Jump to content
Калькуляторы

savingleb

Новичок
  • Content Count

    3
  • Joined

  • Last visited

About savingleb

  • Rank
    Абитуриент

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Здравствуйте, настроена приоритезация SIP трафика, как правильно добавить еще RDP туда? Пробовал по-разному, трафик маркеруется, но в queue tree трафик по нулям. Спасибо /queue tree add max-limit=80M name=web_in packet-mark=web_in parent=in priority=5 queue=\ pcq-download-default add max-limit=80M name=web_out packet-mark=web_out parent=out priority=5 \ queue=pcq-upload-default add max-limit=50M name=vpn_in packet-mark=pptp_in,gre_in parent=in priority=3 \ queue=pcq-download-default add max-limit=50M name=vpn_out packet-mark=pptp_out,gre_out parent=out \ priority=3 queue=pcq-upload-default add max-limit=12M name=sip_in packet-mark=sip_in parent=in priority=1 queue=\ sip add max-limit=12M name=sip_out packet-mark=sip_out parent=out priority=1 \ queue=sip add max-limit=90M name=all_in packet-mark=all_in parent=in queue=\ pcq-download-default add max-limit=95M name=all_out packet-mark=all_out parent=out queue=\ pcq-upload-default add max-limit=50M name=vpn_web_in packet-mark=vpn_web_in parent=vpn_in \ priority=5 queue=pcq-download-default add max-limit=50M name=vpn_web_out packet-mark=vpn_web_out parent=vpn_out \ priority=5 queue=pcq-upload-default add max-limit=2M name=vpn_sip_in packet-mark=vpn_sip_in parent=vpn_in \ priority=1 queue=sip add max-limit=2M name=vpn_sip_out packet-mark=vpn_sip_out parent=vpn_out \ priority=1 queue=sip add max-limit=20M name=vpn_all_in packet-mark=vpn_all_in parent=vpn_in queue=\ pcq-download-default add max-limit=20M name=vpn_all_out packet-mark=vpn_all_out parent=vpn_out \ queue=pcq-upload-default + /ip firewall mangle add action=mark-connection chain=input comment=PPTP dst-port=1723 \ new-connection-mark=pptp_in passthrough=no protocol=tcp add action=mark-packet chain=prerouting connection-mark=pptp_in \ new-packet-mark=pptp_out passthrough=no add action=mark-connection chain=output new-connection-mark=pptp_out \ passthrough=no protocol=tcp src-port=1723 add action=mark-packet chain=postrouting connection-mark=pptp_out \ new-packet-mark=pptp_in passthrough=no add action=mark-connection chain=input comment=GRE new-connection-mark=gre_in \ passthrough=no protocol=gre add action=mark-packet chain=prerouting connection-mark=gre_in \ new-packet-mark=gre_out passthrough=no add action=mark-connection chain=output new-connection-mark=gre_out \ passthrough=no protocol=gre add action=mark-packet chain=postrouting connection-mark=gre_out \ new-packet-mark=gre_in passthrough=no add action=mark-packet chain=forward connection-mark=sip new-packet-mark=\ sip_out out-interface=ether6 passthrough=no add action=mark-packet chain=forward connection-mark=sip new-packet-mark=\ sip_out out-interface=ether5 passthrough=no add action=mark-connection chain=prerouting comment=Web dst-port=80,443,8080 \ new-connection-mark=web passthrough=no protocol=tcp add action=mark-packet chain=forward connection-mark=web new-packet-mark=\ vpn_web_in out-interface=all-ppp passthrough=no add action=mark-packet chain=forward connection-mark=web in-interface=all-ppp \ new-packet-mark=vpn_web_out passthrough=no add action=mark-packet chain=forward connection-mark=web in-interface=ether6 \ new-packet-mark=web_in passthrough=no add action=mark-packet chain=forward connection-mark=web in-interface=ether5 \ new-packet-mark=web_in passthrough=no add action=mark-packet chain=forward connection-mark=web new-packet-mark=\ web_out out-interface=ether6 passthrough=no add action=mark-packet chain=forward connection-mark=web new-packet-mark=\ web_out out-interface=ether5 passthrough=no add action=mark-connection chain=prerouting comment=SIP dst-port=\ 5060,5061,10000-20000 new-connection-mark=sip passthrough=no protocol=udp add action=mark-packet chain=forward connection-mark=sip new-packet-mark=\ vpn_sip_in out-interface=all-ppp passthrough=no add action=mark-packet chain=forward in-interface=ether6 new-packet-mark=\ all_in passthrough=yes add action=mark-packet chain=forward in-interface=ether5 new-packet-mark=\ all_in passthrough=yes add action=mark-packet chain=forward connection-mark=sip in-interface=all-ppp \ new-packet-mark=vpn_sip_out passthrough=no add action=mark-packet chain=forward connection-mark=sip in-interface=ether6 \ new-packet-mark=sip_in passthrough=no add action=mark-packet chain=forward connection-mark=sip in-interface=ether5 \ new-packet-mark=sip_in passthrough=no add action=mark-packet chain=forward comment=ALL new-packet-mark=vpn_all_in \ out-interface=all-ppp passthrough=no add action=mark-packet chain=forward in-interface=all-ppp new-packet-mark=\ vpn_all_out passthrough=no add action=mark-packet chain=forward new-packet-mark=all_out out-interface=\ ether6 passthrough=yes add action=mark-packet chain=forward new-packet-mark=all_out out-interface=\ ether5 passthrough=yes
  2. Это виртуальная машина с микротом (извините что забыл указать в стартпосте), там можно оставить один, можно два IP адреса, на том же аккаунте будут терминал и астериск, там своя AS так что можно считать что интернет там изначально отказоустойчивый. Во всех 5 филиалах есть два провайдера с публичным IP. В филиалах так и настроено, но есть провайдеры, которые мигают, т.е. инет пропадает, он переключается на резервный, потом инет появляется и обратно и так может длиться несколько минут, десяток минут, это недопустимо. Если я Вас правильно понял.
  3. Здравствуйте, есть задача сделать резервирование канала, что бы если падает один канал, впн подолжал работать и удаленные сервисы были доступны. нашел статью https://papa-admin.ru/mikrotik/129-mikrotik-настройка-офис-филиал-часть-2-филиал.html все сделал по инструкции (10 раз :)) работать как нужно не хочет, впн постоянно отваливается, обратно с резервного канала толком не переключается, где то в статье косяк или у меня кривые руки? как их лечить? :) Спасибо. скрин настроек Главный офис # dec/04/2018 14:33:29 by RouterOS 6.43.4 # software id = # # # /interface ethernet set [ find default-name=ether1 ] disable-running-check=no set [ find default-name=ether2 ] disable-running-check=no /interface l2tp-server add name=l2tp-in01 user=l2tp-01 /interface sstp-server add name=sstp-in01 user=sstp-01 /interface pptp-server add name=pptp-in01 user="" /interface list add name=WAN add name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=pool-l2tp ranges=10.1.1.2-10.1.1.99 add name=pool-sstp ranges=10.1.2.2-10.1.2.99 /ppp profile add change-tcp-mss=yes interface-list=WAN local-address=10.1.1.1 name=\ profile-l2tp remote-address=pool-l2tp use-encryption=yes add change-tcp-mss=yes interface-list=WAN local-address=10.1.2.1 name=\ profile-sstp remote-address=pool-sstp use-encryption=yes /routing ospf instance set [ find default=yes ] router-id=10.20.30.1 /interface l2tp-server server set authentication=mschap2 default-profile=profile-l2tp enabled=yes /interface list member add interface=ether1 list=WAN add interface=ether2 list=LAN /interface pptp-server server set enabled=yes /interface sstp-server server set authentication=mschap2 default-profile=profile-sstp enabled=yes /ip address add address=10.20.30.1/24 interface=ether2 network=10.20.30.0 add address=5.188.53.68/24 interface=ether1 network=5.188.53.0 add address=5.188.53.71/24 interface=ether1 network=5.188.53.0 /ip firewall filter add action=accept chain=forward add action=accept chain=input disabled=yes dst-address=5.188.53.68 add action=accept chain=forward disabled=yes add action=accept chain=input comment=icmp disabled=yes protocol=icmp add action=accept chain=input comment="established & related" \ connection-state=established,related add action=accept chain=input comment=l2tp dst-port=1701 in-interface=ether1 \ protocol=udp add action=accept chain=input comment=sstp dst-port=443 in-interface=ether1 \ protocol=tcp add action=accept chain=input comment=ospf disabled=yes in-interface=all-ppp \ protocol=ospf add action=accept chain=input comment=bfd disabled=yes dst-port=3784-3785 \ in-interface=all-ppp protocol=udp add action=accept chain=input dst-address=5.188.53.70 /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 src-address=\ 10.20.30.0/24 /ip route add distance=1 gateway=5.188.53.1 pref-src=5.188.53.68 /ip service set telnet disabled=yes set ftp disabled=yes set www address=0.0.0.0/0 set ssh disabled=yes set api disabled=yes set api-ssl disabled=yes /ppp secret add name=l2tp-01 password=111111111111 profile=profile-l2tp service=l2tp add name=sstp-01 password=11111111111 profile=profile-sstp service=sstp add name=pptp-01 password=11111111111 profile=profile-sstp service=pptp /routing ospf interface add interface=l2tp-in01 network-type=broadcast use-bfd=yes add cost=20 interface=sstp-in01 network-type=broadcast /routing ospf network add area=backbone network=10.1.1.0/24 add area=backbone network=10.1.2.0/24 add area=backbone network=10.20.30.0/24 /system identity set name=Office Филиал # jan/02/1970 02:07:30 by RouterOS 6.43.4 # software id = IQGD-KKFF # # model = 951Ui-2nD # serial number = 7C2607BF88E5 /interface bridge add fast-forward=no name=bridge1 /interface l2tp-client add connect-to=5.188.53.68 disabled=no name=l2tp-out1 password=11111111 user=\ l2tp-01 /interface wireless set [ find default-name=wlan1 ] ssid=MikroTik /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp_pool0 ranges=192.168.55.1-192.168.55.253 /ip dhcp-server add address-pool=dhcp_pool0 disabled=no interface=bridge1 name=dhcp1 /interface sstp-client add connect-to=5.188.53.71 disabled=no name=sstp-out1 password=11111111111 \ profile=default-encryption user=sstp-01 /routing ospf instance set [ find default=yes ] router-id=192.168.55.0 /interface bridge port add bridge=bridge1 interface=wlan1 add bridge=bridge1 interface=ether3 add bridge=bridge1 interface=ether4 add bridge=bridge1 interface=ether5 /ip address add address=192.168.0.14/24 interface=ether1 network=192.168.0.0 add address=83.171.98.88/23 interface=ether2 network=83.171.98.0 add address=192.168.55.254/24 interface=bridge1 network=192.168.55.0 /ip dhcp-server network add address=192.168.55.0/24 dns-server=8.8.8.8 gateway=192.168.55.254 /ip firewall mangle add action=mark-connection chain=output comment=l2tp_c_udp dst-port=1701 \ new-connection-mark=l2tp_c passthrough=yes protocol=udp add action=mark-routing chain=output comment=l2tp_r connection-mark=l2tp_c \ new-routing-mark=isp1only passthrough=no add action=mark-connection chain=output comment=sstp_c dst-port=443 \ new-connection-mark=sstp_c passthrough=yes protocol=tcp add action=mark-routing chain=output comment=sstp_r connection-mark=sstp_c \ new-routing-mark=isp2only passthrough=no /ip firewall nat add action=masquerade chain=srcnat /ip route add comment=MArked distance=1 gateway=192.168.0.129 routing-mark=isp1only add comment=zaglushka distance=2 routing-mark=isp1only type=unreachable add distance=1 gateway=83.171.98.1 routing-mark=isp2only add distance=2 routing-mark=isp2only type=unreachable add check-gateway=ping comment=Recursive distance=1 gateway=8.8.8.8 \ target-scope=30 add check-gateway=ping distance=2 gateway=8.8.4.4 target-scope=30 add comment="Recursive 2" distance=1 dst-address=8.8.4.4/32 gateway=\ 83.171.98.1 add distance=1 dst-address=8.8.8.8/32 gateway=192.168.0.129 /routing ospf interface add interface=l2tp-out1 network-type=broadcast use-bfd=yes add cost=20 interface=sstp-out1 network-type=broadcast add cost=5 interface=bridge1 network-type=broadcast /routing ospf network add area=backbone network=10.1.1.0/24 add area=backbone network=10.1.2.0/24 add area=backbone network=192.168.55.0/24 /system routerboard settings set silent-boot=no