There are a bunch of different VPN technologies built into RouterOS, largely because there isn’t a single definition for what “VPN” means or why you’d set one up. What’s your purpose in having a VPN? Yes, you say you want two sites connected, but why? For what specific purpose? Knowing that will inform the best choice of VPN tech.
If you’re going to limit us to making generic observations, I’ll point out that of the stock options, ZeroTier meets your constraints best as it arranges connections through NAT by use of a public service. The two endpoints merely need to see the public ZT service, not each other directly.
This is not without problems of its own, which is why I’d first reach for WireGuard instead. Every VPN tech has problems, but I have the least dislike for the particular bag of problems WG presents.
And yes, it is perfectly fine to use WG with DDNS, through NAT. You can even run it from behind someone else’s router, as I did for about a year before replacing my other-vendor Internet gateway with a hAP ax³, permitting direct WG connections. I do still use a DDNS service to work out where it is, but the double-NAT ugliness has gone away for me now.