Currently, in our setup, with the Mikrotik as an OpenVPN server, when a client dials in with an incorrect password, there is no message sent back to the client that there was an authentication issue; instead their connection is just unceremoniously dropped, which looks like a network issue from the perspective of the client, and so it just tries to reconnect again. We're using RADIUS to an Active Directory Network Policy Server in our setup, but I've tested it and I get the same unhelpful results when using secrets stored on the Mikrotik.
The official OpenVPN server sends back an "AUTH FAILED" response when credentials are incorrect, but, the OpenVPN server in RouterOS just sends resets the TCP connection, as far as I can tell, so the user is never notified that their credentials are incorrect. Is there some hidden flag I can set that would alter this behavior? Has anyone else found a solution, other than replacing your Mikrotik as a VPN endpoint with a Linux box running the official OpenVPN server?