Solution google translate from here: http://bozza.ru/art-247.html
The default policy glitch on the mikrotik
With absolutely correct settings for the L2TP / IPSec connection on the client (for example, Windows 7) and on the server (Mikrotik), you can not establish a VPN connection. In this case, the message "failed to pre-process ph2 packet" goes to the Mikrotik log, and the error on the Windows 7 client is 789: the L2TP connection attempt failed because of an error that occurred at the security level ... This problem can occur on Firmware up to the last stable at the current time (6.30).
: delete the default group in the IP - IPSec - Groups menu, create a new one and specify it in IP - IPSec - Peers in the Policy Template Group field.
According to Hopy, another solution
to the problem with groups may be the execution of this command after re-creating the group:
ip ipsec peer set 0 policy-template-group =*FFFFFFFF
Perhaps this is a legacy from the old configurations, there is no exact answer, but nevertheless, this is an option. By the way, it is possible for this reason (and similar) that you should still perform a complete reset of the device before the initial setup. But this is not a requirement, that's for sure.