For some reason when I try connect through my RB750 I get a lot of "Error Connection Timed Out", and when pages do load they take a long time to do it. This doesnt happen if I connect directly to LTE router. Speedtest via either is around 70mbps down and 20mbps up. Speedtest works instantly when connected directly to the LTE router, but takes ages (20 to 30 seconds) to start when connected the 750.

LTE router is connected to the 750 on Port1, Port1 gets a DHCP address from the LTE router. Ports 2 - 5 are bridged and connect to the rest of my lan.

Can anyone please assist in where i may have gone wrong?

[admin@MikroTik] > /export compact
# jun/29/2021 22:57:34 by RouterOS 6.48.3
# software id = FHNP-TPS3
#
# model = RouterBOARD 750G r3
/interface bridge
add admin-mac=XXXXXXXXXXXXX auto-mac=no comment=defconf name=bridge
/interface pptp-client
add connect-to=VPN1 disabled=no name=VPN1
add connect-to=VPN2 disabled=no name=VPN2
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.1.100-192.168.1.254
add name=dhcp_pool2 ranges=192.168.200.2-192.168.200.10
add name=dhcp_pool3 ranges=192.168.1.151-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool3 disabled=no interface=bridge name=dhcp1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=192.168.1.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.1.150 client-id=1:XXXXXXXXXX comment=XXXXX mac-address=XXXXXXXXXX server=dhcp1
add address=192.168.1.250 client-id=1:XXXXXXXXXX comment=XXXXXXXXXXXXX mac-address=XXXXXXXXXXXXx server=dhcp1
add address=192.168.1.247 client-id=1:XXXXXXXXXX comment=XXXXXXXXXXXXXx mac-address=XXXXXXXXXXx server=dhcp1
add address=192.168.1.244 client-id=1:XXXXXXXXXX comment=XXXXXXXXXX mac-address=XXXXXXXXX server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=UguVPN
add action=masquerade chain=srcnat out-interface=ZiyandaVPN src-address-list=""
/ip route
add distance=1 dst-address=10.0.0.0/24 gateway=XXXVPN
add distance=1 dst-address=192.168.4.0/23 gateway=XXXXVPN
add distance=1 dst-address=192.168.12.0/23 gateway=XXXXVPN
add distance=1 dst-address=192.168.16.0/24 gateway=XXXXXVPN
/system clock
set time-zone-name=Africa/Johannesburg
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@MikroTik] >

except for vpn, to mee is like all regular

but if you use a LTE ROUTER than already assign IP do NAT etc.
your RB750GR3 must act like plain switch on this case, for not do double NAT, double firewall check, etc.

Thanks for the super quick reply.

If I remove the double Nat etc and bridge all 5 interfaces will I still be able to setup the VPN connections and static routes?

I'll give this a try in the morning.

I do not know your skill, but if all is well programmed, you can still to use vpn and routing like before.

Unfortunately my knowledge of RouterOS is pretty basic, but I understand what you are saying.

ill post again after Ive made the changes, ideally id like the 750 to stay the DCHP server, as well as handle the VPN routing (which im not sure how to do without the 750 being my default GW, or without creating static routes on my desktop?)