Right now the IPSec wiki is missing extremely important info. For example, the default Firewall configuration in modern RouterOS versions doesn't allow IPSEC-ESP on the input chain.
If you try to connect one Mikrotik (initiator) to another Mikrotik (responder), and both of them have public IP addresses, you MUST manually add this line to the default config on the Mikrotik responder:
add action=accept chain=input protocol=ipsec-esp
This is critical info, not mentioned in the wiki. I was stuck for many hours until I finally discovered this.
Also, the section of the wiki called "Road Warrior setup with Mode Conf" still uses the old syntax to define ipsec peers auth methods, which is incorrect and fails in modern RouterOS versions. This is terrible for newbies who are trying to learn from the wiki :(