MikroTik

Posted: **Thu May 17, 2018 3:35 pm**

RouterOS version 6.42.2 has been released in public "current" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.42.2 (2018-May-17 09:20):

*) bridge - do not allow to add same interface list to bridge more than once;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.42.1);
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) defconf - fixed wAP LTE kit default configuration;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv4-client - fixed DHCP client stuck in renewing state;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) filesystem - fixed NAND memory going into read-only mode;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behaviour;
*) interface - fixed interface list which include disabled member;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed interface configuration responsiveness;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - improved reliability on IPsec hardware encryption for ARM devices except RB1100Dx4;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) lte - improved LTE communication process on MMIPS platform devices;
*) quickset - fixed dual radio mode detection process;
*) routerboard - properly represent board name for hAP ac^2;
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) x86 - fixed reboot caused by MAC Winbox connection;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device

Please keep this forum topic strictly related to this concrete RouterOS release.

Posted: **Thu May 17, 2018 3:54 pm**

CRS125 & RB750Gr3 no issues on the update and DHCP Client Issue fixed.

Posted: **Thu May 17, 2018 5:06 pm**

Looking great so far. 1 x CCR1016, 2 x CHR (with dude), 3 x CRS 125, 7 x RB951G, 1 x RB751G, 2 x wAP60G, 1 x SXTSA5ac 2 x SXT5ac.

No issues detected, but I've observed in just a few minutes of uptime across the devices where storage isn't used the sector rewrites have slowed way down.

Posted: **Thu May 17, 2018 5:14 pm**

*) winbox - allow to specify "any" as wireless "access-list" interface;

So, what's the difference now between 'any' and 'all'?

Posted: **Thu May 17, 2018 5:42 pm**

Just completed RB2011 from 6.42.1 to 6.42.2, all looks good so far, will monitor DHCP client issue and revert back.

Just one question though, I was under the impression it will no longer require to upgrade RoS and then after FW, i.e. requiring 2 reboots? I still had to upgrade routerboard firmware after ROS update, or do I have it wrong??

Posted: **Thu May 17, 2018 5:47 pm**

No, this was never changed. The only recent addition is that in /system routerboard settings it is now possible to
enable auto-updating of the firmware (curiously, it is disabled by default!).

When this option is enabled, immediately after boot the firmware version inside RouterOS is compared to the version
in the router, if different a firmware upgrade is done, the message that a reboot is required is logged as usual, but
no reboot is actually performed. So you still have to wait for the router to come up completely, login, and do the reboot.

It would be more friendly when the router would reboot automatically when it has done such an automatic firmware
upgrade (remember this happens before all the interfaces come up and interaction with other systems is started).

Posted: **Thu May 17, 2018 5:58 pm**

Get it, thx pe1chl

Posted: **Thu May 17, 2018 7:00 pm**

No, this was never changed. The only recent addition is that in /system routerboard settings it is now possible to
enable auto-updating of the firmware (curiously, it is disabled by default!).

When this option is enabled, immediately after boot the firmware version inside RouterOS is compared to the version
in the router, if different a firmware upgrade is done, the message that a reboot is required is logged as usual, but
no reboot is actually performed. So you still have to wait for the router to come up completely, login, and do the reboot.

It would be more friendly when the router would reboot automatically when it has done such an automatic firmware
upgrade (remember this happens before all the interfaces come up and interaction with other systems is started).

I agree with you but evening more thing. If auto-upgrade is "not" selected, simply by pressing the upgrade button should cause it to,

1: Upgrade the firmware, and
2: Do an auto-reboot without having to keystroke the reboot button.

-tp

Posted: **Thu May 17, 2018 7:10 pm**

Just completed RB2011 from 6.42.1 to 6.42.2, all looks good so far, will monitor DHCP client issue and revert back.

Just one question though, I was under the impression it will no longer require to upgrade RoS and then after FW, i.e. requiring 2 reboots? I still had to upgrade routerboard firmware after ROS update, or do I have it wrong??

No your correct, takes two reboots. I'd like to see firmware changes added to the changelog so we can decide if we need to update the firmware or skip this version as the device(s) aren't effected.

Posted: **Thu May 17, 2018 7:31 pm**

Since firmware fixes for already existing products are very rare, we do not force upgrade on each reboot. Basically, if you do not see change in RouterOS changelog that tells "extra reboot required", there is no need for an upgrade.

We consider that it would not be a good idea to force upgrade and increase boot time significantly just so firmware would be upgraded. At the moment we are maintaining policy that:

1) We do not force upgrade;
2) If you really want to upgrade firmware every time, then either reboot device twice after RouterOS upgrade when auto-upgrade for RouterBOOT is enabled or do such process manually.

Currently implementing simultaneous upgrade would introduce more flaws than pros. However, of course we will always listen to customers complaints and ideas and will try to make upgrade and other processes in RouterOS/RouterBOOT as good as they can be in order to satisfy the biggest part of users.

*Please try to keep this topic strictly related to the problems which were not present in 6.42.1 and are in 6.42.2.

Posted: **Thu May 17, 2018 8:08 pm**

Seeing as the only thing that seems to change between most versions of RouterBoot is the version number, why not abandon the stupid policy that brought this ridiculous state of affairs about and only change the version number WHEN THERE IS SOMETHING THAT CHANGES (apart from the version number!)?

Posted: **Thu May 17, 2018 8:09 pm**

There are changes - related to new products.

*Please try to keep this topic strictly related to the problems which were not present in 6.42.1 and are in 6.42.2.

Posted: **Thu May 17, 2018 8:15 pm**

Unfortunately it appears that IPv6 has broken.
I get a /48 prefix from the ISP using DHCPv6 and set addresses from the pool on 2 local interfaces, with advertise=yes.
Systems on these interfaces lose the default route after update from 6.42.1 to 6.42.2
After entering a manual default route the IPv6 connectivity works.
After releasing the IPv6 lease (and it automatically acquires it again) it works.
This problem has occurred in the distant past but it has returned.

Posted: **Thu May 17, 2018 9:39 pm**

No NV2 changes in 6.42.2? There are enough topics with problems (6.42.1) ...

Posted: **Thu May 17, 2018 11:10 pm**

Upgrade from 6.38.5 to 6.42.1, I had a bridge with 3 vlan inside and after reboot only one vlan is present in the bridge; we have added the remaining 2 vlan manually. Can you check that and why it appens ?

Posted: **Thu May 17, 2018 11:45 pm**

There are changes - related to new products.

*Please try to keep this topic strictly related to the problems which were not present in 6.42.1 and are in 6.42.2.

When will new wAP LTE come out?
I have bought wAP R with LTE module, that's strange because they shouldn't have it, so I guess it was made on purpose due to wAP shortage.
I'm asking because these wAP still have LTE firmware version 001, and upgrade it when you have more than 10 to upgrade takes time.
Will be implemented an upgrade process like RB firmware? Version 008 will become stock in next wAPs?

Posted: **Thu May 17, 2018 11:52 pm**

No NV2 changes in 6.42.2? There are enough topics with problems (6.42.1) ...

Wirelessly talking I only saw improvements.
I'm not telling that Nv2 is perfect now, because it really should be rewritten and sync should really be revised.
WISP need Nv3, but at least we saw some improvements.

Posted: **Thu May 17, 2018 11:53 pm**

Upgraded from 6.41.2 on a CRS125-24G-1S to 6.42.1 yesterday and found this morning that "fasttrack" connections were dropping a large percentage of packets. Disabling the firewall rules that tagged the connection as fasttrack eliminated the packet loss. Upgraded to 6.42.2 today, and the problem still exists.

Posted: **Fri May 18, 2018 12:05 am**

Upgraded from 6.41.2 on a CRS125-24G-1S to 6.42.1 yesterday and found this morning that "fasttrack" connections were dropping a large percentage of packets. Disabling the firewall rules that tagged the connection as fasttrack eliminated the packet loss. Upgraded to 6.42.2 today, and the problem still exists.

I have encountered eoip problems with fast track enabled in bridge settings, things like one tunnel working and the other one doesn't, or ping working from one and not from the other.

Posted: **Fri May 18, 2018 9:44 am**

upgraded from 6.42.1 to 6.42.2 on RB2011/RB1100/CRS125/RB962(9pc)/RB951/CHR/CHR-dude without any issues

Posted: **Fri May 18, 2018 9:58 am**

CAPs 952Ui-5ac2nD, 751U-2HnD, 951Ui-2HnD + CAPSMAN M33G ... 6.40.8 -> 6.42.2 with no problems

Posted: **Fri May 18, 2018 11:15 am**

*) winbox - allow to specify "any" as wireless "access-list" interface;
So, what's the difference now between 'any' and 'all'?

So why do we have one more option now? Do they behave in different ways?

any-all.png

Posted: **Fri May 18, 2018 11:39 am**

I'm using RB951Ui-2HnD. I had issues updating from 6.42.1 to 6.42.2. After updating routerboard didn't start up. When i unplug/plug from power point everything was good. Now i'm scared to update Firmware.

Thanks

Posted: **Fri May 18, 2018 11:47 am**

hAP ac^2 - when willl you fix slow download for 802.11ac?

uploading 400-500 Mbps
downloading - 200 Mbps...

IPsec on hAP ac2 is slowly compared to hEX

Posted: **Fri May 18, 2018 11:50 am**

hAP ac^2 - when willl you fix slow doawnload for 802.11ac?

uploading 400-500 Mbps
downloading - 200 Mbps...

IPsec on hAP ac2 is slowly compared to hEX

v6.42.2 fixes it, did you upgrade today with the new release?
https://mikrotik.com/download/changelog ... lease-tree

see the line that says:
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;

Posted: **Fri May 18, 2018 12:39 pm**

v6.42.2 fixes it, did you upgrade today with the new release?

Oh, good news, thank's!

Posted: **Fri May 18, 2018 9:38 pm**

CapsMan datapath bridge settings not work

Posted: **Sat May 19, 2018 10:52 am**

Since firmware fixes for already existing products are very rare, we do not force upgrade on each reboot. Basically, if you do not see change in RouterOS changelog that tells "extra reboot required", there is no need for an upgrade.

We consider that it would not be a good idea to force upgrade and increase boot time significantly just so firmware would be upgraded. At the moment we are maintaining policy that:

1) We do not force upgrade;
2) If you really want to upgrade firmware every time, then either reboot device twice after RouterOS upgrade when auto-upgrade for RouterBOOT is enabled or do such process manually.

Currently implementing simultaneous upgrade would introduce more flaws than pros. However, of course we will always listen to customers complaints and ideas and will try to make upgrade and other processes in RouterOS/RouterBOOT as good as they can be in order to satisfy the biggest part of users.

*Please try to keep this topic strictly related to the problems which were not present in 6.42.1 and are in 6.42.2.

So basically if i didn't see at the changelog "extra reboot required". A should not upgrade the firmware after upgrade latest version. Does is that mens?

Thanks

Posted: **Sat May 19, 2018 10:57 am**

Seems stable, upgraded 1 ccr 1009, crs and 25 hapac in our office test setup.

Posted: **Sat May 19, 2018 11:23 am**

Currently implementing simultaneous upgrade would introduce more flaws than pros. However, of course we will always listen to customers complaints and ideas and will try to make upgrade and other processes in RouterOS/RouterBOOT as good as they can be in order to satisfy the biggest part of users.

My suggestion is that you go back to the old policy of not changing RouterBOOT version when nothing has changed in the code.
It is fine that RouterBOOT version numbers are aligned with RouterOS version numbers, but please do so only when something changes.
(i.e. when RouterBOOT has changed in 6.41 then set version to 6.41 even when RouterOS is now 6.42.2)

That way, customers can easily see when RouterBOOT has to be upgraded. I.e. only when their RouterBOOT version is unequal to the upgrade RouterBOOT version.

Also, when this change has been implemented it would be good when "automatic RouterBOOT update" is enabled and the router in fact sees the update on reboot and
applies it, it automatically boots again immediately (i.e. before it has started the whole system).
This will be a quick reboot and it will not introduce more route flapping because the router was not running at that time anyway.

Posted: **Sat May 19, 2018 1:31 pm**

After upgrading my hap ac^2 yesterday evening, I have issues connecting via wifi on an irregular basis across all my devices.
I see the SSID but I can't connect to it. The log shows these kind of entries:

disconnected, group key exchange timeout

disconnected, unicast key exchange timeout

Did anyone else experienced this so far?

With the previous version from current channel, i had irregular ping spikes on different 2.4 ghz frequencies, which I could not reproduce.
No problems with my old hap lite.

I really hope that I didnt throw ~120€ to the trash and all the issues will be gone really soon. So far all I got from buying an hap ac^2 and cap ac is a lot of problems. Basic reason I decided for Mikrotik was it's incredible stability and performance.

Posted: **Sat May 19, 2018 10:18 pm**

Updated my 951Ui-2nD to 6.42.2 from 6.42.1 and there were some strange issues with my firewall rules, at first some were ignored then after a restart some were applyed in such a way that i was left outside and needed to manually reset the device

Neither winbox neither http were usable to connect to the router.
Same ruleset was loaded and it worked on the reinitialized machine on the same build.
So maybe if some have issues should consider reset of the device and reload of the configuration.

Posted: **Sun May 20, 2018 12:05 am**

Hi all,

i just upgrade few types of devices:

- RouterBOARD cAP Gi-5acD2nD
- RouterBOARD 750G r3
- 951G-2HnD
- RouterBOARD cAP 2nD
- CRS109-8G-1S-2HnD

no problem till now.
all the best,

Daniel

Posted: **Sun May 20, 2018 2:52 pm**

Unfortunately it appears that IPv6 has broken.
I get a /48 prefix from the ISP using DHCPv6 and set addresses from the pool on 2 local interfaces, with advertise=yes.
Systems on these interfaces lose the default route after update from 6.42.1 to 6.42.2
After entering a manual default route the IPv6 connectivity works.
After releasing the IPv6 lease (and it automatically acquires it again) it works.
This problem has occurred in the distant past but it has returned.

After a couple of days IPv6 router advertisement on one of the interfaces was again broken, only a reboot of the router fixed it this time.
It is a problem that was present many releases ago, appears to have been fixed, but starting from 6.42.2 it is again present (6.42.1 was OK)

Posted: **Sun May 20, 2018 5:16 pm**

RB HEXr3 upgrade from 6.42 to 6.42.2
dude packet also active
Manual ugrade in windows dude.exe 6.42.2 , and cant log in
SAY: cant read database

edit

go back to 6.42.1 .. and again
cant read database .. well done mikrotik.. aaaaah

Posted: **Mon May 21, 2018 11:17 am**

*) winbox - allow to specify "any" as wireless "access-list" interface;
So, what's the difference now between 'any' and 'all'?
So why do we have one more option now? Do they behave in different ways?

Just wondering: can anybody see my messages?..

Posted: **Mon May 21, 2018 11:24 am**

Upgraded from 6.41.2 on a CRS125-24G-1S to 6.42.1 yesterday and found this morning that "fasttrack" connections were dropping a large percentage of packets. Disabling the firewall rules that tagged the connection as fasttrack eliminated the packet loss. Upgraded to 6.42.2 today, and the problem still exists.

I can second this problem happening on CRS125-24G-1S-2HnD. It has happened since 6.42. No problem on 6.41.4.

Posted: **Mon May 21, 2018 2:43 pm**

RouterOS version 6.42.2 has been released in public "current" channel!

Before an upgrade:
...
3) Device has enough free storage space for all RouterOS packages to be downloaded.
...

You might remove that warning about storage available, it is confusing for people I believe.
There are routerboards who transfer the files on RAM instead of storage, so for example on Hap ac Lite you will "never have enough storage" but you still can do the upgrade. This is true for all Hap series.

Posted: **Mon May 21, 2018 3:19 pm**

@Chupaka
'Any' means any wireless interface
'All' is name of address list, which can also contain other interfaces (ethernet, SFP, etc.)

HTH,

Posted: **Mon May 21, 2018 3:45 pm**

@Chupaka
'Any' means any wireless interface
'All' is name of address list, which can also contain other interfaces (ethernet, SFP, etc.)

HTH,

So, they added 'any'. What tasks we currently can accomplish which we couldn't with 'all'? What's the practical difference between those two values? What was the necessity in adding 'any'?

Posted: **Mon May 21, 2018 4:17 pm**

IMO it's simple shortcut for those who don't want to create 'all-wireless-interfaces' list, nothing more.

Regards,

Posted: **Mon May 21, 2018 4:41 pm**

IMO it's simple shortcut for those who don't want to create 'all-wireless-interfaces' list, nothing more.

Regards,

Again: why not use 'all' instead of 'all-wireless-interface'? I doubt that you'll ever get wireless connection request from ethernet or some other IPIP interface...

Posted: **Mon May 21, 2018 6:05 pm**

So, what's the difference now between 'any' and 'all'?

Having 'all' and 'any' is very confusing. The same question crossed my mind.

Posted: **Mon May 21, 2018 9:57 pm**

Hi all, we have may problems with nv2. All clients on same AP with nv2 have on same time timeouts. VoIP do not work, if clients do have ping-timeouts. band are free, ccq perfect, no interferences all ok. wmm and firewall tracking for prio are active, but same problem. ~15 clients on same ap do have on same time ping-timeouts. thats not normal. this problem we have on all nv2 ap´s... any ideas, well we need a solution for it.
best regards

Posted: **Tue May 22, 2018 6:04 pm**

Be carefull, netwatch utility broken since 6.42.1. Up and down scripts does not execute.
E-mail with additional info was sent to support.

Posted: **Tue May 22, 2018 6:14 pm**

Be carefull, netwatch utility broken since 6.42.1. Up and down scripts does not execute.

This is incorrect! There were changes in what scripts can do and those were (in the usual terse format) mentioned in the changelog.
And there has been a lot of discussion about it already!

Posted: **Tue May 22, 2018 6:21 pm**

...mentioned in the changelog.
And there has been a lot of discussion about it already!

Please, could you provide proof links?

Posted: **Tue May 22, 2018 6:37 pm**

netwatch utility broken since 6.42.1

Please, could you provide proof links?

Have you actually checked 6.42.1 topic?

search.php?keywords=netwatch&t=133535&sf=msgonly

Posted: **Tue May 22, 2018 7:08 pm**

Have you actually checked 6.42.1 topic?
search.php?keywords=netwatch&t=133535&sf=msgonly

No, i've just surprised to find, that on my devices with 6.42.1 and 6.42.2 netwatch not working, and I've made some tests.
Thank's for link, now I know the reason and what i need to fix on my devices.

And sorry, this information is wrong:

Be carefull, netwatch utility broken since 6.42.1. Up and down scripts does not execute.

Posted: **Tue May 22, 2018 9:14 pm**

Anyone else having OSPF problems? I'm experiencing problems with one router in particular, a RB1100Hx2. The router sees neighbours but the state is flapping between ExState and 2-way. Might just be my config but thought I'd ask before I dig deeper.... Never mind, found the problem. It was in my config....

Posted: **Wed May 23, 2018 2:12 am**

@storp
Same here.

Posted: **Wed May 23, 2018 10:23 am**

If neighbor discover-interface-list is set to exclude (i.e. !WANs, where WANs is list of interfaces, for example), export command produces incorrect output (without "!")

> /ip neighbor discovery-settings set discover-interface-list=!WANs    
> /ip neighbor export                                                  
<..........>
/ip neighbor discovery-settings
set discover-interface-list=WANs

Posted: **Wed May 23, 2018 11:53 am**

This update has bricked one of my HAP AC units to a reboot loop I had to use netinstall to restore it (first time for me)
After netinstall and upgrade everything seems fine

Thanks!

Posted: **Wed May 23, 2018 3:05 pm**

Be carefull, netwatch utility broken since 6.42.1. Up and down scripts does not execute.

A scheduler can be used as a workaround, e.g.

/system scheduler
add disabled=yes interval=1m name=script1 on-event=\
    "/system scheduler disable script1\r\
    \n/system script run script1" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=may/23/2018 start-time=00:00:00
add disabled=yes interval=1m name=script2 on-event=\
    "/system scheduler disable script2\r\
    \n/system script run script2" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=may/23/2018 start-time=00:00:00

/system script
add name=script1 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/log info \"script1 runs\""
add name=script2 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    "/log info \"script2 runs\""

/tool netwatch
add down-script=\
    "/log info \"down, enable script2\"\r\
    \n/system scheduler enable script2" host=8.8.8.8 up-script=\
    "/log info \"up, enable script1\"\r\
    \n/system scheduler enable script1"

Posted: **Wed May 23, 2018 4:40 pm**

CHR 6.42.2 not working on Hyper-V (VMM SCCM network)
Every few hours (if used IPSec every 30 min) interface is not visible any MAC address (in ARP table)
Reboot (for example as Watchdog timer to ping gateway) and some time works further.

The properties of the network interface shows that the full duplex does not work and there are problems.

Posted: **Wed May 23, 2018 11:32 pm**

Hi
I wonder if VPNFilter malware threat is addressed in this release.
See https://www.symantec.com/blogs/threat-i ... ot-malware and https://blog.talosintelligence.com/2018 ... ilter.html for more details.

Posted: **Wed May 23, 2018 11:37 pm**

This update has bricked one of my HAP AC units to a reboot loop I had to use netinstall to restore it (first time for me)
After netinstall and upgrade everything seems fine

Thanks!

Same thing just happened to me. Updated all the MT's at home and now my outdoor AP seems to be power cycling. I shoulda left it alone. Tonight I get to climb up to the 18' roof and fix, YAY!

EDIT, been so long since I had to use netinstall I was thinking I needed a serial port. Forgot that I also have a server running at home so I remoted in fixed the HAP AC so big deal since it was at my house. Would have been awful had it been a production device somewhere tho.

Posted: **Thu May 24, 2018 12:20 am**

RB HEXr3 upgrade from 6.42 to 6.42.2
dude packet also active
Manual ugrade in windows dude.exe 6.42.2 , and cant log in
SAY: cant read database

edit

go back to 6.42.1 .. and again
cant read database .. well done mikrotik.. aaaaah

Well first post says. Export and backup your config before upgrade

In my undestanding that would include downloading dude database export to PC before upgrade.

Posted: **Thu May 24, 2018 12:43 am**

Hi
I wonder if VPNFilter malware threat is addressed in this release.
See https://www.symantec.com/blogs/threat-i ... ot-malware and https://blog.talosintelligence.com/2018 ... ilter.html for more details.

Apprently - it is not fixed in 6.42.2. I found logins as admin from different IPs allover the world to my CCRs1036 with 6.43rc11.
Moreover not only CCRs are affected as I found similar logins into my RB3011.

What is common - is that VPN server (pptp and l2tp) was enabled and accessible from internet on all affected devices.

Posted: **Thu May 24, 2018 1:13 am**

Apprently - it is not fixed in 6.42.2. I found logins as admin from different IPs allover the world to my CCRs1036 with 6.43rc11.
Moreover not only CCRs are affected as I found similar logins into my RB3011.

What is common - is that VPN server (pptp and l2tp) was enabled and accessible from internet on all affected devices.

Did you find actual logins, or only logs about attempted logins that were not successful?
And why do you enable logins from internet?

Posted: **Thu May 24, 2018 1:25 am**

i guess he got pwned on the previous version(stolen user pass), then upgraded but did not change access credentials.
But they still have the credentials to login.

Posted: **Thu May 24, 2018 1:36 am**

Well first post says. Export and backup your config before upgrade In my undestanding that would include downloading dude database export to PC before upgrade.

Yes, you should always make backups and in case you are running Dude you should do regular exports and store them on another system.
However in reality we see people here who run a WISP for business and never made a backup or only did so 9 months ago...
It is of course a disaster waiting to happen, but I guess in some regions the WISP business is very attractive for people with little hand-on experience with networking and no knowledge about generic IT practices.

Posted: **Thu May 24, 2018 11:22 pm**

Version 6.43rc17 has been released.
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
*) wireless - improved client "channel-width" detection;

It would be great if we could get those wireless fixes into 6.42.3

Posted: **Fri May 25, 2018 8:57 am**

I have a ccr1009 with flash partitioned into 2 partitions. So each of that flash parts are of 32 Mb, which was ok for me so far.

After recent upgrade to 6.42.1 I found all of my flash almost taken by unknown (invisible) files or data. Right now I have only 10 Mb of flash and the upgrade to 6.42.2 needs ~15Mb. I asked this in different topic and got

viewtopic.php?f=2&t=134713&p=663589#p663890

this answer saying I'm not along with the problem, so looks like 6.42.1 upgrade script won't do its job well, or something. Not sure is this can be more widespread or not, and surely don't know if this can happen to any new version.

What should I do? The device is on remote location so it's not an option to netinstall it. So far I can not upgrade to any new version.

How can I clean up these extra files/data? If I format the flash then the device won't boot afterwards, isn't it?

Posted: **Fri May 25, 2018 10:25 am**

Version 6.42.3 has been released in current channel:

viewtopic.php?f=21&t=134824

Posted: **Thu May 31, 2018 9:48 am**

Everyone who complained about the Netwatch issue - Please see this topic viewtopic.php?f=2&t=134538

MikroTik

v6.42.2 [current]

v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]

Re: v6.42.2 [current]