Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ######################################
- # Правим переменные в начале конфига #
- ######################################
- {
- # имя роутера
- :local ident "TER"
- # номер подсети
- :local thirdoct "9"
- # пароль и пользователь для ovpn
- :local "ovpn_pass" "d67b7fff99"
- :local "ovpn_user" "$ident_ovpn_user"
- # интерфейс с интернетом
- :local "wan_int" "ether1"
- ######################################
- /system identity set name="$ident"
- #disable wifi
- /system package disable wireless
- /system package disable hotspot
- /system package disable ipv6
- /interface list
- remove [find name="WANs"]
- add comment="interfaces to external networks" name=WANs
- #Add WANs list
- /ip firewall address-list
- remove [find list="stm_ips"]
- #add list=stm_ips address=90.188.41.113 comment="okt7 office"
- add list=stm_ips address=90.188.35.190 comment="K56"
- ##add list=stm_ips address=92.124.194.2 comment="okt7 adsl reserv"
- #add list=stm_ips address=92.124.194.78 comment="bks adsl RT"
- #add list=stm_ips address=94.28.60.46 comment="bks enforta"
- #add list=stm_ips address=90.188.41.86 comment="ksk RT"
- #add list=stm_ips address=90.188.62.24 comment="tupoleva RT"
- #add list=stm_ips address=90.188.41.114 comment="gag55 RT"
- #add list=stm_ips address=90.188.43.79 comment="K56 mag"
- #add list=stm_ips address=46.52.247.178 comment="ors Enforta"
- ##add list=stm_ips address=90.188.42.208 comment="bur RT"
- #add list=stm_ips address=195.19.217.13 comment="KF4 MTS"
- # отключаем рекурсивный кеширующий днс на всех портах
- /ip dns
- set allow-remote-requests=no
- set servers=192.168.1.51,8.8.8.8
- /ip dhcp-client disable [find]
- #add new admin user
- #disable default admin
- /user add name=admin_stm group=full password=9c867dede3
- /user set admin disabled=yes
- #Remove reboot and password view from read group
- /user group set read policy=local,telnet,ssh,!reboot,read,test,winbox,password,web,sniff,!sensitive,api,romon,!ftp,!write,!policy,!dude
- #Disable services
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set api disabled=yes
- set api-ssl disabled=yes
- /system clock
- set time-zone-autodetect=no time-zone-name=Asia/Irkutsk
- # Может быть найден и управляться через винбокс
- /tool mac-server disable [find]
- #Настраиваем проты
- /interface bridge remove [find]
- /interface ethernet
- set 0 name=ether1
- set 1 name=ether2
- set 2 name=ether3
- set 3 name=ether4
- set 4 name=ether5
- #Настраиваем адреса
- /ip address
- remove [find address="192.168.88.1/24"]
- add address="192.168.$thirdoct.254/24" interface=ether2
- #только если на удаленной сети есть первая подсеть. (с этим не будет работать маршрут в первую подсеть, который ниже задается)
- #add address="192.168.1.$thirdoct/24" interface=ether1
- #Настройка dhcp
- /ip dhcp-server
- :local ds [find]
- :if ([:len $ds] = 0) do={
- add name="lan-dhcp" interface=ether2 disabled=no
- } else={
- set 0 name="lan-dhcp" interface=ether2
- }
- /ip dhcp-server network
- :local net [find]
- :if ([:len $net] = 0) do={add}
- set 0 address="192.168.$thirdoct.0/24" gateway="192.168.$thirdoct.254" dns-server=192.168.1.51,8.8.8.8 domain=stm.local
- /ip pool
- :local p [find]
- :if ([:len $p] = 0) do={
- add ranges="192.168.$thirdoct.2-192.168.$thirdoct.25"
- } else={
- set 0 ranges="192.168.$thirdoct.2-192.168.$thirdoct.25"
- }
- #Настраиваем тунельные интерфейсы
- /interface ovpn-client
- add cipher=aes256 connect-to=90.188.35.190 name=ovpn-K56 password=$"ovpn_pass" user=$"ovpn_user"
- /ip firewall filter
- add action=accept in-interface=$"wan_int" chain=input comment="input on inet" src-address-list=stm_ips
- #маршрут до офиса через тунель
- /ip route
- add dst-address=192.168.1.0/24 gateway="10.0.$thirdoct.1" distance=1
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
