I am doing a little experiment assigning public IP adresses to remote Tiks via L2TP. The L2TP server is a CHR running version 7.7 in our data center and the clients are also running 7.7.
The problem:
Requests entering on the L2TP client interface is leaving through the clients WAN (ETH1), when it should leave via the L2TP interface. I checked this behavior using the packet sniffer tool. I believe this can be controlled with a couple of mangle rules. I have tried, but it is not working the way I expect it to. What am I doing wrong?
Code: Select all
/ip/firewall/mangle/print
chain=prerouting action=mark-connection new-connection-mark=from-wan-vpn passthrough=yes connection-mark=no-mark in-interface=l2tp-out-wan log=no log-prefix=""
chain=prerouting action=mark-routing new-routing-mark=WAN-VPN passthrough=no connection-mark=from-wan-vpn in-interface=l2tp-out-wan log=no log-prefix=""
Code: Select all
/routing/rule/print
Flags: X - disabled, I - inactive
Code: Select all
/ip route/print where routing-table=WAN-VPN
Flags: A - ACTIVE; s, y - COPY
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
0 As 0.0.0.0/0 10.18.34.1 1