Source: https://jcutrer.com/howto/networking/mikrotik/l2tp-over-ipsec-troubleshooting

Here are the steps to verify and troubleshoot Remote VPN connections to a MikroTik Router using L2TP over IPSec.

• Ensure that proper firewall ports are open
• Verify that the L2TP server is enabled
• IPSec secret matches on router and client
• Verify that a compatible IPSec proposal is configured
• Verify that PPP Profile and IP Pool is configured
• Make sure PPP username/password matches

Firewall

add action=accept chain=input in-interface=ether1 protocol=ipsec-esp \
    comment="allow L2TP VPN (ipsec-esp)"
add action=accept chain=input dst-port=500,1701,4500 in-interface=ether1 protocol=udp \
    comment="allow L2TP VPN (500,4500,1701/udp)"

Is your L2TP Server Enabled? Verify IPSec secret (PreShared Key)

1. In Winbox, click PPP > Interfaces > L2TP Server
2. [x] Enable should be checked
3. Use IPSec: yes
4. Set IPSec Secret: your-ipsec-psk

Verify IPSec proposal

1. In Winbox, click IP > IPsec > Proposals
2. Double click default
3. Auth Algorithms: [x] sha1
4. Encr. Algorithms: [x] aes-192-cbc, [x] aes-256-cbc

Verify PPP Profile & IP Pool

1. In Winbox, click PPP > Profiles
2. Default a Local Address
3. Specify VPN IP Pool
4. If a IP pool needs to be create, goto .IP > Pool

Verify PPP credentials

1. VPN username accounts are defined in RouterOS as PPP Secrets.
2. PPP > Secrets