I have one remote user since Monday (2021-08-16) on each of two unrelated systems who suddenly cannot connect using L2TP with IPsec (must) / PSK. Nothing should have changed in either case and other remote users can connect their VPN in the same way with no problem. This points to changes on the local PC. Both have Windows 10 Home but so do others. The DrayTek router VPN terminations are *not* running out of concurrent connections. The routers are v2860 and v2762 with lhe latest firmware.
The Windows application event log reports errors such as Event ID 20227 with code 87 or 789. I can connect at each user from my PC, so the tunnel definition is good.
The diagnostics for this seem lacking. Some internet reports recommend using Device Manager to uninstall all networking adapters on the client PC and then putting them back, which I'd use as a last resort: not easy when accessing the PC remotely.
I've checked that the Windows services "IKE and AuthIP IPsec Keying Modules" and "IPsec Policy Agent" are running (which DrayTek support doesn't mention).
Has anyone else seen similar?

Check the [Diagnostics] > [Syslog Explorer] > VPN logs with "Always record ..." selected. That will show on the router side whether it's receiving the connections and what's happening when they try to connect.

As a precaution, I recommend enabling the Brute Force protection under [System Maintenance] > [Management] for the router's VPN server. 600 seconds timeout, 3 tries if the passwords are saved on the clients, 5 tries if people are entering passwords to connect. Probably not the issue though, since other connections are working and it's client specific.

Another thing I spotted recently; If you're using the Windows 10 built-in client, that uses SHA1 for authentication, check that the router allows that in [VPN and Remote Access] > [IPsec General Setup]. The 'High' security mode will not allow Windows VPN clients to connect unless you:
a: enable SHA1 auth for VPN connections by setting security method on the router to Medium
b: dig into the Windows firewall settings on each computer to use SHA256. See the 2nd to last picture of this for where that is: https://www.draytek.com/support/knowledge-base/5390