Код: Выделить всё
# jul/10/2018 13:08:24 by RouterOS 6.42.5
# software id = RG2W-6FVW
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = XXXXXXXXXXXXX
/interface lte
set [ find ] comment=Yota mac-address=00:00:00:00:00:00 name=lte1
/interface bridge
add comment=LAN fast-forward=no name=bridge1
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
set [ find default-name=wlan2 ] ssid=MikroTik
/interface list
add name=Bridge
add comment="contains WAN interfaces" name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool ranges=192.168.2.2-192.168.2.30
/ip dhcp-server
add address-pool=dhcp_pool authoritative=after-2sec-delay disabled=no \
interface=bridge1 lease-time=45m name=dhcp
/ppp profile
set *0 bridge=bridge1 change-tcp-mss=no use-compression=no use-encryption=yes \
use-mpls=no use-upnp=no
set *FFFFFFFE bridge=bridge1 use-mpls=no use-upnp=no
/interface pptp-client
add allow=mschap2 comment="Private VPN" connect-to=XX.XXX.XX.XXX disabled=no \
mrru=1600 name=pptp_home password=YYYYYYY profile=default user=ZZZZZ
/interface bridge port
add bridge=bridge1 interface=all
/interface list member
add interface=bridge1 list=Bridge
add interface=pptp_home list=WAN
add interface=lte1 list=WAN
/ip address
add address=192.168.2.1/24 interface=bridge1 network=192.168.2.0
/ip dhcp-server lease
add address=192.168.2.22 client-id=0:00:00:00:00:00:00 mac-address=\
00:00:00:00:00:00:00 server=dhcp
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.2.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.2.1
/ip firewall filter
add action=accept chain=output comment=pptp_home dst-address=XX.XXX.XX.XXX
add action=accept chain=input comment="defconf: ACCEPT ICMP" protocol=icmp
add action=accept chain=forward protocol=icmp
add action=accept chain=input comment=\
"defconf: ACCEPT established and related" connection-state=\
established,related
add action=drop chain=input comment="defconf: DROP other input from WAN" \
in-interface-list=WAN
add action=fasttrack-connection chain=forward comment="defconf: Fasttrack" \
connection-mark=!ipsec connection-state=established,related
add action=accept chain=forward comment=\
"defconf: ACCEPT forward established and related" connection-state=\
established,related
add action=drop chain=forward comment="defconf: DROP Invalid connections" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: DROP from WAN using static route (not DSTNATed)" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=change-mss chain=forward in-interface=pptp_home new-mss=\
clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn,!rst tcp-mss=\
1453-65535
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=\
pptp_home passthrough=yes protocol=tcp tcp-flags=syn,!rst tcp-mss=\
1453-65535
/ip firewall nat
add action=masquerade chain=srcnat out-interface=lte1
add action=masquerade chain=srcnat out-interface=bridge1
add action=accept chain=srcnat comment="Private VPN NAT" out-interface=\
pptp_home
/ip firewall service-port
set sip disabled=yes
/ip route
add check-gateway=ping comment="Private VPN route" distance=1 gateway=\
pptp_home routing-mark=home-vpn
add check-gateway=ping distance=1 dst-address=172.16.1.0/24 gateway=pptp_home
/ip route rule
add dst-address=192.168.1.0/24 table=home-vpn
add dst-address=192.168.3.0/24 table=home-vpn
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set www-ssl certificate=weblane disabled=no
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Moscow
/system ntp client
set enabled=yes primary-ntp=17.253.54.253 secondary-ntp=17.253.54.125
/system routerboard settings
set silent-boot=no
/system scheduler
/system script
/tool e-mail
в обратном направлении с 192.168.1.1 и 192.168.3.1 адрес 192.168.2.1 пингуеся без проблем