# model: RB750Gr3 # serial-number: 8AFF0B9462C2 # firmware-type: mt7621L # current-firmware: 6.46.8 # installed-version: 6.46.8 # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # U device changed oleksiit write # U device changed oleksiit write # U nat rule changed oleksiit write # U nat rule added oleksiit write # U filter rule changed oleksiit write # U device changed oleksiit write # U device changed oleksiit write # U filter rule changed oleksiit write # U device changed oleksiit write # U device changed oleksiit write # U address list entry added oleksiit write # U dhcp lease changed oleksiit write # U device changed oleksiit write # U device changed oleksiit write # U device changed oleksiit write # U dhcp lease changed oleksiit write # U dhcp lease changed oleksiit write # U dhcp lease changed oleksiit write # U dhcp lease changed oleksiit write # U dhcp lease added oleksiit write # U dhcp lease added oleksiit write # U dhcp lease added oleksiit write # U dhcp lease added oleksiit write # U pool dhcp_pool7 changed oleksiit write # U dhcp lease added oleksiit write # U dhcp lease added oleksiit write # U dhcp lease changed oleksiit write # U dhcp lease changed oleksiit write # U device changed oleksiit write # U device changed oleksiit write # U device changed oleksiit write # U dhcp lease changed oleksiit write # U RoMON configuration changed oleksiit write # U bandwidth-server changed oleksiit write # U dhcp server dhcp2 added oleksiit write # U dhcp network added oleksiit write # U pool dhcp_pool7 added oleksiit write # U address changed oleksiit write # U nat rule changed oleksiit write # U nat rule changed oleksiit write # U nat rule changed oleksiit write # U nat rule moved oleksiit write # U nat rule added oleksiit write # U nat rule moved oleksiit write # U nat rule added oleksiit write # U ppp secret changed oleksiit write # U ppp secret changed oleksiit write # U RoMON configuration changed oleksiit write # U route added oleksiit write # U nat rule added oleksiit write # U nat rule moved oleksiit write # U nat rule moved oleksiit write # U route added oleksiit write # U nat rule added oleksiit write # U bridge port changed oleksiit write # U device added oleksiit write # U bridge port changed oleksiit write # U address changed oleksiit write # U address changed oleksiit write # U address changed oleksiit write # U address changed oleksiit write # U address changed oleksiit write # U device removed oleksiit write # U bridge port changed oleksiit write # U address changed oleksiit write # U device changed oleksiit write # U device changed oleksiit write # U address list entry added oleksiit write # U address changed oleksiit write # U bridge port added oleksiit write # U bridge port added oleksiit write # U device added oleksiit write # U device added oleksiit write # U device changed oleksiit write # U device added oleksiit write # U address changed oleksiit write # U address added oleksiit write # U device added oleksiit write # U nat rule added oleksiit write # U nat rule changed oleksiit write # U nat rule changed oleksiit write # U nat rule added oleksiit write # U nat rule changed oleksiit write # U nat rule changed oleksiit write # U filter rule removed oleksiit write # U SSTP Server settings changed oleksiit write # U SSTP Server settings changed oleksiit write # U filter rule changed oleksiit write # U filter rule changed oleksiit write # U nat rule changed oleksiit write # U nat rule changed oleksiit write # U address list entry removed oleksiit write # U user oxidized added oleksiit write # policy # U item changed oleksiit write # U nat rule changed oleksiit write # U nat rule changed oleksiit write # U nat rule changed oleksiit write # U ip service changed oleksiit write # U ip service changed oleksiit write # # software id = F745-D2Q4 # # model = RB750Gr3 # serial number = 8AFF0B9462C2 /interface bridge add name=bridge-3791-mgnt-yar add admin-mac=4C:5E:0C:F9:F3:BE auto-mac=no comment="created from master port" name=bridge1 protocol-mode=none add fast-forward=no name=bridge_gim.lan protocol-mode=none add disabled=yes fast-forward=no name=null /interface ethernet set [ find default-name=ether1 ] comment=sicupa72.g0/3 /interface l2tp-server add name=l2tp-lan2lan-otufanov user=lan2lan-otufanov add name=lan2lan-R1 user=lan2lan-R1 /interface pptp-server add disabled=yes name=lan2lan-muk user=lan2lan-muk add disabled=yes name=lan2lan-otufanov user=lan2lan-otufanov add name=lan2lan-vas user=lan2lan-vas /interface eoip add keepalive=3s,3 local-address=95.47.136.14 mac-address=FE:A9:E6:A6:43:C1 mtu=1600 name=eoip-R1 remote-address=213.174.0.14 tunnel-id=22 add keepalive=3s,3 local-address=95.47.136.14 mac-address=FE:3C:4F:00:10:79 mtu=1600 name=eoip-UZ remote-address=194.213.105.85 tunnel-id=9 add !keepalive local-address=95.47.136.14 mac-address=FE:80:BB:DF:26:B0 mtu=1600 name=eoip-alext remote-address=77.120.35.170 tunnel-id=10 add disabled=yes keepalive=3s,3 local-address=95.47.136.14 mac-address=02:8C:30:4E:8C:3E mtu=1600 name=eoip-avers remote-address=185.96.188.34 tunnel-id=4 add keepalive=3s,3 local-address=95.47.136.14 mac-address=FE:8F:4C:63:4A:10 mtu=1600 name=eoip-chop remote-address=194.213.105.5 tunnel-id=5 add keepalive=10s,3 local-address=95.47.136.14 mac-address=FE:4D:06:EE:1E:FD mtu=1600 name=eoip-gIr remote-address=93.170.114.26 tunnel-id=3 add allow-fast-path=no keepalive=10s,3 local-address=95.47.136.14 mac-address=FE:4F:2F:4D:3F:EA name=eoip-tunnel-KPP remote-address=82.207.107.235 tunnel-id=1 add keepalive=3s,3 local-address=95.47.136.14 mac-address=02:EC:B9:5F:EF:40 mtu=1600 name=eoip-yar-mgnt remote-address=194.44.208.70 tunnel-id=8 /interface vlan add interface=ether5 name=12-dol.hard vlan-id=12 add interface=ether1 name=13-dro.orion vlan-id=13 add interface=ether1 name=14-stb.mgnt vlan-id=14 add interface=ether1 name=16-nk vlan-id=16 add interface=ether1 name=19-r2 vlan-id=19 add disabled=yes interface=ether1 name=50-radius vlan-id=50 add interface=ether1 name=52-rad vlan-id=52 add interface=ether1 name=70-sidor.mgnt vlan-id=70 add interface=ether5 name=407_mitris.lan vlan-id=407 add interface=ether1 name=468-gim.tru.vip. vlan-id=468 add interface=ether1 name=695-trnsp vlan-id=695 add interface=ether1 name=1163-onu.mgnt vlan-id=1163 add interface=ether1 name=1167-gim.lvi.vip vlan-id=1167 add interface=ether1 name=1168-MIST vlan-id=1168 add interface=ether1 name=1169-gim.lan vlan-id=1169 add interface=ether1 name=1172-gim.lvi.hard vlan-id=1172 add interface=ether1 name=1174-BACKBONE vlan-id=1174 add interface=ether1 name=1176-gim.serv vlan-id=1176 add interface=ether1 name=1438_dol.serv vlan-id=1438 add interface=ether1 name=1542-trnsp vlan-id=1542 add interface=ether1 name=1854-che.mgnt vlan-id=1854 add interface=ether1 name=1856-che.trnsp vlan-id=1856 add interface=eoip-yar-mgnt name=3791-TRNSP_Yar-eoip vlan-id=3791 add interface=ether1 name=3791-TRNSP_Yar-eth1 vlan-id=3791 /interface list add exclude=dynamic name=discover add name=mac-winbox /ip dhcp-server add authoritative=after-2sec-delay disabled=no interface=1167-gim.lvi.vip lease-time=1d name="DHCP LVI" add authoritative=after-2sec-delay disabled=no interface=468-gim.tru.vip. lease-time=8h name="DHCP TRU statik vip" /ip pool add name="pool LVIV NAT" ranges=172.16.2.5-172.16.2.254 add name="pool MIST" ranges=192.168.20.200/29 add name="pool VPN" ranges=192.168.100.0/24 add name="pool office GIM" ranges=192.168.10.102-192.168.10.150 add name=tmp ranges=10.30.50.70 add name=pool-otufanov ranges=192.168.100.200-192.168.100.205 add name=dhcp_pool6 ranges=10.13.1.150-10.13.1.153 add name=dhcp_pool7 ranges=192.168.55.1-192.168.55.50,192.168.55.60-192.168.55.254 /ip dhcp-server add address-pool="pool office GIM" authoritative=after-2sec-delay disabled=no interface=bridge_gim.lan lease-time=8h name="DHCP office (GIM)" add address-pool="pool MIST" authoritative=after-2sec-delay disabled=no interface=1168-MIST lease-time=1d name="DHCP MIST NAT" add address-pool=dhcp_pool6 disabled=no interface=1172-gim.lvi.hard name=dhcp1 add address-pool=dhcp_pool7 disabled=no interface=407_mitris.lan lease-time=1h name=dhcp2 /ppp profile set *0 dns-server=192.168.10.251 only-one=yes rate-limit=5M/5M use-compression=no use-encryption=no use-mpls=no add name=lan2lan only-one=yes use-compression=yes use-encryption=yes use-mpls=yes add change-tcp-mss=yes dns-server=10.20.1.251 local-address=192.168.10.1 name=profile-SSTP only-one=yes rate-limit=10M/10M use-compression=no use-encryption=yes use-mpls=no use-upnp=no add change-tcp-mss=yes dns-server=192.168.10.251 local-address=192.168.10.1 name=profile-L2TP only-one=yes rate-limit=10M/10M use-compression=no use-encryption=yes use-mpls=no use-upnp=no add change-tcp-mss=yes dns-server=192.168.10.251 local-address=192.168.10.1 name=profile-L2TP_otufanov only-one=no rate-limit=10M/10M remote-address=pool-otufanov use-compression=no use-encryption=yes use-mpls=no use-upnp=no set *FFFFFFFE only-one=yes /routing ospf instance set [ find default=yes ] redistribute-connected=as-type-1 redistribute-other-ospf=as-type-2 router-id=192.168.4.1 add in-filter=ospf-in-2funoff name=ospf-2funoff out-filter=ospf-out-2funoff redistribute-connected=as-type-1 redistribute-other-ospf=as-type-1 redistribute-static=as-type-1 router-id=192.168.4.1 /routing ospf area add instance=ospf-2funoff name=area-2funoff /snmp community set [ find default=yes ] addresses=10.20.1.250/32,10.20.1.11/32,95.46.108.3/32 name=orinoko /user group set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp" /interface bridge port add bridge=bridge_gim.lan interface=1169-gim.lan add bridge=bridge1 hw=no interface=ether4 trusted=yes add bridge=bridge_gim.lan hw=no interface=ether2 trusted=yes add bridge=bridge_gim.lan interface=eoip-alext add bridge=bridge-3791-mgnt-yar interface=3791-TRNSP_Yar-eth1 add bridge=bridge-3791-mgnt-yar interface=3791-TRNSP_Yar-eoip /ip neighbor discovery-settings set discover-interface-list=mac-winbox /interface l2tp-server server set allow-fast-path=yes authentication=mschap2 caller-id-type=number default-profile=profile-L2TP enabled=yes ipsec-secret=siivig8bae8hah0lei7QueibieChiez4wigh4iph keepalive-timeout=20 max-mru=1500 max-mtu=1500 mrru=1600 one-session-per-host=yes use-ipsec=yes /interface list member add interface=eoip-UZ list=discover add interface=ether3 list=mac-winbox add interface=1176-gim.serv list=discover add interface=1169-gim.lan list=discover add interface=bridge_gim.lan list=discover add interface=1176-gim.serv list=mac-winbox add interface=1169-gim.lan list=mac-winbox add interface=1172-gim.lvi.hard list=mac-winbox add interface=3791-TRNSP_Yar-eth1 list=mac-winbox /interface pptp-server server set enabled=yes keepalive-timeout=10 max-mru=1500 max-mtu=1500 /interface sstp-server server set authentication=mschap2 certificate=vpn.gal.net.ua default-profile=profile-SSTP enabled=yes force-aes=yes keepalive-timeout=30 max-mru=1400 max-mtu=1400 mrru=1600 /ip address add address=10.13.1.1/24 comment=1172-gim.hard interface=1172-gim.lvi.hard network=10.13.1.0 add address=10.12.1.254/24 comment="12-Dolyna MGNT" interface=12-dol.hard network=10.12.1.0 add address=10.14.2.1/24 comment=14-stb.mgnt interface=14-stb.mgnt network=10.14.2.0 add address=10.18.1.2/24 comment=1854-Chervonograd interface=1854-che.mgnt network=10.18.1.0 add address=10.20.1.1/24 comment=1176-gim.serv interface=1176-gim.serv network=10.20.1.0 add address=10.22.1.1/24 comment=1438-dol.serv interface=1438_dol.serv network=10.22.1.0 add address=10.23.1.1/24 comment=50-radius interface=50-radius network=10.23.1.0 add address=95.47.136.14/27 comment=1174-BackBone interface=1174-BACKBONE network=95.47.136.0 add address=192.168.0.1/24 comment=vas disabled=yes interface=1167-gim.lvi.vip network=192.168.0.0 add address=192.168.20.1/24 comment=1168-MIST interface=1168-MIST network=192.168.20.0 add address=192.168.55.51/24 comment=407_mitris.lan interface=407_mitris.lan network=192.168.55.0 add address=192.168.254.2 comment=468-dhcp.gim.tru.vip interface=468-gim.tru.vip. network=192.168.254.2 add address=192.168.254.3 comment=1167-gim.lvi.vip interface=1167-gim.lvi.vip network=192.168.254.3 add address=10.42.1.1/24 comment=3791-TRNSP_Yavir interface=bridge-3791-mgnt-yar network=10.42.1.0 add address=10.25.1.1/24 comment=52-rad interface=52-rad network=10.25.1.0 add address=10.28.1.1/24 comment=16-nk interface=16-nk network=10.28.1.0 add address=10.32.1.1/24 interface=1856-che.trnsp network=10.32.1.0 add address=192.168.0.1/24 comment=vas disabled=yes interface=1167-gim.lvi.vip network=192.168.0.0 add address=192.168.5.1/30 comment=eoip-KPP interface=eoip-tunnel-KPP network=192.168.5.0 add address=192.168.5.5/30 comment=eoip-R1 interface=eoip-R1 network=192.168.5.4 add address=100.64.0.1/30 interface=eoip-gIr network=100.64.0.0 add address=192.168.5.9/30 comment=Uzgorod interface=eoip-UZ network=192.168.5.8 add address=192.168.10.1/24 comment=1169-gim.lan interface=bridge_gim.lan network=192.168.10.0 add address=192.168.5.13/30 interface=eoip-avers network=192.168.5.12 add address=192.168.5.17/30 comment=eoip-chop interface=eoip-chop network=192.168.5.16 add address=10.13.1.1 comment=st1kuk7 interface=695-trnsp network=10.13.1.89 add address=10.17.2.1/24 comment=13_dro.orion interface=13-dro.orion network=10.17.2.0 add address=10.19.1.1/24 comment=19-r2 interface=19-r2 network=10.19.1.0 add address=10.10.70.32/24 comment=70-sidor.mgnt interface=70-sidor.mgnt network=10.10.70.0 add address=10.11.1.1/24 comment=trnsp interface=1542-trnsp network=10.11.1.0 /ip dhcp-server lease add address=95.47.136.74 comment=vas mac-address=00:23:5A:D2:65:93 server="DHCP LVI" add address=95.47.136.72 comment=OTT_luft mac-address=00:03:E6:40:67:5A server="DHCP LVI" add address=95.47.136.165 comment="epon 0/1:11 Diamond Shevchenka 26" mac-address=C0:4A:00:E1:E4:3F server="DHCP LVI" add address=95.47.136.166 comment="vip sn1upa72 port 28" mac-address=00:1F:C6:D9:86:58 server="DHCP LVI" add address=95.47.136.167 comment=NOBILIS mac-address=00:0F:61:09:FD:AC server="DHCP LVI" add address=95.47.136.171 comment="sn2upa72 port 2 ITroom" mac-address=00:1B:D5:89:69:EE server="DHCP LVI" add address=95.47.136.177 comment="pon-she313 0/2:11" mac-address=90:F6:52:40:FC:AD server="DHCP LVI" add address=192.168.0.100 comment=vas mac-address=00:00:00:00:00:01 server="DHCP LVI" add address=192.168.10.97 comment="leserjet Pro 400 MFP m425dn" mac-address=C8:CB:B8:63:A7:BE server="DHCP office (GIM)" add address=95.47.136.19 comment="epon0/2:23 Truskavecka 17" mac-address=64:66:B3:FA:9A:7B server="DHCP TRU statik vip" add address=95.47.136.50 comment=Farma mac-address=A0:F3:C1:71:C1:E9 server="DHCP LVI" add address=95.47.136.53 comment=Leotel mac-address=D4:CA:6D:37:26:CF server="DHCP LVI" add address=95.47.136.66 comment=solidbrain mac-address=00:A6:CA:6E:6C:ED add address=95.47.136.69 comment=TATAfarm mac-address=10:FE:ED:59:82:2D server="DHCP LVI" add address=95.47.136.75 always-broadcast=yes comment=Florencia mac-address=D4:CA:6D:2D:DA:04 server="DHCP LVI" add address=95.47.136.163 always-broadcast=yes comment="215 Gorodocka 85, Dubchenko" mac-address=AC:22:0B:BB:2A:11 server="DHCP LVI" add address=95.47.136.169 comment="hlibprob sh01par1 port 23" mac-address=78:02:B1:BA:F6:F0 server="DHCP LVI" add address=95.47.136.172 comment="sn1gna3 port 1" mac-address=C8:3A:35:3B:2F:70 server="DHCP LVI" add address=95.47.136.173 comment=BN-UA mac-address=D4:CA:6D:83:6B:CB server="DHCP LVI" add address=95.47.136.174 comment="pon-she313 epon 1/2:12" mac-address=BC:EE:7B:67:6F:FD server="DHCP LVI" add address=95.47.136.176 comment="pon-ban18 epon0/2:6" mac-address=F8:D1:11:9C:FA:F7 server="DHCP LVI" add address=192.168.10.99 comment=Printer mac-address=80:C1:6E:90:64:B6 server="DHCP office (GIM)" add address=192.168.10.100 comment=win7 mac-address=00:0C:29:B9:3D:59 server="DHCP office (GIM)" add address=192.168.10.90 comment=testPC mac-address=00:21:00:FC:C5:4A server="DHCP office (GIM)" add address=95.47.136.73 comment=terminal mac-address=08:81:F4:CF:6F:80 server="DHCP LVI" add address=95.47.136.51 always-broadcast=yes comment=Mitris_WAN mac-address=00:26:55:11:DD:3C server="DHCP LVI" add address=95.47.136.52 mac-address=00:26:55:11:DD:3E server="DHCP LVI" add address=95.47.136.78 comment="DiamantBANK dor15" mac-address=50:3D:E5:EB:54:05 server="DHCP LVI" add address=192.168.10.91 client-id=1:0:23:5a:d2:65:93 mac-address=00:23:5A:D2:65:93 server="DHCP office (GIM)" add address=95.47.136.80 comment=NK_Kapitel mac-address=34:17:EB:EC:CF:EC server="DHCP LVI" add address=95.47.136.88 comment="sh1gor44 port 8" mac-address=C0:4A:00:E2:96:D9 add address=95.47.136.70 comment=Luft mac-address=FC:AA:14:1C:B0:BD server="DHCP LVI" add address=192.168.10.101 client-id=1:ce:57:f1:71:b:ef mac-address=CE:57:F1:71:0B:EF server="DHCP office (GIM)" add address=192.168.10.92 mac-address=FC:3C:D7:B0:10:7B server="DHCP office (GIM)" add address=192.168.10.80 comment=pm1upa72 mac-address=3C:0B:59:4A:70:8C server="DHCP office (GIM)" add address=192.168.10.81 comment=pm2upa72 mac-address=3C:0B:59:23:6F:E1 server="DHCP office (GIM)" add address=192.168.10.82 comment=" pm3upa72" mac-address=3C:0B:59:23:75:8F server="DHCP office (GIM)" add address=192.168.55.52 comment=pm1.dol mac-address=48:55:19:5C:3E:84 server=dhcp2 add address=192.168.55.53 comment=pm2.dol mac-address=4C:EB:D6:AF:1D:B5 server=dhcp2 add address=192.168.55.54 comment=pm3.dol mac-address=4C:EB:D6:AF:17:72 server=dhcp2 add address=192.168.55.55 comment=cam1.dol mac-address=00:12:16:A5:77:05 server=dhcp2 add address=192.168.10.146 client-id=1:dc:1e:d5:1c:4a:8 comment=Upa72 mac-address=DC:1E:D5:1C:4A:08 server="DHCP office (GIM)" /ip dhcp-server network add address=10.13.1.0/24 gateway=10.13.1.1 add address=95.47.136.16/28 comment="468 gim.tru.statik.vip" dns-server=95.47.136.12,95.47.136.8 gateway=95.47.136.17 netmask=28 add address=95.47.136.48/28 comment=1167-gim.lvi.vip dns-server=95.47.136.8,95.47.136.12 gateway=95.47.136.49 netmask=28 add address=95.47.136.64/27 comment=1167-LVI-statik-2 dns-server=95.47.136.12,95.47.136.8 gateway=95.47.136.65 netmask=28 add address=95.47.136.160/27 comment=1167-lviv.static-3 dns-server=95.47.136.8 domain=95.47.136.12 gateway=95.47.136.161 netmask=27 add address=172.16.2.0/24 comment="1170-NAT LVIV" dns-server=172.16.2.2,172.16.2.3 domain=mediamax.lan gateway=172.16.2.1 netmask=24 add address=192.168.0.0/24 comment=vas dns-server=8.8.8.8 domain=zamahav.vas gateway=192.168.0.1 netmask=24 add address=192.168.10.0/24 comment=1169-gim.lan dns-server=192.168.10.251 domain=gim.lan gateway=192.168.10.1 netmask=24 add address=192.168.20.0/24 comment=MIST dns-server=8.8.8.8 gateway=192.168.20.1 netmask=24 add address=192.168.55.0/24 dns-server=8.8.8.8 gateway=192.168.55.51 /ip dns set servers=10.20.1.251 /ip dns static add address=192.168.88.1 name=router /ip firewall address-list add address=10.12.1.0/24 list=admin add address=192.168.100.38 list=ortynskii&co add address=192.168.100.32 list=ortynskii&co add address=192.168.100.37 list=ortynskii&co add address=192.168.100.0/24 list=admin add address=10.13.1.1 list=admin add address=10.20.1.250 list=admin add address=192.168.4.0/28 list=admin add address=172.16.25.0/24 list=MUK-access add address=10.20.1.250 list=MUK-access add address=192.168.100.10 list=MUK-access add address=192.168.100.42-192.168.100.44 list=access-dol.hard add address=192.168.100.11 list=MUK-access add address=172.16.25.0/24 list=lan2lan.trust add address=172.16.35.0/24 list=lan2lan.trust add address=192.168.10.0/24 list=admin add address=10.35.1.0/24 list=R1 add address=10.36.100.0/24 list=R1 add address=192.168.100.26 list=MUK-access add address=10.20.1.11 list=admin add address=172.16.25.0/24 list=admin add address=10.37.1.0/24 list=R1 add address=185.17.127.74 list=admin add address=95.46.108.0/24 list=admin add address=194.44.208.70 list=admin add address=93.170.114.26 list=admin /ip firewall filter add action=accept chain=input comment=ICMP protocol=icmp add action=accept chain=input comment=DIC connection-state=established add action=accept chain=input connection-state=related add action=drop chain=input connection-state=invalid add action=accept chain=forward connection-state=established add action=accept chain=forward connection-state=related add action=drop chain=forward connection-state=invalid disabled=yes add action=accept chain=forward comment=R2 dst-address=10.13.1.250 src-address=10.19.1.0/24 add action=accept chain=input comment=allow_VPN dst-port=1723 in-interface=1174-BACKBONE protocol=tcp add action=accept chain=input in-interface=1174-BACKBONE protocol=gre add action=accept chain=input dst-port=443 protocol=tcp add action=accept chain=input dst-port=500,1701,4500 protocol=udp add action=accept chain=input disabled=yes dst-port=500,1701,4500 protocol=tcp add action=accept chain=forward comment=forward_from_o.tufanov src-address=192.168.100.200-192.168.100.205 add action=accept chain=forward comment=mitris dst-address=192.168.55.0/24 src-address=192.168.100.49-192.168.100.50 add action=accept chain=forward src-address=172.16.25.0/24 add action=accept chain=forward comment=serv-2_all src-address=10.20.1.0/24 add action=accept chain=input comment=allow_from_admin src-address-list=admin add action=drop chain=input add action=accept chain=input comment=MIST disabled=yes dst-address=192.168.20.0/24 src-address=172.16.3.31 add action=accept chain=input disabled=yes dst-address=192.168.10.1 src-address=172.16.3.31 add action=accept chain=forward disabled=yes out-interface=ether1 src-address=172.16.3.31 add action=drop chain=forward disabled=yes src-address=172.16.3.31 add action=accept chain=forward comment="allow forward from lan2lan" src-address-list=lan2lan.trust add action=accept chain=forward disabled=yes dst-address=10.20.1.250 src-address=172.16.0.0/16 add action=drop chain=forward disabled=yes src-address=172.16.0.0/16 add action=accept chain=forward comment=VPN-dol.customers out-interface=1174-BACKBONE src-address-list=access-dol.hard add action=accept chain=forward out-interface=12-dol.hard src-address-list=access-dol.hard add action=accept chain=forward dst-address=192.168.10.0/24 src-address-list=access-dol.hard add action=drop chain=forward disabled=yes src-address-list=access-dol.hard add action=accept chain=forward comment=forward_2_R1 dst-address-list=R1 src-address-list=admin add action=drop chain=forward disabled=yes out-interface=l2tp-lan2lan-otufanov add action=accept chain=forward comment=s.Girske dst-address=10.20.1.250 src-address=100.64.1.0/24 add action=accept chain=forward dst-address=10.20.1.250 src-address=100.64.0.0/30 add action=accept chain=forward dst-address=100.64.1.0/24 src-address=10.20.1.51 add action=drop chain=forward in-interface=eoip-gIr add action=drop chain=forward out-interface=eoip-gIr add action=accept chain=forward comment=UZ dst-address=192.168.5.10 out-interface=eoip-UZ add action=accept chain=forward dst-address=100.80.10.0/24 add action=accept chain=forward dst-address=10.20.1.34 src-address=192.168.5.10 add action=accept chain=forward comment=muk.gw.backup dst-address=192.168.4.5 add action=drop chain=forward disabled=yes out-interface=eoip-UZ add action=accept chain=forward comment=Mitris out-interface=1174-BACKBONE src-address=192.168.55.0/24 add action=drop chain=forward src-address=192.168.55.0/24 add action=accept chain=forward comment=CHOP-eoip dst-address=95.47.136.10 src-address=10.0.0.0/21 add action=accept chain=forward dst-address=95.47.136.10 src-address=10.0.8.0/24 add action=accept chain=forward src-address=95.47.136.10 add action=drop chain=forward out-interface=eoip-chop add action=accept chain=forward comment=forward_KPP dst-address=10.20.1.0/24 add action=drop chain=forward in-interface=eoip-tunnel-KPP add action=drop chain=input disabled=yes src-address=172.16.3.31 add action=accept chain=forward comment=VPN_iryna dst-address=192.168.55.0/24 src-address=192.168.100.51 add action=drop chain=forward src-address=192.168.100.51 add action=drop chain=forward comment=70-sidor.mgnt out-interface=70-sidor.mgnt src-address=!10.20.1.0/24 add action=drop chain=forward in-interface=70-sidor.mgnt /ip firewall nat add action=dst-nat chain=dstnat comment=TMP disabled=yes dst-address=95.47.136.14 dst-port=8292 protocol=tcp to-addresses=10.20.1.110 to-ports=8291 add action=masquerade chain=srcnat dst-address=10.20.1.110 add action=masquerade chain=srcnat comment=nat_2_sidor dst-address=10.10.70.0/24 src-address=10.20.1.0/24 add action=masquerade chain=srcnat comment=nat_alma_2_yar dst-address=10.42.1.0/24 src-address=10.20.1.250 add action=masquerade chain=srcnat comment=nat_alma_2_yar dst-address=172.17.147.0/24 src-address=10.20.1.250 add action=dst-nat chain=dstnat comment=dstnat_2_RDP disabled=yes dst-address=95.47.136.14 dst-port=3389 protocol=tcp src-address-list=admin to-addresses=192.168.10.100 to-ports=3389 add action=dst-nat chain=dstnat comment=dstnat_2_RDP dst-address=95.47.136.14 dst-port=3390 protocol=tcp src-address-list=admin to-addresses=192.168.10.101 to-ports=3389 add action=dst-nat chain=dstnat comment=pve1 dst-address=95.47.136.14 dst-port=8006 protocol=tcp src-address-list=admin to-addresses=10.20.1.59 add action=dst-nat chain=dstnat comment=pv2 dst-address=95.47.136.14 dst-port=8007 protocol=tcp src-address-list=admin to-addresses=10.20.1.62 to-ports=8006 add action=dst-nat chain=dstnat comment=pv3 dst-address=95.47.136.14 dst-port=8008 protocol=tcp src-address-list=admin to-addresses=10.20.1.65 to-ports=8006 add action=masquerade chain=srcnat comment=otufanov_2_R1 dst-address-list=R1 src-address=192.168.100.200-192.168.100.205 add action=masquerade chain=srcnat dst-address=10.32.1.0/24 src-address=192.168.100.200-192.168.100.205 add action=masquerade chain=srcnat comment=o.tufanov_vpn_2_serv out-interface=1176-gim.serv src-address=192.168.100.200-192.168.100.205 add action=masquerade chain=srcnat comment=otufanov_2_lvi.hard dst-address=10.13.1.0/24 out-interface=1172-gim.lvi.hard src-address=192.168.100.200-192.168.100.205 add action=masquerade chain=srcnat dst-address=10.28.1.0/24 out-interface=16-nk src-address=192.168.100.200-192.168.100.205 add action=masquerade chain=srcnat comment=o.tufanovVPN_2_dol.hard dst-address=10.12.1.0/24 out-interface=12-dol.hard src-address=192.168.100.200-192.168.100.205 add action=masquerade chain=srcnat comment=NAT_otufanov_2_KPP.sw disabled=yes dst-address=192.168.12.0/24 src-address=192.168.100.200-192.168.100.205 add action=dst-nat chain=dstnat disabled=yes dst-port=8181 protocol=tcp to-addresses=192.168.4.4 to-ports=80 add action=masquerade chain=srcnat dst-address=192.168.4.4 add action=masquerade chain=srcnat dst-address=10.20.1.0/24 src-address=192.168.100.46/31 add action=masquerade chain=srcnat dst-address=192.168.55.0/24 src-address=192.168.100.49 add action=masquerade chain=srcnat comment="1172-gim.hard NAT" disabled=yes src-address=10.13.1.0/24 add action=accept chain=srcnat dst-address=172.16.25.0/24 src-address=192.168.10.0/24 add action=masquerade chain=srcnat comment="lan2lan -> gim.hard" dst-address=10.13.1.0/24 out-interface=1172-gim.lvi.hard src-address-list=lan2lan.trust add action=masquerade chain=srcnat comment="lan2lan -> dol.hard" dst-address=10.12.1.0/24 out-interface=12-dol.hard src-address-list=lan2lan.trust add action=masquerade chain=srcnat comment=nat_WIN7_2_yavir disabled=yes dst-address=10.42.1.0/24 out-interface=3791-TRNSP_Yar-eth1 src-address=192.168.10.100 add action=masquerade chain=srcnat comment=nat_WIN7_2_serv dst-address=10.20.1.0/24 out-interface=1176-gim.serv src-address=192.168.10.100 add action=masquerade chain=srcnat src-address=10.42.1.0/24 add action=masquerade chain=srcnat comment=vas out-interface=1174-BACKBONE src-address=192.168.0.100 add action=masquerade chain=srcnat comment="NAT customers" out-interface=1174-BACKBONE src-address=172.16.2.0/24 add action=masquerade chain=srcnat comment=gim.serv out-interface=1174-BACKBONE src-address=10.20.1.0/24 add action=masquerade chain=srcnat comment=office_GIM_NAT out-interface=1174-BACKBONE src-address=192.168.10.0/24 add action=masquerade chain=srcnat comment="for cacty (DOL)" disabled=yes dst-address=10.13.1.0/24 out-interface=1172-gim.lvi.hard src-address=10.20.1.0/24 add action=masquerade chain=srcnat comment="m.kushnir 2 hard" dst-address=10.13.1.0/24 out-interface=1172-gim.lvi.hard src-address=192.168.100.17 add action=masquerade chain=srcnat comment=MIST out-interface=1174-BACKBONE src-address=192.168.20.0/24 add action=masquerade chain=srcnat comment=vpn_2_mist_PC dst-address=192.168.20.0/24 out-interface=1168-MIST src-address=192.168.100.31 add action=masquerade chain=srcnat comment="gim.serv 2 dol.hard" dst-address=10.12.1.0/24 out-interface=12-dol.hard src-address=10.20.1.0/24 add action=masquerade chain=srcnat comment=407_mitris.lan.NAT out-interface=1174-BACKBONE src-address=192.168.55.0/24 add action=masquerade chain=srcnat comment=v.lutvun_2_gim.hard dst-address=10.13.1.0/24 out-interface=1172-gim.lvi.hard src-address=192.168.100.11 add action=masquerade chain=srcnat comment=dol.serv.nat out-interface=1174-BACKBONE src-address=10.22.1.0/24 add action=masquerade chain=srcnat comment=esxi-dol dst-address=10.20.1.0/24 out-interface=1176-gim.serv src-address=10.22.1.8 add action=masquerade chain=srcnat comment=1169_lvi.office out-interface=1174-BACKBONE src-address=192.168.100.0/24 add action=masquerade chain=srcnat comment="v.lytvyn to dol.hard" dst-address=10.12.1.0/24 out-interface=12-dol.hard src-address=192.168.100.11 add action=masquerade chain=srcnat comment="v.lytvyn to dol.serv" dst-address=10.22.1.0/24 out-interface=1438_dol.serv src-address=192.168.100.11 add action=masquerade chain=srcnat comment="monitor 2 dob" dst-address=10.44.1.0/24 src-address=10.20.1.250 add action=masquerade chain=srcnat comment=NAT_otufanovHOME_2_DOB dst-address=10.44.1.0/24 src-address=172.16.25.0/24 add action=masquerade chain=srcnat comment="NAT-dol.cust 2 dol.hard" out-interface=12-dol.hard src-address-list=access-dol.hard add action=masquerade chain=srcnat comment="v.lytvyn to gim.serv" dst-address=10.20.1.0/24 out-interface=1176-gim.serv src-address=192.168.100.11 add action=masquerade chain=srcnat comment=NAT_Vitalik_2_nk.hard dst-address=10.28.1.0/24 out-interface=16-nk src-address=192.168.100.45 add action=masquerade chain=srcnat dst-address=10.19.1.0/24 out-interface=19-r2 src-address=192.168.100.45 add action=dst-nat chain=dstnat comment=QNAP dst-port=8081 protocol=tcp src-address-list=admin to-addresses=10.20.1.44 to-ports=8081 add action=dst-nat chain=dstnat comment=gw-muk.backup dst-address=95.47.136.14 dst-port=8182 protocol=tcp to-addresses=192.168.4.5 to-ports=80 add action=masquerade chain=srcnat dst-address=192.168.4.5 add action=masquerade chain=srcnat comment=2funOFF_NAT out-interface=1174-BACKBONE src-address=172.16.25.0/24 add action=dst-nat chain=dstnat comment=MT_4_test disabled=yes dst-port=8088 protocol=tcp src-address-list=admin to-addresses=10.20.1.32 to-ports=80 add action=masquerade chain=srcnat comment=nat-poncontrol_2_pon-sanstancia dst-address=10.42.1.64 src-address=10.20.1.51 /ip route add check-gateway=ping comment=default distance=1 gateway=95.47.136.1 add comment=CHOP-cust distance=1 dst-address=10.0.0.0/21 gateway=192.168.5.18 add comment=CHOP-cust distance=1 dst-address=10.0.8.0/24 gateway=192.168.5.18 add comment=R1-HW distance=1 dst-address=10.35.1.0/24 gateway=192.168.5.6 add comment=R1-srv distance=1 dst-address=10.36.100.0/24 gateway=192.168.5.6 add comment=R1_outdoor_HW distance=1 dst-address=10.37.1.0/24 gateway=192.168.5.6 add comment=yar_wifi distance=1 dst-address=10.43.1.0/24 gateway=10.42.1.17 add distance=1 dst-address=10.60.1.0/24 gateway=10.20.1.50 add comment=muk.hard distance=1 dst-address=10.62.1.0/24 gateway=10.20.1.50 add comment=muk.hard distance=1 dst-address=10.66.1.0/24 gateway=10.20.1.50 add comment=s.Girske.mgnt.hw distance=1 dst-address=100.64.1.0/24 gateway=100.64.0.2 add comment=UZ-hw distance=1 dst-address=100.80.10.0/24 gateway=192.168.5.10 add comment=avers-mgnt distance=1 dst-address=172.17.10.0/24 gateway=192.168.5.14 add comment=yar.mgnt distance=1 dst-address=172.17.147.0/24 gateway=10.42.1.17 add comment=KPP-HW distance=1 dst-address=192.168.12.0/24 gateway=192.168.5.2 add comment=s.Girske_wifi distance=1 dst-address=192.168.13.20/31 gateway=100.64.0.2 add comment=ST_LVM-20-S distance=1 dst-address=192.168.20.2/32 gateway=192.168.5.2 add comment=ST_MUK-30 distance=1 dst-address=192.168.30.0/30 gateway=192.168.5.2 add comment=S-TRANS_uzgorod distance=1 dst-address=192.168.40.0/24 gateway=192.168.5.2 add comment=ST_KY1-50-R distance=1 dst-address=192.168.50.0/30 gateway=192.168.5.2 add comment=ST_IR-70-R distance=1 dst-address=192.168.70.0/29 gateway=192.168.5.2 add comment=ST_RI-80-R distance=1 dst-address=192.168.80.0/29 gateway=192.168.5.2 add comment=ST_LV2-90-R distance=1 dst-address=192.168.90.0/29 gateway=192.168.5.2 add comment=null distance=1 dst-address=192.168.100.0/24 gateway=null add comment=S-TRANS_vinnytsia distance=1 dst-address=192.168.100.0/24 gateway=192.168.5.2 add comment=S-TRANS_khmelnytsk distance=1 dst-address=192.168.110.0/24 gateway=192.168.5.2 add comment=ST_KY2-120-R distance=1 dst-address=192.168.120.0/24 gateway=192.168.5.2 add comment=ST_LU-130 distance=1 dst-address=192.168.130.0/29 gateway=192.168.5.2 add comment=ST_ZH-140-S distance=1 dst-address=192.168.140.0/29 gateway=192.168.5.2 add comment=ST_TE-150 distance=1 dst-address=192.168.150.0/29 gateway=192.168.5.2 add comment=ST_CHE-160-R distance=1 dst-address=192.168.160.0/29 gateway=192.168.5.2 add comment=ST_OD-180-R distance=1 dst-address=192.168.180.0/29 gateway=192.168.5.2 add comment=ST_DN-190 distance=1 dst-address=192.168.190.0/29 gateway=192.168.5.2 add comment=ST_SLI-200-R distance=1 dst-address=192.168.200.0/24 gateway=192.168.5.2 add comment=ST_LVM-210-R distance=1 dst-address=192.168.210.0/29 gateway=192.168.5.2 add comment=ST_VOZ-215-R distance=1 dst-address=192.168.215.0/30 gateway=192.168.5.2 add comment=ST_FR-216 distance=1 dst-address=192.168.216.0/29 gateway=192.168.5.2 add comment=ST_GOS-218-R distance=1 dst-address=192.168.218.0/29 gateway=192.168.5.2 add comment=ST_KRO-220-R distance=1 dst-address=192.168.220.0/29 gateway=192.168.5.2 add comment=X2-222 distance=1 dst-address=192.168.222.0/24 gateway=192.168.5.2 add comment=ST_LV3-223 distance=1 dst-address=192.168.223.0/30 gateway=192.168.5.2 add comment=ST_KY4-224-R distance=1 dst-address=192.168.224.0/24 gateway=192.168.5.2 add comment=BUD-225 distance=1 dst-address=192.168.225.0/30 gateway=192.168.5.2 add comment=ST_KRI-226 distance=1 dst-address=192.168.226.0/29 gateway=192.168.5.2 add comment=ST-MK2-227 distance=1 dst-address=192.168.227.0/29 gateway=192.168.5.2 add comment=ST_LV4-228 distance=1 dst-address=192.168.228.0/29 gateway=192.168.5.2 add comment=ST_VI2-230 distance=1 dst-address=192.168.230.0/29 gateway=192.168.5.2 add comment=ST_KY3-231 distance=1 dst-address=192.168.231.0/30 gateway=192.168.5.2 add comment=ST_BRO-232-R distance=1 dst-address=192.168.232.0/30 gateway=192.168.5.2 add comment=ST_UM-233 distance=1 dst-address=192.168.233.0/29 gateway=192.168.5.2 add comment=CHO-234 distance=1 dst-address=192.168.234.0/29 gateway=192.168.5.2 add comment=STOK-235 distance=1 dst-address=192.168.235.0/30 gateway=192.168.5.2 add comment=ST_PER-236-R distance=1 dst-address=192.168.236.0/30 gateway=192.168.5.2 add comment=ST_KHE-238 distance=1 dst-address=192.168.238.0/30 gateway=192.168.5.2 add comment=ST_KDR-239 distance=1 dst-address=192.168.239.0/30 gateway=192.168.5.2 add comment=ST_HA-240-R distance=1 dst-address=192.168.240.0/30 gateway=192.168.5.2 add comment=ST_BC-241-R distance=1 dst-address=192.168.241.0/29 gateway=192.168.5.2 add comment=ST_KO-242-R distance=1 dst-address=192.168.242.0/29 gateway=192.168.5.2 add comment=ST_SA-243-S distance=1 dst-address=192.168.243.0/30 gateway=192.168.5.2 add comment=LSR-244-R distance=1 dst-address=192.168.244.0/30 gateway=192.168.5.2 add comment=ST_MK-245 distance=1 dst-address=192.168.245.0/29 gateway=192.168.5.2 add comment=ST_CHK-246 distance=1 dst-address=192.168.246.0/30 gateway=192.168.5.2 add comment=ST_IFR-247-R distance=1 dst-address=192.168.247.0/29 gateway=192.168.5.2 add comment=ST_OST-248-R distance=1 dst-address=192.168.248.0/24 gateway=192.168.5.2 add comment=ST_GOM-248-R distance=1 dst-address=192.168.248.0/29 gateway=192.168.5.2 add comment=ST_ZP-249 distance=1 dst-address=192.168.249.0/29 gateway=192.168.5.2 add comment=ST_ZP-249-S distance=1 dst-address=192.168.249.2/32 gateway=192.168.5.2 add comment=KRM-251 distance=1 dst-address=192.168.251.0/30 gateway=192.168.5.2 add comment=ST_PO-253-R distance=1 dst-address=192.168.253.0/29 gateway=192.168.5.2 add comment=ST_PO-253-R distance=1 dst-address=192.168.253.2/32 gateway=192.168.5.2 /ip service set telnet disabled=yes set ftp disabled=yes set www port=81 set www-ssl certificate=mikroTik.ca.cert.pem_0 set api disabled=yes set api-ssl disabled=yes /ppp secret add name=otufanov password=vonafuto profile=profile-L2TP remote-address=192.168.100.10 service=l2tp add local-address=192.168.10.1 name=v.lytvyn password=dfcbkm14 remote-address=192.168.100.11 service=pptp add local-address=192.168.10.1 name=a.laba password=die4Ohfohg remote-address=192.168.100.13 service=pptp add local-address=192.168.10.1 name=m.kushnir password=nhfgfnjyS2 remote-address=192.168.100.17 service=pptp add local-address=192.168.10.1 name=m.bodnar password=eiGah8ei2e remote-address=192.168.100.19 service=pptp add local-address=192.168.10.1 name=yu.sydorak password=beexahM1ah remote-address=192.168.100.20 service=pptp add local-address=192.168.10.1 name=o.havryliuk password=uiwie2Miu3 remote-address=192.168.100.21 service=pptp add local-address=192.168.10.1 name=i.kuleba password=fiShees3qu remote-address=192.168.100.22 service=pptp add disabled=yes local-address=192.168.10.1 name=a.tufanov password=a.tufanov123 remote-address=192.168.100.23 service=pptp add name=o.tufanov-l2tp password=vonafuto profile=profile-L2TP_otufanov routes=192.168.100.0/24,192.168.10.0/24,10.13.1.0/24 service=l2tp add local-address=192.168.10.1 name=yu.heyko password=yu.heyko123 remote-address=192.168.100.29 service=pptp add local-address=192.168.10.1 name=l.lesko password=24012013 remote-address=192.168.100.30 service=pptp add local-address=192.168.10.1 name=mist password=uBahLiah2f remote-address=192.168.100.31 service=pptp add local-address=192.168.4.1 name=lan2lan-otufanov password=lan2lanpassword profile=profile-L2TP remote-address=192.168.4.2 service=l2tp add local-address=192.168.4.1 name=lan2lan-muk password=lan2lan-muk profile=lan2lan remote-address=192.168.4.3 service=pptp add local-address=192.168.10.1 name=tech1 password=tech1tech remote-address=192.168.100.40 service=pptp add local-address=192.168.10.1 name=tech2 password=tech2tech remote-address=192.168.100.41 service=pptp add local-address=192.168.10.1 name=vlad.po password=aiTh1z remote-address=192.168.100.42 service=pptp add local-address=192.168.10.1 name=drohobych password=Geis5J remote-address=192.168.100.43 service=pptp add disabled=yes local-address=192.168.10.1 name=office_orion password=Weu0Qu remote-address=192.168.100.44 service=pptp add name=v.shchepaniak password=xuu9mahVah profile=profile-SSTP remote-address=192.168.100.45 service=sstp add local-address=192.168.4.1 name=lan2lan-vas password=lan2lan-vas123 profile=lan2lan remote-address=192.168.4.4 service=pptp add disabled=yes local-address=192.168.10.1 name=minerN password=minerN remote-address=192.168.100.47 service=pptp add local-address=192.168.4.1 name=gw-muk password=gw-muk2 remote-address=192.168.4.5 service=pptp add local-address=192.168.100.1 name=d.leshchenko password=Zei9oor0Ee remote-address=192.168.100.48 service=pptp add name=otufanov-sstp password=vonafuto profile=profile-SSTP remote-address=192.168.100.10 service=sstp add name=v.lytvyn-sstp password=dfcbkm14 profile=profile-SSTP remote-address=192.168.100.11 service=sstp add disabled=yes name=pasha password=eiph3Aich1 profile=profile-L2TP remote-address=192.168.100.12 service=l2tp add local-address=192.168.10.1 name=o.tufanov password=vonafuto remote-address=192.168.100.26 routes=192.168.100.0/24,192.168.10.0/24,10.13.1.0/24 service=pptp add limit-bytes-in=10000000 limit-bytes-out=10000000 name=mitris password=cie1gei8chae1ohgheVa profile=profile-L2TP remote-address=192.168.100.49 service=l2tp add local-address=192.168.4.1 name=lan2lan-R1 password=lan2lanpasswordR1 profile=profile-L2TP remote-address=192.168.4.6 service=l2tp add limit-bytes-in=10000000 limit-bytes-out=10000000 name=leon password=ouNgu2He9i profile=profile-L2TP remote-address=192.168.100.50 service=l2tp add name=iryna password=Daingoobe3na1tu profile=profile-SSTP remote-address=192.168.100.51 service=sstp /routing filter add action=accept chain=ospf-in disabled=yes prefix=172.16.25.0/24 add action=discard chain=ospf-in disabled=yes prefix=0.0.0.0/0 prefix-length=0-128 add action=discard chain=ospf-in disabled=yes prefix=0.0.0.0/0 add action=discard chain=ospf-out prefix=95.47.136.0/28 add action=discard chain=ospf-out prefix=95.47.136.0/28 prefix-length=0-128 add action=accept chain=ospf-in-2funoff prefix=172.16.25.0/24 prefix-length=24 add action=discard chain=ospf-in-2funoff add action=accept chain=ospf-out-2funoff prefix=10.20.1.0/24 prefix-length=24 add action=accept chain=ospf-out-2funoff prefix=10.13.1.0/24 prefix-length=24 add action=accept chain=ospf-out-2funoff prefix=192.168.10.0/24 prefix-length=24 add action=accept chain=ospf-out-2funoff prefix=10.42.1.0/24 prefix-length=24 add action=accept chain=ospf-out-2funoff prefix=10.35.1.0/24 prefix-length=24 add action=discard chain=ospf-out-2funoff /routing ospf interface add disabled=yes interface=lan2lan-muk network-type=broadcast add interface=lan2lan-vas network-type=broadcast add authentication=md5 authentication-key=2funoff interface=l2tp-lan2lan-otufanov network-type=broadcast /routing ospf network add area=backbone network=192.168.4.0/28 add area=area-2funoff comment=2funoff network=192.168.4.2/32 /snmp set contact=hostmaste@gal.net.ua enabled=yes location=vzm12 /system clock set time-zone-autodetect=no time-zone-name=Europe/Kiev /system identity set name=vpn.gal.net.ua /system ntp client set enabled=yes server-dns-names=0.ua.pool.ntp.org,2.ua.pool.ntp.org,3.ua.pool.ntp.org /system package update set channel=long-term /tool bandwidth-server set authenticate=no max-sessions=20 /tool mac-server set allowed-interface-list=mac-winbox /tool mac-server mac-winbox set allowed-interface-list=mac-winbox /tool mac-server ping set enabled=no /tool romon set enabled=yes secrets=romongim