I have two WAN interfaces.
I want to be able to access remotely through either one or the other, but I can only access the one in the main routing table.
I use mangle marking for connections through the secondary WAN interface (wan-01) but when I try to access with winbox (3.37) it shows me the message:
'error: router does not support secure connection, please enable Legacy Mode if you want to connect anyway'
I enable Legacy Mode but winbox does not connect.
I have read in the forum that traffic should be marked and so I do but what am I doing wrong?
Apparently a basic question but one that is giving me a big headache.
Any candid soul who can help me?
Thank you
CODE:
Code: Select all
/ip firewall mangle
add action=mark-routing chain=prerouting comment=To_WAN-01 connection-mark=wan-01 new-routing-mark=wan01 passthrough=no
add action=mark-connection chain=input comment="To_WAN-01 input" connection-mark=no-mark in-interface=pppoe-WAN-01 new-connection-mark=wan-01 passthrough=yes
add action=mark-routing chain=output comment="To_WAN-01 out" connection-mark=wan-01 new-routing-mark=wan01 passthrough=no
add action=mark-routing chain=prerouting comment=To_WAN-02 connection-mark=WAN-MM new-routing-mark=mm passthrough=no
add action=mark-connection chain=input comment="To_WAN-02 input" connection-mark=no-mark in-interface=vlan_MM new-connection-mark=WAN-MM passthrough=no
add action=mark-routing chain=output comment="To_WAN-02 out" connection-mark=WAN-MM new-routing-mark=mm passthrough=no
/routing table
add fib name=mm
add disabled=no fib name=wan01
/ip/address> print
Columns: ADDRESS, NETWORK, INTERFACE
# ADDRESS NETWORK INTERFACE
1 D 22.x.y.z/22 22.x.y.0 vlan_MM
2 D 60.a.b.c/32 192.168.1.1 pppoe-WAN-01
/ip/route> print
Flags: D - DYNAMIC; X, I, A - ACTIVE; c, s, d, v, y - COPY
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE ROUTING TABLE
D v 0.0.0.0/0 pppoe-WAN-01 2 main
DAd 0.0.0.0/0 22.x.y.z 1 main
DAc 192.168.1.1/32 pppoe-WAN-01 0 main
DAc 22.x.y.0/22 vlan_MM 0 main
__ As 0.0.0.0/0 pppoe-WAN-01 2 wan01
/ip/settings> print
ip-forward: yes
send-redirects: yes
accept-source-route: no
accept-redirects: no
secure-redirects: yes
[b] rp-filter: loose[/b]
tcp-syncookies: yes
max-neighbor-entries: 8200
arp-timeout: 30s
icmp-rate-limit: 10
icmp-rate-mask: 0x1818
route-cache: yes
allow-fast-path: no
ipv4-fast-path-active: no
ipv4-fasttrack-active: no
add distance=1 dst-address=0.0.0.0/0 gateway=22.x.y.z pref-src="" routing-table=mm scope=30 suppress-hw-offload=no target-scope=10
I can no longer access through the interface that I was able to access before?
Best regards