Community discussions

MikroTik App
 
papayeya
just joined
Topic Author
Posts: 18
Joined: Thu Apr 28, 2022 3:55 am

PCC load balancing on OS7 + Hotspot + VPN for Radius athuntication

Sun Nov 10, 2024 11:46 pm

Dear All,

I am a begginer and need your help.

I have Mikrotik with OS7.

I want to connect to WAN lines to it to carry load balancing + load failure

I also have a VPN connection that is being used to communicate with the remote Radius server using ports 1812, 1813 and 1700

WAN 1 IP: 196.22.54.138/30
WAN2: IP: 192.168.1.1
VPN Local IP: 192.168.200.232 and VPN Server IP: 192.168.200.1
Radius Server: 192.168.10.243

Currently 1 WAN is being connected and VPN is working fine no problem. I want to add a 2nd WAN to load balance it.

I followed the official video on youtube here "https://www.youtube.com/watch?v=nlb7XAv ... 9zNw%3D%3D"

however when I was done. The hotspot page didn't open to the users not sure why?

Can you help me please.

BR
Ahmed
Top
plisken
Forum Guru
Forum Guru
Posts: 2511
Joined: Sat May 14, 2011 11:24 pm
Location: Belgium
Contact: Contact plisken
Re: PCC load balancing on OS7
Post by plisken » Mon Jun 10, 2024 4:34 pm

Try this one
https://youtu.be/LPKzelijfeQ
Top
User avatar
anav
Forum Guru
Forum Guru
Posts: 21392
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact: Contact anav
Re: PCC load balancing on OS7
Post by anav » Mon Jun 10, 2024 4:39 pm

IF the second video does not get you all the way, then post your config
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc.)

Confirm users are coming inbound on the VPN to your router ( mikrotik is hosting VPN using its services ) not to servers on the lan.
Top
papayeya
just joined
Posts: 16
Joined: Thu Apr 28, 2022 2:55 am
Re: PCC load balancing on OS7
Post by papayeya » Fri Nov 08, 2024 4:01 pm

Apologies I did not receive or missed a notification that you guys replied to my post.

Now my PCC + Hotspot is working fine however one last issue I couldn't resolve it


I have

1- 2 WANs (2 Starlinks terminals one is 192.168.1.0/24) loaded balanced using PCC

2- Hotspot + Remote Radius Server for Hotspot Authentication.

MK Router is connected to the Radius using VPN. (VPN is used only to connect Hotspot with the Remote Radius Server for authentication only)

After configuring the PCC as soon as I connect the 2nd WAN link to the Mikrtoik, VPN goes down.

Basically, VPN works well only if 1 WAN is connected.

Below is the Mikrotik Config




/interface bridge add name=Hotspot
/interface ethernet set [ find default-name=ether1 ] comment=WAN1 name=WAN1
/interface ethernet set [ find default-name=ether2 ] comment=WAN2 name=WAN2
/ip hotspot profile add dns-name=netvsat.hotspot hotspot-address=10.0.0.1 html-directory=hotspot3 login-by=cookie,http-chap,http-pap,mac-cookie name=hsprof1 radius-interim-update=2m use-radius=yes
/ip pool add name=hs-pool-13 ranges=10.0.0.2-10.0.255.254
/ip dhcp-server add address-pool=hs-pool-13 interface=Hotspot name=dhcp1
/ip hotspot add address-pool=hs-pool-13 addresses-per-mac=1 disabled=no interface=Hotspot name=hotspot1 profile=hsprof1
/port set 0 name=serial0
/interface sstp-client add authentication=mschap2 connect-to=185.155.X97.XX disabled=no keepalive-timeout=10 name=SSTP-TO-RADIUS profile=default-encryption user=RB-3011-Dalgo-PCC
/routing table add disabled=no fib name=ISP1
/routing table add disabled=no fib name=ISP2
/interface bridge port add bridge=Hotspot interface=ether3
/interface bridge port add bridge=Hotspot interface=ether4
/interface bridge port add bridge=Hotspot interface=ether5
/interface bridge port add bridge=Hotspot interface=ether6
/interface bridge port add bridge=Hotspot interface=ether7
/interface bridge port add bridge=Hotspot interface=ether8
/interface bridge port add bridge=Hotspot interface=ether9
/interface bridge port add bridge=Hotspot interface=ether10
/ip neighbor discovery-settings set discover-interface-list=!dynamic
/ip address add address=10.0.0.1/16 interface=Hotspot network=10.0.0.0
/ip cloud set ddns-enabled=yes
/ip dhcp-client add add-default-route=no interface=WAN1
/ip dhcp-client add interface=WAN2

/ip dhcp-server network add address=10.0.0.0/16 comment="hotspot network" gateway=10.0.0.1
/ip dns set servers=8.8.8.8,8.8.4.4

/ip firewall filter add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
/ip firewall mangle add action=change-ttl chain=postrouting new-ttl=set:1 out-interface=Hotspot passthrough=yes
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new in-interface=WAN1 new-connection-mark=ISP1_conn passthrough=yes
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new in-interface=WAN2 new-connection-mark=ISP2_conn passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=ISP1_conn new-routing-mark=ISP1 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=ISP2 passthrough=yes
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new dst-address-type=!local hotspot=auth in-interface=Hotspot new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=src-address-and-port:2/0
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new dst-address-type=!local hotspot=auth in-interface=Hotspot new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=src-address-and-port:2/1
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ISP1_conn in-interface=Hotspot new-routing-mark=ISP1 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ISP2_conn in-interface=Hotspot new-routing-mark=ISP2 passthrough=yes
/ip firewall nat add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
/ip firewall nat add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=10.0.0.0/16

/ip hotspot user add name=admin
/ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route add disabled=no dst-address=192.168.200.0/24 gateway=192.168.200.1 routing-table=main suppress-hw-offload=no
/ip route add disabled=no distance=1 dst-address=192.168.10.0/24 gateway=192.168.200.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=WAN1 routing-table=ISP1 suppress-hw-offload=no
/ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=WAN2 pref-src="" routing-table=ISP2 scope=30 suppress-hw-offload=no target-scope=10
/ip route add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=WAN2 pref-src="" routing-table=main suppress-hw-offload=no
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=WAN1 routing-table=main suppress-hw-offload=no
/ip route add disabled=no distance=1 dst-address=185.155.X97.XX/32 gateway=WAN2 routing-table=*402 scope=30 suppress-hw-offload=no target-scope=10
/radius add address=192.168.200.253 disabled=yes require-message-auth=no service=hotspot src-address=192.168.200.186 timeout=3s
/radius add address=192.168.10.242 require-message-auth=no service=hotspot src-address=192.168.200.186 timeout=3s
/radius incoming set accept=yes port=1700
/system clock set time-zone-name=Africa/Kigali
/system identity set name=Mikrotik-Dalgo-PCC
/system note set show-at-login=no
/system ntp client set enabled=yes
/system ntp client servers add address=time.google.com
/system ntp client servers add address=time.windows.com
/system routerboard settings set enter-setup-on=delete-key

PCC with VPN Diagram.jpg

Attached is the Diagram of the scenario

Question: How to make the VPN connection to the Radius server to work with PCC using 2 WANs ?
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: anonyfous, micyd and 13 guests