2 WAN connections, HOTSPOT and load balancing or link agregation

spaxton · February 24, 2015, 10:49pm

Dear friends,

Recently I have built a hotspot and its working like a charm with one WAN connection but I added one more WAN connection and I want them to be used both. I have tried PCC but then hotspot won’t work. To be precise I tried this:

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=wlan2
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=wlan2

add chain=prerouting dst-address-type=!local in-interface=wlan2 per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=wlan2 per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=wlan2 action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=wlan2 action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.100 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.100 routing-mark=to_WAN2 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.1.100 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.100 distance=2 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade

This works excellent but only if I disable hotspot server. I also tried to figure out how to divide half users to go via WAN1 and the other half via WAN2 but nothing usefull came in my mind so far. I have DHCP server and network is 192.168.88.0/22. DHCP users are from 192.168.89.150 to 192.168.90.150 and I have few addresses out of this range. I want to separate them in two groups for internet access via WAN1 and WAN2 but without changing the current structure of hotspot and DHCP. Is it possible?

Best Regards.

spaxton · February 25, 2015, 10:22am

Anybody with experience?
Will adding hotspot auth to all mangle rules help with this?
I am accessing the router via VPN connection established to another mikrotik router. I would not like to make a mess in the remote router.

Best Regards.

spaxton · February 26, 2015, 11:09am

Cmon, friends? There must be someone who knows what I am missing here to get it work. I have tried many variants and I read many tutorials but no luck. Mikrotik support? Normis?

ayger · February 27, 2015, 10:14pm

Hi

In your pcc rules you have missed the following parameter

“dst-address-type=!local hotspot=auth”

Also use winbox with safe mode enabled in case you get disconnected with mikrotik (it will not commit changes and it will revert back)

Dont use both addresses and ports on your pcc classifier, despite the fact that will utilize the most of your wans.Several sites will broke.

Stick with src address for start and you can fine tune the pcc options more at a later moment.
Tip : trying using transparent webproxy with hotspot and pcc is more tricky than it sounds.

waleed333 · February 28, 2015, 6:30am

Also use winbox with safe mode enabled in case you get disconnected with mikrotik (it will not commit changes and it will revert back)

spaxton · February 28, 2015, 1:20pm

Thanks for reply my friend!

I have tried to add this but there is no hotspod authorisation page after that. I didn’t tryto disable HS server first.

Should I use only both addresses for start?

Yes, indeed! I know that now.

spaxton · March 5, 2015, 12:12pm

Ok,

I just want to say that it works now… even with both addresses and ports.

At first it wouldn’t work but then I disablet the hotspot server, enablet the mangle rules and then enabled the server again. It works like a charm so far. Thanks to all…

I2ROBOT · May 12, 2025, 2:13pm

PLEASE, how do I set this up?

anav · May 12, 2025, 7:53pm

What have you done so far? Where is your config??

I2ROBOT · July 5, 2025, 7:06pm

Hi, I was later able to configure the dual wan, but now I have problems, the hotspot only uses one isp and switches to the second one when the first one fails, secondly the users are asked to login again when the Mikrotiks switch to the second ISP, is there any guide or video I can follow to set it all over?