I ask you if you can help me. For this I leave my configuration here.
Thanks a lot in advance to everyone.
Bob
Code: Select all
# oct/27/2021 10:45:19 by RouterOS 6.49
# software id = Level 5
#
# model = CRS125-24G-1S
# serial number = 000000000000
/interface bridge
add admin-mac=00:00:00:00:00:00 arp=proxy-arp auto-mac=no name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=WAN1-TIM
set [ find default-name=ether2 ] name=WAN2
set [ find default-name=ether3 ] arp=proxy-arp
set [ find default-name=ether4 ] arp=proxy-arp
set [ find default-name=ether5 ] arp=proxy-arp
set [ find default-name=ether6 ] arp=proxy-arp
set [ find default-name=ether7 ] arp=proxy-arp
set [ find default-name=ether8 ] arp=proxy-arp
set [ find default-name=ether9 ] arp=proxy-arp
set [ find default-name=ether10 ] arp=proxy-arp
set [ find default-name=ether11 ] arp=proxy-arp
set [ find default-name=ether12 ] arp=proxy-arp
set [ find default-name=ether13 ] arp=proxy-arp
set [ find default-name=ether14 ] arp=proxy-arp
set [ find default-name=ether15 ] arp=proxy-arp
set [ find default-name=ether16 ] arp=proxy-arp
set [ find default-name=ether17 ] arp=proxy-arp
set [ find default-name=ether18 ] arp=proxy-arp
set [ find default-name=ether19 ] arp=proxy-arp
set [ find default-name=ether20 ] arp=proxy-arp
set [ find default-name=ether21 ] arp=proxy-arp
set [ find default-name=ether22 ] arp=proxy-arp
set [ find default-name=ether23 ] arp=proxy-arp
set [ find default-name=ether24 ] arp=proxy-arp
set [ find default-name=sfp1 ] arp=proxy-arp
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip kid-control
add fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d thu=0s-1d tue=\
0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=0s-1d tur-thu=\
0s-1d tur-tue=0s-1d tur-wed=0s-1d wed=0s-1d
/ip pool
add name=dhcp ranges=172.16.0.50-172.16.0.250
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=8h name=dhcp1
/ppp profile
add local-address=10.11.12.16 name=XXXXXXXXXXXXX remote-address=10.11.12.13
set *FFFFFFFE bridge-learning=no
/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=WAN1-TIM
add bridge=bridge comment=defconf disabled=yes interface=WAN2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf disabled=yes interface=sfp1
/interface list member
add interface=WAN1-TIM list=WAN
add interface=bridge list=LAN
add interface=WAN2 list=WAN
add interface=sfp1 list=WAN
/interface ovpn-server server
set auth=sha1 certificate=SERVER cipher=aes256 enabled=yes port=443 \
require-client-certificate=yes
/interface pptp-server server
set enabled=yes
/ip address
add address=172.16.0.1/24 interface=bridge network=172.16.0.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1h
/ip dhcp-client
add disabled=no interface=WAN1-TIM
add disabled=no interface=WAN2
add disabled=no interface=sfp1
/ip dhcp-server lease
add address=172.16.0.20 client-id=1:00:00:00:00:00:00 mac-address=\
00:00:00:00:00:00 server=dhcp1
add address=172.16.0.14 client-id=1:00:00:00:00:00:00 mac-address=\
00:00:00:00:00:00 server=dhcp1
add address=172.16.0.5 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.7 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.8 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.9 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.10 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.11 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.12 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.13 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.15 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.21 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.22 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.23 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.24 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.25 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.26 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.28 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.29 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.30 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.31 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.27 mac-address=00:00:00:00:00:00 server=dhcp1
add address=172.16.0.32 mac-address=00:00:00:00:00:00 server=dhcp1
/ip dhcp-server network
add address=172.16.0.0/24 dns-server=172.16.1.1,8.8.8.8,8.8.4.4,172.16.2.1 \
gateway=172.16.0.1 netmask=24
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall mangle
add action=mark-connection chain=input in-interface=WAN1-TIM \
new-connection-mark=WAN1_conn
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=\
WAN2_conn
add action=mark-routing chain=output connection-mark=WAN1_conn \
new-routing-mark=to_WAN1
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2
add action=accept chain=prerouting dst-address=172.16.1.0/28 in-interface=\
WAN1-TIM
add action=accept chain=prerouting dst-address=172.16.2.0/28 in-interface=\
WAN2
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=bridge new-connection-mark=WAN1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=bridge new-connection-mark=WAN2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
in-interface=bridge new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
in-interface=bridge new-routing-mark=to_WAN2
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=WAN1-TIM
add action=masquerade chain=srcnat out-interface=WAN2
add action=dst-nat chain=dstnat comment=NVR dst-port=8888 in-interface-list=\
WAN protocol=tcp to-addresses=172.16.0.5 to-ports=80
add action=dst-nat chain=dstnat comment=VPN dst-port=1723 in-interface-list=\
WAN protocol=tcp to-addresses=172.16.0.1 to-ports=1723
add action=dst-nat chain=dstnat comment=CONTROLLER-WIFI dst-port=8043 \
in-interface-list=WAN protocol=tcp to-addresses=10.10.10.11 to-ports=8043
add action=dst-nat chain=dstnat comment=OPENVPN dst-port=443 \
in-interface-list=WAN protocol=udp to-addresses=172.16.0.1 to-ports=443
add action=dst-nat chain=dstnat comment=OPENVPNTCP dst-port=443 \
in-interface-list=WAN protocol=tcp to-addresses=172.16.0.1 to-ports=443
/ip kid-control device
add mac-address=00:00:00:00:00:00 name="realme-8-Pro;-1"
#error exporting /ip kid-control device
/ip route
add check-gateway=ping distance=1 gateway=172.16.1.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=172.16.1.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=172.16.2.1 routing-mark=to_WAN2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/lcd interface pages
set 1 interfaces=ether13,ether14,ether15,ether16,ether17,ether18,ether19
/ppp secret
add local-address=10.10.10.20 name=XXXXXXXXXXXXX password=XXXXXXXXXXXXX profile=\
default-encryption remote-address=10.10.10.21 service=pptp
add name=XXXXXXXXXXX password=XXXXXXXXXXX profile=OPENVPNPROFILE service=ovpn
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=MikroTik
/system ntp client
set enabled=yes primary-ntp=193.204.114.232 secondary-ntp=193.204.114.233
/system scheduler
add comment="Scheduler usato per l'aggiornamento DynDNS.it" interval=1m name=\
DynDNS on-event=DynDNS policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
/system script
add comment="Script utilizzato per l'aggiornamento DNS" \
dont-require-permissions=yes name=DynDNS owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
\_Set needed variables\
\n\t:local username xxxxxxxxxx\
\n\t:local password xxxxxxxxxx\
\n\t:local hostname xxxxxxxxxx\
\n\
\n\t:global dyndnsForce\
\n\t:global previousIP\
\n\
\n# print some debug info\
\n\t:log info (\"UpdateDynDNS: username = \$username\")\
\n\t:log info (\"UpdateDynDNS: password = \$password\")\
\n\t:log info (\"UpdateDynDNS: hostname = \$hostname\")\
\n\t:log info (\"UpdateDynDNS: previousIP = \$previousIP\")\
\n\
\n# get the current IP address from the internet (in case of double-nat)\
\n\t/tool fetch mode=http address=\"checkip.dyndns.it\" src-path=\"/\" dst\
-path=\"/dyndns.checkip.html\"\
\n\t:delay 1\
\n\t:local result [/file get dyndns.checkip.html contents]\
\n\
\n# parse the current IP result\
\n\t:local resultLen [:len \$result]\
\n\t:local startLoc [:find \$result \": \" -1]\
\n\t:set startLoc (\$startLoc + 2)\
\n\t:local endLoc [:find \$result \"</body>\" -1]\
\n\t:local currentIP [:pick \$result \$startLoc \$endLoc]\
\n\t:log info \"UpdateDynDNS: currentIP = \$currentIP\"\
\n\
\n# Remove the # on next line to force an update every single time - usefu\
l for debugging,\
\n# but you could end up getting blacklisted by DynDNS!\
\n\
\n#:set dyndnsForce true\
\n\
\n# Determine if dyndns update is needed\
\n# more dyndns updater request details http://www.dyndns.com/developers/s\
pecs/syntax.html\
\n\
\n\t:if ((\$currentIP != \$previousIP) || (\$dyndnsForce = true)) do={\
\n\t\t:set dyndnsForce false\
\n\t\t:set previousIP \$currentIP\
\n\t\t:log info \"\$currentIP or \$previousIP\"\
\n\t\t/tool fetch user=\$username password=\$password mode=http address=\"\
members.dyndns.it\" \\\
\n\t\tsrc-path=\"nic/update\?system=dyndns&hostname=\$hostname&myip=\$curr\
entIP&wildcard=no\" \\\
\n\t\tdst-path=\"/dyndns.txt\"\
\n\t\t:delay 1\
\n\t\t:local result [/file get dyndns.txt contents]\
\n\t\t:log info (\"UpdateDynDNS: Dyndns update needed\")\
\n\t\t:log info (\"UpdateDynDNS: Dyndns Update Result: \".\$result)\
\n\t\t:put (\"Dyndns Update Result: \".\$result)\
\n\t} else={\
\n\t\t:log info (\"UpdateDynDNS: No dyndns update needed\")\
\n\t}"
/tool graphing interface
add interface=WAN1-TIM store-on-disk=no
add interface=WAN2 store-on-disk=no
add interface=bridge store-on-disk=no
add interface=sfp1 store-on-disk=no