При подключении по vpn, пингуются все ресурсы локальной сети, но в сетевом окружении не одной машинки не видно. Что я не так наконфигурировал и что нужно прописать или исправить, что бы домашние пк было видно в сетевом окружении?
Код: Выделить всё
]/interface bridge
add arp=proxy-arp name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=WAN
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-256-ctr,aes-128-cbc
/ip pool
add name=dhcp ranges=192.168.88.2-192.168.88.254
add name=vpn ranges=192.168.89.0/24
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=dhcp1
/ppp profile
set *0 bridge=bridge local-address=vpn remote-address=dhcp
set *FFFFFFFE bridge=bridge local-address=vpn remote-address=dhcp
/interface bridge filter
# in/out-bridge-port matcher not possible when interface (WAN) is not slave
add action=drop chain=output dst-mac-address=\
01:00:0C:CC:CC:CC/FF:FF:FF:FF:FF:FF out-interface=WAN
# in/out-bridge-port matcher not possible when interface (WAN) is not slave
add action=drop chain=output dst-mac-address=\
01:00:0C:CC:CC:CC/FF:FF:FF:FF:FF:FF out-interface=WAN
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=wlan1
/interface l2tp-server server
set authentication=mschap2 default-profile=default enabled=yes ipsec-secret=\
********************************* max-mru=1500 max-mtu=1500 use-ipsec=yes
/interface pptp-server server
set authentication=mschap2
/ip address
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=WAN
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1 netmask=24
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip dns static
add address=8.8.8.8 name=goog
add address=8.8.4.4 name=goog
/ip firewall address-list
add address=0.0.0.0/8 list=BOGON
add address=10.0.0.0/8 list=BOGON
add address=100.64.0.0/10 list=BOGON
add address=127.0.0.0/8 list=BOGON
add address=169.254.0.0/16 list=BOGON
add address=172.16.0.0/12 list=BOGON
add address=192.0.0.0/24 list=BOGON
add address=192.0.2.0/24 list=BOGON
add address=192.168.0.0/16 list=BOGON
add address=198.18.0.0/15 list=BOGON
add address=198.51.100.0/24 list=BOGON
add address=203.0.113.0/24 list=BOGON
add address=224.0.0.0/4 list=BOGON
add address=240.0.0.0/4 list=BOGON
/ip firewall filter
add action=accept chain=input connection-state=new dst-port=\
80,8291,22,65522,445 in-interface=bridge protocol=tcp
add action=accept chain=input connection-state=new dst-port=53,123,445 \
in-interface=bridge protocol=udp
add action=accept chain=input connection-state=established,related
add action=accept chain=output connection-state=!invalid
add action=accept chain=input in-interface=bridge protocol=udp src-port=\
137,138,139,445,1701
add action=accept chain=accept in-interface=bridge port=1701,4500 protocol=\
udp
add action=accept chain=input in-interface=bridge protocol=ipsec-esp
add action=accept chain=forward in-interface=bridge protocol=udp
add action=accept chain=forward in-interface=bridge protocol=tcp
add action=accept chain=forward connection-state=established,related
add action=drop chain=input protocol=icmp
add action=drop chain=forward connection-state=invalid
add action=drop chain=input in-interface=WAN src-address-list=BOGON
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="Port scanners to list " \
protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \
tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \
tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\
tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp \
tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" \
src-address-list="port scanners"
add action=drop chain=input comment="Drop blocklist" dst-address-list=\
blocklist
add action=drop chain=forward comment="Drop blocklist" dst-address-list=\
blocklist
add action=add-src-to-address-list address-list="dns flood" \
address-list-timeout=1h chain=input dst-port=\
0,12,17,19,53,123,161,1900,9987,27015,27690 in-interface=WAN protocol=udp
add action=drop chain=input dst-port=\
0,12,17,19,53,123,161,1900,9987,27015,27690 in-interface=WAN protocol=udp \
src-address-list="dns flood"
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp
add action=jump chain=forward connection-state=new jump-target=block-ddos
add action=drop chain=forward connection-state=new dst-address-list=ddosed \
src-address-list=ddoser
add action=return chain=block-ddos dst-limit=50,50,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=\
10m chain=block-ddos
add action=add-src-to-address-list address-list=ddoser address-list-timeout=\
12h chain=block-ddos
/ip firewall mangle
add action=mark-packet chain=input in-interface=all-ppp new-packet-mark=esp \
passthrough=yes protocol=ipsec-esp
add action=mark-connection chain=prerouting connection-state=new dst-port=\
12850 new-connection-mark=allow_in passthrough=yes protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge src-address=\
192.168.88.0/24
add action=masquerade chain=srcnat out-interface=WAN
add action=redirect chain=dstnat dst-port=12850 protocol=tcp to-ports=80
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip ipsec peer
add enc-algorithm=aes-256,camellia-256 exchange-mode=main-l2tp passive=yes \
secret=*******
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb
set allow-guests=no comment=Mikrotik domain=GHJHFKL interfaces=bridge
/ip smb users
add name=*************** password=*****
/ppp secret
add name=**** password=**** service=l2tp
/system routerboard settings
set init-delay=1s silent-boot=yes
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=wlan1