I have a following setup:
LTE: Main internet connection
WLAN2 (bridge_wan): Neighbours WiFi, DHCP Client, 192.168.1.0/24
The LTE Connection has not been stable recently and I have a permission of my neighbor to use thier WiFi as backup, which is what I have set up using one of the 3 wifi interfaces of the Audience.
I would love to keep this setup and I’m trying to setup recursive Failover using this official guide https://help.mikrotik.com/docs/pages/viewpage.action?pageId=26476608 and came up with this setup, which I would kindly ask someone to look over.
The guide assumes static IPs, however I here have 2 DHCP clients. I could go ahead and assume WLAN connection as a static one, since I know that the Gateway is 192.168.1.1 since I am connecting to a local network, but I went ahead with this setup:
Learning curve: Many things will work somewhat in MT even when configured non-optimally. Doesn’t mean you wont run into issue at sometime.
You have two options for WAN2.
A. the neighbour, on his router, has a way to ensure you always get the same IP address ( set it statically on the lease, like in MT RoS ).
and in this case you just need to set the IP of the WAN via /ip address
B. the above is not possible, Ip may change depending.
and in this case you IP DHCP Client settings.
(not both).
Recursive will not work for a dynamic DHCP scenario normally without some scripts, but since we know the gateway IP on WAN2 will NOT change you are safe to so in this case for WAN2.
What is the purpose of mangling? Related to failover??? Oh I see, the MT document has mangling but this is very confusing. Mangling has nothing to do with failover. I am not sure they put this here. What can be said about the mangling is that it would required if you were accessing Router servers externally ( like wireguard vpn handshake ) .
Also note that there mangle rules are also WRONG in format. The chain for connection marks, should be prerouting not OUTPUT.
aka remove mangling rules… they are not required and wrong anyway.
I would use a different DNS provider for the second recursive check on the same gateway. (8.8.8.8=google, 8.8.4.4=google) not true redundancy there…
I would be inclined not to use default routes and do it all in /ip routes manually.
Thanks for your input.. I agree with your hipothesis
I could also just setup the IP statically as I know the range and change the configuration accordingly, however just using the gateway would definitely be a safer approach in this scenario:
And how about the LTE? is it okay to keep it the way it is, or should I write a script that checks the Gateway IP of the LTE interface and applies the firewall rule?
I don’t know, the official guide says so
I could add this easily once the rest functions properly
For the number 2, I have asked chat gpt, does this seem legitimate for you?:
# Check if the lte1 interface is up
:local lte1Status [/interface get [find name="lte1"] running];
# Get the dynamic gateway for the lte1 interface
:global lte1Gateway [/ip route get number=[find gateway=lte1 && distance=5] dst-address];
# If lte1 is up and the gateway is determined, add the route
:if ($lte1Status = true && [:len $lte1Gateway] > 0) do={
/ip route add dst-address=8.8.8.8 scope=10 gateway=$lte1Gateway comment=Failover_LTE;
:log info "Route added for 8.8.8.8 via lte1 with gateway $lte1Gateway";
} else {
:log warning "lte1 interface is not up or gateway could not be determined";
}
If I had my choice, any person caught using chapgpt should be banned for life LOL, but in the case when chapGPT rules our lives I wont say boo, for fear of being persecuted by ones and zeros.
Did you ask GPT about the official mikrotik documenation as well? Just curious LOL.
In any case, you other accept the advice, or dont. To me the documentation is wrong. Hopefully someone else will chime in to assist on this item. I made a post to that end…
( Anything it scrapes from the net may be close, but each circumstance is different and its more important at this point to learn what you are doing anyway vice copy and paste )
But yes, the concept is to add a script to the IP DHCP settings for the LTE that basically says when the gateway comes back up, take the new gateway found here and stick it in an IP route.
I have one that does that and I use a comment I make in the line of that IP route to be able to point the router to where that new gateway goes. Very common if you do a search.
