I’ve heard some concerns about the security of some protocols (I think it was l2tp that I heard that wasn’t that good unless you use specific settings (I think MSCHAP or something like that)).
I would tend to be looking for something with a layer2 level, but layer 3 could also work.
I thought openvpn would be good, but found it doesn’t do UDP on mikrotik, so you might have performance problems with a TCP double back off.
The reason I ask is because I want to be able to replace sonicwalls that a lot of our customers have for site to site VPNs with mikrotiks. (Because the sonicwalls configuration is right in that area of too much hand holding to let you do want needs to be done, and not enough hand holding to do what needs to be done itself. Also, they are expensive compared to what you can get in a RB2011).