Page 1 of 1
6.3 Released
Posted: Wed Sep 04, 2013 3:46 am
by w0lt
What's new in 6.3 (2013-Sep-03 12:25):
*) ssh - fixed denial of service;
*) traceroute - show mpls labels as well;
*) bug fix - sometimes some new interfaces could not be created properly any more (f.e. some pppoe clients could not connect);
*) console - added '/console clear-history' command that clears command-line
history for all users, requires 'policy' policy;
*) sstp - limit packet queue for each device;
*) RB2011L - fixed occasional gigabit switch-chip lockup;
*) user manager - will warn on 1MB and stop before reaching minimum of 500KB disk space;
*) hotspot - do not account traffic to local hotspot pages;
*) ppp, hotspot - added ability to specify where to insert rate limiting queue,
it's parent and type;
*) pptp, l2tp, sstp - allow to specify server via dns name;
*) dhcp - added ability to specify where to insert rate limiting queue;
*) www proxy - support ipv6 parent proxy;
*) webfig - fixed problem when opening quickset page country
was automaticly changed to etsi;
*) traceroute - added mtr like pinging;
*) fix queues - correct queue was not installed when last child removed;
*) fix simple queues - sometimes some simple queues would stop
working after configuration changes;
*) console - fixed issue with local variables having non-empty value
before first assignment;
*) console - fixed command ":global name" without second argument to not
create or change global variable "name", only effect is to make "name"
refer to global variable.
*) console - fixed passing local variables as argument to function;
*) RB1200 - fixed crash when receiving over l2mtu size packets
on some ethernet interfaces;
Re: 6.3 Released
Posted: Wed Sep 04, 2013 7:04 am
by ziadsobri
Ok, I'll try this one. I hope its better than previous release of v.6.
At this moment, i still recommend using v5.25 for solid network services.
Re: 6.3 Released
Posted: Wed Sep 04, 2013 8:05 am
by macgaiver
*) pptp, l2tp, sstp - allow to specify server via dns name;
This is very very important small feature for my region
- lets say goodbye to some significant scripting
Re: 6.3 Released
Posted: Wed Sep 04, 2013 8:18 am
by stmx38
*) pptp, l2tp, sstp - allow to specify server via dns name;
OpenVPN ?
Re: 6.3 Released
Posted: Wed Sep 04, 2013 9:21 am
by ohara
*) pptp, l2tp, sstp - allow to specify server via dns name;
This is very very important small feature for my region
- lets say goodbye to some significant scripting
do I simply need to put a host name in the 'Connect to:' field or how can we use it?
Re: 6.3 Released
Posted: Wed Sep 04, 2013 10:03 am
by janisk
yes, you place hostname there and when tunnel has to be created it will be resolved (if possible) and tunnel established
Re: 6.3 Released
Posted: Wed Sep 04, 2013 10:03 am
by macgaiver
*) pptp, l2tp, sstp - allow to specify server via dns name;
This is very very important small feature for my region
- lets say goodbye to some significant scripting
do I simply need to put a host name in the 'Connect to:' field or how can we use it?
and have /ip dns configured.
Re: 6.3 Released
Posted: Wed Sep 04, 2013 10:26 am
by zervan
*) user manager - will warn on 1MB and stop before reaching minimum of 500KB disk space
It sounds like it is not solving the main problem - disk space constantly filling sometimes (see Ticket#2013090266001555 and graph in screenshot here - from ROS 6.2), but just avoiding the symptom. Yes, it is better to stop User Manager than complete crash of router (netinstall was needed, see Ticket#2013053066000493), but please, fix User Manager completely.
Re: 6.3 Released
Posted: Wed Sep 04, 2013 10:27 am
by infused
any issues on ccr yet?
Re: 6.3 Released
Posted: Wed Sep 04, 2013 10:39 am
by k3dt
http://packetstormsecurity.com/files/12 ... ption.html
Is it fixed in 6.3? This is
critical problem. SSH login can be bypassed remotely.
Re: 6.3 Released
Posted: Wed Sep 04, 2013 10:41 am
by normis
*) user manager - will warn on 1MB and stop before reaching minimum of 500KB disk space
It sounds like it is not solving the main problem - disk space constantly filling sometimes (see Ticket#2013090266001555 and graph in screenshot here - from ROS 6.2), but just avoiding the symptom. Yes, it is better to stop User Manager than complete crash of router (netinstall was needed, see Ticket#2013053066000493), but please, fix User Manager completely.
That image was taken before we released v6.3, it shows September 2. Did you upgrade to the version we released on the web
Today ?
Re: 6.3 Released
Posted: Wed Sep 04, 2013 10:41 am
by normis
First of all, ssh can
NOT be bypassed remotely, this is all made up. Please read the official response here:
http://forum.mikrotik.com/viewtopic.php ... 65#p384465
Second: Did you read the changelog?
Re: 6.3 Released
Posted: Wed Sep 04, 2013 10:49 am
by jarda
Any notes about non-saving interface graphs error that started with verison 6?
Otherwise I keep running on 5.25.
Re: 6.3 Released
Posted: Wed Sep 04, 2013 11:02 am
by zervan
*) user manager - will warn on 1MB and stop before reaching minimum of 500KB disk space
It sounds like it is not solving the main problem ...
That image was taken before we released v6.3, it shows September 2. Did you upgrade to the version we released on the web
Today ?
Yes, you are right! I will upgrade today evening (now it is working), but... I just wrote: "it sounds like it's not solving the main problem", where "it" is referring to "will warn .. and stop". From that words I expect that after upgrade, space will still be running out sometimes and the service will be stopped. Perhaps you have fixed that and just not writing about it in changelog? That would be fine. I can't test it in short term, because the problem was appearing very occasionally - once per (few?) month(s) - and it is unpredictable. Well, I will hope it is fixed now!
Re: 6.3 Released
Posted: Wed Sep 04, 2013 2:31 pm
by infused
Mikrotik, are these new builds adding to the performance of the CCR, specifically around sharing load over cores?
Re: 6.3 Released
Posted: Wed Sep 04, 2013 2:34 pm
by normis
I can't test it in short term, because the problem was appearing very occasionally - once per (few?) month(s) - and it is unpredictable. Well, I will hope it is fixed now!
How many users do you have? Check "/tool user-manager database print", which database is the one taking up space?
Re: 6.3 Released
Posted: Wed Sep 04, 2013 3:18 pm
by NAB
I seem to have a problem with Netinstall 6.3 on Windows 8.
When I select either the configuration script or the package source directory, neither the "browse for folder" and "select script" dialog windows show mapped network drives - that is, I can see drive C: (boot/OS drive) and E: (Blu-Ray), but not drives H:, M:, P:, Q: and V:.
If I use the network path to the script or package directory (e.g. \\myserver\routeros\packages\ and \\myserver\routeros\installscript.rsc), netinstall accepts these.
Regardless of how the files are selected (local c: drive or network share), when I click 'Install, I get the following error:
"Installation failed: Could not open temporary file."
Does anybody have any ideas?
Re: 6.3 Released
Posted: Wed Sep 04, 2013 3:48 pm
by honzam
Watchdog still NOT work on MIPSle devices. Ticket - Reported from version 6.0
today 6.3 - still not work
Re: 6.3 Released
Posted: Wed Sep 04, 2013 3:57 pm
by Shkrid
Broken multiple Paste comands in v6.3 CCR (in v6.2 all works fine)
I copy commands below(for example)
/interface vlan add arp=reply-only interface=ether3 name=TEST vlan-id=3000
/ip address add address=10.250.255.1/24 interface=TEST
/ip pool add name=pool_TEST ranges=10.250.255.2-10.250.255.254
/ip dhcp-server add add-arp=yes address-pool=pool_TEST disabled=no interface=TEST lease-time=1h name=DHCP_TEST
Paste in terminal and get the error.
[admin@Mikrotik] > /interface vlan add arp=reply-only interface=ether3 name=TEST vlan-id=3000
[admin@Mikrotik] > /ip address add address=10.250.255.1/24 interface=TEST
[admin@Mikrotik] > /ip pool add name=pool_TEST ranges=10.250.255.2-10.250.255.254
[admin@Mikrotik] > /ip dhcp-server add add-arp=yes address-pool=pool_TEST disabled=no interface=TEST lease-time=1h name=DHCP_TEST
input does not match any value of interface
Enter one-by-one and all ok:
[admin@Mikrotik] >
[admin@Mikrotik] > /interface vlan add arp=reply-only interface=ether3 name=TEST vlan-id=3000
[admin@Mikrotik] >
[admin@Mikrotik] > /ip address add address=10.250.255.1/24 interface=TEST
[admin@Mikrotik] >
[admin@Mikrotik] > /ip pool add name=pool_TEST ranges=10.250.255.2-10.250.255.254
[admin@Mikrotik] >
[admin@Mikrotik] > /ip dhcp-server add add-arp=yes address-pool=pool_TEST disabled=no interface=TEST lease-time=1h name=DHCP_TEST
[admin@Mikrotik] >
Why?
Re: 6.3 Released
Posted: Wed Sep 04, 2013 4:01 pm
by CStrauch
I found a problem with the new traceroute tool. My backbone provider uses an MPLS network with private addresses and this means I can't 'see' the network from another router other than the border router. The new 'mtr' behaviour is stopping the tracing after 3 lost hops.
Thanks in advance!
Carlos Strauch
Re: 6.3 Released
Posted: Wed Sep 04, 2013 4:15 pm
by Toiletbowl
hello
i upgrade from 6.2 to 6.3 but my previous graph is gone, is this normal?
thanks
Re: 6.3 Released
Posted: Wed Sep 04, 2013 4:20 pm
by Chupaka
after upgrade, I have graphs upto Apr, 15th, not more
Re: 6.3 Released
Posted: Wed Sep 04, 2013 4:31 pm
by aleprolit
It seem missed nic drivers in v6.3 for x86. After upgrade any nic not work and I must to downgrade MT to v6.2 . Is it possible?
Mesh: mesh not properly work at RB1100AHx2 + mipsle and mipsbe RB's.
User manager: command /tool user-manager user create-and-activate-profile not work with argument "user",and work only with argument "numbers". For example in script:
$addRequest = new Request('/tool user-manager user create-and-activate-profile');
$addRequest->setArgument('customer','gsm');
//--> $addRequest->setArgument('user',$from);
$addRequest->setArgument('numbers',$userId);
$addRequest->setArgument('profile',$profile);
$client->sendSync($addRequest);
Re: 6.3 Released
Posted: Wed Sep 04, 2013 4:32 pm
by Campano
Hello, I lost all graphs on interfaces, ppoe, eth, wlan
:S
Re: 6.3 Released
Posted: Wed Sep 04, 2013 4:42 pm
by andriys
MD5 hash for all_packages-mipsbe-6.3.zip indicated on the download site differs from hash of the actual file.
On site:
all_packages-mipsbe-6.3.zip 54dcacfa0f027be8f21071ab21a46793
Actual archive file:
b673849ec8b4ed16c038cda275e68f4d *all_packages-mipsbe-6.3.zip
The archive file itself looks fine, extraction does not trigger any errors.
Re: 6.3 Released
Posted: Wed Sep 04, 2013 4:51 pm
by willbur
At least you took MTR into consideration for the wishlist. Now lets hope you can grant other peoples wishes Normis
. I might have just restored my faith in Mikrotik!
Re: 6.3 Released
Posted: Wed Sep 04, 2013 5:09 pm
by janisk
graphing reset for interface data transfer speeds will be fixed in next release.
Re: 6.3 Released
Posted: Wed Sep 04, 2013 5:51 pm
by zervan
How many users do you have? Check "/tool user-manager database print", which database is the one taking up space?
About 150 users. The space was restored back after reboot, so now I don't know which database it was - I will check that next time:
> /tool user-manager database print
size: 704 kB
in-use: 44 %
log-size: 141 kB
log-in-use: 100 %
last-save: sep/01/2013 00:00:20
Last issue appeared during august and in august there were almost no users active (because of holiday, it is located in school). I have a scheduler which creates data and log backups and then clears log - at the beginning of each month.
Re: 6.3 Released
Posted: Wed Sep 04, 2013 6:01 pm
by alexha
After update to 6.3 does not work manual setting of speed interface ethernet
Re: 6.3 Released
Posted: Wed Sep 04, 2013 8:24 pm
by elmer
After update to 6.3 does not work manual setting of speed interface ethernet
Works for me on RB433, why you dont write on which RB or x86 platform...? More info plz
Re: 6.3 Released
Posted: Wed Sep 04, 2013 8:41 pm
by cbrown
Broken multiple Paste comands in v6.3 CCR (in v6.2 all works fine)
I copy commands below(for example)
/interface vlan add arp=reply-only interface=ether3 name=TEST vlan-id=3000
/ip address add address=10.250.255.1/24 interface=TEST
/ip pool add name=pool_TEST ranges=10.250.255.2-10.250.255.254
/ip dhcp-server add add-arp=yes address-pool=pool_TEST disabled=no interface=TEST lease-time=1h name=DHCP_TEST
Paste in terminal and get the error.
[admin@Mikrotik] > /interface vlan add arp=reply-only interface=ether3 name=TEST vlan-id=3000
[admin@Mikrotik] > /ip address add address=10.250.255.1/24 interface=TEST
[admin@Mikrotik] > /ip pool add name=pool_TEST ranges=10.250.255.2-10.250.255.254
[admin@Mikrotik] > /ip dhcp-server add add-arp=yes address-pool=pool_TEST disabled=no interface=TEST lease-time=1h name=DHCP_TEST
input does not match any value of interface
Enter one-by-one and all ok:
[admin@Mikrotik] >
[admin@Mikrotik] > /interface vlan add arp=reply-only interface=ether3 name=TEST vlan-id=3000
[admin@Mikrotik] >
[admin@Mikrotik] > /ip address add address=10.250.255.1/24 interface=TEST
[admin@Mikrotik] >
[admin@Mikrotik] > /ip pool add name=pool_TEST ranges=10.250.255.2-10.250.255.254
[admin@Mikrotik] >
[admin@Mikrotik] > /ip dhcp-server add add-arp=yes address-pool=pool_TEST disabled=no interface=TEST lease-time=1h name=DHCP_TEST
[admin@Mikrotik] >
Why?
I actually experienced this as well.
Re: 6.3 Released
Posted: Wed Sep 04, 2013 10:04 pm
by cREoz
Hi.
I upgrade 951G-2HnD to 6.3.
Function "Reset Configuration" is broken.
Default configuration not apply after reboot.
In 6.2 it work.
Re: 6.3 Released
Posted: Wed Sep 04, 2013 10:44 pm
by Sob
IPv6 routes are broken in WinBox, any operation (add/change) fails with "Invalid route configuration: Invalid gateway configration (6)". From terminal it works. Tested with RB450 and completely clean ROS install in VirtualBox.
Re: 6.3 Released
Posted: Thu Sep 05, 2013 12:39 am
by ekkas
Still a problem:
/ip firewall nat> pr
0 chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=PUBLIC
It cause problems in some cases (and flood network with bogon IPs), we have to fix like below but with many CPEs in the field, all different IPs...
/ip firewall nat> pr
0 chain=srcnat action=src-nat to-addresses=10.1.2.3 out-interface=PUBLIC
Re: 6.3 Released
Posted: Thu Sep 05, 2013 4:46 am
by elgrandiegote
*) pptp, l2tp, sstp - allow to specify server via dns name;
This is very very important small feature for my region
- lets say goodbye to some significant scripting
And OpenVpn?????
Re: 6.3 Released
Posted: Thu Sep 05, 2013 5:27 am
by theprism
Was the IPSEC issues fixed as well? Anyone to confirm?
Thank you!
T.P.
Re: 6.3 Released
Posted: Thu Sep 05, 2013 5:47 am
by jandafields
*) pptp, l2tp, sstp - allow to specify server via dns name;
This is very very important small feature for my region
- lets say goodbye to some significant scripting
And OpenVpn?????
Instead of asking over and over, just try it!. By the way, the answer is NO. Just like the changelog says.
Re: 6.3 Released
Posted: Thu Sep 05, 2013 8:47 am
by macgaiver
Still a problem:
/ip firewall nat> pr
0 chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=PUBLIC
It cause problems in some cases (and flood network with bogon IPs), we have to fix like below but with many CPEs in the field, all different IPs...
/ip firewall nat> pr
0 chain=srcnat action=src-nat to-addresses=10.1.2.3 out-interface=PUBLIC
/ip firewall nat unset 0 to-addresses
And i'm not sure that it is your problem. to-addresses option is not used in case of masqueraded, it just saves value if you will switch back to src-nat action
Re: 6.3 Released
Posted: Thu Sep 05, 2013 9:24 am
by alexha
After update to 6.3 does not work manual setting of speed interface ethernet
Works for me on RB433, why you dont write on which RB or x86 platform...? More info plz
Sorry. Does not work on 2011UAS-2HnD, RB450G and SXT 5HnD
Re: 6.3 Released
Posted: Thu Sep 05, 2013 3:28 pm
by normis
It seem missed nic drivers in v6.3 for x86. After upgrade any nic not work and I must to downgrade MT to v6.2 . Is it possible?
clarify which NIC is that ?
Re: 6.3 Released
Posted: Thu Sep 05, 2013 3:53 pm
by ekkas
Verbose export still a problem.
/ip firewall mangle> export verbose
#
/ip firewall mangle
add action=set-priority chain=forward !connection-bytes !connection-limit \
!connection-mark !connection-rate !connection-state !connection-type \
!content disabled=no !dscp !dst-address !dst-address-list !dst-address-type \
!dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
!in-interface !ingress-priority !ipv4-options !layer7-protocol !limit \
new-priority=from-dscp-high-3-bits !nth !out-bridge-port out-interface=\
all-wireless !p2p !packet-mark !packet-size passthrough=yes \
!per-connection-classifier !port !priority !protocol !psd !random \
!routing-mark !routing-table !src-address !src-address-list \
!src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time !ttl
Re: 6.3 Released
Posted: Thu Sep 05, 2013 4:08 pm
by andriys
The new mtr-like traceroute is buggy.
In draws only 50 bars and then stops updating the histogram.
Re: 6.3 Released
Posted: Thu Sep 05, 2013 4:18 pm
by normis
MD5 hash for all_packages-mipsbe-6.3.zip indicated on the download site differs from hash of the actual file.
On site:
all_packages-mipsbe-6.3.zip 54dcacfa0f027be8f21071ab21a46793
Actual archive file:
b673849ec8b4ed16c038cda275e68f4d *all_packages-mipsbe-6.3.zip
The archive file itself looks fine, extraction does not trigger any errors.
Hello!
The correct md5sum for file all_packages-mipsbe-6.3.zip is, in fact, 54dcacfa0f027be8f21071ab21a46793 as it is stated on our website. Please use official sources for your upgrades.
Thanks.
Re: 6.3 Released
Posted: Thu Sep 05, 2013 4:25 pm
by ekkas
In draws only 50 bars and then stops updating the histogram.
I prefer it that Bandwidth tests, pings, tracert, etc. time out after a while, but maybe 50 is to quick.
To many times did someone leave a test running and forgot about it.
Re: 6.3 Released
Posted: Thu Sep 05, 2013 6:04 pm
by doush
graphing reset for interface data transfer speeds will be fixed in next release.
If there are "known issues", please state them in your change_log or at least make a known issues thread !
Re: 6.3 Released
Posted: Fri Sep 06, 2013 9:05 am
by normis
Verbose export still a problem.
/ip firewall mangle> export verbose
#
/ip firewall mangle
add action=set-priority chain=forward !connection-bytes !connection-limit \
!connection-mark !connection-rate !connection-state !connection-type \
!content disabled=no !dscp !dst-address !dst-address-list !dst-address-type \
!dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port \
!in-interface !ingress-priority !ipv4-options !layer7-protocol !limit \
new-priority=from-dscp-high-3-bits !nth !out-bridge-port out-interface=\
all-wireless !p2p !packet-mark !packet-size passthrough=yes \
!per-connection-classifier !port !priority !protocol !psd !random \
!routing-mark !routing-table !src-address !src-address-list \
!src-address-type !src-mac-address !src-port !tcp-flags !tcp-mss !time !ttl
what is the problem here? verbose is "more", if you want only what you changed, don't use "verbose"
Re: 6.3 Released
Posted: Fri Sep 06, 2013 9:14 am
by honzam
graphing reset for interface data transfer speeds will be fixed in next release.
If there are "known issues", please state them in your change_log or at least make a known issues thread !
+1
Re: 6.3 Released
Posted: Fri Sep 06, 2013 11:02 am
by Rivera
*) pptp, l2tp, sstp - allow to specify server via dns name;
Please add OpenVPN to that list. Seriously, that's just unfair for users.
pptp - insecure.
sstp - supported only in windows.
l2tp - requires ipsec+l2tp combo, hard to configure by user.
Re: 6.3 Released
Posted: Fri Sep 06, 2013 11:28 am
by normis
l2tp - hard to configure by user.
You mean OpenVPN is easier to configure by user? Personally, I strongly disagree.
Re: 6.3 Released
Posted: Fri Sep 06, 2013 11:36 am
by Rivera
Viscosity on Mac and Windows can simply import config with one click. Same for "free" Mac OpenVPN client - Tunnelblick.
Same applies for Ubuntu with NetworkManager.
Not sure about "OpenVPN GUI" for windows.
So yeah, not a problem at all.
Re: 6.3 Released
Posted: Fri Sep 06, 2013 12:10 pm
by stmx38
Re: 6.3 Released
Posted: Fri Sep 06, 2013 12:12 pm
by Rivera
If you so strong against OpenVPN, please provide me with protocol that will be:
1) Secure.
Not PPTP
2) Cross-platform. Not SSTP. Btw yours SSTP implementation can connect only to Win and mikrotik based VPN servers, not to SoftEther)
3) Portable, by portable i mean it can be used on both 3G/4G networks. VPNs that was stable on 3G connection was PPTP (but unsecure) and OpenVPN.
4) Easy to configure. Not IPSec/L2TP, because installing strong/openswan and writing all configs... doh.
We have mixed environment (both win/lin/mac) in our office network, same for my home network.
Re: 6.3 Released
Posted: Fri Sep 06, 2013 12:39 pm
by ayufan
4) Easy to configure. Not IPSec/L2TP, because installing strong/openswan and writing all configs... doh.
IPSec/L2TP is fairly easy to configure. You have built-in (or easily installable) support for all the platforms (ex. Windows Phone). We have users using: OSX, Windows 7 and 8, Ubuntu/Mint, Android and iOS. All of them can use graphical tools to connect to VPN server.
Kamil
Re: 6.3 Released
Posted: Fri Sep 06, 2013 12:45 pm
by Rivera
> Ubuntu/Mint
NM in ubuntu lacks L2TP/IPsec support.
Re: 6.3 Released
Posted: Fri Sep 06, 2013 2:11 pm
by andriys
If you so strong against OpenVPN, please provide me with protocol that will be:
Plain policy-based IPsec. With all the recently added features to support road-warrior configurations this is now my #1 choice to be used with Mikrotik.
Mikrotik still lacks some very-nice-to-have features like Split-DNS support (I only need server-side (i.e. mode-cfg) Split-DNS support, and it should be extremely easy to implement) and RADIUS integration, though. But what we have at the moment is already usable.
Re: 6.3 Released
Posted: Fri Sep 06, 2013 2:29 pm
by theprism
Yes, but IPSEC was not working well in 6.1 and 6.2. Were all issues with it fixed in 6.3?
Is it working?
Thanks,
T.P.
Re: 6.3 Released
Posted: Fri Sep 06, 2013 2:29 pm
by andriys
The problem with both WinBox and WebFig misreporting the IPsec SA expiration time is not fixed yet in 6.3. The reported value is a) incorrect and b) counts up (but should count down). Everything is fine on console, the "/ip ipsec installed-sa print" command reports correct value.
Original report is here:
http://forum.mikrotik.com/viewtopic.php ... 50#p381561
Re: 6.3 Released
Posted: Fri Sep 06, 2013 2:29 pm
by normis
Yes, but IPSEC was not working well in 6.1 and 6.2. Were all issues with it fixed in 6.3?
Is it working?
Thanks,
T.P.
IPsec is working in v6.1 and v6.2, what did you mean by this?
Re: 6.3 Released
Posted: Fri Sep 06, 2013 2:33 pm
by andriys
Yes, but IPSEC was not working well in 6.1 and 6.2. Were all issues with it fixed in 6.3?
Is it working?
It was working just fine for me in 6.2, and works fine in 6.3 now. The only problem is that SA expiration time is misreported in WinBox and WebFig (see 2 posts above), but that is definitely not a show-stopper.
Re: 6.3 Released
Posted: Fri Sep 06, 2013 2:34 pm
by normis
The problem with both WinBox and WebFig misreporting the IPsec SA expiration time is not fixed yet in 6.3. The reported value is a) incorrect and b) counts up (but should count down). Everything is fine on console, the "/ip ipsec installed-sa print" command reports correct value.
Original report is here:
http://forum.mikrotik.com/viewtopic.php ... 50#p381561
This will be fixed in v6.4
Re: 6.3 Released
Posted: Fri Sep 06, 2013 2:59 pm
by elgrandiegote
*) pptp, l2tp, sstp - allow to specify server via dns name;
Please add OpenVPN to that list. Seriously, that's just unfair for users.
pptp - insecure.
sstp - supported only in windows.
l2tp - requires ipsec+l2tp combo, hard to configure by user.
+1
Re: 6.3 Released
Posted: Fri Sep 06, 2013 3:04 pm
by npero
*) pptp, l2tp, sstp - allow to specify server via dns name;
Please add OpenVPN to that list. Seriously, that's just unfair for users.
pptp - insecure.
sstp - supported only in windows.
l2tp - requires ipsec+l2tp combo, hard to configure by user.
+1
+1
Re: 6.3 Released
Posted: Fri Sep 06, 2013 3:47 pm
by ayufan
Re: 6.3 Released
Posted: Fri Sep 06, 2013 3:52 pm
by boen_robot
manager: command /tool user-manager user create-and-activate-profile not work with argument "user",and work only with argument "numbers". For example in script:
$addRequest = new Request('/tool user-manager user create-and-activate-profile');
$addRequest->setArgument('customer','gsm');
//--> $addRequest->setArgument('user',$from);
$addRequest->setArgument('numbers',$userId);
$addRequest->setArgument('profile',$profile);
$client->sendSync($addRequest);
Has it also been renamed from terminal (I haven't upgraded just yet myself...)? If so, the API behavior is to be expected, and the rename itself - typical, kind'a (sadly). But look at it from the bright side - the rename to "numbers" suggests that you can now target multiple users, whereas you could previously target just one user.
If terminal still shows it as "<user>" - yeah, that's a ROS bug all right.
Re: 6.3 Released
Posted: Fri Sep 06, 2013 4:06 pm
by richardtrip
l2tp - hard to configure by user.
You mean OpenVPN is easier to configure by user? Personally, I strongly disagree.
For sure it is easier to import one config file on android/ios/Windows/Mac. But we all know the problems with the mikrotik implementation (no udp/lzo).
Sent from my A500 using Tapatalk 4
Re: 6.3 Released
Posted: Fri Sep 06, 2013 4:53 pm
by ddejager
After upgrading from 6.0 to 6.2 all my INPUT firewall rules disappeared. Is this fixed in 6.3?
Also after upgrading from 6.0 to 6.2 clicking on quickset caused winbox to close immediately. Is this fixed in 6.3?
My hardware is RB2011UAS-2HnD.
Re: 6.3 Released
Posted: Sat Sep 07, 2013 12:33 am
by roneyeduardo
*) ppp, hotspot - added ability to specify where to insert rate limiting queue,
it's parent and type;
Can we do that via Radius attributes? How?
Re: 6.3 Released
Posted: Sat Sep 07, 2013 4:43 am
by theprism
IPsec is working in v6.1 and v6.2, what did you mean by this?
In v6.1 the following IPSEC problem existed:
Windows 7 <- L2TP/IPSEC -> Mikrotik 6.1 stopped working.
L2TP was passing OK but when reached IPSEC portion it compains in logs about payload and triming.
Was this fixed?
Thanks,
the_prism
Re: 6.3 Released
Posted: Sat Sep 07, 2013 4:14 pm
by Sandor1k
I have a problem with the creation of backups. When you click backup of the entire disk space scores.
Re: 6.3 Released
Posted: Sun Sep 08, 2013 1:52 pm
by TerAnYu
igmp-proxy, the image breaks down at the incoming stream over 10Mbps.
PIM is not possible to use it to check.
Re: 6.3 Released
Posted: Sun Sep 08, 2013 4:08 pm
by MrYan
After upgrading from 6.0 to 6.2 all my INPUT firewall rules disappeared. Is this fixed in 6.3?
I had this also (from 6.1 to 6.2). When I upgraded to 6.3 the rules remained in place.
Matt.
Re: 6.3 Released
Posted: Mon Sep 09, 2013 12:58 am
by infused
Finally upgraded my core CCR from RC13 to 6.3. Runs much smoother. Cpu seems to be better too.
I don't run BGP or IPSec, but use most other features.
Mikrotik: Is there a layout of what services/features use what cpus?
Re: 6.3 Released
Posted: Mon Sep 09, 2013 1:05 am
by infused
Actually winbox bug in 6.3 on ccr.
Use safe mode and turn it off. I go to exit winbox and it says im in safe mode, if I quit, changes will be undone.
Re: 6.3 Released
Posted: Mon Sep 09, 2013 1:25 am
by pcunite
Mikrotik: Is there a layout of what services/features use what cpus?
Tools / Profile
Re: 6.3 Released
Posted: Mon Sep 09, 2013 1:44 am
by infused
Mikrotik: Is there a layout of what services/features use what cpus?
Tools / Profile
Doesn't show you what cpus each service is working across though.
Re: 6.3 Released
Posted: Mon Sep 09, 2013 5:27 am
by theprism
IPsec is working in v6.1 and v6.2, what did you mean by this?
In v6.1 the following IPSEC problem existed:
Windows 7 <- L2TP/IPSEC -> Mikrotik 6.1 stopped working.
L2TP was passing OK but when reached IPSEC portion it compains in logs about payload and triming.
Was this fixed?
Thanks,
the_prism
Normis, can you confirm that this was fixed and
Windows 7 <- L2TP/IPSEC -> Mikrotik 6.1 works fine?
Thanks,
T.P.
Re: 6.3 Released
Posted: Mon Sep 09, 2013 9:06 am
by normis
IPsec is working in v6.1 and v6.2, what did you mean by this?
In v6.1 the following IPSEC problem existed:
Windows 7 <- L2TP/IPSEC -> Mikrotik 6.1 stopped working.
L2TP was passing OK but when reached IPSEC portion it compains in logs about payload and triming.
Was this fixed?
Thanks,
the_prism
Normis, can you confirm that this was fixed and
Windows 7 <- L2TP/IPSEC -> Mikrotik 6.1 works fine?
Thanks,
T.P.
Please tell me your Mikrotik Support ticket number, and I will check status.
Re: 6.3 Released
Posted: Mon Sep 09, 2013 10:58 pm
by Supportkavos
After upgrade to 6.3 cannot connect with openvpn to 6.2. Tls error. Mtk to mtk.
Re: 6.3 Released
Posted: Tue Sep 10, 2013 4:21 pm
by guilhermeramires
You need to set SRC-ADDRESS if you want to reach the same result.
I found a problem with the new traceroute tool. My backbone provider uses an MPLS network with private addresses and this means I can't 'see' the network from another router other than the border router. The new 'mtr' behaviour is stopping the tracing after 3 lost hops.
Thanks in advance!
Carlos Strauch
Re: 6.3 Released
Posted: Tue Sep 10, 2013 4:26 pm
by guilhermeramires
ARP=reply-only is not working on CCRs.
X86, MIPSBE and PPC is working fine.
Re: 6.3 Released
Posted: Tue Sep 10, 2013 11:36 pm
by elmer
Please test scheduler for me
IMO don`t work with new 6.3 rOS...
/file remove email
/system backup save name=email
/tool e-mail send server=173.194.70.16 port=587 user=me@gmail.com password=mypass start-tls=yes to=me@gmail.com from=Router subject=Backup body="copy config router" file=email.backup
Re: 6.3 Released
Posted: Wed Sep 11, 2013 6:47 am
by theprism
Normis, can you confirm that this was fixed and Windows 7 <- L2TP/IPSEC -> Mikrotik 6.1 works fine?
Thanks,
T.P.
Please tell me your Mikrotik Support ticket number, and I will check status.
I don't have any ticket number.
I mentioned about this here
http://forum.mikrotik.com/viewtopic.php ... 50#p373740 and here
http://forum.mikrotik.com/viewtopic.php ... 50#p373772
Re: 6.3 Released
Posted: Wed Sep 11, 2013 9:34 am
by normis
This is a community forum. Community members can't and don't fix bugs. If you wish a problem to be addressed, you Must contact support. Posting here doesn't guarantee that a member of MikroTik support will read the post.
Re: 6.3 Released
Posted: Wed Sep 11, 2013 12:50 pm
by sisal
Broken multiple Paste comands in v6.3 CCR (in v6.2 all works fine)
...
Paste in terminal and get the error.
[admin@Mikrotik] > /interface vlan add arp=reply-only interface=ether3 name=TEST vlan-id=3000
[admin@Mikrotik] > /ip address add address=10.250.255.1/24 interface=TEST
[admin@Mikrotik] > /ip pool add name=pool_TEST ranges=10.250.255.2-10.250.255.254
[admin@Mikrotik] > /ip dhcp-server add add-arp=yes address-pool=pool_TEST disabled=no interface=TEST lease-time=1h name=DHCP_TEST
input does not match any value of interface
...
Hi.
I upgrade 951G-2HnD to 6.3.
Function "Reset Configuration" is broken.
Default configuration not apply after reboot.
In 6.2 it work.
These problems are related.
None of my scripts work anymore, it's almost as if MikroTik invented asynchronous command execution where the second command is executed before the result from the first one is commited.
The default configuration script of RB2011L after a router reset drops out at the following commands:
/interface {
set ether6 name=ether6-master-local;
set ether7 name=ether7-slave-local;
set ether8 name=ether8-slave-local;
set ether9 name=ether9-slave-local;
set ether10 name=ether10-slave-local;
}
/interface ethernet {
set ether7-slave-local master-port=ether6-master-local;
set ether8-slave-local master-port=ether6-master-local;
set ether9-slave-local master-port=ether6-master-local;
set ether10-slave-local master-port=ether6-master-local;
}
input does not match any value of master-port
The
/interface set ether 6 name=ether6-master-local seems to not be commited when
/interface ethernet set ether7-slave-local master-port=ether6-master-local is executed. When I repeat the same command, everything works.
After a config reset I have to use MAC Telnet to access my RB2011L devices. This is too unreliable for me, I'm definitely staying with 5.25 for now.
Re: 6.3 Released
Posted: Wed Sep 11, 2013 12:55 pm
by mrz
This problem will be fixed in v6.4
Re: 6.3 Released
Posted: Wed Sep 11, 2013 1:08 pm
by Lakis
Finally upgraded my core CCR from RC13 to 6.3. Runs much smoother. Cpu seems to be better too.
I don't run BGP or IPSec, but use most other features.
Mikrotik: Is there a layout of what services/features use what cpus?
There are still menu bugs but I confirm this in performance 6.3 run much much better
Re: 6.3 Released
Posted: Wed Sep 11, 2013 1:56 pm
by telepro
The option to execute a script fails after the following reset-configuration command has been executed and the routerboard has restarted if the file x.rsc is greater than or equal to 64kB.
Files .LE. about 63.5kB execute successfully.
/system reset-configuration keep-users=yes no-defaults=yes skip-backup=yes run-after-reset=x.rsc
Can this be fixed in 6.4 along with the scripting issues documented above?
thanks in advance.
Re: 6.3 Released
Posted: Wed Sep 11, 2013 2:15 pm
by theprism
This is a community forum. Community members can't and don't fix bugs. If you wish a problem to be addressed, you Must contact support. Posting here doesn't guarantee that a member of MikroTik support will read the post.
Well, this is a bug that wasn't present in previous versions. It appeared starting with v6.1 and since I never got any answers if it was fixed or no in v6.2, and now v6.3, I keep asking. No time to upgrade and test and revert back if the problem persists.
So, actually it's something that appeared after Mikrotik gurus "fixed" something that
was working and my report is like anything else reported on these forums after any new version is released. If you don't want to look into it, it's your choice but I won't spend my time in opening tickets on something that works fine in previous versions. If you don't want to improve your product that you broke with an upgrade - you'll be the ones who will lose the most. There're plenty of other products on the market.
Regards,
T.P.
Re: 6.3 Released
Posted: Wed Sep 11, 2013 2:50 pm
by ekkas
None of my scripts work anymore, it's almost as if MikroTik invented asynchronous command execution where the second command is executed before the result from the first one is commited.
I've noticed something similar in API. (not sure if issue was on 5.25 as I never used so many commands on ROS5)
If I send to many API commands directly after the other, over same API connection, some commands are just dropped. E.g. making groups of 8 simple queues, with a parent, if I pump them to fast, then sometimes up to 3 of some of the group's 8 would be 'lost'/not there.(it is as-if I post teh parent and then some children, but children get created before parent exist yet, failing. If I put in a 40ms delay between 'parent' and all 'children' commands, it runs reliably, but painfully slow for a few thousand entries.
Regards
Ekkas
Re: 6.3 Released
Posted: Wed Sep 11, 2013 3:08 pm
by boen_robot
None of my scripts work anymore, it's almost as if MikroTik invented asynchronous command execution where the second command is executed before the result from the first one is commited.
I've noticed something similar in API. (not sure if issue was on 5.25 as I never used so many commands on ROS5)
If I send to many API commands directly after the other, over same API connection, some commands are just dropped. E.g. making groups of 8 simple queues, with a parent, if I pump them to fast, then sometimes up to 3 of some of the group's 8 would be 'lost'/not there. If I put in a 40ms delay between commands, it runs reliably, but painfully slow for a few thousand entries.
Regards
Ekkas
Have you tried to simply get the response from one "add" command before doing the next?
RouterOS commits the changes only after it has generated a !done response, which it doesn't do if your app doesn't request it. When you just spam the router with many requests, and only get the responses afterwards, you eventually exhaust either its or your app's buffer (depending on the client...). So doing multiple send/receive cycles as opposed to send,send,send,(x1000 send),receive cycles should eliminate the problem, while also making your app faster, since it won't need the 40ms delay.
Then again, this may make the app slower due to the multiple remote calls... so I guess if you simply "fragment" your receives - make it send,send,send,receive, then again send,send,send,receive, etc. you might get best results.
Re: 6.3 Released
Posted: Wed Sep 11, 2013 3:29 pm
by ekkas
Then again, this may make the app slower due to the multiple remote calls... so I guess if you simply "fragment" your receives - make it send,send,send,receive, then again send,send,send,receive, etc. you might get best results.
I actually wait for !done after each command. I must also say it's my first multi-core router, don't know if that could be related but it's not a big issue. I am updating my app to be more intelligent in what to update, so less updates with proper pauses will be workable. Sometimes it will run thousands without problem, so it's not like it a consistent issue, but I cannot take a chance so I'll rather run slower and know all scripts are applied correctly.
Thanks for the response.
Re: 6.3 Released
Posted: Wed Sep 11, 2013 3:37 pm
by mrz
This API problem is related to previously mentioned console bug. So will be fixed in v6.4
Re: 6.3 Released
Posted: Wed Sep 11, 2013 7:05 pm
by peterdoo
After the upgrade of 750G from 6.2 to 6.3 it blocked completelly after 3 days. It had to be unplugged. After that restart the L2TP/IPSec connections stopped working again after few minutes. As I can only access it via VPN, I could not check more.
Made supout.rif and then downgraded it to 6.2. It is up for 2 days now. Is supout.rif of any interest to Mikrotik support although it has been generated after the two restarts?
Re: 6.3 Released
Posted: Wed Sep 11, 2013 7:42 pm
by armandfumal
any devnote of the 6.4 somewhere ?
Re: 6.3 Released
Posted: Wed Sep 11, 2013 8:25 pm
by rpingar
any update un VRRP interface problem described into the [Ticket#2013090666000521]
After some days the backup vrrp goes crazy flapping between master and backup.
Only reboot fix the issue.
Regards
Ros
Re: 6.3 Released
Posted: Wed Sep 11, 2013 11:56 pm
by Diamont
*) pptp, l2tp, sstp - allow to specify server via dns name;
This is very very important small feature for my region
- lets say goodbye to some significant scripting
Just for Beeline.All other (i.e. NORMAL) ISPs use PPPoE or IPoE.