Is there a way to reject new l2tp connection without ipsec?
I have l2tp over ipsec server with dynamic generating ipsec policy, but if the client is not configured ipsec policy, the server accepts the connection without encryption.
http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Apple_iOS_.28iPhone.2FiPad.29_Client
/ip firewall filter
add chain=input comment=established,related connection-state=established,related in-interface=WAN
add chain=input comment=ESP disabled=yes in-interface=WAN protocol=ipsec-esp
add chain=input comment=“UDP 500,4500” disabled=yes dst-port=500,4500 in-interface=WAN protocol=udp
add chain=input comment=“ipsec policy matcher” in-interface=WAN ipsec-policy=in,ipsec
add action=drop chain=input comment=“drop all” in-interface=WAN log=yes