Kia ora koutou katoa!
I roto i tā mātou kamupene, kua neke haere mātou ki ngā maramara Mikrotik i ngā tau e rua kua pahure ake nei. Ko ngā pūnga matua kua hangaia ki runga i te CCR1072, ko ngā pūnga hononga rorohiko ā-rohe kei runga i ngā taputapu māmā ake. Ko te tikanga, ka tukuna hoki e mātou te whakaurunga whatunga mā roto i ngā kauhanga IPSEC; i tēnei wā, he tino māmā, he māmā hoki te whakatūnga, nā te nui o ngā rauemi e wātea ana i te ipurangi. Heoi, he uaua ētahi o ngā hononga kiritaki pūkoro; e whakamārama ana te wiki a te kaihanga me pēhea te whakamahi i te Shrew soft. VPN kiritaki (he mārama noa iho tēnei tatūnga), ā, koinei te kiritaki e whakamahia ana e te 99% o ngā kaiwhakamahi urunga mamao, ā, ko te toenga 1% ko au. Kāore au i hiahia ki te whakauru i taku takiuru me taku kupuhipa i ia wā, ā, i hiahia ahau ki tētahi wheako noho marino ake, whakamarie ake me ngā hononga watea ki ngā whatunga mahi. Kāore au i kite i tētahi tohutohu mō te whirihora i a Mikrotik mō ngā āhuatanga kei reira ia, ahakoa kāore i muri i tētahi wāhitau tūmataiti, engari i muri i tētahi wāhitau kua rārangihia katoatia, me ētahi NAT maha pea i runga i te whatunga. Nō reira, me mahi auaha ahau, ā, me titiro koe ki ngā hua.
Wātea:
- CCR1072 hei taputapu matua. putanga 6.44.1
- Ko te CAP ac hei waahi hononga kaainga. putanga 6.44.1
Ko te ahuatanga nui o te tatūnga ko te PC me te Mikrotik me noho i runga i te whatunga kotahi me te korero kotahi, ko te mea i tukuna ki te 1072 matua.
Haere tatou ki nga tautuhinga:
1. Ae ra, ka taea e matou te Fasttrack, engari na te mea kaore i te hototahi a Fasttrack ki te VPN, me tapahi e matou ana hokohoko.
/ip firewall mangle
add action=mark-connection chain=forward comment="ipsec in" ipsec-policy=
in,ipsec new-connection-mark=ipsec passthrough=yes
add action=mark-connection chain=forward comment="ipsec out" ipsec-policy=
out,ipsec new-connection-mark=ipsec passthrough=yes
/ip firewall filter add action=fasttrack-connection chain=forward connection-mark=!ipsec
2. Tāpiri whatunga whakamua mai/ki te kāinga me te mahi
/ip firewall raw
add action=accept chain=prerouting dst-address=192.168.33.0/24 src-address=
10.7.76.0/24
add action=accept chain=prerouting dst-address=192.168.33.0/24 src-address=
10.7.98.0/24
add action=accept chain=prerouting disabled=yes dst-address=192.168.55.0/24
src-address=10.7.78.0/24
add action=accept chain=prerouting dst-address=10.7.76.0/24 src-address=
192.168.33.0/24
add action=accept chain=prerouting dst-address=10.7.77.0/24 src-address=
192.168.33.0/24
add action=accept chain=prerouting dst-address=10.7.98.0/24 src-address=
192.168.33.0/24
add action=accept chain=prerouting disabled=yes dst-address=10.7.78.0/24
src-address=192.168.55.0/24
add action=accept chain=prerouting dst-address=192.168.33.0/24 src-address=
10.7.77.0/24
3. Waihangahia he whakaahuatanga hononga kaiwhakamahi
/ip ipsec identity
add auth-method=pre-shared-key-xauth notrack-chain=prerouting peer=CO secret=
общий ключ xauth-login=username xauth-password=password
4. Waihangahia he Kaupapa IPSEC
/ip ipsec proposal
add enc-algorithms=3des lifetime=5m name="prop1" pfs-group=none
5. Waihangahia he Kaupapahere IPSEC
/ip ipsec policy
add dst-address=10.7.76.0/24 level=unique proposal="prop1"
sa-dst-address=<white IP 1072> sa-src-address=0.0.0.0 src-address=
192.168.33.0/24 tunnel=yes
add dst-address=10.7.77.0/24 level=unique proposal="prop1"
sa-dst-address=<white IP 1072> sa-src-address=0.0.0.0 src-address=
192.168.33.0/24 tunnel=yes
6. Waihangatia he kōtaha IPSEC
/ip ipsec profile
set [ find default=yes ] dpd-interval=disable-dpd enc-algorithm=
aes-192,aes-128,3des nat-traversal=no
add dh-group=modp1024 enc-algorithm=aes-192,aes-128,3des name=profile_1
add name=profile_88
add dh-group=modp1024 lifetime=4h name=profile246
7. Waihangahia he hoa IPSEC
/ip ipsec peer
add address=<white IP 1072>/32 local-address=<ваш адрес роутера> name=CO profile=
profile_88
Inaianei mo etahi makutu ngawari. I te mea kaore au i tino hiahia ki te whakarereke i nga tautuhinga i runga i nga taputapu katoa i runga i te whatunga kaainga, me whakarite e ahau te DHCP i runga i te whatunga kotahi, engari he mea tika kia kore a Mikrotik e tuku ki a koe ki te whakarite kia nui ake i te kotahi puna korero ki runga. kotahi te piriti, no reira i kitea e au he mahi, ara mo te pona i hanga noa e au te DHCP Lease me te tohu a-ringa i nga tawhā, a, i te mea kei a netmask, gateway & dns nga nama whiringa kei roto i te DHCP, i tohua e au a ringa.
1.DHCP Kōwhiringa
/ip dhcp-server option
add code=3 name=option3-gateway value="'192.168.33.1'"
add code=1 name=option1-netmask value="'255.255.255.0'"
add code=6 name=option6-dns value="'8.8.8.8'"
2.DHCP Riihi
/ip dhcp-server lease
add address=192.168.33.4 dhcp-option=
option1-netmask,option3-gateway,option6-dns mac-address=<MAC адрес ноутбука>
I te wa ano, ko te tautuhi i te 1072 he maamaa noa, ka tukuna he wahitau IP ki tetahi kaihoko, ka tohuhia i roto i nga tautuhinga me hoatu he wahitau IP kua whakauruhia ma te ringa, kaua mai i te puna. Mo nga kaihoko mai i nga rorohiko whaiaro, he rite te kupengaroto ki te whirihoranga me Wiki 192.168.55.0/24.
Ma tenei tatūnga ka taea e koe te kore e hono atu ki to PC na roto i nga rorohiko tuatoru, a ko te kauhanga ake ka whakaarahia e te pouara ina hiahiatia. Ko te kawenga i runga i te kiritaki CAP ac he iti rawa, 8-11% i te tere o te 9-10MB / s i roto i te kohanga.
I hangaia nga tautuhinga katoa ma te Winbox, ahakoa ka taea te mahi ma te papatohu.
Source: will.com
