Hello, my english is not so fine but I’m trying to explain my problem.
I trying to setup L2TP/IPsec connection between two Mikrotiks. There is a client with dynamic WAN IP on the left side and the server with static WAN IP on the right side. Also there is mobile phones as L2TP/IPsec clients. On the server I use 0.0.0.0/0 as peer configuration and generate policy port override for an ability to connect from any networks. Windows, Linux, mobile phones are connecting to the right side network without any problems, everything is working fine.
Now I need to setup left side Mikrotik as client. I setup L2TP part without any problems, auth is working fine. There is a problem with IPsec part.
I create a policy for tunnel from the left network to the right:
/ip ipsec policy
add dst-address=192.168.2.0/24 sa-dst-address=10.1.1.1 sa-src-address=0.0.0.0 src-address=192.168.1.0/24 tunnel=yes
Because the right (server) side have an option “generate policy port override” it is generate THE SAME policy but it is should be mirrored. Also I can’t create mirrored policy by hands because the left side WAN IP is dynamic. Is there any solutions?