ros的外网为pppoe接入，用户使用pptp内网拨号到ros，然后通过其中一条pppoe伪装上网。

技术资料分享,软路由,图文教程

 0  969

admin 自由达人 2022-11-27 19:33:39

用户等级：5级

环境：

ros为ccr，pppoe为3根电信接入，每根电信4拨，一共12根ADSL，pptp的pool池，设置为12个IP，每个IP进行伪装到其中一根pppoe上网，pptp的帐号就一个帐号密码，允许重复拨号。

由于电信多拨，需要设置多个vrrp，来拨号，可以让拨号出去的mac都不同，所以生成了12个vrrp，生成12个id。

每个pppoe进入一个vlan，一个vlan id对应一个pppoe

vvrp启用，还需要对vrrp主网卡设置ip，然后对vrrp设置ip，才能启用。ip随便编写

目的地址如果是局域网的，不要从pppoe出口出去上网，排除了下lanip

/interface bridge
add name=bridge1-lan
add name=bridge2-wan
/interface vlan
add interface=bridge2-wan name=vlan801 vlan-id=801
add interface=bridge2-wan name=vlan802 vlan-id=802
add interface=bridge2-wan name=vlan803 vlan-id=803
/interface vrrp
add interface=vlan801 name=vrrp1
add interface=vlan801 name=vrrp2 vrid=2
add interface=vlan801 name=vrrp3 vrid=3
add interface=vlan801 name=vrrp4 vrid=4
add interface=vlan802 name=vrrp5 vrid=5
add interface=vlan802 name=vrrp6 vrid=6
add interface=vlan802 name=vrrp7 vrid=7
add interface=vlan802 name=vrrp8 vrid=8
add interface=vlan803 name=vrrp9 vrid=9
add interface=vlan803 name=vrrp10 vrid=10
add interface=vlan803 name=vrrp11 vrid=11
add interface=vlan803 name=vrrp12 vrid=12
/interface pppoe-client
add disabled=no interface=vrrp1 name=pppoe-out1 password=电信密码1 user=电信帐号1
add disabled=no interface=vrrp2 name=pppoe-out2 password=电信密码1 user=电信帐号1
add disabled=no interface=vrrp3 name=pppoe-out3 password=电信密码1 user=电信帐号1
add disabled=no interface=vrrp4 name=pppoe-out4 password=电信密码1 user=电信帐号1
add disabled=no interface=vrrp5 name=pppoe-out5 password=电信密码2 user=电信帐号2
add disabled=no interface=vrrp6 name=pppoe-out6 password=电信密码2 user=电信帐号2
add disabled=no interface=vrrp7 name=pppoe-out7 password=电信密码2 user=电信帐号2
add disabled=no interface=vrrp8 name=pppoe-out8 password=电信密码2 user=电信帐号2
add disabled=no interface=vrrp9 name=pppoe-out9 password=电信密码3 user=电信帐号3
add disabled=no interface=vrrp10 name=pppoe-out10 password=电信密码3 user=电信帐号3
add disabled=no interface=vrrp11 name=pppoe-out11 password=电信密码3 user=电信帐号3
add disabled=no interface=vrrp12 name=pppoe-out12 password=电信密码3 user=电信帐号3
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pptp ranges=172.22.22.1-172.22.22.12
/ppp profile
set *FFFFFFFE dns-server=223.5.5.5,223.6.6.6 local-address=172.22.22.254 on-up=":log error (\$\"user\".\"/\".\$\"local-address\".\"/\".\$\"remote-address\
\".\"/\".\$\"caller-id\".\"/\".\$\"called-id\".\"/\".\$\"interface\")\r\
\n:log error (\$\"remote-address\")\r\
\n:global aaa [:pick \$\"remote-address\" 10 13]\r\
\n:log error \$aaa\r\
\n/interface pppoe-client enable (\"pppoe-out\".\$aaa)" only-one=no remote-address=pptp
/interface bridge port
add bridge=bridge1-lan interface=ether12
add bridge=bridge1-lan interface=ether11
add bridge=bridge1-lan interface=ether10
add bridge=bridge1-lan interface=ether9
add bridge=bridge2-wan interface=ether1
add bridge=bridge2-wan interface=ether2
add bridge=bridge2-wan interface=ether3
add bridge=bridge2-wan interface=ether4
add bridge=bridge2-wan interface=ether5
add bridge=bridge2-wan interface=ether6
add bridge=bridge2-wan interface=ether7
add bridge=bridge2-wan interface=ether8
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.64.201/24 interface=bridge1-lan network=192.168.64.0
add address=123.123.1.1 interface=vrrp1 network=123.123.1.1
add address=123.123.1.0 interface=vlan801 network=123.123.1.0
add address=123.123.1.2 interface=vrrp2 network=123.123.1.2
add address=123.123.1.3 interface=vrrp3 network=123.123.1.3
add address=123.123.1.4 interface=vrrp4 network=123.123.1.4
add address=123.123.2.0 interface=vlan802 network=123.123.2.0
add address=123.123.2.1 interface=vrrp5 network=123.123.2.1
add address=123.123.2.2 interface=vrrp6 network=123.123.2.2
add address=123.123.2.3 interface=vrrp7 network=123.123.2.3
add address=123.123.3.1 interface=vrrp9 network=123.123.3.1
add address=123.123.3.0 interface=vlan803 network=123.123.3.0
add address=123.123.3.2 interface=vrrp10 network=123.123.3.2
add address=123.123.3.3 interface=vrrp11 network=123.123.3.3
add address=123.123.3.4 interface=vrrp12 network=123.123.3.4
add address=123.123.2.4 interface=vrrp8 network=123.123.2.4
/ip firewall address-list
add address=192.168.0.0/16 list=lanip
add address=172.16.0.0/16 list=lanip
add address=10.0.0.0/8 list=lanip
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp1 passthrough=no src-address=172.22.22.1
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp2 passthrough=no src-address=172.22.22.2
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp3 passthrough=no src-address=172.22.22.3
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp4 passthrough=no src-address=172.22.22.4
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp5 passthrough=no src-address=172.22.22.5
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp6 passthrough=no src-address=172.22.22.6
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp7 passthrough=no src-address=172.22.22.7
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp8 passthrough=no src-address=172.22.22.8
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp9 passthrough=no src-address=172.22.22.9
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp10 passthrough=no src-address=172.22.22.10
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp11 passthrough=no src-address=172.22.22.11
add action=mark-routing chain=prerouting dst-address-list=!lanip new-routing-mark=pptp12 passthrough=no src-address=172.22.22.12
/ip firewall nat
add action=masquerade chain=srcnat out-interface=all-ppp
add action=masquerade chain=srcnat out-interface=bridge1-lan
/ip route
add distance=1 gateway=pppoe-out1 routing-mark=pptp1
add distance=1 gateway=pppoe-out2 routing-mark=pptp2
add distance=1 gateway=pppoe-out3 routing-mark=pptp3
add distance=1 gateway=pppoe-out4 routing-mark=pptp4
add distance=1 gateway=pppoe-out5 routing-mark=pptp5
add distance=1 gateway=pppoe-out6 routing-mark=pptp6
add distance=1 gateway=pppoe-out7 routing-mark=pptp7
add distance=1 gateway=pppoe-out8 routing-mark=pptp8
add distance=1 gateway=pppoe-out9 routing-mark=pptp9
add distance=1 gateway=pppoe-out10 routing-mark=pptp10
add distance=1 gateway=pppoe-out11 routing-mark=pptp11
add distance=1 gateway=pppoe-out12 routing-mark=pptp12
add distance=1 dst-address=10.0.0.0/8 gateway=192.168.64.254
add distance=1 dst-address=172.16.0.0/16 gateway=192.168.64.254
add distance=1 dst-address=192.168.0.0/16 gateway=192.168.64.254
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox port=8081
set api-ssl disabled=yes
/ppp secret
add name=pptp帐号 password=pptp密码 profile=default-encryption service=pptp
/system clock manual
set dst-delta=+08:00 time-zone=+08:00
/system ntp client
set enabled=yes primary-ntp=10.10.2.2 secondary-ntp=10.10.2.3

ppp脚本那边设置pptp拨号上来，就重启对应的pppoe拨号

:log error ($"user"."/".$"local-address"."/".$"remote-address"."/".$"caller-id"."/".$"called-id"."/".$"interface")
:log error ($"remote-address")
:global aaa [:pick $"remote-address" 10 13]
:log error $aaa
/interface pppoe-client enable ("pppoe-out".$aaa)

本文章最后由 admin 于 2022-11-27 19:34 编辑

楼主签名：唱跳rap和篮球

回帖

回复列表

更多回复

站长有偿接单QQ：821689701 早上10点到晚上22点

本站热帖: 01 爱快ikuai转发pptp、l2tp客户端端口数据 665737; 02 抖音tiktok国际版视频直播专线搭建服务 658050; 03 亚马逊电商访问开店专线搭建服务 656741; 04 天翼云多IP搭建PPTP、L2TP、SOCKS5游戏专线服务 656624; 05 海外游戏Game工作室专线搭建服务 656610; 06 国内快手直播专线搭建服务 655911; 07 国内抖音直播专线搭建服务 654454; 08 centos7 L2TP/ipsec 搭建 179084; 09 全自动一键网络重装脚本（DD脚本）推荐 177587; 10 Linux一键脚本zabbix安装代码 176137

ros的外网为pppoe接入，用户使用pptp内网拨号到ros，然后通过其中一条pppoe伪装上网。

站长有偿接单QQ：821689701 早上10点到晚上22点

最新会员

友情链接