Thanks, I’ve just tried that but it didn’t work as expected. The MTU clamping is set to 64 cos that was the packet size that did not show up as corrupted in the Mikrotik ping tool. It is for testing purposes and should work well enough for ping messages.
I got rid of the ‘connection-mark=ipsec’ rules just to make sure that it didn’t make a difference but that did not help either.
I have the sense that this is a firewall issue so your suggestion strengthens my suspicion. I think it would be best to redesign the firewall rules offline, clear the current ones and load the new set. Any tips on what diagnostics I can perform?