/interface bridgeadd fast-forward=no name=Lo/interface l2tp-clientadd allo

1. /interface bridge
2. add fast-forward=no name=Lo
3. /interface l2tp-client
4. add allow=mschap1,mschap2 connect-to=195.181.208.75 disabled=no max-mru=1500 \
5. max-mtu=1500 mrru=1600 name=MARA use-ipsec=yes user=GABAZITA
6. /ip pool
7. add name=L2TP ranges=172.16.121.2-172.16.121.254
8. /ppp profile
9. add local-address=172.16.121.1 name=L2TP remote-address=L2TP
10. /routing bgp instance
11. set default as=65531 router-id=100.100.100.2
12. /routing ospf instance
13. set [ find default=yes ] router-id=100.100.100.2
14. /user group
15. set read policy="local,telnet,read,test,winbox,!ssh,!ftp,!reboot,!write,!polic\
16. y,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp"
17. /ip neighbor discovery-settings
18. set discover-interface-list=all
19. /interface l2tp-server server
20. set authentication=mschap1,mschap2 default-profile=L2TP enabled=yes max-mru=\
21. 1500 max-mtu=1500 mrru=1600
22. /ip address
23. add address=80.211.23.155/24 interface=ether1 network=80.211.23.0
24. add address=100.100.100.2 interface=Lo network=100.100.100.2
25. /ip dhcp-client
26. add disabled=no interface=ether2
27. /ip dns
28. set cache-max-ttl=1d servers=8.8.8.8
29. /ip firewall filter
30. add action=add-src-to-address-list address-list=SCANPROXY \
31. address-list-timeout=none-dynamic chain=input connection-state=new \
32. dst-port=1080,8080,8081 in-interface=ether1 protocol=tcp
33. add action=drop chain=input in-interface=ether1 src-address-list=SCANPROXY
34. add action=accept chain=input connection-state=established,related,untracked
35. add action=accept chain=input dst-port=646 in-interface=all-ppp protocol=tcp
36. add action=accept chain=input dst-port=179 protocol=tcp
37. add action=jump chain=input jump-target=icmp protocol=icmp
38. add action=accept chain=input comment=Admin connection-state=new \
39. src-address-list=Admin
40. add action=accept chain=input connection-state=new dst-port=8291 log=yes \
41. protocol=tcp
42. add action=accept chain=input connection-state=new dst-port=1701,500,4500 \
43. protocol=udp
44. add action=accept chain=input connection-state=new protocol=ipsec-esp
45. add action=accept chain=input connection-state=new in-interface=all-ppp \
46. protocol=ospf
47. add action=accept chain=input connection-state=new in-interface=all-ppp
48. add action=drop chain=input
49. add action=accept chain=forward connection-state=established,related
50. add action=jump chain=forward jump-target=icmp protocol=icmp
51. add action=accept chain=forward connection-state=new in-interface=all-ppp \
52. out-interface=ether1
53. add action=accept chain=forward connection-state=new in-interface=all-ppp
54. add action=accept chain=forward connection-nat-state=dstnat
55. add action=drop chain=forward
56. add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=\
57. icmp
58. add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 \
59. protocol=icmp
60. add action=accept chain=icmp comment="host unreachable" icmp-options=3:1 \
61. protocol=icmp
62. add action=accept chain=icmp comment=\
63. "host unreachable fragmentation required" icmp-options=3:4 protocol=icmp
64. add action=accept chain=icmp comment="allow source quench" icmp-options=4:0 \
65. protocol=icmp
66. add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 \
67. protocol=icmp
68. add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 \
69. protocol=icmp
70. add action=accept chain=icmp icmp-options=12:0 protocol=icmp
71. add action=drop chain=icmp comment="deny all other types"
72. /ip firewall nat
73. add action=masquerade chain=srcnat out-interface=ether1
74. /ip firewall service-port
75. set ftp disabled=yes
76. set tftp disabled=yes
77. set irc disabled=yes
78. set h323 disabled=yes
79. set sip disabled=yes
80. set pptp disabled=yes
81. set udplite disabled=yes
82. set dccp disabled=yes
83. set sctp disabled=yes
84. /ip ipsec peer
85. add address=0.0.0.0/0 dh-group=modp1024 enc-algorithm=aes-256,aes-128 \
86. exchange-mode=main-l2tp generate-policy=port-override passive=yes \
87. send-initial-contact=no
88. /ip route
89. add distance=1 gateway=80.211.23.1
90. /ip service
91. set telnet disabled=yes
92. set ftp disabled=yes
93. set www disabled=yes
94. set ssh disabled=yes
95. set api disabled=yes
96. set api-ssl disabled=yes
97. /mpls ldp
98. set enabled=yes lsr-id=100.100.100.2 transport-address=100.100.100.2
99. /mpls ldp interface
100. add interface=MARA
101. /ppp secret
102. add name=test profile=L2TP service=l2tp
103. add name=ppp1 profile=L2TP service=l2tp
104. /routing bgp instance vrf
105. add redistribute-connected=yes redistribute-static=yes routing-mark=GABAZITA
106. /routing bgp peer
107. add address-families=ip,l2vpn,vpnv4 multihop=yes name=MARA remote-address=\
108. 100.100.100.100 remote-as=65530 remove-private-as=yes route-reflect=yes \
109. ttl=default update-source=Lo
110. /routing ospf network
111. add area=backbone network=100.100.100.2/32
112. add area=backbone network=172.16.120.0/24
113. add area=backbone network=172.16.121.0/24
114. /system identity
115. set name=GABAZITA