"Road warrior" VPN client

I have a site-to-site VPN successfully deployed on IKEv2 using RSA cert authentication.

I’m currently using a 3rd party VPN server running on Windows for ‘dial-in’ VPN as I couldn’t get either the Microsoft or Mikrotik clients working properly. However I would prefer the VPN clients to connect directly to the router itself. There is only one LAN subnet that needs to be accessible to VPN clients and they should also use the Mikrotik for internet access (so no requirement for split tunnel).

I’ve looked at the Mikrotik Wiki on this and tried to replicate unsuccessfully in the past. For authentication, I’d ideally like to link with Active Directory credentials - I do have a RADIUS server running on my Windows environment.

Does anyone have a working config for this that they could give some pointers from?

The only resonable alternative on RouterOS for this is a SSTP VPN. It the most “SSL-VPN” like alternative. IPSec-based “road-warrior” VPN works bad with NAT and guest networks.

Client-wise it’s mixed:
Windows should have native support. Never tried
Linux and OSX - I have tried with pppd but no success. No GUI what so ever.

I think Mikrotik should spend at least some time to make a simple OS native application (like Cisco AnyConnect) that works well with RouterOS.