The network diagram has been attached.please take a look.
Let me explain the scenario:
as you see we have two networks.both connected to the Internet.Mikrotik router at LAN (A) makes a pptp connection to the pptp server at LAN(B).in LAN (B) we have a server ( with IP address 192.168.1.100 ) which clients at LAN(A) communicate with it through the VPN tunnel .both the LANs have a 1Mb/s Internet connection bandwidth (1Mb/s download and 1Mb/s upload). we want to specify just two type of packets in LAN(B) in mangle rules:
a) “server” packets : Packets come in/out to/from the LAN(B)‘s server through the VPN tunnel to/from the LAN (A)’ clients.
b) “else” packets : all of other packets from LAN(B) to the Internet ( Not through VPN tunnel) and vice avers.
the priority for "server"packets is “2” and “esle” packets is “5”. and we want to use queue tree for this scenario. and the remaining bandwidth for the LAN(B)'s clients must be shared equally between them. that is :
if just one client using Internet then all of the remaining bandwidth belongs to it. then if another client comes to use the internet then the bandwidth shares equally between them. Be aware that, because of priority of the “server” packets, if when clients in LAN(B) are using the Internet , suddenly some connections come from the LAN(A)'s clients to the server in LAN(B) via the vpn tunnel then our queue system must give them their needed bandwidth by obtaining this bandwidth from the LAN(B)'s clients using it for Internet marked as “else” packets" .
Questions:
1- What are the mangle rules in LAN(B)?
2- what are the queue rules in LAN(B)?
1- Mangle Rules:
for “Server” mark:
chain=prerouting action=mark-connection new-connection-mark=server
passthrough=yes protocol=tcp src-address=192.168.1.0 src-port=10000
chain=prerouting action=mark-packet new-packet-mark=server passthrough=no
connection-mark=server
for “else” mark:
chain=prerouting action=mark-connection new-connection-mark=else
passthrough=yes src-address=192.168.1.0/24
chain=prerouting action=mark-packet new-packet-mark=else passthrough=no
connection-mark=else
Sorry for late.
and for queue tree :
I attached a file that is a queue diagram, please take a look.
and according to the diagram we have :
name=“Download_Parent 1” parent= packet-mark=“” limit-at=0
queue=default priority=8 max-limit=1M burst-limit=0 burst-threshold=0
burst-time=0s
name=“Download_Parent 2” parent=ether2 packet-mark=“” limit-at=0
queue=default priority=8 max-limit=1M burst-limit=0 burst-threshold=0
burst-time=0s
name=“server_down” parent=Download_Parent 1 packet-mark=“server” limit-at=0
queue=default priority=2 max-limit=1M burst-limit=0 burst-threshold=0
burst-time=0s
name=“else_down” parent=Download_Parent 2 packet-mark=“else” limit-at=0
queue=pcq-download-default priority=5 max-limit=1M burst-limit=0
burst-threshold=0 burst-time=0s
name=“Upload_Parent 1” parent= packet-mark=“” limit-at=0
queue=default priority=8 max-limit=1M burst-limit=0 burst-threshold=0
burst-time=0s
name=“Upload_Parent 2” parent=ether1 packet-mark=“” limit-at=0
queue=default priority=8 max-limit=1M burst-limit=0 burst-threshold=0
burst-time=0s
name=“server_up” parent=Upload_Parent 1 packet-mark=“server” limit-at=0
queue=default priority=2 max-limit=1M burst-limit=0 burst-threshold=0
burst-time=0s
name=“else_up” parent=Upload_Parent 2 packet-mark=“else” limit-at=0
queue=pcq-upload-default priority=5 max-limit=1M burst-limit=0
burst-threshold=0 burst-time=0s
But it is incorrect!!!
Because I think the above diagram is incorrect in download_queues and the following diagram is correct :
note that : in HTB queue the control is outbound that is on the outgoing interfaces ( real or virtual) and determining which interface is really out interface is important.
and according to the diagram we have :
name=“Download_Parent” parent=ether2 packet-mark=“” limit-at=0
queue=default priority=8 max-limit=1M burst-limit=0 burst-threshold=0
burst-time=0s
name=“server_down” parent=Download_Parent packet-mark=“server” limit-at=0
queue=default priority=2 max-limit=1M burst-limit=0 burst-threshold=0
burst-time=0s
name=“else_down” parent=Download_Parent packet-mark=“else” limit-at=0
queue=pcq-download-default priority=5 max-limit=1M burst-limit=0
burst-threshold=0 burst-time=0s
name=“Upload_Parent 1” parent= packet-mark=“” limit-at=0
queue=default priority=8 max-limit=1M burst-limit=0 burst-threshold=0
burst-time=0s
name=“Upload_Parent 2” parent=ether1 packet-mark=“” limit-at=0
queue=default priority=8 max-limit=1M burst-limit=0 burst-threshold=0
burst-time=0s
name=“server_up” parent=Upload_Parent 1 packet-mark=“server” limit-at=0
queue=default priority=2 max-limit=1M burst-limit=0 burst-threshold=0
burst-time=0s
name=“else_up” parent=Upload_Parent 2 packet-mark=“else” limit-at=0
queue=pcq-upload-default priority=5 max-limit=1M burst-limit=0
burst-threshold=0 burst-time=0s
I Think this is correct.
But where was the problem? In determining the exact outgoing interface for each type of traffic.
so, the question now is :
how we can distinguish and recognize the input and output interfaces for each type of traffic? …
how did u route from the VPN server to client and client to server MT. please help me how to implement the scenario.
Suppose we set a secret in pptp server in LAN(B) which once the router in LAN(A) makes a pptp connection to router in LAN(B) with this secret , then the local pptp server IP address becomes 192.168.0.1 as mentioned in the diagram and the remote pptp client IP address ( that is router (A)) becomes 192.168.0.2.
Then for routing :
in LAN(A) we have:
ip route add dst-address=192.168.1.0/24 gateway=192.168.0.1
and in LAN(B) we have :
ip route add dst-address=172.16.1.0/24 gateway=192.168.0.2
Or instead of specify the IP address for “gateway” in the above you can just specify the pptp interface in both route.