WAN FAILOVER failing

I’ve got a direct connection with my ISP on ETH1 with a public ip.
On eth10 i’ve got a 4G LTE router connected with 192.168.5.0/24 as “routing vlan”.
when a ping fails on eth1 i want it to switch to eth10 and when the ping is succesfull again i want it to fail back.
Now with static rutes i know you can add gateway-check but how can i do this with a dhcp client?

Also when i disable eth1 the traffic goes smoothly over eth10 but when i put eth1 back on, my pings fail. if i disable eth10 afterwards the ping works again over eth1.
And adding static routes also did not work for eth1. when i add a static route for eth10 with 0.0.0.0/0 gw=eth10 it works, but 0.0.0.0/0 gw=eth1 does not.

I just want a failover between eth1 and eth10 with eth10 as backup.

Here’s my config :

/interface bridge
add admin-mac=74:4D:28:27:D6:03 auto-mac=no comment=defconf name=bridge
add name=bridge-vlan10
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN01
set [ find default-name=ether10 ] name=ether10_WAN_02_BACKUP
/interface vlan
add interface=ether6 name=vlan10-eth6 vlan-id=10
add interface=ether6 name=vlan20-eth6 vlan-id=20
add interface=ether6 name=vlan30-eth6 vlan-id=30
add interface=ether6 name=vlan99-eth6 vlan-id=99
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec peer profile
add dh-group=modp2048 enc-algorithm=aes-128 name=ike1-site2
/ip ipsec proposal
add enc-algorithms=aes-128-cbc name=ike1-site2 pfs-group=modp2048
/ip pool
add name=pool-LAN ranges=192.168.124.10-192.168.124.254
add name=pool-wifi-guest ranges=192.168.130.10-192.168.130.250
add name=pool-wifi-office ranges=192.168.131.10-192.168.131.250
/ip dhcp-server
add address-pool=pool-LAN disabled=no interface=bridge-vlan10 name=dhcp-lan
add address-pool=pool-wifi-guest disabled=no interface=vlan20-eth6 name=\
    dhcp-wifi-guest
add address-pool=pool-wifi-office disabled=no interface=vlan30-eth6 name=\
    dhcp-wifi-office
/queue simple
add max-limit=5M/5M name=WIFI-guest-limiter target=192.168.130.0/24
/interface bridge port
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge-vlan10 interface=ether3
add bridge=bridge-vlan10 interface=ether4
add bridge=bridge-vlan10 interface=ether5
add bridge=bridge-vlan10 interface=ether7
add bridge=bridge-vlan10 interface=ether8
add bridge=bridge-vlan10 interface=ether9
add bridge=bridge-vlan10 interface=vlan10-eth6
add bridge=bridge-vlan10 interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge-vlan10 list=LAN
add comment=defconf interface=ether1-WAN01 list=WAN
add interface=ether10_WAN_02_BACKUP list=WAN
/interface sstp-server server
set certificate=Server-sstp enabled=yes verify-client-certificate=yes
/ip address
add address=192.168.124.1/24 interface=bridge-vlan10 network=192.168.124.0
add address=192.168.130.1/24 interface=vlan20-eth6 network=192.168.130.0
add address=192.168.132.1/24 interface=vlan99-eth6 network=192.168.132.0
add address=192.168.131.1/24 interface=vlan30-eth6 network=192.168.131.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=WAN_01 dhcp-options=hostname,clientid disabled=no interface=\
    ether1-WAN01
add add-default-route=no comment=WAN_02_BACKUP dhcp-options=hostname,clientid \
    interface=ether10_WAN_02_BACKUP
/ip dhcp-server lease
add address=192.168.124.113 client-id=1:24:5e:be:23:59:35 mac-address=\
    24:5E:BE:23:59:35 server=dhcp-lan
add address=192.168.124.94 client-id=1:24:5e:be:23:59:36 mac-address=\
    24:5E:BE:23:59:36 server=dhcp-lan
/ip dhcp-server network
add address=192.168.124.0/24 comment=defconf gateway=192.168.124.1
add address=192.168.130.0/24 gateway=192.168.130.1
add address=192.168.131.0/24 gateway=192.168.131.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="Lan to MGMT" dst-address=\
    192.168.132.0/24 src-address=192.168.124.0/24
add action=accept chain=forward comment="WIFI kantoor to office" dst-address=\
    192.168.124.0/24 src-address=192.168.131.0/24
add action=accept chain=input comment="WIFI-office to MGMT" dst-address=\
    192.168.132.0/24 src-address=192.168.131.0/24
add action=accept chain=input comment="Remote MGMT" dst-address=\
    192.168.132.0/24 src-address=172.16.2.0/24
add action=accept chain=input comment="SSTP TUNNEL" dst-port=443 protocol=tcp
add action=accept chain=forward comment="OVPN NAS" dst-address=192.168.124.113 \
    dst-port=1194 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="WIFI GUEST TO LAN" out-interface-list=\
    !WAN src-address=192.168.130.0/24
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=accept chain=forward comment=\
    "FORWARD : SKIP fasttrack from guest network" connection-state=\
    established,related src-address=192.168.130.0/24
add action=accept chain=forward comment=\
    "FORWARD : SKIP fasttrack to guest network" connection-state=\
    established,related dst-address=192.168.130.0/24
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
    out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=1194 protocol=udp to-addresses=\
    192.168.124.113
/ip route
add distance=10 gateway=ether10_WAN_02_BACKUP
add comment="SSTP NetwerkPieter" distance=1 dst-address=172.16.2.0/24 gateway=\
    10.10.10.2
/ppp secret
add local-address=10.10.10.1 name=BMSgroep remote-address=10.10.10.2 service=\
    sstp
/system clock
set time-zone-name=Europe/Brussels
/system identity
set name=RB4011-Core
/system logging
add topics=sstp
/tool graphing interface
add interface=ether1-WAN01
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

BUMP anyone?

See http://forum.mikrotik.com/t/feature-suggestion-check-gateway-when-using-dhcp-client/109968/1

You can also do away with

/ip route
add distance=10 gateway=ether10_WAN_02_BACKUP

by changing your backup WAN DHCP client to

ip dhcp-client
add comment=WAN_02_BACKUP default-route-distance=10 dhcp-options=hostname,clientid disabled=no interface=ether10_WAN_02_BACKUP

You may also wish to disable peer DNS obtained by DHCP client and use a generic service (Google, Cloudflare, OpenDNS, etc.)

Is it possible to fix the ID of the Static route ? If I have two static route as above with different distance, the lower one will be the “0” and the other the “1”.
If I change the distance with a netwatch down script (can not ping e.g. 8.8.8.8 from WAN1) the ID will be changed, and I can not generate a “change back script” after some hours, because I don’t know the route ID, and it is needed to the “set distance” command. The problem is, if I want to change back the original distance values every day 12:00, I need to knwo the route ID. If it was a failure, the distances was changed, if there wasn’t, it was not changed. Am I clear ?