The Mikrotik implementation of OpenVPN is vulnerable to https://sweet32.info/]SWEET32. This should have been patched months ago and OpenVPN updated to v2.4+.

In the short term, if you have access to the remote configs you can add a line to them: But this is just a mitigation and not a fix. The fix is to use stronger ciphers than the default bf-cbc. v2.4 supports stronger ciphers and automatic cipher negotiation.