Hi Guys
I am having problems connecting to a VPN server when I have both WAN connections enabled.
Current setup is as follows
WAN1--Netgear ADSL Router-----\
|------MT-----ether1
WAN2--Nertgear ADLS Router----/
I have add a mangle rule to mark the connection for port 1723 and also setup a routing mark. if I disable WAN2 I can connect with VPN fine. If enable WAN2 I cannot connect in consistently.
Basically I need to route all VPN traffic in and out over the same interface.
Thanks Mark
Re: VPN connection using 2 WAN connections
just use a static route for your VPN server out the one gateway.
i.e.
ip route add dst-address=x.x.x.x (VPN server) gateway=x.x.x.x (WAN1 or WAN2)
i.e.
ip route add dst-address=x.x.x.x (VPN server) gateway=x.x.x.x (WAN1 or WAN2)
Re: VPN connection using 2 WAN connections
Hi Jwcn,
Not sure what you are trying to say. The VPN server is actually the MT router. I am trying to connect in to the MT so I can maintain the network. If I add the static route this will only route all traffic over the connection which is not what I am trying to do.
The problem as I see it is, that when both WAN interfaces are enable the MT seems to have a problem with routing the VPN connection back out to the correct WAN interface.
I also want to setup and eoip connection to all of the other MT's as well but can't until I solve this problem.
here are the current rules:
add chain=prerouting action=mark-connection new-connection-mark=vpn \
passthrough=yes in-interface=WAN1 dst-port=1723 protocol=tcp comment="VPN \
routing " disabled=no
add chain=prerouting action=mark-packet new-packet-mark=vpn_pkt \
passthrough=yes connection-mark=vpn comment="" disabled=no
dd chain=prerouting action=mark-routing new-routing-mark=vpn_routing \
assthrough=yes packet-mark=vpn_pkt comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=172.22.1.1 pref-src=172.22.1.100 scope=255 target-scope=10 routing-mark=vpn_routing \
comment="VPN Routing" disabled=no
add routing-mark=vpn_routing interface=WAN1 action=lookup table=vpn_routing comment="" disabled=no
add chain=dstnat action=dst-nat to-addresses=172.100.1.1 to-ports=0-65535 \
in-interface=WAN1 dst-address=172.22.1.100 dst-port=1723 protocol=tcp \
comment="" disabled=no
I don't no what else to do ....
Thanks Mark
Not sure what you are trying to say. The VPN server is actually the MT router. I am trying to connect in to the MT so I can maintain the network. If I add the static route this will only route all traffic over the connection which is not what I am trying to do.
The problem as I see it is, that when both WAN interfaces are enable the MT seems to have a problem with routing the VPN connection back out to the correct WAN interface.
I also want to setup and eoip connection to all of the other MT's as well but can't until I solve this problem.
here are the current rules:
add chain=prerouting action=mark-connection new-connection-mark=vpn \
passthrough=yes in-interface=WAN1 dst-port=1723 protocol=tcp comment="VPN \
routing " disabled=no
add chain=prerouting action=mark-packet new-packet-mark=vpn_pkt \
passthrough=yes connection-mark=vpn comment="" disabled=no
dd chain=prerouting action=mark-routing new-routing-mark=vpn_routing \
assthrough=yes packet-mark=vpn_pkt comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=172.22.1.1 pref-src=172.22.1.100 scope=255 target-scope=10 routing-mark=vpn_routing \
comment="VPN Routing" disabled=no
add routing-mark=vpn_routing interface=WAN1 action=lookup table=vpn_routing comment="" disabled=no
add chain=dstnat action=dst-nat to-addresses=172.100.1.1 to-ports=0-65535 \
in-interface=WAN1 dst-address=172.22.1.100 dst-port=1723 protocol=tcp \
comment="" disabled=no
I don't no what else to do ....
Thanks Mark
Re: VPN connection using 2 WAN connections
Ahh, I understand now. You have two WAN addresses. You probably can't ping both when they are both active? I thought this was for outgoing connections not incoming.