Hello,
currently I am working on configuring the RB3001UiAS. What I am trying to do is a failover from one VPN to another, and if that fails too, then I want it to failover to use another port as WAN for a pool of IPs only. The basic config:
Generally there are two networks, 192.168.10.0/24 and 192.168.20./24. The first network should just be routed, simple, works. Every client from the second network has to access the internet over a PPTP VPN in the mikrotik. If the connection to the VPN fails, I want it to failover to another VPN. If that fails as well, I want to bypass the VPN and use ether5 as WAN port for all the clients in the second network (192.168.20.0/24). I already created the DHCP Client for ether5 but I dont know how to do the failover.
Is my current configuration correct, and how do I setup the failover?
Export:
/interface bridge
add name=bridge-standard // 192.168.10.0/24 IPs
add name=bridge-vlan20 // 192.168.20.0/24 IPs
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether8 ] master-port=ether7
set [ find default-name=ether9 ] master-port=ether7
set [ find default-name=ether10 ] master-port=ether7
/interface pptp-client
add connect-to=yy disabled=no mrru=1600 name=vpnprovider password=\
swnN07YtDF user=pptp
/interface vlan
add interface=ether2 name=eth2-vlan20 vlan-id=20
/ip pool
add name=POOL10 ranges=192.168.10.50-192.168.10.199
add name=POOL20 ranges=192.168.20.50-192.168.20.199
/ip dhcp-server
add address-pool=POOL10 disabled=no interface=bridge-standard lease-time=1d \
name=dhcp10
add address-pool=POOL20 disabled=no interface=bridge-vlan20 lease-time=1d \
name=dhcp20
/interface bridge port
add bridge=bridge-vlan20 interface=eth2-vlan20
add bridge=bridge-vlan20 interface=ether6
add bridge=bridge-standard interface=ether2
add bridge=bridge-standard interface=ether7
/ip address
add address=192.168.10.1/24 interface=bridge-standard network=192.168.10.0
add address=192.168.20.1/24 interface=bridge-vlan20 network=192.168.20.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=ether1
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface=ether5
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.20.1
/ip dns
set cache-max-ttl=1d servers=8.8.8.8,8.8.4.4
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=VPN passthrough=yes \
src-address=192.168.20.1-192.168.20.254
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 src-address=\
192.168.10.0/24
# vpnprovider not ready
add action=masquerade chain=srcnat out-interface=vpnprovider
/ip route
add distance=1 gateway=vpnprovider routing-mark=VPN
add distance=1 gateway=bridge-standard
/system clock
set time-zone-name=Europe/Berlin
/system ntp client
set enabled=yes primary-ntp=212.18.3.19 secondary-ntp=88.198.197.205
/system routerboard settings
set protected-routerboot=disabled
Thank You very much for your help!