Salve,
sono anni che cerco in lungo e in largo una soluzione ma non trovo nulla.
In poche parole, quando la rete internet e' collegata con il Mikrotik lo sky q pur avendo la connessione perfettamente funzionante mostra sempre errore di mancanza connessione sull'on demand.
Praticamente ho il servizio sky a meta'...
Avevo risolto tempo fa attestando solo gli apparati sky su un router Asus... il problema e' che si e' guastato proprio ieri sera, e non potendo al momento sostituirlo sono ritornato sul mikrotik ma con questo problema.

Qualcuno ha avuto lo stesso problema ed e' riuscito a risolvere?
Sento che e' solo un questione di impostazioni, ma potrei sbagliarmi...

    LorenzoLaRocca se fai autenticazione PPPoE prova ad abbassare il TCP MSS con le regole di mangle

    Ad esempio, prendo dalla wiki mikrotik:

    /ip firewall mangle
    add out-interface=pppoe-out protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward tcp-mss=1301-65535

      giusgius new-mss=1300

      1300? 😢

      Forse si può mettere solo se la connessione origina dall'IP dello Sky Q?
      Perchè buttare il 14% di efficienza da tutta la rete mi sembra un po' uno spreco.


      Comunque a me con TIM (e RB4011) funziona Sky Q Black

        edofullo 1300 come test per essere eccessivi, poi bisogna trovare il valore giusto

        giusgius ho provato ma non e' cambiato nulla... sempre mi dice che manca la connessione...

        edofullo il mio cmq e' il platinum con 3 mini sotto di lui...ma se non va il platinum non vanno neanche i mini...

        no comunque non dipende dalla connessione ma proprio dal router... finora ha funzionato solo con l'asus e quando avevo wind con il DLink.... ho provato anche ad usare l'orbi come router invece che solo access point e non va neanche con il netgear... onestamente non so da cosa dipenda...

        • Max6502 ha risposto a questo messaggio

          hai concesso accesso a tutto? lo SkyQ può pingare il router? Perché se non ci riesce ti dice che non è connesso ad internet :\

          Non è un problema del mikrotik in quanto tale ma sicuramente di configurazione dello stesso, a me funziona egregiamente senza alcun problema, sicuramente c'è qualche filtro o qualche impostazione bislacca. Prova ad incollare (come codice) il risultato di

          export hide-sensitive

          Vediamo come lo hai impostato

            Heavy grazie, ecco l'export

            # sep/30/2022 18:43:08 by RouterOS 7.5
            # software id = 432Z-MUG8
            #
            # model = CCR1009-7G-1C-1S+
            # serial number = 79AD06955BFE
            /interface pptp-client
            add connect-to=it-mil.vpnunlimitedapp.com name="VPN Unlimited IT" user=KS1-cb803f35659ac544b8598caa86c36e30:####
            add connect-to=it1.zoogvpn.com mrru=1600 name="ZoogVPN PPTP IT" user=####
            /interface bridge
            add dhcp-snooping=yes igmp-snooping=yes igmp-version=3 mld-version=2 multicast-querier=yes multicast-router=permanent name=bridge1-LAN protocol-mode=none
            /interface ethernet
            set [ find default-name=combo1 ] auto-negotiation=no disabled=yes name=combo1-GPON
            set [ find default-name=ether1 ] loop-protect=on name=ether1-GPON rx-flow-control=auto speed=100Mbps tx-flow-control=auto
            set [ find default-name=ether2 ] name=ether2-LTE-Wind-Huawei rx-flow-control=auto speed=100Mbps tx-flow-control=auto
            set [ find default-name=ether3 ] name=ether3-LTE-Alpsim rx-flow-control=auto speed=100Mbps tx-flow-control=auto
            set [ find default-name=ether4 ] name=ether4-VodafoneStation rx-flow-control=auto speed=100Mbps tx-flow-control=auto
            set [ find default-name=ether5 ] name=ether5-LAN rx-flow-control=auto speed=100Mbps tx-flow-control=auto
            set [ find default-name=ether6 ] name=ether6-LAN-Airport rx-flow-control=auto speed=100Mbps tx-flow-control=auto
            set [ find default-name=ether7 ] name=ether7-LAN-SkyQ rx-flow-control=auto speed=100Mbps tx-flow-control=auto
            set [ find default-name=sfp-sfpplus1 ] advertise=1000M-full auto-negotiation=no disabled=yes speed=1Gbps
            /interface ovpn-server
            add disabled=yes name=ovpn-in1 user=####
            /interface l2tp-server
            add disabled=yes name=l2tp-in1 user=####
            /interface l2tp-client
            add allow-fast-path=yes connect-to=it-mil01.unlocator.com name="Unlocator VPN IT" use-ipsec=yes use-peer-dns=yes user=####.larocca@mac.com
            /interface wireguard
            add disabled=yes listen-port=13231 mtu=1420 name=wireguard1
            /interface vlan
            add interface=ether1-GPON name="Pianeta Fibra FTTH VLAN" vlan-id=835
            /interface pppoe-client
            add add-default-route=yes disabled=no interface="Pianeta Fibra FTTH VLAN" name="Pianeta Fibra PPPoE" user=sef003957
            /interface lte apn
            set [ find default=yes ] apn=internet.wind authentication=chap ip-type=ipv4 name=wind use-network-apn=no
            /interface wireless security-profiles
            set [ find default=yes ] supplicant-identity=MikroTik
            /ip dhcp-client option
            add code=60 name=fastweb value="'Technicolor_DGA4131FWB/dslforum.org'"
            /ip firewall layer7-protocol
            add name=BITTORRENT regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
            add name=BITTORRENT_ANNOUNCE regexp=^get.+announce.
            add name=Paypal regexp=.paypal.com+.
            add name=whatsmyip regexp=.whatsmyip+.
            /ip hotspot profile
            add hotspot-address=192.168.88.1 name=hsprof1
            /ip ipsec mode-config
            add connection-mark=NordVPN name=NordVPN responder=no
            /ip ipsec peer
            add disabled=yes name=peer_9 passive=yes
            /ip ipsec policy group
            add name=NordVPN
            /ip ipsec profile
            set [ find default=yes ] dh-group=modp1024 enc-algorithm=aes-256 hash-algorithm=sha256
            add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha512 name=NordVPN proposal-check=claim
            /ip ipsec peer
            add address=it147.nordvpn.com disabled=yes exchange-mode=ike2 name=NordVPN profile=NordVPN
            /ip ipsec proposal
            set [ find default=yes ] auth-algorithms=sha512,sha256,sha1 enc-algorithms=aes-256-cbc,aes-256-gcm,aes-192-cbc,aes-192-gcm,aes-128-cbc,aes-128-gcm,blowfish,twofish pfs-group=none
            add auth-algorithms=sha512,sha256,sha1 enc-algorithms=aes-256-cbc name=NordVPN pfs-group=none
            /ip pool
            add name=dhcp_pool0 ranges=192.168.2.60-192.168.2.250
            add name=pool1 ranges=192.168.1.100-192.168.1.250
            add name=hs-pool-11 ranges=192.168.88.2-192.168.88.254
            add name="SkyQ Pool" ranges=192.168.5.50-192.168.5.59
            /ip dhcp-server
            add address-pool=dhcp_pool0 interface=bridge1-LAN lease-time=1h name=dhcp1
            add address-pool="SkyQ Pool" interface=ovpn-in1 name="SkyQ DHCP"
            add address-pool="SkyQ Pool" interface=ether7-LAN-SkyQ lease-time=1h name=dhcp_skyq
            /ipv6 dhcp-server
            add address-pool=pf_ip6_pool interface=bridge1-LAN name=pf_ip6_server
            /port
            set 0 name=serial0
            set 1 name=serial1
            /ppp profile
            add change-tcp-mss=yes local-address=192.168.5.15 name=server only-one=no remote-address="SkyQ Pool" use-compression=no use-encryption=yes use-ipv6=no use-upnp=no
            /interface sstp-client
            add authentication=mschap2 connect-to=milan.hide.me name="Hide.me VPN SSTP IT" profile=default-encryption user=kalimaa@mikrotikit
            add authentication=mschap2 connect-to=87.101.95.203 name="Hide.me VPN SSTP US" profile=default-encryption user=kalimaa@mikrotikus
            /queue simple
            add disabled=yes max-limit=10M/0 name=Synology target=192.168.2.149/32
            add burst-limit=10M/70M burst-time=5s/5s disabled=yes max-limit=5M/50M name=P2P packet-marks=P2P target=bridge1-LAN,bridge1-LAN
            add disabled=yes max-limit=10M/0 name=Asgaard queue=default/default target=192.168.2.125/32,192.168.2.150/32 total-queue=default
            /routing bgp template
            set default disabled=no output.network=bgp-networks
            /routing ospf instance
            add disabled=no name=default-v2
            add disabled=no name=default-v3 version=3
            /routing ospf area
            add disabled=yes instance=default-v2 name=backbone-v2
            add disabled=yes instance=default-v3 name=backbone-v3
            /routing table
            add fib name=Fibra
            add fib name="My Connection"
            add fib name="VPN IT"
            add fib name="ExpressVPN IT"
            add fib name="VPN US"
            add fib name="Hide.me IT"
            /snmp community
            set [ find default=yes ] addresses=0.0.0.0/0
            /user group
            set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,rest-api
            /interface bridge port
            add bridge=bridge1-LAN hw=no ingress-filtering=no interface=ether6-LAN-Airport
            add bridge=bridge1-LAN fast-leave=yes ingress-filtering=no interface=ether5-LAN learn=yes multicast-router=permanent
            /ip neighbor discovery-settings
            set discover-interface-list=!dynamic
            /ip settings
            set accept-redirects=yes accept-source-route=yes max-neighbor-entries=8192 tcp-syncookies=yes
            /ipv6 settings
            set max-neighbor-entries=8192
            /interface l2tp-server server
            set default-profile=server enabled=yes use-ipsec=yes
            /interface ovpn-server server
            set auth=sha1 certificate="OVPN server" cipher=aes256 default-profile=server enabled=yes mode=ethernet
            /interface pptp-server server
            # PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
            set enabled=yes
            /ip address
            add address=192.168.88.1/24 interface=bridge1-LAN network=192.168.88.0
            add address=192.168.2.1/24 interface=bridge1-LAN network=192.168.2.0
            add address=192.168.3.1/24 interface=ether1-GPON network=192.168.3.0
            add address=192.168.1.3/24 disabled=yes interface=combo1-GPON network=192.168.1.0
            add address=192.168.5.15/24 interface=ovpn-in1 network=192.168.5.0
            add address=192.168.5.49 interface=ether7-LAN-SkyQ network=192.168.5.0
            /ip cloud
            set ddns-enabled=yes
            /ip dhcp-client
            add add-default-route=no !dhcp-options interface=ether2-LTE-Wind-Huawei use-peer-dns=no use-peer-ntp=no
            add add-default-route=no interface=ether3-LTE-Alpsim use-peer-dns=no
            /ip dhcp-server lease
            add address=192.168.2.2 always-broadcast=yes comment=GigasetPhone mac-address=7C:2F:80:84:F1:E9 server=dhcp1
            add address=192.168.2.149 always-broadcast=yes comment=SynologyDS415 lease-time=1d mac-address=00:11:32:38:34:F7 server=dhcp1
            add address=192.168.2.152 always-broadcast=yes client-id=1:a4:2b:b0:15:ea:d7 mac-address=A4:2B:B0:15:EA:D7 server=dhcp1
            add address=192.168.2.171 comment="Netgear Switch" lease-time=1d mac-address=8C:3B:AD:22:B7:38 server=dhcp1
            add address=192.168.2.150 client-id=1:28:f0:76:b:57:6a mac-address=28:F0:76:0B:57:6A server=dhcp1
            add address=192.168.2.129 always-broadcast=yes comment=SMA lease-time=2d mac-address=00:40:AD:97:0C:DD server=dhcp1
            add address=192.168.2.3 client-id=1:0:d:65:1c:f8:f mac-address=00:0D:65:1C:F8:0F server=dhcp1
            add address=192.168.2.125 client-id=1:38:c9:86:22:b3:c0 mac-address=38:C9:86:22:B3:C0 server=dhcp1
            add address=192.168.2.67 client-id=1:0:8a:76:f3:38:e0 mac-address=00:8A:76:F3:38:E0 server=dhcp1
            /ip dhcp-server network
            add address=192.168.2.0/24 dns-server=208.67.222.222,208.67.220.220 gateway=192.168.2.1 netmask=24 ntp-server=192.168.2.1
            add address=192.168.5.0/24 dns-server=208.67.222.222,208.67.220.220 gateway=192.168.5.49 netmask=24
            add address=192.168.88.0/24 comment="hotspot network" gateway=192.168.88.1
            /ip dns
            set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220
            /ip firewall address-list
            add address=paypal.com list=paypal
            add address=whatsmyip.com list=whatsmyip
            add address=www.paypal.com list=paypal
            add address=paypalobjects.com list=paypal
            add address=151.54.225.66 list=Blocklist
            add address=api.paypal.com list=paypal
            add address=api-3t.paypal.com list=paypal
            add address=api-aa.paypal.com list=paypal
            add address=api-aa-3t.paypal.com list=paypal
            add address=svcs.paypal.com list=paypal
            add address=accounts.paypal.com list=paypal
            add address=batch.paypal.com list=paypal
            add address=disputes.paypal.com list=paypal
            add address=notify.paypal.com list=paypal
            add address=reports.paypal.com list=paypal
            add address=ipnpb.paypal.com list=paypal
            add address=mobile.paypal.com list=paypal
            add address=m.paypal.com list=paypal
            add address=pointofsale.paypal.com list=paypal
            add address=www.paypalobjects.com list=paypal
            add address=192.168.2.112 list="VPN Exlusion List"
            add address=192.168.2.127 list="VPN Exlusion List"
            add address=192.168.2.2 list="VPN Exlusion List"
            add address=192.168.2.110 list="VPN Exlusion List"
            add address=192.168.2.182 list="VPN Exlusion List"
            add address=192.168.2.88 list="VPN Exlusion List"
            add address=192.168.2.104 list="VPN Exlusion List"
            add address=192.168.2.108 list="VPN Exlusion List"
            add address=192.168.2.3 list="VPN Exlusion List"
            add address=192.168.2.78 list="VPN Exlusion List"
            add address=192.168.2.62 list="VPN Exlusion List"
            add address=192.168.2.103 list="VPN Exlusion List"
            add address=192.168.2.0/24 list="VPN List"
            add address=192.168.2.67 list="VPN Exlusion List"
            add address=192.168.2.102 list="VPN Exlusion List"
            add address=192.168.2.61 list="VPN Exlusion List"
            add address=192.168.2.68 list="VPN Exlusion List"
            add address=192.168.2.93 list="VPN Exlusion List"
            add address=8.8.8.8 list="Unlocator Block"
            add address=8.8.4.4 list="Unlocator Block"
            add address=37.77.184.0 list="Unlocator Block"
            add address=45.57.0.0 list="Unlocator Block"
            add address=185.2.220.0 list="Unlocator Block"
            add address=198.45.48.0 list="Unlocator Block"
            add address=192.168.2.79 disabled=yes list=NordVPN
            add address=192.168.2.149 disabled=yes list=NordVPN
            add address=192.168.2.0/24 disabled=yes list=NordVPN
            add address=#### list=WAN-IP
            /ip firewall filter
            add action=accept chain=input in-interface=bridge1-LAN
            add action=drop chain=forward disabled=yes dst-address-list="Unlocator Block"
            add action=accept chain=input dst-port=1194 protocol=tcp
            add action=accept chain=input comment="IPSec ESP" protocol=ipsec-esp
            add action=accept chain=input comment="IPSec NAT-T" dst-port=4500 protocol=udp
            add action=accept chain=input comment="IPSec L2TP" dst-port=1701 protocol=udp
            add action=accept chain=input comment="IPSec ISAKMP" dst-port=500 protocol=udp
            add action=accept chain=input comment="Accept Established and Related" connection-state=established,related
            add action=accept chain=input dst-port=5001,80,443,32400 protocol=tcp
            add action=accept chain=input dst-port=8080,8443,8291 in-interface=bridge1-LAN protocol=tcp
            # ovpn-in1 not ready
            add action=accept chain=input dst-port=8080,8443,8291 in-interface=ovpn-in1 protocol=tcp
            add action=accept chain=input dst-port=16881,26881,51767 protocol=tcp
            add action=accept chain=input dst-port=5060,5090,9000-9398 protocol=tcp
            add action=drop chain=input dst-port=25,143,993 protocol=tcp
            add action=drop chain=input dst-port=22,8291,8080,8443 protocol=tcp
            add action=drop chain=input comment="Drop Invalid" connection-state=invalid
            add action=drop chain=input comment="Default Drop" connection-state=""
            /ip firewall mangle
            add action=change-mss chain=forward disabled=yes new-mss=1300 out-interface="Pianeta Fibra PPPoE" passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1301-65535
            add action=route chain=prerouting disabled=yes dst-port=53 passthrough=no protocol=udp route-dst=81.17.17.170 src-address=192.168.2.146
            add action=route chain=prerouting comment="Only DNS Unlocator" disabled=yes dst-port=53 passthrough=no protocol=udp route-dst=8.8.8.8 src-address=192.168.2.50
            add action=mark-packet chain=prerouting comment="Torrent Announce" layer7-protocol=BITTORRENT_ANNOUNCE new-packet-mark=P2P passthrough=yes
            add action=mark-packet chain=prerouting comment=Torrent layer7-protocol=BITTORRENT new-packet-mark=P2P passthrough=yes
            add action=mark-routing chain=prerouting comment="Win 10 Pro Parallels" disabled=yes new-routing-mark="My Connection" passthrough=no src-address=192.168.2.144
            add action=mark-routing chain=prerouting comment="vpn exclusion" disabled=yes new-routing-mark=main passthrough=no src-address-list="VPN Exlusion List"
            add action=mark-connection chain=prerouting comment="entire network to vpn" disabled=yes new-connection-mark=NordVPN passthrough=yes src-address=192.168.2.0/24
            add action=mark-routing chain=prerouting disabled=yes new-routing-mark=Fibra passthrough=no src-address=192.168.2.125
            add action=mark-routing chain=prerouting disabled=yes new-routing-mark="VPN IT" passthrough=yes src-address=192.168.2.0/24
            add action=mark-routing chain=prerouting disabled=yes new-routing-mark="VPN IT" packet-mark=P2P passthrough=no
            /ip firewall nat
            add action=accept chain=dstnat dst-port=4500,1701,500 protocol=udp to-addresses=192.168.2.149
            add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=192.168.2.149 out-interface=bridge1-LAN src-address=192.168.2.0/24
            add action=masquerade chain=srcnat out-interface=combo1-GPON
            add action=masquerade chain=srcnat out-interface=ether1-GPON
            add action=masquerade chain=srcnat out-interface=ether2-LTE-Wind-Huawei
            add action=masquerade chain=srcnat out-interface=ether3-LTE-Alpsim
            add action=masquerade chain=srcnat out-interface=ether7-LAN-SkyQ
            add action=masquerade chain=srcnat out-interface="Pianeta Fibra PPPoE"
            # ovpn-in1 not ready
            add action=masquerade chain=srcnat out-interface=ovpn-in1
            add action=dst-nat chain=dstnat comment="voip x siemens" dst-port=5060,5090,9000-9398 protocol=tcp to-addresses=192.168.2.2
            add action=dst-nat chain=dstnat comment=synology dst-address-list=WAN-IP dst-port=5000,5001 protocol=tcp to-addresses=192.168.2.149
            add action=dst-nat chain=dstnat dst-port=5000,5001 protocol=tcp to-addresses=192.168.2.149
            add action=dst-nat chain=dstnat comment="synology web" dst-address-list=WAN-IP dst-port=80 protocol=tcp to-addresses=192.168.2.149
            add action=dst-nat chain=dstnat dst-address-list=WAN-IP dst-port=443,8443 protocol=tcp to-addresses=192.168.2.149
            add action=dst-nat chain=dstnat comment="synology mail" disabled=yes dst-port=25,465,587,143,993 in-interface="Pianeta Fibra PPPoE" protocol=tcp to-addresses=192.168.2.149
            add action=dst-nat chain=dstnat comment="synology plex" dst-address-list=WAN-IP dst-port=32400 protocol=tcp to-addresses=192.168.2.149
            add action=dst-nat chain=dstnat dst-port=32400 protocol=tcp to-addresses=192.168.2.149
            add action=dst-nat chain=dstnat comment="synology bittorrent" dst-port=16881,26881 protocol=tcp to-addresses=192.168.2.149
            add action=dst-nat chain=dstnat comment="qBittorent Asgaard" dst-port=51767 protocol=tcp to-addresses=192.168.2.125
            /ip firewall service-port
            set h323 disabled=yes
            set sip disabled=yes sip-timeout=10m
            /ip hotspot user
            add name=admin
            /ip ipsec identity
            add auth-method=eap certificate="" eap-methods=eap-mschapv2 generate-policy=port-strict mode-config=NordVPN peer=NordVPN policy-template-group=NordVPN username=M9dQx1LuxRCVr8huWGLonS8U
            /ip ipsec policy
            add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0 template=yes
            /ip route
            add check-gateway=arp disabled=yes distance=1 dst-address=0.0.0.0/0 gateway="Pianeta Fibra PPPoE" pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 vrf-interface="Pianeta Fibra PPPoE"
            add check-gateway=ping disabled=yes distance=3 dst-address=0.0.0.0/0 gateway=192.168.0.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
            add check-gateway=ping disabled=yes distance=2 dst-address=0.0.0.0/0 gateway=192.168.8.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
            add check-gateway=ping disabled=no distance=1 dst-address="" gateway=192.168.0.1 routing-table=main suppress-hw-offload=no
            /ip service
            set telnet disabled=yes
            set www port=8080
            set www-ssl disabled=no port=8443
            /ip ssh
            set allow-none-crypto=yes forwarding-enabled=remote
            /ip traffic-flow
            set interfaces=ether3-LTE-Alpsim
            /ip upnp
            set enabled=yes
            /ip upnp interfaces
            add interface=bridge1-LAN type=internal
            add interface=*A type=external
            /ipv6 address
            add address=::1 from-pool=pf_ip6_pool interface=bridge1-LAN
            /ipv6 dhcp-client
            add add-default-route=yes interface="Pianeta Fibra PPPoE" pool-name=pf_ip6_pool prefix-hint=::/56 request=prefix
            /ipv6 firewall filter
            add action=accept chain=input connection-state=established,related
            add action=accept chain=input dst-port=22,8291,8080,8443 in-interface=bridge1-LAN protocol=tcp
            add action=drop chain=input dst-port=22,8291,8080,8443 protocol=tcp
            add action=drop chain=input comment="drop invalid" connection-state=invalid
            add action=drop chain=input disabled=yes
            /ipv6 nd
            set [ find default=yes ] advertise-dns=no
            /lcd
            set time-interval=daily
            /ppp secret
            add name=#### profile=server
            /routing igmp-proxy interface
            add
            /system clock
            set time-zone-name=Europe/Rome
            /system logging
            add prefix=ipsec topics=ipsec
            add topics=lte
            /system ntp client
            set enabled=yes
            /system ntp client servers
            add address=193.204.114.233
            add address=188.213.165.209
            /system scheduler
            add disabled=yes interval=1d name=LTE-Night on-event=night policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jul/14/2017 start-time=00:01:00
            add disabled=yes interval=1d name=LTE-Day on-event=day policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jul/14/2017 start-time=07:58:00
            /system script
            add dont-require-permissions=no name=fibra_up owner=admin policy=read,write source="ip route set [/ip route find where !routing-mark and dst-address=0.0.0.0/0] gateway=\"Vodafone PPPoE\""
            add dont-require-permissions=no name=fibra_down owner=admin policy=read,write source="ip route set [/ip route find where !routing-mark and dst-address=0.0.0.0/0]  gateway=192.168.8.1"
            add dont-require-permissions=no name=night owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
                ":ip route set [/ip route find where !routing-mark and dst-address=0.0.0.0/0]  gateway=192.168.3.1;\r\
                \n:foreach i in=[/ip firewall connection find dst-address~\":5060\" protocol~\"udp\"] do={\r\
                \n/ip firewall connection remove \$i\r\
                \n}"
            add dont-require-permissions=no name=day owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
                ":ip route set [/ip route find where !routing-mark and dst-address=0.0.0.0/0] gateway=pppoe-fibra;\r\
                \n:foreach i in=[/ip firewall connection find dst-address~\":5060\" protocol~\"udp\"] do={\r\
                \n/ip firewall connection remove \$i\r\
                \n}"
            add dont-require-permissions=no name=clear-SIP owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":foreach i in=[/ip firewall connection find dst-address~\":5060\" protocol~\"udp\"] do={\r\
                \n/ip firewall connection remove \$i\r\
                \n}"
            /tool graphing interface
            add
            /tool netwatch
            add disabled=no down-script="fibra_down\
                \nclear-SIP" host=208.67.222.222 interval=1s timeout=1s500ms type=simple up-script="fibra_up\
                \nclear-SIP"

            la subnet 192.168.5.0 dedicata a sky q l'ho appena impostata, ennesimo tentativo di risolvere il problema... ho anche tolto la porta su cui e' collegato il platinum dal bridge nel tentativo di creare lan separata...

            LorenzoLaRocca probabilmente non è il tuo caso ma io ho risolto un problema tra telecamera e rb4011 che si connetteva in maniera randomica cambiando il cavo con un cat5e nuovo! (evidentemente il mikrotik soffriva col cavo usurato)

              Max6502 posso anche provare con un cavo nuovo... ma il fatto e' che il platinum la connessione la vede, l'assegnazione ip e' stabile... la spunta verde c'e'... solo che poi non funziona l'on demand e mi da questo errore di connessione che non dovrebbe...

              • stich86 ha risposto a questo messaggio

                LorenzoLaRocca ti ripeto… su quella subnet riesci a pingare il gateway? Vedo che c’è una drop di default, se il platinum non pinga il suo GW, anche se ti dice tutto ok (per quel check fa una chiamata HTTP), l’ondemand ti da quell’errore

                  stich86 non so se c'e' un modo per lanciare un ping da uno sky q, ad ogni modo ho preso spunto da quanto hai detto ed ho fatto un po' di modifiche, ho tolto la subnet aggiuntiva che avevo fatto, ho rimesso la porta dello skyq nel bridge ed infine ho messo in cima al firewall una rule accept per tutto il traffico in entrata di tutte le porte lan e del bridge... funziona.
                  Ho fatto tante modifiche e non sono sicuro cosa sia stato esattamente perché' inizialmente continuava a dare il problema... ma sembra che abbia risolto.
                  Ti ringrazio quindi per lo spunto e ringrazio tutti quanti intervenuti.

                  per la verita' ho anche disattivato ipv6.... poteva essere questo?

                  un aggiornamento.... il problema ora e' tornato ma sembra essere legato alla connessione di pianeta fibra.
                  Ho 2 wan, quella di pianeta fibra ed una LTE con alpsim (vodafone) di backup.
                  Ho notato che quando uso alpsim l'on demand funziona benissimo, mentre se instrado su pianeta fibra non funziona più'...
                  da cosa puo' dipendere? puo' essere un problema legato agli attacchi ddos?

                    LorenzoLaRocca puo' essere un problema legato agli attacchi ddos?

                    Non credo, hai NAT, IP Dinamico o IP Statico?

                    Se hai IP dinamico prova a farti cambiare IP.

                    stich86 Confermo che al 99% il problema è questo, lo Sky Q fa un ping ogni 30 secondi verso il gateway e se questo non risponde comincia a floodarlo di molte richieste al secondo e si disconnette. Prova a fare un packet capture dal router e controlla se i ping da parte dello Sky Q vengono correttamente risposti dal Mikrotik.

                    • stich86 ha risposto a questo messaggio

                      fl4co ne so qualcosa, mi hanno fatto diventare scemo. Non gli bastava il check su connectivity.sky.com 😂

                      • fl4co ha risposto a questo messaggio

                        stich86 Io me ne sono accorto perché tengo lo Sky Q su una VLAN a parte con client isolation, quindi non riusciva a pingare il router. Ho aggiunto una regola del firewall e ho risolto.

                        Vediamo se anche l'OP ha lo stesso problema.

                        • spicci ha risposto a questo messaggio

                          Informativa privacy - Informativa cookie - Termini e condizioni - Regolamento - Disclaimer - 🏳️‍🌈
                          P.I. IT16712091004 - info@fibraclick.it

                          ♻️ Il server di questo sito è alimentato al 100% con energia rinnovabile