Community discussions

MikroTik App
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

v6.43 [current] is released!

Mon Sep 10, 2018 9:52 am

RouterOS version 6.43 has been released in public "current" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.43 (2018-Sep-06 12:44):

MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------

Changes in this release:

*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - added support for BPDU Guard;
*) bridge - added support for DHCP Option 82;
*) bridge - added support for DHCP Snooping;
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - added ability to use chain 3 for "HT TX chains" and "HT RX chains" selections (CLI only);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) certificate - fixed RA "server-url" setting;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) cloud - close local UDP port if no activity;
*) console - added "dont-require-permissions" parameter for scripts;
*) console - added error log message when netwatch tries to execute script with insufficient permissions;
*) console - added error log message when scheduler tries to execute script with insufficient permissions;
*) console - do not show spare parameters on ping command;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - added Q-in-Q hardware offloading support;
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-client - improved dynamic IPv6 pool addition process;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dns - fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - added missing parameters from export;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "static-dns" value storing;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) l2tp - allow setting "max-mtu" and "max-mru" bigger than 1500;
*) led - improved w60g alignment trigger;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US;
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command;
*) lte - added "sector-id" to info command;
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed LTE registration in 2G/3G mode;
*) lte - fixed SIM7600 registration info;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc";
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - improved reliability when connecting from RouterOS versions prior 6.43;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) ospf - improved stability when originating LSAs with OSPFv3;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - added support for Alfa Network U4G modem;
*) ppp - added support for Telit LM940 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added EAP identity to CAPsMAN registration table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed interface speed reporting for predefined rates;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "files" section to supout file;
*) supout - added info log message when supout file is created;
*) supout - added monitored bridge VLAN table to supout file;
*) supout - added "w60g" section to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) tr069-client - use SNI extension for HTTPS;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5 on PowerPC;
*) ups - improved UPS serial parsing stability;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) watchdog - added "ping-timeout" setting;
*) webfig - do not automatically re-log in after logging out;
*) webfig - fixed occasional authentication failure when logging in;
*) webfig - fixed www service becoming unresponsive;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly handle double clicking when logging in or out;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "tag-stacking" option to "Bridge/Ports";
*) winbox - allow to specify LTE interface when sending SMS;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed "bad-blocks" value presence under "System/Resources";
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "IP/IPsec/Peers" section sorting;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - require "sniff" policy for wireless sniffer;
*) wireless - updated "czech republic" regulatory domain information;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this concrete RouterOS release.
 
freemannnn
Forum Veteran
Forum Veteran
Posts: 700
Joined: Sun Oct 13, 2013 7:29 pm

Re: v6.43 [current] is released!

Mon Sep 10, 2018 10:01 am

wow. nice start of week!!!
ip cloud service and winbox connection so fast now.
dhcp snooping....love u guys!
Last edited by freemannnn on Mon Sep 10, 2018 11:07 am, edited 2 times in total.
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 254
Joined: Thu Nov 05, 2015 12:30 pm

Re: v6.43 [current] is released!

Mon Sep 10, 2018 10:43 am

super news, I will test it at soon as possible...
btw. It's a quite list of changes, you are doing great job, thx guys...
 
bennyh
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Fri Mar 03, 2017 12:37 pm

Re: v6.43 [current] is released!

Mon Sep 10, 2018 10:48 am

What about 3011 hardware IPSec acceleration, what introduced in RC?
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.43 [current] is released!

Mon Sep 10, 2018 10:53 am

Hardware accelerated IPsec for 3011 is not included in this release. Unfortunately, we could not get it working stable enough in time. It will be available in 6.44.
 
petern
newbie
Posts: 26
Joined: Wed Dec 13, 2017 5:58 pm

Re: v6.43 [current] is released!

Mon Sep 10, 2018 11:03 am

Sad to see this still here which is not good for anyone using radius to provide 2FA.
!) radius - use MS-CHAPv2 for "login" service authentication;
 
bjornr
just joined
Posts: 23
Joined: Thu Apr 16, 2015 11:00 am

Re: v6.43 [current] is released!

Mon Sep 10, 2018 11:35 am

Interface speeds seem to be set explicitly after upgrading, is this related to the SNMP speed report changelog entry? I haven't tried connecting an interface at other speeds yet, but can I assume that this setting, while a part of /export, will change accordingly?
  /interface ethernet
- set [ find default-name=ether1 ] l2mtu=1582 name=ether1-gateway
- set [ find default-name=ether2 ] comment=node2
- set [ find default-name=ether3 ] comment=node3
- set [ find default-name=ether4 ] comment=node4
- set [ find default-name=ether5 ] comment=node5
+ set [ find default-name=ether1 ] l2mtu=1582 name=ether1-gateway speed=100Mbps
+ set [ find default-name=ether2 ] comment=node2 speed=100Mbps
+ set [ find default-name=ether3 ] comment=node3 speed=100Mbps
+ set [ find default-name=ether4 ] comment=node4 speed=100Mbps
+ set [ find default-name=ether5 ] comment=node5 speed=100Mbps
 
vpithart
just joined
Posts: 1
Joined: Mon Oct 20, 2014 11:46 pm

can't login with password on 6.43

Mon Sep 10, 2018 11:37 am

After `6.42.7` -> `6.43` and `/system routerboard upgrade`, login into the box doesn't accept the password anymore. Winbox: `wrong username or password`, ssh: keeps asking for password again and again. Lucky me having a ssh-key there.

It's `RB SXT G-5HPacD`, firmware-type: qca9550, factory-firmware: 3.14, current-firmware: 6.43, upgrade-firmware: 6.43. Using winbox 3.16.

Should anyone want supout.rif, email me.

Edit: Running `/ip ssh set always-allow-password-login=yes` after upgrade to 6.43 restores SSH password login. Winbox password login fails still.

Edit2:
Set the password to the same as before (/user set admin password=password1) -> winbox: `wrong username or password`
Set new password (/user set admin password=password2) -> winbox: login works again
Reset to the original pre-upgrade password (/user set admin password=password1) -> winbox: login still works.
Last edited by vpithart on Mon Sep 10, 2018 11:57 am, edited 3 times in total.
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3119
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: v6.43 [current] is released!

Mon Sep 10, 2018 11:43 am

Now that's a list!

Question; is this list now mentioning everything changed/corrected since 6.42.7 or is it compared to 6.42?
Are any or all of these changes/corrections already available in previous v6.42.x versions?

If this is all new I might wait with installing this huge upgrade on my 6.42.6 and 6.42.7 devices. Experience learned me a new number version sometimes gives new issues as well, 'current' or not....
A long list like this one is prone to have some code errors in it that will only emerge if many other guinea pigs have installed this...

See how empty this tread stays the next days....
 
Kindis
Member
Member
Posts: 441
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: v6.43 [current] is released!

Mon Sep 10, 2018 11:56 am

Just upgraded two CHR instances to 6.43 and all worked great but I cannot see Cloud under IP

!) cloud - added support for licensed CHR instances (including trial);

I do not see it in WinBox or via Webfig. Cleared cache and all that and does not appear. I can see it via console or SSH so I have managed to activate it but I still cannot see this via Winbox or Webfig.
 
osmoticzest
just joined
Posts: 8
Joined: Wed Jan 03, 2018 2:55 pm

Re: v6.43 [current] is released!

Mon Sep 10, 2018 12:10 pm

*) fetch - added "as-value" output format;
Assuming this is still the same functionality as described at https://wiki.mikrotik.com/wiki/Manual:T ... a_variable , I am surprised to find that when I do this:
/tool fetch mode=https host="mikrotik.com" url="https://mikrotik.com/aboutus" output=user as-value
I still receive a log line which reads
info fetch: file "aboutus" downloaded
even though no file appears to have been downloaded (and of course, I don't want it to be). Is this correct?
 
djdrastic
Member
Member
Posts: 368
Joined: Wed Aug 01, 2012 2:14 pm

Re: v6.43 [current] is released!

Mon Sep 10, 2018 12:27 pm

Wow that's a lot of changes

Some great features being added have to say.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7167
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.43 [current] is released!

Mon Sep 10, 2018 12:29 pm

Of course it will show "file downloaded", because to output something you need to download it first.
 
bennyh
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Fri Mar 03, 2017 12:37 pm

Re: v6.43 [current] is released!

Mon Sep 10, 2018 12:46 pm

Hardware accelerated IPsec for 3011 is not included in this release. Unfortunately, we could not get it working stable enough in time. It will be available in 6.44.
Cserkészbecsszó?
In english: Is it scout's honor to will be hw accel in 6.44? :)
 
OndrejHolas
newbie
Posts: 30
Joined: Mon Jul 30, 2018 5:54 pm

Re: v6.43 [current] is released!

Mon Sep 10, 2018 12:47 pm

Interface speeds seem to be set explicitly after upgrading, is this related to the SNMP speed report changelog entry? I haven't tried connecting an interface at other speeds yet, but can I assume that this setting, while a part of /export, will change accordingly?

I also have exactly the same in diff (RB750Gr3 6.42.7->6.43). In fact, nothing in configuration has changed, if you issue "/int eth exp verb" before upgrade, "speed=100Mbps" is also there, but in non-verbose export it is hidden as default. In 6.43, it is not hidden, probably default value is changed in 6.43. Nevertheless, when "auto-negotiation" is set to "yes" (default setting and thus hidden in non-verbose export in both versions), the "speed" setting has no effect, the port succesfully negotiates at best speed/duplex:

[admin@rb750gr3] > int eth exp
...
/interface ethernet
...
set [ find default-name=ether2 ] speed=100Mbps
...
[admin@rb750gr3] > int eth mon 1 once
name: ether2
status: link-ok
auto-negotiation: done
rate: 1Gbps
full-duplex: yes

tx-flow-control: no
rx-flow-control: no
advertising: 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
link-partner-advertising: 10M-half,10M-full,100M-half,100M-full,1000M-full



Ondrej
 
nightcom
newbie
Posts: 37
Joined: Wed Aug 30, 2017 12:47 am
Location: NL

Re: v6.43 [current] is released!

Mon Sep 10, 2018 12:47 pm

RB3011, CRS326-24G-2S and RB750Gr3 upgraded with no problems
 
meesuk
just joined
Posts: 1
Joined: Thu Jun 07, 2018 4:58 pm

Re: v6.43 [current] is released!

Mon Sep 10, 2018 12:47 pm

Nice Job!

Thank you for your update about these.
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
 
bennyh
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Fri Mar 03, 2017 12:37 pm

Re: v6.43 [current] is released!

Mon Sep 10, 2018 12:48 pm

Hardware accelerated IPsec for 3011 is not included in this release. Unfortunately, we could not get it working stable enough in time. It will be available in 6.44.
Cserkészbecsszó?
In english: Is it scout's honor to will be hw accel in 6.44? :)

Nowadays I am too sceptic :)
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1087
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.43 [current] is released!

Mon Sep 10, 2018 1:05 pm

*) fetch - added "as-value" output format;
Assuming this is still the same functionality as described at https://wiki.mikrotik.com/wiki/Manual:T ... a_variable , I am surprised to find that when I do this:
/tool fetch mode=https host="mikrotik.com" url="https://mikrotik.com/aboutus" output=user as-value
I still receive a log line which reads
info fetch: file "aboutus" downloaded
even though no file appears to have been downloaded (and of course, I don't want it to be). Is this correct?
The about-us site is a bad example, as it gives a lot of html output. See this example:
:put ([ /tool fetch url="https://www.eworm.de/ip/" output=user as-value ]->"data")
Or to put it into a variable:
:global result;
:set result ([ /tool fetch url="https://www.eworm.de/ip/" output=user as-value ]->"data");
:put $result;
 
User avatar
alexvdbaan
Trainer
Trainer
Posts: 40
Joined: Sun Feb 22, 2015 12:12 pm
Location: Amsterdam, Netherlands
Contact:

Re: v6.43 [current] is released!

Mon Sep 10, 2018 1:22 pm

bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;

Great work MT team!

I was wondering if you could elaborate on the dynamic vlan function? I can see that the Caps interfaces are included in the bridge and that the active interfaces are tagged in the dynamic vlan entry for PVID 1. I would expect that the dynamic caps interfaces are dynamically added to all the bridge vlan entries. I have also tried to add the Capsman interfaces in their own interface list. However the newly created interface list woith all the dynamic caps interfaces can not be selected in the bridge vlan entry.

Below the config for my test setup on 6.43
/interface bridge
add fast-forward=no name=Lo0 protocol-mode=none
add fast-forward=no name=bridge protocol-mode=none vlan-filtering=yes
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2 pvid=666
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
/interface bridge settings
set allow-fast-path=no
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1 untagged=ether2 vlan-ids=666
add bridge=bridge tagged=bridge,ether1 vlan-ids=200
add bridge=bridge tagged=bridge,ether4,ether5 vlan-ids=10,20,30,667

/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes local-forwarding=no name=vl10-data vlan-id=10 vlan-mode=use-tag
add bridge=bridge client-to-client-forwarding=yes local-forwarding=no name=vl20-data vlan-id=20 vlan-mode=use-tag
add bridge=bridge client-to-client-forwarding=yes local-forwarding=no name=vl30-data vlan-id=30 vlan-mode=use-tag
add bridge=bridge client-to-client-forwarding=yes local-forwarding=no name=radius-data vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-eap disable-pmkid=yes eap-methods=passthrough encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=Radius-Sec
/caps-man configuration
add country=netherlands datapath=radius-data distance=indoors hide-ssid=no mode=ap name=DynVlan security=Radius-Sec ssid=AllVlan
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes package-path=/upgrade upgrade-policy=require-same-version
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=vl667
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=DynVlan name-format=prefix-identity name-prefix=5Ghz-
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=DynVlan name-format=prefix-identity name-prefix=2.4Ghz-
 
User avatar
colinardo
just joined
Posts: 19
Joined: Sun Jan 08, 2017 9:02 pm

Re: v6.43 [current] is released!

Mon Sep 10, 2018 1:48 pm

Nice work!

Found a LOG problem with an IPv6 DHCP-CLIENT. The log says there was an error adding the dynamic prefix pool, but it actually is created correctly. Cosmetic problem?
dhcp,error failed to add ipv6 pool MYPOOL: ok
Confused :-).

Best regards
@colinardo
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 920
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v6.43 [current] is released!

Mon Sep 10, 2018 2:07 pm

Found a LOG problem with an IPv6 DHCP-CLIENT. The log says there was an error adding the dynamic prefix pool, but it actually is created correctly. Cosmetic problem?
dhcp,error failed to add ipv6 pool MYPOOL: ok
.....
.......
Yes, I have a similar issue:with the current release 6.43
dhcp,error failed to add ipv6 pool rogers-ipv6: ok
but it actually is created correctly.
 
JanezFord
Member Candidate
Member Candidate
Posts: 270
Joined: Wed May 23, 2012 10:58 am

Re: v6.43 [current] is released!

Mon Sep 10, 2018 2:44 pm

Upgraded about 7 devices but stopped further upgrading because I can't connect to my hEX any more - user/pass for admin not accepted any more... I can login by ssh-key. I see vptihart also had issues with winbox connectivity.

So be very careful with this upgrade, you may lock yourself out of your device !! :)

JF.
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1165
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: v6.43 [current] is released!

Mon Sep 10, 2018 2:52 pm

Have just moved my CHR up and cannot see any Winbox entry for IP>Cloud however terminal I can access it and apply it.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1650
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.43 [current] is released!

Mon Sep 10, 2018 2:57 pm

IP/Cloud feature will be added to Winbox interface for CHR in upcoming versions.

DHCPv6 error log message is a cosmetic issue which also will be fixed soon. This error actually tells that there is no error.
 
becs
MikroTik Support
MikroTik Support
Posts: 501
Joined: Thu Jul 07, 2011 8:26 am

Re: v6.43 [current] is released!

Mon Sep 10, 2018 3:08 pm

Interface speeds seem to be set explicitly after upgrading, is this related to the SNMP speed report changelog entry? I haven't tried connecting an interface at other speeds yet, but can I assume that this setting, while a part of /export, will change accordingly?
  /interface ethernet
- set [ find default-name=ether1 ] l2mtu=1582 name=ether1-gateway
- set [ find default-name=ether2 ] comment=node2
- set [ find default-name=ether3 ] comment=node3
- set [ find default-name=ether4 ] comment=node4
- set [ find default-name=ether5 ] comment=node5
+ set [ find default-name=ether1 ] l2mtu=1582 name=ether1-gateway speed=100Mbps
+ set [ find default-name=ether2 ] comment=node2 speed=100Mbps
+ set [ find default-name=ether3 ] comment=node3 speed=100Mbps
+ set [ find default-name=ether4 ] comment=node4 speed=100Mbps
+ set [ find default-name=ether5 ] comment=node5 speed=100Mbps
Hello,
Interface ethernet speed appearing in the v6.43 configuration export is a cosmetic thing because of speed setting default value changes.
Since the speed setting does not take effect when "auto-negotiation=yes", it will not affect most configurations and to avoid breaking user modified values, the defaults are not updated during RouterOS upgrade, it is done only after configuration reset.

This cosmetic issue can be manually fixed by setting new values of "speed" according to v6.43 defaults:
/interface ethernet print default-config detail
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1087
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.43 [current] is released!

Mon Sep 10, 2018 3:22 pm

[...] Since the speed setting does not take effect when "auto-negotiation=yes", [...]
Are you sure? I have a CRS where one port negotiates at 100M-full - probably due to bad wiring. If I set speed=1Gbps the port is flapping at 1000M-full.
This cosmetic issue can be manually fixed by setting new values of "speed" according to v6.43 defaults:
/interface ethernet print default-config detail
[admin@MikroTik] > /interface ethernet print default-config detail
expected end of command (line 1 column 27)
 
becs
MikroTik Support
MikroTik Support
Posts: 501
Joined: Thu Jul 07, 2011 8:26 am

Re: v6.43 [current] is released!

Mon Sep 10, 2018 3:32 pm

eworm, changing speed setting no matter of its value initiates restart of ethernet port and if autonegotiation advertises 1000M-half,1000M-full, the CRS will try to negotiatiate 1Gbps link first before dropping to lower speed.
 
bbs2web
Member Candidate
Member Candidate
Posts: 233
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: v6.43 [current] is released!

Mon Sep 10, 2018 4:08 pm

I'm pleasantly surprised to see that we were unaffected by the authentication changes. We use centralised RADIUS authentication to Active Directory and associate AD security group membership to RouterOS user group permissions. Winbox, SSH and local authentication continues to work...

VirtIO IRQ mapping is however incorrect in that input and output pairs are not bound to the same core.

6.43:
[davidh@router1] > sys resource irq print 
Flags: ro - read-only 
 #    IRQ USERS                                         CPU ACTIVE-CPU         COUNT
 0      1 i8042                                        auto          0            99
 1      6 floppy                                       auto          1             2
 2      9 acpi                                         auto          0             0
 3     11 usb1                                         auto          1            32
 4     12 i8042                                        auto          0             3
 5     14 ide0                                         auto          1         4 718
 6     15 ide1                                         auto          0             0
 7     40 virtio1-config                               auto          1             0
 8     41 virtio1-input.0                              auto          0       882 432
 9     42 virtio1-output.0                             auto          1             1
10     43 virtio1-input.1                              auto          0       586 986
11     44 virtio1-output.1                             auto          1             1
6.43rc12:
[davidh@router2] > sys resource irq print
Flags: ro - read-only 
 #    IRQ USERS                                                    CPU ACTIVE-CPU         COUNT
 0      1 i8042                                                   auto          0           703
 1      6 floppy                                                  auto          1             2
 2      9 acpi                                                    auto          2             0
 3     11 usb1                                                    auto          3     5 083 834
          virtio0                                          
 4     12 i8042                                                   auto          4         1 677
 5     14 ata_piix                                                auto          5             0
 6     15 ata_piix                                                auto          6             3
 7     40 virtio1-config                                          auto          7             0
 8     41 virtio1-requests                                        auto          0       281 478
 9     42 virtio2-config                                          auto          1            30
10 ro  43 virtio2-input.0                                         auto          0 3 251 566 126
11 ro  44 virtio2-output.0                                        auto          0     1 428 823
12 ro  45 virtio2-input.1                                         auto          1 2 303 315 949
13 ro  46 virtio2-output.1                                        auto          1     1 325 156
14 ro  47 virtio2-input.2                                         auto          2 1 446 390 462
15 ro  48 virtio2-output.2                                        auto          2     2 318 597
16 ro  49 virtio2-input.3                                         auto          3 1 738 920 888
17 ro  50 virtio2-output.3                                        auto          3       725 384
18 ro  51 virtio2-input.4                                         auto          4     8 744 012
19 ro  52 virtio2-output.4                                        auto          4     1 913 455
20 ro  53 virtio2-input.5                                         auto          5 1 095 525 257
21 ro  54 virtio2-output.5                                        auto          5     2 561 306
22 ro  55 virtio2-input.6                                         auto          6 4 161 506 922
23 ro  56 virtio2-output.6                                        auto          6       941 292
24 ro  57 virtio2-input.7                                         auto          7    46 834 723
25 ro  58 virtio2-output.7                                        auto          7       947 725

6.43rc12 appears to have gotten this right, 6.43 alternates the CPU assignments so that input for both queues is tied to the same processor...

PS: Yes, we disabled RPS on both routers:
[davidh@router1] > sys resource irq rps print 
Flags: X - disabled 
 #   NAME                                                                        
 0 X ether1
 
edcore
just joined
Posts: 9
Joined: Thu Jun 21, 2018 5:11 pm

Re: v6.43 [current] is released!

Mon Sep 10, 2018 6:05 pm

*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;

No Mode Button for hEX?

Image
Image


https://ibb.co/fAzp79
https://ibb.co/kok1LU
 
User avatar
ErfanDL
Member
Member
Posts: 366
Joined: Thu Sep 29, 2016 9:13 am

Re: v6.43 [current] is released!

Mon Sep 10, 2018 6:05 pm

WoW the speed of winbox windows loading now is very fast.
installed on RB2011UiAS2hND - hAP Lite - RB951Ui without any problem.

Sent from my C6833 using Tapatalk

 
eddieb
Member
Member
Posts: 350
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: v6.43 [current] is released!

Mon Sep 10, 2018 6:31 pm

Upgraded without any issues
RB2011UAS
RB1100
RB750GL
CCR1009
CRS125
RB962UIGS (10x)
CHR
CHR-DUDE
 
User avatar
DimaFIX
just joined
Posts: 12
Joined: Wed Apr 18, 2018 7:46 pm
Location: Ukraine

Re: v6.43 [current] is released!

Mon Sep 10, 2018 6:35 pm

Where can I download btest.exe?
 
bbs2web
Member Candidate
Member Candidate
Posts: 233
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: v6.43 [current] is released!

Mon Sep 10, 2018 6:56 pm

Upgrade a hEX (RB750Gr3) yields the following changes when upgrading from 6.42.7 to 6.43:
/system resource irq rps
set ether1 disabled=no
set ether2 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
Has this default been changed?
 
R1CH
Forum Guru
Forum Guru
Posts: 1108
Joined: Sun Oct 01, 2006 11:44 pm

Re: v6.43 [current] is released!

Mon Sep 10, 2018 7:46 pm

-nm was a winbox issue-
 
DummyPLUG
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Wed Jan 03, 2018 10:17 am

Re: v6.43 [current] is released!

Mon Sep 10, 2018 8:48 pm

10G on CCR1009 ethernet port? cosmetic issue?
Image
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2396
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.43 [current] is released!

Mon Sep 10, 2018 9:02 pm

Upgraded about 7 devices but stopped further upgrading because I can't connect to my hEX any more - user/pass for admin not accepted any more... I can login by ssh-key. I see vptihart also had issues with winbox connectivity.

So be very careful with this upgrade, you may lock yourself out of your device !!
I have similar problem. After upgrade wAP-AC to 6.43 I can´t connet to router wia winbox 3.17 (wrong username or password)
But with the same name and password from neighbour router with mac-telnet it works , webfig also works. :shock:
Reported: Ticket#2018091022006001
Last edited by honzam on Mon Sep 10, 2018 9:23 pm, edited 3 times in total.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12572
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.43 [current] is released!

Mon Sep 10, 2018 9:14 pm

This cosmetic issue can be manually fixed by setting new values of "speed" according to v6.43 defaults:
/interface ethernet print default-config detail
[admin@MikroTik] > /interface ethernet print default-config detail
expected end of command (line 1 column 27)
While command written by @becs, does not work neither in 6.42.7 nor in 6.43, the above issue is cosmetics only. The default value for speed attribute was 100Mbps on 6.42.7 (and earlier) and is 1Gbps since 6.43.

6.42.7:
/interface ethernet 
 /interface ethernet>export
# sep/10/2018 17:58:41 by RouterOS 6.42.7
# software id = TX5S-MT3T
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = XYZWXYZWXYZW
/interface ethernet
set [ find default-name=ether5 ] poe-out=off

 /interface ethernet> set [ find default-name=ether1 ] speed=
1Gbps  10Gbps  10Mbps  100Mbps

 /interface ethernet> print detail
Flags: X - disabled, R - running, S - slave
 0 R  name="ether1" default-name="ether1" mtu=1500 l2mtu=1598
      mac-address=6C:3B:6B:97:25:6F orig-mac-address=6C:3B:6B:97:25:6F
      arp=enabled arp-timeout=auto loop-protect=default
      loop-protect-status=off loop-protect-send-interval=5s
      loop-protect-disable-time=5m auto-negotiation=yes
      advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
      full-duplex=yes tx-flow-control=off rx-flow-control=off speed=100Mbps
      bandwidth=unlimited/unlimited switch=switch1
      
 /interface ethernet> set [ find default-name=ether1 ] speed=1Gbps
 /interface ethernet> export
# sep/10/2018 18:00:21 by RouterOS 6.42.7
# software id = TX5S-MT3T
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = XYZWXYZWXYZW
/interface ethernet
set [ find default-name=ether1 ] speed=1Gbps
set [ find default-name=ether5 ] poe-out=off

 /interface ethernet> print detail
Flags: X - disabled, R - running, S - slave
 0 R  name="ether1" default-name="ether1" mtu=1500 l2mtu=1598
      mac-address=6C:3B:6B:97:25:6F orig-mac-address=6C:3B:6B:97:25:6F
      arp=enabled arp-timeout=auto loop-protect=default
      loop-protect-status=off loop-protect-send-interval=5s
      loop-protect-disable-time=5m auto-negotiation=yes
      advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
      full-duplex=yes tx-flow-control=off rx-flow-control=off speed=1Gbps
      bandwidth=unlimited/unlimited switch=switch1
.
Needless to say that running speed of the port did not change, it was 100Mbps all the time (which is HW limitation of hAP ac).
On 6.43 is just the opposite: if I set speed to 1Gbps, this attribute disappears from exported configuration.
 
John39
just joined
Posts: 21
Joined: Mon Aug 08, 2016 11:17 pm

Re: v6.43 [current] is released!

Mon Sep 10, 2018 9:20 pm

After updating on all my devices I see such a picture.
download/file.php?mode=view&id=33580 download/file.php?mode=view&id=33579
You do not have the required permissions to view the files attached to this post.
 
ivanfm
newbie
Posts: 48
Joined: Sun May 20, 2012 5:07 pm

Re: v6.43 [current] is released!

Mon Sep 10, 2018 9:27 pm

After updating on all my devices I see such a picture.
download/file.php?mode=view&id=33580 download/file.php?mode=view&id=33579
I have found this "setW60Gap" variable in one of my upgraded devices (751G-2HnD).

I have not found any new variables in other 4 devices upgraded (different models).
 
DenisPDA
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Tue Sep 04, 2018 5:42 pm
Contact:

Re: v6.43 [current] is released!

Mon Sep 10, 2018 11:08 pm

After updating on all my devices I see such a picture.
download/file.php?mode=view&id=33580 download/file.php?mode=view&id=33579
Similar problem + broken default script
hAP AC 6.42.7 > 6.43
MT_6.43.jpg
default_script_6.43_bad.txt
script_environment.txt
You do not have the required permissions to view the files attached to this post.
 
User avatar
hknet
Member Candidate
Member Candidate
Posts: 128
Joined: Sun Jul 17, 2016 6:05 pm
Location: Vienna, Austria
Contact:

Re: v6.43 [current] is released!

Mon Sep 10, 2018 11:44 pm

Do I read this correctly as _no_ routerboard-firmware upgrade is usually required coming from 6.43rc or 6.42.7?

thx
hk
 
User avatar
hknet
Member Candidate
Member Candidate
Posts: 128
Joined: Sun Jul 17, 2016 6:05 pm
Location: Vienna, Austria
Contact:

Re: v6.43 [current] is released!

Tue Sep 11, 2018 12:01 am

*bridge - added per-port based "tag-stacking" feature

trying to wrap my head around this vs the (previous) QinQ support by using ethertype=0x88a8

if I'm not mistaken this is now the more common support for QinQ using 0x8100 frames packing another 0x8100 frame into it (aka stacking).

my question here: if I set the bridge ethertype to 0x88a8 and then use per port stacking are still 0x8100 frames stacked or is this setup simply mutually exclusive to each other?

thx
hk
 
User avatar
poggs
just joined
Posts: 7
Joined: Mon May 07, 2018 5:33 pm
Location: London, UK
Contact:

Re: v6.43 [current] is released!

Tue Sep 11, 2018 12:39 am

Serious problems here upgrading a 2011UiAS from the final -rc: it failed to load the new kernel image and went in to Ether Boot mode almost straight away. I NetInstall'd 6.43 on to it, rebooted and all was fine until I power-cycled, at which time we were back to the same problem as before.

The only way around this I've found is to force backup-booter loading, so I'm on RouterBOOT-3.41, and the router will survive a power-cycle.

Has anyone else seen this issue, or can anyone recommend a better fix?
 
rmccracken
just joined
Posts: 3
Joined: Tue Sep 11, 2018 12:41 am

Re: can't login with password on 6.43

Tue Sep 11, 2018 12:47 am

After `6.42.7` -> `6.43` and `/system routerboard upgrade`, login into the box doesn't accept the password anymore. Winbox: `wrong username or password`, ssh: keeps asking for password again and again. Lucky me having a ssh-key there.

It's `RB SXT G-5HPacD`, firmware-type: qca9550, factory-firmware: 3.14, current-firmware: 6.43, upgrade-firmware: 6.43. Using winbox 3.16.

Should anyone want supout.rif, email me.

Edit: Running `/ip ssh set always-allow-password-login=yes` after upgrade to 6.43 restores SSH password login. Winbox password login fails still.

Edit2:
Set the password to the same as before (/user set admin password=password1) -> winbox: `wrong username or password`
Set new password (/user set admin password=password2) -> winbox: login works again
Reset to the original pre-upgrade password (/user set admin password=password1) -> winbox: login still works.


Seeing exact same issue on CCR-1016. Is there a fix or work around? Our only backup file is currently on device, will hard resetting device remove backup file?
 
eider
newbie
Posts: 32
Joined: Thu Nov 30, 2017 10:14 pm

Re: v6.43 [current] is released!

Tue Sep 11, 2018 1:23 am

Since updating RouterBOOT to 6.43 I can now see "Boot OS" option under Routerboard->Settings for cAP lite. I'm pretty sure that cAP lite does not support SwOS.

Image
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.43 [current] is released!

Tue Sep 11, 2018 1:30 am

10G on CCR1009 ethernet port? cosmetic issue?
I'm getting the same thing on my hAP ac gig ethernet ports.

Also, like a previous poster, since the upgrade, Winbox is now opening up incredibly quickly. Why is it so fast now compared to earlier versions?
 
UpRunTech
Member Candidate
Member Candidate
Posts: 238
Joined: Fri Jul 27, 2012 12:11 pm

Re: v6.43 [current] is released!

Tue Sep 11, 2018 3:18 am

Hardware accelerated IPsec for 3011 is not included in this release. Unfortunately, we could not get it working stable enough in time. It will be available in 6.44.
Is this a driver you guys had to wrote from scratch? I am surprised it's taken so long but I still appreciate that it's coming.

I don't think you should release that summer intern from the basement until they have it working properly.

I too noticed Winbox loads my pile of open windows much faster too.
 
User avatar
Paternot
Forum Guru
Forum Guru
Posts: 1020
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v6.43 [current] is released!

Tue Sep 11, 2018 4:18 am

I don't think you should release that summer intern from the basement until they have it working properly.
Yeah. Throw him in the basement, and make him work! To get faster results, lock the door. :D
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.43 [current] is released!

Tue Sep 11, 2018 6:42 am

Hi,

I have found an issue with v6.43, when it comes to upgrade space on hAP lite.

hAP lite is unable to upgrade from 6.42.7 to 6.43 if both the main package and TR-069 package are installed. I have to remove the TR-069 package to get enough free space to upgrade the hAP lite. No other files on router. I was able to reinstall the TR-069 package afterwards.

Other device models seem to be fine.
 
Tomato
just joined
Posts: 1
Joined: Tue Sep 11, 2018 8:43 am

Re: v6.43 [current] is released!

Tue Sep 11, 2018 8:49 am

Hi, I've found issue in 6.43 when creating/editing new user via web interface.

I can't edit user name, as a result all users are created with default names userXX
Look at pictures below to see this more clearly.
Снимок экрана от 2018-09-11 08-47-29.png
Снимок экрана от 2018-09-11 08-33-28.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
fiberwave
just joined
Posts: 8
Joined: Mon Feb 10, 2014 6:20 pm
Location: Nyíregyháza, Hungary
Contact:

Re: v6.43 [current] is released!

Tue Sep 11, 2018 8:58 am

10G on CCR1009 ethernet port? cosmetic issue?
Image
It's just advertising, not equal with the port's capabilities - they'll correct this I think.
 
eider
newbie
Posts: 32
Joined: Thu Nov 30, 2017 10:14 pm

Re: v6.43 [current] is released!

Tue Sep 11, 2018 9:13 am

Hi, I've found issue in 6.43 when creating/editing new user via web interface.
I believe editing being blocked is intentional. Definitely a bug when creating new user however.
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 254
Joined: Thu Nov 05, 2015 12:30 pm

Re: v6.43 [current] is released!

Tue Sep 11, 2018 11:56 am

upgraded hAP, with empty password I can confirm bug, it is no longer possible to login
 
Resnais
just joined
Posts: 17
Joined: Mon Feb 09, 2015 10:13 pm

Re: v6.43 [current] is released!

Tue Sep 11, 2018 2:18 pm

SXT LTE (1st gen):

1) On device startup it does not populate the route list correctly (does not add the LTE interface subnet in the route list). Have to disable/enable interface after startup so it would work correctly.
2) Passthrough interface option now showing in the LTE APN's section. Does it work now, or 6.43 does not check the device model?

Thank you,

Resnais
 
uldis
MikroTik Support
MikroTik Support
Posts: 3446
Joined: Mon May 31, 2004 2:55 pm

Re: v6.43 [current] is released!

Tue Sep 11, 2018 2:49 pm

SXT LTE (1st gen):

1) On device startup it does not populate the route list correctly (does not add the LTE interface subnet in the route list). Have to disable/enable interface after startup so it would work correctly.
2) Passthrough interface option now showing in the LTE APN's section. Does it work now, or 6.43 does not check the device model?

Thank you,

Resnais
1) please make support output file when this happens and then another file when it is ok after disable/enable. Send those files to support@mikrotik.com
2) No the first generation SXT doesn't support it as it is mentioned in the wiki page.
 
User avatar
apteixeira
Trainer
Trainer
Posts: 50
Joined: Fri Oct 05, 2012 5:54 pm

Re: v6.43 [current] is released!

Tue Sep 11, 2018 3:18 pm

Hello,

We just upgrade two CHR on AWS to last version of RouterOS and now we are not able to login.
Winbox: wrong username or password
SSH: Access denied

Any advice?

Regards.
 
InoX
Forum Guru
Forum Guru
Posts: 1966
Joined: Tue Jan 09, 2007 6:44 pm

Re: v6.43 [current] is released!

Tue Sep 11, 2018 3:21 pm

In 12 hours I had to reboot two times my RB951ui router to get internet working again after the upgrade.
Never happened this before the upgrade.
First time setup on LHG5 user admin can't be changed, you must make one more user and delete admin after. I never user admin as username.
 
rmccracken
just joined
Posts: 3
Joined: Tue Sep 11, 2018 12:41 am

Re: v6.43 [current] is released!

Tue Sep 11, 2018 5:20 pm

Hello,

We just upgrade two CHR on AWS to last version of RouterOS and now we are not able to login.
Winbox: wrong username or password
SSH: Access denied

Any advice?

Regards.
Any luck with this issue? We are having same problem.
 
nostromog
Member Candidate
Member Candidate
Posts: 226
Joined: Wed Jul 18, 2018 3:39 pm

Re: v6.43 [current] is released!

Tue Sep 11, 2018 5:25 pm

I upgraded one hAPac to 6.43 about 27 hours ago, everything is working well as far as I can tell. I'll upgrade our other machines during the weekend.

The machine I upgraded was the one running 6.43rc64 before (never got time to test the last rc).
it looks much faster now, but I guess rc are built with debug options while "current" releases are not.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2396
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.43 [current] is released!

Tue Sep 11, 2018 5:33 pm

Hello,

We just upgrade two CHR on AWS to last version of RouterOS and now we are not able to login.
Winbox: wrong username or password
SSH: Access denied

Any advice?
mac telnet a web access works for me
 
WebLuke
just joined
Posts: 14
Joined: Wed Feb 04, 2015 1:30 am

Re: v6.43 [current] is released!

Tue Sep 11, 2018 6:02 pm

Found 2 things.

First my RouterBOARD wAP G-5HacT2HnD (US Version I think), I have been able to login with MAC SSH though from another device in winbox. But on the same network, using Winbox 3.17 I am unable to login (wrong username or password) using the IP or MAC. I have not tried to reset the password though SSH but this is the only device I have of a few types that have had this problem.

Second I have 3 RouterBOARD cAP Gi-5acD2nD, 2 are the US version, 1 International version. The 2 US versions have a defconf scrip for "dark-mode" that looks like it just turns the LEDs on or off. Yet the International version dose not have this script. And it seems like this script should actually just be a menu check in the System>LEDs menu.
 
eifLZ9D8zSwW
just joined
Posts: 10
Joined: Sat May 30, 2015 10:26 am

Re: v6.43 [current] is released!

Tue Sep 11, 2018 8:27 pm

Hi,
I have some problem with fetch tool (ftp). Since I upgraded from 6.42.5 to 6.42.7 (on 6.43 it's still the same) my backup script isn't working. The fetch tool opens tcp conenction to ftp server and create files with 0bytes size, then timeout. I read the release notes but I haven't found anything about fetch. I have another rb750gr3 still on 6.42.5 and it's working fine, so my server is ok.

importatnt part of the script:
/tool fetch address="$ftphost" port=$ftpport src-path=$fname3 user="$ftpuser" mode=ftp password="$ftppassword" dst-path="$ftppath/$fname3" upload=yes

Any tips?

Mikrotik RB750Gr3.
thx
 
User avatar
jp
Long time Member
Long time Member
Posts: 610
Joined: Wed Mar 02, 2005 5:06 am
Location: Maine
Contact:

Re: v6.43 [current] is released!

Tue Sep 11, 2018 9:42 pm

*) ssh - disconnect all active connections when device gets rebooted or turned off;
This is awesome! Thank you
 
User avatar
Nevon
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Thu Sep 05, 2013 6:06 pm
Location: Sweden
Contact:

Re: v6.43 [current] is released!

Tue Sep 11, 2018 10:12 pm

IPsec..

I have two CCR1009 where I have L2TP/Ipsec tunnel between them. Sins 6.42.7 I have problem that I have almost 10% packet loss.. when I ping if I ping the other side of the tunnel.
I have 0% loss if I ping Internet IP outside the tunnel.
Both of the CCR have other L2TP/Ipsec tunnels to other sites and they dont have that problem..
Someone who knows where to look for errors?...

If I look at the ping results it pings 30ping and then 3 ping gets lost.. and then 30 ping.. and 3 lost...
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 10840
Joined: Mon Dec 04, 2017 9:19 pm

Re: v6.43 [current] is released!

Tue Sep 11, 2018 10:49 pm

Both of the CCR have other L2TP/Ipsec tunnels to other sites and they dont have that problem..
The only thing which comes to my mind is to check that the auth and enc algorithms in the proposal used between these two peers aren't unique among all the other tunnels, and if they are, change them for a test to some other ones which work on the other tunnels.
 
gondim
just joined
Posts: 7
Joined: Fri Feb 08, 2008 6:56 pm

Re: v6.43 [current] is released!

Tue Sep 11, 2018 10:58 pm

Hi all,

DHCPv6 PD Pool (PPP Profile) not work anymore. 6.40.9 work fine.

[]´s
Gondim
 
usx
newbie
Posts: 26
Joined: Sun Oct 27, 2013 7:30 pm

Re: v6.43 [current] is released!

Wed Sep 12, 2018 1:34 am

Had no issues when upgrading the following devices

1- RB450G
2- hEX 750 r3
3- hAP
4- RB951Ui-2nD
5- 2011UiAS-2HnD
6- mAP 2n
7- RB450G
 
rmccracken
just joined
Posts: 3
Joined: Tue Sep 11, 2018 12:41 am

Re: v6.43 [current] is released!

Wed Sep 12, 2018 1:41 am

Hello,

We just upgrade two CHR on AWS to last version of RouterOS and now we are not able to login.
Winbox: wrong username or password
SSH: Access denied

Any advice?
mac telnet a web access works for me

We tried Mac telnet and same issue. Does anyone know if we hard reset device will it clear the backups stored on device?
 
ksbravo
just joined
Posts: 1
Joined: Wed Sep 12, 2018 6:20 am

Re: v6.43 [current] is released!

Wed Sep 12, 2018 6:27 am

Hello,

After updating 6.42.7 > 6.43 mikrotik stopped browsing RB750GR3.

Has anyone had a similar problem?

Before the upgrade was working perfectly. The biggest problem is that I just forgot to backup.
 
CsXen
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Wed Sep 10, 2014 8:31 pm
Location: Budapest - Hungary

Re: v6.43 [current] is released!

Wed Sep 12, 2018 6:57 am

Hi.
We tried Mac telnet and same issue. Does anyone know if we hard reset device will it clear the backups stored on device?

Hard reset did not erase FILES on RouterBoard NAND storage... I tried it yesterday on our RB750GL. :) (If hard reset is: pushing reset, while powering up to go back default config.)

Best regards: CsXen
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 10840
Joined: Mon Dec 04, 2017 9:19 pm

Re: v6.43 [current] is released!

Wed Sep 12, 2018 8:51 am

We tried Mac telnet and same issue. Does anyone know if we hard reset device will it clear the backups stored on device?
It depends on the version which was there before and how you have stored the backups. Since 6.? (sorry, I don't know exactly), you have to use a file name starting with flash/ to have that file stored permanently, otherwise it ends up on the ramdisk partition. So if you did so, you can be sure the backup file survives the restoration of default configuration; if you didn't, it still may survive if the upgrade process took into account this approach change but I'm far from sure here.
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 203
Joined: Wed Aug 09, 2017 1:15 pm

Re: v6.43 [current] is released!

Wed Sep 12, 2018 10:25 am

The comment column is missing in ipsec peer menu in winbox, and my id is shown twice
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1087
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.43 [current] is released!

Wed Sep 12, 2018 10:35 am

We tried Mac telnet and same issue. Does anyone know if we hard reset device will it clear the backups stored on device?
It depends on the version which was there before and how you have stored the backups. Since 6.? (sorry, I don't know exactly), you have to use a file name starting with flash/ to have that file stored permanently, otherwise it ends up on the ramdisk partition. So if you did so, you can be sure the backup file survives the restoration of default configuration; if you didn't, it still may survive if the upgrade process took into account this approach change but I'm far from sure here.
This does not depend on the RouterOS version but the device.
 
mediana
just joined
Posts: 10
Joined: Tue Feb 04, 2014 9:03 am

Re: v6.43 [current] is released!

Wed Sep 12, 2018 11:51 am

After upgrade from 6.42.7 to 6.43, the L2TP/IPSec VPN between ROS and Draytek Vigor 2920 broken.
It showed failed to get valid proposal and failed to pre-process ph1 packet(side:1, status 1)
Downgrade to 6.42.7 and it worked as usual.
 
User avatar
Neski
just joined
Posts: 19
Joined: Mon Aug 14, 2017 8:43 am
Location: Poland

Re: v6.43 [current] is released!

Wed Sep 12, 2018 1:14 pm

After upgrade from 6.42.7 to 6.43, the L2TP/IPSec VPN between ROS and Draytek Vigor 2920 broken.
It showed failed to get valid proposal and failed to pre-process ph1 packet(side:1, status 1)
Downgrade to 6.42.7 and it worked as usual.
Someone in other post write about default settings - just need to change option in L2TP/IPSec or load configuration once again
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 207
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: v6.43 [current] is released!

Wed Sep 12, 2018 1:43 pm

We have a huge memory leak on the new 6.43 code running on our CRS317's. Some devices seem to be more affected than others, but within 10hrs the device reboots due to low memory.
You do not have the required permissions to view the files attached to this post.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.43 [current] is released!

Wed Sep 12, 2018 2:09 pm

After upgrade from 6.42.7 to 6.43, the L2TP/IPSec VPN between ROS and Draytek Vigor 2920 broken.
It showed failed to get valid proposal and failed to pre-process ph1 packet(side:1, status 1)
Downgrade to 6.42.7 and it worked as usual.
Can you please send supout.rif file to support@mikrotik.com ?
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 203
Joined: Wed Aug 09, 2017 1:15 pm

Re: v6.43 [current] is released!

Wed Sep 12, 2018 3:31 pm

We have a huge memory leak on the new 6.43 code running on our CRS317's. Some devices seem to be more affected than others, but within 10hrs the device reboots due to low memory.
I encountered the same problem on a CCR while it was still rc. MT Support was unable to reproduce / fix it.
Only a netinstall solved it for me. I could restore the old config without further problems, though.
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 207
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: v6.43 [current] is released!

Wed Sep 12, 2018 3:45 pm

We have a huge memory leak on the new 6.43 code running on our CRS317's. Some devices seem to be more affected than others, but within 10hrs the device reboots due to low memory.
I encountered the same problem on a CCR while it was still rc. MT Support was unable to reproduce / fix it.
Only a netinstall solved it for me. I could restore the old config without further problems, though.
Thanks for the heads-up. Ive been asked to generate a support output close to when the device runs out of memory and then one just after its rebooted. I'm just wondering how a netinstall would fix the issue? Does it clear out something?
 
hzdrus
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Mon May 14, 2012 3:58 pm

Re: v6.43 [current] is released!

Wed Sep 12, 2018 4:20 pm

I'm pleasantly surprised to see that we were unaffected by the authentication changes. We use centralised RADIUS authentication to Active Directory and associate AD security group membership to RouterOS user group permissions. Winbox, SSH and local authentication continues to work...
Windows AD should be ok since MS-CHAPv2 is a Microsoft invention - and being that, not really secure. The reasons for breaking compatibility with non-MS 2FA products are not clear to me, in any case PAP/CHAP requests can still be tunneled via IPSEC etc to ensure security ...
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: v6.43 [current] is released!

Wed Sep 12, 2018 4:21 pm

Hi

Upgraded from 6.42.7 on SXT LTE Kit (gen2), with LTE in pass-through. The host (dhcp client) received 100.x/32 address with 10.177.0.1 as "gw / remote point" ip.
Routing tables was updated too: with a DAC for 10.177.0.1 + backup route for 0/0 over same interface.
So far so good.

But, there was no ip connectivity. tried pinging usual suspects over lte: 8.8.4.4, 208.67.220.220, with no joy.

Then I've reverted back to 42.7 and connectivity returned.

Any idea what went wrong?

Thx
Seb
Last edited by sebastia on Wed Sep 12, 2018 8:54 pm, edited 1 time in total.
 
WebLuke
just joined
Posts: 14
Joined: Wed Feb 04, 2015 1:30 am

Re: v6.43 [current] is released!

Wed Sep 12, 2018 6:30 pm

I have now noticed that my CRS125-24G-1S-2HnD is running out of memory, with 6.43.7 it ran around 95MB of free memory, with 6.43 it was down to 34MB free, over night it is now down to 31MB free. Good thing it don't have too much traffic going though this as multiple people are reporting reboots. Attached is a graph showing it slowly increase usage of memory.
We have a huge memory leak on the new 6.43 code running on our CRS317's. Some devices seem to be more affected than others, but within 10hrs the device reboots due to low memory.
You do not have the required permissions to view the files attached to this post.
 
fctsu001
just joined
Posts: 1
Joined: Wed Sep 12, 2018 6:19 pm

Re: v6.43 [current] is released!

Wed Sep 12, 2018 7:02 pm


"DHCPv6 PD Pool (PPP Profile) not work anymore."

i'v got this problem too.
When connection established, dinamic DHCPv6 server creating, but client not get address from pool.
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 207
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: v6.43 [current] is released!

Wed Sep 12, 2018 7:18 pm

I have now noticed that my CRS125-24G-1S-2HnD is running out of memory, with 6.43.7 it ran around 95MB of free memory, with 6.43 it was down to 34MB free, over night it is now down to 31MB free. Good thing it don't have too much traffic going though this as multiple people are reporting reboots. Attached is a graph showing it slowly increase usage of memory.
I sent 3 support output files 90%, 98% and then after the reboot 5%... at 98% the system was trying to swap as the SPI process ran at 100% on 1 CPU. I have a change at 3am to downgrade the switches back to 6.42.7 and hope the VLANs work with some of our providers.
 
User avatar
Ferrograph
Member Candidate
Member Candidate
Posts: 155
Joined: Wed Mar 07, 2012 4:05 am

Re: v6.43 [current] is released!

Thu Sep 13, 2018 2:26 am

Ive just got RBSXTR. LTE passthrough is broken. I've seen reports that it works on 6.42.7 but I've tried downgrading and it doesn't work. See my post here:

viewtopic.php?f=2&t=139038

Basically the DHCP relay part works but packets dont flow, "host not reachable" etc in traceroute tests.

I dont understand the /32 address change noted in the release notes, whats that about and why is it only for R11e modems?
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.43 [current] is released!

Thu Sep 13, 2018 2:42 am

Windows AD should be ok since MS-CHAPv2 is a Microsoft invention - and being that, not really secure. The reasons for breaking compatibility with non-MS 2FA products are not clear to me, in any case PAP/CHAP requests can still be tunneled via IPSEC etc to ensure security ...
For us this change is welcome, since we use Microsoft Windows NPS as a RADIUS server for login to our devices. Since Winbox previously required PAP/CHAP, we had to store user passwords with reversible encryption in active directory to allow RADIUS based Winbox login (SSH always worked without this, since it supported MS-CHAPv2). Now we no longer need to do this, and can instead keep the more secure default of encrypted passwords in AD. It would be nice though if MikroTik had a solution to the 2FA issue - perhaps allowing EAP?
 
wojo
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Tue Aug 21, 2018 4:37 am

Re: v6.43 [current] is released!

Thu Sep 13, 2018 4:57 am

Found a LOG problem with an IPv6 DHCP-CLIENT. The log says there was an error adding the dynamic prefix pool, but it actually is created correctly. Cosmetic problem?
dhcp,error failed to add ipv6 pool MYPOOL: ok
.....
.......
Yes, I have a similar issue:with the current release 6.43
dhcp,error failed to add ipv6 pool rogers-ipv6: ok
but it actually is created correctly.
Same here!
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 207
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: v6.43 [current] is released!

Thu Sep 13, 2018 10:05 am

I sent 3 support output files 90%, 98% and then after the reboot 5%... at 98% the system was trying to swap as the SPI process ran at 100% on 1 CPU. I have a change at 3am to downgrade the switches back to 6.42.7 and hope the VLANs work with some of our providers.
The next 6.44beta version should contain a fix which needs to be tested.
 
DummyPLUG
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Wed Jan 03, 2018 10:17 am

Re: v6.43 [current] is released!

Thu Sep 13, 2018 10:17 am

After update to 6.43 sometime the time will show in future, the correct link down time should be around Sep/13/2018 3:40 AM
from syslog:
03:40:18 interface,info ether3 link down
03:40:33 interface,info ether3 link up (speed 100M, full duplex)
03:40:36 interface,info ether3 link down
03:40:39 interface,info ether3 link up (speed 100M, full duplex)

Image
 
ofer
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Wed May 23, 2018 11:45 am

Re: v6.43 [current] is released!

Thu Sep 13, 2018 10:43 am

I upgraded software and firmware for 3 x HapAC, No issues so far.

Thanks!
 
User avatar
colinardo
just joined
Posts: 19
Joined: Sun Jan 08, 2017 9:02 pm

Re: v6.43 [current] is released!

Thu Sep 13, 2018 11:50 am

@wojo

Found a LOG problem with an IPv6 DHCP-CLIENT. The log says there was an error adding the dynamic prefix pool, but it actually is created correctly. Cosmetic problem?
dhcp,error failed to add ipv6 pool MYPOOL: ok
.....
.......
Yes, I have a similar issue:with the current release 6.43
dhcp,error failed to add ipv6 pool rogers-ipv6: ok
but it actually is created correctly.
Same here!

This is only a cosmetic issue and will be resolved in next release. Mikrotik support already answered this some posts above.

See
DHCPv6 error log message is a cosmetic issue which also will be fixed soon. This error actually tells that there is no error.
 
tesme33
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Mon May 26, 2014 10:25 pm

Re: v6.43 [current] is released!

Thu Sep 13, 2018 12:31 pm

admin password after upgrade EMPTY.

I discovered that the admin pass is empty after the upgrade. So could login without ANY pass.

Below how i fixed it.

[admin@MikroTik] >
11:31:18 echo: system,error,critical login failure for user admin from EC:8E:B5:5B:4E:92 via win
box
[admin@MikroTik] >
11:31:19 echo: system,error,critical login failure for user admin from EC:8E:B5:5B:4E:92 via win
box
[admin@MikroTik] > /ip ssh set always-allow-password-login=ye
[admin@MikroTik] > /user set admin password=PASSWORD
[admin@MikroTik] >
 
User avatar
indnti
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Thu Nov 09, 2006 11:53 am

Re: v6.43 [current] is released!

Thu Sep 13, 2018 1:16 pm

After reading all this posts I fear that there is a high probability to have a poor device after the upgrade.
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1768
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.43 [current] is released!

Thu Sep 13, 2018 1:44 pm

admin password after upgrade EMPTY.
Scared the s**t out of me....
But - no it isn't, at least not for me!! 10+ routers no such issue

what devices?
what version did you upgrade from?

there have been rare cases in the past when part of configuration gets lost on upgrade. when was last time you Neinstalled that devices?
 
dg1kwa
just joined
Posts: 19
Joined: Tue Aug 17, 2010 12:32 pm
Location: Monheim

Re: v6.43 [current] is released!

Thu Sep 13, 2018 2:58 pm

L2TP/IPSec still not working. This problem start after upgrade so 6.42.7. Version before work perfect :(
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.43 [current] is released!

Thu Sep 13, 2018 4:12 pm

L2TP/IPsec works properly for me on 6.42.7 and 6.43, must be something specific to your configuration or network. Have you sent a supout.rif file to support@mikrotik.com?
 
Elliot
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Tue May 30, 2017 3:04 pm

Re: v6.43 [current] is released!

Thu Sep 13, 2018 5:49 pm

For those guys that say they got locked out from winbox. Please DO READ THE CHANGELOG. You now have to log with winbox no older than 3.15 ;)

Also great Job gus for fixing those security holes. But please check from time to time 0dayz for any upcomming exploits. I'm sure they are looking forward to break into RouterOS again...
 
mvalsasna
just joined
Posts: 18
Joined: Tue Sep 30, 2014 2:10 pm

api change isn't - Re: v6.43 [current] is released!

Thu Sep 13, 2018 6:50 pm

regarding this change:
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);

as we have an application based on Net_RouterOS library (https://github.com/pear2/Net_RouterOS/), which is long unmantained, I tried 6.43, expecting it to break our application.

instead, it kept working normally. I sniffed traffic, and login is still performed in the pre-v6.43 style.

can you please clarify? is the old login method still supported? how long will it be supported?

tnx

MAtteo


Login method pre-v6.43:
/login
!done
=ret=ebddd18303a54111e2dea05a92ab46b4
/login
=name=admin
=response=001ea726ed53ae38520c8334f82d44c9f2
!done

Login method post-v6.43:
/login
=name=admin
=password=
!done
 
ehsanorveh
just joined
Posts: 3
Joined: Thu Sep 13, 2018 8:26 pm

Re: v6.43 [current] is released!

Thu Sep 13, 2018 8:33 pm

Hi
I have Mikrotik rb1100AHx2 and update Router OS to 6.43, After that The user have SSTP vpn connection, there connection lost after seconds, any body have this problem?
 
whitbread
Member Candidate
Member Candidate
Posts: 119
Joined: Fri Nov 08, 2013 9:55 pm

Re: v6.43 [current] is released!

Thu Sep 13, 2018 9:59 pm

*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
Just testet 6.43 on a hap ac2 - everything went smooth so far.

As I am struggling for the best way to deal with my setup I did performance tests anyway. Just wanted to let you know that there is a performance improvement when using VLAN aware bridges but you have to use a magnifying glass. My values did increase from 360 to 380 Mbps w/o IP-Filtering and 345 to 365 Mbps w/ IP-Filtering, unfortunately far away from wire speed.
So bad you cannot use switch chip together with bridges anymore :(
 
kriszos
just joined
Posts: 23
Joined: Thu Dec 21, 2017 3:08 pm

Re: v6.43 [current] is released!

Thu Sep 13, 2018 10:05 pm

I updated my hAP ac^2 from 6.42.7 and upgraded firmware
after update my cpu usage rise from 2% to 30% and dhcp stopped working. export also hang out after /interface wireless. reboots doesn't helps. Downgraded to 6.42.7 now is working fine again.
I updated it again with same result.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12572
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.43 [current] is released!

Thu Sep 13, 2018 11:12 pm

So bad you cannot use switch chip together with bridges anymore :(
You can definitely use VLANs in "hybrid" mode ... do the VLAN filtering on switch chip (/interface ethernet switch) and "new bridge" (without using bridge vlan functionality) with individual ports as members.

Regarding low speed: I suspect your configuration is not optimal. I conducted some tests using VLANs on bridge (SW implementation) and I could achieve wire speed for port-to-port transfers (without any filtering) while CPU utilization was around 30% of a single core (8% overall CPU utilization).
 
User avatar
Railander
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Thu Jun 16, 2016 11:30 pm

Re: v6.43 [current] is released!

Thu Sep 13, 2018 11:30 pm

Don't know if it's already been mentioned, but I can no longer change the name of a user in /user
It's not only the default user, it applies even to newly created users.
> user set admin name=test
failure: user name can't be changed
 
ozone
newbie
Posts: 26
Joined: Wed Jul 18, 2018 1:23 am

Re: v6.43 [current] is released!

Thu Sep 13, 2018 11:46 pm

Upgraded Hap-lite (rb941) from 6.42.6 to 6.43 (Ros+Routerboot), and now internal dhcpv4-client (from an external DNSMASQ server) does not work anymore.
The RB does not get an valid IP anymore. (stays on "searching").
If you reboot the hap-lite, the hap-lite DOES get an IP... But when you request an IP while running, you do not.
If DHCP-server is another routerboard, no issue exists, only with DNSMASQ dhcp-server.

Tried also upgrading a HAP-ac to 6.43, then there is NO DHCPv4-client issue with external dnsmasq DHCP-servers. (with identical config as hap-lite)

Second issue on hap-lite is the reduced wifi performance. Drops about 30%.

Went back to 6.42.7 on hap-lite, and internal dhcpv4-client works again (from dnsmasq), and wifi speed is back up.

Thirdly, HAP-lite still has no ramdisk functionality like HAP-ac, so upgrading is a real pain in the *ss!
If you have a few saved config files on there, you can be happy to get upgrading working with ONLY system and wireless package.
Anything beyond that, and disk is full. No errormessage though, so a reboot then usually ends up in a bricked device where only netinstall will help out.
Had this a few times already on the hap-lite.
16MB flash is simply to small :(
 
ozone
newbie
Posts: 26
Joined: Wed Jul 18, 2018 1:23 am

Re: v6.43 [current] is released!

Fri Sep 14, 2018 12:04 am

Oh Yeah,

Anyone tested what happens when you choose "SWos" in system->routerboard->settings->boot-os ?
(on a device that normally does not support that)

:)
 
schadom
Member Candidate
Member Candidate
Posts: 156
Joined: Sun Jun 25, 2017 2:47 am

Re: v6.43 [current] is released!

Fri Sep 14, 2018 1:52 am

Upgraded two CCRs to 6.43 and no issues (including the described ones above) so far.
Only thing we noticed that the OpenVPN bridge was disabled after upgrading and we had to re-enable it manually.

*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
S-RJ01 SFP's are still shown with "Connector Type: LC" on 6.43 and Winbox v3.17 at least in our case.
 
Cal5582
just joined
Posts: 14
Joined: Wed Feb 28, 2018 5:04 pm

Re: v6.43 [current] is released!

Fri Sep 14, 2018 2:32 am

just had 6.43 break my RBM11G + R11e-5HacT wireless access point. after the update my mpcie card would no longer pick up but would display a red and yellow light. tried reseating card but no luck. restored back to mmips 6.42.7 and everything came back up and worked. looks to be a software issue. any way i can report this bug?
 
ste
Forum Guru
Forum Guru
Posts: 1932
Joined: Sun Feb 13, 2005 11:21 pm

Re: v6.43 [current] is released!

Fri Sep 14, 2018 9:09 am

Updated a new CCR to 6.43. Added some bridges and then some vlans to the bridges. One vlan does not show as slave of the bridge. I guess a problem of the bridge changes. So I downgraded to stable. This bricked the ccr. Hangs with starting services. Netinstalled 6.43 and started over. So sure stable and long term matches the truth ?

Just a small rant after wasting 2 hours with "stable" software. Just call it "current" again ...
 
dg1kwa
just joined
Posts: 19
Joined: Tue Aug 17, 2010 12:32 pm
Location: Monheim

Re: v6.43 [current] is released!

Fri Sep 14, 2018 10:18 am

L2TP/IPsec works properly for me on 6.42.7 and 6.43, must be something specific to your configuration or network. Have you sent a supout.rif file to support@mikrotik.com?
when I have a little time I send. I not change any configuration last time.
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 203
Joined: Wed Aug 09, 2017 1:15 pm

Re: v6.43 [current] is released!

Fri Sep 14, 2018 12:09 pm

After updating CCR1009 to 6.43 there is a problem with port stability! Has anyone else encountered such a problem?
I doubt this is a software issue. Seems only one port is affected.
I don't have such a problem on my CCR1009.
 
lomayani
just joined
Posts: 19
Joined: Sat Jun 17, 2017 7:21 am

Re: v6.43 [current] is released!

Fri Sep 14, 2018 12:46 pm

I updated my hAP ac^2 from 6.42.7 and upgraded firmware
after update my cpu usage rise from 2% to 30% and dhcp stopped working. export also hang out after /interface wireless. reboots doesn't helps. Downgraded to 6.42.7 now is working fine again.
I updated it again with same result.
I seen the issue with dhcp stop working. check in dhcp server if you have dhcp server configured with unknown interface, if you have remove that and upgrade to 6.43. When you have dhcp-server configured with unkwnon interface and upgrade to 6.43 will cause dhcp to stop working
 
whitbread
Member Candidate
Member Candidate
Posts: 119
Joined: Fri Nov 08, 2013 9:55 pm

Re: v6.43 [current] is released!

Fri Sep 14, 2018 2:18 pm

So bad you cannot use switch chip together with bridges anymore :(
You can definitely use VLANs in "hybrid" mode ... do the VLAN filtering on switch chip (/interface ethernet switch) and "new bridge" (without using bridge vlan functionality) with individual ports as members.
Not sure if I understand you correctly - using bridge with hw offloading, then bridging vlan interfaces of 'switch bridge' to new plain bridges? I am using this config on my rb2011, but I thought it is blacklisted by Mikrotik?!?

Regarding low speed: I suspect your configuration is not optimal. I conducted some tests using VLANs on bridge (SW implementation) and I could achieve wire speed for port-to-port transfers (without any filtering) while CPU utilization was around 30% of a single core (8% overall CPU utilization).
Not sure if we are talking about the same here - I am doing real world tests with tcp and smb reaching 114MB/s when switching or bridging, but I need the filtering. So at the moment you turn on IP filtering with some rules present, performance breaks down to ~50% while cpu on hap ac2 is maxed out. Using VLAN aware bridges is even worse.
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 207
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: v6.43 [current] is released!

Fri Sep 14, 2018 2:51 pm

After updating CCR1009 to 6.43 there is a problem with port stability! Has anyone else encountered such a problem?
Nope, CCR1016, CCR1036 and CCR1072's all behaving.....
 
thg3x
just joined
Posts: 11
Joined: Sat Apr 15, 2017 1:40 pm

Re: v6.43 [current] is released!

Fri Sep 14, 2018 2:54 pm


"DHCPv6 PD Pool (PPP Profile) not work anymore."

i'v got this problem too.
When connection established, dinamic DHCPv6 server creating, but client not get address from pool.
I had the same problem.
The dynamic server is created, but the client router does not receive the pool.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12572
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.43 [current] is released!

Fri Sep 14, 2018 3:52 pm

You can definitely use VLANs in "hybrid" mode ... do the VLAN filtering on switch chip (/interface ethernet switch) and "new bridge" (without using bridge vlan functionality) with individual ports as members.
Not sure if I understand you correctly - using bridge with hw offloading, then bridging vlan interfaces of 'switch bridge' to new plain bridges? I am using this config on my rb2011, but I thought it is blacklisted by Mikrotik?!?
I mean the setup I discussed in this thread where I posted functionally identical setups, both done on then current ROS 6.42.7, one using switch chip VLAN and the other using bridge VLAN setup.

Regarding low speed: I suspect your configuration is not optimal. I conducted some tests using VLANs on bridge (SW implementation) and I could achieve wire speed for port-to-port transfers (without any filtering) while CPU utilization was around 30% of a single core (8% overall CPU utilization).
Not sure if we are talking about the same here - I am doing real world tests with tcp and smb reaching 114MB/s when switching or bridging, but I need the filtering. So at the moment you turn on IP filtering with some rules present, performance breaks down to ~50% while cpu on hap ac2 is maxed out. Using VLAN aware bridges is even worse.
I'm not sure about it either. I did this test:
WinPC <-- access port with PVID=42 --> RBD52G <-- trunk port --> RB951G <-- access port with PVID=42 --> LinPC
So both end machines used usual untagged access and both "border" routerboards did VLAN tagging/untagging. I was running iperf both TCP and UDP. And I could achieve wire speed transfers (but I had to tune iperf parameters to get there so obviously performance does depend on client setup). I posted some results of my tests here.
 
User avatar
alexvdbaan
Trainer
Trainer
Posts: 40
Joined: Sun Feb 22, 2015 12:12 pm
Location: Amsterdam, Netherlands
Contact:

Re: v6.43 [current] is released!

Fri Sep 14, 2018 4:10 pm

@MikroTik support, do you have any feedback on the question below?
bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;

Great work MT team!

I was wondering if you could elaborate on the dynamic vlan function? I can see that the Caps interfaces are included in the bridge and that the active interfaces are tagged in the dynamic vlan entry for PVID 1. I would expect that the dynamic caps interfaces are dynamically added to all the bridge vlan entries. I have also tried to add the Capsman interfaces in their own interface list. However the newly created interface list woith all the dynamic caps interfaces can not be selected in the bridge vlan entry.

Below the config for my test setup on 6.43
/interface bridge
add fast-forward=no name=Lo0 protocol-mode=none
add fast-forward=no name=bridge protocol-mode=none vlan-filtering=yes
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2 pvid=666
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
/interface bridge settings
set allow-fast-path=no
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1 untagged=ether2 vlan-ids=666
add bridge=bridge tagged=bridge,ether1 vlan-ids=200
add bridge=bridge tagged=bridge,ether4,ether5 vlan-ids=10,20,30,667

/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes local-forwarding=no name=vl10-data vlan-id=10 vlan-mode=use-tag
add bridge=bridge client-to-client-forwarding=yes local-forwarding=no name=vl20-data vlan-id=20 vlan-mode=use-tag
add bridge=bridge client-to-client-forwarding=yes local-forwarding=no name=vl30-data vlan-id=30 vlan-mode=use-tag
add bridge=bridge client-to-client-forwarding=yes local-forwarding=no name=radius-data vlan-mode=use-tag
/caps-man security
add authentication-types=wpa2-eap disable-pmkid=yes eap-methods=passthrough encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=Radius-Sec
/caps-man configuration
add country=netherlands datapath=radius-data distance=indoors hide-ssid=no mode=ap name=DynVlan security=Radius-Sec ssid=AllVlan
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes package-path=/upgrade upgrade-policy=require-same-version
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=vl667
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=ac master-configuration=DynVlan name-format=prefix-identity name-prefix=5Ghz-
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=DynVlan name-format=prefix-identity name-prefix=2.4Ghz-
 
DummyPLUG
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Wed Jan 03, 2018 10:17 am

Re: v6.43 [current] is released!

Fri Sep 14, 2018 5:31 pm

CCR1009, just found out all the "last link up time" is the current time in winbox (except those have link down will be in future), anyone have the same issue?
 
posetr
just joined
Posts: 7
Joined: Thu Feb 14, 2013 6:00 pm

Re: v6.43 [current] is released!

Fri Sep 14, 2018 10:23 pm

Hello , i am having difficuties about ccr1036-12g-4s when get udp attack with 0 length .

Using RouterOS 6.4 and here is the tcp dump of attack :

21:10:26.299021 IP 132.155.220.60.39812 > x.x.x.x.44710: UDP, length 0
21:10:26.299034 IP 180.19.33.203.lxi-evntsvc > x.x.x.x.2342: UDP, length 0
21:10:26.299035 IP 56.24.15.219.6200 > x.x.x.x.1234: UDP, length 0
21:10:26.299036 IP 11.90.77.183.23051 > x.x.x.x.44710: UDP, length 0
21:10:26.299057 IP 28.110.53.197.28188 > x.x.x.x.44710: UDP, length 0
21:10:26.299062 IP 215.92.148.235.23767 > x.x.x.x.3453: UDP, length 0
21:10:26.299064 IP 0.19.41.141.4864 > x.x.x.x.80: UDP, length 0
21:10:26.299065 IP 137.132.25.40.33929 > x.x.x.x.44710: UDP, length 0
21:10:26.299065 IP 49.38.104.169.9777 > x.x.x.x.110: UDP, length 0
21:10:26.299067 IP 203.183.15.186.47051 > x.x.x.x.44710: UDP, length 0
21:10:26.299185 IP 51.163.222.160.41779 > x.x.x.x.44710: UDP, length 0
21:10:26.299191 IP 0.33.48.114.8448 > x.x.x.x.4432: UDP, length 0
21:10:26.299193 IP 143.96.62.38.24719 > x.x.x.x.447: UDP, length 0

I have added many rule like :

0 chain=forward action=drop connection-state=invalid protocol=udp log=yes
log-prefix="log-paket"

1 chain=forward action=drop protocol=udp connection-bytes=0-10 log=yes
log-prefix="udp-attack"


It makes routerboard freeze and unaccesible, please help me to solve that.

No logs.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12572
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.43 [current] is released!

Fri Sep 14, 2018 10:37 pm

It really depends on scale of attack (and possibly there's some mis-handling of zero size UDP packets in ROS). But I'd say that major contribution to service failure is that you're logging each malformed UDP packet. Try to silently drop it, it might help your CCR to survive.
 
User avatar
ognjen
newbie
Posts: 35
Joined: Wed Nov 15, 2017 10:31 am
Location: Serbia

Re: v6.43 [current] is released!

Sat Sep 15, 2018 8:57 am

I don't have a problem with upgrade OS and fimware. Everything work fine (Dhcp, DNS, vlan, PPPoE, PPTP, L2TP, OVPN, CAPsMAN, Bridge, Wireless 802.11 over 5Ghz and 2.4GHz, Queue, Tools..). I don't under you guys, what u do to get a problem? :D

Joking apart.. I just see problem with scripts when try to start, but when check Don't requir Permissions problem is resolved.

Routers and switches what i upgrad is:
1x RB3011UiAS
2x RB2011UiAS
1x RB433
2x RBwAP2nDr2
1x CRS125-24G-1S-2HnD
3x RBwAPG-5HacT2Hnd
5x RB921GS-5HPacD r2 (mANTBox 19s)
2x RBLHGG-5acD-XL
1x CRS326-24G-2s+
2x RB SXT 5nD r2
4x RB750

Edit:
Who have problem with login on v6.43 need to upgrade winbox:
Image
 
kriszos
just joined
Posts: 23
Joined: Thu Dec 21, 2017 3:08 pm

Re: v6.43 [current] is released!

Sat Sep 15, 2018 9:22 am

I updated my hAP ac^2 from 6.42.7 and upgraded firmware
after update my cpu usage rise from 2% to 30% and dhcp stopped working. export also hang out after /interface wireless. reboots doesn't helps. Downgraded to 6.42.7 now is working fine again.
I updated it again with same result.
I seen the issue with dhcp stop working. check in dhcp server if you have dhcp server configured with unknown interface, if you have remove that and upgrade to 6.43. When you have dhcp-server configured with unkwnon interface and upgrade to 6.43 will cause dhcp to stop working
I indeed has dhcp on unkown interface. deleted it but that doesn't resolve the problem. After update to 6.43 I cant even make supout.rif file because it hangs at 1% while cpu usage is at 30%.
/tool profile shows tha cpu is used mostly by "unclassified", "spi" and "management"
Anybody has any ideas? I would like to not need to use netinstall.
 
Kindis
Member
Member
Posts: 441
Joined: Tue Nov 01, 2011 6:54 pm
Location: Sweden

Re: v6.43 [current] is released!

Sat Sep 15, 2018 10:51 am

I'm very happy with this build I must say. Must be the best .0 build ever provided. Been running it since launch and a lot of things are better. OSPF is faster for some reason but it may come down to the huge improvements to CHR under Hyper-V. Granted I do not have a advanced environment and do not use IPsec yet so other may have other experiences but overall I'm very happy and good job Mikrotik!!
 
steen
Member
Member
Posts: 475
Joined: Sat Oct 23, 2010 2:15 am
Location: Sweden
Contact:

Re: v6.43 [current] is released!

Sat Sep 15, 2018 10:59 am

Hello Folks!

This is a humble question, someone might have tested this ros version with wifi and nv2 on older mipsbe (ARM) devices like RB411, RB433, RB800 etc. and SXT, SEXTANT, QRT5 ?

Is this wifi problem fixed yet in this version ?

Version greater than 6.41.3 fully fails with wifi and nv2 hand has to be net installed in order to get back to working versions.
 
User avatar
DimaFIX
just joined
Posts: 12
Joined: Wed Apr 18, 2018 7:46 pm
Location: Ukraine

Re: v6.43 [current] is released!

Sun Sep 16, 2018 5:13 am

Changing the identity on hAp ac² crashes the router with an error: "kernel failure in previous boot".
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12572
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.43 [current] is released!

Sun Sep 16, 2018 11:56 am

Changing the identity on hAp ac² crashes the router with an error: "kernel failure in previous boot".
You mean changing identity name as in
/system identity set name="some other name"
The above command doesn't crash my hAP ac² ... running ROS 6..43.
 
User avatar
DimaFIX
just joined
Posts: 12
Joined: Wed Apr 18, 2018 7:46 pm
Location: Ukraine

Re: v6.43 [current] is released!

Sun Sep 16, 2018 12:17 pm

Changing the identity on hAp ac² crashes the router with an error: "kernel failure in previous boot".
You mean changing identity name as in
/system identity set name="some other name"
The above command doesn't crash my hAP ac² ... running ROS 6..43.
Yes. I have problem with this option.
 
dvm
just joined
Posts: 22
Joined: Thu Feb 01, 2018 9:54 am

Re: v6.43 [current] is released!

Sun Sep 16, 2018 3:32 pm

Changing the identity on hAp ac² crashes the router with an error: "kernel failure in previous boot".
I can not reproduce this issue on my hAP ac^2 with ROS 6.43 (both CLI and WinBox).
 
User avatar
DimaFIX
just joined
Posts: 12
Joined: Wed Apr 18, 2018 7:46 pm
Location: Ukraine

Re: v6.43 [current] is released!

Sun Sep 16, 2018 4:08 pm

I can not reproduce this issue on my hAP ac^2 with ROS 6.43 (both CLI and WinBox).
I don't know what the problem is. At me this problem is shown every time, even on a default config.
 
jasonx
just joined
Posts: 11
Joined: Sun Sep 16, 2018 7:07 pm

Re: v6.43 [current] is released!

Sun Sep 16, 2018 7:16 pm

Hi,

on 6.43 current.

dhcp server bindings not working

ip pool used prefix shows pppoe's ipv6

but on dhcp server bindings don't received ipv6 pppoe

somebody with this problem?
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.43 [current] is released!

Sun Sep 16, 2018 10:14 pm

Hi,

on 6.43 current.

dhcp server bindings not working

ip pool used prefix shows pppoe's ipv6

but on dhcp server bindings don't received ipv6 pppoe

somebody with this problem?
We have this problem sometimes on 6.42.6 dhcpv6 server where it is like the dhcpv6 binding disappears without being cleaned from the pool. We even had it happen with ipv4 dhcp where suddenly it was like all dhcp leases disappeared without disappearing from the ipv4 pool used addresses, causing pools to fill up before they should since suddenly hundreds of systems network received new leases. I opened a ticket but mikrotik just suspects some problem on our network. Open a ticket and maybe it will help them track the issue.
 
alexsap
just joined
Posts: 1
Joined: Mon Sep 17, 2018 12:09 am

Re: v6.43 [current] is released!

Mon Sep 17, 2018 12:18 am

We have a huge memory leak on the new 6.43 code running on our CRS326's. We use vlan. Within 12hrs the device reboots due to low memory.
You do not have the required permissions to view the files attached to this post.
 
venthyl
newbie
Posts: 27
Joined: Thu Nov 03, 2011 3:12 pm

Re: v6.43 [current] is released!

Mon Sep 17, 2018 10:54 am

Hello , i am having difficuties about ccr1036-12g-4s when get udp attack with 0 length .

Using RouterOS 6.4 and here is the tcp dump of attack :

21:10:26.299021 IP 132.155.220.60.39812 > x.x.x.x.44710: UDP, length 0
21:10:26.299034 IP 180.19.33.203.lxi-evntsvc > x.x.x.x.2342: UDP, length 0
21:10:26.299035 IP 56.24.15.219.6200 > x.x.x.x.1234: UDP, length 0
21:10:26.299036 IP 11.90.77.183.23051 > x.x.x.x.44710: UDP, length 0
21:10:26.299057 IP 28.110.53.197.28188 > x.x.x.x.44710: UDP, length 0
21:10:26.299062 IP 215.92.148.235.23767 > x.x.x.x.3453: UDP, length 0
21:10:26.299064 IP 0.19.41.141.4864 > x.x.x.x.80: UDP, length 0
21:10:26.299065 IP 137.132.25.40.33929 > x.x.x.x.44710: UDP, length 0
21:10:26.299065 IP 49.38.104.169.9777 > x.x.x.x.110: UDP, length 0
21:10:26.299067 IP 203.183.15.186.47051 > x.x.x.x.44710: UDP, length 0
21:10:26.299185 IP 51.163.222.160.41779 > x.x.x.x.44710: UDP, length 0
21:10:26.299191 IP 0.33.48.114.8448 > x.x.x.x.4432: UDP, length 0
21:10:26.299193 IP 143.96.62.38.24719 > x.x.x.x.447: UDP, length 0

I have added many rule like :

0 chain=forward action=drop connection-state=invalid protocol=udp log=yes
log-prefix="log-paket"

1 chain=forward action=drop protocol=udp connection-bytes=0-10 log=yes
log-prefix="udp-attack"


It makes routerboard freeze and unaccesible, please help me to solve that.

No logs.

Hi i have similar problem

yesterday night
with no reason all Arm or 6.42.x devices hang up,
stop pass traffic,
stop respond even on mac ping
in the same time
manual power cycle was needed.

on one 450x device was ip watchdog, even this wasnt help.

450gx4 - bridge only ip local 192.168.5.x
450gx4- multibridge nat firewall different ips public ip firewalled
450gx2- router no bridge ip to core network 172.16. public ip firewalled

lhg60g - p2p link ip 192.168.88.x

6.42.1-6.42.7 verson on rb

Core network is network with
bridge wireless antennas,
and isolated by mikrotik routers to customers
every router in core network see each other in l2 (no vlan)

there is about 80 other mikrotik routers to serve internet
and 90 wds links soft below 6.42 nothing happend
no other arm devices

Any ideas ?

Regards
 
bbs2web
Member Candidate
Member Candidate
Posts: 233
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: v6.43 [current] is released!

Mon Sep 17, 2018 1:03 pm

How does on obtain the default settings for menu items?

The '/system default-configuration print' command details the default initialisation script and does not show default values.

6.43 on a hAP ac (962UiGS-5HacT2HnT):
[davidh@router] > /int ethernet export 
# sep/17/2018 11:59:56 by RouterOS 6.43
# software id = 4KLB-K1IB
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 6737060E2E31
/interface ethernet
set [ find default-name=sfp1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full

PS: Would be useful to '/int ethernet export default'
 
chaostya
just joined
Posts: 1
Joined: Mon Sep 17, 2018 1:12 pm

Re: v6.43 [current] is released!

Mon Sep 17, 2018 1:17 pm

CRS125-24G-1S-2HnD
After update to 6.43 (including firmware update)
"router was rebooted without proper shutdown by watchdog timer" happened once for now.
 
dvm
just joined
Posts: 22
Joined: Thu Feb 01, 2018 9:54 am

Re: v6.43 [current] is released!

Mon Sep 17, 2018 1:45 pm

How does on obtain the default settings for menu items?

The '/system default-configuration print' command details the default initialisation script and does not show default values.
1. Backup or export current config.
2. Disconnect router from internet and reset config without applying default configuration.
3. Connect to router via MAC.
3. /export verbose file=all_defaults, save this file for future reference
4. Restore backup or import config from step 1.
 
bbs2web
Member Candidate
Member Candidate
Posts: 233
Joined: Sun Apr 22, 2012 6:25 pm
Location: Johannesburg, South Africa
Contact:

Re: v6.43 [current] is released!

Mon Sep 17, 2018 2:11 pm

Thanks for your suggestions but that's fairly obvious. MikroTik change defaults in RouterOS releases and don't document changes properly (multi-line change log entries would be a start, linking changes to a bug tracking system would be much better). I still think it would be useful to have a command along the lines of '/int ether export default' so that one can adjust configurations after performing software and firmware updates.
How does on obtain the default settings for menu items?

The '/system default-configuration print' command details the default initialisation script and does not show default values.
1. Backup or export current config.
2. Disconnect router from internet and reset config without applying default configuration.
3. Connect to router via MAC.
3. /export verbose file=all_defaults, save this file for future reference
4. Restore backup or import config from step 1.
 
nin
newbie
Posts: 32
Joined: Sat Feb 20, 2010 9:02 pm

Re: v6.43 [current] is released!

Mon Sep 17, 2018 7:33 pm

I cannot upgrade to 6.43. I think something messed up with packets installed - please see the picture!
https://www.imagebanana.com/s/1183/icxyABjR.html

Please help me!

PS. CCR1016-12G
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12572
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.43 [current] is released!

Mon Sep 17, 2018 8:17 pm

I cannot upgrade to 6.43. I think something messed up with packets installed
The wireless package is installed both in basic bundle and as separate package. Until you resolve this issue, you can not upgrade to newer version. Whatever you try, first create backup and text configuration export (/export file=<file.rsc>) and get them off your CCR.
You have at least two possibilities (in order of preference of MT staff I guess):
  1. uninstall the extra wireless package, the lower one on your screenshot.
  2. install separate packages - get ZIP file from download section of mikrotik pages. Upload all needed packages except wireless. After reboot CCR will be running ROS 6.37. I guess you don't need wireless package at all, but if you feel like installing it, install it after ROS is already running upgraded.
  3. netinstall CCR
 
nin
newbie
Posts: 32
Joined: Sat Feb 20, 2010 9:02 pm

Re: v6.43 [current] is released!

Mon Sep 17, 2018 10:20 pm

"The wireless package is installed both in basic bundle and as separate package."
Exactly this should absolutely never be possible!
 
nin
newbie
Posts: 32
Joined: Sat Feb 20, 2010 9:02 pm

Re: v6.43 [current] is released!

Mon Sep 17, 2018 10:21 pm

1. uninstall the extra wireless package, the lower one on your screenshot. -> FAILS.
 
nin
newbie
Posts: 32
Joined: Sat Feb 20, 2010 9:02 pm

Re: v6.43 [current] is released!

Mon Sep 17, 2018 10:25 pm

2, install separate packages - get ZIP file from download section of mikrotik pages. Upload all needed packages except wireless. After reboot CCR will be running ROS 6.37. I guess you don't need wireless package at all, but if you feel like installing it, install it after ROS is already running upgraded. -> FAILS!
 
nin
newbie
Posts: 32
Joined: Sat Feb 20, 2010 9:02 pm

Re: v6.43 [current] is released!

Mon Sep 17, 2018 10:52 pm

I need to learn about netinstall. It is too late here. Thanks I will come back asap.
 
Cal5582
just joined
Posts: 14
Joined: Wed Feb 28, 2018 5:04 pm

Re: v6.43 [current] is released!

Mon Sep 17, 2018 11:19 pm

any update on wireless cards not detecting on mmips devices?
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 207
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: v6.43 [current] is released!

Tue Sep 18, 2018 11:38 am

We have a huge memory leak on the new 6.43 code running on our CRS326's. We use vlan. Within 12hrs the device reboots due to low memory.
I reported this too with CRS317's and the only way I could resolve it was to downgrade back to 6.42.7. The fix is supposed to be coming out in the next beta.
They took some support files during the memory filling up and seem to think they have identified the issue.
 
ithierack
just joined
Posts: 10
Joined: Sat Mar 05, 2016 1:17 pm

Re: v6.43 [current] is released!

Tue Sep 18, 2018 11:51 am

CCR1009, just found out all the "last link up time" is the current time in winbox (except those have link down will be in future), anyone have the same issue?
Same here, also an CCR1009. Web-Interface displays correct, WinBox some time in the future. I think, it's only an "cosmetic problem" with WinBox.
 
nin
newbie
Posts: 32
Joined: Sat Feb 20, 2010 9:02 pm

Re: v6.43 [current] is released!

Tue Sep 18, 2018 12:00 pm

3. netinstall CCR -> WORKED!

I am running now 6.43.1 and all went smoothly.
Thanks for your help!
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.43 [current] is released!

Tue Sep 18, 2018 12:01 pm

New version 6.43.1 has been released in stable RouterOS channel:

viewtopic.php?f=21&t=139353

Who is online

Users browsing this forum: DenisPDA, gigabyte091 and 11 guests