Router cannot reach certain websites.

andrefonsecacc · September 13, 2019, 1:35pm

Hi,

Lately,i have some problems with my router, i cannot reach certain websites unless i add a route for each one of the sites. After i add the specific route the website is reachable.

Seaching for a long term solution rather than adding a route for each site i cannot reach.

Any ideias?

nickshore · September 13, 2019, 2:07pm

If you show us your config it would help.

use /export and then we can see what is wrong.

Also provide the output of /ip route print

Regards
Nick

andrefonsecacc · September 13, 2019, 2:24pm

use /export and then we can see what is wrong.
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=
ether6-master
set [ find default-name=ether7 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface ipip
add allow-fast-path=no disabled=yes ipsec-secret=Omniflow03062019 !keepalive
local-address=94.61.62.63 name=ipip-tunnel1 remote-address=146.133.159.43
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk mode=dynamic-keys
supplicant-identity=MikroTik wpa-pre-shared-key=Omninet2018
wpa2-pre-shared-key=Omninet2018
add authentication-types=wpa-psk,wpa2-psk eap-methods=“”
management-protection=allowed name=profile1-mac-filter
radius-mac-authentication=yes supplicant-identity=“”
add authentication-types=wpa2-psk eap-methods=“” management-protection=
allowed mode=dynamic-keys name=profile-guest supplicant-identity=“”
wpa2-pre-shared-key=omniguest
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=4 band=2ghz-b/g/n channel-width=
20/40mhz-Ce country=portugal disabled=no distance=indoors frequency=auto
frequency-mode=regulatory-domain mode=ap-bridge security-profile=
profile1-mac-filter ssid=“OMNINET CORPORATEV” wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=6E:3B:6B:F9:AE:C7
master-interface=wlan1 multicast-buffering=disabled name=wlan2
security-profile=profile-guest ssid=Omni-guest wds-cost-range=0
wds-default-cost=0
/ip ipsec mode-config
add name=enel
/ip ipsec proposal
add enc-algorithms=aes-256-cbc,aes-256-ctr,camellia-256 lifetime=1d name=ENEL
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=10.10.10.2-10.10.10.24
add name=VPN-Pool ranges=192.168.88.25-192.168.88.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=
bridge name=defconf
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no
interface=wlan2 name=dhcp1
/ppp profile
add local-address=VPN-Pool name=VPN-PPTP-Profile remote-address=VPN-Pool
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=ether6-master
add bridge=bridge comment=defconf hw=no interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set authentication=mschap1,mschap2 enabled=yes ipsec-secret=adminomniflow
use-ipsec=yes
/interface list member
add interface=sfp1 list=discover
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=ether6-master list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface=wlan1 list=discover
add interface=bridge list=discover
add interface=wlan2 list=discover
add interface=ipip-tunnel1 list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
add interface=ether1 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2-master network=
192.168.88.0
add address=10.10.10.1/24 interface=wlan2 network=10.10.10.0
add address=94.61.62.63/8 interface=ether2-master network=94.0.0.0
/ip arp
add address=192.168.88.82 interface=bridge
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=
ether1
/ip dhcp-server network
add address=10.10.10.0/24 dns-server=8.8.8.8,8.8.4.4,8.2.2.2,8.2.2.1 gateway=
10.10.10.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=94.61.62.63 name=router
/ip firewall filter
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=accept chain=forward comment=“defconf: accept established,related”
connection-state=established,related log-prefix=–teste
add action=accept chain=input comment=“defconf: accept established,related”
connection-state=established,related
add action=accept chain=input comment=“–allow sstp” dst-port=443 protocol=
tcp
add action=accept chain=input comment=“–allow IKE” dst-port=500 protocol=udp
add action=accept chain=input comment=–allowIPSec dst-port=4500 protocol=udp
add action=accept chain=input comment=–allowl2tp dst-port=1701 protocol=udp
add action=accept chain=input comment=–greinputpptp protocol=gre
add action=accept chain=input comment=“–tcp pptp port 1723” dst-port=1701
protocol=tcp
add action=accept chain=input comment=“–TCP port 1723” dst-port=1723
protocol=tcp
add action=accept chain=input comment=“–UDP port 1723” dst-port=723
protocol=udp
add action=accept chain=input comment=“–accept remote desktop” dst-port=3389
protocol=tcp
add action=accept chain=input comment=“–accept vnc client” dst-port=5900
protocol=tcp
add action=accept chain=input comment=“–accept ping” protocol=icmp
add action=drop chain=forward comment=
“block the guest network from accessing the private network” dst-address=
192.168.88.0/24 log=yes src-address=10.10.10.2-10.10.10.24
add action=drop chain=forward comment=“defconf: drop invalid”
connection-state=invalid disabled=yes
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new disabled=yes in-interface=ether1
/ip firewall mangle
add action=change-mss chain=forward comment=Teste new-mss=clamp-to-pmtu
passthrough=yes protocol=tcp tcp-flags=syn
add action=change-mss chain=forward comment=
“Clamp MSS to PMTU for Outgoing packets” disabled=yes new-mss=
clamp-to-pmtu out-interface=all-ppp passthrough=no protocol=tcp
tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade”
out-interface=ether1
add action=masquerade chain=srcnat comment=“Mascarade Guest” out-interface=
all-wireless src-address=10.10.10.2-10.10.10.24
add action=masquerade chain=srcnat comment=“masq. vpn traffic” log=yes
out-interface=ether1 src-address=192.168.88.0/24
add action=accept chain=srcnat comment=“VPN NAT” dst-address=192.168.88.1
src-address=192.168.1.1
add action=masquerade chain=srcnat comment=“masq. vpn traffic” disabled=yes
src-address=192.168.89.0/24
/ip ipsec policy
add comment=“enel policy” disabled=yes dst-address=146.133.159.43/32
proposal=ENEL sa-dst-address=146.133.159.43 sa-src-address=0.0.0.0
src-address=192.168.88.0/24 tunnel=yes
add disabled=yes dst-address=192.168.88.0/24 sa-dst-address=94.61.62.63
sa-src-address=146.133.159.43 src-address=172.16.252.168/29 tunnel=yes
/ip route
add comment=“–site test” distance=1 dst-address=94.23.77.32/32 gateway=
192.168.1.1
add comment=“–site teste” distance=1 dst-address=94.46.13.190/32 gateway=
192.168.1.1
add comment=–primecentury distance=1 dst-address=94.46.163.142/32 gateway=
192.168.1.1
add comment=–fibrenamics distance=1 dst-address=94.126.169.117/32 gateway=
192.168.1.1
add comment=–norcam distance=1 dst-address=94.126.169.196/32 gateway=
192.168.1.1
/ip service
set www-ssl disabled=no

nickshore:

/ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 ADS 0.0.0.0/0 192.168.1.1 1
1 ADC 10.10.10.0/24 10.10.10.1 wlan2 0
2 ADC 94.0.0.0/8 94.61.62.63 bridge 0
3 A S ;;; --site test
94.23.77.32/32 192.168.1.1 1
4 A S ;;; --site teste
94.46.13.190/32 192.168.1.1 1
5 A S ;;; --primecentury
94.46.163.142/32 192.168.1.1 1
6 A S ;;; --fibrenamics
94.126.169.117/32 192.168.1.1 1
7 A S ;;; --norcam
94.126.169.196/32 192.168.1.1 1
8 ADC 192.168.1.0/24 192.168.1.67 ether1 0
9 ADC 192.168.88.0/24 192.168.88.1 bridge 0