You do need to permit input traffic to udp port 1701, but maybe it works because there is a rule action=accept ipsec-policy=in,ipsec that permits everything that came as IPsec payload.
You have to permit ESP (IP protocol 50) if your Mikrotik listens on a public address itself and at least one client has a public IP address directly on itself too. In that case, IPsec negotiates use of bare ESP for the security associations; if there is NAT anywhere between the client and the server, ESP gets encapsulated into UDP (originally from 4500 to 4500, NAT can change that).
You don’t need to permit IP protocol 115 because that’s L2TPv3 which is a different protocol than the plain L2TP that is used for L2TP/IPsec.
If there is a chance that multiple L2TP clients could be connecting from behind the same public IP, read this.