Created
September 4, 2020 21:28
-
-
Save remro/3fec71506d441161ae00ff2dba8e8b84 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# sep/05/2020 00:16:29 by RouterOS 6.46.1 | |
# software id = 2QQ1-BLLV | |
# | |
# model = RouterBOARD 941-2nD | |
# serial number = 7DE308EE8C29 | |
/interface bridge | |
add admin-mac=CC:2D:E0:02:49:A8 auto-mac=no comment=defconf name=bridge | |
/interface pwr-line | |
set [ find default-name=pwr-line1 ] disabled=yes | |
/ip pool | |
add name=default-dhcp ranges=192.168.88.10-192.168.88.254 | |
/ip dhcp-server | |
add address-pool=default-dhcp interface=bridge name=defconf | |
/ppp profile | |
add change-tcp-mss=yes name=OVPN-client only-one=yes use-compression=no \ | |
use-encryption=yes use-mpls=no use-upnp=no | |
/interface ovpn-client | |
add certificate=RemoteOffice.ovpn_1 cipher=aes128 connect-to=123.123.123.123 \ | |
mac-address=FE:AE:C3:DD:D7:23 name=myvpn port=61302 profile=OVPN-client \ | |
user=RemoteOffice verify-server-certificate=yes | |
/interface bridge port | |
add bridge=bridge comment=defconf interface=ether2 | |
add bridge=bridge comment=defconf interface=ether3 | |
add bridge=bridge comment=defconf interface=ether4 | |
add bridge=bridge comment=defconf interface=pwr-line1 | |
add bridge=bridge comment=defconf interface=wlan1 | |
/ip address | |
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\ | |
192.168.88.0 | |
/ip dhcp-client | |
add comment=defconf disabled=no interface=ether1 | |
/ip dhcp-server network | |
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 netmask=24 | |
/ip dns | |
set allow-remote-requests=yes servers=8.8.8.8 | |
/ip dns static | |
add address=192.168.88.1 comment=defconf name=router.lan | |
/ip firewall filter | |
add action=accept chain=forward comment="accept all" | |
add action=accept chain=forward comment="defconf: accept in ipsec policy" \ | |
ipsec-policy=in,ipsec | |
add action=accept chain=forward comment="defconf: accept out ipsec policy" \ | |
ipsec-policy=out,ipsec | |
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ | |
connection-state=established,related | |
add action=accept chain=forward comment=\ | |
"defconf: accept established,related, untracked" connection-state=\ | |
established,related,untracked | |
add action=drop chain=forward comment="defconf: drop invalid" \ | |
connection-state=invalid disabled=yes | |
add action=drop chain=forward comment=\ | |
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ | |
connection-state=new disabled=yes in-interface-list=WAN | |
/ip firewall nat | |
add action=masquerade chain=srcnat comment="defconf: masquerade" \ | |
ipsec-policy=out,none out-interface=ether1 | |
add action=netmap chain=srcnat out-interface=myvpn src-address=\ | |
192.168.88.0/24 to-addresses=172.16.1.0/24 | |
add action=netmap chain=dstnat dst-address=172.16.1.0/24 in-interface=myvpn \ | |
to-addresses=192.168.88.0/24 | |
/ip route | |
add distance=1 dst-address=172.16.1.0/24 gateway=172.16.0.1 | |
/ip upnp | |
set enabled=yes | |
/ip upnp interfaces | |
add interface=bridge type=internal | |
add interface=ether1 type=external |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment