v6.43rc [release candidate] is released!

Fri Apr 20, 2018 2:18 pm

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.43rc3 (2018-Apr-20 08:46):

*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved compatibility with BCM chipset devices (this includes phones by Xiaomi, Lenovo, etc);

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

Package updated 07/02/2018
To fix storage issue on your router, use package from the link,
https://www.mikrotik.com/download/share/fix_space.npk
- upload package to your router;
- run /system reboot

tomaskir · Fri Apr 20, 2018 2:36 pm

Can the phy-rate and RSSI for 60G interfaces also be exposed over SNMP please?

Thanks!

AlexT · Fri Apr 20, 2018 3:00 pm

*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;

How about displaying a "Switch" menu on hAP ac^2?

P. S. I hoped that this version will improve the work of Wi-Fi in the above device... Maybe in the next version...

CZFan · Fri Apr 20, 2018 3:07 pm

Wow, 6.43 already I see, not even 6.42.1. Rushing to get to V7 I assume

Fri Apr 20, 2018 3:41 pm

Ready are you? What know you of ready?

anuser · Fri Apr 20, 2018 3:47 pm

*) wireless - improved compatibility with BCM chipset devices;
[/color]

Is that one for Broadcom IPQ4018 based cAP ac and hAP ac^2 devices?

Fri Apr 20, 2018 3:47 pm

As usual after current release we release a new rc version.

This is changelog for 6.43rc3 (release candidate) not the 6.43 (current).

Fri Apr 20, 2018 3:56 pm

That we know. What we would like to know from mikrotik is if it worths to test the wifi on hap ac2 with this RC or not.

AlexT · Fri Apr 20, 2018 4:07 pm

*) wireless - improved compatibility with BCM chipset devices;
[/color]
Is that one for Broadcom IPQ4018 based cAP ac and hAP ac^2 devices?

Broadcom is not Qualcomm
Perhaps this item implies better compatibility of client devices with the BCM chip (for example: smartphones, tablets, laptops, etc.).

anuser · Fri Apr 20, 2018 4:23 pm

*) wireless - improved compatibility with BCM chipset devices;
[/color]
Is that one for Broadcom IPQ4018 based cAP ac and hAP ac^2 devices?

Broadcom is not Qualcomm
Perhaps this item implies better compatibility of client devices with the BCM chip (for example: smartphones, tablets, laptops, etc.).

Sorry, I mixed something...

yhfung · Fri Apr 20, 2018 5:21 pm

Regarding the v6.43rc3, the WiFi performance is the same as v6.42. There is no improvement found in this release candidate. For details for the test, please refer to the following post.

viewtopic.php?f=7&t=132648&start=100#p655666

YH

msatter · Fri Apr 20, 2018 7:23 pm

I use some high ports defined in Mangle and after flashing this RC they were stripped of the 10.000 so port 15000 became 5000.

Update: repeated the update from 6.42 to 6.43RC3 and this time no high ports where changed. But there must be still a Gremlin in RouterOS that causes this sometimes.

aboiles · Fri Apr 20, 2018 8:02 pm

Tried to upgrade Hyper-V CHR from 6.42 to 6.43rc3 - FAILED
No connection via winbox mac.
Hyper-V terminal froze.

Restored from backup, tied again - same result.

Downloaded fresh CHR VHDX image.
pasted configuration and nothing worked.

started fresh, and the only issue I could find was the interfaces changed.
ether1 > ether3
ether2 > ether1
ether3 > ether2
changed the configuration to reflect the new interfaces and it still failed.
until I removed the interface names (gateway, lan etc) it would crash.
Once it was configured with default interface names, it began working.
After a backup, changed the interface names and it accepted the changes.

Still haven't figured out why the terminal hung after the upgrade though.

JohnTRIVOLTA · Fri Apr 20, 2018 8:33 pm

*) wireless - improved compatibility with BCM chipset devices (this includes phones by Xiaomi, Lenovo, etc);

SUPER . I try some test and the 20 mb/ps speed problem and 54mb/ps connectivity with mobile phones is resolved ! Test Xiaomi

Test Nokia

honzam · Fri Apr 20, 2018 10:14 pm

*) wireless - improved compatibility with BCM chipset devices (this includes phones by Xiaomi, Lenovo, etc)

Very thanks!!! Work great!
viewtopic.php?f=7&t=102908&p=655735#p655735

MonkeyDan · Fri Apr 20, 2018 10:40 pm

+1 for having as much info as possible available via SNMP.
In the meantime, you find the PHY rate from MCS using this table: https://en.wikipedia.org/wiki/Wireless_ ... data_rates

Can the phy-rate and RSSI for 60G interfaces also be exposed over SNMP please?

Thanks!

bbs2web · Fri Apr 20, 2018 11:39 pm

*) chr - added support for multiqueue feature on "virtio-net";

Please advise if we should disable IRQ RPS when activating multi-queue VirtIO, I assume yes...

Looks better, IRQs increase on additional virtio1-input.1:

Sat Apr 21, 2018 9:16 am

tomaskir, MonkeyDan - Still work on progress. Will see what we can do about that in 6.43rc.
AlexT - Will be resolved in upcoming rc releases.
jarda, yhfung - This release does not resolve the problem to which you are reffering. We are still working on it.
AlexT, anuser - This fix includes compatibility with phones by Xiaomi, Lenovo, etc.
msatter - Please send supout file to support@mikrotik.com. Point out from which version you did upgrade your device.
aboiles - Please report this to support@mikrotik.com.

msatter · Sat Apr 21, 2018 11:43 am

An other problem with with RC3. It is an problem I know from 6.41.2 and I could solve it then by not allowing the Neighbour Discovery inspect the L2TP/IPSEC connections by using !Dynamic. When Neighbour Discovery is doing its inspection it will reset the countdown on the Dail-On-Demand and the connection will not go to sleep after the set time. It is not triggered by the inspection to go up.
I see the figure 1056 in the Tx column on all L2TP connections.

It is not transmitted by anything else than the router because I use PCC and after activating the L2TP I disable connection marking for this L2TP path.

When I look at the Neighbor List it is empty and only when I set it to all it was showing my computer.

@Strods: my upgrade path was 6.40.6 and then 6.42 both and then 6.43RC3 all on firmware 3.41. I had only shortly 6.42 active before going to the RC.

Update: I did use Torch and it is: source 255.255.255.255:5678 to 172.10.21.5:5678 so a Discovery.

Update: I updated /interfaces interface Lists <button> Lists to include my grouped VPN interfaces to be excluded from Discovery. I first defined the interfaces into a group in Interface Lists. Now my connections go to sleep when they are not being used.

nickdwhite · Sat Apr 21, 2018 5:15 pm

Tried to upgrade Hyper-V CHR from 6.42 to 6.43rc3 - FAILED
No connection via winbox mac.
Hyper-V terminal froze.

Restored from backup, tied again - same result.

Downloaded fresh CHR VHDX image.
pasted configuration and nothing worked.

started fresh, and the only issue I could find was the interfaces changed.
ether1 > ether3
ether2 > ether1
ether3 > ether2
changed the configuration to reflect the new interfaces and it still failed.
until I removed the interface names (gateway, lan etc) it would crash.
Once it was configured with default interface names, it began working.
After a backup, changed the interface names and it accepted the changes.

Still haven't figured out why the terminal hung after the upgrade though.

Yeah, mine breaks too. Upgraded from 6.42 to 6.43rc3 on two difference hosts running Hyper-V Core 2012 R2

nordex · Sat Apr 21, 2018 5:38 pm

BEWARE !
Updating from 5.xx (5.27 I think) to this version will result in inaccessible device ! It will enter reboot loop.
I've done it on 15 pcs of rb751 and rb951-2n.
Netinstall will fix if you mess up.

Mikrotik please update your upgrade procedures

mrtester · Sat Apr 21, 2018 5:54 pm

You just simply decided on a nice Saturday morning to upgrad from 5.xx over more than 43 releases to an rc version and are surprised that it did not work? I am not. You should expect a problem if you upgrad any software between so many releases.

nordex · Sat Apr 21, 2018 6:25 pm

Hi, thanks for your simphaty.
I've tested it on device that had 6.0 prior to this and I saw it fixed wifi problem.
I was so happy.
Then I upgraded others(batch upgrade), and this problem happened.

I understand this is RC, and I wanted to warn others not to do same mistake, as well as mikrotik to fix or disable this type of upgrade.
That is sole purpose of forum community.

Best regards

Sat Apr 21, 2018 9:04 pm

Thank you for warning but how many people do batch upgrade from such old version?
You have checked procedure with ROS 6.0 and extrapolated that 5.x should work too. You are brave admin.
Have you read changelogs? https://mikrotik.com/download/changelogs

Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

nordex · Sat Apr 21, 2018 9:54 pm

BartoszP, this site(hotel) has 200 ap-s dislocated on premises.
I have done previous upgrades from 5.x to 6.x without problems.
This particular release has bug in upgrade procedure.
Routerboard stuck in reboot loop.
It does not have any relation with changelog.
Netinstall to version 6.42 works fine.
Hope it will save time to someone else.

Sat Apr 21, 2018 10:10 pm

So why you have not upgraded first to 6.40.7 (bugfix) with old bridge implementation?
Why are you upgraded working hotel infrastructure to RC version? RC is test version so upgrade could fail.

nordex · Sat Apr 21, 2018 11:04 pm

So why you have not upgraded first to 6.40.7 (bugfix) with old bridge implementation?
Why are you upgraded working hotel infrastructure to RC version? RC is test version so upgrade could fail.

It was a sunny and beautiful day. Murphey was out of the town.

msatter · Sat Apr 21, 2018 11:17 pm

Found an other problem with this RC. When I want to add a filter line using a script run at an On-UP event then "Place Before" or the whole script is not executed. The filter line is not added in the Nat table in my case.

When I enter the line manually in Terminal then the line is added without an hitch.

Ticket#2018042122002234

karwos · Sun Apr 22, 2018 12:00 am

Phone: huawei p9 lite
Problem: slow Wlan throughput and packet loss
Reported: year ago

Fixed: in v6.43rc3

Speedtest before upgrade: 19mbit / 39mbit
After upgrade: 89mbit/89mbit

Wondering if "auto" channel problems fixed too.
It would be prefferable to merge that fix to current/bugfix branch, so I can rollout updates for my customers.

sindy · Sun Apr 22, 2018 9:20 am

@msatter,

When I want to add a filter line using a script run at an On-UP event then "Place Before" or the whole script is not executed. The filter line is not added in the Nat table in my case.
When I enter the line manually in Terminal then the line is added without an hitch.

Did this work in the previous versions? If yes, how exactly does that script line look like (I'm not interested in particular IP addresses but in the way how you obtain the index for

place-before

)

mrtester · Sun Apr 22, 2018 10:41 am

I did test upgrade from 5.26 to this version. Just for testing. Everything went well. Upgrade failed for you due to configuration or something like thta. In general it works just fine.

msatter · Sun Apr 22, 2018 11:29 am

@msatter,
When I want to add a filter line using a script run at an On-UP event then "Place Before" or the whole script is not executed. The filter line is not added in the Nat table in my case.
When I enter the line manually in Terminal then the line is added without an hitch.
Did this work in the previous versions? If yes, how exactly does that script line look like (I'm not interested in particular IP addresses but in the way how you obtain the index for
Code: Select all
place-before
)

It worked up to 6.42. You can't find that specific index and then you have to just make it yourself easy. The index is always the second line of the Hairpin in NAT, it pushes down earlier lines. When a VPN connection is severed the then the line is removed, and if not then it is removed on the following connect. I also remove on UP, the specific dead connections that might have not timed out in the meantime for that specific VPN connection.

On-up:

/ip firewall nat remove [find where comment="temp-vpn1"] 
/ip firewall connection remove [ find  where connection-mark="VPN1"]
:local ip [/ip address get [find where interface="VPNprovider-1"] value-name=address ];
/ip firewall nat add chain=srcnat action=src-nat to-addresses=$ip protocol=tcp  src-address-list=PrivateVPN connection-mark=VPN1 comment="temp-vpn1" place-before=1

On-down:

/ip firewall nat remove [find where comment="temp-vpn1"]

en1gm4 · Sun Apr 22, 2018 12:12 pm

Deleted. Wrong thread. Kid control bug in webfig is in current release (not checked RC yet)

sindy · Sun Apr 22, 2018 12:12 pm

@msatter,
When I want to add a filter line using a script run at an On-UP event then "Place Before" or the whole script is not executed. The filter line is not added in the Nat table in my case.
When I enter the line manually in Terminal then the line is added without an hitch.
Did this work in the previous versions? If yes, how exactly does that script line look like (I'm not interested in particular IP addresses but in the way how you obtain the index for
Code: Select all
place-before
)
It worked up to 6.42.
...
Code: Select all
/ip firewall nat ... place-before=1

That was my suspicion - numeric index can be used to identify a rule only following a

print

when doing manual configuration as the index is dynamically generated. Without the previous

print

, index 0 sometimes works but you cannot rely even on that when using it for

place-before

, as some chains contain dynamic rules which must stay at the beginning of the chain so any attempt to place a rule before them fails.

So to stay version-independent, comment the rule before which you want to place your one and use

place-before=[find comment="your-comment"]

.

msatter · Sun Apr 22, 2018 1:30 pm

It seems that the "comment" possibility is the BEST thing in RouterOS. Maybe Mikrotik should think of making this way of working official and implement a tag or label available so that comment can just be a comment.

Thanks Sindy for making this clear so the next time we don't think, WTF is happening now.

Update: it works like a charm and I have inserted a dedicated passthrough&comment line for this so that I can be sure it will inserted at the correct spot. I will migrate again to 6.43RC now to see if the port +10000 bug is reoccurring.

Update 2: I have implemented the suggestions by Sindy and the new script is:

On-Up:

:local profile "1"
/ip firewall connection remove [ find connection-mark="VPN$profile"]
:local ip [/ip address get [find where interface="permanent-vpn-$profile"] value-name=address ];
/ip firewall nat set [find comment="permanent-vpn-$profile"] disabled=no to-addresses=$ip

On-Down:

:local profile "1"
/ip firewall nat disable [find comment="permanent-vpn-$profile"] 
/ip firewall connection remove [find connection-mark="VPN$profile"]

I have more than one connection and to adapt it each time was cumbersome so I defined :local profile "X" to only have to change the number/name to create the script for the new connection.
Using SET instead of ADD to manipulate the lines in the NAT is a great tip by Sindy. viewtopic.php?f=21&t=133420&p=656006#p656033

bbs2web · Sun Apr 22, 2018 2:40 pm

VirtIO multi-queue appears to be working:

PS: I have poor connectivity at my present location, the gaps in the graph relate to this,not the release candidate's performance...

Nice to see MikroTik tying the input and output vCPU assignments to the same core. This correlates to information published here:
https://www.linux-kvm.org/page/Multiqueue-optimization.

Do MikroTik use a flow director, to assign outgoing traffic back to the queue it came in on? Does this subsequently require connection tracking?

sindy · Sun Apr 22, 2018 3:09 pm

It seems that the "comment" possibility is the BEST thing in RouterOS. Maybe Mikrotik should think of making this way of working official and implement a tag or label available so that comment can just be a comment.
...
I have inserted a dedicated passthrough&comment line for this so that I can be sure it will inserted at the correct spot.

Finding a rule by a comment is the last resort, you can find a rule using a unique combination of other parameters as well (if a unique combination exists of course).
And in your case, you don't need to use another rule as a label holder, you could as well keep your rule in place and just modify it:
On up:

/ip firewall nat set [find comment="permanent-vpn1"] disabled=no to-addresses=$ip

On down:

/ip firewall nat set [find comment="permanent-vpn1"] disabled=yes

or

/ip firewall nat disable [find comment="permanent-vpn1"]

Sun Apr 22, 2018 7:38 pm

msatter, another solution to your task would be introducing a separate custom chain for your dynamic rules, then jumping to this custom chain at the point where you currently insert your dynamic rules. In the script you then simply add your dynamic rules to the top of your custom chain not worrying about the rule order at all.

sindy · Sun Apr 22, 2018 8:43 pm

msatter, another solution to your task would be introducing a separate custom chain for your dynamic rules, then jumping to this custom chain at the point where you currently insert your dynamic rules. In the script you then simply add your dynamic rules to the top of your custom chain not worrying about the rule order at all.

He's dealing with a single rule and needs to remove/modify it. If it is harmless to have a jump to a custom chain which currently doesn't exist, then yes, he can add the only rule to that chain and remove it from there. Is that what you had in mind? Because the rule order within the chain does matter if there would be more than one.

msatter · Sun Apr 22, 2018 10:00 pm

I did not wanted to post more on this 6.43RC3 thread and put updated information in my previous posting. I have multiple VPN connections active at the same which are on demand activated and disconnect when not being used.

The NAT lines have to be in specific part of the hairpin and the position of each line in the VPN block is not important because connection marking is filtering.

I use now static lines where the address changes depending on which VPN entry point is selected by the randomized DNS list (round robin). I can even use different vpn-providers and only a small percentage of websites do not like that you are coming from everywhere. PCC on the source-port determines which connection is used. Destination port and address-list controls if a site should only be visited from the same VPN.

I have now created a schedule on start-up which switches each static NAT VPN off after a two second delay so it symmetric to the activate script on-up of the VPN connection.

Like it is working now, pleases me. Thanks for all the help on this.

Mon Apr 23, 2018 7:41 am

msatter - We already recieved such problem report and will fix it as soon as possible.
nickdwhite - We will look into this. In order to resolve this faster - please send this problem report to support@mikrotik.com.
nordex - Please write to support@mikrotik.com and provide your configuraton which was used on 5.26 version. We will try to reproduce the same problem locally.
en1gm4 - Thanks for properly reporting the problem in related release topic.

Mon Apr 23, 2018 3:01 pm

Version 6.43rc4 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

Changes since previous rc release:

!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

tomaskir · Mon Apr 23, 2018 3:20 pm

@strods

*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);

Can you please elaborate on what this does?

Bergante · Mon Apr 23, 2018 3:53 pm

Can the phy-rate and RSSI for 60G interfaces also be exposed over SNMP please?

They do on 6.43rc. IF-MIB::ifSpeed shows the PHY rate. Before 6.43 it showed 10 Mbps.

emils · Mon Apr 23, 2018 3:56 pm

Can you please elaborate on what this does?

Responder=yes/no configures whether a specific mode-config entry will act as a initiator or a responder. Previously only the default "request-only" entry acted as an initiator. Since the newly added "src-address-list" parameter works for initiator only and may be different between multiple mode-config clients, it may be necessary for a user to add multiple mode-config initiator configurations.

mozerd · Mon Apr 23, 2018 6:18 pm

No System Health data for hAP ac2 and firmware 6.43rc4

Mon Apr 23, 2018 8:20 pm

mozerd - This device does not have any hardware monitoring sensors on it.

juliokato · Mon Apr 23, 2018 8:36 pm

mozerd - This device does not have any hardware monitoring sensors on it.

bad news, I'd rather pay more for a product with better features. My choice today is hAP AC.

Tue Apr 24, 2018 7:54 am

You can see available sensors for each product at our products page:

https://mikrotik.com/product/RB962UiGS-5HacT2HnT

Details
PCB temperature monitor Yes
Voltage Monitor Yes

https://mikrotik.com/product/hap_ac2

No such monitors listed.

Wed Apr 25, 2018 4:40 pm

That we know. What we would like to know from mikrotik is if it worths to test the wifi on hap ac2 with this RC or not.

Next RC release will have possible fix for this

Thu Apr 26, 2018 10:27 am

Version 6.43rc5 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

Changes since previous rc release:

*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) lte - allow to execute concurrent internal AT commands;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

Thu Apr 26, 2018 10:28 am

Please note that this rc release includes potential fix for wireless performance problems on RouterBOARD hAP ac^2 and cAP ac.

Please upgrade and test. Report results back to support@mikrotik.com if you still experience problems even after an upgrade.

"wireless - improved wireless throughput on hAP ac^2 and cAP ac"

Traveller · Thu Apr 26, 2018 10:59 am

Many thanks for the support of the hap ac^2

. My hap ac^2 updating and rebooting correctly.

Simono · Thu Apr 26, 2018 11:24 am

Waiting for this
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
on stable

mistry7 · Thu Apr 26, 2018 9:35 pm

looks really better for cap ac

Thanks for this, and know go on at the another construction sites

- Spectral Scan
- Nv2 or 3

yhfung · Fri Apr 27, 2018 3:33 pm

It is confirmed that the v6.43rc5 has been resolved the 5GHz WiFi issue on hAP ac^2. The download and upload speed can reach at least at 380Mbps for my MacBook Pro Retina 2015 and sometimes it is over 400Mbps. MikroTik Engineering Team has done a very great job this time.

However I still have problems with my 2GHz WiFi with long ping time over 100ms, I need more time to adjust the WiFi parameters in order to obtain acceptable results.

YH

JanezFord · Sat Apr 28, 2018 8:10 pm

If the hap-ac2 wireless fix really works it would be very nice of mikrotik to port it back to v6.42 (.2 maybe) asap because otherwise apart from running rc in production we will have to wait for 2 or 3 months according to current release frequency.

JF

Sun Apr 29, 2018 3:29 pm

Not to current only. It is necessary to implement the corrections into bugfix version!

msatter · Mon Apr 30, 2018 10:02 pm

I encountered a really strange problem with the address-lists. I had some trouble entering ip addresses with netmask in the past and the message was it was not a domain. I worked around it by first entering it without an netmask and add the netmask later. This occurs sometimes and I believe also in previous versions.

Now I have Mikrotik flooding my dnsserver with IP numbers because it thinks there are domain names. I have about 35.000 IP numbers in address-list so it is really bussy.

The message is "Couldn't add New Firewall Address-List - x.x.x.0/16 is not a valid dns name (6)"

It seems that the input of address-list is thrown out of wack and in that mode it only expects a domain name or IP address without a netmask.

Tue May 01, 2018 12:13 am

Everywhere.

sindy · Tue May 01, 2018 12:19 am

It seems that the input of address-list is thrown out of wack and in that mode it only expects a domain name or IP address without a netmask.

As I don't have 6.43rcX anywhere right now, I can only suggest you to try whether you could use an interval (

192.168.0.0-192.168.0.255

) instead of a prefix (

192.168.0.0/24

) as a workaround.

msatter · Tue May 01, 2018 12:38 am

I have restarted the router and then it worked again with a netmask. I have restarted a few times the last two days and I had that problem also befrore an other restart.

Next time I will try your suggestion. I have also sent this to support so they can look if there is a gremlin in there.

andlommy · Tue May 01, 2018 10:33 am

Bug #1
CHR running on 6.43rc5 on Hyper-V (Windows 10 v1803) does not recognize all network interfaces.
If CHR is configured with 2 NICs (standard NICs, not legacy) is recognizing 1 interface only. It can be first or second NIC (varies), or both nic's. rebooting the router makes it recognize nics differently.

Bug #2
CHR (tested 6.38, 6.42.1 and 6.43rc5) running on Hyper-V (Windows 10 v1803) with blank configuration introduces a latency while accessing VMs.
i.e. hyper-v host machine ip is 192.168.1.100, client machine is 192.168.1.101, some VMs sit in a private network 172.16.1.0/24, let's say 172.16.1.100, say CHR has 2 NICs - one facing production network (with IP 192.168.1.102), other facing private network (with IP 172.16.1.1)

Pings would look the following way:

192.168.1.101 --> 192.168.1.100 ==> <1ms ping, 1 gbit on iperf test
192.168.1.101 --> 192.168.1.102 ==> <1ms ping
192.168.1.101 --> 172.16.1.100 ==> fluctuating ping 1-25 ms

Don't think same behavior existed on Hyper-V v1709.
Windows VMs sitting in hyper-v if exposed to public network (via NATed vswitch or external network) does not have a latency problem (so it's not hyper-v nics, hyper-v setup, or the actual network)

yhfung · Tue May 01, 2018 1:14 pm

strods,

Although the 5GHz of hAP ac^2 has already been resolved for my MacBook Pro Retina 2015 (I was able to get 380Mbps), there are still some problems with other 5G ac chip. For instance my CHIWU laptop pc equipped with Intel Dual-Band Wireless-AC 3165 (download speed is only 22Mbps). I have already sent my comments and router file supout.rif to the Support for their reference. I have seen from other threads mentioning there are some incompatibility issue with Intel-based AC.

YH

slimmerwifi · Wed May 02, 2018 8:56 am

Upon upgrading an Cap AC from 6.40.5 to 6.34.5 through the TIK App (download install and reboot option) it bricked.

Seems to only happen if the CAP is powered over Ethernet by another CAP. The other one survived the update.

The CAP also isn't visible in Netinstall so I'll have to RMA it.

This happened to me twice now. What am I doing wrong?

yhfung · Wed May 02, 2018 9:06 am

strods,

Apart from the WiFi issue on hAP ac^2, I also found another problem when hAP ac^2 was configured as PPTP VPN client to another VPN server. The latency found was very large, it is over 1000ms. That was why I browsed websites such as www.YouTube.com, the pictures popped out very slowly.

Besides hAP ac^2 has this problem, RB951 had the same problem too.
If CCR1009 or X86 RouterOS were used and configured as PPTP VPN client to a remote MikroTik VPN sever, the latency was found only 6xms using the latency/speed test site "http://speedtest.ofca.gov.hk". It was also the same as the one without VPN. I did not have any problems when the PPTP clients were set on CCR1009 or X86 RouterOS.

For details, please take a look at the following thread. I also send the same information to the Support for help.

viewtopic.php?f=2&t=133894

YH

Thu May 03, 2018 11:17 am

Version 6.43rc6 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

Changes since previous rc release:

*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) quickset - fixed dual radio mode detection process;
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

mistry7 · Thu May 03, 2018 11:22 am

*) wireless - improved Nv2 PtMP performance;

Tell us more, did you work on latency?

yhfung · Thu May 03, 2018 11:34 am

How about the long ping time if the hAP ac^2 is configured as VPN client? Same issue also happens on RB951G with stable RouterOS v6.40.8.

The problem has been reported in viewtopic.php?f=21&t=133420&start=50#p658891, when v6.43rc5 is released.

The most update information for the long ping time issue for VPN client can be seen in the following link:

viewtopic.php?f=2&t=133894

eddieb · Thu May 03, 2018 11:58 am

problems should be reported to support@mikrotik.com not on this forum.

yhfung · Thu May 03, 2018 12:04 pm

problems should be reported to support@mikrotik.com not on this forum.

Already reported to the Support at support@mikrotik.com in a few days ago and got the ticket number.

So far I have not received any (human) reply from the MikroTik Official.

YH

honzam · Thu May 03, 2018 12:41 pm

*) wireless - improved Nv2 PtMP performance;

Tell us more, did you work on latency?

@mikrotik can you write more info there? viewtopic.php?f=21&t=132181
Or start new topic with this improvement? Thanks

yhfung · Thu May 03, 2018 4:07 pm

I got a reply from the Support and the long ping time issue has already been resolved by disabling the FastTrack function in firewall filter rules.

For details, please take a look at the following thread.
viewtopic.php?f=2&t=133894&p=659265#p658731

Thank the MikroTik Support Team for resolving my problem as quickly.

YH

informant · Fri May 04, 2018 10:54 am

hi, in last version nv2 ptmp performance was already improved, what new in v6.43rc6, well entry: wireless - improved Nv2 PtMP performance; comes again in this rc?
regards

mlenhart · Fri May 04, 2018 4:14 pm

BUG: WiFi LED is still On, winbox and also CLI shows wireless interface as disabled. Affected HW: RB951G-2HnD with firmware 6.41.3
Supout.rif already sent to MikroTik support, Ticket#2018050422002416.

EDIT: issue is also with firmware 6.43rc6

bbs2web · Fri May 04, 2018 4:44 pm

CPU utilisation reduction on CCR (Tile) routers is very evident, great work guys!

RouterOS versions:

We only keep OS version information for the last 30 days
6.41 - MPLS: 04-02 - 04-03 BGP: 04-02 - 04-09
6.41.3 - MPLS: 04-03 - 04-29 BGP: 04-09 - 04-29
6.42.1 - MPLS: 04-29 - current BGP: 04-29 - current

MPLS switching router (no connection tracking, no BGP):

Throughput:

CPU utilisation:

NB: Please ignore the CPU utilisation spike on the 26th of March, our fault...

BGP provider edge router (firewalling and filtering in accordance to MANRS):

Throughput:

CPU utilisation:

Chupaka · Fri May 04, 2018 5:50 pm

RouterOS versions:

We only keep OS version information for the last 30 days

6.41 - MPLS: 04-02 - 04-03 BGP: 04-02 - 04-09

6.41.3 - MPLS: 04-03 - 04-29 BGP: 04-09 - 04-29

6.42.1 - MPLS: 04-29 - current BGP: 04-29 - current

JFYI: This topic is about 6.43rc

lomayani · Sat May 05, 2018 1:21 pm

On this release am getting less wireless throughput per client compared to 6.42.1. My dynamic downlink ratio is 60 and in 6.42.1 i get up to 90mbps with 20MHz per client with ac radio
I tried the current release and hardly getting 50mbps with same client and same setting

One issue i see resolved is preventing one client from killing performance of other clients if is heavily downloading.

yhfung · Mon May 07, 2018 3:34 pm

strods,

Miner bug found on hAP ac^2, please see the board name and correct in the next release.

[admin@MikroTik] /interface wireless> /system routerboard print
routerboard: yes
board-name: hAP ac (<--This should be hAP ac^2)
model: RouterBOARD D52G-5HacD2HnD-TC
serial-number: 8D1308291FAD
firmware-type: ipq4000L
factory-firmware: 3.43
current-firmware: 6.43rc5
upgrade-firmware: 6.43rc6

atlanticd · Mon May 07, 2018 3:46 pm

hi yhfung,

On an SSH session to my hAP ac^2 I see correctly printed name:

However when I use Terminal in Winbox, I can confirm that I see what you reported. I guess this is either a Winbox issue (Winbox is not able to display the special character) or a character encoding issue in Telnet.

strods,

Miner bug found on hAP ac^2, please see the board name and correct in the next release.

[admin@MikroTik] /interface wireless> /system routerboard print
routerboard: yes
board-name: hAP ac (<--This should be hAP ac^2)
model: RouterBOARD D52G-5HacD2HnD-TC
serial-number: 8D1308291FAD
firmware-type: ipq4000L
factory-firmware: 3.43
current-firmware: 6.43rc5
upgrade-firmware: 6.43rc6

Tue May 08, 2018 11:54 am

Version 6.43rc7 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

Changes since previous rc release:

*) capsman - allow to change "radio-name" (CLI only);
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) kidcontrol - allow to edit discovered devices;
*) lte - do not allow to send "at-chat" commands for configless modems;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

yhfung · Tue May 08, 2018 12:16 pm

Hello atlanticd,

When I use ssh to my routerboard, it can show the correct number "2" in superscript mode. However in RouterOS terminal mode, it does not. I guess the terminal mode does not support displaying characters in superscript mode.

YH

sindy · Tue May 08, 2018 12:48 pm

When I use ssh to my routerboard, it can show the correct number "2" in superscript mode. However in RouterOS terminal mode, it does not. I guess the terminal mode does not support displaying characters in superscript mode.

To be precise, it is not a 2 in superscript, it is a unicode codepoint 0xb2. Not that knowing this would change the user experience in any way

server8 · Tue May 08, 2018 8:03 pm

*) wireless - improved Nv2 PtMP performance;

is it further improvement from 6.42.1?

jrpaz · Tue May 08, 2018 11:40 pm

DHCP Client still broke.

6.41.x was that last stable release......

emils · Wed May 09, 2018 8:44 am

Please send supout.rif files to support@mikrotik.com if you are still experiencing any issues with DHCP client.

jrpaz · Wed May 09, 2018 4:14 pm

nescafe2002 · Wed May 09, 2018 10:50 pm

*) dhvpv4-client - fixed DHCP client stuck in renewing state;

Hah. Nice work on this one. I've complained to my ISP that they didn't respond to my unicast renewal request.
Turns out these requests are sent to dhcp client (mac) address instead of the dhcp server, so I have myself to blame..

Besides the "stuck in renewal state" which seem cosmetic, clients are much more prone to rogue dhcp servers which has been a major issue for me.

Now that this is fixed in rc7 and a lot of production routers suffer from this problem due to mandatory update (6.42.1), could you urge an update on current channel?

Thu May 10, 2018 1:51 pm

Version 6.43rc11 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

Changes since previous rc release:

*) bridge - do not allow to add same interface list to bridge more than once;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.43rc1);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - fixed situation when filesystem goes into read-only mode on device with NAND type memory;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behavior;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed interface list which include disabled member;
*) interface - fixed situation when router did reboot due to critical program crash (introduced in v6.42);
*) interface - improved reliability on dynamic interface handling;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - improved LTE communication process on MMIPS platform devices;
*) routerboard - properly represent board name for hAP ac^2;
*) switch - added support for port isolation by switch chip (CLI only);
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

Thu May 10, 2018 2:52 pm

....
*) bridge - do not allow to add same interface list to bridge more than once;
....

Asking without checking ... is it possible to add interface to the bridge and a list containing this interface? What then if it is possible?

artz · Thu May 10, 2018 3:05 pm

With RouterOS v6.43rc11 it is possible to do port isolation on devices with a switch chip, this includes CRS3xx as well.
Example can be found here:
https://wiki.mikrotik.com/wiki/Manual:S ... _isolation

msatter · Thu May 10, 2018 4:02 pm

I had good hope my ticket (Ticket#2018042122002234) would be resolved in this version but it is not. Setting Neighbors to !Dynamic still pokes my Dail-on-Demand connection and won't let it go to sleep when the time-out is there.

When I look in interfaces - interface lists I don't see any content in the defined names and looking in the Neighbors list I see a other Mikrotik device but not the Winbox that is running. Once I did see the Winbox and it had the MAC 00:00:00:00:00:00

So I will continue to use my manual generated Interface List to give the L2TP connection a rest when not needed.

jriera · Fri May 11, 2018 3:31 am

*) tile - fixed Ethernet interfaces becoming unresponsive;

I have a very strange problem with a CCR1072. Suddenly there are IP addresses that stop responding, some work and others do not... within the same broadcast (L2) -no routing apply-. There is no problem of firewall or similar, by ARP the MAC is seen, but communication is simply lost... until a reboot is made and everything works again. It has happened to me twice in the last week. With the 6.42.1. Does this changelog correct this problem or similar?

The problem happens in an 802.3ad bonding interface with vlans on it. At the other end there is a CRS317-1G-16S switch. Even if I restart the switch, it does not recover the communication... I must restart the CCR1072.

diablothebest · Fri May 11, 2018 9:04 am

After update to 6.43rc11 My Kodi player on Raspberry could't connect to Synology NAS via NFS or SMB!

kez · Sat May 12, 2018 5:15 pm

*) dhcpv6-server - added initial dynamic simple queue support;

Hello, strods
We are trying to migrate our GPON customers connection from PPPoE to IPoE and doing fews tests.
One of your problems it's IPv6 queue and now this update can help us.
However, is there any way to create the same queue for IPv4 and IPv6 via DHCP?

TOD · Sun May 13, 2018 5:51 am

After updating RB750Gr3 to 6.43rc11, I noticed that all port on local bridge became isolated to each other. Disabling HW offloading on bridge ports solve this problem, but I prefer to rollback to 6.43rc6 with HW offloading enabled.

Xymox · Mon May 14, 2018 9:24 pm

I updated a CCR a 2011 and a mAP from 41.5 to RC11.. This addressed all the issues *I* had with 42.x...

REENABLE NETWATCH
I use Netwatch to do a large number of things including sending alerts and changing LEDs based a scripts triggered by Netwatch.

THIS ENTIRE FEATURE WAS TAKEN AWAY IN 42 AND MUST BE PUT BACK

diablothebest · Mon May 14, 2018 10:26 pm

I have issue with bridge on RB750Gr3 (hEX) too. Downgrade to CURRENT channel at this moment...

Tue May 15, 2018 7:35 am

Version 6.43rc12 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

Changes since previous rc release:

*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) dhcpv4-server - fixed situation when router did reboot due to critical program crash (introduced in v6.43rc);
*) ipsec - improved reliability on IPsec hardware encryption for ARM devices except RB1100Dx4;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

Tue May 15, 2018 11:11 am

After update to 6.43rc11 My Kodi player on Raspberry could't connect to Synology NAS via NFS or SMB!

Please provide more information about this issue to support@mikrotik.com

diablothebest · Tue May 15, 2018 11:47 pm

After update to 6.43rc11 My Kodi player on Raspberry could't connect to Synology NAS via NFS or SMB!
Please provide more information about this issue to support@mikrotik.com

This was bug with hEX bridge! Now all works ok!

Raumaster · Wed May 16, 2018 12:54 am

*) wireless - improved Nv2 PtMP performance;
is it further improvement from 6.42.1?

I'd like to know what kind of NV2 performance improvement we can expect from version 6.43? I did notice improvements in version 6.42 but heard of people saying the new 6.43rc is worse then 6.42...

jrpaz · Wed May 16, 2018 6:04 am

DHCP Client seems to be sorted out and working now!

nescafe2002 · Wed May 16, 2018 11:56 am

DHCP Client seems to be sorted out and working now!

Agreed, I've upgraded my production routers to 6.43rc7 and they are working very well.

bbs2web · Wed May 16, 2018 12:51 pm

We had an issue with a CHR running 6.42.1 restarting 3 times in a day and subsequently downgraded to 6.41.4. Both of these versions yielded high latency, which has been fixed with the multi-queue driver in 6.43.rc12.

Steps:

Upgraded RouterOS to v6.43rc12
Set KVM VirtIO network driver on Hypervisor to support multi-queue
Disabled RPS on CHR instance

Router was upgraded at approximately 22:45 on the 15th of May.

Latency:

Throughput:

CPU:

Looks like IRQs are not balanced evenly, this may be on the hypervisor though...

PS: Nice to see that IRQ rx/tx queue pairs are mapped to the same CPU. Herewith a snippet from the router:

yhfung · Thu May 17, 2018 3:01 am

strods,

When I tried to install the ntp package (downloaded zip file for rc12, extracted the ntp package and put it to the files folder) and found it did not work.

The problem has been fixed because the main system package is rc11 and I installed rc12 ntp package. After upgrading the main package to rc12 version, I could able to install the ntp package.

YH

Chupaka · Thu May 17, 2018 12:12 pm

Yes, and that was described in the Log after reboot. That's how it works - all packages should be of the same version.

Fri May 18, 2018 3:45 pm

Version 6.43rc14 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

Changes since previous rc release:

*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) defconf - fixed missing bridge ports after configuration reset;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) lte - added support for Novatel USB730LN modem with new ID;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

hknet · Fri May 18, 2018 5:56 pm

I like: "crs3xx - added initial Q-in-Q hardware offloading support (CLI only);"
could someone please point me to the correct manual/wiki entry on this one?

artz · Fri May 18, 2018 6:36 pm

You can find an example here:
https://wiki.mikrotik.com/wiki/Manual:I ... 8Q-in-Q.29

Note that the same principles can be applied as for regular VLAN filtering (trunk, access, management port and so on).
Do note that QinQ with RSTP is not supposed to work with bridges that use 802.1Q (this is by standard IEEE 802.1ad), but there is a bug in 6.43rc14 that prevents RSTP from working properly, this is fixed in 6.43rc15.

Also the wiki for CRS3xx is updated with more examples with ACL rules:
https://wiki.mikrotik.com/wiki/Manual:C ... s_switches

Starting from 6.43rc14 "protocol-mode=none" disables compliance with IEEE 802.1Q and allows to forward 01:80:C2:XX:XX:XX MAC addresses, most noticeable protocols that use these MAC addresses are LACP and dot1x. By setting the protocol-mode to none you can achieve a true transparent bridge. Use with caution though.

pe1chl · Fri May 18, 2018 6:54 pm

Is there work in progress or planned to make a bridge with protocol-mode=none and simple VLAN filtering (a couple of VLANs defined on the bridge and the ports being untagged or tagged members) to support hardware offload on the common switch chips in the routers?
As it is now, it is not hardware offloaded when configured this way, but when the bridge is configured without VLAN filtering and the VLANs are defined in the switch config, it is.

diablothebest · Fri May 18, 2018 10:02 pm

Please add SOCKS5 to RouterOS! Many people want it!

Xymox · Sat May 19, 2018 3:53 am

Im seeing a disc space leak over time. Im seeing it on TILE, MIPSBE and PPC. Im seeing it on all the devices I manage.

This because obvious when I could not upgrade or downgrade firmware because there was not enough space. I dont see what is taking up space on the NAND. I saw one device go from 27.9 free space out of 64 down to 14MB when I tried to downgrade. I also saw a device go from 16MB free space to 27.9MB free space WHEN I UPGRADED from RC12 to RC14..

This issue seems to take time to develop. 6.41.4 is stable and does not do this. 42.x seems to and 43RC14 also seems to.

The only way around this is Netinstall. I erased NAND to be sure. I wanted to bring this up on the forum as it can lead to having to go onsite and Netinstall and restore the device. This also seems to be present in 42.x

Ive sent a email to support.

pe1chl · Sat May 19, 2018 11:29 am

Im seeing a disc space leak over time. Im seeing it on TILE, MIPSBE and PPC. Im seeing it on all the devices I manage.

Then it must be related to something you do on all the devices you manage. What are you doing that could consume diskspace and that could be nonstandard?
For example, enabled graphing with storage to disk. I had that in the past but I removed storage to disk to reduce the number of disk writes, so I cannot check if that could be it.
(in the past it did not cause a disk leak, of course it consumes space but it is trimmed over time)

pe1chl · Sat May 19, 2018 11:41 am

[mistake]

Ulypka · Mon May 21, 2018 10:48 am

Version 6.43rc14 has been released.
*) bridge - added initial Q-in-Q support (CLI only);

what about selective qinq?

artz · Mon May 21, 2018 11:07 am

Currently it is not possible to select which frames are going to be tagged with an outer tag and which not.
It is possible to use CRS3xx ACL rules to achieve a similar result though.

/interface bridge
add name=bridge vlan-filtering=yes vlan-protocol=802.1ad
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
/interface bridge vlan
add bridge=bridge untagged=ether1,ether2 vlan-ids=1
add bridge=bridge tagged=ether1,ether2 vlan-ids=200
/interface ethernet switch rule
add mac-protocol=ipx new-vlan-id=200 ports=ether1 switch=switch1

hurymak · Tue May 22, 2018 9:42 am

Version 6.43rc14 has been released.

*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);

what exactly is fixed in protected routerboard?

estdata · Tue May 22, 2018 2:46 pm

Please fix this probleem . My screenshot

My attachment . Frenquensy probleem!!!

hurymak · Tue May 22, 2018 3:07 pm

change frequency to default and this error will disappear

r00t · Wed May 23, 2018 3:27 am

Frenquensy probleem!!!

That's just a warning that you are running overclocked CPU. If it's stable and not overheating, you can just ignore it (That is if you need this higher speed. If not, just lower it to default value). Same message is also output in the log every time router starts.

Wed May 23, 2018 5:00 pm

In order to access router running this version by Winbox, please download v3.14rc Winbox loader from here:
https://www.mikrotik.com/download/share/winbox.exe

Please read the changelog before an update since version introduces major fixes and improvements

Version 6.43rc17 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

Changes since previous rc release:

*) backup - do not encrypt backup file unless password is provided;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added initial Q-in-Q support (CLI only);
*) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) lte - added ICCID reading for info command R11e-LTE (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - improved r11e-LTE configuration exchange process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
*) radius - use MS-CHAPv2 for "login" service authentication;
*) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
*) smb - fixed valid request handling when additional options are used;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - improved authentication process;
*) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required );
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
*) wireless - improved client "channel-width" detection;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

In order to access router running this version by Winbox, please download v3.14rc Winbox loader from here:
https://www.mikrotik.com/download/share/winbox.exe

poizzon · Wed May 23, 2018 5:14 pm

Version 6.43rc17 has been released.

after upgrading, do not accept passwords, two different routers!

and why did not you write in What's new that we need to use the new WinBox?

Wed May 23, 2018 5:17 pm

Version 6.43rc17 has been released.
after upgrading, do not accept passwords, two different routers!

from where? did you read above post, that you need other Winbox version?

raffav · Wed May 23, 2018 5:19 pm

Where is the new topic about 3.14?

Sent from my XT1580 using Tapatalk

Wed May 23, 2018 5:21 pm

Where is the new topic about 3.14?

same answer. please read the post until bottom

poizzon · Wed May 23, 2018 5:24 pm

Version 6.43rc17 has been released.
after upgrading, do not accept passwords, two different routers!
from where? did you read above post, that you need other Winbox version?

it is simple way - in whats new you can allways write some notes, about changes

Wed May 23, 2018 5:25 pm

it is simple way - in whats new you can allways write some notes, about changes

I'm sorry, but have you read them? It is in the notes

diablothebest · Wed May 23, 2018 5:32 pm

When use WBOX 3.14rc to connect CHR 6.42.2 - get license error after login, winbox think this is x86 machine )

pe1chl · Wed May 23, 2018 5:42 pm

I have installed the new 3.14rc winbox, then connected a router I use for testing, it is now on the current channel.
It is not possible to change the channel to install the release candidate.

dksoft · Wed May 23, 2018 6:15 pm

deleted

aboiles · Wed May 23, 2018 6:17 pm

License error on prior chr versions with winbox 3.14rc1.
No issues with winbox 3.13

aboiles · Wed May 23, 2018 6:57 pm

what is the new password for a fresh install of chr.
admin- blank no longer works

MonkeyDan · Wed May 23, 2018 7:09 pm

*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;

Love it! Wireless Wire keeps getting better.
What's "distance lock" though?

maurimonte · Wed May 23, 2018 8:33 pm

However I cannot login, even after a configuration reset, neither with "old" winbox, nor with the proposed one, nor with telnet or MAC telnet or ssh. admin with blank password still doesn't work...
Any suggestion will be greatly appreciated!

nsdadmin · Wed May 23, 2018 9:19 pm

However I cannot login, even after a configuration reset, neither with "old" winbox, nor with the proposed one, nor with telnet or MAC telnet or ssh. admin with blank password still doesn't work...
Any suggestion will be greatly appreciated!

I have the same problem. I was trying to install a new wAP, and the upgrade pushed it to 6.43rc17 so I triggered the upgrade on my router as well and now I'm locked out of winbox with a username/password incorrect failure. CLI is unaffected.

For the record, the admin user doesn't exist here, I'm using my own creds (though that didn't stop me from trying, anyway.)

14:12:14 system,error,critical login failure for user matthew from D4:BE:D9:9E:B4:E3 via winbox 
14:12:19 system,error,critical login failure for user matthew from D4:BE:D9:9E:B4:E3 via winbox 
14:13:23 system,error,critical login failure for user admin from 10.1.20.253 via winbox 
14:13:28 system,error,critical login failure for user admin from 10.1.20.253 via winbox 
14:13:32 system,error,critical login failure for user admin from 10.1.20.253 via winbox 
14:13:37 system,error,critical login failure for user admin from 10.1.20.253 via winbox 
14:13:44 system,error,critical login failure for user matthew from 10.1.20.253 via winbox 
14:13:54 system,error,critical login failure for user matthew from 10.1.20.253 to romon network

Any help is appreciated
Matt

netmikro · Wed May 23, 2018 9:57 pm

Login problems with 6.43rc17, admin login does not work even with the beta winbox version.

SergeyMorozov · Wed May 23, 2018 10:05 pm

Same problem with login on 6.43rc17. After update all works fine, but after I reset to default, I was no longer able to login with admin user without a password, neither with winbox, nor with web interface.

msatter · Wed May 23, 2018 10:42 pm

*) backup - do not encrypt backup file unless password is provided;

I will wait till the next release because of the possible pitfalls when having to clear the configuration.

mlenhart · Wed May 23, 2018 10:57 pm

*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;

Hello MikroTik team,
could you please provide more details - what performance improvements have been done, what is the new maximal achievable distance and what exactly is distance lock?

Thank you in advance.

ivanfm · Wed May 23, 2018 10:58 pm

*) backup - do not encrypt backup file unless password is provided;

I like the current way it works the backup is encrypted with admin password.
Please make an option to encrypt using current admin password like before, I don't want to have my backup unencrypted neither want to put a password in a script to make the backup.

eworm · Wed May 23, 2018 11:06 pm

*) backup - do not encrypt backup file unless password is provided;

I like the current way it works the backup is encrypted with admin password.
Please make an option to encrypt using current admin password like before, I don't want to have my backup unencrypted neither want to put a password in a script to make the backup.

The point is that system passwords are hashed and no longer available in plain text. This is not possible.

diablothebest · Wed May 23, 2018 11:51 pm

Bug with WB 3.14rc
https://photos.app.goo.gl/oO8NPV2w1yiGKqUH2
And TickApp on Android need to update too....

MulderSk · Thu May 24, 2018 12:52 am

Where I can download winbox 3.14 rc ? thanks

Markut · Thu May 24, 2018 1:07 am

Where I can download winbox 3.14 rc ? thanks

In order to access router running this version by Winbox, please download v3.14rc Winbox loader from here:
https://www.mikrotik.com/download/share/winbox.exe

nsdadmin · Thu May 24, 2018 1:21 am

Where I can download winbox 3.14 rc ? thanks

In order to access router running this version by Winbox, please download v3.14rc Winbox loader from here:
https://www.mikrotik.com/download/share/winbox.exe

Thanks. This solved my issue. Would it be helpful for the router / winbox to do a version match check before authentication to avoid the erroneous User/Password errors?

pe1chl · Thu May 24, 2018 1:30 am

Thanks. This solved my issue. Would it be helpful for the router / winbox to do a version match check before authentication to avoid the erroneous User/Password errors?

You should not install RC versions when you don't or cannot read the release notes and the announcements here on the forum!

oraculo · Thu May 24, 2018 2:55 am

I made a hard reset after login error, right now with version 3.14rc1 I still receive user or password error. What should I do?

null31 · Thu May 24, 2018 3:15 am

I made a hard reset after login error, right now with version 3.14rc1 I still receive user or password error. What should I do?

You can install a previous version of RouterOS using the Netinstall.

oraculo · Thu May 24, 2018 3:22 am

I made a hard reset after login error, right now with version 3.14rc1 I still receive user or password error. What should I do?
You can install a previous version of RouterOS using the Netinstall.

Can you tell me where I find the procedure?

null31 · Thu May 24, 2018 3:33 am

Can you tell me where I find the procedure?

http://www.mikrotik.com.my/reinstalling ... rial-port/

This is better explained than the MikroTik's wiki.

squeeze · Thu May 24, 2018 4:54 am

Loving the priority on security improvements. Keep it coming!

oraculo · Thu May 24, 2018 4:57 am

Unfortunately I did not succeed, mikrotik is bricked, it was not possible to use netinstall

yhfung · Thu May 24, 2018 6:02 am

strods,

After having upgraded to rc17, I was no longer to login in the hAP ac^2 via WinBox 3.13. When I use the alternative way "using Webfig", after several trails, I could be able to login in.

However I can login the router using the old WinBox software of version 2.2.18.

Using the new WinBox 3.14rc version, I am able to login the system.

YH

nsdadmin · Thu May 24, 2018 6:23 am

Thanks. This solved my issue. Would it be helpful for the router / winbox to do a version match check before authentication to avoid the erroneous User/Password errors?
You should not install RC versions when you don't or cannot read the release notes and the announcements here on the forum!

Normally I would have been more careful, but only an rc version higher than what I already had - I was careless. Glad it was easily rectified. That said, I'm just giving a user experience improvement suggestion. Don't bite, we're all professionals here.

Xymox · Thu May 24, 2018 7:53 am

Really Mikrotik ?!?!? RC17 lost user/password ?? Im locked out.. Netinstall ?? REALLY ?!?!

After all the 42.1 mess and now this.. What happened to the super stable trustworthy Mikrotik I knew ?

Luckily I have 41.4 in a separate partition and I believe I can make that partition active using the boot menu..

Plus there is all this talk of VPNFilter.. Plus ive had some really weird disk space issues across all hardware platforms.
http://www.theregister.co.uk/2018/05/23 ... worldwide/

Doing Mikrotik has gotten seriously perilous over the last few months.

eddieb · Thu May 24, 2018 8:06 am

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

This quote says it all ...
rc releases are BETA releases, don't use it if you can't lose it !

Thu May 24, 2018 8:26 am

Hello MikroTik team,
could you please provide more details - what performance improvements have been done, what is the new maximal achievable distance and what exactly is distance lock?

Thank you in advance.

Love it! Wireless Wire keeps getting better.
What's "distance lock" though?

Distance was limited with frame lifetime, this limitation now is removed. We reworked RX pattern part to utilize it more efficiently. In some channels link can be established over 2km distance.

Xymox · Thu May 24, 2018 8:52 am

I can confirm old versions of Winbox work if you are locked out..

I have attached a Winbox from 2010 that works..

Xymox · Thu May 24, 2018 8:58 am

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.
This quote says it all ...
rc releases are BETA releases, don't use it if you can't lose it !

Its not a issue for me. I can Netinstall in my sleep and I always keep a stable in a partition.. Thats not my point.. A Release Candidate should at least be checked that it does not lock out users. Ive been doing Mikrotik RCs for 8 years and the severity of the errors recently is way off the charts VS the last 8 years.

genesispro · Thu May 24, 2018 11:04 am

same issue here that couldn't login after upgrade... I also used the old winbox and it worked. I don't know where to download winbox 3.14 rc

Thu May 24, 2018 11:07 am

Link to Winbox rc is in the above post, where RC is announced. Please all read the posts. It is not that hard.

owsugde · Thu May 24, 2018 11:15 am

Also got enticed to install rc17 because of features and fixes but then couldn't login. Old Winbox did work though. Thanks for the tip!

pe1chl · Thu May 24, 2018 11:17 am

Link to Winbox rc is in the above post, where RC is announced. Please all read the posts. It is not that hard.

It would be better to move that link (and the text) to the changelog so people who update from their router without reading this thread will also see it.

pe1chl · Thu May 24, 2018 11:20 am

Unfortunately I did not succeed, mikrotik is bricked, it was not possible to use netinstall

Usually when people claim "router is bricked, netinstall does not work" it simply means they do not do the netinstall correctly as they have never done it before and thus do not know what to expect.
It is not a good idea to install an RC version when you don't have experience with using netinstall.

genesispro · Thu May 24, 2018 11:31 am

Link to Winbox rc is in the above post, where RC is announced. Please all read the posts. It is not that hard.

Indeed it was there, it does work... Thank you
It is indeed not that hard but some times we are not given the "gift of time" to read all pages of all posts. I would try to edit and stick it to the first post or some place "sticky" since 20 people asked the same think to help us (not having too much time always)

Thank you again

Thu May 24, 2018 11:32 am

Link to Winbox rc is in the above post, where RC is announced. Please all read the posts. It is not that hard.
Indeed it was there, it does work... Thank you
It is indeed not that hard but some times we are not given the "gift of time" to read all pages of all posts. I would try to edit and stick it to the first post or some place "sticky" since 20 people asked the same think to help us (not having too much time always)

Thank you again

At least read the RC announcement post by MikroTik staff. RC versions CAN and often DO break things. RC is for testing, so reading notes is important.

genesispro · Thu May 24, 2018 12:40 pm

I have a feeling that the API calls cannot authenticate now!

jlzoroa · Thu May 24, 2018 3:22 pm

Hello

I have installed V6.43rc 17 in RB750 but It show message "Wrong user or password" using diferents Winbox Versions, I write user admin and password empty. I reset RB750 several times but It does not work.

Could you help me?

Thanks in advance.

diegotormes · Thu May 24, 2018 5:13 pm

Link to Winbox rc is in the above post, where RC is announced. Please all read the posts. It is not that hard.
Indeed it was there, it does work... Thank you
It is indeed not that hard but some times we are not given the "gift of time" to read all pages of all posts. I would try to edit and stick it to the first post or some place "sticky" since 20 people asked the same think to help us (not having too much time always)

Thank you again
At least read the RC announcement post by MikroTik staff. RC versions CAN and often DO break things. RC is for testing, so reading notes is important.

Hi Normis.

Mikrotik must implement automated tests ASAP. You must stop breaking things even in rc versions. The only way to make high quality software is doing a lot of test...since unit test, integration test, UI test, E2E test, etc. Launch a new version (even a RC) whitout automated testing is an irresponsability, at least in 2018. You are wasting time and energy, on this forum discussing bugs with your end users when you must use this forum to talk about improvements and new features.

BR,
Diego.

Chupaka · Thu May 24, 2018 5:37 pm

You are wasting time and energy, on this forum discussing bugs with your end users when you must use this forum to talk about improvements and new features.

These are two different forums

WebLuke · Thu May 24, 2018 8:03 pm

I have been trying to get better Transmit speeds on our cAP AC's, the v6.43rc17 dose not improve anything, or stabilize the connection. When doing a speed test I should see 200+Mbps U/D but only getting 12-25Mbps Download and 120-160Mbps Upload. When looking at the TX Rate of in Wireless Registration jumps all over the place from 6Mbps-200Mbps-40MHz, the RX is normally much higher around 300-650Mbps consistently. I have done testing with both my phone and laptop, the phone a Google Pixel 2X will be stationary on my desk 15-20FT from the access point with only open air between it. I have seen a lot of other posts talking about pore performance on multiple APs recently and no real solutions. I have also tried iperf3 tests with a little better numbers in the past but nothing close to what is the expected numbers.

Also for those too lazy to read where to get the new winbox.exe here you go: https://www.mikrotik.com/download/share/winbox.exe that link was not in the update text of the package manager, but was in the post about the latest release.

genesispro · Thu May 24, 2018 8:04 pm

Did anyone manage to use api calls with this version? My php api fails to login (similar to the winbox problem)

msatter · Thu May 24, 2018 8:14 pm

.
.
Also for those too lazy to read where to get the new winbox.exe here you go: https://www.mikrotik.com/download/share/winbox.exe that link was not in the update text of the package manager, but was in the post about the latest release.

Is now mentioned at the top of the posting. The original communication was sub par.

I skip this version(s) till I feel confident that the risk to loose my device is low enough.

Xymox · Thu May 24, 2018 8:23 pm

Hi Normis.

Mikrotik must implement automated tests ASAP. You must stop breaking things even in rc versions. The only way to make high quality software is doing a lot of test...since unit test, integration test, UI test, E2E test, etc. Launch a new version (even a RC) whitout automated testing is an irresponsability, at least in 2018.

BR,
Diego.

Honestly, I dont understand what has happened. Something really changed at Mikrotik. Ive been doing RCs for 8+ years. For 7+ years the RCs were as stable as the stable version. ALMOST NO BUGS OR ISSUES. Suddenly in the last like 3-4 months things have really taken a turn in a bad direction. So much so im now buying Ubiquity. The 42.1 "stable" release was abhorrent and bug ridden in ways that were inexplicable. DHCP client did not work in a "stable" release for example. The change log from 42.1 to 42.2 is stunning. They took away a feature that was critical to me and had been in RouterOS for more then 8 years, Netwatch. For me Mikrotik seems to have become untrustworthy as almost anything could break, even in "stable" releases. Features might be taken away with no notice or explanation. Mikrotik is not addressing any of this in the forums. They need to post a apology for causing so much money loss for on site visits to Netinstall "Stable" 42.2 updates. Ive got a reproducable issue now im dealing with support on where disc space is lost during a update. If you upgrade or downgrade this can occur and if you do it twice you can no longer upgrade or downgrade and your only way is to then go on site and netinstall. This occurs on Tile, MIPSBE and PPC so far that I know of and occurs in the "stable" 42.x and when upgrading from RC14 to 17. 10MB is lost in disc space with each upgrade/downgrade. It appears some file or files is not being deleted in a update. OR. Some file is being generated. Ive given Mikrotik remote access to the router to look at it. It should be simple, log in, and with thier special access go look at files and see whats taking up too much space.

Things are a huge mess.

Ive ALWAYS used and LOVED Mikrotik products. So I keep hoping it will get worked out and we will get back to super stable. Locking out all users updating to RC17 does not look good. It really appears zero testing was done. Did no one at Mikrotik upgrade and login ?

Sorry for my rant. I love Mikrotik, but, we gotta get things back to super stable again. Till then I have all my production routers on 6.41.4 as that was really the last truly STABLE STABLE.

Thu May 24, 2018 11:26 pm

Ive been doing RCs for 8+ years. For 7+ years the RCs were as stable as the stable version.

You are exaggerating "a bit". Mikrotik started releasing public RCs since mid-2015 (since v6.32 or 6.31, but definitely not earlier), which means you could not have been using RCs for more then 3 years. And final versions before that time were just horrible. Introduction of the release channels was a huge improvement in their release management, bugfix channel brought stability that had never been seen before. And RCs... well, their main purpose (as with any beta software) is to break early.

The 42.1 "stable" release was abhorrent and bug ridden in ways that were inexplicable.

The current stable version is 6.40.8 (the latest one in the BugFix release channel). The version 6.42.2 (and 6.42.1 before that) has been release in the Current release channel, which means it is not yet considered stable enough.

nkourtzis · Fri May 25, 2018 1:49 am

Hi Normis.

Mikrotik must implement automated tests ASAP. You must stop breaking things even in rc versions. The only way to make high quality software is doing a lot of test...since unit test, integration test, UI test, E2E test, etc. Launch a new version (even a RC) whitout automated testing is an irresponsability, at least in 2018.

BR,
Diego.
Honestly, I dont understand what has happened. Something really changed at Mikrotik. Ive been doing RCs for 8+ years. For 7+ years the RCs were as stable as the stable version. ALMOST NO BUGS OR ISSUES. Suddenly in the last like 3-4 months things have really taken a turn in a bad direction. So much so im now buying Ubiquity. The 42.1 "stable" release was abhorrent and bug ridden in ways that were inexplicable. DHCP client did not work in a "stable" release for example. The change log from 42.1 to 42.2 is stunning. They took away a feature that was critical to me and had been in RouterOS for more then 8 years, Netwatch. For me Mikrotik seems to have become untrustworthy as almost anything could break, even in "stable" releases. Features might be taken away with no notice or explanation. Mikrotik is not addressing any of this in the forums. They need to post a apology for causing so much money loss for on site visits to Netinstall "Stable" 42.2 updates. Ive got a reproducable issue now im dealing with support on where disc space is lost during a update. If you upgrade or downgrade this can occur and if you do it twice you can no longer upgrade or downgrade and your only way is to then go on site and netinstall. This occurs on Tile, MIPSBE and PPC so far that I know of and occurs in the "stable" 42.x and when upgrading from RC14 to 17. 10MB is lost in disc space with each upgrade/downgrade. It appears some file or files is not being deleted in a update. OR. Some file is being generated. Ive given Mikrotik remote access to the router to look at it. It should be simple, log in, and with thier special access go look at files and see whats taking up too much space.

Things are a huge mess.

Ive ALWAYS used and LOVED Mikrotik products. So I keep hoping it will get worked out and we will get back to super stable. Locking out all users updating to RC17 does not look good. It really appears zero testing was done. Did no one at Mikrotik upgrade and login ?

Sorry for my rant. I love Mikrotik, but, we gotta get things back to super stable again. Till then I have all my production routers on 6.41.4 as that was really the last truly STABLE STABLE.

To both: If you want stability, stick to Bugfix channel. If you want the latest features (which very possibly will have bugs), follow the Current channel. And if you want the bleeding edge, go for RC versions. But if you go for either Current or -and especially- RC, please do NOT complain about things breaking. You have been warned.

Since you mentioned UBNT, they run a very closed alpha testing train, a partially open beta testing train and public stable releases. These correspond to RC, Current and Bugfix, even though it is not a perfect analogy. Also, have you seen a recent UBNT changelog? Have you seen its length? How can this compare to the length of last two years' Mikrotik changelogs? You cannot have it all - many new features and perfect stability.

This comes from a guy who have criticised MT for aspects of their software development. But some of their decisions, like introducing different channels and speeding up development, were right and have brought tangible results.

Bergante · Fri May 25, 2018 9:13 am

Ive been doing RCs for 8+ years. For 7+ years the RCs were as stable as the stable version.
You are exaggerating "a bit". Mikrotik started releasing public RCs since mid-2015 (since v6.32 or 6.31, but definitely not earlier), which means you could not have been using RCs for more then 3 years. And final versions before that time were just horrible. Introduction of the release channels was a huge improvement in their release management, bugfix channel brought stability that had never been seen before. And RCs... well, their main purpose (as with any beta software) is to break early.

I agree with you. I've been playing with rc versions since they introduced the release channels. I have shot myself in the balls several times with them requiring a netinstall and some voodoo.

And indeed, since they introduced the release channels the situation has improved a lot.

If you agree to play in the bleeding edge go for the rc versions. Otherwise stay with the safest ones. But be aware that rc versions, despite working well most of the time, can still break stuff!

Fri May 25, 2018 1:00 pm

In order to access router running this version by Winbox, please download v3.14rc Winbox loader from here:
https://www.mikrotik.com/download/share/winbox.exe

Version 6.43rc19 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

Changes since previous rc release:

*) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
*) bridge - fixed FastPath for bridge master interfaces (introduce in v6.42);
*) chr - fixed adding MSTI entries;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) kidcontrol - fixed dynamically created firewall rules order;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added distance measurement (CLI only);
If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

In order to access router running this version by Winbox, please download v3.14rc Winbox loader from here:
https://www.mikrotik.com/download/share/winbox.exe

Fri May 25, 2018 1:03 pm

I have a feeling that the API calls cannot authenticate now!

API authentication method have changed, see API manual:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login

pe1chl · Fri May 25, 2018 1:56 pm

In order to access router running this version by Winbox, please download v3.14rc Winbox loader from here:
https://www.mikrotik.com/download/share/winbox.exe

Is it to be expected that using this new winbox on older releases (6.42.2) causes problems?
I see some fields that are read-only in that situation, and amongst them is the field to select the release channel.
So when accessing a router that is running 6.42.2 and is set to current I cannot change that to release candidate.
With the older 3.13 version that field can be changed as normal.

genesispro · Fri May 25, 2018 2:29 pm

I have a feeling that the API calls cannot authenticate now!
API authentication method have changed, see API manual:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login

I modified it and it seams to work but....
One of my first commands is to modify the username and password but I get a failure that
failure: user name can't be changed
did you lock the admin user from not being able to change? That would be weird, wouldn't it?

Thank you

Fri May 25, 2018 2:30 pm

Basically the last two RouterOS versions have been released for testing purposes for everything besides Winbox. We are working on a new Winbox version and have provided rc version earlier within this topic. When 6.43 and Winbox 3.14 will be released, then both of them will work together just fine. Read-only fields issue will be resolved in next Winbox release.

genesispro · Fri May 25, 2018 2:42 pm

Basically the last two RouterOS versions have been released for testing purposes for everything besides Winbox. We are working on a new Winbox version and have provided rc version earlier within this topic. When 6.43 and Winbox 3.14 will be released, then both of them will work together just fine. Read-only fields issue will be resolved in next Winbox release.

Is that why I can't modify the username via API?
Will it stay like that?
if yes I would then need to create a new user in my provisioning platform and disable the default user (admin)

pe1chl · Fri May 25, 2018 2:55 pm

When 6.43 and Winbox 3.14 will be released, then both of them will work together just fine.

And will the new Winbox then still support older RouterOS versions?
This time I first upgraded Winbox and expected to be able to manage my existing routers and upgrade one of them, however that failed as I cannot change the release channel.

Fri May 25, 2018 2:58 pm

You can change release channel, just close the window and open open it again.

Chupaka · Fri May 25, 2018 3:46 pm

I have a feeling that the API calls cannot authenticate now!
API authentication method have changed, see API manual:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login

How secure is plaintext password over insecure connection?.. Will there be any change in it back to challenge-response auth?

Fri May 25, 2018 3:48 pm

For secure connection use api-ssl

pe1chl · Fri May 25, 2018 4:31 pm

Will there be any change in it back to challenge-response auth?

In general, challenge-response auth protocols require the availability of the unhashed password on the router and that is what is being removed for security reasons.
There are tricks around that but those protocols are often regarded as not very secure either.

GLUIMAIGINE · Fri May 25, 2018 5:04 pm

Please Help! I upgraded to 6.43rc17, could not enter and reset the settings. Now I can not go in with a new winbox, not with an old winbox. Version of the nethinstall that is needed to update, I could not find on the download page.

tigro11 · Fri May 25, 2018 5:10 pm

Please Help! I upgraded to 6.43rc17, could not enter and reset the settings. Now I can not go in with a new winbox, not with an old winbox. Version of the nethinstall that is needed to update, I could not find on the download page.

https://www.mikrotik.com/download/share/winbox.exe

GLUIMAIGINE · Fri May 25, 2018 5:18 pm

New winbox does not work! Wrong password!

tigro11 · Fri May 25, 2018 5:57 pm

New winbox does not work! Wrong password!

download/file.php?id=32109

GLUIMAIGINE · Fri May 25, 2018 6:07 pm

New winbox does not work! Wrong password!
download/file.php?id=32109

There is an error with this version of winbox::"could not get index missing file".

Chupaka · Fri May 25, 2018 6:23 pm

For secure connection use api-ssl

+ generate your own certificate to exclude MitM
+ check that cert is your cert...

In general, challenge-response auth protocols require the availability of the unhashed password on the router and that is what is being removed for security reasons.
There are tricks around that but those protocols are often regarded as not very secure either.

Why can't router send, for example, salt of the password hash + some challenge, and then client uses that salt to generate hashed password and HMAC with challenge to generate response?

dada · Fri May 25, 2018 6:39 pm

For secure connection use api-ssl

implementing SSL in our utilities is a problem (time etc). Since the API is proprietary protocol the login phase could be easily changed to not send plain text password and still allow you in the RouterOS to store only hashed passwords. Just make the 'challenge' hash from the hashed password not from plaintext one. If the password hash is easily usable one (i.e. if we can use it in our scripts to create the hash from password the same way the ROS does) it should work fine.

sebasprimeau · Fri May 25, 2018 6:54 pm

I have lost winbox acces since i upgraded to version 17
I still can log via ssh, webfig ...
Do I need to change something?

Thanks

Fri May 25, 2018 6:56 pm

Sure. Newer winbox.

GLUIMAIGINE · Fri May 25, 2018 7:57 pm

Anyone have netinstall for 6.43rc17?

pe1chl · Fri May 25, 2018 8:00 pm

That version has been withdrawn. You would not want to install that! Get the 6.43rc19