Send l2tp over secondary WAN ISP *** $100 BOUNTY *** moved

RouterOS Forwarding Protocols
1

MOVED
http://forum.mikrotik.com/viewtopic.php?f=2&t=101508

I currently have 2 ISP with the 2nd only being used for backup and gateway check ping route fail over using distance. Since I have a mostly Idle connection with the second ISP I want to send my voice traffic over that connection. The voice is tunneled through a l2tp so I guess I really want to send the l2tp traffic to the second connection, with a failover on the first connection.

Does anybody know of a quick and easy way to do this. Maybe policy route to the destination on that the l2tp terminates to?

Thanks!

Send l2tp over secondary WAN ISP *** $100 BOUNTY ***
Problem with policy routing
2

Ok, when I add some mangle rules to just accept traffic going the following, the packet counter adds up.
From router to l2tp server:
output
postrouting

from l2tp serer to router:
input
prerouting

But I am thinking that if I use postrouting, the action will happen “post routing” and not send the vpn tunnel over the sceond connection.

3

Ok here is what I have so far:

/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=216.174.x.x new-routing-mark=usesecondary passthrough=no

/ip route
add comment=“Secondary ISP- L2tp traffic” distance=1 gateway=209.153.x.x routing-mark=usesecondary
add check-gateway=ping comment=“Primary ISP” distance=1 gateway=67.52.x.x
add comment=“Secondary ISP” distance=3 gateway=209.153.x.x
add comment=“internal route to l2tp” distance=1 dst-address=10.10.0.0/16 gateway=10.9.0.1

the pre-routing chain seems to have no effect. If I use postrouting or output chain the reply to address is wrong when the packet hits the remote l2tp server and the connection does not establish

Any Ideas?

4

Argh, hitting a deadline. Bounty for the following working config. All details worked out in public forum.

ISP1 Primary
ISP2 Secondary
l2tp traffic prefers ISP2 but will fail over to ISP1 if it does not connect with ISP2
All traffic fails over to ISP2 if ISP1 down.

ISP 1 and 2 have static routes.
One internal VLAN

Current offering is $40 paypal

5

Maybe I will get my own bounty haha, trying this that I found in a similar post. Placing this rule first in mangle skips PCC

add action=accept chain=prerouting disabled=no dst-address=216.174.x.x

I will try this out after hours.

6

OK no luck. It looks from this diagram
http://wiki.mikrotik.com/images/thumb/2/26/PacketFlowDiagram_v6_b.svg/850px-PacketFlowDiagram_v6_b.svg.png
that I may be chasing my tail because the l2tp traffic never hits pre-routing or at least it does not stack up the counters

http://wiki.mikrotik.com/wiki/Manual:Packet_Flow_v6 for the full flow

Any ideas for an alternate method.

7

Now I am confused. I just noticed “routing adjustment” which is mentioned in a forum post that it is supposed to fix exactly what I am seeing.

http://forum.mikrotik.com/t/problem-with-policy-routing/63662/1

8

Bounty up to $100

9

Your end l2tp tunnel have public ip address?


Enviado desde mi LG-D855 usando Tapatalk 2

10

Yes the l2tp server can be reached at 216.174.x.x address that is being route tagged in the mangle

11

MOVED
http://forum.mikrotik.com/t/send-l2tp-over-secondary-wan-isp-100-bounty/92314/1