Community discussions

MikroTik App
 
rocker112
just joined
Topic Author
Posts: 4
Joined: Wed Sep 09, 2020 4:09 am

Dual WAN + OpenDNS

Sun Nov 15, 2020 10:09 pm

I'm trying to set up a home network with two WANs. One is high speed, but capped. The other is lower speed and uncapped. It would be nice to switch back and forth between them easily. For example, each computer would normally use the lower speed one, but could switch to the high speed one if the speed was needed. I've looked at various posts and have things set up where I can use either WAN one at a time. Currently I have the low-speed WAN configured for port 1 and the high-speed configured for port 9. But I only connect them one at a time. I have some computers connected to the other physical ports, but am using the WiFi for most devices.

I've seen posts about having the dual WANs load balance or fail-over, but that's not what I'm interested in. Also, I don't have specific computers going to specific ports to control what WAN to go through. I want to be able to set something on the individual computer that tells it what WAN to use (for example, change the IP from one range for low-speed, another range for high-speed or the gateway to use ...).

Related, I also want to be able to use OpenDNS regardless of the WAN used. That means setting the DNS nameservers to specific, static addresses. Is this possible? In other words, would the IP resolution occur at the MikroTik or at the WAN modems/routers? Would the MikroTik dynamically / automatically use whatever DNS nameservers the WAN modems/routers are using? This is a big question because one the of modems has DNS nameservers that are not configurable by the user. If that gets automatically used by the MikroTik, it will circumvent OpenDNS. I can (and will) check whether it currently does this. But that won't tell me how a change of configuration would affect it.

Thanks!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 5766
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Dual WAN + OpenDNS

Mon Nov 16, 2020 1:54 pm

The opendns part is easy, the other request may not be possible.
The only solution I can think of is have each user go into the computer and manually change the IP address/subnet to match what is setup on the router to use a specific WAN.
Of course there are brainiacs here who can dream up almost anything so its possible I just cant think of how.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
SiB
Forum Guru
Forum Guru
Posts: 1221
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: Dual WAN + OpenDNS

Tue Nov 17, 2020 10:54 am

I want to be able to set something on the individual computer that tells it what WAN to use (for example, change the IP from one range for low-speed, another range for high-speed or the gateway to use ...).
At any OS, Windows too - you can mark outgoing connections/packages with differ DSCP tag, this can be read by MikroTik and use other policy in Mangle. That way your PC can use differ WANs per differ software. Some time ago I do a rule that WinBox at my PC ONLY can go out ... to secure that only my PC from my LAN can use winbox.
Image

About MultiWan HowTo: viewtopic.php?f=13&t=166412&p=818011#p818011
MTCNA + MTCRE + MTCINE | ~600 users at ~150 RouterBoards in EMEA | Telegram: @SiB_PL
WinBox Tip: F6 works as ALT+TAB | Gliffy.com - free network schematic | prnt.sc - free ScreenShot software
I will be at MUMEUROPE Prague on ?? ?? 202?
 
aesmith
Member Candidate
Member Candidate
Posts: 139
Joined: Wed Mar 27, 2019 6:43 pm

Re: Dual WAN + OpenDNS

Tue Nov 17, 2020 11:04 am

Related, I also want to be able to use OpenDNS regardless of the WAN used. That means setting the DNS nameservers to specific, static addresses. Is this possible? In other words, would the IP resolution occur at the MikroTik or at the WAN modems/routers? Would the MikroTik dynamically / automatically use whatever DNS nameservers the WAN modems/routers are using? This is a big question because one the of modems has DNS nameservers that are not configurable by the user. If that gets automatically used by the MikroTik, it will circumvent OpenDNS. I can (and will) check whether it currently does this. But that won't tell me how a change of configuration would affect it.
Check what you have configured and in operation first, so we don't go down a blind alley.

Then also decide whether you want to dish out OpenDNS servers to your connected devices via DHCP, or do you want them to use the Mikrotik as local DNS server with the Mikrotik itself looking to OpenDNS. Second option allows you to add static entries for your local devices, and means that look ups are cached locally.
 
rocker112
just joined
Topic Author
Posts: 4
Joined: Wed Sep 09, 2020 4:09 am

Re: Dual WAN + OpenDNS

Sun Nov 22, 2020 1:02 am

Thanks for the help. Having the "leaf" machines use the MikroTik as the DNS server seems preferable.

Here is my config (export compact). If there's an even more compact way that I should be using, let me know.

# nov/21/2020 16:55:27 by RouterOS 6.47.3
# software id = E1GF-ZJZ5
#
# model = RB4011iGS+5HacQ2HnD
# serial number = D1470BF44B0F
/interface bridge
add admin-mac=C4:AD:34:DC:87:A1 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country="united states" disabled=no distance=indoors frequency=auto frequency-mode=manual-txpower installation=indoor mode=ap-bridge secondary-channel=auto ssid=MikroUnified-5 station-roaming=enabled \
wireless-protocol=802.11
set [ find default-name=wlan2 ] antenna-gain=0 band=2ghz-b/g/n channel-width=20/40mhz-XX country="united states" disabled=no distance=indoors frequency=auto frequency-mode=manual-txpower installation=indoor mode=ap-bridge ssid=MikroUnified-2 station-roaming=enabled wireless-protocol=802.11
/interface vrrp
add interface=bridge name=vrrp1
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=Ellerman wpa2-pre-shared-key=Ellerman
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment="SilverShark router" interface=ether1 list=WAN
add comment="AT&T Router" interface=ether9 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
add address=192.168.88.2 interface=bridge network=255.255.255.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
add disabled=no interface=ether9
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=208.67.220.220,208.67.222.222
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip route
add disabled=yes distance=1 gateway=192.168.88.230
/system clock
set time-zone-name=America/Chicago
/system identity
set name=MikroTik112
/system leds
add interface=wlan2 leds=wlan2_signal1-led,wlan2_signal2-led,wlan2_signal3-led,wlan2_signal4-led,wlan2_signal5-led type=wireless-signal-strength
add interface=wlan2 leds=wlan2_tx-led type=interface-transmit
add interface=wlan2 leds=wlan2_rx-led type=interface-receive
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 5766
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Dual WAN + OpenDNS

Sun Nov 22, 2020 5:30 pm

Why does ether2 have the 88.1 address subnet assigned to it?
You stated it was part of the bridge?
Then you have the bridge a single address.. 88.2.
Me thinks you are confused??
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
aesmith
Member Candidate
Member Candidate
Posts: 139
Joined: Wed Mar 27, 2019 6:43 pm

Re: Dual WAN + OpenDNS

Sun Nov 22, 2020 7:29 pm

Comments from comparing with my configuration, where I do the same with DNS - router uses Open DNS but the DHCP clients lookup from the router. I think you need to add the DNS option into your DHCP server config.
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 

As advised by Anav, remove the address from ether2 and add it in the same format to the bridge ..
/ip address
add address=192.168.88.1/24 interface=bridge network=192.168.88.0

Personal preference (which I can see I haven't followed 100%) is to remove the "comment=defconf" from any item that I modify. Because obviously if it's modified it's no longer default configuration.
 
rocker112
just joined
Topic Author
Posts: 4
Joined: Wed Sep 09, 2020 4:09 am

Re: Dual WAN + OpenDNS

Mon Nov 23, 2020 2:05 am

I added the dns-server parameter in /ip dhcp-server network.
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1

When I try to remove the ip address assignment on ether2, I can no longer connect to the router and have to reset to factory defaults. It comes up with that config on default (assigning 192.168.88.1/24 to ether2).
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0

Could that be because I should add the other 1st maybe, then delete the ether2 assignment? I think I tried that, but I'm not sure.

I haven't checked, but it looks like this should make open-dns happy. Good call about getting rid of the defconf comments when I make changes!

How do I set things up to pick between my 2 WANs?
 
aesmith
Member Candidate
Member Candidate
Posts: 139
Joined: Wed Mar 27, 2019 6:43 pm

Re: Dual WAN + OpenDNS

Mon Nov 23, 2020 3:04 pm

When I try to remove the ip address assignment on ether2, I can no longer connect to the router and have to reset to factory defaults. It comes up with that config on default (assigning 192.168.88.1/24 to ether2).
To be honest I can't remember what I did with my old router. That had the IP address on ether2 rather than the bridge, and I changed that in some way.

As for choosing between the two WANs, how do you want to do that? I have dual WAN primarily as active and backup.
 
mkx
Forum Guru
Forum Guru
Posts: 5058
Joined: Thu Mar 03, 2016 10:23 pm

Re: Dual WAN + OpenDNS

Mon Nov 23, 2020 5:40 pm

When I try to remove the ip address assignment on ether2, I can no longer connect to the router

You should use winbox (download it from mikrotik's download server) and connect via MAC ... when selecting router from the list of detected ROS devices, click on MAC address rather than IP address. This way you'll be able to remove LAN IP address without losing management connection.
BR,
Metod
 
rocker112
just joined
Topic Author
Posts: 4
Joined: Wed Sep 09, 2020 4:09 am

Re: Dual WAN + OpenDNS

Tue Nov 24, 2020 3:45 am

mkx - thanks for the tip. Sounds like that would make my life much easier if I mess something up!

aesmith - For switching WANs, I'd like the change to happen on the individual PC. One option I thought of was to have each PC use one of 2 IPs (like ***.***.***.101 or ***.***.***.201) where the 100 - 149 range would use one WAN, 200 - 249 would use another. Ideally, they'd be separated by a nice even number so it would be easy to remember or I may just write a utility program for the computers that provides a couple of buttons to switch the IP. I also thought about selecting by gateway, but I don't know if that works. It seems like it would be easy enough to say that IP Range A goes out one port and Range B goes out another. But I sure don't know how to do it!
 
aesmith
Member Candidate
Member Candidate
Posts: 139
Joined: Wed Mar 27, 2019 6:43 pm

Re: Dual WAN + OpenDNS

Tue Nov 24, 2020 11:03 am

A router's natural behaviour is to route based on destination address. So adding configuration to make the routing decision on some other basis is not quite so easy. I've not done this, but I think you could use packet marks or routing marks to do this. I did a quick check and I think it can be done this way ..
1. Add a new default route via your second WAN, set a custom "routing mark"
2 Add a mangle rule (IP / Firewall / Mangle) to match the traffic that you want to use that route, set action as "mark routing" and set the mark to match your new route.

It might be more efficient to first mark the connection, then a second rule matching the connection mark and applying the routing mark,

Who is online

Users browsing this forum: No registered users and 44 guests