Lumelang bohle!
Ho ile ha etsahala feela hore k'hamphaning ea rona, re ntse re fetohela butle-butle ho li-chip tsa Mikrotik lilemong tse peli tse fetileng. Li-node tse kholo li hahiloe ho CCR1072, ha lintlha tsa khokahano ea khomphutha ea lehae li le lisebelisoa tse bonolo. Ehlile, re boetse re fana ka kopanyo ea marang-rang ka lithanele tsa IPSEC; tabeng ena, ho seta ho bonolo haholo ebile ho otlolohile, ka lebaka la bongata ba mehloli e fumanehang inthaneteng. Leha ho le joalo, likhokahano tsa bareki ba mehala ea thekeng li hlahisa liphephetso tse itseng; wiki ea moetsi e hlalosa mokhoa oa ho sebelisa software ea Shrew. VPN moreki (tlhophiso ena e bonahala e itlhalosa), 'me enoa ke moreki ea sebelisoang ke 99% ea basebelisi ba phihlello e hole, 'me 1% e setseng ke 'na. Ke ne ke sa khone ho tšoenyeha ka ho kenya ho kena le phasewete ea ka nako le nako, 'me ke ne ke batla phihlelo e phutholohileng haholoanyane, e phutholohileng haholoanyane ea sofa potato e nang le likhokahano tse bonolo ho marang-rang a mosebetsi. Ke ne ke sa fumane litaelo tsa ho hlophisa Mikrotik bakeng sa maemo ao e seng ka morao ho aterese ea poraefete, empa ka morao ho e ntšo ka ho feletseng, 'me mohlomong le ka li-NAT tse ngata marang-rang. Kahoo ke ile ka tlameha ho iketsetsa, 'me ke khothaletsa hore u shebe liphetho.
E teng:
- CCR1072 joalo ka sesebelisoa sa mantlha. phetolelo 6.44.1
- CAP ac e le sebaka sa khokahanyo lapeng. phetolelo 6.44.1
Ntho e ka sehloohong ea ho seta ke hore PC le Mikrotik li tlameha ho ba marang-rang a tšoanang le aterese e tšoanang, e leng eona e fanoang ho 1072 e kholo.
Ha re feteleng ho li-setting:
1. Ha e le hantle, re nolofalletsa Fasttrack, empa kaha fasttrack ha e lumellane le VPN, re tlameha ho khaola sephethephethe sa eona.
/ip firewall mangle
add action=mark-connection chain=forward comment="ipsec in" ipsec-policy=
in,ipsec new-connection-mark=ipsec passthrough=yes
add action=mark-connection chain=forward comment="ipsec out" ipsec-policy=
out,ipsec new-connection-mark=ipsec passthrough=yes
/ip firewall filter add action=fasttrack-connection chain=forward connection-mark=!ipsec
2. Kenya phetiso ea marang-rang ho tloha / ho ea hae le mosebetsing
/ip firewall raw
add action=accept chain=prerouting dst-address=192.168.33.0/24 src-address=
10.7.76.0/24
add action=accept chain=prerouting dst-address=192.168.33.0/24 src-address=
10.7.98.0/24
add action=accept chain=prerouting disabled=yes dst-address=192.168.55.0/24
src-address=10.7.78.0/24
add action=accept chain=prerouting dst-address=10.7.76.0/24 src-address=
192.168.33.0/24
add action=accept chain=prerouting dst-address=10.7.77.0/24 src-address=
192.168.33.0/24
add action=accept chain=prerouting dst-address=10.7.98.0/24 src-address=
192.168.33.0/24
add action=accept chain=prerouting disabled=yes dst-address=10.7.78.0/24
src-address=192.168.55.0/24
add action=accept chain=prerouting dst-address=192.168.33.0/24 src-address=
10.7.77.0/24
3. Etsa tlhaloso ea khokahanyo ea mosebedisi
/ip ipsec identity
add auth-method=pre-shared-key-xauth notrack-chain=prerouting peer=CO secret=
общий ключ xauth-login=username xauth-password=password
4. Etsa Tlhahiso ea IPSEC
/ip ipsec proposal
add enc-algorithms=3des lifetime=5m name="prop1" pfs-group=none
5. Etsa Leano la IPSEC
/ip ipsec policy
add dst-address=10.7.76.0/24 level=unique proposal="prop1"
sa-dst-address=<white IP 1072> sa-src-address=0.0.0.0 src-address=
192.168.33.0/24 tunnel=yes
add dst-address=10.7.77.0/24 level=unique proposal="prop1"
sa-dst-address=<white IP 1072> sa-src-address=0.0.0.0 src-address=
192.168.33.0/24 tunnel=yes
6. Etsa profil ea IPSEC
/ip ipsec profile
set [ find default=yes ] dpd-interval=disable-dpd enc-algorithm=
aes-192,aes-128,3des nat-traversal=no
add dh-group=modp1024 enc-algorithm=aes-192,aes-128,3des name=profile_1
add name=profile_88
add dh-group=modp1024 lifetime=4h name=profile246
7. Etsa thaka ea IPSEC
/ip ipsec peer
add address=<white IP 1072>/32 local-address=<ваш адрес роутера> name=CO profile=
profile_88
Joale bakeng sa boselamose bo bonolo. Kaha ke ne ke hlile ke sa batle ho fetola litlhophiso ho lisebelisoa tsohle tsa marang-rang a lehae, ke ne ke tlameha ho theha DHCP ka marang-rang a tšoanang, empa hoa utloahala hore Mikrotik ha e u lumelle ho theha letamo la aterese e fetang e le 'ngoe. borokho bo le bong, ka hona ke fumane sebaka sa ho sebetsa, e leng bakeng sa laptop ke ile ka theha DHCP Lease ka ho hlakisa li-parameter, mme kaha netmask, gateway & dns le tsona li na le linomoro tsa khetho ho DHCP, ke li hlalositse ka letsoho.
1.DHCP Kgetho
/ip dhcp-server option
add code=3 name=option3-gateway value="'192.168.33.1'"
add code=1 name=option1-netmask value="'255.255.255.0'"
add code=6 name=option6-dns value="'8.8.8.8'"
2.DHCP Ho hira
/ip dhcp-server lease
add address=192.168.33.4 dhcp-option=
option1-netmask,option3-gateway,option6-dns mac-address=<MAC адрес ноутбука>
Ka nako e ts'oanang, ho beha 1072 ke ntho ea motheo, feela ha u fana ka aterese ea IP ho mofani, e bontšoa ka litlhophiso hore e lokela ho fuoa aterese ea IP e kentsoeng ka letsoho, eseng ho tloha letamong. Bakeng sa bareki ba kamehla ho tloha lik'homphieutha tsa botho, subnet e tšoana le ha e etsoa ka Wiki 192.168.55.0/24.
Setupo sena se u lumella ho se hokahane le PC ea hau ka software ea motho oa boraro, 'me kotopo ka boeona e phahamisoa ke router ha ho hlokahala. Mojaro o ho moreki CAP ac o batla o fokola, 8-11% ka lebelo la 9-10MB/s kotopong.
Litlhophiso tsohle li entsoe ka Winbox, leha e ne e ka etsoa hantle ka console.
Source: www.habr.com
