API tools faq
paste
Advertisement
Guest User

Para Jovan con amor

a guest
Nov 10th, 2018
1,215
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.72 KB | None | 0 0
raw download clone embed print report
  1. # nov/08/2018 17:05:45 by RouterOS 6.43.2
  2. # software id = L97D-TFAL
  3. #
  4. # model = 2011UiAS-2HnD r2
  5. # serial number = 91DE09A8F51D
  6. /interface l2tp-server
  7. add name=l2tp-HighLander79 user=HighLander79
  8. /interface bridge
  9. add arp=proxy-arp name=bridge-local
  10. /interface ethernet
  11. set [ find default-name=ether1 ] comment=WAN name=ether1-gateway speed=\
  12. 100Mbps
  13. set [ find default-name=ether2 ] name=ether2-master-local speed=100Mbps
  14. set [ find default-name=ether3 ] name=ether3-slave-local speed=100Mbps
  15. set [ find default-name=ether4 ] name=ether4-slave-local speed=100Mbps
  16. set [ find default-name=ether5 ] name=ether5-slave-local speed=100Mbps
  17. set [ find default-name=ether6 ] advertise=\
  18. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  19. set [ find default-name=ether7 ] advertise=\
  20. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  21. set [ find default-name=ether8 ] advertise=\
  22. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  23. set [ find default-name=ether9 ] advertise=\
  24. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  25. set [ find default-name=ether10 ] advertise=\
  26. 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  27. /interface pppoe-client
  28. add add-default-route=yes allow=pap,chap disabled=no interface=ether1-gateway \
  29. max-mru=1492 max-mtu=1492 name=pppoe-out1 password=adslppp user=\
  30. adslppp@telefonicanetpa
  31. /interface wireless
  32. set [ find default-name=wlan1 ] bridge-mode=disabled disabled=no mode=\
  33. ap-bridge ssid="Para Jovan con amor" wps-mode=disabled
  34. /interface vlan
  35. add disabled=yes interface=ether1-gateway name=vlan6 vlan-id=6
  36. /interface list
  37. add name=WAN
  38. add name=LAN
  39. /interface wireless security-profiles
  40. set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
  41. dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=mikrotik \
  42. wpa2-pre-shared-key=xxxxxxx
  43. /ip ipsec peer profile
  44. add dh-group=modp1024 enc-algorithm=3des name=profile_1
  45. /ip ipsec policy group
  46. add name=group1
  47. /ip ipsec proposal
  48. set [ find default=yes ] enc-algorithms=3des
  49. add enc-algorithms=aes-256-cbc,aes-256-ctr,aes-128-cbc,aes-128-ctr,3des name=\
  50. proposal1 pfs-group=none
  51. /ip pool
  52. add name=dhcp ranges=192.168.1.201-192.168.1.249
  53. add name=vpn ranges=192.168.2.251-192.168.2.253
  54. /ip dhcp-server
  55. add address-pool=dhcp interface=bridge-local name=dhcp1
  56. /ppp profile
  57. set *FFFFFFFE dns-server=8.8.8.8 local-address=192.168.2.1 remote-address=vpn
  58. /interface bridge port
  59. add bridge=bridge-local hw=no interface=ether2-master-local
  60. add bridge=bridge-local interface=wlan1
  61. add bridge=bridge-local hw=no interface=ether4-slave-local
  62. add bridge=bridge-local hw=no interface=ether5-slave-local
  63. add bridge=bridge-local interface=ether3-slave-local
  64. /interface l2tp-server server
  65. set authentication=mschap1,mschap2 enabled=yes ipsec-secret=tlPc1lv,ylHck \
  66. one-session-per-host=yes use-ipsec=required
  67. /interface list member
  68. add interface=pppoe-out1 list=WAN
  69. add interface=bridge-local list=LAN
  70. add list=LAN
  71. /interface ovpn-server server
  72. set certificate=server-certificate cipher=blowfish128,aes128,aes256 \
  73. require-client-certificate=yes
  74. /interface pppoe-server server
  75. add default-profile=default-encryption interface=bridge-local service-name=\
  76. vpn
  77. /interface pptp-server server
  78. set authentication=mschap2
  79. /interface sstp-server server
  80. set default-profile=default-encryption
  81. /ip address
  82. add address=192.168.1.1/24 interface=ether2-master-local network=192.168.1.0
  83. /ip cloud
  84. set ddns-enabled=yes
  85. /ip dhcp-client
  86. add add-default-route=no dhcp-options=hostname,clientid disabled=no \
  87. use-peer-ntp=no
  88. /ip dhcp-server network
  89. add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 \
  90. netmask=24
  91. /ip dns
  92. set allow-remote-requests=yes servers=1.1.1.1
  93. /ip dns static
  94. add address=192.168.1.1 name=router
  95. /ip firewall address-list
  96. add address=192.168.2.0/24 list="Rango VPN"
  97. add address=0.0.0.0/8 comment=RFC6890 list=NotPublic
  98. add address=10.0.0.0/8 comment=RFC6890 list=NotPublic
  99. add address=100.64.0.0/10 comment=RFC6890 list=NotPublic
  100. add address=127.0.0.0/8 comment=RFC6890 list=NotPublic
  101. add address=169.254.0.0/16 comment=RFC6890 list=NotPublic
  102. add address=172.16.0.0/12 comment=RFC6890 list=NotPublic
  103. add address=192.0.0.0/24 comment=RFC6890 list=NotPublic
  104. add address=192.0.2.0/24 comment=RFC6890 list=NotPublic
  105. add address=192.168.0.0/16 comment=RFC6890 list=NotPublic
  106. add address=192.88.99.0/24 comment=RFC3068 list=NotPublic
  107. add address=198.18.0.0/15 comment=RFC6890 list=NotPublic
  108. add address=198.51.100.0/24 comment=RFC6890 list=NotPublic
  109. add address=203.0.113.0/24 comment=RFC6890 list=NotPublic
  110. add address=224.0.0.0/4 comment=RFC4601 list=NotPublic
  111. add address=240.0.0.0/4 comment=RFC6890 list=NotPublic
  112. /ip firewall filter
  113. add action=fasttrack-connection chain=forward comment="Videogaems :D" \
  114. connection-state=established,related
  115. add action=accept chain=forward connection-state=established,related
  116. add action=accept chain=forward comment=Intenneeeeeeeeeeeeee in-interface=\
  117. bridge-local out-interface=pppoe-out1
  118. # l2tp-HighLander79 not ready
  119. add action=accept chain=forward comment="Visibilidad VPN <-> LAN" \
  120. connection-state="" in-interface=l2tp-HighLander79 out-interface=\
  121. bridge-local
  122. add action=accept chain=input comment=L2TP/IPSEC dst-port=500,1701,4500 \
  123. protocol=udp
  124. add action=log chain=forward comment="Log drop forward" disabled=yes log=yes \
  125. log-prefix="ip filter forward:"
  126. add action=drop chain=forward src-address-list=!Whitelist
  127. add action=accept chain=input comment="Accept input VPN - BORRAR" disabled=\
  128. yes in-interface=all-ppp
  129. add action=accept chain=input comment="Accept input LAN" in-interface=\
  130. bridge-local src-address=192.168.1.37
  131. add action=accept chain=input comment="Accept input RELATED" \
  132. connection-state=established,related in-interface=pppoe-out1
  133. add action=drop chain=input comment=DROP-DE-TODO-WAN
  134. add action=accept chain=output disabled=yes dst-address=192.168.1.37
  135. add action=accept chain=output disabled=yes log=yes
  136. /ip firewall mangle
  137. # no interface
  138. add action=set-priority chain=postrouting new-priority=4 out-interface=*E \
  139. passthrough=yes
  140. add action=set-priority chain=postrouting new-priority=1 out-interface=\
  141. pppoe-out1 passthrough=yes
  142. /ip firewall nat
  143. add action=masquerade chain=srcnat comment=NAT-LAN out-interface=pppoe-out1
  144. /ip ipsec peer
  145. add address=0.0.0.0/0 exchange-mode=main-l2tp generate-policy=port-override \
  146. passive=yes policy-template-group=group1 profile=profile_1 secret=\
  147. tlPc1lv,ylHck send-initial-contact=no
  148. /ip ipsec policy
  149. set 0 group=group1
  150. add disabled=yes dst-address=0.0.0.0/0 group=group1 src-address=0.0.0.0/0 \
  151. template=yes
  152. /ip route
  153. add disabled=yes distance=255 gateway=192.168.0.1
  154. add disabled=yes distance=1 dst-address=192.168.0.1/32 gateway=pppoe-out1
  155. add disabled=yes distance=1 dst-address=192.168.1.0/24 gateway=\
  156. ether2-master-local
  157. /ip service
  158. set telnet disabled=yes
  159. set ftp disabled=yes
  160. set www disabled=yes
  161. set ssh disabled=yes
  162. set api disabled=yes
  163. set api-ssl disabled=yes
  164. /ip upnp
  165. set enabled=yes
  166. /ip upnp interfaces
  167. add interface=bridge-local type=internal
  168. add interface=pppoe-out1 type=external
  169. add disabled=yes interface=ether2-master-local type=internal
  170. /lcd
  171. set time-interval=hour
  172. /lcd interface pages
  173. set 0 interfaces=wlan1
  174. /routing rip interface
  175. add disabled=yes passive=yes receive=v2
  176. /routing rip network
  177. add network=10.0.0.0/8
  178. /system clock
  179. set time-zone-autodetect=no time-zone-name=Europe/Madrid
  180. /system identity
  181. set name=custodes
  182. /system logging
  183. add topics=critical
  184. /system ntp client
  185. set enabled=yes primary-ntp=163.117.202.33 secondary-ntp=89.248.104.162
  186. /system routerboard settings
  187. set auto-upgrade=yes silent-boot=no
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!