Skip to content

Instantly share code, notes, and snippets.

@lukemarsden

lukemarsden/manual-failover-routeros.md

Created March 19, 2018 18:52
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save lukemarsden/331a2a25a0acfeb072af73f93f242e61 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save lukemarsden/331a2a25a0acfeb072af73f93f242e61 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
manual-failover-routeros.md

RouterOS configuration for dual WAN, manual failover.

Mikrotik hex router, dual WAN (AAISP on ether1, Virgin on ether2, LAN on ether5).

Configuration from scratch:

Reset router to factory defaults

  • Unplug.
  • Plug in and quickly hold down reset switch until light starts flashing.
  • Stop holding down reset switch before light stops flashing.

Switch to PPPoE basic setup

Log into WinBox (on Linux or macOS, install Wine) on 192.168.88.1, empty password.

Switch to PPPoE mode in easy Quick Set.

  • Username: <AAISP VDSL username>
  • Password: <AAISP VDSL password>

Click Apply and you should see PPPoE Status switch to connected in a few seconds. Your internet connection is usable on the AAISP connection now.

Stop ether2 being special, and de-bond it from the LAN bridge

Click New Terminal in WinBox and run the following commands:

/interface list
add name=AAISP
add name=Virgin

/ip address
add address=192.168.88.1/24 comment="lan ip" interface=ether5 network=\
    192.168.88.0
remove 0

At this point you will be disconnected and will need to reboot the router (do not do a factory reset though, just unplug it and plug it back in again!).

Reconnect in WinBox, and continue:

/interface bridge port
remove 0

/interface list
add name=AAISP
add name=Virgin

/interface list member
add interface=pppoe-out1 list=AAISP
add interface=ether1 list=AAISP
add interface=ether2 list=Virgin

/ip dhcp-client
add comment="virgin dhcp client" default-route-distance=2 \
    dhcp-options=hostname,clientid disabled=no interface=ether2

Wait a few seconds, then:

/ip dhcp-client print

Should show your Virgin IP.

/ip route print

Should show both routes, with the Virgin connection at distance 2:

Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m -
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          pppoe-out1                1
 1  DS  0.0.0.0/0                          XXX                       2
 2 ADC  XXX/22             XXX             ether2                    0
 3 ADC  YYY/32             YYY             pppoe-out1                0
 4 ADC  192.168.88.0/24    192.168.88.1    bridge                    0

Now, configure NAT and firewall for the virgin connection:

# virgin firewall+nat
/ip firewall filter
add action=drop chain=forward comment=\
    "drop all from Virgin not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=Virgin
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade for Virgin" \
    ipsec-policy=out,none out-interface-list=Virgin

On a machine on your network, run:

mtr google.com

Now, test disabling the AAISP PPPoE connection.

/interface pppoe-client disable 0

You may need to ^C the mtr and run it again.

Re-enable it:

/interface pppoe-client enable 0

You should see the route switch between AAISP and Virgin, yay!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment