# ====================================================================== # OneISP Provisioning Script # Site: Test # Router IP: 10.10.0.2 # VPN IP: 10.8.0.2 # Generated: 2026-02-16 21:24:38 UTC # ====================================================================== # # INSTRUCTIONS: # 1. Upload this file to the router via WinBox Files or FTP # 2. Open Terminal and run: /import file-name=oneisp-test.rsc # OR paste the contents directly into a New Terminal window. # # WARNING: This will modify router configuration. Review before running. # ====================================================================== :log info "OneISP: Starting provisioning for Test..." # -- WireGuard VPN Tunnel -------------------------------------------------- :log info "OneISP: Configuring WireGuard VPN..." # Remove old WireGuard config :do { /interface wireguard remove [find name=wg-oneisp] } on-error={} # Create WireGuard interface /interface wireguard add name=wg-oneisp listen-port=51820 comment="OneISP Management VPN" # Display the generated public key :local wgPubKey [/interface wireguard get [find name=wg-oneisp] public-key] :put "" :put "========================================" :put "WireGuard Public Key (copy to OneISP):" :put $wgPubKey :put "========================================" :put "" # NOTE: Server public key not yet configured. # Add it manually once the VPN server peer is set up: # /interface wireguard peers add interface=wg-oneisp public-key="" endpoint-address=vpn.qserve-isp.net endpoint-port=51820 allowed-address=10.8.0.0/16 persistent-keepalive=25 comment="OneISP VPN Server" # Assign VPN IP address :do { /ip address remove [find interface=wg-oneisp] } on-error={} /ip address add address=10.8.0.2/16 interface=wg-oneisp comment="OneISP VPN" :log info "OneISP: WireGuard VPN configured." # -- RADIUS Client Configuration ------------------------------------------- :log info "OneISP: Configuring RADIUS..." # Remove old RADIUS config :do { /radius remove [find comment="OneISP RADIUS"] } on-error={} # Store secret in variable to avoid paste issues :local radiusSecret "8ee997592719cbf45f433188b476d319" # Add RADIUS server (reachable via WireGuard tunnel at 10.8.0.1) /radius add address=10.8.0.1 secret=$radiusSecret service=hotspot,ppp src-address=10.8.0.2 timeout=3s comment="OneISP RADIUS" # Incoming (CoA / Disconnect-Request) :do { /radius incoming set accept=yes port=3799 } on-error={} :log info "OneISP: RADIUS configured." # -- Hotspot Server Configuration ------------------------------------------ :log info "OneISP: Configuring Hotspot..." # Create bridge if it does not exist :do { /interface bridge add name=OI_BRIDGE comment="OneISP Hotspot Bridge" } on-error={ :log info "OneISP: Bridge OI_BRIDGE exists" } # IP pool :do { /ip pool remove [find name=oneisp-hotspot-pool] } on-error={} /ip pool add name=oneisp-hotspot-pool ranges=10.251.0.2-10.251.255.254 comment="OneISP Hotspot Pool" # Gateway IP on bridge :do { /ip address remove [find comment="OneISP Hotspot Gateway"] } on-error={} /ip address add address=10.251.0.1/16 interface=OI_BRIDGE comment="OneISP Hotspot Gateway" # DHCP server for hotspot clients :do { /ip dhcp-server remove [find name=oneisp-dhcp] } on-error={} /ip dhcp-server add name=oneisp-dhcp interface=OI_BRIDGE address-pool=oneisp-hotspot-pool lease-time=1h comment="OneISP DHCP" :do { /ip dhcp-server network remove [find comment="OneISP DHCP Net"] } on-error={} /ip dhcp-server network add address=10.251.0.0/16 gateway=10.251.0.1 dns-server=10.251.0.1 comment="OneISP DHCP Net" # Hotspot profile (RADIUS-backed) :do { /ip hotspot profile remove [find name=oneisp-profile] } on-error={} /ip hotspot profile add name=oneisp-profile hotspot-address=10.251.0.1 dns-name=login.hs use-radius=yes radius-interim-update=1m login-by=http-chap,http-pap,cookie http-cookie-lifetime=1d html-directory=hotspot # Hotspot server :do { /ip hotspot remove [find name=oneisp-hotspot] } on-error={} /ip hotspot add name=oneisp-hotspot interface=OI_BRIDGE address-pool=oneisp-hotspot-pool profile=oneisp-profile # Walled garden (captive portal and API access) :do { /ip hotspot walled-garden ip remove [find comment~"OneISP"] } on-error={} /ip hotspot walled-garden ip add dst-host=captive.qserve-isp.net action=accept comment="OneISP Captive Portal" /ip hotspot walled-garden ip add dst-host=app.qserve-isp.net action=accept comment="OneISP API" :log info "OneISP: Hotspot configured." # -- PPPoE Server Configuration -------------------------------------------- :log info "OneISP: Configuring PPPoE server..." # PPPoE address pool :do { /ip pool remove [find name=oneisp-pppoe-pool] } on-error={} /ip pool add name=oneisp-pppoe-pool ranges=10.252.0.2-10.252.255.254 comment="OneISP PPPoE Pool" # PPP profile (RADIUS-driven, no local rate limit) :do { /ppp profile remove [find name=oneisp-pppoe-profile] } on-error={} /ppp profile add name=oneisp-pppoe-profile local-address=10.252.0.1 remote-address=oneisp-pppoe-pool dns-server=8.8.8.8,1.1.1.1 use-encryption=yes comment="OneISP PPPoE" # PPPoE server :do { /interface pppoe-server server remove [find comment~"OneISP"] } on-error={} /interface pppoe-server server add service-name=OneISP-PPPoE interface=OI_BRIDGE default-profile=oneisp-pppoe-profile authentication=pap,chap,mschap2 one-session-per-host=yes comment="OneISP PPPoE Server" # Enable RADIUS for PPP /ppp aaa set use-radius=yes accounting=yes interim-update=1m :log info "OneISP: PPPoE server configured." # -- User Profiles (from assigned packages) -------------------------------- :log info "OneISP: Creating user profiles from packages..." # No packages assigned to this site yet. Assign packages in the dashboard # and re-download the script to auto-generate speed profiles. # -- Firewall Rules -------------------------------------------------------- :log info "OneISP: Configuring firewall rules..." # Clear old OneISP rules :do { /ip firewall filter remove [find comment~"OneISP"] } on-error={} :do { /ip firewall nat remove [find comment~"OneISP"] } on-error={} # Allow WireGuard UDP /ip firewall filter add chain=input protocol=udp dst-port=51820 action=accept comment="OneISP: Allow WireGuard" # Allow VPN tunnel traffic /ip firewall filter add chain=input in-interface=wg-oneisp action=accept comment="OneISP: Allow VPN input" /ip firewall filter add chain=forward in-interface=wg-oneisp action=accept comment="OneISP: Allow VPN forward" # NAT via VPN tunnel /ip firewall nat add chain=srcnat out-interface=wg-oneisp action=masquerade comment="OneISP: NAT via VPN" # NAT for hotspot clients /ip firewall nat add chain=srcnat src-address=10.251.0.0/16 action=masquerade comment="OneISP: NAT hotspot clients" # NAT for PPPoE clients /ip firewall nat add chain=srcnat src-address=10.252.0.0/16 action=masquerade comment="OneISP: NAT PPPoE clients" :log info "OneISP: Firewall rules configured." # -- System Settings ------------------------------------------------------- :log info "OneISP: Configuring system..." # Router identity /system identity set name="OneISP-test" # NTP :do { /system ntp client set enabled=yes } on-error={} :do { /system ntp client servers add address=pool.ntp.org } on-error={} # DNS /ip dns set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1 :log info "OneISP: System configured." # ====================================================================== # Provisioning Complete! # ====================================================================== :log info "OneISP: Provisioning complete for Test!" :put "" :put "========================================" :put " OneISP Provisioning Complete!" :put " Site: Test" :put " Router IP: 10.10.0.2" :put " VPN IP: 10.8.0.2" :put "========================================" :put "" :put "Next steps:" :put "1. Copy the WireGuard public key shown above" :put "2. Paste it in the OneISP dashboard for this site" :put "3. Ensure VPN server has this peer configured" :put "4. Test: /ping 10.8.0.1" :put ""