Community discussions

 
msatter
Forum Veteran
Forum Veteran
Topic Author
Posts: 967
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Using action=route in Mangle

Fri Dec 07, 2018 10:31 pm

I want to use action=route in Mangle with a SSTP connection. And in that rule I put in DST-address, the Local Address of the SSTP connection.

It seems to work but the packets returning back from the SSTP are not arriving back at my client. After a few seconds I get (ACK/RST) back on OUTPUT and those are marked connection state invalid.

What I am doing wrong?
RB760iGS (hEX S) with the SFP being cooled.
Running:
RouterOS 6.44Beta40 / Winbox 3.18 / MikroTik APP 1.0.13
Cooling a SFP module: viewtopic.php?f=3&t=132258&p=671105#p671105
 
sebastia
Long time Member
Long time Member
Posts: 684
Joined: Tue Oct 12, 2010 3:23 am

Re: Using action=route in Mangle

Fri Dec 07, 2018 11:08 pm

Hey

Just a thought: are you natting these packets? I would expect that to still be needed. Or does the remote site knows what networks are reachable over the tunnel?
 
msatter
Forum Veteran
Forum Veteran
Topic Author
Posts: 967
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Using action=route in Mangle

Sat Dec 08, 2018 12:04 am

I want to do without the NAT and the SSTP is to a VPN provider.

Because I received (invalid) packets back, pointing to the correct client and port I think the other side is natting.

Next I will look with torch what traffic is passing and what direction.
RB760iGS (hEX S) with the SFP being cooled.
Running:
RouterOS 6.44Beta40 / Winbox 3.18 / MikroTik APP 1.0.13
Cooling a SFP module: viewtopic.php?f=3&t=132258&p=671105#p671105
 
shiyiqiang08
newbie
Posts: 29
Joined: Wed Dec 05, 2018 7:35 am

Re: Using action=route in Mangle

Sat Dec 08, 2018 10:22 am

I want to use action=route in Mangle with a SSTP connection. And in that rule I put in DST-address, the Local Address of the SSTP connection.

It seems to work but the packets returning back from the SSTP are not arriving back at my client. After a few seconds I get (ACK/RST) back on OUTPUT and those are marked connection state invalid.

What I am doing wrong?
when you add mangle rule of route ,you can add in interface of the rule and add dst-address-type != local.
 
msatter
Forum Veteran
Forum Veteran
Topic Author
Posts: 967
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Using action=route in Mangle

Sat Dec 08, 2018 11:54 am

Thanks shiyiqiang08, it did not make it working.

I used torch and nothing went over the connection when using the Local Address (gateway). When I used the Remote Address packets were visible but they did not return.

Looking at the connection table I see a difference between NAT and Direct.
NAT
192.168.0.2 --> 123.12.35.41 --> 123.12.35.41 --->172.98.47.52
Direct.
192.168.0.2 --> 123.12.35.41 --> 123.12.35.41 --->192.168.0.2

The used IP addresses are fake.
RB760iGS (hEX S) with the SFP being cooled.
Running:
RouterOS 6.44Beta40 / Winbox 3.18 / MikroTik APP 1.0.13
Cooling a SFP module: viewtopic.php?f=3&t=132258&p=671105#p671105

Who is online

Users browsing this forum: Google [Bot] and 79 guests