First, start with the IPSec tunnel. Ping must work and IPSec counters must increase.
Legend:
m.m.m.m = public ip of main router
r.r.r.r = public ip of remote router
MainINT = internal interface of main router
MainPUB = public interface of main router
RemoteINT = internal interface of remote router
RemotePUB = public interface of remote router
If you say that remote site is dynamic, you need to add peer 0.0.0.0/0 on main router and enable generating policy.
On remote router you need to add peer m.m.m.m. And policy: src 192.168.181.0/24, dst 192.168.110.0/24, sa-src: r.r.r.r, sa-dst: m.m.m.m.
At this point, pinging 192.168.110.1 from remote router must work if you set src-addr to 192.168.181.1.
---
DHCP is not that easy. Turned out that my previous test wasn't accurate, because the routers were connected directly with default gateways set to each other. And this kind of "simulated internet" didn't work exactly as the real thing. I put third router between them and now it's perfect.
I set up DHCP relay on RemoteINT, relaying to 192.168.110.X(*) and quickly found out, that it was sending packets with source ip r.r.r.r, so they weren't going though tunnel. This helped:
/ip firewall nat add chain=srcnat src-address=r.r.r.r dst-address=192.168.110.0/24 action=src-nat to-addresses=192.168.181.1
(*) When relaying requests to another machine behind main router, everything was ok. But I didn't manage to make it work with DHCP server on main router itself. I set it up on MainINT with relay address 192.168.181.1. Packets to port 67 came through tunnel, but router was sending back ICMP port unreachable.
I then tried all possible (and impossible
things. When I moved DHCP server to MainPUB, it started receiving requests and log said that it was sending replies, but nothing came out of any interface.