Im using Mikrotik set like in title for 2 years and it was working OK.
On Wan there is a LTE router working like bridge.
From some time, Im losing internet connection on my notebook, private or company one. Loosing packets in ping, then it can stabilize and then its not working again.
On router in console ping to google is working fine.
Im also disconnected from mikrotik winbox with message "connnection refused". Windows showed - wifi connected - no internet.
I was followed all detailed tutorials how to config witi etc and have no idea now, how can I manage the issue. Tried to use dns from internet provider (LTE) tried with google and still have issues.
If you help me it will be really, really appreciated, because now Im not able to work from my home and it's going to be unnaceptable to company which i working for ...
Code: Select all
# 2024-05-24 09:27:46 by RouterOS 7.14.3
# software id = 7SH4-7GPV
#
# model = RBD53iG-5HacD2HnD
# serial number = HCX084T360K
/caps-man channel
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5180,5200,5220,5240,5745 name=channel5G secondary-frequency=\
disabled
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2412,2437,2462 name=channel2G secondary-frequency=disabled
/interface bridge
add name=BRIDGE_LAN port-cost-mode=short protocol-mode=none
/interface ethernet
set [ find default-name=ether2 ] name=ETH2
set [ find default-name=ether3 ] name=ETH3
set [ find default-name=ether4 ] name=ETH4
set [ find default-name=ether5 ] name=ETH5
set [ find default-name=ether1 ] name=WAN_ORANGE
/caps-man datapath
add bridge=BRIDGE_LAN client-to-client-forwarding=yes local-forwarding=no \
name=datapath1
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
name=security1
/caps-man configuration
add channel=channel2G country=china datapath=datapath1 installation=outdoor \
mode=ap name=CAPcfg2G rx-chains=0,1,2,3 security=security1 ssid=\
Ogrodniczki tx-chains=0,1,2,3
add channel=channel5G country=china datapath=datapath1 installation=outdoor \
mode=ap name=CAPcfg5G rx-chains=0,1,2,3 security=security1 ssid=\
Ogrodniczki_5G tx-chains=0,1,2,3
add channel=channel2G country=china datapath=datapath1 installation=any mode=\
ap name=cfgGosc rx-chains=0,1,2,3 security=security1 ssid=\
Ogrodniczki_Gosc tx-chains=0,1,2,3
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=HASLO_WIFI \
supplicant-identity=""
add authentication-types=wpa2-psk mode=dynamic-keys name=WIFI_GOSC \
supplicant-identity=""
/interface wireless
# managed by CAPsMAN
# channel: 5745/20/ac(30dBm), SSID: Ogrodniczki_5G, CAPsMAN forwarding
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac \
channel-width=20/40mhz-Ce country=china frequency=auto installation=\
outdoor mode=ap-bridge name=WLAN5GHZ security-profile=HASLO_WIFI ssid=\
Ogrodniczki_5G
# managed by CAPsMAN
# channel: 2462/20/gn(20dBm), SSID: Ogrodniczki, CAPsMAN forwarding
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-g/n basic-rates-b="" \
country=china installation=outdoor mode=ap-bridge name=WLAN24GHZ \
rate-set=configured security-profile=HASLO_WIFI ssid=Ogrodniczki \
supported-rates-b=""
/ip firewall layer7-protocol
add name=video regexp="^.+(videoplayback|watch|video|youtube).*\\\$"
/ip pool
add name=POOL_LAN ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=POOL_LAN interface=BRIDGE_LAN lease-time=1d name=SERVER_DHCP
/interface ppp-client
add apn=internet name=ppp-out1 port=usb1
/queue tree
add disabled=yes max-limit=5M name=DOWNstream parent=global
add disabled=yes max-limit=3M name=MEDIAstream parent=DOWNstream
add disabled=yes name=ping packet-mark=ping-pkt parent=DOWNstream priority=1
/queue type
add kind=sfq name=default-sfq
add kind=fq-codel name=fq_codel
/queue simple
add disabled=yes max-limit=5M/5M name=GamingQueue queue=fq_codel/fq_codel \
target=WAN_ORANGE total-queue=fq_codel
/queue tree
add disabled=yes limit-at=9700k max-limit=9700k name=queue1 parent=WAN_ORANGE \
queue=default
add disabled=yes limit-at=6200k max-limit=6200k name=prio5-streaming \
packet-mark=streaming parent=queue1 priority=5 queue=default
add disabled=yes limit-at=100k max-limit=9500k name=prio8-untagged \
packet-mark=no-mark parent=queue1 queue=default
add disabled=yes limit-at=1G max-limit=1G name=prio3-gaming packet-mark=\
gaming parent=queue1 priority=3 queue=default
add disabled=yes limit-at=1G max-limit=1G name=prio2-misc-fast packet-mark=\
misc-fast parent=queue1 priority=2 queue=default
add disabled=yes limit-at=100k max-limit=9500k name=prio6-http packet-mark=\
http parent=queue1 priority=6 queue=default
add disabled=yes name="mobile legends" packet-mark=ml-pkt parent=DOWNstream \
priority=1 queue=pcq-download-default
add disabled=yes name="cross fire" packet-mark=crossfire-pkt parent=\
DOWNstream priority=1 queue=pcq-download-default
add disabled=yes name="rules of survival" packet-mark=ros-pkt parent=\
DOWNstream priority=1 queue=pcq-download-default
add disabled=yes name=dota2 packet-mark=dota2-pkt parent=DOWNstream priority=\
1 queue=pcq-download-default
add disabled=yes name="league of legends " packet-mark=lol-pkt parent=\
DOWNstream priority=1 queue=pcq-download-default
add disabled=yes name="call of duty" packet-mark=cod-pkt parent=DOWNstream \
priority=1 queue=pcq-download-default
add disabled=yes name="pubg mobile" packet-mark=pubg-pkt parent=DOWNstream \
priority=1 queue=pcq-download-default
add disabled=yes max-limit=20M name=streaming packet-mark="streaming -pkt" \
parent=MEDIAstream queue=pcq-download-default
add disabled=yes max-limit=40M name=downloading packet-mark=dload-pkt parent=\
MEDIAstream queue=pcq-download-default
add disabled=yes max-limit=1M name=browsing packet-mark=browsing-pkt parent=\
MEDIAstream queue=pcq-download-default
add disabled=yes max-limit=1M name=others packet-mark=others-pkt parent=\
MEDIAstream queue=pcq-download-default
/user group
add name=HA policy="reboot,read,write,policy,test,api,!local,!telnet,!ssh,!ftp\
,!winbox,!password,!web,!sniff,!sensitive,!romon,!rest-api"
/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \
name=zt1 port=xxxx
/zerotier interface
add instance=zt1 name=zerotier1 network=xxx
/caps-man access-list
add allow-signal-out-of-range=10s disabled=no mac-address=34:EA:E7:A1:65:94 \
ssid-regexp=""
add allow-signal-out-of-range=10s disabled=no mac-address=34:EA:E7:A1:65:94 \
ssid-regexp=""
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
CAPcfg2G name-format=identity
add action=create-dynamic-enabled hw-supported-modes=ac,an \
master-configuration=CAPcfg5G name-format=identity
/interface bridge port
add bridge=BRIDGE_LAN interface=ETH2 internal-path-cost=10 path-cost=10
add bridge=BRIDGE_LAN interface=ETH3 internal-path-cost=10 path-cost=10
add bridge=BRIDGE_LAN interface=ETH4 internal-path-cost=10 path-cost=10
add bridge=BRIDGE_LAN interface=ETH5 internal-path-cost=10 path-cost=10
add bridge=BRIDGE_LAN interface=WLAN24GHZ internal-path-cost=10 path-cost=10
add bridge=BRIDGE_LAN interface=WLAN5GHZ internal-path-cost=10 path-cost=10
add bridge=BRIDGE_LAN disabled=yes interface=*B internal-path-cost=10 \
path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/interface wireless cap
#
set bridge=BRIDGE_LAN caps-man-addresses=127.0.0.1 certificate=request \
enabled=yes interfaces=WLAN24GHZ,WLAN5GHZ
/ip address
add address=192.168.1.1/24 interface=BRIDGE_LAN network=192.168.1.0
/ip dhcp-client
add interface=WAN_ORANGE use-peer-dns=no
/ip dhcp-server lease
HIDE
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=192.168.1.2-192.168.1.254 list=allowed_to_router
add address=192.168.191.2-192.168.191.254 list=allowed_to_router2
/ip firewall filter
add action=accept chain=forward in-interface=zerotier1
add action=accept chain=input in-interface=zerotier1
add action=accept chain=input comment="allow CAP" dst-port=5246,5247 \
protocol=udp
add action=accept chain=input comment="allow all input from lan" \
in-interface=BRIDGE_LAN
add action=accept chain=input comment="default configuration" \
connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" dst-limit=\
1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h chain=output content="530 Login incorrect" \
protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN_ORANGE src-address=\
192.168.1.0/24
add action=dst-nat chain=dstnat dst-address-type=local dst-port=443 protocol=\
tcp to-addresses=192.168.1.103 to-ports=443
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.1.103/32
set ssh address=192.168.1.0/24 disabled=yes port=222
set www-ssl address=192.168.1.103/32 disabled=no
set winbox address=192.168.1.0/24 port=5963
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Warsaw
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=ntp.task.gda.pl
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=static
/tool mac-server ping
set enabled=no