! $$$ Model: Keenetic Ultra ! $$$ Version: 2.06.1 ! $$$ Agent: http/rci ! $$$ Md5 checksum: 143e18eb64c733bf39dad9ff73b56245 ! $$$ Last change: Mon, 12 Oct 2020 06:51:20 GMT system set net.ipv4.ip_forward 1 set net.ipv4.tcp_fin_timeout 30 set net.ipv4.tcp_keepalive_time 120 set net.ipv4.neigh.default.gc_thresh1 256 set net.ipv4.neigh.default.gc_thresh2 1024 set net.ipv4.neigh.default.gc_thresh3 2048 set net.ipv6.neigh.default.gc_thresh1 256 set net.ipv6.neigh.default.gc_thresh2 1024 set net.ipv6.neigh.default.gc_thresh3 2048 set net.netfilter.nf_conntrack_tcp_timeout_established 1200 set net.netfilter.nf_conntrack_max 16384 set vm.swappiness 60 set vm.overcommit_memory 0 set vm.vfs_cache_pressure 1000 set dev.usb.force_usb2 0 set net.ipv6.conf.all.forwarding 1 clock timezone Europe/Moscow domainname WORKGROUP hostname KeeneticFeodoth description Ultra ndss dump-report disable ! ntp server 0.pool.ntp.org ntp server 1.pool.ntp.org ntp server 2.pool.ntp.org ntp server 3.pool.ntp.org known host DESKTOP-D1GTLB8 a8:a1:59:12:b5:f1 known host raspberrypi4cable dc:a6:32:87:90:49 known host Galaxy-S10-Lite b6:c8:b4:ef:68:71 access-list _WEBADMIN_IPSEC_VPNL2TPServer permit udp 0.0.0.0 0.0.0.0 port eq 1701 0.0.0.0 0.0.0.0 ! access-list _WEBADMIN_GigabitEthernet0/Vlan4 permit tcp 192.168.30.0 255.255.255.0 0.0.0.0 0.0.0.0 permit udp 192.168.30.0 255.255.255.0 0.0.0.0 0.0.0.0 ! access-list _WEBADMIN_Wireguard0 permit ip 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 ! isolate-private user admin password md5 685d7025e32cad7ad9daf73f805d99cb password nt bd6b8edbf9319ab43484c8d74a7a71e7 tag cli tag http tag ftp tag opt tag cifs tag printers tag webdav tag sftp tag torrent tag ipsec-l2tp ! dyndns profile _WEBADMIN ! adguard-dns assign a8:a1:59:12:b5:f1 default assign dc:a6:32:87:90:49 default assign b6:c8:b4:ef:68:71 default ! interface GigabitEthernet0 up ! interface GigabitEthernet0/0 rename 1 switchport mode access switchport access vlan 1 up ! interface GigabitEthernet0/2 rename 3 switchport mode access switchport access vlan 1 up ! interface GigabitEthernet0/3 rename 4 switchport mode access switchport access vlan 1 up ! interface GigabitEthernet0/Vlan1 description "Home VLAN" security-level private ip dhcp client dns-routes ip dhcp client name-servers up ! interface GigabitEthernet0/Vlan3 description "Guest VLAN" security-level protected ip dhcp client dns-routes ip dhcp client name-servers up ! interface GigabitEthernet0/Vlan4 description "\xd0\x9c\xd0\x93\xd0\xa2\xd0\xa1" mac address factory wan security-level public ip address dhcp ip dhcp client hostname KeeneticFeodoth ip dhcp client dns-routes ip dhcp client no name-servers ip mtu 1500 ip access-group _WEBADMIN_GigabitEthernet0/Vlan4 in ip global 700 igmp upstream ipv6 address auto ipv6 prefix auto ipv6 name-servers auto up bandwidth-limit 217033 ! interface GigabitEthernet0/1 rename 2 role inet for GigabitEthernet0/Vlan4 switchport mode access switchport access vlan 4 up ! interface GigabitEthernet1 rename ISP description "Broadband connection" mac address factory wan security-level private ip address dhcp ip dhcp client dns-routes ip dhcp client name-servers ipv6 address auto ipv6 prefix auto ipv6 name-servers auto up ! interface GigabitEthernet1/0 rename 0 ipv6 address auto ipv6 prefix auto ipv6 name-servers auto up ! interface WifiMaster0 country-code RU compatibility BGN channel 13 channel width 40-below tx-burst rekey-interval 86400 beamforming explicit vht up ! interface WifiMaster0/AccessPoint0 rename AccessPoint description "Wi-Fi access point" mac access-list type none security-level private wps wps no auto-self-pin authentication wpa-psk ns3 RGvVEDiwQzZptAE5CYCkF07N encryption enable encryption wpa2 ip dhcp client dns-routes ip dhcp client name-servers ssid KeeneticFeodoth wmm rrm ft mdid 5F ft enable up ! interface WifiMaster0/AccessPoint1 rename GuestWiFi description "Guest access point" mac access-list type none security-level private ip dhcp client dns-routes ip dhcp client name-servers ssid Guest wmm rrm ft mdid ZF ft enable down ! interface WifiMaster0/AccessPoint2 mac access-list type none security-level private ip dhcp client dns-routes ip dhcp client name-servers down ! interface WifiMaster0/AccessPoint3 mac access-list type none security-level private ip dhcp client dns-routes ip dhcp client name-servers down ! interface WifiMaster0/WifiStation0 security-level public encryption disable ip dhcp client dns-routes ip dhcp client name-servers down ! interface WifiMaster1 country-code RU compatibility AN+AC channel 64 channel width 160 tx-burst rekey-interval 86400 band-steering beamforming explicit downlink-mumimo up ! interface WifiMaster1/AccessPoint0 rename AccessPoint_5G description "5GHz Wi-Fi access point" mac access-list type none security-level private wps wps no auto-self-pin authentication wpa-psk ns3 RGvVEDiwQzZptAE5CYCkF07N encryption enable encryption wpa2 ip dhcp client dns-routes ip dhcp client name-servers ssid KeeneticFeodoth wmm rrm ft mdid 5F ft enable up ! interface WifiMaster1/AccessPoint1 rename GuestWiFi_5G description "5GHz Guest access point" mac access-list type none security-level private ip dhcp client dns-routes ip dhcp client name-servers ssid Guest rrm ft mdid ZF ft enable down ! interface WifiMaster1/AccessPoint2 mac access-list type none security-level private ip dhcp client dns-routes ip dhcp client name-servers down ! interface WifiMaster1/AccessPoint3 mac access-list type none security-level private ip dhcp client dns-routes ip dhcp client name-servers down ! interface WifiMaster1/WifiStation0 security-level public encryption disable ip dhcp client hostname Keenetic-2G ip dhcp client dns-routes ip dhcp client name-servers down ! interface Bridge0 rename Home description "Home network" inherit GigabitEthernet0/Vlan1 include AccessPoint include AccessPoint_5G include ISP mac access-list type none security-level private ip address 192.168.2.1 255.255.255.0 ip dhcp client dns-routes ip dhcp client name-servers igmp downstream iapp key ns3 H5GuFvKMCLkOTh4HE7rBYg+op5tb0U5sZuoRmwDHreiTU0Bp up ! interface Bridge1 rename Guest description "Guest network" traffic-shape rate 5120 inherit GigabitEthernet0/Vlan3 include GuestWiFi include GuestWiFi_5G mac access-list type none peer-isolation security-level protected ip address 10.1.30.1 255.255.255.0 ip dhcp client dns-routes ip dhcp client name-servers iapp key ns3 8TPhJicKbjhPTYvsqlEHR5AswPSNaNUvZenXFgezko9lAsMh up ! interface L2TP0 description MyVpnOnVps role misc peer 93.179.68.100 no ipv6cp lcp echo 30 3 ipcp default-route ipcp name-servers ipcp dns-routes no ccp security-level public authentication identity clientrgb authentication password ns3 D+SNf4sFveXt0vS4Ui+zeW5u ip dhcp client dns-routes ip dhcp client name-servers ip mtu 1500 ip tcp adjust-mss pmtu ipsec preshared-key ns3 teGutYlIep1Tr3IG43E+9/2n connect up ! interface Wireguard0 description mywireguard security-level private ip address 172.16.82.1 255.255.255.0 ip mtu 1324 ip access-group _WEBADMIN_Wireguard0 in ip tcp adjust-mss pmtu wireguard listen-port 55666 wireguard peer gIZncEXIy1xTcJDb+/q6TWPgfCt5m1IlqlEMC2J2k04= !peer1client keepalive-interval 30 allow-ips 172.16.82.4 255.255.255.255 ! up ! ip route 192.168.30.0 255.255.255.0 L2TP0 auto !softether1 ip dhcp pool _WEBADMIN range 192.168.2.1 192.168.2.120 lease 25200 bind Home enable ! ip dhcp pool _WEBADMIN_GUEST_AP range 10.1.30.33 10.1.30.152 bind Guest enable ! ip dhcp host dc:a6:32:87:90:49 192.168.2.42 ip name-server 8.8.8.8 "" on Wireguard0 ip name-server 192.168.2.42 "" on GigabitEthernet0/Vlan4 ip name-server 8.8.8.8 "" on GigabitEthernet0/Vlan4 ip http port 80 ip http security-level public ip http lockout-policy 5 15 3 ip http ssl enable ip http ssl redirect ip http webdav security-level public ! ip nat Home ip nat Guest ip nat Wireguard0 ip nat vpn ip nat sstp ip static tcp GigabitEthernet0/Vlan4 13555 dc:a6:32:87:90:49 10000 !webmin ip telnet port 23 security-level private lockout-policy 5 15 3 ! ip ssh port 22 security-level private lockout-policy 5 15 3 ! ip ftp security-level private lockout-policy 4 15 3 ! ip hotspot policy Home permit host a8:a1:59:12:b5:f1 permit host dc:a6:32:87:90:49 permit host b6:c8:b4:ef:68:71 permit ! ipv6 subnet Default bind Home number 0 mode slaac ! ipv6 firewall ppe software ppe hardware ppe hardware-ipv6 upnp lan Home torrent rpc-port 8090 peer-port 51413 ! crypto engine hardware crypto ike key VirtualIPServer ns3 teGutYlIep1Tr3IG43E+9/2n any crypto ike proposal VPNL2TPServer encryption 3des encryption des encryption aes-cbc-128 encryption aes-cbc-256 dh-group 2 dh-group 1 dh-group 20 dh-group 19 dh-group 14 integrity sha1 integrity sha256 integrity md5 ! crypto ike policy VPNL2TPServer proposal VPNL2TPServer lifetime 28800 mode ikev1 negotiation-mode main ! crypto ipsec transform-set VPNL2TPServer lifetime 28800 cypher esp-aes-128 cypher esp-3des cypher esp-des hmac esp-sha1-hmac hmac esp-sha256-hmac hmac esp-md5-hmac ! crypto ipsec profile VPNL2TPServer dpd-interval 20 4 dpd-clear identity-local address 0.0.0.0 match-identity-remote any authentication-local pre-share authentication-remote pre-share mode transport policy VPNL2TPServer ! crypto ipsec mtu auto crypto map VPNL2TPServer set-peer any set-profile VPNL2TPServer set-transform VPNL2TPServer match-address _WEBADMIN_IPSEC_VPNL2TPServer nail-up no reauth-passive virtual-ip no enable l2tp-server range 172.16.2.33 172.16.2.132 l2tp-server interface Home l2tp-server nat l2tp-server multi-login l2tp-server lcp echo 30 3 l2tp-server enable enable ! sstp-server interface Home pool-range 172.16.3.33 200 multi-login lcp echo 30 3 ! vpn-server interface Home pool-range 172.16.1.33 200 multi-login lcp echo 30 3 lockout-policy 3 30 5 ! service dhcp service dns-proxy service igmp-proxy service http service cifs service telnet service ssh service ntp-client service upnp service ipsec service ntce cifs share 01D68EBFF7F032A0 01D68EBFF7F032A0: automount permissive ! dlna interface Home ! dns-proxy rebind-protect auto ! opkg disk 01D68EBFF7F032A0:/ components auto-update disable auto-update channel beta ! cloud control2 security-level public !