The last rule appears to be an IPv6 ipsec issue.
Are you trying to terminate the tunnel on IPv4 or IPv6?
What I was going to do is to create an interface, where all traffic is being routed through VPN server. VPN IPSec connection is established from Mikrotik router, so the only thing needed to do is to route all traffic through connected VPN server.
Comes out the issue was purely related to backup&restore from different device (even the same model). It has nothing to do with IPv6 (same messages appear on any other Mikrotik router when starting connection). Please note everyone - always, ALWAYS use export & import instead of backup&restore (especially when migrating from one Mikrotik to another). This is a nice guide: https://jcutrer.com/howto/networking/mi ... nd-restore
(Text Config Backup). You will save yourself from many random issues. In my case it was just VPN tunnel not starting. For no reason - just not starting (without any further logs). And it was caused by backup&restore on different Mikrotik device.
So once I reset router following that guide, I came to another issue with IPSec VPN. Symptoms:
1. Usually no packet loss. Rarely it's like 40%, but usually ping works just fine.
2. Randomly (not) loading websites.
3. Speed test usually slowly kicks in. It's like slowly accelerating in speedtest.net
4. Everything loads just fine (in browser), but to load any page takes like 10-15 seconds (300mbps internet), or sometimes not finish loading at all.
After spending the whole day at work I solved the issue. Thing's I've done to solve it:
1. Reduced MSS size to 1280 (anything higher caused issues)
add action=change-mss chain=forward comment="For VPN" new-mss=1280 passthrough=yes protocol=tcp src-address-list=lan13 tcp-flags=syn tcp-mss=!0-1280
add action=change-mss chain=forward comment="For VPN" dst-address-list=lan13 new-mss=1280 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=!0-128
2. Excluded VPN connection from fasttrack (in my case, "vlan_13" is the interface where all traffic is being routed through VPN):
add action=fasttrack-connection chain=forward comment="[default] Enable fasttrack" connection-state=established,related in-interface=!vlan_13
3. IP --> IPSec --> Profiles (and your profile) --> Unchecked "NAT Traversal" checkbox.
Not sure about last point, but 2nd and 1st points were crucial to get a properly working internet connection under VPN.
Considering these symptoms, the first thing that came to my mind is too large MSS. Changing to even value of 1000 didn't fix anything. So I believe this is mostly related to fasttrack and VPN connection. Or maybe "NAT Traversal" (i did not want to continue investigating - had enough of this for today). Feel free to add this to your knowledge base.
You can close this thread as solved.