v6.46beta [testing] is released!

emils · Thu Jul 04, 2019 3:45 pm

Version 6.46beta6 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.46beta6 (2019-Jul-04 11:53):

Changes in this release:

*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

eworm · Thu Jul 04, 2019 5:06 pm

My IPSec issues persist. (Though there are no more crashes.) Sent a reply with support output file to Ticket#2019070222004609.

petrb · Thu Jul 04, 2019 5:32 pm

DHCPv6 PD from radius works again. Thanks.

oooscar · Thu Jul 04, 2019 9:40 pm

Hi

What was the issue here?

hotspot - fixed non-local NAT redirection to port TCP/64873

Thanks

server8 · Fri Jul 05, 2019 3:00 pm

CEPT has opened from 57 to 71 GHz, in the next ros release we can hope to have more channel or che radio chipset is ilimited up to 66?
Thank you

alexspils · Fri Jul 05, 2019 5:58 pm

any chance to continue developing dude ?

doneware · Sat Jul 06, 2019 12:19 am

CEPT has opened from 57 to 71 GHz

sadly CEPT =/= local regulator

kiler129 · Sat Jul 06, 2019 8:35 am

...and the 5Ghz wireless is still broken on RB4011

TimurA · Sat Jul 06, 2019 8:41 am

...and the 5Ghz wireless is still broken on RB4011

anuser · Sat Jul 06, 2019 9:30 am

Wishes for 6.46:
- WinBox => CAPsMAN: Reboot button for CAPs
- Will the new wireless driver package already be available?

5nik · Sat Jul 06, 2019 10:49 pm

Wishes for 6.46:
- WinBox => CAPsMAN: Reboot button for CAPs

Yes, I agree. It is annoying in CAPsMAN network to manual restart every AP. APs are updated automatically from CAPsMAN, and all APs have firmware autoupdate=yes, but still required additional manual restart for firmware update.

ivicask · Sun Jul 07, 2019 10:03 pm

Wishes for 6.46:
- WinBox => CAPsMAN: Reboot button for CAPs
Yes, I agree. It is annoying in CAPsMAN network to manual restart every AP. APs are updated automatically from CAPsMAN, and all APs have firmware autoupdate=yes, but still required additional manual restart for firmware update.

+1 for that

doneware · Mon Jul 08, 2019 3:14 pm

not strictly a [testing] topic, but the routerboot changelog looks kinda deserted:

https://wiki.mikrotik.com/wiki/RouterBOOT_changelog

now since 6.3-something the routerboot numbering is according to routerOS releases, its version keep on increasing, and we (or I) don't know what has been changed, etc.
since the routerboot upgrade process requires an additional reload, i'd like to know whether it is worth doing it, or we can safely wait until the unit is restarted by something/somebody else.

Jotne · Mon Jul 08, 2019 7:01 pm

I do agree that its not clear at all when to upgrade the routerboot. It should be listed at every new software if some are changed or not.
And the old paged should be updated or removed.

Other example:
https://wiki.mikrotik.com/wiki/Manual:Lua
It this page valid or not???

Chupaka · Mon Jul 08, 2019 7:05 pm

https://wiki.mikrotik.com/wiki/Manual:Lua
It this page valid or not???

It is:

RouterOS v4 RC1 removes Lua support indefinetly

Jotne · Mon Jul 08, 2019 8:30 pm

Then there are no need to keep the site

null31 · Mon Jul 08, 2019 11:56 pm

not strictly a [testing] topic, but the routerboot changelog looks kinda deserted:
https://wiki.mikrotik.com/wiki/RouterBOOT_changelog

They leaved clear that wiki's page will not be updated...
But would be great to know the changes for every RBoot version, even if they are bump version.

filzek · Tue Jul 09, 2019 7:01 am

Hi Folks,

Has been a long time since I have post here, but I need a help now!

Does mikrotik already support Openvpn with tls? This is because we need to use NORDVPN here in brazil and its a hard time doing it, so, please could you guys solve this problem to enable us to start to sell thousand of devices here by using nordvpn to override some internet problems????

Please advise @edmunds and others.

Polard55 · Tue Jul 09, 2019 9:20 am

"ipsec - improved stability for peer initialization (introduced in v6.45);" Thanks for this Fix

dash · Tue Jul 09, 2019 12:49 pm

System -> AutoUpgrade not working since 6.45.x and later.

I have set up a 'upgrade package source' in our local network. Routers trying to access this source but always end up with 'system, error, critical login failure for user xyz'.
There is no issue with 6.44 and earlier

Anyone else can repro this issue?

Chupaka · Tue Jul 09, 2019 1:00 pm

What's the version of the source?

emils · Tue Jul 09, 2019 1:11 pm

dash, it will be fixed in the next beta, however you will need to have the same version on server and client (either both pre-6.45 or both post-6.45).

filzek, you can connect to NordVPN servers using IKEv2.

msatter · Tue Jul 09, 2019 1:50 pm

Hi Folks,

Has been a long time since I have post here, but I need a help now!

Does mikrotik already support Openvpn with tls? This is because we need to use NORDVPN here in brazil and its a hard time doing it, so, please could you guys solve this problem to enable us to start to sell thousand of devices here by using nordvpn to override some internet problems????

Please advise @edmunds and others.

https://wiki.mikrotik.com/wiki/IKEv2_EA ... d_RouterOS

dash · Wed Jul 10, 2019 3:59 pm

What's the version of the source?

Source is 6.45.1, client that tries to update is 6.44.3.
Acording to Emils comment this seems to be a known issue and will be resolved in one of the next beta versions.
thx

emils · Thu Jul 11, 2019 1:15 pm

Version 6.46beta9 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.46beta9 (2019-Jul-11 09:04):

Changes in this release:

*) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) ipsec - added "connection-mark" parameter for mode-config initiator;
*) ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
*) ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec - show warning for policies with "unknown" peer;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) ppp - disable DTR send when using at-chat;
*) ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
*) ssh - fixed executed command output printing (introduced in v6.45);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
*) winbox - properly show timestamp in file "Creation Time" field;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

skylark · Thu Jul 11, 2019 1:22 pm

!) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);

To get a new authentication working, you have to do the following steps:
1) Downgrade server to one of the previous versions below v6.45;
2) Configure user password once more to get the old authentication method working;
3) Update server to the v6.46beta9;
4) Then update all the hosts to the v6.46beta9;

"auto-upgrade" feature now is working with new style authentication.

eworm · Thu Jul 11, 2019 2:17 pm

*) ipsec - added "connection-mark" parameter for mode-config initiator;

Great, thanks a lot for this! Much appreciated.

Is any of the other ipsec changes suppose to fix my issue from Ticket#2019070222004609?

msatter · Thu Jul 11, 2019 3:07 pm

*) ipsec - added "connection-mark" parameter for mode-config initiator (CLI only);

Thanks and I am going to test is later. I was looking where is was hidden in Winbox and could just not find it. It is for now CLI only.

ip - ipsec - mode-config

mducharme · Thu Jul 11, 2019 10:07 pm

3) Update server to the v6.45beta9;
4) Then update all the hosts to the v6.45beta9;

Don't you mean v6.46beta9?

skylark · Fri Jul 12, 2019 7:54 am

3) Update server to the v6.45beta9;
4) Then update all the hosts to the v6.45beta9;
Don't you mean v6.46beta9?

Yes, I did the necessary corrections.

msatter · Fri Jul 12, 2019 9:53 am

Update: problem tackled with help of mkx. In the previous Beta EAP for ikev2 was made available and I needed to split all over two routers. It needed changes in Hairpin, which broke the catching traffic better be served locally.

I have an problem I can't explain with dstnat to an local address on UDP. I catch DNS requests going out to external DNS servers and I am redirecting those to a local DNS server. I have the suspicion that since late in 6.45beta something changed that does not replace local answering with the caught external address IP on the way back from the router to the client.
When I use torch then the traffic is returned from the internal DNS server to the router.

!DNSservers contains the local DNS server IP.

chain=dstnat action=dst-nat to-addresses=192.168.0.4 protocol=udp src-address-list=!DNSservers dst-port=53,123 log=no log-prefix="DNS out catch"

When I run a dig

#>dig mikrotik.com @8.8.8.8
;; reply from unexpected source: 192.168.0.4#53, expected 8.8.8.8#53
;; reply from unexpected source: 192.168.0.4#53, expected 8.8.8.8#53
;; reply from unexpected source: 192.168.0.4#53, expected 8.8.8.8#53

; <<>> DiG 9.10.8 <<>> mikrotik.com @ 8.8.8.8
;; global options: +cmd
;; connection timed out; no servers could be reached

Update: Torching the Bridge I see the traffic directly being returned from the internal DNS to the client and so skipping the router.

MANY THANKS! To mkx for helping me solving this.

mkx · Fri Jul 12, 2019 11:15 am

Do you have proper hair-pin NAT implemented? The single dstnat rule you've shown only does things half-way:

UDP packet with dst-address=8.8.8.8 arrives at router (src-address=192.168.0.x)
router uses dstnat rule to replace dst-address to dst-address=192.168.0.4 ... src-address remains set to 192.168.0.x
router delivers DNS query to the internal DNS server.
DNS server prepares reply for sender, which is 192.168.0.x
DNS server sends reply directly as the client is on the same IP subnet (dst-address=192.168.0.x src-address=192.168.0.4)
as the reply bypasses router with it's NAT engine, client receives answer with src-address=192.168.0.4 (while expecting answer from 8.8.8.8 because that's where it sent the query)

For things to properly unroll for the reply, router would have to perform additional step between steps 2 and 3 ... changing src-address to its own.

All of my explanation above is void if you have matching src-nat rule in power

/ip firewall nat
add action=src-nat chain=srcnat src-address-list=!DNSservers dst-address=192.168.0.4 to-address=192.168.0.1 
# assuming that router's address in 192.168.0.0/24 subnet is this

dreamind · Fri Jul 12, 2019 11:45 am

- WinBox => CAPsMAN: Reboot button for CAPs

You can currently at least use the upgrade function to trigger a reboot of the CAPs, even when there is no new RouterOS:

/caps-man remote-cap
upgrade [find]

lrossouw · Sun Jul 14, 2019 10:59 pm

*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;

Seems to have fixed the display of OSPF LSAs as well as printing them via terminal.

Xand · Sun Jul 14, 2019 11:16 pm

*) usb - general USB modem stability improvements;

I am tethering internet from Android 9 phone to ac^2 via USB.
After upgrade USB kept disconnecting within 5-20 mins. I had to re-connect the cable to be able to turn on USB tethering on the phone.
Rollback to 6.45.1 resolved the issue.

dogeaterperson · Mon Jul 15, 2019 6:16 pm

Hex upgraded to 6.46beta9. When USB modem plugged in, device continuously reboots itself. Removing USB modem resolves this issue.

eworm · Tue Jul 16, 2019 12:53 pm

*) ipsec - added "connection-mark" parameter for mode-config initiator;
Great, thanks a lot for this! Much appreciated.

This works perfectly fine! Would like to see it in a stable release as soon as possible... But I guess I have to wait for 6.46 final?

emils · Tue Jul 16, 2019 1:04 pm

Thanks for the feedback. We will try to add it in the 6.45.2 as well. It will also be possible to specify both the src-address-list and connection-mark parameters to form a single NAT rule. If anyone is wondering, currently an example is published here.

dash · Thu Jul 18, 2019 9:41 am

dash, it will be fixed in the next beta, however you will need to have the same version on server and client (either both pre-6.45 or both post-6.45).

confirming the fix in 6.46beta9. Thx for taking care

chubbs596 · Thu Jul 18, 2019 1:38 pm

Hi Guys

I have now seen an issued with DHCP server, when using a relay and adding arp
/ip dhcp-server
add add-arp=yes address-pool=vlan_10 dhcp-option-set=phones disabled=no interface=10_br name=vlan10_voice relay=255.255.255.255 src-address=172.168.17.1

The wrong arp mac-address is added for the lease, it adds the mac of the relay that sends the dhcp request.

Thu Jul 18, 2019 1:46 pm

And why it is wrong? Nexthop is the relay so MAC should be fro the relay. By the way adding ARP in relay setups is useless, since clients are not in the same broadcast domain.

DummyPLUG · Thu Jul 18, 2019 10:09 pm

not strictly a [testing] topic, but the routerboot changelog looks kinda deserted:
https://wiki.mikrotik.com/wiki/RouterBOOT_changelog

They leaved clear that wiki's page will not be updated...
But would be great to know the changes for every RBoot version, even if they are bump version.

And I still don't understand why Rboot bump to the same version as firmware everytime, why not separate them

msatter · Thu Jul 18, 2019 10:51 pm

Thanks for the feedback. We will try to add it in the 6.45.2 as well. It will also be possible to specify both the src-address-list and connection-mark parameters to form a single NAT rule. If anyone is wondering, currently an example is published here.

New question about IKEv2 and re-keying. Using PureVPN each DNS resolved server has an TTL time of 120 seconds. So every 120 seconds the connection get a new ike2 SA despite the other timeouts are much longer.

So bypassing this, I could use an IP fixed address instead of a domain name or use my own DNS server to change the short TTL of the resolved domain a longer one.

It would be nice if the TTL of the resolved domain could be ignored in the settings of IKEv2.

mkx · Thu Jul 18, 2019 10:57 pm

It would be nice if the TTL of the resolved domain could be ignored in the settings of IKEv2.

TTL in DNS system is there with a reason. Every sane DNS admin will have loong TTLs when changes are not expected. So when TTL is short, it shouldn't be overriden, could be that IP address will really change in next TTL time frame ....

msatter · Fri Jul 19, 2019 12:31 pm

I get every 120 seconds a new IP and rebuild of the IKEv2 connection. This is interupting traffic and makes browsing a waiting game for pages..if it even arrive.

I understand that they are using TTL this way to spread users over the servers. However it spoils it for me and I have now fixed the IP address and rekeying can now take place after the set time.

mkx · Fri Jul 19, 2019 1:21 pm

I understand that they are using TTL this way to spread users over the servers.

Using short TTL for load-sharing is abuse of DNS TTL. This kind of load sharing should be done by adding multiple A records to same FQDM and let DNS round-robin mechanism to spread the load.

I understand that it's out of your control and I'd be frustrated as well. I'm just not sure if ignoring DNS TTL is the way to go (even if it would be non-default setting, there will be users getting bitten by this).

emils · Wed Jul 24, 2019 10:46 am

Version 6.46beta16 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.46beta16 (2019-Jul-23 06:44):

Changes in this release:

*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved U-APSD (WMM Power Save) support for 802.11e;
*) wireless - updated "ukraine" regulatory domain information;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

nescafe2002 · Wed Jul 24, 2019 11:25 am

These changes have been tested in stable channel, right?

Edit: installed on RB4011, (regular) SFP is detected and working.

TimurA · Wed Jul 24, 2019 4:51 pm

These changes have been tested in stable channel, right?

Edit: installed on RB4011, (regular) SFP is detected and working.

yes, sfp is working. wlan1 not fix, disabling itself.

anuser · Wed Jul 24, 2019 10:26 pm

Version 6.46beta16 has been released.
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved U-APSD (WMM Power Save) support for 802.11e;

I have CAPSMAN forwarding based wireless lan setup. So, it would be great if we could get those into long term release, aswell.
Talking about the "improved 802.11ac stability": I´m asking myself in what kind of situations we actually had stability problems, before? Could you please clarify?

berlo0 · Thu Jul 25, 2019 10:36 am

Hi, in the router LtAP mini LTE kit, can we change the default dhcp relay tcp port ?
We want to use it for a UDP helper.

Thanks in advance

Chupaka · Thu Jul 25, 2019 11:28 am

DHCP?.. TCP?..

mhugo · Thu Jul 25, 2019 1:44 pm

317s quite broken with no multicast (romon or ospf). Testing 46rc16 and then downgrade to 44.5 required hands on reboot probably to flash down firmware. Links came up but no ARP.

jvparis · Fri Jul 26, 2019 5:18 pm

I have updated my hAP AC² and SXTsq 5 ac to v6.46beta16 and am not able to change/view all wireless HT-settings of the 5ghz-radio-interfaces via winbox anymore. Changing them via CLI works fine.

Bildschirmfoto von 2019-07-26 16-13-59.png

msatter · Tue Jul 30, 2019 4:05 pm

Using now NordVPN for a while on the beta and I get after 24 hours problem with the reconnects. I installed 46.6beta16 which stated a more conclusive error log but it has not changed.

I get ipsec,error EAP failed and sometimes even ipsec,error INVALID_SYNTAX

EAP failed can be due to using all the six accounts mad available by NordVPN so to test that I go back to using 5 account at the same time.

It would be nice to know which accounts used failed and the current error "EAP failed" does not tell that.

UPDATE:

I think I have solved it. I used the Name field to store the domain and IP address so I could easily switch between them. I had an space between the two items and that seems to be causing the Invalid_Syntax and not being able to connect after an day.

I have only tested this for one day and more days would be proof it this was indeed the problem.

anuser · Thu Aug 08, 2019 7:51 am

Version 6.46beta16 has been released.
*) wireless - improved 802.11ac stability for all ARM devices with wireless;

So I updated my cAP ac devices. Is it only me, but has maximum download throughput went down while upload went up?

emils · Fri Aug 09, 2019 2:54 pm

Version 6.46beta28 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.46beta28 (2019-Aug-08 07:26):

Changes in this release:

*) certificate - improved CRL updating process;
*) defconf - require "policy" permission to print default configuration;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed basic rate reporting in snooper;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

genesispro · Fri Aug 09, 2019 6:09 pm

winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu"; ????
That could be something very promising ... but is it?
Any information about it?

Sob · Fri Aug 09, 2019 6:29 pm

genesispro: It's probably not what you expect, see here.

lelmus · Sat Aug 10, 2019 9:54 pm

Whats up with wifi Signal Strength Range rules? Something changed and it looks wrong. See pic. BTW, anyone else having trouble with Nest Thermostats not getting internet access since rc16?

Capture.PNG

lelmus · Tue Aug 13, 2019 4:22 am

Nevermind the nest thermostat issue, that was a bad mangle that made nest not work. Issue is now resolved with nest thermostat.

emils · Thu Aug 22, 2019 1:22 pm

Version 6.46beta34 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.46beta34 (2019-Aug-22 06:24):

Changes in this release:

*) dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) ike2 - properly start all initiators to the same remote address;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
*) ipsec - fixed minor spelling mistakes in logs;
*) log - increased log message length limit to 1024 characters;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) ssh - fixed carriage return presence in subsequent sessions;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Jotne · Thu Aug 22, 2019 2:04 pm

*) log - increased log message length limit to 1024 characters;

Working fine
Reported 02.08.2019
Fixed 22.08.2019
That was quick, thanks.

Cha0s · Thu Aug 22, 2019 3:09 pm

*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);

I guess asking for more info on that is pointless until you provide an update for stable/long-term channels, right?

Thu Aug 22, 2019 3:31 pm

It's just basic sanitise function for preventing invalid paths in those fields, as you can probably guess. But, this is not very interesting, as you already need an admin account to enter any path in any config field.

CoUL · Thu Aug 22, 2019 3:53 pm

And what about monitoring for SNMP v3 in The Dude?

msatter · Fri Aug 23, 2019 10:00 am

This morning the old dynamically generated NAT lines for IKEv2 are not removed from NAT on reconnect and so I have multiple dynamic NAT lines in NAT for each connection. I installed Beta 34 yesterday and I have two routers doing IKEv2 and the one who is using Source Address as filter did not remove the old dynamic NAT lines.

The To Addresses are the same,so no harm but it does not look neatly. The log shows EAP failed after the nightly restart.

Udapte: on manual stopping the IKEv2 connections only the top NAT lines were deleted and the bottom dynamic lines were still there. It seems to avoid this is, not stopping to remove a the first hit but keep going on to the end of the NAT lines.

I am going to restart the router because some IKEv2 connections are not coming up again and I have made screen dumps of the log and NAT if needed.

emils · Fri Aug 23, 2019 10:11 am

Is there an autosupout.rif file on the router by any chance?

msatter · Fri Aug 23, 2019 10:13 am

Is there an autosupout.rif file on the router by any chance?

Will send it to support and I already pushed the button to generate one.
.
.
And it is send to support.

Update: after the restart all IKEv2 connections came back/ The ones I was missing where the ones from Pure.

Update 2: It appeared that only restarted half of the IKEv2 each night. To avoid timing conflicts by restarting the connections I have set the lifetime to 1d and 5 minutes in proposal. The restart had also time span of one day so that synced up automatically. Now the restart will be 5 minutes before the lifetime timing out.

Dude2048 · Fri Aug 23, 2019 11:17 am

And what about monitoring for SNMP v3 in The Dude?

Same problem for me.

Elans · Fri Aug 23, 2019 12:31 pm

And what about monitoring for SNMP v3 in The Dude?
Same problem for me.

@Dude2048 @CoUL

Have you updated The Dude server device with latest RouterOS beta version???

CoUL · Fri Aug 23, 2019 1:05 pm

And what about monitoring for SNMP v3 in The Dude?
Same problem for me.
@Dude2048 @CoUL

Have you updated The Dude server device with latest RouterOS beta version???

Thank you, monitoring has earned. But there was a problem with fonts ... https://1drv.ms/u/s!AvwDu6THTDTWg64G2xp ... Q?e=gvf3dR
Not the font used before. And information on RouterOS is not read

arnis128 · Fri Aug 23, 2019 7:29 pm

Version 6.46beta28 has been released.
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);

After upgrade from 6.45.3 -> 6.46beta28 SIMCOM SIM7600E lte modem stops working. Device recognized w/o problems, but can not connect to mobile network anymore. After rolling back, works fine again. Tested 2 times, so result is repeatable.

Bolle · Fri Aug 23, 2019 9:59 pm

Hi !

I am quite new to MT stuff and ROS.

But I am sure, there is something wrong in the 6.46beta34 dude package for arm.
Everyhing was OK, including beta28, with beta34 Dude isn´t showing SVG-files and fonts are real big.

The /dude/files directory shown in WinBox (3.19) is empty...
Tested on a RB4011 (with WLAN).

I went back to 6.45.3 and everything looks good again.

gtx Bolle

Elans · Mon Aug 26, 2019 8:25 am

@CoUL @Bolle

Thank you for the update. This issue has been reproduced, currently you may try to use custom uploaded files for The Dude background.

emils · Thu Aug 29, 2019 2:20 pm

Version 6.46beta38 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.46beta38 (2019-Aug-29 07:29):

Changes in this release:

*) btest - removed duplicate "duration" parameter;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - fixed "egress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) qsfp - clear SFP monitoring data on port enable;
*) qsfp - correctly display SFP monitoring data;
*) qsfp - fixed EEPROM checksum validation;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) supout - removed "file" option from "/system sup-output" command;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed RX chain selection;
*) wireless - include last frequency when manually setting frequency step in "scan-list";

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

eworm · Thu Aug 29, 2019 10:08 pm

*) console - added bitwise operator support for "ip6" data type;

Thanks a lot for this! Have been waiting a long time...

*) wireless - include last frequency when manually setting frequency step in "scan-list";

Is this supposed to fix Ticket#2019080822004463? I guess no. (It does not.)

anuser · Thu Aug 29, 2019 10:50 pm

*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);

It looks like we´re seeing MU-MIMO soon? More chains...

bnw · Fri Sep 06, 2019 11:51 pm

viewtopic.php?f=2&t=116856#p741203

I opened #2019032822004818 a few months ago, many SNMP hardware OIDs are missing for the CCR1072, compared to what Winbox shows :
- Board temperature
- Board temparature 2
- Fan speed 3
- Fan speed 4
- PSU1 status (should be OID .15 (*))
- PSU2 status (should be OID .16 (*))
(*) as seen on other models such as the CRS317-1G-16S+.

We are then clearly at risk with our CCR1072-1G-8S+, not being able to monitor all their hardware components, which is a rather tricky situation for core devices.

Still no news regarding this Mikrotik dev team ?

Many thx !

5nik · Fri Sep 13, 2019 3:27 pm

*) dot1x - added "reject-vlan-id" server parameter (CLI only);

Do you have more info? Is it function like quarantine (guest) VLAN -> VLAN for rejected / non compliant clients or just ignore PVID from radius response?

Mon Sep 16, 2019 9:10 am

Version 6.46beta38 has been released.
......
*) console - fixed IP conversation to "num" data type;
....

Shouldn't it be "conversion"?

Ivoshiee · Tue Sep 17, 2019 3:22 am

With that beta series somehow I see only "wlan60-station: link-up" messages in the log, but no "link-down" ones. It is only a half of good to know information about the link state. Hope it is relatively easy fix to make.

blingblouw · Tue Sep 17, 2019 9:57 am

With that beta series somehow I see only "wlan60-station: link-up" messages in the log, but no "link-down" ones. It is only a half of good to know information about the link state. Hope it is relatively easy fix to make.

confirmed on my side

msatter · Tue Sep 17, 2019 11:58 am

I get with IKEv2 connections to a VPN provider sometimes huge lists of EAP failed in the log but I can't see which account is causing this EAP failed: errors. A bit more of information in the error message would be welcome.

EAP-failed.JPG

The log is one of many and in that time period of 10 minutes I had about 75 of these error messages.

emils · Thu Sep 19, 2019 2:48 pm

Version 6.46beta44 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.46beta44 (2019-Sep-19 05:54):

Changes in this release:

*) capsman - fixed channel auto reselection;
*) chr - added support for Azure guest agent;
*) console - fixed "tobool" conversion;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - improved modem initialization;
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) snmp - use "src-address" also for traps;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Gennadiy51 · Thu Sep 19, 2019 9:45 pm

Everyone is testing RouterOS v7.0beta1 (ARM)!!!

eworm · Thu Sep 19, 2019 10:00 pm

Everyone is testing RouterOS v7.0beta1 (ARM)!!!

Nah, this is a perfect and issue-free release!

But to be honest... I think we should get v7 into official testing channel as soon as possible. Will that happen after 6.46 final release?

msatter · Thu Sep 19, 2019 10:12 pm

Everyone is testing RouterOS v7.0beta1 (ARM)!!!

Also, not everyone has an ARM device.

Lekas · Mon Sep 23, 2019 12:36 pm

Version 6.46beta44 has been released.
*) lte - added support for Telit LM960 and LE910C1 modems;

Do you have some manual to configure Telit LM960?
My hardware: LtAP LTE kit, Telit LM960.
In mPCIe slots modem dont available, but in USB slot i see its. LTE interface does not appear.
I try ppp client, but it's still wont connect.

111.png

222.png

nostromog · Fri Sep 27, 2019 10:17 am

I'm seeing a problem with DNS resolution of ipsec peer in this beta:

I have an ipsec peer that happens to have a correct ipv4 address, but an ipv6 address that does not work.
On boot, the ipv6 address is picked up, but the ipsec remains in message-1-sent state forever. I need to do

/ip ipsec peer disable PeerName
/ip ipsec peer enable PeerName

And then it gets connected.

The problem I see is that the ipsec machine is not timing out or trying to re-resolve the address when it is not connecting.

krafg · Sat Sep 28, 2019 10:00 am

Some news about the compatibility between R11e-LTE-US and LtAP LTE kit?

Regards.

emils · Mon Sep 30, 2019 10:10 am

I'm seeing a problem with DNS resolution of ipsec peer in this beta:

I have an ipsec peer that happens to have a correct ipv4 address, but an ipv6 address that does not work.
On boot, the ipv6 address is picked up, but the ipsec remains in message-1-sent state forever. I need to do
Code: Select all
/ip ipsec peer disable PeerName
/ip ipsec peer enable PeerName
And then it gets connected.

The problem I see is that the ipsec machine is not timing out or trying to re-resolve the address when it is not connecting.

Well, then fix the IPv6 address. It will not try a different address until the previous one times out (after DNS TTL). It has always been like this, however we have fixed IPv6 address resolving in the beta.

nostromog · Mon Sep 30, 2019 12:59 pm

Well, then fix the IPv6 address. It will not try a different address until the previous one times out (after DNS TTL). It has always been like this, however we have fixed IPv6 address resolving in the beta.

I wonder what do you call "times out (after DNS TTL)". Do you mean the use of DNS names is not suitable for any kind of redundancy? I was expecting that RouterOS would either resolve for every retry or at least try a succession of all the resolved addresses.

Reading what you wrote I understand that the first IP address will be used until the name expires, but this is not what I see. My dynamic DNS record has a TTL of 240 seconds, but I have waited more than half an hour (never had it waiting longer before disabling/enabling the peer but I can try if you want more evidence) and in /ip ipsec active-peers it remains in state "message-1-sent" forever. My guess is that once a name is resolved it is never timed our and rechecked, no matter if it changes, at least for IPv6...

$ dig ANY +nocmd +noall +answer +ttlid type my.dynamic.domain
my.dynamic.domain.	161	IN	A		NN.NN.NN.NN
my.dynamic.domain.	161	IN	AAAA	nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn

(The TTL shown varies between 239 and a few seconds)

nostromog · Mon Sep 30, 2019 9:00 pm

To be precise, what I observe is a never ending sequence of

19:15:39 ipsec,info initiate new phase 1 (Identity Protection): 2001:470:NNNN:NNNN::1[500]<=>2001:470:NNNN:NNNN:NNNN:NNNN:NNNN:NNNN[500] 
19:16:39 ipsec,error phase1 negotiation failed due to time up 2001:470:NNNN:NNNN::1[500]<=>2001:470:NNNN:NNNN:NNNN:NNNN:NNNN:NNNN[500] aee846a570c68409:0000000000000000

So apparently the machinery does not cycle between the different addresses (one A and one AAAA in this case, the A works well). Funny enough, once I disable/enable the peer it works straight away. Not sure why it locks in the AAAA after reboot.

msatter · Tue Oct 01, 2019 11:31 am

I have some times a EAP failed in the log without any information which IKEv2 connection failed:

EAPfailed.jpg

I changed the log settings to add more information all the time, this one were two connection taking in sequence almost 40 minutes to connect:

EAPfailed1.jpg

It would be nice if the EAP failed would also state which connection has the problem.

raystream · Wed Oct 02, 2019 11:00 am

after installing the latest beta to a RBM33G the RB is stuck in a reboot loop.
only netinstalling with the latest stable brought it back to life.

Wed Oct 02, 2019 12:10 pm

after installing the latest beta to a RBM33G the RB is stuck in a reboot loop.

Such reports are kinda useless, unless you also specify what RouterOS version you were using before the upgrade.

raystream · Wed Oct 02, 2019 12:53 pm

I installed the latest stable 6.4.56. And the RBM33G was running fine.
Then i installed the latest Beta 6.46beta44.
After the install has finished the RBM33G is stuck in a reboot loop.

deepgeorge · Tue Oct 08, 2019 6:41 pm

When do you plan to release v6.46 in stable? Waiting hardly for "capsman - fixed channel auto reselection"
Thanks,
George

eworm · Tue Oct 08, 2019 8:30 pm

Wondering myself... This topic became really quiet lately.

aboiles · Wed Oct 09, 2019 7:31 am

RoMon does not work on .46b44. reverting to 46b38 it passes the connection.
Only tested on hEX (mmips)

msatter · Wed Oct 09, 2019 1:02 pm

Wondering myself... This topic became really quiet lately.

It is on the slow burner since RouterOS 7 beta so not much test.

Ivoshiee · Wed Oct 09, 2019 11:24 pm

I may have the setup totally wrong, but ipsec tunneling seems to be bonkers with the v6.46beta44. The basic ipsec tunnel seems to accept only one policy - only that one which you tinkered with the latest. For instance if there are multiple policies then moving one around will "activate" only that one and all the rest fall silent. By definition there should be no difference of the policy ordering as these are not overlapped etc.

One side of the ipsec tunnel testing is RB2011L and the other is Peplink Balance 380.

Edit: I went down to v6.44.5 and results are the same - only latest policy I touch will be working, all the rest are ineffective.
Edit2: According to https://blog.bravi.org/?p=1209 the issue is with policy level which needs to be set "unique" to fix that behaviour.

maks750i · Tue Oct 15, 2019 1:38 pm

Its anybody test LDF 5 AC ARM with this beta?

I have two on my desk works fine but i dont know will be good to put at antena tower.
Last time with version 6.45.6 one LDF stuck in loop reboot.
LDF base on mipsbe works great for my link on satelite antenas 90M TCP

but LDF AC dont work fine,

when is reset no factory defaults when enable/disable wlan, LDF ac start to reboot.

emils · Tue Oct 15, 2019 2:42 pm

Version 6.46beta55 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.46beta55 (2019-Oct-15 06:08):

MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
----------------------

Changes in this release:

!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error;
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) led - fixed default LED configuration for RBLHG5nD;
*) lte - added support for LM960A18;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fix "operator" names not being displayed properly;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) sniffer - allow filtering by packet size;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) system - improved system stability for devices with AR9342;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) upgrade - improved auto package updating using "check-for-updates";
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) wireless - updated "united-states" regulatory domain information;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

CapFloor · Tue Oct 15, 2019 6:04 pm

Hi,
ipsec connections (in my case ike V2) are not initiated after reboot. This behaviour is independent from the hardware architecture. Need to disable/enable the peer to connect.

BR

Milecus · Thu Oct 17, 2019 10:13 am

Hello,
unfortunately, the LTE interface for Telit LM960 (f/w: v32.00.0x1) doesn't work (doesn't appear).
Tested on RBM11 (MMIPS architecture) f/w: 6.46beta44, 6.46beta55; (ignore-directip-modem=no).
Via PPP interface - works (ignore-directip-modem=yes, data-channel=4 or 5, info-channel=6).

5nik · Fri Oct 18, 2019 9:56 am

*) dot1x - added "reject-vlan-id" server parameter (CLI only);
Do you have more info? Is it function like quarantine (guest) VLAN -> VLAN for rejected / non compliant clients or just ignore PVID from radius response?

So I tested. It is second option - VLAN for rejected clients.
Please add option also for non-dot1x clients. Something like no-dot1x-vlan-id=5 (set VLANID 5 for clients unsuported 802.1x) or just allow-incompatible-clients=yes (and set VLANID for clients unsuported 802.1x according to bridge vlan ports settings).

heberhardt · Mon Oct 21, 2019 12:51 pm

Version 6.46beta55 has been released.
[...]
What's new in 6.46beta55 (2019-Oct-15 06:08):
[...]
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+;
[...]

Can you comment on which PTP Features are added in this release or will be added in the future? Does this mean that all CRS3xx devices could get support for acting as PTP Boundary Clocks for example?

--
Edit:fix typo

berzerker · Tue Oct 22, 2019 4:46 am

*) wireless - updated "united-states" regulatory domain information;

Can you elaborate on this?

mducharme · Thu Oct 24, 2019 8:51 am

It is impossible to upgrade from 6.46beta55 to 7.0beta3 on SMIPS devices, not enough space.

After netinstall of 7.0 beta 3 there seems to be enough space for future 7.x upgrades, so the problem is that 6.46beta55 is too big.

2jarek · Fri Oct 25, 2019 12:22 pm

Signal Strength Range -1..120 It's joke ? Access Lists unusable now.

marekm · Fri Oct 25, 2019 12:56 pm

More about 1588 PTP support please - will other devices support it too? It could synchronize NV2 Tx/Rx time slots to help against co-location interference, without GPS hardware. Good old NTP is already supported, but may not have enough precision (microseconds) for this purpose.

emils · Fri Oct 25, 2019 2:40 pm

Version 6.46beta59 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.46beta59 (2019-Oct-25 07:44):

MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------

Changes in this release:

!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) backup - fixed automatic backup file generation when configuration reset by button;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) ccr - improved general system stability;
*) crs3xx - improved interface initialization;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcvp6-client - fixed timeout when doing rebind;
*) ethernet - do not enable interface after reboot that is already disabled;
*) export - fixed "bootp-support" parameter export;
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ipv6 - changed "advertise-dns" default value to "yes";
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) wireless - added "canada2" regulatory domain information;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

muetzekoeln · Fri Oct 25, 2019 3:43 pm

It could synchronize NV2 Tx/Rx time slots to help against co-location interference, without GPS hardware.

You need a central grand master clock in your network. These a typical GNSS (GPS, GLONASS, Galileo, ..) based.

mfr476 · Fri Oct 25, 2019 3:51 pm

mikrotik finally tries wireless improvement

berzerker · Fri Oct 25, 2019 4:26 pm

*) wireless - updated "united-states" regulatory domain information;
Can you elaborate on this?

bump at 'tik devs?

Edit: Well I answered my own question, still no 160MHz support for US models. Is this *ever* going to be implemented?

2jarek · Sat Oct 26, 2019 9:24 am

Signal strength range only -1..120, can't set -120..120 & access lists useless now.

aboiles · Sat Oct 26, 2019 9:49 am

RoMON is still not working since v6.46beta34. on RouterBOARD 750G r3 mmips.

2jarek · Sat Oct 26, 2019 12:57 pm

Version 6.46beta59 has been released.

*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Nstreme p2p & ARM IPQ4019 speed improve but sometimes latency spikes.

whatever · Sat Oct 26, 2019 8:07 pm

*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;

Holy sh*t, I really hope that 5Ghz WiFi is stable now and we get this fix backported to long-term asap.

anuser · Thu Oct 31, 2019 10:23 am

When will we see 6.46.0 release? I really want to See:
"*) ccr - improved general system stability" plus mentioned IPQ4019 fixes in a stable release.

Chupaka · Thu Oct 31, 2019 2:21 pm

When will we see 6.46.0 release?

When it's ready. As that particular change was introduced recently, don't expect quick release to 'stable' channel.

eworm · Thu Oct 31, 2019 2:28 pm

Probably the change was too late for 6.45.7... But if 6.46 will take some more time (I think so...) we could still hope for 6.45.8.

I am still waiting for the bitwise operator support for "ip6" data type. Let's hope that will be available soon.

UpRunTech · Fri Nov 01, 2019 11:35 pm

Version 6.46beta59 has been released.

*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);

I wonder if this is the start of something to provide synchronisation for NV2/3? based access points without needing GPS modules. You only need relative synchronisation not something synchronised to absolute time to make it work.

CoMMyz · Sat Nov 02, 2019 7:42 pm

Can you elaborate regarding *) ccr - improved general system stability ?
Thanks

nostromog · Mon Nov 04, 2019 12:29 pm

Hi, I saw a strange error in a hAP ac^2 with beta59:

[admin@Mikrotik] > /system routerboard print 
       routerboard: yes
        board-name: hAP ac^2
             model: RBD52G-5HacD2HnD
     serial-number: B4A00A072300
     firmware-type: ipq4000L
  factory-firmware: 6.42.3
  current-firmware: 6.46beta59
  upgrade-firmware: 6.46beta59
[admin@Mikrotik] > /ping 1.1.1.1
action timed out - try again, if error continues contact MikroTik support and send a supout file (13)
[admin@Mikrotik] > :ping 1.1.1.1
action timed out - try again, if error continues contact MikroTik support and send a supout file (13)
[admin@Mikrotik] > /ping [:resolve ipv6.google.com]
action timed out - try again, if error continues contact MikroTik support and send a supout file (13)
[admin@Mikrotik] > :tool traceroute 192.168.88.252
action timed out - try again, if error continues contact MikroTik support and send a supout file (13)

It was consistently reproducible, and both ping ipv6 addresses and traceroute failed the same, as can be seen.

After rebooting the behaviour returned to normal. The machine had slightly less than one week uptime.

nithinkumar2000 · Wed Nov 06, 2019 8:05 pm

Hi Mikrotik Team,

Please add the following features in upcomming release:

1. Walled garden or some filtering service to limit the invalid PPPOE request hits.--> To filter Unnecessary Hits or Request from unauthenticated PPPOE Clients.
2. IPv6 Accounting for radius. --> Most important and expected by almost all ISP's
3. Hotspot Service for Ipv6
4. NATv6 Service.
5. DHCPv6 IP server --> for giving IPv6 Address to direct clients or PPPOEv6 Service.

Looking forward to your valuable reply....

mducharme · Wed Nov 06, 2019 8:50 pm

Hi Mikrotik Team,

Please add the following features in upcomming release:

1. Walled garden or some filtering service to limit the invalid PPPOE request hits.--> To filter Unnecessary Hits or Request from unauthenticated PPPOE Clients.
2. IPv6 Accounting for radius. --> Most important and expected by almost all ISP's
3. Hotspot Service for Ipv6
4. NATv6 Service.
5. DHCPv6 IP server --> for giving IPv6 Address to direct clients or PPPOEv6 Service.

Looking forward to your valuable reply....

IMO, they are likely to only introduce things like that in v7, not in 6.x.

PUDIS · Thu Nov 07, 2019 9:45 am

Hello!
looks like there is BUG in RoMON - can`t connect ...

msatter · Thu Nov 07, 2019 11:39 am

Sveiki!

ir bugs - ar RoMON nevar vairs pieslēgties.

Please use the English language.

nithinkumar2000 · Fri Nov 08, 2019 5:31 am

Hi Mikrotik Team,

Please add the following features in upcomming release:

1. Walled garden or some filtering service to limit the invalid PPPOE request hits.--> To filter Unnecessary Hits or Request from unauthenticated PPPOE Clients.
2. IPv6 Accounting for radius. --> Most important and expected by almost all ISP's
3. Hotspot Service for Ipv6
4. NATv6 Service.
5. DHCPv6 IP server --> for giving IPv6 Address to direct clients or PPPOEv6 Service.

Looking forward to your valuable reply....
IMO, they are likely to only introduce things like that in v7, not in 6.x.

Hope Mikrotik ROS v7.x will be a biggest change with all lots of features...

emils · Mon Nov 25, 2019 3:27 pm

Version 6.46beta68 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.46beta68 (2019-Nov-21 09:13):

MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------

Changes in this release:

!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) backup - store automatically created backup file in "flash" directory;
*) capsman - improved radar detection algorithm;
*) certificate - added progress bar when creating certificate request (CLI only);
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) defconf - fixed default configuration generation on SXT R (introduced in v6.46beta28);
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) lte - added support for D402 modem;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) route - fixed area range summary route installation in VRF;
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) telnet - fixed successful connection establishment output in console (introduced in v6.46beta28);
*) timezone - updated time zone database to version 2019c;
*) ups - improved compatibility with APC UPS's;
*) winbox - fixed "CAPs Scanner" stopping;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Znevna · Mon Nov 25, 2019 4:29 pm

Signal Strength Range -1..120 It's joke ? Access Lists unusable now.

Bug still present: I've written here also: viewtopic.php?f=2&t=154126
Post could be moved or deleted, I didn't know it was beta related at the time. Done the tests today

2jarek · Mon Nov 25, 2019 4:38 pm

Signal Strength Range -1..120 It's joke ? Access Lists unusable now.
Bug still present: I've written here also: viewtopic.php?f=2&t=154126
Post could be moved or deleted, I didn't know it was beta related at the time. Done the tests today

Yep still no basic wireless function in this beta

emils · Mon Nov 25, 2019 4:46 pm

Signal Strength setting using Winbox will be fixed in the next beta version.

grusu · Tue Nov 26, 2019 8:07 am

Hi,

After upgrading to version 6.46beta68, no IPSEC connection works anymore.

emils · Tue Nov 26, 2019 9:45 am

grusu what router are you using?

TimurA · Tue Nov 26, 2019 9:48 am

grusu what router are you using?

RB4011 l2tp+ipsec not work

grusu · Tue Nov 26, 2019 10:24 am

grusu what router are you using?

RouterBOARD 1100Dx4 Dude Edition.
I have multiple l2tp/ipsec connections to my clients. After update from 6.46beta59 to 6.46beta68 no connection has ever worked.
And it seemed to me that certain sites were not loading properly. I don't know if it has anything to do with it.
I returned to the 6.45.7 version.

emils · Tue Nov 26, 2019 10:24 am

IPsec on RB1100x4/RB4011 will be fixed in the next release. Thank you for reporting.

grusu · Tue Nov 26, 2019 10:46 am

And problem with "Signal Strength Range"?

Capture.PNG

Tue Nov 26, 2019 10:54 am

Also a known issue and will be fixed soon

chubbs596 · Tue Nov 26, 2019 5:06 pm

Can you elaborate regarding *) ccr - improved general system stability ?
Thanks

Please can we have more info on this

Neovr · Tue Nov 26, 2019 9:01 pm

>>snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
oid ?

Wed Nov 27, 2019 8:42 am

OID for mtxrInterfaceStatsLinkDowns - 1.3.6.1.4.1.14988.1.1.14.1.1.90

bnw · Wed Nov 27, 2019 9:56 am

OID for mtxrInterfaceStatsLinkDowns - 1.3.6.1.4.1.14988.1.1.14.1.1.90

We already had this in IF-MIB, 1.3.6.1.2.1.2.2.1.8, right ?
At least I use this successfully.

Wed Nov 27, 2019 10:45 am

Not really, mtxrInterfaceStatsLinkDowns is a counter that shows how many consecutive link downs the interface has (status changes from running to not running). The ifOperStatus shows the current operational state of the interface.

bnw · Wed Nov 27, 2019 12:12 pm

Great, thank you @EdPa for this clarification, counter vs status.

bnw · Wed Nov 27, 2019 12:14 pm

Btw, while in SNMP, still missing this viewtopic.php?f=2&t=116856#p741203, fingers crossed

emils · Wed Nov 27, 2019 12:24 pm

New version 6.46rc1 has been released in testing RouterOS channel:

viewtopic.php?f=21&t=154286