PPTP Help

Hi everyone,

Please could someone help me. I have looked all over the internet and cannot figure it out. I am very new to MikroTik. I have PPTP servers set up on my MikroTik, clients are connected but not able to access anything on those networks. I cannot even winbox in although I can ping the other MikroTik’s IP addresses. Below is my export of my firewall. Please advise if this is where the problem is and if it is please may you help me sort it:

I have two WAN’s, Ether 1 & Ether 2. Ether 1 is a PPPoE connection which all of my PPTP tunnels are connecting through.

/ip firewall filter
add action=drop chain=input dst-port=53 in-interface="Ether 1" protocol=udp
add action=drop chain=input dst-port=53 in-interface="Ether 1" protocol=tcp
add action=drop chain=input dst-port=53 in-interface="Ether 2" protocol=udp
add action=drop chain=input dst-port=53 in-interface="Ether 2" protocol=tcp
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=GroupA passthrough=no src-address-list=GrpA
add action=mark-routing chain=prerouting new-routing-mark=GroupB passthrough=no src-address-list=GrpB
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.16.0/24
add action=masquerade chain=srcnat log=yes out-interface=all-ppp

Hello,

have you set arp=proxy-arp on the LAN interface?

Without seeing the entire configuration, it’s possible your MASQUERADE rules are what is causing the problem:

/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.16.0/24
add action=masquerade chain=srcnat log=yes out-interface=all-ppp

Additionally, like the first reply indicates Proxy-ARP could be required. This is only true if you have overlapping address space for PPTP connection.

Lastly, why PPTP? It’s not considered secure anymore and has been dropped from some client operating systems.

Thank you for your responses! I still cannot figure it out and it’s driving me crazy. It worked absolutely fine until I bridged our fiber modem so it just acts as a fiber converter now. It worked 100% before so all that changed really is that my MikroTik is now doing the authentication on our PPoE connection.

Interesting about the PPTP. Only reason I use it is because the person who taught me what I know about Mikrotik uses PPTP and so I just did the same. What would you suggest is the best tunnel to use and would changing to this kind of tunnel resolve my issue?

TIA

What’s your use case for PPTP? Are you building site-to-site VPNs? Are you using it for clients like laptops or phones to access office resources while they are away?

What is the “all-ppp” interface? If ether1 is your PPPoE connection and is not all-ppp then that is likely the cause of the failure. Is it possible for you to post:

/export hide-sensitive

This will allow us to see the whole configuration and find out what’s going on.

Good day,

Thank you for your response! Okay, so I’m using PPTP to connect my customers network to my own network so when they have an issue on their network I can log in to devices on their networks as well as when I’m at home I need to be able to access things on my own work network.

I notice my PPPoE connection adds a mangle rule called “change MSS” on both in and out interfaces on “all ppp” too, could this be a problem at all?

Below is my full config export. Your help really is appreciated!

/interface ethernet
set [ find default-name=ether1 ] mac-address=4C:5E:0C:99:A4:F2 name="Ether 1 - ZOL"
set [ find default-name=ether2 ] mac-address=4C:5E:0C:99:A4:F3 name="Ether 2 - Utande"
set [ find default-name=ether3 ] arp=proxy-arp mac-address=4C:5E:0C:99:A4:F4 name=\
    "Ether 3 - LAN (Quickbooks)" speed=1Gbps
set [ find default-name=ether4 ] mac-address=4C:5E:0C:99:A4:F5 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 4 - MyPBX"
set [ find default-name=ether5 ] mac-address=4C:5E:0C:99:A4:F6 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 5 - Spare" speed=1Gbps
set [ find default-name=ether6 ] mac-address=4C:5E:0C:99:A4:F7 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 6 - Michelle"
set [ find default-name=ether7 ] mac-address=4C:5E:0C:99:A4:F8 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 7 - Terry"
set [ find default-name=ether8 ] mac-address=4C:5E:0C:99:A4:F9 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 8 - Aidan"
set [ find default-name=ether9 ] mac-address=4C:5E:0C:99:A4:FA master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 9 - Workshop"
set [ find default-name=ether10 ] mac-address=4C:5E:0C:99:A4:FB master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 10 - Cathrine"
set [ find default-name=ether11 ] mac-address=4C:5E:0C:99:A4:FC master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 11 - Kudzai"
set [ find default-name=ether12 ] mac-address=4C:5E:0C:99:A4:FD master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 12 - Cottage"
set [ find default-name=ether13 ] mac-address=4C:5E:0C:99:A4:FE master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 13 - Aidan NAS" speed=1Gbps
set [ find default-name=ether14 ] mac-address=4C:5E:0C:99:A4:FF master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 14 - Micro Man NAS" speed=1Gbps
set [ find default-name=ether15 ] mac-address=4C:5E:0C:99:A5:00 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 15 - Dustin's Gigabit Switch" speed=10Gbps
set [ find default-name=ether16 ] mac-address=4C:5E:0C:99:A5:01 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 16 - Ceiling AP"
set [ find default-name=ether17 ] mac-address=4C:5E:0C:99:A5:02 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 17 - Network Printer"
set [ find default-name=ether18 ] mac-address=4C:5E:0C:99:A5:03 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 18 - NVR"
set [ find default-name=ether19 ] mac-address=4C:5E:0C:99:A5:04 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 19 - Reception Camera"
set [ find default-name=ether20 ] mac-address=4C:5E:0C:99:A5:05 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 20 - Entrance Camera"
set [ find default-name=ether21 ] mac-address=4C:5E:0C:99:A5:06 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 21 - Spare"
set [ find default-name=ether22 ] mac-address=4C:5E:0C:99:A5:07 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 22 - Spare"
set [ find default-name=ether23 ] mac-address=4C:5E:0C:99:A5:08 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 23 - Spare"
set [ find default-name=ether24 ] mac-address=4C:5E:0C:99:A5:09 name="Ether 24 - Spare"
set [ find default-name=sfp1 ] mac-address=4C:5E:0C:99:A5:0A
/interface pptp-server
add name="Anglican Church" user=anglican-church
add name="Dicomm McCann" user=dicomm
add name="Dustin Laptop" user=dustin-laptop
add name="Dustin Residence" user=dustin
add name="Hogg Residence" user=microman
add name="IT Direct RSA" user=bbvpn4
add name="Kennan Properties Kensington" user=kennan
add name="Life Haven Mt Hampden" user=life-haven-mt-hampden
/ip pool
add name=dhcp_pool1 ranges=192.168.16.100-192.168.16.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface="Ether 3 - LAN (Quickbooks)" lease-time=3d name=dhcp1
/ppp profile
add change-tcp-mss=yes name=ZOL use-encryption=yes
add dns-server=8.8.8.8,8.8.4.4 local-address=192.168.16.9 name="Dustin's Laptop" remote-address=\
    192.168.16.10
/interface pppoe-client
add add-default-route=yes disabled=no interface="Ether 1 - ZOL" name="ZOL PPPoE" profile=ZOL user=\
    microman@liquidtelecom.net
/queue simple
add burst-limit=768k/768k burst-threshold=512k/512k burst-time=10s/10s max-limit=384k/384k name=\
    "Kudzai's Desktop" target=192.168.16.244/32
add burst-limit=2M/2M burst-threshold=768k/768k burst-time=20s/20s max-limit=384k/384k name=\
    "Cathrine's Desktop" target=192.168.16.234/32
add burst-limit=1500k/1500k burst-threshold=768k/768k burst-time=10s/10s max-limit=384k/384k name=\
    "Cathy Brennan's Laptop" target=192.168.16.227/32
add burst-limit=2M/2M burst-threshold=768k/768k burst-time=20s/20s max-limit=384k/384k name=\
    "Matthew's Desktop" target=192.168.16.238/32,192.168.16.239/32
add burst-limit=2M/2M burst-threshold=768k/768k burst-time=20s/20s max-limit=384k/384k name="Joe's Desktop" \
    target=192.168.16.241/32
add max-limit=256k/256k name="Android TV Box" target=192.168.16.220/32
add burst-limit=2M/2M burst-threshold=768k/768k burst-time=20s/20s max-limit=384k/384k name=\
    "Edmore's Desktop" target=192.168.16.233/32
add burst-limit=1500k/1500k burst-threshold=768k/768k burst-time=10s/10s max-limit=384k/384k name=\
    "Terry's Laptop" target=192.168.16.237/32
add burst-limit=1M/1M burst-threshold=384k/384k burst-time=10s/10s max-limit=256k/256k name=\
    "Ian Brown's Laptop" target=192.168.16.222/32
add burst-limit=1500k/1500k burst-threshold=1M/1M burst-time=12s/12s max-limit=512k/512k name=\
    "Aidan's Laptop" priority=1/1 target=192.168.16.229/32
add burst-limit=2M/2M burst-threshold=512k/512k burst-time=20s/20s max-limit=384k/384k name="Aidan's Vivo" \
    priority=1/1 target=192.168.16.221/32
add burst-limit=2M/2M burst-threshold=768k/768k burst-time=20s/20s max-limit=384k/384k name=\
    "Michelle's Laptop 1" priority=2/2 target=192.168.16.247/32,192.168.16.248/32
add burst-limit=2M/2M burst-threshold=768k/768k burst-time=20s/20s max-limit=384k/384k name=\
    "Michelle's Laptop 2" priority=2/2 target=192.168.16.240/32
add burst-limit=1500k/1500k burst-threshold=768k/768k burst-time=10s/10s max-limit=384k/384k name=\
    "Raspberry Pi" priority=2/2 target=192.168.16.210/32
add burst-limit=2M/2M burst-threshold=768k/768k burst-time=20s/20s max-limit=512k/512k name=\
    "Dustin's Laptop" priority=1/1 target=192.168.16.245/32,192.168.16.246/32
add burst-limit=1M/1M burst-threshold=512k/512k burst-time=10s/10s max-limit=384k/384k name="Alex's Laptop" \
    priority=1/1 target=192.168.16.218/32
add burst-limit=3M/3M burst-threshold=1500k/1500k burst-time=20s/20s max-limit=1M/1M name=\
    "Dustin's Desktop" priority=1/1 target=192.168.16.249/32
add burst-limit=3M/3M burst-threshold=1500k/1500k burst-time=20s/20s max-limit=1M/1M name=MyPBX priority=\
    1/1 target=192.168.16.3/32
add burst-limit=1500k/1500k burst-threshold=768k/768k burst-time=10s/10s max-limit=384k/384k name=\
    "Front Office Spare Desktop" priority=1/1 target=192.168.16.214/32
add max-limit=1G/1G name="UniFi Ceiling AP" priority=1/1 target=192.168.16.215/32
add burst-limit=512k/512k burst-threshold=384k/384k burst-time=11s/11s max-limit=256k/256k name=\
    "Dustin's Phone" priority=1/1 target=192.168.16.236/32
add burst-limit=512k/512k burst-threshold=384k/384k burst-time=11s/11s max-limit=256k/256k name=\
    "Aidan's iPhone New" priority=1/1 target=192.168.16.217/32
add burst-limit=512k/512k burst-threshold=384k/384k burst-time=11s/11s max-limit=256k/256k name=\
    "Michelle's iPhone 7" priority=1/1 target=192.168.16.213/32
add burst-limit=128k/128k burst-threshold=100k/100k burst-time=11s/11s max-limit=32k/32k name=\
    "Cathrine's Phone" target=192.168.16.230/32
add burst-limit=128k/128k burst-threshold=100k/100k burst-time=11s/11s max-limit=32k/32k name=\
    "Kudzai's Phone" target=192.168.16.209/32
add burst-limit=128k/128k burst-threshold=100k/100k burst-time=11s/11s max-limit=32k/32k name=\
    "Ian Brown's Phone" target=192.168.16.211/32
add burst-limit=128k/128k burst-threshold=64k/64k burst-time=11s/11s max-limit=32k/32k name=\
    "Matthew's Phone" target=192.168.16.231/32
add burst-limit=128k/128k burst-threshold=100k/100k burst-time=11s/11s max-limit=32k/32k name=\
    "Edmore's Phone" target=192.168.16.228/32
add burst-limit=128k/128k burst-threshold=100k/100k burst-time=11s/11s max-limit=32k/32k name=\
    "Stanley's Phone" target=192.168.16.232/32
add burst-limit=128k/128k burst-threshold=100k/100k burst-time=11s/11s max-limit=32k/32k name="Joe's Phone" \
    target=192.168.16.216/32
add burst-limit=128k/128k burst-threshold=64k/64k burst-time=11s/11s max-limit=32k/32k name="Joe's Tablet" \
    target=192.168.16.225/32
add burst-limit=512k/512k burst-threshold=384k/384k burst-time=11s/11s max-limit=256k/256k name=\
    "Aidan's iPhone" priority=1/1 target=192.168.16.242/32,192.168.16.243/32
add burst-limit=512k/512k burst-threshold=384k/384k burst-time=11s/11s max-limit=256k/256k name=\
    "Aidan's Tablet" priority=1/1 target=192.168.16.219/32
add burst-limit=512k/512k burst-threshold=384k/384k burst-time=11s/11s max-limit=256k/256k name=\
    "Michelle's iPhone" priority=2/2 target=192.168.16.235/32
add burst-limit=512k/512k burst-threshold=384k/384k burst-time=8s/8s max-limit=256k/256k name=\
    "Display Products" target=192.168.16.223/32,192.168.16.224/32
add max-limit=1M/1M name="Aidan's Bose Radio" target=192.168.16.226/32
add max-limit=1M/1M name="Spare IP's Parent" target=192.168.16.150/32,192.168.16.151/32,192.168.16.152/32
add max-limit=100M/100M name="VoIP Phones" target="192.168.16.101/32,192.168.16.102/32,192.168.16.103/32,192\
    .168.16.104/32,192.168.16.105/32,192.168.16.106/32,192.168.16.107/32,192.168.16.108/32"
add max-limit=100M/100M name="Spare IP 1" parent="Spare IP's Parent" target=192.168.16.150/32
add max-limit=100M/100M name="Cathrine's VoIP Phone" parent="VoIP Phones" target=192.168.16.101/32
add max-limit=100M/100M name="Jo's VoIP Phone" parent="VoIP Phones" target=192.168.16.108/32
add max-limit=100M/100M name="Spare IP 2" parent="Spare IP's Parent" target=192.168.16.151/32
add max-limit=256k/512k name="Spare IP 3" parent="Spare IP's Parent" target=192.168.16.152/32
add max-limit=100M/100M name="Spare IP 4" parent="Spare IP's Parent" target=192.168.16.153/32
add max-limit=100M/100M name="Michelle's VoIP Phone" parent="VoIP Phones" target=192.168.16.102/32
add max-limit=100M/100M name="Kudzai's VoIP Phone" parent="VoIP Phones" target=192.168.16.103/32
add max-limit=100M/100M name="Aidan's VoIP Phone" parent="VoIP Phones" target=192.168.16.104/32
add max-limit=100M/100M name="Terry's VoIP Phone" parent="VoIP Phones" target=192.168.16.105/32
add max-limit=100M/100M name="Dustin's VoIP Phone" parent="VoIP Phones" target=192.168.16.106/32
add max-limit=100M/100M name="Matthew's VoIP Phone" parent="VoIP Phones" target=192.168.16.107/32
add max-limit=1G/1G name="Micro Man NAS" priority=1/1 queue=ethernet-default/ethernet-default target=\
    192.168.16.145/32
add max-limit=1G/1G name="Micro Man Server" priority=1/1 queue=ethernet-default/ethernet-default target=\
    192.168.16.5/32
add max-limit=1G/1G name="Aidan's NAS" priority=1/1 queue=ethernet-default/ethernet-default target=\
    192.168.16.6/32
/interface ethernet switch port
set 0 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 1 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 2 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 3 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 4 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 5 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 6 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 7 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 8 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 9 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 10 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 11 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 12 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 13 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 14 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 15 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 16 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 17 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 18 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 19 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 20 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 21 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32\
    ,wrr-group0:64,wrr-group0:128"
set 22 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32\
    ,wrr-group0:64,wrr-group0:128"
set 23 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32\
    ,wrr-group0:64,wrr-group0:128"
set 24 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32\
    ,wrr-group0:64,wrr-group0:128"
set 25 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32\
    ,wrr-group0:64,wrr-group0:128"
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.16.1/24 interface="Ether 3 - LAN (Quickbooks)" network=192.168.16.0
add address=196.29.xxx.xxx/30 interface="Ether 2 - Utande" network=196.29.xxx.xxx
/ip dhcp-server lease
add address=192.168.16.248 client-id=1:c8:60:0:38:21:50 comment="Michelle's Laptop LAN" mac-address=\
    C8:60:00:38:21:50 server=dhcp1
add address=192.168.16.244 client-id=1:bc:ee:7b:9b:ab:8c comment="Kudzai's Desktop" mac-address=\
    BC:EE:7B:9B:AB:8C server=dhcp1
add address=192.168.16.239 client-id=1:74:d0:2b:e:6b:f2 comment="Matthew's Desktop 2" mac-address=\
    74:D0:2B:0E:6B:F2 server=dhcp1
add address=192.168.16.254 client-id=1:4:18:d6:23:21:64 comment="UniFi Reception Camera" mac-address=\
    04:18:D6:23:21:64 server=dhcp1
add address=192.168.16.233 always-broadcast=yes client-id=1:0:e0:4c:2:d0:4f comment="Edmore's PC" \
    mac-address=00:E0:4C:02:D0:4F server=dhcp1
add address=192.168.16.243 always-broadcast=yes client-id=1:6c:40:8:4e:7d:42 comment="Aidan's iPhone" \
    mac-address=6C:40:08:4E:7D:42 server=dhcp1
add address=192.168.16.253 client-id=1:4:18:d6:23:1f:ac comment="UniFi Workshop Camera" mac-address=\
    04:18:D6:23:1F:AC server=dhcp1
add address=192.168.16.237 client-id=1:0:1f:c6:7b:5:55 comment="Terry's Laptop" mac-address=\
    00:1F:C6:7B:05:55 server=dhcp1
add address=192.168.16.241 always-broadcast=yes client-id=1:40:16:7e:13:2d:e8 comment="Joe's Desktop" \
    mac-address=40:16:7E:13:2D:E8 server=dhcp1
add address=192.168.16.145 comment="Micro Man NAS" mac-address=10:BF:48:8A:6C:BB server=dhcp1
add address=192.168.16.251 client-id=1:4:18:d6:a1:87:f5 comment="UniFi Entrance Camera" mac-address=\
    04:18:D6:A1:87:F5 server=dhcp1
add address=192.168.16.252 client-id=1:4:18:d6:a1:84:3 comment="UniFi Parking Camera" mac-address=\
    04:18:D6:A1:84:03 server=dhcp1
add address=192.168.16.234 client-id=1:40:16:7e:2a:49:aa comment="Cathrine's PC" mac-address=\
    40:16:7E:2A:49:AA server=dhcp1
add address=192.168.16.247 client-id=1:0:8:ca:cb:9c:4 comment="Michelle's Laptop WLAN" mac-address=\
    00:08:CA:CB:9C:04 server=dhcp1
add address=192.168.16.246 client-id=1:e0:b9:a5:fe:9a:cd comment="Dustin's Laptop WLAN" mac-address=\
    E0:B9:A5:FE:9A:CD server=dhcp1
add address=192.168.16.6 comment="Aidan's NAS" mac-address=10:BF:48:8B:11:A8 server=dhcp1
add address=192.168.16.245 client-id=1:1c:b7:2c:2b:4c:89 comment="Dustin's Laptop LAN" mac-address=\
    1C:B7:2C:2B:4C:89 server=dhcp1
add address=192.168.16.235 always-broadcast=yes client-id=1:dc:86:d8:dd:89:b comment="Michelle's iPhone" \
    mac-address=DC:86:D8:DD:89:0B server=dhcp1
add address=192.168.16.242 client-id=1:70:e7:2c:bd:dd:7c comment="Aidan's iPhone" mac-address=\
    70:E7:2C:BD:DD:7C server=dhcp1
add address=192.168.16.240 client-id=1:e0:b9:a5:86:7b:2a comment="Michelle's Laptop 3" mac-address=\
    E0:B9:A5:86:7B:2A server=dhcp1
add address=192.168.16.238 client-id=1:2c:d0:5a:b0:5b:35 comment="Matthew's Desktop 1" mac-address=\
    2C:D0:5A:B0:5B:35 server=dhcp1
add address=192.168.16.102 client-id=1:0:a8:59:d2:fe:54 comment="Michelle's VoIP Phone" mac-address=\
    00:A8:59:D2:FE:54 server=dhcp1
add address=192.168.16.103 client-id=1:0:a8:59:d2:fe:64 comment="Kudzai's VoIP Phone" mac-address=\
    00:A8:59:D2:FE:64 server=dhcp1
add address=192.168.16.105 client-id=1:0:a8:59:d2:fe:5a comment="Terry VoIP Phone" mac-address=\
    00:A8:59:D2:FE:5A server=dhcp1
add address=192.168.16.231 comment="Matthew's Phone" mac-address=A4:71:74:DC:DD:68 server=dhcp1
add address=192.168.16.215 client-id=1:4:18:d6:a:4d:ee comment="UniFi Ceiling AP" mac-address=\
    04:18:D6:0A:4D:EE server=dhcp1
add address=192.168.16.226 client-id=1:0:c:8a:cf:42:ac comment="Aidan's Bose Radio" mac-address=\
    00:0C:8A:CF:42:AC server=dhcp1
add address=192.168.16.223 client-id=1:74:c6:3b:11:5c:1d comment="Demo Product 1" mac-address=\
    74:C6:3B:11:5C:1D server=dhcp1
add address=192.168.16.230 always-broadcast=yes client-id=1:c0:65:99:3d:8e:6b comment="Cathrine's Phone" \
    mac-address=C0:65:99:3D:8E:6B server=dhcp1
add address=192.168.16.229 client-id=1:18:5e:f:d7:dc:55 comment="Aidan's Laptop" mac-address=\
    18:5E:0F:D7:DC:55 server=dhcp1
add address=192.168.16.228 client-id=1:44:a7:cf:ba:16:7f comment="Edmore's Phone" mac-address=\
    44:A7:CF:BA:16:7F server=dhcp1
add address=192.168.16.144 client-id=1:0:1e:8f:2b:20:c3 comment="Canon LBP6300" mac-address=\
    00:1E:8F:2B:20:C3 server=dhcp1
add address=192.168.16.224 client-id=1:80:a5:89:a6:8:d3 comment="Demo Product 2" mac-address=\
    80:A5:89:A6:08:D3 server=dhcp1
add address=192.168.16.221 client-id=1:9c:5c:8e:0:43:8d comment="Aidan's Vivo" mac-address=\
    9C:5C:8E:00:43:8D server=dhcp1
add address=192.168.16.225 comment="Joe's Tablet" mac-address=14:DA:E9:BE:F7:08 server=dhcp1
add address=192.168.16.222 always-broadcast=yes client-id=1:74:de:2b:4a:cf:f5 comment="Ian Brown's Laptop" \
    mac-address=74:DE:2B:4A:CF:F5 server=dhcp1
add address=192.168.16.220 comment="Android TV Box" mac-address=34:C3:D2:7D:0F:3F server=dhcp1
add address=192.168.16.219 client-id=1:f8:32:e4:4a:e:ad comment="Aidan's Tablet" mac-address=\
    F8:32:E4:4A:0E:AD server=dhcp1
add address=192.168.16.218 client-id=1:54:27:1e:75:8d:a5 comment="Alex's Laptop" mac-address=\
    54:27:1E:75:8D:A5 server=dhcp1
add address=192.168.16.217 client-id=1:28:5a:eb:18:f:5f comment="Aidan's iPhone New" mac-address=\
    28:5A:EB:18:0F:5F server=dhcp1
add address=192.168.16.213 client-id=1:cc:44:63:1b:d2:c9 comment="Michelle's iPhone 7" mac-address=\
    CC:44:63:1B:D2:C9 server=dhcp1
add address=192.168.16.216 client-id=1:e4:40:e2:e7:a3:24 comment="Joe's Phone 2" mac-address=\
    E4:40:E2:E7:A3:24 server=dhcp1
add address=192.168.16.214 client-id=1:78:24:af:c0:dc:e2 comment="Front Office Spare Desktop" mac-address=\
    C8:3A:35:CF:C7:4F server=dhcp1
add address=192.168.16.232 comment="Stanley's Phone" mac-address=D0:65:CA:F0:4A:D2 server=dhcp1
add address=192.168.16.211 always-broadcast=yes client-id=1:d0:fc:cc:81:4f:df comment="Ian Brown's Phone" \
    mac-address=D0:FC:CC:81:4F:DF server=dhcp1
add address=192.168.16.209 comment="Kudzai's Phone" mac-address=94:EB:CD:BE:EF:B6 server=dhcp1
add address=192.168.16.101 client-id=1:0:a8:59:d2:fe:5c comment="Cathrine's VoIP Phone" mac-address=\
    00:A8:59:D2:FE:5C server=dhcp1
add address=192.168.16.104 client-id=1:0:a8:59:cd:1:ba comment="Aidan's VoIP Phone" mac-address=\
    00:A8:59:CD:01:BA server=dhcp1
add address=192.168.16.249 client-id=1:e0:3f:49:f:e:6d comment="Dustin's Desktop" mac-address=\
    E0:3F:49:0F:0E:6D server=dhcp1
add address=192.168.16.236 client-id=1:54:72:4f:7e:87:61 comment="Dustin's iPhone" mac-address=\
    54:72:4F:7E:87:61 server=dhcp1
add address=192.168.16.210 client-id=1:b8:27:eb:4a:2c:45 comment="Raspberry Pi" mac-address=\
    B8:27:EB:4A:2C:45 server=dhcp1
add address=192.168.16.107 client-id=1:0:a8:59:d2:fe:56 comment="Matthew's VoIP Phone" mac-address=\
    00:A8:59:D2:FE:56 server=dhcp1
add address=192.168.16.106 client-id=1:0:a8:59:d2:fe:5e comment="Dustin's VoIP Phone" mac-address=\
    00:A8:59:D2:FE:5E server=dhcp1
add address=192.168.16.3 client-id=1:f4:b5:49:6:24:dc comment=MyPBX mac-address=F4:B5:49:06:24:DC server=\
    dhcp1
add address=192.168.16.5 client-id=1:0:15:5d:65:a:3 comment="Micro Man Server" mac-address=\
    00:15:5D:65:0A:03 server=dhcp1
/ip dhcp-server network
add address=192.168.16.0/24 dns-server=192.168.16.1 gateway=192.168.16.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=192.168.16.3 comment=MyPBX list=ZOL
add address=192.168.16.249 comment="Dustin's Desktop" list=ZOL
add address=192.168.16.247-192.168.16.248 comment="Michelle's Laptop 1" list=Utande
add address=192.168.16.234 comment="Cathrine's Desktop" list=ZOL
add address=192.168.16.233 comment="Edmore's Desktop" list=Utande
add address=192.168.16.241 comment="Joe's Desktop" list=Utande
add address=192.168.16.244 comment="Kudzai's Desktop" list=ZOL
add address=192.168.16.237 comment="Terry's Laptop" list=Utande
add address=192.168.16.245-192.168.16.246 comment="Dustin's Laptop" list=ZOL
add address=192.168.16.236 comment="Dustin's Phone" list=ZOL
add address=192.168.16.227 comment="Cathy Brennan's Laptop" list=Utande
add address=192.168.16.232 comment="Stanley's Phone" list=Utande
add address=192.168.16.231 comment="Matthew's Phone" list=Utande
add address=192.168.16.229 comment="Aidan's Laptop" list=ZOL
add address=192.168.16.238/31 comment="Matthew's Desktop" list=Utande
add address=192.168.16.240 comment="Michelle's Laptop 2" list=Utande
add address=192.168.16.235 comment="Michelle's iPhone" list=Utande
add address=192.168.16.150-192.168.16.152 comment="Spare IP's" list=Utande
add address=192.168.16.226 comment="Aidan's Bose Radio" list=ZOL
add address=192.168.16.225 comment="Joe's Tablet" list=Utande
add address=192.168.16.223-192.168.16.224 comment="Display Products" list=ZOL
add address=192.168.16.222 comment="Ian Brown's Laptop" list=Utande
add address=192.168.16.221 comment="Aidan's Vivo" list=ZOL
add address=192.168.16.220 comment="Android TV Box" list=ZOL
add address=192.168.16.218 comment="Alex's Laptop" list=ZOL
add address=192.168.16.217 comment="Aidan's iPhone New" list=ZOL
add address=192.168.16.213 comment="Michelle's iPhone 7" list=ZOL
add address=192.168.16.214 comment="Front Office Spare Desktop" list=ZOL
add address=192.168.16.219 comment="Aidan's Tablet" list=Utande
add address=192.168.16.210 comment="Raspberry Pi" list=ZOL
add address=192.168.16.230 comment="Cathrine's Phone" list=Utande
add address=192.168.16.209 comment="Kudzai's Phone" list=Utande
add address=192.168.16.228 comment="Edmore's Phone" list=Utande
add address=192.168.16.242/31 comment="Aidans iPhone" list=Utande
add address=192.168.16.216 comment="Joe's Phone" list=Utande
add address=192.168.16.211 comment="Ian Brown's Phone" list=Utande
add address=192.168.16.145 comment="Micro Man NAS" list=ZOL
add address=192.168.16.208 comment="Amy's Laptop" list=ZOL
add address=192.168.16.9-192.168.16.10 comment="Dustin's Laptop VPN" list=ZOL
add address=192.168.16.101-192.168.16.108 comment="VoIP Phones" list=ZOL
add address=192.168.16.1-192.168.16.254 comment="All Through ZOL" list=ZOL
add address=192.168.16.1-192.168.16.254 comment="All Through Utande" disabled=yes list=Utande
add address=192.168.16.0/24 list=support
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
add address=10.0.0.0/8 comment=\
    "Private[RFC 1918] - CLASS A # Check if you need this subnet before enable it" disabled=yes list=bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
add address=172.16.0.0/12 comment=\
    "Private[RFC 1918] - CLASS B # Check if you need this subnet before enable it" disabled=yes list=bogons
add address=192.168.0.0/16 comment=\
    "Private[RFC 1918] - CLASS C # Check if you need this subnet before enable it" disabled=yes list=bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons
add address=224.0.0.0/4 comment="MC, Class D, IANA # Check if you need this subnet before enable it" \
    disabled=yes list=bogons
add address=192.168.30.0/24 list=support
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface="Ether 1 - ZOL" protocol=udp
add action=drop chain=input dst-port=53 in-interface="Ether 1 - ZOL" protocol=tcp
add action=drop chain=input dst-port=53 in-interface="Ether 2 - Utande" protocol=udp
add action=drop chain=input dst-port=53 in-interface="Ether 2 - Utande" protocol=tcp
add action=drop chain=forward src-address=192.168.16.10-192.168.16.100
add action=drop chain=forward src-address=192.168.16.109-192.168.16.143
add action=add-src-to-address-list address-list=Syn_Flooder address-list-timeout=30m chain=input comment=\
    "Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp tcp-flags=syn
add action=drop chain=forward src-address=192.168.16.146-192.168.16.149
add action=drop chain=forward src-address=192.168.16.154-192.168.16.208
add action=drop chain=input comment="Drop to syn flood list" src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner address-list-timeout=1w chain=input comment=\
    "Port Scanner Detect" protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" src-address-list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=ICMP protocol=icmp
add action=drop chain=input comment="Block all access to the winbox - except to support list # DO NOT ENABLE\
    \_THIS RULE BEFORE ADD YOUR SUBNET IN THE SUPPORT ADDRESS LIST" disabled=yes dst-port=8291 protocol=tcp \
    src-address-list=!support
add action=jump chain=forward comment="Jump for icmp forward flow" jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=bogons
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 protocol=tcp \
    src-address-list=spammers
add chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add chain=input comment="Accept to established connections" connection-state=established
add chain=input comment="Accept to related connections" connection-state=related
add chain=input comment="Full access to SUPPORT address list" src-address-list=support
add action=drop chain=input comment=\
    "Drop anything else! # DO NOT ENABLE THIS RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED" \
    disabled=yes
add chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=icmp
add chain=ICMP comment="Time Exceeded" icmp-options=11:0 protocol=icmp
add chain=ICMP comment="Destination unreachable" icmp-options=3:0-1 protocol=icmp
add chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" disabled=yes protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP protocol=icmp
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=GroupA passthrough=no src-address-list=ZOL
add action=mark-routing chain=prerouting new-routing-mark=GroupB passthrough=no src-address-list=Utande
/ip firewall nat
add action=masquerade chain=srcnat
add action=masquerade chain=srcnat src-address=192.168.16.0/24
add action=masquerade chain=srcnat log=yes out-interface="Dustin Residence"
/ip route
add distance=1 gateway="ZOL PPPoE" routing-mark=GroupA
add distance=1 dst-address=192.168.4.0/24 gateway="Life Haven Mt Hampden" routing-mark=GroupA
add distance=1 dst-address=192.168.5.0/24 gateway="Dicomm McCann" routing-mark=GroupA
add distance=1 dst-address=192.168.6.0/24 gateway="Hogg Residence" routing-mark=GroupA
add distance=1 dst-address=192.168.30.0/24 gateway="Dustin Residence" routing-mark=GroupA
add distance=1 dst-address=192.168.101.0/24 gateway=172.64.xxx.xxx routing-mark=GroupA
add distance=1 gateway=196.29.xxx.xxx routing-mark=GroupB
add disabled=yes distance=1 dst-address=192.168.4.0/24 gateway="Life Haven Mt Hampden" routing-mark=GroupB
add disabled=yes distance=1 dst-address=192.168.5.0/24 gateway="Dicomm McCann" routing-mark=GroupB
add disabled=yes distance=1 dst-address=192.168.6.0/24 gateway="Hogg Residence" routing-mark=GroupB
add disabled=yes distance=1 dst-address=192.168.30.0/24 gateway="Dustin Residence" routing-mark=GroupB
add distance=1 dst-address=192.168.101.0/24 gateway=172.64.xxx.xxx routing-mark=GroupB
add distance=1 gateway="ZOL PPPoE" routing-mark=VPN
add distance=1 dst-address=192.168.3.0/24 gateway="Kennan Properties Kensington"
add distance=1 dst-address=192.168.101.0/24 gateway=172.64.xxx.xxx
/ppp secret
add local-address=192.168.16.11 name=dustin remote-address=192.168.16.12
add local-address=192.168.16.9 name=microman remote-address=192.168.16.10
add local-address=192.168.16.13 name=anglican-church remote-address=192.168.16.14
add local-address=192.168.16.15 name=kennan remote-address=192.168.16.16 service=pptp
add local-address=192.168.16.17 name=life-haven-mt-hampden profile=default-encryption remote-address=\
    192.168.16.18
add local-address=192.168.16.19 name=dicomm remote-address=192.168.16.20 service=pptp
add name=dustin-laptop profile="Dustin's Laptop"
add local-address=172.64.xxx.xxx name=bbvpn4 remote-address=172.64.xxx.xxx service=pptp
add local-address=192.168.16.21 name=dustin remote-address=192.168.16.22 service=l2tp
/system clock
set time-zone-name=Africa/Harare
/system identity
set name="Micro Man Cloud Router"
/system routerboard settings
set protected-routerboot=disabled

From what it looks like, I can actually get in to the remote MikroTik’s and things on the remote networks. I just cannot get in to my work network from any of my remote sites. I also cannot ping anything from anywhere even if the device is accessible from a browser. Like My Plex server, 192.168.30.30, I can’t ping from my work network, but I can access the computer through a browser.

Hi all. Any advice on the above?

Hi all,

Okay so I have figured out that the problem is to do with my routing marks. I cannot mark my VPN traffic as VPN and route it though my preffered WAN (ZOL).

Please could you someone have a look at my export and tell me where I’ve gone wrong. Your help, as always, is hugely appreciated!

/interface ethernet
set [ find default-name=ether1 ] mac-address=4C:5E:0C:99:A4:F2 name="Ether 1 - ZOL"
set [ find default-name=ether2 ] mac-address=4C:5E:0C:99:A4:F3 name="Ether 2 - Utande"
set [ find default-name=ether3 ] arp=proxy-arp mac-address=4C:5E:0C:99:A4:F4 name=\
    "Ether 3 - LAN (Quickbooks)" speed=1Gbps
set [ find default-name=ether4 ] mac-address=4C:5E:0C:99:A4:F5 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 4 - MyPBX"
set [ find default-name=ether5 ] mac-address=4C:5E:0C:99:A4:F6 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 5 - Spare" speed=1Gbps
set [ find default-name=ether6 ] mac-address=4C:5E:0C:99:A4:F7 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 6 - Michelle"
set [ find default-name=ether7 ] mac-address=4C:5E:0C:99:A4:F8 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 7 - Terry"
set [ find default-name=ether8 ] mac-address=4C:5E:0C:99:A4:F9 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 8 - Aidan"
set [ find default-name=ether9 ] mac-address=4C:5E:0C:99:A4:FA master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 9 - Workshop"
set [ find default-name=ether10 ] mac-address=4C:5E:0C:99:A4:FB master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 10 - Cathrine"
set [ find default-name=ether11 ] mac-address=4C:5E:0C:99:A4:FC master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 11 - Kudzai"
set [ find default-name=ether12 ] mac-address=4C:5E:0C:99:A4:FD master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 12 - Cottage"
set [ find default-name=ether13 ] mac-address=4C:5E:0C:99:A4:FE master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 13 - Aidan NAS" speed=1Gbps
set [ find default-name=ether14 ] mac-address=4C:5E:0C:99:A4:FF master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 14 - Micro Man NAS" speed=1Gbps
set [ find default-name=ether15 ] mac-address=4C:5E:0C:99:A5:00 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 15 - Dustin's Gigabit Switch" speed=10Gbps
set [ find default-name=ether16 ] mac-address=4C:5E:0C:99:A5:01 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 16 - Ceiling AP"
set [ find default-name=ether17 ] mac-address=4C:5E:0C:99:A5:02 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 17 - Network Printer"
set [ find default-name=ether18 ] mac-address=4C:5E:0C:99:A5:03 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 18 - NVR"
set [ find default-name=ether19 ] mac-address=4C:5E:0C:99:A5:04 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 19 - Reception Camera"
set [ find default-name=ether20 ] mac-address=4C:5E:0C:99:A5:05 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 20 - Entrance Camera"
set [ find default-name=ether21 ] mac-address=4C:5E:0C:99:A5:06 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 21 - Spare"
set [ find default-name=ether22 ] mac-address=4C:5E:0C:99:A5:07 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 22 - Spare"
set [ find default-name=ether23 ] mac-address=4C:5E:0C:99:A5:08 master-port="Ether 3 - LAN (Quickbooks)" \
    name="Ether 23 - Spare"
set [ find default-name=ether24 ] mac-address=4C:5E:0C:99:A5:09 name="Ether 24 - Spare"
set [ find default-name=sfp1 ] mac-address=4C:5E:0C:99:A5:0A
/interface pptp-server
add name="Anglican Church" user=anglican-church
add name="Dicomm McCann" user=dicomm
add name="Dustin Laptop" user=dustin-laptop
add name="Dustin Residence" user=dustin
add name="Hogg Residence" user=microman
add name="IT Direct RSA" user=bbvpn4
add name="Kennan Properties Kensington" user=kennan
add name="Life Haven Mt Hampden" user=life-haven-mt-hampden
/ip pool
add name=dhcp_pool1 ranges=192.168.16.100-192.168.16.254
add name=dhcp_pptp ranges=192.168.254.1-192.168.254.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface="Ether 3 - LAN (Quickbooks)" lease-time=3d name=dhcp1
/ppp profile
add change-tcp-mss=no name=ZOL use-encryption=yes
add dns-server=8.8.8.8,8.8.4.4 local-address=192.168.16.9 name="Dustin's Laptop" remote-address=\
    192.168.16.10
add dns-server=192.168.16.1 local-address=dhcp_pptp name=PPTP remote-address=dhcp_pptp
/interface pppoe-client
add add-default-route=yes disabled=no interface="Ether 1 - ZOL" name="ZOL PPPoE" profile=ZOL user=\
    microman@liquidtelecom.net
/queue simple
add burst-limit=256k/256k burst-threshold=128k/128k burst-time=10s/10s max-limit=128k/128k name=\
    "Kudzai's Desktop" target=192.168.16.244/32
add burst-limit=2M/2M burst-threshold=768k/768k burst-time=20s/20s max-limit=384k/384k name=\
    "Cathrine's Desktop" target=192.168.16.234/32
add burst-limit=1500k/1500k burst-threshold=768k/768k burst-time=10s/10s max-limit=384k/384k name=\
    "Cathy Brennan's Laptop" target=192.168.16.227/32
add burst-limit=2M/2M burst-threshold=768k/768k burst-time=20s/20s max-limit=384k/384k name=\
    "Matthew's Desktop" target=192.168.16.238/32,192.168.16.239/32
add burst-limit=2M/2M burst-threshold=768k/768k burst-time=20s/20s max-limit=384k/384k name="Joe's Desktop" \
    target=192.168.16.241/32
add max-limit=256k/256k name="Android TV Box" target=192.168.16.220/32
add burst-limit=2M/2M burst-threshold=768k/768k burst-time=20s/20s max-limit=384k/384k name=\
    "Edmore's Desktop" target=192.168.16.233/32
add burst-limit=1500k/1500k burst-threshold=768k/768k burst-time=10s/10s max-limit=384k/384k name=\
    "Terry's Laptop" target=192.168.16.237/32
add burst-limit=1M/1M burst-threshold=384k/384k burst-time=10s/10s max-limit=256k/256k name=\
    "Ian Brown's Laptop" target=192.168.16.222/32
add burst-limit=1500k/1500k burst-threshold=1M/1M burst-time=12s/12s max-limit=512k/512k name=\
    "Aidan's Laptop" priority=1/1 target=192.168.16.229/32
add burst-limit=2M/2M burst-threshold=512k/512k burst-time=20s/20s max-limit=384k/384k name="Aidan's Vivo" \
    priority=1/1 target=192.168.16.221/32
add burst-limit=2M/2M burst-threshold=768k/768k burst-time=20s/20s max-limit=384k/384k name=\
    "Michelle's Laptop 1" priority=2/2 target=192.168.16.247/32,192.168.16.248/32
add burst-limit=2M/2M burst-threshold=768k/768k burst-time=20s/20s max-limit=384k/384k name=\
    "Michelle's Laptop 2" priority=2/2 target=192.168.16.240/32
add burst-limit=1500k/1500k burst-threshold=768k/768k burst-time=10s/10s max-limit=384k/384k name=\
    "Raspberry Pi" priority=2/2 target=192.168.16.210/32
add burst-limit=2M/2M burst-threshold=768k/768k burst-time=20s/20s max-limit=512k/512k name=\
    "Dustin's Laptop" priority=1/1 target=192.168.16.245/32,192.168.16.246/32
add burst-limit=1M/1M burst-threshold=512k/512k burst-time=10s/10s max-limit=384k/384k name="Alex's Laptop" \
    priority=1/1 target=192.168.16.218/32
add burst-limit=3M/3M burst-threshold=1500k/1500k burst-time=20s/20s max-limit=1M/1M name=\
    "Dustin's Desktop" priority=1/1 target=192.168.16.249/32
add burst-limit=3M/3M burst-threshold=1500k/1500k burst-time=20s/20s max-limit=1M/1M name=MyPBX priority=\
    1/1 target=192.168.16.3/32
add burst-limit=1500k/1500k burst-threshold=768k/768k burst-time=10s/10s max-limit=384k/384k name=\
    "Front Office Spare Desktop" priority=1/1 target=192.168.16.214/32
add max-limit=1G/1G name="UniFi Ceiling AP" priority=1/1 target=192.168.16.215/32
add burst-limit=512k/512k burst-threshold=384k/384k burst-time=11s/11s max-limit=256k/256k name=\
    "Dustin's Phone" priority=1/1 target=192.168.16.236/32
add burst-limit=512k/512k burst-threshold=384k/384k burst-time=11s/11s max-limit=256k/256k name=\
    "Aidan's iPhone New" priority=1/1 target=192.168.16.217/32
add burst-limit=512k/512k burst-threshold=384k/384k burst-time=11s/11s max-limit=256k/256k name=\
    "Michelle's iPhone 7" priority=1/1 target=192.168.16.213/32
add burst-limit=128k/128k burst-threshold=100k/100k burst-time=11s/11s max-limit=32k/32k name=\
    "Cathrine's Phone" target=192.168.16.230/32
add burst-limit=128k/128k burst-threshold=100k/100k burst-time=11s/11s max-limit=32k/32k name=\
    "Kudzai's Phone" target=192.168.16.209/32
add burst-limit=128k/128k burst-threshold=100k/100k burst-time=11s/11s max-limit=32k/32k name=\
    "Ian Brown's Phone" target=192.168.16.211/32
add burst-limit=128k/128k burst-threshold=64k/64k burst-time=11s/11s max-limit=32k/32k name=\
    "Matthew's Phone" target=192.168.16.231/32
add burst-limit=128k/128k burst-threshold=100k/100k burst-time=11s/11s max-limit=32k/32k name=\
    "Edmore's Phone" target=192.168.16.228/32
add burst-limit=32k/32k burst-threshold=32k/32k burst-time=11s/11s max-limit=32k/32k name="Stanley's Phone" \
    target=192.168.16.232/32
add burst-limit=128k/128k burst-threshold=100k/100k burst-time=11s/11s max-limit=32k/32k name="Joe's Phone" \
    target=192.168.16.216/32
add burst-limit=128k/128k burst-threshold=64k/64k burst-time=11s/11s max-limit=32k/32k name="Joe's Tablet" \
    target=192.168.16.225/32
add burst-limit=512k/512k burst-threshold=384k/384k burst-time=11s/11s max-limit=256k/256k name=\
    "Aidan's iPhone" priority=1/1 target=192.168.16.242/32,192.168.16.243/32
add burst-limit=512k/512k burst-threshold=384k/384k burst-time=11s/11s max-limit=256k/256k name=\
    "Aidan's Tablet" priority=1/1 target=192.168.16.219/32
add burst-limit=512k/512k burst-threshold=384k/384k burst-time=11s/11s max-limit=256k/256k name=\
    "Michelle's iPhone" priority=2/2 target=192.168.16.235/32
add burst-limit=512k/512k burst-threshold=384k/384k burst-time=8s/8s max-limit=256k/256k name=\
    "Display Products" target=192.168.16.223/32,192.168.16.224/32
add max-limit=1M/1M name="Aidan's Bose Radio" target=192.168.16.226/32
add max-limit=1M/1M name="Spare IP's Parent" target=192.168.16.150/32,192.168.16.151/32,192.168.16.152/32
add max-limit=100M/100M name="VoIP Phones" target="192.168.16.101/32,192.168.16.102/32,192.168.16.103/32,192\
    .168.16.104/32,192.168.16.105/32,192.168.16.106/32,192.168.16.107/32,192.168.16.108/32"
add max-limit=100M/100M name="Spare IP 1" parent="Spare IP's Parent" target=192.168.16.150/32
add max-limit=100M/100M name="Cathrine's VoIP Phone" parent="VoIP Phones" target=192.168.16.101/32
add max-limit=100M/100M name="Jo's VoIP Phone" parent="VoIP Phones" target=192.168.16.108/32
add max-limit=100M/100M name="Spare IP 2" parent="Spare IP's Parent" target=192.168.16.151/32
add max-limit=256k/512k name="Spare IP 3" parent="Spare IP's Parent" target=192.168.16.152/32
add max-limit=100M/100M name="Spare IP 4" parent="Spare IP's Parent" target=192.168.16.153/32
add max-limit=100M/100M name="Michelle's VoIP Phone" parent="VoIP Phones" target=192.168.16.102/32
add max-limit=100M/100M name="Kudzai's VoIP Phone" parent="VoIP Phones" target=192.168.16.103/32
add max-limit=100M/100M name="Aidan's VoIP Phone" parent="VoIP Phones" target=192.168.16.104/32
add max-limit=100M/100M name="Terry's VoIP Phone" parent="VoIP Phones" target=192.168.16.105/32
add max-limit=100M/100M name="Dustin's VoIP Phone" parent="VoIP Phones" target=192.168.16.106/32
add max-limit=100M/100M name="Matthew's VoIP Phone" parent="VoIP Phones" target=192.168.16.107/32
add max-limit=1G/1G name="Micro Man NAS" priority=1/1 queue=ethernet-default/ethernet-default target=\
    192.168.16.145/32
add max-limit=1G/1G name="Micro Man Server" priority=1/1 queue=ethernet-default/ethernet-default target=\
    192.168.16.5/32
add max-limit=1G/1G name="Aidan's NAS" priority=1/1 queue=ethernet-default/ethernet-default target=\
    192.168.16.6/32
/interface ethernet switch port
set 0 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 1 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 2 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 3 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 4 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 5 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 6 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 7 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 8 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 9 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wr\
    r-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 10 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 11 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 12 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 13 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 14 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 15 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 16 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 17 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 18 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 19 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 20 dscp-based-qos-dscp-to-dscp-mapping=no per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,w\
    rr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128"
set 21 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32\
    ,wrr-group0:64,wrr-group0:128"
set 22 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32\
    ,wrr-group0:64,wrr-group0:128"
set 23 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32\
    ,wrr-group0:64,wrr-group0:128"
set 24 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32\
    ,wrr-group0:64,wrr-group0:128"
set 25 per-queue-scheduling="wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32\
    ,wrr-group0:64,wrr-group0:128"
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.16.1/24 interface="Ether 3 - LAN (Quickbooks)" network=192.168.16.0
add address=196.29.xxx.xxx/30 interface="Ether 2 - Utande" network=196.29.xxx.xxx
/ip dhcp-server lease
add address=192.168.16.248 client-id=1:c8:60:0:38:21:50 comment="Michelle's Laptop LAN" mac-address=\
    C8:60:00:38:21:50 server=dhcp1
add address=192.168.16.244 client-id=1:bc:ee:7b:9b:ab:8c comment="Kudzai's Desktop" mac-address=\
    BC:EE:7B:9B:AB:8C server=dhcp1
add address=192.168.16.239 client-id=1:74:d0:2b:e:6b:f2 comment="Matthew's Desktop 2" mac-address=\
    74:D0:2B:0E:6B:F2 server=dhcp1
add address=192.168.16.254 client-id=1:4:18:d6:23:21:64 comment="UniFi Reception Camera" mac-address=\
    04:18:D6:23:21:64 server=dhcp1
add address=192.168.16.233 always-broadcast=yes client-id=1:0:e0:4c:2:d0:4f comment="Edmore's PC" \
    mac-address=00:E0:4C:02:D0:4F server=dhcp1
add address=192.168.16.243 always-broadcast=yes client-id=1:6c:40:8:4e:7d:42 comment="Aidan's iPhone" \
    mac-address=6C:40:08:4E:7D:42 server=dhcp1
add address=192.168.16.253 client-id=1:4:18:d6:23:1f:ac comment="UniFi Workshop Camera" mac-address=\
    04:18:D6:23:1F:AC server=dhcp1
add address=192.168.16.237 client-id=1:0:1f:c6:7b:5:55 comment="Terry's Laptop" mac-address=\
    00:1F:C6:7B:05:55 server=dhcp1
add address=192.168.16.241 always-broadcast=yes client-id=1:40:16:7e:13:2d:e8 comment="Joe's Desktop" \
    mac-address=40:16:7E:13:2D:E8 server=dhcp1
add address=192.168.16.145 comment="Micro Man NAS" mac-address=10:BF:48:8A:6C:BB server=dhcp1
add address=192.168.16.251 client-id=1:4:18:d6:a1:87:f5 comment="UniFi Entrance Camera" mac-address=\
    04:18:D6:A1:87:F5 server=dhcp1
add address=192.168.16.252 client-id=1:4:18:d6:a1:84:3 comment="UniFi Parking Camera" mac-address=\
    04:18:D6:A1:84:03 server=dhcp1
add address=192.168.16.234 client-id=1:40:16:7e:2a:49:aa comment="Cathrine's PC" mac-address=\
    40:16:7E:2A:49:AA server=dhcp1
add address=192.168.16.247 client-id=1:0:8:ca:cb:9c:4 comment="Michelle's Laptop WLAN" mac-address=\
    00:08:CA:CB:9C:04 server=dhcp1
add address=192.168.16.246 client-id=1:e0:b9:a5:fe:9a:cd comment="Dustin's Laptop WLAN" mac-address=\
    E0:B9:A5:FE:9A:CD server=dhcp1
add address=192.168.16.6 comment="Aidan's NAS" mac-address=10:BF:48:8B:11:A8 server=dhcp1
add address=192.168.16.245 client-id=1:1c:b7:2c:2b:4c:89 comment="Dustin's Laptop LAN" mac-address=\
    1C:B7:2C:2B:4C:89 server=dhcp1
add address=192.168.16.235 always-broadcast=yes client-id=1:dc:86:d8:dd:89:b comment="Michelle's iPhone" \
    mac-address=DC:86:D8:DD:89:0B server=dhcp1
add address=192.168.16.242 client-id=1:70:e7:2c:bd:dd:7c comment="Aidan's iPhone" mac-address=\
    70:E7:2C:BD:DD:7C server=dhcp1
add address=192.168.16.240 client-id=1:e0:b9:a5:86:7b:2a comment="Michelle's Laptop 3" mac-address=\
    E0:B9:A5:86:7B:2A server=dhcp1
add address=192.168.16.238 client-id=1:2c:d0:5a:b0:5b:35 comment="Matthew's Desktop 1" mac-address=\
    2C:D0:5A:B0:5B:35 server=dhcp1
add address=192.168.16.102 client-id=1:0:a8:59:d2:fe:54 comment="Michelle's VoIP Phone" mac-address=\
    00:A8:59:D2:FE:54 server=dhcp1
add address=192.168.16.103 client-id=1:0:a8:59:d2:fe:64 comment="Kudzai's VoIP Phone" mac-address=\
    00:A8:59:D2:FE:64 server=dhcp1
add address=192.168.16.105 client-id=1:0:a8:59:d2:fe:5a comment="Terry VoIP Phone" mac-address=\
    00:A8:59:D2:FE:5A server=dhcp1
add address=192.168.16.231 comment="Matthew's Phone" mac-address=A4:71:74:DC:DD:68 server=dhcp1
add address=192.168.16.215 client-id=1:4:18:d6:a:4d:ee comment="UniFi Ceiling AP" mac-address=\
    04:18:D6:0A:4D:EE server=dhcp1
add address=192.168.16.226 client-id=1:0:c:8a:cf:42:ac comment="Aidan's Bose Radio" mac-address=\
    00:0C:8A:CF:42:AC server=dhcp1
add address=192.168.16.223 client-id=1:74:c6:3b:11:5c:1d comment="Demo Product 1" mac-address=\
    74:C6:3B:11:5C:1D server=dhcp1
add address=192.168.16.230 always-broadcast=yes client-id=1:c0:65:99:3d:8e:6b comment="Cathrine's Phone" \
    mac-address=C0:65:99:3D:8E:6B server=dhcp1
add address=192.168.16.229 client-id=1:18:5e:f:d7:dc:55 comment="Aidan's Laptop" mac-address=\
    18:5E:0F:D7:DC:55 server=dhcp1
add address=192.168.16.228 client-id=1:44:a7:cf:ba:16:7f comment="Edmore's Phone" mac-address=\
    44:A7:CF:BA:16:7F server=dhcp1
add address=192.168.16.144 client-id=1:0:1e:8f:2b:20:c3 comment="Canon LBP6300" mac-address=\
    00:1E:8F:2B:20:C3 server=dhcp1
add address=192.168.16.224 client-id=1:80:a5:89:a6:8:d3 comment="Demo Product 2" mac-address=\
    80:A5:89:A6:08:D3 server=dhcp1
add address=192.168.16.221 client-id=1:9c:5c:8e:0:43:8d comment="Aidan's Vivo" mac-address=\
    9C:5C:8E:00:43:8D server=dhcp1
add address=192.168.16.225 comment="Joe's Tablet" mac-address=14:DA:E9:BE:F7:08 server=dhcp1
add address=192.168.16.222 always-broadcast=yes client-id=1:74:de:2b:4a:cf:f5 comment="Ian Brown's Laptop" \
    mac-address=74:DE:2B:4A:CF:F5 server=dhcp1
add address=192.168.16.220 comment="Android TV Box" mac-address=34:C3:D2:7D:0F:3F server=dhcp1
add address=192.168.16.219 client-id=1:f8:32:e4:4a:e:ad comment="Aidan's Tablet" mac-address=\
    F8:32:E4:4A:0E:AD server=dhcp1
add address=192.168.16.218 client-id=1:54:27:1e:75:8d:a5 comment="Alex's Laptop" mac-address=\
    54:27:1E:75:8D:A5 server=dhcp1
add address=192.168.16.217 client-id=1:28:5a:eb:18:f:5f comment="Aidan's iPhone New" mac-address=\
    28:5A:EB:18:0F:5F server=dhcp1
add address=192.168.16.213 client-id=1:cc:44:63:1b:d2:c9 comment="Michelle's iPhone 7" mac-address=\
    CC:44:63:1B:D2:C9 server=dhcp1
add address=192.168.16.216 client-id=1:e4:40:e2:e7:a3:24 comment="Joe's Phone 2" mac-address=\
    E4:40:E2:E7:A3:24 server=dhcp1
add address=192.168.16.214 client-id=1:78:24:af:c0:dc:e2 comment="Front Office Spare Desktop" mac-address=\
    C8:3A:35:CF:C7:4F server=dhcp1
add address=192.168.16.232 comment="Stanley's Phone" mac-address=D0:65:CA:F0:4A:D2 server=dhcp1
add address=192.168.16.211 always-broadcast=yes client-id=1:d0:fc:cc:81:4f:df comment="Ian Brown's Phone" \
    mac-address=D0:FC:CC:81:4F:DF server=dhcp1
add address=192.168.16.209 comment="Kudzai's Phone" mac-address=94:EB:CD:BE:EF:B6 server=dhcp1
add address=192.168.16.101 client-id=1:0:a8:59:d2:fe:5c comment="Cathrine's VoIP Phone" mac-address=\
    00:A8:59:D2:FE:5C server=dhcp1
add address=192.168.16.104 client-id=1:0:a8:59:cd:1:ba comment="Aidan's VoIP Phone" mac-address=\
    00:A8:59:CD:01:BA server=dhcp1
add address=192.168.16.249 client-id=1:e0:3f:49:f:e:6d comment="Dustin's Desktop" mac-address=\
    E0:3F:49:0F:0E:6D server=dhcp1
add address=192.168.16.236 client-id=1:54:72:4f:7e:87:61 comment="Dustin's iPhone" mac-address=\
    54:72:4F:7E:87:61 server=dhcp1
add address=192.168.16.210 client-id=1:b8:27:eb:4a:2c:45 comment="Raspberry Pi" mac-address=\
    B8:27:EB:4A:2C:45 server=dhcp1
add address=192.168.16.107 client-id=1:0:a8:59:d2:fe:56 comment="Matthew's VoIP Phone" mac-address=\
    00:A8:59:D2:FE:56 server=dhcp1
add address=192.168.16.106 client-id=1:0:a8:59:d2:fe:5e comment="Dustin's VoIP Phone" mac-address=\
    00:A8:59:D2:FE:5E server=dhcp1
add address=192.168.16.3 client-id=1:f4:b5:49:6:24:dc comment=MyPBX mac-address=F4:B5:49:06:24:DC server=\
    dhcp1
add address=192.168.16.5 client-id=1:0:15:5d:65:a:3 comment="Micro Man Server" mac-address=\
    00:15:5D:65:0A:03 server=dhcp1
/ip dhcp-server network
add address=192.168.16.0/24 dns-server=192.168.16.1 gateway=192.168.16.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=192.168.16.249 comment="Dustin's Desktop" disabled=yes list=Utande
add address=192.168.16.247-192.168.16.248 comment="Michelle's Laptop 1" disabled=yes list=Utande
add address=192.168.16.234 comment="Cathrine's Desktop" disabled=yes list=Utande
add address=192.168.16.233 comment="Edmore's Desktop" disabled=yes list=Utande
add address=192.168.16.241 comment="Joe's Desktop" disabled=yes list=Utande
add address=192.168.16.244 comment="Kudzai's Desktop" disabled=yes list=Utande
add address=192.168.16.237 comment="Terry's Laptop" disabled=yes list=Utande
add address=192.168.16.245-192.168.16.246 comment="Dustin's Laptop" disabled=yes list=Utande
add address=192.168.16.236 comment="Dustin's Phone" disabled=yes list=Utande
add address=192.168.16.227 comment="Cathy Brennan's Laptop" disabled=yes list=Utande
add address=192.168.16.232 comment="Stanley's Phone" disabled=yes list=Utande
add address=192.168.16.231 comment="Matthew's Phone" disabled=yes list=Utande
add address=192.168.16.229 comment="Aidan's Laptop" disabled=yes list=Utande
add address=192.168.16.238/31 comment="Matthew's Desktop" disabled=yes list=Utande
add address=192.168.16.240 comment="Michelle's Laptop 2" disabled=yes list=Utande
add address=192.168.16.235 comment="Michelle's iPhone" disabled=yes list=Utande
add address=192.168.16.150-192.168.16.152 comment="Spare IP's" disabled=yes list=Utande
add address=192.168.16.226 comment="Aidan's Bose Radio" disabled=yes list=Utande
add address=192.168.16.225 comment="Joe's Tablet" disabled=yes list=Utande
add address=192.168.16.223-192.168.16.224 comment="Display Products" disabled=yes list=Utande
add address=192.168.16.222 comment="Ian Brown's Laptop" disabled=yes list=Utande
add address=192.168.16.221 comment="Aidan's Vivo" disabled=yes list=Utande
add address=192.168.16.220 comment="Android TV Box" disabled=yes list=Utande
add address=192.168.16.218 comment="Alex's Laptop" disabled=yes list=Utande
add address=192.168.16.217 comment="Aidan's iPhone New" disabled=yes list=Utande
add address=192.168.16.213 comment="Michelle's iPhone 7" disabled=yes list=Utande
add address=192.168.16.214 comment="Front Office Spare Desktop" disabled=yes list=Utande
add address=192.168.16.219 comment="Aidan's Tablet" disabled=yes list=Utande
add address=192.168.16.210 comment="Raspberry Pi" disabled=yes list=Utande
add address=192.168.16.230 comment="Cathrine's Phone" disabled=yes list=Utande
add address=192.168.16.209 comment="Kudzai's Phone" disabled=yes list=Utande
add address=192.168.16.228 comment="Edmore's Phone" disabled=yes list=Utande
add address=192.168.16.242/31 comment="Aidans iPhone" disabled=yes list=Utande
add address=192.168.16.216 comment="Joe's Phone" disabled=yes list=Utande
add address=192.168.16.211 comment="Ian Brown's Phone" disabled=yes list=Utande
add address=192.168.16.145 comment="Micro Man NAS" disabled=yes list=Utande
add address=192.168.16.208 comment="Amy's Laptop" disabled=yes list=Utande
add address=192.168.16.101-192.168.16.108 comment="VoIP Phones" disabled=yes list=Utande
add address=192.168.16.1-192.168.16.254 comment="All Through Utande" disabled=yes list=Utande
add address=192.168.16.0/24 comment="Local Network" list=support
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
add address=10.0.0.0/8 comment=\
    "Private[RFC 1918] - CLASS A # Check if you need this subnet before enable it" disabled=yes list=bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
add address=172.16.0.0/12 comment=\
    "Private[RFC 1918] - CLASS B # Check if you need this subnet before enable it" disabled=yes list=bogons
add address=192.168.0.0/16 comment=\
    "Private[RFC 1918] - CLASS C # Check if you need this subnet before enable it" disabled=yes list=bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons
add address=224.0.0.0/4 comment="MC, Class D, IANA # Check if you need this subnet before enable it" \
    disabled=yes list=bogons
add address=192.168.30.0/24 comment="Dustin Residence" list=support
add address=192.168.254.248 comment="Dustin's Laptop VPN" disabled=yes list=Utande
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface="Ether 1 - ZOL" protocol=udp
add action=drop chain=input dst-port=53 in-interface="Ether 1 - ZOL" protocol=tcp
add action=drop chain=input dst-port=53 in-interface="Ether 2 - Utande" protocol=udp
add action=drop chain=input dst-port=53 in-interface="Ether 2 - Utande" protocol=tcp
add action=drop chain=forward src-address=192.168.16.100
add action=drop chain=forward src-address=192.168.16.109-192.168.16.143
add action=drop chain=forward src-address=192.168.16.146-192.168.16.149
add action=drop chain=forward src-address=192.168.16.154-192.168.16.208
add action=add-src-to-address-list address-list=Syn_Flooder address-list-timeout=30m chain=input comment=\
    "Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp tcp-flags=syn
add action=drop chain=input comment="Drop to syn flood list" src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner address-list-timeout=1w chain=input comment=\
    "Port Scanner Detect" protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" src-address-list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=ICMP protocol=icmp
add action=drop chain=input comment="Block all access to the winbox - except to support list # DO NOT ENABLE\
    \_THIS RULE BEFORE ADD YOUR SUBNET IN THE SUPPORT ADDRESS LIST" disabled=yes dst-port=8291 protocol=tcp \
    src-address-list=!support
add action=jump chain=forward comment="Jump for icmp forward flow" jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=bogons
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 protocol=tcp \
    src-address-list=spammers
add chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add chain=input comment="Accept to established connections" connection-state=established
add chain=input comment="Accept to related connections" connection-state=related
add chain=input comment="Full access to SUPPORT address list" src-address-list=support
add action=drop chain=input comment=\
    "Drop anything else! # DO NOT ENABLE THIS RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED" \
    disabled=yes
add chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=icmp
add chain=ICMP comment="Time Exceeded" icmp-options=11:0 protocol=icmp
add chain=ICMP comment="Destination unreachable" icmp-options=3:0-1 protocol=icmp
add chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" disabled=yes protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP protocol=icmp
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=GroupB src-address-list=Utande
add action=mark-connection chain=output dst-port=1723 new-connection-mark=VPN-Connection passthrough=no \
    protocol=tcp src-address-list=Utande
add action=mark-routing chain=prerouting connection-mark=VPN-Connection dst-port=1723 new-routing-mark=VPN \
    passthrough=no protocol=tcp src-address-list=Utande
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.16.0/24
add action=masquerade chain=srcnat log=yes log-prefix=pptp src-address=192.168.254.0/24
add action=masquerade chain=srcnat disabled=yes
/ip route
add distance=1 gateway=196.29.xxx.xxx routing-mark=GroupB
add distance=1 gateway="ZOL PPPoE" routing-mark=VPN
add distance=1 dst-address=192.168.30.0/24 gateway="Dustin Residence" routing-mark=VPN
add distance=1 dst-address=192.168.3.0/24 gateway="Kennan Properties Kensington"
add distance=1 dst-address=192.168.4.0/24 gateway="Life Haven Mt Hampden"
add distance=1 dst-address=192.168.5.0/24 gateway="Dicomm McCann"
add distance=1 dst-address=192.168.6.0/24 gateway="Hogg Residence"
add distance=1 dst-address=192.168.101.0/24 gateway=172.64.0.2
add distance=1 dst-address=197.211.212.154/32 gateway="Dustin Residence"
/ppp secret
add name=dustin profile=PPTP
add local-address=192.168.16.9 name=microman profile=PPTP remote-address=192.168.16.10
add local-address=192.168.16.13 name=anglican-church profile=PPTP remote-address=192.168.16.14
add local-address=192.168.16.15 name=kennan profile=PPTP remote-address=192.168.16.16 service=pptp
add local-address=192.168.16.17 name=life-haven-mt-hampden profile=PPTP remote-address=192.168.16.18
add local-address=192.168.16.19 name=dicomm profile=PPTP remote-address=192.168.16.20 service=pptp
add name=dustin-laptop profile=PPTP
add local-address=172.64.0.1 name=bbvpn4 remote-address=172.64.0.2 service=pptp
add caller-id=41.190.57.194 local-address=192.168.16.23 name=justin remote-address=192.168.16.24
/system clock
set time-zone-name=Africa/Harare
/system identity
set name="Micro Man Cloud Router"
/system routerboard settings
set protected-routerboot=disabled