Hello. Sorry to be using a translator to communicate with you.
my scenario is
I have a pppoe1 -> route 1 IP NAT ISP
pppoe2 ->route 2 with PUBLIC IP
In this configuration, I can't access WINBOX via pppoe 2, externally, or make an incoming VPN. Just ping.
If pppoe2, stay as the main route, the access is right. But in my scenario, the LINK pppoe 1 is more stable. I need to get the scenario working.
Re: Access to RouterOS through secondary link route
What you need to do is some policy routing 
The issue that you have right now is when you are connecting your destination is the IP address on route2 right but once it hits this destination and needs to go back to the source of this packet it will go out route 1 instead as it is you main route.
This behaviour can break a lot of things like HTTPS, vpn configuration, or anything else that cares if the reply packet is from a different source address than what it was originally trying to get to.
To fix this we use policy routing, this will allow us to mark the connection coming in from route2 and make it go out the same interface it came in from
to start this you will need to go to the IP>firewall>mangle rules in there add a new one with the chain as input, set the in interface to the interface for route2 and set the action to mark connection as well as add a connection mark. please make sure you leave passthrough ticket, ticking passthrough allows traffic to get processed by one rule but then still get processed by others underneath rather than just matching and getting taken out.
OK so once we have the mark connection we now need another rule, this one needs to be set to pre-routing and under the general tab?(i think or its the next one over) there should be a section to filter by connection mark, please enter the one you created in here then go to the action tab. set the action as mark-routing then set a routing mark. make sure passthrough is not ticket on this one as we will not need to process the traffic in the mangle rules any further.
Once one now we will need to go to ip>route and add a new rule, in here set the destination as 0.0.0.0/0 set the gateway the same as the route2 route but add the routing mark to this rule so the traffic that gets marked will always go out route2
Have fun buddy
The issue that you have right now is when you are connecting your destination is the IP address on route2 right but once it hits this destination and needs to go back to the source of this packet it will go out route 1 instead as it is you main route.This behaviour can break a lot of things like HTTPS, vpn configuration, or anything else that cares if the reply packet is from a different source address than what it was originally trying to get to.
To fix this we use policy routing, this will allow us to mark the connection coming in from route2 and make it go out the same interface it came in from
to start this you will need to go to the IP>firewall>mangle rules in there add a new one with the chain as input, set the in interface to the interface for route2 and set the action to mark connection as well as add a connection mark. please make sure you leave passthrough ticket, ticking passthrough allows traffic to get processed by one rule but then still get processed by others underneath rather than just matching and getting taken out.
OK so once we have the mark connection we now need another rule, this one needs to be set to pre-routing and under the general tab?(i think or its the next one over) there should be a section to filter by connection mark, please enter the one you created in here then go to the action tab. set the action as mark-routing then set a routing mark. make sure passthrough is not ticket on this one as we will not need to process the traffic in the mangle rules any further.
Once one now we will need to go to ip>route and add a new rule, in here set the destination as 0.0.0.0/0 set the gateway the same as the route2 route but add the routing mark to this rule so the traffic that gets marked will always go out route2
Have fun buddy