Пытаюсь настроить туннель через брокера но похоже где то что то не понимаю...
Настраиваю по мануалу http://habrahabr.ru/post/189008/
Туннель создается, роуты тоже, адреса добавлены и компы получают ipv6 адреса.
Но в роутах все адреса висят как unreachable
В туннеле есть только отправленные пакеты - принятых 0
Возможно трабла связана с билайном который дает инет через l2tp но я честно не догоняю что и где исправить :(
# dec/01/2014 14:45:52 by RouterOS 6.22
# software id = XXXX-XXXX
#
/interface bridge
add comment="Internal LAN brige" mtu=1500 name=bridge-lan
/interface ethernet
set [ find default-name=ether1 ] comment="WAN, POE in"
set [ find default-name=ether2 ] comment="LAN, gbit sw"
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
set [ find default-name=ether6 ] comment="LAN, 100mb sw"
set [ find default-name=ether7 ] master-port=ether6
set [ find default-name=ether8 ] master-port=ether6
set [ find default-name=ether9 ] master-port=ether6
set [ find default-name=ether10 ] comment="POE out" master-port=ether6 \
poe-out=off
set [ find default-name=sfp1 ] disabled=yes
/interface 6to4
add comment="Hurricane Electric IPv6 Tunnel Broker" local-address=\
37.XXX.XXX.XX mtu=1280 name=6to4-HE remote-address=216.66.80.26
/ip neighbor discovery
set ether1 comment="WAN, POE in" discover=no
set ether2 comment="LAN, gbit sw"
set ether6 comment="LAN, 100mb sw"
set ether10 comment="POE out"
set "6to4-HE" comment="Hurricane Electric IPv6 Tunnel Broker"
set bridge-lan comment="Internal LAN brige"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm \
group-key-update=30m management-protection=allowed mode=dynamic-keys \
name=SkyNet supplicant-identity="" unicast-ciphers=tkip,aes-ccm \
wpa2-pre-shared-key=XXXXXXXX
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed name=Guest supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyg comment="Private LAN Wi-Fi" \
country=russia disabled=no frequency-mode=regulatory-domain l2mtu=2290 \
mode=ap-bridge security-profile=SkyNet tx-power=8 tx-power-mode=\
all-rates-fixed wireless-protocol=802.11
/interface wireless nstreme
set wlan1 comment="Private LAN Wi-Fi"
/interface wireless manual-tx-power-table
set wlan1 comment="Private LAN Wi-Fi"
/ip neighbor discovery
set wlan1 comment="Private LAN Wi-Fi" discover=no
/ip pool
add name=dhcp-local ranges=192.168.1.50-192.168.1.110
/ip dhcp-server
add address-pool=dhcp-local disabled=no interface=bridge-lan lease-time=3d \
name=dhcp-local
/port
set 0 name=serial0
/interface l2tp-client
add add-default-route=yes allow=chap comment="L2TP Beeline internet" \
connect-to=tp.internet.beeline.ru default-route-distance=1 \
dial-on-demand=no disabled=no keepalive-timeout=60 max-mru=1450 max-mtu=\
1450 mrru=1600 name=l2tp-client password=XXXXXXXX profile=\
default-encryption user=0896XXXXXX
/ip neighbor discovery
set l2tp-client comment="L2TP Beeline internet" discover=no
/system logging action
set 2 remember=yes
set 3 src-address=0.0.0.0
add disk-file-name=disk1/log name=extflashlog target=disk
/interface bridge port
add bridge=bridge-lan interface=ether2
add bridge=bridge-lan interface=ether6
add bridge=bridge-lan interface=sfp1
add bridge=bridge-lan interface=wlan1
/ip settings
set accept-redirects=yes
/ip address
add address=192.168.1.1/24 comment="Internal network" interface=bridge-lan \
network=192.168.1.0
/ip cloud
set enabled=yes
/ip dhcp-client
add default-route-distance=2 dhcp-options=hostname,clientid disabled=no \
interface=ether1
/ip dhcp-server lease
add address=192.168.1.5 comment="Desktop - Spirit (Cooler Master)" \
mac-address=90:2B:34:XX:XX:XX server=dhcp-local
/ip dhcp-server network
add address=192.168.1.0/24 comment="Home network DHCP" gateway=192.168.1.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=85.21.192.3,213.234.192.8
/ip firewall filter
add chain=input comment="Allow ping Mikrotik" protocol=icmp
add chain=forward comment="Allow ping my network" protocol=icmp
add action=drop chain=input comment="Drop flood on port 53" dst-port=53 \
in-interface=ether1 protocol=udp
add chain=input comment="Accert established connections Mikrotik" \
connection-state=established
add chain=forward comment="Accert established connections my network" \
connection-state=established
add chain=input comment="Accert related connections Mikrotik" \
connection-state=related
add chain=forward comment="Accert related connections my network" \
connection-state=related
add chain=input comment="access to winbox" in-interface=l2tp-client protocol=\
tcp src-port=666
add action=drop chain=input comment="Drop invalid connections Mikrotik" \
connection-state=invalid
add action=drop chain=forward comment="Drop invalid connections my network" \
connection-state=invalid
add chain=input comment="Access to router only from my network" src-address=\
192.168.1.0/24
add chain=input comment="Allow UDP to Mikrotik" protocol=udp
add chain=forward comment="Allow UDP to my network" protocol=udp
add chain=forward comment="Access to Internet from local network" \
out-interface=l2tp-client src-address=192.168.1.0/24
add chain=forward comment="Access to provider lan from local network" \
out-interface=ether1 src-address=192.168.1.0/24
add action=drop chain=input comment="Drop all other to Mikrotik" disabled=yes
add action=drop chain=forward comment="Drop all other to my network" \
disabled=yes
/ip firewall mangle
add action=change-mss chain=forward in-interface=l2tp-client new-mss=1420 \
protocol=tcp tcp-flags=syn tcp-mss=1421-65535
add action=change-mss chain=forward new-mss=1420 out-interface=l2tp-client \
protocol=tcp tcp-flags=syn tcp-mss=1421-65535
/ip firewall nat
add action=masquerade chain=srcnat out-interface=l2tp-client
add action=masquerade chain=srcnat out-interface=ether1
add action=netmap chain=dstnat comment=\
"Port forwarding from 666 to 8291 (winbox)" dst-port=666 in-interface=\
l2tp-client protocol=tcp to-addresses=192.168.1.1 to-ports=8291
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip route
add comment=beeline distance=1 dst-address=10.0.0.0/8 gateway=10.27.184.1
add comment=beeline distance=1 dst-address=78.107.1.0/24 gateway=10.27.184.1
add comment=beeline distance=1 dst-address=78.107.51.0/28 gateway=10.27.184.1
add comment=beeline distance=1 dst-address=78.107.196.0/22 gateway=\
10.27.184.1
add comment=beeline distance=1 dst-address=78.107.235.4/30 gateway=\
10.27.184.1
add comment=beeline distance=1 dst-address=83.102.146.96/27 gateway=\
10.27.184.1
add comment=beeline distance=1 dst-address=83.102.231.32/28 gateway=\
10.27.184.1
add comment=beeline distance=1 dst-address=85.21.0.0/24 gateway=10.27.184.1
add comment=beeline distance=1 dst-address=85.21.72.80/28 gateway=10.27.184.1
add comment=beeline distance=1 dst-address=85.21.79.0/24 gateway=10.27.184.1
add comment=beeline distance=1 dst-address=85.21.90.0/24 gateway=10.27.184.1
add comment=beeline distance=1 dst-address=85.21.108.16/28 gateway=\
10.27.184.1
add comment=beeline distance=1 dst-address=85.21.138.208/28 gateway=\
10.27.184.1
add comment=beeline distance=1 dst-address=85.21.192.3/32 gateway=10.27.184.1
add comment=beeline distance=1 dst-address=213.234.192.8/32 gateway=\
10.27.184.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.1.0/24
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.1.0/24
set api-ssl disabled=yes
/ip upnp
set allow-disable-external-interface=no enabled=yes
/ip upnp interfaces
add interface=bridge-lan type=internal
add interface=ether1 type=external
add interface=l2tp-client type=external
add disabled=yes interface=ether2 type=internal
add disabled=yes interface=ether3 type=internal
add disabled=yes interface=ether4 type=internal
add disabled=yes interface=ether5 type=internal
add disabled=yes interface=ether6 type=internal
add disabled=yes interface=sfp1 type=internal
add disabled=yes interface=ether7 type=internal
add disabled=yes interface=ether8 type=internal
add disabled=yes interface=ether9 type=internal
add disabled=yes interface=ether10 type=internal
add disabled=yes interface=wlan1 type=internal
add disabled=yes type=internal
/ipv6 address
add address=2001:470:1f08:ff3::2 interface=6to4-HE
add address=2001:470:1f09:ff3::1 interface=bridge-lan
/ipv6 firewall filter
add chain=forward
add chain=input
add chain=output
/ipv6 route
add comment="Hurricane Electric IPv6 Tunnel Broker" distance=1 dst-address=\
2000::/3 gateway=2001:470:1f08:ff3::1
/lcd
set backlight-timeout=10m default-screen=stat-slideshow time-interval=hour
/lcd pin
set pin-number=XXXX
/lcd interface pages
set 0 interfaces="bridge-lan,sfp1,ether1,ether2,ether3,ether4,ether5,ether6,et\
her7,ether8,ether9,ether10"
/snmp
set trap-community=public
/system clock
set time-zone-name=Europe/Moscow
/system clock manual
set time-zone=+03:00
/system identity
set name=XXXXXX
/system logging
set 0 disabled=yes
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
add action=extflashlog topics=critical
add action=extflashlog topics=error
add action=extflashlog topics=info
add action=extflashlog topics=warning
/system ntp client
set enabled=yes primary-ntp=198.60.73.8 secondary-ntp=89.109.251.21
/system scheduler
add comment="Run every month \"Backup to email\" script" interval=4w2d name=\
"Backup to e-mail schedule" on-event=\
"/system script run \"Backup to e-mail\"" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
nov/01/2014 start-time=00:00:00
add comment="Run every 15 min \"Update IP HE ipv6\" script" disabled=yes \
interval=15m name="Update IP HE ipv6" on-event=\
"/system script run \"Update IP HE ipv6\"" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
nov/01/2014 start-time=00:00:00
/system script
add name="Backup to e-mail" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source="{\r\
\n:log info \"Starting Backup Script...\";\r\
\n:local sysname [/system identity get name];\r\
\n:local sysver [/system package get system version];\r\
\n:log info \"Flushing DNS cache...\";\r\
\n/ip dns cache flush;\r\
\n:delay 2;\r\
\n:log info \"Deleting last Backups...\";\r\
\n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name]\
\_\\\r\
\n\"\$sysname-backup-\"]]!=\"nil\") do={/file remove \$i}};\r\
\n:delay 2;\r\
\n:local smtpserv [:resolve \"smtp.yandex.ru\"];\r\
\n:local Eaccount \"XXX@XXX\";\r\
\n:local pass \"XXXXXX\";\r\
\n:local backupfile (\"disk1/\$sysname-backup-\" . \\\r\
\n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
\nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".backup\
\");\r\
\n:log info \"Creating new Full Backup file...\";\r\
\n/system backup save name=\$backupfile;\r\
\n:delay 2;\r\
\n:log info \"Sending Full Backup file via E-mail...\";\r\
\n/tool e-mail send from=\"<\$Eaccount>\" to=\"<\$Eaccount>\" server=\$smt\
pserv \\\r\
\nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$backupfile\
\_\\\r\
\nsubject=(\"\$sysname Full Backup (\" . [/system clock get date] . \")\")\
\_\\\r\
\nbody=(\"\$sysname full Backup file see in attachment.\\nRouterOS version\
: \\\r\
\n\$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \" . \
\\\r\
\n[/system clock get date]);\r\
\n:delay 5;\r\
\n:local exportfile (\"disk1/\$sysname-backup-\" . \\\r\
\n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
\nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".rsc\");\
\r\
\n:log info \"Creating new Setup Script file...\";\r\
\n/export verbose file=\$exportfile;\r\
\n:delay 2;\r\
\n:log info \"Sending Setup Script file via E-mail...\";\r\
\n/tool e-mail send from=\"<\$Eaccount>\" to=\"<\$Eaccount>\" server=\$smt\
pserv \\\r\
\nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$exportfile\
\_\\\r\
\nsubject=(\"\$sysname Setup Script Backup (\" . [/system clock get date] \
. \\\r\
\n\")\") body=(\"\$sysname Setup Script file see in attachment.\\nRouterOS\
\_\\\r\
\nversion: \$sysver\\nTime and Date stamp: \" . [/system clock get time] .\
\_\" \\\r\
\n\" . [/system clock get date]);\r\
\n:delay 5;\r\
\n:log info \"All System Backups emailed successfully.\\nBackuping complet\
ed.\";\r\
\n}"
add name="Update IP HE ipv6" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# Updat\
e Hurricane Electric IPv6 Tunnel Client IPv4 address\r\
\n\r\
\n:local HEtunnelinterface \"6to4-HE\"\r\
\n:local HEtunnelid \"XXXXXX\"\r\
\n:local HEuserid \"XXXXXXX\"\r\
\n:local HEpasskey \"XXXXXXXXX\"\r\
\n:local HEupdatehost \"ipv4.tunnelbroker.net\"\r\
\n:local HEupdatepath \"/ipv4_end.php\"\r\
\n:local WANinterface \"l2tp-client\"\r\
\n:local outputfile (\"disk1/HE-\" . \$HEtunnelid . \".txt\")\r\
\n\r\
\n# Internal processing below...\r\
\n# ----------------------------------\r\
\n:local HEipv4addr\r\
\n\r\
\n# Get WAN interface IP address\r\
\n:set HEipv4addr [/ip address get [/ip address find interface=\$WANinterf\
ace] address]\r\
\n:set HEipv4addr [:pick [:tostr \$HEipv4addr] 0 [:find [:tostr \$HEipv4ad\
dr] \"/\"]]\r\
\n\r\
\n:if ([:len \$HEipv4addr] = 0) do={\r\
\n :log error (\"Could not get IP for interface \" . \$WANinterface)\r\
\n :error (\"Could not get IP for interface \" . \$WANinterface)\r\
\n}\r\
\n\r\
\n# Update the HEtunnelinterface with WAN IP\r\
\n/interface 6to4 {\r\
\n :if ([get (\$HEtunnelinterface) local-address] != \$HEipv4addr) do={\
\r\
\n :log info (\"Updating \" . \$HEtunnelinterface . \" local-address \
with new IP \" . \$HEipv4addr . \"...\")\r\
\n set (\$HEtunnelinterface) local-address=\$HEipv4addr\r\
\n }\r\
\n}\r\
\n\r\
\n:log info (\"Updating IPv6 Tunnel \" . \$HEtunnelid . \" Client IPv4 add\
ress to new IP \" . \$HEipv4addr . \"...\")\r\
\n/tool fetch mode=http \\\r\
\n host=(\$HEupdatehost) \\\r\
\n url=(\"http://\" . \$HEupdatehost . \$HEupdatepath . \
\\\r\
\n \"\?ip=\" . \$HEipv4addr . \\\r\
\n \"&pass=\" . \$HEpasskey . \\\r\
\n \"&user_id=\" . \$HEuserid . \\\r\
\n \"&tunnel_id=\" . \$HEtunnelid) \\\r\
\n dst-path=(\$outputfile)\r\
\n\r\
\n:log info ([/file get (\$outputfile) contents])\r\
\n/file remove (\$outputfile)"
/system watchdog
set automatic-supout=no watch-address=192.168.1.1
/tool e-mail
set address=213.180.193.38 from=XXXXX@XXXXXX last-status=succeeded \
password=XXXXXXXXX port=587 start-tls=yes user=XXXXX
/tool graphing interface
add store-on-disk=no
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge-lan
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge-lan
# software id = XXXX-XXXX
#
/interface bridge
add comment="Internal LAN brige" mtu=1500 name=bridge-lan
/interface ethernet
set [ find default-name=ether1 ] comment="WAN, POE in"
set [ find default-name=ether2 ] comment="LAN, gbit sw"
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
set [ find default-name=ether6 ] comment="LAN, 100mb sw"
set [ find default-name=ether7 ] master-port=ether6
set [ find default-name=ether8 ] master-port=ether6
set [ find default-name=ether9 ] master-port=ether6
set [ find default-name=ether10 ] comment="POE out" master-port=ether6 \
poe-out=off
set [ find default-name=sfp1 ] disabled=yes
/interface 6to4
add comment="Hurricane Electric IPv6 Tunnel Broker" local-address=\
37.XXX.XXX.XX mtu=1280 name=6to4-HE remote-address=216.66.80.26
/ip neighbor discovery
set ether1 comment="WAN, POE in" discover=no
set ether2 comment="LAN, gbit sw"
set ether6 comment="LAN, 100mb sw"
set ether10 comment="POE out"
set "6to4-HE" comment="Hurricane Electric IPv6 Tunnel Broker"
set bridge-lan comment="Internal LAN brige"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm \
group-key-update=30m management-protection=allowed mode=dynamic-keys \
name=SkyNet supplicant-identity="" unicast-ciphers=tkip,aes-ccm \
wpa2-pre-shared-key=XXXXXXXX
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed name=Guest supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyg comment="Private LAN Wi-Fi" \
country=russia disabled=no frequency-mode=regulatory-domain l2mtu=2290 \
mode=ap-bridge security-profile=SkyNet tx-power=8 tx-power-mode=\
all-rates-fixed wireless-protocol=802.11
/interface wireless nstreme
set wlan1 comment="Private LAN Wi-Fi"
/interface wireless manual-tx-power-table
set wlan1 comment="Private LAN Wi-Fi"
/ip neighbor discovery
set wlan1 comment="Private LAN Wi-Fi" discover=no
/ip pool
add name=dhcp-local ranges=192.168.1.50-192.168.1.110
/ip dhcp-server
add address-pool=dhcp-local disabled=no interface=bridge-lan lease-time=3d \
name=dhcp-local
/port
set 0 name=serial0
/interface l2tp-client
add add-default-route=yes allow=chap comment="L2TP Beeline internet" \
connect-to=tp.internet.beeline.ru default-route-distance=1 \
dial-on-demand=no disabled=no keepalive-timeout=60 max-mru=1450 max-mtu=\
1450 mrru=1600 name=l2tp-client password=XXXXXXXX profile=\
default-encryption user=0896XXXXXX
/ip neighbor discovery
set l2tp-client comment="L2TP Beeline internet" discover=no
/system logging action
set 2 remember=yes
set 3 src-address=0.0.0.0
add disk-file-name=disk1/log name=extflashlog target=disk
/interface bridge port
add bridge=bridge-lan interface=ether2
add bridge=bridge-lan interface=ether6
add bridge=bridge-lan interface=sfp1
add bridge=bridge-lan interface=wlan1
/ip settings
set accept-redirects=yes
/ip address
add address=192.168.1.1/24 comment="Internal network" interface=bridge-lan \
network=192.168.1.0
/ip cloud
set enabled=yes
/ip dhcp-client
add default-route-distance=2 dhcp-options=hostname,clientid disabled=no \
interface=ether1
/ip dhcp-server lease
add address=192.168.1.5 comment="Desktop - Spirit (Cooler Master)" \
mac-address=90:2B:34:XX:XX:XX server=dhcp-local
/ip dhcp-server network
add address=192.168.1.0/24 comment="Home network DHCP" gateway=192.168.1.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=85.21.192.3,213.234.192.8
/ip firewall filter
add chain=input comment="Allow ping Mikrotik" protocol=icmp
add chain=forward comment="Allow ping my network" protocol=icmp
add action=drop chain=input comment="Drop flood on port 53" dst-port=53 \
in-interface=ether1 protocol=udp
add chain=input comment="Accert established connections Mikrotik" \
connection-state=established
add chain=forward comment="Accert established connections my network" \
connection-state=established
add chain=input comment="Accert related connections Mikrotik" \
connection-state=related
add chain=forward comment="Accert related connections my network" \
connection-state=related
add chain=input comment="access to winbox" in-interface=l2tp-client protocol=\
tcp src-port=666
add action=drop chain=input comment="Drop invalid connections Mikrotik" \
connection-state=invalid
add action=drop chain=forward comment="Drop invalid connections my network" \
connection-state=invalid
add chain=input comment="Access to router only from my network" src-address=\
192.168.1.0/24
add chain=input comment="Allow UDP to Mikrotik" protocol=udp
add chain=forward comment="Allow UDP to my network" protocol=udp
add chain=forward comment="Access to Internet from local network" \
out-interface=l2tp-client src-address=192.168.1.0/24
add chain=forward comment="Access to provider lan from local network" \
out-interface=ether1 src-address=192.168.1.0/24
add action=drop chain=input comment="Drop all other to Mikrotik" disabled=yes
add action=drop chain=forward comment="Drop all other to my network" \
disabled=yes
/ip firewall mangle
add action=change-mss chain=forward in-interface=l2tp-client new-mss=1420 \
protocol=tcp tcp-flags=syn tcp-mss=1421-65535
add action=change-mss chain=forward new-mss=1420 out-interface=l2tp-client \
protocol=tcp tcp-flags=syn tcp-mss=1421-65535
/ip firewall nat
add action=masquerade chain=srcnat out-interface=l2tp-client
add action=masquerade chain=srcnat out-interface=ether1
add action=netmap chain=dstnat comment=\
"Port forwarding from 666 to 8291 (winbox)" dst-port=666 in-interface=\
l2tp-client protocol=tcp to-addresses=192.168.1.1 to-ports=8291
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip route
add comment=beeline distance=1 dst-address=10.0.0.0/8 gateway=10.27.184.1
add comment=beeline distance=1 dst-address=78.107.1.0/24 gateway=10.27.184.1
add comment=beeline distance=1 dst-address=78.107.51.0/28 gateway=10.27.184.1
add comment=beeline distance=1 dst-address=78.107.196.0/22 gateway=\
10.27.184.1
add comment=beeline distance=1 dst-address=78.107.235.4/30 gateway=\
10.27.184.1
add comment=beeline distance=1 dst-address=83.102.146.96/27 gateway=\
10.27.184.1
add comment=beeline distance=1 dst-address=83.102.231.32/28 gateway=\
10.27.184.1
add comment=beeline distance=1 dst-address=85.21.0.0/24 gateway=10.27.184.1
add comment=beeline distance=1 dst-address=85.21.72.80/28 gateway=10.27.184.1
add comment=beeline distance=1 dst-address=85.21.79.0/24 gateway=10.27.184.1
add comment=beeline distance=1 dst-address=85.21.90.0/24 gateway=10.27.184.1
add comment=beeline distance=1 dst-address=85.21.108.16/28 gateway=\
10.27.184.1
add comment=beeline distance=1 dst-address=85.21.138.208/28 gateway=\
10.27.184.1
add comment=beeline distance=1 dst-address=85.21.192.3/32 gateway=10.27.184.1
add comment=beeline distance=1 dst-address=213.234.192.8/32 gateway=\
10.27.184.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.1.0/24
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.1.0/24
set api-ssl disabled=yes
/ip upnp
set allow-disable-external-interface=no enabled=yes
/ip upnp interfaces
add interface=bridge-lan type=internal
add interface=ether1 type=external
add interface=l2tp-client type=external
add disabled=yes interface=ether2 type=internal
add disabled=yes interface=ether3 type=internal
add disabled=yes interface=ether4 type=internal
add disabled=yes interface=ether5 type=internal
add disabled=yes interface=ether6 type=internal
add disabled=yes interface=sfp1 type=internal
add disabled=yes interface=ether7 type=internal
add disabled=yes interface=ether8 type=internal
add disabled=yes interface=ether9 type=internal
add disabled=yes interface=ether10 type=internal
add disabled=yes interface=wlan1 type=internal
add disabled=yes type=internal
/ipv6 address
add address=2001:470:1f08:ff3::2 interface=6to4-HE
add address=2001:470:1f09:ff3::1 interface=bridge-lan
/ipv6 firewall filter
add chain=forward
add chain=input
add chain=output
/ipv6 route
add comment="Hurricane Electric IPv6 Tunnel Broker" distance=1 dst-address=\
2000::/3 gateway=2001:470:1f08:ff3::1
/lcd
set backlight-timeout=10m default-screen=stat-slideshow time-interval=hour
/lcd pin
set pin-number=XXXX
/lcd interface pages
set 0 interfaces="bridge-lan,sfp1,ether1,ether2,ether3,ether4,ether5,ether6,et\
her7,ether8,ether9,ether10"
/snmp
set trap-community=public
/system clock
set time-zone-name=Europe/Moscow
/system clock manual
set time-zone=+03:00
/system identity
set name=XXXXXX
/system logging
set 0 disabled=yes
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
add action=extflashlog topics=critical
add action=extflashlog topics=error
add action=extflashlog topics=info
add action=extflashlog topics=warning
/system ntp client
set enabled=yes primary-ntp=198.60.73.8 secondary-ntp=89.109.251.21
/system scheduler
add comment="Run every month \"Backup to email\" script" interval=4w2d name=\
"Backup to e-mail schedule" on-event=\
"/system script run \"Backup to e-mail\"" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
nov/01/2014 start-time=00:00:00
add comment="Run every 15 min \"Update IP HE ipv6\" script" disabled=yes \
interval=15m name="Update IP HE ipv6" on-event=\
"/system script run \"Update IP HE ipv6\"" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
nov/01/2014 start-time=00:00:00
/system script
add name="Backup to e-mail" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source="{\r\
\n:log info \"Starting Backup Script...\";\r\
\n:local sysname [/system identity get name];\r\
\n:local sysver [/system package get system version];\r\
\n:log info \"Flushing DNS cache...\";\r\
\n/ip dns cache flush;\r\
\n:delay 2;\r\
\n:log info \"Deleting last Backups...\";\r\
\n:foreach i in=[/file find] do={:if ([:typeof [:find [/file get \$i name]\
\_\\\r\
\n\"\$sysname-backup-\"]]!=\"nil\") do={/file remove \$i}};\r\
\n:delay 2;\r\
\n:local smtpserv [:resolve \"smtp.yandex.ru\"];\r\
\n:local Eaccount \"XXX@XXX\";\r\
\n:local pass \"XXXXXX\";\r\
\n:local backupfile (\"disk1/\$sysname-backup-\" . \\\r\
\n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
\nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".backup\
\");\r\
\n:log info \"Creating new Full Backup file...\";\r\
\n/system backup save name=\$backupfile;\r\
\n:delay 2;\r\
\n:log info \"Sending Full Backup file via E-mail...\";\r\
\n/tool e-mail send from=\"<\$Eaccount>\" to=\"<\$Eaccount>\" server=\$smt\
pserv \\\r\
\nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$backupfile\
\_\\\r\
\nsubject=(\"\$sysname Full Backup (\" . [/system clock get date] . \")\")\
\_\\\r\
\nbody=(\"\$sysname full Backup file see in attachment.\\nRouterOS version\
: \\\r\
\n\$sysver\\nTime and Date stamp: \" . [/system clock get time] . \" \" . \
\\\r\
\n[/system clock get date]);\r\
\n:delay 5;\r\
\n:local exportfile (\"disk1/\$sysname-backup-\" . \\\r\
\n[:pick [/system clock get date] 7 11] . [:pick [/system \\\r\
\nclock get date] 0 3] . [:pick [/system clock get date] 4 6] . \".rsc\");\
\r\
\n:log info \"Creating new Setup Script file...\";\r\
\n/export verbose file=\$exportfile;\r\
\n:delay 2;\r\
\n:log info \"Sending Setup Script file via E-mail...\";\r\
\n/tool e-mail send from=\"<\$Eaccount>\" to=\"<\$Eaccount>\" server=\$smt\
pserv \\\r\
\nport=587 user=\$Eaccount password=\$pass start-tls=yes file=\$exportfile\
\_\\\r\
\nsubject=(\"\$sysname Setup Script Backup (\" . [/system clock get date] \
. \\\r\
\n\")\") body=(\"\$sysname Setup Script file see in attachment.\\nRouterOS\
\_\\\r\
\nversion: \$sysver\\nTime and Date stamp: \" . [/system clock get time] .\
\_\" \\\r\
\n\" . [/system clock get date]);\r\
\n:delay 5;\r\
\n:log info \"All System Backups emailed successfully.\\nBackuping complet\
ed.\";\r\
\n}"
add name="Update IP HE ipv6" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source="# Updat\
e Hurricane Electric IPv6 Tunnel Client IPv4 address\r\
\n\r\
\n:local HEtunnelinterface \"6to4-HE\"\r\
\n:local HEtunnelid \"XXXXXX\"\r\
\n:local HEuserid \"XXXXXXX\"\r\
\n:local HEpasskey \"XXXXXXXXX\"\r\
\n:local HEupdatehost \"ipv4.tunnelbroker.net\"\r\
\n:local HEupdatepath \"/ipv4_end.php\"\r\
\n:local WANinterface \"l2tp-client\"\r\
\n:local outputfile (\"disk1/HE-\" . \$HEtunnelid . \".txt\")\r\
\n\r\
\n# Internal processing below...\r\
\n# ----------------------------------\r\
\n:local HEipv4addr\r\
\n\r\
\n# Get WAN interface IP address\r\
\n:set HEipv4addr [/ip address get [/ip address find interface=\$WANinterf\
ace] address]\r\
\n:set HEipv4addr [:pick [:tostr \$HEipv4addr] 0 [:find [:tostr \$HEipv4ad\
dr] \"/\"]]\r\
\n\r\
\n:if ([:len \$HEipv4addr] = 0) do={\r\
\n :log error (\"Could not get IP for interface \" . \$WANinterface)\r\
\n :error (\"Could not get IP for interface \" . \$WANinterface)\r\
\n}\r\
\n\r\
\n# Update the HEtunnelinterface with WAN IP\r\
\n/interface 6to4 {\r\
\n :if ([get (\$HEtunnelinterface) local-address] != \$HEipv4addr) do={\
\r\
\n :log info (\"Updating \" . \$HEtunnelinterface . \" local-address \
with new IP \" . \$HEipv4addr . \"...\")\r\
\n set (\$HEtunnelinterface) local-address=\$HEipv4addr\r\
\n }\r\
\n}\r\
\n\r\
\n:log info (\"Updating IPv6 Tunnel \" . \$HEtunnelid . \" Client IPv4 add\
ress to new IP \" . \$HEipv4addr . \"...\")\r\
\n/tool fetch mode=http \\\r\
\n host=(\$HEupdatehost) \\\r\
\n url=(\"http://\" . \$HEupdatehost . \$HEupdatepath . \
\\\r\
\n \"\?ip=\" . \$HEipv4addr . \\\r\
\n \"&pass=\" . \$HEpasskey . \\\r\
\n \"&user_id=\" . \$HEuserid . \\\r\
\n \"&tunnel_id=\" . \$HEtunnelid) \\\r\
\n dst-path=(\$outputfile)\r\
\n\r\
\n:log info ([/file get (\$outputfile) contents])\r\
\n/file remove (\$outputfile)"
/system watchdog
set automatic-supout=no watch-address=192.168.1.1
/tool e-mail
set address=213.180.193.38 from=XXXXX@XXXXXX last-status=succeeded \
password=XXXXXXXXX port=587 start-tls=yes user=XXXXX
/tool graphing interface
add store-on-disk=no
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge-lan
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge-lan
p.s.
Проблемы с "невидимым" заголовком спойлера большей частью решаются за 2 минуты правкой формы :)
Достаточно вставлять по клику на спойлер не spoiler=/spoiler а spoiler=spoiler/spoiler
