All our subscribers arrive at the gateway via PPTP tunnels, and have statically assigned IP addresses. Internet connection from the gateway is via two dsl modems. I’d like to route one group of subscribers out through modem A and another group through modem B.
The PPTP network is 172.16.4.0/24. If I split this into /26 subnets can I use Mangle to route-mark packets from the 172.16.4.0/26 network for Modem A and packets from the 172.16.4.64/26 network for Modem B? ie. does the route-mark survive the termination of the tunnel? Would it be better to use packet marking, or connection marking?
What’s the correct chain to use, prerouting or forward?
With what address are the packets forwarded out of the gateway to the modem - that of the PPtP server (172.16.4.1), the router’s interface to the modem, or the IP of the originating source? For accounting purposes it’s necessary that all responses pass back through the tunnel.
just set up address-list with one part of your customers in one and other part in other, that way you can even swap customers if you see, that someone is heavy and other link is not that congested.
and use address-list to mangle packets
EDIT:
since you will be adjusting routing with mangle, you should mark packets with routing marks in prerouting, since that is before routing decisions, as name implies
I followed your instructions and it works - but it works too well and has thrown up another problem.
I’ve group A on subnet 172.16.4.0/28 and group B on subnet 172.16.4.64/28. Incoming packets from group A’s subnet are picked up by the address list and allocated routing mark ‘A’ and ditto group B with routing mark ‘B’. I’ve a default route for packets route-marked ‘A’ through gateway A, and a default route for those marked ‘B’ through gateway B.
That works, but unfortunately it seems that packets from group A addressed to group B are also being sent out of the ‘A’ gateway rather than routed internally to group B, and vice versa, - presumably because of the routing mark - although there is a route to 172.16.4.0/24 via interface 172.16.4.1
/ip fi man add chain=prerouting dst-address=172.16.4.0/24 action=accept
achieve the same thing? Or is that too simple?
Edit: Trying to think this think through, don’t we have a problem here in that practically everything arriving at the router is going to have a destination address of 172.16.4.1, as that’s the address of the PPTP server. So this rule will by-pass the route marking?
Or does the chain=prerouting only kick in after the PPP wrapper has been stripped?
