Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /interface bridge
- add arp=proxy-arp name=FullBridge
- /interface list
- add name=WAN
- add name=LAN
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- add authentication-types=wpa2-psk eap-methods="" group-key-update=3m mode=dynamic-keys name=password1 \
- supplicant-identity=""
- /interface wireless
- set [ find default-name=wlan1 ] band=2ghz-onlyn disabled=no mode=ap-bridge security-profile=password1 ssid=\
- Tomsik_2G wps-mode=disabled
- set [ find default-name=wlan2 ] band=5ghz-n/ac disabled=no mode=ap-bridge security-profile=password1 ssid=\
- Tomsik_5G wps-mode=disabled
- /ip pool
- add name=dhcp ranges=10.0.1.20-10.0.1.200
- add name=vpnpool ranges=10.0.1.201-10.0.1.240
- /ip dhcp-server
- add address-pool=dhcp disabled=no interface=FullBridge lease-time=5m name=dhcp1
- /ppp profile
- add bridge=FullBridge change-tcp-mss=yes dns-server=10.0.1.1 interface-list=LAN local-address=10.0.1.253 \
- name=my-l2tp-profile remote-address=vpnpool
- /interface bridge port
- add bridge=FullBridge interface=ether2
- add bridge=FullBridge interface=ether3
- add bridge=FullBridge interface=ether4
- add bridge=FullBridge interface=ether5
- add bridge=FullBridge interface=wlan1
- add bridge=FullBridge interface=wlan2
- /ip neighbor discovery-settings
- set discover-interface-list=!dynamic
- /interface l2tp-server server
- set authentication=mschap1,mschap2 default-profile=my-l2tp-profile enabled=yes use-ipsec=yes
- /interface list member
- add interface=ether1 list=WAN
- add interface=FullBridge list=LAN
- /interface sstp-server server
- set default-profile=default-encryption
- /ip address
- add address=100.71.22.3/24 interface=ether1 network=100.71.22.0
- add address=10.0.1.1/24 interface=FullBridge network=10.0.1.0
- /ip cloud
- set ddns-enabled=yes
- /ip dhcp-client
- add interface=wlan2
- /ip dhcp-server lease
- ommited
- /ip dhcp-server network
- add address=10.0.1.0/24 dns-server=10.100.0.100,10.10.10.10,1.1.1.1 gateway=10.0.1.1 netmask=24
- add address=100.71.22.0/24 gateway=100.71.22.3 netmask=24
- /ip dns
- set servers=10.100.0.100,10.10.10.10,1.1.1.1,8.8.8.8
- /ip firewall filter
- add action=accept chain=input comment="VPN: allow IKE" dst-port=500 in-interface=ether1 protocol=udp
- add action=accept chain=input comment="VPN: allow L2TP" dst-port=1701 in-interface=ether1 protocol=udp
- add action=accept chain=input comment="VPN: allow IPsec NAT-T" dst-port=4500 in-interface=ether1 protocol=\
- udp
- add action=accept chain=input in-interface=ether1 protocol=ipsec-esp
- add action=accept chain=input in-interface=ether1 protocol=ipsec-ah
- /ip firewall nat
- add action=masquerade chain=srcnat out-interface-list=WAN
- /ip route
- add distance=1 gateway=100.71.22.253
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes
- set ssh disabled=yes
- set api disabled=yes
- set api-ssl disabled=yes
- /ppp profile
- set *FFFFFFFE local-address=192.168.89.1 remote-address=*5
- /ppp secret
- add disabled=yes name=vpn
- add name=tomsikr profile=my-l2tp-profile service=l2tp
- /system clock
- set time-zone-name=Europe/Prague
- /system identity
- set name=TomsikrMT
- /system logging
- add prefix="L2TP_LOG ===> " topics=l2tp
- add prefix="IPSEC_LOG ===> " topics=ipsec
Add Comment
Please, Sign In to add comment