Jump to content

Mikrotik RB2011UAS-2HDN-IN и Huawei 3372 от Виваком


M4D3V1L
 Share

Recommended Posts

Здравейте, свързах горепосочените у-ва и микротика си откри всичко като хората, но когато пробвам да пингна 8.8.8.8 например timeout-ва и дава 192.168.8.100 като unreachable.Какво пропускам?
image.png.c78e63370c87a309727768a03445be92.pngimage.png.d3bc4b57f4bb5d09a5f7a07a8d42d222.pngimage.png.799d22eb676e3afd324ac55a84fa5d41.pngimage.png.0103d9b9663a80a3fabe28bacce106c8.png

image.thumb.png.688e47b4850fdd05be8c83eb39e65f29.png

Edited by M4D3V1L
Link to comment
Share on other sites

  • Administrator

Без експорт на конфигурацията няма как да се разбере.

синия цвят = неактивно правило или такова с нисък приоритет.

Харесай поста ^^^
acer.gif htc.gifsigpic4024_2.gif

Форумът е за взаимопомощ а не за свършване на чужда работа


ɹɐǝɥ uɐɔ noʎ ǝɹoɯ ǝɥʇ 'ǝɯoɔǝq noʎ ɹǝʇǝınb ǝɥʇ

Link to comment
Share on other sites

На 1.06.2020 г. at 8:47, 111111 написа:

Без експорт на конфигурацията няма как да се разбере.

синия цвят = неактивно правило или такова с нисък приоритет.

/interface lte
set [ find ] mac-address=0C:5B:8F:27:9A:64 name=lte1
/interface bridge
add admin-mac=D4:CA:6D:31:F3:9E auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether7 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
     wpa2-pre-shared-key=
add authentication-types=wpa2-psk eap-methods="" management-protection=\
    allowed mode=dynamic-keys name=siso supplicant-identity="" \
    wpa2-pre-shared-key=
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=20/40mhz-eC \
    country=bulgaria distance=indoors frequency=2472 installation=indoor \
    mode=ap-bridge preamble-mode=short security-profile=siso ssid=\
    mikrotikwifi wireless-protocol=802.11 wmm-support=enabled wps-mode=\
    disabled
/ip ipsec profile
add enc-algorithm=aes-256,aes-192,3des name=profile_1
/ip ipsec peer
# This entry is unreachable
add name=peer2 passive=yes profile=profile_1
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,3des pfs-group=none
/ip pool
add name=default-dhcp ranges=192.168.5.2-192.168.5.254
add name=L2TP ranges=10.8.0.2-10.8.0.100
add comment=LTE name=LTE ranges=192.168.8.2-192.168.8.150
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=LAN
/ip ipsec mode-config
add address-pool=L2TP name=vpndhcp system-dns=no
/ppp profile
set *FFFFFFFE dns-server=8.8.8.8 local-address=192.168.5.1 remote-address=\
    L2TP use-encryption=required use-mpls=yes
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set authentication=mschap2 enabled=yes ipsec-secret= use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.5.1/24 comment=defconf interface=bridge network=\
    192.168.5.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
add default-route-distance=2 disabled=no interface=lte1
/ip dhcp-server network
add address=192.168.5.0/24 comment=LAN dns-server=1.1.1.1,1.0.0.1 gateway=\
    192.168.5.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input in-interface=lte1
add action=accept chain=input comment="Allow UDP VPN 1" dst-port=500 \
    in-interface=ether1 protocol=udp
add action=accept chain=input comment="Allow VPN 2" connection-state=new \
    dst-port=1701 in-interface=ether1 protocol=udp
add action=accept chain=input comment="Allow VPN 3" dst-port=4500 \
    in-interface=ether1 protocol=udp
add action=accept chain=forward in-interface=ether1 protocol=ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=lte1
/ip ipsec identity
# Wrong mode-config
# address ID must be used in main mode or use my-id=auto!
add generate-policy=port-override mode-config=request-only my-id=user-fqdn \
    peer=peer2 remote-id=ignore secret=
/ip service
set telnet disabled=yes
set ftp disabled=yes
/ip traffic-flow
set enabled=yes
/lcd
set backlight-timeout=20m
/port firmware
set directory=pub
/system clock
set time-zone-name=Europe/Sofia
/system routerboard usb
set usb-mode=force-host
/tool graphing interface
add interface=bridge store-on-disk=no
add interface=ether2 store-on-disk=no
add interface=ether3 store-on-disk=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool traffic-monitor
add interface=ether1 name=tmon1 threshold=0


 

Link to comment
Share on other sites

  • Administrator

При дистанция 2 няма тръгне нормално.

Имаш нещо с по висок приоритет.

Харесай поста ^^^
acer.gif htc.gifsigpic4024_2.gif

Форумът е за взаимопомощ а не за свършване на чужда работа


ɹɐǝɥ uɐɔ noʎ ǝɹoɯ ǝɥʇ 'ǝɯoɔǝq noʎ ɹǝʇǝınb ǝɥʇ

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.