Суть проблемы в том, что не получается поднять VPN сервер. Точнее он поднимается, но извне не виден.
Хотя RDP работает.
Настройки прилагаю.
Скорее всего косяк в настройках, но не могу понять где именно.
Не удается поднять VPN сервер
-
evgeniy.maksimov
- Сообщения: 8
- Зарегистрирован: 05 окт 2020, 15:18
Коллеги, здравствуйте.
Суть проблемы в том, что не получается поднять VPN сервер. Точнее он поднимается, но извне не виден.
Хотя RDP работает.
Настройки прилагаю.
Скорее всего косяк в настройках, но не могу понять где именно.
Суть проблемы в том, что не получается поднять VPN сервер. Точнее он поднимается, но извне не виден.
Хотя RDP работает.
Настройки прилагаю.
Скорее всего косяк в настройках, но не могу понять где именно.
-
bst-botsman
- Сообщения: 189
- Зарегистрирован: 13 окт 2018, 20:53
- Откуда: Беларусь
А вы его здесь включили???
RB3011UiAS x 1
RB4011iGS+5HacQ2HnD x 3
951Ui-2nD x 2
hAP ac^2 x 24
CheckPoint 1590 x 1
RB4011iGS+5HacQ2HnD x 3
951Ui-2nD x 2
hAP ac^2 x 24
CheckPoint 1590 x 1
-
evgeniy.maksimov
- Сообщения: 8
- Зарегистрирован: 05 окт 2020, 15:18
Код: Выделить всё
oct/06/2020 22:57:20 by RouterOS 6.47.4
# software id = 8EIV-BWTI
#
# model = 2011L
# serial number = 37460297B069
/interface bridge
add arp=proxy-arp fast-forward=no mtu=1500 name=bridge1 protocol-mode=none \
vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp name=ether1-wan speed=100Mbps
set [ find default-name=ether2 ] arp=proxy-arp comment="\C1\EE\EB\FC\F8\E0\FF \
\F1\E5\F0\E2\E5\F0\ED\E0\FF \EA\EE\EC\EC\F3\F2\E0\F2\EE\F0 \ED\E0 \F1\E5\F0\
\E2\E5\F0\E0" speed=100Mbps
set [ find default-name=ether3 ] arp=proxy-arp comment=\
"\D0\E5\F1\E5\EF\F8\E5\ED" speed=100Mbps
set [ find default-name=ether4 ] arp=proxy-arp comment="3528 \E4\EB\E8\ED\EA" \
speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface l2tp-client
add add-default-route=yes allow=chap connect-to=fvpn.fryazino.net mrru=1600 \
name=l2tp-out1 password=P7U2WC1D user=35804
/interface vlan
add interface=ether4 name=guest vlan-id=22
add interface=bridge1 name=wifi vlan-id=123
add interface=ether4 mtu=1450 name=work vlan-id=21
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp_pool1 ranges=10.10.10.20-10.10.15.254
add name=vpn ranges=10.10.16.2-10.10.16.50
add name=dhcp_pool4 ranges=10.10.51.2-10.10.51.254
add name=guest ranges=10.10.60.2-10.10.60.254
add name=dhcp_pool6 ranges=10.10.60.2-10.10.60.254
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no \
interface=bridge1 lease-time=8h name=dhcp1
add address-pool=dhcp_pool4 authoritative=after-2sec-delay disabled=no \
interface=work lease-time=12h name=dhcp2
add address-pool=dhcp_pool6 authoritative=after-2sec-delay disabled=no \
interface=guest lease-time=8h name=dhcp3
/ppp profile
add change-tcp-mss=yes dns-server=8.8.8.8 local-address=10.10.16.1 name=vpn \
only-one=no remote-address=vpn use-compression=yes use-encryption=yes \
use-mpls=no
/snmp community
add addresses=0.0.0.0/0 name=longtime
/interface bridge port
add bridge=bridge1 hw=no interface=ether3
add bridge=bridge1 hw=no interface=ether2
add bridge=bridge1 hw=no interface=ether4
add bridge=bridge1 hw=no interface=ether5
add bridge=bridge1 hw=no interface=ether6
add bridge=bridge1 hw=no interface=ether7
add bridge=bridge1 hw=no interface=ether8
add bridge=bridge1 hw=no interface=ether9
add bridge=bridge1 hw=no interface=ether10
add bridge=bridge1 interface=*12
/interface bridge vlan
add bridge=bridge1 tagged=ether2,ether3,ether4,ether5,ether6,bridge1 vlan-ids=\
21
add bridge=bridge1 tagged=ether4,bridge1 vlan-ids=22
/interface l2tp-server server
set authentication=mschap2 default-profile=vpn enabled=yes ipsec-secret=\
123456789 max-sessions=20 use-ipsec=yes
/interface pppoe-server server
add authentication=mschap1,mschap2 default-profile=vpn disabled=no interface=\
<l2tp> service-name=service1
/interface pptp-server server
set authentication=chap,mschap1,mschap2 default-profile=vpn
/interface sstp-server server
set authentication=mschap1,mschap2 default-profile=vpn force-aes=yes pfs=yes
/ip address
add address=192.168.218.25/24 interface=ether1-wan network=192.168.218.0
add address=10.10.10.10/21 interface=bridge1 network=10.10.8.0
add address=10.10.51.1/24 interface=work network=10.10.51.0
add address=10.10.60.1/24 interface=guest network=10.10.60.0
/ip dhcp-client
add disabled=no interface=ether1-wan
/ip dhcp-server lease
add address=10.10.10.156 always-broadcast=yes client-id=1:0:23:14:6:d6:d8 \
mac-address=00:23:14:06:D6:D8 server=dhcp1
add address=10.10.9.7 always-broadcast=yes client-id=1:8:2e:5f:0:cb:d0 \
mac-address=08:2E:5F:00:CB:D0 server=dhcp1
add address=10.10.11.0 client-id=1:70:18:8b:d9:b6:c5 comment="Admin liza wifi" \
mac-address=70:18:8B:D9:B6:C5 server=dhcp1
add address=10.10.8.205 client-id=1:0:19:9c:4:f2:fd comment=\
"DVR MDC servernaya" mac-address=00:19:9C:04:F2:FD server=dhcp1
add address=10.10.10.130 always-broadcast=yes client-id=1:48:74:6e:b4:83:a \
mac-address=48:74:6E:B4:83:0A server=dhcp1
add address=10.10.10.252 always-broadcast=yes client-id=1:e0:ca:94:9:9d:95 \
mac-address=E0:CA:94:09:9D:95 server=dhcp1
add address=10.10.10.254 always-broadcast=yes client-id=1:0:22:fb:c7:34:a \
mac-address=00:22:FB:C7:34:0A server=dhcp1
add address=10.10.8.56 client-id=1:fc:ec:da:34:8d:97 mac-address=\
FC:EC:DA:34:8D:97 server=dhcp1
add address=10.10.8.34 always-broadcast=yes client-id=1:0:15:65:f9:c:55 \
mac-address=00:15:65:F9:0C:55 server=dhcp1
add address=10.10.8.30 always-broadcast=yes client-id=1:0:15:65:fc:b4:5a \
mac-address=00:15:65:FC:B4:5A server=dhcp1
add address=10.10.8.32 client-id=1:0:15:65:f9:c:b mac-address=00:15:65:F9:0C:0B \
server=dhcp1
add address=10.10.8.31 client-id=1:0:15:65:fc:7b:f5 mac-address=\
00:15:65:FC:7B:F5 server=dhcp1
add address=10.10.8.33 always-broadcast=yes client-id=1:0:15:65:f9:f:3f \
mac-address=00:15:65:F9:0F:3F server=dhcp1
add address=10.10.8.64 always-broadcast=yes client-id=1:fc:ec:da:34:8d:b9 \
mac-address=FC:EC:DA:34:8D:B9 server=dhcp1
add address=10.10.8.102 mac-address=00:17:C8:38:45:79
add address=10.10.8.103 always-broadcast=yes mac-address=00:17:C8:39:7C:69
add address=10.10.8.104 always-broadcast=yes mac-address=6C:3B:E5:09:52:21
add address=10.10.8.101 always-broadcast=yes client-id=1:0:17:c8:68:1c:44 \
mac-address=00:17:C8:68:1C:44 server=dhcp1
add address=10.10.8.63 client-id=1:fc:ec:da:8c:58:64 mac-address=\
FC:EC:DA:8C:58:64 server=dhcp1
add address=10.10.8.53 always-broadcast=yes client-id=1:f0:9f:c2:8e:f7:92 \
mac-address=F0:9F:C2:8E:F7:92 server=dhcp1
add address=10.10.8.58 client-id=1:b4:fb:e4:a4:ae:2c mac-address=\
B4:FB:E4:A4:AE:2C server=dhcp1
add address=10.10.8.59 always-broadcast=yes client-id=1:b4:fb:e4:a4:a3:b0 \
mac-address=B4:FB:E4:A4:A3:B0 server=dhcp1
add address=10.10.8.60 always-broadcast=yes client-id=1:f0:9f:c2:c8:a1:c6 \
mac-address=F0:9F:C2:C8:A1:C6 server=dhcp1
add address=10.10.8.61 always-broadcast=yes client-id=1:f0:9f:c2:c8:aa:50 \
mac-address=F0:9F:C2:C8:AA:50 server=dhcp1
add address=10.10.8.52 client-id=1:fc:ec:da:8c:62:59 mac-address=\
FC:EC:DA:8C:62:59 server=dhcp1
add address=10.10.8.55 client-id=1:78:8a:20:e2:f1:f8 mac-address=\
78:8A:20:E2:F1:F8 server=dhcp1
add address=10.10.8.65 always-broadcast=yes client-id=1:18:d6:c7:98:5a:fa \
mac-address=18:D6:C7:98:5A:FA server=dhcp1
add address=10.10.8.66 always-broadcast=yes client-id=1:c4:e9:84:59:46:de \
mac-address=C4:E9:84:59:46:DE server=dhcp1
add address=10.10.8.69 always-broadcast=yes client-id=1:c4:e9:84:59:4c:18 \
mac-address=C4:E9:84:59:4C:18 server=dhcp1
add address=10.10.8.48 client-id=1:b0:6e:bf:ce:d3:fc mac-address=\
B0:6E:BF:CE:D3:FC server=dhcp1
add address=10.10.8.68 always-broadcast=yes client-id=1:c4:e9:84:67:d5:95 \
mac-address=C4:E9:84:67:D5:95 server=dhcp1
add address=10.10.8.2 client-id=1:0:1b:fc:c1:d1:a8 mac-address=\
00:1B:FC:C1:D1:A8 server=dhcp1
add address=10.10.8.71 always-broadcast=yes client-id=1:84:16:f9:6f:58:8b \
mac-address=84:16:F9:6F:58:8B server=dhcp1
add address=10.10.8.70 always-broadcast=yes client-id=1:c4:e9:84:67:d4:89 \
mac-address=C4:E9:84:67:D4:89 server=dhcp1
add address=10.10.9.4 client-id=1:8c:16:45:82:92:86 mac-address=\
8C:16:45:82:92:86 server=dhcp1
add address=10.10.8.6 comment=Zabbix mac-address=20:CF:30:C6:94:17 server=dhcp1
add address=10.10.8.7 client-id=1:78:8a:20:46:74:11 mac-address=\
78:8A:20:46:74:11 server=dhcp1
add address=10.10.8.5 client-id=1:0:30:48:b8:1d:fd mac-address=\
00:30:48:B8:1D:FD server=dhcp1
add address=10.10.8.201 mac-address=84:9A:40:6A:31:D7
add address=10.10.8.202 client-id=1:84:9a:40:4d:63:50 mac-address=\
84:9A:40:4D:63:50 server=dhcp1
add address=10.10.8.62 client-id=1:74:83:c2:2c:d9:3c mac-address=\
74:83:C2:2C:D9:3C server=dhcp1
add address=10.10.8.51 client-id=1:f0:9f:c2:c8:a1:d3 mac-address=\
F0:9F:C2:C8:A1:D3 server=dhcp1
add address=10.10.8.72 client-id=1:74:83:c2:2c:d2:8e mac-address=\
74:83:C2:2C:D2:8E server=dhcp1
add address=10.10.8.73 client-id=1:74:83:c2:2c:d2:ba mac-address=\
74:83:C2:2C:D2:BA server=dhcp1
add address=10.10.8.35 client-id=1:0:15:65:f9:78:15 mac-address=\
00:15:65:F9:78:15 server=dhcp1
add address=10.10.10.142 client-id=1:f8:c0:91:16:71:2a mac-address=\
F8:C0:91:16:71:2A server=dhcp1
add address=10.10.8.74 client-id=1:18:e8:29:8:a9:c5 mac-address=\
18:E8:29:08:A9:C5 server=dhcp1
add address=10.10.8.67 client-id=1:18:e8:29:8:a9:c0 mac-address=\
18:E8:29:08:A9:C0 server=dhcp1
add address=10.10.8.75 client-id=1:b4:fb:e4:a4:ac:66 mac-address=\
B4:FB:E4:A4:AC:66 server=dhcp1
add address=10.10.13.11 always-broadcast=yes client-id=1:ec:8c:9a:52:ed:6 \
mac-address=EC:8C:9A:52:ED:06 server=dhcp1
add address=10.10.8.76 always-broadcast=yes client-id=1:f0:9f:c2:c8:a0:4f \
mac-address=F0:9F:C2:C8:A0:4F server=dhcp1
add address=10.10.14.15 client-id=1:c0:25:e9:b4:ff:9 mac-address=\
C0:25:E9:B4:FF:09 server=dhcp1
add address=10.10.8.36 client-id=1:0:15:65:f9:75:7b mac-address=\
00:15:65:F9:75:7B server=dhcp1
add address=10.10.8.90 client-id=1:d8:d:17:2a:8:4a mac-address=\
D8:0D:17:2A:08:4A server=dhcp1
add address=10.10.8.91 client-id=1:d8:d:17:bc:98:6c mac-address=\
D8:0D:17:BC:98:6C server=dhcp1
add address=10.10.8.105 client-id=1:0:17:c8:38:ba:36 mac-address=\
00:17:C8:38:BA:36 server=dhcp1
add address=10.10.8.54 client-id=1:74:ac:b9:93:66:d6 mac-address=\
74:AC:B9:93:66:D6 server=dhcp1
add address=10.10.8.57 client-id=1:74:ac:b9:93:5c:5f mac-address=\
74:AC:B9:93:5C:5F server=dhcp1
add address=10.10.8.203 client-id=1:4c:bd:8f:a6:51:2c mac-address=\
4C:BD:8F:A6:51:2C server=dhcp1
add address=10.10.8.204 client-id=1:4c:bd:8f:a6:51:8e mac-address=\
4C:BD:8F:A6:51:8E server=dhcp1
/ip dhcp-server network
add address=10.10.8.0/21 dns-server=10.10.8.3,8.8.8.8 domain=medical.lan \
gateway=10.10.10.10
add address=10.10.51.0/24 dns-server=10.10.8.3,8.8.8.8 domain=medical.lan \
gateway=10.10.51.1
add address=10.10.60.0/24 dns-server=8.8.8.8,10.10.8.3 domain=guest gateway=\
10.10.60.1
/ip dns
set allow-remote-requests=yes cache-size=4096KiB servers=\
192.168.2.20,192.168.2.90
/ip firewall filter
add action=accept chain=input dst-port=1723 in-interface=ether1-wan log=yes \
protocol=tcp
add action=accept chain=input in-interface=ether1-wan protocol=icmp
add action=accept chain=input in-interface=ether1-wan protocol=l2tp
add action=accept chain=input dst-port=500,1701,4500 in-interface=ether1-wan \
log=yes protocol=udp
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input in-interface=ether1-wan protocol=gre
add action=accept chain=input dst-port=4500 in-interface=ether1-wan protocol=\
tcp
add action=accept chain=forward disabled=yes in-interface=bridge1 protocol=udp \
src-port=16384-32768
add action=accept chain=input in-interface=ether1-wan protocol=ipsec-ah
add action=accept chain=forward disabled=yes in-interface=bridge1 protocol=tcp \
src-port=5060-5080
add action=accept chain=forward disabled=yes in-interface=bridge1 protocol=udp \
src-port=5060-5080
add action=accept chain=forward disabled=yes in-interface=l2tp-out1 protocol=\
tcp src-port=8080
add action=drop chain=forward dst-address=10.10.8.0/21 src-address=\
10.10.60.0/24
add action=drop chain=forward dst-address=10.10.60.0/24 src-address=\
10.10.8.0/21
add action=drop chain=forward dst-address=10.10.60.0/24 src-address=\
10.10.51.0/24
add action=drop chain=forward dst-address=10.10.51.0/24 src-address=\
10.10.60.0/24
add action=accept chain=forward out-interface=ether1-wan src-address=10.10.60.1
add action=accept chain=input connection-state=established,related disabled=yes
/ip firewall nat
add action=dst-nat chain=dstnat comment="Web \F2\E5\EB\E5\F4\EE\ED\ED\E0\FF \F1\
\F2\E0\ED\F6\E8\FF \EF\E5\F0\E2\FB\E9 \EA\EE\F0\EF\F3\F1" dst-port=44310 \
protocol=tcp to-addresses=10.10.10.1 to-ports=80
add action=dst-nat chain=dstnat comment="\C4\EB\FF \F4\E8\F1\EA\E0\EB\EA\E8" \
dst-port=5555 protocol=tcp to-addresses=10.10.8.6 to-ports=5555
add action=dst-nat chain=dstnat comment="Web \F2\E5\EB\E5\F4\EE\ED\ED\E0\FF \F1\
\F2\E0\ED\F6\E8\FF \E2\F2\EE\F0\EE\E9 \EA\EE\F0\EF\F3\F1" dst-port=44311 \
protocol=tcp to-addresses=10.10.10.3 to-ports=80
add action=netmap chain=dstnat comment="3S ESXI" dst-port=902 in-interface=\
ether1-wan protocol=tcp to-addresses=10.10.10.11 to-ports=902
add action=netmap chain=dstnat comment="ASU RDP" dst-port=3348 in-interface=\
ether1-wan log=yes protocol=tcp to-addresses=10.10.8.48 to-ports=41183
add action=netmap chain=dstnat comment=Backup disabled=yes dst-port=3999 \
in-interface=ether1-wan log=yes protocol=tcp to-addresses=10.10.8.2 \
to-ports=3389
add action=netmap chain=dstnat comment=Terminal dst-port=3997 in-interface=\
ether1-wan log=yes protocol=tcp to-addresses=10.10.8.5 to-ports=41183
add action=netmap chain=dstnat comment="3S ESXI" disabled=yes dst-port=8090 \
in-interface=ether1-wan protocol=tcp to-addresses=10.10.10.11 to-ports=443
# l2tp-out1 not ready
add action=netmap chain=dstnat comment="3S ESXI" dst-port=636 in-interface=\
l2tp-out1 protocol=tcp to-addresses=10.10.10.11 to-ports=22
add action=dst-nat chain=dstnat comment="DC RDP" disabled=yes dst-port=3998 \
in-interface=ether1-wan protocol=tcp to-addresses=10.10.8.3 to-ports=41183
add action=netmap chain=dstnat comment="3S TERM" disabled=yes dst-port=3384 \
in-interface=ether1-wan protocol=tcp to-addresses=10.10.8.4 to-ports=41183
add action=netmap chain=dstnat comment="RDP server Bolid" dst-port=3341 \
in-interface=ether1-wan protocol=tcp to-addresses=10.10.8.41 to-ports=3389
add action=netmap chain=dstnat comment="3S RK" dst-port=3391 in-interface=\
ether1-wan protocol=tcp to-addresses=10.10.9.244 to-ports=3389
add action=netmap chain=dstnat comment="3S RK SH 4002" dst-port=4002 \
in-interface=ether1-wan protocol=tcp to-addresses=10.10.9.244 to-ports=4002
add action=netmap chain=dstnat comment="3S RK SH 4001" dst-port=4001 \
in-interface=ether1-wan protocol=tcp to-addresses=10.10.9.244 to-ports=4001
add action=netmap chain=dstnat comment=\
"\ED\EE\E2\E0\FF \F2\E5\EB \F1\F2\E0\ED\F6\E8\FF" dst-port=5588 \
in-interface=ether1-wan protocol=udp to-addresses=10.10.10.3 to-ports=5588
add action=dst-nat chain=dstnat comment=\
"\ED\EE\E2\E0\FF \F2\E5\EB \F1\F2\E0\ED\F6\E8\FF" dst-port=1720 \
in-interface=ether1-wan protocol=tcp to-addresses=10.10.10.3 to-ports=1720
add action=dst-nat chain=dstnat comment=\
"\ED\EE\E2\E0\FF \F2\E5\EB \F1\F2\E0\ED\F6\E8\FF" dst-port=2048-3071 \
in-interface=ether1-wan protocol=tcp to-addresses=10.10.10.3 to-ports=\
2048-3071
add action=dst-nat chain=dstnat comment=\
"\ED\EE\E2\E0\FF \F2\E5\EB \F1\F2\E0\ED\F6\E8\FF" dst-port=2048-3071 \
in-interface=ether1-wan protocol=udp to-addresses=10.10.10.3 to-ports=\
2048-3071
add action=dst-nat chain=dstnat dst-port=554 in-interface=ether1-wan log=yes \
protocol=tcp to-addresses=10.10.11.47 to-ports=554
add action=dst-nat chain=dstnat dst-port=555 in-interface=ether1-wan protocol=\
tcp to-addresses=10.10.11.48 to-ports=554
add action=dst-nat chain=dstnat dst-port=9080 in-interface=ether1-wan protocol=\
tcp to-addresses=10.10.11.47 to-ports=80
add action=dst-nat chain=dstnat comment=\
"\ED\EE\E2\E0\FF \F2\E5\EB \F1\F2\E0\ED\F6\E8\FF" dst-port=5060 \
in-interface=ether1-wan protocol=udp to-addresses=10.10.10.3 to-ports=5060
add action=masquerade chain=srcnat
add action=dst-nat chain=dstnat dst-port=3390 protocol=tcp to-addresses=\
10.10.8.4 to-ports=3389
add action=dst-nat chain=dstnat dst-port=222 protocol=tcp to-addresses=\
10.10.10.222 to-ports=22
add action=dst-nat chain=dstnat dst-port=444 protocol=tcp to-addresses=\
10.10.8.16 to-ports=80
add action=dst-nat chain=dstnat in-interface=ether1-wan to-addresses=\
10.10.10.156
add action=dst-nat chain=dstnat comment="Voip Gateway" disabled=yes dst-port=\
8080 log=yes protocol=tcp to-addresses=10.10.9.30 to-ports=80
add action=dst-nat chain=dstnat comment="Voip Gateway" dst-port=23 protocol=tcp \
to-addresses=10.10.9.30 to-ports=23
add action=dst-nat chain=dstnat comment="Reg RVI verh" dst-port=37777 protocol=\
tcp to-addresses=10.10.8.11 to-ports=37777
add action=dst-nat chain=dstnat comment="Reg RVI verh" dst-port=37778 protocol=\
tcp to-addresses=10.10.8.11 to-ports=37778
add action=dst-nat chain=dstnat comment="Reg MD (niz)" dst-port=5920 protocol=\
tcp to-addresses=10.10.8.10 to-ports=5920
add action=dst-nat chain=dstnat dst-port=5921 protocol=tcp to-addresses=\
10.10.8.10 to-ports=5921
add action=accept chain=dstnat disabled=yes dst-port=16384-32768 in-interface=\
all-ethernet protocol=udp
add action=masquerade chain=srcnat dst-address=10.10.35.0/24 out-interface=\
ether1-wan
/ip firewall service-port
set sip disabled=yes
/ip proxy
set cache-path=web-proxy1
/ip route
add disabled=yes distance=1 dst-address=10.10.10.10/32 gateway=*10
add distance=1 dst-address=192.168.0.0/16 gateway=192.168.218.1
/ip route rule
add dst-address=10.10.8.0/21 interface=bridge1 routing-mark=main src-address=\
10.10.51.0/24 table=main
add dst-address=10.10.51.0/24 interface=bridge1 routing-mark=main src-address=\
10.10.8.0/21 table=main
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=81
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip traffic-flow
set active-flow-timeout=1m enabled=yes
/ip traffic-flow target
add dst-address=10.10.8.17 port=9996
/ppp secret
add name=mahdi password=kDeYda4u profile=vpn service=l2tp
/snmp
set enabled=yes location="Three Sisters" trap-generators=\
start-trap,temp-exception trap-interfaces=all,ether1-wan trap-target=\
192.168.2.88,10.10.8.6 trap-version=2
/system clock
set time-zone-name=Europe/Moscow
/system logging
set 0 action=disk
add action=remote topics=firewall
/system ntp client
set enabled=yes primary-ntp=162.159.200.1 secondary-ntp=162.159.200.1
/system ntp server
set broadcast=yes broadcast-addresses=10.10.8.255 enabled=yes manycast=no
/system upgrade upgrade-package-source
add address=159.148.172.226
/system watchdog
set automatic-supout=no watchdog-timer=no
/tool graphing interface
add interface=ether1-wan store-on-disk=no
add interface=bridge1 store-on-disk=no
add interface=ether4
/tool sniffer
set file-limit=100000KiB file-name=artcom19102018_1 filter-interface=all \
filter-port=http memory-limit=100000KiB streaming-enabled=yes \
streaming-server=10.10.10.222
/tool traffic-monitor
add interface=l2tp-out1 name=tmon1 threshold=0