Here's my config with WAW GRE tunnel disabled at the moment so please ignore that.
Please ignore also FRA tunnel as well. Once I get WAW up and running properly as expected I'll take care of FRA.
```
# nov/12/2018 17:06:56 by RouterOS 6.44beta28
# software id = GQCV-GDDT
#
# model = 2011UiAS-2HnD
/interface bridge
add admin-mac=E4:8D:8C:37:5B:2E auto-mac=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master-local speed=100Mbps
set [ find default-name=ether3 ] name=ether3-slave-local speed=100Mbps
set [ find default-name=ether4 ] name=ether4-slave-local speed=100Mbps
set [ find default-name=ether5 ] name=ether5-slave-local speed=100Mbps
set [ find default-name=ether6 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether6-master-local
set [ find default-name=ether7 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether7-slave-local
set [ find default-name=ether8 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether8-slave-local
set [ find default-name=ether9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether9-slave-local
set [ find default-name=ether10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether10-slave-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors mode=ap-bridge ssid=XXXXX wireless-protocol=802.11
/interface gre
add disabled=yes !keepalive mtu=1456 name=gre-tunnel-FRA remote-address=xxx.xxx.xxx.xxx
add allow-fast-path=no disabled=yes !keepalive mtu=1456 name=gre-tunnel-WAW remote-address=xxx.xxx.xxx.xxx
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=xxx-xxx-xxx
/ip pool
add name=dhcp ranges=192.168.0.10-192.168.0.99
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=bridge-local lease-time=30m name=default
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface sstp-client
add connect-to=xxx.xxx.xxx.xxx disabled=no mrru=1600 name=brki profile=default-encryption user=XXXXX
/queue tree
add name=Total parent=global queue=default
add limit-at=5M max-limit=5M name=DX80 packet-mark=DX80-Packets parent=Total priority=1
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
add addresses=192.168.0.1/32 name=XXXX security=XXXXX
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local hw=no interface=sfp1
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether3-slave-local
add bridge=bridge-local interface=ether4-slave-local
add bridge=bridge-local interface=ether5-slave-local
add bridge=bridge-local interface=ether7-slave-local
add bridge=bridge-local interface=ether8-slave-local
add bridge=bridge-local interface=ether9-slave-local
add bridge=bridge-local interface=ether10-slave-local
/ip neighbor discovery-settings
set discover-interface-list=*2000015
/ip settings
set allow-fast-path=no
/interface l2tp-server server
set use-ipsec=yes
/interface list member
add interface=sfp1 list=discover
add interface=ether2-master-local list=discover
add interface=ether3-slave-local list=discover
add interface=ether4-slave-local list=discover
add interface=ether5-slave-local list=discover
add interface=ether6-master-local list=discover
add interface=ether7-slave-local list=discover
add interface=ether8-slave-local list=discover
add interface=ether9-slave-local list=discover
add interface=ether10-slave-local list=discover
add interface=wlan1 list=discover
add interface=bridge-local list=discover
add interface=brki list=discover
add interface=ether2-master-local list=mactel
add interface=ether3-slave-local list=mactel
add interface=ether2-master-local list=mac-winbox
add interface=ether4-slave-local list=mactel
add interface=ether3-slave-local list=mac-winbox
add interface=ether5-slave-local list=mactel
add interface=ether4-slave-local list=mac-winbox
add interface=ether6-master-local list=mactel
add interface=ether5-slave-local list=mac-winbox
add interface=ether7-slave-local list=mactel
add interface=ether6-master-local list=mac-winbox
add interface=ether8-slave-local list=mactel
add interface=ether7-slave-local list=mac-winbox
add interface=ether9-slave-local list=mactel
add interface=ether8-slave-local list=mac-winbox
add interface=ether10-slave-local list=mactel
add interface=ether9-slave-local list=mac-winbox
add interface=sfp1 list=mactel
add interface=ether10-slave-local list=mac-winbox
add interface=wlan1 list=mactel
add interface=sfp1 list=mac-winbox
add interface=bridge-local list=mactel
add interface=wlan1 list=mac-winbox
add interface=bridge-local list=mac-winbox
add interface=ether1-gateway list=WAN
add interface=sfp1
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=wlan1
add interface=bridge-local
add interface=brki
add interface=gre-tunnel-WAW
add interface=gre-tunnel-FRA
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.0.1/24 comment="default configuration" interface=ether2-master-local network=192.168.0.0
add address=xxx.xxx.xxx.xxx/24 interface=ether1-gateway network=xxx.xxx.xxx.0
add address=xxx.xxx.192.57/30 interface=gre-tunnel-WAW network=xxx.xxx.192.56
add address=xxx.xxx.192.61/30 interface=gre-tunnel-FRA network=xxx.xxx.192.60
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=ether1-gateway
/ip dhcp-server lease
add address=192.168.0.116 always-broadcast=yes client-id=1:1c:6a:7a:e0:a7:33 comment=xxxxx mac-address=1C:6A:7A:E0:A7:33 server=default
add address=192.168.0.112 client-id=1:54:75:d0:d5:a8:4e comment=XXXX mac-address=54:75:D0:D5:A8:4E server=default
add address=192.168.0.121 client-id=1:0:d0:55:e:53:8b comment=xxxx mac-address=00:D0:55:0E:53:8B server=default
add address=192.168.0.115 client-id=1:bc:5f:f4:1c:41:7b comment=xxxx mac-address=BC:5F:F4:1C:41:7B server=default
add address=192.168.0.117 always-broadcast=yes client-id=1:98:f1:70:e:0:39 comment=xxxx mac-address=98:F1:70:0E:00:39 server=default
add address=192.168.0.130 client-id=1:3c:4a:92:c0:d1:7e comment=Printer mac-address=3C:4A:92:C0:D1:7E server=default
add address=192.168.0.33 client-id=ff:65:cb:d:36:0:1:0:1:1e:f6:91:f7:0:1e:65:cb:d:36 comment=xxxxx mac-address=00:1E:65:CB:0D:36 server=default
add address=192.168.0.140 client-id=1:0:c:29:ba:be:e comment=xxxxx mac-address=00:0C:29:BA:BE:0E server=default
add address=192.168.0.150 client-id=cisco-0021.552d.cbca-Fa0 comment=xxxxxx mac-address=00:21:55:2D:CB:CA server=default
/ip dhcp-server network
add address=192.168.0.0/24 comment="default configuration" dns-server=192.168.0.1 gateway=192.168.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.8.8
/ip dns static
add address=192.168.0.1 name=router
add address=192.168.0.33 name=xxxx
add address=192.168.0.140 name=xxxx
add address=192.168.0.121 name=xxxx
/ip firewall address-list
add address=192.168.0.121 list=xxxxx
/ip firewall filter
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=DX80 passthrough=yes src-address=192.168.0.116
add action=mark-connection chain=prerouting new-connection-mark=DX80 passthrough=yes src-address=192.168.0.117
add action=mark-connection chain=prerouting new-connection-mark=xxxx passthrough=yes src-address=192.168.0.121
add action=mark-packet chain=prerouting connection-mark=DX80 new-packet-mark=DX80-Packets passthrough=no
add action=change-mss chain=forward new-mss=1416 out-interface=gre-tunnel-WAW passthrough=no protocol=tcp tcp-flags=syn tcp-mss=1453-65535
add action=mark-routing chain=prerouting dst-port=80,443 new-routing-mark="ZS Tunnel" passthrough=yes protocol=tcp src-address=192.168.0.0/24
/ip firewall nat
add action=accept chain=srcnat log-prefix=Tunnel-Test out-interface=gre-tunnel-WAW packet-mark="" src-address=192.168.0.0/24
add action=masquerade chain=srcnat comment="default configuration" log-prefix=Masq out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
/ip route
add comment="ZS Tunnel -> WAW" distance=10 gateway=gre-tunnel-WAW routing-mark="ZS Tunnel"
add distance=1 gateway=xxx.xxx.xxx.xxx
add distance=1 dst-address=192.168.10.0/24 gateway=brki
/ip route rule
add dst-address=0.0.0.0/0 interface=gre-tunnel-WAW routing-mark="ZS Tunnel" src-address=192.168.0.0/24 table="ZS Tunnel"
/lcd
set default-screen=interfaces time-interval=daily
/lcd interface
set sfp1 disabled=yes
set ether1-gateway max-speed=50.0Mbps
set ether2-master-local disabled=yes
set ether3-slave-local disabled=yes
set ether4-slave-local disabled=yes
set ether5-slave-local disabled=yes
set ether6-master-local disabled=yes
set ether7-slave-local disabled=yes
set ether8-slave-local disabled=yes
set ether9-slave-local disabled=yes
set ether10-slave-local disabled=yes
set wlan1 disabled=yes
/lcd interface pages
set 0 interfaces=ether1-gateway,wlan1
/lcd screen
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
set 4 disabled=yes
set 5 disabled=yes
/ppp secret
add name=xxx
/system identity
set name=XXXXX
/system ntp client
set enabled=yes primary-ntp=213.199.225.30 secondary-ntp=62.148.67.62 server-dns-names=0.pl.pool.ntp.org,1.pl.pool.ntp.org
/system package update
set channel=testing
/system routerboard settings
set cpu-frequency=750MHz silent-boot=no
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool romon port
add
/tool sniffer
```