I have VPN server and clients both on MikroTik.
I can reach local network from client to server and opposite.
For example server 192.168.0.0/24 and clients 192.168.1.0/24, 192.168.2.0/24
But what route should I add, to connect clients 192.168.1.0/24 from 192.168.2.0/24 and opposite?
It depends on what is the default route at the clients. If the default route remains the original one even after the VPN connection is established, you must add a route at each client in 192.168.1.0/24 to 192.168.2.0/24 (and vice versa) via the VPN tunnel.
You haven’t written which VPN in particular you use; the method of adding the route differs significantly and you may have to add it manually at the client rather than push it from the server.
After resetting vpn server configuration and clean setup, client-to-client connection works.
But i didn’t yet setup my second ISP so the problem is in one of that settings.
Can you advise how to proper configure failsafe with tho ISP, without load balancing?
Dual LAN or dual WAN? For proper dual WAN as primary and backup (i.e. no load distribution), this article has it all and doesn’t require routing marks to work.
For dual LAN I don’t know what you have in mind.
If using routing marks, the thing is that some sources say that if no route is found in the explicitly indicated routing table, the routing table main is used as a backup. I haven’t tested this deeply, but I’m afraid that a default route is considered valid also for local interfaces. So if you need to use named routing tables, local routes must exist in all of them, otherwise the route-marked packets for another local subnet are sent out via the default route matching that routing mark. The other (and easier to understand three months later) possibility is not to mark packets with local subnets as destinations of course.