Your router is not mentioned here: https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Hardware_acceleration
So it means that you will get terrible performance. I would also suggest bypassing fasttrack (either by using “notrack” or “allowing” traffic before fastrack rule) and tuning MSS size might be required (which I believe is not).
You might get some hints here and here.
EDIT: So you say that performance penalty is mostly because of IPSEC. Your only option would be:
- No encryption at all
- Lower encryption = faster speeds and lower security
- Wireguard = should be fast and safe enough, but only in ROS7.