Community discussions

 
SJB
just joined
Topic Author
Posts: 12
Joined: Sat Mar 16, 2019 7:56 pm

OVPN + policy routing issue

Sun Sep 08, 2019 9:43 pm

Hi all; I'd like to post an issue I'm having with my OVPN setup.
Short explanation; I have 2 WAN's , 1 LAN and 1 OVPN connection + PCC load balancing.
When logging into the router (Hex-s)with all WAN's up and running I'm well able to ping an address which is to be reached through the OVPN tunnel (10.0.0.3) only. From any workstation on the LAN however this is impossible (no ping)
If I bring down WAN2 I am able to ping the 10.0.0.3 from any ws. Beats me why this is impossible with both WAN;s running.
What do I need to change to make this 10.0.0.3 / tunnel reachable from the ws at any time with both WAN's up.
If necessary to allocate a WAN to the tunnel I'd like the tunnel to run over WAN_EOLO.
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 4545
Joined: Mon Apr 20, 2009 9:11 pm

Re: OVPN + policy routing issue

Mon Sep 09, 2019 2:45 am

Either make this your first mangle rule, so connections to 10.0.0.3 won't get marked by PCC:
/ip firewall mangle
add action=accept chain=prerouting in-interface=bridge dst-address=10.0.0.3
Or tell the router that 10.0.0.3 should be only looked up in main routing table, no matter what routing mark will packets have:
/ip route rule
add action=lookup-only-in-table dst-address=10.0.0.3/32 table=main
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
SJB
just joined
Topic Author
Posts: 12
Joined: Sat Mar 16, 2019 7:56 pm

Re: OVPN + policy routing issue

Wed Sep 11, 2019 12:09 am

Tks, all working well on basis of adding the specific mangle rule upfront.

Who is online

Users browsing this forum: No registered users and 5 guests