Mikrotik

How to direct traffic of each client to a separate tunnel?

Good afternoon.
On Mikrotik, several tunnels were raised to the remote network of the enterprise.
One server, different accounts.
On Mikrotik, a VPN server has also been raised for authorization of remote clients. This is needed more for spoofing client addresses. But the bottom line is that all traffic goes through Mikrotik.
Mikrotik's local network also has several clients that must access the working server. (dialer and database on the server).
Marked connections and routes:
add action=mark-connection chain=prerouting comment=WinOnMac_to_ISS \
dst-address=10.0.0.0/8 new-connection-mark=Nataliya passthrough=yes \
src-address=192.168.88.60
add action=mark- routing chain=prerouting connection-mark=Nataliya \
dst-address=10.0.0.0/8 new-routing-mark=Nataliya passthrough=no \
src-address=192.168.88.60
/ip route
add check-gateway=ping distance=10 dst-address=10.0.0.0/8 gateway= ";;ISS" \
pref-src=10.99.99.14 routing-mark=Semen
add distance=10 dst-address=10.0.0.0/8 gateway=ISS_Nataliya pref-src=\
10.99.99.11 routing-mark=Nataliya
add check- gateway=ping distance=50 dst-address=10.0.0.0/8 type=prohibit

The problem is that without add check-gateway=ping distance=50 dst-address=10.0.0.0/8 type=prohibitping to a remote server passes, but the services do not work (the IP dialer does not connect, the CRM system does not load). I understand that this rule should not logically affect performance, but it works (sorry for such stupid comments). Masquerading for all tunnels is enabled.
Please tell me, maybe I went the wrong way and I need to implement the scheme differently.
Thanks in advance.