# jul/16/2017 16:30:43 by RouterOS 6.39.2# software id = G80J-VTV3#/interf

1. # jul/16/2017 16:30:43 by RouterOS 6.39.2
2. # software id = G80J-VTV3
3. #
4. /interface bridge
5. add admin-mac=E4:8D:8C:B3:39:7F auto-mac=no fast-forward=no name=bridge-local
6. /interface wireless
7. set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=20/40mhz-Ce \
8. country="united states" disabled=no distance=indoors frequency=auto mode=\
9. ap-bridge ssid=00 wireless-protocol=802.11
10. /interface ethernet
11. set [ find default-name=ether1 ] name=ether1-gateway
12. set [ find default-name=ether2 ] arp=reply-only name=ether2-master-local
13. set [ find default-name=ether3 ] master-port=ether2-master-local name=\
14. ether3-slave-local
15. set [ find default-name=ether4 ] master-port=ether2-master-local name=\
16. ether4-slave-local
17. set [ find default-name=ether5 ] master-port=ether2-master-local name=\
18. ether5-slave-local
19. set [ find default-name=ether6 ] master-port=ether2-master-local name=\
20. ether6-slave-local
21. set [ find default-name=ether7 ] master-port=ether2-master-local name=\
22. ether7-slave-local
23. set [ find default-name=ether8 ] master-port=ether2-master-local name=\
24. ether8-slave-local
25. set [ find default-name=ether9 ] master-port=ether2-master-local name=\
26. ether9-slave-local
27. set [ find default-name=ether10 ] master-port=ether2-master-local name=\
28. ether10-slave-local
29. set [ find default-name=ether11 ] master-port=ether2-master-local name=\
30. ether11-slave-local
31. set [ find default-name=ether12 ] master-port=ether2-master-local name=\
32. ether12-slave-local
33. set [ find default-name=ether13 ] master-port=ether2-master-local name=\
34. ether13-slave-local
35. set [ find default-name=ether14 ] master-port=ether2-master-local name=\
36. ether14-slave-local
37. set [ find default-name=ether15 ] master-port=ether2-master-local name=\
38. ether15-slave-local
39. set [ find default-name=ether16 ] master-port=ether2-master-local name=\
40. ether16-slave-local
41. set [ find default-name=ether17 ] master-port=ether2-master-local name=\
42. ether17-slave-local
43. set [ find default-name=ether18 ] master-port=ether2-master-local name=\
44. ether18-slave-local
45. set [ find default-name=ether19 ] master-port=ether2-master-local name=\
46. ether19-slave-local
47. set [ find default-name=ether20 ] master-port=ether2-master-local name=\
48. ether20-slave-local
49. set [ find default-name=ether21 ] master-port=ether2-master-local name=\
50. ether21-slave-local
51. set [ find default-name=ether22 ] master-port=ether2-master-local name=\
52. ether22-slave-local
53. set [ find default-name=ether23 ] master-port=ether2-master-local name=\
54. ether23-slave-local
55. set [ find default-name=ether24 ] master-port=ether2-master-local name=\
56. ether24-slave-local
57. set [ find default-name=sfp1 ] master-port=ether2-master-local name=\
58. sfp1-slave-local
59. /interface l2tp-server
60. add name=l2tp-in1 user=""
61. /ip neighbor discovery
62. set ether1-gateway discover=no
63. /interface wireless security-profiles
64. set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
65. dynamic-keys wpa-pre-shared-key=77777777 wpa2-pre-shared-key=77777777
66. add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=profile \
67. wpa-pre-shared-key=77777777 wpa2-pre-shared-key=77777777
68. /interface wireless
69. add disabled=no mac-address=E6:8D:8C:B3:39:97 master-interface=wlan1 name=\
70. wlan2 security-profile=profile ssid=01
71. /ip ipsec proposal
72. set [ find default=yes ] auth-algorithms=sha512,sha1 enc-algorithms="aes-256-c\
73. bc,aes-256-ctr,aes-256-gcm,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm\
74. ,3des" pfs-group=none
75. /ip pool
76. add name=dhcp ranges=192.168.88.200-192.168.88.210
77. add name=vpn-pool ranges=10.10.10.10-10.10.10.254
78. /ip dhcp-server
79. add add-arp=yes address-pool=dhcp authoritative=after-2sec-delay disabled=no \
80. interface=bridge-local name=default
81. /ppp profile
82. add dns-server=8.8.8.8,8.8.4.4 local-address=10.10.10.1 name=VPN-PPP \
83. remote-address=vpn-pool use-encryption=required
84. /interface bridge filter
85. add action=drop chain=forward in-interface=wlan2
86. add action=drop chain=forward out-interface=wlan2
87. /interface bridge port
88. add bridge=bridge-local interface=ether2-master-local
89. add bridge=bridge-local interface=wlan1
90. add bridge=bridge-local interface=wlan2
91. /interface l2tp-server server
92. set default-profile=default enabled=yes ipsec-secret=12345 keepalive-timeout=\
93. disabled use-ipsec=yes
94. /interface pptp-server server
95. set authentication=chap,mschap1,mschap2 enabled=yes
96. /ip address
97. add address=192.168.88.1/24 comment="default configuration" interface=\
98. ether2-master-local network=192.168.88.0
99. /ip dhcp-client
100. add comment="default configuration" dhcp-options=hostname,clientid disabled=\
101. no interface=ether1-gateway
102. /ip dhcp-server lease
103. add address=192.168.88.6 client-id=1:3c:8:f6:d4:59:38 mac-address=\
104. 3C:08:F6:D4:59:38 server=default
105. add address=192.168.88.8 mac-address=6C:33:A9:26:F8:2F server=default
106. add address=192.168.88.9 mac-address=00:08:5D:1B:0A:D8 server=default
107. add address=192.168.88.20 client-id=1:0:1b:a9:ed:ac:d0 mac-address=\
108. 00:1B:A9:ED:AC:D0 server=default
109. add address=192.168.88.3 client-id=1:0:1b:21:24:13:88 mac-address=\
110. 00:1B:21:24:13:88 server=default
111. add address=192.168.88.21 client-id=1:0:80:92:99:2:e mac-address=\
112. 00:80:92:99:02:0E server=default
113. add address=192.168.88.10 client-id=1:1c:1b:d:93:d9:f5 mac-address=\
114. 1C:1B:0D:93:D9:F5 server=default
115. add address=192.168.88.11 client-id=1:f8:bc:12:a4:c5:b8 mac-address=\
116. F8:BC:12:A4:C5:B8 server=default
117. add address=192.168.88.5 client-id=1:ac:37:43:50:a1:26 mac-address=\
118. AC:37:43:50:A1:26 server=default
119. add address=192.168.88.12 client-id=1:b8:ac:6f:31:4c:ca mac-address=\
120. B8:AC:6F:31:4C:CA server=default
121. add address=192.168.88.7 client-id=1:c:8d:db:17:d8:44 mac-address=\
122. 0C:8D:DB:17:D8:44 server=default
123. /ip dhcp-server network
124. add address=192.168.88.0/24 comment="default configuration" gateway=\
125. 192.168.88.1
126. /ip dns
127. set allow-remote-requests=yes
128. /ip dns static
129. add address=192.168.88.1 name=router
130. /ip firewall filter
131. add action=accept chain=input comment="default configuration" protocol=icmp
132. add action=accept chain=input comment="default configuration" \
133. connection-state=established,related
134. add action=accept chain=input dst-port=80 protocol=tcp
135. add action=accept chain=input comment=VPN-L2TP dst-port=1701 in-interface=\
136. ether1-gateway protocol=udp
137. add action=accept chain=input comment=VPN-ISAKMP dst-port=500 in-interface=\
138. ether1-gateway protocol=udp
139. add action=accept chain=input comment="VPN-IPSEC-Authentication Header" \
140. in-interface=ether1-gateway protocol=ipsec-ah
141. add action=accept chain=input comment=\
142. "VPN-IPSEC-Encapsulating Security Payload" in-interface=ether1-gateway \
143. protocol=ipsec-esp
144. add action=accept chain=input comment=VPN-IPSEC-MSFT dst-port=4500 \
145. in-interface=ether1-gateway protocol=udp
146. add action=drop chain=input comment="default configuration" in-interface=\
147. ether1-gateway
148. add action=fasttrack-connection chain=forward comment="default configuration" \
149. connection-state=established,related
150. add action=accept chain=forward comment="default configuration" \
151. connection-state=established,related
152. add action=drop chain=forward comment="default configuration" \
153. connection-state=invalid
154. add action=drop chain=forward comment="default configuration" \
155. connection-nat-state=!dstnat connection-state=new in-interface=\
156. ether1-gateway
157. /ip firewall nat
158. add action=masquerade chain=srcnat comment="default configuration" \
159. out-interface=ether1-gateway
160. add action=dst-nat chain=dstnat comment="Webfig on WAN" dst-port=80 \
161. in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.1 \
162. to-ports=80
163. add action=dst-nat chain=dstnat comment="MSTSC - HQ" disabled=yes dst-port=\
164. 4444 in-interface=ether1-gateway protocol=tcp to-addresses=192.168.88.10 \
165. to-ports=3389
166. add action=masquerade chain=srcnat comment=VPN-NAT src-address=10.10.10.0/24
167. /ip ipsec peer
168. add address=0.0.0.0/0 comment=VPN dh-group=\
169. modp8192,modp6144,modp4096,modp3072,modp2048,modp1536,modp1024,modp768 \
170. enc-algorithm="aes-256,camellia-256,aes-192,camellia-192,aes-128,camellia-\
171. 128,3des,blowfish" exchange-mode=main-l2tp generate-policy=port-override \
172. secret=12345
173. /ip ipsec user
174. add name=vpnuser password=12345
175. /ip route
176. add disabled=yes distance=1 gateway=192.168.99.1
177. /ip service
178. set telnet disabled=yes
179. set ftp disabled=yes
180. set www-ssl disabled=no
181. set api disabled=yes
182. set api-ssl disabled=yes
183. /lcd
184. set time-interval=weekly
185. /lcd interface pages
186. set 0 interfaces=wlan1
187. /ppp l2tp-secret
188. add secret=12345
189. /ppp secret
190. add name=vpn-user password=12345 profile=VPN-PPP service=l2tp
191. /system clock
192. set time-zone-name=America/New_York
193. /system logging
194. add disabled=yes topics=ipsec
195. /system package update
196. set channel=release-candidate
197. /tool mac-server
198. set [ find default=yes ] disabled=yes
199. add interface=ether2-master-local
200. add interface=wlan1
201. add interface=wlan2
202. /tool mac-server mac-winbox
203. set [ find default=yes ] disabled=yes
204. add interface=ether2-master-local
205. add interface=wlan1
206. add interface=wlan2