We have a lot of roaming employees that go to various locations that have great hardwired internet, but the locations have strict port filtering and blocking so that only web traffic such as port 80 will pass through. This makes it impossible to use our applications that require many other ports. Can a VPN be setup on a CCR to listen for inbound VPN connections on port 80, and then we can use HEX routers in the field to connect to the internet and tunnel all traffic from the LAN ports to the CCR where it will hit the internet? Ideally, the HEX would connect to the venue internet via ethernet, and then immediately establish a tunnel and then send all traffic from the LAN ports through the tunnel for internet access so there is nothing blocked.
You can make a daemon/service listen on pretty much any port you like. However any semi-competent network admin will notice something amiss when you start passing encrypted traffic over port 80 (which is normally unencrypted HTTP traffic).
Use port 443 instead.
Yes, I understand. It can be done, but I’d like to know if anyone has done this with MikroTik, and possibly point me in the right direction of how to do it. I’m not worried about the traffic being encrypted or not, encryption is not my goal. My goal is to get around the port filtering that won’t let our streaming video applications connect.
I have done this earlier with an OpenVPN TCP server on port 443. While a lot of bad things can be said about OpenVPN TCP, it looks a lot like HTTPS when traversing restrictive firewalls 
I use port 993 (IMAPS) for VPN. 