MikroTik

What's new in 5.6 (2011-Aug-02 14:45):

*) fixed ssh server crashing when sessions were interrupted
*) ipsec - fix a problem which could silently remove a manual policy
from the kernel if the peer configuration has 'generate-policy' set to 'yes'
and if the policy matches with the traffic selector of a SA being removed
on the responder side, also fix a problem that some generated policies
may stay in kernel after relevant SA was removed;
*) profiler - correctly show idle task on RB1200;
*) webfig - fix dual nstreme interface setting lists;
*) webfig - fix Wireless Access/Connect List editing;
*) webfig - fix bitrate presentation in simple queues (show 1.5M as 1500k);
*) fixed micro-sd access on RB400 not to stop everything else;
*) sstp - when server certificate verification is enabled for sstp client,
it will additionally compare IP addresses found in certificate's
subjectAltName and subject CN to the real address, DNS names are ignored;
*) tftp - optional block counter roll-over support;
*) hotspot - fixed possible crash in case of multiple Radius CoA requests;
*) userman - speedup user deletion with big log size,
note that first userman startup after this update
may take few minutes if the log size is in hundreds of MB;
*) mpls - added support for enabling/disabling control word usage for
BGP based VPLS tunnels (both - Cisco and RFC 4761 based);
*) mpls - added support for auto-discovery of VPLS NLRI encoding method
for Cisco BGP based VPLS tunnels;
*) winbox - sometimes after disconnecting, winbox could not connect back;
*) bgp - allow parallel operation of RFC4761 "l2vpn" and
draft-ietf-l2vpn-signaling "l2vpn-cisco" BGP VPLS variants inside
single peering session.
*) console - ":resolve" command now returns IPv6 address for domain names
that have only IPv6 address records;
*) snmp - provide ups alarms for bad or low battery or for ups overload;
*) route - fixed SNMP getnext queries, were failing to find next
prefix in the OID order;

Hi Normis,

Is ticket #2011062866000285 fixed in this release?

recreating torrent file, so files are in folders as expected.

edit: 10:40 EEST torrent file is corrected. You should re-download the file.

Are there any changes relating to #2011062966000309 in this release?

Yes, now you have to set server's IP address (not DNS name) when creating certificate.

SSTP is not harder to use, it is just an additional security feature.

Yes, now you have to set server's IP address (not DNS name) when creating certificate.

SSTP is not harder to use, it is just an additional security feature.

Yes, now you have to set server's IP address (not DNS name) when creating certificate.

SSTP is not harder to use, it is just an additional security feature.

It's pretty much an industry standard to use domain names, how exactly is this a 'feature'?

Because nameservers cannot be trusted.

Yes, now you have to set server's IP address (not DNS name) when creating certificate.

SSTP is not harder to use, it is just an additional security feature.

OK. So let's assume for a moment that I'm running a VPN server and want to connect to it using SSTP. I generate my certificate signing request and for the CN I use the server IP. I then submit the cetificate signing request to Godaddy or any other signing CA (windows will not connect to servers showing an unsigned certificate by a trusted signing CA). They will throw out the CSR since the CN would not contain a valid domain name.

I'm then stuck creating my own CA and distributing root certificates to my users who may or may not know how to import them into which keystore.

If this is what 5.6 is doing, then it sounds like the killing of an otherwise useful routeros feature.

Thanks
GL

Still no IPv6 love with no DHCPv6-PD

Hello,
After update from 5.5 i'm getting lots of layer7 erros:
log print
13:43:55 firewall,warning layer7 match failed, regexp too complex...

Regarding the L7 problem:

For some time it was known that some specific layer7 filters in combination with specific traffic may cause router to crash.

We were able to narrow down the problem and introduced a first version of the fix - as soon as specific conditions for possible crash was met firewall will add a log entry to inform about situation and will avoid the crash.

The current "fix" actually contained a bug, so it produces unnecessary log entries.

We are still working on final solution, in fact it is already known that version 5.7 will have more precise fix that will significantly reduce blocked regexps as we narrow the problem even more (thanks to your reports)

Hello Normis,

Is ticket #2011072166000401 fixed in this release?

Thanks,
Dzieva

Yes, now you have to set server's IP address (not DNS name) when creating certificate.

SSTP is not harder to use, it is just an additional security feature.

It's pretty much an industry standard to use domain names, how exactly is this a 'feature'?

Because nameservers cannot be trusted.

Hello Normis,

Is ticket #2011072166000401 fixed in this release?

Thanks,
Dzieva

5.6 version include improvements for wireless and NV2.
Have you tried v5.6 on problematic link?
Do you experience the same disconnect problems?

5.6 version include improvements for wireless and NV2.

Hello Normis,

Is ticket #2011072166000401 fixed in this release?

Thanks,
Dzieva

5.6 version include improvements for wireless and NV2.
Have you tried v5.6 on problematic link?
Do you experience the same disconnect problems?

Updated 5.6

jan/02 00:00:10 system,info verified routerboard-5.6-mipsbe.npk
jan/02 00:00:11 system,info verified ntp-5.6-mipsbe.npk
jan/02 00:00:11 system,info verified wireless-5.6-mipsbe.npk
jan/02 00:00:11 system,info verified advanced-tools-5.6-mipsbe.npk
jan/02 00:00:11 system,info verified security-5.6-mipsbe.npk
jan/02 00:00:11 system,info verified system-5.6-mipsbe.npk
jan/02 00:00:11 system,info installed system-5.6
jan/02 00:00:11 system,info installed security-5.6
jan/02 00:00:11 system,info installed advanced-tools-5.6
jan/02 00:00:11 system,info installed wireless-5.6
jan/02 00:00:11 system,info installed ntp-5.6
jan/02 00:00:11 system,info installed routerboard-5.6
jan/02 00:00:11 system,info router rebooted
jan/02 00:00:14 interface,info ether1 link up (speed 100M, full duplex)
jan/02 00:00:19 wireless,info 00:0C:42:B5:XX:XX@wlan1 established connection on XXXX, SSID XXXXXXXX
jan/02 01:00:45 interface,info ether1 link down
jan/02 01:00:47 interface,info ether1 link up (speed 100M, full duplex)
jan/02 01:03:10 interface,info ether1 link down
jan/02 01:03:11 interface,info ether1 link up (speed 100M, full duplex)
jan/02 19:01:16 interface,info ether1 link down
jan/02 19:01:18 interface,info ether1 link up (speed 100M, full duplex)
jan/02 19:01:22 interface,info ether1 link down
jan/02 19:01:24 interface,info ether1 link up (speed 100M, full duplex)
jan/02 19:01:40 interface,info ether1 link down
jan/02 19:01:41 interface,info ether1 link up (speed 100M, full duplex)
01:31:21 interface,info ether1 link down
01:31:22 interface,info ether1 link up (speed 100M, full duplex)
01:47:18 interface,info ether1 link down
01:47:20 interface,info ether1 link up (speed 100M, full duplex)

My RB1200 reboot when enable or disable auto-negotiation on any interface.

Message log:
system error critical router was rebooted without proper shutdown (cause1)

Hello Normis,

Is ticket #2011072166000401 fixed in this release?

Thanks,
Dzieva

5.6 version include improvements for wireless and NV2.
Have you tried v5.6 on problematic link?
Do you experience the same disconnect problems?

Hello Sergejs,

Yes, Yes, with v5.6 build jul/28...
I will update to v5.6 build aug/02 and test it.

Thanks,
Dzieva

Hello Normis,

Is ticket #2011072166000401 fixed in this release?

Thanks,
Dzieva

5.6 version include improvements for wireless and NV2.
Have you tried v5.6 on problematic link?
Do you experience the same disconnect problems?

I've updated remote SXT and after reboot I lost it. Then I tried to update testing SXT which I have here - I lost it as well. No single packet from them - I tried to discover using WinBox, I tried to watch traffic using Wireshark, nothing. What's going on?

Edit: I'm talking about ethernet (cable) connection, I didn't try wireless.

Hello Folks!

After upgrade from 4.17 to 5.6 on our basestations RB600 we recieve very low Tx7Rx CCQ values, before it was 90-100% now it is something like 24-30.

Tx/Rx Rate went down to 9Mbit/s and vanders around 96-24 with jumps up to 54Mbit but most of time around 6. Before it was rock solid 54 Mbit/s everywhere.

Can someone please explain what is going on here and help me to fix this issue before customers wil start calling in about bad internet ?

the same disconnect problems

'NV2 bridge 56 км ки 411 r52hn (baza)
aug/05 21:57:24 wireless,debug wlan1: 00:0C:42:64:52:7B in local ACL, accept
aug/05 21:57:24 wireless,info 00:0C:42:64:52:7B@wlan1: connected
aug/05 21:58:22 wireless,info 00:0C:42:64:52:7B@wlan1: reconnecting
aug/05 21:58:22 wireless,debug wlan1: 00:0C:42:64:52:7B in local ACL, accept
aug/05 21:58:22 wireless,info 00:0C:42:64:52:7B@wlan1: connected
aug/05 22:11:46 system,info,account user admin logged in from 178.49.73.94 via win
box


NV2 station bridge 56 km r52hn (klient)

16:06:17 wireless 00:0C:42:62:DA:48@wlan1: lost connection, synchronization timeout
16:06:18 wireless 00:0C:42:62:DA:48@wlan1 established connection on 2312, SSID gorn
16:06:37 wireless 00:0C:42:62:DA:48@wlan1: lost connection, synchronization timeout
16:06:39 wireless 00:0C:42:62:DA:48@wlan1 established connection on 2312, SSID gorn
16:58:50 wireless 00:0C:42:62:DA:48@wlan1: lost connection, synchronization timeout
16:58:51 wireless 00:0C:42:62:DA:48@wlan1 established connection on 2312, SSID gorn
16:59:21 wireless 00:0C:42:62:DA:48@wlan1: lost connection, synchronization timeout
16:59:22 wireless 00:0C:42:62:DA:48@wlan1 established connection on 2312, SSID gorn

Hello Folks!

After upgrade from 4.17 to 5.6 on our basestations RB600 we recieve very low Tx7Rx CCQ values, before it was 90-100% now it is something like 24-30.

Tx/Rx Rate went down to 9Mbit/s and vanders around 96-24 with jumps up to 54Mbit but most of time around 6. Before it was rock solid 54 Mbit/s everywhere.

Can someone please explain what is going on here and help me to fix this issue before customers wil start calling in about bad internet ?

Are readings while a data stream is on the link?
Depending on your chosen data rates CCQ will step up/down depending on data throughput. In v5 versions this is more obvious (with NV2) than before.

Hello Folks!

We are also upgrading to 5.6 from 5.4 and 5.5, 4.17.
So far on RB411 (CPE) and RB333 (Routers), RB450G (Routers).

There has been some incidents, when upgrading RB450G and RB411 from 4.17 to 5.5 they never came back up on the network, visiting the router's we discovered that all ethernet leds were off but blue led was on. Fully dissconnect the power and put it back again solved the problem. Upgrading from 5.5 to 5.6 was not an issue.

Please MT, can you do something about the upgrade scenarios, like automatik failback, and automatik restart on previous firmware. Failsafe functions should be implemented like last known good and so on. Other devices we have do so, like our IBM AIX servers.
The devices should never be dead in water exeption is if there are hardware problems.

Hello Folks!

We are also upgrading to 5.6 from 5.4 and 5.5, 4.17.
So far on RB411 (CPE) and RB333 (Routers), RB450G (Routers).

There has been some incidents, when upgrading RB450G and RB411 from 4.17 to 5.5 they never came back up on the network, visiting the router's we discovered that all ethernet leds were off but blue led was on. Fully dissconnect the power and put it back again solved the problem. Upgrading from 5.5 to 5.6 was not an issue.

Please MT, can you do something about the upgrade scenarios, like automatik failback, and automatik restart on previous firmware. Failsafe functions should be implemented like last known good and so on. Other devices we have do so, like our IBM AIX servers.
The devices should never be dead in water exeption is if there are hardware problems.

There is a bug with 4.1X when you try to reboot it shuts down instead, discovered this as usual the hard way when a weekly scheduled reboot resulted in routers shutting down, this is fixed in the 5.X series so i never reboot a 4.x series unless i am close by to re-cycle the power.

http://forum.mikrotik.com/viewtopic.php ... it=+reboot

http://forum.mikrotik.com/viewtopic.php?f=1&t=48518

the same disconnect problems

'NV2 bridge 56 км ки 411 r52hn (baza)
aug/05 21:57:24 wireless,debug wlan1: 00:0C:42:64:52:7B in local ACL, accept
aug/05 21:57:24 wireless,info 00:0C:42:64:52:7B@wlan1: connected
aug/05 21:58:22 wireless,info 00:0C:42:64:52:7B@wlan1: reconnecting
aug/05 21:58:22 wireless,debug wlan1: 00:0C:42:64:52:7B in local ACL, accept
aug/05 21:58:22 wireless,info 00:0C:42:64:52:7B@wlan1: connected
aug/05 22:11:46 system,info,account user admin logged in from 178.49.73.94 via win
box


NV2 station bridge 56 km r52hn (klient)

16:06:17 wireless 00:0C:42:62:DA:48@wlan1: lost connection, synchronization timeout
16:06:18 wireless 00:0C:42:62:DA:48@wlan1 established connection on 2312, SSID gorn
16:06:37 wireless 00:0C:42:62:DA:48@wlan1: lost connection, synchronization timeout
16:06:39 wireless 00:0C:42:62:DA:48@wlan1 established connection on 2312, SSID gorn
16:58:50 wireless 00:0C:42:62:DA:48@wlan1: lost connection, synchronization timeout
16:58:51 wireless 00:0C:42:62:DA:48@wlan1 established connection on 2312, SSID gorn
16:59:21 wireless 00:0C:42:62:DA:48@wlan1: lost connection, synchronization timeout
16:59:22 wireless 00:0C:42:62:DA:48@wlan1 established connection on 2312, SSID gorn

perform a wireless scan on both ends and show us the results. Also give us your other NV2 parameters.

Is it OK if I upgrade my RB each time when new upgrade release ?

Is it OK if I upgrade my RB each time when new upgrade release ?

[admin@MikroTik] > /system license print
    software-id: xxxx-xxxx
  upgradable-to: v6.x
         nlevel: 4
       features: 

Strange behavior or of the interface speed graph.
x86 , ROS v5.6 , RealTeck 1G ethernet.

In some pik situation MT show speed which is more then 100Mbit/s, in same time showes some interrupts in graph.

i've just updated to v5.6 yesterday, and now i got CPU resource load 100%. it's been hours like this
[...]
somebody help please before the router crash for overheating

also look into the Tool Profile to see what is using that CPU.

also look into the Tool Profile to see what is using that CPU.

this kind of help i'm talking about
under Tool Profile, it's "management" taking mostly 65% of the CPU load


i closed all active winbox already, nothing's changed. is there anything else i could check on?
thanks before

Winbox is not "management". What configuration you have on that router?

i closed all active winbox already, nothing's changed. is there anything else i could check on?
thanks before

reboot? Or power cycle? That sometimes helps. If issue comes back, downgrade reboot, power cycle, and upgrade again....

Hello Folks!

We are also upgrading to 5.6 from 5.4 and 5.5, 4.17.
So far on RB411 (CPE) and RB333 (Routers), RB450G (Routers).

There has been some incidents, when upgrading RB450G and RB411 from 4.17 to 5.5 they never came back up on the network, visiting the router's we discovered that all ethernet leds were off but blue led was on. Fully dissconnect the power and put it back again solved the problem. Upgrading from 5.5 to 5.6 was not an issue.

Please MT, can you do something about the upgrade scenarios, like automatik failback, and automatik restart on previous firmware. Failsafe functions should be implemented like last known good and so on. Other devices we have do so, like our IBM AIX servers.
The devices should never be dead in water exeption is if there are hardware problems.

There is a bug with 4.1X when you try to reboot it shuts down instead, discovered this as usual the hard way when a weekly scheduled reboot resulted in routers shutting down, this is fixed in the 5.X series so i never reboot a 4.x series unless i am close by to re-cycle the power.

http://forum.mikrotik.com/viewtopic.php ... it=+reboot

http://forum.mikrotik.com/viewtopic.php?f=1&t=48518

---------

Thanks!
We still have many ros4.17 RB411 CPE spread out over a wide area, hard to reach, upgrades are planned.

I've updated remote SXT and after reboot I lost it. Then I tried to update testing SXT which I have here - I lost it as well. No single packet from them - I tried to discover using WinBox, I tried to watch traffic using Wireshark, nothing. What's going on?

I've updated remote SXT and after reboot I lost it. Then I tried to update testing SXT which I have here - I lost it as well. No single packet from them - I tried to discover using WinBox, I tried to watch traffic using Wireshark, nothing. What's going on?

I've returned from my holiday now and started to discover what's wrong. I was not able to connect to SXT with 5.6, so I reset settings (using button) and SXT started to respond again (with default settings, of course). Then I tried to restore configuration - I lost SXT again.

So I tried to reset, downgrade to 5.5, restore configuration - everything is all right. Upgrade to 5.6 - lost. There is obviously something wrong with my configuration and 5.6. I am using bridge - ethernet and wireless are bridged together. Maybe there is something wrong with that in 5.6? I'm not sure and perhaps I will contact support.

please make the support output file from v5.5 with your config, so we could check it. Also maybe make admin user without password and send us the backup file maybe we could try to reproduce it.

So it seems that problem is with L2MTU set to 2030. I can reset configuration, set L2MTU (not MTU!) to 2030 and connection is lost immediately. Perhaps I have not understood meaning of L2MTU well But why this was working in 5.5?

Hello Folks!

Is NV2 now stable to use in production or is suggestion to wait still some releases of routeros ?

I still see lot of fuzz regarding disconnection issues with NV2.

Hello Folks!

Is NV2 now stable to use in production or is suggestion to wait still some releases of routeros ?

I still see lot of fuzz regarding disconnection issues with NV2.

Well when MT say they cannot reproduce some of the on going disconnection issues in their test lab, effected users have sent in debug logs, we still await a solution from MT for this but it's your call to use NV2 in production it may work flawlessly for you or cause you problems, there is only one way to answer the question you have asked (test)

Hello Folks!

Is NV2 now stable to use in production or is suggestion to wait still some releases of routeros ?

I still see lot of fuzz regarding disconnection issues with NV2.

Hello Folks!

Is NV2 now stable to use in production or is suggestion to wait still some releases of routeros ?

I still see lot of fuzz regarding disconnection issues with NV2.

Hi ´steen´, as you could see in this forum, I had many issues with pre 5.6 releases and NV2. My whole network (+/- 250 radio's in 15km radius with 16 AP's) is now in 5Ghz upper band (200Mhz wide) working with NV2 and v5.6. I have no more disconnect issues like before that are NV2 related.

Users still should understand though that NV2 needs better channel separation between competitive AP's working the same band and clients can at times having problems with interferences due strong signals from other working frequencies than its own. But if the channels (10Mhz!) are chosen with caution the network runs fine.....
With me it runs some 3 weeks now in all v5.6ROS + updated firmwares and it has been long (pre NV2 era!) that I had such a stable network as I have now...

Even the port flap issue still around is merely a ros notification issue than a real one. Although it is still wide spread over my network there seems to be not a single client noticing it. It only happens on Ethernet ports that are connected to 3rd party devices. I hardly see it between MT routers.
Maybe v5.7 might see some extra improvement here since it has improved Ethernet drivers (according newsletter) and hopefully the ´port flap´ issue has disappeared as well!

IIRC the graphing issue is related to the NTP server package taking too long to sync the system clock, and when the graphs are updated the time gap causes it to clear them. If you don't need the NTP server capabilities, using the simple NTP client rather than the separate package is supposed to avoid this. This has been reported by many people, so Mikrotik is aware of it, but sadly it seems to be a long, long way down their priority list.