TP-Link will not allow you to disable NAT on the WAN interface.
It will only accept outside packets that are addressed to its own IP.
Attach a separate IP 192.168.0/24 to the Mikrotik port and connect it to TP-Link's LAN port.
Before that, the port must be detached from the master port or the bridge removed.
In the properties of the DHCP server on TP-Link, change the address of the gateway reported to clients from .1 (address of the TP-link) to the address of the microtic.
On Mikrotik, it also does not hurt to enable a DHCP server on this interface
(only it is better to make the ranges of dynamic addresses issued different).
In this case, the DHCP server on TP-Link can be disabled altogether.
In total - TP-Link will work as a simple switch, Mikrotik will become the only router.

I'm not a networker and I'm at a loss to say how to do it right, but what's going on here:
To be specific, 172.17.2.5 wants to send a packet to 192.168.0.8. This is not his network, so the request goes to Mikrotik. Mikrotik sends a packet to 172.17.2.117 according to the routing table.
Next:
Or tp-link drops the packet for security reasons - and we need to deal with it.
Or tp-link quietly skips the packet, where 192.168.0.8 answers it. Since the sender 172.17.2.5 is not in his network, the response goes back to tp-link. There, NAT follows the standard rule to natit everything for WAN and goes to 172.17.2.5. And in the end, 172.17.2.5 is very surprised what kind of packet from 172.17.2.117 is, he does not expect such - and throws it out. (in this case, apparently, you need to put an exception for the NAT rule)
tcpdump on the nodes will tell you exactly who goes where.

I would like to see a diagram of what is connected where. In general, to solve the problem that you described in the explanations, it is enough to connect your typewriter to mikrotik. By default, such lan ports are simply combined into a bridge. You can disassemble this bridge, hang up on the desired IP interface from the network of the machine, connect the network with the Computer to another port. There will be happiness)

There is an ancient motherboard and win ce on board. Nobody has access to it. Another option is open vpn, but I thought it would not be difficult through a router.

you are confusing yourself.
You have a good piece of hardware - Mikrotik and you can implement everything on it. tp-link why "mix"?
Above, you were asked to see the network diagram and, if possible, the task itself, and not what you want to implement?

The task is to throw files with profiles from RIPa (172.17.2.123) to PC1 (192.168.0.100).