File "dump_client_88.rsc"
Full path: /home/auuge/domains/files.auu.ge/private_html/mikrotik/ovpn_site2site/ONLY_BRIDGE_NO_FORWARd/client_88/dump_client_88.rsc
File size: 9.62 KB
MIME-type: text/plain
Charset: utf-8
# oct/15/2019 17:42:33 by RouterOS 6.45.6
# software id = NUSP-MM08
#
# model = 2011UiAS-2HnD
# serial number = 63FA0461F7E8
/interface bridge
add admin-mac=4C:5E:0C:1B:B8:F3 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment="ISP1 - CAUCASUS"
set [ find default-name=ether2 ] comment="ISP2 - ZVIADI" disabled=yes \
mac-address=0C:80:63:E9:AB:6B
set [ find default-name=ether3 ] arp=proxy-arp
set [ find default-name=ether4 ] arp=proxy-arp
set [ find default-name=ether5 ] arp=proxy-arp
set [ find default-name=ether6 ] arp=proxy-arp
set [ find default-name=ether8 ] arp=proxy-arp
set [ find default-name=ether9 ] arp=proxy-arp
set [ find default-name=ether10 ] arp=proxy-arp
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
country=georgia disabled=no distance=indoors frequency=auto mode=\
ap-bridge ssid="Clip-Art Guest" wireless-protocol=802.11 wps-mode=\
disabled
/interface ovpn-client
add certificate=MIDLER.crt_0 cipher=aes256 connect-to=94.43.237.102 \
mac-address=02:15:88:99:35:3C mode=ethernet name=ovpn-out1 password=test \
user=test
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-ciphers=\
tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=telephone \
wpa2-pre-shared-key=telephone
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
add bridge=bridge local-address=dhcp name=VPN_PROFILE remote-address=dhcp
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add comment=defconf interface=ether2 list=WAN
/interface ovpn-server server
set auth=sha1 certificate=SERVER cipher=blowfish128,aes128,aes192,aes256 \
default-profile=VPN_PROFILE enabled=yes mode=ethernet
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether3 network=\
192.168.88.0
add address=212.72.133.10/24 interface=ether1 network=212.72.133.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
add dhcp-options=hostname,clientid disabled=no interface=ether2
/ip dhcp-server lease
add address=192.168.88.3 comment="IKA'S PC" mac-address=F0:79:59:5E:B8:0A \
server=defconf
add address=192.168.88.5 comment=NVR mac-address=58:03:FB:14:9C:08 server=\
defconf
add address=192.168.88.8 comment="KOT'S PC" mac-address=10:BF:48:7E:96:3A \
server=defconf
add address=192.168.88.2 comment="HP PRINTER" mac-address=58:20:B1:53:5C:1E \
server=defconf
add address=192.168.88.9 comment=SERVER mac-address=EC:08:6B:02:5E:2D server=\
defconf
add address=192.168.88.4 comment=DVR mac-address=A4:14:37:9E:10:8F server=\
defconf
add address=192.168.88.10 allow-dual-stack-queue=no comment=\
"SUPREA SHEMOSVLA" mac-address=00:17:FC:25:1F:29
add address=192.168.88.11 allow-dual-stack-queue=no comment="SUPREMA GASVLA" \
mac-address=00:17:FC:25:1F:42
add address=192.168.88.12 allow-dual-stack-queue=no comment="SUPREMA TURNIKI" \
mac-address=00:17:FC:20:DB:A5
add address=192.168.88.14 client-id=1:d8:50:e6:e2:57:43 comment=\
"KOTE'S NOTEBOOK" mac-address=D8:50:E6:E2:57:43 server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=\
213.157.196.132,213.157.196.130,8.8.8.8,4.4.4.4
/ip dns static
add address=192.168.88.1 name=router.lan
add address=192.168.88.3 name=ika.dev
add address=192.168.88.8 name=kot.dev
/ip firewall address-list
add address=srv.auu.ge list=kot
add address=work.auu.ge list=kot
add address=deamed.auu.ge list=kot
add address=dolidze.auu.ge list=kot
add address=eliava.auu.ge list=kot
add address=192.168.87.0/24 list=kot
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="ALLOW KOT WINBOX REMOTE" dst-port=8291 \
protocol=tcp src-address-list=kot
add action=accept chain=input comment="Allow OPenVPN" dst-port=1194 protocol=\
tcp
add action=accept chain=input comment="ALLOW NOD32 UPDATE" dst-port=222 \
protocol=tcp
add action=accept chain=input comment="Allow DVR" dst-port=8000 in-interface=\
ether1 protocol=tcp
add action=accept chain=input dst-port=8001 in-interface=ether1 protocol=tcp
add action=accept chain=forward disabled=yes dst-port=2525 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.88.0/24 src-address=\
192.168.87.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="NOD32 UPDATE SERVER" dst-port=222 \
protocol=tcp to-addresses=192.168.88.9 to-ports=2221
add action=dst-nat chain=dstnat comment=NOD32_HAIRPIN dst-address=\
212.72.133.10 dst-port=222 protocol=tcp to-addresses=192.168.88.9 \
to-ports=2221
add action=masquerade chain=srcnat comment=NOD32_HAIRPIN2 dst-address=\
192.168.88.9 dst-port=2221 out-interface-list=LAN protocol=tcp \
src-address=192.168.88.0/24
add action=dst-nat chain=dstnat comment=HIKVISION dst-port=5555 protocol=tcp \
src-address-list=!192.168.88.2/24 to-addresses=192.168.88.4 to-ports=80
add action=dst-nat chain=dstnat comment="HIKVISION 554" dst-port=554 \
protocol=tcp to-addresses=192.168.88.4 to-ports=554
add action=dst-nat chain=dstnat comment="HIKVISION 8000" dst-port=8000 \
protocol=tcp to-addresses=192.168.88.4 to-ports=8000
add action=dst-nat chain=dstnat comment="NVR Server Port" dst-port=8001 \
protocol=tcp to-addresses=192.168.88.5 to-ports=8001
add action=dst-nat chain=dstnat comment="NVR Http Port" dst-port=5556 \
protocol=tcp to-addresses=192.168.88.5 to-ports=80
add action=dst-nat chain=dstnat comment="NVR RTSP port" dst-port=1025 \
protocol=tcp to-addresses=192.168.88.5 to-ports=1025
add action=dst-nat chain=dstnat comment="ALLOW SERVER FTP" disabled=yes \
dst-port=21 protocol=tcp to-addresses=192.168.88.9 to-ports=21
add action=dst-nat chain=dstnat disabled=yes dst-port=82 protocol=tcp \
to-addresses=192.168.88.8 to-ports=80
add action=dst-nat chain=dstnat disabled=yes dst-port=80 in-interface=ether2 \
protocol=tcp to-addresses=192.168.88.8 to-ports=80
/ip route
add distance=1 gateway=212.72.133.9
add distance=1 dst-address=192.168.87.0/24 gateway=192.168.200.254
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/lcd
set backlight-timeout=5m enabled=no touch-screen=disabled
/lcd interface pages
set 0 interfaces=wlan1
/ppp secret
add name=midlerO password=E30bae74 profile=VPN_PROFILE service=ovpn
/system clock
set time-zone-name=Asia/Tbilisi
/system identity
set name=Clip-Art
/system ntp client
set enabled=yes primary-ntp=129.6.15.30 secondary-ntp=52.166.120.77
/system scheduler
add interval=5m name=WOL_SERVER on-event=\
"tool wol interface=ether2 mac=EC:08:6B:02:5E:2D" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=nov/05/2018 start-time=16:15:22
/system script
add dont-require-permissions=no name=script1 owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
"tool wol interface=ether2 mac=EC:08:6B:02:5E:2D"
add dont-require-permissions=no name=script2 owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
"/ip firewall export file=firewall\r\
\n"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN