MikroTik

Hi,

This night i upgraded mikrotik to the 6.41 and got a lot of surprises.

1. It automatcially created bridge1 and added all my interfaces from switch to it (thats expected)
2. There is no master-port on interfaces now (also expected)
3. Arp proxy is not working as expected anymore

I would really ask some help on 3. How it was working before:

I have an ip, lets say 192.168.59.0/24 on bridge0 which i am using for management. Also i am in the process of moving it to the separate VLAN (vlan id 4000, name DiagVLAN). To co-exists before switch is completed i did static routes to the new addresses to DiagVLAN, e.g.
And enabled proxy-arp on the DiagVlan
It was working fine before upgrade, but not now - vlan member can see only other members of the same vlan or mikrotik, but not legacy 192.168.59.x hosts. Anyone know what could be an issue and how to get it working back?

I have similar issue with proxy-arp . I have build sstp connection with BCP between 2 routerboards. After upgrade ROS to 6.41 i lost the network discovery between bridges!

I did some additional investigation on the proxy-arp issue. So we have:

1. Diag VLAN (with vlanid) with 192.168.59.77 host
2. bridge1 created from the masterport, with a 192.168.59.6 host
3. Mikrotik with 192.168.59.1 address

Both diag vlan and bridge1 do have proxy-arp enabled. Some findings:

1. Proxy-arp on vlan seems to work - at least i am getting router mac for the 192.168.59.6.
2. ICMP packets from .77 to .6 are going thru bridge and going to .6 as expected. But for .6 there is no mac address entry for the .77, so it is not able to reply
3. Workaround "add address=192.168.59.77 interface=bridge1 published=yes" fixing connectivity and icmp starts to work.

Hopefully it will be fixed

Same here
After upgrading to 6.41 (on my 2011UiAS), my SSTP VPN stop to working.
I tried to modify proxy-arp on bridge, on interface (member of bridge), and all combination, does not work.

Only if i use a single interface (ip on it no bridge member) and prokxy-arp on, SSTP start working as aspected.

I have the same problem with a site-to-site IPSEC tunnel. Everything went well until the upgrade to 6.41. I made all kind of workarounds to keep my networks connected but i will have to revert the firmware to earlier versions if this won't be fixed.

haven't had the time to have a thorough look, definitely proxy-ARP seems to break when upgrading both to ROS 6.41 or 6.41.1.

Going back to 6.39.3 will only fix it if a pure software bridge is used. Use a master port adding it to the bridge and arp will break too. Looks like hardware acceleration issues.

Downgrading to 6.39.3 doesn't completely fix it either if the other, vpn client has 6.41; only works fully with routers still on 6.39.3 (not 6.41.x downgraded to 6.39.3) or regular clients.

I upgraded to Firmware 6.41, but doesn't seem to be possible (on a hAP ac) to downgrade the firmware back to 3.x; firmware has its impact on this surely.

Make sure fast-forward on the bridge is enabled, I completely wiped out the bridge, recreated it with fast-forward set and proxy-arp/local-proxy-arp worked this time.

No dice... reset it to defaults, loaded the config back, and it's not working now.

Will try a netinstall, but looks some sort of issue between hw switch chip and software bridging.