Hi
I am having issues with WhatsApp being blocked. I have added all the ports it needs or what it seems it needs but still does not work.
Here is my config if anyone can see anything that looks wrong.
Thanks
Anthony
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.1-192.168.1.254
add name=vpn ranges=192.168.89.2-192.168.89.255
add name=l2tp ranges=192.168.100.1-192.168.100.30
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
add local-address=192.168.100.1 name=lt2p1 remote-address=l2tp
set *FFFFFFFE dns-server=192.168.1.100 local-address=dhcp remote-address=vpn
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set default-profile=lt2p1 enabled=yes ipsec-secret+=@@@@@@@@@@ use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface="ether1 - WAN" list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.1.100/24 comment=defconf interface=ether2 network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface="ether1 - WAN"
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=208.67.222.123,208.67.220.123 gateway=192.168.1.100 netmask=24
add address=192.168.80.0/24 comment="VPN- dhcp" dns-server=192.168.1.100 gateway=192.168.1.100 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.100 name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=accept chain=input comment="HTTP WAN Admin" dst-port=80 protocol=tcp
add action=accept chain=input comment=winbox dst-port=8291 protocol=tcp
add action=accept chain=forward comment="Whatsapp tcp" dst-port=443,4244,5222,5223,5228,5242,8443 out-interface-list=WAN protocol=tcp
add action=accept chain=forward comment="whatsapp 2" dst-port=59234,50318 protocol=tcp
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=accept chain=forward comment="whatsapp udp1" dst-port=59234,50318 protocol=udp
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="whatsapp udp 2" dst-port=3478,45395 protocol=udp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
add action=redirect chain=dstnat dst-address-type=!local dst-port=!53 protocol=udp to-addresses=0.0.0.0 to-ports=53
/system clock
set time-zone-name=Europe/London
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN