Indice   FAQ  
Iscriviti  Login
Indice RouterOS Idee e suggerimenti

Load Balancing con Vpn protocollo IKEv2 NordVpn

Postate qui idee e suggerimenti su qualsiasi argomento attinente MikroTIK

Load Balancing con Vpn protocollo IKEv2 NordVpn

Messaggioda camgood86 » gio 4 feb 2021, 18:50

Buonasera,
ho effettuato il bilanciamento di 3 wan(3 fttc) che funzionano abbastanza bene,siccome ho un account nordvpn seguendo la guida presente sul loro sito ho settato il protocollo ikev2,ma ho un problema.
Praticamente nella sezione address list è comparsa la riga che indica che la vpn è attiva,ma essendo associata alla prima Wan1 funziona solo se la stessa rimane connessa e di fatti inibisce l'Auto Failover che funzionava e funziona perfettamente se disattivo la VPN.
Ho impostato nella sezione Ipsec due profili sotto il tab Mode Configs copiando quello presente,e cosi facendo ho notato che la connessione che dapprima funzionava solo sotto la wan1 ha ripreso a funzionare in modalità load balancing,ma non ho risolto di fatti il problema che se stacco la wan1 la connessione rimane attiva utilizzando wan2 e wan3.
Qualcuno ha qualche suggerimento in merito?
Vi ringrazio in anticipo,incollo l'export mettendo delle xxx all'username e password della vpn.

Grazie in anticipo a tutti coloro i quali vorranno aiutarmi.

Saluti
    /interface ethernet
    set [ find default-name=ether1 ] name=1-Wind
    set [ find default-name=ether2 ] name=2-Tim
    set [ find default-name=ether3 ] name=3-Windm
    set [ find default-name=ether4 ] name=LAN
    set [ find default-name=ether5 ] name=LAN2
    /interface wireless security-profiles
    set [ find default=yes ] supplicant-identity=MikroTik
    /ip ipsec mode-config
    add connection-mark=wind name=NordVPN responder=no src-address-list=local \
    use-responder-dns=no
    add connection-mark=tim name=NordVPN2 responder=no src-address-list=local \
    use-responder-dns=no
    add connection-mark=windm name=NordVPN3 responder=no src-address-list=local \
    use-responder-dns=no
    /ip ipsec policy group
    add name=NordVPN
    /ip ipsec profile
    add name=NordVPN
    /ip ipsec peer
    add address=it191.nordvpn.com exchange-mode=ike2 name=NordVPN profile=NordVPN
    /ip ipsec proposal
    add name=NordVPN pfs-group=none
    /ip pool
    add name=dhcp_pool0 ranges=192.168.5.2-192.168.5.254
    add name=dhcp_pool1 ranges=192.168.6.1-192.168.6.254
    add name=dhcp_pool2 ranges=192.168.5.2-192.168.5.254
    add name=dhcp_pool3 ranges=192.168.5.2-192.168.5.254
    add name=dhcp_pool4 ranges=192.168.5.2-192.168.5.254
    add name=dhcp_pool5 ranges=192.168.5.2-192.168.5.254
    add name=dhcp_pool6 ranges=192.168.5.2-192.168.5.254
    add name=dhcp_pool7 ranges=192.168.5.2-192.168.5.254
    /ip dhcp-server
    add address-pool=dhcp_pool7 disabled=no interface="BRIDGE LAN" name=dhcp2
    /interface bridge port
    add bridge="BRIDGE LAN" interface=LAN
    add bridge="BRIDGE LAN" interface=LAN2
    /ip address
    add address=192.168.5.1/24 interface="BRIDGE LAN" network=192.168.5.0
    add address=10.6.0.21 disabled=yes interface=2-Tim network=10.6.0.21
    add address=10.6.0.21 disabled=yes interface=3-Windm network=10.6.0.21
    /ip dhcp-client
    add add-default-route=no disabled=no interface=1-Wind
    add add-default-route=no disabled=no interface=2-Tim
    add add-default-route=no disabled=no interface=3-Windm
    /ip dhcp-server network
    add address=192.168.5.0/24 dns-server=192.168.2.1,192.168.3.1,192.168.4.1 \
    gateway=192.168.5.1
    /ip dns
    set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
    /ip firewall address-list
    add address=192.168.5.0/24 list=local
    /ip firewall mangle
    add action=mark-connection chain=input comment=input in-interface=1-Wind \
    new-connection-mark=wind passthrough=yes
    add action=mark-connection chain=input in-interface=2-Tim new-connection-mark=\
    tim passthrough=yes
    add action=mark-connection chain=input in-interface=3-Windm \
    new-connection-mark=windm passthrough=yes
    add action=mark-connection chain=prerouting comment=PCC dst-address-type=!local \
    in-interface="BRIDGE LAN" new-connection-mark=wind passthrough=yes \
    per-connection-classifier=both-addresses:3/0
    add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface="BRIDGE LAN" new-connection-mark=tim passthrough=yes \
    per-connection-classifier=both-addresses:3/1
    add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface="BRIDGE LAN" new-connection-mark=windm passthrough=yes \
    per-connection-classifier=both-addresses:3/2
    add action=mark-routing chain=prerouting comment=Routes connection-mark=wind \
    in-interface="BRIDGE LAN" new-routing-mark=to-wind passthrough=yes
    add action=mark-routing chain=prerouting connection-mark=tim in-interface=\
    "BRIDGE LAN" new-routing-mark=to-tim passthrough=yes
    add action=mark-routing chain=prerouting connection-mark=windm in-interface=\
    "BRIDGE LAN" new-routing-mark=to-windm passthrough=yes
    /ip firewall nat
    add action=masquerade chain=srcnat out-interface=1-Wind
    add action=masquerade chain=srcnat out-interface=2-Tim
    add action=masquerade chain=srcnat out-interface=3-Windm
    /ip ipsec identity
    add auth-method=eap certificate="" eap-methods=eap-mschapv2 generate-policy=\
    port-strict mode-config=NordVPN password=xxxxxxxxxxxxxxx peer=\
    NordVPN policy-template-group=NordVPN username=xxxxxxxxxxxxxxxxxx
    /ip ipsec policy
    add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0 \
    template=yes
    add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0 \
    template=yes
    add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0 \
    template=yes
    add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0 \
    template=yes
    /ip route
    add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to-wind
    add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to-tim
    add check-gateway=ping distance=1 gateway=192.168.4.1 routing-mark=to-windm
    add check-gateway=ping distance=1 gateway=192.168.2.1
    add check-gateway=ping distance=2 gateway=192.168.3.1
    add check-gateway=ping distance=3 gateway=192.168.4.1
camgood86
Mikrotik Curious User
Mikrotik Curious User
 
Messaggi: 1
Iscritto il: gio 4 feb 2021, 16:22
Uso routerOS dalla Versione: v4.x


Torna a Idee e suggerimenti

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti