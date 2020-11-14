So after 1.5 years or so of not touching my router, my connection starts to drop out (connected to router but no internet). At first for a few hours but now for days, sometime it reconnect for a few minutes before dropping out long term again. Can anyone take a look at this export file? I'm not sure what changed or what I'm doing wrong

in the meantime, my VOIP phone connected to ethernet2 is still has dial tone...

# nov/14/2020 16:25:55 by RouterOS 6.47.7

# software id = C3EC-GME3

#

# model = 2011UiAS-2HnD

# serial number = 0

/interface bridge

add admin-mac=E4:8D:8C:7B:A7:35 auto-mac=no comment=defconf name=bridge

add fast-forward=no name=bridge_vlan20

/interface wireless

set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\

20/40mhz-Ce country=no_country_set disabled=no distance=indoors frequency=\

auto frequency-mode=manual-txpower mode=ap-bridge ssid=MikroTik-7BA73E \

station-roaming=enabled wireless-protocol=802.11

/interface vlan

add interface=ether1 name="VLAN10" vlan-id=10

/interface list

add comment=defconf name=WAN

add comment=defconf name=LAN

/interface wireless security-profiles

set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" \

group-ciphers=tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \

unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=password \

wpa2-pre-shared-key=password

add authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm \

management-protection=allowed mode=dynamic-keys name=guestWifi \

supplicant-identity="" unicast-ciphers=tkip,aes-ccm wpa2-pre-shared-key=\

password

/interface wireless

add disabled=no keepalive-frames=disabled mac-address=E6:8D:8C:7B:A7:3E \

master-interface=wlan1 multicast-buffering=disabled name=guestWifi \

security-profile=guestWifi ssid=Netgear station-roaming=enabled vlan-id=20 \

vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled

/interface vlan

add interface=guestWifi name=vlan_20 vlan-id=20

/ip dhcp-server

add add-arp=yes disabled=no interface=bridge lease-time=1h10m name=defconf

/ip pool

add name=dhcp ranges=192.168.88.10-192.168.88.254

add name=guestPool ranges=192.168.2.20-192.168.2.220

/ip dhcp-server

# DHCP server can not run on slave interface!

add address-pool=guestPool authoritative=after-2sec-delay disabled=no \

interface=guestWifi lease-time=3h name=guestDHCP

add address-pool=guestPool disabled=no interface=bridge_vlan20 lease-time=40m \

name=dhcp1

/user group

set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pass\

word,web,sniff,sensitive,api,romon,dude,tikapp"

/interface bridge filter

add action=drop chain=input dst-port=68 in-interface=wlan1 ip-protocol=udp \

mac-protocol=ip

/interface bridge port

add bridge=bridge comment=defconf interface=ether2

add bridge=bridge comment=defconf interface=ether3

add bridge=bridge comment=defconf interface=ether4

add bridge=bridge comment=defconf interface=ether5

add bridge=bridge comment=defconf interface=ether6

add bridge=bridge comment=defconf interface=ether7

add bridge=bridge comment=defconf interface=ether8

add bridge=bridge comment=defconf interface=ether9

add bridge=bridge comment=defconf interface=ether10

add bridge=bridge comment=defconf interface=sfp1

add bridge=bridge comment=defconf interface=wlan1

add bridge=bridge_vlan20 interface=guestWifi

add bridge=bridge_vlan20 interface=vlan_20

add bridge=bridge disabled=yes interface=ether1

/ip neighbor discovery-settings

set discover-interface-list=LAN

/interface detect-internet

set detect-interface-list=all internet-interface-list=all lan-interface-list=\

all wan-interface-list=all

/interface list member

add interface=ether2 list=LAN

add interface=ether3 list=LAN

add interface=ether4 list=LAN

add interface=ether5 list=LAN

add interface=ether6 list=LAN

add interface=ether7 list=LAN

add interface=ether8 list=LAN

add interface=ether9 list=LAN

add interface=ether10 list=LAN

add interface=sfp1 list=LAN

add interface=ether1 list=WAN

add interface=wlan1 list=LAN

add interface=bridge list=LAN

/ip address

add address=192.168.2.1/24 comment=defconf interface=ether2 network=\

192.168.2.0

add address=192.168.2.1/24 interface=bridge_vlan20 network=192.168.2.0

/ip arp

add address=192.168.2.27 interface=bridge_vlan20 mac-address=9C:3D:CF:E0:BE:70

/ip dhcp-client

add disabled=no interface="VLAN10" use-peer-dns=no

add disabled=no interface=ether1

/ip dhcp-server lease

add address=192.168.88.254 client-id=1:0:1f:e1:cb:51:5d mac-address=\

00:1F:E1:CB:51:5D server=defconf

add address=192.168.88.253 client-id=1:ac:5f:3e:ba:ee:5c mac-address=\

AC:5F:3E:BA:EE:5C server=defconf

add address=192.168.88.249 client-id=1:68:7f:74:58:c0:90 mac-address=\

68:7F:74:58:C0:90 server=defconf

add address=192.168.88.247 client-id=1:5c:f9:38:3:aa:9c mac-address=\

5C:F9:38:03:AA:9C server=defconf

add address=192.168.88.246 client-id=1:60:6c:66:c7:c:81 mac-address=\

60:6C:66:C7:0C:81 server=defconf

/ip dhcp-server network

add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24

add address=192.168.2.0/24 dns-server=45.71.185.100,207.148.83.241 gateway=\

192.168.2.1 netmask=24

add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1

/ip dns

set servers=1.1.1.1,172.105.162.206

/ip firewall address-list

add address=192.168.2.0/24 list=internal_restricted

add address=192.168.88.0/24 list=internal_trusted

/ip firewall filter

add action=accept chain=input comment=\

"defconf: accept established,related,untracked" connection-state=\

established,related,untracked

add action=drop chain=input comment="defconf: drop invalid" connection-state=\

invalid

add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp

add action=drop chain=input comment="defconf: drop all not coming from LAN" \

in-interface="VLAN10"

add action=accept chain=forward comment="defconf: accept in ipsec policy" \

ipsec-policy=in,ipsec

add action=accept chain=forward comment="defconf: accept out ipsec policy" \

ipsec-policy=out,ipsec

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \

connection-state=established,related

add action=accept chain=forward comment=\

"defconf: accept established,related, untracked" connection-state=\

established,related,untracked

add action=drop chain=forward comment="defconf: drop invalid" \

connection-state=invalid

add action=drop chain=forward comment=\

"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \

connection-state=new in-interface="VLAN10"

add action=reject chain=forward comment=\

"Drop access to LAN from restricted networks" dst-address-list=\

internal_trusted reject-with=icmp-net-prohibited src-address-list=\

internal_restricted

/ip firewall nat

add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\

out,none out-interface="VLAN10"

add action=masquerade chain=srcnat out-interface-list=WAN

add action=masquerade chain=srcnat disabled=yes out-interface="VLAN10" \

src-address-list=internal_restricted

add action=dst-nat chain=dstnat disabled=yes dst-port=7510 in-interface=ether1 \

protocol=tcp to-addresses=192.168.88.254 to-ports=7510

add action=dst-nat chain=dstnat disabled=yes dst-port=36661 in-interface=\

ether1 protocol=tcp to-addresses=192.168.2.28 to-ports=36661

add action=masquerade chain=srcnat out-interface=bridge

/ip ssh

set allow-none-crypto=yes forwarding-enabled=remote

/ip upnp interfaces

add interface=bridge type=internal

/lcd

set backlight-timeout=30s

/system clock

set time-zone-name=Pacific/Auckland

/tool mac-server

set allowed-interface-list=LAN

/tool mac-server mac-winbox

set allowed-interface-list=LAN