I can access to network devices by HTTP/HTTPS and do ping.
I use this tutorial: https://www.youtube.com/watch?v=oeSgOurbkr8
Local Network: 192.168.1.0/24 (192.168.1.1 = Mikrotik)
VPN pool: 172.16.0.1-172.16.0.5
Code: Select all
/interface bridge
add arp=proxy-arp fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether2 ] arp=proxy-arp
set [ find default-name=ether3 ] arp=proxy-arp
set [ find default-name=ether4 ] arp=proxy-arp
set [ find default-name=ether5 ] arp=proxy-arp
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc,3des
/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.99
add name=vpn_pool1 ranges=172.16.0.1-172.16.0.5
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no interface=bridge1 name=dhcp1
/ppp profile
add dns-server=8.8.8.8,8.8.4.4 local-address=192.168.1.1 name=profile1 remote-address=vpn_pool1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/interface bridge settings
set use-ip-firewall=yes
/ip neighbor discovery settings
set default-for-dynamic=yes
/interface l2tp-server server
set enabled=yes
/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1-WAN
/ip dhcp-server lease
add address=192.168.1.3 comment="Antena 2" mac-address=44:D9:E7:02:D0:B0 server=dhcp1
add address=192.168.1.2 comment="Antena 1" mac-address=44:D9:E7:02:D1:31 server=dhcp1
add address=192.168.1.246 mac-address=A8:20:66:1A:65:95 server=dhcp1
add address=192.168.1.251 mac-address=D8:5D:E2:CD:7B:A9 server=dhcp1
add address=192.168.1.253 mac-address=48:BA:4E:51:59:DA server=dhcp1
add address=192.168.1.252 always-broadcast=yes mac-address=AC:1F:74:73:77:B2 server=dhcp1
add address=192.168.1.254 always-broadcast=yes mac-address=1C:65:9D:8F:71:04 server=dhcp1
add address=192.168.1.14 mac-address=1C:39:47:B8:EA:A8 server=dhcp1
add address=192.168.1.12 mac-address=F0:76:1C:B1:D7:DF server=dhcp1
add address=192.168.1.249 mac-address=60:67:20:C7:5A:D4 server=dhcp1
add address=192.168.1.250 always-broadcast=yes mac-address=D4:6A:6A:34:05:D5 server=dhcp1
add address=192.168.1.13 mac-address=D0:53:49:74:A8:5E server=dhcp1
add address=192.168.1.248 always-broadcast=yes mac-address=10:7B:44:27:21:A0 server=dhcp1
add address=192.168.1.247 mac-address=B8:44:D9:B7:B0:56 server=dhcp1
add address=192.168.1.245 mac-address=B8:09:8A:C8:B0:A5 server=dhcp1
add address=192.168.1.244 always-broadcast=yes mac-address=F8:59:71:88:02:E3 server=dhcp1
add address=192.168.1.11 mac-address=A4:17:31:64:0D:D8 server=dhcp1
add address=192.168.1.17 client-id=1:28:92:4a:34:4f:47 comment="Servidor NAS" mac-address=28:92:4A:34:4F:47 server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=192.168.1.3-192.168.1.243 list=LIST
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-WAN
add action=dst-nat chain=dstnat dst-port=37777 in-interface=ether1-WAN protocol=tcp to-addresses=192.168.1.108
add action=dst-nat chain=dstnat dst-port=8291 in-interface=ether1-WAN protocol=tcp to-addresses=192.168.1.1
/ip ipsec peer
add address=0.0.0.0/0 dh-group=modp1024 exchange-mode=main-l2tp generate-policy=port-override secret=XXXXXXXXXXXXXXXXX
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add local-address=192.168.1.1 name=namenamename password=passwordpasswordpassword profile=profile1 service=l2tp
/system clock
set time-zone-name=America/Santiago
/system ntp client
set enabled=yes primary-ntp=200.54.149.19 secondary-ntp=200.1.19.4Regards.
