# installed-version: 7.19.4 # Flags: U - UNDOABLE # Columns: ACTION, BY, POLICY, TIME # ACTION BY POLICY TIME # U address list entry added otufanov write 2026-03-17 14:25:15 # U nat rule changed otufanov write 2026-02-18 14:29:00 # U nat rule changed otufanov write 2026-02-18 14:27:58 # U nat rule changed otufanov write 2026-02-10 12:45:35 # # 2026-03-26 05:10:15 by RouterOS 7.19.4 # software id = G353-EXPG # /interface ethernet set [ find default-name=ether1 ] advertise="10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,2.5G-baseT,5G-baseT,10G-baseT" comment=UpLink set [ find default-name=ether2 ] advertise="10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,2.5G-baseT,5G-baseT,10G-baseT" comment=Downlink /interface wireguard add listen-port=51820 mtu=1420 name=wg-core-a private-key="+ENImitqxkhoc7+8oSLJEHhkB4JF/AgYpdqDFc95nHQ=" add listen-port=51821 mtu=1420 name=wg-core-b private-key="KJidiv6Eqc16npIHuHCcvfKO4AiSPsH1ijUqRZXtR2I=" add listen-port=51822 mtu=1420 name=wg-core-c private-key="UAqPL1BcIIlfVEdHXWwkxa+HKnBmoJ+p5XZANFl0iF0=" /interface vlan add interface=ether1 name=vlan15-backbone vlan-id=15 /interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip smb users set [ find default=yes ] disabled=yes /port set 0 name=serial0 /ppp profile add change-tcp-mss=yes name=l2tp-profile only-one=yes use-compression=no use-encryption=yes use-mpls=no use-upnp=no add change-tcp-mss=yes name=profile-pptp only-one=yes use-compression=no use-encryption=no use-mpls=no use-upnp=no add change-tcp-mss=yes name=profile-ovpn only-one=yes use-compression=no use-encryption=yes use-mpls=no use-upnp=no add change-tcp-mss=yes name=profile-l2tp only-one=yes use-compression=no use-encryption=yes use-ipv6=no use-mpls=no use-upnp=no /interface l2tp-client add allow=mschap2 allow-fast-path=yes connect-to=77.52.70.178 disabled=no ipsec-secret=laidahraecheegae3Oyo keepalive-timeout=30 mrru=1600 name=l2tp-magyr password=Hae4airoj9ohSho profile=l2tp-profile src-address=95.46.108.3 use-ipsec=yes user=monitor add allow=mschap2 allow-fast-path=yes connect-to=93.170.114.26 disabled=no ipsec-secret=vahfooGhiX4eevieTo2e keepalive-timeout=30 mrru=1600 name=l2tp-typhoon password=saphoh1ua9Aing4 profile=l2tp-profile src-address=95.46.108.3 use-ipsec=yes user=monitor /routing bgp template set default disabled=no output.network=bgp-networks /routing ospf instance add disabled=no name=default-v2 /routing ospf area add disabled=yes instance=default-v2 name=backbone-v2 /snmp community set [ find default=yes ] disabled=yes add addresses=::/0 name=aiteepho0ooT8oo /system logging action set 3 remote=100.127.255.253 remote-log-format=syslog src-address=100.127.255.249 syslog-facility=local0 /ip firewall connection tracking set udp-timeout=10s /ip neighbor discovery-settings set discover-interface-list=none protocol="" /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 soft-max-neighbor-entries=8191 /interface l2tp-server server set authentication=mschap2 caller-id-type=number default-profile=profile-IPsec enabled=yes ipsec-secret=aev0iocai1zei7neeFu2 one-session-per-host=yes use-ipsec=yes /interface ovpn-server server add auth=sha1,md5 mac-address=FE:52:0E:E9:C9:26 name=ovpn-server1 /interface wireguard peers add allowed-address=192.168.0.0/16,192.168.5.8/30,100.127.255.248/29 endpoint-address=core2.strans.info endpoint-port=51831 interface=wg-core-b name=wg-core-b persistent-keepalive=25s public-key="EgEjbSc329i/+nOV0t3th+QnbTEs2uyX13b1LXbBUxs=" add allowed-address=192.168.0.0/16,192.168.5.4/30,100.127.255.248/29 endpoint-address=core1.strans.info endpoint-port=51830 interface=wg-core-a name=wg-core-a persistent-keepalive=25s public-key="WbHMBK5Pyq4tT1czKSY+mG/zx/ApsZEO095li9cSn1M=" add allowed-address=100.127.255.248/28,192.168.5.12/30,192.168.0.0/16 endpoint-address=chr.strans.info endpoint-port=51832 interface=wg-core-c name=wg-chr-c persistent-keepalive=25s public-key="Hv1tvfUAllYBIgCwlXhvnaIT37CU4t2XekpDA2EhPjE=" /ip address add address=95.46.108.3/26 comment=Backbone interface=ether1 network=95.46.108.0 add address=100.127.255.249/29 comment=iNT_interface interface=ether2 network=100.127.255.248 add address=192.168.5.6/30 comment=wg-core interface=wg-core-a network=192.168.5.4 add address=192.168.5.10/30 comment=wg-core-b interface=wg-core-b network=192.168.5.8 add address=192.168.5.14/30 interface=wg-core-c network=192.168.5.12 /ip dns set allow-remote-requests=yes servers=8.8.8.8 /ip firewall address-list add address=95.46.108.0/24 list=adm add address=185.17.127.74 list=adm add address=95.47.136.14 list=adm add address=100.127.255.248/29 list=adm add address=37.54.205.52 list=syslog_hosts add address=213.174.0.2 list=adm add address=176.98.95.206 list=syslog_hosts add address=95.47.136.9 list=adm add address=home.2funoff.com list=adm add address=213.174.0.14 list=adm /ip firewall filter add action=accept chain=input comment=ICMP protocol=icmp add action=drop chain=forward connection-nat-state="" dst-address=100.127.255.254 src-address=213.174.0.5 add action=accept chain=forward comment=DIC connection-state=related add action=accept chain=forward connection-state=established add action=accept chain=input connection-state=related add action=accept chain=input connection-state=established add action=accept chain=input comment=IPsec dst-port=500,1701,4500 protocol=udp add action=accept chain=input comment=wg-core dst-port=51820-51823 protocol=udp add action=accept chain=input comment=adm src-address-list=adm add action=drop chain=input connection-nat-state=!dstnat add action=accept chain=forward comment=typ dst-address=100.127.255.248/29 src-address=100.64.1.0/24 add action=accept chain=forward comment=KPP dst-address=100.127.255.248/29 src-address=192.168.12.0/24 add action=accept chain=forward comment=magyr dst-address=100.127.255.248/29 src-address=100.65.1.0/24 add action=accept chain=forward dst-address=100.127.255.248/29 src-address=100.65.0.0/30 add action=accept chain=forward comment=forward_ src-address=100.127.255.248/29 add action=accept chain=forward dst-address=100.127.255.248/29 add action=drop chain=forward /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 src-address=100.127.255.252/30 add action=dst-nat chain=dstnat comment=SSH dst-address=95.46.108.3 dst-port=22 protocol=tcp src-address-list=adm to-addresses=100.127.255.254 to-ports=22 add action=dst-nat chain=dstnat comment=NFS dst-address=95.46.108.3 dst-port=111,2049,20048,20049 protocol=tcp src-address-list=adm to-addresses=100.127.255.254 add action=dst-nat chain=dstnat dst-address=95.46.108.3 dst-port=2049 protocol=udp src-address-list=adm to-addresses=100.127.255.254 add action=dst-nat chain=dstnat comment=WEB dst-address=95.46.108.3 dst-port=80,443 protocol=tcp to-addresses=100.127.255.254 add action=dst-nat chain=dstnat comment=syslog dst-address=95.46.108.3 dst-port=514 protocol=udp src-address-list=syslog_hosts to-addresses=100.127.255.253 add action=dst-nat chain=dstnat dst-address=95.46.108.3 dst-port=514 protocol=tcp to-addresses=100.127.255.254 add action=dst-nat chain=dstnat comment=TMP_syslog dst-address=95.46.108.3 dst-port=514 protocol=udp src-address=185.17.127.74 to-addresses=100.127.255.253 add action=dst-nat chain=dstnat dst-address=95.46.108.3 dst-port=514 protocol=tcp src-address=185.17.127.74 to-addresses=100.127.255.253 add action=dst-nat chain=dstnat comment=MailServer dst-address=95.46.108.3 dst-port=25,110,143,465,587,993,995 protocol=tcp to-addresses=100.127.255.254 /ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5 /ip route add disabled=no dst-address=0.0.0.0/0 gateway=95.46.108.1 add check-gateway=ping comment=typhoon disabled=no dst-address=100.64.1.0/24 gateway=100.64.0.5 add comment=magyr disabled=no dst-address=100.65.1.0/24 gateway=100.65.0.1 add disabled=no dst-address=94.179.144.190/32 gateway=100.65.0.1 pref-src=100.65.0.2 add check-gateway=ping comment=s-trans disabled=no dst-address=192.168.0.0/16 gateway=192.168.5.5 add check-gateway=ping comment=s-trans disabled=no distance=3 dst-address=192.168.0.0/16 gateway=192.168.5.9 add check-gateway=ping comment=s-trans-chr disabled=no distance=10 dst-address=192.168.0.0/16 gateway=192.168.5.13 /ip service set ftp disabled=yes set www port=8080 set www-ssl certificate=mikroTik.ca.cert.pem_0 port=8080 set api disabled=yes set api-ssl disabled=yes set ssh port=52222 /ip smb shares set [ find default=yes ] directory=/pub /ppp profile add bridge=*3 change-tcp-mss=yes dns-server=172.16.30.1 local-address=172.16.30.1 name=profile-IPsec only-one=yes use-compression=no use-encryption=yes use-mpls=no use-upnp=no /routing bfd configuration add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5 /snmp set contact=admin@2funoff.com enabled=yes location=proxmox /system clock set time-zone-name=Europe/Kiev /system identity set name="gw #2funOFF" /system logging add action=remote topics=critical add action=remote topics=error add action=remote topics=info add action=remote topics=warning /system ntp client set enabled=yes /system ntp client servers add address=0.ua.pool.ntp.org add address=1.ua.pool.ntp.org /tool bandwidth-server set authenticate=no enabled=no /tool mac-server set allowed-interface-list=none /tool mac-server mac-winbox set allowed-interface-list=none /tool mac-server ping set enabled=no