API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 5th, 2017
244
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.06 KB | None | 0 0
raw download clone embed print report
  1. /system reset-configuration no-defaults=yes run-after-reset=flash/vpn-regional-example.1.0.rsc
  2.  
  3. # jun/29/2017 22:39:38 by RouterOS 6.34.4
  4. # software id = NNIT-8400
  5. #
  6. /interface bridge
  7. add auto-mac=yes comment=defconf name=bridge
  8. /interface ethernet
  9. set [ find default-name=ether2 ] name=ether2-master
  10. set [ find default-name=ether3 ] master-port=ether2-master
  11. set [ find default-name=ether4 ] master-port=ether2-master
  12. set [ find default-name=ether5 ] master-port=ether2-master
  13. /interface wireless
  14. set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce
  15. country=australia disabled=no distance=indoors frequency=auto mode=
  16. ap-bridge ssid=Example wireless-protocol=802.11
  17. set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40mhz-Ce
  18. country=australia disabled=no distance=indoors frequency=auto mode=
  19. ap-bridge ssid=Example-5GHz wireless-protocol=802.11
  20. /ip neighbor discovery
  21. set ether1 discover=no
  22. set bridge comment=defconf
  23. /interface wireless security-profiles
  24. set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=
  25. dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=myPassword123
  26. wpa2-pre-shared-key=myPassword123
  27. #/ip hotspot profile
  28. #set [ find default=yes ] html-directory=flash/hotspot
  29. /ip pool
  30. add name=dhcp ranges=192.168.89.10-192.168.89.254
  31. /ip dhcp-server
  32. add address-pool=dhcp disabled=no interface=bridge name=defconf
  33. /ppp profile
  34. add name=ovpn use-encryption=yes
  35. /interface ovpn-client
  36. add certificate=vpn_key.pem_0 cipher=aes256 connect-to=vpn.example.org.au
  37. name=vpn.example.org.au password=
  38. PNqilt66P5RKoXbPpazq port=443 profile=ovpn user=vpn-regional-example
  39. /interface bridge port
  40. add bridge=bridge comment=defconf interface=ether2-master
  41. add bridge=bridge comment=defconf interface=wlan1
  42. add bridge=bridge comment=defconf interface=wlan2
  43. /ip address
  44. add address=192.168.89.1/24 comment=defconf interface=ether2-master network=
  45. 192.168.89.0
  46. /ip dhcp-client
  47. add comment=defconf dhcp-options=hostname,clientid disabled=no interface=
  48. ether1
  49. /ip dhcp-server network
  50. add address=192.168.89.0/24 comment=defconf gateway=192.168.89.1
  51. /ip dns
  52. set allow-remote-requests=yes
  53. /ip dns static
  54. add address=192.168.89.1 name=router
  55. /ip firewall filter
  56. add chain=input comment="defconf: accept ICMP" protocol=icmp
  57. add chain=input comment="defconf: accept establieshed,related"
  58. connection-state=established,related
  59. add chain=input dst-port=22 log=yes log-prefix="remote-mgmt " protocol=tcp
  60. src-address=X.X.X.X
  61. add chain=input dst-port=22 log=yes log-prefix="remote-mgmt " protocol=tcp
  62. src-address=X.X.X.X
  63. add chain=input dst-port=22 log=yes log-prefix="remote-mgmt " protocol=tcp
  64. src-address=X.X.X.X
  65. add chain=input dst-port=22 log=yes log-prefix="remote-mgmt " protocol=tcp
  66. src-address=X.X.X.X
  67. add chain=input dst-port=22 log=yes log-prefix="remote-mgmt " protocol=tcp
  68. src-address=X.X.X.X
  69. add chain=input dst-port=22 log=yes log-prefix="remote-mgmt " protocol=tcp
  70. src-address=X.X.X.X
  71. add action=drop chain=input comment="defconf: drop all from WAN"
  72. in-interface=ether1
  73. add action=fasttrack-connection chain=forward comment="defconf: fasttrack"
  74. connection-state=established,related
  75. add chain=forward comment="defconf: accept established,related"
  76. connection-state=established,related
  77. add action=drop chain=forward comment="defconf: drop invalid"
  78. connection-state=invalid
  79. add action=drop chain=forward comment=
  80. "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat
  81. connection-state=new in-interface=ether1
  82. /ip firewall nat
  83. add action=masquerade chain=srcnat log=yes out-interface=vpn.example.org.au
  84. add action=masquerade chain=srcnat comment="defconf: masquerade"
  85. out-interface=ether1
  86. /system clock
  87. set time-zone-name=Australia/Brisbane
  88. /system identity
  89. set name=vpn-regional-rockham
  90. /system ntp client
  91. set enabled=yes primary-ntp=X.X.X.X secondary-ntp=X.X.X.X
  92. /system routerboard settings
  93. set cpu-frequency=650MHz protected-routerboot=disabled
  94. /tool mac-server
  95. set [ find default=yes ] disabled=yes
  96. add interface=bridge
  97. /tool mac-server mac-winbox
  98. set [ find default=yes ] disabled=yes
  99. add interface=bridge
  100. /tool sniffer
  101. set filter-interface=vpn.example.org.au
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!