It would be great if Shadowsocks support was added to ROS because it can masquerade VPN traffic as HTTPS. Does anyone else think so? It seems relatively simple to implement and is a great selling point. Otherwise, I'd have to mess with dst-nat rules to forward it to some server in the network.
Not the expert here: But I've seen others use WireGuard as VPN over RouterOS's SOCKS5 support to do this. You do need v7.2rcX for SOCKS5 to work. See: viewtopic.php?t=180440