ho effettuato il bilanciamento di 3 wan(3 fttc) che funzionano abbastanza bene,siccome ho un account nordvpn seguendo la guida presente sul loro sito ho settato il protocollo ikev2,ma ho un problema.
Praticamente nella sezione address list è comparsa la riga che indica che la vpn è attiva,ma essendo associata alla prima Wan1 funziona solo se la stessa rimane connessa e di fatti inibisce l'Auto Failover che funzionava e funziona perfettamente se disattivo la VPN.
Ho impostato nella sezione Ipsec due profili sotto il tab Mode Configs copiando quello presente,e cosi facendo ho notato che la connessione che dapprima funzionava solo sotto la wan1 ha ripreso a funzionare in modalità load balancing,ma non ho risolto di fatti il problema che se stacco la wan1 la connessione rimane attiva utilizzando wan2 e wan3.
Qualcuno ha qualche suggerimento in merito?
Vi ringrazio in anticipo,incollo l'export mettendo delle xxx all'username e password della vpn.
Grazie in anticipo a tutti coloro i quali vorranno aiutarmi.
Saluti
- /interface ethernet
set [ find default-name=ether1 ] name=1-Wind
set [ find default-name=ether2 ] name=2-Tim
set [ find default-name=ether3 ] name=3-Windm
set [ find default-name=ether4 ] name=LAN
set [ find default-name=ether5 ] name=LAN2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec mode-config
add connection-mark=wind name=NordVPN responder=no src-address-list=local \
use-responder-dns=no
add connection-mark=tim name=NordVPN2 responder=no src-address-list=local \
use-responder-dns=no
add connection-mark=windm name=NordVPN3 responder=no src-address-list=local \
use-responder-dns=no
/ip ipsec policy group
add name=NordVPN
/ip ipsec profile
add name=NordVPN
/ip ipsec peer
add address=it191.nordvpn.com exchange-mode=ike2 name=NordVPN profile=NordVPN
/ip ipsec proposal
add name=NordVPN pfs-group=none
/ip pool
add name=dhcp_pool0 ranges=192.168.5.2-192.168.5.254
add name=dhcp_pool1 ranges=192.168.6.1-192.168.6.254
add name=dhcp_pool2 ranges=192.168.5.2-192.168.5.254
add name=dhcp_pool3 ranges=192.168.5.2-192.168.5.254
add name=dhcp_pool4 ranges=192.168.5.2-192.168.5.254
add name=dhcp_pool5 ranges=192.168.5.2-192.168.5.254
add name=dhcp_pool6 ranges=192.168.5.2-192.168.5.254
add name=dhcp_pool7 ranges=192.168.5.2-192.168.5.254
/ip dhcp-server
add address-pool=dhcp_pool7 disabled=no interface="BRIDGE LAN" name=dhcp2
/interface bridge port
add bridge="BRIDGE LAN" interface=LAN
add bridge="BRIDGE LAN" interface=LAN2
/ip address
add address=192.168.5.1/24 interface="BRIDGE LAN" network=192.168.5.0
add address=10.6.0.21 disabled=yes interface=2-Tim network=10.6.0.21
add address=10.6.0.21 disabled=yes interface=3-Windm network=10.6.0.21
/ip dhcp-client
add add-default-route=no disabled=no interface=1-Wind
add add-default-route=no disabled=no interface=2-Tim
add add-default-route=no disabled=no interface=3-Windm
/ip dhcp-server network
add address=192.168.5.0/24 dns-server=192.168.2.1,192.168.3.1,192.168.4.1 \
gateway=192.168.5.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=192.168.5.0/24 list=local
/ip firewall mangle
add action=mark-connection chain=input comment=input in-interface=1-Wind \
new-connection-mark=wind passthrough=yes
add action=mark-connection chain=input in-interface=2-Tim new-connection-mark=\
tim passthrough=yes
add action=mark-connection chain=input in-interface=3-Windm \
new-connection-mark=windm passthrough=yes
add action=mark-connection chain=prerouting comment=PCC dst-address-type=!local \
in-interface="BRIDGE LAN" new-connection-mark=wind passthrough=yes \
per-connection-classifier=both-addresses:3/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface="BRIDGE LAN" new-connection-mark=tim passthrough=yes \
per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface="BRIDGE LAN" new-connection-mark=windm passthrough=yes \
per-connection-classifier=both-addresses:3/2
add action=mark-routing chain=prerouting comment=Routes connection-mark=wind \
in-interface="BRIDGE LAN" new-routing-mark=to-wind passthrough=yes
add action=mark-routing chain=prerouting connection-mark=tim in-interface=\
"BRIDGE LAN" new-routing-mark=to-tim passthrough=yes
add action=mark-routing chain=prerouting connection-mark=windm in-interface=\
"BRIDGE LAN" new-routing-mark=to-windm passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=1-Wind
add action=masquerade chain=srcnat out-interface=2-Tim
add action=masquerade chain=srcnat out-interface=3-Windm
/ip ipsec identity
add auth-method=eap certificate="" eap-methods=eap-mschapv2 generate-policy=\
port-strict mode-config=NordVPN password=xxxxxxxxxxxxxxx peer=\
NordVPN policy-template-group=NordVPN username=xxxxxxxxxxxxxxxxxx
/ip ipsec policy
add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0 \
template=yes
add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0 \
template=yes
add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0 \
template=yes
add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0 \
template=yes
/ip route
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to-wind
add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to-tim
add check-gateway=ping distance=1 gateway=192.168.4.1 routing-mark=to-windm
add check-gateway=ping distance=1 gateway=192.168.2.1
add check-gateway=ping distance=2 gateway=192.168.3.1
add check-gateway=ping distance=3 gateway=192.168.4.1