Here you go:
Mikrotik:
/ip ipsec proposal
add enc-algorithms=3des,aes-256-cbc,aes-256-ctr lifetime=0s name=IPSecDT \
pfs-group=none
/interface l2tp-client
add allow=mschap1,mschap2 connect-to=DraytekPublicIP keepalive-timeout=\
disabled max-mru=1442 max-mtu=1442 name=Draytek password=L2TPPassword \
profile=default user=L2TPUser
/ip ipsec peer
add address=DraytekPublicIP/32 comment=Draytek disabled=yes enc-algorithm=\
3des,aes-256 secret=IPSecPassword
/ip ipsec policy
add comment=Draytek disabled=yes dst-address=DraytekPublicIP/32 proposal=\
IPSecDT sa-dst-address=DraytekPublicIP sa-src-address=LocalPublicIP \
src-address=LocalPublicIP/32
Draytek (here Vigor 2710):
VPN and Remote Access
Remote Access Control
Enable IPSec VPN Service
Enable L2TP VPN Service
IPSec General Setup
IKE Authentication Method: IPSecPassword
IPSec Security Method: High (ESP) DES / 3DES / AES
LAN to LAN
New Profile:
1. Common Settings:
Name: MTIn
Call Direction: Dial-In
3. Dial-In Settings:
L2TP with IPSec Policy: Must
Username: L2TPUser
Password: L2TPPassword
The rest is greyed out.
4. TCP/IP Network Settings:
My WAN iP: Draytek Internal IP
Remote Gateway IP: MT Internal IP
Remote Netowrk IP: MT Network
Remote Network Mask: MT Network Mask
Local IP: Draytek Network
Local Network Mask: Dratek Network Mask
I don't use the tunnel right now, so IPSec Peer and IPSec Policy are disabled.
The tunnel takes some time and tries to come up, but after a few minutes it should work. If you don't need the additional routing possibilities of L2TP (in the Mikrotik environment), tunnel mode seems to be more stable (based on the same config with the obvious changes). You will see, the IPSec tunnel always comes up fine, it's the L2TP part that does not work so well (at least in my setup, which also suffers from the poor (international) internet connection I have right now).
Kind regards,
iBlueDragon