[admin@MikroTik] > export# apr/19/2017 10:02:37 by RouterOS 6.38.5#/interf

1. [admin@MikroTik] > export
2. # apr/19/2017 10:02:37 by RouterOS 6.38.5
3. #
4. /interface bridge
5. add admin-mac=6C:3B:6B:xx:xx:xx auto-mac=no comment=defconf name=bridge
6. /interface ethernet
7. set [ find default-name=ether2 ] name=ether2-master
8. set [ find default-name=ether3 ] master-port=ether2-master
9. set [ find default-name=ether4 ] master-port=ether2-master
10. set [ find default-name=ether5 ] master-port=ether2-master
11. /interface wireless
12. set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
13. country=canada disabled=no distance=indoors frequency=auto mode=ap-bridge \
14. ssid=SH-A wireless-protocol=802.11
15. set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee \
16. country=canada disabled=no distance=indoors frequency=auto mode=ap-bridge \
17. ssid=ALDAN-5G wireless-protocol=802.11
18. /ip neighbor discovery
19. set ether1 discover=no
20. /interface wireless security-profiles
21. set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
22. dynamic-keys wpa2-pre-shared-key=xxxxxxxx
23. /ip hotspot profile
24. set [ find default=yes ] html-directory=flash/hotspot
25. /ip ipsec policy group
26. add name=SecretGr
27. /ip ipsec proposal
28. set [ find default=yes ] auth-algorithms=md5 enc-algorithms=aes-256-cbc
29. /ip pool
30. add name=default-dhcp ranges=192.168.180.10-192.168.180.254
31. /ip dhcp-server
32. add address-pool=default-dhcp disabled=no interface=bridge name=defconf
33. /interface l2tp-client
34. add allow=mschap2 connect-to=xxxxxxxxxx.sn.mynetname.net disabled=no \
35. ipsec-secret="xxxxxxxx" max-mru=1300 max-mtu=1300 name=l2tp-out1 \
36. password="xxxxxxxx'" profile=default user=l2tp
37. /interface bridge port
38. add bridge=bridge comment=defconf interface=ether2-master
39. add bridge=bridge comment=defconf interface=sfp1
40. add bridge=bridge comment=defconf interface=wlan1
41. add bridge=bridge comment=defconf interface=wlan2
42. /ip address
43. add address=192.168.180.1/24 comment=defconf interface=bridge network=\
44. 192.168.180.0
45. /ip cloud
46. set ddns-enabled=yes
47. /ip dhcp-client
48. add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
49. /ip dhcp-server lease
50. add address=192.168.180.10 mac-address=90:48:9A:xx:xx:xx server=defconf
51. /ip dhcp-server network
52. add address=192.168.180.0/24 comment=defconf gateway=192.168.180.1
53. /ip dns
54. set allow-remote-requests=yes
55. /ip dns static
56. add address=192.168.88.1 name=router
57. /ip firewall address-list
58. add address=xxxxxxxx.sn.mynetname.net list=MamMikrotik
59. add address=mirror.yandex.ru list=MYA
60. /ip firewall filter
61. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
62. add action=accept chain=input src-address-list=MamMikrotik
63. add action=accept chain=input comment="defconf: accept established,related" \
64. connection-state=established,related
65. add action=drop chain=input comment="defconf: drop all from WAN" in-interface=\
66. ether1
67. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
68. connection-state=established,related
69. add action=accept chain=forward comment="defconf: accept established,related" \
70. connection-state=established,related
71. add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
72. invalid
73. add action=drop chain=forward comment=\
74. "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
75. connection-state=new in-interface=ether1
76. /ip firewall mangle
77. add action=mark-routing chain=prerouting dst-address-list=MYA new-routing-mark=\
78. KODI passthrough=no src-address=192.168.180.250
79. /ip firewall nat
80. add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=\
81. ether1
82. add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
83. out-interface=l2tp-out1
84. /ip ipsec peer
85. add address=77.35.50.64/32 comment="vlad peer" dpd-interval=15s \
86. dpd-maximum-failures=2 enc-algorithm=aes-256 hash-algorithm=md5 \
87. nat-traversal=no policy-template-group=SecretGr secret=xxxxxxxx
88. /ip ipsec policy
89. set 0 group=SecretGr
90. /ip route
91. add check-gateway=ping distance=1 gateway=172.21.107.1 routing-mark=KODI
92. add disabled=yes distance=10 gateway=ether2-master routing-mark=KODI
93. add distance=1 dst-address=192.168.170.0/24 gateway=l2tp-out1
94. /ip upnp interfaces
95. add interface=ether1 type=external
96. add interface=wlan1 type=internal
97. add interface=wlan2 type=internal
98. /system clock
99. set time-zone-name=Asia/Vladivostok
100. /system leds
101. set 1 interface=wlan2
102. /system scheduler
103. add interval=2m name=SchCheckVladIP on-event=CheckinVladIP policy=\
104. ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
105. start-date=apr/12/2017 start-time=20:19:31
106. /system script
107. add name=CheckinVladIP owner=admin policy=\
108. ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="{\r\
109. \n:local newip [:resolve \"xxxxxxxx.sn.mynetname.net\"];\r\
110. \n\r\
111. \n:local peerip [/ip ipsec peer get [find comment=\"vlad peer\"] address]\r\
112. \n\r\
113. \n:local shortpeerip ( [:pick \"\$peerip\" 0 [:find \"\$peerip\" \"/\" -1]] \
114. )\r\
115. \n\r\
116. \nif (\$newip != \$shortpeerip) do={ ip ipsec peer set [find comment=\"vlad \
117. peer\"] address=\$newip \r\
118. \n:log info \"New VladIP is \$newip\" }\r\
119. \n}\r\
120. \n"
121. /tool mac-server
122. set [ find default=yes ] disabled=yes
123. add interface=bridge
124. /tool mac-server mac-winbox
125. set [ find default=yes ] disabled=yes
126. add interface=bridge
127. [admin@MikroTik] >