L2TP/IPSec issue works from android, but not from Windows

RouterOS General
3

Router config
42.42.42.42 - external IP
69.69.69.69 - Mikrotik’s WAN IP

[admin@MikroTik] > /export hide-sensitive
# may/05/2020 23:40:06 by RouterOS 6.46.6
# software id = Y4D1-NEYX
#
# model = RouterBOARD 750G r3
# serial number = 6F380558E982
/interface bridge
add admin-mac=E4:8D:8C:B1:F9:1C arp=proxy-arp auto-mac=no comment=\
    "created from master port" name=LAN protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] mac-address=00:1A:92:31:5D:B0 speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-192-cbc,3des
/ip pool
add name=dhcp ranges=192.168.1.50-192.168.1.200
add name=L2TP_users ranges=192.168.1.202-192.168.1.210
/ip dhcp-server
add address-pool=dhcp disabled=no interface=LAN lease-time=2w10m name=dhcp1
/ppp profile
add change-tcp-mss=yes local-address=192.168.1.201 name=profile1-L2TP_users \
    remote-address=L2TP_users
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=LAN interface=ether3
add bridge=LAN interface=ether4
add bridge=LAN interface=ether5
add bridge=LAN interface=ether2-master
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set authentication=mschap2 default-profile=profile1-L2TP_users enabled=yes \
    use-ipsec=required
/interface list member
add interface=LAN list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=LAN list=mactel
add interface=LAN list=mac-winbox
add interface=ether1 list=WAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether3 network=\
    192.168.1.0
add address=69.69.69.69/22 interface=ether1 network=10.176.252.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.1.20 client-id=NAS comment=Nas mac-address=\
    28:10:7B:43:7A:18
add address=192.168.1.30 client-id=1:0:11:32:3b:eb:a4 comment=SNAS \
    mac-address=00:11:32:3B:EB:A4 server=dhcp1
add address=192.168.1.10 client-id=1:d0:50:99:56:dd:40 comment=Station \
    mac-address=D0:50:99:56:DD:40 server=dhcp1
add address=192.168.1.40 client-id=1:0:12:16:b8:1f:4 comment=Camera \
    mac-address=00:12:16:B8:1F:04 server=dhcp1
add address=192.168.1.100 client-id=1:84:1b:5e:29:13:26 comment=Wireless \
    mac-address=84:1B:5E:29:13:26 server=dhcp1
add address=192.168.1.50 client-id=1:7c:1e:52:66:11:ab comment=XBox \
    mac-address=7C:1E:52:66:11:AB server=dhcp1
add address=192.168.1.60 mac-address=00:0C:29:3D:33:58 server=dhcp1
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=192.168.248.21,8.8.8.8 \
    gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.248.21,8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
    connection-state=established,related
add action=accept chain=forward comment="Allow L2TP" disabled=yes dst-port=\
    500,1701,4500 in-interface=ether1 log=yes log-prefix=L2tp protocol=udp
add action=accept chain=input comment=L2TP dst-port=500,1701,4500 \
    in-interface=ether1 log=yes log-prefix=VPN: protocol=udp
add action=accept chain=input comment="Allow L2TP" in-interface=ether1 \
    protocol=ipsec-esp
add action=accept chain=input comment="Allow L2TP" in-interface=ether1 \
    protocol=ipsec-ah
add action=accept chain=forward comment="Allow PPTP" disabled=yes dst-port=\
    1723 in-interface=ether1 log=yes log-prefix=PPTP protocol=tcp
add action=drop chain=input comment="defconf: drop all from WAN" \
    in-interface=ether1 log-prefix=Drop:
add action=drop chain=input comment="Drop remote management" disabled=yes \
    dst-port=80,443,8291 in-interface=ether1 log=yes protocol=tcp
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=accept chain=forward comment="Allow VPN to LAN" in-interface=\
    !ether1 out-interface=LAN src-address=192.168.1.0/24
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new disabled=yes in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" src-address=\
    192.168.1.0/24
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 gateway=10.176.252.1
add check-gateway=ping distance=1 dst-address=192.168.2.0/24 gateway=LAN \
    pref-src=192.168.1.1 scope=10
add check-gateway=ping distance=1 dst-address=192.168.3.0/24 gateway=LAN \
    pref-src=192.168.1.1 scope=10
/ip smb shares
set [ find default=yes ] directory=/pub
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1 type=external
add interface=LAN type=internal
/ppp secret
add name=Bass profile=profile1-L2TP_users service=l2tp
/system clock
set time-zone-name=Europe/Moscow
set time-zone-name=Europe/Moscow
/system leds
add leds=user-led type=off
/system logging
add topics=l2tp,debug
add topics=ipsec,debug
/system note
set show-at-login=no
/system resource irq rps
set ether1 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
set ether2-master disabled=no
/system routerboard settings
set silent-boot=yes
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox