ospf, vpn, 2 wan

Обсуждение ПО и его настройки
Ответить
gleb.savin
Сообщения: 2
Зарегистрирован: 04 дек 2018, 17:25

Здравствуйте, есть задача сделать резервирование канала, что бы если падает один канал, впн подолжал работать и удаленные сервисы были доступны.

нашел статью http://papa-admin.ru/mikrotik/129-mikro ... D0%BB.html

все сделал по инструкции (10 раз :)) работать как нужно не хочет, впн постоянно отваливается, обратно с резервного канала толком не переключается, где то в статье косяк или у меня кривые руки? как их лечить? :) Спасибо.

скрин настроек https://pp.userapi.com/c851436/v8514369 ... MpBNSg.jpg

офис

Код: Выделить всё

# dec/04/2018 14:33:29 by RouterOS 6.43.4
# software id = 
#
#
#
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
/interface l2tp-server
add name=l2tp-in01 user=l2tp-01
/interface sstp-server
add name=sstp-in01 user=sstp-01
/interface pptp-server
add name=pptp-in01 user=""
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool-l2tp ranges=10.1.1.2-10.1.1.99
add name=pool-sstp ranges=10.1.2.2-10.1.2.99
/ppp profile
add change-tcp-mss=yes interface-list=WAN local-address=10.1.1.1 name=\
    profile-l2tp remote-address=pool-l2tp use-encryption=yes
add change-tcp-mss=yes interface-list=WAN local-address=10.1.2.1 name=\
    profile-sstp remote-address=pool-sstp use-encryption=yes
/routing ospf instance
set [ find default=yes ] router-id=10.20.30.1
/interface l2tp-server server
set authentication=mschap2 default-profile=profile-l2tp enabled=yes
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set authentication=mschap2 default-profile=profile-sstp enabled=yes
/ip address
add address=10.20.30.1/24 interface=ether2 network=10.20.30.0
add address=5.188.53.68/24 interface=ether1 network=5.188.53.0
add address=5.188.53.71/24 interface=ether1 network=5.188.53.0
/ip firewall filter
add action=accept chain=forward
add action=accept chain=input disabled=yes dst-address=5.188.53.68
add action=accept chain=forward disabled=yes
add action=accept chain=input comment=icmp disabled=yes protocol=icmp
add action=accept chain=input comment="established & related" \
    connection-state=established,related
add action=accept chain=input comment=l2tp dst-port=1701 in-interface=ether1 \
    protocol=udp
add action=accept chain=input comment=sstp dst-port=443 in-interface=ether1 \
    protocol=tcp
add action=accept chain=input comment=ospf disabled=yes in-interface=all-ppp \
    protocol=ospf
add action=accept chain=input comment=bfd disabled=yes dst-port=3784-3785 \
    in-interface=all-ppp protocol=udp
add action=accept chain=input dst-address=5.188.53.70
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1 src-address=\
    10.20.30.0/24
/ip route
add distance=1 gateway=5.188.53.1 pref-src=5.188.53.68
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=0.0.0.0/0
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add name=l2tp-01 password=111111111111 profile=profile-l2tp service=l2tp
add name=sstp-01 password=11111111111 profile=profile-sstp service=sstp
add name=pptp-01 password=11111111111 profile=profile-sstp service=pptp
/routing ospf interface
add interface=l2tp-in01 network-type=broadcast use-bfd=yes
add cost=20 interface=sstp-in01 network-type=broadcast
/routing ospf network
add area=backbone network=10.1.1.0/24
add area=backbone network=10.1.2.0/24
add area=backbone network=10.20.30.0/24
/system identity
set name=Office
филиал

Код: Выделить всё

# jan/02/1970 02:07:30 by RouterOS 6.43.4
# software id = IQGD-KKFF
#
# model = 951Ui-2nD
# serial number = 7C2607BF88E5
/interface bridge
add fast-forward=no name=bridge1
/interface l2tp-client
add connect-to=5.188.53.68 disabled=no name=l2tp-out1 password=11111111 user=\
    l2tp-01
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.55.1-192.168.55.253
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge1 name=dhcp1
/interface sstp-client
add connect-to=5.188.53.71 disabled=no name=sstp-out1 password=11111111111 \
    profile=default-encryption user=sstp-01
/routing ospf instance
set [ find default=yes ] router-id=192.168.55.0
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/ip address
add address=192.168.0.14/24 interface=ether1 network=192.168.0.0
add address=83.171.98.88/23 interface=ether2 network=83.171.98.0
add address=192.168.55.254/24 interface=bridge1 network=192.168.55.0
/ip dhcp-server network
add address=192.168.55.0/24 dns-server=8.8.8.8 gateway=192.168.55.254
/ip firewall mangle
add action=mark-connection chain=output comment=l2tp_c_udp dst-port=1701 \
    new-connection-mark=l2tp_c passthrough=yes protocol=udp
add action=mark-routing chain=output comment=l2tp_r connection-mark=l2tp_c \
    new-routing-mark=isp1only passthrough=no
add action=mark-connection chain=output comment=sstp_c dst-port=443 \
    new-connection-mark=sstp_c passthrough=yes protocol=tcp
add action=mark-routing chain=output comment=sstp_r connection-mark=sstp_c \
    new-routing-mark=isp2only passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add comment=MArked distance=1 gateway=192.168.0.129 routing-mark=isp1only
add comment=zaglushka distance=2 routing-mark=isp1only type=unreachable
add distance=1 gateway=83.171.98.1 routing-mark=isp2only
add distance=2 routing-mark=isp2only type=unreachable
add check-gateway=ping comment=Recursive distance=1 gateway=8.8.8.8 \
    target-scope=30
add check-gateway=ping distance=2 gateway=8.8.4.4 target-scope=30
add comment="Recursive 2" distance=1 dst-address=8.8.4.4/32 gateway=\
    83.171.98.1
add distance=1 dst-address=8.8.8.8/32 gateway=192.168.0.129
/routing ospf interface
add interface=l2tp-out1 network-type=broadcast use-bfd=yes
add cost=20 interface=sstp-out1 network-type=broadcast
add cost=5 interface=bridge1 network-type=broadcast
/routing ospf network
add area=backbone network=10.1.1.0/24
add area=backbone network=10.1.2.0/24
add area=backbone network=192.168.55.0/24
/system routerboard settings
set silent-boot=no


easyman
Сообщения: 108
Зарегистрирован: 19 окт 2018, 13:44

eoip over ipsec на каждый wan и bonding нет желания?


Ответить