Why not make 2 ipip tunnels and run ospf over it? I'm running ipsec encrypted ipip tunnels with ospf for a long time without problems .
I'm referring to terminating the tunnels on a VRRP interface as opposed to only the physical interface, irrespective of tunneling method used.
I need this because a /29 subnet terminates on the Internet-connected interface and only one of the IP addresses is used for tunnel termination while the others are used for various services. Not splitting up IP addresses between routers simplifies DNS and client-related configurations so that only a single IP address needs to be specified for services.
I cannot mix VRRP and non-VRRP terminations, because RouterOS provides no ability to specify the interface a route must take -- only the gateway can be specified. This limitation results in the VRRP interface being used as the default outbound interface when instead I need it to use the physical interface. If it were possible to specify both interface and gateway, I could work around this. If RouterOS is simply designating the lowest MAC address and IP address as default, I suppose I could try to force this by assigning the physical interface a bogus MAC address than is lower in number than anything VRRP would assign, but this makes things needlessly messy and difficult track -- increasing the possibility for future mistakes and network breakages.
Ultimately RouterOS being able to properly handle input chain traffic to a VRRP interface is the simpler and more foolproof solution.