Yea, I was trying to avoid pasting too much code but it's inevitable...
Basically these are the configs of the router in Site0 (.1.0/24) that is a server of PPTP Site 1 (.2.0/24) and a client of PPTP Site 2 (.0.0/24).
My issue at the moment is ping from Site 1 to Site 2 not working.
Traffic reaches site 2 correctly, but the reply reaches the main router in site 0 where it is not correctly route marked to reach site 1 again. It just leaves through default 0.0.0.0/0 route.
/interface bridge
add name=bridge-internet
add admin-mac=E4:8D:8C:79:DC:EA arp=proxy-arp auto-mac=no comment=defconf name=bridge-local
add admin-mac=E4:8D:8C:79:DC:E9 auto-mac=no name=bridge1 protocol-mode=none
/interface pptp-server
add name=pptp-in_SITE1 user=pptp-SITE1
/interface pptp-client
add allow=mschap2 connect-to=PPTPSITE2.net disabled=no keepalive-timeout=disabled name=pptp-SITE2 profile=profile-pptpSITE2 user=site2user
/ip address
add address=192.168.1.250/24 comment=defconf interface=bridge-local network=192.168.1.0
/ip firewall filter
add action=accept chain=forward comment="IKEv2 FastTrack Bypass - If you have IP/Fasttrack enabled, packet bypasses IPsec policies" src-address=192.168.200.0/24
add action=accept chain=forward dst-address=192.168.200.0/24
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-mark=no-mark connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=accept chain=input comment="defconf: accept establieshed,related" connection-state=established,related
add action=drop chain=input comment="Drop Blacklisted" src-address-list=Blacklist
add action=drop chain=forward src-address-list=Blacklist
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="PPTP Server" dst-port=1723 protocol=tcp
add action=accept chain=input protocol=gre
add action=accept chain=input comment="OpenVPN Server" dst-port=1194 in-interface=bridge-internet protocol=tcp
add action=accept chain=input comment="IKEv2 Server" dst-port=500 in-interface=bridge-internet protocol=udp
add action=accept chain=input in-interface=bridge-internet protocol=ipsec-esp
add action=accept chain=input in-interface=bridge-internet protocol=ipsec-ah
add action=accept chain=input dst-port=4500 in-interface=bridge-internet protocol=udp
add action=accept chain=input dst-port=1701 in-interface=bridge-internet protocol=udp
add action=accept chain=input in-interface=bridge-internet ipsec-policy=in,ipsec src-address=192.168.200.0/24
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=bridge1
add action=drop chain=input in-interface=bridge-internet
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=bridge1
add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface=bridge-internet
/ip firewall mangle
add action=change-mss chain=forward comment="Clamp MSS to PMTU" new-mss=clamp-to-pmtu out-interface=bridge-local passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=8159-65535
add action=change-mss chain=forward in-interface=bridge-local new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=8159-65535
add action=mark-connection chain=prerouting comment="Mark so Fast Track wont break PPTP connections (FastTrack will bypass Firewall and Mangle)" in-interface=pptp-in_SITE1 \
new-connection-mark=conn-mark_pptp passthrough=yes
add action=mark-connection chain=prerouting comment="Mark so Fast Track wont break PPTP connections (FastTrack will bypass Firewall and Mangle)" in-interface=pptp-SITE2 new-connection-mark=\
conn-mark_pptp passthrough=yes
add action=mark-connection chain=forward new-connection-mark=conn-mark_pptp out-interface=pptp-in_SITE1 passthrough=yes
add action=mark-connection chain=forward new-connection-mark=conn-mark_pptp out-interface=pptp-SITE2 passthrough=yes
add action=mark-routing chain=prerouting comment="Mark route on IKEv2 to SITE1" dst-address=192.168.2.0/24 new-routing-mark=pptp-SITE1 passthrough=no src-address=192.168.200.199
add action=mark-routing chain=prerouting comment="Mark route on Allowed to SITE1" dst-address=192.168.2.0/24 new-routing-mark=pptp-SITE1 passthrough=yes src-address-list=\
allowed_SITE1
add action=mark-routing chain=output comment="Mark route on Router itself to SITE1" dst-address=192.168.2.0/24 new-routing-mark=pptp-SITE1 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat dst-address=192.168.2.0/24 src-address=192.168.200.199
add action=masquerade chain=srcnat dst-address=192.168.7.0/24 src-address=192.168.200.199
add action=accept chain=srcnat comment="IKEv2 NAT Bypass" src-address=192.168.200.0/24
add action=masquerade chain=srcnat comment="Rule for HairPin NAT" disabled=yes dst-address=192.168.0.0/24 out-interface=bridge1 protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat dst-address=192.168.1.0/24 out-interface=bridge-local protocol=tcp src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment="Masquerade for SITE2" out-interface=pptp-SITE2
add action=src-nat chain=srcnat comment="srcnat for SITE1 - https://forum.mikrotik.com/viewtopic.php\?f=2&t=174112" out-interface=pptp-in_apartamento src-address-type=local to-addresses=\
192.168.1.250
add action=masquerade chain=srcnat out-interface=bridge-internet
/ip route
add distance=1 dst-address=192.168.2.0/24 gateway=pptp-in_SITE1 routing-mark=pptp-SITE1
add distance=1 dst-address=192.168.0.224/27 gateway=pptp-SITE2