[Mikrotik] Load balancing VPN tunnels

Thu, 04 Apr 2013 21:27:55 -0700 

I need help to find a solution to load balance a remote office using 4 
satellite link to my head office.

I have tried setting up 4 pptp tunnel witch seems to work, but when looking at 
my output log from the remote office all the gre protocol stuff is going out 
from the same interface and doesn't use the tracking from my mangle rule.

Here are my mangle rules..

# jan/02/1970 00:34:41 by RouterOS 6.0rc12
# software id = 1M45-Q3W3
#
/ip firewall mangle
add action=mark-routing chain=output comment=\
    "Force pptp tunnel 1 creation on WAN1 using destination IP x.x.x.125" \
    disabled=no dst-address=x.x.x.125 new-routing-mark=to_WAN1 \
    passthrough=no
add action=mark-routing chain=output comment=\
    "Force pptp tunnel 2 creation on WAN2 using destination IP x.x.x.126" \
    disabled=no dst-address=x.x.x.126 new-routing-mark=to_WAN2 \
    passthrough=no
add action=mark-connection chain=prerouting comment=\
    "Accept without mangle all traffic going to router WAN1" disabled=no \
    dst-address=192.168.0.0/24 in-interface=ether1 new-connection-mark=\
    WAN1_conn
add action=mark-connection chain=prerouting comment=\
    "Accept without mangle all traffic going to router WAN2" disabled=no \
    dst-address=192.168.1.0/24 in-interface=ether1 new-connection-mark=\
    WAN2_conn
add action=mark-connection chain=prerouting comment=\
    "Mark all new connection from WAN1 (dst-nat)" connection-mark=no-mark \
    disabled=no in-interface=ether4 new-connection-mark=WAN1_conn
add action=mark-connection chain=prerouting comment=\
    "Mark all new connection from WAN2 (dst-nat)" connection-mark=no-mark \
    disabled=no in-interface=ether5 new-connection-mark=WAN2_conn
add action=mark-connection chain=prerouting comment=\
    "LB all new connection from LAN to WAN1 (2/0)" connection-mark=no-mark \
    disabled=no dst-address-type=!local in-interface=ether1 \
    new-connection-mark=WAN1_conn per-connection-classifier=\
    both-addresses:2/0
add action=mark-connection chain=prerouting comment=\
    "LB all new connection from LAN to WAN2 (2/1)" connection-mark=no-mark \
    disabled=no dst-address-type=!local in-interface=ether1 \
    new-connection-mark=WAN2_conn per-connection-classifier=\
    both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=\
    no in-interface=ether1 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn disabled=\
    no in-interface=ether1 new-routing-mark=to_WAN2
add action=mark-routing chain=output connection-mark=WAN1_conn disabled=no \
    dst-address=!x.x.x.125-x.x.x126 new-routing-mark=to_WAN1 \
    out-interface=ether4
add action=mark-routing chain=output connection-mark=WAN2_conn disabled=no \
    dst-address=!x.x.x.125-x.x.x126 new-routing-mark=to_WAN2 \
    out-interface=ether5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20130405/c5941018/attachment.html>
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Reply via email to