dustojnikhummer

Untitled

Jul 28th, 2021 (edited)
25
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /interface bridge
  2. add arp=proxy-arp name=FullBridge
  3. /interface list
  4. add name=WAN
  5. add name=LAN
  6. /interface wireless security-profiles
  7. set [ find default=yes ] supplicant-identity=MikroTik
  8. add authentication-types=wpa2-psk eap-methods="" group-key-update=3m mode=dynamic-keys name=password1 \
  9. supplicant-identity=""
  10. /interface wireless
  11. set [ find default-name=wlan1 ] band=2ghz-onlyn disabled=no mode=ap-bridge security-profile=password1 ssid=\
  12. Tomsik_2G wps-mode=disabled
  13. set [ find default-name=wlan2 ] band=5ghz-n/ac disabled=no mode=ap-bridge security-profile=password1 ssid=\
  14. Tomsik_5G wps-mode=disabled
  15. /ip pool
  16. add name=dhcp ranges=10.0.1.20-10.0.1.200
  17. add name=vpnpool ranges=10.0.1.201-10.0.1.240
  18. /ip dhcp-server
  19. add address-pool=dhcp disabled=no interface=FullBridge lease-time=5m name=dhcp1
  20. /ppp profile
  21. add bridge=FullBridge change-tcp-mss=yes dns-server=10.0.1.1 interface-list=LAN local-address=10.0.1.253 \
  22. name=my-l2tp-profile remote-address=vpnpool
  23. /interface bridge port
  24. add bridge=FullBridge interface=ether2
  25. add bridge=FullBridge interface=ether3
  26. add bridge=FullBridge interface=ether4
  27. add bridge=FullBridge interface=ether5
  28. add bridge=FullBridge interface=wlan1
  29. add bridge=FullBridge interface=wlan2
  30. /ip neighbor discovery-settings
  31. set discover-interface-list=!dynamic
  32. /interface l2tp-server server
  33. set authentication=mschap1,mschap2 default-profile=my-l2tp-profile enabled=yes use-ipsec=yes
  34. /interface list member
  35. add interface=ether1 list=WAN
  36. add interface=FullBridge list=LAN
  37. /interface sstp-server server
  38. set default-profile=default-encryption
  39. /ip address
  40. add address=100.71.22.3/24 interface=ether1 network=100.71.22.0
  41. add address=10.0.1.1/24 interface=FullBridge network=10.0.1.0
  42. /ip cloud
  43. set ddns-enabled=yes
  44. /ip dhcp-client
  45. add interface=wlan2
  46. /ip dhcp-server lease
  47. ommited
  48. /ip dhcp-server network
  49. add address=10.0.1.0/24 dns-server=10.100.0.100,10.10.10.10,1.1.1.1 gateway=10.0.1.1 netmask=24
  50. add address=100.71.22.0/24 gateway=100.71.22.3 netmask=24
  51. /ip dns
  52. set servers=10.100.0.100,10.10.10.10,1.1.1.1,8.8.8.8
  53. /ip firewall filter
  54. add action=accept chain=input comment="VPN: allow IKE" dst-port=500 in-interface=ether1 protocol=udp
  55. add action=accept chain=input comment="VPN: allow L2TP" dst-port=1701 in-interface=ether1 protocol=udp
  56. add action=accept chain=input comment="VPN: allow IPsec NAT-T" dst-port=4500 in-interface=ether1 protocol=\
  57. udp
  58. add action=accept chain=input in-interface=ether1 protocol=ipsec-esp
  59. add action=accept chain=input in-interface=ether1 protocol=ipsec-ah
  60. /ip firewall nat
  61. add action=masquerade chain=srcnat out-interface-list=WAN
  62. /ip route
  63. add distance=1 gateway=100.71.22.253
  64. /ip service
  65. set telnet disabled=yes
  66. set ftp disabled=yes
  67. set www disabled=yes
  68. set ssh disabled=yes
  69. set api disabled=yes
  70. set api-ssl disabled=yes
  71. /ppp profile
  72. set *FFFFFFFE local-address=192.168.89.1 remote-address=*5
  73. /ppp secret
  74. add disabled=yes name=vpn
  75. add name=tomsikr profile=my-l2tp-profile service=l2tp
  76. /system clock
  77. set time-zone-name=Europe/Prague
  78. /system identity
  79. set name=TomsikrMT
  80. /system logging
  81. add prefix="L2TP_LOG ===> " topics=l2tp
  82. add prefix="IPSEC_LOG ===> " topics=ipsec
  83.  
RAW Paste Data Copied