so by forwarding 1723 i have to add nat rule that forward port to Mikrotik_A .. is that correct ?
and for gre yes it's enabled on input chain on both routers just before the invalid drop chain
I don't think that's correct... If your Mikrotik A is the PPTP-Client
then I don't think you need any port forwarding or firewall rules because Mikrotik A is creating an outbound connection. If mikrotik A is a PPTP-Server
then you'd need forwarding and input firewall rules.
If you want all your traffic to go through the PPTP client then yes, you'd need to create a route. However, I'm not sure what happens when the route becomes active. Will the Mikrotik A try and route the VPN tunnel over itself? You may have to create 2 mangle rules that says:
1. "when the packets are outbound (meaning they originate from Mikrotik A ) and are IP Protocol GRE 47, mark the packet with DONTROUTE
2. "when the packets are outbound and are IP Protocol TCP 6 with Port 1723, mark the packet with DONTROUTE
Finally, create yet another route that applies to packets with a routing-mark of DONTROUTE, then route it through Mikrotik B.
Does that make sense?