# sep/04/2016 21:33:05 by RouterOS 6.34.4
# software id = 1654-R71G
#
/interface lte
set [ find ] disabled=yes mac-address=1C:49:7B:5E:4F:4B name=lte1
/interface bridge
add admin-mac=6C:3B:6B:3B:15:65 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
MikroTik-3B1569 wireless-protocol=802.11
/ip neighbor discovery
set ether1 discover=no
set bridge comment=defconf
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/queue simple
add disabled=yes name=queue1 target=8.8.8.8/32
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
/interface l2tp-server server
set enabled=yes ipsec-secret= use-ipsec=yes
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2-master network=\
192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=lte1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="defconf: accept ICMP" in-interface=lte1 protocol=icmp
add chain=input comment="defconf: accept establieshed,related" \
connection-state=established,related
add chain=input protocol=icmp
add chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop all from WAN" disabled=yes \
in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid disabled=yes
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new disabled=yes in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=\
ether1
add action=masquerade chain=srcnat out-interface=lte1
/ppp secret
add name=vpn password=
/system clock
set time-zone-name=Europe/Samara
/system routerboard settings
set cpu-frequency=650MHz protected-routerboot=disabled
/system watchdog
set automatic-supout=no watch-address=8.8.8.8 watchdog-timer=no
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge
# software id = 1654-R71G
#
/interface lte
set [ find ] disabled=yes mac-address=1C:49:7B:5E:4F:4B name=lte1
/interface bridge
add admin-mac=6C:3B:6B:3B:15:65 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
MikroTik-3B1569 wireless-protocol=802.11
/ip neighbor discovery
set ether1 discover=no
set bridge comment=defconf
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/queue simple
add disabled=yes name=queue1 target=8.8.8.8/32
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
/interface l2tp-server server
set enabled=yes ipsec-secret= use-ipsec=yes
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2-master network=\
192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=lte1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="defconf: accept ICMP" in-interface=lte1 protocol=icmp
add chain=input comment="defconf: accept establieshed,related" \
connection-state=established,related
add chain=input protocol=icmp
add chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop all from WAN" disabled=yes \
in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid disabled=yes
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new disabled=yes in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=\
ether1
add action=masquerade chain=srcnat out-interface=lte1
/ppp secret
add name=vpn password=
/system clock
set time-zone-name=Europe/Samara
/system routerboard settings
set cpu-frequency=650MHz protected-routerboot=disabled
/system watchdog
set automatic-supout=no watch-address=8.8.8.8 watchdog-timer=no
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge