I’m kinda newbie in routeros and need to advice how to solve my problem. We have a main mikrotik based on RB3011Uias and this device use 2 dynamic WAN interfaces and 1 static WAN + we have a L2TP server to connect our distant branches to our network. So, i wanna make Main WAN interface as a loadbalancing cause we don’t have enough bandwith for 1 WAN and if these two wans is down reserve WAN will turn on. But the problem is - when i turning on load balancing my VPN connection to other branches is down. I understand that i need to do something with mangle rules and routing, but i don’t have a expirience to do proper settings. All solutions that i’ve found not acceptable to me or i can’t understand it 
my config:
# apr/29/2019 23:03:43 by RouterOS 6.44.3
/interface l2tp-server
add comment="l2tp connection from breadgreen" name=l2tp-breadgreen user=\
breadgreen
add comment="l2tp connection from chokina 38 office" name=l2tp-ch-38 user=\
l2tp-ch-38
add comment="l2tp connection from toraygirova 101 office" name=l2tp-tr-101 \
user=l2tp-tr-101
add comment="l2tp connection from toraygirova 59 office" name=l2tp-tr-59 \
user=l2tp-tr-59
add comment="l2tp connection from Amid Bus 105 (Fedorov)" name=\
l2tp-transfer-105 user=l2tp-transfer-105
add comment="l2tp connection from Amid Bus 164(Sidorenko)" name=\
l2tp-transfer-164 user=l2tp-transfer-164
add comment="l2tp connection from Amid Bus 420 (Astana)" name=\
l2tp-transfer-420 user=l2tp-transfer-420
add comment="l2tp connection from Amid Bus 528 (Sakharov)" name=\
l2tp-transfer-528 user=l2tp-transfer-528
/interface bridge
add name=bridge
add name=bridgeopen
add name=bridgetest
/interface ethernet
set [ find default-name=ether1 ] comment="Link to 1st ISP IDNet channel" \
name=ether1-isp1 speed=100Mbps
set [ find default-name=ether2 ] comment="Link to 2st ISP IDNet channel" \
name=ether2-isp2 speed=100Mbps
set [ find default-name=ether3 ] comment="Link to Zyxel LTE" name=\
ether3-zyxel-lte speed=100Mbps
set [ find default-name=ether4 ] comment=\
"Port to 153-server in rack at server room" name=ether4-server speed=\
100Mbps
set [ find default-name=ether5 ] comment=\
"Port to Zyxel ES1100-24E for network in server room" name=\
ether5-lan-server speed=100Mbps
set [ find default-name=ether6 ] comment=\
"Port to Zyxel ES1100-16 for network to IP cam and NVR" name=\
ether6-lan-ipcam speed=100Mbps
set [ find default-name=ether7 ] comment=\
"Port to 16p Acorp for network in main hall on 1st. floor" name=\
ether7-lan-1stfloor speed=100Mbps
set [ find default-name=ether8 ] comment=\
"Port to 16p Ecom for network on 2nd floor" name=ether8-lan-2ndfloor \
speed=100Mbps
set [ find default-name=ether9 ] comment=\
"Port to Zyxel ES1100-16 for network in conference room on 2nd floor" \
name=ether9-lan-conf speed=100Mbps
set [ find default-name=ether10 ] comment="Port to IP PBX" name=\
ether10-ip-pbx speed=100Mbps
set [ find default-name=sfp1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/ip pool
add name=lan-local ranges=192.168.10.130-192.168.10.199
add name=lan-vpn-l2tp ranges=10.10.35.150-10.10.35.199
add name=lan-vpn-sstp ranges=10.10.30.150-10.10.30.199
add name=guestwifi ranges=10.35.0.2-10.35.0.254
add name=dhcp_pool5 ranges=10.36.0.2-10.36.0.254
/ip dhcp-server
add address-pool=lan-local authoritative=after-2sec-delay disabled=no \
interface=bridge lease-time=5m name=lan-local
add address-pool=guestwifi disabled=no interface=bridgeopen lease-time=5m \
name=guestwifi
add address-pool=dhcp_pool5 disabled=no interface=bridgetest name=dhcp1
/ppp profile
add change-tcp-mss=yes local-address=10.10.35.10 name=l2tp-server \
remote-address=lan-vpn-l2tp
add change-tcp-mss=yes local-address=10.10.35.10 name=l2tp-client \
remote-address=lan-vpn-l2tp
add change-tcp-mss=yes local-address=10.10.30.10 name=sstp-vpn \
remote-address=lan-vpn-sstp use-encryption=yes
/interface bridge port
add bridge=bridge hw=no interface=ether4-server
add bridge=bridge hw=no interface=ether5-lan-server
add bridge=bridge hw=no interface=ether7-lan-1stfloor
add bridge=bridge hw=no interface=ether8-lan-2ndfloor
add bridge=bridge hw=no interface=ether9-lan-conf
add bridge=bridge hw=no interface=ether10-ip-pbx
add bridge=bridge hw=no interface=ether6-lan-ipcam
add interface=*46
add interface=*47
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=l2tp-server enabled=yes \
ipsec-secret= use-ipsec=yes
/interface pptp-server server
set default-profile=sstp-vpn
/interface sstp-server server
set authentication=mschap2 default-profile=sstp-vpn enabled=yes
/ip address
add address=192.168.10.1/24 interface=bridge network=192.168.10.0
add address=192.168.12.1/24 interface=ether6-lan-ipcam network=192.168.12.0
add address=10.35.0.1/24 interface=bridgeopen network=10.35.0.0
add address=10.36.0.1/24 interface=bridgetest network=10.36.0.0
/ip firewall address-list
add address=10.10.35.0/24 list=lan-route-exclude-IP
add address=192.168.40.0/24 list=lan-route-exclude-IP
add address=192.168.10.0/24 list=lan-route-exclude-IP
add address=192.168.12.0/24 list=lan-route-exclude-IP
add address=192.168.20.0/24 list=lan-route-exclude-IP
add address=192.168.30.0/24 list=lan-route-exclude-IP
add address=192.168.100.0/24 list=lan-route-exclude-IP
add address=192.168.110.0/24 list=lan-route-exclude-IP
add address=192.168.120.0/24 list=lan-route-exclude-IP
add address=192.168.130.0/24 list=lan-route-exclude-IP
add address=192.168.200.0/24 list=lan-route-exclude-IP
add address=192.168.10.0/24 list=ISP1-client
add address=10.10.45.0/24 list=ISP2-client
add address=10.65.0.0/24 list=lan-route-exclude-IP
add address=10.66.0.0/19 list=lan-route-exclude-IP
add address=10.66.7.0/24 list=lan-route-exclude-IP
add address=10.65.0.2 list=lan-route-exclude-IP
add address=192.168.99.0/24 list=lan-route-exclude-IP
add address=66.220.144.0/21 comment=facebook disabled=yes list=block-facebook
add address=sparks.gold list=BlockedSites
add address=stocks.exchange list=BlockedSites
/ip firewall filter
add action=accept chain=input protocol=gre
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input protocol=udp src-port=4500
add action=accept chain=input dst-port=5060 protocol=udp src-port=5060
add action=accept chain=input dst-port=1723 protocol=tcp
add action=reject chain=forward comment=BlockedSites disabled=yes protocol=\
tcp reject-with=tcp-reset src-address-list=BlockedSites
add action=drop chain=forward comment="YOUTUBE BLOCK" disabled=yes \
packet-mark=youtube_packet
add action=drop chain=input comment="YOUTUBE BLOCK" disabled=yes packet-mark=\
youtube_packet
add action=drop chain=forward disabled=yes src-address=192.168.10.72
add action=accept chain=input comment=icmp protocol=icmp
add action=accept chain=input comment="established & related" \
connection-state=established,related
add action=accept chain=input comment=dns dst-port=53 in-interface=bridge \
protocol=udp
add action=accept chain=input comment=l2tp dst-port=1701 in-interface=\
pppoe-ISP1 protocol=udp
add action=accept chain=input comment=sstp dst-port=443 in-interface=\
pppoe-ISP1 protocol=tcp
add action=accept chain=input comment=ospf in-interface=all-ppp protocol=ospf
add action=accept chain=input comment=bfd dst-port=3784-3785 in-interface=\
all-ppp protocol=udp
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=lan_out_ISP1 \
passthrough=yes per-connection-classifier=src-address:2/0 src-address=\
192.168.10.0/24
add action=mark-routing chain=prerouting new-routing-mark=lan_out_ISP2 \
passthrough=yes per-connection-classifier=src-address:2/1 src-address=\
192.168.10.0/24
add action=mark-connection chain=input comment=\
"Mark input connection for routing mark to ISP1" in-interface=pppoe-ISP1 \
new-connection-mark=cin_ISP1 passthrough=yes
add action=mark-connection chain=input comment=\
"Mark input connection for routing mark to ISP2" in-interface=pppoe-ISP2 \
new-connection-mark=cin_ISP2 passthrough=yes
add action=mark-routing chain=output comment=\
"Mark output connection for routing mark to ISP1" connection-mark=\
cin_ISP1 new-routing-mark=rout_ISP1 passthrough=yes
add action=mark-routing chain=output comment=\
"Mark output connection for routing mark to ISP2" connection-mark=\
cin_ISP2 new-routing-mark=rout_ISP2 passthrough=yes
add action=mark-connection chain=prerouting comment="YOUTUBE BLOCK" \
connection-mark=no-mark disabled=yes dst-port=53 layer7-protocol=youtube \
new-connection-mark=youtube_conn passthrough=yes protocol=udp \
src-address=192.168.10.70
add action=mark-packet chain=prerouting comment="YOUTUBE BLOCK" \
connection-mark=youtube_conn disabled=yes new-packet-mark=youtube_packet \
passthrough=yes src-address=192.168.10.70
add action=mark-connection chain=input in-interface=l2tp-tr-101 \
new-connection-mark=conn_tr-101 passthrough=yes
add action=accept chain=output connection-mark=conn_tr-101
/ip firewall nat
add action=masquerade chain=srcnat comment=ISP1 out-interface=pppoe-ISP1
add action=masquerade chain=srcnat comment=ISP2 out-interface=pppoe-ISP2
add action=netmap chain=dstnat dst-port=3389 in-interface=pppoe-ISP1 \
protocol=tcp to-addresses=192.168.10.90 to-ports=3389
add action=netmap chain=dstnat dst-port=8000 in-interface=pppoe-ISP1 \
protocol=tcp to-addresses=192.168.12.10 to-ports=8000
add action=netmap chain=dstnat dst-port=8000 in-interface=pppoe-ISP1 \
protocol=udp to-addresses=192.168.12.10 to-ports=8000
add action=netmap chain=dstnat disabled=yes dst-port=10000-20000 \
in-interface=pppoe-ISP2 protocol=udp to-addresses=192.168.10.151 \
to-ports=10000-20000
add action=netmap chain=dstnat disabled=yes dst-port=10000-20000 \
in-interface=pppoe-ISP1 log=yes protocol=udp to-addresses=192.168.10.151 \
to-ports=10000-20000
add action=netmap chain=dstnat comment=IDPHONE disabled=yes dst-port=5160 \
in-interface=pppoe-ISP2 protocol=udp to-addresses=192.168.10.151 \
to-ports=5160
add action=netmap chain=dstnat comment=IDPHONE disabled=yes dst-port=5160 \
in-interface=pppoe-ISP1 protocol=tcp to-addresses=192.168.10.151 \
to-ports=5160
add action=netmap chain=dstnat comment=IDPHONE disabled=yes dst-port=5160 \
in-interface=pppoe-ISP2 protocol=tcp to-addresses=192.168.10.151 \
to-ports=5160
add action=masquerade chain=srcnat comment="ISP3 RESERV" out-interface=\
ether3-zyxel-lte
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=yes src-address=10.36.0.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=yes src-address=10.36.0.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
disabled=yes src-address=10.36.0.0/24
add action=netmap chain=dstnat disabled=yes dst-port=8089 in-interface=\
pppoe-ISP1 protocol=tcp to-addresses=192.168.10.15 to-ports=8089
add action=netmap chain=dstnat disabled=yes in-interface=pppoe-ISP1 protocol=\
tcp to-addresses=192.168.10.186 to-ports=34567
add action=netmap chain=dstnat dst-port=47998-48010 in-interface=pppoe-ISP1 \
protocol=udp to-addresses=192.168.10.70 to-ports=47998-48010
add action=netmap chain=dstnat comment=IDPHONE disabled=yes dst-port=5160 \
in-interface=pppoe-ISP1 protocol=udp to-addresses=192.168.10.151 \
to-ports=5160
add action=netmap chain=dstnat disabled=yes dst-port=5062 in-interface=\
pppoe-ISP1 protocol=udp to-addresses=192.168.10.15 to-ports=5062
add action=netmap chain=dstnat disabled=yes dst-port=5062 in-interface=\
pppoe-ISP1 protocol=tcp to-addresses=192.168.10.15 to-ports=5062
add action=netmap chain=dstnat disabled=yes dst-port=5060-5080 in-interface=\
pppoe-ISP1 protocol=tcp to-addresses=192.168.10.104 to-ports=5060-5080
add action=netmap chain=dstnat disabled=yes dst-port=5060-5080 in-interface=\
pppoe-ISP1 protocol=udp to-addresses=192.168.10.104 to-ports=5060-5080
add action=netmap chain=dstnat disabled=yes dst-port=16384-32768 \
in-interface=pppoe-ISP1 protocol=tcp to-addresses=192.168.10.104 \
to-ports=16384-32768
add action=netmap chain=dstnat disabled=yes dst-port=5160 in-interface=\
pppoe-ISP1 protocol=udp to-addresses=192.168.10.95 to-ports=5060
add action=netmap chain=dstnat disabled=yes dst-port=5060 in-interface=\
pppoe-ISP2 protocol=udp to-addresses=192.168.10.151 to-ports=5060
add action=netmap chain=dstnat dst-port=3389 in-interface=pppoe-ISP1 \
protocol=udp to-addresses=192.168.10.90 to-ports=3389
/ip ipsec identity
add generate-policy=port-override peer=peer2 remote-id=ignore secret=1234
/ip route
add check-gateway=ping disabled=yes distance=1 gateway=pppoe-ISP1 \
routing-mark=lan_out_ISP1
add check-gateway=ping disabled=yes distance=2 gateway=pppoe-ISP2 \
routing-mark=lan_out_ISP2
add check-gateway=ping distance=1 gateway=pppoe-ISP1 routing-mark=rout_ISP1
add check-gateway=ping distance=1 gateway=pppoe-ISP2 routing-mark=rout_ISP2
add distance=1 gateway=pppoe-ISP2 routing-mark=isp2only
add distance=1 gateway=pppoe-ISP1
add distance=1 dst-address=8.8.4.4/32 gateway=pppoe-ISP2
add distance=1 dst-address=8.8.8.8/32 gateway=pppoe-ISP1
add distance=1 dst-address=192.168.20.0/24 gateway=10.10.35.20
add distance=1 dst-address=192.168.30.0/24 gateway=10.10.35.30
add distance=1 dst-address=192.168.40.0/24 gateway=10.10.35.40
add distance=1 dst-address=192.168.99.0/24 gateway=l2tp-breadgreen
add distance=1 dst-address=192.168.100.0/24 gateway=10.10.35.100
add distance=1 dst-address=192.168.110.0/24 gateway=10.10.35.110
add distance=1 dst-address=192.168.120.0/24 gateway=10.10.35.120
add distance=1 dst-address=192.168.130.0/24 gateway=10.10.35.130
/ip service
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/routing ospf interface
add cost=20 interface=sstp-tr-101 network-type=broadcast
add interface=l2tp-tr-101 network-type=broadcast use-bfd=yes
/routing ospf network
add area=backbone network=10.10.35.0/24
add area=backbone network=10.10.30.0/24
add area=backbone network=192.168.10.0/24
/snmp
set contact=it@amid.kz enabled=yes location=CH153 trap-version=2
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Almaty
/system clock manual
set time-zone=+06:00
/system identity
set name=RB-Ch-153
/system logging
add disabled=yes topics=pptp
add disabled=yes topics=e-mail
add disabled=yes topics=ipsec
add topics=l2tp
set filter-interface=all filter-ip-address=153.120.82.250/32