返回列表 發帖
角色

Rank: 2
1# 跳轉到 » 倒序看帖
打印
tT
發表於 2018-5-3 22:46 | 顯示全部帖子

FastTrack with some VPN exceptions

本帖最後由 角色 於 2018-5-8 09:50 編輯

Since there are problem when your RouterOS is configured as VPN client to the remote VPN server, you need to disable the FastTrack function in the firewall filter section. The maximum speed for single TCP stream will be reduced by half. In order to overcome this issue, you need to add FastTrack exception rule.

The following link(s) to give me some idea to configure. You may get more using the key words "RouterOS FastTrack and VPN"

https://forum.mikrotik.com/viewt ... hilit=sindy#p659631

https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack
https://forum.mikrotik.com/viewtopic.php?t=123251
https://forum.mikrotik.com/viewtopic.php?p=479776#p479776
https://forum.mikrotik.com/viewtopic.php?t=112235

https://schemen.me/mikrotik-fast-track-that-excludes-ipsec/
https://www.manitonetworks.com/m ... rack-firewall-rules
https://www.timigate.com/2018/01 ... ack-connection.html
收藏 分享

角色

Rank: 2
2#
發表於 2018-5-5 09:54 | 顯示全部帖子
下面的帖子有关于FastTrack的信息,不错。

https://forum.mikrotik.com/viewtopic.php?f=2&t=133997

TOP

角色

Rank: 2
3#
發表於 2018-5-6 20:34 | 顯示全部帖子
你是否有Disabled FastTrack?

TOP

角色

Rank: 2
4#
發表於 2018-5-8 23:07 | 顯示全部帖子
If fasttrack enabled and want to exclude something, please read

https://forum.mikrotik.com/viewtopic.php?t=107201#p532865

TOP

角色

Rank: 2
5#
發表於 2018-5-9 02:28 | 顯示全部帖子
现在又enabled fasttrack rules,但是有加了exclude rules 就是rules 7 and 8 (就是在Fasttrack rules之前先accept VPN的packets,走slow path),其他走fast path。
  1. 7    ;;; VPN HK
  2.       chain=forward action=accept connection-state=established,related in-interface=bridge-HK log=no log-prefix=""

  4. 8    chain=forward action=accept connection-state=established,related out-interface=bridge-HK log=no log-prefix=""

  6. 9    ;;; defconf: fasttrack
  7.       chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=""

  9. 10    ;;; defconf: accept established,related, untracked
  10.       chain=forward action=accept connection-state=established,related,untracked log=no log-prefix=""
複製代碼
之前发现不能用VPN,需要disable fasttrack,但是平时的throughput减半,经过问MikroTik Support后,和看看下面的帖子

https://forum.mikrotik.com/viewtopic.php?t=107201#p532865

把interface bridge-HK放入fasttrack enable之前,不需要走fasttrack后,现在效果非常好!

VPN能正常使用,而平时的throughput都可以full speed 941Mbps。

加了以后,VPN能正常使用,而WAN->LAN有941Mbps。效果非常好!

哈哈!现在用得非常爽。

TOP

返回列表