Посмотрел тут MUM Реализация MultiWAN. Вопросы, проблемы и решения - Илья Князев (SPW.RU, Россия). Очень грамотно рассказано, но момент с одним шлюзом не совсем понял. Тут https://spw.ru/forum/threads/3-belyx-ajpi-ot-odnogo-provajdera-rb2011.3099/ у Вас писали, что в принципе не возможно, а человек утверждает, что возможно, но указано только 2 WAN (DualWAN). Связку address%interface пробовал, но... понятно то, что ничего непонятно. У меня аналогичная ситуёвина: 4 бухгалтера сдача отчётности строго через свой выделенный IP. Провайдер один IP'шники разные - шлюз один. Две внутренние подсети: 192.168.0.0/24, 192.168.102.0/24 Кроме указания: /ip route add distance=1 gateway=10.0.0.1%ether1-WAN1 add distance=2 gateway=10.0.0.1%ether2-WAN2 add distance=3 gateway=10.0.0.1%ether3-WAN3 add distance=4 gateway=10.0.0.1%ether4-WAN4 add distance=1 gateway=10.0.0.1%ether1-WAN1 routing-mark=WAN1 add distance=1 gateway=10.0.0.1%ether2-WAN2 routing-mark=WAN2 add distance=1 gateway=10.0.0.1%ether3-WAN3 routing-mark=WAN3 add distance=1 gateway=10.0.0.1%ether4-WAN4 routing-mark=WAN4 Что ещё нужно указывать для правильного функционирования маршрутизации, заворота бухгалтерских IP'шников в нужный WAN? Что указывать для балансировки нагрузки? Плюс ко всему через l2tp будут подключаться пользователи (подсеть 192.168.31.0/24). Их сеть нужно пробросить в наши сети. Если не сложно, можно пример... Сильно не пинать учусь я только и разбираюсь ))).
У вас нет мультиван. У вас он ОДИН. Для того чтобы бухгалтер всегда выходил с нужного адреса - используйте NAT. https://spw.ru/educate/articles/natpart3/ в помощь
Дабы не плодить темы решил спросить здесь. Что имею: 4 канала от одного провайдера с белыми адресами. На Микротике R1 поднят DHCP сервер для локальных подсетей. Микротик R1 через транк соединён с Циской. Циска переведена в режим L3. На Микротике также поднят L2TP сервер. Микротик R2 из удалённого офиса цепляется к R1. Но где то, что то, я упустил и понять не могу. В общем с Микротика R1 пингуется вся сеть филиала 192.168.32.0/24, а с компьютера 192.168.0.250 в головном офисе не пингуется. С Микротика филиала пингуется только 192.168.0.1 и 192.168.0.2 на Циске. С компа в филиале не пингуется вообще ничего. Вот схема:
Конфиг CISCO: Код: ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Switch ! boot-start-marker boot-end-marker ! no aaa new-model clock timezone EKATERINBURG 5 clock summer-time PDT recurring switch 1 provision ws-c3750-48p system mtu routing 1500 vtp mode transparent udld enable ip routing no ip domain-lookup ip domain-name accord-avto.ru ip name-server 192.168.0.11 ! crypto pki trustpoint TP-self-signed-2463687680 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2463687680 revocation-check none rsakeypair TP-self-signed-2463687680 ! no errdisable detect cause gbic-invalid port-channel load-balance src-dst-ip ! spanning-tree mode rapid-pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 2 name Mobile_LAN ! vlan 3 name Guest_LAN ! vlan 10 name OFFICE_NET ! vlan 11 name SERVERS_NET ! vlan 15 name WiFi_LAN ! vlan 100 name VoIP_NET ! vlan 101 name Printers_NET ! vlan 102 name Video_LAN ! vlan 210 name Manegement_LAN ! vlan 222 ! ip ssh time-out 60 ip ssh authentication-retries 2 ip ssh version 2 ! interface Port-channel1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,3,10,15,100-102,210 switchport mode trunk ! interface Port-channel2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,3,10,15,100-102,210,222 switchport mode trunk ! interface FastEthernet1/0/1 switchport access vlan 2 switchport mode access spanning-tree portfast ! interface FastEthernet1/0/2 switchport access vlan 3 switchport mode access spanning-tree portfast ! interface FastEthernet1/0/3 switchport access vlan 10 switchport mode access spanning-tree portfast ! interface FastEthernet1/0/4 switchport access vlan 15 switchport mode access spanning-tree portfast ! interface FastEthernet1/0/5 switchport access vlan 100 switchport mode access spanning-tree portfast ! interface FastEthernet1/0/6 switchport access vlan 101 switchport mode access spanning-tree portfast ! interface FastEthernet1/0/7 switchport access vlan 102 switchport mode access spanning-tree portfast ! interface FastEthernet1/0/8 switchport access vlan 210 switchport mode access spanning-tree portfast ! interface GigabitEthernet1/0/1 description TO_LAN switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,3,10,15,100-102,210 switchport mode trunk channel-protocol lacp channel-group 1 mode active ! interface GigabitEthernet1/0/2 ! interface GigabitEthernet1/0/3 switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,3,10,15,100-102,210,222 switchport mode trunk channel-protocol lacp channel-group 2 mode active ! interface GigabitEthernet1/0/4 ! interface Vlan1 no ip address shutdown spanning-tree portfast ! interface Vlan2 ip address 192.168.2.2 255.255.255.0 ip helper-address 192.168.2.1 ! interface Vlan3 ip address 192.168.3.2 255.255.255.0 ip access-group 110 in ip helper-address 192.168.3.1 ! interface Vlan10 ip address 192.168.0.2 255.255.255.0 ip helper-address 192.168.0.1 ! interface Vlan11 ip address 192.168.11.2 255.255.255.0 ip helper-address 192.168.11.1 ! interface Vlan15 ip address 192.168.15.2 255.255.255.0 ip helper-address 192.168.15.1 ! interface Vlan100 ip address 192.168.100.2 255.255.255.0 ip helper-address 192.168.100.1 ! interface Vlan101 ip address 192.168.101.2 255.255.255.0 ip helper-address 192.168.101.1 ! interface Vlan102 ip address 192.168.102.2 255.255.255.0 ip helper-address 192.168.102.1 ! interface Vlan210 ip address 192.168.210.2 255.255.255.0 ! interface Vlan222 ip address 192.168.222.2 255.255.255.0 ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.222.1 no ip http server ip http secure-server ! ! access-list 110 deny ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 110 deny ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 110 deny ip 192.168.3.0 0.0.0.255 192.168.11.0 0.0.0.255 access-list 110 deny ip 192.168.3.0 0.0.0.255 192.168.15.0 0.0.0.255 access-list 110 deny ip 192.168.3.0 0.0.0.255 192.168.100.0 0.0.0.255 access-list 110 deny ip 192.168.3.0 0.0.0.255 192.168.101.0 0.0.0.255 access-list 110 deny ip 192.168.3.0 0.0.0.255 192.168.102.0 0.0.0.255 access-list 110 deny ip 192.168.3.0 0.0.0.255 192.168.210.0 0.0.0.255 access-list 110 permit ip any any no cdp run no cdp tlv location no cdp tlv app ! snmp-server community cisco RO snmp-server community cisco123 RW ! ! line con 0 line vty 0 4 login line vty 5 15 login ! end
Вотконфиг R1 Mikrotik: Код: # jan/06/2002 08:50:22 by RouterOS 6.38.5 # software id = DRDB-K9IQ # /interface bridge add name=br-VLAN0 add name=br-VLAN2 add name=br-VLAN3 add name=br-VLAN15 add name=br-VLAN100 add name=br-VLAN101 add name=br-VLAN102 add name=br-VLAN210 add name=br-VLAN222 /interface ethernet set [ find default-name=ether1 ] name=ether1-WAN1 set [ find default-name=ether2 ] name=ether2-WAN2 set [ find default-name=ether3 ] name=ether3-WAN3 set [ find default-name=ether4 ] name=ether4-WAN4 set [ find default-name=ether10 ] name=ether10-LAN set [ find default-name=ether11 ] name=ether11-LAN set [ find default-name=ether12 ] name=ether12-LAN set [ find default-name=ether13 ] name=ether13-LAN /interface l2tp-server add name=Germes-to-HQ user=Germes /ip neighbor discovery set ether1-WAN1 discover=no set ether2-WAN2 discover=no set ether3-WAN3 discover=no set ether4-WAN4 discover=no /interface bonding add mode=802.3ad name=Trunk-LAN slaves=\ ether13-LAN,ether12-LAN,ether11-LAN,ether10-LAN transmit-hash-policy=\ layer-2-and-3 /interface vlan add interface=Trunk-LAN name=VLAN0 vlan-id=10 add interface=Trunk-LAN name=VLAN2 vlan-id=2 add interface=Trunk-LAN name=VLAN3 vlan-id=3 add interface=Trunk-LAN name=VLAN15 vlan-id=15 add interface=Trunk-LAN name=VLAN100 vlan-id=100 add interface=Trunk-LAN name=VLAN101 vlan-id=101 add interface=Trunk-LAN name=VLAN102 vlan-id=102 add interface=Trunk-LAN name=VLAN210 vlan-id=210 add interface=Trunk-LAN name=VLAN222 vlan-id=222 /interface list add name=lst-WAN /ip pool add name=pool-VLAN0 ranges=192.168.0.50-192.168.0.250 add name=pool-VLAN2 ranges=192.168.2.50-192.168.2.250 add name=pool-VLAN3 ranges=192.168.3.50-192.168.3.250 add name=pool-VLAN15 ranges=192.168.15.50-192.168.15.250 add name=pool-VLAN100 ranges=192.168.100.50-192.168.100.250 add name=pool-VLAN101 ranges=192.168.101.50-192.168.101.250 add name=pool-VLAN102 ranges=192.168.102.50-192.168.102.250 /ip dhcp-server add address-pool=pool-VLAN0 disabled=no interface=br-VLAN0 name=DHCP-VLAN0 add address-pool=pool-VLAN2 disabled=no interface=br-VLAN2 name=DHCP-VLAN2 add address-pool=pool-VLAN3 disabled=no interface=br-VLAN3 name=DHCP-VLAN3 add address-pool=pool-VLAN15 disabled=no interface=br-VLAN15 name=DHCP-VLAN15 add address-pool=pool-VLAN100 disabled=no interface=br-VLAN100 name=\ DHCP-VLAN100 add address-pool=pool-VLAN101 disabled=no interface=br-VLAN101 name=\ DHCP-VLAN101 add address-pool=pool-VLAN102 disabled=no interface=br-VLAN102 name=\ DHCP-VLAN102 /ppp profile set *FFFFFFFE use-compression=yes use-upnp=yes /queue type
Код: add kind=pcq name=pcq-download-10M pcq-classifier=dst-address \ pcq-dst-address6-mask=64 pcq-rate=10M pcq-src-address6-mask=64 add kind=pcq name=pcq-upload-10M pcq-classifier=src-address \ pcq-dst-address6-mask=64 pcq-rate=10M pcq-src-address6-mask=64 /queue simple add max-limit=50M/50M name=GuestWiFi-limit-10M queue=\ pcq-upload-10M/pcq-download-10M target=192.168.3.0/24 /interface bridge port add bridge=br-VLAN0 interface=VLAN0 add bridge=br-VLAN2 interface=VLAN2 add bridge=br-VLAN3 interface=VLAN3 add bridge=br-VLAN15 interface=VLAN15 add bridge=br-VLAN100 interface=VLAN100 add bridge=br-VLAN101 interface=VLAN101 add bridge=br-VLAN102 interface=VLAN102 add bridge=br-VLAN210 interface=VLAN210 add bridge=br-VLAN222 interface=VLAN222 /interface l2tp-server server set authentication=mschap2 enabled=yes /interface list member add interface=ether1-WAN1 list=lst-WAN add interface=ether2-WAN2 list=lst-WAN add interface=ether3-WAN3 list=lst-WAN add interface=ether4-WAN4 list=lst-WAN /ip address add address=192.168.222.1/24 interface=br-VLAN222 network=192.168.222.0 add address=1.1.1.1 interface=ether1-WAN1 network=5.5.5.5 add address=2.2.2.2 interface=ether2-WAN2 network=5.5.5.5 add address=3.3.3.3 interface=ether3-WAN3 network=5.5.5.5 add address=4.4.4.4 interface=ether4-WAN4 network=5.5.5.5 add address=192.168.0.1/24 interface=br-VLAN0 network=192.168.0.0 add address=192.168.2.1/24 interface=br-VLAN2 network=192.168.2.0 add address=192.168.3.1/24 interface=br-VLAN3 network=192.168.3.0 add address=192.168.15.1/24 interface=br-VLAN15 network=192.168.15.0 add address=192.168.100.1/24 interface=br-VLAN100 network=192.168.100.0 add address=192.168.101.1/24 interface=br-VLAN101 network=192.168.101.0 add address=192.168.102.1/24 interface=br-VLAN102 network=192.168.102.0 add address=192.168.210.1/24 interface=br-VLAN210 network=192.168.210.0 /ip dhcp-server network add address=192.168.0.0/24 dns-server=\ 192.168.0.11,10.100.100.1,10.100.100.6,8.8.8.8 gateway=192.168.0.2 \ netmask=24 ntp-server=192.168.0.1 add address=192.168.2.0/24 dns-server=\ 192.168.0.11,10.100.100.1,10.100.100.6,8.8.8.8 gateway=192.168.2.2 \ netmask=24 ntp-server=192.168.2.1 add address=192.168.3.0/24 dns-server=\ 192.168.0.11,10.100.100.1,10.100.100.6,8.8.8.8 gateway=192.168.3.2 \ netmask=24 ntp-server=192.168.3.1 add address=192.168.15.0/24 dns-server=\ 192.168.0.11,10.100.100.1,10.100.100.6,8.8.8.8 gateway=192.168.15.2 \ netmask=24 ntp-server=192.168.15.1 add address=192.168.100.0/24 dns-server=\ 192.168.0.11,10.100.100.1,10.100.100.6,8.8.8.8 gateway=192.168.100.2 \ netmask=24 ntp-server=192.168.100.1 add address=192.168.101.0/24 dns-server=\ 192.168.0.11,10.100.100.1,10.100.100.6,8.8.8.8 gateway=192.168.101.2 \ netmask=24 ntp-server=192.168.101.1 add address=192.168.102.0/24 dns-server=\ 192.168.0.11,10.100.100.1,10.100.100.6,8.8.8.8 gateway=192.168.102.2 \ netmask=24 ntp-server=192.168.102.1 /ip dns set allow-remote-requests=yes servers=10.100.100.1,10.100.100.6 /ip firewall address-list add address=192.168.0.21 list=LiterAvto add address=192.168.0.22 list=LiterAvto add address=192.168.0.9 list=LiterAvto add address=192.168.0.50-192.168.0.250 list=IPAveryanov add address=192.168.2.0/24 list=IPAveryanov add address=192.168.3.0/24 list=IPAveryanov add address=192.168.102.0/24 list=IPAveryanov add address=192.168.0.23 list=IPAveryanov add address=192.168.0.24 list=IPAveryanov add address=192.168.0.25 list=AvtoSnabDetal add address=192.168.0.26 list=AvtoSnabDetal add address=192.168.0.27 list=AkkordAvto add address=192.168.0.71 list=AvtoSnabDetal add address=192.168.0.28 list=AkkordAvto add address=192.168.0.47 list=AkkordAvto add address=192.168.0.90 list=AkkordAvto add address=0.0.0.0/8 list=BOGON add address=10.0.0.0/8 list=BOGON add address=100.64.0.0/10 list=BOGON add address=127.0.0.0/8 list=BOGON add address=169.254.0.0/16 list=BOGON add address=172.16.0.0/12 list=BOGON add address=192.0.0.0/24 list=BOGON add address=192.0.2.0/24 list=BOGON add address=192.168.0.0/16 list=BOGON add address=198.18.0.0/15 list=BOGON add address=198.51.100.0/24 list=BOGON add address=203.0.113.0/24 list=BOGON add address=224.0.0.0/4 list=BOGON add address=240.0.0.0/4 list=BOGON /ip firewall filter add action=accept chain=input connection-state=new dst-port=8291 protocol=tcp add action=accept chain=input dst-port=1701 in-interface=ether1-WAN1 \ protocol=udp add action=drop chain=input comment="BOGON Drop" in-interface=ether1-WAN1 \ src-address-list=BOGON add action=drop chain=input comment="BOGON Drop" in-interface=ether4-WAN4 \ src-address-list=BOGON add action=drop chain=input comment="BOGON Drop" in-interface=ether3-WAN3 \ src-address-list=BOGON add action=drop chain=input comment="BOGON Drop" in-interface=ether2-WAN2 \ src-address-list=BOGON add action=accept chain=input protocol=icmp add action=accept chain=input connection-state=established,related add action=accept chain=forward connection-state=established,related add action=drop chain=input connection-state=invalid add action=drop chain=input connection-state=new in-interface=!Trunk-LAN /ip firewall mangle add action=mark-connection chain=prerouting new-connection-mark=con-WAN1 \ src-address-list=LiterAvto add action=mark-connection chain=prerouting new-connection-mark=con-WAN2 \ src-address-list=IPAveryanov add action=mark-connection chain=prerouting new-connection-mark=con-WAN3 \
Код: src-address-list=AvtoSnabDetal add action=mark-connection chain=prerouting new-connection-mark=con-WAN4 \ src-address-list=AkkordAvto add action=mark-routing chain=prerouting connection-mark=con-WAN1 \ in-interface-list=!lst-WAN new-routing-mark=WAN1 passthrough=yes \ src-address-list=LiterAvto add action=mark-routing chain=prerouting connection-mark=con-WAN2 \ in-interface-list=!lst-WAN new-routing-mark=WAN2 passthrough=yes \ src-address-list=IPAveryanov add action=mark-routing chain=prerouting connection-mark=con-WAN3 \ in-interface-list=!lst-WAN new-routing-mark=WAN3 passthrough=yes \ src-address-list=AvtoSnabDetal add action=mark-routing chain=prerouting connection-mark=con-WAN4 \ in-interface-list=!lst-WAN new-routing-mark=WAN4 passthrough=yes \ src-address-list=AkkordAvto /ip firewall nat add action=masquerade chain=srcnat comment="VPN Masquarading" out-interface=\ all-ppp add action=netmap chain=dstnat comment="to RDP 1C" dst-port=60086 \ in-interface=ether3-WAN3 protocol=tcp to-addresses=192.168.0.4 to-ports=\ 3389 add action=netmap chain=dstnat comment="to RDP Autodealer" dst-port=60087 \ in-interface=ether4-WAN4 protocol=tcp to-addresses=192.168.0.241 \ to-ports=3389 add action=netmap chain=dstnat comment="to SecurOS Mobile Client" dst-port=\ 7777 in-interface=ether2-WAN2 protocol=tcp to-addresses=192.168.102.10 \ to-ports=7777 add action=src-nat chain=srcnat out-interface=ether1-WAN1 to-addresses=\ 1.1.1.1 add action=src-nat chain=srcnat out-interface=ether2-WAN2 to-addresses=\ 2.2.2.2 add action=src-nat chain=srcnat out-interface=ether3-WAN3 to-addresses=\ 3.3.3.3 add action=src-nat chain=srcnat out-interface=ether4-WAN4 to-addresses=\ 4.4.4.4 /ip route add check-gateway=ping distance=1 gateway=5.5.5.5%ether1-WAN1 \ routing-mark=WAN1 add check-gateway=ping distance=1 gateway=5.5.5.5%ether2-WAN2 \ routing-mark=WAN2 add check-gateway=ping distance=1 gateway=5.5.5.5%ether3-WAN3 \ routing-mark=WAN3 add check-gateway=ping distance=1 gateway=5.5.5.5%ether4-WAN4 \ routing-mark=WAN4 add distance=1 gateway="5.5.5.5%ether2-WAN2,5.5.5.5%ether4-WAN4,\ 5.5.5.5%ether1-WAN1,5.5.5.5%ether3-WAN3" add distance=1 dst-address=192.168.32.0/24 gateway=172.16.30.2 pref-src=\ 172.16.30.1 /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set ssh disabled=yes set api disabled=yes set winbox address=192.168.0.0/24,192.168.222.0/24 set api-ssl disabled=yes /ppp secret add local-address=172.16.30.1 name=Germes password=XXXXXXXXXXXXXXX \ profile=default-encryption remote-address=172.16.30.2 service=l2tp /system clock set time-zone-autodetect=no time-zone-name=Asia/Yekaterinburg /system ntp client set enabled=yes primary-ntp=88.147.254.232 secondary-ntp=88.147.254.230 /system ntp server set enabled=yes
И вот конфиг R2 Mikrotik: Код: # nov/27/2018 10:48:00 by RouterOS 6.38.5 # software id = XTYC-NVP5 # /interface bridge add name=bridge1-lan /interface ethernet set [ find default-name=ether1 ] name=ether1-WAN set [ find default-name=ether5 ] name=ether5-LAN /interface l2tp-client add allow=mschap2 connect-to=1.1.1.1 disabled=no name=\ l2tp-Office_connection password=XXXXXXXXXXXX user=user1 add add-default-route=yes connect-to=10.255.255.138 default-route-distance=1 \ disabled=no mrru=1600 name=l2tp-out1 password=XXXXXXXX user=user0 /ip dhcp-client option add code=55 name=parameter_request_list value=0x01f90321062a /ip pool add name=dhcp_pool1 ranges=192.168.32.10-192.168.32.200 /ip dhcp-server add address-pool=dhcp_pool1 disabled=no interface=bridge1-lan name=dhcp1 /ppp profile add name=profile1 use-compression=no use-encryption=yes use-mpls=no set *FFFFFFFE use-compression=yes use-upnp=yes /tool user-manager customer set admin access=\ own-routers,own-users,own-profiles,own-limits,config-payment-gw /interface bridge port add bridge=bridge1-lan interface=ether2 add bridge=bridge1-lan interface=ether3 add bridge=bridge1-lan interface=ether4 add bridge=bridge1-lan interface=ether5-LAN add bridge=bridge1-lan interface=wlan1 /ip address add address=192.168.32.254/24 interface=bridge1-lan network=192.168.32.0 /ip dhcp-client add default-route-distance=10 dhcp-options=\ hostname,parameter_request_list,clientid disabled=no interface=ether1-WAN /ip dhcp-server lease add address=192.168.32.108 mac-address=90:2B:34:76:73:E7 server=dhcp1 add address=192.168.32.32 client-id=1:c:38:3e:4:c9:d5 mac-address=\ 0C:38:3E:04:C9:D5 server=dhcp1 add address=192.168.32.107 client-id=1:94:de:80:4a:70:5a mac-address=\ 94:DE:80:4A:70:5A server=dhcp1 /ip dhcp-server network add address=192.168.32.0/24 dns-server=\ 10.100.100.1,10.100.100.6,192.168.32.254 gateway=192.168.32.254 /ip firewall filter add action=accept chain=input protocol=icmp add action=accept chain=input dst-port=1701 protocol=udp add action=accept chain=input connection-state=established,related add action=accept chain=output connection-state=!invalid add action=accept chain=forward protocol=tcp add action=accept chain=forward protocol=udp add action=drop chain=input connection-state=invalid add action=drop chain=forward connection-state=invalid disabled=yes add action=drop chain=input disabled=yes /ip firewall nat add action=masquerade chain=srcnat out-interface=all-ppp add action=masquerade chain=srcnat out-interface=ether1-WAN src-address=\ 192.168.32.0/24 /ip route add distance=1 dst-address=10.100.100.0/24 gateway=10.255.255.145 add distance=1 dst-address=192.168.0.0/24 gateway=172.16.30.1 pref-src=\ 172.16.30.2 add disabled=yes distance=1 dst-address=192.168.0.0/24 gateway=l2tp-out1 add distance=1 dst-address=192.168.102.0/24 gateway=172.16.30.1 pref-src=\ 172.16.30.2 /ip service set telnet disabled=yes set ftp disabled=yes set www address=192.168.32.0/24 set ssh disabled=yes set api disabled=yes set winbox address=192.168.0.0/24,192.168.32.0/24 set api-ssl disabled=yes В общем "I need help", как правильно сделать, чтобы все друг друга видели. Заодно покритикуйте, конфиг R1 Mikrotik.