Part of my network does not have access to google.com

Hi friends. I have an hotel, due to shortages in network technicians i decided to do it my self. The problem is that i already have a network set, and what the guy i paid did is what confuses me, while exploring some vpn features both wireguard and back to home i triggered something that make, as long as i know, two of my routers unable to access google.com. While trying to solve this issue I made them with no internet access at all, there are some pppoe configurations that i still don’t understand and my guests are complaining, maybe you could help me, i will share my export

# 2024-11-10 20:52:05 by RouterOS 7.16.1
# software id = DW5L-9VCS
#
# model = RB4011iGS+
# serial number = HEC08YZ3AXE
/interface bridge
add comment="#PPPOE SERVER#" name=bridge1 port-cost-mode=short
/interface ethernet
set [ find default-name=ether1 ] comment="#LINK CLARO#"
set [ find default-name=ether2 ] comment=\
    "#BRIDGE PPPOE CAM 2,3,4,5# #UPLINK FIBRA 1GB FUNDOS #Lucas BLOCO 4"
set [ find default-name=ether3 ] comment=\
    "#UPLINK FIBRA 1GB RESTAURANTE # Bloco 3"
set [ find default-name=ether4 ] comment=\
    "#UPLINK CBO UTP 100MB RESTAURANTE #"
set [ find default-name=ether5 ] comment="# NVD INTELBRAS #"
set [ find default-name=ether6 ] comment="\?\?Uplink app 311\?\?"
set [ find default-name=ether8 ] comment="Cip 850"
set [ find default-name=ether9 ] comment="Ramal Recep\E7\E3o"
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool1-PPOE ranges=100.64.1.2-100.64.1.254
add name=pool2-Cameras ranges=172.16.20.70-172.16.20.100
add name=dhcp_pool2 ranges=172.16.20.70-172.16.20.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp_pool2 interface=bridge1 lease-time=1d10m name=dhcp1
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
add change-tcp-mss=yes dns-server=8.8.8.8,1.1.1.1 local-address=100.64.1.1 \
    name=SERVER-PPPOE remote-address=pool1-PPOE
add local-address=100.64.1.1 name=plano_100MB rate-limit=100m/100m \
    remote-address=pool1-PPOE
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge1 interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge1 interface=ether6 internal-path-cost=10 path-cost=10
add bridge=bridge1 comment="#RAMAL 9 RECEPCAO ##" interface=ether7 \
    internal-path-cost=10 path-cost=10
add bridge=bridge1 comment="##CIP 850 ##" interface=ether8 \
    internal-path-cost=10 path-cost=10
add bridge=bridge1 comment="#RAMAL 9 RECEPCAO ##" interface=ether9 \
    internal-path-cost=10 path-cost=10
/ip firewall connection tracking
set enabled=yes loose-tcp-tracking=no udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface l2tp-server server
set use-ipsec=yes
/interface list member
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
/interface pppoe-server server
add authentication=chap,mschap1,mschap2 default-profile=SERVER-PPPOE \
    disabled=no interface=bridge1 max-mru=1480 max-mtu=1480 service-name=\
    PPPOE_SERVER
/ip address
add address=172.16.20.1/24 interface=bridge1 network=172.16.20.0
add address=172.16.20.61/8 interface=bridge1 network=172.0.0.0
add address=192.168.100.85/24 interface=bridge1 network=192.168.100.0
/ip cloud
set ddns-update-interval=1m
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=172.16.20.2 client-id=1:80:8f:e8:a3:5e:ee comment=NVD \
    mac-address=80:8F:E8:A3:5E:EE server=dhcp1
add address=172.16.20.3 client-id=1:48:51:cf:5e:4f:79 comment="CAM 01" \
    mac-address=48:51:CF:5E:4F:79 server=dhcp1
add address=172.16.20.4 client-id=1:48:51:cf:5e:4f:a3 comment="CAM 02" \
    mac-address=48:51:CF:5E:4F:A3 server=dhcp1
add address=172.16.20.35 client-id=1:68:ff:7b:cb:3:d3 comment=\
    "TP-LINK RADIO EXTERNO" mac-address=68:FF:7B:CB:03:D3 server=dhcp1
add address=172.16.20.5 client-id=1:48:51:cf:57:31:7 comment="CAM 05 IM5 S" \
    mac-address=48:51:CF:57:31:07 server=dhcp1
add address=172.16.20.6 client-id=1:18:d:2c:85:a7:2b comment=\
    "CAMERA RECEPCAO" mac-address=18:0D:2C:85:A7:2B server=dhcp1
add address=172.16.20.8 client-id=1:18:d:2c:85:a7:31 comment=\
    "CAMERA MIBO RESTAURANTE" mac-address=18:0D:2C:85:A7:31 server=dhcp1
add address=172.16.20.39 client-id=1:d8:77:8b:57:c:4 comment=\
    "RADIO INTELBRAS RESTAURANTE" mac-address=D8:77:8B:57:0C:04 server=dhcp1
add address=172.16.20.9 client-id=1:48:51:cf:45:77:c6 comment=\
    "camera recepcao" mac-address=48:51:CF:45:77:C6 server=dhcp1
add address=172.16.20.10 client-id=1:48:51:cf:7f:9b:ec comment="CAMERA  06" \
    mac-address=48:51:CF:7F:9B:EC server=dhcp1
add address=172.16.20.11 client-id=1:48:51:cf:5e:5b:e0 comment="CAM 07" \
    mac-address=48:51:CF:5E:5B:E0 server=dhcp1
add address=172.16.20.67 client-id=1:30:e1:f1:40:37:7d comment="CAM PARK" \
    mac-address=30:E1:F1:40:37:7D server=dhcp1
/ip dhcp-server network
add address=172.16.20.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=172.16.20.1
/ip dns
set servers=8.8.8.8,8.8.6.6,1.1.1.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set show-dummy-rule=no
/ppp secret
add name=401 profile=SERVER-PPPOE service=pppoe
add name=kiko profile=plano_100MB service=pppoe
add name=402 profile=SERVER-PPPOE service=pppoe
add name=411 profile=SERVER-PPPOE service=pppoe
add name=412 profile=SERVER-PPPOE service=pppoe
add name=413 profile=SERVER-PPPOE service=pppoe
add name=414 profile=SERVER-PPPOE service=pppoe
add name=421 profile=SERVER-PPPOE service=pppoe
add name=301 profile=SERVER-PPPOE service=pppoe
add name=311 profile=SERVER-PPPOE service=pppoe
add name=312 profile=SERVER-PPPOE service=pppoe
add name=radio01 profile=SERVER-PPPOE service=pppoe
add name=radio02 profile=SERVER-PPPOE service=pppoe
add name=radio03 profile=SERVER-PPPOE service=pppoe
add name=radio04 profile=SERVER-PPPOE service=pppoe
add name=radio05 profile=SERVER-PPPOE service=pppoe
add name=radio06 profile=SERVER-PPPOE service=pppoe
add name=radio07 profile=SERVER-PPPOE service=pppoe
add name=radio08 profile=SERVER-PPPOE service=pppoe
add name=radio09 profile=SERVER-PPPOE service=pppoe
add name=radio10 profile=SERVER-PPPOE service=pppoe
add name=radio11 profile=SERVER-PPPOE service=pppoe
add name=radio12 profile=SERVER-PPPOE service=pppoe
add name=radio13 profile=SERVER-PPPOE service=pppoe
add name=radio14 profile=SERVER-PPPOE service=pppoe
add name=313 profile=SERVER-PPPOE service=pppoe
add name=314 profile=SERVER-PPPOE service=pppoe
add name=315 profile=SERVER-PPPOE service=pppoe
add name=316 profile=SERVER-PPPOE service=pppoe
add name=vpn
/system identity
set name=COQUILE
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key

It was to early to try mikrotik but i totally unexpected that it would happen i hope it is something very obvious and you could help me, regards from Brazil!!

Did u check for any IP conflicts?

Thank you for reply, How exactly I check this? And I found that ether2 and 3 does not have access and the routers connected on the switches tha are connected on those interfaces.

Check in DHCP server > leases
Check in PPP > Active Connections

Also you have
/ip dns
set servers=8.8.8.8,8.8.6.6,1.1.1.1

8.8.6.6 ?

Googles DNS is 8.8.8.8 and 8.8.4.4

The network config does not look very good, everything is on the same bridge.
Have you got any backup scripts of the router before you made the changes that messed it up?

Can you supply a network diagram with all devices involved?

Probably not, the ABCs of “Do it yourself” always skip lesson 1:
Before you get your hands on something, always make sure you can restore it to the way it was first.

FWIW that is in most cases the advised way to setup things.
One bridge only.

But not pppoe-server line on same bridge with LAN…

Since you are running a business and actually want people to stay at your hotel…surprized patrons havent burned it to the ground yet… there is no shortage of help actually and the sort that can log into the router and assist live.

https://mikrotik.com/consultants

That was my mistake 8.8,6.6 it had no DNS servers at all only the dynamic one, I thought that was the problem so I added 8.8.8.8 and the wrong 8.8.6.6.
I Indeed don’t have a backup script my bad, I clicked on save as on top left and I didn’t realized till I tried to load that it was just a interface save, .
The only thing I did was create an wireguard interface, add a peer, then I realized that it didn’t worked because my IP wasnt public, the I tried to setup a backtohome wireguard, I made all the steps and added my Smartphone through the qr code, then I left the office and tried to connect to internet on one of the rooms and there was no signal. I rapidly deleted all configurations that I made, but it didn’t help, it was already on a mono bridge. I will try to explain the network diagram
Eth 1 isp
Eth 2 converts to fiber than it reconvertsnto Ethernet on the building 3 and 2, it goes to one switch, that goes to another two switches, then routers and cameras are connected to those.
Eth 3 the same as eth 2 but it goes to building 4
Eth 4 is the same but it does not go through fiber and provide access to building 1
Eth 5 is the office lan
The other ether are things like nvd the reception switch and the voip central.
I will check the IPS on leases and ppp and provide more info in a moment.

I checked for duplicity and it does not have, on ppp side i noted that there are only 5 pppoe connections active, is that a problem? I still does not understand how pppoe works, but i know that which pppoe represents a router.

“5 pppoe connections active”

Do any of the IP’s these clients have look duplicated or the same, ignore the gateway IP?

I looked in active connections and the ips are xxx.xxx.xxx.250, .251, .252, .253, .254, so everything is ok. I connected my pc on the ether4 port and can’t connect to internet, i was afraid there was some misconfiguration on the router used as access point in the restaurant, and i flagged this
https://ibb.co/yQKPw1m
when i disconnect my pc from the working wifi i receives a lot of packages from dns but i cant respond them.

set [ find default-name=ether4 ] comment= “#UPLINK CBO UTP 100MB RESTAURANTE #”

You connect to ether4 and have no internet, is your PC not getting an IP from the DHCP server?
Is there any errors in the log?

No actually ether4 is configured as static ip 172.16.20.69, the dhcp pool starts after 172.16.20.70-254.

“I connected my pc on the ether4 port and can’t connect to internet”

Did you give your PC a static and then connect, check the current list of devices static IP’s before you set it

It seems that my mikrotik does not have connection, part of the hotel have internet because it connected by the modem switch, that is other thing that the guy who make the internet did, when i ping 8.8.8.8 or 1.1.1.1 from the terminal i get that the host is unreachable past 192.168.100.85 which is my local network ip shown at quick set. Any clue of what it means??

Can you post a picture of your IP Routes > Routes List

Here it is https://ibb.co/TqJN9bk