here it is:
Config is very simple - ipsec default values - nothing changed
EDIT:
Since the forum have the space for post the config, why does it come to mind to use a third party site to host the configuration?
# sep/07/2022 10:58:27 by RouterOS 7.5
# software id = 8Y7Z-MPVF
#
# model = RB750Gr3
/interface pptp-server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
add name=pptp-in-komrat user=komrat
/interface bridge
add admin-mac=DC:2C:6E:A5:90:D5 auto-mac=no comment=defconf name=bridge \
protocol-mode=none
/interface ethernet
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full l2mtu=1598 speed=100Mbps
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full l2mtu=1598 speed=100Mbps
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full l2mtu=1598 speed=100Mbps
set [ find default-name=ether5 ] advertise=\
10M-half,10M-full,100M-half,100M-full l2mtu=1598 speed=100Mbps
/interface l2tp-server
add name=l2tp-in-b.yurii user=b.yurii
add name=l2tp-in-bend_magazin user=bend_magazin
add name=l2tp-in-bendery user=bendery
add name=l2tp-in-bvp88 user=bvp88
add name=l2tp-in-dimasb user=dimasb
add name=l2tp-in-noodle user=noodle
add name=l2tp-in-oleg user=oleg
add name=l2tp-in-pavel.s user=pavel.s
add name=l2tp-in-rost user=rost
add name=l2tp-in-serghei_sw user=serghei_sw
/interface wireguard
add listen-port=51280 mtu=1420 name=wg-aaa
add listen-port=51281 mtu=1420 name=wg-mgmt
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.1.10-192.168.1.99
add name=vpn_pool ranges=10.10.66.10-10.10.66.100
/ip dhcp-server
add address-pool=default-dhcp interface=bridge lease-time=1d name=defconf
/port
set 0 name=serial0
/ppp profile
set *0 only-one=yes
add change-tcp-mss=yes local-address=10.10.66.1 name=vpn_profile only-one=yes \
remote-address=vpn_pool
set *FFFFFFFE only-one=yes
/system logging action
set 1 disk-file-name=log
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,rest-api"
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface l2tp-server server
set default-profile=vpn_profile enabled=yes one-session-per-host=yes \
use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=l2tp-in-bendery list=LAN
add interface=wg-aaa list=LAN
/interface ovpn-server server
set auth=sha1,md5
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set enabled=yes
/interface wireguard peers
add allowed-address=10.100.9.2/32,172.16.64.0/24,172.16.48.0/24 interface=\
wg-aaa persistent-keepalive=1m public-key=\
"3xHf2EF8FOLsllOj/R5g0WkHKwbuLGU42tIDglyO0kA="
add allowed-address=172.16.100.1/32,172.16.128.240/28 endpoint-address=\
xx.xx.xx.xx endpoint-port=51281 interface=wg-mgmt persistent-keepalive=\
1m public-key="+bOAra4X60R6b2rFrU7x2hZKzrwSZpmpWcYB+GfiVj4="
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=\
192.168.1.0
add address=xx.xx.xx.xx/30 interface=ether1 network=xx.xx.xx.xx
add address=10.100.9.1/24 interface=wg-aaa network=10.100.9.0
add address=172.16.100.171/24 interface=wg-mgmt network=172.16.100.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf disabled=yes interface=*2
/ip dhcp-server lease
add address=192.168.1.108 client-id=1:d0:50:99:85:31:9e mac-address=\
D0:50:99:85:31:9E server=defconf
add address=192.168.1.106 client-id=1:e0:d5:5e:27:91:1a mac-address=\
E0:D5:5E:27:91:1A server=defconf
add address=192.168.1.107 client-id=1:d8:5e:d3:58:6a:84 mac-address=\
D8:5E:D3:58:6A:84 server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4 \
gateway=192.168.1.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.1.1 name=router.lan
/ip firewall address-list
add address=xx.xx.xx.xx list=admin
add address=172.16.128.240/28 list=admin
add address=10.10.66.0/24 list=allow_rdp_apteka
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input src-address-list=admin
add action=accept chain=input comment="l2tp tunnel" dst-port=500,1701,4500 \
protocol=udp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid log=yes
add action=accept chain=input dst-port=51280 protocol=udp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid log=yes
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=xx.xx.xx.xx
add disabled=no distance=1 dst-address=172.16.64.0/24 gateway=wg-aaa \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=yes distance=1 dst-address=192.168.101.0/24 gateway=*18 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no distance=1 dst-address=172.16.128.240/28 gateway=wg-mgmt \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no dst-address=172.16.136.0/24 gateway=l2tp-in-bendery
add disabled=no distance=1 dst-address=172.16.48.247/32 gateway=wg-aaa \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no distance=1 dst-address=172.16.2.0/24 gateway=l2tp-in-bendery \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb shares
set [ find default=yes ] directory=/pub
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ppp secret
add name=rost profile=vpn_profile service=l2tp
add name=komrat profile=vpn_profile service=pptp
add name=noodle profile=vpn_profile service=l2tp
add name=oleg profile=vpn_profile service=l2tp
add name=pavel.s profile=vpn_profile service=l2tp
add local-address=10.10.66.1 name=bendery profile=vpn_profile remote-address=\
10.10.66.2 service=l2tp
add name=b.yurii profile=vpn_profile service=l2tp
add name=serghei_sw profile=vpn_profile service=l2tp
add name=bvp88 profile=vpn_profile service=l2tp
add name=dimasb profile=vpn_profile service=l2tp
add name=bend_magazin profile=vpn_profile service=l2tp
add name=qd profile=vpn_profile service=l2tp
/system clock
set time-zone-name=Europe/Chisinau
/system identity
set name=rb-core.almdn.ext
/system leds
add interface=*1 leds="" type=wireless-status
/system resource irq rps
set ether5 disabled=no
set ether4 disabled=no
set ether3 disabled=no
set ether2 disabled=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/user aaa
set use-radius=yes