I’m looking for a way to force a tunnel to use a dedicated gateway, so that it does not establish through another gateway if default route does change.
Any idea ?
The tunnel traffic itself is just like any other traffic in the output chain, so all the usual policy routing tricks (wiki, forum) apply.
You can simply change(add) the static route for the IP that the tunnel connects to and all the traffic intended for that IP will go throug the designated gateway.
Adding static routes does not work.
I have two tunnels with the same destination IP.
I want each tunnel go to this adress through a dedicated gateway.
Fewi : i can’t find a policy routing trick able to catch a specific tunnel inside output chain.
Ah, didn’t get that from your original request. You can’t identify a specific tunnel between two that go to the same destination if they originate on the same router that is to do policy routing. Is that the case, or are the tunnels originating from other endpoints behind the router?
They are originating from the same router. They can’t originate from other routers because they are management tunnels, this router has direct access to xDSL modems and the tunnels are going to those xDSL links.
I want to keep the two tunnels on this router to get more reliability if there is a failure somewhere.
I have only one IPv4 address at the destination. I have a /48 IPv6 bloc at destination, but we don’t have IPv4 over IPv6 tunnels yet inside Router OS.
With those parameters I don’t think there is a solution.
I thought i could use a GRE tunnel over IPsec, then i can define a source address for each tunnel, so that i can use policy routing by source address.
But users seems to have random crashes with IPSEC. PPTP implementation seems rock solid. I’ve never seen a crash or connectivity loss. Another advantage with PPTP is that we can define MRRU, so that there is no problem with 1500 bytes tunnelled packets over xDSL links. I know there is IP Packing on Router OS, but seems like it is a largely untested and proprietary protocol.
Last, PPTP is able to bridge like GRE.
The true solution would be the possibility to put a routing mark on each tunnel, at Local process OUT just before routing decision module, so that we can use policy routing on them.
In the interim, we could use IPv4 over IPv6 tunnels, this is implemented in the latests Linux kernels. I hope to see this inside v5.0 final.