routing problems: default route for SSTP users

snoms · March 23, 2011, 6:44pm

Hi,

I setup a SSTP vpn server parallel to my firewall:

users can connect from the internet, get an IP address from the mikrotik SSTP server (dhcp-pool). That subnet (of the users) is between “mikrotik sstp” and the “switch”. The gateway of that subnet is also on the “switch”.

on mikrotik SSTP: default route is towards the interface from the “router”
on mikrotik SSTP: another route forwards my whole subnet to the interface to the “switch”

So, the users can now connect to everything which is my own net.

But “all” traffic should use that gateway of the “switch”, i.e. also all internet traffic should be forwarded there and afterthat pass the firewall.
Well, here is the problem: If users are connected to the mikrotik SSTP server there seems only to be one route for my subnet, but no default route (for the users) to the internet whose gateway is also the same gateway ip address of the subnet on the “switch”. Where can I add this?
Btw. from the “mikrotik sstp” routing works without any problem. traffic to my network travels through the “switch”, internet traffic is directly forwarded to the “router”.

snoms · April 1, 2011, 8:13pm

Perhaps, this will work with mangle?

Let´s mark all IPs, the users get via dhcp-pool
/ip firewall mangle add chain=prerouting action=mark-connection src-address=10.10.10.0/24 new-connection-mark=togw passthrough=yes
Here, I have some problems, what am I acutally doing?
/ip firewall mangle add chain=prerouting action=mark-routing connection-mark=togw in-interface=INTERFACETOROUTER new-routing-mark=togw
Finally, set the routing
/ip route dst-address=0.0.0.0/0 gateway=10.10.10.1 routing-mark=togw check-gateway=pring

Needless to say, that I this didn´t work…