BATCOH/config.rsc Secret

## config.rsc
# oct/07/2019 16:47:08 by RouterOS 6.45.6
# software id = Y05Z-6GZW
#
# model = RBD52G-5HacD2HnD
# serial number = B4A40A18B3AE
/caps-man channel
add band=2ghz-b/g/n name=channel_2.4_auto
add band=5ghz-a/n/ac name=channel_5_auto
add band=2ghz-b/g/n frequency=2462 name=channel_2.4_11
add band=5ghz-a/n/ac frequency=5700 name=channel_5_140
add band=2ghz-b/g/n frequency=2412 name=channel_2.4_1
add band=2ghz-b/g/n frequency=2417 name=channel_2.4_2
add band=2ghz-b/g/n frequency=2422 name=channel_2.4_3
add band=2ghz-b/g/n frequency=2427 name=channel_2.4_4
add band=2ghz-b/g/n frequency=2432 name=channel_2.4_5
add band=2ghz-b/g/n frequency=2437 name=channel_2.4_6
add band=2ghz-b/g/n frequency=2442 name=channel_2.4_7
add band=2ghz-b/g/n frequency=2447 name=channel_2.4_8
add band=2ghz-b/g/n frequency=2452 name=channel_2.4_9
add band=2ghz-b/g/n frequency=2457 name=channel_2.4_10
add band=2ghz-b/g/n frequency=2467 name=channel_2.4_12
add band=5ghz-a/n/ac frequency=5180 name=channel_5_36
add band=5ghz-a/n/ac frequency=5200 name=channel_5_40
add band=5ghz-a/n/ac frequency=5220 name=channel_5_44
add band=5ghz-a/n/ac frequency=5240 name=channel_5_48
add band=5ghz-a/n/ac frequency=5260 name=channel_5_52
add band=5ghz-a/n/ac frequency=5280 name=channel_5_56
add band=5ghz-a/n/ac frequency=5300 name=channel_5_60
add band=5ghz-a/n/ac frequency=5320 name=channel_5_64
add band=5ghz-a/n/ac frequency=5500 name=channel_5_100
add band=5ghz-a/n/ac frequency=5520 name=channel_5_104
add band=5ghz-a/n/ac frequency=5540 name=channel_5_108
add band=5ghz-a/n/ac frequency=5560 name=channel_5_112
add band=5ghz-a/n/ac frequency=5580 name=channel_5_116
add band=5ghz-a/n/ac frequency=5600 name=channel_5_120
add band=5ghz-a/n/ac frequency=5620 name=channel_5_124
add band=5ghz-a/n/ac frequency=5640 name=channel_5_128
add band=5ghz-a/n/ac frequency=5660 name=channel_5_132
add band=5ghz-a/n/ac frequency=5680 name=channel_5_136
add band=5ghz-a/n/ac frequency=5700 name=channel_5_140
add band=5ghz-a/n/ac frequency=5745 name=channel_5_149
add band=5ghz-a/n/ac frequency=5765 name=channel_5_153
add band=5ghz-a/n/ac frequency=5785 name=channel_5_157
add band=5ghz-a/n/ac frequency=5805 name=channel_5_161
add band=5ghz-a/n/ac frequency=5825 name=channel_5_165
/interface bridge
add admin-mac=74:4D:28:7E:90:5C arp=proxy-arp auto-mac=no comment=defconf \
    name=bridge
/interface l2tp-client
add allow=chap,mschap1,mschap2 connect-to=x.x.x.x disabled=no name=\
    vpn_DC use-ipsec=yes user=vpn_office
/interface l2tp-server
add name=remote_sa user=remote_sa
add name=remote_srv_branch43 user=remote_srv_branch43
/interface wireless
# managed by CAPsMAN
# channel: 2462/20-eC/gn(15dBm), SSID: Acme, local forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=Acme \
    wireless-protocol=802.11
# managed by CAPsMAN
# channel: 5805/20-eC/ac(20dBm), SSID: Acme, local forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto mode=\
    ap-bridge ssid=Acme wireless-protocol=802.11
/caps-man datapath
add arp=proxy-arp bridge=bridge client-to-client-forwarding=yes \
    local-forwarding=yes name=datapath1
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-key-update=10m \
    name=security_Acme_wpa2_psk
/caps-man configuration
add channel=channel_2.4_11 channel.band=2ghz-b/g/n channel.tx-power=15 \
    country=russia3 datapath=datapath1 mode=ap multicast-helper=full name=\
    cfg_2.4_1 rx-chains=0,1,2,3 security=security_Acme_wpa2_psk ssid=Acme \
    tx-chains=0,1,2,3
add channel=channel_5_161 channel.band=5ghz-n/ac channel.tx-power=20 country=\
    russia3 datapath=datapath1 mode=ap multicast-helper=full name=cfg_5_1 \
    rx-chains=0,1,2,3 security=security_Acme_wpa2_psk ssid=Acme tx-chains=\
    0,1,2,3
/caps-man interface
add configuration=cfg_5_1 disabled=no l2mtu=1600 mac-address=\
    74:4D:28:7E:90:D6 master-interface=none name=cap5-13-AP-1 radio-mac=\
    74:4D:28:7E:90:D6 radio-name=744D287E90D6
add configuration=cfg_5_1 disabled=no l2mtu=1600 mac-address=\
    74:4D:28:7E:90:61 master-interface=none name=cap5-2-GW-1 radio-mac=\
    74:4D:28:7E:90:61 radio-name=744D287E9061
add configuration=cfg_5_1 disabled=no l2mtu=1600 mac-address=\
    74:4D:28:7E:8E:E0 master-interface=none name=cap5-6-AP-1 radio-mac=\
    74:4D:28:7E:8E:E0 radio-name=744D287E8EE0
add configuration=cfg_2.4_1 disabled=no l2mtu=1600 mac-address=\
    74:4D:28:7E:90:D5 master-interface=none name=cap24-13-AP-1 \
    radio-mac=74:4D:28:7E:90:D5 radio-name=744D287E90D5
add configuration=cfg_2.4_1 disabled=no l2mtu=1600 mac-address=\
    74:4D:28:7E:90:60 master-interface=none name=cap24-2-GW-1 radio-mac=\
    74:4D:28:7E:90:60 radio-name=744D287E9060
add configuration=cfg_2.4_1 disabled=no l2mtu=1600 mac-address=\
    74:4D:28:7E:8E:DF master-interface=none name=cap24-6-AP-1 radio-mac=\
    74:4D:28:7E:8E:DF radio-name=744D287E8EDF
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.150
add name=vpn ranges=192.168.88.160-192.168.88.180
add name=servers ranges=192.168.88.200-192.168.88.220
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=1h name=default
/ppp profile
add local-address=192.168.88.1 name=l2tp_profile remote-address=vpn \
    use-encryption=yes
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no interface=all \
    mac-address=E4:18:6B:55:BF:E0 ssid-regexp=""
add action=accept allow-signal-out-of-range=10s disabled=no interface=all \
    mac-address=E6:18:6B:54:BF:E2 ssid-regexp=""
add action=accept disabled=no interface=all signal-range=-79..120 \
    ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface=all \
    signal-range=-120..-80 ssid-regexp=""
/caps-man manager
set enabled=yes
/caps-man manager interface
add disabled=no interface=bridge
add disabled=no forbid=yes interface=ether1
/caps-man provisioning
add action=create-enabled hw-supported-modes=b,gn master-configuration=\
    cfg_2.4_1 name-format=prefix-identity name-prefix=cap24
add action=create-enabled hw-supported-modes=an,ac master-configuration=\
    cfg_5_1 name-format=prefix-identity name-prefix=cap5
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set authentication=mschap2 default-profile=l2tp_profile enabled=yes \
    use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=LAN
/interface wireless cap
#
set bridge=bridge caps-man-addresses=127.0.0.1 enabled=yes interfaces=\
    wlan1,wlan2
/ip address
add address=192.168.88.1/8 comment=defconf interface=ether2 network=192.0.0.0
add address=yy.yy.yy.94/30 interface=ether1 network=yy.yy.yy.92
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server lease
add address=192.168.88.113 client-id=1:f0:23:b9:47:4e:67 mac-address=\
    F0:23:B9:47:4E:67
add address=192.168.88.112 client-id=1:f0:23:b9:47:4d:e1 mac-address=\
    F0:23:B9:47:4D:E1
add address=192.168.88.111 client-id=1:f0:23:b9:46:1e:13 mac-address=\
    F0:23:B9:46:1E:13
add address=192.168.88.110 client-id=1:f0:23:b9:46:1e:10 mac-address=\
    F0:23:B9:46:1E:10
add address=192.168.88.108 client-id=1:f0:23:b9:46:1e:11 mac-address=\
    F0:23:B9:46:1E:11
add address=192.168.88.107 client-id=1:f0:23:b9:46:1e:17 mac-address=\
    F0:23:B9:46:1E:17
add address=192.168.88.106 client-id=1:f0:23:b9:47:4d:c8 mac-address=\
    F0:23:B9:47:4D:C8
add address=192.168.88.105 client-id=1:f0:23:b9:47:4d:cb mac-address=\
    F0:23:B9:47:4D:CB
add address=192.168.88.104 client-id=1:f0:23:b9:47:4d:bc mac-address=\
    F0:23:B9:47:4D:BC
add address=192.168.88.103 client-id=1:f0:23:b9:46:1e:e mac-address=\
    F0:23:B9:46:1E:0E
add address=192.168.88.102 client-id=1:f0:23:b9:47:4d:b9 mac-address=\
    F0:23:B9:47:4D:B9
add address=192.168.88.101 client-id=1:f0:23:b9:46:1e:12 mac-address=\
    F0:23:B9:46:1E:12
add address=192.168.88.133 client-id=1:50:3e:aa:22:a9:fe mac-address=\
    50:3E:AA:22:A9:FE
add address=192.168.88.141 client-id=1:50:3e:aa:e8:da:4b mac-address=\
    50:3E:AA:E8:DA:4B
add address=192.168.88.100 client-id=\
    ff:82:e8:95:8d:0:1:0:1:24:f2:b6:8e:b4:a3:82:e8:95:8d mac-address=\
    B4:A3:82:E8:95:8D
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1,8.8.4.4 \
    gateway=192.168.88.1 netmask=24
/ip dns
set servers=192.168.88.1,8.8.8.8,62.112.106.130
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input dst-address-type=local src-address-type=local
add action=accept chain=input comment=\
    "allow winbox access from WAN interface" dst-port=8291 protocol=tcp
add action=accept chain=input comment="allow incoming L2TP connections" \
    disabled=yes port=1701,500,4500 protocol=tcp
add action=accept chain=input comment="Allow L2TP IPSEC ports" port=\
    1701,500,4500 protocol=udp
add action=accept chain=input comment="Allow IPSEC-esp ports" disabled=yes \
    protocol=ipsec-esp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=accept chain=forward comment="allow vpn to lan" disabled=yes \
    in-interface=!ether1 out-interface=bridge src-address=192.168.88.0/24
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new disabled=yes in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip firewall service-port
set sip disabled=yes
/ip route
add distance=1 gateway=yy.yy.yy.93
add distance=1 dst-address=192.168.77.0/24 gateway=vpn_DC
add distance=1 dst-address=192.168.112.0/24 gateway=192.168.88.201
/ip ssh
set forwarding-enabled=remote
/ip upnp interfaces
add interface=ether1 type=external
add interface=bridge type=internal
/ppp secret
add name=remote_sa profile=l2tp_profile service=l2tp
add name=remote_srv_1c profile=l2tp_profile remote-address=192.168.88.200 \
    service=l2tp
add name=remote_srv_branch43 profile=l2tp_profile remote-address=\
    192.168.88.201 service=l2tp
add name=remote_arilan profile=l2tp_profile service=l2tp
add name=remote_korolkov profile=l2tp_profile service=l2tp
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Moscow
/system identity
set name=KM-2-GW
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool romon
set enabled=yes
	# oct/07/2019 16:47:08 by RouterOS 6.45.6
	# software id = Y05Z-6GZW
	#
	# model = RBD52G-5HacD2HnD
	# serial number = B4A40A18B3AE
	/caps-man channel
	add band=2ghz-b/g/n name=channel_2.4_auto
	add band=5ghz-a/n/ac name=channel_5_auto
	add band=2ghz-b/g/n frequency=2462 name=channel_2.4_11
	add band=5ghz-a/n/ac frequency=5700 name=channel_5_140
	add band=2ghz-b/g/n frequency=2412 name=channel_2.4_1
	add band=2ghz-b/g/n frequency=2417 name=channel_2.4_2
	add band=2ghz-b/g/n frequency=2422 name=channel_2.4_3
	add band=2ghz-b/g/n frequency=2427 name=channel_2.4_4
	add band=2ghz-b/g/n frequency=2432 name=channel_2.4_5
	add band=2ghz-b/g/n frequency=2437 name=channel_2.4_6
	add band=2ghz-b/g/n frequency=2442 name=channel_2.4_7
	add band=2ghz-b/g/n frequency=2447 name=channel_2.4_8
	add band=2ghz-b/g/n frequency=2452 name=channel_2.4_9
	add band=2ghz-b/g/n frequency=2457 name=channel_2.4_10
	add band=2ghz-b/g/n frequency=2467 name=channel_2.4_12
	add band=5ghz-a/n/ac frequency=5180 name=channel_5_36
	add band=5ghz-a/n/ac frequency=5200 name=channel_5_40
	add band=5ghz-a/n/ac frequency=5220 name=channel_5_44
	add band=5ghz-a/n/ac frequency=5240 name=channel_5_48
	add band=5ghz-a/n/ac frequency=5260 name=channel_5_52
	add band=5ghz-a/n/ac frequency=5280 name=channel_5_56
	add band=5ghz-a/n/ac frequency=5300 name=channel_5_60
	add band=5ghz-a/n/ac frequency=5320 name=channel_5_64
	add band=5ghz-a/n/ac frequency=5500 name=channel_5_100
	add band=5ghz-a/n/ac frequency=5520 name=channel_5_104
	add band=5ghz-a/n/ac frequency=5540 name=channel_5_108
	add band=5ghz-a/n/ac frequency=5560 name=channel_5_112
	add band=5ghz-a/n/ac frequency=5580 name=channel_5_116
	add band=5ghz-a/n/ac frequency=5600 name=channel_5_120
	add band=5ghz-a/n/ac frequency=5620 name=channel_5_124
	add band=5ghz-a/n/ac frequency=5640 name=channel_5_128
	add band=5ghz-a/n/ac frequency=5660 name=channel_5_132
	add band=5ghz-a/n/ac frequency=5680 name=channel_5_136
	add band=5ghz-a/n/ac frequency=5700 name=channel_5_140
	add band=5ghz-a/n/ac frequency=5745 name=channel_5_149
	add band=5ghz-a/n/ac frequency=5765 name=channel_5_153
	add band=5ghz-a/n/ac frequency=5785 name=channel_5_157
	add band=5ghz-a/n/ac frequency=5805 name=channel_5_161
	add band=5ghz-a/n/ac frequency=5825 name=channel_5_165
	/interface bridge
	add admin-mac=74:4D:28:7E:90:5C arp=proxy-arp auto-mac=no comment=defconf \
	name=bridge
	/interface l2tp-client
	add allow=chap,mschap1,mschap2 connect-to=x.x.x.x disabled=no name=\
	vpn_DC use-ipsec=yes user=vpn_office
	/interface l2tp-server
	add name=remote_sa user=remote_sa
	add name=remote_srv_branch43 user=remote_srv_branch43
	/interface wireless
	# managed by CAPsMAN
	# channel: 2462/20-eC/gn(15dBm), SSID: Acme, local forwarding
	set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
	disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=Acme \
	wireless-protocol=802.11
	# managed by CAPsMAN
	# channel: 5805/20-eC/ac(20dBm), SSID: Acme, local forwarding
	set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
	20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto mode=\
	ap-bridge ssid=Acme wireless-protocol=802.11
	/caps-man datapath
	add arp=proxy-arp bridge=bridge client-to-client-forwarding=yes \
	local-forwarding=yes name=datapath1
	/caps-man security
	add authentication-types=wpa2-psk encryption=aes-ccm group-key-update=10m \
	name=security_Acme_wpa2_psk
	/caps-man configuration
	add channel=channel_2.4_11 channel.band=2ghz-b/g/n channel.tx-power=15 \
	country=russia3 datapath=datapath1 mode=ap multicast-helper=full name=\
	cfg_2.4_1 rx-chains=0,1,2,3 security=security_Acme_wpa2_psk ssid=Acme \
	tx-chains=0,1,2,3
	add channel=channel_5_161 channel.band=5ghz-n/ac channel.tx-power=20 country=\
	russia3 datapath=datapath1 mode=ap multicast-helper=full name=cfg_5_1 \
	rx-chains=0,1,2,3 security=security_Acme_wpa2_psk ssid=Acme tx-chains=\
	0,1,2,3
	/caps-man interface
	add configuration=cfg_5_1 disabled=no l2mtu=1600 mac-address=\
	74:4D:28:7E:90:D6 master-interface=none name=cap5-13-AP-1 radio-mac=\
	74:4D:28:7E:90:D6 radio-name=744D287E90D6
	add configuration=cfg_5_1 disabled=no l2mtu=1600 mac-address=\
	74:4D:28:7E:90:61 master-interface=none name=cap5-2-GW-1 radio-mac=\
	74:4D:28:7E:90:61 radio-name=744D287E9061
	add configuration=cfg_5_1 disabled=no l2mtu=1600 mac-address=\
	74:4D:28:7E:8E:E0 master-interface=none name=cap5-6-AP-1 radio-mac=\
	74:4D:28:7E:8E:E0 radio-name=744D287E8EE0
	add configuration=cfg_2.4_1 disabled=no l2mtu=1600 mac-address=\
	74:4D:28:7E:90:D5 master-interface=none name=cap24-13-AP-1 \
	radio-mac=74:4D:28:7E:90:D5 radio-name=744D287E90D5
	add configuration=cfg_2.4_1 disabled=no l2mtu=1600 mac-address=\
	74:4D:28:7E:90:60 master-interface=none name=cap24-2-GW-1 radio-mac=\
	74:4D:28:7E:90:60 radio-name=744D287E9060
	add configuration=cfg_2.4_1 disabled=no l2mtu=1600 mac-address=\
	74:4D:28:7E:8E:DF master-interface=none name=cap24-6-AP-1 radio-mac=\
	74:4D:28:7E:8E:DF radio-name=744D287E8EDF
	/interface list
	add comment=defconf name=WAN
	add comment=defconf name=LAN
	/interface wireless security-profiles
	set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
	supplicant-identity=MikroTik
	/ip hotspot profile
	set [ find default=yes ] html-directory=flash/hotspot
	/ip pool
	add name=dhcp ranges=192.168.88.10-192.168.88.150
	add name=vpn ranges=192.168.88.160-192.168.88.180
	add name=servers ranges=192.168.88.200-192.168.88.220
	/ip dhcp-server
	add address-pool=dhcp disabled=no interface=bridge lease-time=1h name=default
	/ppp profile
	add local-address=192.168.88.1 name=l2tp_profile remote-address=vpn \
	use-encryption=yes
	/caps-man access-list
	add action=accept allow-signal-out-of-range=10s disabled=no interface=all \
	mac-address=E4:18:6B:55:BF:E0 ssid-regexp=""
	add action=accept allow-signal-out-of-range=10s disabled=no interface=all \
	mac-address=E6:18:6B:54:BF:E2 ssid-regexp=""
	add action=accept disabled=no interface=all signal-range=-79..120 \
	ssid-regexp=""
	add action=reject allow-signal-out-of-range=10s disabled=no interface=all \
	signal-range=-120..-80 ssid-regexp=""
	/caps-man manager
	set enabled=yes
	/caps-man manager interface
	add disabled=no interface=bridge
	add disabled=no forbid=yes interface=ether1
	/caps-man provisioning
	add action=create-enabled hw-supported-modes=b,gn master-configuration=\
	cfg_2.4_1 name-format=prefix-identity name-prefix=cap24
	add action=create-enabled hw-supported-modes=an,ac master-configuration=\
	cfg_5_1 name-format=prefix-identity name-prefix=cap5
	/interface bridge port
	add bridge=bridge comment=defconf interface=ether3
	add bridge=bridge comment=defconf interface=ether4
	add bridge=bridge comment=defconf interface=ether5
	add bridge=bridge comment=defconf interface=wlan1
	add bridge=bridge comment=defconf interface=wlan2
	add bridge=bridge interface=ether2
	/ip neighbor discovery-settings
	set discover-interface-list=LAN
	/interface detect-internet
	set detect-interface-list=all
	/interface l2tp-server server
	set authentication=mschap2 default-profile=l2tp_profile enabled=yes \
	use-ipsec=yes
	/interface list member
	add comment=defconf interface=bridge list=LAN
	add comment=defconf interface=ether1 list=WAN
	add interface=ether2 list=LAN
	/interface wireless cap
	#
	set bridge=bridge caps-man-addresses=127.0.0.1 enabled=yes interfaces=\
	wlan1,wlan2
	/ip address
	add address=192.168.88.1/8 comment=defconf interface=ether2 network=192.0.0.0
	add address=yy.yy.yy.94/30 interface=ether1 network=yy.yy.yy.92
	/ip dhcp-client
	add comment=defconf dhcp-options=hostname,clientid interface=ether1
	/ip dhcp-server lease
	add address=192.168.88.113 client-id=1:f0:23:b9:47:4e:67 mac-address=\
	F0:23:B9:47:4E:67
	add address=192.168.88.112 client-id=1:f0:23:b9:47:4d:e1 mac-address=\
	F0:23:B9:47:4D:E1
	add address=192.168.88.111 client-id=1:f0:23:b9:46:1e:13 mac-address=\
	F0:23:B9:46:1E:13
	add address=192.168.88.110 client-id=1:f0:23:b9:46:1e:10 mac-address=\
	F0:23:B9:46:1E:10
	add address=192.168.88.108 client-id=1:f0:23:b9:46:1e:11 mac-address=\
	F0:23:B9:46:1E:11
	add address=192.168.88.107 client-id=1:f0:23:b9:46:1e:17 mac-address=\
	F0:23:B9:46:1E:17
	add address=192.168.88.106 client-id=1:f0:23:b9:47:4d:c8 mac-address=\
	F0:23:B9:47:4D:C8
	add address=192.168.88.105 client-id=1:f0:23:b9:47:4d:cb mac-address=\
	F0:23:B9:47:4D:CB
	add address=192.168.88.104 client-id=1:f0:23:b9:47:4d:bc mac-address=\
	F0:23:B9:47:4D:BC
	add address=192.168.88.103 client-id=1:f0:23:b9:46:1e:e mac-address=\
	F0:23:B9:46:1E:0E
	add address=192.168.88.102 client-id=1:f0:23:b9:47:4d:b9 mac-address=\
	F0:23:B9:47:4D:B9
	add address=192.168.88.101 client-id=1:f0:23:b9:46:1e:12 mac-address=\
	F0:23:B9:46:1E:12
	add address=192.168.88.133 client-id=1:50:3e:aa:22:a9:fe mac-address=\
	50:3E:AA:22:A9:FE
	add address=192.168.88.141 client-id=1:50:3e:aa:e8:da:4b mac-address=\
	50:3E:AA:E8:DA:4B
	add address=192.168.88.100 client-id=\
	ff:82:e8:95:8d:0:1:0:1:24:f2:b6:8e:b4:a3:82:e8:95:8d mac-address=\
	B4:A3:82:E8:95:8D
	/ip dhcp-server network
	add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1,8.8.4.4 \
	gateway=192.168.88.1 netmask=24
	/ip dns
	set servers=192.168.88.1,8.8.8.8,62.112.106.130
	/ip dns static
	add address=192.168.88.1 name=router.lan
	/ip firewall filter
	add action=accept chain=input comment=\
	"defconf: accept established,related,untracked" connection-state=\
	established,related,untracked
	add action=drop chain=input comment="defconf: drop invalid" connection-state=\
	invalid
	add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
	add action=accept chain=input dst-address-type=local src-address-type=local
	add action=accept chain=input comment=\
	"allow winbox access from WAN interface" dst-port=8291 protocol=tcp
	add action=accept chain=input comment="allow incoming L2TP connections" \
	disabled=yes port=1701,500,4500 protocol=tcp
	add action=accept chain=input comment="Allow L2TP IPSEC ports" port=\
	1701,500,4500 protocol=udp
	add action=accept chain=input comment="Allow IPSEC-esp ports" disabled=yes \
	protocol=ipsec-esp
	add action=drop chain=input comment="defconf: drop all not coming from LAN" \
	in-interface-list=!LAN
	add action=accept chain=forward comment="defconf: accept in ipsec policy" \
	disabled=yes ipsec-policy=in,ipsec
	add action=accept chain=forward comment="defconf: accept out ipsec policy" \
	disabled=yes ipsec-policy=out,ipsec
	add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
	connection-state=established,related
	add action=accept chain=forward comment=\
	"defconf: accept established,related, untracked" connection-state=\
	established,related,untracked
	add action=accept chain=forward comment="allow vpn to lan" disabled=yes \
	in-interface=!ether1 out-interface=bridge src-address=192.168.88.0/24
	add action=drop chain=forward comment="defconf: drop invalid" \
	connection-state=invalid
	add action=drop chain=forward comment=\
	"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
	connection-state=new disabled=yes in-interface-list=WAN
	/ip firewall nat
	add action=masquerade chain=srcnat comment="defconf: masquerade" \
	ipsec-policy=out,none out-interface-list=WAN
	/ip firewall service-port
	set sip disabled=yes
	/ip route
	add distance=1 gateway=yy.yy.yy.93
	add distance=1 dst-address=192.168.77.0/24 gateway=vpn_DC
	add distance=1 dst-address=192.168.112.0/24 gateway=192.168.88.201
	/ip ssh
	set forwarding-enabled=remote
	/ip upnp interfaces
	add interface=ether1 type=external
	add interface=bridge type=internal
	/ppp secret
	add name=remote_sa profile=l2tp_profile service=l2tp
	add name=remote_srv_1c profile=l2tp_profile remote-address=192.168.88.200 \
	service=l2tp
	add name=remote_srv_branch43 profile=l2tp_profile remote-address=\
	192.168.88.201 service=l2tp
	add name=remote_arilan profile=l2tp_profile service=l2tp
	add name=remote_korolkov profile=l2tp_profile service=l2tp
	/system clock
	set time-zone-autodetect=no time-zone-name=Europe/Moscow
	/system identity
	set name=KM-2-GW
	/tool mac-server
	set allowed-interface-list=LAN
	/tool mac-server mac-winbox
	set allowed-interface-list=LAN
	/tool romon
	set enabled=yes