Community discussions

MikroTik App
 
robsgax
newbie
Topic Author
Posts: 27
Joined: Wed Apr 17, 2019 10:26 pm

High Battery usage with 6.47 stable

Sun Jul 05, 2020 9:28 pm

Hi, my current setup is a hap ac2 as a capsman manager and cap and another router, a cap ac as another cap, i had both at 6.46.6, but this friday i updated them to 6.47 and stated to notice that my battery powered wireless devices, phones, tablets, stated to drain battery faster on standby, (on my s20, it went from ~ 0.8%/h to 4%/h, just sitting there). i had that problem at the beginning but fixed with keepalive-frames=disabled.

now, i reset my configuration and started again, i tought maybe some conf got corrupted, and the same thing, high usage.

Finally i went back to 6.46.6 and everything went to normal again, same low battery usage on standby.

i did not tested without capsman, i will try to, but if works ok as a ap, then capsman has a problem.

Anyone had a similar problem with the new stable version?

here are my 2 conf files
# jul/03/2020 06:50:06 by RouterOS 6.46.6
# software id = YE7D-V6K7
#
# model = RBD52G-5HacD2HnD
# serial number = 
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
    frequency=2412 name=channel_1-6-11
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=XXXX \
    frequency=5180 name=channel_5G reselect-interval=1h
/caps-man datapath
add local-forwarding=yes name=datapathGuest vlan-id=20 vlan-mode=use-tag
add client-to-client-forwarding=yes local-forwarding=yes name=datapathLAN
/interface bridge
add comment="Guest LAN" disabled=yes name=bridgeGuest pvid=20 vlan-filtering=\
    yes
add admin-mac=74:4D:28:C1:A5:B5 auto-mac=no comment=defconf name=bridgeLAN
/interface ethernet
set [ find default-name=ether1 ] comment=Izzi name=ether1-WAN1
set [ find default-name=ether2 ] comment="RBcAPGi-5acD2nD Pasillo" name=\
    ether2-CAPsMAN
set [ find default-name=ether3 ] comment=LAN name=ether3-LAN
set [ find default-name=ether4 ] comment="Libre vLAN20"
set [ find default-name=ether5 ] comment=Telnor name=ether5-WAN2
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
    antenna-gain=20 band=2ghz-g/n channel-width=20/40mhz-XX country=\
    "united states" distance=indoors frequency=auto installation=indoor mode=\
    ap-bridge multicast-helper=full name=wlan2GHz ssid=MikroTik \
    wireless-protocol=802.11 wmm-support=enabled
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac(20dBm), SSID: RECGV, local forwarding
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode \
    antenna-gain=10 band=5ghz-n/ac channel-width=20/40/80mhz-XXXX disabled=no \
    distance=indoors hw-protection-mode=rts-cts hw-retries=4 installation=\
    indoor mode=ap-bridge multicast-helper=full name=wlan5GHz ssid=RECGV \
    wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
/interface vlan
add interface=bridgeLAN name=vlan20 vlan-id=20
/caps-man rates
add basic=12Mbps name="GN Only" supported=\
    12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
/caps-man security
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm \
    group-encryption=aes-ccm group-key-update=1h name="RECGV WiFi"
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm \
    group-encryption=aes-ccm group-key-update=1h name="RECGV Guest"
add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm \
    group-encryption=aes-ccm group-key-update=1h name="MEDIA WiFi"
/caps-man configuration
add channel=channel_5G country="united states3" datapath=datapathLAN \
    datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes \
    disconnect-timeout=3s distance=indoors frame-lifetime=0ms guard-interval=\
    any hw-protection-mode=rts-cts hw-retries=4 installation=indoor \
    keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=\
    default name=MyHomeWifiAC rx-chains=0,1 security="RECGV WiFi" ssid=RECGV \
    tx-chains=0,1
add channel=channel_5G country="united states3" datapath=datapathLAN \
    disconnect-timeout=3s distance=indoors frame-lifetime=0ms guard-interval=\
    any hw-protection-mode=rts-cts hw-retries=4 installation=indoor \
    keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=full \
    name=xxMyHomeWifiAC_5 rx-chains=0,1 security="RECGV WiFi" ssid=RECGV_5G \
    tx-chains=0,1
add channel=channel_1-6-11 country=mexico datapath=datapathLAN \
    datapath.client-to-client-forwarding=yes datapath.local-forwarding=yes \
    disconnect-timeout=3s distance=indoors frame-lifetime=0ms guard-interval=\
    any hw-protection-mode=rts-cts hw-retries=4 installation=indoor \
    keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=\
    default name=MyHomeWifi rates="GN Only" rx-chains=0,1 security=\
    "RECGV WiFi" ssid=RECGV tx-chains=0,1
add channel=channel_1-6-11 country=mexico datapath=datapathGuest \
    datapath.vlan-id=20 datapath.vlan-mode=use-tag disconnect-timeout=3s \
    distance=indoors frame-lifetime=0ms guard-interval=any \
    hw-protection-mode=rts-cts hw-retries=4 installation=indoor \
    keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=\
    default name=MyGuestWiFi rates="GN Only" rx-chains=0,1 security=\
    "RECGV Guest" ssid=RECGV_Guest tx-chains=0,1
add channel=channel_5G country="united states3" datapath=datapathGuest \
    datapath.vlan-id=20 datapath.vlan-mode=use-tag disconnect-timeout=3s \
    distance=indoors frame-lifetime=0ms guard-interval=any \
    hw-protection-mode=rts-cts hw-retries=4 installation=indoor \
    keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=\
    default name=MyGuestWiFiAC rx-chains=0,1 security="RECGV Guest" ssid=\
    RECGV_Guest tx-chains=0,1
add channel=channel_1-6-11 country=mexico datapath=datapathLAN \
    disconnect-timeout=3s distance=indoors frame-lifetime=0ms guard-interval=\
    any hw-protection-mode=rts-cts hw-retries=4 installation=indoor \
    keepalive-frames=disabled max-sta-count=150 mode=ap multicast-helper=full \
    name=xxMyHomeWifi_2.4 rates="GN Only" rx-chains=0,1 security="RECGV WiFi" \
    ssid=RECGV_2G tx-chains=0,1
/caps-man interface
add configuration=MyHomeWifi disabled=no l2mtu=1600 mac-address=\
    64:D1:54:F7:B2:CF master-interface=none name="2.4-cAP ac" radio-mac=\
    64:D1:54:F7:B2:CF radio-name=64D154F7B2CF
add configuration=MyGuestWiFi disabled=no l2mtu=1600 mac-address=\
    66:D1:54:F7:B2:CF master-interface="2.4-cAP ac" name="2.4-cAP ac Guest" \
    radio-mac=00:00:00:00:00:00 radio-name=66D154F7B2CF
add configuration=MyHomeWifiAC disabled=no l2mtu=1600 mac-address=\
    64:D1:54:F7:B2:D0 master-interface=none name="5.0-cAP ac" radio-mac=\
    64:D1:54:F7:B2:D0 radio-name=64D154F7B2D0
add configuration=MyGuestWiFiAC disabled=no l2mtu=1600 mac-address=\
    66:D1:54:F7:B2:D0 master-interface="5.0-cAP ac" name="5.0-cAP ac Guest" \
    radio-mac=00:00:00:00:00:00 radio-name=66D154F7B2D0
add configuration=MyHomeWifiAC disabled=no l2mtu=1600 mac-address=\
    74:4D:28:C1:A5:BA master-interface=none name="5.0-hAP ac^2" radio-mac=\
    74:4D:28:C1:A5:BA radio-name=744D28C1A5BA
add configuration=MyGuestWiFiAC disabled=no l2mtu=1600 mac-address=\
    76:4D:28:C1:A5:BA master-interface="5.0-hAP ac^2" name=\
    "5.0-hAP ac^2 Guest" radio-mac=00:00:00:00:00:00 radio-name=764D28C1A5BA
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add comment=defconf name=WAN2
add comment=AllWAN name=WANAll
add comment=WLAN name=WLAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=Youtube regexp=\
    "^..+\\.(youtube.com|googlevideo.com|akamaihd.net).*\$"
add name=Facebook regexp="^..+\\.(facebook.com|facebook.net|fbcdn.com|fbsbx.co\
    m|fbcdn.net|fb.com|tfbnw.net).*\$"
add name=Netflix regexp=\
    "^.+(netflix|nflxext|nflximg|nflxsearch|nflxso|nflxvideo).*\$"
add name=youtube1 regexp="^.+(youtube).*\$"
add name=facebook1 regexp="^.+(facebook).*\$"
add name=whatsapp1 regexp="^.+(whatsapp).*\$"
add name=netflix1 regexp="^.+(netflix).*\$"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc pfs-group=none
/ip pool
add name=dhcp ranges=192.168.0.150-192.168.0.220
add name=poolGuest ranges=192.168.20.100-192.168.20.150
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridgeLAN lease-time=1d name=\
    defconf
add address-pool=poolGuest disabled=no interface=vlan20 lease-time=2h name=\
    guestDHCP
/ppp profile
add name=profileTelnor on-down=":do {\r\
    \n/ip firewall address-list remove [find where list=WAN2-ADDR]\r\
    \n}" on-up=":do {\r\
    \n/ip firewall address-list add list=WAN2-ADDR address=\$\"local-address\"\
    \r\
    \n}" remote-address=8.8.4.4
add change-tcp-mss=yes name=openvpn use-compression=no use-encryption=yes \
    use-mpls=no
add change-tcp-mss=yes name=profileTorguard on-down=":do {\r\
    \n/ip firewall address-list remove [find where list=VPN-ADDR]\r\
    \n}" on-up=":do {\r\
    \n/ip firewall address-list add list=VPN-ADDR address=\$\"local-address\"\
    \r\
    \n}"
/interface pppoe-client
add add-default-route=yes comment=Telnor default-route-distance=2 disabled=no \
    interface=ether5-WAN2 name=pppoe-Telnor profile=profileTelnor \
    use-peer-dns=yes user=gisselam@prodigy.net.mx
/interface l2tp-client
add comment=VPN connect-to=98.153.62.16 disabled=no name=TorGuard profile=\
    profileTorguard use-ipsec=yes user=recgaxiola@gmail.com
/queue simple
add burst-limit=2M/5M burst-threshold=1M/5M burst-time=2s/2s limit-at=1M/5M \
    max-limit=1M/5M name=queueGuest target=192.168.20.0/24
add burst-limit=1M/5M burst-threshold=1M/5M burst-time=1s/1s limit-at=1M/5M \
    max-limit=1M/5M name=queueGuestE3000 target=192.168.0.5/32
add burst-limit=512k/4M burst-threshold=512k/4M burst-time=1s/1s disabled=yes \
    limit-at=512k/4M max-limit=512k/4M name=queue1 target=192.168.0.0/24
/queue tree
add disabled=yes limit-at=100M max-limit=100M name=Root parent=global
add disabled=yes limit-at=2M max-limit=10M name=icmp packet-mark=icmp_packet \
    parent=Root priority=1
add disabled=yes limit-at=40M max-limit=100M name=web packet-mark=web_packet \
    parent=Root priority=5
add disabled=yes limit-at=20M max-limit=100M name=quic packet-mark=\
    quic_packet parent=Root priority=5
add disabled=yes limit-at=38M max-limit=100M name=resto packet-mark=\
    resto_packet parent=Root
add disabled=yes name=DESCARGA parent=bridgeLAN priority=1
add disabled=yes name=Dns packet-mark=Dns_Dow_Pk parent=DESCARGA priority=1
add disabled=yes name=Icmp packet-mark=Icmp_Pk_Down parent=DESCARGA priority=\
    1
add disabled=yes name="Juegos Dow" parent=DESCARGA priority=2
add disabled=yes name=Dota packet-mark=Dota2_Dow_pk parent="Juegos Dow" \
    priority=1
add disabled=yes name=Fornite packet-mark=fornite_Dow_pk parent="Juegos Dow" \
    priority=2
add disabled=yes name=Lol packet-mark=LoL_Dow_PK parent="Juegos Dow" \
    priority=1
add disabled=yes name=Wolftem packet-mark=Wolftem_Dow_Pk parent="Juegos Dow" \
    priority=2
add disabled=yes name="Paginas Down" parent=DESCARGA priority=4
add disabled=yes name=Http packet-mark=Http_Pk_Down parent="Paginas Down" \
    priority=3
add disabled=yes name=Https packet-mark=Https_Pk_Down parent="Paginas Down" \
    priority=4
add disabled=yes name=Netflix packet-mark=Netflix_Pk_Down parent=\
    "Paginas Down" priority=4
add disabled=yes name=YouTube packet-mark=YouTube_Pk_Down parent=\
    "Paginas Down" priority=4
add disabled=yes name=Facebook packet-mark=Facebook_Pk_Down parent=\
    "Paginas Down" priority=2
add disabled=yes name="Zxtras Dow" parent=DESCARGA priority=2
add disabled=yes name=Wasaap packet-mark=Wasaap_Dow_Pk parent="Zxtras Dow" \
    priority=1
add disabled=yes name=Correo packet-mark=Correo_Dow_Pk parent="Zxtras Dow" \
    priority=2
add disabled=yes name="PLAY PS3" packet-mark=PlayStation_Dow_Pk parent=\
    "Zxtras Dow" priority=3
add disabled=yes name=Xbox packet-mark=Xbox_Dow_pk parent="Zxtras Dow" \
    priority=3
add disabled=yes name=SUBIDA parent=ether1-WAN1 priority=1
add disabled=yes name="Dns up" packet-mark=Dns_Udp_Pk parent=SUBIDA priority=\
    1
add disabled=yes name="Icmp up" packet-mark=Icmp_Pk_Up parent=SUBIDA \
    priority=1
add disabled=yes name="Juegos Up" parent=SUBIDA priority=2
add disabled=yes name="Dota up" packet-mark=dota2_Udp_Pqt parent="Juegos Up" \
    priority=1
add disabled=yes name=Fortine packet-mark=fornite_Udp_pk parent="Juegos Up" \
    priority=2
add disabled=yes name="Lol up" packet-mark=LoL_UP_pk parent="Juegos Up" \
    priority=1
add disabled=yes name="Wolftem up" packet-mark=Wolftem_Udp_pk parent=\
    "Juegos Up" priority=2
add disabled=yes name="Paginas Up" parent=SUBIDA priority=4
add disabled=yes name="Facebook up" packet-mark=Facebook_Pk_Up parent=\
    "Paginas Up" priority=2
add disabled=yes name="Http Up" packet-mark=Http_Pk_Up parent="Paginas Up" \
    priority=3
add disabled=yes name="Https Up" packet-mark=Https_Pk_Up parent="Paginas Up" \
    priority=4
add disabled=yes name="Netflix Up" packet-mark=Netflix_Pk_Up parent=\
    "Paginas Up" priority=4
add disabled=yes name="YouTube Up" packet-mark=YouTube_Pk_Up parent=\
    "Paginas Up" priority=4
add disabled=yes name="Zxtras UP" parent=SUBIDA priority=2
add disabled=yes name="PLAY PS3 up" packet-mark=Playstation_Up_Pk parent=\
    "Zxtras UP" priority=3
add disabled=yes name="Wasaap up" packet-mark=Wasasp_Up_Pk parent="Zxtras UP" \
    priority=1
add disabled=yes name="Xbox up" packet-mark=Xbox_Up_pk parent="Zxtras UP" \
    priority=3
/queue type
add kind=pcq name=WEB
add kind=pcq name=YOUTUBE pcq-classifier=dst-address pcq-dst-address6-mask=64 \
    pcq-src-address6-mask=64 pcq-total-limit=5000KiB
/system logging action
set 3 remote=192.168.0.4
add disk-file-count=31 disk-file-name=disk1/logs/log disk-lines-per-file=4096 \
    name=disk1 target=disk
add disk-file-count=31 disk-file-name=disk1/logs/snmplog disk-lines-per-file=\
    4096 name=snmpdisk target=disk
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
add name=sniffer policy="ssh,read,!local,!telnet,!ftp,!reboot,!write,!policy,!\
    test,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp"
/caps-man access-list
add action=reject allow-signal-out-of-range=10s comment="Google Home Sala " \
    disabled=no interface="5.0-cAP ac" mac-address=00:F6:20:90:AB:F0 \
    ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Google Home Sala " \
    disabled=no interface="5.0-hAP ac^2" mac-address=00:F6:20:90:AB:F0 \
    ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Sala" \
    disabled=no interface="5.0-cAP ac" mac-address=F0:5C:77:4D:44:BD \
    ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Sala" \
    disabled=no interface="5.0-hAP ac^2" mac-address=F0:5C:77:4D:44:BD \
    ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
    "Google Nest Hub Cocina" disabled=no interface="5.0-cAP ac" mac-address=\
    1C:F2:9A:0C:76:F4 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
    "Google Nest Hub Cocina" disabled=no interface="5.0-hAP ac^2" \
    mac-address=1C:F2:9A:0C:76:F4 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 2 Cocina" \
    disabled=no interface="5.0-cAP ac" mac-address=48:D6:D5:14:48:60 \
    ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 2 Cocina" \
    disabled=no interface="5.0-hAP ac^2" mac-address=48:D6:D5:14:48:60 \
    ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Hector" \
    disabled=no interface="5.0-cAP ac" mac-address=7C:D9:5C:3E:67:B2 \
    ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Hector" \
    disabled=no interface="5.0-hAP ac^2" mac-address=7C:D9:5C:3E:67:B2 \
    ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
    "Google Home Mini Hector" disabled=no interface="5.0-cAP ac" mac-address=\
    D4:F5:47:21:0A:E0 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
    "Google Home Mini Hector" disabled=no interface="5.0-hAP ac^2" \
    mac-address=D4:F5:47:21:0A:E0 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 1 Alex" \
    disabled=no interface="5.0-cAP ac" mac-address=A4:77:33:2F:1F:86 \
    ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 1 Alex" \
    disabled=no interface="5.0-hAP ac^2" mac-address=A4:77:33:2F:1F:86 \
    ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
    "Google Home Mini Alex" disabled=no interface="5.0-cAP ac" mac-address=\
    D4:F5:47:0D:C3:27 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
    "Google Home Mini Alex" disabled=no interface="5.0-hAP ac^2" mac-address=\
    D4:F5:47:0D:C3:27 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
    "Google Home Mini Papas" disabled=no interface="5.0-cAP ac" mac-address=\
    D4:F5:47:17:4E:9F ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment=\
    "Google Home Mini Papas" disabled=no interface="5.0-hAP ac^2" \
    mac-address=D4:F5:47:17:4E:9F ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Papas" \
    disabled=no interface="5.0-cAP ac" mac-address=7C:D9:5C:46:94:EC \
    ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Chromecast 3 Papas" \
    disabled=no interface="5.0-hAP ac^2" mac-address=7C:D9:5C:46:94:EC \
    ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Galaxy S10" \
    disabled=yes interface="2.4-cAP ac" mac-address=A8:DB:03:10:E7:3D \
    signal-range=-70..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s comment="Galaxy S20" \
    disabled=yes interface="2.4-cAP ac" mac-address=8C:B8:4A:F7:7C:A3 \
    signal-range=-70..120 ssid-regexp=""
add action=accept allow-signal-out-of-range=10s client-to-client-forwarding=\
    yes disabled=no interface=any signal-range=-86..120 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface=any \
    signal-range=-120..-87 ssid-regexp=""
add comment="Ipad Hector" mac-address=F0:76:6F:73:A7:7C
add comment="LG G6" mac-address=A8:B8:6E:81:B8:59
add comment="Alex PC" mac-address=54:E6:FC:86:56:10
add comment="Foco Sala" mac-address=EC:FA:BC:4A:55:54
add comment="Foco Hector" mac-address=60:01:94:ED:E1:23
add comment="Foco Alex" mac-address=D8:F1:5B:98:92:63
add comment="Foco Papas" mac-address=CC:50:E3:65:0C:09
add comment=Roku mac-address=B8:A1:75:D4:E8:B4
/caps-man manager
set enabled=yes package-path=/disk1
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridgeLAN
add disabled=no interface=bridgeGuest
/caps-man provisioning
add action=create-enabled hw-supported-modes=g master-configuration=\
    MyHomeWifi name-format=prefix-identity name-prefix=2.4 \
    slave-configurations=MyGuestWiFi
add action=create-enabled hw-supported-modes=ac master-configuration=\
    MyHomeWifiAC name-format=prefix-identity name-prefix=5.0 \
    slave-configurations=MyGuestWiFiAC
/interface bridge port
add bridge=bridgeLAN comment=defconf interface=ether2-CAPsMAN
add bridge=bridgeLAN comment=defconf interface=ether3-LAN
add bridge=bridgeLAN comment=defconf interface=ether4
add bridge=bridgeLAN interface=wlan2GHz
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all wan-interface-list=all
/interface list member
add comment=defconf interface=bridgeLAN list=LAN
add comment=defconf interface=ether1-WAN1 list=WAN
add comment=defconf interface=pppoe-Telnor list=WAN2
add interface=pppoe-Telnor list=WANAll
add interface=TorGuard list=WANAll
add interface=ether1-WAN1 list=WANAll
add interface=vlan20 list=LAN
add interface=bridgeGuest list=LAN
add interface=ether5-WAN2 list=WANAll
/interface pptp-server server
set authentication=chap,mschap1,mschap2 enabled=yes
/interface wireless access-list
add interface=wlan5GHz vlan-mode=no-tag
/interface wireless cap
# 
set bridge=bridgeLAN caps-man-addresses=127.0.0.1 enabled=yes interfaces=\
    wlan5GHz
/ip accounting
set threshold=2560
/ip accounting web-access
set accessible-via-web=yes address=192.168.0.0/24
/ip address
add address=192.168.0.1/24 interface=ether3-LAN network=192.168.0.0
add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=5m
/ip dhcp-client
add comment=defconf disabled=no interface=ether1-WAN1 script=":if (\$bound=1) \
    do={   \r\
    \n   /ip firewall address-list add list=WAN1-ADDR address=\$\"lease-addres\
    s\"\r\
    \n} else={\r\
    \n  /ip firewall address-list remove [find where list=WAN1-ADDR]\r\
    \n}"
/ip dhcp-server lease
add address=192.168.0.47 comment="Chromecast 3 Papas" mac-address=\
    7C:D9:5C:46:94:EC server=defconf
add address=192.168.0.41 comment=Roku mac-address=B8:A1:75:D4:E8:B4 server=\
    defconf
add address=192.168.0.33 client-id=1:e0:d5:5e:12:c8:d6 comment="Hector PC" \
    mac-address=E0:D5:5E:12:C8:D6 server=defconf
add address=192.168.0.46 comment="Chromecast 2 Cocina" mac-address=\
    48:D6:D5:14:48:60 server=defconf
add address=192.168.0.45 comment="Chromecast 1 Alex" mac-address=\
    A4:77:33:2F:1F:86 server=defconf
add address=192.168.0.34 client-id=1:54:e6:fc:86:56:10 comment="Alex PC" \
    mac-address=54:E6:FC:86:56:10 server=defconf
add address=192.168.0.24 comment="Nintendo Switch" mac-address=\
    58:2F:40:C3:29:D2 server=defconf
add address=192.168.0.29 client-id=1:e8:61:7e:53:19:7d comment="PS4 WiFi" \
    mac-address=E8:61:7E:53:19:7D server=defconf
add address=192.168.0.55 comment="Foco Papas" mac-address=CC:50:E3:65:0C:09 \
    server=defconf
add address=192.168.0.57 comment="Foco Hector" mac-address=60:01:94:ED:E1:23 \
    server=defconf
add address=192.168.0.58 comment="Foco Alex" mac-address=D8:F1:5B:98:92:63 \
    server=defconf
add address=192.168.0.56 comment="Foco Sala" mac-address=EC:FA:BC:4A:55:54 \
    server=defconf
add address=192.168.0.150 comment=DHCP mac-address=12:34:56:78:90:12 server=\
    defconf
add address=192.168.0.11 client-id=1:0:30:67:53:22:f2 comment=LibreELEC \
    mac-address=00:30:67:53:22:F2 server=defconf
add address=192.168.0.28 client-id=1:70:9e:29:c0:fa:49 comment="PS4 LAN" \
    mac-address=70:9E:29:C0:FA:49 server=defconf
add address=192.168.0.26 client-id=1:0:1d:d8:af:d0:8b comment="Xbox 360" \
    mac-address=00:1D:D8:AF:D0:8B server=defconf
add address=192.168.0.25 client-id=1:cc:7e:e7:df:99:b4 comment="TV Panasonic" \
    mac-address=CC:7E:E7:DF:99:B4 server=defconf
add address=192.168.0.27 client-id=1:0:1f:a7:4e:d2:eb comment="PS3 LAN" \
    mac-address=00:1F:A7:4E:D2:EB server=defconf
add address=192.168.0.53 comment="Google Home Sala " mac-address=\
    00:F6:20:90:AB:F0 server=defconf
add address=192.168.0.48 comment="Chromecast 3 Hector" mac-address=\
    7C:D9:5C:3E:67:B2 server=defconf
add address=192.168.0.51 comment="Google Home Mini Hector" mac-address=\
    D4:F5:47:21:0A:E0 server=defconf
add address=192.168.0.54 comment="Google Nest Hub Cocina" mac-address=\
    1C:F2:9A:0C:76:F4 server=defconf
add address=192.168.0.52 comment="Google Home Mini Alex" mac-address=\
    D4:F5:47:0D:C3:27 server=defconf
add address=192.168.0.49 comment="Chromecast 3 Sala" mac-address=\
    F0:5C:77:4D:44:BD server=defconf
add address=192.168.0.50 comment="Google Home Mini Papas" mac-address=\
    D4:F5:47:17:4E:9F server=defconf
add address=192.168.0.35 client-id=1:30:9c:23:b3:7d:cd comment="Gissela PC" \
    mac-address=30:9C:23:B3:7D:CD server=defconf
add address=192.168.0.13 client-id=1:b8:27:eb:f4:83:65 comment=\
    "LibreELEC Pi 3" mac-address=B8:27:EB:F4:83:65 server=defconf
add address=192.168.0.14 client-id=1:b8:27:eb:a1:d6:30 mac-address=\
    B8:27:EB:A1:D6:30 server=defconf
add address=192.168.0.6 comment="ESXi Server" mac-address=1C:87:2C:43:BE:E2 \
    server=defconf
add address=192.168.0.36 client-id=1:8:21:ef:c5:2f:18 comment=\
    "Galaxy Tab S2 Alex" mac-address=08:21:EF:C5:2F:18 server=defconf
add address=192.168.0.37 client-id=1:f0:76:6f:73:a7:7c comment="Ipad Hector" \
    mac-address=F0:76:6F:73:A7:7C server=defconf
add address=192.168.20.99 comment=GuestWiFi mac-address=12:12:12:12:12:12
add address=192.168.0.124 client-id=1:2c:27:d7:88:9c:e2 comment="HP Printer" \
    mac-address=2C:27:D7:88:9C:E2 server=defconf
add address=192.168.0.122 client-id=1:30:7:4d:6b:7d:1b comment="Galaxy S8" \
    mac-address=30:07:4D:6B:7D:1B server=defconf
add address=192.168.0.125 client-id=1:d0:13:fd:54:bc:47 comment=\
    "LG G4 Hector" mac-address=D0:13:FD:54:BC:47 server=defconf
add address=192.168.0.128 client-id=1:a8:db:3:10:e7:3d comment="Galaxy S10" \
    mac-address=A8:DB:03:10:E7:3D server=defconf
add address=192.168.0.9 client-id=1:0:c:29:43:22:30 comment=pfSense disabled=\
    yes mac-address=00:0C:29:43:22:30 server=defconf
add address=192.168.0.30 client-id=1:4:d4:c4:53:46:52 comment="Roberto PC" \
    mac-address=04:D4:C4:53:46:52 server=defconf
add address=192.168.0.17 client-id=\
    ff:bc:9a:4a:2d:0:2:0:0:ab:11:53:2:ee:36:52:a7:b:e1 comment=\
    "Splunk Linux Server" disabled=yes mac-address=00:0C:29:0F:B3:C4 server=\
    defconf
add address=192.168.0.120 client-id=1:8c:b8:4a:f7:7c:a3 comment="Galaxy S20" \
    mac-address=8C:B8:4A:F7:7C:A3 server=defconf
add address=192.168.0.12 client-id=1:72:1d:1b:c4:a:7a comment=Win7v \
    mac-address=72:1D:1B:C4:0A:7A server=defconf
add address=192.168.0.38 client-id=1:40:25:c2:37:da:d8 comment="Laptop Giss" \
    mac-address=40:25:C2:37:DA:D8 server=defconf
add address=192.168.0.19 client-id=1:0:c:29:8b:48:25 mac-address=\
    00:0C:29:8B:48:25 server=defconf
add address=192.168.0.18 client-id=\
    ff:bc:9a:4a:2d:0:2:0:0:ab:11:fb:6c:72:a1:c8:3e:cc:2d comment=\
    "No-Ip Server" mac-address=00:0C:29:A9:AB:81 server=defconf
add address=192.168.0.5 client-id=1:68:7f:74:a2:74:5d comment=E3000 \
    mac-address=68:7F:74:A2:74:5D server=defconf
add address=192.168.0.8 client-id=\
    ff:bc:9a:4a:2d:0:2:0:0:ab:11:d2:7a:93:3f:d1:69:c0:48 comment=pihole \
    mac-address=00:0C:29:A4:3C:9E server=defconf
add address=192.168.0.121 client-id=1:a8:b8:6e:81:b8:59 comment="LG G6" \
    mac-address=A8:B8:6E:81:B8:59 server=defconf
add address=192.168.0.7 comment="Ubuntu Proxy" mac-address=00:0C:29:C8:4A:C4
add address=192.168.0.15 client-id=1:0:c:29:6b:35:bd mac-address=\
    00:0C:29:6B:35:BD server=defconf
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf gateway=192.168.0.1 netmask=24
add address=192.168.20.0/24 gateway=192.168.20.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=104.223.91.210,104.223.91.210
/ip dns static
add address=192.168.0.1 comment=defconf name=router.lan
add address=192.168.0.19 disabled=yes name=robslamp.servehttp.com
add address=192.168.0.19 name=pendejerto.no-ip.org
/ip firewall address-list
add address=192.168.0.30 comment=Roberto disabled=yes list=TorGuargList
add address=192.168.0.41 comment=Roku list=TorGuargList
add address=192.168.0.8 comment=PiHole list=NoPiHole
add address=192.168.0.24 comment="Nintendo Switch" disabled=yes list=\
    TelnorList
add address=192.168.0.24 comment="Nintendo Switch" disabled=yes list=\
    TorGuargList
add address=192.168.0.30 comment=Roberto disabled=yes list=TelnorList
add address=192.168.0.28 comment=PS4 disabled=yes list=TelnorList
add address=192.168.0.6 comment="ESXi Server" list=TelnorList
add address=192.168.0.18 comment="No-Ip Server" list=TelnorList
add address=192.168.0.8 comment=UbuntuPiHole disabled=yes list=TelnorList
add address=192.168.0.41 comment=Roku disabled=yes list=NoPiHole
add address=192.168.20.0/24 comment="Guest SSID" list=GuestSSID-NoNetflix
add address=192.168.0.30 comment=Roberto disabled=yes list=RestrictedAccess
add address=192.168.0.19 comment=WS2019 disabled=yes list=TorGuargList
add address=192.168.0.19 comment=WS2019 list=TelnorList
add address=192.168.0.45-192.168.0.60 list=GoogleLAN
add address=192.168.0.0/24 list=RobsLAN
add address=192.168.20.0/24 comment="Guest SSID" disabled=yes list=\
    RestrictedAccess
add address=192.168.0.7 comment="Ubuntu Proxy" list=TelnorList
add address=b4a10a10b227.sn.mynetname.net list=MyPublicIP
add address=10.65.142.112 list=WAN1-ADDR
add address=10.1.2.2 list=VPN-ADDR
add address=192.168.0.15 comment="IIS Server" list=TelnorList
add address=201.143.246.54 list=WAN2-ADDR
/ip firewall filter
add action=drop chain=forward comment=Attack log-prefix="BlackList - " \
    src-address-list=BlackList
add action=reject chain=forward comment="Drop incoming DNS traffic" dst-port=\
    53 in-interface-list=WANAll protocol=tcp reject-with=\
    icmp-network-unreachable
add action=reject chain=forward dst-port=53 in-interface-list=WANAll \
    protocol=udp reject-with=icmp-network-unreachable
add action=drop chain=forward comment="Drop Internet" disabled=yes \
    in-interface-list=LAN out-interface-list=WANAll src-address-list=\
    BanInternet
add action=accept chain=forward disabled=yes in-interface-list=LAN \
    out-interface-list=WANAll
add action=drop chain=forward comment="Separar Redes" dst-address=\
    !192.168.0.8 in-interface=vlan20 out-interface=bridgeLAN src-address=\
    !192.168.0.8
add action=drop chain=forward dst-address=!192.168.0.8 in-interface=bridgeLAN \
    out-interface=vlan20 src-address=!192.168.0.8
add action=drop chain=input disabled=yes dst-address=!192.168.0.8 \
    dst-address-list=RobsLAN log=yes log-prefix="drop 20-0: " src-address=\
    !192.168.0.8 src-address-list=GuestSSID-NoNetflix
add action=reject chain=forward comment=\
    "Drop Internet by MAC  -- 44:87:FC:53:32:92" disabled=yes dst-address=\
    !192.168.0.0/24 reject-with=icmp-network-unreachable src-mac-address=\
    44:87:FC:53:32:92
add action=drop chain=forward comment="Block Facebook" dst-port=80,443 \
    log-prefix="BF1 - " protocol=tcp src-address-list=RestrictedAccess \
    tls-host=*.facebook.com
add action=drop chain=forward layer7-protocol=Facebook log-prefix="BF2 - " \
    src-address-list=RestrictedAccess
add action=drop chain=forward comment="Block YouTube" dst-port=80,443 \
    log-prefix="BF1 - " protocol=tcp src-address-list=RestrictedAccess \
    tls-host=*.youtube.com
add action=drop chain=forward layer7-protocol=Youtube log-prefix="BF2 - " \
    src-address-list=RestrictedAccess
add action=drop chain=forward comment="Block Netflix" dst-port=80,443 \
    log-prefix="BF1 - " protocol=tcp src-address-list=GuestSSID-NoNetflix \
    tls-host=*.netflix.com
add action=drop chain=forward layer7-protocol=Netflix log-prefix="BF2 - " \
    src-address-list=GuestSSID-NoNetflix
add action=drop chain=forward comment="Restrict Facebook" disabled=yes \
    log-prefix="RF1 - " packet-mark=Facebook_Pk_Up src-address-list=\
    RestrictedAccess
add action=drop chain=forward disabled=yes log-prefix="RF1 - " packet-mark=\
    Facebook_Pk_Down src-address-list=RestrictedAccess
add action=drop chain=input disabled=yes log-prefix="RF2 - " packet-mark=\
    Facebook_Pk_Up src-address-list=RestrictedAccess
add action=drop chain=input disabled=yes log-prefix="RF2 - " packet-mark=\
    Facebook_Pk_Down src-address-list=RestrictedAccess
add action=drop chain=forward comment="Restrict YouTube" disabled=yes \
    packet-mark=YouTube_Pk_Up src-address-list=RestrictedAccess
add action=drop chain=forward disabled=yes packet-mark=YouTube_Pk_Down \
    src-address-list=RestrictedAccess
add action=drop chain=input disabled=yes packet-mark=YouTube_Pk_Up \
    src-address-list=RestrictedAccess
add action=drop chain=input disabled=yes packet-mark=YouTube_Pk_Down \
    src-address-list=RestrictedAccess
add action=drop chain=forward comment="Restrict Netflix" disabled=yes \
    packet-mark=Netflix_Pk_Up src-address-list=GuestSSID-NoNetflix
add action=drop chain=forward disabled=yes packet-mark=Netflix_Pk_Down \
    src-address-list=GuestSSID-NoNetflix
add action=drop chain=input disabled=yes layer7-protocol=Netflix packet-mark=\
    Netflix_Pk_Up src-address-list=GuestSSID-NoNetflix
add action=drop chain=input disabled=yes layer7-protocol=Netflix packet-mark=\
    Netflix_Pk_Down src-address-list=GuestSSID-NoNetflix
add action=accept chain=input comment="CAPs to CAPsMAN" dst-port=5246,5247 \
    protocol=udp src-address=127.0.0.1
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=input comment="ICMP from Chromecast into Router" \
    in-interface=bridgeLAN log-prefix=Accept_Chromecast_ICMP_ protocol=icmp
add action=accept chain=icmp_chain comment="ICMP on Chromecast" dst-address=\
    8.8.8.8 in-interface=bridgeLAN log-prefix=Accept_ICMP_Chromecast \
    protocol=icmp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid log-prefix="defconf: drop invalid "
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input dst-address-type=local src-address-type=local
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN log-prefix="drop: "
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=accept chain=forward comment="Fasttrack Disable RestrictedAccess" \
    src-address-list=RestrictedAccess
add action=accept chain=forward dst-address-list=RestrictedAccess
add action=accept chain=forward comment="Fasttrack Disable TelnorList" \
    connection-mark=Telnor_Conn disabled=yes
add action=accept chain=forward disabled=yes routing-mark=TelnorWAN
add action=accept chain=forward comment="Fasttrack Disable TelnorList" \
    src-address-list=TelnorList
add action=accept chain=forward connection-state=established,related \
    dst-address-list=TelnorList
add action=accept chain=forward comment="Fasttrack Disable VPNList" \
    src-address-list=TorGuargList
add action=accept chain=forward connection-state=established,related \
    dst-address-list=TorGuargList
add action=accept chain=forward comment="Fasttrack Disable GuestWiFi" \
    src-address-list=GuestSSID-NoNetflix
add action=accept chain=forward connection-state=established,related \
    dst-address-list=GuestSSID-NoNetflix
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid log-prefix="defconf: drop invalid "
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN log-prefix=\
    "defconf: drop all from WAN not DSTNATed "
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN2 log-prefix=\
    "defconf: drop all from WAN not DSTNATed 2 "
/ip firewall mangle
add action=accept chain=prerouting comment="Izzi WAN" disabled=yes \
    dst-address-list=WAN1-ADDR in-interface=bridgeLAN
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
    yes in-interface=ether1-WAN1 new-connection-mark=Izzi_Conn passthrough=\
    yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
    yes dst-address-type=!local in-interface=bridgeLAN new-connection-mark=\
    Izzi_Conn passthrough=yes src-address-list=!TelnorList
add action=mark-routing chain=prerouting connection-mark=Izzi_Conn disabled=\
    yes dst-address-type="" in-interface=bridgeLAN new-routing-mark=IzziWAN \
    passthrough=yes src-address-list=!TelnorList
add action=mark-routing chain=output connection-mark=Izzi_Conn disabled=yes \
    new-routing-mark=IzziWAN passthrough=yes src-address-list=!TelnorList
add action=mark-routing chain=prerouting comment=Telnor disabled=yes \
    new-routing-mark=TelnorWAN passthrough=yes src-address-list=TelnorList
add action=accept chain=prerouting comment="Telnor metodo 2" \
    dst-address-list=WAN2-ADDR in-interface=bridgeLAN
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=pppoe-Telnor new-connection-mark=Telnor_Conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridgeLAN new-connection-mark=\
    Telnor_Conn passthrough=yes src-address-list=TelnorList
add action=mark-routing chain=prerouting connection-mark=Telnor_Conn \
    dst-address-type="" in-interface=bridgeLAN new-routing-mark=TelnorWAN \
    passthrough=yes src-address-list=TelnorList
add action=mark-routing chain=output connection-mark=Telnor_Conn \
    new-routing-mark=TelnorWAN passthrough=yes src-address-list=TelnorList
add action=mark-routing chain=prerouting comment=TorGuard new-routing-mark=\
    VPN passthrough=yes src-address-list=TorGuargList
add action=mark-connection chain=prerouting comment=Telnor disabled=yes \
    in-interface=pppoe-Telnor new-connection-mark=Telnor_Conn passthrough=no
add action=mark-connection chain=prerouting disabled=yes in-interface=\
    bridgeLAN new-connection-mark=Telnor_Conn passthrough=yes \
    src-address-list=TelnorList
add action=mark-routing chain=prerouting connection-mark=Telnor_Conn \
    disabled=yes new-routing-mark=TelnorWAN passthrough=yes src-address-list=\
    TelnorList
add action=mark-routing chain=output connection-mark=Telnor_Conn disabled=yes \
    new-routing-mark=TelnorWAN passthrough=yes src-address-list=TelnorList
add action=mark-connection chain=prerouting comment=TorGuard \
    connection-state=new disabled=yes in-interface-list=LAN \
    new-connection-mark=VPN_Conn passthrough=yes src-address-list=\
    TorGuargList
add action=mark-routing chain=prerouting connection-mark=VPN_Conn disabled=\
    yes new-routing-mark=VPN passthrough=no src-address-list=TorGuargList
add action=set-priority chain=postrouting comment="Set priority for WMM" \
    new-priority=from-dscp-high-3-bits passthrough=yes
add action=mark-connection chain=prerouting comment="QoS Icmp" disabled=yes \
    new-connection-mark=Icmp_Conn_Down passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=Icmp_Conn_Down \
    disabled=yes new-packet-mark=Icmp_Pk_Down passthrough=no
add action=mark-connection chain=postrouting disabled=yes \
    new-connection-mark=Icmp_Conn_Up passthrough=yes protocol=icmp
add action=mark-packet chain=postrouting connection-mark=Icmp_Conn_Up \
    disabled=yes new-packet-mark=Icmp_Pk_Up passthrough=no
add action=mark-connection chain=prerouting comment="QoS Dns" disabled=yes \
    dst-port=53 new-connection-mark=Dns_Udp_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=Dns_Udp_conn \
    disabled=yes new-packet-mark=Dns_Udp_Pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=53 \
    new-connection-mark=Dns_Dow_Conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=Dns_Dow_Conn \
    disabled=yes new-packet-mark=Dns_Dow_Pk passthrough=no
add action=mark-connection chain=prerouting comment="QoS Dota" disabled=yes \
    dst-port=27014-27050,27036,27037,8291 new-connection-mark=Dota2_Dow_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=Dota2_Dow_conn \
    disabled=yes new-packet-mark=Dota2_Dow_pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
    1500,3005,3101,20561,27017-27062,20561,4380,28960,27067 \
    new-connection-mark=dota2_udp_conn passthrough=yes protocol=udp
add action=mark-packet chain=postrouting connection-mark=dota2_udp_conn \
    disabled=yes new-packet-mark=dota2_Udp_Pqt passthrough=no
add action=mark-connection chain=prerouting comment="QoS fornite" disabled=\
    yes dst-port=\
    5060,45724,6250,137,138,9008,33234,9008,7862,7862,9012,45762,138 \
    new-connection-mark=Fornite_udp_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=Fornite_udp_conn \
    disabled=yes new-packet-mark=fornite_Udp_pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
    5222,5795-5847,1935,3478-3480,3074,6667,12400,28910,29901,29920 \
    new-connection-mark=Fornite_Dow_conn passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting connection-mark=Fornite_Dow_conn \
    disabled=yes new-packet-mark=fornite_Dow_pk passthrough=no
add action=mark-connection chain=prerouting comment="QoS wolftem" disabled=\
    yes dst-port="307,10,30711,30712,30713,30714,30715,30716,30717,30718,30719\
    ,30720,30721,30722" new-connection-mark=woltem_dow_Conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=woltem_dow_Conn \
    disabled=yes new-packet-mark=Wolftem_Dow_Pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
    40707-40718,20001 new-connection-mark=Wolftem_Udp_conn passthrough=yes \
    protocol=udp
add action=mark-packet chain=postrouting connection-mark=Wolftem_Udp_conn \
    disabled=yes new-packet-mark=Wolftem_Udp_pk passthrough=no
add action=mark-connection chain=prerouting comment="QoS LoL" disabled=yes \
    dst-port=2099,5223,5222,8393,8400,8088 new-connection-mark=LoL_Dow_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=LoL_Dow_conn \
    disabled=yes new-packet-mark=LoL_Dow_PK passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
    5000,8088,10004 new-connection-mark=LoL_Up_Pk passthrough=yes protocol=\
    udp
add action=mark-packet chain=postrouting connection-mark=LoL_Up_Pk disabled=\
    yes new-packet-mark=LoL_UP_pk passthrough=no
add action=mark-packet chain=forward connection-mark=Propaganda_conn \
    disabled=yes new-packet-mark=propagandas passthrough=no
add action=mark-connection chain=prerouting comment=HttpS_QoS disabled=yes \
    dst-port=443 new-connection-mark=Htpps_Conn_Down passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=Htpps_Conn_Down \
    disabled=yes new-packet-mark=Https_Pk_Down passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=443 \
    new-connection-mark=Https_Conn_Up passthrough=yes protocol=udp
add action=mark-packet chain=postrouting connection-mark=Https_Conn_Up \
    disabled=yes new-packet-mark=Https_Pk_Up passthrough=no
add action=mark-connection chain=prerouting comment=Http_QoS disabled=yes \
    dst-port=80,8080,9000 new-connection-mark=Http_Conn_Down passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=Http_Conn_Down \
    disabled=yes new-packet-mark=Http_Pk_Down passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
    80,8080,9000 new-connection-mark=Http_Conn_Up passthrough=yes protocol=\
    udp
add action=mark-packet chain=postrouting connection-mark=Http_Conn_Up \
    disabled=yes new-packet-mark=Http_Pk_Up passthrough=no
add action=mark-connection chain=prerouting comment=correo disabled=yes \
    dst-port=110,995,143,993,25,465,587 new-connection-mark=correo_Dow_Conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=correo_Dow_Conn \
    disabled=yes new-packet-mark=Correo_Dow_Pk passthrough=no
add action=mark-connection chain=prerouting comment="QoS wassapp" disabled=\
    yes dst-port=5222-5228,5242 new-connection-mark=Wasapp_Dow_Conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=Wasapp_Dow_Conn \
    disabled=yes new-packet-mark=Wasaap_Dow_Pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
    5222,5223,5228,5242,53,3478 new-connection-mark=Wassapp_Udp_pk \
    passthrough=yes protocol=udp
add action=mark-packet chain=postrouting connection-mark=Wassapp_Udp_pk \
    disabled=yes new-packet-mark=Wasasp_Up_Pk passthrough=no
add action=mark-connection chain=prerouting comment="play station" disabled=\
    yes dst-port=80,443,5223,10070 new-connection-mark=PlayS4_Dow_conn \
    passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=PlayS4_Dow_conn \
    disabled=yes new-packet-mark=PlayStation_Dow_Pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
    3478,3479,3658,10070 new-connection-mark=PlayStation_Up_conn passthrough=\
    yes protocol=udp
add action=mark-packet chain=postrouting connection-mark=PlayStation_Up_conn \
    disabled=yes new-packet-mark=Playstation_Up_Pk passthrough=no protocol=\
    udp
add action=mark-connection chain=prerouting comment="QoS xbox" disabled=yes \
    dst-port=3070-3073 new-connection-mark=Xbox_dow_conn passthrough=yes \
    protocol=tcp
add action=mark-packet chain=prerouting connection-mark=Xbox_dow_conn \
    disabled=yes new-packet-mark=Xbox_Dow_pk passthrough=no
add action=mark-connection chain=postrouting disabled=yes dst-port=\
    88,3074,53,500,3544,4500 new-connection-mark=Xbox_UP_conn passthrough=yes \
    protocol=udp
add action=mark-packet chain=postrouting connection-mark=Xbox_UP_conn \
    disabled=yes new-packet-mark=Xbox_Up_pk passthrough=no
add action=mark-connection chain=forward comment=netflix disabled=yes \
    dst-port=22,53,80,33001,179,443 layer7-protocol=Netflix \
    new-connection-mark=Netflix_Conn_Down passthrough=yes protocol=tcp
add action=mark-packet chain=forward connection-mark=Netflix_Conn_Down \
    disabled=yes new-packet-mark=Netflix_Pk_Down passthrough=no
add action=mark-connection chain=forward disabled=yes dst-port=33001,53,123 \
    layer7-protocol=Netflix new-connection-mark=Netflix_Conn_Up passthrough=\
    yes protocol=udp
add action=mark-packet chain=forward connection-mark=Netflix_Conn_Up \
    disabled=yes new-packet-mark=Netflix_Pk_Up passthrough=no
add action=mark-connection chain=forward comment="QoS YouTube" disabled=yes \
    in-interface-list=WANAll layer7-protocol=Youtube new-connection-mark=\
    YouTube_Conn_Down passthrough=yes
add action=mark-packet chain=forward connection-mark=YouTube_Conn_Down \
    disabled=yes new-packet-mark=YouTube_Pk_Down passthrough=no
add action=mark-connection chain=forward disabled=yes in-interface=bridgeLAN \
    layer7-protocol=Youtube new-connection-mark=YouTube_Conn_Up passthrough=\
    yes
add action=mark-packet chain=forward connection-mark=YouTube_Conn_Up \
    disabled=yes new-packet-mark=YouTube_Pk_Up passthrough=no
add action=mark-connection chain=forward comment="QoS Facebook" disabled=yes \
    in-interface-list=WANAll layer7-protocol=Facebook new-connection-mark=\
    Facebook_Conn_Down passthrough=yes
add action=mark-packet chain=forward connection-mark=Facebook_Conn_Down \
    disabled=yes new-packet-mark=Facebook_Pk_Down passthrough=no
add action=mark-connection chain=forward disabled=yes in-interface=bridgeLAN \
    layer7-protocol=Facebook new-connection-mark=Facebook_Conn_Up \
    passthrough=yes
add action=mark-packet chain=forward connection-mark=Facebook_Conn_Up \
    disabled=yes new-packet-mark=Facebook_Pk_Up passthrough=no
add action=add-dst-to-address-list address-list=Streaming_users \
    address-list-timeout=12h chain=prerouting comment=ReRoute \
    connection-mark=no-mark content=netflix disabled=yes dst-port=53 \
    in-interface-list=LAN protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=\
    yes dst-address-list=Streaming_users in-interface-list=LAN \
    new-connection-mark=markStreamers passthrough=yes
add action=mark-routing chain=prerouting connection-mark=markStreamers \
    disabled=yes new-routing-mark=routeStreamers passthrough=no
add action=mark-connection chain=prerouting comment=Facebook connection-mark=\
    no-mark content=facebook disabled=yes dst-port=53 new-connection-mark=\
    facebook_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=FACEBOOK_CONN \
    disabled=yes new-packet-mark=FACEBOOK_PACKET passthrough=yes
add action=mark-connection chain=prerouting comment=YouTube connection-mark=\
    no-mark content=youtube disabled=yes dst-port=53 new-connection-mark=\
    youtube_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=YOUTUBE_CONN \
    disabled=yes new-packet-mark=YOUTUBE_PACKET passthrough=yes
add action=mark-connection chain=prerouting comment=Netflix connection-mark=\
    no-mark content=netflix disabled=yes dst-port=53 new-connection-mark=\
    netflix_conn passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=NETFLIX_CONN \
    disabled=yes new-packet-mark=NETFLIX_PACKET passthrough=yes
add action=mark-connection chain=forward comment="Marcado ICMP" \
    connection-mark=no-mark disabled=yes new-connection-mark=icmp_conn \
    passthrough=yes protocol=icmp
add action=mark-packet chain=forward connection-mark=icmp_conn disabled=yes \
    new-packet-mark=icmp_packet passthrough=no
add action=mark-connection chain=forward comment=\
    "Marcado WEB HTTP HTTPS con TCP" connection-mark=no-mark disabled=yes \
    dst-port=80,443 new-connection-mark=web_conn passthrough=yes protocol=tcp
add action=mark-packet chain=forward connection-mark=web_conn disabled=yes \
    new-packet-mark=web_packet passthrough=no
add action=mark-connection chain=forward comment="Marcado Trafico QUIC" \
    connection-mark=no-mark disabled=yes new-connection-mark=quic_conn \
    passthrough=yes protocol=udp
add action=mark-packet chain=forward connection-mark=quic_conn disabled=yes \
    new-packet-mark=quic_packet passthrough=no
add action=mark-connection chain=forward comment="Marcado Resto Trafico" \
    connection-mark=no-mark disabled=yes new-connection-mark=resto_conn \
    passthrough=yes
add action=mark-packet chain=forward connection-mark=resto_conn disabled=yes \
    new-packet-mark=resto_packet passthrough=no
add action=mark-connection chain=forward comment="Mark IPsec" disabled=yes \
    ipsec-policy=in,ipsec new-connection-mark=ipsec passthrough=yes
add action=mark-connection chain=forward disabled=yes ipsec-policy=out,ipsec \
    new-connection-mark=ipsec passthrough=yes
add action=mark-connection chain=forward comment="Test Facebook" content=\
    facebook disabled=yes dst-port=53 in-interface=bridgeLAN \
    new-connection-mark=FACEBOOK_CONN_Down passthrough=yes protocol=udp
add action=mark-packet chain=forward connection-mark=FACEBOOK_CONN_Down \
    disabled=yes new-packet-mark=FACEBOOK_PACKET_Down passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin NAT Masq" dst-address=\
    192.168.0.0/24 src-address=192.168.0.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface=ether1-WAN1
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface=pppoe-Telnor
add action=masquerade chain=srcnat comment="TorGuard OpenVPN" out-interface=\
    TorGuard
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
    out-interface-list=WANAll
add action=masquerade chain=srcnat comment="defconf: masquerade" src-address=\
    192.168.20.0/24
add action=dst-nat chain=dstnat comment="UbuntuProxy SSH" dst-address-list=\
    WAN2-ADDR dst-port=22 log-prefix="SSH: " protocol=tcp to-addresses=\
    192.168.0.7 to-ports=22
add action=dst-nat chain=dstnat comment=WinServer dst-address-list=WAN2-ADDR \
    dst-address-type="" dst-port=443 protocol=tcp to-addresses=192.168.0.15 \
    to-ports=443
add action=dst-nat chain=dstnat dst-address-list=WAN2-ADDR dst-address-type=\
    "" dst-port=80 protocol=tcp to-addresses=192.168.0.15 to-ports=80
add action=dst-nat chain=dstnat comment=Pi-Hole disabled=yes \
    dst-address-list=!NoPiHole dst-port=53 protocol=udp src-address-list=\
    !NoPiHole to-addresses=192.168.0.8
add action=dst-nat chain=dstnat disabled=yes dst-address-list=!NoPiHole \
    dst-port=53 protocol=tcp src-address-list=!NoPiHole to-addresses=\
    192.168.0.8
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.8 \
    dst-port=53 protocol=udp src-address=192.168.0.0/24
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.8 \
    dst-port=53 protocol=tcp src-address=192.168.0.0/24
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.8 \
    dst-port=53 protocol=udp src-address=192.168.20.0/24
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.0.8 \
    dst-port=53 protocol=tcp src-address=192.168.20.0/24
add action=dst-nat chain=dstnat comment=ESXi disabled=yes dst-address-type=\
    local dst-port=440 protocol=tcp to-addresses=192.168.0.6 to-ports=443
add action=dst-nat chain=dstnat disabled=yes dst-address-type=local dst-port=\
    902 protocol=tcp to-addresses=192.168.0.6 to-ports=902
add action=dst-nat chain=dstnat disabled=yes dst-address-type=local dst-port=\
    903 protocol=tcp to-addresses=192.168.0.6 to-ports=903
add action=dst-nat chain=dstnat comment="UbuntuProxy Webmin" disabled=yes \
    dst-address-list=WAN2-ADDR dst-address-type="" dst-port=10000 protocol=\
    tcp to-addresses=192.168.0.7 to-ports=10000
add action=dst-nat chain=dstnat comment="WS2019 Prtg" disabled=yes \
    dst-address-list=WAN2-ADDR dst-address-type="" dst-port=450 protocol=tcp \
    to-addresses=192.168.0.19 to-ports=443
add action=dst-nat chain=dstnat comment=Proxmox disabled=yes \
    dst-address-type=local dst-port=8006 protocol=tcp to-addresses=\
    192.168.0.6 to-ports=8006
add action=dst-nat chain=dstnat comment="Redirect DNS" disabled=yes dst-port=\
    53 protocol=tcp to-addresses=192.168.0.250 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 protocol=udp \
    to-addresses=192.168.0.250 to-ports=53
add action=dst-nat chain=dstnat comment=Win10v disabled=yes dst-address-type=\
    local dst-port=8080 in-interface=TorGuard protocol=tcp to-addresses=\
    192.168.0.118 to-ports=8080
add action=dst-nat chain=dstnat comment=VPN disabled=yes dst-address-type=\
    local dst-port=1194 protocol=udp to-addresses=192.168.0.17 to-ports=1194
/ip route
add check-gateway=ping distance=1 gateway=pppoe-Telnor routing-mark=TelnorWAN
add check-gateway=ping distance=1 gateway=TorGuard routing-mark=VPN scope=255
add check-gateway=ping disabled=yes distance=1 gateway=10.65.128.1 \
    routing-mark=IzziWAN scope=255
add check-gateway=ping distance=2 gateway=8.8.4.4
/ip traffic-flow
set enabled=yes interfaces=ether1-WAN1,pppoe-Telnor,TorGuard
/ip traffic-flow target
add dst-address=192.168.0.19 port=1234 version=ipfix
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ip upnp interfaces
add interface=bridgeLAN type=internal
add interface=ether1-WAN1 type=external
add interface=ether5-WAN2 type=external
/snmp
set contact=RobsGax enabled=yes location="Home hAP ac2" trap-version=2
/system clock
set time-zone-autodetect=no time-zone-name=America/Los_Angeles
/system identity
set name="hAP ac^2"
/system logging
set 3 action=memory
add topics=wireless,debug
add action=disk1 topics=critical
add action=disk1 topics=error
add action=disk1 topics=info
add action=disk1 topics=warning
add action=disk1 topics=wireless,debug
add topics=e-mail,debug
add action=disk1 topics=e-mail,debug
add action=disk1 topics=caps,debug
add topics=caps,debug
add action=snmpdisk disabled=yes topics=snmp
add action=remote disabled=yes prefix=MikroTik topics=dhcp
add action=remote disabled=yes
/system scheduler
add interval=30m name=sched_NoIp_1 on-event="/system script run NO_IP_1" \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=aug/31/2019 start-time=15:00:00
add interval=1d name="Firmware Updater" on-event=\
    "/system script run BackupAndUpdate;" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=jan/21/2020 start-time=06:50:00
add disabled=yes interval=5m name="Data to Splunk" on-event=\
    Data_to_Splunk_using_Syslog policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=feb/28/2020 start-time=08:25:01
add interval=30m name=sched_NoIp_2 on-event="/system script run NO_IP_2" \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=aug/31/2019 start-time=15:00:00
/system script
add dont-require-permissions=no name=No_IP_1 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    ---------------------------------------------------SCRIPT INFORMATION-----\
    -----------------------------------------------\r\
    \n#\r\
    \n# Script:  Marthur's No-IP.com Dynamic DNS Update Script\r\
    \n# Version: 1.0\r\
    \n# Updated: 07/30/2018\r\
    \n# Created: 10/21/2017\r\
    \n# Author:  Marthur Jones\r\
    \n# Website: https://www.marthur.com\r\
    \n#\r\
    \n# This script is to be used in conjunction with No-IP.com's Dynamic DNS \
    Service. It is to be scheduled/ran on a Mikrotik \r\
    \n# router as replacement for No-IP's Dynamic Update Client for Windows. T\
    here are many versions of this script. However, \r\
    \n# I've made my own modifications to the original script that was created\
    \_on March 13, 2012 by riverron and published on\r\
    \n# the MikroTik Wiki here:\r\
    \n#\r\
    \n# https://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_No-IP_DNS\
    \r\
    \n#\r\
    \n# - Changed the scope of the variable that stores the previous IP addres\
    s from global to local. The local variable's value \r\
    \n#   (IP address) is now assigned via MikroTik's DNS resolution. The scri\
    pt compares the previous IP with the current IP \r\
    \n#   that is assigned to the WAN interface, if the IP addresses do not ma\
    tch, the script will update the No-IP hostname\r\
    \n#   with the IP assigned to the WAN interface.\r\
    \n#\r\
    \n# - Added variable to define the log destination path that the script pu\
    lls from No-IP.com after a DDNS IP update.\r\
    \n#\r\
    \n# - Made variable name changes.\r\
    \n#\r\
    \n#-----------------------------------------------TESTED USING THE FOLLOWI\
    NG------------------------------------------------\r\
    \n#\r\
    \n# Hardware: CCR1009-7G-1C-1S+\r\
    \n# Firmware: v3.41\r\
    \n# RouterOS: v6.40.4\r\
    \n#\r\
    \n#----------------------------------------------MODIFY THIS SECTION AS NE\
    EDED----------------------------------------------\r\
    \n\r\
    \n# No-IP account credentials.\r\
    \n:local noipUsername \"@\"\r\
    \n:local noipPassword \"\"\r\
    \n\r\
    \n# Set the hostname or label of network to be updated.\r\
    \n# Hostnames with spaces are unsupported. Replace the value in the quotat\
    ions below with your host names.\r\
    \n# To specify multiple hosts, separate them with commas.\r\
    \n:local noipHostname \"pendejerto.no-ip.org\"\r\
    \n\r\
    \n# The interface name with the assigned dynamic IP address (usually the W\
    AN interface).\r\
    \n:local wanInterface \"ether1\"\r\
    \n\r\
    \n# Log destination\r\
    \n:local logDestination \"/disk1/logs/\"\r\
    \n\r\
    \n#-----------------------------------------------------------------------\
    --------------------------------------------------\r\
    \n\r\
    \n:log warning message=\"START: No-IP DDNS Update\"\r\
    \n\r\
    \n:if ([/interface get \$wanInterface value-name=running] = true) do={\r\
    \n\r\
    \n#   Get the previous IP via DNS resolution.\r\
    \n    :local previousIP [:resolve \"\$noipHostname\"]\r\
    \n\r\
    \n#   Get the current IP on the WAN interface.\r\
    \n    :local currentIP [/ip address get [find interface=\"\$wanInterface\"\
    \_disabled=no] address]\r\
    \n\r\
    \n#   Strip net mask from IP address.\r\
    \n    :for i from=([:len \$currentIP] - 1) to=0 do={\r\
    \n        :if ([:pick \$currentIP \$i] = \"/\") do={\r\
    \n            :set currentIP [:pick \$currentIP 0 \$i]\r\
    \n        }\r\
    \n    }\r\
    \n\r\
    \n    :log info \"No-IP: DNS IP (\$previousIP), interface IP (\$currentIP)\
    \"\r\
    \n    \r\
    \n    :if (\$currentIP != \$previousIP) do={\r\
    \n        :log info \"No-IP: Current IP \$currentIP is not equal to previo\
    us IP, update needed\"\r\
    \n\r\
    \n#       The update URL. The \"\\3F\" is hex for question mark (\?). This\
    \_is required since \? is a special character in the command.\r\
    \n        :local url \"http://dynupdate.no-ip.com/nic/update\\3Fmyip=\$cur\
    rentIP\"\r\
    \n        :local noipHostnames\r\
    \n        :set noipHostnames [:toarray \$noipHostname]\r\
    \n        :foreach hostname in=\$noipHostnames do={\r\
    \n            :log info \"No-IP: Sending update for \$hostname\"\r\
    \n            /tool fetch url=(\$url . \"&hostname=\$hostname\") user=\$no\
    ipUsername password=\$noipPassword mode=http dst-path=(\$logDestination . \
    \"no-ip_ddns_update-\" . \$hostname . \".txt\")\r\
    \n            :log info \"No-IP: Host \$hostname updated on No-IP with IP \
    \$currentIP\"\r\
    \n        }\r\
    \n    }   else={\r\
    \n        :log info \"No-IP: Previous IP \$previousIP is equal to current \
    IP, no update needed\"\r\
    \n        }\r\
    \n\r\
    \n}   else={\r\
    \n    :log info \"No-IP: \$wanInterface is not currently running, unable t\
    o verify and/or update IP.\"\r\
    \n    }\r\
    \n    \r\
    \n:log warning message=\"END: No-IP DDNS Update\""
add dont-require-permissions=no name=No_IP_2 owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    ---------------------------------------------------SCRIPT INFORMATION-----\
    -----------------------------------------------\r\
    \n#\r\
    \n# Script:  Marthur's No-IP.com Dynamic DNS Update Script\r\
    \n# Version: 1.0\r\
    \n# Updated: 07/30/2018\r\
    \n# Created: 10/21/2017\r\
    \n# Author:  Marthur Jones\r\
    \n# Website: https://www.marthur.com\r\
    \n#\r\
    \n# This script is to be used in conjunction with No-IP.com's Dynamic DNS \
    Service. It is to be scheduled/ran on a Mikrotik \r\
    \n# router as replacement for No-IP's Dynamic Update Client for Windows. T\
    here are many versions of this script. However, \r\
    \n# I've made my own modifications to the original script that was created\
    \_on March 13, 2012 by riverron and published on\r\
    \n# the MikroTik Wiki here:\r\
    \n#\r\
    \n# https://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_No-IP_DNS\
    \r\
    \n#\r\
    \n# - Changed the scope of the variable that stores the previous IP addres\
    s from global to local. The local variable's value \r\
    \n#   (IP address) is now assigned via MikroTik's DNS resolution. The scri\
    pt compares the previous IP with the current IP \r\
    \n#   that is assigned to the WAN interface, if the IP addresses do not ma\
    tch, the script will update the No-IP hostname\r\
    \n#   with the IP assigned to the WAN interface.\r\
    \n#\r\
    \n# - Added variable to define the log destination path that the script pu\
    lls from No-IP.com after a DDNS IP update.\r\
    \n#\r\
    \n# - Made variable name changes.\r\
    \n#\r\
    \n#-----------------------------------------------TESTED USING THE FOLLOWI\
    NG------------------------------------------------\r\
    \n#\r\
    \n# Hardware: CCR1009-7G-1C-1S+\r\
    \n# Firmware: v3.41\r\
    \n# RouterOS: v6.40.4\r\
    \n#\r\
    \n#----------------------------------------------MODIFY THIS SECTION AS NE\
    EDED----------------------------------------------\r\
    \n\r\
    \n# No-IP account credentials.\r\
    \n:local noipUsername \"@\"\r\
    \n:local noipPassword \"\"\r\
    \n\r\
    \n# Set the hostname or label of network to be updated.\r\
    \n# Hostnames with spaces are unsupported. Replace the value in the quotat\
    ions below with your host names.\r\
    \n# To specify multiple hosts, separate them with commas.\r\
    \n:local noipHostname \"robslamp.servehttp.com\"\r\
    \n\r\
    \n# The interface name with the assigned dynamic IP address (usually the W\
    AN interface).\r\
    \n:local wanInterface \"ether1\"\r\
    \n\r\
    \n# Log destination\r\
    \n:local logDestination \"/disk1/logs/\"\r\
    \n\r\
    \n#-----------------------------------------------------------------------\
    --------------------------------------------------\r\
    \n\r\
    \n:log warning message=\"START: No-IP DDNS Update\"\r\
    \n\r\
    \n:if ([/interface get \$wanInterface value-name=running] = true) do={\r\
    \n\r\
    \n#   Get the previous IP via DNS resolution.\r\
    \n    :local previousIP [:resolve \"\$noipHostname\"]\r\
    \n\r\
    \n#   Get the current IP on the WAN interface.\r\
    \n    :local currentIP [/ip address get [find interface=\"\$wanInterface\"\
    \_disabled=no] address]\r\
    \n\r\
    \n#   Strip net mask from IP address.\r\
    \n    :for i from=([:len \$currentIP] - 1) to=0 do={\r\
    \n        :if ([:pick \$currentIP \$i] = \"/\") do={\r\
    \n            :set currentIP [:pick \$currentIP 0 \$i]\r\
    \n        }\r\
    \n    }\r\
    \n\r\
    \n    :log info \"No-IP: DNS IP (\$previousIP), interface IP (\$currentIP)\
    \"\r\
    \n    \r\
    \n    :if (\$currentIP != \$previousIP) do={\r\
    \n        :log info \"No-IP: Current IP \$currentIP is not equal to previo\
    us IP, update needed\"\r\
    \n\r\
    \n#       The update URL. The \"\\3F\" is hex for question mark (\?). This\
    \_is required since \? is a special character in the command.\r\
    \n        :local url \"http://dynupdate.no-ip.com/nic/update\\3Fmyip=\$cur\
    rentIP\"\r\
    \n        :local noipHostnames\r\
    \n        :set noipHostnames [:toarray \$noipHostname]\r\
    \n        :foreach hostname in=\$noipHostnames do={\r\
    \n            :log info \"No-IP: Sending update for \$hostname\"\r\
    \n            /tool fetch url=(\$url . \"&hostname=\$hostname\") user=\$no\
    ipUsername password=\$noipPassword mode=http dst-path=(\$logDestination . \
    \"no-ip_ddns_update-\" . \$hostname . \".txt\")\r\
    \n            :log info \"No-IP: Host \$hostname updated on No-IP with IP \
    \$currentIP\"\r\
    \n        }\r\
    \n    }   else={\r\
    \n        :log info \"No-IP: Previous IP \$previousIP is equal to current \
    IP, no update needed\"\r\
    \n        }\r\
    \n\r\
    \n}   else={\r\
    \n    :log info \"No-IP: \$wanInterface is not currently running, unable t\
    o verify and/or update IP.\"\r\
    \n    }\r\
    \n    \r\
    \n:log warning message=\"END: No-IP DDNS Update\""
add dont-require-permissions=no name=BackupAndUpdate owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    \_Script name: BackupAndUpdate\r\
    \n#\r\
    \n#----------SCRIPT INFORMATION-------------------------------------------\
    --------\r\
    \n#\r\
    \n# Script:  Mikrotik RouterOS automatic backup & update\r\
    \n# Version: 20.04.17\r\
    \n# Created: 07/08/2018\r\
    \n# Updated: 17/04/2020\r\
    \n# Author:  Alexander Tebiev\r\
    \n# Website: https://github.com/beeyev\r\
    \n# You can contact me by e-mail at tebiev@mail.com\r\
    \n#\r\
    \n# IMPORTANT!\r\
    \n# Minimum supported RouterOS version is v6.43.7\r\
    \n#\r\
    \n#----------MODIFY THIS SECTION AS NEEDED--------------------------------\
    --------\r\
    \n## Notification e-mail\r\
    \n## (Make sure you have configurated Email settings in Tools -> Email)\r\
    \n:local emailAddress \"recgaxiola@gmail.com\";\r\
    \n\r\
    \n## Script mode, possible values: backup, osupdate, osnotify.\r\
    \n# backup \t- \tOnly backup will be performed. (default value, if none pr\
    ovided)\r\
    \n#\r\
    \n# osupdate \t- \tThe Script will install a new RouterOS if it is availab\
    le.\r\
    \n#\t\t\t\tIt will also create backups before and after update process.\r\
    \n#\t\t\t\tEmail will be sent only if a new RouterOS is available.\r\
    \n#\t\t\t\tChange parameter `forceBackup` if you need the script to create\
    \_backups every time when it runs.\r\
    \n#\r\
    \n# osnotify \t- \tThe script will send email notification only (without b\
    ackups) if a new RouterOS is available.\r\
    \n#\t\t\t\tChange parameter `forceBackup` if you need the script to create\
    \_backups every time when it runs.\r\
    \n:local scriptMode \"osnotify\";\r\
    \n\r\
    \n## Additional parameter if you set `scriptMode` to `osupdate` or `osnoti\
    fy`\r\
    \n# Set `true` if you want the script to perform backup every time it's fi\
    red, whatever script mode is set.\r\
    \n:local forceBackup true;\r\
    \n\r\
    \n## Backup encryption password, no encryption if no password.\r\
    \n:local backupPassword \"\"\r\
    \n\r\
    \n## If true, passwords will be included in exported config.\r\
    \n:local sensetiveDataInConfig false;\r\
    \n\r\
    \n## Update channel. Possible values: stable, long-term, testing, developm\
    ent\r\
    \n:local updateChannel \"stable\";\r\
    \n\r\
    \n## Install only patch versions of RouterOS updates.\r\
    \n## Works only if you set scriptMode to \"osupdate\"\r\
    \n## Means that new update will be installed only if MAJOR and MINOR versi\
    on numbers remained the same as currently installed RouterOS.\r\
    \n## Example: v6.43.6 => major.minor.PATCH\r\
    \n## Script will send information if new version is greater than just patc\
    h.\r\
    \n:local installOnlyPatchUpdates\tfalse;\r\
    \n\r\
    \n##----------------------------------------------------------------------\
    --------------------##\r\
    \n#  !!!! DO NOT CHANGE ANYTHING BELOW THIS LINE, IF YOU ARE NOT SURE WHAT\
    \_YOU ARE DOING !!!!  #\r\
    \n##----------------------------------------------------------------------\
    --------------------##\r\
    \n\r\
    \n#Script messages prefix\r\
    \n:local SMP \"Bkp&Upd:\"\r\
    \n\r\
    \n:log info \"\\r\\n\$SMP script \\\"Mikrotik RouterOS automatic backup & \
    update\\\" started.\";\r\
    \n:log info \"\$SMP Script Mode: \$scriptMode, forceBackup: \$forceBackup\
    \";\r\
    \n\r\
    \n#Check proper email config\r\
    \n:if ([:len \$emailAddress] = 0 or [:len [/tool e-mail get address]] = 0 \
    or [:len [/tool e-mail get from]] = 0) do={\r\
    \n\t:log error (\"\$SMP Email configuration is not correct, please check T\
    ools -> Email. Script stopped.\");   \r\
    \n\t:error \"\$SMP bye!\";\r\
    \n}\r\
    \n\r\
    \n#Check if proper identity name is set\r\
    \nif ([:len [/system identity get name]] = 0 or [/system identity get name\
    ] = \"MikroTik\") do={\r\
    \n\t:log warning (\"\$SMP Please set identity name of your device (System \
    -> Identity), keep it short and informative.\");  \r\
    \n};\r\
    \n\r\
    \n############### vvvvvvvvv GLOBALS vvvvvvvvv ###############\r\
    \n# Function converts standard mikrotik build versions to the number.\r\
    \n# Possible arguments: paramOsVer\r\
    \n# Example:\r\
    \n# :put [\$buGlobalFuncGetOsVerNum paramOsVer=[/system routerboard get cu\
    rrent-RouterOS]];\r\
    \n# result will be: 64301, because current RouterOS version is: 6.43.1\r\
    \n:global buGlobalFuncGetOsVerNum do={\r\
    \n\t:local osVer \$paramOsVer;\r\
    \n\t:local osVerNum;\r\
    \n\t:local osVerMicroPart;\r\
    \n\t:local zro 0;\r\
    \n\t:local tmp;\r\
    \n\t\r\
    \n\t# Replace word `beta` with dot\r\
    \n\t:local isBetaPos [:tonum [:find \$osVer \"beta\" 0]];\r\
    \n\t:if (\$isBetaPos > 1) do={\r\
    \n\t\t:set osVer ([:pick \$osVer 0 \$isBetaPos] . \".\" . [:pick \$osVer (\
    \$isBetaPos + 4) [:len \$osVer]]);\r\
    \n\t}\r\
    \n\t\r\
    \n\t:local dotPos1 [:find \$osVer \".\" 0];\r\
    \n\r\
    \n\t:if (\$dotPos1 > 0) do={ \r\
    \n\r\
    \n\t\t# AA\r\
    \n\t\t:set osVerNum  [:pick \$osVer 0 \$dotPos1];\r\
    \n\t\t\r\
    \n\t\t:local dotPos2 [:find \$osVer \".\" \$dotPos1];\r\
    \n\t\t\t\t#Taking minor version, everything after first dot\r\
    \n\t\t:if ([:len \$dotPos2] = 0) \tdo={:set tmp [:pick \$osVer (\$dotPos1+\
    1) [:len \$osVer]];}\r\
    \n\t\t#Taking minor version, everything between first and second dots\r\
    \n\t\t:if (\$dotPos2 > 0) \t\t\tdo={:set tmp [:pick \$osVer (\$dotPos1+1) \
    \$dotPos2];}\r\
    \n\t\t\r\
    \n\t\t# AA 0B\r\
    \n\t\t:if ([:len \$tmp] = 1) \tdo={:set osVerNum \"\$osVerNum\$zro\$tmp\";\
    }\r\
    \n\t\t# AA BB\r\
    \n\t\t:if ([:len \$tmp] = 2) \tdo={:set osVerNum \"\$osVerNum\$tmp\";}\r\
    \n\t\t\r\
    \n\t\t:if (\$dotPos2 > 0) do={ \r\
    \n\t\t\t:set tmp [:pick \$osVer (\$dotPos2+1) [:len \$osVer]];\r\
    \n\t\t\t# AA BB 0C\r\
    \n\t\t\t:if ([:len \$tmp] = 1) do={:set osVerNum \"\$osVerNum\$zro\$tmp\";\
    }\r\
    \n\t\t\t# AA BB CC\r\
    \n\t\t\t:if ([:len \$tmp] = 2) do={:set osVerNum \"\$osVerNum\$tmp\";}\r\
    \n\t\t} else={\r\
    \n\t\t\t# AA BB 00\r\
    \n\t\t\t:set osVerNum \"\$osVerNum\$zro\$zro\";\r\
    \n\t\t}\r\
    \n\t} else={\r\
    \n\t\t# AA 00 00\r\
    \n\t\t:set osVerNum \"\$osVer\$zro\$zro\$zro\$zro\";\r\
    \n\t}\r\
    \n\r\
    \n\t:return \$osVerNum;\r\
    \n}\r\
    \n\r\
    \n# Function creates backups (system and config) and returns array with na\
    mes\r\
    \n# Possible arguments: \r\
    \n#\t`backupName` \t\t\t| string\t| backup file name, without extension!\r\
    \n#\t`backupPassword`\t\t| string \t|\r\
    \n#\t`sensetiveDataInConfig`\t| boolean \t|\r\
    \n# Example:\r\
    \n# :put [\$buGlobalFuncCreateBackups name=\"daily-backup\"];\r\
    \n:global buGlobalFuncCreateBackups do={\r\
    \n\t:log info (\"\$SMP Global function \\\"buGlobalFuncCreateBackups\\\" w\
    as fired.\");  \r\
    \n\t\r\
    \n\t:local backupFileSys \"\$backupName.backup\";\r\
    \n\t:local backupFileConfig \"\$backupName.rsc\";\r\
    \n\t:local backupNames {\$backupFileSys;\$backupFileConfig};\r\
    \n\r\
    \n\t## Make system backup\r\
    \n\t:if ([:len \$backupPassword] = 0) do={\r\
    \n\t\t/system backup save dont-encrypt=yes name=\$backupName;\r\
    \n\t} else={\r\
    \n\t\t/system backup save password=\$backupPassword name=\$backupName;\r\
    \n\t}\r\
    \n\t:log info (\"\$SMP System backup created. \$backupFileSys\");   \r\
    \n\r\
    \n\t## Export config file\r\
    \n\t:if (\$sensetiveDataInConfig = true) do={\r\
    \n\t\t/export compact file=\$backupName;\r\
    \n\t} else={\r\
    \n\t\t/export compact hide-sensitive file=\$backupName;\r\
    \n\t}\r\
    \n\t:log info (\"\$SMP Config file was exported. \$backupFileConfig\");   \
    \r\
    \n\r\
    \n\t#Delay after creating backups\r\
    \n\t:delay 5s;\t\r\
    \n\t:return \$backupNames;\r\
    \n}\r\
    \n\r\
    \n:global buGlobalVarUpdateStep;\r\
    \n############### ^^^^^^^^^ GLOBALS ^^^^^^^^^ ###############\r\
    \n\r\
    \n#Current date time in format: 2020jan15-221324 \r\
    \n:local dateTime ([:pick [/system clock get date] 7 11] . [:pick [/system\
    \_clock get date] 0 3] . [:pick [/system clock get date] 4 6] . \"-\" . [:\
    pick [/system clock get time] 0 2] . [:pick [/system clock get time] 3 5] \
    . [:pick [/system clock get time] 6 8]);\r\
    \n\r\
    \n:local deviceOsVerInst \t\t\t[/system package update get installed-versi\
    on];\r\
    \n:local deviceOsVerInstNum \t\t[\$buGlobalFuncGetOsVerNum paramOsVer=\$de\
    viceOsVerInst];\r\
    \n:local deviceOsVerAvail \t\t\"\";\r\
    \n:local deviceOsVerAvailNum \t\t0;\r\
    \n:local deviceRbModel\t\t\t[/system routerboard get model];\r\
    \n:local deviceRbSerialNumber \t[/system routerboard get serial-number];\r\
    \n:local deviceRbCurrentFw \t\t[/system routerboard get current-firmware];\
    \r\
    \n:local deviceRbUpgradeFw \t\t[/system routerboard get upgrade-firmware];\
    \r\
    \n:local deviceIdentityName \t\t[/system identity get name];\r\
    \n:local deviceIdentityNameShort \t[:pick \$deviceIdentityName 0 18]\r\
    \n:local deviceUpdateChannel \t\t[/system package update get channel];\r\
    \n\r\
    \n:local isOsUpdateAvailable \tfalse;\r\
    \n:local isOsNeedsToBeUpdated\tfalse;\r\
    \n\r\
    \n:local isSendEmailRequired\ttrue;\r\
    \n\r\
    \n:local mailSubject   \t\t\"\$SMP Device - \$deviceIdentityNameShort.\";\
    \r\
    \n:local mailBody \t \t\t\"\";\r\
    \n\r\
    \n:local mailBodyDeviceInfo\t\"\\r\\n\\r\\nDevice information: \\r\\nIdent\
    ity: \$deviceIdentityName \\r\\nModel: \$deviceRbModel \\r\\nSerial number\
    : \$deviceRbSerialNumber \\r\\nCurrent RouterOS: \$deviceOsVerInst (\$[/sy\
    stem package update get channel]) \$[/system resource get build-time] \\r\
    \\nCurrent routerboard FW: \$deviceRbCurrentFw \\r\\nDevice uptime: \$[/sy\
    stem resource get uptime]\";\r\
    \n:local mailBodyCopyright \t\"\\r\\n\\r\\nMikrotik RouterOS automatic bac\
    kup & update \\r\\nhttps://github.com/beeyev/Mikrotik-RouterOS-automatic-b\
    ackup-and-update\";\r\
    \n:local changelogUrl\t\t\t(\"Check RouterOS changelog: https://mikrotik.c\
    om/download/changelogs/\" . \$updateChannel . \"-release-tree\");\r\
    \n\r\
    \n:local backupName \t\t\t\"\$deviceIdentityName.\$deviceRbModel.\$deviceR\
    bSerialNumber.v\$deviceOsVerInst.\$deviceUpdateChannel.\$dateTime\";\r\
    \n:local backupNameBeforeUpd\t\"backup_before_update_\$backupName\";\r\
    \n:local backupNameAfterUpd\t\"backup_after_update_\$backupName\";\r\
    \n\r\
    \n:local backupNameFinal\t\t\$backupName;\r\
    \n:local mailAttachments\t\t[:toarray \"\"];\r\
    \n\r\
    \n:local updateStep \$buGlobalVarUpdateStep;\r\
    \n:do {/system script environment remove buGlobalVarUpdateStep;} on-error=\
    {}\r\
    \n:if ([:len \$updateStep] = 0) do={\r\
    \n\t:set updateStep 1;\r\
    \n}\r\
    \n\r\
    \n\r\
    \n## \tSTEP ONE: Creating backups, checking for new RouterOs version and s\
    ending email with backups,\r\
    \n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
    te device and if new RouterOs is available.\r\
    \n:if (\$updateStep = 1) do={\r\
    \n\t:log info (\"\$SMP Performing the first step.\");   \r\
    \n\r\
    \n\t# Checking for new RouterOS version\r\
    \n\tif (\$scriptMode = \"osupdate\" or \$scriptMode = \"osnotify\") do={\r\
    \n\t\tlog info (\"\$SMP Checking for new RouterOS version. Current version\
    \_is: \$deviceOsVerInst\");\r\
    \n\t\t/system package update set channel=\$updateChannel;\r\
    \n\t\t/system package update check-for-updates;\r\
    \n\t\t:delay 5s;\r\
    \n\t\t:set deviceOsVerAvail [/system package update get latest-version];\r\
    \n\r\
    \n\t\t# If there is a problem getting information about available RouterOS\
    \_from server\r\
    \n\t\t:if ([:len \$deviceOsVerAvail] = 0) do={\r\
    \n\t\t\t:log warning (\"\$SMP There is a problem getting information about\
    \_new RouterOS from server.\");\r\
    \n\t\t\t:set mailSubject\t(\$mailSubject . \" Error: No data about new Rou\
    terOS!\")\r\
    \n\t\t\t:set mailBody \t\t(\$mailBody . \"Error occured! \\r\\nMikrotik co\
    uldn't get any information about new RouterOS from server! \\r\\nWatch add\
    itional information in device logs.\")\r\
    \n\t\t} else={\r\
    \n\t\t\t#Get numeric version of OS\r\
    \n\t\t\t:set deviceOsVerAvailNum [\$buGlobalFuncGetOsVerNum paramOsVer=\$d\
    eviceOsVerAvail];\r\
    \n\r\
    \n\t\t\t# Checking if OS on server is greater than installed one.\r\
    \n\t\t\t:if (\$deviceOsVerAvailNum > \$deviceOsVerInstNum) do={\r\
    \n\t\t\t\t:set isOsUpdateAvailable true;\r\
    \n\t\t\t\t:log info (\"\$SMP New RouterOS is available! \$deviceOsVerAvail\
    \");\r\
    \n\t\t\t} else={\r\
    \n\t\t\t\t:set isSendEmailRequired false;\r\
    \n\t\t\t\t:log info (\"\$SMP System is already up to date.\");\r\
    \n\t\t\t\t:set mailSubject (\$mailSubject . \" No new OS updates.\");\r\
    \n\t\t\t\t:set mailBody \t (\$mailBody . \"Your system is up to date.\");\
    \r\
    \n\t\t\t}\r\
    \n\t\t};\r\
    \n\t} else={\r\
    \n\t\t:set scriptMode \"backup\";\r\
    \n\t};\r\
    \n\r\
    \n\tif (\$forceBackup = true) do={\r\
    \n\t\t# In this case the script will always send email, because it has to \
    create backups\r\
    \n\t\t:set isSendEmailRequired true;\r\
    \n\t}\r\
    \n\r\
    \n\t# if new OS version is available to install\r\
    \n\tif (\$isOsUpdateAvailable = true and \$isSendEmailRequired = true) do=\
    {\r\
    \n\t\t# If we only need to notify about new available version\r\
    \n\t\tif (\$scriptMode = \"osnotify\") do={\r\
    \n\t\t\t:set mailSubject \t(\$mailSubject . \" New RouterOS is available! \
    v.\$deviceOsVerAvail.\")\r\
    \n\t\t\t:set mailBody \t\t(\$mailBody . \"New RouterOS version is availabl\
    e to install: v.\$deviceOsVerAvail (\$updateChannel) \\r\\n\$changelogUrl\
    \")\r\
    \n\t\t}\r\
    \n\r\
    \n\t\t# if we need to initiate RouterOs update process\r\
    \n\t\tif (\$scriptMode = \"osupdate\") do={\r\
    \n\t\t\t:set isOsNeedsToBeUpdated true;\r\
    \n\t\t\t# if we need to install only patch updates\r\
    \n\t\t\t:if (\$installOnlyPatchUpdates = true) do={\r\
    \n\t\t\t\t#Check if Major and Minor builds are the same.\r\
    \n\t\t\t\t:if ([:pick \$deviceOsVerInstNum 0 ([:len \$deviceOsVerInstNum]-\
    2)] = [:pick \$deviceOsVerAvailNum 0 ([:len \$deviceOsVerAvailNum]-2)]) do\
    ={\r\
    \n\t\t\t\t\t:log info (\"\$SMP New patch version of RouterOS firmware is a\
    vailable.\");   \r\
    \n\t\t\t\t} else={\r\
    \n\t\t\t\t\t:log info (\"\$SMP New major or minor version of RouterOS firm\
    ware is available. You need to update it manually.\");\r\
    \n\t\t\t\t\t:set mailSubject \t(\$mailSubject . \" New RouterOS: v.\$devic\
    eOsVerAvail needs to be installed manually.\");\r\
    \n\t\t\t\t\t:set mailBody \t\t(\$mailBody . \"New major or minor RouterOS \
    version is available to install: v.\$deviceOsVerAvail (\$updateChannel). \
    \\r\\nYou chose to automatically install only patch updates, so this major\
    \_update you need to install manually. \\r\\n\$changelogUrl\");\r\
    \n\t\t\t\t\t:set isOsNeedsToBeUpdated false;\r\
    \n\t\t\t\t}\r\
    \n\t\t\t}\r\
    \n\r\
    \n\t\t\t#Check again, because this variable could be changed during checki\
    ng for installing only patch updats\r\
    \n\t\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
    \n\t\t\t\t:log info (\"\$SMP New RouterOS is going to be installed! v.\$de\
    viceOsVerInst -> v.\$deviceOsVerAvail\");\r\
    \n\t\t\t\t:set mailSubject\t(\$mailSubject . \" New RouterOS is going to b\
    e installed! v.\$deviceOsVerInst -> v.\$deviceOsVerAvail.\");\r\
    \n\t\t\t\t:set mailBody \t\t(\$mailBody . \"Your Mikrotik will be updated \
    to the new RouterOS version from v.\$deviceOsVerInst to v.\$deviceOsVerAva\
    il (Update channel: \$updateChannel) \\r\\nFinal report with the detailed \
    information will be sent when update process is completed. \\r\\nIf you ha\
    ve not received second email in the next 5 minutes, then probably somethin\
    g went wrong. (Check your device logs)\");\r\
    \n\t\t\t\t#!! There is more code connected to this part and first step at \
    the end of the script.\r\
    \n\t\t\t}\r\
    \n\t\t\r\
    \n\t\t}\r\
    \n\t}\r\
    \n\r\
    \n\t## Checking If the script needs to create a backup\r\
    \n\t:log info (\"\$SMP Checking If the script needs to create a backup.\")\
    ;\r\
    \n\tif (\$forceBackup = true or \$scriptMode = \"backup\" or \$isOsNeedsTo\
    BeUpdated = true) do={\r\
    \n\t\t:log info (\"\$SMP Creating system backups.\");\r\
    \n\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
    \n\t\t\t:set backupNameFinal \$backupNameBeforeUpd;\r\
    \n\t\t};\r\
    \n\t\tif (\$scriptMode != \"backup\") do={\r\
    \n\t\t\t:set mailBody (\$mailBody . \"\\r\\n\\r\\n\");\r\
    \n\t\t};\r\
    \n\r\
    \n\t\t:set mailSubject\t(\$mailSubject . \" Backup was created.\");\r\
    \n\t\t:set mailBody\t\t(\$mailBody . \"System backups were created and att\
    ached to this email.\");\r\
    \n\r\
    \n\t\t:set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backu\
    pNameFinal backupPassword=\$backupPassword sensetiveDataInConfig=\$senseti\
    veDataInConfig];\r\
    \n\t} else={\r\
    \n\t\t:log info (\"\$SMP There is no need to create a backup.\");\r\
    \n\t}\r\
    \n\r\
    \n\t# Combine fisrst step email\r\
    \n\t:set mailBody (\$mailBody . \$mailBodyDeviceInfo . \$mailBodyCopyright\
    );\r\
    \n}\r\
    \n\r\
    \n## \tSTEP TWO: (after first reboot) routerboard firmware upgrade\r\
    \n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
    te device and if new RouterOs is available.\r\
    \n:if (\$updateStep = 2) do={\r\
    \n\t:log info (\"\$SMP Performing the second step.\");   \r\
    \n\t## RouterOS is the latest, let's check for upgraded routerboard firmwa\
    re\r\
    \n\tif (\$deviceRbCurrentFw != \$deviceRbUpgradeFw) do={\r\
    \n\t\t:set isSendEmailRequired false;\r\
    \n\t\t:delay 10s;\r\
    \n\t\t:log info \"\$SMP Upgrading routerboard firmware from v.\$deviceRbCu\
    rrentFw to v.\$deviceRbUpgradeFw\";\r\
    \n\t\t## Start the upgrading process\r\
    \n\t\t/system routerboard upgrade;\r\
    \n\t\t## Wait until the upgrade is completed\r\
    \n\t\t:delay 5s;\r\
    \n\t\t:log info \"\$SMP routerboard upgrade process was completed, going t\
    o reboot in a moment!\";\r\
    \n\t\t## Set scheduled task to send final report on the next boot, task wi\
    ll be deleted when is is done. (That is why you should keep original scrip\
    t name)\r\
    \n\t\t/system schedule add name=BKPUPD-FINAL-REPORT-ON-NEXT-BOOT on-event=\
    \":delay 5s; /system scheduler remove BKPUPD-FINAL-REPORT-ON-NEXT-BOOT; :g\
    lobal buGlobalVarUpdateStep 3; :delay 10s; /system script run BackupAndUpd\
    ate;\" start-time=startup interval=0;\r\
    \n\t\t## Reboot system to boot with new firmware\r\
    \n\t\t/system reboot;\r\
    \n\t} else={\r\
    \n\t\t:log info \"\$SMP It appers that your routerboard is already up to d\
    ate, skipping this step.\";\r\
    \n\t\t:set updateStep 3;\r\
    \n\t};\r\
    \n}\r\
    \n\r\
    \n## \tSTEP THREE: Last step (after second reboot) sending final report\r\
    \n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
    te device and if new RouterOs is available.\r\
    \n:if (\$updateStep = 3) do={\r\
    \n\t:log info (\"\$SMP Performing the third step.\");   \r\
    \n\t:log info \"Bkp&Upd: RouterOS and routerboard upgrade process was comp\
    leted. New RouterOS version: v.\$deviceOsVerInst, routerboard firmware: v.\
    \$deviceRbCurrentFw.\";\r\
    \n\t## Small delay in case mikrotik needs some time to initialize connecti\
    ons\r\
    \n\t:log info \"\$SMP The final email with report and backups of upgraded \
    system will be sent in a minute.\";\r\
    \n\t:delay 1m;\r\
    \n\t:set mailSubject\t(\$mailSubject . \" RouterOS Upgrade is completed, n\
    ew version: v.\$deviceOsVerInst!\");\r\
    \n\t:set mailBody \t  \t\"RouterOS and routerboard upgrade process was com\
    pleted. \\r\\nNew RouterOS version: v.\$deviceOsVerInst, routerboard firmw\
    are: v.\$deviceRbCurrentFw. \\r\\n\$changelogUrl \\r\\n\\r\\nBackups of th\
    e upgraded system are in the attachment of this email.  \$mailBodyDeviceIn\
    fo \$mailBodyCopyright\";\r\
    \n\t:set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backupN\
    ameAfterUpd backupPassword=\$backupPassword sensetiveDataInConfig=\$senset\
    iveDataInConfig];\r\
    \n}\r\
    \n\r\
    \n# Remove functions from global environment to keep it fresh and clean.\r\
    \n:do {/system script environment remove buGlobalFuncGetOsVerNum;} on-erro\
    r={}\r\
    \n:do {/system script environment remove buGlobalFuncCreateBackups;} on-er\
    ror={}\r\
    \n\r\
    \n##\r\
    \n## SENDING EMAIL\r\
    \n##\r\
    \n# Trying to send email with backups in attachment.\r\
    \n\r\
    \n:if (\$isSendEmailRequired = true) do={\r\
    \n\t:log info \"\$SMP Sending email message, it will take around half a mi\
    nute...\";\r\
    \n\t:do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\$\
    mailBody file=\$mailAttachments;} on-error={\r\
    \n\t\t:delay 5s;\r\
    \n\t\t:log error \"\$SMP could not send email message (\$[/tool e-mail get\
    \_last-status]). Going to try it again in a while.\"\r\
    \n\r\
    \n\t\t:delay 5m;\r\
    \n\r\
    \n\t\t:do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\
    \$mailBody file=\$mailAttachments;} on-error={\r\
    \n\t\t\t:delay 5s;\r\
    \n\t\t\t:log error \"\$SMP could not send email message (\$[/tool e-mail g\
    et last-status]) for the second time.\"\r\
    \n\r\
    \n\t\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
    \n\t\t\t\t:set isOsNeedsToBeUpdated false;\r\
    \n\t\t\t\t:log warning \"\$SMP script is not goint to initialise update pr\
    ocess due to inability to send backups to email.\"\r\
    \n\t\t\t}\r\
    \n\t\t}\r\
    \n\t}\r\
    \n\r\
    \n\t:delay 30s;\r\
    \n\t\r\
    \n\t:if ([:len \$mailAttachments] > 0 and [/tool e-mail get last-status] =\
    \_\"succeeded\") do={\r\
    \n\t\t:log info \"\$SMP File system cleanup.\"\r\
    \n\t\t/file remove \$mailAttachments; \r\
    \n\t\t:delay 2s;\r\
    \n\t}\r\
    \n\t\r\
    \n}\r\
    \n\r\
    \n\r\
    \n# Fire RouterOs update process\r\
    \nif (\$isOsNeedsToBeUpdated = true) do={\r\
    \n\r\
    \n\t## Set scheduled task to upgrade routerboard firmware on the next boot\
    , task will be deleted when upgrade is done. (That is why you should keep \
    original script name)\r\
    \n\t/system schedule add name=BKPUPD-UPGRADE-ON-NEXT-BOOT on-event=\":dela\
    y 5s; /system scheduler remove BKPUPD-UPGRADE-ON-NEXT-BOOT; :global buGlob\
    alVarUpdateStep 2; :delay 10s; /system script run BackupAndUpdate;\" start\
    -time=startup interval=0;\r\
    \n   \r\
    \n   :log info \"\$SMP everything is ready to install new RouterOS, going \
    to reboot in a moment!\"\r\
    \n\t## command is reincarnation of the \"upgrade\" command - doing exactly\
    \_the same but under a different name\r\
    \n\t/system package update install;\r\
    \n}\r\
    \n\r\
    \n:log info \"\$SMP script \\\"Mikrotik RouterOS automatic backup & update\
    \\\" completed it's job.\\r\\n\";"
add dont-require-permissions=no name=Data_to_Splunk_using_Syslog owner=admin \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    source="# Collect information from Mikrotik RouterOS\r\
    \n# v 3.2 Jotne 2019\r\
    \n# ----------------------------------\r\
    \n\r\
    \n\r\
    \n# What data to collect.  Set to false to skip the section \r\
    \n# ----------------------------------\r\
    \n:local SystemResource true\r\
    \n:local SystemInformation true\r\
    \n:local SystemHealth true\r\
    \n:local TrafficData true\r\
    \n:local uPnP true\r\
    \n:local Wireless true\r\
    \n:local AddressLists true\r\
    \n:local DHCP true\r\
    \n:local Neighbor true\r\
    \n:local InterfaceData true\r\
    \n\r\
    \n# Interface to get data from (using regex)\r\
    \n:local IF \"ether.*\"\r\
    \n# Example\r\
    \n# \"ether.*\" All ethernet interfaces\r\
    \n# \"^ether[1-5]\\\$\" Only ethernet 1 to 5\r\
    \n# \".*\" All interfaces (Briges/VLAN/pptp/Ether ++)\r\
    \n# \"ether(1|2)\\\$\"  interface ethernet 1 and 2 (/\$ needed to prevent \
    ether11 etc)\r\
    \n\r\
    \n\r\
    \n\r\
    \n# Collect system resource\r\
    \n# ----------------------------------\r\
    \nif (\$SystemResource) do={\r\
    \n\t:local cpuload ([/system resource get cpu-load])\r\
    \n\t:local freemem ([/system resource get free-memory]/1048576)\r\
    \n\t:local totmem ([/system resource get total-memory]/1048576)\r\
    \n\t:local freehddspace ([/system resource get free-hdd-space]/1048576)\r\
    \n\t:local totalhddspace ([/system resource get total-hdd-space]/1048576)\
    \r\
    \n\t:local up ([/system resource get uptime])\r\
    \n\t:log info message=\"script=resource free_memory=\$freemem MB total_mem\
    ory=\$totmem MB free_hdd_space=\$freehddspace MB total_hdd_space=\$totalhd\
    dspace MB cpu_load=\$cpuload uptime=\$up\"\r\
    \n}\r\
    \n\r\
    \n\r\
    \n# Get traffic data (accounting data)\r\
    \n# ----------------------------------\r\
    \nif (\$TrafficData) do={\r\
    \n# Test if fasttrack is enabled and give warning\r\
    \n\t:if ([/ip firewall filter find where (action=fasttrack-connection && !\
    disabled)] != \"\") do={\r\
    \n\t\t:log info message=(\"script=traffic,fasttrack=1\")\r\
    \n\t} else={\r\
    \n\t\t:log info message=(\"script=traffic,fasttrack=0\")\r\
    \n\t}\r\
    \n# Test if accounting is enabled and if yes, get data\r\
    \n\tif ([/ip accounting get enabled]=yes) do={\r\
    \n\t\t/ip accounting snapshot take\r\
    \n# Get uncounted data\r\
    \n\t\t/ip accounting uncounted {\r\
    \n\t\t\t:log info message=(\"script=uncounted,bytes=\".[get bytes].\",pack\
    ets=\".[get packets])}\r\
    \n# Send data to loggin server\r\
    \n\t\tforeach logline in=[/ip accounting snapshot find] do={\r\
    \n\t\t\t:local output \"\$[/ip accounting snapshot print as-value from=\$l\
    ogline]\"\r\
    \n\t\t\t:set ( \"\$output\"->\"script\" ) \"traffic\"\r\
    \n\t\t\t:log info message=\"\$output\"\r\
    \n\t\t}\r\
    \n\t}\r\
    \n}\r\
    \n\r\
    \n\r\
    \n# Get interface data\r\
    \n# ----------------------------------\r\
    \nif (\$InterfaceData) do={\r\
    \n\t:foreach interface in=[/interface find where name~\"\$IF\"] do={\r\
    \n\t\t:delay 100ms\r\
    \n\t\t:local iname [/interface get \$interface name]\r\
    \n\t\t:local monitor [/interface monitor-traffic \$interface as-value once\
    ]\r\
    \n\t\t:local speedRX (\$monitor->\"rx-bits-per-second\")\r\
    \n\t\t:local speedTX (\$monitor->\"tx-bits-per-second\")\r\
    \n\t\t:log info message=\"script=monitor interface=\$iname RX=\$speedRX bp\
    s TX=\$speedTX bps\"\r\
    \n\t}\r\
    \n}\r\
    \n\r\
    \n\r\
    \n# Finding dynmaic lines used in uPnP\r\
    \n# ----------------------------------\r\
    \nif (\$uPnP) do={\r\
    \n\t:foreach logline in=[/ip firewall nat find dynamic=yes] do={\r\
    \n\t\t:local output \"\$[/ip firewall nat print as-value from=\$logline]\"\
    \r\
    \n\t\t:set ( \"\$output\"->\"script\" ) \"upnp\"\r\
    \n\t\t:log info message=\"\$output\" \r\
    \n\t}\r\
    \n}\r\
    \n\r\
    \n\r\
    \n# Collect system information\r\
    \n# ----------------------------------\r\
    \nif (\$SystemInformation) do={\r\
    \n\t:local version ([/system resource get version])\r\
    \n\t:local board ([/system resource get board-name])\r\
    \n\t:local model ([/system routerboard get model]);\r\
    \n\t:local serial ([/system routerboard get serial-number])\r\
    \n\t:local identity ([/system identity get name])\r\
    \n\t:log info message=\"script=sysinfo version=\\\"\$version\\\" board-nam\
    e=\\\"\$board\\\" model=\\\"\$model\\\" serial=\$serial identity=\\\"\$ide\
    ntity\\\"\"\r\
    \n}\r\
    \n\r\
    \n\r\
    \n# Collect system health\r\
    \n# ----------------------------------\r\
    \nif (\$SystemHealth) do={\r\
    \n\t:if (([/system health get]~\"state=disabled\" || [/system health get]=\
    \"\")=false) do={\r\
    \n\t\t:local voltage ([/system health get voltage]/10)\r\
    \n\t\t:local temperature ([/system health get temperature])\r\
    \n\t\t:log info message=\"script=health voltage=\$voltage V temperature=\$\
    temperature C\"\r\
    \n\t}\r\
    \n}\r\
    \n\r\
    \n\r\
    \n# Sends wireless client data to log server\r\
    \n# ----------------------------------\r\
    \nif (\$Wireless) do={\r\
    \n\t:do {\r\
    \n\t\t:if ([:len [/interface wireless find ]]>0) do={\r\
    \n\t\t\t:foreach logline in=[/interface wireless registration-table find] \
    do={\r\
    \n\t\t\t\t:local output \"\$[/interface wireless registration-table print \
    \_as-value from=\$logline]\"\r\
    \n\t\t\t\t:set ( \"\$output\"->\"script\" ) \"wifi\"\r\
    \n\t\t\t\t:log info message=\"\$output\"\r\
    \n\t\t\t}\r\
    \n\t\t}\r\
    \n\t} on-error={}\r\
    \n}\r\
    \n\r\
    \n\r\
    \n# Count IP in address-lists\r\
    \n#----------------------------------\r\
    \nif (\$AddressLists) do={\r\
    \n\t:local array [ :toarray \"\" ]\r\
    \n\t:local addrcntdyn [:toarray \"\"] \r\
    \n\t:local addrcntstat [:toarray \"\"] \r\
    \n\t:local test\r\
    \n\t:foreach id in=[/ip firewall address-list find] do={\r\
    \n\t\t:local rec [/ip firewall address-list get \$id]\r\
    \n\t\t:local listname (\$rec->\"list\")\r\
    \n\t\t:local listdynamic (\$rec->\"dynamic\")\r\
    \n\t\t:set ( \$array->\$listname ) 1\r\
    \n\t\tif (\$listdynamic = true) do={\r\
    \n\t\t\t:set (\$addrcntdyn->\$listname) (\$addrcntdyn->\$listname+1)\r\
    \n\t\t} else={\r\
    \n\t\t\t:set (\$addrcntstat->\$listname) (\$addrcntstat->\$listname+1)}\r\
    \n\t}\r\
    \n\t:foreach k,v in=\$array do={\r\
    \n\t\t:log info message=(\"script=address_lists list=\$k dynamic=\".((\$ad\
    drcntdyn->\$k)+0).\" static=\".((\$addrcntstat->\$k)+0))}\r\
    \n}\r\
    \n\r\
    \n\r\
    \n# Get MNDP (CDP) Neighbors\r\
    \n# ----------------------------------\r\
    \nif (\$Neighbor) do={\r\
    \n\t:foreach neighborID in=[/ip neighbor find] do={\r\
    \n\t\t:local nb [/ip neighbor get \$neighborID]\r\
    \n\t\t:foreach key,value in=\$nb do={\r\
    \n\t\t\t:local newline [:find \$value \"\\n\"]\r\
    \n\t\t\t:if ([\$newline]>0) do={\r\
    \n\t\t\t\t:set \$value [:pick \$value 0 \$newline]\r\
    \n\t\t\t}\r\
    \n\t\t\t:set ( \"\$nb\"->\"\$key\" ) \"\\\"\$value\\\"\"\r\
    \n\t\t}\r\
    \n\t\t:set ( \"\$nb\"->\"script\" ) \"\\\"neighbor\\\"\"\r\
    \n\t\t:log info message=\"\$nb\"\r\
    \n\t}\r\
    \n}\r\
    \n\r\
    \n\r\
    \n# Collect DHCP Pool information\r\
    \n# ----------------------------------\r\
    \nif (\$DHCP) do={\r\
    \n\t/ip pool {\r\
    \n\t\t:local poolname\r\
    \n\t\t:local pooladdresses\r\
    \n\t\t:local poolused\r\
    \n\t\t:local minaddress\r\
    \n\t\t:local maxaddress\r\
    \n\t\t:local findindex\r\
    \n\r\
    \n# Iterate through IP Pools\r\
    \n\t\t:foreach pool in=[find] do={\r\
    \n\t\t\t:set poolname [get \$pool name]\r\
    \n\t\t\t:set pooladdresses 0\r\
    \n\t\t\t:set poolused 0\r\
    \n\r\
    \n# Iterate through current pool's IP ranges\r\
    \n\t\t\t:foreach range in=[:toarray [get \$pool range]] do={\r\
    \n\r\
    \n# Get min and max addresses\r\
    \n\t\t\t\t:set findindex [:find [:tostr \$range] \"-\"]\r\
    \n\t\t\t\t:if ([:len \$findindex] > 0) do={\r\
    \n\t\t\t\t\t:set minaddress [:pick [:tostr \$range] 0 \$findindex]\r\
    \n\t\t\t\t\t:set maxaddress [:pick [:tostr \$range] (\$findindex + 1) [:le\
    n [:tostr \$range]]]\r\
    \n\t\t\t\t} else={\r\
    \n\t\t\t\t\t:set minaddress [:tostr \$range]\r\
    \n\t\t\t\t\t:set maxaddress [:tostr \$range]\r\
    \n\t\t\t\t}\r\
    \n\r\
    \n# Calculate number of ip in one range\r\
    \n\t\t\t\t:set pooladdresses (\$maxaddress - \$minaddress)\r\
    \n\r\
    \n# /foreach range\r\
    \n\t\t\t}\r\
    \n\r\
    \n# Test if pools is used in DHCP or VPN and show leases used\r\
    \n\t\t\t:local dname [/ip dhcp-server find where address-pool=\$poolname]\
    \r\
    \n\t\t\t:if ([:len \$dname] = 0) do={\r\
    \n# No DHCP server found, assume VPN\r\
    \n\t\t\t\t:set poolused [:len [used find pool=[:tostr \$poolname]]]\r\
    \n\t\t\t} else={\r\
    \n# DHCP server found, count leases\r\
    \n\t\t\t\t:local dname [/ip dhcp-server get [find where address-pool=\$poo\
    lname] name]\r\
    \n\t\t\t\t:set poolused [:len [/ip dhcp-server lease find where server=\$d\
    name]]}\r\
    \n\r\
    \n# Send data\r\
    \n\t\t\t:log info message=(\"script=pool pool=\$poolname used=\$poolused t\
    otal=\$pooladdresses\")\r\
    \n\r\
    \n# /foreach pool\r\
    \n\t\t}\r\
    \n# /ip pool\r\
    \n\t}\r\
    \n}\r\
    \n"
add dont-require-permissions=no name=RegList owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
    local maccaps\r\
    \n:local macdhcp\r\
    \n:local name\r\
    \n:foreach i in=[/caps-man registration-table find ] do={\r\
    \n\t:set maccaps ( [/caps-man registration-table get value-name=mac-addres\
    s number=\$i])\r\
    \n\t:foreach j in=[/ip dhcp-server lease find ] do={\r\
    \n\t\t:set macdhcp ( [/ip dhcp-server lease get value-name=mac-address num\
    ber=\$j])\r\
    \n\t\t:set name [/ip dhcp-server lease get [find where mac-address=\$macdh\
    cp] comment ] \r\
    \n\t\t:if (\$maccaps = \$macdhcp ) do={\r\
    \n\t\t/caps-man access-list disable [find mac-address=\$macdhcp]\r\
    \n\t\t/caps-man access-list add mac-address=\$macdhcp comment=\$name\r\
    \n\t\t}\r\
    \n\t\t}\t\r\
    \n\t}\r\
    \n/caps-man access-list remove [find where disabled]"
/tool e-mail
set address= from="" port= start-tls=yes \
    user=
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set filter-interface=all filter-ip-address=192.168.0.120/32 streaming-server=\
    192.168.0.3


# jul/03/2020 06:51:06 by RouterOS 6.46.6
# software id = WATD-YHFU
#
# model = RouterBOARD cAP Gi-5acD2nD
# serial number = 
/interface bridge
add admin-mac=64:D1:54:F7:B2:CD auto-mac=no comment=defconf name=bridgeLocal
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk,wpa2-eap disable-pmkid=yes \
    management-protection=allowed mode=dynamic-keys name=wlan \
    supplicant-identity=""
add authentication-types=wpa2-psk,wpa2-eap disable-pmkid=yes \
    management-protection=allowed mode=dynamic-keys name=wlan_guest \
    supplicant-identity=""
/interface wireless
# managed by CAPsMAN
# channel: 2412/20/gn(28dBm), SSID: RECGV, local forwarding
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
    band=2ghz-g/n country=mexico disabled=no frequency=2462 \
    hw-protection-mode=rts-cts hw-retries=4 installation=indoor mode=\
    ap-bridge multicast-helper=full security-profile=wlan ssid=RECGV \
    wmm-support=enabled wps-mode=disabled
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac(28dBm), SSID: RECGV, local forwarding
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode \
    antenna-gain=2 band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=\
    mexico disabled=no mode=ap-bridge security-profile=wlan ssid=RECGV \
    wmm-support=enabled
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal interface=ether2
/interface detect-internet
set detect-interface-list=LAN
/interface list member
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
/interface wireless access-list
add vlan-mode=no-tag
/interface wireless cap
# 
set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes \
    interfaces=wlan1,wlan2
/ip address
add address=192.168.0.2/24 interface=bridgeLocal network=192.168.0.0
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/ip dns
set allow-remote-requests=yes servers=192.168.0.1
/ip firewall filter
add action=accept chain=input comment="ICMP from Chromecast into Router" \
    disabled=yes in-interface=bridgeLocal protocol=icmp
add action=accept chain=icmp_chain comment="ICMP on Chromecast" disabled=yes \
    dst-address=8.8.8.8 in-interface=bridgeLocal protocol=icmp
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
    protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked disabled=yes
add action=drop chain=forward disabled=yes log=yes log-prefix="drop "
/ip firewall mangle
add action=set-priority chain=postrouting comment="Set priority for WMM" \
    new-priority=from-dscp-high-3-bits passthrough=yes
/ip route
add distance=1 gateway=192.168.0.1
/ip traffic-flow
set cache-entries=32k
/ip traffic-flow target
add dst-address=192.168.0.19 port=1234 version=ipfix
/ip upnp
set allow-disable-external-interface=yes enabled=yes show-dummy-rule=no
/ip upnp interfaces
add interface=bridgeLocal type=internal
add interface=ether1 type=internal
/snmp
set contact=RobsGax enabled=yes location="Home cAP ac"
/system clock
set time-zone-autodetect=no time-zone-name=America/Los_Angeles
/system identity
set name="cAP ac"
/system leds
add interface=bridgeLocal leds=user-led type=interface-status
/system logging
add topics=caps,debug
add topics=wireless,debug
add topics=e-mail,debug
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system scheduler
add interval=1d name="Firmware Updater" on-event=\
    "/system script run BackupAndUpdate;" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=jan/21/2020 start-time=06:51:00
add interval=1d name=ledsOn on-event="/system script run ledOn;" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=feb/02/2020 start-time=06:30:00
add interval=1d name=ledsOff on-event="/system script run ledOff;" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=feb/01/2020 start-time=21:00:00
/system script
add dont-require-permissions=no name=dark-mode owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=" \
    :if ([system leds settings get all-leds-off] = \"never\") do={\r\
    \n /system leds settings set all-leds-off=immediate \r\
    \n } else={\r\
    \n /system leds settings set all-leds-off=never \r\
    \n } "
add dont-require-permissions=no name=BackupAndUpdate owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    \_Script name: BackupAndUpdate\r\
    \n#\r\
    \n#----------SCRIPT INFORMATION-------------------------------------------\
    --------\r\
    \n#\r\
    \n# Script:  Mikrotik RouterOS automatic backup & update\r\
    \n# Version: 20.04.17\r\
    \n# Created: 07/08/2018\r\
    \n# Updated: 17/04/2020\r\
    \n# Author:  Alexander Tebiev\r\
    \n# Website: https://github.com/beeyev\r\
    \n# You can contact me by e-mail at tebiev@mail.com\r\
    \n#\r\
    \n# IMPORTANT!\r\
    \n# Minimum supported RouterOS version is v6.43.7\r\
    \n#\r\
    \n#----------MODIFY THIS SECTION AS NEEDED--------------------------------\
    --------\r\
    \n## Notification e-mail\r\
    \n## (Make sure you have configurated Email settings in Tools -> Email)\r\
    \n:local emailAddress \"recgaxiola@gmail.com\";\r\
    \n\r\
    \n## Script mode, possible values: backup, osupdate, osnotify.\r\
    \n# backup \t- \tOnly backup will be performed. (default value, if none pr\
    ovided)\r\
    \n#\r\
    \n# osupdate \t- \tThe Script will install a new RouterOS if it is availab\
    le.\r\
    \n#\t\t\t\tIt will also create backups before and after update process.\r\
    \n#\t\t\t\tEmail will be sent only if a new RouterOS is available.\r\
    \n#\t\t\t\tChange parameter `forceBackup` if you need the script to create\
    \_backups every time when it runs.\r\
    \n#\r\
    \n# osnotify \t- \tThe script will send email notification only (without b\
    ackups) if a new RouterOS is available.\r\
    \n#\t\t\t\tChange parameter `forceBackup` if you need the script to create\
    \_backups every time when it runs.\r\
    \n:local scriptMode \"osnotify\";\r\
    \n\r\
    \n## Additional parameter if you set `scriptMode` to `osupdate` or `osnoti\
    fy`\r\
    \n# Set `true` if you want the script to perform backup every time it's fi\
    red, whatever script mode is set.\r\
    \n:local forceBackup true;\r\
    \n\r\
    \n## Backup encryption password, no encryption if no password.\r\
    \n:local backupPassword \"\"\r\
    \n\r\
    \n## If true, passwords will be included in exported config.\r\
    \n:local sensetiveDataInConfig false;\r\
    \n\r\
    \n## Update channel. Possible values: stable, long-term, testing, developm\
    ent\r\
    \n:local updateChannel \"stable\";\r\
    \n\r\
    \n## Install only patch versions of RouterOS updates.\r\
    \n## Works only if you set scriptMode to \"osupdate\"\r\
    \n## Means that new update will be installed only if MAJOR and MINOR versi\
    on numbers remained the same as currently installed RouterOS.\r\
    \n## Example: v6.43.6 => major.minor.PATCH\r\
    \n## Script will send information if new version is greater than just patc\
    h.\r\
    \n:local installOnlyPatchUpdates\tfalse;\r\
    \n\r\
    \n##----------------------------------------------------------------------\
    --------------------##\r\
    \n#  !!!! DO NOT CHANGE ANYTHING BELOW THIS LINE, IF YOU ARE NOT SURE WHAT\
    \_YOU ARE DOING !!!!  #\r\
    \n##----------------------------------------------------------------------\
    --------------------##\r\
    \n\r\
    \n#Script messages prefix\r\
    \n:local SMP \"Bkp&Upd:\"\r\
    \n\r\
    \n:log info \"\\r\\n\$SMP script \\\"Mikrotik RouterOS automatic backup & \
    update\\\" started.\";\r\
    \n:log info \"\$SMP Script Mode: \$scriptMode, forceBackup: \$forceBackup\
    \";\r\
    \n\r\
    \n#Check proper email config\r\
    \n:if ([:len \$emailAddress] = 0 or [:len [/tool e-mail get address]] = 0 \
    or [:len [/tool e-mail get from]] = 0) do={\r\
    \n\t:log error (\"\$SMP Email configuration is not correct, please check T\
    ools -> Email. Script stopped.\");   \r\
    \n\t:error \"\$SMP bye!\";\r\
    \n}\r\
    \n\r\
    \n#Check if proper identity name is set\r\
    \nif ([:len [/system identity get name]] = 0 or [/system identity get name\
    ] = \"MikroTik\") do={\r\
    \n\t:log warning (\"\$SMP Please set identity name of your device (System \
    -> Identity), keep it short and informative.\");  \r\
    \n};\r\
    \n\r\
    \n############### vvvvvvvvv GLOBALS vvvvvvvvv ###############\r\
    \n# Function converts standard mikrotik build versions to the number.\r\
    \n# Possible arguments: paramOsVer\r\
    \n# Example:\r\
    \n# :put [\$buGlobalFuncGetOsVerNum paramOsVer=[/system routerboard get cu\
    rrent-RouterOS]];\r\
    \n# result will be: 64301, because current RouterOS version is: 6.43.1\r\
    \n:global buGlobalFuncGetOsVerNum do={\r\
    \n\t:local osVer \$paramOsVer;\r\
    \n\t:local osVerNum;\r\
    \n\t:local osVerMicroPart;\r\
    \n\t:local zro 0;\r\
    \n\t:local tmp;\r\
    \n\t\r\
    \n\t# Replace word `beta` with dot\r\
    \n\t:local isBetaPos [:tonum [:find \$osVer \"beta\" 0]];\r\
    \n\t:if (\$isBetaPos > 1) do={\r\
    \n\t\t:set osVer ([:pick \$osVer 0 \$isBetaPos] . \".\" . [:pick \$osVer (\
    \$isBetaPos + 4) [:len \$osVer]]);\r\
    \n\t}\r\
    \n\t\r\
    \n\t:local dotPos1 [:find \$osVer \".\" 0];\r\
    \n\r\
    \n\t:if (\$dotPos1 > 0) do={ \r\
    \n\r\
    \n\t\t# AA\r\
    \n\t\t:set osVerNum  [:pick \$osVer 0 \$dotPos1];\r\
    \n\t\t\r\
    \n\t\t:local dotPos2 [:find \$osVer \".\" \$dotPos1];\r\
    \n\t\t\t\t#Taking minor version, everything after first dot\r\
    \n\t\t:if ([:len \$dotPos2] = 0) \tdo={:set tmp [:pick \$osVer (\$dotPos1+\
    1) [:len \$osVer]];}\r\
    \n\t\t#Taking minor version, everything between first and second dots\r\
    \n\t\t:if (\$dotPos2 > 0) \t\t\tdo={:set tmp [:pick \$osVer (\$dotPos1+1) \
    \$dotPos2];}\r\
    \n\t\t\r\
    \n\t\t# AA 0B\r\
    \n\t\t:if ([:len \$tmp] = 1) \tdo={:set osVerNum \"\$osVerNum\$zro\$tmp\";\
    }\r\
    \n\t\t# AA BB\r\
    \n\t\t:if ([:len \$tmp] = 2) \tdo={:set osVerNum \"\$osVerNum\$tmp\";}\r\
    \n\t\t\r\
    \n\t\t:if (\$dotPos2 > 0) do={ \r\
    \n\t\t\t:set tmp [:pick \$osVer (\$dotPos2+1) [:len \$osVer]];\r\
    \n\t\t\t# AA BB 0C\r\
    \n\t\t\t:if ([:len \$tmp] = 1) do={:set osVerNum \"\$osVerNum\$zro\$tmp\";\
    }\r\
    \n\t\t\t# AA BB CC\r\
    \n\t\t\t:if ([:len \$tmp] = 2) do={:set osVerNum \"\$osVerNum\$tmp\";}\r\
    \n\t\t} else={\r\
    \n\t\t\t# AA BB 00\r\
    \n\t\t\t:set osVerNum \"\$osVerNum\$zro\$zro\";\r\
    \n\t\t}\r\
    \n\t} else={\r\
    \n\t\t# AA 00 00\r\
    \n\t\t:set osVerNum \"\$osVer\$zro\$zro\$zro\$zro\";\r\
    \n\t}\r\
    \n\r\
    \n\t:return \$osVerNum;\r\
    \n}\r\
    \n\r\
    \n# Function creates backups (system and config) and returns array with na\
    mes\r\
    \n# Possible arguments: \r\
    \n#\t`backupName` \t\t\t| string\t| backup file name, without extension!\r\
    \n#\t`backupPassword`\t\t| string \t|\r\
    \n#\t`sensetiveDataInConfig`\t| boolean \t|\r\
    \n# Example:\r\
    \n# :put [\$buGlobalFuncCreateBackups name=\"daily-backup\"];\r\
    \n:global buGlobalFuncCreateBackups do={\r\
    \n\t:log info (\"\$SMP Global function \\\"buGlobalFuncCreateBackups\\\" w\
    as fired.\");  \r\
    \n\t\r\
    \n\t:local backupFileSys \"\$backupName.backup\";\r\
    \n\t:local backupFileConfig \"\$backupName.rsc\";\r\
    \n\t:local backupNames {\$backupFileSys;\$backupFileConfig};\r\
    \n\r\
    \n\t## Make system backup\r\
    \n\t:if ([:len \$backupPassword] = 0) do={\r\
    \n\t\t/system backup save dont-encrypt=yes name=\$backupName;\r\
    \n\t} else={\r\
    \n\t\t/system backup save password=\$backupPassword name=\$backupName;\r\
    \n\t}\r\
    \n\t:log info (\"\$SMP System backup created. \$backupFileSys\");   \r\
    \n\r\
    \n\t## Export config file\r\
    \n\t:if (\$sensetiveDataInConfig = true) do={\r\
    \n\t\t/export compact file=\$backupName;\r\
    \n\t} else={\r\
    \n\t\t/export compact hide-sensitive file=\$backupName;\r\
    \n\t}\r\
    \n\t:log info (\"\$SMP Config file was exported. \$backupFileConfig\");   \
    \r\
    \n\r\
    \n\t#Delay after creating backups\r\
    \n\t:delay 5s;\t\r\
    \n\t:return \$backupNames;\r\
    \n}\r\
    \n\r\
    \n:global buGlobalVarUpdateStep;\r\
    \n############### ^^^^^^^^^ GLOBALS ^^^^^^^^^ ###############\r\
    \n\r\
    \n#Current date time in format: 2020jan15-221324 \r\
    \n:local dateTime ([:pick [/system clock get date] 7 11] . [:pick [/system\
    \_clock get date] 0 3] . [:pick [/system clock get date] 4 6] . \"-\" . [:\
    pick [/system clock get time] 0 2] . [:pick [/system clock get time] 3 5] \
    . [:pick [/system clock get time] 6 8]);\r\
    \n\r\
    \n:local deviceOsVerInst \t\t\t[/system package update get installed-versi\
    on];\r\
    \n:local deviceOsVerInstNum \t\t[\$buGlobalFuncGetOsVerNum paramOsVer=\$de\
    viceOsVerInst];\r\
    \n:local deviceOsVerAvail \t\t\"\";\r\
    \n:local deviceOsVerAvailNum \t\t0;\r\
    \n:local deviceRbModel\t\t\t[/system routerboard get model];\r\
    \n:local deviceRbSerialNumber \t[/system routerboard get serial-number];\r\
    \n:local deviceRbCurrentFw \t\t[/system routerboard get current-firmware];\
    \r\
    \n:local deviceRbUpgradeFw \t\t[/system routerboard get upgrade-firmware];\
    \r\
    \n:local deviceIdentityName \t\t[/system identity get name];\r\
    \n:local deviceIdentityNameShort \t[:pick \$deviceIdentityName 0 18]\r\
    \n:local deviceUpdateChannel \t\t[/system package update get channel];\r\
    \n\r\
    \n:local isOsUpdateAvailable \tfalse;\r\
    \n:local isOsNeedsToBeUpdated\tfalse;\r\
    \n\r\
    \n:local isSendEmailRequired\ttrue;\r\
    \n\r\
    \n:local mailSubject   \t\t\"\$SMP Device - \$deviceIdentityNameShort.\";\
    \r\
    \n:local mailBody \t \t\t\"\";\r\
    \n\r\
    \n:local mailBodyDeviceInfo\t\"\\r\\n\\r\\nDevice information: \\r\\nIdent\
    ity: \$deviceIdentityName \\r\\nModel: \$deviceRbModel \\r\\nSerial number\
    : \$deviceRbSerialNumber \\r\\nCurrent RouterOS: \$deviceOsVerInst (\$[/sy\
    stem package update get channel]) \$[/system resource get build-time] \\r\
    \\nCurrent routerboard FW: \$deviceRbCurrentFw \\r\\nDevice uptime: \$[/sy\
    stem resource get uptime]\";\r\
    \n:local mailBodyCopyright \t\"\\r\\n\\r\\nMikrotik RouterOS automatic bac\
    kup & update \\r\\nhttps://github.com/beeyev/Mikrotik-RouterOS-automatic-b\
    ackup-and-update\";\r\
    \n:local changelogUrl\t\t\t(\"Check RouterOS changelog: https://mikrotik.c\
    om/download/changelogs/\" . \$updateChannel . \"-release-tree\");\r\
    \n\r\
    \n:local backupName \t\t\t\"\$deviceIdentityName.\$deviceRbModel.\$deviceR\
    bSerialNumber.v\$deviceOsVerInst.\$deviceUpdateChannel.\$dateTime\";\r\
    \n:local backupNameBeforeUpd\t\"backup_before_update_\$backupName\";\r\
    \n:local backupNameAfterUpd\t\"backup_after_update_\$backupName\";\r\
    \n\r\
    \n:local backupNameFinal\t\t\$backupName;\r\
    \n:local mailAttachments\t\t[:toarray \"\"];\r\
    \n\r\
    \n:local updateStep \$buGlobalVarUpdateStep;\r\
    \n:do {/system script environment remove buGlobalVarUpdateStep;} on-error=\
    {}\r\
    \n:if ([:len \$updateStep] = 0) do={\r\
    \n\t:set updateStep 1;\r\
    \n}\r\
    \n\r\
    \n\r\
    \n## \tSTEP ONE: Creating backups, checking for new RouterOs version and s\
    ending email with backups,\r\
    \n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
    te device and if new RouterOs is available.\r\
    \n:if (\$updateStep = 1) do={\r\
    \n\t:log info (\"\$SMP Performing the first step.\");   \r\
    \n\r\
    \n\t# Checking for new RouterOS version\r\
    \n\tif (\$scriptMode = \"osupdate\" or \$scriptMode = \"osnotify\") do={\r\
    \n\t\tlog info (\"\$SMP Checking for new RouterOS version. Current version\
    \_is: \$deviceOsVerInst\");\r\
    \n\t\t/system package update set channel=\$updateChannel;\r\
    \n\t\t/system package update check-for-updates;\r\
    \n\t\t:delay 5s;\r\
    \n\t\t:set deviceOsVerAvail [/system package update get latest-version];\r\
    \n\r\
    \n\t\t# If there is a problem getting information about available RouterOS\
    \_from server\r\
    \n\t\t:if ([:len \$deviceOsVerAvail] = 0) do={\r\
    \n\t\t\t:log warning (\"\$SMP There is a problem getting information about\
    \_new RouterOS from server.\");\r\
    \n\t\t\t:set mailSubject\t(\$mailSubject . \" Error: No data about new Rou\
    terOS!\")\r\
    \n\t\t\t:set mailBody \t\t(\$mailBody . \"Error occured! \\r\\nMikrotik co\
    uldn't get any information about new RouterOS from server! \\r\\nWatch add\
    itional information in device logs.\")\r\
    \n\t\t} else={\r\
    \n\t\t\t#Get numeric version of OS\r\
    \n\t\t\t:set deviceOsVerAvailNum [\$buGlobalFuncGetOsVerNum paramOsVer=\$d\
    eviceOsVerAvail];\r\
    \n\r\
    \n\t\t\t# Checking if OS on server is greater than installed one.\r\
    \n\t\t\t:if (\$deviceOsVerAvailNum > \$deviceOsVerInstNum) do={\r\
    \n\t\t\t\t:set isOsUpdateAvailable true;\r\
    \n\t\t\t\t:log info (\"\$SMP New RouterOS is available! \$deviceOsVerAvail\
    \");\r\
    \n\t\t\t} else={\r\
    \n\t\t\t\t:set isSendEmailRequired false;\r\
    \n\t\t\t\t:log info (\"\$SMP System is already up to date.\");\r\
    \n\t\t\t\t:set mailSubject (\$mailSubject . \" No new OS updates.\");\r\
    \n\t\t\t\t:set mailBody \t (\$mailBody . \"Your system is up to date.\");\
    \r\
    \n\t\t\t}\r\
    \n\t\t};\r\
    \n\t} else={\r\
    \n\t\t:set scriptMode \"backup\";\r\
    \n\t};\r\
    \n\r\
    \n\tif (\$forceBackup = true) do={\r\
    \n\t\t# In this case the script will always send email, because it has to \
    create backups\r\
    \n\t\t:set isSendEmailRequired true;\r\
    \n\t}\r\
    \n\r\
    \n\t# if new OS version is available to install\r\
    \n\tif (\$isOsUpdateAvailable = true and \$isSendEmailRequired = true) do=\
    {\r\
    \n\t\t# If we only need to notify about new available version\r\
    \n\t\tif (\$scriptMode = \"osnotify\") do={\r\
    \n\t\t\t:set mailSubject \t(\$mailSubject . \" New RouterOS is available! \
    v.\$deviceOsVerAvail.\")\r\
    \n\t\t\t:set mailBody \t\t(\$mailBody . \"New RouterOS version is availabl\
    e to install: v.\$deviceOsVerAvail (\$updateChannel) \\r\\n\$changelogUrl\
    \")\r\
    \n\t\t}\r\
    \n\r\
    \n\t\t# if we need to initiate RouterOs update process\r\
    \n\t\tif (\$scriptMode = \"osupdate\") do={\r\
    \n\t\t\t:set isOsNeedsToBeUpdated true;\r\
    \n\t\t\t# if we need to install only patch updates\r\
    \n\t\t\t:if (\$installOnlyPatchUpdates = true) do={\r\
    \n\t\t\t\t#Check if Major and Minor builds are the same.\r\
    \n\t\t\t\t:if ([:pick \$deviceOsVerInstNum 0 ([:len \$deviceOsVerInstNum]-\
    2)] = [:pick \$deviceOsVerAvailNum 0 ([:len \$deviceOsVerAvailNum]-2)]) do\
    ={\r\
    \n\t\t\t\t\t:log info (\"\$SMP New patch version of RouterOS firmware is a\
    vailable.\");   \r\
    \n\t\t\t\t} else={\r\
    \n\t\t\t\t\t:log info (\"\$SMP New major or minor version of RouterOS firm\
    ware is available. You need to update it manually.\");\r\
    \n\t\t\t\t\t:set mailSubject \t(\$mailSubject . \" New RouterOS: v.\$devic\
    eOsVerAvail needs to be installed manually.\");\r\
    \n\t\t\t\t\t:set mailBody \t\t(\$mailBody . \"New major or minor RouterOS \
    version is available to install: v.\$deviceOsVerAvail (\$updateChannel). \
    \\r\\nYou chose to automatically install only patch updates, so this major\
    \_update you need to install manually. \\r\\n\$changelogUrl\");\r\
    \n\t\t\t\t\t:set isOsNeedsToBeUpdated false;\r\
    \n\t\t\t\t}\r\
    \n\t\t\t}\r\
    \n\r\
    \n\t\t\t#Check again, because this variable could be changed during checki\
    ng for installing only patch updats\r\
    \n\t\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
    \n\t\t\t\t:log info (\"\$SMP New RouterOS is going to be installed! v.\$de\
    viceOsVerInst -> v.\$deviceOsVerAvail\");\r\
    \n\t\t\t\t:set mailSubject\t(\$mailSubject . \" New RouterOS is going to b\
    e installed! v.\$deviceOsVerInst -> v.\$deviceOsVerAvail.\");\r\
    \n\t\t\t\t:set mailBody \t\t(\$mailBody . \"Your Mikrotik will be updated \
    to the new RouterOS version from v.\$deviceOsVerInst to v.\$deviceOsVerAva\
    il (Update channel: \$updateChannel) \\r\\nFinal report with the detailed \
    information will be sent when update process is completed. \\r\\nIf you ha\
    ve not received second email in the next 5 minutes, then probably somethin\
    g went wrong. (Check your device logs)\");\r\
    \n\t\t\t\t#!! There is more code connected to this part and first step at \
    the end of the script.\r\
    \n\t\t\t}\r\
    \n\t\t\r\
    \n\t\t}\r\
    \n\t}\r\
    \n\r\
    \n\t## Checking If the script needs to create a backup\r\
    \n\t:log info (\"\$SMP Checking If the script needs to create a backup.\")\
    ;\r\
    \n\tif (\$forceBackup = true or \$scriptMode = \"backup\" or \$isOsNeedsTo\
    BeUpdated = true) do={\r\
    \n\t\t:log info (\"\$SMP Creating system backups.\");\r\
    \n\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
    \n\t\t\t:set backupNameFinal \$backupNameBeforeUpd;\r\
    \n\t\t};\r\
    \n\t\tif (\$scriptMode != \"backup\") do={\r\
    \n\t\t\t:set mailBody (\$mailBody . \"\\r\\n\\r\\n\");\r\
    \n\t\t};\r\
    \n\r\
    \n\t\t:set mailSubject\t(\$mailSubject . \" Backup was created.\");\r\
    \n\t\t:set mailBody\t\t(\$mailBody . \"System backups were created and att\
    ached to this email.\");\r\
    \n\r\
    \n\t\t:set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backu\
    pNameFinal backupPassword=\$backupPassword sensetiveDataInConfig=\$senseti\
    veDataInConfig];\r\
    \n\t} else={\r\
    \n\t\t:log info (\"\$SMP There is no need to create a backup.\");\r\
    \n\t}\r\
    \n\r\
    \n\t# Combine fisrst step email\r\
    \n\t:set mailBody (\$mailBody . \$mailBodyDeviceInfo . \$mailBodyCopyright\
    );\r\
    \n}\r\
    \n\r\
    \n## \tSTEP TWO: (after first reboot) routerboard firmware upgrade\r\
    \n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
    te device and if new RouterOs is available.\r\
    \n:if (\$updateStep = 2) do={\r\
    \n\t:log info (\"\$SMP Performing the second step.\");   \r\
    \n\t## RouterOS is the latest, let's check for upgraded routerboard firmwa\
    re\r\
    \n\tif (\$deviceRbCurrentFw != \$deviceRbUpgradeFw) do={\r\
    \n\t\t:set isSendEmailRequired false;\r\
    \n\t\t:delay 10s;\r\
    \n\t\t:log info \"\$SMP Upgrading routerboard firmware from v.\$deviceRbCu\
    rrentFw to v.\$deviceRbUpgradeFw\";\r\
    \n\t\t## Start the upgrading process\r\
    \n\t\t/system routerboard upgrade;\r\
    \n\t\t## Wait until the upgrade is completed\r\
    \n\t\t:delay 5s;\r\
    \n\t\t:log info \"\$SMP routerboard upgrade process was completed, going t\
    o reboot in a moment!\";\r\
    \n\t\t## Set scheduled task to send final report on the next boot, task wi\
    ll be deleted when is is done. (That is why you should keep original scrip\
    t name)\r\
    \n\t\t/system schedule add name=BKPUPD-FINAL-REPORT-ON-NEXT-BOOT on-event=\
    \":delay 5s; /system scheduler remove BKPUPD-FINAL-REPORT-ON-NEXT-BOOT; :g\
    lobal buGlobalVarUpdateStep 3; :delay 10s; /system script run BackupAndUpd\
    ate;\" start-time=startup interval=0;\r\
    \n\t\t## Reboot system to boot with new firmware\r\
    \n\t\t/system reboot;\r\
    \n\t} else={\r\
    \n\t\t:log info \"\$SMP It appers that your routerboard is already up to d\
    ate, skipping this step.\";\r\
    \n\t\t:set updateStep 3;\r\
    \n\t};\r\
    \n}\r\
    \n\r\
    \n## \tSTEP THREE: Last step (after second reboot) sending final report\r\
    \n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
    te device and if new RouterOs is available.\r\
    \n:if (\$updateStep = 3) do={\r\
    \n\t:log info (\"\$SMP Performing the third step.\");   \r\
    \n\t:log info \"Bkp&Upd: RouterOS and routerboard upgrade process was comp\
    leted. New RouterOS version: v.\$deviceOsVerInst, routerboard firmware: v.\
    \$deviceRbCurrentFw.\";\r\
    \n\t## Small delay in case mikrotik needs some time to initialize connecti\
    ons\r\
    \n\t:log info \"\$SMP The final email with report and backups of upgraded \
    system will be sent in a minute.\";\r\
    \n\t:delay 1m;\r\
    \n\t:set mailSubject\t(\$mailSubject . \" RouterOS Upgrade is completed, n\
    ew version: v.\$deviceOsVerInst!\");\r\
    \n\t:set mailBody \t  \t\"RouterOS and routerboard upgrade process was com\
    pleted. \\r\\nNew RouterOS version: v.\$deviceOsVerInst, routerboard firmw\
    are: v.\$deviceRbCurrentFw. \\r\\n\$changelogUrl \\r\\n\\r\\nBackups of th\
    e upgraded system are in the attachment of this email.  \$mailBodyDeviceIn\
    fo \$mailBodyCopyright\";\r\
    \n\t:set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backupN\
    ameAfterUpd backupPassword=\$backupPassword sensetiveDataInConfig=\$senset\
    iveDataInConfig];\r\
    \n}\r\
    \n\r\
    \n# Remove functions from global environment to keep it fresh and clean.\r\
    \n:do {/system script environment remove buGlobalFuncGetOsVerNum;} on-erro\
    r={}\r\
    \n:do {/system script environment remove buGlobalFuncCreateBackups;} on-er\
    ror={}\r\
    \n\r\
    \n##\r\
    \n## SENDING EMAIL\r\
    \n##\r\
    \n# Trying to send email with backups in attachment.\r\
    \n\r\
    \n:if (\$isSendEmailRequired = true) do={\r\
    \n\t:log info \"\$SMP Sending email message, it will take around half a mi\
    nute...\";\r\
    \n\t:do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\$\
    mailBody file=\$mailAttachments;} on-error={\r\
    \n\t\t:delay 5s;\r\
    \n\t\t:log error \"\$SMP could not send email message (\$[/tool e-mail get\
    \_last-status]). Going to try it again in a while.\"\r\
    \n\r\
    \n\t\t:delay 5m;\r\
    \n\r\
    \n\t\t:do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\
    \$mailBody file=\$mailAttachments;} on-error={\r\
    \n\t\t\t:delay 5s;\r\
    \n\t\t\t:log error \"\$SMP could not send email message (\$[/tool e-mail g\
    et last-status]) for the second time.\"\r\
    \n\r\
    \n\t\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
    \n\t\t\t\t:set isOsNeedsToBeUpdated false;\r\
    \n\t\t\t\t:log warning \"\$SMP script is not goint to initialise update pr\
    ocess due to inability to send backups to email.\"\r\
    \n\t\t\t}\r\
    \n\t\t}\r\
    \n\t}\r\
    \n\r\
    \n\t:delay 30s;\r\
    \n\t\r\
    \n\t:if ([:len \$mailAttachments] > 0 and [/tool e-mail get last-status] =\
    \_\"succeeded\") do={\r\
    \n\t\t:log info \"\$SMP File system cleanup.\"\r\
    \n\t\t/file remove \$mailAttachments; \r\
    \n\t\t:delay 2s;\r\
    \n\t}\r\
    \n\t\r\
    \n}\r\
    \n\r\
    \n\r\
    \n# Fire RouterOs update process\r\
    \nif (\$isOsNeedsToBeUpdated = true) do={\r\
    \n\r\
    \n\t## Set scheduled task to upgrade routerboard firmware on the next boot\
    , task will be deleted when upgrade is done. (That is why you should keep \
    original script name)\r\
    \n\t/system schedule add name=BKPUPD-UPGRADE-ON-NEXT-BOOT on-event=\":dela\
    y 5s; /system scheduler remove BKPUPD-UPGRADE-ON-NEXT-BOOT; :global buGlob\
    alVarUpdateStep 2; :delay 10s; /system script run BackupAndUpdate;\" start\
    -time=startup interval=0;\r\
    \n   \r\
    \n   :log info \"\$SMP everything is ready to install new RouterOS, going \
    to reboot in a moment!\"\r\
    \n\t## command is reincarnation of the \"upgrade\" command - doing exactly\
    \_the same but under a different name\r\
    \n\t/system package update install;\r\
    \n}\r\
    \n\r\
    \n:log info \"\$SMP script \\\"Mikrotik RouterOS automatic backup & update\
    \\\" completed it's job.\\r\\n\";"
add dont-require-permissions=no name=ledOn owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    system leds settings set all-leds-off=never;\r\
    \n:log info (\"Leds On\");"
add dont-require-permissions=no name=ledOff owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    system leds settings set all-leds-off=immediate;\r\
    \n:log info (\"Leds Off\");"
/tool e-mail
set address=s from="R" port= start-tls=yes \
    user=
Last edited by robsgax on Sun Jul 05, 2020 9:28 pm, edited 2 times in total.
 
whatever
Member
Member
Posts: 348
Joined: Thu Jun 21, 2018 9:29 pm

Re: High Battery usage with 6.47 stable

Sun Jul 05, 2020 11:05 pm

Multicast-helper causes higher battery usage. If battery life is a concern you might want to disable it.
 
robsgax
newbie
Topic Author
Posts: 27
Joined: Wed Apr 17, 2019 10:26 pm

Re: High Battery usage with 6.47 stable

Sun Jul 05, 2020 11:15 pm

Multicast-helper causes higher battery usage. If battery life is a concern you might want to disable it.
I did try disabling it and it was the same high battery consumption. Also i don't have that problem with 6.46.6. So it's still a 6.47 problem.

Sent from my SM-G988B using Tapatalk

 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: High Battery usage with 6.47 stable

Mon Jul 06, 2020 8:30 am

On thing may create problem for you. You have added lan IP on an interface and not an bridge.
You are not the first and for sure 100% not the last one to make this error.
DHCP server is correctly configured on the bridge, so why did you miss the main IP?
I guess you have upgraded from an older version <6.44

You can upgrade the Splunk script to get more information. You are on 3.2, latest 4.0 found here with CAPsMan support:
viewtopic.php?f=23&t=137338

Also you should remove your email from the above post. Its listed under /tool e-mail

Second router config is this set correctly.

Wrong
/interface bridge port
add bridge=bridgeLAN comment=defconf interface=ether2-CAPsMAN
add bridge=bridgeLAN comment=defconf interface=ether3-LAN
add bridge=bridgeLAN comment=defconf interface=ether4
add bridge=bridgeLAN interface=wlan2GHz

/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridgeLAN lease-time=1d name=\
defconf

/ip address
add address=192.168.0.1/24 interface=ether3-LAN network=192.168.0.0
Correct
/interface bridge port
add bridge=bridgeLAN comment=defconf interface=ether2-CAPsMAN
add bridge=bridgeLAN comment=defconf interface=ether3-LAN
add bridge=bridgeLAN comment=defconf interface=ether4
add bridge=bridgeLAN interface=wlan2GHz

/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridgeLAN lease-time=1d name=\
defconf

/ip address
add address=192.168.0.1/24 interface=bridgeLAN network=192.168.0.0
 
robsgax
newbie
Topic Author
Posts: 27
Joined: Wed Apr 17, 2019 10:26 pm

Re: High Battery usage with 6.47 stable

Mon Jul 06, 2020 9:39 am

On thing may create problem for you. You have added lan IP on an interface and not an bridge.
You are not the first and for sure 100% not the last one to make this error.
DHCP server is correctly configured on the bridge, so why did you miss the main IP?
I guess you have upgraded from an older version <6.44

You can upgrade the Splunk script to get more information. You are on 3.2, latest 4.0 found here with CAPsMan support:
viewtopic.php?f=23&t=137338

Also you should remove your email from the above post. Its listed under /tool e-mail

Second router config is this set correctly.

Wrong
/interface bridge port
add bridge=bridgeLAN comment=defconf interface=ether2-CAPsMAN
add bridge=bridgeLAN comment=defconf interface=ether3-LAN
add bridge=bridgeLAN comment=defconf interface=ether4
add bridge=bridgeLAN interface=wlan2GHz

/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridgeLAN lease-time=1d name=\
defconf

/ip address
add address=192.168.0.1/24 interface=ether3-LAN network=192.168.0.0
Correct
/interface bridge port
add bridge=bridgeLAN comment=defconf interface=ether2-CAPsMAN
add bridge=bridgeLAN comment=defconf interface=ether3-LAN
add bridge=bridgeLAN comment=defconf interface=ether4
add bridge=bridgeLAN interface=wlan2GHz

/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridgeLAN lease-time=1d name=\
defconf

/ip address
add address=192.168.0.1/24 interface=bridgeLAN network=192.168.0.0

thanks for the advise, I have this conf since I got my 1st mikrotik last year, a RB951G with 6.44.1, maybe that's why the mistake in the interfaces ip, I forgot about the splunk script, I don't use it right now, but I will try to set it setup again

do you think that the difference in battery usage its form that wrong assigned interface ip? right now my work phone has used only 3% in 9 hrs, and yesterday it went from 100 to 90 in 1 hour, standby also, same phone, routers, configuration, the only difference is the routeros version. when I rolled it back, I didn't clear the conf, used the same as 6.47 and the issue went away.

here's a image of my phone battery stats, the slope is using 6.47, and when started to go more horizontal, its when I changed versions.
Screenshot_2020-07-05-23-34-55.png
You do not have the required permissions to view the files attached to this post.
 
Pea
Member Candidate
Member Candidate
Posts: 229
Joined: Fri Jul 17, 2015 11:07 pm
Location: Czech

Re: High Battery usage with 6.47 stable

Mon Jul 06, 2020 9:50 am

Why do you think ROS is the cause for battery drain? This can be coincidence only.
Please do not forget that Google pushes several updates to your phone which can cause higher consumption and usually are fixed by new updates.
 
robsgax
newbie
Topic Author
Posts: 27
Joined: Wed Apr 17, 2019 10:26 pm

Re: High Battery usage with 6.47 stable

Mon Jul 06, 2020 10:14 am

Why do you think ROS is the cause for battery drain? This can be coincidence only.
Please do not forget that Google pushes several updates to your phone which can cause higher consumption and usually are fixed by new updates.
i dont think is a coincidence because this was the same behavior as soon as i updated the firmware, the graph went almost vertical on my devices (i did'nt take a snap of that), it went all day like this, i did make all sort of adjustments, reset configurations, make new basic one (only setup internet access and capsman, no special rules, routes, scripts etc), the same, restored the update and reverted versions, and as soon as i did that, the consumption went down (for that i have the snap).
i can simulate the high consumption on 6.46.6 if i enable keepalive-frames, that was a problem that i had before, but already fixed last year with disabling keepalive-frames.

On 6.47 it seems that they are always enabled. maybe a bug?
 
robsgax
newbie
Topic Author
Posts: 27
Joined: Wed Apr 17, 2019 10:26 pm

Re: High Battery usage with 6.47 stable

Tue Jul 07, 2020 9:38 pm

Update

Yesterday i updated my work router, a RB951UI to 6.47 and the same issue, now on all of our office phones, so the issue is not only with capsman, hap ac2 or cap ac. will revert to 6.46.6 and keep testing
 
robsgax
newbie
Topic Author
Posts: 27
Joined: Wed Apr 17, 2019 10:26 pm

Re: High Battery usage with 6.47 stable

Sun Sep 20, 2020 9:02 pm

Hi, im revisiting this theme,

now im testing with 6.47.3, and the same behavior, high battery consumption, this week my average phone drain with 6.45.9 was 0.3%/h, last friday i decided to upgrade to 6.47.3, and the drainage was now al 3.3%/h, with the same router, settings, placement, etc etc. only upgraded packages and firmware.

has anybody found anything that could cause this? maybe a option that in 6.47 its ignored or means another thing?
 
neutronlaser
Member
Member
Posts: 445
Joined: Thu Jan 18, 2018 5:18 pm

Re: High Battery usage with 6.47 stable

Mon Sep 21, 2020 11:49 pm

Does multicast helper really decrease battery life?
 
Stany755
just joined
Posts: 1
Joined: Mon Dec 21, 2020 8:24 am

Re: High Battery usage with 6.47 stable

Mon Dec 21, 2020 8:39 am

Same problem on 6.47.8 on HomeAP. I tried several lower versions of ROS. I tested several settings from this forum and others.

Now I have ROS 6.46.6 with settings :

DHCP lease - 1d
group key update - 1h
WMM - enabled
keepalive-frames - disabled or enabled

Without effect, the smartphone's battery drains quickly.

My problem was setting the "Detect internet" option.

Wrong settings (some time ago I clicked on the internet detection option in the Mikrotik mobile application, my error) :
spatne.png
Correct settings :
ok.png
Bingo, battery power consumption is fine. The last activity parameter is OK.
mm.PNG
Detect internet must not be enabled on the WLAN card. The WLAN card must not be a member of the interface list group to which I allow Detect internet.
Keepalive-frames = enabled , max last activity to 20s
Keepalive-frames = disabled , last activity can be higher than 20s.

Behavior test in ROS 6.47.8 in preparation.
You do not have the required permissions to view the files attached to this post.
 
robsgax
newbie
Topic Author
Posts: 27
Joined: Wed Apr 17, 2019 10:26 pm

Re: High Battery usage with 6.47 stable

Tue Dec 22, 2020 10:46 pm

Never thought that could be the cause!!.

i will try to update to 6.47 this weekend and monitor the results

thanks for the information!.
 
tikusr
just joined
Posts: 1
Joined: Mon Feb 15, 2021 10:10 pm

Re: High Battery usage with 6.47 stable

Tue Feb 16, 2021 11:05 am

Does "Detect internet" option resolves the issue for everyone?

I'm trying to resolve it for about a month when I have some spare time. Tried everything I found on this forum (Multicast helper/buffering settings, keep-alive, WMM enabled, increasing dhcp lease time etc) - it's still drains my phone/tablet battery too quickly, about 2-3 times faster than on my previous wifi router (asus rt-n66u), currently it's hap ac3 runnig ROS 6.48.1. Yesterday tried this "Detect internet" option - it seems it helps a bit, now about 30% for 10 hours (a few days ago it was ~ 35-40%), but it's still to much. Any more ideas?
Last edited by tikusr on Tue Feb 16, 2021 11:07 am, edited 1 time in total.
 
Xenhat
just joined
Posts: 7
Joined: Fri Dec 30, 2016 9:41 pm

Re: High Battery usage with 6.47 stable

Thu Jul 22, 2021 8:35 pm

Since I have no real need for the Detect Internet feature at the moment (I do sometimes!) I will apply the suggestions mentioned in this post as I am also trying to minimize battery drain on clients. I shall report once I have some data to process.
 
ptursan
just joined
Posts: 1
Joined: Sat Jan 07, 2023 2:12 pm

Re: High Battery usage with 6.47 stable

Sat Jan 07, 2023 2:30 pm

I was tearing my hair out trying to resolve this issue for some weeks on and off when I had time and last night finally had some success.

I have 1x hAP ac (master) & 3x hAP ac² being managed by CAPSMAN. I was primarily looking at another post viewtopic.php?t=68782 during my troubleshooting and seem to have overlooked some of the obvious comments in this post.

Strangely only my older Android devices were affected. A Samsung Galaxy Tab S2 and two Galaxy S9s were having obscenely short battery life (4%+ per hour in standby with screen off). When I was on holiday they would last for days on standby, so I knew it was definitely something to do with my local WiFi setup at home.

I even contacted MikroTik in case it was a known issue. It wasn't a known issue but they were kind enough to give me some things to try:
- Using band only-n or ac. (not an option for me as I have some older legacy devices on the network)
- Disable keepalive-frames. (I tried this, no effect)
- You could check if multicast-buffering has any effect on the issue, by default it's enabled. (Not configurable on CAPSMAN controlled interfaces)
- You could try enabling hw-protection-mode = rts-cts (I resolved the issue for me before I got to try this).
- In wireless security profiles, don't use TKIP. You could adjust the group-key-update time to be higher. (already wasn't using TKIP, and from the other forum had tried a 1hr group-key-update time)

In the end for me it was indeed as mentioned here the multicast-helper set to "full". I had initially enabled this as I was having discovery issues with my linked Yamaha MusicCast Soundbar and satellite speakers. After setting this to "disabled", battery life on my Samsung Tablet was instantly improved.


battery-usage.png


I'll gradually start rolling back the other things I tried now to see if it remains the same (turn on keepalive-frames again, set group-key-update time back to normal).

Hope this helps someone else!
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: No registered users and 28 guests