Конфигурация сети: в порт 1 включен провод от провайдера (on-lime) все клиенты через wifi.
На роутере запущен ovpn-client (TgVPN), с настройками по умолчанию все работает. Весь трафик идет через VPN.
Если убрать галку с "Add Default Route" и прописать маршрут:
Код: Выделить всё
/ip route
add distance=1 gateway=TgVPN
не пингуется
ping ya.ru
ping: ya.ru: Name or service not known
в логе появляются сообщения об отключении/подключении TgVPN каждые 10 сек.
Что происходит? Как прописать маршруты вручную?
Планирую пустить часть трафика мимо VPN.
конфигурация:
Код: Выделить всё
/interface bridge
add fast-forward=no name=bridge
/interface ethernet
set [ find default-name=ether3 ] name=LAN1
set [ find default-name=ether4 ] name=LAN2
set [ find default-name=ether5 ] name=LAN3
set [ find default-name=ether2 ] name=RPI
set [ find default-name=ether1 ] name=WAN
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode band=2ghz-b/g/n channel-width=20/40mhz-Ce country=russia disabled=no distance=indoors frequency-mode=regulatory-domain guard-interval=long hw-protection-mode=rts-cts mode=ap-bridge ssid=Mirkwood wireless-protocol=802.11 wmm-support=enabled
/interface wireless nstreme
set wlan1 enable-polling=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=*** wpa-pre-shared-key=*** wpa2-pre-shared-key=***
/ip pool
add name=dhcp_pool1 ranges=192.168.88.101-192.168.88.199
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge lease-time=23h59m59s name=dhcp1
/interface ovpn-client
add add-default-route=yes certificate=key.cert_0 cipher=aes256 connect-to=***.***.*** mac-address=FE:5A:73:F8:6B:D3 name=TgVPN password=*** port=8080 profile=default-encryption user=***
/interface bridge port
add bridge=bridge interface=LAN1
add bridge=bridge interface=LAN2
add bridge=bridge interface=LAN3
add bridge=bridge interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=all
/ip address
add address=192.168.88.1/24 interface=bridge network=192.168.88.0
/ip dhcp-client
add default-route-distance=10 disabled=no interface=WAN
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=0.0.0.0/8 list=BOGON
add address=10.0.0.0/8 list=BOGON
add address=100.64.0.0/10 list=BOGON
add address=127.0.0.0/8 list=BOGON
add address=169.254.0.0/16 list=BOGON
add address=172.16.0.0/12 list=BOGON
add address=192.0.0.0/24 list=BOGON
add address=192.0.2.0/24 list=BOGON
add address=192.168.0.0/16 list=BOGON
add address=198.18.0.0/15 list=BOGON
add address=198.51.100.0/24 list=BOGON
add address=203.0.113.0/24 list=BOGON
add address=224.0.0.0/4 list=BOGON
add address=240.0.0.0/4 list=BOGON
add address=eveonline.com list=no_vpn
add address=launcher.eveonline.com list=no_vpn
add address=binaries.eveonline.com list=no_vpn
add address=resources.eveonline.com list=no_vpn
/ip firewall filter
add action=drop chain=input in-interface=WAN src-address-list=BOGON
add action=accept chain=forward connection-state=established
add action=accept chain=input connection-state=established
add action=accept chain=input protocol=icmp
add action=accept chain=forward protocol=icmp
add action=accept chain=input connection-state=related
add action=accept chain=forward connection-state=related
add action=accept chain=input in-interface=!WAN src-address=192.168.88.0/24
add action=accept chain=forward dst-port=51413 in-interface=TgVPN protocol=tcp
add action=accept chain=forward dst-port=51413 in-interface=WAN protocol=tcp
add action=drop chain=input connection-state=invalid
add action=drop chain=forward connection-state=invalid
add action=drop chain=input in-interface=WAN
add action=accept chain=forward in-interface=bridge out-interface=TgVPN
add action=drop chain=forward
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=no_vpn log-prefix=no_vpn new-routing-mark=no_vpn passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN
add action=masquerade chain=srcnat out-interface=TgVPN
add action=netmap chain=dstnat dst-port=51413 in-interface=TgVPN protocol=tcp to-addresses=192.168.88.88 to-ports=51413
add action=netmap chain=dstnat dst-port=51413 in-interface=WAN protocol=tcp to-addresses=192.168.88.88 to-ports=51413
/ip route
add distance=1 gateway=TgVPN
/ip service
set telnet address=192.168.88.0/24
set ftp disabled=yes
set www address=192.168.88.0/24
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.88.0/24
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Moscow
/system routerboard settings
set silent-boot=no