See my automatic signature - open a command line (ssh or [Terminal] in Winbox or WebFig), type /export hide-sensitive file=xyz (in RouterOS 7, hide-sensitive is the default behaviour so do not use it), then download file xyz.rsc and edit the identification information.
This is for CHR 1:
# oct/05/2022 19:39:25 by RouterOS 6.49.6
# software id =
#
#
#
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
/interface ipip
add local-address=xx.xx.xx.77 mtu=1500 name=ipip-tunnel1 remote-address=\
yy.yy.yy.62
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=vpn ranges=172.30.16.2-172.30.16.253
/ppp profile
set *0 change-tcp-mss=default dns-server=8.8.8.8 local-address=172.30.16.1 \
remote-address=vpn use-encryption=yes
/interface l2tp-server server
set default-profile=default enabled=yes use-ipsec=required
/interface ovpn-server server
set certificate=server cipher=blowfish128,aes128,aes256 enabled=yes port=443 \
require-client-certificate=yes
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=default enabled=\
yes
/ip address
add address=xx.xx.xx.77/23 interface=ether1 network=xx.xx.xx.0
add address=172.16.100.1/30 interface=ipip-tunnel1 network=172.16.100.0
add address=172.30.16.0/24 disabled=yes interface=ipip-tunnel1 network=\
172.30.16.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dns
set servers=4.2.2.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
# sstp-out1 not ready
add action=masquerade chain=srcnat out-interface=*15
/ip route
add distance=1 gateway=185.181.183.254
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox port=8899
set api-ssl disabled=yes
/ppp secret
add name=user1
This is CHR 2:
# oct/05/2022 19:39:53 by RouterOS 6.45.9185\.181\.182
# software id = G353-EXPG
#
#
#
/interface ethernet
set [ find default-name=ether1 ] name=ether2
/interface ipip
add local-address=yy.yy.yy.62 mtu=1500 name=ipip-tunnel1 remote-address=\
xx.xx.xx.77
/ip ipsec policy group
add name=ikev2
/ip ipsec profile
add dh-group=modp2048,modp1536,modp1024 enc-algorithm=aes-256,aes-192,aes-128 \
hash-algorithm=sha256 name=ikev2
/ip ipsec peer
add exchange-mode=ike2 name=ikev2 passive=yes profile=ikev2
/ip ipsec proposal
add auth-algorithms=sha512,sha256 enc-algorithms="aes-256-cbc,aes-256-ctr,aes-\
256-gcm,aes-192-cbc,aes-192-ctr,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-12\
8-gcm" name=ikev2
/ip pool
add name=vpn ranges=172.16.1.2-172.16.1.255
/ip ipsec mode-config
add address-pool=vpn address-prefix-length=29 name=cfg1 static-dns=\
8.8.8.8,8.8.4.4 system-dns=no51.68.218
/port
set 0 name=serial0
/ppp profile
add dns-server=8.8.8.8 local-address=172.16.1.1 name=vpn remote-address=vpn \
use-encryption=yes
/interface l2tp-server server
set default-profile=vpn enabled=yes max-mru=1400 max-mtu=1400 use-ipsec=\
required
/interface ovpn-server server
set certificate=server cipher=blowfish128,aes128,aes256 default-profile=vpn \
enabled=yes port=443
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=vpn enabled=yes \
max-mru=1400 max-mtu=1400
/interface sstp-server server
set certificate=SSTP-CA default-profile=vpn force-aes=yes
/ip address
add address=yy.yy.yy.62/27 interface=ether2 network=yy.yy.yy.32
add address=yy.yy.yy.62 interface=ether2 network=51.89.195.254
add address=172.16.100.2/30 interface=ipip-tunnel1 network=172.16.100.0
/ip cloud
set update-time=no
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=accept chain=input dst-port=2022 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat src-address=172.16.1.0/24
/ip firewall service-port
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
/ip ipsec identity
add auth-method=digital-signature certificate=server-ikev2 generate-policy=\
port-strict match-by=certificate mode-config=cfg1 peer=ikev2 \
policy-template-group=ikev2 remote-certificate=client-ikev2
/ip ipsec policy
set 0 dst-address=172.16.1.0/24 group=ikev2 proposal=ikev2 src-address=\
0.0.0.0/0
add dst-address=172.16.1.0/24 group=ikev2 proposal=ikev2 src-address=\
0.0.0.0/0 template=yes
/ip route
add distance=1 gateway=51.89.195.254
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add name=user profile=vpn
Please note that xx.xx.xx.77 is public ip address of CHR 1 and yy.yy.yy.62 is the public ip address of CHR 2.