I got ipsec up and running between two mikrotiks and everything works. I am trying to get a roku to use the remote gateway as the main internet. Wireguard does this perfectly on a pc but obviously cant install it on any streaming device. Trick netflix into thinking I’m streaming from my moms house 
remote router 192.168.1.1
my subnet is 192.168.230.0/24
address list I have some IP’s of streaming devices. I tried mangle and routes but nothing works.
Thanks for any help!
I’d suggest using IPsec policies on both routers - on local router policies with src-address the streaming devices, which should be routed through the tunnel, and on the remote router the other way around. Only exception on the remote router is that in this case policies with action=none shpuld be added for out-of-subnet local services. Config:
# Local router
/ip ipsec policy
add action=encrypt dst-address=0.0.0.0/0 src-address=192.168.230.a/32 tunnel=yes
add action=encrypt dst-address=0.0.0.0/0 src-address=192.168.230.b/32 tunnel=yes
...
# Remote router
/ip ipsec policy
add action=none dst-address=192.168.1.0/24 src-address=0.0.0.0/0
add action=none dst-address="LAN_subnet" src-address=0.0.0.0/0
add action=encrypt dst-address=192.168.230.a/32 src-address=0.0.0.0/0 tunnel=yes
add action=encrypt dst-address=192.168.230.b/32 src-address=0.0.0.0/0 tunnel=yes
...