I have two RB2011UiAS units with a pretty basic setup. Both on 6.49.7
One has been running for over a year quite happily. It has an Ipsec connection to a Libreswan server and an Ipsec connection to an Endian router in a remote office (both VPNs used for Voip connections).
The remote ‘Endian’ office has now upgraded to Fibre and I have swapped the router to a RB2011.
Everything seems to be generally OK but I have struggled with the VPNs (I have been using Ipsec for a long time so am no virgin here - I wrote some config code to generate ipsec Libreswan confs from basic values to avoid making mistakes) but I am missing something.
The Mikrotik - Mikrotik VPN is up and I can remote desktop, ssh, www, etc between the two networks. But the old Voip phones now refuses to load their firmware from the Remote old Endian end. I think they ftp in some way, but I can sftp into the voip server manually and download without issue.
At the same time, the old Remote ‘Endian’ end cannot make a Ipsec connection to the Libre server. Barely a hint in the Libre logs that it even tries to connect. PH2 state is “no phase2”
I have essentially I duplicated the Ipsec settings for testing, including the certificates. One end works, the other does not.
I strongly suspect either stupidity on my part, or a possibility that the ISP router that I have out in dumb bridge mode is playing about.
If I can’t get this running shortly I will have to hack the Endian box back into service, but I know as a VM it struggles with Gigabit connections 
The setups are almost a mirror with the only exception being the Remote end has an old Telrad phone server which the Local end needs to access.
Local End
Static IP
PPPoe via ISP bridged router
Simple /24 local network - no DHCP as that is handled by a server
VPN to remote Libre Server - works
VPN to Remote End Mikrotik connected and passing most traffic but not passing Voip traffic (can’t tell if it passes SIP traffic until the phones are booted)
Remote End
Static IP
PPPoe via ISP bridged router
Simple /24 local network - no DHCP as that is handled by a server
VPN to remote Libre Server - fails to connect
VPN to Local End Mikrotik connected and passing most traffic but not passing Voip traffic (can’t tell if it passes SIP traffic until the phones are booted)
A few oddities I noticed but don’t understand:
Local end sfp1 bridge shows Role->designated port
Interface Bridge Status shows Root Bridge box checked but can’t edit
Root port shows nothing
Remote end sfp1 bridge shows Role->root port
Interface Bridge Status shows Root Bridge box unchecked but can’t edit
Root port shows sfp1-ToSwitch
I am pretty sure that the issue lies in the firewall rules or port/interface configs but for the life of me I can’t see where.
Wil happily provide any logs/config if someone would be kind enough to tell me what data you would like to see.
Any help gratefully appreciated - a real HeadDesk day today!
B. Rgds
John