Community discussions

MikroTik App
 
nda72msaber
just joined
Topic Author
Posts: 6
Joined: Sat Sep 24, 2022 5:52 pm

handle two internet

Sat Sep 24, 2022 6:11 pm

hello
im new to mikrotik and in my company i have two internet (one with ip public) and clients wants to have option to choose which internet they want to use at the moment .. so i did this :
i created one address list for each internet ,and
Filter Rule :
Chain = Forward
Dst Address = 2.2.2.2
Protocol = ICMP
Action = Add Src To Address List
Name = ISP2
Timeout : 00:00:05

Mangle Rule :
Chain = PreRouting
Src-Address-List = ISP2
Action = Mark Routing
New Routing Mark = To-ISP2

Route :
0.0.0.0/0 > ISP1

0.0.0.0/0 > ISP2
Mark Routing = To-ISP2

when i ping for example ping 2.2.2.2 it directs me to second internet .. but anydesk will be disconnected.. and cant connect vpn ..hellllllllp plllllls..
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: handle two internet

Sat Sep 24, 2022 11:12 pm

I would tell the clients to go pound sand.
What difference does it make to the uSE Case of the user??

What is reasonable i them stating I would like to maintain an internet connection with minimal interruptions! Thhus you need to ensure that
a. they all have access to the internet on at least one of the WAN connections (primary) using the second as failover OR
b. use both at the same time and share the load of user traffic in a load balance PCC type setup and once again ensure that if one ISP is not available all traffic gets directed to the working ISP WAN.
OR

c. do it the way you have done which is allow the users some false sense of power that they get to choose which ISP is used.
Makes no sense to me what the criteria would be to use a WANIP.
Hmm let me see........... I want to use the slowest internet??
Hmm let me see.......... I want to use the most unstable internet??

In other words, your users will all choose the better internet connection and you will basically be in a primary / failover scenario.

+++++++++++++++++++++++++++++++++++++++++++++++

What I would do is completely avoid mangling.
a. TELL USERS ON SUBNET A - you are using ISP1
b TELL USERS on SUBNET B - you are using ISP2

TELL USERS that if their internet goes down, then they will be directed to the other internet.
THIS can be done without mangling.

How many clients are you talking and are they all on the same subnet? If not can you create a subnet and distribute clients onto subnets...........
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: handle two internet

Sun Sep 25, 2022 12:12 am

If the idea is to use one ISP by default and give users option to switch to the other at will (by pinging "magic" address), it's possible like this. Not ideal, more a hack, but possibly good enough. The problem is that it will affect whole user's address, so not just new connections, but also open ones using default ISP, and depending on your routes also new connections to other local subnets, if there are any. You'd need to work with connections and not all packets, for example:
/ip firewall mangle
add chain=prerouting connection-state=new src-address-list=ISP2 action=mark-connection new-connection-mark=ISP2conn passthrough=yes
add chain=prerouting in-interface=<LAN> connection-mark=ISP2conn action=mark-routing new-routing-mark=To-ISP2
 
nda72msaber
just joined
Topic Author
Posts: 6
Joined: Sat Sep 24, 2022 5:52 pm

Re: handle two internet

Sun Sep 25, 2022 11:04 am

anav
thanks for your reply..
could you pls explain your way more or give me an instruction to do this...
but first of all i have to say i have about 20-30 clients for now i think .. and my lan clients and my wifi client both are in bridge and all the rules applied to the bridge..
if i do it your way could any of the client use each of the net they like whenever they want?
 
nda72msaber
just joined
Topic Author
Posts: 6
Joined: Sat Sep 24, 2022 5:52 pm

Re: handle two internet

Sun Sep 25, 2022 11:08 am

sob
thanks for your help ..
h have a gustion to ask ..by your sentences (The problem is that it will affect whole user's address) you mean all the clients will directs to second one?
ithey want to chose wich intenet they want..
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: handle two internet

Sun Sep 25, 2022 3:35 pm

What I am saying, is that for practical reasons, it becomes very difficult to let clients choose which internet they are going out of.
I dont know any way of doing that, but perhaps Sob and others could figure out a way.

The router in general is not setup that way. The admin directs a SET of users or an individual user or anything in between out either one WAN or another.
Or the admin can ensure that the users have roughly equal access to both WAN connections. I have not seen any configuration that allows the user to choose.

As I stated, why would they want to have to make a choice (they just want internet connection) and two what would they base their decisions on.
You still havent explained why the clients want a choice?? You are still hiding the requirements.

Provide a network diagram so we can see what is going on and provide full config as there are too many questions unanswered.
For instance are the wifi clients getting wifi from an access point connected to an ethernet port on the router or is the router providing both wired and wireless clients.
When you say you have two sets of clients, why not put them on different subnets, LAN (wired clients) on subnet A, or VLAN10 and wifi clients on subnet B or vlan 20 ......
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: handle two internet

Sun Sep 25, 2022 4:43 pm

No, it won't affect all clients, only all packets from one client. The two rules your originally posted:

#1 - watches for ping to 2.2.2.2 and adds client's address to address list
#2 - marks routing for packets from clients listed in address list

So when some client pings 2.2.2.2, its address (whatever it has in LAN, e.g. 192.168.88.20) will be added to list and all further packets from this address will be routed to internet using ISP2 for next five seconds (= the address list timeout). If that's the goal, it will work.

But if there's some already established connection from this client to remote server (e.g. VPN) using ISP1, its packets will also be routed to ISP2 and connection will break. And same problem will be if you switch to ISP2 and establish such connection that should stay open. Once the address times out and gets removed from list, all packets will go to ISP1 again and this connection will break too.

But if you mark new connections, they will stick to ISP that was active when they were established.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: handle two internet

Sun Sep 25, 2022 4:46 pm

Great Sob, and what if tomorrow the client wants to go out the other internet, does he ping 3.3.3.3 and then gets added to another address list, BUT BUT BUT the user is already on another address list when he pinged 2.2.2.2

Stop going down a rabbit hole you are creating and find out the facts first. ( glad I know at least one person from czechia who is sane LOL otherwise I might get the wrong impression )
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: handle two internet

Sun Sep 25, 2022 5:15 pm

There's timeout, currently 5 seconds, after that it will automatically switch back. And hey, I wrote it first time that it's not ideal. It could be good enough e.g. if you need to use one ISP most of the time, and only from time to time use another to connect to some service that's restricted to IP address of second ISP. Then it could be ok solution.

But of course providing more details about what's actually required is good idea.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: handle two internet

Sun Sep 25, 2022 5:17 pm

Concur!
But imagine, every user has to ping an IP address first before going out to the internet........ seems weird to me. Like I said, the OP is not being honest with whats driving requirements.
 
gotsprings
Forum Guru
Forum Guru
Posts: 2102
Joined: Mon May 14, 2012 9:30 pm

Re: handle two internet

Sun Sep 25, 2022 6:45 pm

The problem of getting stuck on how... Ignoring WHY.

Mikrotik needs a MPTCP solution.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: handle two internet

Sun Sep 25, 2022 7:25 pm

What does MPTCP solve regarding what the user wants to solve in this topic? (giving an option to clients to choose the ISP they go out with) ?
 
gotsprings
Forum Guru
Forum Guru
Posts: 2102
Joined: Mon May 14, 2012 9:30 pm

Re: handle two internet

Sun Sep 25, 2022 9:53 pm

What does MPTCP solve regarding what the user wants to solve in this topic? (giving an option to clients to choose the ISP they go out with) ?
Because if we had a way to properly combine the 2 ISPs... There would be no need to "either or" it.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: handle two internet

Sun Sep 25, 2022 10:23 pm

But that's what that client wants.. to choose.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: handle two internet

Sun Sep 25, 2022 11:09 pm

or more accurately, the OP/admin wants to be able to let the users choose which internet connection, door number 1 or door number 2, if it makes no sense to you, then we are in the same boat and hence, there are hidden requirements not being communicated, or the OP doesnt understand networking.
 
gotsprings
Forum Guru
Forum Guru
Posts: 2102
Joined: Mon May 14, 2012 9:30 pm

Re: handle two internet

Mon Sep 26, 2022 12:26 am

or more accurately, the OP/admin wants to be able to let the users choose which internet connection, door number 1 or door number 2, if it makes no sense to you, then we are in the same boat and hence, there are hidden requirements not being communicated, or the OP doesnt understand networking.
A long time ago... I made 2 SSIDs. Each SSID had the name of the ISP. You had to connect to one or the other.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: handle two internet

Mon Sep 26, 2022 12:34 am

Thats an interesting approach, thanks for outside the box thinking...........

If the clients are all wifi, then this could work............. again, waiting for the OP to care about the thread he started.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: handle two internet

Mon Sep 26, 2022 12:47 am

Two gateways are also possible (e.g. 192.168.88.1 to use ISP1 and 192.168.88.2 to use ISP2), but not very flexible, because it requires reconfiguring of connected device.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: handle two internet

Mon Sep 26, 2022 1:38 am

Well you know me, that would quickly be vlan10 and vlan20 LOL.
 
nda72msaber
just joined
Topic Author
Posts: 6
Joined: Sat Sep 24, 2022 5:52 pm

Re: handle two internet

Mon Sep 26, 2022 11:38 am

What I am saying, is that for practical reasons, it becomes very difficult to let clients choose which internet they are going out of.
I dont know any way of doing that, but perhaps Sob and others could figure out a way.

The router in general is not setup that way. The admin directs a SET of users or an individual user or anything in between out either one WAN or another.
Or the admin can ensure that the users have roughly equal access to both WAN connections. I have not seen any configuration that allows the user to choose.

As I stated, why would they want to have to make a choice (they just want internet connection) and two what would they base their decisions on.
You still havent explained why the clients want a choice?? You are still hiding the requirements.

Provide a network diagram so we can see what is going on and provide full config as there are too many questions unanswered.
For instance are the wifi clients getting wifi from an access point connected to an ethernet port on the router or is the router providing both wired and wireless clients.
When you say you have two sets of clients, why not put them on different subnets, LAN (wired clients) on subnet A, or VLAN10 and wifi clients on subnet B or vlan 20 ......
you khnow clients wants this becaues we try pcc and net watch and none of them doesnt work well an we live in iran so we have internet issues alot...thats why clients exactly undrestand the speed or stability of net so the manager insist on letting them to choose which net...
yes the router providing both wired and wireless clients.(dhcp) and i use the wifi of the router itself for now becauese our company has just one floor..
all i want from the mikrotic is this and pptp vpn ..you want confige of mikrotic?
 
nda72msaber
just joined
Topic Author
Posts: 6
Joined: Sat Sep 24, 2022 5:52 pm

Re: handle two internet

Mon Sep 26, 2022 11:48 am

No, it won't affect all clients, only all packets from one client. The two rules your originally posted:

#1 - watches for ping to 2.2.2.2 and adds client's address to address list
#2 - marks routing for packets from clients listed in address list

So when some client pings 2.2.2.2, its address (whatever it has in LAN, e.g. 192.168.88.20) will be added to list and all further packets from this address will be routed to internet using ISP2 for next five seconds (= the address list timeout). If that's the goal, it will work.

But if there's some already established connection from this client to remote server (e.g. VPN) using ISP1, its packets will also be routed to ISP2 and connection will break. And same problem will be if you switch to ISP2 and establish such connection that should stay open. Once the address times out and gets removed from list, all packets will go to ISP1 again and this connection will break too.

But if you mark new connections, they will stick to ISP that was active when they were established.
yes i think somehow i did this too..
Filter Rule :
Chain = Forward
Dst Address = 2.2.2.2
Protocol = ICMP
Action = Add Src To Address List
Name = ISP2
Timeout : 00:00:05

Mangle Rule :
Chain = PreRouting
Src-Address-List = ISP2
Action = Mark Routing
New Routing Mark = To-ISP2

Route :
0.0.0.0/0 > ISP1

0.0.0.0/0 > ISP2
Mark Routing = To-ISP2.

on which part did i go wrong??and i should just isp2 has public ip..

and in one of your reply you said i can have two gateway ..is it better than this way ?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: handle two internet

Mon Sep 26, 2022 4:44 pm

I get that the clients want this or that........ but my less than educated opinon is this -----> It will not matter what plan you have. Internet experience for your users will be crappy regardless.
If PCC isnt working, not because you didnt set it up properly, but because both your internets are unstable, then why would any other plan work.

In fact, lets look at a scenario.
a. Morning, ISP1 is working great and ISP2 is working lousy, everyone sends each other emails, hey ISP1 is better. Then all user go to ISP1 and it becomes saturated and probably less useable and stable.
b. Morning. For 30 minutes ISP1 becomes very flaky and everyone switches to ISP2..........
and on and on an on.

I just dont see any solution that is going to overcome lousy internet and making your customers chase a good connection is a fools game.
 
gotsprings
Forum Guru
Forum Guru
Posts: 2102
Joined: Mon May 14, 2012 9:30 pm

Re: handle two internet

Mon Sep 26, 2022 10:15 pm

Anav...

This is what I want trying speedify for. It was using both connections at once and rather than PCC... It could actually put the same traffic down both feeds. So FAILOVER was completely seamless to users. Also they didn't have to be aware which feed they were on as they "didn't have to know". There was also some packet/stream/location identification going on so traffic was handled differently depending on what it was.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: handle two internet

Tue Sep 27, 2022 3:53 am

That seems to be app based on devices not router based??
 
gotsprings
Forum Guru
Forum Guru
Posts: 2102
Joined: Mon May 14, 2012 9:30 pm

Re: handle two internet

Tue Sep 27, 2022 4:13 am

That seems to be app based on devices not router based??
I was running it on a Ubuntu box with several network interfaces.

I put that in moth balls, while I tried out Openmptcprouter.

Since then, I found a project called smoothwan.

All because I don't like paying so much for BigLeaf. Which costs more than 10 times as much??? But it works.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: handle two internet

Wed Sep 28, 2022 6:23 am

@nda72msaber: Back on topic, I already explained what's wrong with your two mangle rules, please try to read it again, I'm not sure if I can explain it any better. That said, if it was up to me, I would probably take completely different approach - proxy servers.

Set up e.g. two SOCKS servers (you'd need more devices for that, single MikroTik router can't do it, unless you'd use containers) and configure routing so that one uses ISP1 and another uses ISP2. Clients can then easily choose which one to use. There are either simple proxy switchers for web browsers, or they can have two independent browsers, each using different proxy, so they can use both at the same time. It's simple and relatively user friendly.
 
nda72msaber
just joined
Topic Author
Posts: 6
Joined: Sat Sep 24, 2022 5:52 pm

Re: handle two internet

Fri Sep 30, 2022 12:11 pm

@sob
thanks alot for all your help .. what about i do it this way .. setup a vpn so clients to get access to 2nd internet with vpn..?
and could you pls suggest your ways with url or explain how to setup them...???
for example you said use two gateway how is it possible? how i can do that?
pls give me more details..
 
gotsprings
Forum Guru
Forum Guru
Posts: 2102
Joined: Mon May 14, 2012 9:30 pm

Re: handle two internet

Fri Dec 09, 2022 3:23 pm

ANAV
That seems to be app based on devices not router based??
Its up and running now. Have it running on the small forum computer sitting infront of my hAP AC2.

The small computer is running Ubuntu and Speedify.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: handle two internet

Fri Dec 09, 2022 6:20 pm

ANAV
That seems to be app based on devices not router based??
Its up and running now. Have it running on the small forum computer sitting infront of my hAP AC2.

The small computer is running Ubuntu and Speedify.
interesting......... but im windows guy LOL.
 
gotsprings
Forum Guru
Forum Guru
Posts: 2102
Joined: Mon May 14, 2012 9:30 pm

Re: handle two internet

Fri Dec 09, 2022 9:52 pm

Connectify.

You turn your PC into the bonder.

Who is online

Users browsing this forum: Ahrefs [Bot], Amazon [Bot], EmuAGR, ppawe, TheCat12, truefriendcz and 76 guests