Hi
I’m training to configure loadbalancing with failover on mikrotik routeur using Dual WAN , the config seems to be working fine, however I noticed something weird , when I shutdown the WAN1 for example to test the failover, the traffic goes throught WAN2 however in IP>Firewall> connexions I still see that the packet is marked as WAN1_conn instead of WAN2_conn.
See attached the topology that I’m working on it also the screenshot of connexion when the WAN1 is down.
The following is my script config that I use, please advice if there is an error on the config or any advanced features that I need to add.Thank you
/interface ethernet
set [ find default-name=ether5 ] name=LAN
set [ find default-name=ether1 ] name=WAN1
set [ find default-name=ether2 ] name=WAN2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.20.2-192.168.20.50
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=LAN name=dhcp1
/ip address
add address=192.168.20.1/24 interface=LAN network=192.168.20.0
add address=10.10.10.2/30 interface=WAN1 network=10.10.10.0
add address=20.20.20.2/30 interface=WAN2 network=20.20.20.0
/ip dhcp-client
add disabled=no interface=WAN1
/ip dhcp-server network
add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1
/ip firewall mangle
add action=accept chain=prerouting dst-address=10.10.10.0/30 in-interface=LAN
add action=accept chain=prerouting dst-address=20.20.20.0/30 in-interface=LAN
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=LAN new-connection-mark=WAN1_conn
passthrough=no per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=LAN new-connection-mark=WAN2_conn
passthrough=no per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn
in-interface=LAN new-routing-mark=to_WAN1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN2_conn
in-interface=LAN new-routing-mark=to_WAN2 passthrough=no
add action=mark-routing chain=output connection-mark=WAN1_conn
new-routing-mark=to_WAN1 passthrough=no
add action=mark-routing chain=output connection-mark=WAN2_conn
new-routing-mark=to_WAN2 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
/ip route
add check-gateway=ping distance=1 gateway=10.10.10.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=20.20.20.1 routing-mark=to_WAN2
add check-gateway=ping distance=1 gateway=10.10.10.1
add check-gateway=ping distance=2 gateway=20.20.20.1
