Quantcast
Channel: MikroTik
Viewing all articles
Browse latest Browse all 19714

General • Re: 2 WAN Failover - Cloud DNS

$
0
0
Hi Anav.

Sorry for the late reply.

I tried the recommendations but is not working either.

a. The Cloud DDNS is still updating with the CGNAT IP address and not the correct "ether2-CANTV"

b. When the ADSL modem (public dynamic IP) reboots, on the routes tables is not showing the new gateway IP address. (Tried to use a script on the DHCP client but no success either)

Just in case attaching config.
Code:
/interface ethernetset [ find default-name=sfp1 ] name=SFPset [ find default-name=ether1 ] name=ether1-NetUnoset [ find default-name=ether2 ] name=ether2-CANTVset [ find default-name=ether3 ] loop-protect=off/interface wireguardadd listen-port=13231 mtu=1420 name=wireguard1/diskset sd1 type=hardwareadd parent=sd1 partition-number=1 partition-offset="4 194 304" \    partition-size="3 960 995 840" type=partitionset usb1 type=hardware/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip hotspot profileset [ find default=yes ] html-directory=hotspot/ip pooladd name=default-dhcp ranges=192.168.88.10-192.168.88.254/ip dhcp-serveradd address-pool=default-dhcp interface=bridge lease-time=23h59m59s name=\    defconf/portset 0 name=serial0/routing tableadd disabled=no fib name=NetUnoadd fib name=useWAN2/interface bridge portadd bridge=bridge comment=defconf interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge comment=defconf interface=ether5add bridge=bridge interface=SFP/ip neighbor discovery-settingsset discover-interface-list=LAN/interface detect-internetset internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether2-CANTV list=WANadd interface=wireguard1 list=LANadd interface=ether1-NetUno list=WAN/interface wireguard peersadd allowed-address=10.20.1.2/32 interface=wireguard1 public-key=\    "VnTNWEPEIGe4ehffWqtG8GdIb+HKxcpSvACRekuVa1I="add allowed-address=10.20.1.3/32 interface=wireguard1 public-key=\    "D2bLdRCWi8QS/xznIUHNzufVZOpwX2pVdnf+0WcNr1k="/ip addressadd address=192.168.88.1/24 comment=defconf interface=bridge network=\    192.168.88.0add address=10.20.1.1/24 interface=wireguard1 network=10.20.1.0/ip cloudset ddns-enabled=yes ddns-update-interval=5m/ip dhcp-clientadd add-default-route=no interface=ether1-NetUno use-peer-dns=no \    use-peer-ntp=noadd add-default-route=no interface=ether2-CANTV script=":if (\$bound=1) do={/i\    p route set [find dst-address=0.0.0.0/0] gateway=\$\"gateway-address\"  ad\    d-distance=2}" use-peer-dns=no use-peer-ntp=no/ip dhcp-server networkadd address=192.168.88.0/24 comment=defconf dns-server=192.168.88.10,1.1.1.1 \    gateway=192.168.88.1/ip dnsset allow-remote-requests=yes servers=8.8.8.8,8.8.4.4/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan/ip firewall address-listadd address=cloud.mikrotik.com list=MyCloudadd address=cloud2.mikrotik.com list=MyCloud/ip firewall filteradd action=accept chain=input comment="allow WireGuard" dst-port=13231 \    protocol=udpadd action=accept chain=input comment="allow WireGuard traffic" src-address=\    10.20.1.0/24add action=accept chain=input in-interface=ether1-NetUno src-address-list=\    Accessadd action=accept chain=input comment=\    "defconf: accept established,related,untracked" connection-state=\    established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\    invalid disabled=yesadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \    in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \    ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \    ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \    connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\    "defconf: accept established,related, untracked" connection-state=\    established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \    connection-state=invalid disabled=yesadd action=drop chain=forward comment=\    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \    connection-state=new disabled=yes in-interface-list=WAN/ip firewall mangleadd action=mark-routing chain=output dst-address-list=MyCloud dst-port=15252 \    new-routing-mark=useWAN2 passthrough=no protocol=udpadd action=mark-connection chain=input connection-mark=no-mark in-interface=\    ether2-CANTV new-connection-mark=incomingWAN2 passthrough=yesadd action=mark-routing chain=output connection-mark=incomingWAN2 \    new-routing-mark=useWAN2 passthrough=noadd action=accept chain=prerouting in-interface=ether1-NetUnoadd action=mark-connection chain=prerouting dst-address-type=!local \    new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=\    both-addresses-and-ports:2/0 src-address=192.168.88.0/24add action=mark-connection chain=prerouting dst-address-type=!local \    new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=\    both-addresses-and-ports:2/1 src-address=192.168.88.0/24add action=accept chain=prerouting in-interface=ether1-NetUnoadd action=mark-connection chain=prerouting dst-address-type=!local \    new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=\    both-addresses-and-ports:2/0 src-address=192.168.88.0/24add action=mark-connection chain=prerouting dst-address-type=!local \    new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=\    both-addresses-and-ports:2/1 src-address=192.168.88.0/24/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \    ipsec-policy=out,none out-interface-list=WANadd action=dst-nat chain=dstnat dst-port=23000 in-interface=ether1-NetUno \    protocol=tcp to-addresses=192.168.88.252 to-ports=80add action=dst-nat chain=dstnat dst-port=24000 in-interface=ether1-NetUno \    protocol=tcp to-addresses=192.168.88.247 to-ports=443add action=dst-nat chain=dstnat dst-port=25000 in-interface=ether1-NetUno \    protocol=udp to-addresses=192.168.88.247 to-ports=5060add action=dst-nat chain=dstnat disabled=yes dst-port=10000-20000 \    in-interface=ether1-NetUno protocol=udp to-addresses=192.168.88.247 \    to-ports=10000-20000/ip routeadd disabled=no distance=1 dst-address=0.0.0.0/0 gateway=172.16.0.1 \    routing-table=main suppress-hw-offload=noadd distance=4 dst-address=0.0.0.0/0 gateway=ether2-CANTV routing-table=mainadd dst-address=0.0.0.0/0 gateway=ether2-CANTV routing-table=useWAN2

Statistics: Posted by djferdinad — Tue Apr 02, 2024 12:11 am



Viewing all articles
Browse latest Browse all 19714

Trending Articles