I'm not sure what else to try, perhaps someone can shed me some light on this.
Thanks in advance!
Here is my config:
First mikrotik (estudio):
Code: Select all
# 2024-01-15 18:49:22 by RouterOS 7.13
# software id = HWJU-6UKY
#
# model = RBD52G-5HacD2HnD
# serial number = XXXXXXXX
/interface bridge
add admin-mac=08:55:31:9B:20:E2 auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wifi channel
add band=2ghz-n disabled=no frequency=2472 name=2-channel13-N width=20mhz
add band=5ghz-ac disabled=no frequency=5220 name=5-channel-ac \
skip-dfs-channels=all width=20/40/80mhz
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk comment=security_profile \
connect-priority=0 disabled=no ft=yes ft-over-ds=yes name=\
security_profile
/interface wifi configuration
add channel=5-channel-ac country="United States" disabled=no mode=ap name=\
profile-wifi-5-ac security=security_profile \
security.authentication-types=wpa-psk,wpa2-psk .connect-priority=0 .ft=\
yes .ft-over-ds=yes ssid=darkstar-5.0GHz
add channel=2-channel13-N country="United States" disabled=no mode=ap name=\
profile-wifi-2-an security=security_profile \
security.authentication-types=wpa-psk,wpa2-psk .ft=yes .ft-over-ds=yes \
ssid=darkstar-2.4GHz
/interface wifi
add channel.frequency=2462 configuration=profile-wifi-2-an \
configuration.mode=ap disabled=no name=living-cap-wifi2 radio-mac=\
18:FD:74:74:2B:F4
add channel.frequency=5220 configuration=profile-wifi-5-ac \
configuration.mode=ap disabled=no name=living-cap-wifi5 radio-mac=\
18:FD:74:74:2B:F5
set [ find default-name=wifi1 ] channel.frequency=2462 configuration=\
profile-wifi-2-an configuration.mode=ap datapath.bridge=bridge disabled=\
no name=wifi-2.0 security.connect-priority=0
set [ find default-name=wifi2 ] configuration=profile-wifi-5-ac \
configuration.mode=ap disabled=no name=wifi-5.0 \
security.connect-priority=0
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.190
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=10m name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wifi-2.0
add bridge=bridge comment=defconf interface=wifi-5.0
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface wifi capsman
set enabled=yes package-path="" require-peer-certificate=yes upgrade-policy=\
none
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=\
192.168.1.0
add address=192.168.0.2/24 interface=ether1 network=192.168.0.0
/ip dhcp-client
add comment=defconf disabled=yes interface=ether1
/ip dhcp-server lease
add address=192.168.1.17 client-id=1:7c:78:b2:38:1a:d mac-address=\
7C:78:B2:38:1A:0D server=defconf
add address=192.168.1.7 mac-address=E4:5F:01:0A:30:11 server=defconf
add address=192.168.1.41 client-id=1:7c:78:b2:38:1a:de mac-address=\
7C:78:B2:38:1A:DE server=defconf
add address=192.168.1.107 client-id=1:c:8c:24:c:ee:17 mac-address=\
0C:8C:24:0C:EE:17 server=defconf
add address=192.168.1.27 mac-address=10:2C:6B:10:45:88 server=defconf
add address=192.168.1.30 client-id=1:7c:78:b2:38:15:6f mac-address=\
7C:78:B2:38:15:6F server=defconf
add address=192.168.1.26 mac-address=D8:8C:79:74:ED:EB server=defconf
add address=192.168.1.10 client-id=1:c:8c:24:22:bd:e1 mac-address=\
0C:8C:24:22:BD:E1 server=defconf
add address=192.168.1.116 client-id=\
ff:c2:72:f6:9:0:2:0:0:ab:11:f5:a2:86:96:a4:27:48:e0 mac-address=\
00:A0:98:71:FD:FE server=defconf
add address=192.168.1.51 mac-address=10:52:1C:74:0B:84 server=defconf
add address=192.168.1.11 mac-address=C8:2B:96:E3:7F:BC server=defconf
add address=192.168.1.78 mac-address=DC:4F:22:B9:6A:92 server=defconf
add address=192.168.1.59 mac-address=7C:78:B2:69:E8:9E server=defconf
add address=192.168.1.69 mac-address=70:03:9F:09:7C:38 server=defconf
add address=192.168.1.75 client-id=\
ff:b5:5e:67:ff:0:2:0:0:ab:11:71:51:7a:3f:5a:ab:ed:2d mac-address=\
00:A0:98:14:0C:1B server=defconf
add address=192.168.1.94 client-id=1:7c:78:b2:7a:c7:ee comment=cam-patio.lan \
mac-address=7C:78:B2:7A:C7:EE server=defconf
add address=192.168.1.9 client-id=1:18:fd:74:74:2b:ef comment=\
mikrotik.living.lan mac-address=18:FD:74:74:2B:EF server=defconf
add address=192.168.1.4 comment=dockernas.lan mac-address=1E:CD:BF:A6:E0:11
add address=192.168.1.8 comment=truenas.lan mac-address=86:46:69:3C:40:BA
add address=192.168.1.13 comment=proxmox.lan mac-address=18:C0:4D:61:3C:49
add address=192.168.1.66 comment=cam-babycall.lan mac-address=\
D0:3F:27:A2:B1:77
add address=192.168.1.61 comment=cam-patio2.lan mac-address=7C:78:B2:38:3E:9A
add address=192.168.1.54 client-id=1:c4:60:35:3c:66:3e mac-address=\
C4:60:35:3C:66:3E server=defconf
add address=192.168.1.28 mac-address=24:A1:60:0B:06:C6
add address=192.168.1.68 mac-address=DC:A6:32:08:DD:07
add address=192.168.1.25 client-id=1:1e:52:ce:a6:b6:cd mac-address=\
1E:52:CE:A6:B6:CD server=defconf
add address=192.168.1.24 client-id=1:26:40:20:e3:4e:b4 mac-address=\
26:40:20:E3:4E:B4 server=defconf
add address=192.168.1.29 client-id=1:4a:53:f6:af:dd:6c mac-address=\
4A:53:F6:AF:DD:6C server=defconf
add address=192.168.1.44 client-id=1:8:5b:d6:5a:dc:f5 mac-address=\
08:5B:D6:5A:DC:F5 server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=192.168.1.1 gateway=\
192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=\
1.1.1.1,1.0.0.1,192.105.0.131,192.105.0.4
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
add address=192.168.1.1 name=mikrotik.estudio.lan
add address=192.168.1.9 name=mikrotik.living.lan
add address=192.168.0.1 name=routerisp.lan
add address=192.168.1.8 name=truenas.lan
add address=192.168.1.7 name=cronos.lan
add address=192.168.1.68 name=octopi.lan
add cname=transmission.docker name=transmission.lan type=CNAME
add address=192.168.1.4 name=dockernas.lan
add address=192.168.1.193 name=portainer.lan
add address=192.168.1.59 name=cam-garage.lan
add address=192.168.1.94 name=cam-patio.lan
add address=192.168.1.30 name=cam-entrada.lan
add address=192.168.1.41 name=cam-cocina.lan
add address=192.168.1.17 name=cam-frente.lan
add cname=dockernas.lan disabled=yes name=aikidofudoshinkan.org type=CNAME
add address=192.168.1.13 name=proxmox.lan
add address=192.168.1.66 name=cam-babycall.lan
add address=192.168.1.61 name=cam-patio2.lan
add address=192.168.1.54 name=tablet.entrada.lan
add address=192.168.1.25 name=1+.sole.50.lan
add address=192.168.1.24 name=1+.juan.50.lan
add address=192.168.1.29 name=1+.juan.24.lan
add address=192.168.1.44 name=surface.cata.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/system clock
set time-zone-name=America/Argentina/Buenos_Aires
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Second mikrotik (living):
Code: Select all
# 2024-01-15 09:50:46 by RouterOS 7.13
# software id = 08N0-RX40
#
# model = RBD52G-5HacD2HnD
# serial number = XXXXXXX
/interface bridge
add admin-mac=18:FD:74:74:2B:EF auto-mac=no comment=defconf name=bridgeLocal
/interface list
add name=WAN
add name=LAN
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: darkstar-2.4GHz, channel: 2462/n
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap \
datapath=capdp disabled=no
# managed by CAPsMAN
# mode: AP, SSID: darkstar-5.0GHz, channel: 5220/ac/eeCe
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap \
datapath=capdp disabled=no
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
add bridge=bridgeLocal comment=defconf interface=ether3
add bridge=bridgeLocal comment=defconf interface=ether4
add bridge=bridgeLocal comment=defconf interface=ether5
/interface list member
add interface=ether1 list=WAN
add interface=bridgeLocal list=LAN
/interface wifi cap
set certificate=request discovery-interfaces=bridgeLocal enabled=yes \
slaves-datapath=capdp
/ip address
add address=192.168.1.9/24 interface=bridgeLocal network=192.168.1.0
/ip dhcp-client
add comment=defconf disabled=yes interface=ether1
/system note
set show-at-login=no