Configuration worked well when I've been checking it through the laptop connected directly to the so I went ahead and switched the rest of the office to new connection.
After a while everybody had one or another problem with the network. The connection behaves inconsistently for different users and protocols. Some people got timeouts on everything, some people were able to use the connection properly and some people had to wait for minutes until anything loaded. I obviously checked their network configuration one by one to see if some parts of the old config were not refreshed but after an hour of troubleshooting all kinds of things including Mikrotik settings I reverted everything to old router.
Here's my config. What am I missing? Did I forgot to set up something important? I don't have that much of an experience building network configurations from scratch.
Code: Select all
[admin@MikroTik] > export hide-sensitive
# 2024-01-24 16:57:13 by RouterOS 7.13
# software id = 2RBB-JBB3
#
# model = CCR2004-16G-2S+
# serial number = XXXXXXXXXXX
/interface bridge
add name=LAN_Network
/interface wireguard
add listen-port=1312 mtu=1420 name=wireguard_server
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option sets
add name=set1 options=""
/ip pool
add name=dhcp_pool0 ranges=10.1.1.1-10.1.1.253
add name=dhcp_pool1 ranges=10.1.1.10-10.1.1.253
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 always-broadcast=yes interface=\
LAN_Network lease-time=1h name=dhcp1 server-address=10.1.1.254
/port
set 0 name=serial0
set 1 name=serial1
/interface bridge port
add bridge=LAN_Network comment=defconf interface=ether1
add bridge=LAN_Network comment=defconf interface=ether2
add bridge=LAN_Network comment=defconf interface=ether3
add bridge=LAN_Network comment=defconf interface=ether4
add bridge=LAN_Network comment=defconf interface=ether5
add bridge=LAN_Network comment=defconf interface=ether6
add bridge=LAN_Network comment=defconf interface=ether7
add bridge=LAN_Network comment=defconf interface=ether8
add bridge=LAN_Network comment=defconf interface=ether9
add bridge=LAN_Network comment=defconf interface=ether10
add bridge=LAN_Network comment=defconf interface=ether11
add bridge=LAN_Network comment=defconf interface=ether12
add bridge=LAN_Network comment=defconf interface=ether13
add bridge=LAN_Network comment=defconf interface=ether14
add bridge=LAN_Network comment=defconf interface=ether15
add bridge=LAN_Network comment=defconf interface=ether16
add bridge=LAN_Network interface=LAN
/interface detect-internet
set detect-interface-list=all internet-interface-list=WAN lan-interface-list=\
LAN wan-interface-list=WAN
/interface list member
add interface=sfp-sfpplus1 list=WAN
add interface=*FFFFFFFF list=LAN
add interface=LAN_Network list=LAN
/interface wireguard peers
add allowed-address=0.0.0.0/0 client-listen-port=1312 endpoint-port=1 \
interface=wireguard_server private-key=\
"" public-key=\
""
/ip address
add address=xx.xxx.xx.xxx/xx interface=sfp-sfpplus1 network=xx.xxx.xx.xxx/xx
add address=10.1.1.254/24 interface=LAN_Network network=10.1.1.0
add address=10.1.1.222/24 interface=wireguard_server network=10.1.1.0
/ip dhcp-server network
add address=10.1.1.0/24 dns-server=10.1.1.254 gateway=10.1.1.254 netmask=24
/ip dns
set allow-remote-requests=yes servers=194.204.152.34,1.1.1.1,1.0.0.1
/ip firewall filter
add chain=input comment="Allow All ICMP" protocol=icmp
add chain=input comment="Allow all ICMP" protocol=icmp
add chain=input comment="Permit established connections" connection-state=\
established
add chain=input comment="Permit related connections" connection-state=related
add chain=input comment="Allow whitelisted sources" src-address-list=Whitelist
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set www-ssl address=10.1.1.0/32
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Paris
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key