forked from moskvat2/MikrotikCommunity
-
Notifications
You must be signed in to change notification settings - Fork 0
/
1lan-2wan-failover.txt
107 lines (107 loc) · 4.78 KB
/
1lan-2wan-failover.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# feb/16/2023 12:18:16 by RouterOS 7.7
# software id =
#
/interface bridge
add name=bridge1-LAN
/interface ethernet
set [ find default-name=ether1 ] disabled=yes
set [ find default-name=ether2 ] name=ether2-Provedor02
set [ find default-name=ether3 ] name=ether3-Provedor01
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether3-Provedor01 name=\
ProvedorPrincipal password=cliente use-peer-dns=yes user=cliente
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.3.2-192.168.3.254
/ip dhcp-server
# DHCP server can not run on slave interface!
add address-pool=dhcp_pool0 interface=ether4 name=dhcp1
/ip vrf
add comment="!== VRF PARA TESTE" interfaces=none name=TEST-LinkSecundario
add comment="!== VRF PARA TESTE" interfaces=none name=TEST-LinkPrincipal
/port
set 0 name=serial0
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/routing table
add fib name=rota_Provedor02
add fib name=rota_Provedor01
/interface bridge port
add bridge=bridge1-LAN interface=ether4
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.3.1/24 interface=ether4 network=192.168.3.0
/ip dhcp-client
add default-route-distance=10 interface=ether2-Provedor02
/ip dhcp-server network
add address=192.168.3.0/24 dns-server=192.168.3.1 gateway=192.168.3.1
/ip dns
set allow-remote-requests=yes servers=208.67.222.222
/ip firewall mangle
add action=mark-connection chain=prerouting comment=connProvedor02 \
connection-mark=no-mark disabled=yes dst-port=8291 in-interface=\
ether2-Provedor02 new-connection-mark=connProvedor02 passthrough=yes protocol=\
tcp
add action=mark-connection chain=prerouting comment=connProvedor01 connection-mark=\
no-mark disabled=yes dst-port=8291 in-interface=ether3-Provedor01 new-connection-mark=\
connProvedor01 passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=connProvedor01--->LAN \
connection-mark=no-mark disabled=yes dst-port=9000 in-interface=ether3-Provedor01 \
new-connection-mark=connProvedor01 protocol=tcp
add action=mark-connection chain=prerouting comment=connProvedor02--->LAN \
connection-mark=no-mark disabled=yes dst-port=9000 in-interface=\
ether2-Provedor02 new-connection-mark=connProvedor02 protocol=tcp
add action=mark-routing chain=prerouting comment=return_connProvedor01 \
connection-mark=connProvedor01 disabled=yes in-interface=ether4 \
new-routing-mark=rota_Provedor01
add action=mark-routing chain=prerouting comment=return_connProvedor02 \
connection-mark=connProvedor02 disabled=yes in-interface=ether4 \
new-routing-mark=rota_Provedor02
add action=mark-routing chain=output comment=markRouteProvedor02 \
connection-mark=connProvedor02 disabled=yes new-routing-mark=rota_Provedor02 \
passthrough=yes
add action=mark-routing chain=output comment=markRouteProvedor01 connection-mark=\
connProvedor01 disabled=yes new-routing-mark=rota_Provedor01 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=!bridge1-LAN
/ip route
add check-gateway=ping comment=LinkPrincipal disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=100.64.64.0 pref-src=0.0.0.0 routing-table=\
main scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment=LinkSecundario disabled=no distance=3 \
dst-address=0.0.0.0/0 gateway=10.0.0.254 pref-src=0.0.0.0 routing-table=\
main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=208.67.222.222/32 gateway=100.64.64.0 \
pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
/routing rule
add action=lookup-only-in-table comment=\
"!== FORCE TESTE DE FAILOVER ==> LINK 1" disabled=no routing-mark=\
TEST-LinkPrincipal table=TEST-LinkPrincipal
add action=lookup-only-in-table comment=\
"!== FORCE TESTE DE FAILOVER ==> LINK 1" disabled=no routing-mark=\
TEST-LinkSecundario table=TEST-LinkSecundario
/system identity
set name=CLIENTE
/system package update
set channel=development
/tool netwatch
add disabled=no down-script="/ip route set [find where comment=\"LinkPrincipal\
\"] distance=3\r\
\n/ip route set [find where comment=\"LinkSecundario\"] distance=1" host=\
208.67.222.222 http-codes="" interval=10s test-script="" type=icmp \
up-script="/ip route set [find where comment=\"LinkPrincipal\"] distance=1\
\r\
\n/ip route set [find where comment=\"LinkSecundario\"] distance=3"