Code: Select all
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 7.1.5 (c) 1999-2022 https://www.mikrotik.com/
Press F1 for help
[admin@MikroTik] > export hide-sensitive
# apr/04/2022 15:45:48 by RouterOS 7.1.5
# software id = FTHJ-YLS5
#
# model = RBmAP2nD
# serial number = DE500F5EF7D9
/interface bridge
add admin-mac=DC:2C:6E:39:54:CE auto-mac=no comment=defconf name=bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country="united states" \
disabled=no distance=indoors frequency=2462 installation=indoor mode=\
ap-bridge ssid=JoshMikro-Tik vlan-id=200 vlan-mode=use-tag
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface vlan
add interface=wlan1 name=VLAN200 vlan-id=200
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=10.200.1.2-10.200.1.50
add name=dhcp_pool2 ranges=10.200.1.2-10.200.1.254
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
add address-pool=dhcp_pool2 interface=bridge1 name=dhcp1
/routing table
add disabled=no fib name=Wireguard
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=pwr-line1
add bridge=bridge1 comment=defconf ingress-filtering=no interface=wlan1
add bridge=bridge1 interface=VLAN200
/ip neighbor discovery-settings
set discover-interface-list=all
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface wireguard peers
add allowed-address=10.55.124.0/24 endpoint-address=12.x.,X.CC:45785 \
endpoint-port=45785 interface=wireguard1 persistent-keepalive=25s \
public-key="4nEOvxvvsisboidoifniwerjfp23je9fj2oeipfj923jopfp2jk8="
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
add address=10.200.1.1/24 interface=VLAN200 network=10.200.1.0
add address=10.55.124.2/24 interface=wireguard1 network=10.55.124.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=10.200.1.0/24 dns-server=8.8.8.8,4.2.2.2 gateway=10.200.1.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment=AllowFromWifi src-address=10.200.1.0/24
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=accept chain=srcnat out-interface=wireguard1 realm=1024 src-address=\
10.200.1.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.55.124.1 pref-src=\
0.0.0.0 routing-table=Wireguard scope=30 suppress-hw-offload=no \
target-scope=10
/system clock
set time-zone-name=America/New_York
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool romon
set enabled=yes
[admin@MikroTik] >