Raise
openvpn on Mikrotik, consider that it doesn’t have.
If there is enough power (or high speeds are not needed), then l2tp & ipsec tunnel

If OpenVPN is on a machine inside the network, then you can make L2 (tap) and a bridge, then only port forwarding will be needed from the Mikrotik side. Android tap does not know how, at least in the 7th version it definitely does not know how, only tun (L3).
For tun, routes or masquerading will already be needed if access to external devices from the network side behind Mikrotik is not needed.

A server with Openvpn is the most convenient for connecting people remotely. You can also consider softether vpn. These solutions allow you to push the configuration to the client, which is quite convenient.
Forget about Openvpn on Mikrotik - RouterOS developers have repeatedly indicated that they will not develop it. Its functionality on Mikrotik is minimal.

For Windows, using CMAK, you can make a convenient automatic VPN installer in the form of an .exe file + push all the necessary routes to the corporate network, connection settings, etc. there.

More competently - IPSec, but there can be problems with Windows. And you need a microtic with hardware encryption, because, for example, the RB2011 gets into the pose of a company machine gun even from one loaded tunnel.
The easiest way is to forward pptp inside the network to Windows, if you don't care about security (pptp has been broken for a long time).