Router rb4011 se bloquea con Routeros V7

Hola he intentado instalar la versión v7 de Routeros pero cada vez que lo instalo a las 3 o 4 horas el router se bloquea y tengo que reiniciar por más que leo mi configuración no veo nada anormal. Tengo un tunel eoip y dos bridges (uno para tv movistar y el otro para mi lan.) Con la versión V6 de Routeros tengo el router semanas sin reiniciar y no se despeina. Os pego mi configuración por si alguien ve algo raro de mi configuración que haga que se bloquee. Gracias, un saludo

Código:
# feb/20/2022 15:52:38 by RouterOS 7.1.2
# software id = ZHHJ-5EFR
#
# model = RB4011iGS+
# serial number = B8F60A1
/interface bridge
add name=Bridge protocol-mode=none
add igmp-snooping=yes mtu=1500 name=IPTV-Bridge protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] name=Gateway-e1
set [ find default-name=ether2 ] loop-protect=off name=LAN-e2
set [ find default-name=ether3 ] name=LAN-e3
set [ find default-name=ether4 ] name=LAN-e4
set [ find default-name=ether5 ] name=LAN-e5
set [ find default-name=ether6 ] name=LAN-e6
set [ find default-name=ether7 ] name=LAN-e7
set [ find default-name=ether8 ] name=LAN-e8
set [ find default-name=ether9 ] name=LAN-e9
set [ find default-name=ether10 ] name=LAN-e10
set [ find default-name=sfp-sfpplus1 ] advertise=10000M-full
/interface eoip
add !keepalive mac-address=FE::EE mtu=1500 name=tunnel-to-B \
    remote-address=XXXXXXXX.sn.mynetname.net tunnel-id=0
/interface vlan
add interface=Gateway-e1 name=Internet-vlan6 vlan-id=6
add interface=Gateway-e1 name=Iptv-vlan2 vlan-id=2
add disabled=yes interface=Gateway-e1 name=Voip-vlan3 vlan-id=3
/interface pppoe-client
add add-default-route=yes allow=pap,chap disabled=no interface=Internet-vlan6 \
    keepalive-timeout=60 max-mru=1492 max-mtu=1492 name=pppoe-out1 user=\
    adslppp@telefonicanetpa
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add comment="Vlan2 (Iptv) & Vlan3 (Voip)" name=Vlan2&3
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=240 name=Movistar_decoder_option value=\
    "':::::239.0.2.10:22222:v6.0:239.0.2.30:22222'"
/ip pool
add comment="Pool for IPTV-Bridge subnet, common hosts (192.168.88.2-126)" \
    name=IPTV-subnet-pool ranges=192.168.10.50-192.168.10.126
add comment="Pool for IPTV-bridge subnet, Movistar Decoders" name=\
    IPTV-decoder-pool ranges=192.168.10.200-192.168.10.206
add name=pool-bridge ranges=192.168.88.2-192.168.88.126
/ip dhcp-server
add address-pool=IPTV-subnet-pool interface=IPTV-Bridge lease-time=22h name=\
    IPTV-dhcp-server
add address-pool=pool-bridge interface=Bridge name=server1
/port
set 0 name=serial0
set 1 name=serial1
/routing bgp template
set default as=65530 disabled=no name=default output.network=bgp-networks
/routing ospf instance
add name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/routing rip instance
add afi=ipv4 disabled=no name=rip
/system logging action
set 0 memory-lines=100
/interface bridge port
add bridge=IPTV-Bridge ingress-filtering=no interface=LAN-e2
add bridge=Bridge ingress-filtering=no interface=LAN-e5
add bridge=Bridge ingress-filtering=no interface=LAN-e6
add bridge=Bridge ingress-filtering=no interface=LAN-e7
add bridge=Bridge ingress-filtering=no interface=LAN-e8
add bridge=Bridge ingress-filtering=no interface=LAN-e10
add bridge=Bridge ingress-filtering=no interface=LAN-e9
add bridge=Bridge ingress-filtering=no interface=sfp-sfpplus1
add bridge=IPTV-Bridge ingress-filtering=no interface=LAN-e3
add bridge=IPTV-Bridge ingress-filtering=no interface=LAN-e4
add bridge=IPTV-Bridge ingress-filtering=no interface=tunnel-to-B
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set max-neighbor-entries=8192 tcp-syncookies=yes
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=Gateway-e1 list=WAN
add interface=pppoe-out1 list=WAN
add interface=Iptv-vlan2 list=Vlan2&3
add interface=Voip-vlan3 list=Vlan2&3
add interface=IPTV-Bridge list=LAN
add interface=Bridge list=LAN
/ip address
add address=192.168.100.2/24 comment="Router's address from ONT. Huawei's ONT \
    HG8240H access through 192.168.100.1" interface=Gateway-e1 network=\
    192.168.100.0
add address=192.168.10.1/24 comment="IPTV subnet" interface=IPTV-Bridge \
    network=192.168.10.0
add address=10.86.113.XX10 comment="My Telefonica's IPTV address" interface=\
    Iptv-vlan2 network=10.64.0.0
add address=192.168.88.1/24 comment=BRIDGE interface=Bridge network=\
    192.168.88.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip dhcp-client
add add-default-route=no disabled=yes interface=Voip-vlan3 use-peer-ntp=no
/ip dhcp-server config
set store-leases-disk=never
/ip dhcp-server lease
add address=192.168.10.205 client-id="48:55:4d:41:58:5f:50:54:54:31:30:30:30:5\
    f:45:53:5f:45:38:42:32:46:45:30:41:44:46:33:36" mac-address=\
    E8:B2:FE:0A:DF:36 server=IPTV-dhcp-server
/ip dhcp-server network
add address=192.168.10.0/24 comment=\
    "IPTV-Bridge common hosts subnet (192.168.88.2-126)" gateway=192.168.10.1 \
    netmask=24
add address=192.168.10.200/29 comment="IPTV-Bridge subnet for decoders" \
    dhcp-option=Movistar_decoder_option dns-server=172.26.23.3 gateway=\
    192.168.10.1 netmask=24
add address=192.168.88.0/24 dns-server=192.168.88.73,192.168.88.1 gateway=\
    192.168.88.1 netmask=24
/ip dhcp-server vendor-class-id
add address-pool=IPTV-decoder-pool name=Movistar-Decoder server=\
    IPTV-dhcp-server vid="[IAL]"
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall address-list
add address=b8f6XXXXX.sn.mynetname.net list=public-ip
add address=216.218.206.0/24 comment="Blocked external address list" list=\
    Blocked_address_list
add address=146.88.240.0/24 list=Blocked_address_list
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=input comment=\
    "Accept vlan2 & 3  (Iptv & Voip) multicast & broadcast traffic" \
    dst-address-type=!unicast in-interface-list=Vlan2&3
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="Allow IPSec" dst-port=500,4500 \
    protocol=udp
add action=drop chain=input comment=\
    "Drop attackers from Blocked address list" src-address-list=\
    Blocked_address_list
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward connection-state=\
    established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all new from WAN not DSTNATed" connection-nat-state=\
    !dstnat connection-state=new in-interface-list=WAN
add action=drop chain=forward comment=\
    "Drop all new unicast traffic from vlan3 & 2 (Voip & Iptv) not DSTNATed" \
    connection-nat-state=!dstnat connection-state=new dst-address-type=\
    unicast in-interface-list=Vlan2&3
/ip firewall mangle
add action=set-priority chain=postrouting comment="Prioritise Voip packets" \
    disabled=yes new-priority=5 out-interface=Voip-vlan3 passthrough=yes
add action=set-priority chain=postrouting comment="Prioritise Iptv packets" \
    new-priority=4 out-interface=Iptv-vlan2 passthrough=yes
add action=set-priority chain=postrouting new-priority=1 out-interface=\
    pppoe-out1
add action=add-src-to-address-list address-list=vod-receiver \
    address-list-timeout=1m chain=postrouting comment="RTSP - VOD Movistar" \
    connection-state=new dst-port=554 out-interface=Iptv-vlan2 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment=hairpin-nat dst-address=\
    192.168.88.0/25 src-address=192.168.88.0/25
add action=masquerade chain=srcnat comment=\
    "defconf: masq. non  ipsec WAN traffic" ipsec-policy=out,none \
    out-interface-list=WAN
add action=masquerade chain=srcnat comment=\
    "masq. vlan2 & vlan3 (Iptv & Voip)" out-interface-list=Vlan2&3
add action=dst-nat chain=dstnat comment=nginx dst-address-list=public-ip \
    dst-port=80 protocol=tcp to-addresses=192.168.88.73 to-ports=80
add action=dst-nat chain=dstnat comment=nginx dst-address-list=public-ip \
    dst-port=443 protocol=tcp to-addresses=192.168.88.73 to-ports=443
add action=dst-nat chain=dstnat comment=wireguard dst-address-list=public-ip \
    dst-port=51820 protocol=udp to-addresses=192.168.88.73 to-ports=51820
add action=dst-nat chain=dstnat comment=openvpn dst-address-list=public-ip \
    dst-port=1195 protocol=udp to-addresses=192.168.88.3
add action=dst-nat chain=dstnat comment="puerto qbittorrent" \
    dst-address-list=public-ip dst-port=5999 protocol=tcp to-addresses=\
    192.168.88.73 to-ports=5999
add action=dst-nat chain=dstnat comment="plex debian" dst-port=32401 \
    in-interface-list=WAN protocol=tcp to-addresses=192.168.88.73 to-ports=\
    32400
add action=dst-nat chain=dstnat comment="plex synology" disabled=yes \
    dst-port=5222 in-interface-list=WAN protocol=tcp to-addresses=\
    192.168.88.3 to-ports=32400
add action=dst-nat chain=dstnat comment=acestream disabled=yes dst-port=10001 \
    protocol=tcp to-addresses=192.168.88.25 to-ports=10001
add action=dst-nat chain=dstnat disabled=yes dst-port=4500,1701,500,32400 \
    in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.88.3
add action=dst-nat chain=dstnat comment="VOD Script" dst-address-type=local \
    in-interface=Iptv-vlan2 to-addresses=192.168.10.206
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8228
set ssh disabled=yes
set winbox port=8111
/ip upnp interfaces
add interface=pppoe-out1 type=external
add interface=IPTV-Bridge type=internal
/routing igmp-proxy
set query-interval=30s quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=Iptv-vlan2 upstream=yes
add interface=IPTV-Bridge
/routing rip interface-template
add instance=rip interfaces=Voip-vlan3,Iptv-vlan2 mode=passive
add instance=rip interfaces=Voip-vlan3,Iptv-vlan2 mode=passive
/system clock
set time-zone-name=Europe/Madrid
/system identity
set name=MK-router
/system ntp client
set mode=broadcast
/system resource irq rps
set sfp-sfpplus1 disabled=no
/system scheduler
add interval=6s name=vod on-event=vod policy=read,write start-time=startup
add interval=1w name=backups on-event=cloud-backup policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=jan/01/2021 start-time=05:00:00
/system script
add dont-require-permissions=no name=vod owner=admin policy=read,write \
    source=":local iplist [:len [/ip firewall address-list find list=\"vod-rec\
    eiver\"]]\
    \n:local rules [:len [/ip firewall nat find where comment=\"VOD Script\"]]\
    \n#:log info \"VODScript: IPs in list are \$iplist !\"\
    \n#:log info \"VODScript: Rules are \$rules !\"\
    \n:if (\$iplist = 0 and \$rules > 0) do={\
    \n\t#/ip firewall nat remove [find comment=\"VOD Script\"];\
    \n\t#:log info \"VODScript: Rule removed !\"\
    \n} else {\
    \n\t:local ipadressnew [/ip firewall address-list get [:pick [/ip firewall\
    \_address-list find list=\"vod-receiver\"] (\$iplist-1)] address]\
    \n\t:local ipadressold \"None\"\
    \n\t#:log info \"VODScript: IP address new is \$ipadressnew !\"\
    \n\t:if (\$iplist > 0 ) do {\
    \n\t\tif (\$rules > 0 ) do {\
    \n\t\t\t:set ipadressold [/ip firewall nat get [find comment=\"VOD Script\
    \"] to-addresses] \
    \n\t\t\t#:log info \"VODScript: IP address old is \$ipadressold !\"\
    \n\t\t}\
    \n\t\t:if (\$ipadressnew != \$ipadressold) do={\
    \n\t\t\tif (\$rules > 0 ) do {\
    \n\t\t\t\t/ip firewall nat remove [find comment=\"VOD Script\"];\
    \n\t\t\t}\
    \n\t\t\t/ip firewall nat add action=dst-nat chain=dstnat comment=\"VOD Scr\
    ipt\" dst-address-type=local in-interface=Iptv-vlan2 to-addresses=\$ipadre\
    ssnew\
    \n\t\t\t:log info \"VODScript: IP address changed from \$ipadressold to \$\
    ipadressnew !\"\
    \n\t\t}\
    \n\t}\
    \n}"
/system watchdog
set automatic-supout=no watch-address=8.8.8.8 watchdog-timer=no
 
Prueba a meterle un reset al equipo y, dejando que cargue la configuración por defecto de la v7, meterle luego poco a poco tu configuración particular encima. A simple vista no veo nada que me rechine en exceso, pero tienes mucha configuración propia, así que mejor aprovecha y limpia.

También aprovecharía para subir la versión del firmware del equipo, en System > Routerborad > Upgrade.

Saludos!
 
Código:
/system watchdog
set automatic-supout=no watch-address=8.8.8.8 watchdog-timer=no

Sabes lo que hace ese comando? https://wiki.mikrotik.com/wiki/Manual:System/Watchdog

Quita eso y prueba.

Saludos!
Pensaba que era para reiniciar el router cuando no le llegaba internet, ya lo he quitado, gracias.
Parece que el problema del bloqueo de con la V7 era el puerto SFP+ (lo tenía conectado a un switch) ha sido quitarlo y conectarlo con un cable de red normal y funcionar de momento 6 horas sin problemas. Probaré cuando tenga hueco esta semana a volver a poner el SFP+ nuevamente a ver si responde ahora bien. Gracias :).
 
Lo que hacía que el router se bloqueara era el túnel eoip que el otro extremo no estaba actualizado a routeros y cuando intentaba reproducir con el decodificador se bloqueaba en mi casa. Ha sido actualizar el otro router a la v7 y funcionar todo perfectamente.

Enviado desde mi 21051182G mediante Tapatalk
 
Arriba