Mikrotik with lte
Code: Select all
# aug/05/2021 15:15:03 by RouterOS 6.45.9
# software id = VN4Y-X7BI
#
# model = RBwAPGR-5HacD2HnD
# serial number = E1850D704044
/ip ipsec profile
add dh-group=modp1024 dpd-interval=5s enc-algorithm=des name=fortigate
/ip ipsec peer
add address=178.183.140.183/32 exchange-mode=aggressive name=fortigate profile=fortigate
/ip ipsec proposal
add enc-algorithms=des name=fortigate pfs-group=none
/ip ipsec identity
add my-id=key-id:14 peer=fortigate secret=xXxXXX
/ip ipsec policy
add dst-address=192.168.15.0/24 peer=fortigate proposal=fortigate sa-dst-address=178.183.140.183 \
sa-src-address=0.0.0.0 src-address=192.168.14.0/24 tunnel=yes
[admin@MikroTik] >
Code: Select all
[admin@MikroTik] > /ip address export
# aug/05/2021 15:18:21 by RouterOS 6.45.9
# software id = VN4Y-X7BI
#
# model = RBwAPGR-5HacD2HnD
# serial number = E1850D704044
/ip address
add address=192.168.14.254/24 comment=defconf interface=ether1 network=192.168.14.0
Code: Select all
/ip firewall filter
add action=accept chain=forward dst-address=192.168.15.0/24 ipsec-policy=out,none src-address=\
192.168.14.0/24
add action=accept chain=forward dst-address=192.168.14.0/24 ipsec-policy=in,none src-address=\
192.168.15.0/24
add action=accept chain=input comment="defconf: accept established,related,untracked" \
connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=\
127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=\
established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" \
connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.15.0/24 src-address=192.168.14.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none \
out-interface-list=WAN