I have 5 MikroTek CRS 4 have there own gateway 1 linked via vpn, and 4 wired across 5 sites of one company however ever since these have been installed the client is not able to access https websites on practically any computer.
Examples
Microsoft.com
Mail.AOL.com
BankofAmerica.com
WIX.com
and many other less known sites too
however sites that support no https or both do work
Google.com for example works in https and http
and any site with no https works
if you go to a site http as an option it will load in a fraction of a second but https only sites it acts like it will load and hangs on Securing Connection.
Firewall rules are minimal for this client and no rules dealing with port 443 not a virus as it is all computers there including one i have a clean install or windows 10 and nothing else has this issue.
issue is same regardless of chrome, internet explorer, edge
Copy of Chrome error messages
"This site can’t be reached
www.bankofamerica.com took too long to respond.
Try:
Checking the connection
Checking the proxy and the firewall
Running Windows Network Diagnostics
ERR_TIMED_OUT"
"This site can’t be reached
mail.aol.com took too long to respond.
Try:
Checking the connection
Checking the proxy and the firewall
Running Windows Network Diagnostics
ERR_TIMED_OUT
ReloadHIDE DETAILS"
At this point i am at a loss to many computers affected and issue started right after these were installed. but i do not see anything that should cause these blocks.
Re: whole site can not access HTTPS websites
Post your configuration or else we can't really help you.
Re: whole site can not access HTTPS websites
I am assuming you are asking for the rif files? but in truth if it not i need to know what you are asking. but i do not see how attach them.
isp > 90 > Wired connection to 89,91,92, and via VPN 88
isp > 89 > Wired connection to 90 > From 90 Wired to 91,92
isp > 91 > Wired connection to 90 and via VPN 88 > From 90 Wired to 89,92
NO ISP > 92 > wired connection to 90
ISP >.88 Via VPN (no default rule) to 90, 91
now every one of these locations has the same issue stated above. and this all started when the CRS were installed.
isp > 90 > Wired connection to 89,91,92, and via VPN 88
isp > 89 > Wired connection to 90 > From 90 Wired to 91,92
isp > 91 > Wired connection to 90 and via VPN 88 > From 90 Wired to 89,92
NO ISP > 92 > wired connection to 90
ISP >.88 Via VPN (no default rule) to 90, 91
now every one of these locations has the same issue stated above. and this all started when the CRS were installed.
Re: whole site can not access HTTPS websites
I've had a similar issue with some sites that use PPPoE. I don't know your setup, but it it's the same thing I encountered, try this:
- Set the PPP profile to use change-tcp-mss=yes
- /ip firewall mangle add action=change-mss chain=forward comment="Clamp MSS to PMTU for Outgoing packets" new-mss=clamp-to-pmtu out-interface=all-ppp passthrough=no protocol=tcp tcp-flags=syn
Re: whole site can not access HTTPS websites
Execute the command /export hide-sensitiveI am assuming you are asking for the rif files? but in truth if it not i need to know what you are asking. but i do not see how attach them.
Then copy and paste that into a message post on the forum. If you look at all the formatting items above the text entry area, one of the items is "Code". click that and it will add a code and /code (inside square brackets) and the cursor will be right in between them. Paste your export there and it will setup a scrollable code box like the one below that contains just the first few lines of one of my routers.
Code: Select all
# jun/22/2017 22:32:05 by RouterOS 6.39.1
# software id = <redacted>
#
/interface ethernet
set [ find default-name=ether1 ] comment="Spectrum cable internet" name=\
E1-p49_Cable_Internet
set [ find default-name=ether2 ] comment="Main cable home LAN" name=\
E2-p13_101
set [ find default-name=ether3 ] comment="Public WiFi" name=E3-p15_102
set [ find default-name=ether4 ] comment="Private WiFi" name=E4-p17_103
set [ find default-name=ether5 ] comment="802.11Q trunk" name=E5-p19_802.11Q
/ip neighbor discovery
set E1-p49_Cable_Internet discover=no
/interface vlan
add comment="Cactus/Red Cross" interface=E5-p19_802.11Q name=VLAN_104 \
vlan-id=104
add comment="Scanner feed" interface=E5-p19_802.11Q name=VLAN_105 vlan-id=105
add comment="DSL internet" interface=E5-p19_802.11Q name=VLAN_200 vlan-id=200
add comment=".201 Alt" interface=E5-p19_802.11Q name=VLAN_201 vlan-id=201
add comment="211 router tieline" interface=E5-p19_802.11Q name=VLAN_211 \
vlan-id=211
Sorry, but that description is absolutely meaningless. It might make sense with your configuration, but a drawing MAY help if your network is complex.isp > 90 > Wired connection to 89,91,92, and via VPN 88
isp > 89 > Wired connection to 90 > From 90 Wired to 91,92
isp > 91 > Wired connection to 90 and via VPN 88 > From 90 Wired to 89,92
NO ISP > 92 > wired connection to 90
ISP >.88 Via VPN (no default rule) to 90, 91
now every one of these locations has the same issue stated above. and this all started when the CRS were installed.
Re: whole site can not access HTTPS websites
Here is 3 of the 5 units
I will try the other persons code to see if it works
I will try the other persons code to see if it works
Code: Select all
[admin@89] > /export hide-sensitive
# jun/23/2017 20:05:52 by RouterOS 6.38.7
# software id =
#
/interface bridge
add admin-mac=E4:8D:8C:58:12:6E auto-mac=no name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country="united states" disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
MikroTik- wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=ether5-slave-local
set [ find default-name=ether6 ] master-port=ether2-master-local name=ether6-slave-local
set [ find default-name=ether7 ] master-port=ether2-master-local name=ether7-slave-local
set [ find default-name=ether8 ] master-port=ether2-master-local name=ether8-slave-local
set [ find default-name=ether9 ] master-port=ether2-master-local name=ether9-slave-local
set [ find default-name=ether10 ] master-port=ether2-master-local name=ether10-slave-local
set [ find default-name=ether11 ] master-port=ether2-master-local name=ether11-slave-local
set [ find default-name=ether12 ] master-port=ether2-master-local name=ether12-slave-local
set [ find default-name=ether13 ] master-port=ether2-master-local name=ether13-slave-local
set [ find default-name=ether14 ] master-port=ether2-master-local name=ether14-slave-local
set [ find default-name=ether15 ] master-port=ether2-master-local name=ether15-slave-local
set [ find default-name=ether16 ] master-port=ether2-master-local name=ether16-slave-local
set [ find default-name=ether17 ] master-port=ether2-master-local name=ether17-slave-local
set [ find default-name=ether18 ] master-port=ether2-master-local name=ether18-slave-local
set [ find default-name=ether19 ] master-port=ether2-master-local name=ether19-slave-local
set [ find default-name=ether20 ] master-port=ether2-master-local name=ether20-slave-local
set [ find default-name=ether21 ] master-port=ether2-master-local name=ether21-slave-local
set [ find default-name=ether22 ] master-port=ether2-master-local name=ether22-slave-local
set [ find default-name=ether23 ] master-port=ether2-master-local name=ether23-slave-local
set [ find default-name=ether24 ] master-port=ether2-master-local name=ether24-slave-local
set [ find default-name=sfp1 ] master-port=ether2-master-local name=sfp1-slave-local
/ip neighbor discovery
set ether1-gateway discover=no
/interface ovpn-client
add certificate=RooTCA.crt_0 cipher=aes192 connect-to=ip disabled=yes mac-address=02:60:8B:BA:D9:C2 max-mtu=1400 mode=ethernet name=\
OVPNFrom89To88 user=OVPN89
add certificate=RooTCA.crt_0 cipher=aes192 connect-to=ip disabled=yes mac-address=02:60:8B:BA:D9:C2 max-mtu=1400 mode=ethernet name=OVPNFrom89To90 user=OVPN89
add certificate=RooTCA.crt_0 cipher=aes192 connect-to=ip disabled=yes mac-address=02:60:8B:BA:D9:C2 max-mtu=1400 mode=ethernet name=\
OVPNFrom89To91 user=OVPN89
add certificate=RooTCA.crt_0 cipher=aes192 connect-to=IP disabled=yes mac-address=02:60:8B:BA:D9:C2 max-mtu=1400 mode=ethernet name=OVPNFrom89To92 user=OVPN89
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
add name=profile supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys name=BHNTG1682G24CC supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm mode=dynamic-keys name=PYC supplicant-identity=MikroTik unicast-ciphers=tkip,aes-ccm
/interface wireless
add disabled=no mac-address=E6:8D:8C:58:12:86 master-interface=wlan1 mode=ap-bridge name=wlan2 security-profile=profile ssid=PYC-Guests
add keepalive-frames=disabled mac-address=E6:8D:8C:58:12:87 master-interface=wlan1 mode=ap-bridge multicast-buffering=disabled name=wlan3 security-profile=PYC ssid=PYC \
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=md5 enc-algorithms=3des
/ppp profile
add bridge=bridge-local bridge-path-cost=100 bridge-port-priority=0x90 change-tcp-mss=yes dns-server=192.168.89.1,192.168.90.10 local-address=192.168.89.1 name=\
OVPN-Profile wins-server=192.168.90.10
/system logging action
set 1 disk-file-name=Logs/log
add disk-file-name=Logs/Account name=AccountChanges target=disk
add disk-file-name=Logs/VPN disk-lines-per-file=10000 name=VPNDisk target=disk
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge filter
add action=drop chain=forward in-interface=wlan2
add action=drop chain=forward out-interface=wlan2
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=wlan2
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface ovpn-server server
set auth=sha1 certificate=RooTCA.crt_0 cipher=aes128,aes192,aes256 default-profile=OVPN-Profile enabled=yes mode=ethernet netmask=22 require-client-certificate=yes
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.89.1/21 comment="default configuration" interface=ether2-master-local network=192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=ether1-gateway use-peer-dns=no
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
/ip dhcp-server network
add address=192.168.88.0/21 comment="default configuration" dns-server=192.168.90.10,192.168.91.10,208.67.222.222,208.67.220.220 domain=DOMAIN.com gateway=\
192.168.89.1 netmask=21 next-server=192.168.90.1 wins-server=192.168.90.10,192.168.91.10,192.168.89.10,192.168.88.10
/ip dns
set allow-remote-requests=yes servers=\
192.168.90.10,192.168.91.10,192.168.90.1,192.168.89.1,192.168.88.1,192.168.91.1,208.67.220.220,208.67.220.220,208.67.222.222,208.67.222.222
/ip dns static
add address=192.168.89.1 name=router
add action=accept chain=input comment="Used for SSTP" dst-port=8291 log=yes log-prefix=Port8291 protocol=tcp
add action=accept chain=input comment="Used for OVPN" dst-port=1194 protocol=udp
add action=accept chain=input comment="Used for OVPN" dst-port=1194 log-prefix=Port1194 protocol=tcp
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add action=fasttrack-connection chain=forward comment="default configuration" connection-state=established,related
add action=accept chain=forward comment="default configuration" connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=invalid
add action=drop chain=forward comment="default configuration" connection-nat-state=!dstnat connection-state=new in-interface=ether1-gateway
/ip firewall mangle
add action=change-mss chain=forward comment="Clamp MSS to PMTU for Outgoing packets" new-mss=clamp-to-pmtu out-interface=all-ppp passthrough=no protocol=tcp tcp-flags=syn
/ip firewall nat
add action=dst-nat chain=dstnat comment="This rule will force all users with custom defined DNS server to use 192.168.89.1 as their DNS server, this rule will simply redir\
ect all request sent to ANY-IP:53 to 192.168.89.1:53" disabled=yes dst-port=53 protocol=tcp to-addresses=192.168.89.1 to-ports=53
add action=dst-nat chain=dstnat comment="This rule will force all users with custom defined DNS server to use 192.168.89.1 as their DNS server, this rule will simply redir\
ect all request sent to ANY-IP:53 to 192.168.89.1:53" disabled=yes dst-port=53 protocol=udp to-addresses=192.168.89.1 to-ports=53
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
/ip ipsec peer
add address=192.168.9.44/32 disabled=yes dpd-interval=10s dpd-maximum-failures=2 enc-algorithm=3des hash-algorithm=md5
add address=192.168.9.45/32 disabled=yes dpd-interval=10s dpd-maximum-failures=2 enc-algorithm=3des hash-algorithm=md5
/ip ipsec policy
add disabled=yes dst-address=192.168.90.0/24 sa-dst-address=192.168.9.44 sa-src-address=192.168.9.46 src-address=192.168.89.0/24 tunnel=yes
add disabled=yes dst-address=192.168.91.0/24 sa-dst-address=192.168.9.45 sa-src-address=192.168.9.46 src-address=192.168.89.0/24 tunnel=yes
/ip pool
add name=dhcp next-pool=DCHP2 ranges=192.168.89.90-192.168.89.159
add name=Site-VPN-Site next-pool=Remote-VPN ranges=192.168.89.2-192.168.89.5
add name=PYC-Staff next-pool=dhcp ranges=192.168.89.20-192.168.89.89
add name=DCHP2 next-pool=dhcp ranges=192.168.89.180-192.168.89.254
add name=Remote-VPN next-pool=PYC-Staff ranges=192.168.89.6-192.168.89.9
add name=Printers-Pool next-pool=dhcp ranges=192.168.89.160-192.168.89.179
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=ether1-gateway type=external
/lcd interface pages
set 0 interfaces=wlan1
/ppp profile
add bridge=bridge-local dns-server=192.168.89.1,192.168.90.10 local-address=192.168.89.1 name=SSTP-Profile remote-address=Remote-VPN wins-server=192.168.90.10
set *FFFFFFFE local-address=192.168.89.1 remote-address=Site-VPN-Site
/ppp secret
add name=vpn
add local-address=192.168.89.1 name=OVPN89 profile=OVPN-Profile remote-address=192.168.89.3 service=ovpn
add local-address=192.168.89.1 name=OVPN88 profile=OVPN-Profile remote-address=192.168.89.2 service=ovpn
add local-address=192.168.89.1 name=OVPN90 profile=OVPN-Profile remote-address=192.168.89.4 service=ovpn
add local-address=192.168.89.1 name=OVPN91 profile=OVPN-Profile remote-address=192.168.89.5 service=ovpn
add local-address=192.168.89.1 name=OVPN92 profile=OVPN-Profile remote-address=192.168.89.6 service=ovpn
/system clock
set time-zone-name=America/New_York
/system identity
set name=89
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set bridge-local disabled=yes display-time=5s
set wlan2 disabled=yes display-time=5s
set wlan3 disabled=yes display-time=5s
set OVPNFrom89To90 disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set ether1-gateway disabled=yes display-time=5s
set ether2-master-local disabled=yes display-time=5s
set ether3-slave-local disabled=yes display-time=5s
set ether4-slave-local disabled=yes display-time=5s
set ether5-slave-local disabled=yes display-time=5s
set ether6-slave-local disabled=yes display-time=5s
set ether7-slave-local disabled=yes display-time=5s
set ether8-slave-local disabled=yes display-time=5s
set ether9-slave-local disabled=yes display-time=5s
set ether10-slave-local disabled=yes display-time=5s
set OVPNFrom89To91 disabled=yes display-time=5s
set ether11-slave-local disabled=yes display-time=5s
set ether21-slave-local disabled=yes display-time=5s
set ether22-slave-local disabled=yes display-time=5s
set ether23-slave-local disabled=yes display-time=5s
set ether24-slave-local disabled=yes display-time=5s
set sfp1-slave-local disabled=yes display-time=5s
set ether17-slave-local disabled=yes display-time=5s
set ether18-slave-local disabled=yes display-time=5s
set ether19-slave-local disabled=yes display-time=5s
set ether20-slave-local disabled=yes display-time=5s
set OVPNFrom89To88 disabled=yes display-time=5s
set ether12-slave-local disabled=yes display-time=5s
set ether13-slave-local disabled=yes display-time=5s
set ether14-slave-local disabled=yes display-time=5s
set ether15-slave-local disabled=yes display-time=5s
set ether16-slave-local disabled=yes display-time=5s
set OVPNFrom89To92 disabled=yes display-time=5s
set sit1 disabled=yes display-time=5s
/system logging
add topics=ipsec,ovpn,sstp,ppp,pptp
add action=AccountChanges topics=account
add topics=account
add action=VPNDisk topics=ipsec,ovpn,sstp,ppp,pptp
/system package update
set channel=bugfix
/system scheduler
add interval=5m name=updatehostnames on-event=resolvehostnames policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jan/01/1970 start-time=\
00:00:00
/system script
add name=resolvehostnames owner=admin policy=read,write source="# define variables\r\
\n:local list\r\
\n:local comment\r\
\n:local newip\r\
\n:local oldip\r\
\n\r\
\n# Loop through each entry in the address list.\r\
\n:foreach i in=[/ip firewall address-list find] do={\r\
\n\r\
\n# Get the first five characters of the list name\r\
\n :set list [:pick [/ip firewall address-list get \$i list] 0 5]\r\
\n\r\
\n# If they're 'host_', then we've got a match - process it\r\
\n :if (\$list = \"host_\") do={\r\
\n\r\
\n# Get the comment for this address list item (this is the host name to use)\r\
\n :set comment [/ip firewall address-list get \$i comment]\r\
\n :set oldip [/ip firewall address-list get \$i address]\r\
\n\r\
\n# Resolve it and set the address list entry accordingly.\r\
\n : if (\$newip != \$oldip) do={:set newip [:resolve \$comment]\r\
\n /ip firewall address-list set \$i address=\$newip}\r\
\n }\r\
\n }"
/system upgrade upgrade-package-source
add address=192.168.90.1 user=Updates
add address=192.168.91.1 user=Updates
add address=192.168.88.1 user=Updates
add address=192.168.89.1 user=Updates
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=wlan1
add interface=wlan2
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=wlan1
add interface=wlan2
/tool traffic-generator
set latency-distribution-max=1ms stats-samples-to-keep=1000
/tool user-manager database
set db-path=user-manager
Code: Select all
[admin@90] > /export hide-sensitive
# jun/23/2017 20:21:26 by RouterOS 6.38.7
# software id =
#
/interface bridge
add name=Bridge-Public
add admin-mac=E4:8D:8C:42:CF:62 auto-mac=no name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
country="united states" disabled=no distance=indoors frequency=auto mode=\
ap-bridge ssid=MikroTik- wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether01-gateway
set [ find default-name=ether2 ] name=ether02-master-local
set [ find default-name=ether3 ] master-port=ether02-master-local name=\
ether03-slave-local
set [ find default-name=ether4 ] master-port=ether02-master-local name=\
ether04-slave-local
set [ find default-name=ether5 ] master-port=ether02-master-local name=\
ether05-slave-local
set [ find default-name=ether6 ] master-port=ether02-master-local name=\
ether06-slave-local
set [ find default-name=ether7 ] master-port=ether02-master-local name=\
ether07-slave-local
set [ find default-name=ether8 ] master-port=ether02-master-local name=\
ether08-slave-local
set [ find default-name=ether9 ] master-port=ether02-master-local name=\
ether09-slave-local
set [ find default-name=ether10 ] master-port=ether02-master-local name=\
ether10-slave-local
set [ find default-name=ether11 ] master-port=ether02-master-local name=\
ether11-slave-local
set [ find default-name=ether12 ] master-port=ether02-master-local name=\
ether12-slave-local
set [ find default-name=ether13 ] master-port=ether02-master-local name=\
ether13-slave-local
set [ find default-name=ether14 ] master-port=ether02-master-local name=\
ether14-slave-local
set [ find default-name=ether15 ] master-port=ether02-master-local name=\
ether15-slave-local
set [ find default-name=ether16 ] master-port=ether02-master-local name=\
ether16-slave-local
set [ find default-name=ether17 ] master-port=ether02-master-local name=\
ether17-slave-local
set [ find default-name=ether18 ] master-port=ether02-master-local name=\
ether18-slave-local
set [ find default-name=ether19 ] master-port=ether02-master-local name=\
ether19-slave-local
set [ find default-name=ether20 ] master-port=ether02-master-local name=\
ether20-slave-local
set [ find default-name=ether21 ] master-port=ether02-master-local name=\
ether21-slave-local
set [ find default-name=ether22 ] master-port=ether02-master-local name=\
ether22-slave-local
set [ find default-name=ether23 ] master-port=ether02-master-local name=\
ether23-slave-local
set [ find default-name=ether24 ] master-port=ether02-master-local name=\
ether24-slave-local
set [ find default-name=sfp1 ] master-port=ether02-master-local name=\
sfp01-slave-local
/interface ovpn-server
add name=OVPN-Interface user=""
/ip neighbor discovery
set ether01-gateway discover=no
/interface ovpn-client
add certificate=RooTCA.crt_0 cipher=aes192 connect-to=IP \
disabled=yes mac-address=02:26:32:FB:13:57 max-mtu=1400 mode=ethernet \
name=OVPNTo89From90 user=OVPN90
max-mtu=1400 mode=ethernet name=OVPNTo90From90 user=OVPN90
add certificate=RooTCA.crt_0 cipher=aes192 connect-to=108.190.153.133 \
disabled=yes mac-address=02:26:32:FB:13:57 max-mtu=1400 mode=ethernet \
name=OVPNTo91From90 user=OVPN90
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik
add eap-methods="" management-protection=allowed name=PYC-Public \
supplicant-identity=""
add eap-methods="" group-ciphers=tkip,aes-ccm name=PYC supplicant-identity=\
MikroTik unicast-ciphers=tkip,aes-ccm
/interface wireless
add keepalive-frames=disabled mac-address=E6:8D:8C:42:CF:7A master-interface=\
wlan1 mode=ap-bridge multicast-buffering=disabled name=\
wlan2-Master-Public security-profile=PYC-Public ssid=PYC-Public \
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add keepalive-frames=disabled mac-address=E6:8D:8C:42:CF:7B master-interface=\
wlan1 mode=ap-bridge multicast-buffering=disabled name=wlan3 \
security-profile=PYC ssid=PYC wds-cost-range=0 wds-default-cost=0 \
wps-mode=disabled
/ip hotspot profile
add dns-name=PYC-Public hotspot-address=10.5.52.1 name=hsprof1
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=md5 enc-algorithms=3des
/ip pool
add name=dhcp ranges=192.168.90.20-192.168.90.254
add name=Site-vpn-Site next-pool=dhcp ranges=192.168.90.5-192.168.90.9
add name=hs-pool-29 ranges=10.5.52.2-10.5.52.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
/ip hotspot
add address-pool=hs-pool-29 disabled=no interface=wlan2-Master-Public name=\
hotspot1 profile=hsprof1
/ppp profile
set *0 bridge=bridge-local local-address=192.168.90.1 remote-address=\
Site-vpn-Site
add bridge=bridge-local dns-server=192.168.90.1,192.168.90.10 local-address=\
192.168.90.1 name=SSTP-Profile remote-address=Site-vpn-Site \
use-encryption=required use-upnp=yes wins-server=192.168.90.10
add bridge=bridge-local bridge-path-cost=100 change-tcp-mss=yes dns-server=\
192.168.90.1,192.168.90.10 local-address=192.168.90.1 name=OVPN-Profile \
use-encryption=required wins-server=192.168.90.10,192.168.91.10
set *FFFFFFFE bridge=bridge-local local-address=192.168.90.1 remote-address=\
Site-vpn-Site
/interface ovpn-client
add certificate=RooTCA.crt_0 cipher=aes192 connect-to=ip \
mac-address=02:26:32:FB:13:57 max-mtu=1400 mode=ethernet name=\
OVPNTo88From90 profile=OVPN-Profile user=OVPN90
/system logging action
set 1 disk-file-name=Logs/log
add disk-file-name=Logs/AccountChanges name=AccountChanges target=disk
add disk-file-name=Logs/VPN disk-lines-per-file=10000 name=VPNDisk target=\
disk
add memory-lines=10000 name=FireWallInfo target=memory
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge-local interface=ether02-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=wlan3
add bridge=Bridge-Public interface=wlan2-Master-Public
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface ovpn-server server
set auth=sha1 certificate=RooTCA.crt_0 cipher=aes128,aes192,aes256 \
default-profile=OVPN-Profile enabled=yes mode=ethernet netmask=22 \
require-client-certificate=yes
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption verify-client-certificate=yes
/ip address
add address=192.168.90.1/21 comment="default configuration" interface=\
ether02-master-local network=192.168.88.0
add address=10.5.52.1/24 comment="hotspot network" interface=\
wlan2-Master-Public network=10.5.52.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=ether01-gateway use-peer-dns=no
/ip dhcp-server network
add address=192.168.88.0/21 comment="default configuration" dns-server=\
192.168.90.10,192.168.91.10,208.67.222.222,208.67.220.220 domain=\
Domain.com gateway=192.168.89.1 netmask=21 next-server=\
192.168.91.1 wins-server=\
192.168.90.10,192.168.91.10,192.168.89.10,192.168.88.10
/ip dns
set allow-remote-requests=yes servers="192.168.90.10,192.168.91.10,192.168.88.\
1,192.168.89.1,192.168.90.1,192.168.91.1,192.168.92.1,208.67.220.220,208.6\
7.222.222"
/ip dns static
add address=192.168.90.1 name=MainBuilding
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=input comment="Allow 443 Incoming for VPN" dst-port=\
1194 protocol=udp
add action=accept chain=input comment="Allow 443 Incoming for VPN" dst-port=\
1194 port="" protocol=tcp
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=\
ether01-gateway
add action=fasttrack-connection chain=forward comment="default configuration" \
connection-state=established,related
add action=accept chain=forward comment="default configuration" \
connection-state=established,related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=\
ether01-gateway
add action=accept chain=input comment="TEST ACCPT ALL RULE " disabled=yes
add action=accept chain=output comment="TEST ACCPT ALL RULE " disabled=yes
/ip firewall mangle
add action=change-mss chain=forward comment=\
" Clamp MSS to PMTU for Outgoing packets" new-mss=clamp-to-pmtu \
out-interface=all-ppp passthrough=no protocol=tcp tcp-flags=syn
/ip firewall nat
add action=dst-nat chain=dstnat comment="This rule will force all users with c\
ustom defined DNS server to use 192.168.90.1 as their DNS server, this rul\
e will simply redirect all request sent to ANY-IP:53 to 192.168.90.1:53" \
disabled=yes dst-port=53 protocol=tcp to-addresses=192.168.90.1 to-ports=\
53
add action=dst-nat chain=dstnat comment="This rule will force all users with c\
ustom defined DNS server to use 192.168.90.1 as their DNS server, this rul\
e will simply redirect all request sent to ANY-IP:53 to 192.168.90.1:53" \
disabled=yes dst-port=53 protocol=udp to-addresses=192.168.90.1 to-ports=\
53
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether01-gateway
add action=masquerade chain=srcnat comment="masq. vpn traffic" disabled=yes \
src-address=192.168.89.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=yes src-address=10.5.52.0/24
/ip hotspot user
add name=admin
/ip ipsec peer
add address=192.168.9.46/32 disabled=yes dpd-interval=10s \
dpd-maximum-failures=2 enc-algorithm=3des hash-algorithm=md5
add address=192.168.9.45/32 disabled=yes dpd-interval=10s \
dpd-maximum-failures=2 enc-algorithm=3des hash-algorithm=md5
/ip ipsec policy
add disabled=yes dst-address=192.168.89.0/24 sa-dst-address=192.168.9.46 \
sa-src-address=192.168.9.44 src-address=192.168.90.0/24 tunnel=yes
add disabled=yes dst-address=192.168.91.0/24 sa-dst-address=192.168.9.45 \
sa-src-address=192.168.9.44 src-address=192.168.90.0/24 tunnel=yes
/ip route
add disabled=yes distance=1 gateway=
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge-local type=internal
add interface=ether01-gateway type=external
/lcd interface pages
set 0 interfaces=wlan1
/ppp secret
add local-address=192.168.90.1 name=vpn
add name=OVPN88 profile=OVPN-Profile remote-address=192.168.90.2 service=ovpn
add name=OVPN89 profile=OVPN-Profile remote-address=192.168.90.3 service=ovpn
add name=OVPN91 profile=OVPN-Profile remote-address=192.168.90.4 service=ovpn
add name=OVPN92 profile=OVPN-Profile remote-address=192.168.90.4 service=ovpn
add name=OVPN90 profile=OVPN-Profile remote-address=192.168.90.4 service=ovpn
/system clock
set time-zone-name=America/New_York
/system identity
set name=90
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set bridge-local disabled=yes display-time=5s
set wlan2-Master-Public disabled=yes display-time=5s
set wlan3 disabled=yes display-time=5s
set Bridge-Public disabled=yes display-time=5s
set OVPN-Interface disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set ether01-gateway disabled=yes display-time=5s
set ether02-master-local disabled=yes display-time=5s
set ether03-slave-local disabled=yes display-time=5s
set ether04-slave-local disabled=yes display-time=5s
set ether05-slave-local disabled=yes display-time=5s
set ether06-slave-local disabled=yes display-time=5s
set ether07-slave-local disabled=yes display-time=5s
set ether08-slave-local disabled=yes display-time=5s
set ether09-slave-local disabled=yes display-time=5s
set ether10-slave-local disabled=yes display-time=5s
set OVPNTo89From90 disabled=yes display-time=5s
set ether11-slave-local disabled=yes display-time=5s
set ether12-slave-local disabled=yes display-time=5s
set ether13-slave-local disabled=yes display-time=5s
set ether14-slave-local disabled=yes display-time=5s
set ether15-slave-local disabled=yes display-time=5s
set ether16-slave-local disabled=yes display-time=5s
set ether17-slave-local disabled=yes display-time=5s
set ether18-slave-local disabled=yes display-time=5s
set ether19-slave-local disabled=yes display-time=5s
set ether20-slave-local disabled=yes display-time=5s
set OVPNTo91From90 disabled=yes display-time=5s
set ether21-slave-local disabled=yes display-time=5s
set ether22-slave-local disabled=yes display-time=5s
set ether23-slave-local disabled=yes display-time=5s
set ether24-slave-local disabled=yes display-time=5s
set sfp01-slave-local disabled=yes display-time=5s
set OVPNTo88From90 disabled=yes display-time=5s
set sit1 disabled=yes display-time=5s
set OVPNTo90From90 disabled=yes display-time=5s
set <ovpn-OVPN88> disabled=yes display-time=5s
/system logging
add topics=ipsec,ovpn,ppp,sstp,pptp
add action=AccountChanges topics=account
add topics=account
add action=VPNDisk topics=ipsec,ovpn,ppp,sstp,pptp
add action=FireWallInfo prefix=Port8291 topics=firewall
/system package update
set channel=bugfix
/system scheduler
add comment="This is used to get the DNS names for any host in the lists taht \
start with \"Host_\" " interval=5m name=updatehostnames on-event=\
resolvehostnames policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jan/01/1970 start-time=00:00:00
/system script
add name=resolvehostnames owner=admin policy=read,write source="# define varia\
bles\r\
\n:local list\r\
\n:local comment\r\
\n:local newip\r\
\n:local oldip\r\
\n\r\
\n# Loop through each entry in the address list.\r\
\n:foreach i in=[/ip firewall address-list find] do={\r\
\n\r\
\n# Get the first five characters of the list name\r\
\n :set list [:pick [/ip firewall address-list get \$i list] 0 5]\r\
\n\r\
\n# If they're 'host_', then we've got a match - process it\r\
\n :if (\$list = \"host_\") do={\r\
\n\r\
\n# Get the comment for this address list item (this is the host name to u\
se)\r\
\n :set comment [/ip firewall address-list get \$i comment]\r\
\n :set oldip [/ip firewall address-list get \$i address]\r\
\n\r\
\n# Resolve it and set the address list entry accordingly.\r\
\n : if (\$newip != \$oldip) do={:set newip [:resolve \$comment]\r\
\n /ip firewall address-list set \$i address=\$newip}\r\
\n }\r\
\n }"
/system upgrade upgrade-package-source
add address=192.168.88.1 user=Updates
add address=192.168.89.1 user=Updates
add address=192.168.90.1 user=Updates
add address=192.168.91.1 user=Updates
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether02-master-local
add interface=ether03-slave-local
add interface=ether04-slave-local
add interface=ether05-slave-local
add interface=ether06-slave-local
add interface=ether07-slave-local
add interface=ether08-slave-local
add interface=ether09-slave-local
add interface=ether10-slave-local
add interface=ether11-slave-local
add interface=ether12-slave-local
add interface=ether13-slave-local
add interface=ether14-slave-local
add interface=ether15-slave-local
add interface=ether16-slave-local
add interface=ether17-slave-local
add interface=ether18-slave-local
add interface=ether19-slave-local
add interface=ether20-slave-local
add interface=ether21-slave-local
add interface=ether22-slave-local
add interface=ether23-slave-local
add interface=ether24-slave-local
add interface=sfp01-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether02-master-local
add interface=ether03-slave-local
add interface=ether04-slave-local
add interface=ether05-slave-local
add interface=ether06-slave-local
add interface=ether07-slave-local
add interface=ether08-slave-local
add interface=ether09-slave-local
add interface=ether10-slave-local
add interface=ether11-slave-local
add interface=ether12-slave-local
add interface=ether13-slave-local
add interface=ether14-slave-local
add interface=ether15-slave-local
add interface=ether16-slave-local
add interface=ether17-slave-local
add interface=ether18-slave-local
add interface=ether19-slave-local
add interface=ether20-slave-local
add interface=ether21-slave-local
add interface=ether22-slave-local
add interface=ether23-slave-local
add interface=ether24-slave-local
add interface=sfp01-slave-local
add interface=wlan1
add interface=bridge-local
/tool user-manager database
set db-path=user-manager
[admin@90] >
Code: Select all
[admin@91] > /export hide-sensitive
# jun/23/2017 20:15:43 by RouterOS 6.38.7
# software id =
#
/interface bridge
add admin-mac=E4:8D:8C:57:8A:A6 auto-mac=no name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=\
20/40mhz-Ce country="united states" disabled=no distance=\
indoors frequency=auto mode=ap-bridge ssid=MikroTik- \
wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local \
name=ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local \
name=ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local \
name=ether5-slave-local
set [ find default-name=ether6 ] master-port=ether2-master-local \
name=ether6-slave-local
set [ find default-name=ether7 ] master-port=ether2-master-local \
name=ether7-slave-local
set [ find default-name=ether8 ] master-port=ether2-master-local \
name=ether8-slave-local
set [ find default-name=ether9 ] master-port=ether2-master-local \
name=ether9-slave-local
set [ find default-name=ether10 ] master-port=ether2-master-local \
name=ether10-slave-local
set [ find default-name=ether11 ] master-port=ether2-master-local \
name=ether11-slave-local
set [ find default-name=ether12 ] master-port=ether2-master-local \
name=ether12-slave-local
set [ find default-name=ether13 ] master-port=ether2-master-local \
name=ether13-slave-local
set [ find default-name=ether14 ] master-port=ether2-master-local \
name=ether14-slave-local
set [ find default-name=ether15 ] master-port=ether2-master-local \
name=ether15-slave-local
set [ find default-name=ether16 ] master-port=ether2-master-local \
name=ether16-slave-local
set [ find default-name=ether17 ] master-port=ether2-master-local \
name=ether17-slave-local
set [ find default-name=ether18 ] master-port=ether2-master-local \
name=ether18-slave-local
set [ find default-name=ether19 ] master-port=ether2-master-local \
name=ether19-slave-local
set [ find default-name=ether20 ] master-port=ether2-master-local \
name=ether20-slave-local
set [ find default-name=ether21 ] master-port=ether2-master-local \
name=ether21-slave-local
set [ find default-name=ether22 ] master-port=ether2-master-local \
name=ether22-slave-local
set [ find default-name=ether23 ] master-port=ether2-master-local \
name=ether23-slave-local
set [ find default-name=ether24 ] master-port=ether2-master-local \
name=ether24-slave-local
set [ find default-name=sfp1 ] master-port=ether2-master-local \
name=sfp1-slave-local
/ip neighbor discovery
set ether1-gateway discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk \
mode=dynamic-keys supplicant-identity=MikroTik
add name=profile supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=\
dynamic-keys name=BHNDG1670A00F2 supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
group-ciphers=tkip,aes-ccm mode=dynamic-keys name=PYC \
supplicant-identity=MikroTik unicast-ciphers=tkip,aes-ccm
/interface wireless
add disabled=no mac-address=E6:8D:8C:57:8A:BE master-interface=\
wlan1 mode=ap-bridge name=wlan2 security-profile=profile ssid=\
Guests
add keepalive-frames=disabled mac-address=E6:8D:8C:57:8A:BF \
master-interface=wlan1 mode=ap-bridge multicast-buffering=\
disabled name=wlan3 security-profile=PYC ssid=PYC \
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=md5 enc-algorithms=3des
/ip pool
add name=dhcp ranges=192.168.91.20-192.168.91.254
add name=Site-VPN-Site next-pool=dhcp ranges=\
192.168.91.6-192.168.91.9
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=\
default
/ppp profile
add bridge=bridge-local dns-server=192.168.90.1,192.168.90.10 \
local-address=192.168.91.1 name=SSTP-Profile remote-address=\
Site-VPN-Site wins-server=192.168.90.10
add bridge=bridge-local bridge-path-cost=100 bridge-port-priority=\
0x90 change-tcp-mss=yes dns-server=192.168.90.10,192.168.91.1 \
local-address=192.168.91.1 name=OVPN-Profile use-encryption=yes \
wins-server=192.168.90.10,192.168.91.10
set *FFFFFFFE local-address=192.168.91.1 remote-address=\
Site-VPN-Site
/interface ovpn-client
add certificate=RooTCA.crt_0 cipher=aes192 connect-to=\
IP mac-address=02:03:81:39:C7:A3 max-mtu=1400 mode=\
ethernet name=OVPNFrom91To88 profile=OVPN-Profile user=OVPN91
add certificate=RooTCA.crt_0 cipher=aes192 connect-to=\
IP disabled=yes mac-address=02:03:81:39:C7:A3 \
max-mtu=1400 mode=ethernet name=OVPNFrom91To89 profile=\
OVPN-Profile user=OVPN91
add certificate=RooTCA.crt_0 cipher=aes192 connect-to=\
IP disabled=yes mac-address=02:03:81:39:C7:A3 \
max-mtu=1400 mode=ethernet name=OVPNFrom91To90 profile=\
OVPN-Profile user=OVPN91
add certificate=RooTCA.crt_0 cipher=aes192 connect-to=\
787006acb2eb.sn.mynetname.net disabled=yes mac-address=\
02:03:81:39:C7:A3 max-mtu=1400 mode=ethernet name=\
OVPNFrom91To92 profile=OVPN-Profile user=OVPN91
/system logging action
set 1 disk-file-name=Logs/log
add disk-file-name=Logs/Account name=AccountChanges target=disk
add disk-file-name=Logs/VPN disk-lines-per-file=10000 name=VPNDisk \
target=disk
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge filter
add action=drop chain=forward in-interface=wlan2
add action=drop chain=forward out-interface=wlan2
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=wlan2
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface ovpn-server server
set auth=sha1 certificate=RooTCA.crt_0 cipher=aes128,aes192,aes256 \
default-profile=OVPN-Profile enabled=yes mode=ethernet netmask=\
21 require-client-certificate=yes
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.91.1/21 comment="default configuration" \
interface=ether2-master-local network=192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid \
disabled=no interface=ether1-gateway use-peer-dns=no
/ip dhcp-server lease
add address=192.168.91.160 always-broadcast=yes client-id=\
1:30:5:5c:28:35:56 mac-address=30:05:5C:28:35:56 server=default
/ip dhcp-server network
add address=192.168.88.0/21 comment="default configuration" \
dns-server=\
192.168.90.10,192.168.91.10,208.67.222.222,208.67.220.220 \
domain=DOMAIN.com gateway=192.168.91.1 netmask=21 \
next-server=192.168.89.1 wins-server="192.168.90.10,192.168.91.1\
0,192.168.89.10,192.168.88.10,192.168.92.10"
/ip dns
set allow-remote-requests=yes servers="192.168.90.10,192.168.91.10,1\
92.168.88.1,192.168.89.1,192.168.90.1,192.168.91.1,208.67.222.22\
2,208.67.220.220,208.67.222.222,208.67.220.220,2620:0:ccc::2,262\
0:0:ccd::2"
/ip dns static
add address=192.168.91.1 name=ComputerLab
/ip firewall filter
add action=accept chain=input comment="Used for OVPN" dst-port=\
1194 log=yes log-prefix=Port1194 protocol=udp
add action=accept chain=input comment="Used for OVPN" dst-port=\
1194 log=yes log-prefix=Port1194 protocol=tcp
add action=accept chain=output comment=209.99.111.17/uwmc \
dst-address=209.99.111.17
add action=accept chain=input comment="default configuration" \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established,related
add action=drop chain=input comment="default configuration" \
in-interface=ether1-gateway
add action=fasttrack-connection chain=forward comment=\
"default configuration" connection-state=established,related
add action=accept chain=forward comment="default configuration" \
connection-state=established,related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=\
ether1-gateway
/ip firewall mangle
add action=change-mss chain=forward comment=\
"Clamp MSS to PMTU for Outgoing packets" new-mss=clamp-to-pmtu \
out-interface=all-ppp passthrough=no protocol=tcp tcp-flags=syn
/ip firewall nat
add action=dst-nat chain=dstnat comment="This rule will force all us\
ers with custom defined DNS server to use 192.168.90.1 as their \
DNS server, this rule will simply redirect all request sent to A\
NY-IP:53 to 192.168.90.1:53" disabled=yes dst-port=53 protocol=\
tcp to-addresses=192.168.91.1 to-ports=53
add action=dst-nat chain=dstnat comment="This rule will force all us\
ers with custom defined DNS server to use 192.168.90.1 as their \
DNS server, this rule will simply redirect all request sent to A\
NY-IP:53 to 192.168.90.1:53" disabled=yes dst-port=53 protocol=\
udp to-addresses=192.168.91.1 to-ports=53
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="masq. vpn traffic" \
disabled=yes src-address=192.168.89.0/24
/ip ipsec peer
add address=192.168.9.44/32 disabled=yes dpd-interval=10s \
dpd-maximum-failures=2 enc-algorithm=3des hash-algorithm=md5
add address=192.168.9.46/32 disabled=yes dpd-interval=10s \
dpd-maximum-failures=2 enc-algorithm=3des hash-algorithm=md5
/ip ipsec policy
add disabled=yes dst-address=192.168.89.0/24 sa-dst-address=\
192.168.9.46 sa-src-address=192.168.9.45 src-address=\
192.168.91.0/24 tunnel=yes
add disabled=yes dst-address=192.168.90.0/24 sa-dst-address=\
192.168.9.46 sa-src-address=192.168.9.45 src-address=\
192.168.91.0/24 tunnel=yes
/lcd interface pages
set 0 interfaces=wlan1
/ppp secret
add name=OVPN88 profile=OVPN-Profile remote-address=192.168.91.2 \
service=ovpn
add local-address=192.168.91.1 name=OVPN89 profile=OVPN-Profile \
remote-address=192.168.91.3 service=ovpn
add local-address=192.168.91.1 name=OVPN90 profile=OVPN-Profile \
remote-address=192.168.91.4 service=ovpn
add local-address=192.168.91.1 name=OVPN92 profile=OVPN-Profile \
remote-address=192.168.91.6 service=ovpn
add local-address=192.168.91.1 name=OVPN91 profile=OVPN-Profile \
remote-address=192.168.91.5 service=ovpn
/system clock
set time-zone-name=America/New_York
/system identity
set name=91
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set bridge-local disabled=yes display-time=5s
set wlan2 disabled=yes display-time=5s
set wlan3 disabled=yes display-time=5s
set OVPN-Bridge disabled=yes display-time=5s
set OVPNFrom91To89 disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set ether1-gateway disabled=yes display-time=5s
set ether2-master-local disabled=yes display-time=5s
set ether3-slave-local disabled=yes display-time=5s
set ether4-slave-local disabled=yes display-time=5s
set ether5-slave-local disabled=yes display-time=5s
set ether6-slave-local disabled=yes display-time=5s
set ether7-slave-local disabled=yes display-time=5s
set ether8-slave-local disabled=yes display-time=5s
set ether9-slave-local disabled=yes display-time=5s
set ether10-slave-local disabled=yes display-time=5s
set OVPNFrom91To90 disabled=yes display-time=5s
set ether11-slave-local disabled=yes display-time=5s
set ether21-slave-local disabled=yes display-time=5s
set ether22-slave-local disabled=yes display-time=5s
set ether23-slave-local disabled=yes display-time=5s
set ether24-slave-local disabled=yes display-time=5s
set sfp1-slave-local disabled=yes display-time=5s
set ether17-slave-local disabled=yes display-time=5s
set ether18-slave-local disabled=yes display-time=5s
set ether19-slave-local disabled=yes display-time=5s
set ether20-slave-local disabled=yes display-time=5s
set OVPNFrom91To92 disabled=yes display-time=5s
set ether12-slave-local disabled=yes display-time=5s
set ether13-slave-local disabled=yes display-time=5s
set ether14-slave-local disabled=yes display-time=5s
set ether15-slave-local disabled=yes display-time=5s
set ether16-slave-local disabled=yes display-time=5s
set OVPNFrom91To88 disabled=yes display-time=5s
set sit1 disabled=yes display-time=5s
/system logging
add topics=ipsec,ovpn,sstp,ppp,pptp
add action=AccountChanges topics=account
add topics=account
add action=VPNDisk topics=ipsec,ovpn,sstp,ppp,pptp
/system package update
set channel=bugfix
/system scheduler
add interval=5m name=updatehostnames on-event=resolvehostnames \
policy="ftp,reboot,read,write,policy,test,password,sniff,sensiti\
ve,romon" start-date=jan/01/1970 start-time=00:00:00
/system script
add name=resolvehostnames owner=admin policy=read,write source="# de\
fine variables\r\
\n:local list\r\
\n:local comment\r\
\n:local newip\r\
\n:local oldip\r\
\n\r\
\n# Loop through each entry in the address list.\r\
\n:foreach i in=[/ip firewall address-list find] do={\r\
\n\r\
\n# Get the first five characters of the list name\r\
\n :set list [:pick [/ip firewall address-list get \$i list] 0 \
5]\r\
\n\r\
\n# If they're 'host_', then we've got a match - process it\r\
\n :if (\$list = \"host_\") do={\r\
\n\r\
\n# Get the comment for this address list item (this is the host\
\_name to use)\r\
\n :set comment [/ip firewall address-list get \$i comment]\r\
\n :set oldip [/ip firewall address-list get \$i address]\r\
\n\r\
\n# Resolve it and set the address list entry accordingly.\r\
\n : if (\$newip != \$oldip) do={:set newip [:resolve \$comme\
nt]\r\
\n /ip firewall address-list set \$i address=\$newip}\r\
\n }\r\
\n }"
/system upgrade upgrade-package-source
add address=192.168.90.1 user=Updates
add address=192.168.91.1 user=Updates
add address=192.168.89.1 user=Updates
add address=192.168.88.1 user=Updates
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=wlan1
add interface=wlan2
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=wlan1
add interface=wlan2
/tool user-manager database
set db-path=user-manager
[admin@91] >
Who is online
Users browsing this forum: RogerWilco and 20 guests