Hello,
i have a failover setup.
to monitor one WAN (LTE CGNAT) i thinked to create a vpn to chr on cloud.
so essentialy i have a sstp client vpn with my chr on port 443 and of course use main WAN
i create second sstp client on port 465 and force and be sure to use secondary WAN (LTE CGNAT)
i add this rule
/ip firewall mangle
add action=mark-routing chain=output comment="sstp force LTE" dst-address-list=sstp-force-LTE \
dst-port=465 new-routing-mark=_to_eth2 passthrough=no protocol=tcp
and now work. i check on my chr and see ip from LTE
but if LTE is down, on my chr i see active connection from main WAN
so i try to create a filter rule
/ip firewall filter
add action=drop chain=output comment="DROP SSTP NOT LTE" \
disabled=no dst-address-list=sstp-force-LTE dst-port=465 out-interface=!vlan_LTE protocol=tcp
but if i enable this rule, sstp client doesn’t “runnning”…
also with LTE enabled and working…
so how i can be sure that my connection work with only interface vlan_LTE/ether2/ecc…
thank you in advance