assuming .104 is a host on site1 with def.gw being the mikrotik on site1.
if you ping from the router on site2, the src address of your icmp packet would be the
ip address of the sstp interface, which is in the same /24 as the host you are trying to
reach.
as the host would only send packets to the default gw if the dst ip address is not connected,
e.g. not in 192.168.11.0/24, the host will try to do an arp lookup for the address which will
fail, unless you have proxy arp enabled on site1.
or you use a different set of ip addresses for the sstp tunnel, so something which does not overlap
with your LAN network segment.
if you try to reach .104 from a host at site2, so not from the router, you need a backward static route
in site1, to tell the router where to forward the packets destinated for 192.168.21.0/24. a similar static
route would do the trick, as you did it at site2.
or C, you could use ip masquerading (src-nat) for each outgoing packets with out-interface=sstpinterface.
in this case you - depending how you choose the ip addresses for the sstp tunnel, you either need proxy arp
on site1 (as described above) or non-overlapping ip-s.
I finally got it working, I have forgot proxy-arp. Comming from the software field i’m completely newbie at this.
I changed the network mask to /16 so everything looks the same network, enabled proxy-arp, and added the src-nat rule.
I need a time to fully test it but seems ok now.