/ip ipsec proposal
set auth-algorithms=sha256 enc-algorithms=\
aes-256-cbc,aes-256-ctr,aes-256-gcm
/ip address
add address=X.X.X.X interface=ether1 network=X.X.X.X
add address=X.X.X.X interface="MY_LAN" network=X.X.X.X
/ip firewall nat
add action=accept chain=srcnat dst-address=LAN ON THE SECOND SIDE OF THE TUNNEL src-address=\
MY_LAN
/ip ipsec peer
add address=SECOND ROUTER IP_WAN dh-group="ecp256,ecp384,ecp521,ec2n185,ec2n155,modp\
8192,modp6144,modp4096,modp3072,modp2048,modp1536,modp1024,modp768" \
dpd-interval=10s enc-algorithm=aes-256 exchange-mode=ike2 \
generate-policy=port-override hash-algorithm=sha256 notrack-chain=\
prerouting port=500 secret="x"
/ip ipsec policy
add dst-address=LAN ON THE SECOND SIDE OF THE TUNNEL sa-dst-address=SECOND ROUTER IP_WAN sa-src-address=\
MY_WAN src-address=MY_LAN tunnel=yes
