[Solved] OSPF + Multiple Gateways

IPAUser · August 25, 2014, 3:00pm

Hello everyone, this graph should describe pretty well what I’m trying to establish.

Everything is connected through an l2tp/ipsec tunnel (which works perfectly) and on top of that im trying to create a ospf network which gives me some trouble.

First of all i’ll try to explain why I made this kind of a configuration - i guess my routing table is the problem but I’m not sure how to make everything work otherwise.

The problem i’m having is with the router on the left (2 Lan gateways on the same subnet + 2 WAN-gateways in the same subnet). I’m trying to route traffic that goes into the 192.168.1.250 gateway through the 2.2.1.3/29 IP and the other internal gateway (192.168.1.254) through the other address (2.2.1.2/29). i accomplished this with the following lines:
/ip address
add address=2.2.1.2/29 interface=ether6 network=2.2.1.1
add address=2.2.1.3/29 interface=ether7 network=2.2.1.1
add address=192.168.1.254/24 interface=ether1 network=192.168.1.0
add address=192.168.1.250/24 interface=ether2 network=192.168.1.0

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether6 to-addresses=0.0.0.0
add action=masquerade chain=srcnat out-interface=ether7 routing-mark=wan2
to-addresses=0.0.0.0

/ip route
add distance=1 gateway=2.2.1.1%ether7 routing-mark=wan2
add distance=1 gateway=2.2.1.1%ether6

/ip firewall mangle
chain=prerouting action=mark-routing new-routing-mark=wan2 passthrough=no
dst-address-list=!lan1 in-interface=ether2
(the adress list is containing the 192.168.1.0/24 network)

This actually works perfectly, unfortunately the ospf network won’t work, the 192.168.1.0/24 is getting advertised twiece (i want the 250 local gateway to be in charge of the VPN traffic and not both local gateways). As well pinging won’t give me positive results, i know that the ipsec and ospf configuration would be fine otherwise, since using 2 Mikrotiks make my configuration work without a problem. From what i understand is the static interface route a problem for the ospf network, does anyone have advice on how to fix that? Also i’m wondering if i could reduce the amount of ports im using, but that would just be a little extra.

Thank you a lot in advance, i hope it’s clear what i’m trying to do

IPAUser · August 28, 2014, 12:50pm

Can anybody give me at least a hint or an idea how to set this up? i would also be fine with just using one port on the wan/lan side, i just really don’t have a full test environment for setting this up and i can’t really test too much during the working hours.

Any kind of help would be really appreciated!

Kickoleg · August 29, 2014, 4:55pm

Actually it is not set up correctly… You need Loopback address for all points with /32 IPs … After that setup OSPF between loopback interefaces and change cost of path …

IPAUser · September 8, 2014, 8:04am

Thanks that helped a lot!

By the way it’s also important to note, that you have to set the ether1 port as a passive interface (in ospf) so this route is not getting distributed.

Now i still have to set up that the ether 7 port is in charge of the VPN, but this can be looked up in these threads (if anyone else tries to setup something similar):

http://forum.mikrotik.com/t/l2tp-tunnels-with-multiple-internet-connections-issues/49379/1
http://forum.mikrotik.com/t/policy-routing-l2tp-and-multiple-wans/36807/1