【RouterOS】—— 在香港街上和家里怎样享用大陆资源?
[i=s] 本帖最後由 角色 於 2014-9-9 10:40 編輯 [/i]如果你有一台Routerboard,那么你可以考虑上最新的RouterOS V6.18+,而我用V6.18。因为从V6.14就有VPN的快速设定。
好了回到主题,我们先设家里的RB,怎样设,可以参考 [url=http://www.hkepc.com/forum/viewthread.php?tid=2089157&highlight=mikrotik]Link[/url] 。如果不开RouterOS 在V6.14自带的VPN Access功能,而用RouterBoard的default settings, IP=192.168.88.1, 那么link的script是可以马上可以用,只要坐适当的更改就可以。
怎样找blocked IP, 可以参考下面帖子:
[url]http://www.hkepc.com/forum/viewthread.php?tid=2069651&extra=&page=1[/url] 下面的script与之前的Link的有几个注意的地方:
1、profile=profile-cn
2、要在/ppp profile加入一个新的profile called profile-cn, 因为用default的会跟VPN Access的defualt settings有冲突。[code]:local username "vpn-name"
:local password "vpn-passowrd"
:local hostname "vpn-server-host-name"
:local internal "192.168.88.0/24"
/interface pptp-client
add add-default-route=no allow=chap,mschap1,mschap2 connect-to=$hostname \
dial-on-demand=no disabled=no keepalive-timeout=60 max-mru=1400 max-mtu=\
1400 mrru=disabled name=vpn_cn password=$password profile=\
profile-cn user=$username
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=UnBlockIPList \
port=80,443,8080 new-routing-mark=through_vpn_cn passthrough=no \
protocol=tcp src-address-list=Internal-Nets disabled=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=vpn_cn disabled=no
/ip route
add distance=1 gateway=vpn_cn routing-mark=through_vpn_cn disabled=no \
scope=255
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,114.114.114.114
/ip firewall address-list
add list=Internal-Nets address=$internal comment="Internal-Nets"
add list=UnBlockIPList address=103.7.28.0/24
add list=UnBlockIPList address=103.7.30.0/24
add list=UnBlockIPList address=103.7.31.0/24
add list=UnBlockIPList address=107.21.213.0/24
add list=UnBlockIPList address=111.161.48.0/24
add list=UnBlockIPList address=115.182.93.0/24
add list=UnBlockIPList address=117.121.54.0/24
add list=UnBlockIPList address=118.244.244.0/24
add list=UnBlockIPList address=119.147.19.0/24
add list=UnBlockIPList address=119.188.40.0/24
add list=UnBlockIPList address=123.125.195.0/24
add list=UnBlockIPList address=123.125.89.0/24
add list=UnBlockIPList address=123.126.48.0/24
add list=UnBlockIPList address=123.126.53.0/24
add list=UnBlockIPList address=123.126.98.0/24
add list=UnBlockIPList address=123.126.99.0/24
add list=UnBlockIPList address=123.58.180.0/24
add list=UnBlockIPList address=125.39.70.0/24
add list=UnBlockIPList address=125.39.95.0/24
add list=UnBlockIPList address=125.89.72.0/24
add list=UnBlockIPList address=163.177.71.0/24
add list=UnBlockIPList address=163.177.79.0/24
add list=UnBlockIPList address=163.177.89.0/24
add list=UnBlockIPList address=180.153.106.0/24
add list=UnBlockIPList address=180.153.21.0/24
add list=UnBlockIPList address=180.153.225.0/24
add list=UnBlockIPList address=180.76.2.0/24
add list=UnBlockIPList address=182.16.230.0/24
add list=UnBlockIPList address=183.61.119.0/24
add list=UnBlockIPList address=184.51.15.0/24
add list=UnBlockIPList address=192.241.222.0/24
add list=UnBlockIPList address=202.108.14.0/24
add list=UnBlockIPList address=202.108.23.0/24
add list=UnBlockIPList address=202.108.37.0/24
add list=UnBlockIPList address=202.108.5.0/24
add list=UnBlockIPList address=202.55.10.0/24
add list=UnBlockIPList address=202.55.12.0/24
add list=UnBlockIPList address=210.129.145.0/24
add list=UnBlockIPList address=211.151.181.0/24
add list=UnBlockIPList address=218.205.72.0/24
add list=UnBlockIPList address=218.30.66.0/24
add list=UnBlockIPList address=218.77.91.0/24
add list=UnBlockIPList address=220.181.109.0/24
add list=UnBlockIPList address=220.181.118.0/24
add list=UnBlockIPList address=220.181.153.0/24
add list=UnBlockIPList address=220.181.154.0/24
add list=UnBlockIPList address=220.181.185.0/24
add list=UnBlockIPList address=220.181.19.0/24
add list=UnBlockIPList address=220.181.61.0/2
add list=UnBlockIPList address=220.181.74.0/24
add list=UnBlockIPList address=220.181.90.0/24
add list=UnBlockIPList address=220.181.94.0/24
add list=UnBlockIPList address=220.194.199.0/24
add list=UnBlockIPList address=221.238.18.0/24
add list=UnBlockIPList address=42.156.140.0/24
add list=UnBlockIPList address=42.62.20.0/24
add list=UnBlockIPList address=42.62.49.0/24
add list=UnBlockIPList address=54.243.116.0/24
add list=UnBlockIPList address=58.215.179.0/24
add list=UnBlockIPList address=58.222.17.0/24
add list=UnBlockIPList address=58.63.237.0/24
add list=UnBlockIPList address=58.83.190.0/24
add list=UnBlockIPList address=59.151.12.0/24
add list=UnBlockIPList address=60.217.235.0/24
add list=UnBlockIPList address=60.28.164.0/24
add list=UnBlockIPList address=61.135.132.0/24
add list=UnBlockIPList address=61.135.181.0/24
add list=UnBlockIPList address=61.135.183.0/24
add list=UnBlockIPList address=61.135.196.0/24
add list=UnBlockIPList address=61.135.253.0/24
add list=UnBlockIPList address=66.102.246.0/24[/code] 因为VPN Access也用了profile=default-encryption,而之前上面的Link也用profile=default-encryption,所以上面就建议大家修改为profile=profile-cn,那么两家都不影响对方。
而VPN Acccess,用的network是192.168.89.0/24。如果在大家外面VPN家里的RB,那么接入是IP是192.168.89.0/24,而不是192.168.88.0/24,为了想用到上面的服务,那么就要把192.168.89.0/24着段加入上面的script,add list=Internal-Nets address=192.168.89.0/24。 上面的magic script,要注意的地方:
:local username "vpn-name"
:local password "vpn-passowrd"
:local hostname "vpn-server-host-name"
:local internal "192.168.88.0/24"
特别要注意internal lan network,如果修改到其他段,如10.1.2.0/24, 你要再修改/ip dhcp-server netword下的DNS Server为10.1.2.1。 有了上面的功能,那么我们就可以在车上听QQ的Music了。如果你的手机速度够快的话,那么也可以看电影。
頁:
[1]