Setting a secondary PPPOE Connection

VisarionC · January 21, 2019, 1:26pm

Hello,

Im having the following scenario: I have 1 WAN connection from my ISP (PPPOE connection). I needed a secondary IP in order to run a HTTP service (I already had port 80 forwarded on my primary connection to an internal server and I needed a secondary IP in order to forward 80 to another internal server). My ISP gave me a secondary IP on the same physical connection also via PPPOE. I have set up the secondary connection, the connection is established (Im receiving the IP the ISP told me I should receive), but there is a problem with routing. I have set up both PPPOE connections to add default routes with a metric of 0. But only one connection is active at a time. What can I do in order to have both connections active at the same time. I`m new to Mikrotik, researched a lot of topics in your forum, but nothing worked.

Please help, thanks

bramwittendorp · January 22, 2019, 2:06pm

I think one option that would suit you is make use of routing-marks. Routing marks give you an additional routing table where you can store your config.

First of all: under /ip firewall mangle add a rule in the prerouting chain. In the rule specify the secondary PPPoE interface and under Action specify the mark routing with something like: secondary-pppoe.

Then go to IP Routes and copy the automatically created static route for PPPoE 2, and specify the routing-mark based on your choice from above.

Your config should look something like

/ip firewall mangle
add action=mark-routing chain=prerouting in-interface=<PPPOE-2 interface> new-routing-mark=secondary-pppoe passthrough=yes

/ip route
add distance=1 gateway=<Gateway of Secondary PPPoE interface) routing-mark=secondary-pppoe

VisarionC · January 22, 2019, 2:42pm

bramwittendorp , thanks for your reply. I have done the setting you told me, but still doesnt work. Any other ideas ? Tell me what output do U need in order to better understand the situation. Im new to Mikrotik and this situation is over my head

Thanks

bramwittendorp · January 22, 2019, 3:20pm

If you could go to the Terminal. This is an option in both Webfig and Winbox

and there do an export: /export hide-sensitive

And past it here between the

tags. That would be great

VisarionC · January 22, 2019, 3:34pm

[admin@MikroTik] > /export hide-sensitive

jan/22/2019 17:29:08 by RouterOS 6.40.1

software id = GPQA-W88X

model = RouterBOARD 3011UiAS

serial number = 783D07CC78EF

/interface bridge
add name=bridge-lan
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-principal
use-peer-dns=yes user=CRPBB266074200
add disabled=no interface=ether1 name=pppoe-secundar user=CRPBB285172484
/ip pool
add name=dhcp_pool0 ranges=192.168.1.32-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge-lan lease-time=1h
name=dhcp-lan
/ppp profile
add dns-server=8.8.8.8 local-address=dhcp_pool0 name=PPTP-Profile
remote-address=dhcp_pool0
/interface bridge port
add bridge=bridge-lan interface=ether10
add bridge=bridge-lan interface=ether9
add bridge=bridge-lan interface=ether8
add bridge=bridge-lan interface=ether7
add bridge=bridge-lan interface=ether6
add bridge=bridge-lan interface=ether5
add bridge=bridge-lan interface=ether4
add bridge=bridge-lan interface=ether3
add bridge=bridge-lan interface=ether2
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.1.1/24 interface=bridge-lan network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.251 name=mail.visioconstruction.com
add address=192.168.1.251 name=smtp.visioconstruction.com
add address=192.168.1.251 name=imap.visioconstruction.com
add address=192.168.1.251 name=mail.hagerqs.com
add address=192.168.1.251 name=wiki.visioconstruction.com
/ip firewall address-list
add address=86.107.176.0/24 list=ClassIT
add address=31.14.161.0/24 list=ClassIT
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=
established,related
add action=accept chain=input dst-port=1723 protocol=tcp
add action=accept chain=input protocol=gre
/ip firewall mangle
add action=passthrough chain=prerouting in-interface=pppoe-secundar
packet-mark=secondary-ppoe
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=21 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=21
add action=dst-nat chain=dstnat dst-port=25 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=25
add action=dst-nat chain=dstnat dst-port=53 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=53
add action=dst-nat chain=dstnat dst-port=53 in-interface=pppoe-principal
protocol=udp to-addresses=192.168.1.251 to-ports=53
add action=dst-nat chain=dstnat dst-port=80 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=80
add action=dst-nat chain=dstnat dst-port=110 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=110
add action=dst-nat chain=dstnat dst-port=139 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=139
add action=dst-nat chain=dstnat dst-port=143 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=143
add action=dst-nat chain=dstnat dst-port=443 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=443
add action=dst-nat chain=dstnat dst-port=445 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=445
add action=dst-nat chain=dstnat dst-port=465 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=465
add action=dst-nat chain=dstnat dst-port=587 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=587
add action=dst-nat chain=dstnat dst-port=783 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=783
add action=dst-nat chain=dstnat dst-port=993 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=993
add action=dst-nat chain=dstnat dst-port=995 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=995
add action=dst-nat chain=dstnat dst-port=2513 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=2513
add action=dst-nat chain=dstnat dst-port=32010 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=32010
add action=dst-nat chain=dstnat dst-port=33010 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.251 to-ports=33010
add action=masquerade chain=srcnat src-address=192.168.1.0/24
add action=dst-nat chain=dstnat dst-port=2513 in-interface=ether1 protocol=tcp
src-address=0.0.0.0 to-addresses=192.168.1.251 to-ports=2513
add action=dst-nat chain=dstnat dst-port=8080 in-interface=pppoe-principal
protocol=tcp to-addresses=192.168.1.250 to-ports=8080
add action=dst-nat chain=dstnat dst-port=161 protocol=udp to-addresses=
192.168.1.250 to-ports=161
add action=dst-nat chain=dstnat dst-port=162 protocol=udp src-address-list=
ClassIT to-addresses=192.168.1.251 to-ports=161
add action=dst-nat chain=dstnat dst-port=2224 protocol=tcp src-address-list=
ClassIT to-addresses=192.168.1.2 to-ports=22
add action=dst-nat chain=dstnat dst-port=2225 protocol=tcp src-address-list=
ClassIT to-addresses=192.168.1.3 to-ports=22
add action=dst-nat chain=dstnat dst-port=2226 protocol=tcp src-address-list=
ClassIT to-addresses=192.168.1.4 to-ports=22
add action=dst-nat chain=dstnat dst-port=8888 protocol=tcp src-address-list=
ClassIT to-addresses=192.168.1.254 to-ports=443
add action=dst-nat chain=dstnat dst-port=17990 protocol=tcp src-address-list=
ClassIT to-addresses=192.168.1.254
add action=dst-nat chain=dstnat dst-port=17988 protocol=tcp src-address-list=
ClassIT to-addresses=192.168.1.254
add action=dst-nat chain=dstnat dst-port=902 protocol=tcp src-address-list=
ClassIT to-addresses=192.168.1.151 to-ports=902
add action=dst-nat chain=dstnat dst-port=4433 protocol=tcp src-address-list=
ClassIT to-addresses=192.168.1.151 to-ports=443
add action=dst-nat chain=dstnat dst-port=2227 protocol=tcp src-address-list=
ClassIT to-addresses=192.168.1.111 to-ports=2222
add action=dst-nat chain=dstnat dst-port=164 protocol=udp src-address-list=
ClassIT to-addresses=192.168.1.111 to-ports=161
add action=dst-nat chain=dstnat dst-port=35040 protocol=tcp src-address-list=
ClassIT to-addresses=192.168.1.111 to-ports=35040
add action=dst-nat chain=dstnat dst-port=2228 protocol=tcp src-address-list=
ClassIT to-addresses=192.168.1.112 to-ports=2222
add action=dst-nat chain=dstnat dst-port=165 protocol=udp src-address-list=
ClassIT to-addresses=192.168.1.112 to-ports=161
add action=dst-nat chain=dstnat dst-port=35041 protocol=tcp src-address-list=
ClassIT to-addresses=192.168.1.112 to-ports=35041
add action=dst-nat chain=dstnat dst-port=2224 in-interface=pppoe-secundar
protocol=tcp to-addresses=192.168.1.2 to-ports=22
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add distance=1 gateway=pppoe-secundar routing-mark=secondary-pppoe
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox address=“31.14.161.42/32,31.14.161.5/32,86.107.176.42/32,86.107.176.5
/32,86.107.176.33/32,188.240.71.42/32,192.168.1.0/24”
set api-ssl disabled=yes
/lcd
set time-interval=daily
/ppp secret

/system clock
set time-zone-name=Europe/Bucharest
/system scheduler
add interval=1d name=FTP-Auto-Backup on-event=FTP-Auto-Backup policy=
ftp,read,write,policy,test,password,sniff,sensitive,romon start-date=
feb/26/2018 start-time=03:10:00
/system script
add name=FTP-Auto-Backup owner=admin policy=
ftp,read,write,policy,test,password,sniff,sensitive,romon source="# automate
d backup 2 External ftp\r
\n\r
\n# ftp configuration\r\

\n\r
\n# months array\r
\n:local months ("jan","feb","mar","apr","may","jun","jul","a
ug","sep","oct","nov","dec");\r
\n\r
\n# get time\r
\n:local ts [/system clock get time]\r
\n:set ts ([:pick $ts 0 2].[:pick $ts 3 5].[:pick $ts 6 8])\r
\n\r
\n# get Date\r
\n:local ds [/system clock get date]\r
\n# convert name of month to number\r
\n:local month [ :pick $ds 0 3 ];\r
\n:local mm ([ :find $months $month -1 ] + 1);\r
\n:if ($mm < 10) do={ :set mm ("0" . $mm); }\r
\n# set $ds to format YYYY-MM-DD\r
\n:set ds ([:pick $ds 7 11] . $mm . [:pick $ds 4 6])\r
\n\r
\n# file name for system backup - file name will be servername-date-time.bac
kup\r
\n:local fname1 ([/system identity get name]."-".$ds."-".$ts.".backup
")\r
\n# file name for config export - file name will be servername-date-time.rsc
\r
\n:local fname2 ([/system identity get name]."-".$ds."-".$ts.".rsc")
\r
\n\r
\n# backup the data\r
\n/system backup save name=$fname1 password=classit9940\r
\n:log info message="System backup finished (1/2).";\r
\n/export compact file=$fname2\r
\n:log info message="Config export finished (2/2)."\r
\n\r
\n# upload the system backup\r
\n:log info message="Uploading system backup (1/4)."\r
\n/tool fetch address="$ftphost" port=2121 src-path=$fname1 user="$ftp
user" mode=ftp password="$ftppassword" dst-path="$ftppath/$fname1" u
pload=yes\r
\n:log info message="System backup uploaded (2/4)."\r
\n# upload the config export\r
\n:log info message="Uploading config export (3/4)."\r
\n/tool fetch address="$ftphost" port=2121 src-path=$fname2 user="$ftp
user" mode=ftp password="$ftppassword" dst-path="$ftppath/$fname2" u
pload=yes\r
\n:log info message="Config export uploaded (4/4)."\r
\n\r
\n# delay time to finish the upload - increase it if your backup file is big
\r
\n:delay 60s;\r
\n# find file name start with UMDB- then remove\r
\n:foreach i in=[/file find] do={ :if ([:typeof [:find [/file get $i name]
([/system identity get name]."-".$ds."-".$ts)]]!="nil") do={/file re
move $i}; }\r
\n:log info message="Configuration files deleted.";\r
\n:log info message="Configuration backup finished.";"
[admin@MikroTik] >

bramwittendorp · January 22, 2019, 5:54pm

Your gateway is not an IP-adress for the specified routing mark

/ip route
add distance=1 gateway=pppoe-secundar routing-mark=secondary-pppoe

In order for it to work, you’ll need to find the IP-adress the ISP uses on the other end of the PPPoE-interface. No next-hop lookup is performed when using this configuration.

VisarionC · January 23, 2019, 9:08am

Still doesn`t work

bramwittendorp · January 23, 2019, 5:44pm

I am sorry. I haven’t taught of one part of the configuration.

You should also mark the traffic that is ment to use the Secondary PPPoE. So add something for that as well under /ip firewall mangle

/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=secondary-pppoe passthrough=yes src-address=<IP Adres of traffic that should use this interface>

Add rules like this for all traffic that should use this interface.

Check if you can do a traceroute as well.

I am thinking that my idea isn’t the way too go, so maybe someone else got a better idea. (I hope so, I can learn more as well)

tromideh · January 23, 2019, 6:09pm

/ip firewall mangle
add action=mark-routing chain=output comment=PPPOE1-RouteMark new-routing-mark=PPPOE1 out-interface=pppoe-principal
add action=mark-routing chain=output comment=PPPOE2-RouteMark new-routing-mark=PPPOE2 out-interface=pppoe-secundar

/ip route
add check-gateway=ping distance=1 gateway=pppoe-principal routing-mark=PPPOE1
add check-gateway=ping distance=1 gateway=pppoe-secundar routing-mark=PPPOE2

nocipeva · January 24, 2019, 4:42pm

VisarionC,

I think we need to understand what you mean by “only one connection is active”.
Do you mean the second PPPoE does not come up ?
Or do you mean something does not work at the IP level, and if so, what is it ?

Thanks