RouterOS

Advanced Routing

/ip route
add check-gateway=ping distance=1 gateway=WAN1 routing-mark=WAN1_router
add check-gateway=ping distance=1 gateway=WAN2 routing-mark=WAN2_router
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.254.0/24 src-address=192.168.254.0/24
add action=accept chain=prerouting dst-address=192.168.100.0/23 src-address=192.168.100.0/23
add action=accept chain=prerouting dst-address=192.168.50.0/24 src-address=192.168.50.0/24
add action=accept chain=prerouting dst-address=192.168.254.0/24 src-address=192.168.50.0/24
add action=accept chain=prerouting dst-address=192.168.50.0/24 src-address=192.168.254.0/24
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes protocol=tcp
add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=WAN1_router passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=WAN2_router passthrough=yes

VPN L2TP + IPSEC

/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc,3des
/ip pool
add name=dhcp_pool_VPN_L2TP ranges=192.168.130.15-192.168.130.100
/ppp profile
add dns-server=8.8.8.8,8.8.4.4 local-address=192.168.130.1 name=\
    VPN_L2TP remote-address=dhcp_pool_VPN_L2TP
/interface l2tp-server server
set default-profile=VPN_L2TP enabled=yes ipsec-secret=CHAVE_DO_IPSEC \
    one-session-per-host=yes use-ipsec=yes
/ip firewall filter
add action=accept chain=input comment="allow L2TP VPN (ipsec-esp)" \
    in-interface=WAN1 protocol=ipsec-esp
add action=accept chain=input comment="allow L2TP VPN (1701/udp)" dst-port=\
    1701 in-interface=WAN1 protocol=udp
add action=accept chain=input comment="allow L2TP VPN (4500/udp)" dst-port=\
    4500 in-interface=WAN1 protocol=udp
add action=accept chain=input comment="allow L2TP VPN (500/udp)" dst-port=500 \
    in-interface=WAN1 protocol=udp
add action=accept chain=input comment="allow L2TP VPN (ipsec-esp)" \
    in-interface=WAN2 protocol=ipsec-esp
add action=accept chain=input comment="allow L2TP VPN (1701/udp)" dst-port=\
    1701 in-interface=WAN2 protocol=udp
add action=accept chain=input comment="allow L2TP VPN (4500/udp)" dst-port=\
    4500 in-interface=WAN2 protocol=udp
add action=accept chain=input comment="allow L2TP VPN (500/udp)" dst-port=500 \
    in-interface=WAN2 protocol=udp
/ppp secret
add name=USUARIO password=SENHA profile=VPN_L2TP service=l2tp

L3UNIX

Say thanks

Last edit

2022-01-19

L3UNIX

Posted by L3UNIX to L3UNIX's deck (2021-06-04 01:19)