Hi there, this was going on for ages, but it was usualy websites I didn’t realy care about like t.me (web.telegram.org, telegram.org), pan.baidu.com, etc
but today this domain: https://aadcdn.msauth.net also got affected which is used for login.microsoftonline.com, meaning I cannot login to any microsoft account because its trying to acses stuff from aadcdn.msauth.net and failing
if I do a tracert to this domains
u can see that somewhere along the patch routes just not connect
here is my config
# jun/13/2025 10:13:00 by RouterOS 6.40.8
# software id = DZIA-SA5V
#
# model = 2011UiAS-2HnD
# serial number = NADA
/interface bridge
add name=ANJA-PC-BRIDGE
add admin-mac=00:04:30:4E:FD:F8 auto-mac=no fast-forward=no name=IPTV
add fast-forward=no name="T2 IPTV"
add name=Telefon
add name="VLAN 4 BRIDGE"
add admin-mac=E4:8D:8C:38:BD:47 auto-mac=no comment=defconf fast-forward=no \
name=bridge
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
set [ find default-name=ether6 ] advertise=100M-full name=ether6-master
set [ find default-name=ether7 ] advertise=100M-full
set [ find default-name=ether9 ] master-port=ether8
set [ find default-name=ether10 ] l2mtu=1500
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=50 band=2ghz-b/g/n \
channel-width=20/40mhz-Ce country=japan disabled=no distance=indoors \
frequency=2472 frequency-mode=superchannel mode=ap-bridge ssid=DXingSLO \
wireless-protocol=802.11
/interface pppoe-client
add add-default-route=yes default-route-distance=0 disabled=no interface=\
ether1 keepalive-timeout=60 name=pppoe-out1 use-peer-dns=yes user=\
mkocja47
/interface pppoe-server
add name=PPPoEInnbox service="" user=mkocja47
/interface eoip
add disabled=yes !keepalive local-address=86.61.74.227 mac-address=\
02:F6:40:C3:9C:EC name=eoip-tunnel1 remote-address=89.212.105.60 \
tunnel-id=1
/ip neighbor discovery
set ether1 discover=no
/interface vlan
add interface=ether8 name="BOX Dnevna" vlan-id=3999
add interface=ether9 name="BOX Spalnica" vlan-id=3999
add interface=ether6-master name=BOX2 vlan-id=3999
add interface=ether2-master name="IPTV PC TimeShift" vlan-id=3999
add interface=ether6-master name="Innbox Phone out" vlan-id=3998
add interface=ether1 name="SIOL IPTV IN" vlan-id=3999
add interface=ether2-master name="Softphone OUT" vlan-id=3998
add interface=ether2-master name=T2 vlan-id=10
add interface=ether1 name="Telefon IN" vlan-id=3998
add interface=ether2-master name="VLAN 4 TEST" vlan-id=2
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=\
tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
unicast-ciphers=tkip,aes-ccm
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed name=open supplicant-identity=""
/ip dhcp-server
add authoritative=after-2sec-delay name=Xstreamer
/ip dhcp-server option
add code=43 name=KreaTV value="0x0103'3,1'0x0203'3,1'0x0a0F'224.2.2.2:22222'"
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.90.2-192.168.90.254
add name=vpn ranges=192.168.89.2-192.168.89.255
add name="SIOL BOX" ranges=192.168.1.10-192.168.1.50
add name=dhcp_pool2 ranges=192.168.40.2-192.168.40.254
add name=ANJA-PC-Pool ranges=192.168.29.2-192.168.29.254
add name="PPPoE Server" ranges=192.168.100.10-192.168.100.20
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
bridge name=defconf
add address-pool="SIOL BOX" authoritative=after-2sec-delay name=dhcp1
add address-pool=ANJA-PC-Pool authoritative=after-2sec-delay interface=\
"VLAN 4 BRIDGE" name=dhcp2
add address-pool=ANJA-PC-Pool authoritative=after-2sec-delay interface=\
ANJA-PC-BRIDGE name=ANJA-PC-DHCP
/ppp profile
add dns-server=8.8.8.8 local-address=192.168.100.1 name=Innbox \
remote-address="PPPoE Server"
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
set 1 disk-file-name=igmp-proxy-log
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=IPTV interface="SIOL IPTV IN"
add bridge=bridge disabled=yes interface=ether1
add bridge=bridge interface=ether7
add bridge=IPTV interface="BOX Dnevna"
add bridge=bridge interface=ether8
add bridge=IPTV interface="BOX Spalnica"
add bridge=bridge interface=ether10
add bridge=IPTV interface=BOX2
add bridge=IPTV interface="IPTV PC TimeShift"
add bridge="T2 IPTV" interface=eoip-tunnel1
add bridge="T2 IPTV" interface=T2
add bridge="VLAN 4 BRIDGE" interface="VLAN 4 TEST"
add bridge=ANJA-PC-BRIDGE interface=ether3
add bridge=Telefon interface="Innbox Phone out"
add bridge=Telefon interface="Telefon IN"
add bridge=Telefon interface="Softphone OUT"
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface pppoe-server server
add default-profile=Innbox disabled=no interface=ether6-master service-name=\
service1
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/interface wireless snooper
set receive-errors=yes
/ip accounting web-access
set address=0.0.0.0/24
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2-master network=\
192.168.88.0
add address=169.254.175.162/16 interface="SIOL IPTV IN" network=169.254.0.0
add address=192.168.40.0/24 interface="BOX Dnevna" network=192.168.40.0
add address=192.168.99.1 comment="SIOL BOX STUFF TESTING" interface=\
"VLAN 4 TEST" network=192.168.99.0
add address=192.168.29.1/24 comment=ANJA-PC disabled=yes interface=\
ether2-master network=192.168.29.0
add address=192.168.29.1/24 comment=ANJA-DHCP interface=ether3 network=\
192.168.29.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server config
set store-leases-disk=immediately
/ip dhcp-server lease
add address=192.168.88.100 mac-address=64:6E:EA:17:E1:32 server=defconf
add address=192.168.88.38 always-broadcast=yes client-id=1:0:1c:85:40:30:cb \
mac-address=00:1C:85:40:30:CB server=defconf
add address=192.168.88.12 always-broadcast=yes client-id=1:e0:69:95:35:85:5a \
mac-address=E0:69:95:35:85:5A server=defconf
add address=192.168.88.20 client-id=1:44:8a:5b:d5:b7:f9 mac-address=\
44:8A:5B:D5:B7:F9 server=defconf
add address=192.168.88.33 mac-address=00:0C:29:9D:4C:3C server=defconf
add address=192.168.88.39 mac-address=40:F5:20:FB:09:02 server=defconf
add address=192.168.88.10 dhcp-option=*3E mac-address=00:02:9B:45:A8:2A \
server=defconf
/ip dhcp-server network
add address=192.168.29.0/24 comment=ANJA-PC dns-server=192.168.88.20 gateway=\
192.168.29.1
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.20 domain=\
windows.nt gateway=192.168.88.1 next-server=192.168.88.12 wins-server=\
192.168.88.20
add address=192.168.99.0/24 comment="BOX TEST" dns-server=192.168.88.20 \
gateway=192.168.99.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
add address=192.168.88.20 comment="WINDOWS.NT Stuff" name=windows.nt
add address=192.168.88.20 name=speedtest.windows.nt
add address=192.168.88.20 name=windows.ookla.com
add address=192.168.88.12 name=hama.wifiradiofrontier.com
add address=192.168.88.12 name=www.hbogo.si
add address=192.168.88.38 name=plex.xbmc
add address=192.168.88.12 comment="phpStorm License Server" name=\
license.phpstorm.com
add address=192.168.88.12 comment="American Truck Simulator" name=\
ats.online.scssoft.com
add address=192.168.88.12 name=radios.ats.online.scssoft.com
add address=192.168.88.12 name=eut2.online.scssoft.com
add address=192.168.88.12 name=update.windows.nt
add address=192.168.88.12 disabled=yes name=jhsoftware.dk
add address=192.168.88.12 comment="Stereo Tool License Server" name=\
vvv.stereotool.com
add address=192.168.88.12 comment="Youtube Multiple Downloader Update Server" \
name=ymdv3.phanmemtienich.net
add address=192.168.88.12 name=radio.dxing.si
add address=192.168.78.1 name=oscp.apple.con
add address=192.168.88.21 comment="MSN Server" name=m1.escargot.log1p.xyz
add address=192.168.88.21 comment="MSN Server" name=escargot.log1p.xyz
add address=192.168.88.20 comment="MSN Server" name=\
appdirectory.messenger.msn.com
add address=192.168.88.12 comment=NITROME name=my.nitrome.com
add address=192.168.88.12 comment=TESTING name=domain.local
/ip firewall address-list
add address=0.0.0.0/8 comment=RFC6890 list=NotPublic
add address=10.0.0.0/8 comment=RFC6890 list=NotPublic
add address=100.64.0.0/10 comment=RFC6890 list=NotPublic
add address=127.0.0.0/8 comment=RFC6890 list=NotPublic
add address=169.254.0.0/16 comment=RFC6890 list=NotPublic
add address=172.16.0.0/12 comment=RFC6890 list=NotPublic
add address=192.0.0.0/24 comment=RFC6890 list=NotPublic
add address=192.0.2.0/24 comment=RFC6890 list=NotPublic
add address=192.168.0.0/16 comment=RFC6890 list=NotPublic
add address=192.88.99.0/24 comment=RFC3068 list=NotPublic
add address=198.18.0.0/15 comment=RFC6890 list=NotPublic
add address=198.51.100.0/24 comment=RFC6890 list=NotPublic
add address=203.0.113.0/24 comment=RFC6890 list=NotPublic
add address=224.0.0.0/4 comment=RFC4601 list=NotPublic
add address=240.0.0.0/4 comment=RFC6890 list=NotPublic
/ip firewall filter
add action=accept chain=forward protocol=udp
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=accept chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=accept chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="control iz specificnega ip" dst-port=\
21,22,23,80,443,8291,8728,8729 in-interface=pppoe-out1 protocol=tcp \
src-address-list=89.212.105.60
add action=add-src-to-address-list address-list=Hackers address-list-timeout=\
none-dynamic chain=input comment="Evil guys" dst-port=\
21,22,23,80,443,8291,8728,8729 in-interface=pppoe-out1 protocol=tcp
add action=add-src-to-address-list address-list=Hackers address-list-timeout=\
none-dynamic chain=input dst-port=21,22,23,80,443,8291,8728,8729 \
in-interface=pppoe-out1 protocol=udp
add action=drop chain=input in-interface=pppoe-out1
add action=drop chain=forward dst-address=0.0.0.0/0 src-address=213.250.3.98
add action=drop chain=forward out-interface=pppoe-out1 src-mac-address=\
2C:9F:FB:BD:A4:CC
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=udp
add action=accept chain=input comment=\
"ANJA-PC Allow RouterB access to router and Internet" disabled=yes \
in-interface=ANJA-PC-BRIDGE
add action=drop chain=input comment="ANJA-PC Drop all other input" disabled=\
yes
add action=accept chain=forward comment="ANJA-PC Accept established related" \
connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
"ANJA-PC Allow LAN access to router and Internet" connection-state=new \
disabled=yes in-interface=ANJA-PC-BRIDGE
add action=drop chain=forward comment="ISOLATE ANJA-PC" disabled=yes \
in-interface=!ANJA-PC-BRIDGE out-interface=ANJA-PC-BRIDGE
add action=accept chain=forward comment=\
"Allow ANJA-PC access to router and Internet" connection-state=new \
disabled=yes in-interface=ANJA-PC-BRIDGE
add action=drop chain=forward comment="ANJA-PC Drop all other forward" \
disabled=yes
/ip firewall mangle
add action=change-mss chain=forward comment="Fix for MTU clamping in PPPoE" \
new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=pppoe-out1
add action=masquerade chain=srcnat comment=ANJA-PC-NAT out-interface=\
pppoe-out1 src-address=192.168.29.0/24
add action=dst-nat chain=dstnat comment="SIOL BOX NAT" disabled=yes dst-port=\
53 protocol=tcp to-addresses=192.168.88.1 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 protocol=udp \
to-addresses=192.168.88.1 to-ports=53
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
192.168.89.0/24
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
192.168.40.0/24
add action=masquerade chain=srcnat comment=Innbox disabled=yes src-address=\
192.168.100.0/24
add action=dst-nat chain=dstnat dst-address=86.61.74.227 dst-port=25 \
protocol=tcp to-addresses=192.168.88.12 to-ports=25
add action=dst-nat chain=dstnat dst-address=86.61.74.227 dst-port=1330 \
in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.12 to-ports=\
1330
add action=dst-nat chain=dstnat dst-address=86.61.74.227 dst-port=5119 \
in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.12 to-ports=\
5119
add action=dst-nat chain=dstnat dst-address=86.61.74.227 dst-port=31667 \
in-interface=pppoe-out1 protocol=udp to-addresses=192.168.88.12 to-ports=\
31667
add action=dst-nat chain=dstnat dst-address=86.61.74.227 dst-port=16762 \
in-interface=pppoe-out1 protocol=udp to-addresses=192.168.88.20 to-ports=\
16762
add action=dst-nat chain=dstnat dst-address=86.61.74.227 dst-port=31667 \
in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.12 to-ports=\
31667
add action=dst-nat chain=dstnat dst-address=86.61.74.227 dst-port=16762 \
in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.20 to-ports=\
16762
add action=dst-nat chain=dstnat comment="Primary DNS Server" dst-address=\
86.61.74.227 dst-port=53 in-interface=pppoe-out1 protocol=tcp \
to-addresses=192.168.88.20 to-ports=53
add action=dst-nat chain=dstnat dst-address=86.61.74.227 dst-port=53 \
in-interface=pppoe-out1 protocol=udp to-addresses=192.168.88.20 to-ports=\
53
add action=dst-nat chain=dstnat comment="Web Server" dst-address=86.61.74.227 \
dst-port=80 in-interface=pppoe-out1 protocol=tcp to-addresses=\
192.168.88.20 to-ports=80
/ip proxy
set cache-administrator=podpora@dxing.si enabled=yes
/ip proxy access
add dst-host=dxing.si redirect-to=windows.nt
/ip route
add distance=1 dst-address=10.86.0.0/21 gateway=IPTV pref-src=192.168.88.1 \
scope=10
add distance=1 dst-address=192.168.1.0/24 gateway=192.168.100.20
add distance=1 dst-address=192.168.89.0/24 gateway=192.168.100.20
add distance=1 dst-address=192.168.89.0/24 gateway=192.168.1.2
/ipv6 address
add address=::1 from-pool=isp-pd interface=bridge
/ipv6 dhcp-client
add add-default-route=yes interface=pppoe-out1 pool-name=isp-pd request=\
prefix
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="DHCPv6 from provider" dst-port=546 \
in-interface=pppoe-out1 protocol=udp
add action=accept chain=forward comment=established,related connection-state=\
established,related
add action=drop chain=forward comment=invalid connection-state=invalid log=\
yes log-prefix=ipv6,invalid
add action=accept chain=forward comment=icmpv6 in-interface=bridge protocol=\
icmpv6
add action=accept chain=forward comment="local network" disabled=yes \
in-interface=bridge src-address-list=allowed
add action=accept chain=forward comment="Port forwarding" disabled=yes \
in-interface=pppoe-out1 out-interface=ether2-master src-address-list=\
allowed
add action=accept chain=forward comment="Port Forwarding" dst-address=\
2a00:ee2:900:e700:5c47:2365:b1d2:67d/128 dst-port=80 protocol=tcp
add action=accept chain=forward comment="Port Forwarding" dst-address=\
2a00:ee2:900:e700:5c47:2365:b1d2:67d/128 dst-port=53 protocol=tcp
add action=accept chain=forward comment="Port Forwarding" dst-address=\
2a00:ee2:900:e700:5c47:2365:b1d2:67d/128 dst-port=53 protocol=udp
add action=reject chain=forward comment=\
"Block all imput request on all IPs (ports closed)" in-interface=\
pppoe-out1 log-prefix=IPV6 reject-with=icmp-port-unreachable
add action=drop chain=forward comment=\
"Block all imput request on all IPs (Ports filtered)" disabled=yes \
in-interface=pppoe-out1 log-prefix=IPV6
/ipv6 firewall mangle
add action=change-mss chain=forward comment="Fix for MTU clamping in PPPoE" \
new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
/lcd
set default-screen=stats enabled=no
/lcd interface
set sfp1 disabled=yes
set ether2-master disabled=yes
set ether3 disabled=yes
set ether4 disabled=yes
set ether5 disabled=yes
set ether6-master disabled=yes
set ether7 disabled=yes
set ether8 disabled=yes
set ether9 disabled=yes
set ether10 disabled=yes
/ppp secret
add name=mkocja47 profile=Innbox
add name=vpn
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add interface=bridge
add alternative-subnets=0.0.0.0/0 interface=IPTV upstream=yes
/system clock
set time-zone-name=Europe/Ljubljana
/system logging
add action=disk disabled=yes topics=igmp-proxy
/system ntp client
set mode=broadcast
/system package update
set channel=bugfix
/system scheduler
add interval=1d name="Schedule A" on-event=Start-PC policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
nov/23/2016 start-time=08:03:45
/system script
add name=Start-PC owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source=\
"/tool wol interface=ether2-master mac=E0:69:95:35:85:5A\""
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master
add interface=ether6-master
add interface=sfp1
add interface=wlan1
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master
add interface=ether6-master
add interface=sfp1
add interface=wlan1
/tool sniffer
set filter-interface=ether8 filter-mac-address=\
00:22:61:33:93:29/FF:FF:FF:FF:FF:FF filter-stream=yes streaming-enabled=\
yes streaming-server=192.168.88.12
I am not sure what to do now, I already tried
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes \
protocol=tcp tcp-flags=syn
/ipv6 firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes \
protocol=tcp tcp-flags=syn
But its not helping, this was going on for years, but microsoft account failing (at university we use Microsoft SSO (Single site login) to much, meaning I cannot even login to uni account
Thanks for Anwsering and Best Regerds
