What I would like to achieve is a domain-based VPN: some domains are resolved, their addresses put into lists, these lists used by mangle rules to route traffic through VRF.
I use domain based vpn with mangle (mark routing).
Additionally you have to add ip-route rule to route (what you marked with mangle) to vpn gateway.
Example:
/ip firewall mangle:
add action=mark-routing chain=prerouting dst-address=!192.168.2.0/24 \
dst-address-list=!LIST new-routing-mark=ipsec passthrough=yes src-address=\
192.168.2.0/24
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=l2tp-out1 pref-src=\
"" routing-table=ipsec scope=30 suppress-hw-offload=yes target-scope=10
LIST - local country ip list.
If you want I can post here step by step config.
My setup uses local country internet directly. And everything that is not local country with vpn .
My vpn is remote vps with libreswan ipsec
Mikrotik is an ipsec client .
I tried to use remote vps\vpn as chr mikrotik but I failed to get speeds more than 40-50 mbps.
Simple ubuntu with libreswan 1 cpu 512 ram can be set up with scripts from github in 5 min, produce up to 185 mbps thru ipsec.
Same easily can be done thru wireguard.
You should be awared that chr withiut licence is limited to 1mbps.