MikroTik hAP ac² 討論貼

张无忌

進階會員

Rank: 3 Rank: 3 Rank: 3

811^# 跳轉到 »

發表於 2018-5-31 11:47 | 只看該作者

RC21有新的release，详细请看：

https://forum.mikrotik.com/viewt ... p;start=200#p665318

TOP

张无忌

進階會員

Rank: 3 Rank: 3 Rank: 3

812^#

發表於 2018-5-31 21:46 | 只看該作者

本帖最後由张无忌於 2018-6-1 15:26 編輯

怎样连香港亲友VPN Server，用China IP看奇艺网，CCTV5？

如果你有亲友的VPN Server有连上大陆的Gateway，那么你不用在大陆找VPN Server，只要通过你亲友的VPN Server，就可以间接用大陆IP看奇艺网，CCTV5等等节目。

你需要的东西：
1) 设备就是MikroTik WiFi router hAP ac^2, 你可以用Mikrotik别的WiFi Router
2) 你亲友给你VPN账号，例如vpn server address, vpn.abc.com, login name=abc123, password=pssword123

Step 1: Backup your original router file

/system backup save name=new-backup

複製代碼

.

Step 2: Download the new-backup file to your local PC by left-click the new-back file under the [Files] Menu

Step 3: Reset your router without backup

/system reset-configuration skip-backup=yes

複製代碼

.

Step 4: Set the default WiFi security profile (eg. password=wifi-password)

/interface wireless security-profiles set authentication-types=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key=wifi-password [find name="default"]

複製代碼

.

Step 5：Set 2.4GHz SSID=MT-2G, 5GHz SSID=MT-5G

/interface wireless
set wlan1 ssid=MT-2G frequency=auto security-profile=default disabled=no
set wlan2 ssid=MT-5G frequency=auto security-profile=default disabled=no

複製代碼

.

Step 6: Create a new named bridge-cn

/interface bridge
add name=bridge-cn

複製代碼

.

Step 7: Create a virtual AP named MT-5G-CN to form a radio named wlan2 with SSID=MT-5G-CN

/interface wireless
add disabled=no master-interface=wlan2 name=wlan3 ssid=MT-5G-CN

複製代碼

.

Step 8: Detach (remove) ether5 from the default bridge named "bridge"

/interface bridge port
remove [find interface=“ether5”]

複製代碼

.

Step 9: Add ether5 and wlan3 (SSID=MT-5G-CN)

/interface bridge port
add bridge=bridge-cn interface=ether5
add bridge=bridge-cn interface=wlan3

複製代碼

.

Step 10: Assign an IP address range 192.168.16.1/24 to the bridge-cn interface

/ip address
add address=192.168.16.1/24 interface=bridge-cn

複製代碼

.

Step 11: Set up a DHCP server for bridge-cn

[admin@MikroTik] > /ip dhcp-server setup
Select interface to run DHCP server on
dhcp server interface: bridge-cn
Select network for DHCP addresses
dhcp address space: 192.168.16.0/24
Select gateway for given network
gateway for dhcp network: 192.168.16.1
Select pool of ip addresses given out by DHCP server
addresses to give out: 192.168.16.2-192.168.16.254
Select DNS servers
dns servers: 192.168.55.1,192.168.88.1
Select lease time
lease time: 10m
[admin@MikroTik] >

複製代碼

.

Step 12:

/interface pptp-client
add connect-to=vpn.abc.com disabled=no name=pptp-cn password=password123 user=abc123

複製代碼

.

Step 13:

/ip firewall mangle
add action=mark-routing chain=prerouting in-interface=bridge-cn new-routing-mark=cn-gateway passthrough=no

複製代碼

.

Step 14:

/ip firewall nat
add action=masquerade chain=srcnat out-interface=pptp-cn

複製代碼

.

Step 15: 下面的rules，一般搬到Fasttrack之前。

/ip firewall filter
add action=accept chain=forward in-interface=bridge-cn
add action=accept chain=forward out-interface=bridge-cn

複製代碼

.

在最初的时候那些rules都放在最后，用drag and move方式把它们放到FastTrack Rules之前。

Step 16:

/ip route
add distance=1 gateway=pptp-cn routing-mark=cn-gateway

複製代碼

.

Step 17:
Reboot the router

附件: 您需要登錄才可以下載或查看附件。沒有帳號？註冊

TOP

张无忌

進階會員

Rank: 3 Rank: 3 Rank: 3

813^#

發表於 2018-6-1 08:03 | 只看該作者

本帖最後由张无忌於 2018-6-1 08:10 編輯

怎样用GUI去set guest WiFi and guest WiFi连不到内部设备？

有member提供下面帖子，用GUI一步一步地安装Guest WiFi，而Guest WiFi client不能access内部设备。

https://www.wirelessinfo.be/mikrotik-virtueel-accespoint

请留意上面链接最后的一句就是把source address （Guest WiFi network segment）去 destination address （internal network）， action = drop。就是这一句把Guest WiFi network segment拦住了！就是access不到VPN router里面的network devices。

TOP

victorngai