This shows how a precise wording is important for understanding 
Iāve also learned something new, my colleagues kept telling me that Mikrotik was bad for not supporting /31 networks as OSPF ādidnāt work on that āemulationā of /31 subnets using one /32 as the address and another /32 as the networkā. Based on your description, I will have to revisit the topic with them.
The only cheer up I can give you is that there is at least the MPPE for the non-OSPF traffic.
This cannot be resolved by using āwiderā policies for the IKEv2 sessions, but you can enable the āautomaticā IPsec encryption of the L2TP control&transport packets for all links, not just the AT&T ones. Or, if you donāt like IKE(v1) and/or the pre-shared key authentication, you can use IKEv2 with some more advanced authentication setup to encrypt the L2TP C&T packets instead, but youād have to configure it manually.
It seems the need to talk became less urgent as the misunderstandings have been clarified by now, but still no problem. Since DM is long disabled here, use this. Your 9-12 AM maps to my 6-9 PM so not a big deal; if you are an owl, your 11PM-1AM is my 8-10 AM, also not a big deal.