[v6.48 on hap ac^2] Understanding routing-mark

vaa · July 11, 2021, 4:55am

Three TVs are connected to Wlan1 and routed to L2TP Client over uplink.

Now I am trying to separate each TV to own L2TP Clients (D1, D2, D3). I set a routing mark to each device and want to add routes for each one.

/ip firewall mangle action=mark-routing src-address=192.168.88.128/30 new-routing-mark=TV1
/ip firewall mangle action=mark-routing src-address=192.168.88.132/30 new-routing-mark=TV2
/ip firewall mangle action=mark-routing src-address=192.168.88.136/30 new-routing-mark=TV3
/ip route add dst-address=0.0.0.0/0 routing-mark=TV1 gateway=D1
/ip route add dst-address=0.0.0.0/0 routing-mark=TV2 gateway=D2
/ip route add dst-address=0.0.0.0/0 routing-mark=TV3 gateway=D3

It isn’t working. Probably misunderstanding of routing-marks. Or is it should be done in other way?

JohnTRIVOLTA · July 11, 2021, 5:08am

Not use mark rules, just add 3 rules on routing tables - each network to view its own routing table !

vaa · July 11, 2021, 6:39am

each network to view its own routing table

Then how to add routing table for specified source network?

I have created tables but how to tell to use D1-D3?

/ip route rule add table=TV1 src-address=192.168.88.128/30 dst-address=0.0.0.0/0
/ip route rule add table=TV2 src-address=192.168.88.132/30 dst-address=0.0.0.0/0
/ip route rule add table=TV3 src-address=192.168.88.136/30 dst-address=0.0.0.0/0

anav · July 11, 2021, 12:59pm

Not sure if it will work in your case but in general sometimes routing can be done without mangling!!

a. create all required routes on the main table.

standard route for internet
route for tv1
route for tv2
route for tv3

Now if you need special control of which subnets use the routes (and quite frankly not sure if the subnet is a source address or destination address in this case or an interface so you will have to determine that part)
Then create three more routes exact copies of the main table routes but with route-marking
route for tv1 route-marking=useD1
route for tv2 route-marking=useD2
route for tv3 route-markng=useD3

Then create associated Route Rules
Entry argument: source-address=subnet L2TP-1 (or destination-address=subnet L2TP-1) (or interface=L2TP-1)
Action= Lookup only in table
Table= useD1

Entry argument: source-address=subnet L2TP-2 (or destination-address=subnet L2TP-2) (or interface=L2TP-2)
Action= Lookup only in table
Table= useD2

Entry argument: source-address=subnet L2TP-3 (or destination-address=subnet L2TP-3) (or interface=L2TP-3)
Action= Lookup only in table
Table= useD3

vaa · July 19, 2021, 2:49am

I have made these configurations but pinging the World is not working.
I have renamed TV1 to ROOM1 for better understanding. And D1-D3 are just names of the L2TP interfaces (it does not come from word destination, routing is based only on source address).

For simplicity here is the code I have launched for the first room:

/ip route add dst-address=0.0.0.0/0 gateway=D1
/ip route add dst-address=0.0.0.0/0 routing-mark=ROOM1 gateway=D1
/ip route rule add action=lookup-only-in-table src-address=192.168.88.128/30 dst-address=0.0.0.0/0 interface=D1 table=ROOM1

Routing Table is now looking like this:

anav · July 19, 2021, 4:36pm

You added something extra in route rule (get rid of destination bit)
Also get rid of D1 just the source address.