Hi. I’m not sure if this problem is caused by the BT connection, or what. It’s a new BT DSL line (16mb down, 1.1mb up), and to use this line I decided to try an RB450G with a Draytek Vigor 120 PPPoE modem.
I started with a single WAN IP, and performing NAT. I tried with and without SIP helper, and I still run into the same problem. Sometimes, after a few minutes, the call will appear to go dead, but the outside person can hear us, it’s just that we can’t hear them.
Now I have a routed subnet (a block of public IPs), and I even have connection-tracking turned off. Still some of my users are losing calls in this way. Actually, the call isn’t lost, like I said, it’s the incoming audio that is lost.
I’m sure my Asterisk (1.4) setup is OK, it has been in use for a couple of years with a different DSL line. I know my Linux iptables are OK.
Here is my Mikrotik configuration (some IPs have been munged). The only other thing going on is queue trees, but bandwidth consummation is not an issue.
jan/22/1970 02:01:54 by RouterOS 5.20
software id = 2J43-6EKK
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1520 mac-address=D4:CA:6D:58:FE:40
master-port=none mtu=1500 name=ether1-lan-management speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1520 mac-address=D4:CA:6D:58:FE:41
master-port=none mtu=1500 name=ether2-pbx-wan speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=yes full-duplex=yes l2mtu=1520 mac-address=D4:CA:6D:58:FE:42
master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=yes full-duplex=yes l2mtu=1520 mac-address=D4:CA:6D:58:FE:43
master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1520 mac-address=D4:CA:6D:58:FE:44
master-port=none mtu=1500 name=ether5-to-pppoe speed=100Mbps
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch1 switch-all-ports=yes
/ip hotspot profile
set [ find default=yes ] dns-name=“” hotspot-address=0.0.0.0 html-directory=
hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=
cookie,http-chap name=default rate-limit=“” smtp-server=0.0.0.0
split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default
shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des
lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay bootp-support=
static disabled=no interface=ether2-pbx-wan lease-time=3d name=default
/port
set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none
stop-bits=1
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=
default use-encryption=default use-mpls=default use-vj-compression=
default
set 1 change-tcp-mss=yes name=default-encryption only-one=default
use-compression=default use-encryption=yes use-mpls=default
use-vj-compression=default
/interface pppoe-client
add ac-name=“” add-default-route=yes allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=ether5-to-pppoe max-mru=1480
max-mtu=1480 mrru=disabled name=pppoe-out-bt password=something profile=
default service-name=“” use-peer-dns=no user=something@hg52.btclick.com
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=900k name=limit-upload packet-mark=“” parent=pppoe-out-bt
priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=10M name=limit-download packet-mark=“” parent=ether2-pbx-wan
priority=8
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20
red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=none name=only-hardware-queue
set 6 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 7 kind=pfifo name=default-small pfifo-limit=10
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=voip-upload packet-mark=voip-upload parent=limit-upload
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=850k name=non-voip-upload packet-mark=no-mark parent=
limit-upload priority=8 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=voip-down packet-mark=voip-down parent=limit-download
priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0
max-limit=0 name=non-voip-download packet-mark=no-mark parent=
limit-download priority=8 queue=default
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no
ignore-as-path-len=no name=default out-filter=“” redistribute-connected=
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no
redistribute-static=no router-id=0.0.0.0 routing-table=“”
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=
ospf-in metric-bgp=auto metric-connected=20 metric-default=1
metric-other-ospf=auto metric-rip=20 metric-static=20 name=default
out-filter=ospf-out redistribute-bgp=no redistribute-connected=no
redistribute-other-ospf=no redistribute-rip=no redistribute-static=no
router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=
backbone type=default
/snmp community
set [ find default=yes ] addresses=“” authentication-password=“”
authentication-protocol=MD5 encryption-password=“” encryption-protocol=
DES name=public read-access=yes security=none write-access=no
/system logging action
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100
disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0
syslog-facility=daemon syslog-severity=auto target=remote
/user group
set read name=read policy=“local,telnet,ssh,reboot,read,test,winbox,password,w
eb,sniff,sensitive,api,!ftp,!write,!policy” skin=default
set write name=write policy=“local,telnet,ssh,reboot,read,write,test,winbox,pa
ssword,web,sniff,sensitive,api,!ftp,!policy” skin=default
set full name=full policy=“local,telnet,ssh,ftp,reboot,read,write,policy,test,
winbox,password,web,sniff,sensitive,api” skin=default
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=
no
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=fallback
set 1 vlan-header=leave-as-is vlan-mode=fallback
set 2 vlan-header=leave-as-is vlan-mode=fallback
set 3 vlan-header=leave-as-is vlan-mode=fallback
set 4 vlan-header=leave-as-is vlan-mode=fallback
set 5 vlan-header=leave-as-is vlan-mode=fallback
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=
default enabled=no keepalive-timeout=60 mac-address=FE:14:BB:C8:2C:08
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=
default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=
disabled port=443 verify-client-certificate=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=10.10.1.253/8 disabled=no interface=ether1-lan-management
network=10.0.0.0
add address=192.168.2.5/24 disabled=no interface=ether5-to-pppoe network=
192.168.2.0
add address=227.36.105.118/29 disabled=no interface=ether2-pbx-wan network=
227.36.105.112
/ip dhcp-client
add add-default-route=yes comment=“default configuration”
default-route-distance=1 disabled=yes interface=ether1-lan-management
use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.88.0/24 comment=“default configuration” dhcp-option=“”
dns-server=192.168.88.1 gateway=192.168.88.1 ntp-server=“” wins-server=“”
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB
max-udp-packet-size=4096 servers=208.67.222.222
/ip dns static
add address=192.168.88.1 disabled=no name=router ttl=1d
/ip firewall connection tracking
set enabled=no generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=10m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment=“default configuration”
connection-state=established disabled=no
add action=accept chain=input comment=“default configuration”
connection-state=related disabled=no
add action=accept chain=forward comment=voiceflex disabled=no src-address=
93.95.124.7
add action=accept chain=forward disabled=no src-address=146.131.228.0/24
add action=accept chain=forward disabled=no src-address=67.123.65.132
add action=accept chain=forward comment=“mydivert france” disabled=no
src-address=113.40.93.13
add action=accept chain=forward comment=mydivert disabled=no src-address=
78.74.42.74
add action=accept chain=forward comment=mydivert disabled=no src-address=
78.74.43.9
add action=accept chain=forward comment=mydivert disabled=no src-address=
129.48.162.233
add action=accept chain=forward comment=wanatel disabled=no src-address=
127.177.92.148
add action=drop chain=input comment=“default configuration” disabled=no
in-interface=pppoe-out-bt
/ip firewall mangle
add action=mark-packet chain=forward comment=“mark voip-upload” disabled=no
new-packet-mark=voip-upload passthrough=yes protocol=udp src-address=
227.36.105.113 src-port=10000-20000
add action=mark-packet chain=forward disabled=no new-packet-mark=voip-upload
passthrough=yes protocol=udp src-address=227.36.105.113 src-port=5060
add action=mark-packet chain=forward comment=“mark voip download” disabled=no
dst-address=227.36.105.113 dst-port=10000-20000 new-packet-mark=voip-down
passthrough=yes protocol=udp
add action=mark-packet chain=forward disabled=no dst-address=227.36.105.113
dst-port=5060 new-packet-mark=voip-down passthrough=yes protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat comment=
“allow access to draytek pppoe on 192.168.2.1 from the pbx box” disabled=
no out-interface=ether5-to-pppoe
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=yes ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1-lan-management disabled=yes
set ether2-pbx-wan disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5-to-pppoe disabled=no
set pppoe-out-bt disabled=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0
parent-proxy-port=0 port=8080 serialize-connections=no src-address=
0.0.0.0
/ip route
add disabled=no distance=1 dst-address=192.168.253.0/24 gateway=10.10.1.254
scope=30 target-scope=10
/ip service
set telnet address=10.0.0.0/8 disabled=no port=23
set ftp address=10.0.0.0/8 disabled=no port=21
set www address=10.0.0.0/8,192.168.253.0/24 disabled=no port=80
set ssh address=10.0.0.0/8 disabled=no port=22
set www-ssl address=“” certificate=none disabled=yes port=443
set api address=“” disabled=yes port=8728
set winbox address=10.0.0.0/8,192.168.253.0/24 disabled=no port=8291
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=
all
/ip smb shares
set [ find default=yes ] comment=“default share” directory=/pub disabled=no
max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest password=“” read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0
use-explicit-null=no
/port firmware
set directory=firmware ignore-directip-modem=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set ether1-lan-management queue=only-hardware-queue
set ether2-pbx-wan queue=only-hardware-queue
set ether3 queue=only-hardware-queue
set ether4 queue=only-hardware-queue
set ether5-to-pppoe queue=only-hardware-queue
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s
multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m
gateway-selection=no-gateway origination-interval=5s preferred-gateway=
0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no
redistribute-connected=no redistribute-ospf=no redistribute-static=no
routing-table=main timeout-timer=3m update-timer=30s
/snmp
set contact=“” enabled=no engine-id=“” location=“” trap-generators=“”
trap-target=“” trap-version=1
/system clock
set time-zone-name=manual
/system clock manual
set dst-delta=+00:00 dst-end=“jan/01/1970 00:00:00” dst-start=
“jan/01/1970 00:00:00” time-zone=+00:00
/system console
set [ find port=serial0 ] channel=0 disabled=no port=serial0 term=vt102
/system identity
set name=MikroTik
/system logging
set 0 action=memory disabled=no prefix=“” topics=info
set 1 action=memory disabled=no prefix=“” topics=error
set 2 action=memory disabled=no prefix=“” topics=warning
set 3 action=echo disabled=no prefix=“” topics=critical
/system note
set note=“” show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet
boot-protocol=bootp cpu-frequency=680MHz enable-jumper-reset=yes
enter-setup-on=any-key force-backup-booter=no silent-boot=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=
0.0.0.0 user=“”
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=
100
/tool e-mail
set address=0.0.0.0 from=<> password=“” port=25 starttls=no user=“”
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set [ find default=yes ] disabled=yes interface=all
add disabled=no interface=ether2-pbx-wan
add disabled=no interface=ether3
add disabled=no interface=ether4
add disabled=no interface=ether5-to-pppoe
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes interface=all
add disabled=no interface=ether2-pbx-wan
add disabled=no interface=ether3
add disabled=no interface=ether4
add disabled=no interface=ether5-to-pppoe
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number=“” channel=0 keep-max-sms=0 receive-enabled=no secret=“”
/tool sniffer
set file-limit=1000KiB file-name=“” filter-direction=any filter-ip-address=“”
filter-ip-protocol=“” filter-mac-address=“” filter-mac-protocol=“”
filter-port=“” filter-stream=yes interface=pppoe-out-bt memory-limit=
100KiB memory-scroll=yes only-headers=no streaming-enabled=no
streaming-server=10.0.0.41