Check your srcnat rules - apparently your srcnat rules are matching the replies - which means that you may have stateless nat (action=netmap) somewhere in the mix as well.
Hello
Thanks for response.
I have no NAT configured at all, its just a test setup with basic CHR configured. Torch shows on radius client router packets 1812 udp port from adress of remote gre tunnel and from loopback at once if I setup client to connect userman router loopback interface instead of far end gre.
WAN ip supplied by DHCP of VBox NAT-ed network: 10.0.50.0/24.
Also I have tried 6.39.1, still dont work.
# may/17/2017 12:56:38 by RouterOS 6.37.5
# software id =
#
/interface bridge
add name=loopback0
/interface gre
add allow-fast-path=no ipsec-secret=12345 local-address=10.0.50.4 name=gre-tunnel1 remote-address=10.0.50.5
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw password=12345
/tool user-manager profile
add name=test name-for-users="" override-shared-users=off owner=admin price=0 starts-at=now validity=0s
/ip address
add address=10.0.100.1/30 interface=gre-tunnel1 network=10.0.100.0
add address=10.0.101.1 interface=loopback0 network=10.0.101.1
/ip dhcp-client
add disabled=no interface=ether1
add dhcp-options=hostname,clientid disabled=no interface=ether2
/routing ospf network
add area=backbone network=10.0.100.0/30
add area=backbone network=10.0.101.1/32
/system identity
set name=chr1
/system package update
set channel=bugfix
/tool user-manager database
set db-path=user-manager
/tool user-manager router
add coa-port=1700 customer=admin disabled=no ip-address=10.0.100.2 log=auth-ok,auth-fail name=chr2 shared-secret=12345 use-coa=no
/tool user-manager user
add customer=admin disabled=no password=12345 shared-users=1 username=mtadmin wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
# may/17/2017 11:35:13 by RouterOS 6.37.5
# software id =
#
/interface gre
add allow-fast-path=no ipsec-secret=12345 local-address=10.0.50.5 name=gre-tunnel1 remote-address=10.0.50.4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip address
add address=10.0.100.2/30 interface=gre-tunnel1 network=10.0.100.0
/ip dhcp-client
add disabled=no interface=ether1
add dhcp-options=hostname,clientid disabled=no interface=ether2
/radius
add address=10.0.101.1 secret=12345 service=login
/routing ospf network
add area=backbone network=10.0.100.0/30
/system identity
set name=chr2
/system package update
set channel=bugfix
/user aaa
set default-group=full use-radius=yes