Hi,
I have Mikrotik Version 7.1.1 ( https://mikrotik.com/product/rb4011igs_5hacq2hnd_in ) with 2 WireGuard VPS active and also 2 Gateways Active both PPPOE,
how can i pick which gateway wireguard is using ?
Thanks
Hi Sindy,If I get you right, you want one Wireguard connection to use one of the PPPoE links/accounts and the other Wireguard connection to use the other PPPoE link? The complexity of doing that depends on how the ISPs have set up the PPPoE connections.
If you get the same IP address of gateway at both connections, you have to set add-default-route=no on the /interface pppoe-client rows and add the routes manually, with gateway=pppoe-out-interface-name.
The next question is whether the addresses of the remote wireguard peers are specified as fqdns (such as uk.thevpnservice.com) or as direct IP addresses. If they are plain IP addresses, a route to that particular address with the corresponding pppoe-out-interface-name as gateway is enough for each connection to use the proper link; if they are specified as fqdns, you will need to
- keep an up-to-date list of all IP addresses to which the fqdns resolve:
/ip firewall address-list
add list=vpn-uk address=uk.thevpnservice.com
add list=vpn-us address=us.anothervpnservice.com
- use mangle rules to choose a routing table depending on the destination address being on the list:
/ip firewall mangle
add chain=output dst-address-list=vpn-uk action=mark-routing new-routing-mark=via-pppoe-1
add chain=output dst-address-list=vpn-us action=mark-routing new-routing-mark=via-pppoe-2
- create the corresponding routing tables consisting of a single default route each:
/ip route
add gateway=pppoe-out-1 routing-mark=via-pppoe-1
add gateway=pppoe-out-1 routing-mark=via-pppoe-2- make sure that some action=masquerade rule will act on packets leaving both via pppoe-1 and pppoe-2