conn u06-chl2
  keyexchange=ikev2
  ike=aes128-sha1-modp2048
  esp=aes128-sha1
  leftid=1.1.1.1
  leftsubnet=10.255.255.251/32
  right=2.2.2.2
  rightsubnet=10.255.255.250/32
  authby=secret
  type=tunnel
  auto=start
  dpdtimeout=120
  dpdaction=restart
  closeaction=restart

1.1.1.1 2.2.2.2 : PSK "supeSecret"

network:
  version: 2
  dummy-devices:
    ipsec0:
      addresses: [ 10.255.255.251/32 ]

или временно:

ip link add ipsec0 type dummy
ip addr add 10.255.255.251 dev ipsec0
ip link set ipsec0 up

/ip ipsec profile add dh-group=modp2048 enc-algorithm=aes-128 name=s2s
/ip ipsec peer add address=1.1.1.1/32 exchange-mode=ike2 local-address=2.2.2.2 name=mt-ss passive=yes profile=s2s
/ip ipsec identity add generate-policy=port-strict notrack-chain=prerouting peer=mt-ss auth-method=pre-shared-key secret=superSecret
/interface bridge add fast-forward=no name=s2s port-cost-mode=short protocol-mode=none
/ip address add address=10.255.255.250 interface=s2s network=10.255.255.250
/ip firewall nat add action=src-nat chain=srcnat comment=mt-ss dst-address=10.255.255.251 to-addresses=10.255.255.250

network:
  version: 2
  tunnels:
    u06-chl2:
      mode: vxlan
      id: 250
      mtu: 1372
      port: 4789
      local: 10.255.255.251
      remote: 10.255.255.250
      addresses: [ 10.255.255.42/30 ]

или временно:

ip link add vxlan250 type vxlan id 250 remote 10.255.255.250 local 10.255.255.251 dstport 4789
ip addr add 10.255.255.42/30 dev vxlan250

  /interface/vxlan add name=vxlan250 port=4789 vni=250 mtu=1372 local-address=10.255.255.250
  /interface/vxlan/vteps add interface=vxlan250 remote-ip=10.255.255.251
  /ip/address/add interface=vxlan250 address=10.255.255.41/30