2
Mikrotik Router als PPTP Client nützen
Hallo!
Ich hoffe mir kann jemand helfen. Ich habe hier eine Mikrotik-Router; dieser soll sich als CLIENT per PPTP an einem Server anmelden und den ganzen Internetverkehr über diesen laufen lassen. Ich hab schon im Internet gesucht und auch eine super anleitung gefunden. (http://www.wifitech.com.pk/pptp-client-or-vpn-client-config-in-mikrotik ..) Leider funktioniert dies nicht so wie ich mir das vorstelle.
Ich komme von meinen Client (per WLAN verbunden mit dem Mikrotik) ins Internet. Es werden die Pakete auch mit VPN am Mikrotik Markiert; diese markierten Pakete sollen dann über die PPTP Verbindung an den PPTP Server gesendet werden und so ins Internet kommen. Dies funktioniert mir aber nicht. hier die Config vom Mikrotik:
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
disabled=no forward-delay=15s l2mtu=2290 max-message-age=20s mtu=1500 name=\
bridge priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=\
no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:BE:44:4C master-port=\
none mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=\
no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:BE:44:4D master-port=\
none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=\
no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:BE:44:4E master-port=\
none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=\
no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:BE:44:4F master-port=\
none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=\
no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:BE:44:50 master-port=\
none mtu=1500 name=ether5 speed=100Mbps
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch1
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods=\
passthrough group-ciphers=tkip,aes-ccm group-key-update=5m interim-update=\
0s management-protection=disabled management-protection-key="" mode=\
dynamic-keys name=default radius-eap-accounting=no radius-mac-accounting=no \
radius-mac-authentication=no radius-mac-caching=disabled radius-mac-format=\
XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none \
static-algo-1=none static-algo-2=none static-algo-3=none static-key-0="" \
static-key-1="" static-key-2="" static-key-3="" static-sta-private-algo=\
none static-sta-private-key="" static-transmit-key=key-0 \
supplicant-identity=MikroTik tls-certificate=none tls-mode=no-certificates \
unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=99Mair20! \
wpa2-pre-shared-key=99Mair20!
/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 area="" \
arp=enabled band=2ghz-b basic-rates-a/g=6Mbps basic-rates-b=1Mbps \
bridge-mode=enabled channel-width=20mhz compression=no country=austria \
default-ap-tx-limit=0 default-authentication=yes default-client-tx-limit=0 \
default-forwarding=yes dfs-mode=none disable-running-check=no disabled=no \
disconnect-timeout=3s distance=dynamic frame-lifetime=0 frequency=2412 \
frequency-mode=manual-txpower frequency-offset=0 hide-ssid=no \
ht-ampdu-priorities=0 ht-amsdu-limit=8192 ht-amsdu-threshold=8192 \
ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 \
ht-guard-interval=any ht-rxchains=0 ht-supported-mcs="mcs-0,mcs-1,mcs-2,mcs-\
3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs\
-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" ht-txchains=0 \
hw-fragmentation-threshold=disabled hw-protection-mode=none \
hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=\
D4:CA:6D:BE:44:51 max-station-count=2007 mode=ap-bridge mtu=1500 \
multicast-helper=default name=wlan1 noise-floor-threshold=default \
nv2-cell-radius=30 nv2-noise-floor-offset=default nv2-preshared-key="" \
nv2-qos=default nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=\
100ms periodic-calibration=default periodic-calibration-interval=60 \
preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=\
D4CA6DBE4451 rate-selection=advanced rate-set=default scan-list=default \
security-profile=default ssid=pluto station-bridge-clone-mac=\
00:00:00:00:00:00 supported-rates-a/g=\
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default \
update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=\
none wds-default-cost=100 wds-ignore-ssid=no wds-mode=disabled \
wireless-protocol=802.11 wmm-support=disabled
/interface wireless manual-tx-power-table
set wlan1 manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9Mbp\
s:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17,HT20-0:17,H\
T20-1:17,HT20-2:17,HT20-3:17,HT20-4:17,HT20-5:17,HT20-6:17,HT20-7:17,HT40-0:\
17,HT40-1:17,HT40-2:17,HT40-3:17,HT40-4:17,HT40-5:17,HT40-6:17,HT40-7:17"
/interface wireless nstreme
set wlan1 disable-csma=no enable-nstreme=no enable-polling=yes framer-limit=\
3200 framer-policy=none
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 \
split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default \
shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des \
lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=dhcp_pool2 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=bridge lease-time=1w name=dhcp1
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=default \
use-encryption=default use-mpls=default use-vj-compression=default
set 1 change-tcp-mss=yes name=default-encryption only-one=default \
use-compression=default use-encryption=yes use-mpls=default \
use-vj-compression=default
/interface pptp-client
add add-default-route=yes allow=pap,chap,mschap1,mschap2 connect-to=\
178.73.212.233 dial-on-demand=no disabled=no max-mru=1460 max-mtu=1460 \
mrru=disabled name=pptp-out1 password=x8t5mah1qmax profile=\
default-encryption user=Dragon331
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=none name=only-hardware-queue
set 6 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 7 kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=no \
redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=ospf-in \
metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=auto \
metric-rip=20 metric-static=20 name=default out-filter=ospf-out \
redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \
redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
backbone type=default
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=DES \
name=public read-access=yes security=none write-access=no
/system logging action
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0 \
syslog-facility=daemon syslog-severity=auto target=remote
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,web\
,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pass\
word,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,wi\
nbox,password,web,sniff,sensitive,api" skin=default
/interface bridge port
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether4 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether5 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
interface=wlan1 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=disabled
set 1 vlan-header=leave-as-is vlan-mode=disabled
set 2 vlan-header=leave-as-is vlan-mode=disabled
set 3 vlan-header=leave-as-is vlan-mode=disabled
set 4 vlan-header=leave-as-is vlan-mode=disabled
set 5 vlan-header=leave-as-is vlan-mode=disabled
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption \
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
default enabled=no keepalive-timeout=60 mac-address=FE:4B:67:9D:CC:A0 \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=\
no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
disabled port=443 verify-client-certificate=no
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=no \
streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.1.1/24 disabled=no interface=wlan1 network=192.168.1.0
/ip dhcp-client
add add-default-route=yes default-route-distance=1 disabled=no interface=ether1 \
use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.1.0/24 dhcp-option="" dns-server=195.3.96.67,195.3.96.68 \
gateway=192.168.1.1 ntp-server="" wins-server=""
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=4096 servers=""
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=vpn \
passthrough=yes src-address=192.168.1.1-192.168.1.254
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ether1 \
to-addresses=0.0.0.0
add action=masquerade chain=srcnat disabled=yes out-interface=pptp-out1
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1 disabled=no
set ether2 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
set wlan1 disabled=yes
set bridge disabled=no
set pptp-out1 disabled=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=unlimited \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no \
src-address=0.0.0.0
/ip route
add disabled=yes distance=1 dst-address=192.168.1.0/24 gateway=pptp-out1 \
routing-mark=vpn scope=30 target-scope=10
/ip service
set telnet address="" disabled=no port=23
set ftp address="" disabled=no port=21
set www address="" disabled=no port=80
set ssh address="" disabled=no port=22
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=yes port=8728
set winbox address="" disabled=no port=8291
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/pub disabled=no \
max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest password="" read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no inactive-flow-timeout=\
15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
use-explicit-null=no
/port firmware
set directory=firmware ignore-directip-modem=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set ether1 queue=only-hardware-queue
set ether2 queue=only-hardware-queue
set ether3 queue=only-hardware-queue
set ether4 queue=only-hardware-queue
set ether5 queue=only-hardware-queue
set wlan1 queue=wireless-default
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
routing-table=main timeout-timer=3m update-timer=30s
/snmp
set contact="" enabled=no engine-id="" location="" trap-generators="" \
trap-target="" trap-version=1
/system clock
set time-zone-name=manual
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system identity
set name=Mair
/system leds
set 0 disabled=no interface=wlan1 leds=wlan-led type=wireless-status
/system logging
set 0 action=disk disabled=no prefix="" topics=info
set 1 action=disk disabled=no prefix="" topics=error
set 2 action=disk disabled=no prefix="" topics=warning
set 3 action=disk disabled=no prefix="" topics=critical
add action=disk disabled=no prefix="" topics=debug
add action=disk disabled=no prefix="" topics=firewall
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
/system routerboard settings
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\
600MHz force-backup-booter=no silent-boot=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 starttls=no user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set [ find default=yes ] disabled=no interface=all
/tool mac-server mac-winbox
set [ find default=yes ] disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=1000KiB file-name="" filter-ip-address="" filter-ip-protocol="" \
filter-mac-address="" filter-mac-protocol="" filter-port="" filter-stream=\
yes interface=all memory-limit=100KiB memory-scroll=yes only-headers=no \
streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s \
use-radius=no
Ich hoffe mir kann jemand helfen. Wäre super.
MFG Alijoschi
Ich hoffe mir kann jemand helfen. Ich habe hier eine Mikrotik-Router; dieser soll sich als CLIENT per PPTP an einem Server anmelden und den ganzen Internetverkehr über diesen laufen lassen. Ich hab schon im Internet gesucht und auch eine super anleitung gefunden. (http://www.wifitech.com.pk/pptp-client-or-vpn-client-config-in-mikrotik ..) Leider funktioniert dies nicht so wie ich mir das vorstelle.
Ich komme von meinen Client (per WLAN verbunden mit dem Mikrotik) ins Internet. Es werden die Pakete auch mit VPN am Mikrotik Markiert; diese markierten Pakete sollen dann über die PPTP Verbindung an den PPTP Server gesendet werden und so ins Internet kommen. Dies funktioniert mir aber nicht. hier die Config vom Mikrotik:
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
disabled=no forward-delay=15s l2mtu=2290 max-message-age=20s mtu=1500 name=\
bridge priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=\
no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:BE:44:4C master-port=\
none mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=\
no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:BE:44:4D master-port=\
none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=\
no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:BE:44:4E master-port=\
none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=\
no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:BE:44:4F master-port=\
none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=\
no full-duplex=yes l2mtu=1598 mac-address=D4:CA:6D:BE:44:50 master-port=\
none mtu=1500 name=ether5 speed=100Mbps
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch1
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods=\
passthrough group-ciphers=tkip,aes-ccm group-key-update=5m interim-update=\
0s management-protection=disabled management-protection-key="" mode=\
dynamic-keys name=default radius-eap-accounting=no radius-mac-accounting=no \
radius-mac-authentication=no radius-mac-caching=disabled radius-mac-format=\
XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none \
static-algo-1=none static-algo-2=none static-algo-3=none static-key-0="" \
static-key-1="" static-key-2="" static-key-3="" static-sta-private-algo=\
none static-sta-private-key="" static-transmit-key=key-0 \
supplicant-identity=MikroTik tls-certificate=none tls-mode=no-certificates \
unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=99Mair20! \
wpa2-pre-shared-key=99Mair20!
/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 area="" \
arp=enabled band=2ghz-b basic-rates-a/g=6Mbps basic-rates-b=1Mbps \
bridge-mode=enabled channel-width=20mhz compression=no country=austria \
default-ap-tx-limit=0 default-authentication=yes default-client-tx-limit=0 \
default-forwarding=yes dfs-mode=none disable-running-check=no disabled=no \
disconnect-timeout=3s distance=dynamic frame-lifetime=0 frequency=2412 \
frequency-mode=manual-txpower frequency-offset=0 hide-ssid=no \
ht-ampdu-priorities=0 ht-amsdu-limit=8192 ht-amsdu-threshold=8192 \
ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 \
ht-guard-interval=any ht-rxchains=0 ht-supported-mcs="mcs-0,mcs-1,mcs-2,mcs-\
3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs\
-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" ht-txchains=0 \
hw-fragmentation-threshold=disabled hw-protection-mode=none \
hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=\
D4:CA:6D:BE:44:51 max-station-count=2007 mode=ap-bridge mtu=1500 \
multicast-helper=default name=wlan1 noise-floor-threshold=default \
nv2-cell-radius=30 nv2-noise-floor-offset=default nv2-preshared-key="" \
nv2-qos=default nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=\
100ms periodic-calibration=default periodic-calibration-interval=60 \
preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=\
D4CA6DBE4451 rate-selection=advanced rate-set=default scan-list=default \
security-profile=default ssid=pluto station-bridge-clone-mac=\
00:00:00:00:00:00 supported-rates-a/g=\
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default \
update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=\
none wds-default-cost=100 wds-ignore-ssid=no wds-mode=disabled \
wireless-protocol=802.11 wmm-support=disabled
/interface wireless manual-tx-power-table
set wlan1 manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9Mbp\
s:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17,HT20-0:17,H\
T20-1:17,HT20-2:17,HT20-3:17,HT20-4:17,HT20-5:17,HT20-6:17,HT20-7:17,HT40-0:\
17,HT40-1:17,HT40-2:17,HT40-3:17,HT40-4:17,HT40-5:17,HT40-6:17,HT40-7:17"
/interface wireless nstreme
set wlan1 disable-csma=no enable-nstreme=no enable-polling=yes framer-limit=\
3200 framer-policy=none
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 \
split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default \
shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des \
lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=dhcp_pool2 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=static \
disabled=no interface=bridge lease-time=1w name=dhcp1
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=default \
use-encryption=default use-mpls=default use-vj-compression=default
set 1 change-tcp-mss=yes name=default-encryption only-one=default \
use-compression=default use-encryption=yes use-mpls=default \
use-vj-compression=default
/interface pptp-client
add add-default-route=yes allow=pap,chap,mschap1,mschap2 connect-to=\
178.73.212.233 dial-on-demand=no disabled=no max-mru=1460 max-mtu=1460 \
mrru=disabled name=pptp-out1 password=x8t5mah1qmax profile=\
default-encryption user=Dragon331
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=none name=only-hardware-queue
set 6 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 7 kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=no \
redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=ospf-in \
metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=auto \
metric-rip=20 metric-static=20 name=default out-filter=ospf-out \
redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \
redistribute-rip=no redistribute-static=no router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
backbone type=default
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=DES \
name=public read-access=yes security=none write-access=no
/system logging action
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0 \
syslog-facility=daemon syslog-severity=auto target=remote
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,web\
,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pass\
word,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,wi\
nbox,password,web,sniff,sensitive,api" skin=default
/interface bridge port
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether4 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether5 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
interface=wlan1 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=disabled
set 1 vlan-header=leave-as-is vlan-mode=disabled
set 2 vlan-header=leave-as-is vlan-mode=disabled
set 3 vlan-header=leave-as-is vlan-mode=disabled
set 4 vlan-header=leave-as-is vlan-mode=disabled
set 5 vlan-header=leave-as-is vlan-mode=disabled
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default-encryption \
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
default enabled=no keepalive-timeout=60 mac-address=FE:4B:67:9D:CC:A0 \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=\
no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
disabled port=443 verify-client-certificate=no
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=no \
streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.1.1/24 disabled=no interface=wlan1 network=192.168.1.0
/ip dhcp-client
add add-default-route=yes default-route-distance=1 disabled=no interface=ether1 \
use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.1.0/24 dhcp-option="" dns-server=195.3.96.67,195.3.96.68 \
gateway=192.168.1.1 ntp-server="" wins-server=""
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=4096 servers=""
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
udp-stream-timeout=3m udp-timeout=10s
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=vpn \
passthrough=yes src-address=192.168.1.1-192.168.1.254
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ether1 \
to-addresses=0.0.0.0
add action=masquerade chain=srcnat disabled=yes out-interface=pptp-out1
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1 disabled=no
set ether2 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
set wlan1 disabled=yes
set bridge disabled=no
set pptp-out1 disabled=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=unlimited \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no \
src-address=0.0.0.0
/ip route
add disabled=yes distance=1 dst-address=192.168.1.0/24 gateway=pptp-out1 \
routing-mark=vpn scope=30 target-scope=10
/ip service
set telnet address="" disabled=no port=23
set ftp address="" disabled=no port=21
set www address="" disabled=no port=80
set ssh address="" disabled=no port=22
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=yes port=8728
set winbox address="" disabled=no port=8291
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/pub disabled=no \
max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest password="" read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no inactive-flow-timeout=\
15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
use-explicit-null=no
/port firmware
set directory=firmware ignore-directip-modem=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set ether1 queue=only-hardware-queue
set ether2 queue=only-hardware-queue
set ether3 queue=only-hardware-queue
set ether4 queue=only-hardware-queue
set ether5 queue=only-hardware-queue
set wlan1 queue=wireless-default
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
routing-table=main timeout-timer=3m update-timer=30s
/snmp
set contact="" enabled=no engine-id="" location="" trap-generators="" \
trap-target="" trap-version=1
/system clock
set time-zone-name=manual
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system identity
set name=Mair
/system leds
set 0 disabled=no interface=wlan1 leds=wlan-led type=wireless-status
/system logging
set 0 action=disk disabled=no prefix="" topics=info
set 1 action=disk disabled=no prefix="" topics=error
set 2 action=disk disabled=no prefix="" topics=warning
set 3 action=disk disabled=no prefix="" topics=critical
add action=disk disabled=no prefix="" topics=debug
add action=disk disabled=no prefix="" topics=firewall
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
/system routerboard settings
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\
600MHz force-backup-booter=no silent-boot=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 starttls=no user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set [ find default=yes ] disabled=no interface=all
/tool mac-server mac-winbox
set [ find default=yes ] disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=1000KiB file-name="" filter-ip-address="" filter-ip-protocol="" \
filter-mac-address="" filter-mac-protocol="" filter-port="" filter-stream=\
yes interface=all memory-limit=100KiB memory-scroll=yes only-headers=no \
streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s \
use-radius=no
Ich hoffe mir kann jemand helfen. Wäre super.
MFG Alijoschi
Share on Facebook
Share on Twitter
Share on Reddit
Share on LinkedinPlease also mark the comments that contributed to the solution of the article
Content-Key: 214566
Url: https://administrator.de/contentid/214566
Printed on: April 25, 2024 at 07:04 o'clock
2 Comments
Latest comment
Hallo Aljoschi,
deine hinzugefügten zusätzlichen Regeln stehen zum größten Teil auf "Disabled"
siehe:
überprüfe nochmal in den Einstellungen ob du die Regeln wirklich aktiviert hast. und mach danach mal einen Reboot.
Alternativ zum markieren der Pakete kannst du im VPN-Client die Option "Add default route" setzen damit der ganze Traffic durch VPN geleitet wird.
Ansonsten steht hier alles in einem schönen Tutorial von @aqui beschrieben, wie du es richtig einrichtest:
VPNs einrichten mit PPTP
Grüße Uwe
deine hinzugefügten zusätzlichen Regeln stehen zum größten Teil auf "Disabled"
siehe:
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=vpn \
passthrough=yes src-address=192.168.1.1-192.168.1.254
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface=pptp-out1
Alternativ zum markieren der Pakete kannst du im VPN-Client die Option "Add default route" setzen damit der ganze Traffic durch VPN geleitet wird.
Ansonsten steht hier alles in einem schönen Tutorial von @aqui beschrieben, wie du es richtig einrichtest:
VPNs einrichten mit PPTP
Grüße Uwe
Ansonsten steht hier auch nochmal im Tutorial wie der PPTP Client auf dem Mikrotik zu konfigurieren ist ohne WinBox. Das ist recht einfach !
http://wiki.mikrotik.com/wiki/PPTPClient
Ganz wichtig: Du musst den PPTP Traffic vom NAT (Masquerading) ausnehmen, denn sonst ist der VPN Tunnel eine Einbahnstrasse.
Hilfreich ist dabei das IPsec Tutorial was die Tunnel Ausnahme in der NAT Firewall ebenfalls beschreibt:
IPsec VPNs einrichten mit Cisco, Mikrotik, pfSense Firewall, FritzBox, Smartphone sowie Shrew Client Software
Die Firewall ToDos sind da identisch unabhängig vom verwendeten VPN Tunnelprotokoll !
http://wiki.mikrotik.com/wiki/PPTPClient
Ganz wichtig: Du musst den PPTP Traffic vom NAT (Masquerading) ausnehmen, denn sonst ist der VPN Tunnel eine Einbahnstrasse.
Hilfreich ist dabei das IPsec Tutorial was die Tunnel Ausnahme in der NAT Firewall ebenfalls beschreibt:
IPsec VPNs einrichten mit Cisco, Mikrotik, pfSense Firewall, FritzBox, Smartphone sowie Shrew Client Software
Die Firewall ToDos sind da identisch unabhängig vom verwendeten VPN Tunnelprotokoll !
