rub

# aug/22/2019 15:21:26 by RouterOS 6.45.3
# model = RB750Gr3
/interface bridge add comment="Local Rubtsovsk" name=bridge1
/interface ethernet set [ find default-name=ether1 ] comment="Inet UGMK" speed=100Mbps
/interface ethernet set [ find default-name=ether2 ] comment=LAN speed=100Mbps
/interface ethernet set [ find default-name=ether3 ] speed=100Mbps
/interface ethernet set [ find default-name=ether4 ] speed=100Mbps
/interface ethernet set [ find default-name=ether5 ] speed=100Mbps
/interface gre add comment=Rub-Mam name=gre-rub remote-address=**********
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec policy group add name=groupfil
/ip ipsec profile add dh-group=modp1024 enc-algorithm=aes-128 name=profile-rub-mam nat-traversal=no
/ip ipsec peer add address=192.168.84.1/32 comment="Rub - Mam" name=peer1 profile=profile-rub-mam
/ip ipsec proposal add enc-algorithms=aes-256-cbc,aes-192-cbc name="proposal rub-mam"
/ip pool add name=dhcp_pool0 ranges=192.168.15.200-192.168.15.254
/ip dhcp-server add address-pool=dhcp_pool0 disabled=no interface=bridge1 lease-time=1d name=dhcp1
/interface bridge port add bridge=bridge1 comment="Local Rubtsovsk" interface=ether2
/interface bridge port add bridge=bridge1 comment="Local Rubtsovsk" interface=ether3
/interface bridge port add bridge=bridge1 comment="Local Rubtsovsk" interface=ether4
/interface bridge port add bridge=bridge1 comment="Local Rubtsovsk Phone" interface=ether5
/ip address add address=*******/27 comment="UGMK INET" interface=ether1 network=********
/ip address add address=192.168.15.1/24 comment="Local Rubtsovsk" interface=bridge1 network=192.168.15.0
/ip address add address=192.168.84.2/30 comment="GRE Tunnel VPN" interface=gre-rub network=192.168.84.0
/ip dhcp-server network add address=192.168.15.0/24 dns-server=192.168.15.1 gateway=192.168.15.1
/ip dns set allow-remote-requests=yes servers=77.88.8.88,77.88.8.2
/ip firewall filter add action=accept chain=input comment="Established / Related" connection-state=established,related
/ip firewall filter add action=accept chain=forward connection-state=established,related
/ip firewall filter add action=drop chain=input comment=Invalid connection-state=invalid in-interface=ether1
/ip firewall filter add action=drop chain=forward connection-state=invalid in-interface=ether1
/ip firewall filter add action=accept chain=input comment=WinBox dst-port=8436 in-interface=ether1 protocol=tcp src-address=*********
/ip firewall filter add action=drop chain=input comment=Drop in-interface=ether1
/ip firewall filter add action=drop chain=forward connection-nat-state=!dstnat in-interface=ether1
/ip firewall nat add action=masquerade chain=srcnat comment="Inet UGMK" out-interface=ether1
/ip ipsec identity add comment="Rub - Mam" peer=peer1 policy-template-group=groupfil secret=*********
/ip ipsec policy add comment="Rub - Mam" dst-address=192.168.84.1/32 peer=peer1 proposal="proposal rub-mam" sa-dst-address=192.168.84.1 sa-src-address=0.0.0.0 src-address=192.168.84.2/32 tunnel=yes
/ip route add comment="UGMK INET" distance=1 gateway=**********
/ip route add comment="GRE Tunnel VPN - Mam" distance=1 dst-address=192.168.10.0/24 gateway=192.168.84.1 pref-src=192.168.15.1
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set www disabled=yes
/ip service set ssh disabled=yes
/ip service set api disabled=yes
/ip service set api-ssl disabled=yes
/ip ssh set forwarding-enabled=remote
/system clock set time-zone-autodetect=no time-zone-name=Asia/Barnaul
/system identity set name=Rub
/system resource irq rps set ether1 disabled=no
/system resource irq rps set ether2 disabled=no
/system resource irq rps set ether3 disabled=no
/system resource irq rps set ether4 disabled=no
/system resource irq rps set ether5 disabled=no