I’m trying to configure vpn server for remote users so all traffic from remote users will be tunneled and access to the internet should go trough another gateway in my network. I hope, the schematic will be better explanation.
I’ve tried to mark traffic from vpn users the internet and then create route using the mark to another gateway bu it doesn’t seem to work.
Important parts of configuration (LAN has some subnets in 10.0.0.0/8, vpn user get addresses from 10.104.17.0/24):
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=!10.0.0.0/8 log=yes log-prefix=MANGLE new-routing-mark=vpn-users
src-address=10.104.17.0/24
/ip route
add distance=10 gateway=<LAN Router> routing-mark=vpn-users
add distance=1 gateway=<internet gateway>
add distance=5 dst-address=10.0.0.0/8 gateway=<LAN Router>