Перейти к содержимому
Калькуляторы

проблема с созданием pptp между двумя устройствами Mikrotik

Ответить

aspidz   

aspidz
Опубликовано · Жалоба

Проблему периодически, безрезультатно, пытаюсь решить уже года полтора-два. В связи с покупкой очередного устройства mikrotik вновь с ней вернулся, проблема в следующем.

Есть основное устройство mikrotik RB2011UiAS V6.30.4, 10.10.10.1, на устройстве по инструкции http://asp24.com.ua/blog/nastrojka-pptp-server-mikrotik/#prettyPhoto

поднят pptp сервер, сервер поднят уже года 4 назад и без проблем работает с pptp клиентами подключающимися с виндовых и убунтовых машинок .

Вчера приобрёл точку доступа MikroTik wAPG-5HacT2HnD, v 6.35.4, подключена к провайдеру отличному от основного роутера, создаю на ней pptp клиент настроенный на сервер основного устройства. по этой инструкции http://zhutov.ru/post/15/

, точка доступа автоматически получает IP (10.10.10.68) из сети основного устройства, на основном устройстве приходит в рабочее состояние интерфейс этого pptp сервера, с точки доступа пингуется основной роутер RB2011UiAS и все машины основной сети, но при этом на машинах подлючённых к точке доступа нет интернета и машины основной сети не пингуются. Все инструкции по настройке сервера и клиента pptp на Mikrotik однотипные, за рамки выше указанных инструкций не выходят. Подскажите пожалуйста, что ещё, кроме поднятия сервера и клиента, нужно сделать, что бы обе сети видели друг друга?

Поделиться сообщением

Ссылка на сообщение
Поделиться на других сайтах

DeLL   

DeLL
Опубликовано · Жалоба

Все банально - настройка маршрутов, сударь. На обоих устройствах прописать маршрут в сеть соседа

Поделиться сообщением

Ссылка на сообщение
Поделиться на других сайтах

DeLL   

DeLL
Опубликовано · Жалоба

Во-первых, надо обновить ROS до последней версии, а во-вторых export compact с обоих устройств и сюда под спойлер

Поделиться сообщением

Ссылка на сообщение
Поделиться на других сайтах

aspidz   

aspidz
Опубликовано · Жалоба

MikroTik 2011UiAS-RM pptp сервер

 

 

 

 

 

 

 

 

 

 

 

 

 

MMMM MMMM KKK TTTTTTTTTTT KKK

MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK

MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK

MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK

MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK

 

MikroTik RouterOS 6.39.2 © 1999-2017 http://www.mikrotik.com/

 

[?] Gives the list of available commands

command [?] Gives help on the command and list of arguments

 

[Tab] Completes the command/word. If the input is ambiguous,

a second [Tab] gives possible options

 

/ Move up to base level

.. Move up one level

/command Use command at the base level

 

[aspid@MikroTik] > export compact

# jul/23/2016 04:29:05 by RouterOS 6.39.2

# software id = K4DF-KAJT

#

/interface bridge

add fast-forward=no name=bridge1-lan

/interface ethernet

set [ find default-name=ether1 ] arp=proxy-arp mac-address=20:CF:30:CE:25:F4 \

name=ether1-wan

set [ find default-name=ether5 ] arp=proxy-arp name=ether5-lan

/interface pptp-server

add name=pptp-AP-dacha user=dacha

add name=pptp-AP-shelkovo user=shelkovo

add name=vpn user=vpn

/interface ethernet

set [ find default-name=ether2 ] master-port=ether5-lan name=ether2-lan

set [ find default-name=ether3 ] master-port=ether5-lan name=ether3-lan

set [ find default-name=ether4 ] master-port=ether5-lan name=ether4-lan

/ip ipsec proposal

set [ find default=yes ] enc-algorithms=aes-128-cbc,3des pfs-group=none

/ip pool

add name=dhcp ranges=10.10.10.1-10.10.10.70

/ip dhcp-server

add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\

bridge1-lan lease-time=5w6d16h name=dhcp-pc

/queue type

add kind=pfifo name=MikroBILL_PFIFO pfifo-limit=500

add kind=sfq name=MikroBILL_SFQ

add kind=pcq name=MikroBILL_PCQ_DOWN pcq-classifier=dst-address \

pcq-total-limit=2400KiB

add kind=pcq name=MikroBILL_PCQ_UP pcq-classifier=src-address pcq-total-limit=\

2400KiB

/queue simple

add burst-time=1s/1s comment="Gen8 eth-2|0" limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_Gen8 queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.5/32

add burst-time=1s/1s comment="Gen8 ILO4|1" limit-at=1/1 max-limit=1G/1G name=\

"MikroBILL_Gen8 ILO4" queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.3/32

add burst-time=1s/1s comment=hikvision|3 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_hikvision queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.6/32

add burst-time=1s/1s comment=server|4 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_server queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.10/32

add burst-time=1s/1s comment=TP-Link|5 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_TP-Link queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.13/32

add burst-time=1s/1s comment="printer hp p2055dn|6" limit-at=1/1 max-limit=\

1G/1G name="MikroBILL_printer hp p2055dn" queue=MikroBILL_SFQ/MikroBILL_SFQ \

target=10.10.10.15/32

add burst-time=1s/1s comment="194 nastia planshet|7" limit-at=1/1 max-limit=\

1G/1G name="MikroBILL_194 nastia planshet" queue=\

MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.16/32

add burst-time=1s/1s comment=AccessPoint204|8 limit-at=1/1 max-limit=1G/1G \

name=MikroBILL_AccessPoint204 queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.20/32

add burst-time=1s/1s comment=router194|9 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_router194 queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.30/32

add burst-time=1s/1s comment=nastia194|10 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_nastia194 queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.19/32

add burst-time=1s/1s comment=194sergey|11 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_194sergey queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.38/32

add burst-time=1s/1s comment="nc-10(LAN)|12" limit-at=1/1 max-limit=1G/1G name=\

"MikroBILL_nc-10(LAN)" queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.39/32

add burst-limit=0/70M burst-threshold=0/63M burst-time=1s/1s comment=milan|13 \

limit-at=1/1 max-limit=1G/70M name=MikroBILL_milan queue=\

MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.40/32

add burst-limit=0/70M burst-threshold=0/63M burst-time=1s/1s comment=kirill|14 \

limit-at=1/1 max-limit=1G/70M name=MikroBILL_kirill queue=\

MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.41/32

add burst-time=1s/1s comment=Grigorievnew|15 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_Grigorievnew queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.45/32

add burst-limit=0/70M burst-threshold=0/63M burst-time=1s/1s comment=yrec|16 \

limit-at=1/1 max-limit=1G/70M name=MikroBILL_yrec queue=\

MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.46/32

add burst-limit=0/70M burst-threshold=0/63M burst-time=1s/1s comment=\

"Gen8 eth-1|2" limit-at=1/1 max-limit=1G/70M name="MikroBILL_Gen8 eth-1" \

queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.4/32

add burst-limit=0/70M burst-threshold=0/63M burst-time=1s/1s comment=osip|17 \

limit-at=1/1 max-limit=1G/70M name=MikroBILL_osip queue=\

MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.48/32

add burst-time=1s/1s comment=PowerFive|18 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_PowerFive queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.60/32

add burst-time=1s/1s comment=Kirill-Phone|19 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_Kirill-Phone queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.62/32

add burst-time=1s/1s comment=Ksuha_iPhone|21 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_Ksuha_iPhone queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.64/32

add burst-time=1s/1s comment=luliosha-phone|22 limit-at=1/1 max-limit=1G/1G \

name=MikroBILL_luliosha-phone queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.65/32

add burst-time=1s/1s comment="nc-10(WI-FI)|24" limit-at=1/1 max-limit=1G/1G \

name="MikroBILL_nc-10(WI-FI)" queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.67/32

add burst-time=1s/1s comment=ultrabook|25 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_ultrabook queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.21/32

add burst-time=1s/1s comment=cisco|26 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_cisco queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.2/32

add burst-time=1s/1s comment="Samsung TV|27" limit-at=1/1 max-limit=1G/1G name=\

"MikroBILL_Samsung TV" queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.44/32

add burst-time=1s/1s comment=vpn_bcg|28 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_vpn_bcg queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.34/32

add burst-limit=0/70M burst-threshold=0/63M burst-time=1s/1s comment=leon|29 \

limit-at=1/1 max-limit=1G/70M name=MikroBILL_leon queue=\

MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.7/32

add burst-time=1s/1s comment=Ksuha_iPad|20 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_Ksuha_iPad queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.63/32

add burst-limit=0/70M burst-threshold=0/63M burst-time=1s/1s comment=\

router235|30 limit-at=1/1 max-limit=1G/70M name=MikroBILL_router235 queue=\

MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.25/32

add burst-time=1s/1s comment=vpn_ultrabook|32 limit-at=1/1 max-limit=1G/1G \

name=MikroBILL_vpn_ultrabook queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.35/32

add burst-time=1s/1s comment=vpn_kuhnia|31 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_vpn_kuhnia queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.36/32

add burst-time=1s/1s comment=legbishe|33 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_legbishe queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.27/32

add burst-time=1s/1s comment=vpn_shelkovo|34 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_vpn_shelkovo queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.31/32

add burst-time=1s/1s comment=vpn|35 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_vpn queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.32/32

add burst-time=1s/1s comment=aspid|36 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_aspid queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.50/32

add burst-time=1s/1s comment=miner2|37 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_miner2 queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.33/32

add burst-time=1s/1s comment=vpn_PowerFive|39 limit-at=1/1 max-limit=1G/1G \

name=MikroBILL_vpnpowerfive queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.29/32

add burst-time=1s/1s comment=Dimson1|40 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_Dimson1 queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.12/32

add burst-time=1s/1s comment=Leon_Phone|41 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_Leon_Phone queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.61/32

add burst-time=1s/1s comment=mama|42 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_mama queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.66/32

add burst-time=1s/1s comment=miner4|43 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_miner4 queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.28/32

add burst-time=1s/1s comment=Leon_huawei|44 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_Leon_huawei queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.14/32

add burst-time=1s/1s comment="samsung Tab3|23" limit-at=1/1 max-limit=1G/1G \

name="MikroBILL_samsung Tab3" queue=MikroBILL_SFQ/MikroBILL_SFQ target=\

10.10.10.22/32

add burst-time=1s/1s comment=AP-dacha|45 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_dacha queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.70/32

/interface bridge port

add bridge=bridge1-lan interface=ether5-lan

add bridge=bridge1-lan disabled=yes interface=ether1-wan

add bridge=bridge1-lan interface=sfp1

/interface pppoe-server server

add interface=ether5-lan max-mru=1480 max-mtu=1480 mrru=1600 service-name=vpn

/interface pptp-server server

set enabled=yes

/ip address

add address=10.10.10.1/24 interface=ether5-lan network=10.10.10.0

/ip arp

add address=10.10.10.41 comment=MikroBILL_kirill|14 interface=ether5-lan \

mac-address=00:40:F4:6F:56:32

add address=10.10.10.16 comment="MikroBILL_194 nastia planshet|7" interface=\

ether5-lan mac-address=78:24:AF:63:A3:7B

add address=10.10.10.67 comment="MikroBILL_nc-10(WI-FI)|24" interface=\

ether5-lan mac-address=00:24:D2:2B:F6:48

add address=10.10.10.63 comment=MikroBILL_Ksuha_iPad|20 interface=ether5-lan \

mac-address=34:51:C9:C8:EC:37

add address=10.10.10.48 comment=MikroBILL_osip|17 interface=ether5-lan \

mac-address=AC:22:0B:51:71:41

add address=10.10.10.45 comment=MikroBILL_Grigorievnew|15 interface=ether5-lan \

mac-address=00:25:22:F1:E3:31

add address=10.10.10.40 comment=MikroBILL_milan|13 interface=ether5-lan \

mac-address=00:19:B9:66:0D:96

add address=10.10.10.39 comment="MikroBILL_nc-10(LAN)|12" interface=ether5-lan \

mac-address=00:13:77:F1:53:D0

add address=10.10.10.38 comment=MikroBILL_194sergey|11 interface=ether5-lan \

mac-address=AC:22:0B:29:44:1E

add address=10.10.10.62 comment=MikroBILL_Kirill-Phone|19 interface=ether5-lan \

mac-address=00:03:AB:E3:0E:4F

add address=10.10.10.46 comment=MikroBILL_yrec|16 interface=ether5-lan \

mac-address=60:A4:4C:EF:F5:90

add address=10.10.10.13 comment=MikroBILL_TP-Link|5 interface=ether5-lan \

mac-address=E8:DE:27:9F:2D:D2

add address=10.10.10.44 comment="MikroBILL_Samsung TV|27" interface=ether5-lan \

mac-address=84:A4:66:A6:F7:4F

add address=10.10.10.7 comment=MikroBILL_leon|29 interface=ether5-lan \

mac-address=D8:50:E6:52:8A:47

add address=10.10.10.64 comment=MikroBILL_Ksuha_iPhone|21 interface=ether5-lan \

mac-address=E0:B5:2D:8A:36:0E

add address=10.10.10.25 comment=MikroBILL_router235|30 interface=bridge1-lan \

mac-address=30:5A:3A:64:C4:10

add address=10.10.10.15 comment="MikroBILL_printer hp p2055dn|6" interface=\

bridge1-lan mac-address=78:E7:D1:A0:14:C9

add address=10.10.10.2 comment=MikroBILL_cisco|26 interface=bridge1-lan \

mac-address=0C:27:24:5B:F8:23

add address=10.10.10.3 comment="MikroBILL_Gen8 ILO4|1" interface=bridge1-lan \

mac-address=3C:A8:2A:9F:56:FA

add address=10.10.10.5 comment="MikroBILL_Gen8 eth-2|0" interface=bridge1-lan \

mac-address=3C:A8:2A:9F:56:F9

add address=10.10.10.6 comment=MikroBILL_hikvision|3 interface=bridge1-lan \

mac-address=C0:56:E3:98:1C:BA

add address=10.10.10.19 comment=MikroBILL_nastia194|10 interface=ether5-lan \

mac-address=9C:B7:0D:2A:9C:37

add address=10.10.10.21 comment=MikroBILL_ultrabook|25 interface=ether5-lan \

mac-address=C4:85:08:8D:E7:5D

add address=10.10.10.20 comment=MikroBILL_AccessPoint204|8 interface=ether5-lan \

mac-address=CC:B2:55:8F:8A:B8

add address=10.10.10.30 comment=MikroBILL_router194|9 interface=ether5-lan \

mac-address=00:07:26:44:45:2B

add address=10.10.10.65 comment=MikroBILL_luliosha-phone|22 interface=\

ether5-lan mac-address=14:32:D1:4B:62:37

add address=10.10.10.10 comment=MikroBILL_server|4 interface=ether5-lan \

mac-address=74:D4:35:8D:6C:AC

add address=10.10.10.27 comment=MikroBILL_legbishe|33 interface=ether1-wan \

mac-address=60:67:20:70:B5:38

add address=10.10.10.50 comment=MikroBILL_aspid|36 interface=ether5-lan \

mac-address=C1:BD:B9:D8:0D:A6

add address=10.10.10.4 comment="MikroBILL_Gen8 eth-1|2" interface=bridge1-lan \

mac-address=3C:A8:2A:9F:56:F8

add address=10.10.10.12 comment=MikroBILL_Dimson1|40 interface=ether5-lan \

mac-address=00:E0:4C:77:13:F8

add address=10.10.10.60 comment=MikroBILL_PowerFive|18 interface=ether5-lan \

mac-address=5C:F7:C3:96:3E:36

add address=10.10.10.61 comment=MikroBILL_Leon_Phone|41 interface=ether5-lan \

mac-address=94:92:BC:16:3A:03

add address=10.10.10.66 comment=MikroBILL_mama|42 interface=ether5-lan \

mac-address=1C:CD:E5:35:89:D5

add address=10.10.10.14 comment=MikroBILL_Leon_huawei|44 interface=ether5-lan \

mac-address=18:D2:76:33:25:C3

add address=10.10.10.22 comment="MikroBILL_samsung Tab3|23" interface=\

ether5-lan mac-address=F0:27:65:F9:AA:84

/ip dhcp-client

add dhcp-options=hostname,clientid disabled=no interface=ether1-wan

/ip dhcp-server lease

add address=10.10.10.5 comment="Gen8 eth-2 (MikroBill)|0" mac-address=\

3C:A8:2A:9F:56:F9

add address=10.10.10.62 always-broadcast=yes client-id=1:d8:31:cf:9d:66:7d \

comment="Kirill-Phone (MikroBill)|19" mac-address=D8:31:CF:9D:66:7D

add address=10.10.10.46 client-id=1:60:a4:4c:ef:f5:90 comment=\

"yrec (MikroBill)|16" mac-address=60:A4:4C:EF:F5:90

add address=10.10.10.13 comment="TP-Link (MikroBill)|5" mac-address=\

E8:DE:27:9F:2D:D2

add address=10.10.10.10 comment="server (MikroBill)|4" mac-address=\

74:D4:35:8D:6C:AC

add address=10.10.10.40 client-id=1:0:19:b9:66:d:96 comment=\

"milan (MikroBill)|13" mac-address=00:19:B9:66:0D:96 server=dhcp-pc

add address=10.10.10.44 comment="Samsung TV (MikroBill)|27" mac-address=\

84:A4:66:A6:F7:4F

add address=10.10.10.6 comment="hikvision (MikroBill)|3" mac-address=\

C0:56:E3:98:1C:BA

add address=10.10.10.2 comment="cisco (MikroBill)|26" mac-address=\

0C:27:24:5B:F8:23

add address=10.10.10.3 comment="Gen8 ILO4 (MikroBill)|1" mac-address=\

3C:A8:2A:9F:56:FA

add address=10.10.10.63 client-id=1:34:51:c9:c8:ec:37 comment=\

"Ksuha_iPad (MikroBill)|20" mac-address=34:51:C9:C8:EC:37

add address=10.10.10.7 always-broadcast=yes client-id=1:d8:50:e6:52:8a:47 \

comment="leon (MikroBill)|29" mac-address=D8:50:E6:52:8A:47

add address=10.10.10.64 always-broadcast=yes comment=\

"Ksuha_iPhone (MikroBill)|21" mac-address=E0:B5:2D:8A:36:0E

add address=10.10.10.48 client-id=1:ac:22:b:51:71:41 comment=\

"osip (MikroBill)|17" mac-address=AC:22:0B:51:71:41 server=dhcp-pc

add address=10.10.10.41 client-id=1:0:40:f4:6f:56:32 comment=\

"kirill (MikroBill)|14" mac-address=00:40:F4:6F:56:32 server=dhcp-pc

add address=10.10.10.34 always-broadcast=yes client-id=1:5c:a3:9d:35:f6:c4 \

comment="vpn_bcg (MikroBill)|34" mac-address=5C:A3:9D:35:F6:C4 server=\

dhcp-pc

add address=10.10.10.15 comment="printer hp p2055dn (MikroBill)|6" \

mac-address=78:E7:D1:A0:14:C9

add address=10.10.10.21 comment="ultrabook (MikroBill)|25" mac-address=\

C4:85:08:8D:E7:5D

add address=10.10.10.20 comment="AccessPoint204 (MikroBill)|8" mac-address=\

CC:B2:55:8F:8A:B8

add address=10.10.10.30 comment="router194 (MikroBill)|9" mac-address=\

00:07:26:44:45:2B

add address=10.10.10.45 client-id=1:0:25:22:f1:e3:31 comment=\

"Grigorievnew (MikroBill)|15" mac-address=00:25:22:F1:E3:31 server=dhcp-pc

add address=10.10.10.16 always-broadcast=yes comment=\

"194 nastia planshet (MikroBill)|7" mac-address=78:24:AF:63:A3:7B server=\

dhcp-pc

add address=10.10.10.65 comment="luliosha-phone (MikroBill)|22" mac-address=\

14:32:D1:4B:62:37

add address=10.10.10.19 always-broadcast=yes client-id=1:9c:b7:d:2a:9c:37 \

comment="nastia194 (MikroBill)|10" mac-address=9C:B7:0D:2A:9C:37 server=\

dhcp-pc

add address=10.10.10.27 client-id=1:60:67:20:70:b5:38 comment=\

"legbishe (MikroBill)|33" mac-address=60:67:20:70:B5:38

add address=10.10.10.4 always-broadcast=yes comment="Gen8 eth-1 (MikroBill)|2" \

mac-address=3C:A8:2A:9F:56:F8

add address=10.10.10.60 comment="PowerFive (MikroBill)|18" mac-address=\

5C:F7:C3:96:3E:36

add address=10.10.10.22 client-id=1:f0:27:65:f9:aa:84 comment=\

"samsung Tab3 (MikroBill)|23" mac-address=F0:27:65:F9:AA:84

/ip dhcp-server network

add address=10.10.10.0/24 dns-server=8.8.8.8 gateway=10.10.10.1 netmask=24 \

ntp-server=10.10.10.1

/ip dns

set servers=193.58.251.251

/ip firewall address-list

add address=10.10.10.0/24 comment="All Drop in 10.10.10.0/24" list=\

MikroBill_All_Drop

add address=10.10.10.5 comment="Gen8 eth-2|0" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.5 comment="Gen8 eth-2|0" list=MikroBill_Users

add address=10.10.10.41 comment=kirill|14 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.41 comment=kirill|14 list=MikroBill_Users

add address=10.10.10.16 comment="194 nastia planshet|7" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.16 comment="194 nastia planshet|7" list=MikroBill_Users

add address=10.10.10.67 comment="nc-10(WI-FI)|24" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.63 comment=Ksuha_iPad|20 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.60 comment=PowerFive|18 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.48 comment=osip|17 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.45 comment=Grigorievnew|15 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.40 comment=milan|13 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.39 comment="nc-10(LAN)|12" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.38 comment=194sergey|11 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.67 comment="nc-10(WI-FI)|24" list=MikroBill_Users

add address=10.10.10.63 comment=Ksuha_iPad|20 list=MikroBill_Users

add address=10.10.10.48 comment=osip|17 list=MikroBill_Users

add address=10.10.10.45 comment=Grigorievnew|15 list=MikroBill_Users

add address=10.10.10.40 comment=milan|13 list=MikroBill_Users

add address=10.10.10.39 comment="nc-10(LAN)|12" list=MikroBill_Users

add address=10.10.10.38 comment=194sergey|11 list=MikroBill_Users

add address=10.10.10.62 comment=Kirill-Phone|19 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.46 comment=yrec|16 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.46 comment=yrec|16 list=MikroBill_Users

add address=10.10.10.15 comment="printer hp p2055dn|6" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.13 comment=TP-Link|5 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.15 comment="printer hp p2055dn|6" list=MikroBill_Users

add address=10.10.10.13 comment=TP-Link|5 list=MikroBill_Users

add address=10.10.10.10 comment=server|4 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.10 comment=server|4 list=MikroBill_Users

add address=10.10.10.44 comment="Samsung TV|27" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.44 comment="Samsung TV|27" list=MikroBill_Users

add address=10.10.10.6 comment=hikvision|3 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.2 comment=cisco|26 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.2 comment=cisco|26 list=MikroBill_Users

add address=10.10.10.3 comment="Gen8 ILO4|1" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.3 comment="Gen8 ILO4|1" list=MikroBill_Users

add address=10.10.10.60 comment=PowerFive|18 list=MikroBill_Users

add address=10.10.10.7 comment=leon|29 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.7 comment=leon|29 list=MikroBill_Users

add address=10.10.10.34 comment=vpn_bcg|28 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.34 comment=vpn_bcg|28 list=MikroBill_Users

add address=10.10.10.64 comment=Ksuha_iPhone|21 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.64 comment=Ksuha_iPhone|21 list=MikroBill_Users

add address=10.10.10.25 comment=router235|30 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.25 comment=router235|30 list=MikroBill_Users

add address=10.10.10.19 comment=nastia194|10 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.19 comment=nastia194|10 list=MikroBill_Users

add address=10.10.10.36 comment=vpn_kuhnia|31 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.36 comment=vpn_kuhnia|31 list=MikroBill_Users

add address=10.10.10.35 comment=vpn_ultrabook|32 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.35 comment=vpn_ultrabook|32 list=MikroBill_Users

add address=10.10.10.21 comment=ultrabook|25 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.21 comment=ultrabook|25 list=MikroBill_Users

add address=10.10.10.20 comment=AccessPoint204|8 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.20 comment=AccessPoint204|8 list=MikroBill_Users

add address=10.10.10.30 comment=router194|9 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.30 comment=router194|9 list=MikroBill_Users

add address=10.10.10.65 comment=luliosha-phone|22 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.65 comment=luliosha-phone|22 list=MikroBill_Users

add address=10.10.10.27 comment=legbishe|33 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.27 comment=legbishe|33 list=MikroBill_Users

add address=10.10.10.31 comment=vpn_shelkovo|34 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.31 comment=vpn_shelkovo|34 list=MikroBill_Users

add address=10.10.10.32 comment=vpn|35 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.32 comment=vpn|35 list=MikroBill_Users

add address=10.10.10.50 comment=aspid|36 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.50 comment=aspid|36 list=MikroBill_Users

add address=10.10.10.6 comment=hikvision|3 list=MikroBill_Users

add address=10.10.10.4 comment="Gen8 eth-1|2" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.4 comment="Gen8 eth-1|2" list=MikroBill_Users

add address=10.10.10.33 comment=miner2|37 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.33 comment=miner2|37 list=MikroBill_Users

add address=10.10.10.37 comment=miner3|38 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.37 comment=miner3|38 list=MikroBill_Users

add address=10.10.10.29 comment=vpn_PowerFive|39 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.12 comment=Dimson1|40 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.12 comment=Dimson1|40 list=MikroBill_Users

add address=10.10.10.62 comment=Kirill-Phone|19 list=MikroBill_Users

add address=10.10.10.29 comment=vpn_PowerFive|39 list=MikroBill_Users

add address=10.10.10.61 comment=Leon_Phone|41 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.61 comment=Leon_Phone|41 list=MikroBill_Users

add address=10.10.10.66 comment=mama|42 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.66 comment=mama|42 list=MikroBill_Users

add address=10.10.10.28 comment=miner4|43 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.28 comment=miner4|43 list=MikroBill_Users

add address=10.10.10.14 comment=Leon_huawei|44 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.14 comment=Leon_huawei|44 list=MikroBill_Users

add address=10.10.10.22 comment="samsung Tab3|23" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.22 comment="samsung Tab3|23" list=MikroBill_Users

add address=10.10.10.70 comment=AP-dacha|45 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.69 comment=AP-shelkovo|46 list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=10.10.10.69 comment=AP-shelkovo|46 list=MikroBill_Users

add address=10.10.10.70 comment=AP-dacha|45 list=MikroBill_Users

add address=192.168.88.0/24 comment="All Drop in 192.168.88.0/24" list=\

MikroBill_All_Drop

add address=192.168.88.240 comment="dacha WI-FI pool|47" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=192.168.88.240 comment="dacha WI-FI pool|47" list=MikroBill_Users

add address=192.168.88.245 comment="dacha WI-FI pool|47" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=192.168.88.243 comment="dacha WI-FI pool|47" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=192.168.88.242 comment="dacha WI-FI pool|47" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=192.168.88.241 comment="dacha WI-FI pool|47" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=192.168.88.245 comment="dacha WI-FI pool|47" list=MikroBill_Users

add address=192.168.88.244 comment="dacha WI-FI pool|47" list=MikroBill_Users

add address=192.168.88.243 comment="dacha WI-FI pool|47" list=MikroBill_Users

add address=192.168.88.242 comment="dacha WI-FI pool|47" list=MikroBill_Users

add address=192.168.88.241 comment="dacha WI-FI pool|47" list=MikroBill_Users

add address=192.168.88.244 comment="dacha WI-FI pool|47" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=192.168.88.252 comment="dacha WI-FI pool|47" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=192.168.88.251 comment="dacha WI-FI pool|47" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=192.168.88.250 comment="dacha WI-FI pool|47" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=192.168.88.249 comment="dacha WI-FI pool|47" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=192.168.88.248 comment="dacha WI-FI pool|47" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=192.168.88.247 comment="dacha WI-FI pool|47" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=192.168.88.246 comment="dacha WI-FI pool|47" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=192.168.88.252 comment="dacha WI-FI pool|47" list=MikroBill_Users

add address=192.168.88.251 comment="dacha WI-FI pool|47" list=MikroBill_Users

add address=192.168.88.250 comment="dacha WI-FI pool|47" list=MikroBill_Users

add address=192.168.88.249 comment="dacha WI-FI pool|47" list=MikroBill_Users

add address=192.168.88.248 comment="dacha WI-FI pool|47" list=MikroBill_Users

add address=192.168.88.247 comment="dacha WI-FI pool|47" list=MikroBill_Users

add address=192.168.88.246 comment="dacha WI-FI pool|47" list=MikroBill_Users

add address=192.168.88.253 comment="dacha WI-FI pool|47" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=192.168.88.253 comment="dacha WI-FI pool|47" list=MikroBill_Users

add address=192.168.88.254 comment="dacha WI-FI pool|47" list=\

"MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5"

add address=192.168.88.254 comment="dacha WI-FI pool|47" list=MikroBill_Users

/ip firewall filter

add action=accept chain=input src-address=178.173.3.2

add action=accept chain=input dst-port=1723 protocol=tcp

add action=accept chain=input protocol=gre

add action=drop chain=input comment=\

"\EB\EE\EC\E8\F2\F1\FF \ED\E0 ssh \E8\E7\E2\ED\E5" in-interface=ether1-wan \

src-address=222.186.21.82

add action=drop chain=input comment=\

"\EB\EE\EC\E8\F2\F1\FF \ED\E0 \F2\E5\EB\ED\E5\F2 \E8\E7\E2\ED\E5" \

src-address=219.147.230.246

add action=drop chain=forward comment=MikroBILL_Flood_Killer src-address-list=\

MikroBILL_BLOCKED_FLOOD

add action=add-src-to-address-list address-list=MikroBILL_BLOCKED_FLOOD \

address-list-timeout=3m chain=forward comment=MikroBILL_Block_Flood \

connection-limit=20,32 dst-port=80 protocol=tcp src-address-list=\

MikroBill_OFF_Users

add action=accept chain=forward comment=MikroBILL_Server src-address=10.10.10.2

add action=accept chain=forward comment=MikroBILL_Server2 dst-address=\

10.10.10.2

add action=accept chain=forward comment=MikroBILL_Users src-address-list=\

MikroBill_Users

add action=accept chain=forward comment=MikroBILL_Users2 dst-address-list=\

MikroBill_Users

add action=drop chain=forward comment=MikroBILL_Blocked_Users src-address-list=\

MikroBill_All_Drop

add action=drop chain=forward comment=MikroBILL_Blocked_Users2 \

dst-address-list=MikroBill_All_Drop

/ip firewall nat

add action=netmap chain=dstnat comment="MIKROBILL WEB-CAP" disabled=yes \

dst-address=!10.10.10.2 dst-port=80 protocol=tcp src-address-list=\

MikroBill_OFF_Users to-addresses=10.10.10.2 to-ports=81

add action=netmap chain=dstnat comment="MIKROBILL 2WEB-CAP" disabled=yes \

dst-address=!10.10.10.2 dst-port=80 protocol=tcp src-address-list=\

!MikroBill_Users to-addresses=10.10.10.2 to-ports=82

add action=masquerade chain=srcnat comment="MIKROBILL USERS NAT" \

src-address-list=MikroBill_All_Drop

add action=netmap chain=dstnat comment=\

"\EF\F0\EE\E1\F0\EE\F1 20 \EF\EE\F0\F2\E0 \ED\E0 10.10.10.4" dst-address=\

ХХ.141.169.140 dst-port=20 protocol=tcp to-addresses=10.10.10.4 to-ports=21

add action=netmap chain=dstnat comment=\

"\EF\F0\EE\E1\F0\EE\F1 21 \EF\EE\F0\F2\E0 \ED\E0 10.10.10.4" dst-address=\

ХХ.141.169.140 dst-port=21 protocol=tcp to-addresses=10.10.10.4 to-ports=21

add action=netmap chain=dstnat comment=\

"\EF\F0\EE\E1\F0\EE\F1 80 \EF\EE\F0\F2\E0 \ED\E0 10.10.10.4" dst-address=\

ХХ.141.169.140 dst-port=80 protocol=tcp to-addresses=10.10.10.4 to-ports=80

add action=netmap chain=dstnat comment="\EF\F0\EE\E1\F0\EE\F1 \EF\EE\F0\F2\E0 97\

86 \ED\E0 10.10.10.4 \E4\EB\FF \E2\E8\E4\E5\EE\ED\E0\E1\EB\FE\E4\E5\ED\E8\FF\

" dst-address=ХХ.141.169.140 port=9786 protocol=tcp to-addresses=10.10.10.4 \

to-ports=9786

add action=netmap chain=dstnat disabled=yes dst-address=ХХ.141.169.140 \

dst-port=6377 protocol=tcp to-addresses=10.10.10.9 to-ports=6377

# no interface

add action=masquerade chain=srcnat out-interface=*14

/ip ipsec peer

add address=188.94.226.218/32 dh-group=modp1536 exchange-mode=main-l2tp \

generate-policy=port-override passive=yes secret=123456789

/ip route

add disabled=yes distance=1 gateway=77.50.155.1

add comment="\EC\E0\F0\F8\F0\F3\F2 \ED\E0 \F1\E5\F2\FC \D9\B8\EB\EA\EE\E2\EE" \

disabled=yes distance=1 dst-address=10.10.11.0/24 gateway=*F1ABF3

add distance=1 dst-address=192.168.88.0/24 gateway=pptp-AP-dacha pref-src=\

10.10.10.1

/ip service

set telnet disabled=yes

set ssh disabled=yes

/ppp secret

add local-address=10.10.10.1 name=vpn_bcg password=sab182qq remote-address=\

10.10.10.34 service=pptp

add local-address=10.10.10.1 name=vpn_kuhnia password=sab182qq remote-address=\

10.10.10.36 service=pptp

add local-address=10.10.10.1 name=vpn_shelkovo password=sab182qq \

remote-address=10.10.10.31 service=pptp

add local-address=10.10.10.1 name=vpn password=11111111 remote-address=\

10.10.10.32 service=pptp

add local-address=10.10.10.1 name=miner2 password=sab182qq remote-address=\

10.10.10.33 service=pptp

add local-address=10.10.10.1 name=vpnpowerfive password=sab182qq \

remote-address=10.10.10.29 service=pptp

add local-address=10.10.10.1 name=miner4 password=sab182qq remote-address=\

10.10.10.28 service=pptp

add comment="miner3 (MikroBill)|38" local-address=10.10.10.1 name=miner3 \

password=sab182qq remote-address=10.10.10.37 service=pptp

add comment="AP-dacha (MikroBill)|45" local-address=10.10.10.1 name=dacha \

password=sab182qq remote-address=10.10.10.70 service=pptp

add comment="AP-shelkovo (MikroBill)|46" local-address=10.10.10.1 name=\

shelkovo password=sab182qq remote-address=10.10.10.69 service=pptp

add comment="dacha WI-FI pool (MikroBill)|47" local-address=192.168.88.1 \

name="dacha WI-FI pool" remote-address=192.168.88.240 service=pptp

/system clock

set time-zone-name=Europe/Moscow

/system logging

add topics=pptp

add topics=account

add topics=route

/system scheduler

add disabled=yes interval=1s name=vlan5-arp on-event=":foreach i in [/ip arp fin\

d dynamic=yes interface=ether5-lan] do={/ip arp add copy-from=\$i}" policy=\

ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\

mar/11/2016 start-time=12:46:43

/tool romon port

add

[aspid@MikroTik] >

 

 

 

 

MikroTik hEX Lite RB750 r2 pptp клиент

 

 

 

 

 

 

 

 

 

 

 

 

MMM MMM KKK TTTTTTTTTTT KKK

MMMM MMMM KKK TTTTTTTTTTT KKK

MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK

MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK

MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK

MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK

 

MikroTik RouterOS 6.39.2 © 1999-2017 http://www.mikrotik.com/

 

[?] Gives the list of available commands

command [?] Gives help on the command and list of arguments

 

[Tab] Completes the command/word. If the input is ambiguous,

a second [Tab] gives possible options

 

/ Move up to base level

.. Move up one level

/command Use command at the base level

(157 messages not shown)

jun/30/2017 17:23:03 system,error,critical router was rebooted without proper shut

down

jul/02/2017 22:18:45 system,error,critical router was rebooted without proper shut

down

jul/07/2017 16:10:16 system,error,critical login failure for user admin from 10.10

.11.10 via web

jul/07/2017 16:10:31 system,error,critical login failure for user aspid from 10.10

.11.10 via web

jul/07/2017 16:11:46 system,error,critical login failure for user admin from 10.10

.11.10 via web

jul/07/2017 17:10:53 system,error,critical login failure for user admin from 10.10

.11.10 via web

jul/07/2017 17:11:14 system,error,critical login failure for user admin from 10.10

.11.10 via web

jul/07/2017 17:00:05 system,error,critical router was rebooted without proper shut

down

[admin@MikroTik] > export compact

# jul/14/2017 18:26:05 by RouterOS 6.39.2

# software id = RU2Q-HW4V

#

/interface ethernet

set [ find default-name=ether1 ] mac-address=F4:EC:38:EE:DE:B1 name=\

ether1-gateway

set [ find default-name=ether2 ] name=ether2-master-local

set [ find default-name=ether3 ] master-port=ether2-master-local name=\

ether3-slave-local

set [ find default-name=ether4 ] master-port=ether2-master-local name=\

ether4-slave-local

set [ find default-name=ether5 ] master-port=ether2-master-local name=\

ether5-slave-local

/interface pptp-client

add connect-to=94.141.169.140 disabled=no keepalive-timeout=disabled name=\

pptp-out1 password=sab182qq user=shelkovo

/ip neighbor discovery

set ether1-gateway discover=no

/ip hotspot profile

set [ find default=yes ] html-directory=flash/hotspot

/ip ipsec proposal

set [ find default=yes ] enc-algorithms=3des pfs-group=none

/ip pool

add name=dhcp ranges=10.10.11.2-10.10.11.10

/ip dhcp-server

add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\

ether2-master-local name=DHCP-Shelkovo

/queue type

add kind=pfifo name=MikroBILL_PFIFO pfifo-limit=500

add kind=sfq name=MikroBILL_SFQ

add kind=pcq name=MikroBILL_PCQ_UP pcq-classifier=src-address pcq-total-limit=\

400KiB

add kind=pcq name=MikroBILL_PCQ_DOWN pcq-classifier=dst-address \

pcq-total-limit=400KiB

/queue simple

add burst-time=1s/1s comment=asus|0 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_asus queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.11.6/32 \

total-queue=MikroBILL_SFQ

add burst-time=1s/1s comment=dune|1 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_dune queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.11.7/32 \

total-queue=MikroBILL_SFQ

add burst-time=1s/1s comment=GoldFish|2 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_GoldFish queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.11.4/32 \

total-queue=MikroBILL_SFQ

add burst-time=1s/1s comment=kuhnia|3 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_kuhnia queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.11.10/32 \

total-queue=MikroBILL_SFQ

add burst-time=1s/1s comment=storj|4 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_storj queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.11.8/32 \

total-queue=MikroBILL_SFQ

add burst-time=1s/1s comment=Levina|5 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_Levina queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.11.5/32 \

total-queue=MikroBILL_SFQ

add burst-time=1s/1s comment=dd-wrt|6 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_dd-wrt queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.11.3/32 \

total-queue=MikroBILL_SFQ

add burst-time=1s/1s comment=PowerFive|7 limit-at=1/1 max-limit=1G/1G name=\

MikroBILL_PowerFive queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.11.9/32 \

total-queue=MikroBILL_SFQ

/system logging action

set 1 disk-file-name=log

/ip address

add address=10.10.11.1/24 comment="default configuration" interface=\

ether2-master-local network=10.10.11.0

add address=10.ХХХ.72.23/16 interface=ether1-gateway network=10.ХХХ.0.0

/ip arp

add address=10.10.11.10 interface=ether2-master-local mac-address=\

70:71:BC:46:69:C4

add address=10.10.11.6 comment=MikroBILL_asus|0 interface=ether1-gateway \

mac-address=E0:3F:49:1E:E0:8C

add address=10.10.11.4 comment=MikroBILL_GoldFish|2 interface=ether1-gateway \

mac-address=E8:DE:27:9F:2D:D2

add address=10.10.11.7 comment=MikroBILL_dune|1 interface=ether1-gateway \

mac-address=00:26:AA:A3:BA:2D

add address=10.10.11.10 comment=MikroBILL_kuhnia|3 interface=ether1-gateway \

mac-address=70:71:BC:46:69:C4

add address=10.10.11.5 comment=MikroBILL_Levina|5 interface=ether1-gateway \

mac-address=BC:AE:C5:B6:24:48

add address=10.10.11.3 comment=MikroBILL_dd-wrt|6 interface=ether1-gateway \

mac-address=20:CF:30:CE:25:F4

add address=10.10.11.9 comment=MikroBILL_PowerFive|7 interface=ether1-gateway \

mac-address=5C:F7:C3:96:3E:36

/ip dhcp-client

add comment="default configuration" dhcp-options=hostname,clientid interface=\

ether1-gateway

/ip dhcp-server lease

add address=10.10.11.3 always-broadcast=yes client-id=1:20:cf:30:ce:25:f4 \

comment="dd-wrt (MikroBill)|6" mac-address=20:CF:30:CE:25:F4

add address=10.10.11.10 client-id=1:e8:de:27:9f:2d:d2 mac-address=\

E8:DE:27:9F:2D:D2 server=DHCP-Shelkovo

add address=10.10.11.6 comment="asus (MikroBill)|0" mac-address=\

E0:3F:49:1E:E0:8C

add address=10.10.11.7 comment="dune (MikroBill)|1" mac-address=\

00:26:AA:A3:BA:2D

add address=10.10.11.4 comment="GoldFish (MikroBill)|2" mac-address=\

E8:DE:27:9F:2D:D2

add address=10.10.11.5 comment="Levina (MikroBill)|5" mac-address=\

BC:AE:C5:B6:24:48

add address=10.10.11.9 comment="PowerFive (MikroBill)|7" mac-address=\

5C:F7:C3:96:3E:36

/ip dhcp-server network

add address=10.10.11.0/24 gateway=10.10.11.1 netmask=24

/ip dns

set allow-remote-requests=yes servers=193.58.251.251,8.8.8.8

/ip dns static

add address=10.10.11.1 name=router

/ip firewall address-list

add address=10.10.11.5 list=levina

add address=10.10.11.10 list=kuhnia

add address=10.10.11.7 list=dune

add address=10.10.11.4 list=tp-link

add address=10.10.11.8 list=storj

add address=10.10.11.8 comment="All Drop in 10.10.11.8" list=MikroBill_All_Drop

add address=10.10.11.8 comment=storj|4 list=MikroBill_Users

add address=10.10.11.0/24 comment="All Drop in 10.10.11.0/24" list=\

MikroBill_All_Drop

add address=10.10.11.6 comment=asus|0 disabled=yes list=MikroBill_OFF_Users

add address=10.10.11.6 comment=asus|0 list=MikroBill_Users

add address=10.10.11.7 comment=dune|1 disabled=yes list=MikroBill_OFF_Users

add address=10.10.11.7 comment=dune|1 list=MikroBill_Users

add address=10.10.11.4 comment=GoldFish|2 disabled=yes list=MikroBill_OFF_Users

add address=10.10.11.4 comment=GoldFish|2 list=MikroBill_Users

add address=10.10.11.10 comment=kuhnia|3 disabled=yes list=MikroBill_OFF_Users

add address=10.10.11.10 comment=kuhnia|3 list=MikroBill_Users

add address=10.10.11.5 comment=Levina|5 disabled=yes list=MikroBill_OFF_Users

add address=10.10.11.5 comment=Levina|5 list=MikroBill_Users

add address=10.10.11.3 comment=dd-wrt|6 disabled=yes list=MikroBill_OFF_Users

add address=10.10.11.3 comment=dd-wrt|6 list=MikroBill_Users

add address=10.10.11.9 comment=PowerFive|7 disabled=yes list=\

MikroBill_OFF_Users

add address=10.10.11.9 comment=PowerFive|7 list=MikroBill_Users

/ip firewall filter

add action=drop chain=forward comment=MikroBILL_Flood_Killer src-address-list=\

MikroBILL_BLOCKED_FLOOD

add action=add-src-to-address-list address-list=MikroBILL_BLOCKED_FLOOD \

address-list-timeout=3m chain=forward comment=MikroBILL_Block_Flood \

connection-limit=20,32 dst-port=80 protocol=tcp src-address-list=\

MikroBill_OFF_Users

add action=accept chain=forward comment=MikroBILL_Server src-address=10.10.11.8

add action=accept chain=forward comment=MikroBILL_Server2 dst-address=\

10.10.11.8

add action=accept chain=forward comment=MikroBILL_WhiteList dst-address-list=\

WhiteHosts

add action=accept chain=forward comment=MikroBILL_Users src-address-list=\

MikroBill_Users

add action=accept chain=forward comment=MikroBILL_Users2 dst-address-list=\

MikroBill_Users

add action=drop chain=forward comment=MikroBILL_Blocked_Users disabled=yes \

src-address-list=MikroBill_All_Drop

add action=drop chain=forward comment=MikroBILL_Blocked_Users2 disabled=yes \

dst-address-list=MikroBill_All_Drop

/ip firewall nat

add action=netmap chain=dstnat comment="MIKROBILL WEB-CAP" disabled=yes \

dst-address=!10.10.11.8 dst-address-list=!WhiteHosts dst-port=80 protocol=\

tcp src-address-list=MikroBill_OFF_Users to-addresses=10.10.11.8 to-ports=\

81

add action=netmap chain=dstnat comment="MIKROBILL 2WEB-CAP" disabled=yes \

dst-address=!10.10.11.8 dst-address-list=!WhiteHosts dst-port=80 protocol=\

tcp src-address-list=!MikroBill_Users to-addresses=10.10.11.8 to-ports=82

add action=masquerade chain=srcnat comment="MIKROBILL USERS NAT" \

src-address-list=MikroBill_All_Drop

add action=masquerade chain=srcnat out-interface=ether1-gateway

/ip ipsec peer

add address=0.0.0.0/0 enc-algorithm=aes-256,aes-128,3des secret=Bcg_58_3 \

send-initial-contact=no

add enc-algorithm=3des secret=Bcg_58_3

/ip route

add distance=1 gateway=10.ХХХ.72.254

add comment="\EC\E0\F0\F8\F0\F3\F2 \ED\E0 10.10.10.0/24" distance=1 \

dst-address=10.10.10.0/24 gateway=*7 pref-src=10.10.10.31

/ip service

set ftp disabled=yes

set ssh disabled=yes

/ppp secret

add local-address=10.10.10.31 name=vpn_shelkovo password=sab182qq \

remote-address=94.141.169.140 service=pptp

/system clock

set time-zone-name=Europe/Moscow

/system logging

add topics=pptp

add topics=firewall

/tool mac-server

set [ find default=yes ] disabled=yes

add interface=ether2-master-local

add interface=ether3-slave-local

add interface=ether4-slave-local

add interface=ether5-slave-local

/tool mac-server mac-winbox

set [ find default=yes ] disabled=yes

add interface=ether2-master-local

add interface=ether3-slave-local

add interface=ether4-slave-local

add interface=ether5-slave-local

[admin@MikroTik] >

 

 

 

 

после обновления ситуация не поменялась

Поделиться сообщением

Ссылка на сообщение
Поделиться на других сайтах

DeLL   

DeLL
Опубликовано · Жалоба

На сервере: 

/ip route
add comment="\EC\E0\F0\F8\F0\F3\F2 \ED\E0 \F1\E5\F2\FC \D9\B8\EB\EA\EE\E2\EE" \
disabled=yes distance=1 dst-address=10.10.11.0/24 gateway=*F1ABF3

Почему маршрут выключен и что указано в качестве шлюза? Должно быть pptp-AP-shelkovo

 

На клиенте:

/ip route
add comment="\EC\E0\F0\F8\F0\F3\F2 \ED\E0 10.10.10.0/24" distance=1 \
dst-address=10.10.10.0/24 gateway=*7 pref-src=10.10.10.31

Тоже самое, вместо гетвея должно быть pptp-out1 и убрать pref-src, оно само появится

/ppp secret
add local-address=10.10.10.31 name=vpn_shelkovo password=sab182qq \
remote-address=94.141.169.140 service=pptp

убрать локал и ремоте адреса совсем

Поделиться сообщением

Ссылка на сообщение
Поделиться на других сайтах

aspidz   

aspidz
Опубликовано · Жалоба

выполнил первый код на сервере, появилось два не активных маршрута,

в обоих поставил гейтом pptp-AP-shelkovo

вторую и третью команду выполнил на клиенте,

после второй создалось два маршрута

в обоих поставил гейтом pptp-out1 и убрал pref-src

после третьей команды терминал ругнулся на то,что секрет с таким именем уже существует, я его убил и этой командой создал заново, убрал локал и ремоте адреса совсем

 

 

клиент по прежнему не хочет цепляться к серверу

с моей точки зрения ничего не изменилось

Поделиться сообщением

Ссылка на сообщение
Поделиться на других сайтах

DeLL   

DeLL
Опубликовано · Жалоба

Я привел не команды для выполнения, а кусок конфы, выложенной выше)

Там у Вас 2 ошибки - это отсутствие маршрута на одном из устройств, и неправильное присвоение IP адресов для туннеля VPN, из-за чего и не работает

Поделиться сообщением

Ссылка на сообщение
Поделиться на других сайтах

aspidz   

aspidz
Опубликовано · Жалоба

так или иначе я же выполнил все Ваши рекомендации, желаемого результата это не принесло

Поделиться сообщением

Ссылка на сообщение
Поделиться на других сайтах

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гость
Ответить в тему...

×   Вставлено в виде отформатированного текста.   Вставить в виде обычного текста

  Разрешено не более 75 смайлов.

×   Ваша ссылка была автоматически встроена.   Отобразить как ссылку

×   Ваш предыдущий контент был восстановлен.   Очистить редактор

×   Вы не можете вставить изображения напрямую. Загрузите или вставьте изображения по ссылке.

×
Подписчики 0
Перейти к списку тем Mikrotik Wireless