FYI: I already spent some time with support in ServiceDesk, the ticket number SUP-5149.
I'm trying to get mark based routing working. This config (idea) was perfectly working on the latest ROS 6.xx beta.
board-name: hAP ac^2
current-firmware: 7.0beta5 (tested as well on 7.0beta4)
model: RouterBOARD D52G-5HacD2HnD-TC
I have a regular home router config except:
So, what I'm trying to do:
Code: Select all
/interface bridge add name=br-wan protocol-mode=none /interface vlan add interface=ether2 name=vlan10 vlan-id=10 /interface bridge port add bridge=br-wan hw=no interface=ether1-wan add bridge=br-wan interface=vlan10
1. Create L2TP IPSec VPN connection
2. Mark some packets with routing mark based on belonging target IP to the IP address list
3. Route marked packets to the VPN
Once I add the route (run last two lines) the router reboots in 0..30 seconds.
Code: Select all
/interface l2tp-client add connect-to=my.super.vpn disabled=no ipsec-secret=IPSECSECRET name=\ my.super.vpn password=PASSWORD profile=default use-ipsec=yes user=\ USERNAME /ip firewall address-list add address=188.8.131.52/18 list=MYLIST add address=184.108.40.206/20 list=MYLIST add address=220.127.116.11/20 list=MYLIST /routing table add fib name=ua vrf=main /ip firewall mangle add action=mark-routing chain=prerouting dst-address-list=MYLIST \ new-routing-mark=ua passthrough=yes /ip route add gateway=my.super.vpn@ua
Then, after router boots, there is only 5..10 sec to disable/delete the route before the VPN connection became active, otherwise the router reboot again and again.
Does anyone is running into the same issue?
PS: I've tried to reset router configuration (without installing default one) and configured the router from scratch.