i have set up a RB750 to splitroute between 2 ethernet ports as Gateway
using preroute/mascerade method.
but since this, the additional routes to the VPN Connections do not work anymore.
i would prefer using the Bonding Interfaces, but somehow it does not really work in any configuration.
as the remote devices are standard AdSL Modems operating in DMZ mode.
can maybe anyone help me in ajusting the subroute ro get the VPN back working ?
/ip firewall filter
add chain=input comment="default configuration"
add chain=output
/ip firewall mangle
add action=mark-connection chain=input in-interface=1-WAN-133 new-connection-mark=133_conn
add action=mark-connection chain=input in-interface=2-WAN-450 new-connection-mark=450_conn
add action=mark-routing chain=output connection-mark=133_conn new-routing-mark=to_133
add action=mark-routing chain=output connection-mark=450_conn new-routing-mark=to_450
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=3-ETH-UpLink new-connection-mark=133_conn \
per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=3-ETH-UpLink new-connection-mark=450_conn \
per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=133_conn in-interface=3-ETH-UpLink new-routing-mark=to_133
add action=mark-routing chain=prerouting connection-mark=450_conn in-interface=3-ETH-UpLink new-routing-mark=to_450
/ip firewall nat
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 out-interface=2-WAN-450 !to-addresses !to-ports
add action=masquerade chain=srcnat dst-address=192.168.0.0/24 out-interface=0-VPN-CCM !to-addresses !to-ports
add action=masquerade chain=srcnat dst-address=10.24.43.0/24 out-interface=0-VPN-SoftLayer !to-addresses !to-ports
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 out-interface=1-WAN-133 !to-addresses !to-ports
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_133
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_450
add check-gateway=ping distance=1 gateway=192.168.1.1
add check-gateway=ping distance=2 gateway=192.168.2.1
add distance=1 dst-address=10.24.43.0/24 gateway=10.0.31.178
add disabled=yes distance=2 dst-address=61.7.161.228/32 gateway=192.168.0.218
add distance=2 dst-address=192.168.0.0/24 gateway=192.168.0.218
additional there are a bunch of incomming rules (NAT) added like this
add action=dst-nat chain=dstnat dst-port=11300 in-interface=2-WAN-450 protocol=tcp to-addresses=172.16.67.27 to-ports=11300
since using the load balance in this fashion i noticed that ssh connections and sometime web connections (incomming only) are extremly slow … but thats another issue ..
main thing is how to get the route to 10.24.43.0 back working ..
any ideas ?