Community discussions

MikroTik App
 
markdutton
newbie
Topic Author
Posts: 48
Joined: Fri Sep 24, 2010 4:59 am

Multi WAN both on DHCP

Tue Dec 21, 2021 3:45 am

Hi brains trust

I have 2 WAN connections and both are DHCP. As the gateway addresses are not always the same, they are not P2P (interfaced based) and the routes themselves are dynamic, I have no solid reference to create any sort of policy based routing.

Ideally, it would be great if you could nominate a routing table name in the dhcp client settings under the default route and metric options.

Is there a way to use policy routing/mangle rules with 2 DHCP client based WAN connections now? I assume a bit of scripting is involved. I also assume there is no way to trigger script as an action in any of the firewall rules? I am a bit lost with this.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Multi WAN both on DHCP  [SOLVED]

Tue Dec 21, 2021 5:36 am

It's not difficult, just pretend that you have static config, add everything you need, and then use dhcp lease script to update dynamic values. For example, you can have route like this:
/ip route
add comment=dhcp1 disabled=yes distance=1 gateway=1.2.3.4 routing-mark=wan1
And this simple lease script:
:if ($bound=1) do={
  /ip route set [find where comment="dhcp1"] gateway=$"gateway-address" disabled=no
} else={
  /ip route set [find where comment="dhcp1"] disabled=yes
}
 
markdutton
newbie
Topic Author
Posts: 48
Joined: Fri Sep 24, 2010 4:59 am

Re: Multi WAN both on DHCP

Wed Dec 22, 2021 2:37 am

Thanks Sob. That was the key. I didn't know there was a variable to pick up. It works perfectly.

Cheers.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Multi WAN both on DHCP

Wed Dec 22, 2021 3:03 am

Okay Sob please explain this thread cannot make heads or tails out of it.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Multi WAN both on DHCP

Wed Dec 22, 2021 5:59 pm

@anav: Seriously? I'm sure you know multi-WAN and policy routing, or at least you met it several times. You even have it at home, if I remember correctly. The only problem is that examples like https://wiki.mikrotik.com/wiki/Manual:PCC use static config. So here you have simple example, how to fix it for use with dhcp. And don't you dare to ask about the script, it's the same thing I use everywhere. :)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Multi WAN both on DHCP

Wed Dec 22, 2021 6:54 pm

@anav: Seriously? I'm sure you know multi-WAN and policy routing, or at least you met it several times. You even have it at home, if I remember correctly. The only problem is that examples like https://wiki.mikrotik.com/wiki/Manual:PCC use static config. So here you have simple example, how to fix it for use with dhcp. And don't you dare to ask about the script, it's the same thing I use everywhere. :)
Do you mean the only difference here is that they use static WANS and this chap is concerned about Dynamic WAN (IPs)?
If so, then I am good, DHCP confused me.............. but no longer...... now off to that other thread to ask the very same question........ some weird request LOL
 
User avatar
BrianRS
newbie
Posts: 28
Joined: Thu May 12, 2022 1:57 pm
Location: UK

Re: Multi WAN both on DHCP

Mon Mar 20, 2023 4:38 pm

Hello all,

I have this need also, but I can't figure out how to make use of this script,
See the attached 2 instances where I had to manually update the gateway on my 2 routes.
Any assistance will be greatly appreciated.

Many thanks,
B
You do not have the required permissions to view the files attached to this post.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3255
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Multi WAN both on DHCP

Mon Mar 20, 2023 6:05 pm

One of the routes needs comment that says "dhcp1" for the script.

And if you have two copies of the script, you'd want to change the 2nd script to use "dhcp2" as a comment to look for in the IP > DHCP Client. And add that as an comment on that route you want it changing.

[edit: /ip/routes is what needs the comments]
 
User avatar
BrianRS
newbie
Posts: 28
Joined: Thu May 12, 2022 1:57 pm
Location: UK

Re: Multi WAN both on DHCP

Mon Mar 20, 2023 7:13 pm

Thanks @Amm0 for your prompt response...

Am I right in assuming that the comment can be anything as long as I reproduce that comment within the script, or is it a total dependency to use that comment?

My only problem is that whilst one of the routes uses a /32 network (DHCP over the PPPoE interface) and it's straight forward to use it as a gateway, the other route is much more inconsistent, where the advertised network sometime is /28; /29 or /30 so it's trickier to get the next hop (gateway), and so far I got this by connecting via RoMON to my MT RBLHGGR (passthrough mode) and taking that IP from there.

Many thanks,
B
Last edited by BrianRS on Tue Mar 21, 2023 1:04 am, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Multi WAN both on DHCP

Mon Mar 20, 2023 7:16 pm

Yes you are just telling the router where to go by matching the script comment entry with the existing comment entry!

In other words we use the comment block as a tool to create an entry that is unique and found by router during script.
 
User avatar
BrianRS
newbie
Posts: 28
Joined: Thu May 12, 2022 1:57 pm
Location: UK

Re: Multi WAN both on DHCP

Mon Mar 20, 2023 7:25 pm

Thanks @anav for your input.

How about my second point... attempting to dynamically source the gateway for the WAN2 route?

Many thanks,
B
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Multi WAN both on DHCP

Mon Mar 20, 2023 7:31 pm

Outside my scope! jajaja (pun intended)
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3255
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Multi WAN both on DHCP

Mon Mar 20, 2023 7:35 pm

You could use any unique thing in the attributes of the route in the [find ...] part, like dst address, etc. See the [find] in https://help.mikrotik.com/docs/display/ROS/Scripting

Basically you can use this to test the "find" needed – obviously it need to find one result, but you can use multiple attributes in the find to distinguish them. As example, change the attributes so it finds the WAN2:
:put [/ip route get [find gateway=1.1.1.1 scope=10]]; 
You'd take the find part and use that in the script instead of comment=.
 
User avatar
BrianRS
newbie
Posts: 28
Joined: Thu May 12, 2022 1:57 pm
Location: UK

Re: Multi WAN both on DHCP

Tue Mar 21, 2023 2:13 pm

I'm still baffled by the syntax...
So this script that I need to use has to extract this new gateway IP and amend the existing route with the correct one, just extracted, however there's seem to be one line of code in all examples, i.e. either "finding" the required info (GW in my case) or creating a new route (which is what I do not want)
Or am I reading all these examples wrong again...???
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3255
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Multi WAN both on DHCP

Tue Mar 21, 2023 2:45 pm

It's confusing. From the screenshot, looks like you're recursive routing. You don't need a script if you want the dhcp client to add a route with a 0.0.0.0/0 to the obtained IP from DHCP.

However with recursive routing, the default route goes to your canary address (8.8.8.8 in mikrotik's examples). But you need the 8.8.8.8 route to use IP obtained from DHCP (e.g. a WAN IP). So the idea with the script is you do NOT add a default gateway, but instead the script will locate the 8.8.8.8 route, and set the dst address as the DHCP one.

So if you use "Monitor ISP1" and "Monitor ISP2" as the comment field in the script you should be fine. I was providing a richer example, but you just need to update the 1.1.1.1 and 8.8.8.8 routes with the DHCP address – so comment is pretty easy here.
 
User avatar
BrianRS
newbie
Posts: 28
Joined: Thu May 12, 2022 1:57 pm
Location: UK

Re: Multi WAN both on DHCP

Tue Mar 21, 2023 3:32 pm

Hey @Amm0, based on your location, you're up early, or staying up late!

You're right, I am using recursive routing, and I got the fact that I only need to update the existing "Monitor ISPx" route with the new gateway acquired via DHCP client on eth2-WAN2-LTE interface.

So since it's happened (see attached) I am right in using the script as per the following screenshot?
Also within the second screenshot, I'm wondering how am I supposed to update that prerouting accept mange rule although it seems to do nothing given no packets are being captured by it???

After I get the ISP2 sorted, I need to understand how I can do the same for the PPPoE gateway, since I have no DHCP client set/running and there are no scripting options under the interface itself, unless I use the System\Scripts option maybe?

Many thanks,
B
You do not have the required permissions to view the files attached to this post.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3255
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Multi WAN both on DHCP

Tue Mar 21, 2023 4:29 pm

Yeah I substitute RouterOS config for crossword puzzles with the coffee.

Basically you can modify any code in the DHCP client, so you can just add another line in the script for the mangle rule. So if you add the same comment to your firewall rule as your /ip/route, it works the same to update that one. Just another line of config:
:if ($bound=1) do={
  /ip route set [find where comment~"Monitor ISP2"] gateway=$"gateway-address" disabled=no
  /ip firewall mangle set [find comment~"Monitor ISP2"] disabled=no dst-address=$"gateway-address"
} else={
  /ip route set [find where comment~"Monitor ISP2"] disabled=yes
  /ip firewall mangle set [find where comment~"Monitor ISP2"] disabled=yes
}
The "set" updates an existing entry, but it need to locate one... that where the [find xxx] syntax comes from, and it works for any command. The "trick" is to use a comment since that make the script easier than search for specific/unique attributes. Thus a comment provides the fixed reference for the script – so as long as you don't mess with the comment fields this approach works.

Also I did use ~ instead of =
what that does is look for the substring "Monitor ISP2" – just in case a space is added by mistake. The ~ is a regex but functions as a substring search. The = requires the comment text to match exactly.
 
User avatar
BrianRS
newbie
Posts: 28
Joined: Thu May 12, 2022 1:57 pm
Location: UK

Re: Multi WAN both on DHCP

Tue Mar 21, 2023 4:48 pm

Thanks Amm0,

That worked like a charm after releasing the old IP!!
Now before I would kindly ask for your input on the ISP1 scenario, why do you think no packets are being captured by this mangle rule (point 4 in the screenshot attached) considering that both WANs are successfully being used via PCC??
You do not have the required permissions to view the files attached to this post.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3255
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Multi WAN both on DHCP

Tue Mar 21, 2023 5:28 pm

Hard to say exactly. But not a lot of chances for a LTE with CGNAT to get incoming connections to the router. LTE be mostly forwarded traffic from LAN clients, and covered by an established/related in firewall filter.
 
User avatar
BrianRS
newbie
Posts: 28
Joined: Thu May 12, 2022 1:57 pm
Location: UK

Re: Multi WAN both on DHCP

Tue Mar 21, 2023 6:22 pm

OK, thank you Amm0, that makes sense...

Now onto the final point... Where do I start with applying the same/similar script to update the ISP1 route gateway address using the remote address/network from the PPPoE interface?

Many thanks,
B
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3255
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Multi WAN both on DHCP

Tue Mar 21, 2023 7:06 pm

The "PPP Profile" has a script tab. So the PPPoE client has a profile, and the profile has a script tab. Since a lot of things also use the PPP profile... I'd copy the profile you're using today and then add the script to that new one, and use the new one in your specific PPPoE connection to make sure the script is NOT used for other VPN-ish things.

Docs are here for that: https://help.mikrotik.com/docs/display/ROS/PPP+AAA

Basically same script, but I think you need basically need to use $"remote-address" instead in the above, but I'd search the forum for example here.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3255
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Multi WAN both on DHCP

Tue Mar 21, 2023 7:08 pm

BTW @pcunite has been working on docs that pretty much describe your setup to a tee. The doc is still a work-in-progress but may help explain better than my quick summary:
viewtopic.php?p=986112&hilit=Multiwan#p986112
 
User avatar
BrianRS
newbie
Posts: 28
Joined: Thu May 12, 2022 1:57 pm
Location: UK

Re: Multi WAN both on DHCP

Wed Mar 22, 2023 12:06 am

Thanks again @Amm0,

I went with the attached scripts on a copy of the *default PPP profile and I forced the DialOut to use this profile, and by my logic I should be good.
I can't really test as I've got static IP(local address), but I noticed sometimes the remote address changes, so me flicking it on/off now won't prove anything... I'll see as and when it happens, meanwhile I'll have a look over the links you quoted...

Many thanks one more time, I might pick your brains later with a couple of my other issues...
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: akakua, artone, mvz71, yakovz and 75 guests