# jul/25/2021 18:56:47 by RouterOS 6.43
# software id = 6TTH-KAVK
#
# model = 2011iL
# serial number = 5BEC04B45E97
/interface bridge
add admin-mac=4C:5E:0C:EC:67:2C arp=proxy-arp auto-mac=no fast-forward=no \
name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=proxy-arp \
name=ether6-master-local
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether7-slave-local
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether8-slave-local
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether9-slave-local
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether10-slave-local
/interface vlan
add arp=reply-only interface=bridge-local name=WiFi vlan-id=10
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=DHCP240 ranges=192.168.240.50-192.168.241.254
add name=VPN ranges=192.168.250.0/23
add name=WiFi ranges=192.168.246.0/23
add name=VPN230 ranges=192.168.230.0/23
/ip dhcp-server
add address-pool=DHCP240 authoritative=after-2sec-delay disabled=no \
interface=bridge-local name=default src-address=192.168.240.1
add add-arp=yes address-pool=WiFi disabled=no interface=WiFi name=wifi
/ppp profile
add change-tcp-mss=yes local-address=192.168.188.1 name=L2tp use-encryption=\
yes
add bridge=bridge-local change-tcp-mss=yes dns-server=192.168.240.100 \
local-address=192.168.240.1 name=VPN remote-address=VPN230 \
use-encryption=yes
add change-tcp-mss=yes local-address=192.168.240.1 name=SSTP only-one=no \
use-compression=yes use-encryption=yes use-mpls=no use-upnp=no
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge-local hw=no interface=ether2
add bridge=bridge-local hw=no interface=ether3
add bridge=bridge-local hw=no interface=ether4
add bridge=bridge-local hw=no interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=ether7-slave-local
add bridge=bridge-local interface=ether8-slave-local
add bridge=bridge-local interface=ether9-slave-local
add bridge=bridge-local interface=ether10-slave-local
add bridge=bridge-local interface=WiFi trusted=yes
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set authentication=mschap2 default-profile=VPN enabled=yes ipsec-secret=\
"#" use-ipsec=yes
/interface list member
add interface=ether2 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=ether6-master-local list=discover
add interface=ether7-slave-local list=discover
add interface=ether8-slave-local list=discover
add interface=ether9-slave-local list=discover
add interface=ether10-slave-local list=discover
add interface=bridge-local list=discover
add interface=ether2 list=mactel
add interface=ether3 list=mactel
add interface=ether2 list=mac-winbox
add interface=ether4 list=mactel
add interface=ether3 list=mac-winbox
add interface=ether5 list=mactel
add interface=ether4 list=mac-winbox
add interface=ether6-master-local list=mactel
add interface=ether5 list=mac-winbox
add interface=ether7-slave-local list=mactel
add interface=ether6-master-local list=mac-winbox
add interface=ether8-slave-local list=mactel
add interface=ether7-slave-local list=mac-winbox
add interface=ether9-slave-local list=mactel
add interface=ether8-slave-local list=mac-winbox
add interface=ether10-slave-local list=mactel
add interface=ether9-slave-local list=mac-winbox
add interface=bridge-local list=mactel
add interface=ether10-slave-local list=mac-winbox
add interface=bridge-local list=mac-winbox
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.0.1/23 comment="default configuration" interface=\
bridge-local network=192.168.0.0
add address=# interface=ether1-gateway network=#
add address=192.168.188.1/24 interface=bridge-local network=192.168.188.0
add address=192.168.240.1/23 interface=bridge-local network=192.168.240.0
add address=192.168.246.1/23 interface=WiFi network=192.168.246.0
add address=192.168.250.1/23 interface=bridge-local network=192.168.250.0
add address=192.168.230.1/23 interface=bridge-local network=192.168.230.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
ether1-gateway
/ip dns static
add address=192.168.0.1 name=router
/ip firewall filter
add action=accept chain=forward in-interface=ether1-gateway src-address-list=\
Whitelist
add action=accept chain=forward src-address=192.168.250.0/23 \
src-address-list=""
add action=accept chain=forward log=yes src-address=192.168.230.0/23
/ip route
add distance=1 gateway=#
add distance=1 dst-address=192.168.230.0/23 gateway=bridge-local pref-src=\
192.168.240.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp aaa
set use-radius=yes
/radius
add address=192.168.240.100 secret=\
# service=\
ppp,login src-address=192.168.240.1
/system clock
set time-zone-autodetect=no time-zone-name=Etc/GMT-5
/system identity
set name="PKF MikroTik"
/system logging
set 0 topics=info,!dhcp
/system ntp client
set enabled=yes primary-ntp=128.138.141.172
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/tool sniffer
set filter-port=radius-acct streaming-server=192.168.0.101
/user aaa
set default-group=full use-radius=yes
This is what I have right now, can't see anything wrong. But also what can be wrong on the client machine, if new address pool and routes are applied?