I’m puzzled with the following setup. Currently I have a router that’s connected via two ISPs. One of them is primary, the second one is backup. Over the primary ISP I have a static public IP address and I have built an IPsec tunnel to my main router. I would like to have a second tunnel (something simple like PPTP or SSTP) but I would like the router to use the backup line (it does not have static public IP address assigned).
So in a way it’s a routing logic question. The standard routing table points to the primary ISP, and I have created a prerouting mangle rule to mark the PPTP packets and a static route that matches that routing mark and forwards the PPTP traffic over the backup connection. The problem is, I don’t see the mangle rule working at all… is this because the traffic is originated by the router? How can I make it work for such traffic?
/ip route
add distance=1 gateway=192.168.1.1 routing-mark=backup
/ip firewall mangle
add action=mark-routing chain=prerouting dst-port=1723 new-routing-mark=backup passthrough=yes protocol=tcp