Есть два Микрота. 1-Сервер (Имеет постоянный внешний IP) 2-Клиент,
Между ними поднят VPN, L2TP+EoIP. DHCP между сетями заблокировано, получается одна локальная сеть на два, скажем, офиса.
Адрес этой сети 192.168.0.0/24
На 1-Сервер, есть ещё один VPN, к которому подключается любое устройство извне, по L2TP+IpSec.
Тоже настроено, работает, устройство подключается хорошо и может ходить в интернет с внешнего IP Сервера.
Проблема в том, что это, третье устройство не видит сеть 192.168.0.0/24.
А я очень хочу, что бы видело.
Помогите?
Спасибо!
/interface bridge
add admin-mac=D4:CA:6D:A4:A6:E1 auto-mac=no mtu=1500 name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] arp=proxy-arp name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
/interface l2tp-server
add name=l2tp-in1 user=PPUSER
/interface eoip
add allow-fast-path=no !keepalive mac-address=02:47:7D:36:A7:47 name=\
eoip-tunnel1 remote-address=192.168.5.1 tunnel-id=7
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik wpa-pre-shared-key=\
WiFiPASWD wpa2-pre-shared-key=WIFIKEY
add authentication-types=wpa-psk,wpa2-psk management-protection=allowed mode=\
dynamic-keys name=NAME supplicant-identity=MikroTik \
wpa-pre-shared-key= WIFIKEY wpa2-pre-shared-key= WIFIKEY
/interface wireless
set [ find default-name=wlan1 ] arp=proxy-arp band=2ghz-b/g/n channel-width=\
20/40mhz-Ce country=russia disabled=no distance=indoors frequency=2452 \
mode=ap-bridge security-profile=V1ctory ssid=V1ctory wireless-protocol=\
802.11
/interface wireless nstreme
set wlan1 enable-polling=no
/ip neighbor discovery
set wlan1 discover=no
/interface wireless
add default-ap-tx-limit=1024000 default-client-tx-limit=1024000 mac-address=\
D6:CA:6D:A4:A6:E5 master-interface=wlan1 mode=ap-bridge name=FreeWiFi \
ssid=Free4All
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=8h \
pfs-group=none
add enc-algorithms=aes-256-cbc,3des name=iphone-proposal pfs-group=none
/ip pool
add name=dhcp ranges=192.168.0.10-192.168.0.99
add name=dhcp_pool1 ranges=192.168.2.2-192.168.2.254
add name=vpn ranges=192.168.5.5-192.168.5.50
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local lease-time=3d name=\
default
add address-pool=dhcp_pool1 disabled=no interface=FreeWiFi lease-time=3d \
name=dhcp1
/ppp profile
add change-tcp-mss=yes local-address=192.168.5.2 name=karman only-one=no \
remote-address=192.168.5.1
add change-tcp-mss=yes dns-server=8.8.8.8 local-address=192.168.5.4 name=\
iphone remote-address=192.168.5.3 use-encryption=required
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/user group
add name=ftp policy="ftp,read,!local,!telnet,!ssh,!reboot,!write,!policy,!test\
,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude"
/interface bridge filter
add action=drop chain=forward comment=\
"Drop all DHCP requests over EoIP bridge" dst-port=67 ip-protocol=udp \
mac-protocol=ip
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=FreeWiFi
add bridge=bridge-local interface=eoip-tunnel1
add bridge=bridge-local
/interface l2tp-server server
set authentication=mschap2 enabled=yes ipsec-secret=vctr max-mru=1460 \
max-mtu=1460 use-ipsec=yes
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default enabled=\
yes
/ip address
add address=192.168.0.2/24 comment="default configuration" interface=\
ether2-master-local network=192.168.0.0
add address=192.168.2.1/24 interface=FreeWiFi network=192.168.2.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.0.0/24 comment="default configuration" dns-server=\
192.168.0.2 gateway=192.168.0.2 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,77.88.8.8
/ip dns static
add address=192.168.0.2 name=router
/ip firewall filter
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=""
add action=accept chain=input comment="default configuration" \
connection-state=related
add action=accept chain=input protocol=gre
add action=accept chain=input dst-address=///extrnal ip/// dst-port=1701 \
protocol=udp src-port=1701
add action=accept chain=input dst-address=///extrnal ip/// dst-port=21 \
in-interface=ether1-gateway protocol=tcp
add action=accept chain=input dst-address=///extrnal ip/// dst-port=1723 \
in-interface=ether1-gateway protocol=tcp
add action=accept chain=input dst-port=500 in-interface=ether1-gateway \
protocol=udp
add action=accept chain=input dst-port=4500 in-interface=ether1-gateway \
protocol=udp
add action=accept chain=input in-interface=ether1-gateway protocol=ipsec-esp
add action=accept chain=input dst-port=1701 in-interface=ether1-gateway \
protocol=udp
add action=drop chain=input in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway to-addresses=0.0.0.0
/ip ipsec peer
add address=0.0.0.0/32 enc-algorithm=aes-256,3des exchange-mode=main-l2tp \
generate-policy=port-override local-address=0.0.0.0 secret=vctr
/ip ipsec policy
add proposal=iphone-proposal template=yes
/ip proxy
set cache-path=web-proxy1
/ip service
set telnet disabled=yes
set www address=192.168.88.0/24,192.168.0.0/24,10.10.10.10/32
set ssh address=192.168.88.0/24,192.168.0.0/24,10.10.10.10/32
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/ip smb
set domain=Workgroup enabled=yes
/ip smb shares
set [ find default=yes ] disabled=yes
add directory=/Files name=Files
/ip smb users
add name=FTPUSER password=FTPPASWD read-only=no
/ip upnp
set allow-disable-external-interface=yes
/ppp secret
add name=ppp1 password=PASWD profile=karman service=l2tp
add name=USER password=PASWD profile=iphone service=l2tp
/routing igmp-proxy interface
add alternative-subnets=239.1.1.0/24 interface=ether1-gateway upstream=yes
add interface=bridge-local
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Moscow
/system clock manual
set time-zone=+03:00
/system identity
set name=USER
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=91.226.136.136 secondary-ntp=88.147.254.228
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool romon port
add
add admin-mac=D4:CA:6D:A4:A6:E1 auto-mac=no mtu=1500 name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] arp=proxy-arp name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
/interface l2tp-server
add name=l2tp-in1 user=PPUSER
/interface eoip
add allow-fast-path=no !keepalive mac-address=02:47:7D:36:A7:47 name=\
eoip-tunnel1 remote-address=192.168.5.1 tunnel-id=7
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik wpa-pre-shared-key=\
WiFiPASWD wpa2-pre-shared-key=WIFIKEY
add authentication-types=wpa-psk,wpa2-psk management-protection=allowed mode=\
dynamic-keys name=NAME supplicant-identity=MikroTik \
wpa-pre-shared-key= WIFIKEY wpa2-pre-shared-key= WIFIKEY
/interface wireless
set [ find default-name=wlan1 ] arp=proxy-arp band=2ghz-b/g/n channel-width=\
20/40mhz-Ce country=russia disabled=no distance=indoors frequency=2452 \
mode=ap-bridge security-profile=V1ctory ssid=V1ctory wireless-protocol=\
802.11
/interface wireless nstreme
set wlan1 enable-polling=no
/ip neighbor discovery
set wlan1 discover=no
/interface wireless
add default-ap-tx-limit=1024000 default-client-tx-limit=1024000 mac-address=\
D6:CA:6D:A4:A6:E5 master-interface=wlan1 mode=ap-bridge name=FreeWiFi \
ssid=Free4All
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=8h \
pfs-group=none
add enc-algorithms=aes-256-cbc,3des name=iphone-proposal pfs-group=none
/ip pool
add name=dhcp ranges=192.168.0.10-192.168.0.99
add name=dhcp_pool1 ranges=192.168.2.2-192.168.2.254
add name=vpn ranges=192.168.5.5-192.168.5.50
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local lease-time=3d name=\
default
add address-pool=dhcp_pool1 disabled=no interface=FreeWiFi lease-time=3d \
name=dhcp1
/ppp profile
add change-tcp-mss=yes local-address=192.168.5.2 name=karman only-one=no \
remote-address=192.168.5.1
add change-tcp-mss=yes dns-server=8.8.8.8 local-address=192.168.5.4 name=\
iphone remote-address=192.168.5.3 use-encryption=required
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/user group
add name=ftp policy="ftp,read,!local,!telnet,!ssh,!reboot,!write,!policy,!test\
,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude"
/interface bridge filter
add action=drop chain=forward comment=\
"Drop all DHCP requests over EoIP bridge" dst-port=67 ip-protocol=udp \
mac-protocol=ip
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=FreeWiFi
add bridge=bridge-local interface=eoip-tunnel1
add bridge=bridge-local
/interface l2tp-server server
set authentication=mschap2 enabled=yes ipsec-secret=vctr max-mru=1460 \
max-mtu=1460 use-ipsec=yes
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default enabled=\
yes
/ip address
add address=192.168.0.2/24 comment="default configuration" interface=\
ether2-master-local network=192.168.0.0
add address=192.168.2.1/24 interface=FreeWiFi network=192.168.2.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.0.0/24 comment="default configuration" dns-server=\
192.168.0.2 gateway=192.168.0.2 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,77.88.8.8
/ip dns static
add address=192.168.0.2 name=router
/ip firewall filter
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=""
add action=accept chain=input comment="default configuration" \
connection-state=related
add action=accept chain=input protocol=gre
add action=accept chain=input dst-address=///extrnal ip/// dst-port=1701 \
protocol=udp src-port=1701
add action=accept chain=input dst-address=///extrnal ip/// dst-port=21 \
in-interface=ether1-gateway protocol=tcp
add action=accept chain=input dst-address=///extrnal ip/// dst-port=1723 \
in-interface=ether1-gateway protocol=tcp
add action=accept chain=input dst-port=500 in-interface=ether1-gateway \
protocol=udp
add action=accept chain=input dst-port=4500 in-interface=ether1-gateway \
protocol=udp
add action=accept chain=input in-interface=ether1-gateway protocol=ipsec-esp
add action=accept chain=input dst-port=1701 in-interface=ether1-gateway \
protocol=udp
add action=drop chain=input in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway to-addresses=0.0.0.0
/ip ipsec peer
add address=0.0.0.0/32 enc-algorithm=aes-256,3des exchange-mode=main-l2tp \
generate-policy=port-override local-address=0.0.0.0 secret=vctr
/ip ipsec policy
add proposal=iphone-proposal template=yes
/ip proxy
set cache-path=web-proxy1
/ip service
set telnet disabled=yes
set www address=192.168.88.0/24,192.168.0.0/24,10.10.10.10/32
set ssh address=192.168.88.0/24,192.168.0.0/24,10.10.10.10/32
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/ip smb
set domain=Workgroup enabled=yes
/ip smb shares
set [ find default=yes ] disabled=yes
add directory=/Files name=Files
/ip smb users
add name=FTPUSER password=FTPPASWD read-only=no
/ip upnp
set allow-disable-external-interface=yes
/ppp secret
add name=ppp1 password=PASWD profile=karman service=l2tp
add name=USER password=PASWD profile=iphone service=l2tp
/routing igmp-proxy interface
add alternative-subnets=239.1.1.0/24 interface=ether1-gateway upstream=yes
add interface=bridge-local
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Moscow
/system clock manual
set time-zone=+03:00
/system identity
set name=USER
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=91.226.136.136 secondary-ntp=88.147.254.228
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
/tool romon port
add