Mark routing, nefunkcne vpn do lan

nordscan

Zdravim vas,

RB3011UiAS
os: 6.46.1

Mal som nastavene Lan to Wan, + VPN
ked sa klient pripojil cez VPN islo vsetko ok, videl pc v lan, a von isiel cez VPN IP
nasledne som pridava druhu Wan
a nastavil mark routing
A VPN my momentalne funguje tak, ze sa pripojim, do internetu idem OK ale nevidim ziadne PC na sieti
Co mam zle??

na VPN mam standartne maskaradu
/ip firewall nat add action=masquerade chain=srcnat out-interface=ether10 src-address=\ 192.168.0.0/22 add action=masquerade chain=srcnat comment="defconf: masquerade" \ out-interface=ether1 src-address=192.168.0.0/22 add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\ 192.168.89.0/24

Mark routing

/ip firewall address-list
add address=192.168.1.3 list=Use_WAN1
add address=192.168.1.7 list=Use_WAN1
add address=192.168.1.11 list=Use_WAN1
add address=192.168.0.0/22 list=Use_WAN2
add address=192.168.89.0/24 list=Use_WAN2 comment=VPN

/ip firewall mangle
add action=mark-routing chain=prerouting comment="Use WAN1" disabled=no log=no log-prefix="" new-routing-mark=To_WAN1 passthrough=no src-address-list=Use_WAN1
add action=mark-routing chain=prerouting comment="Use WAN2" disabled=no log=no log-prefix="" new-routing-mark=To_WAN2 passthrough=no src-address-list=Use_WAN2

/ip firewall nat
add action=masquerade chain=srcnat disabled=no log=no log-prefix="" out-interface=ether1 src-address=192.168.0.0/22
add action=masquerade chain=srcnat disabled=no log=no log-prefix="" out-interface=ether10 src-address=192.168.0.0/22

/ip route
add distance=1 gateway=18x.xxx.xxx.xxx routing-mark=To_WAN1
add distance=1 gateway=192.168.40.1 routing-mark=To_WAN2

matrix

skusil by som este pred tie dve mangle pravidla dat toto:

/ip firewall mangle add action=accept chain=prerouting comment="Local to Local" disabled=no log=no log-prefix="" src-address="192.168.0.0/22" dst-address="192.168.0.0/22"