Configure load balancing 2 isp with vpn on MikroTik

Information of ISP

WAN1

IP: 10.10.10.254/24
Gateway: 10.10.10.1
DNS: 8.8.8.8

WAN2

IP: 20.20.20.254/24
Gateway: 20.20.20.1
DNS: 8.8.4.4

MikroTik DUAL WAN Load Balancing Using PCC Method

Accept for VPN

/ip firewall mangle

add action=accept chain=prerouting dst-address=10.10.10.0/24

PCC Mangle

/ip firewall mangle

add action=mark-connection chain=prerouting connection-mark=no dst-address-type=!local in-interface=ether3-LAN new-connection-mark=WAN1_Conn passthrough=yes per-connection-classifier=both-addresses:2/0

add action=mark-connection chain=prerouting connection-mark=no dst-address-type=!local in-interface=ether3-LAN new-connection-mark=WAN2_Conn passthrough=yes per-connection-classifier=both-addresses:2/1

add action=mark-routing chain=prerouting connection-mark=WAN1_Conn disabled=no in-interface=ether3-LAN new-routing-mark=To_WAN1 passthrough=yes

add action=mark-routing chain=prerouting connection-mark=WAN2_Conn disabled=no in-interface=ether3-LAN new-routing-mark=To_WAN2 passthrough=yes

add action=mark-routing chain=output connection-mark=WAN1_Conn disable=no new-routing-mark=To_WAN1 passthrough=yes

add action=mark-routing chain=output connection-mark=WAN2_Conn disable=no new-routing-mark=To_WAN2 passthrough=yes

add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=ether1-WAN1 new-connection-mark=WAN1_Conn passthrough=yes

add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=ether2-WAN2 new-connection-mark=WAN2_Conn passthrough=yes

/ip firewall nat

add action=masquerade chain=srcnat out-interface=ether1-WAN1

add action=masquerade chain=srcnat out-interface=ether2-WAN2

/ip route

add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ether1-WAN1 routing-mark=To_WAN1 scope=30 target-scope=10

add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ether2-WAN2 routing-mark=To_WAN2 scope=30 target-scope=10

add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway-ether1-WAN1 scope=30 target-scope=10

dd check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway-ether2-WAN2 scope=30 target-scope=10

Trending

Configure MikorTik VPN Site-2-Site with WireGuard

Configure load balancing 2 ISP in MikroTik Router

Replace the hard disc in a Synology NAS

How to configure MikorTik IPsec VPN Site to Site

Limit Speed Internet in Fortigate (Traffic Shaping)

Configure load balancing 2 isp with vpn on MikroTik

Post a Comment

Contact Form