da routermaniak » mer 16 apr 2014, 20:58
ti posto la config con il comando "/export compact"(dimmi se cè qualcosa che non torna):
/interface bridge
add arp=proxy-arp l2mtu=1598 name=bridge1 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp comment=WAN-VS-Telecom
set [ find default-name=sfp1 ] speed=100Mbps
/interface wireless
set [ find default-name=wlan1 ] ht-rxchains=0 ht-txchains=0 l2mtu=2290 wireless-protocol=unspecified
/ip neighbor discovery
set ether1 comment=WAN-VS-Telecom
set wlan1 discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys wpa-pre-shared-key=3F0602405698 wpa2-pre-shared-key=3F0602405698
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des,aes-256-cbc pfs-group=none
/ip pool
add name=dhcp_pool1 ranges=10.0.2.31-10.0.2.254
add name=VPN_L2TP-Pool ranges=10.0.2.28-10.0.2.30
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge1 name=dhcp1
/port
set 0 name=serial0
/ppp profile
add change-tcp-mss=yes dns-server=8.8.8.8,8.8.4.4 local-address=10.0.2.1 name=L2TP_VPN-Ipsec remote-address=VPN_L2TP-Pool use-ipv6=no
set 2 dns-server=8.8.4.4,8.8.8.8
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
/interface l2tp-server server
set default-profile=L2TP_VPN-Ipsec enabled=yes
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2
/interface sstp-server server
set enabled=yes
/ip address
add address=10.0.0.2/24 disabled=yes interface=ether1 network=10.0.0.0
add address=10.0.2.1/24 interface=bridge1 network=10.0.2.0
add address=192.168.1.50/24 interface=ether1 network=192.168.1.0
/ip dhcp-server network
add address=10.0.2.0/24 dns-server=10.0.2.1 gateway=10.0.2.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add chain=input dst-port=1723 in-interface=ether1 protocol=tcp
add chain=input in-interface=ether1 protocol=gre
add chain=input comment=VPN-L2PT connection-state=new dst-port=500,1701,4500 in-interface=ether1 protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat comment=IP-Cam disabled=yes dst-port=80 in-interface=ether1 protocol=tcp to-addresses=10.0.2.14 to-ports=80
/ip ipsec peer
add enc-algorithm=3des exchange-mode=main-l2tp generate-policy=port-strict nat-traversal=yes
/ip proxy
set parent-proxy=0.0.0.0
/ip route
add distance=1 gateway=192.168.1.254
/ip service
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
/ip upnp
set allow-disable-external-interface=no
/lcd interface
set sfp1 interface=sfp1
set ether1 interface=ether1
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
set ether9 interface=ether9
set ether10 interface=ether10
set wlan1 interface=wlan1
/lcd interface pages
set 0 interfaces=sfp1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,wlan1
/ppp secret
add name=miousername password=miapassword profile=L2TP_VPN-Ipsec service=l2tp
/system clock
set time-zone-name=Europe/Rome
/system ntp client
set enabled=yes mode=unicast primary-ntp=193.204.114.232 secondary-ntp=193.204.114.233
[admin@MikroTik] >
