MikroTik

I have 2 customers with Mikrotik stuff I support via L2TP/IPSec VPN since over year and I am able to connect from my Windows 10/MacOS laptops and iPad - all with current, up to date operating system release.
Newly created (week ago) access for 3rd customers works on Windows 10/MacOS but do not work on iPadOS - 'server unreachable'
Apple support answer:
"This will need to be resolved by the server administrator.

We have upgraded the proposed ciphers in L2TP IPsec VPN to also propose SHA-256 for the Child SA in IPsec. The issue seems to be that the server is accepting SHA-256 cipher for the child but maybe dropping the ESP encrypted packets with SHA-256 HMAC. This maybe because the server is assuming a SHA-256 HMAC with 96 bits instead of the standard 128 bits. Switching the SHA-256 HMAC output from 96 to 128 bits should fix this issue.

Thank you for your feedback."

What and where should I change in RouterOS L2TP/IPSec configuration to make it working, I mean how to 'Switch the SHA-256 HMAC output from 96 to 128 bits'?

I have exactly the same issue it seems.

A L2TP/IPSec Setup which did work for years now suddenly stopped working when i try to connect my iPhone (iOS 14.7.1) via LTE. The same setup does work when my iPhone is connected in another WLAN though.

Via LTE it keeps saying and does not establish phase 2.

In the hopes that it helps somebody in the future, I found that the fix to this problem in ROS6 was to disable 'SHA1' and enable 'SHA256' for the default IPSEC profile.

The default profile can be found from the top level menu, by navigating to: IP -> IPSec -> Proposal (tab) -> default