I have Mikrotik 750GR3. I’ve connected 2 WAN connection on Ethernet 1 and Ethernet 5. Ethernet 1 is used for primary Interent connection and Ethernet 5 is used as failsafe (Secondary Internet connection) and for VPN. I’ve configured Open VPN on it and enabled port fowarding on ISP-2 router to forward trafic for port 1194 to mikrotic Ethernet 5 interface. My VPN connection works fine when ISP-1 is down or I disable Ethernet 1 but it does not connect when both ISPs are connected.
Most likely the client tries to connect using ISP1, when it is available and you don’t have a port forward there.
Have you got a dynamic IP address and corresponding dynamic DDNS ?
Probably it always defaults to ISP1.
If so, as a test, can you use the IP address of ISP2 on the client to connect to your device ?
Hi holvoetn
Yes you are right. I tried to connect with ISP1 and it is connecting without any problem.
No I have static IP address on both ISP-1 and ISP-2
I am new in Mikrotik configuration and I don’t know how can I forward VPN request to ISP-2
You need to make sure that traffic coming into the router on ether1 also leaves on ether1 and traffic coming in on ether5 leaves on ether5
ROS v6
Replace X.X.X.X and Y.Y.Y.Y with the correct default gateways for each interface
# what comes from ether1, gets out from ether1
/ip firewall mangle add action=mark-connection chain=input in-interface=ether1 new-connection-mark=ether1_conn passthrough=yes disabled=no comment="in ether1,out ether1"
/ip firewall mangle add action=mark-routing chain=output connection-mark=ether1_conn new-routing-mark=ether1_traffic passthrough=no disabled=no
/ip route add dst-address=0.0.0.0/0 gateway=X.X.X.X distance=1 routing-mark=ether1_traffic disabled=no
# what comes from ether5, gets out from ether5
/ip firewall mangle add action=mark-connection chain=input in-interface=ether5 new-connection-mark=ether5_conn passthrough=yes disabled=no comment="in ether5,out ether5"
/ip firewall mangle add action=mark-routing chain=output connection-mark=ether5_conn new-routing-mark=ether5_traffic passthrough=no disabled=no
/ip route add dst-address=0.0.0.0/0 gateway=Y.Y.Y.Y distance=1 routing-mark=ether5_traffic disabled=no
ROS v7
Replace X.X.X.X and Y.Y.Y.Y with the correct default gateways for each interface
/routing table
add fib name=ether3_traffic
add fib name=ether5_traffic
# what comes from ether1, gets out from ether1
/ip firewall mangle add action=mark-connection chain=input in-interface=ether1 new-connection-mark=ether1_conn passthrough=yes disabled=no comment="in ether1,out ether1"
/ip firewall mangle add action=mark-routing chain=output connection-mark=ether1_conn new-routing-mark=ether1_traffic passthrough=no disabled=no
/ip route add dst-address=0.0.0.0/0 gateway=X.X.X.X distance=1 routing-table=ether1_traffic disabled=no comment="ether1"
# what comes from ether5, gets out from ether5
/ip firewall mangle add action=mark-connection chain=input in-interface=ether5 new-connection-mark=ether5_conn passthrough=yes disabled=no comment="in ether5,out ether5"
/ip firewall mangle add action=mark-routing chain=output connection-mark=ether5_conn new-routing-mark=ether5_traffic passthrough=no disabled=no
/ip route add dst-address=0.0.0.0/0 gateway=Y.Y.Y.Y distance=1 routing-table=ether5_traffic disabled=no comment="ether5"
Hope that helps
Dear aoakeley
Thankyou so much. Now it is working as I wanted.