, 2014 11:39 am

Issue:
Router always looks in the main table when it has to send ICMP TTL exceeded in transit (type 11)

Tested and confirmed, added to the list.

Thanks!

tomaskir · Thu Mar 06, 2014 12:43 pm

Issue:
Wrong behaivor of SNMP TRAP generator

Description:
In SNMP configuration options there is parameter which means "List of interfaces that traps are going to be sent out"
ros code
/snmp set trap-interfaces=ether1
But it does no effect when sending trap to a subnet, that belongs to another interface. The packet is generated with source address of that "another" interface.

I took me a bit to understand and simulate your issue, I have a few quesions:

Your problem is that the SNMP trap for an interface is not send from the source-IP of the interface yes?
If so, what is the problem with all the traps from the router being send from a single IP address? You can just allow that single IP to communicate with the SNMP manager. If every interface were to send traps from its IP-address, that would be difficult.
What about PPP interfaces, or interfaces with a DHCP client?

I think the current behaviour is correct, but please do explain more why its not for you, and why you think it should be different.

MT7 · Sun Mar 09, 2014 7:40 pm

Hardware: RB2011UAS-2HnD-IN

Firmware: 3.12

RouterOS: 6.10

Problem description: Sometimes the igmp-proxy on my router seems stop working suddenly. When it happens LAN users can't watch IPTV. If I check the igmp-proxy window via winbox it became clean with no rules in it. To correct this problem I have to reboot the router. After reboot all settings in the igmp-proxy window are back and IPTV is back too.

Steps to reproduce: No idea. It is just happened several times per 6 months without any actions from my side.

/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=10.0.0.0/8 interface=ether2 upstream=yes
add interface=ether7

tomaskir · Mon Mar 10, 2014 3:08 pm

This is a repost of an issue submitted by Poki: http://forum.mikrotik.com/viewtopic.php ... 00#p413242
Reposted here with an easier to recreate configuration, to make re-testing with newer versions easier.

Issue:
Router looks in the main routing table and not in a VRF for ICMP TTL exceeded (type 11)

Description:
When a packet pass through a router, the TTL is decreased by 1, and when it reaches 0, the router should send ICMP type 11 (TTL exceeded in transit) back to the sender.
However, if that happens to be in a VRF (incoming and outgoing interfaces belong to a specific routing-mark), the router would not look into the corresponding table to send back the ICMP type 11 packet.

It seems that the router is always looking in the main table, no matter what.

Versions affected:
Not working in 6.x
Working in 5.x

How to reproduce:

L2 connections:
 Client1     VRF_Router    Client2
 ehter4 ------ ether4
               ether5------ether5

Config on VRF_Router:

ros code

/ip address
add address=10.0.0.1/30 interface=ether4 network=10.0.0.0
add address=10.2.0.1/30 interface=ether5 network=10.2.0.0
/ip route vrf
add interfaces=ether4,ether5 routing-mark=vrf1
/system identity
set name=VRF_Router

Config on Client1:

ros code

/ip address
add address=10.0.0.2/30 interface=ether4 network=10.0.0.0
/ip route
add distance=1 gateway=10.0.0.1
/system identity
set name=Client1

Config on Client2:

ros code

/ip address
add address=10.2.0.2/30 interface=ether5 network=10.2.0.0
/ip route
add distance=1 gateway=10.2.0.1
/system identity
set name=Client2

Run a trace from Client2 to Client1:

[admin@Client2] > tool traceroute 10.0.0.2
 # ADDRESS                          LOSS SENT    LAST     AVG    BEST   WORST STD-DEV STATUS
 1                                  100%    5 timeout
 2 10.0.0.2                           0%    4   2.4ms     2.1     1.9     2.4     0.2

You will see VRF_Router is not properly sending ICMP TTL exceeded.
If you disable the VRF, everything is OK.

Notes:
It seems that the router looks only in the main table.
When I use VRF and if I just insert a static route for 10.0.0.0/30 on the ether2 interface in the main table, the router starts to send back the TTL exceeded packets.

The problem is not present on RouterOS 5.26

Support TicketID:
2014030666000236

Poki · Mon Mar 10, 2014 7:53 pm

This is a repost of an issue submitted by Poki: http://forum.mikrotik.com/viewtopic.php ... 00#p413242
Reposted here with an easier to recreate configuration, to make re-testing with newer versions easier.

Issue:
Router looks in the main routing table and not in a VRF for ICMP TTL exceeded (type 11)

Support TicketID:
2014030666000236

Well summarized tomaskir.

I just wanted to mention that I still don't have a reply from Mikrotik about this issue.

It's a shame. Instead of being grateful about helping them improve their OS, they don't even bother to consider our bug reports.

janel · Wed Mar 12, 2014 10:58 pm

Issue:
CRS125-24G-1S-RM: Configuration elements missing from the Web interface: Switch and LCD

Description:
The configuration sections for the Switch and LCD are missing from the Web interface, but present in the CLI and Winbox.

Versions affected:
6.10

How to reproduce:
Always

Thu Mar 13, 2014 11:39 am

This is a repost of an issue submitted by Poki: http://forum.mikrotik.com/viewtopic.php ... 00#p413242
Reposted here with an easier to recreate configuration, to make re-testing with newer versions easier.

Issue:
Router looks in the main routing table and not in a VRF for ICMP TTL exceeded (type 11)

Support TicketID:
2014030666000236
Well summarized tomaskir.

I just wanted to mention that I still don't have a reply from Mikrotik about this issue.

It's a shame. Instead of being grateful about helping them improve their OS, they don't even bother to consider our bug reports.

Your bug is still open, and is being investigated. Sorry if that wasn't clear. We answer ALL emails. If you didn't get an answer, either it's in your junk folder, or we are still looking into it.

DjM · Thu Mar 13, 2014 12:17 pm

Your bug is still open, and is being investigated. Sorry if that wasn't clear. We answer ALL emails. If you didn't get an answer, either it's in your junk folder, or we are still looking into it.

Hi normis,

I think that "Thank you, we are working on it, update is awaited in next XX days" is better answer than waiting without reply

One email can make a better picture, I think

Rudios · Thu Mar 13, 2014 1:28 pm

...
...
... We answer ALL emails. If you didn't get an answer, either it's in your junk folder, or we are still looking into it.

Normis. How sure are you about this. I have send an email the 6th about DHCP over BCP
Ticket#2013120266000175

I have not received any response yet.

Thu Mar 13, 2014 1:30 pm

Ticket#2013120266000175

I have not received any response yet.

In this case you have responded with an update to a 101 days old ticket, which means it gets buried in the priority list. I suggest making a new ticket when you have a new problem.

Rudios · Thu Mar 13, 2014 8:16 pm

Ticket#2013120266000175

I have not received any response yet.
In this case you have responded with an update to a 101 days old ticket, which means it gets buried in the priority list. I suggest making a new ticket when you have a new problem.

But it is not a new problem. You stated it should be solved in version 6.8 but I can still reproduce it in 6.9 and 6.10

janel · Fri Mar 14, 2014 1:37 am

Issue:
CRS125-24G-1S-RM: Configuration elements missing from the Web interface: Switch and LCD

Description:
Switch setting bridge-type=customer-vlan-bridge is not retained after reboot.
In my case this causes traffic to be copied on all ports linked to the current master, as described before by other users.

/interface ethernet switch port set [find] learn-restricted-unknown-sa=yes

does not work, setting instead

/interface ethernet switch set bridge-type=customer-vlan-bridge

is OK.
In my setup, when the configuration is wrong traffic drops from ~700Mbs to ~120Mbs.

My config:

/interface ethernet
set [ find default-name=sfp1 ] auto-negotiation=no
set [ find default-name=ether1 ] master-port=sfp1
set [ find default-name=ether2 ] master-port=sfp1
set [ find default-name=ether3 ] master-port=sfp1
/interface vlan
add interface=sfp1 l2mtu=1584 name=vlan199 vlan-id=199
/interface ethernet switch
set bridge-type=customer-vlan-bridge
/interface ethernet switch egress-vlan-translation
add customer-vid=199 new-customer-vid=0 port=ether1
add customer-vid=199 new-customer-vid=0 port=ether2
add customer-vid=199 new-customer-vid=0 port=ether3
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=199 port=ether1 sa-learning=yes
add customer-vid=0 new-customer-vid=199 port=ether2 sa-learning=yes
add customer-vid=0 new-customer-vid=199 port=ether3 sa-learning=yes

Versions affected:
6.10

How to reproduce:
Set switch bridge type = customer-vlan-bridge then reboot

tomaskir · Fri Mar 14, 2014 11:35 am

Issue:
CRS125-24G-1S-RM: Configuration elements missing from the Web interface: Switch and LCD

Issue:
CRS125-24G-1S-RM: Switch setting bridge-type=customer-vlan-bridge is not retained after reboot.

I dont have a CRS to test with, could anyone please confirm these?

Fri Mar 14, 2014 11:41 am

6) Export of BGP VRF configuration does not include the "instance" entries
- viewtopic.php?f=2&t=78816&start=50#p409634

Fixed in v6.11

7) During upgrade of RouterOS IPSEC peers become disabled
- viewtopic.php?f=2&t=78816&start=50#p410240

Marked invalid, since we can't repeat this in any type of setup. Could be a problem with something else in this system/network

tomaskir · Fri Mar 14, 2014 11:46 am

7) During upgrade of RouterOS IPSEC peers become disabled
- viewtopic.php?f=2&t=78816&start=50#p410240
Marked invalid, since we can't repeat this in any type of setup. Could be a problem with something else in this system/network

I have tried to replicate this issue for 2 hours without success as well.

I have seen multiple people on the forums say they have this issue, but noone responds to my emails/messages.
nz_monkey is not responding either, nz_monkey, if you are reading this, please contact me

For now, removed from the list.

Fri Mar 14, 2014 11:46 am

4) DHCP over BCP does not work
- viewtopic.php?f=2&t=78816&p=407146#p407146

fixed in 6.11

swissiws · Fri Mar 14, 2014 12:46 pm

tomaskir

I am not an engineer - i am a project manager feeding of your trail - just spend another 10k on MT products which seems not to work due to already published sw bugs with crs and ccr systems - NO doubt about hardware engineering - first class - software too unpredictable to manage, maybe a bug, maybe engineer issue -

spend another 2k of engineer work to get basic vlan configuration running on CRS - well 4 days into production - user complain re speed issues etc = see posts. ros 6.10

I hope you see my current frustrations re Mikrotik products getting released without proper product certification - CRS as my main concern. CCR does not bond with Cisco as many times posted before.

Fri Mar 14, 2014 12:57 pm

tomaskir

I am not an engineer - i am a project manager feeding of your trail - just spend another 10k on MT products which seems not to work due to already published sw bugs with crs and ccr systems - NO doubt about hardware engineering - first class - software too unpredictable to manage, maybe a bug, maybe engineer issue -

spend another 2k of engineer work to get basic vlan configuration running on CRS - well 4 days into production - user complain re speed issues etc = see posts. ros 6.10

I hope you see my current frustrations re Mikrotik products getting released without proper product certification - CRS as my main concern. CCR does not bond with Cisco as many times posted before.

If you assume that there are bugs only by reading the forum release topic, I can disappoint you, 90% of those reports are caused by user error, or appear only in very specific situations that most likely will never affect you. Do you actually have any problems yourself, and if yes, tell us the Support ticket number, so I can check if we have fixed it for v6.11

tomaskir · Fri Mar 14, 2014 2:01 pm

tomaskir

I am not an engineer - i am a project manager feeding of your trail - just spend another 10k on MT products which seems not to work due to already published sw bugs with crs and ccr systems - NO doubt about hardware engineering - first class - software too unpredictable to manage, maybe a bug, maybe engineer issue -

spend another 2k of engineer work to get basic vlan configuration running on CRS - well 4 days into production - user complain re speed issues etc = see posts. ros 6.10

I hope you see my current frustrations re Mikrotik products getting released without proper product certification - CRS as my main concern. CCR does not bond with Cisco as many times posted before.

I understand your concerns as a project manager. What I would advise is telling your engineers to actually contact official Mikrotik support.
What Normis said is true, most of the so-called "bugs" in release threads are actually config errors.

Tell your engineers not to "blame" problems on posts in the release thread, but to actually work on solving the issues. Support will tell them if its a config issue or a bug.
Without your problem being confirmed as a bug by official MikroTik support, you cant do much. When it is confirmed as a bug by official MikroTik support, then you can push on MikroTik to fix it.
Also if that is the case, please post it in here so we all know about the issue

Believe me, I understand the frustration, some of the bugs in here are affecting our systems as well.
But as you can see from this thread, MikroTik is actually solving bugs (of course, at their own pace, and according to their own priorities).

NathanA · Sun Mar 16, 2014 2:00 am

4) DHCP over BCP does not work
- viewtopic.php?f=2&t=78816&p=407146#p407146
fixed in 6.11

Yay! I should have read the forums first...I just submitted a ticket (#2014031566000139) about this very issue yesterday!

Please don't ignore the ticket, though, even though this issue is fixed...I reported a second issue in the same ticket, where you can hard-crash an x86 RouterOS box running PPTP or L2TP server if the incoming request negotiates both MPPE encryption and MLPPP MRRU, if you are using the SMP/multicore kernel.

-- Nathan

tomaskir · Sun Mar 16, 2014 11:54 am

Please don't ignore the ticket, though, even though this issue is fixed...I reported a second issue in the same ticket, where you can hard-crash an x86 RouterOS box running PPTP or L2TP server if the incoming request negotiates both MPPE encryption and MLPPP MRRU, if you are using the SMP/multicore kernel.

-- Nathan

That is fixed in 6.11 as well:

From 6.11 RC devel log:

What's new in 6.11 (2014-Mar-14 10:13):
*) ppp - mppe encryption together with mrru locked the router;

Rudios · Sun Mar 16, 2014 3:51 pm

Please don't ignore the ticket, though, even though this issue is fixed...I reported a second issue in the same ticket, where you can hard-crash an x86 RouterOS box running PPTP or L2TP server if the incoming request negotiates both MPPE encryption and MLPPP MRRU, if you are using the SMP/multicore kernel.

-- Nathan
That is fixed in 6.11 as well:

From 6.11 RC devel log:

What's new in 6.11 (2014-Mar-14 10:13):
*) ppp - mppe encryption together with mrru locked the router;

How come I can not find ROS 6.11 on the official download page?

tomaskir · Sun Mar 16, 2014 3:53 pm

How come I can not find ROS 6.11 on the official download page?

The excerpt was from the 6.11 release candidate development page.

6.11 is not officially released yet.

Mon Mar 17, 2014 3:57 am

nz_monkey is not responding either, nz_monkey, if you are reading this, please contact me

Sorry tomaskir had work overload the last few weeks.

I will do some more testing on this tonight and try to determine if it is a general fault or something specific to my configuration.

Rudios · Fri Mar 21, 2014 12:21 pm

4) DHCP over BCP does not work
- viewtopic.php?f=2&t=78816&p=407146#p407146
fixed in 6.11

I can confirm that the bug is solved. Just tested it!

tomaskir · Tue Mar 25, 2014 5:22 pm

All issues re-tested on v6.11 release. The list is now current for v6.11
2 out of 7 bugs on the list at the release of v6.11 were fixed.

The following issues from the list have been fixed in 6.11:
4) DHCP over BCP does not work
- http://forum.mikrotik.com/viewtopic.php ... 46#p407146
6) Export of BGP VRF configuration does not include the "instance" entries
- http://forum.mikrotik.com/viewtopic.php ... 50#p409634

tomaskir · Wed Mar 26, 2014 7:09 pm

Issue:
Queue type default-small not exported with export compact

Description:
When doing a "export compact" changes to queue type default-small are not exported

Versions affected:
6.x and 5.x

How to reproduce:
Simply put this into console to see it not export:

ros code

/queue type print where name=default-small
# Notice the default pfifo-limit=10
/queue type set [/queue type find name=default-small] pfifo-limit=50
# Now we change that to 50
/queue type export compact
# Our changes are not in export compact
/queue type print where name=default-small
# Notice the pfifo-limit=50

Notes:
After 15 (?) versions, export compact is still missing things.
Wonder how many more settings are still not exported correctly...

Support TicketID:
[Ticket#2014032666000958]

asmozre · Wed Mar 26, 2014 8:12 pm

Unable to change or add any telnet interfaces into mac-server

Model: CCR1036-12G-4S

ROS Version 6.11

/tool mac-server
remove 0
failure: can not remove the default entry
add interface=ether2
failure: interface unsupported

I have 6.10 on another device that is not a CCR and am able to use these commands with no issue.

Chupaka · Wed Mar 26, 2014 10:52 pm

Description:
When doing a "export compact" changes to queue type default-small are not exported

for me (v6.11, x86) it's exported, but in strange manner: "set 16 pfifo-limit=20". I don't think that default-small has index 16 on every system

Unable to change or add any telnet interfaces into mac-server

Model: CCR1036-12G-4S

ROS Version 6.11
Code: Select all
/tool mac-server
remove 0
failure: can not remove the default entry
add interface=ether2
failure: interface unsupported
I have 6.10 on another device that is not a CCR and am able to use these commands with no issue.

have you tried v6.10 on CCR? adding works for me both in 6.10 CCR and 6.11 x86
also, removing should not work on any device, just because it's default entry. you should be able only disable it, not remove

asmozre · Wed Mar 26, 2014 11:05 pm

Description:
When doing a "export compact" changes to queue type default-small are not exported
for me (v6.11, x86) it's exported, but in strange manner: "set 16 pfifo-limit=20". I don't think that default-small has index 16 on every system
Unable to change or add any telnet interfaces into mac-server

Model: CCR1036-12G-4S

ROS Version 6.11
Code: Select all
/tool mac-server
remove 0
failure: can not remove the default entry
add interface=ether2
failure: interface unsupported
I have 6.10 on another device that is not a CCR and am able to use these commands with no issue.
have you tried v6.10 on CCR? adding works for me both in 6.10 CCR and 6.11 x86
also, removing should not work on any device, just because it's default entry. you should be able only disable it, not remove

I'll try to downgrade my ccr at home tonight when I get in and see. I know that on 6.10 on a 750gl I had laying around I was able to remove the default entry via command line and not disable it as I usually do.

Here is the print off the 750gl with 6.10 showing the all default entry removed via command line.

/tool mac-server> print
Flags: X - disabled, * - default 
 #    INTERFACE                                                                  
 0  * ether2                                                                     
 1    ether3                                                                     
 2    ether4                                                                     
 3    ether5

Chupaka · Wed Mar 26, 2014 11:23 pm

Here is the print off the 750gl with 6.10 showing the all default entry removed via command line.

/tool mac-server> print
Flags: X - disabled, * - default 
 #    INTERFACE                                                                  
 0  * ether2                                                                     
 1    ether3                                                                     
 2    ether4                                                                     
 3    ether5

as you can see, you DO have default entry (marked by "*")
yep, you can do "set 0 interface=ether2" to change default entry from 'all' to some specific interface

but you cannot remove it completely =)

tomaskir · Thu Mar 27, 2014 1:11 pm

Description:
When doing a "export compact" changes to queue type default-small are not exported
for me (v6.11, x86) it's exported, but in strange manner: "set 16 pfifo-limit=20". I don't think that default-small has index 16 on every system

Can you test on a RouterBoard?

I tested on powerpc and mipsbe, on those its not exported.

Here is the print off the 750gl with 6.10 showing the all default entry removed via command line.

/tool mac-server> print
Flags: X - disabled, * - default 
 #    INTERFACE                                                                  
 0  * ether2                                                                     
 1    ether3                                                                     
 2    ether4                                                                     
 3    ether5

As said before, you can set the default to a different value then "all", or you can disable it, but it can not be removed.

Regarding 6.11 and adding a mac-server interface, I dont have a CCR to test on, can someone test please?

Chupaka · Thu Mar 27, 2014 2:23 pm

Can you test on a RouterBoard?

I tested on powerpc and mipsbe, on those its not exported.

Here's the result from my RB951-2n (mipsbe):

[admin@MikroTik] /queue type> ex
# jan/05/1970 00:18:03 by RouterOS 6.11
#
[admin@MikroTik] /queue type> set default-small pfifo-limit=20
[admin@MikroTik] /queue type> ex                              
# jan/05/1970 00:18:07 by RouterOS 6.11
#
/queue type
set 9 pfifo-limit=20
[admin@MikroTik] /queue type>

so seems like the only thing to be fixed is using type names instead of indices, which are different from system to system

tomaskir · Thu Mar 27, 2014 2:58 pm

Here's the result from my RB951-2n (mipsbe):
Code: Select all
[admin@MikroTik] /queue type> ex
# jan/05/1970 00:18:03 by RouterOS 6.11
#
[admin@MikroTik] /queue type> set default-small pfifo-limit=20
[admin@MikroTik] /queue type> ex                              
# jan/05/1970 00:18:07 by RouterOS 6.11
#
/queue type
set 9 pfifo-limit=20
[admin@MikroTik] /queue type> 
so seems like the only thing to be fixed is using type names instead of indices, which are different from system to system

Here is how it looks for me on a 750GL:

[admin@C1] > /queue type print where name=default-small
Flags: * - default 
 0 * name="default-small" kind=pfifo pfifo-limit=10 
[admin@C1] > # Notice the default pfifo-limit=10
[admin@C1] > /queue type set [/queue type find name=default-small] pfifo-limit=50
[admin@C1] > # Now we change that to 50
[admin@C1] > /queue type export compact
# jan/03/1970 21:33:02 by RouterOS 6.11
# software id = 3VYV-V1LD
#
[admin@C1] > # Our changes are not in export compact
[admin@C1] > /queue type print where name=default-small
Flags: * - default 
 0 * name="default-small" kind=pfifo pfifo-limit=50 
[admin@C1] > # Notice the pfifo-limit=50

So we are experiencing different behaviour, interesting...

Chupaka · Thu Mar 27, 2014 3:15 pm

what does "export verbose" show?..

tomaskir · Thu Mar 27, 2014 3:20 pm

what does "export verbose" show?..

[admin@C1] /queue type> exp ver
# jan/02/1970 00:08:00 by RouterOS 6.11
# software id = 3VYV-V1LD
#
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=pcq name=pcq-upload-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000
set 6 kind=pcq name=pcq-download-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50 pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000
set 7 kind=none name=only-hardware-queue
set 8 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 9 kind=pfifo name=default-small pfifo-limit=50
[admin@C1] /queue type> exp com
# jan/02/1970 00:08:38 by RouterOS 6.11
# software id = 3VYV-V1LD
#
[admin@C1] /queue type>

So as you can see, default-small is at 50.

I tested on a 750GL and 1100AH, any chance you got one of those you can test on?

asmozre · Thu Mar 27, 2014 3:58 pm

As said before, you can set the default to a different value then "all", or you can disable it, but it can not be removed.

Regarding 6.11 and adding a mac-server interface, I dont have a CCR to test on, can someone test please?

Actually, on that particular 750GL w/ ros 6.10 I can remove the interface completely and not just change it. When adding a new interface back into the mac-server the first one added becomes to default. I can not remove it via winbox however I can remove it via cli.

On the CCR1036-12G-4S w/ ros 6.10 I also can not add an interface other than the all, nor can I modify the all entry to another interface.

metabaron · Fri Mar 28, 2014 5:09 am

Hello all, first post here, I just created my account and reported the bug:

Issue:
Super slow index page for the administration interface once you log on

Description:
Once you log on the administration interface, the loading time of the page is like almost 30 seconds

Versions affected:
Latest 6.11 version

How to reproduce:
Install 6.11

Notes:
Was perfect before I moved to the new 6.11. Update down through the web interface. Router reboot and stopped/started since then, several times.

Fri Mar 28, 2014 12:42 pm

Issue:
Super slow index page for the administration interface once you log on

Description:
Once you log on the administration interface, the loading time of the page is like almost 30 seconds

Was perfect before I moved to the new 6.11.

Chances are this is a browser cache issue. Have you tried cleaning your browser cache?

tomaskir · Fri Mar 28, 2014 1:00 pm

Issue:
Super slow index page for the administration interface once you log on

Description:
Once you log on the administration interface, the loading time of the page is like almost 30 seconds

Was perfect before I moved to the new 6.11.
Chances are this is a browser cache issue. Have you tried cleaning your browser cache?

I have many devices on 6.11, webfix is fine everywhere.

As said before, clean your cache and cookies and please let us know if its working.

reinerotto · Sun Mar 30, 2014 9:15 am

New issue regarding NAT during close of connection: Pls, refere to this thread.
http://forum.mikrotik.com/viewtopic.php ... 34#p418434

chadd · Tue Apr 01, 2014 8:32 am

Normis,

On the RB951Ui units I have you cant access the POE settings menu. How do you check and upgrade the POE firmware on these units?

RB951Ui from MUM - RouterOS 6.5, connected to internet and then...
/system package update upgrade
router rebooted, all is ok but PoE firmware = 0.0
Checked in the day of MUM on two routers, same effect...
what is the output of these two commands?

/interface ethernet poe settings print
/interface ethernet poe settings upgrade

elmer · Sun Apr 06, 2014 12:46 am

RB951Ui from MUM - RouterOS 6.5, connected to internet and then...
/system package update upgrade
router rebooted, all is ok but PoE firmware = 0.0
Checked in the day of MUM on two routers, same effect...
what is the output of these two commands?

/interface ethernet poe settings print
/interface ethernet poe settings upgrade

v6.11 on router in this time shows:
bad command name settings (line 1 column 25)
there is poe upgrade command in v.6xx?

Majklik · Sun Apr 06, 2014 6:59 pm

5) L2TP Server bug - replies from wrong IP address
- http://forum.mikrotik.com/viewtopic.php ... 19#p398319
new ppp package invalidates this

It looks that this bug is still there? I tested this now with 6.11 and 6.12rc1 (Apr/04/2014 13:30:46).
By the way, is there any progress with a similar problem where multihop BFD (with BGP) uses too bad source IP of the outgoing interface and not loopback address ( [Ticket#2013110666000642] )?

tomaskir · Sun Apr 06, 2014 9:37 pm

It looks that this bug is still there? I tested this now with 6.11 and 6.12rc1 (Apr/04/2014 13:30:46).
By the way, is there any progress with a similar problem where multihop BFD (with BGP) uses too bad source IP of the outgoing interface and not loopback address ( [Ticket#2013110666000642] )?

The bug is still there, its on the first post's list, which is up to date with 6.11

Any chance you want to do a bug report in here with that multihop BFD bad source IP?
Would be nice to be able to include it here with full replication instructions.

Thanks!

g0didit · Wed Apr 16, 2014 10:52 am

Hi... I got some problems. Im using miktrotik for few years now and never face something like this.
I got one x86 pppoe concentrator with EoIP tunnels to other routers. (24 EoIP tunnels).

Recently updated RoS from 4.16 -> 5.26 -> 6.11. After update i need to add few more EoIP tunnels, added and seems all OK for few seconds until first PPPoE user try to connect to any other PPPoE server, still no PPPoE server on new tunnell and EoIP tunnel was "overwriten" by that PPPoE connection. Newely created tunnell is no longer exist. I delete PPPoE connection sometime router hungs, I try to add again same EoIP and winbox say "interface exist" i cant find that tunnel in winbox or terminal. Need HELP. Thanx.

ddt · Mon Apr 21, 2014 9:18 pm

On my CRS running 6.12, if I enter this code:

/interface ethernet switch ingress-vlan-translation
add ports=ether2 customer-vid=0 new-customer-vid=8 sa-learning=yes

/interface ethernet switch egress-vlan-translation
add customer-vid=8 new-customer-vid=0 ports=ether2

The ether2 port will correctly work as it did in 6.11 and before, until I restart the router. Then it freezes at boot up at the "Starting services" readout.

I've tried removing the egress-vlan-translation as well, and just having the first 2 lines. It still freezes at startup.

As I said, this works correctly in 6.11 and before, and I isolated the freezing to just this area of my working config.

tomaskir · Thu Apr 24, 2014 2:50 pm

All issues re-tested on v6.12 release. The list is now current for v6.12
0 out of 6 bugs on the list at the release of v6.12 were fixed.

tomaskir · Thu Apr 24, 2014 2:58 pm

Issue:
"RouterOS Default Configuration" windows shows when it should not

Description:
The "Default Configuration" window appears even when the router does NOT have a default configuration.

Versions affected:
6.12, not tested rest

How to reproduce:
1) Reset a router to default config with:

/system reset-configuration

2) Do NOT login with winbox or SSH!
Login with API and issue:

/system/reset-configuration
=no-defaults=yes

3) After reset, login with MAC winbox.
The router has no config, but the "RouterOS Default Configuration" window will still show, and offers to run the "Remove config" script.

Notes:
It seems that when you reset to no-default config using the API, the flags telling the router it doesnt have default config anymore dont get set.
See attached a console screenshot showing that the router still thinks its got a default config, when in fact there is no config present.

Support TicketID:
[Ticket#2014042466000576]

acung · Thu May 01, 2014 5:35 am

Issue:
CRS125-24G-1S-RM: Configuration elements missing from the Web interface: Switch and LCD

Issue:
CRS125-24G-1S-RM: Switch setting bridge-type=customer-vlan-bridge is not retained after reboot.
I dont have a CRS to test with, could anyone please confirm these?

Yes I have two of my CRS125-24G-1S-RM have missing switch and LCD menu from the Web interface.

ROS Version: 6.12

Pebu · Fri May 02, 2014 2:26 pm

On my CRS running 6.12, if I enter this code:
Code: Select all
/interface ethernet switch ingress-vlan-translation
add ports=ether2 customer-vid=0 new-customer-vid=8 sa-learning=yes

/interface ethernet switch egress-vlan-translation
add customer-vid=8 new-customer-vid=0 ports=ether2
The ether2 port will correctly work as it did in 6.11 and before, until I restart the router. Then it freezes at boot up at the "Starting services" readout.
I've tried removing the egress-vlan-translation as well, and just having the first 2 lines. It still freezes at startup.
As I said, this works correctly in 6.11 and before, and I isolated the freezing to just this area of my working config.

+1, I can confirm this happens to my CRS @ 6.12 as well in exactly the same situation. Only solution is to reset the config using the reset switch, as the router never proceeds past 'Starting services'. I'm down to 6.11 now.
The CSR works fine using the mentioned config as long as you don't reboot it.

falestiny · Fri May 02, 2014 2:53 pm

also there is a bug with encrypted VPN connections since OS version 6.8 and not fixed until this moment.

tomaskir · Fri May 02, 2014 4:05 pm

also there is a bug with encrypted VPN connections since OS version 6.8 and not fixed until this moment.

Please be more specific. Ideally, follow the template in post2.

Rudios · Tue May 06, 2014 8:42 am

Issue:
Queue graphs always available for viewing

Description:
Regardless of the settings in /tool graphing queue, a queue graph is always available
Eg.
Internal devices use default subnet 192.168.88.0/24
In /tools graphing all three options (interfaces, resources and queue) are set to be allowed from 10.10.10.0/24.
Then neither resource and interface graphs are available, as I suspect because of the allowed subnet.
But the queue graph is available for viewing.

Versions affected:
RouterOS 6.5 and 6.12
Did not test versions in between

How to reproduce:
Create a /tool graphing queue for a non-used subnet/IP address and see http://ip-address/graphs
See example in description.

Support TicketID:
Ticket#2014050666000189

dohmniq · Tue May 06, 2014 1:04 pm

Issue:
Can't list or delete files with overly long filenames

Description:
I wrote a script that used /tool fetch mode="http" host="domain.name" address=1.2.3.4 port=8080 src-path="/API/report\?query" where the query-string in src-path contained non-alphanumeric characters (some URL-escaped) but well over 255 characters long (more like 2000). I forgot to add keep-result=no to the command (it defaults to yes) so it saved an output file.

A typical URL might look like:

http://domain.name/API/report?software_id=ABCD-1234&report=registered%20connections&content=%5b%20%20{%20%20%22.id%22:%20%22*17%22, [... and so on ...]

When I do /system resource print there's a massive loss of hdd disk space:

[admin@MikroTik] /> /sys resource pr
                   uptime: 8w6d15h19m2s
                  version: 6.10
               build-time: Feb/12/2014 13:46:18
              free-memory: 6.7MiB
             total-memory: 32.0MiB
                      cpu: MIPS 74Kc V4.12
                cpu-count: 1
            cpu-frequency: 600MHz
                 cpu-load: 5%
           free-hdd-space: 552.0KiB
          total-hdd-space: 128.0MiB
  write-sect-since-reboot: 1170438
         write-sect-total: 1187250
               bad-blocks: 0%
        architecture-name: mipsbe
               board-name: RB911G-5HPnD
                 platform: MikroTik

But when I do /file print (which takes AGES) there are only a few files that don't explain the disk usage:

[admin@MikroTik] /system scheduler> /file pr
 # NAME                                                                               TYPE                                                                                    SIZE CREATION-TIME
 0 post-6.10.rsc                                                                      script                                                                                  2695 mar/02/2014 18:34:14
 1 ABCD-1234.key                                                                      .key file                                                                                204 jan/01/2002 01:19:04
 2 um-before-migration.tar                                                            .tar file                                                                            17.5KiB jan/02/1970 00:00:35
 3 5MB.zip                                                                            .zip file                                                                             5.0MiB mar/06/2014 08:56:33
 4 pub                                                                                directory                                                                                    mar/02/2014 18:31:28
 5 post-mesh.rsc                                                                      script                                                                                  2267 mar/05/2014 14:06:04
 6 20MB.zip                                                                           .zip file                                                                            20.0MiB mar/18/2014 18:23:18
 7 pre-6.10.rsc                                                                       script                                                                                  2694 mar/02/2014 18:31:31
 8 skins                                                                              directory                                                                                    jan/01/1970 00:00:40
 9 script-functions.rsc                                                               script                                                                                  1574 apr/28/2014 09:58:53
no such item (4)

However, if I FTP to the RouterBOARD then the files appear. However, I can't delete any of them - I get "550 No such file or directory" errors.

Files do not appear on webfig either.

Versions affected:
at least 6.9 and 6.10

How to reproduce:

[admin@MikroTik2] /system resource> /tool fetch mode=http host="www.mikrotik.com" address=159.148.147.196 port=80 src-path="\?query&%*{:981293819381938192381983198312319283918239183987321498172498712349871234981274981273498213479218437921843721983472193847219348712349872134912873491283471293487219348712349872134981274391283472193487129348712349871234981273491283471293487123948712349871234981273491283472193487213948712391874192387421934871239487123987"
  status: finished

[admin@MikroTik2] /system resource> /file pr
 # NAME                                                                               TYPE                                                                                    SIZE CREATION-TIME
 0 Working-latest.rsc                                                                 script                                                                                6.7KiB jan/02/2014 13:31:21
 1 log.0.txt                                                                          .txt file                                                                            50.2KiB may/06/2014 10:52:26
 2 pre-6.10.rsc                                                                       script                                                                                7.7KiB jan/01/2002 03:04:16
 3 skins                                                                              directory                                                                                    jan/01/1970 01:00:17
 4 webproxy                                                                           directory                                                                                    sep/19/2013 13:56:24
 5 webproxy/error.html                                                                .html file                                                                          163.7KiB dec/29/2013 21:24:00
 6 pub                                                                                directory                                                                                    jan/01/2002 02:08:25
 7 log.1.txt                                                                          .txt file                                                                            68.3KiB apr/12/2014 10:53:24
 8 with-uSD                                                                           file                                                                                293.7KiB jan/01/2002 02:00:10
 9 micro-sd                                                                           disk                                                                                         apr/15/2014 09:21:54
10 WORKING.rsc                                                                        script                                                                                5.6KiB jan/01/2002 03:55:00
11 micro-sd/lost+found                                                                directory                                                                                    jan/02/1970 01:03:02
12 micro-sd/web-proxy1                                                                web-proxy store                                                                              mar/12/2014 15:23:42
13 micro-sd/web-proxy2                                                                web-proxy store                                                                              jan/01/2002 02:01:17
[admin@MikroTik2] /system resource>

[admin@server ~]$ ftp mikrotik2
Connected to mikrotik2.
220 MikroTik2 FTP server (MikroTik 6.10) ready
Name (mikrotik2:admin):
331 Password required for admin
Password:
230 User admin logged in
Remote system type is UNIX.
ftp> dir
229 Entering Extended Passive Mode (|||42036|)
150 Opening data connection
drwxrwx---   1 root     root         2048 Jan  1 01:00 ?query&%*{:9812938193819381923819831983123192839182391839873214981724987123498712349812749812734982134792184379218437219834721938472193487123498721349128734912834712934872193487123498721349812743912834721934871293487123498712349812734912834712934871239487
drwxrwx---   5 root     root         4096 Jan  1 02:00 micro-sd
-rw-rw----   1 root     root        51541 May  6 10:56 log.0.txt
-rw-rw----   1 root     root        69899 Apr 12 10:53 log.1.txt
drwxrwx---   1 root     root         2048 Jan  1 02:08 pub
drwxrwx---   1 root     root         2048 Sep 19 13:56 webproxy
-rw-rw----   1 root     root       300776 Jan  1 02:00 with-uSD
drwxrwx---   1 root     root         2048 Jan  1 01:00 skins
-rw-rw----   1 root     root         6853 Jan  2 13:31 Working-latest.rsc
-rw-rw----   1 root     root         5688 Jan  1 03:55 WORKING.rsc
-rw-rw----   1 root     root         7838 Jan  1 03:04 pre-6.10.rsc
226 Transfer complete
ftp> mdelete *query*
mdelete ?query&%*{:9812938193819381923819831983123192839182391839873214981724987123498712349812749812734982134792184379218437219834721938472193487123498721349128734912834712934872193487123498721349812743912834721934871293487123498712349812734912834712934871239487 [anpqy?]? y
550 ?query&%*{:9812938193819381923819831983123192839182391839873214981724987123498712349812749812734982134792184379218437219834721938472193487123498721349128734912834712934872193487123498721349812743912834721934871293487123498712349812734912834712934871239487: No such file or directory
ftp> cd "?query&%*{:9812938193819381923819831983123192839182391839873214981724987123498712349812749812734982134792184379218437219834721938472193487123498721349128734912834712934872193487123498721349812743912834721934871293487123498712349812734912834712934871239487"
550 ?query&%*{:9812938193819381923819831983123192839182391839873214981724987123498712349812749812734982134792184379218437219834721938472193487123498721349128734912834712934872193487123498721349812743912834721934871293487123498712349812734912834712934871239487: No such file or directory
ftp>

Notes:
If you have scheduled scripts that use /tool fetch then maybe check to see if you need to add keep-result=no !!!

Support TicketID:
Ticket#2014050666000367

tomaskir · Tue May 06, 2014 1:49 pm

Issue:
Queue graphs always available for viewing

Thanks for the report, added!

Issue:
Can't list or delete files with overly long filenames

Very nice report, thank you!

Added to the list as well.

dohmniq · Tue May 06, 2014 10:45 pm

Just to follow up from my bug post about invisible/immortal files with super-long filenames...

If your RouterBOARD hasn't already run out of hdd space then you can apply this workaround:

NOTE: all files on your routerboard will be wiped but you will keep your configuration!
download netinstall and the corresponding routerOS npk
using webfig / CLI / etc. set routerboard settings to boot "try-ethernet-once-then-nand"
fire up netinstall on your windows PC (sadly doesn't seem to work under Wine on unix)
configure netinstall for netbooting - tick "Boot server enabled" box, etc.
browse (in netinstall) to your routerOS package
reboot routerboard
routerboard should appear in netinstall devices/routers list
click on routerboard in list, make sure "keep old configuration" is ticked and "apply default config" is unticked
click install
click reboot

This will repartition and reformat your routerboard, getting rid of any files you can't see or delete and reclaiming your hdd space.
As far as I can tell, the routerboard boot settings go back to "nand-if-fail-then-ethernet"
You will keep your licence and config.

IF you let your hdd space get to zero then you will very likely need physical access to your routerboard's reset button!

sasha · Wed May 07, 2014 1:23 pm

Issue:
SMB shares disappear at random times

Description:
External HD is attached and folder on it SMB shared but router intermittently dis/re-connects HD. As a result HD device is enumerated as /usb1 or /usb2 without a rule or switched between /usb1 and /usb2 at random times or completely lost from Stores -> Disks. SMB shares get lost and shares users are pissed off. Unstable SMB render this feature useless and it was one of the reasons we opted for RB2011UiAS-2HnD-IN.

Log looks like

In WebFig disk disappears and sometimes it can not be enumerated again without reconnecting usb cable. This external HD previously worked and had folders shared on much cheaper router without a glitch. It would be good if RouterOS could use FAT32 for fs of attached HD too.

tomaskir · Fri May 09, 2014 12:10 pm

Issue:
SMB shares disappear at random times

This sounds like the same problem described here: http://forum.mikrotik.com/viewtopic.php?f=13&t=84744

Its not actually a SMB share problem, but an underlying problem with USB storage dismounting/re-mounting causing SMB problems.

Please contact official MikroTik support at support@mikrotik.com with a supout file.

QCTIK · Mon May 12, 2014 3:29 pm

SEVERE BUG I followed the wiki example as of 14 april 2014

like the example ive created a group of switched port, put some port with ingress translation for customer vid , after that created a port with a tag for the already created vlan.

everything went fine until...

i tried to put a tagged port outside the initial group to use the switch native vlan for that port.

packet stopped stop to flow. Restarted the switch it did'nt boot up

stopped to 'starting services'

replicated the incident three time on that switch then tried another one to make sure

same again....

could you check that please.

Tue May 13, 2014 9:33 am

3) L2TP Server bug - replies from wrong IP address
- viewtopic.php?f=2&t=78816&p=398319#p398319

fixed in v6.13

6) Queue type default-small not exported with export compact
- viewtopic.php?f=2&t=78816&p=417649#p417649

compact only exports changed values. default-small is the default value, so it will not be exported. not a bug

tomaskir · Tue May 13, 2014 11:15 am

6) Queue type default-small not exported with export compact
- viewtopic.php?f=2&t=78816&p=417649#p417649
compact only exports changed values. default-small is the default value, so it will not be exported. not a bug

The default value is changed, and the change to the default value is not exported.

Other changes to default values are exported, for example:

[tomas@router] /queue type> exp
# may/13/2014 10:09:06 by RouterOS 6.12
# software id = FR5N-MA9W
#
[tomas@router] /queue type> set [find name=default-small] pfifo-limit=50
[tomas@router] /queue type> exp
# may/13/2014 10:09:13 by RouterOS 6.12
# software id = FR5N-MA9W
#
[tomas@router] /queue type> set [find name=pcq-download-default] pcq-rate=1024
[tomas@router] /queue type> exp
# may/13/2014 10:09:59 by RouterOS 6.12
# software id = FR5N-MA9W
#
/queue type
set 6 pcq-rate=1024
[tomas@router] /queue type>

This is inconsistent.

Tue May 13, 2014 12:24 pm

Now I get it. We checked in v6.13 and it worked for us, but it looks like v6.12 has this issue. Seems it's fixed.

lorsungcu · Wed May 14, 2014 5:14 pm

Issue:
IPSEC will not connect from 6.12 to 5.26 ROS

Description:
Using 6.12 on a router and 5.26 on another, unable to initiate a tunnel. Tested on two different devices. Works fine if downgraded to 5.26, or 6.9.

Versions affected:
6.12

How to reproduce:
Build functioning IPSec/L2TP tunnels in 5.26 between routers. Upgrade one to 6.12.

Notes:
L2TP will connect fine on it's own, issue seems to be with IPSec. No response from Mikrotik after they asked for access to routers. I sent them VPN info as well as 3+ follow up emails. I can only assume this is a bug until I hear back from them.

Support TicketID:
2014020566000758

polppol · Thu May 15, 2014 12:47 pm

Issue:
Winbox doesn't unlock upload files after upload whole folder via Winbox > Files menu

Description:
When upload whole folder (with multiple files in that folder) to Mikrotik via Winbox
Winbox doesn't release uploaded files in that folder even if those files are upload 100% complete.

2014-04-03_15-40-12.png

Versions affected:
6.12

How to reproduce:
1. Create "TEST_FOLDER" on your Desktop
2. Create(or copy anything) to "TEST_FOLDER" that you just created
3. Start Winbox > Login > and goto Files menu
4. drag "TEST_FOLDER" from your desktop to "Files" windows
5. wait until all file are uploaded
6. now try to move/delete/edit any file in "TEST_FOLDER" on your Desktop
you should get message that WinBox.exe still use those file

Notes:
workaround: close WinBox.exe and re-open it / upload via ftp

Support TicketID:
2014040366000338

dzoleg · Sat May 17, 2014 2:47 pm

ROS 6.13
In webfig can create backup, but can't restore new encrypted config.

luqasz · Sun May 25, 2014 11:04 pm

Issue:
Wrongly calculated and selected routes.
Description:
http://forum.mikrotik.com/viewtopic.php?f=2&t=84461
Version affected:
Tested on 6.12. I would not be suprised if all 6.x are affected.
How to reproduce:
http://forum.mikrotik.com/viewtopic.php?f=2&t=84461
Support TicketID:
2014042866000685

tomaskir · Tue Jun 03, 2014 2:03 pm

I have been swamped with work and other issues last weeks, I will update the list for 6.13 and include all reports in the next few days.

MadriSX · Wed Jun 11, 2014 5:48 pm

Hi there,

I´ve detected a simple issue when I upgraded to 6.14 and I think many people will suffer this.

I have some mangle rules for balancing traffice per type and I use "balanceo" (8 characters) as routing mark but surprisily the new RouterOS version is limited to 7 characters so my static balancing route was inactive after upgrading.

It´s simple to solve I think

Cliff · Mon Jun 16, 2014 3:04 am

smb does not work since 6.14. Error 1208 after entering username and password.
Downgrade to 6.13 helps.

basisbit · Tue Jun 17, 2014 3:56 pm

also there is a bug with encrypted VPN connections since OS version 6.8 and not fixed until this moment.

I can confirm that. It causes connection drops. For example you are able to connect with WinBox over VPN, but after a few seconds it disconnects. Also opening Webfig or loading the graphing-images fairs after loading some data.
I tried various things, recreated the nat-masquerade, changed MCS packet sizes and so on, deactivated all firewall rules, tried secured winbox (this works for a few seconds but then the connection drops again).
Only affects connections to the router (web, winbox, ftp,...), the vpn connection stays stable and everything else works fine (ping, youtube over the vpn, tcp and udp connections over the vpn to the local network or internet are unaffected.
SMB doesn't work at all even from local since that problem started.
Thankfully, DNS seems to be unaffected because of short connection time. IPv6 is not activated and connection tracking settings of the ipv4 firewall are all set to auto/standard values.
Newest RouterOS version installed and newest bootloader. Hardware is a 2 years old Mikrotik RB751g-2hnd.
Any Idea what could be wrong?

PS: all my other mikrotik devices are unaffected.

zlativ · Tue Jul 01, 2014 11:34 pm

3) L2TP Server bug - replies from wrong IP address
- viewtopic.php?f=2&t=78816&p=398319#p398319
fixed in v6.13

It's really work fine now for mipsbe architecture (checked on RB951G-2HnD, ROS v6.13 and v6.15), but at the same time bug still appear for tile architecture (checked on CCR1036-8G-2S+, ROS v6.13 and v6.15).

michl · Wed Jul 09, 2014 3:57 pm

mkt_bp.jpg

I could not restore configuration with no-password backup file. Tried several files, not only 1.
If I put password when backup the file, I can restore the config.

v6.15
RB951Ui-2HnD

tomaskir · Fri Jul 18, 2014 1:48 pm

All issues re-tested on v6.16 release. The list is now current for v6.16
2 out of 9 bugs on the list at the release of v6.16 were fixed.

The following issues from the list have been fixed from 6.12 to 6.16:
3) L2TP Server bug - replies from wrong IP address
- http://forum.mikrotik.com/viewtopic.php ... 19#p398319
Queue graphs always available for viewing
- http://forum.mikrotik.com/viewtopic.php ... 73#p424539

tomaskir · Fri Jul 18, 2014 3:01 pm

Now I get it. We checked in v6.13 and it worked for us, but it looks like v6.12 has this issue. Seems it's fixed.

Normis: Just an update, this is still NOT fixed for me in 6.16/6.17 on a RB 750GL.

This was regarding to this post: http://forum.mikrotik.com/viewtopic.php ... 53#p425766
To replicate, just follow the steps in http://forum.mikrotik.com/viewtopic.php ... 49#p417649

tomaskir · Fri Jul 18, 2014 3:04 pm

Issue:
Winbox doesn't unlock upload files after upload whole folder via Winbox > Files menu

This is more a Winbox issue, but confirmed, and added to the list.

tomaskir · Fri Jul 18, 2014 3:11 pm

I could not restore configuration with no-password backup file. Tried several files, not only 1.
If I put password when backup the file, I can restore the config.

v6.15
RB951Ui-2HnD

I could not replicate this in 6.17.
Since this seems to be working in 6.17, can you please verify and let us know if you still have this issue.

denisun · Fri Jul 18, 2014 8:34 pm

I have this bug:
http://forum.mikrotik.com/viewtopic.php?f=2&t=87082

Description:
I have IPv6 enable over PPPoE.
When ether1 stop then PPPoE drop and can't connect for some minutes.
It take many, many, many conection/disconnection every second for about 4-5 minutes and sometimes 10minutes.
I must wait this time or stop and start PPPoE.
The problem appears if yet i have only enable IPv6 support in my PPPoE without any other IPv6 configuration like DHCPv6 client etc.
Every time my ISP make changes in Brass, the PPPoE client connection drop and ether1 drop normally, and i have this problem.

I tested in 6.15, 6.16 and 6.17 with same result.
I tested in many RB.

denisun · Fri Jul 18, 2014 8:37 pm

I have this bug:
http://forum.mikrotik.com/viewtopic.php?f=2&t=87082

Description:
I have IPv6 enable over PPPoE.
When ether1 stop then PPPoE drop and can't connect for some minutes.
It take many, many, many conection/disconnection every second for about 4-5 minutes and sometimes 10minutes.
I must wait this time or stop and start PPPoE.
The problem appears if yet i have only enable IPv6 support in my PPPoE without any other IPv6 configuration like DHCPv6 client etc.
Every time my ISP make changes in Brass, the PPPoE client connection drop and ether1 drop normally, and i have this problem.

I tested in 6.15, 6.16 and 6.17 with same result.
I tested in many RB.

dannnic · Sat Jul 19, 2014 11:26 am

Issue :

Successful "/tool fetch" execute will add a log to Log Memory. This is NOT Working from v6.15 onwards... not fixed in v6.16 as well.

Description:
This was working since the feature introduced in v5.x and up to v6.14, but it was NOT working since v6.15 onwards ....

Versions affected:
v6.15, v6.16

How to reproduce:
tool fetch dst-path=<ftp-server-file-path> address=<ftp-server-ip> mode=ftp upload=yes src-path=<file-name-in-router-files-list> user=<username> password=<password>

Support TicketID:
Ticket#2014071966000151

michl · Wed Jul 23, 2014 2:05 pm

I could not replicate this in 6.17.
Since this seems to be working in 6.17, can you please verify and let us know if you still have this issue.

Sorry, I could not let the router reboot for this moment (if successful), I will update later.

------------

Another bug:

IPSec dynamic policy stucks after disconnect, cause unable to reconnect again. Tested on Rb951 and Rb751. Previously didnt happen on v6.12/v6.15 (couldnt remember).
http://forum.mikrotik.com/viewtopic.php?f=2&t=87306

ipsec_dynamic_policy.jpg

pedropilla · Wed Jul 23, 2014 3:14 pm

Hi guys, i'm having trouble collecting data from simple queues on 6.17, i'm using cacti as nms.

Apparently the OID's of simple queues have changed, i'm trying to reproduce manually the situation making a snmpwalk on a device from OID ".1.3.6.1.4.1.14988.1.1.2" and the first OID taht came is ".1.3.6.1.4.1.14988.1.1.3.9.0". Is anyone having issues with collecting data trough snmp on 6.17?

Thanks and sorry for the bad english.

pedropilla · Wed Jul 23, 2014 3:21 pm

A simple reboot worked for me... ¬¬

Hi guys, i'm having trouble collecting data from simple queues on 6.17, i'm using cacti as nms.

Apparently the OID's of simple queues have changed, i'm trying to reproduce manually the situation making a snmpwalk on a device from OID ".1.3.6.1.4.1.14988.1.1.2" and the first OID taht came is ".1.3.6.1.4.1.14988.1.1.3.9.0". Is anyone having issues with collecting data trough snmp on 6.17?

Thanks and sorry for the bad english.

Rudios · Thu Jul 24, 2014 12:40 pm

Issue:
Queue graphs always available for viewing

Description:
Regardless of the settings in /tool graphing queue, a queue graph is always available
Eg.
Internal devices use default subnet 192.168.88.0/24
In /tools graphing all three options (interfaces, resources and queue) are set to be allowed from 10.10.10.0/24.
Then neither resource and interface graphs are available, as I suspect because of the allowed subnet.
But the queue graph is available for viewing.

Versions affected:
RouterOS 6.5 and 6.12
Did not test versions in between

How to reproduce:
Create a /tool graphing queue for a non-used subnet/IP address and see http://ip-address/graphs
See example in description.

Support TicketID:
Ticket#2014050666000189

How about this bug.
Have not read anything about it, also not heard anything from Mikrotik itself.
I have just tested it and the but is still present on version 6.17!!!

tomaskir · Thu Jul 24, 2014 12:55 pm

How about this bug.
Have not read anything about it, also not heard anything from Mikrotik itself.
I have just tested it and the but is still present on version 6.17!!!

I tested it on 6.17 and could not replicate... so I removed it from the list.

Can you give exact step-by-step to replicate pls?

Rudios · Thu Jul 24, 2014 2:08 pm

How about this bug.
Have not read anything about it, also not heard anything from Mikrotik itself.
I have just tested it and the but is still present on version 6.17!!!
I tested it on 6.17 and could not replicate... so I removed it from the list.

Can you give exact step-by-step to replicate pls?

It is quite easy.
Create a simple queue

ros code

/queue simple
add name=queue1 target=""

and allow any unused IP address to view the graphs of the queue

ros code

/tool graphing queue
add allow-address=1.1.1.1/32

If you now browse to the IP address of the router and look at the graphs, the queue graph is still available for viewing!

Chupaka · Thu Jul 24, 2014 3:41 pm

by default, 'allow-target' is enabled, so if your rule catches anything ('target=""'), then anyone should be able to see that queue on graphs page, I think

so recheck with

ros code

/tool graphing queue add allow-address=1.1.1.1/32 allow-target=no

Rudios · Thu Jul 24, 2014 4:41 pm

by default, 'allow-target' is enabled, so if your rule catches anything ('target=""'), then anyone should be able to see that queue on graphs page, I think

so recheck with
ros code
/tool graphing queue add allow-address=1.1.1.1/32 allow-target=no

Sounds like that can make a difference, but in the end it doesn't
I did as you said, and put the allow-target to no. The queue is still available on the graphs page.
Additionally I changed the target itself to be my loopback-bridge (I let the allow-target to no).
Still it is available on graphing with the allow-address still to be defined as 1.1.1.1/32

[edit]
I also played around with assigning it to the created queue itself rather than to all queues, but still no differences.

Chupaka · Thu Jul 24, 2014 5:06 pm

I checked that, and there are actually two bugs:

1. in Terminal, you can create simple queue with target="" - after that WinBox shows "Target" in red; if you create such entry in WinBox, it says "Error in Target - at least one entry expected!"

2. if 'target' contains at least one entry that is not an IP address (like interface or empty target created via bug #1), Graphing always shows that queue via web, in spite of 'allow-*' settings

tomaskir · Thu Jul 24, 2014 5:28 pm

I checked that, and there are actually two bugs:

1. in Terminal, you can create simple queue with target="" - after that WinBox shows "Target" in red; if you create such entry in WinBox, it says "Error in Target - at least one entry expected!"

2. if 'target' contains at least one entry that is not an IP address (like interface or empty target created via bug #1), Graphing always shows that queue via web, in spite of 'allow-*' settings

Very nice job pinning it down!

Want to put it into a proper bug-report format and submit to MikroTik and this thread, or should I?

denisun · Thu Jul 24, 2014 10:51 pm

I have this bug:
http://forum.mikrotik.com/viewtopic.php?f=2&t=87082

Description:
I have IPv6 enable over PPPoE.
When ether1 stop then PPPoE drop and can't connect for some minutes.
It take many, many, many conection/disconnection every second for about 4-5 minutes and sometimes 10minutes.
I must wait this time or stop and start PPPoE.
The problem appears if yet i have only enable IPv6 support in my PPPoE without any other IPv6 configuration like DHCPv6 client etc.
Every time my ISP make changes in Brass, the PPPoE client connection drop and ether1 drop normally, and i have this problem.

I tested in 6.15, 6.16 and 6.17 with same result.
I tested in many RB.

And here it is my logs:
http://forum.mikrotik.com/viewtopic.php ... 09#p438609

Rudios · Fri Jul 25, 2014 12:07 am

I checked that, and there are actually two bugs:

1. in Terminal, you can create simple queue with target="" - after that WinBox shows "Target" in red; if you create such entry in WinBox, it says "Error in Target - at least one entry expected!"

2. if 'target' contains at least one entry that is not an IP address (like interface or empty target created via bug #1), Graphing always shows that queue via web, in spite of 'allow-*' settings
Very nice job pinning it down!

Want to put it into a proper bug-report format and submit to MikroTik and this thread, or should I?

I did send a bug report to support couple of months ago, number is mentioned in the post I wrote earlier.
But I think it wouldn't harm if some one else reported it too.

Chupaka · Fri Jul 25, 2014 1:12 am

or should I?

yep, it would be nice =) I'm a bit overloaded with current work...

dsobin · Sat Jul 26, 2014 7:46 am

Issue:
DHCP over BCP via PPTP fails.

Description:
DHCP over BCP via PPTP fails.
This was reported as a bug previously in this thread, then reported as fixed. I am reporting that it is still broken.
Bridges on each of two routers are connected together via a PPTP tunnel. DHCP server on one bridge, DHCP client on the other bridge. The DHCP client will never get an IP address.

Per the Wiki entry, one should configure IP addresses for the PPTP tunnel endpoints, usually entered in
PPP->Secrets. However, if you do this, DHCP will fail.

If I delete the IP addresses for the PPTP tunnel endpoints, DHCP will work.

If BCP between bridges is all that is required, not including PPTP tunnel endpoint addresses is a work-around.
If you need to also route packets over the PPTP tunnel, then this work-around cannot be used.

It used to work both ways in 5.26. If the new configuration, post 6.x, requires one to delete the IP addresses on the tunnel endpoints, this should be carefully documented and the Wiki updated to reflect this fact.

I think it's just a bug, but maybe Mikrotik wants to call it an undocumented new feature.

If the Mikrotik response is that it's working correctly now (i.e. tunnel endpoint IP addresses MUST be omitted for BCP), then I will update the Wiki page. The Wiki page currently says local/remote addresses must be included, although the example given does not include them.

Versions affected:
This fails consistently in 6.17. It works consistently in 5.24. I don't know where in the 6.x chain it failed.

How to reproduce:
Following is my very simple two router setup. Details are at the end.

Each router is connected via ether1 to my workbench LAN, as 192.168.1.133 and .134.
I'll call them 'left' and 'right'.

Both have a bridge called bridge-tunnel, with no ports. Admin MAC set to 02:AA:AA:AA:AA:AA on the right and 02:BB:BB:BB:BB:BB on the left.

Both bridges are connected via BCP using PPTP.
Left bridge is statically assigned 192.168.40.5/24.
Right bridge is statically assigned 192.168.40.1/24
DHCP server is created on right bridge with pool 192.168.40.100-192.168.40.200.
DHCP client is created on left bridge.

Testing
------
1) Ping from left router to 192.168.40.1
2)Ping from right router to 192.168.40.5
3)Look for left bridge DHCP client to get IP address from right bridge DHCP server.

Results
====
ROS 6.17 Tests 1&2 pass, Test 3 fails
ROS 5.26 Tests 1,2 & 3 always pass.

The configuration was not changed in any way between ROS versions. I tested 6.17, downgraded to 5.24, tested, upgraded to 6.17 again and re-tested.

Notes:
Here are the detailed configurations for the left and right routers.

Left Router:

# jul/25/2014 15:32:08 by RouterOS 6.17
# software id = 4RFY-E9RX
#
/interface bridge
add admin-mac=02:BB:BB:BB:BB:BB auto-mac=no name=bridge-tunnel
/ppp profile
add bridge=bridge-tunnel name=profile-tunnel
/interface pptp-client
add add-default-route=no allow=pap,chap,mschap1,mschap2 connect-to=\
    192.168.1.133 dial-on-demand=no disabled=no keepalive-timeout=60 max-mru=\
    1450 max-mtu=1450 mrru=1600 name=pptp-tunnel password=tunneltest profile=\
    profile-tunnel user=tt
/ip address
add address=192.168.40.5/24 interface=bridge-tunnel network=192.168.40.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
    interface=ether1
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
    interface=bridge-tunnel use-peer-dns=no use-peer-ntp=no

Right Router:

# jan/02/1970 00:21:04 by RouterOS 6.17
# software id = 8J2K-5ZUR
#
/interface bridge
add admin-mac=02:AA:AA:AA:AA:AA auto-mac=no name=bridge-tunnel priority=0x4000
/ip pool
add name=pool1 ranges=192.168.40.100-192.168.40.200
/ip dhcp-server
add address-pool=pool1 authoritative=yes disabled=no interface=bridge-tunnel \
    name=server1
/ppp profile
add bridge=bridge-tunnel name=profile-tunnel
/interface pptp-server server
set default-profile=profile-tunnel enabled=yes mrru=1600
/ip address
add address=192.168.40.1/24 interface=bridge-tunnel network=192.168.40.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.40.0/24 gateway=192.168.40.1
/ppp secret
add local-address=192.168.80.1 name=tt password=tunneltest profile=\
    profile-tunnel remote-address=192.168.80.2

Support TicketID:
[Ticket#2014072666000101] RE: DHCP fails over PPTP [...]

juanvi · Sat Jul 26, 2014 12:46 pm

User manager minor BUG. I'm running 6.17 user-manager in a RB1100

When i add a sub-admin customer (A customer) and I make his own profiles Works well. I can use its own ("shown as ownner: customer A").

When i make a second (B customer) sub-admin customer all own created profiles are shown as "owner; A customer". BUG!

It seems Works good in each sign-up page but in the user manager is displayed wrong.

The "LIMITATIONS owner field" for the proifiles are displayed well for both cusmomers.

Can you solve it? it wowld be qa headache for ous customers seeing that.

Thanks for a grat product mikrotik.

denisun · Tue Jul 29, 2014 6:39 pm

Issue:
Many connection/disconnection of pppoe client when ipv6 is enable and the ether1 (the ether where modem is connecting)

Description:
I have a MikrotikRB951G2HnD. I have a pppoe client and work correctly with ipv4. The ipv6 work correctly but when the ether1 drop (at ether1 i have connect the modem) i have many connection and disconnection for a long time. I noticed the problem when my ISP make changes to DSLAM and ether1 drop. When ipv6 pppoe client is connected i do this test: I change my ether1 speed (in ether1 is connected the modem) (manually drop ether1). Here i have the logs:
http://forum.mikrotik.com/viewtopic.php ... 82#p438609

Versions affected:
ROS 6.15, 6.16, 6.17

How to reproduce:
ISP <=> Modem <=> MT <=> PCs
MT made pppoe client connection with ipv6 enable.
When the connection established, change the speed of ether1.
The ether1 drop and up and the pppoe client connection disconnect and connect again.
But this situation repeated for many times.

Notes:
I made the test with ipv6 setup for my ISP but also with only ipv6 packet enabled and nothing else from my ISP setup enable (eg DHCPv6 client enabled, nd enabled etc).
I have made this test with only ipv4 enabled and i have no problem. The pppoe client disconnect and connect only one time.

Support TicketID:
[Ticket#2014072966000641] RE: PPPoE client problem [...]

pedropilla · Wed Jul 30, 2014 4:08 pm

I'm having same problem about collecting data from simple queues in RB750, and the reboot not worked, apparently the MIB doesnt have the queue OID's:

pedro@pedro-Aspire-E1-572:~/agenda_reboot$ snmpwalk -v2c -cxxxx x.x.x.x
iso.3.6.1.2.1.1.1.0 = STRING: "RouterOS RB750"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.14988.1
iso.3.6.1.2.1.1.3.0 = Timeticks: (16616100) 1 day, 22:09:21.00
iso.3.6.1.2.1.1.4.0 = STRING: "NOC"
iso.3.6.1.2.1.1.5.0 = STRING: "Frank Peluffo"
iso.3.6.1.2.1.1.6.0 = STRING: "RIOGRANDE"
iso.3.6.1.2.1.1.7.0 = INTEGER: 78
iso.3.6.1.2.1.2.1.0 = INTEGER: 0
iso.3.6.1.2.1.4.1.0 = INTEGER: 1
iso.3.6.1.2.1.4.2.0 = INTEGER: 255
iso.3.6.1.2.1.4.24.3.0 = Gauge32: 4
iso.3.6.1.2.1.17.2.1.0 = INTEGER: 3
iso.3.6.1.2.1.25.1.1.0 = Timeticks: (16616100) 1 day, 22:09:21.00
iso.3.6.1.2.1.25.1.2.0 = Hex-STRING: 07 DE 07 1E 0A 00 30 00 2D 03 00
iso.3.6.1.2.1.25.2.2.0 = INTEGER: 32768
iso.3.6.1.2.1.25.2.3.1.1.65536 = INTEGER: 65536
iso.3.6.1.2.1.25.2.3.1.1.131073 = INTEGER: 131073
iso.3.6.1.2.1.25.2.3.1.2.65536 = OID: iso.3.6.1.2.1.25.2.1.1
iso.3.6.1.2.1.25.2.3.1.2.131073 = OID: iso.3.6.1.2.1.25.2.1.4
iso.3.6.1.2.1.25.2.3.1.3.65536 = STRING: "main memory"
iso.3.6.1.2.1.25.2.3.1.3.131073 = STRING: "disk: system"
iso.3.6.1.2.1.25.2.3.1.4.65536 = INTEGER: 1024
iso.3.6.1.2.1.25.2.3.1.4.131073 = INTEGER: 1024
iso.3.6.1.2.1.25.2.3.1.5.65536 = INTEGER: 32768
iso.3.6.1.2.1.25.2.3.1.5.131073 = INTEGER: 61440
iso.3.6.1.2.1.25.2.3.1.6.65536 = INTEGER: 22176
iso.3.6.1.2.1.25.2.3.1.6.131073 = INTEGER: 10764
iso.3.6.1.2.1.25.2.3.1.7.65536 = Counter32: 0
iso.3.6.1.2.1.25.2.3.1.7.131073 = Counter32: 0
iso.3.6.1.2.1.25.3.2.1.1.1 = INTEGER: 1
iso.3.6.1.2.1.25.3.2.1.2.1 = OID: iso.3.6.1.2.1.25.3.1.3
iso.3.6.1.2.1.25.3.3.1.1.1 = OID: ccitt.0
iso.3.6.1.2.1.25.3.3.1.2.1 = INTEGER: 100
iso.3.6.1.2.1.47.1.1.1.1.1.65536 = INTEGER: 65536
iso.3.6.1.2.1.47.1.1.1.1.1.262145 = INTEGER: 262145
iso.3.6.1.2.1.47.1.1.1.1.2.65536 = STRING: "RouterOS 6.17 on RB750"
iso.3.6.1.2.1.47.1.1.1.1.2.262145 = STRING: "Linux 3.3.5 ehci_hcd RB400 EHCI"
iso.3.6.1.2.1.47.1.1.1.1.3.65536 = OID: ccitt.0
iso.3.6.1.2.1.47.1.1.1.1.3.262145 = OID: ccitt.0
iso.3.6.1.2.1.47.1.1.1.1.4.65536 = INTEGER: 0
iso.3.6.1.2.1.47.1.1.1.1.4.262145 = INTEGER: 65536
iso.3.6.1.2.1.47.1.1.1.1.5.65536 = INTEGER: 3
iso.3.6.1.2.1.47.1.1.1.1.5.262145 = INTEGER: 2
iso.3.6.1.2.1.47.1.1.1.1.6.65536 = INTEGER: -1
iso.3.6.1.2.1.47.1.1.1.1.6.262145 = INTEGER: -1
iso.3.6.1.2.1.47.1.1.1.1.7.65536 = STRING: "MIPS 24Kc V7.4"
iso.3.6.1.2.1.47.1.1.1.1.7.262145 = STRING: "1:1"
iso.3.6.1.2.1.47.1.1.1.1.8.65536 = ""
iso.3.6.1.2.1.47.1.1.1.1.8.262145 = ""
iso.3.6.1.2.1.47.1.1.1.1.9.65536 = ""
iso.3.6.1.2.1.47.1.1.1.1.9.262145 = ""
iso.3.6.1.2.1.47.1.1.1.1.10.65536 = ""
iso.3.6.1.2.1.47.1.1.1.1.10.262145 = ""
iso.3.6.1.2.1.47.1.1.1.1.11.65536 = ""
iso.3.6.1.2.1.47.1.1.1.1.11.262145 = STRING: "rb400_usb"
iso.3.6.1.2.1.47.1.1.1.1.12.65536 = ""
iso.3.6.1.2.1.47.1.1.1.1.12.262145 = STRING: "0x1d6b"
iso.3.6.1.2.1.47.1.1.1.1.13.65536 = ""
iso.3.6.1.2.1.47.1.1.1.1.13.262145 = STRING: "0x0002"
iso.3.6.1.2.1.47.1.1.1.1.14.65536 = ""
iso.3.6.1.2.1.47.1.1.1.1.14.262145 = ""
iso.3.6.1.2.1.47.1.1.1.1.15.65536 = ""
iso.3.6.1.2.1.47.1.1.1.1.15.262145 = ""
iso.3.6.1.2.1.47.1.1.1.1.16.65536 = INTEGER: 2
iso.3.6.1.2.1.47.1.1.1.1.16.262145 = INTEGER: 2
iso.3.6.1.2.1.9999.1.1.1.1.0 = STRING: "MikroTik DHCP server"
iso.3.6.1.2.1.9999.1.1.1.2.0 = OID: iso.3.6.1.4.1.14988.1
iso.3.6.1.2.1.9999.1.1.6.4.1.4.192.168.1.100 = INTEGER: 2
iso.3.6.1.2.1.9999.1.1.6.4.1.4.192.168.1.101 = INTEGER: 2
iso.3.6.1.2.1.9999.1.1.6.4.1.4.192.168.1.102 = INTEGER: 2
iso.3.6.1.2.1.9999.1.1.6.4.1.4.192.168.1.103 = INTEGER: 2
iso.3.6.1.2.1.9999.1.1.6.4.1.4.192.168.1.105 = INTEGER: 2
iso.3.6.1.2.1.9999.1.1.6.4.1.4.192.168.1.106 = INTEGER: 2
iso.3.6.1.2.1.9999.1.1.6.4.1.4.192.168.1.108 = INTEGER: 2
iso.3.6.1.2.1.9999.1.1.6.4.1.5.192.168.1.100 = Gauge32: 186706
iso.3.6.1.2.1.9999.1.1.6.4.1.5.192.168.1.101 = Gauge32: 231869
iso.3.6.1.2.1.9999.1.1.6.4.1.5.192.168.1.102 = Gauge32: 258959
iso.3.6.1.2.1.9999.1.1.6.4.1.5.192.168.1.103 = Gauge32: 256089
iso.3.6.1.2.1.9999.1.1.6.4.1.5.192.168.1.105 = Gauge32: 254832
iso.3.6.1.2.1.9999.1.1.6.4.1.5.192.168.1.106 = Gauge32: 204265
iso.3.6.1.2.1.9999.1.1.6.4.1.5.192.168.1.108 = Gauge32: 254738
iso.3.6.1.2.1.9999.1.1.6.4.1.7.192.168.1.100 = INTEGER: 3
iso.3.6.1.2.1.9999.1.1.6.4.1.7.192.168.1.101 = INTEGER: 3
iso.3.6.1.2.1.9999.1.1.6.4.1.7.192.168.1.102 = INTEGER: 3
iso.3.6.1.2.1.9999.1.1.6.4.1.7.192.168.1.103 = INTEGER: 3
iso.3.6.1.2.1.9999.1.1.6.4.1.7.192.168.1.105 = INTEGER: 3
iso.3.6.1.2.1.9999.1.1.6.4.1.7.192.168.1.106 = INTEGER: 3
iso.3.6.1.2.1.9999.1.1.6.4.1.7.192.168.1.108 = INTEGER: 3
iso.3.6.1.2.1.9999.1.1.6.4.1.8.192.168.1.100 = Hex-STRING: 00 25 AB 01 B3 5F
iso.3.6.1.2.1.9999.1.1.6.4.1.8.192.168.1.101 = Hex-STRING: 9C 20 7B D9 6D A1
iso.3.6.1.2.1.9999.1.1.6.4.1.8.192.168.1.102 = Hex-STRING: 18 34 51 21 2D 92
iso.3.6.1.2.1.9999.1.1.6.4.1.8.192.168.1.103 = Hex-STRING: 48 5D 60 4B 86 7B
iso.3.6.1.2.1.9999.1.1.6.4.1.8.192.168.1.105 = Hex-STRING: E0 B9 A5 F3 38 BC
iso.3.6.1.2.1.9999.1.1.6.4.1.8.192.168.1.106 = Hex-STRING: 14 99 E2 7A 2F 12
iso.3.6.1.2.1.9999.1.1.6.4.1.8.192.168.1.108 = Hex-STRING: F0 C1 F1 97 D2 D9

dsobin · Thu Jul 31, 2014 8:18 pm

Issue:
DHCP over BCP via PPTP fails.

Description:
DHCP over BCP via PPTP fails.
This was reported as a bug previously in this thread, then reported as fixed. I am reporting that it is still broken.
Bridges on each of two routers are connected together via a PPTP tunnel. DHCP server on one bridge, DHCP client on the other bridge. The DHCP client will never get an IP address.

Per the Wiki entry, one should configure IP addresses for the PPTP tunnel endpoints, usually entered in
PPP->Secrets. However, if you do this, DHCP will fail.

If I delete the IP addresses for the PPTP tunnel endpoints, DHCP will work.

If BCP between bridges is all that is required, not including PPTP tunnel endpoint addresses is a work-around.
If you need to also route packets over the PPTP tunnel, then this work-around cannot be used.

It used to work both ways in 5.26. If the new configuration, post 6.x, requires one to delete the IP addresses on the tunnel endpoints, this should be carefully documented and the Wiki updated to reflect this fact.

I think it's just a bug, but maybe Mikrotik wants to call it an undocumented new feature.

If the Mikrotik response is that it's working correctly now (i.e. tunnel endpoint IP addresses MUST be omitted for BCP), then I will update the Wiki page. The Wiki page currently says local/remote addresses must be included, although the example given does not include them.

Mikrotik responded to my ticket by saying it's a feature. A PPTP tunnel can be used either for routing traffic or for bridging, but not both.

If used for bridging, the local and remote IP addresses assigned to the tunnel endpoints, usually in in the "Secrets" tab, must NOT be entered.
This is a change from the way it worked in v5.x.

The Wiki for BCP says to always enter IP addresses for the tunnel endpoints, even for bridging. This is wrong, and if followed, the tunnel will not work properly for bridging.

I am willing to update the BCP wiki, but my wiki user ID doesn't have the privilege to do that.

MIkrotik: If you allow it, I'll update the Wiki. Otherwise, I hope you will update it. I responded this way via the ticket.

Since Mikrotik says this is working properly, I guess it's not a bug in the software - It's a bug in the documentation.

Dudshl · Mon Aug 11, 2014 11:29 am

Issue:
RouterBoard with 4G modem crashes when I try to start Metarouter with OpenWRT image.

Description:
Step 1: Import openwrt image to metarouter (I got in from official wiki http://www.mikrotik.com/download/metaro ... rootfs.tgz and tried to compile it manually).
It starts and works correctly.
Step 2: Connect 4G modem (ZTE MF823, YOTA, Huawei E3272) -> system crashes and rebooting while modem connected.
When I disconnect modem - system boots correctly
Step 3: Disable Metarouter.
System works correctly.
Step 4: Connect 4G modem.
System works correctly.
Step 5: Enable Metarouter (or import new one) -> system crashes and rebooting while modem connected.

Same thing happens if I create Metarouter without any images. Just clean metarouter with routeros.

PS1: I tried to use to use Huawei e3272 with mode AT^SETPORT="A1;10,12,13,14,16" (all com ports without CD and SD)
In this configuration it works correctly.4G + metarouter = success.

PS2: ZTE MF823 in diagnostic mode (http://192.168.0.1/goform/goform_proces ... md=FACTORY) detects and works correctly with metarouter. But there is no way to make connection with internet using this mode.
ZTE MF823 in diagnostic mode + metarouter = success

There is only "System rebooted because of kernel failure" string in logs.

Versions affected:
RB2011UAS-IN, RB951Ui-2HnD
6.17,6.18

Ticket#2014081166000486