внутри микротика весь трафик ходит через wireguard1/2
Работал 2 недели без нареканий. Вчера начало обрывать периодически доступ с локальной сети в мир интернета на 3-5 минут.
Сегодня с утра нет доступа к интернету воовсе.
Ping : доступ к любому ресурсу с вайргварда - пингуется
без интерефейса пишет - No route to host
с бриджа или любого локального порта - таймаут
# 2023-11-09 09:42:08 by RouterOS 7.11.2
# software id = 16Q4-V1VU
#
# model = RBD52G-5HacD2HnD
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=moldova disabled=no \
frequency-mode=manual-txpower hw-protection-mode=rts-cts mode=ap-bridge ssid=mdrulez
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=moldova disabled=no \
hw-protection-mode=rts-cts mode=ap-bridge ssid=mdrulez_5g
/interface wireguard
add comment="pq hosting" disabled=yes listen-port=13231 mtu=1420 name=wireguard1
add comment=Surfshurk listen-port=13232 mtu=1420 name=wireguard2
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.31.2-192.168.31.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge1 lease-time=1d30m name=dhcp1
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
add allowed-address=0.0.0.0/0 comment="pq hosting" disabled=yes endpoint-address=45.--.--.-- \
endpoint-port=58100 interface=wireguard1 persistent-keepalive=25s public-key=\
"SmdW1sxlsDIYObOhj1QiR-------v6RZqUp4r6l9TnE="
add allowed-address=0.0.0.0/0 comment=surfshurk endpoint-address=45.130.139.-- endpoint-port=51820 \
interface=wireguard2 persistent-keepalive=25s public-key="c8SPrUWVMjSm3xdZ-----dEo2TFmBDVKP+A+quHM="
/ip address
add address=10.71.0.110/23 disabled=yes interface=wireguard1 network=10.71.0.0
add address=10.14.0.2/16 interface=wireguard2 network=10.14.0.0
add address=192.168.31.1/24 interface=bridge1 network=192.168.31.0
/ip dhcp-client
add add-default-route=no interface=ether1 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.31.0/24 dns-server=162.252.172.57,149.154.159.92 gateway=192.168.31.1
/ip dns
set servers=162.252.172.57,149.154.159.92
/ip firewall filter
add action=accept chain=input comment=Winbox connection-state=new dst-port=55222 protocol=tcp src-address=\
0.0.0.0/0
add action=accept chain=input comment="accept establish s related" connection-state=established,related \
disabled=yes
add action=accept chain=forward comment="accept established,related" connection-state=established,related \
disabled=yes
add action=drop chain=input comment="drop invalid" connection-state=invalid disabled=yes
add action=drop chain=forward comment="drop invalid" connection-state=invalid disabled=yes
add action=drop chain=input comment="drop all not from lan" disabled=yes in-interface=!*8
add action=drop chain=input disabled=yes
add action=drop chain=forward disabled=yes
/ip firewall mangle
add action=change-mss chain=forward comment="qp hosting" disabled=yes new-mss=clamp-to-pmtu out-interface=\
wireguard1 passthrough=yes protocol=tcp tcp-flags=syn
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=wireguard2 passthrough=yes \
protocol=tcp tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=wireguard2
/ip route
add disabled=yes distance=2 dst-address=0.0.0.0/0 gateway=192.168.100.1 pref-src="" routing-table=main \
scope=30 suppress-hw-offload=no target-scope=10
add comment="Deffault getaway" disabled=yes distance=2 dst-address=0.0.0.0/0 gateway=wireguard2 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="\CE\E1\F0\E0\F2\ED\FB\E9 \EC\E0\F0\F8\F0\F3\F2 ( \EC\E5\ED\FF\E5\EC \EF\F0\E8 \F1\EC\E5\ED\E5 \
\EA\EE\ED\F4\E8\E3\E0)pq hosting" disabled=yes distance=2 dst-address=45.--.--.--/32 gateway=\
192.168.100.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Remote connection winbox" disabled=no distance=5 dst-address=217.19.0.0/16 gateway=\
192.168.100.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Remote connection winbox" disabled=no distance=5 dst-address=185.38.0.0/16 gateway=\
192.168.100.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="\CE\E1\F0\E0\F2\ED\FB\E9 \EC\E0\F0\F8\F0\F3\F2 ( \EC\E5\ED\FF\E5\EC \EF\F0\E8 \F1\EC\E5\ED\E5 \
\EA\EE\ED\F4\E8\E3\E0) surfshurk" disabled=no distance=1 dst-address=45.130.--.--/24 gateway=\
192.168.100.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="Deffault getaway" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
wireguard2 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=0.0.0.0/0 port=55222
set api-ssl disabled=yes
/system identity
set name=RouterOS
/system note
set show-at-login=no
# software id = 16Q4-V1VU
#
# model = RBD52G-5HacD2HnD
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=moldova disabled=no \
frequency-mode=manual-txpower hw-protection-mode=rts-cts mode=ap-bridge ssid=mdrulez
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=moldova disabled=no \
hw-protection-mode=rts-cts mode=ap-bridge ssid=mdrulez_5g
/interface wireguard
add comment="pq hosting" disabled=yes listen-port=13231 mtu=1420 name=wireguard1
add comment=Surfshurk listen-port=13232 mtu=1420 name=wireguard2
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.31.2-192.168.31.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge1 lease-time=1d30m name=dhcp1
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
add allowed-address=0.0.0.0/0 comment="pq hosting" disabled=yes endpoint-address=45.--.--.-- \
endpoint-port=58100 interface=wireguard1 persistent-keepalive=25s public-key=\
"SmdW1sxlsDIYObOhj1QiR-------v6RZqUp4r6l9TnE="
add allowed-address=0.0.0.0/0 comment=surfshurk endpoint-address=45.130.139.-- endpoint-port=51820 \
interface=wireguard2 persistent-keepalive=25s public-key="c8SPrUWVMjSm3xdZ-----dEo2TFmBDVKP+A+quHM="
/ip address
add address=10.71.0.110/23 disabled=yes interface=wireguard1 network=10.71.0.0
add address=10.14.0.2/16 interface=wireguard2 network=10.14.0.0
add address=192.168.31.1/24 interface=bridge1 network=192.168.31.0
/ip dhcp-client
add add-default-route=no interface=ether1 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.31.0/24 dns-server=162.252.172.57,149.154.159.92 gateway=192.168.31.1
/ip dns
set servers=162.252.172.57,149.154.159.92
/ip firewall filter
add action=accept chain=input comment=Winbox connection-state=new dst-port=55222 protocol=tcp src-address=\
0.0.0.0/0
add action=accept chain=input comment="accept establish s related" connection-state=established,related \
disabled=yes
add action=accept chain=forward comment="accept established,related" connection-state=established,related \
disabled=yes
add action=drop chain=input comment="drop invalid" connection-state=invalid disabled=yes
add action=drop chain=forward comment="drop invalid" connection-state=invalid disabled=yes
add action=drop chain=input comment="drop all not from lan" disabled=yes in-interface=!*8
add action=drop chain=input disabled=yes
add action=drop chain=forward disabled=yes
/ip firewall mangle
add action=change-mss chain=forward comment="qp hosting" disabled=yes new-mss=clamp-to-pmtu out-interface=\
wireguard1 passthrough=yes protocol=tcp tcp-flags=syn
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=wireguard2 passthrough=yes \
protocol=tcp tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=wireguard2
/ip route
add disabled=yes distance=2 dst-address=0.0.0.0/0 gateway=192.168.100.1 pref-src="" routing-table=main \
scope=30 suppress-hw-offload=no target-scope=10
add comment="Deffault getaway" disabled=yes distance=2 dst-address=0.0.0.0/0 gateway=wireguard2 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="\CE\E1\F0\E0\F2\ED\FB\E9 \EC\E0\F0\F8\F0\F3\F2 ( \EC\E5\ED\FF\E5\EC \EF\F0\E8 \F1\EC\E5\ED\E5 \
\EA\EE\ED\F4\E8\E3\E0)pq hosting" disabled=yes distance=2 dst-address=45.--.--.--/32 gateway=\
192.168.100.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Remote connection winbox" disabled=no distance=5 dst-address=217.19.0.0/16 gateway=\
192.168.100.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="Remote connection winbox" disabled=no distance=5 dst-address=185.38.0.0/16 gateway=\
192.168.100.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="\CE\E1\F0\E0\F2\ED\FB\E9 \EC\E0\F0\F8\F0\F3\F2 ( \EC\E5\ED\FF\E5\EC \EF\F0\E8 \F1\EC\E5\ED\E5 \
\EA\EE\ED\F4\E8\E3\E0) surfshurk" disabled=no distance=1 dst-address=45.130.--.--/24 gateway=\
192.168.100.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="Deffault getaway" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
wireguard2 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=0.0.0.0/0 port=55222
set api-ssl disabled=yes
/system identity
set name=RouterOS
/system note
set show-at-login=no