Hi all, whats the mangle rules for setting up my Mikrotik as a VPN server with multiple WANs.
The main difference with all the hundreds of Dual WAN load balancing example is that In NOT load balancing, if you come in on ISP1, you go out over ISP1. Technically i want to be able to disable the general default route and it should still work, because all ISP’s have a specific default route.
I have only: eth0, with 2 ISP addresses and a localhost address 192.168.0.1 (for management access), they all assigned to the same NIC. Traffic comes in ONLY via VPN, and flows out to the Local lan (192.168.0.0/24)
How do i adapt: http://wiki.mikrotik.com/wiki/Manual:PCC
My work so far (NOT WORKING!):
/ip address
add address=192.168.0.1/24 network=192.168.0.0 interface=eth0
add address=X.X.X.X network=whatever interface=eth0 <-- live internet ip address
add address=Y.Y.Y.Y network=whatever interface=eth0 <-- live internet ip address
/ip firewall mangle
add chain=input dst-address=X.X.X.X connection-mark=no-mark action=mark-connection new-connection-mark=WAN1_conn
add chain=input dst-address=Y.Y.Y.Y connection-mark=no-mark action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
... I get lost here... please help
add chain=prerouting connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
/ip route
add dst-address=0.0.0.0/0 gateway=A.A.A.A routing-mark=to_WAN1
add dst-address=0.0.0.0/0 gateway=B.B.B.B routing-mark=to_WAN2
add dst-address=0.0.0.0/0 gateway=A.A.A.A disabled=yes <-- Should be able to connect a VPN without this
/ip firewall nat
add chain=srcnat action=masquerade