Community discussions

MikroTik App
  4. RouterOS
  5. Virtualization

huge latency on local ping, more than 100ms to ping the CHR - Proxmox

Post Reply
 
tom26
just joined
Topic Author
Posts: 2
Joined: Sun Nov 05, 2023 6:28 pm

huge latency on local ping, more than 100ms to ping the CHR - Proxmox

Sun Nov 05, 2023 6:57 pm

Hi, I've been having a problem with my CHR for a few days.

Problem: huge latency on local ping, more than 100ms to ping the CHR

Infrastructure: local home network consisting of a CISCO 2960 Gigabit switch. Ubiquiti Unifi UAP connected in Gigabit on the switch to transmit the WIFI network. Proxmox server with 2 Gigabit cards connected to the switch, one for server administration and the other for VLAN management between Proxmox and the switch.

CHR V7: On the Proxmox, the CHR has 4 cores and 1 gig of RAM, and 7 network cards. The CHR is the LAN router, DHCP and DNS server.

WIFI or directly connected to the switch, here are the results of my pings from my PC

- CISCO SWITCH: 0-1ms
- PROXMOX: 4ms
- MIKROTIK CHR : 101ms
- MIKROTIK CHR DE TEST : 2ms

I suspect a configuration problem on my main CHR, but I don't understand what's causing the problem. When I disable all my NAT, firewall and mangle rules, I get the same problem. If I restart my CHR it solves the problem for a few minutes before coming back.

Since my second CHR is working fine, would it be wise to put them in HA? However, I don't think that my small home transit is saturating the CHR, as I have 5 DHCP machines on the LAN, 2 servers and about ten VMs.

I've just made an export of my current configuration below.
# 2023-11-05 17:31:37 by RouterOS 7.11.2
# software id =
#
/interface pptp-client
add allow=mschap2 connect-to=XX.XX.XX.XX name=PPTP-LYON user=XX-ABC
/interface ethernet
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-full name=INTERCO-4G
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-full disabled=yes name=\
INTERCO-PFSENSE
set [ find default-name=ether5 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-full name=LAN-BDD
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-full name=LAN-INFRA
set [ find default-name=ether1 ] advertise="" disable-running-check=no name=\
LAN-MT
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-full name=LAN-SRV-WEB-DIRECT
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-full name=LIVEBOX
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-full disabled=yes name=\
test-wifi
/interface wireguard
add disabled=yes listen-port=13233 mtu=1420 name=WG-LAN-LIVEBOX
add listen-port=13232 mtu=1420 name=WG-LAN-MT
add disabled=yes listen-port=13234 mtu=1420 name=WG-LAN-SRV-DIRECT
add disabled=yes listen-port=13231 mtu=1420 name=WG-PFSENSE-WAN
add disabled=yes listen-port=13235 mtu=1420 name=WG-VPS
/disk
set slot1 type=hardware
/interface list
add name=WAN-LISTE
add name=LAN-LISTE
add name=VPN-LISTE
add include=all name=INTERCO-LISTE
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=no shared-users=20
/ip ipsec mode-config
add name="Nord VPN NL" responder=no src-address-list=local
/ip ipsec policy group
add name="Nord VPN policy"
/ip ipsec profile
add name="Nord VPN NL"
/ip ipsec peer
add address=nl866.nordvpn.com disabled=yes exchange-mode=ike2 name=\
"Nord VPN NL" profile="Nord VPN NL"
/ip ipsec proposal
add disabled=yes name="Nord VPN NL propos" pfs-group=none
/ip pool
add name=LAN ranges=192.168.8.10-192.168.8.20
add name=dhcp_pool2 ranges=10.0.10.50-10.0.10.90
/ip dhcp-server
add address-pool=LAN interface=LAN-SRV-WEB-DIRECT name=DHCP-LAN
add add-arp=yes address-pool=dhcp_pool2 interface=LAN-MT lease-time=8h name=\
dhcp1
/routing table
add disabled=no fib name=4G
/snmp community
add addresses=::/0 name=SNMP-TOM
/interface bridge port
add bridge=*13 interface=INTERCO-4G
add bridge=*13 interface=*12
/ipv6 settings
set disable-ipv6=yes
/interface detect-internet
set detect-interface-list=WAN-LISTE internet-interface-list=WAN-LISTE \
lan-interface-list=LAN-LISTE wan-interface-list=WAN-LISTE
/interface list member
add interface=LAN-MT list=LAN-LISTE
add interface=LIVEBOX list=WAN-LISTE
add interface=LAN-SRV-WEB-DIRECT list=LAN-LISTE
add interface=PPTP-LYON list=INTERCO-LISTE
add interface=WG-LAN-LIVEBOX list=VPN-LISTE
add interface=WG-LAN-MT list=VPN-LISTE
add interface=WG-LAN-SRV-DIRECT list=VPN-LISTE
add interface=WG-PFSENSE-WAN list=VPN-LISTE
add interface=INTERCO-PFSENSE list=INTERCO-LISTE
add interface=LAN-BDD list=LAN-LISTE
add interface=LAN-INFRA list=LAN-LISTE
add interface=INTERCO-4G list=WAN-LISTE
/interface wireguard peers
add allowed-address=10.1.11.2/32 comment="PC Ma\EBva" interface=\
WG-PFSENSE-WAN public-key="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="
add allowed-address=192.168.250.2/32 interface=WG-LAN-MT public-key=\
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
add allowed-address=192.168.251.2/32 comment="PC de Ma\EBva" interface=\
WG-LAN-LIVEBOX public-key="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
add allowed-address=192.168.252.2/32 comment="PC de Ma\EBva" interface=\
WG-LAN-SRV-DIRECT public-key=\
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
add allowed-address=192.168.250.3/32 comment="PC fixe Tom" interface=\
WG-LAN-MT public-key=""XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX""
add allowed-address=192.168.250.4/32 comment="iPhone de Tom" interface=\
WG-LAN-MT public-key="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
add allowed-address=192.168.250.5/32 comment="PC de Ma\EBva" interface=\
WG-LAN-MT public-key="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
add allowed-address=192.168.250.6/32 comment="PC fixe Daniel" interface=\
WG-LAN-MT public-key="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
add allowed-address=192.168.252.3/32 comment="PC fixe Tom" interface=\
WG-LAN-SRV-DIRECT public-key=\
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
add allowed-address=10.101.1.2/32 interface=WG-VPS public-key=\
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
add allowed-address=192.168.250.7/32 comment=CPRO interface=WG-LAN-MT \
public-key="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
/ip address
add address=10.0.10.100/24 interface=LAN-MT network=10.0.10.0
add address=192.168.1.101/24 interface=LIVEBOX network=192.168.1.0
add address=10.1.10.1/30 interface=INTERCO-PFSENSE network=10.1.10.0
add address=10.1.11.1/30 interface=WG-PFSENSE-WAN network=10.1.11.0
add address=192.168.250.1/24 interface=WG-LAN-MT network=192.168.250.0
add address=192.168.8.1/24 interface=LAN-SRV-WEB-DIRECT network=192.168.8.0
add address=192.168.251.1/24 interface=WG-LAN-LIVEBOX network=192.168.251.0
add address=192.168.252.1/24 interface=WG-LAN-SRV-DIRECT network=\
192.168.252.0
add address=192.168.1.102/24 interface=LIVEBOX network=192.168.1.0
add address=172.16.8.1/24 interface=LAN-BDD network=172.16.8.0
add address=10.100.10.1/24 interface=LAN-INFRA network=10.100.10.0
add address=10.101.1.1/29 interface=WG-VPS network=10.101.1.0
add address=192.168.44.4/24 interface=INTERCO-4G network=192.168.44.0
/ip dhcp-client
add interface=LAN-MT
/ip dhcp-server lease
add address=10.0.10.88 client-id=1:1c:bf:c0:57:c7:e1 mac-address=\
1C:BF:C0:57:C7:E1 server=dhcp1
add address=10.0.10.84 client-id=1:50:de:6:b6:20:e5 mac-address=\
50:DE:06:B6:20:E5 server=dhcp1
/ip dhcp-server network
add address=10.0.10.0/24 dns-server=10.0.10.100,8.8.8.8,1.1.1.1 gateway=\
10.0.10.100
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
/ip dns static
add address=10.100.10.60 name=portail.XXX.lan
/ip firewall address-list
add address=10.0.10.0/24 list=LAN
add address=10.1.10.0/30 list=INTERCO
add address=10.1.11.0/30 list=VPN
add address=10.100.10.0/24 list=LAN
add address=10.101.1.0/29 list=VPN
add address=172.16.8.0/24 list=INFRA
add address=192.168.1.0/24 list=WAN
add address=192.168.8.0/24 list=INFRA
add address=192.168.27.67 list=VPN
add address=192.168.44.0/24 list=WAN
add address=192.168.250.0/24 list=VPN
add address=192.168.251.0/24 list=VPN
add address=192.168.252.0/24 list=VPN
/ip firewall filter
add action=fasttrack-connection chain=input comment=\
"Connection d\E9j\E0 \E9tablie" connection-state=established,related \
hw-offload=no
add action=accept chain=input connection-state=established,related
add action=drop chain=input comment="Drop paquets invalides" \
connection-state=invalid log-prefix=MAUVAIS-PAQUETS
add action=accept chain=forward comment=BDD-SRV dst-address=172.16.8.2 \
src-address=10.100.10.2
add action=accept chain=forward dst-address=10.100.10.2 src-address=\
172.16.8.2
add action=accept chain=forward dst-address=192.168.8.20 src-address=\
172.16.8.254
add action=accept chain=forward dst-address=172.16.8.254 src-address=\
192.168.8.20
add action=accept chain=forward dst-address=172.16.8.60 src-address=\
10.100.10.60
add action=accept chain=forward dst-address=10.100.10.60 src-address=\
172.16.8.60
add action=drop chain=forward comment="Communication inter-LAN" dst-address=\
192.168.8.0/24 log=yes log-prefix=INTER-LAN src-address=172.16.8.0/24
add action=drop chain=forward dst-address=10.100.10.0/24 log=yes log-prefix=\
INTER-LAN src-address=10.123.123.0/24
add action=drop chain=forward dst-address=172.16.8.0/24 log=yes log-prefix=\
INTER-LAN src-address=192.168.8.0/24
add action=accept chain=input comment="Autorise ICMP" protocol=icmp
add action=accept chain=forward comment="H\E9bergement web" dst-port=80 \
in-interface=LIVEBOX out-interface=LAN-SRV-WEB-DIRECT protocol=tcp
add action=accept chain=forward in-interface=LIVEBOX out-interface=\
LAN-SRV-WEB-DIRECT protocol=tcp src-port=443
add action=accept chain=forward dst-port=443 in-interface=LIVEBOX \
out-interface=LAN-SRV-WEB-DIRECT protocol=tcp
add action=accept chain=forward comment="Autoriser communication LAN <-> VPN" \
in-interface-list=LAN-LISTE out-interface-list=VPN-LISTE
add action=accept chain=forward in-interface-list=VPN-LISTE \
out-interface-list=LAN-LISTE
add action=accept chain=forward comment="Autoriser VPN LAN MT <-> WAN" \
in-interface=WG-LAN-MT out-interface=LAN-MT
add action=accept chain=forward in-interface=LAN-MT out-interface=WG-LAN-MT
add action=accept chain=forward comment="Sortie internet sans restrictions" \
out-interface-list=WAN-LISTE
add action=accept chain=forward out-interface=LAN-INFRA protocol=tcp \
src-port=80,443,53
add action=accept chain=forward in-interface-list=WAN-LISTE out-interface=\
LAN-BDD protocol=tcp src-port=80,443,53
add action=accept chain=forward in-interface-list=WAN-LISTE out-interface=\
LAN-MT protocol=tcp src-port=80,443,53,8080
add action=accept chain=forward in-interface-list=WAN-LISTE out-interface=\
LAN-MT protocol=udp src-port=80,443,53
add action=accept chain=forward in-interface-list=WAN-LISTE out-interface=\
LAN-SRV-WEB-DIRECT protocol=tcp src-port=80,443,53
add action=accept chain=forward dst-address=10.123.123.0/24 in-interface=\
LIVEBOX protocol=tcp src-port=80,443,53
add action=accept chain=forward comment="VPN LIVEBOX <-> RZO LIVEBOX" \
in-interface=WG-LAN-LIVEBOX out-interface=LIVEBOX
add action=accept chain=forward in-interface=LIVEBOX out-interface=\
WG-LAN-LIVEBOX
add action=accept chain=forward comment=\
"VPN LAN SRV DIRECT <-> LAN SRV DIRECT" in-interface=WG-LAN-SRV-DIRECT \
out-interface=LAN-SRV-WEB-DIRECT
add action=accept chain=forward in-interface=LAN-SRV-WEB-DIRECT \
out-interface=WG-LAN-SRV-DIRECT
add action=accept chain=forward comment=\
"VPN INTERCO PFSENSE <-> INTERCO PFSENSE" in-interface=WG-PFSENSE-WAN \
out-interface=INTERCO-PFSENSE
add action=accept chain=forward in-interface=INTERCO-PFSENSE out-interface=\
WG-PFSENSE-WAN
add action=accept chain=forward comment="LAN MT vers LAN INFRA" in-interface=\
LAN-MT out-interface=LAN-INFRA
add action=accept chain=forward in-interface=LAN-INFRA out-interface=LAN-MT
add action=accept chain=forward comment=PING protocol=icmp
add action=accept chain=forward comment=DynDNS dst-address=10.100.10.3 \
in-interface=LIVEBOX
add action=accept chain=forward in-interface=LIVEBOX src-address=10.100.10.3
add action=accept chain=forward comment=DNS dst-port=53 in-interface-list=\
LAN-LISTE out-interface-list=LAN-LISTE protocol=tcp
add action=accept chain=forward dst-port=53 in-interface-list=LAN-LISTE \
out-interface-list=LAN-LISTE protocol=udp
add action=accept chain=forward in-interface-list=WAN-LISTE \
out-interface-list=VPN-LISTE protocol=udp src-port=53,853
add action=accept chain=forward in-interface-list=WAN-LISTE \
out-interface-list=LAN-LISTE protocol=udp src-port=53,853
add action=accept chain=forward in-interface-list=WAN-LISTE \
out-interface-list=LAN-LISTE protocol=tcp src-port=53,853
add action=accept chain=forward in-interface-list=WAN-LISTE \
out-interface-list=INTERCO-LISTE protocol=udp src-port=53,853
add action=accept chain=forward dst-address=192.168.8.254 protocol=udp \
src-address=10.100.10.254 src-port=53
add action=accept chain=forward in-interface-list=WAN-LISTE out-interface=\
LAN-BDD protocol=udp src-port=53
add action=accept chain=forward comment=NTP in-interface-list=WAN-LISTE \
protocol=udp src-port=123
add action=accept chain=forward comment="UNIFI Controller" in-interface-list=\
WAN-LISTE out-interface=LAN-MT protocol=tcp src-port=8883
add action=accept chain=forward comment="UNIFI Controller" in-interface-list=\
WAN-LISTE out-interface=LAN-INFRA protocol=tcp src-port=8883
add action=accept chain=forward in-interface=LAN-MT out-interface=\
LAN-SRV-WEB-DIRECT protocol=tcp src-port=8443
add action=accept chain=forward dst-port=8443 in-interface=LAN-SRV-WEB-DIRECT \
out-interface=LAN-INFRA protocol=tcp
add action=accept chain=forward in-interface=LAN-INFRA out-interface=\
LAN-SRV-WEB-DIRECT protocol=tcp src-port=8443
add action=accept chain=forward comment="R\E9seau invit\E9 test" dst-address=\
192.168.8.20 dst-port=80,443,22 protocol=tcp src-address=10.123.123.0/24
add action=accept chain=forward dst-address=10.123.123.0/24 src-address=\
192.168.8.0/24
add action=accept chain=forward comment=ERP dst-address=10.100.10.60 \
protocol=tcp src-port=587
add action=accept chain=forward dst-address=10.100.10.60 dst-port=80 \
protocol=tcp src-address=192.168.8.254
add action=accept chain=forward dst-address=192.168.8.254 protocol=tcp \
src-address=10.100.10.60 src-port=80
add action=accept chain=forward comment=IPsec in-interface-list=WAN-LISTE \
out-interface=LAN-MT protocol=udp src-port=500
add action=accept chain=forward in-interface-list=WAN-LISTE out-interface=\
LAN-MT protocol=udp src-port=4500
add action=accept chain=forward comment=NetBios in-interface-list=LAN-LISTE \
out-interface-list=LAN-LISTE protocol=udp src-port=137
add action=accept chain=forward in-interface=LIVEBOX out-interface=LAN-MT \
protocol=udp src-port=137
add action=accept chain=forward comment="Tunnel Wireguard" in-interface-list=\
WAN-LISTE out-interface=LAN-MT protocol=udp src-port=51820
add action=drop chain=forward comment=\
"R\E8gles de blocage affin\E9es sans log" dst-port=81 in-interface-list=\
WAN-LISTE out-interface=LAN-MT protocol=tcp
add action=drop chain=forward in-interface-list=WAN-LISTE out-interface=\
LAN-MT protocol=tcp src-port=5223
add action=drop chain=forward in-interface-list=WAN-LISTE out-interface=\
LAN-MT protocol=tcp src-port=5228
add action=drop chain=forward in-interface-list=WAN-LISTE out-interface=\
LAN-MT protocol=tcp src-port=3480
add action=drop chain=forward in-interface-list=WAN-LISTE out-interface=\
LAN-MT protocol=udp src-port=3485
add action=drop chain=forward comment="R\E8gle de blocage g\E9n\E9rale" log=\
yes log-prefix=BLOCAGE
/ip firewall mangle
add action=accept chain=prerouting comment=\
"Exclusions des destinations locales" disabled=yes dst-address-list=LAN \
src-address=10.0.10.88
add action=accept chain=prerouting disabled=yes dst-address-list=INTERCO \
src-address=10.0.10.88
add action=accept chain=prerouting disabled=yes dst-address-list=INFRA \
src-address=10.0.10.88
add action=accept chain=prerouting disabled=yes dst-address-list=WAN \
src-address=10.0.10.88
add action=accept chain=prerouting disabled=yes dst-address-list=VPN \
src-address=10.0.10.88
add action=mark-routing chain=prerouting comment="For\E7age 4G en primaire" \
disabled=yes new-routing-mark=4G passthrough=no src-address=10.0.10.88
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=4G \
passthrough=no src-address=10.0.10.84
/ip firewall nat
add action=dst-nat chain=dstnat comment="NAT SRV WEB depuis LIVEBOX" \
dst-address=192.168.1.101 dst-port=443 in-interface=LIVEBOX log-prefix=\
NPM443 protocol=tcp to-addresses=192.168.8.254 to-ports=443
add action=dst-nat chain=dstnat dst-address=192.168.1.101 dst-port=80 \
in-interface=LIVEBOX log-prefix=NPM80 protocol=tcp to-addresses=\
192.168.8.254
add action=src-nat chain=srcnat comment="LAN - NAT sorant" out-interface=\
LIVEBOX src-address=192.168.8.0/24 to-addresses=192.168.1.101
add action=src-nat chain=srcnat out-interface=LIVEBOX src-address=\
10.123.123.0/24 to-addresses=192.168.1.101
add action=src-nat chain=srcnat out-interface=LIVEBOX src-address=\
172.16.8.0/24 to-addresses=192.168.1.101
add action=src-nat chain=srcnat log-prefix=SRC-LAN-INFRA out-interface=\
LIVEBOX src-address=10.100.10.0/24 to-addresses=192.168.1.101
add action=src-nat chain=srcnat out-interface=LIVEBOX src-address=\
10.0.10.0/24 to-addresses=192.168.1.101
add action=masquerade chain=srcnat log-prefix=INTERCO-4G out-interface=\
INTERCO-4G to-addresses=192.168.44.4
add action=src-nat chain=srcnat comment="VPN WG LIVEBOX" src-address=\
192.168.251.2 to-addresses=192.168.1.101
add action=src-nat chain=srcnat comment="VPN WG LAN" src-address=\
192.168.250.0/24 to-addresses=10.0.10.100
add action=src-nat chain=srcnat comment="VPN WG INTERCO PFSENSE" src-address=\
10.1.11.2 to-addresses=10.1.10.1
# PPTP-LYON not ready
add action=dst-nat chain=dstnat dst-address=192.168.27.67 dst-port=50443 \
in-interface=PPTP-LYON protocol=tcp to-addresses=192.168.8.2 to-ports=80
add action=src-nat chain=srcnat comment="TEST SRV WEB via PPTP LYON" \
out-interface=LAN-SRV-WEB-DIRECT to-addresses=192.168.27.67
add action=dst-nat chain=dstnat comment=NPM dst-address=192.168.1.101 \
dst-port=81 protocol=tcp to-addresses=192.168.8.254 to-ports=81
add action=dst-nat chain=dstnat comment=PFSENSE dst-address=192.168.1.102 \
protocol=tcp to-addresses=10.1.10.2
add action=dst-nat chain=dstnat dst-address=192.168.1.102 protocol=udp \
to-addresses=10.1.10.2
add action=src-nat chain=srcnat comment="NAT sortant VPN VPS" src-address=\
10.101.1.0/29 to-addresses=192.168.1.101
/ip ipsec identity
add auth-method=eap certificate="" disabled=yes eap-methods=eap-mschapv2 \
generate-policy=port-strict mode-config="Nord VPN NL" peer="Nord VPN NL" \
policy-template-group="Nord VPN policy" username=XXXXXXXXXXXXXXXXXXXXXXXXXX
/ip ipsec policy
add dst-address=0.0.0.0/0 group="Nord VPN policy" proposal=\
"Nord VPN NL propos" src-address=0.0.0.0/0 template=yes
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no distance=1 dst-address=192.168.101.0/24 gateway=XX.XX.XX.XX \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no dst-address=192.168.27.0/24 gateway=XX.XX.XX.XX \
routing-table=main suppress-hw-offload=no
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=XX.XX.XX.XX \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no dst-address=192.168.1.0/24 gateway=192.168.1.1 routing-table=\
main suppress-hw-offload=no
add disabled=no dst-address=10.12.0.0/24 gateway=10.1.10.2 routing-table=main \
suppress-hw-offload=no
add disabled=no dst-address=10.123.123.0/24 gateway=10.0.10.200 \
routing-table=main suppress-hw-offload=no
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=192.168.44.1 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no dst-address=192.168.44.0/24 gateway=192.168.44.1 \
routing-table=main suppress-hw-offload=no
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.44.1 routing-table=4G \
suppress-hw-offload=no
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=192.168.1.1 \
pref-src="" routing-table=4G scope=30 suppress-hw-offload=no \
target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=10.0.10.0/24 disabled=yes
set ssh address=10.0.10.0/24
set api disabled=yes
set winbox address=\
10.0.10.0/24,192.168.1.0/24,192.168.250.0/24,10.123.123.0/24
set api-ssl disabled=yes
/snmp
set enabled=yes location="DC XXXX - PVE1"
/system clock
set time-zone-name=Europe/Paris
/system identity
set name=CHR-XXX
/system logging
add disabled=yes topics=debug
add disabled=yes topics=pptp
/system note
set note="[Interface]\r\
\nPrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXX
\nAddress = 192.168.250.3/32\r\
\nDNS = 8.8.8.8\r\
\n\r\
\n[Peer]\r\
\nPublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXX
\nAllowedIPs = 10.0.10.0/24\r\
\nEndpoint = 192.168.1.101:13232\r\
\nPersistentKeepalive = 10\r\
\n" show-at-login=no
/tool e-mail
set address=XXXXXXXXXXXX from=XXXXXXXXXXXXXXXX port=587 tls=yes user=\
XXXXXXXXXXXXXXXXXXXX
/tool netwatch
add comment=INTERNET disabled=no down-script="" host=8.8.8.8 http-codes="" \
interval=10s test-script="" type=simple up-script=""
add comment=INTERNET disabled=yes down-script="" host=1.1.1.1 http-codes="" \
interval=5s test-script="" type=simple up-script=""
add comment=LIVEBOX disabled=no down-script="" host=192.168.1.1 http-codes="" \
interval=10s test-script="" type=simple up-script=""
add comment=CISCO disabled=no down-script="" host=10.0.10.1 http-codes="" \
interval=10s test-script="" type=simple up-script=""
/tool romon
set enabled=yes
/tool sniffer
set filter-ip-address=10.100.10.3/32
Thank you for your help
Top
 
tom26
just joined
Topic Author
Posts: 2
Joined: Sun Nov 05, 2023 6:28 pm

Re: huge latency on local ping, more than 100ms to ping the CHR - Proxmox

Mon Nov 06, 2023 8:05 pm

Problem solved after restarting the Mikrotik several times. I still activated VRRP to have a backup Mikrotik.
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests
  4. RouterOS
  5. Virtualization