Skip to content

Instantly share code, notes, and snippets.

@Rockheung

Rockheung/MikroTik initializing script.md

Last active May 18, 2021 07:31
Show Gist options
  • Save Rockheung/0f682d13bbcf7a8f6a8e25252b508de8 to your computer and use it in GitHub Desktop.
Save Rockheung/0f682d13bbcf7a8f6a8e25252b508de8 to your computer and use it in GitHub Desktop.
Download ZIP
미크로틱 설정 스크립트 | MikroTik setting script
Raw
MikroTik initializing script.md

For RouterOS v6.42.4 (stable) in RB2011iL

UPNP

ip upnp interfaces add interface=bridge type=internal disabled=no
ip upnp interfaces add interface=ether1 disabled=no type=external
ip upnp set enabled=yes allow-disable-external-interface=yes show-dummy-rule=yes

SET STATIC IP by MAC

ip dhcp-server lease make-static numbers=[find mac-address=00:11:32:2C:B6:79]
ip dhcp-server lease set address=192.168.88.2 numbers=[find mac-address=00:11:32:2C:B6:79]

User change

user add copy-from=admin name=user password=********
user disable admin

VPN L2TP

ip pool add name=vpn-pool ranges=192.168.99.1-192.168.99.255
ip firewall filter add action=accept chain=input dst-port=500,1701,4500 protocol=udp place-before=2
ppp profile add name=encryption local-address=192.168.99.1 remote-address=vpn-pool change-tcp-mss=yes use-encryption=yes
ppp secret add name=vpnuser password=******** profile=encryption disabled=no service=l2tp
interface l2tp-server server set enabled=yes max-mtu=1450 max-mru=1450 keepalive-timeout=30 default-profile=encryption authentication=mschap2,mschap1,chap,pap use-ipsec=yes ipsec-secret=******** caller-id-type=ip-address

Firmware update: Carefull!

system package update check-for-updates
system package update download
system package update install
system routerboard upgrade
TYPE y
system reboot
TYPE y

For CHR

Disable ping

ip firewall filter add chain=input protocol=icmp action=drop log=yes log-prefix="PING DROPED"

Masquerade

ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

Lisence

system license renew account=EMAIL password=PASSWORD level=p-unlimited

Disable unused service

ip service disable api,api-ssl,ftp,telnet,winbox

Update Mac for change ether1 ip

:local r
:local tonum do={
	:local in ($1->0)
	:local j
	:for i from=0 to=([:len $in]-1) do={
		:local t
		:set t [:pick $in $i]
		:if ($t!=" ") do={:set $j "$j$t"}
	}
	:set j ([:tonum $j])
	:return $j
}

:local hex 0123456789abcdef
:local mac "";

:set r [/interface ethernet get ether1 rx-bytes]
:set r [$tonum $r]
:local i1 ($r/16)
:set i1 ($i1-($i1/16)*16)
:local i2 ($r-($r/16)*16)
:set r [/interface ethernet get ether1 rx-64]
:set r [$tonum $r]
:local i3 ($r/16)
:set i3 ($i3-($i3/16)*16)
:local i4 ($r-($r/16)*16)
:set r [/interface ethernet get ether1 rx-65-127]
:set r [$tonum $r]
:local i5 ($r/16)
:set i5 ($i5-($i5/16)*16)
:local i6 ($r-($r/16)*16)
:set r [/interface ethernet get ether1 tx-bytes]
:set r [$tonum $r]
:local i7 ($r/16)
:set i7 ($i7-($i7/16)*16)
:local i8 ($r-($r/16)*16)
:set r [/interface ethernet get ether1 tx-64]
:set r [$tonum $r]
:local i9 ($r/16)
:set i9 ($i9-($i9/16)*16)
:local i10 ($r-($r/16)*16)
:set r [/interface ethernet get ether1 tx-65-127]
:set r [$tonum $r]
:local i11 ($r/16)
:set i11 ($i11-($i11/16)*16)
:local i12 ($r-($r/16)*16)

:set mac ([:tostr [:pick $hex $i1]].[:tostr [:pick $hex $i2]].[:tostr [:pick $hex $i3]].[:tostr [:pick $hex $i4]].[:tostr [:pick $hex $i5]].[:tostr [:pick $hex $i6]].[:tostr [:pick $hex $i7]].[:tostr [:pick $hex $i8]].[:tostr [:pick $hex $i9]].[:tostr [:pick $hex $i10]].[:tostr [:pick $hex $i11]].[:tostr [:pick $hex $i12]]);
:log warning "New MAC $mac"
/interface ethernet set ether1 mac-address=$mac;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment