/interface bridge add name=bridge-LAN /interface ethernet set [ find default-name=ether1 ] comment=INTERNET-WAN set [ find default-name=ether2 ] comment=LAN set [ find default-name=ether5 ] poe-out=off /interface eoip add allow-fast-path=no comment="RB2 con SIM" local-address=10.108.1.1 \ mac-address=02:56:5E:5B:02:30 name="eoip sede2" remote-address=\ 10.10.118.1 tunnel-id=10 add allow-fast-path=no comment="RB3 con Hotspot" local-address=10.108.1.1 \ mac-address=02:56:5E:5B:02:22 name=eoip-sede3 remote-address=10.10.119.1 \ tunnel-id=20 add allow-fast-path=no comment="RB4 - Mario. hotspot + eth1" local-address=\ 10.108.1.1 mac-address=02:B2:AD:41:62:9A name=eoip-sede4 remote-address=\ 10.10.120.1 tunnel-id=30 add allow-fast-path=no comment="RB5 con Hotspot + ether1" local-address=\ 10.108.1.1 mac-address=02:56:5E:5B:02:30 name=eoip-sede5 remote-address=\ 10.10.121.1 tunnel-id=40 /ip pool add name=POOL-DHCP ranges=10.108.1.100-10.108.1.200 add name=pool-VPN ranges=172.16.26.100-172.16.26.110 /ip dhcp-server add address-pool=POOL-DHCP disabled=no interface=bridge-LAN lease-time=12h10m \ name=server-DHCP /ppp profile add change-tcp-mss=yes local-address=172.16.26.1 name=profile-vpn \ remote-address=pool-VPN use-encryption=yes /interface bridge port add bridge=bridge-LAN interface=ether2 add bridge=bridge-LAN interface=ether3 add bridge=bridge-LAN interface=ether4 add bridge=bridge-LAN interface=ether5 add bridge=bridge-LAN interface=wlan1 add bridge=bridge-LAN interface="eoip sede2" add bridge=bridge-LAN interface=eoip-sede3 add bridge=bridge-LAN interface=eoip-sede4 add bridge=bridge-LAN interface=eoip-sede5 /interface l2tp-server server set default-profile=profile-vpn enabled=yes ipsec-secret=xxxxxxxxx \ use-ipsec=yes /ip address add address=192.168.1.253/24 interface=ether1 network=192.168.1.0 add address=10.108.1.1/24 interface=bridge-LAN network=10.108.1.0 /ip dhcp-server network add address=10.108.1.0/24 dns-server=1.1.1.1,1.0.0.1 gateway=10.108.1.1 \ netmask=24 /ip dns set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8 /ip firewall filter add action=accept chain=forward connection-state=\ established,related,untracked add action=drop chain=forward connection-state=invalid /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 add action=masquerade chain=srcnat comment=vpn src-address=172.16.26.0/24 /ip route add distance=1 gateway=192.168.1.1 add comment="route sede2" distance=1 dst-address=10.10.118.0/24 gateway=\ 172.16.26.2 add comment="route sede3" distance=1 dst-address=10.10.119.0/24 gateway=\ 172.16.26.3 add comment="route sede4" distance=1 dst-address=10.10.120.0/24 gateway=\ 172.16.26.4 add comment="route sede5" distance=1 dst-address=10.10.121.0/24 gateway=\ 172.16.26.5 /ppp secret add name=sede2 password=m@rio_sede2 profile=profile-vpn remote-address=\ 172.16.26.2 add name=m@rio.client password=mario.client-2020 profile=profile-vpn add name=sede3 password=m@rio_sede3 profile=profile-vpn remote-address=\ 172.16.26.3 add name=sede4 password=m@rio_sede4 profile=profile-vpn remote-address=\ 172.16.26.4 add name=sede5 password=m@rio_sede5 profile=profile-vpn remote-address=\ 172.16.26.5 /system clock set time-zone-name=Europe/Rome /system identity set name=RB1_Server /system ntp client set enabled=yes primary-ntp=193.204.114.105