-
Notifications
You must be signed in to change notification settings - Fork 3
/
audience_rb1_tweaks.rsc
109 lines (87 loc) · 3.6 KB
/
audience_rb1_tweaks.rsc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# aug/06/2020 18:56:50 by RouterOS 6.47.1
# model = RBD25G-5HPacQD2HPnD
################################################################################
# rb1.local - Audience main router, using CAPsMAN
################################################################################
:global passwd "W0lT3UISImum6BNsSySs"
:global identity "rb1.local"
# "" or "8.8.8.8,8.8.4.4", etc.
:global dns ""
:global sshPort "16774"
# "America/Chicago", "America/Los_Angeles", etc.
:global timezone "America/Chicago"
:global disableYottabit "yes"
# Leave unset to skip QoS configuration; otherwise set to p20 of upload tests.
# Note: QoS has been removed from this script, pending re-implementation of a
# downloadable and installable version.
# :global uploadRate ""
################################################################################
# This password will be disabled automatically when the SSH pubkey is added, but
# we assign a strong password here just for safety in case the SSH pubkey is
# forgotten or deleted.
/user
add name="yottabit" group="full" disabled="$disableYottabit" \
password="W0lT3UISImum6BNsSySs"
# SSH will be open to the Internet; only allow password login from the LAN.
set [ find name=admin ] password="$passwd" address=192.168.88.0/24
/interface wireless
set [ find default-name=wlan3 ] adaptive-noise-immunity=ap-and-client-mode \
band=5ghz-onlyac channel-width=20/40/80mhz-XXXX disabled=no distance=\
indoors frequency=auto keepalive-frames=disabled wmm-support=enabled
/interface wireless security-profiles
set [ find ] disable-pmkid=yes
/caps-man configuration
set [ find name="cfg-2ghz" ] channel.frequency=2412,2437,2462 \
channel.band=2ghz-onlyn
set [ find name="cfg-5ghz-ac" ] channel.band=5ghz-n/ac \
channel.extension-channel=XXXX
set [ find ] installation=any keepalive-frames=disabled \
security.authentication-types=wpa2-psk security.disable-pmkid=yes \
security.group-key-update=1h
/caps-man security
set [ find name="security" ] authentication-types=wpa2-psk
/ip cloud
set ddns-enabled=yes
/ip dhcp-server
set [ find ] lease-time=1d
/ip dns set servers="$dns"
/ip service
set ssh port="$sshPort"
/ip firewall filter
add action=accept chain=input comment="Accept SSH from WAN" dst-port=16774 \
in-interface-list=WAN protocol=tcp place-before=1
/system clock
set time-zone-name="$timezone"
/system identity
set name="$identity"
/system ntp client
set enabled=yes primary-ntp=[ :resolve time1.google.com ] \
secondary-ntp=[ :resolve time2.google.com ]
/system scheduler
add interval=1d name=UpdateTimeServers on-event="/system ntp client\r\
\nset enabled=yes primary-ntp=[ :resolve time1.google.com ] \\\r\
\n secondary-ntp=[ :resolve time2.google.com ];" policy=\
read,write start-date=jan/01/1970 start-time=00:00:00
/tool graphing interface add
/tool graphing resource add
# Temporarily removed.
# :if ($uploadRate != "") do={
/system script environment
remove [ find name="passwd" ]
remove [ find name="identity" ]
remove [ find name="dns" ]
remove [ find name="sshPort" ]
remove [ find name="timezone" ]
remove [ find name="sshDisable" ]
remove [ find name="uploadRate" ]
remove [ find name="disableYottabit" ]
/tool fetch mode=https url="https://raw.githubusercontent.com/yottabit42/routeros/master/installBackupAndUpdate.rsc" output=file as-value
/import file-name="installBackupAndUpdate.rsc"
:delay 2
/file remove [ find name="installBackupAndUpdate.rsc" ]
# Import the SSH pubkey.
# Add the BackupAndUpdate script.
# Run BackupAndUpdate script with ScriptMode "backup".
# Copy backup files off device.
# Record the DDNS name:
:put [ /ip cloud get dns-name ]