# mar/31/2014 21:20:46 by RouterOS 6.10
# software id = F6JG-98TI
#
/interface ethernet
set [ find default-name=ether1 ] name=p1
set [ find default-name=ether2 ] name=p2
set [ find default-name=ether3 ] name=p3
set [ find default-name=ether4 ] name=p4
set [ find default-name=ether5 ] name=p5
/interface ipip
add local-address=91.225.192.194 name=Tunnel0 remote-address=91.225.192.206
add local-address=46.52.166.70 name=Tunnel1 remote-address=82.162.83.100
add local-address=91.225.192.194 name=Tunnel2 remote-address=82.162.83.100
/interface vlan
add interface=p1 l2mtu=1596 name=isp1.vdc vlan-id=6
add interface=p1 l2mtu=1596 name=isp2.enforta vlan-id=49
add interface=p1 l2mtu=1596 name=local vlan-id=5
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=vpnserverusers ranges=10.0.18.2-10.0.18.99
/ppp profile
add change-tcp-mss=yes local-address=10.0.18.1 name=vpnserverhome \
remote-address=vpnserverusers use-encryption=yes
/routing ospf instance
set [ find default=yes ] redistribute-static=as-type-2 router-id=192.168.6.1
/tool user-manager profile
add name=unlim name-for-users="" override-shared-users=unlimited owner=admin \
price=0 starts-at=logon validity=0s
/interface pptp-server server
set default-profile=vpnserverhome enabled=yes max-mru=1460 max-mtu=1460
/ip address
add address=91.225.192.194/29 interface=isp1.vdc network=91.225.192.192
add address=46.52.166.70/30 interface=isp2.enforta network=46.52.166.68
add address=10.6.0.1/30 interface=local network=10.6.0.0
add address=172.21.12.2/30 interface=Tunnel0 network=172.21.12.0
add address=172.21.12.6/30 interface=Tunnel1 network=172.21.12.4
add address=192.168.6.2/32 interface=p2 network=192.168.6.2
add address=172.21.12.9/30 interface=Tunnel2 network=172.21.12.8
/ip dns
set allow-remote-requests=yes
/ip firewall address-list
add address=192.168.6.0/24 list=local
add address=192.168.6.179 list=local-to-rezerv-access
add address=192.168.6.142 list=local-to-rezerv-access
/ip firewall filter
add chain=input dst-port=1723 in-interface=isp1.vdc protocol=tcp
add chain=input dst-port=1723 in-interface=isp2.enforta protocol=tcp
add chain=input dst-port=1812 protocol=tcp
add chain=input dst-port=1813 protocol=tcp
add action=drop chain=input dst-address=154.35.32.145
/ip firewall mangle
add action=mark-routing chain=output new-routing-mark=beznal
/ip firewall nat
add action=masquerade chain=srcnat out-interface=isp1.vdc src-address=\
!10.0.18.2-10.0.18.99 src-address-list=local to-addresses=0.0.0.0
add action=masquerade chain=srcnat out-interface=isp2.enforta src-address=\
!10.0.18.2-10.0.18.99 src-address-list=local-to-rezerv-access \
to-addresses=0.0.0.0
add action=dst-nat chain=dstnat dst-address=91.225.192.194 dst-port=3389 \
protocol=tcp to-addresses=192.168.6.142 to-ports=3389
add action=dst-nat chain=dstnat dst-address=91.225.192.194 dst-port=110 \
protocol=tcp to-addresses=192.168.6.98 to-ports=110
add action=dst-nat chain=dstnat dst-address=91.225.192.194 dst-port=25 \
protocol=tcp to-addresses=192.168.6.98 to-ports=25
add action=dst-nat chain=dstnat dst-address=91.225.192.194 dst-port=443 \
protocol=tcp to-addresses=192.168.6.98 to-ports=443
add action=dst-nat chain=dstnat dst-address=91.225.192.194 dst-port=80 \
protocol=tcp to-addresses=192.168.6.98 to-ports=80
add action=dst-nat chain=dstnat dst-address=91.225.192.194 dst-port=8080 \
protocol=tcp to-addresses=192.168.6.98 to-ports=8080
add action=dst-nat chain=dstnat dst-address=91.225.192.194 dst-port=21 \
protocol=tcp to-addresses=192.168.6.98 to-ports=21
add action=dst-nat chain=dstnat dst-address=91.225.192.194 dst-port=143 \
protocol=tcp to-addresses=192.168.6.98 to-ports=143
add action=dst-nat chain=dstnat dst-address=91.225.192.194 dst-port=53 \
protocol=udp to-addresses=192.168.6.98 to-ports=53
add action=dst-nat chain=dstnat dst-address=91.225.192.194 dst-port=53 \
protocol=tcp to-addresses=192.168.6.98 to-ports=53
add action=dst-nat chain=dstnat dst-address=91.225.192.194 dst-port=22 \
protocol=tcp to-addresses=192.168.6.98 to-ports=22
/ip route
add distance=1 gateway=91.225.192.193 routing-mark=isp1
add distance=1 gateway=46.52.166.69 routing-mark=isp2
add distance=1 dst-address=192.168.12.0/24 gateway=Tunnel0 routing-mark=\
baznal
add comment="Default Gateway" distance=1 gateway=91.225.192.193
add distance=1 dst-address=8.8.4.4/32 gateway=91.225.192.193
add distance=110 dst-address=10.173.57.0/24 gateway=172.21.12.1
add comment=local distance=1 dst-address=192.168.6.0/24 gateway=10.6.0.2
/ip route rule
add src-address=46.52.166.70/32 table=isp2
add src-address=91.225.192.194/32 table=isp1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set allow-disable-external-interface=no
/ppp aaa
set use-radius=yes
/ppp secret
add
name=sysadm@supersm.lan password="nt[ybr275" profile=vpnserverhome \
service=pptp
add
name=litvinchouk@supersm.lan password=CegthVfhrtn275 profile=\
vpnserverhome service=pptp
add
name=loseva@supersm.lan password=CegthVfhrtn275 profile=vpnserverhome \
service=pptp
add
name=szv1@supersm.lan password=szv1@supersm.lan profile=vpnserverhome \
service=pptp
add
name=szv2@supersm.lan password=szv2@supersm.lan profile=vpnserverhome \
service=pptp
add
name=szv3@supersm.lan password=szv3@supersm.lan profile=vpnserverhome \
service=pptp
add
name=szv4@supersm.lan password=szv4@supersm.lan profile=vpnserverhome \
service=pptp
add
name=e_supryaga@supersm.lan password=e_supryaga@supersm.lan profile=\
vpnserverhome service=pptp
/radius
add address=192.168.6.6 secret=12345678 service=ppp
/radius incoming
set accept=yes
/routing filter
add action=accept chain=ospf-in
add action=accept chain=ospf-out prefix=192.168.6.0/24
add action=discard chain=ospf-out
/routing ospf interface
add authentication=md5 authentication-key=cisco interface=Tunnel0 \
network-type=point-to-point
add interface=local network-type=broadcast passive=yes
add authentication=md5 authentication-key=cisco cost=20 interface=Tunnel1 \
network-type=point-to-point
add authentication=md5 authentication-key=cisco cost=20 interface=Tunnel2 \
network-type=point-to-point
/routing ospf network
add area=backbone network=172.21.12.0/28
add area=backbone network=10.6.0.0/30
/system clock
set time-zone-name=Asia/Vladivostok
/system identity
set name=37K_radionribor
/system ntp client
set enabled=yes mode=unicast primary-ntp=169.229.70.201 secondary-ntp=\
169.229.70.201
/system scheduler
add interval=2d name=schedule1 on-event="/system script run backup" policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=mar/26/2014 start-time=10:00:00
/system script
add name=backup policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="/system backup save name=[/system identity get name]\r\
\n/delay 5\r\
\n/tool e-mail send file=\"\$[/system identity get name].backup\" to=\"bac\
kup@supersm.ru\" body=\"Backup complete \$[/system identity get name] in \
\$[/system clock get time]\" subject=\"\$[/system identity get name] \$[/s\
ystem clock get time] \$[/system clock get date] Backup\""
/tool e-mail
set address=91.225.193.131
from=backup@supersm.ru last-status=succeeded \
password=CegthVfhrtn
user=backup@supersm.ru/tool netwatch
add down-script=\
"ip route set [find comment=\"Default Gateway\"] gateway=46.52.166.69" \
host=8.8.4.4 up-script=\
"ip route set [find comment=\"Default Gateway\"] gateway= 91.225.192.193"
/tool user-manager router
add customer=admin disabled=yes ip-address=127.0.0.1 log=\
auth-ok,auth-fail,acct-ok,acct-fail name=router1 shared-secret=123456 \
use-coa=no
add coa-port=1700 customer=admin disabled=no ip-address=192.168.6.6 log=\
auth-ok,auth-fail,acct-ok,acct-fail name=router2 shared-secret=12345678 \
use-coa=no
/tool user-manager user
add customer=admin disabled=no ip-address=10.7.19.2 name=user1 password=user1 \
shared-users=1 wireless-enc-algo=none wireless-enc-key="" wireless-psk=""