aspidz Опубликовано 7 июля, 2017 · Жалоба Проблему периодически, безрезультатно, пытаюсь решить уже года полтора-два. В связи с покупкой очередного устройства mikrotik вновь с ней вернулся, проблема в следующем. Есть основное устройство mikrotik RB2011UiAS V6.30.4, 10.10.10.1, на устройстве по инструкции http://asp24.com.ua/blog/nastrojka-pptp-server-mikrotik/#prettyPhoto поднят pptp сервер, сервер поднят уже года 4 назад и без проблем работает с pptp клиентами подключающимися с виндовых и убунтовых машинок . Вчера приобрёл точку доступа MikroTik wAPG-5HacT2HnD, v 6.35.4, подключена к провайдеру отличному от основного роутера, создаю на ней pptp клиент настроенный на сервер основного устройства. по этой инструкции http://zhutov.ru/post/15/ , точка доступа автоматически получает IP (10.10.10.68) из сети основного устройства, на основном устройстве приходит в рабочее состояние интерфейс этого pptp сервера, с точки доступа пингуется основной роутер RB2011UiAS и все машины основной сети, но при этом на машинах подлючённых к точке доступа нет интернета и машины основной сети не пингуются. Все инструкции по настройке сервера и клиента pptp на Mikrotik однотипные, за рамки выше указанных инструкций не выходят. Подскажите пожалуйста, что ещё, кроме поднятия сервера и клиента, нужно сделать, что бы обе сети видели друг друга? Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
DeLL Опубликовано 7 июля, 2017 · Жалоба Все банально - настройка маршрутов, сударь. На обоих устройствах прописать маршрут в сеть соседа Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
DeLL Опубликовано 10 июля, 2017 · Жалоба Во-первых, надо обновить ROS до последней версии, а во-вторых export compact с обоих устройств и сюда под спойлер Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
aspidz Опубликовано 14 июля, 2017 · Жалоба MikroTik 2011UiAS-RM pptp сервер MMMM MMMM KKK TTTTTTTTTTT KKK MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK MikroTik RouterOS 6.39.2 © 1999-2017 http://www.mikrotik.com/ [?] Gives the list of available commands command [?] Gives help on the command and list of arguments [Tab] Completes the command/word. If the input is ambiguous, a second [Tab] gives possible options / Move up to base level .. Move up one level /command Use command at the base level [aspid@MikroTik] > export compact # jul/23/2016 04:29:05 by RouterOS 6.39.2 # software id = K4DF-KAJT # /interface bridge add fast-forward=no name=bridge1-lan /interface ethernet set [ find default-name=ether1 ] arp=proxy-arp mac-address=20:CF:30:CE:25:F4 \ name=ether1-wan set [ find default-name=ether5 ] arp=proxy-arp name=ether5-lan /interface pptp-server add name=pptp-AP-dacha user=dacha add name=pptp-AP-shelkovo user=shelkovo add name=vpn user=vpn /interface ethernet set [ find default-name=ether2 ] master-port=ether5-lan name=ether2-lan set [ find default-name=ether3 ] master-port=ether5-lan name=ether3-lan set [ find default-name=ether4 ] master-port=ether5-lan name=ether4-lan /ip ipsec proposal set [ find default=yes ] enc-algorithms=aes-128-cbc,3des pfs-group=none /ip pool add name=dhcp ranges=10.10.10.1-10.10.10.70 /ip dhcp-server add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\ bridge1-lan lease-time=5w6d16h name=dhcp-pc /queue type add kind=pfifo name=MikroBILL_PFIFO pfifo-limit=500 add kind=sfq name=MikroBILL_SFQ add kind=pcq name=MikroBILL_PCQ_DOWN pcq-classifier=dst-address \ pcq-total-limit=2400KiB add kind=pcq name=MikroBILL_PCQ_UP pcq-classifier=src-address pcq-total-limit=\ 2400KiB /queue simple add burst-time=1s/1s comment="Gen8 eth-2|0" limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_Gen8 queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.5/32 add burst-time=1s/1s comment="Gen8 ILO4|1" limit-at=1/1 max-limit=1G/1G name=\ "MikroBILL_Gen8 ILO4" queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.3/32 add burst-time=1s/1s comment=hikvision|3 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_hikvision queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.6/32 add burst-time=1s/1s comment=server|4 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_server queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.10/32 add burst-time=1s/1s comment=TP-Link|5 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_TP-Link queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.13/32 add burst-time=1s/1s comment="printer hp p2055dn|6" limit-at=1/1 max-limit=\ 1G/1G name="MikroBILL_printer hp p2055dn" queue=MikroBILL_SFQ/MikroBILL_SFQ \ target=10.10.10.15/32 add burst-time=1s/1s comment="194 nastia planshet|7" limit-at=1/1 max-limit=\ 1G/1G name="MikroBILL_194 nastia planshet" queue=\ MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.16/32 add burst-time=1s/1s comment=AccessPoint204|8 limit-at=1/1 max-limit=1G/1G \ name=MikroBILL_AccessPoint204 queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.20/32 add burst-time=1s/1s comment=router194|9 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_router194 queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.30/32 add burst-time=1s/1s comment=nastia194|10 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_nastia194 queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.19/32 add burst-time=1s/1s comment=194sergey|11 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_194sergey queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.38/32 add burst-time=1s/1s comment="nc-10(LAN)|12" limit-at=1/1 max-limit=1G/1G name=\ "MikroBILL_nc-10(LAN)" queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.39/32 add burst-limit=0/70M burst-threshold=0/63M burst-time=1s/1s comment=milan|13 \ limit-at=1/1 max-limit=1G/70M name=MikroBILL_milan queue=\ MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.40/32 add burst-limit=0/70M burst-threshold=0/63M burst-time=1s/1s comment=kirill|14 \ limit-at=1/1 max-limit=1G/70M name=MikroBILL_kirill queue=\ MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.41/32 add burst-time=1s/1s comment=Grigorievnew|15 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_Grigorievnew queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.45/32 add burst-limit=0/70M burst-threshold=0/63M burst-time=1s/1s comment=yrec|16 \ limit-at=1/1 max-limit=1G/70M name=MikroBILL_yrec queue=\ MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.46/32 add burst-limit=0/70M burst-threshold=0/63M burst-time=1s/1s comment=\ "Gen8 eth-1|2" limit-at=1/1 max-limit=1G/70M name="MikroBILL_Gen8 eth-1" \ queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.4/32 add burst-limit=0/70M burst-threshold=0/63M burst-time=1s/1s comment=osip|17 \ limit-at=1/1 max-limit=1G/70M name=MikroBILL_osip queue=\ MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.48/32 add burst-time=1s/1s comment=PowerFive|18 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_PowerFive queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.60/32 add burst-time=1s/1s comment=Kirill-Phone|19 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_Kirill-Phone queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.62/32 add burst-time=1s/1s comment=Ksuha_iPhone|21 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_Ksuha_iPhone queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.64/32 add burst-time=1s/1s comment=luliosha-phone|22 limit-at=1/1 max-limit=1G/1G \ name=MikroBILL_luliosha-phone queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.65/32 add burst-time=1s/1s comment="nc-10(WI-FI)|24" limit-at=1/1 max-limit=1G/1G \ name="MikroBILL_nc-10(WI-FI)" queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.67/32 add burst-time=1s/1s comment=ultrabook|25 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_ultrabook queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.21/32 add burst-time=1s/1s comment=cisco|26 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_cisco queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.2/32 add burst-time=1s/1s comment="Samsung TV|27" limit-at=1/1 max-limit=1G/1G name=\ "MikroBILL_Samsung TV" queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.44/32 add burst-time=1s/1s comment=vpn_bcg|28 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_vpn_bcg queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.34/32 add burst-limit=0/70M burst-threshold=0/63M burst-time=1s/1s comment=leon|29 \ limit-at=1/1 max-limit=1G/70M name=MikroBILL_leon queue=\ MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.7/32 add burst-time=1s/1s comment=Ksuha_iPad|20 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_Ksuha_iPad queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.63/32 add burst-limit=0/70M burst-threshold=0/63M burst-time=1s/1s comment=\ router235|30 limit-at=1/1 max-limit=1G/70M name=MikroBILL_router235 queue=\ MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.25/32 add burst-time=1s/1s comment=vpn_ultrabook|32 limit-at=1/1 max-limit=1G/1G \ name=MikroBILL_vpn_ultrabook queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.35/32 add burst-time=1s/1s comment=vpn_kuhnia|31 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_vpn_kuhnia queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.36/32 add burst-time=1s/1s comment=legbishe|33 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_legbishe queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.27/32 add burst-time=1s/1s comment=vpn_shelkovo|34 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_vpn_shelkovo queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.31/32 add burst-time=1s/1s comment=vpn|35 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_vpn queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.32/32 add burst-time=1s/1s comment=aspid|36 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_aspid queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.50/32 add burst-time=1s/1s comment=miner2|37 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_miner2 queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.33/32 add burst-time=1s/1s comment=vpn_PowerFive|39 limit-at=1/1 max-limit=1G/1G \ name=MikroBILL_vpnpowerfive queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.29/32 add burst-time=1s/1s comment=Dimson1|40 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_Dimson1 queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.12/32 add burst-time=1s/1s comment=Leon_Phone|41 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_Leon_Phone queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.61/32 add burst-time=1s/1s comment=mama|42 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_mama queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.66/32 add burst-time=1s/1s comment=miner4|43 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_miner4 queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.28/32 add burst-time=1s/1s comment=Leon_huawei|44 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_Leon_huawei queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.14/32 add burst-time=1s/1s comment="samsung Tab3|23" limit-at=1/1 max-limit=1G/1G \ name="MikroBILL_samsung Tab3" queue=MikroBILL_SFQ/MikroBILL_SFQ target=\ 10.10.10.22/32 add burst-time=1s/1s comment=AP-dacha|45 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_dacha queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.10.70/32 /interface bridge port add bridge=bridge1-lan interface=ether5-lan add bridge=bridge1-lan disabled=yes interface=ether1-wan add bridge=bridge1-lan interface=sfp1 /interface pppoe-server server add interface=ether5-lan max-mru=1480 max-mtu=1480 mrru=1600 service-name=vpn /interface pptp-server server set enabled=yes /ip address add address=10.10.10.1/24 interface=ether5-lan network=10.10.10.0 /ip arp add address=10.10.10.41 comment=MikroBILL_kirill|14 interface=ether5-lan \ mac-address=00:40:F4:6F:56:32 add address=10.10.10.16 comment="MikroBILL_194 nastia planshet|7" interface=\ ether5-lan mac-address=78:24:AF:63:A3:7B add address=10.10.10.67 comment="MikroBILL_nc-10(WI-FI)|24" interface=\ ether5-lan mac-address=00:24:D2:2B:F6:48 add address=10.10.10.63 comment=MikroBILL_Ksuha_iPad|20 interface=ether5-lan \ mac-address=34:51:C9:C8:EC:37 add address=10.10.10.48 comment=MikroBILL_osip|17 interface=ether5-lan \ mac-address=AC:22:0B:51:71:41 add address=10.10.10.45 comment=MikroBILL_Grigorievnew|15 interface=ether5-lan \ mac-address=00:25:22:F1:E3:31 add address=10.10.10.40 comment=MikroBILL_milan|13 interface=ether5-lan \ mac-address=00:19:B9:66:0D:96 add address=10.10.10.39 comment="MikroBILL_nc-10(LAN)|12" interface=ether5-lan \ mac-address=00:13:77:F1:53:D0 add address=10.10.10.38 comment=MikroBILL_194sergey|11 interface=ether5-lan \ mac-address=AC:22:0B:29:44:1E add address=10.10.10.62 comment=MikroBILL_Kirill-Phone|19 interface=ether5-lan \ mac-address=00:03:AB:E3:0E:4F add address=10.10.10.46 comment=MikroBILL_yrec|16 interface=ether5-lan \ mac-address=60:A4:4C:EF:F5:90 add address=10.10.10.13 comment=MikroBILL_TP-Link|5 interface=ether5-lan \ mac-address=E8:DE:27:9F:2D:D2 add address=10.10.10.44 comment="MikroBILL_Samsung TV|27" interface=ether5-lan \ mac-address=84:A4:66:A6:F7:4F add address=10.10.10.7 comment=MikroBILL_leon|29 interface=ether5-lan \ mac-address=D8:50:E6:52:8A:47 add address=10.10.10.64 comment=MikroBILL_Ksuha_iPhone|21 interface=ether5-lan \ mac-address=E0:B5:2D:8A:36:0E add address=10.10.10.25 comment=MikroBILL_router235|30 interface=bridge1-lan \ mac-address=30:5A:3A:64:C4:10 add address=10.10.10.15 comment="MikroBILL_printer hp p2055dn|6" interface=\ bridge1-lan mac-address=78:E7:D1:A0:14:C9 add address=10.10.10.2 comment=MikroBILL_cisco|26 interface=bridge1-lan \ mac-address=0C:27:24:5B:F8:23 add address=10.10.10.3 comment="MikroBILL_Gen8 ILO4|1" interface=bridge1-lan \ mac-address=3C:A8:2A:9F:56:FA add address=10.10.10.5 comment="MikroBILL_Gen8 eth-2|0" interface=bridge1-lan \ mac-address=3C:A8:2A:9F:56:F9 add address=10.10.10.6 comment=MikroBILL_hikvision|3 interface=bridge1-lan \ mac-address=C0:56:E3:98:1C:BA add address=10.10.10.19 comment=MikroBILL_nastia194|10 interface=ether5-lan \ mac-address=9C:B7:0D:2A:9C:37 add address=10.10.10.21 comment=MikroBILL_ultrabook|25 interface=ether5-lan \ mac-address=C4:85:08:8D:E7:5D add address=10.10.10.20 comment=MikroBILL_AccessPoint204|8 interface=ether5-lan \ mac-address=CC:B2:55:8F:8A:B8 add address=10.10.10.30 comment=MikroBILL_router194|9 interface=ether5-lan \ mac-address=00:07:26:44:45:2B add address=10.10.10.65 comment=MikroBILL_luliosha-phone|22 interface=\ ether5-lan mac-address=14:32:D1:4B:62:37 add address=10.10.10.10 comment=MikroBILL_server|4 interface=ether5-lan \ mac-address=74:D4:35:8D:6C:AC add address=10.10.10.27 comment=MikroBILL_legbishe|33 interface=ether1-wan \ mac-address=60:67:20:70:B5:38 add address=10.10.10.50 comment=MikroBILL_aspid|36 interface=ether5-lan \ mac-address=C1:BD:B9:D8:0D:A6 add address=10.10.10.4 comment="MikroBILL_Gen8 eth-1|2" interface=bridge1-lan \ mac-address=3C:A8:2A:9F:56:F8 add address=10.10.10.12 comment=MikroBILL_Dimson1|40 interface=ether5-lan \ mac-address=00:E0:4C:77:13:F8 add address=10.10.10.60 comment=MikroBILL_PowerFive|18 interface=ether5-lan \ mac-address=5C:F7:C3:96:3E:36 add address=10.10.10.61 comment=MikroBILL_Leon_Phone|41 interface=ether5-lan \ mac-address=94:92:BC:16:3A:03 add address=10.10.10.66 comment=MikroBILL_mama|42 interface=ether5-lan \ mac-address=1C:CD:E5:35:89:D5 add address=10.10.10.14 comment=MikroBILL_Leon_huawei|44 interface=ether5-lan \ mac-address=18:D2:76:33:25:C3 add address=10.10.10.22 comment="MikroBILL_samsung Tab3|23" interface=\ ether5-lan mac-address=F0:27:65:F9:AA:84 /ip dhcp-client add dhcp-options=hostname,clientid disabled=no interface=ether1-wan /ip dhcp-server lease add address=10.10.10.5 comment="Gen8 eth-2 (MikroBill)|0" mac-address=\ 3C:A8:2A:9F:56:F9 add address=10.10.10.62 always-broadcast=yes client-id=1:d8:31:cf:9d:66:7d \ comment="Kirill-Phone (MikroBill)|19" mac-address=D8:31:CF:9D:66:7D add address=10.10.10.46 client-id=1:60:a4:4c:ef:f5:90 comment=\ "yrec (MikroBill)|16" mac-address=60:A4:4C:EF:F5:90 add address=10.10.10.13 comment="TP-Link (MikroBill)|5" mac-address=\ E8:DE:27:9F:2D:D2 add address=10.10.10.10 comment="server (MikroBill)|4" mac-address=\ 74:D4:35:8D:6C:AC add address=10.10.10.40 client-id=1:0:19:b9:66:d:96 comment=\ "milan (MikroBill)|13" mac-address=00:19:B9:66:0D:96 server=dhcp-pc add address=10.10.10.44 comment="Samsung TV (MikroBill)|27" mac-address=\ 84:A4:66:A6:F7:4F add address=10.10.10.6 comment="hikvision (MikroBill)|3" mac-address=\ C0:56:E3:98:1C:BA add address=10.10.10.2 comment="cisco (MikroBill)|26" mac-address=\ 0C:27:24:5B:F8:23 add address=10.10.10.3 comment="Gen8 ILO4 (MikroBill)|1" mac-address=\ 3C:A8:2A:9F:56:FA add address=10.10.10.63 client-id=1:34:51:c9:c8:ec:37 comment=\ "Ksuha_iPad (MikroBill)|20" mac-address=34:51:C9:C8:EC:37 add address=10.10.10.7 always-broadcast=yes client-id=1:d8:50:e6:52:8a:47 \ comment="leon (MikroBill)|29" mac-address=D8:50:E6:52:8A:47 add address=10.10.10.64 always-broadcast=yes comment=\ "Ksuha_iPhone (MikroBill)|21" mac-address=E0:B5:2D:8A:36:0E add address=10.10.10.48 client-id=1:ac:22:b:51:71:41 comment=\ "osip (MikroBill)|17" mac-address=AC:22:0B:51:71:41 server=dhcp-pc add address=10.10.10.41 client-id=1:0:40:f4:6f:56:32 comment=\ "kirill (MikroBill)|14" mac-address=00:40:F4:6F:56:32 server=dhcp-pc add address=10.10.10.34 always-broadcast=yes client-id=1:5c:a3:9d:35:f6:c4 \ comment="vpn_bcg (MikroBill)|34" mac-address=5C:A3:9D:35:F6:C4 server=\ dhcp-pc add address=10.10.10.15 comment="printer hp p2055dn (MikroBill)|6" \ mac-address=78:E7:D1:A0:14:C9 add address=10.10.10.21 comment="ultrabook (MikroBill)|25" mac-address=\ C4:85:08:8D:E7:5D add address=10.10.10.20 comment="AccessPoint204 (MikroBill)|8" mac-address=\ CC:B2:55:8F:8A:B8 add address=10.10.10.30 comment="router194 (MikroBill)|9" mac-address=\ 00:07:26:44:45:2B add address=10.10.10.45 client-id=1:0:25:22:f1:e3:31 comment=\ "Grigorievnew (MikroBill)|15" mac-address=00:25:22:F1:E3:31 server=dhcp-pc add address=10.10.10.16 always-broadcast=yes comment=\ "194 nastia planshet (MikroBill)|7" mac-address=78:24:AF:63:A3:7B server=\ dhcp-pc add address=10.10.10.65 comment="luliosha-phone (MikroBill)|22" mac-address=\ 14:32:D1:4B:62:37 add address=10.10.10.19 always-broadcast=yes client-id=1:9c:b7:d:2a:9c:37 \ comment="nastia194 (MikroBill)|10" mac-address=9C:B7:0D:2A:9C:37 server=\ dhcp-pc add address=10.10.10.27 client-id=1:60:67:20:70:b5:38 comment=\ "legbishe (MikroBill)|33" mac-address=60:67:20:70:B5:38 add address=10.10.10.4 always-broadcast=yes comment="Gen8 eth-1 (MikroBill)|2" \ mac-address=3C:A8:2A:9F:56:F8 add address=10.10.10.60 comment="PowerFive (MikroBill)|18" mac-address=\ 5C:F7:C3:96:3E:36 add address=10.10.10.22 client-id=1:f0:27:65:f9:aa:84 comment=\ "samsung Tab3 (MikroBill)|23" mac-address=F0:27:65:F9:AA:84 /ip dhcp-server network add address=10.10.10.0/24 dns-server=8.8.8.8 gateway=10.10.10.1 netmask=24 \ ntp-server=10.10.10.1 /ip dns set servers=193.58.251.251 /ip firewall address-list add address=10.10.10.0/24 comment="All Drop in 10.10.10.0/24" list=\ MikroBill_All_Drop add address=10.10.10.5 comment="Gen8 eth-2|0" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.5 comment="Gen8 eth-2|0" list=MikroBill_Users add address=10.10.10.41 comment=kirill|14 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.41 comment=kirill|14 list=MikroBill_Users add address=10.10.10.16 comment="194 nastia planshet|7" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.16 comment="194 nastia planshet|7" list=MikroBill_Users add address=10.10.10.67 comment="nc-10(WI-FI)|24" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.63 comment=Ksuha_iPad|20 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.60 comment=PowerFive|18 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.48 comment=osip|17 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.45 comment=Grigorievnew|15 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.40 comment=milan|13 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.39 comment="nc-10(LAN)|12" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.38 comment=194sergey|11 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.67 comment="nc-10(WI-FI)|24" list=MikroBill_Users add address=10.10.10.63 comment=Ksuha_iPad|20 list=MikroBill_Users add address=10.10.10.48 comment=osip|17 list=MikroBill_Users add address=10.10.10.45 comment=Grigorievnew|15 list=MikroBill_Users add address=10.10.10.40 comment=milan|13 list=MikroBill_Users add address=10.10.10.39 comment="nc-10(LAN)|12" list=MikroBill_Users add address=10.10.10.38 comment=194sergey|11 list=MikroBill_Users add address=10.10.10.62 comment=Kirill-Phone|19 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.46 comment=yrec|16 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.46 comment=yrec|16 list=MikroBill_Users add address=10.10.10.15 comment="printer hp p2055dn|6" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.13 comment=TP-Link|5 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.15 comment="printer hp p2055dn|6" list=MikroBill_Users add address=10.10.10.13 comment=TP-Link|5 list=MikroBill_Users add address=10.10.10.10 comment=server|4 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.10 comment=server|4 list=MikroBill_Users add address=10.10.10.44 comment="Samsung TV|27" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.44 comment="Samsung TV|27" list=MikroBill_Users add address=10.10.10.6 comment=hikvision|3 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.2 comment=cisco|26 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.2 comment=cisco|26 list=MikroBill_Users add address=10.10.10.3 comment="Gen8 ILO4|1" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.3 comment="Gen8 ILO4|1" list=MikroBill_Users add address=10.10.10.60 comment=PowerFive|18 list=MikroBill_Users add address=10.10.10.7 comment=leon|29 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.7 comment=leon|29 list=MikroBill_Users add address=10.10.10.34 comment=vpn_bcg|28 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.34 comment=vpn_bcg|28 list=MikroBill_Users add address=10.10.10.64 comment=Ksuha_iPhone|21 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.64 comment=Ksuha_iPhone|21 list=MikroBill_Users add address=10.10.10.25 comment=router235|30 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.25 comment=router235|30 list=MikroBill_Users add address=10.10.10.19 comment=nastia194|10 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.19 comment=nastia194|10 list=MikroBill_Users add address=10.10.10.36 comment=vpn_kuhnia|31 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.36 comment=vpn_kuhnia|31 list=MikroBill_Users add address=10.10.10.35 comment=vpn_ultrabook|32 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.35 comment=vpn_ultrabook|32 list=MikroBill_Users add address=10.10.10.21 comment=ultrabook|25 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.21 comment=ultrabook|25 list=MikroBill_Users add address=10.10.10.20 comment=AccessPoint204|8 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.20 comment=AccessPoint204|8 list=MikroBill_Users add address=10.10.10.30 comment=router194|9 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.30 comment=router194|9 list=MikroBill_Users add address=10.10.10.65 comment=luliosha-phone|22 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.65 comment=luliosha-phone|22 list=MikroBill_Users add address=10.10.10.27 comment=legbishe|33 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.27 comment=legbishe|33 list=MikroBill_Users add address=10.10.10.31 comment=vpn_shelkovo|34 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.31 comment=vpn_shelkovo|34 list=MikroBill_Users add address=10.10.10.32 comment=vpn|35 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.32 comment=vpn|35 list=MikroBill_Users add address=10.10.10.50 comment=aspid|36 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.50 comment=aspid|36 list=MikroBill_Users add address=10.10.10.6 comment=hikvision|3 list=MikroBill_Users add address=10.10.10.4 comment="Gen8 eth-1|2" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.4 comment="Gen8 eth-1|2" list=MikroBill_Users add address=10.10.10.33 comment=miner2|37 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.33 comment=miner2|37 list=MikroBill_Users add address=10.10.10.37 comment=miner3|38 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.37 comment=miner3|38 list=MikroBill_Users add address=10.10.10.29 comment=vpn_PowerFive|39 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.12 comment=Dimson1|40 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.12 comment=Dimson1|40 list=MikroBill_Users add address=10.10.10.62 comment=Kirill-Phone|19 list=MikroBill_Users add address=10.10.10.29 comment=vpn_PowerFive|39 list=MikroBill_Users add address=10.10.10.61 comment=Leon_Phone|41 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.61 comment=Leon_Phone|41 list=MikroBill_Users add address=10.10.10.66 comment=mama|42 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.66 comment=mama|42 list=MikroBill_Users add address=10.10.10.28 comment=miner4|43 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.28 comment=miner4|43 list=MikroBill_Users add address=10.10.10.14 comment=Leon_huawei|44 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.14 comment=Leon_huawei|44 list=MikroBill_Users add address=10.10.10.22 comment="samsung Tab3|23" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.22 comment="samsung Tab3|23" list=MikroBill_Users add address=10.10.10.70 comment=AP-dacha|45 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.69 comment=AP-shelkovo|46 list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=10.10.10.69 comment=AP-shelkovo|46 list=MikroBill_Users add address=10.10.10.70 comment=AP-dacha|45 list=MikroBill_Users add address=192.168.88.0/24 comment="All Drop in 192.168.88.0/24" list=\ MikroBill_All_Drop add address=192.168.88.240 comment="dacha WI-FI pool|47" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=192.168.88.240 comment="dacha WI-FI pool|47" list=MikroBill_Users add address=192.168.88.245 comment="dacha WI-FI pool|47" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=192.168.88.243 comment="dacha WI-FI pool|47" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=192.168.88.242 comment="dacha WI-FI pool|47" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=192.168.88.241 comment="dacha WI-FI pool|47" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=192.168.88.245 comment="dacha WI-FI pool|47" list=MikroBill_Users add address=192.168.88.244 comment="dacha WI-FI pool|47" list=MikroBill_Users add address=192.168.88.243 comment="dacha WI-FI pool|47" list=MikroBill_Users add address=192.168.88.242 comment="dacha WI-FI pool|47" list=MikroBill_Users add address=192.168.88.241 comment="dacha WI-FI pool|47" list=MikroBill_Users add address=192.168.88.244 comment="dacha WI-FI pool|47" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=192.168.88.252 comment="dacha WI-FI pool|47" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=192.168.88.251 comment="dacha WI-FI pool|47" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=192.168.88.250 comment="dacha WI-FI pool|47" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=192.168.88.249 comment="dacha WI-FI pool|47" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=192.168.88.248 comment="dacha WI-FI pool|47" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=192.168.88.247 comment="dacha WI-FI pool|47" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=192.168.88.246 comment="dacha WI-FI pool|47" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=192.168.88.252 comment="dacha WI-FI pool|47" list=MikroBill_Users add address=192.168.88.251 comment="dacha WI-FI pool|47" list=MikroBill_Users add address=192.168.88.250 comment="dacha WI-FI pool|47" list=MikroBill_Users add address=192.168.88.249 comment="dacha WI-FI pool|47" list=MikroBill_Users add address=192.168.88.248 comment="dacha WI-FI pool|47" list=MikroBill_Users add address=192.168.88.247 comment="dacha WI-FI pool|47" list=MikroBill_Users add address=192.168.88.246 comment="dacha WI-FI pool|47" list=MikroBill_Users add address=192.168.88.253 comment="dacha WI-FI pool|47" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=192.168.88.253 comment="dacha WI-FI pool|47" list=MikroBill_Users add address=192.168.88.254 comment="dacha WI-FI pool|47" list=\ "MikroBill_LinkedServices_Email-\E8\ED\F4\EE\F0\EC\E8\F0\EE\E2\E0\ED\E8\E5" add address=192.168.88.254 comment="dacha WI-FI pool|47" list=MikroBill_Users /ip firewall filter add action=accept chain=input src-address=178.173.3.2 add action=accept chain=input dst-port=1723 protocol=tcp add action=accept chain=input protocol=gre add action=drop chain=input comment=\ "\EB\EE\EC\E8\F2\F1\FF \ED\E0 ssh \E8\E7\E2\ED\E5" in-interface=ether1-wan \ src-address=222.186.21.82 add action=drop chain=input comment=\ "\EB\EE\EC\E8\F2\F1\FF \ED\E0 \F2\E5\EB\ED\E5\F2 \E8\E7\E2\ED\E5" \ src-address=219.147.230.246 add action=drop chain=forward comment=MikroBILL_Flood_Killer src-address-list=\ MikroBILL_BLOCKED_FLOOD add action=add-src-to-address-list address-list=MikroBILL_BLOCKED_FLOOD \ address-list-timeout=3m chain=forward comment=MikroBILL_Block_Flood \ connection-limit=20,32 dst-port=80 protocol=tcp src-address-list=\ MikroBill_OFF_Users add action=accept chain=forward comment=MikroBILL_Server src-address=10.10.10.2 add action=accept chain=forward comment=MikroBILL_Server2 dst-address=\ 10.10.10.2 add action=accept chain=forward comment=MikroBILL_Users src-address-list=\ MikroBill_Users add action=accept chain=forward comment=MikroBILL_Users2 dst-address-list=\ MikroBill_Users add action=drop chain=forward comment=MikroBILL_Blocked_Users src-address-list=\ MikroBill_All_Drop add action=drop chain=forward comment=MikroBILL_Blocked_Users2 \ dst-address-list=MikroBill_All_Drop /ip firewall nat add action=netmap chain=dstnat comment="MIKROBILL WEB-CAP" disabled=yes \ dst-address=!10.10.10.2 dst-port=80 protocol=tcp src-address-list=\ MikroBill_OFF_Users to-addresses=10.10.10.2 to-ports=81 add action=netmap chain=dstnat comment="MIKROBILL 2WEB-CAP" disabled=yes \ dst-address=!10.10.10.2 dst-port=80 protocol=tcp src-address-list=\ !MikroBill_Users to-addresses=10.10.10.2 to-ports=82 add action=masquerade chain=srcnat comment="MIKROBILL USERS NAT" \ src-address-list=MikroBill_All_Drop add action=netmap chain=dstnat comment=\ "\EF\F0\EE\E1\F0\EE\F1 20 \EF\EE\F0\F2\E0 \ED\E0 10.10.10.4" dst-address=\ ХХ.141.169.140 dst-port=20 protocol=tcp to-addresses=10.10.10.4 to-ports=21 add action=netmap chain=dstnat comment=\ "\EF\F0\EE\E1\F0\EE\F1 21 \EF\EE\F0\F2\E0 \ED\E0 10.10.10.4" dst-address=\ ХХ.141.169.140 dst-port=21 protocol=tcp to-addresses=10.10.10.4 to-ports=21 add action=netmap chain=dstnat comment=\ "\EF\F0\EE\E1\F0\EE\F1 80 \EF\EE\F0\F2\E0 \ED\E0 10.10.10.4" dst-address=\ ХХ.141.169.140 dst-port=80 protocol=tcp to-addresses=10.10.10.4 to-ports=80 add action=netmap chain=dstnat comment="\EF\F0\EE\E1\F0\EE\F1 \EF\EE\F0\F2\E0 97\ 86 \ED\E0 10.10.10.4 \E4\EB\FF \E2\E8\E4\E5\EE\ED\E0\E1\EB\FE\E4\E5\ED\E8\FF\ " dst-address=ХХ.141.169.140 port=9786 protocol=tcp to-addresses=10.10.10.4 \ to-ports=9786 add action=netmap chain=dstnat disabled=yes dst-address=ХХ.141.169.140 \ dst-port=6377 protocol=tcp to-addresses=10.10.10.9 to-ports=6377 # no interface add action=masquerade chain=srcnat out-interface=*14 /ip ipsec peer add address=188.94.226.218/32 dh-group=modp1536 exchange-mode=main-l2tp \ generate-policy=port-override passive=yes secret=123456789 /ip route add disabled=yes distance=1 gateway=77.50.155.1 add comment="\EC\E0\F0\F8\F0\F3\F2 \ED\E0 \F1\E5\F2\FC \D9\B8\EB\EA\EE\E2\EE" \ disabled=yes distance=1 dst-address=10.10.11.0/24 gateway=*F1ABF3 add distance=1 dst-address=192.168.88.0/24 gateway=pptp-AP-dacha pref-src=\ 10.10.10.1 /ip service set telnet disabled=yes set ssh disabled=yes /ppp secret add local-address=10.10.10.1 name=vpn_bcg password=sab182qq remote-address=\ 10.10.10.34 service=pptp add local-address=10.10.10.1 name=vpn_kuhnia password=sab182qq remote-address=\ 10.10.10.36 service=pptp add local-address=10.10.10.1 name=vpn_shelkovo password=sab182qq \ remote-address=10.10.10.31 service=pptp add local-address=10.10.10.1 name=vpn password=11111111 remote-address=\ 10.10.10.32 service=pptp add local-address=10.10.10.1 name=miner2 password=sab182qq remote-address=\ 10.10.10.33 service=pptp add local-address=10.10.10.1 name=vpnpowerfive password=sab182qq \ remote-address=10.10.10.29 service=pptp add local-address=10.10.10.1 name=miner4 password=sab182qq remote-address=\ 10.10.10.28 service=pptp add comment="miner3 (MikroBill)|38" local-address=10.10.10.1 name=miner3 \ password=sab182qq remote-address=10.10.10.37 service=pptp add comment="AP-dacha (MikroBill)|45" local-address=10.10.10.1 name=dacha \ password=sab182qq remote-address=10.10.10.70 service=pptp add comment="AP-shelkovo (MikroBill)|46" local-address=10.10.10.1 name=\ shelkovo password=sab182qq remote-address=10.10.10.69 service=pptp add comment="dacha WI-FI pool (MikroBill)|47" local-address=192.168.88.1 \ name="dacha WI-FI pool" remote-address=192.168.88.240 service=pptp /system clock set time-zone-name=Europe/Moscow /system logging add topics=pptp add topics=account add topics=route /system scheduler add disabled=yes interval=1s name=vlan5-arp on-event=":foreach i in [/ip arp fin\ d dynamic=yes interface=ether5-lan] do={/ip arp add copy-from=\$i}" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\ mar/11/2016 start-time=12:46:43 /tool romon port add [aspid@MikroTik] > MikroTik hEX Lite RB750 r2 pptp клиент MMM MMM KKK TTTTTTTTTTT KKK MMMM MMMM KKK TTTTTTTTTTT KKK MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK MikroTik RouterOS 6.39.2 © 1999-2017 http://www.mikrotik.com/ [?] Gives the list of available commands command [?] Gives help on the command and list of arguments [Tab] Completes the command/word. If the input is ambiguous, a second [Tab] gives possible options / Move up to base level .. Move up one level /command Use command at the base level (157 messages not shown) jun/30/2017 17:23:03 system,error,critical router was rebooted without proper shut down jul/02/2017 22:18:45 system,error,critical router was rebooted without proper shut down jul/07/2017 16:10:16 system,error,critical login failure for user admin from 10.10 .11.10 via web jul/07/2017 16:10:31 system,error,critical login failure for user aspid from 10.10 .11.10 via web jul/07/2017 16:11:46 system,error,critical login failure for user admin from 10.10 .11.10 via web jul/07/2017 17:10:53 system,error,critical login failure for user admin from 10.10 .11.10 via web jul/07/2017 17:11:14 system,error,critical login failure for user admin from 10.10 .11.10 via web jul/07/2017 17:00:05 system,error,critical router was rebooted without proper shut down [admin@MikroTik] > export compact # jul/14/2017 18:26:05 by RouterOS 6.39.2 # software id = RU2Q-HW4V # /interface ethernet set [ find default-name=ether1 ] mac-address=F4:EC:38:EE:DE:B1 name=\ ether1-gateway set [ find default-name=ether2 ] name=ether2-master-local set [ find default-name=ether3 ] master-port=ether2-master-local name=\ ether3-slave-local set [ find default-name=ether4 ] master-port=ether2-master-local name=\ ether4-slave-local set [ find default-name=ether5 ] master-port=ether2-master-local name=\ ether5-slave-local /interface pptp-client add connect-to=94.141.169.140 disabled=no keepalive-timeout=disabled name=\ pptp-out1 password=sab182qq user=shelkovo /ip neighbor discovery set ether1-gateway discover=no /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip ipsec proposal set [ find default=yes ] enc-algorithms=3des pfs-group=none /ip pool add name=dhcp ranges=10.10.11.2-10.10.11.10 /ip dhcp-server add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\ ether2-master-local name=DHCP-Shelkovo /queue type add kind=pfifo name=MikroBILL_PFIFO pfifo-limit=500 add kind=sfq name=MikroBILL_SFQ add kind=pcq name=MikroBILL_PCQ_UP pcq-classifier=src-address pcq-total-limit=\ 400KiB add kind=pcq name=MikroBILL_PCQ_DOWN pcq-classifier=dst-address \ pcq-total-limit=400KiB /queue simple add burst-time=1s/1s comment=asus|0 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_asus queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.11.6/32 \ total-queue=MikroBILL_SFQ add burst-time=1s/1s comment=dune|1 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_dune queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.11.7/32 \ total-queue=MikroBILL_SFQ add burst-time=1s/1s comment=GoldFish|2 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_GoldFish queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.11.4/32 \ total-queue=MikroBILL_SFQ add burst-time=1s/1s comment=kuhnia|3 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_kuhnia queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.11.10/32 \ total-queue=MikroBILL_SFQ add burst-time=1s/1s comment=storj|4 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_storj queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.11.8/32 \ total-queue=MikroBILL_SFQ add burst-time=1s/1s comment=Levina|5 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_Levina queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.11.5/32 \ total-queue=MikroBILL_SFQ add burst-time=1s/1s comment=dd-wrt|6 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_dd-wrt queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.11.3/32 \ total-queue=MikroBILL_SFQ add burst-time=1s/1s comment=PowerFive|7 limit-at=1/1 max-limit=1G/1G name=\ MikroBILL_PowerFive queue=MikroBILL_SFQ/MikroBILL_SFQ target=10.10.11.9/32 \ total-queue=MikroBILL_SFQ /system logging action set 1 disk-file-name=log /ip address add address=10.10.11.1/24 comment="default configuration" interface=\ ether2-master-local network=10.10.11.0 add address=10.ХХХ.72.23/16 interface=ether1-gateway network=10.ХХХ.0.0 /ip arp add address=10.10.11.10 interface=ether2-master-local mac-address=\ 70:71:BC:46:69:C4 add address=10.10.11.6 comment=MikroBILL_asus|0 interface=ether1-gateway \ mac-address=E0:3F:49:1E:E0:8C add address=10.10.11.4 comment=MikroBILL_GoldFish|2 interface=ether1-gateway \ mac-address=E8:DE:27:9F:2D:D2 add address=10.10.11.7 comment=MikroBILL_dune|1 interface=ether1-gateway \ mac-address=00:26:AA:A3:BA:2D add address=10.10.11.10 comment=MikroBILL_kuhnia|3 interface=ether1-gateway \ mac-address=70:71:BC:46:69:C4 add address=10.10.11.5 comment=MikroBILL_Levina|5 interface=ether1-gateway \ mac-address=BC:AE:C5:B6:24:48 add address=10.10.11.3 comment=MikroBILL_dd-wrt|6 interface=ether1-gateway \ mac-address=20:CF:30:CE:25:F4 add address=10.10.11.9 comment=MikroBILL_PowerFive|7 interface=ether1-gateway \ mac-address=5C:F7:C3:96:3E:36 /ip dhcp-client add comment="default configuration" dhcp-options=hostname,clientid interface=\ ether1-gateway /ip dhcp-server lease add address=10.10.11.3 always-broadcast=yes client-id=1:20:cf:30:ce:25:f4 \ comment="dd-wrt (MikroBill)|6" mac-address=20:CF:30:CE:25:F4 add address=10.10.11.10 client-id=1:e8:de:27:9f:2d:d2 mac-address=\ E8:DE:27:9F:2D:D2 server=DHCP-Shelkovo add address=10.10.11.6 comment="asus (MikroBill)|0" mac-address=\ E0:3F:49:1E:E0:8C add address=10.10.11.7 comment="dune (MikroBill)|1" mac-address=\ 00:26:AA:A3:BA:2D add address=10.10.11.4 comment="GoldFish (MikroBill)|2" mac-address=\ E8:DE:27:9F:2D:D2 add address=10.10.11.5 comment="Levina (MikroBill)|5" mac-address=\ BC:AE:C5:B6:24:48 add address=10.10.11.9 comment="PowerFive (MikroBill)|7" mac-address=\ 5C:F7:C3:96:3E:36 /ip dhcp-server network add address=10.10.11.0/24 gateway=10.10.11.1 netmask=24 /ip dns set allow-remote-requests=yes servers=193.58.251.251,8.8.8.8 /ip dns static add address=10.10.11.1 name=router /ip firewall address-list add address=10.10.11.5 list=levina add address=10.10.11.10 list=kuhnia add address=10.10.11.7 list=dune add address=10.10.11.4 list=tp-link add address=10.10.11.8 list=storj add address=10.10.11.8 comment="All Drop in 10.10.11.8" list=MikroBill_All_Drop add address=10.10.11.8 comment=storj|4 list=MikroBill_Users add address=10.10.11.0/24 comment="All Drop in 10.10.11.0/24" list=\ MikroBill_All_Drop add address=10.10.11.6 comment=asus|0 disabled=yes list=MikroBill_OFF_Users add address=10.10.11.6 comment=asus|0 list=MikroBill_Users add address=10.10.11.7 comment=dune|1 disabled=yes list=MikroBill_OFF_Users add address=10.10.11.7 comment=dune|1 list=MikroBill_Users add address=10.10.11.4 comment=GoldFish|2 disabled=yes list=MikroBill_OFF_Users add address=10.10.11.4 comment=GoldFish|2 list=MikroBill_Users add address=10.10.11.10 comment=kuhnia|3 disabled=yes list=MikroBill_OFF_Users add address=10.10.11.10 comment=kuhnia|3 list=MikroBill_Users add address=10.10.11.5 comment=Levina|5 disabled=yes list=MikroBill_OFF_Users add address=10.10.11.5 comment=Levina|5 list=MikroBill_Users add address=10.10.11.3 comment=dd-wrt|6 disabled=yes list=MikroBill_OFF_Users add address=10.10.11.3 comment=dd-wrt|6 list=MikroBill_Users add address=10.10.11.9 comment=PowerFive|7 disabled=yes list=\ MikroBill_OFF_Users add address=10.10.11.9 comment=PowerFive|7 list=MikroBill_Users /ip firewall filter add action=drop chain=forward comment=MikroBILL_Flood_Killer src-address-list=\ MikroBILL_BLOCKED_FLOOD add action=add-src-to-address-list address-list=MikroBILL_BLOCKED_FLOOD \ address-list-timeout=3m chain=forward comment=MikroBILL_Block_Flood \ connection-limit=20,32 dst-port=80 protocol=tcp src-address-list=\ MikroBill_OFF_Users add action=accept chain=forward comment=MikroBILL_Server src-address=10.10.11.8 add action=accept chain=forward comment=MikroBILL_Server2 dst-address=\ 10.10.11.8 add action=accept chain=forward comment=MikroBILL_WhiteList dst-address-list=\ WhiteHosts add action=accept chain=forward comment=MikroBILL_Users src-address-list=\ MikroBill_Users add action=accept chain=forward comment=MikroBILL_Users2 dst-address-list=\ MikroBill_Users add action=drop chain=forward comment=MikroBILL_Blocked_Users disabled=yes \ src-address-list=MikroBill_All_Drop add action=drop chain=forward comment=MikroBILL_Blocked_Users2 disabled=yes \ dst-address-list=MikroBill_All_Drop /ip firewall nat add action=netmap chain=dstnat comment="MIKROBILL WEB-CAP" disabled=yes \ dst-address=!10.10.11.8 dst-address-list=!WhiteHosts dst-port=80 protocol=\ tcp src-address-list=MikroBill_OFF_Users to-addresses=10.10.11.8 to-ports=\ 81 add action=netmap chain=dstnat comment="MIKROBILL 2WEB-CAP" disabled=yes \ dst-address=!10.10.11.8 dst-address-list=!WhiteHosts dst-port=80 protocol=\ tcp src-address-list=!MikroBill_Users to-addresses=10.10.11.8 to-ports=82 add action=masquerade chain=srcnat comment="MIKROBILL USERS NAT" \ src-address-list=MikroBill_All_Drop add action=masquerade chain=srcnat out-interface=ether1-gateway /ip ipsec peer add address=0.0.0.0/0 enc-algorithm=aes-256,aes-128,3des secret=Bcg_58_3 \ send-initial-contact=no add enc-algorithm=3des secret=Bcg_58_3 /ip route add distance=1 gateway=10.ХХХ.72.254 add comment="\EC\E0\F0\F8\F0\F3\F2 \ED\E0 10.10.10.0/24" distance=1 \ dst-address=10.10.10.0/24 gateway=*7 pref-src=10.10.10.31 /ip service set ftp disabled=yes set ssh disabled=yes /ppp secret add local-address=10.10.10.31 name=vpn_shelkovo password=sab182qq \ remote-address=94.141.169.140 service=pptp /system clock set time-zone-name=Europe/Moscow /system logging add topics=pptp add topics=firewall /tool mac-server set [ find default=yes ] disabled=yes add interface=ether2-master-local add interface=ether3-slave-local add interface=ether4-slave-local add interface=ether5-slave-local /tool mac-server mac-winbox set [ find default=yes ] disabled=yes add interface=ether2-master-local add interface=ether3-slave-local add interface=ether4-slave-local add interface=ether5-slave-local [admin@MikroTik] > после обновления ситуация не поменялась Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
DeLL Опубликовано 14 июля, 2017 · Жалоба На сервере: /ip route add comment="\EC\E0\F0\F8\F0\F3\F2 \ED\E0 \F1\E5\F2\FC \D9\B8\EB\EA\EE\E2\EE" \ disabled=yes distance=1 dst-address=10.10.11.0/24 gateway=*F1ABF3 Почему маршрут выключен и что указано в качестве шлюза? Должно быть pptp-AP-shelkovo На клиенте: /ip route add comment="\EC\E0\F0\F8\F0\F3\F2 \ED\E0 10.10.10.0/24" distance=1 \ dst-address=10.10.10.0/24 gateway=*7 pref-src=10.10.10.31 Тоже самое, вместо гетвея должно быть pptp-out1 и убрать pref-src, оно само появится /ppp secret add local-address=10.10.10.31 name=vpn_shelkovo password=sab182qq \ remote-address=94.141.169.140 service=pptp убрать локал и ремоте адреса совсем Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
aspidz Опубликовано 15 июля, 2017 · Жалоба выполнил первый код на сервере, появилось два не активных маршрута, в обоих поставил гейтом pptp-AP-shelkovo вторую и третью команду выполнил на клиенте, после второй создалось два маршрута в обоих поставил гейтом pptp-out1 и убрал pref-src после третьей команды терминал ругнулся на то,что секрет с таким именем уже существует, я его убил и этой командой создал заново, убрал локал и ремоте адреса совсем клиент по прежнему не хочет цепляться к серверу с моей точки зрения ничего не изменилось Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
DeLL Опубликовано 15 июля, 2017 · Жалоба Я привел не команды для выполнения, а кусок конфы, выложенной выше) Там у Вас 2 ошибки - это отсутствие маршрута на одном из устройств, и неправильное присвоение IP адресов для туннеля VPN, из-за чего и не работает Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...
aspidz Опубликовано 16 июля, 2017 · Жалоба так или иначе я же выполнил все Ваши рекомендации, желаемого результата это не принесло Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...