Hello,
i would like to use Mikrotik-RouterOS to make a tunnel from customer side to provider VPN concentrator, to send voip traffic thru the tunnel. (so the transporting provider(s) would not harm SIP traffic inside the tunnel).
The problem is, if customer PBX (with asterisk) sends out registration before the tunnel comes up, a bad conntrack entry has been made, what would like to keep connection on bad interface (other than pptp or ovpn), and device cannot register.
If i manually remove the specific connection from the conntrack table, then everything goes on.
I’ve tried to filter our the SIP packets to go thru only on tunnel interface (drop on ‘wan’ interface) but that is not helped.
probably conntrack is affected before reaching firewall rule.
I would be please if anyone can point me, how to drop the connection from conntrack table with a script (or maybe different way) what would run by netwatch, when tunnel comes up, than delete connection entry with
src ip: 192.168.d.e → dst ip: a.b.c.d:5060 udp
thanks so much!