Hello,
we have 2 distant offices which we want to connect together via 2 RB433AH units and PPTP tunnel. Network diagram is attached. We have done everything exactly as directed here: http://www.mikrotik.com/documentation// ... /PPTP.html

The problem we get is that we can ping both MT units but cannot ping anything else in the local networks.

I suppose that the problem can be due to that RB433 units:

• are not directly attached to Internet
  are behind firewalls
  are not local network GWs and DHCPs

please help with suggesting which additional settings to routing etc. is needed to be done?
Here are outputs (MT CENTER):
/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 D address=192.168.1.30/24 network=192.168.1.0 broadcast=192.168.1.255
interface=ether1 actual-interface=ether1
1 D address=10.0.0.1/32 network=10.0.0.2 broadcast=0.0.0.0 interface=pptp-in1
actual-interface=pptp-in1

/ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=192.168.1.2
gateway-status=192.168.1.2 reachable ether1 distance=0 scope=30
target-scope=10
1 ADC dst-address=10.0.0.2/32 pref-src=10.0.0.1 gateway=pptp-in1
gateway-status=pptp-in1 reachable distance=0 scope=10
2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.8 gateway=ether1
gateway-status=ether1 reachable distance=0 scope=10
3 A S dst-address=192.168.7.0/24 gateway=10.0.0.2
gateway-status=10.0.0.2 reachable pptp-in1 distance=1 scope=30
target-scope=10

/interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R name="ether1" type="ether" mtu=1500 l2mtu=1526
1 name="ether2" type="ether" mtu=1500 l2mtu=1522
2 name="ether3" type="ether" mtu=1500 l2mtu=1522
3 X name="wlan1" type="wlan" mtu=1500
4 X name="wlan2" type="wlan" mtu=1500
5 R name="pptp-in1" type="pptp-in" mtu=1460

/ip firewall export
# jan/04/1970 03:11:35 by RouterOS 4.11
# software id = XXXXX
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=forward comment="" disabled=no src-address=\
X.X.X.X (MT REMOTE PUBLIC IP)
add action=accept chain=forward comment="" disabled=no dst-address=\
X.X.X.X (MT REMOTE PUBLIC IP)
/ip firewall nat
add action=src-nat chain=srcnat comment="" disabled=no src-address=\
192.168.1.0/24 to-addresses=10.0.0.1
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=10.0.0.2 \
to-addresses=192.168.1.0-192.168.1.255
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no

I will be very thankful for your help!!!

you have to add a static route on each RB.

On the pptp server add dst-address=192.168.7.0/24 gateway=10.0.0.2
On the pptp client add dst-address=192.168.1.0/24 gateway=10.0.0.1

It should run.

PS: do not masquerade traffic over tunnel