# === MikCloud (ROS v6): connect VPN & enable API-SSL (8729) ===
/interface sstp-client
:if ([/interface sstp-client find name="rtr-7b6pttvu"] = "") do={
  add name="rtr-7b6pttvu" connect-to=grus.s-net.id user="rtr-7b6pttvu" password="TAAU2ifa6bEP81" add-default-route=no disabled=no
} else={
  set [find name="rtr-7b6pttvu"] connect-to=grus.s-net.id user="rtr-7b6pttvu" password="TAAU2ifa6bEP81" disabled=no
}
:delay 3
:if ([:len [/certificate find where name="mc-ca"]] = 0) do={
  /certificate add name=mc-ca common-name=mc-ca key-usage=key-cert-sign,crl-sign,tls-server
  /certificate sign mc-ca name=mc-ca
}
/certificate set [find where name="mc-ca"] trusted=yes
/ip service set api disabled=no port=8728
/ip service set api-ssl disabled=no certificate=mc-ca port=8729
/ip firewall filter add chain=input in-interface=mc-tunnel protocol=tcp dst-port=8728 action=accept comment="MikCloud API 8728 via VPN"
/ip firewall filter add chain=input in-interface=mc-tunnel protocol=tcp dst-port=8729 action=accept comment="MikCloud API-SSL 8729 via VPN"
#OK