The Mikrotik implementation of OpenVPN is vulnerable to [https://sweet32.info/]SWEET32](https://sweet32.info/]SWEET32). This should have been patched months ago and OpenVPN updated to v2.4+.
In the short term, if you have access to the remote configs you can add a line to them:
reneg-bytes 64000000
But this is just a mitigation and not a fix. The fix is to use stronger ciphers than the default bf-cbc. v2.4 supports stronger ciphers and automatic cipher negotiation.