Hi,
From my last post I made a progress 
The l2tp/IPsec was up and running until today. The tech guy from site called that they cannot access internet. Restart didn’t helped any, but the pppoe line is up - tested with another router.
The pppoe is 10M/1M line, the traffic is generated by dozen of CCTV IP cameras (7-8Mbit all together).
The CCTV network is 192.168.10.0/24 (ether5), the 172.16.100.0/24 (ether2-4) is low traffic <500kbit
Last time I’ve checked the router had cca. 15MB ram free and 30MB flash/disk free. The CPU usage was under 10%. The number of connections is around 100 at time.
Now I can’t access my router neither physically (I’m 300 km away now) or over internet. Can you please check this configuration, is the cause of failure from outside or from traffic?
How can I improve this conf?
Thanks
[admin@MikroTik] > export
# may/31/2012 20:06:15 by RouterOS 5.16
# software id = xxxx-xxxx
#
/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1526 \
mac-address=00:0C:42:7D:28:B5 mtu=1500 name=ether1-gateway speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=\
no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:7D:28:B6 master-port=\
none mtu=1500 name=ether2-master-BMS speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=\
no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:7D:28:B7 master-port=\
ether2-master-BMS mtu=1500 name=ether3-slave-BMS speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=\
no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:7D:28:B8 master-port=\
ether2-master-BMS mtu=1500 name=ether4-slave-BMS speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=\
no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:7D:28:B9 master-port=\
none mtu=1500 name=ether5-Video_nadzor speed=100Mbps
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch1
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des \
lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=pool_VN ranges=192.168.10.10-192.168.10.254
add name=pool_BMS ranges=172.16.100.100-172.16.100.254
/ip dhcp-server
add add-arp=yes address-pool=pool_BMS authoritative=after-2sec-delay \
bootp-support=static disabled=no interface=ether2-master-BMS lease-time=1d \
name=dhcp_BMC
add add-arp=yes address-pool=pool_VN authoritative=after-2sec-delay \
bootp-support=static disabled=no interface=ether5-Video_nadzor lease-time=\
1d name=dhcp_VN
/ppp profile
set 0 change-tcp-mss=yes local-address=pool_BMS name=default only-one=default \
remote-address=pool_BMS use-compression=default use-encryption=default \
use-mpls=default use-vj-compression=default
set 1 change-tcp-mss=yes local-address=pool_BMS name=default-encryption \
only-one=default remote-address=pool_BMS use-compression=default \
use-encryption=yes use-mpls=default use-vj-compression=default
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=ether1-gateway max-mru=1480 \
max-mtu=1480 mrru=disabled name=pppoe-Optima password=_password_ profile=\
default service-name="" use-peer-dns=no user=user@isp
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=none name=only-hardware-queue
set 6 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 7 kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=no \
redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=ospf-in \
metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=auto \
metric-rip=20 metric-static=20 name=default out-filter=ospf-out \
redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \
redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
backbone type=default
/snmp community
set [ find default=yes ] address=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=DES \
name=public read-access=yes security=none write-access=no
/system logging action
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0 \
syslog-facility=daemon syslog-severity=auto target=remote
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,web\
,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pass\
word,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,wi\
nbox,password,web,sniff,sensitive,api" skin=default
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=fallback
set 1 vlan-header=leave-as-is vlan-mode=fallback
set 2 vlan-header=leave-as-is vlan-mode=fallback
set 3 vlan-header=leave-as-is vlan-mode=fallback
set 4 vlan-header=leave-as-is vlan-mode=fallback
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default enabled=yes \
max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=PFOS cipher=blowfish128,aes128 default-profile=\
default-encryption enabled=no keepalive-timeout=60 mac-address=\
FE:A5:57:72:9D:EC max-mtu=1500 mode=ip netmask=24 port=1194 \
require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=\
no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
disabled port=443 verify-client-certificate=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=172.16.100.1/24 comment="default configuration" disabled=no \
interface=ether2-master-BMS network=172.16.100.0
add address=192.168.10.1/24 disabled=no interface=ether5-Video_nadzor network=\
192.168.10.0
/ip dhcp-client
add add-default-route=yes comment="default configuration" \
default-route-distance=1 disabled=no interface=ether1-gateway use-peer-dns=\
no use-peer-ntp=no
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server lease
add address=192.168.10.253 client-id=1:50:e5:49:3d:1a:29 disabled=no \
mac-address=50:E5:49:3D:1A:29 server=dhcp_VN
add address=192.168.10.252 client-id=1:50:e5:49:3d:19:f6 disabled=no \
mac-address=50:E5:49:3D:19:F6 server=dhcp_VN
/ip dhcp-server network
add address=172.16.100.0/24 comment="default configuration" dhcp-option="" \
dns-server=8.8.8.8 gateway=172.16.100.1 netmask=24 ntp-server="" \
wins-server=""
add address=192.168.10.0/24 comment="default configuration" dhcp-option="" \
dns-server=8.8.8.8 gateway=192.168.10.1 netmask=24 ntp-server="" \
wins-server=""
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=4096 servers=85.114.32.7,85.114.32.8
/ip dns static
add address=192.168.88.1 disabled=no name=router ttl=1d
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=\
established disabled=no
add action=accept chain=input comment="default configuration" connection-state=\
related disabled=no
add action=accept chain=input comment="Default configuration" connection-state=\
new disabled=no
add action=accept chain=input comment="L2TP / IPsec" disabled=no protocol=\
ipsec-esp
add action=accept chain=input disabled=no protocol=ipsec-ah
add action=accept chain=input disabled=no protocol=udp src-port=500
add action=accept chain=input disabled=no protocol=udp src-port=1701
add action=accept chain=input disabled=no protocol=udp src-port=4500
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=yes \
out-interface=ether1-gateway to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment=" def" disabled=no out-interface=\
pppoe-Optima
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip ipsec peer
add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no \
dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=\
main-l2tp generate-policy=yes hash-algorithm=md5 lifetime=1d \
my-id-user-fqdn="" nat-traversal=no port=500 secret=\
"secret" send-initial-contact=yes
/ip neighbor discovery
set ether1-gateway disabled=yes
set ether2-master-BMS disabled=no
set ether3-slave-BMS disabled=no
set ether4-slave-BMS disabled=no
set ether5-Video_nadzor disabled=no
set pppoe-Optima disabled=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=600 \
max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0
/ip service
set telnet address="" disabled=no port=23
set ftp address="" disabled=no port=21
set www address="" disabled=no port=80
set ssh address="" disabled=no port=22
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=yes port=8728
set winbox address="" disabled=no port=8291
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/pub disabled=no \
max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest password="" read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=yes inactive-flow-timeout=\
15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
use-explicit-null=no
/port firmware
set directory=firmware
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=user1 \
password="user1password" profile=default-encryption routes="" service=\
any
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=user2 \
password="user2password" profile=default-encryption routes="" service=\
any
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=user3 \
password="user3password" profile=default-encryption routes="" service=\
any
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=user4 \
password="user4password" profile=default-encryption routes="" service=\
any
/queue interface
set ether1-gateway queue=only-hardware-queue
set ether2-master-BMS queue=only-hardware-queue
set ether3-slave-BMS queue=only-hardware-queue
set ether4-slave-BMS queue=only-hardware-queue
set ether5-Video_nadzor queue=only-hardware-queue
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
routing-table=main timeout-timer=3m update-timer=30s
/snmp
set contact="" enabled=no engine-id="" location="" trap-generators="" \
trap-target="" trap-version=1
/system clock
set time-zone-name=Europe/Zagreb
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system identity
set name=MikroTik
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
add action=memory disabled=no prefix=ipsec topics=ipsec
add action=memory disabled=no prefix=l2tp topics=l2tp
add action=memory disabled=no prefix="" topics=ovpn
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=213.235.200.199 secondary-ntp=\
46.4.57.150
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
/system routerboard settings
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\
400MHz force-backup-booter=no silent-boot=no
/system scheduler
add disabled=no interval=5m name="update dDNS" on-event=freedns_updater policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/01/1970 start-time=00:00:00
/system script
add name=freedns_updater policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="/tool fetch address=\"freedns.afraid.org\" host=\"freedns.afraid.org\
\" mode=http src-path=\"dynamic/update.php\\ \?TDA3aUxEM1lGMW9NYUFXRmdzcVo6N\
HASH==\" keep-result=no"
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
8.8.8.8 watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=100
/tool e-mail
set address=1.1.1.1 from="<PFOS MT>" password=pppoe_pass port=25 user=\
user@isp
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set [ find default=yes ] disabled=yes interface=all
add disabled=no interface=ether2-master-BMS
add disabled=no interface=ether3-slave-BMS
add disabled=no interface=ether4-slave-BMS
add disabled=no interface=ether5-Video_nadzor
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes interface=all
add disabled=no interface=ether2-master-BMS
add disabled=no interface=ether3-slave-BMS
add disabled=no interface=ether4-slave-BMS
add disabled=no interface=ether5-Video_nadzor
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=1000KiB file-name="" filter-ip-address="" filter-ip-protocol="" \
filter-mac-address="" filter-mac-protocol="" filter-port="" filter-stream=\
yes interface=all memory-limit=100KiB memory-scroll=yes only-headers=no \
streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s \
use-radius=no