I’ve had a minor learning experience creating a mobile road warrior style VPN for my phone and tablet. I found a reasonably clear Mikrotik L2TP/IPSEC Dial-in VPN explanation on You tube https://www.youtube.com/watch?v=cgfXs6ZJrgs
It didn’t quite work. I couldn’t connect and the Android didn’t offer any errors. No messages on the Mikrotik logs either. I then tried with the Android on the inside LAN side of the VPN router on another LAN segment and it connected. This proved the encryption and protocols matched. Suspecting a firewall issue I searched but none of the number of examples mentioned firewall modifications.
After a considerable bit of reading and another search I found the Mikrotik Wiki Manual page with the magic note -
http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP
#If there are strict firewall policies, do not forget to add rules which accepts l2tp and ipsec.
/ip firewall
add chain=input protocol=udp port=1701,500,4500
add chain=input protocol=ipsec-esp
Not quite there yet this has an error and should be -
/ip firewall filter
add chain=input protocol=udp port=1701,500,4500
add chain=input protocol=ipsec-esp
Although I’ve since read quite a debate on the forum from a couple of years ago about these rules and the ports they’ve opened.