Good evening Guys,
maybe anyone can help with a problem that i cannot figure out and i haven't found any reference.
The problem is i have two internet connection. I use two PPPoE clients one at ether1 (with static IP) and the other at ether2 (with dynamic IP). I am using ether1 for IPSEC site to site VPN and internet failover (if ether2 goes out ether1 handles VPN and internet connection) and ether2 for internet.
The problem is that with the below filter rule i can connect with winbox at the dynamic IP 94.70.99.110 but i cannot connect at the static IP 79.129.15.111.
Am i missing something?

Thanks for listening.

[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 ADS 0.0.0.0/0 80.106.108.12 1
1 S 0.0.0.0/0 pppoe-out1-ISP1 2
2 ADC 80.106.108.12/32 94.70.99.110 pppoe-out2-ISP2 0
3 ADC 80.106.108.176/32 79.129.15.111 pppoe-out1-ISP1 0
4 A S 83.235.16.33/32 pppoe-out1-ISP1 1
5 A S 192.168.0.0/24 ether1-ISP1-VPN 1
6 ADC 192.168.16.0/24 192.168.16.65 ether5-LAN 0

[admin@MikroTik] > ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=accept protocol=tcp dst-port=8291

One of the things that you can try is to use Mangle to mark the Winbox connections. Then create two routes with different distances. Make sure that you set them to check by ping.

I ran into the same problem.
I can’t figure out how mangle is able to mark the packets originated by router itself.
Since the routing decision is done before the output chain (according to the packet flow diagrams) we are unable to first mark packets with mangle and then lookup the desired route. It will always pick the generic default route when going outside. Marking the incoming packets in the input chain does not help here either.

The information in Manual:PCC might be useful. You don’t have to use PCC if you don’t need it. In the Prerouting chain it should be possible to mark connections destined to the router. Also mark the packets belonging to those connections in Output.

It is working for me to access router’s services under either of the two WANs. Except that I don’t use VPNs.

I adjusted my export to match your IPs.
/ip firewall address-list
add address=192.168.16.0/24 list=networks
add address=192.168.0.0/24 list=networks
add address=83.235.16.33 list=networks
add address=80.106.108.12 list=networks
add address=80.106.108.176 list=networks

/ip firewall mangle
add chain=prerouting dst-address-list=networks src-address-list=networks
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=pppoe-out1-ISP1 new-connection-mark=to_ISP1
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=pppoe-out2-ISP2 new-connection-mark=to_ISP2
add action=mark-routing chain=prerouting connection-mark=to_ISP1 dst-address-list=!networks new-routing-mark=to_ISP1
add action=mark-routing chain=prerouting connection-mark=to_ISP2 dst-address-list=!networks new-routing-mark=to_ISP2
add action=mark-routing chain=output connection-mark=to_ISP1 dst-address-list=!networks new-routing-mark=to_ISP1
add action=mark-routing chain=output connection-mark=to_ISP2 dst-address-list=!networks new-routing-mark=to_ISP2

/ip route
add check-gateway=ping distance=1 gateway=pppoe-out1-ISP1 pref-src=79.129.15.111 routing-mark=to_ISP1
add check-gateway=ping distance=1 gateway=pppoe-out2-ISP2 pref-src=94.70.99.110 routing-mark=to_ISP2The ip route part may be wrong for PPP. In that case I apologize.