Hello all.
Can’t get this to work.
Just L2TP (without encryption) works fine.
But how do i setup it over Ipsec?
Basically question is - what ‘policy, proposal, peer config’ usual macosx/win7/ios uses as default (as these devices connect to my softether’s l2tp over ipsec wonderfully).
Can’t find any relevant tutorial 
LOVE my mikrotik! Amazing
Solved by myself.
Here’s info for anyone struggling with same config.
Softether server ip - xxx
Mikrotik’s address - yyy
Mikrotik setup:
- create Ipsec proposal. Sha1, 3des, aes-256 cbc, PFS Group mod1024. otherwise all defaults.
- create Ipsec peer. Address is xxx, port 500, pre shared key and itself inputed, exchange mode l2tp, send initial contact NOT set, nat traversal set (if client device is behind nat), proposal check - Obey, sha1, 3des+aes-128+aes-256, DH group NO, disable DPD.
- funny part is to create Ipsec policy. src-address = yyy/32 , dest-address xxx/32, protocol udp, action encrypt, level require, ipsec protocols ESP, tunnel NOT set, sa-src-ad yyy, sa-dst-ad xxx.
- finally create l2tp client, using profile, that must contain encryption → require.
Works