API tools faq
paste
Guest User

Untitled

a guest
Aug 27th, 2019
412
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.00 KB | None | 0 0
raw download clone embed print report
  1. /interface bridge
  2. add name=LAN protocol-mode=none
  3. /interface ethernet
  4. set [ find default-name=ether1 ] name=ether1_WAN
  5. set [ find default-name=ether2 ] name=ether2_Laptop
  6. set [ find default-name=ether5 ] name=ether5_WIFI
  7. /interface gre
  8. add !keepalive local-address=172.16.1.2 mtu=1382 name=GRE_Site_to_Site \
  9. remote-address=172.16.1.1
  10. /ip ipsec mode-config
  11. add name=GRE responder=no
  12. /ip ipsec policy group
  13. add name=GRE
  14. /ip ipsec profile
  15. set [ find default=yes ] enc-algorithm=aes-256,aes-128
  16. add enc-algorithm=aes-256,aes-128 name=IKE2
  17. /ip ipsec peer
  18. add address=trackboy.ddns.net exchange-mode=ike2 name=GRE_Site_to_Site \
  19. profile=IKE2
  20. /ip ipsec proposal
  21. set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms=\
  22. aes-256-cbc,aes-128-cbc pfs-group=none
  23. add auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,aes-128-cbc name=\
  24. IKE2 pfs-group=none
  25. /ip pool
  26. add name=WIFI ranges=10.10.3.100-10.10.3.200
  27. /ip dhcp-server
  28. add add-arp=yes address-pool=WIFI disabled=no interface=ether5_WIFI name=WIFI
  29. /interface bridge port
  30. add bridge=LAN interface=ether3
  31. add bridge=LAN interface=ether4
  32. /interface l2tp-server server
  33. set authentication=chap default-profile=default keepalive-timeout=disabled
  34. /ip address
  35. add address=10.10.1.1/24 interface=ether2_Laptop network=10.10.1.0
  36. add address=10.10.2.1/24 interface=LAN network=10.10.2.0
  37. add address=10.10.3.1/24 interface=ether5_WIFI network=10.10.3.0
  38. /ip dhcp-client
  39. add dhcp-options=hostname,clientid disabled=no interface=ether1_WAN \
  40. use-peer-dns=no use-peer-ntp=no
  41. /ip dhcp-server network
  42. add address=10.10.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.10.3.1 \
  43. netmask=24
  44. /ip dns
  45. set servers=8.8.8.8,8.8.4.4
  46. /ip firewall filter
  47. add action=accept chain=input dst-port=2250,8291 protocol=tcp
  48. add action=accept chain=input protocol=icmp
  49. add action=accept chain=input dst-port=500,1701,4500 protocol=udp
  50. add action=accept chain=input protocol=ipsec-esp
  51. add action=accept chain=input protocol=gre
  52. add action=accept chain=input connection-state=established,related
  53. add action=drop chain=input connection-state=invalid
  54. add action=drop chain=input
  55. add action=accept chain=forward connection-state=established,related
  56. add action=drop chain=forward connection-state=invalid
  57. /ip firewall nat
  58. add action=masquerade chain=srcnat out-interface=ether1_Naracom
  59. /ip ipsec identity
  60. add generate-policy=port-strict mode-config=GRE peer=GRE_Site_to_Site \
  61. policy-template-group=GRE secret=Laci19881124
  62. /ip ipsec policy
  63. add dst-address=172.16.1.1/32 group=GRE proposal=IKE2 src-address=\
  64. 172.16.1.2/32 template=yes
  65. /ip route
  66. add distance=1 dst-address=10.10.100.0/24 gateway=ether1_Naracom
  67. /ip service
  68. set telnet disabled=yes
  69. set ftp disabled=yes
  70. set www disabled=yes
  71. set ssh address=10.10.1.0/24 port=2250
  72. set api disabled=yes
  73. set api-ssl disabled=yes
  74. /system clock
  75. set time-zone-autodetect=no time-zone-name=Europe/Budapest
  76. /system identity
  77. set name=750GL
  78. /system logging
  79. add topics=l2tp
  80. add topics=ipsec
  81. add topics=ssh
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!