/interface bridgeadd name=VLAN10-VPN protocol-mode=noneadd name=VLAN20-LOCAL

1. /interface bridge
2. add name=VLAN10-VPN protocol-mode=none
3. add name=VLAN20-LOCAL protocol-mode=none
4. /interface ethernet
5. set [ find default-name=ether1 ] name=ether1-gateway
6. set [ find default-name=ether2 ] name=ether2-gateway2
7. set [ find default-name=ether3 ] name=ether3-TRUNK
8. set [ find default-name=ether4 ] name=ether4-VPN
9. set [ find default-name=ether5 ] name=ether5-LOCAL
10. /interface pppoe-client
11. add add-default-route=yes disabled=no interface=ether1-gateway max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out1 password=antel user=antel
12. add add-default-route=yes default-route-distance=1 disabled=no interface=ether2-gateway2 name=pppoe-out2 password=antel user=antel
13. /interface vlan
14. add interface=ether3-TRUNK name=LOCAL vlan-id=20
15. add interface=ether3-TRUNK name=VPN vlan-id=10
16. /ppp profile
17. add change-tcp-mss=yes local-address=10.11.19.2 name=OPENVPN remote-address=10.11.19.1
18. /interface ovpn-client
19. add certificate="saeta (1).crt_0" cipher=aes128 connect-to=190.64.65.123 mac-address=02:E9:30:F3:7A:33 name=ovpn-out1 port=1195 profile=OPENVPN user=saeta
20. /interface bridge port
21. add bridge=VLAN10-VPN interface=VPN
22. add bridge=VLAN20-LOCAL interface=LOCAL
23. add bridge=VLAN10-VPN interface=ether4-VPN
24. add bridge=VLAN20-LOCAL interface=ether5-LOCAL
25. /ip address
26. add address=10.2.10.1/24 interface=VLAN10-VPN network=10.2.10.0
27. add address=10.2.255.1/24 interface=VLAN10-VPN network=10.2.255.0
28. /ip firewall filter
29. add action=accept chain=input src-address=190.64.65.123
30. add action=accept chain=output
31. add action=accept chain=forward comment="default configuration"
32. add action=drop chain=input comment="default configuration" connection-state=new in-interface=pppoe-out1
33. add action=drop chain=input connection-state=new in-interface=pppoe-out2
34. add action=accept chain=input comment="default configuration" connection-state=invalid,established,related,new
35. /ip firewall nat
36. add action=dst-nat chain=dstnat dst-port=12345-12350 protocol=udp to-addresses=10.2.255.10 to-ports=12345-12350
37. add action=masquerade chain=srcnat comment="default configuration" out-interface=pppoe-out1
38. add action=masquerade chain=srcnat out-interface=pppoe-out2
39. /ip route
40. add distance=1 dst-address=10.11.0.0/20 gateway=ovpn-out1
41. /routing igmp-proxy interface
42. add
43. add alternative-subnets=224.0.0.0/4,169.254.0.0/16,10.2.10.0/24 interface=ether2-gateway2 upstream=yes
44. /system clock
45. set time-zone-name=America/Montevideo