In a datacentre application, I have more powerful Mikrotik boxes - 36-core CCR1036-8G-2SplusEM
with gigabit uplinks (one uplink is 10G). However when I tried them for site-to-site GRE-over-IPSEC I didn't get more than about 400Mbps. This was for a single iperf3 stream over a single tunnel, both data centres in London. As far as I could see all the traffic hit a single core. As this was a live network I wasn't able to play too much. Turning on fastpath didn't help.
In the end I deployed separate Linux VMs running Wireguard, and now I can easily fill a gigabit of site-to-site VPN traffic. In fact, running a pair of Wireguard test VMs connected back-to-back on the same host, with only 2 vCPUs each, I can get 2.5Gbps+ of iperf3 through them.
Wireguard has been backported to the mainline Ubuntu 18.04/20.04 kernels, so it's now easy to deploy without building your own module. There was also an implementation made by Netgate for pfSense, but it was kicked out of FreeBSD over code quality issues. Hopefully a better version will make it there soon.
The other problem I have with Mikrotik IPSEC is that they don't have VTI mode, which I use everywhere as it allows BGP failover between tunnels and real links. That's why I ended up having to try GRE-over-IPSEC.
I'd say Mikrotik is probably fine for a VPN concentrator, where you have lots of separate IPSEC tunnels coming in - in which case, the tunnels will be spread over the cores.