Computer networks

L2TP + ipsec between mikrotik, how to configure routing?

Hello everyone, tell me how to correctly configure routing between 172.16.0.1 and 192.168.2.1 in the following scheme:

Now there is:


Office (172.16.0.0/24) and a remote object (192.168.1.0/24) have an ipsec tunnel between them. There are static routes to the 192.168.1.0/24 network on the root switch. The root switch and router 172.16.0.1 are part of the OSPF zone.
I decided to install another L2TP server on 172.16.0.1. The router at the office and at the remote site ping each other. And the hosts behind the routers do not see each other.

Task: correctly configure routing.

What was done:

Allocated a pool of addresses to vpn 10.0.0.0/24, assigned an address 10.0.0.1 to the L2TP server, clients receive addresses from the pool.
Added a static route to the root switch to 192.168.2.0/24

Configuring the Mikrotik router in the central office:

/ip pool add name=vpn_pool ranges=10.0.0.2-10.0.0.254
/ppp profile add local-address=10.0.0.1 name=L2TP remote-address=vpn_pool
/ppp secret add name=192.168.2.1 password=pass profile=L2TP service=l2tp
/interface l2tp-server server set default-profile=L2TP enabled=yes ipsec-secret=pass use-ipsec=required
/ip route add distance=200 dst-address=192.168.2.0/24 gateway=l2tp-192.168. 2.1

Client settings:

/interface l2tp-client add allow=mschap2 connect-to=8.254.254.8 disabled=no ipsec-secret=pass name=ru password=pass use-ipsec=yes user=remoteuser
/ip route add distance=200 dst-address=172.16 .1.0/24 gateway=en

From the central office network (172.16.1.0/24) at the address from the vpn_pool, the remote router is accessible by ip.

PS. Tried to clean ipsec, hosts respond from the central office, back is not present.