Community discussions

MikroTik App
 
BenQ
just joined
Topic Author
Posts: 9
Joined: Tue Nov 09, 2021 7:54 pm

The Internet stopped working after upgrading RouterOS 6 to RouterOS 7

Sat Aug 13, 2022 7:28 am

Hello here, I wanted upgrade RouterOS 6 to RouterOS 7, everything went fine, all interfaces went up, but the Internet did not appear for users. As I understand it, somewhere need to change routes / something else for the new OS7? The config that works now is below. Where and what to change for RouterOS 7?
/interface bridge
add name=VLAN_99
add name=VLAN_100
add name=VLAN_200
/interface ethernet
set [ find default-name=ether1 ] comment=ISP1 name=ether1-wan
set [ find default-name=ether2 ] comment=Upl_SNR_sw1
set [ find default-name=ether6 ] comment=ISP2 name=ether6-wan
set [ find default-name=ether7 ] comment=Upl_SNR_sw2
/interface pppoe-client
add allow=pap,mschap1 disabled=no interface=ether1-wan max-mtu=1480 name=\
    pppoe_isp1 password=*** use-peer-dns=yes user=*
add allow=pap,mschap1 disabled=no interface=ether6-wan name=pppoe_isp2 \
    password=** use-peer-dns=yes user=****
/interface vlan
add interface=ether2 name=eth2-vlan99 vlan-id=99
add interface=ether2 name=eth2-vlan100 vlan-id=100
add interface=ether7 name=eth7-vlan99 vlan-id=99
add interface=ether7 name=eth7-vlan100 vlan-id=100
add interface=ether7 name=eth7-vlan200 vlan-id=200
/interface list
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=POOL_99 ranges=192.168.3.30-192.168.3.254
add name=POOL_100 ranges=192.168.1.30-192.168.1.254
add name=POOL_200 ranges=192.168.2.30-192.168.2.254
/ip dhcp-server
add address-pool=POOL_99 disabled=no interface=VLAN_99 lease-time=2d name=\
    DHCP_99
add address-pool=POOL_100 disabled=no interface=VLAN_100 lease-time=2d name=\
    DHCP_100
add address-pool=POOL_200 disabled=no interface=VLAN_200 lease-time=2d name=\
    DHCP_200
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=VLAN_99 interface=eth2-vlan99
add bridge=VLAN_100 interface=eth2-vlan100
add bridge=VLAN_100 interface=eth7-vlan100
add bridge=VLAN_200 interface=eth7-vlan200
add bridge=VLAN_99 disabled=yes interface=ether3
add bridge=VLAN_99 interface=eth7-vlan99
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=ether1-wan list=WAN
add interface=ether6-wan list=WAN
/ip address
add address=192.168.1.1/24 interface=VLAN_100 network=192.168.1.0
add address=192.168.2.1/24 interface=VLAN_200 network=192.168.2.0
add address=192.168.3.1/24 interface=VLAN_99 network=192.168.3.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall address-list
add address=172.16.0.0/12 list=PRIVATE_NETWORKS
add address=192.168.0.0/16 list=PRIVATE_NETWORKS
/ip firewall filter
add action=accept chain=input comment=:::::::::Established/Related \
    connection-state=established,related
add action=accept chain=input comment=:::::::::GRE in-interface-list=WAN \
    protocol=gre
add action=accept chain=input comment=:::::::::L2TP dst-port=1701 \
    in-interface-list=WAN protocol=udp
add action=accept chain=input comment=:::::::::IPsec dst-port=500,4500 \
    in-interface-list=WAN protocol=udp
add action=accept chain=input comment=:::::::::IPsec in-interface-list=WAN \
    protocol=ipsec-esp
add action=accept chain=input comment=:::::::::Winbox/SSH dst-port=8291,22 \
    in-interface-list=WAN protocol=tcp src-address-list=CONSOLE
add action=accept chain=input comment=":::::::::Echo Request" icmp-options=\
    8:0-255 protocol=icmp
add action=accept chain=input comment=":::::::::Echo Reply" icmp-options=\
    0:0-255 protocol=icmp
add action=accept chain=input comment=":::::::::Destination Unreachable" \
    icmp-options=3:0-255 protocol=icmp
add action=accept chain=input comment=":::::::::Time Exceeded" icmp-options=\
    11:0-255 protocol=icmp
add action=accept chain=forward dst-address=192.168.1.0/24 src-address=\
    192.168.3.0/24
add action=accept chain=forward dst-address=192.168.3.0/24 src-address=\
    192.168.1.0/24
add action=accept chain=forward dst-address=192.168.2.0/24 src-address=\
    192.168.3.0/24
add action=drop chain=input comment=":::::::::Input Drop" in-interface-list=\
    WAN
add action=reject chain=forward comment=\
    ":::::::::Reject Direct Internet Access" dst-address-list=!EXCLUSION \
    out-interface-list=WAN reject-with=icmp-admin-prohibited \
    src-address-list=PRIVATE_NETWORKS
add action=accept chain=forward comment=:::::::::Established/Related \
    connection-state=established,related
add action=drop chain=forward comment=":::::::::Forward Drop" \
    connection-nat-state=!dstnat in-interface-list=WAN
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=!192.168.0.0/16 \
    new-routing-mark=ISP1 passthrough=yes src-address=192.168.3.0/24
add action=mark-routing chain=prerouting dst-address=!192.168.0.0/16 \
    new-routing-mark=ISP1 passthrough=yes src-address=192.168.1.0/24
add action=mark-routing chain=prerouting dst-address=!192.168.0.0/16 \
    new-routing-mark=ISP2 passthrough=yes src-address=192.168.2.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat dst-address=!192.168.0.0/16 out-interface=\
    pppoe_isp1 src-address=192.168.3.2-192.168.3.254
add action=masquerade chain=srcnat dst-address=!192.168.0.0/16 out-interface=\
    pppoe_isp1 src-address=192.168.1.2-192.168.3.254
add action=masquerade chain=srcnat dst-address=!192.168.0.0/16 out-interface=\
    pppoe_isp2 src-address=192.168.2.2-192.168.2.254
/ip route
add check-gateway=ping distance=1 gateway=pppoe_isp1 routing-mark=ISP1
add check-gateway=ping distance=1 gateway=pppoe_isp2 routing-mark=ISP2
 
BenQ
just joined
Topic Author
Posts: 9
Joined: Tue Nov 09, 2021 7:54 pm

Re: The Internet stopped working after upgrading RouterOS 6 to RouterOS 7

Sun Aug 14, 2022 11:19 am

bump
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2865
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: The Internet stopped working after upgrading RouterOS 6 to RouterOS 7

Sun Aug 14, 2022 10:21 pm

Are you sure that NAT rules are correct?
Can you ping from router to "the world"?
 
BenQ
just joined
Topic Author
Posts: 9
Joined: Tue Nov 09, 2021 7:54 pm

Re: The Internet stopped working after upgrading RouterOS 6 to RouterOS 7

Sun Aug 14, 2022 10:38 pm

Are you sure that NAT rules are correct?
Can you ping from router to "the world"?
Thanks for the reply. As strange as it may sound, user PCs/servers work without any problems.

But yes, if you ping from router, an error comes.

Please, if possible, indicate where my problem.

And if possible, give the correct config
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2865
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: The Internet stopped working after upgrading RouterOS 6 to RouterOS 7

Sun Aug 14, 2022 10:47 pm

The first NAT does masquarade for WAN interfaces. What are their addresses as the latter NAT work only for LAN subnets and send traffic to ppoe interfaces.
Seems that router sends packest to WANs and have no addresses assigned or assigns addresses of ppoe which is incorrect.
 
BenQ
just joined
Topic Author
Posts: 9
Joined: Tue Nov 09, 2021 7:54 pm

Re: The Internet stopped working after upgrading RouterOS 6 to RouterOS 7

Sun Aug 14, 2022 10:54 pm

The first NAT does masquarade for WAN interfaces. What are their addresses as the latter NAT work only for LAN subnets and send traffic to ppoe interfaces.
Seems that router sends packest to WANs and have no addresses assigned or assigns addresses of ppoe which is incorrect.
Yes, I checked it now, packets not send to NAT/WAN
Screenshot_2.png
How do I configure it correctly now?
You do not have the required permissions to view the files attached to this post.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2865
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: The Internet stopped working after upgrading RouterOS 6 to RouterOS 7  [SOLVED]

Sun Aug 14, 2022 11:01 pm

You should have default route set. You do not have one so router does not know what to do with packets originating from the router itself.
You should have one of ppoe set the default route
 
BenQ
just joined
Topic Author
Posts: 9
Joined: Tue Nov 09, 2021 7:54 pm

Re: The Internet stopped working after upgrading RouterOS 6 to RouterOS 7

Sun Aug 14, 2022 11:05 pm

You should have default route set. You do not have one so router does not know what to do with packets originating from the router itself.
You should have one of ppoe set the default route

Something like that?

add action=masquerade chain=srcnat out-interface=pppoe_isp1

I just tried to add pppoe_isp1 to the WAN Interface List, nothing came out right
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2865
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: The Internet stopped working after upgrading RouterOS 6 to RouterOS 7

Sun Aug 14, 2022 11:08 pm

It's only needed NAT

Check ot the field "Add default route" for this connection too.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: The Internet stopped working after upgrading RouterOS 6 to RouterOS 7

Sun Aug 14, 2022 11:10 pm

Something like this:
/ip route
add distance=1 gateway=pppoe_isp1
You need a default route for packets without routing mark.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: The Internet stopped working after upgrading RouterOS 6 to RouterOS 7

Sun Aug 14, 2022 11:12 pm

mkx, how did this work on vers6 but not vers7?
 
BenQ
just joined
Topic Author
Posts: 9
Joined: Tue Nov 09, 2021 7:54 pm

Re: The Internet stopped working after upgrading RouterOS 6 to RouterOS 7

Sun Aug 14, 2022 11:17 pm

It's only needed NAT

Check ot the field "Add default route" for this connection too.
So, now I understand what you mean. Now ping normally work, and most likely I will be able to safely switch to ROS\7

It's just that it's already late at night and my brain already refuses to perceive information normally.

Thank you forhelp, I will write again when I can go to office and check the update.
 
BenQ
just joined
Topic Author
Posts: 9
Joined: Tue Nov 09, 2021 7:54 pm

Re: The Internet stopped working after upgrading RouterOS 6 to RouterOS 7

Sun Aug 14, 2022 11:18 pm

Something like this:
/ip route
add distance=1 gateway=pppoe_isp1
You need a default route for packets without routing mark.
Yes, thanks, I already figured out where the problem was. I hope I can upgrade normally
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: The Internet stopped working after upgrading RouterOS 6 to RouterOS 7

Sun Aug 14, 2022 11:27 pm

mkx, how did this work on vers6 but not vers7?
No idea. But if it worked, it's wrong because without default gateway for packets without routing mark router had to do some automagic and ROS is highly respected for its lack of automagic.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: The Internet stopped working after upgrading RouterOS 6 to RouterOS 7

Mon Aug 15, 2022 1:35 am

ROSv7 is different from ROSv6, seen this mostly in routing (e.g. target-scope/scope rules in recursive routes changed, however this difference is not-in-scope of this post)

I do see here routing marks ISP1 and ISP2 in the config. So we have routing tables ISP1 and ISP2 ... ????

Did this main difference play a role here? : "The main difference from v6 is that the routing table must be added to the /routing table menu before actually referencing it anywhere in the configuration."
https://help.mikrotik.com/docs/display/ ... h+examples


Maybe see also: viewtopic.php?t=161981
 
BenQ
just joined
Topic Author
Posts: 9
Joined: Tue Nov 09, 2021 7:54 pm

Re: The Internet stopped working after upgrading RouterOS 6 to RouterOS 7

Mon Aug 15, 2022 8:37 am

I didn't try to update ROSv7 today

But, if the update doesn't work, I'll need to do

routing table ISP1-ISP2

src-address=192.168.1.2-192.168.3.254@ISP1 / 192.168.2.2-192.168.2.254@ISP2
dst-address=192.168.0.0/16
gateway=pppoe_isp1/pppoe_isp2

or something else?
 
BenQ
just joined
Topic Author
Posts: 9
Joined: Tue Nov 09, 2021 7:54 pm

Re: The Internet stopped working after upgrading RouterOS 6 to RouterOS 7

Mon Aug 15, 2022 8:15 pm

Updated microtik. So far everything is working fine

The problem was the bonal absence of the default route in pppoe interface

Who is online

Users browsing this forum: No registered users and 57 guests