Default usernames and passwords are significant security vulnerabilities on any internet facing device. It’s a…
Discovered Issues and Workarounds on RouterOS 7.6
The Problem
In the past week or so, we have received higher than usual number of support emails. Almost all of them were related to routers not establishing an SSTP connection to a RemoteWinBox server. After spending some time investigating this issue in our lab, we came to a conclusion that the problem happens specifically with routers that are on RouterOS 7.6. It seems like the latest MikroTik update broke something related to SSTP Client interface.
While we can’t write our custom RouterOS patches, we can provide some workarounds!
This is how the problem looks:
As you can see, the RemoteWinBox configuration is on the router, the router can definitely resolve the vpn4.remotewinbox.com address, that my router resides on, yet the SSTP connection fails due to not being able to resolve the name of vpn4.remotewinbox.com.
If you take a look at the packages and boot firmware, you can see that it’s at version 7.6:
The Solution
There are two ways to solve this problem. One way is to downgrade firmware to 7.5. To do that, you have to determine what CPU architecture your routerboard is running, and find the appropriate package at https://mikrotik.com/download/archive
In my case, I’m using a MikroTik hAP ac^2, and it has an ARM CPU, so I will download version 7.5 for ARM routers. If you’re not sure about your router’s CPU architecture, run the command /system resource print
and look for the property called cpu .
Next step is to drag and drop, or upload that file to your router and run the command /system package downgrade
After that, log back into the router, and run the command /system routerboard upgrade
followed by /system reboot
in order to get your boot firmware to match the package version.
After that, if your connection is not up, remove the RemoteWinBox SSTP client, and copy paste that part of your router’s RemoteWinBox config. We’ve seen connect-to, username and password get corrupted in the SSTP client config during reboots on RouterOS v7.6. After all that, your RemoteWinBox SSTP connection should establish!
If you really, really want to stay on RouterOS v7.6…
One of our customers reached out with another workaround (thank you!) which I have tested in lab, and it did work:
1 – Add RemoteWinBox configuration to your router that has RouterOS 7.6 on it (which you have probably already done)
2 – If the router didn’t connect to RemoteWinBox server, reboot the router
3 – WinBox into the router, and open Interfaces in the side menu
4 – Observe if RemoteWinBox SSTP client is running, and if it is not, double click on it
5 – Chances are one or all of these values are going to be invalid/deleted: Connect to (it seems to get set to 255.255.255.255), User (gets deleted), Password (gets deleted)
6 – Set those properties to values that you can find in your RemoteWinBox router configuration, under the segment that starts with /interfaces sstp-client add
: connect-to, user, password
7 – Observe if the router now successfully connects to RemoteWinBox server
We hope that RouterOS 7.7 will smooth this out! Let us know if this article didn’t resolve the problem for you by emailing us at support@remotewinbox.com!