Yep, its literally the same config I'm applying to either router minus the platform differences. I've hidden passwords and where my tunnel is to. I'm only using a one-armed deployment because 1Gbps is plenty for what I'm doing. The 192.168.36.0/22 route is routing to a dynamic address that is obtained when connecting to the tunnel.
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
/ppp profile
add change-tcp-mss=yes name=ovpn-encryption use-compression=no use-encryption=yes use-mpls=no
/interface ovpn-client
add cipher=aes128 connect-to=google.com max-mtu=1460 mode=ethernet name=ovpn-out1 password="12345" profile=ovpn-encryption user=ABCDEFG
/queue type
set 0 pfifo-limit=250
add kind=pfifo name=pfifo-2000 pfifo-limit=2000
/snmp community
set [ find default=yes ] addresses=192.168.35.20/32 name=NOPE
/system logging action
set 1 disk-file-name=log
/user group
add name=btest-group policy="test,winbox,!local,!telnet,!ssh,!ftp,!reboot,!read,!write,!policy,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp"
/ip firewall connection tracking
set enabled=no
/ip settings
set send-redirects=no
/interface detect-internet
set detect-interface-list=all
/ip address
add address=192.168.32.6/30 comment=FW1_eth1/3.2222 interface=ether1 network=192.168.32.4
/ip cloud
set update-time=no
/ip dns
set servers=192.168.35.20
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add distance=1 gateway=192.168.32.5
add distance=1 dst-address=192.168.32.0/22 gateway=192.168.32.5
add distance=1 dst-address=192.168.36.0/22 gateway=172.16.32.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb
set domain=kshome.local interfaces=ether1
/ip smb shares
set [ find default=yes ] directory=/pub
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/snmp
set enabled=yes trap-generators=interfaces trap-version=2
/system clock
set time-zone-name=America/Chicago
/system identity
set name=vpn1
/system logging
set 0 action=disk
set 1 action=disk
set 2 action=disk
set 3 action=disk
add action=disk topics=interface
add action=disk disabled=yes topics=ovpn
/system note
set note="*****************************************************************\r\
\n* !!!UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED!!! *\r\
\n* You must have explicit, authorized permission to access *\r\
\n* or configure this device. Unauthorized attempts and actions *\r\
\n* to access or use this system may result in civil and/or *\r\
\n* criminal penalties. All activities performed on this device * \r\
\n* are logged and monitored. *\r\
\n*****************************************************************"
/system ntp client
set enabled=yes primary-ntp=3.82.177.91 secondary-ntp=184.105.182.16
/tool graphing interface
add
/tool romon
set enabled=yes
/tool sniffer
set file-limit=50000KiB file-name=test.pcap filter-interface=ovpn-out1 \
memory-limit=200000KiB