/ip route add dst-address=192.168.88.0/24 gateway=pptp-out1
0 D ;;; special dummy rule to show fasttrack counters
chain=forward
1 ;;; default configuration
chain=input action=accept protocol=icmp log=no log-prefix=""
2 ;;; default configuration
chain=input action=accept connection-state=established,related
log=no log-prefix=""
3 ;;; allow l2tp
chain=input action=accept protocol=udp dst-port=1701
4 ;;; allow pptp
chain=input action=accept protocol=tcp dst-port=1723
5 ;;; allow sstp
chain=input action=accept protocol=tcp dst-port=443
6 ;;; default configuration
chain=input action=drop in-interface=ether1-gateway log=no
log-prefix=""
7 ;;; default configuration
chain=forward action=fasttrack-connection
connection-state=established,related log=no log-prefix=""
8 ;;; default configuration
chain=forward action=accept connection-state=established,related
log=no log-prefix=""
9 ;;; default configuration
chain=forward action=drop connection-state=invalid log=no
log-prefix=""
10 ;;; default configuration
chain=forward action=drop connection-state=new
connection-nat-state=!dstnat in-interface=ether1-gateway log=no
log-prefix=""0 D ;;; special dummy rule to show fasttrack counters
chain=forward
1 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp
2 ;;; defconf: accept established,related
chain=input action=accept connection-state=established,related
3 ;;; alllow pptp
chain=input action=accept protocol=tcp dst-port=1723 log=no
log-prefix=""
4 ;;; defconf: drop all from WAN
chain=input action=drop in-interface=ether1
5 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection
connection-state=established,related
6 ;;; defconf: accept established,related
chain=forward action=accept connection-state=established,related
7 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid
8 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new
connection-nat-state=!dstnat in-interface=ether1 [admin@MikroTik TestGeneral] > /ppp secret print detail
Flags: X - disabled
0 name="vpn" service=pptp caller-id="" password="dummypassw" profile=default routes="" limit-bytes-in=0 limit-bytes-out=0
last-logged-out=aug/18/2016 10:57:24
1 name="Kandava" service=pptp caller-id="" password="dummypassw2" profile=default local-address=192.168.89.1
remote-address=192.168.89.2 routes="192.168.0.0/24 192.168.89.2 1" limit-bytes-in=0 limit-bytes-out=0
last-logged-out=aug/16/2016 12:35:57
[admin@MikroTik TestGeneral] > /interface pptp-server server print
enabled: yes
max-mtu: 1450
max-mru: 1450
mrru: disabled
authentication: mschap1,mschap2
keepalive-timeout: 30
default-profile: default-encryption
[admin@MikroTik TestGeneral] > /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 185.57.77.2 1
1 ADC 185.57.77.0/24 185.57.77.12 ether1-gateway 0
2 ADS 192.168.0.0/24 192.168.89.2 1
3 ADC 192.168.88.0/24 192.168.88.1 bridge-local 0
4 ADC 192.168.89.2/32 192.168.89.1 <pptp-Kandava> 0
5 ADC 192.168.89.255/32 192.168.89.1 <pptp-vpn> 0[admin@MikroTik Kandava] > /interface pptp-client print
Flags: X - disabled, R - running
0 R name="pptp-out1" max-mtu=1450 max-mru=1450 mrru=1600 connect-to=185.57.77.12 user="Kandava" passw
profile=default-encryption keepalive-timeout=60 add-default-route=no dial-on-demand=no allow=pap,
[admin@MikroTik Kandava] > /ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 192.168.10.1 1
1 ADC 192.168.0.0/24 192.168.0.254 ether2-master 0
2 ADC 192.168.10.0/24 192.168.10.100 ether1 0
3 A S 192.168.88.0/24 pptp-out1 1
4 ADC 192.168.89.1/32 192.168.89.2 pptp-out1 0Thanks Anumark, Your talking is also not wrong as I think, it should works too. but It seems here we can also do some magic without that (configuration main office) too using mikrotik.You don't have back a route to 192.168.0.0/24 from main office 185.57.77.12. You need duplex connectivity, in order to routes works. From office needs 192.168.0.0/24 to pptp and from remote office 192.168.88.0/24 to pptp. But since you have it on your lan, you can better use EoIP tunnel.
