L2TP IPsec doesn't work from other city

RouterOS Beginner Basics
1

I have a well working L2TP IPsec connection from any mobile or desktop client to my RB2011UiAS-2HnD-IN (RouterOS v6.30.2). It works when I connect through any mobile or stationary ISP within my city. The log looks approximately so:

ipsec, error key length mismatched, mine:128 peer:256.
ipsec, error authtype mismatched: my:hmac-sha1 peer:hmac-md5
l2tp, info first L2TP UDP packet received from X.X.X.X
l2tp, ppp, info, account MyUser logged in, 192.168.111.246
l2tp, ppp, info : authenticated
l2tp, ppp, info : connected
l2tp, ppp, info : terminating… - peer is not responding
l2tp, ppp, info, account MyUser logged out, 165 157 168 26 15
l2tp, ppp, info : disconnected

Some days ago I attempted to connect from other city: through one mobile and one stationary ISP. The connection didn’t succeed, and log contained only one line:

l2tp, info first L2TP UDP packet received from Y.Y.Y.Y

or such lines:

ipsec, error key length mismatched, mine:128 peer:256.
ipsec, error authtype mismatched: my:hmac-sha1 peer:hmac-md5
l2tp, info first L2TP UDP packet received from Y.Y.Y.Y
l2tp, info first L2TP UDP packet received from Y.Y.Y.Y
l2tp, info first L2TP UDP packet received from Y.Y.Y.Y

What is wrong? Can ISP block or corrupt L2TP IPsec connection?

P.S. There is another interesting detail:
I used to connect to Romanian PPTP VPN to bypass my home provider’s web censorship and it always worked in my home city, but when I connected to the same VPN from other city (where the L2TP IPsec failed), I discovered that the site of my interest is still censored. The only explanation that comes to my mind is that provider acts like a MITM. It seems that the provider uses following tactics: tap the line, when impossible, then prevent from connecting.

2

They definitely can.

You should probably enable debug-level logging, and if you’re out of town and unable to be in the router when making the attempt, I suggest creating a special log target for the debugs and dumping them to a file so that they don’t get scrolled out of the history of the memory logging…

/system logging action
add disk-file-name=vpnlog.txt disk-lines-per-file=10000 disk-stop-on-full=yes name=vpnlog target=disk
/system logging
add action=vpnlog topics=debug,l2tp

3

I gave up using motel wifi because so many seemed to be blocking ports needed to pass VPN traffic.

4

some of them - also known to intel-gathering(usually for commercial purposes, but thats vary)and intentionally injecting various stuff in traffic or altering other stuff(for unpredictable/various reasons) at scale, unusual for other “public wifi”, even cafetria/restaurant-bound.
“naked” L2TP is insecure by itself(not better than similarly-configured PPoE, for example)without say “IPSec” or other things and for particular usage i think considering VPLS or MPLS deployment - is good thing(and yep, MPLS support in mobile platforms - slowly, but emerging/matured, even outside “stable” firmwares).

5

I use L2TP with IPsec on my VPNs.
I was in a motel this year that let users print to their kiosk printer by wifi. The IP address was on the printer, just on a whim I put that in my browser and got the non password protected control panel.