Community discussions

MikroTik App
 
ioannistsi
just joined
Topic Author
Posts: 9
Joined: Sat May 30, 2020 9:04 pm

Connect Router's Through 3rd VPN

Thu Mar 16, 2023 1:38 pm

Hello, i have 2 routers that connect to each other succesfully to o Master Router with VPN

Slave Router 1 (172.16.20.0/24) --> Master Router (172.16.88.0/24)
Slave Router 2 (172.16.30.0/24) --> Master Router (172.16.88.0/24)

What is the routing config at the table to connect Slave Router 1 & 2 through Master Router?
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Connect Router's Through 3rd VPN

Thu Mar 16, 2023 4:20 pm

Far more information needed. What routers and what software versions? Please post the configurations of all three. To export and paste your configuration (and I'm assuming you are using WebFig or Winbox), open a terminal window, and type (without the quotes) "/export hide-sensitive file=any-filename-you-wish". Then open the files section and right click on the filename you created and select download in order to download the file to your computer. It will be a text file with whatever name you saved to with an extension of .rsc. Suggest you then open the .rsc file in your favorite text editor and redact any sensitive information. Then in your message here, click the code display icon in the toolbar above the text entry (the code display icon is the 7th one from the left and looks like a square with a blob in the middle). Then paste the text from the file in between the two code words in brackets.
 
ioannistsi
just joined
Topic Author
Posts: 9
Joined: Sat May 30, 2020 9:04 pm

Re: Connect Router's Through 3rd VPN

Thu Mar 16, 2023 7:47 pm

For an unknown reason i can not post all 3 codes in one post so...
Main Router's:
# mar/16/2023 19:21:21 by RouterOS 6.49.7
# software id = C3FF-C97T
#
# model = RB952Ui-5ac2nD
# serial number = 9E940A5314CE
/interface bridge
add admin-mac=74:4D:28:4E:B3:FB auto-mac=no comment=defconf mtu=1480 name=\
    bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=2641022808 user=\
    oaktpl@otenet.gr
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed mode=dynamic-keys name=COSMOTE-103006 \
    supplicant-identity=""
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed mode=dynamic-keys name="JohnTsi's" \
    supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
    20/40mhz-XX country=no_country_set disabled=no distance=indoors \
    frequency=auto frequency-mode=manual-txpower installation=indoor mode=\
    ap-bridge name="2.4 GHz" security-profile=COSMOTE-103006 ssid=\
    COSMOTE-103006 station-roaming=enabled wireless-protocol=802.11
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac \
    channel-width=20/40/80mhz-XXXX country=no_country_set disabled=no \
    distance=indoors frequency=5240 frequency-mode=manual-txpower \
    installation=indoor mode=ap-bridge name=5GHz security-profile="JohnTsi's" \
    ssid="John Tsi's" station-roaming=enabled wireless-protocol=802.11
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool5 ranges=192.168.77.1-192.168.77.253
add name=dhcp_pool6 ranges=192.168.99.1-192.168.99.253
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge lease-time=1h1m \
    name=defconf
add address-pool=dhcp_pool6 interface="2.4 GHz" name=dhcp1
/interface sstp-client
add connect-to=a36a0a242d38.sn.mynetname.net:543 disabled=no name=Kastraki \
    profile=default-encryption user="G Parodos"
add connect-to=e7e60fe06290.sn.mynetname.net:343 disabled=no name=Kremasta \
    profile=default-encryption user="G Parodos"
/queue simple
add burst-limit=0/80M burst-threshold=0/75M burst-time=0s/1m disabled=yes \
    max-limit=0/75M name="Cosmote Tv Priority" queue=default/default target=\
    bridge
/system logging action
add email-to=-@gmail.com name=email target=email
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=5GHz
add bridge=bridge interface=ether2
add bridge=bridge interface="2.4 GHz"
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set default-profile=default keepalive-timeout=60
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add disabled=yes interface="2.4 GHz" list=LAN
/interface sstp-server server
set enabled=yes
/ip address
add address=192.168.88.254/24 comment=defconf interface=bridge network=\
    192.168.88.0
add address=192.168.1.2/24 comment="Cosmote 2641022808 Router" interface=\
    ether1 network=192.168.1.0
add address=192.168.99.254/24 disabled=yes interface="2.4 GHz" network=\
    192.168.99.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf interface=ether2
/ip dhcp-server network
add address=192.168.77.0/24 dns-server=192.168.77.254 gateway=192.168.77.254
add address=192.168.88.0/24 comment=defconf dns-server=\
    192.168.88.254,1.0.0.1,1.1.1.1 domain="John Tsi Network" gateway=\
    192.168.88.254
add address=192.168.99.0/24 dns-server=192.168.99.254,1.0.0.1,1.1.1.1 domain=\
    "Cosmote TV Network" gateway=192.168.99.254
/ip dns
set servers=192.168.88.254,1.1.1.1,1.0.0.1,192.168.99.254
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
add address=104.16.248.249 disabled=yes name=cloudflare-dns.com
add address=104.16.249.249 disabled=yes name=cloudflare-dns.com
add address=172.16.20.90 name=kastraki.nvr
add address=172.16.10.90 name=kremasta.nvr
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=input comment="Secure TCP DNS" dst-port=53 \
    in-interface=ether1 protocol=tcp
add action=fasttrack-connection chain=forward comment="Fasttarck DNS" \
    disabled=yes dst-port=53 protocol=tcp
add action=fasttrack-connection chain=forward comment="Fasttarck DNS UDP" \
    disabled=yes dst-port=53 protocol=udp
add action=drop chain=input comment="Secure UDP DNS" dst-port=53 \
    in-interface=ether1 protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface=2641022808
/ip route
add comment="Kremasta CCTV" distance=1 dst-address=172.16.10.0/24 gateway=\
    10.10.88.100,10.10.88.10
add comment="Kastraki CCTV" distance=1 dst-address=172.16.20.0/24 gateway=\
    10.10.88.2,10.10.88.12
add comment="Stratos CCTV" distance=1 dst-address=172.16.30.0/24 gateway=\
    10.10.88.30
add comment="Kastraki 4G Router" distance=1 dst-address=192.168.2.1/32 \
    gateway=10.10.88.2
add comment="Kremasta LAN" distance=1 dst-address=192.168.6.0/24 gateway=\
    10.10.88.10,10.10.88.1 scope=10
add comment="Kremasta 4G Router" distance=1 dst-address=192.168.15.1/32 \
    gateway=10.10.88.100,10.10.88.10
add comment="Kremasta LAN" disabled=yes distance=1 dst-address=\
    192.168.80.0/24 gateway=10.10.90.10 scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip traffic-flow
set cache-entries=128k interfaces=bridge
/ppp secret
add local-address=10.10.88.3 name=Stratos profile=default-encryption \
    remote-address=10.10.88.30 service=sstp
add local-address=10.10.88.1 name=Kremasta profile=default-encryption \
    remote-address=10.10.88.10 service=sstp
add local-address=10.10.88.120 name=Kastraki profile=default-encryption \
    remote-address=10.10.88.12 service=sstp
/system clock
set time-zone-name=Europe/Athens
/system identity
set name="Davaki 12"
/system logging
set 0 topics=info,!ppp
add action=email topics=critical
add action=disk topics=info,!ppp,!wireless,!dhcp
add action=disk topics=warning
add action=disk topics=critical
add action=disk topics=error
add action=email disabled=yes topics=sstp,ppp,info,account
/system ntp client
set enabled=yes primary-ntp=91.217.155.60 secondary-ntp=162.159.200.1
/system ntp server
set broadcast=yes broadcast-addresses=192.168.88.254 enabled=yes
/system routerboard settings
set auto-upgrade=yes
/system scheduler
add disabled=yes interval=1d name="Email Logs" on-event="/log print file=logs\
    \r\
    \ndelay 10\r\
    \n/tool e-mail send to=\"ioannistsi@gmail.com\" subject=\"\$[/system ident\
    ity get name]  logs\" \\\r\
    \nbody=\"\$[/system clock get date] log file\" file=logs.txt" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=apr/03/2020 start-time=23:59:00
/tool e-mail
set address=smtp.gmail.com from="G Parodos Mikrotik" port=587 start-tls=yes \
    user=g.parodos.router@gmail.com
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
ioannistsi
just joined
Topic Author
Posts: 9
Joined: Sat May 30, 2020 9:04 pm

Re: Connect Router's Through 3rd VPN

Thu Mar 16, 2023 7:47 pm

Slave Router 1
# mar/16/2023 19:21:29 by RouterOS 6.49.7
# software id = SXY6-NFUI
#
# model = RB760iGS
# serial number = A36A0A242D38
/interface bridge
add name=CCTV
/interface pppoe-client
add interface=ether1 name=2641098287 use-peer-dns=yes user=\
    kastrakihps@tellas.gr
/interface list
add name=MGM
/interface lte apn
set [ find default=yes ] apn=vpn-internet name="Cosmote Wireless Internet"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server
add disabled=no interface=CCTV name="CCTV "
/ip pool
add name="CCTV Pool" ranges=172.16.20.1-172.16.20.253
/port
set 0 name=serial0
/interface sstp-client
add connect-to=9e940a5314ce.sn.mynetname.net disabled=no name=Davaki profile=\
    default-encryption user=Kastraki
add connect-to=e7e60fe06290.sn.mynetname.net:343 disabled=no name=Kremasta \
    profile=default-encryption user=Kastraki
/system logging action
set 1 disk-lines-per-file=4000
add email-start-tls=yes email-to=-@dei.com.gr name=email target=\
    email
/user group
set write policy="local,telnet,ssh,reboot,read,write,test,winbox,password,web,\
    sniff,sensitive,api,romon,dude,tikapp,!ftp,!policy"
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/dude
set enabled=yes
/interface bridge port
add bridge=CCTV interface=ether2
add bridge=CCTV interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=MGM
/interface l2tp-server server
set enabled=yes use-ipsec=required
/interface list member
add interface=ether5 list=MGM
/interface sstp-server server
set default-profile=default-encryption enabled=yes port=543
/ip address
add address=172.16.20.254/24 interface=CCTV network=172.16.20.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add default-route-distance=2 disabled=no interface=ether4 use-peer-ntp=no
/ip dhcp-server lease
add address=172.16.20.253 client-id=1:98:da:c4:18:a7:a9 comment=\
    "TP-LINK PoE Switch" mac-address=98:DA:C4:18:A7:A9 server="CCTV "
add address=172.16.20.180 client-id=1:14:d6:4d:9:25:34 comment=\
    "WS-KAS19 100Mbps" disabled=yes mac-address=00:11:6B:F0:0E:B9 server=\
    "CCTV "
add address=172.16.20.90 client-id=1:68:6d:bc:da:a1:b7 comment=NVR \
    mac-address=68:6D:BC:DA:A1:B7 server="CCTV "
add address=172.16.20.1 client-id=1:84:9a:40:c2:50:75 comment="PULH Car" \
    mac-address=84:9A:40:C2:50:75 server="CCTV "
add address=172.16.20.3 client-id=1:98:df:82:5f:3c:14 comment=PLATEIA \
    mac-address=98:DF:82:5F:3C:14 server="CCTV "
add address=172.16.20.4 client-id=1:98:df:82:5f:3c:10 comment=\
    "EISODOS KTIRIOU" mac-address=98:DF:82:5F:3C:10 server="CCTV "
add address=172.16.20.7 client-id=1:98:df:82:5f:3c:8 comment=YDROLHPSIA \
    mac-address=98:DF:82:5F:3C:08 server="CCTV "
add address=172.16.20.5 client-id=1:98:df:82:51:a2:c2 comment=\
    "Y/S PROS ZERVA" mac-address=98:DF:82:51:A2:C2 server="CCTV "
add address=172.16.20.6 client-id=1:98:df:82:5f:3c:a comment=\
    "Y/S PROS AGOGOUS" mac-address=98:DF:82:5F:3C:0A server="CCTV "
add address=172.16.20.8 client-id=1:98:df:82:51:a2:c1 comment=YPERXEILISTHS \
    mac-address=98:DF:82:51:A2:C1 server="CCTV "
add address=172.16.20.100 client-id=1:b4:a3:82:ed:85:c9 comment=Joystick \
    mac-address=B4:A3:82:ED:85:C9 server="CCTV "
add address=172.16.20.170 client-id=1:c4:ad:34:28:e1:32 comment=\
    "mAP Lite Wireless" mac-address=C4:AD:34:28:E1:32 server="CCTV "
add address=172.16.20.190 client-id=1:24:77:3:ed:93:a8 comment=\
    "Dell-Laptop Wireless" mac-address=24:77:03:ED:93:A8 server="CCTV "
add address=172.16.20.140 client-id=1:0:23:24:44:4e:7e comment=\
    "PC Fulakiou Pulhs" mac-address=00:23:24:44:4E:7E server="CCTV "
add address=172.16.20.200 client-id=1:e0:db:55:e0:49:78 comment=\
    "Dell-Laptop Ethernet" mac-address=E0:DB:55:E0:49:78 server="CCTV "
add address=172.16.20.9 client-id=1:98:df:82:3e:fa:f8 comment="KTIRIO PISO" \
    mac-address=98:DF:82:3E:FA:F8 server="CCTV "
add address=172.16.20.175 client-id=1:c4:ad:34:28:e1:30 comment=\
    "mAP Lite Ethernet" mac-address=C4:AD:34:28:E1:30 server="CCTV "
add address=172.16.20.185 client-id=1:ac:5f:3e:69:f0:7f comment=\
    Samsung-Galaxy-S7 mac-address=AC:5F:3E:69:F0:7F server="CCTV "
add address=172.16.20.160 client-id=1:50:3e:aa:1f:f5:18 comment=\
    "WS-KAS19 1Gbps" disabled=yes mac-address=50:3E:AA:1F:F5:18 server=\
    "CCTV "
add address=172.16.20.11 client-id=1:98:df:82:3e:fc:fa comment="APOTHIKI B'" \
    mac-address=98:DF:82:3E:FC:FA server="CCTV "
add address=172.16.20.10 client-id=1:84:9a:40:b4:49:fe comment="APOTHIKI A'" \
    mac-address=84:9A:40:B4:49:FE server="CCTV "
add address=172.16.20.12 client-id=1:98:df:82:5f:3c:b comment=BIOLOGIKOS \
    mac-address=98:DF:82:5F:3C:0B server="CCTV "
add address=172.16.20.13 client-id=1:98:df:82:3e:fb:77 comment="GEFYRA ZERVA" \
    mac-address=98:DF:82:3E:FB:77 server="CCTV "
add address=172.16.20.110 client-id=1:0:80:a3:b5:d7:d0 comment=\
    "Temperature Monitor" mac-address=00:80:A3:B5:D7:D0 server="CCTV "
add address=172.16.20.195 client-id=1:8:0:27:09:21:D8 comment="CCTV VM" \
    mac-address=08:00:27:45:63:56 server="CCTV "
add address=172.16.20.120 client-id=1:0:20:85:de:fe:ef comment=\
    "UPS Server Room" mac-address=00:20:85:DE:FE:EF server="CCTV "
add address=172.16.20.122 client-id=1:0:20:85:de:fe:f6 comment=\
    "UPS Kastraki Control" mac-address=00:20:85:DE:FE:F6 server="CCTV "
add address=172.16.20.150 client-id=1:0:e0:4c:0:f4:bb comment=KASTRAKI_AMD \
    mac-address=00:E0:4C:00:F4:BB server="CCTV "
add address=172.16.20.2 client-id=1:80:7c:62:ff:b1:dc comment=STADIA \
    mac-address=80:7C:62:FF:B1:DC server="CCTV "
/ip dhcp-server network
add address=172.16.20.0/24 dns-server=172.16.20.254,1.1.1.3,1.0.0.3 domain=\
    "Kastraki CCTV" gateway=172.16.20.254
/ip dns
set allow-remote-requests=yes servers=172.16.20.254,1.0.0.3,1.1.1.3
/ip dns static
add address=172.16.20.90 name=kastraki.nvr
add address=172.16.10.90 name=kremasta.nvr
add address=172.16.30.90 name=stratos.nvr
/ip firewall address-list
add address=172.16.20.1-172.168.20.140 disabled=yes list="Safire Equipment"
add address=192.168.88.0/24 list="Familiar Subnet's"
add address=172.16.20.150-172.16.20.200 list="Permissive IP's"
/ip firewall filter
add action=accept chain=forward dst-address=192.168.88.0/24 src-address=\
    172.16.20.0/24
add action=accept chain=forward dst-address=172.16.10.0/24 src-address=\
    172.16.20.0/24
add action=fasttrack-connection chain=forward dst-port=53 protocol=tcp
add action=fasttrack-connection chain=forward dst-port=53 protocol=udp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=tcp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
add action=accept chain=input comment="Access from G Parodos" dst-port=8291 \
    protocol=tcp src-address=192.168.88.0/24
add action=accept chain=input comment="Access from G Parodos" dst-port=8291 \
    protocol=tcp src-address=172.16.10.93
add action=accept chain=forward comment="Access Cam from G Parodos" \
    dst-address=192.168.88.0/24 src-address=172.16.20.1-172.16.20.89
add action=drop chain=forward comment="Safire Equipment except NVR" \
    dst-address=0.0.0.0/0 src-address=172.16.20.1-172.16.20.89
add action=drop chain=forward comment="Filakio Client PC" dst-address=\
    0.0.0.0/0 src-address=172.16.20.140
add action=accept chain=forward comment="Safire Equipment except NVR" \
    dst-address=0.0.0.0/0 src-address-list="Permissive IP's"
add action=accept chain=forward comment="Safire Equipment except NVR" \
    dst-address=0.0.0.0/0 src-address=172.16.20.90-172.16.20.139 \
    src-address-list="Permissive IP's"
add action=accept chain=input dst-port=8291 protocol=tcp src-address-list=\
    "Permissive IP's"
add action=drop chain=input dst-port=8291 protocol=tcp src-address-list=\
    !knock-final
add action=add-src-to-address-list address-list=knock1 address-list-timeout=\
    10s chain=input dst-port=@@@@ protocol=tcp
add action=add-src-to-address-list address-list=knock2 address-list-timeout=\
    10s chain=input dst-port=@@@@ protocol=tcp src-address-list=knock1
add action=add-src-to-address-list address-list=knock-final \
    address-list-timeout=1d chain=input dst-port=@@@@ protocol=tcp \
    src-address-list=knock2
/ip firewall nat
# 2641098287 not ready
add action=masquerade chain=srcnat out-interface=2641098287
add action=masquerade chain=srcnat out-interface=ether4
/ip route
add check-gateway=ping comment=ADSL distance=3 gateway=2641098287
add check-gateway=ping comment=4G disabled=yes distance=1 gateway=ether4
add check-gateway=ping comment="Netwatch ADSL" disabled=yes distance=1 \
    dst-address=8.8.4.4/32 gateway=2641098287
add check-gateway=ping comment="Netwatch 4G" disabled=yes distance=1 \
    dst-address=8.8.8.8/32 gateway=ether4
add distance=1 dst-address=172.16.10.0/24 gateway=10.10.20.1
add distance=2 dst-address=172.16.10.0/24 gateway=10.10.10.10
add distance=1 dst-address=172.16.30.0/24 gateway=10.10.30.20
add distance=2 dst-address=172.16.30.0/24 gateway=10.10.20.1
add distance=1 dst-address=192.168.15.0/24 gateway=10.10.10.10,10.10.20.1
add distance=1 dst-address=192.168.88.0/24 gateway=10.10.88.20
add distance=2 dst-address=192.168.88.0/24 gateway=10.10.88.120
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add local-address=10.10.88.2 name="G Parodos" profile=default-encryption \
    remote-address=10.10.88.20 service=sstp
add local-address=10.10.10.1 name=Kremasta profile=default-encryption \
    remote-address=10.10.10.10 service=sstp
add local-address=10.10.30.2 name=Stratos profile=default-encryption \
    remote-address=10.10.30.20 service=sstp
add disabled=yes local-address=10.10.15.2 name=Teltonika profile=\
    default-encryption remote-address=10.10.15.20 service=sstp
add disabled=yes local-address=10.10.150.1 name=Papakammenos profile=\
    default-encryption remote-address=10.10.150.10 service=l2tp
/system clock
set time-zone-name=Europe/Athens
/system identity
set name="Kastraki Router"
/system logging
set 0 topics=info,!ppp
add action=email topics=critical
add action=disk topics=error
add action=disk topics=info,!ppp
add action=disk topics=warning
add action=email disabled=yes topics=dhcp,info
add action=email disabled=yes topics=info,interface
add action=email disabled=yes topics=info,system
/system ntp client
set enabled=yes primary-ntp=194.177.210.54 secondary-ntp=176.119.210.243
/system ntp server
set broadcast=yes broadcast-addresses=172.16.20.254 enabled=yes
/system routerboard settings
set auto-upgrade=yes
/tool e-mail
set address=smtp.mail.yahoo.com from=kastraki.router@yahoo.com port=465 \
    start-tls=tls-only user=-@yahoo.com
/tool netwatch
add disabled=yes down-script="/ip route disable [/ip route find comment=4G]" \
    host=8.8.8.8 interval=30s timeout=3s up-script=\
    "/ip route enable [/ip route find comment=4G]"
add disabled=yes down-script=\
    "/ip route disable [/ip route find comment=ADSL]" host=8.8.4.4 timeout=3s \
    up-script="/ip route enable [/ip route find comment=ADSL]"
 
ioannistsi
just joined
Topic Author
Posts: 9
Joined: Sat May 30, 2020 9:04 pm

Re: Connect Router's Through 3rd VPN

Thu Mar 16, 2023 7:48 pm

Slave router 2
# mar/16/2023 19:20:54 by RouterOS 6.49.7
# software id = 1K8F-T4GM
#
# model = RB760iGS
# serial number = A36A0A636D0E
/interface bridge
add name=CCTV
/interface pppoe-client
add add-default-route=yes default-route-distance=3 disabled=no interface=\
    ether1 name=2641071181 use-peer-dns=yes user=ojh5ff@otenet.gr
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server
add disabled=no interface=CCTV name="Stratos CCTV"
/ip pool
add name=CCTV ranges=172.16.30.1-172.16.30.253
/port
set 0 name=serial0
/interface sstp-client
add connect-to=9e940a5314ce.sn.mynetname.net disabled=no name="G Parodos" \
    profile=default-encryption user=Stratos
add connect-to=a36a0a242d38.sn.mynetname.net:543 name=Kastraki profile=\
    default-encryption user=Stratos
add connect-to=e7e60fe06290.sn.mynetname.net:343 disabled=no name=Kremasta \
    profile=default-encryption user=Stratos
/system logging action
set 1 disk-lines-per-file=4000
add email-to=-@dei.com.gr name=email target=email
/user group
set read policy="local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,s\
    ensitive,api,romon,dude,tikapp,!ftp,!write,!policy"
set write policy="local,telnet,ssh,reboot,read,write,test,winbox,password,web,\
    sniff,sensitive,api,romon,dude,tikapp,!ftp,!policy"
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=CCTV interface=ether2
add bridge=CCTV interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=172.16.30.254/24 interface=CCTV network=172.16.30.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add default-route-distance=2 disabled=no interface=ether3 use-peer-ntp=no
/ip dhcp-server lease
add address=172.16.30.5 client-id=1:98:df:82:5f:3c:e comment="STRATOS 2" \
    mac-address=98:DF:82:5F:3C:0E server="Stratos CCTV"
add address=172.16.30.2 client-id=1:84:9a:40:b4:49:70 comment=STADIA \
    mac-address=84:9A:40:B4:49:70 server="Stratos CCTV"
add address=172.16.30.1 client-id=1:98:df:82:5f:3c:9 comment=PULH \
    mac-address=98:DF:82:5F:3C:09 server="Stratos CCTV"
add address=172.16.30.90 client-id=1:90:2:a9:da:bc:79 comment="STRATOS NVR" \
    mac-address=90:02:A9:DA:BC:79 server="Stratos CCTV"
add address=172.16.30.100 client-id=1:b4:a3:82:ed:85:c7 comment=JOYSTICK \
    mac-address=B4:A3:82:ED:85:C7 server="Stratos CCTV"
add address=172.16.30.3 client-id=1:98:df:82:5f:3c:16 comment=YPOSTATHMOS \
    mac-address=98:DF:82:5F:3C:16 server="Stratos CCTV"
add address=172.16.30.28 client-id=1:0:23:24:43:b1:84 comment=\
    "CLIENT PC CONTROL" mac-address=00:23:24:43:B1:84 server="Stratos CCTV"
add address=172.16.30.6 client-id=1:98:df:82:5f:3c:4 comment=\
    "FRAGMA STRATOS 2" mac-address=98:DF:82:5F:3C:04 server="Stratos CCTV"
add address=172.16.30.4 client-id=1:98:df:82:5f:3c:c comment=YPERXEILISTIS \
    mac-address=98:DF:82:5F:3C:0C server="Stratos CCTV"
add address=172.16.30.40 client-id=1:c4:ad:34:28:e1:30 mac-address=\
    C4:AD:34:28:E1:30 server="Stratos CCTV"
add address=172.16.30.50 client-id=1:24:77:3:ed:93:a8 mac-address=\
    24:77:03:ED:93:A8 server="Stratos CCTV"
add address=172.16.30.70 client-id=1:c4:ad:34:28:e1:32 mac-address=\
    C4:AD:34:28:E1:32 server="Stratos CCTV"
add address=172.16.30.60 client-id=1:e0:db:55:e0:49:78 mac-address=\
    E0:DB:55:E0:49:78 server="Stratos CCTV"
add address=172.16.30.20 client-id=1:0:23:24:43:b2:7c comment=\
    "CLIENT PC FYLAKIO" mac-address=00:23:24:43:B2:7C server="Stratos CCTV"
add address=172.16.30.30 client-id=1:0:20:85:de:fe:f6 comment=\
    "Stratos CCTV UPS" disabled=yes mac-address=00:20:85:DE:FE:F6 server=\
    "Stratos CCTV"
add address=172.16.30.80 client-id=1:7e:e4:a3:59:57:83 mac-address=\
    7E:E4:A3:59:57:83 server="Stratos CCTV"
/ip dhcp-server network
add address=172.16.30.0/24 dns-server=1.1.1.3,1.0.0.3 domain="Stratos CCTV" \
    gateway=172.16.30.254
/ip dns
set servers=172.16.30.254,1.0.0.3,1.1.1.3
/ip firewall address-list
add address=172.16.30.7-172.16.30.29 list="Rest Network Equipment"
add address=172.16.30.1-172.16.30.6 list="Safire IP Cameras"
add address=192.168.88.0/24 list="Familar Subnet's"
add address=172.16.20.0/24 list="Familar Subnet's"
/ip firewall filter
add action=accept chain=forward dst-address-list="Familar Subnet's" \
    src-address-list="Safire IP Cameras"
add action=accept chain=forward dst-address-list="Familar Subnet's" \
    src-address-list="Rest Network Equipment"
add action=drop chain=forward dst-address=0.0.0.0/0 src-address-list=\
    "Rest Network Equipment"
add action=drop chain=forward dst-address=0.0.0.0/0 src-address-list=\
    "Safire IP Cameras"
add action=drop chain=input dst-port=53 protocol=tcp
add action=drop chain=input dst-port=53 protocol=udp
add action=fasttrack-connection chain=forward dst-port=53 protocol=udp
add action=fasttrack-connection chain=forward dst-port=53 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=2641071181
add action=masquerade chain=srcnat out-interface=ether3
/ip route
add distance=1 dst-address=10.10.150.10/32 gateway=Kastraki
add distance=1 dst-address=10.10.200.10/32 gateway=Kremasta
add distance=1 dst-address=172.16.10.0/24 gateway=10.10.30.1
add distance=1 dst-address=172.16.20.0/24 gateway=10.10.30.2 scope=10
add distance=1 dst-address=192.168.3.1/32 gateway=2641071181
add distance=1 dst-address=192.168.88.0/24 gateway=10.10.88.3 pref-src=\
    0.0.0.0
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Athens
/system identity
set name="Stratos Router"
/system logging
set 0 topics=info,!ppp
add action=email topics=critical
add action=email topics=interface
add action=disk topics=error
add action=disk topics=info,!ppp
add action=disk topics=warning
add action=email disabled=yes topics=dhcp,info
add action=email disabled=yes topics=system
/system ntp client
set enabled=yes primary-ntp=194.177.210.54 secondary-ntp=176.119.210.243
/system ntp server
set broadcast=yes broadcast-addresses=172.16.30.254 enabled=yes
/system routerboard settings
set auto-upgrade=yes
/tool e-mail
set address=smtp.mail.yahoo.com from=stratos.nvr@yahoo.com port=465 \
    start-tls=tls-only user=-@yahoo.com

Who is online

Users browsing this forum: toffline, zdiv and 29 guests