- o roteador está conectado à rede global por meio de uma porta física.
- conexão ovpn é estabelecida pelo mikrotik
Preciso rotear alguns endereços de destino address-list=vpn_listvia ovpn. Esta lista contém endereços IP globais.
Tabela adicional criada:
[admin@Microtik] > /routing/table print detail
Flags: D - dynamic; X - disabled, I - invalid; U - used
0 D name="main" fib
1 name="vpn" fib
Regra de mangle adicionada:
[admin@Microtik] > /ip/firewall/mangle print
Flags: X - disabled, I - invalid; D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=prerouting action=passthrough
1 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
2 D ;;; special dummy rule to show fasttrack counters
chain=postrouting action=passthrough
3 chain=prerouting action=mark-routing new-routing-mark=vpn passthrough=no dst-address-list=vpn_list in-interface-list=LAN log=no log-prefix=""
dstnat:
[admin@Microtik] > /ip/firewall/nat print
Flags: X - disabled, I - invalid; D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
1 chain=srcnat action=masquerade out-interface=ovpn log=no log-prefix=""
E rota adicionada (algumas rotas conectam diferentes LANs (usando outro túnel l2tp):
[admin@Microtik] > /ip/route print detail
Flags: D - dynamic; X - disabled, I - inactive, A - active;
c - connect, s - static, r - rip, b - bgp, o - ospf, i - is-is, d - dhcp, v - vpn, m - modem, y - bgp-mpls-vpn; H - hw-offloaded; + - ecmp
0 Xs ;;; Old router network
dst-address=192.168.1.0/24 gateway=bridge
1 As dst-address=0.0.0.0/0 routing-table=main gateway=192.168.1.1 immediate-gw=192.168.1.1%ether1 distance=1 scope=30 target-scope=10 suppress-hw-offload=no
DAc dst-address=10.0.0.0/24 routing-table=main gateway=bridge immediate-gw=bridge distance=0 scope=10 suppress-hw-offload=no local-address=10.0.0.1%bridge
2 As ;;; bliz cross network route
dst-address=10.0.1.0/24 routing-table=main pref-src=10.0.0.1 gateway=172.16.0.2 immediate-gw=172.16.0.2%l2tp-bliz distance=1 scope=30 target-scope=10
suppress-hw-offload=no
DAc dst-address=172.16.0.2/32 routing-table=main gateway=l2tp-bliz immediate-gw=l2tp-bliz distance=0 scope=10 suppress-hw-offload=no
local-address=172.16.0.1%l2tp-bliz
3 Is dst-address=192.168.0.0/24 routing-table=main pref-src=10.0.0.1 gateway=l2tp-bliz immediate-gw=l2tp-bliz check-gateway=ping distance=1 scope=30 target-scope=10
suppress-hw-offload=no
DAc dst-address=192.168.1.0/24 routing-table=main gateway=ether1 immediate-gw=ether1 distance=0 scope=10 suppress-hw-offload=no local-address=192.168.1.254%ether1
DAc dst-address=192.168.219.0/24 routing-table=main gateway=ovpn immediate-gw=ovpn distance=0 scope=10 suppress-hw-offload=no local-address=192.168.219.4%ovpn
4 As dst-address=0.0.0.0/0 routing-table=vpn gateway=ovpn immediate-gw=ovpn distance=1 scope=30 target-scope=10 suppress-hw-offload=no
PS: 192.168.1.1 - gateway padrão para WAN. 10.0.0.0/24 - minha LAN.
Tudo bem?
O problema é que os recursos address-list=vpn_listfuncionam extremamente lentos com congelamentos (funciona via ovpninterface desejada`). Quando vou em ferramentas e clico em iniciar na página do Torch, tudo está ficando bem. Depois de parar, o problema volta.
Onde está meu erro?