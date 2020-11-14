So after 1.5 years or so of not touching my router, my connection starts to drop out (connected to router but no internet). At first for a few hours but now for days, sometime it reconnect for a few minutes before dropping out long term again. Can anyone take a look at this export file? I'm not sure what changed or what I'm doing wrong
in the meantime, my VOIP phone connected to ethernet2 is still has dial tone...
# nov/14/2020 16:25:55 by RouterOS 6.47.7
# software id = C3EC-GME3
#
# model = 2011UiAS-2HnD
# serial number = 0
/interface bridge
add admin-mac=E4:8D:8C:7B:A7:35 auto-mac=no comment=defconf name=bridge
add fast-forward=no name=bridge_vlan20
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
20/40mhz-Ce country=no_country_set disabled=no distance=indoors frequency=\
auto frequency-mode=manual-txpower mode=ap-bridge ssid=MikroTik-7BA73E \
station-roaming=enabled wireless-protocol=802.11
/interface vlan
add interface=ether1 name="VLAN10" vlan-id=10
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" \
group-ciphers=tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=password \
wpa2-pre-shared-key=password
add authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm \
management-protection=allowed mode=dynamic-keys name=guestWifi \
supplicant-identity="" unicast-ciphers=tkip,aes-ccm wpa2-pre-shared-key=\
password
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=E6:8D:8C:7B:A7:3E \
master-interface=wlan1 multicast-buffering=disabled name=guestWifi \
security-profile=guestWifi ssid=Netgear station-roaming=enabled vlan-id=20 \
vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface vlan
add interface=guestWifi name=vlan_20 vlan-id=20
/ip dhcp-server
add add-arp=yes disabled=no interface=bridge lease-time=1h10m name=defconf
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=guestPool ranges=192.168.2.20-192.168.2.220
/ip dhcp-server
# DHCP server can not run on slave interface!
add address-pool=guestPool authoritative=after-2sec-delay disabled=no \
interface=guestWifi lease-time=3h name=guestDHCP
add address-pool=guestPool disabled=no interface=bridge_vlan20 lease-time=40m \
name=dhcp1
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pass\
word,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge filter
add action=drop chain=input dst-port=68 in-interface=wlan1 ip-protocol=udp \
mac-protocol=ip
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge_vlan20 interface=guestWifi
add bridge=bridge_vlan20 interface=vlan_20
add bridge=bridge disabled=yes interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all internet-interface-list=all lan-interface-list=\
all wan-interface-list=all
/interface list member
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=sfp1 list=LAN
add interface=ether1 list=WAN
add interface=wlan1 list=LAN
add interface=bridge list=LAN
/ip address
add address=192.168.2.1/24 comment=defconf interface=ether2 network=\
192.168.2.0
add address=192.168.2.1/24 interface=bridge_vlan20 network=192.168.2.0
/ip arp
add address=192.168.2.27 interface=bridge_vlan20 mac-address=9C:3D:CF:E0:BE:70
/ip dhcp-client
add disabled=no interface="VLAN10" use-peer-dns=no
add disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.88.254 client-id=1:0:1f:e1:cb:51:5d mac-address=\
00:1F:E1:CB:51:5D server=defconf
add address=192.168.88.253 client-id=1:ac:5f:3e:ba:ee:5c mac-address=\
AC:5F:3E:BA:EE:5C server=defconf
add address=192.168.88.249 client-id=1:68:7f:74:58:c0:90 mac-address=\
68:7F:74:58:C0:90 server=defconf
add address=192.168.88.247 client-id=1:5c:f9:38:3:aa:9c mac-address=\
5C:F9:38:03:AA:9C server=defconf
add address=192.168.88.246 client-id=1:60:6c:66:c7:c:81 mac-address=\
60:6C:66:C7:0C:81 server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
add address=192.168.2.0/24 dns-server=45.71.185.100,207.148.83.241 gateway=\
192.168.2.1 netmask=24
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set servers=1.1.1.1,172.105.162.206
/ip firewall address-list
add address=192.168.2.0/24 list=internal_restricted
add address=192.168.88.0/24 list=internal_trusted
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface="VLAN10"
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface="VLAN10"
add action=reject chain=forward comment=\
"Drop access to LAN from restricted networks" dst-address-list=\
internal_trusted reject-with=icmp-net-prohibited src-address-list=\
internal_restricted
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface="VLAN10"
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat disabled=yes out-interface="VLAN10" \
src-address-list=internal_restricted
add action=dst-nat chain=dstnat disabled=yes dst-port=7510 in-interface=ether1 \
protocol=tcp to-addresses=192.168.88.254 to-ports=7510
add action=dst-nat chain=dstnat disabled=yes dst-port=36661 in-interface=\
ether1 protocol=tcp to-addresses=192.168.2.28 to-ports=36661
add action=masquerade chain=srcnat out-interface=bridge
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp interfaces
add interface=bridge type=internal
/lcd
set backlight-timeout=30s
/system clock
set time-zone-name=Pacific/Auckland
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN