I have two WAN interfaces.
I want to be able to access remotely through either one or the other, but I can only access the one in the main routing table.
I use mangle marking for connections through the secondary WAN interface (wan-01) but when I try to access with winbox (3.37) it shows me the message:
'error: router does not support secure connection, please enable Legacy Mode if you want to connect anyway'
I enable Legacy Mode but winbox does not connect.
I have read in the forum that traffic should be marked and so I do but what am I doing wrong?
Apparently a basic question but one that is giving me a big headache.
Any candid soul who can help me?
why if i add this route:
Code: Select all
/ip firewall mangle add action=mark-routing chain=prerouting comment=To_WAN-01 connection-mark=wan-01 new-routing-mark=wan01 passthrough=no add action=mark-connection chain=input comment="To_WAN-01 input" connection-mark=no-mark in-interface=pppoe-WAN-01 new-connection-mark=wan-01 passthrough=yes add action=mark-routing chain=output comment="To_WAN-01 out" connection-mark=wan-01 new-routing-mark=wan01 passthrough=no add action=mark-routing chain=prerouting comment=To_WAN-02 connection-mark=WAN-MM new-routing-mark=mm passthrough=no add action=mark-connection chain=input comment="To_WAN-02 input" connection-mark=no-mark in-interface=vlan_MM new-connection-mark=WAN-MM passthrough=no add action=mark-routing chain=output comment="To_WAN-02 out" connection-mark=WAN-MM new-routing-mark=mm passthrough=no /routing table add fib name=mm add disabled=no fib name=wan01 /ip/address> print Columns: ADDRESS, NETWORK, INTERFACE # ADDRESS NETWORK INTERFACE 1 D 22.x.y.z/22 22.x.y.0 vlan_MM 2 D 60.a.b.c/32 192.168.1.1 pppoe-WAN-01 /ip/route> print Flags: D - DYNAMIC; X, I, A - ACTIVE; c, s, d, v, y - COPY Columns: DST-ADDRESS, GATEWAY, DISTANCE # DST-ADDRESS GATEWAY DISTANCE ROUTING TABLE D v 0.0.0.0/0 pppoe-WAN-01 2 main DAd 0.0.0.0/0 22.x.y.z 1 main DAc 192.168.1.1/32 pppoe-WAN-01 0 main DAc 22.x.y.0/22 vlan_MM 0 main __ As 0.0.0.0/0 pppoe-WAN-01 2 wan01 /ip/settings> print ip-forward: yes send-redirects: yes accept-source-route: no accept-redirects: no secure-redirects: yes [b] rp-filter: loose[/b] tcp-syncookies: yes max-neighbor-entries: 8200 arp-timeout: 30s icmp-rate-limit: 10 icmp-rate-mask: 0x1818 route-cache: yes allow-fast-path: no ipv4-fast-path-active: no ipv4-fasttrack-active: no
add distance=1 dst-address=0.0.0.0/0 gateway=22.x.y.z pref-src="" routing-table=mm scope=30 suppress-hw-offload=no target-scope=10
I can no longer access through the interface that I was able to access before?