Community discussions

MikroTik App
 
SergioGC
just joined
Topic Author
Posts: 7
Joined: Tue Jan 24, 2023 12:03 pm

Routeros 7 mangle changes?

Wed Feb 01, 2023 11:38 am

Hi all,

I have been working with the following configuration for years but since version 7.4.1 I have some problems. Load balancing works fine but I can't reach my OVPN server, if I modify some mangle rules I am able to reach my OVPN server but load balancing stop working. It is necessary that both ISP routers use the same IP address.
mkt1.png
These are the mangle and IP route configurations.

Mangle

chain=prerouting action=accept src-address-list=lan dst-address-list=lan

chain=input action=mark-connection new-connection-mark=ISP1 passthrough=yes connection-mark=no-mark in-interface=ISP1

chain=output action=mark-routing new-routing-mark=ISP1 passthrough=yes connection-mark=ISP1

chain=forward action=mark-connection new-connection-mark=ISP1 passthrough=yes connection-mark=no-mark in-interface=ISP1

chain=input action=mark-connection new-connection-mark=ISP2 passthrough=yes connection-mark=no-mark in-interface=ISP2

chain=output action=mark-routing new-routing-mark=ISP2 passthrough=yes connection-mark=ISP2

chain=forward action=mark-connection new-connection-mark=ISP2 passthrough=yes connection-mark=no-mark in-interface=ISP2

chain=prerouting action=mark-routing new-routing-mark=ISP1 passthrough=yes connection-mark=ISP1

chain=prerouting action=mark-routing new-routing-mark=ISP2 passthrough=yes connection-mark=ISP2 log=no log-prefix=""

chain=prerouting action=jump jump-target=Balancer1 connection-state=new dst-address-type=!local src-address-list=Balancer1 connection-mark=no-mark

chain=Balancer1 action=mark-connection new-connection-mark=ISP1 passthrough=yes per-connection-classifier=both-addresses:2/0

chain=Balancer1 action=mark-connection new-connection-mark=ISP2 passthrough=yes per-connection-classifier=both-addresses:2/1

IP Routes

add distance=1 dst-address=172.16.0.0/16 gateway=Hotspot1 pref-src=172.16.0.1 routing-table=ISP1 scope=10
add distance=1 dst-address=192.168.32.0/23 gateway=Hotspot1 pref-src=192.168.33.1 routing-table=ISP1 scope=10
add comment=ISP1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.254%ISP1 routing-table=ISP1
add comment="ISP1 - main" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.254%ISP1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add disabled=no distance=1 dst-address=172.16.0.0/16 gateway=Hotspot1 pref-src=172.16.0.1 routing-table=ISP2 scope=10 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=192.168.32.0/23 gateway=Hotspot1 pref-src=192.168.33.1 routing-table=ISP2 scope=10 suppress-hw-offload=no target-scope=10
add comment=ISP2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.254%ISP2 routing-table=ISP2
add comment="ISP2 - main" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.1.254%ISP2 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10

Lan address list are all the private IPs networks and Balancer address list is my private network.

I have checked the changelogs and I don't see anything that could affect it. Does anyone have the same problem or can help me?
You do not have the required permissions to view the files attached to this post.
 
SergioGC
just joined
Topic Author
Posts: 7
Joined: Tue Jan 24, 2023 12:03 pm

Re: Routeros 7 mangle changes?

Thu Feb 02, 2023 6:13 pm

Can someone help me? @normis It has worked for years, what has changed since 7.4.1 version? I have several CCR2004 with 7.4.1 as factory firmware so I need to fix my configuration to be able to install them.
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Routeros 7 mangle changes?

Thu Feb 02, 2023 6:23 pm

Things have changed. It is still a work in progress, but you can view a working configuration here. Download Example 1.
 
SergioGC
just joined
Topic Author
Posts: 7
Joined: Tue Jan 24, 2023 12:03 pm

Re: Routeros 7 mangle changes?

Fri Feb 03, 2023 10:03 am

@pcunite Thank you for your answer but It doesn't work on my setup. The problem is that my configuration worked for like 5-6 yeas without problem and now since 7.4.1 version it doesn't work. I have made some tests and it seems that mangle is making something wrong or the route mark is not going through the route with the mark.

In addition, I will explain you my desired configuration to see if we can make it work properly. I want to apply PCC to the devices added to address list "Balancer1", with PCC I want to balance my connections through some routers( It is necessary that the routers can have the same IP address). It is also needed that I could make port forwarding through all the routers to devices inside my network. In all my test I could make work PCC and port forwarding but not at the same time.
 
SergioGC
just joined
Topic Author
Posts: 7
Joined: Tue Jan 24, 2023 12:03 pm

Re: Routeros 7 mangle changes?

Mon Feb 06, 2023 12:53 pm

Anyone can help me to fix my configuration? I need to fix it soon because I have serveral CCR2004 that I can't downgrade from 7.4.1
 
abedkarmi
just joined
Posts: 1
Joined: Sun Mar 26, 2023 6:19 pm

Re: Routeros 7 mangle changes?

Mon Mar 27, 2023 4:29 am

I have the same issue with mangle and l2tp, the packets are routed out through vpn, and coming back, but do not reach source. The link is broken. I tried everything you mau think of, with no luck.

Vpn is working routing/rules not with mangle!

We need help on this, must be fixed by MikroTik.

Who is online

Users browsing this forum: Bing [Bot], ccrsxx, GoogleOther [Bot], onnyloh and 64 guests