Выброчный трафик через VPN - не проходит трассировка маршрута

Dominik · 29 фев 2024, 11:31

Помогите разобраться, поднят vpn wireguard с белым IP (xx.xx.xx.xx), к нему подключаюсь через серый IP (LTE passtrouth), подключение есть, сети пингуются, также пингуются сервера в интернете, но не проходит трассировка маршрута (traceroute)
Хотел направить трафик с сервера в локальной сети (192.168.2.19) через VPN, вроде как все работает, но почему не могу сделать трассировку к серверу??? Т.е. с микротика не только сервер не отзывается, но и публичные тоже не отвечают. Хотя в локалке интернет есть и все типа работает...

Код: Выделить всё

# 2024-02-29 11:11:49 by RouterOS 7.13.5
# software id = RG2W-6FVW
#
# model = RB952Ui-5ac2nD
# serial number = 6CBA06F13F0A
/interface bridge
add frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=no \
    name=bridge protocol-mode=none vlan-filtering=yes
add disabled=yes name=loopback protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] auto-negotiation=no
set [ find default-name=ether3 ] auto-negotiation=no rx-flow-control=auto \
    tx-flow-control=auto
set [ find default-name=ether5 ] auto-negotiation=no
/interface wireguard
add listen-port=22190 mtu=1420 name=wg-client-msk
/interface vlan
add interface=ether5 name=lte-internet vlan-id=101
add interface=ether5 name=lte_mngmt vlan-id=100
/interface list
add name=LAN
add name=WAN
add name=VPN
add name=list-discovery
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk disable-pmkid=yes mode=dynamic-keys name=\
    work supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
    band=2ghz-g/n basic-rates-b="" country=russia4 disabled=no \
    disconnect-timeout=5s guard-interval=long hide-ssid=yes installation=\
    indoor max-station-count=15 mode=ap-bridge multicast-helper=full \
    radio-name=workland24ghz security-profile=work skip-dfs-channels=all \
    ssid=2.4GHz supported-rates-b="" tx-power=7 tx-power-mode=all-rates-fixed \
    wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode \
    band=5ghz-n/ac channel-width=20/40/80mhz-XXXX country=russia4 disabled=no \
    distance=indoors hide-ssid=yes installation=indoor max-station-count=15 \
    mode=ap-bridge multicast-helper=full radio-name=workland5ghz \
    security-profile=work ssid=5GHz wireless-protocol=802.11 wps-mode=\
    disabled
add disabled=no keepalive-frames=disabled mac-address=6E:3B:6B:13:FD:A9 \
    master-interface=wlan1 max-station-count=20 multicast-buffering=disabled \
    name=wlan10 security-profile=work ssid=SERVICEPRINT wps-mode=disabled
add disabled=no mac-address=6E:3B:6B:13:FD:A8 master-interface=wlan2 \
    max-station-count=15 multicast-helper=full name=wlan20 security-profile=\
    work ssid=WORK wmm-support=enabled wps-mode=disabled
/interface wireless nstreme
set wlan1 enable-polling=no
set wlan2 enable-polling=no
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool ranges=192.168.2.2-192.168.2.40
add name=vpn-pool ranges=10.50.0.10-10.50.0.20
/ip dhcp-server
add address-pool=dhcp_pool interface=bridge lease-time=1h name=dhcp
/ppp profile
set *0 interface-list=VPN use-ipv6=no use-mpls=no use-upnp=no
set *FFFFFFFE use-compression=no use-encryption=no use-mpls=no use-upnp=no
/interface l2tp-client
add allow=mschap2 connect-to=xx.xx.xx.xx name=l2tp-work profile=default \
    user=geo
/queue simple
add dst=lte-internet max-limit=30M/25M name=queue-burst-limit queue=\
    pcq-upload-default/pcq-download-default target=192.168.2.0/25
/routing id
add disabled=no id=10.255.255.2 name=loopback select-dynamic-id=only-loopback
/routing ospf instance
add disabled=yes in-filter-chain=ospf-in name=default out-filter-chain=\
    ospf-out router-id=loopback routing-table=main
/routing ospf area
add area-id=0.0.0.16 disabled=yes instance=default name=stub type=stub
add disabled=yes instance=default name=backbone
/routing table
add disabled=no fib name=vpn-table
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=lte_mngmt
add bridge=bridge interface=wlan1
add bridge=bridge interface=wlan2
add bridge=bridge interface=wlan10
add bridge=bridge interface=wlan20
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/ip firewall connection tracking
set icmp-timeout=30s tcp-close-wait-timeout=1m tcp-established-timeout=1m \
    tcp-fin-wait-timeout=2m tcp-last-ack-timeout=30s \
    tcp-syn-received-timeout=1m tcp-syn-sent-timeout=2m \
    tcp-time-wait-timeout=2m udp-stream-timeout=2m udp-timeout=30s
/ip neighbor discovery-settings
set discover-interface-list=!WAN
/ip settings
set allow-fast-path=no max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes
/interface list member
add interface=bridge list=LAN
add interface=lte-internet list=WAN
add interface=bridge list=list-discovery
add interface=wg-client-msk list=LAN
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint-address=xx.xx.xx.xx endpoint-port=\
    443 interface=wg-client-msk persistent-keepalive=10s public-key=\
    "ZZZ"
/ip address
add address=192.168.2.1/25 interface=bridge network=192.168.2.0
add address=10.10.10.2/30 interface=wg-client-msk network=10.10.10.0
/ip cloud
set ddns-update-interval=1h
/ip dhcp-client
add !dhcp-options interface=lte-internet use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=192.168.2.19 client-id=1:0:11:32:fa:6c:d3 comment="SERVER HP-G8" \
    mac-address=00:11:32:FA:6C:D3 server=dhcp
add address=192.168.2.31 client-id=1:2:11:32:2b:72:56 comment="New WinServer" \
    mac-address=02:11:32:2B:72:56 server=dhcp
/ip dhcp-server network
add address=192.168.2.0/25 comment=Exclude dns-server=192.168.2.1 gateway=\
    192.168.2.1 ntp-server=192.168.2.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=8.8.8.8,8.8.4.4 \
    verify-doh-cert=yes
/ip dns static
add address=45.90.28.0 disabled=yes name=dns.nextdns.io
add address=45.90.30.0 disabled=yes name=dns.nextdns.io
add address=2a07:a8c0:: disabled=yes name=dns.nextdns.io type=AAAA
add address=2a07:a8c1:: disabled=yes name=dns.nextdns.io type=AAAA
add address=94.140.14.49 disabled=yes name=d.adguard-dns.com
add address=94.140.14.59 disabled=yes name=d.adguard-dns.com
add address=8.8.8.8 disabled=yes name=dns.google
add address=8.8.4.4 disabled=yes name=dns.google
add address=94.140.14.14 disabled=yes name=dns.adguard-dns.com
add address=94.140.15.15 disabled=yes name=dns.adguard-dns.com
add address=77.88.8.88 disabled=yes name=safe.dot.dns.yandex.net
add address=77.88.8.2 disabled=yes name=safe.dot.dns.yandex.net
add address=1.1.1.1 disabled=yes name=dns.cloudflare.com
add address=1.0.0.1 disabled=yes name=dns.cloudflare.com
add address=1.1.1.2 disabled=yes name=security.cloudflare-dns.com
add address=1.0.0.2 disabled=yes name=security.cloudflare-dns.com
/ip firewall address-list
add address=10.50.0.0/25 list=LocalNet
add address=192.168.2.0/25 list=LocalNet
add address=10.10.10.0/25 list=LocalNet
add address=192.168.3.0/25 list=LocalNet
add address=192.168.1.0/25 list=LocalNet
add address=0.0.0.0/8 list=BOGON
add address=10.0.0.0/8 list=BOGON
add address=127.0.0.0/8 list=BOGON
add address=169.254.0.0/16 list=BOGON
add address=172.16.0.0/12 list=BOGON
add address=192.0.0.0/24 list=BOGON
add address=192.0.2.0/24 list=BOGON
add address=192.88.99.0/24 list=BOGON
add address=192.168.0.0/16 list=BOGON
add address=198.18.0.0/15 list=BOGON
add address=198.51.100.0/24 list=BOGON
add address=203.0.113.0/24 list=BOGON
add address=224.0.0.0/4 list=BOGON
add address=240.0.0.0/4 list=BOGON
add address=255.255.255.255 list=BOGON
add address=xx.xx.xx.xx list=LocalNet
add address=2ip.io list=WebAccess
add address=duckdns.org disabled=yes list=DDNS
add address=cloudns.net disabled=yes list=DDNS
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established, related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=input connection-state=invalid
add action=accept chain=input comment=Allow_limited_pings icmp-options=8:0 \
    limit=50/5s,2:packet packet-size=0-128 protocol=icmp
add action=accept chain=input dst-port=53 in-interface-list=!WAN protocol=udp
add action=reject chain=input connection-state=new dst-port=8291,8080 \
    protocol=tcp reject-with=tcp-reset src-address-list=!LocalNet
add action=drop chain=input dst-port=22190 protocol=udp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment=\
    "defconf: accept established, related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward connection-state=invalid
add action=accept chain=forward comment="Allow client LAN traffic out WAN" \
    dst-address=192.168.1.0/25 src-address=192.168.2.0/25
add action=accept chain=forward dst-address=192.168.2.0/25 src-address=\
    192.168.1.0/25
add action=drop chain=forward connection-nat-state=!dstnat connection-state=\
    new in-interface-list=WAN
/ip firewall mangle
add action=change-ttl chain=postrouting ipsec-policy=out,none new-ttl=set:130 \
    out-interface=lte-internet passthrough=yes protocol=!icmp
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=\
    wg-client-msk passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=\
    1301-65535
add action=mark-routing chain=prerouting comment=\
    "Mark HP-G8 Traffic for VPN " new-routing-mark=vpn-table passthrough=yes \
    src-address=192.168.2.19
add action=mark-routing chain=output comment="Mark HP-G8 Traffic for VPN " \
    disabled=yes new-routing-mark=vpn-table passthrough=yes
add action=accept chain=output disabled=yes dst-address=192.168.2.0/25
add action=mark-routing chain=prerouting comment=\
    "Mark HP-G8 Traffic for VPN " disabled=yes dst-address=!192.168.2.0/25 \
    dst-address-list=WebAccess new-routing-mark=vpn-table passthrough=no \
    src-address=192.168.2.3
add action=mark-routing chain=prerouting comment=\
    "Mark HP-G8 Traffic for VPN " disabled=yes dst-address=!192.168.2.0/25 \
    new-routing-mark=vpn-table passthrough=no src-address=192.168.2.6
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=\
    WAN
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=\
    wg-client-msk
add action=src-nat chain=srcnat comment="Hairpin NAT" disabled=yes \
    dst-address=192.168.2.19 out-interface=bridge protocol=tcp src-address=\
    10.10.10.1 to-addresses=192.168.2.1
add action=dst-nat chain=dstnat comment=force-own-DNS1 disabled=yes dst-port=\
    53 in-interface=bridge protocol=udp src-address=!192.168.2.19 \
    to-addresses=192.168.2.19
add action=dst-nat chain=dstnat comment=force-own-DNS1 disabled=yes dst-port=\
    53 in-interface=bridge protocol=tcp src-address=!192.168.2.19 \
    to-addresses=192.168.2.19
add action=dst-nat chain=dstnat comment=force-own-DNS2 disabled=yes dst-port=\
    53 in-interface=bridge protocol=udp src-address=192.168.2.0/25 \
    to-addresses=192.168.2.1
add action=dst-nat chain=dstnat comment=force-own-DNS2 disabled=yes dst-port=\
    53 in-interface=bridge protocol=tcp src-address=192.168.2.0/25 \
    to-addresses=192.168.2.1
add action=redirect chain=dstnat comment=force-own-DNS disabled=yes dst-port=\
    53 protocol=udp
add action=redirect chain=dstnat comment=force-own-DNS disabled=yes dst-port=\
    53 protocol=tcp
add action=netmap chain=dstnat comment="HP-G8 port redirect" dst-port=51416 \
    in-interface=wg-client-msk protocol=tcp to-addresses=192.168.2.19 \
    to-ports=51416
add action=netmap chain=dstnat dst-port=6881 in-interface=wg-client-msk \
    protocol=udp to-addresses=192.168.2.19 to-ports=6881
add action=netmap chain=dstnat dst-port=5002-5003 in-interface=wg-client-msk \
    protocol=tcp to-addresses=192.168.2.19 to-ports=5003
add action=netmap chain=dstnat dst-port=2121 in-interface=wg-client-msk \
    protocol=tcp to-addresses=192.168.2.19 to-ports=21
add action=netmap chain=dstnat dst-port=55536-55899 in-interface=\
    wg-client-msk protocol=tcp to-addresses=192.168.2.19
add action=netmap chain=dstnat comment=PLEX dst-port=32401 in-interface=\
    wg-client-msk protocol=tcp to-addresses=192.168.2.19 to-ports=32400
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.10.10.1 pref-src=\
    "" routing-table=vpn-table scope=30 suppress-hw-offload=no target-scope=\
    10
add disabled=no distance=1 dst-address=192.168.1.0/25 gateway=10.10.10.1 \
    pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=1 dst-address=192.168.3.0/25 gateway=10.10.10.1 \
    pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
/ip service
set telnet disabled=yes
set ftp address=127.0.0.1/32,192.168.2.0/25
set www port=8080
set ssh address=192.168.2.0/25,10.50.0.0/25 disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/routing filter rule
add chain=ospf-in disabled=no rule=\
    "if (dst-len in 32 && dst in 10.50.0.0/25) {accept}"
add chain=ospf-in disabled=no rule="if (dst in 192.168.1.0/25) {accept}"
add chain=ospf-in disabled=no rule="if (dst in 192.168.2.0/25) {accept}"
add chain=ospf-in disabled=no rule="if (dst in 192.168.3.0/25) {accept}"
add chain=ospf-out disabled=no rule=\
    "if (dst-len in 32 && dst in 10.50.0.0/25) {accept}"
/routing ospf interface-template
add area=stub cost=10 disabled=yes networks=192.168.2.0/25 passive priority=1 \
    type=ptp
add area=stub cost=10 disabled=yes interfaces=VPN networks=10.50.0.0/25 \
    priority=1 type=ptp
add area=stub cost=10 disabled=yes interfaces=VPN networks=10.10.10.0/25 \
    priority=1 type=ptp
/routing rule
add action=lookup disabled=no dst-address=192.168.2.0/25 table=main
add action=lookup-only-in-table disabled=no routing-mark=vpn-table table=\
    vpn-table
add action=lookup-only-in-table disabled=yes src-address=192.168.2.19/32 \
    table=main
add action=lookup disabled=yes src-address=192.168.2.19/32 table=vpn-table
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Moscow
/system identity
set name=work
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes manycast=yes multicast=yes
/system ntp client servers
add address=time.google.com
add address=time.cloudflare.com
/system routerboard settings
set auto-upgrade=yes init-delay=5s
/system scheduler
add interval=4w3d name=1-Week-backup on-event=backup_to_mail policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=2023-01-01 start-time=00:00:00
add disabled=yes interval=6h name=nextdns.io on-event="/tool fetch url=\"https\
    ://link-ip.nextdns.io/a8cc81/53467d8516e4a99a\" mode=https\r\
    \n:delay 1;\r\
    \n/file remove \"53467d8516e4a99a\"" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=2024-02-02 start-time=13:00:00
add disabled=yes interval=1h name=cloudns on-event="/tool fetch url=\"https://\
    ipv4.cloudns.net/api/dynamicURL/\?q=NTE4MDI5NjozNDE3OTU1NDU6MzQzYjc3YjZmND\
    YyNTlmNmEwMmIyOGQ2N2E3ZjFkZjk5NjM3ZDIxMGVhMTVhMWNjY2Q3NzJkZDM0OWZjYTVmNA\"\
    \_mode=https\r\
    \n:delay 1;\r\
    \n/file remove \"\?q=NTE4MDI5NjozNDE3OTU1NDU6MzQzYjc3YjZmNDYyNTlmNmEwMmIyO\
    GQ2N2E3ZjFkZjk5NjM3ZDIxMGVhMTVhMWNjY2Q3NzJkZDM0OWZjYTVmNA\"" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=2024-02-02 start-time=16:05:00
add disabled=yes interval=5m name=DOH on-event=DOH-DNS policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=2024-02-01 start-time=13:00:00
add disabled=yes interval=30s name=DNS-fallback on-event=AdGuardDNS policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=2024-02-01 start-time=00:00:00
add interval=30m name=DHCP-lease on-event=DHCP-lease policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=2024-02-01 start-time=15:00:00
/system script
add dont-require-permissions=no name=backup_to_mail owner=george policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="{\
    \r\
    \n#Email account settings\r\
    \n:local EaccountTo \"geo@mail.ru\";\r\
    \n\r\
    \n#Getting information about the system and deleting old backups\r\
    \n:log info \"Starting Backup Script...\";\r\
    \n:local sysname [/system/identity/get name];\r\
    \n:local sysver [system/package/get routeros version];\r\
    \n:log info \"Flushing DNS cache...\";\r\
    \n/ip dns cache flush;\r\
    \n:delay 2;\r\
    \n:log info \"Deleting last Backups...\";\r\
    \n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name]\
    \_\"\$sysname-backup-\"]]!=\"nil\") do={/file remove \$i}};\r\
    \n:delay 2;\r\
    \n\r\
    \n#Create and E-mail Full Backup\r\
    \n:local backupfile (\"\$sysname-backup-\" . [:pick [/system clock get dat\
    e] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock ge\
    t date] 4 6] . \".backup\");\r\
    \n:log info \"Creating new Full Backup file...\";\r\
    \n/system backup save name=\$backupfile;\r\
    \n:delay 2;\r\
    \n:log info \"Sending Full Backup file via E-mail...\";\r\
    \n/tool e-mail send to=\$EaccountTo file=\$backupfile subject=(\"\$sysname\
    \_Full Backup (\" . [/system clock get date] . \")\") body=(\"\$sysname fu\
    ll Backup file see in attachment. RouterOS \$sysver\");\r\
    \n:delay 5;\r\
    \n\r\
    \n#Create and E-mail Config Backup\r\
    \n:local exportfile (\"\$sysname-backup-\" . [:pick [/system clock get dat\
    e] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock ge\
    t date] 4 6] . \".rsc\");\r\
    \n:log info \"Creating new Setup Script file...\";\r\
    \n/export file=\$exportfile;\r\
    \n:delay 2;\r\
    \n:log info \"Sending Setup Script file via E-mail...\";\r\
    \n/tool e-mail send to=\$EaccountTo file=\$exportfile subject=(\"\$sysname\
    \_Config Script Backup (\" . [/system clock get date] . \")\") body=(\"\$s\
    ysname Config Script file see in attachment. RouterOS \$sysver\");\r\
    \n:delay 10;\r\
    \n\r\
    \n:log info \"Deleting Backups File...\";\r\
    \n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name]\
    \_\"\$sysname-backup-\"]]!=\"nil\") do={/file remove \$i}};\r\
    \n:delay 5;\r\
    \n\r\
    \n#Finish\r\
    \n:log info \"All System Backups successfully sent. Backup is complete.\";\
    \r\
    \n}"
add dont-require-permissions=no name=pingspeed owner=george policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
    local aip [/ip arp find address];\r\
    \n:local nlen [:len \$aip];\r\
    \n:local i 1 ;\r\
    \n:local j 0 ;\r\
    \n:local Device [/system identity get name];\r\
    \n/log info \"=Speed unit from ARP \$Device IP Address(\$nlen) :\";\r\
    \n\r\
    \n:for i from=1 to=\$nlen do={\r\
    \n:set j (\$i-1);\r\
    \n:local IDMessage (\$aip ->\$j);\r\
    \n:local ctxt [/ip arp get number=\$IDMessage address];\r\
    \n:local cmac [/ip arp get number=\$IDMessage mac-address];\r\
    \n/delay 1s;\r\
    \n:local cpul [/system resource get cpu-load];\r\
    \n:local atxt [/tool ping-speed address=\$ctxt duration=10s as-value]; ## \
    10s\r\
    \n:local avg (\$atxt->\"average\");\r\
    \n:local avg (\$avg / 1048576);\r\
    \n:local curr (\$atxt->\"current\");\r\
    \n:local curr (\$curr / 1048576);\r\
    \n/log info \"=Speed ip=\$ctxt (\$cmac) average=\$avg Mbps,current=\$curr \
    Mbps,cpu-load=\$cpul%\";\r\
    \n}"
add dont-require-permissions=no name=speedtest owner=george policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="{\
    \r\
    \n:local avg 0;\r\
    \n:local curr 0;\r\
    \n:local atxt [/tool ping-speed address=8.8.8.8 duration=10 as-value];\r\
    \n:local avg (\$atxt->\"average\");\r\
    \n:local avg (\$avg / 1048576);\r\
    \n:local curr (\$atxt->\"current\");\r\
    \n:local curr (\$curr / 1048576);\r\
    \n\r\
    \n/log info \"=Speed internet average=\$avg Mbps,current=\$curr Mbps\";\r\
    \n:if (curr < 10) do={\r\
    \n:local myEmail \"geo@mail.ru\";\r\
    \n:local myMsg \"=Speed internet average=\$avg Mbps,current=\$curr Mbps\";\
    \r\
    \n:local mod5 [/system routerboard get model];\r\
    \n:local monthToNum;\r\
    \n:local dateToPick;\r\
    \n:local dateToLog;\r\
    \n:local timeToLog;\r\
    \n:set monthToNum {jan=\"01\";feb=\"02\";mar=\"03\";apr=\"04\";may=\"05\";\
    jun=\"06\";jul=\"07\";aug=\"08\";sep=\"09\";oct=\"10\";nov=\"11\";dec=\"12\
    \";};\r\
    \n:set dateToPick [/system clock get date];\r\
    \n:set dateToLog ( [:pick \$dateToPick 4 6] . \".\" . ( \$monthToNum -> [:\
    pick \$dateToPick 0 3] ) . \".\" . [:pick \$dateToPick 7 11] );\r\
    \n:set timeToLog [/system clock get time];\r\
    \n#\r\
    \n:local mySubj \"=Speed internet < 10 Mbps,\$mod5,\$dateToLog,\$timeToLog\
    \";\r\
    \n:do {/tool e-mail send to=\$myEmail subject=\$mySubj body=\$myMsg ;} on-\
    error={:log error (\"impossible to send e-mail for Netwatch\");}\r\
    \n}\r\
    \n}"
add dont-require-permissions=no name=duckdns owner=george policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
    global actualIP value=[/ip address get [find where interface=lte-internet]\
    \_value-name=address];\r\
    \n:global actualIP value=[:pick \$actualIP -1 [:find \$actualIP \"/\" -1] \
    ];\r\
    \n:if ([:len [/file find where name=ipstore.txt]] < 1 ) do={\r\
    \n /file print file=ipstore.txt where name=ipstore.txt;\r\
    \n /delay delay-time=2;\r\
    \n /file set ipstore.txt contents=\"0.0.0.0\";\r\
    \n};\r\
    \n:global previousIP value=[/file get [find where name=ipstore.txt ] value\
    -name=contents];\r\
    \n:if (\$previousIP != \$actualIP) do={\r\
    \n :log info message=(\"Try to Update DuckDNS with actual IP \".\$actualIP\
    .\" -  Previous IP are \".\$previousIP);\r\
    \n /tool fetch mode=https keep-result=yes dst-path=duckdns-result.txt addr\
    ess=[:resolve www.duckdns.org] port=443 host=www.duckdns.org src-path=(\"/\
    update\?domains=serviceprint&token=cb0908c1-2e0e-4602-b532-5a5c35ccf354&ip\
    =\".\$actualIP);\r\
    \n /delay delay-time=5;\r\
    \n :global lastChange value=[/file get [find where name=duckdns-result.txt\
    \_] value-name=contents];\r\
    \n :global previousIP value=\$actualIP;\r\
    \n /file set ipstore.txt contents=\$actualIP;\r\
    \n :if (\$lastChange = \"OK\") do={:log warning message=(\"DuckDNS update \
    successfull with IP \".\$actualIP);};\r\
    \n :if (\$lastChange = \"KO\") do={:log error message=(\"Fail to update Du\
    ckDNS with new IP \".\$actualIP);};\r\
    \n};\r\
    \n"
add dont-require-permissions=no name=AdGuardDNS owner=george policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=" \
    \_  :local currentDNS [/ip dns get server]\r\
    \n    :local dnsup [ :toarray \"\" ];\r\
    \n    :local piholeDNS {\"192.168.2.39\"}\r\
    \n    :local backupDNS {\"192.168.2.1\"}\r\
    \n    :local testDomain \"www.google.com\"\r\
    \n\r\
    \n    :foreach i in \$piholeDNS do={\r\
    \n        :do {\r\
    \n            :resolve \$testDomain server \$i\r\
    \n            :set dnsup ( dnsup, \$i );\r\
    \n        } on-error={\r\
    \n        }\r\
    \n    }\r\
    \n    :if ([:len \$dnsup] > 0) do={\r\
    \n            if (\$currentDNS=\$dnsup) do={\r\
    \n            } else { /ip dhcp-server network set [ find comment=Exclude \
    ] dns-server=\$dnsup; }\r\
    \n        } else={\r\
    \n            if (\$currentDNS=\$backupDNS) do={\r\
    \n            } else { /ip dhcp-server network set [ find comment=Exclude \
    ] dns-server=\$backupDNS; }\r\
    \n        }\r\
    \n"
add dont-require-permissions=no name=DHCP-lease owner=george policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    \_MikroTik (RouterOS) script for automatically setting DNS records\r\
    \n# for clients when they obtain a DHCP lease.\r\
    \n#\r\
    \n# author SmartFinn <https://gist.github.com/SmartFinn>\r\
    \n\r\
    \n:local dnsTTL \"00:15:00\";\r\
    \n:local token \"\$leaseServerName-\$leaseActMAC\";\r\
    \n\r\
    \n# Normalize hostname (e.g. \"-= My Phone =-\" -> \"My-Phone\")\r\
    \n# - truncate length to 63 chars\r\
    \n# - substitute disallowed chars with a hyphen\r\
    \n# param: name\r\
    \n:local normalizeHostname do={\r\
    \n  :local result;\r\
    \n  :local isInvalidChar true;\r\
    \n  :for i from=0 to=([:len \$name]-1) do={\r\
    \n    :local char [:pick \$name \$i];\r\
    \n    :if (\$i < 63) do={\r\
    \n      :if (\$char~\"[a-zA-Z0-9]\") do={\r\
    \n        :set result (\$result . \$char);\r\
    \n        :set isInvalidChar false;\r\
    \n      } else={\r\
    \n        :if (!\$isInvalidChar) do={\r\
    \n          :set result (\$result . \"-\");\r\
    \n          :set isInvalidChar true;\r\
    \n        };\r\
    \n      };\r\
    \n    };\r\
    \n  };\r\
    \n# delete trailing hyphen\r\
    \n  :if (\$isInvalidChar) do={\r\
    \n    :set result [:pick \$result 0 ([:len \$result]-1)];\r\
    \n  }\r\
    \n  :return \$result;\r\
    \n};\r\
    \n\r\
    \n:if (\$leaseBound = 1) do={\r\
    \n# Getting the hostname and delete all disallowed chars from it\r\
    \n  :local hostName \$\"lease-hostname\";\r\
    \n  :set hostName [\$normalizeHostname name=\$hostName];\r\
    \n\r\
    \n# Use MAC address as a hostname if the hostname is missing or contains o\
    nly\r\
    \n# disallowed chars\r\
    \n  :if ([:len \$hostName] = 0) do={\r\
    \n    :set hostName [\$normalizeHostname name=\$leaseActMAC];\r\
    \n  };\r\
    \n\r\
    \n# Getting the domain name from DHCP server. If a domain name is not\r\
    \n# specified will use hostname only\r\
    \n  /ip dhcp-server network {\r\
    \n    :local domainName [get [:pick [find \$leaseActIP in address] 0] doma\
    in];\r\
    \n    :if ([:len \$domainName] > 0) do={\r\
    \n#     Append domain name to the hostname\r\
    \n      :set hostName (\$hostName . \".\" . \$domainName);\r\
    \n    };\r\
    \n  };\r\
    \n\r\
    \n  :do {\r\
    \n    /ip dns static {\r\
    \n      add name=\$hostName address=\$leaseActIP ttl=\$dnsTTL comment=\$to\
    ken;\r\
    \n    };\r\
    \n  } on-error={\r\
    \n    :log error \"Fail to add DNS entry: \$hostname -> \$leaseActIP (\$le\
    aseActMAC)\";\r\
    \n  };\r\
    \n} else={\r\
    \n  /ip dns static remove [find comment=\$token];\r\
    \n};"
/system watchdog
set automatic-supout=no watchdog-timer=no
/tool bandwidth-server
set enabled=no
/tool e-mail
set from=info@mail.ru port=465 server=smtp.yandex.ru tls=yes user=\
    geo@mail.ru
/tool mac-server
set allowed-interface-list=list-discovery
/tool mac-server mac-winbox
set allowed-interface-list=list-discovery
/tool mac-server ping
set enabled=no
/tool netwatch
add disabled=yes down-script=\
    "/ip dns set servers=8.8.8.8\r\
    \n/ip dns cache flush" host=192.168.2.19 http-codes="" interval=10s \
    test-script="" type=simple up-script=""

Выброчный трафик через VPN - не проходит трассировка маршрута

Вход • Регистрация