*** L2TP/IPSEC VPN server can't be connected from Internet ***

I am having issue with my L2TP/IPSEC server on v6.34.1 X86 RouterOS. I can connect to this L2TP server within the LAN, that means the configuration should be working. However, when I try to connect from the Internet, it will never get me connect. The firewall is already open

I am accepting this destination port for L2TP

Debug log like below:

2/13/2016 20:38	l2tp	debug	packet rcvd control message from 121.202.137.74:54014 to 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=0	 session-id=0	 ns=0	 nr=0
2/13/2016 20:38	l2tp	debug	packet     (M) Message-Type=SCCRQ			
2/13/2016 20:38	l2tp	debug	packet     (M) Protocol-Version=0x01:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Framing-Capabilities=0x3			
2/13/2016 20:38	l2tp	debug	packet     (M) Host-Name=0x47:6f:74:65:6e:73:2d:69:50:68:6f:6e:65:2d:36:53			
2/13/2016 20:38	l2tp	debug	packet         70:6c:75:73:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Assigned-Tunnel-ID=26			
2/13/2016 20:38	l2tp	debug	packet     (M) Receive-Window-Size=4			
2/13/2016 20:38	l2tp	debug tunnel 2 entering state: wait-ctl-conn				
2/13/2016 20:38	l2tp	debug	packet sent control message to 121.202.137.74:54014 from 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=26	 session-id=0	 ns=0	 nr=1
2/13/2016 20:38	l2tp	debug	packet     (M) Message-Type=SCCRP			
2/13/2016 20:38	l2tp	debug	packet     (M) Protocol-Version=0x01:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Framing-Capabilities=0x1			
2/13/2016 20:38	l2tp	debug	packet     (M) Bearer-Capabilities=0x0			
2/13/2016 20:38	l2tp	debug	packet     Firmware-Revision=0x1			
2/13/2016 20:38	l2tp	debug	packet     (M) Host-Name=""MikroTik""			
2/13/2016 20:38	l2tp	debug	packet     Vendor-Name=""MikroTik""			
2/13/2016 20:38	l2tp	debug	packet     (M) Assigned-Tunnel-ID=2			
2/13/2016 20:38	l2tp	debug	packet     (M) Receive-Window-Size=4			
2/13/2016 20:38	l2tp	debug	packet rcvd control message from 121.202.137.74:54014 to 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=0	 session-id=0	 ns=0	 nr=0
2/13/2016 20:38	l2tp	debug	packet     (M) Message-Type=SCCRQ			
2/13/2016 20:38	l2tp	debug	packet     (M) Protocol-Version=0x01:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Framing-Capabilities=0x3			
2/13/2016 20:38	l2tp	debug	packet     (M) Host-Name=0x47:6f:74:65:6e:73:2d:69:50:68:6f:6e:65:2d:36:53			
2/13/2016 20:38	l2tp	debug	packet         70:6c:75:73:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Assigned-Tunnel-ID=26			
2/13/2016 20:38	l2tp	debug	packet     (M) Receive-Window-Size=4			
2/13/2016 20:38	l2tp	debug	packet sent control message (ack) to 121.202.137.74:54014 from 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=26	 session-id=0	 ns=1	 nr=1
2/13/2016 20:38	l2tp	debug	packet sent control message to 121.202.137.74:54014 from 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=26	 session-id=0	 ns=0	 nr=1
2/13/2016 20:38	l2tp	debug	packet     (M) Message-Type=SCCRP			
2/13/2016 20:38	l2tp	debug	packet     (M) Protocol-Version=0x01:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Framing-Capabilities=0x1			
2/13/2016 20:38	l2tp	debug	packet     (M) Bearer-Capabilities=0x0			
2/13/2016 20:38	l2tp	debug	packet     Firmware-Revision=0x1			
2/13/2016 20:38	l2tp	debug	packet     (M) Host-Name=""MikroTik""			
2/13/2016 20:38	l2tp	debug	packet     Vendor-Name=""MikroTik""			
2/13/2016 20:38	l2tp	debug	packet     (M) Assigned-Tunnel-ID=2			
2/13/2016 20:38	l2tp	debug	packet     (M) Receive-Window-Size=4			
2/13/2016 20:38	l2tp	debug	packet sent control message to 121.202.137.74:54014 from 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=26	 session-id=0	 ns=0	 nr=1
2/13/2016 20:38	l2tp	debug	packet     (M) Message-Type=SCCRP			
2/13/2016 20:38	l2tp	debug	packet     (M) Protocol-Version=0x01:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Framing-Capabilities=0x1			
2/13/2016 20:38	l2tp	debug	packet     (M) Bearer-Capabilities=0x0			
2/13/2016 20:38	l2tp	debug	packet     Firmware-Revision=0x1			
2/13/2016 20:38	l2tp	debug	packet     (M) Host-Name=""MikroTik""			
2/13/2016 20:38	l2tp	debug	packet     Vendor-Name=""MikroTik""			
2/13/2016 20:38	l2tp	debug	packet     (M) Assigned-Tunnel-ID=2			
2/13/2016 20:38	l2tp	debug	packet     (M) Receive-Window-Size=4			
2/13/2016 20:38	l2tp	debug	packet rcvd control message from 121.202.137.74:54014 to 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=0	 session-id=0	 ns=0	 nr=0
2/13/2016 20:38	l2tp	debug	packet     (M) Message-Type=SCCRQ			
2/13/2016 20:38	l2tp	debug	packet     (M) Protocol-Version=0x01:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Framing-Capabilities=0x3			
2/13/2016 20:38	l2tp	debug	packet     (M) Host-Name=0x47:6f:74:65:6e:73:2d:69:50:68:6f:6e:65:2d:36:53			
2/13/2016 20:38	l2tp	debug	packet         70:6c:75:73:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Assigned-Tunnel-ID=26			
2/13/2016 20:38	l2tp	debug	packet     (M) Receive-Window-Size=4			
2/13/2016 20:38	l2tp	debug	packet sent control message (ack) to 121.202.137.74:54014 from 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=26	 session-id=0	 ns=1	 nr=1
2/13/2016 20:38	l2tp	debug	packet sent control message to 121.202.137.74:54014 from 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=26	 session-id=0	 ns=0	 nr=1
2/13/2016 20:38	l2tp	debug	packet     (M) Message-Type=SCCRP			
2/13/2016 20:38	l2tp	debug	packet     (M) Protocol-Version=0x01:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Framing-Capabilities=0x1			
2/13/2016 20:38	l2tp	debug	packet     (M) Bearer-Capabilities=0x0			
2/13/2016 20:38	l2tp	debug	packet     Firmware-Revision=0x1			
2/13/2016 20:38	l2tp	debug	packet     (M) Host-Name=""MikroTik""			
2/13/2016 20:38	l2tp	debug	packet     Vendor-Name=""MikroTik""			
2/13/2016 20:38	l2tp	debug	packet     (M) Assigned-Tunnel-ID=2			
2/13/2016 20:38	l2tp	debug	packet     (M) Receive-Window-Size=4			
2/13/2016 20:38	l2tp	debug	packet rcvd control message from 121.202.137.74:54014 to 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=0	 session-id=0	 ns=0	 nr=0
2/13/2016 20:38	l2tp	debug	packet     (M) Message-Type=SCCRQ			
2/13/2016 20:38	l2tp	debug	packet     (M) Protocol-Version=0x01:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Framing-Capabilities=0x3			
2/13/2016 20:38	l2tp	debug	packet     (M) Host-Name=0x47:6f:74:65:6e:73:2d:69:50:68:6f:6e:65:2d:36:53			
2/13/2016 20:38	l2tp	debug	packet         70:6c:75:73:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Assigned-Tunnel-ID=26			
2/13/2016 20:38	l2tp	debug	packet     (M) Receive-Window-Size=4			
2/13/2016 20:38	l2tp	debug	packet sent control message (ack) to 121.202.137.74:54014 from 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=26	 session-id=0	 ns=1	 nr=1
2/13/2016 20:38	l2tp	debug	packet sent control message to 121.202.137.74:54014 from 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=26	 session-id=0	 ns=0	 nr=1
2/13/2016 20:38	l2tp	debug	packet     (M) Message-Type=SCCRP			
2/13/2016 20:38	l2tp	debug	packet     (M) Protocol-Version=0x01:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Framing-Capabilities=0x1			
2/13/2016 20:38	l2tp	debug	packet     (M) Bearer-Capabilities=0x0			
2/13/2016 20:38	l2tp	debug	packet     Firmware-Revision=0x1			
2/13/2016 20:38	l2tp	debug	packet     (M) Host-Name=""MikroTik""			
2/13/2016 20:38	l2tp	debug	packet     Vendor-Name=""MikroTik""			
2/13/2016 20:38	l2tp	debug	packet     (M) Assigned-Tunnel-ID=2			
2/13/2016 20:38	l2tp	debug	packet     (M) Receive-Window-Size=4			
2/13/2016 20:38	l2tp	debug	packet rcvd control message from 121.202.137.74:54014 to 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=0	 session-id=0	 ns=0	 nr=0
2/13/2016 20:38	l2tp	debug	packet     (M) Message-Type=SCCRQ			
2/13/2016 20:38	l2tp	debug	packet     (M) Protocol-Version=0x01:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Framing-Capabilities=0x3			
2/13/2016 20:38	l2tp	debug	packet     (M) Host-Name=0x47:6f:74:65:6e:73:2d:69:50:68:6f:6e:65:2d:36:53			
2/13/2016 20:38	l2tp	debug	packet         70:6c:75:73:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Assigned-Tunnel-ID=26			
2/13/2016 20:38	l2tp	debug	packet     (M) Receive-Window-Size=4			
2/13/2016 20:38	l2tp	debug	packet sent control message (ack) to 121.202.137.74:54014 from 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=26	 session-id=0	 ns=1	 nr=1
2/13/2016 20:38	l2tp	debug	packet rcvd control message from 121.202.137.74:54014 to 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=0	 session-id=0	 ns=0	 nr=0
2/13/2016 20:38	l2tp	debug	packet     (M) Message-Type=SCCRQ			
2/13/2016 20:38	l2tp	debug	packet     (M) Protocol-Version=0x01:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Framing-Capabilities=0x3			
2/13/2016 20:38	l2tp	debug	packet     (M) Host-Name=0x47:6f:74:65:6e:73:2d:69:50:68:6f:6e:65:2d:36:53			
2/13/2016 20:38	l2tp	debug	packet         70:6c:75:73:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Assigned-Tunnel-ID=26			
2/13/2016 20:38	l2tp	debug	packet     (M) Receive-Window-Size=4			
2/13/2016 20:38	l2tp	debug	packet sent control message (ack) to 121.202.137.74:54014 from 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=26	 session-id=0	 ns=1	 nr=1
2/13/2016 20:38	l2tp	debug	packet sent control message to 121.202.137.74:54014 from 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=26	 session-id=0	 ns=0	 nr=1
2/13/2016 20:38	l2tp	debug	packet     (M) Message-Type=SCCRP			
2/13/2016 20:38	l2tp	debug	packet     (M) Protocol-Version=0x01:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Framing-Capabilities=0x1			
2/13/2016 20:38	l2tp	debug	packet     (M) Bearer-Capabilities=0x0			
2/13/2016 20:38	l2tp	debug	packet     Firmware-Revision=0x1			
2/13/2016 20:38	l2tp	debug	packet     (M) Host-Name=""MikroTik""			
2/13/2016 20:38	l2tp	debug	packet     Vendor-Name=""MikroTik""			
2/13/2016 20:38	l2tp	debug	packet     (M) Assigned-Tunnel-ID=2			
2/13/2016 20:38	l2tp	debug	packet     (M) Receive-Window-Size=4			
2/13/2016 20:38	l2tp	debug	packet rcvd control message from 121.202.137.74:54014 to 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=0	 session-id=0	 ns=0	 nr=0
2/13/2016 20:38	l2tp	debug	packet     (M) Message-Type=SCCRQ			
2/13/2016 20:38	l2tp	debug	packet     (M) Protocol-Version=0x01:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Framing-Capabilities=0x3			
2/13/2016 20:38	l2tp	debug	packet     (M) Host-Name=0x47:6f:74:65:6e:73:2d:69:50:68:6f:6e:65:2d:36:53			
2/13/2016 20:38	l2tp	debug	packet         70:6c:75:73:00			
2/13/2016 20:38	l2tp	debug	packet     (M) Assigned-Tunnel-ID=26			
2/13/2016 20:38	l2tp	debug	packet     (M) Receive-Window-Size=4			
2/13/2016 20:38	l2tp	debug	packet sent control message (ack) to 121.202.137.74:54014 from 119.247.X.112:1701			
2/13/2016 20:38	l2tp	debug	packet     tunnel-id=26	 session-id=0	 ns=1	 nr=1
2/13/2016 20:38	l2tp	debug tunnel 2 received no replies	 disconnecting			
2/13/2016 20:38	l2tp	debug tunnel 2 entering state: dead

I have a working PPTP server running and I can connect from Internet just fine. Just having problem on L2TP server.
I wonder if anyone can help?

Ok, I found the answer from the Internet

The L2TP/IPSEC vpn server would not work correctly with IOS or OSX using the default method on creating the L2TP server with IPSEC support.

https://netidy.com/blog/mikrotik-auto-generated-ipsec-working-ios

You have to create a custom Ipsec Peer like below (delete the orginal one which is auto generated when you create L2tp server), and make sure the “Generate Policy” is set to Port override. The default setup was using “port strict” which never work on 3G/LTE network. (if you connect the vpn server from your phone..)