====== Mikrotik L2TP IPSec ======
/ip pool add name=pool1 ranges=172.16.1.100-172.16.1.200
/ppp profile add dns-server=10.1.0.2 local-address=10.1.0.1 name=profile1 remote-address=pool1
/ppp secret add name= password= profile=profile1 remote-address=172.16.1.10 service=l2tp
/interface l2tp-server server set authentication=mschap2 default-profile=profile1 enabled=yes ipsec-secret="" use-ipsec=required
/interface l2tp-server add name=l2tp-in1 user=
/ip ipsec proposal add auth-algorithms=sha512 enc-algorithms=aes-256-cbc name=proposal1 pfs-group=modp8192
/ip ipsec policy add dst-address=0.0.0.0/0 proposal=proposal1 src-address=10.1.0.0/24 template=yes
/ip ipsec profile add dh-group=modp8192 enc-algorithm=aes-256 name=profile1
/ip route add comment=ClientSiteNetwork1 distance=1 dst-address=10.0.0.0/24 gateway=172.16.1.10
/ip route add comment=ClientSiteNetwork2 distance=1 dst-address=10.0.1.0/24 gateway=172.16.1.10
/ip firewall filter add action=drop chain=forward in-interface=!ether4 out-interface=l2tp-in1
/ip firewall filter add action=drop chain=forward in-interface=l2tp-in1 out-interface=!ether4
/interface l2tp-client add connect-to= disabled=no ipsec-secret="" name=l2tp-out1 password= use-ipsec=yes user=
/ip route add comment=ServerSideNetwork distance=1 dst-address=10.1.0.0/24 gateway=10.1.0.1