Hello,
I have some issues with making MT to work with OpenVPN server (Ubuntu). I can make successful connection to OVPN server, but traffic is not routed through OVPN server. Here is my configuration.
Setup:
MikroTik configuration
/interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS
0 R ether1 ether 1500 1598 2028 6C:3B:6B:76:DC:74
1 RS ether2-master ether 1500 1598 2028 6C:3B:6B:76:DC:75
2 RS ether3 ether 1500 1598 2028 6C:3B:6B:76:DC:76
3 RS ether4 ether 1500 1598 2028 6C:3B:6B:76:DC:77
4 S ether5 ether 1500 1598 2028 6C:3B:6B:76:DC:78
5 DRS Gitaraga-1 cap 1500 1600 6C:3B:6B:63:25:1C
6 D S Gitaraga-2 cap 1500 1600 64:D1:54:7C:81:7C
7 D S Gitaraga-3 cap 1500 1600 64:D1:54:7C:81:62
8 R ;;; OpenVPN
OVPN ovpn-out 1500 02:D9:5B:E8:01:17
9 R bridge-guest bridge 1500 65535 F6:19:DA:7B:4F:E5
10 R bridge-hotspot bridge 1500 1600 6C:3B:6B:63:25:1C
11 R ;;; created from master port
bridge1 bridge 1500 1598 6C:3B:6B:76:DC:75
/interface bridge print
Flags: X - disabled, R - running
0 R name="bridge-guest" mtu=auto actual-mtu=1500 l2mtu=65535 arp=enabled arp-timeout=auto mac-address=F6:19:DA:7B:4F:E5 protocol-mode=rstp fast-forward=no
igmp-snooping=no priority=0x8000 auto-mac=yes max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m region-name="" region-revision=0
max-hops=20 vlan-filtering=no pvid=1
1 R name="bridge-hotspot" mtu=auto actual-mtu=1500 l2mtu=1600 arp=enabled arp-timeout=auto mac-address=6C:3B:6B:63:25:1C protocol-mode=rstp fast-forward=no
igmp-snooping=no priority=0x8000 auto-mac=yes max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m region-name="" region-revision=0
max-hops=20 vlan-filtering=no pvid=1
2 R ;;; created from master port
name="bridge1" mtu=auto actual-mtu=1500 l2mtu=1598 arp=enabled arp-timeout=auto mac-address=6C:3B:6B:76:DC:75 protocol-mode=rstp fast-forward=no igmp-snooping=no
priority=0x8000 auto-mac=no admin-mac=6C:3B:6B:76:DC:75 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m region-name=""
region-revision=0 max-hops=20 vlan-filtering=no pvid=1
/interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload
# INTERFACE BRIDGE HW PVID PRIORITY PATH-COST INTERNAL-PATH-COST HORIZON
0 H ether3 bridge1 yes 1 0x80 10 10 none
1 H ether4 bridge1 yes 1 0x80 10 10 none
2 I H ether5 bridge1 yes 1 0x80 10 10 none
3 H ether2-master bridge1 yes 1 0x80 10 10 none
4 XI ether1 bridge1 yes 1 0x80 10 10 none
5 D Gitaraga-1 bridge-hotspot yes 1 0x80 10 10 none
6 ID Gitaraga-2 bridge-hotspot yes 1 0x80 10 10 none
7 ID Gitaraga-3 bridge-hotspot yes 1 0x80 10 10 none
/ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 192.168.88.1/24 192.168.88.0 ether3
1 192.168.90.1/24 192.168.90.0 bridge-guest
2 192.168.92.1/24 192.168.92.0 bridge-hotspot
3 D 172.30.10.72/24 172.30.10.0 ether1
4 D 10.8.0.6/32 10.8.0.5 OVPN
/ip firewall nat print
...
28 chain=srcnat action=masquerade src-address=192.168.88.0/24 out-interface=OVPN log=no log-prefix=""
/ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 172.30.10.1 1
1 ADS 10.8.0.1/32 10.8.0.5 1
2 ADC 10.8.0.5/32 10.8.0.6 OVPN 0
3 ADC 172.30.10.0/24 172.30.10.72 ether1 0
4 ADC 192.168.88.0/24 192.168.88.1 bridge1 0
5 S 192.168.88.0/24 ether1 1
6 ADC 192.168.90.0/24 192.168.90.1 bridge-guest 0
7 ADC 192.168.92.0/24 192.168.92.1 bridge-hotspot 0
/interface ovpn-client print
Flags: X - disabled, R - running
0 R ;;; OpenVPN
name="OVPN" mac-address=02:D9:5B:E8:01:17 max-mtu=1500 connect-to=159.89.26.162 port=1194 mode=ip user="vpnuser" password="vpnpass" profile=OVPN-client
certificate=client auth=sha1 cipher=blowfish128 add-default-route=no
/ping 10.8.0.1
SEQ HOST SIZE TTL TIME STATUS
0 10.8.0.1 timeout
1 10.8.0.1 timeout
/ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=prerouting action=passthrough
1 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
2 D ;;; special dummy rule to show fasttrack counters
chain=postrouting action=passthrough
3 chain=prerouting action=mark-routing new-routing-mark=vpn_traffic passthrough=yes src-address=192.168.88.1 dst-address-list=!local_traffic log=no log-prefix=""
/ip firewall address-list print
Flags: X - disabled, D - dynamic
# LIST ADDRESS CREATION-TIME TIMEOUT
0 local_traffic 192.168.92.0/24 mar/21/2018 16:22:10
1 local_traffic 192.168.90.0/24 mar/21/2018 16:22:22
2 local_traffic 192.168.88.2-192.168.88.254 mar/21/2018 17:15:40
And from OpenVPN Server side i can sucessfuly see the device:
root@ginnungagap:/etc/openvpn# cat openvpn-status.log
OpenVPN CLIENT LIST
Updated,Thu Mar 22 08:04:42 2018
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
mk-gitaraga,105.178.36.40:62138,5337,28035,Thu Mar 22 08:01:33 2018
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.8.0.6,mk-gitaraga,105.178.36.40:62138,Thu Mar 22 08:04:41 2018
GLOBAL STATS
Max bcast/mcast queue length,0
END
root@ginnungagap:/etc/openvpn# ping 10.8.0.6
PING 10.8.0.6 (10.8.0.6) 56(84) bytes of data.
^C
--- 10.8.0.6 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3024ms
As you can see, MikroTik is connected to OpenVpn server, but i cannot ping the devices either way.
My main goal is to connect MikroTik router and make all router’s traffic go through VPN. I do not need to redirects user’s traffic(from LAN, wifi1, wifi2) to VPN, i only need to be able to connect to router through VPN server (to remotely change configurations).
Thanks for your help! I’m playing whit this for a while now, and cannot get it running 
Have a good day!