RB4011

RB4011
mail@pastecode.io avatar
unknown
abap
2 years ago
3.4 kB
1
Indexable
Never
# jan/26/2022 14:29:24 by RouterOS 7.2rc1
# software id = PQS2-CRFZ
#
# model = RB4011iGS+
# serial number = 968A09CCB430
/interface bridge
add name=bridge_LAN
/interface ethernet
set [ find default-name=ether1 ] name=ether1_WAN
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface pppoe-client
add add-default-route=yes allow=chap,mschap1,mschap2 disabled=no interface=\
    ether1_WAN name=pppoe-out1 use-peer-dns=yes user=fiberway-test-dt
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=AP
add authentication-types=wpa-psk,wpa2-psk management-protection=allowed mode=\
    dynamic-keys name=WPA2 supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=10.0.1.20-10.0.1.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=bridge_LAN name=dhcp1
/port
set 0 name=serial0
set 1 name=serial1
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
    ord,web,sniff,sensitive,api,romon,dude,rest-api"
/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \
    identity="76416aedbe:0:b026bb6082f4e7b373a5ccda95975351fdf5accdb4e95bcfb4e67\
    976be4fb218365a85216fe6672915bfa5c05e6a15f2d3dcac42c577086ba20c0c563ff5e22c:\
    0efa4fba9275e78da50d634baf9cdae8b3e8f923091eabde395ec6a194429eed7f3559e732b3\
    24cb2f8b68137cfb8c751ae6e98ae5df31b4cccd34c616cbf181" name=zt1 port=9993
/zerotier interface
add disabled=no instance=zt1 mac-address=E2:1A:4F:60:2C:7B name=zerotier1 \
    network=a84ac5c10a0e6ce3
/interface bridge port
add bridge=bridge_LAN disabled=yes interface=ether2
add bridge=bridge_LAN interface=ether3
add bridge=bridge_LAN interface=ether4
add bridge=bridge_LAN interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
add allowed-address=0.0.0.0/0 interface=wireguard1 public-key=\
    "aGExteY1ssD4NsnFWt2p9M8BJlprbpiEOR4hvLe/pWs="
/ip address
add address=10.0.77.1/24 interface=bridge_LAN network=10.0.77.0
add address=10.0.0.1/24 interface=wireguard1 network=10.0.0.0
/ip dhcp-client
add interface=ether1_WAN
/ip dhcp-server network
add address=10.0.1.0/24 gateway=10.0.1.1
/ip dns
set allow-remote-requests=yes servers=91.218.211.210,91.218.203.61
/ip firewall filter
add action=accept chain=input dst-port=13231 in-interface=wireguard1 protocol=\
    udp
add action=accept chain=forward in-interface=zerotier1
add action=accept chain=input in-interface=zerotier1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat dst-address=10.0.0.0/24
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp
set enabled=yes
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=cpe-fiberway-test-dt
/system package update
set channel=testing
/system resource irq rps
set sfp-sfpplus1 disabled=no