Gateway issues.

RouterOS Beginner Basics
1

Dear sirs.
From my ISP dhcp-server i have the following routing table

 0 ADC  dst-address=192.168.88.0/24 pref-src=192.168.88.1 
        gateway=bridge-local gateway-status=bridge-local reachable 
        distance=0 scope=10 

 1 ADC  dst-address=192.168.147.0/24 pref-src=192.168.147.93 
        gateway=ether1-gateway 
        gateway-status=ether1-gateway reachable distance=0 scope=10

 2 A S  dst-address=0.0.0.0/0 gateway=192.168.147.1 
        gateway-status=192.168.147.1 reachable via  ether1-gateway 
        distance=1 scope=30 target-scope=10

My ISP also has VPN server to access the internet. So i configure vpn-client and my routing table looks something like this:

 0 ADC  dst-address=192.168.88.0/24 pref-src=192.168.88.1 
        gateway=bridge-local gateway-status=bridge-local reachable 
        distance=0 scope=10 

 1 ADC  dst-address=192.168.147.0/24 pref-src=192.168.147.93 
        gateway=ether1-gateway 
        gateway-status=ether1-gateway reachable distance=0 scope=10

 2 ADC  dst-address=0.0.0.0/0 gateway=192.168.147.1 
        gateway-status=192.168.147.1 reachable via  ether1-gateway 
        distance=1 scope=30 target-scope=10
 
 3 A S  dst-address=0.0.0.0/0 gateway=VPN 
        gateway-status=VPN reachable distance=1 scope=30 
        target-scope=10

So i have 2 default route. In order to use Internet i remove route with number 2(and change dhcp-client default route settings). So my routing table looks something like this:

 0 ADC  dst-address=192.168.88.0/24 pref-src=192.168.88.1 
        gateway=bridge-local gateway-status=bridge-local reachable 
        distance=0 scope=10 

 1 ADC  dst-address=192.168.147.0/24 pref-src=192.168.147.93 
        gateway=ether1-gateway 
        gateway-status=ether1-gateway reachable distance=0 scope=10
 
 2 A S  dst-address=0.0.0.0/0 gateway=VPN 
        gateway-status=VPN reachable distance=1 scope=30 
        target-scope=10

The problem is that vpn server is not in 192.168.147.0/24 subnet. He is in 192.168.0.0/16 subnet(current his ip is 192.168.115.2). So to work this out i need manual change my routing table to this:

 0 ADC  dst-address=192.168.88.0/24 pref-src=192.168.88.1 
        gateway=bridge-local gateway-status=bridge-local reachable 
        distance=0 scope=10 

 1 ADC  dst-address=192.168.147.0/24 pref-src=192.168.147.93 
        gateway=ether1-gateway 
        gateway-status=ether1-gateway reachable distance=0 scope=10

2 A S  dst-address=192.168.0.0/16 gateway=192.168.147.1 
        gateway-status=192.168.147.1 reachable via  ether1-gateway 
        distance=1 scope=30 target-scope=10 
 
 3 A S  dst-address=0.0.0.0/0 gateway=VPN 
        gateway-status=VPN reachable distance=1 scope=30 
        target-scope=10

Now everything works fine. But if my isp change gateway ip, i need manual change routing table again. What i need, is that my routing table looks something like this (attention at route number 2):

 0 ADC  dst-address=192.168.88.0/24 pref-src=192.168.88.1 
        gateway=bridge-local gateway-status=bridge-local reachable 
        distance=0 scope=10 

 1 ADC  dst-address=192.168.147.0/24 pref-src=192.168.147.93 
        gateway=ether1-gateway 
        gateway-status=ether1-gateway reachable distance=0 scope=10

2 ADC  dst-address=192.168.0.0/16 gateway=gateway_ip_obtained_from_dhcp
        gateway-status=gateway_ip_obtained_from_dhcp reachable via  ether1-gateway 
        distance=1 scope=30 target-scope=10 
 
 3 A S  dst-address=0.0.0.0/0 gateway=VPN 
        gateway-status=VPN reachable distance=1 scope=30 
        target-scope=10

In other words, route number 2 must be dynamic, not static. So if gateway ip change, i do not need manual change routing table. I use router from other vendors(Asus, Zyxel, Tp-link) and their routing table looks like i shown above.
I’ll be very grateful if you give me some ideas or suggestions. Cheers.

2

Does the VPN use a static IP for gateway?

If so, then:
Leave the dhcp client for ether1-gateway with “Add Default Route” = yes

If using a PPTP VPN, then add route: 192.168.0.0/16 (is that your VPN subnet?) to route packets through VPN-Interface. Set the distance to 2.

Add another default route, dst-addr:0.0.0.0/0, routing-mark: VPN, Gateway: IP-of-VPN-Gateway

That new route only applies to packets with the routing-mark: VPN. So go to IP > Firewall, Mangle and create a new rule.

Chain: forward, Action: Mark-Routing, New-Routing-Mark: VPN

Now, when packets originate from the Mikrotik (such as the VPN packets) they’ll go through the default route dynamically added by ether1’s DHCP client.

When packets are being forwarded through the router (such as all other lan packets), they’ll be given the routing mark VPN and thus be sent out the default route marked as VPN.

3

Dear sir. Thank you for your reply.
Unfortunately, ISP give me dns name of vpn-server, not static ip. It can change over time. Plus, i would like to access ISP local services from my dhcp ether1 address, not vpn remote address. I think, command like that would solve my problem

ip route add dst-address=!192.168.0.0/16 gateway=VPN

But sadly there is no one.