# aug/23/2021 15:03:51 by RouterOS 6.45.9 # software id = VM7R-DI02 # # model = CCR1009-7G-1C-1S+ # serial number = E3270D39D21A /interface ethernet set [ find default-name=ether3 ] name=GuestLan set [ find default-name=ether2 ] name=LANPORT set [ find default-name=ether1 ] name=WANPORT /interface list add name=WAN add name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile add dns-name=mydns.com hotspot-address=192.168.250.1 name=hsprof1 /ip hotspot user profile set [ find default=yes ] shared-users=5 add name=128kbps rate-limit=128k/128k add name=256kbps rate-limit=256k/256k add name=512kbps rate-limit=512k/512k add name=1024kbps rate-limit=1024k/1024k add name=5mbps rate-limit=5M/5M /ip ipsec peer add address=mypublicip1/32 local-address=mypublicip2 name=peer1 passive=yes /ip ipsec profile set [ find default=yes ] dh-group=modp1024 enc-algorithm=\ aes-256,camellia-256,aes-192,camellia-192,aes-128,camellia-128,3des,blowfish,des nat-traversal=no add dh-group=modp1024 enc-algorithm=aes-128,3des,des name=profile1 nat-traversal=no /ip ipsec proposal set [ find default=yes ] auth-algorithms=md5 enc-algorithms=\ aes-256-ctr,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm,3des,des /ip pool add name=dhcp ranges=192.168.250.2-192.168.250.240 add name=PPTP_POOL ranges=192.168.250.241-192.168.250.249 add name=hs-pool-5 ranges=192.168.10.2-192.168.10.100 /ip dhcp-server add address-pool=dhcp disabled=no interface=LANPORT name=dhcp1 add address-pool=hs-pool-5 disabled=no interface=GuestLan lease-time=1h name=dhcp2 /ip hotspot add address-pool=dhcp disabled=no interface=LANPORT name=hotspot1 profile=hsprof1 /ppp profile add local-address=192.168.250.1 name=PPTP remote-address=PPTP_POOL /queue simple add burst-limit=128k/128k burst-threshold=64k/64k burst-time=10s/10s max-limit=128k/128k name=x1 target=\ 192.168.250.48/32 add burst-limit=256k/256k burst-threshold=128k/128k burst-time=10s/10s max-limit=256k/256k name=x2 target=\ 192.168.250.212/32 add burst-limit=256k/256k burst-threshold=256k/256k burst-time=1h/1h disabled=yes limit-at=128k/128k max-limit=\ 256k/256k name=x3 target=192.168.250.78/32 /interface list member add interface=WANPORT list=WAN add list=LAN add interface=GuestLan list=LAN /interface pptp-server server set enabled=yes /ip address add address=122.176.28.40/24 interface=WANPORT network=122.176.28.0 add address=192.168.250.1/24 interface=LANPORT network=192.168.250.0 add address=192.168.10.1/24 comment="hotspot network" interface=GuestLan network=192.168.10.0 /ip arp add address=192.168.250.206 interface=LANPORT mac-address=04:0E:3C:2A:62:98 /ip dhcp-server network add address=192.168.10.0/24 comment="hotspot network" gateway=192.168.10.1 add address=192.168.250.0/24 gateway=192.168.250.1 netmask=24 /ip dns set servers=59.144.144.100,202.56.215.54 /ip firewall filter add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes /ip firewall nat add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes add action=accept chain=srcnat dst-address=192.168.254.0/24 log=yes src-address=192.168.250.0/24 add action=masquerade chain=srcnat src-address=192.168.250.0/24 add action=masquerade chain=srcnat log=yes out-interface-list=WAN add action=accept chain=srcnat log=yes src-address=202.133.72.24 add action=accept chain=dstnat dst-address=202.133.72.24 log=yes add action=dst-nat chain=dstnat dst-port=5555 in-interface=WANPORT protocol=tcp to-addresses=192.168.250.4 to-ports=\ 5555 add action=dst-nat chain=dstnat dst-port=9500 in-interface=WANPORT protocol=tcp to-addresses=192.168.250.4 to-ports=\ 9500 add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=192.168.10.0/24 /ip hotspot ip-binding add disabled=yes mac-address=30:D0:42:28:00:EE server=hotspot1 type=bypassed add comment=xx2 mac-address=9C:30:5B:AA:BB:FF type=bypassed /ip hotspot user add limit-bytes-total=2048000000 name=user1 profile=128kbps server=hotspot1 add limit-bytes-total=1024000000 name=user2 profile=5mbps add name=Guest /ip ipsec identity add peer=peer1 /ip ipsec policy add dst-address=192.168.254.0/24 peer=peer1 sa-dst-address=mypublicip1 sa-src-address=mypublicip2 src-address=\ 192.168.250.0/24 tunnel=yes /ip route add distance=1 gateway=mypublicipgw1 /ppp secret add name=s3dlfuser1 profile=PPTP service=pptp add name=s3dlfuser2 profile=PPTP service=pptp add name=s3dlfuser3 profile=PPTP service=pptp add name=s3dlfuser4 profile=PPTP service=pptp add name=s3dlfuser5 profile=PPTP service=pptp add name=s3dlfuser6 profile=PPTP service=pptp add name=s3dlfuser7 profile=PPTP service=pptp add name=s3dlfuser8 profile=PPTP service=pptp /system clock set time-zone-name=Asia/Kolkata