Dual Wan Gateway problem

luciferm · May 13, 2017, 5:13am

Hi
i have a mikrotik rb951G ether1 is connected to a 3G router - Ether2 connected to a adsl modem. and ether5 is connected to local lan.
my main problem is with gateway fail over.in the main routing table all my gateway are blue. but i have ping on both gateway. ping on the 3g modem is high usually around 400 but sometime over 1000.

i wont use load balancing that much. my main concern is the gateways. how i fix that?
this is the config thanks.

/interface bridge
add name=BridgeEther-wlan
/interface pptp-client
add connect-to=*.*.*.* disabled=no name=pptp-out user=****
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=\
    allowed mode=dynamic-keys name=WifiMobilePass supplicant-identity=""
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=\
    allowed mode=dynamic-keys name=WifiInternalPass supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n bridge-mode=disabled \
    channel-width=20/40mhz-eC disabled=no frequency=auto mode=ap-bridge name=\
    MainWlan security-profile=WifiInternalPass ssid="**** Internal" \
    wireless-protocol=802.11 wps-mode=disabled
add disabled=no mac-address=6E:3B:6B:2D:8A:4E master-interface=MainWlan \
    multicast-buffering=disabled name=MobileWlan security-profile=\
    WifiMobilePass ssid="**** Mobile" wds-cost-range=0 wds-default-cost=\
    0 wps-mode=disabled
/ip firewall layer7-protocol
add name=knock1 regexp=*****
add name=knock2 regexp=*****
/ip hotspot profile
add dns-name=**** hotspot-address=192.168.50.1 http-cookie-lifetime=1d \
    login-by=cookie,http-chap,mac-cookie name=ActiveHotspot use-radius=yes
/ip pool
add name=MainPool ranges=172.16.17.100-172.16.17.199
add name=WifiPool ranges=172.16.17.200-172.16.17.254
add name=PPP ranges=192.168.40.2-192.168.40.254
add name=Hotspot ranges=192.168.50.2-192.168.50.254
add name=pptppool ranges=192.168.60.2-192.168.60.254
/ip dhcp-server
add address-pool=MainPool disabled=no interface=BridgeEther-wlan lease-time=\
    1d10m name=MainDhcp
add address-pool=WifiPool interface=MainWlan lease-time=1d10m name=WifiDhcp
add address-pool=Hotspot disabled=no interface=MobileWlan lease-time=1h name=\
    dhcp1
/ip hotspot
add address-pool=Hotspot disabled=no interface=MobileWlan name=Hotspot profile=\
    ActiveHotspot
/ppp profile
add dns-server=192.168.40.1,8.8.8.8 local-address=192.168.40.1 name=PPPOE \
    remote-address=PPP
add local-address=192.168.60.1 name=PPTP remote-address=pptppool

/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/tool user-manager profile
add name=512KB name-for-users="" override-shared-users=off owner=admin price=0 \
    starts-at=logon validity=0s
add name=2048KB name-for-users="" override-shared-users=off owner=admin price=0 \
    starts-at=logon validity=0s
add name=Unlimited name-for-users="" override-shared-users=off owner=admin \
    price=0 starts-at=logon validity=0s
/tool user-manager profile limitation
add address-list="" download-limit=0B group-name="" ip-pool="" name=\
    512KB-Burst2M owner=admin rate-limit-burst-rx=2097152B \
    rate-limit-burst-time-rx=9s rate-limit-burst-time-tx=5s \
    rate-limit-burst-treshold-rx=2097152B rate-limit-burst-treshold-tx=524288B \
    rate-limit-burst-tx=524288B rate-limit-min-rx=524288B rate-limit-min-tx=\
    524288B rate-limit-priority=5 rate-limit-rx=524288B rate-limit-tx=524288B \
    transfer-limit=0B upload-limit=0B uptime-limit=0s
add address-list="" download-limit=0B group-name="" ip-pool="" name=2M-4M \
    owner=admin rate-limit-burst-rx=4194304B rate-limit-burst-time-rx=6s \
    rate-limit-burst-time-tx=6s rate-limit-burst-treshold-rx=4194304B \
    rate-limit-burst-treshold-tx=524288B rate-limit-burst-tx=524288B \
    rate-limit-min-rx=1048576B rate-limit-min-tx=524288B rate-limit-priority=3 \
    rate-limit-rx=2097152B rate-limit-tx=524288B transfer-limit=0B \
    upload-limit=0B uptime-limit=0s
add address-list="" download-limit=0B group-name="" ip-pool="" name=Unlimited \
    owner=admin rate-limit-priority=1 transfer-limit=0B upload-limit=0B \
    uptime-limit=0s
add address-list="" download-limit=0B group-name="" ip-pool="" name=2M-B-4M \
    owner=admin rate-limit-burst-rx=524288B rate-limit-burst-time-rx=10s \
    rate-limit-burst-time-tx=10s rate-limit-burst-treshold-rx=524288B \
    rate-limit-burst-treshold-tx=4194304B rate-limit-burst-tx=4194304B \
    rate-limit-min-rx=524288B rate-limit-min-tx=2097152B rate-limit-priority=3 \
    rate-limit-rx=524288B rate-limit-tx=2097152B transfer-limit=0B \
    upload-limit=0B uptime-limit=0s
/interface bridge port
add bridge=BridgeEther-wlan interface=ether5
add bridge=BridgeEther-wlan interface=MainWlan
/ip firewall connection tracking
set enabled=yes
/interface l2tp-server server
set caller-id-type=ip-address
/interface pppoe-server server
add default-profile=PPPOE disabled=no interface=BridgeEther-wlan service-name=\
    pppoeServer
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=PPTP enabled=yes
/ip accounting
set enabled=yes
/ip address
add address=172.16.17.1/24 disabled=yes interface=ether5 network=172.16.17.0
add address=192.168.20.2/24 interface=ether1 network=192.168.20.0
add address=192.168.30.2/24 interface=ether2 network=192.168.30.0
add address=172.16.17.1/24 disabled=yes interface=MainWlan network=172.16.17.0
add address=192.168.50.1/24 comment="hotspot network" interface=MobileWlan \
    network=192.168.50.0
add address=172.16.17.1/24 interface=BridgeEther-wlan network=172.16.17.0
/ip dhcp-server network
add address=172.16.17.0/24 dns-server=172.16.17.1,8.8.8.8 gateway=172.16.17.1
add address=192.168.50.0/24 comment="hotspot network" gateway=192.168.50.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,4.2.2.4
/ip firewall address-list
add address=dynupdate.no-ip.com list=noip
add address=8.8.8.8 list=dns
add address=4.2.2.4 list=dns
add address=1.1.1.1 comment="Main router" disabled=yes list=securedm
add address=192.168.2.254 list=secured
add address=time.windows.com list=securedm
add address=asia.pool.ntp.org list=securedm
add address=192.168.20.0/24 list=Connected
add address=192.168.30.0/24 list=Connected
add address=192.168.40.0/24 list=Connected
add address=192.168.40.0/24 list=LAN
add address=192.168.50.0/24 list=LAN
add address=192.168.50.0/24 list=Connected
add address=172.16.17.0/24 list=local
add address=192.168.20.1 list=local
add address=192.168.30.1 list=local
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes
add action=reject chain=forward dst-address=77.77.77.18 log=yes reject-with=\
    icmp-admin-prohibited
add action=add-src-to-address-list address-list=temporary address-list-timeout=\
    25s chain=input comment="Port Knocking" dst-port=333 layer7-protocol=knock1 \
    log=yes protocol=udp
add action=add-src-to-address-list address-list=secured address-list-timeout=\
    30m chain=input dst-port=666 layer7-protocol=knock2 log=yes protocol=udp \
    src-address-list=temporary
add action=accept chain=input comment="Dns udp" protocol=udp src-address-list=\
    dns src-port=53
add action=accept chain=input comment="Dns tcp" protocol=tcp src-address-list=\
    dns src-port=53
add action=accept chain=input comment="Alowed PPTP" dst-port=1723 protocol=tcp
add action=accept chain=input comment=noip protocol=tcp src-address-list=noip \
    src-port=80,443
add action=accept chain=input comment="Icmp ping" protocol=icmp
add action=accept chain=input comment=\
    "Danger!!! disabling this rule result in lose of connection to router." \
    src-address-list=secured
add action=accept chain=input comment=\
    "Danger!!! disabling this rule result in lose of connection to router." \
    src-address-list=securedm
add action=accept chain=input protocol=gre
add action=drop chain=input in-interface=ether1
add action=drop chain=input in-interface=ether2
add action=drop chain=input in-interface=pptp-out
/ip firewall mangle
add action=accept chain=prerouting comment="Connected Networks - ACCEPT" \
    dst-address-list=Connected src-address-list=Connected
add action=mark-connection chain=input comment=WAN->ROS connection-mark=no-mark \
    in-interface=ether1 new-connection-mark=WAN1->ROS passthrough=yes
add action=mark-connection chain=input connection-mark=no-mark in-interface=\
    ether2 new-connection-mark=WAN2->ROS passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1->ROS \
    new-routing-mark=ether1_Route passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2->ROS \
    new-routing-mark=ether2_Route passthrough=yes
add action=mark-connection chain=input comment=pptpout>ROS connection-mark=\
    no-mark in-interface=pptp-out new-connection-mark=pptp->ROS passthrough=yes
add action=mark-routing chain=output connection-mark=pptp->ROS \
    new-routing-mark=pptpout passthrough=yes
add action=mark-connection chain=forward comment=WAN->LANs connection-mark=\
    no-mark in-interface=ether1 new-connection-mark=WAN1->LANs passthrough=yes
add action=mark-connection chain=forward connection-mark=no-mark in-interface=\
    ether2 new-connection-mark=WAN2->LANs passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN1->LANs \
    new-routing-mark=ether1_Route passthrough=yes src-address-list=LAN
add action=mark-routing chain=prerouting connection-mark=WAN2->LANs \
    new-routing-mark=ether2_Route passthrough=yes src-address-list=LAN
add action=mark-connection chain=prerouting comment=LAN->WAN connection-mark=\
    no-mark dst-address-list=!Connected dst-address-type=!local \
    new-connection-mark=LAN->WAN passthrough=yes src-address-list=LAN
add action=mark-routing chain=prerouting comment="Load-Balancing here" \
    connection-mark=LAN->WAN new-routing-mark=ether1_Route passthrough=yes \
    src-address-list=LAN
add action=mark-connection chain=prerouting comment=\
    "Stick Connection after this" connection-mark=LAN->WAN new-connection-mark=\
    Sticky_ether1 passthrough=yes routing-mark=ether1_Route
add action=mark-connection chain=prerouting connection-mark=LAN->WAN \
    new-connection-mark=Sticky_ether2 passthrough=yes routing-mark=ether2_Route
add action=mark-routing chain=prerouting connection-mark=Sticky_ether1 \
    new-routing-mark=ether1_Route passthrough=yes src-address-list=LAN
add action=mark-routing chain=prerouting connection-mark=Sticky_ether2 \
    new-routing-mark=ether2_Route passthrough=yes src-address-list=LAN
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
    disabled=yes
add action=masquerade chain=srcnat comment="masqueade PPPOE " out-interface=\
    ether1 src-address=192.168.40.0/24
add action=masquerade chain=srcnat comment="masqueade PPPOE " out-interface=\
    ether2 src-address=192.168.40.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    out-interface=ether1 src-address=192.168.50.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    out-interface=ether2 src-address=192.168.50.0/24
add action=masquerade chain=srcnat comment="PPTP Masquerade" dst-address-list=\
    local src-address=192.168.60.0/24
add action=masquerade chain=srcnat comment="Server Internet" out-interface=\
    ether1 src-address=172.16.17.10
add action=masquerade chain=srcnat comment="Server Internet" out-interface=\
    ether2 src-address=172.16.17.10
add action=dst-nat chain=dstnat comment="SQL PORT" disabled=yes dst-port=1433 \
    protocol=tcp to-addresses=172.16.17.10 to-ports=1433
add action=masquerade chain=srcnat comment="masqueade PPPOE " disabled=yes \
    out-interface=ether1 src-address=172.16.17.100
/ip hotspot user
add disabled=yes name=admin
/ip route
add distance=1 gateway=10.1.1.1 routing-mark=ether1_Route
add distance=2 gateway=10.2.2.2 routing-mark=ether1_Route
add disabled=yes distance=1 gateway=192.168.30.1 routing-mark=ether1_Route
add disabled=yes distance=1 gateway=216.146.35.35 routing-mark=ether1_Route
add disabled=yes distance=2 gateway=37.235.1.174 routing-mark=ether1_Route
add distance=1 gateway=10.2.2.2 routing-mark=ether2_Route
add distance=2 gateway=10.1.1.1 routing-mark=ether2_Route
add disabled=yes distance=1 gateway=37.235.1.174 routing-mark=ether2_Route
add disabled=yes distance=2 gateway=216.146.35.35 routing-mark=ether2_Route
add distance=1 gateway=pptp-out routing-mark=pptpout
add check-gateway=ping distance=1 gateway=10.1.1.1
add check-gateway=ping distance=2 gateway=192.168.30.1
add distance=1 dst-address=8.8.4.4/32 gateway=192.168.20.1 scope=10
add check-gateway=ping distance=1 dst-address=8.26.56.26/32 gateway=\
    192.168.30.1 scope=10
add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=84.200.69.80 \
    scope=10
add check-gateway=ping distance=1 dst-address=10.1.1.1/32 gateway=8.8.4.4 \
    scope=10
add check-gateway=ping distance=1 dst-address=10.2.2.2/32 gateway=8.26.56.26 \
    scope=10
add check-gateway=ping distance=1 dst-address=10.2.2.2/32 gateway=\
    208.67.222.222 scope=10
add check-gateway=ping distance=1 dst-address=37.235.1.174/32 gateway=\
    8.26.56.26 scope=10
add check-gateway=ping distance=1 dst-address=37.235.1.174/32 gateway=\
    208.67.222.222 scope=10
add distance=1 dst-address=84.200.69.80/32 gateway=192.168.20.1 scope=10
add check-gateway=ping distance=1 dst-address=208.67.222.222/32 gateway=\
    192.168.30.1 scope=10
add check-gateway=ping distance=1 dst-address=216.146.35.35/32 gateway=8.8.4.4 \
    scope=10
add check-gateway=ping distance=1 dst-address=216.146.35.35/32 gateway=\
    84.200.69.80 scope=10
/ppp aaa
set use-radius=yes
/ppp secret
add name=***
add name=*** profile=PPTP service=pptp
add name=*** profile=PPTP service=pptp
add name=*** profile=PPTP service=pptp
/radius
add address=127.0.0.1 service=ppp,hotspot
/radius incoming
set accept=yes
/snmp
set contact=Router enabled=yes location=***
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Tehran
/system ntp client
set enabled=yes primary-ntp=51.141.32.51 secondary-ntp=103.47.76.177
/system routerboard settings
set init-delay=0s
/system scheduler
add disabled=yes interval=5s name=FailOver on-event=FailOver policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup
/system script
add name=FailOver owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# -\
    ------------ start editing here -------------\r\
    \n# Edit the variables below to suit your needs\r\
    \n\r\
    \n# Please fill the WAN interface names\r\
    \n:local InterfaceISP1 ether1\r\
    \n:local InterfaceISP2 ether2\r\
    \n\r\
    \n# Please fill the gateway IPs (or interface names in case of PPP)\r\
    \n:local GatewayISP1 192.168.20.1\r\
    \n:local GatewayISP2 192.168.30.1\r\
    \n\r\
    \n# Please fill the ping check host - currently: resolver1.opendns.com\r\
    \n:local PingTarget 8.8.8.8\r\
    \n\r\
    \n# Please fill how many ping failures are allowed before fail-over happends\
    \r\
    \n:local FailTreshold 5\r\
    \n\r\
    \n# Define the distance increase of a route when it fails\r\
    \n:local DistanceIncrease 2\r\
    \n\r\
    \n# Editing the script after this point may break it\r\
    \n# -------------- stop editing here --------------\r\
    \n\r\
    \n\r\
    \n\r\
    \n# Declare the global variables\r\
    \n:global PingFailCountISP1\r\
    \n:global PingFailCountISP2\r\
    \n\r\
    \n# This inicializes the PingFailCount variables, in case this is the 1st ti\
    me the script has ran\r\
    \n:if ([:typeof \$PingFailCountISP1] = \"nothing\") do={:set PingFailCountIS\
    P1 0}\r\
    \n:if ([:typeof \$PingFailCountISP2] = \"nothing\") do={:set PingFailCountIS\
    P2 0}\r\
    \n\r\
    \n# This variable will be used to keep results of individual ping attempts\r\
    \n:local PingResult\r\
    \n\r\
    \n\r\
    \n\r\
    \n# Check ISP1\r\
    \n:set PingResult [ping \$PingTarget count=1 interface=\$InterfaceISP1]\r\
    \n:put \$PingResult\r\
    \n\r\
    \n:if (\$PingResult = 0) do={\r\
    \n\t:if (\$PingFailCountISP1 < (\$FailTreshold+2)) do={\r\
    \n\t\t:set PingFailCountISP1 (\$PingFailCountISP1 + 1)\r\
    \n\t\t\r\
    \n\t\t:if (\$PingFailCountISP1 = \$FailTreshold) do={\r\
    \n\t\t\t:log warning \"ISP1 has a problem en route to \$PingTarget - increas\
    ing distance of routes.\"\r\
    \n\t\t\t:foreach i in=[/ip route find gateway=\$GatewayISP1 && static] do=\\\
    \r\
    \n\t\t\t\t{/ip route set \$i distance=([/ip route get \$i distance] + \$Dist\
    anceIncrease)}\r\
    \n\t\t\t:log warning \"Route distance increase finished.\"\r\
    \n\t\t}\r\
    \n\t}\r\
    \n}\r\
    \n:if (\$PingResult = 1) do={\r\
    \n\t:if (\$PingFailCountISP1 > 0) do={\r\
    \n\t\t:set PingFailCountISP1 (\$PingFailCountISP1 - 1)\r\
    \n\t\t\r\
    \n\t\t:if (\$PingFailCountISP1 = (\$FailTreshold -1)) do={\r\
    \n\t\t\t:log warning \"ISP1 can reach \$PingTarget again - bringing back ori\
    ginal distance of routes.\"\r\
    \n\t\t\t:foreach i in=[/ip route find gateway=\$GatewayISP1 && static] do=\\\
    \r\
    \n\t\t\t\t{/ip route set \$i distance=([/ip route get \$i distance] - \$Dist\
    anceIncrease)}\r\
    \n\t\t\t:log warning \"Route distance decrease finished.\"\r\
    \n\t\t}\r\
    \n\t}\r\
    \n}\r\
    \n\r\
    \n\r\
    \n\r\
    \n# Check ISP2\r\
    \n:set PingResult [ping \$PingTarget count=1 interface=\$InterfaceISP2]\r\
    \n:put \$PingResult\r\
    \n\r\
    \n:if (\$PingResult = 0) do={\r\
    \n\t:if (\$PingFailCountISP2 < (\$FailTreshold+2)) do={\r\
    \n\t\t:set PingFailCountISP2 (\$PingFailCountISP2 + 1)\r\
    \n\t\t\r\
    \n\t\t:if (\$PingFailCountISP2 = \$FailTreshold) do={\r\
    \n\t\t\t:log warning \"ISP2 has a problem en route to \$PingTarget - increas\
    ing distance of routes.\"\r\
    \n\t\t\t:foreach i in=[/ip route find gateway=\$GatewayISP2 && static] do=\\\
    \r\
    \n\t\t\t\t{/ip route set \$i distance=([/ip route get \$i distance] + \$Dist\
    anceIncrease)}\r\
    \n\t\t\t:log warning \"Route distance increase finished.\"\r\
    \n\t\t}\r\
    \n\t}\r\
    \n}\r\
    \n:if (\$PingResult = 1) do={\r\
    \n\t:if (\$PingFailCountISP2 > 0) do={\r\
    \n\t\t:set PingFailCountISP2 (\$PingFailCountISP2 - 1)\r\
    \n\t\t\r\
    \n\t\t:if (\$PingFailCountISP2 = (\$FailTreshold -1)) do={\r\
    \n\t\t\t:log warning \"ISP2 can reach \$PingTarget again - bringing back ori\
    ginal distance of routes.\"\r\
    \n\t\t\t:foreach i in=[/ip route find gateway=\$GatewayISP2 && static] do=\\\
    \r\
    \n\t\t\t\t{/ip route set \$i distance=([/ip route get \$i distance] - \$Dist\
    anceIncrease)}\r\
    \n\t\t\t:log warning \"Route distance decrease finished.\"\r\
    \n\t\t}\r\
    \n\t}\r\
    \n}"
/tool traffic-monitor
add interface=ether1 name=LB1 on-event=":log warning \"LB Debug:Ether1 Overloade\
    d, switching to Ether2\";\r\
    \n/ip firewall mangle set [find comment=\"Load-Balancing here\"] new-routing\
    -mark=ether2_Route;\r\
    \n" threshold=16000000 traffic=received
add interface=ether1 name=LB2 on-event=":log warning \"LB Debug:Ether1 BACK TO N\
    ORMAL\";\r\
    \n/ip firewall mangle set [find comment=\"Load-Balancing here\"] new-routing\
    -mark=ether1_Route" threshold=16000000 traffic=received trigger=below
/tool user-manager database
set db-path=user-manager
/tool user-manager profile profile-limitation
add from-time=0s limitation=512KB-Burst2M profile=512KB till-time=23h59m59s \
    weekdays=sunday,monday,tuesday,wednesday,thursday,friday,saturday
add from-time=0s limitation=2M-B-4M profile=2048KB till-time=23h59m59s \
    weekdays=sunday,monday,tuesday,wednesday,thursday,friday,saturday
/tool user-manager router
add coa-port=1700 customer=admin disabled=no ip-address=127.0.0.1 log=\
    auth-ok,auth-fail,acct-ok,acct-fail name=MainRouter shared-secret=*** \
    use-coa=no
/tool user-manager user
add customer=admin disabled=no shared-users=2 username=s001 wireless-enc-algo=\
    none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=2 username=s002 wireless-enc-algo=\
    none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=2 username=s003 wireless-enc-algo=\
    none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=2 username=s004 wireless-enc-algo=\
    none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=2 username=s005 wireless-enc-algo=\
    none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=2 username=s006 wireless-enc-algo=\
    none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=2 username=s007 wireless-enc-algo=\
    none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=2 username=s008 wireless-enc-algo=\
    none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=2 username=s009 wireless-enc-algo=\
    none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=2 username=s010 wireless-enc-algo=\
    none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=2 username=s011 wireless-enc-algo=\
    none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=2 username=s012 wireless-enc-algo=\
    none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=2 username=s013 wireless-enc-algo=\
    none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=2 username=s014 wireless-enc-algo=\
    none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=2 username=s015 wireless-enc-algo=\
    none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=unlimited username=unlimited \
    wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=10 username=guest \
    wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no shared-users=3 username=*** \
    wireless-enc-algo=none wireless-enc-key="" wireless-psk=""

idlemind · May 17, 2017, 5:02am

Seems like you have an awful lot going on there… If you simply want to be able to fail-over to the 3G connection and not try to load balance onto it you can accomplish that with 2 default routes. The one to the ADSL you add check-gateway. Set the 3G default route to be slightly higher than the ASDL route. It will take over when the ADSL check-gateway check fails. Make sure your source NAT masquerades are setup for each Internet connection along with an allow for ESTABLISHED and RELATED connections.

luciferm · May 17, 2017, 5:54am

my main connection is the 3g modem and backup is adsl.
two gateways never fails. so i cant simply do that with two default route. any suggestion?

idlemind · May 17, 2017, 5:58am

So you don’t want simple failover but some nature of load balancing?

luciferm · May 17, 2017, 10:10am

i dont care about load balancing.
the load balancing is already working very good.
but there is something wrong with gateway failover that i can’t figure that out?

idlemind · May 17, 2017, 2:11pm

k you’re not making sense. You’re rules are a bit all over the place. You have specific (/32) routes with check-gateway and you have a bunch of routing mark rules.

Per your posts. You want PCC based load-balancing (done with mangles and routing-marks) and you want to fail-over to ADSL when 3G is unavailable correct?

In the configuration you posted I don’t see a default route at all. You’ll want to have a default route for each provider. The provider you prefer will have a lower distance than the provider you don’t want to prefer. You’ll use check-gateway, mode ping and the gateway will be the upstream router from the ISP.

luciferm · May 17, 2017, 7:34pm

my load balancing is not pcc. but is similar to that if the traffic on ether one exceed the 16m then the ether two become active the rest of the time (almost always) traffic goes to ether1.
now if the isp on ether 1 has a problem the mikrotik wont switch to ether2 and all default route became blue that is my main concern.