the below config is from 7.13 it works fine in 7.13 as soon as i upgrade to anything above that the wifi stops functioning
the ssid does not appear on many devices and the devices that does show the ssid refuse to connect they just fail and i get logs that say things like disconnected, key handshake timeout and connection lost, signal strength -33
im at a loss if any one can assist it would be much appreciated
Code: Select all
# 2024-03-26 21:25:34 by RouterOS 7.13
# software id = RGSG-4CC8
#
# model = L009UiGS-2HaxD
# serial number = HF309AC6E4Y
/interface bridge
add admin-mac=x:x:x:x:x:x auto-mac=no comment=defconf name=bridge \
port-cost-mode=short
/interface wifi
set [ find default-name=wifi1 ] configuration.mode=ap .ssid=XPAINX-IOT \
disabled=no
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=dhcp ranges=192.168.50.10-192.168.50.250
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=10m name=defconf
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 \
path-cost=10
add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 \
path-cost=10
add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 \
path-cost=10
add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 \
path-cost=10
add bridge=bridge comment=defconf interface=ether6 internal-path-cost=10 \
path-cost=10
add bridge=bridge comment=defconf interface=ether7 internal-path-cost=10 \
path-cost=10
add bridge=bridge comment=defconf interface=ether8 internal-path-cost=10 \
path-cost=10
add bridge=bridge comment=defconf interface=sfp1 internal-path-cost=10 \
path-cost=10
add bridge=bridge interface=wifi1
add bridge=bridge comment=defconf disabled=yes interface=WAN \
internal-path-cost=10 path-cost=10
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip dhcp-server network
add address=192.168.50.0/24 comment=defconf dns-server=192.168.50.253 \
gateway=192.168.50.254 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.50.254 comment=defconf name=router.lan
/ip firewall address-list
add address=192.168.50.2-192.168.50.254 list=allowed_to_router
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
not_in_internet
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
add action=accept chain=input comment="default configuration" \
connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input
add action=accept chain=forward comment="Established, Related" \
connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
log=yes log-prefix=invalid
add action=drop chain=forward comment=\
"Drop tries to reach not public addresses from LAN" dst-address-list=\
not_in_internet in-interface=bridge log=yes log-prefix=!public_from_LAN \
out-interface=!bridge
add action=drop chain=forward comment=\
"Drop incoming packets that are not NAT`ted" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1 log=yes log-prefix=!NAT
add action=jump chain=forward comment="jump to ICMP filters" jump-target=icmp \
protocol=icmp
add action=drop chain=forward comment=\
"Drop incoming from internet which is not public IP" in-interface=ether1 \
log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward comment=\
"Drop packets from LAN that do not have LAN IP" in-interface=bridge log=\
yes log-prefix=LAN_!LAN src-address=!192.168.50.0/24
add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=\
icmp
add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 \
protocol=icmp
add action=accept chain=icmp comment="host unreachable" icmp-options=3:1 \
protocol=icmp
add action=accept chain=icmp comment=\
"host unreachable fragmentation required" icmp-options=3:4 protocol=icmp
add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 \
protocol=icmp
add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 \
protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 \
protocol=icmp
add action=drop chain=icmp comment="deny all other types"
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="HAIRPIN NAT" dst-address=\
192.168.50.0/24 log-prefix=NAT src-address=192.168.50.0/24
add action=dst-nat chain=dstnat dst-port=6668 protocol=tcp src-address=\
192.168.50.0/24 src-port=6668 to-addresses=192.168.50.211 to-ports=6668
add action=dst-nat chain=dstnat comment="HOME ASSITANT " dst-address=\
x.x.x.x dst-port=8123 protocol=tcp to-addresses=192.168.50.211 \
to-ports=8123
add action=dst-nat chain=dstnat comment="HOME ASSITANT HTTPS" dst-address=\
x.x.x.x dst-port=443 protocol=tcp to-addresses=192.168.50.211 \
to-ports=8123
add action=dst-nat chain=dstnat comment="INVOICE NINJA" dst-address=\
x.x.x.x dst-port=8003 protocol=tcp to-addresses=192.168.50.14 \
to-ports=8003
add action=dst-nat chain=dstnat comment=STEAM dst-address=x.x.x.x \
dst-port=7770-7900 protocol=tcp to-addresses=192.168.50.61 to-ports=\
7770-7900
add action=dst-nat chain=dstnat comment=STEAM dst-address=x.x.x.x \
dst-port=7770-7900 protocol=udp to-addresses=192.168.50.61 to-ports=\
7770-7900
add action=dst-nat chain=dstnat comment=STEAM dst-address=x.x.x.x \
dst-port=27000-27090 protocol=udp to-addresses=192.168.50.61 to-ports=\
27000-27090
add action=dst-nat chain=dstnat comment=STEAM dst-address=x.x.x.x \
dst-port=27000-27090 protocol=tcp to-addresses=192.168.50.61 to-ports=\
27000-27090
add action=dst-nat chain=dstnat comment=PALWORLD dst-address=x.x.x.x \
dst-port=8200-8300 protocol=udp to-addresses=192.168.50.61 to-ports=\
8200-8300
add action=dst-nat chain=dstnat comment=PALWORLD dst-address=x.x.x.x \
dst-port=8200-8300 protocol=tcp to-addresses=192.168.50.61 to-ports=\
8200-8300
add action=dst-nat chain=dstnat comment=UT dst-address=x.x.x.x \
dst-port=60910 protocol=tcp to-addresses=192.168.50.66 to-ports=60910
add action=dst-nat chain=dstnat comment=UT dst-address=x.x.x.x \
dst-port=60910 protocol=tcp to-addresses=192.168.50.66 to-ports=60910
add action=dst-nat chain=dstnat comment=UT dst-address=x.x.x.x \
dst-port=60910 protocol=udp to-addresses=192.168.50.66 to-ports=60910
add action=dst-nat chain=dstnat dst-address=x.x.x.x dst-port=8899 \
protocol=tcp to-addresses=192.168.50.52 to-ports=443
add action=dst-nat chain=dstnat dst-address=x.x.x.x dst-port=8080 \
protocol=tcp to-addresses=192.168.50.72 to-ports=80
add action=dst-nat chain=dstnat dst-address=x.x.x.x dst-port=8081 \
protocol=tcp src-port="" to-addresses=192.168.50.71 to-ports=80
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Africa/Johannesburg
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN