Community discussions

MikroTik App
 
User avatar
emils
Forum Veteran
Forum Veteran
Topic Author
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

v6.47 [stable] is released!

Tue Jun 02, 2020 2:28 pm

RouterOS version 6.47 has been released in public "stable" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.47 (2020-Jun-02 07:38):

Important note!!!

- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.


MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy automatically on upgrade;
----------------------


Changes in this release:

*) api - added ECDHE cipher support for "api-ssl" service;
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - improved branding package installation process when another branding package is already installed;
*) bridge - added logging debug message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when a bridge port gets dynamically added to VLAN range;
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) chr - added support for hardware watchdog on ESXI;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) crs3xx - improved switch host table updating;
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - do not require "server" parameter for bindings;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved disk management service stability when receiving bogus packets;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dns - added support for forwarding DNS queries of static entries to specific server;
*) dns - added support for multiple type static entries;
*) dot1x - added "radius-mac-format" parameter;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved Dot1X service stability when receiving bogus packets;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients;
*) ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) graphing - improved graphing service stability when receiving bogus packets;
*) health - added "gauges" submenu with SNMP OID reporting;
*) health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) ike2 - added support for RFC8598;
*) ike2 - allow initiator address change before authentication;
*) ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
*) interface - improved system stability when receiving bogus packets;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - added "split-dns" parameter support for mode configuration;
*) ipsec - added "use-responder-dns" parameter support;
*) ipsec - allow specifying two peers for a single policy for failover;
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) ipsec - place dynamically created IPsec policies by L2TP client at the begining of the table;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) l2tp - added "src-address" parameter for L2TP client;
*) l2tp - added "use-peer-dns" parameter for L2TP client;
*) l2tp - improved dynamically created IPsec configuration updating;
*) l2tp - use L2TP interface when adding dynamic IPsec peer;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) lcd - improved general system stability when LCD is not present;
*) led - fixed minor typo in LED warning message;
*) log - added logging entry when changing user's password;
*) log - added tunnel endpoint address to establishment and disconnect logging entries;
*) log - made startup script failures log as critical errors;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" parameter persistence after disable/enable;
*) lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6;
*) lte - fixed VLAN interface passthrough support;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved stability during firmware upgrade;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) netwatch - improved Netwatch service stability when invalid configuration values are passed;
*) ovpn - added "use-peer-dns" parameter for OVPN client;
*) port - removed serial console port on hEX S;
*) ppp - added "Acct-Session-Id" attribute to "Access-Request" messages;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) pptp - added "use-peer-dns" parameter for PPTP client;
*) profile - added support for CCR2004-1G-12S+2XS;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routerboard - added "hold-time" parameter to mode-button menu;
*) routerboard - added "reset-button" menu - custom command execution with reset button;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) routing - improved routing service stability when receiving bogus packets;
*) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - improved SSH service stability when receiving bogus packets;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - added LTE firmware update functionality support;
*) tr069-client - added additional LTE information parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added interface type parameter support;
*) tr069-client - added multiple simultaneous session support for diagnostics test;
*) tr069-client - added total connection tracking entries parameter;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and NetFlow v9;
*) upgrade - fixed space handling in package file names;
*) ups - added battery info for APC SmartUPS 2200;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user - improved user management service stability when receiving bogus packets;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auth-info" parameter under "Dot1X->Active" menu;
*) winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table;
*) winbox - added "comment" parameter for Dot1X client;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - added "skip-dfs-channels" parameter to wireless interface menu;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added enable and disable buttons for "MPLS->MPLS Interface" table;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - fixed wireless sniffer parameter setting;
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed Nstreme wireless protocol performance decrease;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "egypt" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this particular RouterOS release.
 
santyx32
Member Candidate
Member Candidate
Posts: 215
Joined: Fri Oct 25, 2019 2:17 am

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 2:53 pm

Working fine in my AC2, maybe next beta is ROS7 based?
 
korsar182
just joined
Posts: 5
Joined: Tue Jul 29, 2014 12:30 am

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 3:18 pm

*) ipsec - allow specifying two peers for a single policy for failover;
Oh wow, that's a killer feature I've been waiting for years!
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2989
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 3:35 pm

The proper word coming to my mind is: IMPRESSIVE :) list of changes.
 
msatter
Forum Guru
Forum Guru
Posts: 2941
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 4:12 pm

*) ike2 - added support for RFC8598;

Split DNS Configuration for IKEv2.
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 203
Joined: Wed Aug 09, 2017 1:15 pm

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 5:09 pm

jun/02/2020 16:05:59 system,error,critical error while running customized default configuration script: no such item
jun/02/2020 16:05:59 system,error,critical
Got this on a HAPac², boot time was increased too (about 2 minutes)
EDIT:
IMO it's a bit confusing that wifi, vlan and tunnel interfaces share the same icon. They could've changed this with the new icon set.
Last edited by osc86 on Tue Jun 02, 2020 8:21 pm, edited 2 times in total.
 
wuffzack
just joined
Posts: 22
Joined: Sat Sep 01, 2018 7:40 pm

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 6:20 pm

System Health on CRS354-48G-4S+2Q+ now shows a higher CPU temperature than before with 6.46.x.
It shows 89 C (was 79 C before).
CPU load is minimal (around 1-5%).
Fan Speed the same as before.
Wrong / different temperature measurement?
 
mirolm
just joined
Posts: 11
Joined: Mon Apr 27, 2015 8:35 pm

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 6:25 pm

Upgraded 3 mikrotiks - 1 x Hex S, 2 x Hap AC^2

On one of the Hap AC^2 got the above message too:
16:59:08 system,info router rebooted 
16:59:14 system,error,critical error while running customized default configuration script: no such item 
16:59:14 system,error,critical 
16:59:19 bridge,info hardware offloading activated on bridge "bridge" ports: ether3-local,ether1-local,ether2-local,ether4-local,ether5-local 
 
dakotabcn
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Thu Apr 21, 2016 11:16 pm

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 6:37 pm

jun/02/2020 16:05:59 system,error,critical error while running customized default configuration script: no such item
jun/02/2020 16:05:59 system,error,critical
Got this on a HAPac², boot time was incereased too (about 2 minutes)
same error in RB4011 WIFI, if reboot the same message is logged
other problem: L2TP+IPSEC after update, no connect anyone, reboot and works fine, the site2site IKEV2 no is affected
 
freemannnn
Forum Veteran
Forum Veteran
Posts: 700
Joined: Sun Oct 13, 2013 7:29 pm

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 7:39 pm

*) hotspot - updated splash page design ('/ip hotspot reset-html' required);

i fancy the updated hotspot login page.
 
User avatar
ErfanDL
Member
Member
Posts: 366
Joined: Thu Sep 29, 2016 9:13 am

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 7:54 pm

after upgrade 2011Ui:
error while running customized default configuration script: no such item
and:
110.PNG
You do not have the required permissions to view the files attached to this post.
 
roe1974
Member Candidate
Member Candidate
Posts: 151
Joined: Mon Dec 31, 2018 2:14 pm

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 8:00 pm

Same was allready with 6.46.5 (script list)
Last edited by roe1974 on Tue Jun 02, 2020 11:00 pm, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 8:18 pm

An IPsec tunnel that was configured in 6.46.2 with both policy and peer "disabled" was incorrectly converted when upgrading to 6.47.
After the upgrade the policy listed "unknown" as the peer and in the /export it had peer=*FFFFFFFF in the policy entry.

To fix it I temporarily enabled the peer in Winbox 3.21, went to the policy and enabled it as well, doubleclicked on the entry with the
intent of changing the peer (policy became colored red). This caused Winbox to hangup.
Closing and re-opening Winbox made it hang again at the same place.

Connected via SSH and issued a set command to set the peer back to the correct value, now it looks again OK in Winbox. Disabled it again.

However, Winbox still hangs with doubleclick on any IPsec policy! in SSH, things look fine and the (enabled) policies work OK.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 8:19 pm

after upgrade 2011Ui:
error while running customized default configuration script: no such item
and:
110.PNG
It was reported in the 6.47rc topic and there was a reaction from MikroTik but apparently it was ignored before releasing it as stable.
 
templeos
just joined
Posts: 19
Joined: Mon Aug 26, 2019 3:58 pm

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 8:31 pm

And seems like the DoH log spam wasn't fixed that was reported during the betas. You need to tone them down a bit because this is ridiculous. I know that it stops after connection is reestablished but is it necessary to have the DoH server connection error: Network is unreachable entry for 2-7 times per second? Just look at it:

log_spam.png
You do not have the required permissions to view the files attached to this post.
 
Werlock
just joined
Posts: 2
Joined: Fri Sep 20, 2019 6:59 pm
Location: Russia

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 8:33 pm

error while running customized default configuration script: no such item

need to reset and load the config back
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 8:45 pm

need to reset and load the config back
Why? Was the config gone? In my case it wasn't! And this error is always logged, it seems.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 8:51 pm

If you experience a version related issue, then please provide a supout file from your router to support@mikrotik.com.

We added an error message in this RouterOS release that is printed out if configuration script provides an error. Most likely, there was a problem with the script all the time, simply now you get notified about it.
 
Werlock
just joined
Posts: 2
Joined: Fri Sep 20, 2019 6:59 pm
Location: Russia

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 8:53 pm

need to reset and load the config back
Why? Was the config gone? In my case it wasn't! And this error is always logged, it seems.
at least my hap ac helped
the config remained in place. I just saved it. then reset the router and downloaded back
 
obscurus
newbie
Posts: 29
Joined: Thu May 04, 2017 9:25 am

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 9:39 pm

Doh! but how i can config it? no wiki page
 
HZsolt
newbie
Posts: 31
Joined: Tue Apr 24, 2018 7:31 pm

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 9:42 pm

https://jcutrer.com/howto/networking/mi ... over-https --> DoH configuration on MikroTik router
 
mada3k
Forum Veteran
Forum Veteran
Posts: 744
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 9:45 pm

Impressive amount of fixes and features.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 9:54 pm

If you experience a version related issue, then please provide a supout file from your router to support@mikrotik.com.

We added an error message in this RouterOS release that is printed out if configuration script provides an error. Most likely, there was a problem with the script all the time, simply now you get notified about it.
In my RB2011 the messages were like this:
jun/02/2020 18:48:28 system,info,critical Firmware upgraded successfully, please reboot for changes to take effect!
jun/02/2020 18:48:36 system,error,critical,,, error while running customized default configuration script: no such item
jun/02/2020 18:48:36 system,error,critical,,,

Note that this router does not have and never had a "customized default configuration script".
Maybe this error message is normal and indicates the script does not exist?
However, on 2 other routers I updated this message does not appear.
Is it depending on the history of the router? (e.g. the first firmware version that was installed on it)
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3343
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 10:16 pm

My hope.
6.46 - > long term
6.47 - > stable
6.48.. no, no more 6 series
7.01 - > testing
Last edited by Jotne on Tue Jun 02, 2020 11:06 pm, edited 1 time in total.
 
User avatar
jvanhambelgium
Forum Guru
Forum Guru
Posts: 1117
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 10:42 pm

Upgrade on my RB3011 went smooth, coming straight from 6.46.4 or something.
 
amokkatmt
newbie
Posts: 33
Joined: Mon Oct 24, 2011 3:31 pm

Re: v6.47 [stable] is released!

Tue Jun 02, 2020 11:26 pm

SMB is not working for me, log says
"
... dialect: SMB 2.002
session setup GSS error: 0x90000
"
On 6.47beta53 it works fine.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 3124
Joined: Mon Apr 08, 2019 1:16 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 12:27 am

Winbox missing "antenna gain" setting for wireless. Lost the most practical way to reduce transmit power. It is/was in the WIKI, it is in many MUM presentations.
"Antenna gain" can be found in the CLI. But it is even not in the export, only "export verbose".

It was back in 6.46.6 ..... gone again .... :? :(
Klembord-2.jpg
You do not have the required permissions to view the files attached to this post.
 
usern
just joined
Posts: 7
Joined: Sat May 30, 2020 2:37 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 12:49 am

DoH server connection error: Network is unreachable entry for 2-7 times per second
I had same issue with quad 9 DoH, but when I started to use 1.1.1.2 DoH, then it has worked much better. So far no DoH related connection issues in the log.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 12:54 am

Winbox missing "antenna gain" setting for wireless. Lost the most practical way to reduce transmit power.
It is also the most practical way to increase transmit power beyond the legal limit while operating in the regulatory-domain mode.
That is probably why it is now gone.
 
mbovenka
Member
Member
Posts: 364
Joined: Mon Oct 14, 2019 10:14 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 1:08 am

It is also the most practical way to increase transmit power beyond the legal limit while operating in the regulatory-domain mode.
That is probably why it is now gone.

Why? It's easy to reject settings that would result in an illegal ERP.
 
diablothebest
newbie
Posts: 31
Joined: Fri May 20, 2016 11:07 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 1:09 am

Telegram can't connect to new SOCKS5 server.
No errors in log, I'm trying to connect to local IP of the router, no FW blocks.
I can see start session from mobile phone on Connections winbox screen.
But no luck....
You do not have the required permissions to view the files attached to this post.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 3124
Joined: Mon Apr 08, 2019 1:16 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 1:17 am

Winbox missing "antenna gain" setting for wireless. Lost the most practical way to reduce transmit power.
It is also the most practical way to increase transmit power beyond the legal limit while operating in the regulatory-domain mode.
That is probably why it is now gone.
With the newer releases setting something lower than the built in antenna gain is not possible.(Even not with the CLI)
If it is an external antenna either the GUI line will be back (I don't have such a device right now) , or the gain will be at "0" (how would the AP know the gain?) That is really beyond the legal limit.
Bizar twist in the head of the developers. (Like the way they handle "outdoor" frequencies in regulatory domain lists. Outdoor freq are not forbidden indoor, but MKT does.)

[admin@MktOmnitik] > interface wireless set antenna-gain=7
numbers: 0
failure: minimal antenna-gain for this country is 8

[admin@MktwAPac] > interface wireless set antenna-gain=1
numbers: 0
failure: minimal antenna-gain for this country is 2

[admin@hAPac2] > interface wireless set antenna-gain=1
numbers: 0
failure: minimal antenna-gain for this country is 3
 
w0lt
Long time Member
Long time Member
Posts: 537
Joined: Wed Apr 02, 2008 2:12 pm
Location: Minnesota USA

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 1:27 am

I have installed ROS 6.47 on all my routers with great success. It seems to be working just fine. However, one quirk has popped up in my "ChangeIP DDNSScript". It now displays the following error.:
Screen Shot 2020-06-02 at 5.24.57 PM.png
I have not changed a thing in the script and it has been working fine through ROS 6.47RC2.

Thoughts?

-tp
You do not have the required permissions to view the files attached to this post.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 3124
Joined: Mon Apr 08, 2019 1:16 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 1:29 am

Winbox missing "antenna gain" setting for wireless. Lost the most practical way to reduce transmit power.
It is also the most practical way to increase transmit power beyond the legal limit while operating in the regulatory-domain mode.
That is probably why it is now gone.
With the newer releases setting something lower than the built in antenna gain is not possible.(Even not with the CLI)
If it is an external antenna either the GUI line will be back (I don't have such a device right now) , or the gain will be at "0" (how would the AP know the gain?) That is really beyond the legal limit.
Bizar twist in the head of the developers. (Like the way they handle "outdoor" frequencies in regulatory domain lists. Outdoor freq are not forbidden indoor, but MKT does.)

[admin@MktOmnitik] > interface wireless set antenna-gain=7
numbers: 0
failure: minimal antenna-gain for this country is 8

[admin@MktwAPac] > interface wireless set antenna-gain=1
numbers: 0
failure: minimal antenna-gain for this country is 2

[admin@hAPac2] > interface wireless set antenna-gain=1
numbers: 0
failure: minimal antenna-gain for this country is 3
-----------------------------------------------------
Little experiment (test your knowledge)
-----------------------------------------------------
- set not to regulatory domain
- set low antenna gain (lower than built in)
- ask someone to set regulatory domain and country to the legal values
Klembord-2.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
jenechka
newbie
Posts: 28
Joined: Sat Oct 29, 2016 4:30 pm
Location: Russian Federation, Siberia

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 4:00 am

Снимок.JPG
:(
hap ac2
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21930
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 4:47 am

bridge - improved hardware offloading enabling/disabling;

I am curious about this one?
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 891
Joined: Fri Nov 10, 2017 8:19 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 5:07 am

It seems to me that DNS FWD does not work if there is DoH set up. I can imagine people who want to FWD their internal domain zones while securing all external/public requests.
(If you want to test it, remember to flush cache before every request)

Even with this little hiccup, I think it is a great upgrade for DNS system in RouterOS. Developers, please accept my huge gratitude for this. Thanks!
(No, seriously, +1000 internetz for you and +2 internetz for Normis just because he is a nice guy)
 
Institor
just joined
Posts: 22
Joined: Sat Apr 29, 2017 3:28 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 5:11 am

system,error,critical error while running customized default configuration script: no such item
Same error here on HAP ac lite.
Antenna-Gain is lost in winbox, very bizarre decision, while superchannel setting still exists.
Bring back antenna-gain! :-)
 
shmichael
just joined
Posts: 1
Joined: Wed Jun 03, 2020 5:21 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 6:08 am

I have installed ROS 6.47 on all my routers with great success. It seems to be working just fine. However, one quirk has popped up in my "ChangeIP DDNSScript". It now displays the following error.:

Screen Shot 2020-06-02 at 5.24.57 PM.png

I have not changed a thing in the script and it has been working fine through ROS 6.47RC2.

Thoughts?

-tp
When I try to update the address on changeip.com, I also get this error. The address is not updated.
 
nexusds
newbie
Posts: 30
Joined: Fri Aug 16, 2019 6:51 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 7:23 am

Upgraded a number of switches and routers without issue except (so far) a RB3011UiAS. this one used interface lists for bridges and rules pointing to lists.

the bridges seemed to act fine and dhcp client setup to WAN bridge. IP was obtained but NAT rule pointing to 'WAN' interface list did not work (even tried using blanket all packets/source IP, etc). had to break out interface from bridge and setup dhcp client to singular interface and adjust NAT rule to singular interface. i have a supout file from when it was not working.
 
User avatar
Paco
just joined
Posts: 16
Joined: Mon Dec 22, 2014 10:50 pm
Location: Sofia, Bulgaria

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 7:29 am

system,error,critical error while running customized default configuration script: no such item
system,error,critical
Same here, after update to 6.47 my RB4011iGS+5HacQ2HnD-IN and cAP Ac..
Antena gain was gone..
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3343
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 7:57 am

system,error,critical error while running customized default configuration script: no such item
system,error,critical
Same here, after update to 6.47 my RB4011iGS+5HacQ2HnD-IN and cAP Ac..
Antena gain was gone..
See this post
viewtopic.php?p=797466#p797466
MT
We added an error message in this RouterOS release that is printed out if configuration script provides an error. Most likely, there was a problem with the script all the time, simply now you get notified about it.
It may be that you all have a script that gives error, but RouterOS has not displayed it before. Try to disable all script and see if message goes away.
 
Institor
just joined
Posts: 22
Joined: Sat Apr 29, 2017 3:28 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 8:42 am

It may be that you all have a script that gives error, but RouterOS has not displayed it before. Try to disable all script and see if message goes away.
It's strange.
/system default-configuration print
shows no default config script whatsoever. It's gone.
So it seems that default configuration has been erased by this update. I wonder, what happens now if i try to reset to default config....
 
fs0c13ty
just joined
Posts: 18
Joined: Fri Jun 09, 2017 8:33 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 9:00 am

Hi.
after this release, I've got a massive write sector on my devices.
i also have this problem with previous versions with different boards.
what did you(Mikrotik company) do on this release to increase flash write cycle? Is it a thing like Apple put a while(true) to increase battery usage just for selling their new products and make the previous devices useless?
if it is a result of some operation i want it to stop.
does dns caches store on disk?

i also stop dhcp store on disk.
disable all graph and set the store time to 24h
no log on disk.
no proxy.
no ip accounting.
Capture.PNG
Annotation 2020-06-03 093000.png
Annotation 2020-06-03 092808.png
You do not have the required permissions to view the files attached to this post.
Last edited by fs0c13ty on Thu Jun 04, 2020 9:14 pm, edited 1 time in total.
 
nexusds
newbie
Posts: 30
Joined: Fri Aug 16, 2019 6:51 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 9:28 am

CRS326-24S+2Q+
- seems fine overall, but couple of ports connect to IScsi ports @ 10G to MSA 2040. keep flapping at random times using MW-S-+DA003 (use this for all connections except Q+ for this switch and never had an issue before). will try hard-coding to 10G and see how that goes (luckily not used at the moment but normally would be be a very bad issue).. no other ports flapping.
 
Grant
newbie
Posts: 37
Joined: Sat Oct 26, 2013 10:55 am
Location: Ukraine, Dnipro

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 9:31 am

after this release, I've got a massive write sector on my devices.
I confirm quantity of sector writes is constantly fast increasing
 
ementat
just joined
Posts: 7
Joined: Fri May 21, 2010 10:09 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 9:55 am

https://jcutrer.com/howto/networking/mi ... over-https --> DoH configuration on MikroTik router
It is possible to use DoH only with "Verify DoH Certioficate" unchecked, or unchecked "Use CRL". Mikrotik is logging "DoH server connection error: SSL: handshake failed: unable to get certificate CRL (6)". I am using Cloudflare DoH, so installed DigiCertGlobalRootCA, but Mikrotik is telling me that CRL for this cert is invalid.
 
dvm
just joined
Posts: 22
Joined: Thu Feb 01, 2018 9:54 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 9:59 am

I've got a massive write sector on my devices.
I can confirm this too (hAP ac lite, hAP ac^2).
ROS 6.45.9 - uptime: 32m58s, write-sect-since-reboot: 167
ROS 6.46.6 - uptime: 33m4s, write-sect-since-reboot: 228
ROS 6.47 - uptime: 31m28s, write-sect-since-reboot: 2416
The configuration has not been changed. No actions were performed after reboots, except /system resource print.
Possibly the cause is *) disk - improved recently created file survival after reboots;?
 
User avatar
krafg
Forum Guru
Forum Guru
Posts: 1042
Joined: Sun Jun 28, 2015 7:36 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 10:08 am

Updated 2x BaseBox2, 1x BaseBox5, 1x PowerBox Pro and 1x LtAP LTE kit without issues.

On LtAP CPU usage downs from 11 - 12% to 0 - 1% that are normal values. Fixed wireless. OK!

Antenna gain only available on my BaseBoxes (in my case). OK! (to me).

Regards.
 
fs0c13ty
just joined
Posts: 18
Joined: Fri Jun 09, 2017 8:33 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 10:12 am

if this is temporal thing after upgrade to 6.47, I am ok with this but if any config changes consumes hundreds of write sector i serious insist to make this feature as a option in next release.
i want to loose my configuration on unexpected power cut than repairing my RouterBoard.
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1076
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 10:26 am

!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
Does this mean we will see the end of filtering via DNS anytime soon?
 
User avatar
ErfanDL
Member
Member
Posts: 366
Joined: Thu Sep 29, 2016 9:13 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 11:04 am

I confirm quantity of sector writes is constantly fast increasing
sec.PNG
You do not have the required permissions to view the files attached to this post.
 
ofer
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Wed May 23, 2018 11:45 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 11:05 am

Updated HapACx3 from 6.46.6 -> 6.47 - I haven't encountered any issues.
Updated HapAC Lite x3 from 6.46 -> 6.47 - No issues so far.
Last edited by ofer on Mon Jun 08, 2020 10:59 am, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 11:24 am

I updated 3 different routers and have not encountered "sector write issues".
Sure the sector write count is at 2500 or so after updating a router without config changes, but it is not increasing and I am not alarmed by such numbers.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 11:32 am

It seems to me that DNS FWD does not work if there is DoH set up. I can imagine people who want to FWD their internal domain zones while securing all external/public requests.
Indeed it is silly. One would expect the DoH to be implemented just like all other external resolvers, that is:
- incoming DNS requests to the router are first looked up in the cache/static table
- when not found, a request is made to the configured external resolver (either via DNS or DoH)
- the result is stored in the cache table and returned to the client.

However, it appears the DoH function was implemented as a completely separate handling of the incoming DNS packets...
This makes it impossible to use the DNS resolver (which was improved this release! it can now also serve other static records!) in combination with an external DoH service.
That fact was discussed in the RC topic but apparently there was no more time to fix the code and the "stable" version had to be rushed out...
 
eddieb
Member
Member
Posts: 355
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 11:39 am

updating to 6.47 went smooth ... from 6.46.5 to 6.47 done thru the dude ;-) No problems so far Still running OSX 10.14.x to be able to run the 32bit Dude in Dude4Mac 6.47.
 
User avatar
MTeeker
Frequent Visitor
Frequent Visitor
Posts: 96
Joined: Tue Jun 14, 2011 2:42 pm
Location: Australia

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 11:57 am

SMB is not working for me, log says
...
1+
SMB also broken on my R493G rig running 6.47. Can't access NAS on LAN behind router.

[EDITTED]
SMB is working fine and not 'broken' on my RB493G. An item, previously misconfigured from bridge, was added and it allows LAN access. Thanks.
Last edited by MTeeker on Mon Jun 08, 2020 10:09 pm, edited 2 times in total.
 
HZsolt
newbie
Posts: 31
Joined: Tue Apr 24, 2018 7:31 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 12:00 pm

Will we ever be able to use multiple DoH Servers? Not just one.
https://github.com/curl/curl/wiki/DNS-over-HTTPS
 
amokkatmt
newbie
Posts: 33
Joined: Mon Oct 24, 2011 3:31 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 1:46 pm

SMB is not working for me, log says
...
1+
SMB also broken on my R493G rig running 6.47. Can't access NAS on LAN behind router.
Probably not the same. I meant "IP/SMB|, server of router itself.
 
obscurus
newbie
Posts: 29
Joined: Thu May 04, 2017 9:25 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 2:33 pm

adguard doh dns does not work with many errors on log.
1.1.1.1 doh - working now well
8.8.8.8 doh - working now well
 
User avatar
0012nish
newbie
Posts: 32
Joined: Mon Jun 27, 2016 1:15 pm
Location: Stockholm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 2:49 pm

Sim-card lost after upgrading.
v6.47
Image
v6.45.9
Image
You do not have the required permissions to view the files attached to this post.
 
dvm
just joined
Posts: 22
Joined: Thu Feb 01, 2018 9:54 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 2:54 pm

*) netinstall - signed netinstall.exe with Digital Signature;
Netinstall 6.47 is still missing from the software download page.
 
Chisee
just joined
Posts: 2
Joined: Wed Jun 03, 2020 1:11 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 2:55 pm

Hi,

today i upgraded my router and 5 acces points.
After updating in winbox only the router is visible under the "Neighbors" tab, the acces points are gone. If I enter the IP address, it will connect without any problems.

Does anyone know a solution for this?

router:
CCR1009-7G-1C-1 S +

acces point:
RBWAPG-5HACT2HND
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 3:06 pm

!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
Does this mean we will see the end of filtering via DNS anytime soon?
This is not related to the support of DoH in the router. However, you are right that in the future your clients will no longer use your DNS resolver nor can you catch their attempts to use an external DNS resolver and dst-nat them to your own resolver.
The situation is similar to filtering or priotitising websites via L7 matches: this level of control over your network will disappear.
 
llubik
newbie
Posts: 30
Joined: Mon Mar 04, 2019 7:33 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 3:42 pm

I can't update to 6.47
I have 2 x hapac2 a problem. . . on both ladies check for updates, and dotan stable on one 6.47, on the other 6.46.3, long term on one 6.45.9, on the other 6.45.8, testing on one 6.47rc2, on the other 6.47beta35. . . Where is the problem? why am I getting lower versions on the second one? (fw of course updated to the appropriate version)
Now I updated from 6.44, gradually to 6.45.8 longter and then to stable 6.46.3,. . . I thought because of the sequence of steps. . . but he doesn't offer it to me anymore. . .

why doesn't it offer on the second 6.47?
Last edited by llubik on Wed Jun 03, 2020 4:29 pm, edited 1 time in total.
 
User avatar
pendie
just joined
Posts: 4
Joined: Wed Jun 03, 2020 3:32 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 3:55 pm

I've got a massive write sector on my devices.
I can confirm this too (hAP ac lite, hAP ac^2).
ROS 6.45.9 - uptime: 32m58s, write-sect-since-reboot: 167
ROS 6.46.6 - uptime: 33m4s, write-sect-since-reboot: 228
ROS 6.47 - uptime: 31m28s, write-sect-since-reboot: 2416
The configuration has not been changed. No actions were performed after reboots, except /system resource print.
Possibly the cause is *) disk - improved recently created file survival after reboots;?
I also returned to 6.45.9 for writing which is useless 6.47
 
buset1974
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Wed Sep 13, 2006 12:12 pm
Location: Jakarta

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 4:21 pm

on 6.47
system - auto-upgrade still problem since 6.46 please fix it.
i've report this many times.

thx
 
User avatar
Paternot
Forum Guru
Forum Guru
Posts: 1058
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 4:31 pm

after this release, I've got a massive write sector on my devices.
I confirm quantity of sector writes is constantly fast increasing
I can confirm this too. Don't know what causing this.
 
denisnk
just joined
Posts: 1
Joined: Thu Aug 25, 2016 5:03 pm
Location: Ukraine

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 4:37 pm

Got the same problem with sector writes value on my hAp ac^2 on v6.47.
Two screens just to compare (v6.47 vs v6.46.6). Returned to v6.46.6 until it'll be fixed.
6.47.png
6.46.6.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
JohnTRIVOLTA
Member
Member
Posts: 402
Joined: Sun Dec 25, 2016 2:05 pm
Location: BG/Sofia

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 4:56 pm

Same problem with sector writes value - RB433AH :
Image
Image
 
User avatar
Paternot
Forum Guru
Forum Guru
Posts: 1058
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 5:18 pm

I updated 3 different routers and have not encountered "sector write issues".
Sure the sector write count is at 2500 or so after updating a router without config changes, but it is not increasing and I am not alarmed by such numbers.
I have this problem, with 2 AP. They don't have dynamic IP. They don't have DHCP servers. They are not used as DNS to the clients. I am not using CapsMAN. This is as barebones as I can get: just a dumb AP. Cloud is disabled too, and I didn't installed any extra package - just using the default ones. No scripts whatsoever too.

System status at 11:09
/system resource print
                   uptime: 8h43m38s
                  version: 6.47 (stable)
               build-time: Jun/02/2020 07:38:00
         factory-software: 6.29.1
              free-memory: 22.9MiB
             total-memory: 64.0MiB
                      cpu: MIPS 24Kc V7.4
                cpu-count: 1
            cpu-frequency: 650MHz
                 cpu-load: 4%
           free-hdd-space: 3000.0KiB
          total-hdd-space: 16.0MiB
  write-sect-since-reboot: 14126
         write-sect-total: 2127269
               bad-blocks: 0%
        architecture-name: mipsbe
               board-name: hAP ac lite
                 platform: MikroTik
System status at 11:13:
/system resource print
                   uptime: 8h47m36s
                  version: 6.47 (stable)
               build-time: Jun/02/2020 07:38:00
         factory-software: 6.29.1
              free-memory: 23.0MiB
             total-memory: 64.0MiB
                      cpu: MIPS 24Kc V7.4
                cpu-count: 1
            cpu-frequency: 650MHz
                 cpu-load: 2%
           free-hdd-space: 3000.0KiB
          total-hdd-space: 16.0MiB
  write-sect-since-reboot: 14409
         write-sect-total: 2127552
               bad-blocks: 0%
        architecture-name: mipsbe
               board-name: hAP ac lite
                 platform: MikroTik
If I keep looking at the counter, it increases by 5 writes. Stops a while, then do about 10 or 12 jumps of 5 writes. This AP doesn't write its logs to disk, and I set the graphic generator to write only every hour. These jumps occur in less than a minute.

Yes, I'm sending a supout now.
 
WeWiNet
Long time Member
Long time Member
Posts: 610
Joined: Thu Sep 27, 2018 4:11 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 5:26 pm

Sector writes also pretty high on my WAP-R ac (its ~ 3 weeks old device).
25% sector writes of total after today upgrade & reboot!
Should I down-grade to avoid memory corruption???
Sector_Writes (2).png
You do not have the required permissions to view the files attached to this post.
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 5:38 pm

on 6.47
system - auto-upgrade still problem since 6.46 please fix it.
i've report this many times.

If you haven't submitted this issue to MT support via mail or help.mikrotik.com, it will never be fixed.

Forum post != bug report.

Also, multiple forum posts != bug report. Posting this repeatedly is just plain annoying.
 
WeWiNet
Long time Member
Long time Member
Posts: 610
Joined: Thu Sep 27, 2018 4:11 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 6:41 pm

In addition to heavy write cycle, also FLASH memory leakage!
All my available FLASH memory is gone on WAP R ac after upgrading to 6.47 from 6.46.6
Now need to do a NETINSTALL (hate that!)

PS: Note that 2 x reboot added another 40% write cycles (10.000) of total 35.000 since. And this within 30 minutes!! ... not bad!
6.47_issues (2).png
You do not have the required permissions to view the files attached to this post.
 
mirolm
just joined
Posts: 11
Joined: Mon Apr 27, 2015 8:35 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 7:19 pm

I can second that on my routers:
- hEX S - uptime 1h 02:14:00 Sector writes since reboot: 4971
- hAP ac^2 - uptime 1h 02:14:00 Sector writes since reboot: 16 313
- hAP ac^2 - uptime 1h 02:14:00 Sector writes since reboot : 15 364

On all 3 routers this numbers rise with 1-6 every second...

This are really high numbers and need to be fixed. Downgraded back to 6.46.6 till this is fixed.
Last edited by mirolm on Wed Jun 03, 2020 8:01 pm, edited 3 times in total.
 
faxxe
newbie
Posts: 40
Joined: Wed Dec 12, 2018 1:46 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 7:20 pm

Damn, whats going on here?
95000 in 24hours.
whats the best way to go back?


Image

-faxxe
 
SnkB
just joined
Posts: 11
Joined: Sun Apr 12, 2020 8:19 pm

Re: v6.47 [estável] é liberado!

Wed Jun 03, 2020 7:36 pm

Here in my hEX S it increased rapidly!
Short uptime and is at 87k +
13h uptime
This must be corrected !!
Image
 
User avatar
Wakko
just joined
Posts: 8
Joined: Thu Sep 30, 2010 7:49 pm
Location: Saint-Petersburg, Russian Federation

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 7:51 pm

Today I updated two home routers: RB450G and RB850Gx2. The first one was updated from 6.45.8 to 6.47 without any problems. And during the RB850Gx2 update was in progress – my UPS APC SC420 just shut down and power off all the network hardware that is connected to it. This UPS is connected by a cable to the RB850Gx2 router. I suspect that the router sent the shutdown command.
Снимок экрана 2020-06-03 в 19.17.28.png
You do not have the required permissions to view the files attached to this post.
 
tricyclevent
just joined
Posts: 9
Joined: Wed Jun 03, 2020 7:59 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 8:04 pm

hEX update ok
unable to update hAP lite: not enough memory
You do not have the required permissions to view the files attached to this post.
 
nmt1900
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Wed Feb 01, 2017 12:36 am

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 8:22 pm

Well... 42 thousand writes in 22 hours. At least there's no problem with devices which do not display NAND writes :)
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 203
Joined: Wed Aug 09, 2017 1:15 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 8:25 pm

almost 25000000 Sector writes.. what are you doing to your flash memory?
 
tricyclevent
just joined
Posts: 9
Joined: Wed Jun 03, 2020 7:59 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 9:16 pm

I bought it november 2016. We have a normal usage i think... just for our private home network. Never had any problems, works like a charm... I have no idea what these numbers mean...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 10:20 pm

almost 25000000 Sector writes.. what are you doing to your flash memory?
I have 35 683 586 here. That happened when I had the "/tool graphing" running for some interfaces and resources, with the "store on disk" option on.
After I found this I have removed the "store on disk" on all items and this problem went away.
But my router (2011) still works OK so I am not so worried about 500 writes, as some others are.
 
User avatar
Paternot
Forum Guru
Forum Guru
Posts: 1058
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v6.47 [stable] is released!

Wed Jun 03, 2020 10:50 pm

But my router (2011) still works OK so I am not so worried about 500 writes, as some others are.
I'm not worried about "500 writes". I'm concerned with the fact that the writes more than quadrupled, with this new version. Same hardware, same config. Just an upgrade - from 6.46.4 to 6.47.

The same unit I posted above is now with 24155 writes after reboot. When I posted, it had 14409. We are talking about 1700 writes/hour. This would give me something like 40800 writes/day. That's about 14900000/year.

No, it's not the end of the world. But it IS much higher than this used to do, with version 6.46.4
I have a third AP, same hardware and config - but still at 6.46.4. Is is at 90321 rewrites since last reboot - 10 days ago. See? I went from about 10k writes/day to 41k writes/day. There is something weird here.

And it isn't the graphics. I set them to be written once per hour - and the counters increase slow and steadily.
 
teonok
just joined
Posts: 2
Joined: Tue May 12, 2020 2:15 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 12:49 am

I have a problem with the DHCP Server. I have connected a TP LINK AP200 as a repeater/bridge of the wifi network of Mikrotik. The repeater connects ok, I can ping it and login to web interface. When a client connects to tp link wifi network it can't get IP. The mikrotik log says DHCP Server offering lease 192.168.88.114 for (mac of the client) to (mac of the TP LINK) without success. If I put static ip to the client and connect to TP link everything works ok. I downgraded to firmware 6.46.6 and it works fine.
 
kd2pm2
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Nov 14, 2012 7:14 am
Location: New Jersey, USA

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 4:18 am

https://jcutrer.com/howto/networking/mi ... over-https --> DoH configuration on MikroTik router
It is possible to use DoH only with "Verify DoH Certioficate" unchecked, or unchecked "Use CRL". Mikrotik is logging "DoH server connection error: SSL: handshake failed: unable to get certificate CRL (6)". I am using Cloudflare DoH, so installed DigiCertGlobalRootCA, but Mikrotik is telling me that CRL for this cert is invalid.
I just did the same on my RB4011 and its working. Did you do the chain pem or just the root pem?
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 7:00 am

osc86,mirolm,dakotabcn,ErfanDL,roe1974,pe1chl,Werlock,jenechka,Institor,Paco,Jotne - The issue will be resolved in the upcoming RouterOS releases. But there is nothing to worry about here. Simply default configuration script got generated incorrectly.
wuffzack,pe1chl - Please send two supout files from this router to support@mikrotik.com (one from v6.47 and one from the previous version that was installed on your router).
templeos - We will consider changing the topic of these messages, but I think that you would like to know if the DNS server is not reachable when someone tries to use it.
obscurus - We will update the manual as soon as possible.
amokkatmt,MTeeker,buset1974 - The issue will be resolved in the upcoming RouterOS releases.
bpwl,krafg - The antenna gain setting is not available there anymore for the routers that have a built-in antenna.
diablothebest, w0lt,shmichael,nexusds,ementat,0012nish,Chisee - Please send a supout file from this router to support@mikrotik.com.
vecernik87 - We will look into this.
fs0c13ty,Grant,dvm,ErfanDL,pe1chl,dvm,pendie,Paternot,denisnk,JohnTRIVOLTA,WeWiNet,mirolm,faxxe,SnkB,nmt1900,osc86,pe1chl - We are currently looking into this.
llubik - Please make sure that upgrade.mikrotik.com domain name on your router is resolved to these IP addresses 159.148.147.204, 159.148.172.226.
Wakko - There are no such changes in the RouterOS that might do such a thing automatically. If you experience the same issue again, then please provide supout file from your router to support@mikrotik.com.
tricyclevent - Make sure that there are no unnecessary RouterOS packages installed on your router and there are not too many files stored on this unit.
teonok - Usually this means that there is only traffic in one direction. DHCP server receives requests, replies to it, but does not ever receive an accept from the client (most likely reply was lost between the server and client).
 
llubik
newbie
Posts: 30
Joined: Mon Mar 04, 2019 7:33 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 8:25 am

To Strods:
I verify, but then how is it possible that I updated from 6.44.x to 6.45.8 and then to stable 6.46.3 if he didn't have the correct IP ?
THX
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3343
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 8:43 am

My hAP ac2 did upgrade without problem to 6.47.
I guess you now that you have to select stable in channel to see the upgrade?
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 9:19 am

For example, if there is some kind of a cache between your router and download servers, then it can cache old "LATEST.6" file and as a result you might see wrong version number here. Then router downloads ("upgrade.mikrotik.com/routeros/package" + LATEST.6 file contents) file.
 
dakotabcn
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Thu Apr 21, 2016 11:16 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 10:11 am

Hello
I have a curious problem and it only happens to me with a router RB4011 without wifi: winbox via local connects perfectly, via VPN L2TP or does not connect (it remains in downloading descriptors) or when it accesses it does not load and it remains blank, with other routers in 6.46.6 does not happen, with a 4011 wireless version with 6.47 does not give this error
 
llubik
newbie
Posts: 30
Joined: Mon Mar 04, 2019 7:33 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 10:14 am

But if someone had a long-term file somewhere in the cache, both stable and test?
long-term 6.45.8, stable 6.46.3 and tester 6.47beta35? I don't have any cache, only if the ISP had what it seemed to me probably, since there was no problem yet. . . Can I download eg 6.46.6 manually and upload to files-flash? Is my system updating after a reboot?
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 10:35 am

It seems to me that DNS FWD does not work if there is DoH set up. I can imagine people who want to FWD their internal domain zones while securing all external/public requests.
(If you want to test it, remember to flush cache before every request)
I brought this topic up for beta and rc releases... Mikrotik's answer was that DoH is always preferred when configured.
In general that's a good idea, with this exception: I want to forward specific zones to dns servers in local network or vpn.

So please chance the priority list:
  1. forwarding with FWD record
  2. DoH
  3. regular DNS
We want conditional forwarding of DNS queries AND DoH at the same time.
 
DeGlucker
just joined
Posts: 14
Joined: Tue Apr 12, 2011 4:35 pm
Location: Moscow, Russia

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 11:00 am

I have two routers at home, HAP AC2 and selfmade x86. After ROS upgrade to 6.47 I have faced with following problems:
HAP AC2: there were script errors in the log (fixed by clearing config and re-applying backup)
x86: no more discoverable by WinBOX. DHCP client on WAN interface is getting IP address too long, about several minutes.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 11:13 am

Just found another hiccup with DNS and DoH...

Let's assume I have a domain eworm.de (I do! :D ), which has A and AAAA records. My router has a record router.eworm.de, using *.router.eworm.de as local zone:
/ip dns static
add address=10.0.0.1 name=router.eworm.de
add address=10.0.0.10 name=host.router.eworm.de
This worked with RouterOS up to version 6.46.x:
$ dig +short A host.router.eworm.de @mt-6-46
10.0.0.10
$ dig +short AAAA host.router.eworm.de @mt-6-46
Last command does not give output, as NXDOMAIN is returned. Clients in my network just use the IPv4 address.

Now the same with RouterOS 6.47, same static records, DoH enabled:
$ dig +short A host.router.eworm.de @mt-6-47
10.0.0.10
$ dig +short AAAA host.router.eworm.de @mt-6-47
eworm.de.
2a01:4f8:13a:16c2::80
It does not find a record locally, so querying Doh. It finds a CNAME for eworm.de, then returns the AAAA address.
Nowadays clients prefer IPv6 if available, so my traffic goes to my public server instead of local host.

I would see this behavior correct, so fine with me - if I can work around. My idea was to add a catch-all NXDOMAIN at the end of static records:
/ip dns static
add address=10.0.0.1 name=router.eworm.de type=A
add address=10.0.0.10 name=host.router.eworm.de type=A
add regexp=".*\\.router\\.eworm\\.de\$" type=NXDOMAIN
But that's even worse: I get NXDOMAIN for all queries about *.router.eworm.de. Looks like regular expressions are handled first? IMHO this is a bad idea. More specific rules should match first. (Compared to routing: Would be a bad idea if default route is considered first!)

Currently thinking about a solution... I could keep the catch-all record, then convert all records to regular expression - probably a bad idea in terms of performance (and readability). Or I add two records for every address, simple A record (10.0.0.1) and AAAA record representing the IPv4 address (::ffff:10.0.0.1). I do not like both.

Mikrotik, I would like to see the default behavior changed. Either ...
  • use simple (non-regexp) records first or ...
  • apply the static list from top to bottom - regardless of whether it is simple or regexp
Please make the typical use cases work in combination with DoH!
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 3124
Joined: Mon Apr 08, 2019 1:16 am

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 11:18 am


bpwl,krafg - The antenna gain setting is not available there anymore for the routers that have a built-in antenna.
Hi Strods, a sad choice , but its your RouterOS.

Problem is not for me, I'll handle it using CLI, but will not advice this to newbies on this forum.. (Or they have to stay with 6.46.6 for a while).
You should check your MUM presentations, where people explain how to reduce the TXpower in the proper way (with antenna gain) better than setting it manually.
(Ron Touw, minute 37 : https://www.youtube.com/watch?v=pmtB3LlwquA)

We only have "poor mans band steering" with Mikrotik , and that's OK as we can play with the TXpower. That is explained by many to set the 2.4 GHz band 7 dBm lower than the 5 GHz radio.
And on Mikrotik the best and easy way to do that is adding 7 dBi tot the antenna gain on the 2.4 GHz WLAN interface.

So advice will now be: for the 2.4 GHz band,: "use regulatory domain, set the right country, look in Status for the dBm value (eg 17dBm). Now use "manual-TXpower", "no_country_set" (your TX power has risen to 25 dBm) , and manually set your TXpower as 'all rates fixed' to 17-7=10dBm. Don't be tempted to use the 25 dBm". You may need "Network analyzer" or "inSSIDer" , or any other wifi monitor to know what you are doing."
 
sohel07
just joined
Posts: 21
Joined: Sun Oct 20, 2019 11:26 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 11:51 am

This is the actual result of DoH. This build(6.47) is same as 6.47rc2. I'm fetching DoH connection error: idle timeout issue from both versions. This issue solves by rebooting router but not permanently. It starts after sometimes.
A.PNG
A1.PNG
a2.PNG
This will continue until reboot and start again this loop.
You do not have the required permissions to view the files attached to this post.
 
mgisbers
Trainer
Trainer
Posts: 10
Joined: Fri Mar 27, 2015 4:14 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 11:59 am

I brought this topic up for beta and rc releases... Mikrotik's answer was that DoH is always preferred when configured.
In general that's a good idea, with this exception: I want to forward specific zones to dns servers in local network or vpn.

So please chance the priority list:
  1. forwarding with FWD record
  2. DoH
  3. regular DNS
We want conditional forwarding of DNS queries AND DoH at the same time.
+1 !!!
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 12:05 pm

wuffzack,pe1chl - Please send two supout files from this router to support@mikrotik.com (one from v6.47 and one from the previous version that was installed on your router).
Do you seriously expect us to keep an archive of supout files made before upgrading so we can send them to you in case there is a problem after upgrading??
I never saw that mentioned in upgrade instructions. I do have an export of the IPsec config for this tunnel as it was on 6.46.2 (before upgrade):
/ip ipsec profile
add dh-group=modp1536 enc-algorithm=aes-128 lifetime=8h name=modp1536 \
    nat-traversal=no
/ip ipsec peer
add address=x.x.x.x/32 comment=peername disabled=yes local-address=\
    x.x.x.x name=peer-peername profile=modp1536
/ip ipsec policy
add comment=peername disabled=yes dst-address=x.x.x.x/32 proposal=\
    modp1536 sa-dst-address=x.x.x.x sa-src-address=x.x.x.x \
    src-address=x.x.x.x/28 tunnel=yes
After upgrading to 6.47 this showed peer "unknown" in the policy and it had added peer=*FFFFFFFF
I presume the conversion went wrong because policy and peer were disabled during the upgrade.
Another tunnel with similar config which was enabled at that time got converted OK.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 12:08 pm

templeos - We will consider changing the topic of these messages, but I think that you would like to know if the DNS server is not reachable when someone tries to use it.
Consider rate-limiting the messages. Only print the message when it has not been printed within the last 10 or 60 seconds or so.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 12:21 pm

I brought this topic up for beta and rc releases... Mikrotik's answer was that DoH is always preferred when configured.
In general that's a good idea, with this exception: I want to forward specific zones to dns servers in local network or vpn.
I don't think it was a good idea. Probably the "MikroTik anwer" only described what was done in the actual implementation, not what should have been done.

IMHO the DNS resolver should take DNS (UDP/TCP port 53) requests from the clients, then:
- lookup the requested data in the static/cache table to find any static records or cached items.  if found, return them.
- when the found item is FWD, forward the query to specified server using DNS (UDP/TCP port 53)
- when not found, check the configuration:
  - when DoH is configured, forward the query over DoH.
  - when DoH is not configured, forward it to one of the configured DNS servers (as before DoH was added).
- when the reply is received, store it in the cache and return it to the client.
One could also state that when DoH is configured using a hostname and DNS servers are configured as well, the lookup of the DoH hostname should automatically be done using the DNS servers. But such "fallback" action may or may not be what you want for normal operation, maybe there should be a config checkmark for that.
("use DNS servers when DoH fails")
 
templeos
just joined
Posts: 19
Joined: Mon Aug 26, 2019 3:58 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 12:55 pm

templeos - We will consider changing the topic of these messages, but I think that you would like to know if the DNS server is not reachable when someone tries to use it.
Consider rate-limiting the messages. Only print the message when it has not been printed within the last 10 or 60 seconds or so.
Totally agree. There's no need to have the same log a gazillion times. This pretty much happens with every DoH dns warning and error. Not the topic is the issue here. It's the amount of messages in the log.
 
diablothebest
newbie
Posts: 31
Joined: Fri May 20, 2016 11:07 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 1:22 pm

cAP ac with 6.47 no brodcast 5G network, but in WinBox no errors. All seems fine.
Downgrade it to LongTerm - all now works fine.
Ideas?
Last edited by diablothebest on Thu Jun 04, 2020 1:42 pm, edited 1 time in total.
 
td32
Member Candidate
Member Candidate
Posts: 112
Joined: Fri Nov 18, 2016 5:55 am

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 1:28 pm

cAP ac with 6.47 no brodcast 5G network, but in WinBox no errors. All seems fine.
most probably dfs channel, wait or set a non dfs one
 
HZsolt
newbie
Posts: 31
Joined: Tue Apr 24, 2018 7:31 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 2:39 pm

I did not get IPv6 DNS Server's IP addresses with RA. Neither with LAN and neither with WLAN connections. I did disable IPv6 firewall, but nothing. 6.47 version of ROS.
 
SnkB
just joined
Posts: 11
Joined: Sun Apr 12, 2020 8:19 pm

Re: v6.47 [estável] é liberado!

Thu Jun 04, 2020 2:43 pm

Here in my hEX S it increased rapidly!
Short uptime and is at 87k +
13h uptime
This must be corrected !!
Image
Downgrading to 6.45.9 while the problem with sector recording is not resolved.
When the fix is ​​released, I'll be back again.
 
jindranix
just joined
Posts: 13
Joined: Mon Jun 09, 2014 11:41 am

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 2:53 pm

"Delegated-IPv6-Prefix" attribute for PPPoE still doesn't work... Please...

viewtopic.php?f=2&t=89443
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 3:14 pm

I did not get IPv6 DNS Server's IP addresses with RA. Neither with LAN and neither with WLAN connections. I did disable IPv6 firewall, but nothing. 6.47 version of ROS.
I don't think there was a change in this functionality, do you know how (limited) it worked in previous versions?
 
rooneybuk
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri Feb 20, 2015 12:09 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 3:47 pm

Memory just keeps increasing since upgrade on my 2011UiAS
2020-06-04 13_48_03-Window.png
You do not have the required permissions to view the files attached to this post.
 
kd2pm2
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Nov 14, 2012 7:14 am
Location: New Jersey, USA

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 5:30 pm

This is the actual result of DoH. This build(6.47) is same as 6.47rc2. I'm fetching DoH connection error: idle timeout issue from both versions. This issue solves by rebooting router but not permanently. It starts after sometimes.
A.PNG

A1.PNG

a2.PNG

This will continue until reboot and start again this loop.
I was getting the same until I got the proper root cert imported for cloudflare-dns.com. Once the CRL's were udpated, it stopped. Been clean for almost a day now. And I dont use cloudflare-dns.com I actually use 1.1.1.1/dns-query instead so I dont have to do a local DNS lookup and dont have to have non-DOH addresses in my DNS settings...
 
roe1974
Member Candidate
Member Candidate
Posts: 151
Joined: Mon Dec 31, 2018 2:14 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 5:42 pm

where did you get the "the proper root cert for cloudflare-dns.com" ?
Richard
 
diablothebest
newbie
Posts: 31
Joined: Fri May 20, 2016 11:07 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 5:47 pm

cAP ac with 6.47 no brodcast 5G network, but in WinBox no errors. All seems fine.
most probably dfs channel, wait or set a non dfs one
Ok! Thx you! Now upgrade to 6.47 again and check! Post here later....
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 7:19 pm

@eworm: There's a difference whether queried name doesn't exist at all (NXDOMAIN, i.e. there are no records for it of any type) or only records of requested type don't exist (but records of other types do).

But otherwise you're right, DoH behaviour is terribly inconsistent with non-DoH, and it's not just support for FWD:

In previous RouterOS and in current RouterOS without DoH, when you add static record of *any* type, it in fact "blocks" *all* record types for the name. E.g. if <name> has A/AAAA/TXT in public DNS and you add only static A for <name> to router, then when you ask router for AAAA or TXT for <name>, it will say there's none (returns zero answers). To be honest, I never noticed this before and I'm not yet sure if it's correct/wanted or not. But when you use DoH, it doesn't happen anymore. When you add static A for <name>, it overrides only type A. Queries for other types are forwarded to DoH resolver and you get the behaviour you're seeing.

If the behaviour used by DoH is correct, then (aside from that it should be the same for both) you don't need NXDOMAIN, but something like (one of):
/ip dns static add name=<name> type=AAAA address=<some special value indicating that there's no data>
/ip dns static add name=<name> type=AAAA no-data=yes
Better the latter, because it would be useful for all record types. Perhaps also special "type=ALL no-data=yes" as fallback.

-

And about regexps, I never liked them in DNS. So far they were avoidable, but not anymore, and I think it's wrong decision. If I have local domain.tld, I want type=FWD to forward all subdomains, it's the most common and logical use case. Same for type=NXDOMAIN, it should automatically cover all subdomains, because if "domain.tld" doesn't exist, then "sub.domain.tld" can't either.
[*]apply the static list from top to bottom - regardless of whether it is simple or regexp
I don't think you want this. The nice thing about DNS is that it's hierarchical and searches can be optimized, so even when you have many records, it can be very fast. That's until you introduce non-DNS-like things like regexps, they ruin the simplicity, because it's another layer that requires different processing. They are useful, but they should be and extra tool and all simple configs should be possible without them.
 
Pea
Member Candidate
Member Candidate
Posts: 234
Joined: Fri Jul 17, 2015 11:07 pm
Location: Czech

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 7:36 pm

where did you get the "the proper root cert for cloudflare-dns.com" ?
Richard
This is all you need:
/tool fetch url=https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
/certificate import file-name=DigiCertGlobalRootCA.crt.pem passphrase=""
/ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
 
rajo
newbie
Posts: 45
Joined: Tue Aug 16, 2011 11:12 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 7:45 pm

Anyone else with a large number (over 130) of L2TP clients (only L2TP i.e. not L2TP/IPSec) notice that with 6.47, only a fraction (about 30 to 40) are able to connect to the router? I had to revert to 6.46.x to get my tunnels connected again.
 
tricyclevent
just joined
Posts: 9
Joined: Wed Jun 03, 2020 7:59 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 7:58 pm

i have no idea how to make more free space...
hAP lite
You do not have the required permissions to view the files attached to this post.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3343
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 8:12 pm

i have no idea how to make more free space...
hAP lite
Install an older smaller image, then upgrade to latest.
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 203
Joined: Wed Aug 09, 2017 1:15 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 8:42 pm

Install an older smaller image, then upgrade to latest.
Can't really recommend this. The past has shown that constantly downgrading and upgrading between different versions can lead to a corrupted configuration or an unstable system.
The scripts used for converting the configuration are not perfect (like the ipsec issue pe1chl reported)
I've experienced this myself more than one time.
Better make a full backup of the current installation, netinstall the latest version and import the backup.
 
jetelina
newbie
Posts: 34
Joined: Thu Jun 27, 2013 11:22 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 9:06 pm

Hi,
I have two devices CRS328-24P-4S+RM + hAP ac and I have upgraded to 6.47. All done via Winbox 3.24. Here are some bugs:
1. Previously the icon for disabled user was gray, currently is red. Should be gray. Happens on both devices.
2. When I exported my settings with command [code]export file=yyyy-mm-dd-export[/code] all ports are exported with [code]speed=100Mbps[/code], so the export looks like:
[code]
set [ find default-name=ether15 ] speed=100Mbps
set [ find default-name=ether16 ] speed=100Mbps
set [ find default-name=ether17 ] disabled=yes speed=100Mbps
set [ find default-name=ether18 ] disabled=yes speed=100Mbps
[/code]
- This is wrong, because I use 1Gbps. It is added by mistake and it may cause troubles when restoring backup. Happens on both devices.
3. I have downloaded certificates for DoH with commands
[code]
/tool fetch url=https://cacerts.digicert.com/DigiCertECCSecureServerCA.crt.pem
/tool fetch url=https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
[/code]
- Then I have imported both of them.
- Then enabled DoH (DoH running fine)
- Then I have deleted DigiCertECCSecureServerCA and "autosupout.rif" was created wtin about 560 Kb. I think that something crashed.
4. I was not able to make Certificate Revovation List work
- Settings - Check CRL Download + Check Use CRL + Store RAM + Apply and whole DoH is down.
- There is error "DoH server connection error: SSL: handshake failed: unable to get certificate CRL (6)"
- I have imported only 2 certificates above. But CRL is using HTTP, so why it tries anything with SSL?
- I had there two links
Dynamic: http://crl3.digicert.com/DigiCertGlobalRootCA.crl (added with DigiCertECCSecureServerCA.crt.pem)
http://cacerts.digicert.com/DigiCertGlobalRootCA.crl (manual)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 9:46 pm

For example, if there is some kind of a cache between your router and download servers, then it can cache old "LATEST.6" file and as a result you might see wrong version number here. Then router downloads ("upgrade.mikrotik.com/routeros/package" + LATEST.6 file contents) file.
In my experience it sometimes happens that "System->Packages->Check for updates" does not work even though upgrade.mikrotik.com can be pinged.
E.g. yesterday one of the routers I wanted to upgrade (a CCR1009) displayed only the empty window where the release-notes would be displayed and the "latest version" field showed the 6.46.x version that it had last shown when I checked before (6.46.5 if I remember well).
I let it sit for a couple of minutes but no change. I then rebooted the router and checked again, this time it worked on first try. Download&Install went without trouble.

I have seen that before. Of course I am aware of issues with firewall or DNS setup that can cause problems, but that wasn't it (or reboot would not fix it). Also, when there is a connectivity issue there usually is an error message quite quickly (failure to lookup the hostname, failure to connect the upgrade server). That wasn't happening here.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 9:50 pm

Can't really recommend this. The past has shown that constantly downgrading and upgrading between different versions can lead to a corrupted configuration or an unstable system.
It is a known problem with hAP mini!
Basically it is just a toy. Nice for experiments, some niche applications like WiFi client for wired systems or similar, but not intended for complicated usage scenarios.
Netinstall new version and reset and start from scratch, when that "is a lot of work" it is time to think about a router with a little more resources.

That being said, I was able to update my hAP mini using the "separate packages" method:
- download "extra packages" file (all_packages-smips-6.47.zip)
- unzip
- use FTP to upload only the desired packages to the router (not the ones that have been disabled or are not part of the combined package)
- reboot the router using system->reboot.

Now it is at 6.47 with even 7.7MB free...
Last edited by pe1chl on Thu Jun 04, 2020 10:32 pm, edited 1 time in total.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3343
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 10:02 pm

2. When I exported my settings with command
export file=yyyy-mm-dd-export
all ports are exported with
speed=100Mbps
, so the export looks like:
set [ find default-name=ether15 ] speed=100Mbps
set [ find default-name=ether16 ] speed=100Mbps
set [ find default-name=ether17 ] disabled=yes speed=100Mbps
set [ find default-name=ether18 ] disabled=yes speed=100Mbps
- This is wrong, because I use 1Gbps. It is added by mistake and it may cause troubles when restoring backup. Happens on both devices.
If you did search for this here on the forum, you would have found this viewtopic.php?t=100057
This is normal and has been like this for many years.
 
videolab
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Mon Feb 25, 2008 12:41 am

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 10:10 pm

Antenna Gain? No accept Italy country
 
SnkB
just joined
Posts: 11
Joined: Sun Apr 12, 2020 8:19 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 11:02 pm

fs0c13ty,Grant,dvm,ErfanDL,pe1chl,dvm,pendie,Paternot,denisnk,JohnTRIVOLTA,WeWiNet,mirolm,faxxe,SnkB,nmt1900,osc86,pe1chl - We are currently looking into this.
Any forecast for fixing this error in the high writing of the NAND sectors?
Thanks for listening!
 
User avatar
Paternot
Forum Guru
Forum Guru
Posts: 1058
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 11:15 pm

fs0c13ty,Grant,dvm,ErfanDL,pe1chl,dvm,pendie,Paternot,denisnk,JohnTRIVOLTA,WeWiNet,mirolm,faxxe,SnkB,nmt1900,osc86,pe1chl - We are currently looking into this.
Any forecast for fixing this error in the high writing of the NAND sectors?
Thanks for listening!
I got this answer from support:

"Thank you for your report. Our team is working on this. The issue will be resolved in the upcoming RouterOS releases."
 
patrickmkt
Member Candidate
Member Candidate
Posts: 202
Joined: Sat Jul 28, 2012 5:21 pm

Re: v6.47 [stable] is released!

Thu Jun 04, 2020 11:59 pm

Yes OVPN with certificates works again.... I can at last reconnect with my remote routers...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21930
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 12:55 am

fs0c13ty,Grant,dvm,ErfanDL,pe1chl,dvm,pendie,Paternot,denisnk,JohnTRIVOLTA,WeWiNet,mirolm,faxxe,SnkB,nmt1900,osc86,pe1chl - We are currently looking into this.
Any forecast for fixing this error in the high writing of the NAND sectors?
Thanks for listening!
I got this answer from support:

"Thank you for your report. Our team is working on this. The issue will be resolved in the upcoming RouterOS releases."
My Feedback was a bit different.
" Thank you for your report. As soon as the coder for this area of the firmware and the test designer, recover from their injuries, the updated patch work will begin and we expect it to be ready by the next release. Funny they always opt for the beating and not the cut in pay. In any case, we are aware of the problem and will have it fixed soonest.
 
nexusds
newbie
Posts: 30
Joined: Fri Aug 16, 2019 6:51 am

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 4:02 am

another bug ... when going under IP/IPSec/Policy, and opening an existing one seems to exit winbox/crash winbox.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 6:11 am

dakotabcn - This does not seem to be related to v6.47. Please send supout file from this router to support@mikrotik.com.
llubik - Upgrade simply looks for upgrade.mikrotik.com/routeros/LATEST.6 file. Of course, you can download files from our download page, upload them to the router and reboot it.
DeGlucker - Problem with script error was already mentioned above. It will be fixed. Regarding the neighbor discovery issue, please provide supout file to support@mikrotik.com.
eworm - We will look into this.
sohel07,diablothebest,rajo - Please provide supout file from this router (generated while the issue is present) to support@mikrotik.com.
pe1chl - No, we do not. Since you were posting a problem report here in the forum, I did ask for a file (if you have one) and if you do not have one, thought that you might downgrade, generate file and upgrade again. Regarding the DoH logs, what to do if the server is not reachable once for a second? Administrators should know about it.
HZsolt - Did the same configuration work just fine on previous RouterOS versions?
rooneybuk - Did you make any changes after an upgrade (for example, enabled DoH or something else).
tricyclevent - Instead of using the RouterOS bundle package with disabled packages, you can install separate packages. Download them on our download page, upload to the router, and simply reboot it. Seems that you need to install only five packages, but currently there are ten installed on the router.
jetelina - Speed parameter shows the speed that is used if auto-negotiation is disabled. This was an old issue and the fact that you see this in the export shows that the issue is already resolved (100 Mbps shows in export since it does not default value anymore).
anav - I presume that this is a joke, but please do not post such messages. MikroTik did not provide such an answer to anyone in our support channel.
nexusds - I do not see such an issue. Maybe a specific policy is required. Please provide supout to support@mikrotik.com and name which policy did trigger this issue.

Everyone - DNS wiki page has been updated - https://wiki.mikrotik.com/wiki/Manual:I ... over_HTTPS
Everyone - I just wanted to remind you that if there is a new issue introduced in the concrete RouterOS version then please report this issue to support@mikrotik.com right away.
 
lordzar
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Sat May 29, 2004 7:47 pm

Wireless partially broken

Fri Jun 05, 2020 6:22 am

I have a situation where I have a central WAP (INTL) and 2 HAP's (US) as bridges. They USED to use the 5Ghz band and after the upgrade it all BROKE.

I correctly had frequency-mode set to regulatory-domain, but apparently Mikrotik removed countries from the definitions based on the hardware version (INTL vs US).

Got everything running by switching the links to 2Ghz. 5Ghz is still broken.

I don't see a reason I shouldn't be able to use an INTL version and a US version together as long as you're properly using the settings for your region.
 
guipoletto
Member Candidate
Member Candidate
Posts: 201
Joined: Mon Sep 19, 2011 5:31 am

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 6:36 am

The new icons are horrible.

Especially the fact that a lot of color tones were changed.
a lot of muscle memory trown out in the trash, now my brain always goes in to alarm mode navigating the menus. "this is different, what did i do wrong!?"
 
Reinis
MikroTik Support
MikroTik Support
Posts: 92
Joined: Wed Jan 02, 2019 12:14 pm
Location: Latvia
Contact:

Re: Wireless partially broken

Fri Jun 05, 2020 6:39 am

I have a situation where I have a central WAP (INTL) and 2 HAP's (US) as bridges. They USED to use the 5Ghz band and after the upgrade it all BROKE.

I correctly had frequency-mode set to regulatory-domain, but apparently Mikrotik removed countries from the definitions based on the hardware version (INTL vs US).

Got everything running by switching the links to 2Ghz. 5Ghz is still broken.

I don't see a reason I shouldn't be able to use an INTL version and a US version together as long as you're properly using the settings for your region.
What you mean by "all BROKE"? Could you please be more precise? Depending on what exact version you've upgraded from, regulatory settings could have changed.
You can use the command "/interface wireless info allowed-channels wlan" to check allowed channels with your current settings. If setting both sides identically still does not make a connection, please write an e-mail to support@mikrotik.com and provide supout.rif from AP and STA.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3343
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 8:15 am

Everyone - DNS wiki page has been updated - https://wiki.mikrotik.com/wiki/Manual:I ... over_HTTPS
Just a comment to the Wiki that it does miss some information. When importing the certificate, you are asked for a password phrase. This is not mention in the Wiki and it not clear for me when to use this password.

And also, how do I know what DNS the router use to do the lookup?
Normal DNS 1.1.1.1 or using DoH cloudflare-dns.com. There are nothing in the logs telling you where the routers sends the DNS. I have allowed Remote Request, so if you do ask me, it could be both, since the router looks up cloudflare DNS using 1.1.1.1, why should it not look up remote request this way. It should be more clear what DNS system the router uses to look up remote request.
 
Pea
Member Candidate
Member Candidate
Posts: 234
Joined: Fri Jul 17, 2015 11:07 pm
Location: Czech

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 8:26 am

No passphrase needed for this root CA cert.
And no other DNS needed when you use this Cloudflare url "https://1.1.1.1/dns-query" as it contains ip which is also included within the certificate.

/tool fetch url=https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
/certificate import file-name=DigiCertGlobalRootCA.crt.pem passphrase=""
/ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3343
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 8:37 am

I do think that is a better solution. It clear where DNS go, since you only have DoH configured. Wiki should at least be updated with that no password are needed.

Are there option to use other DoH than Cloudflare?
Last edited by Jotne on Fri Jun 05, 2020 8:42 am, edited 1 time in total.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 10:07 am

Of course, use any DoH server. Just like you can use any DNS server or any ISP connection. We can't tell you what provider to use.
 
User avatar
ErfanDL
Member
Member
Posts: 366
Joined: Thu Sep 29, 2016 9:13 am

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 10:13 am

Of course, use any DoH server. Just like you can use any DNS server or any ISP connection. We can't tell you what provider to use.
what about local DOH server ? I have a cloudflare local DOH but not working with mikrotik.
 
msatter
Forum Guru
Forum Guru
Posts: 2941
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 10:16 am

But if someone had a long-term file somewhere in the cache, both stable and test?
long-term 6.45.8, stable 6.46.3 and tester 6.47beta35? I don't have any cache, only if the ISP had what it seemed to me probably, since there was no problem yet. . . Can I download eg 6.46.6 manually and upload to files-flash? Is my system updating after a reboot?
This is more general information.
You can check if there is a 'hidden' update file present en then you can remove it by using "cancel".

/system package update print
channel: testing
installed-version: 6.47
latest-version: 6.47rc2
status: Downloaded, please reboot router to upgrade it

/system package update cancel

/system package update print
channel: testing
installed-version: 6.47
latest-version: 6.47rc2

This was to test the existence of the 'hidden' downgrade file and I set my channel back to stable.
Last edited by msatter on Fri Jun 05, 2020 10:26 am, edited 2 times in total.
 
msatter
Forum Guru
Forum Guru
Posts: 2941
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 10:21 am

Of course, use any DoH server. Just like you can use any DNS server or any ISP connection. We can't tell you what provider to use.
what about local DOH server ? I have a cloudflare local DOH but not working with mikrotik.
What do mean by "local"? Is that a local program (client) running on a other device in your local network connection to Cloudflare?
 
User avatar
ErfanDL
Member
Member
Posts: 366
Joined: Thu Sep 29, 2016 9:13 am

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 10:33 am

Of course, use any DoH server. Just like you can use any DNS server or any ISP connection. We can't tell you what provider to use.
what about local DOH server ? I have a cloudflare local DOH but not working with mikrotik.
What do mean by "local"? Is that a local program (client) running on a other device in your local network connection to Cloudflare?
I'm using cloudflare DOH server on raspberrypi
https://blog.cloudflare.com/deploying-g ... d-pi-hole/
also there is a problem with cloudflare public gateway over DOH. An error that appears in the mikrotik log:
DoH server connection error: SSL: handshake failed: unable to get local issuer certificate (6)
Last edited by ErfanDL on Fri Jun 05, 2020 10:36 am, edited 1 time in total.
 
llubik
newbie
Posts: 30
Joined: Mon Mar 04, 2019 7:33 pm

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 10:35 am

To msatter:
[l@MKT] > /system package update print
channel: stable
installed-version: 6.46.3
latest-version: 6.46.3
status: System is already up to date
[l@MKT] > /system package update cancel

[l@MKT] > /system package update print
channel: stable
installed-version: 6.46.3
latest-version: 6.46.3

THX, I will update manually, it doesn't cause any problem for me
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 11:14 am

llubik - Did you try "/system package update check-for-updates"?
 
llubik
newbie
Posts: 30
Joined: Mon Mar 04, 2019 7:33 pm

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 11:48 am

channel: stable
installed-version: 6.46.3
latest-version: 6.46.3
status: System is already up to date
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 12:00 pm

pe1chl - No, we do not. Since you were posting a problem report here in the forum, I did ask for a file (if you have one) and if you do not have one, thought that you might downgrade, generate file and upgrade again. Regarding the DoH logs, what to do if the server is not reachable once for a second? Administrators should know about it.
right away.
I would hope (and assume) that at MikroTik, you have ample resources to setup a router at 6.46.2 or similar, create an IPsec tunnel and set it to disabled, and then try the upgrade. For me to replicate that, I would either have to take down my network, or try the operation on a CHR which I first have to create. I assume you can create new CHR instances running a specified version in a few seconds.
Note that my report is merely to inform you of trouble I had when doing an upgrade, and not something that *I* need to have fixed, because *I* would ever encounter it again. But other customers might encounter it and *you* may be interested in looking at it and fixing it. If not, then there are more important issues to worry about.

W.r.t. the DoH, consider the following simple implementation:
- setup a global variable (or in the context of the DoH server once you implement multiple DoH servers) "last_connect_error_time" initialized to 0 at boot.
- when you get such a connection error, examine the variable. When (time_now - last_connect_error_time) > 60 seconds, log the error and then set last_connect_error_time = time_now.

With that, any new connection error will be immediately logged at the time it occurs, but further errors will not be logged until at least a minute passes.
So in an environment where you get hundreds of DNS requests per second (as we have in our network with hundreds of clients), the logs will not be overwhelmed but the problem will still be noticed.
 
HZsolt
newbie
Posts: 31
Joined: Tue Apr 24, 2018 7:31 pm

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 12:05 pm

dakotabcn - This does not seem to be related to v6.47. Please send supout file from this router to support@mikrotik.com.
llubik - Upgrade simply looks for upgrade.mikrotik.com/routeros/LATEST.6 file. Of course, you can download files from our download page, upload them to the router and reboot it.
DeGlucker - Problem with script error was already mentioned above. It will be fixed. Regarding the neighbor discovery issue, please provide supout file to support@mikrotik.com.
eworm - We will look into this.
sohel07,diablothebest,rajo - Please provide supout file from this router (generated while the issue is present) to support@mikrotik.com.
pe1chl - No, we do not. Since you were posting a problem report here in the forum, I did ask for a file (if you have one) and if you do not have one, thought that you might downgrade, generate file and upgrade again. Regarding the DoH logs, what to do if the server is not reachable once for a second? Administrators should know about it.
HZsolt - Did the same configuration work just fine on previous RouterOS versions?
rooneybuk - Did you make any changes after an upgrade (for example, enabled DoH or something else).
tricyclevent - Instead of using the RouterOS bundle package with disabled packages, you can install separate packages. Download them on our download page, upload to the router, and simply reboot it. Seems that you need to install only five packages, but currently there are ten installed on the router.
jetelina - Speed parameter shows the speed that is used if auto-negotiation is disabled. This was an old issue and the fact that you see this in the export shows that the issue is already resolved (100 Mbps shows in export since it does not default value anymore).
anav - I presume that this is a joke, but please do not post such messages. MikroTik did not provide such an answer to anyone in our support channel.
nexusds - I do not see such an issue. Maybe a specific policy is required. Please provide supout to support@mikrotik.com and name which policy did trigger this issue.

Everyone - DNS wiki page has been updated - https://wiki.mikrotik.com/wiki/Manual:I ... over_HTTPS
Everyone - I just wanted to remind you that if there is a new issue introduced in the concrete RouterOS version then please report this issue to support@mikrotik.com right away.
Dear strods!

Yes! Same configuration.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 12:08 pm

Of course, use any DoH server. Just like you can use any DNS server or any ISP connection. We can't tell you what provider to use.
what about local DOH server ? I have a cloudflare local DOH but not working with mikrotik.
What do mean by "local"? Is that a local program (client) running on a other device in your local network connection to Cloudflare?
I'm using cloudflare DOH server on raspberrypi
https://blog.cloudflare.com/deploying-g ... d-pi-hole/
also there is a problem with cloudflare public gateway over DOH. An error that appears in the mikrotik log:
DoH server connection error: SSL: handshake failed: unable to get local issuer certificate (6)
Apparently you have not installed it correctly, or you have not configured the MikroTik router correctly.
When you make your own DoH server, of course you need to get a certificate for it, and you need to load the root certificate for that into the MikroTik just as described on the WiKi.
 
User avatar
dioeyandika
just joined
Posts: 20
Joined: Fri Feb 08, 2019 11:30 am

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 12:09 pm

hi this first post i made, i am trying using this new feature DoH DNS using Adguard DNS, seem everything work fine, but it seem using full DNS cache, i even tried to increasing the cache to 10000 KiB, it full in no time, i tried too flush the cache but it seem cache used still not decreasing, does this normal behavior for DoH DNS?
reso.JPG
dns static.JPG
cache.JPG
sert.JPG
You do not have the required permissions to view the files attached to this post.
 
Arrr8
just joined
Posts: 2
Joined: Fri Jun 05, 2020 12:08 pm

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 12:13 pm

Just updated my hAP ac^2 to 6.47 and configured DoH. For some reason the DoH-options are missing in the web interface. Yet the DoH configuration does show up in CLI. Anyone else have this problem?

Image
[admin@MikroTik] /ip dns> print
                      servers: 1.1.1.1
              dynamic-servers: 
               use-doh-server: https://cloudflare-dns.com/dns-query
              verify-doh-cert: yes
        allow-remote-requests: yes
          max-udp-packet-size: 4096
         query-server-timeout: 2s
          query-total-timeout: 10s
       max-concurrent-queries: 100
  max-concurrent-tcp-sessions: 20
                   cache-size: 2048KiB
                cache-max-ttl: 1w
                   cache-used: 193KiB
 
PashaT
just joined
Posts: 19
Joined: Sat Feb 01, 2014 1:10 am
Location: Zhytomyr, Ukraine

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 12:14 pm

I have a problem with the DHCP Server. I have connected a TP LINK AP200 as a repeater/bridge of the wifi network of Mikrotik. The repeater connects ok, I can ping it and login to web interface. When a client connects to tp link wifi network it can't get IP. The mikrotik log says DHCP Server offering lease 192.168.88.114 for (mac of the client) to (mac of the TP LINK) without success. If I put static ip to the client and connect to TP link everything works ok. I downgraded to firmware 6.46.6 and it works fine.


+1
Cisco management switch with all its clients have lost access to the internet. After downgrading to 6.46.6 and power cycle for Cisco issue was resolved.
 
User avatar
ErfanDL
Member
Member
Posts: 366
Joined: Thu Sep 29, 2016 9:13 am

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 12:54 pm

Of course, use any DoH server. Just like you can use any DNS server or any ISP connection. We can't tell you what provider to use.
what about local DOH server ? I have a cloudflare local DOH but not working with mikrotik.
What do mean by "local"? Is that a local program (client) running on a other device in your local network connection to Cloudflare?
I'm using cloudflare DOH server on raspberrypi
https://blog.cloudflare.com/deploying-g ... d-pi-hole/
also there is a problem with cloudflare public gateway over DOH. An error that appears in the mikrotik log:
DoH server connection error: SSL: handshake failed: unable to get local issuer certificate (6)
Apparently you have not installed it correctly, or you have not configured the MikroTik router correctly.
When you make your own DoH server, of course you need to get a certificate for it, and you need to load the root certificate for that into the MikroTik just as described on the WiKi.
but I installed the certificate from the mikrotik DOH wiki tutorial !
 
kd2pm2
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Nov 14, 2012 7:14 am
Location: New Jersey, USA

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 2:04 pm



what about local DOH server ? I have a cloudflare local DOH but not working with mikrotik.
What do mean by "local"? Is that a local program (client) running on a other device in your local network connection to Cloudflare?
I'm using cloudflare DOH server on raspberrypi
https://blog.cloudflare.com/deploying-g ... d-pi-hole/
also there is a problem with cloudflare public gateway over DOH. An error that appears in the mikrotik log:
DoH server connection error: SSL: handshake failed: unable to get local issuer certificate (6)
Apparently you have not installed it correctly, or you have not configured the MikroTik router correctly.
When you make your own DoH server, of course you need to get a certificate for it, and you need to load the root certificate for that into the MikroTik just as described on the WiKi.
but I installed the certificate from the mikrotik DOH wiki tutorial !
Erfan DL I suspect that the pi's cloudflared app is not able to validate the cert info you are sending it because it does not know what to do with it. You may want to review the cloudflared documentation to see if its possible to set up cert validation handshake with the router. The cloudflare site probably knows what to do when it sees the router validate the cert but the pi may not
 
User avatar
ErfanDL
Member
Member
Posts: 366
Joined: Thu Sep 29, 2016 9:13 am

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 2:24 pm



What do mean by "local"? Is that a local program (client) running on a other device in your local network connection to Cloudflare?
I'm using cloudflare DOH server on raspberrypi
https://blog.cloudflare.com/deploying-g ... d-pi-hole/
also there is a problem with cloudflare public gateway over DOH. An error that appears in the mikrotik log:
DoH server connection error: SSL: handshake failed: unable to get local issuer certificate (6)
Apparently you have not installed it correctly, or you have not configured the MikroTik router correctly.
When you make your own DoH server, of course you need to get a certificate for it, and you need to load the root certificate for that into the MikroTik just as described on the WiKi.
but I installed the certificate from the mikrotik DOH wiki tutorial !
Erfan DL I suspect that the pi's cloudflared app is not able to validate the cert info you are sending it because it does not know what to do with it. You may want to review the cloudflared documentation to see if its possible to set up cert validation handshake with the router. The cloudflare site probably knows what to do when it sees the router validate the cert but the pi may not
forget about Pihole. MikroTik has a problem with the cloudflare gateway over DOH. I installed the root certificate but it gives an error.
doh4.PNG
doh3.PNG
doh2.PNG
doh1.PNG
You do not have the required permissions to view the files attached to this post.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2989
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 2:32 pm

Could you please use "Post reply" button instead of quoting whole posts?
Is it so hard?
Do you think that such "quote escalation" helps to understand flow of discussion when you can just scroll one sentence back?
You do not have the required permissions to view the files attached to this post.
 
User avatar
ErfanDL
Member
Member
Posts: 366
Joined: Thu Sep 29, 2016 9:13 am

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 3:26 pm

Could you please use "Post reply" button instead of quoting whole posts?
Is it so hard?
Do you think that such "quote escalation" helps to understand flow of discussion when you can just scroll one sentence back?
OK sorry about that :(
 
WildRat
just joined
Posts: 7
Joined: Wed Jul 12, 2017 11:52 am

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 4:22 pm

Everyone - DNS wiki page has been updated - https://wiki.mikrotik.com/wiki/Manual:I ... over_HTTPS
When I try to follow this instructions with Google DoH DNS and use only GlobalSign Root CA certificate I constantly get "server connection error: SSL: handshake failed: unable to get local issuer certificate (6)". To get DoH working I need to use all 3 certificate from dns.google
 
llubik
newbie
Posts: 30
Joined: Mon Mar 04, 2019 7:33 pm

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 4:40 pm

Something is wrong somewhere. Manually updated 6.46.3 to 6.46.6

[l@MKT] > /system package update print
channel: stable
installed-version: 6.46.6
latest-version: 6.46.3
status: New version is available
[l@MKT] > /system package update cancel

[l@MKT] > /system package update print
channel: stable
installed-version: 6.46.6
latest-version: 6.46.3

[l@MKT] > /system package update check-for-updates
channel: stable
installed-version: 6.46.6
latest-version: 6.46.3
status: New version is available

/system package update install
download 6.46.3 and instal . . . :-(
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 5:15 pm

To get DoH working I need to use all 3 certificate from dns.google
Depends on whether or not the server ships the intermediate certificate. Then looks like Google server does not.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 5:24 pm

Something is wrong somewhere. Manually updated 6.46.3 to 6.46.6

/system package update install
download 6.46.3 and instal . . . :-(
This likely means your router has been hacked. It is advisable to do a clean netinstall.
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 5:35 pm

Note that with the new static DNS record types you can forward both forward and reverse lookups:

E.g. server 192.168.100.1 is authoritative server for domain.lan and subnet 192.168.100.0/24:
/ip dns static
# For domain.lan
add forward-to=192.168.100.1 name="domain.lan" type=FWD
# For *.domain.lan
add forward-to=192.168.100.1 regexp="\\.domain\\.lan\$" type=FWD
# For 192.168.100.*
add forward-to=192.168.100.1 regexp="\\.100\\.168\\.192\\.in-addr\\.arpa\$" type=FWD
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 5:57 pm

Note that with the new static DNS record types you can forward both forward and reverse lookups:
It is a bit of a pity that the DNS server first checks regexp and then checks literal entries...
I would like to have an entry like:

add regexp="[0-9]*\\.[0-9]*\\.168\\.192\\.in-addr\\.arpa" type=NXDOMAIN

so that reverse-lookups of RFC1918 addresses don't go to the internet DNS servers, but when I also have a static entry for some local things, the reverse for those no longer works.
It would be nice when it first checked for exact matches of static records before it tried the regexp.
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 6:08 pm

DNS entries are processed sequentially, just move the regex entry to the bottom (order by # column) and it will be checked last.

Sorry, regex seems to evaluated before static entries, which is indeed not to be expected.
Last edited by nescafe2002 on Fri Jun 05, 2020 6:20 pm, edited 1 time in total.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 6:15 pm

It would be nice when it first checked for exact matches of static records before it tried the regexp.
Exactly what I described above with my issue. So +1!
 
lordzar
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Sat May 29, 2004 7:47 pm

Re: Wireless partially broken

Fri Jun 05, 2020 6:29 pm

I have a situation where I have a central WAP (INTL) and 2 HAP's (US) as bridges. They USED to use the 5Ghz band and after the upgrade it all BROKE.

I correctly had frequency-mode set to regulatory-domain, but apparently Mikrotik removed countries from the definitions based on the hardware version (INTL vs US).

Got everything running by switching the links to 2Ghz. 5Ghz is still broken.

I don't see a reason I shouldn't be able to use an INTL version and a US version together as long as you're properly using the settings for your region.
What you mean by "all BROKE"? Could you please be more precise? Depending on what exact version you've upgraded from, regulatory settings could have changed.
You can use the command "/interface wireless info allowed-channels wlan" to check allowed channels with your current settings. If setting both sides identically still does not make a connection, please write an e-mail to support@mikrotik.com and provide supout.rif from AP and STA.
My US HAP's connect to the INTL WAP.

WAP:
channels: 5180/20-Ceee/ac(30dBm),5745/20-Ceee/ac(30dBm),
5750/20-Ceee/ac(30dBm),5755/20-Ceee/ac(30dBm),
5760/20-Ceee/ac(30dBm),5765/20-Ceee/ac(30dBm)

HAP:
channels: 5180/20-Ceee/ac(28dBm)

Settings on all are: Freq=auto, fmode=regulatory-domain, country="united states 3" (although that NOW doesn't seem to be an option on the WAP)
 
llubik
newbie
Posts: 30
Joined: Mon Mar 04, 2019 7:33 pm

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 6:31 pm

[/quote]

This likely means your router has been hacked. It is advisable to do a clean netinstall.
[/quote]

do you mean netinstal or just Reset Configuration (hw reset and download default configuration)?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 6:48 pm


This likely means your router has been hacked. It is advisable to do a clean netinstall.


do you mean netinstal or just Reset Configuration (hw reset and download default configuration)?
A clean netinstall = download the netinstall program and the current RouterOS version, and re-install the router with format of the filesystem and default configuration.
If desired you can do a /export before you start and save it on your computer to have a guideline when reconfiguring (do not blindly import it, at least check what is there and you did not put there yourself).
Also, do not use "backup"/"restore".
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 6:50 pm

DNS entries are processed sequentially, just move the regex entry to the bottom (order by # column) and it will be checked last.

Sorry, regex seems to evaluated before static entries, which is indeed not to be expected.
Indeed, unfortunately re-ordering does not work, I already had my in-addr.arpa regexp at the bottom of the list because I had the static entries in previous versions as well.
 
WildRat
just joined
Posts: 7
Joined: Wed Jul 12, 2017 11:52 am

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 7:12 pm

To get DoH working I need to use all 3 certificate from dns.google
Depends on whether or not the server ships the intermediate certificate. Then looks like Google server does not.
Then it's better to reflect this in the manual to avoid future questions. Especially since Firefox allows you to save all required certificates at once:
Image
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 3124
Joined: Mon Apr 08, 2019 1:16 am

Re: Wireless partially broken

Fri Jun 05, 2020 9:31 pm



My US HAP's connect to the INTL WAP.

WAP:
channels: 5180/20-Ceee/ac(30dBm),5745/20-Ceee/ac(30dBm),
5750/20-Ceee/ac(30dBm),5755/20-Ceee/ac(30dBm),
5760/20-Ceee/ac(30dBm),5765/20-Ceee/ac(30dBm)

HAP:
channels: 5180/20-Ceee/ac(28dBm)

Settings on all are: Freq=auto, fmode=regulatory-domain, country="united states 3" (although that NOW doesn't seem to be an option on the WAP)
Is hAP set to Installation="indoor" instead of "any" ? Mikrotik does not allow outdoor frequencies if set to "indoor". Only "outdoor" and "any" are meaningful settings for Installation.
'Outdoor-only' frequencies do not exist, there are only "indoor-only" frequencies. But for some reason Mikrotik has this "outdoor-only" interpretation on outdoor allowed frequencies.
Rational: indoor-only frequencies disturb emergency services and other priority systems if used outdoor.

[admin@MktOmnitik] > interface wireless info country-info
country: united states3
ranges: 2402-2472/b,g,gn20,gn40(30dBm)
5170-5250/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(30dBm)/indoor
5735-5835/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(30dBm)/outdoor

With Mikrotiks interpretation, this list should have been
5170-5250/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(30dBm)/indoor
5735-5835/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(30dBm)
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 9:48 pm

It would be nice when it first checked for exact matches of static records before it tried the regexp.
As I keep telling (to myself, it seems), regexps don't belong to DNS. I can't deny that they can be useful when you want to match things like <anything>.ads.<anydomain>.<tld> or something, but it's closer to hack than proper feature. Basic config should not require use of regexps. No regexps = no problem.

For example, if I configure forwarding in Unbound:
forward-zone:
  name: "168.192.in-addr.arpa"
  forward-addr: 10.0.0.1
  forward-first: no
forward-zone:
  name: "80.168.192.in-addr.arpa"
  forward-addr: 10.0.0.2
  forward-first: no
forward-zone:
  name: "1.80.168.192.in-addr.arpa"
  forward-addr: 10.0.0.3
  forward-first: no

Or BIND:
zone "168.192.in-addr.arpa" IN {
    type forward;
    forward only;
    forwarders { 10.0.0.1; };
};
zone "80.168.192.in-addr.arpa" IN {
    type forward;
    forward only;
    forwarders { 10.0.0.2; };
};
zone "1.80.168.192.in-addr.arpa" IN {
    type forward;
    forward only;
    forwarders { 10.0.0.3; };
};
It works exactly as expected, it uses longest match and PTR query for 192.168.0.1 goes to 10.0.0.1, for 192.168.80.10 to 10.0.0.2, for 192.168.80.1 to 10.0.0.3.

I can do the same (well, as long as I don't need extras like multiple target resolvers for redundancy) with ordered regexps, but it's kind of clumsy:
/ip dns static
add forward-to=10.0.0.3 regexp="^1\\.80\\.168\\.192\\.in-addr\\.arpa\$" type=FWD
add forward-to=10.0.0.2 regexp="^(.+\\.)\?80\\.168\\.192\\.in-addr\\.arpa\$" type=FWD
add forward-to=10.0.0.1 regexp="168\\.192\\.in-addr\\.arpa\$" type=FWD
MikroTik, please, can't we have the standard thing?
/ip dns static
add forward-to=10.0.0.1 name="168.192.in-addr.arpa" type=FWD
add forward-to=10.0.0.2 name="80.168.192.in-addr.arpa" type=FWD
add forward-to=10.0.0.3 name="1.80.168.192.in-addr.arpa" type=FWD
Just copy how others do it, they have been doing it for long time and it works. I'm all for innovations and new ways, but this thing with regexps is not better.
 
ddimans
just joined
Posts: 1
Joined: Fri Jun 05, 2020 9:56 pm

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 10:03 pm

Hello i get problem w 6.47

I am use ipsec

add auth-method=pre-shared-key-xauth disabled=yes generate-policy=port-override mode-config=cfg2 \
notrack-chain=output password=******* peer=peer1 policy-template-group=VPN_ipsec secret=\
******* username=*******

but i cant set my-id=key-id:****
and auto mode use for my-id my external ip address that wrong. coz i need key-id

i try set it in winbox and console

/ip ipsec identity> set my-id=key-id:****
numbers: 0
failure: XAuth must use auto my-id

and in previous version it work
 
bawolek
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Thu Mar 29, 2007 3:33 pm
Location: Poland/Wroclaw

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 10:57 pm

hello yesterday I was done upgrade CRS125-24G-1S-2HnD to 6.47 in home, after that upgrade - 3 time I had a freeze transmission on ethernet port. Everything works fine agin when i plug-out and plug-in ethernet cable. Maybe someone have the same problem/observations ?
Of corse I sent to Mikrotik supout.rif file from my routerboard.
 
User avatar
jvanhambelgium
Forum Guru
Forum Guru
Posts: 1117
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: v6.47 [stable] is released!

Fri Jun 05, 2020 11:08 pm

Some issues start to appear also here on my RB3011 since my 6.47 upgrade , ethernet-ports are flapping down/up.
So far only port3 / port5 and altough I upgrade already yesterday it only started just now...

I prepared a support-file and will deliver it to Mikrotik.
 
lordzar
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Sat May 29, 2004 7:47 pm

Re: Wireless partially broken

Fri Jun 05, 2020 11:12 pm



My US HAP's connect to the INTL WAP.

WAP:
channels: 5180/20-Ceee/ac(30dBm),5745/20-Ceee/ac(30dBm),
5750/20-Ceee/ac(30dBm),5755/20-Ceee/ac(30dBm),
5760/20-Ceee/ac(30dBm),5765/20-Ceee/ac(30dBm)

HAP:
channels: 5180/20-Ceee/ac(28dBm)

Settings on all are: Freq=auto, fmode=regulatory-domain, country="united states 3" (although that NOW doesn't seem to be an option on the WAP)
Is hAP set to Installation="indoor" instead of "any" ? Mikrotik does not allow outdoor frequencies if set to "indoor". Only "outdoor" and "any" are meaningful settings for Installation.
'Outdoor-only' frequencies do not exist, there are only "indoor-only" frequencies. But for some reason Mikrotik has this "outdoor-only" interpretation on outdoor allowed frequencies.
Rational: indoor-only frequencies disturb emergency services and other priority systems if used outdoor.

[admin@MktOmnitik] > interface wireless info country-info
country: united states3
ranges: 2402-2472/b,g,gn20,gn40(30dBm)
5170-5250/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(30dBm)/indoor
5735-5835/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(30dBm)/outdoor

With Mikrotiks interpretation, this list should have been
5170-5250/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(30dBm)/indoor
5735-5835/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(30dBm)
You were correct SIR !!!! The wap was on ANY and the haps were on indoors. But why has it worked for years and now there are enforcing it?
Anyway... apparently I was going down the wrong trail with INTL vs US... although they did take the US definitions out of the 6.47 running on INTL.

Thanks again....
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 3124
Joined: Mon Apr 08, 2019 1:16 am

Re: Wireless partially broken

Fri Jun 05, 2020 11:43 pm


You were correct SIR !!!! The wap was on ANY and the haps were on indoors. But why has it worked for years and now there are enforcing it?
Anyway... apparently I was going down the wrong trail with INTL vs US... although they did take the US definitions out of the 6.47 running on INTL.

Thanks again....
They are enforcing the regulator rules, step by step, update after update, because they have to, to keep their certification for FCC and CE. So suddenly from a specific version onward devices are bound to specific settings. (My SXTsq 5 ac's can only be set "outdoors" since some specific ROS version. But what if I use them indoor???). The same thing happened to the minimal antenna gain, what is a correct action. But they are not very systematic in their implementation and so the built-in frequency list and the logic interpreting that list is out of sync. (Either you allow outdoor freq for indoor installations, or you remove ALL the /outdoor tags in that list.)
Last edited by bpwl on Sat Jun 06, 2020 12:58 pm, edited 1 time in total.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3343
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.47 [stable] is released!

Sat Jun 06, 2020 12:00 am

No need to change the thread header. I may be better to start a new thread.
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1658
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.47 [stable] is released!

Sat Jun 06, 2020 8:14 am

pe1chl - What is the reason to believe that the router was hacked?
llubik - Please provide output of these commands - "tool fetch url="http://upgrade.mikrotik.com/routeros/LATEST.6" output=user", ":put [:resolve upgrade.mikrotik.com]".
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1390
Joined: Tue Jun 23, 2015 2:35 pm

Re: v6.47 [stable] is released!

Sat Jun 06, 2020 9:30 am

need more info about:

*) ipsec - allow specifying two peers for a single policy for failover;
*) ipsec - added "use-responder-dns" parameter support;
*) ipsec - added "split-dns" parameter support for mode configuration;
 
User avatar
hsd75
just joined
Posts: 16
Joined: Sun Jul 29, 2018 11:54 pm

Re: v6.47 [stable] is released!

Sat Jun 06, 2020 9:48 am

Hello,

On my hAP ac I have a major issue with 6.47. I had to rollback to 6.46.6.
On 6.47, my SFP module is no longer detected. It is a module ONT SERCOMM FGS202.
It's my first regression whith Mikrotik :-)
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 914
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: v6.47 [stable] is released!

Sat Jun 06, 2020 10:00 am

hsd75, could you generate supout.rif of the device with sfp attached, preferably in both states (6.46.6/working vs 6.47/not working) and send them to support via mail or help.mikrotik.com?
 
User avatar
hsd75
just joined
Posts: 16
Joined: Sun Jul 29, 2018 11:54 pm

Re: v6.47 [stable] is released!

Sat Jun 06, 2020 11:39 am

yep.
Done by mail.
 
alex_rhys-hurn
Member
Member
Posts: 353
Joined: Mon Jun 05, 2006 8:26 pm
Location: Kenya
Contact:

Re: v6.47 [stable] is released!

Sat Jun 06, 2020 12:13 pm

Hi all,

As I prepare the supout files and open a support ticket, I want to update you on my experience. EDIT: Supout.rif submitted by mail.

I upgraded to 6.47 on a CHR which acts as a test BGP router, it collects routes and we test filters with it.

The experience was not good.

everything works normally, but whenever you make a change to BGP that causes a refresh or update then winbox disconnects IMMEDIATELY.

To clarify, things that will trigger this include: enable/disable a bgp peer. Refresh a peer, resend routes, adjust a route filter, or make a new route filter, or drag and drop a route filter. Simply clicking enable on an already enabled route filter will do it too. Also a large number of route changes triggered by the remote peer will also cause it.

You can reconnect, and it will disconnect again IMMEDIATELY.

This behaviour continues until the BGP routing table has completed loading, so with a few routes (160) then its a few seconds, if its a full bgp feed of aroun 800k routes, then this takes about 2 minutes.

SSH is fine, this problem only seems to affect winbox.

I use winbox 64bit 3.24.

Alex
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Sat Jun 06, 2020 12:48 pm

pe1chl - What is the reason to believe that the router was hacked?
Because there was that hack where "upgrade" would always install a fixed version even when it was lower, presumably to get back to a vulnerable version.
(a couple of scripts and changed DNS server which serves fake LATEST.6 file etc)
Dangerous to assume it can be fixed by reconfig.
 
User avatar
Zetle
newbie
Posts: 32
Joined: Tue Aug 30, 2016 1:41 pm

Re: v6.47 [stable] is released!

Sat Jun 06, 2020 12:57 pm

*) proxy - increased minimal free RAM that can not be used for proxy services;

hAP lite (RB941-2nD r2) Proxy appear to be UP but it's not working. I presume the little amount of RAM causes the issue ? Works fine with 6.46.6.
If that's the case it would be good to throw some error instead "working"
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Sat Jun 06, 2020 1:40 pm

everything works normally, but whenever you make a change to BGP that causes a refresh or update then winbox disconnects IMMEDIATELY.
I don't experience this problem, but it can be helpful to know that winbox connections immediately fail when there is no valid route for the traffic.
I.e. unlike the classical recommendation for TCP where an "unreachable" condition during the connection setup would be handled quickly but an "unreachable" after the connection was successfully setup should be handled lazily (first try a couple of times before giving up), it fails as soon as the route is not there.

So maybe when your action results in all routes going away or flapping to another interface, this explains why your winbox connection fails.
I agree with you that it is inconvenient, I would like my winbox connections to survive a route rebuild or a router reboot on an intermediate router, but they don't.
(with SSH that problem does not occur)
 
llubik
newbie
Posts: 30
Joined: Mon Mar 04, 2019 7:33 pm

Re: v6.47 [stable] is released!

Sat Jun 06, 2020 6:23 pm

pe1chl - What is the reason to believe that the router was hacked?
llubik - Please provide output of these commands - "tool fetch url="http://upgrade.mikrotik.com/routeros/LATEST.6" output=user", ":put [:resolve upgrade.mikrotik.com]".
[l@MKT] > tool fetch url="http://upgrade.mikrotik.com/routeros/LATEST.6" output=user
status: finished
downloaded: 0KiBC-z pause]
data: 6.46.3 1580208365


[l@MKT] > :put [:resolve upgrade.mikrotik.com]
13.33.44.253

I found an entry in DNS static (I entered it there a long time ago because they carried updates and I forgot - but it's interesting that up to version 6.46.3 it worked)
Big THX
 
shahani
newbie
Posts: 26
Joined: Wed Jan 02, 2019 11:29 pm

Re: v6.47 [stable] is released!

Sat Jun 06, 2020 10:55 pm

Wow DoH saved me from internet censorship.
Thank you very much.

Please modify the ping tool in Winbox to use the router DNS correctly, Currently it uses the Windows DNS.


Image
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3343
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.47 [stable] is released!

Sat Jun 06, 2020 11:46 pm

Wow DoH saved me from internet censorship.
In your photo I can see that you are using DoH DNS with name, but there are no static or dynamic DNS to resolve its own DoH DNS name.
In MikroTiks wiki example they suggest that you add 1.1.1.1

I do use IP instead of name to skip the extra "needed" dns server.
https://1.1.1.1/dns-query
 
shahani
newbie
Posts: 26
Joined: Wed Jan 02, 2019 11:29 pm

Re: v6.47 [stable] is released!

Sun Jun 07, 2020 2:58 am

In your photo I can see that you are using DoH DNS with name, but there are no static or dynamic DNS to resolve its own DoH DNS name.
In MikroTiks wiki example they suggest that you add 1.1.1.1
The DoH server IP is entered in the static table.
If a DNS server is added at the suggestion of Mikrotik,
When the VPN tunnel is not connected, the request for resolve DoH server name may be filtered.
 
sanic
just joined
Posts: 2
Joined: Mon Dec 12, 2016 5:11 pm

Re: v6.47 [stable] is released!

Sun Jun 07, 2020 8:58 am

bpwl,krafg - The antenna gain setting is not available there anymore for the routers that have a built-in antenna.
This is a problem because you cannot use regulatory domain with your country, because antenna gain have to be set!
You do not have the required permissions to view the files attached to this post.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 3124
Joined: Mon Apr 08, 2019 1:16 am

Re: v6.47 [stable] is released!

Sun Jun 07, 2020 11:29 am

bpwl,krafg - The antenna gain setting is not available there anymore for the routers that have a built-in antenna.
This is a problem because you cannot use regulatory domain with your country, because antenna gain have to be set!
I'm worried quite a bit that not everyone will come to the forum to find out. If they only use the GUI the LHG 5 ac will remain at its default setting viewtopic.php?f=13&t=162077
Radio 25dBm , antenna at 24,5 dBi , antenna gain setting at "0". No GUI way to change it. Beam strength at 49,5dBm. (My microwave oven is set to 56dBm and max 59 dBm for cooking a meal. OK not in a spot and a lot of reflections inside)
I'm afraid you can loose an eye or even get burnt in that beam.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Sun Jun 07, 2020 12:26 pm

No, the antenna gain setting will not be left at 0, it will be set to the correct gain for the product you have. At least when there are no bugs.
The idea is that the user of the product can not set it to more than 30dBm EIRP (in most countries) as this is the max allowed power.
Of course it would be better when the user can still set it lower, but "fiddling with the gain" never was a reasonable way to do that.
There should just be a "dBm EIRP" setting in the wireless interface, that sets the radio output correspondingly (first subtract the fixed antenna gain of the product).
So, for a short link you might set it to 20dBm instead.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Sun Jun 07, 2020 12:27 pm

pe1chl - What is the reason to believe that the router was hacked?
Because there was that hack where "upgrade" would always install a fixed version even when it was lower, presumably to get back to a vulnerable version.
(a couple of scripts and changed DNS server which serves fake LATEST.6 file etc)
Dangerous to assume it can be fixed by reconfig.
Apparently he hacked it himself!! That makes it a bit less dangerous than when someone else changed that setting and possible was able to introduce bad firmware.
 
alex_rhys-hurn
Member
Member
Posts: 353
Joined: Mon Jun 05, 2006 8:26 pm
Location: Kenya
Contact:

Re: v6.47 [stable] is released!

Sun Jun 07, 2020 12:31 pm

I don't experience this problem, but it can be helpful to know that winbox connections immediately fail when there is no valid route for the traffic.
I.e. unlike the classical recommendation for TCP where an "unreachable" condition during the connection setup would be handled quickly but an "unreachable" after the connection was successfully setup should be handled lazily (first try a couple of times before giving up), it fails as soon as the route is not there.

So maybe when your action results in all routes going away or flapping to another interface, this explains why your winbox connection fails.
I agree with you that it is inconvenient, I would like my winbox connections to survive a route rebuild or a router reboot on an intermediate router, but they don't.
(with SSH that problem does not occur)
Hi, Thanks for the feedback and reminder that disappearance of routes would disconnect me. I should have been clear as follows:
I am connecting from my Out of Band Management Network
During this time, all pings continue to run
During this time my SSH session stays up
During this time my IGP (OSPF) continues to work, and pings from networks in the IGP remain operating, so I dont think I am losing the routing from the networks that Winbox connects from .

I should finally add, that my production routers running BGP as IXP and Full table borders as well as Route Reflectors all but one as CHR one as a CCR1036 running 6.46.6 do NOT exhibit this behaviour.

I remain convinced that this is a new behaviour in 6.47

Interesting that you cant replicate this, so let me go back and review my configs.

Any ideas?

Alex
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Sun Jun 07, 2020 12:35 pm

It would be nice when it first checked for exact matches of static records before it tried the regexp.
As I keep telling (to myself, it seems), regexps don't belong to DNS. I can't deny that they can be useful when you want to match things like <anything>.ads.<anydomain>.<tld> or something, but it's closer to hack than proper feature. Basic config should not require use of regexps. No regexps = no problem.
I basically agree with that, but note that with reverse-DNS it is not so easy as you write when you do not have either /8 /16 or /24 subnet mask!
E.g. I often have networks with /22 subnet mask and it is not possible to set reverse DNS for them in this way.
It is possible of course to use 4 entries for each network but with some other subnet sizes it becomes cumbersome to do it this way.

As an aside: I would like to have "usage counters" for static DNS entries. Number of uses since last reboot is fine (so it can be in RAM, no need to write to flash).
It is helpful when debugging things and also when looking at old configs for which it is unclear if the static entries are still used at all.
Each lookup matching a specific static entry would increment the counter and it would be visible in the IP->DNS->Static window.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 3124
Joined: Mon Apr 08, 2019 1:16 am

Re: v6.47 [stable] is released!

Sun Jun 07, 2020 2:43 pm

No, the antenna gain setting will not be left at 0, it will be set to the correct gain for the product you have. At least when there are no bugs.
The idea is that the user of the product can not set it to more than 30dBm EIRP (in most countries) as this is the max allowed power.
Of course it would be better when the user can still set it lower, but "fiddling with the gain" never was a reasonable way to do that.
There should just be a "dBm EIRP" setting in the wireless interface, that sets the radio output correspondingly (first subtract the fixed antenna gain of the product).
So, for a short link you might set it to 20dBm instead.
I was just alarmed by Darmach that in his/her case it was found at 0. I don't know if he/she set it himself/herself.
viewtopic.php?f=13&t=162077#p798551
(Ron Touw advised to adjust via antenna gain,at MUM, because the allowed TXpower varies over the MCSes used.)
But I agree it is very confusing that way.
Once they fix the LHG 5 ac table, 20 dBm will be impossible. As it is already with "Regulatory minimum antenna gain for this country is 25dBi"
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: v6.47 [stable] is released!

Sun Jun 07, 2020 8:45 pm

... with reverse-DNS it is not so easy as you write when you do not have either /8 /16 or /24 subnet mask!
True, that's another case where regexp can be useful. On the other hand, it should be much more efficient to find the result when there are only non-regexp entries. With those you can follow the hierarchy, check TLD first, then second level, etc. Regexp can be anything, so the whole thing needs to be evaluated, all regexp entries for every query.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Sun Jun 07, 2020 9:19 pm

... with reverse-DNS it is not so easy as you write when you do not have either /8 /16 or /24 subnet mask!
True, that's another case where regexp can be useful. On the other hand, it should be much more efficient to find the result when there are only non-regexp entries. With those you can follow the hierarchy, check TLD first, then second level, etc. Regexp can be anything, so the whole thing needs to be evaluated, all regexp entries for every query.
I think the RouterOS resolver currently is not walking the DNS name top-down like a full recursive resolver would do. It can only match the entire name or forward the query to another server to do the full resolving.
Of course it would be "easy" to incorporate one of the existing resolvers into RouterOS and then maybe add a function or two, but usually software maintainers stick to what they have until it is no longer feasible at all...
I am surprised that things work as they do now (regexps are evaluated before static names, DoH takes the entire resolver instead of being the primary server used by the resolver instead of plain DNS servers) but that probably can be explained by their existing code.
 
shahani
newbie
Posts: 26
Joined: Wed Jan 02, 2019 11:29 pm

Re: v6.47 [stable] is released!

Sun Jun 07, 2020 10:05 pm

Solution to Error while running customized default configuration script: no such item
Whenever you see this error when using wireless devices while booting
It's possible you have changed the pre-written Wireless Interface name
To solve this issue First you have to change your Wireless Interface(s) name to the pre-set.
wlan1,wlan2,wlan3....
And finally you must Reboot your device, after this your problem will be solved forever And after that you can personalize and change their name.

There might be another problem for some of you in the scripts, In the "IP DNS Cache" The address field is changed to data And so you need to do modify your scripts in this field.
Example:
:set tmpAddress [/ip dns cache get $i address];
Change to:
:set tmpAddress [/ip dns cache get $i data];
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.47 [stable] is released!

Sun Jun 07, 2020 11:06 pm

To solve this issue First you have to change your Wireless Interface(s) name to the pre-set.
wlan1,wlan2,wlan3....
And finally you must Reboot your device, after this your problem will be solved forever And after that you can personalize and change their name.
That does the trick, thanks a lot for the hint!
Mikrotik, please change static interface name (wlan1, ...) to more flexible approach ([ find default-name=wlan1 ], ...) in default configuration.
 
GARCIADOEGOGERMAN
newbie
Posts: 26
Joined: Fri Aug 18, 2017 2:05 pm

Re: v6.47 [stable] is released!

Mon Jun 08, 2020 2:49 am

Hello Goodnight!!!
Today I started to configure DoH on my Mikrotik.
I am seeing this behavior in the log every time I restart ...
Shouldn't DoH start working once you start the WAN interface and connect to the internet?
Shouldn't this behavior change?

Greetings and thanks!!!
You do not have the required permissions to view the files attached to this post.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3343
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: v6.47 [stable] is released!

Mon Jun 08, 2020 7:54 am

You have done some liket this:
viewtopic.php?p=787643#p787643

Post output of /ip dns export
 
lexell
just joined
Posts: 10
Joined: Thu Jan 05, 2017 9:02 pm

Re: v6.47 [stable] is released!

Mon Jun 08, 2020 10:26 am

It's possible you have changed the pre-written Wireless Interface name
To solve this issue First you have to change your Wireless Interface(s) name to the pre-set.
wlan1,wlan2,wlan3....
And finally you must Reboot your device, after this your problem will be solved forever And after that you can personalize and change their name.

Thank you shahani! This does work for me as well. I was unsuccessful in determining the root cause when I discussed this earlier in this thread. Your suggestion seems to fit my case, only one of my routers got affected (back since v6.46.x - not sure which release exactly) despite both of them having the default config script wiped blank - it was indeed only the one where wireless interface naming was also modified.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Mon Jun 08, 2020 11:21 am

Why is the router connecting every hour to upgrade.mikrotik.com and fetching the LATEST.6 file?
 
GARCIADOEGOGERMAN
newbie
Posts: 26
Joined: Fri Aug 18, 2017 2:05 pm

Re: v6.47 [stable] is released!

Mon Jun 08, 2020 3:46 pm

You have done some liket this:
viewtopic.php?p=787643#p787643

Post output of /ip dns export
Hello Jotne, good morning.
The configuration was done just as normis indicated.
I tried it with both Cloudflare and Google and the same thing happens.
Try the same configuration and others in 3 different mikrotiks and they all do the same.
Reading the full post, I see that other persons do the same... viewtopic.php?f=21&t=161887#p797459
It doesn't seem to be a configuration error ...
I cannot send you the output dns export because I went back with the configuration just in case, since they are mikrotiks that I have in companies and are productive

Cheers!!!
 
Vitalbas88
just joined
Posts: 1
Joined: Mon Jun 08, 2020 6:00 pm

Re: v6.47 [stable] is released!

Mon Jun 08, 2020 6:13 pm

Hi all. After upgrading to 6.47 stable, Xiaomi Mi Robot Vacuum does not connect to wifi.
Wifi connects and immediately disconnects. logs:
19:47:49 wireless,info 50:EC:01:01:01:01@wlan1-2G: connected, signal strength -48
19:47:51 wireless,info 50:EC:01:01:01:01@wlan1-2G: disconnected, received deauth:
sending station leaving (3)
19:47:57 wireless,info 50:EC:01:01:01:01@wlan1-2G: connected, signal strength -48
19:47:59 wireless,info 50:EC:01:01:01:01@wlan1-2G: disconnected, received deauth:
sending station leaving (3)
19:48:19 wireless,info 50:EC:01:01:01:01@wlan1-2G: connected, signal strength -49
19:48:21 wireless,info 50:EC:01:01:01:01@wlan1-2G: disconnected, received deauth:
sending station leaving (3)
19:48:53 wireless,info 50:EC:01:01:01:01@wlan1-2G: connected, signal strength -52
19:48:55 wireless,info 50:EC:01:01:01:01@wlan1-2G: disconnected, received deauth:
sending station leaving (3)

ip dhcp-server lease print
D 192.168.0.109 50:EC:01:01:01:01 rockrobo DHCP-local bound 1s
2 sec later
D 192.168.0.109 50:EC:01:01:01:01 rockrobo DHCP-local offered 1s
 
myke1124
just joined
Posts: 24
Joined: Fri Mar 28, 2014 2:15 am

Re: v6.47 [stable] is released!

Mon Jun 08, 2020 6:39 pm

Is there any upcoming fix for the dude performance running version 6.46.4 and newer. What ever changed that required version 6.46.4 of the dude to monitor devices is broken. On 6.46.4 and higher the winbox process will pick one core and use 100 percent of it. This is on a 1100AHx4 Dude edition with 500 devices that it is monitoring. Using 6.46 my CPU is running 2% - 15%.
You do not have the required permissions to view the files attached to this post.
 
MrYan
Member Candidate
Member Candidate
Posts: 173
Joined: Sat Feb 27, 2010 6:13 pm

Re: v6.47 [stable] is released!

Mon Jun 08, 2020 9:13 pm

Anyone have any issues with link on ether2 on RB4011? New device and I can only get link with slight down pressure on the cable on this port only. I think it's a mechanical issue but the port looks okay from visual inspection and the whole block of 5 ports I imagine is soldered to the board. Unlikely to be software issue but thought I'd ask as I'm waiting on a RMA. Did try with 6.45.9 as well but that exhibited the same problem.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Mon Jun 08, 2020 11:00 pm

Did try with 6.45.9 as well but that exhibited the same problem.
As it says in the opening post: Please keep this forum topic strictly related to this particular RouterOS release.
 
User avatar
sirbryan
Member
Member
Posts: 400
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

60GHz radios no likey (Re: v6.47 [stable] is released!)

Tue Jun 09, 2020 1:53 am

Quick warning before putting 6.47 on 60GHz radios!

I loaded 6.47 on my 60GHz gear (wap60g, LHG, Cube's) and, with frequency 58320 (and region USA) selected, the links began to bounce all over the place. Link counts on some CPE were in the hundreds (222, 256, 524, and 999) over the weekend. I thought it was due to the rain, but in retrospect the problems only happened on a couple of the busier AP's and backhaul links.

The first fix was to move those AP's off of 58320 (I noticed that those on the other channels had much lower link down counts).

The second was to downgrade most radios, starting with the AP's. While going back through, I found that some CPE on 6.47 connected to AP's on 6.46.6 (also not on 58320) didn't have a crazy Link down count. So I'm carefully watching a couple of other CPE that I deliberately left on 6.47 to see if it's an AP-only setting issue.

I haven't narrowed down whether it was the region setting in combination with the frequency (58320), or the frequency alone that made the difference.
 
User avatar
rururudy
newbie
Posts: 30
Joined: Thu Aug 04, 2016 10:57 pm
Location: San Francisco
Contact:

Re: 60GHz radios no likey (Re: v6.47 [stable] is released!)

Tue Jun 09, 2020 9:03 am

Quick warning before putting 6.47 on 60GHz radios!

I loaded 6.47 on my 60GHz gear (wap60g, LHG, Cube's) and, with frequency 58320 (and region USA) selected, the links began to bounce all over the place.
We are seeing the same issue and rolling back all our 6.47 deployments. We did about 100 antennas as a test, and it not good. There is an issue with the phased array algorithm, perhaps? It doesn't know when it is locked in.
 
Knapek
just joined
Posts: 20
Joined: Sat Aug 01, 2009 3:08 pm

Re: v6.47 [stable] is released!

Tue Jun 09, 2020 11:11 am

Hello,
how are your experience with DHCPv6 Server Static bindings?
I have couple WAP60x3 and any of them cannot keep static bindings.
They are lost after lease expiration and than they are dynamic.
Is it a bug or my mistake?
Thanks
Miroslav
 
User avatar
baks
just joined
Posts: 17
Joined: Fri Jul 19, 2013 9:05 pm
Location: Ukraine

Re: v6.47 [stable] is released!

Tue Jun 09, 2020 11:20 am

On my hAP ac I have a major issue with 6.47. I had to rollback to 6.46.6.
On 6.47, my SFP module is no longer detected. It is a module ONT SERCOMM FGS202.
It's my first regression whith Mikrotik :-)
Same issue with CRS125-24G-1S-RM. ROS 6.47, SFP ONU GePON is not detected any more. Rollback to 6.46.6 solved situation.
 
koenig
just joined
Posts: 1
Joined: Tue Jun 09, 2020 12:32 pm

Re: v6.47 [stable] is released!

Tue Jun 09, 2020 12:42 pm

Anyone else with a large number (over 130) of L2TP clients (only L2TP i.e. not L2TP/IPSec) notice that with 6.47, only a fraction (about 30 to 40) are able to connect to the router? I had to revert to 6.46.x to get my tunnels connected again.
I have the same problem 6.46.6 all 96 clients connect, after update 6.47 only 25-30 can connect at the same time, nothing suspicious in the logs. After downgrade to 6.46.6 all Clients are connectet
 
MrYan
Member Candidate
Member Candidate
Posts: 173
Joined: Sat Feb 27, 2010 6:13 pm

Re: v6.47 [stable] is released!

Tue Jun 09, 2020 8:30 pm

Did try with 6.45.9 as well but that exhibited the same problem.
As it says in the opening post: Please keep this forum topic strictly related to this particular RouterOS release.
Okay, I mentioned another release but I was testing it with 6.47 (hence in this thread) so from a strict perspective you are correct I shouldn't have mentioned it. Sometimes there are strange issues with software than manifest as problems with hardware. Try to forget the part about the non-6.47 software 8-)
 
fjamrtire
just joined
Posts: 7
Joined: Thu May 28, 2020 8:40 pm

Re: v6.47 [stable] is released!

Wed Jun 10, 2020 2:17 am

Hello, install this latest version and my rb4011 resets the wifi all the time when I'm in winbox, and sometimes when I'm not ...

is there a reported failure?
 
Ultimat
just joined
Posts: 1
Joined: Wed Jun 10, 2020 1:20 pm

Re: v6.47 [stable] is released!

Wed Jun 10, 2020 1:27 pm

I also get ip/smb error on 6.47:

192.168.101.46 dialect: NT LM 0.12
192.168.101.46 session setup GSS error: 0x90000
192.168.101.46 dialect: SMB 2.002
192.168.101.46 session setup GSS error: 0x90000

Till this issue, for now I downgraded to 6.46.6 and all work fine.
Please fix it in next stable release.
 
msatter
Forum Guru
Forum Guru
Posts: 2941
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: v6.47 [stable] is released!

Wed Jun 10, 2020 1:32 pm

I also get ip/smb error on 6.47:

192.168.101.46 dialect: NT LM 0.12
192.168.101.46 session setup GSS error: 0x90000
192.168.101.46 dialect: SMB 2.002
192.168.101.46 session setup GSS error: 0x90000

Till this issue, for now I downgraded to 6.46.6 and all work fine.
Please fix it in next stable release.
viewtopic.php?f=21&t=161887&sid=65b55cc ... 52#p797499
 
kapi2454
newbie
Posts: 39
Joined: Mon Oct 09, 2017 2:54 pm

Re: v6.47 [stable] is released!

Thu Jun 11, 2020 12:12 am

Hi!! I have a DVR and this working rules

add action=dst-nat chain=dstnat comment=DVR dst-address-type=local dst-port=8000 in-interface=all-ppp in-interface-list=!LAN protocol=tcp to-addresses=192.168.88.9 to-ports=8000
add action=masquerade chain=srcnat dst-address=192.168.88.0/24 dst-port=8000 out-interface=bridge protocol=tcp src-address=192.168.88.0/24
add action=dst-nat chain=dstnat dst-address=!192.168.88.0/24 dst-address-type=local dst-port=8000 protocol=tcp to-addresses=192.168.88.9 to-ports=8000

When I update to 6.47 this stop working, I delete all and create a simple rule but dont work. I roll back to long term firmware and all start working againg. Some problem with 6.47?
 
User avatar
fmarais007
newbie
Posts: 26
Joined: Thu Jan 11, 2018 9:16 am

Re: v6.47 [stable] is released!

Thu Jun 11, 2020 10:58 am

Anyone else with a large number (over 130) of L2TP clients (only L2TP i.e. not L2TP/IPSec) notice that with 6.47, only a fraction (about 30 to 40) are able to connect to the router? I had to revert to 6.46.x to get my tunnels connected again.
I have the same problem 6.46.6 all 96 clients connect, after update 6.47 only 25-30 can connect at the same time, nothing suspicious in the logs. After downgrade to 6.46.6 all Clients are connectet

I'm also experiencing this issue and found that it happens when a client connects to an l2tp server that has multiple WAN IP's.

Scenario:
L2TP client has two tunnels, first tunnel connects to my server dedicated l2tp WAN IP, second tunnel to general internet WAN IP.

One connects but the other doesn't. If I make both tunnels the same IP then both connects.

Hope this helps in troubleshooting the latest version bug.

Regards
 
MikeeHun
just joined
Posts: 1
Joined: Thu Jun 11, 2020 2:38 pm

Re: v6.47 [stable] is released!

Thu Jun 11, 2020 7:55 pm

SMB is not working for me, log says
"
... dialect: SMB 2.002
session setup GSS error: 0x90000
"
On 6.47beta53 it works fine.
Same for me aswell
 
User avatar
Davis
Member Candidate
Member Candidate
Posts: 118
Joined: Mon Aug 01, 2011 12:27 pm
Location: Latvia, Riga
Contact:

Re: v6.47 [stable] is released!

Fri Jun 12, 2020 2:23 am

It would be nice when it first checked for exact matches of static records before it tried the regexp.
Exactly what I described above with my issue. So +1!
I totally agree. Each name entry can match only one name, each regexp entry can match multiple names.
If something (a name entry) matches a single name, then there is no point of having it overridden by something else (a regexp entry) - currently if a name entry is overridden by a broader regexp entry then the name entry only participates in reverse lookup and has absolutely no effect on forward lookup.
I think it would allow much more flexibility (and ensure that reverse lookup returns names that actually point back to the IP addresses) if name entries would have priority over regexp entries.
 
User avatar
sirbryan
Member
Member
Posts: 400
Joined: Fri May 29, 2020 6:40 pm
Location: Utah
Contact:

Re: 60GHz radios no likey (Re: v6.47 [stable] is released!)

Fri Jun 12, 2020 4:22 am

Quick warning before putting 6.47 on 60GHz radios!

I loaded 6.47 on my 60GHz gear (wap60g, LHG, Cube's) and, with frequency 58320 (and region USA) selected, the links began to bounce all over the place.
We are seeing the same issue and rolling back all our 6.47 deployments. We did about 100 antennas as a test, and it not good. There is an issue with the phased array algorithm, perhaps? It doesn't know when it is locked in.
Further testing shows reconnects are also a problem on 58320 on 6.46.6, just not as bad. As for 6.47, the problem only shows up if the AP's are upgraded. Clients still on 6.47 are actually working just fine now with 6.46.6 AP's.
 
rajo
newbie
Posts: 45
Joined: Tue Aug 16, 2011 11:12 pm

Re: v6.47 [stable] is released!

Fri Jun 12, 2020 6:21 am

I'm also experiencing this issue and found that it happens when a client connects to an l2tp server that has multiple WAN IP's.
This is not the case for me. Both my L2TP server and the clients, that cannot connect, have only one WAN IP. The L2TP server is on Google cloud and most of the L2TP clients are on 3G/LTE.
 
karnauskas
just joined
Posts: 7
Joined: Sat Aug 05, 2017 12:47 am

Re: v6.47 [stable] is released!

Fri Jun 12, 2020 7:59 am

I noticed issues with Windows 10 clients – dhcp server is not giving any lease to Windows 10 machines. Same machine (same mac address) with different OS - dhcp lease is given. Can't see any errors on Mikrotik log.
 
MIBO
just joined
Posts: 1
Joined: Fri Jun 12, 2020 10:00 am

Re: v6.47 [stable] is released!

Fri Jun 12, 2020 11:05 am

SMB server stooped working after upgrade to 6.47.
memory smb,info closing connection with (ip address)
 
gstitt
just joined
Posts: 5
Joined: Sat Sep 24, 2016 10:49 pm

Re: v6.47 [stable] is released!

Fri Jun 12, 2020 1:52 pm

All routers I upgraded to 6.47 (hapac*,wap60g*, ccr, crs*, rb2011, hex*, hexs*, hexlite*, etc.) the dynamic BPG-signalled VPLS interfaces were not added to any of the bridges specified in their configuration. Every single one had the same issue - they were all missing. As I couldn't downgrade to 6.46.x I loaded the long-term build on all my routers and the issue was resolved. I will try to dig up a supout file, but because my entire network was crippled, I had to reload the long-term builds quickly so I may not find one. That being said, since all of them had the same issue I am thinking it may be easy to replicate in your labs.
 
lesovich
just joined
Posts: 1
Joined: Thu Apr 12, 2018 3:41 pm

Re: v6.47 [stable] is released!

Fri Jun 12, 2020 1:54 pm

after the upgrade, two failure of web-proxy, stops responding to users helps to restart the the service web-proxy, at 6.46 this was not a problem
 
ferynov
just joined
Posts: 1
Joined: Sat Jun 13, 2020 8:54 am

Re: v6.47 [stable] is released!

Sat Jun 13, 2020 9:05 am

I have problem on DHCP Client still searching while upgrade to this version. on version before not happen.
i try on Omnitik and RB450G

Image
 
deemon
just joined
Posts: 14
Joined: Tue Oct 21, 2014 8:53 am

Re: v6.47 [stable] is released!

Sun Jun 14, 2020 2:30 am

This is all you need:
/tool fetch url=https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
/certificate import file-name=DigiCertGlobalRootCA.crt.pem passphrase=""
/ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
even wiser is to use https://1.1.1.2/dns-query for included free malware site blocking
https://developers.cloudflare.com/1.1.1 ... -families/

Now only if Mikrotik could themselves add a pi-hole package to their RouterOS included packages to work together with DoH :P
With included web GUI !!!
 
User avatar
hsd75
just joined
Posts: 16
Joined: Sun Jul 29, 2018 11:54 pm

Re: v6.47 [stable] is released!

Sun Jun 14, 2020 10:32 am

On my hAP ac I have a major issue with 6.47. I had to rollback to 6.46.6.
On 6.47, my SFP module is no longer detected. It is a module ONT SERCOMM FGS202.
It's my first regression whith Mikrotik :-)
Same issue with CRS125-24G-1S-RM. ROS 6.47, SFP ONU GePON is not detected any more. Rollback to 6.46.6 solved situation.
It begins well, the Mikrotik support asked me to check the hardware ... :-(
I also tried 6.47rc2 and 7beta8 and it's the same thing with the SFP module.
Sentenced to stay in 6.46.6?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Sun Jun 14, 2020 11:43 am

Now only if Mikrotik could themselves add a pi-hole package to their RouterOS included packages to work together with DoH :P
I have suggested several times that MikroTik should add a capability to run user code in a "sandbox" (separate user, chrooted filesystem, etc) to allow users to add features they think are essential but are too much work / too little reward for MikroTik to add to RouterOS itself.
It would be a lightweight variant of MetaROUTER which is full virtualisation, this would just be a process which could e.g. run a DNS resolver like pi-hole.

However, there has never been a response (neither positive nor negative) on that.
 
alex_rhys-hurn
Member
Member
Posts: 353
Joined: Mon Jun 05, 2006 8:26 pm
Location: Kenya
Contact:

Re: v6.47 [stable] is released!

Sun Jun 14, 2020 4:15 pm

To clarify, things that will trigger this include: enable/disable a bgp peer. Refresh a peer, resend routes, adjust a route filter, or make a new route filter, or drag and drop a route filter. Simply clicking enable on an already enabled route filter will do it too. Also a large number of route changes triggered by the remote peer will also cause it.

You can reconnect, and it will disconnect again IMMEDIATELY.
I can expand further on this. In 6.46.6 when you open BGP Advertisements page in winbox, and you have many routes, the Winbox does not allow you to view all of them and instead gives a filter, and a warning about clicking a link to view all routes.

In 6.47 This does not happen, and instead it attempts to load all the routes in the advertisements page, with the result that you are disconnected immediately by winbox.

When you reconnect, winbox remembers the Advertisements page, so you are disconnected again.

To recover from this you must be ready to click another tab in the BGP page. Then you can continue to use winbox.

As mentioned, none of these issues existed in 6.46.6, this happens only in 6.47.

Alex
 
sharkhreen
just joined
Posts: 1
Joined: Mon Jun 15, 2020 1:20 am

Re: v6.47 [stable] is released!

Mon Jun 15, 2020 1:49 am

after updating to v6.47, smb doesn't work. Any solution? I even reset the basic settings and re-enabled the smb server and still can't connect to it.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v6.47 [stable] is released!

Mon Jun 15, 2020 9:45 am

SMB not working is a known issue. The next 6.48beta will fix it, when it is released.
 
Pomo
just joined
Posts: 14
Joined: Sat Feb 06, 2016 10:09 pm

Re: v6.47 [stable] is released!

Mon Jun 15, 2020 9:48 am

bpwl,krafg - The antenna gain setting is not available there anymore for the routers that have a built-in antenna.

Poorly decided and implemented.
You have discriminated routers that have to weak antenna to begin with, case in point HAP AC2 vs HAP AC3 or Audience.
So if your signal with HAP ac2 is to weak, well, buy another router. With no significant upgrade except antenna.
Secondly, I cannot now switch to regulatory domain country setting. Which is simply ridiculous.
I suppose solution is to default my wireless interface.
Yay
You do not have the required permissions to view the files attached to this post.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v6.47 [stable] is released!

Mon Jun 15, 2020 9:50 am

Antenna gain should not be changed, especially for devices with built-in antennas. What were you trying to achieve anyway?
If your signal is too weak, fix position or alignment. Playing with antenna gain is not the right way and can be illegal.
 
Pomo
just joined
Posts: 14
Joined: Sat Feb 06, 2016 10:09 pm

Re: v6.47 [stable] is released!

Mon Jun 15, 2020 10:25 am

Antenna gain should not be changed, especially for devices with built-in antennas. What were you trying to achieve anyway?
If your signal is too weak, fix position or alignment. Playing with antenna gain is not the right way and can be illegal.
I am fully aware of antenna gain setting that can be illegal.
So, I fixed position and alignment.
Can antenna gain be illegal for routers that have detachable antennas?
I am sorry, but I do not understand why routers with built in antennas are affected with this, others are not.
Please explain, what is so special about builtin antennas, that they have to have this limit.
One of the best features of Mikrotik products was SAME options on all products, hardware limitations aside.
And that does not answer my question regarding that it is not possible anymore to change my setting to regulatory one, after the upgrade.
Which I would consider a software bug.
If it is not clear from picture, I cannot anymore set regulatory domain, and coutry, as if antenna gain 0 is now hard coded.
And it is supposed to be set to 2 for my country.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v6.47 [stable] is released!

Mon Jun 15, 2020 10:57 am

Antenna gain is a physical parameter of the antenna. Like my height is 183CM. I can't change it, so just in the same way - routers with built-in antenna can't change the gain. It is what it is.

For detachable antenna RouterOS doesn't know the gain, so you read it from the datasheet and enter into the settings manually.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Mon Jun 15, 2020 11:03 am

Antenna gain should not be changed, especially for devices with built-in antennas. What were you trying to achieve anyway?
If your signal is too weak, fix position or alignment. Playing with antenna gain is not the right way and can be illegal.
I am fully aware of antenna gain setting that can be illegal.
So, I fixed position and alignment.
Can antenna gain be illegal for routers that have detachable antennas?
I am sorry, but I do not understand why routers with built in antennas are affected with this, others are not.
Please explain, what is so special about builtin antennas, that they have to have this limit.
With a built-in antenna the antenna gain supposedly has been measured and there should be no reason to set it.
With an external antenna, the unit has no way of knowing the antenna gain and it is the responsibility of the installer to set the correct value.
(and MikroTik can claim that it is not within their influence that the installer has set a lower value than it really is)
You should understand that manufacturers are under constant threat of revocation of license to sell their equipment when they clearly do not care about the licensed EIRP limits and their users regularly set much higher values.
Different manufacturers have different takes on this, varying from "not possible at all to exceed EIRP limits" to "easily circumvented via a checkmark with text that it is your own responsibility" or "only possible to change it using (undocumented) commands in CLI where users normally use GUI".
Usually we see the thing becoming more and more restrictive in subsequent versions of the software, for all manufacturers.
The same is true for DFS enable/disable settings and the behaviour of DFS in the software.

However, it would be nice when MikroTik added a new setting (like a slider in the GUI or a number that has to be between two limits) to allow, with a correctly set antenna gain, the EIRP to be varied between the minimum supported by the hardware and the maximum allowed by the local regulations.
Other manufacturers have that as well. Plus, there should be an "auto" setting for that which adjusts the power to obtain a certain BER or remote SNR.
(called TPC, transmitter power control, in the regulations)
 
Pomo
just joined
Posts: 14
Joined: Sat Feb 06, 2016 10:09 pm

Re: v6.47 [stable] is released!

Mon Jun 15, 2020 11:35 am

And still no answer to other question.
How to change now to regulatory setting?
Also, I see no mention of this in release changelog.
EDIT: it is in changelog, my error
 
User avatar
frank333
Member
Member
Posts: 333
Joined: Mon Dec 18, 2017 12:17 pm
Location: S.Marino Router model: RB3011UiAS-RM+RBM11G

Re: v6.47 [stable] is released!

Tue Jun 16, 2020 12:14 am

on RB3011 with v 6.47 I can't see the memory and CPU graphs anymore, does anyone know how to solve it?
 
kai
newbie
Posts: 38
Joined: Thu Aug 24, 2017 1:15 pm

Re: v6.47 [stable] is released!

Tue Jun 16, 2020 3:37 am

So I followed the instructions from: https://wiki.mikrotik.com/wiki/IKEv2_EA ... d_RouterOS

I found that while the tunnel gets created successfully, no traffic gets routed down the tunnel or through the designated WAN port either. In fact, you cannot use the internet at all until you kill the tunnel.

This works fine in 6.46.6 (after downgrading). Using a RB1100AHx4.

I have emailed in the supout.rif files.
 
abiv
just joined
Posts: 24
Joined: Sat Nov 23, 2019 4:51 am

Re: v6.47 [stable] is released!

Tue Jun 16, 2020 6:09 am

How do I lower transmit power without antenna gain?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: v6.47 [stable] is released!

Tue Jun 16, 2020 8:05 am

using tx power mode "card rates" and "tx power" value
 
Kampfwurst
Member Candidate
Member Candidate
Posts: 113
Joined: Mon Mar 24, 2014 2:53 pm

Re: v6.47 [stable] is released!

Tue Jun 16, 2020 9:27 am

any news about the NAND writes? Is there a fix?
 
User avatar
Paternot
Forum Guru
Forum Guru
Posts: 1058
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: v6.47 [stable] is released!

Tue Jun 16, 2020 6:50 pm

using tx power mode "card rates" and "tx power" value
The manual page (https://wiki.mikrotik.com/wiki/Manual:I ... e/Wireless) says:

"card-rates - use transmit power as defined by tx-power setting "

BUT:
1) Is it the power used by the card amplifier, without counting the antenna gain? Or
2) Is it the radiated power, after counting the antenna gain?

Finally:
How do I know what is the default value for tx-power, and how do I know what is it's limit?
 
User avatar
baks
just joined
Posts: 17
Joined: Fri Jul 19, 2013 9:05 pm
Location: Ukraine

Re: v6.47 [stable] is released!

Tue Jun 16, 2020 6:53 pm

On my hAP ac I have a major issue with 6.47. I had to rollback to 6.46.6.
On 6.47, my SFP module is no longer detected. It is a module ONT SERCOMM FGS202.
It's my first regression whith Mikrotik :-)
Same issue with CRS125-24G-1S-RM. ROS 6.47, SFP ONU GePON is not detected any more. Rollback to 6.46.6 solved situation.
It begins well, the Mikrotik support asked me to check the hardware ... :-(
I also tried 6.47rc2 and 7beta8 and it's the same thing with the SFP module.
Sentenced to stay in 6.46.6?
Hope they will react adequately to this issue at some point ;).
Indeed this issue is painfull, as there are too small amount of compatible GePON modules available on the market(and no one from Mikrotik :(), so it is not easy/possible to find new or update current ones to support v.6.47.
@Mikrotik please take this into account.

My guess it that regression is connected to:
*) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default;
*) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;

Where they definitely touch the SFP hw related code.

Have you submitted suppout with the SFP module inserted into 6.46.6 / 6.47rc2 / 7beta8 to the ticket? Please post ticket number here, I will also submit mine.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 3124
Joined: Mon Apr 08, 2019 1:16 am

Re: v6.47 [stable] is released!

Tue Jun 16, 2020 8:58 pm

using tx power mode "card rates" and "tx power" value
This is becoming a bad joke. Normis what was the last release you have worked with a Mikrotik with built-in antenna? " Card rates" cannot be set with regulatory domain !!! (It can actually mostly never be set)

On neither 2.4 GHz or 5 GHz
Klembord-2.jpg
Klembord-3.jpg
Tested on hAP ac2 and wAP ac, not uncommon devices.

"Card rates" do not work since a long time, you probably just confused it with the "all rates fixed", what is is more difficult to keep in legal limits as the higher MCSes have higher frequency side-lobes and must be set lower to be legal. (That was the reason for the gone "card rates"). Who will use that lower value as fixed rate?

The only thing that works now is this, and that is NOT, absolutely NOT, what we want or need.
Klembord-4.jpg
Klembord-5.jpg
Your limit check on the minimal gain for built in antenna is strict enough, and is almost everywhere (except for LGH, where it makes a major difference)

What we want is this, not in % please, but in total dBm (Like the empty "Current TX power" would be if not empty.)

Dynamic power is just another beauty , but hey with this it will do:

(The % is not linear, but highly related to dBm, but they better gave exact dB's instead)
Klembord-6.jpg
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Wed Jun 17, 2020 9:39 am

When tracing IPv6 packets using the packet sniffer and displaying the packet list (in winbox 3.21), all lines have only :: as the source and destination address.
The IP protocol field is blank.
When I double-click on a line in the list to display the packet detail, the addresses are shown OK in the detail and then they also appear on that line in the list, and so does the IP protocol (e.g. 58 for ICMPv6).
 
bda
Member Candidate
Member Candidate
Posts: 189
Joined: Fri Sep 03, 2010 11:07 am

Re: v6.47 [stable] is released!

Wed Jun 17, 2020 12:46 pm

using tx power mode "card rates" and "tx power" value
This is becoming a bad joke. Normis what was the last release you have worked with a Mikrotik with built-in antenna? " Card rates" cannot be set with regulatory domain !!! (It can actually mostly never be set)

On neither 2.4 GHz or 5 GHz
Klembord-2.jpg

Klembord-3.jpg

Tested on hAP ac2 and wAP ac, not uncommon devices.

"Card rates" do not work since a long time, you probably just confused it with the "all rates fixed", what is is more difficult to keep in legal limits as the higher MCSes have higher frequency side-lobes and must be set lower to be legal. (That was the reason for the gone "card rates"). Who will use that lower value as fixed rate?

The only thing that works now is this, and that is NOT, absolutely NOT, what we want or need.

Klembord-4.jpg
Klembord-5.jpg

Your limit check on the minimal gain for built in antenna is strict enough, and is almost everywhere (except for LGH, where it makes a major difference)

What we want is this, not in % please, but in total dBm (Like the empty "Current TX power" would be if not empty.)

Dynamic power is just another beauty , but hey with this it will do:

(The % is not linear, but highly related to dBm, but they better gave exact dB's instead)
Klembord-6.jpg
wow! True. Tested on hAPac2...
 
uCZBpmK6pwoZg7LR
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Mon Jun 15, 2015 12:23 pm

Re: v6.47 [stable] is released!

Wed Jun 17, 2020 3:34 pm

What is default antenna-gain for wap ac and cap ac ? Because i cannot set even regulatory domain on my routers.
In documentation written 0 is default but if i set 0 then it is not possible to set regulatory domain.
 
User avatar
xvo
Forum Guru
Forum Guru
Posts: 1237
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: v6.47 [stable] is released!

Wed Jun 17, 2020 3:59 pm

What is default antenna-gain for wap ac and cap ac ? Because i cannot set even regulatory domain on my routers.
In documentation written 0 is default but if i set 0 then it is not possible to set regulatory domain.
2 on wAP ac on both radios.
 
Pea
Member Candidate
Member Candidate
Posts: 234
Joined: Fri Jul 17, 2015 11:07 pm
Location: Czech

Re: v6.47 [stable] is released!

Wed Jun 17, 2020 4:15 pm

What is default antenna-gain for wap ac and cap ac ? Because i cannot set even regulatory domain on my routers.
In documentation written 0 is default but if i set 0 then it is not possible to set regulatory domain.
https://mikrotik.com/product/RBwAPG-5HacT2HnD
https://mikrotik.com/product/cap_ac
and search for "Antenna gain dBi for 2.4 GHz" and "Antenna gain dBi for 5 GHz"
 
telepro
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Sun Apr 03, 2011 7:50 pm

Re: v6.47 [stable] is released!

Wed Jun 17, 2020 8:10 pm

On RB951G-2HnD running V6.47, unable to successfully load a metarouter image.

Entered command response is as follows:
[admin@FasSat V3.05.03.U016] > /metarouter import-image file-name=openwrt-mr-mips-rootfs.v1.22.01.20200413.tar.gz
import failed: file in archive goes out of root directory: ./FasSat/
[admin@FasSat V3.05.03.U016] >

We are unable to load a metarouter image to ROS 6.47. This metarouter feature has worked successfully in ROS version 6.45.8 and prior.
 
User avatar
nachopro
just joined
Posts: 21
Joined: Tue May 26, 2020 11:38 pm

Re: v6.47 [stable] is released!

Thu Jun 18, 2020 7:41 am

My issue is related with DHCP Client. I have Clients on my two WANs. When some WAN go down (fiber lost, powerdown or disconnect) the status continues as "bound" and my scripts don't run.

I did back to 6.46.6 and it works again.

Image
Last edited by nachopro on Thu Jun 18, 2020 10:43 am, edited 1 time in total.
 
radionerd
just joined
Posts: 6
Joined: Sun Feb 24, 2019 2:46 am

Re: v6.47 [stable] is released!

Thu Jun 18, 2020 8:07 am

I run IPSEC Lost connection after 6.47. Peer: was empty on boot, Peer was on line 2, put Peer in top, ^ other field, reboot, it moves down to second line. Peer Blank. Can't figure out fix.,
Image

Also terminal report this error: jun/17/2020 21:20:36 system,error,critical,,, error while running customized default configuration script: no such item
Edit: Found post to clear Error customized. Change interface name of WiFi to default "wlan1", reboot. error cleared. OK to change name back to custom.
 
ludvik
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Mon May 26, 2008 4:36 pm

Re: v6.47 [stable] is released!

Thu Jun 18, 2020 4:12 pm

/tool snmp-get not working!

/tool snmp-get 10.1.57.117 oid=.1.3.6.1.4.1.41112.1.5.1.1.0 community=public
error - contact MikroTik support and send a supout file (3)

Same error in version 6.46.6 and >=6.45.7!

For example, version 6.45.6
/tool snmp-get 10.1.57.117 oid=.1.3.6.1.4.1.41112.1.5.1.1.0 community=public
OID TYPE VALUE
1.3.6.1.4.1.41112.1.5.1.1.0 octet-string EP-54V-72W

support #[SUP-8826] from february 2020.
Last edited by ludvik on Fri Jun 19, 2020 12:24 pm, edited 3 times in total.
 
uCZBpmK6pwoZg7LR
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Mon Jun 15, 2015 12:23 pm

Re: v6.47 [stable] is released!

Thu Jun 18, 2020 4:33 pm

Hi, Where the truth ?
Capsman show 30dbm on 5g. Same interface on AP wap ac which connected to capsman show 19dbm and antenna-gain on same ap 2dbm.
You do not have the required permissions to view the files attached to this post.
 
Longos
just joined
Posts: 1
Joined: Sat Jun 20, 2020 1:41 pm

Re: v6.47 [stable] is released!

Sat Jun 20, 2020 1:51 pm

Hello !

Unfortunately, the problem known from old versions of RouterOS has returned. TL-WR841 cannot get IP from Mikrotik DHCP (still get defconf offering lease without success). Downgrade to 6.46.6 and everything is back to normal.

viewtopic.php?t=119702

Problematic configuration:
TL-WR841 <-- WDS Client to MT --> hAP ac^2
 
abiv
just joined
Posts: 24
Joined: Sat Nov 23, 2019 4:51 am

Re: v6.47 [stable] is released!

Sun Jun 21, 2020 3:14 am

With the inability to lower transmit power with the new versions, looks like it's time to look at other vendors.
 
thedix
just joined
Posts: 9
Joined: Sun Apr 26, 2015 12:35 pm

Re: v6.47 [stable] is released!

Sun Jun 21, 2020 5:49 pm

With the inability to lower transmit power with the new versions, looks like it's time to look at other vendors.
Agree. Even low-end vendors have ability to lower tx power in a simple way.

Dear Mikrotik, what is official way to reduce TX power for HAP AC^2 with 6.47?
Mode "card-rates" does not work, "not supported".
Mode "all-rated-fixed"? Seems it is not safe since manual says "Can damage the card if transmit power is set above rated value of the card for used rate".
Mode "manual-table"? I'm not sure I want to set up TX power for every MCS explicitly.
I'd like to specify precise dBm or percent of maximum dBm.
Antenna gain was a workaround to do this, but now it is not possible.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Sun Jun 21, 2020 8:25 pm

Mode "all-rated-fixed"? Seems it is not safe since manual says "Can damage the card if transmit power is set above rated value of the card for used rate".
Mode "manual-table"? I'm not sure I want to set up TX power for every MCS explicitly.
I think you need to look first what powers it uses for the different MCS when set at the maximum allowed power (the automatically calculated values),
and them use all-rates-fixed but with only values less than the maximum value you see in that list.
I set a hAP mini to low power (0 dBm) using this method and it appears to work. I.e. it shows 0 in the resulting active power table and +3 for both
tx chains combined (although I never see it use both tx chains).
 
thedix
just joined
Posts: 9
Joined: Sun Apr 26, 2015 12:35 pm

Re: v6.47 [stable] is released!

Mon Jun 22, 2020 11:11 am

I think you need to look first what powers it uses for the different MCS when set at the maximum allowed power (the automatically calculated values),
and them use all-rates-fixed but with only values less than the maximum value you see in that list.
Thanks for suggestion, but HAP AC^2 always shows current TX power as zeros for 2.4 GHz. And 5 GHz interface shows nothing.
Here is wlan1:
Image
 
richm
just joined
Posts: 1
Joined: Wed Feb 05, 2020 8:38 pm

Re: v6.47 [stable] is released!

Mon Jun 22, 2020 11:31 am

I also seem to be having intermittent problems with clients getting addresses via DHCP on 6.47.
Rebooting the router resolves the issue temporarily.
 
User avatar
AlainCasault
Trainer
Trainer
Posts: 632
Joined: Fri Apr 30, 2010 3:25 pm
Location: Prévost, QC, Canada
Contact:

Re: v6.47 [stable] is released!

Mon Jun 22, 2020 2:20 pm

With the inability to lower transmit power with the new versions, looks like it's time to look at other vendors.
Agree. Even low-end vendors have ability to lower tx power in a simple way.

Dear Mikrotik, what is official way to reduce TX power for HAP AC^2 with 6.47?
Mode "card-rates" does not work, "not supported".
Mode "all-rated-fixed"? Seems it is not safe since manual says "Can damage the card if transmit power is set above rated value of the card for used rate".
Mode "manual-table"? I'm not sure I want to set up TX power for every MCS explicitly.
I'd like to specify precise dBm or percent of maximum dBm.
Antenna gain was a workaround to do this, but now it is not possible.

Hello
+1
Antenna-gain was indeed a simple way to safely and simply "fool" a router into reducing its power output, regardless of model.

Cheers,
AC
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Mon Jun 22, 2020 4:50 pm

I think you need to look first what powers it uses for the different MCS when set at the maximum allowed power (the automatically calculated values),
and them use all-rates-fixed but with only values less than the maximum value you see in that list.
Thanks for suggestion, but HAP AC^2 always shows current TX power as zeros for 2.4 GHz. And 5 GHz interface shows nothing.
I tried with a hAP AC and this shows the correct values for 2.4 GHz but indeed for 5 GHz it shows nothing.
So there clearly is a bug here. I don't know if it is new for 6.47 as I have not checked this in 6.46.x before and I am not going to downgrade for this.
 
User avatar
xvo
Forum Guru
Forum Guru
Posts: 1237
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: v6.47 [stable] is released!

Mon Jun 22, 2020 6:00 pm

On wAP AC it always worked ok for 2.4, but never for 5, so I never thought about it being a bug, but rather some hardware limitation or unimplemented feature.
Same as for spectral-scan.
 
td32
Member Candidate
Member Candidate
Posts: 112
Joined: Fri Nov 18, 2016 5:55 am

Re: v6.47 [stable] is released!

Mon Jun 22, 2020 6:36 pm


but indeed for 5 GHz it shows nothing.
i don't remember any ros version to ever show anything under 5 GHz
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Mon Jun 22, 2020 7:05 pm


but indeed for 5 GHz it shows nothing.
i don't remember any ros version to ever show anything under 5 GHz
Well, for those 2-band models maybe. For 5 GHz-only models (LHG5 etc) it works OK.
Maybe the software cannot deal with current TX power values for more than one wlan interface?
 
User avatar
DimaFIX
just joined
Posts: 12
Joined: Wed Apr 18, 2018 7:46 pm
Location: Ukraine

Re: v6.47 [stable] is released!

Mon Jun 22, 2020 8:51 pm

For 5 GHz-only models (LHG5 etc) it works OK.
I think the problem is in arm chips.
LHG5 uses MIPS architecture.
Now (and possibly always) ROS does not have support for some wireless configurations.
 
td32
Member Candidate
Member Candidate
Posts: 112
Joined: Fri Nov 18, 2016 5:55 am

Re: v6.47 [stable] is released!

Mon Jun 22, 2020 9:59 pm

For 5 GHz-only models (LHG5 etc) it works OK.
I think the problem is in arm chips.
LHG5 uses MIPS architecture.
Now (and possibly always) ROS does not have support for some wireless configurations.
hap ac is mips also
 
yoq
just joined
Posts: 2
Joined: Wed May 02, 2018 3:46 pm

Re: v6.47 [stable] is released!

Mon Jun 22, 2020 10:43 pm

@normis: is the higher rate of sector writes ok?
With 6.47, I got the same number of writes in the last 10 days, as in the past 2 years with previous firmware:
Image
 
Micropower
newbie
Posts: 29
Joined: Fri Jan 06, 2017 11:57 pm

Re: v6.47 [stable] is released!

Tue Jun 23, 2020 6:12 am

Forced to downgrade AP's to 6.46 ... confused on ways to reduce radio power (20ce) Interference from NV2 caused other radio-controlled heavy equipment (cranes) to malfunction.
downgrade to 6.46 says testing. need clarity on actual ERP for NV2.
 
kowal
newbie
Posts: 31
Joined: Sun Jul 06, 2014 2:23 am

Re: v6.47 [stable] is released!

Tue Jun 23, 2020 1:26 pm

NetPower 16P, upgraded to v6.47.

In switch menu, switch type is shown as "unknown".
Also is impossible to activate bridge hw-offload in any scenario, with or without VLANs, it always uses CPU.

Installed version 6.45.9 and hw-offloading works, also in switch menu switch type is shown correctly (Marvell).

I've found another topic related to this version -> viewtopic.php?f=3&t=162406&p=800498&hil ... er#p800498

P.S.

Please put on website block diagram of NetPower 16P and new SwOS version :)
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 927
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v6.47 [stable] is released!

Tue Jun 23, 2020 3:16 pm

With this stable v6.47 release on my CCR1009

via CLI if I issue the following directive
/ip firewall filter remove [find where comment="testing"]
the directive completes without error but the rule is not removed
Why?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Tue Jun 23, 2020 4:21 pm

With this stable v6.47 release on my CCR1009

via CLI if I issue the following directive
/ip firewall filter remove [find where comment="testing"]
the directive completes without error but the rule is not removed
Why?
Does it work when you split it over two lines:
/ip firewall filter
remove [find where comment="testing"]
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: v6.47 [stable] is released!

Tue Jun 23, 2020 4:27 pm

Please give
/ip firewall filter export
so we can have a look.

There's no (new) breakage in scripting I know of.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: v6.47 [stable] is released!

Tue Jun 23, 2020 4:33 pm

With this stable v6.47 release on my CCR1009

via CLI if I issue the following directive
/ip firewall filter remove [find where comment="testing"]
the directive completes without error but the rule is not removed
Why?

It means that the find did not find a match.

Make sure case is correct if text, also, might be other characters in the comment string, so maybe also try "like ~" instead of "equal ="
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 927
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v6.47 [stable] is released!

Tue Jun 23, 2020 4:41 pm

Does it work when you split it over two lines:
/ip firewall filter
remove [find where comment="testing"]
Nope does not work

remove works if I
/ip firewall filter remove number=number
@CZFan
Yes I did try with comment~"testing"
did not work.
 
techlord
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Mon Nov 18, 2019 4:33 pm

Re: v6.47 [stable] is released!

Tue Jun 23, 2020 4:53 pm

Update worked ok for me on HAP AC Lite. The only issue I see is large number of writes to the the flash:

Sector Writes Since Reboot 7 510
Total Sector Writes 13 786

It has written in the last days more than its entire lifetime (roughly 2 months).
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 927
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: v6.47 [stable] is released!

Tue Jun 23, 2020 5:06 pm

Make sure case is correct if text, also, might be other characters in the comment string, so maybe also try "like ~" instead of "equal ="
Another Test
so the following did work:when I added a blank space preceding the word testing
/ip firewall filter remove [find comment~" testing"]
 
conextelecom
just joined
Posts: 4
Joined: Tue Jun 23, 2020 5:53 pm

Re: v6.47 [stable] is released!

Tue Jun 23, 2020 5:57 pm

Hello, we observed that in the ccr and rbs used as pppoe concentrators there were reports of slow navigation - version 6.47. A rb1100 normalized when placing an earlier version
 
User avatar
grusu
Member Candidate
Member Candidate
Posts: 140
Joined: Tue Aug 13, 2013 7:35 am
Location: Bucharest, Romania

Re: v6.47 [stable] is released!

Tue Jun 23, 2020 6:03 pm

Hello, we observed that in the ccr and rbs used as pppoe concentrators there were reports of slow navigation - version 6.47. A rb1100 normalized when placing an earlier version
Foarte interesant ce ai descoperit. Ai testat pe echipamentele tale sau informația ai luat-o din internet?

Te rog să scrii în limba engleza. Dacă toți scriem aici în limba natală, nu o să ne putem înțelege între noi.

In the meantime, you translated into English. :D
 
conextelecom
just joined
Posts: 4
Joined: Tue Jun 23, 2020 5:53 pm

Re: v6.47 [stable] is released!

Tue Jun 23, 2020 9:16 pm

We found it in use in our network, this flaw is found 100%, corrected only with the roterno for a previous version.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1390
Joined: Tue Jun 23, 2015 2:35 pm

Re: v6.47 [stable] is released!

Wed Jun 24, 2020 12:43 am

*) ipsec - allow specifying two peers for a single policy for failover;
Oh wow, that's a killer feature I've been waiting for years!
give us more info about that
 
cigamit
just joined
Posts: 9
Joined: Thu Jul 17, 2008 12:17 am

Re: v6.47 [stable] is released!

Wed Jun 24, 2020 7:05 am

Hello !

Unfortunately, the problem known from old versions of RouterOS has returned. TL-WR841 cannot get IP from Mikrotik DHCP (still get defconf offering lease without success). Downgrade to 6.46.6 and everything is back to normal.

viewtopic.php?t=119702

Problematic configuration:
TL-WR841 <-- WDS Client to MT --> hAP ac^2
I have the same issue with a slightly different configuration (utilizing capsman). Also I notice that ARP entries no longer time out, which may be part of the issue?, even if you set a 5s timeout on the bridge. Do an IPScan of the subnet, and the blank entries just stay there forever. Also seeing some weirdness with the ARP entries themselves, instead of pointing to the actual devices, they are pointing another client I have bridging the connection, even when they aren't on that side of the bridge.

Downgrading everything to 6.46.6 fixes the issues.
 
erchegov
just joined
Posts: 4
Joined: Wed Jun 24, 2020 11:59 am

Re: v6.47 [stable] is released!

Wed Jun 24, 2020 12:07 pm

Anyone else with a large number (over 130) of L2TP clients (only L2TP i.e. not L2TP/IPSec) notice that with 6.47, only a fraction (about 30 to 40) are able to connect to the router? I had to revert to 6.46.x to get my tunnels connected again.
I have the same problem 6.46.6 all 96 clients connect, after update 6.47 only 25-30 can connect at the same time, nothing suspicious in the logs. After downgrade to 6.46.6 all Clients are connectet

I'm also experiencing this issue and found that it happens when a client connects to an l2tp server that has multiple WAN IP's.

Scenario:
L2TP client has two tunnels, first tunnel connects to my server dedicated l2tp WAN IP, second tunnel to general internet WAN IP.

One connects but the other doesn't. If I make both tunnels the same IP then both connects.

Hope this helps in troubleshooting the latest version bug.

Regards
After update 6.47 we faced with issue that two clients (L2TP/IPsec) with one ip address can't work fine, only one of them may to connect, another one get an error. On 6.46.6 we haven't this behaviour. It seems like NAT Traversal is broken. Did anyone else face with this?
 
uncleVALERA
just joined
Posts: 5
Joined: Fri Jan 07, 2011 10:31 pm

Re: v6.47 [stable] is released!

Wed Jun 24, 2020 2:44 pm

Anyone else with a large number (over 130) of L2TP clients (only L2TP i.e. not L2TP/IPSec) notice that with 6.47, only a fraction (about 30 to 40) are able to connect to the router? I had to revert to 6.46.x to get my tunnels connected again.
I have the same problem 6.46.6 all 96 clients connect, after update 6.47 only 25-30 can connect at the same time, nothing suspicious in the logs. After downgrade to 6.46.6 all Clients are connectet

I'm also experiencing this issue and found that it happens when a client connects to an l2tp server that has multiple WAN IP's.

Scenario:
L2TP client has two tunnels, first tunnel connects to my server dedicated l2tp WAN IP, second tunnel to general internet WAN IP.

One connects but the other doesn't. If I make both tunnels the same IP then both connects.

Hope this helps in troubleshooting the latest version bug.

Regards
After update 6.47 we faced with issue that two clients (L2TP/IPsec) with one ip address can't work fine, only one of they may to connect, another one get an error. On 6.46.6 we haven't this behaviour. It seems like NAT Traversal is broken. Did anyone else face with this?
Hello, erchegov!

Yes, i observed same issue.
Unfortunately only downgrade fixed it.

@normis can you fix it in the next release?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Wed Jun 24, 2020 4:16 pm

After update 6.47 we faced with issue that two clients (L2TP/IPsec) with one ip address can't work fine, only one of them may to connect, another one get an error. On 6.46.6 we haven't this behaviour. It seems like NAT Traversal is broken. Did anyone else face with this?
Please explain in detail what you mean. Where did you install the 6.47 (on the server, on the clients, or both) and who has a single IP address (the server, both the clients?).
Are the two clients two different routers behind the same NAT or are they two client L2TP instances on the same router?
Please include your client and server config export for the L2TP server/client.

Two L2TP/IPsec clients behind the same NAT has never worked correctly unless you applied a complicated workaround, so I presume you don't mean that.
 
Institor
just joined
Posts: 22
Joined: Sat Apr 29, 2017 3:28 pm

Re: v6.47 [stable] is released!

Wed Jun 24, 2020 5:40 pm

We need either antenna-gain or other simple method for lowering wifi power, it's ridiculous.
And i can't see how this option interfere with regulations. Simply forbid "criminal" settings (i.e. antenna-gain < actual build-in antenna gain) - problem solved!
Also we need much more stable releases in "stable" channel...
 
erchegov
just joined
Posts: 4
Joined: Wed Jun 24, 2020 11:59 am

Re: v6.47 [stable] is released!

Wed Jun 24, 2020 6:05 pm

After update 6.47 we faced with issue that two clients (L2TP/IPsec) with one ip address can't work fine, only one of them may to connect, another one get an error. On 6.46.6 we haven't this behaviour. It seems like NAT Traversal is broken. Did anyone else face with this?
Please explain in detail what you mean. Where did you install the 6.47 (on the server, on the clients, or both) and who has a single IP address (the server, both the clients?).
Are the two clients two different routers behind the same NAT or are they two client L2TP instances on the same router?
Please include your client and server config export for the L2TP server/client.

Two L2TP/IPsec clients behind the same NAT has never worked correctly unless you applied a complicated workaround, so I presume you don't mean that.
I mean that two L2TP/IPsec clients behind the same NAT don't work correctly with server on 6.47, but with server on 6.46.6 everything is fine.
I use CCR1036 as l2tp/IPsec server and before updating to 6.47 i could connect two clients from the same NAT.
I also have another one CHR with 6.46.6 as L2tp/IPsec server and haven't troubles with connecting two client from same NAT.
CCR and CHR have the same configurations of L2TP and IPsec.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Wed Jun 24, 2020 7:07 pm

I mean that two L2TP/IPsec clients behind the same NAT don't work correctly with server on 6.47, but with server on 6.46.6 everything is fine.
I use CCR1036 as l2tp/IPsec server and before updating to 6.47 i could connect two clients from the same NAT.
I also have another one CHR with 6.46.6 as L2tp/IPsec server and haven't troubles with connecting two client from same NAT.
CCR and CHR have the same configurations of L2TP and IPsec.
That is very strange. As far as I know it is not supposed to work in any version, but maybe there was a workaround in some sub-versions of 6.46
that I don't know about and which has now been removed again because it caused other problems...
I run two L2TP/IPsec servers each with a number of clients connected and I did not experience any problem with those, but they do not have
clients behind the same NAT. On one of them there is both a GRE/IPsec and a L2TP/IPsec tunnel from the same client IP, but they are to different
IPs on the server. When you have more than one IP on the server you can use that as a workaround.
(let each of the clients behind the same NAT connect to a different IP on the server)
 
netispguy
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Sun Feb 25, 2018 4:29 am

Re: v6.47 [stable] is released!

Wed Jun 24, 2020 8:14 pm

This has been a particularly difficult upgrade. I was having problems with a number of things including, but not limited to L2TP issues and sector write overload. I just don't have the time to diagnose all of the issues and spend time playing with work-arounds.

I have downgraded all of my devices (15 of them) back to 6.46.6 (including the firmware) and everything (including my users) are happy again. I will wait until the next one or two patch releases and try again. In this era of COVID, I do not have the time or can take the risk of having a broken framework. I have adapted a "if it isn't broke, don't fix it" strategy for now. That means that unless something is truly broken and will be fixed by an update, I will only update on the specific unit having the issue and not system wide. Just IMHO.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Wed Jun 24, 2020 8:27 pm

When you are that fanatic about issues and stability, you should never install a .0 version of any product.
Earlier new versions of RouterOS always had issues in the .0 release, fixed in the .1 or .2 or even later.
And testing before you do a wide deployment is just standard practice in any IT environment.
It is just a policy you need to evaluate for yourself, no need to complain or brag here.

That being said, I have not encountered any critical issues with 6.47 up to now. I do see the increased
sector writes, but I don't consider it "a problem" "I need to diagnose" and "spend time to work around".
I, and probably you as well, would not have noticed it when others were not writing about it in this topic.
And they started doing that very early after the release. So when you are so worried about it, you should
simply have read that and postponed your upgrade.
 
radionerd
just joined
Posts: 6
Joined: Sun Feb 24, 2019 2:46 am

Re: v6.47 [stable] is released!

Wed Jun 24, 2020 10:59 pm

My L2TP/IPSec clients failed after 6.47, was able to downgrade back to 6.46.6 and everything worked ok again.
Anyone else with a large number (over 130) of L2TP clients (only L2TP i.e. not L2TP/IPSec) notice that with 6.47, only a fraction (about 30 to 40) are able to connect to the router? I had to revert to 6.46.x to get my tunnels connected again.
I have the same problem 6.46.6 all 96 clients connect, after update 6.47 only 25-30 can connect at the same time, nothing suspicious in the logs. After downgrade to 6.46.6 all Clients are connectet

I'm also experiencing this issue and found that it happens when a client connects to an l2tp server that has multiple WAN IP's.

Scenario:
L2TP client has two tunnels, first tunnel connects to my server dedicated l2tp WAN IP, second tunnel to general internet WAN IP.

One connects but the other doesn't. If I make both tunnels the same IP then both connects.

Hope this helps in troubleshooting the latest version bug.

Regards
After update 6.47 we faced with issue that two clients (L2TP/IPsec) with one ip address can't work fine, only one of them may to connect, another one get an error. On 6.46.6 we haven't this behaviour. It seems like NAT Traversal is broken. Did anyone else face with this?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.47 [stable] is released!

Wed Jun 24, 2020 11:38 pm

My L2TP/IPSec clients failed after 6.47, was able to downgrade back to 6.46.6 and everything worked ok again.
I have a CCR1009 running with 20 L2TP/IPsec clients (and other things of course) and have had no issues, but I read that people with more than 30 clients have issues.
Of course I have the 6.46 version in the other partition so I can switch back without having to downgrade. That is just standard practice.
 
constructed
just joined
Posts: 1
Joined: Tue May 31, 2016 6:42 pm

Re: v6.47 [stable] is released!

Thu Jun 25, 2020 9:47 am

Greetings!

I'd like to add my few cents into a discussion about recent 6.47 update regarding DoH:
My RB941-2nD is hanging and wireless connections dropping, I'm unable to login to device via http, winbox neither with ssh, DNS resolving in wired connection stops. probably L2TP+IPsec tunnels are disconnecting, etc.
13:31:30 dns,error DoH server connection error: Idle timeout - waiting data 
13:31:30 dns,error DoH server connection error: Idle timeout - waiting data 
13:31:43 dns,error DoH server connection error: SSL: internal error (6) 
13:31:43 dns,error DoH server connection error: SSL: internal error (6) 
13:31:45 dns,error DoH server connection error: SSL: internal error (6) 
13:31:59 l2tp,ppp,info mzk1: terminating... - session closed 
13:32:00 l2tp,ppp,info mzk1: disconnected 
13:32:05 dns,error DoH server connection error: SSL: internal error (6) 
13:32:05 dns,error DoH server connection error: SSL: internal error (6) 
13:32:23 dns,error DoH server connection error: SSL: internal error (6) 
13:32:25 dns,error DoH server connection error: SSL: internal error (6) 
13:32:25 dns,error DoH server connection error: SSL: internal error (6) 
13:32:25 dns,error DoH server connection error: SSL: internal error (6) 
13:32:25 dns,error DoH server connection error: SSL: internal error (6) 
13:32:36 dns,error DoH server connection error: SSL: internal error (6) 
13:32:36 dns,error DoH server connection error: SSL: internal error (6) 
13:32:36 dns,error DoH server connection error: SSL: internal error (6) 
13:32:36 dns,error DoH server connection error: SSL: internal error (6) 
13:32:36 dns,error DoH server connection error: SSL: internal error (6) 
I was trying to use both Cloudflare and Google DNS ( 1.1.1.1, 8.8.8.8 )and looks like there are problems with both.

Hopefully, I did upgrade only on one of the many devices I maintain...
I also acknowledge is that it is not RoS issue in major but DoH related

Any advice?
Last edited by constructed on Thu Jun 25, 2020 10:12 am, edited 1 time in total.
 
erchegov
just joined
Posts: 4
Joined: Wed Jun 24, 2020 11:59 am

Re: v6.47 [stable] is released!

Thu Jun 25, 2020 9:56 am

I mean that two L2TP/IPsec clients behind the same NAT don't work correctly with server on 6.47, but with server on 6.46.6 everything is fine.
I use CCR1036 as l2tp/IPsec server and before updating to 6.47 i could connect two clients from the same NAT.
I also have another one CHR with 6.46.6 as L2tp/IPsec server and haven't troubles with connecting two client from same NAT.
CCR and CHR have the same configurations of L2TP and IPsec.
That is very strange. As far as I know it is not supposed to work in any version, but maybe there was a workaround in some sub-versions of 6.46
that I don't know about and which has now been removed again because it caused other problems...
I run two L2TP/IPsec servers each with a number of clients connected and I did not experience any problem with those, but they do not have
clients behind the same NAT. On one of them there is both a GRE/IPsec and a L2TP/IPsec tunnel from the same client IP, but they are to different
IPs on the server. When you have more than one IP on the server you can use that as a workaround.
(let each of the clients behind the same NAT connect to a different IP on the server)
It's first what i did, tried to connect clients behind the same NAT ip to different endpoinds on server, but successfully connected only one of them.
I have 3 unique ips on the server and about 600 clients, and only people behind same nat have issues
 
kd2pm2
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Wed Nov 14, 2012 7:14 am
Location: New Jersey, USA

Re: v6.47 [stable] is released!

Fri Jun 26, 2020 3:15 am

Got the same error messages trying to use 1.1.1.1 for DOH. I turned off DOH and no more issues. Not going to bother with DOH on 6.47 until MT can figure out what is causing the errors.
 
bourneagainsh
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Thu May 21, 2020 7:41 pm

Re: v6.47 [stable] is released!

Fri Jun 26, 2020 11:00 am

*) port - removed serial console port on hEX S;

- How can I re-enable the "serial console" manually on hEX S, if it has been disabled in 6.47 please?
- Why has it been disabled in 6.47 on the hEX S?

Who is online

Users browsing this forum: scoobyn8 and 5 guests