Community discussions

MikroTik App
 
tchekAmar
just joined
Topic Author
Posts: 5
Joined: Sun Apr 04, 2021 4:02 pm
Location: Douala
Contact:

Establish 2 OPENVPN Client Connections over 2 WAN link simultaneously

Sat Sep 17, 2022 5:22 pm

Hello guys,

I need to do WAN Bonding with Mikrotik router and a cloud router with only one public IP address, i am unable to make the Mikrotik router establish 2 VPN connections to the cloud server over the 2 WAN at the same time.

I tried Mangle but it's not working. The Mikrotik router is always establishing the 2 VPN connections over WAN 1 or WAN 2.

I want to have
Mikrotik router VPN 1 -> WAN 1 -> Cloud (41.41.41.41)
Mikrotik router VPN 2 -> WAN 2 -> Cloud (41.41.41.41)

Any advises on how i can do this ?

The image below tho illustrate my network diagram.
archi.png
Thanks
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Establish 2 OPENVPN Client Connections over 2 WAN link simultaneously  [SOLVED]

Sat Sep 17, 2022 5:56 pm

I tried Mangle but it's not working. The Mikrotik router is always establishing the 2 VPN connections over WAN 1 or WAN 2.
You haven't shown what exactly you have configured in mangle and where.

First, to handle packets sent by the Mikrotik itself, you have to use chain output of mangle.

Second, /interface ovpn-client doesn't allow to specify which local address to use for a given connection, so to use different WANs for the different connections, you have to distinguish between them up to some other property than the source address. Since both connect to the same remote IP address, you have to specify a different port value for each connection, so that the action=mark-routing rule in mangle could match on dst-port. And to let the connection to the other port succeed, you have to use an action=dst-nat rule at the CHR to redirect the packets coming to that other port back to the one at which the server is actually listening.

If the CHR wasn't under your administration, you would have to use a hairpin IPIP tunnel and yet another routing table at the 2011 so that you could use that action=dst-nat rule already there.
 
tchekAmar
just joined
Topic Author
Posts: 5
Joined: Sun Apr 04, 2021 4:02 pm
Location: Douala
Contact:

Re: Establish 2 OPENVPN Client Connections over 2 WAN link simultaneously

Mon Sep 19, 2022 11:59 am

Thanks sindy for your input.

I haved successfully managed to re-route traffic on WAN 1 & WAN 2.

For those who will need to know how to do it :
1- As Sindy said, we have to mangle the traffic of the router specificly (destination port identification)
/ip firewall mangle
add chain=output protocol=tcp  dst-port=1196 action=mark-connection connection-mark=ISP2_conn comment="To ISP2"
2- Then we change the routing table (assuming that you have build routing table to_ISP1 for WAN1 and to_ISP2 for WAN2)
/ip firewall mangle 
add chain=output connection-mark=ISP2_conn  action=mark-routing connection-mark=to_ISP2 comment="Route in  WAN2 Table"
Thanks again

Who is online

Users browsing this forum: Bing [Bot], JohnTRIVOLTA, marcelofares, patrikg and 78 guests