Mark the connection instead for the connections that should be sent through the VPN. It is separate from a packet mark and will be applied to all packets that are part of the connection. I can't think of a scenario where you would want to send some packets for a specific connection over a VPN, but not others.I'm going to have a setup where I have a split-tunnel VPN and a queue tree. The split-tunnel will use mangle rules to mark packets that should get sent through the VPN, but the problem is that the queue tree also uses packet marks for QoS. Is there a way to add multiple marks to a packet/connection or will I have to add a VPN route for each kind of packet mark used for the queue?
You have to use mark routing for that, yes, but you can mark routing based on the connection-mark as a matching criteria. I assumed you meant that you currently had a mark-routing rule using the packet-mark as a matching criteria and I was just letting you know that you can use connection-mark instead for that purpose.Would the "mark routing" feature work for this as well? The Mik router has some webservers behind it so I need to be able to differentiate between traffic destined toward regular website visitors and outbound traffic that's supposed to go through the VPN.