工作室软路由购买、定制配置、远程支持可联系18860119524(微信同号)
天翼云注册:中国电信天翼云-代理商中心
若是pptp|sstp|ovpn的話,只要用負載均衡就能控制。以sstp client為例:
/interface sstp-client
add authentication=mschap2 connect-to=vpn123.org name=sstp-out1 \
profile=default-encryption user=123 password=123
add authentication=mschap2 connect-to=vpn123.org name=sstp-out2 \
profile=default-encryption user=123 password=123
add authentication=mschap2 connect-to=vpn123.org name=sstp-out3 \
profile=default-encryption user=123 password=123
/ip firewall address-list
add list=vpn123 address=vpn123.org
/ip firewall mangle
add action=mark-routing chain=output dst-address-list=vpn123 dst-port=443 \
protocol=tcp new-routing-mark=pppoe1 per-connection-classifier=src-port:3/0
add action=mark-routing chain=output dst-address-list=vpn123 dst-port=443 \
protocol=tcp new-routing-mark=pppoe2 per-connection-classifier=src-port:3/1
add action=mark-routing chain=output dst-address-list=vpn123 dst-port=443 \
protocol=tcp new-routing-mark=pppoe3 per-connection-classifier=src-port:3/2
/ip route
add distance=1 gateway=pppoe-out1 routing-mark=pppoe1
add distance=1 gateway=pppoe-out2 routing-mark=pppoe2
add distance=1 gateway=pppoe-out3 routing-mark=pppoe3
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2
add action=masquerade chain=srcnat out-interface=pppoe-out3
---------------------------------
難搞的是l2tp,
原因是本地與對端的port號都不會因重新撥號變換,無法透過負載均衡的方式,
需要透過script修改策略標記才行。
/interface l2tp-client
add connect-to=vpn123.org ipsec-secret=123 name=l2tp-out1 \
profile=default-encryption use-ipsec=yes user=123 password=123
add connect-to=vpn123.org ipsec-secret=123 name=l2tp-out2 \
profile=default-encryption use-ipsec=yes user=123 password=123
add connect-to=vpn123.org ipsec-secret=123 name=l2tp-out3 \
profile=default-encryption use-ipsec=yes user=123 password=123
/ip firewall address-list
add list=vpn123 address=vpn123.org
/ip firewall mangle
add action=mark-routing chain=output dst-address-list=vpn123 \
protocol=udp dst-port=1701,500,4500 new-routing-mark=pppoe1
/ip route
add distance=1 gateway=pppoe-out1 routing-mark=pppoe1
add distance=1 gateway=pppoe-out2 routing-mark=pppoe2
add distance=1 gateway=pppoe-out3 routing-mark=pppoe3
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2
add action=masquerade chain=srcnat out-interface=pppoe-out3
/system scheduler
add interval=20s name=vpn123 start-date=nov/26/2019 start-time=00:00:00 \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
on-event=":local sec [:pick [/system clock get time] 6 8]\r\
\n\r\
\n:local sw1 (![/interface get l2tp-out1 disabled])\r\
\n:local sw2 (![/interface get l2tp-out2 disabled])\r\
\n:local sw3 (![/interface get l2tp-out3 disabled])\r\
\n\r\
\n:local sw1r [/interface get l2tp-out1 running]\r\
\n:local sw2r [/interface get l2tp-out2 running]\r\
\n:local sw3r [/interface get l2tp-out3 running]\r\
\n\r\
\n:local id [/ip firewall mangle find chain=output dst-address-list=vpn123]\r\
\n\r\
\n:if (!\$sw1r && \$sec<20) do={\r\
\n :if (!\$sw1) do={/interface enable l2tp-out1}\r\
\n :if (!\$sw2r && \$sw2) do={/interface disable l2tp-out2}\r\
\n :if (!\$sw3r && \$sw3) do={/interface disable l2tp-out3}\r\
\n /ip firewall mangle set \$id new-routing-mark=\"pppoe1\"\r\
\n}\r\
\n\r\
\n:if (!\$sw2r && \$sec>19 && \$sec<40) do={\r\
\n :if (!\$sw1r && \$sw1) do={/interface disable l2tp-out1}\r\
\n :if (!\$sw2) do={/interface enable l2tp-out2}\r\
\n :if (!\$sw3r && \$sw3) do={/interface disable l2tp-out3}\r\
\n /ip firewall mangle set \$id new-routing-mark=\"pppoe2\"\r\
\n}\r\
\n\r\
\n:if (!\$sw3r && \$sec>39) do={\r\
\n :if (!\$sw1r && \$sw1) do={/interface disable l2tp-out1}\r\
\n :if (!\$sw2r && \$sw2) do={/interface disable l2tp-out2}\r\
\n :if (!\$sw3) do={/interface enable l2tp-out3}\r\
\n /ip firewall mangle set \$id new-routing-mark=\"pppoe3\"\r\
\n}\r\
\n"
1245
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
