We have L2TP/IPsec working here for a couple of hundreds road warriors without any problems.
The clients are Windoze laptops, Macs with a variety of OS versions includiing sierra, Linux machines, iPhones, iPads, Android phones and tablets.
Here’s our proven working config:
/ip ipsec mode-config
add address-pool="VPN guests" name="vpn Guests" split-include=<all our relevant subnets>
/ip ipsec policy group
add name="VPN guests"
/ip ipsec proposal
add enc-algorithms=aes-256-cbc,aes-256-ctr,3des name=l2tp-proposal pfs-group=none
/ip ipsec peer
add address=0.0.0.0/0 comment="L2tp " enc-algorithm=3des exchange-mode=main-l2tp generate-policy=port-override secret=<a secret of your choice>
/ip ipsec policy
add dst-address=0.0.0.0/0 proposal=l2tp-proposal src-address=0.0.0.0/0 template=yes
/ip pool
add name="VPN guests" ranges=192.168.168.1-192.168.169.254
/ppp profile
add change-tcp-mss=yes dns-server=<our local DNS servers> local-address="VPN guests" name=l2tp-profile remote-address="VPN guests"
/ip firewall filter
add chain=input comment=IKEandL2TP dst-address-list=myWANips dst-port=1701,500,4500 protocol=udp
add chain=input comment=IPsec dst-address-list=myWANips protocol=ipsec-esp
add chain=input comment=IPsec dst-address-list=myWANips protocol=ipsec-ah
Hope, that helps.
-Chris