Hello!
Purpose: make VPN for different companies (green and red on pictures) and get internet for him. (netwoks companies must be isolated)

1) Sheme:

2) Sheme


1) In first case, i configurate different routes on router - and OK. Use Ip Firewall Filter rules for isolate networks.
2) In second case, situation - more interest. Two companies have equal IP networks.

I do two route tables on central router: r_company1 и r_company2
and write route paths:
net 192.168.1.0/24 - route to ovpn-office1 with Routing-Mark=r_company1
net 192.168.2.0/24 - route to ovpn-office2 with Routing-Mark=r_company1
net 0.0.0.0/0 - route to Internet with Routing-Mark=r_company1

net 192.168.1.0/24 - route to ovpn-office3 with Routing-Mark=r_company2
net 192.168.4.0/24 - route to ovpn-office4 with Routing-Mark=r_company2
net 0.0.0.0/0 - route to Internet with Routing-Mark=r_company2

In IP Firewall Mangle write rules:

prerouting in-interface=ovpn-office1 mark Routing-Mark=r_company1
prerouting in-interface=ovpn-office2 mark Routing-Mark=r_company1
prerouting in-interface=ovpn-office3 mark Routing-Mark=r_company2
prerouting in-interface=ovpn-office4 mark Routing-Mark=r_company2
similar write rules for every ovpn tunnel for input and output chains.

Solutions is work! But CPU usage very hi, when traffic is big:-(
Can you help me to do this config more good?

What kind of equipment is it on and how much traffic is flowing through the tunnels?

I use RB951G, RB2011xxx. and planned use x86 PC router or CCR.
Traffic: 10-30Mbit
But question about of soft config, and not hardware equipment.

You can also add the interface(s) for the two companies to VRFs in /IP Routes to get them to use alternate routing tables.

I think about it. But has some problems.
Can you get simple example for VRF with TWO EQUAL IP NETWORKS.