There are better documentations with more details on how to create an L2TP VPN via IPsec for Mikrotik, this one is mostly for my own notes.
/interface l2tp-server server
set authentication=mschap2 default-profile=default enabled=yes ipsec-secret=XXX keepalive-timeout=60 max-sessions=10 use-ipsec=required
/ppp profile
add change-tcp-mss=yes dns-server=10.1.1.1 local-address=10.1.1.1 name=VPN-encryption only-one=no remote-address=dhcp-10.1.1.0
/ppp secret
add name=user1 password=YYY profile=VPN-encryption service=l2tp
/ip ipsec identity
add generate-policy=port-override peer=L2TP-peer remote-id=ignore secret=XXX
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip firewall filter
add action=accept chain=input comment=L2TP connection-state="" dst-port=1701,500,4500 in-interface=eth1-GW limit=20,5:packet log=yes log-prefix=L2TP protocol=udp
add action=accept chain=input comment=L2TP connection-state="" in-interface=eth1-GW log=yes log-prefix=L2TP protocol=ipsec-esp
In case you are using the same subnet on VPN and local and you want to be able to connect to local hosts you have to enable proxy-arp:
/interface bridge
add admin-mac=C1:AE:34:55:A3:B1 arp=proxy-arp auto-mac=no name=bridge-LAN
2021.Oct.9. Update
I just found this video how to configure an L2TP VPN and a client with a few clicks using Winbox, it can be easily adapted to Webconfig. You’ll still need the firewall part.