12
返回列表 發帖
角色

Rank: 2
1# 跳轉到 » 倒序看帖
打印
tT
發表於 2014-8-14 21:34 | 只看該作者

【RouterOS】—— PPTP client and routing local packets to the remote server gateway

本帖最後由 角色 於 2014-8-17 15:22 編輯

Objectives:

1) Using RouterOS GUi (or Nat code) to program the device such that the local device can use the remote gateway.

The following post gives you the information of setting up a PPTP client on a Routerboard:
http://www.mikrotik.com/testdocs/ros/3.0/vpn/pptp.php

Also the following post provides a very practical example of setting up a PPTP client.

http://www.hkepc.com/forum/viewt ... ;highlight=mikrotik

The following wiki describes the step to mark which destination IP address has to go out via vpn tunnel (route packets to the remote VPN gateway) and the rest of destination IP addresses will use the local gateway.
http://wiki.mikrotik.com/wiki/Policy_Base_Routing
收藏 分享

角色

Rank: 2
2#
發表於 2014-8-15 00:32 | 只看該作者
本帖最後由 角色 於 2014-8-19 01:20 編輯

The content of easy_setup.rsc
  1. :local username "test"
  2. :local password "1234"
  3. :local hostname "0.0.0.0"
  4. :local internal "192.168.88.0/24"
  5. /interface pptp-client
  6. add add-default-route=no allow=chap,mschap1,mschap2 connect-to=$hostname \
  7. dial-on-demand=no disabled=no keepalive-timeout=60 max-mru=1400 max-mtu=\
  8. 1400 mrru=disabled name=vpn_cn password=$password profile=\
  9. default-encryption user=$username
  10. /ip firewall mangle
  11. add action=mark-routing chain=prerouting dst-address-list=UnBlockIPList \
  12. port=80,443,8080 new-routing-mark=through_vpn_cn passthrough=no \
  13. protocol=tcp src-address-list=Internal-Nets disabled=no
  14. /ip firewall nat
  15. add action=masquerade chain=srcnat out-interface=vpn_cn disabled=no
  16. /ip route
  17. add distance=1 gateway=vpn_cn routing-mark=through_vpn_cn disabled=no \
  18. scope=255
  19. /ip dns
  20. set allow-remote-requests=yes servers=8.8.8.8,114.114.114.114
  21. /ip firewall address-list
  22. add list=Internal-Nets address=$internal comment="Internal-Nets"
  23. add list=UnBlockIPList address=103.7.28.0/24
  24. add list=UnBlockIPList address=103.7.30.0/24
  25. add list=UnBlockIPList address=103.7.31.0/24
  26. add list=UnBlockIPList address=107.21.213.0/24
  27. add list=UnBlockIPList address=111.161.48.0/24
  28. add list=UnBlockIPList address=115.182.93.0/24
  29. add list=UnBlockIPList address=117.121.54.0/24
  30. add list=UnBlockIPList address=118.244.244.0/24
  31. add list=UnBlockIPList address=119.147.19.0/24
  32. add list=UnBlockIPList address=119.188.40.0/24
  33. add list=UnBlockIPList address=123.125.195.0/24
  34. add list=UnBlockIPList address=123.125.89.0/24
  35. add list=UnBlockIPList address=123.126.48.0/24
  36. add list=UnBlockIPList address=123.126.53.0/24
  37. add list=UnBlockIPList address=123.126.98.0/24
  38. add list=UnBlockIPList address=123.126.99.0/24
  39. add list=UnBlockIPList address=123.58.180.0/24
  40. add list=UnBlockIPList address=125.39.70.0/24
  41. add list=UnBlockIPList address=125.39.95.0/24
  42. add list=UnBlockIPList address=125.89.72.0/24
  43. add list=UnBlockIPList address=163.177.71.0/24
  44. add list=UnBlockIPList address=163.177.79.0/24
  45. add list=UnBlockIPList address=163.177.89.0/24
  46. add list=UnBlockIPList address=180.153.106.0/24
  47. add list=UnBlockIPList address=180.153.21.0/24
  48. add list=UnBlockIPList address=180.153.225.0/24
  49. add list=UnBlockIPList address=180.76.2.0/24
  50. add list=UnBlockIPList address=182.16.230.0/24
  51. add list=UnBlockIPList address=183.61.119.0/24
  52. add list=UnBlockIPList address=184.51.15.0/24
  53. add list=UnBlockIPList address=192.241.222.0/24
  54. add list=UnBlockIPList address=202.108.14.0/24
  55. add list=UnBlockIPList address=202.108.23.0/24
  56. add list=UnBlockIPList address=202.108.37.0/24
  57. add list=UnBlockIPList address=202.108.5.0/24
  58. add list=UnBlockIPList address=202.55.10.0/24
  59. add list=UnBlockIPList address=202.55.12.0/24
  60. add list=UnBlockIPList address=210.129.145.0/24
  61. add list=UnBlockIPList address=211.151.181.0/24
  62. add list=UnBlockIPList address=218.205.72.0/24
  63. add list=UnBlockIPList address=218.30.66.0/24
  64. add list=UnBlockIPList address=218.77.91.0/24
  65. add list=UnBlockIPList address=220.181.109.0/24
  66. add list=UnBlockIPList address=220.181.118.0/24
  67. add list=UnBlockIPList address=220.181.153.0/24
  68. add list=UnBlockIPList address=220.181.154.0/24
  69. add list=UnBlockIPList address=220.181.185.0/24
  70. add list=UnBlockIPList address=220.181.19.0/24
  71. add list=UnBlockIPList address=220.181.61.0/2
  72. add list=UnBlockIPList address=220.181.74.0/24
  73. add list=UnBlockIPList address=220.181.90.0/24
  74. add list=UnBlockIPList address=220.181.94.0/24
  75. add list=UnBlockIPList address=220.194.199.0/24
  76. add list=UnBlockIPList address=221.238.18.0/24
  77. add list=UnBlockIPList address=42.156.140.0/24
  78. add list=UnBlockIPList address=42.62.20.0/24
  79. add list=UnBlockIPList address=42.62.49.0/24
  80. add list=UnBlockIPList address=54.243.116.0/24
  81. add list=UnBlockIPList address=58.215.179.0/24
  82. add list=UnBlockIPList address=58.222.17.0/24
  83. add list=UnBlockIPList address=58.63.237.0/24
  84. add list=UnBlockIPList address=58.83.190.0/24
  85. add list=UnBlockIPList address=59.151.12.0/24
  86. add list=UnBlockIPList address=60.217.235.0/24
  87. add list=UnBlockIPList address=60.28.164.0/24
  88. add list=UnBlockIPList address=61.135.132.0/24
  89. add list=UnBlockIPList address=61.135.181.0/24
  90. add list=UnBlockIPList address=61.135.183.0/24
  91. add list=UnBlockIPList address=61.135.196.0/24
  92. add list=UnBlockIPList address=61.135.253.0/24
  93. add list=UnBlockIPList address=66.102.246.0/24
複製代碼
Test

http://www.hkepc.com/forum/redir ... 57&pid=31963296

TOP

角色

Rank: 2
3#
發表於 2014-8-19 01:39 | 只看該作者
本帖最後由 角色 於 2014-8-19 02:40 編輯

http://www.hkepc.com/forum/viewt ... page=13#pid31614526

http://www.hkepc.com/forum/redir ... 57&pid=31963296

http://www.hkepc.com/forum/redir ... 51&pid=31614526

Temp links:
http://www.hkepc.com/forum/viewt ... =239887&page=14
http://www.hkepc.com/forum/viewt ... ice&tid=2069651
http://www.hkepc.com/forum/viewt ... page=13#pid31614526

TOP

角色

Rank: 2
4#
發表於 2014-8-27 00:33 | 只看該作者
终于搞定,都是按照下面的帖子去做。

http://www.hkepc.com/forum/viewt ... page=13#pid31614526

TOP

yiucsw

Rank: 1
5#
發表於 2014-12-29 15:12 | 只看該作者
是香港到中国的?有没有中国到外边的?

TOP

角色

Rank: 2
6#
發表於 2014-12-29 17:40 | 只看該作者
都是一样,你到过来做就可以。

TOP

yiucsw

Rank: 1
7#
發表於 2014-12-29 23:37 | 只看該作者
unblock list 会不一样吗?

/ip firewall address-list

TOP

角色

Rank: 2
8#
發表於 2014-12-30 00:11 | 只看該作者
unblockIPList里内容当然不一样,你要log,一个一个找出来。

TOP

yiucsw

Rank: 1
9#
發表於 2014-12-31 02:01 | 只看該作者
Run 了Script 不知道为什么Firewall说VPN not ready. Route list unreachable.  (主要连到 Vigor PPTN server)
Run 了Script,如何重新再Run. delete interface, route, firewall entry 都不成。
附件: 您需要登錄才可以下載或查看附件。沒有帳號?註冊

TOP

tc30624100

Rank: 1
10#
發表於 2014-12-31 02:40 | 只看該作者
回復 9# yiucsw


    gateway 改為那interface 的名字就通了

TOP

yiucsw

Rank: 1
11#
發表於 2014-12-31 18:41 | 只看該作者
The PPTP client interface, gateway 都是同一名字:VPN_HK。
[
附件: 您需要登錄才可以下載或查看附件。沒有帳號?註冊

TOP

yiucsw

Rank: 1
12#
發表於 2014-12-31 19:13 | 只看該作者
不知道对不对。
原本:
PPTP Interface Profile: Default-Encryption 的时候。Status : Link Established
PPTP Interface Profile: Default 的时候。 Status : Connected。

希望可以解决一部分问题

TOP

yiucsw

Rank: 1
13#
發表於 2014-12-31 20:09 | 只看該作者
我将下面的变成Script cn.txt。运行时有ERROR,
"value of address expects range of ip addresses"
知道是哪里有问题吗?

/ip firewall address-list
add list=Internal-Nets address=$internal comment="Internal-Nets"
add list=UnBlockIPList address=173.194.72.0/24
add list=UnBlockIPList address=173.194.127.0/24

TOP

角色

Rank: 2
14#
發表於 2015-1-1 20:06 | 只看該作者
你的问题太少信息!
你好想说过RB与Draytek连,但是两边的network addresses是什么我们都不知道。

TOP

yiucsw

Rank: 1
15#
發表於 2015-1-1 22:42 | 只看該作者
还没到那一步。RB是PPTP CLIENT。 VIGOR 是 PPTP SERVER。 将你的SCRIPT 分两部分。 以上是加UNBLOCK LIST 的SCRIPT。 有ERROR,我猜是SYNTAX ERROR。

TOP

12
返回列表