O protocolo GRE por si só não é suficiente.
Dependendo do tipo de serviço VPN que você está usando, você precisará encaminhar outras portas TCP ou UDP.
Para o PPTP, por exemplo, você precisa encaminhar a porta 1723 TCP.
Para o L2TP você precisa encaminhar a porta 1701 UDP.
Para o OpenVPN você precisa encaminhar a porta 1194 UDP + TCP (o OpenVPN não usa GRE).
Aqui está um exemplo de encaminhamento de porta para usar: link
Port forwarding
To make services on local servers/hosts available to general public it is possible to forward ports from outside to inside your NATed network, that is done from /ip firewall nat menu. For example, to make possible for remote helpdesk to connect to your desktop and guide you, make your local file cache available for you when not at location etc. Static configuration
A lot of users prefer to configure these rules statically, to have more control over what service is reachable from outside and what is not. This also has to be used when service you are using does not support dynamic configuration.
Following rule will forward all connections to port 22 on the router external ip address to port 86 on your local host with set IP address:
if you require other services to be accessible you can change protocol as required, but usually services are running TCP and dst-port. If change of port is not required, eg. remote service is 22 and local is also 22, then to-ports can be left unset.
Comparable command line command:
/ip firewall nat add chain=dstnat dst-address=172.16.88.67 protocol=tcp dst-port=22 \ action=dst-nat to-address=192.168.88.22 to-ports=86