Community discussions

MikroTik App
 
jaxed7
newbie
Topic Author
Posts: 32
Joined: Wed May 17, 2023 11:15 pm

Routing in V7.9 after V6.49.7

Wed May 17, 2023 11:40 pm

Hello all,

After using V6.49 for a long time, I finally decided to upgrade to V7.9. However, it's not working as it was supposed to. I spent a few hours trying to fix it, but couldn't find the solution, so I figured I would ask for help here.

What I want to achieve is to use an interface (L2TP/L2TPv3 or OVPN) as a VPN to route the traffic of some of my devices. There is an address list called "individual-VPN" for that purpose, and all the traffic from or to those devices should go through the VPN interface. The rest, which are not on the address list, should bypass it. There's also another address list called "excluded-addresses," which are some public IP addresses that I want to bypass the VPN interface, even if the connection is being made from the devices in the "individual-VPN" address list.

I'm also using the "Use peer DNS" option of the VPN interface, which is a local IP "172.69.85.0" from the VPN server for my router and devices.
All of these were working fine on V6.49.7, but I'm having a hard time setting it up on V7.9.
Any help would be highly appreciated.
 
jaxed7
newbie
Topic Author
Posts: 32
Joined: Wed May 17, 2023 11:15 pm

Re: Routing in V7.9 after V6.49.7

Fri May 19, 2023 3:56 am

Any Idea?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Routing in V7.9 after V6.49.7

Fri May 19, 2023 3:48 pm

Routing is no different from an IPSEC setting perspective from what I gather ( not conversant in IPSEC ),
Where it makes a difference besides deeper nuances is

a. mangling for routes
b. routing rules for routes
c. tables for routes
d. recursive routing.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Routing in V7.9 after V6.49.7

Fri May 19, 2023 4:26 pm

You may want to check this wiki page from Mikrotik:
https://help.mikrotik.com/docs/display/ ... h+examples
 
jaxed7
newbie
Topic Author
Posts: 32
Joined: Wed May 17, 2023 11:15 pm

Re: Routing in V7.9 after V6.49.7

Fri May 19, 2023 9:54 pm

Thanks @anav @holvoetn
I've tried these but only success was in routing traffic thorough VPN interface and the IPs in "excluded-addresses" didn't bypass the VPN interface and also the other devices that they weren't in "individual-VPN" address list couldn't access the internet at all.
 
jaxed7
newbie
Topic Author
Posts: 32
Joined: Wed May 17, 2023 11:15 pm

Re: Routing in V7.9 after V6.49.7

Sun May 21, 2023 3:34 am

Any idea?
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Routing in V7.9 after V6.49.7

Sun May 21, 2023 4:53 am

Maybe this can help
In v7 it is not possible to turn off synchronization with IGP routes (the network will be advertised only if the corresponding IGP route is present in the routing table).
https://help.mikrotik.com/docs/display/ ... s-Networks
 
jaxed7
newbie
Topic Author
Posts: 32
Joined: Wed May 17, 2023 11:15 pm

Re: Routing in V7.9 after V6.49.7

Tue May 23, 2023 3:21 am

I don't get it what it got to do with IGP?
Can you shed some light on this?
 
jaxed7
newbie
Topic Author
Posts: 32
Joined: Wed May 17, 2023 11:15 pm

Re: Routing in V7.9 after V6.49.7

Tue May 23, 2023 3:22 am

This is my current working config on V6.49.7
Last edited by jaxed7 on Sat Jun 10, 2023 6:40 am, edited 1 time in total.
 
jaxed7
newbie
Topic Author
Posts: 32
Joined: Wed May 17, 2023 11:15 pm

Re: Routing in V7.9 after V6.49.7

Thu May 25, 2023 2:37 am

Anyone?
 
jaxed7
newbie
Topic Author
Posts: 32
Joined: Wed May 17, 2023 11:15 pm

Re: Routing in V7.9 after V6.49.7

Sun May 28, 2023 5:22 pm

UP!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Routing in V7.9 after V6.49.7

Sun May 28, 2023 6:15 pm

Get rid of the bloatware and start from a standard default firewall ruleset and then add the traffic flow you need without all the extra blocking stuff.
Otherwise one cannot see the forest from the trees.
Would love to help but I wouldnt know where to begin,
Stick to standard settings not sure why you are mangling inside ipsec rules............
 
jaxed7
newbie
Topic Author
Posts: 32
Joined: Wed May 17, 2023 11:15 pm

Re: Routing in V7.9 after V6.49.7

Sat Jun 10, 2023 6:45 am

I'm sorry for that confusing config, let me put my request this way:

Can you give me the code to route all the traffic of local IPs in address-list called "VPN11" containing "192.168.1.11,192.168.1.12,192.168.1.13" inside L2TP_V3 interface which is not using IPsec (It's "l2tpv3 ip") and then route IPs in address-list called "noVPN11" containing "15.24.16.48,16.48.152.145,132.156.185.15" out of that interface (Or directly send to WAN) when if the connection where made from IPs in address-list "VPN11".

For now this will do the job then I will work on DNS part.
 
jaxed7
newbie
Topic Author
Posts: 32
Joined: Wed May 17, 2023 11:15 pm

Re: Routing in V7.9 after V6.49.7

Sat Jun 10, 2023 9:20 am

I notice something strange about DNS on V7, I have VM on my ESXi server running pihole as DNS server on V6 I entered the IP address of that VM on /ip dns of mikrotik and use the router IP as DNS server on client but now on V7 it's not working, if I set that VM IP on the clients devices it will work but if I set that IP on router and then use router on clients devices it's not gonna work.

Who is online

Users browsing this forum: No registered users and 62 guests