# may/19/2021 11:40:07 by RouterOS 6.48.2
#
# model = RB750Gr3
/interface bridge
add arp=proxy-arp comment="INTRANET BRIDGE" name=bridge1
/interface ethernet
set [ find default-name=ether1 ]
set [ find default-name=ether2 ] comment="Wan 2 PPPoE [Public IP]"
set [ find default-name=ether3 ] comment="Wan 1 [Main]"
set [ find default-name=ether4 ]
set [ find default-name=ether5 ]
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=10.0.0.2-10.0.3.254
add name=POOL_VPN ranges=192.168.10.2-192.168.10.253
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge1 lease-time=1h name=\
dhcp1
/ppp profile
add bridge=bridge1 local-address=192.168.10.50 name=VPN remote-address=\
POOLVPN use-encryption=required
add name=CONEXAO on-down=\
"/ip rout remove [find comment=\"MONITORAMENTO-CONEXAO\"]" on-up="/ip rout\
e add ds=8.8.8.8 gateway=\$\"remote-address\" scope=10 comment=MONITORAMEN\
TO-CONEXAO"
/interface pppoe-client
add comment="PPOE Wan 2" disabled=no interface=ether2 name=pppoe-out1 \
profile=CONEXAO use-peer-dns=yes user=xxxxx
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge1 comment= interface=ether1
add bridge=bridge1 comment= interface=ether5
add bridge=bridge1 comment= interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set authentication=chap,mschap1,mschap2 default-profile=VPN \
keepalive-timeout=disabled one-session-per-host=yes
/interface ovpn-server server
set auth=sha1 certificate=servidor cipher=aes256 default-profile=VPN \
enabled=yes require-client-certificate=yes
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=VPN
/ip address
add address=10.0.0.1/22 comment="INTRANET" interface=bridge1 network=\
10.0.0.0
/ip dhcp-client
add add-default-route=no disabled=no interface=ether3 script=":local IP \"208.\
67.222.222/32\"\r\
\n:if ([/ip route print count-only where dst-address=\$IP]=0) do={/ip rout\
e add dst-address=\$IP gateway=\$\"gateway-address\" scope=10}" \
use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
/ip dhcp-server network
add address=10.0.0.0/22 dns-server=10.0.0.2,208.67.222.222,8.8.8.8,4.2.2.1 \
domain=LOCALDOMAIN gateway=10.0.0.1
/ip dns
set servers=10.0.0.2,208.67.222.222,4.2.2.1
/ip firewall address-list
add address=10.0.3.243-10.0.0.3 list=NAT-LIST
/ip firewall filter
add action=accept chain=input comment=OpenVPN dst-port=1194 protocol=tcp
/ip firewall mangle
add action=accept chain=prerouting comment="BYPASS INTRANET" dst-address=\
10.0.0.0/22 src-address=10.0.0.0/22
add action=mark-routing chain=output connection-mark=conn_pppoe \
new-routing-mark=wan_pppoe passthrough=yes
add action=mark-connection chain=input connection-state=new in-interface=\
pppoe-out1 new-connection-mark=conn_pppoe passthrough=yes
/ip firewall nat
add action=dst-nat chain=dstnat comment="Webservice test" dst-port=80 \
in-interface=pppoe-out1 protocol=tcp to-addresses=10.0.2.7 to-ports=80
add action=masquerade chain=srcnat comment="MASQUERADE WAN 2 PPoE" \
out-interface=pppoe-out1 src-address=0.0.0.0/0
add action=masquerade chain=srcnat comment="MASQUERADE WAN 1" \
out-interface=ether3 src-address=0.0.0.0/0
/ip route
add comment="Route VPN" distance=1 gateway=pppoe-out1 routing-mark=wan_pppoe
add check-gateway=ping comment=ROTA-PADRAO-OIFIBRA distance=1 gateway=\
208.67.222.222
add check-gateway=ping comment=ROTA-PADRAO-CONEXAO distance=2 gateway=8.8.8.8
add comment=MONITORAMENTO-CONEXAO distance=1 dst-address=8.8.8.8/32 gateway=\
172.30.99.1 scope=10
add comment=MONITORAMENTO-OIFIBRA distance=1 dst-address=208.67.222.222/32 \
gateway=192.168.1.254 scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add name=xxx profile=VPN service=ovpn
/system clock
set time-zone-name=America/Sao_Paulo
/system identity
set name="MK01"