Обнаружена блокировка рекламы: Наш сайт существует благодаря показу онлайн-рекламы нашим посетителям. Пожалуйста, подумайте о поддержке нас, отключив блокировщик рекламы на нашем веб-сайте.
Обсуждение оборудования и его настройки
svetogor82
Сообщения: 167 Зарегистрирован: 17 апр 2014, 10:44
17 апр 2014, 11:30
1. Суть проблемы - ospf не раздается в туннель
2. Что было предпринято - настроен ospf
3. Конфигурация микротика
Код: Выделить всё
> export compact # apr/17/2014 11:41:26 by RouterOS 6.12 # software id = J46A-68XZ # /interface gre add local-address=1.1.1.5 name=gre-tunnel10 remote-address=2.2.2.2 /ip hotspot user profile set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \ mac-cookie-timeout=3d /ip ipsec proposal set [ find default=yes ] auth-algorithms=md5 enc-algorithms=3des /port set 0 name=serial0 set 1 name=serial1 /routing ospf area set [ find default=yes ] disabled=yes /routing ospf instance set [ find default=yes ] disabled=yes redistribute-connected=as-type-2 \ router-id=10.0.90.25 add disabled=yes name=ospf1 router-id=172.16.0.17 /routing ospf area add area-id=0.0.0.10 instance=ospf1 name=area1 /ip address add address=1.1.1.5/24 comment="default configuration" interface=ether1 \ network=1.1.1.0 add address=172.16.0.17/16 interface=ether2 network=172.16.0.0 add address=10.0.90.25/30 interface=gre-tunnel10 network=10.0.90.24 /ip dns set servers=172.16.0.5 /ip firewall filter add action=drop chain=input comment=drop_all disabled=yes in-interface=ether1 \ protocol=tcp add action=drop chain=input disabled=yes in-interface=ether1 protocol=udp add chain=output comment=out protocol=udp add chain=output protocol=tcp add chain=input comment="Allow IPSec-esp" protocol=ipsec-esp add chain=input comment="Allow IKE" dst-port=500 protocol=udp add chain=input comment="Allow IPSec-ah" protocol=ipsec-ah add chain=input comment=icp_input protocol=icmp add chain=input comment=ssh dst-port=22 protocol=tcp add chain=input comment=www dst-port=80 protocol=tcp add chain=input dst-port=443 protocol=tcp add chain=input comment="access to winbox" dst-port=8291 in-interface=ether1 \ protocol=tcp add chain=input dst-port=8291 in-interface=ether2 protocol=tcp add chain=input connection-state=new dst-port=8291,65522 protocol=tcp add chain=input comment=dns dst-port=53 in-interface=all-ethernet protocol=\ udp add chain=input dst-port=53 in-interface=all-ethernet protocol=tcp add chain=input connection-state=established add chain=input connection-state=related add chain=input dst-port=1723 protocol=tcp add chain=input dst-port=22 protocol=tcp add action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=3h chain=input connection-state=new dst-port=22 \ protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 \ address-list-timeout=1m chain=input connection-state=new dst-port=22 \ protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 \ address-list-timeout=1m chain=input connection-state=new dst-port=22 \ protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 \ address-list-timeout=1m chain=input connection-state=new dst-port=22 \ protocol=tcp add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \ protocol=tcp src-address-list=ftp_blacklist add chain=output content="530 Login incorrect" dst-limit=\ 1/1m,9,dst-address/1m protocol=tcp add action=add-dst-to-address-list address-list=ftp_blacklist \ address-list-timeout=1h chain=output content="530 Login incorrect" \ protocol=tcp /ip ipsec peer add address=2.2.2.2/32 enc-algorithm=3des hash-algorithm=md5 secret=\ "pass" /ip route add distance=1 gateway=91.216.48.1 add distance=1 dst-address=10.0.90.26/32 gateway=gre-tunnel10 /ip upnp set allow-disable-external-interface=no /lcd interface set sfp-sfpplus1 interface=sfp-sfpplus1 set sfp-sfpplus2 interface=sfp-sfpplus2 set ether1 interface=ether1 set ether2 interface=ether2 set ether3 interface=ether3 set ether4 interface=ether4 set ether5 interface=ether5 set ether6 interface=ether6 set ether7 interface=ether7 set ether8 interface=ether8 /routing ospf interface add cost=700 interface=gre-tunnel10 network-type=broadcast priority=0 /routing ospf network add area=area1 network=172.16.0.0/16 /system clock set time-zone-name=Europe/Moscow /system leds set 0 type=interface-speed set 2 type=interface-speed /system ntp client set enabled=yes mode=unicast primary-ntp=194.149.67.129 secondary-ntp=\
4. С документацией и мануалами ознакомлен, ответа не нашел.