post your current config.
/export hide-sensitive file=anynameyouwish
# jun/25/2021 19:47:08 by RouterOS 6.47.8
# software id = RY13-W6WU
#
# model = RBD52G-5HacD2HnD
# serial number = D7160CB65217
/interface bridge
add admin-mac=48:8F:5A:CC:E7:E4 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country=slovenia disabled=no distance=indoors frequency=auto \
installation=indoor mode=ap-bridge ssid=Pfizer2G station-roaming=enabled \
wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country=slovenia disabled=no frequency=auto mode=\
ap-bridge ssid=AstraZeneca5G station-roaming=enabled wireless-protocol=\
802.11
/interface vlan
add interface=ether5 name=vlan10 vlan-id=10
add interface=ether5 name=vlan20 vlan-id=20
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk,wpa2-eap eap-methods=\
"" mode=dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=10.0.1.10-10.0.1.254
add name=dhcp_pool1 ranges=192.168.13.2-192.168.13.254
add name=dhcp_pool2 ranges=192.168.13.2-192.168.13.200
add name=dhcp_pool3 ranges=192.168.13.2-192.168.13.254
add name=dhcp_pool4 ranges=192.168.13.2-192.168.13.254
add name=dhcp_pool5 ranges=192.168.10.1,192.168.10.3-192.168.10.254
add name=dhcp_pool6 ranges=192.168.13.2-192.168.13.254
add name=dhcp_pool7 ranges=192.168.13.2-192.168.13.254
add name=dhcp_pool8 ranges=10.0.10.2-10.0.10.254
add name=dhcp_pool9 ranges=10.0.10.2-10.0.10.254
add name=dhcp_pool10 ranges=10.0.10.2-10.0.10.254
add name=dhcp_pool11 ranges=10.0.20.2-10.0.20.254
add name=dhcp_pool12 ranges=10.0.10.2-10.0.10.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool11 disabled=no interface=vlan20 name=dhcp1
add address-pool=dhcp_pool12 disabled=no interface=vlan10 name=dhcp2
/ppp profile
set *FFFFFFFE dns-server=10.0.1.1 local-address=192.168.89.1 remote-address=\
vpn
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/interface bridge settings
set use-ip-firewall=yes
/ip neighbor discovery-settings
set discover-interface-list=!LAN
/ip settings
set tcp-syncookies=yes
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=10.0.1.1/24 comment=defconf interface=ether2 network=10.0.1.0
add address=10.0.10.1/24 interface=vlan10 network=10.0.10.0
add address=10.0.20.1/24 interface=vlan20 network=10.0.20.0
add address=89.x.x.x/16 interface=ether1 network=89.x.x.x
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=10.0.1.2 client-id=1:8:55:31:30:d7:92 mac-address=\
08:55:31:30:D7:92 server=defconf
/ip dhcp-server network
add address=10.0.1.0/24 comment=defconf dns-server=10.0.10.5,1.1.1.1 gateway=\
10.0.1.1 netmask=24
add address=10.0.10.0/24 dns-server=1.1.1.1 gateway=10.0.10.1
add address=10.0.20.0/24 dns-server=1.1.1.1 gateway=10.0.20.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1
/ip dns static
add address=10.0.1.1 comment=defconf name=router.lan
/ip firewall address-list
add address=10.0.1.2-10.0.1.254 list=allowed_to_router
add address=10.0.20.2 list=allowed_to_router
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \
protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=accept chain=input comment="Allow DNS to the router" dst-port=53 \
protocol=udp src-address=10.0.10.5
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=accept chain=forward comment="Allow DNS" dst-address=10.0.10.5 \
src-address=10.0.1.12
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
add action=accept chain=input comment="default configuration" \
connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=10050 protocol=tcp to-addresses=\
45.76.83.36 to-ports=10050
add action=dst-nat chain=dstnat dst-port=10051 protocol=tcp to-addresses=\
45.76.83.36 to-ports=10051
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
192.168.89.0/24
/ip route
add distance=1 gateway=89.x.x.xf
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=10.0.10.0/24
set ssh address=10.0.1.0/24
set www-ssl address=0.0.0.0/0 tls-version=only-1.2
set api disabled=yes
set winbox address=10.0.1.0/24,10.0.10.5/32
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/ip traffic-flow
set enabled=yes
/ip traffic-flow target
add dst-address=10.0.1.10
/ppp secret
add name=vpn
/system clock
set time-zone-name=Europe/Ljubljana
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=LAN