as I go through the wiki it asks for more information than given and not sure if this is set up under ipsec or pptp?
Only IPsec. Nothing related to PPTP in the values given, so if they eventually explicitly asked for PPTP over IPsec, they have to provide username and password for the PPTP part. But it would be a surprise so I assume no one has mentioned PPTP.
The translation of the parameters you got from them is as follows:
Phase 1 -
/ip ipsec profile add name=phase1-companyX - this is a profile item to which an
/ip ipsec peer item refers, so it is best to create it before the
peer
AES128 SHA256 -
/ip ipsec profile set phase1-companyX enc-algorithm=aes-128 hash-algorithm=sha256
DH Group 5,14 -
/ip ipsec profile set phase1-companyX dh-group=modp1536,modp2048 - uncle Google helps here to understand what the pythic group numbers really mean
Key life 86400 -
/ip ipsec profile set phase1-companyX lifetime=1d
So in a single step (or when ticking choices in Winbox/WebFig):
/ip ipsec profile add name=phase1-companyX enc-algorithm=aes-128 hash-algorithm=sha256 dh-group=modp1536,modp2048 lifetime=1d
Phase 2 -
/ip ipsec proposal add name=phase2-companyX - this is a profile item to which an
/ip ipsec policy item refers, so it is best to create it before the
policy
AES128 SHA256 -
/ip ipsec proposal set phase2-company enc-algorithms=aes-128-cbc,aes-128-ctr,aes-128-gcm auth-algorithms=sha256
DH Group 5,14 -
/ip ipsec proposal set phase2-company pfs-group=modp2048 (here Mikrotik allows to choose only one so we take the stronger one)
Key life 43200 -
/ip ipsec proposal set phase2-company lifetime=12h
So in a single step (or when ticking choices in Winbox/WebFig):
/ip ipsec proposal add name=phase2-companyX enc-algorithms=aes-128-cbc,aes-128-ctr,aes-128-gcm auth-algorithms=sha256 pfs-group=modp2048 lifetime=12h
IKE Version 1 - this is expressed implicitly by the
/ip ipsec peer exchange-mode being set to any of (
main,
aggressive,
base)
WAN IP x.x.x.x -
/ip ipsec peer add name=peer-companyX profile=phase1-companyX address=x.x.x.x
Main Mode -
/ip ipsec peer set peer-companyX exchange-mode=main
Any peer - no idea what they mean
So in a single step (or when ticking choices in Winbox/WebFig):
/ip ipsec peer add name=peer-companyX profile=phase1-companyX address=x.x.x.x exchange-mode=main
Pre-shared key XXXXXXXXX -
/ip ipsec identity add peer=peer-companyX secret=XXXXXXXXX
Remote network y.y.y.y/32 (I've changed your original x.x.x.x to y.y.y.y here because it most likely differs from the WAN IP x.x.x.x in the peer settings).
This one needs more data because it depends on the network topology at your end and the network topology at their end.
An
/ip ipsec policy item includes a so-called
traffic selector which defines a single local subnet and a single remote subnet to be interconnected using that policy (both may be as small as a single address). However, if one of these is a private (RFC1918) subnet, you never know whether it is not used at the opposite end for another purpose, so activating such policy can cause trouble on the opposite end as it steals the traffic between the subnets there, because an active policy always wins over regular routing (and even if it doesn't, if two policies at one end have at least partially overlapping local subnets and at least partially overlapping remote subnets, there is also a conflict). So unless you own a public IP you can assign to your laptop for that purpose (which should be globally unique and thus not conflict with anything), you have to agree with them whether the private IP you choose doesn't conflict with one in their network; also, check whether the y.y.y.y/32 they gave you as the remote network at their end doesn't conflict with a private IP in your own network which the laptop needs to talk to.
No idea where else the laptop is going to be connected except to the Mikrotik, but the Mikrotik must have a route to the laptop's IP or they must share a subnet, and the laptop must have a route via the Mikrotik to the "remote network" (y.y.y.y) provided by that company. So in the simplest case, the Mikrotik will have a LAN interface with an IP address and a DHCP server providing a default gateway, and the laptop will be connected as a DHCP client to this Mikrotik's LAN and nowhere else. This will allow you to freely choose the IP subnet between the two as a non-conflicting one with that company's network and create a static lease for the laptop for address L.L.L.L (local). If so, the
/ip ipsec policy item will look as follows:
/ip ipsec policy add peer=peer-companyX src-address=L.L.L.L/32 dst-address=y.y.y.y/32 proposal=phase2-companyX tunnel=yes