I need to setup an IPSEC tunnel between a pfsense and a Mikrotik router. I have an engineer from pfsense available to assist but I also need assistance from an engineer who understand setting up an IPSEC tunnel (At least between 2 mikrotik routers. I will be hosting a webex session so we can access both and test. I am willing to pay $100 an hour for the assistance. I hope it will not go over 1 hour! 
Please call 415-233-8325 or email me at mgilbert@marinhd.com.
Iām only posting this because there havenāt been any replies - with a bit of luck you found someone to help you offline. Youāre offering very decent bounty. Had me tempted to bid, I have to admit.
I figured Iād post this anyway because someone might find the thread searching for something similar.
Really, this is very simple. The below assumes that the network behind the Mikrotik router is 192.168.0.0/24 and the network behind the pfsense box is 172.16.0.0/24. It also assumes that the public IP of the Mikrotik router is 1.1.1.1, and the public IP of the pfsense box is 2.2.2.2. The shared secret is āsecretā. Adjust all those values as required everywhere they appear below.
RouterOS configuration:
/ip ipsec peer
add address=2.2.2.2/32 port=500 auth-method=pre-shared-key secret="secret" dh-group=modp1024 dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des hash-algorithm=sha1 lifetime=1h proposal-check=obey
/ip ipsec proposal
name name="pfsense" auth-algorithm=sha1 enc-algorithm=3des lifetime=1h pfs-group=modp1024
/ip ipsec policy
add src-address=192.168.0.0/24 dst-address=172.16.0.0/24 sa-src-address=1.1.1.1 sa-dst-address=2.2.2.2 tunnel=yes action=encrypt proposal=pfsense ipsec-protocols=esp
/ip firewall nat
add place-before=0 chain=srcnat src-address=192.168.0.0/24 dst-address=172.16.0.0/24
/ip firewall filter
add place-before=0 chain=input action=accept protocol=udp dst-port=500 src-address=2.2.2.2
add place-before=0 chain=input action=accept protocol=ipsec-esp src-address=2.2.2.2
Then tell the pfsense guy that phase 1 is going to use sha1 for authentication, 3des for encryption, a lifetime of 1 hour, DH group 2, and dead peer detection (interval 2 minutes, failure after 10). Phase 2 uses sha1 for authentication, 3des for encryption, a lifetime of 1 hour, DH group 2 for PFS. Then just agree on the shared secret.
If the pfsense guy wants to adjust values for phase 1 look at the ā/ip ipsec peerā configuration. If he wants to adjust value for phase 2 look at the ā/ip ipsec proposalā configuration.
Hope that helps whoever reads this.