Di seguito posto la configurazione totale funzionante caricata nella routerboard RG401IGS+
spero sia di aiuto a chiunque voglia effettuare una linea di backup in failover.
dove ho inserito gli asterichi ****** ci va messo il nome e le password per la vpn
ringrazio ancora ppraz e pioccd per le dritte le quali non ho fatto solo un copia incolla ma ho cercato di comprenderle ed applicarle al mio caso specifico con ottimi risultati.
- Codice: Seleziona tutto
/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=100M-half,100M-full,1000M-half,1000M-full comment=MAIN-TELECOM
set [ find default-name=ether2 ] advertise=100M-half,100M-full,1000M-half,1000M-full comment=BACKUP-EOLO speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.1.115-192.168.1.149
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=15m name=dhcp1
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge hw=no interface=ether3
add bridge=bridge hw=no interface=ether4
add bridge=bridge hw=no interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
add bridge=bridge interface=sfp-sfpplus1
/interface l2tp-server server
set enabled=yes ipsec-secret=vpn use-ipsec=yes
/interface list member
add comment=telecom interface=ether1 list=WAN
add comment="lan interna" interface=bridge list=LAN
add comment=eolo interface=ether2 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.1.1/24 interface=bridge network=192.168.1.0
add address=192.168.3.2/24 interface=ether1 network=192.168.3.0
add address=192.168.5.1/24 interface=bridge network=192.168.5.0
add address=192.168.4.1/24 interface=bridge network=192.168.4.0
/ip cloud
set ddns-update-interval=12h
/ip dhcp-client
add default-route-distance=2 dhcp-options=hostname,clientid disabled=no interface=ether2
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=8.8.8.8,1.1.1.1
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.2.0/24 in-interface=bridge
add action=accept chain=prerouting dst-address=192.168.3.0/24 in-interface=bridge
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether1 new-connection-mark=no-mark passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether2 new-connection-mark=no-mark passthrough=yes
add action=accept chain=prerouting dst-address=192.168.5.0/24 in-interface=bridge
add action=accept chain=prerouting dst-address=192.168.4.0/24 in-interface=bridge
/ip route
add comment=DF distance=1 gateway=192.168.3.1
add distance=1 dst-address=8.8.8.8/32 gateway=192.168.3.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set forwarding-enabled=remote
/ppp l2tp-secret
add address=192.168.1.49/32 secret=*********
/ppp secret
add name=********* password=*********
/system clock
set time-zone-name=Europe/Rome
/system identity
set name="ROUTER UFFICIO"
/tool netwatch
add comment=NW down-script=" ip route set [find comment=DF] distance=100" host=8.8.8.8 timeout=5s up-script=" ip route set [find comment=DF] distance=1"
[admin@ROUTER UFFICIO] >