Hi Folks, looks like I am the newbie who have the most questions raised on this forum..
Background:
I have 2 WAN IP assigned to ETH1-WAN1 and ETH3-WAN2.
All L2TP clients are dhcp-assigned on 192.168.0.0/24 and
My LAN is 172.16.10.0/24
To ETH1-WAN1 gateway distance = 0, ETH3-WAN2 is 1
L2TP/ipsec server has setup on Mikrotik
Hope to achieve:
When all the L2TP clients connected to my mikrotik l2tp server, I would like them to have the ETH3-WAN2 IP when they visit http://www.whatismyip.com.
Same for one of the LAN devices, 172.16.10.31 (comment=Ming’s Phone on dhcp lease). I also would like this device to have ETH3-WAN2 wan IP and can be access via 172.16.10.0/24.
Can any expert here give me the rules configuration? Thanks! export.rsc (10 KB)
This is actually wrong, it should be 1 and 2, respectively, because distance 0 is reserved for connected routes (where no gateway IP address is necessary). So far RouterOS allows this wrong way so I didn’t comment on that before. Also bear in mind that the distance values are only taken into account when choosing among routes with identical dst-address and identical routing-mark, so you can have the default route via ETH1-WAN1 with no routing-mark and the default route via ETH3-WAN2 with routing-mark=via-wan2 with the same distance value and there is no conflict.
Given that you’ve said elsewhere that the two WANs use the same modem provided by the ISP, using one as a backup of the other makes little sense, so you can even set add-default-route=no at the ip dhcp-client row referring to ETH3-WAN2, as the route with routing-mark=via-wan2 is configured manually anyway. And once you do that, you can set the default-route-distance of the row referring to ETH1-WAN1 to 1.
/ip firewall mangle add action=mark-connection chain=cmark-pr src-address=192.168.0.0/24 new-connection-mark=wan2-conn passthrough=yes
(I assume you had in mind that all outgoing connections from the L2TP clients would use ETH3-WAN2, not only those visiting http://www.whatismyip.com).
In both cases, the /ip routing rule rows make sure that even connections between two L2TP clients or between an L2TP client and a LAN device will be delivered properly despite the fact that they get the routing-mark via-wan2.