VPN Client can not ping VPN Server and PC in remote LAN

RouterOS Beginner Basics
1

Hello,
I’m new in RouterOS and I follow the manual to create a PPTP VPN connection.
http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP

The router is RB450G, ether1 and ether2 is WAN1 and WAN2, ether3 is the local-master port and proxy-arp enabled.

now I got issue about routing the packet from VPN Client to the remote LAN (the RB450G connected).

[ VPN Client → RB450G → Internet ] the sector is ok,
but the VPN Client can not ping RB450G or any other computers in the remote LAN. The strange thing is that VPN Client still can access RB450G with winbox.

The 192.168.100.0/24 network in the whitelist of firewall filter forward chain.

RB450G IP: 192.168.100.11
VPN client: 192.168.100.199
LAN: 192.168.100.0/24

IP Route

Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          Hinet_Dyn                 1
 1 A S  0.0.0.0/0                          Hinet_Static              1
 2 ADS  0.0.0.0/0                          168.95.98.254             1
 3 ADC  168.95.98.254/32   114.24.19.108   Hinet_Dyn                 0
                                           Hinet_Static      
 4 ADC  192.168.100.0/24   192.168.100.11  ether3-master-l...        0
 5 ADC  192.168.100.199/32 192.168.100.11  <pptp-WilliamTa...        0

NAT rules

add action=masquerade chain=srcnat comment="Hinet Dyn mas" out-interface=\
    Hinet_Dyn
add action=masquerade chain=srcnat comment="Hinet Static mas" out-interface
    Hinet_Static
add action=masquerade chain=srcnat comment="NAT Loopback" dst-address=\
    192.168.100.0/24 src-address=192.168.100.0/24




add chain=input comment="Accept to established connections" connection-state=\
    established
add chain=forward comment="Accept to established connections" \
    connection-state=established
add chain=input comment="Accept to related connections" connection-state=\
    related
add chain=forward comment="Accept to related connections" connection-state=\
    related
add action=add-src-to-address-list address-list=Syn_Flooder \
    address-list-timeout=30m chain=input comment=\
    "Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp \
    tcp-flags=syn
add action=drop chain=input comment="Drop to syn flood list" \
    src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner \
    address-list-timeout=1w chain=input comment="Port Scanner Detect" \
    protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" \
    src-address-list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=\
    ICMP protocol=icmp src-address=192.168.100.0/24
add action=drop chain=input comment="Block all access to the winbox - except t\
    o support list # DO NOT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE SUP\
    PORT ADDRESS LIST" dst-port=8291 protocol=tcp src-address-list=!support
add chain=input comment="Accept DNS - UDP" disabled=yes port=53 protocol=udp
add chain=input comment="Accept DNS - TCP" disabled=yes port=53 protocol=tcp
add chain=input comment="PPTP Server" protocol=gre
add chain=input comment="PPTP Server" dst-port=1723 protocol=tcp
add chain=input comment="Full access to SUPPORT address list" \
    src-address-list=support
add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE THIS \
    RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED"
add chain=forward src-address=192.168.100.0/24
add action=jump chain=forward comment="Jump for icmp forward flow" \
    jump-target=ICMP protocol=icmp src-address=192.168.100.0/24
add action=add-src-to-address-list address-list=spammers \
    address-list-timeout=3h chain=forward comment=\
    "Add Spammers to the list for 3 hours" connection-limit=30,32 dst-port=\
    25,587 limit=30/1m,0 protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \
    protocol=tcp src-address-list=spammers
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
    bogons log=yes
add action=drop chain=forward comment="Drop forward chain everything else."
add chain=ICMP comment="Echo request - Avoiding Ping Flood" icmp-options=8:0 \
    limit=1,5 protocol=icmp
add chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=icmp
add chain=ICMP comment="Time Exceeded" icmp-options=11:0 protocol=icmp
add chain=ICMP comment="Destination unreachable" icmp-options=3:0-1 protocol=\
    icmp
add chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP \
    protocol=icmp