Code: Select all
# jan/28/2022 13:59:09 by RouterOS 7.1.1
# software id = FW5U-5K9I
#
# model = RB4011iGS+
# serial number = *****************
/interface bridge
add admin-mac=*********** auto-mac=no comment=defconf name=bridge
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface vlan
add interface=ether5 name=ether5-911 vlan-id=911
/interface pppoe-client
add add-default-route=yes allow=pap disabled=no interface=ether5-911 \
keepalive-timeout=60 name=pppoe-wan user=\
****************************************
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=6 name=AdGuard_Home value="'192.168.50.99'"
/ip pool
add name=dhcp ranges=192.168.50.100-192.168.50.254
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=1h name=defconf
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=ether6
add bridge=bridge comment=defconf ingress-filtering=no interface=ether7
add bridge=bridge comment=defconf ingress-filtering=no interface=ether8
add bridge=bridge comment=defconf ingress-filtering=no interface=ether9
add bridge=bridge comment=defconf ingress-filtering=no interface=ether10
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface l2tp-server server
set enabled=yes use-ipsec=required
/interface list member
add interface=bridge list=LAN
add interface=pppoe-wan list=WAN
/interface wireguard peers
add allowed-address=192.168.66.2/32 comment=fold2_5g interface=wireguard1 \
public-key="********************************************"
add allowed-address=192.168.66.3/32 comment=s22_ultra interface=wireguard1 \
public-key="********************************************"
/ip address
add address=192.168.50.1/24 interface=bridge network=192.168.50.0
add address=192.168.66.1/24 interface=wireguard1 network=192.168.66.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=23h59m59s update-time=no
/ip dhcp-client
add comment=defconf disabled=yes interface=ether5-911 use-peer-dns=no
/ip dhcp-server lease
add address=192.168.50.3 client-id=1:84:d8:1b:59:0:92 mac-address=\
84:D8:1B:59:00:92 server=defconf
add address=192.168.50.12 client-id=1:78:24:af:82:df:b3 dhcp-option=\
AdGuard_Home mac-address=78:24:AF:82:DF:B3 server=defconf
add address=192.168.50.11 client-id=1:78:24:af:82:df:b2 dhcp-option=\
AdGuard_Home mac-address=78:24:AF:82:DF:B2 server=defconf
add address=192.168.50.58 dhcp-option=AdGuard_Home mac-address=\
10:CE:A9:50:87:C0 server=defconf
add address=192.168.50.15 client-id=1:0:18:dd:25:f:d1 mac-address=\
00:18:DD:25:0F:D1 server=defconf
add address=192.168.50.16 client-id=1:0:18:dd:25:12:1e mac-address=\
00:18:DD:25:12:1E server=defconf
add address=192.168.50.2 client-id=1:8:55:31:26:f8:1d mac-address=\
08:55:31:26:F8:1D server=defconf
add address=192.168.50.63 client-id=1:3c:5c:c4:43:a:14 dhcp-option=\
AdGuard_Home mac-address=3C:5C:C4:43:0A:14 server=defconf
add address=192.168.50.44 client-id=1:b4:a3:82:f:6:1b mac-address=\
B4:A3:82:0F:06:1B server=defconf
add address=192.168.50.43 client-id=1:b4:a3:82:f:5:da mac-address=\
B4:A3:82:0F:05:DA server=defconf
add address=192.168.50.42 client-id=1:b4:a3:82:f:7:29 mac-address=\
B4:A3:82:0F:07:29 server=defconf
add address=192.168.50.18 client-id=1:74:da:88:32:c1:bf mac-address=\
74:DA:88:32:C1:BF server=defconf
add address=192.168.50.17 client-id=1:74:da:88:14:2d:b9 mac-address=\
74:DA:88:14:2D:B9 server=defconf
add address=192.168.50.5 client-id=1:60:32:b1:97:a4:86 mac-address=\
60:32:B1:97:A4:86 server=defconf
add address=192.168.50.4 client-id=1:60:32:b1:97:a4:70 mac-address=\
60:32:B1:97:A4:70 server=defconf
add address=192.168.50.6 client-id=1:60:32:b1:d1:63:40 mac-address=\
60:32:B1:D1:63:40 server=defconf
add address=192.168.50.51 client-id=1:ae:b6:6a:cd:4a:88 dhcp-option=\
AdGuard_Home mac-address=AE:B6:6A:CD:4A:88 server=defconf
add address=192.168.50.52 client-id=1:8e:35:76:45:bd:c4 dhcp-option=\
AdGuard_Home mac-address=8E:35:76:45:BD:C4 server=defconf
add address=192.168.50.55 client-id=1:8c:83:e1:b:f8:94 dhcp-option=\
AdGuard_Home mac-address=8C:83:E1:0B:F8:94 server=defconf
add address=192.168.50.59 dhcp-option=AdGuard_Home mac-address=\
40:06:A0:A7:CD:E0 server=defconf
add address=192.168.50.62 client-id=1:a0:d0:dc:d4:b0:b dhcp-option=\
AdGuard_Home mac-address=A0:D0:DC:D4:B0:0B server=defconf
add address=192.168.50.61 client-id=1:38:f7:3d:a9:c4:dc dhcp-option=\
AdGuard_Home mac-address=38:F7:3D:A9:C4:DC server=defconf
add address=192.168.50.71 client-id=1:0:4:4b:b1:da:f9 comment=shield_TV \
dhcp-option=AdGuard_Home mac-address=00:04:4B:B1:DA:F9 server=defconf
add address=192.168.50.60 client-id=1:64:16:66:8f:d4:46 dhcp-option=\
AdGuard_Home mac-address=64:16:66:8F:D4:46 server=defconf
add address=192.168.50.65 client-id=1:8c:83:e1:c4:e2:a8 dhcp-option=\
AdGuard_Home mac-address=8C:83:E1:C4:E2:A8 server=defconf
add address=192.168.50.41 client-id=1:0:2a:2a:4b:8d:a8 mac-address=\
00:2A:2A:4B:8D:A8 server=defconf
add address=192.168.50.67 client-id=1:5c:a3:9d:2d:a8:ad comment=small_TV \
dhcp-option=AdGuard_Home mac-address=5C:A3:9D:2D:A8:AD server=defconf
add address=192.168.50.57 client-id=1:d6:2d:76:4e:aa:21 dhcp-option=\
AdGuard_Home mac-address=D6:2D:76:4E:AA:21 server=defconf
add address=192.168.50.53 client-id=1:68:3e:26:38:96:45 dhcp-option=\
AdGuard_Home mac-address=68:3E:26:38:96:45 server=defconf
add address=192.168.50.69 client-id=1:44:cb:8b:e:bf:46 dhcp-option=\
AdGuard_Home mac-address=44:CB:8B:0E:BF:46 server=defconf
add address=192.168.50.70 client-id=1:c:c4:7a:42:45:e0 mac-address=\
0C:C4:7A:42:45:E0 server=defconf
add address=192.168.50.68 dhcp-option=AdGuard_Home mac-address=\
68:B3:5E:02:AD:EE server=defconf
add address=192.168.50.45 client-id=1:9c:8e:cd:12:e3:49 dhcp-option=\
AdGuard_Home mac-address=9C:8E:CD:12:E3:49 server=defconf
add address=192.168.50.46 client-id=1:9c:8e:cd:12:e4:8d dhcp-option=\
AdGuard_Home mac-address=9C:8E:CD:12:E4:8D server=defconf
add address=192.168.50.10 client-id=1:0:25:90:35:49:e4 mac-address=\
00:25:90:35:49:E4 server=defconf
add address=192.168.50.64 client-id=1:74:e2:c:45:a6:3b dhcp-option=\
AdGuard_Home mac-address=74:E2:0C:45:A6:3B server=defconf
add address=192.168.50.47 client-id=1:4c:f5:dc:52:74:57 mac-address=\
4C:F5:DC:52:74:57 server=defconf
/ip dhcp-server network
add address=192.168.50.0/24 comment=defconf dns-server=1.1.1.2,1.0.0.2 \
gateway=192.168.50.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.2,1.0.0.2
/ip dns static
add address=192.168.50.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="Allow Wireguard" dst-port=13231 \
protocol=udp
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid log-prefix="Drop Invalid!"
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN log-prefix=Not_From_LAN!
add action=accept chain=forward comment="Accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="Accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="emby forwarding" dst-port=8096 \
in-interface=pppoe-wan log=yes log-prefix=emby_CONNECT protocol=tcp \
to-addresses=192.168.50.11 to-ports=8096
add action=dst-nat chain=dstnat comment="channels forwarding" dst-port=8089 \
in-interface=pppoe-wan log=yes log-prefix=channels protocol=tcp \
to-addresses=192.168.50.11 to-ports=8089
/ip ipsec policy
set 0 disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.50.53/32
set ssh disabled=yes port=2369
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/London
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes multicast=yes
/system ntp client servers
add address=51.89.151.183
add address=178.62.250.107
/system resource irq rps
set sfp-sfpplus1 disabled=no
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
While away from the local network, I can connect back to the LAN successfully; I can access all LAN devices.
However I cannot hit any websites, so no WAN connection while on a WireGuard session.
So, just to keep it simple. I'm away from home with my android device, connect to the CCTV and all LAN equipment fine. But I cannot access websites on the android device, while on a WireGuard connection. To do so, I would have to disconnect from WireGuard.
Any help appreciated.
