Fri Jul 09, 2021 10:41 am
/ip ipsec profile
add dh-group=modp1024 dpd-interval=3m20s dpd-maximum-failures=20 \
enc-algorithm=aes-256,3des name=profile2
/ip ipsec peer
# This entry is unreachable
add name=peer33 passive=yes profile=profile2
/ip ipsec proposal
add enc-algorithms=aes-256-cbc,3des lifetime=0s name=proposal11 pfs-group=\
none
/ip pool
add name=dhcp_pool0 ranges=192.168.11.50-192.168.11.254
add name=vpn_pool1 ranges=172.8.99.2-172.8.99.254
add name=vpn_pool2 ranges=172.9.99.2-172.9.99.254
/ppp profile
add change-tcp-mss=yes dns-server=1.1.1.1 local-address=6.7.8.17 name=\
profile1 only-one=no remote-address=vpn_pool1 use-encryption=required
add local-address=7.3.6.3 name=profile2 remote-address=vpn_pool2
add change-tcp-mss=yes dns-server=1.1.1.1 local-address=6.7.10.17 name=\
profile3 only-one=no remote-address=vpn_pool2 use-encryption=required
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=profile1 enabled=yes \
keepalive-timeout=disabled max-mru=1480 max-mtu=1480 use-ipsec=yes
/interface pptp-server server
set default-profile=profile2
/ip address
add address=Isp1PublicIP interface=ether1 network=gatewayisp1
add address=Isp2PublicIP interface=ether2 network=gatewayisp2
/ip dhcp-client
add add-default-route=no disabled=no interface=ether8
/ip dns
set servers=8.8.8.8
/ip firewall address-list
add address=172.8.99.0/24 list="VPN Users"
add address=10.0.101.0/24 list=Cloud
add address=192.168.200.0/22 list=200pips
add address=192.168.21.0/24 list=21pips
add address=someip list="ABU IP"
add address=someip list="ABU IP"
add address=someip list="ABU IP"
add address=192.168.1.0/24 list=APPpips
add address=172.9.99.0/24 list="VPN GlobeUsers"
/ip firewall filter
add action=drop chain=input protocol=icmp src-address-list="!ABU IP"
add action=accept chain=input dst-port=1701 protocol=udp
add action=accept chain=forward disabled=yes dst-address-list=Cloud \
src-address-list="VPN Users"
/ip firewall nat
add action=masquerade chain=srcnat dst-address-list=Cloud out-interface=\
ether8 src-address-list="VPN Users"
add action=masquerade chain=srcnat dst-address-list=Cloud out-interface=\
ether8 routing-mark=VPN_GLOBE src-address-list="VPN GlobeUsers"
add action=masquerade chain=srcnat dst-address-list=21pips out-interface=\
ether8 src-address-list="VPN Users"
add action=masquerade chain=srcnat dst-address-list=21pips out-interface=\
ether8 routing-mark=VPN_GLOBE src-address-list="VPN GlobeUsers"
add action=masquerade chain=srcnat dst-address-list=200pips out-interface=\
ether8 src-address-list="VPN Users"
add action=masquerade chain=srcnat dst-address-list=200pips out-interface=\
ether8 routing-mark=VPN_GLOBE src-address-list="VPN GlobeUsers"
add action=masquerade chain=srcnat dst-address-list=APPpips out-interface=\
ether8 src-address-list="VPN Users"
add action=masquerade chain=srcnat dst-address-list=APPpips out-interface=\
ether8 routing-mark=VPN_GLOBE src-address-list="VPN GlobeUsers"
add action=masquerade chain=srcnat src-address-list="VPN Users"
add action=masquerade chain=srcnat routing-mark=VPN_GLOBE src-address-list=\
"VPN GlobeUsers"
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip ipsec identity
add generate-policy=port-override peer=peer33
/ip ipsec policy
add proposal=proposal11 template=yes
/ip route
add distance=1 gateway=GatewayIsp1 routing-mark=VPN_GLOBE
add distance=1 gateway=GatewayIsp2
add distance=1 dst-address=10.0.101.0/24 gateway=192.168.200.1
add distance=1 dst-address=192.168.1.0/24 gateway=192.168.200.118
add distance=1 dst-address=192.168.21.0/24 gateway=192.168.200.1
add distance=1 dst-address=192.168.170.0/24 gateway=192.168.200.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox port=8825
set api-ssl disabled=yes
/ppp secret
#I removed some users
add name=vpn_abu profile=profile1 service=l2tp
add name=csc profile=profile1 service=l2tp
add name=abu_alsons profile=profile3 service=l2tp
/system clock
set time-zone-name=Asia/Manila
/system identity
set name=ABU-VPN
/system logging
add topics=firewall
/system ntp client
set enabled=yes primary-ntp=121.58.193.100
/tool mac-server
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
/tool user-manager database
set db-path=user-manager