Community discussions

MikroTik App
 
kenyloveg
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 82
Joined: Tue Jul 14, 2009 3:25 pm

L2TP in mangle not working after changed PCC rules

Mon Jan 28, 2019 10:30 am

Hi, Guys
I've rebuild my PCC rules according to https://mum.mikrotik.com/2019/VN/agenda, the problem is l2tp routing is not working anymore.
Here is my old config, l2tp routing is working without any problems.
/ip firewall mangle
add action=mark-connection chain=prerouting in-interface=ether2-wan1 new-connection-mark=wan1
add action=mark-connection chain=prerouting in-interface=ether3-wan2 new-connection-mark=wan2
add action=mark-connection chain=prerouting in-interface=ether4-wan3 new-connection-mark=wan3
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=bridge1 new-connection-mark=wan1 passthrough=yes per-connection-classifier=both-addresses:3/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=bridge1 new-connection-mark=wan2 passthrough=yes per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=bridge1 new-connection-mark=wan3 passthrough=yes per-connection-classifier=both-addresses:3/2
add action=mark-routing chain=prerouting connection-mark=wan1 in-interface=bridge1 new-routing-mark=wan1-mark
add action=mark-routing chain=prerouting connection-mark=wan2 in-interface=bridge1 new-routing-mark=wan2-mark
add action=mark-routing chain=prerouting connection-mark=wan3 in-interface=bridge1 new-routing-mark=wan3-mark
add action=mark-routing chain=output connection-mark=wan1 new-routing-mark=wan1-mark
add action=mark-routing chain=output connection-mark=wan2 new-routing-mark=wan2-mark
add action=mark-routing chain=output connection-mark=wan3 new-routing-mark=wan3-mark
add chain=prerouting dst-address=112.65.129.0/24 in-interface=bridge1
add chain=prerouting dst-address=140.206.103.0/24 in-interface=bridge1
add chain=prerouting dst-address=220.248.18.0/24 in-interface=bridge1
add action=mark-routing chain=prerouting dst-address-list=!cnlist dst-address-type=!local new-routing-mark=l2tp passthrough=yes src-address-list=local
Here is my new PCC rules
/ip firewall mangle
add action=accept chain=prerouting dst-address-list=lan src-address-list=lan
add action=mark-connection chain=input connection-mark=no-mark in-interface=ether2-wan1 new-connection-mark=wan1 passthrough=no
add action=mark-connection chain=input connection-mark=no-mark in-interface=ether3-wan2 new-connection-mark=wan2 passthrough=no
add action=mark-connection chain=input connection-mark=no-mark in-interface=ether4-wan3 new-connection-mark=wan3 passthrough=no
add action=mark-routing chain=output connection-mark=wan1 new-routing-mark=wan1-mark passthrough=no
add action=mark-routing chain=output connection-mark=wan2 new-routing-mark=wan2-mark passthrough=no
add action=mark-routing chain=output connection-mark=wan3 new-routing-mark=wan3-mark passthrough=no
add action=mark-connection chain=forward connection-mark=no-mark in-interface=ether2-wan1 new-connection-mark=wan1-to-lan passthrough=no
add action=mark-connection chain=forward connection-mark=no-mark in-interface=ether3-wan2 new-connection-mark=wan2-to-lan passthrough=no
add action=mark-connection chain=forward connection-mark=no-mark in-interface=ether4-wan3 new-connection-mark=wan3-to-lan passthrough=no
add action=mark-routing chain=prerouting connection-mark=wan1-to-lan new-routing-mark=wan1-mark passthrough=no src-address-list=lan
add action=mark-routing chain=prerouting connection-mark=wan2-to-lan new-routing-mark=wan2-mark passthrough=no src-address-list=lan
add action=mark-routing chain=prerouting connection-mark=wan3-to-lan new-routing-mark=wan3-mark passthrough=no src-address-list=lan
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!lan dst-address-type=!local new-connection-mark=lan-to-wan1 passthrough=yes per-connection-classifier=both-addresses:3/0 src-address-list=lan
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!lan dst-address-type=!local new-connection-mark=lan-to-wan2 passthrough=yes per-connection-classifier=both-addresses:3/1 src-address-list=lan
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=!lan dst-address-type=!local new-connection-mark=lan-to-wan3 passthrough=yes per-connection-classifier=both-addresses:3/2 src-address-list=lan
add action=mark-routing chain=prerouting connection-mark=lan-to-wan1 dst-address-list=!lan new-routing-mark=wan1-mark passthrough=no src-address-list=lan
add action=mark-routing chain=prerouting connection-mark=lan-to-wan2 dst-address-list=!lan new-routing-mark=wan2-mark passthrough=no src-address-list=lan
add action=mark-routing chain=prerouting connection-mark=lan-to-wan3 dst-address-list=!lan new-routing-mark=wan3-mark passthrough=no src-address-list=lan
add action=mark-routing chain=prerouting dst-address-list=!cnlist dst-address-type=!local new-routing-mark=l2tp passthrough=yes src-address-list=local
I've already tried move up the "l2tp rule" column by column, but still not working.
Hope someone could tell me where is the problem.
Thanks.
 
kenyloveg
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 82
Joined: Tue Jul 14, 2009 3:25 pm

Re: L2TP in mangle not working after changed PCC rules

Mon Jan 28, 2019 3:20 pm

ok, I replaced this l2tp rule
add action=mark-routing chain=prerouting dst-address-list=!cnlist dst-address-type=!local new-routing-mark=l2tp passthrough=yes src-address-list=local
with below
add action=mark-connection chain=forward connection-mark=no-mark dst-address-list=!cnlist dst-address-type=!local in-interface=l2tp-out1 new-connection-mark=l2tptolan passthrough=yes src-address-list=local
add action=mark-routing chain=prerouting connection-mark=l2tptolan dst-address-list=!cnlist dst-address-type=!local new-routing-mark=l2tp passthrough=yes src-address-list=local
will report back tomorrow.
Thanks.
 
kenyloveg
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 82
Joined: Tue Jul 14, 2009 3:25 pm

Re: L2TP in mangle not working after changed PCC rules

Tue Jan 29, 2019 3:20 am

Ok, it's not working.
Can someone take a look and help me out?
Thanks.
 
kenyloveg
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 82
Joined: Tue Jul 14, 2009 3:25 pm

Re: L2TP in mangle not working after changed PCC rules

Tue Jan 29, 2019 10:54 am

Ok, I've managed it to work now.
modified rules are below, hope this will help others having the same problem.
add action=mark-connection chain=prerouting new-connection-mark=l2tptolan passthrough=yes
add action=mark-routing chain=prerouting connection-mark=l2tptolan dst-address-list=!cnlist dst-address-type=!local new-routing-mark=l2tp passthrough=no src-address-list=local

Who is online

Users browsing this forum: Bing [Bot], muhammadhelmi2505 and 235 guests