Without going into a bunch of detail, I found that print jobs from a Windows based PC on one end of the tunnel was having lost print jobs to a printer on the other end of the tunnel.
[There was a lot of confounding factors that vastly complicated troubleshooting it...but eventually I started looking at packet size.]
And if I set the MSS in mangle at both ends to around 1350, the problem vanishes.
/ip firewall mangle add
chain=forward action=change-mss new-mss=1350 passthrough=yes tcp-flags=syn
protocol=tcp src-address=220.127.116.11/24 dst-address=18.104.22.168/24
So, the real question is: Does anyone have any way to more "correctly" calculate [deterministic method] the MTU/MSS required to help larger packets survive over the IPSec tunnel?
Again: How does one go about calculating the MSS/MTU required on an IPSec tunnel. [Straight IPSec, not over any other tunnels and no tunneling inside either.]