I'm trying to use ROS 6.37.1 (RB750GL) as a L2TP/IPSEC client (user/password + shared key), using the auto-generated IPSEC policies (I do not create the IPSEC policies, ROS does)

The setup is quite straight forward and I can get it to work from mobile phones, macOS and Windows. But under ROS I can only get it to connect if I reboot the router. It connects. If I disconnect, it will not connect again. If I disable the VPN and reboot I can't get it to connected after re-enabling it.

Really strange.

The only thing special in my setup is that the RB is multi-homed to the Internet, with PCC load balancing. And yes, I have an output rule that forces all packets to the VPN server to a specific connection.

That said, the only difference I can see in the boot process is that the L2TP connection is completed before one of the Internet connections (PPPoE) is completed. The other one is up and that is the one that is selected in the mangle output rule.

Tried keeping the PPPoE interface down, to simulate the boot "environment", and it makes no difference.

Any ideas?

friend I need your configuration