Thanks much for offering to help, here's the output of "export":
# sep/15/2016 21:09:27 by RouterOS 6.36.2
# software id = RETE-7H0B
#
/interface bridge
add admin-mac=E4:8D:8C:A4:5D:E0 auto-mac=no name=LAN
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country="united states" disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
<REDACTED> wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=WAN
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
set [ find default-name=ether6 ] master-port=ether2-master
set [ find default-name=ether7 ] master-port=ether2-master
set [ find default-name=ether8 ] master-port=ether2-master
set [ find default-name=ether9 ] master-port=ether2-master
set [ find default-name=ether10 ] master-port=ether2-master
set [ find default-name=ether11 ] master-port=ether2-master
set [ find default-name=ether12 ] master-port=ether2-master
set [ find default-name=ether13 ] master-port=ether2-master
set [ find default-name=ether14 ] master-port=ether2-master
set [ find default-name=ether15 ] master-port=ether2-master
set [ find default-name=ether16 ] master-port=ether2-master
set [ find default-name=ether17 ] master-port=ether2-master
set [ find default-name=ether18 ] master-port=ether2-master
set [ find default-name=ether19 ] master-port=ether2-master
set [ find default-name=ether20 ] master-port=ether2-master
set [ find default-name=ether21 ] master-port=ether2-master
set [ find default-name=ether22 ] master-port=ether2-master
set [ find default-name=ether23 ] master-port=ether2-master
set [ find default-name=ether24 ] master-port=ether2-master
set [ find default-name=sfp1 ] disabled=yes master-port=ether2-master
/ip neighbor discovery
set WAN discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys wpa-pre-shared-key=<REDACTED> wpa2-pre-shared-key=<REDACTED>
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.199
add name=vpn ranges=192.168.1.200-192.168.1.249
/ip dhcp-server
add address-pool=dhcp disabled=no interface=LAN lease-time=1h name=default
/ppp profile
set *0 bridge=LAN dns-server=192.168.1.1 local-address=dhcp only-one=no remote-address=vpn use-compression=yes use-encryption=required use-mpls=no use-upnp=no
set *FFFFFFFE change-tcp-mss=default use-encryption=default
/system logging action
set 0 memory-lines=250
/user group
set read policy=local,telnet,ssh,ftp,reboot,read,test,winbox,password,web,sniff,sensitive,api,romon,dude,!write,!policy
set write policy=local,telnet,ssh,ftp,reboot,read,write,test,winbox,password,web,sniff,sensitive,api,romon,dude,!policy
/interface bridge port
add bridge=LAN interface=ether2-master
add bridge=LAN interface=wlan1
/interface l2tp-server server
set authentication=mschap2 default-profile=default enabled=yes ipsec-secret=<REDACTED> use-ipsec=yes
/interface ovpn-server server
set certificate=<REDACTED> cipher=blowfish128,aes128,aes192,aes256 enabled=yes
/interface pptp-server server
set authentication=mschap2 default-profile=default enabled=yes
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.1.1/24 interface=ether2-master network=192.168.1.0
/ip cloud
set ddns-enabled=yes update-time=no
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=WAN use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
<REDACTED>
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1h servers=8.8.8.8,8.8.4.4
/ip dns static
<REDACTED>
/ip firewall filter
add action=fasttrack-connection chain=forward comment="FastTrack established and related connections" connection-state=established,related
add action=accept chain=input comment="Allow established and related connections from WAN" connection-state=established,related in-interface=WAN
add action=accept chain=input comment="Allow SSH from WAN" dst-port=<REDACTED> in-interface=WAN protocol=tcp
add action=accept chain=input comment="Allow PPTP from WAN (TCP)" dst-port=1723 in-interface=WAN protocol=tcp
add action=accept chain=input comment="Allow PPTP from WAN (GRE)" in-interface=WAN protocol=gre
add action=accept chain=input comment="Allow L2TP from WAN (UDP)" dst-port=1701,500,4500 in-interface=WAN protocol=udp
add action=accept chain=input comment="Allow L2TP from WAN (IPSec-ESP)" in-interface=WAN protocol=ipsec-esp
add action=accept chain=input comment="Allow OpenVPN from WAN" dst-port=1194 in-interface=WAN protocol=tcp
add action=drop chain=input comment="Drop everything else from WAN" in-interface=WAN
add action=jump chain=forward comment="Restrict Harmony Hub to WAN" in-interface=LAN jump-target=HARMONY out-interface=WAN src-address=192.168.1.26
add action=jump chain=forward comment="Restrict Foscam cameras to WAN" in-interface=LAN jump-target=FOSCAM out-interface=WAN src-address=192.168.1.50-192.168.1.60
add action=passthrough chain=forward comment="Count non-FastTrack'ed traffic"
add action=accept chain=FOSCAM dst-port=123 protocol=udp
add action=add-dst-to-address-list address-list=FOSCAM_DROPPED address-list-timeout=0s chain=FOSCAM
add action=reject chain=FOSCAM reject-with=icmp-network-unreachable
add action=add-dst-to-address-list address-list=HARMONY_DROPPED address-list-timeout=0s chain=HARMONY
add action=reject chain=HARMONY reject-with=icmp-network-unreachable
/ip firewall nat
add action=masquerade chain=srcnat comment="Masquerade VPN traffic" src-address=192.168.1.200-192.168.1.249
add action=masquerade chain=srcnat comment="Source NAT" out-interface=WAN
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=192.168.1.10 dst-port=<REDACTED> out-interface=LAN protocol=tcp
add action=dst-nat chain=dstnat dst-address=192.168.1.1 dst-port=<REDACTED> in-interface=LAN protocol=tcp to-addresses=192.168.1.10
add action=dst-nat chain=dstnat comment=SFTP dst-port=<REDACTED> in-interface=WAN protocol=tcp to-addresses=192.168.1.10 to-ports=<REDACTED>
add action=dst-nat chain=dstnat comment=DSM dst-port=<REDACTED> in-interface=WAN protocol=tcp to-addresses=192.168.1.10 to-ports=<REDACTED>
add action=dst-nat chain=dstnat comment="Cloud Station" dst-port=<REDACTED> in-interface=WAN protocol=tcp to-addresses=192.168.1.10 to-ports=<REDACTED>
add action=dst-nat chain=dstnat comment="Jenkins - Apple" dst-port=<REDACTED> in-interface=WAN protocol=tcp to-addresses=192.168.1.80 to-ports=<REDACTED>
add action=dst-nat chain=dstnat comment="Jenkins - Windows" dst-port=<REDACTED> in-interface=WAN protocol=tcp to-addresses=192.168.1.82 to-ports=<REDACTED>
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip service
set ftp disabled=yes
set ssh port=<REDACTED>
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/ip ssh
set forwarding-enabled=yes strong-crypto=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=WAN type=external
add interface=LAN type=internal
/lcd
set backlight-timeout=10m
/lcd interface pages
set 0 interfaces=wlan1
/ppp aaa
set accounting=no
/ppp secret
add name=vpn password=<REDACTED>
/system clock
set time-zone-autodetect=no time-zone-name=America/Los_Angeles
/system console
set [ find ] disabled=yes
/system logging
set 1 action=disk
/system ntp client
set enabled=yes server-dns-names=time.nist.gov
/system routerboard settings
set protected-routerboot=disabled
/tool bandwidth-server
set enabled=no
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=LAN
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=LAN