I am currently running OpenVPN on a Mikrotik router to enable myself to connect from an external network to my home network. However, the current OpenVPN implementation does not support UDP, MFA and SHA256, which I am hoping to use.

As such, I am looking to install OpenVPN on a Raspberypi server on my network. The raspberrypi currently also serves as an external web server.

Since I only have one router and IP, I think the only place I can place it is insider the network. However, should I setup a separate zone/bridge for the Raspberrypi web server? I'll have to provide the VPN client with full access to my network so I'll have to reopen ports anyways. So will having a separate zone/bridge actually provide any security benefits?

Where should the Raspberrypi server be placed on the network?
Also, is there a security risk in reusing the same server for multiple functionality?

If it's your own lan, then use firewall rules on Tik itself. That's enough. If lan isn't yours, use firewall rules on Tik and on machine, which working as vpn server.