Skip to content
Nov 13 / Greg

Mikrotik Newsletter 68 – Andrew/Greg Chat

Andrew Cox and Greg Sowell dish about some of the new stuffs in the 68th newsletter:
mANT 15, 19 sector antennas
hEX PoE Lite
mANT 30 45° horn tilt
LNS supprot
DNS on tunnels and such
PoE manager

This was impromptu conversation…taking it back old school.

Grab the MP3 here if you prefer:Mikrotik Newsletter 68 Audio (61)

Nov 9 / Greg

Mikrotik Changelog 6.33 … A Novel

What’s new in 6.33 (2015-Nov-06 12:49):

*) dns – initial fix for situation when dynamic dns servers could disappear;
*) winbox – dropped support for winbox v3.0beta and v3.0rc (use winbox v3.0);
*) dhcpv6 – various improvement and fixes for dhcp-pd client and ippool6;
*) defconf – fixed rare situation where configuration was only partially loaded;
*) net – fix possible never ending loop when bad CDP discovery packet is received; Snap…interesting DOS vector
*) log – make default disk file name to reside in flash dir if it exists;
*) romon – change port list to be not ordered in export;
*) capsman – limit number of simultaneous DTLS handshakes;
*) capsman – fixed memory leak on CAP joining CAPsMAN when ssld is used;
*) winbox – added allow-fast-path to eoip, gre & ipip;
*) winbox – do not show power-cycle properties on non poe ports;
*) l2tp: implemented PPPoE over L2TP in LNS mode, RFC3817;Just for Thrift hehe
*) webfig – some of the setting were shifted to the right;
*) packages – allow to reinstall from bundle to separate packages & vice versa;
*) packages – prefer out of bundle packages when both of them are installed;
*) packages – fix a problem of upgrading bundle package to non bundled ones;
*) ipsec – force flow cache validation once in 1h;
*) winbox – make sure that all setting names get shown in full;
*) winbox – added poe power-cycle-ping settings to ethernet interfaces;
*) ppp – handle properly case were ppp client is given same address for local & remote end;
*) winbox – added vlan-mode & vlan-id to virtual-ap interface;
*) winbox – added timeout column to ipv6 address lists;
*) winbox – show SFP Tx/Rx Power properly;niceeee
*) winbox – added min-links to bonding interface;
*) winbox – do not show health menu on RB951Ui-2HnD;
*) winbox – added support for Login-Timeout & MAC-Auth-Mode in hotspot;
*) cerm – added option to disable crl download in ‘/certificate settings';
*) winbox – make user ssh key import work again;
*) webfig – make “Copy to Access List” work in CAPsMAN Registration Table;
*) userman – fix report generation problem which could result in some users being skipped from it;
*) winbox – fix to allow cpu-port as mirror-target
*) proxy – error.html parsing enhancement to improve performance
*) CCR1072 – improve ether1 performance under heavy loadHow odd…I wonder why ether1 alone was having issues. I thought the 1072 had individual pipes to the CPU for each port.
*) routerboard – indicate RouterBOOT type in /system routerboard print;
*) mpls – properly use mpls mtu for routes;
*) cerm – fix key description for signed certificates;
*) trafflow – report flow addresses in v1 and v5 without NAT awareness;
*) hotspot – add mac-auth-mode setting for mac-as-passwd option;
*) hotspot – add login-timeout setting to force login for unauth hosts;
*) auto-upgrade – fixed auto upgrade for smipsbe;
*) dns – do not create duplicate entries for same dynamic dns server addresses;
*) ipsec – fix set on multiple policies which could result in adding non existent dynamic policies to the list;
*) email – allow server to be specified as fqdn which is resolved on each send;Killer
*) fastpath – eoip,gre,ipip tunnels support fastpath (new per tunnel setting “allow-fast-path”);Sick…anyone test yet?
*) ppp, pptp, l2tp, pppoe – fix ppp compression related crashes;Nice…I use this in a few places
*) cerm – also accept downloaded CRLs in PEM format;
*) userman – added ‘history clear’ to allow flushing undo history, which may take up significant amount of memory for huge databases with hundreds of users;
*) health – fix voltage for CRS109, CRS112 and CRS210 if powered from external adapter;
*) userman – added phone number support to signup form;
*) ip pool6 – try to acquire the same prefix if info matches recently freed;
*) ipsec – fix transport mode ph2 ID ports when policy selects specific ip protocol on initiator;
*) ipsec – use local-address for phase 1 matching and initiation;
*) route – fixed crash on removing route that was aggregated;
*) ipsec – fix replay window, was accidentally disabled since version 6.30;
*) ssh – allow host key import/export;
*) ssh – use 2048bit RSA host key when strong-crypto enabled;
*) ssh – support RSA keys for user authentication;
*) wlan – improved WMM-PowerSave support in wireless-cm2 package;
*) pptp & l2tp – fixed problem where android client could not connect if both dns names were not provided (was broken since v6.30);
*) auto-upgrade – added ability to select which versions to select when upgrading;
*) quickset – fixed HomeAP mode;
*) lte – improved modem identification to better support multiple identical modems;
*) snmp – fix system scripts table;
*) tunnels – eoip,eoipv6,gre,gre6,ipip,ipipv6,6to4 tunnels now support dns name as remote address;I believe this is only on initial connection. I wonder if there is a way that if the connection drops it would attempt to DNS query again – if the remote address changed it would reconnect
*) fastpath – active mac-winbox or mac-telnet session no longer suspends fastpath;
*) fastpath – added per interface fastpath counters;
*) fastpath – added trafflow support in basic ipv4 and fasttrack ipv4 fastpath;
*) ppp – added on-up & on-down scripts to ppp profile;
*) winbox – allow to specify dns name in all the tunnels;
*) pppoe – added support for MTU > 1492 on PPPoE;
*) cerm – fix scep server certificate-reply degenerate PKCS#7 signed-data content;
*) ppp-client – added default channels for Alcatel OneTouch L100V;
*) defconf – fix for boards that had bridge with only wlan ports;
*) ovpn: support OpenWRT ovpn clients (or any other with enable-small option enabled);
*) cerm – use certificate file name for imported cert name;
*) fetch – fixed error message when error code 200 was received;
*) cerm – rebuild crl for local ca if crl file does not exist;
*) winbox – make directed broadcasts work for neighbor discovery;
*) upnp: automatically adjust mappings to new external ip change;
*) ppp – added ppp interface to upnp internals/externals if requested;
*) ppp – when adding ipv6 default route use user provided distance;
*) userman – allow to correctly enable CoA on router;
*) cerm – show crl nextupdate time;
*) ppp – added CoA support to PPPoE, PPTP & L2TP (Mikrotik-Recv-Limit, Mikrotik-Xmit-Limit, Mikrotik-Rate-Limit, Ascend-Data-Rate, Ascend-XMit-Rate, Session-Timeout);
*) ppp – added new option under “ppp aaa” – “use-circuit-id-in-nas-port-id”;
*) userman – refresh active sessions/users view dynamically;
*) package – added version tag and show everywhere alongside of version number;
*) wlan – improved 802.11 protocol single connection TCP performance for ac chipset with cm2 package.

So some of A Thrift’s changes were in there…anyone else see some action they like here?

Oct 20 / Greg

Mikrotik ROS Change Log 6.32.3

First, it’s been ages since I’ve posted, and even longer since it was a change log hehe. So here we gooooooo

I’m sure you’ve also noticed how MTK is now doing bug fix releases. They only introduce new features when you change middle revision numbers. This allows you to find a stable version, and just pull bug fixes…unless you are brave, then you can just straight to the newest version ;)

What’s new in 6.32.3 (2015-Oct-19 11:13):

*) switch – fixed CRS settings set back to defaults after a reboot;Seems like a major fix. I wonder what odds you had of it resetting?
*) netinstall – include missing RB1200 drivers;
*) firewall – fixed connection-rate matcher;Big one I use frequently
*) ppp, pptp, l2tp, pppoe: fixed router dead locked if compression was enabled on link;I use this regularly also…haven’t seen the lockup, though.
*) quickset – create proper firewall rules when PPPoE is used for address acquisition;
*) sstp – fixed kernel crash when other party started to fragment ppp packets in the middle;
*) ippool6 – optimize same prefix acquisition;
*) winbox – Shift+Ins & Shift+Del did not work in multi entry fields;I didn’t even know this was a thing…
*) winbox – allow to specify ipv6 address in traffic flow target;
*) winbox – allow to specify eap-radius-accounting in CAPsMAN;
*) winbox – allow to enter dns name in email server;Awesome
*) ups – fix console oid print;
*) tunnel – fix loopback keepalives on gre and ipip;
*) pptp,l 2tp, sstp, pppoe: do not send data packets before we have negotiated connection with other
side (happens on dial-on-demand interfaces), this brakes when connecting to other party servers;
*) pptp, l2tp, sstp – make it work when add-default-route & dial-on-demand both are enabled;
*) pptp, l2tp, sstp, pppoe clients – fixed problem where they failed to connect
at startup and only reboot helped; Ugh…tshooting nightmare on that one
*) nv2 – fixed kernel failure with frame size accounting;
*) ovpn client – fixed crash when ovpn didn’t receive it’s ip address;
*) lcd – fix slideshow for CCR1072, and possible sign issues for temperatures;
*) winbox – make console notice correct screen size;
*) ssh – allow to specify pass as argument for private key import;
*) winbox – refetch hotspot walled garden hit counter;
*) winbox – added client-connections & server-connections to web proxy status;
*) cerm – fix scep server certificate-reply degenerate PKCS#7 signed-data content;
*) bgp – specific BGP networks were changed to different ones;Ugh
*) cerm – allow export for all types except templates;
*) wlan – update brazil-anatel country;
*) winbox – fixed context menu actions to apply to all selected items;

A lot of good bug fixes!

Sep 4 / thebrotherswisp

TheBrothersWISP 24 – The lame one without Greg

Quote the Mike Hammett:
“I apologize for the mess. It took us an hour to get started due to hangups on Greg’s end… enough to where he used up all of his time. Then I realized I had to manually control the camera (maybe at my own direction?).

Tom Smyth, Justin Miller, Alex Hart and Mike Hammett discuss:

Cloud Hosted Router
Ignitenet MetroLinq
TP-Link switches
RVA-IX and Midwest-IX
Tom’s singing and facial hair”

Here’s the video:(if you don’t see it, hit refresh)

Sep 4 / thebrotherswisp

TheBrothersWISP 23 – CCR1072, airfiberx, UBNT Gear, Mikrotik

Mike(Mom), Tom, Tomas(over achiever brother), Andrew Thrift(good looking brother), JJ(mad scientist brother), Alex(the normal one), and Greg(so bald it hurts) talk about life, love, and routers…mostly routers.

Some of the things discussed:
Mikrotik bugs
Mikrotik new revision system with incremental bug fixes
Unifi AC
Mikrotik Cloud Hosted Router

Here’s the video:(if you don’t see it, hit refresh)

Jun 30 / Greg

Cisco CMP – Out Of Band Built Into Your Router

Today I had a customer ask us for assistance in configuring their CMP on their Cisco Sup2T for a 6500 chassis. To which I promptly googled it hehe.

A CMP is the Connectivity Management Processor, AKA out of band manager. This is similar to IPMI in the server world. It lives on inside the supervisor, but it is completely separated out. It has its own proc, ram, interface. If the supervisor tanks, you can still access it via the CMP.

Connecting from the console is simple:

Control Sequence
Press Ctrl-c and then Shift-m 3 times consecutively:
Ctrl-c Shift-m Ctrl-c Shift-m Ctrl-c Shift-m
Press Ctrl r and then Shift m 3 times consecutively:
Ctrl-r Shift-m Ctrl-r Shift-m Ctrl-r Shift-m

Once there you can use “root” as the user and “default” as the password.

Initial config(IP/Gateway) is equally simple:

Step 1 
switch-cmp# configure terminal
!Enters configuration mode on the CMP.
Step 2 
switch-cmp(config)# interface cmpmgmt
!Enters interface configuration mode for the cmp-mgmt interface on either the active or the standby supervisor engine.
Step 3 
switch-cmp(config-if)# ip default gateway
!Configures the default gateway for the cmp-mgmt interface.
Step 4 
switch-cmp(config-if)# ip address
!Configures the IP address/mask

Pretty cool feature…even the Cisco haters out there can appreciate it ;)

May 28 / thebrotherswisp

TheBrothersWISP 22 – 2015 MUMs

Mike, Miller, Tom and Greg went to the US MUM(well, Mike didn’t) and we have a little chat about it.

Some of the things discussed:
New MUM Hardware. Greg’s thoughts on said hardware.
Mike’s IX midwest-ix
Miller’s IX rva-ix
OpenBGPd – openbsd bgp routing.
BIRD – linux routing.
FastTrack – fastpath with connection tracking.
Greg’s MUM Presentation – using BGP to build QoS.
RoMon – MTK layer 2ish management protocol.
Lots-o-random things inbetween.

To see the video please visit the link below!!!