Community discussions

MikroTik App
 
beer
just joined
Topic Author
Posts: 1
Joined: Wed Oct 27, 2021 5:23 am

prorouting & mark routing help

Wed Oct 27, 2021 5:35 am

My company uses routerOS version 7.1rc5. The company is headquartered in China. It has two branches in Singapore and Laos. I use wireguardVPN to connect. I hope that the traffic to outside China will go out of the Singapore node, and the traffic to Laos will be from The Laos node goes out, Singapore and Laos visit China's data, and go out from the Chinese node. I used the routing label scheme. In the ip firewall, the mangle adds marking routing to the data packets. Then the routing table is used in the ip routes to distinguish them. But I see from the traceroute, the path of the data packet does not follow the different routing directions. However, from the google point of view, it shows that I am indeed connected from the exit of Singapore. Did I do something wrong?


/interface pppoe-client
add disabled=no interface=out_mobile name=pppoe-out-mobile use-peer-dns=yes \
user=****
add disabled=no interface=out_telecom name=pppoe-out-telecom use-peer-dns=yes \
user=******
/interface wireguard
add listen-port=13231 name=wireguard-sgp
add listen-port=12321 name=wireguard1-laos

/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint-address=********** endpoint-port=\
12321 interface=wireguard1-laos persistent-keepalive=25s public-key=\
"******************************"
add allowed-address=0.0.0.0/0 endpoint-address=********** endpoint-port=\
12321 interface=wireguard-sgp persistent-keepalive=25s public-key=\
"*******************************"

/ip address
add address=192.168.10.1/24 interface=inside network=192.168.10.0
add address=192.168.88.1/24 interface=wireguard1-laos network=192.168.88.0
add address=10.0.0.5/24 interface=wireguard-sgp network=10.0.0.0

/ip firewall address-list
add address=5.182.60.0/22 list=CN
add address=45.82.236.0/22 list=CN
*
*
*
*
*
*


/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes \
protocol=tcp tcp-flags=syn
add action=change-mss chain=output new-mss=clamp-to-pmtu passthrough=no \
protocol=tcp tcp-flags=syn
add action=mark-routing chain=prerouting dst-address-list=LA \
new-routing-mark=lao passthrough=no protocol=udp src-address-list=proxy
add action=mark-routing chain=prerouting dst-address-list=!CN \
new-routing-mark=VPN passthrough=no protocol=udp src-address-list=proxy
add action=mark-routing chain=prerouting dst-address-list=!CN \
new-routing-mark=VPN passthrough=yes protocol=tcp src-address-list=proxy
add action=mark-routing chain=prerouting dst-address-list=LA \
new-routing-mark=lao passthrough=yes protocol=tcp src-address-list=proxy


add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wireguard1-laos \
pref-src="" routing-table=lao scope=30 suppress-hw-offload=no \
target-scope=10

add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out-telecom \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no dst-address=0.0.0.0/0 gateway=wireguard-sgp routing-table=VPN \
suppress-hw-offload=no

Who is online

Users browsing this forum: No registered users and 3 guests