Большой пинг в ovpn туннеле

Раздел для тех, кто начинает знакомиться с MikroTik
Правила форума
Как правильно оформить вопрос.
Прежде чем начать настройку роутера, представьте, как это работает. Попробуйте почитать статьи об устройстве интернет-сетей. Убедитесь, что всё, что Вы задумали выполнимо вообще и на данном оборудовании в частности.
Не нужно изначально строить Наполеоновских планов. Попробуйте настроить простейшую конфигурацию, а усложнения добавлять в случае успеха постепенно.
Пожалуйста, не игнорируйте правила русского языка. Отсутствие знаков препинания и неграмотность автора топика для многих гуру достаточный повод проигнорировать топик вообще.

1. Назовите технологию подключения (динамический DHCP, L2TP, PPTP или что-то иное)
2. Изучите темку "Действия до настройки роутера".
viewtopic.php?f=15&t=2083
3. Настройте согласно выбранного Вами мануала
4. Дочитайте мануал до конца и без пропусков, в 70% случаев люди просто не до конца читают статью и пропускают важные моменты.
5. Если не получается, в Winbox открываем терминал и вбиваем там /export hide-sensitive. Результат в топик под кат, интимные подробности типа личных IP изменить на другие, пароль забить звездочками.
6. Нарисуйте Вашу сеть, рисунок (схему) сюда. На словах может быть одно, в действительности другое.
Ответить
butroskali
Сообщения: 0
Зарегистрирован: 14 мар 2017, 14:04

Добрый день, имеется два CCR1016-12G между которыми прокинут ovpn туннель, пинг на внешние ip идеальный, а в туннеле скачет от 10 до 4000 мс.
Подскажите пожалуйста, чем это может быть вызвано и как это лечить.
Конфиги:

 Сервер ovpn
# mar/14/2017 14:33:31 by RouterOS 6.38.3
# software id = AXN7-BP3K
#
/interface ovpn-client
add connect-to=93.171.140.88 disabled=yes mac-address=02:2B:A8:58:58:1F name=ovpn-out3 port=2005 user=Moscow-msk1c-mtk.tdrwt.ru
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1590
set [ find default-name=ether2 ] l2mtu=1590
set [ find default-name=ether3 ] l2mtu=1590
set [ find default-name=ether4 ] l2mtu=1590
set [ find default-name=ether5 ] l2mtu=1590
set [ find default-name=ether6 ] l2mtu=1590
set [ find default-name=ether7 ] l2mtu=1590
set [ find default-name=ether8 ] l2mtu=1590
set [ find default-name=ether9 ] l2mtu=1590
set [ find default-name=ether10 ] l2mtu=1590
set [ find default-name=ether11 ] l2mtu=1590
set [ find default-name=ether12 ] comment="lan 10.7.0.0/24 dlink dgs-1024d" l2mtu=1590
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=Moscow-msk1c-mtk.tdrwt.ru
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=DHCP_Pool_10.7 ranges=10.7.0.101-10.7.0.240
add name=msk-office ranges=10.7.250.1-10.7.250.100
/ip dhcp-server
add add-arp=yes address-pool=DHCP_Pool_10.7 disabled=no interface=ether12 lease-time=3d name=DHCP_10.7
/ppp profile
add local-address=10.7.250.1 name=msk-office remote-address=msk-office use-encryption=yes
/interface ovpn-client
add certificate=cert_2 cipher=aes256 comment="\C2\EF\ED 29-58.kartel.komi.me" connect-to=62.182.29.58 mac-address=02:7D:0A:7A:2C:C3 name=ovpn-out1 port=2004 \
profile=default-encryption user=Moscow-msk1c-mtk.tdrwt.ru
add certificate=ca_4 cipher=aes256 comment="ovpn \F1\EA\EB\E0\E4" connect-to=93.171.140.88 disabled=yes mac-address=02:5B:C5:8F:B4:76 name=ovpn-out2 port=2004 \
profile=default-encryption user=Moscow-msk1c-mtk.tdrwt.ru
/queue interface
set ether2 queue=wireless-default
set ovpn-out1 queue=default
/routing ospf instance
set [ find default=yes ] router-id=10.7.0.1
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface ovpn-server server
set auth=sha1 certificate=cert_3 cipher=aes256 default-profile=msk-office enabled=yes port=2005 require-client-certificate=yes
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.15.1/24 comment=wan disabled=yes interface=ether12 network=192.168.15.0
add address=10.7.0.1/24 interface=ether12 network=10.7.0.0
add address=87.229.250.178/30 interface=ether1 network=87.229.250.176
add address=192.168.15.50/24 disabled=yes interface=ether12 network=192.168.15.0
add address=10.7.2.1/24 disabled=yes interface=ether2 network=10.7.2.0
add address=93.171.140.88/24 disabled=yes interface=ether1 network=93.171.140.0
add address=10.7.0.1/24 disabled=yes interface=ovpn-out2 network=10.7.0.0
/ip dhcp-server lease
add address=10.7.0.254 address-lists=main_mobile_work client-id=1:c:8b:fd:4c:62:1a mac-address=0C:8B:FD:4C:62:1A server=DHCP_10.7
add address=10.7.0.8 address-lists=main_device client-id=1:20:aa:4b:59:8e:58 mac-address=20:AA:4B:59:8E:58 server=DHCP_10.7
add address=10.7.0.9 address-lists=main_device client-id=1:20:aa:4b:59:8f:80 mac-address=20:AA:4B:59:8F:80 server=DHCP_10.7
add address=10.7.0.252 address-lists=main_workstation client-id=1:74:d0:2b:c5:78:7e mac-address=74:D0:2B:C5:78:7E server=DHCP_10.7
add address=10.7.0.112 address-lists=main_device always-broadcast=yes client-id=1:f0:92:1c:63:62:4 mac-address=F0:92:1C:63:62:04 server=DHCP_10.7
add address=10.7.0.253 address-lists=main_workstation always-broadcast=yes client-id=1:74:d0:2b:c5:84:cd mac-address=74:D0:2B:C5:84:CD server=DHCP_10.7
add address=10.7.0.114 address-lists=main_device mac-address=2C:44:FD:07:DF:81 server=DHCP_10.7
add address=10.7.0.248 address-lists=main_workstation always-broadcast=yes client-id=1:74:d0:2b:c5:84:c0 mac-address=74:D0:2B:C5:84:C0 server=DHCP_10.7
add address=10.7.0.249 address-lists=main_workstation client-id=1:bc:5f:f4:af:47:83 mac-address=BC:5F:F4:AF:47:83 server=DHCP_10.7
add address=10.7.0.247 address-lists=main_workstation client-id=1:bc:5f:f4:af:47:45 mac-address=BC:5F:F4:AF:47:45 server=DHCP_10.7
add address=10.7.0.246 address-lists=main_workstation client-id=1:bc:5f:f4:af:a6:75 mac-address=BC:5F:F4:AF:A6:75 server=DHCP_10.7
add address=10.7.0.245 address-lists=main_workstation client-id=1:bc:5f:f4:af:47:a2 mac-address=BC:5F:F4:AF:47:A2 server=DHCP_10.7
add address=10.7.0.250 address-lists=main_mobile_work always-broadcast=yes client-id=1:9c:4e:36:87:ec:d8 mac-address=9C:4E:36:87:EC:D8 server=DHCP_10.7
add address=10.7.0.244 address-lists=main_workstation always-broadcast=yes client-id=1:bc:5f:f4:af:a6:32 mac-address=BC:5F:F4:AF:A6:32 server=DHCP_10.7
add address=10.7.0.251 address-lists=main_workstation client-id=1:bc:5f:f4:af:46:ea mac-address=BC:5F:F4:AF:46:EA server=DHCP_10.7
add address=10.7.0.243 address-lists=main_workstation client-id=1:9c:b6:54:a1:bc:b mac-address=9C:B6:54:A1:BC:0B server=DHCP_10.7
add address=10.7.0.115 address-lists=main_device mac-address=74:46:A0:52:69:84 server=DHCP_10.7
add address=10.7.0.113 address-lists=main_device always-broadcast=yes mac-address=1C:3E:84:96:0A:AF server=DHCP_10.7
add address=10.7.0.149 address-lists=main_device client-id=1:0:15:65:66:1a:c4 mac-address=00:15:65:66:1A:C4 server=DHCP_10.7
add address=10.7.0.150 always-broadcast=yes mac-address=90:48:9A:CD:30:87 server=DHCP_10.7
add address=10.7.0.148 address-lists=main_device client-id=1:0:15:65:8d:26:b0 mac-address=00:15:65:8D:26:B0 server=DHCP_10.7
add address=10.7.0.117 address-lists=main_device always-broadcast=yes client-id=1:bc:85:56:82:bf:43 mac-address=BC:85:56:82:BF:43 server=DHCP_10.7
add address=10.7.0.116 address-lists=main_device always-broadcast=yes client-id=1:80:56:f2:9c:56:bc lease-time=7h mac-address=80:56:F2:9C:56:BC server=\
DHCP_10.7
add address=10.7.0.242 address-lists=main_workstation client-id=1:bc:ae:c5:da:35:1b mac-address=BC:AE:C5:DA:35:1B server=DHCP_10.7
add address=10.7.0.236 address-lists=main_workstation client-id=1:90:2b:34:5a:ae:4b mac-address=90:2B:34:5A:AE:4B server=DHCP_10.7
add address=10.7.0.235 address-lists=main_workstation client-id=1:60:a4:4c:b5:74:8 mac-address=60:A4:4C:B5:74:08 server=DHCP_10.7
add address=10.7.0.237 address-lists=main_workstation client-id=1:e8:40:f2:d1:99:d5 mac-address=E8:40:F2:D1:99:D5 server=DHCP_10.7
add address=10.7.0.238 address-lists=main_workstation always-broadcast=yes client-id=1:6c:19:8f:62:be:44 mac-address=6C:19:8F:62:BE:44 server=DHCP_10.7
add address=10.7.0.240 address-lists=main_workstation always-broadcast=yes client-id=1:0:23:24:7d:b4:cb mac-address=00:23:24:7D:B4:CB server=DHCP_10.7
add address=10.7.0.241 address-lists=main_workstation client-id=1:bc:5f:f4:af:a6:6e mac-address=BC:5F:F4:AF:A6:6E server=DHCP_10.7
add address=10.7.0.239 address-lists=main_workstation always-broadcast=yes client-id=1:5c:ac:4c:73:75:38 mac-address=5C:AC:4C:73:75:38 server=DHCP_10.7
add address=10.7.0.165 always-broadcast=yes client-id=1:a0:d3:c1:ed:dd:68 mac-address=A0:D3:C1:ED:DD:68 server=DHCP_10.7
add address=10.7.0.131 client-id=1:4c:34:88:d6:4a:2 mac-address=4C:34:88:D6:4A:02 server=DHCP_10.7
add address=10.7.0.5 client-id=1:f4:b5:49:0:ac:47 comment=ATC mac-address=F4:B5:49:00:AC:47 server=DHCP_10.7
/ip dhcp-server network
add address=10.7.0.0/24 dns-server=10.8.0.10,10.7.0.1 domain=lan.dekalitr.ru gateway=10.7.0.1 ntp-server=10.7.0.1,10.1.1.1
/ip dns
set allow-remote-requests=yes servers=77.88.8.88,77.88.8.2,77.88.8.1,77.88.8.8
/ip firewall address-list
add address=10.7.0.0/24 list=main
add address=10.8.0.0/24 list=main
add address=10.1.1.0/24 list=main
add address=10.1.250.0/24 list=main
add address=192.168.14.0/24 list=main
add address=192.168.15.0/24 list=main
add address=192.168.2.0/24 list=main
add address=192.168.12.0/24 list=main
add address=78.36.105.213 list=main
add address=89.208.117.206 list=main
add address=62.182.25.250 list=main
add address=8.8.8.8 list=main
add address=91.226.136.136 list=main
add address=88.147.254.232 list=main
add address=10.8.250.0/24 list=main
add address=10.7.250.0/24 list=main
add address=10.7.2.0/24 list=main
add address=62.182.29.58 list=main
add address=192.168.100.0/24 list=main
add address=93.171.140.88 list=main
add address=87.229.250.178 list=main
add address=93.171.140.1 list=main
/ip firewall filter
add action=accept chain=input dst-port=1723 protocol=tcp
add action=drop chain=input in-interface=ether1 src-address-list=!main
add action=accept chain=input dst-port=2005 in-interface=ether1 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip firewall service-port
set sip disabled=yes sip-direct-media=no
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1
/ip route
add distance=1 gateway=87.229.250.177
add distance=1 dst-address=192.168.100.0/24 gateway=ovpn-out1
/ip smb
set allow-guests=no comment=msk2c-mtk.tdrwt.ru domain=workgroup interfaces=ether12
/ppp secret
add name=msk2c-mtk.tdrwt.ru password=********** profile=default-encryption routes=10.8.0.0/24 service=ovpn

/routing ospf network
add area=backbone network=10.1.250.0/24
add area=backbone network=10.7.0.0/24
add area=backbone disabled=yes network=192.168.15.0/24
/snmp
set enabled=yes location=Moscow-msk1c-mtk.tdrwt.ru
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=SR-07-01mtk
/system logging
add topics=pptp,!raw
/system ntp client
set enabled=yes primary-ntp=91.226.136.136 secondary-ntp=88.147.254.229
/system ntp server
set enabled=yes
/system scheduler
add interval=6h name=autobackup on-event=autobackup policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=jul/25/2016 start-time=\
16:57:35
/system script
add name=autobackup owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="log info \"Starting Automatic Backup Script\" \r\
\n:global thisdate [/system clock get date] \r\
\n:global datetimestring ([:pick \$thisdate 0 3] .\"-\" . [:pick \$thisdate 4 6] .\"-\" . [:pick \$thisdate 7 11]) \r\
\n:global backupfilename ([/system identity get name].\"_\".\$datetimestring.\"_1w\") \r\
\n:global ftpusername \"ftpbackup\" \r\
\n:global ftpuserpassword \"********\" \r\
\n:global ftphostname \"10.4.0.14\" \r\
\n/system backup save name=\"\$backupfilename\" \r\
\n:delay 5s \r\
\n/export compact file=\"\$backupfilename\" \r\
\n:log info \"Please wait\85!!!\" \r\
\n:delay 5s \r\
\n/tool fetch address=\"\$ftphostname\" src-path=\"\$backupfilename.backup\" user=\"\$ftpusername\" password=\"\$\" port=21 upload=yes mode=f\
tp dst-path=\"/mtk/msk-mkt-korov10/\$backupfilename.backup\" \r\
\n:log info \"Sending Backup Mikrotik to FTP Server\85\85\85\85.\" \r\
\n:delay 1s \r\
\n/tool fetch address=\"\$ftphostname\" src-path=\"\$backupfilename.rsc\" user=\"\$ftpusername\" password=\"\$\" port=21 upload=yes mode=ftp\
\_dst-path=\"/mtk/msk-mkt-korov10/\$backupfilename.rsc\" \r\
\n:delay 1s \r\
\n/file remove \"\$backupfilename.backup\" \r\
\n/file remove \"\$backupfilename.rsc\" \r\
\n:log info \"Finished Backup Script\85!!!!\""
add name=backup_no_e-mail owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# Mikrotik Backup Script for Mikrotik 6.x \
Series, well tested with 6.3x.x\r\
\n:log warning \"Mikrotik Router Backup no mail JOB Started\"\r\
\n:local company \"Dekalitr\"\r\
\n:local sub1 ([/system identity get name])\r\
\n:local sub2 ([/system clock get date])\r\
\n\r\
\n:local datetimestring ([:pick \$sub2 0 3] .\"-\" . [:pick \$sub2 4 6] .\"-\" . [:pick \$sub2 7 11])\r\
\n:local backupfilename (\$sub1.\"_\".\$datetimestring.\"_full_backup\")\r\
\n:local mikrotikexport (\$sub1.\"_\".\$datetimestring.\"_config_backup\")\r\
\n\r\
\n:log warning \"\$company : Creating new up to date backup files . . . \"\r\
\n\r\
\n# Start creating Backup files backup and export both\r\
\n/system backup save dont-encrypt=yes name=\$backupfilename\r\
\n/export file=\$mikrotikexport\r\
\n\r\
\n:log warning \"\$company : Backup no mail JOB process pausing for 10s so it can complete creating backup. Usually for Slow systems ...\"\r\
\n:delay 10s\r\
\n\r\
\n# REMOVE Old backup files to save space.\r\
\n#/file remove \$backupfile\r\
\n#/file remove \$mikrotikexport\r\
\n\r\
\n# Print Log for done\r\
\n:log warning \"\$company : Backup no mail JOB: Process Finished & Backup File Removed. All Done\"\r\
\n# Script END"
/tool bandwidth-server
set enabled=no
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
/tool user-manager database
set db-path=web-proxy1


 Клиент ovpn
# mar/14/2017 14:47:55 by RouterOS 6.38.3
# software id = FEAN-6ANK
#
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1590
set [ find default-name=ether2 ] l2mtu=1590
set [ find default-name=ether3 ] l2mtu=1590
set [ find default-name=ether4 ] l2mtu=1590
set [ find default-name=ether5 ] l2mtu=1590
set [ find default-name=ether6 ] comment="lan 10.8.0.0/24 dlink dgs-1024d" l2mtu=1590
set [ find default-name=ether7 ] l2mtu=1590
set [ find default-name=ether8 ] l2mtu=1590
set [ find default-name=ether9 ] l2mtu=1590
set [ find default-name=ether10 ] l2mtu=1590
set [ find default-name=ether11 ] l2mtu=1590
set [ find default-name=ether12 ] l2mtu=1590
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=msk2-mtk.tdrwt.ru
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=DHCP_Pool_10.8 ranges=10.8.0.150-10.8.0.254
/ip dhcp-server
add add-arp=yes address-pool=DHCP_Pool_10.8 disabled=no interface=ether6 lease-time=3d name=DHCP_10.8
/interface ovpn-client
add certificate=cert_2 cipher=aes256 comment="\C2\EF\ED 29-58.kartel.komi.me" connect-to=62.182.29.58 mac-address=02:0C:61:89:4C:C1 name=ovpn-out1 port=2004 profile=\
default-encryption user=Moscow-msk2c-mtk.tdrwt.ru
add certificate=cert_2 cipher=aes256 comment="\C2\CF\CD \E2 \EE\F4\E8\F1 87.229.250.178" connect-to=87.229.250.178 disabled=yes mac-address=02:31:BB:3D:AF:EB name=\
ovpn-out2 port=2005 profile=default-encryption user=msk2c-mtk.tdrwt.ru
add certificate=cert_2 cipher=aes256 connect-to=87.229.250.178 mac-address=02:13:BA:09:35:3C name=ovpn-out3 port=2005 profile=default-encryption user=msk2c-mtk.tdrwt.ru
/queue interface
set ovpn-out1 queue=default
set ovpn-out2 queue=default
/routing ospf instance
set [ find default=yes ] router-id=10.8.0.1
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add disabled=yes interface=ether1
add
/interface ovpn-server server
set auth=sha1 certificate=cert_1 cipher=blowfish128,aes256 default-profile=profile1 max-mtu=1400 port=2005
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=10.8.0.1/24 interface=ether6 network=10.8.0.0
add address=10.8.254.1/24 disabled=yes interface=ovpn-out2 network=10.8.254.0
add address=87.229.250.178/30 disabled=yes interface=ether1 network=87.229.250.176
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=10.8.0.254 address-lists=main_workstation client-id=1:bc:5f:f4:af:47:a3 comment="\EA\EE\EC\EF rvt-cert1.kripton.local \C1\E0\E7\EE\E5\E2\E0 \C5\D4" \
mac-address=BC:5F:F4:AF:47:A3 server=DHCP_10.8
add address=10.8.0.4 address-lists=main_servers client-id=1:20:aa:4b:59:8a:78 comment="PG SPA8000" mac-address=20:AA:4B:59:8A:78 server=DHCP_10.8
add address=10.8.0.10 address-lists=main_servers always-broadcast=yes client-id=1:52:41:53:20:92:2b:34:da:eb:51:0:0:0:0:0:0 comment="\F1\E5\F0\E2\E5\F0 sr-08-10w" \
mac-address=92:2B:34:DA:EB:51 server=DHCP_10.8
add address=10.8.0.250 address-lists=main_workstation always-broadcast=yes client-id=1:bc:5f:f4:af:47:a5 comment=\
"\EA\EE\EC\EF ws-08-176w.kripton.local \CF\EE\E4\EB\E8\EF\E0\EB\E8\ED\E0 \CE\C2" mac-address=BC:5F:F4:AF:47:A5 server=DHCP_10.8
add address=10.8.0.110 address-lists=main_devices always-broadcast=yes client-id=1:0:c0:ee:b1:d8:7c comment="\EE\EF\E5\F0\E0\F2\EE\F0\F1\EA\E0\FF Kyocera" mac-address=\
00:C0:EE:B1:D8:7C server=DHCP_10.8
add address=10.8.0.248 address-lists=main_workstation always-broadcast=yes client-id=1:0:e0:53:f:61:fb comment="\EA\EE\EC\EF \ED\E0 \F1\EA\EB\E0\E4\E5" mac-address=\
00:E0:53:0F:61:FB server=DHCP_10.8
add address=10.8.0.111 address-lists=main_devices always-broadcast=yes client-id=1:f0:92:1c:63:62:6 comment="\EE\EF\E5\F0\E0\F2\EE\F0\F1\EA\E0\FF HP LaserJet 600 M603" \
mac-address=F0:92:1C:63:62:06 server=DHCP_10.8
add address=10.8.0.112 address-lists=main_devices always-broadcast=yes client-id=1:a0:48:1c:68:6:1c comment="\F1\EA\EB\E0\E4 HP LaserJet 600 M603" mac-address=\
A0:48:1C:68:06:1C server=DHCP_10.8
add address=10.8.0.114 address-lists=main_devices client-id=1:f0:92:1c:63:62:2 comment="\EE\EF\E5\F0\E0\F2\EE\F0\F1\EA\E0\FF HP LaserJet 600 M603" mac-address=\
F0:92:1C:63:62:02 server=DHCP_10.8
add address=10.8.0.81 always-broadcast=yes client-id=1:44:39:c4:89:91:e9 comment="TSD 2" mac-address=44:39:C4:89:91:E9 server=DHCP_10.8
add address=10.8.0.80 always-broadcast=yes client-id=1:44:39:c4:89:91:b3 comment="TSD 1" mac-address=44:39:C4:89:91:B3 server=DHCP_10.8
add address=10.8.0.79 comment="\F2\E5\F0\EC\EE\EF\F0\E8\ED\F2\E5\F0 \E2 \EE\EF\E5\F0\E0\F2\EE\F0\F1\EA\EE\E9 PS-31EC4B" mac-address=00:1B:82:31:EC:4B server=DHCP_10.8
add address=10.8.0.181 client-id=1:0:15:65:8d:26:f4 comment="\F2\E5\EB\E5\F4\EE\ED \D1\F3\F5\E0\F0\E5\E2 ex.124" mac-address=00:15:65:8D:26:F4 server=DHCP_10.8
add address=10.8.0.176 client-id=1:44:8a:5b:e4:63:42 comment="\EA\EE\EC\EF ws-08-176w.lan.dekalitr.ru" mac-address=44:8A:5B:E4:63:42 server=DHCP_10.8
add address=10.8.0.91 address-lists=main comment="Eth1 SR-08-212033 Bridge" mac-address=0C:C4:7A:74:72:42 server=DHCP_10.8
add address=10.8.0.90 address-lists=main comment="iKVM SR-08-212033" mac-address=0C:C4:7A:74:6F:1D server=DHCP_10.8
add address=10.8.0.92 address-lists=main comment="Eth2 SR-08-212033" mac-address=0C:C4:7A:74:72:43 server=DHCP_10.8
add address=10.8.0.154 client-id=1:c0:18:85:b7:c4:5b comment="\E7\E0\E2 \F1\EA\EB\E0\E4\E0 \ED\EE\F3\F2" mac-address=C0:18:85:B7:C4:5B server=DHCP_10.8
add address=10.8.0.151 client-id=1:0:15:65:83:2d:d8 comment="\F2\E5\EB\E5\F4\EE\ED \F2\F0\F3\E1\EA\E0 \F1\EA\EB\E0\E4 ex125" mac-address=00:15:65:83:2D:D8 server=\
DHCP_10.8
add address=10.8.0.153 always-broadcast=yes client-id=1:e0:ca:94:53:8b:8c comment=Vitalic mac-address=E0:CA:94:53:8B:8C server=DHCP_10.8
add address=10.8.0.152 always-broadcast=yes comment=Volodina mac-address=D0:5B:A8:5D:74:C9 server=DHCP_10.8
add address=10.8.0.163 always-broadcast=yes client-id=1:4c:34:88:d6:4a:2 mac-address=4C:34:88:D6:4A:02 server=DHCP_10.8
add address=10.8.0.160 client-id=1:ec:9b:f3:b8:9a:b mac-address=EC:9B:F3:B8:9A:0B server=DHCP_10.8
add address=10.8.0.164 client-id=1:90:2b:34:da:eb:33 mac-address=90:2B:34:DA:EB:33 server=DHCP_10.8
add address=10.8.0.12 client-id=1:c8:d3:a3:ad:2a:1b mac-address=C8:D3:A3:AD:2A:1B server=DHCP_10.8
add address=10.8.0.247 client-id=1:10:be:f5:a7:4d:2 mac-address=10:BE:F5:A7:4D:02 server=DHCP_10.8
/ip dhcp-server network
add address=10.8.0.0/24 dns-server=10.8.0.10,10.8.0.1 domain=lan.dekalitr.ru gateway=10.8.0.1 ntp-server=10.8.0.1,10.1.1.1
/ip dns
set allow-remote-requests=yes servers=77.88.8.88,77.88.8.2,77.88.8.1,77.88.8.8
/ip firewall address-list
add address=78.36.105.213 list=main
add address=62.182.29.58 list=main
add address=87.229.250.178 list=main
add address=10.8.0.0/24 list=main
add address=10.1.1.0/24 list=main
add address=192.168.14.0/24 list=main
add address=192.168.15.0/24 list=main
add address=10.1.250.0/24 list=main
add address=10.8.250.0/24 list=main
add address=10.8.251.0/24 list=main
add address=10.5.0.0/24 list=main
add address=10.3.0.0/24 list=main
add address=10.6.0.0/24 list=main
add address=10.10.0.0/24 list=main
add address=10.2.0.0/24 list=main
add address=77.88.8.2 list=main
add address=91.226.136.136 list=main
add address=88.147.254.232 list=main
add address=10.7.0.0/24 list=main
add address=10.12.0.0/24 list=main
add address=10.7.250.0/24 list=main
add address=172.16.2.0/24 list=main
add address=192.168.100.0/24 list=main
add address=10.8.0.91 list=utm
add address=10.1.1.0/24 list=centr-utm
add address=10.8.0.90 list=utm
add address=10.8.0.92 list=utm
add address=10.11.0.0/24 list=main
add address=10.13.0.0/24 list=main
add address=10.1.2.0/24 list=main
add address=10.14.0.0/24 list=main
add address=93.171.140.88 list=main
add address=87.229.250.177 list=main
/ip firewall filter
add action=accept chain=input dst-port=1723 protocol=tcp
add action=drop chain=input in-interface=ether1 src-address-list=!main
add action=accept chain=input comment=icmp disabled=yes protocol=icmp
add action=accept chain=forward disabled=yes dst-address-list=utm in-interface=ovpn-out1 src-address-list=centr-utm
add action=drop chain=forward disabled=yes dst-address-list=utm in-interface=ovpn-out1
add action=accept chain=input disabled=yes dst-port=2005 in-interface=ether1 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=netmap chain=dstnat comment=sip disabled=yes dst-port=5060 in-interface=ether1 protocol=udp to-addresses=10.8.0.5 to-ports=5060
add action=redirect chain=dstnat disabled=yes dst-port=80 protocol=tcp to-ports=8080
/ip firewall service-port
set sip disabled=yes sip-direct-media=no
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-administrator=sukharevsu@tdrwt.ru cache-path=web-proxy1 enabled=yes max-cache-size=none
/ip route
add distance=1 dst-address=10.7.0.0/24 gateway=ovpn-out3 scope=5 target-scope=5

/ppp profile
add local-address=10.8.250.1 name=profile1 remote-address=*3 use-encryption=yes
/ppp secret
add name=Moscow-msk1c-mtk.tdrwt.ru password=********* profile=default-encryption service=ovpn
add name=msk-IGN profile=profile1 service=pptp

/routing ospf network
add area=backbone network=10.1.250.0/24
add area=backbone network=10.8.0.0/24
add area=backbone disabled=yes network=192.168.14.0/24
/snmp
set enabled=yes
/system clock
set time-zone-name=Europe/Moscow
/system health
set fan-mode=manual use-fan=auxiliary
/system identity
set name=SR-08-01mtk
/system logging
add topics=ovpn,!raw
add topics=pptp
/system ntp client
set enabled=yes primary-ntp=91.226.136.136 secondary-ntp=88.147.254.229
/system ntp server
set enabled=yes
/system scheduler
add interval=6h name=autobackup on-event=autobackup policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=jul/25/2016 start-time=20:53:51
/system script
add name=autobackup owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="log info \"Starting Automatic Backup Script\" \r\
\n:global thisdate [/system clock get date] \r\
\n:global datetimestring ([:pick \$thisdate 0 3] .\"-\" . [:pick \$thisdate 4 6] .\"-\" . [:pick \$thisdate 7 11]) \r\
\n:global backupfilename ([/system identity get name].\"_\".\$datetimestring.\"_1w\") \r\
\n:global ftpusername \"ftpbackup\" \r\
\n:global ftpuserpassword \"*********\" \r\
\n:global ftphostname \"10.4.0.14\" \r\
\n/system backup save name=\"\$backupfilename\" \r\
\n:delay 5s \r\
\n/export compact file=\"\$backupfilename\" \r\
\n:log info \"Please wait\85!!!\" \r\
\n:delay 5s \r\
\n/tool fetch address=\"\$ftphostname\" src-path=\"\$backupfilename.backup\" user=\"\$ftpusername\" password=\"\$\" port=21 upload=yes mode=ftp dst-path\
=\"/mtk/msk-mkt-korov35/\$backupfilename.backup\" \r\
\n:log info \"Sending Backup Mikrotik to FTP Server\85\85\85\85.\" \r\
\n:delay 1s \r\
\n/tool fetch address=\"\$ftphostname\" src-path=\"\$backupfilename.rsc\" user=\"\$ftpusername\" password=\"\$\" port=21 upload=yes mode=ftp dst-path=\
\"/mtk/msk-mkt-korov35/\$backupfilename.rsc\" \r\
\n:delay 1s \r\
\n/file remove \"\$backupfilename.backup\" \r\
\n/file remove \"\$backupfilename.rsc\" \r\
\n:log info \"Finished Backup Script\85!!!!\""
add name=backup_no_e-mail owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# Mikrotik Backup Script for Mikrotik 6.x Series, wel\
l tested with 6.3x.x\r\
\n:log warning \"Mikrotik Router Backup no mail JOB Started\"\r\
\n:local company \"Dekalitr\"\r\
\n:local sub1 ([/system identity get name])\r\
\n:local sub2 ([/system clock get date])\r\
\n\r\
\n:local datetimestring ([:pick \$sub2 0 3] .\"-\" . [:pick \$sub2 4 6] .\"-\" . [:pick \$sub2 7 11])\r\
\n:local backupfilename (\$sub1.\"_\".\$datetimestring.\"_full_backup\")\r\
\n:local mikrotikexport (\$sub1.\"_\".\$datetimestring.\"_config_backup\")\r\
\n\r\
\n:log warning \"\$company : Creating new up to date backup files . . . \"\r\
\n\r\
\n# Start creating Backup files backup and export both\r\
\n/system backup save dont-encrypt=yes name=\$backupfilename\r\
\n/export file=\$mikrotikexport\r\
\n\r\
\n:log warning \"\$company : Backup no mail JOB process pausing for 10s so it can complete creating backup. Usually for Slow systems ...\"\r\
\n:delay 10s\r\
\n\r\
\n# REMOVE Old backup files to save space.\r\
\n#/file remove \$backupfile\r\
\n#/file remove \$mikrotikexport\r\
\n\r\
\n# Print Log for done\r\
\n:log warning \"\$company : Backup no mail JOB: Process Finished & Backup File Removed. All Done\"\r\
\n# Script END"
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
/tool user-manager database
set db-path=web-proxy1


Ответить