Apologies I did not receive or missed a notification that you guys replied to my post.
Now my PCC + Hotspot is working fine however one last issue I couldn't resolve it
I have
1- 2 WANs (2 Starlinks terminals one is 192.168.1.0/24) loaded balanced using PCC
2- Hotspot + Remote Radius Server for Hotspot Authentication.
MK Router is connected to the Radius using VPN. (VPN is used only to connect Hotspot with the Remote Radius Server for authentication only)
After configuring the PCC as soon as I connect the 2nd WAN link to the Mikrtoik, VPN goes down.
Basically, VPN works well only if 1 WAN is connected.
Below is the Mikrotik Config
/interface bridge add name=Hotspot
/interface ethernet set [ find default-name=ether1 ] comment=WAN1 name=WAN1
/interface ethernet set [ find default-name=ether2 ] comment=WAN2 name=WAN2
/ip hotspot profile add dns-name=netvsat.hotspot hotspot-address=10.0.0.1 html-directory=hotspot3 login-by=cookie,http-chap,http-pap,mac-cookie name=hsprof1 radius-interim-update=2m use-radius=yes
/ip pool add name=hs-pool-13 ranges=10.0.0.2-10.0.255.254
/ip dhcp-server add address-pool=hs-pool-13 interface=Hotspot name=dhcp1
/ip hotspot add address-pool=hs-pool-13 addresses-per-mac=1 disabled=no interface=Hotspot name=hotspot1 profile=hsprof1
/port set 0 name=serial0
/interface sstp-client add authentication=mschap2 connect-to=185.155.X97.XX disabled=no keepalive-timeout=10 name=SSTP-TO-RADIUS profile=default-encryption user=RB-3011-Dalgo-PCC
/routing table add disabled=no fib name=ISP1
/routing table add disabled=no fib name=ISP2
/interface bridge port add bridge=Hotspot interface=ether3
/interface bridge port add bridge=Hotspot interface=ether4
/interface bridge port add bridge=Hotspot interface=ether5
/interface bridge port add bridge=Hotspot interface=ether6
/interface bridge port add bridge=Hotspot interface=ether7
/interface bridge port add bridge=Hotspot interface=ether8
/interface bridge port add bridge=Hotspot interface=ether9
/interface bridge port add bridge=Hotspot interface=ether10
/ip neighbor discovery-settings set discover-interface-list=!dynamic
/ip address add address=10.0.0.1/16 interface=Hotspot network=10.0.0.0
/ip cloud set ddns-enabled=yes
/ip dhcp-client add add-default-route=no interface=WAN1
/ip dhcp-client add interface=WAN2
/ip dhcp-server network add address=10.0.0.0/16 comment="hotspot network" gateway=10.0.0.1
/ip dns set servers=8.8.8.8,8.8.4.4
/ip firewall filter add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
/ip firewall mangle add action=change-ttl chain=postrouting new-ttl=set:1 out-interface=Hotspot passthrough=yes
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new in-interface=WAN1 new-connection-mark=ISP1_conn passthrough=yes
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new in-interface=WAN2 new-connection-mark=ISP2_conn passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=ISP1_conn new-routing-mark=ISP1 passthrough=yes
/ip firewall mangle add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=ISP2 passthrough=yes
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new dst-address-type=!local hotspot=auth in-interface=Hotspot new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=src-address-and-port:2/0
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new dst-address-type=!local hotspot=auth in-interface=Hotspot new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=src-address-and-port:2/1
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ISP1_conn in-interface=Hotspot new-routing-mark=ISP1 passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=ISP2_conn in-interface=Hotspot new-routing-mark=ISP2 passthrough=yes
/ip firewall nat add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
/ip firewall nat add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=10.0.0.0/16
/ip hotspot user add name=admin
/ip ipsec profile set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route add disabled=no dst-address=192.168.200.0/24 gateway=192.168.200.1 routing-table=main suppress-hw-offload=no
/ip route add disabled=no distance=1 dst-address=192.168.10.0/24 gateway=192.168.200.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=WAN1 routing-table=ISP1 suppress-hw-offload=no
/ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=WAN2 pref-src="" routing-table=ISP2 scope=30 suppress-hw-offload=no target-scope=10
/ip route add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=WAN2 pref-src="" routing-table=main suppress-hw-offload=no
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=WAN1 routing-table=main suppress-hw-offload=no
/ip route add disabled=no distance=1 dst-address=185.155.X97.XX/32 gateway=WAN2 routing-table=*402 scope=30 suppress-hw-offload=no target-scope=10
/radius add address=192.168.200.253 disabled=yes require-message-auth=no service=hotspot src-address=192.168.200.186 timeout=3s
/radius add address=192.168.10.242 require-message-auth=no service=hotspot src-address=192.168.200.186 timeout=3s
/radius incoming set accept=yes port=1700
/system clock set time-zone-name=Africa/Kigali
/system identity set name=Mikrotik-Dalgo-PCC
/system note set show-at-login=no
/system ntp client set enabled=yes
/system ntp client servers add address=time.google.com
/system ntp client servers add address=time.windows.com
/system routerboard settings set enter-setup-on=delete-key
PCC with VPN Diagram.jpg
Attached is the Diagram of the scenario
Question: How to make the VPN connection to the Radius server to work with PCC using 2 WANs ?
You do not have the required permissions to view the files attached to this post.