Instead of print, please post the output of:
/ip ipsec policy export
The referenced post:
https://www.lisenet.com/2024/ikev2-vpn-unusably-slow-on-mikrotik/
Has (just like you) two T (template) policies, one marked with asterisk (default) for IPV6 (#0) and one for IPv4 (#2) and the added rule is as #1, i.e. above the IPv4 rule that would be #1 before adding the new one, hence the given command:
/ip ipsec policy
add action=none dst-address=10.11.1.0/24 src-address=0.0.0.0/0 > place-before=1 > disabled=no
What do you actually have in your config?
Maybe it is a timing issue?
I.e. the rule in config is added before the T and D ones are created? (and then it is “shifted down” when booting?)
If this is the case, maybe you could have a script with a command to move the rule up running with a short delay from boot.
Or you could try adding the
/ip ipsec policy
move *ffffff destination=0
before the:
add action=none dst-address=10.11.1.0/24 src-address=0.0.0.0/0 place-before=1
as in
http://forum.mikrotik.com/t/mtu-troubles-using-ikev2-providers-like-nordvpn-work-around/135154/1
http://forum.mikrotik.com/t/mtu-troubles-using-ikev2-providers-like-nordvpn-work-around/135154/1
http://forum.mikrotik.com/t/mtu-troubles-using-ikev2-providers-like-nordvpn-work-around/135154/1