Wed Sep 14 14:48:09 2016 : pptp_get_router_address
Wed Sep 14 14:48:09 2016 : pptp_get_router_address 192.168.52.1 from dict 1
Wed Sep 14 14:48:09 2016 : PPTP connecting to server '{REDACTED_HOST}' (REDACTED_IP)...
Wed Sep 14 14:48:09 2016 : PPTP connect errno = 61 Connection refused

Sep 14 14:45:51: TCP: connect to [AF_INET]<SERVER_IP_REDACTED>:1194 failed, will try again in 5 seconds: Connection refused

# sep/15/2016 07:34:27 by RouterOS 6.36.2
# software id = RETE-7H0B
#
/ip firewall filter
add action=accept chain=input comment="Allow SSH from WAN" dst-port=<REDACTED> in-interface=WAN protocol=tcp
add action=accept chain=input comment="Allow PPTP from WAN (TCP)" dst-port=1723 in-interface=WAN protocol=tcp
add action=accept chain=input comment="Allow PPTP from WAN (GRE)" in-interface=WAN protocol=gre
add action=accept chain=input comment="Allow L2TP from WAN (UDP)" dst-port=1701,500,4500 in-interface=WAN protocol=udp
add action=accept chain=input comment="Allow L2TP from WAN (IPSec-ESP)" in-interface=WAN protocol=ipsec-esp
add action=accept chain=input comment="Allow OpenVPN from WAN" dst-port=1194 in-interface=WAN protocol=tcp
add action=accept chain=input comment="Allow established and related connections from WAN" connection-state=established,related in-interface=WAN
add action=drop chain=input comment="Drop everything else from WAN" in-interface=WAN
add action=jump chain=forward comment="Restrict Harmony Hub from WAN" in-interface=LAN jump-target=HARMONY out-interface=WAN src-address=192.168.1.26
add action=jump chain=forward comment="Restrict Foscam cameras from WAN" in-interface=LAN jump-target=FOSCAM out-interface=WAN src-address=\
    192.168.1.50-192.168.1.60
add action=fasttrack-connection chain=forward comment="FastTrack established and related connections" connection-state=established,related
add action=passthrough chain=forward comment="Count non-FastTrack'ed traffic"
add action=accept chain=FOSCAM dst-port=123 protocol=udp
add action=add-dst-to-address-list address-list=FOSCAM_DROPPED address-list-timeout=0s chain=FOSCAM
add action=reject chain=FOSCAM reject-with=icmp-network-unreachable
add action=add-dst-to-address-list address-list=HARMONY_DROPPED address-list-timeout=0s chain=HARMONY
add action=reject chain=HARMONY reject-with=icmp-network-unreachable

# sep/15/2016 15:10:15 by RouterOS 6.36.2
# software id = RETE-7H0B
#
/ip firewall filter
add action=fasttrack-connection chain=forward comment="FastTrack established and related connections" connection-state=established,related
add action=accept chain=input comment="Allow established and related connections from WAN" connection-state=established,related in-interface=WAN
add action=accept chain=input comment="Allow SSH from WAN" dst-port=<REDACTED> in-interface=WAN protocol=tcp
add action=accept chain=input comment="Allow PPTP from WAN (TCP)" dst-port=1723 in-interface=WAN protocol=tcp
add action=accept chain=input comment="Allow PPTP from WAN (GRE)" in-interface=WAN protocol=gre
add action=accept chain=input comment="Allow L2TP from WAN (UDP)" dst-port=1701,500,4500 in-interface=WAN protocol=udp
add action=accept chain=input comment="Allow L2TP from WAN (IPSec-ESP)" in-interface=WAN protocol=ipsec-esp
add action=accept chain=input comment="Allow OpenVPN from WAN" dst-port=1194 in-interface=WAN protocol=tcp
add action=drop chain=input comment="Drop everything else from WAN" in-interface=WAN
add action=jump chain=forward comment="Restrict Harmony Hub to WAN" in-interface=LAN jump-target=HARMONY out-interface=WAN src-address=192.168.1.26
add action=jump chain=forward comment="Restrict Foscam cameras to WAN" in-interface=LAN jump-target=FOSCAM out-interface=WAN src-address=192.168.1.50-192.168.1.60
add action=passthrough chain=forward comment="Count non-FastTrack'ed traffic"
add action=accept chain=FOSCAM dst-port=123 protocol=udp
add action=add-dst-to-address-list address-list=FOSCAM_DROPPED address-list-timeout=0s chain=FOSCAM
add action=reject chain=FOSCAM reject-with=icmp-network-unreachable
add action=add-dst-to-address-list address-list=HARMONY_DROPPED address-list-timeout=0s chain=HARMONY
add action=reject chain=HARMONY reject-with=icmp-network-unreachable

# sep/15/2016 21:09:27 by RouterOS 6.36.2
# software id = RETE-7H0B
#

/interface bridge
add admin-mac=E4:8D:8C:A4:5D:E0 auto-mac=no name=LAN

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country="united states" disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
    <REDACTED> wireless-protocol=802.11

/interface ethernet
set [ find default-name=ether1 ] name=WAN
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
set [ find default-name=ether6 ] master-port=ether2-master
set [ find default-name=ether7 ] master-port=ether2-master
set [ find default-name=ether8 ] master-port=ether2-master
set [ find default-name=ether9 ] master-port=ether2-master
set [ find default-name=ether10 ] master-port=ether2-master
set [ find default-name=ether11 ] master-port=ether2-master
set [ find default-name=ether12 ] master-port=ether2-master
set [ find default-name=ether13 ] master-port=ether2-master
set [ find default-name=ether14 ] master-port=ether2-master
set [ find default-name=ether15 ] master-port=ether2-master
set [ find default-name=ether16 ] master-port=ether2-master
set [ find default-name=ether17 ] master-port=ether2-master
set [ find default-name=ether18 ] master-port=ether2-master
set [ find default-name=ether19 ] master-port=ether2-master
set [ find default-name=ether20 ] master-port=ether2-master
set [ find default-name=ether21 ] master-port=ether2-master
set [ find default-name=ether22 ] master-port=ether2-master
set [ find default-name=ether23 ] master-port=ether2-master
set [ find default-name=ether24 ] master-port=ether2-master
set [ find default-name=sfp1 ] disabled=yes master-port=ether2-master

/ip neighbor discovery
set WAN discover=no

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys wpa-pre-shared-key=<REDACTED> wpa2-pre-shared-key=<REDACTED>

/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.199
add name=vpn ranges=192.168.1.200-192.168.1.249

/ip dhcp-server
add address-pool=dhcp disabled=no interface=LAN lease-time=1h name=default

/ppp profile
set *0 bridge=LAN dns-server=192.168.1.1 local-address=dhcp only-one=no remote-address=vpn use-compression=yes use-encryption=required use-mpls=no use-upnp=no
set *FFFFFFFE change-tcp-mss=default use-encryption=default

/system logging action
set 0 memory-lines=250

/user group
set read policy=local,telnet,ssh,ftp,reboot,read,test,winbox,password,web,sniff,sensitive,api,romon,dude,!write,!policy
set write policy=local,telnet,ssh,ftp,reboot,read,write,test,winbox,password,web,sniff,sensitive,api,romon,dude,!policy

/interface bridge port
add bridge=LAN interface=ether2-master
add bridge=LAN interface=wlan1

/interface l2tp-server server
set authentication=mschap2 default-profile=default enabled=yes ipsec-secret=<REDACTED> use-ipsec=yes

/interface ovpn-server server
set certificate=<REDACTED> cipher=blowfish128,aes128,aes192,aes256 enabled=yes

/interface pptp-server server
set authentication=mschap2 default-profile=default enabled=yes

/interface sstp-server server
set default-profile=default-encryption

/ip address
add address=192.168.1.1/24 interface=ether2-master network=192.168.1.0

/ip cloud
set ddns-enabled=yes update-time=no

/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=WAN use-peer-dns=no use-peer-ntp=no

/ip dhcp-server lease
<REDACTED>

/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 netmask=24

/ip dns
set allow-remote-requests=yes cache-max-ttl=1h servers=8.8.8.8,8.8.4.4

/ip dns static
<REDACTED>

/ip firewall filter
add action=fasttrack-connection chain=forward comment="FastTrack established and related connections" connection-state=established,related
add action=accept chain=input comment="Allow established and related connections from WAN" connection-state=established,related in-interface=WAN
add action=accept chain=input comment="Allow SSH from WAN" dst-port=<REDACTED> in-interface=WAN protocol=tcp
add action=accept chain=input comment="Allow PPTP from WAN (TCP)" dst-port=1723 in-interface=WAN protocol=tcp
add action=accept chain=input comment="Allow PPTP from WAN (GRE)" in-interface=WAN protocol=gre
add action=accept chain=input comment="Allow L2TP from WAN (UDP)" dst-port=1701,500,4500 in-interface=WAN protocol=udp
add action=accept chain=input comment="Allow L2TP from WAN (IPSec-ESP)" in-interface=WAN protocol=ipsec-esp
add action=accept chain=input comment="Allow OpenVPN from WAN" dst-port=1194 in-interface=WAN protocol=tcp
add action=drop chain=input comment="Drop everything else from WAN" in-interface=WAN
add action=jump chain=forward comment="Restrict Harmony Hub to WAN" in-interface=LAN jump-target=HARMONY out-interface=WAN src-address=192.168.1.26
add action=jump chain=forward comment="Restrict Foscam cameras to WAN" in-interface=LAN jump-target=FOSCAM out-interface=WAN src-address=192.168.1.50-192.168.1.60
add action=passthrough chain=forward comment="Count non-FastTrack'ed traffic"
add action=accept chain=FOSCAM dst-port=123 protocol=udp
add action=add-dst-to-address-list address-list=FOSCAM_DROPPED address-list-timeout=0s chain=FOSCAM
add action=reject chain=FOSCAM reject-with=icmp-network-unreachable
add action=add-dst-to-address-list address-list=HARMONY_DROPPED address-list-timeout=0s chain=HARMONY
add action=reject chain=HARMONY reject-with=icmp-network-unreachable

/ip firewall nat
add action=masquerade chain=srcnat comment="Masquerade VPN traffic" src-address=192.168.1.200-192.168.1.249
add action=masquerade chain=srcnat comment="Source NAT" out-interface=WAN
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=192.168.1.10 dst-port=<REDACTED> out-interface=LAN protocol=tcp
add action=dst-nat chain=dstnat dst-address=192.168.1.1 dst-port=<REDACTED> in-interface=LAN protocol=tcp to-addresses=192.168.1.10
add action=dst-nat chain=dstnat comment=SFTP dst-port=<REDACTED> in-interface=WAN protocol=tcp to-addresses=192.168.1.10 to-ports=<REDACTED>
add action=dst-nat chain=dstnat comment=DSM dst-port=<REDACTED> in-interface=WAN protocol=tcp to-addresses=192.168.1.10 to-ports=<REDACTED>
add action=dst-nat chain=dstnat comment="Cloud Station" dst-port=<REDACTED> in-interface=WAN protocol=tcp to-addresses=192.168.1.10 to-ports=<REDACTED>
add action=dst-nat chain=dstnat comment="Jenkins - Apple" dst-port=<REDACTED> in-interface=WAN protocol=tcp to-addresses=192.168.1.80 to-ports=<REDACTED>
add action=dst-nat chain=dstnat comment="Jenkins - Windows" dst-port=<REDACTED> in-interface=WAN protocol=tcp to-addresses=192.168.1.82 to-ports=<REDACTED>

/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes

/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0

/ip service
set ftp disabled=yes
set ssh port=<REDACTED>
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes

/ip ssh
set forwarding-enabled=yes strong-crypto=yes

/ip upnp
set enabled=yes

/ip upnp interfaces
add interface=WAN type=external
add interface=LAN type=internal

/lcd
set backlight-timeout=10m

/lcd interface pages
set 0 interfaces=wlan1

/ppp aaa
set accounting=no

/ppp secret
add name=vpn password=<REDACTED>

/system clock
set time-zone-autodetect=no time-zone-name=America/Los_Angeles

/system console
set [ find ] disabled=yes

/system logging
set 1 action=disk

/system ntp client
set enabled=yes server-dns-names=time.nist.gov

/system routerboard settings
set protected-routerboot=disabled

/tool bandwidth-server
set enabled=no

/tool mac-server
set [ find default=yes ] disabled=yes
add interface=LAN

/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=LAN