API tools faq
paste
Advertisement
Amakesh

Untitled

Amakesh
Jun 17th, 2023
1,332
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
XML 4.47 KB | None | 0 0
raw download clone embed print report
  1. /interface bridge
  2. add name=bridge1
  3. add name=bridge2
  4. /interface ethernet
  5. set [ find default-name=combo1 ] advertise=\
  6.     10M-full,100M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full
  7. /interface wireguard
  8. add listen-port=13231 mtu=1420 name=wireguard1
  9. /interface list
  10. add comment=defconf name=WAN
  11. add comment=defconf name=LAN
  12. /interface lte apn
  13. set [ find default=yes ] ip-type=ipv4 use-network-apn=no
  14. /interface wireless security-profiles
  15. set [ find default=yes ] supplicant-identity=MikroTik
  16. /ip pool
  17. add name=pool1 ranges=192.168.88.10-192.168.88.254
  18. add name=pool2 ranges=192.168.68.10-192.168.68.254
  19. /ip dhcp-server
  20. add address-pool=pool1 interface=bridge1 name=server1
  21. add address-pool=pool2 interface=bridge2 name=server2
  22. /port
  23. set 0 name=serial0
  24. set 1 name=serial1
  25. /routing ospf instance
  26. add disabled=yes name=default-v2
  27. /routing ospf area
  28. add disabled=yes instance=default-v2 name=backbone-v2
  29. /routing table
  30. add disabled=no fib name=vpn
  31. /interface bridge port
  32. add bridge=bridge1 ingress-filtering=no interface=ether1
  33. add bridge=bridge2 ingress-filtering=no interface=ether2
  34. add bridge=bridge1 ingress-filtering=no interface=ether3
  35. add bridge=bridge1 interface=ether4
  36. add bridge=bridge1 interface=ether5
  37. add bridge=bridge1 interface=ether6
  38. add bridge=bridge1 interface=ether7
  39. /ip settings
  40. set max-neighbor-entries=8192
  41. /ipv6 settings
  42. set disable-ipv6=yes max-neighbor-entries=8192
  43. /interface list member
  44. add comment=defconf interface=combo1 list=WAN
  45. add interface=bridge1 list=LAN
  46. add interface=wireguard1 list=WAN
  47. add interface=bridge2 list=LAN
  48. /interface ovpn-server server
  49. set auth=sha1,md5
  50. /interface wireguard peers
  51. add allowed-address=0.0.0.0/0 endpoint-address=pl209.nordvpn.com endpoint-port=\
  52.     51820 interface=wireguard1 persistent-keepalive=25s public-key=\
  53.     "kjAOzXQRVGpmQdqE2zPsITH8QHmFK83AAPktqWed9wM="
  54. /ip address
  55. add address=192.168.88.1/24 comment=defconf interface=bridge1 network=\
  56.     192.168.88.0
  57. add address=192.168.68.1/24 interface=bridge2 network=192.168.68.0
  58. /ip dhcp-client
  59. add interface=combo1 use-peer-dns=no use-peer-ntp=no
  60. /ip dhcp-server network
  61. add address=192.168.68.0/24 dns-server=192.168.68.1 gateway=192.168.68.1
  62. add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
  63.     192.168.88.1
  64. /ip dns
  65. set allow-remote-requests=yes servers=94.140.14.14,94.140.15.15 use-doh-server=\
  66.     https://dns.adguard.com/dns-query
  67. /ip dns static
  68. add address=192.168.88.1 disabled=yes name=router.lan
  69. add address=94.140.14.14 name=dns.adguard.com
  70. add address=94.140.15.15 name=dns.adguard.com
  71. /ip firewall filter
  72. add action=accept chain=input comment=\
  73.     "defconf: accept established,related,untracked" connection-state=\
  74.     established,related,untracked log=yes
  75. add action=drop chain=input comment="defconf: drop invalid" connection-state=\
  76.     invalid log=yes
  77. add action=accept chain=input comment="defconf: accept ICMP" log=yes protocol=\
  78.     icmp
  79. add action=accept chain=input comment=\
  80.     "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 log=\
  81.     yes
  82. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
  83.     connection-state=established,related hw-offload=yes log=yes
  84. add action=accept chain=forward connection-state=established,related,untracked
  85. add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
  86.     invalid
  87. add action=drop chain=forward comment="drop all from WAN not DSTNATed" \
  88.     connection-nat-state=!dstnat connection-state=new in-interface-list=WAN log=\
  89.     yes
  90. add action=accept chain=forward log=yes out-interface=wireguard1 src-address=\
  91.     192.168.88.0/24
  92. add action=accept chain=forward log=yes out-interface=bridge2 src-address=\
  93.     192.168.68.0/24
  94. /ip firewall nat
  95. add action=masquerade chain=srcnat log=yes log-prefix=wg out-interface=\
  96.     wireguard1
  97. add action=masquerade chain=srcnat disabled=yes out-interface-list=WAN
  98. add action=masquerade chain=srcnat log=yes log-prefix=no_vpn out-interface=\
  99.     bridge2
  100. /ip ipsec policy
  101. set 0 disabled=yes
  102. /ip route
  103. add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wireguard1 pref-src=\
  104.     0.0.0.0 routing-table=vpn scope=30 suppress-hw-offload=no target-scope=10
  105. /ip upnp
  106. set enabled=yes
  107. /routing rule
  108. add action=lookup disabled=yes dst-address=192.168.88.0/24 src-address=\
  109.     192.168.88.0/24 table=main
  110. add action=lookup disabled=no src-address=192.168.88.0/24 table=vpn
  111. add action=lookup disabled=no src-address=192.168.68.0/24 table=main
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!