# skrip otomatis hapus jika ada settingan lama
/tool netwatch remove [find comment="MyTunnel-DNS"]
/ip firewall nat remove [find comment="MyTunnel-DNS"]
/ip firewall mangle remove [find comment="MyTunnel-DNS"]
/ip route remove [find comment="MyTunnel-DNS"]
/interface ovpn-client remove [find comment="MyTunnel-DNS"]
/interface sstp-client remove [find comment="MyTunnel-DNS"]
/interface l2tp-client remove [find comment="MyTunnel-DNS"]
/interface pptp-client remove [find comment="MyTunnel-DNS"]

# pasang vpn client
/interface l2tp-client
add connect-to=194.233.71.185 disabled=no name=MyTunnel-DNS password=tunnel.my.id user=dns comment="MyTunnel-DNS"

# pasang nat ke vpn
/ip firewall nat add chain=srcnat out-interface=MyTunnel-DNS action=masquerade comment="MyTunnel-DNS"

# bikin mangle khusus traffic dns
/ip firewall mangle add action=mark-routing chain=output     protocol=udp dst-port=53 new-routing-mark=toDNS passthrough=no comment="MyTunnel-DNS"  
/ip firewall mangle add action=mark-routing chain=prerouting protocol=udp dst-port=53 new-routing-mark=toDNS passthrough=no comment="MyTunnel-DNS"

# route ip khusus dns ke vpn
/ip route add check-gateway=ping distance=1 gateway=10.0.32.1 routing-mark=toDNS comment="MyTunnel-DNS"

# netwatch agar vpn tidak dc
/tool netwatch add host=10.0.32.1 comment="MyTunnel-DNS"

# hapus cache dns di mikrotik
/ip dns cache flush

# set dns mikrotik ke cloudflare (silahkan rubah sesuai kebutuhan)
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1

# done