Hello,
I added second internet access to the main router (failover).
I put it in its own bridge, made masquerade rules and added route with correct metrics.
ROUTE:
/ip route
add check-gateway=ping comment="MAIN - SLOW INTERNET" distance=2 gateway=192.168.0.1
add check-gateway=ping comment="BACKUP FAST INTERNET" distance=1 gateway=192.168.100.1
NAT:
0 ;;; MASQUERADE INTERNET - MAIN
chain=srcnat action=masquerade out-interface=INTERNET-MAIN log=no log-prefix="" ipsec-policy=out,none
1 ;;; MASQUERADE BACKUP INTERNET
chain=srcnat action=masquerade out-interface=INTERNET-BACKUP log=no log-prefix="" ipsec-policy=out,none
The internet works on location, but the VPN connection does not.
I made a static interface for the VPN and under secrets defined routes for remote server and network (l2tp / ipsec):
/ppp secret
add local-address=10.10.100.1 name=cooler password="PASS" profile=cooler-profile remote-address=10.10.100.10 routes="10.10.11.0/24 10.10.100.10 1" service=l2tp
When the bakcup link (which is faster, but residential and with dynamic IP) is active as a main (upper setup) the VPN doesn’t work.
When I change metrics, so the slower internet is active and faster is backup, all is dandy (meaning if the main fails, the backup is there, as, well, backup.
I tried making manual route, like this:
/ip route add dst-address=10.10.100.10 gateway=<gateway-of-INTERNET-MAIN> distance=1
But it remains static and it doesn’t work.
Print from routers gives me an auto values with metric 0 and another one that i set to direct traffic that are used for VPN:
ADC 10.10.100.10/32 10.10.100.1 l2tp-cooler-... 0
ADS 10.10.11.0/24 10.10.100.10 1
The idea was to try and bind static interface for VPN to the INTERNET-MAIN interface, but I am not sure how to do it or if this is the right approach.
Would appreciate if someone could drop in their 2c and help…
thanks