Dual ISP setup with static IP and PPPoE on RB450Gx4 - routing issue with WiFi Routers and ZeroTier

rts7568 · August 14, 2024, 10:16am

Hello MikroTik Community,

I’m seeking some guidance on configuring a dual ISP setup on my RB450Gx4 running RouterOS 7.15.2. Here’s my current setup:

ISP1 (Static IP): Connected to port 4.
ISP2 (PPPoE): Connected to port 5.
ZeroTier: Configured on the router.
Bridge (ether1, ether2, ether3): Configured with IP 192.168.0.1/24.

I have two WiFi routers and a computer in my network. Here’s what I want to achieve:

WiFi Router 1, ZeroTier, and My PC should always use the ISP1 connection.
WiFi Router 2 should always use the ISP2 connection.

I’ve attempted some configurations with routing rules, but I’m not sure if I’m on the right track. Could someone please guide me on how to set up routing and firewall rules to achieve this setup?

I’d appreciate any suggestions or sample configurations that could help me get this working. Thank you in advance for your support!

Larsa · August 14, 2024, 11:02am

You forgot to mention where all your local devices are connected (bridge?). Generally, this can be solved pretty easily with policy routing or routing marks if the devices are on different subnets.

What’s your plan for using ZeroTier? Is it for remote access, site-to-site networking, etc?

Btw, export and post your config so we can have a look.

rts7568 · August 14, 2024, 3:31pm

Bridge.

Remote access.

2024-08-14 19:55:29 by RouterOS 7.15.2

software id = MCDR-VRNI

model = RB450Gx4

serial number =

/interface bridge
add name=LAN
/interface bridge port
add bridge=LAN interface=ether1
add bridge=LAN interface=ether2
add bridge=LAN interface=ether3
/interface ethernet
set [ find default-name=ether4 ] name=ether4_ISP1
set [ find default-name=ether5 ] name=ether5_ISP2
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether5_ISP2 name=ISP2_PPPoE
user=test
/ip address
add address=192.168.170.1/24 interface=LAN network=192.168.170.0
add address=192.168.160.50/24 interface=ether4_ISP1 network=192.168.160.0
/ip route
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.160.1
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ISP2_PPPoE
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
vrf-interface=ISP2_PPPoE
/ip firewall nat
add action=masquerade chain=srcnat comment=Masqurade
/ip dns
set allow-remote-requests=yes use-doh-server=> https://dns.nextdns.io/NextDNS-ID >
verify-doh-cert=yes
/ip dns static
add address=45.90.35.0 name=dns.nextdns.io
add address=45.90.32.0 name=dns.nextdns.io
add address=2a07:a8c0:: name=dns.nextdns.io type=AAAA
add address=2a07:a8c1:: name=dns.nextdns.io type=AAAA
/zerotier
set zt1 comment="ZeroTier Central controller - > https://my.zerotier.com/> "
name=zt1 port=9993
/zerotier interface
add allow-default=no allow-global=no allow-managed=yes disabled=no instance=
zt1 name=zerotier1 network=ZeroTierID

anav · August 14, 2024, 3:41pm

Based on your first post I would make WAN1 the primary WAN in routes.
This means one only has to guide/force a smaller set of users heading to WAN2.

The question I have is what do you exactly mean by wifi ROUTER.
Assuming these are dumb consumer devices and you dont mind the double nat created.

How do you plan to separate the users???
Assuming you have one bridge for ether1, ether2, and ether3.
Where does each port terminate to at the other end??

Most likely the solution will be to use vlans to separate users.
It will be very difficult to do what you wish and keep everyone in the same subnet.
So we must find the most logical separation based on
a. what is connected to etherports of the router
b. capabilities of wifi routers
c. intentions of wifi routers

Not worried about zerotier at the moment.
We can add that later once a stable working usage of the two WANs is in place.
Keeps it simpler to config/manage