Is there a known issue with the windows 11 client anyone can point me to? Or is this a config issue that I'm just not seeing?
Code: Select all
# jun/03/2023 07:34:10 by RouterOS 7.9.2
# software id = ULHV-P6A5
#
# model = RB2011iLS
# serial number =
/interface bridge add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge
/interface ethernet set [ find default-name=ether4 ] rx-flow-control=on tx-flow-control=on
/interface ethernet set [ find default-name=sfp1 ] advertise=100M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full
/interface l2tp-ether add allow-fast-path=no circuit-id="" connect-to=0.0.0.0 cookie-length=0 digest-hash=md5 disabled=yes l2tp-proto-version=l2tpv3-ip mtu=auto name=l2tp-ether1 use-ipsec=no use-l2-specific-sublayer=no
/interface wireguard add listen-port=13231 mtu=1420 name=wireguard1
/interface list add comment=defconf name=WAN
/interface list add comment=defconf name=LAN
/interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec peer add disabled=yes exchange-mode=ike2 name=peer1 passive=yes
/ip ipsec proposal set [ find default=yes ] auth-algorithms=sha256 enc-algorithms=aes-256-cbc pfs-group=none
/ip pool add name=dhcp ranges=10.167.0.150-10.167.0.254
/ip pool add name=pool1 ranges=192.168.0.0/24
/ip dhcp-server add add-arp=yes address-pool=dhcp always-broadcast=yes interface=bridge lease-time=3m name=dhcp1
/port set 0 name=serial0
/ppp profile set *FFFFFFFE use-ipv6=no
/routing bgp template set default disabled=no output.network=bgp-networks
/routing ospf instance add disabled=no name=default-v2
/routing ospf area add disabled=yes instance=default-v2 name=backbone-v2
/user group add name=prometheus policy=read,winbox,api,!local,!telnet,!ssh,!ftp,!reboot,!write,!policy,!test,!password,!web,!sniff,!sensitive,!romon,!rest-api
/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether6
/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether7
/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether8
/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether9
/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether10
/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=sfp1
/ip neighbor discovery-settings set discover-interface-list=LAN
/ip settings set max-neighbor-entries=8192
/ipv6 settings set accept-redirects=no disable-ipv6=yes forward=no max-neighbor-entries=8192
/interface detect-internet set detect-interface-list=all wan-interface-list=WAN
/interface l2tp-server server set use-ipsec=yes
/interface list member add comment=defconf interface=bridge list=LAN
/interface list member add comment=defconf interface=ether1 list=WAN
/interface ovpn-server server set auth=sha1,md5
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set enabled=no
/interface sstp-server server set default-profile=default-encryption enabled=yes
/interface wireguard peers add allowed-address=192.168.0.2/32 interface=wireguard1 public-key="sdscXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
/interface wireguard peers add allowed-address=192.168.0.4/32 interface=wireguard1 public-key="7wl/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
/interface wireguard peers add allowed-address=192.168.0.3/32 interface=wireguard1 public-key="hif8XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
/ip address add address=10.167.0.1/24 comment=defconf interface=bridge network=10.167.0.0
/ip address add address=192.168.0.1/24 interface=wireguard1 network=192.168.0.0
/ip cloud set ddns-enabled=yes
/ip cloud advanced set use-local-address=yes
/ip dhcp-client add comment=defconf interface=ether1 use-peer-dns=no
/ip dhcp-server config set store-leases-disk=immediately
/ip dns set servers=10.167.0.8,10.167.0.12
/ip dns static add address=10.167.0.1 comment=defconf name=router.lan
/ip firewall address-list add address=10.167.0.0/24 list=LAN
/ip firewall address-list add address=xx.sn.mynetname.net list=WAN
/ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes
/ip firewall filter add action=accept chain=forward connection-state=established,related
/ip firewall filter add action=accept chain=input comment="accept established,related" connection-state=established,related
/ip firewall filter add action=accept chain=input dst-port=13231 protocol=udp
/ip firewall filter add action=drop chain=input comment="block everything else" in-interface=ether1
/ip firewall filter add action=drop chain=forward connection-state=invalid
/ip firewall mangle add action=mark-connection chain=prerouting dst-address-list=WAN new-connection-mark="Hairpin Nat" passthrough=yes src-address-list=LAN
/ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=ether1
/ip firewall nat add action=masquerade chain=srcnat dst-address=10.167.0.0/24 src-address=10.167.0.0/24
/ip firewall nat add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.0.0/24
/ip firewall nat add action=dst-nat chain=dstnat disabled=yes dst-port=53 log=yes protocol=udp src-address=!10.167.0.8 to-addresses=10.167.0.8 to-ports=53
/ip firewall nat add action=dst-nat chain=dstnat disabled=yes dst-port=53 log=yes protocol=tcp src-address=!10.167.0.8 to-addresses=10.167.0.8 to-ports=53
/ip firewall nat add action=masquerade chain=srcnat disabled=yes dst-address=10.167.0.8 dst-port=53 protocol=tcp src-address=10.167.0.0/24
/ip firewall nat add chain=srcnat
/ip firewall nat add chain=srcnat
/ip ipsec policy set 0 disabled=yes
/ip route add check-gateway=ping disabled=yes dst-address=0.0.0.0/0 gateway=ether1
/ip route add check-gateway=ping disabled=yes dst-address=0.0.0.0/0 gateway=ether1
/ip ssh set always-allow-password-login=yes forwarding-enabled=both strong-crypto=yes
/ip upnp interfaces add disabled=yes interface=ether2 type=internal
/ipv6 nd set [ find default=yes ] advertise-dns=no disabled=yes interface=bridge managed-address-configuration=yes ra-interval=20s-1m
/system note set show-at-login=no
/system ntp client set enabled=yes
/system ntp server set broadcast=yes enabled=yes manycast=yes multicast=yes use-local-clock=yes
/system ntp client servers add address=129.6.15.28
/system ntp client servers add address=132.163.96.1
/system scheduler add interval=1d name=reboot-3am on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=sep/17/2022 start-time=03:00:00
/system watchdog set watchdog-timer=no