M4D3V1L Posted May 31, 2020 Report Share Posted May 31, 2020 (edited) Здравейте, свързах горепосочените у-ва и микротика си откри всичко като хората, но когато пробвам да пингна 8.8.8.8 например timeout-ва и дава 192.168.8.100 като unreachable.Какво пропускам? Edited May 31, 2020 by M4D3V1L Link to comment Share on other sites More sharing options...
Administrator 111111 Posted June 1, 2020 Administrator Report Share Posted June 1, 2020 Без експорт на конфигурацията няма как да се разбере. синия цвят = неактивно правило или такова с нисък приоритет. Харесай поста ^^^ Форумът е за взаимопомощ а не за свършване на чужда работа ɹɐǝɥ uɐɔ noʎ ǝɹoɯ ǝɥʇ 'ǝɯoɔǝq noʎ ɹǝʇǝınb ǝɥʇ Link to comment Share on other sites More sharing options...
M4D3V1L Posted June 1, 2020 Author Report Share Posted June 1, 2020 На 1.06.2020 г. at 8:47, 111111 написа: Без експорт на конфигурацията няма как да се разбере. синия цвят = неактивно правило или такова с нисък приоритет. /interface lte set [ find ] mac-address=0C:5B:8F:27:9A:64 name=lte1 /interface bridge add admin-mac=D4:CA:6D:31:F3:9E auto-mac=no comment=defconf name=bridge /interface ethernet set [ find default-name=ether1 ] speed=100Mbps set [ find default-name=ether2 ] speed=100Mbps set [ find default-name=ether3 ] speed=100Mbps set [ find default-name=ether4 ] speed=100Mbps set [ find default-name=ether5 ] speed=100Mbps set [ find default-name=ether6 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full set [ find default-name=ether7 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full set [ find default-name=ether8 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full set [ find default-name=ether9 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full set [ find default-name=ether10 ] advertise=\ 10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\ dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\ wpa2-pre-shared-key= add authentication-types=wpa2-psk eap-methods="" management-protection=\ allowed mode=dynamic-keys name=siso supplicant-identity="" \ wpa2-pre-shared-key= /interface wireless set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=20/40mhz-eC \ country=bulgaria distance=indoors frequency=2472 installation=indoor \ mode=ap-bridge preamble-mode=short security-profile=siso ssid=\ mikrotikwifi wireless-protocol=802.11 wmm-support=enabled wps-mode=\ disabled /ip ipsec profile add enc-algorithm=aes-256,aes-192,3des name=profile_1 /ip ipsec peer # This entry is unreachable add name=peer2 passive=yes profile=profile_1 /ip ipsec proposal set [ find default=yes ] enc-algorithms=aes-256-cbc,3des pfs-group=none /ip pool add name=default-dhcp ranges=192.168.5.2-192.168.5.254 add name=L2TP ranges=10.8.0.2-10.8.0.100 add comment=LTE name=LTE ranges=192.168.8.2-192.168.8.150 /ip dhcp-server add address-pool=default-dhcp disabled=no interface=bridge name=LAN /ip ipsec mode-config add address-pool=L2TP name=vpndhcp system-dns=no /ppp profile set *FFFFFFFE dns-server=8.8.8.8 local-address=192.168.5.1 remote-address=\ L2TP use-encryption=required use-mpls=yes /user group set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\ sword,web,sniff,sensitive,api,romon,dude,tikapp" /interface bridge port add bridge=bridge comment=defconf interface=ether2 add bridge=bridge comment=defconf interface=ether3 add bridge=bridge comment=defconf interface=ether4 add bridge=bridge comment=defconf interface=ether5 add bridge=bridge comment=defconf interface=ether6 add bridge=bridge comment=defconf interface=ether7 add bridge=bridge comment=defconf interface=ether8 add bridge=bridge comment=defconf interface=ether9 add bridge=bridge comment=defconf interface=sfp1 add bridge=bridge comment=defconf interface=wlan1 /ip neighbor discovery-settings set discover-interface-list=LAN /interface l2tp-server server set authentication=mschap2 enabled=yes ipsec-secret= use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 list=WAN /ip address add address=192.168.5.1/24 comment=defconf interface=bridge network=\ 192.168.5.0 /ip dhcp-client add comment=defconf disabled=no interface=ether1 add default-route-distance=2 disabled=no interface=lte1 /ip dhcp-server network add address=192.168.5.0/24 comment=LAN dns-server=1.1.1.1,1.0.0.1 gateway=\ 192.168.5.1 /ip dns set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1 /ip dns static add address=192.168.88.1 name=router.lan /ip firewall filter add action=accept chain=input in-interface=lte1 add action=accept chain=input comment="Allow UDP VPN 1" dst-port=500 \ in-interface=ether1 protocol=udp add action=accept chain=input comment="Allow VPN 2" connection-state=new \ dst-port=1701 in-interface=ether1 protocol=udp add action=accept chain=input comment="Allow VPN 3" dst-port=4500 \ in-interface=ether1 protocol=udp add action=accept chain=forward in-interface=ether1 protocol=ipsec-esp add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN add action=masquerade chain=srcnat out-interface=lte1 /ip ipsec identity # Wrong mode-config # address ID must be used in main mode or use my-id=auto! add generate-policy=port-override mode-config=request-only my-id=user-fqdn \ peer=peer2 remote-id=ignore secret= /ip service set telnet disabled=yes set ftp disabled=yes /ip traffic-flow set enabled=yes /lcd set backlight-timeout=20m /port firmware set directory=pub /system clock set time-zone-name=Europe/Sofia /system routerboard usb set usb-mode=force-host /tool graphing interface add interface=bridge store-on-disk=no add interface=ether2 store-on-disk=no add interface=ether3 store-on-disk=no /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN /tool traffic-monitor add interface=ether1 name=tmon1 threshold=0 Link to comment Share on other sites More sharing options...
Administrator 111111 Posted June 2, 2020 Administrator Report Share Posted June 2, 2020 При дистанция 2 няма тръгне нормално. Имаш нещо с по висок приоритет. Харесай поста ^^^ Форумът е за взаимопомощ а не за свършване на чужда работа ɹɐǝɥ uɐɔ noʎ ǝɹoɯ ǝɥʇ 'ǝɯoɔǝq noʎ ɹǝʇǝınb ǝɥʇ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now