Network administration

How to configure mikrotik to receive internet via VPN?

config:
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] arp=proxy-arp comment=LAN
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
set [ find default-name=ether6 ] master-port=ether2
set [ find default-name=ether7 ] master-port=ether2
/ip neighbor discovery
set ether1 comment=WAN
set ether2 comment=LAN
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management -protection=\
allowed mode=dynamic-keys name=profile1 supplicant-identity="" \
wpa-pre-shared-key=****************************** wpa2-pre-shared-key=*************************
/interface wireless
set [ find default-name=wlan1 ] disabled=no l2mtu= 2290 mode=ap-bridge \
security-profile=profile1 ssid=Sakhmedpom3 wds-mode=dynamic
/ip ipsec proposal
add auth-algorithms=md5 enc-algorithms=des,3des name=proposal1 pfs-group=\
modp768
/ip pool
add name=pool1 ranges=192.168.2.100-192.168.2.200
/ip dhcp-server
add address-pool=pool1 disabled=no interface=bridge1 lease-time=3d name=server1
/port
set 0 name=serial0
/ppp profile
set [ find name=default ] name=default
set [ find name=default-encryption ] name=default-encryption
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=wlan1
/ip address
add address=192.168. 2.1/24 interface=bridge1 network=192.168.2.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=ether1
/ip dhcp-server config
set store-leases-disk =never
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=192.168.7.1,8.8.8.8 gateway=192.168.2.1 \
netmask=24
/ip dns
set servers=192.168.7.1
/ip firewall filter
add chain=input log=yes
/ip firewall nat
add chain=srcnat dst-address=192.168.7.0/24 log=yes src-address=192.168.2.0/24
add action=masquerade chain=srcnat log=yes out-interface= ether1
/ip ipsec peer
add address=188.***************/32 dh-group=modp768 enc-algorithm=des,3des \
hash-algorithm=md5 nat-traversal=no secret=** *************************
/ip ipsec policy
add dst-address=192.168.7.0/24 proposal=proposal1 sa-dst-address=\
188** ********** sa-src-address=10.********** src-address=192.168.2.0/24 \
tunnel=yes
/ip route
add distance=1 dst-address= 192.168.7.0/24 gateway=ether1
Networks 2.0 and 7.0 see each other.
The Internet comes from the router 192.168.7.1 .
Everything is set up fine on it, the rest of the points receive the Internet via vpn.
Devices for Mikrotik go to the Internet along the route from the provider, which receives via dhcp.
I try to add a route 0.0.0.0\0 and specify the ip of the router from the network 7.0 writes on the unreachable interface.
I tried to mark network traffic 192.168.2.0 and added a route for it. Nothing happens.
I deleted the route from the provider, then there is no connection between subnets 2.0 and 7.0
How to add a route correctly so that the Internet is available on the network for mikrotik?