Hi,
I’m facing a problem for which I coulndn’t find any help on any official and non official forum. I’m load balancing my internet connections with pcc, which works great except from the fact that if the https queries are not broken because of the setting “source address” in the firewall mangle, the sip calls are one way —> the receiver hears me but I can’t hear anything. I tried disabling the sip helper but no result. The curious thing is that I managed to fine tune the pcc in order to obtain two way sip calls but in that case the https links are broken even if the pings are great (full reachability of the target). This leads me to two configurations which work great indipendently but it seems that there’s no way to get both aspects (either sip calls or great balanced wan connections) working at the same time. In this environment I’ve got 30 softphones clients using linphone calling via sipgate.
CONF. working for broken https links
/interface ethernet
set [ find default-name=sfp4 ] mtu=1480 name=LAN-OMNEA
set [ find default-name=sfp1 ] name=Management
set [ find default-name=sfp2 ] mtu=1480 name=WAN-DTAG
set [ find default-name=sfp3 ] mtu=1480 name=WAN-KABEL
/ip address
add address=192.168.88.1/24 interface=Management network=192.168.88.0
add address=192.168.5.1/24 interface=LAN-OMNEA network=192.168.5.0
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=WAN-1
per-connection-classifier=!src-address:2/0
add action=mark-connection chain=prerouting new-connection-mark=WAN-2
per-connection-classifier=!src-address:2/1
add action=mark-connection chain=prerouting comment=“CM for WAN-1”
disabled=yes in-interface=LAN new-connection-mark=WAN-1
per-connection-classifier=!src-address:2/0
add action=mark-connection chain=prerouting comment=“CM for WAN-2”
disabled=yes in-interface=LAN new-connection-mark=WAN-2
per-connection-classifier=!src-address:2/1
add action=mark-connection chain=output comment=“CM for WAN-1 - output”
connection-mark=no-mark new-connection-mark=WAN-1
per-connection-classifier=!src-address-and-port:2/0
add action=mark-connection chain=output comment=“CM for WAN-2 - output”
connection-mark=no-mark new-connection-mark=WAN-2
per-connection-classifier=!src-address-and-port:2/1
add action=mark-connection chain=input comment=“CM input WAN-1”
connection-mark=no-mark disabled=yes in-interface=WAN-1
new-connection-mark=WAN-1 per-connection-classifier=
!both-addresses-and-ports:2/0
add action=mark-connection chain=input comment=“CM input WAN-2”
connection-mark=no-mark disabled=yes in-interface=WAN-2
new-connection-mark=WAN-2 per-connection-classifier=
!both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting comment=“RM for WAN-1”
connection-mark=WAN-1 in-interface=LAN new-routing-mark=WAN-1
add action=mark-routing chain=prerouting comment=“RM for WAN-2”
connection-mark=WAN-2 in-interface=LAN new-routing-mark=
WAN-KABEL
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN-1
add action=masquerade chain=srcnat out-interface=WAN-2
/ip firewall service-port
set sip disabled=yes
/ip route
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=WAN-1
add distance=10 gateway=192.168.2.1 routing-mark=WAN-1
add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=WAN-2
add distance=10 gateway=192.168.3.1 routing-mark=WAN-2
add distance=1 gateway=LAN-
==========================>
conf working for sip calls (30 softphones clients) but broken https:
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=WAN-1
per-connection-classifier=src-address-and-port:2/0
add action=mark-connection chain=prerouting new-connection-mark=WAN-2
per-connection-classifier=src-address-and-port:2/1
add action=mark-connection chain=prerouting comment=“CM for WAN-1”
in-interface=LAN- new-connection-mark=WAN-1
per-connection-classifier=!src-address:2/0
add action=mark-connection chain=prerouting comment=“CM for WAN-2”
in-interface=LAN- new-connection-mark=WAN-2
per-connection-classifier=!src-address:2/1
add action=mark-connection chain=output comment=“CM for WAN-1- output”
connection-mark=no-mark new-connection-mark=WAN-1
per-connection-classifier=!src-address-and-port:2/0
add action=mark-connection chain=output comment=“CM for WAN-2 - output”
connection-mark=no-mark new-connection-mark=WAN-2
per-connection-classifier=!src-address-and-port:2/1
add action=mark-connection chain=input comment=“CM input WAN-1”
connection-mark=no-mark in-interface=WAN-1 new-connection-mark=
WAN-1 per-connection-classifier=!src-address-and-port:2/0
add action=mark-connection chain=input comment=“CM input WAN-2”
connection-mark=no-mark in-interface=WAN-2 new-connection-mark=
WAN-2 per-connection-classifier=!src-address-and-port:2/1
add action=mark-routing chain=prerouting comment=“RM for WAN-1”
connection-mark=WAN-1 in-interface=LAN- new-routing-mark=WAN-1
add action=mark-routing chain=prerouting comment=“RM for WAN2”
connection-mark=WAN-2 in-interface=LAN- new-routing-mark=
WAN-2
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN-1
add action=masquerade chain=srcnat out-interface=WAN-2
/ip firewall service-port
set sip disabled=yes
/ip route
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=WAN-1
add distance=10 gateway=192.168.2.1 routing-mark=WAN-1
add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=WAN-2
add distance=10 gateway=192.168.3.1 routing-mark=WAN-2
add distance=1 gateway=LAN
/ip service
set www-ssl disabled=no
no way to get from this two confs one that works for both aspect mentioned. Open and grateful for any suggestions, corrections ideas. Just cannot immagine that this great piece of hardware (CCR-1016-125-1S+RM) is unable to do both at the time; prefere thinking is my fault and that I’m missing somtething.
THNX
-MIKROFANATIK-