FYI: I already spent some time with support in ServiceDesk, the ticket number SUP-5149.
I'm trying to get mark based routing working. This config (idea) was perfectly working on the latest ROS 6.xx beta.
Router info:
architecture-name: arm
board-name: hAP ac^2
cpu-count: 4
cpu-frequency: 716MHz
cpu: ARMv7
current-firmware: 7.0beta5 (tested as well on 7.0beta4)
firmware-type: ipq4000L
model: RouterBOARD D52G-5HacD2HnD-TC
platform: MikroTik
routerboard: yes
I have a regular home router config except:
Code: Select all
/interface bridge
add name=br-wan protocol-mode=none
/interface vlan
add interface=ether2 name=vlan10 vlan-id=10
/interface bridge port
add bridge=br-wan hw=no interface=ether1-wan
add bridge=br-wan interface=vlan10
1. Create L2TP IPSec VPN connection
2. Mark some packets with routing mark based on belonging target IP to the IP address list
3. Route marked packets to the VPN
Code: Select all
/interface l2tp-client
add connect-to=my.super.vpn disabled=no ipsec-secret=IPSECSECRET name=\
my.super.vpn password=PASSWORD profile=default use-ipsec=yes user=\
USERNAME
/ip firewall address-list
add address=87.240.128.0/18 list=MYLIST
add address=93.186.224.0/20 list=MYLIST
add address=95.142.192.0/20 list=MYLIST
/routing table
add fib name=ua vrf=main
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=MYLIST \
new-routing-mark=ua passthrough=yes
/ip route
add gateway=my.super.vpn@ua
Then, after router boots, there is only 5..10 sec to disable/delete the route before the VPN connection became active, otherwise the router reboot again and again.
Does anyone is running into the same issue?
PS: I've tried to reset router configuration (without installing default one) and configured the router from scratch.