Community discussions

MikroTik App
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

v6.37.2 [current] is released!

Tue Nov 22, 2016 9:14 am

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

What's new in 6.37.2 (2016-Nov-08 13:15):

Important note!!!
Dude client auto-upgrade to this version will not work. Use http://www.mikrotik.com/download for 6.37.2 client download/install.
It will be fixed in soon to be released v6.37.3

Changes since 6.37.1:

!) ethernet - optimized packet processing on low load when irq re-balance is not necessary;
!) fastpath - let one packet per second through slow path to properly update connection timeouts;
!) queues - significantly improved hashing algorithm in dynamic simple queue setups (fixes CPU load spikes on queue removal);
*) arm - improved watchdog reliability;
*) bonding - fixed 802.3ad load balancing over routed VLANs with fastpath enabled;
*) bonding - fixed mac address selection after upgrade;
*) crs - fixed port mirroring halt after L2MTU change;
*) dhcp - do not allow to create dhcp-server on slave interface;
*) ethernet - fixed interface speed reporting for x86 in log after reboot or if "disable-running-check=yes";
*) ethernet - fixed potential loopprotect crash;
*) export - fixed "/interface ethernet switch export" on some boards;
*) export - fixed CRS switch egress-vlan-tag export;
*) fastpath - fixed kernel failure when fastpath traffic goes into loop;
*) fastpath - improved connection tracking timeout updates;
*) firewall - do not allow to increase/decrease ttl and hop-limit by 0;
*) firewall - fixed "connection-state" value disappearance in rules that were created before v6.22;
*) firewall - fixed compact export (introduced in 6.37rc14);
*) firewall - improved "time" option (ranges like 22h-10h now are acceptable);
*) hotspot - fixed nat rule dst-port by making it visible again for Walled Garden ip return rules;
*) ipsec - changed logging topic from error to debug for ph2 transform mismatch messages;
*) ipv6 - increased default max-neighbor-entries value to 8192, same as ipv4;
*) mmips - improved watchdog reliability;
*) package - show minimal supported RouterOS version under "/system resource" menu if it is specified;
*) queue - fixed rare crash on statistic gathering in "/queue tree";
*) queue - improved "time" option (ranges like 22h-10h are now usable);
*) rb2011 - fixed crash on l2mtu changes;
*) sms - fixed crash after modem has failed to start;
*) ssl - fixed potential memory leak ( when using dude for example);
*) torch - fixed aggregate statistics appearance;
*) traffic-flow - fixed dst-port reporting if connection is not maintained by connection tracking;
*) userman - fixed memory leak on user limitation calculations;
*) winbox - added led settings menu;
*) winbox - fixed missing switch menu for mmips devices;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.37.2 [current] is released!

Tue Nov 22, 2016 9:20 am

Strods. Do you think it is right to delete my post asking for changelog correction after you did the correction I asked for?
 
rzirzi
Member
Member
Posts: 393
Joined: Mon Oct 09, 2006 2:33 pm

Re: v6.37.2 [current] is released!

Tue Nov 22, 2016 9:41 am

There is still EXPORT bug at some x86 boards:
/interface ethernet
set [ find default-name=ether1 ] comment=LAN speed=100Mbps
set [ find default-name=ether2 ] comment=WAN1
set [ find default-name=ether3 ] comment=WAN2
The "ether1" is connected at 1Gbit! and "ether2", "ether3" - are 100Mbit ports
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1768
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.37.2 [current] is released!

Tue Nov 22, 2016 9:45 am

There is still EXPORT bug at some x86 boards:
/interface ethernet
set [ find default-name=ether1 ] comment=LAN speed=100Mbps
set [ find default-name=ether2 ] comment=WAN1
set [ find default-name=ether3 ] comment=WAN2
The "ether1" is connected at 1Gbit! and "ether2", "ether3" - are 100Mbit ports

export shows values that are changed by user from default, not where ports are connected to. Just unset that speed value.
 
abis
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Fri Apr 11, 2014 9:32 pm

Re: v6.37.2 [current] is released!

Tue Nov 22, 2016 11:28 am

What are the changes?!
 
rzirzi
Member
Member
Posts: 393
Joined: Mon Oct 09, 2006 2:33 pm

Re: v6.37.2 [current] is released!

Tue Nov 22, 2016 11:33 am

export shows values that are changed by user from default, not where ports are connected to. Just unset that speed value.
You are wrong! That port (ether1 and all other ports) is set to "Auto negotiation" and "Advertise" is set to all available speeds: 10Mhalf, 10Mfull, 100Mhalf, 100Mfull, 1000M half, 1000M full.
So that is RouterOS export bug! From some version of RouterOS...
 
abis
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Fri Apr 11, 2014 9:32 pm

Re: v6.37.2 [current] is released!

Tue Nov 22, 2016 11:37 am

export shows values that are changed by user from default, not where ports are connected to. Just unset that speed value.
You are wrong! That port (ether1 and all other ports) is set to "Auto negotiation" and "Advertise" is set to all available speeds: 10Mhalf, 10Mfull, 100Mhalf, 100Mfull, 1000M half, 1000M full.
So that is RouterOS export bug! From some version of RouterOS...
Maybe is a problem about interpretation between RBOS and the type of that network card...
 
MartijnVdS
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Wed Aug 13, 2014 9:36 am

Re: v6.37.2 [current] is released!

Tue Nov 22, 2016 11:53 am

I upgraded one of my CHRs to 6.37.2, and when I logged in, it showed me this error message:

10:52:28 echo: system,error,critical open /dev/panics failed
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.37.2 [current] is released!

Tue Nov 22, 2016 2:04 pm

export shows values that are changed by user from default, not where ports are connected to. Just unset that speed value.
You are wrong! That port (ether1 and all other ports) is set to "Auto negotiation" and "Advertise" is set to all available speeds: 10Mhalf, 10Mfull, 100Mhalf, 100Mfull, 1000M half, 1000M full.
So that is RouterOS export bug! From some version of RouterOS...
just follow this:
[admin@TestPlace] > int eth
[admin@TestPlace] /interface ethernet> export
/interface ethernet
set [ find default-name=ether1 ] comment=test speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] disable-running-check=no
[admin@TestPlace] /interface ethernet> set ether2 speed=1Gbps 
[admin@TestPlace] /interface ethernet> export                 
/interface ethernet
set [ find default-name=ether1 ] comment=test speed=100Mbps
set [ find default-name=ether3 ] disable-running-check=no
[admin@TestPlace] /interface ethernet>
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.37.2 [current] is released!

Tue Nov 22, 2016 2:46 pm

jarda - Sorry. Your post was made while topic was stil being added and noticed only after we had fixed this already. Now Dude note is correct which is the most important thing;
rzirzi - Please run "/interface ethernet set ether1 speed=1Gbps" and check export again. This value is not used when auto-negotiation is on;
MartijnVdS - This issue will be fixed in next 6.38rc release and in 6.37.3;
 
soosp
newbie
Posts: 29
Joined: Sat Oct 02, 2010 7:10 pm

Re: v6.37.2 [current] is released!

Tue Nov 22, 2016 5:24 pm

What's new in 6.37.2 (2016-Nov-08 13:15):

Important note!!!
Dude client auto-upgrade to this version will not work. Use http://www.mikrotik.com/download for 6.37.2 client download/install.
It will be fixed in soon to be released v6.37.3
OK, this is an important note, but what has been changed in this version?
 
alexjhart
Member Candidate
Member Candidate
Posts: 198
Joined: Thu Jan 20, 2011 8:03 pm

Re: v6.37.2 [current] is released!

Tue Nov 22, 2016 8:37 pm

What's new in 6.37.2 (2016-Nov-08 13:15):
*) firewall - fixed "connection-state" value disappearance in rules that were created before v6.22;
Are 6.38rc builds affected by this as well? If so, will there be an update that includes this fix?

Does this fix rules that were already broken by upgrade, or just prevent 6.31.2 and newer upgrades from breaking them?
 
micromaxi
newbie
Posts: 43
Joined: Fri Feb 06, 2015 10:32 am

Re: v6.37.2 [current] is released!

Tue Nov 22, 2016 11:41 pm

After installing this update i experienced a lot of issues on my RB951. Wifi interface was gone.
It wouldn't accept an ip adres anymore from the dhcp controller (other device). Config was gone.
Did a reset, reinstalled 6.37.2, restored a backup config and got the same issues.

Went back to 6.37.1, reinstalled the backup config, all was running smooth again.

Will hold back for a while.
 
Unic
newbie
Posts: 48
Joined: Thu Jun 11, 2015 3:51 pm

Re: v6.37.2 [current] is released!

Tue Nov 22, 2016 11:51 pm

What's new in 6.37.2 (2016-Nov-08 13:15):
*) firewall - fixed "connection-state" value disappearance in rules that were created before v6.22;
Are 6.38rc builds affected by this as well? If so, will there be an update that includes this fix?

Does this fix rules that were already broken by upgrade, or just prevent 6.31.2 and newer upgrades from breaking them?
What a heavy bug, think of a rule thats like "accepts all packets with connection state 'established,reladed'" and after the Update its "accepts all packets with connection state ''"
HOPE that this is not what happens.
 
alexjhart
Member Candidate
Member Candidate
Posts: 198
Joined: Thu Jan 20, 2011 8:03 pm

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 12:26 am

What's new in 6.37.2 (2016-Nov-08 13:15):
*) firewall - fixed "connection-state" value disappearance in rules that were created before v6.22;
Are 6.38rc builds affected by this as well? If so, will there be an update that includes this fix?

Does this fix rules that were already broken by upgrade, or just prevent 6.31.2 and newer upgrades from breaking them?
What a heavy bug, think of a rule thats like "accepts all packets with connection state 'established,reladed'" and after the Update its "accepts all packets with connection state ''"
HOPE that this is not what happens.
Your fears match reality unfortunately, which is why I wanted to confirm how the fix is handled and if this affects the 6.38 branch. Having a rule at the top that changes from "established,related" to "anything" is bad indeed.
 
darkprocess
Member Candidate
Member Candidate
Posts: 249
Joined: Fri Mar 20, 2015 1:16 pm

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 12:27 am

On wapAC after upgrading from 6.37.1, it was unable to get a dhcp address lease. I needed to downgrade back to make it have a lease again.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 1:43 am

Your fears match reality unfortunately, which is why I wanted to confirm how the fix is handled and if this affects the 6.38 branch. Having a rule at the top that changes from "established,related" to "anything" is bad indeed.
the second bad thing is that connection-state="" works just like connection-state=invalid,established,related,new

as I understand, it should work as "catching packets whose connection-state is neither invalid, nor established, nor related, nor new", because if I remove, for example, 'invalid' from that set (resulting in connection-state=established,related,new), I expect it work as "catch packets which have connection-state NOT invalid" - and it works exactly that way. why it should break ONLY on removing the last state from the set?
 
laca77
just joined
Posts: 14
Joined: Wed Jun 03, 2015 11:35 am

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 10:08 am

Hello

I have a CRS109-8G-1S-2HnD and a HAP Lite in CAPSMAN mode.

I upgraded the CRS first from 6.37.1 to 6.37.2. The HAP Lite still on 6.37.1.

After the boot the HAP Lite connected to the CRS via CAPSMAN but not advertised any WIFI SSID. HAP rebooted but not helped. After upgraded it to 6.37.2 i got back the WIFI advertisements. Before this never was a problem if they are in different OS. But now looks like yes.

BR
Laszlo
Last edited by laca77 on Wed Nov 23, 2016 11:59 am, edited 1 time in total.
 
DeGlucker
just joined
Posts: 14
Joined: Tue Apr 12, 2011 4:35 pm
Location: Moscow, Russia

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 10:33 am

Are you generally testing new releases ? When I updated my x86 router from 37.1 to 37.2 it became almost completely broken. Almost all functionality and configuration were lost. In the Package List section was shown only grayed routeros-x86 package without sub-listing of separate packages. Also there was installation errors in the event log. When I've rolled back to 37.1 almost all configuration was lost. I was forced to restore configuration from backup. Now I generally decided to rollback to 36.3. At this moment 6.37.x line is buggy piece of shit :-x
 
dadaniel
Member Candidate
Member Candidate
Posts: 221
Joined: Fri May 14, 2010 11:51 pm

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 11:29 am

I have a problem with Mikrotik caching DNS Server. I have no IPv6 connectivity nor IPv6 packages installed, but caching DNS Server sometimes gets only IPv6 Adresses and those are not reachable. Please see the following example for forum.mikrotik.com:

Image
 
Nissarin
just joined
Posts: 19
Joined: Fri Feb 20, 2015 4:01 pm

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 12:14 pm

Originally I noticed this on another device but I've made some test with clean RB2011:
[admin@MikroTik] > /interface bridge add 
[admin@MikroTik] > /interface bridge port add bridge=bridge1 interface=ether10 
[admin@MikroTik] > /interface bridge settings set use-ip-firewall=yes 
[admin@MikroTik] > /ip firewall filter add chain=forward in-bridge-port=ether9  
[admin@MikroTik] > /ip firewall filter add chain=forward in-bridge-port=ether10
input does not match any value of interface
[admin@MikroTik] > /ip firewall filter print 
Flags: X - disabled, I - invalid, D - dynamic 
 0 I  ;;; in/out-bridge-port matcher not possible when interface (ether9) is not slave
      chain=forward in-bridge-port=ether9 
[admin@MikroTik] > /interface bridge port add bridge=bridge1 interface=ether9 
[admin@MikroTik] > /ip firewall filter print 
Flags: X - disabled, I - invalid, D - dynamic 
 0    chain=forward in-bridge-port=*A 
BTW: if you add those rules via winbox it will "work" (no error about not matching any existing interface) but the rule will be broken (print/export will show *something) like above.
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 1:31 pm

alexjhart - Fix is includued in 6.38rc also;
micromaxi - Please write to support@mikrotik.com and send backup file so we can test it by ourselves. I have tested this and with default configuration I do not see any problems after upgrade;
darkprocess - Make sure that DHCP client is configured on master interface. It must not be configured on slave interface;
laca77 - Please send supout files from CAPsMAN and CAP to support. Generate them when problem is actual.
DeGlucker - At such situation please generate supout file while system is broken so you can send it to support. Of course, many x86 devices are tested with this version and multiple kinds of configuration. Also, of course, each and every possible configuration combination can not be tested in any way;
dadaniel - Please generate supout file after forum.mikrotik.com has resolved as IPv6 address. Send this file to support@mikrotik.combination
Nissarin - This is not related with this RouterOS version. When interface is used as standalone interface it is not the same thing as interface which is, for example, in bridge.
 
User avatar
mikrostart
newbie
Posts: 38
Joined: Fri Aug 30, 2013 10:31 am

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 2:06 pm

micromaxi - Please write to support@mikrotik.com and send backup file so we can test it by ourselves. I have tested this and with default configuration I do not see any problems after upgrade;
darkprocess - Make sure that DHCP client is configured on master interface. It must not be configured on slave interface;
I Have the same problem with 6.37.2 and had to downgrade.
My setup is:
wlan1 is connected to root AP with DHCP, on wlan1 is enabled repeater (wlan 3) which puts wlan1 in station pseudobridge - so is a slave interface.
wlan1 is a dhcp client. With this configuration it can not be master, I think.
How to use the new MT OS with my setup?
I have a bridge with eth1, 2, 3 wla1, wlan3 in it. I tried to put it as a dhcp client, but did not work.
Why in the new ROS is not allowed to use slave wlan as a DHCP client.
So far 6.37.1 was rock solid.

Thanks in advance!
 
darkprocess
Member Candidate
Member Candidate
Posts: 249
Joined: Fri Mar 20, 2015 1:16 pm

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 2:17 pm

On wapAC after upgrading from 6.37.1, it was unable to get a dhcp address lease. I needed to downgrade back to make it have a lease again.

It's a wAPac so no master slave ports !!!

my wAPac is configured as a CAP.
eth1 is configured as dhcp-client.

6.37.1 i get a dhcp lease
6.37.2 i don't get a dhcp lease.

the wAPac is connected to a RB3011 (still on 6.37.1) i can see that it's unable to allocate the lease to the wAPac running on 6.37.2
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1768
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 2:53 pm

On wapAC after upgrading from 6.37.1, it was unable to get a dhcp address lease. I needed to downgrade back to make it have a lease again.

It's a wAPac so no master slave ports !!!

my wAPac is configured as a CAP.
eth1 is configured as dhcp-client.

6.37.1 i get a dhcp lease
6.37.2 i don't get a dhcp lease.

the wAPac is connected to a RB3011 (still on 6.37.1) i can see that it's unable to allocate the lease to the wAPac running on 6.37.2
Do you have DHCP-client on slave interface?
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1550
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 4:33 pm

Warning

I crashed two Mikrotiks yesterday when I upgraded to 6.37.2

If you have two wireless packages (a problem introduced recently from another recent new ROS version), do NOT do the upgrade to 6.37.2

Instead - fix the existing two wireless package problem first !!!! Otherwise you may end up loosing the mikrotik you just tried to upgrade.

Both of the Mikrotiks I upgraded to 6.37.2 just reboot and reboot and reboot over and over again. I forgot to check the packages prior to upgrading.
 
Nissarin
just joined
Posts: 19
Joined: Fri Feb 20, 2015 4:01 pm

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 4:48 pm

Nissarin - This is not related with this RouterOS version. When interface is used as standalone interface it is not the same thing as interface which is, for example, in bridge.
That's not the issue here - the issue is that in/out-bridge-port rules doesn't work anymore:
1. If you add the rule from cli and the port is in the bridge it will fail with "input does not match any value of interface".
2. If you add the rule from cli and the port is not in the bridge it will succeed but the rule won't work (obviously), however if you then add the port to bridge the rule will display garbage (invalid/not existing interface ID).
3. The same applies to winbox as well, the only difference is that you won't get any error when adding the first rule but it will display garbage anyway.
 
User avatar
mikrostart
newbie
Posts: 38
Joined: Fri Aug 30, 2013 10:31 am

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 7:03 pm

................It's a wAPac so no master slave ports !!!.......................
.................Do you have DHCP-client on slave interface?

I think we really need a bug fix.
This version 6.37.2 is not very friendly to the wireless DHCP part of the OS.
Or I'm missing something?
 
darkprocess
Member Candidate
Member Candidate
Posts: 249
Joined: Fri Mar 20, 2015 1:16 pm

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 7:38 pm

O' 6.37.1 eth1 gets a lease on 6.37.2 no. I had to downgrade to make it work
 
Njumaen
Frequent Visitor
Frequent Visitor
Posts: 96
Joined: Wed Feb 24, 2016 8:41 pm
Location: Bielefeld, Germany
Contact:

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 11:21 pm

O' 6.37.1 eth1 gets a lease on 6.37.2 no. I had to downgrade to make it work
In 6.37.2 the ether-interfaces are missing for dhcp-client.

Image

I'm simply using a LAN-Bridge containing ether1
 
skuykend
Member Candidate
Member Candidate
Posts: 274
Joined: Tue Oct 06, 2015 7:28 am

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 11:53 pm

In 6.37.2 the ether-interfaces are missing for dhcp-client.

I'm simply using a LAN-Bridge containing ether1
You should set it on the bridge, never a slave interface. They fixed that bug.
 
darkprocess
Member Candidate
Member Candidate
Posts: 249
Joined: Fri Mar 20, 2015 1:16 pm

Re: v6.37.2 [current] is released!

Wed Nov 23, 2016 11:58 pm

Thats right. i changed to the bridge and it works now.
6.37.2 seems to correct my configuration mistake.
 
makstex
newbie
Posts: 49
Joined: Fri Mar 27, 2009 6:31 am

Re: v6.37.2 [current] is released!

Thu Nov 24, 2016 11:41 am

Firewall export --- > import "extra rules" filters not working correctly.
Example:
/ip firewall filter export
..skip...
add action=accept chain=input-icmp comment=0:0-and-limit-for-5pac/s icmp-options=0:0-255 limit=,5 protocol=icmp
..skip...
this string not importing due to errors "limit=,5".
 
User avatar
mikrostart
newbie
Posts: 38
Joined: Fri Aug 30, 2013 10:31 am

Re: v6.37.2 [current] is released!

Thu Nov 24, 2016 3:34 pm

Thats right. i changed to the bridge and it works now.
6.37.2 seems to correct my configuration mistake.
Yes, worked for me also on 6.37.2. Last time something went wrong when trying dhcp on the bridge. Now testing, hope everything will be ok.
Anyway, whats the reason not to use slave interface as a dhcp client?
This should be clarified since using repeater function may cause some configuration problems.
 
buzzdee
newbie
Posts: 35
Joined: Mon Apr 22, 2013 1:22 pm

Re: v6.37.2 [current] is released!

Thu Nov 24, 2016 3:47 pm

I'm having trouble using RoMON over a wireless-link. Stations can discover AP and what's behind it, but not the other way round. AP's only discover whats connected via cable. The problem first occurred with 6.37.1, still persists with 6.37.2.

edit 1: Did a downgrade on the station to 6.37 - no luck. But further downgrading the station to 6.36.4 did the Trick. Now the AP RoMON discovers the station (and what's behind it).
Hardware used is 411u for the AP, 411AR and 411 for the stations. Wireless interface cards are R52. I have two sites equipped that way, merely did a downgrade of the stations to 6.36.4 on both of them, and now RoMON is working again.

edit 2: It's the combination of station running ROS 6.37 or above with a R52 interface (AR5413 chipset). After changing the interface to a R52nM (AR92xx) the station running ROS 6.37 could be RoMON discovered by the AP.
The issue still persists in the latest 6.38rc36. Guess it's something with the driver for AR5413 based interfaces. Please, please, MikroTik, with sugar on top, fix this.
 
ditonet
Forum Veteran
Forum Veteran
Posts: 835
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:

Re: v6.37.2 [current] is released!

Fri Nov 25, 2016 8:45 pm

*) firewall - improved "time" option (ranges like 22h-10h now are acceptable);
Something is broken with this improvement :(
I have firewall rule which worked for months:
/ip firewall filter
add action=drop chain=forward comment="Block" disabled=no src-address-list=Some_List time=19h-1d,sun,mon,tue,wed,thu
Today is Friday and this rule is active.
When 'Monday' is removed from 'Days' everything is OK.

Regards,
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.37.2 [current] is released!

Sat Nov 26, 2016 12:35 am

Updated CHR from 6.37 to 6.37.2. Originally disabled wireless package was unexpectedly enabled after the update.
 
User avatar
apteixeira
Trainer
Trainer
Posts: 50
Joined: Fri Oct 05, 2012 5:54 pm

Re: v6.37.2 [current] is released!

Sat Nov 26, 2016 6:37 pm

Hello,

I am getting several times "kernel failure in previous boot" or "router was rebooted without proper shutdown, probably kernel failure" using CCR1072 using "/ip firewall raw limit" and "/ip firewall raw dst-limit"

We are testing CCR1072 against DDoS heavy attacks: 400.000 to 1.000.000 packet per second with no data and different sources.

We are not using tracking connection.

Important information based on some attack rate:
- If source address is different on each packet the CPU increase considerably. Sometimes the 72 cores goes to 100%
- If source address is the same (but different origin port) the CPU remains "low".

Image

RAW example:
/ip firewall raw
add action=passthrough chain=prerouting in-interface=sfp-sfpplus1
add action=accept chain=prerouting in-interface=sfp-sfpplus1 src-address-list=RUSIA
add action=drop chain=prerouting dst-address=!200.30.30.0/24 in-interface=sfp-sfpplus1
add action=accept chain=prerouting disabled=yes dst-address=200.30.30.0/24 in-interface=sfp-sfpplus1 limit=20k,20k:packet
add action=accept chain=prerouting disabled=yes dst-address=200.30.30.0/24 dst-limit=10000,10000,dst-address/1m40s in-interface=sfp-sfpplus1
add action=accept chain=prerouting
add action=drop chain=prerouting in-interface=sfp-sfpplus1
Notes:
- dst-limit with dst-address: is not working properly. The rate is not working as supposed. Example: If we send 200.000 pps and rate is 20.000 then all packets match the rule.
- dst-limit with src-address: is not working properly. Packets are "lost". Example: if we send 200.000 pps with rate 20.000 then almost the 90% packets are "lost" in raw. They just "disappear"

sup-output:
https://dl.dropboxusercontent.com/u/381 ... 1072/1.rif
https://dl.dropboxusercontent.com/u/381 ... 1072/2.rif
https://dl.dropboxusercontent.com/u/381 ... 1072/3.rif
https://dl.dropboxusercontent.com/u/381 ... 1072/4.rsc
https://dl.dropboxusercontent.com/u/381 ... 1072/5.rsc

Configuration:
https://dl.dropboxusercontent.com/u/381 ... 2/1072.rsc

Regards
 
PuritySpring
just joined
Posts: 2
Joined: Fri Feb 01, 2013 8:29 pm

Re: v6.37.2 [current] is released! - PROBLEMS

Sun Nov 27, 2016 12:22 am

Since updating to the V6.37.2 our streaming services (netflix/HUlu) have trouble. Breaks, pauses, slow playback. Going to have to revert to prior MIkrotik release to get quality back.
 
rzirzi
Member
Member
Posts: 393
Joined: Mon Oct 09, 2006 2:33 pm

Re: v6.37.2 [current] is released!

Sun Nov 27, 2016 2:28 pm

the red line is the upgrade time to ROS 6.37.2.
As you can see - there is much higher CPU usage. So there is any problem with that version at x86.
Image
 
hebertonlp
just joined
Posts: 4
Joined: Wed Aug 17, 2016 8:06 pm

Re: v6.37.2 [current] is released!

Mon Nov 28, 2016 12:39 pm

OSPF Problem still, but now the problem with routes not.

The problem is that now:

We connect ospf and all routes got the link state: Full.

Then when 1 router goes down, all other connection flush from ospf list and restart to state Init, this got all vpls down and all network down too.

Since 6.32.4 the ospf are with problem, but at first routes are crashing, then now apper to be fixed and connection go stable until one disconnect, i not tested 6.38rc yet.
 
raffav
Member
Member
Posts: 345
Joined: Wed Oct 24, 2012 4:40 am

Re: v6.37.2 [current] is released!

Mon Nov 28, 2016 2:17 pm

Hello

any idea why this happens :
09:59:40 caps,error removing stale connection [::ffff:192.168.99.5:46897,Run,CAP-000C42955C76] because of ident conflict with [::ffff:192.168.99.5:57259,Join,CAP-000C42955C7
6] 
 
msatter
Forum Guru
Forum Guru
Posts: 2941
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.37.2 [current] is released!

Mon Nov 28, 2016 3:06 pm

Hello

any idea why this happens :
09:59:40 caps,error removing stale connection [::ffff:192.168.99.5:46897,Run,CAP-000C42955C76] because of ident conflict with [::ffff:192.168.99.5:57259,Join,CAP-000C42955C7
6] 
::ffff:192:168:99:5 on port 46897 and port 57259. Only the ports differ.
 
raffav
Member
Member
Posts: 345
Joined: Wed Oct 24, 2012 4:40 am

Re: v6.37.2 [current] is released!

Mon Nov 28, 2016 3:25 pm

Thanks that i know,

but the question is why i get conflict on the same device
 
MartijnVdS
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Wed Aug 13, 2014 9:36 am

Re: v6.37.2 [current] is released!

Mon Nov 28, 2016 3:47 pm

but the question is why i get conflict on the same device
Are you using NAT between the CAP and the manager?
 
raffav
Member
Member
Posts: 345
Joined: Wed Oct 24, 2012 4:40 am

Re: v6.37.2 [current] is released!

Mon Nov 28, 2016 4:06 pm

but the question is why i get conflict on the same device
Are you using NAT between the CAP and the manager?
no

Manager > switch > cap1/cap2/cap3
192.168.99.1 .2 / .3/ .5
 
ludvik
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Mon May 26, 2008 4:36 pm

Re: v6.37.2 [current] is released!

Mon Nov 28, 2016 7:27 pm

In version 6.37.1 I may write:
ip firewall filter> add action=add-src-to-address-list address-list=sysVlan52 address-list-timeout=1h5m chain=forward connection-state=new in-bridge-port=vlan52 in-interface=bridge1

But in 6.37.2:
add action=add-src-to-address-list address-list=ttt address-list-timeout=1h5m chain=forward connection-state=new in-bridge-port=*E in-interface=bridge1

in-bridge-port naming is error, or new feature? This not allow configuration copying ... (as of limit value - must add ":packet" word to old conf backups).
 
geoprea1989
just joined
Posts: 4
Joined: Tue Dec 08, 2015 5:09 pm
Location: Bucharest, Romania

Re: v6.37.2 [current] is released!

Mon Nov 28, 2016 11:02 pm

Hi guys,

I don't recommend applying this update to your devices remotely or you will end like me :(
After I done the update from v6.37.1 to v6.37.2 all that my Mikrotik is doing is to broadcast it's SSID.
It won't answer to requests from WAN Side or LAN Side, being them ICMP, WWW or from Winbox and it won't offer IP addresses to both LAN and Wireless Devices.
It doesn't even establish the OpenVPN tunnel or the BGP Session, nor even push traffic to ports forwarded to devices on the same LAN, so it is locked out.
Unfortunately on the remote site where my RB951Ui-2HnD is installed they only have Smartphones, so I'm the lucky winner of a 400 km trip to revive my Mikrotik.
Yeah, my mighty Mikrotik survived over time to multiple power outages, upgrades, configuration revisions, it served a lot of clients, passed different services, but it was turned to silence by a minor RouterOS revision.

Thank you Mikrotik! :)
 
jaygiri401
just joined
Posts: 1
Joined: Tue Nov 29, 2016 4:57 pm
Location: kalaiya Bara nepal
Contact:

Re: v6.37.2 [current] is released!

Tue Nov 29, 2016 5:10 pm

I have problrm in this v6.37.2 usermanager.Whenever i make profile for night users it dnt works.I jst want to know how to make profile for users whose login will be accepted from 5:30pm to 9:00am on monday,tuesday,wednesday,thrusday and friday and full day access on saturday and sunday.Plz help me i m in great trouble....
Also in this version of usermanager somtimes i disable users and wen i enable it again it says aunthintication fail and again i need to remove that user and creat...so plz give me idea to creat profile for the giveen time
 
Borizo
newbie
Posts: 40
Joined: Thu Oct 28, 2010 4:38 pm

Re: v6.37.2 [current] is released!

Wed Nov 30, 2016 2:31 am

After upgrading to 6.37.2 from 6.35.4 I noticed that Mikrotik disconnects WinBox after some idle time with messages like:
Could not connect to 192.168.88.1 - other end is not responding
Router has been disconnected
Is this a security feature?
If so, how to disable it?
 
User avatar
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.37.2 [current] is released!

Wed Nov 30, 2016 1:14 pm

Who is online

Users browsing this forum: pe1chl, zhukovy and 6 guests