Categories
Mikrotik

Mikrotik Mobile App

https://mikrotik.com/mobile_app
The app is available for both Android and iOS operating systems. It is the best way to configure a new device, as it provides a simple and user friendly setup screen for the most basic settings of your new router. It also features an advanced menu, for the more experienced user.

Categories
Uncategorized

Mikrotik Releases 6.42

From Mikrotik

We have released new RouterOS versions in current channel.

To upgrade, click “Check for updates” at “System/Package” in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

What’s new in 6.42 (2018-Apr-13 11:03):

!) tile – improved system performance and stability (“/system routerboard upgrade” required);
!) w60g – increased distance for wAP 60G to 200+ meters;
*) bridge – added host aging timer for CRS3xx and Atheros hw-bridges;
*) bridge – added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge – added per-port learning options;
*) bridge – added support for static hosts;
*) bridge – fixed “master-port” configuration conversion from pre-v6.41 RouterOS versions;
*) bridge – fixed bridge port interface parameter under “/interface bridge host print detail”;
*) bridge – fixed false MAC address learning on hAP ac^2 and cAP ac devices;
*) bridge – fixed incorrect “fast-forward” enabling when ports were switched;
*) bridge – fixed MAC learning for VRRP interfaces on bridge;
*) bridge – fixed reliability on software bridges when used on devices without switch chip;
*) bridge – hide options for disabled bridge features in CLI;
*) bridge – show “hw” flags only on Ethernet interfaces and interface lists;
*) capsman – added “allow-signal-out-of-range” option for Access List entries;
*) capsman – added support for “interface-list” in Access List and Datapath entries;
*) capsman – improved CAPsMAN responsiveness with large amount of CAP interfaces;
*) capsman – log “signal-strength” when successfully connected to AP;
*) certificate – added PKCS#10 version check;
*) certificate – dropped DES support and added AES instead for SCEP;
*) certificate – dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate – fixed incorrect SCEP URL after an upgrade;
*) chr – added “open-vm-tools” on VMware installations;
*) chr – added “qemu-guest-agent” and “virtio-scsi” driver on KVM installations;
*) chr – added “xe-daemon” on Xen installations;
*) chr – added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr – added support for booting from NVMe disks;
*) chr – added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr – added support for NIC hot-plug on VMware and Xen installations;
*) chr – fixed additional disk detaching on Xen installations;
*) chr – fixed interface matching by name on VMware installations;
*) chr – fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr – fixed suspend on Xen installations;
*) chr – make additional disks visible under “/disk” on Xen installations;
*) chr – make Virtio disks visible under “/disk” on KVM installations;
*) chr – run startup scripts on the first boot on AWS and Google Cloud installations;
*) console – fixed “idpr-cmtp” protocol by changing its value from 39 to 38;
*) console – improved console stability after it has not been used for a long time;
*) crs1xx/2xx – added BPDU value for “ingress-vlan-translation” menu “protocol” option;
*) crs212 – fixed Ethernet boot when connected to boot server through CRS326 device;
*) crs326 – fixed known multicast flooding to the CPU;
*) crs3xx – added switch port “storm-rate” limiting options;
*) crs3xx – added “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) detnet – fixed “detect-internet” feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp – improved DHCP service reliability when it is configured on bridge interface;
*) dhcp – reduced resource usage of DHCP services;
*) dhcpv4-server – added “dns-none” option to “/ip dhcp-server network dns”;
*) dhcpv6 – make sure that time is set before restoring bindings;
*) dhcpv6-client – added info exchange support;
*) dhcpv6-client – added possibility to specify options;
*) dhcpv6-client – added support for options 15 and 16;
*) dhcpv6-client – implement confirm after reboot;
*) dhcpv6-server – added DHCPv4 style user options;
*) dns – do not generate “Undo” messages on changes to dynamic servers;
*) email – set maximum number of sessions to 100;
*) fetch – added “http-content-type” option to allow setting MIME type of the data in free text form;
*) fetch – added “output” option for all modes in order to return result to file, variable or ignore it;
*) fetch – increased maximum number of sessions to 100;
*) filesystem – implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig – properly apply configuration provided by Flashfig;
*) gps – improved NMEA sentence handling;
*) health – added log warning when switching between redundant power supplies;
*) health – fixed empty measurements on CRS328-24P-4S+RM;
*) hotspot – improved HTTPS matching in Walled Garden rules;
*) ike1 – display error message when peer requests “mode-config” when it is not configured;
*) ike1 – do not accept “mode-config” reply more than once;
*) ike1 – fixed wildcard policy lookup on responder;
*) ike2 – fixed framed IP address received from RADIUS server;
*) interface – improved interface configuration responsiveness;
*) ippool – added ability to specify comment;
*) ippool6 – added pool name to “no more addresses left” error message;
*) ipsec – fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec – improved single tunnel hardware acceleration performance on MMIPS devices;
*) ipsec – properly detect interface for “mode-config” client IP address assignment;
*) ipv6 – fixed IPv6 behaviour when bridge port leaves bridge;
*) ipv6 – update IPv6 DNS from RA only when it is changed;
*) kidcontrol – initial work on “/ip kid-control” feature;
*) led – added “Dark Mode” support for wAP 60G;
*) led – added w60g alignment trigger;
*) led – fixed unused “link-act-led” LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) led – removed unused “link-act-led” trigger for devices which does not use it;
*) lte – added initial support for Quectel LTE EP06-E;
*) lte – added initial support for SIM7600 LTE modem interface;
*) lte – added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte – do not add DHCP client on LTE modems that doesn’t use DHCP;
*) lte – fixed DHCP client adding for MF823 modem;
*) lte – fixed LTE band setting for SXT LTE;
*) mac-ping – fixed duplicate responses;
*) modem – added initial support for AC340U;
*) netinstall – fixed MMIPS RouterOS package description;
*) netinstall – sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch – limit to read, write, test and reboot policies for Netwatch script execution;
*) poe – do not show “poe-out-current” on devices which can not determine it;
*) poe – hide PoE related properties on interfaces that does not provide power output;
*) ppp – added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp – allow to override remote user PPP profile via “Mikrotik-Group”;
*) quickset – fixed NAT if PPPoE client is used for Internet access;
*) quickset – properly detect IP address when one of the bridge modes is used;
*) quickset – properly detect LTE interface on startup;
*) quickset – show “G” flag for guest users;
*) quickset – use “/24” subnet for local network by default;
*) r11e-lte – improved LTE connection initialization process;
*) rb1100ahx4 – improved reliability on hardware encryption;
*) routerboard – added RouterBOOT “auto-upgrade” after RouterOS upgrade (extra reboot required);
*) routerboard – properly detect hAP ac^2 RAM size;
*) sniffer – fixed “/tool sniffer packet” results listed in incorrect order;
*) snmp – added “/caps-man interface print oid”;
*) snmp – added “/interface w60g print oid”;
*) snmp – added “board-name” OID;
*) snmp – improved request processing performance for wireless and CAP interfaces;
*) ssh – fixed SSH service becoming unavailable;
*) ssh – generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh – improved key import error messages;
*) ssh – remove imported public SSH keys when their owner user is removed;
*) switch – hide “ingress-rate” and “egress-rate” for non-CRS3xx switches;
*) tile – added “aes-ctr” hardware acceleration support;
*) tr069-client – added “DownloadDiagnostics” and “UploadDiagnostics”;
*) tr069-client – correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client – fixed “/tool fetch” commands executed with “.alter” script;
*) tr069-client – fixed HTTPS authentication process;
*) traffic-flow – fixed IPv6 destination address value when IPFIX protocol is used;
*) upgrade – improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups – improved communication between router and UPS;
*) ups – improved disconnect message handling between RouterOS and UPS;
*) userman – added support for ARM and MMIPS platform;
*) w60g – added “tx-power” setting (CLI only);
*) w60g – added RSSI information (CLI only);
*) w60g – added TX sector alignment information (CLI only);
*) watchdog – retry to send “autosupout.rif” file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
*) winbox – added “antenna” setting under GPS settings for MIPS platform devices;
*) winbox – added “crl-store” setting to certificate settings;
*) winbox – added “insert-queue-before” to DHCP server;
*) winbox – added “use-dn” setting in OSPF instance General menu;
*) winbox – added 160 MHz “channel-width” to wireless settings;
*) winbox – added DHCPv6 client info request type and updated statuses;
*) winbox – added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox – added possibility to delete SMS from inbox;
*) winbox – allow to comment new object without committing it;
*) winbox – allow to open bridge host entry;
*) winbox – fixed name for “out-bridge-list” parameter under bridge firewall rules;
*) winbox – fixed typo from “UPtime” to “Uptime”;
*) winbox – fixed Winbox closing when viewing graph which does not contain any data;
*) winbox – improved stability when using trackpad scrolling in large lists;
*) winbox – made UDP local and remote TX size parameters optional in Bandwidth Test tool;
*) winbox – moved “ageing-time” setting from STP to General tab;
*) winbox – moved OSPF instance “routing-table” setting in OSPF instance General menu;
*) winbox – removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox – show Bridge Port PVID column by default;
*) winbox – show CQI in LTE info;
*) winbox – show dual SIM options only for RouterBOARDS which does have two SIM slots;
*) winbox – show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox – use proper graph name for HDD graphs;
*) wireless – added “realm-raw” setting for “/interface wireless interworking-profiles” (CLI only);
*) wireless – added initial support for “nstreme-plus”;
*) wireless – added support for “band=5ghz-n/ac”;
*) wireless – added support for “interface-list” for Access List entries;
*) wireless – added support for legacy AR9485 chipset;
*) wireless – enable all chains by default on devices without external antennas after configuration reset;
*) wireless – fixed “wds-slave” channel selection when single frequency is specified;
*) wireless – fixed incompatibility with macOS clients;
*) wireless – fixed long “scan-list” entries not working for ARM based wireless interfaces;
*) wireless – fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless – fixed RB911-5HnD low transmit power issue;
*) wireless – fixed RTS/CTS option for the ARM based wireless devices;
*) wireless – fixed wsAP wrong 5 GHz interface MAC address;
*) wireless – improved compatibility with specific wireless AC standard clients;
*) wireless – improved Nv2 PtMP performance;
*) wireless – improved packet processing on ARM platform devices;
*) wireless – improved wireless performance on hAP ac^2 devices while USB is being used;
*) wireless – improved wireless scan functionality;

Categories
Mikrotik

Mikrotik Router OS 6.36.2

To upgrade, click “Check for updates” at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

v6.36.2 forum topic discussion,
http://forum.mikrotik.com/viewtopic.php?f=21&t=111450

What’s new in 6.36.2 (2016-Aug-22 12:54):

*) arm – show cpu frequency under resources menu;
*) capsman – fixed upgrade policy;
*) ccr/crs – fixed SFP+ interface ddmi info reporting function. Info is now refreshed on regular intervals;
*) conntrack – fixed ipv6 timeout display;
*) conntrack – fixed removing icmpv6 connections;
*) dns – avoid unnecessary dynamic server address saving in storage;
*) dns – allow to set query-server-timeout and query-total-timeout only greater than 0s;
*) dns – fixed lockup when dynamic dns server address 0.0.0.0 was received;
*) export – updated default values in /system routerboard settings menu;
*) partitions – fixed crash on repartition when there is not enough free space;
*) sstp – fixed disconnects on transmit for multicore systems;
*) switch – fixed configuration reload on CRS switches;
*) winbox – make queue tree default queue type default-small;

Categories
Mikrotik

Mikrotik RouterOS 3.36

Lots of things fixed in this release.

What’s new in 6.36 (2016-Jul-20 14:09):

*) arm – added Dude server support;
*) dude – (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=8&t=110428);
*) dude – server package is now made smaller. client side content upgrade is now removed from it and is downloaded straight from our cloud. So workstations on which client is used will require access to wan. Alternatively upgrade must be done by reinstalling the client on each new release;
*) firewall – added “/interface list” menu which allows to create list of interfaces which can be used as in/out-interface-list matcher in firewall and use as a filter in traffic-flow;
*) firewall – added pre-connection tracking filter – “raw” table, that allow to protect connection-tracking from unnecessary traffic;
*) firewall – allow to add domain name to address-lists (dynamic entries for resolved addresses will be added to specified list);
*) wireless – wireless-fp is discontinued, it needs to be uninstalled/disabled before upgrade;
*) address – allow multiple equal ip addresses to be added if neither or only one is enabled;
*) address-list – make “dynamic=yes” as read-only option;
*) arm – fixed kernel failure on low memory;
*) arp – added arp-timeout option per interface;
*) bonding – fixed 802.3ad load balancing mode over tunnels ;
*) bonding – fixed bonding primary slave assignment for ovpn interfaces after startup;
*) bonding – fixed crash on RoMON traffic transmit;
*) bonding – implemented l2mtu value == smallest slave interfaces l2mtu;
*) capsman – fixed crash when running over ovpn;
*) certificate – added automatic scep renewal delay after startup to avoid all requests accessing CA at the same time;
*) certificate – cancel pending renew when certificate becomes valid after date change;
*) certificate – display issuer and subject on check failure;
*) certificate – do not exit after card-verify;
*) certificate – force scep renewal on system clock updates;
*) chr – fixed CHR seeing its own system disk mounted as additional data disk;
*) clock – fixed time keeping for SXT ac, 911L, cAP, mAP lite, wAP;
*) clock – save current time to configuration once per day even if there are no time zone adjustments pending;
*) cloud – fixed export order;
*) console – fixed get false function;
*) console – show message time in echo log messages;
*) defconf – changed channel extension to 20/40/80mhz for all ac boards;
*) dhcp-pd – correct server listing for commands;
*) dhcp-server – fixed radius framed route addition after reboot on client renew;
*) dhcpv6-client – fixed ia lifetime validation when it is set by dhcpv6 client;
*) dhcpv6-relay – set packet link-address only when it is manually configured;
*) dhcpv6-server – fixed binding last-seen update;
*) disk – added support for Plextor PX-G128M6e(A) SSD on CCR1072;
*) email – fixed send from winbox;
*) email – removed subject and body length limit;
*) ethernet – fixed incorrect ether1 link speed after reboot on rb4xx series routers;
*) ethernet – fixed memory leak when setting interface without changing configuration;
*) fastpath – fixed kernel failure when fastpath handles packet with multicast dst-address;
*) fetch – support tls host name extension;
*) firewall – added udplite, dccp, sctp connection tracking helpers;
*) firewall – do not show disabled=no in export;
*) firewall – fixed spelling in built-in firewall commentary;
*) gps – fixed longitude seconds part;
*) health – fixed broken factory voltage calibration data for some hAP ac boards;
*) health – fixed incorrect voltage after reboot on RB2011UAS;
*) icmp – fixed kernel failure when icmp packet could not be processed on high load;
*) ippool6 – fixed crash on acquire when prefix length is equal with pool prefix length;
*) ipsec – add dead ph2 detection exception for windows msgid noncompliance with rfc;
*) ipsec – added dead ph2 reply detection;
*) ipsec – don’t register temporary ph2 on dead list;
*) ipsec – fix initiator modecfg dynamic dns;
*) ipsec – fixed AH with SHA2;
*) ipsec – fixed checks before accessing ph1 nat options;
*) ipsec – fixed mode-config export;
*) ipsec – fixed route cache overflow when using ipsec with route cache disabled;
*) ipsec – fixed windows msgid check on x86 devices;
*) ipsec – show remote peer address in error messages when possible;
*) ipsec – store udp encapsulation type in proposal;
*) kernel – fixed possible kernel deadlock when Sierra USB mode is being used;
*) l2tp – fixed crash when rebooting or disabling l2tp while there are still active connections;
*) lcd – reduced lowest backlight-timeout value from 5m to 30s;
*) license – do not expire demo license right after fresh installation of x86;
*) log – added whole scep certificate chain print;
*) log – increase excessive multicast/broadcast warning threshold every time it is logged;
*) log – make logging process less aggressive on startup;
*) lte – added allow-roaming option for Huawei MU709, ME909s devices;
*) lte – added cinterion pls8 support;
*) lte – added support for Huawei E3531;
*) lte – added support for ZTE ZM8620;
*) lte – added use-peer-dns option (will work only combined with add-default-route);
*) lte – changed driver loading for class 2 usb rndis devices;
*) lte – display message in lte,error log if no response received;
*) lte – display message in lte,error log when PIN is required;
*) lte – fix crash on SXT LTE while resetting card while at high traffic;
*) lte – fixed access technology logging;
*) lte – fixed connection for Huawei without cell info;
*) lte – fixed modem init when pin request present;
*) lte – fixed modem network configuration version checks;
*) lte – fixed network-mode support after downgrade;
*) lte – Huawei MU609 must use latest firmware to work correctly;
*) lte – improved multiple same model modems identification;
*) lte – show uicc for Huawei modems;
*) lte – use only creg result codes as network status indications;
*) mesh – fixed crash when connection references a mesh network but it is not available any more;
*) modem – added support for Alcatel OneTouch X600;
*) modem – added support for Quectel EC21 and EC25;
*) modem – added support for SpeedUP SU-900U modem;
*) nand – improved nand refresh feature to enhance stored data integrity;
*) ovpn – enable perfect forwarding secrecy support by default;
*) ovpn – fixed compatibility with OpenVPN 2.3.11;
*) pppoe – allow to set MTU and MRU higher than 1500 for PPPoE;
*) pppoe – do not allow to send out bigger packets than l2mtu if mrru is provided;
*) proxy – limit max ram usage to 80% for tile and x86 devices;
*) queue – reset queue type on interfaces which default queue type changes to no-queue after upgrade;
*) rb2011 – fixed ether6-ether10 flapping when two ports from both switch chips are in the same bridge;
*) rb3011 – fixed port flapping on ether6-ether10;
*) rb3011 – fixed reset button functionality;
*) rb3011 – fixed usb driver load;
*) rb3011 – fixed usb storage mounting;
*) rb3011 – improved performance on high cpu usage;
*) route – added suppport for more than 8 bits of options;
*) route – fixed ospf by handling ipv6 encoded prefixes with stray bits;
*) sniffer – fixed ipv6 address matching;
*) snmp – fixed get function for snmp>=v2 when oid does not exist;
*) snmp – fixed interface stats branch from MikroTik MIB;
*) snmp – report current access technology and cell id for lte modems;
*) snmp – report ram memory as ram instead of other;
*) ssh – add rsa host key size parameter;
*) ssh-keygen – add rsa key size parameter;
*) ssl – do not exit while there still are active sessions;
*) ssl – fixed memory leak on ssl connect/disconnect (fetch, ovpn, etc.);
*) sstp – fixed dns name support in connect-to field if http-proxy is specified;
*) supout – erase panic data properly on Netinstall;
*) switch – fixed switch compact export;
*) timezone – updated timezone information from tzdata2016e release;
*) traffic-flow – added ipfix support (RFC5101 and RFC5102);
*) tunnel – added option to auto detect tunnel local-address;
*) tunnel – fixed rare crash by specifying minimal header length immediately at tunnel initialization;
*) upnp – fixed nat rule dst-port by making it visible again;
*) usb – I-tec U3GLAN3HUB usb hub/ethernet dongle now shows up correctly as ethernet interface;
*) usb – implement possibility to recognize usb hubs/ethernet-dongles (if usb hubs/ethernet-dongles are not recognized with this version – send supout.rif file);
*) userman – fixed crash on database upload;
*) userman – use ipnpb.paypal.com for payment verification;
*) wap-ac – fixed performance problems with 2.4GHz wireless (additional reboot after upgrade required);
*) webfig – do not allow to press OK or Apply if current configuration values are not loaded yet;
*) webfig – reduced refresh time for wireless registration table to 1 second;
*) winbox – added 2ghz-g/n band for wireless-rep;
*) winbox – added icons to bridge filter actions similar to ip firewall;
*) winbox – added support for ipv6 dhcp relay;
*) winbox – allow to reorder hotspot walled-garden & walled-garden-ip rules;
*) winbox – do not allow to specify vlan-mode=no-tag in capsman datapath config;
*) winbox – do not show filter for combined fields like bgp-vpn4 RD;
*) winbox – do not show mode setting for WDS interfaces;
*) winbox – fixed crash on disconnect in secure mode;
*) winbox – fixed crash when using ctrl+d;
*) winbox – fixed safe mode;
*) winbox – improve filtering on list fields;
*) winbox – report correctly dude users in active users list;
*) winbox – set default sa-learning value to “yes” for CRS Ingress VLAN Translation rules;
*) winbox – show action column as first in bridge firewall;
*) winbox – show error when telnet is not allowed because of permissions;
*) wireless – fixed multiple wireless packages enabled at the same time after upgrade;
*) wireless-rep – added initial API support for snooper;
*) wireless-rep – fixed crash on nv2 reconnect;
*) wireless-rep – fixed scan-list unset;
*) wireless-rep – treat missing SSID element as hidden SSID;

Categories
Mikrotik

An open letter to Mikrotik about bug fixes

This isn’t your typical “rag on Mikrotik” post.  I see some frustrations with the Mikrotik process, mainly in regards to getting ongoing bugs and issues fixed. Having a persistent bug continue for large amounts of times tends to make for a frustrating experience.  Mikrotik has made leaps and bounds in their Changelogs over the past couple of years, which has been a huge help in the decisions of what software versions to upgrade (or even downgrade) to.  But I think things get lost in the process. This results in ongoing bugs, which tend to get unburied if someone makes enough noise.

One of the biggest things I would like to see is a public bug tracking system like Redhat’s Bugzilla tracking system.  This would benefit the community as a whole and help users see some of the outstanding issues when they go to implement things.  Forums are a great tool, but due to the nature of them, you get a fair amount of mis-information and unrelated chatter.  Just because Joe says he is seeing a bug, doesn’t mean he has a confirmed bug.  Having a confirmed bug system that has information and able to have moderated comments would be beneficial in many ways:
1.Users with long term bugs they are experiencing or waiting on would be able to keep informed on open status of bugs.
2.Would cut down on the “non-scientific” nature of forums. Information could be specifically submitted in support of a confirmed bug. Bug reports normally include the conditions that need to be met or existing for the bug to manifest itself. Users can then confirm, under those specific conditions, if they are experiencing a certain bug.
3.Bugs that are important to users will get reported more often. This should lead to the more important bugs being upvoted by the community thus getting them fixed earlier. If your particular bug has low numbers you have a reference as to why it’s not being addressed in a timely manner. Companies have to give resources to places they get the most bang for the buck.

Not only would this keep Mikrotik accountable, but it would keep the community accountable.  Properly reporting bugs and reproducing them is a process. It takes effort on both the user and the developer. In the end, it makes for a better product.

I have the utmost respect for Mikrotik and their staff.  Several folks there I consider friends. I think, before growing pains get too out of hand some sort of additional feedback options would be helpful for the community at large. Mikrotik is getting there. Things like making bug fix versions and release-candidate versions available, along with changelogs has been a huge help for planning and just keeping up on what’s being addressed.

What prompted this was I had a client over the past weekend who started having OSPF issues. Many hours of troubleshooting later, and only talking to some other folks who were seeing the same issues, I was able to determine a specific RouterOS version was to blame.  Being able to attach data to a specific bug report, or having Mirkotik open up a new bug based on information I submitted would have been a great help to others.  A forum of blog post would have been too general. Forums posts also tend to bring out the “I am seeing that too” and they are not meeting the same conditions you are.

Mikrotik implement a bug tracking system! Bugzilla is even on GitHub.

Categories
Mikrotik

New routerOS 6.34.4

From Mikrotik:

To upgrade, click “Check for updates” at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

What’s new in 6.34.4 (2016-Mar-24 13:13):

*) bonding – fixed crash on bonding slave release;
*) bonding – fixed mac-address disappearance after reboot in specific setups;
*) chr – fixed reboots with license and queues;
*) console – allow unknown scan-list names on wireless configuration to fix import;
*) fastpath – fixed rare kernel failure;
*) ipsec – take into account ip protocol in kernel policy matcher;
*) mac-winbox – try to aggregate packets & resend all pending packets on timeout;
*) ppp – do not crash when received multiple CBCP packets;
*) ppp – fixed crash when ppp interface gets disconnected and user gets authenticated at the same time (most probable with slow RADIUS server);
*) quickset – fixed wan interface selection on devices with SFP interfaces;
*) quickset – use 5GHz interface instead of 2GHz interface on SXT Lite5 ac;
*) rb3011 – fixed high cpu load breaks ethernet stats;
*) rb3011 – fixed link down messages;
*) romon – fixed romon discovery after romon ID change;
*) timezone – fixed reboot by watchdog when selecting timezones from the end of list;
*) userman – fixed www crash;
*) winbox – allow to show revoked & authority flags at the same time;
*) winbox – correctly recognise if there is need to report fan information under system health;
*) winbox – do not use area v2 names instead of ospf v3 area names;
*) winbox – make mac-winbox work with RB850.

Categories
Mikrotik

Lots of changes in RouterOS 6.34

Lots of changes in RouterOS 6.34
Some Standouts that will be of benefit to alot of folks I know
*) mipsle – architecture support dropped (last fully supported version 6.32.x);
*) btest – significantly increased TCP bandwidth test performance;
*) ssh – fixed possible kernel crash;
*) crs212 – fix 1Gbps ether1 linking problem;
*) tile – make sure that SFP rj45 modules that use forced 1G FD settings work correctly after system reboot;

What’s new in 6.34 (2016-Jan-29 10:25):

*) mipsle – architecture support dropped (last fully supported version 6.32.x);
*) dude – The reports of my death have been greatly exaggerated;
*) dude – dude RouterOS package added for tile and x86 (CHR) architecture;
*) dude – package included by default to all CHR images;
*) dude – initial work on dude integration into RouterOS;
*) bgp vpls – fixed initialization after reboot;
*) mpls – forwarding of VRF over TE tunnel stopped working after BGP peer reset;
*) ipsec – improved TCP performance on CCRs;
*) btest – significantly increased TCP bandwidth test performance;
*) winbox – fixed possible busy-loop on v2.x with latest 6.34RC versions;
*) cerm – allow to sign certificates from imported CAs created with RouterOS;
*) ldp – fix MPLS PDU max length;
*) net – improve 64bit interface stats support;
*) routerboard – print factory-firmware version in routerboard menu;
*) snmp – add oid from ucd mib for total cpu load OID 1.3.6.1.4.1.2021.11.52.0;
*) winbox – add extra items automatically to multi-line fields if at least one of them is required;
*) winbox – implemented full ipv6 dhcp client;
*) winbox – update blocked flag if user changed blocked field in dhcp server lease;
*) mac-telnet – fixed backspace when typing login username;
*) sstp – allow ECDHE when pfs enabled;
*) lte – fixed info command for Cinterion EHS5-E modem;
*) fast-path – fixed kernel crash on on/off;
*) licensing – fixed that some old 7 symbol keys could not be upgraded;
*) ssh – fixed possible kernel crash;
*) console – fixed crash on creating variable with “?” in it;
*) chr – fix SSH key import on AWS;
*) crs212 – fix 1Gbps ether1 linking problem;
*) timezone – use backward timezone aliases;
*) lte – support serial port for DellWireless 5570;
*) lte – improved dhcp handling on interfaces that doesn’t support it;
*) ipsec – allow my-id address specification in main mode;
*) dhcpv6 client – fix remove when client reappears on restart;
*) default config – fix hAP lite with one wireless;
*) firewall – added inversion support for “limit” option;
*) firewall – added bit rate matching for “limit” option;
*) firewall – improved performance for “limit” option;
*) dhcpv6-client – fix ia lifetime check;
*) ipsec – prioritize proposals;
*) ipsec – support multiple DH groups for phase 1;
*) netinstall – fix apply default config;
*) tile – make sure that SFP rj45 modules that use forced 1G FD settings work correctly after system reboot;
*) wireless – added WPS buttons support on hAP and hAP ac lite;
*) upnp – added comment for dynamic dst-nat rules to inform what host/program required it;
*) webfig – recognize properly CHR;
*) chr – license fix for AWS and similar solutions;
*) arm – fix usb modem modules on ARM;
*) dhcpv6-client – fixed stopped state;
*) netinstall – sort packages by name;
*) firewall – do not allow to add new rule before built-in (reverted);
*) winbox – include FP in fast-path column names;
*) ipsec – fix phase2 hmac-sha-256-128 truncation len from 96 to 128
This will break compatibility with all previous versions and any other
currently compatible software using sha256 hmac for phase2;
*) ssh, ftp – make read, write user group policy aware;
*) tunnel – fix keep-alive (introduced in 6.34rc);
*) cerm – show last crl update time;
*) quicket – support CAP mode on all existing wireless packages;
*) wlan – add united states3 country;
*) fast-path – fix locking issue which could lead to reboot loop (introduced in 6.34rc20);
*) userman4 – try loading signup files from db path first;
*) sstp – allow to limit tls version to v1.2 only;
*) chr – make tool profile work on 64bit x86;
*) dhcpv6-server – added binding server=all option;
*) hotspot – added html-directory-override & recognize default hotspot user;
*) hotspot – fixed export of default trial user;
*) hotspot – fixed memory leak on https requests;
*) winbox – allow to specify amsdu-limit & amsdu-threshold on 11n wifi cards;
*) winbox – added multicast-buffering & keepalive-frames settings to wireless interfaces;
*) CHR – implemented trial support for different CHR speed tiers;
*) dhcpv6-client – fix add route/address;
*) usb – enable ch341 serial module;
*) lte – make sure that both LTE miniPCI-e cards are recognized;
*) winbox – show Common-Name of certificates in certificate list;
*) winbox – added units to PCQ queue fields;
*) net – do not break connection when interface is added to bridge;
*) hotspot – show cookie add/remove events in hotspot,debug log;
*) hotspot – allow static entries with the same mac on multiple hotspot servers;
*) hotspot – do not remove mac-cookie in case of radius timeout;
*) hotspot – added byte limits option for default-trial users;
*) ipsec – make sure that dynamic policy always has dynamic flag;
*) CAPsMAN – use CAP name in log when remote-cap is deleted (wireless-cm2);
*) hotspot – fixed login by mac-cookie when roaming among hotspot servers;
*) hotspot – add html-directory-override for read-only directory on usb flash;
*) hotspot – add uptime, byte and packet counter variables to logout script;
*) net – fix statistics counters jumping up to 4G;
*) firewall – SIP helper update for newer Cisco phones;
*) usermanager – fixed usermanager web page crash;
*) ipsec – fixed active SAs flushing;
*) hotspot – added option to login user manually from cli;
*) hotspot – fixed trial-uptime parsing from CLI to Winbox/Webfig;
*) lte – added support for multiple E3372 on the same device;
*) modem – added wpd-600n ppp support;
*) console – fixed incorrect disabled firewall rule matching to “invalid flag”;
*) dns – fix for situation when dynamic dns servers could disappear;
*) sfp – fix 10g ports in 1g mode (introduced in 6.34rc1);
*) CCR1072 – added support for S-RJ01 SFP modules;
*) trafficgen – fixed issue that traffic-generator could not be started twice without reboot;
*) dhcpv6-server – replace delay option with preference option.

*) winbox – show properly route-distinguisher for bgp vpn4;
*) winbox – show dhcp server name in dhcp leases;
*) ppp – make CoA work correctly with address-lists;
*) winbox – fixed tab names to correspond to console;
*) winbox – show only actual switch-cpu ports in switch setting combobox;
*) winbox/webfig – fixed version column ordering in ip neighbors list;
*) webfig – fixed switch port “default vlan id” has missing “auto” value;
*) webfig – fixed firewall connection-bytes option;
*) ipsec – fixed kernel failure after underlying tunnel has been disabled/enabled;
*) romon – allow to see device identity if it is longer than 31 character;
*) fastpath – show fp counters in /interface monitor aggregate;
*) bridge firewall – fix chain check (broken since 6.33.2);
*) bridge firewall – fixed crash when jump rule points to disabled custom chain;
*) smb – fix crash when changing user which has open session;
*) address-list – properly remove unused address-lists from drop-downs;
*) fetch – fixed closure after 30 seconds;
*) capsman – fix radius accounting stop message;
*) log – reopen log file if deleted;
*) packing – fix tcp/udp checksums when simple packing is used;
*) tile – fix ipsec freeze after SA updates;
*) upnp – fixed missing in-interface option for dynamic dst-nat rules;
*) tunnel – fix complaining about loop after ~248 days;
*) vrrp – make sure that VRRP gets state on bootup;
*) ppp – fixed rare kernel crash (introduced in v6.33);
*) ppp – do not allow empty name ppp secrets;
*) ssh – fix active user accounting.

Categories
Mikrotik

Mikrotik mipsle support ending

The last version of Mikrotik RouterOS that supports mipsle architecture is 6.32.x.  As of this writing that appears to be 6.32.2

Categories
Mikrotik

Dude not upgrading beyond RoS 6.24

So a problem has come up with folks who use the Dude for upgrades. Ever since 6.24 The Dude has been having problems pushing upgrades out to devices. The error message you get is “Can not determine packages”. This seems to be a known issue according to this post.

Categories
Uncategorized

Mikrotik Router OS 6.29 released

The fastTrack improvements are a big improvement for those of you doing such things.

What’s new in 6.29 (2015-May-27 11:19):

*) ssh server – use custom generated DH primes when possible;
*) ipsec – allow to specify custom IP address for my_id parameter;
*) ovpn server – use subnet topology in ip mode if netmask is provided (makes android & ios
clients work);
*) console – allow ‘-‘ characters in unknown command argument names;
*) snmp – fix rare bug when some OIDs where skipped;
*) ssh – added aes-ctr cipher support;
*) mesh – fixed kernel crash;
*) ipv4 fasttrack fastpath – accelerates connection tracking and nat for marked
connections (more than 5x performance improvement compared to regular slow
path conntrack/nat) – currently limited to TCP/UDP only;
*) added ~fasttrack-connection~ firewall action in filter/mangle tables for marking
connections as fasttrack;
*) added fastpath support for bridge interfaces – packets received and transmitted
on bridge interface can go fastpath (previously only bridge forwarded packets
could go fastpath);
*) packets now can go half-fastpath – if input interface supports fastpath and
packet gets forwarded in fastpath but output interface does not support fastpath
or has interface queue other than only-hw-queue packet gets converted
to slow path only at the dst interface transmit time;
*) trafflow: add natted addrs/ports to ipv4 flow info;
*) queue tree: some queues would stop working after some configuration changes;
*) tilegx: enable autoneg for sfp ports in netinstall;
*) health – fix voltage on some RB4xx;
*) romon – fix 100% CPU usage;
*) romon – moved under tools menu in console;
*) email – store hostname for consistency;
*) vrrp – do not reset interface when no interesting config changes;
*) fixed async. ppp server;
*) sstp – fixed router lockup.
*) queue tree: some queues would stop working after some configuration changes;
*) fixed CRS226 10G ports could lose link (introduced in 6.28);
*) fixed FREAK vulnerability in SSL & TLS;
*) improved support for new hEX lite;