Now i’m little bit tired.
after buy louter os 6 license, I send email to one of Mikrotik-routeros.net enginner to support.
this is waht i recieved and repley.
Thank you for hint.
I find a way for question group 2 . netmap.
about question group 1,
You mentioned :
Now it goes harder part.
You need that every VPN connection go out on different ether interfaces.
Sequentially is probably possible but without scripting is not possible.
I suggest dynamically for example:
a) make few pools , and every pool route to different ethernet
----> I’m using Radius Manager form DMASoft Lab. as a RADIUS Server.
when i configure the Service, there are only one input field for “ip pool name” as below.
So, I think i can’t add more ip pools. see attatched picture.
So , i choose second option.
b) make only one pool, and route it with route table. You can make for
example 50 routes so process will almost look like sequent ional loading
ether2 to etherX
I’m trying to configure many way which informed form forum, wiki, etc.
According to one of kind forum user “chupaka”, i got help for configuration with PCC function.
Here are actual configuration for it. and it working fine.
But this load balancing configuration is load balance by connection. not in-interface.
to conclude, when PPTP client access to server form ether1 they using all 6 ether port for each connection to each service dynamically : web,ftp,p2p,streaming…etc
maybe it is better for quality of load balancing.
But few of services like internet banking services, on-line payment services, Some of On-line game services (for example Warcraft-online), they check client ip address
Think about it.
PPTP client Samuel connect to our PPTP server and tried to using “warcraft online”
- access to "warcraft online"web-server for login using ether2 ip
- after then log in server of “warcraft online” process base on client login information. then send to processed information to game server
- game server receive login information form webserver and trying to allow client login. But.. his address is changed. he access from ether4 IP
- connection refused by game server.
- end of sad story.
Can you give me more hint again?
"
Now I’m considering “interface bonding and assign multiple ip to bonded interface” or “make 6 bridge interface and add each ether interface to each bridge port”
or find way to “make 6 ether interface working as a 6 independent PPTP server” and PPTP client select one of PPTP server IP.
"
Subject : 6 ethernet port load balancing for PPTP clients.
ISP1 : 2 Fix Public IP (100Mbps/100Mbps each IP) — I coneect to ether 1&2
ISP2 : 2 Dynamic Public IP (100Mbps/100Mbps each IP) — I coneect to ether 3&4
ISP3 : 2 Dynamic Public IP (100Mbps/100Mbps each IP) — I coneect to ether 5&6
all 3 ISP provide differnt IP Band.
I assigned domain name to ether1 IP to make easy access of PPTP client & etc
/interface bridge
add arp=proxy-arp comment=“” disabled=no name=lan
/interface ethernet
set 0 name=ether1
set 1 name=ether2
set 2 name=ether3
set 3 name=ether4
set 4 name=ether5
set 5 name=ether6
/ip pool
add name=pptp ranges=10.0.0.2-10.0.254.254
/ppp profile
add change-tcp-mss=default comment=“” dns-server=10.0.0.1 local-address=
10.0.0.1 name=profile1-ppp only-one=default remote-address=pptp
use-compression=default use-encryption=default use-vj-compression=default
/interface bridge port
add bridge=lan comment=“” disabled=no interface=ether1
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=profile1-ppp enabled=yes
keepalive-timeout=60 max-mru=1460 max-mtu=1460 mrru=disabled
/ip address
add address=10.0.0.1/16 broadcast=10.0.255.255 comment=“” disabled=no
interface=lan network=10.0.0.0
add address=“ether1 IP from ISP1”/xx broadcast=“ISP1 Broadcast” comment=“” disabled=no
interface=ether1 network=“ISP1 Network”
add address=“ether2 IP from ISP1”/xx broadcast=“ISP1 Broadcast” comment=“” disabled=no
interface=ether2 network=“ISP1 Network”
/ip dhcp-client
add comment=“” disabled=no interface=ether3 use-peer-dns=yes use-peer-ntp=yes use-default-route=no
add comment=“” disabled=no interface=ether4 use-peer-dns=yes use-peer-ntp=yes use-default-route=no
add comment=“” disabled=no interface=ether5 use-peer-dns=yes use-peer-ntp=yes use-default-route=no
add comment=“” disabled=no interface=ether6 use-peer-dns=yes use-peer-ntp=yes use-default-route=no
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB
max-udp-packet-size=512 primary-dns=“ISP Primary DNS” secondary-dns=
“ISP secondary DNS”
/ip firewall mangle
add action=mark-connection chain=input comment=“” disabled=no in-interface=
ether1 new-connection-mark=ether1_conn passthrough=yes
add action=mark-connection chain=input comment=“” disabled=no in-interface=
ether2 new-connection-mark=ether2_conn passthrough=yes
add action=mark-connection chain=input comment=“” disabled=no in-interface=
ether3 new-connection-mark=ether3_conn passthrough=yes
add action=mark-connection chain=input comment=“” disabled=no in-interface=
ether4 new-connection-mark=ether4_conn passthrough=yes
add action=mark-connection chain=input comment=“” disabled=no in-interface=
ether5 new-connection-mark=ether5_conn passthrough=yes
add action=mark-connection chain=input comment=“” disabled=no in-interface=
ether6 new-connection-mark=ether6_conn passthrough=yes
add action=mark-routing chain=output comment=“” connection-mark=ether1_conn
disabled=no new-routing-mark=to_ether1 passthrough=yes
add action=mark-routing chain=output comment=“” connection-mark=ether2_conn
disabled=no new-routing-mark=to_ether2 passthrough=yes
add action=mark-routing chain=output comment=“” connection-mark=ether3_conn
disabled=no new-routing-mark=to_ether3 passthrough=yes
add action=mark-routing chain=output comment=“” connection-mark=ether4_conn
disabled=no new-routing-mark=to_ether4 passthrough=yes
add action=mark-routing chain=output comment=“” connection-mark=ether5_conn
disabled=no new-routing-mark=to_ether5 passthrough=yes
add action=mark-routing chain=output comment=“” connection-mark=ether6_conn
disabled=no new-routing-mark=to_ether6 passthrough=yes
add action=mark-connection chain=prerouting comment=“” disabled=no
dst-address-type=!local new-connection-mark=ether1_conn passthrough=yes
per-connection-classifier=both-addresses:6/0 src-address=
10.0.0.2-10.0.254.254
add action=mark-connection chain=prerouting comment=“” disabled=no
dst-address-type=!local new-connection-mark=ether2_conn passthrough=yes
per-connection-classifier=both-addresses:6/1 src-address=
10.0.0.2-10.0.254.254
add action=mark-connection chain=prerouting comment=“” disabled=no
dst-address-type=!local new-connection-mark=ether3_conn passthrough=yes
per-connection-classifier=both-addresses:6/2 src-address=
10.0.0.2-10.0.254.254
add action=mark-connection chain=prerouting comment=“” disabled=no
dst-address-type=!local new-connection-mark=ether4_conn passthrough=yes
per-connection-classifier=both-addresses:6/3 src-address=
10.0.0.2-10.0.254.254
add action=mark-connection chain=prerouting comment=“” disabled=no
dst-address-type=!local new-connection-mark=ether5_conn passthrough=yes
per-connection-classifier=both-addresses:6/4 src-address=
10.0.0.2-10.0.254.254
add action=mark-connection chain=prerouting comment=“” disabled=no
dst-address-type=!local new-connection-mark=ether6_conn passthrough=yes
per-connection-classifier=both-addresses:6/5 src-address=
10.0.0.2-10.0.254.254
add action=mark-routing chain=prerouting comment=“” connection-mark=
ether1_conn disabled=no new-routing-mark=to_ether1 passthrough=yes
src-address=10.0.0.2-10.0.254.254
add action=mark-routing chain=prerouting comment=“” connection-mark=
ether2_conn disabled=no new-routing-mark=to_ether2 passthrough=yes
src-address=10.0.0.2-10.0.254.254
add action=mark-routing chain=prerouting comment=“” connection-mark=
ether3_conn disabled=no new-routing-mark=to_ether3 passthrough=yes
src-address=10.0.0.2-10.0.254.254
add action=mark-routing chain=prerouting comment=“” connection-mark=
ether4_conn disabled=no new-routing-mark=to_ether4 passthrough=yes
src-address=10.0.0.2-10.0.254.254
add action=mark-routing chain=prerouting comment=“” connection-mark=
ether5_conn disabled=no new-routing-mark=to_ether5 passthrough=yes
src-address=10.0.0.2-10.0.254.254
add action=mark-routing chain=prerouting comment=“” connection-mark=
ether6_conn disabled=no new-routing-mark=to_ether6 passthrough=yes
src-address=10.0.0.2-10.0.254.254
/ip firewall nat
add action=masquerade chain=srcnat comment=“” disabled=no src-address=
10.0.0.2-10.0.254.254
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=
ether1
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=
ether2
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=
ether3
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=
ether4
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=
ether5
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=
ether6
/ip firewall service-port
set pptp disabled=no
/ip neighbor discovery
set ether1 discover=no
set ether2 discover=no
set ether3 discover=no
set ether4 discover=no
set ether5 discover=no
set ether6 discover=no
set lan discover=no
/ip route
add check-gateway=ping comment=“” disabled=no distance=1 dst-address=
0.0.0.0/0 gateway=“ISP1 Gateway IP”%ether1 routing-mark=to_ether1 scope=255
target-scope=10
add check-gateway=ping comment=“” disabled=no distance=1 dst-address=
0.0.0.0/0 gateway=“ISP1 Gateway IP”%ether2 routing-mark=to_ether2 scope=255
target-scope=10
add check-gateway=ping comment=“” disabled=no distance=1 dst-address=
0.0.0.0/0 gateway=“ISP2 Gateway IP”%ether3 routing-mark=to_ether3 scope=255
target-scope=10
add check-gateway=ping comment=“” disabled=no distance=1 dst-address=
0.0.0.0/0 gateway=“ISP2 Gateway IP”%ether4 routing-mark=to_ether4 scope=255
target-scope=10
add check-gateway=ping comment=“” disabled=no distance=1 dst-address=
0.0.0.0/0 gateway=“ISP3 Gateway IP”%ether5 routing-mark=to_ether5 scope=255
target-scope=10
add check-gateway=ping comment=“” disabled=no distance=1 dst-address=
0.0.0.0/0 gateway=“ISP3 Gateway IP”%ether6 routing-mark=to_ether6 scope=255
target-scope=10
/ppp aaa
set accounting=yes interim-update=10m use-radius=yes
/radius
add accounting-backup=no accounting-port=1813 address=“RADIUS server IP”
authentication-port=1812 called-id=“” comment=“” disabled=no domain=“”
realm=“” secret=“RADIUS Secret” service=ppp timeout=2s
/radius incoming
set accept=yes port=1700
/system clock
set time-zone-name=Europe/London
/system clock manual
set dst-delta=+00:00 time-zone=+00:00
set multi-cpu=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=“Primary NTP Server IP” secondary-ntp=
“Secondary NTP Server IP”
