Community discussions

MikroTik App
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

v6.44beta [testing] is released!

Tue Sep 11, 2018 1:47 pm

Version 6.44beta6 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.44beta6 (2018-Sep-11 08:52):

Changes in this release:

!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - log only failed pool additions;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed ACL rules on IPQ4018 devices;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1768
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.44beta [testing] is released!

Tue Sep 11, 2018 1:51 pm

O_o "beta"!!!! The hell just froze over!! what happened there?
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.44beta [testing] is released!

Tue Sep 11, 2018 1:54 pm

Now Beta. And Alpha? Alpha V7? :)
 
bennyh
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Fri Mar 03, 2017 12:37 pm

Re: v6.44beta [testing] is released!

Tue Sep 11, 2018 2:14 pm

Now Beta. And Alpha? Alpha V7? :)
Guys! If there will be ROS 7 stable release, we should celebrate it with a big worldwide party :D

ontopic:Did someone test the v6.44 on rb3011?
 
upower3
Member
Member
Posts: 425
Joined: Thu May 07, 2015 11:46 am

Re: v6.44beta [testing] is released!

Tue Sep 11, 2018 3:34 pm

!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
Tell me the truth, who decided that current is stable? It is bugfix that can be considered stable, while current is some bleeding-edge and sometimes even "never to use in prod" version.

Will the naming be backward aware, like cli to accept both bugfix and long-term?

And what to do with old releases (6.29) which are not aware of branches at all and consider itself as stable?
 
schadom
Member Candidate
Member Candidate
Posts: 156
Joined: Sun Jun 25, 2017 2:47 am

Re: v6.44beta [testing] is released!

Tue Sep 11, 2018 5:40 pm

Would be very nice to see some routing (especially BGP, BGP4 SNMP MIBs, etc.) improvements for 6.44!
Also currently peering session re-connects when it's comment is changed in Winbox. This is annoying and could be changed.
 
Bobstonom
just joined
Posts: 6
Joined: Tue Sep 11, 2018 6:17 pm
Location: Tampa, Florida

Re: v6.44beta [testing] is released!

Tue Sep 11, 2018 6:20 pm

Just saw this. Will definitely check it out. :)

By the way, newbie here. Aside from being a MikroTik novice, I'm also a critter lover. I'm usually found at home, treating my Pomeranian, Jules, to his nylabones and watching TV with my wife. Such a simple, yet, happy life. Cheers, fellas!
Last edited by Bobstonom on Mon Sep 24, 2018 5:25 pm, edited 2 times in total.
 
z1022
just joined
Posts: 16
Joined: Wed Jun 06, 2018 5:51 pm

Re: v6.44beta [testing] is released!

Tue Sep 11, 2018 6:25 pm

Now Beta. And Alpha? Alpha V7? :)
Alpha V7 will be launched after v6.99 or v6.999 released :lol: :lol: :lol:
 
upower3
Member
Member
Posts: 425
Joined: Thu May 07, 2015 11:46 am

Re: v6.44beta [testing] is released!

Tue Sep 11, 2018 6:55 pm

currently peering session re-connects when it's comment is changed in Winbox.
So to say, MT used to down and up again PPP-interfaces when you change comment on it! It was this way some time ago, not sure for now, but this was some "bright" idea these days (and maybe today).
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.44beta [testing] is released!

Tue Sep 11, 2018 6:57 pm

Would be very nice to see some wireless (especially NV2, AC) improvements for 6.44!
The bandwidth per 20Mhz channel is very small. Compared to competition...
 
upower3
Member
Member
Posts: 425
Joined: Thu May 07, 2015 11:46 am

Re: v6.44beta [testing] is released!

Tue Sep 11, 2018 6:58 pm

Now Beta. And Alpha? Alpha V7? :)
Alpha V7 will be launched after v6.99 or v6.999 released :lol: :lol: :lol:
I suspect they will release some absolutely new change in the system somewhere between 6.49 and 6.49.7, so noone will ever be able to predict that. Look at new bridge implementation introduction, some serious change that is there in current (sorry, so called stable) release but not in the bugfix, and you get the idea.
 
djdrastic
Member
Member
Posts: 368
Joined: Wed Aug 01, 2012 2:14 pm

Re: v6.44beta [testing] is released!

Tue Sep 11, 2018 7:06 pm


!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
Hi Mikrotik will this release channel naming be pushed down into other releases at a later time ?
All my ansible scripts at present that upgrade 100's of rb's point to "bugfix" , "current" and "release candidate"

Gonna have to do a bit of retooling if so.
 
notToNew
Member Candidate
Member Candidate
Posts: 174
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.44beta [testing] is released!

Tue Sep 11, 2018 9:13 pm

!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
That's good, but we need another channel named oldstable, where 6.42 should go and stay for at least several weeks.

At least do make downgrading more seamless when necessary.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12979
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.44beta [testing] is released!

Tue Sep 11, 2018 9:35 pm

That's good, but we need another channel named oldstable, where 6.42 should go and stay for at least several weeks.

At least do make downgrading more seamless when necessary.
If MT is not going to release new versions in 6.42.x series, then this series does not need its own channel. If you want to downgrade your RB to some particular older version of ROS you can always download it (manually construct download URL if every other option to get DL link fails) and install.
Channels are only useful for semi-automated upgrades and for users that trust in MT decission about which version belongs to which category of stability. If you're not one of us, then you can completely ignore channel naming and install whatever version of ROS you believe is best for yor RBs.
 
User avatar
boldsuck
Frequent Visitor
Frequent Visitor
Posts: 60
Joined: Sun Sep 01, 2013 1:07 am
Location: Germany

Re: v6.44beta [testing] is released!

Tue Sep 11, 2018 9:40 pm

!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
That's good, but we need another channel named oldstable, where 6.42 should go and stay for at least several weeks.

At least do make downgrading more seamless when necessary.
Upload 'old Firmware' to Router and reboot...
...downgrade ready. ;-)
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Thu Sep 13, 2018 3:00 pm

You'll need to press Downgrade button, not just reboot :) But yes, that's that simple.
 
bennyh
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Fri Mar 03, 2017 12:37 pm

Re: v6.44beta [testing] is released!

Thu Sep 13, 2018 4:08 pm

IPSec results appeared on the RB3011 product page as the Mikrotik guys promised, but theese values are lower than IPSec results on the 750Gr3 page. The HW crypt core is weaker in the RB3011 or there will be optimalizations in further ROS releases?
 
blingblouw
Member
Member
Posts: 345
Joined: Wed Aug 25, 2010 9:43 am

Re: v6.44beta [testing] is released!

Thu Sep 13, 2018 4:54 pm

seems this release gave us a wireless channel 66000 on w60g interface. Nice!
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: v6.44beta [testing] is released!

Thu Sep 13, 2018 4:54 pm

Mikrotik, please explain why you needed to rename the release channels. Also please explain what real change does this mean. Without that the renaming of current to stable is very confusing for those who came recently or do not know that the only well tested bugfix could be considered as stable in reality.
 
bennyh
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Fri Mar 03, 2017 12:37 pm

Re: v6.44beta [testing] is released!

Thu Sep 13, 2018 5:35 pm

Mikrotik, please explain why you needed to rename the release channels. Also please explain what real change does this mean. Without that the renaming of current to stable is very confusing for those who came recently or do not know that the only well tested bugfix could be considered as stable in reality.
Maybe they think the new Bridge module is mature enough, to mark as stable. This naming method was earlier too, so they only returned to that.
 
MonkeyDan
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Fri Dec 29, 2017 8:41 pm

Re: v6.44beta [testing] is released!

Thu Sep 13, 2018 5:40 pm

seems this release gave us a wireless channel 66000 on w60g interface. Nice!
Be aware this overlaps with 64800: https://en.wikipedia.org/wiki/Wireless_ ... e#Channels
Also, it appears this isn’t in the default frequency list for station mode: https://wiki.mikrotik.com/wiki/Manual:I ... properties
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Fri Sep 14, 2018 10:13 am

IPSec results appeared on the RB3011 product page as the Mikrotik guys promised, but theese values are lower than IPSec results on the 750Gr3 page. The HW crypt core is weaker in the RB3011 or there will be optimalizations in further ROS releases?
Currently the RB3011 IPsec performance is comparable with any of the IPQ4018 routers (like 450Gx4, hAP ac2), it actually shares the same driver, however there are 4 total crypto modules on RB3011 and as of now only 1 is enabled, meaning it has the potential to achieve even higher throughput. Anyway, we will continue to develop this driver, but in the mean time, 400Mbps over the 100Mbps which you were able to achieve with software crypto is a valuable gain in my opinion.
 
bennyh
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Fri Mar 03, 2017 12:37 pm

Re: v6.44beta [testing] is released!

Fri Sep 14, 2018 10:49 am

IPSec results appeared on the RB3011 product page as the Mikrotik guys promised, but theese values are lower than IPSec results on the 750Gr3 page. The HW crypt core is weaker in the RB3011 or there will be optimalizations in further ROS releases?
Currently the RB3011 IPsec performance is comparable with any of the IPQ4018 routers (like 450Gx4, hAP ac2), it actually shares the same driver, however there are 4 total crypto modules on RB3011 and as of now only 1 is enabled, meaning it has the potential to achieve even higher throughput. Anyway, we will continue to develop this driver, but in the mean time, 400Mbps over the 100Mbps which you were able to achieve with software crypto is a valuable gain in my opinion.
Yes, thats true :) Only that was strange, the smaller and cheaper 750Gr3 is stronger in it, but I got a deep explanation from you. Thank you!
 
Cal5582
just joined
Posts: 14
Joined: Wed Feb 28, 2018 5:04 pm

Re: v6.44beta [testing] is released!

Fri Sep 14, 2018 6:07 pm

RBM11G and R11e-5HacT looses the R11e-5HacT in this software revision and in 6.43 downgrading to 6.42.7 auto-magically makes the wireless card come back so it is a software issue and not a hardware issue. it is also repeatable during testing.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.44beta [testing] is released!

Fri Sep 14, 2018 6:19 pm

RBM11G and R11e-5HacT looses the R11e-5HacT in this software revision and in 6.43 downgrading to 6.42.7 auto-magically makes the wireless card come back so it is a software issue and not a hardware issue. it is also repeatable during testing.
I reported the same problem to support. After upgrade to 6.43 rbM11 looses card. No answer yet.
Last edited by honzam on Fri Sep 14, 2018 7:03 pm, edited 1 time in total.
 
Cal5582
just joined
Posts: 14
Joined: Wed Feb 28, 2018 5:04 pm

Re: v6.44beta [testing] is released!

Fri Sep 14, 2018 6:20 pm

good to know its not just me. i sent a supout to them and an email describing the issue but havent heard anything yet.
 
Cal5582
just joined
Posts: 14
Joined: Wed Feb 28, 2018 5:04 pm

Re: v6.44beta [testing] is released!

Fri Sep 14, 2018 6:28 pm

just out of curiosity are you also using an RBM11g also or something else with MPCIe?
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.44beta [testing] is released!

Fri Sep 14, 2018 7:02 pm

RBM11G and R11e-5HacD
 
ozone
newbie
Posts: 26
Joined: Wed Jul 18, 2018 1:23 am

Re: v6.44beta [testing] is released!

Sat Sep 15, 2018 6:26 pm

RBM11G and R11e-5HacT looses the R11e-5HacT in this software revision and in 6.43 downgrading to 6.42.7 auto-magically makes the wireless card come back so it is a software issue and not a hardware issue. it is also repeatable during testing.

RBM33g+R11e-5HacT does seem to work. (design closely related to RBM11g)

But my connection issues still remain (viewtopic.php?f=3&t=136950)
Support case is about that is also still open, although I haven't received any feedback from MT about it for weeks now :(

RBM33 still doesn't seem to be a viable contender for a hap-ac replacement unfortunately.
(is design been given up???)
 
jondavy
Member Candidate
Member Candidate
Posts: 143
Joined: Tue May 12, 2009 11:14 pm
Location: Brasil

Re: v6.44beta [testing] is released!

Sat Sep 15, 2018 9:52 pm

is not allowing to create qos scripts with parent queue with hotspot,
with pppoe works normal
 
schadom
Member Candidate
Member Candidate
Posts: 156
Joined: Sun Jun 25, 2017 2:47 am

Re: v6.44beta [testing] is released!

Sun Sep 16, 2018 1:10 am

Please consider some BGP fixes and improvements for 6.44:

- make route matching via /ip route print where=.. with BGP full feeds faster
- do not reset/re-establish a BGP session when it's comment is changed
- improve overall BGP convergence time on CCR/tile

+ introduce BGP4 SNMP MIBs
+ introduce priority/order feature for BGP sessions

Thanks
 
epkulse
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Sat Oct 27, 2012 12:57 am

Re: v6.44beta [testing] is released!

Sun Sep 16, 2018 12:51 pm

Upgraded now, and I am not able to login anymore. Password appears to be changed. Same problem in Webfig as SSH. Known issue? Any idea how to restore?
 
User avatar
grusu
Member Candidate
Member Candidate
Posts: 140
Joined: Tue Aug 13, 2013 7:35 am
Location: Bucharest, Romania

Re: v6.44beta [testing] is released!

Sun Sep 16, 2018 12:52 pm

Upgraded now, and I am not able to login anymore. Password appears to be changed. Same problem in Webfig as SSH. Known issue? Any idea how to restore?
viewtopic.php?f=21&t=139189
 
epkulse
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Sat Oct 27, 2012 12:57 am

Re: v6.44beta [testing] is released!

Sun Sep 16, 2018 12:59 pm

Well, I guess it should still be possible to login with Webfig or SSH?
 
User avatar
grusu
Member Candidate
Member Candidate
Posts: 140
Joined: Tue Aug 13, 2013 7:35 am
Location: Bucharest, Romania

Re: v6.44beta [testing] is released!

Sun Sep 16, 2018 1:11 pm

Well, I guess it should still be possible to login with Webfig or SSH?
Hi,

Try to update winbox to 3.18 version.
From which version you upgraded RouterOS to v6.44beta?

Geo
 
Rico40
just joined
Posts: 16
Joined: Sun Aug 19, 2018 8:53 pm
Location: Poland

Re: v6.44beta [testing] is released!

Sun Sep 16, 2018 1:57 pm

Update the certificate in the browser. I had this problem too and it helped me.
 
epkulse
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Sat Oct 27, 2012 12:57 am

Re: v6.44beta [testing] is released!

Sun Sep 16, 2018 3:33 pm

I used Webfig on a MAC... Have winbox4mac on 3.17 - but that should not make any difference... As SSH does not work, it is not browser dependent, I guess...
 
epkulse
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Sat Oct 27, 2012 12:57 am

Re: v6.44beta [testing] is released!

Sun Sep 16, 2018 3:45 pm

ssh says "permission denied" all the time...
admin@192.168.88.6's password:
Permission denied, please try again.

Does not work to login with blank password - so it seems something is corrupted...

The device is a RB751G-2HnD running as AP - I use it as a test device för new releases. So, no panic - but maybe alarming to others...
 
epkulse
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Sat Oct 27, 2012 12:57 am

Re: v6.44beta [testing] is released!

Sun Sep 16, 2018 3:56 pm

Winbox 3.18 - not working... When running it on a PC...
 
User avatar
grusu
Member Candidate
Member Candidate
Posts: 140
Joined: Tue Aug 13, 2013 7:35 am
Location: Bucharest, Romania

Re: v6.44beta [testing] is released!

Sun Sep 16, 2018 6:02 pm

Winbox 3.18 - not working... When running it on a PC...
Try to clear cache:

Tools > Clear Cache
 
epkulse
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Sat Oct 27, 2012 12:57 am

Re: v6.44beta [testing] is released!

Sun Sep 16, 2018 6:52 pm

That does not help.

Somehow my Password has been corrupted when I upgraded. So, likely something wrong with this upgrade which I assume needs to taken care of as it would affect a lot of users otherwise...

I have tried Webfig, Winbox, SSH - none of these access methods allow me to use the Password I have defined. Nor can i login by omitting the password - so it is not restored to default or something. Appears to be working, I can connect to wifi (run by Capsman) - but I am unable to access it as admin anymore Seems I have to make a HW-reset or something... Not nice, should you have lots of these devices.

As I have said before, this is not a critical production device for me - but still quite confusing how this could happen...
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 10:26 am

Version 6.44beta9 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.44beta9 (2018-Sep-17 07:20):

MAJOR CHANGES IN v6.44:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) switch - fixed port mirroring on devices that do not support CPU Flow Control;
*) webfig - allow to change user name when creating a new system user;
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" setting to "IP/DHCP Server/Leases" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IPv6/DHCPv6 Server/Bindings" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - fixed corrupt user database after specifying allowed address range (introduced in v6.43);
*) winbox - make bridge port "untrusted" by default when creating new port;
*) winbox - show "IP/Cloud" menu on CHR;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 10:36 am

Backup stored on cloud? Great idea, but how is this accessed, if you need to restore? Even more importantly, how is it secured? The idea of a backup with confidential passwords and other information floating in the aether for a hacker to conveniently steal is a bit concerning. I use online backup all the time, but that comes with details as to how the data is protected, etc.
Last edited by mducharme on Tue Sep 18, 2018 10:40 am, edited 1 time in total.
 
andriys
Forum Guru
Forum Guru
Posts: 1543
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 10:39 am

!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);

Two questions:
  • Can this cloud backup be encrypted?
  • Since Mikrotik cloud services are bound to the device's serial number, is there any way to retrieve a backup when the original device is lost?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 10:40 am

Remember that in MikroTik RouterOS, backup file is for restoring past configuration on the same device, not a safeguard against a lost or damaged device, for restoring on other devices, you should be using "export" config files.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 10:49 am

Remember that in MikroTik RouterOS, backup file is for restoring past configuration on the same device, not a safeguard against a lost or damaged device, for restoring on other devices, you should be using "export" config files.
Officially, yes, but if the device is being replaced with one of the same model and the MAC addresses are reset after the restore, if you are in a pinch and have nothing else, the .backup does work, even though it is not the best choice. I imagine that is why andriys is asking and I would echo it - even though it is bad practice, it can be better to have the .backup than to have to recreate a complicated config from scratch, if whoever was managing the router was not careful enough to keep good .rsc backups.

What about integrating the cloud into the "My Account" on MikroTik, so that you could view a list of previous backups from the MikroTik account and download them from there? Just an idea.
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 10:55 am

Or a backup explorer so you can fetch the configuration export from a binary backup file. Like the supout.rif viewer.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 11:02 am

viewtopic.php?f=1&t=135603&p=687001#p687001

*) It is a requirement for the file to be encrypted - see update to backup file encryption, only the new kind is accepted by IP Cloud Backup
*) if you save secure-download-key you can retrieve the file from another router
*) integration in the account is planned and it is coming sometime later
 
schadom
Member Candidate
Member Candidate
Posts: 156
Joined: Sun Jun 25, 2017 2:47 am

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 11:34 am

Remember that in MikroTik RouterOS, backup file is for restoring past configuration on the same device, not a safeguard against a lost or damaged device, for restoring on other devices, you should be using "export" config files.
Why can't device-specific stuff like MAC-addresses simply be removed from the backup files?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7186
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 12:25 pm

Because it is whole system backup.
 
msatter
Forum Guru
Forum Guru
Posts: 2941
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 12:48 pm

Remember that in MikroTik RouterOS, backup file is for restoring past configuration on the same device, not a safeguard against a lost or damaged device, for restoring on other devices, you should be using "export" config files.
Export config files is death for me. Tried everything what is mentioned in the wiki and forum but never succeeded to import a config file for years.

Restoring backup files on other devices with same or similar hardware goes fine and after restore also restore the MAC's of the new device.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 1:49 pm

Without an example we can not comment why you are not being able to import .rsc file.

We recommend that you import file step-by-step if it is failing. Then you will see at which point configuration is not accepted and you can fix it or report a problem to support@mikrotik.com if there is one.

Export/import must work without any problems on the same model RouterBOARD if the same RouterOS version is installed on both devices and the same software packages are enabled.
 
und3ath
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Mon Mar 23, 2009 7:01 pm

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 4:56 pm

lhg 60 + 6.44 beta9 - interface wlan60-1 window in winbox, Status tab: only frequency is shown, anything else is empty. SNMP also stopped working for these values.

2nd problem - I see only 4 frequencies - there is no 66000 MHz option
 
User avatar
doneware
Trainer
Trainer
Posts: 647
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 5:57 pm

Why can't device-specific stuff like MAC-addresses simply be removed from the backup files?
i'd like to have something like '/sys backup load name="filename.backup" password="dragon" keep-mac-addresses=yes

or an ability to auto-run commands upon successful restore (like a cli command to restore original mac addresses)
 
User avatar
doneware
Trainer
Trainer
Posts: 647
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 6:05 pm

Without an example we can not comment why you are not being able to import .rsc file.
in case of big export files you can run into situations, when the next command is just not accepted. like you add an object as nameA, then try to set something on the same object by its name, and CLI responds as "not found". carefully tuned delay statements help with these issues.

but in general my biggest PITA is
- not having the users
- not having the ssh keys
- not having the certificates
in the export file. this renders the stuff unusable in many cases.

right now we have the user passwords as hashes, so i see no point why this "hash" could not be rendered as base64 or anything printable. the same goes for the keys and certificates. esp certificates are kind of hard to come by: the export file contains references at some services (like sstp client) to a certificate by its name, and the certificate is just not there. if you manually export the certs and re-import them, they lose their original names, so the references are broken.

with /system reset-config you can have the user accounts remain intact, so an 'import' of a previously exported rsc 'can' work. but i can't say the same for the certs and keys.
but in general, i'd like to have the same 'in-line' exports for users (along with their hashes) as well.
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 8:02 pm

I agree with @doneware, an export that exports everything would be dream come true. I don't even care if it can be imported at once.

Backup is just impractical binary mess for me. I don't break my configs in a way that I'd need to restore them. But I do need to know what was there, in case the router dies and I need to replace it. In most cases I won't have the same model available, at least initially, so restoring backup meant for same device is not exactly ideal.

Plus you can't see what's in backup, unless you restore it somewhere. I have set up automated exports and the output is saved in version control system, so I know what exactly changed and when. And it's perfect for me, but sadly incomplete. Luckily not every router has certificates and recreating users is bearable. But it would be better if export had everything.
 
amokkatmt
newbie
Posts: 33
Joined: Mon Oct 24, 2011 3:31 pm

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 10:03 pm

After updating to 6.44beta9 I can not get output of command execution over SSH, using putty's plink. What I mean:
plink.exe -v -ssh username@hostname -i .\mikrotik-priv.key.ppk -sshlog .\lkjlkj.log ":put 'hello';/quit"
What I got:
...........
Event Log: Opened main channel
Outgoing packet #0x9, type 98 / 0x62 (SSH2_MSG_CHANNEL_REQUEST)
  00000000  00 00 00 00 00 00 00 22 73 69 6d 70 6c 65 40 70  ......."simple@p
  00000010  75 74 74 79 2e 70 72 6f 6a 65 63 74 73 2e 74 61  utty.projects.ta
  00000020  72 74 61 72 75 73 2e 6f 72 67 00                 rtarus.org.
Outgoing packet #0xa, type 98 / 0x62 (SSH2_MSG_CHANNEL_REQUEST)
  00000000  00 00 00 00 00 00 00 04 65 78 65 63 01 00 00 00  ........exec....
  00000010  12 3a 70 75 74 20 27 68 65 6c 6c 6f 27 3b 2f 71  .:put 'hello';/q
  00000020  75 69 74                                         uit
Incoming packet #0x9, type 99 / 0x63 (SSH2_MSG_CHANNEL_SUCCESS)
  00000000  00 00 01 00                                      ....
Event Log: Started a shell/command
Incoming packet #0xa, type 98 / 0x62 (SSH2_MSG_CHANNEL_REQUEST)
  00000000  00 00 01 00 00 00 00 0b 65 78 69 74 2d 73 74 61  ........exit-sta
  00000010  74 75 73 00 00 00 00 00                          tus.....
Event Log: Server sent command exit status 0
Incoming packet #0xb, type 97 / 0x61 (SSH2_MSG_CHANNEL_CLOSE)
  00000000  00 00 01 00                                      ....
Outgoing packet #0xb, type 96 / 0x60 (SSH2_MSG_CHANNEL_EOF)
  00000000  00 00 00 00                                      ....
Outgoing packet #0xc, type 97 / 0x61 (SSH2_MSG_CHANNEL_CLOSE)
  00000000  00 00 00 00                                      ....
Event Log: Disconnected: All channels closed
But I expected command output. This was test command. What I run in my project is
:while (true) do={delay 300; :put "999 BEG";/ip firewall address-list print terse without-paging where list="china"; :put "999 END"}
Here I am exporting address-list "china" every 5 minutes via SSH for parsing etc. This command should run forever, thus keeping SSH connection forever too. But after updating from beta6 to beta9, ssh connection is closing immediately without giving me any output on plink's stdout.
Simple commands are executed actually, tried "/system ntp server set manycast=yes" and it worked.
 
raffav
Member
Member
Posts: 345
Joined: Wed Oct 24, 2012 4:40 am

Re: v6.44beta [testing] is released!

Tue Sep 18, 2018 10:11 pm

Without an example we can not comment why you are not being able to import .rsc file.

We recommend that you import file step-by-step if it is failing. Then you will see at which point configuration is not accepted and you can fix it or report a problem to support@mikrotik.com if there is one.

Export/import must work without any problems on the same model RouterBOARD if the same RouterOS version is installed on both devices and the same software packages are enabled.
Also can use that third tool that someone biuld that can read rsc file and remove unnecessary lines like mac address


Sent from my XT1580 using Tapatalk

 
Bobstonom
just joined
Posts: 6
Joined: Tue Sep 11, 2018 6:17 pm
Location: Tampa, Florida

Re: v6.44beta [testing] is released!

Wed Sep 19, 2018 9:50 am

"Because it is whole system backup."
Oh, that's why. Thanks for clearing it up.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.44beta [testing] is released!

Wed Sep 19, 2018 10:12 am

*) chr - assign interface names based on underlying PCI device order on KVM;
Is this specificially for Linux KVM or is it also for other virtual environments?
I have an interface name issue under VMware ESXi 6.7 would that be fixed by this?
(I want the ether interfaces named in icreasing PCI bus number)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.44beta [testing] is released!

Wed Sep 19, 2018 10:24 am

I have set up automated exports and the output is saved in version control system, so I know what exactly changed and when. And it's perfect for me, but sadly incomplete. Luckily not every router has certificates and recreating users is bearable. But it would be better if export had everything.
I am in the same boat, and for me the fact that certificates are not in /export is a showstopping reason not to use certificates, even when the router is putting "insecure configuration, suggest to use certificates" comments in some config items.
When it is really not wanted to put certificates in a normal export, there should be a certificate-only backup that you can restore on another device (even another type) without issue!
For example, we have 2 CCR1009-8G-1S-1S+ in the network. Should they fail, they are unobtanium so I should get something like CCR1009-7G-1C-1S+ instead, or maybe I would then choose a RB1100AHx4 or RB4011iGS+RM. It should then be possible to transfer the configuration, and while I understand that it is not so easy to make a backup file format that would simply restore on another type of router (although some other manufacturers sort of have that!) it should at least be possible to backup and restore those certificates, keys and users. The remainder of the config can then be transferred using a /export and some editing.

BTW, there are still issues in the /export. I tried the above yesterday to make a cold standby backup for a CCR1009-8G-1S-1S+ as a CHR under VMware ESXi and I encountered two /export issues (apart from the fact I was using 6.42.7 /export in a 6.43.1 CHR so the /ipsec peer config failed, but I understand that):

- /ipv6 dhcp-server is exported before /ipv6 pool but server refers to pool names
- /ip neighbor discovery-settings set discover-interface-list=!somelistname forgets to export the ! (not)
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1160
Joined: Tue Oct 11, 2005 4:53 pm

Re: v6.44beta [testing] is released!

Wed Sep 19, 2018 10:29 am

I have set up automated exports and the output is saved in version control system, so I know what exactly changed and when.
Can you give more info on your setup/workflow?
I am interested in implementing something similar.

Thanks.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.44beta [testing] is released!

Wed Sep 19, 2018 8:05 pm

I have experienced occasional problems doing import of an rsc due to race conditions. If RSC is imported on boot, there needs to be a delay programmed in for the ethernet interfaces to initialize before the config begins to apply. If the RSC is imported at any other time (ex. booted router with "no default configuration"), I have seen it happen where some settings do not take effect the moment that the command is run, but instead are delayed a few seconds later. The import then fails partway through because it hits some other setting that depends on a previous one that hasn't applied yet, and again the solution is to add a delay of one or two seconds into the import rsc file to give enough time for the previous setting to activate before reaching the dependent setting. It would be really nice if this would happen automatically without needing to worry about this.
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: v6.44beta [testing] is released!

Thu Sep 20, 2018 12:24 am

@Cha0s: What I currently use is a little old and messy (php + svn). Long-term plan is to write something nicer and share it here in the forum too, but it might take a while. But bare bones version can be:
for /F "tokens=*" %%A in (hosts.txt) do plink -ssh -i backup.ppk backup@%%A /export | grep "^[^#]" > %%A.rsc
git add *.rsc
git commit -m "automated backup"
File backup.ppk is PuTTY's private key and hosts.txt is text file with list of addresses or hostnames. Grep strips comments, to only record real changes. On router there's backup user (with ssh key):
/user group
add name=backup policy=ssh,read,sensitive,!local,!telnet,!ftp,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!api
/user
add group=backup name=backup
And that's it, just run it as often as needed, from scheduler or manually. There's a lot of room for improvements (logging, notifications on failure, ...), but even this is usable as quick'n'dirty solution. Or it could be done in reverse, with routers uploading their config to some central server and a script there could handle the rest. Now if only the export exported everything...
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1160
Joined: Tue Oct 11, 2005 4:53 pm

Re: v6.44beta [testing] is released!

Thu Sep 20, 2018 12:40 am

Thanks! :)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.44beta [testing] is released!

Thu Sep 20, 2018 1:04 am

It can be a good idea to use "/export terse" as this tends to result in easier to identify changes e.g. when using gitweb or other colored-diff tools or when you want to grep your config collection for the occurrence of certain constructs (with meaningful output).
This was added in 6.40 and before that I used a simple perl script that converts a classic export to terse form.
 
jkarras
Member Candidate
Member Candidate
Posts: 226
Joined: Fri Sep 06, 2013 3:07 am
Location: Utah, USA

Re: v6.44beta [testing] is released!

Thu Sep 20, 2018 5:06 am

I have set up automated exports and the output is saved in version control system, so I know what exactly changed and when.
Can you give more info on your setup/workflow?
I am interested in implementing something similar.

Thanks.
RANCID works for this. There are runners for a lot of different NOS.

http://www.shrubbery.net/rancid/

Oxidized is a more modern replacement that also supports ROS.


https://github.com/ytti/oxidized/blob/m ... S-Types.md
 
server8
Long time Member
Long time Member
Posts: 592
Joined: Fri Apr 22, 2011 1:27 pm

Re: v6.44beta [testing] is released!

Thu Sep 20, 2018 1:29 pm

2nd problem - I see only 4 frequencies - there is no 66000 MHz option
Mikrotik 60 GHZ@66000 MHz ???
 
blingblouw
Member
Member
Posts: 345
Joined: Wed Aug 25, 2010 9:43 am

Re: v6.44beta [testing] is released!

Thu Sep 20, 2018 1:59 pm

2nd problem - I see only 4 frequencies - there is no 66000 MHz option
Mikrotik 60 GHZ@66000 MHz ???

CLI only. You will also need to add it to frequency-list of remote end.
 
server8
Long time Member
Long time Member
Posts: 592
Joined: Fri Apr 22, 2011 1:27 pm

Re: v6.44beta [testing] is released!

Thu Sep 20, 2018 5:27 pm

CLI only. You will also need to add it to frequency-list of remote end.
I miss it thank you for the info
 
Ivoshiee
Member
Member
Posts: 483
Joined: Sat May 06, 2006 4:11 pm

Re: v6.44beta [testing] is released!

Mon Sep 24, 2018 10:31 pm

The 6.44beta9 has no more information about wlan60 link status except "connected" and "link downs" count. Signal info and the rest of stuff is nowhere to be found.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2975
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6 44beta testing is released

Tue Sep 25, 2018 12:08 am

Id like to find out about helping with the Beta test on this...Ive used the big program for many years now, and have been on the Beta list for quite some time.

I just started using PE, as Ive changed employers, and my new job wont allow me to install anything on my computer there, but I can use USB U3 programs. Im already really liking this, and would be glad to assist with your testing

Thanks
-Chris
What are you talking about? What are USB U3 programs? Please stop posting such posts.
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: v6.44beta [testing] is released!

Tue Sep 25, 2018 12:35 am

@BartoszP: It's probably someone preparing the ground for later, establish the presence and then add spammy link in signature or something. Has three posts so far and none of them makes any sense.
 
bigal488
just joined
Posts: 2
Joined: Mon Apr 02, 2012 3:39 pm

Re: v6.44beta [testing] is released!

Wed Sep 26, 2018 6:51 pm

After updating to 6.44beta9 I can not get output of command execution over SSH, using putty's plink. What I mean:
plink.exe -v -ssh username@hostname -i .\mikrotik-priv.key.ppk -sshlog .\lkjlkj.log ":put 'hello';/quit"

I'm seeing the same with beta9 - no output from commands run via ssh e.g.
ssh -i "mikrotik.key" admin@192.168.0.254 ":put \"hello\""

produces nothing...
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Tue Feb 20, 2018 12:31 am

Re: v6.44beta [testing] is released!

Thu Sep 27, 2018 12:56 am

if I recover a backup, it gives me error 6.
the backup is NOT encrypted and not even the password.
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v6.44beta [testing] is released!

Sun Sep 30, 2018 11:47 am

amokkatmt, bigal488, did you report the ssh output issue to support?
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Mon Oct 01, 2018 8:51 am

Thank you everyone, single line SSH command execution will be fixed in the next beta version.
 
bennyh
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Fri Mar 03, 2017 12:37 pm

Re: v6.44beta [testing] is released!

Tue Oct 02, 2018 12:10 pm

New beta out:
rb3011 - implemented multiple engine IPsec hardware acceleration support;
Cool :)
 
mikruser
Long time Member
Long time Member
Posts: 578
Joined: Wed Jan 16, 2013 6:28 pm

Re: v6.44beta [testing] is released!

Tue Oct 02, 2018 12:42 pm

what is "multiple engine"??
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v6.44beta [testing] is released!

Tue Oct 02, 2018 1:28 pm

Search for "ipsec" in this topic.

viewtopic.php?f=21&t=139057&p=686156#p686156
Currently the RB3011 IPsec performance is comparable with any of the IPQ4018 routers (like 450Gx4, hAP ac2), it actually shares the same driver, however there are 4 total crypto modules on RB3011 and as of now only 1 is enabled, meaning it has the potential to achieve even higher throughput. Anyway, we will continue to develop this driver, but in the mean time, 400Mbps over the 100Mbps which you were able to achieve with software crypto is a valuable gain in my opinion.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Oct 02, 2018 1:38 pm

Version 6.44beta14 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.44beta14 (2018-Oct-01 12:01):

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) cloud - improved DDNS service disabling;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) ntp - fixed possible NTP server stuck in "started" state;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added interface stats;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) wireless - improved stability for 802.11ac;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2182
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v6.44beta [testing] is released!

Tue Oct 02, 2018 4:33 pm


*) rb3011 - implemented multiple engine IPsec hardware acceleration support;

Thank you for finally getting the RB3011 IPSEC engine working, and for getting all crypto blocks operating. This breathes new life into this product for me.
 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.44beta [testing] is released!

Tue Oct 02, 2018 11:05 pm

Version 6.44beta14 has been released.
*) wireless - improved stability for 802.11ac;
Hello, semester is starting, soon. So I´m asking myself what problems will our users will face without this patch? What stability problems exist? It would be great to have this in 6.43.3 aswell.
(Talking about wireless, could we please get a simple "reboot" button within capsman, so after a reboot a cap will connect to its master capsman controller(as it is saved on the cap itself)? I know wrong thread)
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.44beta [testing] is released!

Wed Oct 03, 2018 8:49 pm


*) wireless - improved stability for 802.11ac;
Any description of improve? Thanks
 
server8
Long time Member
Long time Member
Posts: 592
Joined: Fri Apr 22, 2011 1:27 pm

Re: v6.44beta [testing] is released!

Thu Oct 04, 2018 10:34 am


*) wireless - improved stability for 802.11ac;
Any description of improve? Thanks
+1
 
mistry7
Forum Guru
Forum Guru
Posts: 1480
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: v6.44beta [testing] is released!

Thu Oct 04, 2018 11:53 am

Still no Support for QCA9984/9994 and QCA9888 hopefully we see support not only for ARM (RB4011)
It would be an option to use this Wave2 Modules on M11G (MMips)
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Fri Oct 05, 2018 2:51 pm

Version 6.44beta17 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.44beta17 (2018-Oct-04 09:42):

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

*) bridge - fixed possible memory leak when VLAN filtering is used;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Fri Oct 05, 2018 3:01 pm

A bug in v6.44beta17 prevents SFP+ interfaces from linking properly on CRS328-24P-4S+RM. We will resolve the issue in the next beta version. Please upgrade with caution.
 
User avatar
antonsb
MikroTik Support
MikroTik Support
Posts: 411
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: v6.44beta [testing] is released!

Fri Oct 05, 2018 4:05 pm


*) wireless - improved stability for 802.11ac;
Any description of improve? Thanks
This fix should provide better rate selection at higher rates and at higher load.
 
rogerkri
just joined
Posts: 3
Joined: Fri Mar 23, 2018 2:44 pm

Re: v6.44beta [testing] is released!

Fri Oct 05, 2018 5:12 pm

*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
Will this be fixed for the RB922UAGS-5HPacD as well?
 
soomanyquestions
newbie
Posts: 35
Joined: Sat Aug 20, 2016 6:35 pm

Re: v6.44beta [testing] is released!

Sat Oct 06, 2018 1:38 am

Hi,

I'm getting the following on my devices after upgrading to beta17.
Image
This eventually leads to the routers management interfaces to be unresponsive. For example you can run /ip route print via ssh and it will just hang forever and wont output anything. Same with winbox if you open interfaces menu or ppp menu the lists are just empty. Also it seems that you can not connect to the wireless network of the device when this happens.
I do have a snmp server that periodically queries the routers. I have tested this on a mAp, hAP ac lite and a rb2011.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Wed Oct 10, 2018 3:44 pm

Version 6.44beta20 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.44beta20 (2018-Oct-09 09:29):

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - properly read "eeprom" data after different module inserted in disabled interface;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) w60g - general stability and performance improvements;
*) w60g - improved stability for short distance links;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.44beta [testing] is released!

Wed Oct 10, 2018 4:13 pm

The fetch command behaves wired...
[admin@MikroTik] > :put ([ /tool fetch https://www.eworm.de/ip/index.shtml output=user as-value ]->"data")
91.16.17.160
[admin@MikroTik] > /file print where name="index.shtml"
 # NAME                     TYPE                    SIZE CREATION-TIME
 0 index.shtml              .shtml file                0 oct/10/2018 15:07:50
It does put empty files in storage where it should not. Fetching from urls ending with a slash is not possible at all, unless you give "dst-path=".
 
User avatar
TerminalAddict
just joined
Posts: 12
Joined: Wed May 25, 2016 6:46 am
Location: Hamilton, New Zealand
Contact:

Re: v6.44beta [testing] is released!

Thu Oct 11, 2018 2:51 am

@Cha0s: What I currently use is a little old and messy (php + svn). Long-term plan is to write something nicer and share it here in the forum too, but it might take a while. But bare bones version can be:
for /F "tokens=*" %%A in (hosts.txt) do plink -ssh -i backup.ppk backup@%%A /export | grep "^[^#]" > %%A.rsc
git add *.rsc
git commit -m "automated backup"
File backup.ppk is PuTTY's private key and hosts.txt is text file with list of addresses or hostnames. Grep strips comments, to only record real changes. On router there's backup user (with ssh key):
/user group
add name=backup policy=ssh,read,sensitive,!local,!telnet,!ftp,!reboot,!write,!policy,!test,!winbox,!password,!web,!sniff,!api
/user
add group=backup name=backup
And that's it, just run it as often as needed, from scheduler or manually. There's a lot of room for improvements (logging, notifications on failure, ...), but even this is usable as quick'n'dirty solution. Or it could be done in reverse, with routers uploading their config to some central server and a script there could handle the rest. Now if only the export exported everything...
I've just finished writing something to automate git commit backups
https://www.paulwillard.nz/snippet.php? ... ackup.html

I don't trim the comments as they might be there for a reason :)
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Thu Oct 11, 2018 2:20 pm

Thanks, eworm, both issues will be fixed in the next beta version.
 
soomanyquestions
newbie
Posts: 35
Joined: Sat Aug 20, 2016 6:35 pm

Re: v6.44beta [testing] is released!

Thu Oct 11, 2018 3:11 pm

Hi,

I'm getting the following on my devices after upgrading to beta17.
Image
This eventually leads to the routers management interfaces to be unresponsive. For example you can run /ip route print via ssh and it will just hang forever and wont output anything. Same with winbox if you open interfaces menu or ppp menu the lists are just empty. Also it seems that you can not connect to the wireless network of the device when this happens.
I do have a snmp server that periodically queries the routers. I have tested this on a mAp, hAP ac lite and a rb2011.
I updated to 6.44beta20 and this is still happening.
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v6.44beta [testing] is released!

Thu Oct 11, 2018 3:22 pm

I updated to 6.44beta20 and this is still happening.

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
 
schrotn
just joined
Posts: 14
Joined: Sat Sep 13, 2014 8:23 am

Re: v6.44beta [testing] is released!

Fri Oct 12, 2018 6:32 am

I think I'm running into a config bug in 6.44 Beta 20

I've upgraded my testing router and saw the L2TP/IPSec unsafe config notice. So I was playing around with configs to fix that.

Once the L2TP peer is initially added, any attempt to edit the peer config errors out with "Couldn't change IPSec Peer <::/0> - certificate chain is supported only in IKEv2 (6)"
This seems to affect both manually and dynamically added peers.

Any truly valid peer config commits successfully when initially configured, but any attempt to change them results in the same error.

Also, since Mikrotik is warning against L2TP/IPSec PSK, is there any plans to expand the L2TP setup in PPP to be more secure?
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1224
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6 44beta testing is released

Fri Oct 12, 2018 9:16 am

What are you talking about? What are USB U3 programs? Please stop posting such posts.
U3 is a portable execution medium developed some years ago, and pushed by Sandisk.
It allows the installation of a PE (Portable executable) on an USB stick which creates an automatic launch environment in Windows, so that those specific installed programs can be transferred completely, including their run environment to another machine, just by inserting the USB device in the other machine, without the need to install them on each machine.

https://en.wikipedia.org/wiki/U3_%28software%29

So Chris is really talking about a real thing, which actually works. The fact that not everybody has heard about it doesn't makes it idiotic by default.
Putty is one of the applications which has a PE variant available for download. So maybe you should refrain from characterizing posts without doing a basic google search first.

BTW, Winbox could also be such a candidate, if it would drop the saving of the login data in the users home folder in favor of a local folder access...
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2975
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6.44beta [testing] is released!

Fri Oct 12, 2018 10:26 am

Docmarius .. thank you for explanation but what USB U3 has common with ROS? What does he want to beta test with U3?
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1224
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.44beta [testing] is released!

Fri Oct 12, 2018 6:08 pm

Yes, you are right. It has nothing to do with ROS. As Sob said, it's probably a preparation for later actions. Sorry for the bump in.
But an actual PE release for Winbox could be a nice step :-)
 
pakud
just joined
Posts: 3
Joined: Sat Oct 13, 2018 9:59 pm

Re: v6.44beta [testing] is released!

Sat Oct 13, 2018 10:07 pm

the recent betas [ eg 6.44beta20 ] allow for upgrade of the lte card's firmware in RBwAPR-2nD&R11e-LTE, yet it's not possible in the RBwAPR-2nD&R11e-LTE-US

do you plan for allowing lte firmware upgrade on the US version?

thanks!
 
raffav
Member
Member
Posts: 345
Joined: Wed Oct 24, 2012 4:40 am

Re: v6.44beta [testing] is released!

Sat Oct 13, 2018 11:22 pm

Test on the current/stable channel
I was also trying to do that without success.
I think I'm running into a config bug in 6.44 Beta 20

I've upgraded my testing router and saw the L2TP/IPSec unsafe config notice. So I was playing around with configs to fix that.

Once the L2TP peer is initially added, any attempt to edit the peer config errors out with "Couldn't change IPSec Peer <::/0> - certificate chain is supported only in IKEv2 (6)"
This seems to affect both manually and dynamically added peers.

Any truly valid peer config commits successfully when initially configured, but any attempt to change them results in the same error.

Also, since Mikrotik is warning against L2TP/IPSec PSK, is there any plans to expand the L2TP setup in PPP to be more secure?
Sent from my XT1580 using Tapatalk

 
notToNew
Member Candidate
Member Candidate
Posts: 174
Joined: Fri Feb 19, 2016 3:15 pm

Re: v6.44beta [testing] is released!

Sun Oct 14, 2018 4:03 am

the recent betas [ eg 6.44beta20 ] allow for upgrade of the lte card's firmware in RBwAPR-2nD&R11e-LTE,
Is 008 still the current firmware?
 
pakud
just joined
Posts: 3
Joined: Sat Oct 13, 2018 9:59 pm

Re: v6.44beta [testing] is released!

Sun Oct 14, 2018 9:05 am

the recent betas [ eg 6.44beta20 ] allow for upgrade of the lte card's firmware in RBwAPR-2nD&R11e-LTE,
Is 008 still the current firmware?
after an upgrade on RBwAPR-2nD&R11e-LTE /interface lte info lte1 shows "MikroTik_CP_2.160.000_v008", while RBwAPR-2nD&R11e-LTE-US - MPSS: R11eL_v12.09.171931 APSS: R11eL_v02.14.173531 CUSTAPP

running /interface lte firmware-upgrade upgrade=y lte1 on the US device gives: failure: Device does not support this feature!
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12979
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.44beta [testing] is released!

Sun Oct 14, 2018 10:42 am

Change log for this beta clearly states that R11e firmware upgrade is available only for international version of devices .... can't you read?
 
pakud
just joined
Posts: 3
Joined: Sat Oct 13, 2018 9:59 pm

Re: v6.44beta [testing] is released!

Sun Oct 14, 2018 7:06 pm

Change log for this beta clearly states that R11e firmware upgrade is available only for international version of devices .... can't you read?
actually i can - that's why i stated my question: do you plan for allowing lte firmware upgrade on the US version?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12979
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.44beta [testing] is released!

Sun Oct 14, 2018 10:16 pm

Change log for this beta clearly states that R11e firmware upgrade is available only for international version of devices .... can't you read?
actually i can - that's why i stated my question: do you plan for allowing lte firmware upgrade on the US version?
Sorry, didn't see the question in your previous post.
 
schrotn
just joined
Posts: 14
Joined: Sat Sep 13, 2014 8:23 am

Re: v6.44beta [testing] is released!

Mon Oct 15, 2018 6:52 am

I previously had 6.44 b(~6 or 8, can't recall) and it didn't warn about either l2tp/ipsec psk nor ipsec certificates.
I'm fairly certain it's a recent addition to the testing channel only.
Test on the current/stable channel
I was also trying to do that without success.

Sent from my XT1580 using Tapatalk
 
fredcom
just joined
Posts: 9
Joined: Thu Jan 18, 2018 7:55 pm

Re: v6.44beta [testing] is released!

Mon Oct 15, 2018 10:53 am

Hey guys,

I have a sort of offtopic question, but since we have the ability to upgrade the firmware now - where does one get the new firmware for R11e-LTE?
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 228
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: v6.44beta [testing] is released!

Mon Oct 15, 2018 2:46 pm

 
raffav
Member
Member
Posts: 345
Joined: Wed Oct 24, 2012 4:40 am

Re: v6.44beta [testing] is released!

Mon Oct 15, 2018 3:44 pm

I previously had 6.44 b(~6 or 8, can't recall) and it didn't warn about either l2tp/ipsec psk nor ipsec certificates.
I'm fairly certain it's a recent addition to the testing channel only.
Test on the current/stable channel
I was also trying to do that without success.

Sent from my XT1580 using Tapatalk
On the 43rc was also get the sames errors
I sent a email to support they told me that I had to use the cli for that. maybe they still doesn't have fixed yet.

Sent from my XT1580 using Tapatalk

 
fredcom
just joined
Posts: 9
Joined: Thu Jan 18, 2018 7:55 pm

Re: v6.44beta [testing] is released!

Mon Oct 15, 2018 10:09 pm

Thanks for heads up. I think I will eventually end up with this new board, as it seems I've became addicted to Mikrotik tech :)

But anyway, no one has knowledge on where to get new firmware?
 
netispguy
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Sun Feb 25, 2018 4:29 am

Re: v6.44beta [testing] is released!

Tue Oct 16, 2018 12:12 am

I really hope that the new iPhone Xs/XsMax 5GHz AC problem is resolved before the 6.44 production release.

viewtopic.php?f=7&t=139608&sid=c8121250 ... cae5c96b71
 
andriys
Forum Guru
Forum Guru
Posts: 1543
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: v6.44beta [testing] is released!

Tue Oct 16, 2018 11:00 am

I really hope that the new iPhone Xs/XsMax 5GHz AC problem is resolved before the 6.44 production release.

viewtopic.php?f=7&t=139608&sid=c8121250 ... cae5c96b71

Reading through the topic you've linked to makes me think it is an iPhone's problem, not Mikrotik's one.
 
netispguy
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Sun Feb 25, 2018 4:29 am

Re: v6.44beta [testing] is released!

Tue Oct 16, 2018 2:14 pm

I really hope that the new iPhone Xs/XsMax 5GHz AC problem is resolved before the 6.44 production release.

viewtopic.php?f=7&t=139608&sid=c8121250 ... cae5c96b71

Reading through the topic you've linked to makes me think it is an iPhone's problem, not Mikrotik's one.
Hmm... I respectfully disagree that reading the topic leads to your assumption; however, I am also willing to believe this is an Apple problem.

The problem is that we (and other reports) have confirmed that the new Apple Xs devices appear to be working without any problem across a broad spectrum of Wi-Fi ecosystems. This includes commercial environments (such as Ubiquiti and Cisco), consumer environments (such as NetGear, Linksys, Google, ASUS etc.) and whatever Comcast and Xfinity are using for their deployments. Maybe these platforms are having issues (although unnoticeable), but the problem we are seeing on the Mikrotik framework is extremely severe.

I personally went out and purchased an iPhone XsMax to see for myself. I travel a lot and move through a large number of wifi environments and can confirm that I saw the problem at our office in Silicon Valley (as reported by my users) and at my home (which is fully Mikrotik). I did NOT see any issue whatsoever last week connecting to wifi at SFO, for 6 hours connected to Gogo on a United flight to Boston, at a Marriott hotel or at a coffee shop. Once I walked into my Boston office (Mikrotik), I immediately saw the problem return...

If this is an Apple problem, it appears to be impacting our Mikrotik frameworks more than others...
 
kalamaja
Member Candidate
Member Candidate
Posts: 114
Joined: Wed May 23, 2018 3:13 pm

Re: v6.44beta [testing] is released!

Tue Oct 16, 2018 2:20 pm

I really hope that the new iPhone Xs/XsMax 5GHz AC problem is resolved before the 6.44 production release.

viewtopic.php?f=7&t=139608&sid=c8121250 ... cae5c96b71
Reading through the topic you've linked to makes me think it is an iPhone's problem, not Mikrotik's one.
From iOS 12.0.1 release notes:
Resolves an issue that could cause iPhone XS devices to rejoin a Wi-Fi network at 2.4GHz instead of 5GHz
 
netispguy
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Sun Feb 25, 2018 4:29 am

Re: v6.44beta [testing] is released!

Tue Oct 16, 2018 2:48 pm

I really hope that the new iPhone Xs/XsMax 5GHz AC problem is resolved before the 6.44 production release.

viewtopic.php?f=7&t=139608&sid=c8121250 ... cae5c96b71
Reading through the topic you've linked to makes me think it is an iPhone's problem, not Mikrotik's one.
From iOS 12.0.1 release notes:
Resolves an issue that could cause iPhone XS devices to rejoin a Wi-Fi network at 2.4GHz instead of 5GHz
12.0.1 does not resolve what we are seeing. I can confirm it did fix the issue you mentioned above when both 2.4GHz and 5GHz radios are broadcasting the same SSID, and was impacting all environments. The issue I am discussing makes these new iPhones almost totally dysfunctional within the Mikrotik framework using any 5GHz AC 80MHz XXXX channel width. If you configure your radio to 5GHz A/N 40MHz XX, the problem goes away. It's an "AC" issue...different problem than what was fixed in 12.0.1
 
kramer
just joined
Posts: 7
Joined: Mon Jun 18, 2018 1:21 am

Re: v6.44beta [testing] is released!

Wed Oct 17, 2018 6:57 pm

Hi,

In the beginning just to say I'm not IT pro when comes to Mikrotik. However on beta soft I did create ipv6 tunnel from HE - it working fine on my CCR 1009. I can ping outside ipv6 addr without problem.
But what I cannot ping Miktrotik ipv6 addres from LAN, same subnet, same VLAN. Maybe someone have similar issue ?

Brgds
D
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.44beta [testing] is released!

Wed Oct 17, 2018 8:37 pm

But what I cannot ping Miktrotik ipv6 addres from LAN, same subnet, same VLAN. Maybe someone have similar issue ?
Please do not use the release topic for other things than reporting issues with the release.
Make a new topic in the General or Beginners section describing your issue and include a /export of your configuration (no screenshots!).
 
kramer
just joined
Posts: 7
Joined: Mon Jun 18, 2018 1:21 am

Re: v6.44beta [testing] is released!

Wed Oct 17, 2018 10:25 pm

But what I cannot ping Miktrotik ipv6 addres from LAN, same subnet, same VLAN. Maybe someone have similar issue ?
Please do not use the release topic for other things than reporting issues with the release.
Make a new topic in the General or Beginners section describing your issue and include a /export of your configuration (no screenshots!).
sorry... I fixed this by using Router/48: from HE instead /64:
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Mon Oct 29, 2018 11:31 am

Version 6.44beta28 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.44beta28 (2018-Oct-29 07:58):

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

!) radius - initial implementation of RadSec (Radius communication over TLS);
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) certificate - fixed time zone adjustment for SCEP requests;
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - fixed bad voltage readings on RB493G;
*) ike2 - added option to specify certificate chain;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly update warnings under peer menu;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "boot-os" and "force-backup-booter" option only on devices that have such feature;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) upgrade - made security package depend on DHCP package;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - renamed "frequency-list" to "scan-list";
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - added align mode "/interface w60g align" (CLI only);

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.44beta [testing] is released!

Mon Oct 29, 2018 1:30 pm

Starting with 6.44beta28 the security package requires the dhcp package to be installed? I think that is something to be noted in changelog. What's the reason?
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Mon Oct 29, 2018 2:11 pm

Nice catch. It is because of the new IKEv2 feature which works with DHCP. I will update the changelog.
 
huntah
Member Candidate
Member Candidate
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

Re: v6.44beta [testing] is released!

Mon Oct 29, 2018 4:33 pm

ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
Any Examples?

If I am not mistanken this means that split tunneling will now work!
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Mon Oct 29, 2018 4:48 pm

There is no special configuration needed. RouterOS will automatically convert split-network parameter to use with DHCP option.
 
huntah
Member Candidate
Member Candidate
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

Re: v6.44beta [testing] is released!

Mon Oct 29, 2018 8:25 pm

I just installed beta28 on brand new HapLite (default Settings).
added Certificates and ipsec ike2 RSA setup:
/certificate
add common-name=TESTCA name=TESTCA days-valid=3650
sign TESTCA ca-crl-host=192.168.3.124
add common-name=192.168.3.124 subject-alt-name=DNS:192.168.3.124 key-usage=tls-server name=TestVPN days-valid=3600
sign TestVPN ca=TESTCA
add common-name=hunter key-usage=tls-client name=hunter days-valid=3600
sign hunter ca=TESTCA

/ip pool
add name=VPN-Pool ranges=192.168.222.100-192.168.222.150

/ip ipsec mode-config
add address-pool=VPN-Pool address-prefix-length=32 name=RW-cfg split-include=192.168.88.0/24
/ip ipsec peer profile
set [ find default=yes ] enc-algorithm=aes-128
/ip ipsec policy group
add name=RoadWarrior
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc
add auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,aes-128-cbc name=proposal1 pfs-group=none
/ip ipsec peer
add auth-method=rsa-signature certificate=TestVPN exchange-mode=ike2 generate-policy=port-strict mode-config=RW-cfg passive=yes policy-template-group=RoadWarrior
/ip ipsec policy
add comment=IKEv2 dst-address=192.168.222.0/24 group=RoadWarrior proposal=proposal1 src-address=0.0.0.0/0 template=yes
Win10 client connects OK but split-include does not work. The Win10 1803 client does not get routes..
Also tried address-prefix-length=24.. still noting.

In log I can see mikrotik detect Windows Machine but split-include is not pushed to the client..
I have attached the ipsec debug log. Connect and disconnect from win10 test machine

@emils: Am I doing something wrong? Please advise.. thx
You do not have the required permissions to view the files attached to this post.
Last edited by huntah on Mon Oct 29, 2018 11:06 pm, edited 1 time in total.
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 11114
Joined: Mon Dec 04, 2017 9:19 pm

Re: v6.44beta [testing] is released!

Mon Oct 29, 2018 9:32 pm

I'm not Emils, however can you try to run packet sniffer before clicking "connect" on the Windows machine with the following settings (assuming that etherX is the name of the interface through which it connects)?

/tool sniffer set only-headers=no memory-limit=100 memory-scroll=yes file-name="" file-limit=8000 streaming-enabled=no filter-stream=no filter-interface=etherX filter-mac-address="" filter-mac-protocol="" filter-ip-address="" filter-ipv6-address="" filter-ip-protocol=udp filter-port=53 filter-cpu="" filter-direction=any filter-operator-between-entries=and

Then, do the following:

/tool sniffer start
/tool sniffer packet print interval=1s


And then start the client on Windows.

If you see a packet in the list, chances are high that it is the DHCPINFORM which is needed for the feature to work; however, another necessary condition may be to have more than one split-subnet, as one destination subnet is normally a mandatory part of the mode-config so there is no point in sending it using DHCP.
 
huntah
Member Candidate
Member Candidate
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

Re: v6.44beta [testing] is released!

Mon Oct 29, 2018 11:03 pm

I tried with ether1 (my wan on test router)
but nothing is catcing in the sniffer when I connect or disconnect.
I dont really understand what DNS (udp/53) has to do with DHCP (udp/67-68)
If I change it to correct ports I get:
0   14.46 ether1                         192.168.222.146:68 (bootpc)                                 255.255.255.255:67 (bootps)                                 udp           342   0 no 
 1  19.212 ether1                         192.168.222.146:68 (bootpc)                                 255.255.255.255:67 (bootps)                                 udp           342   0 no 
 2   24.21 ether1                         192.168.222.146:68 (bootpc)                                 255.255.255.255:67 (bootps)                                 udp           342   0 no 
I have also tried multiple subnets in split-include.. With no luck.

If I set user remote gateway on Win10 Client VPN connecton works.. But for all networks (split-include set 0.0.0.0/0, havent tried with includes...).
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 11114
Joined: Mon Dec 04, 2017 9:19 pm

Re: v6.44beta [testing] is released!

Mon Oct 29, 2018 11:16 pm

I dont really understand what DNS (udp/53) has to do with DHCP (udp/67-68)
I'm a bit sleepy so I've mixed them up, that's all. Good you've found out yourself.

Now if 192.168.222.146 is the address from the /ip pool assigned to /ip ipsec mode-config, so it is the one assigned to the Win PC using mode-config, you can double-check that it is a DHCPINFORM packet by sniffing into file and opening the file using Wireshark (update: just checked it myself on a W2012 system connected to 6.43.2, so yes, it is a DHCPINFORM)

So until Emils comes tomorrow, I'd try to attach a DHCP server to ether1, and that's my last idea given that he's already stated that the ipsec plant itself takes care about converting the split-include data into Option 249.
 
huntah
Member Candidate
Member Candidate
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

Re: v6.44beta [testing] is released!

Mon Oct 29, 2018 11:51 pm

I dont get any DHCPInform..
Attached is the wireshark and then connect to VPN..
I cant put DHCP Server on WAN port ...

guess we will wait for Mktik guys to wake up :)
Night all and thnx for tips and help sindy!
You do not have the required permissions to view the files attached to this post.
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 11114
Joined: Mon Dec 04, 2017 9:19 pm

Re: v6.44beta [testing] is released!

Tue Oct 30, 2018 12:02 am

You most likely do get the DHCPINFORM :-) But to see it, you cannot capture on the PC as you did, you have to use /tool sniffer on Mikrotik and set file-name=something.pcap. When you capture on the PC, the DHCPINFORM is only seen there encrypted in the ESP so you cannot recognize it. The Mikrotik sniffer shows you both the IPsec transport packets (ESP in this case) and the plaintext packets extracted from them. This is not true in the opposite direction, i.e. you cannot see plaintext packets before they got encrypted on the same interface through which they are sent out encrypted.
 
huntah
Member Candidate
Member Candidate
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

Re: v6.44beta [testing] is released!

Tue Oct 30, 2018 12:45 am

OK my bad :)

Here is the Wireshark capture from Mikrotik..
There are DHCP Inform messages but I am not able to interpret them :/
You do not have the required permissions to view the files attached to this post.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Oct 30, 2018 9:04 am

That is interesting. Are there really no other logs in ipsec topic after the IPsec-SA has been established? From what I can tell, DHCP inform is received on the router, but IPsec does not see the packet. What other configuration do you have on the router? Is there a DHCP server or client configured? Do you see any logs in dhcp topic when establishing the tunnel?
 
huntah
Member Candidate
Member Candidate
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

Re: v6.44beta [testing] is released!

Tue Oct 30, 2018 9:46 am

I have default configuration (eth1 -> DHCLient to my private network)
All drop rules disabled
DHCPServer on Bridge (Default with IP pool 192.168.88.0)
VPN Pool is 192.168.222.0/24
I have attached the full config export compact
You do not have the required permissions to view the files attached to this post.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Oct 30, 2018 10:39 am

Weird, it works for me with exact your configuration and 1803 (Pro). Did you change any of the advanced ipv4 configuration on Windows side except for disabling EAP authentication? Note that it might take a few seconds for routes to be installed. How are you checking the route presence? Can you do 'route print -4' in cmd.exe? If that does not yield any results, please enable IPsec debug logs (topics=ipsec) and generate a supout.rif file after a few seconds when connection is established and send it to support@mikrotik.com.
 
huntah
Member Candidate
Member Candidate
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

Re: v6.44beta [testing] is released!

Tue Oct 30, 2018 11:24 am

I check exactly like that..
but there arent any routes from split-include..
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.3.1    192.168.3.122     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.3.0    255.255.255.0         On-link     192.168.3.122    311
    192.168.3.122  255.255.255.255         On-link     192.168.3.122    311
    192.168.3.124  255.255.255.255         On-link     192.168.3.122     56
    192.168.3.255  255.255.255.255         On-link     192.168.3.122    311
    192.168.222.0    255.255.255.0         On-link   192.168.222.148     46
  192.168.222.148  255.255.255.255         On-link   192.168.222.148    301
  192.168.222.255  255.255.255.255         On-link   192.168.222.148    301
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.3.122    311
        224.0.0.0        240.0.0.0         On-link   192.168.222.148    301
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.3.122    311
  255.255.255.255  255.255.255.255         On-link   192.168.222.148    301
===========================================================================
Suppout.rif sent to support..
If anyone else can try it would be super..
Maybe just my Win10 machine wont work as it should :)
I will test in the eventing with another..
 
msatter
Forum Guru
Forum Guru
Posts: 2941
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.44beta [testing] is released!

Tue Oct 30, 2018 1:16 pm

Why can't device-specific stuff like MAC-addresses simply be removed from the backup files?
Because it is whole system backup.
Proposal: choice, to omit not on backup but on restore. So you will have allways a full backup and can select on restore if certain values should not be restored.

Workings could be, enter the password if needed, that you can selected direct restore or making a selection containing options, which by omitting them not lead to bricking the device.

After deselecting data not to be restored a new backup file is written (with a different name), not containing the omitted data. This file is used for the restore and deleted after restoring, so one time usage.

The original full backup file will be untouched.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Tue Oct 30, 2018 1:48 pm

Proposal: choice, to omit not on backup but on restore. So you will have allways a full backup and can select on restore if certain values should not be restored.
Let's imagine the internals of this restoration process. There's a database table with the list of interfaces, their parameters, their MAC addresses, etc. Now you restore it from backup leaving MAC address fields empty (?). So there's no connection between entries in the table and real interfaces. Configuration is in inconsistent state.

Don't think about backup like about an /export file. It's a bit different and more low-level thing.
 
5nik
Member Candidate
Member Candidate
Posts: 107
Joined: Thu Dec 08, 2011 3:15 am
Location: Czech Republic

Re: v6.44beta [testing] is released!

Tue Oct 30, 2018 1:49 pm

*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
It will be greate to add this feature for PPP tunels too (SSTP, L2TP). Now I'm using forwarding DHCP Info packets to external DHCP server for DHCP option 249 (and another DHCP options for Windows clients).
 
msatter
Forum Guru
Forum Guru
Posts: 2941
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.44beta [testing] is released!

Tue Oct 30, 2018 5:36 pm

Proposal: choice, to omit not on backup but on restore. So you will have allways a full backup and can select on restore if certain values should not be restored.
Let's imagine the internals of this restoration process. There's a database table with the list of interfaces, their parameters, their MAC addresses, etc. Now you restore it from backup leaving MAC address fields empty (?). So there's no connection between entries in the table and real interfaces. Configuration is in inconsistent state.

Don't think about backup like about an /export file. It's a bit different and more low-level thing.
Then maybe a RSC script that does manual work after a restore. I can Reset MAC on a interface so I get the MAC of the restored to device and not the MAC from the backup.

Changing the tables that use MAC is something you always have to do when use the hard MAC's of a different device.
 
huntah
Member Candidate
Member Candidate
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

Re: v6.44beta [testing] is released!

Tue Oct 30, 2018 7:19 pm

HI,
ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
just got word back from support. They have found the problem with split-include and it will be fixes in next beta..
Will test then again and post back the results!
 
ksteink
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Thu Mar 31, 2016 6:54 pm

Re: v6.44beta [testing] is released!

Tue Oct 30, 2018 7:22 pm

I want to see HW Off-load enabled in all bridge interfaces, not just one. Specially knowing that you need 1 Bridge per VLAN having this limitation is a killer as I will limit the traffic throughput without unable to get wired speed only in just 1 VLAN. Really?? Seriously??
 
User avatar
xvo
Forum Guru
Forum Guru
Posts: 1237
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: v6.44beta [testing] is released!

Tue Oct 30, 2018 7:36 pm

I want to see HW Off-load enabled in all bridge interfaces, not just one. Specially knowing that you need 1 Bridge per VLAN having this limitation is a killer as I will limit the traffic throughput without unable to get wired speed only in just 1 VLAN. Really?? Seriously??
After implementing vlan-aware bridges with hw-offload you no longer need 1 bridge per vlan.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.44beta [testing] is released!

Tue Oct 30, 2018 8:15 pm

After implementing vlan-aware bridges with hw-offload you no longer need 1 bridge per vlan.
But with VLAN-aware bridges you have no hw-offload at all!
 
User avatar
xvo
Forum Guru
Forum Guru
Posts: 1237
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: v6.44beta [testing] is released!

Tue Oct 30, 2018 8:51 pm

After implementing vlan-aware bridges with hw-offload you no longer need 1 bridge per vlan.
But with VLAN-aware bridges you have no hw-offload at all!
The config mentioned above - with multiple bridges - was always purely software, and it was the only way for devices without switch chip.
No point to think of it in any other way.

But now, devices without switch chip can do it in much easier way.
Some switches can even do it both easy and in hardware.
And all others - still can do it in the switch menu, just like before.

Anyway, all this is completely unrelated to this ROS version.
 
dgrififth
just joined
Posts: 8
Joined: Sat Oct 15, 2016 10:35 am

Re: v6.44beta [testing] is released!

Wed Oct 31, 2018 1:08 am

*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);

So what was the bug here? I have a bunch of RB750Gr2 units on 6.43.2 that sometimes lose traffic on ethernet ports until the port is cycled on/off. Link remains up, and it *appears* that data is sent out the port (although maybe it is just presented to the port hardware by ROS and the hardware fails to send it), just nothing comes back in.

Disable/enable the link, all works again for 5-15 minutes. Turning on "Proxy-arp" for that ethernet interface appears to fix it or at least make it work for hours instead of minutes, although there is no reason to have proxy-arp.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.44beta [testing] is released!

Wed Oct 31, 2018 11:20 am

Turning on "Proxy-arp" for that ethernet interface appears to fix it or at least make it work for hours instead of minutes, although there is no reason to have proxy-arp.
That depends. It can be a bug in your client device too. E.g. Ubiquiti access points sometimes lose the default route (or it becomes ineffective) and then you need tricks
like proxy-arp or SNAT to still access the management interface of the device from the network (while it continues to bridge traffic between the routers).
Reboot of the Ubiquiti fixes that, for a few weeks or months. Then it randomly returns.
 
dgrififth
just joined
Posts: 8
Joined: Sat Oct 15, 2016 10:35 am

Re: v6.44beta [testing] is released!

Wed Oct 31, 2018 11:58 am

It can be a bug in your client device too.
Yeah I was hoping that proxy arp would have a slightly different processing path, and it appears to work. It's a WinCE end device (that is, no routing, just a single IP address) that appeared to work ok with 6.39 across 15 or so units, so I'll probably revert to that and see if it makes a difference. But I've been trawling the changelogs looking for recent ROS ethernet changes, and this is the first one I've come across.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.44beta [testing] is released!

Wed Oct 31, 2018 2:12 pm

You could check the ARP table of the client to see if it has any strange entries (other IP addresses than the router, with the router's MAC address).
If so you need to debug the client.
I would not know a legitimate reason why proxy-arp would work and normal arp would not, when the client is correctly configured.
(correct subnet on the LAN interface and a default route via the router's IP address)
 
dgrififth
just joined
Posts: 8
Joined: Sat Oct 15, 2016 10:35 am

Re: v6.44beta [testing] is released!

Thu Nov 01, 2018 3:49 am

I would not know a legitimate reason why proxy-arp would work and normal arp would not, when the client is correctly configured.
Hence why I suspect it's a bug in ROS. :-P

They're remote clients running a full screen app on winCE, so it's difficult to debug. Disturbing the port in any way (eg unplug/re-plug, disable/enable in ROS) fixes the issue temporarily, other brands of switches don't present this problem to the device, etc, etc. It's the combo of Mikrotik Hex switch + this device that has the issue. Anyway, I've left a few units on proxy-arp and a few units running 6.42.9, so will observe for a while.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.44beta [testing] is released!

Thu Nov 01, 2018 10:30 am

While the device cannot communicate (I presume to an outside network, not internal to the LAN subnet), is it still possible to ping the device from the router (i.e. from within the same subnet)?
And is it possible to ping the device from outside and wake-up the stalled connection?
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.44beta [testing] is released!

Fri Nov 02, 2018 10:20 am

Nice catch. It is because of the new IKEv2 feature which works with DHCP. I will update the changelog.
Will devices be able to handle that on its own? Or more important... Will CAPsMAN handle this for connected devices?
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Fri Nov 02, 2018 12:21 pm

Will devices be able to handle that on its own? Or more important... Will CAPsMAN handle this for connected devices?

We will see if we can remove the dependency, but most likely users with standalone packages will have to handle the upgrade process by themselves.
 
User avatar
hknet
Member Candidate
Member Candidate
Posts: 128
Joined: Sun Jul 17, 2016 6:05 pm
Location: Vienna, Austria
Contact:

Re: v6.44beta [testing] is released!

Fri Nov 02, 2018 9:29 pm

Hi
regarding the issue:

bridge - fixed packet forwarding when changing MSTI VLAN mappings

could someone from MT please elaborate?
we have been quite unsuccessfull integrating crs317 devices in our network using MSTP
the RSTP from other devices arriving on vlans is simply not being replicated to other memberports of the same VLAN (untagged/tagged).

please advise
hk
 
dgrififth
just joined
Posts: 8
Joined: Sat Oct 15, 2016 10:35 am

Re: v6.44beta [testing] is released!

Sat Nov 03, 2018 11:13 pm

While the device cannot communicate (I presume to an outside network, not internal to the LAN subnet), is it still possible to ping the device from the router (i.e. from within the same subnet)?
And is it possible to ping the device from outside and wake-up the stalled connection?
Nope. Link to the device from the switch is reported as being up by both the device and the switch, but it's completely unpingable. Device can't connect to a server on the same subnet, server or any other IP on the subnet can't ping the device. ARP pings fail as well. Packet sniffing shows ping packets making it to the port that the device is connected to (according to ROS when I packet sniff on the port, anyway), but nothing from the device, not even normal idle packets (arps, windows networking packets,etc). Zero bytes / packets come from the port when the fault is present.

It's very mysterious.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.44beta [testing] is released!

Sat Nov 03, 2018 11:32 pm

It is a bit contradictory. When you say you see outgoing pings to the device, that is only possible when the device has answered ARP requests (so the router knows the device MAC address, if not you would see ARP requests to the device), but then you say that ARP pings fail.
When turning on proxy-arp fixes it it suggests that ARP is involved and maybe the device does not get answers on its ARP requests (to the router), but when changing something in the router fixes that, you would think that ARP requests *are* in fact sent by the device, but not answered by the router when not in proxy-arp mode.
That could happen e.g. when the requested address in the ARP does not match the address of the router, and this the ARP request is ignored, while it is answered in proxy-arp mode.
But in this case you still should see incoming ARP requests from the device whenever it does not answer pings.
(sometimes devices do not send them "in response to" the incoming packet that requires a reply, but send them at some fixed rate when the first one had not been answered)

I think you need to trace a bit longer to know for sure that really nothing comes in from the device, and especially look for malformed ARP requests.
 
DezsiIstvan
just joined
Posts: 3
Joined: Sat Nov 24, 2012 8:20 pm

Re: v6.44beta [testing] is released!

Sun Nov 04, 2018 9:26 pm

I test radsec (RFC 6614) radius connection.
It's works (connecting over SSL encrypted tcp connection to radius server)

I got the following request on our freeradius server
(1) Received Access-Request Id 23 from y.y.y.y:40627 to 0.0.0.0:2083 length 146
(1) Service-Type = Login-User
(1) User-Name = "username"
(1) MS-CHAP-Challenge = 0x...3e
(1) MS-CHAP2-Response = 0x...bc
(1) Calling-Station-Id = "x.x.x.x"
(1) NAS-Identifier = "AP-name"
(1) NAS-IP-Address = y.y.y.y

I have some problems,questions and future requests:

- for all authentication services (SSH/Winbox/HTTPS/API-SSL/...) we need Clear-Text password not MS-CHAP / MS-CHAP2 because on radius server passwords are hashed
THIS IS VERY IMPORTANT
radsec with mschap is useless

- for us be useful if we differentiate mikrotik auth service in "Service-Type" for example
for ssh put in Service-Type = ssh (like linux machines)
with this we can decide on radius server which user have access via which service
for example "john have access only via winbox, bob via ssh,winbox,https

- mikrotik radsec client how authenticate the server ?

Future requests I need to email to support ?
 
User avatar
artz
MikroTik Support
MikroTik Support
Posts: 88
Joined: Tue Oct 17, 2017 5:51 pm
Location: Riga
Contact:

Re: v6.44beta [testing] is released!

Mon Nov 05, 2018 10:07 am

Hi
regarding the issue:

bridge - fixed packet forwarding when changing MSTI VLAN mappings

could someone from MT please elaborate?
we have been quite unsuccessfull integrating crs317 devices in our network using MSTP
the RSTP from other devices arriving on vlans is simply not being replicated to other memberports of the same VLAN (untagged/tagged).

please advise
hk
The bug affected all devices. Traffic stopped forwarding when you started to change MSTI VLAN mappings, but you could easily fix it by disabling it and re-enabling it.
MSTP is compatible with RSTP, this means that BPDUs should not be replicated anywhere, each device sends out its own BPDU.
It sounds a lot more like you have misconfigured device:
https://wiki.mikrotik.com/wiki/Manual:L ... _interface
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.44beta [testing] is released!

Tue Nov 06, 2018 6:04 pm

I see some complaining about MS-CHAPv2 support in Winbox. We like the MS-CHAPv2 support for Winbox because it allows us to no longer have to store the passwords unencrypted on the authentication server, so I hope it is retained in some way. We do not wish to go back to regular CHAP in our case.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2182
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v6.44beta [testing] is released!

Wed Nov 07, 2018 1:00 am

I see some complaining about MS-CHAPv2 support in Winbox. We like the MS-CHAPv2 support for Winbox because it allows us to no longer have to store the passwords unencrypted on the authentication server, so I hope it is retained in some way. We do not wish to go back to regular CHAP in our case.
Agreed

Security first!
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 926
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v6.44beta [testing] is released!

Wed Nov 07, 2018 1:45 pm

I see some complaining about MS-CHAPv2 support in Winbox. We like the MS-CHAPv2 support for Winbox because it allows us to no longer have to store the passwords unencrypted on the authentication server, so I hope it is retained in some way. We do not wish to go back to regular CHAP in our case.
Agreed

Security first!
ABSOLUTELY, security first.
 
DezsiIstvan
just joined
Posts: 3
Joined: Sat Nov 24, 2012 8:20 pm

Re: v6.44beta [testing] is released!

Wed Nov 07, 2018 2:39 pm

I see some complaining about MS-CHAPv2 support in Winbox. We like the MS-CHAPv2 support for Winbox because it allows us to no longer have to store the passwords unencrypted on the authentication server, so I hope it is retained in some way. We do not wish to go back to regular CHAP in our case.
MS-CHAPv2 need clear-text / decryptable password or MD4 hash of password on radius server side
this mean that in radius server we need to store clear text or decryptable password in database (very insecure, MD4 is also very insecure)
Storing clear-text or reversible password is not allowed. We store only a SHA512 hash of salt+password.
To authenticate a password we need it in clear-text to compute the hash and compare with stored hash

Using MS-CHAP(v2) in a TLS tunnel (radsec) is a nonsense because TLS is a safe encrypted transfer protocol and can be used to transfer password in clear-text like every webpage (https).
So:
1) radsec uses TLS like HTTPS and safe for clear-text password transfer.
2) clear-text password transfer is needed to authenticate against hashed password, stored on radius server

radsec + mschap mean double encrypt the password in tranzit with a secure (radsec) and an unsecure (ms chap v2) algorithm with the price of insecure password store on radius server
radsec + clear-text password mean encrypt the password in tranzit with a secure (radsec) algorithm and on password server passwords can be stored with any algorithm for example with the seucre SHA512

because security is first, is important to send the password in clear-text format to radius server over a secure TLS encrypted (radsec) way

this method is used by every https webpage (clear-text password over TLS)
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Wed Nov 07, 2018 4:32 pm

Clear-text password over any channel is a source of MitM. In MS-CHAPv2 client has to prove he knows the password and also the server has to prove he knows the same password (two-way authentication)
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 248
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.44beta [testing] is released!

Thu Nov 08, 2018 4:17 am

All hash options is useless, Static passwords is insecure. I use OTP (One time Password) can't hash anything because there is nothing to hash on. Please reimplement PAP so I may once again be secure.
 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.44beta [testing] is released!

Wed Nov 14, 2018 10:24 am

Version 6.44beta9 has been released.
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
I cannot find that setting...
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Wed Nov 14, 2018 11:30 am

I cannot find that setting...
You do not have the required permissions to view the files attached to this post.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.44beta [testing] is released!

Fri Nov 16, 2018 12:53 pm

No new beta?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Fri Nov 16, 2018 1:25 pm

No new beta?
Bettar beta? =)
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3343
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.44beta [testing] is released!

Fri Nov 16, 2018 4:23 pm

They are working with the new 7.xx, so be patient.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Fri Nov 16, 2018 4:48 pm

This topic is not the place where we're joking about v7 :)
 
paulct
Member
Member
Posts: 336
Joined: Fri Jul 12, 2013 5:38 pm

Re: v6.44beta [testing] is released!

Fri Nov 16, 2018 4:59 pm

 
psannz
Member Candidate
Member Candidate
Posts: 128
Joined: Mon Nov 09, 2015 3:52 pm
Location: Stuttgart, Germany

Re: v6.44beta [testing] is released!

Fri Nov 16, 2018 5:09 pm

 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Fri Nov 16, 2018 6:48 pm

Try again :)
 
server8
Long time Member
Long time Member
Posts: 592
Joined: Fri Apr 22, 2011 1:27 pm

Re: v6.44beta [testing] is released!

Sat Nov 17, 2018 6:38 pm

4 chains without mu-mimo it's a joke?
I cannot find that setting...
 
mistry7
Forum Guru
Forum Guru
Posts: 1480
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: v6.44beta [testing] is released!

Sun Nov 18, 2018 2:29 pm

4 chains without mu-mimo it's a joke?
I cannot find that setting...
No, that is a feature!
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12979
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.44beta [testing] is released!

Sun Nov 18, 2018 2:45 pm

4 chains without mu-mimo it's a joke?
I cannot find that setting...
No, that is a feature!
mimo 4x4 using 2 TX and 2 RX chains works much better than mimo 2x2 using same hardware.
 
User avatar
Paternot
Forum Guru
Forum Guru
Posts: 1056
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v6.44beta [testing] is released!

Sun Nov 18, 2018 3:27 pm

 
mistry7
Forum Guru
Forum Guru
Posts: 1480
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: v6.44beta [testing] is released!

Sun Nov 18, 2018 9:50 pm

4 chains without mu-mimo it's a joke?
I cannot find that setting...
No, that is a feature!
mimo 4x4 using 2 TX and 2 RX chains works much better than mimo 2x2 using same hardware.
You Are not really benefiting without mumimo, and Status today ROS doesn’t support MU-Mimo or Wave2 or something else new..
Mikrotik Wireless is outdated!
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2182
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v6.44beta [testing] is released!

Mon Nov 19, 2018 5:40 am

 
Punkley
just joined
Posts: 4
Joined: Fri Sep 01, 2017 9:24 am

Re: v6.44beta [testing] is released!

Mon Nov 19, 2018 9:27 am

using a w60G and beta28 im not getting any information on the interface page eg

Frequency 64800
Remote MAC
Signal
MCS
PHY Rate
RSSI
TX Sector
TX Sector Info
RX Sector
Distance

All blank, and the quickset page is showing 0 for signal and MCS

Kingsley
 
tiftok
newbie
Posts: 49
Joined: Thu Apr 07, 2016 1:40 pm

Re: v6.44beta [testing] is released!

Sat Nov 24, 2018 12:55 pm

GREET MY PROBLEM SOLVE
l2tp server ISAKMP-SA deleted problem if dhcp enable solve in 6.44beta28
 
Stril
Member Candidate
Member Candidate
Posts: 204
Joined: Fri Nov 12, 2010 7:18 pm

Re: v6.44beta [testing] is released!

Sun Nov 25, 2018 1:07 am

using a w60G and beta28 im not getting any information on the interface page eg

Frequency 64800
Remote MAC
Signal
MCS
PHY Rate
RSSI
TX Sector
TX Sector Info
RX Sector
Distance

All blank, and the quickset page is showing 0 for signal and MCS

Kingsley
I can confirm this on LHG60
 
rzirzi
Member
Member
Posts: 393
Joined: Mon Oct 09, 2006 2:33 pm

Re: v6.44beta [testing] is released!

Mon Nov 26, 2018 10:54 pm

Have MikroTik stopped working at new version of RouterOS ? :(
 
raffav
Member
Member
Posts: 345
Joined: Wed Oct 24, 2012 4:40 am

Re: v6.44beta [testing] is released!

Mon Nov 26, 2018 11:07 pm

Have MikroTik stopped working at new version of RouterOS ? :(
I think maybe but just maybe they are ready for the 7v beta :)
would be a very nice Christmas present
 
server8
Long time Member
Long time Member
Posts: 592
Joined: Fri Apr 22, 2011 1:27 pm

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 9:39 am

We are bad boys so no new ROS from Santa Claus this year :-)
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 9:57 am

New beta build will be released later today. Had to polish some new features before releasing the version.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 1:37 pm

New beta build will be released later today. Had to polish some new features before releasing the version.
Please no new 6.44beta...
We wait for V7
 
msatter
Forum Guru
Forum Guru
Posts: 2941
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 1:40 pm

We are now all sitting on the edge of our seats.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 3:23 pm

Version 6.44beta39 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.44beta39 (2018-Nov-27 12:14):

Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------

Changes in this release:

!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
*) btest - added multithreading support for both UDP and TCP tests;
*) bridge - properly disable dynamic CAP interfaces;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - properly flush old CRLs when changing store location;
*) certificate - added support for multiple "Subject Alt. Names" (CLI only);
*) chr - correctly initialize grant table version 1;
*) cloud - added "ddns-update-interval" parameter (CLI only);
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter) (CLI only);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) kidcontrol - properly detect time zone changes;
*) log - properly handle long echo messages;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for more ZTE MF90 modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - increased reported "rsrq" precision (CLI only);
*) profiler - classify kernel crypto processing as "encrypting";
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - report last seen IP address in RADIUS accounting messages;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 3:51 pm

"/tool speed-test"
No iperf?? :?
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1768
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 4:11 pm

Average Joe will not know how to use iperf. I think target audience for this feature is defferent from iperf users :)
But it is fun anyway:
[admin@1072_bonding_test_1] > /tool speed-test 192.168.1.2 test-duration=60
                  ;;; results can be limited by cpu, note that traffic generation/termination performance might not be 
                      representative of forwarding performance
              status: done
      time-remaining: 0s
    ping-min-avg-max: 111us / 123us / 2.14ms
  jitter-min-avg-max: 0s / 10us / 2.01ms
                loss: 0% (0/1200)
        tcp-download: 11.6Gbps local-cpu-load:83%
          tcp-upload: 12.1Gbps local-cpu-load:89% remote-cpu-load:84%
        udp-download: 24.3Gbps local-cpu-load:5% remote-cpu-load:79%
          udp-upload: 23.1Gbps local-cpu-load:87% remote-cpu-load:20%
Why there are no tcp-download "remote-cpu-load"?
 
msatter
Forum Guru
Forum Guru
Posts: 2941
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 4:12 pm

I have my DNS cache being flooded with I think IP coming from the Addresslists.

Screen content of DNS Cache
N IP:xxx.xxx.xxx.xxx type: unknown Data: 0.0.0.0 TTL: 24H

Update: After a reboot it worked again as expected. I think the firmware had to be updated too and that update was already standing ready for the next reboot...which was executed during that reboot.

Thanks for the update of IPSEC and MMIPS and the throughput on my L2TP/IPSEC are really great!
Last edited by msatter on Tue Nov 27, 2018 6:27 pm, edited 3 times in total.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 4:17 pm

Why there are no tcp-download "remote-cpu-load"?
Current implementation allow only include this data into test connection, but waiting for it impacts results, we need to implement data collection as separate connection to get this working, it is in our to-do list.
 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 4:20 pm

*) wireless - improved system stability for all ARM devices with wireless;
I ask myself what issues my cAP ac devices have? Can you please give some more information about it?
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 4:31 pm

I ask myself what issues my cAP ac devices have? Can you please give some more information about it?
The router could have rebooted due to kernel failure in some rare occasions.
 
msatter
Forum Guru
Forum Guru
Posts: 2941
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 4:49 pm

I have L2PT/IPSEC connections that are "dail on demand" and those are displayed in IPSEC-Peers as entries that are unreachable. This is true, however after the connection is up they are still seen as unreachable (colour red).
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 4:55 pm

*) chr - correctly initialize grant table version 1;
Huh?.. (O_o)
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 4:59 pm

I have L2PT/IPSEC connections that are "dail on demand" and those are displayed in IPSEC-Peers as entries that are unreachable. This is true, however after the connection is up they are still seen as unreachable (colour red).
Can you post some screenshots of your peer menu?
 
flyfinlander
just joined
Posts: 4
Joined: Tue Nov 27, 2018 4:47 pm

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 5:01 pm

Hi,

What is the idea of that I can't use IKE2 with "pre shared key xauth" ?
When I try to set it up I get the message in attached picture.
You do not have the required permissions to view the files attached to this post.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 5:13 pm

Hi,

What is the idea of that I can't use IKE2 with "pre shared key xauth" ?
When I try to set it up I get the message in attached picture.
Pre-shared key with XAuth was never really supported in IKEv2. Also IKEv2 rfc does not acknowledge XAuth as an authentication method.
 
User avatar
blue
Member Candidate
Member Candidate
Posts: 271
Joined: Sun Dec 12, 2004 1:48 pm
Location: Serbia

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 5:24 pm

Many, many, many thanx for speedtest. Finally test uses all cores of the routerboard...
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 5:41 pm

Finally test uses all cores of the routerboard...
Have you checked BTest?

MT Staff: why create speed-test? You already have BTest - develop it! :)
 
g22113
just joined
Posts: 15
Joined: Sat Aug 19, 2017 3:21 pm

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 5:45 pm

What's new in 6.44beta39 (2018-Nov-27 12:14):
!) ipsec - added new "identity" menu with common peer distinguishers;
This new menu keeps complaining about my IKEv2-PSK configuration. After upgrade, I have 5 entries autogenerated in "/ip ipsec identity", but all of them (except one) show an error:

initiator peer can have only one identity

I don't know why that restriction was added -- it is completely valid in IKEv2 to use same IDi but a different PSK for each different remote peer (and I've been doing so for quite a while).

Also, the corresponding "/ip ipsec peer" entries also show This entry is unreachable... but oddly, they're connected and established despite that.
 
flyfinlander
just joined
Posts: 4
Joined: Tue Nov 27, 2018 4:47 pm

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 5:53 pm

Hi,

What is the idea of that I can't use IKE2 with "pre shared key xauth" ?
When I try to set it up I get the message in attached picture.
Pre-shared key with XAuth was never really supported in IKEv2. Also IKEv2 rfc does not acknowledge XAuth as an authentication method.
Very strange... Below are logs before and after on remote device(77.70.x.x with ROS 6.43).
Before - device (46.23.x.x with ROS 6.44beta28)
After - device (46.23.x.x with ROS 6.44beta39)
You do not have the required permissions to view the files attached to this post.
 
flyfinlander
just joined
Posts: 4
Joined: Tue Nov 27, 2018 4:47 pm

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 5:55 pm

Hi,

What is the idea of that I can't use IKE2 with "pre shared key xauth" ?
When I try to set it up I get the message in attached picture.
Pre-shared key with XAuth was never really supported in IKEv2. Also IKEv2 rfc does not acknowledge XAuth as an authentication method.
Very strange... Below are logs before and after on remote device(77.70.x.x with ROS 6.43).
Before - device (46.23.x.x with ROS 6.44beta28)
After - device (46.23.x.x with ROS 6.44beta39)


P.S. First log (before) is generated due wrong Xauth user name
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 6:00 pm

g22113, that is not a limitation, simply the warning messages are misleading. The limitation should be - one identity per one initiator peer. We will resolve the issue in the next beta.

The same goes for "this peer is unreachable" warnings - they are not working as expected. Also resolved in the next beta.

Another known issue - identity generated by L2TP server does not have generate-policy set to port-strict, meaning phase 2 will fail.

flyfinlander, if XAuth was configured with IKEv2 exchange-mode in older versions, asymmetric authentication was actually used. It worked between two RouterOS devices and most likely nowhere else without some weird configuration. We have plans to implement asymmetric authentication in the future and not mix it with XAuth which has nothing to do with it.
 
g22113
just joined
Posts: 15
Joined: Sat Aug 19, 2017 3:21 pm

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 6:19 pm

g22113, that is not a limitation, simply the warning messages are misleading. The limitation should be - one identity per one initiator peer. We will resolve the issue in the next beta.

The same goes for "this peer is unreachable" warnings - they are not working as expected. Also resolved in the next beta.
Thanks very much for the response.
 
dakotabcn
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Thu Apr 21, 2016 11:16 pm

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 6:35 pm

L2TP/IPSEC no work, the message are "failed to pre-process ph2 packet"
config
# nov/27/2018 17:36:36 by RouterOS 6.44beta39
#
# model = 951G-2HnD
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,3des
/interface l2tp-server server
set allow-fast-path=yes authentication=mschap2 default-profile=default enabled=yes ipsec-secret=********** use-ipsec=yes

config by default, i have deleted all old config ipsec an created by default
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 6:55 pm

Isn't the answer two posts above?..
 
dakotabcn
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Thu Apr 21, 2016 11:16 pm

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 7:07 pm

Isn't the answer two posts above?..
i use this config in 6.4.34 in all clients, in the new beta no work the peer, the port-override and main-l2tp no work
if upgrade to next version all vpn l2tp/ipsec with this config will they stop working?

/interface l2tp-server server
set authentication=mschap2 enabled=yes
/ppp profile
add change-tcp-mss=yes dns-server=8.8.4.4,8.8.8.8 name="VPN IPSEC" only-one=\
yes use-upnp=yes
/ip firewall filter
add action=accept chain=input comment="ipsec-ike-natt - VPN ROAMING - IPSEC" \
dst-port=4500 in-interface=ether1 protocol=udp
add action=accept chain=input comment="ipsec-ike-natt - VPN ROAMING" \
dst-port=500 in-interface=ether1 protocol=udp
add action=accept chain=input comment="ipsec-ike-natt - VPN ROAMING" \
dst-port=1701 in-interface=ether1 protocol=udp
/ip ipsec peer
add exchange-mode=main-l2tp generate-policy=port-override passive=yes secret=SECRETL2TPPASSWORD
 
User avatar
blue
Member Candidate
Member Candidate
Posts: 271
Joined: Sun Dec 12, 2004 1:48 pm
Location: Serbia

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 7:08 pm

Finally test uses all cores of the routerboard...
Have you checked BTest?

MT Staff: why create speed-test? You already have BTest - develop it! :)
I gave up on btest long time ago, and iperf is not always possible :(
 
msatter
Forum Guru
Forum Guru
Posts: 2941
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 8:54 pm

Isn't the answer two posts above?..
i use this config in 6.4.34 in all clients, in the new beta no work the peer, the port-override and main-l2tp no work
if upgrade to next version all vpn l2tp/ipsec with this config will they stop working?
.
.
/ip ipsec peer
add exchange-mode=main-l2tp generate-policy=port-override passive=yes secret=SECRETL2TPPASSWORD
What if you try:
add exchange-mode=main generate-policy=port-override passive=yes secret=SECRETL2TPPASSWORD
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 9:10 pm

L2TP/IPSEC no work, the message are "failed to pre-process ph2 packet"
config
# nov/27/2018 17:36:36 by RouterOS 6.44beta39
#
# model = 951G-2HnD
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,3des
/interface l2tp-server server
set allow-fast-path=yes authentication=mschap2 default-profile=default enabled=yes ipsec-secret=********** use-ipsec=yes

config by default, i have deleted all old config ipsec an created by default
As stated above, we are aware of the issue and will be fixed in the next beta versions.
i use this config in 6.4.34 in all clients, in the new beta no work the peer, the port-override and main-l2tp no work
if upgrade to next version all vpn l2tp/ipsec with this config will they stop working?

/interface l2tp-server server
set authentication=mschap2 enabled=yes
/ip ipsec peer
add exchange-mode=main-l2tp generate-policy=port-override passive=yes secret=SECRETL2TPPASSWORD
The configuration will automatically convert to the new format on upgrade. If you wish to configure the same configuration on new versions, you have to change the IPsec peer configuration to something like this:
/ip ipsec peer
add exchange-mode=main passive=yes name=l2tpserver
/ip ipsec identity
add generate-policy=port-override auth-method=pre-shared-key secret=SECRETL2TPPASSWORD peer=l2tpserver
 
rememberme
just joined
Posts: 23
Joined: Fri Nov 13, 2015 10:13 pm
Location: Chicago, USA

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 9:47 pm

After upgrade:

RouterBOOT booter 3.41

CCR1036-8G-2S+

CPU frequency: 1200 MHz
Memory size: 4096 MiB
NAND size: 1024 MiB

Press any key within 2 seconds to enter setup..

loading kernel... OK
setting up elf image... OK
jumping to kernel code
ERROR: no system package found!
Kernel panic - not syncing: Attempted to kill init!

Starting stack dump of tid 1, pid 1 (init) on cpu 4 at cycle 36191216532
frame 0: 0xfffffff70051f768 dump_stack+0x0/0x20 (sp 0xfffffe407fdbfc08)
frame 1: 0xfffffff700518700 panic+0x168/0x398 (sp 0xfffffe407fdbfc08)
frame 2: 0xfffffff700053a78 do_exit+0x1c8/0xd48 (sp 0xfffffe407fdbfcb0)
frame 3: 0xfffffff700054740 do_group_exit+0xf0/0x1e8 (sp 0xfffffe407fdbfd78)
frame 4: 0xfffffff700054858 __wake_up_parent+0x0/0x18 (sp 0xfffffe407fdbfdb0)
frame 5: 0xfffffff7005204d8 handle_syscall+0x210/0x2d0 (sp 0xfffffe407fdbfdc0)
<syscall while in user mode>
frame 6: 0x8e2f0 0x8e2f0 (sp 0x7f8bf990)
Stack dump complete
Rebooting in 1 seconds..Resetting chip and restarting.
 
rememberme
just joined
Posts: 23
Joined: Fri Nov 13, 2015 10:13 pm
Location: Chicago, USA

Re: v6.44beta [testing] is released!

Tue Nov 27, 2018 11:00 pm

Netinstall fixed the router. Same package files.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.44beta [testing] is released!

Wed Nov 28, 2018 4:32 am

Netinstall fixed the router. Same package files.
Unfurtunately this serial console output is the result of the problem. Not the output from the moment when packages were lost.

Upgrade happens on old version (one from which you upgrade router). Which version was installed on your router before an upgrade? Based on old firmware I assume that it was not one of the latest ones.
 
User avatar
antonsb
MikroTik Support
MikroTik Support
Posts: 411
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: v6.44beta [testing] is released!

Wed Nov 28, 2018 7:31 am

Finally test uses all cores of the routerboard...
Have you checked BTest?

MT Staff: why create speed-test? You already have BTest - develop it! :)
I gave up on btest long time ago, and iperf is not always possible :(
Please read carefully through change log:
*) btest - added multithreading support for both UDP and TCP tests;
 
dakotabcn
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Thu Apr 21, 2016 11:16 pm

Re: v6.44beta [testing] is released!

Wed Nov 28, 2018 10:07 am

As stated above, we are aware of the issue and will be fixed in the next beta versions.
i use this config in 6.4.34 in all clients, in the new beta no work the peer, the port-override and main-l2tp no work
if upgrade to next version all vpn l2tp/ipsec with this config will they stop working?

/interface l2tp-server server
set authentication=mschap2 enabled=yes
/ip ipsec peer
add exchange-mode=main-l2tp generate-policy=port-override passive=yes secret=SECRETL2TPPASSWORD
The configuration will automatically convert to the new format on upgrade. If you wish to configure the same configuration on new versions, you have to change the IPsec peer configuration to something like this:
/ip ipsec peer
add exchange-mode=main passive=yes name=l2tpserver
/ip ipsec identity
add generate-policy=port-override auth-method=pre-shared-key secret=SECRETL2TPPASSWORD peer=l2tpserver

PERFECT, this code works
I made the following test, 2 users with windows 10, a team with the 1803 and another with the 1809, two VPN L2TP, the two connected perfectly, I perform a continuous ping to the VPN GW, in the first responds for about 15 seconds and in the second one, it is suddenly inverted, the one that was working the ping stops responding and the other one starts, the two active VPNs but they alternate
This is already an advance, before when the second VPN connection L2TP was disconnected the first, now it maintains it but the two at the same time do not work
 
User avatar
Bergante
Member Candidate
Member Candidate
Posts: 144
Joined: Tue Feb 28, 2012 12:27 pm
Location: Bilbao, Spain

Re: v6.44beta [testing] is released!

Wed Nov 28, 2018 10:54 am

Please read carefully through change log:
*) btest - added multithreading support for both UDP and TCP tests;
Great job. Now a single Btest can saturate a w60 link :)
 
nkourtzis
Member Candidate
Member Candidate
Posts: 225
Joined: Tue Dec 11, 2012 12:56 am
Location: Greece

Re: v6.44beta [testing] is released!

Wed Nov 28, 2018 12:36 pm

Dear Mikrotik engineers,

Thank you for the relentless development of new and improved features.

Would you consider fixing this issue: viewtopic.php?f=2&t=119267
Imagine relying on l2tp for a backup (failover) connection, only to realise that it is not working when you need it. Well, it just happened to me. :-)

Regards
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Wed Nov 28, 2018 3:32 pm

Version 6.44beta40 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.44beta40 (2018-Nov-28 12:46):

Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
----------------------

Changes in this release:

!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
 
Stril
Member Candidate
Member Candidate
Posts: 204
Joined: Fri Nov 12, 2010 7:18 pm

Re: v6.44beta [testing] is released!

Wed Nov 28, 2018 6:42 pm


*) winbox - show "W60G" wireless tab on wAP 60G AP;
Hi!

That problem still exists with 6.44beta40
w60g monitoring is still only valid on CLI. GUI shows empty values.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.44beta [testing] is released!

Wed Nov 28, 2018 10:42 pm

Stril - Is "W60G" tab missing for your wAP device on Winbox interface under Wireless menu? That is the problem which was fixed. If tab is still missing or you have another problem which has not been addressed in this release, then please send message to support@mikrotik.com and include supout file in attachment.
 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.44beta [testing] is released!

Thu Nov 29, 2018 10:12 pm

Version 6.44beta40 has been released.
*) capsman - fixed "group-key-update" parameter not using correct units;
Can you please give some more information about this one?
 
msatter
Forum Guru
Forum Guru
Posts: 2941
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.44beta [testing] is released!

Thu Nov 29, 2018 11:35 pm

With the last two betas if have Winbox glitching and crashing. I re-downloaded Winbox but it still sometimes does not the windows and while typing all the windows disappear. Only a restart helps and then I have still sometimes manually reload the layout.

I find this strange because Winbox always worked great for me while others had problems with it.

I forgot to mention that I can't drag-and-drop anymore between file in Winbox and folders outside Winbox and vice versa. Really strange. I am using Win10 x64.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Fri Nov 30, 2018 9:35 am

anuser the parameter was not set properly and a different interval was used in the background.

msatter if there is an autosupout.rif file generated on the router after such crashes, it is worth to send it to us.
 
msatter
Forum Guru
Forum Guru
Posts: 2941
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.44beta [testing] is released!

Fri Nov 30, 2018 11:59 am

Thanks Emils and this morning I tried drag and drop from the Files window in Winbox and it worked again. :D

I hope that it was a temporary problem and downloading/install and clearing the Winbox cache did not work.

One thing that is interesting now it working again I could not connect to the router by means of the MAC address despite it is shown in Neighbors of the connect screen. During the glitches and crashes I could again use the MAC to connect, today all is back to normal not glitches till now and connect through the MAC address.

If it returns I don't thing that the router will notice it except that the Winbox connection is gone.

So all is good now.
 
User avatar
Extrems
just joined
Posts: 2
Joined: Tue Sep 11, 2018 8:09 pm
Location: Quebec, Canada
Contact:

Re: v6.44beta [testing] is released!

Fri Nov 30, 2018 5:13 pm

DHCP Snooping is causing reboots (no kernel panic) on CRS326-24G-2S+ since v6.44beta39.
 
User avatar
amt
Long time Member
Long time Member
Posts: 529
Joined: Fri Jan 16, 2015 2:05 pm

Re: v6.44beta [testing] is released!

Fri Nov 30, 2018 10:28 pm

Average Joe will not know how to use iperf. I think target audience for this feature is defferent from iperf users :)
But it is fun anyway:
[admin@1072_bonding_test_1] > /tool speed-test 192.168.1.2 test-duration=60
                  ;;; results can be limited by cpu, note that traffic generation/termination performance might not be 
                      representative of forwarding performance
              status: done
      time-remaining: 0s
    ping-min-avg-max: 111us / 123us / 2.14ms
  jitter-min-avg-max: 0s / 10us / 2.01ms
                loss: 0% (0/1200)
        tcp-download: 11.6Gbps local-cpu-load:83%
          tcp-upload: 12.1Gbps local-cpu-load:89% remote-cpu-load:84%
        udp-download: 24.3Gbps local-cpu-load:5% remote-cpu-load:79%
          udp-upload: 23.1Gbps local-cpu-load:87% remote-cpu-load:20%
Why there are no tcp-download "remote-cpu-load"?
tested beta version on CCR1072 ?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Sat Dec 01, 2018 1:21 am

Why not? It's 1072 for tests, anyway :)
 
User avatar
amt
Long time Member
Long time Member
Posts: 529
Joined: Fri Jan 16, 2015 2:05 pm

Re: v6.44beta [testing] is released!

Sat Dec 01, 2018 9:04 am

if it is worked without problem, I will install too :)
 
Lakis
Forum Veteran
Forum Veteran
Posts: 703
Joined: Wed Sep 23, 2009 7:52 pm

Re: v6.44beta [testing] is released!

Sat Dec 01, 2018 11:20 am

Dude multithreading support when?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Sat Dec 01, 2018 11:24 am

if it is worked without problem, I will install too :)
Only on test CCR, which you can Netinetall any time!
 
User avatar
amt
Long time Member
Long time Member
Posts: 529
Joined: Fri Jan 16, 2015 2:05 pm

Re: v6.44beta [testing] is released!

Sat Dec 01, 2018 12:56 pm

if it is worked without problem, I will install too :)
Only on test CCR, which you can Netinetall any time!
exatly, both 1072 are at very critic area, so I will wait :)
 
User avatar
amt
Long time Member
Long time Member
Posts: 529
Joined: Fri Jan 16, 2015 2:05 pm

Re: v6.44beta [testing] is released!

Sat Dec 01, 2018 1:01 pm

Dude multithreading support when?
and bgp multithreading support when?
 
msatter
Forum Guru
Forum Guru
Posts: 2941
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.44beta [testing] is released!

Sat Dec 01, 2018 1:14 pm

...and bgp multithreading support when?
First the hell has to freeze over. ;-)

viewtopic.php?f=1&t=141920#p699481
 
raffav
Member
Member
Posts: 345
Joined: Wed Oct 24, 2012 4:40 am

Re: v6.44beta [testing] is released!

Sat Dec 01, 2018 2:25 pm

...and bgp multithreading support when?
First the hell has to freeze over. ;-)

viewtopic.php?f=1&t=141920#p699481
I have the feeling that maybe this will be last beta if not the last is going to a close ending..
Maybe we have some v7 beta to play with on this Christmas [emoji848][emoji4]

Sent from my XT1580 using Tapatalk

 
server8
Long time Member
Long time Member
Posts: 592
Joined: Fri Apr 22, 2011 1:27 pm

Re: v6.44beta [testing] is released!

Sun Dec 02, 2018 9:03 pm

I am too old I don't believe in Santa Claus :-)
Maybe we have some v7 beta to play with on this Christmas [emoji848][emoji4]
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Sun Dec 02, 2018 9:55 pm

Me too. I bet Europe MUM :)
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2182
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: v6.44beta [testing] is released!

Mon Dec 03, 2018 4:14 am

Me too. I bet Europe MUM :)
I gave up betting on RouterOS v7 release dates many years ago after incurring significant losses :D

I do still hope it will be released at next years European MUM !
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1768
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.44beta [testing] is released!

Mon Dec 03, 2018 12:15 pm

tested beta version on CCR1072 ?
All deployments that are scheduled for deployment are stress-tested here on the table, it just happens to be bonding setup with pair of CCR1072, at that particular moment.
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 203
Joined: Wed Aug 09, 2017 1:15 pm

Re: v6.44beta [testing] is released!

Tue Dec 04, 2018 10:40 pm

I still see SAs are not removed when they expire. Why isn't it possible to remove single SAs?
 
heaven
just joined
Posts: 13
Joined: Mon Aug 15, 2016 12:14 pm

Re: v6.44beta [testing] is released!

Wed Dec 05, 2018 6:23 am

You could check the ARP table of the client to see if it has any strange entries (other IP addresses than the router, with the router's MAC address).
If so you need to debug the client.
I would not know a legitimate reason why proxy-arp would work and normal arp would not, when the client is correctly configured.
(correct subnet on the LAN interface and a default route via the router's IP address)
The same situation. In DHCP Server/Lease many ip addresses with router MAC address and other.
 
nkourtzis
Member Candidate
Member Candidate
Posts: 225
Joined: Tue Dec 11, 2012 12:56 am
Location: Greece

Re: v6.44beta [testing] is released!

Wed Dec 05, 2018 11:28 am

and bgp multithreading support when?

Normis has already answered this one: not in the foreseeable future. It appears that BGP is very hard to make multithreaded, due to transaction integrity issues. No vendor has done it, as far as I know. But he has also promised that v7 will bring significant improvements in BGP performance, even though it will still be single-threaded.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7186
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.44beta [testing] is released!

Wed Dec 05, 2018 4:49 pm

will still be single-threaded
kind of but not exactly
 
User avatar
ivn
just joined
Posts: 16
Joined: Sun Mar 11, 2018 3:37 pm

Re: v6.44beta [testing] is released!

Wed Dec 05, 2018 7:25 pm

Hi! Can you please tell us when approximately will 6.44 be released? Several weeks or a mounth or maybe more?
Just waiting for "*) ike2 - added option to specify certificate chain;" sooo much :) Do not want to use beta in production.
Thanks!
 
raffav
Member
Member
Posts: 345
Joined: Wed Oct 24, 2012 4:40 am

Re: v6.44beta [testing] is released!

Wed Dec 05, 2018 7:49 pm

will still be single-threaded
kind of but not exactly
Enigmatic affirmation
:mrgreen:
 
User avatar
Paternot
Forum Guru
Forum Guru
Posts: 1056
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v6.44beta [testing] is released!

Wed Dec 05, 2018 9:44 pm

will still be single-threaded
kind of but not exactly
Enigmatic affirmation
:mrgreen:
Normis beeing Normis. :lol: :lol:

If I remember correctly, the BGP process will be broken in multiple threads. The system route update itself will be single threaded - but we will have multiple threads doing another tasks. Won't be perfect - but will be far better than what we have today.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.44beta [testing] is released!

Thu Dec 06, 2018 11:26 pm

msatter - Usually there is no such thing as temporary "crash". If problem was related to network situation (just, for example, fully saturated link) or not enough resources (for example, full RAM), then it would be understandable. But if there is an actual service crashing, then this problem should not just disappear.
Extrems - Please provide supout file to support@mikrotik.com.
amt - Test is running just fine on any system that is powered by RouterOS.
Lakis, amt - Not in v6.44 :)
osc86 - Can you please provide supout file to support@mikrotik.com? We will look into this problem since this is not a common problem and SAs are usually removed.
heaven - Do you mean that there are leases that has DHCP servers MAC address? Can you provide an example?
ivn - At the moment this is a question that we can not answer. We will release this (and any other stable/long-term version) when there will be no critical, known crashes and new features will be finalized. Starting from v6.44 beta and rc versions can be released in testing channel so you will see rc when we will be finalizing things.
 
keefe007
Member Candidate
Member Candidate
Posts: 125
Joined: Sun Jun 25, 2006 3:01 am

Re: v6.44beta [testing] is released!

Tue Dec 11, 2018 10:21 pm

Do any of the CRS328 fixes have anything to do with the SFP+ link up down issue?
 
llag
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Sat Aug 04, 2018 12:12 am

Re: v6.44beta [testing] is released!

Wed Dec 12, 2018 12:12 am

Do any of the CRS328 fixes have anything to do with the SFP+ link up down issue?
I had some SFP+ link flapping up to a few times a day before the upgrade to 6.43.7. Since the upgrade I have seen one link flap only. The CRS328 is connected using DAC (FS.com) to my CRS317. I upgraded both switches last Friday.

So the upgrade seems to have improved the stability, but not completely eliminated link flapping.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.44beta [testing] is released!

Fri Dec 14, 2018 11:52 pm

[admin@MikroTik] > :global firmware [ / interface lte firmware-upgrade lte once as-value ];
[admin@Mikrotik] > :put ($firmware->"installed")                                            
MikroTik_CP_2.160.000_v010
[admin@MikroTik] > :put ($firmware->"latest")         
MikroTik_CP_2.160.000_v010

[admin@MikroTik] > :if (($firmware->"installed") != ($firmware->"latest")) do={ :put "Versions differ!"; }
Versions differ!
[admin@MikroTik] >
Can we please get rid of the extra line break in latest version?
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Tue Dec 18, 2018 12:31 pm

Version 6.44beta50 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.44beta50 (2018-Dec-17 13:01):

Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.

MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
----------------------

Changes in this release:

!) ipsec - added new "identity" menu with common peer distinguishers;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
*) bgp - properly update keepalive time after peer restart;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed IPv6 link-local address generation when auto-mac=yes;
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) cloud - added "ddns-update-interval" parameter;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - properly remove system note after configuration reset;
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) lte - added "ecno" field for "info" command;
*) lte - disallow setting LTE interface as passthrough target;
*) lte - fixed passthrough functionality when interface is removed;
*) lte - improved SimCom 7100e support;
*) lte - increased reported "rsrq" precision;
*) lte - reset USB when non-default slot is used;
*) package - use bundled package by default if standalone packages are installed as well;
*) ppp - added "at-chat" command;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) ssh - fixed public key format compatibility with RFC4716;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) traceroute - improved stability when sending large ping amounts;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) user - require "write" permissions for LTE firmware update;
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - fixed missing w60g interface status values;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) wireless - improvements in wireless frequency selection;
*) wireless - improved system stability for all ARM devices with wireless;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.44beta [testing] is released!

Tue Dec 18, 2018 1:12 pm

Updated wAP LTE to version 6.44beta50 and lost the wireless package. :-/
The LTE connection was really weak, though - no idea if that caused the issue.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.44beta [testing] is released!

Tue Dec 18, 2018 1:40 pm

Updated wAP LTE to version 6.44beta50 and lost the wireless package. :-/
The LTE connection was really weak, though - no idea if that caused the issue.
After restoring my settings I can not set the country for my interface:
[admin@MikroTik] /interface wireless> set country=germany wlan1
failure: only regulatory-domain mode allowed for this country
What's the deal with this failure?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7186
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: v6.44beta [testing] is released!

Tue Dec 18, 2018 1:44 pm

set frequency-mode to regulatory-domain
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.44beta [testing] is released!

Tue Dec 18, 2018 2:01 pm

!) telnet - do not allow to set "tracefile" parameter;
What is this about?.. Why is this marked as important?
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.44beta [testing] is released!

Tue Dec 18, 2018 2:06 pm

set frequency-mode to regulatory-domain
That works, thanks! Can this be the cause for my trouble with wireless package?
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1768
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.44beta [testing] is released!

Tue Dec 18, 2018 2:19 pm

set frequency-mode to regulatory-domain
That works, thanks! Can this be the cause for my trouble with wireless package?
*) package - use bundled package by default if standalone packages are installed as well;
what set of packages did you have? and what did you use to upgrade?
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.44beta [testing] is released!

Tue Dec 18, 2018 2:23 pm

set frequency-mode to regulatory-domain
That works, thanks! Can this be the cause for my trouble with wireless package?
*) package - use bundled package by default if standalone packages are installed as well;
what set of packages did you have? and what did you use to upgrade?
Ah, right, that could cause the culprit. But I have standalone packages, no bundle.

Upgraded from 6.44beta40 with:
/ system package upgrade install
 
marianob85
just joined
Posts: 20
Joined: Wed Feb 08, 2017 9:47 pm

Re: v6.44beta [testing] is released!

Tue Dec 18, 2018 7:25 pm

Version 6.44b50
RouterBOARD wAP R-2nD

Problem: LTE interface does not work
Logs says: LTE1 SMS storage set failed.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.44beta [testing] is released!

Tue Dec 18, 2018 10:02 pm

If you have set EU country under wireless configuration, but you did not use regulatory-domain, then configuration will be changed to fit these requirements. Otherwise you violate the law. So if you are legal, then everything will work just fine after an upgrade ;)

What do you mean with lost package? Did you actually lose wireless package under System/Packages menu or wireless interface did not work properly?
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.44beta [testing] is released!

Tue Dec 18, 2018 10:31 pm

What do you mean with lost package? Did you actually lose wireless package under System/Packages menu or wireless interface did not work properly?
The wireless package did no longer show under System/Package, had to copy the npk file manually to recover. Tried to reproduce with a mAP lite that has very similar configuration, but its update succeeds (and regulatory-domain was updated correctly).
 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: v6.44beta [testing] is released!

Tue Dec 18, 2018 10:40 pm

Version 6.44beta50 has been released.
*) wireless - improved system stability for all ARM devices with wireless;
I wouldn´t call the RB4011 unstable, but I simply cannot connect to it with Intel AC-8260 on 5.0Ghz. There´s no problem wuth cAP AC, though. Both are running the same config pushed by CAPSMAN controller. May I ask what kind of wireless instability is fixed with ARM based devices?
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.44beta [testing] is released!

Tue Dec 18, 2018 10:51 pm

If you have set EU country under wireless configuration, but you did not use regulatory-domain, then configuration will be changed to fit these requirements. Otherwise you violate the law. So if you are legal, then everything will work just fine after an upgrade ;)
It is not good. Have you been thinking about the fact that not everyone reads changelogs before upgrade?
If a simple upgrade changes the configuration and the user is not informed about it, that's not good.
Example: I set the frequency 5640 - in log say - radar detected on 5640. The AP is automatically tuned to the 5240 frequency.
This frequency is not legal in our country. And this problem is due to simple upgrade RouterOS :( :(
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 6:26 am

honzam - It simply is not possible to do anything from our side if network administrator can not read changelog before an upgrade. This is 100% responsibility of network admin. We do not change configuration usually on upgrade, however, since this change is required due to a law, we have made an exception. Can you please send supout file from your router to support@mikrotik.com? Generate file while your router is using illegal frequency while you have selected country and regulatory domain settings on your routers wireless configuration.
anuser - Please provide supout file from your router to support@mikrotik.com. We will try to reproduce this problem in our lab.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 6:57 am

I tried to upgrade to the latest 6.44 beta (6.44beta50) but it was not successful - I end up with 100% CPU usage continuously caused by ipsec process. In winbox I cannot go into IP->IPSEC and view settings, or /ip ipsec export. If I try to export ipsec I get no output.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 7:27 am

mducharme, please generate a supout.rif file when the issue is present and send it to support@mikrotik.com
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 8:21 am

mducharme, please generate a supout.rif file when the issue is present and send it to support@mikrotik.com
emils - Unfortunately, not possible. When it is happening, I ask my router to generate supout and it sits there not responding. I tried stopping and restarting and I get "Couldn't start - busy (12)". I'll keep trying though.
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 8:22 am

Most likely a supout.rif file is already generating in the backgound. Is there an autosupout.rif file in the Files menu?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 9:18 am

Honzam
This frequency is not legal in our country. And this problem is due to simple upgrade RouterOS :(:(
We use official sources for frequencies allowed in each country. Are you sure you are correct on this one? We use information from Qualcomm chip and European Union.
 
tetecko
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Sun Jun 11, 2006 7:44 pm

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 11:00 am

Why this is forced? According to EU law ... it is not a obligatory for equipment provider, it is obligatory for company who runs it. So please let us chose, what we want to set up on your hardware/software and do not put this restrictions. Can you please explain why you put this restrictions on?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 11:04 am

That is not correct. If you have questions about EU laws and regulations, I can suggest to email our certification or legal department.
You are still free to select a country that does not have such laws, but I don't recommend it, it might get you into trouble.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 11:06 am

!) telnet - do not allow to set "tracefile" parameter;
What is this about?.. Why is this marked as important?
There was some obscure proof of concept that allowed to do strange things, but it only affected you if you gave a user account to the attacker.
 
mistry7
Forum Guru
Forum Guru
Posts: 1480
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 11:13 am

Honzam
This frequency is not legal in our country. And this problem is due to simple upgrade RouterOS :(:(
We use official sources for frequencies allowed in each country. Are you sure you are correct on this one? We use information from Qualcomm chip and European Union.
Then we need Option to set Indoor or Outdoor use!
5180-5320 in Germany is only allowed for Indoor use!
 
tetecko
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Sun Jun 11, 2006 7:44 pm

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 11:23 am

Which ETSI you are comply with? Because as I know there is a band between 5470MHz to 5725Mhz, this leting me select this variety of frequencies, but if YOU apply on your restrictions, I cannot use 5480MHz, why?
 
mistry7
Forum Guru
Forum Guru
Posts: 1480
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 12:32 pm

Which ETSI you are comply with? Because as I know there is a band between 5470MHz to 5725Mhz, this leting me select this variety of frequencies, but if YOU apply on your restrictions, I cannot use 5480MHz, why?
+1
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 12:47 pm

cannot use 5480MHz, why?

This would be channel 96. You can ask the same for channel 32 (5160MHz). At least with 20MHz bandwidth and OFDM it should be allowed to use. But this two channels are not selectable with any equipment I know. And the only webpage I found which lists them as allowed for Europe is here:
https://en.wikipedia.org/wiki/List_of_WLAN_channels

There is something about energy leaking into frequencies lower than 5150 resp. 5470MHz, I guess.
Last edited by muetzekoeln on Wed Dec 19, 2018 3:42 pm, edited 1 time in total.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 12:56 pm

Then we need Option to set Indoor or Outdoor use!
5180-5320 in Germany is only allowed for Indoor use!
.
I set the frequency 5640 - in log say - radar detected on 5640. The AP is automatically tuned to the 5240 frequency.
This frequency is not legal in our country (Czech)
You must manually used allowed frequency, but you are right, next beta will have "auto" frequency follow the country "indoor/outdoor" rules, you will have a new setting for that.
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 1:47 pm

Most likely a supout.rif file is already generating in the backgound. Is there an autosupout.rif file in the Files menu?
No, there are no files at all in the files menu. I had rebooted and tried again. It is still trying to generate the supout 5 hours later.

If I go to the command line and type "/ip ipsec export" it also hangs forever.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 2:10 pm

Honzam
This frequency is not legal in our country. And this problem is due to simple upgrade RouterOS :(:(
We use official sources for frequencies allowed in each country. Are you sure you are correct on this one? We use information from Qualcomm chip and European Union.
Does not respect outdoor / indoor settings for EU countries.
In Czech Republic is outdoor 5500-5700. Indoor is 5180-5320.
After upgrade (6.44beta50) is AP running (with auto enabled DFS) on channel 5280 which is indoor !!! But selected channel is 5620. Thanks
 
mistry7
Forum Guru
Forum Guru
Posts: 1480
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 2:32 pm

Honzam
This frequency is not legal in our country. And this problem is due to simple upgrade RouterOS :(:(
We use official sources for frequencies allowed in each country. Are you sure you are correct on this one? We use information from Qualcomm chip and European Union.
Does not respect outdoor / indoor settings for EU countries.
In Czech Republic is outdoor 5500-5700. Indoor is 5180-5320.
After upgrade (6.44beta50) is AP running (with auto enabled DFS) on channel 5280 which is indoor !!! But selected channel is 5620. Thanks
Did you try Scanlist 5470-5720 ???
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 8:47 pm

Did you try Scanlist 5470-5720 ???
I know the scan list will solve it. But would you think that this line:

*) wireless - fixed compliance with EU regulatory domain rules;

means you need to create a scan list before upgrading RouterOS to 6.44? I find it unclear and it cause a number of problems....
The fact that the EU forces Mikrotik to comply with the law is clear to me
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 9:08 pm

What do you mean by that? With scan list you will only reduce number of frequencies. After an upgrade your list will use all frequencies that are available in your country. From previous version point of view, nothing has been changed related to scan list or indoor/outdoor solutions. Indoor/outdoor selection should be introduced in upcoming beta versions.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 9:53 pm

For outdoor I normally select the country "etsi 5.5-5.7 outdoor" that has those frequencies in the scanlist.
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 203
Joined: Wed Aug 09, 2017 1:15 pm

Re: v6.44beta [testing] is released!

Wed Dec 19, 2018 10:47 pm

Most likely a supout.rif file is already generating in the backgound. Is there an autosupout.rif file in the Files menu?
No, there are no files at all in the files menu. I had rebooted and tried again. It is still trying to generate the supout 5 hours later.

If I go to the command line and type "/ip ipsec export" it also hangs forever.
I experienced the same on my ccr, only chance was to downgrade to latest stable firmware.
Some settings were missing or changed after the downgrade, but I got it all working again.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v6.44beta [testing] is released!

Thu Dec 20, 2018 7:33 am

means you need to create a scan list before upgrading RouterOS to 6.44? I find it unclear and it cause a number of problems....
The fact that the EU forces Mikrotik to comply with the law is clear to me
First of all, this is a BETA release which should not be used anywhere near production.
Yes, the new change will enable radar-detect which could move your frequency to something you did not use before.
As a temporary workaround, you can use other country (ETSI, like suggested above) or use custom scan list.
We have made a new setting for one of the next BETA releases, that will honour the "indoor/outdoor" parameter in the country-info list, and will not move you to an indoor-only frequency, so you will not have to make any custom scan lists.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.44beta [testing] is released!

Thu Dec 20, 2018 10:54 am

Are you also working on the DFS function and possibly more logging of what is going on when DFS decides to change the frequency?
We would like to use DFS but now we can't because of the false detections... and no information about what is detected.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.44beta [testing] is released!

Thu Dec 20, 2018 1:52 pm

What do you mean by that? With scan list you will only reduce number of frequencies. After an upgrade your list will use all frequencies that are available in your country. From previous version point of view, nothing has been changed related to scan list or indoor/outdoor solutions. Indoor/outdoor selection should be introduced in upcoming beta versions.
The main point is that there is going to be a move from the outdoors to the indoors. Outdoor frequencies 5500-5700 are tuned anywhere from 5180 to 5700. So quietly indoors which is not legally correct. Is it written clearly?
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.44beta [testing] is released!

Thu Dec 20, 2018 1:57 pm


First of all, this is a BETA release which should not be used anywhere near production.
Yes, I known. I tested it on non production part of network.
We have made a new setting for one of the next BETA releases, that will honour the "indoor/outdoor" parameter in the country-info list, and will not move you to an indoor-only frequency, so you will not have to make any custom scan lists.
Yes, that's exactly what I was suggesting. Divide it into indoor / outdoor

Anyway, I have to say that I would be more pleased if you solve ARM problems that you NOT comment in another topic.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v6.44beta [testing] is released!

Thu Dec 20, 2018 2:03 pm

Not entirely correct. Our devices are certified to use those TX powers in Indoor frequencies too.
You are in the clear anyway
 
tetecko
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Sun Jun 11, 2006 7:44 pm

Re: v6.44beta [testing] is released!

Thu Dec 20, 2018 9:40 pm

Honzam
This frequency is not legal in our country. And this problem is due to simple upgrade RouterOS :(:(
We use official sources for frequencies allowed in each country. Are you sure you are correct on this one? We use information from Qualcomm chip and European Union.
Does not respect outdoor / indoor settings for EU countries.
In Czech Republic is outdoor 5500-5700. Indoor is 5180-5320.
After upgrade (6.44beta50) is AP running (with auto enabled DFS) on channel 5280 which is indoor !!! But selected channel is 5620. Thanks
THIS IS NOT CORRECT! try to read this link and you will have a CLEAR knowledge which is allowed in Czech Republic and which is not ... https://www.ctu.cz/cs/download/oop/rok_ ... 010-12.pdf
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.44beta [testing] is released!

Thu Dec 20, 2018 10:45 pm

THIS IS NOT CORRECT! try to read this link and you will have a CLEAR knowledge which is allowed in Czech Republic and which is not .
I know this document. What exactly is wrong?
 
tetecko
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Sun Jun 11, 2006 7:44 pm

Re: v6.44beta [testing] is released!

Thu Dec 20, 2018 11:59 pm

I know this document. What exactly is wrong?
outdoor is exactly 5470MHz-5725MHz not 5500MHz-5700MHz mentioned by you in older posts .. indoor exactly 5150MHz-5350MHz not 5180MHz-5320MHz mentioned by you.
 
User avatar
honzam
Forum Guru
Forum Guru
Posts: 2397
Joined: Wed Feb 27, 2008 10:27 pm
Location: Czech Republic

Re: v6.44beta [testing] is released!

Fri Dec 21, 2018 12:48 am

I know this document. What exactly is wrong?
outdoor is exactly 5470MHz-5725MHz not 5500MHz-5700MHz mentioned by you in older posts .. indoor exactly 5150MHz-5350MHz not 5180MHz-5320MHz mentioned by you.
Yes it is 5470-5725Mhz , but it is commonly referred to as I wrote. (fully channels)
 
tetecko
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Sun Jun 11, 2006 7:44 pm

Re: v6.44beta [testing] is released!

Fri Dec 21, 2018 8:14 am

Yes it is 5470-5725Mhz , but it is commonly referred to as I wrote. (fully channels)
If Mikrotik wants to restrict use of superchannels, they have to follow ETSI/CZ rules at least. They don't. They push us to not using "czech_republic" settings, if we wants to be comply with our laws rules.
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Re: v6.44beta [testing] is released!

Fri Dec 21, 2018 10:34 am

They push us to not using "czech_republic" settings, if we wants to be comply with our laws rules.

That's not true. Please read this thread carefully. The next Beta release will have indoor/outdoor option, so I guess the next stable release for your production environment will have it too.
Unfortunately the change to regulatory conformance was badly communicated by Mikrotik in the release notes.

What will be more of a concern is the future of Omnitik 5 devices in Europe. The regulators are about to shut them down soon. Let's hope Mikrotik really can prevent this from happening.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v6.44beta [testing] is released!

Fri Dec 21, 2018 10:47 am

You guys are mixing up edge frequencies and center frequencies. Both ranges are correct.
MikroTik has many devices that are certified both for indoor and outdoor ranges, they can be used in those frequencies.
To avoid the possbility that DFS throws you into indoor/outdoor range, we have made another new setting in all next releases, where you can specify indoor or outdoor, or default = any.

None of these changes will break anything if you are already trying to follow country regulations, your links will remain the same.
If you have specific license to use other settings than defined by your country, you still have those options within other modes.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12979
Joined: Thu Mar 03, 2016 10:23 pm

Re: v6.44beta [testing] is released!

Fri Dec 21, 2018 1:18 pm

... and second, according to CZ rules I can set 5480MHz ...
Which channel width do you use when trying to set centre frequency to 5480MHz?

Who is online

Users browsing this forum: smirgo, vortex and 4 guests