Mikrotik IPsec tunnel site to site

First part of ipsec site2site VPN

This setup is done on Mikrotik (or any similar router side)

/certificate import server-cert.pem
/ip ipsec profile add name=vpn_profile hash-algorithm=sha256 dh-group=modp1024,modp3072,ecp256 enc-algorithm=aes-256,aes-192 proposal-check=obey
/ip ipsec proposal add name=vpn_proposal auth-algorithms=sha256 enc-algorithms=aes-128-cbc,aes-128-gcm pfs-group=ecp256
/ip ipsec peer add name=vpn_peer address=vpn.address.com exchange-mode=ike2 profile=vpn_profile
/certificate import file-name=server-cert.pem
/ip ipsec identity add peer=vpn_peer auth-method=eap eap-methods=eap-mschapv2 remote-certificate=server-cert.pem_0 username=name password=pass
/ip ipsec policy add src-address=192.168.23.0/24 src-port=any dst-address=192.168.2.0/24 dst-port=any tunnel=yes action=encrypt proposal=rum_proposal peer=rum_peer level=unique ipsec-protocols=esp

MIkrotik CLI ipsec cheat sheet

/ip ipsec policy print
/ip ipsec policy group print
/ip ipsec peer print
/ip ipsec proposal print
/ip ipsec profile print
/ip address
/ip ipsec mode-config
/ip ipsec peer
/ip ipsec profile
/ip ipsec proposal
/ip ipsec identity
/ip pool
/ip firewall nat
/interface