Forçar VPN usar apenas 1 link de Internet

vagnerfoliveira
(usa Ubuntu)

Enviado em 06/02/2022 - 22:17h

Olá a todos, tenho 2 RBs configuradas com uma VPN site-to-site via OpenVpn. Na RB cliente, tenho 2 links de Internet, fiz todo o procedimento para somar os links, porém se deixo marcado a rota para o link1 a VPN cai e não consigo fazer nem acesso via TS. Acredito que tenho que fazer uma configuração para que, toda a conexão que utiliza a porta 1194 saia somente pelo link1, porém não sei como fazer essa configuração no Microtik.

vitorgvermaas
(usa Linux Mint)

Enviado em 16/02/2022 - 18:08h

Como está o mangle?

vagnerfoliveira
(usa Ubuntu)

Enviado em 21/02/2022 - 05:52h

RB SERVIDOR DA VPN (Não tem 2 links)
/ip firewall mangle
add action=accept chain=prerouting comment="Libera acesso entre a rede interna" dst-address=192.168.0.0/24 src-address=192.168.0.0/24


RB CLIENTE:
/ip firewall mangle
add action=accept chain=prerouting comment="Libera acesso entre a rede interna" dst-address-list="Rede Interna" src-address-list="Rede Interna"
add action=mark-connection chain=prerouting comment="Entrada conexao Link1" connection-mark=no-mark in-interface=WAN log=yes log-prefix=Link1-Conexao new-connection-mark=\
Link1-Conexao passthrough=yes
add action=mark-connection chain=prerouting comment="Entrada conexao Link2" connection-mark=no-mark in-interface=WAN2 new-connection-mark=Link2-Conexao passthrough=yes
add action=mark-routing chain=output comment="Saida conexao Link1" connection-mark=Link1-Conexao new-routing-mark=Link1-rota passthrough=yes
add action=mark-routing chain=output comment="Saida conexao Link2" connection-mark=Link2-Conexao new-routing-mark=Link2-rota passthrough=yes
add action=mark-connection chain=prerouting comment="PCC Balanceamento Link 1 - 4/0" dst-address-type=!local in-interface-list=LANs new-connection-mark=Link1-Conexao \
passthrough=yes per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=prerouting comment="PCC Balanceamento Link 2 - 4/1" dst-address-type=!local in-interface-list=LANs new-connection-mark=Link2-Conexao \
passthrough=yes per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=prerouting comment="PCC Balanceamento Link 2 - 4/2" dst-address-type=!local in-interface-list=LANs new-connection-mark=Link2-Conexao \
passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=prerouting comment="PCC Balanceamento Link 2 - 4/3" dst-address-type=!local in-interface-list=LANs new-connection-mark=Link2-Conexao \
passthrough=yes per-connection-classifier=both-addresses:4/3
add action=mark-routing chain=prerouting comment="PCC marca rota link1" connection-mark=Link1-Conexao in-interface-list=LANs new-routing-mark=Link1-rota passthrough=yes
add action=mark-routing chain=prerouting comment="PCC marca rota link1" connection-mark=Link2-Conexao in-interface-list=LANs new-routing-mark=Link2-rota passthrough=yes
add action=mark-routing chain=prerouting comment="PCC marca rota link1 para a conexao VPN" connection-mark=Link1-Conexao disabled=yes new-routing-mark=Link1-rota \
passthrough=yes src-address=192.168.0.191

vitorgvermaas
(usa Linux Mint)

Enviado em 25/02/2022 - 00:30h

No servidor você vai ter que fazer uma regra pra aceitar conexão vpn desse link, depois no cliente você tem que criar um mangle de mark-packet e direcionar os pacotes do protocolo da sua VPN para o link desejado, L2TP, PPTP ou outras, vai depender de qual é o seu servidor.