I have two RB750 one with public IP doing a L2TP Server and one behing two natted routers trying to do L2TP client... But... It simply doesn't connect at all... Nothing on logs and at connection level on both routers I see first connection attempt on UDP port 1701 and nothing more (Connection in U state: Unreplied).

situation is:

RB750(A) Public IP 88.8.88.88 with L2TP Server interface on it and PPP user vpnuser1 created with local ip 192.168.88.1 and remote 192.168.88.254
RB750(B) Private IP 192.168.1.1 and behing a first router (R1) natting it to another private network and another router (R2) natting to a static public IP. 99.9.99.99

RB750(A) is receiving connection attempts from 99.9.99.99.

My ISP (Italian ISP named FastWeb) is doing a 1-to-1 NAT from public IP 99.9.99.99 to my private 192.168.1.1 on the eth1 of the RB750(B).

It seems that L2TP is unable to reaching the router.
Firewall rules on both routers accept all UDP traffic.

My question is if L2TP tunnels can be done in this scenario and in any case how can I debug this issue.
Do I have to open other ports or allow other protocols?

Thank you for the help.

For debugging purposes, put an accept rule at the top of the input and output chains in firewall filter of both mikrotiks. This eliminates any chance that the Mikrotiks are blocking it in either direction. If it still doesn't work, then either your other router or one of your ISP's is blocking it. Just because there is a 1:1 nat on your ISP doesn't necessarily mean they are not blocking anything.

Addind at top a rule accepting all traffic from my source IP it fails to establish a connection.

I changed my VPN from L2TP to PPTP and I have same issue... PPTP Input port 1723 is closed from any external site and I don't know why. It should be open. Into another RouterBoard I'm using PPTP VPNs without specific rules and so on...
It seems very strange... I cannot reset all rules and reinstall it because is a production router and I need it up and running...

Anyway thank you for the suggestion...

In that case, either your other non-Mikrotik router, or one of your ISP's is blocking the connection... either intentionally or unintentionally.

It's my Mikrotik doing that. Connecting from the private interface from a linux machine I have the same issue. port 1723 is closed... Any connection to that port is refused. Other port forwards and filters are working fine. It seems related to VPNs functionalities or to a rule or something missed somewhere something I cannot identify... Boring and frustrating...

i have a problem with one of those linksys blue boxes in front of one of my Mikrotiks that wont allow an outbound l2tp tunnel... i have a feeling its changing the source port number of the tunnel and when it comes back in mikrotik can't match it up or something. didn't troubleshoot it that much since pptp did work on that same setup. usually its the other way around : )

to troubleshoot - turn on packet capture and sniff a little bit of the attempt at each hop. see where the udp port changes or doesn't make it all.