I have been trying to make the PCC Wiki working in my setup. It does work but break my PPTP VPN. My VPN is using a subnet range that is not in the same LAN subnet, since I have few LAN addresses available. Since I never was able to make the appropriate route to make the PPTP subnet work with the LAN subnet, I bridged those two. Everything work perfectly till I try to incorporate PCC.
If I tried to use my PCC using the LAN interface as the in-interface, packets stays to zero.
If I use the Bridge interface as the in-interface, packets do seem to increase on 0:2 and 1:2, but VPN is no longer able to get to LAN (maybe because the !local does not include the vpn)
I knew you would send me to that DFD! I manage to get all my subnet talking between them! Your help is very appreciated. I even created a rule that work for relaying my email by marking the route from any LAN with dstport 25 and unchecking passthrough.
Two last questions:
When using !local in pcc what does local refer to? local subnet? Does it include IPSec or PPTP VPN? or maybe just packet that are shout and not route?
lastly when a packet hit a mangle that applies to it, does it stops evaluating other mangle rules unless passthrough is selected. Is this a correct understanding of passthrough in marking?
I finally got 35 rules for all my VLAN, Subnet ans tunnels, I know its far from being optimized but its working, and finally turned off my Juniper Netscreen 25
Hope this would help other and be able to help in the future. Hope some Mikrotik training will be available in Canada in the future.
dst-address-type=!local means “the destination address is not an IP address on a router interface”. You wouldn’t want to mark connections that will terminate on the router itself, they shouldn’t get a routing mark later on.
in mangle prerouting, first accept packets with dst-address=your_local_addresses, then mark routing for balancing[/quote]
Though i am been posting requests in the last few days on my load balaning issue without response from the house…i hope i will on this one. I have gotten my network to work with PCC…but when i connect through VPN, i can’t reach inside address except the gateways(exactly the same problem this post creator had) @Chupaka/Rockyboa i tried what you suggested but did not work, maybe i did it wrongly could you please type me the complete statement? below is my mangle:
[user@MikroTik] > ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=mark-connection new-connection-mark=wan2.4_conn
passthrough=yes in-interface=wan2.4
I know this is an old issue but I just ran into the same thing. Which rule are you suggesting to change to src-address? the mangle rules for the actual #/0 entries?
I know this is an old post but I have experienced the same problem. Of course, I searched a lot and this is closest to the solution but however, for me it doesn’t work. I did like You suggested here but no luck with that. I am using 2 x PPP WAN connections with dynamic addresses and everything works like a charm except PPTP VPN… Can’t even ping from my PC to VPN gateway.
I manage to get all my subnet talking between them! Your help is very appreciated. I even created a rule that work for relaying my email by marking the route from any LAN with dstport 25 and unchecking passthrough.