v6.33.3 [current] is released!

Fri Dec 04, 2015 10:40 am

We have released 6.33.3 version. Version includes only bug fixes compared with 6.33.2 and does not include new features. If you need new features, then test 6.34rc versions.
Version is released in current channel.

What's new in 6.33.3 (2015-Dec-03 16:08):

*) ethernet - fixed 10/100Mbps autonegotiation fails on RB922UAGS ether1 (introduced in v6.33.2);
*) upnp - fixed memory leak;
*) ssh - avoid double session cleanup;
*) email - make password field sensitive in console.

marosi · Fri Dec 04, 2015 1:32 pm

it is even worse. SXT5 sa ac. upgrade but still fixed on 100mbit-fdx -> i see it in the neighbor list, i can see the ip and some traffic (torch) but it is inaccessible. no ping, no mac-ping, no telnet/winbox/mac-telnet.

wireless connect is working for 5 seconds. "no beacons received".. with a signal of -59.
on 6.33 it was stable and fast. sometimes a longer connect. but no mac-ping/telnet via wireless possible.

the device is on a 25m high mast and it is hard snowing today.. thanx.
it is the first time since i use mikrotik devices (and i use them for many years) where i have to change the production state to "unreliable".

kristaps · Fri Dec 04, 2015 2:03 pm

@marosi What device is connected on the other end? Is it RB750UP, CCR or other? Please make sure you checked power supply, PoE injector, etc.

astraliens · Fri Dec 04, 2015 3:22 pm

test device RB435G - ~30 minutes after upgrade, now working just as AP for 2 laptops, everything still fine

marosi · Fri Dec 04, 2015 5:52 pm

@marosi What device is connected on the other end? Is it RB750UP, CCR or other? Please make sure you checked power supply, PoE injector, etc.

It is connected to a CRS125-24G and the included external GigE PoE Injector. All mounted in an upwarmed and dry container.

I drove to the mast, unplugged the PoE, plugged it back after a while and the device was working again.
But this should not be part of future update-scenarios. If the devices can´t be updated remote, they are useless.
I can not test out every possible variants and konstellations within the routerboard product line local before updating remote devices. This is YOUR job

docmarius · Sat Dec 05, 2015 11:46 am

Something(TM) is breaking sporadically my ssh communication to the router with this firmware.

I have a python script managing some interfaces and routes on my RB1100AHx2. It uses paramiko for the ssh access functions and runs hourly.
After update to 6.33.3 I had 4 connection failures in less than 24 hours:

Traceback (most recent call last):
  File "/opt/ampr/updateros.py", line 167, in <module>
    main()
  File "/opt/ampr/updateros.py", line 154, in main
    ssh.exec_command(command)
  File "/usr/lib/python2.7/dist-packages/paramiko/client.py", line 363, in exec_command
    chan = self._transport.open_session()
  File "/usr/lib/python2.7/dist-packages/paramiko/transport.py", line 658, in open_session
    return self.open_channel('session')
  File "/usr/lib/python2.7/dist-packages/paramiko/transport.py", line 713, in open_channel
    raise SSHException('SSH session not active')
paramiko.SSHException: SSH session not active

Unfortunately I have no logging. Back to 6.33.2 to check if it happens again...
This may be a sign to switch to the ROS API, but anyhow...

RusConSPb · Sat Dec 05, 2015 1:07 pm

After update from 6.33.1 to 6.33.3 two of four my Mikrotik will not boot!!! This firmware is not compatible with all devices/configurations! Do not update your production routers...

2 RB951G-2HnD updated successfully

1 RB2011UiAS will not boot after update - stopped on "Starting Services" with all ethernet status LEDs off (no second beep).

1 RB751G-2HnD will not boot after update - stopped somewhere during boot.

I was able to reset both routers and after restoring config from backup - it was stopped again. After it I tested latest Beta - same result.

After downgrading to 6.33.1 and restoring config from backup - everything working again...

Now I'm afraid to do future upgrades... something wrong with this new firmwares... be aware!!!!!

Update: 6.33.2 - also broken as described

docmarius · Sun Dec 06, 2015 2:35 pm

Unfortunately I have no logging. Back to 6.33.2 to check if it happens again...

Soo, it seems that falling back to 6.33.2 prevents the ssh errors from happening.

Maybe the '*) ssh - avoid double session cleanup;' was not such a bright idea in the first place.

RusConSPb · Mon Dec 07, 2015 5:19 pm

Dear MikroTik - is there any way to see, why my routers doesn't boot after latest firmware updates?

slavisar · Mon Dec 07, 2015 6:47 pm

I still have unsolved Ticket#2015113066000843. Since 6.33.1 my 4 devices are unusable, 2xGrooveA 52HPn, 1xSXTG2HnD and 1xRB2011UiAS-2HnD-IN. Problem is that they work ok unencrypted but are unable to establish WPA or WPA2. AP log says "unicast key exchange timeout". After couple of days of correspondence with support they demanded SSH connection with 2 of my problematic devices. Support operator made new security profile with predefined WPA2 key and somehow established connection. Trying to replicate that thru winbox, I disconnected devices and not succeeded to connect them again. I have year long experience playing with these mikrotiks and remember these devices working straight from the box. Anyone familiar with this problem?

slavisar · Mon Dec 07, 2015 6:51 pm

After update from 6.33.1 to 6.33.3 two of four my Mikrotik will not boot!!! This firmware is not compatible with all devices/configurations! Do not update your production routers...

2 RB951G-2HnD updated successfully

1 RB2011UiAS will not boot after update - stopped on "Starting Services" with all ethernet status LEDs off (no second beep).

1 RB751G-2HnD will not boot after update - stopped somewhere during boot.

I was able to reset both routers and after restoring config from backup - it was stopped again. After it I tested latest Beta - same result.

After downgrading to 6.33.1 and restoring config from backup - everything working again...

Now I'm afraid to do future upgrades... something wrong with this new firmwares... be aware!!!!!

Update: 6.33.2 - also broken as described

Happened to me couple of times. Use latest netinstall to recover your devices. Use fixed IP 192.168.88.xxx on your host PC.

jaytcsd · Tue Dec 08, 2015 7:58 pm

I found a routerboard 532 with 2.95 sitting in a drawer, so far I can't upgrade it by dragging any v5 or 6 .npk file into the files directory and rebooting.
How can I upgrade this?

Chupaka · Tue Dec 08, 2015 11:02 pm

Use Netinstall

gkoufoud · Wed Dec 09, 2015 9:19 am

Hi,
It seems that after upgrade, routeros does not clear ssh session if client suddenly kills the connection without calling a close() function.
I use php ssh2 to backup my devices and there are many dead connections in /users/active
This can be reproduced easily with official ssh client (eg ubuntu):
1. ssh from a linux machine to the device
2. Open a new terminal in client and kill the ssh process

It seems that fix "ssh - avoid double session clean-up;" is not working as expected.
Downgrading to 6.33.2 fixes the problem.

Thanks.

Wed Dec 09, 2015 9:31 am

Please write to support@mikrotik.com and send supout files which would be generated while there are "dead" SSH connections.

I am not being able to reproduce this issue. I make multiple SSH sessions and break them without close. After few seconds they are closed and I do not see them any more under active connections.

gkoufoud · Wed Dec 09, 2015 4:50 pm

Please write to support@mikrotik.com and send supout files which would be generated while there are "dead" SSH connections.

I am not being able to reproduce this issue. I make multiple SSH sessions and break them without close. After few seconds they are closed and I do not see them any more under active connections.

Sorry, Finally I saw that this happens only with php ssh2
eg

$con = ssh2_connect($address, $sshport);
ssh2_auth_password($con, $username, $password);
$stream = ssh2_exec($con, "export file=".$filename."\r\n" );
stream_set_blocking($stream, true);
sleep(5);
$sftp = ssh2_sftp($con);
$content = file_get_contents('ssh2.sftp://'.$sftp.'/'.$filename.'.rsc');
file_put_contents($backup_directory.$filename,$content);
$stream = ssh2_exec($con, "/file remove \"$filename.rsc\"");
sleep(2);
ssh2_exec( $con,'/quit');

gtj · Wed Dec 09, 2015 9:37 pm

Please write to support@mikrotik.com and send supout files which would be generated while there are "dead" SSH connections.

I am not being able to reproduce this issue. I make multiple SSH sessions and break them without close. After few seconds they are closed and I do not see them any more under active connections.

I can confirm this...

[root@client-15.oaks] /user active> pr
Flags: R - radius, M - by-romon 
 #    WHEN                 NAME             ADDRESS                                            VIA           
 0    dec/08/2015 22:04:05 root             172.31.252.1                                       ssh           
 1    dec/08/2015 22:04:11 root             172.31.252.1                                       ssh           
 2    dec/09/2015 11:43:03 root             172.31.252.1                                       ssh           
 3    dec/09/2015 11:43:08 root             172.31.252.1                                       ssh           
 4    dec/09/2015 12:03:56 root             172.31.252.1                                       ssh           
 5    dec/09/2015 12:04:01 root             172.31.252.1                                       ssh           
 6    dec/09/2015 12:05:44 root             172.31.252.1                                       ssh           
 7    dec/09/2015 12:05:49 root             172.31.252.1                                       ssh           
 8    dec/09/2015 12:06:45 root             172.31.252.1                                       ssh           
 9    dec/09/2015 12:06:49 root             172.31.252.1                                       ssh           
10    dec/09/2015 13:33:42 root             172.31.252.30                                      ssh

Only the last one is actually valid. supout on the way.

Manfred · Thu Dec 10, 2015 6:54 pm

Hello

I've Problems with the OVPN - Server coming with RoS 6.33 not solved yet.

First of all, after any OVPN - Client, except a MKT - Router, connects, I get the Errormessages shown.

Also,
the Tunnels are very unstable or the Connection is established but there is no Traffic ( even Ping the other endpoint ) going through the Tunnel.

I tried different ( Linux and Windows ) Clients, but they all show the same.

No Problem with RoS 6.27 so far,
so any idea what to do ?

Manfred

vipnet · Fri Dec 11, 2015 10:24 am

GoodMorn

I update CRS 1036 EM 32.1/ 33.3

UserManager stopped 2 users log in with the same account

PPPoE Profile/General Addreslist dont work no add user in addreslist

vipnet · Fri Dec 11, 2015 10:27 am

addreslist working , dont work queue advanced packet mark

ofendt · Sun Dec 13, 2015 1:55 am

Hi,

i think there is a bub in Bridges

ETH i can use with DHCP (Client) and i can access the board with MAC-Telnet or Winbox like expected.

After adding a bridge and putting the interface in a bridge i can see the Device in Winbox and IP/Neigbours
and i can MAC-PING but i can't access it (nor with Winbox or MAC-Telnet).
The MAC-Telnet-Server seems to be broken.

...
By the Way. Thanks for great products and thanks for dude living again!
Missig ist a small WLAN AP with 5 AND 2.4 GHz for wallmount or ceiling.

stapler2025 · Sun Dec 13, 2015 6:38 am

Ever since we started updating our devices to 6.33.x / Winbox 3.0 we have an issue running scripts on our equipment (CPE/Routers).

When we're initially programming them we login to the mac with winbox, reset the defaults etc. Login again and paste a script into the terminal. Everything seems it works right until it gets to the bridge port, which resets the interface (plugged into port 2).

If we connect via the ip and run the script in the terminal everything works as intended. Any particular reason why the interface associated with the mac resets now when its added to a bridge port?

TikUser · Mon Dec 14, 2015 8:51 pm

Ever since we started updating our devices to 6.33.x / Winbox 3.0 we have an issue running scripts on our equipment (CPE/Routers).

When we're initially programming them we login to the mac with winbox, reset the defaults etc. Login again and paste a script into the terminal. Everything seems it works right until it gets to the bridge port, which resets the interface (plugged into port 2).

If we connect via the ip and run the script in the terminal everything works as intended. Any particular reason why the interface associated with the mac resets now when its added to a bridge port?

In bridge the mac address changes.
"One MAC address will be assigned to all the bridged interfaces (the MAC address of first bridge port which comes up will be chosen automatically)."

Use the admin-mac option ("Static MAC address of the bridge"), and your bridge mac address will be always the same.

ROS - bridge interface setup

solelunauno · Mon Dec 14, 2015 9:31 pm

Tested v.6.33.3 on RB450G, RB951Ui-2HnD, RB911G-5HPnD. All show issue with PPPoE MTU.
PPPoE MTU connects @ 1480 MTU and 1492 MRU. Other similar devices on the same network with 6.32.2 connect properly @ MTU 1500, and ping shows no fragmentation with 1500b packets.
Downgraded @ 6.32.2 the RB450G fort test, its PPPoE client now connects @ MTU 1500.
PPPoE server is an RB1100AHx2 with RouterOS v. 6.23, and the pppoe service is the same for all client CPEs.
What have I to do? Downgrade all 6.33.3 devices? Wait for solution?

guillea · Mon Dec 14, 2015 9:50 pm

Hi!
We upgraded a RB1100AHx2 and a RB493AH and both hang at boot when restoring configuration. If we load configuration from scripts, it timeouts when importing some (apparently random) firewall rules and suggests to contact support.
On the other hand, one RB951G-2HnD with a simple configuration (a CAP managed by CAPsMAN) worked well.
Downgraded those two until a new version comes out.
Regards.
Guillermo

mac86 · Wed Dec 16, 2015 4:48 pm

Hi!

there is a way to install npk file under Linux (using "wine") ?

I used to use wine to run dude 4.0b3 ".exe" file version.

how ever I can't find v6 ".exe" file.

many thanks.

vik1988 · Thu Dec 17, 2015 8:53 am

USER MAN Not working on RB3011 ARM

mcisar · Fri Dec 18, 2015 8:24 am

Have just noticed that when trying to run winbox from the router's login page (493G) that I get an error 404... same on both of my routers. Has it been (temporarily) removed?

Cheers,
Mike

RusConSPb · Fri Dec 18, 2015 4:53 pm

After update from 6.33.1 to 6.33.3 two of four my Mikrotik will not boot!!! This firmware is not compatible with all devices/configurations! Do not update your production routers...

2 RB951G-2HnD updated successfully

1 RB2011UiAS will not boot after update - stopped on "Starting Services" with all ethernet status LEDs off (no second beep).

1 RB751G-2HnD will not boot after update - stopped somewhere during boot.

I was able to reset both routers and after restoring config from backup - it was stopped again. After it I tested latest Beta - same result.

After downgrading to 6.33.1 and restoring config from backup - everything working again...

Now I'm afraid to do future upgrades... something wrong with this new firmwares... be aware!!!!!

Update: 6.33.2 - also broken as described
Happened to me couple of times. Use latest netinstall to recover your devices. Use fixed IP 192.168.88.xxx on your host PC.

Can you explain how Netinstall will help in this case?

poizzon · Mon Dec 21, 2015 7:38 am

/system resource> print
uptime: 27m46s
version: 6.33.3 (stable)
build-time: Dec/03/2015 16:08:10
free-memory: 7.4MiB
total-memory: 32.0MiB
cpu: MIPS 24Kc V7.4
cpu-count: 1
cpu-frequency: 300MHz
cpu-load: 4%
free-hdd-space: 50.7MiB
total-hdd-space: 64.0MiB
write-sect-since-reboot: 206
write-sect-total: 862418
bad-blocks: 0.2%
architecture-name: mipsbe
board-name: RB450
platform: MikroTik

jebz · Tue Dec 22, 2015 1:22 am

We upgraded a RB1100AHx2 and a RB493AH and both hang at boot when restoring configuration. If we load configuration from scripts, it timeouts when importing some (apparently random) firewall rules and suggests to contact support.

Look at what the errors say. Often the commands are changed with upgraded firmware revisions. Often only small changes to the restore script is needed.

spacemind · Tue Dec 22, 2015 2:12 am

Upgraded from 6.30.4 to 6.33.3 and my pppoe client could not connect, i got encryption error in logs and radius time out.

Downgraded again to 6.30.4 everything working again.

fabsoft · Tue Dec 22, 2015 2:15 pm

Tested v.6.33.3 on RB450G, RB951Ui-2HnD, RB911G-5HPnD. All show issue with PPPoE MTU.
PPPoE MTU connects @ 1480 MTU and 1492 MRU. Other similar devices on the same network with 6.32.2 connect properly @ MTU 1500, and ping shows no fragmentation with 1500b packets.
Downgraded @ 6.32.2 the RB450G fort test, its PPPoE client now connects @ MTU 1500.
PPPoE server is an RB1100AHx2 with RouterOS v. 6.23, and the pppoe service is the same for all client CPEs.
What have I to do? Downgrade all 6.33.3 devices? Wait for solution?

Same here !
im waiting for a fix

Tue Dec 22, 2015 2:39 pm

As always, if you have version related issues then send supout files to support@mikrotik.com

Forum is not the way how to get in touch with support team.

As far as we know all PPPoE issues are already fixed. It must be something specific or not related to PPPoE itself.

guillea · Tue Dec 22, 2015 8:46 pm

We upgraded a RB1100AHx2 and a RB493AH and both hang at boot when restoring configuration. If we load configuration from scripts, it timeouts when importing some (apparently random) firewall rules and suggests to contact support.
Look at what the errors say. Often the commands are changed with upgraded firmware revisions. Often only small changes to the restore script is needed.

Well, I tried running the scripts until the error appears, and this is the message thrown at the console:

action timed out - try again, if error continues contact MikroTik support and send a supout file (13)

I split the configuration script in three parts: general, mangles and filter. The general part (with interfaces, VLANs, IPs, DHCP, PPTP server and other things) gets imported ok. The mangles (and there is a lot of mangles) halts when importing one line with nothing special, and throws the error quoted above. In fact, if I try to manually import the next mangle in the script, the same error gets thrown.
Once that error appears, the router stops responding over ethernet, but, while nothing strange shows in "/system resource print", if you run, for example, a "/interface ethernet" print the command never prints the interface list, but seems like running until I hit Ctrl+C to cancel it.
If I reboot the device and try again where I left, the timeout error throws again.

Well, I downgraded to 6.32.3 and restored the configuration via Winbox and everything worked fine, that's why I suspect there's something wrong with current version.
It's not a big thing for me, but if there's something wrong, I would like to find it.

jebz · Wed Dec 23, 2015 12:11 am

Well, I tried running the scripts until the error appears, and this is the message thrown at the console:

The mangles (and there is a lot of mangles) halts when importing one line with nothing special, and throws the error quoted above. In fact, if I try to manually import the next mangle in the script, the same error gets thrown.

Post the Mangle rules from the script so we can see them.

Genkun · Wed Dec 23, 2015 7:46 am

Just wanted to congratulate MikroTik on continuing to bring out great advancements in their software.

As of late there were a few issues here an there. The most major being that some environment settings have changed as of the 6.3x.xx range. This included the way remote upgrading with the server would work, with the addition of channels, and a few environment changes that can be found easily through the terminal.

Also our Proxy Server had to be altered due to a bug that creeped in, even though these small issues occurred, with a 100% MT based service only a very small percentage of units, less than 1%, gave issues that could be software related. Overall it has been great and the units are very reliable. Well as long as the guys implementing the units are reliable

guillea · Wed Dec 23, 2015 8:19 pm

Well, I tried running the scripts until the error appears, and this is the message thrown at the console:

The mangles (and there is a lot of mangles) halts when importing one line with nothing special, and throws the error quoted above. In fact, if I try to manually import the next mangle in the script, the same error gets thrown.
Post the Mangle rules from the script so we can see them.

Hi jebz!
While trying to isolate the problem, I reduced the configuration script to just a few mangle rules, reinstalled ROS, reset router configuration and imported the script that I transcribe below:

# minimal mangle to mark services - reduced for clarity
# script fails on ROS 6.33.3 and 6.33.2 (and it works well in ROS 6.33.1 and 6.32.3)
# action timed out - try again, if error continues contact MikroTik support and send a supout file (13)

# preparation for test:
#  /system reset-configuration
#  /import mangle_test_minimal.rsc verbose=yes

/ip firewall mangle

# chain: mark-conn
add chain=mark-conn protocol=tcp comment="Mark TCP services" \
    disabled=yes action=jump jump-target=tcp-services
add chain=mark-conn protocol=udp comment="Mark UDP services" \
    disabled=yes action=jump jump-target=udp-services
add chain=mark-conn comment="Mark other services" \
    disabled=yes action=jump jump-target=other-services

# chain: tcp-services
add chain=tcp-services protocol=tcp action=mark-connection \
	src-port=1024-65535 dst-port=20-21 new-connection-mark=ftp \
    passthrough=no disabled=yes
add chain=tcp-services protocol=tcp action=mark-connection \
	new-connection-mark=other-tcp \
	passthrough=no disabled=yes

# chain: udp-services
add chain=udp-services protocol=udp action=mark-connection \
    src-port=1024-65535 dst-port=53 new-connection-mark=dns \
    passthrough=no disabled=yes
add chain=udp-services protocol=udp action=mark-connection \
	new-connection-mark=other-udp \
	passthrough=no disabled=yes

# other services
add chain=other-services protocol=icmp action=mark-connection \
	new-connection-mark=icmp passthrough=no disabled=yes
add chain=other-services protocol=gre action=mark-connection \
	new-connection-mark=gre passthrough=no disabled=yes
add chain=other-services action=mark-connection \
	new-connection-mark=other passthrough=no disabled=yes

# mark new connections (this line timeouts)
add chain=prerouting connection-state=new action=jump jump-target=mark-conn disabled=no

This scripts, fails when adding the last rule, in ROS 6.33.3 and 6.33.2, but runs whithout problems in ROS 6.33.1 and 6.32.3.

If you look at the script, you'll see that all rules are disabled (that's the way it was in the original router configuration). And here is the strange thing: if I enable the first two rules in the chain "mark-conn", it runs well in all ROS versions tested.

Don't know if that's a bug, or my configuration is flawed in some aspect I can't see, but I see a change in behaviour from ROS 6.33.1 to 6.33.2.

Thank for following!
Regards.
Guillermo

skibi82 · Wed Dec 23, 2015 10:13 pm

The problem lies with the disabled queues in the chain if redirect traffic to such a chain of 6.33.3 Russian crashes

Re: [Ticket#2015122266000642] Fatal error of the firmware> 6.33.3

Test rule
/ip firewall filter
add action=jump chain=KBOOM disabled=yes jump-target=\
BUBAMIKROTIK
add action=jump chain=forward in-interface=ether2 \
jump-target=KBOOM

Well, I tried running the scripts until the error appears, and this is the message thrown at the console:

The mangles (and there is a lot of mangles) halts when importing one line with nothing special, and throws the error quoted above. In fact, if I try to manually import the next mangle in the script, the same error gets thrown.
Post the Mangle rules from the script so we can see them.
Hi jebz!
While trying to isolate the problem, I reduced the configuration script to just a few mangle rules, reinstalled ROS, reset router configuration and imported the script that I transcribe below:
Code: Select all
# minimal mangle to mark services - reduced for clarity
# script fails on ROS 6.33.3 and 6.33.2 (and it works well in ROS 6.33.1 and 6.32.3)
# action timed out - try again, if error continues contact MikroTik support and send a supout file (13)

# preparation for test:
#  /system reset-configuration
#  /import mangle_test_minimal.rsc verbose=yes

/ip firewall mangle

# chain: mark-conn
add chain=mark-conn protocol=tcp comment="Mark TCP services" \
    disabled=yes action=jump jump-target=tcp-services
add chain=mark-conn protocol=udp comment="Mark UDP services" \
    disabled=yes action=jump jump-target=udp-services
add chain=mark-conn comment="Mark other services" \
    disabled=yes action=jump jump-target=other-services

# chain: tcp-services
add chain=tcp-services protocol=tcp action=mark-connection \
	src-port=1024-65535 dst-port=20-21 new-connection-mark=ftp \
    passthrough=no disabled=yes
add chain=tcp-services protocol=tcp action=mark-connection \
	new-connection-mark=other-tcp \
	passthrough=no disabled=yes

# chain: udp-services
add chain=udp-services protocol=udp action=mark-connection \
    src-port=1024-65535 dst-port=53 new-connection-mark=dns \
    passthrough=no disabled=yes
add chain=udp-services protocol=udp action=mark-connection \
	new-connection-mark=other-udp \
	passthrough=no disabled=yes

# other services
add chain=other-services protocol=icmp action=mark-connection \
	new-connection-mark=icmp passthrough=no disabled=yes
add chain=other-services protocol=gre action=mark-connection \
	new-connection-mark=gre passthrough=no disabled=yes
add chain=other-services action=mark-connection \
	new-connection-mark=other passthrough=no disabled=yes

# mark new connections (this line timeouts)
add chain=prerouting connection-state=new action=jump jump-target=mark-conn disabled=no
This scripts, fails when adding the last rule, in ROS 6.33.3 and 6.33.2, but runs whithout problems in ROS 6.33.1 and 6.32.3.

If you look at the script, you'll see that all rules are disabled (that's the way it was in the original router configuration). And here is the strange thing: if I enable the first two rules in the chain "mark-conn", it runs well in all ROS versions tested.

Don't know if that's a bug, or my configuration is flawed in some aspect I can't see, but I see a change in behaviour from ROS 6.33.1 to 6.33.2.

Thank for following!
Regards.
Guillermo

Bozhevilnoe · Thu Dec 24, 2015 3:02 pm

ccr1009-8g-1s
After updating from version 6.33.1 to 6.33.3 unexpected started to happen flapps eth1 and other ports.
After downgrade to version 6.32.3 without flapps is only 10 Mbps. In the screenshot
Link partner specifically reduced.

iuli4u2003 · Sun Dec 27, 2015 11:54 pm

I have a RouterOS 6.33.3 on CCR1009 and notes that although they do receive 2 ip DNS via PPPoE , <<<<<dhcp server distribute the dns when giving reboot rooter>>>>. until i stop and restart the computer ethernet interface only then takes dns. I think that the DHCP server bind IP + gateway earlier than the time when it receives dns via PPPoE . the rb1100ahx2 with on the same 6.33.3 I not had this problem. can you help me with a solution ?

thanks.

edit: dhcp server NOT distribute the dns when giving reboot rooter

guillea · Mon Dec 28, 2015 4:32 pm

The problem lies with the disabled queues in the chain if redirect traffic to such a chain of 6.33.3 Russian crashes

Re: [Ticket#2015122266000642] Fatal error of the firmware> 6.33.3

Test rule
/ip firewall filter
add action=jump chain=KBOOM disabled=yes jump-target=\
BUBAMIKROTIK
add action=jump chain=forward in-interface=ether2 \
jump-target=KBOOM

Well, I tried running the scripts until the error appears, and this is the message thrown at the console:

The mangles (and there is a lot of mangles) halts when importing one line with nothing special, and throws the error quoted above. In fact, if I try to manually import the next mangle in the script, the same error gets thrown.

Confimed, it's a bug that will be fixed in the next version. So, in the meantime, we all be careful with disabled rules.

iuli4u2003 · Mon Dec 28, 2015 11:02 pm

please permit me to review my problem:

my problem is: after reboot the router CCR1009 (RouterOS 6.33.3), although receive 2 x DNSv4 via PPPoEv4, these DNSv4 are not distributed on the computers in the LAN, computers in LAN receive IPv4, maskv4, default gatewayv4, but not DNSv4, I noticed that i receive some DNSv6 : fec0:0:0:ffff::1%1 and fec0:0:0:ffff::2%1 and fec0:0:0:ffff::3%1 . what are these dns ? and for what i receive instead normal dnsv4 ?

if i stop and start ethernet interfaces in PCs in LAN i receive these 2 x DNS, The problem is not receive the first time these dns immediately after the restart of CCR1009

thanks

o another router (mikrotik RB951-2n, RB1100AHx2) i receive this dnsv4 dinamicaly in LAN on all PC from operator via PPPoEv4 .
these routers have the same 6.33.3 version of RouterOS. but on CCR1009 i not receive in LAN , only in menu ip/dns

Chupaka · Tue Dec 29, 2015 1:23 am

use router's DNS for customers or set DNS IPs in DHCP Network statically

iuli4u2003 · Tue Dec 29, 2015 10:11 am

use router's DNS for customers or set DNS IPs in DHCP Network statically

this is a temporary solution until they fix the bug ?
or always use dns statically ?

thanks

Chupaka · Tue Dec 29, 2015 12:41 pm

this is a temporary solution until they fix the bug ?
or always use dns statically ?

Always. It's not a bug. Router reboots, gives out IPs via DHCP, and only after that he learns DNSs via PPPoE. DHCP Server cannot force clients to renew DHCP leases, AFAIR

iuli4u2003 · Tue Dec 29, 2015 12:56 pm

this is a temporary solution until they fix the bug ?
or always use dns statically ?
Always. It's not a bug. Router reboots, gives out IPs via DHCP, and only after that he learns DNSs via PPPoE. DHCP Server cannot force clients to renew DHCP leases, AFAIR

Chupaka, permit me to note : on RB1100AHx2 or RB493G I not had this problem, immediately after reboot i receive private IP and DNS simultaneous. but on CCR1009 not receive DNS... can anyone explain me why this happens on CCR1009 ?

Chupaka · Tue Dec 29, 2015 1:19 pm

on RB1100AHx2 or RB493G I not had this problem, immediately after reboot i receive private IP and DNS simultaneous. but on CCR1009 not receive DNS... can anyone explain me why this happens on CCR1009 ?

well, then I'd first take a look on the Log to see the difference in, for example, event sequence between those devices

iuli4u2003 · Wed Dec 30, 2015 12:49 am

hi,

On CCR1009 i observed at system health / fan speed (in winbox) although the main fan works shows zero speed or rate freeze on some value. And when CCR1009 router receives a greater load (example: transport more data) when the fan is correctly updated.

that may be the problem? Does a bug?

thanks

woro · Wed Dec 30, 2015 10:14 am

Not quite sure if this is new with 6.33.3 but pretty often the webfig becomes unresponsive and does not react on any clicks anymore. An F5 reload fixes it for a bit until it fails again within a few minutes.

kamillo · Wed Dec 30, 2015 10:38 am

Not quite sure if this is new with 6.33.3 but pretty often the webfig becomes unresponsive and does not react on any clicks anymore. An F5 reload fixes it for a bit until it fails again within a few minutes.

I have noticed the same. Before in version 6.32.x I didn't have this issue. I'm using Firefox 43.x.x

iuli4u2003 · Wed Dec 30, 2015 4:32 pm

Not quite sure if this is new with 6.33.3 but pretty often the webfig becomes unresponsive and does not react on any clicks anymore. An F5 reload fixes it for a bit until it fails again within a few minutes.
I have noticed the same. Before in version 6.32.x I didn't have this issue. I'm using Firefox 43.x.x

i think not firefox is cause, inform you that fan speed fail and in winbox , so it is a bug in routeros v6.33.3

juanvi · Thu Dec 31, 2015 1:58 pm

Phone field not apeearing in hotspot customized signup form solved deletting all umfiles folder and forcing ROS to create new ones accesing via captive portal with folder deleted . Modified again and everything ok. Hope it helps someone.

sacsmitty · Mon Jan 04, 2016 2:35 am

I'm seeing some weird behavior on 3 of the 5 sites I have 2011UiAS-2HnD's installed.

A little background...

I have "cloud" enabled to you can hit the Mikrotik login page from the public Internet. I have a script that makes a GET request to each site (every minute) and looks for a keyboard. If the GET finds the keyword I've specified from the login page, then the site is up. If the keyword can't be found, the site is considered DOWN.

Since upgrading three of my five 2011UiAS-2HnD sites, I am seeing a high number of DOWNS. I can't be sure (although I'll start paying more attention) if the site is down OR the web UI for the cloud login page.

Regardless, I wanted to report this to you fine folks and see if anyone else is seeing this kind of behavior.

eivind · Wed Jan 06, 2016 7:20 pm

Somwhere after v6.27 my very useful oid for measuring snr in wlan dissappeared. It's still missing and I wonder if there is no other out there using this logging feature... I'm still running 6.27 because of this.

Wed Jan 06, 2016 8:06 pm

Are you sure it vanished or it was just renumbered?

eivind · Thu Jan 07, 2016 6:12 pm

No, it has not dissapeared.
Same oid in 6.33 as before at the same location as in 6.27. Third line under mtxrWIRtabEntry (snmp Walk) - 1 and it ends with what I believe is decimal Mac.
From v6.27 I get oid 1.3.6.1.4.1.14988.1.1.1.2.1.12.212.202.109.16.56.66.2
From v6.33 I get oid 1.3.6.1.4.1.14988.1.1.1.2.1.12.0.12.66.97.137.164.4

I have been using oid 1.3.6.1.4.1.14988.1.1.1.2.1.12 for a couple of years in v.6.27 and earlier ros. Maybe not the best way to use oid's....
Together with rx-power snr tells a lot more complete story of what's going on in any wireless configuration.

_saik0 · Fri Jan 08, 2016 10:21 pm

Is there any info on issues with IPSEC in CCR?
To be precise - [Ticket#2015122766000277] CCR IPSEC in-state-sequence-errors

Basically few hours after the tunnel had been established (actually next morning), it gets terminated one of the routers had increasing in-state-sequence-errors under ipsec statistics. Phase1 was OK as DPD was properly exchanged.
The SAs were established but only the transmit SPI had non zero Byte counter.
Workarounds are either reboot or downgrade to 6.30.

Is there a fix for this issue that is being tested in 6.34rc ?

schpuntak · Tue Jan 12, 2016 10:21 am

I have RB952Ui-5ac2nD, after one day of upgrade to this fw I could not access it via LAN address 192.168.88.1 nor winbox, everything timed out. I had to do factory reset since i had this routerboard one week i did not do the backup or so and configure again.
Factory reset could have been perform after three hours, before all the resets failed, it even did not broadcast wifi, i could not find it in the wifi list for 2 hours within 5 resets, i was about to return it to provider where I purchased it. I am pretty sure this was caused by the upgrading of firmware...

Wed Jan 13, 2016 12:45 pm

Version 6.33.5 has been released:

http://forum.mikrotik.com/viewtopic.php?f=21&t=103814

If you are having issues with 6.33.3 then please test 6.33.5 or 6.34rc versions.

Who is online