Например для wireguard импорт настроек на mikrotik
LocalToWireGuardList - лист локальные адресов
WireGuardList - лист адресов куда перенаправлять трафик через wireguard.
Адаптировать можно под свои потребности как удобно
От версии RouterOS может ругаться на те или иные параметры. Например в 7.10 нельзя задать имя wg peer
/interface wireguard add name=WireGuard-out private-key="-----PrivateKey FROM DOWNLOAD FILE INSERT HERE" listen-port=8229 mtu=1342
/interface wireguard peers add allowed-address=0.0.0.0/0,::/0 endpoint-address="-----Endpoint" endpoint-port="-----EndpointPort" interface=WireGuard-out name=WireGuard-peer persistent-keepalive=30s preshared-key="-----PRESHARED FROM DOWNLOAD FILE INSERT HERE" public-key="-----PublicKey FROM DOWNLOAD FILE INSERT HERE"
/ip address add address="-----Address from file" interface=WireGuard-out
/interface list member add interface=WireGuard-out list=WAN
/routing table add name=to-WireGuard fib
/ip firewall address-list add address=192.168.88.0/24 list=LocalToWireGuardList
/ip firewall address-list add address=chatgpt.com list=WireGuardList
/ip firewall mangle add action=mark-connection chain=prerouting src-address-list=LocalToWireGuardList new-connection-mark=to-WireGuard passthrough=yes
/ip firewall mangle add chain=prerouting src-address-list=LocalToWireGuardList dst-address-list=WireGuardList action=mark-routing new-routing-mark=to-WireGuard passthrough=yes
/ip route add routing-table=to-WireGuard dst-address=0.0.0.0/0 gateway=WireGuard-out comment="to-WireGuard"
/ip firewall mangle add action=change-mss chain=forward new-mss=1360 passthrough=yes protocol=tcp connection-mark=to-WireGuard tcp-flags=syn tcp-mss=!0-1375
/ip firewall nat add action=masquerade chain=srcnat out-interface=WireGuard-out
