Correct Mangle Code

gogotha · February 19, 2022, 7:40pm

We have a question at the office about proper mangling VPN connections and the total “Bytes” that accumulate.

Using this mangle everything works but the “Bytes” accumulate really fast.

/ip firewall mangle
add action=mark-routing chain=prerouting comment="VPN Mangle" new-routing-mark=VPN_Mark passthrough=yes src-address=192.168.88.2-192.168.88.254

Using this mangle everything works but the “Bytes” accumulate a lot less then above.

/ip firewall mangle
add action=mark-routing chain=prerouting comment="VPN Mark" dst-address=10.10.10.0/23 new-routing-mark=VPN_Mark passthrough=yes src-address=192.168.88.0/24

If either one is wrong could someone address why it is wrong.

msatter · February 19, 2022, 8:36pm

You are limiting in the second example:

dst-address=10.10.10.0/23

gogotha · February 21, 2022, 3:02pm

when you say limiting it basically locks it down to the 10.10.10.0/23 network, why does the bytes counter increment lower than the other? Is that measuring everything on bridge?