This is the biggest update I've ever seen from Mikrotik. 181 items! What's new in 6.35 (2016-Apr-14 12:55): Known issue: some huawei lte modems might not get IP address after the reboot of the router - disable/enable of the modems interface fixes that *) arp - apply Linux Kernel patch to stop RouterOS from randomly exhibiting misplaced ARPs; -Exchanges will like this *) mipsbe - (excluding RB4xx and CRS series) fixed rare ethernet tx buffer corruption; *) nand - implemented once a week nand refresh to improve stored data integrity (will increase sector writes); -Do what?! *) pppoe-client - implemented fastpath support; -I'm sure this is a big one *) l2tp - implemented l2tp and lns fastpath/fasttrack support; *) queue - added bucket-size setting to queues (derived from max-limit); *) tile - fixed rare situation when some cores decide not to take part in packet processing till next reboot; *) tunnels - fixed performance slowdown on any other tunnel disable/enable; *) winbox - increased minimal required winbox version to 3.4; -Well I guess the embedded winbox in dude needs updated now. *) wireless - added new package "wireless-rep"; *) wireless - improved 1-chain 802.11ac station compatibility with other vendor multi-chain APs; *) address-list - fixed crash in low memory situations; *) bonding - fixed crash when creating vlans on bonding interface; *) capsman - added 802.11g/n band; *) capsman - fixed capsman extension channel names; *) certificate - revoked certificates not showing as (R)evoked; *) certificate - allow manual crl url addition; *) chr - added support for VLAN on Hyper-V; *) chr - fixed Hyper-V booting from SCSI; *) chr - fixed Hyper-V on windows 8/10 reboot loop; *) chr - fixed bridge firewall; *) chr - fixed kernel crash when virtual ethernet was not connected to anything in Hyper-V; *) chr - implemented automatic storage increase on disk image size increase; -woohoo *) chr - implemented kernel crash saving to autosupout.rif (will utilize additional 24Mb of RAM); *) chr - make shutdown request from hyper-v work (might fix other hypervisor as well); *) chr - no more installation on first boot; *) chr - try to renew expired license once a hour instead of 100h; *) cloud - don't write minor status changes to storage; *) console - fixed print follow in "/ip dns cache" menu; *) console - show RouterOS Version in /interface wireless scan; *) console - sort completions/hints in natural order; *) console - update copyright notice; *) defconf - fixed default configuration for SXT LTE; *) dhcpv6-client - fixed wrong error message; *) dhcpv6-client - fix ia expiration and lifetime validation; *) dhcpv6-server - acquire binding on renew if it does not exist; *) dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=8&t=104395); *) dude - fixed dude login logging, no more shows as winbox login; *) email - fixed send cmd server addr override; *) ethernet - add option to see S-GPON-ONU module, GPON side SN in "/int eth mon sfp#"; *) ethernet - do not allow to set self as master port; *) export - bonding did not show up in global export; *) export - exclude default values from export in "/interface l2tp-server server" menu; *) export - fixed export when ipv6 address was taken from pool; *) export - fixed rare situations when not whole config was exported; *) export - updated defaults for compact export; *) fastpath - fixed crash when packet arrives on disabled interface; *) fastpath - fixed show rx-bits-per-second on all VLAN interfaces; *) fastpath - improved vlan fastpath; -Nice! *) fasttrack - fixed timer updating in connections table for fasttrack connections; *) fetch - decrease connection idle timeout; *) firewall - added experimental "action=route" in mangle prerouting - that forces packets to specific gateway by ignoring routing decisions (CLI only); -I wonder ow this could be used? *) health - always report fan speed (even if it is 0); *) health - swap fan2 and fan3 on CCR1072; *) hotspot - clean-up all dead entries at once; *) hotspot - fixed possible deadlock; *) hotspot - improved html page resistance against attacks; *) hotspot - make video tag work properly on hotspot login.html page *) ip - rename max-arp-entries to less confusing max-neighbor-entries; *) ippool6 - fixed potential crash; *) ipsec - always re-key ph1 because it was possible that ph1 without DPD would expire; *) ipsec - better flush on proposal change; *) ipsec - fixed crash on policy update; *) ipsec - fixed fast ph2 SA addition; *) ipsec - fixed larval SA refresh for display; *) ipsec - fixed multiple consecutive dynamic policy flush; *) l2tp & pppoe - fixed user traffic accounting when fastpath was used; *) l2tp - introduced per tunnel allow-fast-path option; *) l2tp - added support for Hidden AVP, it is needed for proxy authentication; *) l2tp - added support for max-sessions; *) l2tp - added support for proxy authentication when receiving forwarded PPPoE sessions; *) l2tp - fixed small memory leak on reconnects; *) lcd - fixed branding packet logo drawing on startup; *) led - fixed crash on assigned interface removal; *) led - turn on fault led on CCR1072 if CPU too hot; *) leds - fixed AP-CAP led blinking after successful association to CAPsMAN; *) lte - added ipv6 support for SXT LTE; *) lte - changed AT command processing; *) lte - changed AT parsing because supported Huawei modems use unsolicited events instead of polling; *) lte - fixed bandlux modem dialing; *) lte - fixed crash on early initialization; *) lte - improve situation when SXT modem never finds operator; *) lte - replaced signal-strength with rssi in info command; *) lte - support Alt38XX modem; *) lte - support for zte mf820s2; *) lte - supported modems now use unsolicited events for network monitoring; *) lte - use timer for modem info; *) map lite - added hardware WPS button support; *) mpls - do not reset VPLS on TE tunnel re-optimize; *) ntp - fixed ntp client hangs in reached state; *) ospf - fixed crash when getting neighbor router-id in NBMA area; *) ppp - fixed ppp interface reconnect when uPnP was used; *) ppp - close connection if peer wants to re-authenticate; *) ppp - fixed memory leak high number of pppoe clients to the same server; *) ppp - fixed ppp crash if lcp packets were lost and authentication got delayed; *) ppp - fixed some clients can not connect due to LCP restart; *) pppoe - added rfc4679 support; *) pppoe - fixed crash when removing pppoe service; *) pppoe-server - added pado-delay option; *) profiler - classify certificate signing; *) proxy - fixed ftp request url decode; *) queue - improve "/queue interface" menu; *) quickset - fixed invalid date adjusted the signal threshold for the signal chart and refresh rate; *) quickset - fixed situations when hidden password was passed as ******* from winbox nd webfig; *) radius - warn radius client if incorrect secret is being used; *) rb3011 - fixed sfp compatibility with CCR when using direct attached cables; *) rb3011 - fixed time keeping; *) rb3011 - make ether6-ether10 work if SFP module is present on bootup; *) romon-ssh - fixed active addresses for romon user; *) route - do not show duplicate gateway on connected route; *) route - fixed filter by routing table; *) routing - fixed rare kernel failure on different dynamic routing configurations; *) routing - fixed routing-marks were not erased from memory when they are not being used; *) services - do not show ssh entry under ip services if security package is disabled; *) snmp - don't group oids for bulk get with maxreps > 1 ; *) snmp - fixed cpu load reporting to 1min average and change oid to 220.127.116.11.4.1.2021.11.10.0; *) snmp - fixed dhcpv4 lease hwaddr format according to mib; *) snmp - fixed getbulk result ordering with multiple request OIDs; *) ssh - simplify login process; *) ssl - optimized certificate update; *) system - log time changes; *) tile - corrected max-l2mtu; *) tile - fixed fastpath related memory leak; *) tile - fixed performance regression on switch chip (introduced in 6.33rc18); *) tile-crypto - fixed minor memory leak; *) tool fetch - fixed https cleanup on user stop while handshaking; *) trafficgen - fixed console arguments; *) trafficgen - fixed crash when unexpected stream reappears; *) trafflow - fixed potential deadlock; *) ups - fixed entering hibernate mode when below battery capacity limit; *) users - added separate RoMoN policy; *) webfig - fixed firewall rule sorting did not work in other chains except all; *) webfig - show single item groups as optional values; *) webfig - sort numeric columns numerically even if they contain some text; *) winbox - added "pw-type" to "/interface vpls bgp-vpls" menu; *) winbox - added "use-control-word" and "pw-mtu" to "/interface vpls cisco-bgp-vpls" menu; *) winbox - added /interface wireless setup-repeater; *) winbox - added all the rates settings to the capsman; *) winbox - added flip-screen option to lcd settings; *) winbox - added init-delay option to routerboard settings; *) winbox - added ipv6 firewall missing log option; *) winbox - added missing eap-ttls-mschamv2 method to wireless security profile; *) winbox - added mtu=auto support to eoipv6 tunnel; *) winbox - added sfp-mac for GPON interfaces; *) winbox - added support for new settings from wireless-rep package; *) winbox - added support for route action in mangle rules; *) winbox - allow to set additional-network-modes; *) winbox - allow to set multiple dh-groups; *) winbox - disable autostart for wireless scan,snooper,align etc. on open; *) winbox - do not show "enable-jumper-reset" setting on devices without serial port; *) winbox - do not show real-tx-power column in current-tx-power by default; *) winbox - fixed unset options in /routing ospf interface menu; *) winbox - hotspot default-trial user shows profile as "unknown" in Winbox; *) winbox - improved winbox connection loss detection, fixes winbox safe mode; *) winbox - limit ospf key to 16 symbols; *) winbox - make additional-network-mode optional for lte interface; *) winbox - make build with latest lte changes; *) winbox - make mrru disabled and set mtu+mru to auto by default on new servers; *) winbox - show "usb-power-reset" option on all boards that have it; *) wireless - fixed crash on nstreme-dual interface stats update; *) wireless-rep - added 802.11g/n only band; *) wireless-rep - added STEP feature for the scan-list; *) wireless-rep - added WPS client support; *) wireless-rep - added support for saving wireless scan results to file; *) wireless-rep - added support for wireless background scan for 802.11 protocol; *) wireless-rep - added support for wireless repeater mode for 802.11 protocol; *) wireless-rep - added support for wireless scan rounds setting; *) wireless-rep - adjust roaming scan times; *) wireless-rep - allow to connect to AP after scan; *) wireless-rep - do not allow empty ssid for AP modes; *) wireless-rep - fixed crash on non-HT clients; *) wireless-rep - fixed latency issues with Intel wireless clients; *) wireless-rep - fixed nv2 protocol; *) wireless-rep - fixed qos frame-priority when nv2 protocol used in station-wds mode; *) wireless-rep - fixed signal leds; *) wireless-rep - fixed speed issue when connected with Intel 802.11ac; *) wireless-rep - initial support for station roaming for station mode in 802.11 protocol; *) wireless-rep - request interface name for setup-repeater; *) wireless-rep - use full identity where possible; *) wireless-rep,capsman - added more configuration settings; *) wireless-rep,capsman - added rate config support.
The CHR image reinstalls into it’s self and it’s 128 megabytes by default.
I wanted to resize it.
Find a copy of qemu-img. I’m on a Mac so I downloaded GNS3 and found the binary in
./qemu-img convert -f vmdk -O raw /Users/user/Downloads/chr-6.34.1.vmdk /Users/user/Downloads/chr-6.34.1.raw
./qemu-img resize -f raw /Users/user/Downloads/chr-6.34.1.raw +1G
./qemu-img convert -f raw -O vmdk /Users/user/Downloads/chr-6.34.1.raw /Users/user/Downloads/chr-6.34.1-1G.vmdk
If the video doesn’t show up, refresh the page.
Show is over folks.
Oct 24, Wednesday
*) route - fix dst-prefix filtering did not return routes when routes with different routing-mark were present; *) wireless - improved nv2 stability; *) winbox & webfig - added simple new version downloading & upgrading panel; *) dhcp server - immediately store to disk changes for lease configuration; *) lcd - improve graphs screen *) lcd - improve touch screen (must /lcd reset-calibration) *) smb - fix smb share mounting on linux systems *) ovpn - fixed memory leak on disconnects; *) userman - fix unpaid profile activation while authenticating; *) sstp - fix high CPU usage on SSL handshake; *) winbox - added ability to add time & date to dashboard; *) metarouter - fixed lockups on RB110AH; *) metarouter - fixed occasional lockups on RB450G; *) ups - fixed problem connecting to USB device, introduced in 5.20; *) quickset - added Wireless PTP Bridge mode; *) fix MPLS MTU configuration usage; *) dns - fix empty response; Download
In case you were too busy chatting up people and missed some of the presentations, or you just weren’t there here are the MUM 2012 NOLA videos.
Video from MUM 2012 NOLA
I still need to test all the keywords, and add custom highlights that match WinBox coloring.
Here it is:
- Install SyntaxHighlighter Evolved.
- Install this plugin.
- Use [ros] and [/ros] around your code.
The iPhone 5 now has 5 GHz wireless built in. The original iPad has it as well. Lot’s of Macs have had it for a while. If you want the fastest speed for your Angry Birds updates switch to 5 GHz.
Since Mikrotik’s are DIY configuration which settings actually helpful?
From my research I’ve found that Apple devices like the following:
- Long preamble.
- WPA2 with AES and no TKIP.
- Macs and iOS devices only support HT20 on 2.4 GHz but support both HT20 and HT40 on 5 GHz.
I would not recommend using HT40 in 2.4 GHz regardless.
/interface wireless security-profiles add group-ciphers="" supplicant-identity=MikroTik unicast-ciphers="" \ add authentication-types=wpa2-psk eap-methods=passthrough \ management-protection=allowed mode=dynamic-keys name=WPA2_profile \ supplicant-identity="" wpa2-pre-shared-key=mustbe8char /interface wireless set 0 band=2ghz-b/g/n bridge-mode=disabled disabled=no frequency=2437 \ ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=ap-bridge multicast-helper=\ disabled name=2.4 preamble-mode=long rate-selection=legacy \ security-profile=WPA2_profile ssid=TwoGhz wireless-protocol=802.11 \ wmm-support=enabled set 1 band=5ghz-a/n bridge-mode=disabled channel-width=20/40mhz-ht-below \ disabled=no frequency=5200 ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=\ ap-bridge multicast-helper=disabled name=5.8 preamble-mode=long \ rate-selection=legacy security-profile=WPA2_profile ssid=FiveGhz \ wireless-protocol=802.11 wmm-support=enabled