Ссылки
https://secq.ru/tiklan - онлайн генератор конфигов https://www.youtube.com/watch?v=aL308xEw9-k&feature=youtu.be - Объединить домашние сети за 60 секунд by Pichulin Dmitrii CryptoPro, Russia https://github.com/deemru/secqru - исходиники на github
Введение
Простой способ для дома сделать общую локальную сеть для нескольких микротиков. Скрипт позволяет объединить несколько устройств микротик в одну общую сеть. Используются технологии EoIP, OSPF, L2TP и т.д. Ниже сохранил конфиги для подключения трех устройств.
Tik-01
# Bridge (Tik-01) interface bridge add name="TikLAN" comment="TikLAN" protocol-mode=none mtu=1500 ip address add address=172.17.1.1/20 interface="TikLAN" ip route add dst-address=172.17.0.0/24 type=unreachable # OSPF Routes (Tik-01) routing ospf instance add name="TikLAN" router-id=172.17.0.1 routing ospf area add name="TikLAN" instance="TikLAN" area-id=172.17.0.0 routing ospf network add network=172.17.0.0/24 area="TikLAN" # DHCP (Tik-01) ip pool add ranges=172.17.1.10-172.17.1.254 name="TikLAN (Tik-01) Pool" ip dhcp-server network add address=172.17.0.0/20 gateway=172.17.1.1 dns-server=172.17.1.1 ip dhcp-server add name="TikLAN (Tik-01) DHCP" interface="TikLAN" address-pool="TikLAN (Tik-01) Pool" ip dhcp-server enable "TikLAN (Tik-01) DHCP" # Bridge Filters (Tik-01) interface list add name="TikLAN-Remotes" interface bridge nat add chain=srcnat out-interface-list="TikLAN-Remotes" mac-protocol=ip dst-address=224.0.0.0/4 action=drop interface bridge nat add chain=srcnat out-interface-list="TikLAN-Remotes" mac-protocol=ipv6 action=drop interface bridge nat add chain=srcnat out-interface-list="TikLAN-Remotes" mac-protocol=ip ip-protocol=udp src-port=67-68 action=drop # PPP Server (Tik-01) interface l2tp-server server set enabled=yes keepalive-timeout=7 ppp secret add name="TikLAN-Tik-02" password="6123b528_ae94ec2a" profile=default-encryption local-address=172.17.0.1 remote-address=172.17.0.2 ppp secret add name="TikLAN-Tik-03" password="6123b528_d0a779a8" profile=default-encryption local-address=172.17.0.1 remote-address=172.17.0.3 interface l2tp-server add name="TikLAN-L2TP-Server-Tik-02" user="TikLAN-Tik-02" interface l2tp-server add name="TikLAN-L2TP-Server-Tik-03" user="TikLAN-Tik-03" # OSPF Costs (Tik-01) routing ospf interface add interface="TikLAN-L2TP-Server-Tik-02" network-type=point-to-point cost=10 routing ospf interface add interface="TikLAN-L2TP-Server-Tik-03" network-type=point-to-point cost=10 # EoIP (Tik-01) interface eoip add name="TikLAN-EoIP-Tik-02" !keepalive remote-address=172.17.0.2 tunnel-id=51617 interface eoip add name="TikLAN-EoIP-Tik-03" !keepalive remote-address=172.17.0.3 tunnel-id=51618 # EoIP to Bridge (Tik-01) interface bridge port add bridge="TikLAN" interface="TikLAN-EoIP-Tik-02" horizon=24 interface bridge port add bridge="TikLAN" interface="TikLAN-EoIP-Tik-03" horizon=24 # EoIP Filters (Tik-01) interface list member add interface="TikLAN-EoIP-Tik-02" list="TikLAN-Remotes" interface list member add interface="TikLAN-EoIP-Tik-03" list="TikLAN-Remotes"
Tik-02
# Bridge (Tik-02) interface bridge add name="TikLAN" comment="TikLAN" protocol-mode=none mtu=1500 ip address add address=172.17.2.1/20 interface="TikLAN" ip route add dst-address=172.17.0.0/24 type=unreachable # OSPF Routes (Tik-02) routing ospf instance add name="TikLAN" router-id=172.17.0.2 routing ospf area add name="TikLAN" instance="TikLAN" area-id=172.17.0.0 routing ospf network add network=172.17.0.0/24 area="TikLAN" # DHCP (Tik-02) ip pool add ranges=172.17.2.10-172.17.2.254 name="TikLAN (Tik-02) Pool" ip dhcp-server network add address=172.17.0.0/20 gateway=172.17.2.1 dns-server=172.17.2.1 ip dhcp-server add name="TikLAN (Tik-02) DHCP" interface="TikLAN" address-pool="TikLAN (Tik-02) Pool" ip dhcp-server enable "TikLAN (Tik-02) DHCP" # Bridge Filters (Tik-02) interface list add name="TikLAN-Remotes" interface bridge nat add chain=srcnat out-interface-list="TikLAN-Remotes" mac-protocol=ip dst-address=224.0.0.0/4 action=drop interface bridge nat add chain=srcnat out-interface-list="TikLAN-Remotes" mac-protocol=ipv6 action=drop interface bridge nat add chain=srcnat out-interface-list="TikLAN-Remotes" mac-protocol=ip ip-protocol=udp src-port=67-68 action=drop # PPP Client (Tik-02) interface l2tp-client add connect-to="Tik-01.sn.mynetname.net" name="TikLAN-L2TP-Client-Tik-01" user="TikLAN-Tik-02" password="6123b528_ae94ec2a" profile=default-encryption keepalive-timeout=7 disabled=no # OSPF Costs (Tik-02) routing ospf interface add interface="TikLAN-L2TP-Client-Tik-01" network-type=point-to-point cost=10 # EoIP (Tik-02) interface eoip add name="TikLAN-EoIP-Tik-01" !keepalive remote-address=172.17.0.1 tunnel-id=51617 interface eoip add name="TikLAN-EoIP-Tik-03" !keepalive remote-address=172.17.0.3 tunnel-id=51680 # EoIP to Bridge (Tik-02) interface bridge port add bridge="TikLAN" interface="TikLAN-EoIP-Tik-01" horizon=24 interface bridge port add bridge="TikLAN" interface="TikLAN-EoIP-Tik-03" horizon=24 # EoIP Filters (Tik-02) interface list member add interface="TikLAN-EoIP-Tik-01" list="TikLAN-Remotes" interface list member add interface="TikLAN-EoIP-Tik-03" list="TikLAN-Remotes"
Tik-03
# Bridge (Tik-03) interface bridge add name="TikLAN" comment="TikLAN" protocol-mode=none mtu=1500 ip address add address=172.17.3.1/20 interface="TikLAN" ip route add dst-address=172.17.0.0/24 type=unreachable # OSPF Routes (Tik-03) routing ospf instance add name="TikLAN" router-id=172.17.0.3 routing ospf area add name="TikLAN" instance="TikLAN" area-id=172.17.0.0 routing ospf network add network=172.17.0.0/24 area="TikLAN" # DHCP (Tik-03) ip pool add ranges=172.17.3.10-172.17.3.254 name="TikLAN (Tik-03) Pool" ip dhcp-server network add address=172.17.0.0/20 gateway=172.17.3.1 dns-server=172.17.3.1 ip dhcp-server add name="TikLAN (Tik-03) DHCP" interface="TikLAN" address-pool="TikLAN (Tik-03) Pool" ip dhcp-server enable "TikLAN (Tik-03) DHCP" # Bridge Filters (Tik-03) interface list add name="TikLAN-Remotes" interface bridge nat add chain=srcnat out-interface-list="TikLAN-Remotes" mac-protocol=ip dst-address=224.0.0.0/4 action=drop interface bridge nat add chain=srcnat out-interface-list="TikLAN-Remotes" mac-protocol=ipv6 action=drop interface bridge nat add chain=srcnat out-interface-list="TikLAN-Remotes" mac-protocol=ip ip-protocol=udp src-port=67-68 action=drop # PPP Client (Tik-03) interface l2tp-client add connect-to="Tik-01.sn.mynetname.net" name="TikLAN-L2TP-Client-Tik-01" user="TikLAN-Tik-03" password="6123b528_d0a779a8" profile=default-encryption keepalive-timeout=7 disabled=no # OSPF Costs (Tik-03) routing ospf interface add interface="TikLAN-L2TP-Client-Tik-01" network-type=point-to-point cost=10 # EoIP (Tik-03) interface eoip add name="TikLAN-EoIP-Tik-01" !keepalive remote-address=172.17.0.1 tunnel-id=51618 interface eoip add name="TikLAN-EoIP-Tik-02" !keepalive remote-address=172.17.0.2 tunnel-id=51680 # EoIP to Bridge (Tik-03) interface bridge port add bridge="TikLAN" interface="TikLAN-EoIP-Tik-01" horizon=24 interface bridge port add bridge="TikLAN" interface="TikLAN-EoIP-Tik-02" horizon=24 # EoIP Filters (Tik-03) interface list member add interface="TikLAN-EoIP-Tik-01" list="TikLAN-Remotes" interface list member add interface="TikLAN-EoIP-Tik-02" list="TikLAN-Remotes"
