hello
im new to mikrotik and in my company i have two internet (one with ip public) and clients wants to have option to choose which internet they want to use at the moment .. so i did this :
i created one address list for each internet ,and
Filter Rule :
Chain = Forward
Dst Address = 2.2.2.2
Protocol = ICMP
Action = Add Src To Address List
Name = ISP2
Timeout : 00:00:05
Mangle Rule :
Chain = PreRouting
Src-Address-List = ISP2
Action = Mark Routing
New Routing Mark = To-ISP2
Route :
0.0.0.0/0 > ISP1
0.0.0.0/0 > ISP2
Mark Routing = To-ISP2
when i ping for example ping 2.2.2.2 it directs me to second internet .. but anydesk will be disconnected.. and cant connect vpn ..hellllllllp plllllls..
I would tell the clients to go pound sand.
What difference does it make to the uSE Case of the user??
What is reasonable i them stating I would like to maintain an internet connection with minimal interruptions! Thhus you need to ensure that
a. they all have access to the internet on at least one of the WAN connections (primary) using the second as failover OR
b. use both at the same time and share the load of user traffic in a load balance PCC type setup and once again ensure that if one ISP is not available all traffic gets directed to the working ISP WAN.
OR
c. do it the way you have done which is allow the users some false sense of power that they get to choose which ISP is used.
Makes no sense to me what the criteria would be to use a WANIP.
Hmm let me see… I want to use the slowest internet??
Hmm let me see… I want to use the most unstable internet??
In other words, your users will all choose the better internet connection and you will basically be in a primary / failover scenario.
+++++++++++++++++++++++++++++++++++++++++++++++
What I would do is completely avoid mangling.
a. TELL USERS ON SUBNET A - you are using ISP1
b TELL USERS on SUBNET B - you are using ISP2
TELL USERS that if their internet goes down, then they will be directed to the other internet.
THIS can be done without mangling.
How many clients are you talking and are they all on the same subnet? If not can you create a subnet and distribute clients onto subnets…
If the idea is to use one ISP by default and give users option to switch to the other at will (by pinging “magic” address), it’s possible like this. Not ideal, more a hack, but possibly good enough. The problem is that it will affect whole user’s address, so not just new connections, but also open ones using default ISP, and depending on your routes also new connections to other local subnets, if there are any. You’d need to work with connections and not all packets, for example:
anav
thanks for your reply..
could you pls explain your way more or give me an instruction to do this…
but first of all i have to say i have about 20-30 clients for now i think .. and my lan clients and my wifi client both are in bridge and all the rules applied to the bridge..
if i do it your way could any of the client use each of the net they like whenever they want?
sob
thanks for your help ..
h have a gustion to ask ..by your sentences (The problem is that it will affect whole user’s address) you mean all the clients will directs to second one?
ithey want to chose wich intenet they want..
What I am saying, is that for practical reasons, it becomes very difficult to let clients choose which internet they are going out of.
I dont know any way of doing that, but perhaps Sob and others could figure out a way.
The router in general is not setup that way. The admin directs a SET of users or an individual user or anything in between out either one WAN or another.
Or the admin can ensure that the users have roughly equal access to both WAN connections. I have not seen any configuration that allows the user to choose.
As I stated, why would they want to have to make a choice (they just want internet connection) and two what would they base their decisions on.
You still havent explained why the clients want a choice?? You are still hiding the requirements.
Provide a network diagram so we can see what is going on and provide full config as there are too many questions unanswered.
For instance are the wifi clients getting wifi from an access point connected to an ethernet port on the router or is the router providing both wired and wireless clients.
When you say you have two sets of clients, why not put them on different subnets, LAN (wired clients) on subnet A, or VLAN10 and wifi clients on subnet B or vlan 20 …
No, it won’t affect all clients, only all packets from one client. The two rules your originally posted:
#1 - watches for ping to 2.2.2.2 and adds client’s address to address list #2 - marks routing for packets from clients listed in address list
So when some client pings 2.2.2.2, its address (whatever it has in LAN, e.g. 192.168.88.20) will be added to list and all further packets from this address will be routed to internet using ISP2 for next five seconds (= the address list timeout). If that’s the goal, it will work.
But if there’s some already established connection from this client to remote server (e.g. VPN) using ISP1, its packets will also be routed to ISP2 and connection will break. And same problem will be if you switch to ISP2 and establish such connection that should stay open. Once the address times out and gets removed from list, all packets will go to ISP1 again and this connection will break too.
But if you mark new connections, they will stick to ISP that was active when they were established.
Great Sob, and what if tomorrow the client wants to go out the other internet, does he ping 3.3.3.3 and then gets added to another address list, BUT BUT BUT the user is already on another address list when he pinged 2.2.2.2
Stop going down a rabbit hole you are creating and find out the facts first. ( glad I know at least one person from czechia who is sane LOL otherwise I might get the wrong impression )
There’s timeout, currently 5 seconds, after that it will automatically switch back. And hey, I wrote it first time that it’s not ideal. It could be good enough e.g. if you need to use one ISP most of the time, and only from time to time use another to connect to some service that’s restricted to IP address of second ISP. Then it could be ok solution.
But of course providing more details about what’s actually required is good idea.
Concur!
But imagine, every user has to ping an IP address first before going out to the internet… seems weird to me. Like I said, the OP is not being honest with whats driving requirements.
or more accurately, the OP/admin wants to be able to let the users choose which internet connection, door number 1 or door number 2, if it makes no sense to you, then we are in the same boat and hence, there are hidden requirements not being communicated, or the OP doesnt understand networking.
Two gateways are also possible (e.g. 192.168.88.1 to use ISP1 and 192.168.88.2 to use ISP2), but not very flexible, because it requires reconfiguring of connected device.
you khnow clients wants this becaues we try pcc and net watch and none of them doesnt work well an we live in iran so we have internet issues alot…thats why clients exactly undrestand the speed or stability of net so the manager insist on letting them to choose which net…
yes the router providing both wired and wireless clients.(dhcp) and i use the wifi of the router itself for now becauese our company has just one floor..
all i want from the mikrotic is this and pptp vpn ..you want confige of mikrotic?