# jan/09/2021 23:32:12 by RouterOS 6.47.8 # software id = Y9V7-43DB # # model = RB750Gr3 # serial number = CC210B348613
/interface bridge add admin-mac=C4:AD:34:C6:C9:3C auto-mac=no comment=defconf name=bridge protocol-mode=none
/interface vlan add interface=ether1 name=vlan21 vlan-id=24
/interface pppoe-client add add-default-route=yes allow=pap,chap disabled=no interface=vlan21 keepalive-timeout=60 name=pppoe-out1 use-peer-dns=yes user=*@vodafone
/interface list add comment=defconf name=WAN add comment=defconf name=LAN
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot
/ip pool add name=dhcp ranges=172.193.3.10-172.193.3.254 add name=vpn-pool ranges=172.193.10.2-172.193.10.254
/ip dhcp-server add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile add change-tcp-mss=yes interface-list=LAN local-address=172.193.10.1 name=vpn-profile remote-address=vpn-pool use-encryption=yes /user group set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port add bridge=bridge comment=defconf interface=ether2 add bridge=bridge comment=defconf interface=ether3 add bridge=bridge comment=defconf interface=ether4 add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings set discover-interface-list=LAN
/interface l2tp-server server set authentication=mschap2 default-profile=vpn-profile enabled=yes use-ipsec=yes
/interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 list=WAN add interface=pppoe-out1 list=WAN /ip address add address=172.193.3.1/24 comment=defconf interface=ether2 network=172.193.3.0
/ip cloud set ddns-enabled=yes /ip dhcp-client add comment=defconf disabled=no interface=ether1
/ip dhcp-server lease add address=172.193.3.250 client-id=1:a8:60:b6:30:b4:da mac-address=A8:60:B6:30:B4

A server=defconf add address=172.193.3.246 client-id=1:0:1d:ec:d:67:9a mac-address=00:1D:EC:0D:67:9A server=defconf add address=172.193.3.2 client-id=1:b0:5a:da:87:6b:a1 mac-address=B0:5A

A:87:6B:A1 server=defconf add address=172.193.3.243 client-id=1:e0:63:da:6d:51:d5 mac-address=E0:63

A:6D:51

5 server=defconf add address=172.193.3.248 client-id=1:0:80:92:82:ac:35 mac-address=00:80:92:82:AC:35 server=defconf add address=172.193.3.236 client-id=1:bc:5f:f4:89:d2:84 mac-address=BC:5F:F4:89

2:84 server=defconf add address=172.193.3.230 client-id=1:98:9e:63:25:43:66 mac-address=98:9E:63:25:43:66 server=defconf add address=172.193.3.11 client-id=1:b0:5a:da:87:6b:a3 mac-address=B0:5A

A:87:6B:A3 server=defconf add address=172.193.3.16 client-id=1:9a:1f:1e:94:9c:1f mac-address=9A:1F:1E:94:9C:1F server=defconf add address=172.193.3.15 client-id=ff:3c:cc:a4:5a:0:1:0:1:27:7b:a8:c7:3e:9f:3c:cc:a4:5a mac-address=3E:9F:3C:CC:A4:5A server=defconf
/ip dhcp-server network add address=172.193.3.0/24 comment=defconf gateway=172.193.3.1 netmask=24
/ip dns set allow-remote-requests=yes
/ip dns static add address=172.193.3.1 name=router.lan
/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked add action=accept chain=input comment="allow IPsec" dst-port=4500,500 protocol=udp add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=172.193.10.0/24
/ip service set www address=172.193.3.0/24,172.193.10.0/24 set winbox address=172.193.3.0/24,172.193.10.0/24
/ppp secret add name=usuario service=l2tp
/system clock set time-zone-name=Europe/Madrid /tool mac-server set allowed-interface-list=LAN /tool mac-server mac-winbox set allowed-interface-list=LAN