From 564aaca9b4bafd35b86c613f8ea4435144499709 Mon Sep 17 00:00:00 2001 From: oxidized Date: Thu, 4 Jul 2019 12:22:13 +0200 Subject: [PATCH] update mikrotik/mt-bu.ke.einsle.de --- mikrotik/mt-bu.ke.einsle.de | 2 + mikrotik/mt-dg.ke.einsle.de | 109 -- mikrotik/mt-dude.ke.einsle.de | 185 --- mikrotik/mt-eg.ke.einsle.de | 70 -- mikrotik/mt-kg.ke.einsle.de | 189 --- mikrotik/mt-kg2.ke.einsle.de | 182 --- mikrotik/mt-og.ke.einsle.de | 86 -- mikrotik/mt-wap.ke.einsle.de | 101 -- opnsense/fw01.ke.einsle.de | 2139 --------------------------------- opnsense/fw02.ke.einsle.de | 2137 -------------------------------- 10 files changed, 2 insertions(+), 5198 deletions(-) delete mode 100644 mikrotik/mt-dg.ke.einsle.de delete mode 100644 mikrotik/mt-dude.ke.einsle.de delete mode 100644 mikrotik/mt-eg.ke.einsle.de delete mode 100644 mikrotik/mt-kg.ke.einsle.de delete mode 100644 mikrotik/mt-kg2.ke.einsle.de delete mode 100644 mikrotik/mt-og.ke.einsle.de delete mode 100644 mikrotik/mt-wap.ke.einsle.de delete mode 100644 opnsense/fw01.ke.einsle.de delete mode 100644 opnsense/fw02.ke.einsle.de diff --git a/mikrotik/mt-bu.ke.einsle.de b/mikrotik/mt-bu.ke.einsle.de index fb3adee..c63a883 100644 --- a/mikrotik/mt-bu.ke.einsle.de +++ b/mikrotik/mt-bu.ke.einsle.de @@ -12,6 +12,7 @@ # Flags: U - undoable, R - redoable, F - floating-undo # ACTION BY POLICY # U RADIUS client added admin write +# U RADIUS client added admin write # U RADIUS client removed admin write # U RADIUS client changed admin write # U RADIUS client added admin write @@ -73,6 +74,7 @@ set allow-none-crypto=yes forwarding-enabled=remote set 0 interfaces=wlan1 /radius add address=172.24.1.2 secret=asdf service=wireless,ipsec +add address=172.24.1.3 secret=asdfads service=wireless,ipsec /system clock set time-zone-name=Europe/Berlin /system identity diff --git a/mikrotik/mt-dg.ke.einsle.de b/mikrotik/mt-dg.ke.einsle.de deleted file mode 100644 index 495cfbf..0000000 --- a/mikrotik/mt-dg.ke.einsle.de +++ /dev/null @@ -1,109 +0,0 @@ -# routerboard: yes -# board-name: hAP ac -# model: RouterBOARD 962UiGS-5HacT2HnT -# serial-number: 67370685D272 -# firmware-type: qca9550L -# factory-firmware: 3.31 -# current-firmware: 6.45.1 -# upgrade-firmware: 6.45.1 -# -# channel: stable -# installed-version: 6.45.1 -# -# Flags: U - undoable, R - redoable, F - floating-undo -# ACTION BY POLICY -# U user oxidized added admin write -# policy -# -# software id = 4J0Q-ELYL -# -# model = RouterBOARD 962UiGS-5HacT2HnT -# serial number = 67370685D272 -/interface bridge -add fast-forward=no name=br_vlan1 protocol-mode=none -add fast-forward=no name=br_vlan10 protocol-mode=none -add fast-forward=no name=br_vlan42 protocol-mode=none -add fast-forward=no name=br_vlan50 protocol-mode=none -add fast-forward=no name=br_vlan51 protocol-mode=none -add fast-forward=no name=br_vlan52 protocol-mode=none -add fast-forward=no name=br_vlan99 protocol-mode=none -add fast-forward=no name=br_wlan protocol-mode=none -/interface ethernet -set [ find default-name=ether1 ] speed=100Mbps -set [ find default-name=ether2 ] speed=100Mbps -set [ find default-name=ether3 ] speed=100Mbps -set [ find default-name=ether4 ] speed=100Mbps -set [ find default-name=ether5 ] speed=100Mbps -set [ find default-name=sfp1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full -/interface wireless -# managed by CAPsMAN -# channel: 2412/20/gn(10dBm), SSID: wifis.org/ke/bertling, CAPsMAN forwarding -set [ find default-name=wlan1 ] ssid=MikroTik -# managed by CAPsMAN -# channel: 5180/20/ac(20dBm), SSID: wifis.org/ke/bertling, CAPsMAN forwarding -set [ find default-name=wlan2 ] ssid=MikroTik -/interface vlan -add interface=br_wlan loop-protect-disable-time=0s loop-protect-send-interval=0s name=br_wlan_vlan42 vlan-id=42 -add interface=br_wlan loop-protect-disable-time=0s loop-protect-send-interval=0s name=br_wlan_vlan50 vlan-id=50 -add interface=br_wlan loop-protect-disable-time=0s loop-protect-send-interval=0s name=br_wlan_vlan51 vlan-id=51 -add interface=br_wlan loop-protect-disable-time=0s loop-protect-send-interval=0s name=br_wlan_vlan52 vlan-id=52 -add interface=br_wlan loop-protect-disable-time=0s loop-protect-send-interval=0s name=br_wlan_vlan99 vlan-id=99 -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan1 vlan-id=1 -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan10 vlan-id=10 -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan42 vlan-id=42 -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan50 vlan-id=50 -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan51 vlan-id=51 -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan52 vlan-id=52 -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan60 vlan-id=60 -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan99 vlan-id=99 -/interface wireless security-profiles -set [ find default=yes ] supplicant-identity=MikroTik -/ip hotspot profile -set [ find default=yes ] html-directory=flash/hotspot -/routing bgp instance -set default disabled=yes -/routing ospf instance -set [ find default=yes ] disabled=yes -/snmp community -set [ find default=yes ] addresses=172.24.0.0/16 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=jie6Wao5weeSahs -add addresses=172.24.1.0/24,172.24.10.0/24 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private -/interface bridge port -add bridge=br_vlan1 interface=vlan1 -add bridge=br_vlan10 interface=vlan10 -add bridge=br_vlan42 interface=vlan42 -add bridge=br_vlan50 interface=vlan50 -add bridge=br_vlan51 interface=vlan51 -add bridge=br_vlan52 interface=vlan52 -add bridge=br_vlan10 hw=no interface=ether2 -add bridge=br_vlan51 hw=no interface=ether3 -add bridge=br_vlan51 hw=no interface=ether4 -add bridge=br_vlan52 hw=no interface=ether5 -add bridge=br_vlan42 interface=br_wlan_vlan42 -add bridge=br_vlan50 interface=br_wlan_vlan50 -add bridge=br_vlan51 interface=br_wlan_vlan51 -add bridge=br_vlan52 interface=br_wlan_vlan52 -add bridge=br_vlan99 interface=br_wlan_vlan99 -add bridge=br_vlan99 interface=vlan99 -/interface wireless cap -# -set bridge=br_wlan caps-man-addresses=172.24.1.97 enabled=yes interfaces=wlan1,wlan2 -/ip address -add address=172.24.1.95/24 interface=vlan1 network=172.24.1.0 -add address=172.24.10.95/24 interface=vlan10 network=172.24.10.0 -add address=172.24.42.95/24 interface=vlan42 network=172.24.42.0 -/ip dns -set servers=172.24.10.11,172.24.10.12 -/ip route -add distance=1 gateway=172.24.1.1 -/ip ssh -set allow-none-crypto=yes forwarding-enabled=remote -/snmp -set contact="Robert Einsle " enabled=yes location="Kempten, Dachgeschoss" trap-version=3 -/system clock -set time-zone-name=Europe/Berlin -/system identity -set name=mt-dg -/system ntp client -set enabled=yes primary-ntp=172.24.10.13 secondary-ntp=172.24.10.12 -/tool romon -set enabled=yes id=6C:3B:6B:19:5C:58 secrets=78f244b59c diff --git a/mikrotik/mt-dude.ke.einsle.de b/mikrotik/mt-dude.ke.einsle.de deleted file mode 100644 index dce9ecc..0000000 --- a/mikrotik/mt-dude.ke.einsle.de +++ /dev/null @@ -1,185 +0,0 @@ -# routerboard: yes -# board-name: hEX -# model: RouterBOARD 750G r3 -# serial-number: 6F3806DF15CA -# firmware-type: mt7621L -# factory-firmware: 3.34 -# current-firmware: 6.45.1 -# upgrade-firmware: 6.45.1 -# -# channel: stable -# installed-version: 6.45.1 -# -# Flags: U - undoable, R - redoable, F - floating-undo -# ACTION BY POLICY -# U user oxidized added admin write -# policy -# -# software id = QCYC-SED2 -# -# model = RouterBOARD 750G r3 -# serial number = 6F3806DF15CA -/caps-man channel -add band=5ghz-onlyac name=chan_ke_5 -add band=2ghz-g/n name=chan_ke_2 -/interface bridge -add fast-forward=no name=br_brigitte protocol-mode=none -add fast-forward=no name=br_gast protocol-mode=none -add fast-forward=no name=br_lan protocol-mode=none -add fast-forward=no name=br_lo protocol-mode=none -add fast-forward=no name=br_mgmt protocol-mode=none -add fast-forward=no name=br_robert protocol-mode=none -add fast-forward=no name=br_server protocol-mode=none -add fast-forward=no name=br_teresa protocol-mode=none -add fast-forward=no name=br_test protocol-mode=none -add fast-forward=no name=br_tobias protocol-mode=none -add fast-forward=no name=br_voip protocol-mode=none -/interface ethernet -set [ find default-name=ether1 ] speed=100Mbps -set [ find default-name=ether2 ] speed=100Mbps -set [ find default-name=ether3 ] speed=100Mbps -set [ find default-name=ether4 ] speed=100Mbps -set [ find default-name=ether5 ] speed=100Mbps -/interface vlan -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan1 vlan-id=1 -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan10 vlan-id=10 -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan42 vlan-id=42 -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan50 vlan-id=50 -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan51 vlan-id=51 -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan52 vlan-id=52 -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan60 vlan-id=60 -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan90 vlan-id=90 -add interface=ether1 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan99 vlan-id=99 -/caps-man datapath -add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_radius -add bridge=br_robert client-to-client-forwarding=yes local-forwarding=no name=dp_robert -add bridge=br_brigitte client-to-client-forwarding=yes local-forwarding=no name=dp_brigitte -add bridge=br_tobias client-to-client-forwarding=yes local-forwarding=no name=dp_tobias -add bridge=br_teresa client-to-client-forwarding=yes local-forwarding=no name=dp_teresa -add bridge=br_gast client-to-client-forwarding=no local-forwarding=no name=dp_gast -/caps-man rates -add basic=12Mbps name=rates supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps -/caps-man security -add authentication-types=wpa2-eap eap-methods=passthrough encryption=aes-ccm group-encryption=aes-ccm name=sec_radius -add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_robert passphrase=DasIstEinTest! -add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_brigitte passphrase=aH4duhoo -add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_tobias passphrase=eifohk5U -add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_teresa passphrase=Em0aiLei -add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec_gast passphrase=aseeci9oQu8Ooru -/caps-man configuration -add channel=chan_ke_5 country=germany datapath=dp_radius hide-ssid=no mode=ap name=cfg_5_radius rates=rates security=sec_radius ssid=wifis.org/ke/bertling -add channel=chan_ke_5 datapath=dp_robert name=cfg_5_robert rates=rates security=sec_robert ssid=wifis.org/ke/robert -add channel=chan_ke_5 datapath=dp_brigitte name=cfg_5_brigitte rates=rates security=sec_brigitte ssid=wifis.org/ke/brigitte -add channel=chan_ke_5 datapath=dp_tobias name=cfg_5_tobias rates=rates security=sec_tobias ssid=wifis.org/ke/tobias -add channel=chan_ke_5 datapath=dp_teresa name=cfg_5_teresa rates=rates security=sec_teresa ssid=wifis.org/ke/teresa -add channel=chan_ke_5 datapath=dp_gast name=cfg_5_gast rates=rates security=sec_gast ssid=wifis.org/ke/gast -add channel=chan_ke_2 country=germany datapath=dp_radius hide-ssid=no mode=ap name=cfg_2_radius rates=rates security=sec_radius ssid=wifis.org/ke/bertling -add channel=chan_ke_2 datapath=dp_brigitte name=cfg_2_brigitte rates=rates security=sec_brigitte ssid=wifis.org/ke/brigitte -add channel=chan_ke_2 datapath=dp_gast name=cfg_2_gast rates=rates security=sec_gast ssid=wifis.org/ke/gast -add channel=chan_ke_2 datapath=dp_robert name=cfg_2_robert rates=rates security=sec_robert ssid=wifis.org/ke/robert -add channel=chan_ke_2 datapath=dp_teresa name=cfg_2_teresa rates=rates security=sec_teresa ssid=wifis.org/ke/teresa -add channel=chan_ke_2 datapath=dp_tobias name=cfg_2_tobias rates=rates security=sec_tobias ssid=wifis.org/ke/tobias -/interface wireless security-profiles -set [ find default=yes ] supplicant-identity=MikroTik -/ip hotspot profile -set [ find default=yes ] html-directory=flash/hotspot -/ip pool -add name=pool_robert ranges=172.24.42.110-172.24.42.200 -add name=pool_brigitte ranges=172.24.50.110-172.24.50.200 -add name=pool_tobias ranges=172.24.51.110-172.24.51.200 -add name=pool_teresa ranges=172.24.52.110-172.24.52.200 -/ip dhcp-server -add address-pool=pool_robert authoritative=after-2sec-delay interface=br_robert name=dhcp_robert -add address-pool=pool_brigitte authoritative=after-2sec-delay interface=br_brigitte name=dhcp_brigitte -add address-pool=pool_tobias authoritative=after-2sec-delay interface=br_tobias name=dhcp_tobias -add address-pool=pool_teresa authoritative=after-2sec-delay interface=br_teresa name=dhcp_teresa -/routing bgp instance -set default as=65000 client-to-client-reflection=no router-id=172.24.255.89 -/routing ospf instance -set [ find default=yes ] redistribute-connected=as-type-1 router-id=172.24.255.89 -/snmp community -set [ find default=yes ] addresses=172.24.1.0/24,172.24.10.0/24 authentication-protocol=SHA1 encryption-protocol=AES name=jie6Wao5weeSahs -add addresses=172.24.1.0/24,172.24.10.0/24 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private -add addresses=172.24.10.0/24 name=public -/caps-man manager -set ca-certificate=auto certificate=mt-dude.ke.einsle.de enabled=yes upgrade-policy=suggest-same-version -/caps-man provisioning -add action=create-dynamic-enabled hw-supported-modes=ac,an master-configuration=cfg_5_radius name-format=prefix-identity name-prefix=cap-5- slave-configurations=cfg_5_robert,cfg_5_brigitte,cfg_5_tobias,cfg_5_teresa,cfg_5_gast -add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=cfg_2_radius name-format=prefix-identity name-prefix=cap-2- slave-configurations=cfg_2_robert,cfg_2_brigitte,cfg_2_tobias,cfg_2_teresa,cfg_2_gast -/dude -set data-directory=disk1 enabled=yes -/interface bridge port -add bridge=br_mgmt interface=vlan1 -add bridge=br_server interface=vlan10 -add bridge=br_robert interface=vlan42 -add bridge=br_brigitte interface=vlan50 -add bridge=br_tobias interface=vlan51 -add bridge=br_teresa interface=vlan52 -add bridge=br_voip interface=vlan60 -add bridge=br_test interface=vlan90 -add bridge=br_gast interface=vlan99 -add bridge=br_lan interface=ether1 -/interface ethernet switch vlan -add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=1 -add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=10 -add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=42 -add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=50 -add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=51 -add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=52 -add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=60 -add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=90 -add independent-learning=no ports=switch1-cpu,ether1 switch=switch1 vlan-id=99 -/ip address -add address=172.24.42.89/24 interface=br_robert network=172.24.42.0 -add address=172.24.1.89/24 interface=br_mgmt network=172.24.1.0 -add address=172.24.10.89/24 interface=br_server network=172.24.10.0 -add address=172.24.52.89/24 interface=br_teresa network=172.24.52.0 -add address=172.24.50.89/24 interface=br_brigitte network=172.24.50.0 -add address=172.24.51.89/24 interface=br_tobias network=172.24.51.0 -add address=172.24.255.89 interface=br_lo network=172.24.255.89 -add address=172.24.0.26/30 interface=ether1 network=172.24.0.24 -add address=172.24.60.89/24 interface=br_voip network=172.24.60.0 -/ip dhcp-server network -add address=172.24.42.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.42.2 netmask=24 -add address=172.24.50.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.50.2 netmask=24 -add address=172.24.51.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.51.2 netmask=24 -add address=172.24.52.89/32 dns-server=8.8.8.8,172.24.10.13,172.24.10.17 gateway=172.24.52.2 netmask=24 -/ip dns -set servers=172.24.10.11,172.24.10.12 -/ip route -add distance=1 gateway=172.24.1.1 -/ip smb shares -set [ find default=yes ] directory=/pub -/ip ssh -set allow-none-crypto=yes forwarding-enabled=remote -/mpls ldp -set lsr-id=172.24.255.89 transport-address=172.24.255.89 -/mpls ldp interface -add disabled=yes interface=ether1 -/radius -add address=172.24.10.25 disabled=yes domain=wlan.ke.einsle.de secret=zu6OhMe8ien5 service=wireless timeout=1s -add address=172.24.42.109 domain=ke.einsle.de secret=ni.xd.ol service=wireless timeout=1s -/routing bgp peer -add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 name=mt-kg remote-address=172.24.255.91 remote-as=65000 ttl=default update-source=br_lo -/routing ospf network -add area=backbone network=172.24.255.89/32 -add area=backbone network=172.24.0.24/30 -add area=backbone network=172.24.1.0/24 -/snmp -set contact="Robert Einsle " enabled=yes location="Kempten, Keller" -/system clock -set time-zone-name=Europe/Berlin -/system identity -set name=mt-dude -/system ntp client -set enabled=yes primary-ntp=172.24.10.13 secondary-ntp=172.24.10.12 -/system resource irq rps -set ether1 disabled=no -set ether2 disabled=no -set ether3 disabled=no -set ether4 disabled=no -set ether5 disabled=no -/system scheduler -add interval=1d name=backup on-event="/system backup save name=mt-dude" policy=write start-date=oct/02/2017 start-time=00:00:00 -/tool romon -set enabled=yes id=6C:3B:6B:88:34:48 secrets=78f244b59c diff --git a/mikrotik/mt-eg.ke.einsle.de b/mikrotik/mt-eg.ke.einsle.de deleted file mode 100644 index 8a18ea4..0000000 --- a/mikrotik/mt-eg.ke.einsle.de +++ /dev/null @@ -1,70 +0,0 @@ -# routerboard: yes -# board-name: hAP ac -# model: RouterBOARD 962UiGS-5HacT2HnT -# serial-number: 673706FE47BB -# firmware-type: qca9550L -# factory-firmware: 3.31 -# current-firmware: 6.45.1 -# upgrade-firmware: 6.45.1 -# -# channel: stable -# installed-version: 6.45.1 -# -# Flags: U - undoable, R - redoable, F - floating-undo -# ACTION BY POLICY -# U user oxidized added admin write -# policy -# -# software id = BJZX-XMI3 -# -# model = RouterBOARD 962UiGS-5HacT2HnT -# serial number = 673706FE47BB -/interface bridge -add name=br_lan protocol-mode=none -add name=br_robert protocol-mode=none -add name=br_server protocol-mode=none -add name=br_voip protocol-mode=none -/interface wireless -# managed by CAPsMAN -# channel: 2412/20/gn(10dBm), SSID: wifis.org/ke/bertling, CAPsMAN forwarding -set [ find default-name=wlan1 ] ssid=MikroTik -# managed by CAPsMAN -# channel: 5180/20/ac(20dBm), SSID: wifis.org/ke/bertling, CAPsMAN forwarding -set [ find default-name=wlan2 ] ssid=MikroTik -/interface vlan -add interface=br_lan name=vlan1 vlan-id=1 -add interface=br_lan name=vlan10 vlan-id=10 -add interface=br_lan name=vlan42 vlan-id=42 -add interface=br_lan name=vlan60 vlan-id=60 -/interface wireless security-profiles -set [ find default=yes ] supplicant-identity=MikroTik -/ip hotspot profile -set [ find default=yes ] html-directory=flash/hotspot -/interface bridge port -add bridge=br_lan interface=sfp1 -add bridge=br_voip interface=ether2 -add bridge=br_robert interface=vlan42 -add bridge=br_server interface=vlan10 -add bridge=br_server interface=ether3 -add bridge=br_voip interface=vlan60 -/interface wireless cap -# -set caps-man-addresses=172.24.1.97 enabled=yes interfaces=wlan1,wlan2 -/ip address -add address=172.24.1.93/24 interface=vlan1 network=172.24.1.0 -add address=172.24.42.93/24 interface=vlan42 network=172.24.42.0 -add address=172.24.10.93/24 interface=vlan10 network=172.24.10.0 -/ip dns -set servers=172.24.10.11,172.24.10.12 -/ip route -add distance=1 gateway=172.24.1.1 -/ip ssh -set forwarding-enabled=remote -/system clock -set time-zone-name=Europe/Berlin -/system identity -set name=mt-eg -/system ntp client -set enabled=yes primary-ntp=172.24.10.11 secondary-ntp=172.24.10.12 -/tool romon -set enabled=yes id=6C:3B:6B:19:62:A8 secrets=78f244b59c diff --git a/mikrotik/mt-kg.ke.einsle.de b/mikrotik/mt-kg.ke.einsle.de deleted file mode 100644 index 32b93af..0000000 --- a/mikrotik/mt-kg.ke.einsle.de +++ /dev/null @@ -1,189 +0,0 @@ -# routerboard: yes -# model: CRS112-8G-4S -# serial-number: 6CFA0698D051 -# firmware-type: qca8513L -# factory-firmware: 3.23 -# current-firmware: 6.45.1 -# upgrade-firmware: 6.45.1 -# -# channel: stable -# installed-version: 6.45.1 -# -# Flags: U - undoable, R - redoable, F - floating-undo -# ACTION BY POLICY -# U user oxidized added admin write -# policy -# -# software id = U6BB-XKEI -# -# model = CRS112-8G-4S -# serial number = 6CFA0698D051 -/interface bridge -add name=br_brigitte protocol-mode=none -add name=br_gast protocol-mode=none -add admin-mac=6C:3B:6B:3C:0D:7C auto-mac=no comment="created from master port" name=br_lan protocol-mode=none -add fast-forward=no name=br_lo protocol-mode=none -add fast-forward=no name=br_mgmt protocol-mode=none -add fast-forward=no name=br_robert protocol-mode=none -add name=br_server protocol-mode=none -add name=br_teresa protocol-mode=none -add name=br_test protocol-mode=none -add name=br_tobias protocol-mode=none -add name=br_voip protocol-mode=none -/interface ethernet -set [ find default-name=ether1 ] comment=mt-eg name=eth1_mteg speed=100Mbps -set [ find default-name=ether2 ] comment=nas name=eth2_nas speed=100Mbps -set [ find default-name=ether3 ] comment="sw01 GE1" name=eth3_sw011 speed=100Mbps -set [ find default-name=ether4 ] comment="sw-01 GE2" name=eth4_sw012 speed=100Mbps -set [ find default-name=ether5 ] comment="FW2 LAN1" name=eth5_fw1eth0 speed=100Mbps -set [ find default-name=ether6 ] comment="FW2 LAN2" name=eth6_fw1eth1 speed=100Mbps -set [ find default-name=ether7 ] comment="horst e1" name=eth7_horste1 speed=100Mbps -set [ find default-name=ether8 ] comment="horst e2" name=eth8_horste2 speed=100Mbps -set [ find default-name=sfp9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=mt-eg_sfp1 name=sfp9_mteg -set [ find default-name=sfp10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=mt-test_sfp1 name=sfp10_mttest -set [ find default-name=sfp11 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full -set [ find default-name=sfp12 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=mt-dude name=sfp12_mtdude -/interface vlan -add comment=mgmt interface=br_lan name=vlan1 vlan-id=1 -add comment=dmz interface=br_lan name=vlan2 vlan-id=2 -add comment=mnet interface=br_lan name=vlan3 vlan-id=3 -add comment=kdg interface=br_lan name=vlan4 vlan-id=4 -add comment=server interface=br_lan name=vlan10 vlan-id=10 -add comment=robert interface=br_lan name=vlan42 vlan-id=42 -add comment=brigitte interface=br_lan name=vlan50 vlan-id=50 -add comment=tobias interface=br_lan name=vlan51 vlan-id=51 -add comment=teresa interface=br_lan name=vlan52 vlan-id=52 -add comment=voip interface=br_lan name=vlan60 vlan-id=60 -add comment=test interface=br_lan name=vlan90 vlan-id=90 -add comment=gast interface=br_lan name=vlan99 vlan-id=99 -/interface ethernet switch trunk -add member-ports=eth3_sw011,eth4_sw012 name=tr_sw01 -/interface wireless security-profiles -set [ find default=yes ] supplicant-identity=MikroTik -/ip hotspot profile -set [ find default=yes ] html-directory=flash/hotspot -/ip ipsec policy group -add name=zegowitz -/ip ipsec profile -add dh-group=modp1024 enc-algorithm=aes-128 hash-algorithm=md5 name=profile_1 -/ip ipsec peer -add address=87.140.87.206/32 disabled=yes exchange-mode=aggressive name=peer1 profile=profile_1 -/ip ipsec proposal -add auth-algorithms=md5 name=zegowitz_prop -/routing bgp instance -set default as=65000 router-id=172.24.255.91 -/routing ospf instance -set [ find default=yes ] redistribute-connected=as-type-1 router-id=172.24.255.91 -/snmp community -set [ find default=yes ] addresses=172.24.0.0/16 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=jie6Wao5weeSahs -add addresses=172.24.1.0/24,172.24.10.0/24 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private -add addresses=172.24.10.0/24 name=public -/interface bridge msti -add bridge=br_robert identifier=1 vlan-mapping=42 -/interface bridge port -add bridge=br_robert interface=vlan42 -add bridge=br_server interface=vlan10 -add bridge=br_brigitte interface=vlan50 -add bridge=br_tobias interface=vlan51 -add bridge=br_teresa interface=vlan52 -add bridge=br_voip interface=vlan60 -add bridge=br_mgmt interface=vlan1 -add bridge=br_test interface=vlan90 -add bridge=br_gast interface=vlan99 -add bridge=br_robert interface=eth2_nas -add bridge=br_lan interface=eth3_sw011 -add bridge=br_lan interface=eth4_sw012 -add bridge=br_lan interface=eth5_fw1eth0 -add bridge=br_lan interface=eth6_fw1eth1 -add bridge=br_lan interface=eth7_horste1 -add bridge=br_lan interface=eth8_horste2 -add bridge=br_lan interface=sfp9_mteg -add bridge=br_lan interface=sfp10_mttest -add bridge=br_lan interface=sfp11 -add bridge=br_lan interface=sfp12_mtdude -add bridge=br_lan interface=eth1_mteg -/ip settings -set tcp-syncookies=yes -/interface ethernet switch egress-vlan-tag -add tagged-ports="switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=1 -add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=10 -add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude" vlan-id=42 -add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=50 -add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=51 -add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=60 -add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=90 -add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=99 -add tagged-ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp10_mttest,sfp11 vlan-id=2 -add tagged-ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp9_mteg,sfp11 vlan-id=3 -add tagged-ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp11 vlan-id=4 -add tagged-ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=52 -/interface ethernet switch ingress-vlan-translation -add customer-vid=0 new-customer-vid=10 ports=eth7_horste1 -add customer-vid=0 new-customer-vid=42 ports=sfp11 -add customer-vid=0 new-customer-vid=1 ports=tr_sw01 -add customer-vid=0 new-customer-vid=4 ports=eth1_mteg -/interface ethernet switch vlan -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=1 -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=10 -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude" vlan-id=42 -add ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp10_mttest,sfp11 vlan-id=2 -add ports=tr_sw01,eth2_nas,eth7_horste1,eth8_horste2,sfp9_mteg,sfp11 vlan-id=3 -add ports="tr_sw01,eth1_mteg,eth2_nas,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp11" vlan-id=4 -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=50 -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=51 -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=52 -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=60 -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=90 -add ports="tr_sw01,switch1-cpu,eth2_nas,eth5_fw1eth0,eth6_fw1eth1,eth7_horste1,eth8_horste2,sfp10_mttest,sfp9_mteg,sfp12_mtdude,sfp11" vlan-id=99 -/ip address -add address=172.24.42.91/24 interface=br_robert network=172.24.42.0 -add address=172.24.10.91/24 interface=br_server network=172.24.10.0 -add address=172.24.1.91/24 interface=br_mgmt network=172.24.1.0 -add address=172.24.90.91/24 interface=br_test network=172.24.90.0 -add address=172.24.255.91 interface=br_lo network=172.24.255.91 -add address=172.24.50.91/24 interface=br_brigitte network=172.24.50.0 -add address=172.24.51.91/24 interface=br_tobias network=172.24.51.0 -add address=172.24.52.91/24 interface=br_teresa network=172.24.52.0 -add address=172.24.60.91/24 interface=br_voip network=172.24.60.0 -add address=172.24.99.91/24 interface=br_gast network=172.24.99.0 -add address=172.24.0.1/30 interface=sfp9_mteg network=172.24.0.0 -add address=172.24.0.25/30 interface=sfp12_mtdude network=172.24.0.24 -/ip dhcp-client -add dhcp-options=hostname,clientid disabled=no interface=br_robert -/ip dns -set servers=172.24.10.11,172.24.10.12 -/ip ipsec identity -add my-id=user-fqdn:einsle@reisert.de peer=peer1 policy-template-group=zegowitz secret="tk94BuK39Pdx1rWtw4kykpaT2Dve(\?wrk6zkew3nvmKh)7cY" -/ip ipsec policy -add dst-address=10.11.2.0/24 group=zegowitz proposal=zegowitz_prop src-address=10.11.2.0/24 template=yes -/ip route -add distance=1 gateway=172.24.1.1 -add distance=1 dst-address=172.24.0.0/24 type=blackhole -add distance=1 dst-address=172.24.255.0/24 type=blackhole -/ip service -set www-ssl certificate=mt-ke.ke.einsle.de disabled=no -set api-ssl certificate=mt-ke.ke.einsle.de -/ip ssh -set allow-none-crypto=yes forwarding-enabled=remote -/mpls ldp -set lsr-id=172.24.255.91 transport-address=172.24.255.91 -/routing bgp peer -add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 name=mt-bu remote-address=172.24.255.94 remote-as=65000 route-reflect=yes ttl=default update-source=br_lo -add address-families=ip,l2vpn,l2vpn-cisco,vpnv4 name=mt-dude remote-address=172.24.255.89 remote-as=65000 route-reflect=yes ttl=default update-source=br_lo -/routing ospf network -add area=backbone network=172.24.255.91/32 -add area=backbone network=172.24.1.0/24 -/snmp -set contact="Robert Einsle " enabled=yes location="Kempten, Netzwerkschrank Keller" -/system clock -set time-zone-name=Europe/Berlin -/system identity -set name=mt-kg -/system ntp client -set enabled=yes primary-ntp=172.24.10.11 secondary-ntp=172.24.10.12 -/system upgrade upgrade-package-source -add address=172.24.1.89 user=admin -/tool bandwidth-server -set authenticate=no -/tool romon -set enabled=yes id=6C:3B:6B:3C:0D:7C secrets=78f244b59c diff --git a/mikrotik/mt-kg2.ke.einsle.de b/mikrotik/mt-kg2.ke.einsle.de deleted file mode 100644 index 830fcac..0000000 --- a/mikrotik/mt-kg2.ke.einsle.de +++ /dev/null @@ -1,182 +0,0 @@ -# routerboard: yes -# model: CRS326-24G-2S+ -# serial-number: 763C07D3969D -# firmware-type: dx3230L -# factory-firmware: 3.37 -# current-firmware: 6.45.1 -# upgrade-firmware: 6.45.1 -# -# channel: stable -# installed-version: 6.45.1 -# latest-version: 6.45.1 -# status: System is already up to date -# -# Flags: U - undoable, R - redoable, F - floating-undo -# ACTION BY POLICY -# U ssh-key removed admin write -# policy -# U user oxidized added admin write -# policy -# -# software id = NK6R-LJLR -# -# model = CRS326-24G-2S+ -# serial number = 763C07D3969D -/caps-man channel -add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled frequency=2412 name=chan_2 tx-power=10 -add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled frequency=5180 name=chan_5 tx-power=20 -/interface bridge -add name=br_lan protocol-mode=none vlan-filtering=yes -/interface ethernet -set [ find default-name=ether1 ] name=ether1_og -set [ find default-name=ether2 ] name=ether2_dg -set [ find default-name=ether3 ] name=ether3_prn -set [ find default-name=ether4 ] name=ether4_kdg -set [ find default-name=ether5 ] name=ether5_wohn -set [ find default-name=ether6 ] name=ether6_wap -set [ find default-name=ether7 ] name=ether7_b1 -set [ find default-name=ether8 ] name=ether8_kedc02 -set [ find default-name=ether9 ] disabled=yes -set [ find default-name=ether10 ] disabled=yes -set [ find default-name=ether11 ] disabled=yes -set [ find default-name=ether12 ] name=ether12_mteg -set [ find default-name=ether13 ] name=ether13_buwap -set [ find default-name=ether14 ] name=ether14_fw1_lan1 -set [ find default-name=ether15 ] name=ether15_fw1_lan2 -set [ find default-name=ether16 ] name=ether16_fw1_lan3 -set [ find default-name=ether17 ] name=ether17_ohorst1 -set [ find default-name=ether18 ] name=ether18_ohorst2 -set [ find default-name=ether19 ] name=ether19_ohorstipmi -set [ find default-name=ether20 ] name=ether20_horstipmi -set [ find default-name=ether21 ] name=ether21_horst1 -set [ find default-name=ether22 ] mac-address=64:D1:54:C5:AC:18 name=ether22_horst2 -set [ find default-name=ether23 ] name=ether23_nas1 -set [ find default-name=ether24 ] mac-address=64:D1:54:C5:AC:1A name=ether24_nas2 -set [ find default-name=sfp-sfpplus1 ] name=sfp-sfpplus1-eg -/interface vlan -add interface=br_lan name=vlan1 vlan-id=1 -add interface=br_lan name=vlan2 vlan-id=2 -add interface=br_lan name=vlan4 vlan-id=4 -add interface=br_lan name=vlan10 vlan-id=10 -add interface=br_lan name=vlan42 vlan-id=42 -add interface=br_lan name=vlan50 vlan-id=50 -add interface=br_lan name=vlan51 vlan-id=51 -add interface=br_lan name=vlan52 vlan-id=52 -add interface=br_lan name=vlan60 vlan-id=60 -add interface=br_lan name=vlan90 vlan-id=90 -add interface=br_lan name=vlan99 vlan-id=99 -/interface bonding -add mode=802.3ad name=bond_horst slaves=ether21_horst1,ether22_horst2 -add mode=802.3ad name=bond_nas slaves=ether23_nas1,ether24_nas2 -/caps-man datapath -add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_robert vlan-id=42 vlan-mode=use-tag -add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=db_brigitte vlan-id=50 vlan-mode=use-tag -add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_tobias vlan-id=51 vlan-mode=use-tag -add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_teresa vlan-id=52 vlan-mode=use-tag -add bridge=br_lan client-to-client-forwarding=no local-forwarding=no name=dp_gast vlan-id=99 vlan-mode=use-tag -add bridge=br_lan client-to-client-forwarding=yes local-forwarding=no name=dp_radius vlan-mode=use-tag -/caps-man rates -add basic=12Mbps name=basic_rates_2 supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps -add basic=24Mbps name=basic_rates_5 supported=24Mbps,36Mbps,48Mbps,54Mbps -/caps-man security -add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_robert passphrase=DasIstEinTest! -add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_brigitte passphrase=aH4duhoo -add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_tobias passphrase=eifohk5U -add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_teresa passphrase=Em0aiLei -add authentication-types=wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=sec_gast passphrase=aseeci9oQu8Ooru -add authentication-types=wpa2-eap disable-pmkid=yes eap-methods=passthrough group-key-update=1h name=sec_radius -/caps-man configuration -add channel=chan_2 country=germany datapath=dp_robert mode=ap name=cfg_2_robert rates=basic_rates_2 security=sec_robert ssid=wifis.org/ke/robert -add channel=chan_5 country=germany datapath=db_brigitte mode=ap name=cfg_5_brigitte rates=basic_rates_5 security=sec_brigitte ssid=wifis.org/ke/brigitte -add channel=chan_2 country=germany datapath=dp_tobias mode=ap name=cfg_2_tobias rates=basic_rates_2 security=sec_tobias ssid=wifis.org/ke/tobias -add channel=chan_2 country=germany datapath=dp_teresa mode=ap name=cfg_2_teresa rates=basic_rates_2 security=sec_teresa ssid=wifis.org/ke/teresa -add channel=chan_2 country=germany datapath=dp_gast mode=ap name=cfg_2_gast rates=basic_rates_2 security=sec_gast ssid=wifis.org/ke/gast -add channel=chan_2 country=germany datapath=dp_radius mode=ap name=cfg_2_radius rates=basic_rates_2 security=sec_radius ssid=wifis.org/ke/bertling -add channel=chan_5 country=germany datapath=dp_radius mode=ap name=cfg_5_radius rates=basic_rates_5 security=sec_radius ssid=wifis.org/ke/bertling -add channel=chan_2 country=germany datapath=db_brigitte mode=ap name=cfg_2_brigitte rates=basic_rates_2 security=sec_brigitte ssid=wifis.org/ke/brigitte -add channel=chan_5 country=germany datapath=dp_gast mode=ap name=cfg_5_gast rates=basic_rates_5 security=sec_gast ssid=wifis.org/ke/gast -add channel=chan_5 country=germany datapath=dp_robert mode=ap name=cfg_5_robert rates=basic_rates_5 security=sec_robert ssid=wifis.org/ke/robert -add channel=chan_5 country=germany datapath=dp_teresa mode=ap name=cfg_5_teresa rates=basic_rates_5 security=sec_teresa ssid=wifis.org/ke/teresa -add channel=chan_5 country=germany datapath=dp_tobias mode=ap name=cfg_5_tobias rates=basic_rates_5 security=sec_tobias ssid=wifis.org/ke/tobias -/interface wireless security-profiles -set [ find default=yes ] supplicant-identity=MikroTik -/ip hotspot profile -set [ find default=yes ] html-directory=flash/hotspot -/snmp community -set [ find default=yes ] read-access=no -add addresses=172.24.0.0/16 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private -/caps-man manager -set enabled=yes upgrade-policy=suggest-same-version -/caps-man manager interface -set [ find default=yes ] forbid=yes -add disabled=no interface=vlan42 -add disabled=no interface=vlan1 -/caps-man provisioning -add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=cfg_2_radius name-format=prefix-identity name-prefix=cap-2 slave-configurations=cfg_2_robert,cfg_2_brigitte,cfg_2_gast,cfg_2_teresa,cfg_2_tobias -add action=create-dynamic-enabled hw-supported-modes=ac,an master-configuration=cfg_5_radius name-format=prefix-identity name-prefix=cap-5 slave-configurations=cfg_5_robert,cfg_5_brigitte,cfg_5_gast,cfg_5_teresa,cfg_5_tobias -/interface bridge port -add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether1_og -add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether2_dg -add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether3_prn pvid=10 -add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether4_kdg pvid=4 -add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether5_wohn pvid=42 -add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether6_wap -add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether7_b1 -add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether8_kedc02 pvid=10 -add bridge=br_lan interface=ether9 -add bridge=br_lan interface=ether10 -add bridge=br_lan interface=ether11 -add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether12_mteg pvid=42 -add bridge=br_lan interface=ether13_buwap pvid=42 -add bridge=br_lan interface=ether14_fw1_lan1 -add bridge=br_lan interface=ether15_fw1_lan2 -add bridge=br_lan interface=ether16_fw1_lan3 -add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether17_ohorst1 -add bridge=br_lan frame-types=admit-only-vlan-tagged interface=ether18_ohorst2 -add bridge=br_lan interface=ether19_ohorstipmi -add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=ether20_horstipmi -add bridge=br_lan frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1-eg pvid=42 -add bridge=br_lan interface=sfp-sfpplus2 -add bridge=br_lan interface=bond_horst -add bridge=br_lan frame-types=admit-only-untagged-and-priority-tagged interface=bond_nas pvid=10 -/interface bridge vlan -add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" untagged=ether19_ohorstipmi,ether20_horstipmi vlan-ids=1 -add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=2 -add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" untagged=ether4_kdg vlan-ids=4 -add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether17_ohorst1,ether18_ohorst2" untagged=bond_nas,ether3_prn,ether8_kedc02 vlan-ids=10 -add bridge=br_lan tagged="br_lan,bond_horst,sfp-sfpplus1-eg,sfp-sfpplus2,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" untagged=ether5_wohn,ether13_buwap vlan-ids=42 -add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=50 -add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=51 -add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=52 -add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether16_fw1_lan3,ether17_ohorst1,ether18_ohorst2" vlan-ids=60 -add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether17_ohorst1,ether18_ohorst2" vlan-ids=90 -add bridge=br_lan tagged="br_lan,sfp-sfpplus1-eg,sfp-sfpplus2,bond_horst,ether1_og,ether2_dg,ether6_wap,ether7_b1,ether14_fw1_lan1,ether15_fw1_lan2,ether17_ohorst1,ether18_ohorst2" vlan-ids=99 -add bridge=br_lan tagged=br_lan,bond_horst,ether17_ohorst1,ether18_ohorst2 vlan-ids=11 -/ip address -add address=172.24.1.97/24 interface=vlan1 network=172.24.1.0 -add address=172.24.10.90/24 interface=vlan10 network=172.24.10.0 -add address=172.24.42.90/24 interface=vlan42 network=172.24.42.0 -add address=172.24.4.104/24 interface=vlan4 network=172.24.4.0 -add address=172.24.42.1/24 disabled=yes interface=vlan42 network=172.24.42.0 -add address=172.24.1.1/24 disabled=yes interface=vlan1 network=172.24.1.0 -add address=172.24.10.1/24 disabled=yes interface=vlan10 network=172.24.10.0 -/ip dhcp-relay -add dhcp-server=172.24.10.11,172.24.10.12 disabled=no interface=ether1_og name=relay_42 -/ip dns -set allow-remote-requests=yes servers=172.24.10.11,172.24.10.12 -/ip route -add distance=1 gateway=172.24.4.1 -/ip ssh -set forwarding-enabled=remote -/snmp -set contact=admin@einsle.de enabled=yes location=Kempten -/system clock -set time-zone-name=Europe/Berlin -/system identity -set name=mt-kg2 -/system ntp client -set enabled=yes primary-ntp=172.24.10.11 secondary-ntp=172.24.10.12 -/system routerboard settings -set boot-os=router-os -/tool romon -set enabled=yes id=B2:C1:51:48:4E:4F secrets=78f244b59c diff --git a/mikrotik/mt-og.ke.einsle.de b/mikrotik/mt-og.ke.einsle.de deleted file mode 100644 index 5b6b980..0000000 --- a/mikrotik/mt-og.ke.einsle.de +++ /dev/null @@ -1,86 +0,0 @@ -# routerboard: yes -# model: 951G-2HnD -# serial-number: 4F43045E20E0 -# firmware-type: ar9344 -# factory-firmware: 3.17 -# current-firmware: 6.45.1 -# upgrade-firmware: 6.45.1 -# -# channel: stable -# installed-version: 6.45.1 -# -# Flags: U - undoable, R - redoable, F - floating-undo -# ACTION BY POLICY -# U user oxidized added admin write -# policy -# -# software id = 3E75-0AYA -# -# model = 951G-2HnD -# serial number = 4F43045E20E0 -/interface bridge -add name=br_mgmt protocol-mode=none -add name=br_robert protocol-mode=none -add name=br_server protocol-mode=none -add name=br_tobias protocol-mode=none -/interface wireless -# managed by CAPsMAN -# channel: 2412/20/gn(10dBm), SSID: wifis.org/ke/bertling, CAPsMAN forwarding -set [ find default-name=wlan1 ] ssid=MikroTik -/interface ethernet -set [ find default-name=ether1 ] name=eth1_kg speed=100Mbps -set [ find default-name=ether2 ] speed=100Mbps -set [ find default-name=ether3 ] speed=100Mbps -set [ find default-name=ether4 ] speed=100Mbps -set [ find default-name=ether5 ] speed=100Mbps -/interface vlan -add interface=eth1_kg name=vlan1 vlan-id=1 -add interface=eth1_kg name=vlan10 vlan-id=10 -add interface=eth1_kg name=vlan42 vlan-id=42 -add interface=eth1_kg name=vlan50 vlan-id=50 -add interface=eth1_kg name=vlan51 vlan-id=51 -add interface=eth1_kg name=vlan52 vlan-id=52 -add interface=eth1_kg name=vlan60 vlan-id=60 -add interface=eth1_kg name=vlan90 vlan-id=90 -add interface=eth1_kg name=vlan99 vlan-id=99 -/interface wireless security-profiles -set [ find default=yes ] supplicant-identity=MikroTik -/routing bgp instance -set default disabled=yes -/routing ospf instance -set [ find default=yes ] disabled=yes -/snmp community -set [ find default=yes ] addresses=172.24.0.0/16 name=jie6Wao5weeSahs -add addresses=172.24.1.0/24,172.24.10.0/24 authentication-password=nUTIRozDeJMiQ2Goj8BR authentication-protocol=SHA1 encryption-password=nUTIRozDeJMiQ2Goj8BR encryption-protocol=AES name=monitor security=private -/interface bridge port -add bridge=br_mgmt interface=vlan1 -add bridge=br_server interface=vlan10 -add bridge=br_robert interface=vlan42 -add bridge=br_tobias interface=vlan51 -add bridge=br_tobias interface=ether2 -add bridge=br_tobias interface=ether3 -add bridge=br_tobias interface=ether4 -add bridge=br_tobias interface=ether5 -/interface wireless cap -# -set caps-man-addresses=172.24.1.97 enabled=yes interfaces=wlan1 -/ip address -add address=172.24.1.96/24 interface=br_mgmt network=172.24.1.0 -add address=172.24.10.96/24 interface=br_server network=172.24.10.0 -add address=172.24.42.96/24 interface=br_robert network=172.24.42.0 -/ip dns -set servers=172.24.10.11,172.24.10.12 -/ip route -add distance=1 gateway=172.24.1.1 -/ip ssh -set allow-none-crypto=yes forwarding-enabled=remote -/snmp -set contact="Robert Einsle - opnsense - - - Disable the pf ftp proxy handler. - debug.pfftpproxy - default - - - Increase UFS read-ahead speeds to match the state of hard drives and NCQ. - vfs.read_max - default - - - Set the ephemeral port range to be lower. - net.inet.ip.portrange.first - default - - - Drop packets to closed TCP ports without returning a RST - net.inet.tcp.blackhole - default - - - Do not send ICMP port unreachable messages for closed UDP ports - net.inet.udp.blackhole - default - - - Randomize the ID field in IP packets (default is 0: sequential IP IDs) - net.inet.ip.random_id - default - - - - Source routing is another way for an attacker to try to reach non-routable addresses behind your box. - It can also be used to probe for information about your internal networks. These functions come enabled - as part of the standard FreeBSD core system. - - net.inet.ip.sourceroute - default - - - - Source routing is another way for an attacker to try to reach non-routable addresses behind your box. - It can also be used to probe for information about your internal networks. These functions come enabled - as part of the standard FreeBSD core system. - - net.inet.ip.accept_sourceroute - default - - - - Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects - to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect - packets without returning a response. - - net.inet.icmp.drop_redirect - default - - - - This option turns off the logging of redirect packets because there is no limit and this could fill - up your logs consuming your whole hard drive. - - net.inet.icmp.log_redirect - default - - - Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) - net.inet.tcp.drop_synfin - default - - - Enable sending IPv4 redirects - net.inet.ip.redirect - default - - - Enable sending IPv6 redirects - net.inet6.ip6.redirect - default - - - Enable privacy settings for IPv6 (RFC 4941) - net.inet6.ip6.use_tempaddr - default - - - Prefer privacy addresses and use them over the normal addresses - net.inet6.ip6.prefer_tempaddr - default - - - Generate SYN cookies for outbound SYN-ACK packets - net.inet.tcp.syncookies - default - - - Maximum incoming/outgoing TCP datagram size (receive) - net.inet.tcp.recvspace - default - - - Maximum incoming/outgoing TCP datagram size (send) - net.inet.tcp.sendspace - default - - - Do not delay ACK to try and piggyback it onto a data packet - net.inet.tcp.delayed_ack - default - - - Maximum outgoing UDP datagram size - net.inet.udp.maxdgram - default - - - Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) - net.link.bridge.pfil_onlyip - default - - - Set to 1 to additionally filter on the physical interface for locally destined packets - net.link.bridge.pfil_local_phys - default - - - Set to 0 to disable filtering on the incoming and outgoing member interfaces. - net.link.bridge.pfil_member - default - - - Set to 1 to enable filtering on the bridge interface - net.link.bridge.pfil_bridge - default - - - Allow unprivileged access to tap(4) device nodes - net.link.tap.user_open - default - - - Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) - kern.randompid - default - - - Maximum size of the IP input queue - net.inet.ip.intr_queue_maxlen - default - - - Disable CTRL+ALT+Delete reboot from keyboard. - hw.syscons.kbd_reboot - default - - - Enable TCP extended debugging - net.inet.tcp.log_debug - default - - - Set ICMP Limits - net.inet.icmp.icmplim - default - - - TCP Offload Engine - net.inet.tcp.tso - default - - - UDP Checksums - net.inet.udp.checksum - default - - - Maximum socket buffer size - kern.ipc.maxsockbuf - default - - - Page Table Isolation (Meltdown mitigation, requires reboot.) - vm.pmap.pti - default - - - Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation) - hw.ibrs_disable - default - - - Hide processes running as other groups - security.bsd.see_other_gids - default - - - Hide processes running as other users - security.bsd.see_other_uids - default - - - Enable/disable sending of ICMP redirects in response to IP packets for which a better, - and for the sender directly reachable, route and next hop is known. - - net.inet.ip.redirect - 0 - - - Enable/disable dropping of ICMP Redirect packets - net.inet.icmp.drop_redirect - 1 - - - - normal - fw01 - ke.einsle.de - - admins - System Administrators - system - 1999 - 0 - 2000 - 2004 - page-all - - - root - System Administrator - system - admins - $2y$10$BczaNfG.OdvX2e/udy1ekux4RvVYsQUdUCYohiyVB2Xle8he1V8ve - 0 - - c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBbmVHd0NqOURGTDVxUnMzaFd5SEcyVm5kNGlUWVg1Y0dsN0FUZ1Y3MlZQTm5nYjVsNjNGbTlIbXdkNEtucENhY3lhWFBXQXlyYzIwY2QyNmZmZVRCc1hUQzhtSTc5R3dVWUVOQ3BTeFNLQW12eTlnSjdBUDF4eE93WkdSeCtKNWRyVldyZWpjUGtxQzJublZkZGtEODVyTkVBREo1KzJnNFl1UER2ZFg5cTI0WXg3cHdnUFoxVnJiWTZNOW9zMU03R3RhQzlBWWJNNk9ZdldBOHp2ai9EWUZEem1QelgvRzNnNThLYlBRaUxRakVXREZCbFlmSE9OWVlHRmdwZWdPakVFM09aV0JBWDhBanJTeUVoaGFFS1ZhZFhYV0M3OUxVRWF6SC8yUXZGOG44OFAzZ3lYbnhlckd5dHRCMlBmZmNPME5LOE51ME9pdWpuZlpNUG1yUFh3PT0gU1NILUtleSBSb2JlcnQgRWluc2xlIHByaXZhdA== - - - - - $2y$10$7ELqsp0QYmp4a1m5pvSSGeEaJYK7ts3k2qzyfW0pWHdv9JlTpNTO6 - user - reinsle - Robert Einsle - - c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBQkl3QUFBUUVBbmVHd0NqOURGTDVxUnMzaFd5SEcyVm5kNGlUWVg1Y0dsN0FUZ1Y3MlZQTm5nYjVsNjNGbTlIbXdkNEtucENhY3lhWFBXQXlyYzIwY2QyNmZmZVRCc1hUQzhtSTc5R3dVWUVOQ3BTeFNLQW12eTlnSjdBUDF4eE93WkdSeCtKNWRyVldyZWpjUGtxQzJublZkZGtEODVyTkVBREo1KzJnNFl1UER2ZFg5cTI0WXg3cHdnUFoxVnJiWTZNOW9zMU03R3RhQzlBWWJNNk9ZdldBOHp2ai9EWUZEem1QelgvRzNnNThLYlBRaUxRakVXREZCbFlmSE9OWVlHRmdwZWdPakVFM09aV0JBWDhBanJTeUVoaGFFS1ZhZFhYV0M3OUxVRWF6SC8yUXZGOG44OFAzZ3lYbnhlckd5dHRCMlBmZmNPME5LOE51ME9pdWpuZlpNUG1yUFh3PT0gU1NILUtleSBSb2JlcnQgRWluc2xlIHByaXZhdA== - - Z5PYOKETTBBCR3P6KRE7IVXJV4UWIMGH - robert@einsle.de - /bin/sh - 2000 - uid=reinsle,cn=users,dc=ke,dc=einsle,dc=de - 5cb9f61ca1b7d - 5cbee0f6db47c - - - user - brigitte - uid=brigitte,cn=users,dc=ke,dc=einsle,dc=de - - $2y$10$AupvzUkABjsaSXD07stkhefd022OR1.nmDXdfoV9J0dpycRRzegLi - 2001 - - - user - tobias - uid=tobias,cn=users,dc=ke,dc=einsle,dc=de - - $2y$10$YKH4iJB2SxFr4rkaJXMMa.jy8fyUZgCe4kigMIPHWxWIiW5ub6Agu - 2002 - - - user - teresa - uid=teresa,cn=users,dc=ke,dc=einsle,dc=de - - $2y$10$RffJY1d1OFxRWJi7T4Y5H.UJCxfvUiAZl6xXlnOMFpNC2Z6CA0bd. - 2003 - - - $2y$10$Smx9jtcrqPWGnZzIFxUzveTrtGrJ/OHHFteatZlZjKMUV.7eVucP2 - user - oxidized - Oxidized - - c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFDQVFEWFVETG9FVG9NcG1YbnRsaldKYjVlN2lRSEFSeGtQYjgzejljTDE5aDc0VzZjSjB4MnNmUzNIREdQQS9qc3VxcVpJajdQUVc0Y1ArTzd4blBJTjQzalZ6U3BZdTk1RU9pT0UzZWJSNTlZZHR3eVBrM0dtMUtLNDMyVG55NjFLSVpNSXFUZnNGMkZ5TlRGNld3N0xDalROOHdPb0I5YU84RW5icFZ2R0t4UlI5cTIrcVNMdVdUVXhoNS9OZk8wRHRpaEdHaXU2NHlkYzhuS0h3Y1VmK0NIN2Q4WkhOZGdtSEgraVNlUmgwNm9OcE1wR1hWamtuczFJT1RPT2FzWnFXVW9wc3pndTJPc2xzdTZ5NmV5eHplTjQ3R0hrUE83YWg5dVVRN1ZXaHZDS1FtY1FxUC8wRmptRWtLSjQ4S21USXdmNG9IUHRGMmRONWtYNGVwRGJrcGdVRWJhQzN1MWU4TEErWHppR3Q5cGFYa0UwS1VSRGxBVnp4T3lpSFlFSGNXVFluSk50d3BDYUIvdTJZY3VSTVptb1h2SUVZUUFRNEJ5OEY5dDNEQVJDWU5EYkIvTkpKSUNqWnhrMEgxK2E4ZlNnRTdSYTVuSzIwVGgrd0tQTWpwdG9sekFaUy9LMFphT3hHRWV5U1dHVU8wMXh4L0k3L3hYdENhUVpzWVJWc21rWkZoZXJQUnNwcE0xakhMamVTejZCdmRyQXY5bDBNK0M2blhpM1hJWU4rQThpaW5aa0pmait5TFdIcDhaaGpHdUR1L0xrRVI2b2pJNjduM2U4b1krN3pqbFJVMEIvYnpHVm5xOFdKdHRURHB4bTBkWitXbGVsdHdBYzZJUGR3ejV4clFXV0FucDB2eVF1L0lKb3pjbG5JcGd6NkNrQlBFY1k1aWtNU3BKaHc9PSBveGlkaXplZEBveGlkaXplZA== - - - /bin/csh - 2004 - - 2005 - 2000 - Europe/Berlin - 0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org - - https - 5cb98512c7016 - - - - - 1 - kedc01,Local Database - - yes - 1 - 1 - 2 - 1 - 1 - 1 - - hadp - hadp - hadp - - monthly - - - 60 - aesni - 1 - 1 - - admins - 1 - - enabled - 1 - - - - 1 - https://cloud.einsle.de - robert@einsle.de - !Khyp1o= - - OPNsense-kempten2 - - - de_DE - 208.67.222.222 - 208.67.220.220 - 2620:0:ccc::2 - 2620:0:ccd::2 - - os-zerotier,os-net-snmp - - 115200 - video - - 5cb995ae6d61f - ldap - kedc01 - 172.24.10.11 - 7389 - TCP - Standard - 3 - subtree - dc=ke,dc=einsle,dc=de - cn=users,dc=ke,dc=einsle,dc=de - &(objectClass=inetOrgPerson) - uid - uid=sec_fw,cn=users,dc=ke,dc=einsle,dc=de - b7G77HydYn9qUmLUqsnu - 5cb9f38800630 - - - 5cb9b06943031 - voucher - CP Voucher - - - - - - 5cbaaea76ecc2 - ldap-totp - kedc01 TOTP - 5cb9f38800630 - 172.24.10.11 - 7389 - TCP - Standard - 3 - subtree - dc=ke,dc=einsle,dc=de - cn=users,dc=ke,dc=einsle,dc=de - &(objectClass=inetOrgPerson) - uid - uid=sec_fw,cn=users,dc=ke,dc=einsle,dc=de - b7G77HydYn9qUmLUqsnu - 6 - - - - - 1 - 1 - none - none - none - none - none - none - none - none - - - - vtnet0 - KDG - 1 - - 1 - 1 - 172.24.4.11 - 24 - KDG_FRITZ - slaac - - - vtnet3 - SERVER - 1 - - 172.24.10.2 - 24 - - - vtnet1 - MGMT - 1 - - 172.24.1.2 - 24 - - - vtnet2 - DMZ - 1 - - 172.24.2.2 - 24 - - - vtnet4 - ROBERT - 1 - - 172.24.42.2 - 24 - track6 - wan - 0 - - - vtnet5 - BRIGITTE - 1 - - 172.24.50.2 - 24 - - - vtnet6 - TOBIAS - 1 - - 172.24.51.2 - 24 - - - vtnet7 - TERESA - 1 - - 172.24.52.2 - 24 - - - vtnet8 - VOIP - 1 - - 172.24.60.2 - 24 - - - vtnet9 - TEST - 1 - - 172.24.90.2 - 24 - - - vtnet10 - GAST - 1 - - 172.24.99.2 - 24 - - - 1 - 1 - INTERN - INTERN - 1 - group - - - ztanv9hnl3ml6ep - ZTROBBY - 1 - - 172.22.0.211 - 16 - - - 1 - 1 - CLIENTS - CLIENTS - 1 - group - - - vtnet11 - PFSYNC - 1 - - 172.24.11.2 - 24 - - - ovpns1 - OVPNS1 - 1 - - 172.24.21.1 - 24 - - - 1 - 1 - openvpn - OpenVPN - group - 1 - - - - - - 172.24.10.10 - 172.24.10.245 - - - - - on - on - - ke.einsle.de - 172.24.10.11 - - - - - - - public - - - - - - - hybrid - - - NET_kempten - - - opt1 - - masq auf management - opt1 - - - - - inet - - reinsle@172.24.42.51 - - /firewall_nat_out_edit.php made changes - - - 0 - - - root@172.24.42.51 - - /firewall_nat_out_edit.php made changes - - - - - HOST_tobias_ps4 - - - 1 - - - wan - - - - - inet - - 0 - 1 - - - root@172.24.42.51 - - /firewall_nat_out_edit.php made changes - - - root@172.24.42.51 - - /firewall_nat_out_edit.php made changes - - - - - tcp - wan - inet - dnat kdg:22021 auf horst - - - - nat_5cbede8ec8ff85.18793725 - HOST_horst - 22 - - 1 - - - wanip - 22021 - - - root@172.24.42.51 - - /firewall_nat_edit.php made changes - - - root@172.24.42.51 - - /firewall_nat_edit.php made changes - - - - tcp - wan - inet - dnat kdg:22022 auf fw - - - - nat_5cbab161f13b55.46013125 - 127.0.0.1 - 22 - - 1 - - - wanip - 22022 - - - root@172.24.42.173 - - /firewall_nat_edit.php made changes - - - root@172.24.42.173 - - /firewall_nat_edit.php made changes - - - - tcp - wan - inet - dnat kdg:22023 auf kedc01 - - - - nat_5cb9a87b941159.37025775 - HOST_kedc01 - 22 - - 1 - - - wanip - 22023 - - - root@172.24.42.173 - - /firewall_nat_edit.php made changes - - - root@172.24.42.51 - - /firewall_nat_edit.php made changes - - - - - - pass - opt4,CLIENTS,opt2,opt9,INTERN,wan,opt1,opt3,lan,opt6,opt8,opt5,opt7 - inet - keep state - Allow CARP - any - yes - yes - carp - - 1 - - - 1 - - - root@172.24.42.51 - - /firewall_rules_edit.php made changes - - - root@172.24.42.51 - - /firewall_rules_edit.php made changes - - - - pass - opt4,CLIENTS,opt2,opt9,INTERN,wan,opt1,opt11,openvpn,opt3,lan,opt6,opt8,opt5,opt7,opt10 - inet - keep state - alle auf alle mit ping - in - yes - yes - icmp - echoreq - - 1 - - - 1 - - - root@172.24.42.173 - - /firewall_rules_edit.php made changes - - - root@172.24.42.51 - - /firewall_rules_edit.php made changes - - - - pass - opt4,CLIENTS,opt2,opt9,INTERN,wan,opt1,opt11,openvpn,opt3,lan,opt6,opt8,opt5,opt7,opt10 - inet - keep state - alle auf alle mit ssh - in - yes - yes - tcp - - 1 - - - 1 - 22 - - - root@172.24.42.173 - - /firewall_rules_edit.php made changes - - - root@172.24.42.51 - - /firewall_rules_edit.php made changes - - - - pass - opt3,lan - inet - keep state - robert,server auf firewall mit http - in - yes - yes - tcp - - 1 - - - (self) - 80 - - - reinsle@172.24.42.51 - - /firewall_rules_edit.php made changes - - - reinsle@172.24.42.51 - - /firewall_rules_edit.php made changes - - - - pass - opt3,lan - inet - keep state - robert,server auf firewall mit https - in - yes - yes - tcp - - 1 - - - (self) - 443 - - - reinsle@172.24.42.51 - - /firewall_rules_edit.php made changes - - - root@172.24.42.51 - - /firewall_rules_edit.php made changes - - - - pass - opt4,CLIENTS,opt2,opt9,INTERN,opt1,opt11,openvpn,opt3,lan,opt6,opt8,opt5,opt7,opt10 - inet - keep state - kempten auf internet mit web - any - yes - yes - tcp - -
NET_kempten
- - - 1 - PORT_web - - - root@172.24.42.173 - - /firewall_rules_edit.php made changes - - - reinsle@172.24.42.51 - - /firewall_rules_edit.php made changes - -
- - - 1 - - wan - tcp - inet - -
HOST_kedc01
- 22 -
- NAT dnat kdg:22023 auf kedc01 - nat_5cb9a87b941159.37025775 - - root@172.24.42.51 - - /firewall_nat_edit.php made changes - -
- - - 1 - - wan - tcp - inet - -
127.0.0.1
- 22 -
- NAT dnat kdg:22022 auf fw - nat_5cbab161f13b55.46013125 - - root@172.24.42.173 - - /firewall_nat_edit.php made changes - -
- - pass - wan - inet - keep state - internet auf firewall mit openvpn - udp - - 1 - - - (self) - 1194 - - - root@172.24.42.173 - - /firewall_rules_edit.php made changes - - - root@172.24.42.173 - - /firewall_rules_edit.php made changes - - - - pass - inet - Default allow LAN to any rule - lan - - lan - - - - - - - pass - inet6 - Default allow LAN IPv6 to any rule - lan - - lan - - - - - - - pass - lan - inet - keep state - kedc auf internet mit dns - tcp/udp - -
HOSTS_kedc
- - -
NET_kempten
- 1 - 53 -
- - reinsle@172.24.42.51 - - /firewall_rules_edit.php made changes - - - reinsle@172.24.42.51 - - /firewall_rules_edit.php made changes - -
- - pass - lan - inet - keep state - kedc auf internet mit ntp - udp - -
HOSTS_kedc
- - -
NET_kempten
- 1 - 123 -
- - reinsle@172.24.42.51 - - /firewall_rules_edit.php made changes - - - reinsle@172.24.42.51 - - /firewall_rules_edit.php made changes - -
- - pass - lan - inet - keep state - monitor auf internet mit all - tcp - -
HOST_monitor
- - -
NET_kempten
- 1 - PORT_icinga2 -
- - root@172.24.42.51 - - /firewall_rules_edit.php made changes - - - root@172.24.42.51 - - /firewall_rules_edit.php made changes - -
- - pass - lan - inet - keep state - monitor auf mgmt mit monitoring_porst - tcp/udp - -
HOST_monitor
- - - opt1 - PORT_monitoring - - - root@172.24.42.51 - - /firewall_rules_edit.php made changes - - - root@172.24.42.51 - - /firewall_rules_edit.php made changes - -
- - pass - CLIENTS - inet - keep state - intern auf internet mit ports_internet - tcp/udp - -
NET_kempten
- - -
NET_kempten
- 1 -
- - root@172.24.42.51 - - /firewall_rules_edit.php made changes - - - reinsle@172.24.42.51 - - /firewall_rules_edit.php made changes - -
- - pass - CLIENTS - inet - keep state - openvpn auf firewall - udp - - 1 - - - (self) - 1194 - - - root@172.24.42.51 - - /firewall_rules_edit.php made changes - - - root@172.24.42.51 - - /firewall_rules_edit.php made changes - - - - pass - INTERN - inet - keep state - intern auf kedc mit dns - tcp/udp - -
NET_kempten
- - -
HOSTS_kedc
- 53 -
- - reinsle@172.24.42.51 - - /firewall_rules_edit.php made changes - - - reinsle@172.24.42.51 - - /firewall_rules_edit.php made changes - -
- - pass - INTERN - inet - keep state - intern auf kedc mit ntp - udp - -
NET_kempten
- - -
HOSTS_kedc
- 123 -
- - reinsle@172.24.42.51 - - /firewall_rules_edit.php made changes - - - reinsle@172.24.42.51 - - /firewall_rules_edit.php made changes - -
- - pass - INTERN - inet - keep state - intern auf host mit 8006/tcp - tcp - -
NET_kempten
- - -
HOST_horst
- PORT_proxmox -
- - reinsle@172.24.42.51 - - /firewall_rules_edit.php made changes - - - reinsle@172.24.42.51 - - /firewall_rules_edit.php made changes - -
- - pass - INTERN - inet - keep state - intern auf kedc mit web - tcp/udp - -
NET_kempten
- - - lan - PORT_server - - - root@172.24.42.51 - - /firewall_rules_edit.php made changes - - - reinsle@172.24.42.51 - - /firewall_rules_edit.php made changes - -
- - pass - INTERN - inet - keep state - intern auf kedc mit ad_ports - tcp - -
NET_kempten
- - -
HOST_kyo
-
- - root@172.24.42.51 - - /firewall_rules_edit.php made changes - - - root@172.24.42.51 - - /firewall_rules_edit.php made changes - -
- - block - opt5 - inet - keep state - Block Tobias - 1 - - 1 - - - 1 - - - root@172.24.42.173 - - /firewall_rules_edit.php made changes - - - root@172.24.42.173 - - /firewall_rules_edit.php made changes - - - - pass - opt12 - inet - keep state - - 1 - - - 1 - - - root@172.24.42.51 - - /firewall_rules_edit.php made changes - - - root@172.24.42.51 - - /firewall_rules_edit.php made changes - - - - - 1 - - wan - tcp - inet - -
HOST_horst
- 22 -
- NAT dnat kdg:22021 auf horst - nat_5cbede8ec8ff85.18793725 - - root@172.24.42.51 - - /firewall_nat_edit.php made changes - -
-
- - - - - - ICMP - icmp - ICMP - - - - TCP - tcp - Generic TCP - - - - HTTP - http - Generic HTTP - - / - - 200 - - - - HTTPS - https - Generic HTTPS - - / - - 200 - - - - SMTP - send - Generic SMTP - - - 220 * - - - - - 0.opnsense.pool.ntp.org - - - system_information-container:00000000-col3:show,traffic_graphs-container:00000001-col3:show,cpu_usage-container:00000002-col3:show,log-container:00000003-col3:show,services_status-container:00000004-col4:show,gateways-container:00000005-col4:show,interface_list-container:00000006-col4:show,openvpn-container:00000007-col4:show,carp_status-container:00000008-col4:show - 2 - - - root@172.24.42.167 - - /system_usermanager.php made changes - - - - - - - 1 - NET_kempten - network - - - 172.24.0.0/16 - Netzwerke Kempten - - - 1 - NET_robert - network - - - 172.24.42.0/24 - Netzwerk Robert - - - 1 - PORT_web - port - - - 80 -443 -5000 -5001 -8080 -8443 - Ports für WEB Zugriff - - - 1 - HOST_kedc01 - host - - - 172.24.10.11 - HOST kedc01 - - - 1 - HOST_kedc02 - host - - - 172.24.10.12 - HOST kedc02 - - - 1 - HOSTS_kedc - host - - - HOST_kedc01 -HOST_kedc02 - - - - 1 - PORT_proxmox - port - - - 8006 - PORT proxmox tcp 8006 - - - 1 - HOST_horst - host - - - 172.24.10.10 -172.24.10.9 - HOST horst - - - 1 - PORT_mail - port - - - 25 -110 -143 -587 -993 -995 - Ports für Mail - - - 1 - HOST_kyo - host - - - 172.24.10.51 - HOST kyocera - - - 1 - HOST_monitor - host - - - 172.24.10.14 - HOST monitor.ke.einsle.de - - - 1 - PORT_icinga2 - port - - - 5665 - PORT icinga2 - - - 1 - PORT_monitoring - port - - - 22 -80 -161 -443 -8291 -PORT_web -PORT_mail - Ports Monitoring - - - 1 - PORT_ssh - port - - - 22 -22020:22040 - Ports SSH - - - 1 - HOST_tobias_ps4 - host - - - 172.24.51.195 - Tobias PS4 - - - 1 - PORTS_internet - port - - - 22 -PORT_web -PORT_mail -22020:22040 - Ports zum Internetzugriff - - - 1 - HOST_nas - host - - - 172.24.10.16 - nas.ke.einsle.de - - - 1 - PORT_fileshare - port - - - 42 -53 -88 -135 -137 -138 -139 -389 -445 -636 -853 -1512 -3268 -3269 -7389 -7636 -49150:49160 -67:68 - Ports fuer Windows AD und FileShare - - - 1 - PORT_server - port - - - PORT_web -PORT_fileshare -PORT_mail - - - - - - - - - - - - - - - 0 - 0 - 0 - wan - 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12 - - - W0D23 - 4 - ac - 0 - 0 - - - - - 0 - - - - 1 - 1 - - - - - - 0 - on - strip - 1 - 0 - admin@localhost.local - - - - 0 - /var/squid/cache - 256 - - 100 - 16 - 256 - 0 - 0 - - - - 0 - 2048 - 1024 - 1024 - 256 - - - 0 - - 0 - username - password - - - - - - - lan - 3128 - 3129 - 0 - 0 - - - 4 - 5 - 0 - 3401 - public - - 2121 - 0 - 1 - 0 - - - - - - - - - 80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http - 443:https - - - - - - - 0 - icap://[::1]:1344/avscan - icap://[::1]:1344/avscan - 1 - 0 - 0 - X-Username - 1 - 1024 - 60 - - - - - OPNsense proxy authentication - 2 - 5 - - - - - - - - - - - - - - 1 - monitor - nUTIRozDeJMiQ2Goj8BR - nUTIRozDeJMiQ2Goj8BR - 0 - - - - - 1 - - Kempten - admin@einsle.de - 0 - - - - - 1 - mqfc2m8gTqPft9uvsTCYOl2tDC6OrnEI - {} - - - 1 - abfd31bd476a99d9 - Robby - - - - - - opt4,opt2,opt9,opt1,opt3,lan,opt6,opt8,opt5,opt7 - wan - v9 - 127.0.0.1:2056 - - - 1 - - - - - - 1 - 0 - opt9 - Local Database - 0 - - 0 - 0 - 1 - - - - - 0 - 0 -