You need a NAT rules for traffic from LAN IP's to the SSTP server's address (action=masquerdade with 172.16.0.0/24 as src). Otherwise the far-end routers (SSTP clients) will have no idea how to send packet to your LAN (e.g. say your main LAN is 10.10.10.0/24, so unless that was a /ip/route to 172.16.0.1 (SSTP Server).
You might also have firewall filter that's blocking this is, but the above may the first problem. If you post your config, I'm sure @anav's firewall eyes will spot the problem.
thanks for your reply
please see my configuration
I have posted
/interface bridge
add frame-types=admit-only-vlan-tagged ingress-filtering=no mtu=1500 name=\
Bridge1_VLAN vlan-filtering=yes
add dhcp-snooping=yes mtu=1500 name="Bridge2_Head office" priority=0x1000
add dhcp-snooping=yes mtu=1500 name="Bridge3_Farm house"
/interface ethernet
set [ find default-name=ether1 ] name=ether1_WAN-1
set [ find default-name=ether2 ] name=ether2_WAN-2
set [ find default-name=ether3 ] name=ether3_WAN-3
set [ find default-name=ether4 ] name=ether4_WAN-4
set [ find default-name=ether5 ] name=ether5_WAN-5
set [ find default-name=ether6 ] name=ether6_Trunk
set [ find default-name=ether7 ] name="ether7_WAN PTCL"
set [ find default-name=ether8 ] name="ether8_WAN Head office"
set [ find default-name=ether9 ] name="ether9_WAN Farm house"
set [ find default-name=ether10 ] disabled=yes
set [ find default-name=ether11 ] disabled=yes
set [ find default-name=ether12 ] disabled=yes
set [ find default-name=ether13 ] name="ether13_LAN Farm house"
set [ find default-name=ether14 ] name="ether14_LAN Farm house"
set [ find default-name=ether15 ] name="ether15_LAN Head office"
set [ find default-name=ether16 ] name="ether16_LAN Head office"
/interface pppoe-client
add disabled=no interface="ether9_WAN Farm house" name="PPPoE_Farm house" \
user=tahir1212
/interface eoip
add local-address=203.223.173.66 mac-address=02:8D:ED:1E:50:BF name=\
"EoIP Tunnel_Air Avenue" remote-address=182.176.86.181 tunnel-id=11458
add local-address=172.16.0.1 mac-address=02:6D:1C:E9:08:5A name=\
"EoIP Tunnel_IT Tower" remote-address=172.16.0.96 tunnel-id=12458
add local-address=172.16.0.1 mac-address=02:FC:41:78:94:F4 name=\
"EoIP Tunnel_Midland" remote-address=172.16.0.97 tunnel-id=13458
/interface list
add name="WAN PrimeNet List"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=Speed regexp="^.+(speedtest).*\\\$"
/ip pool
add name="dhcp_pool Head Office" ranges=172.16.3.1-172.16.3.254
add name="dhcp_pool Farm House" ranges=192.168.100.10-192.168.100.250
/ip dhcp-server
add address-pool="dhcp_pool Head Office" interface="Bridge2_Head office" \
name=dhcp1
add address-pool="dhcp_pool Farm House" interface="Bridge3_Farm house" name=\
dhcp2
/routing table
add disabled=no fib name="to_Internal Network"
add disabled=no fib name=kamran
add disabled=no fib name="to_PPPoE Farm house"
#error exporting "/interface/bridge/host" (timeout)
/interface bridge port
add bridge=Bridge1_VLAN frame-types=admit-only-untagged-and-priority-tagged \
interface=ether1_WAN-1 pvid=101
add bridge=Bridge1_VLAN frame-types=admit-only-untagged-and-priority-tagged \
interface=ether2_WAN-2 pvid=102
add bridge=Bridge1_VLAN frame-types=admit-only-untagged-and-priority-tagged \
interface=ether3_WAN-3 pvid=103
add bridge=Bridge1_VLAN frame-types=admit-only-untagged-and-priority-tagged \
interface=ether4_WAN-4 pvid=104
add bridge=Bridge1_VLAN frame-types=admit-only-untagged-and-priority-tagged \
interface=ether5_WAN-5 pvid=105
add bridge=Bridge1_VLAN frame-types=admit-only-vlan-tagged interface=\
ether6_Trunk
add bridge="Bridge2_Head office" interface="ether16_LAN Head office" trusted=\
yes
add bridge="Bridge2_Head office" interface="ether15_LAN Head office"
add bridge="Bridge2_Head office" interface="EoIP Tunnel_Air Avenue"
add bridge="Bridge2_Head office" interface="EoIP Tunnel_IT Tower"
add bridge="Bridge2_Head office" interface="EoIP Tunnel_Midland"
add bridge="Bridge3_Farm house" interface="ether14_LAN Farm house"
add bridge="Bridge3_Farm house" interface="ether13_LAN Farm house" trusted=\
yes
/ip neighbor discovery-settings
set discover-interface-list=all
/ipv6 settings
set disable-ipv6=yes forward=no
/interface bridge vlan
add bridge=Bridge1_VLAN tagged=ether6_Trunk vlan-ids=101
add bridge=Bridge1_VLAN tagged=ether6_Trunk vlan-ids=102
add bridge=Bridge1_VLAN tagged=ether6_Trunk vlan-ids=103
add bridge=Bridge1_VLAN tagged=ether6_Trunk vlan-ids=104
add bridge=Bridge1_VLAN tagged=ether6_Trunk vlan-ids=105
/interface l2tp-server server
set one-session-per-host=yes
/interface list member
add interface="ether8_WAN Head office" list="WAN PrimeNet List"
add interface="ether9_WAN Farm house" list="WAN PrimeNet List"
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=172.16.0.1/16 comment="Headoffice LAN" interface=\
"Bridge2_Head office" network=172.16.0.0
add address=192.168.0.1/24 comment="Headoffice LAN" interface=\
"Bridge2_Head office" network=192.168.0.0
add address=192.168.210.2/30 comment="WAN PTCL" interface="ether7_WAN PTCL" \
network=192.168.210.0
add address=203.223.173.67 comment="Port Forward Kamran Arif" interface=\
"ether8_WAN Head office" network=203.223.173.64
add address=203.223.173.68 comment="Port Forward FreePBX" interface=\
"ether8_WAN Head office" network=203.223.173.64
add address=192.168.100.1/24 comment="Farmhouse LAN" interface=\
"Bridge3_Farm house" network=192.168.100.0
add address=203.223.173.66/28 comment="WAN PrimeNet" interface=\
"ether8_WAN Head office" network=203.223.173.64
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip dhcp-server alert
add disabled=no interface="Bridge2_Head office" valid-server=\
DC:2C:6E:8A:84:7C
/ip dhcp-server network
add address=172.16.0.0/16 gateway=172.16.0.1
add address=192.168.100.0/24 gateway=192.168.100.1
/ip dns
set allow-remote-requests=yes cache-size=10000KiB servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=mail.urbandevelopersgroup.com list="Email Server"
/ip firewall filter
add action=accept chain=input comment="Router Access Remotely" dst-port=\
4477,4478 protocol=tcp
add action=drop chain=input comment="Block Attack" dst-port=\
25,53,87,512-515,543,544,7547,8080 protocol=tcp
add action=drop chain=input comment="Block Attack" dst-port=\
53,80,87,161,162,1900,4520-4524,8080 protocol=udp
add action=add-src-to-address-list address-list="Port Scanners" \
address-list-timeout=none-dynamic chain=input comment=\
"Port Scanners to Address List " protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="Port Scanners" \
address-list-timeout=none-dynamic chain=input comment=\
"TCP Flag-NMAP FIN Stealth scan" protocol=tcp tcp-flags=\
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="Port Scanners" \
address-list-timeout=none-dynamic chain=input comment=\
"TCP Flag-FIN/SYN scan" protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="Port Scanners" \
address-list-timeout=none-dynamic chain=input comment=\
"TCP Flag-RST/SYN scan" protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="Port Scanners" \
address-list-timeout=none-dynamic chain=input comment=\
"TCP Flag-FIN/PSH/URG scan" protocol=tcp tcp-flags=\
fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="Port Scanners" \
address-list-timeout=none-dynamic chain=input comment=\
"TCP Flag-ALL/ALL scan" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="Port Scanners" \
address-list-timeout=none-dynamic chain=input comment=\
"TCP Flag-NMAP NULL scan" protocol=tcp tcp-flags=\
!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="Dropping Port Scanners" \
src-address-list="Port Scanners"
add action=accept chain=forward disabled=yes dst-address=8.8.8.8 \
out-interface="ether8_WAN Head office"
add action=drop chain=forward disabled=yes dst-address=8.8.8.8 out-interface=\
"ether7_WAN PTCL"
add action=accept chain=forward disabled=yes dst-address=8.8.4.4 \
out-interface="ether7_WAN PTCL"
add action=drop chain=forward disabled=yes dst-address=8.8.4.4 out-interface=\
"ether8_WAN Head office"
/ip firewall mangle
add action=mark-routing chain=prerouting comment="Internal network" \
dst-address=192.168.0.0/24 new-routing-mark="to_Internal Network" \
passthrough=yes src-address=172.16.0.0/16
add action=mark-routing chain=prerouting comment="Internal network" \
dst-address=192.168.100.0/24 new-routing-mark="to_Internal Network" \
passthrough=yes src-address=172.16.0.0/16
add action=mark-connection chain=prerouting comment="SAP RDP" dst-address=\
116.203.172.113 dst-port=7745 new-connection-mark="SAP RDP_Conn" \
passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark="SAP RDP_Conn" \
new-packet-mark="SAP RDP_Pkt" passthrough=yes
add action=mark-connection chain=prerouting comment="PMS WEB" dst-address=\
116.203.172.113 dst-port=8095,8099,44501 new-connection-mark=\
"PMS WEB_Conn" passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark="PMS WEB_Conn" \
new-packet-mark="PMS WEB_Pkt" passthrough=yes
add action=mark-connection chain=prerouting comment="Email Server" \
dst-address-list="Email Server" new-connection-mark=Email_Conn \
passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Email_Conn \
new-packet-mark=Email_Pkt passthrough=yes
add action=mark-connection chain=prerouting comment=Speed layer7-protocol=\
Speed new-connection-mark=Speed_Conn passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Speed_Conn \
new-packet-mark=Speed_Pkt passthrough=yes
add action=accept chain=prerouting comment="Farmhouse => Head office" \
src-address=192.168.100.0/24
add action=mark-routing chain=prerouting new-routing-mark=\
"to_PPPoE Farm house" passthrough=yes src-address=192.168.100.0/24
add action=mark-routing chain=prerouting new-routing-mark=\
"to_PPPoE Farm house" passthrough=yes src-address=172.16.0.107
/ip firewall nat
add action=masquerade chain=srcnat comment="Masquerade Local Network" \
src-address=172.16.0.0/16
add action=masquerade chain=srcnat comment="Masquerade Local Network" \
src-address=192.168.0.0/24
add action=masquerade chain=srcnat comment="Masquerade Local Network" \
src-address=192.168.100.0/24
add action=dst-nat chain=dstnat comment="Port Forward Kamran Arif" \
dst-address=203.223.173.67 dst-port=4480 protocol=tcp to-addresses=\
172.16.0.102 to-ports=3389
add action=dst-nat chain=dstnat comment="Port Forward Wavetec" disabled=yes \
dst-address=203.223.173.67 dst-port=4480 protocol=tcp to-addresses=\
172.16.0.240 to-ports=3389
add action=dst-nat chain=dstnat comment="FreePBX SIP NAT" disabled=yes \
dst-address=203.223.173.68 dst-port=5060 in-interface=\
"ether8_WAN Head office" protocol=tcp to-addresses=172.16.0.66 to-ports=\
5060
add action=dst-nat chain=dstnat disabled=yes dst-address=203.223.173.68 \
dst-port=5060 in-interface="ether8_WAN Head office" protocol=udp \
to-addresses=172.16.0.66 to-ports=5060
add action=dst-nat chain=dstnat disabled=yes dst-address=203.223.173.68 \
dst-port=5061 in-interface="ether8_WAN Head office" protocol=tcp \
to-addresses=172.16.0.66 to-ports=5061
add action=dst-nat chain=dstnat disabled=yes dst-address=203.223.173.68 \
dst-port=5061 in-interface="ether8_WAN Head office" protocol=udp \
to-addresses=172.16.0.66 to-ports=5061
add action=dst-nat chain=dstnat disabled=yes dst-address=203.223.173.68 \
dst-port=5090 in-interface="ether8_WAN Head office" protocol=tcp \
to-addresses=172.16.0.66 to-ports=5090
add action=dst-nat chain=dstnat disabled=yes dst-address=203.223.173.68 \
dst-port=5090 in-interface="ether8_WAN Head office" protocol=udp \
to-addresses=172.16.0.66 to-ports=5090
add action=dst-nat chain=dstnat disabled=yes dst-address=203.223.173.68 \
dst-port=9000-9500 in-interface="ether8_WAN Head office" protocol=udp \
to-addresses=172.16.0.66 to-ports=9000-9500
add action=dst-nat chain=dstnat disabled=yes dst-address=203.223.173.68 \
dst-port=10000-20000 in-interface="ether8_WAN Head office" protocol=udp \
to-addresses=172.16.0.66 to-ports=10000-20000
add action=dst-nat chain=dstnat comment="Hair-Pin NAT" disabled=yes \
dst-address=203.223.173.68 to-addresses=172.16.0.66
/ip firewall raw
add action=drop chain=prerouting comment="Block Windows update" content=\
autodesk.com disabled=yes
add action=drop chain=prerouting comment="Block Windows update" content=\
update.microsoft.com disabled=yes
add action=drop chain=prerouting content=download.microsoft.com disabled=yes
add action=drop chain=prerouting content=.windowsupdate.com disabled=yes
add action=drop chain=prerouting content=ntservicepack.microsoft.com \
disabled=yes
add action=drop chain=prerouting content=stats.microsoft.com disabled=yes
add action=drop chain=prerouting content=wustat.windows.com disabled=yes
add action=drop chain=prerouting content=windowsupdate.microsoft.com \
disabled=yes
/ip route
add comment="PTCL Static Route" disabled=no distance=2 dst-address=0.0.0.0/0 \
gateway="192.168.210.1%ether7_WAN PTCL" pref-src="" routing-table=main \
scope=30 suppress-hw-offload=no target-scope=10
add comment="Farmhouse Static Route" disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway="PPPoE_Farm house" pref-src="" routing-table=\
"to_PPPoE Farm house" scope=30 suppress-hw-offload=no target-scope=10
add comment="PrimeNet Static Route" disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway="203.223.173.65%ether8_WAN Head office" pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="PTCL Static Route" disabled=no distance=2 dst-address=0.0.0.0/0 \
gateway="192.168.210.1%ether7_WAN PTCL" pref-src="" routing-table=\
"to_PPPoE Farm house" scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=4478
set ssh disabled=yes
set api disabled=yes
set winbox port=4477
set api-ssl disabled=yes
/ppp secret
add local-address=172.16.0.1 name=ittower profile=default-encryption \
remote-address=172.16.0.96 service=sstp
add local-address=172.16.0.1 name=midland profile=default-encryption \
remote-address=172.16.0.97 service=sstp
/system clock
set time-zone-name=Asia/Karachi
/system identity
set name="Central Park"
/system logging
set 2 disabled=yes
/system note
set show-at-login=no
/tool romon
set enabled=yes