Advertisement
Amakesh

Untitled

Jun 17th, 2023
1,336
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
XML 4.47 KB | None | 0 0
  1. /interface bridge
  2. add name=bridge1
  3. add name=bridge2
  4. /interface ethernet
  5. set [ find default-name=combo1 ] advertise=\
  6.     10M-full,100M-full,1000M-half,1000M-full,10000M-full,2500M-full,5000M-full
  7. /interface wireguard
  8. add listen-port=13231 mtu=1420 name=wireguard1
  9. /interface list
  10. add comment=defconf name=WAN
  11. add comment=defconf name=LAN
  12. /interface lte apn
  13. set [ find default=yes ] ip-type=ipv4 use-network-apn=no
  14. /interface wireless security-profiles
  15. set [ find default=yes ] supplicant-identity=MikroTik
  16. /ip pool
  17. add name=pool1 ranges=192.168.88.10-192.168.88.254
  18. add name=pool2 ranges=192.168.68.10-192.168.68.254
  19. /ip dhcp-server
  20. add address-pool=pool1 interface=bridge1 name=server1
  21. add address-pool=pool2 interface=bridge2 name=server2
  22. /port
  23. set 0 name=serial0
  24. set 1 name=serial1
  25. /routing ospf instance
  26. add disabled=yes name=default-v2
  27. /routing ospf area
  28. add disabled=yes instance=default-v2 name=backbone-v2
  29. /routing table
  30. add disabled=no fib name=vpn
  31. /interface bridge port
  32. add bridge=bridge1 ingress-filtering=no interface=ether1
  33. add bridge=bridge2 ingress-filtering=no interface=ether2
  34. add bridge=bridge1 ingress-filtering=no interface=ether3
  35. add bridge=bridge1 interface=ether4
  36. add bridge=bridge1 interface=ether5
  37. add bridge=bridge1 interface=ether6
  38. add bridge=bridge1 interface=ether7
  39. /ip settings
  40. set max-neighbor-entries=8192
  41. /ipv6 settings
  42. set disable-ipv6=yes max-neighbor-entries=8192
  43. /interface list member
  44. add comment=defconf interface=combo1 list=WAN
  45. add interface=bridge1 list=LAN
  46. add interface=wireguard1 list=WAN
  47. add interface=bridge2 list=LAN
  48. /interface ovpn-server server
  49. set auth=sha1,md5
  50. /interface wireguard peers
  51. add allowed-address=0.0.0.0/0 endpoint-address=pl209.nordvpn.com endpoint-port=\
  52.     51820 interface=wireguard1 persistent-keepalive=25s public-key=\
  53.     "kjAOzXQRVGpmQdqE2zPsITH8QHmFK83AAPktqWed9wM="
  54. /ip address
  55. add address=192.168.88.1/24 comment=defconf interface=bridge1 network=\
  56.     192.168.88.0
  57. add address=192.168.68.1/24 interface=bridge2 network=192.168.68.0
  58. /ip dhcp-client
  59. add interface=combo1 use-peer-dns=no use-peer-ntp=no
  60. /ip dhcp-server network
  61. add address=192.168.68.0/24 dns-server=192.168.68.1 gateway=192.168.68.1
  62. add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
  63.     192.168.88.1
  64. /ip dns
  65. set allow-remote-requests=yes servers=94.140.14.14,94.140.15.15 use-doh-server=\
  66.     https://dns.adguard.com/dns-query
  67. /ip dns static
  68. add address=192.168.88.1 disabled=yes name=router.lan
  69. add address=94.140.14.14 name=dns.adguard.com
  70. add address=94.140.15.15 name=dns.adguard.com
  71. /ip firewall filter
  72. add action=accept chain=input comment=\
  73.     "defconf: accept established,related,untracked" connection-state=\
  74.     established,related,untracked log=yes
  75. add action=drop chain=input comment="defconf: drop invalid" connection-state=\
  76.     invalid log=yes
  77. add action=accept chain=input comment="defconf: accept ICMP" log=yes protocol=\
  78.     icmp
  79. add action=accept chain=input comment=\
  80.     "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 log=\
  81.     yes
  82. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
  83.     connection-state=established,related hw-offload=yes log=yes
  84. add action=accept chain=forward connection-state=established,related,untracked
  85. add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
  86.     invalid
  87. add action=drop chain=forward comment="drop all from WAN not DSTNATed" \
  88.     connection-nat-state=!dstnat connection-state=new in-interface-list=WAN log=\
  89.     yes
  90. add action=accept chain=forward log=yes out-interface=wireguard1 src-address=\
  91.     192.168.88.0/24
  92. add action=accept chain=forward log=yes out-interface=bridge2 src-address=\
  93.     192.168.68.0/24
  94. /ip firewall nat
  95. add action=masquerade chain=srcnat log=yes log-prefix=wg out-interface=\
  96.     wireguard1
  97. add action=masquerade chain=srcnat disabled=yes out-interface-list=WAN
  98. add action=masquerade chain=srcnat log=yes log-prefix=no_vpn out-interface=\
  99.     bridge2
  100. /ip ipsec policy
  101. set 0 disabled=yes
  102. /ip route
  103. add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wireguard1 pref-src=\
  104.     0.0.0.0 routing-table=vpn scope=30 suppress-hw-offload=no target-scope=10
  105. /ip upnp
  106. set enabled=yes
  107. /routing rule
  108. add action=lookup disabled=yes dst-address=192.168.88.0/24 src-address=\
  109.     192.168.88.0/24 table=main
  110. add action=lookup disabled=no src-address=192.168.88.0/24 table=vpn
  111. add action=lookup disabled=no src-address=192.168.68.0/24 table=main
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement