savingleb

Здравствуйте, настроена приоритезация SIP трафика, как правильно добавить еще RDP туда? Пробовал по-разному, трафик маркеруется, но в queue tree трафик по нулям. Спасибо /queue tree add max-limit=80M name=web_in packet-mark=web_in parent=in priority=5 queue=\ pcq-download-default add max-limit=80M name=web_out packet-mark=web_out parent=out priority=5 \ queue=pcq-upload-default add max-limit=50M name=vpn_in packet-mark=pptp_in,gre_in parent=in priority=3 \ queue=pcq-download-default add max-limit=50M name=vpn_out packet-mark=pptp_out,gre_out parent=out \ priority=3 queue=pcq-upload-default add max-limit=12M name=sip_in packet-mark=sip_in parent=in priority=1 queue=\ sip add max-limit=12M name=sip_out packet-mark=sip_out parent=out priority=1 \ queue=sip add max-limit=90M name=all_in packet-mark=all_in parent=in queue=\ pcq-download-default add max-limit=95M name=all_out packet-mark=all_out parent=out queue=\ pcq-upload-default add max-limit=50M name=vpn_web_in packet-mark=vpn_web_in parent=vpn_in \ priority=5 queue=pcq-download-default add max-limit=50M name=vpn_web_out packet-mark=vpn_web_out parent=vpn_out \ priority=5 queue=pcq-upload-default add max-limit=2M name=vpn_sip_in packet-mark=vpn_sip_in parent=vpn_in \ priority=1 queue=sip add max-limit=2M name=vpn_sip_out packet-mark=vpn_sip_out parent=vpn_out \ priority=1 queue=sip add max-limit=20M name=vpn_all_in packet-mark=vpn_all_in parent=vpn_in queue=\ pcq-download-default add max-limit=20M name=vpn_all_out packet-mark=vpn_all_out parent=vpn_out \ queue=pcq-upload-default + /ip firewall mangle add action=mark-connection chain=input comment=PPTP dst-port=1723 \ new-connection-mark=pptp_in passthrough=no protocol=tcp add action=mark-packet chain=prerouting connection-mark=pptp_in \ new-packet-mark=pptp_out passthrough=no add action=mark-connection chain=output new-connection-mark=pptp_out \ passthrough=no protocol=tcp src-port=1723 add action=mark-packet chain=postrouting connection-mark=pptp_out \ new-packet-mark=pptp_in passthrough=no add action=mark-connection chain=input comment=GRE new-connection-mark=gre_in \ passthrough=no protocol=gre add action=mark-packet chain=prerouting connection-mark=gre_in \ new-packet-mark=gre_out passthrough=no add action=mark-connection chain=output new-connection-mark=gre_out \ passthrough=no protocol=gre add action=mark-packet chain=postrouting connection-mark=gre_out \ new-packet-mark=gre_in passthrough=no add action=mark-packet chain=forward connection-mark=sip new-packet-mark=\ sip_out out-interface=ether6 passthrough=no add action=mark-packet chain=forward connection-mark=sip new-packet-mark=\ sip_out out-interface=ether5 passthrough=no add action=mark-connection chain=prerouting comment=Web dst-port=80,443,8080 \ new-connection-mark=web passthrough=no protocol=tcp add action=mark-packet chain=forward connection-mark=web new-packet-mark=\ vpn_web_in out-interface=all-ppp passthrough=no add action=mark-packet chain=forward connection-mark=web in-interface=all-ppp \ new-packet-mark=vpn_web_out passthrough=no add action=mark-packet chain=forward connection-mark=web in-interface=ether6 \ new-packet-mark=web_in passthrough=no add action=mark-packet chain=forward connection-mark=web in-interface=ether5 \ new-packet-mark=web_in passthrough=no add action=mark-packet chain=forward connection-mark=web new-packet-mark=\ web_out out-interface=ether6 passthrough=no add action=mark-packet chain=forward connection-mark=web new-packet-mark=\ web_out out-interface=ether5 passthrough=no add action=mark-connection chain=prerouting comment=SIP dst-port=\ 5060,5061,10000-20000 new-connection-mark=sip passthrough=no protocol=udp add action=mark-packet chain=forward connection-mark=sip new-packet-mark=\ vpn_sip_in out-interface=all-ppp passthrough=no add action=mark-packet chain=forward in-interface=ether6 new-packet-mark=\ all_in passthrough=yes add action=mark-packet chain=forward in-interface=ether5 new-packet-mark=\ all_in passthrough=yes add action=mark-packet chain=forward connection-mark=sip in-interface=all-ppp \ new-packet-mark=vpn_sip_out passthrough=no add action=mark-packet chain=forward connection-mark=sip in-interface=ether6 \ new-packet-mark=sip_in passthrough=no add action=mark-packet chain=forward connection-mark=sip in-interface=ether5 \ new-packet-mark=sip_in passthrough=no add action=mark-packet chain=forward comment=ALL new-packet-mark=vpn_all_in \ out-interface=all-ppp passthrough=no add action=mark-packet chain=forward in-interface=all-ppp new-packet-mark=\ vpn_all_out passthrough=no add action=mark-packet chain=forward new-packet-mark=all_out out-interface=\ ether6 passthrough=yes add action=mark-packet chain=forward new-packet-mark=all_out out-interface=\ ether5 passthrough=yes

Это виртуальная машина с микротом (извините что забыл указать в стартпосте), там можно оставить один, можно два IP адреса, на том же аккаунте будут терминал и астериск, там своя AS так что можно считать что интернет там изначально отказоустойчивый. Во всех 5 филиалах есть два провайдера с публичным IP. В филиалах так и настроено, но есть провайдеры, которые мигают, т.е. инет пропадает, он переключается на резервный, потом инет появляется и обратно и так может длиться несколько минут, десяток минут, это недопустимо. Если я Вас правильно понял.

Здравствуйте, есть задача сделать резервирование канала, что бы если падает один канал, впн подолжал работать и удаленные сервисы были доступны. нашел статью https://papa-admin.ru/mikrotik/129-mikrotik-настройка-офис-филиал-часть-2-филиал.html все сделал по инструкции (10 раз :)) работать как нужно не хочет, впн постоянно отваливается, обратно с резервного канала толком не переключается, где то в статье косяк или у меня кривые руки? как их лечить? :) Спасибо. скрин настроек Главный офис # dec/04/2018 14:33:29 by RouterOS 6.43.4 # software id = # # # /interface ethernet set [ find default-name=ether1 ] disable-running-check=no set [ find default-name=ether2 ] disable-running-check=no /interface l2tp-server add name=l2tp-in01 user=l2tp-01 /interface sstp-server add name=sstp-in01 user=sstp-01 /interface pptp-server add name=pptp-in01 user="" /interface list add name=WAN add name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=pool-l2tp ranges=10.1.1.2-10.1.1.99 add name=pool-sstp ranges=10.1.2.2-10.1.2.99 /ppp profile add change-tcp-mss=yes interface-list=WAN local-address=10.1.1.1 name=\ profile-l2tp remote-address=pool-l2tp use-encryption=yes add change-tcp-mss=yes interface-list=WAN local-address=10.1.2.1 name=\ profile-sstp remote-address=pool-sstp use-encryption=yes /routing ospf instance set [ find default=yes ] router-id=10.20.30.1 /interface l2tp-server server set authentication=mschap2 default-profile=profile-l2tp enabled=yes /interface list member add interface=ether1 list=WAN add interface=ether2 list=LAN /interface pptp-server server set enabled=yes /interface sstp-server server set authentication=mschap2 default-profile=profile-sstp enabled=yes /ip address add address=10.20.30.1/24 interface=ether2 network=10.20.30.0 add address=5.188.53.68/24 interface=ether1 network=5.188.53.0 add address=5.188.53.71/24 interface=ether1 network=5.188.53.0 /ip firewall filter add action=accept chain=forward add action=accept chain=input disabled=yes dst-address=5.188.53.68 add action=accept chain=forward disabled=yes add action=accept chain=input comment=icmp disabled=yes protocol=icmp add action=accept chain=input comment="established & related" \ connection-state=established,related add action=accept chain=input comment=l2tp dst-port=1701 in-interface=ether1 \ protocol=udp add action=accept chain=input comment=sstp dst-port=443 in-interface=ether1 \ protocol=tcp add action=accept chain=input comment=ospf disabled=yes in-interface=all-ppp \ protocol=ospf add action=accept chain=input comment=bfd disabled=yes dst-port=3784-3785 \ in-interface=all-ppp protocol=udp add action=accept chain=input dst-address=5.188.53.70 /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 src-address=\ 10.20.30.0/24 /ip route add distance=1 gateway=5.188.53.1 pref-src=5.188.53.68 /ip service set telnet disabled=yes set ftp disabled=yes set www address=0.0.0.0/0 set ssh disabled=yes set api disabled=yes set api-ssl disabled=yes /ppp secret add name=l2tp-01 password=111111111111 profile=profile-l2tp service=l2tp add name=sstp-01 password=11111111111 profile=profile-sstp service=sstp add name=pptp-01 password=11111111111 profile=profile-sstp service=pptp /routing ospf interface add interface=l2tp-in01 network-type=broadcast use-bfd=yes add cost=20 interface=sstp-in01 network-type=broadcast /routing ospf network add area=backbone network=10.1.1.0/24 add area=backbone network=10.1.2.0/24 add area=backbone network=10.20.30.0/24 /system identity set name=Office Филиал # jan/02/1970 02:07:30 by RouterOS 6.43.4 # software id = IQGD-KKFF # # model = 951Ui-2nD # serial number = 7C2607BF88E5 /interface bridge add fast-forward=no name=bridge1 /interface l2tp-client add connect-to=5.188.53.68 disabled=no name=l2tp-out1 password=11111111 user=\ l2tp-01 /interface wireless set [ find default-name=wlan1 ] ssid=MikroTik /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp_pool0 ranges=192.168.55.1-192.168.55.253 /ip dhcp-server add address-pool=dhcp_pool0 disabled=no interface=bridge1 name=dhcp1 /interface sstp-client add connect-to=5.188.53.71 disabled=no name=sstp-out1 password=11111111111 \ profile=default-encryption user=sstp-01 /routing ospf instance set [ find default=yes ] router-id=192.168.55.0 /interface bridge port add bridge=bridge1 interface=wlan1 add bridge=bridge1 interface=ether3 add bridge=bridge1 interface=ether4 add bridge=bridge1 interface=ether5 /ip address add address=192.168.0.14/24 interface=ether1 network=192.168.0.0 add address=83.171.98.88/23 interface=ether2 network=83.171.98.0 add address=192.168.55.254/24 interface=bridge1 network=192.168.55.0 /ip dhcp-server network add address=192.168.55.0/24 dns-server=8.8.8.8 gateway=192.168.55.254 /ip firewall mangle add action=mark-connection chain=output comment=l2tp_c_udp dst-port=1701 \ new-connection-mark=l2tp_c passthrough=yes protocol=udp add action=mark-routing chain=output comment=l2tp_r connection-mark=l2tp_c \ new-routing-mark=isp1only passthrough=no add action=mark-connection chain=output comment=sstp_c dst-port=443 \ new-connection-mark=sstp_c passthrough=yes protocol=tcp add action=mark-routing chain=output comment=sstp_r connection-mark=sstp_c \ new-routing-mark=isp2only passthrough=no /ip firewall nat add action=masquerade chain=srcnat /ip route add comment=MArked distance=1 gateway=192.168.0.129 routing-mark=isp1only add comment=zaglushka distance=2 routing-mark=isp1only type=unreachable add distance=1 gateway=83.171.98.1 routing-mark=isp2only add distance=2 routing-mark=isp2only type=unreachable add check-gateway=ping comment=Recursive distance=1 gateway=8.8.8.8 \ target-scope=30 add check-gateway=ping distance=2 gateway=8.8.4.4 target-scope=30 add comment="Recursive 2" distance=1 dst-address=8.8.4.4/32 gateway=\ 83.171.98.1 add distance=1 dst-address=8.8.8.8/32 gateway=192.168.0.129 /routing ospf interface add interface=l2tp-out1 network-type=broadcast use-bfd=yes add cost=20 interface=sstp-out1 network-type=broadcast add cost=5 interface=bridge1 network-type=broadcast /routing ospf network add area=backbone network=10.1.1.0/24 add area=backbone network=10.1.2.0/24 add area=backbone network=192.168.55.0/24 /system routerboard settings set silent-boot=no