SkyQ Platinum e Mikrotik

LorenzoLaRocca

Salve,
sono anni che cerco in lungo e in largo una soluzione ma non trovo nulla.
In poche parole, quando la rete internet e' collegata con il Mikrotik lo sky q pur avendo la connessione perfettamente funzionante mostra sempre errore di mancanza connessione sull'on demand.
Praticamente ho il servizio sky a meta'...
Avevo risolto tempo fa attestando solo gli apparati sky su un router Asus... il problema e' che si e' guastato proprio ieri sera, e non potendo al momento sostituirlo sono ritornato sul mikrotik ma con questo problema.

Qualcuno ha avuto lo stesso problema ed e' riuscito a risolvere?
Sento che e' solo un questione di impostazioni, ma potrei sbagliarmi...

giusgius

LorenzoLaRocca se fai autenticazione PPPoE prova ad abbassare il TCP MSS con le regole di mangle

Ad esempio, prendo dalla wiki mikrotik:

/ip firewall mangle
add out-interface=pppoe-out protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward tcp-mss=1301-65535

edofullo

giusgius new-mss=1300

1300? 😢

Forse si può mettere solo se la connessione origina dall'IP dello Sky Q?
Perchè buttare il 14% di efficienza da tutta la rete mi sembra un po' uno spreco.

Comunque a me con TIM (e RB4011) funziona Sky Q Black

LorenzoLaRocca

giusgius ho provato ma non e' cambiato nulla... sempre mi dice che manca la connessione...

edofullo il mio cmq e' il platinum con 3 mini sotto di lui...ma se non va il platinum non vanno neanche i mini...

giusgius

edofullo 1300 come test per essere eccessivi, poi bisogna trovare il valore giusto

LorenzoLaRocca

edofullo

no comunque non dipende dalla connessione ma proprio dal router... finora ha funzionato solo con l'asus e quando avevo wind con il DLink.... ho provato anche ad usare l'orbi come router invece che solo access point e non va neanche con il netgear... onestamente non so da cosa dipenda...

Max6502

LorenzoLaRocca probabilmente non è il tuo caso ma io ho risolto un problema tra telecamera e rb4011 che si connetteva in maniera randomica cambiando il cavo con un cat5e nuovo! (evidentemente il mikrotik soffriva col cavo usurato)

stich86

hai concesso accesso a tutto? lo SkyQ può pingare il router? Perché se non ci riesce ti dice che non è connesso ad internet :\

Heavy

Non è un problema del mikrotik in quanto tale ma sicuramente di configurazione dello stesso, a me funziona egregiamente senza alcun problema, sicuramente c'è qualche filtro o qualche impostazione bislacca. Prova ad incollare (come codice) il risultato di

export hide-sensitive

Vediamo come lo hai impostato

LorenzoLaRocca

Heavy grazie, ecco l'export

# sep/30/2022 18:43:08 by RouterOS 7.5
# software id = 432Z-MUG8
#
# model = CCR1009-7G-1C-1S+
# serial number = 79AD06955BFE
/interface pptp-client
add connect-to=it-mil.vpnunlimitedapp.com name="VPN Unlimited IT" user=KS1-cb803f35659ac544b8598caa86c36e30:####
add connect-to=it1.zoogvpn.com mrru=1600 name="ZoogVPN PPTP IT" user=####
/interface bridge
add dhcp-snooping=yes igmp-snooping=yes igmp-version=3 mld-version=2 multicast-querier=yes multicast-router=permanent name=bridge1-LAN protocol-mode=none
/interface ethernet
set [ find default-name=combo1 ] auto-negotiation=no disabled=yes name=combo1-GPON
set [ find default-name=ether1 ] loop-protect=on name=ether1-GPON rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether2 ] name=ether2-LTE-Wind-Huawei rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether3 ] name=ether3-LTE-Alpsim rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether4 ] name=ether4-VodafoneStation rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether5 ] name=ether5-LAN rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether6 ] name=ether6-LAN-Airport rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=ether7 ] name=ether7-LAN-SkyQ rx-flow-control=auto speed=100Mbps tx-flow-control=auto
set [ find default-name=sfp-sfpplus1 ] advertise=1000M-full auto-negotiation=no disabled=yes speed=1Gbps
/interface ovpn-server
add disabled=yes name=ovpn-in1 user=####
/interface l2tp-server
add disabled=yes name=l2tp-in1 user=####
/interface l2tp-client
add allow-fast-path=yes connect-to=it-mil01.unlocator.com name="Unlocator VPN IT" use-ipsec=yes use-peer-dns=yes user=####.larocca@mac.com
/interface wireguard
add disabled=yes listen-port=13231 mtu=1420 name=wireguard1
/interface vlan
add interface=ether1-GPON name="Pianeta Fibra FTTH VLAN" vlan-id=835
/interface pppoe-client
add add-default-route=yes disabled=no interface="Pianeta Fibra FTTH VLAN" name="Pianeta Fibra PPPoE" user=sef003957
/interface lte apn
set [ find default=yes ] apn=internet.wind authentication=chap ip-type=ipv4 name=wind use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client option
add code=60 name=fastweb value="'Technicolor_DGA4131FWB/dslforum.org'"
/ip firewall layer7-protocol
add name=BITTORRENT regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
add name=BITTORRENT_ANNOUNCE regexp=^get.+announce.
add name=Paypal regexp=.paypal.com+.
add name=whatsmyip regexp=.whatsmyip+.
/ip hotspot profile
add hotspot-address=192.168.88.1 name=hsprof1
/ip ipsec mode-config
add connection-mark=NordVPN name=NordVPN responder=no
/ip ipsec peer
add disabled=yes name=peer_9 passive=yes
/ip ipsec policy group
add name=NordVPN
/ip ipsec profile
set [ find default=yes ] dh-group=modp1024 enc-algorithm=aes-256 hash-algorithm=sha256
add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha512 name=NordVPN proposal-check=claim
/ip ipsec peer
add address=it147.nordvpn.com disabled=yes exchange-mode=ike2 name=NordVPN profile=NordVPN
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha512,sha256,sha1 enc-algorithms=aes-256-cbc,aes-256-gcm,aes-192-cbc,aes-192-gcm,aes-128-cbc,aes-128-gcm,blowfish,twofish pfs-group=none
add auth-algorithms=sha512,sha256,sha1 enc-algorithms=aes-256-cbc name=NordVPN pfs-group=none
/ip pool
add name=dhcp_pool0 ranges=192.168.2.60-192.168.2.250
add name=pool1 ranges=192.168.1.100-192.168.1.250
add name=hs-pool-11 ranges=192.168.88.2-192.168.88.254
add name="SkyQ Pool" ranges=192.168.5.50-192.168.5.59
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge1-LAN lease-time=1h name=dhcp1
add address-pool="SkyQ Pool" interface=ovpn-in1 name="SkyQ DHCP"
add address-pool="SkyQ Pool" interface=ether7-LAN-SkyQ lease-time=1h name=dhcp_skyq
/ipv6 dhcp-server
add address-pool=pf_ip6_pool interface=bridge1-LAN name=pf_ip6_server
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
add change-tcp-mss=yes local-address=192.168.5.15 name=server only-one=no remote-address="SkyQ Pool" use-compression=no use-encryption=yes use-ipv6=no use-upnp=no
/interface sstp-client
add authentication=mschap2 connect-to=milan.hide.me name="Hide.me VPN SSTP IT" profile=default-encryption user=kalimaa@mikrotikit
add authentication=mschap2 connect-to=87.101.95.203 name="Hide.me VPN SSTP US" profile=default-encryption user=kalimaa@mikrotikus
/queue simple
add disabled=yes max-limit=10M/0 name=Synology target=192.168.2.149/32
add burst-limit=10M/70M burst-time=5s/5s disabled=yes max-limit=5M/50M name=P2P packet-marks=P2P target=bridge1-LAN,bridge1-LAN
add disabled=yes max-limit=10M/0 name=Asgaard queue=default/default target=192.168.2.125/32,192.168.2.150/32 total-queue=default
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
add disabled=no name=default-v3 version=3
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
add disabled=yes instance=default-v3 name=backbone-v3
/routing table
add fib name=Fibra
add fib name="My Connection"
add fib name="VPN IT"
add fib name="ExpressVPN IT"
add fib name="VPN US"
add fib name="Hide.me IT"
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,rest-api
/interface bridge port
add bridge=bridge1-LAN hw=no ingress-filtering=no interface=ether6-LAN-Airport
add bridge=bridge1-LAN fast-leave=yes ingress-filtering=no interface=ether5-LAN learn=yes multicast-router=permanent
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set accept-redirects=yes accept-source-route=yes max-neighbor-entries=8192 tcp-syncookies=yes
/ipv6 settings
set max-neighbor-entries=8192
/interface l2tp-server server
set default-profile=server enabled=yes use-ipsec=yes
/interface ovpn-server server
set auth=sha1 certificate="OVPN server" cipher=aes256 default-profile=server enabled=yes mode=ethernet
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set enabled=yes
/ip address
add address=192.168.88.1/24 interface=bridge1-LAN network=192.168.88.0
add address=192.168.2.1/24 interface=bridge1-LAN network=192.168.2.0
add address=192.168.3.1/24 interface=ether1-GPON network=192.168.3.0
add address=192.168.1.3/24 disabled=yes interface=combo1-GPON network=192.168.1.0
add address=192.168.5.15/24 interface=ovpn-in1 network=192.168.5.0
add address=192.168.5.49 interface=ether7-LAN-SkyQ network=192.168.5.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add add-default-route=no !dhcp-options interface=ether2-LTE-Wind-Huawei use-peer-dns=no use-peer-ntp=no
add add-default-route=no interface=ether3-LTE-Alpsim use-peer-dns=no
/ip dhcp-server lease
add address=192.168.2.2 always-broadcast=yes comment=GigasetPhone mac-address=7C:2F:80:84:F1:E9 server=dhcp1
add address=192.168.2.149 always-broadcast=yes comment=SynologyDS415 lease-time=1d mac-address=00:11:32:38:34:F7 server=dhcp1
add address=192.168.2.152 always-broadcast=yes client-id=1:a4:2b:b0:15:ea:d7 mac-address=A4:2B:B0:15:EA:D7 server=dhcp1
add address=192.168.2.171 comment="Netgear Switch" lease-time=1d mac-address=8C:3B:AD:22:B7:38 server=dhcp1
add address=192.168.2.150 client-id=1:28:f0:76:b:57:6a mac-address=28:F0:76:0B:57:6A server=dhcp1
add address=192.168.2.129 always-broadcast=yes comment=SMA lease-time=2d mac-address=00:40:AD:97:0C:DD server=dhcp1
add address=192.168.2.3 client-id=1:0:d:65:1c:f8:f mac-address=00:0D:65:1C:F8:0F server=dhcp1
add address=192.168.2.125 client-id=1:38:c9:86:22:b3:c0 mac-address=38:C9:86:22:B3:C0 server=dhcp1
add address=192.168.2.67 client-id=1:0:8a:76:f3:38:e0 mac-address=00:8A:76:F3:38:E0 server=dhcp1
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=208.67.222.222,208.67.220.220 gateway=192.168.2.1 netmask=24 ntp-server=192.168.2.1
add address=192.168.5.0/24 dns-server=208.67.222.222,208.67.220.220 gateway=192.168.5.49 netmask=24
add address=192.168.88.0/24 comment="hotspot network" gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220
/ip firewall address-list
add address=paypal.com list=paypal
add address=whatsmyip.com list=whatsmyip
add address=www.paypal.com list=paypal
add address=paypalobjects.com list=paypal
add address=151.54.225.66 list=Blocklist
add address=api.paypal.com list=paypal
add address=api-3t.paypal.com list=paypal
add address=api-aa.paypal.com list=paypal
add address=api-aa-3t.paypal.com list=paypal
add address=svcs.paypal.com list=paypal
add address=accounts.paypal.com list=paypal
add address=batch.paypal.com list=paypal
add address=disputes.paypal.com list=paypal
add address=notify.paypal.com list=paypal
add address=reports.paypal.com list=paypal
add address=ipnpb.paypal.com list=paypal
add address=mobile.paypal.com list=paypal
add address=m.paypal.com list=paypal
add address=pointofsale.paypal.com list=paypal
add address=www.paypalobjects.com list=paypal
add address=192.168.2.112 list="VPN Exlusion List"
add address=192.168.2.127 list="VPN Exlusion List"
add address=192.168.2.2 list="VPN Exlusion List"
add address=192.168.2.110 list="VPN Exlusion List"
add address=192.168.2.182 list="VPN Exlusion List"
add address=192.168.2.88 list="VPN Exlusion List"
add address=192.168.2.104 list="VPN Exlusion List"
add address=192.168.2.108 list="VPN Exlusion List"
add address=192.168.2.3 list="VPN Exlusion List"
add address=192.168.2.78 list="VPN Exlusion List"
add address=192.168.2.62 list="VPN Exlusion List"
add address=192.168.2.103 list="VPN Exlusion List"
add address=192.168.2.0/24 list="VPN List"
add address=192.168.2.67 list="VPN Exlusion List"
add address=192.168.2.102 list="VPN Exlusion List"
add address=192.168.2.61 list="VPN Exlusion List"
add address=192.168.2.68 list="VPN Exlusion List"
add address=192.168.2.93 list="VPN Exlusion List"
add address=8.8.8.8 list="Unlocator Block"
add address=8.8.4.4 list="Unlocator Block"
add address=37.77.184.0 list="Unlocator Block"
add address=45.57.0.0 list="Unlocator Block"
add address=185.2.220.0 list="Unlocator Block"
add address=198.45.48.0 list="Unlocator Block"
add address=192.168.2.79 disabled=yes list=NordVPN
add address=192.168.2.149 disabled=yes list=NordVPN
add address=192.168.2.0/24 disabled=yes list=NordVPN
add address=#### list=WAN-IP
/ip firewall filter
add action=accept chain=input in-interface=bridge1-LAN
add action=drop chain=forward disabled=yes dst-address-list="Unlocator Block"
add action=accept chain=input dst-port=1194 protocol=tcp
add action=accept chain=input comment="IPSec ESP" protocol=ipsec-esp
add action=accept chain=input comment="IPSec NAT-T" dst-port=4500 protocol=udp
add action=accept chain=input comment="IPSec L2TP" dst-port=1701 protocol=udp
add action=accept chain=input comment="IPSec ISAKMP" dst-port=500 protocol=udp
add action=accept chain=input comment="Accept Established and Related" connection-state=established,related
add action=accept chain=input dst-port=5001,80,443,32400 protocol=tcp
add action=accept chain=input dst-port=8080,8443,8291 in-interface=bridge1-LAN protocol=tcp
# ovpn-in1 not ready
add action=accept chain=input dst-port=8080,8443,8291 in-interface=ovpn-in1 protocol=tcp
add action=accept chain=input dst-port=16881,26881,51767 protocol=tcp
add action=accept chain=input dst-port=5060,5090,9000-9398 protocol=tcp
add action=drop chain=input dst-port=25,143,993 protocol=tcp
add action=drop chain=input dst-port=22,8291,8080,8443 protocol=tcp
add action=drop chain=input comment="Drop Invalid" connection-state=invalid
add action=drop chain=input comment="Default Drop" connection-state=""
/ip firewall mangle
add action=change-mss chain=forward disabled=yes new-mss=1300 out-interface="Pianeta Fibra PPPoE" passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1301-65535
add action=route chain=prerouting disabled=yes dst-port=53 passthrough=no protocol=udp route-dst=81.17.17.170 src-address=192.168.2.146
add action=route chain=prerouting comment="Only DNS Unlocator" disabled=yes dst-port=53 passthrough=no protocol=udp route-dst=8.8.8.8 src-address=192.168.2.50
add action=mark-packet chain=prerouting comment="Torrent Announce" layer7-protocol=BITTORRENT_ANNOUNCE new-packet-mark=P2P passthrough=yes
add action=mark-packet chain=prerouting comment=Torrent layer7-protocol=BITTORRENT new-packet-mark=P2P passthrough=yes
add action=mark-routing chain=prerouting comment="Win 10 Pro Parallels" disabled=yes new-routing-mark="My Connection" passthrough=no src-address=192.168.2.144
add action=mark-routing chain=prerouting comment="vpn exclusion" disabled=yes new-routing-mark=main passthrough=no src-address-list="VPN Exlusion List"
add action=mark-connection chain=prerouting comment="entire network to vpn" disabled=yes new-connection-mark=NordVPN passthrough=yes src-address=192.168.2.0/24
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=Fibra passthrough=no src-address=192.168.2.125
add action=mark-routing chain=prerouting disabled=yes new-routing-mark="VPN IT" passthrough=yes src-address=192.168.2.0/24
add action=mark-routing chain=prerouting disabled=yes new-routing-mark="VPN IT" packet-mark=P2P passthrough=no
/ip firewall nat
add action=accept chain=dstnat dst-port=4500,1701,500 protocol=udp to-addresses=192.168.2.149
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=192.168.2.149 out-interface=bridge1-LAN src-address=192.168.2.0/24
add action=masquerade chain=srcnat out-interface=combo1-GPON
add action=masquerade chain=srcnat out-interface=ether1-GPON
add action=masquerade chain=srcnat out-interface=ether2-LTE-Wind-Huawei
add action=masquerade chain=srcnat out-interface=ether3-LTE-Alpsim
add action=masquerade chain=srcnat out-interface=ether7-LAN-SkyQ
add action=masquerade chain=srcnat out-interface="Pianeta Fibra PPPoE"
# ovpn-in1 not ready
add action=masquerade chain=srcnat out-interface=ovpn-in1
add action=dst-nat chain=dstnat comment="voip x siemens" dst-port=5060,5090,9000-9398 protocol=tcp to-addresses=192.168.2.2
add action=dst-nat chain=dstnat comment=synology dst-address-list=WAN-IP dst-port=5000,5001 protocol=tcp to-addresses=192.168.2.149
add action=dst-nat chain=dstnat dst-port=5000,5001 protocol=tcp to-addresses=192.168.2.149
add action=dst-nat chain=dstnat comment="synology web" dst-address-list=WAN-IP dst-port=80 protocol=tcp to-addresses=192.168.2.149
add action=dst-nat chain=dstnat dst-address-list=WAN-IP dst-port=443,8443 protocol=tcp to-addresses=192.168.2.149
add action=dst-nat chain=dstnat comment="synology mail" disabled=yes dst-port=25,465,587,143,993 in-interface="Pianeta Fibra PPPoE" protocol=tcp to-addresses=192.168.2.149
add action=dst-nat chain=dstnat comment="synology plex" dst-address-list=WAN-IP dst-port=32400 protocol=tcp to-addresses=192.168.2.149
add action=dst-nat chain=dstnat dst-port=32400 protocol=tcp to-addresses=192.168.2.149
add action=dst-nat chain=dstnat comment="synology bittorrent" dst-port=16881,26881 protocol=tcp to-addresses=192.168.2.149
add action=dst-nat chain=dstnat comment="qBittorent Asgaard" dst-port=51767 protocol=tcp to-addresses=192.168.2.125
/ip firewall service-port
set h323 disabled=yes
set sip disabled=yes sip-timeout=10m
/ip hotspot user
add name=admin
/ip ipsec identity
add auth-method=eap certificate="" eap-methods=eap-mschapv2 generate-policy=port-strict mode-config=NordVPN peer=NordVPN policy-template-group=NordVPN username=M9dQx1LuxRCVr8huWGLonS8U
/ip ipsec policy
add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0 template=yes
/ip route
add check-gateway=arp disabled=yes distance=1 dst-address=0.0.0.0/0 gateway="Pianeta Fibra PPPoE" pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10 vrf-interface="Pianeta Fibra PPPoE"
add check-gateway=ping disabled=yes distance=3 dst-address=0.0.0.0/0 gateway=192.168.0.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=yes distance=2 dst-address=0.0.0.0/0 gateway=192.168.8.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address="" gateway=192.168.0.1 routing-table=main suppress-hw-offload=no
/ip service
set telnet disabled=yes
set www port=8080
set www-ssl disabled=no port=8443
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip traffic-flow
set interfaces=ether3-LTE-Alpsim
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1-LAN type=internal
add interface=*A type=external
/ipv6 address
add address=::1 from-pool=pf_ip6_pool interface=bridge1-LAN
/ipv6 dhcp-client
add add-default-route=yes interface="Pianeta Fibra PPPoE" pool-name=pf_ip6_pool prefix-hint=::/56 request=prefix
/ipv6 firewall filter
add action=accept chain=input connection-state=established,related
add action=accept chain=input dst-port=22,8291,8080,8443 in-interface=bridge1-LAN protocol=tcp
add action=drop chain=input dst-port=22,8291,8080,8443 protocol=tcp
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=drop chain=input disabled=yes
/ipv6 nd
set [ find default=yes ] advertise-dns=no
/lcd
set time-interval=daily
/ppp secret
add name=#### profile=server
/routing igmp-proxy interface
add
/system clock
set time-zone-name=Europe/Rome
/system logging
add prefix=ipsec topics=ipsec
add topics=lte
/system ntp client
set enabled=yes
/system ntp client servers
add address=193.204.114.233
add address=188.213.165.209
/system scheduler
add disabled=yes interval=1d name=LTE-Night on-event=night policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jul/14/2017 start-time=00:01:00
add disabled=yes interval=1d name=LTE-Day on-event=day policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jul/14/2017 start-time=07:58:00
/system script
add dont-require-permissions=no name=fibra_up owner=admin policy=read,write source="ip route set [/ip route find where !routing-mark and dst-address=0.0.0.0/0] gateway=\"Vodafone PPPoE\""
add dont-require-permissions=no name=fibra_down owner=admin policy=read,write source="ip route set [/ip route find where !routing-mark and dst-address=0.0.0.0/0]  gateway=192.168.8.1"
add dont-require-permissions=no name=night owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    ":ip route set [/ip route find where !routing-mark and dst-address=0.0.0.0/0]  gateway=192.168.3.1;\r\
    \n:foreach i in=[/ip firewall connection find dst-address~\":5060\" protocol~\"udp\"] do={\r\
    \n/ip firewall connection remove \$i\r\
    \n}"
add dont-require-permissions=no name=day owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
    ":ip route set [/ip route find where !routing-mark and dst-address=0.0.0.0/0] gateway=pppoe-fibra;\r\
    \n:foreach i in=[/ip firewall connection find dst-address~\":5060\" protocol~\"udp\"] do={\r\
    \n/ip firewall connection remove \$i\r\
    \n}"
add dont-require-permissions=no name=clear-SIP owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":foreach i in=[/ip firewall connection find dst-address~\":5060\" protocol~\"udp\"] do={\r\
    \n/ip firewall connection remove \$i\r\
    \n}"
/tool graphing interface
add
/tool netwatch
add disabled=no down-script="fibra_down\
    \nclear-SIP" host=208.67.222.222 interval=1s timeout=1s500ms type=simple up-script="fibra_up\
    \nclear-SIP"

LorenzoLaRocca

la subnet 192.168.5.0 dedicata a sky q l'ho appena impostata, ennesimo tentativo di risolvere il problema... ho anche tolto la porta su cui e' collegato il platinum dal bridge nel tentativo di creare lan separata...

LorenzoLaRocca

Max6502 posso anche provare con un cavo nuovo... ma il fatto e' che il platinum la connessione la vede, l'assegnazione ip e' stabile... la spunta verde c'e'... solo che poi non funziona l'on demand e mi da questo errore di connessione che non dovrebbe...

stich86

LorenzoLaRocca ti ripeto… su quella subnet riesci a pingare il gateway? Vedo che c’è una drop di default, se il platinum non pinga il suo GW, anche se ti dice tutto ok (per quel check fa una chiamata HTTP), l’ondemand ti da quell’errore

LorenzoLaRocca

stich86 non so se c'e' un modo per lanciare un ping da uno sky q, ad ogni modo ho preso spunto da quanto hai detto ed ho fatto un po' di modifiche, ho tolto la subnet aggiuntiva che avevo fatto, ho rimesso la porta dello skyq nel bridge ed infine ho messo in cima al firewall una rule accept per tutto il traffico in entrata di tutte le porte lan e del bridge... funziona.
Ho fatto tante modifiche e non sono sicuro cosa sia stato esattamente perché' inizialmente continuava a dare il problema... ma sembra che abbia risolto.
Ti ringrazio quindi per lo spunto e ringrazio tutti quanti intervenuti.

fl4co

stich86 Confermo che al 99% il problema è questo, lo Sky Q fa un ping ogni 30 secondi verso il gateway e se questo non risponde comincia a floodarlo di molte richieste al secondo e si disconnette. Prova a fare un packet capture dal router e controlla se i ping da parte dello Sky Q vengono correttamente risposti dal Mikrotik.

LorenzoLaRocca

per la verita' ho anche disattivato ipv6.... poteva essere questo?

LorenzoLaRocca

un aggiornamento.... il problema ora e' tornato ma sembra essere legato alla connessione di pianeta fibra.
Ho 2 wan, quella di pianeta fibra ed una LTE con alpsim (vodafone) di backup.
Ho notato che quando uso alpsim l'on demand funziona benissimo, mentre se instrado su pianeta fibra non funziona più'...
da cosa puo' dipendere? puo' essere un problema legato agli attacchi ddos?

edofullo

LorenzoLaRocca puo' essere un problema legato agli attacchi ddos?

Non credo, hai NAT, IP Dinamico o IP Statico?

Se hai IP dinamico prova a farti cambiare IP.

stich86

fl4co ne so qualcosa, mi hanno fatto diventare scemo. Non gli bastava il check su connectivity.sky.com 😂

fl4co

stich86 Io me ne sono accorto perché tengo lo Sky Q su una VLAN a parte con client isolation, quindi non riusciva a pingare il router. Ho aggiunto una regola del firewall e ho risolto.

Vediamo se anche l'OP ha lo stesso problema.

spicci

fl4co
ciao, premetto che non sono molto pratico con il mikrotik , segnalo lo stesso problema che lo sky q si disconnette. prostesti darmi un aiuto per fare la regola del firewall sperando di risolvere il problema?
grazie

Pagina successiva »

Informativa privacy - Informativa cookie - Termini e condizioni - Regolamento - Disclaimer - 🏳️‍🌈
P.I. IT16712091004 - info@fibraclick.it

♻️ Il server di questo sito è alimentato al 100% con energia rinnovabile