Howto mikrotik: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 34: | Line 34: | ||
change ssh port: | change ssh port: | ||
/ip service set ssh port=5000 | /ip service set ssh port=5000 | ||
disable services: | |||
/ip services disable telnet | |||
/ip services disable winbox | |||
/ip services disable | |||
= wireguard = | = wireguard = | ||
for wireguard support we need to switch to development channel: | for wireguard support we need to switch to development channel: | ||
Revision as of 11:47, 5 February 2022
initial setup
update user admin password:
/user set admin password=mypassword
set timezone:
/system clock set time-zone-name=America/Puerto_Rico
update clock with ntp:
/system ntp client set enabled=yes primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0 server-dns-names=us.pool.ntp.org
check routeros version:
/system resource print
update router os:
/system package update download
update router firmware:
/system routerboard upgrade
configure ip address:
/ip address add address=192.168.75.93/24 interface="ether1"
configure gateway:
/ip route add gateway=192.168.75.1
configure dns:
/ip dns set servers=4.2.2.1,4.2.2.2 allow-remote-requests=yes
configure dhcp server:
/ip address add address=172.16.77.244/24 interface=ether2 /ip pool add name=dhcp-pool ranges=172.16.24.50-172.16.24.100 /ip dhcp-server add name=dhcp interface=ether2 address-pool=dhcp-pool /ip dhcp-server network add address=172.16.24.0/24 gateway=172.16.24.244 dns-server=4.2.2.1,4.2.2.2
configure firewall:
/ip firewall nat add action=masquerade chain=srcnat src-address=172.16.24.0/24 comment="nat rule for internet on 172.16.24.0 subnet" disabled=no out-interface=ether1
other commands
search for file on routeros:
/file print where name~".npk"
monitor interface ether1 using torch:
/tool torch ip-protocol=any port=any src-address=0.0.0.0/0 interface=ether1
secure router
change ssh port:
/ip service set ssh port=5000
disable services:
/ip services disable telnet /ip services disable winbox /ip services disable
wireguard
for wireguard support we need to switch to development channel:
/system package update set channel=development
then download the latest update:
/system package update download
reboot the router:
/system reboot
add wireguard interface:
/interface/wireguard add name=wg0 mtu=1420
add wireguard peer using server information:
/interface/wireguard/peers add endpoint=12.34.56.78:51820 persistent-keepalive=61 public-key="75VNV7HqFh+3QIT5OHZkcjWfbjx8tc6Ck62gZJT/KRA=" allowed-address="10.10.10.0/24" interface=wg0
add ip address to interface:
/ip/address add address=10.10.10.3/24 network=10.10.10.0 interface=wg0
add the following on the server configuration:
[Peer] PublicKey=pEU+xV6YeWOKT34iECYDPRW99oLZKYodkUtjdIV8CwI= AllowedIPs=10.10.10.3/32
restart wireguard on server:
systemctl restart wg-quick@wg0.service