[admin@MikroTik] > export
# mar/21/2014 23:08:30 by RouterOS 6.10
# software id = NHT6-PNSJ
#
/interface bridge
add l2mtu=1598 name=bridge2
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country="united states" \
disabled=no l2mtu=2290 mode=ap-bridge ssid=RainBoyWiFi wireless-protocol=\
802.11
/interface pptp-server
add disabled=yes name=pptp-in1 user=Alex
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-ciphers=\
tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm \
wpa-pre-shared-key= wpa2-pre-shared-key=
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des,aes-128-cbc pfs-group=none
/ip pool
add name=dhcp ranges=192.168.70.100-192.168.70.250
add name="vpn pool" ranges=192.168.80.2-192.168.80.220
/ip dhcp-server
add address-pool=dhcp disabled=no lease-time=10m name=default
add address-pool=dhcp disabled=no interface=ether2 name=dhcp1
add address-pool=dhcp disabled=no interface=bridge2 name=dhcp2
/port
set 0 name=serial0
/ppp profile
set 0 bridge=bridge2 dns-server=8.8.8.8 local-address=192.168.80.1 \
remote-address="vpn pool" wins-server=8.8.4.4
set 1 bridge=bridge2 dns-server=8.8.8.8,8.8.4.4 local-address=192.168.80.1 \
remote-address="vpn pool" use-compression=yes use-encryption=required \
use-mpls=yes use-vj-compression=yes
/interface bridge port
add bridge=bridge2 interface=ether2
add bridge=bridge2 interface=ether3
add bridge=bridge2 interface=ether4
add bridge=bridge2 interface=ether5
add bridge=bridge2 interface=ether6
add bridge=bridge2 interface=ether7
add bridge=bridge2 interface=ether8
add bridge=bridge2 interface=ether9
add bridge=bridge2 interface=ether10
add bridge=bridge2 interface=wlan1
add bridge=bridge2 interface=sfp1
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes \
use-ip-firewall-for-vlan=yes
/interface l2tp-server server
set enabled=yes
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.70.10/24 interface=ether2 network=192.168.70.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.60.0/24 gateway=192.168.60.20 netmask=24
add address=192.168.70.0/24 gateway=192.168.70.10 netmask=24
/ip dns
set servers=65.32.5.111,65.32.5.75,65.32.5.112,65.32.5.11
/ip firewall filter
add chain=input disabled=yes
add chain=input protocol=icmp
add chain=input dst-port=1723 protocol=tcp
add chain=input protocol=gre
add chain=input connection-state=established
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.60.20 dst-port=1723 \
protocol=tcp to-addresses=192.168.80.1 to-ports=1723
add action=dst-nat chain=dstnat dst-address=192.168.60.20 protocol=gre \
to-addresses=192.168.80.1
add action=src-nat chain=srcnat dst-address=192.168.80.1 dst-port=1723 \
protocol=tcp to-addresses=192.168.70.10 to-ports=0-65535
add action=src-nat chain=srcnat dst-address=192.168.80.1 protocol=gre \
to-addresses=192.168.70.10
add action=masquerade chain=srcnat out-interface=ether1 to-addresses=0.0.0.0
/ip ipsec peer
add enc-algorithm=3des exchange-mode=main-l2tp generate-policy=port-override \
nat-traversal=yes secret=
/ip proxy
set cache-administrator="" cache-on-disk=yes enabled=yes max-cache-size=none \
max-client-connections=1000 max-server-connections=1000 parent-proxy=\
0.0.0.0 serialize-connections=yes
/ip route
add disabled=yes distance=1 gateway=173.170.64.1
add distance=1 dst-address=192.168.1.0/24 gateway="(unknown)"
/ip service
set ftp disabled=yes
/ip upnp
set allow-disable-external-interface=no enabled=yes
/lcd interface
set sfp1 interface=sfp1
set ether1 interface=ether1
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
set ether9 interface=ether9
set ether10 interface=ether10
set wlan1 interface=wlan1
/ppp secret
add name=Alex password= service=pptp
add name=OpenVPN
/system clock
set time-zone-name=America/New_York
/system ntp client
set enabled=yes mode=unicast primary-ntp=66.187.233.4 secondary-ntp=\
213.249.66.35
/system scheduler
add interval=1m name=dynDNS on-event="/system script run dynDNS" policy=\
reboot,read,write,policy,test,password,sniff,sensitive start-time=startup
/system script
add name=dynDNS policy=reboot,read,write,policy,test,password,sniff,sensitive \
source="#:global theinterface \"ether1-gateway\"\
\n# Set needed variables\
\n:local username \"RainBoy\"\
\n:local password \"\"\
\n:local hostname \"\"\
\n\
\n:global dyndnsForce\
\n:global previousIP\
\n\
\n# print some debug info \
\n:log info (\"UpdateDynDNS: username = \$username\")\
\n:log info (\"UpdateDynDNS: hostname = \$hostname\")\
\n:log info (\"UpdateDynDNS: previousIP = \$previousIP\")\
\n\
\n# get the current IP address from the internet (in case of double-nat)\
\n/tool fetch mode=http address=\"checkip.dyndns.org\" src-path=\"/\" dst-\
path=\"/dyndns.checkip.html\"\
\n:local result [/file get dyndns.checkip.html contents]\
\n\
\n# parse the current IP result\
\n:local resultLen [:len \$result]\
\n:local startLoc [:find \$result \": \" -1]\
\n:set startLoc (\$startLoc + 2)\
\n:local endLoc [:find \$result \"</body>\" -1]\
\n:local currentIP [:pick \$result \$startLoc \$endLoc]\
\n:log info \"UpdateDynDNS: currentIP = \$currentIP\"\
\n\
\n# Remove the # on next line to force an update every single time - usefu\
l for debugging, but you could end up getting blacklisted by DynDNS!\
\n#:set dyndnsForce true\
\n\
\n# Determine if dyndns update is needed\
\n# more dyndns updater request details available at http://www.dyndns.com\
/developers/specs/syntax.html\
\n:if ((\$currentIP != \$previousIP) || (\$dyndnsForce = true)) do={\
\n :set dyndnsForce false\
\n :set previousIP \$currentIP\
\n /tool fetch user=\$username password=\$password mode=http address=\"\
members.dyndns.org\" src-path=\"/nic/update\?hostname=\$hostname&myip=\$cu\
rrentIP\" dst-path=\"/dyndns.txt\"\
\n :local result [/file get dyndns.txt contents]\
\n :log info (\"UpdateDynDNS: Dyndns update needed\")\
\n :log info (\"UpdateDynDNS: Dyndns Update Result: \".\$result)\
\n :put (\"Dyndns Update Result: \".\$result)\
\n} else={\
\n :log info (\"UpdateDynDNS: No dyndns update needed\")\
\n}"
[admin@MikroTik] >
Я также не могу достучаться до устройств в сети дома при работе через VPN
Маршрут прописал в системе как route add 192.168.70.10 mask 255.255.255.0 192.168.80.1