Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [admin@MikroTik] > export
- # apr/19/2017 10:02:37 by RouterOS 6.38.5
- #
- /interface bridge
- add admin-mac=6C:3B:6B:xx:xx:xx auto-mac=no comment=defconf name=bridge
- /interface ethernet
- set [ find default-name=ether2 ] name=ether2-master
- set [ find default-name=ether3 ] master-port=ether2-master
- set [ find default-name=ether4 ] master-port=ether2-master
- set [ find default-name=ether5 ] master-port=ether2-master
- /interface wireless
- set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
- country=canada disabled=no distance=indoors frequency=auto mode=ap-bridge \
- ssid=SH-A wireless-protocol=802.11
- set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee \
- country=canada disabled=no distance=indoors frequency=auto mode=ap-bridge \
- ssid=ALDAN-5G wireless-protocol=802.11
- /ip neighbor discovery
- set ether1 discover=no
- /interface wireless security-profiles
- set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
- dynamic-keys wpa2-pre-shared-key=xxxxxxxx
- /ip hotspot profile
- set [ find default=yes ] html-directory=flash/hotspot
- /ip ipsec policy group
- add name=SecretGr
- /ip ipsec proposal
- set [ find default=yes ] auth-algorithms=md5 enc-algorithms=aes-256-cbc
- /ip pool
- add name=default-dhcp ranges=192.168.180.10-192.168.180.254
- /ip dhcp-server
- add address-pool=default-dhcp disabled=no interface=bridge name=defconf
- /interface l2tp-client
- add allow=mschap2 connect-to=xxxxxxxxxx.sn.mynetname.net disabled=no \
- ipsec-secret="xxxxxxxx" max-mru=1300 max-mtu=1300 name=l2tp-out1 \
- password="xxxxxxxx'" profile=default user=l2tp
- /interface bridge port
- add bridge=bridge comment=defconf interface=ether2-master
- add bridge=bridge comment=defconf interface=sfp1
- add bridge=bridge comment=defconf interface=wlan1
- add bridge=bridge comment=defconf interface=wlan2
- /ip address
- add address=192.168.180.1/24 comment=defconf interface=bridge network=\
- 192.168.180.0
- /ip cloud
- set ddns-enabled=yes
- /ip dhcp-client
- add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
- /ip dhcp-server lease
- add address=192.168.180.10 mac-address=90:48:9A:xx:xx:xx server=defconf
- /ip dhcp-server network
- add address=192.168.180.0/24 comment=defconf gateway=192.168.180.1
- /ip dns
- set allow-remote-requests=yes
- /ip dns static
- add address=192.168.88.1 name=router
- /ip firewall address-list
- add address=xxxxxxxx.sn.mynetname.net list=MamMikrotik
- add address=mirror.yandex.ru list=MYA
- /ip firewall filter
- add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
- add action=accept chain=input src-address-list=MamMikrotik
- add action=accept chain=input comment="defconf: accept established,related" \
- connection-state=established,related
- add action=drop chain=input comment="defconf: drop all from WAN" in-interface=\
- ether1
- add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
- connection-state=established,related
- add action=accept chain=forward comment="defconf: accept established,related" \
- connection-state=established,related
- add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
- invalid
- add action=drop chain=forward comment=\
- "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
- connection-state=new in-interface=ether1
- /ip firewall mangle
- add action=mark-routing chain=prerouting dst-address-list=MYA new-routing-mark=\
- KODI passthrough=no src-address=192.168.180.250
- /ip firewall nat
- add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=\
- ether1
- add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
- out-interface=l2tp-out1
- /ip ipsec peer
- add address=77.35.50.64/32 comment="vlad peer" dpd-interval=15s \
- dpd-maximum-failures=2 enc-algorithm=aes-256 hash-algorithm=md5 \
- nat-traversal=no policy-template-group=SecretGr secret=xxxxxxxx
- /ip ipsec policy
- set 0 group=SecretGr
- /ip route
- add check-gateway=ping distance=1 gateway=172.21.107.1 routing-mark=KODI
- add disabled=yes distance=10 gateway=ether2-master routing-mark=KODI
- add distance=1 dst-address=192.168.170.0/24 gateway=l2tp-out1
- /ip upnp interfaces
- add interface=ether1 type=external
- add interface=wlan1 type=internal
- add interface=wlan2 type=internal
- /system clock
- set time-zone-name=Asia/Vladivostok
- /system leds
- set 1 interface=wlan2
- /system scheduler
- add interval=2m name=SchCheckVladIP on-event=CheckinVladIP policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
- start-date=apr/12/2017 start-time=20:19:31
- /system script
- add name=CheckinVladIP owner=admin policy=\
- ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="{\r\
- \n:local newip [:resolve \"xxxxxxxx.sn.mynetname.net\"];\r\
- \n\r\
- \n:local peerip [/ip ipsec peer get [find comment=\"vlad peer\"] address]\r\
- \n\r\
- \n:local shortpeerip ( [:pick \"\$peerip\" 0 [:find \"\$peerip\" \"/\" -1]] \
- )\r\
- \n\r\
- \nif (\$newip != \$shortpeerip) do={ ip ipsec peer set [find comment=\"vlad \
- peer\"] address=\$newip \r\
- \n:log info \"New VladIP is \$newip\" }\r\
- \n}\r\
- \n"
- /tool mac-server
- set [ find default=yes ] disabled=yes
- add interface=bridge
- /tool mac-server mac-winbox
- set [ find default=yes ] disabled=yes
- add interface=bridge
- [admin@MikroTik] >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement