Dear friends,

Recently I have built a hotspot and its working like a charm with one WAN connection but I added one more WAN connection and I want them to be used both. I have tried PCC but then hotspot won't work. To be precise I tried this:

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=wlan2
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=wlan2

add chain=prerouting dst-address-type=!local in-interface=wlan2 per-connection-classifier=both-addresses­-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=wlan2 per-connection-classifier=both-addresses­-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=wlan2 action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=wlan2 action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.100 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.100 routing-mark=to_WAN2 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.1.100 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.100 distance=2 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade

This works excellent but only if I disable hotspot server. I also tried to figure out how to divide half users to go via WAN1 and the other half via WAN2 but nothing usefull came in my mind so far. I have DHCP server and network is 192.168.88.0/22. DHCP users are from 192.168.89.150 to 192.168.90.150 and I have few addresses out of this range. I want to separate them in two groups for internet access via WAN1 and WAN2 but without changing the current structure of hotspot and DHCP. Is it possible?

Best Regards.

Anybody with experience?
Will adding hotspot auth to all mangle rules help with this?
I am accessing the router via VPN connection established to another mikrotik router. I would not like to make a mess in the remote router.

Best Regards.

Cmon, friends? There must be someone who knows what I am missing here to get it work. I have tried many variants and I read many tutorials but no luck. Mikrotik support? Normis?

Hi

In your pcc rules you have missed the following parameter

"dst-address-type=!local hotspot=auth"

Also use winbox with safe mode enabled in case you get disconnected with mikrotik (it will not commit changes and it will revert back)



Dont use both addresses and ports on your pcc classifier, despite the fact that will utilize the most of your wans.Several sites will broke.


Stick with src address for start and you can fine tune the pcc options more at a later moment.
Tip : trying using transparent webproxy with hotspot and pcc is more tricky than it sounds.

Also use winbox with safe mode enabled in case you get disconnected with mikrotik (it will not commit changes and it will revert back)

Thanks for reply my friend!

Hi

In your pcc rules you have missed the following parameter

"dst-address-type=!local hotspot=auth"

I have tried to add this but there is no hotspod authorisation page after that. I didn't tryto disable HS server first.

Dont use both addresses and ports on your pcc classifier, despite the fact that will utilize the most of your wans.Several sites will broke.

Should I use only both addresses for start?

Stick with src address for start and you can fine tune the pcc options more at a later moment.
Tip : trying using transparent webproxy with hotspot and pcc is more tricky than it sounds.

Yes, indeed! I know that now.

Ok,

I just want to say that it works now... even with both addresses and ports.

At first it wouldn't work but then I disablet the hotspot server, enablet the mangle rules and then enabled the server again. It works like a charm so far. Thanks to all...