I am trying to configure OSPF over tunnel on a router connected to the internet over LTE and I can’t make routing/pbr work as I want. The branch office is going to have WAN connection in some time and then I want to have redundancy thanks to dynamic routing. I also want the router to have have internet access. I created tunnel (IPIP with ipsec), configured OSPF and it works unless there is default route over LTE interface. I had to disable “add default route” in LTE configuration and create static routes pointing to the HQ router. This way tunnel works, OSPF works, and the branch office LAN has acces to the HQ LAN and the internet trough HQ firewall. but the branch office router does not have internet access.
Diagram
I have tried:
/ip firewall mangle
add action=mark-routing chain=output log=yes log-prefix=M1 new-routing-mark=DIRECT1 out-interface=lte1 passthrough=yes
/ip route
add distance=1 gateway=lte1 routing-mark=DIRECT1
and
/ip firewall mangle
add action=mark-routing chain=output disabled=yes log=yes log-prefix=M2 new-routing-mark=DIRECT2 passthrough=yes \
src-address=<lte_address>
/ip route
add distance=1 gateway=lte1 routing-mark=DIRECT2
It dosen’t seem to work.
When those rules and routes are enabled counters on the firewall rules do increase, but tunel does not work and traffic from the router doesn’t go anywhere.
/ping interface=lte1 8.8.8.8
is working but
/ping src-address=<lte_address> 8.8.8.8
does not.
Is it possible to make it work the way I want? What I did wrong?