v6.29 released

Thu May 28, 2015 11:51 am

To upgrade, click "Check for updates" in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

What's new in 6.29 (2015-May-27 11:19):

*) ssh server - use custom generated DH primes when possible;
*) ipsec - allow to specify custom IP address for my_id parameter;
*) ovpn server - use subnet topology in ip mode if netmask is provided (makes android & ios
clients work);
*) console - allow '-' characters in unknown command argument names;
*) snmp - fix rare bug when some OIDs where skipped;
*) ssh - added aes-ctr cipher support;
*) mesh - fixed kernel crash;
*) ipv4 fasttrack fastpath - accelerates connection tracking and nat for marked
connections (more than 5x performance improvement compared to regular slow
path conntrack/nat) - currently limited to TCP/UDP only;
*) added ~fasttrack-connection~ firewall action in filter/mangle tables for marking
connections as fasttrack;
*) added fastpath support for bridge interfaces - packets received and transmitted
on bridge interface can go fastpath (previously only bridge forwarded packets
could go fastpath);
*) packets now can go half-fastpath - if input interface supports fastpath and
packet gets forwarded in fastpath but output interface does not support fastpath
or has interface queue other than only-hw-queue packet gets converted
to slow path only at the dst interface transmit time;
*) trafflow: add natted addrs/ports to ipv4 flow info;
*) tilegx: enable autoneg for sfp ports in netinstall;
*) health - fix voltage on some RB4xx;
*) romon - fix 100% CPU usage;
*) romon - moved under tools menu in console;
*) email - store hostname for consistency;
*) vrrp - do not reset interface when no interesting config changes;
*) fixed async. ppp server;
*) sstp - fixed router lockup.
*) queue tree: some queues would stop working after some configuration changes;
*) fixed CRS226 10G ports could lose link (introduced in 6.28);
*) fixed FREAK vulnerability in SSL & TLS;
*) firewall - fixed sector writes rising starting since 6.28;
*) improved support for new hEX lite;

bommi · Thu May 28, 2015 11:54 am

Hello,

is the sector writes problem fixed?

Changelog for 6.29rcXX had following note:
*) firewall - fixed sector writes rising starting since 6.28;

I cant find this note in the changelog for 6.29.

Thu May 28, 2015 12:19 pm

Normis:

Could you be so kind and describe more elaborately what was the common problem for each fix.
It could save a lot of time if I know that, for eg....(it is example)

"fixed async. ppp server

ppp connections dropped after 10 minutes
bad addresses assigned to connection
etc., etc.."

ochyst · Thu May 28, 2015 12:32 pm

Torrent link - first seed is ready

http://www.mikrotik.com/download/router ... 29.torrent

astraliens · Thu May 28, 2015 1:11 pm

after update to 6.29 having a problem with "health" monitor on RB2011UiAS-2HnD
voltages and temp are not showing any more

/system health print - return empty result

upd: SNMP also return nothing about "health"
upd2: Secror Writes problem seems to be fixed

NoXy · Thu May 28, 2015 2:11 pm

*) console - allow '-' characters in unknown command argument names;

Normis:
What does this exactly mean? Please provide an example.

PazDog · Thu May 28, 2015 2:17 pm

Anyone else not getting the DNS resolver to serve cached lookups?

I'm getting 39ms to dig Google each time but a friend running 6.27 is getting 1ms

Thu May 28, 2015 2:25 pm

*) console - allow '-' characters in unknown command argument names;

Normis:
What does this exactly mean? Please provide an example.

[admin@rack1_b5] > :global myFunc do={:put $"aa-bb"}
[admin@rack1_b5] > $myFunc aa-bb="ff";
ff

jebz · Thu May 28, 2015 2:46 pm

after update to 6.29 having a problem with "health" monitor on RB2011UiAS-2HnD
voltages and temp are not showing any more

/system health print - return empty result

I experienced this on a RB450 upgrade to 6.27 . Another reboot resolved it.

astraliens · Thu May 28, 2015 3:08 pm

after update to 6.29 having a problem with "health" monitor on RB2011UiAS-2HnD
voltages and temp are not showing any more

/system health print - return empty result
I experienced this on a RB450 upgrade to 6.27 . Another reboot resolved it.

this helps...thanks... nice rule - if something did not work try to reboot...

Elfos · Thu May 28, 2015 3:12 pm

Referring to Ticket # 2015042066000634, the problem persists.

My Radius is configured to allow one connection per customer.
I do not believe that is the Radius, because what happens is as follows:
My Radius only authorizes the connection.
The IPS POOL is in Mikrotik

1. Customer initiates PPPoE dial;
2. Mikrotik queries Radius;
3. Radius authorizes the client;
4. Mikrotik authenticates the client.

THE PROBLEM:
1. Randomly some authenticate clients, but do not sail;
2. Active PPP connections in the address field, appears in the IP that the client received;
3. PPP interface, the same client, the Remote Address field is empty;
4. PPP interface, this same customer is om the only status with D (dinamic) but nowhere with R (Running);
5. In IP Address, the same client is in red, with the status D (Dynamic) and I (Invalid);
6. Interfaces, the same customer is with Status D (Dynamic) and without the R (Running) and also not as a slave of the physical interface;
7. IP Route, is not created proper route (/ 32) to the client.
RESULT: The PPPoE session is established, the client receives IP, but the RouterOS for some reason creates totally bugged connection. CUSTOMER IS NO CONNECTION.
After some time, the RouterOS "adjusts" the connection, creates the route and the customer browsing normally.

patrick7 · Thu May 28, 2015 3:13 pm

I have 190 sector writes since reboot (37 min ago). Isn't that too much?

patrick7 · Thu May 28, 2015 3:20 pm

If fasttrack is enabled, TCP connections over GRE over IPsec are not possible (ICMP works). If I limit fasttrack rule to in-interface=all-ethernet and out-interface=all-ethernet, connection is possible again. Bug?

netikelis · Thu May 28, 2015 4:46 pm

In windows xp winbox close if push IP-Address !

netikelis · Thu May 28, 2015 4:52 pm

NTP client not work ! Only "started" , but not synchronized and DST not active ...
Before upgrade with old version 5.26 all work !

kristaps · Thu May 28, 2015 5:05 pm

NTP client not work ! Only "started" , but not synchronized and DST not active ...
Before upgrade with old version 5.26 all work !

do you have ntp package installed or only sntp client ?
what ntp servers are you using ?

I have sntp client on RB751u and it's working.

export your config to .rsc file, save it.
netisntall board to 6.29, import config.

honzam · Thu May 28, 2015 5:23 pm

Changelog for routerboot 3.24? http://wiki.mikrotik.com/wiki/RouterBOOT_changelog

StubArea51 · Thu May 28, 2015 5:41 pm

Nothing makes my day like a new RouterOS update

We have tested upgrade of the following platforms in our OPSF/MPLS/BGP design lab without issue so far

CCR1036-8G-2S+
CCR1009-8G-1S-1S+
CRS-125-24G-1S
RB2011UiAS
RB951Ui-2HnD
RB751U-2HnD
RBmAP2n

mimbach · Thu May 28, 2015 6:32 pm

750UP 6.29 with MPLS/VPLS once traffic starts to pass the unit reboots, with VPLS disabled the unit no longer reboots. Has anyone seen this or have a solution?

Cha0s · Thu May 28, 2015 7:03 pm

I have 190 sector writes since reboot (37 min ago). Isn't that too much?

It appears that the bug might be fixed even though it was removed from the changlog.

I can confirm that when opening the Firewall window the sector write count does not increase.

I increases when changing settings, etc - which is normal of course.

I am not sure about x86 though. I can see over 55000 writes with 90minutes uptime.

For me it's not much of a problem since it's on a SATA disk, but others with x86 installations on CF cards might have a problem.

On MIPSBE, so far the sector writes are minimal (~100 after 90minutes uptime).

Edit: To answer your question, I believe 190sector writes are quite normal.

Qper · Thu May 28, 2015 8:28 pm

Problems with CRS212-1G-10S-1S+
After the update winbox not see IP the router,

helped downgrade to 6.28

ellpod · Thu May 28, 2015 9:03 pm

Having issues with 6.29 on multiple CRS226-24G-2S+ devices.

The devices continue to function as a switch, but loose all access to web interface etc after selecting bridge mode.
The following steps have been taken:

- Factory reset
- open web interface on default IP 192.168.88.1
- Quick Set -> Mode -> Bridge
- no access to the device, even after additional reboot

after downgrading to 6.29rc22, the same steps work just fine

Thu May 28, 2015 10:06 pm

Having issues with 6.29 on multiple CRS226-24G-2S+ devices.

The devices continue to function as a switch, but loose all access to web interface etc after selecting bridge mode.
The following steps have been taken:

- Factory reset
- open web interface on default IP 192.168.88.1
- Quick Set -> Mode -> Bridge
- no access to the device, even after additional reboot

after downgrading to 6.29rc22, the same steps work just fine

Why use bridge on a switch??

mobdoc · Thu May 28, 2015 10:46 pm

Hi,

Just upgraded an RB951Ui-2HnD and it is now rebooting every hour with an out of memory condition. It is configured as a hotspot server with RADIUS authentication and ovpn-client to the radius server but is running on a test bench with no clients connecting. After a reboot, if I leave inbox connected and displaying the resources I can see that the memory consumption is perfectly stable for exactly 1 hour and then the free memory suddenly starts to drop and around 15 - 20 seconds later the router locks up. A minute later the watchdog kicks and and triggers a reboot.

This happens every single time the router is rebooted (5 consecutive reboots in the last 5 hours).

There have been no changes to the config since V6.23 which was running prior to the upgrade.

Anyone got any ideas?

Thanks
Steve

dynek · Fri May 29, 2015 12:04 am

I have 190 sector writes since reboot (37 min ago). Isn't that too much?

Updated - Uptime 50 minutes and 1'156 Sector Writes Since Reboot.

Nothing to worry about ?

RB450G

vortex · Fri May 29, 2015 12:09 am

RB2011:

3 hours uptime, 185 sector writes

Home router

fasttrack on

colebert · Fri May 29, 2015 6:25 am

RE: SNMP OID FIX

I upgraded from 6.03 (ish) to 6.28 a couple weeks ago on six different NetMetal5 devices. Overall-CCQ OID [.1.3.6.1.4.1.14988.1.1.1.3.1.10.8] began reporting as zero (0).

Tonight I upgraded to 6.29 on one of the affected devices. This upgrade did not resolve the problem.

/interface wireless> print oid 
...
overall-ccq =..1.3.6.1.4.1.14988.1.1.1.3.1.10.8

All my NetMetal5 on much earlier 6.x code return good OID values for CCQ.

I walked the SNMP tree for my devices and do not see any evidence of a different OID for CCQ. I also disabled and re-enabled SNMP. Tried w/ SMNP v1 and v2. Also updated routerboard firmware to 3.22. Nothing helped.

This issue has appeared before in v6 rc as well.

http://forum.mikrotik.com/viewtopic.php?t=65485

Nollitik · Fri May 29, 2015 7:39 am

Upgraded today on 450G...all is good so far!

Fri May 29, 2015 9:12 am

Excessive flash writings are not solved.

Tried on Omnitik for the first time, freshly updated from 6.28 to 6.29 via direct update. Opening the rule in firewall (just double click, no change, no save) adds two writes to the flash each time.

Sometimes just opening makes "filter rule moved by user" in the log.

What the hell? Having only one fake rule to check what it does when I open it, and it does these things??? Even when the rule is disabled! Of course the only one rule cannot be moved anywhere!

How difficult could be to correct these errors?

timberwolf · Fri May 29, 2015 9:45 am

Did anyone else notice the L2MTU reduction on RB450G? With switch-all-ports=no I previously had 1526 now its 1522 for ether1. Noticed this with 6.29rc22 and 6.29, not sure if it was reduced before those versions

tolkn · Fri May 29, 2015 9:53 am

Hi,

Just upgraded an RB951Ui-2HnD and it is now rebooting every hour with an out of memory condition. It is configured as a hotspot server with RADIUS authentication and ovpn-client to the radius server but is running on a test bench with no clients connecting. After a reboot, if I leave inbox connected and displaying the resources I can see that the memory consumption is perfectly stable for exactly 1 hour and then the free memory suddenly starts to drop and around 15 - 20 seconds later the router locks up. A minute later the watchdog kicks and and triggers a reboot.

This happens every single time the router is rebooted (5 consecutive reboots in the last 5 hours).

There have been no changes to the config since V6.23 which was running prior to the upgrade.

Anyone got any ideas?

Thanks
Steve

In my case the removal cacert certificates solve the problem

Fri May 29, 2015 10:04 am

anyone with blank health information, where health sensors are supposed to be installed, please email supout.rif file to support. thank you!

CyberTod · Fri May 29, 2015 10:08 am

It's funny how after a bug occurs everyone expects it is not fixed completely. Now all stare all the time at sector writes and when a write happens jump from their chair.

alexp89 · Fri May 29, 2015 10:13 am

*) trafflow: add natted addrs/ports to ipv4 flow info;

Please tell us more about that. Which fields are used? What netflow collector understands them?

Fri May 29, 2015 10:14 am

Changelog for routerboot 3.24? http://wiki.mikrotik.com/wiki/RouterBOOT_changelog

as it has been often written, RouterBOOT version numbers usually increase to support new device for this CPU family. there is very rarely any changes that affect existing users

Fri May 29, 2015 10:17 am

Referring to Ticket # 2015042066000634, the problem persists.

thanks, we have the ticket and are working on it. if possible, provide support with remote access, so we can see the issue in real time

Fri May 29, 2015 10:19 am

Having issues with 6.29 on multiple CRS226-24G-2S+ devices.

The devices continue to function as a switch, but loose all access to web interface etc after selecting bridge mode.
The following steps have been taken:

- Factory reset
- open web interface on default IP 192.168.88.1
- Quick Set -> Mode -> Bridge
- no access to the device, even after additional reboot

after downgrading to 6.29rc22, the same steps work just fine

please clarify where you set the "mode bridge" and what was the purpose for doing this. mode "PTP bridge" is a wireless mode, it will change some major configurations if you select this.

amt · Fri May 29, 2015 10:54 am

Having issues with 6.29 on multiple CRS226-24G-2S+ devices.

The devices continue to function as a switch, but loose all access to web interface etc after selecting bridge mode.
The following steps have been taken:

- Factory reset
- open web interface on default IP 192.168.88.1
- Quick Set -> Mode -> Bridge
- no access to the device, even after additional reboot

after downgrading to 6.29rc22, the same steps work just fine

what about winbox interface ?

demonster · Fri May 29, 2015 11:41 am

RB750 after upgrade from 6.28 DHCP client on ether1 don't work - status "searching". Settings are default.
I downgraded to 6.28 - works fine.

timberwolf · Fri May 29, 2015 12:01 pm

RB750 after upgrade from 6.28 DHCP client on ether1 don't work - status "searching". Settings are default.
I downgraded to 6.28 - works fine.

Stumbled across this more then once. In my cases reinstalling with netinstall always solved the issue in case config reset didn't help.

Fri May 29, 2015 12:02 pm

when you see such status, please make a supout.rif file, maybe we can see there, what is happening at this moment

demonster · Fri May 29, 2015 1:40 pm

suppout.rif
https://drive.google.com/file/d/0B5E7rX ... sp=sharing

Fri May 29, 2015 1:44 pm

this is a user forum. please send it to mikrotik (support@mikrotik.com). developers rarely read the topics.

Cha0s · Fri May 29, 2015 1:59 pm

Since 6.28, /tool profile cannot run more than once.

If I login with winbox and use /tools profile it works.

If at the same time someone else logs in and tries to use /tools profile it says 'Couldn't start - profile already runnning'. Screenshot: http://prntscr.com/7apcn4

This was working just fine up until 6.27. Changelog does not mention anything regarding /tool profile.

Cha0s · Fri May 29, 2015 2:35 pm

*) fixed async. ppp server;

PPTP Client seems broken after upgrade to 6.29.

Every few minutes it disconnects.Screenshot: http://prntscr.com/7apgti
This keeps on since yesterday's upgrade.

Here's a single disconnect/reconnect with debug on:

14:25:14 pptp,ppp,debug,packet X: rcvd  vpn-WIX: sent  vpn-WIX: rcvd CCP TermReq id=0x3 
14:25:14 pptp,ppp,debug,packet     Encryption got out of sync\00 
14:25:14 pptp,ppp,debug vpn-WIX: CCP closed 
14:25:14 pptp,ppp,debug,packet  vpn-WIX: sent CCP TermAck id=0x3 
14:25:14 pptp,ppp,info vpn-WIX: disabling encoding - MPPE128 stateless 
14:25:14 pptp,ppp,debug,packet  vpn-WIX: rcvd LCP TermReq id=0x2 
14:25:14 pptp,ppp,debug,packet     Encryption got out of sync\00 
14:25:14 pptp,ppp,debug vpn-WIX: LCP closed 
14:25:14 pptp,ppp,debug vpn-WIX: CCP lowerdown 
14:25:14 pptp,ppp,debug vpn-WIX: BCP lowerdown 
14:25:14 pptp,ppp,debug vpn-WIX: BCP down event in starting state 
14:25:14 pptp,ppp,debug vpn-WIX: IPCP lowerdown 
14:25:14 pptp,ppp,debug vpn-WIX: IPCP closed 
14:25:14 pptp,ppp,debug vpn-WIX: IPV6CP lowerdown 
14:25:14 pptp,ppp,debug vpn-WIX: IPV6CP closed 
14:25:14 pptp,ppp,debug vpn-WIX: MPLSCP lowerdown 
14:25:14 pptp,ppp,debug vpn-WIX: MPLSCP closed 
14:25:14 pptp,ppp,debug,packet  vpn-WIX: sent LCP TermAck id=0x2 
14:25:14 pptp,ppp,debug vpn-WIX: LCP lowerdown 
14:25:14 pptp,ppp,info vpn-WIX: terminating... 
14:25:14 pptp,ppp,debug vpn-WIX: LCP lowerdown 
14:25:14 pptp,ppp,debug vpn-WIX: LCP down event in starting state 
14:25:14 pptp,ppp,info vpn-WIX: disconnected 
14:25:14 pptp,ppp,info vpn-WIX: initializing... 
14:25:14 pptp,ppp,info vpn-WIX: connecting... 
14:25:14 pptp,ppp,debug vpn-WIX: LCP lowerup 
14:25:14 pptp,ppp,debug,packet  vpn-WIX: sent LCP ConfReq id=0x7d 
14:25:14 pptp,ppp,debug,packet    <mru 1450> 
14:25:14 pptp,ppp,debug,packet    <magic 0x4c973c97> 
14:25:14 pptp,ppp,debug,packet    <mrru 1600> 
14:25:14 pptp,ppp,debug vpn-WIX: LCP open 
14:25:14 pptp,ppp,debug,packet  vpn-WIX: rcvd LCP ConfReq id=0x1 
14:25:14 pptp,ppp,debug,packet    <mru 1440> 
14:25:14 pptp,ppp,debug,packet    <magic 0xe0ffdf0> 
14:25:14 pptp,ppp,debug,packet    <auth  mschap2> 
14:25:14 pptp,ppp,debug,packet  vpn-WIX: sent LCP ConfAck id=0x1 
14:25:14 pptp,ppp,debug,packet    <mru 1440> 
14:25:14 pptp,ppp,debug,packet    <magic 0xe0ffdf0> 
14:25:14 pptp,ppp,debug,packet    <auth  mschap2> 
14:25:14 pptp,ppp,debug,packet  vpn-WIX: rcvd LCP ConfRej id=0x7d 
14:25:14 pptp,ppp,debug,packet    <mrru 1600> 
14:25:14 pptp,ppp,debug,packet  vpn-WIX: sent LCP ConfReq id=0x7e 
14:25:14 pptp,ppp,debug,packet    <mru 1450> 
14:25:14 pptp,ppp,debug,packet    <magic 0x4c973c97> 
14:25:14 pptp,ppp,debug,packet  vpn-WIX: rcvd LCP ConfAck id=0x7e 
14:25:14 pptp,ppp,debug,packet    <mru 1450> 
14:25:14 pptp,ppp,debug,packet    <magic 0x4c973c97> 
14:25:14 pptp,ppp,debug vpn-WIX: LCP opened 
14:25:14 pptp,ppp,debug,packet  vpn-WIX: rcvd CHAP Challenge id=0x1 
14:25:14 pptp,ppp,debug,packet     <challenge len=16> 
14:25:14 pptp,ppp,debug,packet     <name wlan1-lab> 
14:25:14 pptp,ppp,debug vpn-WIX: CHAP received challenge in initial state, dropping 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: rcvd CHAP Challenge id=0x1 
14:25:17 pptp,ppp,debug,packet     <challenge len=16> 
14:25:17 pptp,ppp,debug,packet     <name wlan1-lab> 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: sent CHAP Response id=0x1 
14:25:17 pptp,ppp,debug,packet     <response len=49> 
14:25:17 pptp,ppp,debug,packet     <name awmn1> 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: rcvd CHAP Success id=0x1 
14:25:17 pptp,ppp,debug,packet     S=E5540A77B908EF6A08FDE326D1F39FD0EE1F95CB 
14:25:17 pptp,ppp,info vpn-WIX: authenticated 
14:25:17 pptp,ppp,debug vpn-WIX: IPCP lowerup 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: sent IPCP ConfReq id=0x7f 
14:25:17 pptp,ppp,debug,packet     <addr 0.0.0.0> 
14:25:17 pptp,ppp,debug vpn-WIX: IPCP open 
14:25:17 pptp,ppp,debug vpn-WIX: IPV6CP lowerup 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: sent IPV6CP ConfReq id=0x3f 
14:25:17 pptp,ppp,debug,packet     <interface-identifier 0:0:0:b> 
14:25:17 pptp,ppp,debug vpn-WIX: IPV6CP open 
14:25:17 pptp,ppp,debug vpn-WIX: MPLSCP lowerup 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: sent MPLSCP ConfReq id=0x3f 
14:25:17 pptp,ppp,debug vpn-WIX: MPLSCP open 
14:25:17 pptp,ppp,debug vpn-WIX: BCP open 
14:25:17 pptp,ppp,debug vpn-WIX: CCP lowerup 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: sent CCP ConfReq id=0x3f 
14:25:17 pptp,ppp,debug,packet     <mppe 1000040> 
14:25:17 pptp,ppp,debug vpn-WIX: CCP open 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: rcvd IPCP ConfReq id=0x1 
14:25:17 pptp,ppp,debug,packet     <addr 10.126.126.245> 
14:25:17 pptp,ppp,debug,packet     <comp VJ f 1> 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: sent IPCP ConfRej id=0x1 
14:25:17 pptp,ppp,debug,packet     <comp VJ f 1> 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: rcvd IPV6CP ConfReq id=0x1 
14:25:17 pptp,ppp,debug,packet     <interface-identifier 0:0:0:7f> 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: sent IPV6CP ConfAck id=0x1 
14:25:17 pptp,ppp,debug,packet     <interface-identifier 0:0:0:7f> 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: rcvd MPLSCP ConfReq id=0x1 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: sent MPLSCP ConfAck id=0x1 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: rcvd CCP ConfReq id=0x1 
14:25:17 pptp,ppp,debug,packet     <mppe 1000060> 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: sent CCP ConfNak id=0x1 
14:25:17 pptp,ppp,debug,packet     <mppe 1000040> 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: rcvd IPCP ConfNak id=0x7f 
14:25:17 pptp,ppp,debug,packet     <addr 10.126.126.246> 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: sent IPCP ConfReq id=0x80 
14:25:17 pptp,ppp,debug,packet     <addr 10.126.126.246> 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: rcvd IPV6CP ConfAck id=0x3f 
14:25:17 pptp,ppp,debug,packet     <interface-identifier 0:0:0:b> 
14:25:17 pptp,ppp,debug vpn-WIX: IPV6CP opened 
14:25:17 pptp,ppp,info vpn-WIX: connected 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: rcvd MPLSCP ConfAck id=0x3f 
14:25:17 pptp,ppp,debug vpn-WIX: MPLSCP opened 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: rcvd CCP ConfAck id=0x3f 
14:25:17 pptp,ppp,debug,packet     <mppe 1000040> 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: rcvd IPCP ConfReq id=0x2 
14:25:17 pptp,ppp,debug,packet     <addr 10.126.126.245> 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: sent IPCP ConfAck id=0x2 
14:25:17 pptp,ppp,debug,packet     <addr 10.126.126.245> 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: rcvd CCP ConfReq id=0x2 
14:25:17 pptp,ppp,debug,packet     <mppe 1000040> 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: sent CCP ConfAck id=0x2 
14:25:17 pptp,ppp,debug,packet     <mppe 1000040> 
14:25:17 pptp,ppp,debug vpn-WIX: CCP opened 
14:25:17 pptp,ppp,info vpn-WIX: using encoding - MPPE128 stateless 
14:25:17 pptp,ppp,debug,packet  vpn-WIX: rcvd IPCP ConfAck id=0x80 
14:25:17 pptp,ppp,debug,packet     <addr 10.126.126.246> 
14:25:17 pptp,ppp,debug vpn-WIX: IPCP opened

It's not a PPTP Server (v5.26) problem since no other connection there drops.
Server side logs:

12:30:21 pptp,info TCP connection established from x.x.x.x 
12:30:21 pptp,ppp,info <pptp-0>: waiting for call... 
12:30:24 pptp,ppp,info awmn1: authenticated 
12:30:24 pptp,ppp,info awmn1: connected 
12:30:24 pptp,ppp,info awmn1: using encoding - MPPE128 stateless 
13:04:15 pptp,ppp,info awmn1: terminating... - Encryption got out of sync 
13:04:15 pptp,ppp,info awmn1: disconnected 
13:04:15 pptp,info TCP connection established from x.x.x.x 
13:04:15 pptp,ppp,info <pptp-0>: waiting for call... 
13:04:18 pptp,ppp,info awmn1: authenticated 
13:04:18 pptp,ppp,info awmn1: connected 
13:04:18 pptp,ppp,info awmn1: using encoding - MPPE128 stateless 
13:41:01 pptp,ppp,info awmn1: terminating... - Encryption got out of sync 
13:41:01 pptp,ppp,info awmn1: disconnected 
13:41:01 pptp,info TCP connection established from x.x.x.x 
13:41:01 pptp,ppp,info <pptp-0>: waiting for call... 
13:41:04 pptp,ppp,info awmn1: authenticated 
13:41:04 pptp,ppp,info awmn1: connected 
13:41:04 pptp,ppp,info awmn1: using encoding - MPPE128 stateless 
13:49:56 pptp,ppp,info awmn1: terminating... - Encryption got out of sync 
13:49:56 pptp,ppp,info awmn1: disconnected 
13:49:56 pptp,info TCP connection established from x.x.x.x 
13:49:56 pptp,ppp,info <pptp-0>: waiting for call... 
13:50:00 pptp,ppp,info awmn1: authenticated 
13:50:00 pptp,ppp,info awmn1: connected 
13:50:00 pptp,ppp,info awmn1: using encoding - MPPE128 stateless 
14:01:23 pptp,ppp,info awmn1: terminating... - Encryption got out of sync 
14:01:23 pptp,ppp,info awmn1: disconnected 
14:01:23 pptp,info TCP connection established from x.x.x.x 
14:01:23 pptp,ppp,info <pptp-0>: waiting for call... 
14:01:26 pptp,ppp,info awmn1: authenticated 
14:01:26 pptp,ppp,info awmn1: connected 
14:01:26 pptp,ppp,info awmn1: using encoding - MPPE128 stateless 
14:25:14 pptp,ppp,info awmn1: terminating... - Encryption got out of sync 
14:25:14 pptp,ppp,info awmn1: disconnected 
14:25:14 pptp,info TCP connection established from x.x.x.x 
14:25:14 pptp,ppp,info <pptp-0>: waiting for call... 
14:25:17 pptp,ppp,info awmn1: authenticated 
14:25:17 pptp,ppp,info awmn1: connected 
14:25:17 pptp,ppp,info awmn1: using encoding - MPPE128 stateless

upower3 · Fri May 29, 2015 3:32 pm

I see strange OpenVPN server behavior now. After I've upgraded to 6.29, my PC-based ovpn-client won't run well when work woth ovpn server on routerboard. The log on RB is simple, the user "connected" then after a few second disconnected". The same config run ok on 6.28 and before.

As I look into logs of the client I see strange line:

ERROR: There is a clash between the --ifconfig local address and the internal DHCP server address -- both are set to 192.168.xxx.2 -- please use the --ip-win32 dynamic option to choose a different free address from the --ifconfig subnet for the internal DHCP server
Exiting due to fatal error

That's quite strange. At the same time ovpn clients on another RB device runs ok with this server.

I was forced to downgrade to 6.28 so far, but I'd like to fix the config.

Is it about the same like in changelog:

*) ovpn server - use subnet topology in ip mode if netmask is provided (makes android & ios clients work);

and how/where can I set up netmask?

The server config is quite simple:

/ppp profile
   add dns-server=172.17.xxx.3 name=ovpn-profile only-one=yes use-mpls=no
/interface ovpn-server server
   set certificate=server cipher=blowfish128,aes128,aes192,aes256 default-profile=ovpn-profile enabled=yes keepalive-timeout=30 netmask=30 port=4194
/ppp secret
    add local-address=192.168.xxx.1 name=username password=password profile=ovpn-profile remote-address=192.168.xxx.2 service=ovpn

Fri May 29, 2015 3:37 pm

and how/where can I set up netmask?

Maybe try netmask parameter, by default it is already set to /24

/interface ovpn-server server> set netmask=

upower3 · Fri May 29, 2015 3:38 pm

and how/where can I set up netmask?
Maybe try netmask parameter, by default it is already set to /24

/interface ovpn-server server> set netmask=

Thanks for reply! Sorry I haven't supply the server config, now I've edited my message above and included that. I do have netmask set to 30 on my config:

/interface ovpn-server server
   set certificate=server cipher=blowfish128,aes128,aes192,aes256 default-profile=ovpn-profile enabled=yes keepalive-timeout=30 netmask=30 port=4194

timberwolf · Fri May 29, 2015 3:47 pm

*) fixed async. ppp server;
PPTP Client seems broken after upgrade to 6.29.

Every few minutes it disconnects.Screenshot: http://prntscr.com/7apgti
This keeps on since yesterday's upgrade.

Working flawless here, 6.29 on client(RB450G)&server(x86) though.

Fri May 29, 2015 3:48 pm

As for the original problem, apparently you have clash between addresses.
Don't use network as your OpenVPN subnet if this network is in use already. You did not experience such problem in previous ROS versions because topology 'subnet' was not used.

upower3 · Fri May 29, 2015 4:28 pm

because topology 'subnet' was not used.

Quite a news, really

Ok, what I try to do is I would like to assign half of IPs from given /24 network to users via DHCP. The remaining IPs I'd like to use as ovpn assigned ones. Thus all of my network devices will see this as single /24 network.

I set up DHCP to use 192.168.10.129...250, and the I assign 192.168.10.1-2, 5-6 etc to each /30 network that is used in each ovpn connection. I can't recall it now but it was long ago as I learn that Windows clients won't work as I set PPP profile so that ony one IP is on server site and client IPs are assigned from IP pool. It was OK for *nix-based clients but Windows TUN was only able to do /30 networks.

I'll try that today at night

but this would be very good to have netmask support at last.

Fri May 29, 2015 5:18 pm

Qper and ellpod, thank you very much for the report regarding CRS devices.
We have made a version with the fix, it will be included to final 6.30.
http://www.mikrotik.com/download/share/ ... .30rc6.npk

mobdoc · Fri May 29, 2015 5:33 pm

Hi,

Just upgraded an RB951Ui-2HnD and it is now rebooting every hour with an out of memory condition. ...
In my case the removal cacert certificates solve the problem

I have done some more investigating and found that if I remove the CA certificates I have imported then the problem goes away but I need the certificates. They are the standard G2/G1 certificates from GoDaddy.

It seems the issue is directly related to the router trying to update the Certificate Revocation List (CRL) but I have not been able to get to the root cause of the problem. I have reported this to support with ticket number Ticket#2015052966000661.

Is anyone else experiencing this issue?

Thanks
Steve

tolkn · Fri May 29, 2015 5:55 pm

I have done some more investigating and found that if I remove the CA certificates I have imported then the problem goes away but I need the certificates. They are the standard G2/G1 certificates from GoDaddy.

It seems the issue is directly related to the router trying to update the Certificate Revocation List (CRL) but I have not been able to get to the root cause of the problem. I have reported this to support with ticket number Ticket#2015052966000661.

Is anyone else experiencing this issue?

Thanks
Steve

http://forum.mikrotik.com/viewtopic.php ... 38#p484167

upower3 · Fri May 29, 2015 6:09 pm

I have done some more investigating and found that if I remove the CA certificates I have imported then the problem goes away but I need the certificates. They are the standard G2/G1 certificates from GoDaddy.

It seems the issue is directly related to the router trying to update the Certificate Revocation List (CRL) but I have not been able to get to the root cause of the problem. I have reported this to support with ticket number Ticket#2015052966000661.

Is anyone else experiencing this issue?

Thanks
Steve
http://forum.mikrotik.com/viewtopic.php ... 38#p484167

I suspect owners of smaller devices like hLite should cry aloud for their devices won't be able to use VPN with almost every certificate (for the lack of free RAM).

Are there was any description on how RouterOS uses RAM to keep things like certificates, ACL etc.? Never read anything in the wiki or in any other "official" source...

elgrandiegote · Fri May 29, 2015 6:36 pm

v6.29: In the log messages like the following:
script,warning <Mikrotik>: <td colspan="5"></td>‏
script,warning <Mikrotik>: <tr>>: something is missing‏
script,warning <Mikrotik>: <body style='font-family: Arial; font-size: 15px; background-color: #081273; color: white;'>‏
script,warning <Mikrotik>: <table width="742" border="0" align="center" cellpadding="0" cellspacin‏
script,warning <Mikrotik>: <title>Redirect</title>‏

any idea about it ?

solaoxo · Fri May 29, 2015 7:27 pm

There are two devices, rb951-2n and rb941 were wds, but whenever the wireless settings change or off and then turned on, the connection is not on, the only one reboot before you can.

Cha0s · Fri May 29, 2015 7:36 pm

*) fixed async. ppp server;
PPTP Client seems broken after upgrade to 6.29.

Every few minutes it disconnects.Screenshot: http://prntscr.com/7apgti
This keeps on since yesterday's upgrade.
Working flawless here, 6.29 on client(RB450G)&server(x86) though.

I know. It's standard Mikrotik behavior when bugs occur (and 9 out of 10 times those occur after an upgrade).

I have other Mikrotik installations (x86, mipsbe) running 6.29 without this problem.

After hundreds (if not thousands) reports for weird bugs that apparently other users do not confirm (like mine) after upgrading to new versions - which mikrotik rarely if ever acknowledges - I am inclined to believe that the upgrade procedure maybe responsible for those kinds of behavior.

I've heard and read many many cases where a bug occurs after an upgrade. But the exact same configuration after a netinstall won't produce the bug.
It's only logical -after so many years of using mikrotik and seen this behavior repeatedly, especially on v5/v6 - to deduce that the upgrade code might not be the best on mikrotik.

As a matter of fact Mikrotik staff may have accidentally acknowledged this by suggesting to export the config, netinstall and then import the config back - all because the NTP client wouldn't work after an upgrade(!)

A procedure which apparently is not as easy as taking a backup and restoring it. So suggesting the export/netinstall/import route to me means that there is something wrong with the upgrade procedure causing all kinds of weird behavior and Mikrotik may already know about it (otherwise why suggest this drastic method - netinstall).
http://forum.mikrotik.com/viewtopic.php ... 85#p484085

export your config to .rsc file, save it.
netisntall board to 6.29, import config.

I don't see any other official explanation for the tons of bug (or not) reports on each new version.
Take every thread for each new version (especially after v6.x). It will be 6-10pages of which most posts will be about reporting bugs or problems after the upgrade and how downgrading back to whatever previous version, resolves it.

The pattern is quite clear I am afraid.

DLNoah · Fri May 29, 2015 7:47 pm

RB750 after upgrade from 6.28 DHCP client on ether1 don't work - status "searching". Settings are default.
I downgraded to 6.28 - works fine.

Demonster, is ether1 a member of a bridge, or otherwise a "slave" interface? (It should show an S in the status column if it is slaved). Back in the v6.0-v6.8 days, we would see that behavior if we bound DHCP clients to slave interfaces -- the server side would show constant "offering lease without success" errors, Wireshark would show DHCPDISCOVER and DHCPOFFER packets but no request from the client. Changing the DHCP client to bind to the bridge (or master) interface would make it work again. MikroTik never acknowledged it as a bug, but changed back to the v5 behavior of slave interfaces being able to pull a DHCP lease in v6.9 -- maybe that broke again?

exa · Fri May 29, 2015 8:24 pm

*) added ~fasttrack-connection~ firewall action in filter/mangle tables for marking
connections as fasttrack;

Is the fasttracked connection still accounted in traffic flow? Or, at least, the NAT event from the trafflow improvement?

What format and for what collector are the NAT events anyway, do they correspond to any standard or a generally used format? (I guess that the format of ipt_netflow will be compatible, but I want to be sure).

Thanks!

Fri May 29, 2015 10:21 pm

RB433 with some rules but it is not used to pass user traffic. It is testing VPN far end with IPSec over GRE tunnel.

5 1/2 h uptime = 18 500 sector writes

dynek · Fri May 29, 2015 10:56 pm

24h -> 30 978 Sector Writes Since Reboot

dimi · Sat May 30, 2015 12:27 am

after update to 6.29 having a problem with "health" monitor on RB2011UiAS-2HnD
voltages and temp are not showing any more

/system health print - return empty result

upd: SNMP also return nothing about "health"
upd2: Secror Writes problem seems to be fixed

working great on my RB2011UiAS-2HnD. Tested throuh winbox and console.

freemannnn · Sat May 30, 2015 8:38 am

why i cannot connect to romon devices behind rb951. i get the message "disconnected from romon"
i am using winbox3rc10 and 6.29 to all my devices.

dzikis · Sat May 30, 2015 10:06 am

Hi
I have got router with 6.28 working fine 2 peers bgp and pppoe server.
After upgrading to 6.29 some pppoe clients are connecting and disconnecting.
Second problem is trafic on some sfp ports winbox shows the same traffic on few ports.

timberwolf · Sat May 30, 2015 3:15 pm

Cha0s
Seems to be something about how the onfiguration system works, as I often came across the same behaviour during operation of a single version. Something breaks and is only fixable with config reset or netinstall. As I have no clue how the config system is implemented, I can only guess that some residual config files generated for the diverse components end up corrupted.

DJGlooM · Sat May 30, 2015 5:55 pm

Hey guys! I want to ask some help and clarification. I use ovpn to connect RB2011-s at my users homes to the RB1100 in the office, just corporate VPN. After upgrading to 6.29 I cant reach from one vpn client to another. As I red here it must be related to the subnet mode. What should be changed in config to get vpn clients to communicate again? Before that it was just enabling proxy-arp on the server side, what should I do now? The server's LAN address is in the same subnet as vpn clients with netmask 24.

demonster · Sat May 30, 2015 7:15 pm

RB750 after upgrade from 6.28 DHCP client on ether1 don't work - status "searching". Settings are default.
I downgraded to 6.28 - works fine.
Demonster, is ether1 a member of a bridge, or otherwise a "slave" interface?

No, default configuration - home router. Ether1 as master connected to provider's ONT (GEPON).

byJMR · Sat May 30, 2015 9:07 pm

Qper and ellpod, thank you very much for the report regarding CRS devices.
We have made a version with the fix, it will be included to final 6.30.
http://www.mikrotik.com/download/share/ ... .30rc6.npk

There is other BUG in v6.29 released BGP-VPLS

byJMR · Sat May 30, 2015 9:09 pm

IMG-Error_BGP-VPLS.jpeg

tom211 · Sun May 31, 2015 10:55 am

After upgrading, my two CAPs started to broadcast (?) permanently with about 4 kbps.

Downgrading to 6.28 fixed that problem.

Clbh · Sun May 31, 2015 2:31 pm

IMG-Error_BGP-VPLS.jpeg

Confirmed. I can reproduce this on my BGP-signalled VPLS setup.

VPLSes which are set to auto-attach to bridges result in an invalid port being added to the bridge when the VPLS comes up.

Adding the VPLS interfaces manually to the bridge works fine.

alexp89 · Mon Jun 01, 2015 4:02 am

Just repeat the question. Please do not ignore him again.

*) trafflow: add natted addrs/ports to ipv4 flow info;

How does it work? Which fields are used? What netflow collector understands them?

Mon Jun 01, 2015 9:57 am

Those users woh has a problem with PPTP and encryption please try out 6.30rc if it is possible. We have introduced a fix which should solve this "got out of sync" problem.

Mon Jun 01, 2015 10:41 am

IMG-Error_BGP-VPLS.jpeg
Confirmed. I can reproduce this on my BGP-signalled VPLS setup.

VPLSes which are set to auto-attach to bridges result in an invalid port being added to the bridge when the VPLS comes up.

Adding the VPLS interfaces manually to the bridge works fine.

Confirmed

upower3 · Mon Jun 01, 2015 10:51 am

I can confirm, on every device I have upgraded to 6.29 (via System -> Packages -> Downlad & Upgrade) I see that SNTP client can not get time from server. No logs for that, but I see how time changes.

The only hope is for "IP -> Cloud"'s time client but I'm not sure what protocol and server it depends on, and I see no logs for it, too.

Will we get the fix in 6.30?

Mon Jun 01, 2015 10:56 am

I can confirm, on every device I have upgraded to 6.29 (via System -> Packages -> Downlad & Upgrade) I see that SNTP client can not get time from server. No logs for that, but I see how time changes.

The only hope is for "IP -> Cloud"'s time client but I'm not sure what protocol and server it depends on, and I see no logs for it, too.

Will we get the fix in 6.30?

Since it works for all of our devices - make sure your NTP server works and try a different one

Mon Jun 01, 2015 3:48 pm

We have made a quick fix, released as v6.29.1 to address two issues that we found after releasing v6.29:

What's new in 6.29.1 (2015-Jun-01 13:30):

*) fixed vpls bridging (introduced in v6.29);
*) fixed problem where some CRS could not be reached (introduced in v6.29);

If you use a CRS or VPLS, please upgrade. There are no other changes in this release. Avoid using v6.29 on CRS, upgrade directly to v6.29.1 if you are still using an older version.

Clbh · Mon Jun 01, 2015 4:44 pm

We have made a quick fix, released as v6.29.1 to address two issues that we found after releasing v6.29:

What's new in 6.29.1 (2015-Jun-01 13:30):

*) fixed vpls bridging (introduced in v6.29);
*) fixed problem where some CRS could not be reached (introduced in v6.29);
If you use a CRS or VPLS, please upgrade. There are no other changes in this release. Avoid using v6.29 on CRS, upgrade directly to v6.29.1 if you are still using an older version.

Fantastic!

Thanks for the very quick fix to address the VPLS bridging issue.

mobdoc · Mon Jun 01, 2015 4:59 pm

I have just tried to upgrade a number of my devices and part way through the latest version changed from 6.29 to 6.29.1 (which I understand is a quick patch that has been released) but now the latest version is showing as 6.28?????

Has 6.29(.1) been pulled?

EDIT: and 5 minutes later it is back again!!

Steve

mars · Mon Jun 01, 2015 8:02 pm

can somebody please upload a torrent link for 6.29.1
thanks

Mon Jun 01, 2015 8:21 pm

I am curious why torrent links are such "must have" ? Could you explain me ?

mars · Mon Jun 01, 2015 8:24 pm

1 download for everything in 1 file

Cha0s · Mon Jun 01, 2015 8:51 pm

1 download for everything in 1 file

Precisely!

Many of us manage all kinds of Mikrotik installations with many architectures and on networks without internet access.

So downloading a single torrent file with all the release files in it, is the best/fastest way.
Time = Money.

I still don't get it why Mikrotik would stop something that many users prefer.
At least the torrent urls work even though they don't post them on the download page...

For those interested the torrent link for 6.29.1 is: http://www.mikrotik.com/download/router ... .1.torrent

Cha0s · Mon Jun 01, 2015 8:55 pm

It appears that there are no seeders yet for the torrent file.

Mon Jun 01, 2015 8:59 pm

OK...I know that one link is better but why you need it "now" just a few hours after release ? Do you apply new version immediately ?
Anyway it is quite rhetorical question and you do not need to answer me

Cha0s · Mon Jun 01, 2015 9:04 pm

Personally I don't 'need it now'.
I am not affected by the bugs resolved in 6.29.1 anyway.

What I am saying is that for whatever reason everyone has, the .torrent files are really useful. More useful than downloading 20 files manually from the download page.

dynek · Mon Jun 01, 2015 9:21 pm

After 96h uptime : 122 284 Sector Writes Since Reboot
Total is : 713 917

This router has been running for little bit more than a year so there's really something changed in this version. 17% of sectors writes in 4 days.
Anything you can do as I think it does somehow reduce life of the memory chip ?

Thank you

Tue Jun 02, 2015 7:09 am

Excessive sector writings were not solved even it was announced in rc version. It was written above many times and no statement to it was given by mikrotik.

Tue Jun 02, 2015 8:21 am

According to previous topics many clients did respond that sector writes issue was solved for them (when Firewall menu was opened in Winbox). We also did see that fix is working in out lab. If you still notice sector writes counter rising without apparent reason, then please write to. Tell us what do you do at the moment when it is happening. For example, if it is happening while Winbox is opened, then name what kind of windows are you using while it is happening.

3bs · Tue Jun 02, 2015 8:42 am

Seems like sectors writes increased by logging, but where to disable logging to flash? And sectors writes increased when openes winbox.

dynek · Tue Jun 02, 2015 9:37 am

We also did see that fix is working in out lab. If you still notice sector writes counter rising without apparent reason, then please write to. Tell us what do you do at the moment when it is happening.

Well I was running v.6.27 and updated to v.6.28 two days before updating to v.6.29 so I can't tell which one introduced this problem but it's one of them.

I have a RB450G - windows open in Winbox are always the same ones, I'll check it later to mention all of them but if memory servers me right:

/interfaces
/ip firewall
/ip dhcp-client
/ip route
/system resource
/system health

How come this affects sector writes when Winbox is not currently opened and connected to the router ?
I have already read that "echo" action in logging params is causing sector writes (obvious...) but I haven't changed these settings for a while and only critical topics is echoed.

Should I submit a ticket using this URL ? I can't register cause the captcha is not being displayed:
http://bugs.mikrotik-routeros.com/signup_page.php

Thank you

Tue Jun 02, 2015 9:53 am

Personally I don't 'need it now'.
I am not affected by the bugs resolved in 6.29.1 anyway.

What I am saying is that for whatever reason everyone has, the .torrent files are really useful. More useful than downloading 20 files manually from the download page.

Do you really need all four architectures immediately? Do you really upgrade MIPS-LE and PPC devices also? It is actually one file per architecture, and unless you are some sort of collector, you usually need only one.

meitonga · Tue Jun 02, 2015 10:17 am

Hi,

since 6.29 (and 6.29.1) OpenVPN seems broken :

If I connect to openvpn from the internet the connection succeeds. But no network traffic is possible (ping, http,dns ...). In the WebUI i can see the connection is alive but no packets are going through.

If I connect to openvpn from inside (intranet) the connection is established and everything (ping, http, dns, ...) is working.

Any ideas about this ?

Meitonga

dynek · Tue Jun 02, 2015 10:20 am

OpenVPN on the routerboard (as a client) is working fine for me.

meitonga · Tue Jun 02, 2015 10:33 am

I See, I forgot: in my case routerboard is the openvpn server.

dynek · Tue Jun 02, 2015 10:37 am

OK got it - But are you sure ping, http, dns really is going through the tunnel and not through your default gateway which knows the OpenVPN IP of your router ?
Then it might just be an issue of firewall rules

meitonga · Tue Jun 02, 2015 10:54 am

Yes I am pretty sure.

If I ping the openVPN IP of my connecting client:
It works, if the client is local.
It fails, if the client is outside.

dynek · Tue Jun 02, 2015 11:28 am

This should probably be investigated and discussed in another thread.
I would be very surprised if what you describes related to a RouterOS update.

Cha0s · Tue Jun 02, 2015 12:00 pm

Do you really need all four architectures immediately?

I just said that I don't need it 'now'. Does that imply that I need all archs immediately?

Any word on the real matter? Why stop providing the .torrent urls on the download page when clearly it's something that users want?

Tue Jun 02, 2015 2:24 pm

dynek - Seems like you will need to open new ticket. I did test with all of these windows opened on Winbox but still did not manage to reproduce problem.

jebz · Tue Jun 02, 2015 3:08 pm

The firmware server isn't working http://www.mikrotik.com/download. It's taking hours for the small files and failing.

upower3 · Tue Jun 02, 2015 3:11 pm

As of 6.29.1, SNTP client "suddenly" started to work. have upgraded my devices and so far the flight is OK

dynek · Tue Jun 02, 2015 3:12 pm

dynek - Seems like you will need to open new ticket. I did test with all of these windows opened on Winbox but still did not manage to reproduce problem.

I can't register cause the captcha is not being displayed. Is it the right URL ?
http://bugs.mikrotik-routeros.com/signup_page.php

Tue Jun 02, 2015 3:16 pm

No, this site is not related to mikrotik in any way. Email support@mikrotik.com to submit bugs.

mars · Tue Jun 02, 2015 3:49 pm

Do you really need all four architectures immediately? Do you really upgrade MIPS-LE and PPC devices also? It is actually one file per architecture, and unless you are some sort of collector, you usually need only one.[/quote]

and your point is ?

Tue Jun 02, 2015 3:53 pm

and your point is ?

Click on each download link. There is no more torrent.

Chupaka · Tue Jun 02, 2015 4:21 pm

*) trafflow: add natted addrs/ports to ipv4 flow info;
Please tell us more about that. Which fields are used? What netflow collector understands them?

What format and for what collector are the NAT events anyway, do they correspond to any standard or a generally used format? (I guess that the format of ipt_netflow will be compatible, but I want to be sure).

template fields added are postNATSourceIPv4Address, postNATDestinationIPv4Address, postNAPTSourceTransportPort and postNAPTDestinationTransportPort - they should be recognized by any NetFlow v9 collector

astraliens · Tue Jun 02, 2015 4:33 pm

for sector writes problem, seems to be fixed, but maybe there are a bit more writes than in 6.27 or older
winbox was opened for ~48 hours during this period

[admin@rb2011] > /system resource print 
	uptime: 5d1h22m46s
	version: 6.29
	build-time: May/27/2015 11:19:36
	write-sect-since-reboot: 3422
	board-name: RB2011UiAS-2HnD

mervincm · Tue Jun 02, 2015 5:34 pm

6.29 broke my CRS226-24-2s+ access via winbox, it simply couldn't connect. fortunately I could still connect via web. 6.29.1 was applied via web and after that Winbox worked fine.

mervincm · Tue Jun 02, 2015 5:51 pm

Personally I don't 'need it now'.
I am not affected by the bugs resolved in 6.29.1 anyway.

What I am saying is that for whatever reason everyone has, the .torrent files are really useful. More useful than downloading 20 files manually from the download page.
Do you really need all four architectures immediately? Do you really upgrade MIPS-LE and PPC devices also? It is actually one file per architecture, and unless you are some sort of collector, you usually need only one.

I don't understand this thinking. Folks that would want this are likely some of your biggest customers. Why not just make it available? It surely can't be that much work for your biggest customers.

pinchia · Tue Jun 02, 2015 9:27 pm

Is it possible to confirm if L2TP VPN works with v6.29?
I did a fresh install, and it doesn't work with quick setup.

dynek · Wed Jun 03, 2015 12:07 am

dynek - Seems like you will need to open new ticket. I did test with all of these windows opened on Winbox but still did not manage to reproduce problem.

Yeah I used Winbox3RC10 closed everything and checked from command line (ssh) and sector writes is still going higher.

I sent a mail to the support. Thanks!

Wed Jun 03, 2015 7:44 am

According to previous topics many clients did respond that sector writes issue was solved for them (when Firewall menu was opened in Winbox). We also did see that fix is working in out lab. If you still notice sector writes counter rising without apparent reason, then please write to. Tell us what do you do at the moment when it is happening. For example, if it is happening while Winbox is opened, then name what kind of windows are you using while it is happening.

I already described the mechanism above (see http://forum.mikrotik.com/viewtopic.php ... ve#p484196).

I have to add that I am not logging to internal flash at all but to usb flashdisks and to remote syslog.

Used windows are resources, interface list, firewall, route list, profiler, wireless tables and log. Used Winbox3rc10.

[Ticket#2015060366000163] created.

dynek · Wed Jun 03, 2015 8:58 am

Which can probably be linked to mine : #2015060266000843

dada · Wed Jun 03, 2015 11:12 am

Excessive flash writings are not solved.

Tried on Omnitik for the first time, freshly updated from 6.28 to 6.29 via direct update. Opening the rule in firewall (just double click, no change, no save) adds two writes to the flash each time.

Sometimes just opening makes "filter rule moved by user" in the log.

What the hell? Having only one fake rule to check what it does when I open it, and it does these things??? Even when the rule is disabled! Of course the only one rule cannot be moved anywhere!

How difficult could be to correct these errors?

I tested it on RB411AH with 6.29.1 and I see 4 sector writes after just opening an existing firewall rule (a new empty accept rule in forward chain). A new line appears in Log each time I open the rule (double click on the rule) with this text:
filter rule moved by admin

Which obviously is not true. There was only one firewall rule ...

jebz · Wed Jun 03, 2015 11:47 am

As a matter of fact Mikrotik staff may have accidentally acknowledged this by suggesting to export the config, netinstall and then import the config back - all because the NTP client wouldn't work after an upgrade(!)

I don't see any other official explanation for the tons of bug (or not) reports on each new version.
Take every thread for each new version (especially after v6.x). It will be 6-10pages of which most posts will be about reporting bugs or problems after the upgrade and how downgrading back to whatever previous version, resolves it.

The pattern is quite clear I am afraid.

I recently exported from a major v6 ROS to another but after reviewing the terminal found a number of command syntax's had changed on importation of the export. One of the changes was - set time-zone-autodetect=no time-zone-name=Australia/Brisbane which caused the timezone not to be applied. I can't recall the other 2. If this type of thing is happening between versions stability of configurations will be effected.

dynek · Wed Jun 03, 2015 12:28 pm

Can someone confirm if downgrading is just a matter of putting previous version files in place and reboot the device just like an upgrade ?

Thank you !

Wed Jun 03, 2015 12:30 pm

Can someone confirm if downgrading is just a matter of putting previous version files in place and reboot the device just like an upgrade ?

Thank you !

no, you must upload older files, and run command "/system package downgrade".

ATROX · Wed Jun 03, 2015 1:47 pm

Dear MikroTik Support.
After upgrading to v6.29.1 IPsec automatically not UP. Only after Kill Connections.
Fix please!
In v6.28 the same situation.
In v6.27 - good, IPsec auto UP.

angboontiong · Thu Jun 04, 2015 11:18 am

What's the different of the V6.29.1 with this?

Thu Jun 04, 2015 11:29 am

What's the different of the V6.29.1 with this?

.1 adresses an issue with CRS where you could not connect to them

Thu Jun 04, 2015 1:50 pm

According to previous topics many clients did respond that sector writes issue was solved for them (when Firewall menu was opened in Winbox). We also did see that fix is working in out lab. If you still notice sector writes counter rising without apparent reason, then please write to. Tell us what do you do at the moment when it is happening. For example, if it is happening while Winbox is opened, then name what kind of windows are you using while it is happening.
I already described the mechanism above (see http://forum.mikrotik.com/viewtopic.php ... ve#p484196).

I have to add that I am not logging to internal flash at all but to usb flashdisks and to remote syslog.

Used windows are resources, interface list, firewall, route list, profiler, wireless tables and log. Used Winbox3rc10.

[Ticket#2015060366000163] created.

Confirmed by Mikrotik to be bug, hopefully it will be corrected in some subsequent winbox.

Before that they tried to convince me that I should blame my too much sensitive quality mouse that moves a bit with the firewall rule during the double click. But taking such thing as rule order change is surely winbox/ros bug, not problem of my mouse.

Hope it will be corrected soon.

andersonlich · Thu Jun 04, 2015 2:55 pm

Hi all
Does anybody having problem using IP Hotspot after upgrading to 6.29.1 from 6.27 ?
My clients are obtain dhcp, but after requesting http traffic(before login), the client doesn't appear at /ip hotspot host and it seems the packet is not forwarded normally and caused my client is not redirected to my external login page.

Thank you

Anderson

Thu Jun 04, 2015 5:04 pm

DHCP server is on the same box as Hotspot?
What happens when you try to open the IP address of the hotspot in the browser?

Hi all
Does anybody having problem using IP Hotspot after upgrading to 6.29.1 from 6.27 ?
My clients are obtain dhcp, but after requesting http traffic(before login), the client doesn't appear at /ip hotspot host and it seems the packet is not forwarded normally and caused my client is not redirected to my external login page.

Thank you

Anderson

rextended · Thu Jun 04, 2015 6:30 pm

The 6.29(.1) is VERY VERY VERY bad for me,

On all 921UAGS-5SHPacD (and other 9xx models) I have,
I lost completly or partially the auto-negotiation on ehter1 and sfp1.
Not mind if are fresh netinstalled or upgraded.
I'm forced to set manually 1000 or 100 full-duplex (I'm using ONLY the original mikrotik provided gigabit poe).
Also if both connected devices are the same model, the problem still exist.

Also S-RJ01 stop working as expected on all 9xx capable devices, for the same reason.

On both my CCR1036-12G-4S, with all the S-85DLC05D plugged, lost auto-negotiation and if are forced 1Gb are very slow...

Restoring the 6.28 solve any problem on all devices, I also try the .1, but the problem still exist

[no problem on 4xx, 2010, 1x00, metal, groove or 7xx models]

Test case:
netinstall two 921UAGS-5SHPacD with 6.29.1,
put on both one S-RJ01,
after put two ip address on the devices,
try bandwidth test between the two devices.
feel free to try any ethernet cable you have....
sometime is working, sometime you got "R" but do not pass more than 1 or 2 packet for second, sometime the two device can't estabilish ethernet link between the two S-RJ01 or the two ether1

warn1ng · Sat Jun 06, 2015 2:11 am

Hi, doing a PTP with SXTs running v6.29, wireless-fp package and using nstreme wireless protocol, wireless link seems to work good, but when the SXT running on "station bridge" gets power cycle, cant connect back, only way to make it works is if i unclick "Hidde SSID" on the "bridge" SXT

Sorry the broken english

Bests

struart · Sat Jun 06, 2015 10:46 am

Hello
I upgraded my RB433 from 3.30 to 4.17>5.26>6.29
All went fine.
But i noticed one problem.

ETHER1 is making traffic (around 15mbs) all the time even if device connected to it is not making any traffic at all.
When i disable it its OK then i enable and its OK until i try to ping something on that interface than again 15mbs of fake traffic and CPU goes to 90%

Sat Jun 06, 2015 11:32 am

And what is the traffic?

dzikis · Sat Jun 06, 2015 11:35 am

Hello
I upgraded my RB433 from 3.30 to 4.17>5.26>6.29
All went fine.
But i noticed one problem.

ETHER1 is making traffic (around 15mbs) all the time even if device connected to it is not making any traffic at all.
When i disable it its OK then i enable and its OK until i try to ping something on that interface than again 15mbs of fake traffic and CPU goes to 90%

Hello
I had problem with 6.29 strange traffic on few interfaces oround 5mbps and loosing pppoe connection with clients . Whan i downgrade to 6.28 problem do do not comeback.

struart · Sat Jun 06, 2015 11:54 am

Exacly same situation here but downgrade didnt help ;(

And what is the traffic?

Emmm nothing

its classic router tplink connected to that ether1 but noone is using it at that moment but still there is 15/5 mbs usage.

TORCH shows 0 traffic at all.

During this CPU goes to 80-90% and disconnect all pppoe clients on wlan2.

If i disable that ether1 then rb is working great but then one guy is w/o internet

benesm1 · Sat Jun 06, 2015 7:34 pm

Hello,
we are using two CCR1036-12G-4S as our edge routers. We are using ssh proxying to access servers behind those routers. Please see excerpt from ssh config:

Host *
ForwardAgent yes

Host CCR-gateway
Port xx
User ssh-proxy
#CCR1
Hostname 1.2.3.4
#CCR2
#Hostname 1.2.3.5

Host aries
User root
ProxyCommand ssh -W aries.internal:22 CCR-gateway

Host imon
User root
ProxyCommand ssh -W imon.internal:22 CCR-gateway

Host scorpio
ProxyCommand ssh -W scorpio.internal:22 CCR-gateway
User root

Since upgrade to ROS 6.29.1 the ssh login to servers behind the CCR hang indefinitely in most cases (for example "ssh aries"). When I specify the "-v" option, the login goes fine in most cases, but sometimes hangs
at "debug1: SSH2_MSG_KEXINIT sent". In case of successful login, the aes128-ctr cipher is selected. When I disable the aes-ctr ciphers, then I can login as usual, but only to some of our servers.

Support Ticket #2015060666000274

I can connect to all servers with following ciphers enabled:
Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes192-cbc,aes128-cbc,aes256-cbc,blowfish-cbc,3des-cbc

bardelot · Sat Jun 06, 2015 9:13 pm

Hi

I'm wondering if the described issue below has been resolved in RouterOS version 6.29.
I have seen the issue has been raised by a few other posters as well, however I did not see any reply acknowledging it.

As I understand the current processing of IPSec encrypted traffic, the traffic passes the firewall input chain, is then decrypted and the decrypted traffic is then again handled by the firewall e.g. the forward chain.
When the firewall processes the decrypted traffic it will be shown as coming from the original interface the encrypted IPSec traffic has been received on. As such there it is not possible to determine if the decrypted traffic is coming from an IPSec tunnel.

Up until RouterOS 6.27 it was possible to overcome this shortcoming by marking incoming IPSec packets using the firewalls mangle functionality. The packet mark would remain on the decrypted traffic (e.g. also on the forward chain) and could therefore be used in the firewall for filtering purposes.

Since RouterOS 6.28 the packet marks do not exist on the decrypted traffic anymore. Has this been changed / fixed in RouterOS 6.29?

Thanks

TheRealJLH · Sun Jun 07, 2015 11:52 am

this update appears to have broken NetFlow it is no longer sending ingress and egress flow data for the same interface. only appears to be exporting Egress flows. per interface.

tomaskir · Mon Jun 08, 2015 10:46 am

@normis
I have managed to reproduce a very rare and annoying bug [Ticket#201503206600075]

It will go away if I reboot the device.
Could someone from support please look at this so I can give you guys SSH access?
I cant keep the device in this state for long, since it needs to be used.

paulsa · Mon Jun 08, 2015 12:24 pm

this update appears to have broken NetFlow it is no longer sending ingress and egress flow data for the same interface. only appears to be exporting Egress flows. per interface.

+1 also experiencing this on our ccr1036. Upgraded from 6.22 to 6.29, only tx bandwidth flow being sent from an interface. Had to enable traffic flow on our edge router which is still sitting on 6.22.

Please fix!

rextended · Mon Jun 08, 2015 8:09 pm

RouterOS 6.28 or 6.29 or 6.29.1
RouterBOOT 3.22

All clean installation with Netinstall without import .backup or keeping previous config.

RB912UAG-2HPnD (BaseBox 2) + R11e-5HacD = kernel panic or kernel failure when the first device connect to wifi.
RB912UAG-5HPnD (BaseBox 5) + R11e-5HacD = kernel panic or kernel failure when the first device connect to wifi.

Device reboot without depleting memory or go to 100% CPU

RB922UAGS-5HPacD (MMCX RouterBoard) + R11e-5HacD = no problem
RB922UAGS-5HPacD (-NM ???) (NetMetal 5) + R11e-5HacD = no problem

TomosRider · Tue Jun 09, 2015 10:29 am

Loosing of static dhcp leases is still present. I can solve it with netinstall, but question is, why it isn't solved with newer releases....

Petzl · Tue Jun 09, 2015 10:55 am

I have a lot of omnitiks that stopped working , or getting un responsive 6.29 RC13

i have romon enabled
will upgrade some to 2.29.1

Tue Jun 09, 2015 11:48 am

Why you use rc version in production?

tomaskir · Tue Jun 09, 2015 11:54 am

Hi,
I think this is a bug or something can't say cleary.

Problem is when change SIM card for RB922 or RB912 with RouterOS v6.29.1.

Have 2 SIM card with different ISP. Another have PIN code other not have PIN code. When first card witch have PIN code everything works wine, but when i change card to no PIN code one and remove that PIN code area in RouterOS then it can't connect. I need to make FULL reset for router and configure all things again without touch that PIN code area and then SIM works.

Any fix for this?

Report this to support@mikrotik.com

They should probably look at this one.

0ldman · Wed Jun 10, 2015 12:01 am

Installed 6.29.1 on my RB750UP that runs my office. Watchdog timer reboot the router every 5 minutes. Downgraded back to 6.20 and bricked the router.

Trying to recover now.

Edit: Now that I'm not in a pinch, RB750UP, 6.20, NTP and DNS, couple of GRE links, tried 6.29.1, seemed okay, enabled Fasttrack, worked beautifully, CPU was like 16% while I was pushing it. Love it.

Then it reboot.

Then it reboot again.

Figured okay, not quite ready for prime time, at least not in my exact configuration, uploaded 6.20 and the NTP package, system package downgrade, reboot.

Nada.

Netinstall got the unit back up and going.

TomosRider · Wed Jun 10, 2015 12:35 am

Try with 6.27, i found it stable as unicorn population in Scotland. Just kidding, its good release.

sasskass · Wed Jun 10, 2015 9:21 am

Serious bug with ethernet on SXT G-5HPacD and v6.29.1 - messed up a lot of time and cpe-s.
In bridged mode, cannot access the device from ethernet side. After ~a day of working eth starts blinking 1 per second, reboot does not help.
Downgrading to the 6.28 solved the problem

Ansy · Wed Jun 10, 2015 10:16 am

Installed 6.29.1 on my RB750UP that runs my office. Watchdog timer reboot the router every 5 minutes.
...
Edit: Now that I'm not in a pinch, RB750UP, 6.20, NTP and DNS, couple of GRE links, tried 6.29.1, seemed okay, enabled Fasttrack, worked beautifully, CPU was like 16% while I was pushing it. Love it.

Then it reboot.

Then it reboot again.
...

Very very close to my case

[Ticket#2015060366000431] [Ticket#2015053066000266] [Ticket#2015052966000214]
MT wiped out my post here, IMHO because they emailed me these crashes may be due to NAND memory errors and told me to NetInstall, but I can't to get to device' site now -- preparing spare one.

I used 6.27 for the long time, RB750UP configured as Bridge with Firewall and Simple Queues mostly, POwEring 3 another radiobridges.

Using 6.29 (yes, reboots 4-5 times!), then 6.30rc7 it worked, but after 4-5 minutes began to overload CPU by management process, loose many lists content (Winbox & console), but still managing traffic! I switched off writing to disk some logs (error, critical), for now uptime is 5d11h (CPU 100%, almost no controls, just /system).

Every try to get supout.rif overloaded & then rebooted device by watchdog (no ping?) with no result file. But rebooting device emailed me autosupout.rif successfully (send to MT support). It'd loosed Bridge - Settings - Use IP Firewall & Allow Fast Path checks in after reboot.

RB750UP_bridge_6.30rc7 freezing.png

IMHO it's not NAND issue...not only NAND may be.
It can be some (rare case) bridging firewall, fast path & management issue, because MT actively working on it last versions.

rextended · Wed Jun 10, 2015 8:44 pm

Serious bug with ethernet on SXT G-5HPacD and v6.29.1 - messed up a lot of time and cpe-s.
In bridged mode, cannot access the device from ethernet side. After ~a day of working eth starts blinking 1 per second, reboot does not help.
Downgrading to the 6.28 solved the problem

Have you read my post???

http://forum.mikrotik.com/viewtopic.php ... 00#p485204

sanitycheck · Thu Jun 11, 2015 6:08 pm

I assume the FREAK SSL vulnerability fixed in 6.29 affected OpenVPN and SSTP since they are both tied to certificates and the Mikrotik certificate functions. But does FREAK affect IPSEC with PSK, meaning where a certificate is not used? Is SSH affected by FREAK when a certificate is used (or not)?

I have some routers on 6.7 that I would rather not upgrade.

Chupaka · Fri Jun 12, 2015 1:50 am

FREAK affects SSL/TLS, so SSTP and HTTPS are possibly affected, not OVPN or IPSec

bney · Fri Jun 12, 2015 2:31 am

Installed 6.29.1 on a router today and the inline comments selection is no longer there in the right hand drop down.
Whats up with that. Having the comments on a seperate line is confusing and annoying to look at.
Why would Mikrotik remove that?

Adav · Fri Jun 12, 2015 4:19 am

Hi

CCR1009-8G-1S-1S+PC

From internet for old version (not PC model):

From my device:

Voltage - invalid (0.0 if power supply 12V, 12.8 if power supply 24V)
Current and power - not present.

Is it problem with "health" for 6.29 version or for PC model?

oukidouki · Fri Jun 12, 2015 5:15 pm

this update appears to have broken NetFlow it is no longer sending ingress and egress flow data for the same interface. only appears to be exporting Egress flows. per interface.

I noticed same bug on my RB 433. Anybody else?

khizer911 · Sat Jun 13, 2015 11:13 am

Does following SNMP traps supported ?

Router reboot
Memory CPU usage

sil200 · Sat Jun 13, 2015 1:13 pm

this update appears to have broken NetFlow it is no longer sending ingress and egress flow data for the same interface. only appears to be exporting Egress flows. per interface.
I noticed same bug on my RB 433. Anybody else?

Hello! Yes, i have similar bug with 6.29.1. Traffic flow does not work correctly.

Marino · Sun Jun 14, 2015 7:35 pm

Hi,

since 6.29 (and 6.29.1) OpenVPN seems broken :

If I connect to openvpn from the internet the connection succeeds. But no network traffic is possible (ping, http,dns ...). In the WebUI i can see the connection is alive but no packets are going through.

If I connect to openvpn from inside (intranet) the connection is established and everything (ping, http, dns, ...) is working.

Any ideas about this ?

Meitonga

Hi, same issue here. Version 6.27 works perfect. Version 6.29.1 fails to route traffic through the tunnel other than its own openvpn subnet. I can ping the openvpn interface on the Routerboard though, so the tunnel is up.

TheRealJLH · Mon Jun 15, 2015 10:45 am

this update appears to have broken NetFlow it is no longer sending ingress and egress flow data for the same interface. only appears to be exporting Egress flows. per interface.
I noticed same bug on my RB 433. Anybody else?

Hello! Yes, i have similar bug with 6.29.1. Traffic flow does not work correctly.

Guys I resolved this issue by downgrading to the 6.28 release on my CCR1036 hopefully they will fix the bug in the next release.

khatab · Mon Jun 15, 2015 10:34 pm

As a matter of fact Mikrotik staff may have accidentally acknowledged this by suggesting to export the config, netinstall and then import the config back - all because the NTP client wouldn't work after an upgrade(!)

I don't see any other official explanation for the tons of bug (or not) reports on each new version.
Take every thread for each new version (especially after v6.x). It will be 6-10pages of which most posts will be about reporting bugs or problems after the upgrade and how downgrading back to whatever previous version, resolves it.

The pattern is quite clear I am afraid.
I recently exported from a major v6 ROS to another but after reviewing the terminal found a number of command syntax's had changed on importation of the export. One of the changes was - set time-zone-autodetect=no time-zone-name=Australia/Brisbane which caused the timezone not to be applied. I can't recall the other 2. If this type of thing is happening between versions stability of configurations will be effected.

Dear Sir, Hi, I am also facing the same problem, NTP client is not responding, and the time is not correct, I got more than 10 mikrotiks, ALL of them got that problem, the version are 6.28, 6.29, even 6.30 (19), any one else got the same problem?

bloemkool73 · Tue Jun 16, 2015 2:04 am

Hi Guru's

coming from 6.28, then went to 6.29.1 and right now on 6.30rc19.
The 6.28 config worked on my rb2011 with antenna's.
DHCP for Apple devices (OSX & iOS) seem broken somehow. I tested via WLAN and cable, both same result.
A Windows install via virtualbox on my Mac get's a DHCP lease. And my Mac itself does not get any.
I see android devices connecting to the network and their lease is renewed after some time. So that is good also.
The iOS devices get a lease ( OFFER and ACK ) and after a few seconds I see a REQUEST and a DECLINE.

I have got two networks separated by VLAN. Made bridges inside those VLAN's. Ports and WLAN's are connected to the bridges.
Both networks have their own DHCP server. Both DHCP servers are authoritative. They cannot see each other
One DHCP server gives the Apple devices a lease, so no problem here.
The other network gets declines like this:

received decline with id 0 from 0.0.0.0

So weirdness is going on here ..

I tried playing with ARP on the bridge and toggled the ARP option in the DHCP server, but I can't get it to work anymore.
Further I'd like to go back to 6.28, but cannot find it... Where can I find it?

Abdock · Tue Jun 16, 2015 6:31 pm

I tried to activate the RoMon feature but just after activating my router rebooted, this made me go back and disable as i did not want to cause issues with network. anybody else tried to use Romon on live or test network ?

khizer911 · Wed Jun 17, 2015 12:45 pm

Please provide RSA support for ssh. It currently supports DSA. We are not able to ssh mikrotik routers from Cisco routers or Cisco routers from Mikrotik routers because both routers support different alogos for ssh!

freemannnn · Wed Jun 17, 2015 1:19 pm

Winbox working folder should be the same folder winbox.exe exist so it could be portable. I login to customer routers from different pc and places and i have to make every time new viw files the way i want. Why should it be in windows user folder? In the same folder all ini and viw files !

Sorry wrong post here. Admis delete it please

mcdebugger · Fri Jun 19, 2015 2:07 am

I lost connection to 3 of 21 RB750s that I've upgraded and also they can't ping anyrhing via ether1 interface (which is connected to our distribution net).
I needed to get my bicycle and go on the night to ride across the town.
Connected via our wi-fi hotspots that plugged to "LAN" or access side of Mikrotik.
First device was fixed by just rebooting.
On the second board I had to downgrade to 6.28. I then tried to upgrade to 6.29.1 once again and it was the same problem: no ping from the board itself via ether1, no ping/forwarding from LAN to distribution (no nat or filtering is used on these boards). But I can see packets from other routers (OSPF, multicast and maybe even some other) and from router itself in the tool sniffer. Downgraded one more time and now it's working at least with 6.28.
I didn't fixed the third board yet because I can't connect to our network on the third location now.
What is special is that almost all of the boards have the same configuration (except for IP addresses) and most of devices updated correctly where some of them have these problems.

makros · Sat Jun 20, 2015 11:03 pm

Hi everyone! We had had ver 6.6 working well. But it hadn't been able to make template to generate certificate request for the openvpn server.
So we had decided upgrade routeros. What's now:

/system resource print                 
version: 6.29.1
architecture-name: powerpc
board-name: RB1100AHx2

We noticed some minor issues after this upgrade.
1. Certificate request was made and generated but the easyrsa3 (fedora 20) couldn't sign it. It made us generate the request by another device (CCR, routeros 6.19), sign by easyrsa3 and import it.
2. OpenVPN tap (L2) tunnel is raised (its client is FreeBSD 8.3) but the tcpdump shows some unwelcome traffic (about 1Mbit per sec) from the server (Mikrotik) to the client (FreeBSD host). The undesired traffic are packets between LAN hosts of the router behind NAT and WAN hosts. This problem doesn't present in another device (CCR, routeros 6.19): we see only expected packets.
3. When I try to add INPUT rules to control traffic by connection-state option

chain=input disabled=yes action=drop connection-state=invalid log=no log-prefix=""
chain=input disabled=yes action=accept connection-state=related log=no log-prefix=""
chain=input disabled=yes action=accept connection-state=established log=no log-prefix=""

the web interface doesn't show the option "connection-state" installed. I can choose it and save, but when I reopen the rule - it's blank again. I can see only in console that the option is set. You can see the rules are turned off and I don't know if it works or not because I'm afraid to lose control.
So we've cowardly decided downgrade one to routeros 6.19

Kraken2k · Mon Jun 22, 2015 3:00 pm

As I understand the current processing of IPSec encrypted traffic, the traffic passes the firewall input chain, is then decrypted and the decrypted traffic is then again handled by the firewall e.g. the forward chain.
When the firewall processes the decrypted traffic it will be shown as coming from the original interface the encrypted IPSec traffic has been received on. As such there it is not possible to determine if the decrypted traffic is coming from an IPSec tunnel.

Up until RouterOS 6.27 it was possible to overcome this shortcoming by marking incoming IPSec packets using the firewalls mangle functionality. The packet mark would remain on the decrypted traffic (e.g. also on the forward chain) and could therefore be used in the firewall for filtering purposes.

Since RouterOS 6.28 the packet marks do not exist on the decrypted traffic anymore. Has this been changed / fixed in RouterOS 6.29?
Thanks

Same problem here (two independent RB1100AHx2).

After upgrade from 6.24 to 6.29.1, ipsec packet mark in mangle-prerouting chain does not work, or it's not catched by filter-forward chain.

Chupaka · Mon Jun 22, 2015 4:31 pm

After upgrade from 6.24 to 6.29.1, ipsec packet mark in mangle-prerouting chain does not work, or it's not catched by filter-forward chain.

seems like it won't be possible anymore, but another solution is coming:

What's new in 6.30rc19 (2015-Jun-12 11:45):
*) firewall - added ipsec-policy matcher to check wheather packet was/will be ipsec processed or not;

p.s. Normis, sed s/wheather/whether/

Kraken2k · Mon Jun 22, 2015 5:34 pm

Upgraded two RB1100AHx2 (powerpc) from 6.24 to 6.29.1 and since then I have problem with Simple Queues respectively... half of it:

Simple example from wiki - limit LAN traffic (identified by IP address range) to WAN (identified by interface eth11 to ISP; there is src-nat to public IP address on VRRP interface assigned to eth11). Upload queue works as expected, but download one does not... with the same configuration as before upgrade.

simple_queue.png

I've upgraded also few other 2011UAS-2HnD (mipsbe) boxes in the same way, but all of them works normally as expected, but it might be also configuration related...

Just a guess... VRRP problem?

Mon Jun 22, 2015 5:35 pm

Yes, all marks are cleared after ipsec decapsulation/encapusaltion. You can still use priiority and DSCP however.
v6.30 will have new policy matcher as well as ipsec policy based method. Examples will be added in the wiki after version release.

jondavy · Mon Jun 22, 2015 9:59 pm

why CCR series do not show Bad Blocks?
/system resource print

cREoz · Tue Jun 23, 2015 3:44 pm

On mAP ETH1 and ETH2 leds is always OFF after router is rebooted with connected cables.

/system resource print 
                   uptime: 2h50m33s
                  version: 6.29.1
               build-time: Jun/01/2015 13:30:35
              free-memory: 42.1MiB
             total-memory: 64.0MiB
                      cpu: MIPS 24Kc V7.4
                cpu-count: 1
            cpu-frequency: 400MHz
                 cpu-load: 5%
           free-hdd-space: 4084.0KiB
          total-hdd-space: 16.0MiB
  write-sect-since-reboot: 707
         write-sect-total: 119714
               bad-blocks: 0%
        architecture-name: mipsbe
               board-name: mAP
                 platform: MikroTik

Tue Jun 23, 2015 4:06 pm

mAP has mismatched LED's assigments: http://forum.mikrotik.com/viewtopic.php ... 60#p481260
Goto System/LEDs and set them properly as you wish/need.

grandow · Tue Jun 23, 2015 4:20 pm

Hi Guys

I'see a new bug in v6.29 in a groove dettect an disk space 175% free look imagems:

kez · Tue Jun 23, 2015 9:40 pm

Sorry, I know this is not the 6.30rc topic, but there is no one official.
There is a problem with the scheduler on v6.30rc22.
When you choose "startup" as start time it doensn't run at startup.
It works after downgrade to 6.29.1.
Tested on mipsbe plataform.
And thanks for the VLAN Fastpath support on v6.30rc!

Marino · Wed Jun 24, 2015 1:25 pm

Since version 6.29, OpenVPN clients don't use the default gateway on the remote network anymore. You need to add ip routes manually on the clients. Has it something to do with this change?

*) ovpn server - use subnet topology in ip mode if netmask is provided (makes android & ios
clients work);

Chupaka · Thu Jun 25, 2015 2:39 pm

Sorry, I know this is not the 6.30rc topic, but there is no one official.

because it's not a release

There is a problem with the scheduler on v6.30rc22.

please write to support@mikrotik.com

prawira · Fri Jun 26, 2015 7:08 am

dear all,

we just notify that we can not do zoom-in and zoom-out on the smartphone for the user manager on version 6.x.
while we still be able to do the same thing on version 5.x

Paul

kez · Fri Jun 26, 2015 4:19 pm

Sorry, I know this is not the 6.30rc topic, but there is no one official.
because it's not a release

There is a problem with the scheduler on v6.30rc22.
please write to support@mikrotik.com

Some RCs have their owns topics.
Thanks, but I think just post here it's enough. It's a pretty easy bug to test. Normis and others Mikrotik developers are always here, so...

coylh · Sat Jun 27, 2015 7:01 am

Just tried 6.25 to 6.29.1 upgrade (via system packages download) on CCR-1036-12G-4S, and it started crashing a couple times per minute. I was able to see some output on the console:

resetting_chip.png

The only error is on the console is "Resetting chip and restarting." In the system log there is "System rebooted because of kernel failure".

infused · Mon Jun 29, 2015 2:25 am

I know this is 6.29, but does 6.28 have any significant issues? Mainly around queues, gre tunnels? I need to upgrade a few tiks from 6.15 that I have issues on. 6.29.1 has a few issues i'd like to avoid.

TomosRider · Mon Jun 29, 2015 11:58 pm

@Infused
I roll 6.28 release on 90% of our company routers and its by far most stable version, but to be honest, i didnt had problems with 6.27 either.

infused · Tue Jun 30, 2015 2:12 am

Thanks for that.

xcom · Tue Jun 30, 2015 4:49 pm

@Infused
I roll 6.28 release on 90% of our company routers and its by far most stable version, but to be honest, i didnt had problems with 6.27 either.

Where can I download 6.28?

Thanks!

coylh · Tue Jun 30, 2015 10:45 pm

I also still encounter the problem where routerboard devices still don't connect to Cisco switches reliably after a reboot. Each time I upgrade my network I get one or two routers that forget they have a lan connection. The interface is enabled, but not "running". Disabling and re-enabling the interface (or physically unplugging and re-plugging) gets the interface to work again. With the 6.29.1 upgrade I've seen this on a 450G and 2011UiAS.

jebz · Wed Jul 01, 2015 1:51 am

Where can I download 6.28?

Thanks!

Copy the old URL and adjust it like -
http://download2.mikrotik.com/routeros/ ... e-6.28.npk

jondavy · Wed Jul 01, 2015 3:47 am

CCR1009-8G-1S-1S + with packages v6.29.1 crash after several hours
on average througtput 100MiB Running
ospf+vlan+PPPoE-Server+simple queues

jondavy · Wed Jul 01, 2015 4:12 pm

CCR1009-8G-1S-1S + with packages v6.29.1 crash after several hours
on average througtput 100MiB Running
ospf+vlan+PPPoE-Server+simple queues

in fact specifically happened the day before yesterday and yesterday 21:00
second comments of many colleagues who were also affected this is the 'Leap Second'
https://www.facebook.com/groups/2210247 ... 144362036/

is there any way to fix it to no longer crashes?
as this is a botch, only restarting the power source

Thu Jul 02, 2015 3:22 pm

Upgrading a CCR to 6.29.1 killed our MPLS. Some internal routes are not reachable by some routers 2 Hops away. Disabling LDP solved it. downgrading the CCR to 6.15 solved the problem.
Routes were installed in LDP Forwarding Database but does not seem to work.

Upgrading Firmware needed a Hard Power Down/UP.

Got a lot of calls today ...

Edit: Problematic routes were /32.

xcom · Thu Jul 02, 2015 9:19 pm

Where can I download 6.28?

Thanks!
Copy the old URL and adjust it like -
http://download2.mikrotik.com/routeros/ ... e-6.28.npk

Thanks!

WirelessRudy · Fri Jul 03, 2015 3:23 am

Last days we installed several v6.29.1 ROS on v.6.27 running units. We found 5% of the units, special ones with PoE out ports, stopped passing traffic over their ethernet ports.
We have 'hardware queues' on all ports and they are also set to manually set 100Mbps rates. (But on one unit we still had 'auto' and it also happened the same here...)

Ethernet ports on both ends show they are connected but traffic only flows one way, towards the PoE out port. Opposite direction no traffic. Neighbour doesn't see adjacent unit anymore and even if the mac address or IP is know, the other end of the cable became completely unreachable.
It happened most of the times half a day or more after the upgrade. Not inmediately. Units kept working fine for hours....

Only a real power cycle brought the units back working normally..... (So, no supouts. Unit had to be powercycled and after that the supout has no more meaning....)

It happened to one of my main gateways so I was not happy! Hope it doesn't happen again.....

Farhadgh · Sun Jul 05, 2015 10:26 am

I can't make any of arp static due to "Couldn't add new ARP, Already have such ARP!" error.
It would be awesome if there was a command for that too. making static is only possible on gui (I know with some scripts it is possible. I mean something like "/ip arp set x static=yes")

Chupaka · Sun Jul 05, 2015 5:48 pm

I can't make any of arp static due to "Couldn't add new ARP, Already have such ARP!" error.
It would be awesome if there was a command for that too. making static is only possible on gui (I know with some scripts it is possible. I mean something like "/ip arp set x static=yes")

checked with 6.29 - no problem when adding ARP entry if dynamic entry for this IP already exists

please give an example of what you do, what you expect and what exactly happens

Farhadgh · Sun Jul 05, 2015 8:17 pm

Hello Chupaka. I tested that again and it was working fine (after an unexpected shutdown). at that situation, I solved this by copying everything field by field (even copying dhcp arps in disabled=yes mode was making error with DX flags) and then removing every dynamic arp and enabling disable arps in one line. I hope this don't happen again. It hurts!

Kraken2k · Wed Jul 08, 2015 2:05 pm

Upgraded two RB1100AHx2 (powerpc) from 6.24 to 6.29.1 and since then I have problem with Simple Queues respectively... half of it:

Simple example from wiki - limit LAN traffic (identified by IP address range) to WAN (identified by interface eth11 to ISP; there is src-nat to public IP address on VRRP interface assigned to eth11). Upload queue works as expected, but download one does not... with the same configuration as before upgrade.

simple_queue.png
I've upgraded also few other 2011UAS-2HnD (mipsbe) boxes in the same way, but all of them works normally as expected, but it might be also configuration related...

Just a guess... VRRP problem?

After series of tests, I found the source of this issue: it's just the fact, that if you set physical interface (ether11 in my case) as Target for simple queue and there are VRRP interfaces on this physical interface, then the traffic that goes through those VRRP interfaces are not included in this simple queue (even if this VRRP interfaces "sit" on the ether11 port). More precisely, outgoing traffic is handled, incoming not (as you can see on screenshots). There is src-nat (firewall - NAT) rule to handle the address translation from LAN to WAN - is it possible that it affects this situation?

Not sure if it's bug or feature (and may be this configuration cannot work anymore or I handled this in a wrong way...).

When single VRRP interface is a Target for simple queue, it works as expected. But how to handle the traffic going in/out through multiple virtual interfaces? The goal is to have simple pcq traffic shaping across all virtual interfaces up to the ISP bandwidth limit (for all LAN sources accessing the WAN through multiple virtual interfaces).

frederico · Sun Feb 07, 2016 11:17 pm

As a matter of fact Mikrotik staff may have accidentally acknowledged this by suggesting to export the config, netinstall and then import the config back - all because the NTP client wouldn't work after an upgrade(!)

I don't see any other official explanation for the tons of bug (or not) reports on each new version.
Take every thread for each new version (especially after v6.x). It will be 6-10pages of which most posts will be about reporting bugs or problems after the upgrade and how downgrading back to whatever previous version, resolves it.

The pattern is quite clear I am afraid.
I recently exported from a major v6 ROS to another but after reviewing the terminal found a number of command syntax's had changed on importation of the export. One of the changes was - set time-zone-autodetect=no time-zone-name=Australia/Brisbane which caused the timezone not to be applied. I can't recall the other 2. If this type of thing is happening between versions stability of configurations will be effected.
Dear Sir, Hi, I am also facing the same problem, NTP client is not responding, and the time is not correct, I got more than 10 mikrotiks, ALL of them got that problem, the version are 6.28, 6.29, even 6.30 (19), any one else got the same problem?

I'm also having the same issues, Time is not being updated via NTP, I set the NTP server IP address.
The second bug is that when I issue the command to change the time-zone it hangs in there and does nothing, I have to press ctrl+C to cancel.
Looks like a bug to me.