Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /interface bridge
- add admin-mac=E4:8D:XX:XX:XX:B9 auto-mac=no comment=defconf name=bridge
- add name=bridge-eoip-tunnel1
- add name=bridge-wlan
- add name=loopback
- /interface eoip
- add !keepalive local-address=192.168.99.1 mac-address=02:B1:XX:XX:XX:2F name=\
- eoip-tunnel1 remote-address=192.168.99.2 tunnel-id=10
- /interface list
- add comment=defconf name=WAN
- add comment=defconf name=LAN
- add name=ifl.l2admin
- /ip ipsec mode-config
- add address=192.168.99.2 address-prefix-length=30 name=ike2-gre \
- split-include=192.168.99.1/32 system-dns=no
- /ip ipsec policy group
- add name=ike2-gre
- /ip ipsec profile
- add dh-group=ecp256 enc-algorithm=aes-128 hash-algorithm=md5 name=ike2
- /ip ipsec peer
- add exchange-mode=ike2 name=ike2 passive=yes profile=ike2
- /ip ipsec proposal
- add auth-algorithms=md5 enc-algorithms=des lifetime=1d name=ike2-gre \
- pfs-group=none
- /ip pool
- add name=default-dhcp ranges=192.168.88.10-192.168.88.254
- /ip dhcp-server
- add address-pool=default-dhcp disabled=no interface=bridge lease-time=4w2d \
- name=defconf
- /user group
- set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
- sword,web,sniff,sensitive,api,romon,dude,tikapp"
- /interface bridge port
- add bridge=bridge-eoip-tunnel1 interface=eoip-tunnel1
- add bridge=bridge-eoip-tunnel1 interface=ether4
- add bridge=bridge-eoip-tunnel1 interface=wlan1
- add bridge=bridge-wlan interface=ether2
- add bridge=bridge-wlan interface=ether1
- add bridge=bridge-wlan interface=ether3
- /ip neighbor discovery-settings
- set discover-interface-list=LAN
- /interface list member
- add comment=defconf interface=bridge list=LAN
- add comment=defconf interface=ether1 list=WAN
- add interface=ether3 list=LAN
- add interface=ether2 list=LAN
- /ip address
- add address=192.168.88.1/24 comment=defconf interface=bridge network=\
- 192.168.88.0
- add address=192.168.99.1/30 interface=loopback network=192.168.99.0
- /ip cloud
- set ddns-enabled=yes ddns-update-interval=5m
- /ip dhcp-client
- # DHCP client can not run on slave interface!
- add comment=defconf disabled=no interface=ether1
- /ip dhcp-server config
- set store-leases-disk=never
- /ip dhcp-server network
- add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
- /ip dns
- set allow-remote-requests=yes
- /ip dns static
- add address=192.168.88.1 name=router.lan
- /ip firewall filter
- add action=accept chain=input comment=\
- "defconf: accept established,related,untracked" connection-state=\
- established,related,untracked
- add action=drop chain=input comment="defconf: drop invalid" connection-state=\
- invalid
- add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
- add action=accept chain=forward comment="defconf: accept in ipsec policy" \
- ipsec-policy=in,ipsec
- add action=accept chain=forward comment="defconf: accept out ipsec policy" \
- ipsec-policy=out,ipsec
- add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
- connection-state=established,related
- add action=accept chain=forward comment=\
- "defconf: accept established,related, untracked" connection-state=\
- established,related,untracked
- add action=drop chain=forward comment="defconf: drop invalid" \
- connection-state=invalid
- /ip firewall nat
- add action=masquerade chain=srcnat comment="defconf: masquerade" \
- ipsec-policy=out,none out-interface-list=WAN
- add action=masquerade chain=srcnat out-interface=loopback
- /ip ipsec identity
- add generate-policy=port-strict mode-config=ike2-gre peer=ike2 \
- policy-template-group=ike2-gre
- /ip ipsec policy
- add dst-address=192.168.99.2/32 group=ike2-gre proposal=ike2-gre src-address=\
- 192.168.99.1/32 template=yes
- /ip ssh
- set always-allow-password-login=yes forwarding-enabled=remote
- /system identity
- set name=xxx8
- /system logging
- set 3 action=memory
- /tool bandwidth-server
- set authenticate=no
- /tool graphing
- set store-every=24hours
- /tool mac-server
- set allowed-interface-list=LAN
- /tool mac-server mac-winbox
- set allowed-interface-list=LAN
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement