! $$$ Model: ZyXEL Keenetic Ultra II! $$$ Version: 2.06.1! $$$ Agent: http/r

1. ! $$$ Model: ZyXEL Keenetic Ultra II
2. ! $$$ Version: 2.06.1
3. ! $$$ Agent: http/rci
4. ! $$$ Last change: Tue, 28 Jan 2020 17:32:31 GMT
5. ! $$$ Md5 checksum: 11c7ab5858ae8b9001a0e68d500e7fa7
6.  
7. system
8. set net.ipv4.ip_forward 1
9. set net.ipv4.tcp_fin_timeout 30
10. set net.ipv4.tcp_keepalive_time 120
11. set vm.swappiness 100
12. set dev.usb.force_usb2 1
13. set net.ipv6.conf.all.forwarding 1
14. clock timezone Europe/Moscow
15. domainname WORKGROUP
16. hostname fox
17. !
18. ntp server 0.pool.ntp.org
19. ntp server 1.pool.ntp.org
20. ntp server 2.pool.ntp.org
21. ntp server 3.pool.ntp.org
22. known host DESKTOP
23. known host Air
24. known host MacAir
25. known host bridge
26. known host NAS
27. known host tvbox
28. known host Galaxy
29. known host iPad
30. known host Galaxy
31. known host HTC
32. known host alice
33. access-list _WEBADMIN_L2TP0
34. !
35. access-list _WEBADMIN_PPPoE0
36. deny udp 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 port eq 53
37. !
38. isolate-private
39. user admin
40. password md5
41. password nt
42. tag cli
43. tag http
44. tag opt
45. tag ftp
46. tag cifs
47. tag printers
48. !
49. dyndns profile _WEBADMIN
50. type noip
51. domain *.myftp.org
52. username *
53. password *
54. !
55. interface GigabitEthernet0
56. up
57. !
58. interface GigabitEthernet0/0
59. rename 1
60. switchport mode access
61. switchport access vlan 1
62. up
63. !
64. interface GigabitEthernet0/1
65. rename 2
66. switchport mode access
67. switchport access vlan 1
68. up
69. !
70. interface GigabitEthernet0/2
71. rename 3
72. switchport mode access
73. switchport access vlan 1
74. up
75. !
76. interface GigabitEthernet0/3
77. rename 4
78. switchport mode access
79. switchport access vlan 1
80. up
81. !
82. interface GigabitEthernet0/4
83. rename 5
84. switchport mode access
85. switchport access vlan 1
86. up
87. !
88. interface GigabitEthernet0/5
89. rename 6
90. switchport mode access
91. switchport access vlan 1
92. up
93. !
94. interface GigabitEthernet0/6
95. rename 7
96. switchport mode access
97. switchport access vlan 1
98. up
99. !
100. interface GigabitEthernet0/Vlan1
101. description "Home VLAN"
102. security-level private
103. ip dhcp client dns-routes
104. ip dhcp client name-servers
105. up
106. !
107. interface GigabitEthernet1
108. rename ISP
109. description RT
110. mac address factory wan
111. security-level public
112. ip address dhcp
113. ip dhcp client hostname fox
114. ip dhcp client dns-routes
115. ip dhcp client name-servers
116. ip mtu 1500
117. ip adjust-ttl inc 1
118. up
119. !
120. interface GigabitEthernet1/0
121. rename 0
122. up
123. !
124. interface WifiMaster0
125. country-code US
126. compatibility BGN
127. channel 8
128. channel width 40-below
129. tx-burst
130. rekey-interval 3600
131. up
132. !
133. interface WifiMaster0/AccessPoint0
134. rename AccessPoint
135. description "Wi-Fi access point"
136. mac access-list type none
137. security-level private
138. authentication wpa-psk *
139. encryption key 1 * default
140. encryption enable
141. encryption wpa2
142. ip dhcp client dns-routes
143. ip dhcp client name-servers
144. ssid *
145. wmm
146. up
147. !
148. interface WifiMaster0/AccessPoint1
149. rename GuestWiFi
150. description "Guest access point"
151. traffic-shape rate 5000
152. mac access-list type none
153. security-level protected
154. ip address 10.1.30.1 255.255.255.0
155. ip dhcp client dns-routes
156. ip dhcp client name-servers
157. ssid Guest
158. wmm
159. down
160. !
161. interface WifiMaster0/AccessPoint2
162. mac access-list type none
163. security-level private
164. ip dhcp client dns-routes
165. ip dhcp client name-servers
166. down
167. !
168. interface WifiMaster0/AccessPoint3
169. mac access-list type none
170. security-level private
171. ip dhcp client dns-routes
172. ip dhcp client name-servers
173. down
174. !
175. interface WifiMaster0/WifiStation0
176. security-level public
177. encryption disable
178. ip address dhcp
179. ip dhcp client dns-routes
180. ip dhcp client name-servers
181. down
182. !
183. interface WifiMaster1
184. country-code US
185. compatibility AN+AC
186. channel width 40-above/80
187. channel auto-rescan 00:00 interval 6
188. tx-burst
189. rekey-interval 3600
190. no band-steering
191. up
192. !
193. interface WifiMaster1/AccessPoint0
194. rename AccessPoint_5G
195. description "5Ghz Wi-Fi access point"
196. mac access-list type none
197. security-level private
198. authentication wpa-psk *
199. encryption enable
200. encryption wpa2
201. ip dhcp client dns-routes
202. ip dhcp client name-servers
203. ssid *
204. wmm
205. up
206. !
207. interface WifiMaster1/AccessPoint1
208. mac access-list type none
209. security-level private
210. ip dhcp client dns-routes
211. ip dhcp client name-servers
212. down
213. !
214. interface WifiMaster1/AccessPoint2
215. mac access-list type none
216. security-level private
217. ip dhcp client dns-routes
218. ip dhcp client name-servers
219. down
220. !
221. interface WifiMaster1/AccessPoint3
222. mac access-list type none
223. security-level private
224. ip dhcp client dns-routes
225. ip dhcp client name-servers
226. down
227. !
228. interface WifiMaster1/WifiStation0
229. security-level public
230. encryption disable
231. ip address dhcp
232. ip dhcp client dns-routes
233. ip dhcp client name-servers
234. down
235. !
236. interface Bridge0
237. rename Home
238. description "Home VLAN"
239. inherit GigabitEthernet0/Vlan1
240. include AccessPoint
241. include AccessPoint_5G
242. mac access-list type none
243. security-level private
244. ip address 192.168.1.1 255.255.255.0
245. ip dhcp client dns-routes
246. ip dhcp client name-servers
247. up
248. !
249. interface PPPoE0
250. description RT
251. role inet
252. dyndns profile _WEBADMIN
253. ipv6cp
254. lcp echo 30 3
255. ipcp default-route
256. ipcp no name-servers
257. ipcp dns-routes
258. no ccp
259. security-level public
260. authentication identity *
261. authentication password *
262. ip mtu 1492
263. ip access-group _WEBADMIN_PPPoE0 in
264. ip global 65526
265. ip tcp adjust-mss pmtu
266. igmp upstream
267. ipv6 address auto
268. ipv6 prefix auto
269. ipv6 name-servers auto
270. connect via ISP
271. up
272. bandwidth-limit 97280
273. !
274. interface PPPoE1
275. description S*
276. no ipv6cp
277. lcp echo 30 3
278. ipcp default-route
279. ipcp name-servers
280. ipcp dns-routes
281. no ccp
282. security-level public
283. authentication identity *
284. authentication password *
285. ip mtu 1492
286. ip global 65520
287. ip tcp adjust-mss pmtu
288. no connect via ISP
289. down
290. bandwidth-limit 97280
291. !
292. interface OpenVPN0
293. description A*
294. role misc
295. security-level public
296. ip dhcp client dns-routes
297. ip dhcp client name-servers
298. ip global 65522
299. ip tcp adjust-mss pmtu
300. openvpn accept-routes
301. openvpn connect via PPPoE0
302. down
303. !
304. interface Wireguard0
305. description WireGuard
306. security-level public
307. ip address 10.8.1.2 255.255.255.0
308. ip mtu 1420
309. ip global 65518
310. ip tcp adjust-mss pmtu
311. wireguard peer *
312. endpoint *
313. keepalive-interval 10
314. allow-ips 0.0.0.0 0.0.0.0
315. !
316. up
317. !
318. ip dhcp pool _WEBADMIN
319. range 192.168.1.2 192.168.1.26
320. default-router 192.168.1.1
321. dns-server 192.168.1.1
322. lease 25200
323. bind Home
324. enable
325. !
326. ip dhcp pool _WEBADMIN_GUEST_AP
327. enable
328. !
329. ip dhcp host * 192.168.1.10
330. ip dhcp host * 192.168.1.3
331. ip dhcp host * 192.168.1.2
332. ip dhcp host * 192.168.1.60
333. ip dhcp host * 192.168.1.20
334. ip dhcp host * 192.168.1.4
335. ip name-server 77.88.8.8:1253 ""
336. ip name-server 8.8.8.8 "" on Wireguard0
337. ip policy Policy0
338. description VPN
339. no permit global OpenVPN0
340. no permit global PPPoE0
341. no permit global PPPoE1
342. no permit global Wireguard0
343. !
344. ip http security-level private
345. ip http lockout-policy 5 15 3
346. ip http ssl enable
347. ip http ssl redirect
348. ip nat Home
349. ip nat GuestWiFi
350. ip nat vpn
351. ip nat sstp
352. ip static tcp PPPoE0 * 192.168.1.20 5000 !NAS
353. ip static tcp PPPoE0 * 192.168.1.20 5001 !NAS2
354. ip static tcp PPPoE0 * 192.168.1.20 21 !ftp
355. ip static tcp PPPoE0 * through 55537 192.168.1.20 !ftp2
356. ip static tcp PPPoE0 * 192.168.1.20 8080 !http
357. ip static tcp PPPoE0 * * !utorrent
358. ip telnet
359. security-level private
360. lockout-policy 5 15 3
361. !
362. ip ftp
363. security-level private
364. lockout-policy 4 15 3
365. !
366. ip hotspot
367. policy Home permit
368. host * permit
369. host * permit
370. host * permit
371. host * permit
372. host * permit
373. host * permit
374. host * permit
375. host * permit
376. host * permit
377. host * permit
378. host * permit
379. auto-scan no interface Home
380. !
381. ipv6 subnet Default
382. bind Home
383. number 0
384. mode slaac
385. !
386. ipv6 firewall
387. ppe software
388. ppe hardware
389. upnp lan Home
390. udpxy
391. timeout 5
392. port 4022
393. interface PPPoE0
394. renew-interval 0
395. !
396. crypto engine hardware
397. crypto ipsec mtu auto
398. sstp-server
399. interface Home
400. pool-range 172.16.3.33 30
401. multi-login
402. lcp echo 30 3
403. !
404. vpn-server
405. interface Home
406. pool-range 172.16.1.33 30
407. multi-login
408. lcp echo 30 3
409. lockout-policy 3 30 5
410. !
411. service dhcp
412. service dns-proxy
413. service http
414. service telnet
415. service ntp-client
416. service upnp
417. service ntce
418. service no cloud-control2
419. cifs
420. share OPKG 1531ed6f-3aeb-485c-8558-e023b46f4555:
421. automount
422. permissive
423. !
424. dns-proxy
425. tls upstream 8.8.8.8 853 sni dns.google.com
426. tls upstream 8.8.4.4 853 sni dns.google.com
427. tls upstream 1.1.1.1 853 sni cloudflare-dns.com
428. tls upstream 1.0.0.1 853 sni cloudflare-dns.com
429. tls upstream 9.9.9.9 853 sni dns.quad9.net
430. !
431. monitor
432. capture
433. interface AccessPoint
434. direction in-out
435. filter "host 192.168.1.14"
436. timeout 1000
437. buffer-size 512
438. max-frame-size 1518
439. capture-size 16384
440. !
441. !
442. !
443. opkg disk OPKG:/
444. opkg initrc /opt/etc/init.d/rc.unslung
445. ntce shaping
446. components
447. auto-update disable
448. auto-update channel stable
449. !
450. !