Vpn PP2P IPsec problem

RouterOS Beginner Basics
1

Hello to all.

i’m new to the forum and to mikrotik in general.
i have one hap lite for the begin of this trip.
I want to setup vpn so i can connect to my network (vlan4) when i’m away.

The setup is:

internet static IP(81.xxx.xxx.xxx) to isp modem(192.168.1.254) from there to eth01 (192.168.1.250) of Mikrotik
all the ports from public ip to eth01 are OPEN because 192.168.1.250 is as DMZ at ISP modem.


/interface bridge
add fast-forward=no name=Cp
add fast-forward=no name=CpGuests
add fast-forward=no name=CpService

/interface vlan
add interface=ether4 name=Consumer vlan-id=2
add interface=ether4 name=Guest vlan-id=3
add interface=ether4 name=Internal vlan-id=4

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN

/ip pool
add name=Internal_Pool ranges=10.0.10.10-10.0.10.254
add name=Consumer_Pool ranges=10.0.20.10-10.0.20.254
add name=Guest_Pool ranges=10.0.30.10-10.0.30.254

/ip dhcp-server
add address-pool=Internal_Pool disabled=no interface=Cp name=
Internal_DHCP
add address-pool=Consumer_Pool disabled=no interface=CpService name=
Consumer_DHCP
add address-pool=Guest_Pool disabled=no interface=CpGuests name=
Guest_DHCP

/interface bridge port
add bridge=Cp interface=wlan1
add bridge=Cp interface=Internal
add bridge=CpService interface=Consumer
add bridge=CpService interface=wlan2
add bridge=CpGuests interface=Guest
add bridge=CpGuests interface=wlan3

/interface list member
add comment=defconf interface=ether2 list=LAN
add comment=defconf interface=ether1 list=WAN

/ip address
add address=10.0.10.1/24 interface=Cp network=10.0.10.0
add address=10.0.20.1/24 interface=CpService network=10.0.20.0
add address=10.0.30.1/24 interface=CpGuests network=10.0.30.0
add address=192.168.1.250/24 interface=ether1 network=192.168.1.0

/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1

/ip dhcp-server network
add address=10.0.10.0/24 dns-server=8.8.8.8 gateway=10.0.10.1
add address=10.0.20.0/24 dns-server=8.8.8.8 gateway=10.0.20.1
add address=10.0.30.0/24 dns-server=8.8.8.8 gateway=10.0.30.1

/ip dns
set allow-remote-requests=yes servers=8.8.4.4.2,8.8.8.8

/ip route
add check-gateway=ping distance=1 gateway=192.168.1.254

i have try with many videos to make it work but i can not.
Any help will be good.
Thank you.