Site A
# apr/06/2021 17:45:35 by RouterOS 6.48.1
# software id = xxxxxxxx
#
# model = 951Ui-2HnD
# serial number = xxxxxxxx
/interface bridge
add fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether1 ] advertise=100M-full
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether5 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pppoe-client
add add-default-route=yes comment="xxxxxxxx" disabled=no interface=\
ether1 keepalive-timeout=900 max-mru=1492 max-mtu=1492 name=pppoe-out1 \
use-peer-dns=yes user=xxxxxxxx
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n country=\
no_country_set disabled=no frequency=2462 frequency-mode=manual-txpower \
mode=ap-bridge ssid=xxxxxxxx wireless-protocol=802.11
/interface ovpn-client
add certificate=cert_export_larisis.crt_0 cipher=aes256 connect-to=\
xxxxxxxx mac-address=xxxxxxxx name=ovpn-out1 user=larisis
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.250
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
bridge1 name=dhcp1
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw\
ord,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge1 hw=no interface=ether2
add bridge=bridge1 hw=no interface=ether3
add bridge=bridge1 hw=no interface=ether4
add bridge=bridge1 hw=no interface=ether5
/interface list member
add interface=pppoe-out1 list=WAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4,1.1.1.1,192.168.1.1 \
gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=212.205.212.205,8.8.8.8,8.8.4.4,1.1.1.1
/ip firewall nat
add action=dst-nat chain=dstnat disabled=yes dst-port=5060 in-interface=\
ovpn-out1 protocol=tcp to-addresses=192.168.1.101 to-ports=5060
add action=masquerade chain=srcnat src-address=192.168.1.0/24
/ip firewall raw
add action=notrack chain=prerouting disabled=yes src-address=192.168.1.101
add action=notrack chain=prerouting disabled=yes dst-address=192.168.1.101
/ip firewall service-port
set h323 disabled=yes
set sip disabled=yes
/ip route
add distance=1 dst-address=172.16.0.0/16 gateway=192.168.8.1
/ip service
set telnet address=192.168.1.0/24
set ftp address=192.168.1.0/24
set www address=192.168.1.0/24
set ssh address=192.168.1.0/24
set api address=192.168.1.0/24
set winbox address=192.168.1.0/24
set api-ssl address=192.168.1.0/24
/system clock
set time-zone-name=Europe/Athens
/system leds
set 5 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=62.103.129.253 secondary-ntp=194.177.210.54 \
server-dns-names=""
/tool sniffer
set file-name=capture-pharment-201 filter-ip-address=172.16.255.101/32
Site B
# apr/06/2021 14:34:47 by RouterOS 6.48.1
# software id =
#
# model = 951Ui-2nD
# serial number = xxxxxxxx
/interface ethernet
set [ find default-name=ether2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
xxxxxxxxxx name=WAN1-port2
set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
xxxxxxxxxxx name=WAN2-port3
set [ find default-name=ether4 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
xxxxxxxxxxx name=WAN3-port4
set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether5 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
xxxxxxxxxxx
/interface pppoe-client
add interface=WAN2-port3 keepalive-timeout=60 max-mru=1480 max-mtu=1480 name=pppoe-out1 user= xxxxxxxxxxx
add disabled=no interface=WAN1-port2 keepalive-timeout=60 max-mru=1480 max-mtu=1200 name=pppoe-out2 user=\
xxxxxxxxxxx
add interface=WAN3-port4 keepalive-timeout=60 max-mru=1480 max-mtu=1480 name=pppoe-out3 user= xxxxxxxxxxx
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 country=no_country_set frequency-mode=manual-txpower ssid=MikroTik \
station-roaming=enabled
/interface ethernet switch port
set 0 vlan-mode=fallback
set 1 vlan-mode=fallback
set 2 vlan-mode=fallback
set 3 vlan-mode=fallback
set 5 vlan-mode=fallback
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp_pool1 ranges=172.16.0.2-172.16.255.254
add name=ovpn-pool ranges=192.168.8.20
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay disabled=no interface=ether1 lease-time=1d name=dhcp1
/ppp profile
add local-address=192.168.8.1 name=ovpn remote-address=ovpn-pool
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
set 1 disk-file-name=log
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface ovpn-server server
set auth=sha1 certificate=server cipher=aes256 enabled=yes require-client-certificate=yes
/ip address
add address=172.16.0.1/16 interface=ether1 network=172.16.0.0
/ip dhcp-server network
add address=172.16.0.0/16 dns-server=8.8.8.8,8.8.4.4,195.170.0.2 gateway=172.16.0.1
/ip dns
set servers=8.8.8.8,1.1.1.1
/ip firewall address-list
add address=172.16.255.239 list=user-no-pcc
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=port88 passthrough=no protocol=tcp src-port=88
add action=mark-routing chain=prerouting new-routing-mark=port89 passthrough=no protocol=tcp src-port=89
add action=accept chain=prerouting src-address-list=user-no-pcc
add action=accept chain=prerouting disabled=yes in-interface=pppoe-out1
add action=accept chain=prerouting in-interface=pppoe-out2
add action=accept chain=prerouting disabled=yes in-interface=pppoe-out3
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/0 src-address=172.16.0.0/16
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=wan2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/1 src-address=172.16.0.0/16
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=wan3_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/2 src-address=172.16.0.0/16
add action=mark-routing chain=prerouting connection-mark=wan1_conn new-routing-mark=to_wan1 passthrough=yes \
src-address=172.16.0.0/16
add action=mark-routing chain=prerouting connection-mark=wan2_conn new-routing-mark=to_wan2 passthrough=yes \
src-address=172.16.0.0/16
add action=mark-routing chain=prerouting connection-mark=wan3_conn new-routing-mark=to_wan3 passthrough=yes \
src-address=172.16.0.0/16
add action=mark-connection chain=prerouting comment=VOIP dst-port=5060 new-connection-mark=VOIP passthrough=yes \
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=VOIP new-packet-mark=VOIP passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface=pppoe-out1 src-address=172.16.0.0/16
add action=masquerade chain=srcnat out-interface=pppoe-out2 src-address=172.16.0.0/16
add action=masquerade chain=srcnat disabled=yes out-interface=pppoe-out3 src-address=172.16.0.0/16
add action=dst-nat chain=dstnat dst-port=3389 in-interface=!WAN1-port2 protocol=tcp to-addresses=172.16.255.239 \
to-ports=3389
add action=dst-nat chain=dstnat disabled=yes dst-port=5060 in-interface=!WAN1-port2 protocol=tcp to-addresses=\
172.16.255.101 to-ports=5060
add action=dst-nat chain=dstnat dst-port=3333 in-interface=!WAN1-port2 protocol=udp to-addresses=172.16.35.20 to-ports=\
3333
add action=dst-nat chain=dstnat disabled=yes dst-port=21 in-interface=!WAN1-port2 protocol=tcp to-addresses=\
172.16.255.239 to-ports=21
add action=dst-nat chain=dstnat disabled=yes dst-address-type="" dst-port=89 in-interface=!WAN1-port2 protocol=tcp \
src-address-type="" to-addresses=172.16.10.11 to-ports=89
add action=dst-nat chain=dstnat disabled=yes dst-address-type="" dst-port=88 in-interface=!WAN1-port2 protocol=tcp \
src-address-type="" to-addresses=172.16.10.10 to-ports=88
add action=dst-nat chain=dstnat dst-port=8081 in-interface=!WAN1-port2 protocol=tcp to-addresses=172.16.255.252 \
to-ports=8081
add action=dst-nat chain=dstnat dst-port=3341 in-interface=!WAN1-port2 protocol=tcp to-addresses=172.16.255.239 \
to-ports=1433
add action=dst-nat chain=dstnat disabled=yes dst-port=3390 in-interface=!WAN3-port4 protocol=tcp to-addresses=\
172.16.255.239 to-ports=3389
/ip firewall raw
add action=notrack chain=output disabled=yes out-interface=pppoe-out2 src-address=172.16.255.101
add action=notrack chain=prerouting disabled=yes dst-address=172.16.255.101 in-interface=pppoe-out2
/ip firewall service-port
set h323 disabled=yes
set sip disabled=yes
set udplite disabled=yes
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1
/ip route
add check-gateway=arp distance=7 gateway=pppoe-out2 routing-mark=port88
add check-gateway=arp distance=7 gateway=pppoe-out2 routing-mark=port89
add check-gateway=ping disabled=yes distance=1 gateway=pppoe-out1 routing-mark=to_wan1
add check-gateway=ping distance=1 gateway=pppoe-out2 routing-mark=to_wan2
add check-gateway=ping disabled=yes distance=1 gateway=pppoe-out3 routing-mark=to_wan3
add check-gateway=ping distance=1 gateway=pppoe-out2
add check-gateway=ping disabled=yes distance=1 gateway=pppoe-out2
add check-gateway=ping disabled=yes distance=1 gateway=pppoe-out3
add disabled=yes distance=3 gateway=pppoe-out2
add distance=1 dst-address=192.168.1.0/24 gateway=192.168.8.20
/ip service
set telnet address=172.16.0.0/16
set ftp address=172.16.0.0/16
set www address=172.16.0.0/16
set ssh address=172.16.0.0/16
set api address=172.16.0.0/16
/ip smb shares
set [ find default=yes ] directory=/pub
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ppp secret
add name=larisis profile=ovpn
/system clock
set time-zone-autodetect=no
/system ntp client
set enabled=yes primary-ntp=194.177.210.54
I hope i pasted it right here