Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # jul/16/2017 16:30:43 by RouterOS 6.39.2
- # software id = G80J-VTV3
- #
- /interface bridge
- add admin-mac=E4:8D:8C:B3:39:7F auto-mac=no fast-forward=no name=bridge-local
- /interface wireless
- set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=20/40mhz-Ce \
- country="united states" disabled=no distance=indoors frequency=auto mode=\
- ap-bridge ssid=00 wireless-protocol=802.11
- /interface ethernet
- set [ find default-name=ether1 ] name=ether1-gateway
- set [ find default-name=ether2 ] arp=reply-only name=ether2-master-local
- set [ find default-name=ether3 ] master-port=ether2-master-local name=\
- ether3-slave-local
- set [ find default-name=ether4 ] master-port=ether2-master-local name=\
- ether4-slave-local
- set [ find default-name=ether5 ] master-port=ether2-master-local name=\
- ether5-slave-local
- set [ find default-name=ether6 ] master-port=ether2-master-local name=\
- ether6-slave-local
- set [ find default-name=ether7 ] master-port=ether2-master-local name=\
- ether7-slave-local
- set [ find default-name=ether8 ] master-port=ether2-master-local name=\
- ether8-slave-local
- set [ find default-name=ether9 ] master-port=ether2-master-local name=\
- ether9-slave-local
- set [ find default-name=ether10 ] master-port=ether2-master-local name=\
- ether10-slave-local
- set [ find default-name=ether11 ] master-port=ether2-master-local name=\
- ether11-slave-local
- set [ find default-name=ether12 ] master-port=ether2-master-local name=\
- ether12-slave-local
- set [ find default-name=ether13 ] master-port=ether2-master-local name=\
- ether13-slave-local
- set [ find default-name=ether14 ] master-port=ether2-master-local name=\
- ether14-slave-local
- set [ find default-name=ether15 ] master-port=ether2-master-local name=\
- ether15-slave-local
- set [ find default-name=ether16 ] master-port=ether2-master-local name=\
- ether16-slave-local
- set [ find default-name=ether17 ] master-port=ether2-master-local name=\
- ether17-slave-local
- set [ find default-name=ether18 ] master-port=ether2-master-local name=\
- ether18-slave-local
- set [ find default-name=ether19 ] master-port=ether2-master-local name=\
- ether19-slave-local
- set [ find default-name=ether20 ] master-port=ether2-master-local name=\
- ether20-slave-local
- set [ find default-name=ether21 ] master-port=ether2-master-local name=\
- ether21-slave-local
- set [ find default-name=ether22 ] master-port=ether2-master-local name=\
- ether22-slave-local
- set [ find default-name=ether23 ] master-port=ether2-master-local name=\
- ether23-slave-local
- set [ find default-name=ether24 ] master-port=ether2-master-local name=\
- ether24-slave-local
- set [ find default-name=sfp1 ] master-port=ether2-master-local name=\
- sfp1-slave-local
- /interface l2tp-server
- add name=l2tp-in1 user=""
- /ip neighbor discovery
- set ether1-gateway discover=no
- /interface wireless security-profiles
- set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
- dynamic-keys wpa-pre-shared-key=77777777 wpa2-pre-shared-key=77777777
- add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=profile \
- wpa-pre-shared-key=77777777 wpa2-pre-shared-key=77777777
- /interface wireless
- add disabled=no mac-address=E6:8D:8C:B3:39:97 master-interface=wlan1 name=\
- wlan2 security-profile=profile ssid=01
- /ip ipsec proposal
- set [ find default=yes ] auth-algorithms=sha512,sha1 enc-algorithms="aes-256-c\
- bc,aes-256-ctr,aes-256-gcm,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm\
- ,3des" pfs-group=none
- /ip pool
- add name=dhcp ranges=192.168.88.200-192.168.88.210
- add name=vpn-pool ranges=10.10.10.10-10.10.10.254
- /ip dhcp-server
- add add-arp=yes address-pool=dhcp authoritative=after-2sec-delay disabled=no \
- interface=bridge-local name=default
- /ppp profile
- add dns-server=8.8.8.8,8.8.4.4 local-address=10.10.10.1 name=VPN-PPP \
- remote-address=vpn-pool use-encryption=required
- /interface bridge filter
- add action=drop chain=forward in-interface=wlan2
- add action=drop chain=forward out-interface=wlan2
- /interface bridge port
- add bridge=bridge-local interface=ether2-master-local
- add bridge=bridge-local interface=wlan1
- add bridge=bridge-local interface=wlan2
- /interface l2tp-server server
- set default-profile=default enabled=yes ipsec-secret=12345 keepalive-timeout=\
- disabled use-ipsec=yes
- /interface pptp-server server
- set authentication=chap,mschap1,mschap2 enabled=yes
- /ip address
- add address=192.168.88.1/24 comment="default configuration" interface=\
- ether2-master-local network=192.168.88.0
- /ip dhcp-client
- add comment="default configuration" dhcp-options=hostname,clientid disabled=\
- no interface=ether1-gateway
- /ip dhcp-server lease
- add address=192.168.88.6 client-id=1:3c:8:f6:d4:59:38 mac-address=\
- 3C:08:F6:D4:59:38 server=default
- add address=192.168.88.8 mac-address=6C:33:A9:26:F8:2F server=default
- add address=192.168.88.9 mac-address=00:08:5D:1B:0A:D8 server=default
- add address=192.168.88.20 client-id=1:0:1b:a9:ed:ac:d0 mac-address=\
- 00:1B:A9:ED:AC:D0 server=default
- add address=192.168.88.3 client-id=1:0:1b:21:24:13:88 mac-address=\
- 00:1B:21:24:13:88 server=default
- add address=192.168.88.21 client-id=1:0:80:92:99:2:e mac-address=\
- 00:80:92:99:02:0E server=default
- add address=192.168.88.10 client-id=1:1c:1b:d:93:d9:f5 mac-address=\
- 1C:1B:0D:93:D9:F5 server=default
- add address=192.168.88.11 client-id=1:f8:bc:12:a4:c5:b8 mac-address=\
- F8:BC:12:A4:C5:B8 server=default
- add address=192.168.88.5 client-id=1:ac:37:43:50:a1:26 mac-address=\
- AC:37:43:50:A1:26 server=default
- add address=192.168.88.12 client-id=1:b8:ac:6f:31:4c:ca mac-address=\
- B8:AC:6F:31:4C:CA server=default
- add address=192.168.88.7 client-id=1:c:8d:db:17:d8:44 mac-address=\
- 0C:8D:DB:17:D8:44 server=default
- /ip dhcp-server network
- add address=192.168.88.0/24 comment="default configuration" gateway=\
- 192.168.88.1
- /ip dns
- set allow-remote-requests=yes
- /ip dns static
- add address=192.168.88.1 name=router
- /ip firewall filter
- add action=accept chain=input comment="default configuration" protocol=icmp
- add action=accept chain=input comment="default configuration" \
- connection-state=established,related
- add action=accept chain=input dst-port=80 protocol=tcp
- add action=accept chain=input comment=VPN-L2TP dst-port=1701 in-interface=\
- ether1-gateway protocol=udp
- add action=accept chain=input comment=VPN-ISAKMP dst-port=500 in-interface=\
- ether1-gateway protocol=udp
- add action=accept chain=input comment="VPN-IPSEC-Authentication Header" \
- in-interface=ether1-gateway protocol=ipsec-ah
- add action=accept chain=input comment=\
- "VPN-IPSEC-Encapsulating Security Payload" in-interface=ether1-gateway \
- protocol=ipsec-esp
- add action=accept chain=input comment=VPN-IPSEC-MSFT dst-port=4500 \
- in-interface=ether1-gateway protocol=udp
- add action=drop chain=input comment="default configuration" in-interface=\
- ether1-gateway
- add action=fasttrack-connection chain=forward comment="default configuration" \
- connection-state=established,related
- add action=accept chain=forward comment="default configuration" \
- connection-state=established,related
- add action=drop chain=forward comment="default configuration" \
- connection-state=invalid
- add action=drop chain=forward comment="default configuration" \
- connection-nat-state=!dstnat connection-state=new in-interface=\
- ether1-gateway
- /ip firewall nat
- add action=masquerade chain=srcnat comment="default configuration" \
- out-interface=ether1-gateway
- add action=dst-nat chain=dstnat comment="Webfig on WAN" dst-port=80 \
- in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.1 \
- to-ports=80
- add action=dst-nat chain=dstnat comment="MSTSC - HQ" disabled=yes dst-port=\
- 4444 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.10 \
- to-ports=3389
- add action=masquerade chain=srcnat comment=VPN-NAT src-address=10.10.10.0/24
- /ip ipsec peer
- add address=0.0.0.0/0 comment=VPN dh-group=\
- modp8192,modp6144,modp4096,modp3072,modp2048,modp1536,modp1024,modp768 \
- enc-algorithm="aes-256,camellia-256,aes-192,camellia-192,aes-128,camellia-\
- 128,3des,blowfish" exchange-mode=main-l2tp generate-policy=port-override \
- secret=12345
- /ip ipsec user
- add name=vpnuser password=12345
- /ip route
- add disabled=yes distance=1 gateway=192.168.99.1
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www-ssl disabled=no
- set api disabled=yes
- set api-ssl disabled=yes
- /lcd
- set time-interval=weekly
- /lcd interface pages
- set 0 interfaces=wlan1
- /ppp l2tp-secret
- add secret=12345
- /ppp secret
- add name=vpn-user password=12345 profile=VPN-PPP service=l2tp
- /system clock
- set time-zone-name=America/New_York
- /system logging
- add disabled=yes topics=ipsec
- /system package update
- set channel=release-candidate
- /tool mac-server
- set [ find default=yes ] disabled=yes
- add interface=ether2-master-local
- add interface=wlan1
- add interface=wlan2
- /tool mac-server mac-winbox
- set [ find default=yes ] disabled=yes
- add interface=ether2-master-local
- add interface=wlan1
- add interface=wlan2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement