Outdated Mikrotik RouterOS on Vox FTTH?

russellO

Well-Known Member
Joined
Jan 26, 2007
Messages
401
I noticed that the Mikrotik hEX router that Vox installed is running 6.42.6 but the latest release in the "bugfix only" channel (which I assume is the long term stable channel) is 6.44.5. There is a long list of security vulnerabilities that have been fixed in the newer releases and an even longer list of bug fixes.

I logged a ticket and asked them to please update it but they just said: no, 6.42.6 is the latest stable version and 6.44 is still in beta. I stopped him right there and said: no, 6.46 is the beta channel and 6.45 is the stable channel and 6.44 is the bug fix channel. (if I understand the channels correctly). He then said that 6.42 is the latest one that he select in the management tool.

I asked if they routinely update the RouterOS because a lot of big corporate companies will leave old software as is, because it is working. He then said yes they would, but only if I phone in and ask for something and they notice that it is out of date. It is not an automatic process. So if I never phone in for two years then it sits there with all the vulnerabilities open to the world?

The attachments show the current version, latest bug fix release and the available channels. I'm a RouterOS NOOB!

It seems like they trying to pull the wool over my eyes here just to keep it at an old version they happy with? Anyone have any experience with this and able to give some advice?

Otherwise I can ask for superuser access and do it myself.. Possibly make the thing explode.
 

Attachments

krieg

Senior Member
Joined
Mar 31, 2010
Messages
712
RouterOS gets updated all the time best to get that superuser access. Worst you can do with a mikrotik is get it stuck in a boot loop but no explosions.
 

ThatGuy_ZA

Well-Known Member
Joined
Nov 2, 2012
Messages
324
This is why I avoid ISP issued routers.

Can't you get the PPPoE credentials from Vox and wipe the router so you have admin access?
 

russellO

Well-Known Member
Joined
Jan 26, 2007
Messages
401
RouterOS gets updated all the time best to get that superuser access. Worst you can do with a mikrotik is get it stuck in a boot loop but no explosions.
I'm really unlucky... A little click sound, puff of smoke, no internet for the weekend.

This is why I avoid ISP issued routers.

Can't you get the PPPoE credentials from Vox and wipe the router so you have admin access?
Yip, Vox send you the details. I could do that.

They are lying.
https://mikrotik.com/download

They SHOULD be running 6.44.5 (Long-term)
So I'm not going mad.

Beware ".1", ".3", ".5" etc...

Over the years we have found that even numbers are as a rule more stable than the odd numbers.

That goes for what we've seen of 6.45.x too.
Thanks for the heads up.


Maybe I should request superuser access, do a backup, upgrade the packages, upgrade the firmware and say a little prayer.
 

Gambit

Expert Member
Joined
Apr 26, 2005
Messages
1,499
The first thing I did when I got my Vox issued mikrotik router was to do a factory reset as a matter of principle. I don't want anyone at Vox to have access to my local network. When I had support issues months later they didn't really seem to care that they could no longer log in. I just set up a temp account on the router for them to run their tests and verify there was an issue on my line. It was a little easier to setup a fresh router as I am on Vumatel trenched which is configured via DHCP but I'm sure you can get the PPPOE credentials from them if your fibre provider uses that for provisioning.
 

killerbyte

Expert Member
Joined
May 10, 2007
Messages
1,635
Thankfully I control my own Mikrotik, but then I do this for a living so I have my personal one automatically updating daily to the latest "testing" RouterOS & Firmware.

Please make sure they update the RouterOS AND the firmware. So many times I have seen that the RouterOS gets updated and the firmware gets forgotten about.
 

portcullis

Cape Connect Internet Rep
Company Rep
Joined
Oct 7, 2008
Messages
1,129
Please make sure they update the RouterOS AND the firmware. So many times I have seen that the RouterOS gets updated and the firmware gets forgotten about.
I suspect many people will be lost when reading that comment.

Hopefully this little script will be useful for someone to just paste into the terminal window

sy ro print
sy ro up
y
sy reb
y
.

You can get creative with this. We have a script we load on all clients' routers that runs on startup, that compares the current version with the new version and does a reboot if needed.
 

killerbyte

Expert Member
Joined
May 10, 2007
Messages
1,635
I suspect many people will be lost when reading that comment.

Hopefully this little script will be useful for someone to just paste into the terminal window

.

You can get creative with this. We have a script we load on all clients' routers that runs on startup, that compares the current version with the new version and does a reboot if needed.
Here are the two scripts I run on a scheduled basis:

RouterOS Update
Code:
/system package update
check-for-updates once
:delay 3s;
:if ( [get status] = "New version is available") do={ install }

Firmware Update
Code:
:log info "Checking firmware...";
/system routerboard
:if ([get current-firmware] != [get upgrade-firmware]) do={
     :log info "Updating firmware";
     upgrade;
     #  Automatic restart
     :delay 2s
     /system reboot
     } else={
     :log info "No update."
     }
 

portcullis

Cape Connect Internet Rep
Company Rep
Joined
Oct 7, 2008
Messages
1,129
The only thing "different" we do is to add a "new package source" in our default setup script. This means that only once we've thoroughly tested a version and uploaded it the package source server, will it go to customers.

Of late RouterOS has become too buggy for us to just push every update they release.

For example, the 6.45.x versions don't work properly with Ubiquiti bidi SFP+ modules. That has now become our standard client router and layer 1 option for all 1Gb and above business clients.

The lovely thing about Mikrotik is you can drop a hAP at a 5Mb client and a 4011 at a 5Gb client and the o/s is exactly the same, even through to our 40Gb x86 based routers.
 

killerbyte

Expert Member
Joined
May 10, 2007
Messages
1,635
The only thing "different" we do is to add a "new package source" in our default setup script. This means that only once we've thoroughly tested a version and uploaded it the package source server, will it go to customers.

Of late RouterOS has become too buggy for us to just push every update they release.

For example, the 6.45.x versions don't work properly with Ubiquiti bidi SFP+ modules. That has now become our standard client router and layer 1 option for all 1Gb and above business clients.

The lovely thing about Mikrotik is you can drop a hAP at a 5Mb client and a 4011 at a 5Gb client and the o/s is exactly the same, even through to our 40Gb x86 based routers.
I do agree with you regarding the same OS being on all devices. Makes life so much easier.
 

russellO

Well-Known Member
Joined
Jan 26, 2007
Messages
401
@portcullis Thanks for all the technical info you sharing here. Can't say I've seen that from an ISP/rep before.

I didn't even see CCI packages when applying for Fibre. I like the "Free Public IP Address and IPv6 Enabled" on your fibre package. I'm stuck with Vox for now though. 2020 maybe.
 
Top