Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /system reset-configuration no-defaults=yes run-after-reset=flash/vpn-regional-example.1.0.rsc
- # jun/29/2017 22:39:38 by RouterOS 6.34.4
- # software id = NNIT-8400
- #
- /interface bridge
- add auto-mac=yes comment=defconf name=bridge
- /interface ethernet
- set [ find default-name=ether2 ] name=ether2-master
- set [ find default-name=ether3 ] master-port=ether2-master
- set [ find default-name=ether4 ] master-port=ether2-master
- set [ find default-name=ether5 ] master-port=ether2-master
- /interface wireless
- set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce
- country=australia disabled=no distance=indoors frequency=auto mode=
- ap-bridge ssid=Example wireless-protocol=802.11
- set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40mhz-Ce
- country=australia disabled=no distance=indoors frequency=auto mode=
- ap-bridge ssid=Example-5GHz wireless-protocol=802.11
- /ip neighbor discovery
- set ether1 discover=no
- set bridge comment=defconf
- /interface wireless security-profiles
- set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=
- dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=myPassword123
- wpa2-pre-shared-key=myPassword123
- #/ip hotspot profile
- #set [ find default=yes ] html-directory=flash/hotspot
- /ip pool
- add name=dhcp ranges=192.168.89.10-192.168.89.254
- /ip dhcp-server
- add address-pool=dhcp disabled=no interface=bridge name=defconf
- /ppp profile
- add name=ovpn use-encryption=yes
- /interface ovpn-client
- add certificate=vpn_key.pem_0 cipher=aes256 connect-to=vpn.example.org.au
- name=vpn.example.org.au password=
- PNqilt66P5RKoXbPpazq port=443 profile=ovpn user=vpn-regional-example
- /interface bridge port
- add bridge=bridge comment=defconf interface=ether2-master
- add bridge=bridge comment=defconf interface=wlan1
- add bridge=bridge comment=defconf interface=wlan2
- /ip address
- add address=192.168.89.1/24 comment=defconf interface=ether2-master network=
- 192.168.89.0
- /ip dhcp-client
- add comment=defconf dhcp-options=hostname,clientid disabled=no interface=
- ether1
- /ip dhcp-server network
- add address=192.168.89.0/24 comment=defconf gateway=192.168.89.1
- /ip dns
- set allow-remote-requests=yes
- /ip dns static
- add address=192.168.89.1 name=router
- /ip firewall filter
- add chain=input comment="defconf: accept ICMP" protocol=icmp
- add chain=input comment="defconf: accept establieshed,related"
- connection-state=established,related
- add chain=input dst-port=22 log=yes log-prefix="remote-mgmt " protocol=tcp
- src-address=X.X.X.X
- add chain=input dst-port=22 log=yes log-prefix="remote-mgmt " protocol=tcp
- src-address=X.X.X.X
- add chain=input dst-port=22 log=yes log-prefix="remote-mgmt " protocol=tcp
- src-address=X.X.X.X
- add chain=input dst-port=22 log=yes log-prefix="remote-mgmt " protocol=tcp
- src-address=X.X.X.X
- add chain=input dst-port=22 log=yes log-prefix="remote-mgmt " protocol=tcp
- src-address=X.X.X.X
- add chain=input dst-port=22 log=yes log-prefix="remote-mgmt " protocol=tcp
- src-address=X.X.X.X
- add action=drop chain=input comment="defconf: drop all from WAN"
- in-interface=ether1
- add action=fasttrack-connection chain=forward comment="defconf: fasttrack"
- connection-state=established,related
- add chain=forward comment="defconf: accept established,related"
- connection-state=established,related
- add action=drop chain=forward comment="defconf: drop invalid"
- connection-state=invalid
- add action=drop chain=forward comment=
- "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat
- connection-state=new in-interface=ether1
- /ip firewall nat
- add action=masquerade chain=srcnat log=yes out-interface=vpn.example.org.au
- add action=masquerade chain=srcnat comment="defconf: masquerade"
- out-interface=ether1
- /system clock
- set time-zone-name=Australia/Brisbane
- /system identity
- set name=vpn-regional-rockham
- /system ntp client
- set enabled=yes primary-ntp=X.X.X.X secondary-ntp=X.X.X.X
- /system routerboard settings
- set cpu-frequency=650MHz protected-routerboot=disabled
- /tool mac-server
- set [ find default=yes ] disabled=yes
- add interface=bridge
- /tool mac-server mac-winbox
- set [ find default=yes ] disabled=yes
- add interface=bridge
- /tool sniffer
- set filter-interface=vpn.example.org.au
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement