system set net.ipv4.ip_forward 1 set net.ipv4.tcp_fin_timeout 30 set net.ipv4.tcp_keepalive_time 120 set net.ipv4.neigh.default.gc_thresh1 256 set net.ipv4.neigh.default.gc_thresh2 1024 set net.ipv4.neigh.default.gc_thresh3 2048 set net.ipv6.neigh.default.gc_thresh1 256 set net.ipv6.neigh.default.gc_thresh2 1024 set net.ipv6.neigh.default.gc_thresh3 2048 set net.netfilter.nf_conntrack_tcp_timeout_established 1200 set net.netfilter.nf_conntrack_max 16384 set vm.swappiness 60 set vm.overcommit_memory 0 set vm.vfs_cache_pressure 1000 set net.ipv6.conf.all.forwarding 1 clock timezone Europe/Moscow clock date 30 Aug 2017 23:00:03 domainname WORKGROUP hostname Keenetic_Giga ! ntp server 0.pool.ntp.org ntp server 1.pool.ntp.org ntp server 2.pool.ntp.org ntp server 3.pool.ntp.org access-list _WEBADMIN_ISP permit tcp 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 permit icmp 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 ! access-list _WEBADMIN_OpenVPN0 permit icmp 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 ! isolate-private user admin password nt 31d6cfe0d16ae931b73c59d7e0c089c0 tag cli tag http tag ftp tag cifs tag printers ! dyndns profile _WEBADMIN ! interface GigabitEthernet0 up ! interface GigabitEthernet0/1 rename 1 switchport mode access switchport access vlan 1 up ! interface GigabitEthernet0/2 rename 2 switchport mode access switchport access vlan 1 up ! interface GigabitEthernet0/3 rename 3 switchport mode access switchport access vlan 1 up ! interface GigabitEthernet0/4 rename 4 switchport mode access switchport access vlan 1 up ! interface GigabitEthernet0/Vlan1 description "Home VLAN" security-level private ip dhcp client dns-routes ip dhcp client name-servers up ! interface GigabitEthernet0/Vlan2 rename ISP description "Broadband connection" mac address factory wan security-level public ip address 172.16.130.88 255.255.255.0 ip dhcp client dns-routes ip dhcp client name-servers ip mtu 1500 ip access-group _WEBADMIN_ISP in ip global 700 igmp upstream up ! interface GigabitEthernet0/0 rename 0 role inet for ISP switchport mode access switchport access vlan 2 up ! interface GigabitEthernet0/Vlan3 description "Guest VLAN" security-level protected ip dhcp client dns-routes ip dhcp client name-servers up ! interface WifiMaster0 country-code RU compatibility BGN channel width 40-below up ! interface WifiMaster0/AccessPoint0 rename AccessPoint description "Wi-Fi access point" mac access-list type none security-level private authentication wpa-psk ns3 RVmmtR+uu3I84p3q2WkFN0XX encryption enable encryption wpa2 ip dhcp client dns-routes ip dhcp client name-servers ssid Keenetic-5410 wmm up ! interface WifiMaster0/AccessPoint1 rename GuestWiFi description "Guest access point" mac access-list type none security-level private ip dhcp client dns-routes ip dhcp client name-servers ssid Guest wmm down ! interface WifiMaster0/AccessPoint2 mac access-list type none security-level private ip dhcp client dns-routes ip dhcp client name-servers down ! interface WifiMaster0/AccessPoint3 mac access-list type none security-level private ip dhcp client dns-routes ip dhcp client name-servers down ! interface WifiMaster0/WifiStation0 security-level public encryption disable ip dhcp client dns-routes ip dhcp client name-servers down ! interface UsbDsl0 description "Keenetic Plus DSL" security-level public ip dhcp client dns-routes ip dhcp client name-servers operating-mode adsl2+ annex a vdsl profile 8a vdsl profile 8b vdsl profile 8c vdsl profile 8d vdsl profile 12a vdsl profile 12b vdsl profile 17a vdsl profile 30a vdsl psdmask A_R_POTS_D-32_EU-32 up ! interface Bridge0 rename Home description "Home VLAN" inherit GigabitEthernet0/Vlan1 include AccessPoint security-level private ip dhcp client dns-routes ip dhcp client name-servers igmp downstream up ! interface Bridge1 rename Guest description "Guest VLAN" traffic-shape rate 5120 inherit GigabitEthernet0/Vlan3 include GuestWiFi security-level protected ip dhcp client dns-routes ip dhcp client name-servers up ! interface OpenVPN0 description srv1 security-level public ip dhcp client dns-routes ip dhcp client name-servers ip access-group _WEBADMIN_OpenVPN0 in ip global 350 ip tcp adjust-mss pmtu openvpn accept-routes openvpn connect via ISP up ! interface Chilli0 description "Home VLAN" security-level private ip address 192.168.1.1 255.255.255.0 ip dhcp client dns-routes ip dhcp client name-servers chilli dhcpif Bridge0 chilli uamallowed 172.16.255.1 chilli uamserver http://172.16.255.1/cp/keenetic chilli uamsecret ns3 fR4sK6Q136AXwUcgaTmRGptQ chilli radius 172.16.255.1 chilli radiussecret ns3 rptLQeYGBFwcZbky9n6VJ/gq chilli radiuslocationname 5 chilli radiuslocationid "" chilli dns 8.8.4.4 8.8.8.8 chilli nasip 172.16.255.6 up ! ip route default 172.16.130.1 ISP ip dhcp pool _WEBADMIN enable ! ip dhcp pool _WEBADMIN_GUEST_AP bind Guest enable ! ip dhcp pool _WEBADMIN_HOME default-router 192.168.1.1 dns-server 77.241.144.5 8.8.8.8 lease 25200 bind Home enable ! ip name-server 77.241.144.5 "" on ISP ip name-server 8.8.8.8 "" on ISP ip http security-level private ip http lockout-policy 5 15 3 ip nat vpn ip telnet security-level private lockout-policy 5 15 3 ! ip ftp security-level private ! ipv6 subnet Default bind Home number 0 mode slaac ! ipv6 firewall no ppe software no ppe hardware upnp lan Home crypto engine hardware crypto ipsec mtu auto vpn-server multi-login lcp echo 30 3 ! service dhcp service dns-proxy service igmp-proxy service http service cifs service telnet service ntp-client service upnp cifs automount permissive ! dlna interface Home ! !