Недавно обновился на ROS7, и понял что что то не работает, а именно VPN.
На в старом конфиги была маркировка части пакетов через VPN.
Сейчас над делать через таблицы маршрутизации.
Таблицы сделал, в mangle прописал пути, но все равно что то не выходит.
Конфиг выкладываю, может что подскажет, в какую сторону копать.
Спасибо.
Код: Выделить всё
# jan/30/2022 11:54:50 by RouterOS 7.1
# software id = 2JDZ-J2NN
#
# model = RBD53iG-5HacD2HnD
# serial number =
/interface bridge
add arp=reply-only fast-forward=no name=bridge1
/interface ethernet
set [ find default-name=ether1 ] advertise=100M-full,1000M-full,2500M-full \
comment=WAN rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether2 ] advertise=100M-full,1000M-full,2500M-full \
rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether3 ] advertise=100M-full,1000M-full
set [ find default-name=ether4 ] advertise=100M-full,1000M-full comment=NAS
set [ find default-name=ether5 ] advertise=100M-full,1000M-full comment=\
"PC LAN"
/interface ovpn-client
add comment=vpn connect-to=vpnse01.fornex.org mac-address=*** \
name=ovpn-out1 port=*** user=***
/interface list
add name=LAN
add name=WAN
add exclude=dynamic name=discover
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=WIFI \
supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
band=2ghz-onlyn country=russia4 disabled=no distance=indoors frequency=\
2462 frequency-mode=manual-txpower mode=ap-bridge multicast-helper=full \
security-profile=WIFI ssid=MikroTik_2.4 wireless-protocol=802.11 \
wmm-support=enabled wps-mode=disabled
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode \
band=5ghz-onlyac channel-width=20/40/80mhz-eeeC country=russia4 disabled=\
no distance=indoors frequency=5320 frequency-mode=manual-txpower mode=\
ap-bridge multicast-helper=full security-profile=WIFI ssid=MikroTik_5 \
wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
/ip pool
add name=pool1 ranges=10.10.1.5-10.10.1.198
/ip dhcp-server
add add-arp=yes address-pool=pool1 bootp-support=dynamic interface=bridge1 \
name=server1
/routing bgp template
set default as=65530 disabled=no name=default output.network=bgp-networks
/routing ospf instance
add name=default-v2
/routing ospf area
add instance=default-v2 name=backbone-v2
/routing table
add disabled=no fib name=VPN_list
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=wlan1
add bridge=bridge1 ingress-filtering=no interface=wlan2
add bridge=bridge1 ingress-filtering=no interface=ether2
add bridge=bridge1 ingress-filtering=no interface=ether3
add bridge=bridge1 ingress-filtering=no interface=ether4
add bridge=bridge1 ingress-filtering=no interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set tcp-syncookies=yes
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=bridge1 list=LAN
add interface=ether1 list=WAN
add interface=ovpn-out1 list=WAN
/ip address
add address=10.10.1.254/24 comment=local interface=bridge1 network=10.10.1.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server lease
add address=10.10.1.45 client-id=1:0:11:32:64:cf:7e comment=NAS mac-address=\
00:11:32:64:CF:7E server=server1
add address=10.10.1.22 client-id=1:16:1e:9d:dc:12:72 comment="ipad pro" \
mac-address=16:1E:9D:DC:12:72 server=server1
/ip dhcp-server network
add address=10.10.1.0/24 dns-server=10.10.1.254 gateway=10.10.1.254 netmask=\
24
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=\
established,related hw-offload=yes
add action=accept chain=input connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=accept chain=input protocol=icmp
add action=drop chain=input in-interface-list=!LAN
add action=accept chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward connection-nat-state=!dstnat connection-state=\
new in-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=ether1 new-connection-mark=first
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=ovpn-out1 new-connection-mark=second
add action=mark-routing chain=prerouting connection-mark=first \
in-interface-list=!WAN passthrough=yes
add action=mark-routing chain=prerouting connection-mark=second \
in-interface-list=!WAN passthrough=yes
add action=mark-routing chain=output connection-mark=first new-routing-mark=\
main passthrough=yes
add action=mark-routing chain=output connection-mark=second new-routing-mark=\
VPN_list passthrough=yes
add action=mark-routing chain=output connection-mark=second new-routing-mark=\
VPN_list passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="\D1\F2\E0\ED\E4\E0\F0\F2" \
out-interface=ether1
add action=masquerade chain=srcnat comment=VPN out-interface=ovpn-out1
/ip route
add disabled=no distance=255 dst-address=169.254.156.22/32 gateway=10.8.0.5 \
pref-src="" routing-table=main scope=11 suppress-hw-offload=no \
target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set www-ssl disabled=no
set api disabled=yes
set api-ssl disabled=yes
/routing rule
add action=lookup-only-in-table disabled=no routing-mark=VPN_list table=\
VPN_list
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Stockholm
/system identity
set name=MikroTik_Master
/system leds
set 0 disabled=yes interface=wlan1 leds=led1,led2,led3,led4,led5 type=\
wireless-signal-strength
set 1 leds=poe-led type=poe-out
set 2 interface=ether4 leds=led4 type=interface-status
set 3 disabled=yes interface=ether1 leds="" type=interface-status
set 4 interface=ether1 leds=led1 type=interface-status
/system logging
add topics=wireless
/system ntp client
set enabled=yes
/system ntp client servers
add address=ru.pool.sntp.org
/system package update
set channel=long-term
/system routerboard settings
# Firmware upgraded successfully, please reboot for changes to take effect!
set auto-upgrade=yes
/system scheduler
add comment="\CE\F2\EA\EB\FE\F7\E5\ED\E8\E5 WLAN1" disabled=yes interval=\
23h59m name="WLAN1 OFF" on-event="/interface disable 5" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=may/20/2021 start-time=23:00:00
add comment="\C2\EA\EB\FE\F7\E5\ED\E8\E5 WLAN1" disabled=yes interval=23h59m \
name="WLAN1 ON" on-event="/interface enable 5" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=may/21/2021 start-time=06:00:00
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set filter-interface=ether1 filter-stream=yes streaming-enabled=yes \
streaming-server=10.10.1.13