Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # nov/08/2018 17:05:45 by RouterOS 6.43.2
- # software id = L97D-TFAL
- #
- # model = 2011UiAS-2HnD r2
- # serial number = 91DE09A8F51D
- /interface l2tp-server
- add name=l2tp-HighLander79 user=HighLander79
- /interface bridge
- add arp=proxy-arp name=bridge-local
- /interface ethernet
- set [ find default-name=ether1 ] comment=WAN name=ether1-gateway speed=\
- 100Mbps
- set [ find default-name=ether2 ] name=ether2-master-local speed=100Mbps
- set [ find default-name=ether3 ] name=ether3-slave-local speed=100Mbps
- set [ find default-name=ether4 ] name=ether4-slave-local speed=100Mbps
- set [ find default-name=ether5 ] name=ether5-slave-local speed=100Mbps
- set [ find default-name=ether6 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- set [ find default-name=ether7 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- set [ find default-name=ether8 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- set [ find default-name=ether9 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- set [ find default-name=ether10 ] advertise=\
- 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
- /interface pppoe-client
- add add-default-route=yes allow=pap,chap disabled=no interface=ether1-gateway \
- max-mru=1492 max-mtu=1492 name=pppoe-out1 password=adslppp user=\
- adslppp@telefonicanetpa
- /interface wireless
- set [ find default-name=wlan1 ] bridge-mode=disabled disabled=no mode=\
- ap-bridge ssid="Para Jovan con amor" wps-mode=disabled
- /interface vlan
- add disabled=yes interface=ether1-gateway name=vlan6 vlan-id=6
- /interface list
- add name=WAN
- add name=LAN
- /interface wireless security-profiles
- set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
- dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=mikrotik \
- wpa2-pre-shared-key=xxxxxxx
- /ip ipsec peer profile
- add dh-group=modp1024 enc-algorithm=3des name=profile_1
- /ip ipsec policy group
- add name=group1
- /ip ipsec proposal
- set [ find default=yes ] enc-algorithms=3des
- add enc-algorithms=aes-256-cbc,aes-256-ctr,aes-128-cbc,aes-128-ctr,3des name=\
- proposal1 pfs-group=none
- /ip pool
- add name=dhcp ranges=192.168.1.201-192.168.1.249
- add name=vpn ranges=192.168.2.251-192.168.2.253
- /ip dhcp-server
- add address-pool=dhcp interface=bridge-local name=dhcp1
- /ppp profile
- set *FFFFFFFE dns-server=8.8.8.8 local-address=192.168.2.1 remote-address=vpn
- /interface bridge port
- add bridge=bridge-local hw=no interface=ether2-master-local
- add bridge=bridge-local interface=wlan1
- add bridge=bridge-local hw=no interface=ether4-slave-local
- add bridge=bridge-local hw=no interface=ether5-slave-local
- add bridge=bridge-local interface=ether3-slave-local
- /interface l2tp-server server
- set authentication=mschap1,mschap2 enabled=yes ipsec-secret=tlPc1lv,ylHck \
- one-session-per-host=yes use-ipsec=required
- /interface list member
- add interface=pppoe-out1 list=WAN
- add interface=bridge-local list=LAN
- add list=LAN
- /interface ovpn-server server
- set certificate=server-certificate cipher=blowfish128,aes128,aes256 \
- require-client-certificate=yes
- /interface pppoe-server server
- add default-profile=default-encryption interface=bridge-local service-name=\
- vpn
- /interface pptp-server server
- set authentication=mschap2
- /interface sstp-server server
- set default-profile=default-encryption
- /ip address
- add address=192.168.1.1/24 interface=ether2-master-local network=192.168.1.0
- /ip cloud
- set ddns-enabled=yes
- /ip dhcp-client
- add add-default-route=no dhcp-options=hostname,clientid disabled=no \
- use-peer-ntp=no
- /ip dhcp-server network
- add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 \
- netmask=24
- /ip dns
- set allow-remote-requests=yes servers=1.1.1.1
- /ip dns static
- add address=192.168.1.1 name=router
- /ip firewall address-list
- add address=192.168.2.0/24 list="Rango VPN"
- add address=0.0.0.0/8 comment=RFC6890 list=NotPublic
- add address=10.0.0.0/8 comment=RFC6890 list=NotPublic
- add address=100.64.0.0/10 comment=RFC6890 list=NotPublic
- add address=127.0.0.0/8 comment=RFC6890 list=NotPublic
- add address=169.254.0.0/16 comment=RFC6890 list=NotPublic
- add address=172.16.0.0/12 comment=RFC6890 list=NotPublic
- add address=192.0.0.0/24 comment=RFC6890 list=NotPublic
- add address=192.0.2.0/24 comment=RFC6890 list=NotPublic
- add address=192.168.0.0/16 comment=RFC6890 list=NotPublic
- add address=192.88.99.0/24 comment=RFC3068 list=NotPublic
- add address=198.18.0.0/15 comment=RFC6890 list=NotPublic
- add address=198.51.100.0/24 comment=RFC6890 list=NotPublic
- add address=203.0.113.0/24 comment=RFC6890 list=NotPublic
- add address=224.0.0.0/4 comment=RFC4601 list=NotPublic
- add address=240.0.0.0/4 comment=RFC6890 list=NotPublic
- /ip firewall filter
- add action=fasttrack-connection chain=forward comment="Videogaems :D" \
- connection-state=established,related
- add action=accept chain=forward connection-state=established,related
- add action=accept chain=forward comment=Intenneeeeeeeeeeeeee in-interface=\
- bridge-local out-interface=pppoe-out1
- # l2tp-HighLander79 not ready
- add action=accept chain=forward comment="Visibilidad VPN <-> LAN" \
- connection-state="" in-interface=l2tp-HighLander79 out-interface=\
- bridge-local
- add action=accept chain=input comment=L2TP/IPSEC dst-port=500,1701,4500 \
- protocol=udp
- add action=log chain=forward comment="Log drop forward" disabled=yes log=yes \
- log-prefix="ip filter forward:"
- add action=drop chain=forward src-address-list=!Whitelist
- add action=accept chain=input comment="Accept input VPN - BORRAR" disabled=\
- yes in-interface=all-ppp
- add action=accept chain=input comment="Accept input LAN" in-interface=\
- bridge-local src-address=192.168.1.37
- add action=accept chain=input comment="Accept input RELATED" \
- connection-state=established,related in-interface=pppoe-out1
- add action=drop chain=input comment=DROP-DE-TODO-WAN
- add action=accept chain=output disabled=yes dst-address=192.168.1.37
- add action=accept chain=output disabled=yes log=yes
- /ip firewall mangle
- # no interface
- add action=set-priority chain=postrouting new-priority=4 out-interface=*E \
- passthrough=yes
- add action=set-priority chain=postrouting new-priority=1 out-interface=\
- pppoe-out1 passthrough=yes
- /ip firewall nat
- add action=masquerade chain=srcnat comment=NAT-LAN out-interface=pppoe-out1
- /ip ipsec peer
- add address=0.0.0.0/0 exchange-mode=main-l2tp generate-policy=port-override \
- passive=yes policy-template-group=group1 profile=profile_1 secret=\
- tlPc1lv,ylHck send-initial-contact=no
- /ip ipsec policy
- set 0 group=group1
- add disabled=yes dst-address=0.0.0.0/0 group=group1 src-address=0.0.0.0/0 \
- template=yes
- /ip route
- add disabled=yes distance=255 gateway=192.168.0.1
- add disabled=yes distance=1 dst-address=192.168.0.1/32 gateway=pppoe-out1
- add disabled=yes distance=1 dst-address=192.168.1.0/24 gateway=\
- ether2-master-local
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes
- set ssh disabled=yes
- set api disabled=yes
- set api-ssl disabled=yes
- /ip upnp
- set enabled=yes
- /ip upnp interfaces
- add interface=bridge-local type=internal
- add interface=pppoe-out1 type=external
- add disabled=yes interface=ether2-master-local type=internal
- /lcd
- set time-interval=hour
- /lcd interface pages
- set 0 interfaces=wlan1
- /routing rip interface
- add disabled=yes passive=yes receive=v2
- /routing rip network
- add network=10.0.0.0/8
- /system clock
- set time-zone-autodetect=no time-zone-name=Europe/Madrid
- /system identity
- set name=custodes
- /system logging
- add topics=critical
- /system ntp client
- set enabled=yes primary-ntp=163.117.202.33 secondary-ntp=89.248.104.162
- /system routerboard settings
- set auto-upgrade=yes silent-boot=no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement