This was a wrong photo from before.
I have setup the user with group um.
# mar/30/2023 15:30:08 by RouterOS 7.8
# software id = NJ8A-VBA7
#
# model = RB951G-2HnD
# serial number = DE350FF0BA12
/interface bridge
add name=LOOPBACK
add admin-mac=6C:3B:6B:DB:56:96 auto-mac=no comment=\
"created from master port" name=bridge1 protocol-mode=none
/interface ethernet
set [ find default-name=ether2 ] mac-address=6C:3B:6B:DB:56:96 name=\
"FIREBOX 1 - LAN 2" speed=100Mbps
set [ find default-name=ether3 ] mac-address=6C:3B:6B:DB:56:97 name=\
"FIREBOX 2 - LAN 3" speed=100Mbps
set [ find default-name=ether4 ] mac-address=6C:3B:6B:DB:56:98 name=\
"FIREBOX 3 - LAN 4" speed=100Mbps
set [ find default-name=ether5 ] mac-address=6C:3B:6B:DB:56:99 name=\
"SETUP - LAN 5" speed=100Mbps
set [ find default-name=ether1 ] mac-address=6C:3B:6B:DB:56:95 name=\
"WAN FBB - PORT 1" speed=100Mbps
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=HotSpot \
supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge \
name=wlan6 security-profile=HotSpot ssid=FireBOX
/ip hotspot profile
add dns-name=FireBox.net hotspot-address=192.168.88.1 login-by=http-chap \
name=HOTSPOT use-radius=yes
/ip pool
add name="dhcp HP" ranges=192.168.88.30-192.168.88.190
/ip dhcp-server
add address-pool="dhcp HP" bootp-support=dynamic interface=bridge1 \
lease-time=30m name="HOTSPOT LAN"
/ip hotspot
add address-pool="dhcp HP" addresses-per-mac=1 disabled=no idle-timeout=15m \
interface=bridge1 name=hotspot1 profile=HOTSPOT
/ip hotspot user profile
set [ find default=yes ] address-pool="dhcp HP" keepalive-timeout=15m name=\
HOTSPOT status-autorefresh=30s transparent-proxy=yes
add address-pool="dhcp HP" keepalive-timeout=15m name="Limit Free NET" \
rate-limit=400k status-autorefresh=30s transparent-proxy=yes
/queue simple
add limit-at=124k/2M max-limit=124k/2M name="Entertainment Limitation 2M No1" \
target=192.168.88.202/32
add limit-at=124k/2M max-limit=124k/2M name="Entertainment Limitation 2M No2" \
target=192.168.88.203/32
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
set 0 memory-lines=10000
set 3 remote=192.168.88.200
add name=WebProxy remote=192.168.88.200 target=remote
/user-manager profile
add name=200MB name-for-users=UM2 price=18
/user-manager user
add name=admin shared-users=2
/user-manager user group
add attributes="Mikrotik-Total-Limit:209715200 ,Mikrotik-Group:HOTSPOT" \
inner-auths=ttls-pap,ttls-chap,ttls-mschap1,ttls-mschap2,peap-mschap2 \
name="GROUP UM" outer-auths=\
pap,chap,mschap1,mschap2,eap-tls,eap-ttls,eap-peap,eap-mschap2
/user-manager user
add group="GROUP UM" name=UM490251
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface="FIREBOX 2 - LAN 3"
add bridge=bridge1 ingress-filtering=no interface="FIREBOX 3 - LAN 4"
add bridge=bridge1 ingress-filtering=no interface="SETUP - LAN 5"
add bridge=bridge1 ingress-filtering=no interface="FIREBOX 1 - LAN 2"
add bridge=bridge1 interface=wlan6
/ip neighbor discovery-settings
set discover-interface-list=discover
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add comment="To HotSpot LAN" interface=bridge1 list=LAN
add comment="To FBB" interface="WAN FBB - PORT 1" list=WAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.88.1/24 comment="FIREBOX ADDRESSES" interface=bridge1 \
network=192.168.88.0
add address=192.168.89.1 interface=LOOPBACK network=192.168.89.1
/ip dhcp-client
add comment="DHCP From FBB" interface="WAN FBB - PORT 1"
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1,192.168.88.1
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=input comment="drop all from wan" disabled=yes \
in-interface="WAN FBB - PORT 1"
add action=fasttrack-connection chain=forward comment=fasttrack \
connection-state=established,related disabled=yes hw-offload=yes
add action=accept chain=forward comment="accept established,related" \
connection-state=established,related
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established,related
add action=accept chain=input dst-port=443 protocol=tcp
add action=drop chain=input disabled=yes dst-port=8080 protocol=tcp \
src-address=192.168.88.200
add action=drop chain=input disabled=yes dst-port=8080 protocol=tcp \
src-address=192.168.88.201
add action=accept chain=input dst-port=8728 protocol=tcp
add action=accept chain=input protocol=tcp src-port=8728
add action=accept chain=input dst-port=3799 protocol=tcp
add action=accept chain=input protocol=tcp src-port=3799
add action=accept chain=input protocol=tcp src-address=127.0.0.1
add action=accept chain=input dst-address=192.168.89.1 protocol=tcp
add action=accept chain=input protocol=tcp src-address=192.168.89.1
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=drop chain=forward comment="drop all from wan not dstnated" \
connection-nat-state=!dstnat connection-state=new in-interface=\
"WAN FBB - PORT 1"
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface="WAN FBB - PORT 1"
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.88.0/24
add action=redirect chain=dstnat dst-port=80 protocol=tcp to-ports=8080
/ip hotspot ip-binding
add address=192.168.88.200 type=bypassed
add address=192.168.88.201 type=bypassed
add address=192.168.88.202 type=bypassed
add address=192.168.88.203 type=bypassed
/ip hotspot user
add name=admin
add name=master profile="Limit Free NET"
/ip proxy
set cache-administrator=ikarantanis@gr09.gr cache-on-disk=yes cache-path=usb1 \
enabled=yes max-cache-object-size=524288000KiB
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/16
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/ipv6 nd
set [ find default=yes ] advertise-dns=no
/radius
add address=192.168.89.1 comment=RADIUS service=hotspot
/radius incoming
set accept=yes
/system clock
set time-zone-name=Europe/Athens
/system identity
set name=DEMO_FIREBOX
/system logging
add action=WebProxy prefix=Proxy topics=web-proxy
/system scheduler
add interval=12h name=SendLogsViaMail on-event=SendLogsViaMail policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=aug/21/2017 start-time=12:00:00
add interval=10m name=readyVoucher on-event=readyVoucher policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=oct/25/2017 start-time=22:31:18
/system script
add dont-require-permissions=no name=SendLogsViaMail owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
log print file=([/system identity get name].\"Log\");\r\
\n:delay 10;\r\
\n/system logging action set memory memory-lines=1\r\
\n/system logging action set memory memory-lines=10000\r\
\n:log info (\"System log file created\")\r\
\n:log info (\"System logs cleared\")\r\
\n/tool e-mail send from=\"giannis.karantanis.82@gmail.com\" to=\"giannis.\
karantanis.82@gmail.com\" subject=([/system identity get name].\" Log\") f\
ile=([/system identity get name].\"Log\".\".txt\");\r\
\n:delay 10;\r\
\n:log info (\"System log email sent\")\r\
\n/file rem ([/system identity get name].\"Log\".\".txt\");\r\
\n:delay 10;\r\
\n:log info (\"System log file removed\")"
add dont-require-permissions=no name=readyVoucher owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
local thisDate\r\
\n:local thisYear\r\
\n:local thisDay\r\
\n:local thisMonth\r\
\n:local thisTime\r\
\n:local thisTime1\r\
\n:local thisTime2\r\
\n:set thisDate [/ system clock get date]\r\
\n:set thisTime [/ system clock get time]\r\
\n:set thisYear [:pick \$thisDate 7 11]\r\
\n :if (\$thisYear > \"2010\") do={ \r\
\n :set thisDay [:pick \$thisDate 4 6]\r\
\n :set thisMonth [:pick \$thisDate 0 3]\r\
\n :set thisTime1 [:pick \$thisTime 0 2]\r\
\n :set thisTime2 [:pick \$thisTime 3 5]\r\
\n :if (\$thisMonth = \"jan\") do={ :set thisMonth \"01\" }\r\
\n :if (\$thisMonth = \"feb\") do={ :set thisMonth \"02\" }\r\
\n :if (\$thisMonth = \"mar\") do={ :set thisMonth \"03\" }\r\
\n :if (\$thisMonth = \"apr\") do={ :set thisMonth \"04\" }\r\
\n :if (\$thisMonth = \"may\") do={ :set thisMonth \"05\" }\r\
\n :if (\$thisMonth = \"jun\") do={ :set thisMonth \"06\" }\r\
\n :if (\$thisMonth = \"jul\") do={ :set thisMonth \"07\" }\r\
\n :if (\$thisMonth = \"aug\") do={ :set thisMonth \"08\" }\r\
\n :if (\$thisMonth = \"sep\") do={ :set thisMonth \"09\" }\r\
\n :if (\$thisMonth = \"oct\") do={ :set thisMonth \"10\" }\r\
\n :if (\$thisMonth = \"nov\") do={ :set thisMonth \"11\" }\r\
\n :if (\$thisMonth = \"dec\") do={ :set thisMonth \"12\" }\r\
\n :set thisDate (\$thisYear.\$thisMonth.\$thisDay.\$thisTime1.\$thisTime2\
)\r\
\n :local users [/ip hotspot user find]\r\
\n :local i\r\
\n :local expirationDate\r\
\n :foreach i in=\$users do={\r\
\n :set expirationDate [/ ip hotspot user get \$i comment]\r\
\n :if ([:len \$expirationDate] = 12) do={\r\
\n :local expNum [:tonum \$expirationDate]\r\
\n :local thisNum [:tonum \$thisDate]\r\
\n :if (([:typeof \$expNum] = \"num\") and(\$expNum < \$thisNum)) do={\r\
\n :local userName [/ip hotspot user get \$i name]\r\
\n :local activeUser [/ip hotspot active find where user=\$userName]\r\
\n /ip hotspot user remove \$i\r\
\n /ip hotspot active remove \$activeUser\r\
\n :log info \"Detected readyVoucher hotspot expired user\"\r\
\n }\r\
\n }\r\
\n :delay 0.5s\r\
\n }\r\
\n}\r\
\n"
/tool e-mail
set address=64.233.166.108 from=giannis.karantanis.82@gmail.com port=587 tls=\
starttls user=giannis.karantanis.82@gmail.com
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
/user-manager
set certificate=*0 enabled=yes use-profiles=yes
/user-manager router
add address=192.168.89.1 name=DEMO_FIREBOX
/user-manager user-profile
add profile=200MB user=UM490251