You should also check if you lt2p subnet is allowed on the phase2 selectors of the site to site tunnel. It also might be a policy or routing issue. You can collect a debug flow and see why the traffic is not processed. You can collect the output of the below commands while generating traffic from an l2tp client to the branch:
I hope that you at least use L2TP over IPSec and not pure old L2TP with no encryption at all.
However, instead of fixing dead L2TP I would humbly suggest to reconsider the VPN schema and drop down L2TP use, completely. It's 22 years old protocol with zero protection!
All modern OS are able somehow directly, or with help of supplicants like FortiClient, to use IPSec or at least SSL VPN. Some even allows you to use IPSec with IKEv2. Even on mobile platforms like Android or Apple iOS.
So instead of unprotected prehistoric L2TP I'd suggest to use IPSec completely.
As hub (on HQ FortiGate) &spoke (on branch offices) + dialup (for mobile road warriors).
You need to have firewall policy with source as l2tp subnet in the concerned firewall policy also in phase 2 selectors in the source address you need to have l2tp client subnet range in one firewall and in other firewall remote selectors you need to have l2tp client subnet range.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.