I figured out how to fix this based on taylorc’s post in this thread http://forum.mikrotik.com/t/route-outside-a-0-0-0-0-0-ipsec-tunnel/26391/1
add an ipsec policy
src address= Mikrotik LAN interface, i.e. 192.168.1.1
dst address= LAN network, i.e. 192.168.1.0/24
protocol= all
action= none
level= require
ipsec protocols= esp
tunnel= NO
I added the above policy in winbox, but you need to then make it the first policy by opening a terminal
in terminal type:
/ip ipsec policy
move 1 0
assuming you previously only had 1 policy, it moves your new policy to be #0 (top).