I had to make a mistake with the configuration because I configured according to this link
# aug/19/2022 18:10:36 by RouterOS 6.49.6
# software id = NXZU-0IEV
#
# model = RB760iGS
# serial number =
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2412 name=channel1
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2437 name=channel6
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2462 name=channel11
add band=5ghz-n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5180 name=channel36
add band=5ghz-n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5200 name=channel40
/caps-man datapath
add client-to-client-forwarding=yes local-forwarding=yes name=TP-Link_1C50 \
vlan-id=2 vlan-mode=use-tag
/interface bridge
add name=bridge1 pvid=999 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] mtu=1492
set [ find default-name=sfp1 ] auto-negotiation=no mtu=1596 rx-flow-control=\
on tx-flow-control=on
/interface vlan
add interface=bridge1 name=Dom vlan-id=2
add interface=bridge1 name=MGMT vlan-id=999
add interface=bridge1 name=Serwery vlan-id=10
add interface=bridge1 name=Storage vlan-id=21
add interface=ether5 name=WAN-VLAN vlan-id=200
add interface=bridge1 name=Wiktor vlan-id=4
add interface=bridge1 name=Wirtualizator-Prox vlan-id=20
/interface bonding
add lacp-rate=1sec mode=802.3ad name=bonding1 slaves=ether4,ether3,sfp1
/interface pppoe-client
add add-default-route=yes dial-on-demand=yes disabled=no interface=WAN-VLAN \
max-mru=1500 max-mtu=1500 name=pppoe-out1 password= user=\
/caps-man rates
add basic=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps ht-basic-mcs=\
"" ht-supported-mcs="" name=rate1 supported=\
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps vht-basic-mcs="" \
vht-supported-mcs=""
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=security1 \
passphrase=
/caps-man configuration
add channel.tx-power=40 country=no_country_set datapath=TP-Link_1C50 \
installation=any mode=ap name=TP-Link_1C50 rx-chains=0,1,2,3 security=\
security1 ssid=TP-Link_1C50 tx-chains=0,1,2,3
add channel.tx-power=40 country="united states" datapath=TP-Link_1C50 \
installation=any mode=ap name=TP-Link_1C50_5G rx-chains=0,1,2,3 security=\
security1 ssid=TP-Link_1C50_5G tx-chains=0,1,2,3
/caps-man interface
add configuration=TP-Link_1C50 configuration.hw-protection-mode=rts-cts \
configuration.multicast-helper=full datapath=TP-Link_1C50 disabled=no \
l2mtu=1600 mac-address=DC:2C:6E:1B:33:07 master-interface=none name=2g \
radio-mac=DC:2C:6E:1B:33:07 radio-name=DC2C6E1B3307 rates.basic=\
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps rates.ht-basic-mcs=\
"" rates.supported=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
security=security1
add channel.tx-power=40 configuration=TP-Link_1C50_5G datapath=TP-Link_1C50 \
disabled=no l2mtu=1600 mac-address=DC:2C:6E:1B:33:08 master-interface=\
none name=5g radio-mac=DC:2C:6E:1B:33:08 radio-name=DC2C6E1B3308 \
security=security1
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.0.100-192.168.0.200
add name=Lab ranges=192.168.1.2-192.168.1.254
add name=VPN ranges=192.168.2.2-192.168.2.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=Dom lease-time=2h name=\
dhcp1
add address-pool=Lab disabled=no name=Serwer_Lab
/lora servers
add address=eu.mikrotik.thethings.industries down-port=1700 name=TTN-EU \
up-port=1700
add address=us.mikrotik.thethings.industries down-port=1700 name=TTN-US \
up-port=1700
add address=eu1.cloud.thethings.industries down-port=1700 name=\
"TTS Cloud (eu1)" up-port=1700
add address=nam1.cloud.thethings.industries down-port=1700 name=\
"TTS Cloud (nam1)" up-port=1700
add address=au1.cloud.thethings.industries down-port=1700 name=\
"TTS Cloud (au1)" up-port=1700
add address=eu1.cloud.thethings.network down-port=1700 name="TTN V3 (eu1)" \
up-port=1700
add address=nam1.cloud.thethings.network down-port=1700 name="TTN V3 (nam1)" \
up-port=1700
add address=au1.cloud.thethings.network down-port=1700 name="TTN V3 (au1)" \
up-port=1700
/port
set 0 name=serial0
/ppp profile
add bridge=bridge1 dns-server=192.168.2.1 local-address=192.168.2.1 name=adam \
remote-address=VPN use-encryption=required
/queue simple
add dst=pppoe-out1 max-limit=7M/25M name=Szymon target=192.168.0.196/32 time=\
6h-22h,sun,mon,tue,wed,thu,fri,sat
add dst=pppoe-out1 max-limit=7M/25M name=Mariusz target=192.168.0.214/32 \
time=6h-22h,sun,mon,tue,wed,thu,fri,sat
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=TP-Link_1C50 \
name-format=identity slave-configurations=TP-Link_1C50
add action=create-dynamic-enabled master-configuration=TP-Link_1C50_5G \
name-format=identity slave-configurations=TP-Link_1C50_5G
/dude
set enabled=yes
/interface bridge port
add bridge=bridge1 interface=Dom pvid=2
add bridge=bridge1 interface=MGMT pvid=999
add bridge=bridge1 interface=Serwery pvid=10
add bridge=bridge1 interface=Wirtualizator-Prox pvid=20
add bridge=bridge1 interface=bonding1 pvid=999
add bridge=bridge1 interface=Storage pvid=21
add bridge=bridge1 interface=Wiktor pvid=4
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge1 tagged=bonding1,bridge1,MGMT vlan-ids=999
add bridge=bridge1 tagged=bridge1,bonding1 untagged=Dom vlan-ids=2
add bridge=bridge1 tagged=bridge1,bonding1 untagged=Serwery vlan-ids=10
add bridge=bridge1 tagged=bridge1,bonding1,Wirtualizator-Prox vlan-ids=20
add bridge=bridge1 tagged=bonding1,bridge1,Storage vlan-ids=21
add bridge=bridge1 tagged=bonding1,bridge1 vlan-ids=4
/interface l2tp-server server
set authentication=mschap2 default-profile=default ipsec-secret=Elektryk1@1 \
max-mru=1500 max-mtu=1500 use-ipsec=yes
/interface list member
add interface=ether5 list=WAN
add interface=ether4 list=LAN
/interface ovpn-server server
set auth=sha1 certificate=server cipher=aes128,aes192,aes256 default-profile=\
adam enabled=yes port=23119 require-client-certificate=yes
/ip address
add address=192.168.0.1/24 interface=Dom network=192.168.0.0
add address=10.70.1.1/29 interface=Wiktor network=10.70.1.0
add address=172.16.1.1/24 interface=MGMT network=172.16.1.0
add address=10.60.1.1/24 interface=Serwery network=10.60.1.0
add address=10.10.10.1/25 interface=Wirtualizator-Prox network=10.10.10.0
add address=10.10.10.129/25 interface=Storage network=10.10.10.128
/ip dhcp-server lease
add address=192.168.0.6 mac-address=00:D8:61:78:B2:34 use-src-mac=yes
add address=192.168.0.5 mac-address=00:D8:61:78:B2:35 use-src-mac=yes
add address=192.168.0.214 comment=Mariusz mac-address=B4:2E:99:67:A7:EB \
use-src-mac=yes
add address=192.168.0.196 comment=Szymon mac-address=4C:CC:6A:AF:11:51 \
use-src-mac=yes
add address=192.168.1.250 client-id=1:e0:db:55:c4:4c:b mac-address=\
E0:DB:55:C4:4C:0B server=Serwer_Lab use-src-mac=yes
add address=192.168.0.4 comment=PiHole mac-address=00:A0:98:5A:CC:A6 \
use-src-mac=yes
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.4 gateway=192.168.0.1
add address=192.168.1.0/24 dns-server=192.168.0.4 gateway=192.168.1.1
/ip dns
set servers=1.1.1.1,1.0.0.1
/ip firewall address-list
add address=192.168.0.0/24 list=Adresy_calej_sieci
add address=192.168.0.196 list=Komp
add address=192.168.0.214 list=Komp
add list=ddos-attackers
add list=ddos-target
/ip firewall filter
add action=accept chain=input src-address=192.168.2.0/24
add action=accept chain=input src-address=
add action=accept chain=forward src-address=192.168.2.0/24
add action=accept chain=input dst-port=23119 protocol=tcp
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddos-target \
address-list-timeout=10m chain=detect-ddos
add action=add-src-to-address-list address-list=ddos-attackers \
address-list-timeout=10m chain=detect-ddos
add action=drop chain=input dst-port=8291 in-interface=pppoe-out1 protocol=\
tcp
add action=drop chain=input in-interface=pppoe-out1 protocol=icmp
add action=add-src-to-address-list address-list=Syn_Flooder \
address-list-timeout=30m chain=input comment=\
"Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp \
tcp-flags=syn
add action=drop chain=input comment="Drop to syn flood list" \
src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner \
address-list-timeout=1w chain=input comment="Port Scanner Detect" \
protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" \
src-address-list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=\
ICMP protocol=icmp
add action=jump chain=forward comment="Jump for icmp forward flow" \
jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
bogons
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \
protocol=tcp src-address-list=spammers
add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add action=accept chain=input comment="Accept to established connections" \
connection-state=established
add action=accept chain=input comment="Accept to related connections" \
connection-state=related
add action=accept chain=input comment="Full access to SUPPORT address list" \
src-address-list=support
add action=accept chain=ICMP comment=\
"Echo request - Avoiding Ping Flood, adjust the limit as needed" \
icmp-options=8:0 limit=2,5:packet protocol=icmp
add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=\
icmp
add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 \
protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" icmp-options=\
3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP \
protocol=icmp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=dst-nat chain=dstnat dst-address= dst-address-type="" \
dst-port=80 protocol=tcp src-address-type="" to-addresses=10.60.1.8 \
to-ports=80
add action=dst-nat chain=dstnat dst-address= dst-port=443 \
protocol=tcp to-addresses=10.60.1.8 to-ports=443
add action=masquerade chain=srcnat disabled=yes dst-address=!10.60.1.8 \
src-address=192.168.0.0/24
add action=dst-nat chain=dstnat dst-address=10.60.1.8 dst-address-type=local \
dst-port=80 protocol=tcp to-addresses=10.60.1.8 to-ports=80
add action=dst-nat chain=dstnat dst-address=10.60.1.8 dst-address-type=local \
dst-port=443 protocol=tcp to-addresses=10.60.1.8 to-ports=443
add action=dst-nat chain=dstnat disabled=yes dst-address= \
dst-port=21 protocol=tcp to-addresses=192.168.0.10 to-ports=21
add action=dst-nat chain=dstnat disabled=yes dst-address= \
dst-port=20 protocol=tcp to-addresses=192.168.0.10 to-ports=20
add action=dst-nat chain=dstnat disabled=yes dst-address= \
dst-port=49000-49100 protocol=tcp to-addresses=192.168.0.10 to-ports=\
49000-49100
add action=dst-nat chain=dstnat dst-address=dst-port=\
65400-65410 protocol=tcp to-addresses=10.70.1.3 to-ports=65400-65410
/ip firewall raw
add action=drop chain=prerouting dst-address-list=ddos-target \
src-address-list=ddos-attackers
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
/ip route
add distance=1 gateway= pref-src=0.0.0.0 scope=10
/ip service
set telnet disabled=yes port=65408
set ftp disabled=yes port=960
set www disabled=yes port=65480
set ssh disabled=yes port=65400
set api disabled=yes
set api-ssl disabled=yes
/routing rip interface
add send=v1-2
/snmp
set enabled=yes location=192.168.0.20 trap-generators=interfaces \
trap-interfaces=all
/system clock
set time-zone-name=Europe/Warsaw
/system gps
set set-system-time=yes
/tool bandwidth-server
set authenticate=no max-sessions=1000
/tool user-manager database
set db-path=flash/user-manager