i have written an article about how to use your MikroTik router as a SSTP VPN server for Windows Always On VPN clients.
The guide incorporates a dedicated hardware firewall to lift the weight of firewalling off the MikroTik router so it can do its single purpose thing (in this scenario).
I use “winbox remote” as a quick and cheap (free) backup for my primary secure wireguard setup.
What I like about your implementation is that is self-contained, my sstp backup goes through a third party and thus is not a closed system.
However, I have wireguard for that (closed system) , its far simpler to implement and i dont need other hardware or systems (from radius servers to certificate generation).