Thanks Rob, so I can ignore all the wiki instructions then and follow the script and read me?

Yes

I assume I don't want to use a dmz but put my vdsl router into dumb bridged modem mode?

Well that is usually better (when you don't want to be bitten by DMZ bugs), however that complicates things a little bit. Maybe it is better to make that your second experiment :-)

When you want to put the VDSL router in bridged mode, you probably also want the MikroTik to double-up as a NAT router for your normal internet use. In itself that is not a problem, it can do that. But it requires a little more study of the matter, especially when you want to be able to talk from AMPRnet to internet (no NAT) and at the same time want to talk from your RFC1918 LAN to internet using NAT.

This involves using "policy routing", i.e. two route tables, one for each usage, and "IP Route Rule" settings to select the proper routing table based on source address. Like this:

/ip route rule add src-address=44.x.x.x/28 table=ampr

then put all AMPRnet routes in the table "ampr". the normal table "main" has the "internet" routes. Traffic from your normal LAN (e.g. 192.168.88.x) to normal internet addresses is routed via the "main" table where there is a default route to your ISP, traffic from your AMPRnet network 44.x.x.x/28 is routed to the "ampr" table where there are the 600 or so tunnel routes and a default route pointing to amprgw.

You may also want to separate the LAN side in two different networks, either by reserving physical ports for each network or by using a tagged VLAN for one of the networks. Can be done as well.

Almost anything can be done using these routers. However, trying to do it all at once and finding out everything with your network lying in shambles because you re-configured your VDSL router to bridge mode at the same time is not the easiest way forward :-)

So, first experiment a bit with the modem in DMZ mode and the MikroTik behind it, find out how things operate, lock yourself out and find out how to recover, etc. Then you can more easily move on to a more complex configuration by adding the above mentioned things.

Rob