RB951G-2HnD - upgrade 6.36 to 6.47.10?
Two MikroTik RB951G-2HnD routers have sort of swung back into my orbit with the return after some time of an old customer. These routers both have 6.36 on them, and I'm thinking I should upgrade them to 6.47.10 LTS. Is that too big a jump? Will chunks of the current configuration fail? It's all fairly plain-vanilla except for an IPSec VPN running between the two devices. The particular model is barely mentioned in any of the (many, many) release notes since 6.36, and nothing really relevant. Any hints appreciated. Thanks, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160
Two things to keep in mind which have caught us out.. First is that 6.41 brought in the change to bridges with vlan filtering as preferred to master/slave ports and switch chip configuration. In 6.41, master/slave ports went away, and got converted to bridges. You will absolutely 100% want local access to each device and have a port that is not in master/slave config with access to the router incase something ‘weird’ gets setup in the conversion during the upgrade. Second is that ipsec changed significantly in I think 6.44? We had a lot of legacy routeros VM’s from a company purchase that we’ve ended up leaving on 6.42 or 43 I think. (and moving customers to VmWare NSX firewalls instead) it was something to do with the peer identifiers - Sorry, It was 18 months or so ago now, I just remember upgrading one in a change window and not being able to get their tunnels to all their remote sites re-established, and comparing the config and finding it simply wasn’t possible to authenticate that way anymore. We rolled back the snapshot, and put a halt to upgrade works for that clump of customers. Someone who does IPSEC more regularly might know exactly what changed. Cheers, DG On Sun, 11 Jul 2021 at 2:40 pm, Karl Auer <kauer@nullarbor.com.au> wrote:
Two MikroTik RB951G-2HnD routers have sort of swung back into my orbit with the return after some time of an old customer.
These routers both have 6.36 on them, and I'm thinking I should upgrade them to 6.47.10 LTS.
Is that too big a jump? Will chunks of the current configuration fail? It's all fairly plain-vanilla except for an IPSec VPN running between the two devices.
The particular model is barely mentioned in any of the (many, many) release notes since 6.36, and nothing really relevant.
Any hints appreciated.
Thanks, K.
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
participants (2)
-
Damien Gardner Jnr
-
Karl Auer