Team Viewer doesn't work

Hi! I recently changed internet provider, and had to factory reset my MikroTik. Made just basic configuration for small office and vpn.
One thing that stopped working after that - Team Viewer. Everything work well, except this one. It says - “Not ready. Please check your connection”
At first, I thought about DNS (manual 8.8.8.8 and 8.8.4.4), then added ports to firewall, then I tried UPnP and nothing helped.
And one more. I have static IP address, and router receives it automatically (maybe something there?)

Can somebody point me what can it cause? I have the same provider in next building where TP Link installed - everything works well.
If any additional informational needed - just let me know. Thanks!

Please share your current config:

/export file=anynameyoulike

Remove serial and any other private info, post between code tags by using the </> button.

Here you go

# may/14/2025 19:25:33 by RouterOS 6.48
# software id = BMM5-YT99
#
# model = RB750Gr3
# serial number = 
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether5 ] name=ether5-SWITCH
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.150-192.168.1.220
add name=vpn_pool ranges=10.10.10.10-10.10.10.20
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 lease-time=9h name=dhcp1
/ppp profile
add bridge=bridge1 change-tcp-mss=yes name=l2tp remote-address=vpn_pool
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5-SWITCH
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface l2tp-server server
set authentication=mschap2 default-profile=l2tp enabled=yes ipsec-secret=\
    secret! use-ipsec=required
/interface list member
add interface=ether1-WAN list=WAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0
/ip dhcp-client
add disabled=no interface=ether1-WAN
/ip dhcp-server lease
add address=192.168.1.33 client-id=QQ comment=Alla-PC \
    mac-address=QQ server=dhcp1
add address=192.168.1.98 client-id=QQ mac-address=\
    QQ server=dhcp1
add address=192.168.1.34 client-id=QQ comment=OLGA-PC \
    mac-address=QQ server=dhcp1
add address=192.168.1.6 comment="Office Intercom Station" mac-address=\
    QQ server=dhcp1
add address=192.168.1.7 comment="Office Door Station" mac-address=\
    QQ server=dhcp1
add address=192.168.1.8 comment="Intercoom Door Station" mac-address=\
   QQ server=dhcp1
add address=192.168.1.9 comment=SmartRelay mac-address=QQ \
    server=dhcp1
add address=192.168.1.11 comment=DVR_AHD mac-address=QQ \
    server=dhcp1
add address=192.168.1.12 comment=DVR_OFFICE mac-address=QQ \
    server=dhcp1
add address=192.168.1.13 comment=DVR_NVH-1622 mac-address=QQ \
    server=dhcp1
add address=192.168.1.30 comment=SRV mac-address=QQ server=\
    dhcp1
/ip dhcp-server network
add address=0.0.0.0/24 gateway=0.0.0.0 netmask=24
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
/ip firewall filter
add action=accept chain=output dst-port=5938 out-interface=ether1-WAN \
    protocol=tcp
add action=jump chain=input comment="sshbruteforces chain" connection-state=\
    new dst-port=22 jump-target=sshbruteforces protocol=tcp
add action=accept chain=input dst-port=500,1701,4500 in-interface=ether1-WAN \
    protocol=udp
add action=drop chain=sshbruteforces comment="drop ssh brute forcers" \
    src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=sshbruteforces connection-state=new \
    src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=sshbruteforces connection-state=new \
    src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=sshbruteforces connection-state=new \
    src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=sshbruteforces connection-state=new
add chain=sshbruteforces dst-port=22 protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add chain=sshbruteforces connection-state=new dst-port=22 protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add action=drop chain=input comment="Ohorona PC" src-address=192.168.1.17
add action=drop chain=input comment="router ohorona" src-address=\
    192.168.1.102
add action=accept chain=input disabled=yes in-interface=ether1-WAN protocol=\
    ipsec-esp
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp interfaces
add forced-ip=EXT_IP interface=ether1-WAN type=external
add interface=bridge1 type=internal
/ppp secret
add local-address=192.168.1.20 name=AA password=AA profile=l2tp \
    service=l2tp
add local-address=192.168.1.21 name=BB password=BB profile=l2tp \
    service=l2tp
/system clock
set time-zone-name=Europe/Kiev
/system watchdog
set watch-address=8.8.8.8

1. What is the purpose of this entry…
   /ip dhcp-server network
   add address**=0.0.0.0/24** gateway**=0.0.0.0** ****netmask=24

2. Format seems off
   add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
   TRY:
   add address=192.168.1.0/24 gateway=192.168.1.1 network=192.168.1.0

3. Get rid of the garbage firewall rules…modify to:
   /ip firewall address-list
   add address=192.168.1.17 list=Excluded
   add address=192.168.1.102 list=Excluded
   /ip firewall filter
   { default rules to keep }
   add action=accept chain=input connection-state=established,related,untracked
   add action=drop chain=input connection-state=invalid
   add action=accept chain=input protocol=icmp
   (admin rules)
   add action=accept chain=input dst-port=500,1701,4500 protocol=udp
   add action=accept chain=input in-interface-list=LAN src-address-list=!Excluded
   add action=drop chain=input comment=“drop all else”[/i] { enter this rule here in the order, but last of all rules }
   ++++++++++++++++++++++++++++++++++++++++++
   { default rules to keep }
   add action=fasttrack-connection chain=forward connection-state=established,related
   add action=accept chain=forward connection-state=established,related,untracked
   add action=drop chain=forward connection-state=invalid
   (admin rules)
   add action=accept chain=forward comment=“internet traffic” in-interface-list=LAN out-interface-list=WAN
   add action=accept chain=forward comment=“port forwarding” connection-nat-state=dstnat disabled=yes { enable if required or remove }
   add action=drop chain=forward comment=“drop all else”

4. Personally I would turn upnp OFF, unless you need it for a specific reason…

Upgrade to v7 can be a good idea

Likely, a side-effect QuickSet bug in older version (which you may have if you have a new unit, run QuickSet, THEN upgrade).

But that causes all sorts of troubles. You should delete that line. Otherwise all DHCP leases have to be static.

“Can TeamViewer (Classic) reach the internet?
If not, please open Port 5938 for outgoing connections”

This rule is not needed:

add action=accept chain=output dst-port=5938 out-interface=ether1-WAN \
    protocol=tcp

Remove it.

Thanks all of you!

All done except 2 - it does not allow me to use ‘network’ parameter. There is no such thing
I’m not strong at firewall rules. I was recommended to use what I had to stop all external connections.
I did not update to v7 firmware as this version shown as unstable

Still - no team viewer. I don’t know why
Here is updated settings:

# may/15/2025 16:27:46 by RouterOS 6.48
# software id = BMM5-YT99
# model = RB750Gr3

/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether5 ] name=ether5-SWITCH
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.150-192.168.1.220
add name=vpn_pool ranges=10.10.10.10-10.10.10.20
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 lease-time=9h name=dhcp1
/ppp profile
add bridge=bridge1 change-tcp-mss=yes name=l2tp remote-address=vpn_pool
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5-SWITCH
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface l2tp-server server
set authentication=mschap2 default-profile=l2tp enabled=yes ipsec-secret=\! use-ipsec=required
/interface list member
add interface=ether1-WAN list=WAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0
/ip dhcp-client
add disabled=no interface=ether1-WAN
/ip dhcp-server lease
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
/ip firewall address-list
add address=192.168.1.17 list=Excluded
add address=192.168.1.102 list=Excluded
/ip firewall filter
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=input connection-state=invalid
add action=accept chain=input protocol=icmp
add action=accept chain=input dst-port=500,1701,4500 protocol=udp
add action=accept chain=input in-interface-list=LAN src-address-list=Excluded
add action=drop chain=input comment="drop all else"
add action=fasttrack-connection chain=forward connection-state=\
    established,related
add action=accept chain=forward connection-state=\
    established,related,untracked
add action=drop chain=forward connection-state=invalid
add action=accept chain=forward comment="internet traffic" in-interface-list=\
    LAN out-interface-list=WAN
add action=accept chain=forward connection-state=\
    established,related,untracked
add action=drop chain=forward connection-state=invalid
add action=accept chain=forward comment="internet traffic" in-interface-list=\
    LAN out-interface-list=WAN
add action=accept chain=forward comment="port forwarding" \
    connection-nat-state=dstnat disabled=yes
add action=drop chain=forward comment="drop all else"
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system watchdog
set watch-address=8.8.8.8

Yes that was my bad, I meant Remove the NETMASK, what is missing is any DNS-server setting.

Sorry for late response. I try new settings only when I’m near router. And it’s quite far from me.
It didn’t help
Maybe any additional thoughts?

# jun/04/2025 19:06:10 by RouterOS 6.48
# model = RB750Gr3

/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether5 ] name=ether5-SWITCH
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.150-192.168.1.220
add name=vpn_pool ranges=10.10.10.10-10.10.10.20
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 lease-time=9h name=dhcp1
/ppp profile
add bridge=bridge1 change-tcp-mss=yes name=l2tp remote-address=vpn_pool
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5-SWITCH
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface l2tp-server server
set authentication=mschap2 default-profile=l2tp enabled=yes ipsec-secret=\
    **** use-ipsec=required
/interface list member
add interface=ether1-WAN list=WAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0
/ip dhcp-client
add disabled=no interface=ether1-WAN
/ip dhcp-server lease
---
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8 gateway=192.168.1.1
/ip dns
set servers=8.8.8.8
/ip firewall address-list
add address=192.168.1.17 list=Excluded
add address=192.168.1.102 list=Excluded
/ip firewall filter
add action=accept chain=input disabled=yes in-interface=ether1-WAN protocol=\
    ipsec-esp
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp interfaces
add forced-ip=EXTERNAL-IP interface=ether1-WAN type=external
add interface=bridge1 type=internal
/ppp secret
/system clock
set time-zone-name=Europe/Kiev
/system watchdog
set watch-address=8.8.8.8

Do you mean besides try ANYDESK instead?

Since you have no firewall rules and all is allowed, yikes, would never connect this to the internet…
No nothing should block it. ( did you try disabling upnp ).

Suspect something on the PC, firewall, new OS, something ???

Yeah, we’re using it now. But some users still asking for TeamViever…
I was trying on different computers, and the same result every time. I even connected PC without router and everything working fine. One thing I noticed.
It all happened after internet provider was changed. Router was factory reset, and new configuration was created. I remember that old configuration had different NAT rule. This one has:
add action=masquerade chain=srcnat out-interface-list=WAN and old one had something with external IP. I’ll try to upload old configuration and export settings when I’ll be there

—update. found some info. I was talking about using action scr-nat + external IP instead of masquerade. I don’t know if it can help)

If anyone is looking for an answer - update to v7 helped at the end (but I followed all recommendations in this thread)