Hello.
I have two ISP and two L2TP connections to remote office.
Each L2TP uses own interface. I've made it for load-balancing.

Used just simple routing for it:
1.1.1.1 gw 2.2.2.2
3.3.3.3 gw 4.4.4.4
1st L2TP connect to 1.1.1.1
2nd L2TP connect to 3.3.3.3

And everything works fine, but when one of the interfaces goes down, it's L2TP reconnect using another interface.
Because specified route becomes unreacheble, and it starts to use default route.

How can I prevent PPP of using another interface?
If it's not possible, can you give me some script to restart PPP, when another route becomes active?

Thank you.

Do you use plain L2TP or L2TP/IPsec? It affects the solution.
For plain L2TP, you would just add

dst-address=1.1.1.1 distance=2 type=blackhole
dst-address=3.3.3.3 distance=2 type=blackhole

So when the "correct" gateway becomes unavailable, a blackhole route with identical dst-address is used, instead of the default route via the other gateway which is used if no more specific route is available.

Do you use plain L2TP or L2TP/IPsec? It affects the solution.
For plain L2TP, you would just add

dst-address=1.1.1.1 distance=2 type=blackhole
dst-address=3.3.3.3 distance=2 type=blackhole

So when the "correct" gateway becomes unavailable, a blackhole route with identical dst-address is used, instead of the default route via the other gateway which is used if no more specific route is available.

OK, interesting feature, haven't even thought about it.
But it will affect all traffic to that address, and we have some services, which are using direct IP.
For example all wi-fi users are in separate network, and have no access to tunnels, so thay use our web and mail server's direct IPs.
And if our link will go down, we will loose access to remote IP. It's not applicable at this moment.

So if I get you right, 1.1.1.1 and 2.2.2.2 are not just L2TP servers but general purpose servers?

If so, you'll need to use policy based routing - mark packets to UDP port 1701 with a specific routing-mark using /ip firewall mangle rules, and create the two route-pairs above with that routing-mark.
If you use fasttracking, the whole task becomes slightly more complex, see details here.

But if the Mikrotik itself does not need to contact the two servers for anyting but the L2TP tunnels, you can use /ip route rule to choose the routing table upon src-address and dst-address combination instead of the mangle rule. Route rules do not interfere with fasttracking.

So if I get you right, 1.1.1.1 and 2.2.2.2 are not just L2TP servers but general purpose servers?

Just two interfaces of another Mikrotik.

Code: Select all

/ip firewall mangle
add chain=output action=mark-routing protocol=udp dst-port=1701 new-routing-mark=l2tp

/ip route
add routing-mark=l2tp dst-address=server1 distance=1 gateway=gw1
add routing-mark=l2tp dst-address=server1 distance=2 type=blackhole
add routing-mark=l2tp dst-address=server2 distance=1 gateway=gw2
add routing-mark=l2tp dst-address=server2 distance=2 type=blackhole

Allright, that's everything I need. Work's fine for now. Clear and simple. Thank you man.