Mikrotik：多 WAN 路由的奇怪行为

• 路由器通过一个物理端口连接到全球网络。
• mikrotik 建立了 ovpn 连接

我需要address-list=vpn_list通过 ovpn 路由一些目标地址。此列表包含全局 IP 地址。

创建附加表：

[admin@Microtik] > /routing/table print detail
Flags: D - dynamic; X - disabled, I - invalid; U - used 
 0 D   name="main" fib 

 1     name="vpn" fib 

添加了 mangle 规则：

[admin@Microtik] > /ip/firewall/mangle print  
Flags: X - disabled, I - invalid; D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=prerouting action=passthrough 

 1  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough 

 2  D ;;; special dummy rule to show fasttrack counters
      chain=postrouting action=passthrough 

 3    chain=prerouting action=mark-routing new-routing-mark=vpn passthrough=no dst-address-list=vpn_list in-interface-list=LAN log=no log-prefix="" 

目的地址：

[admin@Microtik] > /ip/firewall/nat print
Flags: X - disabled, I - invalid; D - dynamic 
 0    ;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none 

 1    chain=srcnat action=masquerade out-interface=ovpn log=no log-prefix="" 

并添加路由（一些路由连接不同的LAN（使用另一个l2tp隧道）：

[admin@Microtik] > /ip/route print detail
Flags: D - dynamic; X - disabled, I - inactive, A - active; 
c - connect, s - static, r - rip, b - bgp, o - ospf, i - is-is, d - dhcp, v - vpn, m - modem, y - bgp-mpls-vpn; H - hw-offloaded; + - ecmp 
 0  Xs   ;;; Old router network
         dst-address=192.168.1.0/24 gateway=bridge 

 1  As   dst-address=0.0.0.0/0 routing-table=main gateway=192.168.1.1 immediate-gw=192.168.1.1%ether1 distance=1 scope=30 target-scope=10 suppress-hw-offload=no 

   DAc   dst-address=10.0.0.0/24 routing-table=main gateway=bridge immediate-gw=bridge distance=0 scope=10 suppress-hw-offload=no local-address=10.0.0.1%bridge 

 2  As   ;;; bliz cross network route
         dst-address=10.0.1.0/24 routing-table=main pref-src=10.0.0.1 gateway=172.16.0.2 immediate-gw=172.16.0.2%l2tp-bliz distance=1 scope=30 target-scope=10 
         suppress-hw-offload=no 

   DAc   dst-address=172.16.0.2/32 routing-table=main gateway=l2tp-bliz immediate-gw=l2tp-bliz distance=0 scope=10 suppress-hw-offload=no 
         local-address=172.16.0.1%l2tp-bliz 

 3  Is   dst-address=192.168.0.0/24 routing-table=main pref-src=10.0.0.1 gateway=l2tp-bliz immediate-gw=l2tp-bliz check-gateway=ping distance=1 scope=30 target-scope=10 
         suppress-hw-offload=no 

   DAc   dst-address=192.168.1.0/24 routing-table=main gateway=ether1 immediate-gw=ether1 distance=0 scope=10 suppress-hw-offload=no local-address=192.168.1.254%ether1 

   DAc   dst-address=192.168.219.0/24 routing-table=main gateway=ovpn immediate-gw=ovpn distance=0 scope=10 suppress-hw-offload=no local-address=192.168.219.4%ovpn 

 4  As   dst-address=0.0.0.0/0 routing-table=vpn gateway=ovpn immediate-gw=ovpn distance=1 scope=30 target-scope=10 suppress-hw-offload=no 

PS：192.168.1.1-WAN 的默认网关。10.0.0.0/24-我的 LAN。

好的？

资源的问题是address-list=vpn_list工作速度极慢且冻结（通过所需ovpn界面工作）。当我转到工具并单击 Torch 页面上的“开始”时，一切都变得正常。停止后 - 问题又出现了。

我的错误在哪里？