v6.43rc [release candidate] is released!

z1022 · Sat Jun 09, 2018 1:08 pm

rc23 still have high ping time in hAP ac².

Xymox · Sun Jun 10, 2018 11:03 am

Ive lost control of LEDs from scripting. I can control them via terminal.

/system leds set leds=user-led type=off 3
/system leds set leds=user-led type=on 3

These work fine from terminal but do not work in a script.

netwpl · Mon Jun 11, 2018 10:50 am

tested winbox auth. with radius (mschapv2) interworking. works like a charm!

k3dt · Mon Jun 11, 2018 5:00 pm

Plaintext password in API login? WTF WHY? api-ssl is SLOW as hell.. please change your mind.. its a step backward.

Tue Jun 12, 2018 3:49 pm

Version 6.43rc27 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------

Other changes in this release:

*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ike1 - purge both SAs when timer expires;
*) ipsec - use monotonic timer for SA lifetime check;
*) led - added "dark-mode" functionality for hEX S devices;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added support for Quanta 1k6e modem;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) ntp - allow to specify link-local address as NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) usb - fixed power-reset for hAP ac^2 devices;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) userman - improved unique username generation process when adding batch of users;
*) w60g - added distance measurement (CLI only);
*) w60g - improved link stability;
*) w60g - improved maximum link distance;
*) wireless - improved Nv2 reliability on ARM devices;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

Tris · Tue Jun 12, 2018 5:21 pm

The issue I noted in #298 is still occurring in rc27. Is this the best place to raise possible RC bugs, or should I email support?

Tue Jun 12, 2018 11:13 pm

We are aware about this problem and will try to resolve it as soon as possible.

This is MikroTik users forum. If you want to discuss configuration, changes, etc. with other users, then use forum. If you are sure that there is a problem, then contact support@mikrotik.com directly.

Ulum · Wed Jun 13, 2018 10:57 am

Bug in 6.43rc23:

Upgrade from previous version to 6.43rc23 when you have /ip ipsec peer proposal with hash-algorithm=sha512
Open this proposal in Winbox. You will see that in Winbox it have checked md5 and sha1, but in the export it have sha512
Set hash algorithm to sha512 through Winbox, now autosup file starts generating

Is this bug fixed in 6.43rc27?

blingblouw · Wed Jun 13, 2018 11:50 am

I am still experiencing a problem with the WAP60 on this firmware.

Both client & AP running latest release.

Client connects when ap set to bridge. However when AP set to ap-bridge same client will not connect. No matter which frequency is selected (even the new 64800)

msatter · Wed Jun 13, 2018 12:05 pm

Bug in 6.43rc23:
Upgrade from previous version to 6.43rc23 when you have /ip ipsec peer proposal with hash-algorithm=sha512

Open this proposal in Winbox. You will see that in Winbox it have checked md5 and sha1, but in the export it have sha512

Set hash algorithm to sha512 through Winbox, now autosup file starts generating
Is this bug fixed in 6.43rc27?

Do you have reported this to Mikrotik and if, what is your support ticket id?

joserudi · Wed Jun 13, 2018 12:19 pm

*) wireless - improved Nv2 reliability on ARM devices;

There are no improvements in this regard, the nv2 protocol in arm devices remains unstable. It continues to have packet losses. At the moment nstreme is the best option.

Ulum · Wed Jun 13, 2018 2:47 pm

Do you have reported this to Mikrotik and if, what is your support ticket id?

Reported just now. Ticket id is 2018061322004299

roulyz · Wed Jun 13, 2018 5:09 pm

I have upgrade my SXT LTE (band 3,7), from ROS 6.42.3 to 6.43RC27.
But after upgrading... I can't get access to my SXT LTE.
Wrong username or password message.
Device is on tower so, difficult to reset device.
What is the problem?

Wed Jun 13, 2018 5:26 pm

Please read the changelog.

LeftyTs · Wed Jun 13, 2018 5:41 pm

I have upgrade my SXT LTE (band 3,7), from ROS 6.42.3 to 6.43RC27.
But after upgrading... I can't get access to my SXT LTE.
Wrong username or password message.
Device is on tower so, difficult to reset device.
What is the problem?

Try to recover with MAC telnet if possible. I had the same issue and I was lucky.

Chupaka · Wed Jun 13, 2018 6:19 pm

He simply needs new WinBox

LeftyTs · Wed Jun 13, 2018 6:44 pm

I wonder if there will ever be a *nixbox as well. Would anyone know if there is any mac telnet client for *nix systems that works with ROS?

blingblouw · Wed Jun 13, 2018 6:59 pm

Yes there is

https://github.com/haakonnessjoen/MAC-Telnet

eworm · Wed Jun 13, 2018 9:07 pm

Yes there is

https://github.com/haakonnessjoen/MAC-Telnet

But that does not yet work with RouterOS 6.43rc. I opened an issue already.
Is there an detail available about mac telnet protocol?

owsugde · Wed Jun 13, 2018 10:56 pm

*) w60g - improved link stability;
*) w60g - improved maximum link distance;

Can anyone already quantify this in some way?

I'd like to know, because two NLoS pathways I tried were ever so slightly too far / too faint as of rc21/23. Maybe after some improvements they could actually work.

Thu Jun 14, 2018 3:59 am

How could you think that 60g will work without clear line of sight?

SergeyMorozov · Thu Jun 14, 2018 9:32 am

How could you think that 60g will work without clear line of sight?

I think no.

Xymox · Thu Jun 14, 2018 9:54 am

Looks like LEDs are working from scripting. Thank you

No other issues in my SOHO testing with RC27.

kugla007 · Thu Jun 14, 2018 11:00 am

tested winbox auth. with radius (mschapv2) interworking. works like a charm!

Which RADIUS server did you use? Can you post a configuration example?

EDIT: Nevermind, I managed to get it working.

roulyz · Thu Jun 14, 2018 11:50 am

He simply needs new WinBox

I running lastest version Winbox 3.14.
But problem still

roulyz · Thu Jun 14, 2018 11:51 am

Please read the changelog.

I have read many many time changelog and nothing explicit about solution or notice about this problem

mlenhart · Thu Jun 14, 2018 10:10 pm

*) w60g - added distance measurement (CLI only);
*) w60g - improved link stability;
*) w60g - improved maximum link distance;

1) distance mesurement in CLI is here since rc19. Has it been improved somehow? Or what is the difference?
3) what is the new maximum link distance for WAP60 and LHG60?

2) I have a 10 meters long test link between 2 LHG60s (YES, I know it too little for LHG60 and can be clearly solved by wireless wire, but unfortunately I do not have possibility for longer distance for testing at the moment and it will be used for 500m "production" link in the near future) and I have to say that link flaps approximately 5 times per day (no rain, no wind, nothing breaking the clear line of sight, no birds flying, no obvious reason for link flap). Can be caused just by the fact it too close to each other? Or is it something what should be checked by MikroTik (maybe a kind of bug)? The link is under continuous iperf3 bi-directional test, where two servers with 1Gbit/s NICs at the end. Result is somewhere between 800-870 Mbit/s for bi-directional TCP connection and PING is somewhere between 5 to 15 ms.

OnixJonix · Fri Jun 15, 2018 8:56 am

Big problem...
Updated Mys CCR (to 6,43rc27) an now stucked outside! All is running but cant connect - wrong username or password??? A bit of PANIC!!!

------------------
Sorry! Had two winbox on my pc!! Just need new winbox! Sorry!

Kindis · Fri Jun 15, 2018 9:17 am

Big problem...
Updated Mys CCR (to 6,43rc27) an now stucked outside! All is running but cant connect - wrong username or password??? A bit of PANIC!!!

------------------
Sorry! Had two winbox on my pc!! Just need new winbox! Sorry!

You need Winbox 3.14

Fri Jun 15, 2018 1:27 pm

Version 6.43rc29 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------

Other changes in this release:

*) dhcp - reduced resource usage of DHCP services;
*) ipsec - improved reliability on IPsec hardware encryption for RB1100Dx4;
*) led - added "dark-mode" functionality for SXTsq 5 ac devices;
*) led - use routers uptime as a starting point when turning off LEDs if option was not enabled on boot;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) w60g - improved maximum link distance;
*) w60g - improved RAM memoy allocation processes;
*) wireless - improved Nv2 reliability on ARM devices;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

Fri Jun 15, 2018 3:06 pm

1) distance mesurement in CLI is here since rc19. Has it been improved somehow? Or what is the difference?
3) what is the new maximum link distance for WAP60 and LHG60?

2) I have a 10 meters long test link between 2 LHG60s (YES, I know it too little for LHG60 and can be clearly solved by wireless wire, but unfortunately I do not have possibility for longer distance for testing at the moment and it will be used for 500m "production" link in the near future) and I have to say that link flaps approximately 5 times per day (no rain, no wind, nothing breaking the clear line of sight, no birds flying, no obvious reason for link flap). Can be caused just by the fact it too close to each other? Or is it something what should be checked by MikroTik (maybe a kind of bug)? The link is under continuous iperf3 bi-directional test, where two servers with 1Gbit/s NICs at the end. Result is somewhere between 800-870 Mbit/s for bi-directional TCP connection and PING is somewhere between 5 to 15 ms.

1) Yes, there are some improvements - mostly stability
3) We are still working on distance improvements - currently no exact distance date available

2) Too much power, try to remove reflector and turn them in different directions.
There are some improvements in rc 29 as well that may fix this

roulyz · Fri Jun 15, 2018 4:51 pm

Big problem...
Updated Mys CCR (to 6,43rc27) an now stucked outside! All is running but cant connect - wrong username or password??? A bit of PANIC!!!

------------------
Sorry! Had two winbox on my pc!! Just need new winbox! Sorry!

MIKROTIK please how can we solve this problem?

Chupaka · Fri Jun 15, 2018 4:53 pm

As you can read from your quote, the problem was solved by updating WinBox to the latest version.

Haward · Sun Jun 17, 2018 7:24 pm

Can somebody please recommend stable SW for wireless wire wAP60G ? I have tried many but all are unstable ? (jam after couple of days = hard reset is necessary). It is probably linked with hot weather ... Thank you.

Mon Jun 18, 2018 9:59 am

Can somebody please recommend stable SW for wireless wire wAP60G ? I have tried many but all are unstable ? (jam after couple of days = hard reset is necessary). It is probably linked with hot weather ... Thank you.

Please provide more details to support@mikrotik.com

Mon Jun 18, 2018 10:03 am

I am still experiencing a problem with the WAP60 on this firmware.

Both client & AP running latest release.

Client connects when ap set to bridge. However when AP set to ap-bridge same client will not connect. No matter which frequency is selected (even the new 64800)

Do You have level4 license on Bridge device?

blingblouw · Mon Jun 18, 2018 10:18 am

Yes I do

Jaxworld · Mon Jun 18, 2018 10:43 am

We updated our CCR1016-12G and our network seems to be inverted! We can't tell if it's running default configurations somehow, but our whole network is running in a degraded state.

Chupaka · Mon Jun 18, 2018 10:49 am

Congratulations. Now you know that RC versions must not be installed in production environments.

Rollback to the 'current' or 'bugfix' version and be happy.

Jaxworld · Mon Jun 18, 2018 10:55 am

Sorry, I misread the title. We're actually running 6.42.3 with this issue after discovering a vulnerability in 6.35.2. My apologies.

Chupaka · Mon Jun 18, 2018 11:49 am

Then post details of your problem in appropriate topic.

Tue Jun 19, 2018 12:45 pm

Version 6.43rc32 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
----------------------

Other changes in this release:

!) winbox - minimal required version is v3.15;
*) api - properly classify API sessions in log;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) chr - enabled promiscious mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) export - do not show w60g password on "hide-sensitive" type of export;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) lte - show UICC in correct format for SXT LTE devices;
*) romon - properly classify RoMON sessions in log and active users list;
*) w60g - improved maximal achievable distance;
*) w60g - properly report center status under "tx-sector-info";

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

mlenhart · Tue Jun 19, 2018 1:32 pm

*) w60g - improved maximal achievable distance;

what is the new maximum distance for wAP60g and LHG60G?

owsugde · Tue Jun 19, 2018 1:40 pm

How could you think that 60g will work without clear line of sight?

That's just wireless PHY basics. The smaller the wavelength gets, the penetrative wave properties decrease rapidly but the reflective ones increase. Think low/medium frequency ≈ broadcast radio (goes literally straight through the ground), very high frequency ≈ visible light (is reflected almost 100% on mirrors or white objects). This is basically the point for having beamforming, too.

You can try it out yourselves. In the office or at home, put two W60s somewhere in the back of different rooms (with the doors open) and even point them in opposite directions. A connection will be established nonetheless in many cases. In the CLI, you will be able to see a connection length considerably longer than the "beeline" distance between the two devices. What you are witnessing is NLoS propagation.

All that said, I have tried out the benefits from rc27 myself. It got me up to 2dB better RSSI for NLoS setups. Not quite enough to get the "big" route going, but it's something. Eager to try out the new rc32. It would just be so neat if I could go NLoS, without having to put a small relay with two additional W60s in the middle.

genesispro · Tue Jun 19, 2018 2:19 pm

I upgraded to 6.43rc32 and even using winbox 3.15 login fails!

zyzelis · Tue Jun 19, 2018 2:24 pm

I upgraded to 6.43rc32 and even using winbox 3.15 login fails!

look for problem on your network, for me works fine.

genesispro · Tue Jun 19, 2018 2:33 pm

I am directly attached to it and still it doesn't work

I upgraded to 6.43rc32 and even using winbox 3.15 login fails!
look problem on your network, for me works fine.

genesispro · Tue Jun 19, 2018 3:13 pm

I reset it and now it works...
weird because the password is saved as a favorite in winbox so I wasn't typing anything wrong earlier... and right before the update I used the same favorite to login to it and update it!

zyzelis · Tue Jun 19, 2018 3:29 pm

I reset it and now it works...
weird because the password is saved as a favorite in winbox so I wasn't typing anything wrong earlier... and right before the update I used the same favorite to login to it and update it!

i have observed this weird issue with password in earlier rc. i just changed password before upgrade and not logged in after upgrade with new one, just with old.

zyzelis · Tue Jun 19, 2018 3:32 pm

Version 6.43rc32 has been released.

*) dude - fixed client auto upgrade (broken since 6.43rc17);

still need to upgrade dude client manually. Client crashes after each upgrade via client ui

Tue Jun 19, 2018 4:36 pm

Version 6.43rc32 has been released.

*) dude - fixed client auto upgrade (broken since 6.43rc17);
still need to upgrade dude client manually. Client crashes after each upgrade via client ui

Thank you for a report, but can you please confirm that your Dude client (executed with the administrator rights) auto upgrade was working before 6.43rc17, and does not work in 6.43rc32 ?

Tue Jun 19, 2018 7:52 pm

Just sidenote. I don't run dude client with admin rights, only the installer, if necessary.

pe1chl · Tue Jun 19, 2018 8:54 pm

IP->Cloud has disappeared from menu in WebFig and WinBox.

Wed Jun 20, 2018 12:56 am

Maybe good way finally.

juliokato · Wed Jun 20, 2018 2:46 am

Wed Jun 20, 2018 7:36 am

pe1chl - Can you provide supout file from RouterBOARD that does not show IP/Cloud menu on GUI?

zyzelis · Wed Jun 20, 2018 8:38 am

Version 6.43rc32 has been released.

*) dude - fixed client auto upgrade (broken since 6.43rc17);
still need to upgrade dude client manually. Client crashes after each upgrade via client ui
Thank you for a report, but can you please confirm that your Dude client (executed with the administrator rights) auto upgrade was working before 6.43rc17, and does not work in 6.43rc32 ?

So thats the trick

Yes, with "launch as administrator" dude client updates as expected. But is this "feature" documented somewhere? Because if i load exe "as administrator" i need to enter credentials like first time.
Another hint - winbox does not require to start "as administrator" when upgrading it.

pe1chl · Wed Jun 20, 2018 12:12 pm

pe1chl - Can you provide supout file from RouterBOARD that does not show IP/Cloud menu on GUI?

It is a CHR. Apparently it does not have IP Cloud, but I noticed that only because I wanted to have a look at it after reading change notes.

pe1chl · Wed Jun 20, 2018 12:55 pm

Please fix "/system check-installation" so that it does not only validate the expected installation, but also detects and optionally removes files that should not be there.

E.g. after updating CCR from 6.42.1 a lot of diskspace is lost and "/system check-installation" should identify the file(s) and delete them.

oortega · Sat Jun 23, 2018 2:45 am

@antonsb I upgrade from v6.43RC21 to 6.43.RC32 and login by API works with old method login.
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login

6.43.RC32 will work with the new and previous login?

Thanks

Mon Jun 25, 2018 1:43 pm

Version 6.43rc34 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------

Other changes in this release:

!) cloud - added IPv6 support;
*) console - do not show spare parameters on ping command;
*) crs317 - properly report link state when one link interface is disabled;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) dhcpv4-client - fixed double ACK packet handling;
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) led - fixed LED default configuration for LtAP mini;
*) lte - added eNB ID to info command;
*) ssh - allow to use "diffie-hellman-group1-sha1" on TILE and x86 devices with "strong-crypto" disabled;
*) supout - added "w60g" section to supout file;
*) watchdog - added "ping-timeout" setting (CLI only);
*) winbox - show "sector-writes" on ARM routers that has such counters;
*) winbox - show "System/Health" only on boards that have health monitoring;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

server8 · Tue Jun 26, 2018 9:12 am

Strods any change to se the NV2 issue fixed with arm devices?

Tue Jun 26, 2018 2:40 pm

What kind of issue are you referring to? Have you contacted support directly to see if problem is not caused by configuration or something that can be adjusted in order to resolve the issue?

server8 · Tue Jun 26, 2018 2:50 pm

I have sent an email to support without answer 19.06.2018 10:48

Here you can find some info viewtopic.php?f=7&t=136002 from me and other user

honzam · Tue Jun 26, 2018 9:01 pm

What kind of issue are you referring to? Have you contacted support directly to see if problem is not caused by configuration or something that can be adjusted in order to resolve the issue?

There is other topic with problems ARM and NV2 - viewtopic.php?f=7&t=128916&p=670546#p669811
Yes, we have opened ticket with this problem - #2018042522004921
Last answer from support 13.6.2018. No solution yet

jriera · Wed Jun 27, 2018 12:42 am

*) tile - fixed Ethernet interfaces becoming unresponsive;

I have a very strange problem with a CCR1072. Suddenly there are IP addresses that stop responding, some work and others do not... within the same broadcast (L2) -no routing apply-. There is no problem of firewall or similar, by ARP the MAC is seen, but communication is simply lost... until a reboot is made and everything works again. It has happened to me twice in the last week. With the 6.42.1. Does this changelog correct this problem or similar?

The problem happens in an 802.3ad bonding interface with vlans on it. At the other end there is a CRS317-1G-16S switch. Even if I restart the switch, it does not recover the communication... I must restart the CCR1072.

We have the same problem, with the eactly same scenario. A CCR1072 with CRS317 and bonding 802.3ad. It has happened to us many times, communication is lost in L2. One way to recover it without restarting the CCR1072 is by simply deactivating the bonding and moving the VLANs to one of the two interfaces... then the ICMP will work again.

So my big question is: Is it the problem in CRS317 or in CCR1072, or maybe the mix of both? I think it has some relationship with bonding...

I hope that with 6.43 this is solved, it is causing us many problems!

Wed Jun 27, 2018 7:28 am

So my big question is: Is it the problem in CRS317 or in CCR1072, or maybe the mix of both? I think it has some relationship with bonding...

We have about 30 x CCR's installed in exactly this fashion, Bonding interface with LACP to a switch (Extreme x620/x670 and Juniper EX4550) and have not experienced this problem, we have been running this configuration successfully for over 5 years now from 6.0rc5 to 6.40.8

So either the problem is in RouterOS newer than 6.40.8 or it is something specific to the CRS317

I hope this helps you.

docmarius · Wed Jun 27, 2018 8:57 pm

Still no joy for RG11e-LTE with RB912UAG

pcjc · Fri Jun 29, 2018 8:45 pm

Do you guys have an ETA for an updated Android TikApp (or beta version), to match the 6.43rc series authentication / login changes?

pe1chl · Fri Jun 29, 2018 8:50 pm

Thank you very much for the reports about issues with space, next RouterOS version will fix the issue.
Meanwhile this package can be used to clear space on your router,

This fix has a problem, it ruins the installation. When you have only one partition, it means netinstall.

msatter · Fri Jun 29, 2018 10:19 pm

Do you guys have an ETA for an updated Android TikApp (or beta version), to match the 6.43rc series authentication / login changes?

The current Beta version does match the 6.43rc changes for my device.

v0.0.68 • Fixed login issues on some devices

Sat Jun 30, 2018 1:25 pm

We are very sorry for any inconvenience caused. Fix package for missing storage space has been temporary removed and will soon be updated to patched version.

Mon Jul 02, 2018 1:58 pm

We are sorry for any issues caused by the previous package, we uploaded new packages, that will work fine on any router.

Package updated 07/02/2018
To fix storage issue on your router, use package from the link,
https://www.mikrotik.com/download/share/fix_space.npk
- upload package to your router;
- run /system reboot

Xymox · Tue Jul 03, 2018 2:35 am

Can the next RC include the fix for the space issue ?

I want to be able to clean the router with the above patch then I want to install a version that does not have the issue that created the lack of space.

Thansk again for the fix and for the clean up patch.

Tue Jul 03, 2018 11:46 am

Version 6.43rc40 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------

Other changes in this release:

!) cloud - added support for licensed CHR instances (including trial);
*) bridge - properly handle packets when bridge port changes states
*) crs317 - properly report link state when one side has disabled interface;
*) ethernet - properly handle Ethernet interface default configuration;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) snmp - added CAPsMAN "remote-cap" table;
*) supout - added "ip-cloud" section to supout file;
*) usb - fixed modem initialisation on LtAP mini;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) w60g - do not reset interface after adding comment;
*) watchdog - added "ping-timeout" setting;
*) winbox - show "sector-writes" on devices that have such counters;
*) winbox - show "Switch" menu on hAP ac^2 devices;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

raffav · Tue Jul 03, 2018 12:51 pm

Wow
Nice update..
That why I like mk always improving...

Sent from my XT1580 using Tapatalk

joserudi · Tue Jul 03, 2018 4:31 pm

*) userman - fixed compatibility with PayPal TLS 1.2;

Paypal works perfectly now. Many thanks.

mstead · Tue Jul 03, 2018 8:01 pm

WARNING!!! This version 6.43rc40 just bricked two RBSXTsq5HPnD units I was testing it with. Software upgrade went fine from the factory installed 6.40.4 but then the firmware upgrade bricked the units. Netinstall currently underway.

SergeyMorozov · Tue Jul 03, 2018 9:04 pm

WARNING!!! This version 6.43rc40 just bricked two RBSXTsq5HPnD units I was testing it with. Software upgrade went fine from the factory installed 6.40.4 but then the firmware upgrade bricked the units. Netinstall currently underway.

I'm successfully upgraded a hAp ac2.

mstead · Tue Jul 03, 2018 9:10 pm

WARNING!!! This version 6.43rc40 just bricked two RBSXTsq5HPnD units I was testing it with. Software upgrade went fine from the factory installed 6.40.4 but then the firmware upgrade bricked the units. Netinstall currently underway.
I'm successfully upgraded a hAp ac2.

hAp ac2 is not a RBSXTsq5HPnD - also this may depend on what ROS version is being upgraded from. I am happy that you have not had a problem. However I can recreate this bricking process by taking another unit off the shelf

Netinstall does recover the unit and even allowed v6.43rc40 to be loaded - so this is a fault of the upgrade process.

SergeyMorozov · Tue Jul 03, 2018 10:03 pm

WARNING!!! This version 6.43rc40 just bricked two RBSXTsq5HPnD units I was testing it with. Software upgrade went fine from the factory installed 6.40.4 but then the firmware upgrade bricked the units. Netinstall currently underway.
I'm successfully upgraded a hAp ac2.
hAp ac2 is not a RBSXTsq5HPnD - also this may depend on what ROS version is being upgraded from. I am happy that you have not had a problem. However I can recreate this bricking process by taking another unit off the shelf

Netinstall does recover the unit and even allowed v6.43rc40 to be loaded - so this is a fault of the upgrade process.

This also may depend on the configuration of the device.

mstead · Wed Jul 04, 2018 12:22 am

This also may depend on the configuration of the device.

That was a valid point - however I just tested another fresh unit from the same batch which was fully reset with no defaults and I can confirm it is also bricked.

So once again - BEWARE!!!! v6.43rc40 can brick your device - PLEASE CHECK before doing any remote testing.

sindy · Wed Jul 04, 2018 9:40 am

It has been stated multiple times here that most of the upgrade process is performed by the old version from which you upgrade. So if you in all cases upgraded from 6.40.4., the issue may also be that one, not the 6.43rc40.

mstead · Wed Jul 04, 2018 2:16 pm

It has been stated multiple times here that most of the upgrade process is performed by the old version from which you upgrade. So if you in all cases upgraded from 6.40.4., the issue may also be that one, not the 6.43rc40.

Yeah well that doesn't change the value of the warning that I am giving - especially as the units in question came factory shipped with 6.40.4. Also saying that you cannot upgrade from an older version because of problems in the older version is kinda crazy

So

pe1chl · Wed Jul 04, 2018 2:37 pm

Try to upgrade the 6.40.4 first to the current version (6.42.5) and then upgrade to 6.43rc from there.

sindy · Wed Jul 04, 2018 2:45 pm

saying that you cannot upgrade from an older version because of problems in the older version is kinda crazy

Well, saying it is not crazy, the fact that it happens for some versions is a different question

But this warning has been published by Mikrotik staff in earlier topics here, the only thing I'm far from sure is whether 6.40.4 is affected by that issue or not.

mstead · Wed Jul 04, 2018 4:04 pm

Try to upgrade the 6.40.4 first to the current version (6.42.5) and then upgrade to 6.43rc from there.

I did - and that does work

Well, saying it is not crazy, the fact that it happens for some versions is a different question

That comment made me smile

Nando_lavras · Wed Jul 04, 2018 4:21 pm

WARNING!!! This version 6.43rc40 just bricked two RBSXTsq5HPnD units I was testing it with. Software upgrade went fine from the factory installed 6.40.4 but then the firmware upgrade bricked the units. Netinstall currently underway.

Same for me, but on a CRS328, upgrade is fine, but when i upgraded the routerboot and rebooted the system not load anymore, i do it a netinstall and recovered the board.

emils · Wed Jul 04, 2018 4:48 pm

Thank you very much for your report. Looks like the next system reboot after upgrading RouterOS directly from pre-6.41 versions to the latest release-candidate version causes the kernel to disappear on devices with flash memory. We will try to resolve the issue in the next release-candidate version. It is safe to upgrade from 6.41 and later versions.

Thu Jul 05, 2018 10:52 am

Version 6.43rc42 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------

Other changes in this release:

!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
*) check-installation - improved system integrity checking;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - improved balooning process;
*) chr - reduced RAM memory required per interface;
*) defconf - fixed bridge default configuration for SOHO devices with more than 9 Ethernet interfaces;
*) health - improved speed of health measurement readings;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) snmp - fixed w60g "phy-rate" readings;
*) w60g - general stability and performance improvements;
*) winbox - added 64,6 GHz frequency to w60g interface frequency settings;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

Xymox · Thu Jul 05, 2018 11:50 am

"*) package - free up used storage space consumed by old RouterOS upgrades;"

Awesome ! thank you.. I will test and report back.

amokkatmt · Thu Jul 05, 2018 12:04 pm

...
!) cloud - added IPv6 support;
...

How to see it in action?

npero · Thu Jul 05, 2018 1:36 pm

wAP60G 240m link updated from rc32 to rc42, client not connecting any more in scan see signal but not connecting, back to 6.42.5 it is working again, but seem to me it is not stable as has been in 6.42.1.

Also please check scan for frequency 64800 seems to me it is not scanning that frequency when click scan button.

Thu Jul 05, 2018 1:52 pm

wAP60G 240m link updated from rc32 to rc42, client not connecting any more in scan see signal but not connecting, back to 6.42.5 it is working again, but seem to me it is not stable as has been in 6.42.1.

Also please check scan for frequency 64800 seems to me it is not scanning that frequency when click scan button.

Fixes for connecting issues will be included in next RC version

notToNew · Thu Jul 05, 2018 2:03 pm

WARNING!!! This version 6.43rc40 just bricked two RBSXTsq5HPnD units I was testing it with. Software upgrade went fine from the factory installed 6.40.4 but then the firmware upgrade bricked the units. Netinstall currently underway.

Had the same with my HAP AC2. Had no time to look for a fix, did you need netinstall?

Thu Jul 05, 2018 3:10 pm

A little bug, When running 6.43rc42 on a cAP AC running "/system health print" outputs nothing, and the health menu is gone from WinBox.

msatter · Thu Jul 05, 2018 6:56 pm

A little bug, When running 6.43rc42 on a cAP AC running "/system health print" outputs nothing, and the health menu is gone from WinBox.

In RC34; *) winbox - show "System/Health" only on boards that have health monitoring. I don't know if the cAP AC does support health.

sutrus · Thu Jul 05, 2018 7:01 pm

Bug DHCP in RC42. It's a pioneer reciver. All other network devices are OK.

17:26:49 dhcp,info dhcp-server assigned 192.168.1.4 to 74:5E:1C:32:14:C3 
17:27:17 dhcp,info dhcp-server deassigned 192.168.1.4 from 74:5E:1C:32:14:C3 
17:27:17 dhcp,info dhcp-server assigned 192.168.1.4 to 74:5E:1C:32:14:C3 
17:27:41 dhcp,info dhcp-server deassigned 192.168.1.4 from 74:5E:1C:32:14:C3 
17:27:41 dhcp,info dhcp-server assigned 192.168.1.4 to 74:5E:1C:32:14:C3 
17:28:08 dhcp,info dhcp-server deassigned 192.168.1.4 from 74:5E:1C:32:14:C3 
17:28:08 dhcp,info dhcp-server assigned 192.168.1.4 to 74:5E:1C:32:14:C3 
17:28:35 dhcp,info dhcp-server deassigned 192.168.1.4 from 74:5E:1C:32:14:C3 
17:28:35 dhcp,info dhcp-server assigned 192.168.1.4 to 74:5E:1C:32:14:C3 
17:29:03 dhcp,info dhcp-server deassigned 192.168.1.4 from 74:5E:1C:32:14:C3 
17:29:03 dhcp,info dhcp-server assigned 192.168.1.4 to 74:5E:1C:32:14:C3 
17:29:30 dhcp,info dhcp-server deassigned 192.168.1.4 from 74:5E:1C:32:14:C3 
17:29:30 dhcp,info dhcp-server assigned 192.168.1.4 to 74:5E:1C:32:14:C3 
17:29:57 dhcp,info dhcp-server deassigned 192.168.1.4 from 74:5E:1C:32:14:C3 
17:29:57 dhcp,info dhcp-server assigned 192.168.1.4 to 74:5E:1C:32:14:C3 
17:30:24 dhcp,info dhcp-server deassigned 192.168.1.4 from 74:5E:1C:32:14:C3 
17:30:24 dhcp,info dhcp-server assigned 192.168.1.4 to 74:5E:1C:32:14:C3 
17:30:49 dhcp,info dhcp-server deassigned 192.168.1.4 from 74:5E:1C:32:14:C3 
17:30:49 dhcp,info dhcp-server assigned 192.168.1.4 to 74:5E:1C:32:14:C3 
17:31:16 dhcp,info dhcp-server deassigned 192.168.1.4 from 74:5E:1C:32:14:C3 
17:31:16 dhcp,info dhcp-server assigned 192.168.1.4 to 74:5E:1C:32:14:C3 
17:31:46 dhcp,info dhcp-server deassigned 192.168.1.4 from 74:5E:1C:32:14:C3 
17:31:46 dhcp,info dhcp-server assigned 192.168.1.4 to 74:5E:1C:32:14:C3 
17:32:12 dhcp,info dhcp-server deassigned 192.168.1.4 from 74:5E:1C:32:14:C3

LeftyTs · Thu Jul 05, 2018 7:10 pm

I am having a dhcp problem also with VLANs. One of the voip devices gets an IP from a different dhcp-server VLAN every time I reset the switch. If I reset the device after then dhcp assigns proper IP. I will be sending a supout to support about this.

irghost · Thu Jul 05, 2018 9:22 pm

[admin@MikroTik] /ip cloud> print 
  ddns-enabled: yes
   update-time: no
        status: connecting...

on CHR last build

mlenhart · Thu Jul 05, 2018 9:52 pm

wAP60G 240m link updated from rc32 to rc42, client not connecting any more in scan see signal but not connecting, back to 6.42.5 it is working again, but seem to me it is not stable as has been in 6.42.1.

Also please check scan for frequency 64800 seems to me it is not scanning that frequency when click scan button.
Fixes for connecting issues will be included in next RC version

I can confirm, LHG60 does not connect for more than few seconds, still disconnecting and reconnecting. Back on 6.42.5 - works again OK.

mistry7 · Thu Jul 05, 2018 11:19 pm

wAP60G 240m link updated from rc32 to rc42, client not connecting any more in scan see signal but not connecting, back to 6.42.5 it is working again, but seem to me it is not stable as has been in 6.42.1.

Also please check scan for frequency 64800 seems to me it is not scanning that frequency when click scan button.
Fixes for connecting issues will be included in next RC version
I can confirm, LHG60 does not connect for more than few seconds, still disconnecting and reconnecting. Back on 6.42.5 - works again OK.

same here

CoMMyz · Fri Jul 06, 2018 1:09 am

If you remove the w60g interface from getting added to bridge, the link works. otherwise it reconnects constantly.

Please fix

LeftyTs · Fri Jul 06, 2018 1:21 am

I wonder if the same limitations and/or problems apply to LHGG-60ad. Anyone installed them? We are expecting a pair of those and I was wondering what would be the best stable ROS for it. It will be a production link so stability is a must.

Fri Jul 06, 2018 7:05 am

amokkatmt - If your router can reach cloud server over IPv6, then Cloud should resolve to IPv6 address instead of IPv4. That happens automatically;
npero, mlenhart, mistry7, CoMMyz - Improvements on this version have had some side affects that will be resolved in upcoming rc releases;
notToNew - Problem was present because upgrade was made directly from pre-6.41 release. With rc42 upgrade from these versions should work just fine regarding this matter;
nz_monkey, msatter - This device does not have anything to show under System/Health menu. As you can see, this product does not have anything listed under "Other" as a monitoring tool (https://mikrotik.com/product/cap_ac), but for example, this one does (https://mikrotik.com/product/RB1100Dx4);
sutrus, LeftyTs - Please contact support@mikrotik.com regarding this matter;
irghost - Can you reach cloud.mikrotik.com from your device? I recommend that you contact support@mikrotik.com;
LeftyTs - Do not ever use an rc version on important devices. Rc versions are released strictly for testing purposes (for your test labs, not for real life scenarios).

eworm · Fri Jul 06, 2018 8:08 am

amokkatmt - If your router can reach cloud server over IPv6, then Cloud should resolve to IPv6 address instead of IPv4. That happens automatically;

Does it resolve to IPv6 address exclusively then? That would be a real issue for be, because I have devices connected via dual stack, but connect to them from IPv4-only networks.

mlenhart · Fri Jul 06, 2018 10:11 am

I wonder if the same limitations and/or problems apply to LHGG-60ad. Anyone installed them? We are expecting a pair of those and I was wondering what would be the best stable ROS for it. It will be a production link so stability is a must.

6.42.5 (latest current till now) works OK for me.

Fri Jul 06, 2018 10:12 am

At the moment RouterOS tries to resolve cloud2.mikrotik.com IPv4 and IPv6 addresses. After that tries to reach IPv4 server, if server is reachable over IPv4, then this address will be used. if IPv4 server is not reachable, then try to use IPv6. At the moment IPv6 cloud is used as a fallback.

Chupaka · Fri Jul 06, 2018 12:39 pm

So, if RouterOS connects to the Cloud via IPv4 address, it adds 'A' record, and via IPv6 it adds 'AAAA' record? Can we have adding both records, or at least force A record to be added? I have ipip tunnels between routers, and I don't think they will work if address changes from A to AAAA after upgrade/reboot...

nescafe2002 · Fri Jul 06, 2018 12:43 pm

Fallback? That's worrying.. I'd rather have IPv6 as an optional feature.

I'm hosting several services on IPv4 endpoints (NATted to internal servers, DNS entry CNAME'd to mynetname.net).
Some services could be hosted via IPv6, but they'd have different IPv6 address (no IPv6 NAT possible).
Some services cannot be hosted via IPv6.

If cloud update fails somehow, I'd rather have the old IPv4 entry stay the same than to suddenly have an IPv6 address which would break all of the hosted-behind-the-MT services.

nkourtzis · Tue Jul 10, 2018 1:00 pm

I would better have two separate checkboxes in /ip cloud, one for IPv4 and one for IPv6. Depending on which option is checked, DNS records for the automatically generated FQDN should be created for the IPv4 address, the IPv6 address or BOTH. Even better, have two automatically generated FQDNs, one with a "-ip4" and one with "-ip6" suffixes after the serial number and associate each with the respective address.

mkx · Tue Jul 10, 2018 7:48 pm

Even better, have two automatically generated FQDNs, one with a "-ip4" and one with "-ip6" suffixes after the serial number and associate each with the respective address.

Why do you think two DNS names (one with A record and one with AAAA record) is better than having one DNS name with both A and AAAA records?

sindy · Tue Jul 10, 2018 7:55 pm

Because that way you can explicitly choose using which protocol you want to connect to the device by choosing the corresponding domain name

nkourtzis · Wed Jul 11, 2018 11:58 am

Even better, have two automatically generated FQDNs, one with a "-ip4" and one with "-ip6" suffixes after the serial number and associate each with the respective address.
Why do you think two DNS names (one with A record and one with AAAA record) is better than having one DNS name with both A and AAAA records?

Because if for example you have a network with different restrictions for IPv4 and IPv6, you can explicity choose which protocol to use to manage the devices, instead of the device deciding for you.

Thu Jul 12, 2018 2:08 pm

Version 6.43rc44 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------

Other changes in this release:

*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) lte - added support for alternative SIM7600 PID;
*) sms - improved reliability on SMS reader;
*) w60g - temporary disabled distance measurement feature;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

pe1chl · Thu Jul 12, 2018 2:53 pm

*) dhcpv6 - improved reliability on IPv6 DHCP services;

Please do not post change notes like that!
Is it another security issue? Is it recommended to update and/or are there workarounds for issues?

Thu Jul 12, 2018 2:56 pm

If dhcpv6 was not working reliably for you then upgrade.

pe1chl · Thu Jul 12, 2018 3:11 pm

In previous cases when such change notices were posted it became clear later that in fact there was a security problem that was being covered up.
(e.g. some buffer overrun with potential code execution, like in the webserver and the smb server)
Somewhat later the same fix appeared as a current version and everyone was urged to upgrade.
Later when all hell broke loose, we were referred back to the update we should have done because it was recommended, all "to improve reliability".

Thu Jul 12, 2018 10:55 pm

Not all of the problems can be summarized in one sentence. Or the cause of the problem can lead up to different consequences. Sometimes end-user even can not see software issue and that can be seen in supout file only by MikroTik staff. For example, DHCPv6 issue could lead to DHCPv6 service crash (can be seen only by MikroTik staff) and IPv6 services could not work or work incorrectly.

As you can see in 6.43rc release - we are improving changelog so important notes would be more noticeable. Also, for example, Winbox vulnerability issue was mentioned in changelog and special topics were made.

Cha0s · Fri Jul 13, 2018 12:57 am

For example, DHCPv6 issue could lead to DHCPv6 service crash (can be seen only by MikroTik staff) and IPv6 services could not work or work incorrectly.

Could this, by any remote chance, be related to the issue described here?
DHCP is installed/enabled but not used at all on both ipv4/ipv6.

msatter · Fri Jul 13, 2018 3:01 am

I agree that the release notes have improved much with the extra information. Then we have the ticket system that and it often unclear if a ticket is solved and I have written several time that a bug was not solved for me and then the line in the release notes was for an other bug in the same part of RouterOS.

If we could see if the ticket is resolved or still waiting, it would be great.

Fri Jul 13, 2018 6:42 am

Cha0s - It is not possible to answer your question without seeing supout file from your router. As you know - if you think that there is a software issue on your router, then contact support@mikrotik.com.

pe1chl · Fri Jul 13, 2018 10:57 am

As you can see in 6.43rc release - we are improving changelog so important notes would be more noticeable. Also, for example, Winbox vulnerability issue was mentioned in changelog and special topics were made.

Yes, it has certainly improved! good to see that warnings like that are now also visible when doing the one-click-upgrade from the router itself. Lots of people never look here so they do not see the warnings about winbox versions when they are not in the changelog.
There still could be some improvement in the clarity of one-line changelog notices, especially when using words like "reliability" that in the past have been used where "security" should actually have been written.

eworm · Fri Jul 13, 2018 6:32 pm

*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);

So encryption=rc4 is the old behaviour, encryption=aes-sha256 is the new one? What is the default if I do not specify the option?

Fri Jul 13, 2018 6:35 pm

default now is aes-sha256

abcde · Mon Jul 16, 2018 12:00 am

Are you still working on hAP ac2's WiFi performance? I use laptop with Intel 7260 and WiFi performance is very poor (it fluctuates a lot within a huge range between 20 KB/s and 9 MB/s with average around 500 KB/s. The same laptop achieves 250 Mbit (which is what I pay for) when I use router provided by ISP (both stay almost in the same place).

Mon Jul 16, 2018 11:32 am

Are you still working on hAP ac2's WiFi performance? I use laptop with Intel 7260 and WiFi performance is very poor (it fluctuates a lot within a huge range between 20 KB/s and 9 MB/s with average around 500 KB/s. The same laptop achieves 250 Mbit (which is what I pay for) when I use router provided by ISP (both stay almost in the same place).

What type of laptop do you have, do you know the WiFi chip and number of antennas it has? There are no known issues with the mentioned model, it works fine for most people

sutrus · Mon Jul 16, 2018 8:06 pm

Are you still working on hAP ac2's WiFi performance? I use laptop with Intel 7260 and WiFi performance is very poor (it fluctuates a lot within a huge range between 20 KB/s and 9 MB/s with average around 500 KB/s. The same laptop achieves 250 Mbit (which is what I pay for) when I use router provided by ISP (both stay almost in the same place).

Do you have updated wifi card drivers? Use the Intel® Driver & Support Assistant, or manually locate it.
He had the same problem and the update helped.

abcde · Mon Jul 16, 2018 10:10 pm

Are you still working on hAP ac2's WiFi performance? I use laptop with Intel 7260 and WiFi performance is very poor (it fluctuates a lot within a huge range between 20 KB/s and 9 MB/s with average around 500 KB/s. The same laptop achieves 250 Mbit (which is what I pay for) when I use router provided by ISP (both stay almost in the same place).
What type of laptop do you have, do you know the WiFi chip and number of antennas it has? There are no known issues with the mentioned model, it works fine for most people

It's Sony Vaio Pro 13 (https://www.trustedreviews.com/reviews/sony-vaio-pro-13).
I suppose that this is the card: https://ark.intel.com/en/products/75440 ... ess-N-7260
I'm using 5 GHz N/AC (2.4 is disabled because I don't need it).
Please find useful parts of uname, lspci, systool and dmesg below.
Let me know if you need anything more.

# uname -a
Linux vp 4.17.5-1-ARCH #1 SMP PREEMPT Sun Jul 8 17:27:31 UTC 2018 x86_64 GNU/Linux

# lspci
01:00.0 Network controller: Intel Corporation Wireless 7260 (rev 6b)
        Subsystem: Intel Corporation Dual Band Wireless-N 7260
        Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
        Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
        Latency: 0, Cache Line Size: 64 bytes
        Interrupt: pin A routed to IRQ 44
        Region 0: Memory at f7c00000 (64-bit, non-prefetchable) [size=8K]
        Capabilities: [c8] Power Management version 3
                Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold+)
                Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
        Capabilities: [d0] MSI: Enable+ Count=1/1 Maskable- 64bit+
                Address: 00000000fee08004  Data: 4023
        Capabilities: [40] Express (v2) Endpoint, MSI 00
                DevCap: MaxPayload 128 bytes, PhantFunc 0, Latency L0s <512ns, L1 unlimited
                        ExtTag- AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 0.000W
                DevCtl: Report errors: Correctable- Non-Fatal- Fatal- Unsupported-
                        RlxdOrd- ExtTag- PhantFunc- AuxPwr+ NoSnoop+ FLReset-
                        MaxPayload 128 bytes, MaxReadReq 128 bytes
                DevSta: CorrErr- UncorrErr- FatalErr- UnsuppReq- AuxPwr+ TransPend-
                LnkCap: Port #0, Speed 2.5GT/s, Width x1, ASPM L0s L1, Exit Latency L0s <4us, L1 <32us
                        ClockPM+ Surprise- LLActRep- BwNot- ASPMOptComp-
                LnkCtl: ASPM L1 Enabled; RCB 64 bytes Disabled- CommClk+
                        ExtSynch- ClockPM+ AutWidDis- BWInt- AutBWInt-
                LnkSta: Speed 2.5GT/s, Width x1, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
                DevCap2: Completion Timeout: Range B, TimeoutDis+, LTR+, OBFF Via WAKE#
                         AtomicOpsCap: 32bit- 64bit- 128bitCAS-
                DevCtl2: Completion Timeout: 16ms to 55ms, TimeoutDis-, LTR+, OBFF Disabled
                         AtomicOpsCtl: ReqEn-
                LnkCtl2: Target Link Speed: 2.5GT/s, EnterCompliance- SpeedDis-
                         Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
                         Compliance De-emphasis: -6dB
                LnkSta2: Current De-emphasis Level: -3.5dB, EqualizationComplete-, EqualizationPhase1-
                         EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
        Capabilities: [100 v1] Advanced Error Reporting
                UESta:  DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
                UEMsk:  DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
                UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
                CESta:  RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr-
                CEMsk:  RxErr- BadTLP- BadDLLP- Rollover- Timeout- NonFatalErr+
                AERCap: First Error Pointer: 00, ECRCGenCap- ECRCGenEn- ECRCChkCap- ECRCChkEn-
                        MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
                HeaderLog: 00000000 00000000 00000000 00000000
        Capabilities: [140 v1] Device Serial Number 5c-51-4f-xx-xx-xx-xx-xx
        Capabilities: [14c v1] Latency Tolerance Reporting
                Max snoop latency: 3145728ns
                Max no snoop latency: 3145728ns
        Capabilities: [154 v1] Vendor Specific Information: ID=cafe Rev=1 Len=014 <?>
        Kernel driver in use: iwlwifi
        Kernel modules: iwlwifi


# systool -vm iwlwifi
Module = "iwlwifi"

  Attributes:
    coresize            = "327680"
    initsize            = "0"
    initstate           = "live"
    refcnt              = "1"
    srcversion          = "A082116DEC439F44B0AAD63"
    taint               = ""
    uevent              = <store method only>

  Parameters:
    11n_disable         = "0"
    amsdu_size          = "0"
    antenna_coupling    = "0"
    bt_coex_active      = "Y"
    d0i3_disable        = "Y"
    d0i3_timeout        = "1000"
    debug               = "0"
    disable_11ac        = "N"
    fw_monitor          = "N"
    fw_restart          = "Y"
    lar_disable         = "N"
    led_mode            = "0"
    nvm_file            = "(null)"
    power_level         = "0"
    power_save          = "N"
    swcrypto            = "0"
    uapsd_disable       = "3"

  Sections:
    .altinstr_replacement= "0xffffffffc0a9da3d"
    .altinstructions    = "0xffffffffc0ab9f10"
    .bss                = "0xffffffffc0abeec0"
    .data.once          = "0xffffffffc0abd8f0"
    .data               = "0xffffffffc0abb300"
    .exit.text          = "0xffffffffc0a9da2c"
    .gnu.linkonce.this_module= "0xffffffffc0abeb80"
    .init.text          = "0xffffffffc0acd000"
    .note.gnu.build-id  = "0xffffffffc0a9e000"
    .orc_unwind         = "0xffffffffc0ab35dd"
    .orc_unwind_ip      = "0xffffffffc0aaf6c5"
    .parainstructions   = "0xffffffffc0aba090"
    .ref.data           = "0xffffffffc0abdd00"
    .rodata             = "0xffffffffc0a9e5c0"
    .rodata.str1.1      = "0xffffffffc0aa9bbb"
    .rodata.str1.8      = "0xffffffffc0aab858"
    .smp_locks          = "0xffffffffc0ab9f2c"
    .strtab             = "0xffffffffc0adab40"
    .symtab             = "0xffffffffc0ace000"
    .text               = "0xffffffffc0a7c000"
    .text.unlikely      = "0xffffffffc0a9da45"
    __bpf_raw_tp_map    = "0xffffffffc0abd900"
    __bug_table         = "0xffffffffc0abd0b0"
    __jump_table        = "0xffffffffc0abb000"
    __kcrctab           = "0xffffffffc0a9e490"
    __kcrctab_gpl       = "0xffffffffc0a9e4a0"
    __ksymtab           = "0xffffffffc0a9e030"
    __ksymtab_gpl       = "0xffffffffc0a9e070"
    __ksymtab_strings   = "0xffffffffc0aaf130"
    __mcount_loc        = "0xffffffffc0ab9488"
    __param             = "0xffffffffc0ab9c68"
    __tracepoints_ptrs  = "0xffffffffc0aba1b0"
    __tracepoints_strings= "0xffffffffc0aba280"
    __tracepoints       = "0xffffffffc0abe540"
    _ftrace_events      = "0xffffffffc0abdc20"

# dmesg | grep -i iwl
[    3.119352] iwlwifi 0000:01:00.0: enabling device (0000 -> 0002)
[    3.124355] iwlwifi 0000:01:00.0: loaded firmware version 17.948900127.0 op_mode iwlmvm
[    3.288512] iwlwifi 0000:01:00.0: Detected Intel(R) Dual Band Wireless N 7260, REV=0x144
[    3.314884] iwlwifi 0000:01:00.0: base HW address: 5c:51:4f:xx:xx:xx
[    3.516017] ieee80211 phy0: Selected rate control algorithm 'iwl-mvm-rs'
[    3.518324] iwlwifi 0000:01:00.0 wlp1s0: renamed from wlan0

Are you still working on hAP ac2's WiFi performance? I use laptop with Intel 7260 and WiFi performance is very poor (it fluctuates a lot within a huge range between 20 KB/s and 9 MB/s with average around 500 KB/s. The same laptop achieves 250 Mbit (which is what I pay for) when I use router provided by ISP (both stay almost in the same place).
Do you have updated wifi card drivers? Use the Intel® Driver & Support Assistant, or manually locate it.
He had the same problem and the update helped.

I don't use Windows, I don't have it installed. I use latest Linux kernel so yes, the driver is in latest version

I use this latptop with many APs all over the world and it has no issues. As I said before, I get 250 Mbit in my house using router provided by my ISP where Mikrotik is not even close. Both routers are next to each other.

metricmoose · Tue Jul 17, 2018 4:23 am

Version 6.43rc40 has been released.

*) userman - fixed compatibility with PayPal TLS 1.2;

I hope it's not off topic, but when should we expect this to hit the current branch? I have a production userman router that seems to be having some recent Paypal issues lately.

tigro11 · Thu Jul 19, 2018 8:22 pm

sorry for the question, but is it possible to make sure that when I paste a firewall rule script, the doubles are not loaded?

thank you

sindy · Thu Jul 19, 2018 9:36 pm

How is that related to 6.43rc in particular? There is a different section on the forum for these questions, called Scripting.

tigro11 · Thu Jul 19, 2018 9:57 pm

sorry, delete message

hknet · Fri Jul 20, 2018 11:44 pm

model: CRS317-1G-16S+
release: v6.43rc44

we use some ports with non-10G SFPs (ie 1G-SX and 1G-TX modules with fiber and copper).

those modules get auto negotiation 'incomplete', while claiming the link is ok but no working datatransmission can be established.

regards,
hk

crondrift · Sat Jul 21, 2018 2:50 am

model: hAP ac^2 (arm) - RouterBOARD D52G-5HacD2HnD-TC
release: v6.43rc44

I'm experiencing memory leakage. After 8 days of running, free RAM is down to ~90MB (starting at ~205MB after a fresh reboot). The device is "losing" ~14MB of free memory a day...

I don't have any fancy configuration, logs etc. are written external etc.

Anyone else getting this?

osc86 · Sat Jul 21, 2018 1:39 pm

anyone noticing a memory leak that ends with a kernel panic? this is on a CCR1009-7G-1C-1S+ running v6.43rc44

SergeyMorozov · Sat Jul 21, 2018 6:39 pm

Anyone else getting this?

This is weekly graph on my hAP ac²

osc86 · Sun Jul 22, 2018 1:04 pm

Yesterday I set up an ipsec connection between 2 devices, one running 6.42.6 the other 6.43rc44.
All IKE related settings were the same on both devices, but I wasn't able to establish a connection, unless I changed the hash algorithm to sha256 on the one running 6.42.6 and sha1 on the other.

When I added a new peer configuration using IKEv2, it killed all other non-IKEv2 connections immediately, which shouldn't happen either.

emils · Mon Jul 23, 2018 9:13 am

Version 6.43rc45 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------

Other changes in this release:

*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) lte - added additional ID support for SIM7600 modem;
*) sfp - fixed default advertised link speeds;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - improved Nv2 reliability on ARM devices;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

nescafe2002 · Mon Jul 23, 2018 11:01 am

Mikrotik update server 2a02:610:7501:1000::196 still reports 6.43rc44 1531295119.

GET /routeros/LATEST.6rc HTTP/1.1
Host: upgrade.mikrotik.com

HTTP/1.1 200 OK
Date: Mon, 23 Jul 2018 08:01:34 GMT
Content-Type: application/octet-stream
Content-Length: 20
Last-Modified: Thu, 12 Jul 2018 11:05:13 GMT
Connection: keep-alive
ETag: "5b4735e9-14"
Server: ThirdWorldFileDaemon
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

6.43rc44 1531295119

Edit:
Now redirecting to https://download.mikrotik.com/routeros/LATEST.6rc, same cluster.

[2a02:610:7501:1000::196] => 6.43rc44 1531295119
[2a02:610:7501:4000::226] => 6.43rc45 1531816238
159.148.172.226 => 6.43rc45 1531816238
159.148.147.204 => 6.43rc44 1531295119

Edit2:
Now properly propagated.

indjov · Mon Jul 23, 2018 11:55 am

So, in this version still i have a problem with Tools/SMS when i try to send sms shows me sms send failed: timeout?

Any news around that problem?

sindy · Mon Jul 23, 2018 12:09 pm

As a workaround worth trying if this issue complicates your life, it might be possible to send the SMSes using /interface lte at-chat and the AT command used to send SMSes on your modem model.

joserudi · Mon Jul 23, 2018 12:20 pm

*) wireless - improved Nv2 reliability on ARM devices;

The first point-to-point tests with nv2 on arm are not satisfactory. We will perform more tests

indjov · Mon Jul 23, 2018 4:32 pm

As a workaround worth trying if this issue complicates your life, it might be possible to send the SMSes using /interface lte at-chat and the AT command used to send SMSes on your modem model.

it`s not that the idea? i use this usb stick only for sms netwatch(internet it`s not include it), but i don`t understand why evyrything work normaly before with this gsm option and now did`t not.

sindy · Mon Jul 23, 2018 5:09 pm

This is a release candidate. Things do break as you add/improve functionality as nobody makes no mistakes at all. Se s tim smiř (in Czech).

server8 · Mon Jul 23, 2018 5:26 pm

Little bit better but the issue still present

*) wireless - improved Nv2 reliability on ARM devices;

The first point-to-point tests with nv2 on arm are not satisfactory. We will perform more tests

abcde · Mon Jul 23, 2018 10:14 pm

hAP AC2 still works very poorly with Intel Corporation Dual Band Wireless-N 7260. Transfer rate approximately 10 times slower than with other routers and often drops to 0 kbps.

doneware · Mon Jul 23, 2018 10:21 pm

Little bit better but the issue still present

can you show some results? i was experiencing performance varying between 250-430Mbps using SXTsq ACs with early 6.43rc builds even under excellent conditions.

JimmyNyholm · Tue Jul 24, 2018 11:38 am

NOOOOO!!!! -"radius - use MS-CHAPv2 for "login" service authentication;"

I hope there is a setting for this. chap, chapv2 with or without ms flavour is doing nothing good to the fact that static passwords are weak and should not be used.

We use one time passwords witch will not work in replay mode due to the fact of being ONE TIME. this makes all challenge based algorithm fail there simply is nothing to do challange on.

put PAP back now or atleast make it a setting so admins may choose the best setting for their env and needs. Make this setting universal så that we may use onetime radius password for winbox as well.

I have requested this many times.... This should be a setting is it or is it not? (Have not yet tested the RC in a router but will later this week.)

JimmyNyholm · Tue Jul 24, 2018 3:36 pm

Ok so now I test the RC45 Build. My setup scripts fail can't rename user admin anymore? WHY?

nkourtzis · Tue Jul 24, 2018 3:45 pm

*) wireless - improved Nv2 reliability on ARM devices;

The first point-to-point tests with nv2 on arm are not satisfactory. We will perform more tests

Just a question without intention of doubting what you say: why use NV2 on PtP?

JimmyNyholm · Tue Jul 24, 2018 4:07 pm

And even worse the chap packet that you send out doest not contain any password (you are sending empty radius request even before asking the user of a password. Clean upp your code and enable PAP/CHAP/MSCHAP as option NOW!

I'm trying this RC in a CRS328-4C-20S-4S+RM

After downgrading to Current 6.42.6 Radius pap (one time passwords) and rename admin works like a charm again.

Chupaka · Tue Jul 24, 2018 4:26 pm

Ok so now I test the RC45 Build. My setup scripts fail can't rename user admin anymore? WHY?

yeah, that's funny

[admin@internal] > user set admin name=adminn
failure: user name can't be changed

Tue Jul 24, 2018 5:13 pm

Changing name of logged in user is not good idea. What if you are logged as different user?

SergeyMorozov · Tue Jul 24, 2018 5:26 pm

Changing name of logged in user is not good idea. What if you are logged as different user?

[sergey@router.home] > /user set admin name adminn
failure: user name can't be changed

osc86 · Tue Jul 24, 2018 5:46 pm

even more important, the memory leak is still not fixed

hzdrus · Tue Jul 24, 2018 6:17 pm

Drop of RADIUS PAP support for ssh logins is a big problem for us too.

We're using a one-time password implementation which is impossible to integrate with MS-CHAPv2 - the security appliance only stores the hash of the PIN (fixed part of the password) and because of this cannot support MS-CHAPv2 since it would require to store PIN as clear-text. 6.43rc is forcing us to drop the OTP, actually decreasing security of the network.

Please allow us to make decisions on how to secure our network ourselves and make a setting allowing to select PAP for "login" service authentication. In any case RADIUS requests can always be sent via encrypted tunnels, while MS-CHAPv2 security strength has been watered down to level of a long obsolete single DES56 - one can find online services that will crack it in a day.

joserudi · Wed Jul 25, 2018 12:12 pm

*) wireless - improved Nv2 reliability on ARM devices;

The first point-to-point tests with nv2 on arm are not satisfactory. We will perform more tests
Just a question without intention of doubting what you say: why use NV2 on PtP?

I always use nv2 with mikrotik. There are some noise in my city.

ivanfm · Wed Jul 25, 2018 1:49 pm

Drop of RADIUS PAP support for ssh logins is a big problem for us too.

We're using a one-time password implementation which is impossible to integrate with MS-CHAPv2 - the security appliance only stores the hash of the PIN (fixed part of the password) and because of this cannot support MS-CHAPv2 since it would require to store PIN as clear-text. 6.43rc is forcing us to drop the OTP, actually decreasing security of the network.

Please allow us to make decisions on how to secure our network ourselves and make a setting allowing to select PAP for "login" service authentication. In any case RADIUS requests can always be sent via encrypted tunnels, while MS-CHAPv2 security strength has been watered down to level of a long obsolete single DES56 - one can find online services that will crack it in a day.

I agree.
If the internal system works with hash passwords ok, but If the router manager has a secure radius and want to use this kind of system should be permitted.
The SSH passwords are plain text in the encrypted tunnel and PAP still can be used.

alfregil · Fri Jul 27, 2018 6:34 pm

Hi, need some help to configure a paypal payment option with hotspot and usermanager. Just found this and update it to the RC version, but still need help on this.

ziegenberg · Mon Jul 30, 2018 5:14 pm

Hi, need some help to configure a paypal payment option with hotspot and usermanager. Just found this and update it to the RC version, but still need help on this.

This is definitely the wrong thread for your request. There are separate threads and parts of the forum for those kind of questions. This thread is solely for issues with this particular release version and it's update.

TestCRS · Tue Jul 31, 2018 4:03 pm

>What's new in 6.43rc45 (2018-Jul-17 08:30):
>Changes in this release :
>sfp - fixed default advertised link speeds;

please say: what exactly was corrected

Thu Aug 02, 2018 11:51 am

Version 6.43rc51 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------

Other changes in this release:

*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - improved bridge port state changing process;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) certificate - do not allow to perform "undo" on certificate changes;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) health - fixed voltage measurements for RB493G devices;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added additional D-Link PIDs;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ospf - improved link-local LSA flooding;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) tile - added DES and 3DES hardware acceleration support;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

pe1chl · Thu Aug 02, 2018 12:21 pm

Version 6.43rc51 has been released.

*) ike1 - zero out reserved bytes in NAT-OA payload;

Thank you, I will test it soon and report.

Netstumble · Thu Aug 02, 2018 12:33 pm

*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);

Please clarify:
Ex:
I run 6.40.8
System routerboard print:

routerboard: yes
model: RouterBOARD 3011UiAS
serial-number: 689A05572F46
firmware-type: ipq8060
factory-firmware: 3.27
current-firmware: 3.41
upgrade-firmware: 3.41

Will the fix be included only in later production runs?
I was under the assumption that the factory-firmware identifies the firmware ver# the device initially shipped with,
and it can't be somehow upgraded.
Or we are talking about bakup routerboot code... (in which case I still think it is not user-upgradeable?).
Nothing relevant on the wiki.
Thanks.

paulct · Thu Aug 02, 2018 12:35 pm

*) bridge - added per-port based "tag-stacking" feature

Can this also be explained. Similar to selective q-in-q?

vspider · Thu Aug 02, 2018 3:02 pm

I have LtAP mini International Kit and have LTE some stability issues. Is it worth upgrading to 6.43rc51 version as it claims fix for my case

*) usb - fixed modem initialisation on LtAP mini;

Is it stable enough for LtAP device at least?

grusu · Fri Aug 03, 2018 10:46 am

Hi,

Something is wrong with the Hash Algorithms in Peer Proposal setting in v6.43.51:

Peer Proposal mismatch.PNG

If I have to set the SHA1 algorithm, in WinBox I have to set md5.

pe1chl · Fri Aug 03, 2018 5:42 pm

Version 6.43rc51 has been released.

*) ike1 - zero out reserved bytes in NAT-OA payload;
Thank you, I will test it soon and report.

Unfortunately it is the same - report sent to support.
Any others who try to do IPsec from a Draytek router behind NAT?

MonkeyDan · Fri Aug 03, 2018 10:33 pm

rc51 seems better on point-to-point Wireless Wires (fixed dropping issues in 6.42.6)
But we're still seeing a lot of disconnects with multipoint.

janos66 · Sat Aug 04, 2018 1:17 pm

Will the fix be included only in later production runs?
I was under the assumption that the factory-firmware identifies the firmware ver# the device initially shipped with,
and it can't be somehow upgraded.
Or we are talking about bakup routerboot code... (in which case I still think it is not user-upgradeable?).
Nothing relevant on the wiki.

I think factory routerboard firmware = backup bootloader.
It's normally not allowed but seems possible to upgrade the factory version: https://wiki.mikrotik.com/wiki/Manual:R ... D_settings

The backup RouterBOOT version can not be older than v3.24 version. A special package is provided to upgrade the backup RouterBOOT (DANGEROUS). Newer devices will have this new backup loader already installed at the factory. Download the package for:

I usually assumed the factory/backup version to be completely irrelevant unless you force it by a RESET button sequence (or possibly some other means).
I still think this is the case here. The new feature will probably be available when using the normal boot loader (of a high enough version) but be absent when using the backup bootloader (either manually forced or may be automatically triggered if the "main" one is too corrupted to do anything).

I never tried but thought the secondary (factory) version can be upgraded too, either via Netinstall or even just by using the "force backup booter" and initiating an upgrade from ROS. But I never felt the need, so never tried... I just tried to latter (force backup and upgrade from ROS) but it's not that easy. I wonder if Netinstall could do it.

Edit:
Oh! And I think even though we now have a matching ROS and bootloader version (even for every incremental, let alone RC version), that firmware still has some internal version number (probably still somewhere around 3.4x for ROS 6.4x). So this change only complicates this question (it's probably possible to have basically the same factory backup and "main" booloader on a device even though the visible version number is seemingly much higher on the normally-upgradeable "main" firmware).

I think they just rebuild the source code of the bootloader for every ROS release, so it has a matching version number but this no longer indicates they made any change to the source. But this seems to be impractical because now we don't know when the code actually changes.

Netstumble · Sat Aug 04, 2018 8:58 pm

Will the fix be included only in later production runs?
I was under the assumption that the factory-firmware identifies the firmware ver# the device initially shipped with,
and it can't be somehow upgraded.
Or we are talking about bakup routerboot code... (in which case I still think it is not user-upgradeable?).
Nothing relevant on the wiki.
I think factory routerboard firmware = backup bootloader.
It's normally not allowed but seems possible to upgrade the factory version: https://wiki.mikrotik.com/wiki/Manual:R ... D_settings
The backup RouterBOOT version can not be older than v3.24 version. A special package is provided to upgrade the backup RouterBOOT (DANGEROUS). Newer devices will have this new backup loader already installed at the factory. Download the package for:
I usually assumed the factory/backup version to be completely irrelevant unless you force it by a RESET button sequence (or possibly some other means).
I still think this is the case here. The new feature will probably be available when using the normal boot loader (of a high enough version) but be absent when using the backup bootloader (either manually forced or may be automatically triggered if the "main" one is too corrupted to do anything).

I never tried but thought the secondary (factory) version can be upgraded too, either via Netinstall or even just by using the "force backup booter" and initiating an upgrade from ROS. But I never felt the need, so never tried... I just tried to latter (force backup and upgrade from ROS) but it's not that easy. I wonder if Netinstall could do it.

Edit:
Oh! And I think even though we now have a matching ROS and bootloader version (even for every incremental, let alone RC version), that firmware still has some internal version number (probably still somewhere around 3.4x for ROS 6.4x). So this change only complicates this question (it's probably possible to have basically the same factory backup and "main" booloader on a device even though the visible version number is seemingly much higher on the normally-upgradeable "main" firmware).

I think they just rebuild the source code of the bootloader for every ROS release, so it has a matching version number but this no longer indicates they made any change to the source. But this seems to be impractical because now we don't know when the code actually changes.

All valid considerations.
I suppose they do refer to the secondary bootloader,
in witch case they should provide a "special" package for the users who would want to upgrade the backup loader.
Still, I would like a clarification from mikrotik.

janos66 · Sat Aug 04, 2018 11:08 pm

in witch case they should provide a "special" package for the users who would want to upgrade the backup loader.

In my opinion the best solution would be to always auto-upgrade the main bootloader along every ROS upgrade (without the need to issue manual reboot twice) and allow the user to manually upgrade the backup bootloader once the new ROS successfully booted with an upgraded main bootloader (which is a fair enough confirmation that the device is stable enough with the new bootloader to use ROS for bootloader changes, thus it's probably possible to downgrade if some small error occurs later on).

laca77 · Sat Aug 04, 2018 11:40 pm

Hi

I ran into a strange problem.
I had to reinstall the system with Netinstall to the latest rc51 version.

My device is a CRS109-8G-1S-2HnD which is a DHCP client on the SFP copper port (ISP is UPC). I try to run a speedtest.net from my desktop PC .

After everything was ready, i tried to run a speedtest, The speed was 80Mbps with 90% of cpu load. The idle load was 17%.
Ok, i installed back to the 6.42.6. The speed was 400Mbps with 50% of cpu load. Idle load is 4%.
Nice. So i did some screenshot from the tools/profile.
The last step was back to 6.43rc51 to reproduce the problem. But now everything is looks nice, on this RC i can get the 400Mbps with the same load as it was on the 6.42.6...

I don't know what happened, i didn't changed the config.... but now looks like everything is ok...

Just write this post as a note, may be helps to somebody.

schadom · Sun Aug 05, 2018 4:44 pm

*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;

"sfp-connector-type" is still falsely displayed as "LC" for S-RJ01 modules in Winbox and CLI

jondavy · Mon Aug 06, 2018 12:08 am

in queues tree in parent does not appear to select queue of hotspot users like <hotspot-john>

chubbs596 · Mon Aug 06, 2018 10:23 am

*) bridge - added per-port based "tag-stacking" feature

Can this also be explained. Similar to selective q-in-q?

Would also like this explained

petern · Mon Aug 06, 2018 11:56 am

Hi, I'm also using PAP with radius for authentication to support 2FA logins. Using only chap is not helpful. Is feedback here taken on board or is there a more official way to get this heard?

artz · Mon Aug 06, 2018 2:05 pm

*) bridge - added per-port based "tag-stacking" feature

Can this also be explained. Similar to selective q-in-q?

Wiki has been updated with an example:
https://wiki.mikrotik.com/wiki/Manual:I ... g_stacking

Selective QinQ is not possible yet, only port based QinQ or CVID stacking is possible now.

nicoguido · Mon Aug 06, 2018 4:46 pm

Hi,

Here is a problem with CRS317 and rc51.

My configuration :
some clients <---> CRS326 <===== Trunk1(only tagged VLANs) =====> CRS317 <===== Trunk2 (only tagged VLANS) ====> CRS328 <---> some clients

Installation with version 6.42.6 for the three devices : no problem.

Upgrade on version 6.43rc51 for the three devices :
everything is working like version 6.42.6, except the fact that CRS317 is unreachable for remote management via CRS326/CRS328 :
- no access to the web pages
- no access with winbox + it doesn't appear in 'neighbors'
CSR317 is still manageable through a direct connection to one of its ports.

1st Test : I decide to change CRS317 with and old TP-link switch with the same VLAN/Trunk configuration. The TP-Link switch is available for remote management via CRS326/CRS328.
2nd Test : I rebuild CRS317 with a netsintall of version 6.43rc51 and a fresh configuration. Same behaviour, the CRS317 is unreachable for remote management via CRS326/CRS328.

Are you aware of this king of problem with the RC version ?
If I find the time, I'll do a last test by reinstalling version 6.42.6 on the CRS317 only.

msatter · Wed Aug 08, 2018 2:45 pm

Found the problem and it was that I changed to an other DNS server that did not Round Robin by default.

emils · Tue Aug 14, 2018 1:33 pm

Version 6.43rc56 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------

Other changes in this release:

!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
*) bridge - added support for BPDU Guard (CLI only);
*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only);
*) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only);
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - added "dont-require-permissions" parameter for scripts;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ippool - improved used address error message;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ppp - fixed interface enabling after a while if none of them where active;
*) ppp - improved modem mode switching;
*) snmp - added "temp-exception" trap;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute (CLI only);
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) ups - improved UPS serial parsing stability;
*) w60g - general stability and performance improvements;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "default-route-distance" parameter for "IPv6/DHCP-client" menu;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2 (CLI only);
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - updated "united-states" regulatory domain information;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Note that release candidate versions are published strictly for testing purposes and should not be used on production routers.

raffav · Tue Aug 14, 2018 1:46 pm

Nice..
Good work
I get very happy when there are a lot of changes logs, even if I don't use 80% of this improvement , I get happy for whose does.
Can't wait to this became stable release.

Sent from my XT1580 using Tapatalk

indjov · Tue Aug 14, 2018 1:52 pm

sorry now works.

Tue Aug 14, 2018 3:38 pm

*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only);
*) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only);

Could we please get some examples of how to use these features on the Wiki ?

I cannot see any of the options I would expect, e.g. being able to set the contents of the Option-82 injection string with variables for the first feature, or being able to specify the valid DHCP server for the second.

Tue Aug 14, 2018 4:09 pm

*) wireless - added option to disable PMKID for WPA2 (CLI only);

All my everyday devices still connects just fine.

artz · Tue Aug 14, 2018 5:59 pm

Code: Select all
*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only);
*) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only);
Could we please get some examples of how to use these features on the Wiki ?

I cannot see any of the options I would expect, e.g. being able to set the contents of the Option-82 injection string with variables for the first feature, or being able to specify the valid DHCP server for the second.

Did you specify which ports are trusted ports under /interface bridge port?

MonkeyDan · Tue Aug 14, 2018 7:29 pm

Still seeing multipoint Wireless Wire disconnects with 6.43rc56. I don't think the RC branch has been stable on these since rc17

6.42.3 continues to be my recommended version.

StubArea51 · Tue Aug 14, 2018 10:57 pm

Code: Select all
*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only);
*) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only);
Could we please get some examples of how to use these features on the Wiki ?

I cannot see any of the options I would expect, e.g. being able to set the contents of the Option-82 injection string with variables for the first feature, or being able to specify the valid DHCP server for the second.

I second that!

Florian · Wed Aug 15, 2018 11:08 am

Hello,

Funny thing after Version 6.43rc56 , my DHCPv6 client is showing in red in winbox, even though everything is working, and my ipv6 connectivity is ok. Still after after re-creating it from scratch... Not a big deal, but...

ipv6.JPG

pe1chl · Wed Aug 15, 2018 11:57 am

*) ike1 - zero out reserved bytes in NAT-OA payload;

I tested it again with Draytek router behind NAT and now it works OK!
Thanks!

IntrusDave · Thu Aug 16, 2018 12:31 am

*) console - added "dont-require-permissions" parameter for scripts;

How does this one work? Any specific commands that it works with?

ath · Thu Aug 16, 2018 4:16 am

I notice that in 6.43rc34 the /interface bridge vlan untagged= configuration no longer strips all the C-tags from a packet with multiple C-tags. Instead it only strips the top C-tag.
Will this be the case in the production version?
If so, would it be possible to reinstate the former behaviour as an option?

diablothebest · Thu Aug 16, 2018 7:02 am

*) bridge - added support for BPDU Guard (CLI only);

Where I can change this settings via CLI?

artz · Thu Aug 16, 2018 10:39 am

IntrusDave - you can find more information about this option here:
https://wiki.mikrotik.com/wiki/Manual:S ... repository
https://wiki.mikrotik.com/wiki/Manual:T ... Properties

diablothebest - this can be done under /interface bridge port
https://wiki.mikrotik.com/wiki/Manual:I ... t_Settings

ath - can you please port an example and configuration when this was working?

boldsuck · Fri Aug 17, 2018 11:00 pm

Funny thing after Version 6.43rc56 , my DHCPv6 client is showing in red in winbox, even though everything is working, and my ipv6 connectivity is ok. Still after after re-creating it from scratch... Not a big deal, but...

Same in Webfig and Terminal. DHCPv6 client Flag = I - invalid.
IPv6 connection works without problems.

[admin@migo] /ipv6 route> check
status: ok
interface: pppoe-out1
nexthop: ::

[admin@migo] /ipv6 route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
#      DST-ADDRESS               GATEWAY                  DISTANCE
0 ADS	 ::/0			pppoe-out1			1
1 DS	 ::/0			fe80::90:1a00:2a3:47c...	1
2 ADSU	 2001:4dd2:8986::/48					1
3 ADC	 2001:4dd2:8986::/64    bridge-local			0

[admin@migo] /ipv6 dhcp-client> print
Flags: D - dynamic, X - disabled, I - invalid
#    INTERFACE	STATUS          REQUEST         PREFIX            ADDRESS
0  I	pppoe-out1       bound              prefix             2001:4dd2:8986::/48, 22h28m17s

adamgardner2 · Sat Aug 18, 2018 1:32 am

So, I spun up a brand new CHR in AWS and updated it to 6.43rc56, to play around with it. One of my main goals was to update the ruby 'mtik' gem to use the new login method, so that when the 6.43 is eventually released for real, I can continue to use it.

Oddly, though, the old login method still seemed to work on 6.43rc56. Is it intended that both methods are available at the moment? While that certainly provides a better transitional user experience, it does seem to imply that the unhashed password is still being stored (at least insofar as I understand the challenge-response login process).

Can anyone clarify this?

soomanyquestions · Sat Aug 18, 2018 9:19 pm

Just posting a datapoint that the disable-pmkid=yes option works flawlessly with android, iphone, ipad, 2x windows 10 laptop, a macbook pro and a LG smart tv.

mlenhart · Mon Aug 20, 2018 11:53 pm

Version 6.43rc56 has been released.

*) w60g - stop doing distance measurements after first successful measurement;

I have to report, that distance measurement does not work correctly. On AP side it reports 706.54m while on client side just 374.28m (374.28 is the correct distance)

tigro11 · Wed Aug 22, 2018 5:02 pm

hi guys, it seems to me that it is still not possible to change the date format in dd / mm / yyyy. It would be very useful as I also work with userman reports.
Does anyone have a solution?
thank you
Valerio