just found “Mangle world” but I have one question:
I have MicroTik in an external location. There is a VPN connection to our office (another MikroTik). I need to connect to some servers from office’s IP address, so thru the VPN connection. So for each of those servers, I have a static route for each IP address and it’s routed via VPN. This scenario works.
There is only trouble that for each server I need to have and separate route. So I’m just playing with Mangle, generally inspired here: https://wiki.mikrotik.com/wiki/Policy_Base_Routing
So I’m using:
/ip firewall address-list for adding each server to named address list
/ip firewall mangle rule to “mark route” each packet for this Dst. Address List
/ip route rule for packets with “routing mark” to send them via VPN
It works, but compared to direct static routing, the connection is very slow/laggy. I can see it even from the terminal when using SSH. The original method is fast in a normal way. Any clues? Thank you all!
If you have S2S tunnel, i doubt you need any additional routes. Router should see theese networks as directly connected. If you are experiencing performance issues, first thing that comes to my mind is MTU, but could be a NAT also. Can you draw a simple diagram of your topology, so we could help?
. Packet marking is incompatible with fasttracking because fasttracked packets bypass the mangle table and several other stages of packet processing. However, not all packets of fastracked connections are actually fasttracked, so the
action=accept
rule right after the
action=fasttrack-connection
one which explains why the connection is terribly slow but not totally dead.
To check this, just disable the fasttracking rule; if doing so confirms that it is the reason, you’ll need add an ****
action=accept
rule for packets to and from these servers before the
action=fasttrack-connection
rule before re-enabling it.
One way would be to have two rules for that, one with your ****