# 📮RouterOS
# Cloud Host Router
Configuration Scripts
# Init
TARGET_HOST=
IPSEC_SECRET=
IDENTITY=
TIME_ZONE=Asia/Shanghai
ssh "$TARGET_HOST" << EOF
/system clock
set time-zone-name=$TIME_ZONE
/system identity
set name=$IDENTITY
/tool
fetch dst-path=keys/geektr.pub mode="https" \
url="https://flint.geektr.co/keys/ssh/geektr.pub"
fetch dst-path=keys/yumemi.pub mode="https" \
url="https://flint.geektr.co/keys/ssh/yumemi.pub"
/user add
name=yumemi group=full
/user ssh-keys
import public-key-file=keys/geektr.pub user=geektr
import public-key-file=keys/yumemi.pub user=yumemi
/ip dns static
add address=$TARGET_HOST name=router.local.geektr.co
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
/interface l2tp-server
add name=geektr-home user=ushio
/interface l2tp-server server
set allow-fast-path=yes enabled=yes ipsec-secret=$IPSEC_SECRET use-ipsec=yes
/interface pptp-server server
set enabled=yes
/ip dhcp-client
add disabled=no interface=ether1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=drop chain=forward disabled=yes src-address=!10.0.0.0/8
add action=fasttrack-connection chain=forward
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 dst-address=10.0.0.0/12 gateway=geektr-home
/ip service
set telnet disabled=yes
set ftp disabled=yes
/ppp secret
add local-address=<local_address> name=ushio password=<password> profile=default-encryption \
remote-address=<remote_address>
EOF
# Nat
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=<dst_port> in-interface=ether1 protocol=tcp to-addresses=<to_addresses> to-ports=<to_ports>
# VPN User