I'm learning about creating a site-to-site GRE tunnel (to replace a PPTP tunnel). Both sites have dynamic IP addresses, and the mikrotik is the edge router at both sites

I have some simple questions when defining the tunnel:

1. Can I leave "LOCAL ADDRESS" empty and it will figure out which interface to use? (What's the point of this field when setting up - seems useless).

2. Can I use a FQDN for remote address and it will resolve on each re/connection attempt?

3. Is there NO un/password/keyphrase for authentication? In other words if both ends define the GRE tunnel it will just come up based on reachability of each other's IP address? (I plan to add IPsec in a later step so not worried, just trying to understand)

1. yes, you can. However, there are scenarios where setting a particular local-address does make sense.
2. yes, but in another way - it will re-resolve the fqdn to an address each time the previous DNS response expires, and if the address in the new response differs from the previous one, it will re-establish the tunnel towards the new address.
3. there isn't - GRE as such supports neither encryption nor authentication.