binna
Senior Member
Bác post config lên đây
Code:
# jul/06/2021 19:53:45 by RouterOS 6.47.10
# software id = EP1V-0VPD
#
# model = RouterBOARD 750G r3
# serial number = 6F39084D554D
/interface bridge
add add-dhcp-option82=yes dhcp-snooping=yes igmp-snooping=yes mtu=1500 name=\
HomeLAN
/interface ethernet
set [ find default-name=ether5 ] disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
password=xxxx service-name=VNPT use-peer-dns=yes user=myname
/interface pptp-client
add connect-to=204.194.232.200 name=pptp-out1 password=xxx user=myname
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec mode-config
add name=SGN responder=no src-address-list=local
/ip ipsec policy group
add name=SGN
/ip ipsec profile
add name=SGN
/ip ipsec peer
add address=th-bkk.prod.surfshark.com exchange-mode=ike2 name=SGN profile=SGN
/ip ipsec proposal
add name=SGN pfs-group=none
/ip kid-control
add fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d thu=0s-1d tue=\
0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=0s-1d tur-thu=\
0s-1d tur-tue=0s-1d tur-wed=0s-1d wed=0s-1d
/ip pool
add name=dhcp ranges=192.168.68.2-192.168.68.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=HomeLAN name=dhcp1
/interface bridge port
add bridge=HomeLAN interface=ether2
add bridge=HomeLAN interface=ether3
add bridge=HomeLAN interface=ether4
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=pppoe-out1 list=WAN
add interface=HomeLAN list=LAN
add disabled=yes interface=ether1 list=WAN
/ip address
add address=192.168.68.1/24 interface=ether2 network=192.168.68.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.168.68.0/24 dns-server=123.26.26.26,8.8.8.8 gateway=\
192.168.68.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=192.168.68.0/24 list=local
/ip firewall filter
add action=accept chain=input comment="allow ipsec-ah" protocol=ipsec-ah
add action=accept chain=input comment="allow ipsec-esp" protocol=ipsec-esp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1 \
out-interface-list=WAN
add action=masquerade chain=srcnat disabled=yes out-interface=pptp-out1 \
out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=5000 protocol=tcp to-addresses=\
192.168.68.200 to-ports=5000
add action=dst-nat chain=dstnat disabled=yes dst-port=5001 protocol=tcp \
to-addresses=192.168.68.200 to-ports=5001
add action=dst-nat chain=dstnat disabled=yes dst-port=80 protocol=tcp \
to-addresses=192.168.68.200 to-ports=80
add action=dst-nat chain=dstnat dst-port=58050-58051 protocol=tcp \
to-addresses=192.168.68.200 to-ports=58050-58051
add action=dst-nat chain=dstnat dst-port=8085 protocol=tcp to-addresses=\
192.168.68.200 to-ports=8085
add action=dst-nat chain=dstnat dst-port=5005-5006 protocol=tcp to-addresses=\
192.168.68.200 to-ports=5005-5006
add action=masquerade chain=srcnat dst-address=192.168.68.200 dst-port=5000 \
out-interface=HomeLAN protocol=tcp src-address=192.168.68.0/24
add action=masquerade chain=srcnat dst-address=192.168.68.200 dst-port=5001 \
out-interface=HomeLAN protocol=tcp src-address=192.168.68.0/24
/ip ipsec identity
add auth-method=eap certificate=surfshark_ikev2.crt_0 disabled=yes \
eap-methods=eap-mschapv2 generate-policy=port-strict mode-config=SGN \
notrack-chain=- password=xxxxxxxxxxxxxxxxxxxxxxx peer=SGN \
policy-template-group=SGN username=dbxxxxxxxxxxxxxHry
/ip ipsec policy
add dst-address=0.0.0.0/0 group=SGN proposal=SGN src-address=0.0.0.0/0 \
template=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set www-ssl disabled=no
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Asia/Bangkok
/system scheduler
add interval=2w1d name="cap nhat DDNS" on-event="DDNS NoIP" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
/system script
add dont-require-permissions=no name="DDNS NoIP" owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
local noipuser \"[email protected]\"\
\n:local noippass \"xxxx\"\
\n:local noiphost \"binna.ddns.net\"\
\n# Ban muon Ten Mien cap nhat vao duong WAN nao, hay go chinh xac ten duo\
ng WAN\
\n # De xem ten duong WAN, ban vao Menu PPP.\
\n:local inetinterface \"pppoe-out1\"\
\n#-----------------------------------------------------------------------\
-------------\
\n# No more changes need\
\n:global previousIP\
\n:if ([/interface get \$inetinterface value-name=running]) do={\
\n# Get the current IP on the interface\
\n :local currentIP [/ip address get [find interface=\"\$inetinterface\"\
\_disabled=no] address]\
\n# Strip the net mask off the IP address\
\n :for i from=( [:len \$currentIP] - 1) to=0 do={\
\n :if ( [:pick \$currentIP \$i] = \"/\") do={ \
\n :set currentIP [:pick \$currentIP 0 \$i]\
\n } \
\n }\
\n\
\n :if (\$currentIP != \$previousIP) do={\
\n :log info \"No-IP: Current IP \$currentIP is not equal to previou\
s IP, update needed\"\
\n :set previousIP \$currentIP\
\n\
\n# The update URL. Note the \"\\3F\" is hex for question mark (\?). Requi\
red since \? is a special character in commands.\
\n :local url \"http://dynupdate.no-ip.com/nic/update\\3Fmyip=\$curr\
entIP\"\
\n :local noiphostarray\
\n :set noiphostarray [:toarray \$noiphost]\
\n :foreach host in=\$noiphostarray do={\
\n :log info \"No-IP: Sending update for \$host\"\
\n /tool fetch url=(\$url . \"&hostname=\$host\") user=\$noipuse\
r password=\$noippass mode=http dst-path=(\"no-ip_ddns_update-\" . \$host \
. \".txt\")\
\n :log info \"No-IP: Host \$host updated on No-IP with IP \$cur\
rentIP\"\
\n }\
\n } else={\
\n :log info \"No-IP: Previous IP \$previousIP is equal to current I\
P, no update needed\"\
\n }\
\n} else={\
\n :log info \"No-IP: \$inetinterface is not currently running, so there\
fore will not update.\"\
\n}\
\n"
nhờ bác @Imhomtep xem giúp ah