L2TP not working with Windows 11 and some Windows 10

Hi There,
Just checking if anyone else has seen this issue as it defies logic. For L2TP with MirkoTik I have just traditionally used WinBox.exe (I run it with Wine on Linux) and simply enable L2TP Server with the defaults:

Default Profile: default-encryption
Authentication: mschap2, mschap1, chap, pap (so all ticked)
IPSec set to ‘yes’
IPSec Secret: [created]
Called ID Type: ip address

and then create Profile Secrets to use:

Service: l2tp
Profile: default-encryption
Local Address: [hard set to 192 address]
Remote Address: and that is it. Very simple and used it for years.

I now have Windows 11 and some Windows 10 remote clients that cannot access the main head office router (RB915G-2HnD) with firmware v6.49.7 which was swapped in a short time ago to replace the same model with an earlier firmware (assuming - it stopped functioning so we swapped in this current spare [now the live router]).
If I get the customer to try connecting to their remote branch Mikrotik (RB915G-2HnD) in another state, setup the same as above, but has firmware v6.49.4, this works perfectly. So logic dictates it is not Windows but something on the head office MikroTik.
I also set up a Secret here on my hAPac2 with v6.48.7 for them to try and this does not work either - same results.

I have tried every recommended config known to humans posted on-line but nothing works. Last time I went around in circles in the forest like this I disabled L2TP server, completely deleted and re-created the IPSec setup so it was like a ‘factory default’, re-enabled L2TP… and this fixed it all… (I did this on the MikroTik they ‘had’ that was replaced with their current Mikrotik). Following this same activity does not work now either.

Surely someone else has seen this issue? Is there something with the ‘later’ firmware perhaps? For me this just defies logic with the customer not very happy they have to use trusted IP based PPtP setup till L2TP issue is sorted out.
Any feedback would be much appreciated.

proxy-arp disabled/enabled makes no difference also which I hoped was the smoking gun.

Microsoft have a history of breaking VPNs and it looks like that might be causing your problem. Take a look at these pages for some more information:

• VPN connections might fail after installing the April 2024 security update
• Microsoft says April Windows updates break VPN connections
• Windows 11 update causes troubles to VPN users

–
Backups are your friend. Always make a backup!

/system backup save encryption=aes-sha256 name=MyBackup

Please, export and attach your current config to your post if you want help with a config issue:
/export hide-sensitive file=MyConfig/export file=MyConfig

Yes I am all too familiar with how MS Windows often breaks things at the client end, but testing proves it not to be this.

L2TP client access is working to the other MikroTik at the remote branch - connects perfectly, but to the head office it doesn’t and as I indicated, with much hair loss over this issue, they ‘look’ the same but one works and the other doesn’t.
As with all things IPSec it has to be something not happening in the encryption and phases (modp, aes, 3des etc)… but what I can’t say as they are exactly the same… so there has to be some other setup/setting influencing this and I am just seeking any input on where to look next.