Board logo

標題: 【RouterOS】—— 在香港街上和家里怎样享用大陆资源? [打印本頁]

作者: 角色    時間: 2014-9-7 23:21     標題: 【RouterOS】—— 在香港街上和家里怎样享用大陆资源?

本帖最後由 角色 於 2014-9-9 10:40 編輯

如果你有一台Routerboard,那么你可以考虑上最新的RouterOS V6.18+,而我用V6.18。因为从V6.14就有VPN的快速设定。

好了回到主题,我们先设家里的RB,怎样设,可以参考 Link 。如果不开RouterOS 在V6.14自带的VPN Access功能,而用RouterBoard的default settings, IP=192.168.88.1, 那么link的script是可以马上可以用,只要坐适当的更改就可以。

怎样找blocked IP, 可以参考下面帖子:
http://www.hkepc.com/forum/viewt ... p;extra=&page=1
作者: 角色    時間: 2014-9-7 23:26

下面的script与之前的Link的有几个注意的地方:

1、profile=profile-cn
2、要在/ppp profile加入一个新的profile called profile-cn, 因为用default的会跟VPN Access的defualt settings有冲突。
  1. :local username "vpn-name"
  2. :local password "vpn-passowrd"
  3. :local hostname "vpn-server-host-name"
  4. :local internal "192.168.88.0/24"
  5. /interface pptp-client
  6. add add-default-route=no allow=chap,mschap1,mschap2 connect-to=$hostname \
  7. dial-on-demand=no disabled=no keepalive-timeout=60 max-mru=1400 max-mtu=\
  8. 1400 mrru=disabled name=vpn_cn password=$password profile=\
  9. profile-cn user=$username
  10. /ip firewall mangle
  11. add action=mark-routing chain=prerouting dst-address-list=UnBlockIPList \
  12. port=80,443,8080 new-routing-mark=through_vpn_cn passthrough=no \
  13. protocol=tcp src-address-list=Internal-Nets disabled=no
  14. /ip firewall nat
  15. add action=masquerade chain=srcnat out-interface=vpn_cn disabled=no
  16. /ip route
  17. add distance=1 gateway=vpn_cn routing-mark=through_vpn_cn disabled=no \
  18. scope=255
  19. /ip dns
  20. set allow-remote-requests=yes servers=8.8.8.8,114.114.114.114
  21. /ip firewall address-list
  22. add list=Internal-Nets address=$internal comment="Internal-Nets"
  23. add list=UnBlockIPList address=103.7.28.0/24
  24. add list=UnBlockIPList address=103.7.30.0/24
  25. add list=UnBlockIPList address=103.7.31.0/24
  26. add list=UnBlockIPList address=107.21.213.0/24
  27. add list=UnBlockIPList address=111.161.48.0/24
  28. add list=UnBlockIPList address=115.182.93.0/24
  29. add list=UnBlockIPList address=117.121.54.0/24
  30. add list=UnBlockIPList address=118.244.244.0/24
  31. add list=UnBlockIPList address=119.147.19.0/24
  32. add list=UnBlockIPList address=119.188.40.0/24
  33. add list=UnBlockIPList address=123.125.195.0/24
  34. add list=UnBlockIPList address=123.125.89.0/24
  35. add list=UnBlockIPList address=123.126.48.0/24
  36. add list=UnBlockIPList address=123.126.53.0/24
  37. add list=UnBlockIPList address=123.126.98.0/24
  38. add list=UnBlockIPList address=123.126.99.0/24
  39. add list=UnBlockIPList address=123.58.180.0/24
  40. add list=UnBlockIPList address=125.39.70.0/24
  41. add list=UnBlockIPList address=125.39.95.0/24
  42. add list=UnBlockIPList address=125.89.72.0/24
  43. add list=UnBlockIPList address=163.177.71.0/24
  44. add list=UnBlockIPList address=163.177.79.0/24
  45. add list=UnBlockIPList address=163.177.89.0/24
  46. add list=UnBlockIPList address=180.153.106.0/24
  47. add list=UnBlockIPList address=180.153.21.0/24
  48. add list=UnBlockIPList address=180.153.225.0/24
  49. add list=UnBlockIPList address=180.76.2.0/24
  50. add list=UnBlockIPList address=182.16.230.0/24
  51. add list=UnBlockIPList address=183.61.119.0/24
  52. add list=UnBlockIPList address=184.51.15.0/24
  53. add list=UnBlockIPList address=192.241.222.0/24
  54. add list=UnBlockIPList address=202.108.14.0/24
  55. add list=UnBlockIPList address=202.108.23.0/24
  56. add list=UnBlockIPList address=202.108.37.0/24
  57. add list=UnBlockIPList address=202.108.5.0/24
  58. add list=UnBlockIPList address=202.55.10.0/24
  59. add list=UnBlockIPList address=202.55.12.0/24
  60. add list=UnBlockIPList address=210.129.145.0/24
  61. add list=UnBlockIPList address=211.151.181.0/24
  62. add list=UnBlockIPList address=218.205.72.0/24
  63. add list=UnBlockIPList address=218.30.66.0/24
  64. add list=UnBlockIPList address=218.77.91.0/24
  65. add list=UnBlockIPList address=220.181.109.0/24
  66. add list=UnBlockIPList address=220.181.118.0/24
  67. add list=UnBlockIPList address=220.181.153.0/24
  68. add list=UnBlockIPList address=220.181.154.0/24
  69. add list=UnBlockIPList address=220.181.185.0/24
  70. add list=UnBlockIPList address=220.181.19.0/24
  71. add list=UnBlockIPList address=220.181.61.0/2
  72. add list=UnBlockIPList address=220.181.74.0/24
  73. add list=UnBlockIPList address=220.181.90.0/24
  74. add list=UnBlockIPList address=220.181.94.0/24
  75. add list=UnBlockIPList address=220.194.199.0/24
  76. add list=UnBlockIPList address=221.238.18.0/24
  77. add list=UnBlockIPList address=42.156.140.0/24
  78. add list=UnBlockIPList address=42.62.20.0/24
  79. add list=UnBlockIPList address=42.62.49.0/24
  80. add list=UnBlockIPList address=54.243.116.0/24
  81. add list=UnBlockIPList address=58.215.179.0/24
  82. add list=UnBlockIPList address=58.222.17.0/24
  83. add list=UnBlockIPList address=58.63.237.0/24
  84. add list=UnBlockIPList address=58.83.190.0/24
  85. add list=UnBlockIPList address=59.151.12.0/24
  86. add list=UnBlockIPList address=60.217.235.0/24
  87. add list=UnBlockIPList address=60.28.164.0/24
  88. add list=UnBlockIPList address=61.135.132.0/24
  89. add list=UnBlockIPList address=61.135.181.0/24
  90. add list=UnBlockIPList address=61.135.183.0/24
  91. add list=UnBlockIPList address=61.135.196.0/24
  92. add list=UnBlockIPList address=61.135.253.0/24
  93. add list=UnBlockIPList address=66.102.246.0/24
複製代碼

作者: 角色    時間: 2014-9-7 23:31

因为VPN Access也用了profile=default-encryption,而之前上面的Link也用profile=default-encryption,所以上面就建议大家修改为profile=profile-cn,那么两家都不影响对方。

而VPN Acccess,用的network是192.168.89.0/24。如果在大家外面VPN家里的RB,那么接入是IP是192.168.89.0/24,而不是192.168.88.0/24,为了想用到上面的服务,那么就要把192.168.89.0/24着段加入上面的script,add list=Internal-Nets address=192.168.89.0/24。
作者: 角色    時間: 2014-9-7 23:37

上面的magic script,要注意的地方:

:local username "vpn-name"
:local password "vpn-passowrd"
:local hostname "vpn-server-host-name"
:local internal "192.168.88.0/24"

特别要注意internal lan network,如果修改到其他段,如10.1.2.0/24, 你要再修改/ip dhcp-server netword下的DNS Server为10.1.2.1。
作者: 角色    時間: 2014-9-7 23:38

有了上面的功能,那么我们就可以在车上听QQ的Music了。如果你的手机速度够快的话,那么也可以看电影。




歡迎光臨 電訊茶室 (http://telecom-cafe.com/forum/) Powered by Discuz! 7.2