/interface bridge add name=loopback
add address=10.22.22.1/24 interface=loopback network=10.22.22.0
/ip ipsec mode-config add address=10.22.22.2 name="My mc" split-include=10.22.22.1/32 system-dns=no
/ip ipsec policy group add name="My group"
/ip ipsec profile add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name="My profile"
/ip ipsec peer add exchange-mode=ike2 name="My server" passive=yes profile="My profile"
/ip ipsec proposal add auth-algorithms=sha256 enc-algorithms=aes-256-cbc name="My proposal" pfs-group=none
/ip ipsec identity add auth-method=digital-signature certificate="My server" generate-policy=port-strict mode-config="My mc" peer="My server" policy-template-group="My group" remote-id=ignore
/ip ipsec policy add comment="My policy" dst-address=10.22.22.2/32 group="My group" proposal="My proposal" src-address=10.22.22.1/32 template=yes

/ip ipsec mode-config add name="My mc" responder=no use-responder-dns=yes
/ip ipsec policy group add name="My group"
/ip ipsec profile add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name="My profile"
/ip ipsec peer add address=<hidden> exchange-mode=ike2 name="My peer" profile="My profile"
/ip ipsec proposal add auth-algorithms=sha256 enc-algorithms=aes-256-cbc name="My proposal" pfs-group=none
/ip ipsec identity add auth-method=digital-signature certificate="My client" generate-policy=port-strict mode-config="My mc" peer="My peer" policy-template-group="My group" remote-id=ignore
/ip ipsec policy add comment="My policy" dst-address=10.22.22.1/32 group="My group" proposal="My proposal" src-address=10.22.22.2/32 template=yes