Hello,
can someone help in how to setup
a wire guard VPN so i can connect my MT android app to my LTE device
thanks
a dump file below for reference
can someone help in how to setup
a wire guard VPN so i can connect my MT android app to my LTE device
thanks
a dump file below for reference
Code:
# 2024-05-29 09:26:22 by RouterOS 7.14.3# software id = A2N8-******## model = RBSXTR# serial number = HG1********/interface bridgeadd admin-mac=18:FD:******* auto-mac=no comment=defconf name=bridge \ port-cost-mode=short/interface ethernetset [ find default-name=ether1 ] mac-address=18:FD:*******set [ find default-name=ether2 ] mac-address=18:FD:*******/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface lte apnadd apn=broadband use-network-apn=yes/interface lteset [ find default-name=lte1 ] allow-roaming=no apn-profiles=broadband \ band=4 network-mode=lte sms-read=no/ip hotspot profileset [ find default=yes ] html-directory=hotspot/ip pooladd name=dhcp ranges=192.168.88.100-192.168.88.254add name=vpn ranges=192.168.89.2-192.168.89.255/ip dhcp-serveradd address-pool=dhcp interface=bridge lease-time=10m name=defconf/ppp profileset *FFFFFFFE local-address=192.168.89.1 remote-address=vpn/interface bridge portadd bridge=bridge comment=defconf interface=ether1 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 \ path-cost=10/ip firewall connection trackingset udp-timeout=10s/ip neighbor discovery-settingsset discover-interface-list=LAN/interface l2tp-server serverset enabled=yes use-ipsec=yes/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=lte1 list=WAN/ip addressadd address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0/ip cloudset ddns-enabled=yes/ip dhcp-server networkadd address=192.168.88.0/24 comment=defconf dns-server=1.1.1.1,8.8.8.8 \ gateway=192.168.88.1 netmask=24/ip dnsset allow-remote-requests=yes/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan/ip firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \ protocol=udpadd action=accept chain=input comment="allow IKE" dst-port=500 protocol=udpadd action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udpadd action=accept chain=input comment=WINBOX connection-nat-state=dstnat \ connection-state=new connection-type="" dst-port=8291 protocol=tcpadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid disabled=yesadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ disabled=yes in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall mangleadd action=change-ttl chain=postrouting new-ttl=set:64 out-interface=lte1/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WANadd action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\ 192.168.89.0/24/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" port=\ 33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN/ppp secretadd name=vpn/system clockset time-zone-autodetect=no time-zone-name=America/Chicago/system identityset name=iPhone12/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=time.google.com/system watchdogset watch-address=1.1.1.1/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LANStatistics: Posted by rolo95 — Wed May 29, 2024 7:58 pm