Hey Guys,
i've tried nearly anything without an proper solution.
My Setup:
HAP AC3
eth1 --> WAN over PPPOE
eth2 --> WAN over COAX Router
eth3-5 --> Bridge
Standard Route through eth2 (400MBit)
I want ONE Client to go through eth1 because its SIP Telephonie and separated DSL for this.
I mark connections from the IP of the SIP Server, i set Routing Marks for all these connections, i created separate Routing Table where 0.0.0.0/0 goes over eth1, i see the tags in the connections Tab, but the Routing goes through eth2.
# may/15/2022 09:47:30 by RouterOS 7.2.2
# software id = FU2Y-5FQR
#
# model = RBD53iG-5HacD2HnD
# serial number = F34E0FF2DE05
/caps-man channel
add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2412,2437,2462 name=CH-24-Auto tx-power=9
/interface bridge
add admin-mac=DC:2C:6E:5C:AC:05 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=eth1_Telekom
set [ find default-name=ether2 ] name=eth2_PYUR
/interface wireless
# managed by CAPsMAN
# channel: 2437/20/gn(6dBm), SSID: AC, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\
MikroTik-5CAC09 wireless-protocol=802.11
# managed by CAPsMAN
# channel: 5680/20-eeCe/ac/DP(21dBm), SSID: AC, CAPsMAN forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX distance=indoors frequency=auto installation=indoor \
mode=ap-bridge ssid=MikroTik-5CAC0A wireless-protocol=802.11
/interface vlan
add interface=bridge name=VLAN2-GAST vlan-id=2
/caps-man configuration
add channel=CH-24-Auto country=germany datapath.bridge=bridge installation=\
indoor name=AC_24 security.authentication-types=wpa2-psk .encryption=\
aes-ccm,tkip ssid=AC
add country="etsi 5.5-5.7 outdoor" datapath.bridge=bridge name=AC_5 \
security.authentication-types=wpa2-psk .encryption=aes-ccm,tkip ssid=AC
add channel=CH-24-Auto country=germany datapath.bridge=bridge \
.client-to-client-forwarding=no .local-forwarding=yes .vlan-id=2 \
.vlan-mode=use-tag installation=indoor name=AC_24_GAST \
security.authentication-types=wpa2-psk .encryption=aes-ccm,tkip ssid=\
AC-Gast
/interface pppoe-client
add add-default-route=yes default-route-distance=20 disabled=no interface=\
eth1_Telekom name=pppoe-Telekom user=\
XXX
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=Gast ranges=192.168.20.2-192.168.20.254
/ip dhcp-server
add address-pool=Gast interface=VLAN2-GAST name=GAST
/routing table
add disabled=no fib name=Pyur
add disabled=no fib name=Telekom
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn,b \
master-configuration=AC_24 name-format=prefix-identity name-prefix=24
add action=create-dynamic-enabled hw-supported-modes=an,ac \
master-configuration=AC_5 name-format=prefix-identity name-prefix=5
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=pppoe-Telekom list=WAN
add interface=eth2_PYUR list=WAN
add interface=eth1_Telekom list=WAN
/interface ovpn-server server
set auth=sha1,md5
/interface wireless cap
#
set certificate=request discovery-interfaces=bridge enabled=yes interfaces=\
wlan1,wlan2 lock-to-caps-man=yes
/ip address
add address=192.168.10.1/24 interface=bridge network=192.168.10.0
add address=192.168.20.1/24 interface=VLAN2-GAST network=192.168.20.0
add address=192.168.10.2/24 interface=bridge network=192.168.10.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add default-route-distance=10 interface=eth2_PYUR use-peer-dns=no
add default-route-distance=30 interface=bridge
/ip dhcp-server network
add address=192.168.20.0/24 dns-server=1.1.1.3,1.0.0.3 gateway=192.168.20.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall address-list
add address=192.168.10.0/24 list=LAN
add address=192.168.10.3-192.168.10.13 list=LANo3CX
add address=192.168.10.15-192.168.10.254 list=LANo3CX
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
new-connection-mark=3CX passthrough=no src-address=192.168.10.14
add action=mark-connection chain=prerouting connection-mark=no-mark \
new-connection-mark=3CX passthrough=no src-address=192.168.10.15
add action=mark-routing chain=prerouting connection-mark=3CX \
new-routing-mark=Telekom passthrough=no
add action=mark-routing chain=output connection-mark=3CX new-routing-mark=\
Telekom passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Exchange SMTP" dst-address=\
192.168.10.253 dst-port=25 protocol=tcp to-addresses=192.168.10.253 \
to-ports=25
add action=dst-nat chain=dstnat comment="Exchange OWA" dst-address=\
192.168.10.253 dst-port=443 protocol=tcp to-addresses=192.168.10.253 \
to-ports=443
add action=dst-nat chain=dstnat comment="Exchange Lets Encrypt Challenge" \
dst-address=192.168.10.253 dst-port=80 protocol=tcp to-addresses=\
192.168.10.253 to-ports=80
add action=dst-nat chain=dstnat comment=Mailstore dst-address=192.168.10.13 \
dst-port=8462 protocol=tcp to-addresses=192.168.10.13 to-ports=8462
add action=dst-nat chain=dstnat comment="3CX Webclient" dst-port=5001 \
in-interface=pppoe-Telekom protocol=tcp to-addresses=192.168.10.14 \
to-ports=5001
add action=dst-nat chain=dstnat comment="3CX SIP TCP" disabled=yes \
dst-address=192.168.10.14 dst-port=5060 protocol=tcp to-addresses=\
192.168.10.14 to-ports=5060
add action=dst-nat chain=dstnat comment="3CX RTP" dst-port=9000-10999 \
in-interface=pppoe-Telekom protocol=udp to-addresses=192.168.10.14 \
to-ports=9000-10999
add action=dst-nat chain=dstnat comment="3CX Tunnel TCP" dst-port=5090 \
in-interface=pppoe-Telekom protocol=tcp to-addresses=192.168.10.14 \
to-ports=5090
add action=dst-nat chain=dstnat comment="3CX Tunnel UDP" dst-port=5090 \
in-interface=pppoe-Telekom protocol=udp to-addresses=192.168.10.14 \
to-ports=5090
add action=dst-nat chain=dstnat comment="3CX SIP UDP" disabled=yes \
dst-address=192.168.10.14 dst-port=5060 protocol=udp to-addresses=\
192.168.10.14 to-ports=5060
/ip firewall service-port
set sip disabled=yes
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe-Telekom routing-table=Telekom suppress-hw-offload=no
/routing rule
add action=lookup-only-in-table disabled=yes dst-address=::/0 src-address=\
192.168.10.13/32 table=Pyur
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=AC-GW
/system leds
set 0 interface=wlan1 leds=led1,led2,led3,led4,led5 type=\
wireless-signal-strength
set 1 leds=poe-led type=poe-out
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN