/ip firewall nat add chain=srcnat src-address=192.168.89.0/24 out-interface=ether1 action=masquerade comment="NAT VPN clients to internet"
/ip ipsec proposal add name=l2tp-proposal enc-algorithms=aes-256-cbc,aes-128-cbc auth-algorithms=sha256 pfs-group=modp1024 /ip ipsec profile set [ find default=yes ] proposal=l2tp-proposal mikrotik l2tp server setup full