I'm puzzled with the following setup. Currently I have a router that's connected via two ISPs. One of them is primary, the second one is backup. Over the primary ISP I have a static public IP address and I have built an IPsec tunnel to my main router. I would like to have a second tunnel (something simple like PPTP or SSTP) but I would like the router to use the backup line (it does not have static public IP address assigned).

So in a way it's a routing logic question. The standard routing table points to the primary ISP, and I have created a prerouting mangle rule to mark the PPTP packets and a static route that matches that routing mark and forwards the PPTP traffic over the backup connection. The problem is, I don't see the mangle rule working at all... is this because the traffic is originated by the router? How can I make it work for such traffic?

Any ideas... Either I'm missing something, or this is not possible with RouterOS, which would be quite surprising...