From dcad58f4dab86cc008f2b1bd82c1b42ce6886c7e Mon Sep 17 00:00:00 2001 From: Max HeadRoom Date: Tue, 19 May 2026 17:44:08 +0200 Subject: [PATCH] Delete nomes_comandes_tunel_IPSEC. --- nomes_comandes_tunel_IPSEC. | 97 ------------------------------------- 1 file changed, 97 deletions(-) delete mode 100644 nomes_comandes_tunel_IPSEC. diff --git a/nomes_comandes_tunel_IPSEC. b/nomes_comandes_tunel_IPSEC. deleted file mode 100644 index 9637399..0000000 --- a/nomes_comandes_tunel_IPSEC. +++ /dev/null @@ -1,97 +0,0 @@ -connectar-se al port 2 del mikrotik -engegar winbox - -FORCE RESET -/system reset-configuration no-defaults=yes skip-backup=no -YES - -/system identity set name=Router-A -/interface bridge add name=bridge-LAN - -Per activa el mode segur - -apretar control + X - -/interface bridge port add bridge=bridge-LAN interface=ether2 - -PAUSA -copy.paste a saco !!! - -/interface bridge port add bridge=bridge-LAN interface=ether3 -/interface bridge port add bridge=bridge-LAN interface=ether4 -/interface bridge port add bridge=bridge-LAN interface=ether5 -/ip address add address=10.1.202.1/24 interface=bridge-LAN comment="LAN Router-A" -/ip address add address=192.168.90.1/24 interface=ether1 comment="WAN Router-A" -/ip route add dst-address=192.168.80.0/24 gateway=192.168.90.254 comment="Ruta cap a WAN Router-B via NU-GAN5" -/ip ipsec profile add name=perfil-vpn hash-algorithm=sha256 enc-algorithm=aes-256 dh-group=modp2048 lifetime=8h dpd-interval=120s dpd-maximum-failures=5 nat-traversal=yes -/ip ipsec peer add name=peer-routerB address=192.168.80.1 exchange-mode=ike2 profile=perfil-vpn -/ip ipsec identity add peer=peer-routerB auth-method=pre-shared-key secret="class" -/ip ipsec proposal add name=proposta-vpn auth-algorithms=sha256 enc-algorithms=aes-256-cbc pfs-group=modp2048 lifetime=1h -/ip ipsec policy add peer=peer-routerB tunnel=yes src-address=10.1.202.0/24 dst-address=10.1.101.0/24 protocol=all action=encrypt level=require ipsec-protocols=esp sa-src-address=192.168.90.1 sa-dst-address=192.168.80.1 proposal=proposta-vpn -/ip firewall nat add chain=srcnat src-address=10.1.202.0/24 dst-address=10.1.101.0/24 action=accept comment="No NAT cap a LAN-B per IPsec" -/ip route add dst-address=10.1.101.0/24 gateway=192.168.90.254 comment="Ruta cap a LAN-B per IPsec" - - -TEST !! -/ping 192.168.80.1 -/ip ipsec active-peers print -/ip ipsec installed-sa print detail -/ping 10.1.101.1 src-address=10.1.202.1 - - - -I recordatori important: això reconstrueix Router-A. Perquè els clients funcionin sense rutes manuals, han de tenir com a gateway: - -Clients LAN A → 10.1.202.1 -Clients LAN B → 10.1.101.1 - - -Aquest seria el bloc net per reconstruir Router-B / xarxa B després d'un reset sense defaults: - -/system identity set name=Router-B - -/interface bridge add name=bridge-LAN - -/interface bridge port add bridge=bridge-LAN interface=ether2 -/interface bridge port add bridge=bridge-LAN interface=ether3 -/interface bridge port add bridge=bridge-LAN interface=ether4 -/interface bridge port add bridge=bridge-LAN interface=ether5 - -/ip address add address=10.1.101.1/24 interface=bridge-LAN comment="LAN Router-B" -/ip address add address=192.168.80.1/24 interface=ether1 comment="WAN Router-B" - -/ip route add dst-address=192.168.90.0/24 gateway=192.168.80.254 comment="Ruta cap a WAN Router-A via NU-GAN5" - -/ip ipsec profile add name=perfil-vpn hash-algorithm=sha256 enc-algorithm=aes-256 dh-group=modp2048 lifetime=8h dpd-interval=120s dpd-maximum-failures=5 nat-traversal=yes - -/ip ipsec peer add name=peer-routerA address=192.168.90.1 exchange-mode=ike2 profile=perfil-vpn - -/ip ipsec identity add peer=peer-routerA auth-method=pre-shared-key secret="class" - -/ip ipsec proposal add name=proposta-vpn auth-algorithms=sha256 enc-algorithms=aes-256-cbc pfs-group=modp2048 lifetime=1h - -/ip ipsec policy add peer=peer-routerA tunnel=yes src-address=10.1.101.0/24 dst-address=10.1.202.0/24 protocol=all action=encrypt level=require ipsec-protocols=esp sa-src-address=192.168.80.1 sa-dst-address=192.168.90.1 proposal=proposta-vpn - -/ip firewall nat add chain=srcnat src-address=10.1.101.0/24 dst-address=10.1.202.0/24 action=accept comment="No NAT cap a LAN-A per IPsec" - -/ip route add dst-address=10.1.202.0/24 gateway=192.168.80.254 comment="Ruta cap a LAN-A per IPsec" - -Comprovació mínima des del Router-B: - -/ping 192.168.90.1 -/ip ipsec active-peers print -/ip ipsec installed-sa print detail -/ping 10.1.202.1 src-address=10.1.101.1 - -I recordatori pels clients de la xarxa B: - -Clients LAN B → gateway 10.1.101.1 - -Si un client de LAN B té un altre gateway, llavors necessitarà ruta específica: - -sudo ip route add 10.1.202.0/24 via 10.1.101.1 - - - - -