I added second internet access to the main router (failover).
I put it in its own bridge, made masquerade rules and added route with correct metrics.
ROUTE:
Code: Select all
/ip route
add check-gateway=ping comment="MAIN - SLOW INTERNET" distance=2 gateway=192.168.0.1
add check-gateway=ping comment="BACKUP FAST INTERNET" distance=1 gateway=192.168.100.1
NAT:
Code: Select all
0 ;;; MASQUERADE INTERNET - MAIN
chain=srcnat action=masquerade out-interface=INTERNET-MAIN log=no log-prefix="" ipsec-policy=out,none
1 ;;; MASQUERADE BACKUP INTERNET
chain=srcnat action=masquerade out-interface=INTERNET-BACKUP log=no log-prefix="" ipsec-policy=out,none
I made a static interface for the VPN and under secrets defined routes for remote server and network (l2tp / ipsec):
Code: Select all
/ppp secret
add local-address=10.10.100.1 name=cooler password="PASS" profile=cooler-profile remote-address=10.10.100.10 routes="10.10.11.0/24 10.10.100.10 1" service=l2tp
When I change metrics, so the slower internet is active and faster is backup, all is dandy (meaning if the main fails, the backup is there, as, well, backup.
I tried making manual route, like this:
Code: Select all
/ip route add dst-address=10.10.100.10 gateway=<gateway-of-INTERNET-MAIN> distance=1
Print from routers gives me an auto values with metric 0 and another one that i set to direct traffic that are used for VPN:
Code: Select all
ADC 10.10.100.10/32 10.10.100.1 l2tp-cooler-... 0
ADS 10.10.11.0/24 10.10.100.10 1
Would appreciate if someone could drop in their 2c and help...
thanks