"it never connects" and "I cannot see any packets to get anywhere" are two distinct things.
When you were sniffing while connecting via LAN, you could see a packet with dst-port 1194 to come in via ether3, the same packet to leave via ether 4, and then a response packet with src-port 1194 to come in via ether4 and leave via ether3.
When attempting to connect from the internet, the result of the sniff would look the same (except the WAN port ether1 would replace the ether3) if it worked. But as it doesn't work, you need to identify a device which breaks it.
As the dst-nat rules count, the request packets must be arriving through ether1. The question is whether, while sniffing, you can also see them leaving via ether4 towards the OpenVPN server and if yes, whether you can see also responses from the OpenVPN server. This gives you a clue where the issue is, whether on the Mikrotik (if you can see the request packets at the WAN port but not at ether4) or on the server (if the requests leave through ether4 but no responses come back).
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.