Winbox 3.14 released!

Mon May 28, 2018 11:12 am

What's new in v3.14:

*) added support for new style authentication and encryption for connections to RouterOS v6.43;
*) make all connections in secure mode (all data is encrypted with AES128-CBC-SHA);
*) make winbox self upgrade check .exe signature;
*) make up/down keys select previous/next entry in address/neighbors list in connect window while login name or password fields are in focus;
*) make mouse wheel work anywere in connect window if login or password fields are in focus;
*) remember Romon Neighbours Table column widths;
*) fixed problem where selected table items were moved to the top if the table filters dropdown button was clicked twice;

If you experience version related issues, then please report them to support@mikrotik.com.

Winbox is available here:
http://www.mikrotik.com/download

If you try to upgrade directly from Winbox loader and version is not available, then you might need to wait for a while until cache in path between your device and our servers is refreshed.

Spidlacz · Mon May 28, 2018 11:28 am

Why does Winbox look for neighbors when running with parameters and directly connecting to a device? There is always a delay of about 2 seconds.

freemannnn · Mon May 28, 2018 12:56 pm

thank you for this aked by many forum members
*) make up/down keys select previous/next entry in address/neighbors list in connect window while login name or password fields are in focus;
*) make mouse wheel work anywere in connect window if login or password fields are in focus;

and thank you for this personal request!!!!
*) remember Romon Neighbours Table column widths;

Chupaka · Mon May 28, 2018 1:52 pm

*) make up/down keys select previous/next entry in address/neighbors list in connect window while login name or password fields are in focus;
*) make mouse wheel work anywere in connect window if login or password fields are in focus;

Sweet! Works good! Thanks!

R1CH · Mon May 28, 2018 6:50 pm

What's new in v3.14:

*) added support for new style authentication and encryption for connections to RouterOS v6.43;
*) make all connections in secure mode (all data is encrypted with AES128-CBC-SHA);
*) make winbox self upgrade check .exe signature;

Nice to see a focus on security! Does the "new style authentication" in 6.43 include router/host verification so that man in the middle attacks are no longer possible?

Chupaka · Mon May 28, 2018 7:01 pm

Does the "new style authentication" in 6.43 include router/host verification so that man in the middle attacks are no longer possible?

It doesn't. It's just new way of password hashing

SSH checks hosts.

R1CH · Mon May 28, 2018 7:05 pm

*) make winbox self upgrade check .exe signature;

I just tested this.. it checks for a signature, but not Mikrotik's signature! I sign it myself and winbox blindly runs it

https://imgur.com/7k8e09p

netflow · Mon May 28, 2018 7:43 pm

*) make winbox self upgrade check .exe signature;
I just tested this.. it checks for a signature, but not Mikrotik's signature! I sign it myself and winbox blindly runs it

https://imgur.com/7k8e09p

Is that really certificate based ? Or simply some MD5 hash ? In the later case this should not be called signature as this has nothing to do with a secure feature.

R1CH · Mon May 28, 2018 9:09 pm

*) make winbox self upgrade check .exe signature;
I just tested this.. it checks for a signature, but not Mikrotik's signature! I sign it myself and winbox blindly runs it

https://imgur.com/7k8e09p
Is that really certificate based ? Or simply some MD5 hash ? In the later case this should not be called signature as this has nothing to do with a secure feature.

It checks that the .exe has authenticode signature (certificate based), but doesn't care who the signer is. It should verify that the Mikrotik public key is used.

bajodel · Mon May 28, 2018 9:20 pm

*) make mouse wheel work anywere in connect window if login or password fields are in focus;

Now it works again ! Thanks

diablothebest · Mon May 28, 2018 9:26 pm

Works fine with CHR!

ErfanDL · Mon May 28, 2018 11:25 pm

Add dark mode please

Sent from my C6833 using Tapatalk

rzirzi · Tue May 29, 2018 7:47 am

NOT repaired problem with log displaying at high resolution screens and Windows scaling: viewtopic.php?f=2&t=134723
MikroTik team - please repair that problem.

Tue May 29, 2018 9:55 am

*) make winbox self upgrade check .exe signature;
I just tested this.. it checks for a signature, but not Mikrotik's signature! I sign it myself and winbox blindly runs it

https://imgur.com/7k8e09p
Is that really certificate based ? Or simply some MD5 hash ? In the later case this should not be called signature as this has nothing to do with a secure feature.
It checks that the .exe has authenticode signature (certificate based), but doesn't care who the signer is. It should verify that the Mikrotik public key is used.

Yes, but to be honest, I can't imagine which other legitimate organisation would go to the trouble of using their Extended Validation certificate to sign Winbox

It's not like it is simple to obtain.

Tue May 29, 2018 10:06 am

Man in the middle attack is not possible, because

*) WinBox now uses ECSRP for key exchange and authentication (requires new winbox version),
both sides now verify that other side knows password (no man in the middle attack is possible anymore);

Chupaka · Tue May 29, 2018 12:21 pm

Man in the middle attack is not possible, because

*) WinBox now uses ECSRP for key exchange and authentication (requires new winbox version),
both sides now verify that other side knows password (no man in the middle attack is possible anymore);

Nice. Can we see SRP in API login?

zyzelis · Tue May 29, 2018 12:32 pm

Add dark mode please

Sent from my C6833 using Tapatalk

+1 for dark mode. Its very useful when you are on site and laptop batery is <50%

genesispro · Tue May 29, 2018 12:43 pm

Man in the middle attack is not possible, because

*) WinBox now uses ECSRP for key exchange and authentication (requires new winbox version),
both sides now verify that other side knows password (no man in the middle attack is possible anymore);
Nice. Can we see SRP in API login?

+1

R1CH · Tue May 29, 2018 3:00 pm

*) make winbox self upgrade check .exe signature;
I just tested this.. it checks for a signature, but not Mikrotik's signature! I sign it myself and winbox blindly runs it

https://imgur.com/7k8e09p
Is that really certificate based ? Or simply some MD5 hash ? In the later case this should not be called signature as this has nothing to do with a secure feature.
It checks that the .exe has authenticode signature (certificate based), but doesn't care who the signer is. It should verify that the Mikrotik public key is used.
Yes, but to be honest, I can't imagine which other legitimate organisation would go to the trouble of using their Extended Validation certificate to sign Winbox It's not like it is simple to obtain.

I used a regular non-EV certificate to sign the example, those are easy to get and easy to buy on dark web too. A lot of malware abuses code signing certificates these days.

Tue May 29, 2018 3:06 pm

You must accept it in Windows trusted certificates first. At least in our test here it must be so.

R1CH · Tue May 29, 2018 3:11 pm

I've tested on 2 PCs, one of them is the PC which has the signing certificate and private key, the other one is a fresh Windows 10 laptop with no certificates installed. Both ran the example .exe file with no warning.

You can test it yourself, simply edit hosts file or add static DNS to point upgrade.mikrotik.com to 188.226.152.164. The example .exe is harmless, it shows only a messagebox and exits.

acung · Tue May 29, 2018 3:16 pm

I winbox to RB751U-2HnD and RB751G-2HnD via rb751gr2(romon), there is no wireless menu.

ditonet · Tue May 29, 2018 4:54 pm

I winbox to RB751U-2HnD and RB751G-2HnD via rb751gr2(romon), there is no wireless menu.

Same problem was also with previous version 3.13.

Regards,

rzirzi · Tue May 29, 2018 6:26 pm

Normis - could You tell me when will be solved problem witl Log display at WinBox and high resolution screens (with WinBox Windows scaling)?

Wed May 30, 2018 7:39 am

The problem with missing specific menu in Winbox (when connected over RoMON) is a known issue that will be fixed in upcoming Winbox/RouterOS releases. Problem is that the RoMON agent does not have this menu.

Wed May 30, 2018 8:51 am

Normis - could You tell me when will be solved problem witl Log display at WinBox and high resolution screens (with WinBox Windows scaling)?

What problem do you mean? Tell me the version of OS you have used, and how the issue manifests itself.

Chupaka · Wed May 30, 2018 11:20 am

What problem do you mean? Tell me the version of OS you have used, and how the issue manifests itself.

For example, MacOS, 120 dpi instead of 96:

Screen Shot 2018-05-30 at 11.16.18.png

The same is in Windows

Wed May 30, 2018 11:28 am

What problem do you mean? Tell me the version of OS you have used, and how the issue manifests itself.
For example, MacOS, 120 dpi instead of 96:
Screen Shot 2018-05-30 at 11.16.18.png
The same is in Windows

We have many many retina MacOS devices here, also Linux.
See attachment. No issue. Same in Log section.

Also tried other DPI settings. Still no issues. Probably Wine config problem.

Chupaka · Wed May 30, 2018 12:31 pm

I just went to winecfg, Graphics, and increased Screen Resolution

Wed May 30, 2018 12:35 pm

I just went to winecfg, Graphics, and increased Screen Resolution

How about checking actual HiDP Displays, not trying to simulate something that isn't taking place

?

Chupaka · Wed May 30, 2018 12:45 pm

Unfortunately, changing display settings is not possible over RDP, so I can't show you scaling in Windows right now

Chupaka · Wed May 30, 2018 12:47 pm

What about this post?

viewtopic.php?p=581768#p581768

Wed May 30, 2018 1:10 pm

What about this post?

viewtopic.php?p=581768#p581768

Has nothing to do with DPI, the log column sizing is a different question.

mrz · Wed May 30, 2018 1:18 pm

Windows removed display options from control panel, leaving only scaling in new settings. There are no problems with increased scaling:

winbox-dpi.png

JimmyNyholm · Wed May 30, 2018 1:24 pm

What's new in v3.14:

*) added support for new style authentication and encryption for connections to RouterOS v6.43;

Does this let us get Radius with pap work later on for winbox login (I am using OTP-Tokens there simply is nothing to do chap on so now it's impossible to login to winbox in my more secure way) Question about to be able to have setting for pap/chap in Ros has been sent to Support since a long time back. This notice makes me think there could be an openings for this later on in development cycles.

Traveller · Wed May 30, 2018 3:04 pm

mrz:

Windows removed display options from control panel, leaving only scaling in new settings. There are no problems with increased scaling:

In the new edition of Windows 10 (1803), font scaling is made more diverse. There are three options: "application, system, extended system". Sorry, windows on russian location.

1.png

On the "system / system extended" in the log fields everything is visible. But the fonts are fuzzy. On the "application", clear fonts. But you can not see the fields in the log file.

2.png

jondavy · Wed May 30, 2018 4:53 pm

the wireless menu not show and not work with this winbox

avacha · Wed May 30, 2018 4:58 pm

Normis
We have a number of remote devices with remote acces via VPN (only for support tech people). These remote devices all have same private IP as VPN router. It looks like (client 172.16.1.x) <----> (vpn router 172.16.1.1). These networks are never will be connected together, so this is not big trouble about routing. Currently it's working fine and we don't touch this, except for ROS upgrades for security reasons (all this some kind a legacy, nevermind).
But we have some problems when we trying to save winbox params for connections to these devices. Winbox uses IP as unique ID and just replace logins and notes in saved sessions. Can you just make a checkbox in winbox settings like "use Note column as primary key" or something simular? It can be disabled by default.

eddieb · Wed May 30, 2018 5:00 pm

the wireless menu not show and not work with this winbox

works fine here with winbox 3.14 to RB962 running ROS 6.42.3

Chupaka · Wed May 30, 2018 5:03 pm

the wireless menu not show and not work with this winbox

RoMON? Known and will be fixed

LatinSuD · Wed May 30, 2018 9:46 pm

Could it display a better error message when trying to connect to RouterOS 5.x?

It currently says:

ERROR: could not fetch index

Maybe something like "Remind that connecting to RouterOS 5.x or lower is not supported anymore" would be better

LatinSuD · Wed May 30, 2018 9:55 pm

On the RouterOS 5.x support issue, I know that removing support for deprecated systems is always more secure, but...
Have you considered whitelisting all previously released DLL?
It would be something like matching DLL against hardcoded hashes before installing and them.

expert · Wed May 30, 2018 11:03 pm

Winbox 3.14, but also all older versions:

How to edit such dialog window, when screen is so small? Scroll does not work.

Why aren't interfaces sorted by name?

CZFan · Thu May 31, 2018 1:42 am

Winbox 3.14, but also all older versions:

How to edit such dialog window, when screen is so small? Scroll does not work.

Why aren't interfaces sorted by name?

As a workaround you can use Terminal / CLI to make changes, but a scroll bar will be good

conrad · Thu May 31, 2018 11:54 am

Windows removed display options from control panel, leaving only scaling in new settings. There are no problems with increased scaling:

winbox-dpi.png

People have long asked to increase the size of the fields in the log by only a few pixels....
You offer them to change the usual settings of their monitors.
It's not logical to change what you're used to.

Thu May 31, 2018 11:58 am

Windows removed display options from control panel, leaving only scaling in new settings. There are no problems with increased scaling:

winbox-dpi.png
People have long asked to increase the size of the fields in the log by only a few pixels....
You offer them to change the usual settings of their monitors.
It's not logical to change what you're used to.

Like shown in the examples, there is no problem with any monitor settings. If you have a problem, maybe it is caused by something else in your PC.

jebz · Thu May 31, 2018 12:16 pm

Normis
Winbox uses IP as unique ID and just replace logins and notes in saved sessions. Can you just make a checkbox in winbox settings like "use Note column as primary key" or something simular? It can be disabled by default.

..
I've often struck this problem and would like some other field as the primary key as well. The router name or mac address would be better candidates for me.

conrad · Thu May 31, 2018 12:18 pm

Windows removed display options from control panel, leaving only scaling in new settings. There are no problems with increased scaling:

winbox-dpi.png
People have long asked to increase the size of the fields in the log by only a few pixels....
You offer them to change the usual settings of their monitors.
It's not logical to change what you're used to.
Like shown in the examples, there is no problem with any monitor settings. If you have a problem, maybe it is caused by something else in your PC.

I have no problem changing the settings.
But then I get a blurry font and the most important thing on the screen is less information.
And you have been told about this by other users many times.
Ask again.....
Is it really difficult to increase the size of the fields in the log at the repeated request of not only my but also other users ???

Traveller · Thu May 31, 2018 1:03 pm

Like shown in the examples, there is no problem with any monitor settings. If you have a problem, maybe it is caused by something else in your PC.

Like shown in the my examples, the problem exists.

td32 · Thu May 31, 2018 1:16 pm

whoever has a vertical screen resolution of 768 and below is faced with the No scroll issue. CLI is a work around, but it is still an issue in winbox

mrz · Thu May 31, 2018 4:37 pm

Like shown in the examples, there is no problem with any monitor settings. If you have a problem, maybe it is caused by something else in your PC.
Like shown in the my examples, the problem exists.

"application" disables all Windows scaling settings and only use the app developer's setting (winbox will appear in its original size) or ones with altered DPIs by other means (which of course will give weird appearance).

Choose the right settings. "System (Enhanced)" and in system->display->advanced scaling settings "Let windows try to fix apps so they're not blurry"

150% scaling and nothing in winbox is blurry

winbox-150scaling.png

Traveller · Thu May 31, 2018 6:08 pm

Choose the right settings. "System (Enhanced)" and in system->display->advanced scaling settings "Let windows try to fix apps so they're not blurry"

Yes. "System (Enhanced)" is better than "System". But "application" is better than "System (Enhanced)". In "application" font is more delicate, clear, pleasant and standard for Windows than the font in "System (Enhanced)".
"application" font

a.png

"System (Enhanced)" font

b.png

Default explorer font in Windows

c.png

mrz · Thu May 31, 2018 6:39 pm

You will not get the same look because of image scaling and post processing.

conrad · Thu May 31, 2018 7:30 pm

You will not get the same look because of image scaling and post processing.

If you remember the first beta 3.x you made it possible to change the size of the fields in the log.
In final version 3.x you have removed this possibility, promising to return it later.
Unfortunately I can't find this post but remember exactly what it was.

kewlgai · Thu May 31, 2018 8:43 pm

hello, help me find the hotspot on the gui? if i login with romon i can't find the /ip hotspot on the gui.

raffav · Thu May 31, 2018 10:55 pm

@normis
I'm getting a strange behavior I could't find a way to reproduce,
but either don't know if related to ROS 6.43RC or Winbox
in only one device a RB450G even if i put the correct pass i get error msg on winbox 3.14, I need to clear the pass and retype it and keep trying until I get access
My pass all are salved

acung · Fri Jun 01, 2018 10:37 am

I winbox to RB751U-2HnD and RB751G-2HnD via rb751gr2(romon), there is no wireless menu.
Same problem was also with previous version 3.13.

Regards,

Not happened to me with version 3.13

Kraken2k · Fri Jun 01, 2018 11:39 am

I have problem with "Reconnect" button after the connection was lost: after clicking it, the Winbox window disappear. According to log, login to router was successful, but automatically disconnected after 30 seconds. (never happened in 3.13)

chubbs596 · Fri Jun 01, 2018 12:24 pm

I have problem with "Reconnect" button after the connection was lost: after clicking it, the Winbox window disappear. According to log, login to router was successful, but automatically disconnected after 30 seconds. (never happened in 3.13)

I have seen the same issue

LatinSuD · Fri Jun 01, 2018 4:52 pm

hello, help me find the hotspot on the gui? if i login with romon i can't find the /ip hotspot on the gui.

Check that hotspot package is installed and enabled in System -> Packages.
It should be by default anyway.

andymok · Fri Jun 01, 2018 9:39 pm

Random mode switch-over quickly in Quick Set, causing settings completely wiped out before hitting any apply / ok, cancel / closed could not undo the changes either. Blocking myself complete out and router unreachable.

Forced to reset router and config Quick Set only via Webfig, then I dare to continue the rest on Winbox. Even Webfig Quick Set cannot recall the done Home Dual AP settings neither, and keeps displaying WISP AP mode, good that as long as you don't hit apply it won't change anything

Not sure whether it is winbox or RC's problem.

hAP ac
Packages / firmware ver. 6.43rc21
Winbox 3.14

vipnet · Sun Jun 03, 2018 5:59 pm

Bug use rmon,

i closed and open winbox and connect direct

i test R3.14 perssist

vipnet · Sun Jun 03, 2018 6:24 pm

I recovery control winbox after start machine Rmon IP and click disconnect,
if select advanced mode and clean Romon box work
Please Fix BUG

azatko · Mon Jun 04, 2018 3:33 pm

could not connect to old routeros (4.x, 5x) - winbox 3.12 works fine
ERROR: coud not fetch index

Chupaka · Mon Jun 04, 2018 4:43 pm

What's new in v3.13:

*) abandoned support for connecting to older RouterOS versions (older than v6), no DLLs will ever be downloaded;

erebusodora · Mon Jun 04, 2018 6:34 pm

This version 3.14 works very slowly before connecting to the router. In version 3.13 or 3.12 is connect very fast to riuter

juliokato · Tue Jun 05, 2018 12:40 am

This version 3.14 works very slowly before connecting to the router. In version 3.13 or 3.12 is connect very fast to riuter

*) make all connections in secure mode (all data is encrypted with AES128-CBC-SHA);

so it requires more CPU processing power from both sides and more information exchange.

Sves · Wed Jun 06, 2018 1:14 pm

Hello!
Please, add in Winbox a feature to copy in a clipboard the text from the section "Log".
Thank you!

R1CH · Thu Jun 07, 2018 7:18 pm

This version 3.14 works very slowly before connecting to the router. In version 3.13 or 3.12 is connect very fast to riuter
*) make all connections in secure mode (all data is encrypted with AES128-CBC-SHA);

so it requires more CPU processing power from both sides and more information exchange.

This also means you should rotate your passwords if you haven't been using secure mode, anyone on the network could have intercepted them.

Chupaka · Fri Jun 08, 2018 11:31 am

It doesn't. They weren't plaintext

k3dt · Mon Jun 11, 2018 1:02 pm

In this version is impossible to connect to RouterOS via mac-telnet over ethernet with active wifi connection on MacOS (via Crossover and Wineskin).. Version 3.13 works fine.

Benjamin9 · Tue Jun 12, 2018 10:07 am

I winbox to RB751U-2HnD and RB751G-2HnD via rb751gr2(romon), there is no wireless menu.

paolopoz · Wed Jun 13, 2018 11:38 am

Hello all!
Since today I stubmled upon a problem with Winbox 3.14: every time I try to connect to a host beyond NAT, the application get stuck saying "Downloading descriptors" and then it crashes.
This happens also on another PC on my LAN with winbox 3.14.
If I try with version 3.13 everything works fine.
Connecting to host inside the LAN works well.
I tried to clear cache and delete session files but this doesn't solve the problem.
This happens consistently across different RouterOS versions.
I reproduced it also through another connection, so it doesn't depend on our firewall or any other network equipment.
Any hint on what might be the cause? Did I catched a bug?
Thanks!

mindaugasb · Thu Jun 14, 2018 6:42 pm

Hi guys,

How can I download winbox 3.12 from official sources to be able to connect to the legacy 5.X versions?
Thus far I could only find unofficial versions in some blogs.

Is winbox available in one of the packages here: https://mikrotik.com/download/archive ?
If so - which package?

Thank you.

Chupaka · Thu Jun 14, 2018 6:52 pm

Just copy link to the current WinBox and change version to the necessary one: https://download.mikrotik.com/routeros/ ... winbox.exe

Chupaka · Sun Jun 17, 2018 10:55 pm

what downloads? what anonymity? any link?

tangram · Mon Jun 18, 2018 1:52 pm

whoever has a vertical screen resolution of 768 and below is faced with the No scroll issue. CLI is a work around, but it is still an issue in winbox

+1 - this is very annoying, please help.

Tue Jun 19, 2018 11:10 am

Winbox v3.15 has been released:
viewtopic.php?f=21&t=135874