I have a remote subnet 172.16.200.0/24 and a local subnet of 10.10.0.0/24 vpn is running on 192.168.89.0/24 mikrotik on site B reach 172.16.200.254 remote device, but devices on its local subnet 10.10.0.0/24 doesnt reach 172.16.200.254. here is my config so far i ran out of ideas any help would be appreciate :
SITE B
# 2024-04-10 20:19:13 by RouterOS 7.14.1
# software id = B28I-S5FL
#
# model = RB750Gr3
# serial number = HDD087Q1X3P
/interface bridge
add name=bridge1
/interface l2tp-client
add connect-to=XXX.XXX.X.X disabled=no name=SEDE use-ipsec=yes user=vpn
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool0 ranges=10.10.0.2-10.10.0.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/ip address
add address=10.10.0.1/24 interface=bridge1 network=10.10.0.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=10.10.0.0/24 gateway=10.10.0.1
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=ether1
/ip route
add disabled=no distance=1 dst-address=172.16.200.0/24 gateway=SEDE pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=10

SITE A

# 2024-04-10 20:21:12 by RouterOS 7.12.1
# software id = T4KY-EQBA
#
# model = RB4011iGS+
# serial number = HFF090FV8GM
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=vpn ranges=192.168.89.2-192.168.89.255
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=sfp-sfpplus1 list=LAN
/ip address
add address=10.0.0.254/24 interface=ether1 network=10.0.0.0
add address=172.16.200.252/24 interface=ether2 network=172.16.200.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=10.0.0.1 routing-table=main suppress-hw-offload=no
/ppp secret
add name=vpn

If I understand correctly, on the server side you are missing the return route with dst address 10.10.0.0/24 gateway "host remote VPN". This must be static so in the ppp secret you must specify the address in the "remote address" field

If I understand correctly, on the server side you are missing the return route with dst address 10.10.0.0/24 gateway "host remote VPN". This must be static so in the ppp secret you must specify the address in the "remote address" field

You are correct, that just did it thx you