Hello.
I have simple installation on Mikrotik RB750/RouterOS6.33rc16.
In this installation I have IP 1.2.3.4 on ISP interface. When clients connect to Mikrotik PPTP server on this IP, I mark this connection and then mark routing.
This happens in mangle:
1 ;;; vpn-in
chain=input action=mark-connection new-connection-mark=vpn-in passthrough=yes protocol=tcp in-interface=ether5-isp1 dst-port=1723 log=no log-prefix=""
2 ;;; vpn-in
chain=input action=mark-connection new-connection-mark=vpn-in passthrough=yes protocol=gre in-interface=ether5-isp1 log=no log-prefix=""
3 ;;; vpn-in
chain=output action=mark-routing new-routing-mark=isp1-only passthrough=yes connection-mark=vpn-in log=no log-prefix=""
and this is routing:
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=ether5-isp1 gateway-status=ether5-isp1 reachable distance=1 scope=30 target-scope=10 routing-mark=isp1-only
1 ADC dst-address=1.2.3.0/32 pref-src=1.2.3.4 gateway=ether5-isp1 gateway-status=ether5-isp1 reachable distance=0 scope=10
2 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=ether2-master-local gateway-status=ether2-master-local reachable distance=0 scope=10
Long story short, this configuration isn’t working, clients can’t connect to PPTP server. I can see in packet sniffer that router gets packets, but it’s not responding to them.
The only way for it to work is to add another default route without routing mark. Such route may point in any direction, the only limitation - it must be in reachable state(unicast). Example:
1 A S dst-address=0.0.0.0/0 gateway=ether2-master-local gateway-status=ether2-master-local reachable distance=1 scope=30 target-scope=10
As soon as I add this route, everything works fine.
So my question is: why do I need to have default route for PPTP server without rouring mark, even if this route not used by anything? Am I doing something wrong?
I tested two devices, one in production with complex configuration, and one testing device with default configuration, with just additions you can see in this post. Both devices behave in same way.
In production I have 2 ISP and I balance pretty much all traffic with manual routing marks, so I don’t have default route without routing mark.