Hi,
Today i’ve installed my new HEX S Mikrotik router, replacing my ISP router.
The problem I’m facing is that ookla’s speedtest app isn’t working on any device (apple tv/ios) as well as speedtest cli on my mac, yet browsing to speedtest.net works just fine.
Here is the error I’m getting from the speedtest cli:
% speedtest
[2024-03-15 21:47:08.556] [error] Configuration - forbidden (UnknownException)
[2024-03-15 21:47:08.556] [error] Configuration - Cannot retrieve configuration document (403)
[2024-03-15 21:47:08.556] [error] ConfigurationError - Could not retrieve or read configuration (Configuration)
[2024-03-15 21:47:08.556] [error] ConfigurationError - Could not retrieve or read configuration (Configuration)
[error] Configuration - Could not retrieve or read configuration (ConfigurationError)
I’ve disabled SIP ALG
here is my config:
# 2024-03-15 21:57:07 by RouterOS 7.12.1
# software id = **ELIDED**
#
# model = RB760iGS
/interface bridge
add admin-mac=**ELIDED** auto-mac=no name=bridge
/interface pppoe-client
add add-default-route=yes comment="PPPoE Interface " disabled=no interface=sfp1 keepalive-timeout=disabled name=pppoe-1 use-peer-dns=yes \
user=user
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/port
set 0 name=serial0
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/interface bridge port
add bridge=bridge ingress-filtering=no interface=ether2
add bridge=bridge ingress-filtering=no interface=ether3
add bridge=bridge ingress-filtering=no interface=ether4
add bridge=bridge ingress-filtering=no interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=pppoe-1 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=10.100.102.250/24 comment=defconf interface=bridge network=10.100.102.0
/ip dns
set allow-remote-requests=yes use-doh-server=1.1.1.1
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface-list=WAN
/ip firewall service-port
set sip disabled=yes
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/system note
set show-at-login=no
/system ntp client servers
add address=pool.ntp.il
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
TIA