[Routing] ADSL and PPTP as primary uplink. Custom routing

Rivera · Thu Nov 10, 2011 11:06 am

Hello, i need some help in routing. At home i have RB493G router and i need that scheme of connection:

Clients --> Mikrotik (NAT) --> ADSL provider --> VPN connection (external)

/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=my_vpn_interface src-address=my_lan_range

So my default route is VPN connection (PPTP in my case)

But i also need to use ADSL route (pppoe) for accessing some ip ranges with it. For example:
0.0.0.0/0 - VPN interface
but
192.168.24.0/24 and 10.10.10.0/24 - ADSL interface.
Setting routes in ip - routes does not work, of course.

And also i need packets that hit ADSL interface directly works. In my case, as i can understand, if i ping my ADSL ip reply packets goes thru VPN interface.

The main problem that i can't use mangle here and i does not see any other way how to do that.
Thanks!

UPD: now i can use static routes for ADSL - i just added second masquerade rule. But i still have problem with incoming traffic.

sadeghrafie · Thu Nov 10, 2011 12:02 pm

Fewi says:

Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.

Rivera · Thu Nov 10, 2011 1:09 pm

Network is bridged. All ports in bridge except adsl modem.

IP cfg:

Flags: X - disabled, I - invalid, D - dynamic 
 0   address=192.168.69.1/24 network=192.168.69.0 interface=bridge actual-interface=bridge 

 2   address=192.168.1.10/24 network=192.168.1.0 interface=eth5-mgts-uplink actual-interface=eth5-mgts-uplink 

 3 D address=79.10.200.164/32 network=79.10.200.1 interface=pppoe-uplink actual-interface=pppoe-uplink 

 4 D address=88.126.85.208/32 network=88.126.80.0 interface=pptp-out actual-interface=pptp-out

Routes:

 0 ADS  dst-address=0.0.0.0/0 gateway=88.126.80.0 gateway-status=88.126.80.0 reachable pptp-out distance=1 scope=30 target-scope=10 

 1 A S 
        dst-address=67.21.232.223/32 gateway=pppoe-uplink gateway-status=pppoe-uplink reachable distance=1 scope=30 target-scope=10 

 2 ADC  dst-address=79.10.200.1/32 pref-src=79.10.200.164 gateway=pppoe-uplink gateway-status=pppoe-uplink reachable distance=0 scope=10 

 3 A S  dst-address=80.67.2.71/32 gateway=pppoe-uplink gateway-status=pppoe-uplink reachable distance=1 scope=30 target-scope=10 

 4 ADC  dst-address=88.126.80.0/32 pref-src=88.126.85.208 gateway=pptp-out gateway-status=pptp-out reachable distance=0 scope=10 

 5 ADC  dst-address=192.168.1.0/24 pref-src=192.168.1.10 gateway=eth5-mgts-uplink gateway-status=eth5-mgts-uplink reachable distance=0 scope=10 

 6 ADC  dst-address=192.168.69.0/24 pref-src=192.168.69.1 gateway=bridge gateway-status=bridge reachable distance=0 scope=10 

 7 X S  ;;;
        dst-address=some.net/24 gateway=pppoe-uplink gateway-status=pppoe-uplink inactive distance=1 scope=30 target-scope=10

FW:

/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pptp-out src-address=192.168.69.0/24
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-uplink src-address=192.168.69.0/24

sadeghrafie · Thu Nov 10, 2011 9:05 pm

For access to these network {192.168.24.0/24 and 10.10.10.0/24} you need to add static route

ip route add dst-address=192.168.24.0/24 gateway=pppoe-uplink
ip route add dst-address=10.10.10.0/24 gateway=pppoe-uplink

Rivera · Thu Nov 10, 2011 10:05 pm

I already fixed that (see first post) - just need to add second masquerade rule. It will not work without it.

Second problem is how i should configure routing so all packets received by pppoe-adsl should be sent via pppoe-adsl too..

sadeghrafie · Thu Nov 10, 2011 10:15 pm

You need to add some mangle rules
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle

sadeghrafie · Thu Nov 10, 2011 10:47 pm

ip firewall mangle add chain=prerouting in-interface=pppoe-uplink action=mark-routing routing-mark=pppoe-uplink Route

then in Routes add

ip route add dst-address=0.0.0.0/0 gateway=pppoe-uplink routing-mark=pppoe-uplink Route

It should work. this is the configuration which I have in my router and works fine

sadeghrafie · Fri Nov 11, 2011 11:01 am

Did you try that?

Rivera · Fri Nov 11, 2011 1:24 pm

It will not work, because all VPN traffic also will be marked. Basically all traffic will be marked - ADSL is uplink for VPN.

UPD: i tried it, but it does not work.

sadeghrafie · Fri Nov 11, 2011 6:27 pm

So, try the reverse.
I mean add a new 0.0.0.0/0 route with DG of PPPoE and use a lower metric than PPTP route. then mark route for PPTP packets and . . . (like the last post)

Rivera · Fri Nov 11, 2011 7:07 pm

by "metric" you mean "distance" in ip - route?

sadeghrafie · Fri Nov 11, 2011 7:30 pm

by "metric" you mean "distance" in ip - route?

Yes Metric or distance in Mirktoik

BTW, Routing mark is enough.
I have done this setting for my network. I have two 0.0.0.0/0 route. one DG is PPPoE and the other is PPTP. done with routing mark.

Rivera · Fri Nov 11, 2011 7:45 pm

hm. pppoe route - metric 2
pptp route - metric 1 + marked (in mangle i mangle all routes that have in-interface=pptp-interface)

now pppoe route is my default route O_o

sadeghrafie · Fri Nov 11, 2011 8:09 pm

If you want to have PPTP as your DG for your users, don't use metric. mark routing is enough

Rivera · Fri Nov 11, 2011 8:23 pm

Strange... ADSL and PPTP - metric=1. PPTP routing mark - "uplink" (that's in ip -> routes)
in mangle - mark all routes with in-interface=pptp-uplink as "uplink" (prerouting) (ip - firewall - mangle)

In that case, default gw = ADSL.

P.S. i do not use "use as default gw" in PPTP/PPPOE client and write 0.0.0.0/0 routes manually, that's why i can't use metric=0

I do not have other 0.0.0.0/0 routes, but i have few routes with 0 metric.

Rivera · Fri Nov 11, 2011 8:34 pm

 

0   chain=forward action=change-mss new-mss=1360 passthrough=yes tcp-flags=syn protocol=tcp tcp-mss=1453-65535 

 1   chain=prerouting action=mark-routing new-routing-mark=primary-uplink passthrough=no in-interface=pptp-out-someisp

(i tried with both passthrough=yes and no)

 0 A S  dst-address=0.0.0.0/0 gateway=pptp-out-someisp gateway-status=pptp-out-someisp reachable distance=1 scope=30 target-scope=10 routing-mark=primary-uplink 

 1 A S  dst-address=0.0.0.0/0 gateway=pppoe-out-someisp gateway-status=pppoe-out-someisp reachable distance=1 scope=30 target-scope=10

sadeghrafie · Fri Nov 11, 2011 8:39 pm

So, is it correct for you?
or you still want to have PPTP for DG?

Rivera · Fri Nov 11, 2011 8:41 pm

Yes, i need PPTP as default route but i need access to ADSL ip from external net.
Sorry if i described something wrong because my english is not really good.

BTW, with config in prev post i'm not able to ping PPTP ip

sadeghrafie · Fri Nov 11, 2011 8:49 pm

So,
I think there is another way.
use mangle for mark routing for your LAN users to use PPTP as their DG.
the result:
you have two DG. one PPTP and the other PPoE.
when your LAN users try to reach Internet, they go through PPTP.
when any packet comes in to your router which not refer to your LAN users and don't come from PPTP, use PPPoE route.
Ii think it should works good for you. If I have any mistake in this, just tell me

Rivera · Tue Nov 15, 2011 2:19 pm

Tried many ways, and i can't get it working. Sad.

sadeghrafie · Tue Nov 15, 2011 6:00 pm

Tried many ways, and i can't get it working. Sad.

I think the my last post was the solution, Did you try it? what was the result?

Rivera · Thu Feb 16, 2012 11:33 am

Raising that thread. Yes, mangle-way was correct (mark my /24 subnet routes as VPN and add route based on mark), but there is one problem - if VPN connection goes down, all data silently choose main route, which is not prefered to use.

P.S. also, AFAIK mark-based routing uses first rule found? So if i have 0.0.0.0/0 route, and some network (ie pandora radio), pandora's rule should be placed before default route?

[Routing] ADSL and PPTP as primary uplink. Custom routing

[Routing] ADSL and PPTP as primary uplink. Custom routing

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Re: [Routing] ADSL and PPTP as primary uplink. Custom routin

Who is online