Fri May 10, 2019 10:45 am
Hi again,
Thanks for your help.
PPTP Server config
# may/10/2019 08:10:11 by RouterOS 6.44.3
# software id = CTWP-R4CL
#
# model = RouterBOARD 941-2nD
# serial number = 8CE5081EF3C1
/interface bridge
add admin-mac=CC:2D:E0:64:D3:89 auto-mac=no comment=defconf igmp-snooping=yes \
name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-YARARA \
wireless-protocol=802.11
/interface eoip
add local-address=192.168.88.200 mac-address=02:42:62:50:21:C8 name=\
eoip-tunnel1 remote-address=192.168.88.201 tunnel-id=0
add !keepalive local-address=192.168.88.240 mac-address=02:1E:1F:F9:7F:53 name=\
eoip-tunnel2 remote-address=192.168.88.241 tunnel-id=666
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=******* \
wpa2-pre-shared-key=*******
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=PPTP-Pool ranges=192.168.1.125-192.168.1.150
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether1
add bridge=bridge interface=eoip-tunnel1
add bridge=bridge interface=eoip-tunnel2
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=wlan1 list=LAN
/interface pptp-server server
set authentication=chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
192.168.88.0
add address=192.168.1.4/24 interface=ether2 network=192.168.1.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=80.58.61.250,80.58.61.254
/ip dns static
add address=192.168.1.4 name=router.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=VPN passthrough=yes \
src-address=192.168.88.2-192.168.88.254
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
add action=masquerade chain=srcnat
/ip route
add distance=1 gateway=192.168.1.1
add disabled=yes distance=1 dst-address=239.0.2.0/32 gateway=bridge
/ppp secret
add local-address=192.168.88.210 name=username1 password=***** \
remote-address=192.168.88.211 service=pptp
add local-address=192.168.88.200 name=eoipuser1 password=******** remote-address=\
192.168.88.201 service=pptp
add local-address=192.168.88.240 name=eoipuser2 password=******** remote-address=\
192.168.88.241 service=pptp
EOIP Tunnel Client 1
# may/10/2019 09:19:04 by RouterOS 6.44.3
# software id = TRE9-T0ST
#
# model = RouterBOARD 941-2nD
# serial number = 8CE508EEA453
/interface bridge
add admin-mac=CC:2D:E0:64:96:9F auto-mac=no comment=defconf igmp-snooping=yes name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pptp-client
add connect-to=pptp.server.address disabled=no keepalive-timeout=disabled name=pptp-out1 password=****** user=eoipuser1
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=2 band=2ghz-b/g/n channel-width=20/40mhz-Ce country=spain disabled=no distance=indoors frequency=auto frequency-mode=regulatory-domain mode=ap-bridge ssid=MikroTik-SS \
wireless-protocol=802.11
/interface eoip
add !keepalive local-address=192.168.88.201 mac-address=02:38:92:53:EE:25 name=eoip-tunnel1 remote-address=192.168.88.200 tunnel-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=PcEERGbn wpa2-pre-shared-key=*******
/ip pool
add name=dhcp ranges=192.168.66.10-192.168.66.254
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=eoip-tunnel1
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface pptp-server server
set authentication=chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.66.1/24 comment=defconf interface=ether2 network=192.168.66.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.66.0/24 comment=defconf gateway=192.168.66.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.66.1 name=router.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip route
add disabled=yes distance=1 gateway=192.168.0.1
add distance=1 dst-address=172.26.22.0/32 gateway=pptp-out1
add distance=1 dst-address=172.26.23.0/32 gateway=pptp-out1
add distance=1 dst-address=239.0.2.0/32 gateway=eoip-tunnel1
/ppp secret
add name=userppp password=********
EOIP Client 2
# may/10/2019 09:23:06 by RouterOS 6.44.3
# software id = DGM8-J1KA
#
# model = RB941-2nD
# serial number = 93710A80B802
/interface bridge
add admin-mac=CC:2D:E0:64:96:9F auto-mac=no comment=defconf igmp-snooping=yes name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=CC:2D:E0:64:96:9E
set [ find default-name=ether2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=CC:2D:E0:64:96:9F
set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=CC:2D:E0:64:96:A0
set [ find default-name=ether4 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=CC:2D:E0:64:96:A1
/interface wirelessN
set [ find default-name=wlan1 ] name=wlan2 ssid=MikroTik
/interface eoip
add !keepalive local-address=192.168.88.241 mac-address=02:38:92:53:EE:25 name=eoiptunnel1 remote-address=192.168.88.240 tunnel-id=666
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=***** wpa2-pre-shared-key=*******
/ip pool
add name=dhcp ranges=192.168.77.10-192.168.77.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface pptp-client
add connect-to=pptp.server.address disabled=no keepalive-timeout=disabled name=PPTP-client1 password=******* profile=default user=eoipuser2
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge interface=eoiptunnel1
add bridge=bridge comment=defconf disabled=yes interface=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=wlan2 list=WAN
/ip address
add address=192.168.77.1/24 comment=defconf interface=ether1 network=192.168.77.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
add dhcp-options=hostname,clientid disabled=no interface=wlan2
/ip dhcp-server network
add address=192.168.77.0/24 comment=defconf gateway=192.168.77.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.77.1 name=router.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 dst-address=172.26.22.0/32 gateway=PPTP-client1
add distance=1 dst-address=172.26.23.0/32 gateway=PPTP-client1
add distance=1 dst-address=239.0.2.0/32 gateway=eoiptunnel1
Interface configs
[admin@MikroTik] /interface eoip>> /interface eoip print detail
Flags: X - disabled, R - running
0 R name="eoip-tunnel1" mtu=auto actual-mtu=1408 l2mtu=65535 mac-address=02:42:62:50:21:C8 arp=enabled arp-timeout=auto loop-protect=default loop-protect-status=off loop-protect-send-interval=5s
loop-protect-disable-time=5m local-address=192.168.88.200 remote-address=192.168.88.201 tunnel-id=0 keepalive=10s,10 dscp=inherit clamp-tcp-mss=yes dont-fragment=no allow-fast-path=yes
1 R name="eoip-tunnel2" mtu=auto actual-mtu=1408 l2mtu=65535 mac-address=02:1E:1F:F9:7F:53 arp=enabled arp-timeout=auto loop-protect=default loop-protect-status=off loop-protect-send-interval=5s
loop-protect-disable-time=5m local-address=192.168.88.240 remote-address=192.168.88.241 tunnel-id=666 dscp=inherit clamp-tcp-mss=yes dont-fragment=no allow-fast-path=yes
[admin@MikroTik] > /interface bridge print detail
Flags: X - disabled, R - running
0 R ;;; defconf
name="bridge" mtu=auto actual-mtu=1408 l2mtu=1598 arp=enabled arp-timeout=auto mac-address=CC:2D:E0:64:D3:89 protocol-mode=rstp fast-forward=yes igmp-snooping=yes multicast-router=temporary-query
multicast-querier=no startup-query-count=2 last-member-query-count=2 last-member-interval=1s membership-interval=4m20s querier-interval=4m15s query-interval=2m5s query-response-interval=10s
startup-query-interval=31s250ms igmp-version=2 auto-mac=no admin-mac=CC:2D:E0:64:D3:89 ageing-time=5m priority=0x8000 max-message-age=20s forward-delay=15s transmit-hold-count=6 vlan-filtering=no
dhcp-snooping=no
admin@MikroTik] > /interface bridge host print
Flags: X - disabled, I - invalid, D - dynamic, L - local, E - external
# MAC-ADDRESS VID ON-INTERFACE BRIDGE AGE
0 D 00:26:86:00:00:00 ether1 bridge 6s
1 DL 02:1E:1F:F9:7F:53 eoip-tunnel2 bridge
2 D 02:38:92:53:EE:25 eoip-tunnel2 bridge 1s
3 DL 02:42:62:50:21:C8 eoip-tunnel1 bridge
4 D 2C:CC:44:34:B2:C9 ether1 bridge 6s
5 D 34:57:60:DB:35:A3 ether1 bridge 0s
6 D 3C:5C:C4:07:5A:43 ether1 bridge 6s
7 D 68:63:59:95:FF:DB ether1 bridge 27s
8 D 68:9A:87:54:56:90 ether1 bridge 6s
9 D 90:EF:68:3C:A9:67 eoip-tunnel2 bridge 3s
10 D AA:AA:AA:1B:45:C7 ether1 bridge 0s
11 D AA:AA:AA:1B:46:C7 ether1 bridge 0s
12 D BC:60:A7:DC:37:35 ether1 bridge 6s
13 D C4:95:00:AC:D5:BF ether1 bridge 6s
14 D CC:2D:E0:64:96:9F eoip-tunnel2 bridge 24s
15 DL CC:2D:E0:64:D3:88 ether1 bridge
16 DL CC:2D:E0:64:D3:89 bridge bridge
Again, thanks for your support
Last edited by
peinamuertos on Fri May 10, 2019 11:17 am, edited 1 time in total.