Mikrotik's support for OpenVPN/IPsec is a joke. They should just allow to specify plain openvpn configuration instead.
I would not recommend these routers with original firmware.
No UDP support after all these years is really quite shameful. Tunneling TCP over TCP is insanely bad, the slightest packet loss and your connections are toast.
still not? I was moaning about this in 2006. I can't imagine why Mikrotik can't be bothered to implement UDP for OpenVPN when they have added so many other features.
This is my #1 gripe with mikrotik, you can't figure out if the feature you want to use is half-baked or not without testing it. And then once it works you had better not upgrade versions or it may very well break.
Finding a version which has all the features you need working used to be a nightmare.
I recently spent several hours trying to implement BFD...only to find out it's broken on CCR, known to be broken, and won't be fixed any time soon [1]
But to be fair, I've run across similar things in Cisco land. Spend hours trying to get something to work, when I finally run across an single line somewhere on their site that says what I'm trying to do doesn't work with CEF and I have to disable CEF if I want it to work. Which cuts my throughput by 10x.
My understanding is that MikroTik isn't a fan of OpenVPN (for whatever reason), and doesn't want to spend any more development time on the feature. Which is a shame, because it really is a poor choice without UDP support.
On the plus side, you can use the VM ("Metarouter") feature to host a real OpenVPN client inside an OpenWRT instance. But you don't get the nice admin console if you do that.