Testing GNU/Linux live cds on HP 250 G6 2SX60EA

These are some live cds that I tested in an HP 250 G6 2SX60EA laptop and their simple results:

• Rescatux 0.51b3: Show «Progress linux» prompt. This CLI mode does not let me log in with Debian Live default user and password.
• Rescatux 0.62b1 (This is a private release, not a public one): Show «Progress linux» prompt. This CLI mode does not let me log in with Debian Live default user and password.
• debian-live-9.7.0-amd64-gnome.iso: Show «Progress linux» prompt. This CLI mode does not let me log in with Debian Live default user and password.
• debian-live-testing-amd64-gnome.iso: Graphical desktop but without wifi.
• ubuntu-18.10-desktop-amd64.iso: Graphical desktop and wifi.
• debian-live-testing-amd64-gnome+nonfree.iso: Graphical desktop and wifi.

The next batch of tests were done using Super Grub2 Disk 2.02s10 and trying to boot into all the OSes available on the system as it comes from the factory.

• Boots into FreeDOS ok when booted in BIOS mode.
• It is not able to boot HPDOCS (that’s normal because it is started from a syslinux.cfg file).

Xorg fix for Grunding Cinaro

I have a Grunding Cinaro. It is a quite old television that happens to have an HDMI input. I think it’s a 576p or 720p HDMI input.

The specific Grunding model is: GRUNDING Cinaro 32 LXW 82-6612 REF .

Anyways the specific fix is not HDMI but for its VGA input.

This television has a PC source input which enables you to connect an VGA cable plus a 3.5 mm audio jack into it.

 

I have an small PC which I connect thanks to VGA to it.

The 1024×768 mode seem to work fine.

 

The 1280×720 mode at 60  Hz which would match some high quality output does not work ok.

The screen happens to moved to the right or the left and you miss part of your PC desktop on your television output.

 

As far as I concluded this comes from a wrong EDID announcement.

It seems that when a PC is connected to a device which offers a VGA port then the device announces the different modes with its sizes, resolutions, positions, etc.

And this announcement uses the EDID standard.

 

Well, let’s check what wikipedia says about EDID.

Extended Display Identification Data (EDID) is a metadata format for display devices to describe their capabilities to a video source (e.g. graphics card or set-top box). The data format is defined by a standard published by the Video Electronics Standards Association (VESA).

The EDID data structure includes manufacturer name and serial number, product type, phosphor or filter type, timings supported by the display, display size, luminance data and (for digital displays only) pixel mapping data.

 

So, now, you know.

How do you fix your output to use Grunding Cinaro to its full potential from its VGA port?

 

Here there is an script that it is run once I log in to my desktop.

#!/bin/bash                                                                                                                                                                                                                                                                             
# 60 Hz                                                                                                                                                                                                                                                                                    
xrandr --newmode "1280x720_60.00" 74.48  1280 1336 1472 1664  720 721 724 746  -HSync +Vsync
xrandr --addmode VGA-1 1280x720_60.00
xrandr --output VGA-1 --mode 1280x720_60.00
# 75 Hz
#xrandr --newmode "1280x720_75.00" 95.65  1280 1352 1488 1696  720 721 724 752  -HSync +Vsync
#xrandr --addmode VGA-1 1280x720_75.00
#xrandr --output VGA-1 --mode 1280x720_75.00

 

As you might guess 1280×720 at 75Hz does not work so well. 1280×720 at 60Hz is fine for me.

 

Enjoy!

A pesar de todo te quiero

Cuchi, …, cuchi,
saludo resuena alto,
sin embargo lejano.

Hasta trinidad de veces,
destrocé tu querer,
añicos a tu corazón,
hice sin compasión.

Como tortura recurrente,
tras trinidad de amaneceres,
los remordimientos florecen.

Comparto el instante,
con un fantasma,
este me escucha,
e incluso me comprende.

Mas no es lo mismo,
que aquellos momentos,
los mios contigo.

Añoro en ti perderme,
tu cabello de oro,
cosquillas me daba.

Tu olor lo inundaba,
mi vida perfumada,
mi alma y la tuya.

Sentir el riesgo,
que me infringías,
encontrar sentido,
romper la rutina.

No está claro,
me decías,
y de nuevo, repetías.

Contigo siempre era,
de nuestros días,
el último de nuestra era.

No podía pasar página,
pues conmigo te enojabas,
tus sentimientos afloraban,
brasas no apagadas.

Ahora me siento,
de igual modo,
las brasas escuecen.

De ellas vivo fuego,
todo lo deslumbra,
al final, en verdad,
a pesar de todo,
¡Te quiero!

Te extraño

Sé que lo nuestro,
al fin y al cabo,
amor de verano.

Yo bien quisiera,
que así no fuera,
mas doyme cuenta,
nuestras almas,
no son gemelas.

Sólo, una semana,
mas parecen años,
¡Oh! mi luciérnaga,
cuánto te extraño.

Recuerdos del ayer,
cuando los dos de la mano,
paseábamos enamorados.
¡Cuánto te extraño!

¿Quién me dirá,
que tenga cuidado,
con el coche?
¿Quién me repetirá,
qué fichaje?

Tu cara se me aparece,
caritas me pones,
enfermo de amor,
de nuevo me seduces.

Mas no es sino recuerdo,
un último aliento,
de esa atracción,
que no controlamos.

Amor de verano,
quién pudiera verte de nuevo,
fulgor del deseo,
que tanto extraño.

El fulgor del deseo

Se cruzan las miradas,
guiños de complicidades pasadas.
Recorro tu brazo,
de arriba a abajo,
en mi cuello,
siento tu suspiro.

Y al poco un susurro,
que me dices suavecito,
te respondo bajito.

Mis labios se encuentran,
de repente con tu boca,
tu lengua juguetona,
sólo juega a encontrarme,
sólo juega a abandonarme.

Beso tras de beso,
con mucho esmero,
caricia tras caricia,
mientras no me entero,
con la camisa desabrochada,
delante de ti,
me encuentro indefenso.

De la mano me llevas,
a tu ancha alcoba,
de probar tus frutas,
ya va siendo hora,
mordida a mordida,
las siento muy maduras.

Jugueteo con ellas,
cómo a ti te gusta,
a sorbos me sirvo,
banquete divino.

El fulgor del deseo,
recorre nuestros cuerpos,
la hora ha llegado,
los cuerpos se han besado.

Compás tras compás,
tu cuerpo se torna fuente,
y a mi se agarra fuerte.

Siento todo tu cuerpo,
se mueve con cadencia,
tu respiración entrecortada,
si no esto no es la gloria,
entonces no lo es nada.

Te miro el rostro,
cara de disfrute,
mirada de goce.

Llevarme dejo,
pues tu imagen,
conmigo puede.

Es un instante,
que para mí,
quisiera eterno,
abrazado junto a ti.

La melena de Margoth

Margoz o Margot,
eso no importa,
pues es tu melena,
la que en sueños,
mi cuerpo enreda.

Tu dulce mirada,
me embelesa,
ella me atrapa,
y yo caigo,
al final rendido,
a tu belleza,

No soy si no,
tu presa.

Quick and dirty Debian package repository published in Sourceforge

Introduction

We are going to build a local repo and then push it to Sourceforge http server so that it’s public.

Requirements

apt-get install apt-utils

Create the new repo

Assumptions

• Binary and source package already available
• We decide to have jessie and jessie-dev
• All our packages are main section packages
• Our architecture is i386

That means, e.g. that we already have:

chntpw_1.0.orig.tar.gz
chntpw_1.0-2.dsc
chntpw_1.0-2.diff.gz
chntpw_1.0-2_i386.deb
chntpw_1.0-2_i386.changes

Directory structure

mkdir -p /home/adrian/gnu/rescatux/repo
mkdir -p /home/adrian/gnu/rescatux/repo/jessie
mkdir -p /home/adrian/gnu/rescatux/repo/jessie-dev
mkdir -p /home/adrian/gnu/rescatux/repo/dists/jessie-dev/main/binary-i386/
mkdir -p /home/adrian/gnu/rescatux/repo/dists/jessie/main/binary-i386/

Directory structure for packages

The packages I want to upload for now are: chntpw and rescapp .
So that everything is tidy.

mkdir -p /home/adrian/gnu/rescatux/repo/jessie/chntpw
mkdir -p /home/adrian/gnu/rescatux/repo/jessie-dev/chntpw
mkdir -p /home/adrian/gnu/rescatux/repo/jessie/rescapp
mkdir -p /home/adrian/gnu/rescatux/repo/jessie-dev/rescapp

Populate repo (chntpw)

I copy:

chntpw_1.0.orig.tar.gz
chntpw_1.0-2.dsc
chntpw_1.0-2.diff.gz
chntpw_1.0-2_i386.deb
chntpw_1.0-2_i386.changes

into this folder:

/home/adrian/gnu/rescatux/repo/jessie-dev/chntpw

Populate repo (rescapp)

I copy:

rescapp_0.51b1-1.debian.tar.xz
rescapp_0.51b1-1.dsc
rescapp_0.51b1-1_i386.changes
rescapp_0.51b1-1_i386.deb
rescapp_0.51b1.orig.tar.gz

into this folder:

/home/adrian/gnu/rescatux/repo/jessie-dev/rescapp

Generate needed files (including source files)

cd /home/adrian/gnu/rescatux/repo

apt-ftparchive packages jessie-dev | gzip -c > dists/jessie-dev/main/binary-i386/Packages.gz
apt-ftparchive packages jessie | gzip -c > dists/jessie/main/binary-i386/Packages.gz
apt-ftparchive sources jessie-dev | gzip -c > dists/jessie-dev/main/binary-i386/Sources.gz
apt-ftparchive sources jessie | gzip -c > dists/jessie/main/binary-i386/Sources.gz

I ignore these messages:

chntpw has no source override entry
chntpw has no binary override entry either

Pushing repo into Sourceforge

First of all you need to create an sftp connection by the means of ssh.
Let’s assume that sfuser is your Sourceforge user and that your project unix name is: sfproject .

ssh -t sfuser,sfproject@shell.sourceforge.net create

Now connect thanks to Filezilla with this quick settings:

• • Server:sftp://frs.sourceforge.net
  • User:sfuser,sfproject
  • Password:TooSecret
  • Port:22

Now browse into:

/home/project-web/sfproject/htdocs

and push there your local repo folder so that you have:

/home/project-web/sfproject/htdocs/repo

and you are done.

Additionally if you want anyone to be able to download your packages without using apt but simply using their browser you should upload:

/home/project-web/sfproject/htdocs/repo/.htaccess

with this single line as its content:

Options +Indexes

Final user use of your repo

They should create the file:

/etc/apt/sources.list.d/myrepo.list

with this content:

deb http://sfproject.sourceforge.io/repo/ jessie-dev main

Finally, make the system aware of this new repo thanks to:

apt-get update

Now my final user can install these packages like this:

apt-get install chntpw

or

apt-get install rescapp

TODO

Sign the packages and maybe provide a keyring package.

Useful links

• The Debian Administrator’s Handbook – Creating a Package Repository for APT
• Sourceforge Project Web Services Documentation

blink SIP client Pulseaudio setup

What is blink

Blink is a state of the art, easy to use SIP client.

Blink Screenshot (Contacts page)

What is the problem with blink?

Blink does not support pulseaudio by default. It only supports alsa (as per November 2017).

Not supporting alsa directly makes Blink setup in a Pulseaudio environment more challenging because when you select an alsa device it’s grabbed by blink.

Otherwise if pulseaudio grabs this same alsa device when you start Blink the same alsa device disappears from audio setup.

Let me show what was my setup before applying the workaround explained here.

 

Blink Input devices setup (Pre workaround)

The default «Playback/recording through the Pulseaudio sound server» device is a pulse plugin based alsa device which connects with pulseaudio. Unfortunately it’s bind to only one physical device at a time. I use it as both as an Input Device and an Output Device.

E.g. if pulseaudio has my headphones as default device then headphones will be used.

E.g. if pulseaudio has my usb speaker as default device then sound will come out from the usb speaker but no sound will be captured!

As an Alert Device I select HDA Intel PCH which it’s a native alsa device and that means that it’s not controlled by pulseaudio but from Blink directly.

How to identify  your ALSA devices

I later found out this section was not necessary but I write down this as extra documentation. You can skip to the How to identify your Pulseaudio devices section below.

With aplay

aplay -L | grep :CARD
hdmi:CARD=HDMI,DEV=0
dmix:CARD=HDMI,DEV=3
dsnoop:CARD=HDMI,DEV=3
hw:CARD=HDMI,DEV=3
plughw:CARD=HDMI,DEV=3
sysdefault:CARD=PCH
front:CARD=PCH,DEV=0
surround21:CARD=PCH,DEV=0
surround40:CARD=PCH,DEV=0
surround41:CARD=PCH,DEV=0
surround50:CARD=PCH,DEV=0
surround51:CARD=PCH,DEV=0
surround71:CARD=PCH,DEV=0
dmix:CARD=PCH,DEV=0
dsnoop:CARD=PCH,DEV=0
hw:CARD=PCH,DEV=0
plughw:CARD=PCH,DEV=0
sysdefault:CARD=Device
front:CARD=Device,DEV=0
surround21:CARD=Device,DEV=0
surround40:CARD=Device,DEV=0
surround41:CARD=Device,DEV=0
surround50:CARD=Device,DEV=0
surround51:CARD=Device,DEV=0
surround71:CARD=Device,DEV=0
iec958:CARD=Device,DEV=0
dmix:CARD=Device,DEV=0
dsnoop:CARD=Device,DEV=0
hw:CARD=Device,DEV=0
plughw:CARD=Device,DEV=0

With proc asound

cat /proc/asound/card*/id

HDMI
PCH
Device

Play your music in your cards

aplay -D hw:PCH your_favourite_sound.wav
aplay -D hdmi:HDMI your_favourite_sound.wav
aplay -D front:Device your_favourite_sound.wav

What I found out in my case

HDMI hdmi:HDMI (Screen – Not used by me)
PCH hw:PCH (USB Speakers)
Device front:Device (USB Headphones)

 

How to identify your Pulseaudio devices

Show different microphones

pacmd list-sources | grep -e device.string -e 'name:'

name:  alsa_output.usb-C-Media_Electronics_Inc._USB_PnP_Sound_Device-00.analog-stereo.monitor >
  device.string = "2"
name:  alsa_input.usb-C-Media_Electronics_Inc._USB_PnP_Sound_Device-00.analog-mono >
  device.string = "hw:2"
name:  alsa_output.pci-0000_00_1b.0.analog-stereo.monitor >
  device.string = "1"
name:  alsa_input.pci-0000_00_1b.0.analog-stereo >
  device.string = "front:1"
name:  alsa_output.pci-0000_00_03.0.hdmi-stereo.monitor >
  device.string = "0"

Show different outputs

pacmd list-sinks | grep -e 'name:' -e 'index'

* index: 0
  name:  alsa_output.usb-C-Media_Electronics_Inc._USB_PnP_Sound_Device-00.analog-stereo >
index: 1
  name:  alsa_output.pci-0000_00_1b.0.analog-stereo >
index: 2
  name:  alsa_output.pci-0000_00_03.0.hdmi-stereo >

.asoundrc workaround

This setups the different alsa devices which I have identified in the How to identify your Pulseaudio devices section with the specific pulse plugin which helps alsa and pulseaudio devices to coexist.

Now, unlike the default «Playback/recording through the Pulseaudio sound server» device now you will be able to select the specific device where you want your sound to be output.

Additionally thanks to the hint entries you can put more human names to the devices which alsa programs see.

My ~/.asoundrc contents are:

 pcm.pulse-my-usb-speaker {
     type pulse
     device "alsa_output.pci-0000_00_1b.0.analog-stereo"
     hint.description "My USB Speaker (Pulse)"
 }

  pcm.pulse-my-usb-headphones-out {
     type pulse
     device "alsa_output.usb-C-Media_Electronics_Inc._USB_PnP_Sound_Device-00.analog-stereo"
     hint.description "My USB Headphones OUT (Pulse)"
 }

   pcm.pulse-my-usb-headphones-mic {
     type pulse
     device "alsa_input.usb-C-Media_Electronics_Inc._USB_PnP_Sound_Device-00.analog-mono"
     hint.description "My USB Headphones MIC (Pulse)"
 }

How blink finally detects new devices

Once ~/.asoundrc is saved you need to quit Blink and restart it so that it recognises the new ‘alsa’ devices.

Here there is the Audio tab in the Blink Preferences dialog after selecting my ‘new’ devices.

 

Blink Audio Preferences – Input Devices – Post pulseaudio workaround

The custom names are pretty obvious. Now I can select my USB speaker as the alert device and as input / output devices I use my headphones.

Alternative setups

Some ALSA purists might say that it would be better for pulseaudio to turn off the devices you want to use from Blink.

So that Blink uses those devices through native alsa where you probably have a better sound.

I don’t care too much about having an slightly better sound. What I want to is all my apps to use the different audio devices and not having to deal with an audio device disappearing in Blink because other programs (e.g. pulseaudio) used it first.

Final words

I have been trying this setup for about three days. The alert device does not disappear when used from another program. And sound quality is ok for me.

I recommend to try this setup (you can easily switch it off by renaming ~/.asoundrc,quitting Blink and starting Blink again ) if you are using Blink in a pulseaudio system and you struggle when dealing with several audio devices like me.

Africaella – El despertar huérfano

Ayer lejos de ti,
conectado no obstante,
por mi cuerpo sentí,
momentos impactantes.

Temprano el cartero,
ninguna misiva traía.
Mi saludo certero,
mi saludo mañanero,
desvanecía al alba.

No lo pude asumir,
acongojada mi alma,
de amor desfenecí.

De ti depende,
que este poema,
más que humo,
este sea.

Mikrotik – QoS (Quality of Service) para VoIP (Orange FTTH)

Mikrotik – QoS (Quality of Service) para VoIP

Howto anterior

Este howto puede considerarse una segunda parte de Livebox Orange detrás de router neutro Mikrotik con VoIP funcionando

Objetivos

• Garantizar un mínimo de ancho de banda de conexión a Internet para VoIP

Diferencias con otros howtos

• Basada en red 192.168.1.1/24 (se conserva esta porque se heredó de una red de Teléfonica / Movistar ADSL)
• En la medida de lo posible se explican los diferentes pasos realizados y no es un simple «Copiar y pegar todos los comandos»
• Se conecta al Microtik mediante ssh en lugar de con winbox o utilidades similares
• No se sacaran passwords de SIP del Livebox para sustituir por un dispositivo VoIP

Materiales

• Mikrotik CRS125-24G-1S-RM (También aplicable a Mikrotik 750 y otros modelos)
• Dispositivo VoIP (Opcional si podemos usar el PC)

Cómo conectarse al Microtik

• Sólo podemos conectarnos por cable (este modelo no tiene Wifi). Aún así, aunque tuviera wifi lo recomendable es conectarse por cable.
• El PC lo tendremos que configurar, para mayor comodidad, para trabajar con ip estática y en el mismo rango que el de Microtik.
• Abrimos un cliente SSH (putty en Windows) y lo apuntamos a la ip (que tenga en ese momento el Microtik) con el usuario: admin . Por ejemplo:  admin@192.168.88.1 .
• Nos conectamos al puerto 2

Describiremos cómo configuramos el Mikrotik.

Configuración de red del PC

Para conectarse al router tenemos que configurar la red de nuestro PC para interactuar con él. En nuestro caso la ip del Mikrotik es: 192.168.1.1 .

IP: 192.168.1.10
Mascara de red: 255.255.255.0

service network-manager stop
ifconfig eth0 192.168.1.10 netmask 255.255.255.0

Conexión inicial a Mikrotik

Nos conectamos al router por ssh en el puerto 3.

ssh -p 22 admin@192.168.1.1

Aceptamos la key.

Nos aparece algo parecido a:

  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS X.YY.Z (c) 1999-2016       http://www.mikrotik.com/

[?]             Gives the list of available commands
command [?]     Gives help on the command and list of arguments

[Tab]           Completes the command/word. If the input is ambiguous,
                a second [Tab] gives possible options

/               Move up to base level
..              Move up one level
/command        Use command at the base level

[admin@MikroTik] >

Pulsamos cualquier tecla para continuar.

Ahora por comodidad vamos a hacer un dump de la configuración actual.

/export file=dump_prevoip_20171030

Con scp (desde el PC) podemos obtener este dump.

scp -P 22 admin@192.168.1.1:dump_prevoip_20171030.rsc .

Mangle del tráfico hacia centralita IP

Marcaremos los diferentes tráficos VoIP para que luego puedan ser priorizados.
La direcci\’on de la centralita en este ejemplo va a ser: 192.168.1.246 . La centralita está dentro de nuestra red local y conecta a un trunk sip externo.
Así pues hemos de priorizar tanto el tráfico que va hacía ella como el que sale de ella.

Mangle de la conexi\’on SIP

Los paquetes SIP permiten conectar desde los clientes SIP (teléfonos) a la centralita.
Aquí marcamos la conexión porque es más eficiente para marcar después los paquetes.
Para identificar el tráfico SIP buscamos los paquetes que van a la centralita así como los que vuelven desde ella usando el puerto 5060 (el puerto SIP por defecto).

/ip firewall mangle
add chain=forward dst-address=192.168.1.246 protocol=tcp dst-port=5060\
 action=mark-connection new-connection-mark=sip-connection
/ip firewall mangle
add chain=forward src-address=192.168.1.246 protocol=tcp src-port=5060\
 action=mark-connection new-connection-mark=sip-connection-out

Mangle de los paquetes SIP

Ahora ya podemos, a partir de las conexiones marcar cada uno de los paquetes.

/ip firewall mangle
add action=mark-packet chain=forward connection-mark=sip-connection new-packet-mark=SIP
/ip firewall mangle
add action=mark-packet chain=forward connection-mark=sip-connection-out new-packet-mark=SIP

Mangle de la conexion RTP

Los paquetes RTP permiten conectar la centralita al exterior (trunk).
Aquí marcamos la conexión porque es más eficiente para marcar después los paquetes.
Para identificar el tráfico RTP buscamos los paquetes que van a la centralita así como los que vuelven desde ella usando los puertos desde 10000 hasta 20000 (puertos RTP que se emplean por defecto) en UDP.

/ip firewall mangle
add action=mark-connection chain=forward dst-address=192.168.1.246\
 new-connection-mark=rtp-connection port=10000-20000 protocol=udp
/ip firewall mangle
add action=mark-connection chain=forward src-address=192.168.1.246\
 new-connection-mark=rtp-connection-out port=10000-20000 protocol=udp

Mangle de los paquetes RTP

Ahora ya podemos, a partir de las conexiones marcar cada uno de los paquetes.

add action=mark-packet chain=forward connection-mark=rtp-connection new-packet-mark=RTP
add action=mark-packet chain=forward connection-mark=rtp-connection-out new-packet-mark=RTP

Cambio del DSCP

En teorí el dscp dentro de una red interna dará más prioridad a nuestro tráfico (útil si este tuviera que viajar por varios switches locales).

/ip firewall mangle
add action=change-dscp chain=postrouting disabled=no packet-mark=SIP new-dscp=46


/ip firewall mangle
add action=change-dscp chain=postrouting disabled=no packet-mark=RTP new-dscp=46

Tag prioridad de vlan

Forzaremos la prioridad 5 de IEEE 802.1p para los paquetes que saquemos por la vlan de Orange.
Obviamente sólo afectará a los que salgan al exterior desde la centralita usando los puertos de RTP (recordemos que es el tráfico que va desde la centralita al trunk).
La prioridad 5 se suele usar para VoIP según el estándar de IEEE 802.1p.

/ip firewall mangle
add action=set-priority chain=output src-address=192.168.1.246\
 new-priority=5 port=10000-20000 protocol=udp out-interface=ether24-vlan832

Colas de prioridad

Nosotros tenemos 300 Mbps de subida y 300 Mbps de bajada.
Nuestra salida a Internet es a través de la interfaz ether24-vlan832.
Nuestra interfaz que se usa para conectar a todas las bocas es: ether1-master . En esa interfaz limitaremos la descarga.

Dada la bibliografía todo apunta a que por llamada VoIP se necesita:

• 88 kbps para RTP
• 65 kbps para SIP

Nosotros tenemos dos líneas VoIP así que no necesitaríamos más.
Pondremos 100 kbps para tener margen y supondremos que queremos 6 llamadas en paralelo para el día de mañana.

Así necesitaríamos:
6 llamadas x ( 100 kbps + 100 kbps ) = 1200 kbps

Del total: 300 Mbps = 307200 kbps repartiríamos:

• Subida para VoIP: 1200 kbps
• Subida para VoIP: 306000 kbps

Para la descarga o bajada realizaremos las mismas suposiciones que para la subida.

Cola padre de subida

En todos estos sistemas de priorización o limitación del ancho de banda tenemos que crear una limitación padre que contenga el 100% de nuestro ancho de banda. Yo he puesto el 100% porque nunca lo vamos usar aunque se recomienda usar el 80% de lo que realmente te dan por no tener problemas (el 20% se suele ir protocolos).

Así pues limitamos la subida a 300 mbps y a la mínima prioridad por defecto.

/queue tree
add limit-at=300M max-limit=300M name=subida parent=ether24-vlan832 priority=8 queue=default

Cola de subida RTP con prioridad 1

Las 6 llamadas simultaneas consumiendo RTP serían: 6 x 100 kbps = 600 kbps .
Gracias al marcado anterior de los paquetes con la marca RTP podemos con el limit-at reservarles 600 kbps sólo para ellos.

/queue tree
add limit-at=600k max-limit=600k name=subida_pri_1\
 packet-mark=RTP parent=subida priority=1 queue=default

Cola de subida SIP con prioridad 2

Las 6 llamadas simultaneas consumiendo SIP serían: 6 x 100 kbps = 600 kbps .
Gracias al marcado anterior de los paquetes con la marca SIP podemos con el limit-at reservarles 600 kbps sólo para ellos.

/queue tree
add limit-at=600k max-limit=600k name=subida_pri_2\
 packet-mark=SIP parent=subida priority=2 queue=default

Cola de subida para resto de tráfico

Este tráfico (el resto) tiene la prioridad mínima: 8.
No usamos limit-at porque no tenemos por qué garantizar este ancho de banda.

/queue tree
add max-limit=306000k name=subida_pri_8\
 packet-mark=no-mark parent=subida priority=8 queue=default

Cola padre de bajada

Aplican las mismas explicaciones que se dieron para las colas de subida.

/queue tree
add limit-at=300M max-limit=300M name=bajada parent=ether1-master priority=8 queue=default

Cola de bajada RTP con prioridad 1

Las 6 llamadas simultaneas consumiendo RTP serían: 6 x 100 kbps = 600 kbps

/queue tree
add limit-at=600k max-limit=600k name=bajada_pri_1\
 packet-mark=RTP parent=bajada priority=1 queue=default

Cola de bajada SIP con prioridad 2

/queue tree
add limit-at=600k max-limit=600k name=bajada_pri_2\
 packet-mark=SIP parent=bajada priority=2 queue=default

Cola de bajada para resto de tráfico

Este tráfico tiene la prioridad mínima: 8.
No usamos limit-at porque tenemos por qué garantizar este ancho de banda.

/queue tree
add max-limit=306000k name=bajada_pri_8 packet-mark=no-mark parent=bajada priority=8 queue=default

Bibliografía

• Common VoIP problems, How to detect, correct and avoid them. by Penny Tone LLC
• Mastering VoIP in RouterOS
• Vlans on Mikrotik environment
• Wikipedia – ES – IEEE 802.1p
• MANUAL: FTTH MOVISTAR/JAZZTEL CON ROUTER NEUTRO MIKROTIK

Referencia – Todos los comandos de VoIP

/ip firewall mangle
# 
add chain=forward dst-address=192.168.1.246 protocol=tcp dst-port=5060\
 action=mark-connection new-connection-mark=sip-connection
add chain=forward src-address=192.168.1.246 protocol=tcp src-port=5060\
 action=mark-connection new-connection-mark=sip-connection-out

add action=mark-packet chain=forward connection-mark=sip-connection new-packet-mark=SIP
add action=mark-packet chain=forward connection-mark=sip-connection-out new-packet-mark=SIP

add action=mark-connection chain=forward dst-address=192.168.1.246\
 new-connection-mark=rtp-connection port=10000-20000 protocol=udp
add action=mark-connection chain=forward src-address=192.168.1.246\
 new-connection-mark=rtp-connection-out port=10000-20000 protocol=udp

add action=mark-packet chain=forward connection-mark=rtp-connection new-packet-mark=RTP
add action=mark-packet chain=forward connection-mark=rtp-connection-out new-packet-mark=RTP

add action=change-dscp chain=postrouting disabled=no packet-mark=SIP new-dscp=46
add action=change-dscp chain=postrouting disabled=no packet-mark=RTP new-dscp=46

# IEEE 802.1p : Prioridad 5 al salir a Internet
add action=set-priority chain=output src-address=192.168.1.246 new-priority=5\
 port=10000-20000 protocol=udp out-interface=ether24-vlan832

/queue tree
add limit-at=300M max-limit=300M name=subida parent=ether24-vlan832 priority=8 queue=default
add limit-at=600k max-limit=600k name=subida_pri_1\
 packet-mark=RTP parent=subida priority=1 queue=default
add limit-at=600k max-limit=600k name=subida_pri_2\
 packet-mark=SIP parent=subida priority=2 queue=default
add max-limit=306000k name=subida_pri_8 packet-mark=no-mark parent=subida priority=8 queue=default
add limit-at=300M max-limit=300M name=bajada parent=ether1-master priority=8 queue=default
add limit-at=600k max-limit=600k name=bajada_pri_1\
 packet-mark=RTP parent=bajada priority=1 queue=default
add limit-at=600k max-limit=600k name=bajada_pri_2\
 packet-mark=SIP parent=bajada priority=2 queue=default
add max-limit=306000k name=bajada_pri_8 packet-mark=no-mark parent=bajada priority=8 queue=default

Extra – Sniffer para evaluar calidad

Lo suyo es realizar este paso antes y despues de aplicar el QoS de VoIP (con diferentes file-name) para evaluar su impacto.

/tool sniffer
set memory-limit=2048KiB
set file-name=voip-evaluar01.pcap
set filter-ip-address=192.168.1.246
start
# Realizar llamada
stop
# Obtener voip-evaluar01.pcap
# por scp

Usar Common VoIP problems, How to detect, correct and avoid them. by Penny Tone LLC para interpretar el jitter.
Nuestro objetivo ideal es obtener, en base a los requisitos de VoIP:

Perdida de paquetes: Menos del 5%.
Latencia: Menos de 120-150 ms en un sentido.
Jitter (Buffer menos de entre 1 o 3 ms).

Referencia – Configuración Mikrotik – Dump inicial

# oct/30/2017 21:52:39 by RouterOS 6.35.4
# software id = LLYC-IDAG
#
/interface ethernet
set [ find default-name=ether1 ] name=ether1-master
set [ find default-name=ether2 ] mac-address=E0:51:63:04:C6:32
set [ find default-name=ether3 ] master-port=ether1-master
set [ find default-name=ether4 ] master-port=ether1-master
set [ find default-name=ether5 ] master-port=ether1-master
set [ find default-name=ether6 ] master-port=ether1-master
set [ find default-name=ether7 ] master-port=ether1-master
set [ find default-name=ether8 ] master-port=ether1-master
set [ find default-name=ether9 ] master-port=ether1-master
set [ find default-name=ether10 ] master-port=ether1-master
set [ find default-name=ether11 ] master-port=ether1-master
set [ find default-name=ether12 ] master-port=ether1-master
set [ find default-name=ether13 ] master-port=ether1-master
set [ find default-name=ether14 ] master-port=ether1-master
set [ find default-name=ether15 ] master-port=ether1-master
set [ find default-name=ether16 ] master-port=ether1-master
set [ find default-name=ether17 ] master-port=ether1-master
set [ find default-name=ether18 ] master-port=ether1-master
set [ find default-name=ether19 ] master-port=ether1-master
set [ find default-name=ether20 ] master-port=ether1-master
set [ find default-name=ether21 ] master-port=ether1-master
set [ find default-name=ether22 ] master-port=ether1-master
set [ find default-name=ether23 ] master-port=ether1-master
set [ find default-name=sfp1 ] master-port=ether1-master
/interface vlan
add interface=ether2 name=ether2-vlan832 vlan-id=832
add interface=ether24 name=ether24-vlan832 vlan-id=832
/ip pool
add name=dhcp_pool1 ranges=192.168.1.30-192.168.1.250
add name=dhcp_pool2 ranges=192.168.99.2
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether1-master lease-time=3d \
    name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=ether24-vlan832 lease-time=\
    3d name=dhcp2
/interface ethernet switch port
set 0 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 1 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 2 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 3 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 4 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 5 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 6 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 7 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 8 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 9 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 10 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 11 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 12 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 13 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 14 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 15 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 16 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 17 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 18 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 19 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 20 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 21 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 22 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 23 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 24 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 25 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
/ip address
add address=192.168.1.1/24 interface=ether1-master network=192.168.1.0

/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether2-vlan832

/ip dhcp-server network
add address=192.168.1.0/24 dns-server=62.36.225.150,62.37.228.20 gateway=\
    192.168.1.1
add address=192.168.99.0/24 gateway=192.168.99.1
/ip firewall filter
add chain=input comment="defconf: accept ICMP" protocol=icmp
add chain=input comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=input comment=\
    "Drop de todo lo que viene desde nuestra WAN" in-interface=ether2-vlan832
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "Drop de todo lo que viene de la WAN que no esta DSTNATed" \
    connection-nat-state=!dstnat connection-state=new in-interface=\
    ether2-vlan832
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether2-vlan832

/ip service
set telnet disabled=yes
set www disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Asia/Jakarta
/system routerboard settings
set protected-routerboot=disabled

Referencia – Configuración Mikrotik final

# nov/04/2017 00:03:10 by RouterOS 6.35.4
# software id = LLYC-IDAG
#
/interface ethernet
set [ find default-name=ether1 ] name=ether1-master
set [ find default-name=ether2 ] mac-address=E0:51:63:04:C6:32
set [ find default-name=ether3 ] master-port=ether1-master
set [ find default-name=ether4 ] master-port=ether1-master
set [ find default-name=ether5 ] master-port=ether1-master
set [ find default-name=ether6 ] master-port=ether1-master
set [ find default-name=ether7 ] master-port=ether1-master
set [ find default-name=ether8 ] master-port=ether1-master
set [ find default-name=ether9 ] master-port=ether1-master
set [ find default-name=ether10 ] master-port=ether1-master
set [ find default-name=ether11 ] master-port=ether1-master
set [ find default-name=ether12 ] master-port=ether1-master
set [ find default-name=ether13 ] master-port=ether1-master
set [ find default-name=ether14 ] master-port=ether1-master
set [ find default-name=ether15 ] master-port=ether1-master
set [ find default-name=ether16 ] master-port=ether1-master
set [ find default-name=ether17 ] master-port=ether1-master
set [ find default-name=ether18 ] master-port=ether1-master
set [ find default-name=ether19 ] master-port=ether1-master
set [ find default-name=ether20 ] master-port=ether1-master
set [ find default-name=ether21 ] master-port=ether1-master
set [ find default-name=ether22 ] master-port=ether1-master
set [ find default-name=ether23 ] master-port=ether1-master
set [ find default-name=sfp1 ] master-port=ether1-master
/interface vlan
add interface=ether2 name=ether2-vlan832 vlan-id=832
add interface=ether24 name=ether24-vlan832 vlan-id=832
/ip pool
add name=dhcp_pool1 ranges=192.168.1.30-192.168.1.250
add name=dhcp_pool2 ranges=192.168.99.2
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether1-master lease-time=3d \
    name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=ether24-vlan832 lease-time=\
    3d name=dhcp2
/queue tree
add limit-at=300M max-limit=300M name=subida parent=ether24-vlan832 queue=\
    default
add limit-at=600k max-limit=600k name=subida_pri_1 packet-mark=RTP parent=\
    subida priority=1 queue=default
add limit-at=600k max-limit=600k name=subida_pri_2 packet-mark=SIP parent=\
    subida priority=2 queue=default
add max-limit=306M name=subida_pri_8 packet-mark=no-mark parent=subida queue=\
    default
add limit-at=300M max-limit=300M name=bajada parent=ether1-master queue=\
    default
add limit-at=600k max-limit=600k name=bajada_pri_1 packet-mark=RTP parent=\
    bajada priority=1 queue=default
add limit-at=600k max-limit=600k name=bajada_pri_2 packet-mark=SIP parent=\
    bajada priority=2 queue=default
add max-limit=306M name=bajada_pri_8 packet-mark=no-mark parent=bajada queue=\
    default
/interface ethernet switch port
set 0 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 1 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 2 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 3 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 4 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 5 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 6 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 7 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 8 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 9 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:\
    8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 10 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 11 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 12 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 13 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 14 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 15 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 16 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 17 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 18 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 19 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 20 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 21 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 22 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 23 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 24 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 25 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0\
    :8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
/ip address
add address=192.168.1.1/24 interface=ether1-master network=192.168.1.0

/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether2-vlan832

/ip dhcp-server network
add address=192.168.1.0/24 dns-server=62.36.225.150,62.37.228.20 gateway=\
    192.168.1.1
add address=192.168.99.0/24 gateway=192.168.99.1
/ip firewall filter
add chain=input comment="defconf: accept ICMP" protocol=icmp
add chain=input comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=input comment=\
    "Drop de todo lo que viene desde nuestra WAN" in-interface=ether2-vlan832
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "Drop de todo lo que viene de la WAN que no esta DSTNATed" \
    connection-nat-state=!dstnat connection-state=new in-interface=\
    ether2-vlan832
/ip firewall mangle
add action=mark-connection chain=forward dst-address=192.168.1.246 dst-port=\
    5060 new-connection-mark=sip-connection protocol=tcp
add action=mark-connection chain=forward new-connection-mark=\
    sip-connection-out protocol=tcp src-address=192.168.1.246 src-port=5060
add action=mark-packet chain=forward connection-mark=sip-connection \
    new-packet-mark=SIP
add action=mark-packet chain=forward connection-mark=sip-connection-out \
    new-packet-mark=SIP
add action=mark-connection chain=forward dst-address=192.168.1.246 \
    new-connection-mark=rtp-connection port=10000-20000 protocol=udp
add action=mark-connection chain=forward new-connection-mark=\
    rtp-connection-out port=10000-20000 protocol=udp src-address=\
    192.168.1.246
add action=mark-packet chain=forward connection-mark=rtp-connection \
    new-packet-mark=RTP
add action=mark-packet chain=forward connection-mark=rtp-connection-out \
    new-packet-mark=RTP
add action=change-dscp chain=postrouting new-dscp=46 packet-mark=SIP
add action=change-dscp chain=postrouting new-dscp=46 packet-mark=RTP
add action=set-priority chain=output new-priority=5 out-interface=\
    ether24-vlan832 port=10000-20000 protocol=udp src-address=192.168.1.246
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether2-vlan832

/ip service
set telnet disabled=yes
set www disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Asia/Jakarta
/system routerboard settings
set protected-routerboot=disabled