Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /interface bridge
- add fast-forward=no name=Lo
- /interface l2tp-client
- add allow=mschap1,mschap2 connect-to=195.181.208.75 disabled=no max-mru=1500 \
- max-mtu=1500 mrru=1600 name=MARA use-ipsec=yes user=GABAZITA
- /ip pool
- add name=L2TP ranges=172.16.121.2-172.16.121.254
- /ppp profile
- add local-address=172.16.121.1 name=L2TP remote-address=L2TP
- /routing bgp instance
- set default as=65531 router-id=100.100.100.2
- /routing ospf instance
- set [ find default=yes ] router-id=100.100.100.2
- /user group
- set read policy="local,telnet,read,test,winbox,!ssh,!ftp,!reboot,!write,!polic\
- y,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp"
- /ip neighbor discovery-settings
- set discover-interface-list=all
- /interface l2tp-server server
- set authentication=mschap1,mschap2 default-profile=L2TP enabled=yes max-mru=\
- 1500 max-mtu=1500 mrru=1600
- /ip address
- add address=80.211.23.155/24 interface=ether1 network=80.211.23.0
- add address=100.100.100.2 interface=Lo network=100.100.100.2
- /ip dhcp-client
- add disabled=no interface=ether2
- /ip dns
- set cache-max-ttl=1d servers=8.8.8.8
- /ip firewall filter
- add action=add-src-to-address-list address-list=SCANPROXY \
- address-list-timeout=none-dynamic chain=input connection-state=new \
- dst-port=1080,8080,8081 in-interface=ether1 protocol=tcp
- add action=drop chain=input in-interface=ether1 src-address-list=SCANPROXY
- add action=accept chain=input connection-state=established,related,untracked
- add action=accept chain=input dst-port=646 in-interface=all-ppp protocol=tcp
- add action=accept chain=input dst-port=179 protocol=tcp
- add action=jump chain=input jump-target=icmp protocol=icmp
- add action=accept chain=input comment=Admin connection-state=new \
- src-address-list=Admin
- add action=accept chain=input connection-state=new dst-port=8291 log=yes \
- protocol=tcp
- add action=accept chain=input connection-state=new dst-port=1701,500,4500 \
- protocol=udp
- add action=accept chain=input connection-state=new protocol=ipsec-esp
- add action=accept chain=input connection-state=new in-interface=all-ppp \
- protocol=ospf
- add action=accept chain=input connection-state=new in-interface=all-ppp
- add action=drop chain=input
- add action=accept chain=forward connection-state=established,related
- add action=jump chain=forward jump-target=icmp protocol=icmp
- add action=accept chain=forward connection-state=new in-interface=all-ppp \
- out-interface=ether1
- add action=accept chain=forward connection-state=new in-interface=all-ppp
- add action=accept chain=forward connection-nat-state=dstnat
- add action=drop chain=forward
- add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=\
- icmp
- add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 \
- protocol=icmp
- add action=accept chain=icmp comment="host unreachable" icmp-options=3:1 \
- protocol=icmp
- add action=accept chain=icmp comment=\
- "host unreachable fragmentation required" icmp-options=3:4 protocol=icmp
- add action=accept chain=icmp comment="allow source quench" icmp-options=4:0 \
- protocol=icmp
- add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 \
- protocol=icmp
- add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 \
- protocol=icmp
- add action=accept chain=icmp icmp-options=12:0 protocol=icmp
- add action=drop chain=icmp comment="deny all other types"
- /ip firewall nat
- add action=masquerade chain=srcnat out-interface=ether1
- /ip firewall service-port
- set ftp disabled=yes
- set tftp disabled=yes
- set irc disabled=yes
- set h323 disabled=yes
- set sip disabled=yes
- set pptp disabled=yes
- set udplite disabled=yes
- set dccp disabled=yes
- set sctp disabled=yes
- /ip ipsec peer
- add address=0.0.0.0/0 dh-group=modp1024 enc-algorithm=aes-256,aes-128 \
- exchange-mode=main-l2tp generate-policy=port-override passive=yes \
- send-initial-contact=no
- /ip route
- add distance=1 gateway=80.211.23.1
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes
- set ssh disabled=yes
- set api disabled=yes
- set api-ssl disabled=yes
- /mpls ldp
- set enabled=yes lsr-id=100.100.100.2 transport-address=100.100.100.2
- /mpls ldp interface
- add interface=MARA
- /ppp secret
- add name=test profile=L2TP service=l2tp
- add name=ppp1 profile=L2TP service=l2tp
- /routing bgp instance vrf
- add redistribute-connected=yes redistribute-static=yes routing-mark=GABAZITA
- /routing bgp peer
- add address-families=ip,l2vpn,vpnv4 multihop=yes name=MARA remote-address=\
- 100.100.100.100 remote-as=65530 remove-private-as=yes route-reflect=yes \
- ttl=default update-source=Lo
- /routing ospf network
- add area=backbone network=100.100.100.2/32
- add area=backbone network=172.16.120.0/24
- add area=backbone network=172.16.121.0/24
- /system identity
- set name=GABAZITA
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement